From i.like.guinness at gmail.com Sat Aug 1 01:24:38 2009 From: i.like.guinness at gmail.com (shawn mccarthy) Date: Fri, 31 Jul 2009 21:24:38 -0400 Subject: An Introduction Message-ID: Hello All, My name is Shawn, I have just recently joined the fedora infrastructure list. I have been working for Linux and Unix Operating systems for about 10 years as both an administrator and developer. As an administrator I have been part of teams that were responsible for managing large internet service application, monitoring of systems from end-to-end. As a Developer I have worked in Java, c/c++, perl, shell scripts, and more recently python/jython. I am currently reading about scripting languages in Java and collective intelligence. I want to get more involved in the Fedora project as I have been using the product on and off for about 4 years and I really like the distribution. I enjoy working on projects and figured I could give at least 5 hours or so a week to help out. Thanks, Shawn -- majority rules, don't work in mental institutions.... -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonstanley at gmail.com Sat Aug 1 05:01:32 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Sat, 1 Aug 2009 01:01:32 -0400 Subject: Mailing list migration procedures Message-ID: I'd like some mailman experts (if we have any) to take a look at this procedure to migrate lists from redhat.com to lists.fp.o and let me know if there's something obviously missing from it or if there's some way that it can be improved. Feel free to make any edits you deem necessary. https://fedoraproject.org/wiki/Mailman_Infrastructure_SOP#Mailman_migration From Matt_Domsch at dell.com Sat Aug 1 14:12:30 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Sat, 1 Aug 2009 09:12:30 -0500 Subject: Mailing list migration procedures In-Reply-To: References: Message-ID: <20090801141229.GA28345@mock.linuxdev.us.dell.com> On Sat, Aug 01, 2009 at 01:01:32AM -0400, Jon Stanley wrote: > I'd like some mailman experts (if we have any) to take a look at this > procedure to migrate lists from redhat.com to lists.fp.o and let me > know if there's something obviously missing from it or if there's some > way that it can be improved. Feel free to make any edits you deem > necessary. > > https://fedoraproject.org/wiki/Mailman_Infrastructure_SOP#Mailman_migration I added a couple notes about _not_ regenerating the archives, and handling the forwards from Red Hat. -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From jonstanley at gmail.com Sat Aug 1 16:43:04 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Sat, 1 Aug 2009 12:43:04 -0400 Subject: Mailing list migration procedures In-Reply-To: <20090801141229.GA28345@mock.linuxdev.us.dell.com> References: <20090801141229.GA28345@mock.linuxdev.us.dell.com> Message-ID: On Sat, Aug 1, 2009 at 10:12 AM, Matt Domsch wrote: > I added a couple notes about _not_ regenerating the archives, and > handling the forwards from Red Hat. Good catch. I assumed that RHT would be willing to continue hosting the archives for the old lists for an indefinite period, and that any new links that folks make would obviously point to the new archives. If we just take the HTML from Red Hat without regenerating it so that the old filenames work, then I fear that some of the links in the HTML might not work (particularly to attachments, if there were any) From Matt_Domsch at Dell.com Sun Aug 2 05:35:02 2009 From: Matt_Domsch at Dell.com (Domsch, Matt) Date: Sun, 2 Aug 2009 00:35:02 -0500 Subject: Handling Undeliverable mail messages Message-ID: <20090802053501.GA8491@mock.linuxdev.us.dell.com> 1) typo "Mistmatch" in the subject line of these messages: Subject: Undeliverable: Fedora Account System and Bugzilla Mistmatch 2) an insane number of these messages are being sent each day. There must be a better way to handle this. -Matt ----- Forwarded message from System Administrator ----- Delivered-To: admin at fedoraproject.org Auto-Submitted: auto-generated (failure) Subject: Undeliverable: Fedora Account System and Bugzilla Mistmatch Date: Sat, 1 Aug 2009 22:10:21 -0500 Thread-Topic: Fedora Account System and Bugzilla Mistmatch From: System Administrator To: "Domsch, Matt" Your message To: bkonrath at redhat.com; bkonrath at redhat.com Subject: Fedora Account System and Bugzilla Mistmatch Sent: Sat, 1 Aug 2009 22:10:07 -0500 did not reach the following recipient(s): bkonrath at redhat.com on Sat, 1 Aug 2009 22:10:12 -0500 The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. < mx2.util.phx.redhat.com #5.1.1 SMTP; 550 5.1.1 ... User unknown> Reporting-MTA: dns; ausx3mps307.aus.amer.dell.com Final-Recipient: RFC822; bkonrath at redhat.com Action: failed Status: 5.1.1 X-Supplementary-Info: < mx2.util.phx.redhat.com #5.1.1 SMTP; 550 5.1.1 ... User unknown> X-Display-Name: bkonrath at redhat.com Subject: Fedora Account System and Bugzilla Mistmatch Date: Sat, 1 Aug 2009 22:10:07 -0500 Thread-Topic: Fedora Account System and Bugzilla Mistmatch From: admin at fedoraproject.org To: bkonrath at redhat.com, bkonrath at redhat.com Hello Ben Konrath, As a Fedora packager, we grant you permissions to make changes to bugs in bugzilla to all Fedora bugs. This lets you work together with other Fedora developers in an easier fashion. However, to enable this functionality, we need to have your bugzilla email address stored in the Fedora Account System. At the moment you have: bkonrath at redhat.com which bugzilla is telling us is not an account in bugzilla. If you could please set up an account in bugzilla with this address or change your email address on your Fedora Account to match an existing bugzilla account this would let us go forward. Note: this message is being generated by an automated script. You'll continue getting this message until the problem is resolved. Sorry for the inconvenience. Thank you, The Fedora Account System admin at fedoraproject.org ----- End forwarded message ----- -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From sundaram at fedoraproject.org Sun Aug 2 05:34:43 2009 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Sun, 02 Aug 2009 11:04:43 +0530 Subject: Mailing list migration procedures In-Reply-To: References: Message-ID: <4A752573.6040501@fedoraproject.org> On 08/01/2009 10:31 AM, Jon Stanley wrote: > I'd like some mailman experts (if we have any) to take a look at this > procedure to migrate lists from redhat.com to lists.fp.o and let me > know if there's something obviously missing from it or if there's some > way that it can be improved. Feel free to make any edits you deem > necessary. > > https://fedoraproject.org/wiki/Mailman_Infrastructure_SOP#Mailman_migration Have you thought whether a reorganization is desirable while migrating? Some of the lists are misnamed and inconsistent. fedora-devel-java-list vs fedora-perl-devel-list. Some of them have -list in their names and others do not. Might want to discuss which ones are worth carrying over vs leaving behind (fedora-xen list for ex has been superseded by fedora-virt list) Rahul From bashton at brennanashton.com Sun Aug 2 07:43:20 2009 From: bashton at brennanashton.com (Brennan Ashton) Date: Sun, 2 Aug 2009 00:43:20 -0700 Subject: Handling Undeliverable mail messages In-Reply-To: <20090802053501.GA8491@mock.linuxdev.us.dell.com> References: <20090802053501.GA8491@mock.linuxdev.us.dell.com> Message-ID: <981da310908020043y573491ck2412fed71c391c5d@mail.gmail.com> On Sat, Aug 1, 2009 at 10:35 PM, Domsch, Matt wrote: > 1) typo "Mistmatch" in the subject line of these messages: > ?Subject: Undeliverable: Fedora Account System and Bugzilla Mistmatch > > 2) an insane number of these messages are being sent each day. ?There > ? must be a better way to handle this. > > -Matt > > ----- Forwarded message from System Administrator ----- > > Delivered-To: admin at fedoraproject.org > Auto-Submitted: auto-generated (failure) > Subject: Undeliverable: Fedora Account System and Bugzilla Mistmatch > Date: Sat, 1 Aug 2009 22:10:21 -0500 > Thread-Topic: Fedora Account System and Bugzilla Mistmatch > From: System Administrator > To: "Domsch, Matt" > > Your message > > ?To: ? ? ?bkonrath at redhat.com; bkonrath at redhat.com > ?Subject: Fedora Account System and Bugzilla Mistmatch > ?Sent: ? ?Sat, 1 Aug 2009 22:10:07 -0500 > > did not reach the following recipient(s): > > bkonrath at redhat.com on Sat, 1 Aug 2009 22:10:12 -0500 > ? ?The e-mail account does not exist at the organization this message > was sent to. ?Check the e-mail address, or contact the recipient > directly to find out the correct address. > ? ?< mx2.util.phx.redhat.com #5.1.1 SMTP; 550 5.1.1 > ... User unknown> > > Reporting-MTA: dns; ausx3mps307.aus.amer.dell.com > > Final-Recipient: RFC822; bkonrath at redhat.com > Action: failed > Status: 5.1.1 > X-Supplementary-Info: < mx2.util.phx.redhat.com #5.1.1 SMTP; 550 5.1.1 ... User unknown> > X-Display-Name: bkonrath at redhat.com > > Subject: Fedora Account System and Bugzilla Mistmatch > Date: Sat, 1 Aug 2009 22:10:07 -0500 > Thread-Topic: Fedora Account System and Bugzilla Mistmatch > From: admin at fedoraproject.org > To: bkonrath at redhat.com, bkonrath at redhat.com > > ? Hello Ben Konrath, > > ? As a Fedora packager, we grant you permissions to make changes to bugs in > ? bugzilla to all Fedora bugs. ?This lets you work together with other > ? Fedora > ? developers in an easier fashion. ?However, to enable this functionality, > ? we > ? need to have your bugzilla email address stored in the Fedora Account > ? System. > ? At the moment you have: > > ? ? ? bkonrath at redhat.com > > ? which bugzilla is telling us is not an account in bugzilla. ?If you could > ? please set up an account in bugzilla with this address or change your > ? email > ? address on your Fedora Account to match an existing bugzilla account this > ? would > ? let us go forward. > > ? Note: this message is being generated by an automated script. ?You'll > ? continue > ? getting this message until the problem is resolved. ?Sorry for the > ? inconvenience. > > ? Thank you, > ? The Fedora Account System > ? admin at fedoraproject.org > > > ----- End forwarded message ----- > > -- > Matt Domsch > Technology Strategist, Dell Office of the CTO > linux.dell.com & www.dell.com/linux > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > This might be slightly off the topic, but I think it relates to the reported issue in the bounced email. I have been noticing that when I run this script: from bugzilla import Bugzilla from fedora.client import AccountSystem url = 'https://bugzilla.redhat.com/xmlrpc.cgi' fasUsername = #replace with real values fasPassword = #replace with real values bz = Bugzilla(url=url) fas = AccountSystem(username=fasUsername,password=fasPassword) emails = [elem['bugzilla_email'] for elem in fas.people_by_groupname('triagers')] triagers = [] for email in emails: try: name = triagers.append(bz._proxy.User.get({'names':[email],'include_fields':['real_name']})) except: print email + " not found" That somehow some people have bug privileges in FAS and in there BZ account but the two can no longer be connected. Thanks, Brennan Ashton From jonstanley at gmail.com Sun Aug 2 23:52:51 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Sun, 2 Aug 2009 19:52:51 -0400 Subject: Mailing list migration procedures In-Reply-To: <4A752573.6040501@fedoraproject.org> References: <4A752573.6040501@fedoraproject.org> Message-ID: On Sun, Aug 2, 2009 at 1:34 AM, Rahul Sundaram wrote: > Have you thought whether a reorganization is desirable while migrating? Yes, note the section in the document about renaming lists. I wasn't very verbose in there about why you'd want to do that, maybe I was in an earlier draft :). But the words 'fedora' and 'list' should never appear in the list name - it's obvious that it's a list from the domain name (lists.fp.o), as well as it has to do with Fedora (neither of these were true of the lists @redhat.com). The two examples that you cited above would be renamed perl-devel and java-devel, at least that's what makes sense to me. From smooge at gmail.com Mon Aug 3 00:59:13 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Sun, 2 Aug 2009 18:59:13 -0600 Subject: August 2nd Systems Updated Message-ID: <80d7e4090908021759w7843622fmfa2cd2a7b862d1f5@mail.gmail.com> Systems updated: ==================== app1 app2 app3 app4 app5 app6 asterisk1 bapp1 bastion bastion2 collab1 collab2 db1 db2 db3 fas1 fas2 hosted1 hosted2 ibiblio1 log1 memcached1 memcached2 nfs1 noc1 noc2 people1 proxy1 proxy2 proxy3 proxy4 proxy5 serverbeach2 serverbeach3 serverbeach4 serverbeach5 telia1 value1 value2 xen1 xen10 xen11 xen12 xen13 xen14 xen15 xen2 xen3 xen4 xen5 xen6 xen7 xen8 xen9 xenbuilder2 xenbuilder4 Systems Skipped: ==================== ppc3 ppc7 ppc2 ppc4 ppc5 publictest16 publictest14 koji2 publictest15 ppc8 ppc10 ppc9 ppc6 buildsys koji1 x86-3 x86-6 x86-7 x86-2 releng2 releng1 kojipkgs1 x86-5 x86-1 x86-4 publictest3 sync2 cvs1 relepel1 secondary1 -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning From red at fedoraproject.org Mon Aug 3 05:15:37 2009 From: red at fedoraproject.org (Sandro "red" Mathys) Date: Mon, 3 Aug 2009 07:15:37 +0200 Subject: Mailing list migration procedures In-Reply-To: References: <4A752573.6040501@fedoraproject.org> Message-ID: On Mon, Aug 3, 2009 at 1:52 AM, Jon Stanley wrote: > But the words 'fedora' and 'list' should never > appear in the list name so, fedora-list@ will become -@ or null@? ;) -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonstanley at gmail.com Mon Aug 3 05:23:56 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Mon, 3 Aug 2009 01:23:56 -0400 Subject: Mailing list migration procedures In-Reply-To: References: <4A752573.6040501@fedoraproject.org> Message-ID: On Mon, Aug 3, 2009 at 1:15 AM, Sandro "red" Mathys wrote: > so, fedora-list@ will become -@ or null@? ;) Obviously not :). I was thinking of like users@ :) From abraxis at telkomsa.net Mon Aug 3 06:05:41 2009 From: abraxis at telkomsa.net (Neil Thompson) Date: Mon, 3 Aug 2009 08:05:41 +0200 Subject: Mailing list migration procedures In-Reply-To: References: <4A752573.6040501@fedoraproject.org> Message-ID: <20090803060541.GI12613@wol.32.boerneef.vornavalley> On Mon, Aug 03, 2009 at 01:23:56AM -0400, Jon Stanley wrote: > On Mon, Aug 3, 2009 at 1:15 AM, Sandro "red" > Mathys wrote: > > > so, fedora-list@ will become -@ or null@? ;) > > Obviously not :). I was thinking of like users@ :) > Please, please, please, send out, well in advance of the change, a final list of the before and after List-IDs so that those of us who use procmail or any similar program to classify our email are not caught flat-footed. Thanks -- Cheers! (Relax...have a homebrew) Neil ...aliquando et insanire iucundum est. -- Lucius Annaeus Seneca From sundaram at fedoraproject.org Mon Aug 3 08:21:17 2009 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Mon, 03 Aug 2009 13:51:17 +0530 Subject: Mailing list migration procedures In-Reply-To: References: <4A752573.6040501@fedoraproject.org> Message-ID: <4A769DFD.6000606@fedoraproject.org> On 08/03/2009 05:22 AM, Jon Stanley wrote: > On Sun, Aug 2, 2009 at 1:34 AM, Rahul Sundaram > >> Have you thought whether a reorganization is desirable while migrating? > > Yes, note the section in the document about renaming lists. I wasn't > very verbose in there about why you'd want to do that, maybe I was in > an earlier draft :). But the words 'fedora' and 'list' should never > appear in the list name - it's obvious that it's a list from the > domain name (lists.fp.o), as well as it has to do with Fedora (neither > of these were true of the lists @redhat.com). > > The two examples that you cited above would be renamed perl-devel and > java-devel, at least that's what makes sense to me. In that case a final list of what lists are going to be migration and what they would be called, long before you initiate the migration would be very helpful. Post to fedora advisory board or fedora-devel list to make sure others have a opportunity to chime on it. Rahul From notting at redhat.com Mon Aug 3 15:45:08 2009 From: notting at redhat.com (Bill Nottingham) Date: Mon, 3 Aug 2009 11:45:08 -0400 Subject: Mailing list migration procedures In-Reply-To: References: Message-ID: <20090803154508.GJ28965@nostromo.devel.redhat.com> Jon Stanley (jonstanley at gmail.com) said: > I'd like some mailman experts (if we have any) to take a look at this > procedure to migrate lists from redhat.com to lists.fp.o and let me > know if there's something obviously missing from it or if there's some > way that it can be improved. Feel free to make any edits you deem > necessary. > > https://fedoraproject.org/wiki/Mailman_Infrastructure_SOP#Mailman_migration My concern is more procedural than infrastructural - I'd like to make sure we schedule the mass migration in such a way that it does not heavily disrupt development schedules; generally, this would mean doing it sometime after a release but before the alpha of the next release. Bill From a.badger at gmail.com Mon Aug 3 16:55:51 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Mon, 03 Aug 2009 09:55:51 -0700 Subject: Handling Undeliverable mail messages In-Reply-To: <20090802053501.GA8491@mock.linuxdev.us.dell.com> References: <20090802053501.GA8491@mock.linuxdev.us.dell.com> Message-ID: <4A771697.1030309@gmail.com> Sorry, I'm not receiving these bounces for some reason :-( On 08/01/2009 10:35 PM, Domsch, Matt wrote: > 1) typo "Mistmatch" in the subject line of these messages: > Subject: Undeliverable: Fedora Account System and Bugzilla Mistmatch > > 2) an insane number of these messages are being sent each day. There > must be a better way to handle this. There's no easy way to fix this generically as the script doesn't know whether the email address is good or not. ricky has changed this to send to nobody+1 at fedoraproject.org so that we stop getting bounces from bkonrath. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From a.badger at gmail.com Mon Aug 3 17:02:09 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Mon, 03 Aug 2009 10:02:09 -0700 Subject: Handling Undeliverable mail messages In-Reply-To: <981da310908020043y573491ck2412fed71c391c5d@mail.gmail.com> References: <20090802053501.GA8491@mock.linuxdev.us.dell.com> <981da310908020043y573491ck2412fed71c391c5d@mail.gmail.com> Message-ID: <4A771811.3010208@gmail.com> On 08/02/2009 12:43 AM, Brennan Ashton wrote: > > This might be slightly off the topic, but I think it relates to the > reported issue in the bounced email. I have been noticing that when I > run this script: > > from bugzilla import Bugzilla > from fedora.client import AccountSystem > > url = 'https://bugzilla.redhat.com/xmlrpc.cgi' > fasUsername = #replace with real values > fasPassword = #replace with real values > bz = Bugzilla(url=url) > fas = AccountSystem(username=fasUsername,password=fasPassword) > emails = [elem['bugzilla_email'] for elem in > fas.people_by_groupname('triagers')] > triagers = [] > for email in emails: > try: > name = triagers.append(bz._proxy.User.get({'names':[email],'include_fields':['real_name']})) > except: > print email + " not found" > > That somehow some people have bug privileges in FAS and in there BZ > account but the two can no longer be connected. > This isn't supposed to happen but the coupling between FAS and bugzilla is loose enough that I can see where a bug could let it happen. There's logic in FAS to add a user to a special table, bugzilla_queue if they belong to the fedorabugs group and their email address changes. It's supposed to remove the fedora_contrib permissions from the old email and add them to the new one. There could be a breakdown either in adding to the bugzilla_queue table or in the cron job that processes that table (export_bugzilla). Note that at one time triagers were manually added to fedora_bugs. This isn't a remnant of that, is it? -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From jlaska at redhat.com Mon Aug 3 20:34:50 2009 From: jlaska at redhat.com (James Laska) Date: Mon, 03 Aug 2009 16:34:50 -0400 Subject: RFR: Hosting for AutoQA test hardware Message-ID: <1249331690.2812.866.camel@flatline.devel.redhat.com> Ticket filed at https://fedorahosted.org/fedora-infrastructure/ticket/1579 == Project Sponsor == * '''Name''': James Laska * '''Fedora Account Name''': jlaska * '''Group''': Fedora QA Admin Group * '''Infrastructure Sponsor''': Mike McGrath and Jesse Keating == Secondary Contact info == * '''Name''': Will Woods * '''Fedora Account Name''': wwoods * '''Group''': Fedora QA Admin Group == Project Info == * '''Project Name''': AutoQA * '''Target Audience''': Consumers of Fedora rawhide interested in automated daily test result presentation * '''Expiration/Delivery Date (required)''': 2009-09-10 * '''Description/Summary''': Test hardware for AutoQA project * '''Project plan (Detailed)''': See https://fedorahosted.org/autoqa/milestone/israwhidebroken.com * '''Goals''': The first major milestone is to provide public review of daily rawhide test results intended to satisfy the question: ''Is rawhide broken?'' To satisfy this, we are using an autotest server along with bare metal test client systems. == Specific resources needed == * Server - Virt system with access to mysql database and the following packages installed: * autotest, autoqa, Django * Clients - Bare metal hardware intended to run tests scheduled by autotest Server. * Existing hardware to be shipped to fedora-infrastructure * 2 x 1U HP Proliant DL360 * Requirements for hardware: * Network power support needed * Remote console needed (iLO available on systems) == Additional Info (Optional) == * In the process of securing 2 additional rackable server systems to deliver to infrastructure. '''Planned''' specs: * Form factor: 1U or 2U * CPU: At ''least'' dual quad-core * Memory: At ''least'' 16Gib * Disk: 2 250G disks -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From smooge at gmail.com Tue Aug 4 02:40:41 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Mon, 3 Aug 2009 20:40:41 -0600 Subject: Purged 2 tapes Message-ID: <80d7e4090908031940n5862642eg6643a7eba56c96e5@mail.gmail.com> I purged two tapes so that we had some 'room' on the backups The tapes were the 2 oldest (10 days ago). -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning From smooge at gmail.com Tue Aug 4 02:54:38 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Mon, 3 Aug 2009 20:54:38 -0600 Subject: Purged 2 tapes In-Reply-To: <80d7e4090908031940n5862642eg6643a7eba56c96e5@mail.gmail.com> References: <80d7e4090908031940n5862642eg6643a7eba56c96e5@mail.gmail.com> Message-ID: <80d7e4090908031954o3c849662l7f6559a22de689e6@mail.gmail.com> On Mon, Aug 3, 2009 at 8:40 PM, Stephen John Smoogen wrote: > I purged two tapes so that we had some 'room' on the backups The tapes > were the 2 oldest (10 days ago). > MediaID 74 and 84 that is. MediaID 82 is listed as Recycling which seems to mean BAD :). > Stephen J Smoogen. > > Ah, but a man's reach should exceed his grasp. Or what's a heaven for? > -- Robert Browning > -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning From mmcgrath at redhat.com Tue Aug 4 04:38:29 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 3 Aug 2009 23:38:29 -0500 (CDT) Subject: Purged 2 tapes In-Reply-To: <80d7e4090908031954o3c849662l7f6559a22de689e6@mail.gmail.com> References: <80d7e4090908031940n5862642eg6643a7eba56c96e5@mail.gmail.com> <80d7e4090908031954o3c849662l7f6559a22de689e6@mail.gmail.com> Message-ID: On Mon, 3 Aug 2009, Stephen John Smoogen wrote: > On Mon, Aug 3, 2009 at 8:40 PM, Stephen John Smoogen wrote: > > I purged two tapes so that we had some 'room' on the backups The tapes > > were the 2 oldest (10 days ago). > > > > MediaID 74 and 84 that is. MediaID 82 is listed as Recycling which > seems to mean BAD :). > Does anyone happen to know how to say "the last job of X was bad, please purge any tapes that were associated with this job but no others. /mnt/koji is often spanning multiple tapes so when it fails it's hard to say "all of this data isn't that useful anyway, please delete it and re-use it" -Mike > > > Stephen J Smoogen. > > > > Ah, but a man's reach should exceed his grasp. Or what's a heaven for? > > -- Robert Browning > > > > > > -- > Stephen J Smoogen. > > Ah, but a man's reach should exceed his grasp. Or what's a heaven for? > -- Robert Browning > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From johnp at redhat.com Tue Aug 4 22:20:40 2009 From: johnp at redhat.com (John Palmieri) Date: Tue, 4 Aug 2009 18:20:40 -0400 (EDT) Subject: Messaging SIG - proposal for our notification infrastructure In-Reply-To: <1549829191.468481249424058619.JavaMail.root@zmail04.collab.prod.int.phx2.redhat.com> Message-ID: <1195178098.468621249424440134.JavaMail.root@zmail04.collab.prod.int.phx2.redhat.com> Hey everyone. I put up a proposal[1] that describes a publish/subscribe setup for the infrastructure wide notification system. I haven't quite gotten to the publish side of things because the QMF docs get a little hazy there but the meat of the proposal is there and I wanted to get feedback sooner than later. An event/notification system is important to the work I need to do going forward. I specifically avoided method invocation and properties/statistics as they can be added in a later round if we feel we need them. I do feel statistics might be nice (for instance keeping track of information that is expensive to do via a query but cheap to update based on events) but they are a bonus that we don't need right away. [1] https://fedoraproject.org/wiki/Messaging_SIG/PublishSubscribeNotificationProposal -- John (J5) Palmieri Software Engineer Red Hat, Inc. From jkeating at redhat.com Tue Aug 4 22:29:20 2009 From: jkeating at redhat.com (Jesse Keating) Date: Tue, 04 Aug 2009 15:29:20 -0700 Subject: Messaging SIG - proposal for our notification infrastructure In-Reply-To: <1195178098.468621249424440134.JavaMail.root@zmail04.collab.prod.int.phx2.redhat.com> References: <1195178098.468621249424440134.JavaMail.root@zmail04.collab.prod.int.phx2.redhat.com> Message-ID: <1249424960.18316.69.camel@localhost.localdomain> On Tue, 2009-08-04 at 18:20 -0400, John Palmieri wrote: > > [1] > https://fedoraproject.org/wiki/Messaging_SIG/PublishSubscribeNotificationProposal Thanks for moving forward with this. I haven't read the page yet, but I renamed it to fit with the wiki schema we've got going on. I also put it in appropriate categories. https://fedoraproject.org/wiki/Publish_Subscribe_Notification_Proposal -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From satya.komaragiri at gmail.com Wed Aug 5 16:34:30 2009 From: satya.komaragiri at gmail.com (satya komaragiri) Date: Wed, 5 Aug 2009 22:04:30 +0530 Subject: RFR: Hosting for Beacon (DocBook Editor) Testing Message-ID: <146c63b10908050934t24e3a381sd5adbd4fd5ba333b@mail.gmail.com> Ticket filed at: https://fedorahosted.org/fedora-infrastructure/ticket/1580 ==Project Sponsor== Name: Komaragiri Satya Fedora Account Name: satyak Group: Google Summer of Code 2008 Infrastructure Sponsor: None yet. ==Secondary Contact info== Name: Yaakov Nemoy Fedora Account Name: ynemoy Group: hgsmolt ==Project Info== Project Name: Beacon Target Audience: Documentation team and anyone else who wants a WYSIWYM interface for DocBook XML. Expiration/Delivery Date (required): December 31, 2009 Description/Summary: Beacon is a WYSIWYG web-based plug-able editor. Beacon is aimed at being a generic XML editor. Any XML format that has an ultimate output format like PDF or HTML is a good candidate for a beacon-editable document. The GSoC project is to make a DocBook plug-in that the Fedora documentation team can use and improve Beacon to support the richness of DocBook. ==Project plan (Detailed):== The project has been chosen as a Google Summer of Code project for Fedora. We have been working on the DocBook plug-in for 2 months now. The details about the project and the benefits to Fedora can be found on the following links: 1. https://fedoraproject.org/wiki/DocBook_Editor_Documentation 2. https://fedoraproject.org/wiki/DocBook_Editor 3. https://fedoraproject.org/wiki/DocBook_Editor_Feature 4. http://beacon.kix.in/ 4. https://meworkstoo.blogspot.com Currently, we have added support for the essential tag set as discussed with the docs list. We are in the process of integrating Beacon with Zikula and FAS2. We need hosting space so that we can put up a demo for review from the documentation team. It is very essential in order to get quality feedback so we can get it ready for consumption by the end of GSoC period. Goals: Integrate beacon into Fedora in a seamless manner. Get it ready for consumption by the end of GSoC. ==Specific resources needed== 100MB disk space, write access to a directory, 1 MySQL database, PHP5+ compiled with XSL and JSON support. ==Additional Info (Optional)== Links given above. Regards, Satya From kevin at tummy.com Wed Aug 5 18:46:27 2009 From: kevin at tummy.com (Kevin Fenzi) Date: Wed, 5 Aug 2009 12:46:27 -0600 Subject: Mailing list migration procedures In-Reply-To: <20090803154508.GJ28965@nostromo.devel.redhat.com> References: <20090803154508.GJ28965@nostromo.devel.redhat.com> Message-ID: <20090805124627.1533f51f@ohm.scrye.com> On Mon, 3 Aug 2009 11:45:08 -0400 Bill Nottingham wrote: > Jon Stanley (jonstanley at gmail.com) said: > > I'd like some mailman experts (if we have any) to take a look at > > this procedure to migrate lists from redhat.com to lists.fp.o and > > let me know if there's something obviously missing from it or if > > there's some way that it can be improved. Feel free to make any > > edits you deem necessary. > > > > https://fedoraproject.org/wiki/Mailman_Infrastructure_SOP#Mailman_migration > > My concern is more procedural than infrastructural - I'd like to make > sure we schedule the mass migration in such a way that it does not > heavily disrupt development schedules; generally, this would mean > doing it sometime after a release but before the alpha of the next > release. Are we doing a mass migration? Or just migrating lists some at a time as time permits? I can see advantages/disadvantages to both ways, just wondering which we are planning. > > Bill > kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From jonstanley at gmail.com Wed Aug 5 22:43:30 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Wed, 5 Aug 2009 18:43:30 -0400 Subject: Mailing list migration procedures In-Reply-To: <20090805124627.1533f51f@ohm.scrye.com> References: <20090803154508.GJ28965@nostromo.devel.redhat.com> <20090805124627.1533f51f@ohm.scrye.com> Message-ID: On Wed, Aug 5, 2009 at 2:46 PM, Kevin Fenzi wrote: > Are we doing a mass migration? Or just migrating lists some at a time > as time permits? I can see advantages/disadvantages to both ways, just > wondering which we are planning. I was planning on starting small, and adding from there. There's less risk that way. From mmcgrath at redhat.com Thu Aug 6 00:37:30 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 5 Aug 2009 19:37:30 -0500 (CDT) Subject: Messaging SIG - proposal for our notification infrastructure In-Reply-To: <1195178098.468621249424440134.JavaMail.root@zmail04.collab.prod.int.phx2.redhat.com> References: <1195178098.468621249424440134.JavaMail.root@zmail04.collab.prod.int.phx2.redhat.com> Message-ID: On Tue, 4 Aug 2009, John Palmieri wrote: > Hey everyone. I put up a proposal[1] that describes a publish/subscribe setup for the infrastructure wide notification system. I haven't quite gotten to the publish side of things because the QMF docs get a little hazy there but the meat of the proposal is there and I wanted to get feedback sooner than later. An event/notification system is important to the work I need to do going forward. I specifically avoided method invocation and properties/statistics as they can be added in a later round if we feel we need them. I do feel statistics might be nice (for instance keeping track of information that is expensive to do via a query but cheap to update based on events) but they are a bonus that we don't need right away. > > [1] https://fedoraproject.org/wiki/Messaging_SIG/PublishSubscribeNotificationProposal > Hey John, thanks for putting this together. I'm glad I can finally move the messaging infrastructure beyond just an SMTP replacement :) I'd like to get some specific use cases in place on that page too. Also just so I can get a list together, if you're experienced with AMQP just reply to this email with a "I am" so we can discuss security and implementation considerations. -Mike From lmacken at redhat.com Thu Aug 6 14:57:35 2009 From: lmacken at redhat.com (Luke Macken) Date: Thu, 6 Aug 2009 10:57:35 -0400 Subject: Messaging SIG - proposal for our notification infrastructure In-Reply-To: References: <1195178098.468621249424440134.JavaMail.root@zmail04.collab.prod.int.phx2.redhat.com> Message-ID: <20090806145735.GC8189@x300> On Wed, Aug 05, 2009 at 07:37:30PM -0500, Mike McGrath wrote: > On Tue, 4 Aug 2009, John Palmieri wrote: > > > Hey everyone. I put up a proposal[1] that describes a publish/subscribe setup for the infrastructure wide notification system. I haven't quite gotten to the publish side of things because the QMF docs get a little hazy there but the meat of the proposal is there and I wanted to get feedback sooner than later. An event/notification system is important to the work I need to do going forward. I specifically avoided method invocation and properties/statistics as they can be added in a later round if we feel we need them. I do feel statistics might be nice (for instance keeping track of information that is expensive to do via a query but cheap to update based on events) but they are a bonus that we don't need right away. > > > > [1] https://fedoraproject.org/wiki/Messaging_SIG/PublishSubscribeNotificationProposal > > > > Hey John, thanks for putting this together. I'm glad I can finally move > the messaging infrastructure beyond just an SMTP replacement :) I'd like > to get some specific use cases in place on that page too. > > Also just so I can get a list together, if you're experienced with AMQP > just reply to this email with a "I am" so we can discuss security and > implementation considerations. I am :) From smooge at gmail.com Thu Aug 6 20:40:37 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Thu, 6 Aug 2009 14:40:37 -0600 Subject: Outage/Reboot of systems 2009-08-13 1800 UFC Message-ID: <80d7e4090908061340s129ca61cv1336ba3af0f1f3b5@mail.gmail.com> Outage Notification - 2009-08-13 18:00 UTC There will be an outage starting at 2009-08-13 18:00 UTC, which will last approximately 0.5 hours. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2009-08-13 18:00 UTC' Affected Services: CVS / Source Control Database DNS Fedora Hosted Fedora People Fedora Talk Mail Mirror System Torrent Translation Services Websites Unaffected Services: Buildsystem Ticket Link: https://fedorahosted.org/fedora-infrastructure/ticket/1588 Reason for Outage: Kernel upgrades and general system cleanliness. Contact Information: Please join #fedora-admin in irc.freenode.net or respond to this email to track the status of this outage. -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning From ricky at fedoraproject.org Thu Aug 6 21:08:39 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 6 Aug 2009 17:08:39 -0400 Subject: Meeting Log - 2009-08-06 Message-ID: <20090806210839.GA26812@alpha.rzhou.org> 20:01 * skvidal is here 20:01 * nirik nods. 20:01 -!- josedamiangarrid [n=damian at 200.49.17.134] has joined #fedora-meeting 20:01 * LinuxCode 20:01 * SmootherFrOgZ here 20:01 * onekopaka is here 20:01 * dgilmore is here 20:01 < smooge> #startmeeting Fedora Infrastructure 20:01 < zodbot> Meeting started Thu Aug 6 20:01:53 2009 UTC. The chair is smooge. Information about MeetBot at http://wiki.debian.org/MeetBot. 20:01 < zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 20:01 -!- zodbot changed the topic of #fedora-meeting to: (Meeting topic: Fedora Infrastructure) 20:01 * ricky 20:02 < onekopaka> hey. 20:02 * thekad just is 20:02 < smooge> #topic rollcall 20:02 -!- zodbot changed the topic of #fedora-meeting to: rollcall (Meeting topic: Fedora Infrastructure) 20:02 < onekopaka> no. 20:02 -!- stickster_afk is now known as stickster 20:02 * onekopaka 20:02 * LinuxCode 20:02 < smooge> hi guys 20:02 * ricky (again) 20:02 < smooge> sorry.. I got / and # mixed up 20:02 < onekopaka> stickster: are you going to join us? 20:02 < smooge> so I was trying to figure out why /startmeeting wasn't doing anything 20:02 * iarlyy ( learner ) 20:02 < abadger1999> here 20:03 < smooge> hello everyone and thankyou for arriving before I did :) 20:03 * nirik is here in the back 20:03 < abadger1999> Anything for you smooge ;-) 20:03 -!- cweyl|work [n=cweyl at c-69-181-105-172.hsd1.ca.comcast.net] has joined #fedora-meeting 20:04 * sijis is here. 20:04 < dgilmore> smooge: the bill is in the mail 20:04 < skvidal> abadger1999: quit being nice to smooge. He'll get used to it and expect things to be that way 20:04 < smooge> .tiny https://fedorahosted.org/fedora-infrastructure/query?status=new&status=assigned&status=reopened&group=milestone&keywords=%7EMeeting&order=priority 20:04 < zodbot> smooge: http://tinyurl.com/2hyyz6 20:05 < smooge> #topic Important Tickets http://tinyurl.com/2hyyz6 20:05 -!- zodbot changed the topic of #fedora-meeting to: Important Tickets http://tinyurl.com/2hyyz6 (Meeting topic: Fedora Infrastructure) 20:05 < onekopaka> #link http://tinyurl.com/2hyyz6 20:05 < abadger1999> skvidal: Sorry. I'll call him out for a duel later. 20:05 -!- tatica [n=tatica at fedora/tatica] has joined #fedora-meeting 20:05 -!- Sparks_ [n=Sparks at fedora/Sparks] has joined #fedora-meeting 20:05 < smooge> We currently have one one important one and one that I will have in an hour or so 20:05 < LinuxCode> that the AGPL issue ? 20:05 < smooge> abadger1999, the important ticket is the one for you 20:06 < LinuxCode> no, nvm 20:06 < skvidal> abadger1999: you don't have to go quite that far - some casual passive-aggressive abuse is all that's really necessary :) 20:06 < smooge> #topic tickets 1503 20:06 -!- zodbot changed the topic of #fedora-meeting to: tickets 1503 (Meeting topic: Fedora Infrastructure) 20:06 < abadger1999> I've updated the implementation proposal: 20:06 < abadger1999> https://fedoraproject.org/wiki/Infrastructure_Licensing#Implementation 20:07 < abadger1999> It now has a rough plan for dealing with staging and publictest envs. 20:07 < abadger1999> ricky: Does that look doable to you? 20:07 < abadger1999> It's basically mod_auth_pgsql on the proxies for staging; mod_auth_pam individually for each publictest. 20:07 * ricky is reading though it now 20:08 < ricky> I'm not crazy about mod_auth_pam 20:08 < ricky> publictest servers are generally designed to be public so that everybody can see the progress 20:09 < ricky> For example, with the docs team and zikula - most interested people aren't in sysadmin-test 20:09 < abadger1999> 20:09 -!- JSchmitt [n=s4504kr at fedora/JSchmitt] has quit Remote closed the connection 20:09 < abadger1999> ricky: for that matter, staging is designed to be open for people to test. 20:10 < abadger1999> The thing is... we have to have some limit if we deal in AGPL. 20:10 < ricky> If this will be a burden we will have for *only* AGPLv3 apps, then it's their loss for whoever is testing the AGPL code 20:10 < thekad> maybe limiting to cla_done ? 20:10 < ricky> But it would be really bad if this had to affect everything on those machines. 20:10 < f13> wait a tic 20:10 < abadger1999> It will have to affect everyone on staging. 20:11 < LinuxCode> thekad, that would allow everyone access 20:11 * f13 just had a wonderful idea. 20:11 < abadger1999> well actually... 20:11 < thekad> LinuxCode, everyone in fp.o 20:11 < f13> does the AGPL allow for you to just put in a link that says "please contact if you would like a copy of the source" ? 20:11 < abadger1999> No I think we could do per-machine in publictest and per-app in staging. 20:11 < LinuxCode> thekad, exactly, that is not desirable 20:11 < abadger1999> f13: No. 20:11 < f13> and if so, we could just use that, and... 20:11 < f13> damn. 20:11 < LinuxCode> f13, from what I gathered no 20:11 * abadger1999 finds the license to be sure he's correct on that. 20:11 < f13> ok, crawling back into my hole. 20:11 < LinuxCode> It has be out there, i.e. a link 20:11 < ricky> If anything, I'd rather do the "always keep the copy of source in staging/testing publicly avaliable" thing for only AGPL apps than go with the annoying password stuff 20:12 < smooge> ricky, what if we added a new layer? privatetest servers? 20:12 < abadger1999> f13: I was told that that was one of hte differences between GPL and AGPL. 20:12 < abadger1999> I'd rather not keep the source... especially in publictest. 20:13 < ricky> My goal is to keep the burden of AGPL compliance on the author of the apps completely. 20:13 < LinuxCode> abadger1999, and that is where the infra people collided with legal 20:13 < ricky> And not inconvenience their testers, other people on the machines, etc. 20:13 < abadger1999> Because publictest is essentially a development box that may have more resources or a public IP compared to someone's personal machine 20:13 < LinuxCode> ricky, yes, but then we get the patch issue 20:13 < smooge> the only other item we could ask for is an worded exception from Legal for our apps where if they are on XYZ system we do not have to share the bits because they are not 'stable' 20:13 < LinuxCode> patches we use, have to be out there too 20:14 < LinuxCode> smooge, hmmm 20:14 < ricky> Yes, and the people that chose that license should deal with it. 20:14 < LinuxCode> I dont think that will go down too well 20:14 < LinuxCode> smooge, spot would have to ask 20:14 < ricky> If they're doing a test deploy straight out of a git repo, that could be fine for them 20:14 < abadger1999> ricky: Are they liable or are we? 20:14 < LinuxCode> ricky, if the code is accessible, yes 20:14 < ricky> But I'd rather keep the burden off of testers/users/other people that didn't choose AGPL :-) 20:15 < LinuxCode> if we patch, and dont make that patch public, we are the non-compliant party 20:15 < abadger1999> ricky: So... is we have two diffrent types of publictest we can have one steup for AGPL apps and one setup for nonAGPL. 20:15 < abadger1999> ricky: in puppet. 20:16 < ricky> As much as I hate the idea of us bending over backwards for just the AGPL apps, sure, that could work 20:16 < sijis> question is... what about a proposed patched that is being tested? does that need to be public? 20:16 < LinuxCode> sijis, technically from what I gathered, yes 20:16 < ricky> That seems like something that isn't all that painful from the "everybody else" standpoint, at least. 20:16 -!- MrTom [n=MrTom at fedora/MrTom] has left #fedora-meeting ["Konversation terminated!"] 20:16 < ricky> Unfortunately the same doesn't really apply to staging 20:16 < abadger1999> ricky: And in staging we could put do per in the config. 20:16 < smooge> abadger1999, to go over who is liable in such cases it is usually covered via an SLA or OLA where we say we host items for a "group" and that group has to maintain licenses etc.. if we find they are not we have the right to remove such code/etc. 20:16 < ricky> Staging tends to be deployed using RPMs though for what that's worth 20:17 < ricky> But if anything, this still impacts the non-sysadmin-test people who are testing the app 20:17 < abadger1999> sijis: yes. 20:17 < ricky> And I'd really hate to burden testers more. 20:17 < ricky> (With having to apply/request an account) 20:18 < smooge> hey its fedora.. if you don't sign the CLA do we care about you :P 20:18 < LinuxCode> ricky, the problem is also that they will have to send the code to two places 20:18 < abadger1999> So we can proceed two ways from here -- A) Come up with something better. B) decide we aren't going to relicense to AGPL (And pressure fedora community to move away from it) 20:18 < LinuxCode> one for hosting, to comply with availability requirements, second is for testing itself 20:18 < abadger1999> or just not let fedora community onto staging/publictest I suppose. 20:18 < ricky> My suggestion for A) is basically nirik's comment about gnuherds.org 20:18 < abadger1999> production we have a good plan for, I think 20:18 < ricky> Make the footer configurable, keep a tarball on ahnd 20:18 < ricky> **hand 20:19 < ricky> And retar/copy to a special directory on the publictest that's linked from the footer every time you make a change 20:19 < ricky> It might be something you do every time you restart apache to reload the changes 20:19 < LinuxCode> abadger1999, I believe many people are adamont about agpl use, as they want to require other user, of for instance Fedora community, to make their code available 20:19 -!- Sparks__ [n=Sparks at pool-173-71-143-92.nrflva.fios.verizon.net] has joined #fedora-meeting 20:20 -!- Sparks [n=Sparks at fedora/Sparks] has quit Read error: 110 (Connection timed out) 20:20 < ricky> Do that for the AGPL apps in staging/production (which are hopefully setup in a way so that the configuration is in a separate location) 20:20 < LinuxCode> so it doesnt end up being a one-sided development 20:20 < abadger1999> LinuxCode: that's fine... but it may mean we just can't offer the same support for developing Fedora Community than other apps. 20:20 < LinuxCode> abadger1999, I see both arguments here 20:20 < LinuxCode> it is not me who you have to convince hehe 20:20 < ricky> So that way, the AGPL people get their AGPL, and they're responsible for keeping compliance (which doesn't seem all that painful for them to maintain on a single publictest/staging machine) 20:21 < LinuxCode> ricky, wasnt the config going to be under a different license 20:21 < LinuxCode> ? 20:21 < LinuxCode> I thought that was agreed 20:21 < ricky> Instead of us having to lock people out of public things 20:21 < abadger1999> ricky: So... I think we're going to run into some problems with that. 20:21 < abadger1999> ricky: But I'd need to look at the AGPL again.... in GPLv2 there were things like "Prefered form of modification" 20:22 < abadger1999> when defining source. 20:22 < ricky> What kinds of problems would we run into? 20:22 < abadger1999> I don't think that tarball of currently running code necessarily fits that. 20:22 -!- mizmo [n=duffy at nat/redhat/x-rubduorufanykhnl] has quit Read error: 110 (Connection timed out) 20:22 < ricky> Ah. We'll need to find out exactly what that phrase means then. 20:23 < ricky> Do you happen to be familiar with what some of the requirements for that are? 20:23 < abadger1999> The script would also need to either be pretty generic or pretty specific -- as it would have to get every piece of source needed to run the service. 20:23 -!- alindebe [n=alindebe at nat/redhat/x-pyezahoxdxxglkkw] has quit Read error: 110 (Connection timed out) 20:23 -!- stickster is now known as stickster_afk 20:23 < abadger1999> which would be spread out to different parts of the filesystem. 20:23 < ricky> Like nirik mentioned, that's what gnuherds.org apparently does :-) 20:23 * nirik nods. 20:23 < abadger1999> ricky: gotta look up what AGPLv3 says... I'm only familiar with some of the arguments surrounding GPLv2. 20:23 -!- stickster_afk is now known as stickster 20:23 < LinuxCode> ricky, just to clarify, if a test system is available online, but meant not for public use, you are still liable to the AGPL requirements. 20:24 * abadger1999 notes 20 minutes. 20:24 -!- loupgaroublond [n=loupgaro at 82-171-65-13.ip.telfort.nl] has quit Read error: 113 (No route to host) 20:24 -!- mizmo [n=duffy at 66.187.234.199] has joined #fedora-meeting 20:24 -!- Pikachu_2014 [n=Pikachu_ at 85-169-116-49.rev.numericable.fr] has quit Read error: 113 (No route to host) 20:24 < ricky> Yes, just because it's available 20:24 -!- mizmo [n=duffy at 66.187.234.199] has quit Read error: 104 (Connection reset by peer) 20:24 < ricky> grepping for preferred, the only thing I see is: 20:24 < ricky> The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. 20:24 < LinuxCode> there was still discussion on that point though 20:24 -!- Pikachu_2014 [n=Pikachu_ at 85-169-116-49.rev.numericable.fr] has joined #fedora-meeting 20:24 -!- mizmo_ [n=duffy at 66.187.234.199] has joined #fedora-meeting 20:25 < abadger1999> ricky: yeah - so the wording is in there. We'd have to run it by legal to tell us what "preferred form of the work for making modifications" allows us to do. 20:25 -!- kital [n=jsimon at fedora/kital] has quit "leaving" 20:26 < abadger1999> ricky: (heh... and it will fail if someone writes some java code or uses google web toolkit to generate javascript) :-( 20:26 < ricky> Well, they wouldn't be live patching the generated javascript in staging, would they? 20:26 < abadger1999> or C python modules for speedups. 20:27 < abadger1999> we use stawging in different manners which is part of hte problem. 20:27 < ricky> How about: Is SCM + tag + directory containing changed files sufficient? 20:27 < smooge> ok I would like to close this up in 5. 20:27 < LinuxCode> agpl is a bitch 20:27 < smooge> this being this topic 20:27 < LinuxCode> lol 20:28 < ricky> Anyway, my main point is that I want to put the burden on the developers, not the other users of the machine or the people testing the app. Especially since we only have one AGPL app at the moment. 20:28 < abadger1999> So yeah, I can see live patching generated javascript in staging if I wanted to test whether a simple change would fix something. 20:28 < abadger1999> ricky: The proposal is to relicense all of our web apps. 20:29 < LinuxCode> ricky, yeh makes sense 20:29 * ricky isn't crazy about the idea given the above list of painful things :-) 20:29 < LinuxCode> ricky, tbh I dont even think the AGPL affects "normal users" 20:29 < abadger1999> ricky: Right. So we have two action items: 1) How can we make this less painful. 20:30 < ricky> 2) Based on answers to 1), decide if we should do it? 20:30 < LinuxCode> somebody will have to run this by legal and ask if it is possible to make a disclaimer, making the devs liable 20:30 < abadger1999> 2) If we can't make this less painful, we'll have to decide at some point if the pain is worth it or if we should choose a different license. 20:30 < LinuxCode> and if the agpl would accept that disclaimer 20:30 < abadger1999> ricky: Yep. Like GPLv2+ for instance. 20:31 < smooge> abadger1999, if the javascript is LGPL2+ and the app is AGPL. Do we share the patches for the LGPL2+ stuff immediately? 20:31 < ricky> OK, that's all I have to say on that pending answers/suggestions to the "how can we distribute the source on staging/publictest without locking them down" question 20:31 < abadger1999> smooge: According to spot, things the app uses are not subject to the AGPL. 20:31 < abadger1999> smooge: Only the app itself. 20:31 < LinuxCode> even the configs arent part of Section 13 of the AGPL 20:31 < smooge> so I would say that if its going to be up to the developer to deal with it 20:32 < abadger1999> smooge: I'm not clear on how it would affect a library that was licensed under the AGPL. 20:32 < ricky> It gets even more painful when we have to deal with 3rd party AGPL apps 20:32 < ricky> 3rd party apps that may not make the footer configurable or give us an easy way to make local patches 20:32 < smooge> and we would want to make our stuff set up as LGPL2+ where its going to be included ins something else 20:32 < LinuxCode> ricky, good point 20:33 < abadger1999> ricky: yep -- we'd immediately have to patch teh third party app to link to the source we use and put the patch into a hotfix ticket/the rpm. 20:33 < ricky> As we've seen here, there are ways to make things incredibly painful :-) 20:33 < LinuxCode> hehe 20:33 < ricky> Like if the patch to the footer is a patch to a generated file. 20:34 < abadger1999> smooge: -- In the Infra Licensing Guide, I say we're going to default to using LGPLv2+ for libraries, python modules, etc. 20:34 < LinuxCode> the AGPL is generally a good idea in terms of freedom of software and dev of that software 20:34 < ricky> A simple (or even critical security fix for example) could become a nightmare to do properly. 20:34 < LinuxCode> but for people running or deving its a bit of a pain 20:34 -!- Sparks_ [n=Sparks at fedora/Sparks] has quit Read error: 110 (Connection timed out) 20:34 < abadger1999> ricky: And then we might say, we are not going to run this app unless upstream applies the fix. 20:34 < dgilmore> ricky: yes and no 20:34 < ricky> And we've had to do those kinds of changes with FAS before. 20:34 < dgilmore> ricky: you just need to make the source available when you deploy the fix 20:35 < smooge> ok how much longer do people want to go over this? 20:35 < LinuxCode> ricky, the patch issue, could be deemed configuration, maybe something to ask legal for advice about... 20:35 < abadger1999> Err... fix == allow the footer to be configurable. 20:35 < dgilmore> smooge: lets move on 20:35 < abadger1999> smooge: I'm ready to move on. 20:35 < ricky> dgilmore: abadger1999 brought up some example with generated javascript, for example, where that becomes a mess 20:35 * ricky is ready to move on as well 20:35 < LinuxCode> +1 20:35 < smooge> #topic #1588 20:35 -!- zodbot changed the topic of #fedora-meeting to: #1588 (Meeting topic: Fedora Infrastructure) 20:35 < LinuxCode> could discuss this a whole week 20:36 < smooge> Ok next thursday we will be doing a reboot of a lot of the infrastructure systems 20:37 < smooge> most of the boxes have not rebooted or rebooted to the correct kernel for 2+ errata so its time to get er done 20:37 -!- tc141516 [n=blewis at fedora/tc1415] has joined #fedora-meeting 20:38 -!- sseiersen|Laptop [n=sseierse at pool-74-107-69-30.bltmmd.fios.verizon.net] has quit Read error: 113 (No route to host) 20:38 < smooge> do people have any comments on this? Buildsystem is the only one that I do not think will be affected 20:38 < LinuxCode> about time... 20:38 < abadger1999> smooge: Do you need help? 20:38 < LinuxCode> ;-p 20:39 < smooge> yes 20:39 < smooge> abadger1999, yes I do 20:39 < smooge> that is 20:39 < ricky> We'll need to make sure grub.conf is pointing at the right kernel first 20:39 < ricky> That may have been something we've overlooked before. 20:39 < abadger1999> Okay. 20:40 < ricky> I noticed that on a bunch of machines, it was not pointing to the newest kernel installed for some reason 20:40 < dgilmore> ricky: might have been a reason for it 20:40 < LinuxCode> smooge, have we ever tried to deploy infra using live kernel patching ? 20:40 < ricky> Then we'll want to find out what that was :-) 20:41 * abadger1999 fills in calendar: Thurs is for junior assistant sys admin work :-) 20:41 < ricky> xen15 is an example of one 20:41 < smooge> LinuxCode, no. If RHEL does not ship it we dont use it in production (for the most part) 20:41 < LinuxCode> smooge, makes sense 20:41 < ricky> Er, xen13 20:42 < smooge> I would like to have all bugs found where we need to stay with an older kernel to be filed. 20:42 < smooge> where is the best place for that? trac wiki? trac tickets? email? 20:42 -!- tatica [n=tatica at fedora/tatica] has quit "Saliendo" 20:42 -!- inode0 [n=inode0 at fedora/inode0] has joined #fedora-meeting 20:43 < thekad> smooge, if that's gonna change in the future, tickets, if not, wiki 20:43 < abadger1999> trac ticket with a keyword. 20:44 < smooge> ok cool. 20:44 -!- mizmo_ [n=duffy at 66.187.234.199] has quit Read error: 110 (Connection timed out) 20:44 < smooge> keyword: Omega Armageddon 20:44 < LinuxCode> lol 20:44 -!- sdziallas [n=sebastia at p5B042F60.dip.t-dialin.net] has quit "Ex-Chat" 20:44 < abadger1999> :-) 20:44 < LinuxCode> who says it will be the last armageddon ? hehe 20:44 < LinuxCode> ;-p 20:44 < smooge> We roll over to Alpha Alpha Armageddon 20:44 < LinuxCode> haha 20:44 < LinuxCode> k 20:45 < thekad> Armageddon-rc1 ? 20:45 < smooge> are there any known gotchas from the last one? 20:45 < smooge> last ones? 20:45 * ricky can't think of any reason to not boot the latest one apart from testing for a bug or something 20:45 < smooge> ok cool 20:45 -!- tc1415 [n=blewis at fedora/tc1415] has quit Connection timed out 20:46 < LinuxCode> 2.6.18-128.2.1.el5 ? 20:46 * LinuxCode cant think of anything 20:46 -!- Sonar_Guy [n=Who at fedora/sonarguy] has joined #fedora-meeting 20:46 < smooge> yes we should be on that one.. unless in the next week we have 2.2 or 3.0 or something 20:46 < abadger1999> ricky: Was the xen server that keeps rebooting thing resolved? 20:47 < abadger1999> I know we tried a specific kernel for that at one pint. 20:47 < ricky> Nope although it hasn't happened as of late 20:47 < abadger1999> **point 20:47 < ricky> That was xen13, which is fixed on an older kernel now (maybe for that reason?) 20:47 < abadger1999> Yeah, that's what I'm wondering. 20:47 < ricky> Sorry, fixed as in on that particular kernel, not the problem :-) 20:47 < abadger1999> 20:47 < ricky> The last I heard of that was it being fixed in rhel5u4 though 20:47 < LinuxCode> ricky, might be worth to give the new one a whirl 20:47 < LinuxCode> ohh ok 20:48 < ricky> So not something we're using yet. 20:48 < smooge> hey lets run the beta 20:48 * LinuxCode hits smooge 20:48 < LinuxCode> lol 20:49 < ricky> smooge: Might be good to send that outage to devel-announce too 20:49 * LinuxCode recalls a security issue with the beta 20:49 < smooge> ah good idea 20:49 < smooge> thanks ricky 20:49 < ricky> We should actually be able to do it without mirror list ouages 20:49 < ricky> Or DNS 20:49 < ricky> Or mail 20:49 < ricky> If we do it intelligently :-) 20:50 < ricky> For everything else, there'd be a blip when the dbs/CVS went down 20:50 < thekad> ricky, you realize that right now you have doomed us all, right? 20:50 < ricky> Hehe 20:50 < LinuxCode> smooge, please send an email to the infra list too please 20:50 -!- Sparks__ is now known as Sparks 20:50 < ricky> He just sent one :-) 20:50 < smooge> LinuxCode, I thought I just did 20:50 < LinuxCode> ohh lol 20:50 < LinuxCode> sorry 20:50 < smooge> ok I think we are to the next topic 20:50 < LinuxCode> I was still filtering for agpl sorry 20:50 < smooge> #topic Open Floor 20:50 -!- zodbot changed the topic of #fedora-meeting to: Open Floor (Meeting topic: Fedora Infrastructure) 20:51 -!- Sparks is now known as Guest32603 20:51 < ricky> Any new people want to say hi now? :-) 20:51 < smooge> I saw a couple earlier on 20:51 < smooge> iarlyy, hi 20:51 < ricky> Also one more thing on the outage 20:52 < ricky> buildsys might be affected momentarily if xen2/nfs1 are on the list 20:52 -!- jeff_hann [n=arares at 89.47.83.116] has quit Read error: 104 (Connection reset by peer) 20:52 -!- Guest32603 is now known as Sparks 20:52 < LinuxCode> ricky, might be smart to figure out a procedure for reboots 20:52 < ricky> So yeah, there'll be a bunch of people to ping in advance 20:52 < LinuxCode> and write it down 20:52 < ricky> Yeah, this needs to be SOPized 20:53 < ricky> This will be a good chance to do that 20:53 * ricky is making a list of machines with SPOFs on them now 20:53 < smooge> yeah.. my first SOP 20:53 < smooge> or my second.. 20:54 -!- inode0 [n=inode0 at fedora/inode0] has quit "Leaving." 20:55 < smooge> ok so buildsys will be affected I will ammend 20:56 < LinuxCode> anything else ? 20:56 * LinuxCode needs to jet to the shop 20:57 < abadger1999> Enter into the record that mmcgrath has a firstborn ;-) 20:57 < thekad> wow 20:57 < smooge> oh yes. 20:58 < sijis> congrats to mmcgrath! 20:58 < skvidal> abadger1999: with the initials of 'rpm' 20:58 < smooge> #record mmcgrath has a new born kid and will be on short shift for a while 20:58 < thekad> smooge, for the next 18 years I believe :P 20:58 < onekopaka> smooge: it's @infoo. 20:58 < onekopaka> #info* 20:59 < smooge> #info mmcgrath has a new born kid and will be on short shift for a while 21:00 < LinuxCode> I thought they were trying for one 21:00 < LinuxCode> lol 21:00 < LinuxCode> that was quick! 21:00 * LinuxCode must have misunderstood 21:00 < smooge> skvidal, and we noticed your patch request for the next child to be Yolanda Ulysses Mcgrath 21:00 < skvidal> Yolanda Ursula 21:00 < LinuxCode> skvidal, Ursula! 21:00 < LinuxCode> lol 21:00 < LinuxCode> PLEASE NO 21:00 < thekad> lol 21:00 -!- mbonnet is now known as mbonnet_ 21:00 < skvidal> no one gets my jokes 21:01 < LinuxCode> skvidal, lol 21:01 < smooge> If its a boy it will be Yojimbo Ulysses? 21:02 < smooge> skvidal, I got the joke.. I just forgot the Ursula unless there was a deeper joke with Ursula LeGuin I missed 21:04 < onekopaka> so we need to annouce on f-i-l that mmcgrath has a child now? 21:04 < skvidal> no 21:04 < sijis> we should have a whole subsite newborn.fp.o 21:04 < pjones> smooge: still say that if ajax ever has a kid, he has to name him lucious. 21:05 < thekad> pjones, ok, I didn't get that one 21:05 < smooge> I figured it would be shoeless 21:05 < ricky> (http://en.wikipedia.org/wiki/Luscious_Jackson) 21:05 * ricky just googled for it 21:05 -!- notting [n=notting at redhat/notting] has quit Read error: 110 (Connection timed out) 21:05 < pjones> ricky: wrong. 21:05 < ricky> Oh, the baseball player one? 21:05 < ricky> Er, basketball :-) 21:05 < pjones> http://en.wikipedia.org/wiki/Cool_Hand_Luke 21:05 < thekad> that has nothing to do with ajax I think 21:06 < ricky> Haha, wow 21:06 < pjones> (what we have here is a failure to communicate.) 21:06 < ricky> Heh 21:07 < thekad> wait, this meeting is over now, right? 21:07 < smooge> ok I think we are done now 21:07 < onekopaka> thekad: nah. 21:07 < smooge> #endmeeting 21:07 -!- zodbot changed the topic of #fedora-meeting to: Channel is used by various Fedora groups and committees for their regular meetings | Note that meetings often get logged | For questions about using Fedora please ask in #fedora | See http://fedoraproject.org/wiki/Meeting_channel for meeting schedule 21:07 < zodbot> Meeting ended Thu Aug 6 21:07:27 2009 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . 21:07 < zodbot> Minutes: http://meetbot.fedoraproject.org/fedora-meeting/2009-08-06/fedora-meeting.2009-08-06-20.01.html 21:07 < zodbot> Minutes (text): http://meetbot.fedoraproject.org/fedora-meeting/2009-08-06/fedora-meeting.2009-08-06-20.01.txt 21:07 * LinuxCode legs it 21:07 < zodbot> Log: http://meetbot.fedoraproject.org/fedora-meeting/2009-08-06/fedora-meeting.2009-08-06-20.01.log.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Fri Aug 7 15:23:44 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 7 Aug 2009 10:23:44 -0500 (CDT) Subject: RFR: Hosting for Beacon (DocBook Editor) Testing In-Reply-To: <146c63b10908050934t24e3a381sd5adbd4fd5ba333b@mail.gmail.com> References: <146c63b10908050934t24e3a381sd5adbd4fd5ba333b@mail.gmail.com> Message-ID: On Wed, 5 Aug 2009, satya komaragiri wrote: > Ticket filed at: https://fedorahosted.org/fedora-infrastructure/ticket/1580 > > ==Project Sponsor== > Name: Komaragiri Satya > Fedora Account Name: satyak > Group: Google Summer of Code 2008 > Infrastructure Sponsor: None yet. > > ==Secondary Contact info== > Name: Yaakov Nemoy > Fedora Account Name: ynemoy > Group: hgsmolt > > ==Project Info== > Project Name: Beacon > Target Audience: Documentation team and anyone else who wants a > WYSIWYM interface for DocBook XML. > Expiration/Delivery Date (required): December 31, 2009 > Description/Summary: > Beacon is a WYSIWYG web-based plug-able editor. Beacon is aimed at > being a generic XML editor. Any XML format that has an ultimate output > format like PDF or HTML is a good candidate for a beacon-editable > document. The GSoC project is to make a DocBook plug-in that the > Fedora documentation team can use and improve Beacon to support the > richness of DocBook. > > ==Project plan (Detailed):== > The project has been chosen as a Google Summer of Code project for > Fedora. We have been working on the DocBook plug-in for 2 months now. > The details about the project and the benefits to Fedora can be found > on the following links: > 1. https://fedoraproject.org/wiki/DocBook_Editor_Documentation 2. > https://fedoraproject.org/wiki/DocBook_Editor 3. > https://fedoraproject.org/wiki/DocBook_Editor_Feature 4. > http://beacon.kix.in/ 4. https://meworkstoo.blogspot.com > Currently, we have added support for the essential tag set as > discussed with the docs list. We are in the process of integrating > Beacon with Zikula and FAS2. We need hosting space so that we can put > up a demo for review from the documentation team. It is very essential > in order to get quality feedback so we can get it ready for > consumption by the end of GSoC period. > > Goals: Integrate beacon into Fedora in a seamless manner. Get it ready > for consumption by the end of GSoC. > > ==Specific resources needed== > 100MB disk space, write access to a directory, 1 MySQL database, PHP5+ > compiled with XSL and JSON support. > > ==Additional Info (Optional)== > Links given above. > K, so this is for the zikula deployment. Go ahead and apply for sysadmin-test and we'll get this all taken care of. smooge, ricky or toshio, if I'm not around would one of you mind helping answer questions and such with this. Please do stop by #fedora-admin on irc.freenode.net with questions. -Mike From a.badger at gmail.com Fri Aug 7 18:48:22 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 07 Aug 2009 11:48:22 -0700 Subject: RFR: Hosting for Beacon (DocBook Editor) Testing In-Reply-To: References: <146c63b10908050934t24e3a381sd5adbd4fd5ba333b@mail.gmail.com> Message-ID: <4A7C76F6.3080707@gmail.com> On 08/07/2009 08:23 AM, Mike McGrath wrote: > On Wed, 5 Aug 2009, satya komaragiri wrote: > > K, so this is for the zikula deployment. Go ahead and apply for > sysadmin-test and we'll get this all taken care of. > > smooge, ricky or toshio, if I'm not around would one of you mind helping > answer questions and such with this. Yep, Satya, I'm abadger1999 on IRC. ricky and smooge's irc nicks are self-explanatory :-) -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From opensource at till.name Fri Aug 7 21:49:45 2009 From: opensource at till.name (Till Maas) Date: Fri, 07 Aug 2009 23:49:45 +0200 Subject: Bugzilla bot account / Fedora mail alias In-Reply-To: References: <200907171833.17017.opensource@till.name> Message-ID: <20090807214945.GA26641@genius.kawo2.rwth-aachen.de> On Fri, Jul 17, 2009 at 11:51:41AM -0500, Matt_Domsch at Dell.com wrote: > My FTBFS bugzilla account is in the 'editbugs' group in bugzilla so it > can set the blocked/dependson lists. That may also be necessary to > change them to ASSIGNED. You have to first file the bug as NEW, then > modify it to be ASSIGNED (and set nomail=1 to avoid sending the mail on > this act). It is now possible to directly create bugs with state ASSIGNED: https://bugzilla.redhat.com/show_bug.cgi?id=516208 Regards Till -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From mmcgrath at redhat.com Mon Aug 10 21:46:29 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 10 Aug 2009 16:46:29 -0500 (CDT) Subject: F-I freeze! Message-ID: It's that time of the year again! The alpha will be out in two weeks from tomorrow and that means we'll be frozen tomorrow. http://fedoraproject.org/wiki/Infrastructure/SOP/Release#Change_Freeze This is a pre-release freeze. We have gotten the OK from release engineering to go ahead with our planed kernel update this Thursday (thanks smooge) Let me know if you have any questions. -Mike From mmcgrath at redhat.com Wed Aug 12 01:30:14 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 11 Aug 2009 20:30:14 -0500 (CDT) Subject: Change request - Yum update Message-ID: Turns out there's yet another kernel update available for RHEL5. Since I've run into issues updating a kernel and not other packages I'd like us to do a yum update of all the packages. We shouldn't be far off but there's a kernel and glibc update available. We can run them through staging first for good measure. The reboot is on Thursday, it'd be good to have this all done prior to that. -Mike From a.badger at gmail.com Wed Aug 12 01:32:15 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Tue, 11 Aug 2009 18:32:15 -0700 Subject: Change request - Yum update In-Reply-To: References: Message-ID: <4A821B9F.4000702@gmail.com> On 08/11/2009 06:30 PM, Mike McGrath wrote: > Turns out there's yet another kernel update available for RHEL5. Since > I've run into issues updating a kernel and not other packages I'd like us > to do a yum update of all the packages. We shouldn't be far off but > there's a kernel and glibc update available. We can run them through > staging first for good measure. > > The reboot is on Thursday, it'd be good to have this all done prior to > that. > +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From ricky at fedoraproject.org Wed Aug 12 01:35:46 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 11 Aug 2009 21:35:46 -0400 Subject: Change request - Yum update In-Reply-To: References: Message-ID: <20090812013546.GC2225@alpha.rzhou.org> On 2009-08-11 08:30:14 PM, Mike McGrath wrote: > Turns out there's yet another kernel update available for RHEL5. Since > I've run into issues updating a kernel and not other packages I'd like us > to do a yum update of all the packages. We shouldn't be far off but > there's a kernel and glibc update available. We can run them through > staging first for good measure. > > The reboot is on Thursday, it'd be good to have this all done prior to > that. +1 Please let us know if there are any particular packages to *not* update. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From ricky at fedoraproject.org Wed Aug 12 03:30:57 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 11 Aug 2009 23:30:57 -0400 Subject: xen15 outage - sorry :-( Message-ID: <20090812033057.GD2225@alpha.rzhou.org> Hey, here's a quick report of what just happened on xen15 and its guests: At around 3:00 UTC, I saw a puppet error email complaining about an error on running /sbin/service iscsi start on xen15. I logged onto xen15 and stupidly ran a /etc/init.d/iscsi restart, realizing what I had actually done a moment later. I saw disk errors on the consoles of db2 and relepel1, which were on iscsi. At this point, I tried to shut all iscsi guests on that machine down (db2, relepel1, sign-bridge1) with xm shutdown. db2 and relepel1 both finished shutting down, but I had to xm destroy sign-bridge1 as it hung at the end. After all guests were down, I followed the Logging Out procedure at https://fedoraproject.org/wiki/ISCSI_Infrastructure_SOP, ran /etc/init.d/iscsi restart, then followed the Logging In procedure. At that point, I was able to xm create all three guests again, and they seem back up now (although an unrelated VPN outage is still keeping web apps down at the moment). If anybody sees any issues on any of these hosts - particularly with data on db2, it could be related to this. Sorry about this, I'll definitely think more before I run a command like that next time. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From ricky at fedoraproject.org Wed Aug 12 03:46:28 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 11 Aug 2009 23:46:28 -0400 Subject: Change request - Convert smolt host table to innodb Message-ID: <20090812034628.GE2225@alpha.rzhou.org> Hi, we've been looking at all the smolt outages recently, and after looking into it a bit, we'd like to try converting the host table in the smolt database to InnoDB so that we will get row level locking. This is a very low impact change, and when we tested in staging, it caused smolt to stop accepting new submissions for about 20 minutes (smoltSendProfile will simply time out during that period). If we run into any issues, we can easily revert back to MyISAM (and doing so took <5 minutes on staging). Can I get two +1s for this? Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From ricky at fedoraproject.org Wed Aug 12 03:56:51 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 11 Aug 2009 23:56:51 -0400 Subject: [Change Request] Don't try to restart iscsi{,d} Message-ID: <20090812035651.GA17975@alpha.rzhou.org> In light of what I just did to xen15, I'd like to make this change so that puppet never makes the same mistake :-) --- modules/iscsi-initiator-utils/manifests/init.pp | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/modules/iscsi-initiator-utils/manifests/init.pp b/modules/iscsi-initiator-utils/manifests/init.pp index 4fbd54c..193b377 100644 --- a/modules/iscsi-initiator-utils/manifests/init.pp +++ b/modules/iscsi-initiator-utils/manifests/init.pp @@ -33,7 +33,9 @@ class iscsi-initiator-utils::initiator { file { '/etc/iscsi/initiatorname.iscsi': content => template("iscsi-initiator-utils/initiatorname.iscsi.erb"), require => Package['iscsi-initiator-utils'], - notify => [Service['iscsi'], Service['iscsid']], + # Never, ever notify this service - do any restarts manually + # after making sure that nothing is using a disk on iscsi. + #notify => [Service['iscsi'], Service['iscsid']], } } -- 1.5.5.6 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From smooge at gmail.com Wed Aug 12 04:09:58 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Tue, 11 Aug 2009 22:09:58 -0600 Subject: [Change Request] Don't try to restart iscsi{,d} In-Reply-To: <20090812035651.GA17975@alpha.rzhou.org> References: <20090812035651.GA17975@alpha.rzhou.org> Message-ID: <80d7e4090908112109l19cc6869g9bf2a9e8bee9fd44@mail.gmail.com> +1 to make this change. Things are screwey enought right now wihtout it accidently doing it . On Tue, Aug 11, 2009 at 9:56 PM, Ricky Zhou wrote: > In light of what I just did to xen15, I'd like to make this change so > that puppet never makes the same mistake :-) > > --- > ?modules/iscsi-initiator-utils/manifests/init.pp | ? ?4 +++- > ?1 files changed, 3 insertions(+), 1 deletions(-) > > diff --git a/modules/iscsi-initiator-utils/manifests/init.pp b/modules/iscsi-initiator-utils/manifests/init.pp > index 4fbd54c..193b377 100644 > --- a/modules/iscsi-initiator-utils/manifests/init.pp > +++ b/modules/iscsi-initiator-utils/manifests/init.pp > @@ -33,7 +33,9 @@ class iscsi-initiator-utils::initiator { > ? ? file { '/etc/iscsi/initiatorname.iscsi': > ? ? ? ? content => template("iscsi-initiator-utils/initiatorname.iscsi.erb"), > ? ? ? ? require => Package['iscsi-initiator-utils'], > - ? ? ? ?notify => [Service['iscsi'], Service['iscsid']], > + ? ? ? ?# Never, ever notify this service - do any restarts manually > + ? ? ? ?# after making sure that nothing is using a disk on iscsi. > + ? ? ? ?#notify => [Service['iscsi'], Service['iscsid']], > ? ? } > ?} > > -- > 1.5.5.6 > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning From laxathom at fedoraproject.org Wed Aug 12 08:17:29 2009 From: laxathom at fedoraproject.org (Xavier Lamien) Date: Wed, 12 Aug 2009 10:17:29 +0200 Subject: Change request - Convert smolt host table to innodb In-Reply-To: <20090812034628.GE2225@alpha.rzhou.org> References: <20090812034628.GE2225@alpha.rzhou.org> Message-ID: <62bc09df0908120117s78a1577fmd5c435798e5a28a3@mail.gmail.com> On Wed, Aug 12, 2009 at 5:46 AM, Ricky Zhou wrote: > Hi, we've been looking at all the smolt outages recently, and after > looking into it a bit, we'd like to try converting the host table in the > smolt database to InnoDB so that we will get row level locking. > > This is a very low impact change, and when we tested in staging, it > caused smolt to stop accepting new submissions for about 20 minutes > (smoltSendProfile will simply time out during that period). ?If we run > into any issues, we can easily revert back to MyISAM (and doing so took > <5 minutes on staging). > > Can I get two +1s for this? > +1 -- Xavier.t Lamien -- http://fedoraproject.org/wiki/XavierLamien GPG-Key ID: F3903DEB Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB From mmcgrath at redhat.com Wed Aug 12 17:44:39 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 12 Aug 2009 12:44:39 -0500 (CDT) Subject: Change request - Convert smolt host table to innodb In-Reply-To: <62bc09df0908120117s78a1577fmd5c435798e5a28a3@mail.gmail.com> References: <20090812034628.GE2225@alpha.rzhou.org> <62bc09df0908120117s78a1577fmd5c435798e5a28a3@mail.gmail.com> Message-ID: On Wed, 12 Aug 2009, Xavier Lamien wrote: > On Wed, Aug 12, 2009 at 5:46 AM, Ricky Zhou wrote: > > Hi, we've been looking at all the smolt outages recently, and after > > looking into it a bit, we'd like to try converting the host table in the > > smolt database to InnoDB so that we will get row level locking. > > > > This is a very low impact change, and when we tested in staging, it > > caused smolt to stop accepting new submissions for about 20 minutes > > (smoltSendProfile will simply time out during that period). ?If we run > > into any issues, we can easily revert back to MyISAM (and doing so took > > <5 minutes on staging). > > > > Can I get two +1s for this? > > > > +1 > +1 this is something we'e been working on for a while -Mike From lmacken at redhat.com Wed Aug 12 18:10:54 2009 From: lmacken at redhat.com (Luke Macken) Date: Wed, 12 Aug 2009 14:10:54 -0400 Subject: [Change Request] Move Fedora Community's beaker session secret In-Reply-To: <20090812035651.GA17975@alpha.rzhou.org> References: <20090812035651.GA17975@alpha.rzhou.org> Message-ID: <20090812181054.GA3424@x300.redhat.com> Trivial change, I would like to move Fedora Community's beaker.session.secret into our passwords git module (and change it, of course). --- a/modules/fedoracommunity/templates/fedoracommunity-prod.ini.erb +++ b/modules/fedoracommunity/templates/fedoracommunity-prod.ini.erb @@ -117,7 +117,7 @@ full_stack = true #lang = ru #cache_dir = /var/cache/fedoracommunity/data beaker.session.key = fedoracommunity -beaker.session.secret = ? +beaker.session.secret = <%= fcommBeakerSessionSecret %> beaker.cache.type = ext:memcached beaker.cache.url = memcached1;memcached2 From ricky at fedoraproject.org Wed Aug 12 18:12:28 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Wed, 12 Aug 2009 14:12:28 -0400 Subject: [Change Request] Move Fedora Community's beaker session secret In-Reply-To: <20090812181054.GA3424@x300.redhat.com> References: <20090812035651.GA17975@alpha.rzhou.org> <20090812181054.GA3424@x300.redhat.com> Message-ID: <20090812181228.GA15426@alpha.rzhou.org> On 2009-08-12 02:10:54 PM, Luke Macken wrote: > Trivial change, > > I would like to move Fedora Community's beaker.session.secret into our > passwords git module (and change it, of course). +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From a.badger at gmail.com Wed Aug 12 18:11:27 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 12 Aug 2009 11:11:27 -0700 Subject: [Change Request] Don't try to restart iscsi{,d} In-Reply-To: <80d7e4090908112109l19cc6869g9bf2a9e8bee9fd44@mail.gmail.com> References: <20090812035651.GA17975@alpha.rzhou.org> <80d7e4090908112109l19cc6869g9bf2a9e8bee9fd44@mail.gmail.com> Message-ID: <4A8305CF.4000106@gmail.com> On 08/11/2009 09:09 PM, Stephen John Smoogen wrote: > +1 to make this change. Things are screwey enought right now wihtout > it accidently doing it . > +1 -Toshio > On Tue, Aug 11, 2009 at 9:56 PM, Ricky Zhou wrote: >> In light of what I just did to xen15, I'd like to make this change so >> that puppet never makes the same mistake :-) >> >> --- >> modules/iscsi-initiator-utils/manifests/init.pp | 4 +++- >> 1 files changed, 3 insertions(+), 1 deletions(-) >> >> diff --git a/modules/iscsi-initiator-utils/manifests/init.pp b/modules/iscsi-initiator-utils/manifests/init.pp >> index 4fbd54c..193b377 100644 >> --- a/modules/iscsi-initiator-utils/manifests/init.pp >> +++ b/modules/iscsi-initiator-utils/manifests/init.pp >> @@ -33,7 +33,9 @@ class iscsi-initiator-utils::initiator { >> file { '/etc/iscsi/initiatorname.iscsi': >> content => template("iscsi-initiator-utils/initiatorname.iscsi.erb"), >> require => Package['iscsi-initiator-utils'], >> - notify => [Service['iscsi'], Service['iscsid']], >> + # Never, ever notify this service - do any restarts manually >> + # after making sure that nothing is using a disk on iscsi. >> + #notify => [Service['iscsi'], Service['iscsid']], >> } >> } >> >> -- >> 1.5.5.6 >> >> >> _______________________________________________ >> Fedora-infrastructure-list mailing list >> Fedora-infrastructure-list at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list >> >> > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From a.badger at gmail.com Wed Aug 12 18:12:16 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 12 Aug 2009 11:12:16 -0700 Subject: [Change Request] Move Fedora Community's beaker session secret In-Reply-To: <20090812181054.GA3424@x300.redhat.com> References: <20090812035651.GA17975@alpha.rzhou.org> <20090812181054.GA3424@x300.redhat.com> Message-ID: <4A830600.7070309@gmail.com> On 08/12/2009 11:10 AM, Luke Macken wrote: > Trivial change, > > I would like to move Fedora Community's beaker.session.secret into our > passwords git module (and change it, of course). > > --- a/modules/fedoracommunity/templates/fedoracommunity-prod.ini.erb > +++ b/modules/fedoracommunity/templates/fedoracommunity-prod.ini.erb > @@ -117,7 +117,7 @@ full_stack = true > #lang = ru > #cache_dir = /var/cache/fedoracommunity/data > beaker.session.key = fedoracommunity > -beaker.session.secret = ? > +beaker.session.secret = <%= fcommBeakerSessionSecret %> > > beaker.cache.type = ext:memcached > beaker.cache.url = memcached1;memcached2 > +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From onekopaka at gmail.com Wed Aug 12 18:17:32 2009 From: onekopaka at gmail.com (Darren VanBuren) Date: Wed, 12 Aug 2009 11:17:32 -0700 Subject: [Change Request] Move Fedora Community's beaker session secret In-Reply-To: <20090812181054.GA3424@x300.redhat.com> References: <20090812035651.GA17975@alpha.rzhou.org> <20090812181054.GA3424@x300.redhat.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 12, 2009, at 11:10 AM, Luke Macken wrote: > Trivial change, > > I would like to move Fedora Community's beaker.session.secret into our > passwords git module (and change it, of course). > > --- a/modules/fedoracommunity/templates/fedoracommunity- > prod.ini.erb > +++ b/modules/fedoracommunity/templates/fedoracommunity- > prod.ini.erb > @@ -117,7 +117,7 @@ full_stack = true > #lang = ru > #cache_dir = /var/cache/fedoracommunity/data > beaker.session.key = fedoracommunity > -beaker.session.secret = ? > +beaker.session.secret = <%= fcommBeakerSessionSecret %> > > beaker.cache.type = ext:memcached > beaker.cache.url = memcached1;memcached2 +1, if I were a sysadmin-main person. Darren VanBuren onekopaka at gmail.com ==================== http://oks.verymad.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkqDBzwACgkQBkMMSWb0YpbTNACfdyYR7Uol/oA+hPtuO5ywvaqo 8NoAoI3htjeghQc0A0mWCgs04xPo11LD =dkgV -----END PGP SIGNATURE----- From rmeggins at redhat.com Wed Aug 12 20:27:57 2009 From: rmeggins at redhat.com (Rich Megginson) Date: Wed, 12 Aug 2009 14:27:57 -0600 Subject: Need a package added to the compose for F-10 and F-11 Message-ID: <4A8325CD.9040301@redhat.com> The package 389-adminutil is needed to build 389-admin and 389-dsgw, but I don't want to push out 389-adminutil to stable by itself without the other 389 packages - I'd like to push out to stable all of the 389 packages at the same time. Therefore, I'd like 389-adminutil added to the "compose" for F-10 and F-11 so that I can build 389-admin and 389-dsgw on F-10 and F-11. Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature URL: From tmz at pobox.com Wed Aug 12 20:52:45 2009 From: tmz at pobox.com (Todd Zullinger) Date: Wed, 12 Aug 2009 16:52:45 -0400 Subject: Need a package added to the compose for F-10 and F-11 In-Reply-To: <4A8325CD.9040301@redhat.com> References: <4A8325CD.9040301@redhat.com> Message-ID: <20090812205245.GK4573@inocybe.localdomain> Rich, Rich Megginson wrote: > The package 389-adminutil is needed to build 389-admin and 389-dsgw, > but I don't want to push out 389-adminutil to stable by itself > without the other 389 packages - I'd like to push out to stable all > of the 389 packages at the same time. Therefore, I'd like > 389-adminutil added to the "compose" for F-10 and F-11 so that I can > build 389-admin and 389-dsgw on F-10 and F-11. If Jesse or another release-engineering member doesn't spot this and take care of it, you probably want to file it as a ticket in the rel-eng trac system: https://fedorahosted.org/rel-eng/ Ask for a buildroot override and specify which package versions (e.g. 389-adminutil-1.2.3-4.fc10) you want and in which releases you want them. (I could swear this is tucked away on the wiki somewhere, but all I found in a quick search was in a section on rawhide chain builds: https://fedoraproject.org/wiki/Using_the_Koji_build_system#Chained_builds) -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistics are like a lamp-post to a drunken man - more for leaning on than illumination. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From mikeb at redhat.com Thu Aug 13 15:35:18 2009 From: mikeb at redhat.com (Mike Bonnet) Date: Thu, 13 Aug 2009 11:35:18 -0400 Subject: Messaging SIG - proposal for our notification infrastructure In-Reply-To: <1195178098.468621249424440134.JavaMail.root@zmail04.collab.prod.int.phx2.redhat.com> References: <1195178098.468621249424440134.JavaMail.root@zmail04.collab.prod.int.phx2.redhat.com> Message-ID: <4A8432B6.4090500@redhat.com> On 08/04/2009 06:20 PM, John Palmieri wrote: > Hey everyone. I put up a proposal[1] that describes a publish/subscribe setup for the infrastructure wide notification system. I haven't quite gotten to the publish side of things because the QMF docs get a little hazy there but the meat of the proposal is there and I wanted to get feedback sooner than later. An event/notification system is important to the work I need to do going forward. I specifically avoided method invocation and properties/statistics as they can be added in a later round if we feel we need them. I do feel statistics might be nice (for instance keeping track of information that is expensive to do via a query but cheap to update based on events) but they are a bonus that we don't need right away. Thanks for writing this up, I'm glad this is finally gaining some momentum, and I'm going to be working on adding support for this to Koji soon. In addition to the event model you outline, I think we should also look at how we can support synchronous communication (method calls) via the bus. One of the big advantages of the bus is having a single transport and data exchange format, rather than having to teach each application how to speak xml-rpc, json, soap, etc. http://qpid.apache.org/qmf-protocol.html has some interesting notes about communication patterns. The unsolicited-indication looks like our event use-case. Request-response would be a normal method call. Query-indication looks like something in-between, and would be useful for getting information about a long-running process (koji watch-task comes to mind). To enable two-way communication we'll need some kind of adapter framework that sits on the bus and converts method calls on the bus to requests to the back-end services. Ideally this layer will be generic enough to be used by many/all of the different services used in the infrastructure. It could even be a single instance which registers multiple objects on the bus and proxies their methods to the separate backend systems. From lmacken at redhat.com Thu Aug 13 17:00:59 2009 From: lmacken at redhat.com (Luke Macken) Date: Thu, 13 Aug 2009 13:00:59 -0400 Subject: [Change Request] Bodhi masher update on releng2 and relepel1 Message-ID: <20090813170059.GE3424@x300.redhat.com> Hey Guys, I'd like to do a bodhi masher upgrade on releng2 and relepel1. There are no critical changes for the app1-6 bodhi instances, so there is no need to upgrade those just yet. Effected code paths for releng2/relepel1 bodhi mashers: - Fix a bug that would cause duplicate update IDs across Fedora 10/11 (#515853) https://fedorahosted.org/bodhi/changeset/ff2fa4f45b980f0ccbabb0dd40b213f25468f374 - Fixes koji session timeout bug that has been lurking for a while https://fedorahosted.org/bodhi/changeset/da86a7a44fecb097ee1ffc40ba9614a04594cd31 - Remove some noisy debugging statements Thanks, luke From ricky at fedoraproject.org Thu Aug 13 17:12:47 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 13 Aug 2009 13:12:47 -0400 Subject: [Change Request] Bodhi masher update on releng2 and relepel1 In-Reply-To: <20090813170059.GE3424@x300.redhat.com> References: <20090813170059.GE3424@x300.redhat.com> Message-ID: <20090813171246.GA7452@alpha.rzhou.org> On 2009-08-13 01:00:59 PM, Luke Macken wrote: > I'd like to do a bodhi masher upgrade on releng2 and relepel1. There are no > critical changes for the app1-6 bodhi instances, so there is no need to upgrade > those just yet. Effected code paths for releng2/relepel1 bodhi mashers: > > - Fix a bug that would cause duplicate update IDs across Fedora 10/11 (#515853) > https://fedorahosted.org/bodhi/changeset/ff2fa4f45b980f0ccbabb0dd40b213f25468f374 > - Fixes koji session timeout bug that has been lurking for a while > https://fedorahosted.org/bodhi/changeset/da86a7a44fecb097ee1ffc40ba9614a04594cd31 > - Remove some noisy debugging statements +1 This will probably have to go after the mass reboot today. Thanks. Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From a.badger at gmail.com Thu Aug 13 17:20:30 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 13 Aug 2009 10:20:30 -0700 Subject: [Change Request] Bodhi masher update on releng2 and relepel1 In-Reply-To: <20090813170059.GE3424@x300.redhat.com> References: <20090813170059.GE3424@x300.redhat.com> Message-ID: <4A844B5E.50204@gmail.com> On 08/13/2009 10:00 AM, Luke Macken wrote: > Hey Guys, > > I'd like to do a bodhi masher upgrade on releng2 and relepel1. There are no > critical changes for the app1-6 bodhi instances, so there is no need to upgrade > those just yet. Effected code paths for releng2/relepel1 bodhi mashers: > > - Fix a bug that would cause duplicate update IDs across Fedora 10/11 (#515853) > https://fedorahosted.org/bodhi/changeset/ff2fa4f45b980f0ccbabb0dd40b213f25468f374 > - Fixes koji session timeout bug that has been lurking for a while > https://fedorahosted.org/bodhi/changeset/da86a7a44fecb097ee1ffc40ba9614a04594cd31 > - Remove some noisy debugging statements > +1 If this breaks it can be reverted on releng2/relepel1 without an outage for packagers correct? -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From frankc.fedora at gmail.com Thu Aug 13 18:59:35 2009 From: frankc.fedora at gmail.com (Frank Chiulli) Date: Thu, 13 Aug 2009 11:59:35 -0700 Subject: IPTable setting for Infrastructure Message-ID: I recently installed F11 over F10. Everything appears to be working just fine. However, I just remembered that Mike McGrath had sent out an email about settings for IPTables that he wanted everyone to use. Unfortunately, I did not bookmark the page. I did try the Infrastructure SOPs (https://fedoraproject.org/w/index.php?title=Special:PrefixIndex&from=Infrastructure%2FSOP&namespace=0) but did not see it there. Unless, of course, I can only see out of one eye. Does anyone have the link? Thank, Frank From lmacken at redhat.com Thu Aug 13 19:19:58 2009 From: lmacken at redhat.com (Luke Macken) Date: Thu, 13 Aug 2009 15:19:58 -0400 Subject: [Change Request] Bodhi masher update on releng2 and relepel1 In-Reply-To: <4A844B5E.50204@gmail.com> References: <20090813170059.GE3424@x300.redhat.com> <4A844B5E.50204@gmail.com> Message-ID: <20090813191958.GF3424@x300.redhat.com> On Thu, Aug 13, 2009 at 10:20:30AM -0700, Toshio Kuratomi wrote: > On 08/13/2009 10:00 AM, Luke Macken wrote: > > Hey Guys, > > > > I'd like to do a bodhi masher upgrade on releng2 and relepel1. There are no > > critical changes for the app1-6 bodhi instances, so there is no need to upgrade > > those just yet. Effected code paths for releng2/relepel1 bodhi mashers: > > > > - Fix a bug that would cause duplicate update IDs across Fedora 10/11 (#515853) > > https://fedorahosted.org/bodhi/changeset/ff2fa4f45b980f0ccbabb0dd40b213f25468f374 > > - Fixes koji session timeout bug that has been lurking for a while > > https://fedorahosted.org/bodhi/changeset/da86a7a44fecb097ee1ffc40ba9614a04594cd31 > > - Remove some noisy debugging statements > > > > +1 > > If this breaks it can be reverted on releng2/relepel1 without an outage > for packagers correct? Correct, it won't effect the web interface or packagers. luke From ricky at fedoraproject.org Thu Aug 13 19:20:03 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 13 Aug 2009 15:20:03 -0400 Subject: IPTable setting for Infrastructure In-Reply-To: References: Message-ID: <20090813192003.GA8444@alpha.rzhou.org> On 2009-08-13 11:59:35 AM, Frank Chiulli wrote: > I recently installed F11 over F10. Everything appears to be working > just fine. However, I just remembered that Mike McGrath had sent out > an email about settings for IPTables that he wanted everyone to use. > Unfortunately, I did not bookmark the page. I did try the > Infrastructure SOPs > (https://fedoraproject.org/w/index.php?title=Special:PrefixIndex&from=Infrastructure%2FSOP&namespace=0) > but did not see it there. Unless, of course, I can only see out of > one eye. > > Does anyone have the link? It's at http://infrastructure.fedoraproject.org/csi/security-policy/en-US/html-single/, but it's down now due to a scheduled outage. I think it's linked from hte Orientation SOP, but maybe we should link it from elsewhere as well. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From ricky at fedoraproject.org Thu Aug 13 21:14:52 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 13 Aug 2009 17:14:52 -0400 Subject: [Change Request] Spam l10n-admin-members instead. Message-ID: <20090813211452.GA21238@alpha.rzhou.org> The db connection limit errors were our fault, we'll look into those separately, the rest of the spam should go to l10n-admin-members instead :-) --- modules/transifex/templates/00-default.conf.erb | 5 +---- 1 files changed, 1 insertions(+), 4 deletions(-) diff --git a/modules/transifex/templates/00-default.conf.erb b/modules/transifex/templates/00-default.conf.erb index 320fec0..067a1d4 100644 --- a/modules/transifex/templates/00-default.conf.erb +++ b/modules/transifex/templates/00-default.conf.erb @@ -31,10 +31,7 @@ logging.basicConfig( ) ADMINS = ( - ('Diego Burigo Zacarao', 'diegobz at gmail.com'), - ('Dimitris Glezos', 'dimitris at glezos.com'), - ('Ignacio Vazquez-Abrams', 'ivazqueznet at gmail.com'), - ('Fedora Admins', 'admin at fedoraproject.org'), + ('Fedora Admins', 'l10n-admin-members at fedoraproject.org'), ) MANAGERS = ADMINS -- 1.5.5.6 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From a.badger at gmail.com Thu Aug 13 22:40:39 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 13 Aug 2009 15:40:39 -0700 Subject: [Change Request] Spam l10n-admin-members instead. In-Reply-To: <20090813211452.GA21238@alpha.rzhou.org> References: <20090813211452.GA21238@alpha.rzhou.org> Message-ID: <4A849667.8070701@gmail.com> On 08/13/2009 02:14 PM, Ricky Zhou wrote: > The db connection limit errors were our fault, we'll look into those > separately, the rest of the spam should go to l10n-admin-members instead > :-) > > --- > modules/transifex/templates/00-default.conf.erb | 5 +---- > 1 files changed, 1 insertions(+), 4 deletions(-) > > diff --git a/modules/transifex/templates/00-default.conf.erb b/modules/transifex/templates/00-default.conf.erb > index 320fec0..067a1d4 100644 > --- a/modules/transifex/templates/00-default.conf.erb > +++ b/modules/transifex/templates/00-default.conf.erb > @@ -31,10 +31,7 @@ logging.basicConfig( > ) > > ADMINS = ( > - ('Diego Burigo Zacarao', 'diegobz at gmail.com'), > - ('Dimitris Glezos', 'dimitris at glezos.com'), > - ('Ignacio Vazquez-Abrams', 'ivazqueznet at gmail.com'), > - ('Fedora Admins', 'admin at fedoraproject.org'), > + ('Fedora Admins', 'l10n-admin-members at fedoraproject.org'), > ) > > MANAGERS = ADMINS > > Sounds good. +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From frankc.fedora at gmail.com Thu Aug 13 22:45:27 2009 From: frankc.fedora at gmail.com (Frank Chiulli) Date: Thu, 13 Aug 2009 15:45:27 -0700 Subject: IPTable setting for Infrastructure In-Reply-To: <20090813192003.GA8444@alpha.rzhou.org> References: <20090813192003.GA8444@alpha.rzhou.org> Message-ID: On Thu, Aug 13, 2009 at 12:20 PM, Ricky Zhou wrote: > On 2009-08-13 11:59:35 AM, Frank Chiulli wrote: >> I recently installed F11 over F10. ?Everything appears to be working >> just fine. ?However, I just remembered that Mike McGrath had sent out >> an email about settings for IPTables that he wanted everyone to use. >> Unfortunately, I did not bookmark the page. ?I did try the >> Infrastructure SOPs >> (https://fedoraproject.org/w/index.php?title=Special:PrefixIndex&from=Infrastructure%2FSOP&namespace=0) >> but did not see it there. ?Unless, of course, I can only see out of >> one eye. >> >> Does anyone have the link? > It's at > http://infrastructure.fedoraproject.org/csi/security-policy/en-US/html-single/, > but it's down now due to a scheduled outage. ?I think it's linked from > hte Orientation SOP, but maybe we should link it from elsewhere as well. > > Thanks, > Ricky > Ricky, Thanks. Everything is up-to-date again and bookmarked! Frank From mmcgrath at redhat.com Fri Aug 14 02:23:04 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 13 Aug 2009 21:23:04 -0500 (CDT) Subject: [Change Request] Spam l10n-admin-members instead. In-Reply-To: <4A849667.8070701@gmail.com> References: <20090813211452.GA21238@alpha.rzhou.org> <4A849667.8070701@gmail.com> Message-ID: On Thu, 13 Aug 2009, Toshio Kuratomi wrote: > On 08/13/2009 02:14 PM, Ricky Zhou wrote: > > The db connection limit errors were our fault, we'll look into those > > separately, the rest of the spam should go to l10n-admin-members instead > > :-) > > > > --- > > modules/transifex/templates/00-default.conf.erb | 5 +---- > > 1 files changed, 1 insertions(+), 4 deletions(-) > > > > diff --git a/modules/transifex/templates/00-default.conf.erb b/modules/transifex/templates/00-default.conf.erb > > index 320fec0..067a1d4 100644 > > --- a/modules/transifex/templates/00-default.conf.erb > > +++ b/modules/transifex/templates/00-default.conf.erb > > @@ -31,10 +31,7 @@ logging.basicConfig( > > ) > > > > ADMINS = ( > > - ('Diego Burigo Zacarao', 'diegobz at gmail.com'), > > - ('Dimitris Glezos', 'dimitris at glezos.com'), > > - ('Ignacio Vazquez-Abrams', 'ivazqueznet at gmail.com'), > > - ('Fedora Admins', 'admin at fedoraproject.org'), > > + ('Fedora Admins', 'l10n-admin-members at fedoraproject.org'), > > ) > > > > MANAGERS = ADMINS > > > > > Sounds good. > > +1 > +1 -Mike From a.badger at gmail.com Fri Aug 14 18:43:37 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 14 Aug 2009 11:43:37 -0700 Subject: [Change Request] Enable rw /mnt/fedora on puppet1 Message-ID: <4A85B059.6070602@gmail.com> Currently we're mounting /mnt/fedora ro on puppet1. I think that this was a change committed in puppet that affected the /etc/fstab file. That didn't come into play until we rebooted puppet1 last night -- the reboot caused the new fstab to be used and mount /mnt/fedora ro. Here's the changeset that caused that: Date: Fri Jun 26 22:53:26 2009 +0000 e mount instead of nfs. diff --git a/modules/puppet/manifests/init.pp b/modules/puppet/manifests/init.pp index 21b8d62..0af2273 100644 --- a/modules/puppet/manifests/init.pp +++ b/modules/puppet/manifests/init.pp @@ -75,9 +75,12 @@ class puppet::master::mounts { ensure => directory, } - nfs { "/mnt/fedora": + mount { "/mnt/fedora": device => "ntap-fedora1.fedora.phx.redhat.com:/vol/fedora/", - require => File["/mnt/fedora/"], + fstype => "nfs", + ensure => "mounted", + options => "defaults,ro,soft,intr", + require => File["/mnt/fedora"], } } I'd like to make the following change to this: - options => "defaults,ro,soft,intr", + options => "defaults,rw,soft,intr", Can I get two +1's for my change? -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From ricky at fedoraproject.org Fri Aug 14 19:55:56 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Fri, 14 Aug 2009 15:55:56 -0400 Subject: [Change Request] Enable rw /mnt/fedora on puppet1 In-Reply-To: <4A85B059.6070602@gmail.com> References: <4A85B059.6070602@gmail.com> Message-ID: <20090814195556.GA20286@alpha.rzhou.org> On 2009-08-14 11:43:37 AM, Toshio Kuratomi wrote: > Currently we're mounting /mnt/fedora ro on puppet1. I think that this > was a change committed in puppet that affected the /etc/fstab file. > That didn't come into play until we rebooted puppet1 last night -- the > reboot caused the new fstab to be used and mount /mnt/fedora ro. Yow, that was my mistake, +1 to fixing it :-) Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From dennis at ausil.us Fri Aug 14 19:54:15 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Fri, 14 Aug 2009 14:54:15 -0500 Subject: [Change Request] Enable rw /mnt/fedora on puppet1 Message-ID: +1 from me Dennis Toshio Kuratomi wrote: >Currently we're mounting /mnt/fedora ro on puppet1. I think that this >was a change committed in puppet that affected the /etc/fstab file. >That didn't come into play until we rebooted puppet1 last night -- the >reboot caused the new fstab to be used and mount /mnt/fedora ro. > >Here's the changeset that caused that: > >Date: Fri Jun 26 22:53:26 2009 +0000 > > e mount instead of nfs. > >diff --git a/modules/puppet/manifests/init.pp >b/modules/puppet/manifests/init.pp >index 21b8d62..0af2273 100644 >--- a/modules/puppet/manifests/init.pp >+++ b/modules/puppet/manifests/init.pp >@@ -75,9 +75,12 @@ class puppet::master::mounts { > ensure => directory, > } > >- nfs { "/mnt/fedora": >+ mount { "/mnt/fedora": > device => "ntap-fedora1.fedora.phx.redhat.com:/vol/fedora/", >- require => File["/mnt/fedora/"], >+ fstype => "nfs", >+ ensure => "mounted", >+ options => "defaults,ro,soft,intr", >+ require => File["/mnt/fedora"], > } > } > > >I'd like to make the following change to this: > >- options => "defaults,ro,soft,intr", >+ options => "defaults,rw,soft,intr", > >Can I get two +1's for my change? > >-Toshio > >_______________________________________________ >Fedora-infrastructure-list mailing list >Fedora-infrastructure-list at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list -- Sent from my Android phone with K-9. Please excuse my brevity. From ricky at fedoraproject.org Sun Aug 16 02:16:30 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Sat, 15 Aug 2009 22:16:30 -0400 Subject: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines? Message-ID: <20090816021630.GA4330@alpha.rzhou.org> Hey, I've been thinking about sudo passwords (particularly on publictest machines, where security holes in apps being developed cant turn up from time to time). Could enabling NOPASSWD for sudo and disabling agent forwarding on publictest machines be a good option for lowering the possible impact if anything were to happen on the publictest machines? The specific situation that I'm thinking about right now is: * Command execution hole in some app in testing (this has happened) * Kernel bugs like the two that have shown up in the past month * People like me regularly entering their FAS password on publictest machines and having SSH agent forwarding enabled Maybe this is being too paranoid or not the best ultimate solution (Mike mentioned that he was looking into alternatives to entering sudo passwords, for example), but it does seem like a real risk given the freedom we allow for testing stuff out on the publictest machines. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Mon Aug 17 02:23:37 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 16 Aug 2009 21:23:37 -0500 (CDT) Subject: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines? In-Reply-To: <20090816021630.GA4330@alpha.rzhou.org> References: <20090816021630.GA4330@alpha.rzhou.org> Message-ID: On Sat, 15 Aug 2009, Ricky Zhou wrote: > Hey, I've been thinking about sudo passwords (particularly on publictest > machines, where security holes in apps being developed cant turn up from > time to time). > > Could enabling NOPASSWD for sudo and disabling agent forwarding on > publictest machines be a good option for lowering the possible impact if > anything were to happen on the publictest machines? > > The specific situation that I'm thinking about right now is: > * Command execution hole in some app in testing (this has happened) > * Kernel bugs like the two that have shown up in the past month > * People like me regularly entering their FAS password on publictest > machines and having SSH agent forwarding enabled > > Maybe this is being too paranoid or not the best ultimate solution (Mike > mentioned that he was looking into alternatives to entering sudo > passwords, for example), but it does seem like a real risk given the > freedom we allow for testing stuff out on the publictest machines. > I'm conflicted on this, there's valid points here but also the risks are fairly low. As far as disabling agent forwarding, that's trivial to re-enable if the box gets rooted. Specifically we're trying to protect against a rooted publictest box becoming a password harvester right? -Mike From jgarzik at pobox.com Mon Aug 17 13:22:28 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Mon, 17 Aug 2009 09:22:28 -0400 Subject: IPv6 for Fedora services? Message-ID: <4A895994.2020701@pobox.com> Is there any IPv6 plan for *.fedoraproject.org ? One plan chosen by projects (including wikimedia) is a staged rollout, like this: 1) enable IPv6 reachability and AAAA records for DNS servers 2) enable IPv6 for small-audience or developer-only services, such as cvs/svn/git services 3) enable IPv6 for primary services, such as public web Such staged rollouts attempt to balance the potential for service disruption due to end-user misconfiguration, with pushing technological progress foward. As of today, for months, the DNS root servers are reachable via IPv6 and have AAAA records. Any chance we could look at step #1 or #2 for Fedora? I am hoping that Fedora can be a leader rather than a follower in deploying this new technology. Jeff From katzj at redhat.com Mon Aug 17 13:30:04 2009 From: katzj at redhat.com (Jeremy Katz) Date: Mon, 17 Aug 2009 09:30:04 -0400 Subject: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines? In-Reply-To: References: <20090816021630.GA4330@alpha.rzhou.org> Message-ID: <20090817133003.GA39187@redhat.com> On Sunday, August 16 2009, Mike McGrath said: > I'm conflicted on this, there's valid points here but also the risks are > fairly low. As far as disabling agent forwarding, that's trivial to > re-enable if the box gets rooted. We could add something to the security doc suggesting something like the following in ~/.ssh/config Host publictest*.fedoraproject.org ForwardAgent no Jeremy From mmcgrath at redhat.com Mon Aug 17 14:01:27 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 17 Aug 2009 09:01:27 -0500 (CDT) Subject: IPv6 for Fedora services? In-Reply-To: <4A895994.2020701@pobox.com> References: <4A895994.2020701@pobox.com> Message-ID: On Mon, 17 Aug 2009, Jeff Garzik wrote: > > Is there any IPv6 plan for *.fedoraproject.org ? > There is currently no plan. -Mike From Matt_Domsch at Dell.com Mon Aug 17 14:33:15 2009 From: Matt_Domsch at Dell.com (Matt Domsch) Date: Mon, 17 Aug 2009 14:33:15 +0000 Subject: IPv6 for Fedora services? Message-ID: <1818203341-1250519589-cardhu_decombobulator_blackberry.rim.net-1275313540-@bxe1282.bisx.prod.on.blackberry> Do we know if native IPv6 connectivity is available in any of our colo sites, or if we would need to use some form of tunnel? ------Original Message------ From: Mike McGrath Sender: fedora-infrastructure-list-bounces at redhat.com To: Fedora Infrastructure ReplyTo: Fedora Infrastructure Subject: Re: IPv6 for Fedora services? Sent: Aug 17, 2009 10:01 AM On Mon, 17 Aug 2009, Jeff Garzik wrote: > > Is there any IPv6 plan for *.fedoraproject.org ? > There is currently no plan. -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list at redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From felix at fetzig.org Mon Aug 17 14:37:14 2009 From: felix at fetzig.org (Felix Kaechele) Date: Mon, 17 Aug 2009 16:37:14 +0200 Subject: IPv6 for Fedora services? In-Reply-To: <1818203341-1250519589-cardhu_decombobulator_blackberry.rim.net-1275313540-@bxe1282.bisx.prod.on.blackberry> References: <1818203341-1250519589-cardhu_decombobulator_blackberry.rim.net-1275313540-@bxe1282.bisx.prod.on.blackberry> Message-ID: <4A896B1A.4020309@fetzig.org> The Server(s) in Germany is/are hosted at Telia which AFAIK has native IPv6 support. Greetings, Felix Am 17.08.2009 16:33, schrieb Matt Domsch: > Do we know if native IPv6 connectivity is available in any of our colo sites, or if we would need to use some form of tunnel? > > > ------Original Message------ > From: Mike McGrath > Sender: fedora-infrastructure-list-bounces at redhat.com > To: Fedora Infrastructure > ReplyTo: Fedora Infrastructure > Subject: Re: IPv6 for Fedora services? > Sent: Aug 17, 2009 10:01 AM > > On Mon, 17 Aug 2009, Jeff Garzik wrote: > >> >> Is there any IPv6 plan for *.fedoraproject.org ? >> > > There is currently no plan. > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > > -- > Matt Domsch > Technology Strategist, Dell Office of the CTO > linux.dell.com & www.dell.com/linux > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From dennis at ausil.us Mon Aug 17 15:29:14 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Mon, 17 Aug 2009 10:29:14 -0500 Subject: IPv6 for Fedora services? In-Reply-To: <1818203341-1250519589-cardhu_decombobulator_blackberry.rim.net-1275313540-@bxe1282.bisx.prod.on.blackberry> References: <1818203341-1250519589-cardhu_decombobulator_blackberry.rim.net-1275313540-@bxe1282.bisx.prod.on.blackberry> Message-ID: <200908171029.16378.dennis@ausil.us> On Monday 17 August 2009 09:33:15 am Matt Domsch wrote: > Do we know if native IPv6 connectivity is available in any of our colo > sites, or if we would need to use some form of tunnel? We would have to use tunnels. one or two of our sites may offer ipv6 but AFIAK the bulk do not. Dennis > > ------Original Message------ > From: Mike McGrath > Sender: fedora-infrastructure-list-bounces at redhat.com > To: Fedora Infrastructure > ReplyTo: Fedora Infrastructure > Subject: Re: IPv6 for Fedora services? > Sent: Aug 17, 2009 10:01 AM > > On Mon, 17 Aug 2009, Jeff Garzik wrote: > > Is there any IPv6 plan for *.fedoraproject.org ? > > There is currently no plan. > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > > -- > Matt Domsch > Technology Strategist, Dell Office of the CTO > linux.dell.com & www.dell.com/linux > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From tristan.santore at internexusconnect.net Mon Aug 17 15:57:42 2009 From: tristan.santore at internexusconnect.net (Tristan Santore) Date: Mon, 17 Aug 2009 16:57:42 +0100 Subject: IPv6 for Fedora services? In-Reply-To: <200908171029.16378.dennis@ausil.us> References: <1818203341-1250519589-cardhu_decombobulator_blackberry.rim.net-1275313540-@bxe1282.bisx.prod.on.blackberry> <200908171029.16378.dennis@ausil.us> Message-ID: <4A897DF6.1040009@internexusconnect.net> On 17/08/09 16:29, Dennis Gilmore wrote: > On Monday 17 August 2009 09:33:15 am Matt Domsch wrote: > >> Do we know if native IPv6 connectivity is available in any of our colo >> sites, or if we would need to use some form of tunnel? >> > We would have to use tunnels. > > one or two of our sites may offer ipv6 but AFIAK the bulk do not. > > Dennis > > >> ------Original Message------ >> From: Mike McGrath >> Sender: fedora-infrastructure-list-bounces at redhat.com >> To: Fedora Infrastructure >> ReplyTo: Fedora Infrastructure >> Subject: Re: IPv6 for Fedora services? >> Sent: Aug 17, 2009 10:01 AM >> >> On Mon, 17 Aug 2009, Jeff Garzik wrote: >> >>> Is there any IPv6 plan for *.fedoraproject.org ? >>> >> There is currently no plan. >> >> -Mike >> >> _______________________________________________ >> Fedora-infrastructure-list mailing list >> Fedora-infrastructure-list at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list >> >> >> -- >> Matt Domsch >> Technology Strategist, Dell Office of the CTO >> linux.dell.com& www.dell.com/linux >> >> _______________________________________________ >> Fedora-infrastructure-list mailing list >> Fedora-infrastructure-list at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list >> > > ------------------------------------------------------------------------ > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > 6 to 4 could be deployed anywhere, pretty easily. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 Tristan.Santore at internexusconnect.net Thawte Notary For Fedora related issues, please email me at: TSantore at fedoraproject.org -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3388 bytes Desc: S/MIME Cryptographic Signature URL: From jgarzik at pobox.com Mon Aug 17 16:29:33 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Mon, 17 Aug 2009 12:29:33 -0400 Subject: IPv6 for Fedora services? In-Reply-To: References: <4A895994.2020701@pobox.com> Message-ID: <4A89856D.4090107@pobox.com> On 08/17/2009 10:01 AM, Mike McGrath wrote: > On Mon, 17 Aug 2009, Jeff Garzik wrote: >> Is there any IPv6 plan for *.fedoraproject.org ? > There is currently no plan. What needs to be done to create a plan, and move forward? Jeff From mel at redhat.com Mon Aug 17 16:37:46 2009 From: mel at redhat.com (Mel Chua) Date: Mon, 17 Aug 2009 12:37:46 -0400 Subject: Self-introduction: Mel Chua Message-ID: <4A89875A.9060209@redhat.com> Hiya. Infrastructure newbie here. I'm Mel; some of you have seen me around (particularly in Marketing). https://fedoraproject.org/wiki/User:Mchua has more introduction-esque stuff. Ricky sponsored me for sysadmin-test so I can get up a test instance of zikula for FI (https://fedoraproject.org/wiki/Fedora_Insight) - copious documentation being written at http://blog.melchua.com/2009/08/16/how-the-zikula-based-test-instance-of-fi-was-put-up-part-1/ (to be turned into wiki notes when everything is up and working). [1] This is the first time I've done sysadmin-type stuff on a box that wasn't my own personal computer, and it's been fascinating so far to learn how things work when multiple users get involved. You'll see questions from me on IRC (mchua) once in a while - thanks to everyone who's been extending such a warm welcome! This is much less scary than I thought it would be. ;) --Mel [1] If anyone's interested in playing with a Real Zikula Project early, we could definitely use help; we're serving as a guinea pig for future bigger projects like The Great Docs Migration, so there's a ton of stuff I don't think anybody really knows yet. If someone's looking for a project for the remainder of F12 and wants to learn about zikula and run with the tech/infrastructure stuff for FI for a few months, we should talk. From skvidal at fedoraproject.org Mon Aug 17 16:39:44 2009 From: skvidal at fedoraproject.org (Seth Vidal) Date: Mon, 17 Aug 2009 12:39:44 -0400 (EDT) Subject: IPv6 for Fedora services? In-Reply-To: <4A89856D.4090107@pobox.com> References: <4A895994.2020701@pobox.com> <4A89856D.4090107@pobox.com> Message-ID: On Mon, 17 Aug 2009, Jeff Garzik wrote: > On 08/17/2009 10:01 AM, Mike McGrath wrote: >> On Mon, 17 Aug 2009, Jeff Garzik wrote: >>> Is there any IPv6 plan for *.fedoraproject.org ? > >> There is currently no plan. > > What needs to be done to create a plan, and move forward? > someone who cares about ipv6 to lead it, I suspect. -sv From mmcgrath at redhat.com Mon Aug 17 17:43:44 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 17 Aug 2009 12:43:44 -0500 (CDT) Subject: IPv6 for Fedora services? In-Reply-To: <4A89856D.4090107@pobox.com> References: <4A895994.2020701@pobox.com> <4A89856D.4090107@pobox.com> Message-ID: On Mon, 17 Aug 2009, Jeff Garzik wrote: > On 08/17/2009 10:01 AM, Mike McGrath wrote: > > On Mon, 17 Aug 2009, Jeff Garzik wrote: > > > Is there any IPv6 plan for *.fedoraproject.org ? > > > There is currently no plan. > > What needs to be done to create a plan, and move forward? > Someone with a clear idea of the benefits, costs, and a plan for implementation. -Mike From ricky at fedoraproject.org Mon Aug 17 18:18:08 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Mon, 17 Aug 2009 14:18:08 -0400 Subject: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines? In-Reply-To: References: <20090816021630.GA4330@alpha.rzhou.org> Message-ID: <20090817181808.GA11411@alpha.rzhou.org> On 2009-08-16 09:23:37 PM, Mike McGrath wrote: > I'm conflicted on this, there's valid points here but also the risks are > fairly low. As far as disabling agent forwarding, that's trivial to > re-enable if the box gets rooted. Yeah, that's true - what Jeremy suggested sounds like a better idea (and perhaps it could be added to CSI). > Specifically we're trying to protect against a rooted publictest box > becoming a password harvester right? Yup (and SSH agent harvesters as well). The goal is that if a publictest machine were compromised (since it'd probably be one of the easier targets), any damage would be confined to that machine as much as possible. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Mon Aug 17 19:44:58 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 17 Aug 2009 14:44:58 -0500 (CDT) Subject: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines? In-Reply-To: <20090817181808.GA11411@alpha.rzhou.org> References: <20090816021630.GA4330@alpha.rzhou.org> <20090817181808.GA11411@alpha.rzhou.org> Message-ID: On Mon, 17 Aug 2009, Ricky Zhou wrote: > On 2009-08-16 09:23:37 PM, Mike McGrath wrote: > > I'm conflicted on this, there's valid points here but also the risks are > > fairly low. As far as disabling agent forwarding, that's trivial to > > re-enable if the box gets rooted. > Yeah, that's true - what Jeremy suggested sounds like a better idea (and > perhaps it could be added to CSI). > > > Specifically we're trying to protect against a rooted publictest box > > becoming a password harvester right? > Yup (and SSH agent harvesters as well). The goal is that if a > publictest machine were compromised (since it'd probably be one of the > easier targets), any damage would be confined to that machine as much as > possible. > On a related note, I would like to have a policy of rebuilding the test boxes more often then we do. Just a thought. -Mike From ricky at fedoraproject.org Mon Aug 17 20:06:13 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Mon, 17 Aug 2009 16:06:13 -0400 Subject: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines? In-Reply-To: References: <20090816021630.GA4330@alpha.rzhou.org> <20090817181808.GA11411@alpha.rzhou.org> Message-ID: <20090817200613.GC11411@alpha.rzhou.org> On 2009-08-17 02:44:58 PM, Mike McGrath wrote: > On a related note, I would like to have a policy of rebuilding the test > boxes more often then we do. Just a thought. Agreed. publictest15 is nearing a year old, which I think is way too long for a publictest machine. It has all sorts of junk on it now (like the errors that Eric got about /opt/zimbra when trying to setup zikula). Here s a summary of our currently running publictest machines and the date they were built on (from an rpm -qa --last | tail -1): publictest1: Sun 10 May 2009 09:46:49 PM GMT publictest2: Fri 29 May 2009 11:06:26 PM UTC publictest3: Thu 11 Jun 2009 09:25:56 PM UTC publictest6: Tue 23 Jun 2009 08:34:50 PM UTC publictest7: Tue 30 Jun 2009 08:24:36 PM UTC publictest10: Tue 02 Dec 2008 10:45:16 PM UTC publictest14: Tue 16 Dec 2008 10:38:09 PM UTC publictest15: Thu 28 Aug 2008 06:26:33 PM UTC publictest16: Thu 23 Oct 2008 06:14:22 PM UTC All the 2008 ones should probably be rebuilt when possible - any thoughts as to what a good policy for this would be? Maybe after ~4-6 months, we should stop putting new projects on publictest machines, and rebuild them once all current projects are finished? The wiki pages could also be great for tracking some of this stuff. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Mon Aug 17 20:36:40 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 17 Aug 2009 15:36:40 -0500 (CDT) Subject: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines? In-Reply-To: <20090817200613.GC11411@alpha.rzhou.org> References: <20090816021630.GA4330@alpha.rzhou.org> <20090817181808.GA11411@alpha.rzhou.org> <20090817200613.GC11411@alpha.rzhou.org> Message-ID: On Mon, 17 Aug 2009, Ricky Zhou wrote: > On 2009-08-17 02:44:58 PM, Mike McGrath wrote: > > On a related note, I would like to have a policy of rebuilding the test > > boxes more often then we do. Just a thought. > Agreed. publictest15 is nearing a year old, which I think is way too Ugh, a year old. /me checks his calendar. My god has it been a year already? https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00008.html wow. -Mike From stickster at gmail.com Mon Aug 17 21:04:40 2009 From: stickster at gmail.com (Paul W. Frields) Date: Mon, 17 Aug 2009 17:04:40 -0400 Subject: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines? In-Reply-To: References: <20090816021630.GA4330@alpha.rzhou.org> <20090817181808.GA11411@alpha.rzhou.org> <20090817200613.GC11411@alpha.rzhou.org> Message-ID: <20090817210440.GG10297@localhost.localdomain> On Mon, Aug 17, 2009 at 03:36:40PM -0500, Mike McGrath wrote: > On Mon, 17 Aug 2009, Ricky Zhou wrote: > > > On 2009-08-17 02:44:58 PM, Mike McGrath wrote: > > > On a related note, I would like to have a policy of rebuilding the test > > > boxes more often then we do. Just a thought. > > Agreed. publictest15 is nearing a year old, which I think is way too > > > Ugh, a year old. /me checks his calendar. > > My god has it been a year already? > > https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00008.html > > wow. It seems like only a few months since... oh wait, it was: https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug From mmcgrath at redhat.com Mon Aug 17 22:04:44 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 17 Aug 2009 17:04:44 -0500 (CDT) Subject: Self-introduction: Mel Chua In-Reply-To: <4A89875A.9060209@redhat.com> References: <4A89875A.9060209@redhat.com> Message-ID: On Mon, 17 Aug 2009, Mel Chua wrote: > Hiya. Infrastructure newbie here. I'm Mel; some of you have seen me around > (particularly in Marketing). https://fedoraproject.org/wiki/User:Mchua has > more introduction-esque stuff. > > Ricky sponsored me for sysadmin-test so I can get up a test instance of zikula > for FI (https://fedoraproject.org/wiki/Fedora_Insight) - copious documentation > being written at > http://blog.melchua.com/2009/08/16/how-the-zikula-based-test-instance-of-fi-was-put-up-part-1/ > (to be turned into wiki notes when everything is up and working). [1] > > This is the first time I've done sysadmin-type stuff on a box that wasn't my > own personal computer, and it's been fascinating so far to learn how things > work when multiple users get involved. You'll see questions from me on IRC > (mchua) once in a while - thanks to everyone who's been extending such a warm > welcome! This is much less scary than I thought it would be. ;) > > --Mel > > [1] If anyone's interested in playing with a Real Zikula Project early, we > could definitely use help; we're serving as a guinea pig for future bigger > projects like The Great Docs Migration, so there's a ton of stuff I don't > think anybody really knows yet. If someone's looking for a project for the > remainder of F12 and wants to learn about zikula and run with the > tech/infrastructure stuff for FI for a few months, we should talk. > Hey Mel, thanks for the intro. I'd say more to you but you already know your way around and I see you on IRC from time to time so I'll see you around :) -Mike From smparrish at gmail.com Mon Aug 17 22:48:07 2009 From: smparrish at gmail.com (Steven M. Parrish) Date: Mon, 17 Aug 2009 18:48:07 -0400 Subject: Wan't to join and why Message-ID: <200908171848.07754.smparrish@gmail.com> Hi guys and gals, I am looking to join both the sysadmin-test and sysadmin-cvs groups. Why you might ask? Well I'll tell you. I wan't to get more involved in Fedora. Here is my current Fedora resume... - BugZapper for both KDE and Packagekit. - Maintain 20+ packages and am a Sponsor in the packaging group. - Work closely with the OLPC and Sugar folks at getting and maintaining the packages in Fedora - Responsible for creating builds of F11 with Sugar specifically for the OLPC XO-1 (Hope to get an XO-1.5 soon) see http://wiki.laptop.org/go/F11_for_XO-1 for info on this. What I am looking to do now is create a very simplified bugzilla interface that can be used by OLPC users, mostly children, to report issues with Sugar Activities in Fedora. Will develop in PHP and would like to develop and test it on one of the publictest servers. Also would like to help maintain the cvs servers and projects contained there. Any questions just ask. ===================================================== Steven M. Parrish ------------------------------------------------------------------------------------------------- gpg fingerprint: 4B6C 8357 059E B7ED 8095 0FD6 1F4B EDA0 A9A6 13C0 http://tuxbrewr.fedorapeople.org/ irc.freenode.net: SMParrish @ #fedora-kde, #fedora-devel, #fedora-olpc, #sugar From ricky at fedoraproject.org Tue Aug 18 00:22:08 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Mon, 17 Aug 2009 20:22:08 -0400 Subject: publictest10 rebuild Message-ID: <20090818002208.GA20757@alpha.rzhou.org> Hey, is anybody currently using publictest10? I haven't seen any logins from anybody other than mmcgrath, myself, smooge, and nb (for doing a yum update) since May, and this machine is due for a rebuild, as mentioned in the earlier thread. If anybody still needs anything from pt10, now's a good time to copy it off - otherwise, it'll be rebuilt sometime in the next few days. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From thinklinux.ssh at gmail.com Tue Aug 18 01:13:23 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Tue, 18 Aug 2009 06:43:23 +0530 Subject: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines? In-Reply-To: <20090817200613.GC11411@alpha.rzhou.org> References: <20090816021630.GA4330@alpha.rzhou.org> <20090817181808.GA11411@alpha.rzhou.org> <20090817200613.GC11411@alpha.rzhou.org> Message-ID: > Agreed. ?publictest15 is nearing a year old, which I think is way too > long for a publictest machine. ?It has all sorts of junk on it now (like > the errors that Eric got about /opt/zimbra when trying to setup zikula). Yes, It have 15 different calender setup ad other related things. So it already had zikula and probably zimbra too. ;) Notify me if you plan to rebuild it. The webcalender, on which testing is pending, is there too. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From a.badger at gmail.com Tue Aug 18 02:49:27 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Mon, 17 Aug 2009 19:49:27 -0700 Subject: Wan't to join and why In-Reply-To: <200908171848.07754.smparrish@gmail.com> References: <200908171848.07754.smparrish@gmail.com> Message-ID: <4A8A16B7.5000905@gmail.com> On 08/17/2009 03:48 PM, Steven M. Parrish wrote: > Hi guys and gals, > > I am looking to join both the sysadmin-test and sysadmin-cvs groups. Why you > might ask? Well I'll tell you. I wan't to get more involved in Fedora. > > Here is my current Fedora resume... > > - BugZapper for both KDE and Packagekit. > - Maintain 20+ packages and am a Sponsor in the packaging group. > - Work closely with the OLPC and Sugar folks at getting and maintaining the > packages in Fedora > - Responsible for creating builds of F11 with Sugar specifically for the OLPC > XO-1 (Hope to get an XO-1.5 soon) see http://wiki.laptop.org/go/F11_for_XO-1 > for info on this. > > What I am looking to do now is create a very simplified bugzilla interface that > can be used by OLPC users, mostly children, to report issues with Sugar > Activities in Fedora. Will develop in PHP and would like to develop and test > it on one of the publictest servers. > > Also would like to help maintain the cvs servers and projects contained there. > > Any questions just ask. > Is this intended to be deployed onto Fedora Infrastructure boxes eventually or just be developed/demoed on the publictest infrastructure? We haven't had development of known-non-Fedora stuff done previously but this might be a valid first case. If it's intended to run on Fedora Infrastructure, we very much prefer developing them in python. In fact, I don't think we have any non-python developed stuff. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mel at redhat.com Tue Aug 18 03:36:25 2009 From: mel at redhat.com (Mel Chua) Date: Mon, 17 Aug 2009 23:36:25 -0400 Subject: Wan't to join and why In-Reply-To: <4A8A16B7.5000905@gmail.com> References: <200908171848.07754.smparrish@gmail.com> <4A8A16B7.5000905@gmail.com> Message-ID: <4A8A21B9.8000107@redhat.com> >> What I am looking to do now is create a very simplified bugzilla interface that >> can be used by OLPC users, mostly children, to report issues with Sugar >> Activities in Fedora. Will develop in PHP and would like to develop and test >> it on one of the publictest servers. I am ignorant of much of the context surrounding this, but it seems to me that this may be... (1) technically an upstream-in-bugzilla project, perhaps (2) potentially awesome for getting feedback from fedora users (provide a better on-ramp for participation - though I don't know all the ways we're getting user feedback now, and how effective current methods are at turning users into contributors). This would be if the interface is generalizable to "simplified bugzilla interface" and is customizable for audiences beyond OLPC-using children. If #2, might be handy to deploy for Fedora in general as well (so long as we can think of ways to make sure the feedback/brainstorms actually get filtered into actionableness, and that the folks who submit that feedback are encouraged to take those actions.) These are side musings, though. --Mel From smparrish at gmail.com Tue Aug 18 12:21:53 2009 From: smparrish at gmail.com (Steven M. Parrish) Date: Tue, 18 Aug 2009 08:21:53 -0400 Subject: Wan't to join and why References: <200908171848.07754.smparrish@gmail.com> <4A8A16B7.5000905@gmail.com> Message-ID: Toshio Kuratomi wrote: > On 08/17/2009 03:48 PM, Steven M. Parrish wrote: >> Hi guys and gals, >> >> I am looking to join both the sysadmin-test and sysadmin-cvs groups. Why >> you >> might ask? Well I'll tell you. I wan't to get more involved in Fedora. >> >> Here is my current Fedora resume... >> >> - BugZapper for both KDE and Packagekit. >> - Maintain 20+ packages and am a Sponsor in the packaging group. >> - Work closely with the OLPC and Sugar folks at getting and maintaining >> the packages in Fedora >> - Responsible for creating builds of F11 with Sugar specifically for the >> OLPC XO-1 (Hope to get an XO-1.5 soon) see >> http://wiki.laptop.org/go/F11_for_XO-1 for info on this. >> >> What I am looking to do now is create a very simplified bugzilla >> interface that can be used by OLPC users, mostly children, to report >> issues with Sugar >> Activities in Fedora. Will develop in PHP and would like to develop and >> test it on one of the publictest servers. >> >> Also would like to help maintain the cvs servers and projects contained >> there. >> >> Any questions just ask. >> > Is this intended to be deployed onto Fedora Infrastructure boxes > eventually or just be developed/demoed on the publictest infrastructure? > We haven't had development of known-non-Fedora stuff done previously > but this might be a valid first case. If it's intended to run on Fedora > Infrastructure, we very much prefer developing them in python. In fact, > I don't think we have any non-python developed stuff. > > -Toshio It is intended to run on Fedora infrastructure. It is going to be an alternate front end to our current bugzilla instance. It could be built upon to create different front ends for other user groups as well. Developing it in Python will not be a problem. I am just in the beginning design stage atm. Steven ===================================================== Steven M. Parrish ------------------------------------------------------------------------------------------------- gpg fingerprint: 4B6C 8357 059E B7ED 8095 0FD6 1F4B EDA0 A9A6 13C0 http://tuxbrewr.fedorapeople.org/ irc.freenode.net: SMParrish @ #fedora-kde, #fedora-devel, #fedora-olpc, #sugar From sundaram at fedoraproject.org Tue Aug 18 12:53:15 2009 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Tue, 18 Aug 2009 18:23:15 +0530 Subject: Wan't to join and why In-Reply-To: References: <200908171848.07754.smparrish@gmail.com> <4A8A16B7.5000905@gmail.com> Message-ID: <4A8AA43B.1080800@fedoraproject.org> On 08/18/2009 05:51 PM, Steven M. Parrish wrote: >>> What I am looking to do now is create a very simplified bugzilla >>> interface that can be used by OLPC users, mostly children, to report >>> issues with Sugar >>> Activities in Fedora. Will develop in PHP and would like to develop and >>> test it on one of the publictest servers. >>> >>> Also would like to help maintain the cvs servers and projects contained >>> there. >>> >>> Any questions just ask. >>> >> Is this intended to be deployed onto Fedora Infrastructure boxes >> eventually or just be developed/demoed on the publictest infrastructure? >> We haven't had development of known-non-Fedora stuff done previously >> but this might be a valid first case. If it's intended to run on Fedora >> Infrastructure, we very much prefer developing them in python. In fact, >> I don't think we have any non-python developed stuff. >> >> -Toshio > > It is intended to run on Fedora infrastructure. It is going to be an > alternate front end to our current bugzilla instance. It could be built > upon to create different front ends for other user groups as well. > > Developing it in Python will not be a problem. I am just in the beginning > design stage atm. Very interesting. A related project https://fedoraproject.org/wiki/Bugzilla_Desktop_Client Rahul From smparrish at gmail.com Tue Aug 18 13:15:48 2009 From: smparrish at gmail.com (Steven M. Parrish) Date: Tue, 18 Aug 2009 09:15:48 -0400 Subject: Wan't to join and why References: <200908171848.07754.smparrish@gmail.com> <4A8A16B7.5000905@gmail.com> <4A8AA43B.1080800@fedoraproject.org> Message-ID: Rahul Sundaram wrote: > On 08/18/2009 05:51 PM, Steven M. Parrish wrote: > >>>> What I am looking to do now is create a very simplified bugzilla >>>> interface that can be used by OLPC users, mostly children, to report >>>> issues with Sugar >>>> Activities in Fedora. Will develop in PHP and would like to develop >>>> and test it on one of the publictest servers. >>>> >>>> Also would like to help maintain the cvs servers and projects contained >>>> there. >>>> >>>> Any questions just ask. >>>> >>> Is this intended to be deployed onto Fedora Infrastructure boxes >>> eventually or just be developed/demoed on the publictest infrastructure? >>> We haven't had development of known-non-Fedora stuff done previously >>> but this might be a valid first case. If it's intended to run on Fedora >>> Infrastructure, we very much prefer developing them in python. In fact, >>> I don't think we have any non-python developed stuff. >>> >>> -Toshio >> >> It is intended to run on Fedora infrastructure. It is going to be an >> alternate front end to our current bugzilla instance. It could be built >> upon to create different front ends for other user groups as well. >> >> Developing it in Python will not be a problem. I am just in the >> beginning design stage atm. > > Very interesting. A related project > > https://fedoraproject.org/wiki/Bugzilla_Desktop_Client > > Rahul Sounds like we both have similar goals here. I think having both a OS based app and a simple web interface for our bugreporting is a great idea. Anything that makes it easier for normal users to report issues and give feedback will only lead to making Fedora a more user friendly distro. Steven -- ===================================================== Steven M. Parrish ------------------------------------------------------------------------------------------------- gpg fingerprint: 4B6C 8357 059E B7ED 8095 0FD6 1F4B EDA0 A9A6 13C0 http://tuxbrewr.fedorapeople.org/ irc.freenode.net: SMParrish @ #fedora-kde, #fedora-devel, #fedora-olpc, #sugar From stickster at gmail.com Tue Aug 18 14:17:31 2009 From: stickster at gmail.com (Paul W. Frields) Date: Tue, 18 Aug 2009 10:17:31 -0400 Subject: Wan't to join and why In-Reply-To: References: <200908171848.07754.smparrish@gmail.com> <4A8A16B7.5000905@gmail.com> <4A8AA43B.1080800@fedoraproject.org> Message-ID: <20090818141731.GH3817@localhost.localdomain> On Tue, Aug 18, 2009 at 09:15:48AM -0400, Steven M. Parrish wrote: > Rahul Sundaram wrote: > > > On 08/18/2009 05:51 PM, Steven M. Parrish wrote: > > > >>>> What I am looking to do now is create a very simplified bugzilla > >>>> interface that can be used by OLPC users, mostly children, to report > >>>> issues with Sugar > >>>> Activities in Fedora. Will develop in PHP and would like to develop > >>>> and test it on one of the publictest servers. > >>>> > >>>> Also would like to help maintain the cvs servers and projects contained > >>>> there. > >>>> > >>>> Any questions just ask. > >>>> > >>> Is this intended to be deployed onto Fedora Infrastructure boxes > >>> eventually or just be developed/demoed on the publictest infrastructure? > >>> We haven't had development of known-non-Fedora stuff done previously > >>> but this might be a valid first case. If it's intended to run on Fedora > >>> Infrastructure, we very much prefer developing them in python. In fact, > >>> I don't think we have any non-python developed stuff. > >>> > >>> -Toshio > >> > >> It is intended to run on Fedora infrastructure. It is going to be an > >> alternate front end to our current bugzilla instance. It could be built > >> upon to create different front ends for other user groups as well. > >> > >> Developing it in Python will not be a problem. I am just in the > >> beginning design stage atm. > > > > Very interesting. A related project > > > > https://fedoraproject.org/wiki/Bugzilla_Desktop_Client > > > > Rahul > > Sounds like we both have similar goals here. I think having both a OS based > app and a simple web interface for our bugreporting is a great idea. > > Anything that makes it easier for normal users to report issues and give > feedback will only lead to making Fedora a more user friendly distro. I know that there were folks in the Desktop SIG who were interested in a more friendly bug filing Web interface, as well as other possibilities for lowering the fright factor of Bugzilla. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug From smparrish at gmail.com Tue Aug 18 14:26:54 2009 From: smparrish at gmail.com (Steven M. Parrish) Date: Tue, 18 Aug 2009 10:26:54 -0400 Subject: Wan't to join and why References: <200908171848.07754.smparrish@gmail.com> <4A8A16B7.5000905@gmail.com> <4A8AA43B.1080800@fedoraproject.org> <20090818141731.GH3817@localhost.localdomain> Message-ID: Paul W. Frields wrote: > On Tue, Aug 18, 2009 at 09:15:48AM -0400, Steven M. Parrish wrote: >> Rahul Sundaram wrote: >> >> > On 08/18/2009 05:51 PM, Steven M. Parrish wrote: >> > >> >>>> What I am looking to do now is create a very simplified bugzilla >> >>>> interface that can be used by OLPC users, mostly children, to report >> >>>> issues with Sugar >> >>>> Activities in Fedora. Will develop in PHP and would like to develop >> >>>> and test it on one of the publictest servers. >> >>>> >> >>>> Also would like to help maintain the cvs servers and projects >> >>>> contained there. >> >>>> >> >>>> Any questions just ask. >> >>>> >> >>> Is this intended to be deployed onto Fedora Infrastructure boxes >> >>> eventually or just be developed/demoed on the publictest >> >>> infrastructure? >> >>> We haven't had development of known-non-Fedora stuff done previously >> >>> but this might be a valid first case. If it's intended to run on >> >>> Fedora >> >>> Infrastructure, we very much prefer developing them in python. In >> >>> fact, I don't think we have any non-python developed stuff. >> >>> >> >>> -Toshio >> >> >> >> It is intended to run on Fedora infrastructure. It is going to be an >> >> alternate front end to our current bugzilla instance. It could be >> >> built upon to create different front ends for other user groups as >> >> well. >> >> >> >> Developing it in Python will not be a problem. I am just in the >> >> beginning design stage atm. >> > >> > Very interesting. A related project >> > >> > https://fedoraproject.org/wiki/Bugzilla_Desktop_Client >> > >> > Rahul >> >> Sounds like we both have similar goals here. I think having both a OS >> based app and a simple web interface for our bugreporting is a great >> idea. >> >> Anything that makes it easier for normal users to report issues and give >> feedback will only lead to making Fedora a more user friendly distro. > > I know that there were folks in the Desktop SIG who were interested > in a more friendly bug filing Web interface, as well as other > possibilities for lowering the fright factor of Bugzilla. > Yes its something that was discussed at FudCon in January, but now that Sugar/OLPC is basing itself on Fedora I feel its important to get something going. -- ===================================================== Steven M. Parrish ------------------------------------------------------------------------------------------------- gpg fingerprint: 4B6C 8357 059E B7ED 8095 0FD6 1F4B EDA0 A9A6 13C0 http://tuxbrewr.fedorapeople.org/ irc.freenode.net: SMParrish @ #fedora-kde, #fedora-devel, #fedora-olpc, #sugar From mel at redhat.com Tue Aug 18 15:30:54 2009 From: mel at redhat.com (Mel Chua) Date: Tue, 18 Aug 2009 11:30:54 -0400 Subject: Last call for talking points - what makes you excited about F12? In-Reply-To: References: Message-ID: <4A8AC92E.2060606@redhat.com> If you've got a moment for some last-minute help... We (Marketing) will be freezing the F12 talking points list today, and are still somewhat light in the "what makes Fedora awesome for admins and developers?" categories. Right now we have "libguestfs and kvm improvements" for admins and "maybe moblin" for developers, but there must be more - and more reasons why they're awesome (why *is* libguestfs something that makes admins happy?). We figured you would know. The features list is at https://fedoraproject.org/wiki/Releases/12/FeatureList. If you've got a moment, please take a look at that, then edit https://fedoraproject.org/wiki/F12_talking_points with the things that are making you (as admins and devels) happy about F12 coming out. Help us promote the heck out of your work. ;) Thanks! --Mel PS: I know this is last-minute notice - sorry about that. We're still learning how to do things on a schedule, and next time around we'll put the call out here much earlier. From smparrish at gmail.com Tue Aug 18 18:19:49 2009 From: smparrish at gmail.com (Steven M. Parrish) Date: Tue, 18 Aug 2009 14:19:49 -0400 Subject: Seeking comments on my proposal Message-ID: Got the outline of my proposal here https://fedoraproject.org/wiki/SugarZilla I welcome any comments Steven -- ===================================================== Steven M. Parrish ------------------------------------------------------------------------------------------------- gpg fingerprint: 4B6C 8357 059E B7ED 8095 0FD6 1F4B EDA0 A9A6 13C0 http://tuxbrewr.fedorapeople.org/ irc.freenode.net: SMParrish @ #fedora-kde, #fedora-devel, #fedora-olpc, #sugar From mel at redhat.com Tue Aug 18 18:34:35 2009 From: mel at redhat.com (Mel Chua) Date: Tue, 18 Aug 2009 14:34:35 -0400 Subject: Seeking comments on my proposal In-Reply-To: References: Message-ID: <4A8AF43B.4070405@redhat.com> > Got the outline of my proposal here > https://fedoraproject.org/wiki/SugarZilla Nifty. My only comment: How can we make sure that the workflow/interface for SugarZilla is what its intended userbase needs? (It's easy for us to sit here and say "yes, that will be better for 8-year-olds," but how do we know that?) Might be a good thing to get a Design team consultation on. --Mel From smparrish at gmail.com Tue Aug 18 18:42:26 2009 From: smparrish at gmail.com (Steven M. Parrish) Date: Tue, 18 Aug 2009 14:42:26 -0400 Subject: Seeking comments on my proposal References: <4A8AF43B.4070405@redhat.com> Message-ID: Mel Chua wrote: >> Got the outline of my proposal here >> https://fedoraproject.org/wiki/SugarZilla > > Nifty. My only comment: How can we make sure that the workflow/interface > for SugarZilla is what its intended userbase needs? (It's easy for us to > sit here and say "yes, that will be better for 8-year-olds," but how do > we know that?) > > Might be a good thing to get a Design team consultation on. > > --Mel I had planned to get some design folks involved, in fact I will need help in that area. I am shooting for the simplest interface possible that is able to gather the needed info. Steven -- ===================================================== Steven M. Parrish ------------------------------------------------------------------------------------------------- gpg fingerprint: 4B6C 8357 059E B7ED 8095 0FD6 1F4B EDA0 A9A6 13C0 http://tuxbrewr.fedorapeople.org/ irc.freenode.net: SMParrish @ #fedora-kde, #fedora-devel, #fedora-olpc, #sugar From jkeating at redhat.com Tue Aug 18 23:28:04 2009 From: jkeating at redhat.com (Jesse Keating) Date: Tue, 18 Aug 2009 23:28:04 +0000 Subject: Freeze break request for sigul fine tuning Message-ID: <1250638085-8581-1-git-send-email-jkeating@redhat.com> Sigul changes are very low risk, as we're mostly done with the signing and puppet is currently disabled on these hosts. However vault may be rebuilt tomorrow and if so I want the puppet modules to be correct for the rebuild. -- Jes From jkeating at redhat.com Tue Aug 18 23:28:05 2009 From: jkeating at redhat.com (Jesse Keating) Date: Tue, 18 Aug 2009 23:28:05 +0000 Subject: [PATCH] Fix up the puppet modules for bridge and vault In-Reply-To: <1250638085-8581-1-git-send-email-jkeating@redhat.com> References: <1250638085-8581-1-git-send-email-jkeating@redhat.com> Message-ID: <1250638085-8581-2-git-send-email-jkeating@redhat.com> New certs for bridge and server Make sure puppet remains off after the initial run --- .../nodes/sign-bridge1.fedora.phx.redhat.com.pp | 11 ++++++----- .../nodes/sign-vault1.fedora.phx.redhat.com.pp | 12 ++++++------ modules/sigul/files/server.conf | 2 +- modules/sigul/templates/bridge.conf.erb | 2 +- 4 files changed, 14 insertions(+), 13 deletions(-) diff --git a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp index 5251155..d710016 100644 --- a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp +++ b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp @@ -1,4 +1,5 @@ node "sign-bridge1.fedora.phx.redhat.com" { + $autodisablePuppet = 1 $fas_groups = [ 'sysadmin-main', 'sysadmin-releng' ] include phx include fas::client @@ -13,11 +14,11 @@ node "sign-bridge1.fedora.phx.redhat.com" { # cwd => '/', # command => '/etc/init.d/sshd stop; /sbin/chkconfig sshd off', # } -# exec { "disable-puppet": -# cwd => '/', -# onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1', -# command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off', -# } + exec { "disable-puppet": + cwd => '/', + onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1', + command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off', + } # Firewall Rules, allow sigul server through. $tcpPorts = [ '44333:443334' ] diff --git a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp index 20c1615..1b5641d 100644 --- a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp +++ b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp @@ -1,5 +1,5 @@ node "sign-vault1" { -# $autodisablePuppet = 1 + $autodisablePuppet = 1 $fas_groups = [ 'sysadmin-main', 'sysadmin-releng' ] include phx include fas::client @@ -14,11 +14,11 @@ node "sign-vault1" { # cwd => '/', # command => '/etc/init.d/sshd stop; /sbin/chkconfig sshd off', # } -# exec { "disable-puppet": -# cwd => '/', -# onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1', -# command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off', -# } + exec { "disable-puppet": + cwd => '/', + onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1', + command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off', + } # Need iptables blocking everything here diff --git a/modules/sigul/files/server.conf b/modules/sigul/files/server.conf index 9145343..6b57753 100644 --- a/modules/sigul/files/server.conf +++ b/modules/sigul/files/server.conf @@ -10,7 +10,7 @@ max-file-payload-size: 1073741824 # Maximum accepted size of payload stored in server's memory max-memory-payload-size: 1048576 # Nickname of the server's certificate in the NSS database specified below -server-cert-nickname: sigul-server - Fedora Project +server-cert-nickname: sign-vault1 - Fedora Project [database] # Path to a directory containing a SQLite database diff --git a/modules/sigul/templates/bridge.conf.erb b/modules/sigul/templates/bridge.conf.erb index dde6bf7..f834e52 100644 --- a/modules/sigul/templates/bridge.conf.erb +++ b/modules/sigul/templates/bridge.conf.erb @@ -2,7 +2,7 @@ [bridge] # Nickname of the bridge's certificate in the NSS database specified below -bridge-cert-nickname: sigul - Fedora Project +bridge-cert-nickname: sign-bridge1 - Fedora Project # Port on which the bridge expects client connections client-listen-port: 44334 # Port on which the bridge expects server connections -- 1.5.5.6 From ricky at fedoraproject.org Wed Aug 19 00:19:23 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 18 Aug 2009 20:19:23 -0400 Subject: Freeze break request for sigul fine tuning In-Reply-To: <1250638085-8581-1-git-send-email-jkeating@redhat.com> References: <1250638085-8581-1-git-send-email-jkeating@redhat.com> Message-ID: <20090819001923.GH20757@alpha.rzhou.org> On 2009-08-18 11:28:04 PM, Jesse Keating wrote: > Sigul changes are very low risk, as we're mostly done with the signing > and puppet is currently disabled on these hosts. However vault may be > rebuilt tomorrow and if so I want the puppet modules to be correct for > the rebuild. +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Wed Aug 19 00:35:27 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 18 Aug 2009 19:35:27 -0500 (CDT) Subject: Freeze break request for sigul fine tuning In-Reply-To: <20090819001923.GH20757@alpha.rzhou.org> References: <1250638085-8581-1-git-send-email-jkeating@redhat.com> <20090819001923.GH20757@alpha.rzhou.org> Message-ID: On Tue, 18 Aug 2009, Ricky Zhou wrote: > On 2009-08-18 11:28:04 PM, Jesse Keating wrote: > > Sigul changes are very low risk, as we're mostly done with the signing > > and puppet is currently disabled on these hosts. However vault may be > > rebuilt tomorrow and if so I want the puppet modules to be correct for > > the rebuild. > +1 > +1 here as well though techncally they're not frozen yet only because we've not yet added them to the "is frozen" doc :) -Mike From awilliam at redhat.com Wed Aug 19 17:46:08 2009 From: awilliam at redhat.com (Adam Williamson) Date: Wed, 19 Aug 2009 10:46:08 -0700 Subject: Ok. Looks like this one _may_ fulfill our calendering needs. Testing required. In-Reply-To: References: <1248853658.8571.192.camel@can11.canstudiosltd.thecan> <1248860968.8571.240.camel@can11.canstudiosltd.thecan> Message-ID: <1250703968.15257.3.camel@adam.local.net> On Thu, 2009-07-30 at 09:22 +0530, susmit shannigrahi wrote: > On Wed, Jul 29, 2009 at 3:19 PM, David JM Emmett wrote: > > Okays, > > > > As I'm relatively new to this list, I don't really have access to much - > > so I'll just fire away... > > > > 1) When is F12 deadline - how does this coincide with it? > > Nothing really. But it is a loose deadline marked by an event. > > > 2) Where are the requirements? > > 3) You said "I have started to put down the test cases." - I say, "where > > are they" ;) > > Not actually test cases, but these are the things we need to examine > https://fedoraproject.org/wiki/User:Herlo/Fedora_Calendar_Project_Desired_Features_(Draft)#Must_have This seems to have changed since the last time I was around this discussion - it doesn't mention CalDAV at all, and specifies 'handheld clients'. My use case (and that of others interested) has nothing to do with handheld devices, I just want the calendar to sync with Evolution on my desktop because that's how I like to deal with my calendar, not through a web front end. Anyhow, WebCalendars sync capabilities appear to have a rather significant limitation: http://www.k5n.us/wiki/index.php?title=Remote_Publishing_with_Apple_iCal "Please see notes at the bottom of this page for limitations with this approach. If you choose to use Apple iCal to add/edit events in WebCalendar, then you should always use Apple iCal and never WebCalendar directory to create, edit or delete events." And it only talks about iCal, doesn't even mention other potential client applications, which suggests they don't support those at all... there's also little wrinkly bits like 'You may find that deleting an event in Apple iCal will NOT delete the event on WebCalendar. Why does this happen? Partly because we're just using iCal (rather than a calendar sharing protocol like CalDAV). If this happens, you can go to WebCalendar and delete the event there (after deleting it in Apple iCal).' They do write about possibly supporting CalDAV in future. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net From awilliam at redhat.com Wed Aug 19 18:36:25 2009 From: awilliam at redhat.com (Adam Williamson) Date: Wed, 19 Aug 2009 11:36:25 -0700 Subject: Ok. Looks like this one _may_ fulfill our calendering needs. Testing required. In-Reply-To: References: Message-ID: <1250706985.2318.4.camel@adam.local.net> On Wed, 2009-07-29 at 12:30 +0530, susmit shannigrahi wrote: > Hi, > > I am quite "frightened" to take up this topic again and again lest you > all be bored. Looking at some other stuff around this topic, I just hit some more info. Looks like Debian looked at this before, and came up with some useful tables and info: http://wiki.debian.org/Groupware Jesse Keating just seconded John Poelstra's suggestion of OBM: http://obm.org/doku.php which seems to be longstanding and pretty comprehensive. It does appear to have CalDAV capability and a decent web front end. If anything it's like Zimbra in that its capabilities go beyond our needs, but that could even be useful in the long run, and by all accounts it doesn't go as far out of its way to make things difficult as Zimbra does... -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net From thinklinux.ssh at gmail.com Wed Aug 19 18:56:09 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Thu, 20 Aug 2009 00:26:09 +0530 Subject: Ok. Looks like this one _may_ fulfill our calendering needs. Testing required. In-Reply-To: <1250706985.2318.4.camel@adam.local.net> References: <1250706985.2318.4.camel@adam.local.net> Message-ID: > http://wiki.debian.org/Groupware A few new options here. Will look into it. > http://obm.org/doku.php SUN JDK, so may not be doable http://obm.org/doku.php?id=install_obm_sync_server_from_sources Thanks. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= Sent from Calcutta, WB, India From tcallawa at redhat.com Wed Aug 19 19:44:09 2009 From: tcallawa at redhat.com (Tom "spot" Callaway) Date: Wed, 19 Aug 2009 15:44:09 -0400 Subject: Moksha/Fedora Community Planning Meetings Message-ID: <4A8C5609.6090102@redhat.com> The Fedora Community (and Moksha) efforts have a regular public meeting at 1400 UTC every Monday. We invite interested parties to participate in our meeting. You can join our meeting via Fedora Talk, extension 2001. For more information about Fedora Talk, see: http://talk.fedoraproject.org/ Our next meeting will be on Monday, August 24, 2009. Thanks, ~spot From ricky at fedoraproject.org Wed Aug 19 20:41:26 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Wed, 19 Aug 2009 16:41:26 -0400 Subject: [Change Request] Don't replace sigul db files. Message-ID: <20090819204126.GA25626@alpha.rzhou.org> --- modules/sigul/manifests/init.pp | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/modules/sigul/manifests/init.pp b/modules/sigul/manifests/init.pp index d2b6dc9..20a88bd 100644 --- a/modules/sigul/manifests/init.pp +++ b/modules/sigul/manifests/init.pp @@ -41,6 +41,7 @@ class sigul::bridge inherits sigul { group => "sigul", mode => 0600, source => "puppet:///config/secure/sigul_bridge_cert8.db", + replace => false, require => Package["sigul"], } @@ -49,6 +50,7 @@ class sigul::bridge inherits sigul { group => "sigul", mode => 0600, source => "puppet:///config/secure/sigul_bridge_key3.db", + replace => false, require => Package["sigul"], } @@ -57,6 +59,7 @@ class sigul::bridge inherits sigul { group => "sigul", mode => 0600, source => "puppet:///config/secure/sigul_bridge_secmod.db", + replace => false, require => Package["sigul"], } -- 1.5.5.6 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Wed Aug 19 21:02:45 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 19 Aug 2009 16:02:45 -0500 (CDT) Subject: [Change Request] Don't replace sigul db files. In-Reply-To: <20090819204126.GA25626@alpha.rzhou.org> References: <20090819204126.GA25626@alpha.rzhou.org> Message-ID: On Wed, 19 Aug 2009, Ricky Zhou wrote: > --- > modules/sigul/manifests/init.pp | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/modules/sigul/manifests/init.pp b/modules/sigul/manifests/init.pp > index d2b6dc9..20a88bd 100644 > --- a/modules/sigul/manifests/init.pp > +++ b/modules/sigul/manifests/init.pp > @@ -41,6 +41,7 @@ class sigul::bridge inherits sigul { > group => "sigul", > mode => 0600, > source => "puppet:///config/secure/sigul_bridge_cert8.db", > + replace => false, > require => Package["sigul"], > } > > @@ -49,6 +50,7 @@ class sigul::bridge inherits sigul { > group => "sigul", > mode => 0600, > source => "puppet:///config/secure/sigul_bridge_key3.db", > + replace => false, > require => Package["sigul"], > } > > @@ -57,6 +59,7 @@ class sigul::bridge inherits sigul { > group => "sigul", > mode => 0600, > source => "puppet:///config/secure/sigul_bridge_secmod.db", > + replace => false, > require => Package["sigul"], > } > +1 -Mike From mmcgrath at redhat.com Wed Aug 19 21:10:55 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 19 Aug 2009 16:10:55 -0500 Subject: [PATCH] Adding mod_limitipconn Message-ID: <1250716255-27877-1-git-send-email-mmcgrath@redhat.com> This will allow us for greater control against abusive clients. Starting on secondary1 for now which seems to be the biggest problem. --- manifests/servergroups/secondary.pp | 1 + modules/mod_limitipconn/README | 10 ++++++++++ modules/mod_limitipconn/files/limitipconn.conf | 18 ++++++++++++++++++ modules/mod_limitipconn/manifests/init.pp | 12 ++++++++++++ 4 files changed, 41 insertions(+), 0 deletions(-) create mode 100644 modules/mod_limitipconn/README create mode 100644 modules/mod_limitipconn/files/limitipconn.conf create mode 100644 modules/mod_limitipconn/manifests/init.pp diff --git a/manifests/servergroups/secondary.pp b/manifests/servergroups/secondary.pp index b53cff9..d5d96e5 100644 --- a/manifests/servergroups/secondary.pp +++ b/manifests/servergroups/secondary.pp @@ -3,6 +3,7 @@ class secondaryMirror { include mirrorsize-secondary include httpd::proxy + include mod_limitipconn::mod_limitipconn httpd::certificate { "wildcard.fedoraproject.org": } diff --git a/modules/mod_limitipconn/README b/modules/mod_limitipconn/README new file mode 100644 index 0000000..70a5550 --- /dev/null +++ b/modules/mod_limitipconn/README @@ -0,0 +1,10 @@ +===================== +mod_limitipconn +===================== + +----------- +Usage +----------- + +Apache module which allows web server administrators to limit the number of +simultaneous downloads permitted from a single IP address. diff --git a/modules/mod_limitipconn/files/limitipconn.conf b/modules/mod_limitipconn/files/limitipconn.conf new file mode 100644 index 0000000..fb33733 --- /dev/null +++ b/modules/mod_limitipconn/files/limitipconn.conf @@ -0,0 +1,18 @@ +# This module will not function unless mod_status is loaded and the +# "ExtendedStatus On" directive is set. So load only if mod_status is too. + + + # This is always needed + ExtendedStatus On + + # mod_limitipconn configuration + LoadModule limitipconn_module modules/mod_limitipconn.so + + # A global default configuration doesn't make much sense. See the README + # from the mod_limitipconn package for configuration examples. + + MaxConnPerIP 3 + OnlyIPLimit application/octet-stream + + + diff --git a/modules/mod_limitipconn/manifests/init.pp b/modules/mod_limitipconn/manifests/init.pp new file mode 100644 index 0000000..b643d9a --- /dev/null +++ b/modules/mod_limitipconn/manifests/init.pp @@ -0,0 +1,12 @@ + +class mod_limitipconn::mod_limitipconn { + package { mod_limitipconn: + ensure => present + } + + file { '/etc/httpd/conf.d/limitipconn.conf': + source => 'puppet:///mod_limitipconn/limitipconn.conf', + require => Package['httpd'], + notify => Service['httpd'] + } +} -- 1.6.2.5 From jkeating at redhat.com Wed Aug 19 21:18:09 2009 From: jkeating at redhat.com (Jesse Keating) Date: Wed, 19 Aug 2009 14:18:09 -0700 Subject: [Change Request] Don't replace sigul db files. In-Reply-To: <20090819204126.GA25626@alpha.rzhou.org> References: <20090819204126.GA25626@alpha.rzhou.org> Message-ID: <1250716689.3107.61.camel@localhost.localdomain> On Wed, 2009-08-19 at 16:41 -0400, Ricky Zhou wrote: > > --- > modules/sigul/manifests/init.pp | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) These look good to me, thanks! -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From lxtnow at gmail.com Wed Aug 19 21:36:50 2009 From: lxtnow at gmail.com (SmootherFrOgZ) Date: Wed, 19 Aug 2009 23:36:50 +0200 Subject: [PATCH] Adding mod_limitipconn In-Reply-To: <1250716255-27877-1-git-send-email-mmcgrath@redhat.com> References: <1250716255-27877-1-git-send-email-mmcgrath@redhat.com> Message-ID: <62bc09df0908191436hc41869he2eef907b05adad2@mail.gmail.com> On Wed, Aug 19, 2009 at 11:10 PM, Mike McGrath wrote: > This will allow us for greater control against abusive clients. > Starting on secondary1 for now which seems to be the biggest problem. > --- > ?manifests/servergroups/secondary.pp ? ? ? ? ? ?| ? ?1 + > ?modules/mod_limitipconn/README ? ? ? ? ? ? ? ? | ? 10 ++++++++++ > ?modules/mod_limitipconn/files/limitipconn.conf | ? 18 ++++++++++++++++++ > ?modules/mod_limitipconn/manifests/init.pp ? ? ?| ? 12 ++++++++++++ > ?4 files changed, 41 insertions(+), 0 deletions(-) > ?create mode 100644 modules/mod_limitipconn/README > ?create mode 100644 modules/mod_limitipconn/files/limitipconn.conf > ?create mode 100644 modules/mod_limitipconn/manifests/init.pp > > diff --git a/manifests/servergroups/secondary.pp b/manifests/servergroups/secondary.pp > index b53cff9..d5d96e5 100644 > --- a/manifests/servergroups/secondary.pp > +++ b/manifests/servergroups/secondary.pp > @@ -3,6 +3,7 @@ class secondaryMirror { > ? ? include mirrorsize-secondary > > ? ? include httpd::proxy > + ? ?include mod_limitipconn::mod_limitipconn > > ? ? httpd::certificate { "wildcard.fedoraproject.org": } > > diff --git a/modules/mod_limitipconn/README b/modules/mod_limitipconn/README > new file mode 100644 > index 0000000..70a5550 > --- /dev/null > +++ b/modules/mod_limitipconn/README > @@ -0,0 +1,10 @@ > +===================== > +mod_limitipconn > +===================== > + > +----------- > +Usage > +----------- > + > +Apache module which allows web server administrators to limit the number of > +simultaneous downloads permitted from a single IP address. > diff --git a/modules/mod_limitipconn/files/limitipconn.conf b/modules/mod_limitipconn/files/limitipconn.conf > new file mode 100644 > index 0000000..fb33733 > --- /dev/null > +++ b/modules/mod_limitipconn/files/limitipconn.conf > @@ -0,0 +1,18 @@ > +# This module will not function unless mod_status is loaded and the > +# "ExtendedStatus On" directive is set. So load only if mod_status is too. > + > + > + ? ?# This is always needed > + ? ?ExtendedStatus On > + > + ? ?# mod_limitipconn configuration > + ? ?LoadModule limitipconn_module modules/mod_limitipconn.so > + > + ? ?# A global default configuration doesn't make much sense. See the README > + ? ?# from the mod_limitipconn package for configuration examples. > + > + ? ?MaxConnPerIP 3 > + ? ?OnlyIPLimit application/octet-stream > + > + > + > diff --git a/modules/mod_limitipconn/manifests/init.pp b/modules/mod_limitipconn/manifests/init.pp > new file mode 100644 > index 0000000..b643d9a > --- /dev/null > +++ b/modules/mod_limitipconn/manifests/init.pp > @@ -0,0 +1,12 @@ > + > +class mod_limitipconn::mod_limitipconn { > + ? ?package { mod_limitipconn: > + ? ? ? ?ensure => present > + ? ?} > + > + ? ?file { '/etc/httpd/conf.d/limitipconn.conf': > + ? ? ? ?source => 'puppet:///mod_limitipconn/limitipconn.conf', > + ? ? ? ?require => Package['httpd'], > + ? ? ? ?notify => Service['httpd'] > + ? ?} > +} > -- > 1.6.2.5 > Note that you should also think about people behind proxies. 3 could be really short. -- Xavier.t Lamien -- http://fedoraproject.org/wiki/XavierLamien GPG-Key ID: F3903DEB Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB From a.badger at gmail.com Wed Aug 19 21:23:00 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 19 Aug 2009 14:23:00 -0700 Subject: Seeking comments on my proposal In-Reply-To: References: Message-ID: <4A8C6D34.9090608@gmail.com> On 08/18/2009 11:19 AM, Steven M. Parrish wrote: > > Got the outline of my proposal here > https://fedoraproject.org/wiki/SugarZilla > > I welcome any comments > I dislike the idea of anonymous opening of bugs and anonymous commenting in bugzilla. It's not clear from the proposal if that's a proposed feature or not. Can you clarify if it is and if so, how you'll minimize the problem of: 1) SPAM 2) Bug reports with insufficient information to fix the problem with no point of contact to get additional information. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Wed Aug 19 21:46:22 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 19 Aug 2009 16:46:22 -0500 (CDT) Subject: [PATCH] Adding mod_limitipconn In-Reply-To: <62bc09df0908191436hc41869he2eef907b05adad2@mail.gmail.com> References: <1250716255-27877-1-git-send-email-mmcgrath@redhat.com> <62bc09df0908191436hc41869he2eef907b05adad2@mail.gmail.com> Message-ID: On Wed, 19 Aug 2009, SmootherFrOgZ wrote: > On Wed, Aug 19, 2009 at 11:10 PM, Mike McGrath wrote: > > This will allow us for greater control against abusive clients. > > Starting on secondary1 for now which seems to be the biggest problem. > > --- > > ?manifests/servergroups/secondary.pp ? ? ? ? ? ?| ? ?1 + > > ?modules/mod_limitipconn/README ? ? ? ? ? ? ? ? | ? 10 ++++++++++ > > ?modules/mod_limitipconn/files/limitipconn.conf | ? 18 ++++++++++++++++++ > > ?modules/mod_limitipconn/manifests/init.pp ? ? ?| ? 12 ++++++++++++ > > ?4 files changed, 41 insertions(+), 0 deletions(-) > > ?create mode 100644 modules/mod_limitipconn/README > > ?create mode 100644 modules/mod_limitipconn/files/limitipconn.conf > > ?create mode 100644 modules/mod_limitipconn/manifests/init.pp > > > > diff --git a/manifests/servergroups/secondary.pp b/manifests/servergroups/secondary.pp > > index b53cff9..d5d96e5 100644 > > --- a/manifests/servergroups/secondary.pp > > +++ b/manifests/servergroups/secondary.pp > > @@ -3,6 +3,7 @@ class secondaryMirror { > > ? ? include mirrorsize-secondary > > > > ? ? include httpd::proxy > > + ? ?include mod_limitipconn::mod_limitipconn > > > > ? ? httpd::certificate { "wildcard.fedoraproject.org": } > > > > diff --git a/modules/mod_limitipconn/README b/modules/mod_limitipconn/README > > new file mode 100644 > > index 0000000..70a5550 > > --- /dev/null > > +++ b/modules/mod_limitipconn/README > > @@ -0,0 +1,10 @@ > > +===================== > > +mod_limitipconn > > +===================== > > + > > +----------- > > +Usage > > +----------- > > + > > +Apache module which allows web server administrators to limit the number of > > +simultaneous downloads permitted from a single IP address. > > diff --git a/modules/mod_limitipconn/files/limitipconn.conf b/modules/mod_limitipconn/files/limitipconn.conf > > new file mode 100644 > > index 0000000..fb33733 > > --- /dev/null > > +++ b/modules/mod_limitipconn/files/limitipconn.conf > > @@ -0,0 +1,18 @@ > > +# This module will not function unless mod_status is loaded and the > > +# "ExtendedStatus On" directive is set. So load only if mod_status is too. > > + > > + > > + ? ?# This is always needed > > + ? ?ExtendedStatus On > > + > > + ? ?# mod_limitipconn configuration > > + ? ?LoadModule limitipconn_module modules/mod_limitipconn.so > > + > > + ? ?# A global default configuration doesn't make much sense. See the README > > + ? ?# from the mod_limitipconn package for configuration examples. > > + > > + ? ?MaxConnPerIP 3 > > + ? ?OnlyIPLimit application/octet-stream > > + > > + > > + > > diff --git a/modules/mod_limitipconn/manifests/init.pp b/modules/mod_limitipconn/manifests/init.pp > > new file mode 100644 > > index 0000000..b643d9a > > --- /dev/null > > +++ b/modules/mod_limitipconn/manifests/init.pp > > @@ -0,0 +1,12 @@ > > + > > +class mod_limitipconn::mod_limitipconn { > > + ? ?package { mod_limitipconn: > > + ? ? ? ?ensure => present > > + ? ?} > > + > > + ? ?file { '/etc/httpd/conf.d/limitipconn.conf': > > + ? ? ? ?source => 'puppet:///mod_limitipconn/limitipconn.conf', > > + ? ? ? ?require => Package['httpd'], > > + ? ? ? ?notify => Service['httpd'] > > + ? ?} > > +} > > -- > > 1.6.2.5 > > > > Note that you should also think about people behind proxies. 3 could > be really short. > I thought about that, I just pulled 3 out of the air to keep things cool while we're testing other network issues there, I have no idea what would be a recommended number there so I'm open to ideas. -Mike From mgmgthantxin at gmail.com Wed Aug 19 21:48:19 2009 From: mgmgthantxin at gmail.com (ko zin) Date: Thu, 20 Aug 2009 04:18:19 +0630 Subject: [PATCH] Adding mod_limitipconn In-Reply-To: References: <1250716255-27877-1-git-send-email-mmcgrath@redhat.com> <62bc09df0908191436hc41869he2eef907b05adad2@mail.gmail.com> Message-ID: > > manifests/servergroups/secondary.pp | 1 + > > modules/mod_limitipconn/README | 10 ++++++++++ > > modules/mod_limitipconn/files/limitipconn.conf | 18 ++++++++++++++++++ > > modules/mod_limitipconn/manifests/init.pp | 12 ++++++++++++ > > 4 files changed, 41 insertions(+), 0 deletions(-) > > create mode 100644 modules/mod_limitipconn/README > > create mode 100644 modules/mod_limitipconn/files/limitipconn.conf > > create mode 100644 modules/mod_limitipconn/manifests/init.pp > > > > diff --git a/manifests/servergroups/secondary.pp b/manifests/servergroups/secondary.pp > > index b53cff9..d5d96e5 100644 > > --- a/manifests/servergroups/secondary.pp > > +++ b/manifests/servergroups/secondary.pp > > @@ -3,6 +3,7 @@ class secondaryMirror { > > include mirrorsize-secondary > > > > include httpd::proxy > > + include mod_limitipconn::mod_limitipconn > > > > httpd::certificate { "wildcard.fedoraproject.org": } > > > > diff --git a/modules/mod_limitipconn/README b/modules/mod_limitipconn/README > > new file mode 100644 > > index 0000000..70a5550 > > --- /dev/null > > +++ b/modules/mod_limitipconn/README > > @@ -0,0 +1,10 @@ > > +===================== > > +mod_limitipconn > > +===================== > > + > > +----------- > > +Usage > > +----------- > > + > > +Apache module which allows web server administrators to limit the number of > > +simultaneous downloads permitted from a single IP address. > > diff --git a/modules/mod_limitipconn/files/limitipconn.conf b/modules/mod_limitipconn/files/limitipconn.conf > > new file mode 100644 > > index 0000000..fb33733 > > --- /dev/null > > +++ b/modules/mod_limitipconn/files/limitipconn.conf > > @@ -0,0 +1,18 @@ > > +# This module will not function unless mod_status is loaded and the > > +# "ExtendedStatus On" directive is set. So load only if mod_status is too. > > + > > + > > + # This is always needed > > + ExtendedStatus On > > + > > + # mod_limitipconn configuration > > + LoadModule limitipconn_module modules/mod_limitipconn.so > > + > > + # A global default configuration doesn't make much sense. See the README > > + # from the mod_limitipconn package for configuration examples. > > + > > + MaxConnPerIP 3 > > + OnlyIPLimit application/octet-stream > > + > > + > > + > > diff --git a/modules/mod_limitipconn/manifests/init.pp b/modules/mod_limitipconn/manifests/init.pp > > new file mode 100644 > > index 0000000..b643d9a > > --- /dev/null > > +++ b/modules/mod_limitipconn/manifests/init.pp > > @@ -0,0 +1,12 @@ > > + > > +class mod_limitipconn::mod_limitipconn { > > + package { mod_limitipconn: > > + ensure => present > > + } > > + > > + file { '/etc/httpd/conf.d/limitipconn.conf': > > + source => 'puppet:///mod_limitipconn/limitipconn.conf', > > + require => Package['httpd'], > > + notify => Service['httpd'] > > + } > > +} > > -- > > 1.6.2.5 > > > > Note that you should also think about people behind proxies. 3 could > be really short. > I thought about that, I just pulled 3 out of the air to keep things cool while we're testing other network issues there, I have no idea what would be a recommended number there so I'm open to ideas. -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list at redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list -------------- next part -------------- An HTML attachment was scrubbed... URL: From dennis at ausil.us Wed Aug 19 22:27:57 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Wed, 19 Aug 2009 17:27:57 -0500 Subject: [Change Request] Message-ID: <200908191728.05404.dennis@ausil.us> id like to make the following changes impact will be minimal /buildgroups is the only active service on buildsys.pfp.o where plague used to run. its only needed for mock building using epel targets so the increaded load will be insignificant. the change will be trasnparent to end users. the content is in place on /mnt/koji so its available to either hub. as well as kojipkgs i think it makes more sense to have buildsys be a cname to koji.fp.o rather than kojipkgs.fp.o diff --git a/configs/web/applications/kojiweb.conf.erb b/configs/web/applications/kojiweb.conf.erb index f6b35d4..cf4a868 100644 --- a/configs/web/applications/kojiweb.conf.erb +++ b/configs/web/applications/kojiweb.conf.erb @@ -88,4 +88,11 @@ Alias /static-repos "/mnt/koji/static-repos/" Options Indexes FollowSymLinks +Alias /buildgroups "/mnt/koji/buildgroups/" + + + Options Indexes FollowSymLinks + + + RewriteRule ^/packages(.+) http://kojipkgs.fedoraproject.org/packages$1 [R=301,L] diff --git a/modules/bind/files/master/fedoraproject.org b/modules/bind/files/master/fedoraproject.org index 4b30336..93bc55b 100644 --- a/modules/bind/files/master/fedoraproject.org +++ b/modules/bind/files/master/fedoraproject.org @@ -1,6 +1,6 @@ $TTL 3600 @ IN SOA ns1.fedoraproject.org. hostmaster.fedoraproject.org. ( - 2009081201 ; Serial + 2009081901 ; Serial 8H ; refresh 2H ; retry 4W ; expire @@ -74,7 +74,7 @@ bodhi IN CNAME admin bu1 IN A 128.197.185.45 bugz IN CNAME wildcard bugz.stg IN CNAME admin.stg.fedoraproject.org. -buildsys IN CNAME serverbeach1.fedoraproject.org. +buildsys IN CNAME koji.fedoraproject.org. bzr IN CNAME git certmaster IN CNAME puppet capp1 IN A 172.17.255.29 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From awilliam at redhat.com Wed Aug 19 22:40:52 2009 From: awilliam at redhat.com (Adam Williamson) Date: Wed, 19 Aug 2009 15:40:52 -0700 Subject: Ok. Looks like this one _may_ fulfill our calendering needs. Testing required. In-Reply-To: References: <1250706985.2318.4.camel@adam.local.net> Message-ID: <1250721652.2318.11.camel@adam.local.net> On Thu, 2009-08-20 at 00:26 +0530, susmit shannigrahi wrote: > > http://wiki.debian.org/Groupware > A few new options here. > Will look into it. > > > http://obm.org/doku.php > SUN JDK, so may not be doable > http://obm.org/doku.php?id=install_obm_sync_server_from_sources Debian's page says OBM is packaged in Debian, so it can't be too horrible...they have pretty strict guidelines, don't they? The page you link is only for the sync server, which doesn't appear to be mandatory. It provides Funambol, Outlook and Mozilla sync services. I would think that once OBM's CalDav support is complete you wouldn't really need the sync server... -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net From smooge at gmail.com Wed Aug 19 22:44:14 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Wed, 19 Aug 2009 16:44:14 -0600 Subject: [Change Request] In-Reply-To: <200908191728.05404.dennis@ausil.us> References: <200908191728.05404.dennis@ausil.us> Message-ID: <80d7e4090908191544y6d53f10fv708ace5f9ebc3769@mail.gmail.com> On Wed, Aug 19, 2009 at 4:27 PM, Dennis Gilmore wrote: > > id like to make the following changes ? impact will be minimal > /buildgroups is the only active service on buildsys.pfp.o where plague used to > run. ? its only needed for mock building using epel targets so the increaded > load will be insignificant. ? the change will be trasnparent to end users. > > > the content is in place on /mnt/koji so its available to either hub. as well > as kojipkgs ?i think it makes more sense to have buildsys be a cname to > koji.fp.o rather than kojipkgs.fp.o > > diff --git a/configs/web/applications/kojiweb.conf.erb > b/configs/web/applications/kojiweb.conf.erb > index f6b35d4..cf4a868 100644 > --- a/configs/web/applications/kojiweb.conf.erb > +++ b/configs/web/applications/kojiweb.conf.erb > @@ -88,4 +88,11 @@ Alias /static-repos "/mnt/koji/static-repos/" > ? ? Options Indexes FollowSymLinks > ? > > +Alias /buildgroups "/mnt/koji/buildgroups/" > + > + > + ? ?Options Indexes FollowSymLinks > + > + > + > ?RewriteRule ^/packages(.+) http://kojipkgs.fedoraproject.org/packages$1 > [R=301,L] > diff --git a/modules/bind/files/master/fedoraproject.org > b/modules/bind/files/master/fedoraproject.org > index 4b30336..93bc55b 100644 > --- a/modules/bind/files/master/fedoraproject.org > +++ b/modules/bind/files/master/fedoraproject.org > @@ -1,6 +1,6 @@ > ?$TTL 3600 > ?@ ? ? ? ? ? ? ? ?IN ? ? ? ?SOA ? ? ns1.fedoraproject.org. > hostmaster.fedoraproject.org. ( > - ? ? ? ? ? ? ? ? ? ? ? ?2009081201 ; Serial > + ? ? ? ? ? ? ? ? ? ? ? ?2009081901 ; Serial > ? ? ? ? ? ? ? ? ? ? ? ? 8H ; refresh > ? ? ? ? ? ? ? ? ? ? ? ? 2H ; retry > ? ? ? ? ? ? ? ? ? ? ? ? 4W ; expire > @@ -74,7 +74,7 @@ bodhi ? ? ? ? ? IN ?CNAME ? admin > ?bu1 ? ? ? ? ? ? IN ?A ? ? ? 128.197.185.45 > ?bugz ? ? ? ? ? ?IN ?CNAME ? wildcard > ?bugz.stg ? ? ? ?IN ?CNAME ? admin.stg.fedoraproject.org. > -buildsys ? ? ? ?IN ?CNAME ? serverbeach1.fedoraproject.org. > +buildsys ? ? ? ?IN ?CNAME ? koji.fedoraproject.org. > ?bzr ? ? ? ? ? ? IN ?CNAME ? git > ?certmaster ? ? ?IN ?CNAME ? puppet > ?capp1 ? ? ? ? ? IN ? ?A ? ? 172.17.255.29 > Both changes look of little impact from infrastructure side. Provisional +1 unless a release engineer says "OH MY ZOD, didnt you think about Kryptonite?" -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning From mmcgrath at redhat.com Wed Aug 19 22:53:38 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 19 Aug 2009 17:53:38 -0500 (CDT) Subject: [Change Request] In-Reply-To: <80d7e4090908191544y6d53f10fv708ace5f9ebc3769@mail.gmail.com> References: <200908191728.05404.dennis@ausil.us> <80d7e4090908191544y6d53f10fv708ace5f9ebc3769@mail.gmail.com> Message-ID: On Wed, 19 Aug 2009, Stephen John Smoogen wrote: > On Wed, Aug 19, 2009 at 4:27 PM, Dennis Gilmore wrote: > > > > id like to make the following changes ? impact will be minimal > > /buildgroups is the only active service on buildsys.pfp.o where plague used to > > run. ? its only needed for mock building using epel targets so the increaded > > load will be insignificant. ? the change will be trasnparent to end users. > > > > > > the content is in place on /mnt/koji so its available to either hub. as well > > as kojipkgs ?i think it makes more sense to have buildsys be a cname to > > koji.fp.o rather than kojipkgs.fp.o > > > > diff --git a/configs/web/applications/kojiweb.conf.erb > > b/configs/web/applications/kojiweb.conf.erb > > index f6b35d4..cf4a868 100644 > > --- a/configs/web/applications/kojiweb.conf.erb > > +++ b/configs/web/applications/kojiweb.conf.erb > > @@ -88,4 +88,11 @@ Alias /static-repos "/mnt/koji/static-repos/" > > ? ? Options Indexes FollowSymLinks > > ? > > > > +Alias /buildgroups "/mnt/koji/buildgroups/" > > + > > + > > + ? ?Options Indexes FollowSymLinks > > + > > + > > + > > ?RewriteRule ^/packages(.+) http://kojipkgs.fedoraproject.org/packages$1 > > [R=301,L] > > diff --git a/modules/bind/files/master/fedoraproject.org > > b/modules/bind/files/master/fedoraproject.org > > index 4b30336..93bc55b 100644 > > --- a/modules/bind/files/master/fedoraproject.org > > +++ b/modules/bind/files/master/fedoraproject.org > > @@ -1,6 +1,6 @@ > > ?$TTL 3600 > > ?@ ? ? ? ? ? ? ? ?IN ? ? ? ?SOA ? ? ns1.fedoraproject.org. > > hostmaster.fedoraproject.org. ( > > - ? ? ? ? ? ? ? ? ? ? ? ?2009081201 ; Serial > > + ? ? ? ? ? ? ? ? ? ? ? ?2009081901 ; Serial > > ? ? ? ? ? ? ? ? ? ? ? ? 8H ; refresh > > ? ? ? ? ? ? ? ? ? ? ? ? 2H ; retry > > ? ? ? ? ? ? ? ? ? ? ? ? 4W ; expire > > @@ -74,7 +74,7 @@ bodhi ? ? ? ? ? IN ?CNAME ? admin > > ?bu1 ? ? ? ? ? ? IN ?A ? ? ? 128.197.185.45 > > ?bugz ? ? ? ? ? ?IN ?CNAME ? wildcard > > ?bugz.stg ? ? ? ?IN ?CNAME ? admin.stg.fedoraproject.org. > > -buildsys ? ? ? ?IN ?CNAME ? serverbeach1.fedoraproject.org. > > +buildsys ? ? ? ?IN ?CNAME ? koji.fedoraproject.org. > > ?bzr ? ? ? ? ? ? IN ?CNAME ? git > > ?certmaster ? ? ?IN ?CNAME ? puppet > > ?capp1 ? ? ? ? ? IN ? ?A ? ? 172.17.255.29 > > > > Both changes look of little impact from infrastructure side. > Provisional +1 unless a release engineer says "OH MY ZOD, didnt you > think about Kryptonite?" > +1 -Mike From jkeating at redhat.com Wed Aug 19 23:19:06 2009 From: jkeating at redhat.com (Jesse Keating) Date: Wed, 19 Aug 2009 16:19:06 -0700 Subject: [Change Request] In-Reply-To: <80d7e4090908191544y6d53f10fv708ace5f9ebc3769@mail.gmail.com> References: <200908191728.05404.dennis@ausil.us> <80d7e4090908191544y6d53f10fv708ace5f9ebc3769@mail.gmail.com> Message-ID: <1250723946.3107.64.camel@localhost.localdomain> On Wed, 2009-08-19 at 16:44 -0600, Stephen John Smoogen wrote: > Both changes look of little impact from infrastructure side. > Provisional +1 unless a release engineer says "OH MY ZOD, didnt you > think about Kryptonite?" I don't know of any release engineering item that relies on buildsys. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From ricky at fedoraproject.org Wed Aug 19 23:36:35 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Wed, 19 Aug 2009 19:36:35 -0400 Subject: Recent change freeze exception - MXs for our domains Message-ID: <20090819233635.GC29553@alpha.rzhou.org> Hey, we had a @fedoraproject.org mail outage today because Red Hat's MXs changed IPs. Previously, we had our MXs set to mx[123].fedoraproject.org, which pointed to the IPs of the MXes. With the last change, we switched to setting the MXs directly to mx[12].redhat.com, which should always point ot the right place. Additionally, the change also reenables tummy, telia, and ibiblio, which we took out for the mass reboot. Stephen and Mike +1ed these changes on IRC while we were working on it. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From ricky at fedoraproject.org Wed Aug 19 23:41:52 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Wed, 19 Aug 2009 19:41:52 -0400 Subject: [Change Request] Set replace => false on some db files which I missed. Message-ID: <20090819234152.GA4981@alpha.rzhou.org> I missed a few files in my earlier change request. --- modules/sigul/manifests/init.pp | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/modules/sigul/manifests/init.pp b/modules/sigul/manifests/init.pp index 20a88bd..f613182 100644 --- a/modules/sigul/manifests/init.pp +++ b/modules/sigul/manifests/init.pp @@ -88,6 +88,7 @@ class sigul::server inherits sigul { group => "sigul", mode => 0600, source => "puppet:///config/secure/sigul_server_cert8.db", + replace => false, require => Package["sigul"], } @@ -96,6 +97,7 @@ class sigul::server inherits sigul { group => "sigul", mode => 0600, source => "puppet:///config/secure/sigul_server_key3.db", + replace => false, require => Package["sigul"], } @@ -104,6 +106,7 @@ class sigul::server inherits sigul { group => "sigul", mode => 0600, source => "puppet:///config/secure/sigul_server_secmod.db", + replace => false, require => Package["sigul"], } -- 1.5.5.6 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From dennis at ausil.us Thu Aug 20 00:20:39 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Wed, 19 Aug 2009 19:20:39 -0500 Subject: [Change Request] In-Reply-To: <1250723946.3107.64.camel@localhost.localdomain> References: <200908191728.05404.dennis@ausil.us> <80d7e4090908191544y6d53f10fv708ace5f9ebc3769@mail.gmail.com> <1250723946.3107.64.camel@localhost.localdomain> Message-ID: <200908191920.46491.dennis@ausil.us> On Wednesday 19 August 2009 06:19:06 pm Jesse Keating wrote: > On Wed, 2009-08-19 at 16:44 -0600, Stephen John Smoogen wrote: > > Both changes look of little impact from infrastructure side. > > Provisional +1 unless a release engineer says "OH MY ZOD, didnt you > > think about Kryptonite?" > > I don't know of any release engineering item that relies on buildsys. there is nothing. its only for buildsys-macros and buildsys-build packages for EL at this point. when RHEL5 goes away so can /buildgroups Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From a.badger at gmail.com Thu Aug 20 00:40:36 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 19 Aug 2009 17:40:36 -0700 Subject: [Change Request] Set replace => false on some db files which I missed. In-Reply-To: <20090819234152.GA4981@alpha.rzhou.org> References: <20090819234152.GA4981@alpha.rzhou.org> Message-ID: <4A8C9B84.7000000@gmail.com> On 08/19/2009 04:41 PM, Ricky Zhou wrote: > I missed a few files in my earlier change request. > > --- > modules/sigul/manifests/init.pp | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/modules/sigul/manifests/init.pp b/modules/sigul/manifests/init.pp > index 20a88bd..f613182 100644 > --- a/modules/sigul/manifests/init.pp > +++ b/modules/sigul/manifests/init.pp > @@ -88,6 +88,7 @@ class sigul::server inherits sigul { > group => "sigul", > mode => 0600, > source => "puppet:///config/secure/sigul_server_cert8.db", > + replace => false, > require => Package["sigul"], > } > > @@ -96,6 +97,7 @@ class sigul::server inherits sigul { > group => "sigul", > mode => 0600, > source => "puppet:///config/secure/sigul_server_key3.db", > + replace => false, > require => Package["sigul"], > } > > @@ -104,6 +106,7 @@ class sigul::server inherits sigul { > group => "sigul", > mode => 0600, > source => "puppet:///config/secure/sigul_server_secmod.db", > + replace => false, > require => Package["sigul"], > } > +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From smparrish at gmail.com Thu Aug 20 01:29:00 2009 From: smparrish at gmail.com (Steven M. Parrish) Date: Wed, 19 Aug 2009 21:29:00 -0400 Subject: Seeking comments on my proposal In-Reply-To: <4A8C6D34.9090608@gmail.com> References: <4A8C6D34.9090608@gmail.com> Message-ID: <200908192129.00777.smparrish@gmail.com> > On 08/18/2009 11:19 AM, Steven M. Parrish wrote: > > Got the outline of my proposal here > > https://fedoraproject.org/wiki/SugarZilla > > > > I welcome any comments > > I dislike the idea of anonymous opening of bugs and anonymous commenting > in bugzilla. It's not clear from the proposal if that's a proposed > feature or not. Can you clarify if it is and if so, how you'll minimize > the problem of: > 1) SPAM > 2) Bug reports with insufficient information to fix the problem with no > point of contact to get additional information. > > -Toshio I haven't had time to fully check out ABRT but are they requiring the user to have a valid bugzilla account? If I remember the original discussion around ABRT at FUDCon Boston was not to require one. SPAM can be handled through a captcha if needed. As far as not being able to contact the reporter, that is why they have the option of being cc'd to the report. They will be advised when filing the bug that without a point of contact if the developer has questions and cannot contact them that the bug could be closed as insufficient info. There are still some finer points which need to be worked out. Steven ===================================================== Steven M. Parrish ------------------------------------------------------------------------------------------------- gpg fingerprint: 4B6C 8357 059E B7ED 8095 0FD6 1F4B EDA0 A9A6 13C0 http://tuxbrewr.fedorapeople.org/ irc.freenode.net: SMParrish @ #fedora-kde, #fedora-devel, #fedora-olpc, #sugar From a.badger at gmail.com Thu Aug 20 01:36:21 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 19 Aug 2009 18:36:21 -0700 Subject: [Change Request] Update xz on the builders Message-ID: <4A8CA895.6090708@gmail.com> A data corruption bug was found in the current xz package for certain files. The xz package was updated to a snapshot in Fedora and EPEL. We'd like to update the builders with the new xz to make sure we aren't producing packages with corrupted payloads. The corruption bug report is here: https://bugzilla.redhat.com/show_bug.cgi?id=517806 which includes confirmation that it fixes the bug and jnovy's recommendation to update the buildsystem. The EPEL-5 update is here: https://admin.fedoraproject.org/updates/xz-4.999.8-0.10.beta.20090817git.el5 Can I get two +1's for this? -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From dennis at ausil.us Thu Aug 20 01:57:27 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Wed, 19 Aug 2009 20:57:27 -0500 Subject: [Change Request] Update xz on the builders In-Reply-To: <4A8CA895.6090708@gmail.com> References: <4A8CA895.6090708@gmail.com> Message-ID: <200908192057.34812.dennis@ausil.us> On Wednesday 19 August 2009 08:36:21 pm Toshio Kuratomi wrote: > A data corruption bug was found in the current xz package for certain > files. The xz package was updated to a snapshot in Fedora and EPEL. > We'd like to update the builders with the new xz to make sure we aren't > producing packages with corrupted payloads. > > The corruption bug report is here: > https://bugzilla.redhat.com/show_bug.cgi?id=517806 > > which includes confirmation that it fixes the bug and jnovy's > recommendation to update the buildsystem. > > The EPEL-5 update is here: > > https://admin.fedoraproject.org/updates/xz-4.999.8-0.10.beta.20090817git.el >5 > > Can I get two +1's for this? > > -Toshio +1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From jkeating at j2solutions.net Thu Aug 20 02:10:30 2009 From: jkeating at j2solutions.net (Jesse Keating) Date: Wed, 19 Aug 2009 19:10:30 -0700 Subject: [Change Request] Update xz on the builders In-Reply-To: <4A8CA895.6090708@gmail.com> References: <4A8CA895.6090708@gmail.com> Message-ID: <8D516C82-7A52-44A1-8AF4-D6EB733EB26C@j2solutions.net> On Aug 19, 2009, at 18:36, Toshio Kuratomi wrote: > A data corruption bug was found in the current xz package for certain > files. The xz package was updated to a snapshot in Fedora and EPEL. > We'd like to update the builders with the new xz to make sure we > aren't > producing packages with corrupted payloads. > > The corruption bug report is here: > https://bugzilla.redhat.com/show_bug.cgi?id=517806 > > which includes confirmation that it fixes the bug and jnovy's > recommendation to update the buildsystem. > > The EPEL-5 update is here: > > https://admin.fedoraproject.org/updates/xz-4.999.8-0.10.beta.20090817git.el5 > > Can I get two +1's for this? > The host xz wouldn't be used to produce any rpms, the rpm inside the chroot would. Does this come into play when initing the buildroot? -- Jes From mmcgrath at redhat.com Thu Aug 20 02:37:37 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 19 Aug 2009 21:37:37 -0500 (CDT) Subject: [Change Request] Update xz on the builders In-Reply-To: <4A8CA895.6090708@gmail.com> References: <4A8CA895.6090708@gmail.com> Message-ID: On Wed, 19 Aug 2009, Toshio Kuratomi wrote: > A data corruption bug was found in the current xz package for certain > files. The xz package was updated to a snapshot in Fedora and EPEL. > We'd like to update the builders with the new xz to make sure we aren't > producing packages with corrupted payloads. > > The corruption bug report is here: > https://bugzilla.redhat.com/show_bug.cgi?id=517806 > > which includes confirmation that it fixes the bug and jnovy's > recommendation to update the buildsystem. > > The EPEL-5 update is here: > > https://admin.fedoraproject.org/updates/xz-4.999.8-0.10.beta.20090817git.el5 > > Can I get two +1's for this? > +1 from me. -Mike From mmcgrath at redhat.com Thu Aug 20 02:38:13 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 19 Aug 2009 21:38:13 -0500 (CDT) Subject: [Change Request] Set replace => false on some db files which I missed. In-Reply-To: <20090819234152.GA4981@alpha.rzhou.org> References: <20090819234152.GA4981@alpha.rzhou.org> Message-ID: On Wed, 19 Aug 2009, Ricky Zhou wrote: > I missed a few files in my earlier change request. > > --- > modules/sigul/manifests/init.pp | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/modules/sigul/manifests/init.pp b/modules/sigul/manifests/init.pp > index 20a88bd..f613182 100644 > --- a/modules/sigul/manifests/init.pp > +++ b/modules/sigul/manifests/init.pp > @@ -88,6 +88,7 @@ class sigul::server inherits sigul { > group => "sigul", > mode => 0600, > source => "puppet:///config/secure/sigul_server_cert8.db", > + replace => false, > require => Package["sigul"], > } > > @@ -96,6 +97,7 @@ class sigul::server inherits sigul { > group => "sigul", > mode => 0600, > source => "puppet:///config/secure/sigul_server_key3.db", > + replace => false, > require => Package["sigul"], > } > > @@ -104,6 +106,7 @@ class sigul::server inherits sigul { > group => "sigul", > mode => 0600, > source => "puppet:///config/secure/sigul_server_secmod.db", > + replace => false, > require => Package["sigul"], > } > +1 -Mike From a.badger at gmail.com Thu Aug 20 02:46:42 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 19 Aug 2009 19:46:42 -0700 Subject: Seeking comments on my proposal In-Reply-To: <200908192129.00777.smparrish@gmail.com> References: <4A8C6D34.9090608@gmail.com> <200908192129.00777.smparrish@gmail.com> Message-ID: <4A8CB912.1090101@gmail.com> On 08/19/2009 06:29 PM, Steven M. Parrish wrote: >> On 08/18/2009 11:19 AM, Steven M. Parrish wrote: >>> Got the outline of my proposal here >>> https://fedoraproject.org/wiki/SugarZilla >>> >>> I welcome any comments >> >> I dislike the idea of anonymous opening of bugs and anonymous commenting >> in bugzilla. It's not clear from the proposal if that's a proposed >> feature or not. Can you clarify if it is and if so, how you'll minimize >> the problem of: >> 1) SPAM >> 2) Bug reports with insufficient information to fix the problem with no >> point of contact to get additional information. >> >> -Toshio > > I haven't had time to fully check out ABRT but are they requiring the user to > have a valid bugzilla account? If I remember the original discussion around > ABRT at FUDCon Boston was not to require one. > I can see that being a good thing but I'm not sure it got implemented. abrt-bugzilla has a config file in /etc/abrt/plugins/Bugzilla.conf that has this:: # your login has to exist, if you don have anyone, please create one Login = # your password Password = It looks like we (Fedora packager) could fill those in with a bz user and password pair to give the equivalent of anonymous reporting to users but have chosen not to at the moment. > SPAM can be handled through a captcha if needed. > . So that would be a requirement before hooking it up to production bz. > As far as not being able to contact the reporter, that is why they have the > option of being cc'd to the report. They will be advised when filing the bug > that without a point of contact if the developer has questions and cannot > contact them that the bug could be closed as insufficient info. > > There are still some finer points which need to be worked out. > That makes sense although finding better and better ways to get the reporter to CC will be good. Might also want to ask the triage team if they might want to go through these types of bugs and triage them for more information and close them if there's no reporter on CC right off the bat or something. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From a.badger at gmail.com Thu Aug 20 03:09:42 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 19 Aug 2009 20:09:42 -0700 Subject: [Change Request] Update xz on the builders In-Reply-To: <8D516C82-7A52-44A1-8AF4-D6EB733EB26C@j2solutions.net> References: <4A8CA895.6090708@gmail.com> <8D516C82-7A52-44A1-8AF4-D6EB733EB26C@j2solutions.net> Message-ID: <4A8CBE76.3000400@gmail.com> On 08/19/2009 07:10 PM, Jesse Keating wrote: > > > On Aug 19, 2009, at 18:36, Toshio Kuratomi wrote: > >> A data corruption bug was found in the current xz package for certain >> files. The xz package was updated to a snapshot in Fedora and EPEL. >> We'd like to update the builders with the new xz to make sure we aren't >> producing packages with corrupted payloads. >> >> The corruption bug report is here: >> https://bugzilla.redhat.com/show_bug.cgi?id=517806 >> >> which includes confirmation that it fixes the bug and jnovy's >> recommendation to update the buildsystem. >> >> The EPEL-5 update is here: >> >> https://admin.fedoraproject.org/updates/xz-4.999.8-0.10.beta.20090817git.el5 >> >> >> Can I get two +1's for this? >> > > The host xz wouldn't be used to produce any rpms, the rpm inside the > chroot would. Does this come into play when initing the buildroot? > You're right, this wouldn't come into play unless it's a decompression bug. And if that's so it would generate an error from the buildsystem while trying to create the buildroot instead of a corrupted payload in the built rpms. So not as severe. I'm checking to be sure it isn't a decompression bug now. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From a.badger at gmail.com Thu Aug 20 03:31:44 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 19 Aug 2009 20:31:44 -0700 Subject: [Change Request] Update xz on the builders In-Reply-To: <4A8CBE76.3000400@gmail.com> References: <4A8CA895.6090708@gmail.com> <8D516C82-7A52-44A1-8AF4-D6EB733EB26C@j2solutions.net> <4A8CBE76.3000400@gmail.com> Message-ID: <4A8CC3A0.90205@gmail.com> On 08/19/2009 08:09 PM, Toshio Kuratomi wrote: > On 08/19/2009 07:10 PM, Jesse Keating wrote: >> The host xz wouldn't be used to produce any rpms, the rpm inside the >> chroot would. Does this come into play when initing the buildroot? >> > You're right, this wouldn't come into play unless it's a decompression > bug. And if that's so it would generate an error from the buildsystem > while trying to create the buildroot instead of a corrupted payload in > the built rpms. So not as severe. I'm checking to be sure it isn't a > decompression bug now. > Confirmed -- the compressor is the issue here, not the decompressor. So we don't need to update the builders at this time. Since rawhide is the only release building with xz payloads we don't need to worry about buildroot overrides either. It *is* possible that some of the packages built before this xz package was put into the buildroot are corrupt:: http://koji.fedoraproject.org/koji/buildinfo?buildID=127510 (build finished at 2009-08-17 10:32:19) I don't know if this is something releng wants to check for. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From ricky at fedoraproject.org Thu Aug 20 03:51:13 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Wed, 19 Aug 2009 23:51:13 -0400 Subject: [PATCH] Add a comment about the behavior of autodisablePuppet. In-Reply-To: <1250740273-21842-1-git-send-email-ricky@fedoraproject.org> References: <1250740273-21842-1-git-send-email-ricky@fedoraproject.org> Message-ID: <1250740273-21842-2-git-send-email-ricky@fedoraproject.org> --- modules/puppet/manifests/init.pp | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/modules/puppet/manifests/init.pp b/modules/puppet/manifests/init.pp index 686de0a..bac8819 100644 --- a/modules/puppet/manifests/init.pp +++ b/modules/puppet/manifests/init.pp @@ -17,6 +17,11 @@ class puppet::client { $puppetEnvironment = "production" } + # Note: Even if autodisablePuppet is set, puppet will not shut down a + # currently running puppet service - otherwise, a puppet run will kill + # itself. Thus, any running puppet service will need to be stopped + # manually after a puppet run (although it will not come back + # automatically on reboots). service { "puppet": ensure => $autodisablePuppet ? { true => undef, -- 1.5.5.6 From ricky at fedoraproject.org Thu Aug 20 03:51:12 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Wed, 19 Aug 2009 23:51:12 -0400 Subject: [PATCH] Try an autodisablePuppet fix. Message-ID: <1250740273-21842-1-git-send-email-ricky@fedoraproject.org> --- manifests/nodes/backup1.fedora.phx.redhat.com.pp | 2 +- .../nodes/proxy1.stg.fedora.phx.redhat.com.pp | 1 + .../nodes/sign-bridge1.fedora.phx.redhat.com.pp | 2 +- .../nodes/sign-vault1.fedora.phx.redhat.com.pp | 2 +- modules/puppet/manifests/init.pp | 10 ++++++++-- 5 files changed, 12 insertions(+), 5 deletions(-) diff --git a/manifests/nodes/backup1.fedora.phx.redhat.com.pp b/manifests/nodes/backup1.fedora.phx.redhat.com.pp index 7f1a1d9..0dbf6bc 100644 --- a/manifests/nodes/backup1.fedora.phx.redhat.com.pp +++ b/manifests/nodes/backup1.fedora.phx.redhat.com.pp @@ -1,5 +1,5 @@ node backup1{ - $autodisablePuppet = 1 + $autodisablePuppet = true include phx # include global include openvpn::client diff --git a/manifests/nodes/proxy1.stg.fedora.phx.redhat.com.pp b/manifests/nodes/proxy1.stg.fedora.phx.redhat.com.pp index f9a1289..2c303fe 100644 --- a/manifests/nodes/proxy1.stg.fedora.phx.redhat.com.pp +++ b/manifests/nodes/proxy1.stg.fedora.phx.redhat.com.pp @@ -1,4 +1,5 @@ node 'proxy1.stg.fedora.phx.redhat.com' { + $autodisablePuppet = true $puppetEnvironment='staging' include phx include proxy diff --git a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp index d710016..4147862 100644 --- a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp +++ b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp @@ -1,5 +1,5 @@ node "sign-bridge1.fedora.phx.redhat.com" { - $autodisablePuppet = 1 + $autodisablePuppet = true $fas_groups = [ 'sysadmin-main', 'sysadmin-releng' ] include phx include fas::client diff --git a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp index 1b5641d..a1e0ab0 100644 --- a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp +++ b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp @@ -1,5 +1,5 @@ node "sign-vault1" { - $autodisablePuppet = 1 + $autodisablePuppet = true $fas_groups = [ 'sysadmin-main', 'sysadmin-releng' ] include phx include fas::client diff --git a/modules/puppet/manifests/init.pp b/modules/puppet/manifests/init.pp index 54ca3e3..686de0a 100644 --- a/modules/puppet/manifests/init.pp +++ b/modules/puppet/manifests/init.pp @@ -18,8 +18,14 @@ class puppet::client { } service { "puppet": - ensure => running, - enable => true, + ensure => $autodisablePuppet ? { + true => undef, + default => running, + }, + enable => $autodisablePuppet ? { + true => false, + default => true, + }, require => Package["puppet"], } -- 1.5.5.6 From thinklinux.ssh at gmail.com Thu Aug 20 04:00:13 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Thu, 20 Aug 2009 09:30:13 +0530 Subject: Ok. Looks like this one _may_ fulfill our calendering needs. Testing required. In-Reply-To: <1250721652.2318.11.camel@adam.local.net> References: <1250706985.2318.4.camel@adam.local.net> <1250721652.2318.11.camel@adam.local.net> Message-ID: > The page you link is only for the sync server, which doesn't appear to > be mandatory. It provides Funambol, Outlook and Mozilla sync services. I > would think that once OBM's CalDav support is complete you wouldn't > really need the sync server... Ok. I shall try to get it up today and see. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From mmcgrath at redhat.com Thu Aug 20 13:35:31 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 20 Aug 2009 08:35:31 -0500 (CDT) Subject: proxy1.stg and xen6 Message-ID: I'm doing some work on proxy1.stg specifically with it's aliased IP 10.8.34.98 on xen6. Please don't touch them until I give the ok (troubleshooting network issues with a dedicated box) -Mike From mmcgrath at redhat.com Thu Aug 20 15:00:05 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 20 Aug 2009 10:00:05 -0500 (CDT) Subject: Meeting today Message-ID: Just a reminder there's a meeting today and we'll be discussing the alpha release just less then a week away! https://fedorahosted.org/fedora-infrastructure/report/9 -Mike From diegobz at gmail.com Thu Aug 20 17:59:03 2009 From: diegobz at gmail.com (=?ISO-8859-1?Q?Diego_B=FArigo_Zacar=E3o?=) Date: Thu, 20 Aug 2009 14:59:03 -0300 Subject: [Change Request] Mercurial upgrade on app1 Message-ID: <6600c1b10908201059g3bcbcee1n4b669904e8bf52@mail.gmail.com> There is a bug related to Mercurial-1.2.x that is boring some of our translators when using Transifex[1]. Could I have +1's for updating it with the following version? https://admin.fedoraproject.org/updates/mercurial-1.3.1-3.el5 [1] http://transifex.org/ticket/279 Regards -- Diego B?rigo Zacar?o http://diegobz.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Thu Aug 20 17:59:30 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 20 Aug 2009 12:59:30 -0500 (CDT) Subject: Change request - Mercurial - app1 Message-ID: There's been a request to update mercurial on app1 from mercurial-1.2-2.el5.1 to mercurial-1.3.1-3.el5 which is the latest in epel 2+1's? -Mike From mmcgrath at redhat.com Thu Aug 20 18:00:12 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 20 Aug 2009 13:00:12 -0500 (CDT) Subject: Change request - Mercurial - app1 In-Reply-To: References: Message-ID: ignore this one On Thu, 20 Aug 2009, Mike McGrath wrote: > There's been a request to update mercurial on app1 from > mercurial-1.2-2.el5.1 to mercurial-1.3.1-3.el5 which is the latest in epel > > 2+1's? > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From mmcgrath at redhat.com Thu Aug 20 18:00:32 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 20 Aug 2009 13:00:32 -0500 (CDT) Subject: [Change Request] Mercurial upgrade on app1 In-Reply-To: <6600c1b10908201059g3bcbcee1n4b669904e8bf52@mail.gmail.com> References: <6600c1b10908201059g3bcbcee1n4b669904e8bf52@mail.gmail.com> Message-ID: On Thu, 20 Aug 2009, Diego B?rigo Zacar?o wrote: > There is a bug related to Mercurial-1.2.x that is boring some of our translators when using Transifex[1]. > > Could I have +1's for updating it with the following version? > https://admin.fedoraproject.org/updates/mercurial-1.3.1-3.el5 > > [1] http://transifex.org/ticket/279 > +1 -Mike From ricky at fedoraproject.org Thu Aug 20 18:12:21 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 20 Aug 2009 14:12:21 -0400 Subject: [Change Request] Mercurial upgrade on app1 In-Reply-To: <6600c1b10908201059g3bcbcee1n4b669904e8bf52@mail.gmail.com> References: <6600c1b10908201059g3bcbcee1n4b669904e8bf52@mail.gmail.com> Message-ID: <20090820181221.GA4435@alpha.rzhou.org> On 2009-08-20 02:59:03 PM, Diego B?rigo Zacar?o wrote: > There is a bug related to Mercurial-1.2.x that is boring some of our > translators when using Transifex[1]. > > Could I have +1's for updating it with the following version? > https://admin.fedoraproject.org/updates/mercurial-1.3.1-3.el5 > > [1] http://transifex.org/ticket/279 +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From a.badger at gmail.com Thu Aug 20 18:21:24 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 20 Aug 2009 11:21:24 -0700 Subject: [Change Request] Mercurial upgrade on app1 In-Reply-To: <6600c1b10908201059g3bcbcee1n4b669904e8bf52@mail.gmail.com> References: <6600c1b10908201059g3bcbcee1n4b669904e8bf52@mail.gmail.com> Message-ID: <4A8D9424.3010500@gmail.com> On 08/20/2009 10:59 AM, Diego B?rigo Zacar?o wrote: > There is a bug related to Mercurial-1.2.x that is boring some of our > translators when using Transifex[1]. > > Could I have +1's for updating it with the following version? > https://admin.fedoraproject.org/updates/mercurial-1.3.1-3.el5 > > [1] http://transifex.org/ticket/279 > +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From tmz at pobox.com Thu Aug 20 23:54:24 2009 From: tmz at pobox.com (Todd Zullinger) Date: Thu, 20 Aug 2009 19:54:24 -0400 Subject: [Change Request] Add script/cron job for checking git repo perms Message-ID: <20090820235424.GD4297@inocybe.localdomain> The git::check-perms class includes a script for checking that the permissions of git repositories are generally proper for shared repositories. It also runs this script each day via a cron job. This is included on the hosted1 node. --- The intent of this script is to check that git repos on hosted don't end up with permissions that will cause problems when folks try to push to them. This shouldn't happen too often anymore since we fixed a git bug and have better scripts for creating the repositories, but it can still crop up. This script won't catch something like the a repo having the wrong group, unless we want to standardize on group naming and fix up existing repositories that don't follow that convention. (Which doesn't seem worth the effort.) I just picked the time for the cron job at random. If there is a better time for it to run, I can change it before pushing this. The change should be very low risk and easy to fix should it cause any problems. If I weren't likely to forget about it, it could wait until after the freeze it over. :) manifests/nodes/hosted1.fedoraproject.org.pp | 4 + modules/git/README | 4 + modules/git/files/check-perms.py | 148 ++++++++++++++++++++++++++ modules/git/manifests/init.pp | 31 ++++++ 4 files changed, 187 insertions(+), 0 deletions(-) create mode 100755 modules/git/files/check-perms.py diff --git a/manifests/nodes/hosted1.fedoraproject.org.pp b/manifests/nodes/hosted1.fedoraproject.org.pp index e94c151..a6c86c0 100644 --- a/manifests/nodes/hosted1.fedoraproject.org.pp +++ b/manifests/nodes/hosted1.fedoraproject.org.pp @@ -5,6 +5,10 @@ node hosted1 { include openvpn::client include spamassassin::server + $git_check_perms_gitroot = "/git" + $git_check_perms_mailto = "sysadmin-hosted-members at fedoraproject.org" + include git::check-perms + $mailman_default_url_proto = "https" $mailman_default_url_host = "fedorahosted.org" $mailman_default_email_host = "lists.fedorahosted.org" diff --git a/modules/git/README b/modules/git/README index e9a5e99..100a560 100644 --- a/modules/git/README +++ b/modules/git/README @@ -14,6 +14,10 @@ The git rpm installs the core tools with minimal dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. +The git::check-perms class includes a script for checking that the +permissions of git repositories are generally proper for shared +repositories. It also runs this script each day via a cron job. + The git::mail-hooks class installs some convenient tools for use as post-receive hooks, courtesy of the gnome.org sysadmins. diff --git a/modules/git/files/check-perms.py b/modules/git/files/check-perms.py new file mode 100755 index 0000000..88d7bff --- /dev/null +++ b/modules/git/files/check-perms.py @@ -0,0 +1,148 @@ +#!/usr/bin/python -tt +"""Check permissions of a tree of git repositories, optionally fixing any +problems found. +""" + +import os +import re +import sys +import optparse +from stat import * +from subprocess import call, PIPE, Popen + +usage = '%prog [options] [gitroot]' +parser = optparse.OptionParser(usage=usage) +parser.add_option('-f', '--fix', dest='fix', + action='store_true', default=False, + help='Correct any problems [%default]') +opts, args = parser.parse_args() + +if args: + gitroot = args[0] +else: + gitroot = '/git' + +object_re = re.compile('[0-9a-z]{40}') + +def is_object(path): + """Check if a path is a git object.""" + parts = path.split(os.path.sep) + if 'objects' in parts and len(parts) > 2 and \ + object_re.match(''.join(path.split(os.path.sep)[-2:])): + return True + return False + +def is_shared_repo(gitdir): + """Check if a git repository is shared.""" + cmd = ['git', '--git-dir', gitdir, 'config', 'core.sharedRepository'] + p = Popen(cmd, stdout=PIPE, stderr=PIPE) + shared, error = p.communicate() + sharedmodes = ['1', 'group', 'true', '2', 'all', 'world', 'everybody'] + if shared.rstrip() not in sharedmodes or p.returncode: + return False + return True + +def set_shared_repo(gitdir, value='group'): + """Set core.sharedRepository for a git repository.""" + mode_re = re.compile('06[0-7]{2}') + if value in [0, 'false', 'umask']: + value = 'umask' + elif value in [1, 'true', 'group']: + value = 'group' + elif value in [2, 'all', 'world', 'everybody']: + value = 'all' + elif mode_re.match(value): + pass + else: + raise SystemExit('Bogus core.sharedRepository value "%s"' % value) + cmd = ['git', '--git-dir', gitdir, 'config', 'core.sharedRepository', + value] + ret = call(cmd) + if ret: + return False + return True + +def check_git_perms(path, fix=False): + """Check if permissions on a git repo are correct. + + If fix is true, problems found are corrected. + """ + object_mode = S_IRUSR | S_IRGRP | S_IROTH + oldmode = mode = S_IMODE(os.lstat(path)[ST_MODE]) + errors = [] + if os.path.isdir(path): + newmode = mode | S_ISGID + if mode != newmode: + msg = 'Not SETGID (should be "%s")' % oct(newmode) + errors.append(msg) + mode = newmode + elif is_object(path) and mode ^ object_mode: + msg = 'Wrong object mode "%s" (should be "%s")' % ( + oct(mode), oct(object_mode)) + errors.append(msg) + mode = object_mode + if mode & S_IWUSR and not is_object(path): + newmode = mode | S_IWGRP + if mode != newmode: + msg = 'Not group writable (should be "%s")' % oct(newmode) + errors.append(msg) + mode = newmode + if mode != oldmode and not os.path.islink(path): + print >> sys.stderr, '%s:' % path, + print >> sys.stderr, ', '.join(['%s' % e for e in errors]) + if not fix: + return False + try: + os.chmod(path, mode) + return True + except Exception, e: + error = hasattr(e, 'strerror') and e.strerror or e + mode = oct(mode) + print >> sys.stderr, 'Error setting "%s" mode on %s: %s' % ( + mode, path, error) + return False + return True + +def main(): + if not os.path.isdir(gitroot): + raise SystemExit('%s does not exist or is not a directory' % gitroot) + + gitdirs = [] + for path, dirs, files in os.walk(gitroot): + if path in gitdirs: + continue + if 'description' in os.listdir(path): + gitdirs.append(path) + + problems = [] + for gitdir in sorted(gitdirs): + if not is_shared_repo(gitdir): + print >> sys.stderr, '%s: core.sharedRepository not set' % gitdir + if not opts.fix or not set_shared_repo(gitdir): + problems.append(gitdir) + continue + paths = [] + for path, dirs, files in os.walk(gitdir): + for d in dirs: + d = os.path.join(path, d) + if d not in paths: + paths.append(d) + for f in files: + f = os.path.join(path, f) + if f not in paths: + paths.append(f) + for path in paths: + if not check_git_perms(path, fix=opts.fix): + if path not in problems: + problems.append(path) + + if problems: + raise SystemExit('%d paths remain unfixed' % len(problems)) + + raise SystemExit() + +if __name__ == '__main__': + try: + main() + except KeyboardInterrupt: + raise SystemExit('\nExiting on user cancel (Ctrl-C)') diff --git a/modules/git/manifests/init.pp b/modules/git/manifests/init.pp index 87282b5..ab1abec 100644 --- a/modules/git/manifests/init.pp +++ b/modules/git/manifests/init.pp @@ -35,3 +35,34 @@ class git::mail-hooks { require => [File["$mailhooks/git.py"], File["$mailhooks/util.py"]]; } } + +class git::check-perms { + include git::package + + file { '/usr/local/bin/git-check-perms': + owner => 'root', + group => 'root', + mode => 0755, + source => 'puppet:///git/check-perms.py', + require => Package['git'], + } + + $gitroot = $git_check_perms_gitroot ? { + '' => '/git', + default => $git_check_perms_gitroot, + } + + $mailto = $git_check_perms_mailto ? { + '' => 'root', + default => $git_check_perms_mailto, + } + + cron { 'git-check-perms': + command => "git check-perms $gitroot", + user => 'nobody', + hour => 0, + minute => 10, + environment => ["MAILTO=$mailto", 'PATH=/usr/bin:/usr/local/bin'], + require => File['/usr/local/bin/git-check-perms'], + } +} -- 1.6.4 -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If Stupidity got us into this mess, then why can't it get us out? -- Will Rogers (1879-1935) From mmcgrath at redhat.com Fri Aug 21 00:07:32 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 20 Aug 2009 19:07:32 -0500 (CDT) Subject: [Change Request] Add script/cron job for checking git repo perms In-Reply-To: <20090820235424.GD4297@inocybe.localdomain> References: <20090820235424.GD4297@inocybe.localdomain> Message-ID: On Thu, 20 Aug 2009, Todd Zullinger wrote: > The git::check-perms class includes a script for checking that the > permissions of git repositories are generally proper for shared > repositories. It also runs this script each day via a cron job. > > This is included on the hosted1 node. > --- > > The intent of this script is to check that git repos on hosted don't > end up with permissions that will cause problems when folks try to > push to them. This shouldn't happen too often anymore since we fixed > a git bug and have better scripts for creating the repositories, but > it can still crop up. > > This script won't catch something like the a repo having the wrong > group, unless we want to standardize on group naming and fix up > existing repositories that don't follow that convention. (Which > doesn't seem worth the effort.) > > I just picked the time for the cron job at random. If there is a > better time for it to run, I can change it before pushing this. > > The change should be very low risk and easy to fix should it cause any > problems. If I weren't likely to forget about it, it could wait until > after the freeze it over. :) > > manifests/nodes/hosted1.fedoraproject.org.pp | 4 + > modules/git/README | 4 + > modules/git/files/check-perms.py | 148 ++++++++++++++++++++++++++ > modules/git/manifests/init.pp | 31 ++++++ > 4 files changed, 187 insertions(+), 0 deletions(-) > create mode 100755 modules/git/files/check-perms.py > > diff --git a/manifests/nodes/hosted1.fedoraproject.org.pp b/manifests/nodes/hosted1.fedoraproject.org.pp > index e94c151..a6c86c0 100644 > --- a/manifests/nodes/hosted1.fedoraproject.org.pp > +++ b/manifests/nodes/hosted1.fedoraproject.org.pp > @@ -5,6 +5,10 @@ node hosted1 { > include openvpn::client > include spamassassin::server > > + $git_check_perms_gitroot = "/git" > + $git_check_perms_mailto = "sysadmin-hosted-members at fedoraproject.org" > + include git::check-perms > + > $mailman_default_url_proto = "https" > $mailman_default_url_host = "fedorahosted.org" > $mailman_default_email_host = "lists.fedorahosted.org" > diff --git a/modules/git/README b/modules/git/README > index e9a5e99..100a560 100644 > --- a/modules/git/README > +++ b/modules/git/README > @@ -14,6 +14,10 @@ The git rpm installs the core tools with minimal dependencies. To > install all git packages, including tools for integrating with other > SCMs, install the git-all meta-package. > > +The git::check-perms class includes a script for checking that the > +permissions of git repositories are generally proper for shared > +repositories. It also runs this script each day via a cron job. > + > The git::mail-hooks class installs some convenient tools for use as > post-receive hooks, courtesy of the gnome.org sysadmins. > > diff --git a/modules/git/files/check-perms.py b/modules/git/files/check-perms.py > new file mode 100755 > index 0000000..88d7bff > --- /dev/null > +++ b/modules/git/files/check-perms.py > @@ -0,0 +1,148 @@ > +#!/usr/bin/python -tt > +"""Check permissions of a tree of git repositories, optionally fixing any > +problems found. > +""" > + > +import os > +import re > +import sys > +import optparse > +from stat import * > +from subprocess import call, PIPE, Popen > + > +usage = '%prog [options] [gitroot]' > +parser = optparse.OptionParser(usage=usage) > +parser.add_option('-f', '--fix', dest='fix', > + action='store_true', default=False, > + help='Correct any problems [%default]') > +opts, args = parser.parse_args() > + > +if args: > + gitroot = args[0] > +else: > + gitroot = '/git' > + > +object_re = re.compile('[0-9a-z]{40}') > + > +def is_object(path): > + """Check if a path is a git object.""" > + parts = path.split(os.path.sep) > + if 'objects' in parts and len(parts) > 2 and \ > + object_re.match(''.join(path.split(os.path.sep)[-2:])): > + return True > + return False > + > +def is_shared_repo(gitdir): > + """Check if a git repository is shared.""" > + cmd = ['git', '--git-dir', gitdir, 'config', 'core.sharedRepository'] > + p = Popen(cmd, stdout=PIPE, stderr=PIPE) > + shared, error = p.communicate() > + sharedmodes = ['1', 'group', 'true', '2', 'all', 'world', 'everybody'] > + if shared.rstrip() not in sharedmodes or p.returncode: > + return False > + return True > + > +def set_shared_repo(gitdir, value='group'): > + """Set core.sharedRepository for a git repository.""" > + mode_re = re.compile('06[0-7]{2}') > + if value in [0, 'false', 'umask']: > + value = 'umask' > + elif value in [1, 'true', 'group']: > + value = 'group' > + elif value in [2, 'all', 'world', 'everybody']: > + value = 'all' > + elif mode_re.match(value): > + pass > + else: > + raise SystemExit('Bogus core.sharedRepository value "%s"' % value) > + cmd = ['git', '--git-dir', gitdir, 'config', 'core.sharedRepository', > + value] > + ret = call(cmd) > + if ret: > + return False > + return True > + > +def check_git_perms(path, fix=False): > + """Check if permissions on a git repo are correct. > + > + If fix is true, problems found are corrected. > + """ > + object_mode = S_IRUSR | S_IRGRP | S_IROTH > + oldmode = mode = S_IMODE(os.lstat(path)[ST_MODE]) > + errors = [] > + if os.path.isdir(path): > + newmode = mode | S_ISGID > + if mode != newmode: > + msg = 'Not SETGID (should be "%s")' % oct(newmode) > + errors.append(msg) > + mode = newmode > + elif is_object(path) and mode ^ object_mode: > + msg = 'Wrong object mode "%s" (should be "%s")' % ( > + oct(mode), oct(object_mode)) > + errors.append(msg) > + mode = object_mode > + if mode & S_IWUSR and not is_object(path): > + newmode = mode | S_IWGRP > + if mode != newmode: > + msg = 'Not group writable (should be "%s")' % oct(newmode) > + errors.append(msg) > + mode = newmode > + if mode != oldmode and not os.path.islink(path): > + print >> sys.stderr, '%s:' % path, > + print >> sys.stderr, ', '.join(['%s' % e for e in errors]) > + if not fix: > + return False > + try: > + os.chmod(path, mode) > + return True > + except Exception, e: > + error = hasattr(e, 'strerror') and e.strerror or e > + mode = oct(mode) > + print >> sys.stderr, 'Error setting "%s" mode on %s: %s' % ( > + mode, path, error) > + return False > + return True > + > +def main(): > + if not os.path.isdir(gitroot): > + raise SystemExit('%s does not exist or is not a directory' % gitroot) > + > + gitdirs = [] > + for path, dirs, files in os.walk(gitroot): > + if path in gitdirs: > + continue > + if 'description' in os.listdir(path): > + gitdirs.append(path) > + > + problems = [] > + for gitdir in sorted(gitdirs): > + if not is_shared_repo(gitdir): > + print >> sys.stderr, '%s: core.sharedRepository not set' % gitdir > + if not opts.fix or not set_shared_repo(gitdir): > + problems.append(gitdir) > + continue > + paths = [] > + for path, dirs, files in os.walk(gitdir): > + for d in dirs: > + d = os.path.join(path, d) > + if d not in paths: > + paths.append(d) > + for f in files: > + f = os.path.join(path, f) > + if f not in paths: > + paths.append(f) > + for path in paths: > + if not check_git_perms(path, fix=opts.fix): > + if path not in problems: > + problems.append(path) > + > + if problems: > + raise SystemExit('%d paths remain unfixed' % len(problems)) > + > + raise SystemExit() > + > +if __name__ == '__main__': > + try: > + main() > + except KeyboardInterrupt: > + raise SystemExit('\nExiting on user cancel (Ctrl-C)') > diff --git a/modules/git/manifests/init.pp b/modules/git/manifests/init.pp > index 87282b5..ab1abec 100644 > --- a/modules/git/manifests/init.pp > +++ b/modules/git/manifests/init.pp > @@ -35,3 +35,34 @@ class git::mail-hooks { > require => [File["$mailhooks/git.py"], File["$mailhooks/util.py"]]; > } > } > + > +class git::check-perms { > + include git::package > + > + file { '/usr/local/bin/git-check-perms': > + owner => 'root', > + group => 'root', > + mode => 0755, > + source => 'puppet:///git/check-perms.py', > + require => Package['git'], > + } > + > + $gitroot = $git_check_perms_gitroot ? { > + '' => '/git', > + default => $git_check_perms_gitroot, > + } > + > + $mailto = $git_check_perms_mailto ? { > + '' => 'root', > + default => $git_check_perms_mailto, > + } > + > + cron { 'git-check-perms': > + command => "git check-perms $gitroot", > + user => 'nobody', > + hour => 0, > + minute => 10, > + environment => ["MAILTO=$mailto", 'PATH=/usr/bin:/usr/local/bin'], > + require => File['/usr/local/bin/git-check-perms'], > + } > +} > -- > 1.6.4 > Just to be clear, we've run this several times already. We're just puppetizing it and adding a cron job? -Mike From tmz at pobox.com Fri Aug 21 00:12:39 2009 From: tmz at pobox.com (Todd Zullinger) Date: Thu, 20 Aug 2009 20:12:39 -0400 Subject: [Change Request] Add script/cron job for checking git repo perms In-Reply-To: References: <20090820235424.GD4297@inocybe.localdomain> Message-ID: <20090821001238.GE4297@inocybe.localdomain> Mike McGrath wrote: > Just to be clear, we've run this several times already. We're just > puppetizing it and adding a cron job? Yep. I've run a number of times. I ran it with the --fix option this morning to have it fix up the minor issues it noted. I also tested it run as user nobody with PATH=/usr/bin:/usr/local/bin, to (hopefully) ensure that things will work correctly when it runs via cron. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I am not young enough to know everything. -- Oscar Wilde (1854-1900) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From mmcgrath at redhat.com Fri Aug 21 01:00:22 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 20 Aug 2009 20:00:22 -0500 (CDT) Subject: [Change Request] Add script/cron job for checking git repo perms In-Reply-To: <20090821001238.GE4297@inocybe.localdomain> References: <20090820235424.GD4297@inocybe.localdomain> <20090821001238.GE4297@inocybe.localdomain> Message-ID: On Thu, 20 Aug 2009, Todd Zullinger wrote: > Mike McGrath wrote: > > Just to be clear, we've run this several times already. We're just > > puppetizing it and adding a cron job? > > Yep. I've run a number of times. I ran it with the --fix option this > morning to have it fix up the minor issues it noted. I also tested it > run as user nobody with PATH=/usr/bin:/usr/local/bin, to (hopefully) > ensure that things will work correctly when it runs via cron. > +1 then -Mike From ricky at fedoraproject.org Fri Aug 21 01:05:25 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 20 Aug 2009 21:05:25 -0400 Subject: [Change Request] Add script/cron job for checking git repo perms In-Reply-To: <20090820235424.GD4297@inocybe.localdomain> References: <20090820235424.GD4297@inocybe.localdomain> Message-ID: <20090821010525.GA3112@alpha.rzhou.org> On 2009-08-20 07:54:24 PM, Todd Zullinger wrote: > The git::check-perms class includes a script for checking that the > permissions of git repositories are generally proper for shared > repositories. It also runs this script each day via a cron job. +1 (Although I didn't think fedorahosted.org was covered under the change freeze). Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From tmz at pobox.com Fri Aug 21 01:15:41 2009 From: tmz at pobox.com (Todd Zullinger) Date: Thu, 20 Aug 2009 21:15:41 -0400 Subject: [Change Request] Add script/cron job for checking git repo perms In-Reply-To: <20090821010525.GA3112@alpha.rzhou.org> References: <20090820235424.GD4297@inocybe.localdomain> <20090821010525.GA3112@alpha.rzhou.org> Message-ID: <20090821011541.GF4297@inocybe.localdomain> Ricky Zhou wrote: > +1 (Although I didn't think fedorahosted.org was covered under the > change freeze). I would have guessed it wasn't too. But according to Environments.odg it is. Speaking of which, would exporting that .odg to a .png or other format make it easier to link to via the wiki for those that don't normally have OOo installed? Or would that just make it too likely to get out of sync? -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The surest sign that intelligent life exists elsewhere in the universe is that it has never tried to contact us. -- Bill Watterson (Calvin and Hobbes) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From ricky at fedoraproject.org Fri Aug 21 01:20:44 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 20 Aug 2009 21:20:44 -0400 Subject: [Change Request] Add script/cron job for checking git repo perms In-Reply-To: <20090821011541.GF4297@inocybe.localdomain> References: <20090820235424.GD4297@inocybe.localdomain> <20090821010525.GA3112@alpha.rzhou.org> <20090821011541.GF4297@inocybe.localdomain> Message-ID: <20090821012044.GB3112@alpha.rzhou.org> On 2009-08-20 09:15:41 PM, Todd Zullinger wrote: > Ricky Zhou wrote: > > +1 (Although I didn't think fedorahosted.org was covered under the > > change freeze). > > I would have guessed it wasn't too. But according to Environments.odg > it is. Are you sure? We're still in the prerelease freeze, so the machines covered are a bit more limited than a full freeze. > Speaking of which, would exporting that .odg to a .png or other format > make it easier to link to via the wiki for those that don't normally > have OOo installed? Or would that just make it too likely to get out > of sync? That'd be a nice idea - that document could already use some updating now, and it couldn't hurt to make a PNG version ta the same time as it gets updated. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From tmz at pobox.com Fri Aug 21 01:29:10 2009 From: tmz at pobox.com (Todd Zullinger) Date: Thu, 20 Aug 2009 21:29:10 -0400 Subject: [Change Request] Add script/cron job for checking git repo perms In-Reply-To: <20090821012044.GB3112@alpha.rzhou.org> References: <20090820235424.GD4297@inocybe.localdomain> <20090821010525.GA3112@alpha.rzhou.org> <20090821011541.GF4297@inocybe.localdomain> <20090821012044.GB3112@alpha.rzhou.org> Message-ID: <20090821012910.GG4297@inocybe.localdomain> Ricky Zhou wrote: >> I would have guessed it wasn't too. But according to >> Environments.odg it is. > > Are you sure? We're still in the prerelease freeze, so the machines > covered are a bit more limited than a full freeze. Hmm, I did read that wrong then, it doesn't appear to be in the list for pre-release freezes. Thanks for correcting me. :) -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nothing is wrong with California that a rise in the ocean level wouldn't cure. -- Ross MacDonald (1915-1983) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From mmcgrath at redhat.com Fri Aug 21 18:36:01 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 21 Aug 2009 13:36:01 -0500 (CDT) Subject: smolt change request Message-ID: I'd like to do the hotfix described here: https://fedorahosted.org/fedora-infrastructure/ticket/1622 Changes are already upstream. -Mike From Matt_Domsch at Dell.com Fri Aug 21 18:39:33 2009 From: Matt_Domsch at Dell.com (Matt_Domsch at Dell.com) Date: Fri, 21 Aug 2009 13:39:33 -0500 Subject: smolt change request In-Reply-To: References: Message-ID: +1 -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux -----Original Message----- From: fedora-infrastructure-list-bounces at redhat.com [mailto:fedora-infrastructure-list-bounces at redhat.com] On Behalf Of Mike McGrath Sent: Friday, August 21, 2009 1:36 PM To: Fedora Infrastructure List Subject: smolt change request I'd like to do the hotfix described here: https://fedorahosted.org/fedora-infrastructure/ticket/1622 Changes are already upstream. -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list at redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From ricky at fedoraproject.org Fri Aug 21 18:44:02 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Fri, 21 Aug 2009 14:44:02 -0400 Subject: smolt change request In-Reply-To: References: Message-ID: <20090821184402.GD3112@alpha.rzhou.org> On 2009-08-21 01:36:01 PM, Mike McGrath wrote: > I'd like to do the hotfix described here: > > https://fedorahosted.org/fedora-infrastructure/ticket/1622 > > Changes are already upstream. +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From tmz at pobox.com Fri Aug 21 21:51:23 2009 From: tmz at pobox.com (Todd Zullinger) Date: Fri, 21 Aug 2009 17:51:23 -0400 Subject: [PATCH/RFC] mailman: Use Mailman's Secure_MakeRandomPassword() for list passwords Message-ID: <20090821215123.GL4297@inocybe.localdomain> This should generate a bit stronger passwords than the previous code, which encoded the passwords as hex, limiting the characters in the password to the set [0-9a-f]. --- The mailman_server class is only included on collab[12] and hosted1, so it isn't actually affected by the current freeze policy. But I still wanted to float this by the list for comments and review. The current fedora-mailing-list-setup script creates a list password using: file('/dev/urandom', 'r').read(4).encode('hex') This seems to be a good bit weaker than it needs to be. Unless someone has better alternatives for creating decent list passwords, I suggest we take advantage of Mailman.Utils.Secure_MakeRandomPassword() from mailman. The Secure_MakeRandomPassword() code is in: /usr/lib/mailman/Mailman/Utils.py configs/mailman/fedora-mailing-list-setup | 2 +- modules/mailman/files/fedora-mailing-list-setup | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configs/mailman/fedora-mailing-list-setup b/configs/mailman/fedora-mailing-list-setup index 8ccdda7..80b2c58 100755 --- a/configs/mailman/fedora-mailing-list-setup +++ b/configs/mailman/fedora-mailing-list-setup @@ -62,7 +62,7 @@ def create_list(listname, owner_mail): host_name = mm_cfg.DEFAULT_EMAIL_HOST web_page_url = mm_cfg.DEFAULT_URL_PATTERN % urlhost - listpasswd = file('/dev/urandom', 'r').read(4).encode('hex') + listpasswd = Utils.Secure_MakeRandomPassword(mm_cfg.ADMIN_PASSWORD_LENGTH) mlist = MailList.MailList() try: diff --git a/modules/mailman/files/fedora-mailing-list-setup b/modules/mailman/files/fedora-mailing-list-setup index 7d5dcd3..bf10b81 100755 --- a/modules/mailman/files/fedora-mailing-list-setup +++ b/modules/mailman/files/fedora-mailing-list-setup @@ -62,7 +62,7 @@ def create_list(listname, owner_mail): host_name = mm_cfg.DEFAULT_EMAIL_HOST web_page_url = mm_cfg.DEFAULT_URL_PATTERN % urlhost - listpasswd = file('/dev/urandom', 'r').read(4).encode('hex') + listpasswd = Utils.Secure_MakeRandomPassword(mm_cfg.ADMIN_PASSWORD_LENGTH) mlist = MailList.MailList() try: -- 1.6.4 -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ We waste more time by 8:00 in the morning than other companies do all day. From mmcgrath at redhat.com Fri Aug 21 21:53:14 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 21 Aug 2009 16:53:14 -0500 (CDT) Subject: [PATCH/RFC] mailman: Use Mailman's Secure_MakeRandomPassword() for list passwords In-Reply-To: <20090821215123.GL4297@inocybe.localdomain> References: <20090821215123.GL4297@inocybe.localdomain> Message-ID: On Fri, 21 Aug 2009, Todd Zullinger wrote: > This should generate a bit stronger passwords than the previous code, > which encoded the passwords as hex, limiting the characters in the > password to the set [0-9a-f]. > --- > > The mailman_server class is only included on collab[12] and hosted1, > so it isn't actually affected by the current freeze policy. But I > still wanted to float this by the list for comments and review. > > The current fedora-mailing-list-setup script creates a list password > using: > > file('/dev/urandom', 'r').read(4).encode('hex') > > This seems to be a good bit weaker than it needs to be. Unless > someone has better alternatives for creating decent list passwords, I > suggest we take advantage of Mailman.Utils.Secure_MakeRandomPassword() > from mailman. The Secure_MakeRandomPassword() code is in: > > /usr/lib/mailman/Mailman/Utils.py > > configs/mailman/fedora-mailing-list-setup | 2 +- > modules/mailman/files/fedora-mailing-list-setup | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/configs/mailman/fedora-mailing-list-setup b/configs/mailman/fedora-mailing-list-setup > index 8ccdda7..80b2c58 100755 > --- a/configs/mailman/fedora-mailing-list-setup > +++ b/configs/mailman/fedora-mailing-list-setup > @@ -62,7 +62,7 @@ def create_list(listname, owner_mail): > host_name = mm_cfg.DEFAULT_EMAIL_HOST > web_page_url = mm_cfg.DEFAULT_URL_PATTERN % urlhost > > - listpasswd = file('/dev/urandom', 'r').read(4).encode('hex') > + listpasswd = Utils.Secure_MakeRandomPassword(mm_cfg.ADMIN_PASSWORD_LENGTH) > > mlist = MailList.MailList() > try: > diff --git a/modules/mailman/files/fedora-mailing-list-setup b/modules/mailman/files/fedora-mailing-list-setup > index 7d5dcd3..bf10b81 100755 > --- a/modules/mailman/files/fedora-mailing-list-setup > +++ b/modules/mailman/files/fedora-mailing-list-setup > @@ -62,7 +62,7 @@ def create_list(listname, owner_mail): > host_name = mm_cfg.DEFAULT_EMAIL_HOST > web_page_url = mm_cfg.DEFAULT_URL_PATTERN % urlhost > > - listpasswd = file('/dev/urandom', 'r').read(4).encode('hex') > + listpasswd = Utils.Secure_MakeRandomPassword(mm_cfg.ADMIN_PASSWORD_LENGTH) > > mlist = MailList.MailList() > try: > -- > 1.6.4 > I'm fine with this patch but I can't pretend I know that it's going to work, my mailman foo is pretty weak. But since the revert seems easy enough. +1 -Mike From tmz at pobox.com Fri Aug 21 21:59:45 2009 From: tmz at pobox.com (Todd Zullinger) Date: Fri, 21 Aug 2009 17:59:45 -0400 Subject: [PATCH/RFC] mailman: Use Mailman's Secure_MakeRandomPassword() for list passwords In-Reply-To: References: <20090821215123.GL4297@inocybe.localdomain> Message-ID: <20090821215945.GM4297@inocybe.localdomain> Mike McGrath wrote: > I'm fine with this patch but I can't pretend I know that it's going > to work, my mailman foo is pretty weak. But since the revert seems > easy enough. > > +1 Thanks. There are a few hosted requests with lists, so I'll apply it and use those to verify that it works. I might not get to those tonight though, so I'll hold off pushing this until I'm ready to test it, lest it does cause some unforeseen problem and I'm not around to fix it and take my drubbing. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nothing is so permanent as a temporary government program. -- Dr. Milton Friedman, Nobel-Prize-winning economist. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From ricky at fedoraproject.org Fri Aug 21 22:10:30 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Fri, 21 Aug 2009 18:10:30 -0400 Subject: [PATCH/RFC] mailman: Use Mailman's Secure_MakeRandomPassword() for list passwords In-Reply-To: <20090821215123.GL4297@inocybe.localdomain> References: <20090821215123.GL4297@inocybe.localdomain> Message-ID: <20090821221030.GA26248@alpha.rzhou.org> On 2009-08-21 05:51:23 PM, Todd Zullinger wrote: > This should generate a bit stronger passwords than the previous code, > which encoded the passwords as hex, limiting the characters in the > password to the set [0-9a-f]. > --- > > The mailman_server class is only included on collab[12] and hosted1, > so it isn't actually affected by the current freeze policy. But I > still wanted to float this by the list for comments and review. > > The current fedora-mailing-list-setup script creates a list password > using: > > file('/dev/urandom', 'r').read(4).encode('hex') > > This seems to be a good bit weaker than it needs to be. Unless > someone has better alternatives for creating decent list passwords, I > suggest we take advantage of Mailman.Utils.Secure_MakeRandomPassword() > from mailman. The Secure_MakeRandomPassword() code is in: > > /usr/lib/mailman/Mailman/Utils.py > > configs/mailman/fedora-mailing-list-setup | 2 +- > modules/mailman/files/fedora-mailing-list-setup | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/configs/mailman/fedora-mailing-list-setup b/configs/mailman/fedora-mailing-list-setup > index 8ccdda7..80b2c58 100755 > --- a/configs/mailman/fedora-mailing-list-setup > +++ b/configs/mailman/fedora-mailing-list-setup > @@ -62,7 +62,7 @@ def create_list(listname, owner_mail): > host_name = mm_cfg.DEFAULT_EMAIL_HOST > web_page_url = mm_cfg.DEFAULT_URL_PATTERN % urlhost > > - listpasswd = file('/dev/urandom', 'r').read(4).encode('hex') > + listpasswd = Utils.Secure_MakeRandomPassword(mm_cfg.ADMIN_PASSWORD_LENGTH) > > mlist = MailList.MailList() > try: > diff --git a/modules/mailman/files/fedora-mailing-list-setup b/modules/mailman/files/fedora-mailing-list-setup > index 7d5dcd3..bf10b81 100755 > --- a/modules/mailman/files/fedora-mailing-list-setup > +++ b/modules/mailman/files/fedora-mailing-list-setup > @@ -62,7 +62,7 @@ def create_list(listname, owner_mail): > host_name = mm_cfg.DEFAULT_EMAIL_HOST > web_page_url = mm_cfg.DEFAULT_URL_PATTERN % urlhost > > - listpasswd = file('/dev/urandom', 'r').read(4).encode('hex') > + listpasswd = Utils.Secure_MakeRandomPassword(mm_cfg.ADMIN_PASSWORD_LENGTH) > > mlist = MailList.MailList() > try: > -- > 1.6.4 +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From onekopaka at gmail.com Sat Aug 22 16:34:04 2009 From: onekopaka at gmail.com (Darren VanBuren) Date: Sat, 22 Aug 2009 09:34:04 -0700 Subject: changing tabs to spaces in pager.py Message-ID: <1821FA4B-C9D2-40CB-A94A-2F3DEE710F49@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I know that some of you dislike tabs, and when I was adding myself to pager.py, I found there were tabs in the HTML portion as opposed to spaces, and tmz pointed out that several other lines are indented with tabs. I know it's pretty standard for us to use spaces for indentation, but I wanted to check whether it's okay to change pager.py further than adding myself (which ricky approved of on IRC earlier today). Darren VanBuren onekopaka at gmail.com ==================== http://theoks.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkqQHf0ACgkQBkMMSWb0YpYD2ACgsHp6p8I/UWZ/vhalP2sH3X7i ScoAn3FFigmBenOfHzAZSsaFaePPAV+v =IV/9 -----END PGP SIGNATURE----- From mmcgrath at redhat.com Sat Aug 22 17:04:20 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 22 Aug 2009 12:04:20 -0500 (CDT) Subject: changing tabs to spaces in pager.py In-Reply-To: <1821FA4B-C9D2-40CB-A94A-2F3DEE710F49@gmail.com> References: <1821FA4B-C9D2-40CB-A94A-2F3DEE710F49@gmail.com> Message-ID: On Sat, 22 Aug 2009, Darren VanBuren wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I know that some of you dislike tabs, and when I was adding myself to > pager.py, I found there were tabs in the HTML portion as opposed to spaces, > and tmz pointed out that several other lines are indented with tabs. > > I know it's pretty standard for us to use spaces for indentation, but I wanted > to check whether it's okay to change pager.py further than adding myself > (which ricky approved of on IRC earlier today). > This is correct, although at the moment unwritten. We prefer 4 spaces to a tab character. Or as Seth says "Tabs are a lie". -Mike From onekopaka at gmail.com Sat Aug 22 17:06:51 2009 From: onekopaka at gmail.com (Darren VanBuren) Date: Sat, 22 Aug 2009 10:06:51 -0700 Subject: changing tabs to spaces in pager.py In-Reply-To: References: <1821FA4B-C9D2-40CB-A94A-2F3DEE710F49@gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 22, 2009, at 10:04 AM, Mike McGrath wrote: > On Sat, 22 Aug 2009, Darren VanBuren wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I know that some of you dislike tabs, and when I was adding myself to >> pager.py, I found there were tabs in the HTML portion as opposed to >> spaces, >> and tmz pointed out that several other lines are indented with tabs. >> >> I know it's pretty standard for us to use spaces for indentation, >> but I wanted >> to check whether it's okay to change pager.py further than adding >> myself >> (which ricky approved of on IRC earlier today). >> > > This is correct, although at the moment unwritten. We prefer 4 > spaces to > a tab character. Or as Seth says "Tabs are a lie". > > -Mike > So what's your opinion on me changing it? Darren VanBuren onekopaka at gmail.com ==================== http://theoks.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkqQJawACgkQBkMMSWb0YpYSJQCg4Ye64+aD7gHwsUWli2q9BCWR gg4AoJ1xFzGxF033bopaekxLcpPepj90 =euRS -----END PGP SIGNATURE----- From dennis at ausil.us Sat Aug 22 17:24:54 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Sat, 22 Aug 2009 12:24:54 -0500 Subject: changing tabs to spaces in pager.py Message-ID: My opinion is have at it. Fixing things is always welcome. If you can't commit a fix prepare a patch. Its a great way to be involved and start to help. Darren VanBuren wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > >On Aug 22, 2009, at 10:04 AM, Mike McGrath wrote: > >> On Sat, 22 Aug 2009, Darren VanBuren wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> I know that some of you dislike tabs, and when I was adding myself to >>> pager.py, I found there were tabs in the HTML portion as opposed to >>> spaces, >>> and tmz pointed out that several other lines are indented with tabs. >>> >>> I know it's pretty standard for us to use spaces for indentation, >>> but I wanted >>> to check whether it's okay to change pager.py further than adding >>> myself >>> (which ricky approved of on IRC earlier today). >>> >> >> This is correct, although at the moment unwritten. We prefer 4 >> spaces to >> a tab character. Or as Seth says "Tabs are a lie". >> >> -Mike >> >So what's your opinion on me changing it? > >Darren VanBuren >onekopaka at gmail.com >==================== >http://theoks.net/ >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.9 (Darwin) > >iEYEARECAAYFAkqQJawACgkQBkMMSWb0YpYSJQCg4Ye64+aD7gHwsUWli2q9BCWR >gg4AoJ1xFzGxF033bopaekxLcpPepj90 >=euRS >-----END PGP SIGNATURE----- > >_______________________________________________ >Fedora-infrastructure-list mailing list >Fedora-infrastructure-list at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list -- Dennis Gilmore From stickster at gmail.com Sat Aug 22 18:58:18 2009 From: stickster at gmail.com (Paul W. Frields) Date: Sat, 22 Aug 2009 14:58:18 -0400 Subject: CSI doc Message-ID: <20090822185818.GA14482@localhost.localdomain> Mike et al., I made a few updates to the CSI Security Policy document's incident response plan -- Most of them were non-substantive, just fixing or clarifying the language. Any eyeballs or reviews of the changes appreciated. If it looks OK, feel free to publish the update at the appropriate infrastructure.fp.o location. By the way, if anyone has a tip for how to get Publican to build a proper PDF from that document, I'd appreciate it. It's totally hosed on my Fedora 11 box, although I was able to build an HTML version and then print to PDF from that. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug From mmcgrath at redhat.com Sat Aug 22 21:59:17 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 22 Aug 2009 16:59:17 -0500 (CDT) Subject: CSI doc In-Reply-To: <20090822185818.GA14482@localhost.localdomain> References: <20090822185818.GA14482@localhost.localdomain> Message-ID: On Sat, 22 Aug 2009, Paul W. Frields wrote: > Mike et al., > > I made a few updates to the CSI Security Policy document's incident > response plan -- Most of them were non-substantive, just fixing or > clarifying the language. Any eyeballs or reviews of the changes > appreciated. If it looks OK, feel free to publish the update at the > appropriate infrastructure.fp.o location. > > By the way, if anyone has a tip for how to get Publican to build a > proper PDF from that document, I'd appreciate it. It's totally hosed > on my Fedora 11 box, although I was able to build an HTML version and > then print to PDF from that. > Yeah, the PDF making always seemed to only partially work to me. Not sure why, I'll take a look. -Mike From spedione at verizon.net Sun Aug 23 15:15:23 2009 From: spedione at verizon.net (Christopher Hultin) Date: Sun, 23 Aug 2009 11:15:23 -0400 Subject: Introduction Message-ID: Hello, my name is Chris. I'm skilled with HTML/XHTML and CSS. I am also CIW Certified. I have hosted my own website, and have a home server configured with Fedora 11. Thanks for reading this introduction! From mmcgrath at redhat.com Sun Aug 23 18:11:25 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 23 Aug 2009 13:11:25 -0500 (CDT) Subject: Introduction In-Reply-To: References: Message-ID: On Sun, 23 Aug 2009, Christopher Hultin wrote: > Hello, my name is Chris. I'm skilled with HTML/XHTML and CSS. I am also CIW > Certified. I have hosted my own website, and have a home server configured > with Fedora 11. Thanks for reading this introduction! > Welcome Chris! We have weekly meetings on Thursday at 20:00 UTC. See http://fedoraproject.org/wiki/Infrastructure/Meetings for more information. Otherwise you can catch us on #fedora-admin on irc.freenode.net -Mike From spedione at verizon.net Sun Aug 23 20:43:46 2009 From: spedione at verizon.net (Christopher Hultin) Date: Sun, 23 Aug 2009 16:43:46 -0400 Subject: Introduction In-Reply-To: References: Message-ID: <0ECDE254-DB7E-4A49-8280-B3F9D9F515C2@verizon.net> Thanks for telling me that. I'll check that out right now. And that gives me a reason to get on Colloquy again. On Aug 23, 2009, at 2:11 PM, Mike McGrath wrote: > On Sun, 23 Aug 2009, Christopher Hultin wrote: > >> Hello, my name is Chris. I'm skilled with HTML/XHTML and CSS. I >> am also CIW >> Certified. I have hosted my own website, and have a home server >> configured >> with Fedora 11. Thanks for reading this introduction! >> > > Welcome Chris! We have weekly meetings on Thursday at 20:00 UTC. See > http://fedoraproject.org/wiki/Infrastructure/Meetings for more > information. Otherwise you can catch us on #fedora-admin on > irc.freenode.net > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From Matt_Domsch at dell.com Sun Aug 23 20:50:06 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Sun, 23 Aug 2009 15:50:06 -0500 Subject: IPv6 for Fedora services? In-Reply-To: <4A895994.2020701@pobox.com> References: <4A895994.2020701@pobox.com> Message-ID: <20090823205006.GA19019@auslistsprd01.us.dell.com> On Mon, Aug 17, 2009 at 09:22:28AM -0400, Jeff Garzik wrote: > > Is there any IPv6 plan for *.fedoraproject.org ? I filed a ticket: https://fedorahosted.org/fedora-infrastructure/ticket/1623 and the related wiki page: https://fedoraproject.org/wiki/Infrastructure/IPv6 to get started on this. It would really help to get info from our kind hosting providers (PHX, tummy, telia, ibiblio, BU, serverbeach, others?) to know exactly what IPv6 capability is already present and how to get address assignments for our use there. My thought is this. MirrorManager is the most interesting service we offer that would make direct use of an IPv6 address (to do netblock lookups). As was noted in the now-closed ticket https://fedorahosted.org/fedora-infrastructure/ticket/1057 we will have to enable (some of?) our proxy servers to serve over IPv6, as that is where mirrors.fp.o and download.fp.o resolve. We could set up a publictest proxy instance in one of the colos with native IPv6 already, one that matches the existing proxy there, but which also serves IPv6. We create a mirrors-ipv6.fedoraproject.org AAA record which points at that proxy, and use that to test out the rest of the infrastructur (which remains serving IPv4 unchanged). This would give me a chance to work out any bugs in MM which I'm sure exist (at the very least, python-pydns doesn't do AAAA-record lookups and will need fixing). The automatic Internet2 detection will need some help too, as right now the BGP tables I'm pulling from http://syslog.abilene.ucaid.edu/bgp/WASH/RIBS/ is only listing IPv4 addresses. As for serving other content, if it's fronted by the proxy servers (e.g. web content), then it should naturally start working via the IPv6-enabled proxys. Testing will prove that out. For non-web content (git, cvs, ssh?), I believe this is mostly hosted in PHX, which at this point we don't believe has native IPv6. How can we go about requesting such in the colo? I presume this is something that Red Hat IS would have to ask for on our behalf. I'd much rather try to get native going, instead of dealing with 6to4 (the nearest 6to4 server is 10 hops and 60+ms away) or tunnels. fedorapeople is at BU, which has some native IPv6 capability, but it's not clear they use it: http://www.mrp.net/IPv6_Survey.html As for DNS servers (serving DNS over IPv6), we have: ns1 is at serverbeach. ns2 is at ibiblio. We'll need to know their native IPv6 capability before proceeding there. This is less critical, as most users are still doing their DNS lookups to an IPv4 DNS server at their ISP. But it would be nice. So, that's my thoughts. I'd love to hear yours. -Matt -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From me at davidjmemmett.co.uk Sun Aug 23 22:59:20 2009 From: me at davidjmemmett.co.uk (David JM Emmett) Date: Sun, 23 Aug 2009 23:59:20 +0100 Subject: IPv6 for Fedora services? In-Reply-To: <20090823205006.GA19019@auslistsprd01.us.dell.com> References: <4A895994.2020701@pobox.com> <20090823205006.GA19019@auslistsprd01.us.dell.com> Message-ID: A rather large ballache would also be ip6tables - I saw no mention in your post - thought I'd throw it out there also. -- Cheers, David JM Emmett Sent from my iPhone On 23 Aug 2009, at 21:50, Matt Domsch wrote: > On Mon, Aug 17, 2009 at 09:22:28AM -0400, Jeff Garzik wrote: >> >> Is there any IPv6 plan for *.fedoraproject.org ? > > I filed a ticket: > https://fedorahosted.org/fedora-infrastructure/ticket/1623 > and the related wiki page: > https://fedoraproject.org/wiki/Infrastructure/IPv6 > > to get started on this. > > It would really help to get info from our kind hosting providers (PHX, > tummy, telia, ibiblio, BU, serverbeach, others?) to know exactly what > IPv6 capability is already present and how to get address assignments > for our use there. > > My thought is this. MirrorManager is the most interesting service we > offer that would make direct use of an IPv6 address (to do netblock > lookups). As was noted in the now-closed ticket > https://fedorahosted.org/fedora-infrastructure/ticket/1057 > we will have to enable (some of?) our proxy servers to serve over > IPv6, as that is where mirrors.fp.o and download.fp.o resolve. We > could set up a publictest proxy instance in one of the colos with > native IPv6 already, one that matches the existing proxy there, but > which also serves IPv6. We create a mirrors-ipv6.fedoraproject.org > AAA record which points at that proxy, and use that to test out the > rest of the infrastructur (which remains serving IPv4 unchanged). > This would give me a chance to work out any bugs in MM which I'm sure > exist (at the very least, python-pydns doesn't do AAAA-record lookups > and will need fixing). > > The automatic Internet2 detection will need some help too, as right > now the BGP tables I'm pulling from > http://syslog.abilene.ucaid.edu/bgp/WASH/RIBS/ > is only listing IPv4 addresses. > > > As for serving other content, if it's fronted by the proxy servers > (e.g. web content), then it should naturally start working via the > IPv6-enabled proxys. Testing will prove that out. > > For non-web content (git, cvs, ssh?), I believe this is mostly hosted > in PHX, which at this point we don't believe has native IPv6. How can > we go about requesting such in the colo? I presume this is something > that Red Hat IS would have to ask for on our behalf. I'd much rather > try to get native going, instead of dealing with 6to4 (the nearest > 6to4 server is 10 hops and 60+ms away) or tunnels. > > fedorapeople is at BU, which has some native IPv6 capability, but it's > not clear they use it: > http://www.mrp.net/IPv6_Survey.html > > As for DNS servers (serving DNS over IPv6), we have: > ns1 is at serverbeach. > ns2 is at ibiblio. > > We'll need to know their native IPv6 capability before proceeding > there. This is less critical, as most users are still doing their DNS > lookups to an IPv4 DNS server at their ISP. But it would be nice. > > So, that's my thoughts. I'd love to hear yours. > -Matt > > -- > Matt Domsch > Technology Strategist, Dell Office of the CTO > linux.dell.com & www.dell.com/linux > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From jgarzik at pobox.com Mon Aug 24 01:47:39 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Sun, 23 Aug 2009 21:47:39 -0400 Subject: IPv6 for Fedora services? In-Reply-To: References: <4A895994.2020701@pobox.com> <20090823205006.GA19019@auslistsprd01.us.dell.com> Message-ID: <4A91F13B.30904@pobox.com> On 08/23/2009 06:59 PM, David JM Emmett wrote: > A rather large ballache would also be ip6tables - I saw no mention in > your post - thought I'd throw it out there also. Are you saying that IPv4 rules would need IPv6 counterparts, or something more? Jeff From jgarzik at pobox.com Mon Aug 24 02:21:08 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Sun, 23 Aug 2009 22:21:08 -0400 Subject: IPv6 for Fedora services? In-Reply-To: <20090823205006.GA19019@auslistsprd01.us.dell.com> References: <4A895994.2020701@pobox.com> <20090823205006.GA19019@auslistsprd01.us.dell.com> Message-ID: <4A91F914.1030006@pobox.com> On 08/23/2009 04:50 PM, Matt Domsch wrote: > The automatic Internet2 detection will need some help too, as right > now the BGP tables I'm pulling from > http://syslog.abilene.ucaid.edu/bgp/WASH/RIBS/ > is only listing IPv4 addresses. neat :) didn't know about this. > As for serving other content, if it's fronted by the proxy servers > (e.g. web content), then it should naturally start working via the > IPv6-enabled proxys. Testing will prove that out. Yep. Though I would prioritize A+AAAA web setups below other tasks, since web content has the greatest possibility of meeting a misconfigured user, who cannot figure out what went wrong. > For non-web content (git, cvs, ssh?), I believe this is mostly hosted > in PHX, which at this point we don't believe has native IPv6. How can > we go about requesting such in the colo? I presume this is something > that Red Hat IS would have to ask for on our behalf. I'd much rather > try to get native going, instead of dealing with 6to4 (the nearest > 6to4 server is 10 hops and 60+ms away) or tunnels. Agreed... unless native IPv6 is estimated to be years away. Internal pushing at RH has yielded very little result... > fedorapeople is at BU, which has some native IPv6 capability, but it's > not clear they use it: > http://www.mrp.net/IPv6_Survey.html > > As for DNS servers (serving DNS over IPv6), we have: > ns1 is at serverbeach. Best googled estimates are "probably by the end of 2009" > ns2 is at ibiblio. That's the good news. ibiblio has been experimenting with IPv6 for years: http://theclassicalstation.org/press/2004_ipv6.shtml Also, another DNS issue: getting AAAA glue records served by the .org registrar. > We'll need to know their native IPv6 capability before proceeding > there. This is less critical, as most users are still doing their DNS > lookups to an IPv4 DNS server at their ISP. But it would be nice. Technically this is true... but it is also true that most users are still doing IPv4 ;) I tend to look at DNS as a "sooner rather than later" hurdle, because that is the first link necessary to construct an all-IPv6 path to the destination servers. Jeff From me at davidjmemmett.co.uk Mon Aug 24 05:17:44 2009 From: me at davidjmemmett.co.uk (David JM Emmett) Date: Mon, 24 Aug 2009 06:17:44 +0100 Subject: IPv6 for Fedora services? In-Reply-To: <4A91F13B.30904@pobox.com> References: <4A895994.2020701@pobox.com> <20090823205006.GA19019@auslistsprd01.us.dell.com> <4A91F13B.30904@pobox.com> Message-ID: <9E287688-AAF9-464B-9A19-E5AD51FC33AE@davidjmemmett.co.uk> That is why ip6tables exists ;) Mind you puppet will make things significantly easier, do you also have hardware firewalls/a NAT setup? -- Cheers, David JM Emmett Sent from my iPhone On 24 Aug 2009, at 02:47, Jeff Garzik wrote: > On 08/23/2009 06:59 PM, David JM Emmett wrote: >> A rather large ballache would also be ip6tables - I saw no mention in >> your post - thought I'd throw it out there also. > > Are you saying that IPv4 rules would need IPv6 counterparts, or > something more? > > Jeff > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From jgarzik at pobox.com Mon Aug 24 05:40:52 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Mon, 24 Aug 2009 01:40:52 -0400 Subject: IPv6 for Fedora services? In-Reply-To: <9E287688-AAF9-464B-9A19-E5AD51FC33AE@davidjmemmett.co.uk> References: <4A895994.2020701@pobox.com> <20090823205006.GA19019@auslistsprd01.us.dell.com> <4A91F13B.30904@pobox.com> <9E287688-AAF9-464B-9A19-E5AD51FC33AE@davidjmemmett.co.uk> Message-ID: <4A9227E4.4020206@pobox.com> On 08/24/2009 01:17 AM, David JM Emmett wrote: > On 24 Aug 2009, at 02:47, Jeff Garzik wrote: > >> On 08/23/2009 06:59 PM, David JM Emmett wrote: >>> A rather large ballache would also be ip6tables - I saw no mention in >>> your post - thought I'd throw it out there also. >> >> Are you saying that IPv4 rules would need IPv6 counterparts, or something more? > That is why ip6tables exists ;) Yes; I would hope that a Linux kernel developer who has worked extensively in network (me) and the entire infrastructure team knows this. Was trying to determine if your point is simply "remember ipv6 rules," or something more detailed and explicit... Regards, Jeff P.S. Please don't top-post. From me at davidjmemmett.co.uk Mon Aug 24 06:10:27 2009 From: me at davidjmemmett.co.uk (David JM Emmett) Date: Mon, 24 Aug 2009 07:10:27 +0100 Subject: IPv6 for Fedora services? In-Reply-To: <4A9227E4.4020206@pobox.com> References: <4A895994.2020701@pobox.com> <20090823205006.GA19019@auslistsprd01.us.dell.com> <4A91F13B.30904@pobox.com> <9E287688-AAF9-464B-9A19-E5AD51FC33AE@davidjmemmett.co.uk> <4A9227E4.4020206@pobox.com> Message-ID: <4B69D723-DAF4-4EE3-9492-C476EA05EB51@davidjmemmett.co.uk> On 24 Aug 2009, at 06:40, Jeff Garzik wrote: > On 08/24/2009 01:17 AM, David JM Emmett wrote: >> On 24 Aug 2009, at 02:47, Jeff Garzik wrote: >> >>> On 08/23/2009 06:59 PM, David JM Emmett wrote: >>>> A rather large ballache would also be ip6tables - I saw no >>>> mention in >>>> your post - thought I'd throw it out there also. >>> >>> Are you saying that IPv4 rules would need IPv6 counterparts, or >>> something more? > >> That is why ip6tables exists ;) > > Yes; I would hope that a Linux kernel developer who has worked > extensively in network (me) and the entire infrastructure team knows > this. > > Was trying to determine if your point is simply "remember ipv6 > rules," or something more detailed and explicit... > > Regards, > > Jeff > > > P.S. Please don't top-post. > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list Nothing more than an attempt to be slightly useful... withdraws self from conversation... -- Cheers, David JM Emmett Sent from my iPhone From bochecha at fedoraproject.org Mon Aug 24 09:32:08 2009 From: bochecha at fedoraproject.org (Mathieu Bridon (bochecha)) Date: Mon, 24 Aug 2009 11:32:08 +0200 Subject: Joining the Fedora Infrastructure team Message-ID: <2d319b780908240232v79f8f0e9m673a6078e127a268@mail.gmail.com> Hi, I'd like to join the Infrastructure team, so here is my introduction. I'm a junior system engineer. I have a short (one year) experience managing RHEL (2.1 to 5, yes we still have 2.1 in production :'( ) web servers running J2EE applications with Apache/JOnAS (please, don't ask me the versions of those two, you might have nightmares ^^'). I'm also getting familiar with TurboGears web applications as I'm developing one myself. [1] Finally, for the skills that might be of interest to the Infrastructure team, I'm a Fedora package maintainer. [2] My motivation for joining the Infrastructure team is that I feel like I can help, even if only a little, and I'm sure I can learn a lot from this (and I love learning :) I'll try to be around this thursday for the IRC meeting. Let me know if there's something I can do in the meantime. Best regards, [1] https://fedorahosted.org/shomyu/ [2] https://admin.fedoraproject.org/pkgdb/users/packages/bochecha ---------- Mathieu Bridon (bochecha) From stickster at gmail.com Mon Aug 24 12:57:49 2009 From: stickster at gmail.com (Paul W. Frields) Date: Mon, 24 Aug 2009 08:57:49 -0400 Subject: CSI doc In-Reply-To: References: <20090822185818.GA14482@localhost.localdomain> Message-ID: <20090824125749.GH3497@localhost.localdomain> On Sat, Aug 22, 2009 at 04:59:17PM -0500, Mike McGrath wrote: > On Sat, 22 Aug 2009, Paul W. Frields wrote: > > > Mike et al., > > > > I made a few updates to the CSI Security Policy document's incident > > response plan -- Most of them were non-substantive, just fixing or > > clarifying the language. Any eyeballs or reviews of the changes > > appreciated. If it looks OK, feel free to publish the update at the > > appropriate infrastructure.fp.o location. > > > > By the way, if anyone has a tip for how to get Publican to build a > > proper PDF from that document, I'd appreciate it. It's totally hosed > > on my Fedora 11 box, although I was able to build an HTML version and > > then print to PDF from that. > > > > Yeah, the PDF making always seemed to only partially work to me. Not sure > why, I'll take a look. There's some sort of FOP error happening: http://fpaste.org/6CLq/ Related to tables? The error seems to say there's a column overspill but I can't seem to find it in the source. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug From stickster at gmail.com Mon Aug 24 13:00:07 2009 From: stickster at gmail.com (Paul W. Frields) Date: Mon, 24 Aug 2009 09:00:07 -0400 Subject: Joining the Fedora Infrastructure team In-Reply-To: <2d319b780908240232v79f8f0e9m673a6078e127a268@mail.gmail.com> References: <2d319b780908240232v79f8f0e9m673a6078e127a268@mail.gmail.com> Message-ID: <20090824130007.GI3497@localhost.localdomain> On Mon, Aug 24, 2009 at 11:32:08AM +0200, Mathieu Bridon (bochecha) wrote: > Hi, > > I'd like to join the Infrastructure team, so here is my introduction. > > I'm a junior system engineer. I have a short (one year) experience > managing RHEL (2.1 to 5, yes we still have 2.1 in production :'( ) web > servers running J2EE applications with Apache/JOnAS (please, don't ask > me the versions of those two, you might have nightmares ^^'). > > I'm also getting familiar with TurboGears web applications as I'm > developing one myself. [1] > > Finally, for the skills that might be of interest to the > Infrastructure team, I'm a Fedora package maintainer. [2] > > My motivation for joining the Infrastructure team is that I feel like > I can help, even if only a little, and I'm sure I can learn a lot from > this (and I love learning :) > > I'll try to be around this thursday for the IRC meeting. Let me know > if there's something I can do in the meantime. > > Best regards, > > > [1] https://fedorahosted.org/shomyu/ > [2] https://admin.fedoraproject.org/pkgdb/users/packages/bochecha It's nice to see another friendly face from the FUDCon in Berlin stepping in to offer time and energy to Infrastructure. Welcome, Mathieu! I'm sure Mike will tell you the same thing, but everyone here hangs out in #fedora-admin and there are regular meetings Thursday at 2000 UTC. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug From dennis at ausil.us Mon Aug 24 16:32:58 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Mon, 24 Aug 2009 11:32:58 -0500 Subject: [Change Request] koji theming Message-ID: <200908241133.02709.dennis@ausil.us> Id like to update the koji theming i need to install the rpms from http://koji.fedoraproject.org/koji/taskinfo?taskID=1629426 and apply a small hotfix to kojiweb https://fedorahosted.org/fedora-infrastructure/ticket/1628 the impact is minimal and easily reversed. all changes are upstream. Ill be publishing the hg repos on fedorapeople later today for the theming rpms. can i get 2 +1's please -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From mmcgrath at redhat.com Mon Aug 24 16:34:04 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 24 Aug 2009 11:34:04 -0500 (CDT) Subject: [Change Request] koji theming In-Reply-To: <200908241133.02709.dennis@ausil.us> References: <200908241133.02709.dennis@ausil.us> Message-ID: On Mon, 24 Aug 2009, Dennis Gilmore wrote: > Id like to update the koji theming > i need to install the rpms from > http://koji.fedoraproject.org/koji/taskinfo?taskID=1629426 and apply a small > hotfix to kojiweb https://fedorahosted.org/fedora-infrastructure/ticket/1628 > > the impact is minimal and easily reversed. all changes are upstream. Ill be > publishing the hg repos on fedorapeople later today for the theming rpms. > > can i get 2 +1's please > +1 -Mike From laxathom at fedoraproject.org Mon Aug 24 16:35:39 2009 From: laxathom at fedoraproject.org (Xavier Lamien) Date: Mon, 24 Aug 2009 18:35:39 +0200 Subject: [Change Request] koji theming In-Reply-To: <200908241133.02709.dennis@ausil.us> References: <200908241133.02709.dennis@ausil.us> Message-ID: <62bc09df0908240935j2edda39etd6ccef7b378d9d33@mail.gmail.com> On Mon, Aug 24, 2009 at 6:32 PM, Dennis Gilmore wrote: > Id like to update the koji theming > i need to install the rpms from > http://koji.fedoraproject.org/koji/taskinfo?taskID=1629426 and apply a small > hotfix to kojiweb https://fedorahosted.org/fedora-infrastructure/ticket/1628 > > the impact is minimal and easily reversed. ?all changes are upstream. ?Ill be > publishing the hg repos on fedorapeople later today for the theming rpms. > > can i get 2 +1's please > > +1 -- Xavier.t Lamien -- http://fedoraproject.org/wiki/XavierLamien GPG-Key ID: F3903DEB Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB From timg at codero.com Mon Aug 24 18:07:27 2009 From: timg at codero.com (timg at codero.com) Date: Mon, 24 Aug 2009 13:07:27 -0500 Subject: Infrastructure Introduction Message-ID: <1251137247.14224.15.camel@timg-desktop> Hello, I previously worked with the Fedora Infrastructure group a year or two ago, unfortunately life prevailed and I was unable to help out much. At this time things have changed and I feel that I now have the time to help contribute to the project. I currently work as a Systems Administrator, and helped develop, implement, and maintain a large managed server environment (100+ servers - CentOS based), which range from standard one server web sites, to load balancing and MySQL/DRBD clusters. I am interested in re-joining the sysadmin tools and noc FIG's and previously had sponsorship by Mike McGrath and Matt Domsch. If you would like any additional information about my current skill set please feel free to email me. Thank you for your time, see you in IRC. From tkskdl2002 at gmail.com Mon Aug 24 18:08:55 2009 From: tkskdl2002 at gmail.com (Noah Lee) Date: Mon, 24 Aug 2009 14:08:55 -0400 Subject: Infrastructure Introduction In-Reply-To: <1251137247.14224.15.camel@timg-desktop> References: <1251137247.14224.15.camel@timg-desktop> Message-ID: On Mon, Aug 24, 2009 at 2:07 PM, timg at codero.com wrote: > Hello, > > I previously worked with the Fedora Infrastructure group a year or two > ago, unfortunately life prevailed and I was unable to help out much. At > this time things have changed and I feel that I now have the time to > help contribute to the project. > > I currently work as a Systems Administrator, and helped develop, > implement, and maintain a large managed server environment (100+ servers > - CentOS based), which range from standard one server web sites, to load > balancing and MySQL/DRBD clusters. > > I am interested in re-joining the sysadmin tools and noc FIG's and > previously had sponsorship by Mike McGrath and Matt Domsch. If you would > like any additional information about my current skill set please feel > free to email me. Thank you for your time, see you in IRC. > > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: From a.badger at gmail.com Mon Aug 24 18:21:10 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Mon, 24 Aug 2009 11:21:10 -0700 Subject: Joining the Fedora Infrastructure team In-Reply-To: <2d319b780908240232v79f8f0e9m673a6078e127a268@mail.gmail.com> References: <2d319b780908240232v79f8f0e9m673a6078e127a268@mail.gmail.com> Message-ID: <4A92DA16.4040305@gmail.com> On 08/24/2009 02:32 AM, Mathieu Bridon (bochecha) wrote: > Hi, > > I'd like to join the Infrastructure team, so here is my introduction. > > I'm a junior system engineer. I have a short (one year) experience > managing RHEL (2.1 to 5, yes we still have 2.1 in production :'( ) web > servers running J2EE applications with Apache/JOnAS (please, don't ask > me the versions of those two, you might have nightmares ^^'). > > I'm also getting familiar with TurboGears web applications as I'm > developing one myself. [1] > > Finally, for the skills that might be of interest to the > Infrastructure team, I'm a Fedora package maintainer. [2] > > My motivation for joining the Infrastructure team is that I feel like > I can help, even if only a little, and I'm sure I can learn a lot from > this (and I love learning :) > > I'll try to be around this thursday for the IRC meeting. Let me know > if there's something I can do in the meantime. > Hi bochecha! It seems like you can fit right in either working on the system admin or the development side of Fedora Infrastructure. If you need anything or want to find a project to start working on we do most of our communication in #fedora-admin. mmcgrath, smooge, and ricky can help you if you'd like to work on some system admin tasks. ricky and I are good resources for getting started on development tasks. The Infrastructure Orientation page is a good place to start looking for things to do: https://fedoraproject.org/wiki/Orientation_Infrastructure_SOP For more development oriented things, I can help you get started hacking on pkgdb or another project. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From Matt_Domsch at Dell.com Mon Aug 24 18:28:00 2009 From: Matt_Domsch at Dell.com (Matt_Domsch at Dell.com) Date: Mon, 24 Aug 2009 13:28:00 -0500 Subject: Infrastructure Introduction In-Reply-To: <1251137247.14224.15.camel@timg-desktop> References: <1251137247.14224.15.camel@timg-desktop> Message-ID: Welcome back. Funny how life interferes with fun sometimes. :-) -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux -----Original Message----- From: fedora-infrastructure-list-bounces at redhat.com [mailto:fedora-infrastructure-list-bounces at redhat.com] On Behalf Of timg at codero.com Sent: Monday, August 24, 2009 1:07 PM To: fedora-infrastructure-list at redhat.com Subject: Infrastructure Introduction Hello, I previously worked with the Fedora Infrastructure group a year or two ago, unfortunately life prevailed and I was unable to help out much. At this time things have changed and I feel that I now have the time to help contribute to the project. I currently work as a Systems Administrator, and helped develop, implement, and maintain a large managed server environment (100+ servers - CentOS based), which range from standard one server web sites, to load balancing and MySQL/DRBD clusters. I am interested in re-joining the sysadmin tools and noc FIG's and previously had sponsorship by Mike McGrath and Matt Domsch. If you would like any additional information about my current skill set please feel free to email me. Thank you for your time, see you in IRC. _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list at redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From timg at codero.com Mon Aug 24 18:35:17 2009 From: timg at codero.com (timg at codero.com) Date: Mon, 24 Aug 2009 13:35:17 -0500 Subject: Infrastructure Introduction In-Reply-To: References: <1251137247.14224.15.camel@timg-desktop> Message-ID: <1251138917.14224.19.camel@timg-desktop> Matt, I totally agree! Unfortunately its not always as easy as :%s/life/fun/g On Mon, 2009-08-24 at 13:28 -0500, Matt_Domsch at Dell.com wrote: > Welcome back. Funny how life interferes with fun sometimes. :-) > > -- > Matt Domsch > Technology Strategist, Dell Office of the CTO > linux.dell.com & www.dell.com/linux > > > -----Original Message----- > From: fedora-infrastructure-list-bounces at redhat.com > [mailto:fedora-infrastructure-list-bounces at redhat.com] On Behalf Of > timg at codero.com > Sent: Monday, August 24, 2009 1:07 PM > To: fedora-infrastructure-list at redhat.com > Subject: Infrastructure Introduction > > Hello, > > I previously worked with the Fedora Infrastructure group a year or two > ago, unfortunately life prevailed and I was unable to help out much. At > this time things have changed and I feel that I now have the time to > help contribute to the project. > > I currently work as a Systems Administrator, and helped develop, > implement, and maintain a large managed server environment (100+ servers > - CentOS based), which range from standard one server web sites, to load > balancing and MySQL/DRBD clusters. > > I am interested in re-joining the sysadmin tools and noc FIG's and > previously had sponsorship by Mike McGrath and Matt Domsch. If you would > like any additional information about my current skill set please feel > free to email me. Thank you for your time, see you in IRC. > > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From johnp at redhat.com Mon Aug 24 18:41:34 2009 From: johnp at redhat.com (John Palmieri) Date: Mon, 24 Aug 2009 14:41:34 -0400 (EDT) Subject: RfR: Two AMQP Brokers for Infrastructure and Fedora Community In-Reply-To: <1182988148.178761251138446274.JavaMail.root@zmail04.collab.prod.int.phx2.redhat.com> Message-ID: <1077105853.180411251139294272.JavaMail.root@zmail04.collab.prod.int.phx2.redhat.com> Hey guys, I just filed an Request for Resources ticket to get our AMQP infrastructure started. https://fedorahosted.org/fedora-infrastructure/ticket/1629 For those who haven't been following the messaging sig, AMQP brokers are messaging services which will allow us to go beyond our current e-mail notification system by standardizing on a single software parsable notification format and routing system. The reason we need more than one broker is for security reasons. The main broker will only take events from internal infrastructure relay them to other brokers in different security domains. Clients will only be able to attach to these relays via various authentication mechanisms (FAS or in the case of the FComm broker, web browser domain security). If they act up we can always cut them without interrupting other channels. The full writeup is on the messaging sig wiki - https://fedoraproject.org/wiki/Messaging_SIG -- John (J5) Palmieri Software Engineer Red Hat, Inc. From mmcgrath at redhat.com Mon Aug 24 18:43:01 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 24 Aug 2009 13:43:01 -0500 (CDT) Subject: Infrastructure Introduction In-Reply-To: <1251137247.14224.15.camel@timg-desktop> References: <1251137247.14224.15.camel@timg-desktop> Message-ID: On Mon, 24 Aug 2009, timg at codero.com wrote: > Hello, > > I previously worked with the Fedora Infrastructure group a year or two > ago, unfortunately life prevailed and I was unable to help out much. At > this time things have changed and I feel that I now have the time to > help contribute to the project. > > I currently work as a Systems Administrator, and helped develop, > implement, and maintain a large managed server environment (100+ servers > - CentOS based), which range from standard one server web sites, to load > balancing and MySQL/DRBD clusters. > > I am interested in re-joining the sysadmin tools and noc FIG's and > previously had sponsorship by Mike McGrath and Matt Domsch. If you would > like any additional information about my current skill set please feel > free to email me. Thank you for your time, see you in IRC. > Welcome back. I just said hey to you on IRC. If you have time please do come to the meeting this week on Thursday at 20:00 UTC. -Mike From timg at codero.com Mon Aug 24 18:44:30 2009 From: timg at codero.com (timg at codero.com) Date: Mon, 24 Aug 2009 13:44:30 -0500 Subject: Joining the Fedora Infrastructure team In-Reply-To: <4A92DA16.4040305@gmail.com> References: <2d319b780908240232v79f8f0e9m673a6078e127a268@mail.gmail.com> <4A92DA16.4040305@gmail.com> Message-ID: <1251139470.14224.23.camel@timg-desktop> Toshio, Thanks, I am reading over the SOP's right now to re-fresh my memory. Just pulled down the git clone to check it out and update myself on the infrastructure itself. As far as projects, I am pretty open to anything however enjoy more of the system admin site vs. programming although I am pretty fluent in bash. If you have any projects by all means let me know and Ill take a look to see if I can be of any assistance, and possibly learn something new :) On Mon, 2009-08-24 at 11:21 -0700, Toshio Kuratomi wrote: > On 08/24/2009 02:32 AM, Mathieu Bridon (bochecha) wrote: > > Hi, > > > > I'd like to join the Infrastructure team, so here is my introduction. > > > > I'm a junior system engineer. I have a short (one year) experience > > managing RHEL (2.1 to 5, yes we still have 2.1 in production :'( ) web > > servers running J2EE applications with Apache/JOnAS (please, don't ask > > me the versions of those two, you might have nightmares ^^'). > > > > I'm also getting familiar with TurboGears web applications as I'm > > developing one myself. [1] > > > > Finally, for the skills that might be of interest to the > > Infrastructure team, I'm a Fedora package maintainer. [2] > > > > My motivation for joining the Infrastructure team is that I feel like > > I can help, even if only a little, and I'm sure I can learn a lot from > > this (and I love learning :) > > > > I'll try to be around this thursday for the IRC meeting. Let me know > > if there's something I can do in the meantime. > > > Hi bochecha! > > It seems like you can fit right in either working on the system admin or > the development side of Fedora Infrastructure. If you need anything or > want to find a project to start working on we do most of our > communication in #fedora-admin. mmcgrath, smooge, and ricky can help > you if you'd like to work on some system admin tasks. ricky and I are > good resources for getting started on development tasks. > > The Infrastructure Orientation page is a good place to start looking for > things to do: > > https://fedoraproject.org/wiki/Orientation_Infrastructure_SOP > > For more development oriented things, I can help you get started hacking > on pkgdb or another project. > -Toshio > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From terrance.hutchinson at gmail.com Mon Aug 24 19:43:01 2009 From: terrance.hutchinson at gmail.com (Terrance Hutchinson) Date: Mon, 24 Aug 2009 13:43:01 -0600 Subject: Joining the Fedora Infrstructure team Message-ID: <90460ac00908241243x47bb8d39l4033c1a9f1e7712c@mail.gmail.com> Hi, I am highly interested in joining the Fedora Infrastructure team. I am a Systems Integration Engineer/Software Developer for Hewlett-Packard NAS products. I use Fedora as my workstation OS and I am the team linux guru. I am skilled in HTML/CSS/JavaScript as well as Perl, Python and TCL/Tk. I am fluent in the C/C++ and java programming languages. I deal with many storage based protocols such as iSCSI, NFS and CIFS constantly. This could range from performance issues to full on bug-hunts. I also know clustering and different linux virtualization platforms. If you need to know more or if there is more I need to do please let me know as I would love to be part of the team. Terrance -------------- next part -------------- An HTML attachment was scrubbed... URL: From terrance.hutchinson at gmail.com Mon Aug 24 22:00:30 2009 From: terrance.hutchinson at gmail.com (Terrance Hutchinson) Date: Mon, 24 Aug 2009 16:00:30 -0600 Subject: Infrastructure Introduction Message-ID: <90460ac00908241500m3b31b830p438ff67c646b36e0@mail.gmail.com> Hi, I am highly interested in joining the Fedora Infrastructure team. I am a Systems Integration Engineer/Software Developer for Hewlett-Packard in the NAS/SAN division. I have been here for about 1 year and before that was IT administrator for my schools Engineering department. I was in charge of maintaining all of the EDA servers as well as Linux workstations (100+). At my job now I deal with a lot of storage, manipulating, optimizing storage for various types of Application Servers.I use Fedora as my workstation OS and I am the team linux guru. I am skilled in HTML/CSS/JavaScript as well as Perl, Python and TCL/Tk. I am fluent in the C/C++ and java programming languages.This could range from performance issues to full on bug-hunts. I also manage our RHEL vritualization clusters for client testing. Another part of my job is to create rpm's and source tarballs for the various software and utilities we use. I have experience in package management and I working on becoming a package maintainer in Fedora. I have access to about 3 servers that I can use for development, two are loaded up to be virtual app servers and one is File Server (iSCSI and NFS). I am also a Fedora Ambassador for my area. If you need to know more or if there is more I need to do please let me know as I would love to be part of the team. Thanks for taking the time to read this email. I look forward to working with such an awesome group of people. Hutchint -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Mon Aug 24 22:08:37 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 24 Aug 2009 17:08:37 -0500 Subject: [PATCH] Temporary setting for galgoci Message-ID: <1251151717-28286-1-git-send-email-mmcgrath@redhat.com> --- manifests/servergroups/proxy.pp | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/manifests/servergroups/proxy.pp b/manifests/servergroups/proxy.pp index bdea7b6..70bbcf4 100644 --- a/manifests/servergroups/proxy.pp +++ b/manifests/servergroups/proxy.pp @@ -741,7 +741,8 @@ class proxy { # Firewall Rules, allow HTTP traffic through $tcpPorts = [ 80, 443, 873, 8080 ] $udpPorts = [] - $custom = [] + $custom = ['-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT', + '-A INPUT -p tcp -m tcp --sport 80 -j DROP'] iptables { "/etc/sysconfig/iptables": content => template("system/iptables-template.conf.erb"), -- 1.6.2.5 From a.badger at gmail.com Mon Aug 24 22:08:02 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Mon, 24 Aug 2009 15:08:02 -0700 Subject: [PATCH] Temporary setting for galgoci In-Reply-To: <1251151717-28286-1-git-send-email-mmcgrath@redhat.com> References: <1251151717-28286-1-git-send-email-mmcgrath@redhat.com> Message-ID: <4A930F42.9040105@gmail.com> On 08/24/2009 03:08 PM, Mike McGrath wrote: > --- > manifests/servergroups/proxy.pp | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/manifests/servergroups/proxy.pp b/manifests/servergroups/proxy.pp > index bdea7b6..70bbcf4 100644 > --- a/manifests/servergroups/proxy.pp > +++ b/manifests/servergroups/proxy.pp > @@ -741,7 +741,8 @@ class proxy { > # Firewall Rules, allow HTTP traffic through > $tcpPorts = [ 80, 443, 873, 8080 ] > $udpPorts = [] > - $custom = [] > + $custom = ['-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT', > + '-A INPUT -p tcp -m tcp --sport 80 -j DROP'] > > iptables { "/etc/sysconfig/iptables": > content => template("system/iptables-template.conf.erb"), +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From Matt_Domsch at dell.com Mon Aug 24 22:11:37 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Mon, 24 Aug 2009 17:11:37 -0500 Subject: IPv6 for Fedora services? In-Reply-To: <9E287688-AAF9-464B-9A19-E5AD51FC33AE@davidjmemmett.co.uk> References: <4A895994.2020701@pobox.com> <20090823205006.GA19019@auslistsprd01.us.dell.com> <4A91F13B.30904@pobox.com> <9E287688-AAF9-464B-9A19-E5AD51FC33AE@davidjmemmett.co.uk> Message-ID: <20090824221137.GA32393@auslistsprd01.us.dell.com> On Mon, Aug 24, 2009 at 06:17:44AM +0100, David JM Emmett wrote: > That is why ip6tables exists ;) Here's a proposed ip6tables-template.conf.erb. It's based on the iptables template, with all the IPv4-specific stuff stripped out. This should let our current model of using defined per-service ports work: # Firewall Rules, allow HTTP traffic through $tcpPorts = [ 80, 443, 873, 8080 ] $udpPorts = [] $custom = [] ip6tables { "/etc/sysconfig/ip6tables": content => template("system/ip6tables-template.conf.erb"), } service { "ip6tables": ensure => running, hasstatus => true, } ------ *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] # loopback allowed -A INPUT -i lo -j ACCEPT # Accept ping and traceroute (needs icmp) -A INPUT -p ipv6-icmp -j ACCEPT # Established connections allowed -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # SSH -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT # Custom Services <% custom.each do |cust| -%> <%= cust %> <% end -%> # Services TCP <% tcpPorts.each do |port| -%> -A INPUT -m state --state NEW -m tcp -p tcp --dport <%= port %> -j ACCEPT <% end -%> # Services UDP <% udpPorts.each do |port| -%> -A INPUT -m state --state NEW -m udp -p udp --dport <%= port %> -j ACCEPT <% end -%> -A INPUT -j REJECT --reject-with icmp6-adm-prohibited -A FORWARD -j REJECT --reject-with icmp6-adm-prohibited COMMIT From smooge at gmail.com Mon Aug 24 22:11:58 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Mon, 24 Aug 2009 16:11:58 -0600 Subject: [PATCH] Temporary setting for galgoci In-Reply-To: <1251151717-28286-1-git-send-email-mmcgrath@redhat.com> References: <1251151717-28286-1-git-send-email-mmcgrath@redhat.com> Message-ID: <80d7e4090908241511r6f4331c9h8f2e8aad73875fea@mail.gmail.com> On Mon, Aug 24, 2009 at 4:08 PM, Mike McGrath wrote: > --- > ?manifests/servergroups/proxy.pp | ? ?3 ++- > ?1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/manifests/servergroups/proxy.pp b/manifests/servergroups/proxy.pp > index bdea7b6..70bbcf4 100644 > --- a/manifests/servergroups/proxy.pp > +++ b/manifests/servergroups/proxy.pp > @@ -741,7 +741,8 @@ class proxy { > ? ? # Firewall Rules, allow HTTP traffic through > ? ? $tcpPorts = [ 80, 443, 873, 8080 ] > ? ? $udpPorts = [] > - ? ?$custom = [] > + ? ?$custom = ['-A INPUT -p tcp -m tcp ?--dport 80 -j ACCEPT', > + ? ? ? ? ? ? ? ?'-A INPUT -p tcp -m tcp --sport 80 -j DROP'] > > ? ? iptables { "/etc/sysconfig/iptables": > ? ? ? ? content => template("system/iptables-template.conf.erb"), > -- +1 for the meantime. -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning From dennis at ausil.us Mon Aug 24 22:22:19 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Mon, 24 Aug 2009 17:22:19 -0500 Subject: [PATCH] Temporary setting for galgoci In-Reply-To: <1251151717-28286-1-git-send-email-mmcgrath@redhat.com> References: <1251151717-28286-1-git-send-email-mmcgrath@redhat.com> Message-ID: <200908241722.23728.dennis@ausil.us> On Monday 24 August 2009 05:08:37 pm Mike McGrath wrote: > --- > manifests/servergroups/proxy.pp | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/manifests/servergroups/proxy.pp > b/manifests/servergroups/proxy.pp index bdea7b6..70bbcf4 100644 > --- a/manifests/servergroups/proxy.pp > +++ b/manifests/servergroups/proxy.pp > @@ -741,7 +741,8 @@ class proxy { > # Firewall Rules, allow HTTP traffic through > $tcpPorts = [ 80, 443, 873, 8080 ] > $udpPorts = [] > - $custom = [] > + $custom = ['-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT', > + '-A INPUT -p tcp -m tcp --sport 80 -j DROP'] > > iptables { "/etc/sysconfig/iptables": > content => template("system/iptables-template.conf.erb"), +1 Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From mmcgrath at redhat.com Mon Aug 24 22:50:18 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 24 Aug 2009 17:50:18 -0500 (CDT) Subject: [PATCH] Temporary setting for galgoci In-Reply-To: <200908241722.23728.dennis@ausil.us> References: <1251151717-28286-1-git-send-email-mmcgrath@redhat.com> <200908241722.23728.dennis@ausil.us> Message-ID: On Mon, 24 Aug 2009, Dennis Gilmore wrote: > On Monday 24 August 2009 05:08:37 pm Mike McGrath wrote: > > --- > > manifests/servergroups/proxy.pp | 3 ++- > > 1 files changed, 2 insertions(+), 1 deletions(-) > > > > diff --git a/manifests/servergroups/proxy.pp > > b/manifests/servergroups/proxy.pp index bdea7b6..70bbcf4 100644 > > --- a/manifests/servergroups/proxy.pp > > +++ b/manifests/servergroups/proxy.pp > > @@ -741,7 +741,8 @@ class proxy { > > # Firewall Rules, allow HTTP traffic through > > $tcpPorts = [ 80, 443, 873, 8080 ] > > $udpPorts = [] > > - $custom = [] > > + $custom = ['-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT', > > + '-A INPUT -p tcp -m tcp --sport 80 -j DROP'] > > > > iptables { "/etc/sysconfig/iptables": > > content => template("system/iptables-template.conf.erb"), > > +1 > Just so people are aware at this rather strange change. We have an explicit reject at the bottom of our iptables scripts. We're seeing some LAST_ACK's getting denied by the proxy servers iptables rules, generating this traffic. The network team requested we get rid of these ICMP messages so I have the iptables rules explicitly drop the messages before they get to the reject rule. This is a temporary change. -Mike From tmz at pobox.com Tue Aug 25 01:12:35 2009 From: tmz at pobox.com (Todd Zullinger) Date: Mon, 24 Aug 2009 21:12:35 -0400 Subject: [PATCH 1/2] fedora-web: Disable /get-prerelease redirect for F12-Alpha In-Reply-To: References: Message-ID: --- modules/fedora-web/files/redirects.conf | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/fedora-web/files/redirects.conf b/modules/fedora-web/files/redirects.conf index b7402f8..a88613f 100644 --- a/modules/fedora-web/files/redirects.conf +++ b/modules/fedora-web/files/redirects.conf @@ -7,5 +7,5 @@ RewriteRule ^/soc.*$ http://fedoraproject.org/wiki/SummerOfCode [R=301,L] # Redirect to new trademark guidelines page RewriteRule ^/([^/]+/)?legal/trademarks/guidelines$ http://fedoraproject.org/wiki/Legal:Trademark_guidelines [R=301,L] -# Remove this before the the next prerelease -RewriteRule ^(/.*)?/get-prerelease$ $1/get-fedora [R=302] +# Comment this out when there is a prerelease available +#RewriteRule ^(/.*)?/get-prerelease$ $1/get-fedora [R=302] -- 1.6.4.1 From tmz at pobox.com Tue Aug 25 01:12:36 2009 From: tmz at pobox.com (Todd Zullinger) Date: Mon, 24 Aug 2009 21:12:36 -0400 Subject: [PATCH 2/2] fedora-web: Use f12-alpha branch In-Reply-To: References: Message-ID: <41a38339b8dda869736980dca974d346831ab26c.1251157367.git.tmz@pobox.com> --- modules/fedora-web/files/syncStatic.sh | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/modules/fedora-web/files/syncStatic.sh b/modules/fedora-web/files/syncStatic.sh index d615fd8..fbd987e 100755 --- a/modules/fedora-web/files/syncStatic.sh +++ b/modules/fedora-web/files/syncStatic.sh @@ -22,7 +22,7 @@ trap "cd /tmp ; rm -rf $TEMP" EXIT # Good luck! cd fedora-web -/usr/bin/git checkout -q origin/f11 || exit 1 +/usr/bin/git checkout -q origin/f12-alpha || exit 1 cd fedoraproject.org make > /dev/null 2>&1 -- 1.6.4.1 From ricky at fedoraproject.org Tue Aug 25 01:35:13 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Mon, 24 Aug 2009 21:35:13 -0400 Subject: [PATCH 2/2] fedora-web: Use f12-alpha branch In-Reply-To: <41a38339b8dda869736980dca974d346831ab26c.1251157367.git.tmz@pobox.com> References: <41a38339b8dda869736980dca974d346831ab26c.1251157367.git.tmz@pobox.com> Message-ID: <20090825013513.GA8421@alpha.rzhou.org> On 2009-08-24 09:12:36 PM, Todd Zullinger wrote: > --- > modules/fedora-web/files/syncStatic.sh | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/modules/fedora-web/files/syncStatic.sh b/modules/fedora-web/files/syncStatic.sh > index d615fd8..fbd987e 100755 > --- a/modules/fedora-web/files/syncStatic.sh > +++ b/modules/fedora-web/files/syncStatic.sh > @@ -22,7 +22,7 @@ trap "cd /tmp ; rm -rf $TEMP" EXIT > # Good luck! > > cd fedora-web > -/usr/bin/git checkout -q origin/f11 || exit 1 > +/usr/bin/git checkout -q origin/f12-alpha || exit 1 > > cd fedoraproject.org > make > /dev/null 2>&1 > -- > 1.6.4.1 +1 Thanks for working on the alpha websites stuff! Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From tmz at pobox.com Tue Aug 25 01:12:34 2009 From: tmz at pobox.com (Todd Zullinger) Date: Mon, 24 Aug 2009 21:12:34 -0400 Subject: [Change Request] Website changes for F12-Alpha Message-ID: The following two changes are needed to ensure the website is ready for the alpha release tomorrow morning. I won't push them until tomorrow morning, but can I get a few +1's for them a while? Todd Zullinger (2): fedora-web: Disable /get-prerelease redirect for F12-Alpha fedora-web: Use f12-alpha branch modules/fedora-web/files/redirects.conf | 4 ++-- modules/fedora-web/files/syncStatic.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) From tmz at pobox.com Tue Aug 25 01:52:38 2009 From: tmz at pobox.com (Todd Zullinger) Date: Mon, 24 Aug 2009 21:52:38 -0400 Subject: [PATCH 2/2] fedora-web: Use f12-alpha branch In-Reply-To: <20090825013513.GA8421@alpha.rzhou.org> References: <41a38339b8dda869736980dca974d346831ab26c.1251157367.git.tmz@pobox.com> <20090825013513.GA8421@alpha.rzhou.org> Message-ID: <20090825015238.GA4297@inocybe.localdomain> Ricky Zhou wrote: > Thanks for working on the alpha websites stuff! No problem. We should catch up in IRC tonight or tomorrow morning. I still don't know a lot about what actually has to happen (and on what boxes) to make things live tomorrow morning. :) -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I like children. If they're properly cooked. -- W.C. Fields -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 542 bytes Desc: not available URL: From mmcgrath at redhat.com Tue Aug 25 18:06:56 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 25 Aug 2009 13:06:56 -0500 Subject: [PATCH] Enabling confirm-edit again for smolt Message-ID: <1251223616-23330-1-git-send-email-mmcgrath@redhat.com> This had gotten disabled during a conversion process of making mediawiki-ConfirmEdit a package I think These files will enable the math based captcha again --- modules/mediawiki-ConfirmEdit/README | 22 ++ .../mediawiki-ConfirmEdit/files/ConfirmEdit.php | 222 ++++++++++++++++++++ modules/mediawiki-ConfirmEdit/manifests/init.pp | 13 ++ modules/mediawiki/manifests/init.pp | 2 +- 4 files changed, 258 insertions(+), 1 deletions(-) create mode 100644 modules/mediawiki-ConfirmEdit/README create mode 100644 modules/mediawiki-ConfirmEdit/files/ConfirmEdit.php create mode 100644 modules/mediawiki-ConfirmEdit/manifests/init.pp diff --git a/modules/mediawiki-ConfirmEdit/README b/modules/mediawiki-ConfirmEdit/README new file mode 100644 index 0000000..b4f281e --- /dev/null +++ b/modules/mediawiki-ConfirmEdit/README @@ -0,0 +1,22 @@ +===================== +mediawiki-ConfirmEdit +===================== + +----------- +Usage +----------- + +The ConfirmEdit extension enables a simple text Captcha that will probably +catch most bots. It was designed largely by Brion Vibber. The FancyCaptcha and +reCAPTCHA addons create more complex image captchas. + +Captchas are a way of combating automated edits, helping to ensure that wiki +edits are being made by real humans rather than bots. This can be particularly +useful for reducing the problem of wiki spam, but captchas reduce accessibility +and cause inconvenience to human users. In addition, it will not completely +spam-proof your wiki (nor will it protect it from human spammers). You may wish +to use this in conjunction with other anti-spam features. Remember to clean up +any spam which might slip through the net (keep an eye on your 'recent changes' +page). Captcha's can also be used to foil automated login attempts that try to +guess passwords. + diff --git a/modules/mediawiki-ConfirmEdit/files/ConfirmEdit.php b/modules/mediawiki-ConfirmEdit/files/ConfirmEdit.php new file mode 100644 index 0000000..0c33bc9 --- /dev/null +++ b/modules/mediawiki-ConfirmEdit/files/ConfirmEdit.php @@ -0,0 +1,222 @@ + + * http://www.mediawiki.org/ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * http://www.gnu.org/copyleft/gpl.html + * + * @addtogroup Extensions + */ + +if ( !defined( 'MEDIAWIKI' ) ) { + exit; +} + +global $wgExtensionFunctions, $wgGroupPermissions; + +$wgExtensionFunctions[] = 'confirmEditSetup'; +$wgExtensionCredits['other'][] = array( + 'name' => 'ConfirmEdit', + 'author' => 'Brion Vibber', + 'svn-date' => '$LastChangedDate: 2008-07-02 23:09:26 +0000 (Wed, 02 Jul 2008) $', + 'svn-revision' => '$LastChangedRevision: 36959 $', + 'url' => 'http://www.mediawiki.org/wiki/Extension:ConfirmEdit', + 'description' => 'Simple captcha implementation', + 'descriptionmsg' => 'captcha-desc', +); + +/** + * The 'skipcaptcha' permission key can be given out to + * let known-good users perform triggering actions without + * having to go through the captcha. + * + * By default, sysops and registered bot accounts will be + * able to skip, while others have to go through it. + */ +$wgGroupPermissions['*' ]['skipcaptcha'] = false; +$wgGroupPermissions['user' ]['skipcaptcha'] = false; +$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false; +$wgGroupPermissions['bot' ]['skipcaptcha'] = true; // registered bots +$wgGroupPermissions['sysop' ]['skipcaptcha'] = true; +$wgAvailableRights[] = 'skipcaptcha'; + +/** + * List of IP ranges to allow to skip the captcha, similar to the group setting: + * "$wgGroupPermission[...]['skipcaptcha'] = true" + * + * Specific IP addresses or CIDR-style ranges may be used, + * for instance: + * $wgCaptchaWhitelistIP = array('192.168.1.0/24', '10.1.0.0/16'); + */ +$wgCaptchaWhitelistIP = false; + +global $wgCaptcha, $wgCaptchaClass, $wgCaptchaTriggers; +$wgCaptcha = null; +$wgCaptchaClass = 'SimpleCaptcha'; + +/** + * Actions which can trigger a captcha + * + * If the 'edit' trigger is on, *every* edit will trigger the captcha. + * This may be useful for protecting against vandalbot attacks. + * + * If using the default 'addurl' trigger, the captcha will trigger on + * edits that include URLs that aren't in the current version of the page. + * This should catch automated linkspammers without annoying people when + * they make more typical edits. + * + * The captcha code should not use $wgCaptchaTriggers, but CaptchaTriggers() + * which also takes into account per namespace triggering. + */ +$wgCaptchaTriggers = array(); +$wgCaptchaTriggers['edit'] = true; // Would check on every edit +$wgCaptchaTriggers['create'] = true; // Check on page creation. +$wgCaptchaTriggers['addurl'] = true; // Check on edits that add URLs +$wgCaptchaTriggers['createaccount'] = true; // Special:Userlogin&type=signup +$wgCaptchaTriggers['badlogin'] = true; // Special:Userlogin after failure + +/** + * You may wish to apply special rules for captcha triggering on some namespaces. + * $wgCaptchaTriggersOnNamespace[][] forces an always on / + * always off configuration with that trigger for the given namespace. + * Leave unset to use the global options ($wgCaptchaTriggers). + * + * Shall not be used with 'createaccount' (it is not checked). + */ +$wgCaptchaTriggersOnNamespace = array(); + +#Example: +#$wgCaptchaTriggersOnNamespace[NS_TALK]['create'] = false; //Allow creation of talk pages without captchas. +#$wgCaptchaTriggersOnNamespace[NS_PROJECT]['edit'] = true; //Show captcha whenever editing Project pages. + +/** + * Indicate how to store per-session data required to match up the + * internal captcha data with the editor. + * + * 'CaptchaSessionStore' uses PHP's session storage, which is cookie-based + * and may fail for anons with cookies disabled. + * + * 'CaptchaCacheStore' uses $wgMemc, which avoids the cookie dependency + * but may be fragile depending on cache configuration. + */ +global $wgCaptchaStorageClass; +$wgCaptchaStorageClass = 'CaptchaSessionStore'; + +/** + * Number of seconds a captcha session should last in the data cache + * before expiring when managing through CaptchaCacheStore class. + * + * Default is a half hour. + */ +global $wgCaptchaSessionExpiration; +$wgCaptchaSessionExpiration = 30 * 60; + +/** + * Number of seconds after a bad login that a captcha will be shown to + * that client on the login form to slow down password-guessing bots. + * + * Has no effect if 'badlogin' is disabled in $wgCaptchaTriggers or + * if there is not a caching engine enabled. + * + * Default is five minutes. + */ +global $wgCaptchaBadLoginExpiration; +$wgCaptchaBadLoginExpiration = 5 * 60; + +/** + * Allow users who have confirmed their e-mail addresses to post + * URL links without being harassed by the captcha. + */ +global $ceAllowConfirmedEmail; +$ceAllowConfirmedEmail = false; + +/** + * Number of bad login attempts before triggering the captcha. 0 means the + * captcha is presented on the first login. + */ +global $wgCaptchaBadLoginAttempts; +$wgCaptchaBadLoginAttempts = 3; + +/** + * Regex to whitelist URLs to known-good sites... + * For instance: + * $wgCaptchaWhitelist = '#^https?://([a-z0-9-]+\\.)?(wikimedia|wikipedia)\.org/#i'; + * Local admins can define a whitelist under [[MediaWiki:captcha-addurl-whitelist]] + */ +$wgCaptchaWhitelist = false; + +/** + * Additional regexes to check for. Use full regexes; can match things + * other than URLs such as junk edits. + * + * If the new version matches one and the old version doesn't, + * toss up the captcha screen. + * + * @fixme Add a message for local admins to add items as well. + */ +$wgCaptchaRegexes = array(); + +/** Register special page */ +$wgSpecialPages['Captcha'] = array( /*class*/'CaptchaSpecialPage', /*name*/'Captcha' ); + +$wgConfirmEditIP = dirname( __FILE__ ); +$wgExtensionMessagesFiles['ConfirmEdit'] = "$wgConfirmEditIP/ConfirmEdit.i18n.php"; + +if ( defined( 'MW_SUPPORTS_EDITFILTERMERGED' ) ) { + $wgHooks['EditFilterMerged'][] = 'ConfirmEditHooks::confirmEditMerged'; +} else { + $wgHooks['EditFilter'][] = 'ConfirmEditHooks::confirmEdit'; +} +$wgHooks['UserCreateForm'][] = 'ConfirmEditHooks::injectUserCreate'; +$wgHooks['AbortNewAccount'][] = 'ConfirmEditHooks::confirmUserCreate'; +$wgHooks['LoginAuthenticateAudit'][] = 'ConfirmEditHooks::triggerUserLogin'; +$wgHooks['UserLoginForm'][] = 'ConfirmEditHooks::injectUserLogin'; +$wgHooks['AbortLogin'][] = 'ConfirmEditHooks::confirmUserLogin'; +# Register API hook +$wgHooks['APIEditBeforeSave'][] = 'ConfirmEditHooks::confirmEditAPI'; + +$wgAutoloadClasses['ConfirmEditHooks'] + = $wgAutoloadClasses['SimpleCaptcha'] + = $wgAutoloadClasses['CaptchaSessionStore'] + = $wgAutoloadClasses['CaptchaCacheStore'] + = $wgAutoloadClasses['CaptchaSpecialPage'] + = "$wgConfirmEditIP/ConfirmEdit_body.php"; + +/** + * Set up $wgWhitelistRead + */ +function confirmEditSetup() { + global $wgGroupPermissions, $wgCaptchaTriggers; + if( !$wgGroupPermissions['*']['read'] && $wgCaptchaTriggers['badlogin'] ) { + // We need to ensure that the captcha interface is accessible + // so that unauthenticated users can actually get in after a + // mistaken password typing. + global $wgWhitelistRead; + $image = Title::makeTitle( NS_SPECIAL, 'Captcha/image' ); + $help = Title::makeTitle( NS_SPECIAL, 'Captcha/help' ); + $wgWhitelistRead[] = $image->getPrefixedText(); + $wgWhitelistRead[] = $help->getPrefixedText(); + } +} + + diff --git a/modules/mediawiki-ConfirmEdit/manifests/init.pp b/modules/mediawiki-ConfirmEdit/manifests/init.pp new file mode 100644 index 0000000..5755cf0 --- /dev/null +++ b/modules/mediawiki-ConfirmEdit/manifests/init.pp @@ -0,0 +1,13 @@ +# mediawiki-ConfirmEdit + +class mediawiki-ConfirmEdit::ConfirmEdit { + package { 'mediawiki-ConfirmEdit' : + ensure => present, + require => Package['mediawiki'] + } + + file { '/usr/share/mediawiki/extensions/ConfirmEdit/ConfirmEdit.php': + require => Package['mediawiki-ConfirmEdit'], + source => 'puppet:///mediawiki-ConfirmEdit/ConfirmEdit.php' + } +} diff --git a/modules/mediawiki/manifests/init.pp b/modules/mediawiki/manifests/init.pp index 6175a45..9606c56 100644 --- a/modules/mediawiki/manifests/init.pp +++ b/modules/mediawiki/manifests/init.pp @@ -1,6 +1,7 @@ class mediawiki::app { include httpd::base include httpd::php + include mediawiki-ConfirmEdit::ConfirmEdit package { "mediawiki": ensure => installed, @@ -14,7 +15,6 @@ class mediawiki::app { "mediawiki-Boilerplate", "mediawiki-Cite", "mediawiki-Click", - "mediawiki-ConfirmEdit", "mediawiki-HNP", "mediawiki-Lockdown", "mediawiki-ParserFunctions", -- 1.6.2.5 From ricky at fedoraproject.org Tue Aug 25 18:09:40 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 25 Aug 2009 14:09:40 -0400 Subject: [PATCH] Enabling confirm-edit again for smolt In-Reply-To: <1251223616-23330-1-git-send-email-mmcgrath@redhat.com> References: <1251223616-23330-1-git-send-email-mmcgrath@redhat.com> Message-ID: <20090825180940.GA17975@alpha.rzhou.org> On 2009-08-25 01:06:56 PM, Mike McGrath wrote: > This had gotten disabled during a conversion process of making mediawiki-ConfirmEdit a package I think > These files will enable the math based captcha again +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From dennis at ausil.us Tue Aug 25 18:58:49 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Tue, 25 Aug 2009 13:58:49 -0500 Subject: [PATCH] Enabling confirm-edit again for smolt In-Reply-To: <1251223616-23330-1-git-send-email-mmcgrath@redhat.com> References: <1251223616-23330-1-git-send-email-mmcgrath@redhat.com> Message-ID: <200908251358.53581.dennis@ausil.us> On Tuesday 25 August 2009 01:06:56 pm Mike McGrath wrote: > This had gotten disabled during a conversion process of making > mediawiki-ConfirmEdit a package I think These files will enable the math > based captcha again +1 > --- > modules/mediawiki-ConfirmEdit/README | 22 ++ > .../mediawiki-ConfirmEdit/files/ConfirmEdit.php | 222 > ++++++++++++++++++++ modules/mediawiki-ConfirmEdit/manifests/init.pp | > 13 ++ > modules/mediawiki/manifests/init.pp | 2 +- > 4 files changed, 258 insertions(+), 1 deletions(-) > create mode 100644 modules/mediawiki-ConfirmEdit/README > create mode 100644 modules/mediawiki-ConfirmEdit/files/ConfirmEdit.php > create mode 100644 modules/mediawiki-ConfirmEdit/manifests/init.pp > > diff --git a/modules/mediawiki-ConfirmEdit/README > b/modules/mediawiki-ConfirmEdit/README new file mode 100644 > index 0000000..b4f281e > --- /dev/null > +++ b/modules/mediawiki-ConfirmEdit/README > @@ -0,0 +1,22 @@ > +===================== > +mediawiki-ConfirmEdit > +===================== > + > +----------- > +Usage > +----------- > + > +The ConfirmEdit extension enables a simple text Captcha that will probably > +catch most bots. It was designed largely by Brion Vibber. The FancyCaptcha > and +reCAPTCHA addons create more complex image captchas. > + > +Captchas are a way of combating automated edits, helping to ensure that > wiki +edits are being made by real humans rather than bots. This can be > particularly +useful for reducing the problem of wiki spam, but captchas > reduce accessibility +and cause inconvenience to human users. In addition, > it will not completely +spam-proof your wiki (nor will it protect it from > human spammers). You may wish +to use this in conjunction with other > anti-spam features. Remember to clean up +any spam which might slip through > the net (keep an eye on your 'recent changes' +page). Captcha's can also be > used to foil automated login attempts that try to +guess passwords. > + > diff --git a/modules/mediawiki-ConfirmEdit/files/ConfirmEdit.php > b/modules/mediawiki-ConfirmEdit/files/ConfirmEdit.php new file mode 100644 > index 0000000..0c33bc9 > --- /dev/null > +++ b/modules/mediawiki-ConfirmEdit/files/ConfirmEdit.php > @@ -0,0 +1,222 @@ > + + > + > +/** > + * Experimental captcha plugin framework. > + * Not intended as a real production captcha system; derived classes > + * can extend the base to produce their fancy images in place of the > + * text-based test output here. > + * > + * Copyright (C) 2005-2007 Brion Vibber > + * http://www.mediawiki.org/ > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation; either version 2 of the License, or > + * (at your option) any later version. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License along > + * with this program; if not, write to the Free Software Foundation, Inc., > + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. > + * http://www.gnu.org/copyleft/gpl.html > + * > + * @addtogroup Extensions > + */ > + > +if ( !defined( 'MEDIAWIKI' ) ) { > + exit; > +} > + > +global $wgExtensionFunctions, $wgGroupPermissions; > + > +$wgExtensionFunctions[] = 'confirmEditSetup'; > +$wgExtensionCredits['other'][] = array( > + 'name' => 'ConfirmEdit', > + 'author' => 'Brion Vibber', > + 'svn-date' => '$LastChangedDate: 2008-07-02 23:09:26 +0000 (Wed, 02 Jul > 2008) $', + 'svn-revision' => '$LastChangedRevision: 36959 $', > + 'url' => 'http://www.mediawiki.org/wiki/Extension:ConfirmEdit', > + 'description' => 'Simple captcha implementation', > + 'descriptionmsg' => 'captcha-desc', > +); > + > +/** > + * The 'skipcaptcha' permission key can be given out to > + * let known-good users perform triggering actions without > + * having to go through the captcha. > + * > + * By default, sysops and registered bot accounts will be > + * able to skip, while others have to go through it. > + */ > +$wgGroupPermissions['*' ]['skipcaptcha'] = false; > +$wgGroupPermissions['user' ]['skipcaptcha'] = false; > +$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = false; > +$wgGroupPermissions['bot' ]['skipcaptcha'] = true; // registered > bots +$wgGroupPermissions['sysop' ]['skipcaptcha'] = true; > +$wgAvailableRights[] = 'skipcaptcha'; > + > +/** > + * List of IP ranges to allow to skip the captcha, similar to the group > setting: + * "$wgGroupPermission[...]['skipcaptcha'] = true" > + * > + * Specific IP addresses or CIDR-style ranges may be used, > + * for instance: > + * $wgCaptchaWhitelistIP = array('192.168.1.0/24', '10.1.0.0/16'); > + */ > +$wgCaptchaWhitelistIP = false; > + > +global $wgCaptcha, $wgCaptchaClass, $wgCaptchaTriggers; > +$wgCaptcha = null; > +$wgCaptchaClass = 'SimpleCaptcha'; > + > +/** > + * Actions which can trigger a captcha > + * > + * If the 'edit' trigger is on, *every* edit will trigger the captcha. > + * This may be useful for protecting against vandalbot attacks. > + * > + * If using the default 'addurl' trigger, the captcha will trigger on > + * edits that include URLs that aren't in the current version of the page. > + * This should catch automated linkspammers without annoying people when > + * they make more typical edits. > + * > + * The captcha code should not use $wgCaptchaTriggers, but > CaptchaTriggers() + * which also takes into account per namespace > triggering. > + */ > +$wgCaptchaTriggers = array(); > +$wgCaptchaTriggers['edit'] = true; // Would check on every edit > +$wgCaptchaTriggers['create'] = true; // Check on page creation. > +$wgCaptchaTriggers['addurl'] = true; // Check on edits that add > URLs +$wgCaptchaTriggers['createaccount'] = true; // > Special:Userlogin&type=signup +$wgCaptchaTriggers['badlogin'] = true; > // Special:Userlogin after failure + > +/** > + * You may wish to apply special rules for captcha triggering on some > namespaces. + * $wgCaptchaTriggersOnNamespace[][] > forces an always on / + * always off configuration with that trigger for > the given namespace. + * Leave unset to use the global options > ($wgCaptchaTriggers). > + * > + * Shall not be used with 'createaccount' (it is not checked). > + */ > +$wgCaptchaTriggersOnNamespace = array(); > + > +#Example: > +#$wgCaptchaTriggersOnNamespace[NS_TALK]['create'] = false; //Allow > creation of talk pages without captchas. > +#$wgCaptchaTriggersOnNamespace[NS_PROJECT]['edit'] = true; //Show captcha > whenever editing Project pages. + > +/** > + * Indicate how to store per-session data required to match up the > + * internal captcha data with the editor. > + * > + * 'CaptchaSessionStore' uses PHP's session storage, which is cookie-based > + * and may fail for anons with cookies disabled. > + * > + * 'CaptchaCacheStore' uses $wgMemc, which avoids the cookie dependency > + * but may be fragile depending on cache configuration. > + */ > +global $wgCaptchaStorageClass; > +$wgCaptchaStorageClass = 'CaptchaSessionStore'; > + > +/** > + * Number of seconds a captcha session should last in the data cache > + * before expiring when managing through CaptchaCacheStore class. > + * > + * Default is a half hour. > + */ > +global $wgCaptchaSessionExpiration; > +$wgCaptchaSessionExpiration = 30 * 60; > + > +/** > + * Number of seconds after a bad login that a captcha will be shown to > + * that client on the login form to slow down password-guessing bots. > + * > + * Has no effect if 'badlogin' is disabled in $wgCaptchaTriggers or > + * if there is not a caching engine enabled. > + * > + * Default is five minutes. > + */ > +global $wgCaptchaBadLoginExpiration; > +$wgCaptchaBadLoginExpiration = 5 * 60; > + > +/** > + * Allow users who have confirmed their e-mail addresses to post > + * URL links without being harassed by the captcha. > + */ > +global $ceAllowConfirmedEmail; > +$ceAllowConfirmedEmail = false; > + > +/** > + * Number of bad login attempts before triggering the captcha. 0 means > the + * captcha is presented on the first login. > + */ > +global $wgCaptchaBadLoginAttempts; > +$wgCaptchaBadLoginAttempts = 3; > + > +/** > + * Regex to whitelist URLs to known-good sites... > + * For instance: > + * $wgCaptchaWhitelist = > '#^https?://([a-z0-9-]+\\.)?(wikimedia|wikipedia)\.org/#i'; + * Local > admins can define a whitelist under [[MediaWiki:captcha-addurl-whitelist]] > + */ > +$wgCaptchaWhitelist = false; > + > +/** > + * Additional regexes to check for. Use full regexes; can match things > + * other than URLs such as junk edits. > + * > + * If the new version matches one and the old version doesn't, > + * toss up the captcha screen. > + * > + * @fixme Add a message for local admins to add items as well. > + */ > +$wgCaptchaRegexes = array(); > + > +/** Register special page */ > +$wgSpecialPages['Captcha'] = array( /*class*/'CaptchaSpecialPage', > /*name*/'Captcha' ); + > +$wgConfirmEditIP = dirname( __FILE__ ); > +$wgExtensionMessagesFiles['ConfirmEdit'] = > "$wgConfirmEditIP/ConfirmEdit.i18n.php"; + > +if ( defined( 'MW_SUPPORTS_EDITFILTERMERGED' ) ) { > + $wgHooks['EditFilterMerged'][] = 'ConfirmEditHooks::confirmEditMerged'; > +} else { > + $wgHooks['EditFilter'][] = 'ConfirmEditHooks::confirmEdit'; > +} > +$wgHooks['UserCreateForm'][] = 'ConfirmEditHooks::injectUserCreate'; > +$wgHooks['AbortNewAccount'][] = 'ConfirmEditHooks::confirmUserCreate'; > +$wgHooks['LoginAuthenticateAudit'][] = > 'ConfirmEditHooks::triggerUserLogin'; +$wgHooks['UserLoginForm'][] = > 'ConfirmEditHooks::injectUserLogin'; +$wgHooks['AbortLogin'][] = > 'ConfirmEditHooks::confirmUserLogin'; > +# Register API hook > +$wgHooks['APIEditBeforeSave'][] = 'ConfirmEditHooks::confirmEditAPI'; > + > +$wgAutoloadClasses['ConfirmEditHooks'] > + = $wgAutoloadClasses['SimpleCaptcha'] > + = $wgAutoloadClasses['CaptchaSessionStore'] > + = $wgAutoloadClasses['CaptchaCacheStore'] > + = $wgAutoloadClasses['CaptchaSpecialPage'] > + = "$wgConfirmEditIP/ConfirmEdit_body.php"; > + > +/** > + * Set up $wgWhitelistRead > + */ > +function confirmEditSetup() { > + global $wgGroupPermissions, $wgCaptchaTriggers; > + if( !$wgGroupPermissions['*']['read'] && $wgCaptchaTriggers['badlogin'] ) > { + // We need to ensure that the captcha interface is accessible > + // so that unauthenticated users can actually get in after a > + // mistaken password typing. > + global $wgWhitelistRead; > + $image = Title::makeTitle( NS_SPECIAL, 'Captcha/image' ); > + $help = Title::makeTitle( NS_SPECIAL, 'Captcha/help' ); > + $wgWhitelistRead[] = $image->getPrefixedText(); > + $wgWhitelistRead[] = $help->getPrefixedText(); > + } > +} > + > + > diff --git a/modules/mediawiki-ConfirmEdit/manifests/init.pp > b/modules/mediawiki-ConfirmEdit/manifests/init.pp new file mode 100644 > index 0000000..5755cf0 > --- /dev/null > +++ b/modules/mediawiki-ConfirmEdit/manifests/init.pp > @@ -0,0 +1,13 @@ > +# mediawiki-ConfirmEdit > + > +class mediawiki-ConfirmEdit::ConfirmEdit { > + package { 'mediawiki-ConfirmEdit' : > + ensure => present, > + require => Package['mediawiki'] > + } > + > + file { '/usr/share/mediawiki/extensions/ConfirmEdit/ConfirmEdit.php': > + require => Package['mediawiki-ConfirmEdit'], > + source => 'puppet:///mediawiki-ConfirmEdit/ConfirmEdit.php' > + } > +} > diff --git a/modules/mediawiki/manifests/init.pp > b/modules/mediawiki/manifests/init.pp index 6175a45..9606c56 100644 > --- a/modules/mediawiki/manifests/init.pp > +++ b/modules/mediawiki/manifests/init.pp > @@ -1,6 +1,7 @@ > class mediawiki::app { > include httpd::base > include httpd::php > + include mediawiki-ConfirmEdit::ConfirmEdit > > package { "mediawiki": > ensure => installed, > @@ -14,7 +15,6 @@ class mediawiki::app { > "mediawiki-Boilerplate", > "mediawiki-Cite", > "mediawiki-Click", > - "mediawiki-ConfirmEdit", > "mediawiki-HNP", > "mediawiki-Lockdown", > "mediawiki-ParserFunctions", -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From smooge at gmail.com Tue Aug 25 19:00:33 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Tue, 25 Aug 2009 13:00:33 -0600 Subject: [PATCH] Enabling confirm-edit again for smolt In-Reply-To: <1251223616-23330-1-git-send-email-mmcgrath@redhat.com> References: <1251223616-23330-1-git-send-email-mmcgrath@redhat.com> Message-ID: <80d7e4090908251200u3b2f8a80iba9b194148452c4e@mail.gmail.com> On Tue, Aug 25, 2009 at 12:06 PM, Mike McGrath wrote: > This had gotten disabled during a conversion process of making mediawiki-ConfirmEdit a package I think > These files will enable the math based captcha again Read through and didn't see any problems +1 -- Stephen J Smoogen. Ah, but a man's reach should exceed his grasp. Or what's a heaven for? -- Robert Browning From mmcgrath at redhat.com Tue Aug 25 20:25:39 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 25 Aug 2009 15:25:39 -0500 Subject: [PATCH] shared session data Message-ID: <1251231939-25360-1-git-send-email-mmcgrath@redhat.com> My smolt change requires shared session data can I get 2 +1's --- manifests/servergroups/appRhel.pp | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/manifests/servergroups/appRhel.pp b/manifests/servergroups/appRhel.pp index c249973..aba5fdf 100644 --- a/manifests/servergroups/appRhel.pp +++ b/manifests/servergroups/appRhel.pp @@ -34,6 +34,15 @@ class appRhel { wikipath => "smolt-wiki", } include mediawiki-confirmedit::confirmEdit + mount { "/srv/web/sessiondata": + device => "ntap-fedora1.fedora.phx.redhat.com:/vol/fedora/app/sessiondata", + fstype => "nfs", + ensure => "mounted", + options => "defaults,ro,soft,intr", + atboot => true, + require => File["/srv/web/sessiondata"] + } + } # Firewall rules -- 1.6.2.5 From ricky at fedoraproject.org Tue Aug 25 20:28:07 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 25 Aug 2009 16:28:07 -0400 Subject: [PATCH] shared session data In-Reply-To: <1251231939-25360-1-git-send-email-mmcgrath@redhat.com> References: <1251231939-25360-1-git-send-email-mmcgrath@redhat.com> Message-ID: <20090825202806.GA13235@alpha.rzhou.org> On 2009-08-25 03:25:39 PM, Mike McGrath wrote: > My smolt change requires shared session data > > can I get 2 +1's +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From dennis at ausil.us Tue Aug 25 21:12:11 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Tue, 25 Aug 2009 16:12:11 -0500 Subject: [PATCH] shared session data In-Reply-To: <1251231939-25360-1-git-send-email-mmcgrath@redhat.com> References: <1251231939-25360-1-git-send-email-mmcgrath@redhat.com> Message-ID: <200908251612.16283.dennis@ausil.us> On Tuesday 25 August 2009 03:25:39 pm Mike McGrath wrote: > My smolt change requires shared session data > > can I get 2 +1's > --- > manifests/servergroups/appRhel.pp | 9 +++++++++ > 1 files changed, 9 insertions(+), 0 deletions(-) > > diff --git a/manifests/servergroups/appRhel.pp > b/manifests/servergroups/appRhel.pp index c249973..aba5fdf 100644 > --- a/manifests/servergroups/appRhel.pp > +++ b/manifests/servergroups/appRhel.pp > @@ -34,6 +34,15 @@ class appRhel { > wikipath => "smolt-wiki", > } > include mediawiki-confirmedit::confirmEdit > + mount { "/srv/web/sessiondata": > + device => > "ntap-fedora1.fedora.phx.redhat.com:/vol/fedora/app/sessiondata", + > fstype => "nfs", > + ensure => "mounted", > + options => "defaults,ro,soft,intr", > + atboot => true, > + require => File["/srv/web/sessiondata"] > + } > + > } > > # Firewall rules +1 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From nigjones at redhat.com Tue Aug 25 23:20:35 2009 From: nigjones at redhat.com (Nigel Jones) Date: Tue, 25 Aug 2009 19:20:35 -0400 (EDT) Subject: [PATCH] shared session data In-Reply-To: <1251231939-25360-1-git-send-email-mmcgrath@redhat.com> Message-ID: <625647.551251242475746.JavaMail.nigjones@njones.bne.redhat.com> ----- "Mike McGrath" wrote: > My smolt change requires shared session data > [snip] > + options => "defaults,ro,soft,intr", Read Only? Surely this would need to be rw so we can write new session data? - Nigel From mmcgrath at redhat.com Wed Aug 26 00:07:02 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 25 Aug 2009 19:07:02 -0500 (CDT) Subject: [PATCH] shared session data In-Reply-To: <625647.551251242475746.JavaMail.nigjones@njones.bne.redhat.com> References: <625647.551251242475746.JavaMail.nigjones@njones.bne.redhat.com> Message-ID: On Tue, 25 Aug 2009, Nigel Jones wrote: > > ----- "Mike McGrath" wrote: > > > My smolt change requires shared session data > > > [snip] > > + options => "defaults,ro,soft,intr", > > Read Only? Surely this would need to be rw so we can write new session data? > Fixed. -Mike From mmcgrath at redhat.com Wed Aug 26 15:02:55 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 26 Aug 2009 10:02:55 -0500 (CDT) Subject: Couple of things. Message-ID: First. The freeze is over. Everyone go nuts! Second. The meeting this week will largely be based around starting to formulate a plan to physically move the majority of our server hardware from it's current location to another location. This is going to cause some servers to be offline for several hours at a minimum. So if you're able to make the meeting tomorrow, please do come. -Mike From delpic at gmail.com Wed Aug 26 16:35:32 2009 From: delpic at gmail.com (Christian Del Pino) Date: Wed, 26 Aug 2009 12:35:32 -0400 Subject: Introduction Message-ID: <4A956454.9040401@gmail.com> Hello everyone, My name is Chris. I am looking to contribute my skills and time to the Fedora Infrastructure group. I started using Linux back in 1996 while in college. In 2005, I became a system administrator at a small company helping them build, deploy, and support Linux based laptops for use in capturing clinical data. Other tasks included projects to help the company scale our operations. I have a Bachelor's in Computer Science, and I am currently pursuing a Master's in Information Systems, with a couple of semesters to go. I also became a Red Hat Certified Technician back in 2004. My skills include: Bash scripting MySQL C++ HTML CSS Some Python Some PostgreSQL Started learning some Django. I want to be involved in the Fedora community by helping out where I can, and also learn some more new skills along the way. Thanks! Regards, Chris DelPino From Matt_Domsch at dell.com Thu Aug 27 05:01:48 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Thu, 27 Aug 2009 00:01:48 -0500 Subject: IPv6 for Fedora services? In-Reply-To: <20090824221137.GA32393@auslistsprd01.us.dell.com> References: <4A895994.2020701@pobox.com> <20090823205006.GA19019@auslistsprd01.us.dell.com> <4A91F13B.30904@pobox.com> <9E287688-AAF9-464B-9A19-E5AD51FC33AE@davidjmemmett.co.uk> <20090824221137.GA32393@auslistsprd01.us.dell.com> Message-ID: <20090827050148.GA2703@auslistsprd01.us.dell.com> On Mon, Aug 24, 2009 at 05:11:37PM -0500, Matt Domsch wrote: > On Mon, Aug 24, 2009 at 06:17:44AM +0100, David JM Emmett wrote: > > That is why ip6tables exists ;) > > Here's a proposed ip6tables-template.conf.erb. I committed a slightly different template to puppet/staging that I built on an EL-5 box. EL-5 doesn't have ip6tables conntrack, so -m state functions won't work there. I've done some more digging, and posted my findings on [1] specifically that our torrent tracker doesn't support IPv6, though the VM is on a machine that has a global IPv6 address. I've started looking at building opentracker, which is under a beerware license (so acceptable). It requires libowfat, which in Fedora is built against dietlibc. Neither libowfat nor dietlibc are built on EL-5. I've reached out to the mainainers of these to see if they will branch, or if we can build libowfat for EL-5 against glibc. At the moment, hosts and VMs housed at iBiblio can be reached via IPv6 global addresses natively. No word from Telia yet, though some people here think they're capable, but our VMs there aren't getting addresses automatically assigned. OSUOSL has plans in the works and hope to have something within a few months. BU is about a year away from production use. Our other kind hosting facilities have no plans at this time. With what we have at iBiblio, we could enable ns2, proxy4, and torrent1 pretty easily. [1] http://fedoraproject.org/wiki/Infrastructure/IPv6 [2] http://erdgeist.org/arts/software/opentracker/ -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From tristan.santore at internexusconnect.net Thu Aug 27 05:06:45 2009 From: tristan.santore at internexusconnect.net (Tristan Santore) Date: Thu, 27 Aug 2009 06:06:45 +0100 Subject: IPv6 for Fedora services? In-Reply-To: <20090827050148.GA2703@auslistsprd01.us.dell.com> References: <4A895994.2020701@pobox.com> <20090823205006.GA19019@auslistsprd01.us.dell.com> <4A91F13B.30904@pobox.com> <9E287688-AAF9-464B-9A19-E5AD51FC33AE@davidjmemmett.co.uk> <20090824221137.GA32393@auslistsprd01.us.dell.com> <20090827050148.GA2703@auslistsprd01.us.dell.com> Message-ID: <4A961465.6050009@internexusconnect.net> Matt, I think the key issue is to get anything going. Anything is better than nothing. When other providers roll IPv6 PAs out, then those locations can be enabled, when available. Of course there would also be the 6to4 option. Might also be smart, to check if those providers offer a 6to4 gateway, then 6to4 tunneling, could be used in the interim. Regards, Tristan On 27/08/09 06:01, Matt Domsch wrote: > On Mon, Aug 24, 2009 at 05:11:37PM -0500, Matt Domsch wrote: > >> On Mon, Aug 24, 2009 at 06:17:44AM +0100, David JM Emmett wrote: >> >>> That is why ip6tables exists ;) >>> >> Here's a proposed ip6tables-template.conf.erb. >> > I committed a slightly different template to puppet/staging that I > built on an EL-5 box. EL-5 doesn't have ip6tables conntrack, so -m > state functions won't work there. > > I've done some more digging, and posted my findings on [1] > specifically that our torrent tracker doesn't support IPv6, though the > VM is on a machine that has a global IPv6 address. I've started > looking at building opentracker, which is under a beerware license (so > acceptable). It requires libowfat, which in Fedora is built against > dietlibc. Neither libowfat nor dietlibc are built on EL-5. I've > reached out to the mainainers of these to see if they will branch, or > if we can build libowfat for EL-5 against glibc. > > At the moment, hosts and VMs housed at iBiblio can be reached via IPv6 > global addresses natively. No word from Telia yet, though some people > here think they're capable, but our VMs there aren't getting addresses > automatically assigned. OSUOSL has plans in the works and hope to > have something within a few months. BU is about a year away from > production use. Our other kind hosting facilities have no plans at > this time. > > With what we have at iBiblio, we could enable ns2, proxy4, and > torrent1 pretty easily. > > > [1] http://fedoraproject.org/wiki/Infrastructure/IPv6 > [2] http://erdgeist.org/arts/software/opentracker/ > > -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 Tristan.Santore at internexusconnect.net Thawte Notary For Fedora related issues, please email me at: TSantore at fedoraproject.org -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3388 bytes Desc: S/MIME Cryptographic Signature URL: From jgarzik at pobox.com Thu Aug 27 05:52:21 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Thu, 27 Aug 2009 01:52:21 -0400 Subject: IPv6 for Fedora services? In-Reply-To: <20090827050148.GA2703@auslistsprd01.us.dell.com> References: <4A895994.2020701@pobox.com> <20090823205006.GA19019@auslistsprd01.us.dell.com> <4A91F13B.30904@pobox.com> <9E287688-AAF9-464B-9A19-E5AD51FC33AE@davidjmemmett.co.uk> <20090824221137.GA32393@auslistsprd01.us.dell.com> <20090827050148.GA2703@auslistsprd01.us.dell.com> Message-ID: <4A961F15.2060703@pobox.com> On 08/27/2009 01:01 AM, Matt Domsch wrote: > I've done some more digging, and posted my findings on [1] > specifically that our torrent tracker doesn't support IPv6, though the > VM is on a machine that has a global IPv6 address. I've started > looking at building opentracker, which is under a beerware license (so > acceptable). [...] Regarding bittorrent, http://www.sixxs.net/tools/tracker/ And they link to http://ipv6.niif.hu/index.php?mn=3&sm=5&lg=en which is dead, but http://ipv6.niif.hu/index.php?mn=3&sm=5&lg=en which is alive, and contains some discussion of IPv6 and BT. > With what we have at iBiblio, we could enable ns2, proxy4, and > torrent1 pretty easily. Nice! Jeff From jgarzik at pobox.com Thu Aug 27 05:58:33 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Thu, 27 Aug 2009 01:58:33 -0400 Subject: IPv6 for Fedora services? In-Reply-To: <4A961465.6050009@internexusconnect.net> References: <4A895994.2020701@pobox.com> <20090823205006.GA19019@auslistsprd01.us.dell.com> <4A91F13B.30904@pobox.com> <9E287688-AAF9-464B-9A19-E5AD51FC33AE@davidjmemmett.co.uk> <20090824221137.GA32393@auslistsprd01.us.dell.com> <20090827050148.GA2703@auslistsprd01.us.dell.com> <4A961465.6050009@internexusconnect.net> Message-ID: <4A962089.5080707@pobox.com> On 08/27/2009 01:06 AM, Tristan Santore wrote: > Matt, > I think the key issue is to get anything going. Anything is better than > nothing. When other providers roll IPv6 PAs out, then those locations > can be enabled, when available. > Of course there would also be the 6to4 option. Might also be smart, to > check if those providers offer a 6to4 gateway, then 6to4 tunneling, > could be used in the interim. 6to4 is definitely worth investigating, but there are a few downsides, - gateway is often far away (you hint at this) - it complicates firewalling; a site may need additional rules relating to wrapping, unwrapping and passing protocol IPPROTO_IPV6 (41) on the iptables (ie. IPv4 tables) side of things It's definitely an option to consider, though... Jeff From sts at ono.at Thu Aug 27 11:07:49 2009 From: sts at ono.at (Stefan Schlesinger) Date: Thu, 27 Aug 2009 13:07:49 +0200 Subject: IPv6 for Fedora services? In-Reply-To: References: <4A895994.2020701@pobox.com> <4A89856D.4090107@pobox.com> Message-ID: <0FDA1A0C-058E-47F0-8BBC-9A80B461ED7B@ono.at> On Aug 17, 2009, at 19:43 , Mike McGrath wrote: > On Mon, 17 Aug 2009, Jeff Garzik wrote: > >> On 08/17/2009 10:01 AM, Mike McGrath wrote: >>> On Mon, 17 Aug 2009, Jeff Garzik wrote: >>>> Is there any IPv6 plan for *.fedoraproject.org ? >>> There is currently no plan. >> What needs to be done to create a plan, and move forward? > Someone with a clear idea of the benefits, costs, and a plan for > implementation. Besides the fact that we have to expect no more free IPv4 adresses available after 2012 and will then be forced to start working on it, the greatest benefit would be to start getting experience on the whole new IPv6 stack. As long as our uplink providers already support v6, the costs to enable services within the new address space should be minimal. Providers usually just charge a setup fee and are actually not allowed to charge more than that... I have already some experience with ipv6 from my workplace. The rough plan for the transition made so far was: * Enable v6 auto-configuration for all of our server vlans. Thus, all of our machines had v6 connectivity to the outside, and where able to use already existing v6 services. To work around any security bugs which this change could introduce, we configured stateful filtering on the routers, allowing only established connections from the outside to our machines. * Working on the support of internal, ancillary services, such as monitoring-, accouting- and documentation systems and setting up firewalls for v6 on all of the hosts. * Enabling the first non-critical test services, by adding additional addresses from another address space, which allow inbound connections. * Enabling more and more services, which are as well visible for our customers. DNS, SMTP, WEB,... Looking forward to work with you guys on the transition. Regards, Stefan. -- Stefan Schlesinger \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\\ sts at ono.at STS45-RIPE From Matt_Domsch at Dell.com Thu Aug 27 13:57:36 2009 From: Matt_Domsch at Dell.com (Matt_Domsch at Dell.com) Date: Thu, 27 Aug 2009 08:57:36 -0500 Subject: F8/F9 torrent links References: <747290270908262108r57b02b86j575e6914439a61@mail.gmail.com> Message-ID: When I last did cleanup, it was before F9 went EOL, so it stayed. F9 has ~20 downloaders right now. I didn't nuke F8 just because there were still a few seeders and downloaders. I see there are 12 downloaders at present for it. https://www.redhat.com/archives/fedora-infrastructure-list/2009-May/msg00164.html describes the policy we have in place. By rights, if we move F9 to archive.fp.o, then we can nuke both F8 and F9 from torrent1. -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux -----Original Message----- From: sijis.aviles at gmail.com on behalf of Sijis Aviles Sent: Wed 8/26/2009 11:08 PM To: torrentadmin-members at fedoraproject.org Subject: F8/F9 torrent links Hey all, I was browsing the torrent.fedoraproject.org website and i noticed that there are torrent links still listed for F8 and F9. I was looking for a way to remove them via the fedora-web git repo but nb and G noticed the Torrent_SOP. I figured i'd email the torrent group and see if these should be removed since they are EOL. Let me know if in the future i should direct this to somewhere/someone else. Thanks, Sijis From Matt_Domsch at dell.com Thu Aug 27 13:59:53 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Thu, 27 Aug 2009 08:59:53 -0500 Subject: IPv6 for Fedora services? In-Reply-To: <0FDA1A0C-058E-47F0-8BBC-9A80B461ED7B@ono.at> References: <4A895994.2020701@pobox.com> <4A89856D.4090107@pobox.com> <0FDA1A0C-058E-47F0-8BBC-9A80B461ED7B@ono.at> Message-ID: <20090827135953.GA2729@auslistsprd01.us.dell.com> On Thu, Aug 27, 2009 at 01:07:49PM +0200, Stefan Schlesinger wrote: > On Aug 17, 2009, at 19:43 , Mike McGrath wrote: > > >On Mon, 17 Aug 2009, Jeff Garzik wrote: > > > >>On 08/17/2009 10:01 AM, Mike McGrath wrote: > >>>On Mon, 17 Aug 2009, Jeff Garzik wrote: > >>>>Is there any IPv6 plan for *.fedoraproject.org ? > >>>There is currently no plan. > >>What needs to be done to create a plan, and move forward? > >Someone with a clear idea of the benefits, costs, and a plan for > >implementation. > > Besides the fact that we have to expect no more free IPv4 adresses > available after 2012 and will then be forced to start working on it, the > greatest benefit would be to start getting experience on the whole new > IPv6 stack. > > As long as our uplink providers already support v6, the costs to enable > services within the new address space should be minimal. Providers > usually just charge a setup fee and are actually not allowed to charge > more than that... > > I have already some experience with ipv6 from my workplace. The rough > plan for the transition made so far was: > > * Enable v6 auto-configuration for all of our server vlans. Thus, all > of our machines had v6 connectivity to the outside, and where able > to use already existing v6 services. > > To work around any security bugs which this change could introduce, > we configured stateful filtering on the routers, allowing only > established connections from the outside to our machines. We don't have control over the routers in most of our data centers. RHEL5's ip6tables can't do stateful filtering either (no conntrack). I agree stateful would be nice, but is it strictly necessary? I don't believe so. -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From mmcgrath at redhat.com Thu Aug 27 14:17:24 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 27 Aug 2009 09:17:24 -0500 (CDT) Subject: Introduction In-Reply-To: <4A956454.9040401@gmail.com> References: <4A956454.9040401@gmail.com> Message-ID: On Wed, 26 Aug 2009, Christian Del Pino wrote: > Hello everyone, > > My name is Chris. I am looking to contribute my skills and time to the Fedora > Infrastructure group. > > I started using Linux back in 1996 while in college. In 2005, I became a > system administrator at a small company helping them build, deploy, and > support Linux based laptops for use in capturing clinical data. Other tasks > included projects to help the company scale our operations. > > I have a Bachelor's in Computer Science, and I am currently pursuing a > Master's in Information Systems, with a couple of semesters to go. I also > became a Red Hat Certified Technician back in 2004. > > My skills include: > > Bash scripting > MySQL > C++ > HTML > CSS > Some Python > Some PostgreSQL > Started learning some Django. > > I want to be involved in the Fedora community by helping out where I can, and > also learn some more new skills along the way. > Hello Chris. We have several development projects going on at the moment. One you may be interested in is Fedora Community - https://admin.fedoraproject.org/community/ Here's the project page: https://fedorahosted.org/fedoracommunity/ We hang out on irc.freenode.net in #fedora-admin, stop by sometime. -Mike From a.badger at gmail.com Thu Aug 27 19:12:11 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 27 Aug 2009 12:12:11 -0700 Subject: Introduction In-Reply-To: <4A956454.9040401@gmail.com> References: <4A956454.9040401@gmail.com> Message-ID: <4A96DA8B.7020604@gmail.com> On 08/26/2009 09:35 AM, Christian Del Pino wrote: > Hello everyone, > > My name is Chris. I am looking to contribute my skills and time to the > Fedora Infrastructure group. > > I started using Linux back in 1996 while in college. In 2005, I became a > system administrator at a small company helping them build, deploy, and > support Linux based laptops for use in capturing clinical data. Other > tasks included projects to help the company scale our operations. > > I have a Bachelor's in Computer Science, and I am currently pursuing a > Master's in Information Systems, with a couple of semesters to go. I > also became a Red Hat Certified Technician back in 2004. > > My skills include: > > Bash scripting > MySQL > C++ > HTML > CSS > Some Python > Some PostgreSQL > Started learning some Django. > > I want to be involved in the Fedora community by helping out where I > can, and also learn some more new skills along the way. > If you're interested in Django, one project that started off purely in Fedora but has become more of its own upstream is transifex (http://www.transifex.org, #transifex on irc.freenode.net). diegobz, glezos, and ivazquez are all Fedora community members as well as transifex hackers. Our particular transifex instance is at: https://translate.fedoraproject.org Most of the rest of our web apps are written for the TurboGears 1 framework. We're going to port them to TG2 at some point in the indefinite future (probably when someone volunteers to make it their pet project :-). If there's one particular web application that you're interested in, I can help get you started. If you just want someone to suggest something, I can have you look through the tickets for the packagedb and we can find something for you to work on :-) best way to reach me is abadger1999 on irc.freenode.net -- #fedora-admin but email to this list also works. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From Matt_Domsch at dell.com Fri Aug 28 21:11:05 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:05 +0000 Subject: [PATCH] ip6tables template for RHEL5 In-Reply-To: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- configs/system/ip6tables-template.conf.erb | 40 ++++++++++++++++++++++++++++ 1 files changed, 40 insertions(+), 0 deletions(-) create mode 100644 configs/system/ip6tables-template.conf.erb diff --git a/configs/system/ip6tables-template.conf.erb b/configs/system/ip6tables-template.conf.erb new file mode 100644 index 0000000..e0a0efc --- /dev/null +++ b/configs/system/ip6tables-template.conf.erb @@ -0,0 +1,40 @@ +# Firewall configuration written by system-config-securitylevel +# Manual customization of this file is not recommended. +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:RH-Firewall-1-INPUT - [0:0] +-A INPUT -j RH-Firewall-1-INPUT +-A FORWARD -j RH-Firewall-1-INPUT + +# loopback allowed +-A RH-Firewall-1-INPUT -i lo -j ACCEPT + +# Accept ping and traceroute (needs icmp) +-A RH-Firewall-1-INPUT -p icmpv6 -j ACCEPT + +# Accept IPv6 packets at all +-A RH-Firewall-1-INPUT -p 50 -j ACCEPT +-A RH-Firewall-1-INPUT -p 51 -j ACCEPT + +# Accept SSH +-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT + +# Custom Services +<% custom.each do |cust| -%> +<%= cust %> +<% end -%> + +# Services TCP +<% tcpPorts.each do |port| -%> +-A RH-Firewall-1-INPUT -p tcp -m tcp --dport <%= port %> -j ACCEPT +<% end -%> + +# Services UDP +<% udpPorts.each do |port| -%> +-A RH-Firewall-1-INPUT -p udp -m udp --dport <%= port %> -j ACCEPT +<% end -%> + +-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp6-adm-prohibited +COMMIT -- 1.5.5.6 From Matt_Domsch at dell.com Fri Aug 28 21:11:09 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:09 +0000 Subject: [PATCH] extend eth{} to optionally take a list of IPv6 addresses In-Reply-To: <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- configs/system/generic-network.conf.erb | 4 ++++ manifests/filetypes/interfaces.pp | 2 +- 2 files changed, 5 insertions(+), 1 deletions(-) diff --git a/configs/system/generic-network.conf.erb b/configs/system/generic-network.conf.erb index 07ece31..f4366dd 100644 --- a/configs/system/generic-network.conf.erb +++ b/configs/system/generic-network.conf.erb @@ -19,3 +19,7 @@ BRIDGE=<%= brname %> <% else -%> TYPE=Ethernet <% end -%> + +<% if ipv6addrs.length then -%> +IPV6ADDR_SECONDARIES="<%= ipv6addrs.map{|ip| ip }.join(" ") %>" +<% end -%> diff --git a/manifests/filetypes/interfaces.pp b/manifests/filetypes/interfaces.pp index 1a7f30e..29722f6 100644 --- a/manifests/filetypes/interfaces.pp +++ b/manifests/filetypes/interfaces.pp @@ -1,6 +1,6 @@ # Define ethernet devices (usually aliased) -define eth($ipaddr, $netmask) { +define eth($ipaddr, $netmask, $ipv6addrs=[]) { $bootproto='static' $device = $name $ethtype = "standard" -- 1.5.5.6 From Matt_Domsch at dell.com Fri Aug 28 21:11:10 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:10 +0000 Subject: [PATCH] add apache IPv6 config options In-Reply-To: <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- modules/httpd/files/00-namevirtualhost.conf | 4 ++++ modules/httpd/files/httpd.conf-rhel5p | 1 + 2 files changed, 5 insertions(+), 0 deletions(-) diff --git a/modules/httpd/files/00-namevirtualhost.conf b/modules/httpd/files/00-namevirtualhost.conf index 3c87355..a3c8b39 100644 --- a/modules/httpd/files/00-namevirtualhost.conf +++ b/modules/httpd/files/00-namevirtualhost.conf @@ -25,6 +25,10 @@ NameVirtualHost 152.46.7.221:80 NameVirtualHost 152.46.7.221:443 NameVirtualHost 152.46.7.222:80 NameVirtualhost 152.46.7.222:443 +NameVirtualHost [2610:28:200:1::fed0:1]:80 +NameVirtualHost [2610:28:200:1::fed0:1]:443 +NameVirtualHost [2610:28:200:1::fed0:2]:80 +NameVirtualHost [2610:28:200:1::fed0:2]:443 #proxy5 NameVirtualHost 80.239.156.214:80 diff --git a/modules/httpd/files/httpd.conf-rhel5p b/modules/httpd/files/httpd.conf-rhel5p index 5c40c80..bd4480f 100644 --- a/modules/httpd/files/httpd.conf-rhel5p +++ b/modules/httpd/files/httpd.conf-rhel5p @@ -148,6 +148,7 @@ MaxRequestsPerChild 10000 # Listen 0.0.0.0:80 Listen 0.0.0.0:443 +Listen [::]:80 # # Dynamic Shared Object (DSO) Support -- 1.5.5.6 From Matt_Domsch at dell.com Fri Aug 28 21:11:04 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:04 +0000 Subject: IPv6 enablement patches Message-ID: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> This patch series enables IPv6 for several infrastructure services. * ns2, so we start serving DNS by IPv6 * proxy4, so we can start serving fedoraproject.org and other sites by IPv6 * ip6tables for these servers Comments welcome. Thanks, Matt From Matt_Domsch at dell.com Fri Aug 28 21:11:08 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:08 +0000 Subject: [PATCH] add ibiblio1 AAAA In-Reply-To: <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- modules/bind/files/master/fedoraproject.org | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/modules/bind/files/master/fedoraproject.org b/modules/bind/files/master/fedoraproject.org index 43d6d18..2327080 100644 --- a/modules/bind/files/master/fedoraproject.org +++ b/modules/bind/files/master/fedoraproject.org @@ -126,6 +126,7 @@ hosted 60 IN CNAME hosted1.fedoraproject.org. hosted1 IN A 66.135.52.17 hosted2 IN A 66.135.52.84 ibiblio1 IN A 152.46.7.219 +ibiblio1 IN AAAA 2610:28:200:1:21a:64ff:fec3:ac0a ibiblio1-mgmt IN A 152.46.7.223 id IN CNAME admin *.id IN CNAME admin -- 1.5.5.6 From Matt_Domsch at dell.com Fri Aug 28 21:11:06 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:06 +0000 Subject: [PATCH] add AAAA records for ns2, proxy4, and torrent1 In-Reply-To: <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- modules/bind/files/master/fedoraproject.org | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/modules/bind/files/master/fedoraproject.org b/modules/bind/files/master/fedoraproject.org index cb9836f..43d6d18 100644 --- a/modules/bind/files/master/fedoraproject.org +++ b/modules/bind/files/master/fedoraproject.org @@ -148,6 +148,7 @@ mx3 IN A 66.187.233.32 noc2 IN A 80.239.156.216 ns1 IN A 64.34.184.179 ns2 IN A 152.46.7.225 +ns2 IN AAAA 2610:28:200:1:216:3eff:fe1f:6b93 ols IN CNAME fedorapeople.org. osuosl1 IN A 140.211.169.194 people1 IN A 128.197.185.45 @@ -166,6 +167,7 @@ posse8 IN A 209.132.178.18 posse9 IN A 209.132.178.20 proxy3 IN A 66.35.62.162 proxy4 IN A 152.46.7.221 +proxy4 IN AAAA 2610:28:200:1:216:3eff:fe62:9fdd proxy4-2 IN A 152.46.7.222 proxy5 IN A 80.239.156.214 publictest1 IN A 152.46.7.227 @@ -214,6 +216,7 @@ talk IN CNAME asterisk1.fedoraproject.org. telia1 IN A 80.239.144.84 torrent 60 IN A 152.46.7.220 torrent1 IN A 152.46.7.220 +torrent1 IN AAAA 2610:28:200:1:216:3eff:fe42:cd90 torrents IN CNAME torrent translate IN CNAME admin translate.stg IN CNAME admin.stg.fedoraproject.org. -- 1.5.5.6 From Matt_Domsch at dell.com Fri Aug 28 21:11:07 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:07 +0000 Subject: [PATCH] enable IPv6 in named.conf In-Reply-To: <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- modules/bind/files/named.conf | 12 +++++++++--- 1 files changed, 9 insertions(+), 3 deletions(-) diff --git a/modules/bind/files/named.conf b/modules/bind/files/named.conf index 6063696..29f0d63 100644 --- a/modules/bind/files/named.conf +++ b/modules/bind/files/named.conf @@ -13,9 +13,11 @@ key "rndckey" { // dns1.j2solutions.net - run by Jesse Keating acl "slaves" { 209.124.61.35; 209.124.61.34; 209.124.62.154; }; // -acl "me" { 127.0.0.1; }; +acl "me" { 127.0.0.1; ::1; }; // -acl "everyone" { 0.0.0.0/0; }; +acl "everyone-v4" { 0.0.0.0/0; }; +acl "everyone-v6" { ::0/0; }; +acl "everyone" { 0.0.0.0/0; ::0/0; }; // acl "ns_redhat" { 66.187.233.210; 209.132.183.2; 66.187.229.10; }; // @@ -27,6 +29,7 @@ options { allow-query { everyone; }; allow-recursion { me; cloud; }; query-source address * port *; + query-source-v6 address * port *; allow-transfer { me; slaves; }; transfer-source * port 53; pid-file "var/run/named/named.pid"; @@ -34,7 +37,10 @@ options { // forwarders { 209.132.178.0/23; }; version "cowbell++"; listen-on port 53 { - everyone; + everyone-v4; + }; + listen-on-v6 port 53 { + everyone-v6; }; notify yes; }; -- 1.5.5.6 From Matt_Domsch at dell.com Fri Aug 28 21:11:14 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:14 +0000 Subject: [PATCH] create ip6tables definition In-Reply-To: <1251493877-1875-10-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-9-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-10-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-11-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- manifests/filetypes/standard.pp | 12 ++++++++++++ 1 files changed, 12 insertions(+), 0 deletions(-) diff --git a/manifests/filetypes/standard.pp b/manifests/filetypes/standard.pp index d4ce26a..097b3df 100644 --- a/manifests/filetypes/standard.pp +++ b/manifests/filetypes/standard.pp @@ -130,6 +130,18 @@ define iptables($owner = root, $group = root, $mode = 644, $content, notify => Service['iptables'], } } +define ip6tables($owner = root, $group = root, $mode = 644, $content, + $backup = main, $ensure = file) { + file { $name: + mode => $mode, + owner => $owner, + group => $group, + backup => $backup, + ensure => $ensure, + content => $content, + notify => Service['ip6tables'], + } +} define nfs($device, $fstype='nfs', $ensure=mounted, $options='defaults') { include nfs-utils -- 1.5.5.6 From Matt_Domsch at dell.com Fri Aug 28 21:11:16 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:16 +0000 Subject: [PATCH] add ip6tables on DNS servers In-Reply-To: <1251493877-1875-12-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-9-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-10-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-11-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-12-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-13-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- manifests/servergroups/dns.pp | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/manifests/servergroups/dns.pp b/manifests/servergroups/dns.pp index 0b543b2..01b5a60 100644 --- a/manifests/servergroups/dns.pp +++ b/manifests/servergroups/dns.pp @@ -12,11 +12,20 @@ class dns { content => template('system/iptables-template.conf.erb'), } + ip6tables { '/etc/sysconfig/ip6tables': + content => template('system/ip6tables-template.conf.erb'), + } + service { iptables: ensure => running, hasstatus => true, } + service { ip6tables: + ensure => running, + hasstatus => true, + } + semanage_fcontext { '/var/named/chroot/log(/.*)?': type => 'named_log_t' } -- 1.5.5.6 From Matt_Domsch at dell.com Fri Aug 28 21:11:15 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:15 +0000 Subject: [PATCH] add ip6tables on proxy servers In-Reply-To: <1251493877-1875-11-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-9-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-10-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-11-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-12-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- manifests/servergroups/proxy.pp | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/manifests/servergroups/proxy.pp b/manifests/servergroups/proxy.pp index eeb9e19..745909e 100644 --- a/manifests/servergroups/proxy.pp +++ b/manifests/servergroups/proxy.pp @@ -772,11 +772,20 @@ class proxy { content => template("system/iptables-template.conf.erb"), } + ip6tables { "/etc/sysconfig/ip6tables": + content => template("system/ip6tables-template.conf.erb"), + } + service { "iptables": ensure => running, hasstatus => true, } + service { "ip6tables": + ensure => running, + hasstatus => true, + } + selboolean { [ "httpd_can_network_connect_db", "httpd_can_network_relay", -- 1.5.5.6 From Matt_Domsch at dell.com Fri Aug 28 21:11:11 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:11 +0000 Subject: [PATCH] add IPv6 addresses for apache VirtualHost stanzas In-Reply-To: <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- manifests/servergroups/proxy.pp | 23 +++++++++++++++++++++++ 1 files changed, 23 insertions(+), 0 deletions(-) diff --git a/manifests/servergroups/proxy.pp b/manifests/servergroups/proxy.pp index bfa0481..eeb9e19 100644 --- a/manifests/servergroups/proxy.pp +++ b/manifests/servergroups/proxy.pp @@ -22,6 +22,7 @@ class proxy { "66.35.62.162", "80.239.156.214", "152.46.7.221", + "[2610:28:200:1::fed0:1]", ], server_aliases => [ "stg.fedoraproject.org" ], ssl => true, @@ -39,6 +40,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "admin.stg.fedoraproject.org" ], ssl => true, @@ -57,6 +59,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "mirrors.stg.fedoraproject.org" ], ssl => true, @@ -74,6 +77,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "download01.fedoraproject.org", @@ -103,6 +107,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "translate.stg.fedoraproject.org" ], ssl => true, @@ -121,6 +126,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "smolt.fedoraproject.org", "stg.smolts.org", 'www.smolts.org'], ssl => false, @@ -137,6 +143,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "doc.fedoraproject.org", "docs.stg.fedoraproject.org" ], ssl => true, @@ -154,6 +161,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "bodhi.stg.fedoraproject.org" ], ssl => true, @@ -171,6 +179,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "bugz.stg.fedoraproject.org" ], ssl => true, @@ -188,6 +197,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "fas.stg.fedoraproject.org", "accounts.fedoraproject.org" ], ssl => true, @@ -207,6 +217,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "fedoralinux.com", @@ -252,6 +263,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "get.stg.fedoraproject.org" ], ssl => true, @@ -269,6 +281,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "help.stg.fedoraproject.org" ], ssl => true, @@ -286,6 +299,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "join.stg.fedoraproject.org" ], ssl => true, @@ -303,6 +317,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "l10n.stg.fedoraproject.org" ], ssl => true, @@ -320,6 +335,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "start.stg.fedoraproject.org" ], ssl => true, @@ -337,6 +353,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "download.fedora.redhat.com", @@ -357,6 +374,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "*.id.fedoraproject.org", @@ -378,6 +396,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "www.port389.org", @@ -398,6 +417,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "www.k12linux.org" ], ssl => false, @@ -413,6 +433,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "fonts.stg.fedoraproject.org" ], ssl => true, @@ -430,6 +451,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "meetbot.stg.fedoraproject.org" ], ssl => true, @@ -447,6 +469,7 @@ class proxy { "66.35.62.166", "80.239.156.215", "152.46.7.222", + "[2610:28:200:1::fed0:2]", ], server_aliases => [ "blogs.stg.fedoraproject.org" ], ssl => true, -- 1.5.5.6 From Matt_Domsch at dell.com Fri Aug 28 21:11:13 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:13 +0000 Subject: [PATCH] assign IPv6 addresses to proxy4 In-Reply-To: <1251493877-1875-9-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-9-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-10-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- manifests/nodes/proxy4.fedoraproject.org.pp | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/manifests/nodes/proxy4.fedoraproject.org.pp b/manifests/nodes/proxy4.fedoraproject.org.pp index 8926d94..fb31481 100644 --- a/manifests/nodes/proxy4.fedoraproject.org.pp +++ b/manifests/nodes/proxy4.fedoraproject.org.pp @@ -61,8 +61,15 @@ node "proxy4.fedoraproject.org" { alias => ["value2", "value2.fedoraproject.org"], } + eth { "eth0": + ipaddr => "152.46.7.221", + netmask => "255.255.255.0", + ipv6addrs => ["2610:28:200:1::fed0:1/64"], + } + eth { "eth0:0": ipaddr => "152.46.7.222", netmask => "255.255.255.0", + ipv6addrs => ["2610:28:200:1::fed0:2/64"], } } -- 1.5.5.6 From Matt_Domsch at dell.com Fri Aug 28 21:11:12 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:12 +0000 Subject: [PATCH] change proxy4 IPv6 addresses to static scheme In-Reply-To: <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-9-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- modules/bind/files/master/fedoraproject.org | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/modules/bind/files/master/fedoraproject.org b/modules/bind/files/master/fedoraproject.org index 2327080..14eb8c3 100644 --- a/modules/bind/files/master/fedoraproject.org +++ b/modules/bind/files/master/fedoraproject.org @@ -168,8 +168,9 @@ posse8 IN A 209.132.178.18 posse9 IN A 209.132.178.20 proxy3 IN A 66.35.62.162 proxy4 IN A 152.46.7.221 -proxy4 IN AAAA 2610:28:200:1:216:3eff:fe62:9fdd +proxy4 IN AAAA 2610:28:200:1::fed0:1 proxy4-2 IN A 152.46.7.222 +proxy4-2 IN AAAA 2610:28:200:1::fed0:2 proxy5 IN A 80.239.156.214 publictest1 IN A 152.46.7.227 publictest2 IN A 152.46.7.228 -- 1.5.5.6 From Matt_Domsch at dell.com Fri Aug 28 21:11:17 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 21:11:17 +0000 Subject: [PATCH] add proxy4 IPv6 addresses into zone file In-Reply-To: <1251493877-1875-13-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-9-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-10-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-11-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-12-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-13-git-send-email-Matt_Domsch@dell.com> Message-ID: <1251493877-1875-14-git-send-email-Matt_Domsch@dell.com> From: Matt Domsch --- modules/bind/files/master/fedoraproject.org | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/modules/bind/files/master/fedoraproject.org b/modules/bind/files/master/fedoraproject.org index 14eb8c3..6f9286d 100644 --- a/modules/bind/files/master/fedoraproject.org +++ b/modules/bind/files/master/fedoraproject.org @@ -17,12 +17,14 @@ $TTL 3600 @ 60 IN A 66.35.62.162 @ 60 IN A 152.46.7.221 ;@ 60 IN A 80.239.156.214 +@ 60 IN AAAA 2610:28:200:1::fed0:1 ; Our non fp.o load balanced setup wildcard 60 IN A 209.132.176.120 wildcard 60 IN A 66.35.62.166 wildcard 60 IN A 152.46.7.222 ;wildcard 60 IN A 80.239.156.215 +wildcard 60 IN AAAA 2610:28:200:1::fed0:2 ; koji koji IN A 209.132.176.65 -- 1.5.5.6 From jgarzik at pobox.com Fri Aug 28 21:25:40 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Fri, 28 Aug 2009 17:25:40 -0400 Subject: [PATCH] add apache IPv6 config options In-Reply-To: <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> Message-ID: <4A984B54.3040306@pobox.com> On 08/28/2009 05:11 PM, Matt Domsch wrote: > From: Matt Domsch > > --- > modules/httpd/files/00-namevirtualhost.conf | 4 ++++ > modules/httpd/files/httpd.conf-rhel5p | 1 + > 2 files changed, 5 insertions(+), 0 deletions(-) > > diff --git a/modules/httpd/files/00-namevirtualhost.conf b/modules/httpd/files/00-namevirtualhost.conf > index 3c87355..a3c8b39 100644 > --- a/modules/httpd/files/00-namevirtualhost.conf > +++ b/modules/httpd/files/00-namevirtualhost.conf > @@ -25,6 +25,10 @@ NameVirtualHost 152.46.7.221:80 > NameVirtualHost 152.46.7.221:443 > NameVirtualHost 152.46.7.222:80 > NameVirtualhost 152.46.7.222:443 > +NameVirtualHost [2610:28:200:1::fed0:1]:80 > +NameVirtualHost [2610:28:200:1::fed0:1]:443 > +NameVirtualHost [2610:28:200:1::fed0:2]:80 > +NameVirtualHost [2610:28:200:1::fed0:2]:443 Do SSL certificates need to be aware of this new IPv6 web address? Jeff From mmcgrath at redhat.com Fri Aug 28 21:28:02 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 28 Aug 2009 16:28:02 -0500 (CDT) Subject: [PATCH] add apache IPv6 config options In-Reply-To: <4A984B54.3040306@pobox.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <4A984B54.3040306@pobox.com> Message-ID: On Fri, 28 Aug 2009, Jeff Garzik wrote: > On 08/28/2009 05:11 PM, Matt Domsch wrote: > > From: Matt Domsch > > > > --- > > modules/httpd/files/00-namevirtualhost.conf | 4 ++++ > > modules/httpd/files/httpd.conf-rhel5p | 1 + > > 2 files changed, 5 insertions(+), 0 deletions(-) > > > > diff --git a/modules/httpd/files/00-namevirtualhost.conf > > b/modules/httpd/files/00-namevirtualhost.conf > > index 3c87355..a3c8b39 100644 > > --- a/modules/httpd/files/00-namevirtualhost.conf > > +++ b/modules/httpd/files/00-namevirtualhost.conf > > @@ -25,6 +25,10 @@ NameVirtualHost 152.46.7.221:80 > > NameVirtualHost 152.46.7.221:443 > > NameVirtualHost 152.46.7.222:80 > > NameVirtualhost 152.46.7.222:443 > > +NameVirtualHost [2610:28:200:1::fed0:1]:80 > > +NameVirtualHost [2610:28:200:1::fed0:1]:443 > > +NameVirtualHost [2610:28:200:1::fed0:2]:80 > > +NameVirtualHost [2610:28:200:1::fed0:2]:443 > > Do SSL certificates need to be aware of this new IPv6 web address? > AFAIK, no. ssl certs are completely unaware of IP addresses. -Mike From Matt_Domsch at dell.com Fri Aug 28 21:28:09 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 16:28:09 -0500 Subject: [PATCH] add apache IPv6 config options In-Reply-To: <4A984B54.3040306@pobox.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <4A984B54.3040306@pobox.com> Message-ID: <20090828212809.GA5393@auslistsprd01.us.dell.com> On Fri, Aug 28, 2009 at 05:25:40PM -0400, Jeff Garzik wrote: > Do SSL certificates need to be aware of this new IPv6 web address? Fortunately not, they're all DNS name-based, not address-based. -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From jgarzik at pobox.com Fri Aug 28 21:28:51 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Fri, 28 Aug 2009 17:28:51 -0400 Subject: [PATCH] add apache IPv6 config options In-Reply-To: <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> Message-ID: <4A984C13.6050806@pobox.com> On 08/28/2009 05:11 PM, Matt Domsch wrote: > index 5c40c80..bd4480f 100644 > --- a/modules/httpd/files/httpd.conf-rhel5p > +++ b/modules/httpd/files/httpd.conf-rhel5p > @@ -148,6 +148,7 @@ MaxRequestsPerChild 10000 > # > Listen 0.0.0.0:80 > Listen 0.0.0.0:443 > +Listen [::]:80 Two comments: - wouldn't "*:80" accomplish the same thing as two listen directives? Perhaps "*:80" means that Apache binds, on Linux, to the slightly-more-efficient ipv6 socket, where ipv4 connections are ipv6-mapped (:ffff:10.20.30.40)? - do you need a listen "[::]:443" also? From jbdarow at ace-host.net Fri Aug 28 21:29:29 2009 From: jbdarow at ace-host.net (Jerald Darow) Date: Fri, 28 Aug 2009 17:29:29 -0400 Subject: [PATCH] add ip6tables on DNS servers In-Reply-To: <1251493877-1875-13-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com><1251493877-1875-2-git-send-email-Matt_Domsch@dell.com><1251493877-1875-3-git-send-email-Matt_Domsch@dell.com><1251493877-1875-4-git-send-email-Matt_Domsch@dell.com><1251493877-1875-5-git-send-email-Matt_Domsch@dell.com><1251493877-1875-6-git-send-email-Matt_Domsch@dell.com><1251493877-1875-7-git-send-email-Matt_Domsch@dell.com><1251493877-1875-8-git-send-email-Matt_Domsch@dell.com><1251493877-1875-9-git-send-email-Matt_Domsch@dell.com><1251493877-1875-10-git-send-email-Matt_Domsch@dell.com><1251493877-1875-11-git-send-email-Matt_Domsch@dell.com><1251493877-1875-12-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-13-git-send-email-Matt_Domsch@dell.com> Message-ID: <91D257FAE1604627903624831BA2D6BF@kicksass.net> Matt why are you spamming the list ----- Original Message ----- From: "Matt Domsch" To: Sent: Friday, August 28, 2009 5:11 PM Subject: [PATCH] add ip6tables on DNS servers > From: Matt Domsch > > --- > manifests/servergroups/dns.pp | 9 +++++++++ > 1 files changed, 9 insertions(+), 0 deletions(-) > > diff --git a/manifests/servergroups/dns.pp b/manifests/servergroups/dns.pp > index 0b543b2..01b5a60 100644 > --- a/manifests/servergroups/dns.pp > +++ b/manifests/servergroups/dns.pp > @@ -12,11 +12,20 @@ class dns { > content => template('system/iptables-template.conf.erb'), > } > > + ip6tables { '/etc/sysconfig/ip6tables': > + content => template('system/ip6tables-template.conf.erb'), > + } > + > service { iptables: > ensure => running, > hasstatus => true, > } > > + service { ip6tables: > + ensure => running, > + hasstatus => true, > + } > + > semanage_fcontext { '/var/named/chroot/log(/.*)?': > type => 'named_log_t' > } > -- > 1.5.5.6 > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From mmcgrath at redhat.com Fri Aug 28 21:31:45 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 28 Aug 2009 16:31:45 -0500 (CDT) Subject: [PATCH] add ip6tables on DNS servers In-Reply-To: <91D257FAE1604627903624831BA2D6BF@kicksass.net> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com><1251493877-1875-2-git-send-email-Matt_Domsch@dell.com><1251493877-1875-3-git-send-email-Matt_Domsch@dell.com><1251493877-1875-4-git-send-email-Matt_Domsch@dell.com><1251493877-1875-5-git-send-email-Matt_Domsch@dell.com><1251493877-1875-6-git-send-email-Matt_Domsch@dell.com><1251493877-1875-7-git-send-email-Matt_Domsch@dell.com><1251493877-1875-8-git-send-email-Matt_Domsch@dell.com><1251493877-1875-9-git-send-email-Matt_Domsch@dell.com><1251493877-1875-10-git-send-email-Matt_Domsch@dell.com><1251493877-1875-11-git-send-email-Matt_Domsch@dell.com><1251493877-1875-12-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-13-git-send-email-Matt_Domsch@dell.com> <91D257FAE1604627903624831BA2D6BF@kicksass.net> Message-ID: On Fri, 28 Aug 2009, Jerald Darow wrote: > Matt why are you spamming the list > He's trying to make sure these changes (there's a lot of them) don't break the world. And since we can't really test these in staging he's getting as many eyes on it as he can. -Mike > ----- Original Message ----- From: "Matt Domsch" > To: > Sent: Friday, August 28, 2009 5:11 PM > Subject: [PATCH] add ip6tables on DNS servers > > > > From: Matt Domsch > > > > --- > > manifests/servergroups/dns.pp | 9 +++++++++ > > 1 files changed, 9 insertions(+), 0 deletions(-) > > > > diff --git a/manifests/servergroups/dns.pp b/manifests/servergroups/dns.pp > > index 0b543b2..01b5a60 100644 > > --- a/manifests/servergroups/dns.pp > > +++ b/manifests/servergroups/dns.pp > > @@ -12,11 +12,20 @@ class dns { > > content => template('system/iptables-template.conf.erb'), > > } > > > > + ip6tables { '/etc/sysconfig/ip6tables': > > + content => template('system/ip6tables-template.conf.erb'), > > + } > > + > > service { iptables: > > ensure => running, > > hasstatus => true, > > } > > > > + service { ip6tables: > > + ensure => running, > > + hasstatus => true, > > + } > > + > > semanage_fcontext { '/var/named/chroot/log(/.*)?': > > type => 'named_log_t' > > } > > -- > > 1.5.5.6 > > > > _______________________________________________ > > Fedora-infrastructure-list mailing list > > Fedora-infrastructure-list at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From lxtnow at gmail.com Fri Aug 28 21:32:24 2009 From: lxtnow at gmail.com (SmootherFrOgZ) Date: Fri, 28 Aug 2009 23:32:24 +0200 Subject: [PATCH] add apache IPv6 config options In-Reply-To: <4A984C13.6050806@pobox.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <4A984C13.6050806@pobox.com> Message-ID: <62bc09df0908281432h654f193en9d53bc98b5e3097b@mail.gmail.com> On Fri, Aug 28, 2009 at 11:28 PM, Jeff Garzik wrote: > On 08/28/2009 05:11 PM, Matt Domsch wrote: >> >> index 5c40c80..bd4480f 100644 >> --- a/modules/httpd/files/httpd.conf-rhel5p >> +++ b/modules/httpd/files/httpd.conf-rhel5p >> @@ -148,6 +148,7 @@ MaxRequestsPerChild ? ?10000 >> ?# >> ?Listen 0.0.0.0:80 >> ?Listen 0.0.0.0:443 >> +Listen [::]:80 > > Two comments: > > - wouldn't "*:80" accomplish the same thing as two listen directives? > Perhaps "*:80" means that Apache binds, on Linux, to the > slightly-more-efficient ipv6 socket, where ipv4 connections are ipv6-mapped > (:ffff:10.20.30.40)? > > - do you need a listen "[::]:443" also? Correct. Apache needs binding against ipv6 -- Xavier.t Lamien -- http://fedoraproject.org/wiki/XavierLamien GPG-Key ID: F3903DEB Fingerprint: 0F2A 7A17 0F1B 82EE FCBF 1F51 76B7 A28D F390 3DEB From jgarzik at pobox.com Fri Aug 28 21:45:19 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Fri, 28 Aug 2009 17:45:19 -0400 Subject: [PATCH] add IPv6 addresses for apache VirtualHost stanzas In-Reply-To: <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> Message-ID: <4A984FEF.1070706@pobox.com> On 08/28/2009 05:11 PM, Matt Domsch wrote: > From: Matt Domsch > > --- > manifests/servergroups/proxy.pp | 23 +++++++++++++++++++++++ > 1 files changed, 23 insertions(+), 0 deletions(-) > > diff --git a/manifests/servergroups/proxy.pp b/manifests/servergroups/proxy.pp > index bfa0481..eeb9e19 100644 > --- a/manifests/servergroups/proxy.pp > +++ b/manifests/servergroups/proxy.pp > @@ -22,6 +22,7 @@ class proxy { > "66.35.62.162", > "80.239.156.214", > "152.46.7.221", > + "[2610:28:200:1::fed0:1]", > ], > server_aliases => [ "stg.fedoraproject.org" ], > ssl => true, No objection/comment on the IPv6 portion of this patch. I'm surprised these highly repetitive address lists are not auto-generated from a flat file (or other database), though. Jeff From jgarzik at pobox.com Fri Aug 28 21:52:34 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Fri, 28 Aug 2009 17:52:34 -0400 Subject: [PATCH] change proxy4 IPv6 addresses to static scheme In-Reply-To: <1251493877-1875-9-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-9-git-send-email-Matt_Domsch@dell.com> Message-ID: <4A9851A2.80109@pobox.com> On 08/28/2009 05:11 PM, Matt Domsch wrote: > From: Matt Domsch > > --- > modules/bind/files/master/fedoraproject.org | 3 ++- > 1 files changed, 2 insertions(+), 1 deletions(-) > > diff --git a/modules/bind/files/master/fedoraproject.org b/modules/bind/files/master/fedoraproject.org > index 2327080..14eb8c3 100644 > --- a/modules/bind/files/master/fedoraproject.org > +++ b/modules/bind/files/master/fedoraproject.org > @@ -168,8 +168,9 @@ posse8 IN A 209.132.178.18 > posse9 IN A 209.132.178.20 > proxy3 IN A 66.35.62.162 > proxy4 IN A 152.46.7.221 > -proxy4 IN AAAA 2610:28:200:1:216:3eff:fe62:9fdd > +proxy4 IN AAAA 2610:28:200:1::fed0:1 > proxy4-2 IN A 152.46.7.222 > +proxy4-2 IN AAAA 2610:28:200:1::fed0:2 > proxy5 IN A 80.239.156.214 > publictest1 IN A 152.46.7.227 > publictest2 IN A 152.46.7.228 Tangential issue... How are IPv6 addresses assigned to proxy4[-2] ? If they are statically set on the machine, all good. If they are assigned via radvd or DHCPv6, you might want to consider some setup where the machine's IPv6 address is proactively pushed to the DNS servers. One method is nsupdate + TSIG, which is pretty easy to set up on a fine-grained basis (ie. give a DNS key DNS update perms for _only_ the proxy4 AAAA addresses). Otherwise, the dynamically-assigned IPv6 address on the host may not match the IPv6 address in DNS. Jeff From jgarzik at pobox.com Fri Aug 28 22:26:20 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Fri, 28 Aug 2009 18:26:20 -0400 Subject: [PATCH] add apache IPv6 config options In-Reply-To: <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> Message-ID: <4A98598C.2000006@pobox.com> On 08/28/2009 05:11 PM, Matt Domsch wrote: > From: Matt Domsch > > --- > modules/httpd/files/00-namevirtualhost.conf | 4 ++++ > modules/httpd/files/httpd.conf-rhel5p | 1 + > 2 files changed, 5 insertions(+), 0 deletions(-) another apache question... will ipv6 addresses in log files choke any existing log analysis tools? Jeff From Matt_Domsch at dell.com Fri Aug 28 22:40:22 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Fri, 28 Aug 2009 17:40:22 -0500 Subject: [PATCH] change proxy4 IPv6 addresses to static scheme In-Reply-To: <4A9851A2.80109@pobox.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-9-git-send-email-Matt_Domsch@dell.com> <4A9851A2.80109@pobox.com> Message-ID: <20090828224022.GB5393@auslistsprd01.us.dell.com> On Fri, Aug 28, 2009 at 05:52:34PM -0400, Jeff Garzik wrote: > How are IPv6 addresses assigned to proxy4[-2] ? > > If they are statically set on the machine, all good. These two are statically assigned. I chose ::fed0:* as the host-part, so as to not conflict with autoassigned addresses. We can also statically assign them for the other services if we so choose, and I think it would be good to do so. We're not doing any address randomization over time, so the existing addresses which were autodiscovered should continue to work until we're ready to reassign into the static range above. -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From mmcgrath at redhat.com Fri Aug 28 23:35:05 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 28 Aug 2009 18:35:05 -0500 (CDT) Subject: [PATCH] add apache IPv6 config options In-Reply-To: <4A98598C.2000006@pobox.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <4A98598C.2000006@pobox.com> Message-ID: On Fri, 28 Aug 2009, Jeff Garzik wrote: > On 08/28/2009 05:11 PM, Matt Domsch wrote: > > From: Matt Domsch > > > > --- > > modules/httpd/files/00-namevirtualhost.conf | 4 ++++ > > modules/httpd/files/httpd.conf-rhel5p | 1 + > > 2 files changed, 5 insertions(+), 0 deletions(-) > > another apache question... > > will ipv6 addresses in log files choke any existing log analysis tools? > All we're really using on that front right now is awstats which I believe supports ipv6. I have confirmed we're serving ipv6 on the proxy server so far we've had 374 distinct ipv6's hit. -Mike From mmcgrath at redhat.com Fri Aug 28 23:36:23 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 28 Aug 2009 18:36:23 -0500 (CDT) Subject: [PATCH] add IPv6 addresses for apache VirtualHost stanzas In-Reply-To: <4A984FEF.1070706@pobox.com> References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> <4A984FEF.1070706@pobox.com> Message-ID: On Fri, 28 Aug 2009, Jeff Garzik wrote: > On 08/28/2009 05:11 PM, Matt Domsch wrote: > > From: Matt Domsch > > > > --- > > manifests/servergroups/proxy.pp | 23 +++++++++++++++++++++++ > > 1 files changed, 23 insertions(+), 0 deletions(-) > > > > diff --git a/manifests/servergroups/proxy.pp > > b/manifests/servergroups/proxy.pp > > index bfa0481..eeb9e19 100644 > > --- a/manifests/servergroups/proxy.pp > > +++ b/manifests/servergroups/proxy.pp > > @@ -22,6 +22,7 @@ class proxy { > > "66.35.62.162", > > "80.239.156.214", > > "152.46.7.221", > > + "[2610:28:200:1::fed0:1]", > > ], > > server_aliases => [ "stg.fedoraproject.org" ], > > ssl => true, > > No objection/comment on the IPv6 portion of this patch. > > I'm surprised these highly repetitive address lists are not auto-generated > from a flat file (or other database), though. > I'm not quite sure what you mean but I am interested in a better way to do this. basically we've got 4 sites + staging. As such, fedoraproject.org could listen on 5 different addresses. We have to enter them somewhere, any ideas? -Mike From jgarzik at pobox.com Fri Aug 28 23:43:40 2009 From: jgarzik at pobox.com (Jeff Garzik) Date: Fri, 28 Aug 2009 19:43:40 -0400 Subject: [PATCH] add IPv6 addresses for apache VirtualHost stanzas In-Reply-To: References: <1251493877-1875-1-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-2-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-3-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-4-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-5-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-6-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-7-git-send-email-Matt_Domsch@dell.com> <1251493877-1875-8-git-send-email-Matt_Domsch@dell.com> <4A984FEF.1070706@pobox.com> Message-ID: <4A986BAC.1040602@pobox.com> On 08/28/2009 07:36 PM, Mike McGrath wrote: > On Fri, 28 Aug 2009, Jeff Garzik wrote: > >> On 08/28/2009 05:11 PM, Matt Domsch wrote: >>> From: Matt Domsch >>> >>> --- >>> manifests/servergroups/proxy.pp | 23 +++++++++++++++++++++++ >>> 1 files changed, 23 insertions(+), 0 deletions(-) >>> >>> diff --git a/manifests/servergroups/proxy.pp >>> b/manifests/servergroups/proxy.pp >>> index bfa0481..eeb9e19 100644 >>> --- a/manifests/servergroups/proxy.pp >>> +++ b/manifests/servergroups/proxy.pp >>> @@ -22,6 +22,7 @@ class proxy { >>> "66.35.62.162", >>> "80.239.156.214", >>> "152.46.7.221", >>> + "[2610:28:200:1::fed0:1]", >>> ], >>> server_aliases => [ "stg.fedoraproject.org" ], >>> ssl => true, >> >> No objection/comment on the IPv6 portion of this patch. >> >> I'm surprised these highly repetitive address lists are not auto-generated >> from a flat file (or other database), though. >> > > I'm not quite sure what you mean but I am interested in a better way to do > this. basically we've got 4 sites + staging. As such, fedoraproject.org > could listen on 5 different addresses. We have to enter them somewhere, > any ideas? I was thinking in the m4-macro sense; looking at Matt's patch, it appears that a large number of virtual hosts have the same address list. If so, it seems like some sort of macro substitution could be employed to match a list of virtual hosts with a set of addresses. Not a big deal... just noting an above-average amount of copy/paste. Jeff From delpic at gmail.com Mon Aug 31 12:37:03 2009 From: delpic at gmail.com (Christian Del Pino) Date: Mon, 31 Aug 2009 08:37:03 -0400 Subject: Introduction In-Reply-To: <4A96DA8B.7020604@gmail.com> References: <4A956454.9040401@gmail.com> <4A96DA8B.7020604@gmail.com> Message-ID: <4A9BC3EF.6000601@gmail.com> Thank you for the responses. I'll definitely take a look at the projects mentioned. I am on #fedora-admin as cdelpino. Thanks again! Chris On 08/27/2009 03:12 PM, Toshio Kuratomi wrote: > On 08/26/2009 09:35 AM, Christian Del Pino wrote: > >> Hello everyone, >> >> My name is Chris. I am looking to contribute my skills and time to the >> Fedora Infrastructure group. >> >> I started using Linux back in 1996 while in college. In 2005, I became a >> system administrator at a small company helping them build, deploy, and >> support Linux based laptops for use in capturing clinical data. Other >> tasks included projects to help the company scale our operations. >> >> I have a Bachelor's in Computer Science, and I am currently pursuing a >> Master's in Information Systems, with a couple of semesters to go. I >> also became a Red Hat Certified Technician back in 2004. >> >> My skills include: >> >> Bash scripting >> MySQL >> C++ >> HTML >> CSS >> Some Python >> Some PostgreSQL >> Started learning some Django. >> >> I want to be involved in the Fedora community by helping out where I >> can, and also learn some more new skills along the way. >> >> > If you're interested in Django, one project that started off purely in > Fedora but has become more of its own upstream is transifex > (http://www.transifex.org, #transifex on irc.freenode.net). diegobz, > glezos, and ivazquez are all Fedora community members as well as > transifex hackers. Our particular transifex instance is at: > https://translate.fedoraproject.org > > Most of the rest of our web apps are written for the TurboGears 1 > framework. We're going to port them to TG2 at some point in the > indefinite future (probably when someone volunteers to make it their pet > project :-). > > If there's one particular web application that you're interested in, I > can help get you started. If you just want someone to suggest > something, I can have you look through the tickets for the packagedb and > we can find something for you to work on :-) > > best way to reach me is abadger1999 on irc.freenode.net -- #fedora-admin > but email to this list also works. > > -Toshio > > > ------------------------------------------------------------------------ > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Matt_Domsch at Dell.com Mon Aug 31 13:45:02 2009 From: Matt_Domsch at Dell.com (Matt_Domsch at Dell.com) Date: Mon, 31 Aug 2009 08:45:02 -0500 Subject: FW: python-geoip IPv6 functions? Message-ID: FYI. -----Original Message----- From: Boris Zentner [mailto:bzentner at maxmind.com] Sent: Sunday, August 30, 2009 9:36 PM To: Matt Domsch Subject: Re: python-geoip IPv6 functions? Hi Matt, yes, sure. I commit a first set of IPv6 glue for python right now. Please see the new file test_v6.py and/or take a look into the Changelog. But you need the CVS version of the CAPI. You have to use http://geoip.cvs.sourceforge.net/viewvc/geoip/c/ and http://geoip.cvs.sourceforge.net/viewvc/geoip/python/ Have a nice day! Am 30.08.2009 um 21:15 schrieb Matt Domsch: > > Message body follows: > > Thank you for your work on GeoIP and its python bindings. > Now that the C library supports IPv6, and MaxMind publishes > an IPv6 database, can you add ipv6 lookup functions to the > python binding? I intend to use this in the open source > MirrorManager project (http://fedorahosted.org/mirrormanager). > > Thanks, > Matt > > > -- > This message has been sent to you, a registered SourceForge.net user, > by another site user, through the SourceForge.net site. This message > has been delivered to your SourceForge.net mail alias. You may reply > to this message using the "Reply" feature of your email client, or > using the messaging facility of SourceForge.net at: > https://sourceforge.net/sendmessage.php?touser=27266 > -- Boris From lmacken at redhat.com Mon Aug 31 17:55:13 2009 From: lmacken at redhat.com (Luke Macken) Date: Mon, 31 Aug 2009 13:55:13 -0400 Subject: Introduction In-Reply-To: <4A96DA8B.7020604@gmail.com> References: <4A956454.9040401@gmail.com> <4A96DA8B.7020604@gmail.com> Message-ID: <20090831175513.GD5599@x300.cable.rcn.com> On Thu, Aug 27, 2009 at 12:12:11PM -0700, Toshio Kuratomi wrote: > On 08/26/2009 09:35 AM, Christian Del Pino wrote: > > Hello everyone, > > > > My name is Chris. I am looking to contribute my skills and time to the > > Fedora Infrastructure group. > > > > I started using Linux back in 1996 while in college. In 2005, I became a > > system administrator at a small company helping them build, deploy, and > > support Linux based laptops for use in capturing clinical data. Other > > tasks included projects to help the company scale our operations. > > > > I have a Bachelor's in Computer Science, and I am currently pursuing a > > Master's in Information Systems, with a couple of semesters to go. I > > also became a Red Hat Certified Technician back in 2004. > > > > My skills include: > > > > Bash scripting > > MySQL > > C++ > > HTML > > CSS > > Some Python > > Some PostgreSQL > > Started learning some Django. > > > > I want to be involved in the Fedora community by helping out where I > > can, and also learn some more new skills along the way. > > > > If you're interested in Django, one project that started off purely in > Fedora but has become more of its own upstream is transifex > (http://www.transifex.org, #transifex on irc.freenode.net). diegobz, > glezos, and ivazquez are all Fedora community members as well as > transifex hackers. Our particular transifex instance is at: > https://translate.fedoraproject.org > > Most of the rest of our web apps are written for the TurboGears 1 > framework. We're going to port them to TG2 at some point in the > indefinite future (probably when someone volunteers to make it their pet > project :-). Hey Christian, welcome! As we have already been talking on IRC about various things, I though I'd chime in with a list of some of the webapps that we've developed inhouse as well: https://fedoraproject.org/wiki/Infrastructure/Services luke