From sascha at spreitzer.name Thu Jan 1 00:11:39 2009 From: sascha at spreitzer.name (Sascha Thomas Spreitzer) Date: Thu, 1 Jan 2009 01:11:39 +0100 Subject: Disk IO issues In-Reply-To: <4e3f91d70812311542o393c992ew4069fd8e166a78d@mail.gmail.com> References: <495BFDD7.3040006@sequestered.net> <4e3f91d70812311542o393c992ew4069fd8e166a78d@mail.gmail.com> Message-ID: If its related to the FS driver ( inode table or algorithms ) the program "slabtop" might give an indication of the kernel processes eating system performance. Slabtop is in the ps-tools suite, should be on any major linux distribution. 2009/1/1 Greg Swift : > On Wed, Dec 31, 2008 at 17:35, Mike McGrath wrote: >> >> On Wed, 31 Dec 2008, Corey Chandler wrote: >> >> > Mike McGrath wrote: >> > > Lets pool some knowledge together because at this point, I'm missing >> > > something. >> > > >> > > I've been doing all measurements with sar as bonnie, etc, causes >> > > builds to >> > > timeout. >> > > >> > > Problem: We're seeing slower then normal disk IO. At least I think we >> > > are. This is a PERC5/E and MD1000 array. >> > > >> > >> > 1. Are we sure the array hasn't lost a drive? >> >> I can't physically look at the drive (they're a couple hundred miles away) >> but we've seen no reports of it (via the drac anyway). I'll have to get >> the raid software on there to be for sure. I'd think a degraded raid >> array would affect both direct block access and file level access. >> >> > 2. What's your scheduler set to? CFQ tends to not work in many >> > applications >> > where the deadline scheduler works better... >> > >> >> I'd tried other schedulers earlier but they didn't seem to make much of a >> difference. Even still, I'll get dealine setup and take a look. >> >> At least we've got the dd and cat problem figured out. Now to figure out >> why there's such a discrepancy between file level reads and block level >> reads. Anyone else have an array of this type and size to run those tests >> on? I'd be curious to see what others are getting. > > we are working on a rhel3 to 5 migration at my job. We have 2 primary > filesystems. one is large database files and the other is lots of small > documents. As we were testing backup software for rhel5 we noticed a 60% > decrease in speed moving from rhel3 to rhel5 with the same file system, but > only on the document filesystem, the db file system was perfectly snappy. > > After a lot of troubleshooting it was deemed to be related to the dir_index > btree hash. The path was to long before there was a difference in the names > of the files, making the index incredibly slow. Removing dir_index > recovered a bit of the difference, but didn't resolve the issue. A quick > rename of one of the base directories recovered almost the entire 60%. > > Thought I'd at least throw it out there, although I'm not sure that it is > the exact issue, it doesn't hurt to have it floating in the background. > > -greg/xaeth > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > -- Mit freundlichen Gr??en, / with kind regards, Sascha Thomas Spreitzer http://spreitzer.name/ From mmcgrath at redhat.com Thu Jan 1 00:41:56 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 31 Dec 2008 18:41:56 -0600 (CST) Subject: Disk IO issues In-Reply-To: References: <495BFDD7.3040006@sequestered.net> <4e3f91d70812311542o393c992ew4069fd8e166a78d@mail.gmail.com> Message-ID: On Thu, 1 Jan 2009, Sascha Thomas Spreitzer wrote: > If its related to the FS driver ( inode table or algorithms ) the > program "slabtop" might give an indication of the kernel processes > eating system performance. > Slabtop is in the ps-tools suite, should be on any major linux distribution. > Interesting, never used slabtop. I'm not quite sure what I'm looking for but I'll read up on it. -Mike From mmcgrath at redhat.com Thu Jan 1 00:45:18 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 31 Dec 2008 18:45:18 -0600 (CST) Subject: Disk IO issues In-Reply-To: <4e3f91d70812311542o393c992ew4069fd8e166a78d@mail.gmail.com> References: <495BFDD7.3040006@sequestered.net> <4e3f91d70812311542o393c992ew4069fd8e166a78d@mail.gmail.com> Message-ID: On Wed, 31 Dec 2008, Greg Swift wrote: > On Wed, Dec 31, 2008 at 17:35, Mike McGrath wrote: > On Wed, 31 Dec 2008, Corey Chandler wrote: > > > Mike McGrath wrote: > > > Lets pool some knowledge together because at this point, I'm missing > > > something. > > > > > > I've been doing all measurements with sar as bonnie, etc, causes builds to > > > timeout. > > > > > > Problem: We're seeing slower then normal disk IO. ?At least I think we > > > are. ?This is a PERC5/E and MD1000 array. > > > > > > > 1. Are we sure the array hasn't lost a drive? > > I can't physically look at the drive (they're a couple hundred miles away) > but we've seen no reports of it (via the drac anyway). ?I'll have to get > the raid software on there to be for sure. ?I'd think a degraded raid > array would affect both direct block access and file level access. > > > 2. What's your scheduler set to? ?CFQ tends to not work in many applications > > where the deadline scheduler works better... > > > > I'd tried other schedulers earlier but they didn't seem to make much of a > difference. ?Even still, I'll get dealine setup and take a look. > > At least we've got the dd and cat problem figured out. ?Now to figure out > why there's such a discrepancy between file level reads and block level > reads. ?Anyone else have an array of this type and size to run those tests > on? ?I'd be curious to see what others are getting. > > > we are working on a rhel3 to 5 migration at my job.? We have 2 primary filesystems.? one is large database files and the > other is lots of small documents.? As we were testing backup software for rhel5 we noticed a 60% decrease in speed moving > from rhel3 to rhel5 with the same file system, but only on the document filesystem, the db file system was perfectly > snappy. > Our files are some smaller logs, but mostly rpms. > After a lot of troubleshooting it was deemed to be related to the dir_index btree hash.? The path was to long before > there was a difference in the names of the files, making the index incredibly slow.? Removing dir_index recovered a bit > of the difference, but didn't resolve the issue.? A quick rename of one of the base directories recovered almost the > entire 60%. > I'd be curious to hear more about this. How long was your path? Our paths aren't short but I don't think they'd be approaching any limits. For example: /mnt/koji/packages/nagios/3.0.5/1.fc11/x86_64/nagios-3.0.5-1.fc11.x86_64.rpm > Thought I'd at least throw it out there, although I'm not sure that it is the exact issue, it doesn't hurt to have it > floating in the background. > thanks. -Mike From mmcgrath at redhat.com Thu Jan 1 00:50:04 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 31 Dec 2008 18:50:04 -0600 (CST) Subject: Disk IO issues In-Reply-To: References: Message-ID: On Wed, 31 Dec 2008, Mike McGrath wrote: > Lets pool some knowledge together because at this point, I'm missing > something. > > I've been doing all measurements with sar as bonnie, etc, causes builds to > timeout. > > Problem: We're seeing slower then normal disk IO. At least I think we > are. This is a PERC5/E and MD1000 array. > > When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get > around 4-6MBytes/s > > When I do a cp of a large file "cp /mnt/koji/out /tmp/" I get > 30-40MBytes/s. > > Then I "dd if=/dev/sde of=/dev/null" I get around 60-70 MBytes/s read. > > If I "cat /dev/sde > /dev/null" I get between 225-300MBytes/s read. > > The above tests are pretty consistent. /dev/sde is a raid5 array, > hardware raid. > > So my question here is, wtf? I've been working to do a backup which I > would think would either cause network utilization to max out, or disk io > to max out. I'm not seeing either. Sar says the disks are 100% utilized > but I can cause major increases in actual disk reads and writes by just > running additional commands. Also, if the disks were 100% utilized I'd > expect we would see lots more iowait. We're not though, iowait on the box > is only %0.06 today. > > So, long story short, we're seeing much better performance when just > reading or writing lots of data (though dd is many times slower then cat). > But with our real-world traffic, we're just seeing crappy crappy IO. > > Thoughts, theories or opinions? Some of the sysadmin noc guys have access > to run diagnostic commands, if you want more info about a setting, let me > know. > > I should also mention there's lots going on with this box, for example its > hardware raid, lvm and I've got xen running on it (though the tests above > were not in a xen guest). > Also for the curious: dumpe2fs 1.39 (29-May-2006) Filesystem volume name: Last mounted on: Filesystem magic number: 0xEF53 Filesystem revision #: 1 (dynamic) Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery sparse_super large_file Default mount options: (none) Filesystem state: clean Errors behavior: Continue Filesystem OS type: Linux Inode count: 1342177280 Block count: 2684354560 Reserved block count: 134217728 Free blocks: 1407579323 Free inodes: 1336866363 First block: 0 Block size: 4096 Fragment size: 4096 Reserved GDT blocks: 384 Blocks per group: 32768 Fragments per group: 32768 Inodes per group: 16384 Inode blocks per group: 512 Filesystem created: Thu Jan 17 14:52:03 2008 Last mount time: Fri Dec 5 18:51:44 2008 Last write time: Fri Dec 5 18:51:44 2008 Mount count: 17 Maximum mount count: 24 Last checked: Sat May 24 03:14:41 2008 Check interval: 15552000 (6 months) Next check after: Thu Nov 20 03:14:41 2008 Reserved blocks uid: 0 (user root) Reserved blocks gid: 0 (group root) First inode: 11 Inode size: 128 Journal inode: 8 Default directory hash: tea Directory Hash Seed: 1b6393b1-472c-4005-ae87-9603eea9f45b Journal backup: inode blocks Journal size: 128M From james at fedoraproject.org Thu Jan 1 06:47:45 2009 From: james at fedoraproject.org (James Antill) Date: Thu, 01 Jan 2009 01:47:45 -0500 Subject: Disk IO issues In-Reply-To: References: Message-ID: <1230792465.11717.121.camel@code.and.org> On Wed, 2008-12-31 at 14:42 -0600, Mike McGrath wrote: > Lets pool some knowledge together because at this point, I'm missing > something. > > I've been doing all measurements with sar as bonnie, etc, causes builds to > timeout. > > Problem: We're seeing slower then normal disk IO. At least I think we > are. This is a PERC5/E and MD1000 array. > > When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get > around 4-6MBytes/s This _might_ not be "IO" in a normal sense, -a to cp means: file data + file inode + ACLs + selinux + xattrs [+ file capabilities] ...esp. given that you aren't getting large IOWait times, you might want to strace -T the cp and do some perl/whatever on the result to see what is eating up the time. This is a straight 5.2, yeh? -- James Antill Fedora From mmcgrath at redhat.com Thu Jan 1 07:17:38 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 1 Jan 2009 01:17:38 -0600 (CST) Subject: Disk IO issues In-Reply-To: <1230792465.11717.121.camel@code.and.org> References: <1230792465.11717.121.camel@code.and.org> Message-ID: On Thu, 1 Jan 2009, James Antill wrote: > On Wed, 2008-12-31 at 14:42 -0600, Mike McGrath wrote: > > Lets pool some knowledge together because at this point, I'm missing > > something. > > > > I've been doing all measurements with sar as bonnie, etc, causes builds to > > timeout. > > > > Problem: We're seeing slower then normal disk IO. At least I think we > > are. This is a PERC5/E and MD1000 array. > > > > When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get > > around 4-6MBytes/s > > This _might_ not be "IO" in a normal sense, -a to cp means: > > file data + file inode + ACLs + selinux + xattrs [+ file capabilities] > > ...esp. given that you aren't getting large IOWait times, you might want > to strace -T the cp and do some perl/whatever on the result to see what > is eating up the time. Even with non cp type things (like a bacula backup) it just doesn't seem as fast as I would expect it to be. I've never actually done trending at this level / scale on a filesystem / drive before. So I really don't have a good baseline except that it just seems slow to me. Other then the much faster direct block access and the large file reads, I don't have much else to go on that makes me think its slow. > This is a straight 5.2, yeh? > Correct. -Mike From k.georgiou at imperial.ac.uk Thu Jan 1 12:17:03 2009 From: k.georgiou at imperial.ac.uk (Kostas Georgiou) Date: Thu, 1 Jan 2009 12:17:03 +0000 Subject: Disk IO issues In-Reply-To: References: <1230792465.11717.121.camel@code.and.org> Message-ID: <20090101121703.GA25557@imperial.ac.uk> On Thu, Jan 01, 2009 at 01:17:38AM -0600, Mike McGrath wrote: > On Thu, 1 Jan 2009, James Antill wrote: > > > On Wed, 2008-12-31 at 14:42 -0600, Mike McGrath wrote: > > > Lets pool some knowledge together because at this point, I'm missing > > > something. > > > > > > I've been doing all measurements with sar as bonnie, etc, causes builds to > > > timeout. > > > > > > Problem: We're seeing slower then normal disk IO. At least I think we > > > are. This is a PERC5/E and MD1000 array. > > > > > > When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get > > > around 4-6MBytes/s > > > > This _might_ not be "IO" in a normal sense, -a to cp means: > > > > file data + file inode + ACLs + selinux + xattrs [+ file capabilities] > > > > ...esp. given that you aren't getting large IOWait times, you might want > > to strace -T the cp and do some perl/whatever on the result to see what > > is eating up the time. > > Even with non cp type things (like a bacula backup) it just doesn't seem > as fast as I would expect it to be. I've never actually done trending at > this level / scale on a filesystem / drive before. So I really don't have > a good baseline except that it just seems slow to me. > > Other then the much faster direct block access and the large file reads, I > don't have much else to go on that makes me think its slow. Do writes show the same pattern? If you use selinux/ACLs/xattrs the default inode size of 128 can cause slowdowns (#205161 for example). Can you run blktrace+seekwatcher (both in EPEL) to get an idea on what is going on? An iostat -x -k /dev/sde 1 output will also be helpfull. Kostas From mmcgrath at redhat.com Thu Jan 1 18:48:13 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 1 Jan 2009 12:48:13 -0600 (CST) Subject: Disk IO issues In-Reply-To: <20090101121703.GA25557@imperial.ac.uk> References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> Message-ID: On Thu, 1 Jan 2009, Kostas Georgiou wrote: > On Thu, Jan 01, 2009 at 01:17:38AM -0600, Mike McGrath wrote: > > > On Thu, 1 Jan 2009, James Antill wrote: > > > > > On Wed, 2008-12-31 at 14:42 -0600, Mike McGrath wrote: > > > > Lets pool some knowledge together because at this point, I'm missing > > > > something. > > > > > > > > I've been doing all measurements with sar as bonnie, etc, causes builds to > > > > timeout. > > > > > > > > Problem: We're seeing slower then normal disk IO. At least I think we > > > > are. This is a PERC5/E and MD1000 array. > > > > > > > > When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get > > > > around 4-6MBytes/s > > > > > > This _might_ not be "IO" in a normal sense, -a to cp means: > > > > > > file data + file inode + ACLs + selinux + xattrs [+ file capabilities] > > > > > > ...esp. given that you aren't getting large IOWait times, you might want > > > to strace -T the cp and do some perl/whatever on the result to see what > > > is eating up the time. > > > > Even with non cp type things (like a bacula backup) it just doesn't seem > > as fast as I would expect it to be. I've never actually done trending at > > this level / scale on a filesystem / drive before. So I really don't have > > a good baseline except that it just seems slow to me. > > > > Other then the much faster direct block access and the large file reads, I > > don't have much else to go on that makes me think its slow. > > Do writes show the same pattern? If you use selinux/ACLs/xattrs the default > inode size of 128 can cause slowdowns (#205161 for example). > One reason I'm trying to ramp this up now is because the koji share is still under 50% utilized. If it turns out to be something in the filesystem, its not too late for us to shrink the main filesystem, create the new, copy, and grow the new. > Can you run blktrace+seekwatcher (both in EPEL) to get an idea on > what is going on? An iostat -x -k /dev/sde 1 output will also be > helpfull. > I'll take a look at those two applications as well, here's the iostat: Linux 2.6.18-92.1.18.el5xen (xen2.fedora.phx.redhat.com) 01/01/2009 avg-cpu: %user %nice %system %iowait %steal %idle 0.55 0.01 1.35 0.10 6.28 91.71 Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await svctm %util sde 1389.22 95.13 161.74 270.46 6693.75 1670.16 38.70 1.09 2.51 1.48 64.04 -Mike From smooge at gmail.com Thu Jan 1 19:04:04 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Thu, 1 Jan 2009 12:04:04 -0700 Subject: Disk IO issues In-Reply-To: References: <1230792465.11717.121.camel@code.and.org> Message-ID: <80d7e4090901011104o375e0cfevc3b7eac8d3e43776@mail.gmail.com> On Thu, Jan 1, 2009 at 12:17 AM, Mike McGrath wrote: > On Thu, 1 Jan 2009, James Antill wrote: > >> On Wed, 2008-12-31 at 14:42 -0600, Mike McGrath wrote: >> > Lets pool some knowledge together because at this point, I'm missing >> > something. >> > >> > I've been doing all measurements with sar as bonnie, etc, causes builds to >> > timeout. >> > >> > Problem: We're seeing slower then normal disk IO. At least I think we >> > are. This is a PERC5/E and MD1000 array. >> > >> > When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get >> > around 4-6MBytes/s >> >> This _might_ not be "IO" in a normal sense, -a to cp means: >> >> file data + file inode + ACLs + selinux + xattrs [+ file capabilities] >> >> ...esp. given that you aren't getting large IOWait times, you might want >> to strace -T the cp and do some perl/whatever on the result to see what >> is eating up the time. > > Even with non cp type things (like a bacula backup) it just doesn't seem > as fast as I would expect it to be. I've never actually done trending at > this level / scale on a filesystem / drive before. So I really don't have > a good baseline except that it just seems slow to me. Well bacula should be doing the same thing as a cp in that it needs to log all those things (ACL, selinux, xattrs, mother maiden name, etc). Normally I have found that the bigger the disk the slower the copies on journaled file systems. I don't currently have anything as big as you have (this is over a TB correct?) but the speed fixes used to be changing block sizes and journal parameters to allow for speed through (oh and turning off certain hardware parameters in the raid controller to allow for writethroughs there. > Other then the much faster direct block access and the large file reads, I > don't have much else to go on that makes me think its slow. > >> This is a straight 5.2, yeh? >> > > Correct. > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From mmcgrath at redhat.com Thu Jan 1 20:20:44 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 1 Jan 2009 14:20:44 -0600 (CST) Subject: Disk IO issues In-Reply-To: References: Message-ID: On Wed, 31 Dec 2008, Sascha Thomas Spreitzer wrote: > Hello Mike, > > maybe the RAID mirror failed and is auto healing in background. Is > there a way to determine the RAID state? It dawns on me I never answered these questions. The raid array is fine, its got 14 drives in a raid5 configuration and one hot spare (I double checked this just now) > Is the RAID controller showing any errors? Physical disks reporting seek errors? > I assume a problem with either hardware buffers of disk or RAID > controller or faulty disk or RAID hardware. > No errors that I could find on the drives or the controller. -Mike From jonstanley at gmail.com Thu Jan 1 23:11:20 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Thu, 1 Jan 2009 18:11:20 -0500 Subject: Disk IO issues In-Reply-To: <20090101121703.GA25557@imperial.ac.uk> References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> Message-ID: On Thu, Jan 1, 2009 at 7:17 AM, Kostas Georgiou wrote: > Can you run blktrace+seekwatcher (both in EPEL) to get an idea on > what is going on? An iostat -x -k /dev/sde 1 output will also be > helpfull. Here's a slabinfo that someone else requested and the iostat. I don't have access to the xen dom0 though, but I don't suspect it'd show much different: I put it up on a webserver since gmail loves to chop up my lines and make something like this unusable. See http://palladium.jds2001.org/pub/nfs1-stats.txt From mmcgrath at redhat.com Thu Jan 1 23:53:27 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 1 Jan 2009 17:53:27 -0600 (CST) Subject: Disk IO issues In-Reply-To: <20090101121703.GA25557@imperial.ac.uk> References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> Message-ID: On Thu, 1 Jan 2009, Kostas Georgiou wrote: > On Thu, Jan 01, 2009 at 01:17:38AM -0600, Mike McGrath wrote: > > > On Thu, 1 Jan 2009, James Antill wrote: > > > > > On Wed, 2008-12-31 at 14:42 -0600, Mike McGrath wrote: > > > > Lets pool some knowledge together because at this point, I'm missing > > > > something. > > > > > > > > I've been doing all measurements with sar as bonnie, etc, causes builds to > > > > timeout. > > > > > > > > Problem: We're seeing slower then normal disk IO. At least I think we > > > > are. This is a PERC5/E and MD1000 array. > > > > > > > > When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get > > > > around 4-6MBytes/s > > > > > > This _might_ not be "IO" in a normal sense, -a to cp means: > > > > > > file data + file inode + ACLs + selinux + xattrs [+ file capabilities] > > > > > > ...esp. given that you aren't getting large IOWait times, you might want > > > to strace -T the cp and do some perl/whatever on the result to see what > > > is eating up the time. > > > > Even with non cp type things (like a bacula backup) it just doesn't seem > > as fast as I would expect it to be. I've never actually done trending at > > this level / scale on a filesystem / drive before. So I really don't have > > a good baseline except that it just seems slow to me. > > > > Other then the much faster direct block access and the large file reads, I > > don't have much else to go on that makes me think its slow. > > Do writes show the same pattern? If you use selinux/ACLs/xattrs the default > inode size of 128 can cause slowdowns (#205161 for example). > > Can you run blktrace+seekwatcher (both in EPEL) to get an idea on > what is going on? An iostat -x -k /dev/sde 1 output will also be > helpfull. > Here's a seekwatcher of a find I ran: http://mmcgrath.fedorapeople.org/find2.png I had to kill it, I'll have a more full run soon. Doing some other tests now. -Mike From jonstanley at gmail.com Thu Jan 1 23:53:12 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Thu, 1 Jan 2009 18:53:12 -0500 Subject: Fwd: Fedora-infrastructure-list post from josemanimala@gmail.com requires approval In-Reply-To: References: Message-ID: My bad, Jose had posted an apology to the list (below) but I accidentally deleted it rather than released it I think. Anyhow, here it is. Jose - I've removed the moderation bit from your subscription. Sorry for the inconvenience. ---------- Forwarded message ---------- From: "jose manimala" To: fedora-ambassadors-list at redhat.com, fedora-infrastructure-list at redhat.com Date: Wed, 31 Dec 2008 23:47:49 +0530 Subject: Sorry Hi everyone, I am really sorry about the accidental forward. I apologize for my mistake sorry again. The website imported my entire address book and I didnt know that every email address I ever used was included in it. regards -- Jose M Manimala Ph: +919790824111 http://www.jmmblog.in.eu.org GPGkeyID: F5DD9656 ---------- Forwarded message ---------- From: fedora-infrastructure-list-request at redhat.com To: Date: Subject: confirm a414d19abae28acc2742ed364e7060a853196212 If you reply to this message, keeping the Subject: header intact, Mailman will discard the held message. Do this if the message is spam. If you reply to this message and include an Approved: header with the list password in it, the message will be approved for posting to the list. The Approved: header can also appear in the first line of the body of the reply. From luizmachado at fedoraproject.org Fri Jan 2 01:16:59 2009 From: luizmachado at fedoraproject.org (Luiz Augusto Machado) Date: Thu, 01 Jan 2009 22:16:59 -0300 Subject: Getting Started Message-ID: <495D6B0B.5010609@fedoraproject.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I am the Fedora Ambassador and work as network administrator using Red Hat. I have experience with openldap, squid, samba, virtualization among several other routine services to a sysadmin, as always worked to support the infrastructure that I believe this is my place. - -- Luiz Augusto Machado Administrador de Redes Fedora Ambassador luizmachado at fedoraproject.org + 55(63)84298414 FINGERPRINT: 9490 A0EB C4DA 2FEA BAB4 AD85 58CF BA2B 4381 D7E1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkldawsACgkQWM+6K0OB1+Hg0QCeNBjAbcFz4GbqyDk+o99cSf73 cJwAoMavDLPrc2r0PwHYbEsSomsWtAly =hTXX -----END PGP SIGNATURE----- From sascha at spreitzer.name Fri Jan 2 08:38:43 2009 From: sascha at spreitzer.name (Sascha Thomas Spreitzer) Date: Fri, 2 Jan 2009 09:38:43 +0100 Subject: Disk IO issues In-Reply-To: References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> Message-ID: Hello again, this line looks suspicious to me: # name : tunables : slabdata ext3_inode_cache 98472 150260 760 5 1 : tunables 54 27 8 : slabdata 30052 30052 189 Is it 1 big filesystem with about 1,342,177,280 inodes. Has this amount ever be tested in the wild? The Filesystem is btw. marked as needs_recovery. regards, Sascha 2009/1/2 Jon Stanley : > On Thu, Jan 1, 2009 at 7:17 AM, Kostas Georgiou > wrote: > >> Can you run blktrace+seekwatcher (both in EPEL) to get an idea on >> what is going on? An iostat -x -k /dev/sde 1 output will also be >> helpfull. > > Here's a slabinfo that someone else requested and the iostat. I don't > have access to the xen dom0 though, but I don't suspect it'd show much > different: > > I put it up on a webserver since gmail loves to chop up my lines and > make something like this unusable. See > http://palladium.jds2001.org/pub/nfs1-stats.txt > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > -- Mit freundlichen Gr??en, / with kind regards, Sascha Thomas Spreitzer http://spreitzer.name/ From bugs.michael at gmx.net Fri Jan 2 10:51:28 2009 From: bugs.michael at gmx.net (Michael Schwendt) Date: Fri, 2 Jan 2009 11:51:28 +0100 Subject: Disk IO issues In-Reply-To: References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> Message-ID: <20090102115128.1ec1f324.bugs.michael@gmx.net> On Fri, 2 Jan 2009 09:38:43 +0100, Sascha wrote: > The Filesystem is btw. marked as needs_recovery. Which can be harmless, because it is a feature flag that is also set if dumpe2fs is run on a mounted fs. It means that there are blocks that still need to be committed, which is pretty normal for a mounted active fs. From mmcgrath at redhat.com Fri Jan 2 17:57:11 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 2 Jan 2009 11:57:11 -0600 (CST) Subject: Disk IO issues In-Reply-To: References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> Message-ID: On Fri, 2 Jan 2009, Sascha Thomas Spreitzer wrote: > Hello again, > > this line looks suspicious to me: > > # name > : tunables : > slabdata > ext3_inode_cache 98472 150260 760 5 1 : tunables 54 27 > 8 : slabdata 30052 30052 189 > > Is it 1 big filesystem with about 1,342,177,280 inodes. Has this > amount ever be tested in the wild? Not sure if it has been tested in the wild or not but the filesystem itself contains a _TON_ of hardlinks. Creation of hardlinks is one of the big purposes of this filesystem. -Mike From mmcgrath at redhat.com Fri Jan 2 18:08:35 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 2 Jan 2009 12:08:35 -0600 (CST) Subject: Disk IO issues In-Reply-To: References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> Message-ID: On Fri, 2 Jan 2009, Mike McGrath wrote: > On Fri, 2 Jan 2009, Sascha Thomas Spreitzer wrote: > > > Hello again, > > > > this line looks suspicious to me: > > > > # name > > : tunables : > > slabdata > > ext3_inode_cache 98472 150260 760 5 1 : tunables 54 27 > > 8 : slabdata 30052 30052 189 > > > > Is it 1 big filesystem with about 1,342,177,280 inodes. Has this > > amount ever be tested in the wild? > > Not sure if it has been tested in the wild or not but the filesystem > itself contains a _TON_ of hardlinks. Creation of hardlinks is one of the > big purposes of this filesystem. > Just as a side note, this is the real problem I'm trying to fix: Elapsed time: 17 days 15 hours 8 mins 7 secs Priority: 10 FD Files Written: 9,284,599 SD Files Written: 9,284,599 FD Bytes Written: 4,890,877,712,334 (4.890 TB) SD Bytes Written: 4,892,855,186,414 (4.892 TB) Rate: 3210.7 KB/s -Mike From smooge at gmail.com Fri Jan 2 19:16:04 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Fri, 2 Jan 2009 12:16:04 -0700 Subject: Disk IO issues In-Reply-To: References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> Message-ID: <80d7e4090901021116u34f4275dsb283e5d966c9514b@mail.gmail.com> On Fri, Jan 2, 2009 at 10:57 AM, Mike McGrath wrote: > On Fri, 2 Jan 2009, Sascha Thomas Spreitzer wrote: > >> Hello again, >> >> this line looks suspicious to me: >> >> # name >> : tunables : >> slabdata >> ext3_inode_cache 98472 150260 760 5 1 : tunables 54 27 >> 8 : slabdata 30052 30052 189 >> >> Is it 1 big filesystem with about 1,342,177,280 inodes. Has this >> amount ever be tested in the wild? > > Not sure if it has been tested in the wild or not but the filesystem > itself contains a _TON_ of hardlinks. Creation of hardlinks is one of the > big purposes of this filesystem. > Well then my idea of making smaller filesystems would break that then... hmmm I would say that its time to escalate this to Level 2 support :). What do the filesystem kernel people think? I would bring them in to see if there is something we are missing. Maybe something in the dealing with that many inodes per file is causing a problem (or maybe this is just known behaviour for large filesystems.) By the way, this is a 64 bit OS correct? -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From james at fedoraproject.org Fri Jan 2 19:17:58 2009 From: james at fedoraproject.org (James Antill) Date: Fri, 02 Jan 2009 14:17:58 -0500 Subject: Disk IO issues In-Reply-To: References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> Message-ID: <1230923878.11717.154.camel@code.and.org> On Fri, 2009-01-02 at 11:57 -0600, Mike McGrath wrote: > On Fri, 2 Jan 2009, Sascha Thomas Spreitzer wrote: > > > Hello again, > > > > this line looks suspicious to me: > > > > # name > > : tunables : > > slabdata > > ext3_inode_cache 98472 150260 760 5 1 : tunables 54 27 > > 8 : slabdata 30052 30052 189 > > > > Is it 1 big filesystem with about 1,342,177,280 inodes. Has this > > amount ever be tested in the wild? > > Not sure if it has been tested in the wild or not but the filesystem > itself contains a _TON_ of hardlinks. Creation of hardlinks is one of the > big purposes of this filesystem. Ah ha ... I bet that you'll find tar/cp-a/whatever is having a major problem keeping tabs on which inodes it's "seen", so it doesn't copy the same data N times. Try running: cp -a --no-preserve=links ... and see if that is much faster? -- James Antill Fedora From mmcgrath at redhat.com Fri Jan 2 19:28:43 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 2 Jan 2009 13:28:43 -0600 (CST) Subject: Disk IO issues In-Reply-To: <1230923878.11717.154.camel@code.and.org> References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> <1230923878.11717.154.camel@code.and.org> Message-ID: On Fri, 2 Jan 2009, James Antill wrote: > On Fri, 2009-01-02 at 11:57 -0600, Mike McGrath wrote: > > On Fri, 2 Jan 2009, Sascha Thomas Spreitzer wrote: > > > > > Hello again, > > > > > > this line looks suspicious to me: > > > > > > # name > > > : tunables : > > > slabdata > > > ext3_inode_cache 98472 150260 760 5 1 : tunables 54 27 > > > 8 : slabdata 30052 30052 189 > > > > > > Is it 1 big filesystem with about 1,342,177,280 inodes. Has this > > > amount ever be tested in the wild? > > > > Not sure if it has been tested in the wild or not but the filesystem > > itself contains a _TON_ of hardlinks. Creation of hardlinks is one of the > > big purposes of this filesystem. > > Ah ha ... I bet that you'll find tar/cp-a/whatever is having a major > problem keeping tabs on which inodes it's "seen", so it doesn't copy the > same data N times. Try running: cp -a --no-preserve=links ... and see if > that is much faster? > Naw, I've been testing on the non-link portions. Dennis, Jesse, etc, correct me if I'm wrong on this: We've got a dir /mnt/koji/packages/ that contains all of the packages. You can actually view this dir yourself at: http://kojipkgs.fedoraproject.org/packages/glibc/ There are other directories at /mnt/koji/static-repos/. A directory like static-repos contains almost exclusively hardlinks to those packages. Since many of those hardlink oriented directories can be recreated, we don't bother backing them up so I haven't been testing with them. One thing I'm going to try to do is re-index the filesystem (e2fsck -D). I figure its a worthwhile thing to do. I'm testing on a snapshot first. -Mike From mmcgrath at redhat.com Fri Jan 2 19:29:23 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 2 Jan 2009 13:29:23 -0600 (CST) Subject: Disk IO issues In-Reply-To: <80d7e4090901021116u34f4275dsb283e5d966c9514b@mail.gmail.com> References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> <80d7e4090901021116u34f4275dsb283e5d966c9514b@mail.gmail.com> Message-ID: On Fri, 2 Jan 2009, Stephen John Smoogen wrote: > On Fri, Jan 2, 2009 at 10:57 AM, Mike McGrath wrote: > > On Fri, 2 Jan 2009, Sascha Thomas Spreitzer wrote: > > > >> Hello again, > >> > >> this line looks suspicious to me: > >> > >> # name > >> : tunables : > >> slabdata > >> ext3_inode_cache 98472 150260 760 5 1 : tunables 54 27 > >> 8 : slabdata 30052 30052 189 > >> > >> Is it 1 big filesystem with about 1,342,177,280 inodes. Has this > >> amount ever be tested in the wild? > > > > Not sure if it has been tested in the wild or not but the filesystem > > itself contains a _TON_ of hardlinks. Creation of hardlinks is one of the > > big purposes of this filesystem. > > > > Well then my idea of making smaller filesystems would break that > then... hmmm I would say that its time to escalate this to Level 2 > support :). What do the filesystem kernel people think? I would bring > them in to see if there is something we are missing. Maybe something > in the dealing with that many inodes per file is causing a problem (or > maybe this is just known behaviour for large filesystems.) By the way, > this is a 64 bit OS correct? > Correct, 64 bit OS. I'm going to get some of our FS guys on the horn as soon as RH is back to work. I think most of them will return on Monday. -Mike From k.georgiou at imperial.ac.uk Fri Jan 2 19:39:39 2009 From: k.georgiou at imperial.ac.uk (Kostas Georgiou) Date: Fri, 2 Jan 2009 19:39:39 +0000 Subject: Disk IO issues In-Reply-To: References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> <1230923878.11717.154.camel@code.and.org> Message-ID: <20090102193939.GA8498@imperial.ac.uk> On Fri, Jan 02, 2009 at 01:28:43PM -0600, Mike McGrath wrote: > On Fri, 2 Jan 2009, James Antill wrote: > > > On Fri, 2009-01-02 at 11:57 -0600, Mike McGrath wrote: > > > On Fri, 2 Jan 2009, Sascha Thomas Spreitzer wrote: > > > > > > > Hello again, > > > > > > > > this line looks suspicious to me: > > > > > > > > # name > > > > : tunables : > > > > slabdata > > > > ext3_inode_cache 98472 150260 760 5 1 : tunables 54 27 > > > > 8 : slabdata 30052 30052 189 > > > > > > > > Is it 1 big filesystem with about 1,342,177,280 inodes. Has this > > > > amount ever be tested in the wild? > > > > > > Not sure if it has been tested in the wild or not but the filesystem > > > itself contains a _TON_ of hardlinks. Creation of hardlinks is one of the > > > big purposes of this filesystem. > > > > Ah ha ... I bet that you'll find tar/cp-a/whatever is having a major > > problem keeping tabs on which inodes it's "seen", so it doesn't copy the > > same data N times. Try running: cp -a --no-preserve=links ... and see if > > that is much faster? > > > > Naw, I've been testing on the non-link portions. Dennis, Jesse, etc, > correct me if I'm wrong on this: > > We've got a dir /mnt/koji/packages/ that contains all of the packages. > You can actually view this dir yourself at: > > http://kojipkgs.fedoraproject.org/packages/glibc/ > > There are other directories at /mnt/koji/static-repos/. A directory like > static-repos contains almost exclusively hardlinks to those packages. > > Since many of those hardlink oriented directories can be recreated, we > don't bother backing them up so I haven't been testing with them. > > One thing I'm going to try to do is re-index the filesystem (e2fsck -D). > I figure its a worthwhile thing to do. I'm testing on a snapshot first. A lower vm.vfs_cache_pressure might help as well, you might need quite a bit of memory to keep everything in cache though. Kostas From smooge at gmail.com Fri Jan 2 19:39:45 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Fri, 2 Jan 2009 12:39:45 -0700 Subject: Disk IO issues In-Reply-To: References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> <80d7e4090901021116u34f4275dsb283e5d966c9514b@mail.gmail.com> Message-ID: <80d7e4090901021139k4726a96cv38e107bd882ec168@mail.gmail.com> On Fri, Jan 2, 2009 at 12:29 PM, Mike McGrath wrote: > On Fri, 2 Jan 2009, Stephen John Smoogen wrote: > >> On Fri, Jan 2, 2009 at 10:57 AM, Mike McGrath wrote: >> > On Fri, 2 Jan 2009, Sascha Thomas Spreitzer wrote: >> > >> >> Hello again, >> >> >> >> this line looks suspicious to me: >> >> >> >> # name >> >> : tunables : >> >> slabdata >> >> ext3_inode_cache 98472 150260 760 5 1 : tunables 54 27 >> >> 8 : slabdata 30052 30052 189 >> >> >> >> Is it 1 big filesystem with about 1,342,177,280 inodes. Has this >> >> amount ever be tested in the wild? >> > >> > Not sure if it has been tested in the wild or not but the filesystem >> > itself contains a _TON_ of hardlinks. Creation of hardlinks is one of the >> > big purposes of this filesystem. >> > >> >> Well then my idea of making smaller filesystems would break that >> then... hmmm I would say that its time to escalate this to Level 2 >> support :). What do the filesystem kernel people think? I would bring >> them in to see if there is something we are missing. Maybe something >> in the dealing with that many inodes per file is causing a problem (or >> maybe this is just known behaviour for large filesystems.) By the way, >> this is a 64 bit OS correct? >> > > Correct, 64 bit OS. I'm going to get some of our FS guys on the horn as > soon as RH is back to work. I think most of them will return on Monday. > Slackers... in my day.. oh its time for my applesauce at the old sys-admin home. Back later. I think actually the inode/hardlink might be having an issue evne if the files being tested aren't multiples of hardlinks. The journalling and filesystem are going to want to optimize how they are getting data. Hmmm if you want to completely break things... what are the speedups/slowdowns if you mount it as ext2 instead of ext3 :). -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From jkeating at redhat.com Fri Jan 2 22:09:49 2009 From: jkeating at redhat.com (Jesse Keating) Date: Fri, 02 Jan 2009 14:09:49 -0800 Subject: Disk IO issues In-Reply-To: References: <1230792465.11717.121.camel@code.and.org> <20090101121703.GA25557@imperial.ac.uk> <1230923878.11717.154.camel@code.and.org> Message-ID: <1230934189.4566.14.camel@localhost.localdomain> On Fri, 2009-01-02 at 13:28 -0600, Mike McGrath wrote: > > There are other directories at /mnt/koji/static-repos/. A directory like > static-repos contains almost exclusively hardlinks to those packages. > > Since many of those hardlink oriented directories can be recreated, we > don't bother backing them up so I haven't been testing with them. We stopped making hardlinks in those directories a while back, during the last round of "make it faster". /mnt/koji/repos/ contains a number of directories that just have repodata in them, that reference the relative path back to /mnt/koji/packages. The /mnt/koji/mash/ tree is where all the hardlinks are. These are composes of koji tags for things like rawhide and releases. It's here that we make hardlinks back to /mnt/koji/packages/ for the individual rpms. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Sat Jan 3 05:29:38 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 2 Jan 2009 23:29:38 -0600 (CST) Subject: Outage Notification - 2009-01-03 04:16 UTC Message-ID: There is a current unscheduled outage starting at 2009-01-03 UTC, which will last for an unknown amount of time. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2009-01-03 04:16 UTC' Affected Services: Fedora Hosted (Auth) Mail Websites (FAS, PackageDB and other applications that use PostgreSQL) Any services that require authentication that are not shell based or cert based Unaffected Services: Buildsystem Database (Partial) CVS / Source Control DNS Mirror System Torrent Translation Services Reason for Outage: The server that hosts db2 is currently down. The biggest impact of this is authenticated services are offline. A technician has been called and services will be restored as soon as possible. ETA for tech on site is around 3-4 hours. Contact Information: Please join #fedora-admin in irc.freenode.net or respond to this email to track the status of this outage. From mmcgrath at redhat.com Sat Jan 3 09:42:07 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 3 Jan 2009 03:42:07 -0600 (CST) Subject: Outage Notification - 2009-01-03 04:16 UTC In-Reply-To: References: Message-ID: On Fri, 2 Jan 2009, Mike McGrath wrote: > There is a current unscheduled outage starting at 2009-01-03 UTC, which > will last for an unknown amount of time. > Should be over now, tech replaced mobo and we're back in business. Happy new year all! -Mike From sspreitzer at fedoraproject.org Sat Jan 3 21:29:18 2009 From: sspreitzer at fedoraproject.org (Sascha Thomas Spreitzer) Date: Sat, 3 Jan 2009 22:29:18 +0100 Subject: calling out for a sponsor Message-ID: Hello list, im shouting out for a sponsor, is someone willing to sponsor me? -- Mit freundlichen Gr??en, / with kind regards, Sascha Thomas Spreitzer http://spreitzer.name/ From ricky at fedoraproject.org Sat Jan 3 23:24:04 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Sat, 3 Jan 2009 18:24:04 -0500 Subject: calling out for a sponsor In-Reply-To: References: Message-ID: <20090103232404.GC15656@sphe.fedora.phx.redhat.com> On 2009-01-03 10:29:18 PM, Sascha Thomas Spreitzer wrote: > im shouting out for a sponsor, is someone willing to sponsor me? Hey, what type of things are you interested in working on (as in, what groups are you looking for sponsors for)? Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From Matt_Domsch at dell.com Sun Jan 4 00:32:38 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Sat, 3 Jan 2009 18:32:38 -0600 Subject: Disk IO issues In-Reply-To: References: Message-ID: <20090104003238.GB18649@auslistsprd01.us.dell.com> On Wed, Dec 31, 2008 at 02:42:27PM -0600, Mike McGrath wrote: > Lets pool some knowledge together because at this point, I'm missing > something. > > I've been doing all measurements with sar as bonnie, etc, causes builds to > timeout. > > Problem: We're seeing slower then normal disk IO. At least I think we > are. This is a PERC5/E and MD1000 array. > > When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get > around 4-6MBytes/s That's sucky. > When I do a cp of a large file "cp /mnt/koji/out /tmp/" I get > 30-40MBytes/s. > > If I "cat /dev/sde > /dev/null" I get between 225-300MBytes/s read. That's about what I would expect for straight block reads. > The above tests are pretty consistent. /dev/sde is a raid5 array, > hardware raid. Remember, RAID 5's worst performance is for writes. In your 14-drive array, it has to calculate parity across all the drives, then write the data across all the drives. As long as it's pure writes (e.g. not read/modify/write) it's not so bad, but still slower than you might think. What ext3 journaling options are enabled (e.g. what does 'mount' say)? If it's data=ordered (the default), that's OK. If it's data=journal, then all the data gets written twice (first to the journal, then the journal to the disk), which is really really slow, and the size of the journal would really make a difference too. RAID controllers also tend to benefit from using the noop scheduler, which effectively defers the scheduling to the RAID controller. Note that cp doesn't fdatasync(), so the I/Os will be scheduled, but not necessarily completed, when cp returns. Which might make your numbers even more optimistic than they really are. :-( -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From k.georgiou at imperial.ac.uk Sun Jan 4 03:02:55 2009 From: k.georgiou at imperial.ac.uk (Kostas Georgiou) Date: Sun, 4 Jan 2009 03:02:55 +0000 Subject: Disk IO issues In-Reply-To: <20090104003238.GB18649@auslistsprd01.us.dell.com> References: <20090104003238.GB18649@auslistsprd01.us.dell.com> Message-ID: <20090104030255.GA2333@imperial.ac.uk> On Sat, Jan 03, 2009 at 06:32:38PM -0600, Matt Domsch wrote: > What ext3 journaling options are enabled (e.g. what does 'mount' say)? > If it's data=ordered (the default), that's OK. If it's data=journal, > then all the data gets written twice (first to the journal, then the > journal to the disk), which is really really slow, and the size of the > journal would really make a difference too. For an NFS server (assuming that you aren't exporting as async) data=journal can give you better performance than anything else actually. The NFS howto has a brief note in the performance section about this. Kostas From Matt_Domsch at dell.com Sun Jan 4 05:34:05 2009 From: Matt_Domsch at dell.com (Matt Domsch) Date: Sat, 3 Jan 2009 23:34:05 -0600 Subject: Disk IO issues In-Reply-To: <20090104030255.GA2333@imperial.ac.uk> References: <20090104003238.GB18649@auslistsprd01.us.dell.com> <20090104030255.GA2333@imperial.ac.uk> Message-ID: <20090104053405.GC18649@auslistsprd01.us.dell.com> On Sun, Jan 04, 2009 at 03:02:55AM +0000, Kostas Georgiou wrote: > On Sat, Jan 03, 2009 at 06:32:38PM -0600, Matt Domsch wrote: > > > What ext3 journaling options are enabled (e.g. what does 'mount' say)? > > If it's data=ordered (the default), that's OK. If it's data=journal, > > then all the data gets written twice (first to the journal, then the > > journal to the disk), which is really really slow, and the size of the > > journal would really make a difference too. > > For an NFS server (assuming that you aren't exporting as async) > data=journal can give you better performance than anything else > actually. The NFS howto has a brief note in the performance section > about this. Yes, if the slowness is seen by applications on the client side of the NFS server, data=journal on the NFS server can help. Mike, your tests were all on the local file system, not across an NFS connection, right? data=journal can only buffer up to the size of the journal. Given the comments about speed with "large files", unless the journal is specifically tuned to be large enough to handle them, no dice. -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux From sascha at spreitzer.name Sun Jan 4 09:52:01 2009 From: sascha at spreitzer.name (Sascha Thomas Spreitzer) Date: Sun, 4 Jan 2009 10:52:01 +0100 Subject: calling out for a sponsor In-Reply-To: <20090103232404.GC15656@sphe.fedora.phx.redhat.com> References: <20090103232404.GC15656@sphe.fedora.phx.redhat.com> Message-ID: Hey ricky, pointing out to my introduction, which I sent earlier, I am passionate in system infrastructure, system and application integration. If I could choose a specific topic or range, I would choose to plan, integrate, maintain and develop on the fedora infrastructure. To abbreviate the topic: Setting up boxes, fix bugs/issues, do calls and whatsoever. Look at the description on my XING page, you might discover more topics I could be connected with. http://spreitzer.name/ best regards, Sascha 2009/1/4 Ricky Zhou : > On 2009-01-03 10:29:18 PM, Sascha Thomas Spreitzer wrote: >> im shouting out for a sponsor, is someone willing to sponsor me? > Hey, what type of things are you interested in working on (as in, what > groups are you looking for sponsors for)? > > Thanks, > Ricky > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > -- Mit freundlichen Gr??en, / with kind regards, Sascha Thomas Spreitzer http://spreitzer.name/ From mmcgrath at redhat.com Sun Jan 4 17:59:38 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 4 Jan 2009 11:59:38 -0600 (CST) Subject: Disk IO issues In-Reply-To: <20090104053405.GC18649@auslistsprd01.us.dell.com> References: <20090104003238.GB18649@auslistsprd01.us.dell.com> <20090104030255.GA2333@imperial.ac.uk> <20090104053405.GC18649@auslistsprd01.us.dell.com> Message-ID: On Sat, 3 Jan 2009, Matt Domsch wrote: > On Sun, Jan 04, 2009 at 03:02:55AM +0000, Kostas Georgiou wrote: > > On Sat, Jan 03, 2009 at 06:32:38PM -0600, Matt Domsch wrote: > > > > > What ext3 journaling options are enabled (e.g. what does 'mount' say)? > > > If it's data=ordered (the default), that's OK. If it's data=journal, > > > then all the data gets written twice (first to the journal, then the > > > journal to the disk), which is really really slow, and the size of the > > > journal would really make a difference too. > > > > For an NFS server (assuming that you aren't exporting as async) > > data=journal can give you better performance than anything else > > actually. The NFS howto has a brief note in the performance section > > about this. > > Yes, if the slowness is seen by applications on the client side of the > NFS server, data=journal on the NFS server can help. > > Mike, your tests were all on the local file system, not across an NFS > connection, right? > Correct, though (obviously) we're seeing the slownees remotely as well. -Mike From rhanna at informatiq.org Sun Jan 4 20:42:29 2009 From: rhanna at informatiq.org (Ramez Hanna) Date: Sun, 4 Jan 2009 22:42:29 +0200 Subject: Disk IO issues In-Reply-To: References: <20090104003238.GB18649@auslistsprd01.us.dell.com> <20090104030255.GA2333@imperial.ac.uk> <20090104053405.GC18649@auslistsprd01.us.dell.com> Message-ID: <6a65d5240901041242o2c8c216ev237ccaa44fee7bd8@mail.gmail.com> On Sun, Jan 4, 2009 at 7:59 PM, Mike McGrath wrote: > On Sat, 3 Jan 2009, Matt Domsch wrote: > > > On Sun, Jan 04, 2009 at 03:02:55AM +0000, Kostas Georgiou wrote: > > > On Sat, Jan 03, 2009 at 06:32:38PM -0600, Matt Domsch wrote: > > > > > > > What ext3 journaling options are enabled (e.g. what does 'mount' > say)? > > > > If it's data=ordered (the default), that's OK. If it's data=journal, > > > > then all the data gets written twice (first to the journal, then the > > > > journal to the disk), which is really really slow, and the size of > the > > > > journal would really make a difference too. > > > > > > For an NFS server (assuming that you aren't exporting as async) > > > data=journal can give you better performance than anything else > > > actually. The NFS howto has a brief note in the performance section > > > about this. > > > > Yes, if the slowness is seen by applications on the client side of the > > NFS server, data=journal on the NFS server can help. > > > > Mike, your tests were all on the local file system, not across an NFS > > connection, right? > > > > Correct, though (obviously) we're seeing the slownees remotely as well. > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > Hi, I've had no previous experience with such issues but here are my 2 cents IMHO if the slowness is seen locally as well as remotely then i would start thinking about filesystem options, or even consider a different filesystem. I think that you need to eliminate first the HW issues (raid, disk speed, etc) then look more into fs specific options wich were discussed in several previous emails -------------- next part -------------- An HTML attachment was scrubbed... URL: From francois.cami at free.fr Sun Jan 4 21:08:20 2009 From: francois.cami at free.fr (FD Cami) Date: Sun, 4 Jan 2009 22:08:20 +0100 Subject: Disk IO issues In-Reply-To: References: <20090104003238.GB18649@auslistsprd01.us.dell.com> <20090104030255.GA2333@imperial.ac.uk> <20090104053405.GC18649@auslistsprd01.us.dell.com> Message-ID: <20090104220820.6bd487b3@olorin> On Sun, 4 Jan 2009 11:59:38 -0600 (CST) Mike McGrath wrote: > On Sat, 3 Jan 2009, Matt Domsch wrote: > > > On Sun, Jan 04, 2009 at 03:02:55AM +0000, Kostas Georgiou wrote: > > > > Mike, your tests were all on the local file system, not across an NFS > > connection, right? > > > > Correct, though (obviously) we're seeing the slownees remotely as well. Hi Mike, list, The dd and cat numbers in your email are consistent with what I get from both my RAID5 arrays (PERC5/i controllers), with 4 and 6 15kRPM drives (in PowerEdge 2900s). Have you tried experimenting with stride and stripe_width ? stride needs to be the same as whatever per disk chunk size the RAID array was configured with (that should show up in the PERC5/E BIOS at least), and stripe_width is stride*N with N being the number of data disks, i.e. without parity. I'm paraphrasing "man tune2fs", it's probably better explained there. Those can be tuned with tune2fs (-E), although I've never done that to a live FS, so the usual caveats about backups apply. Sorry about the noise if that was done or discussed before, I've just read the thread back and did find anything related to this. Best, Francois Cami From adrian at lisas.de Sun Jan 4 22:55:12 2009 From: adrian at lisas.de (Adrian Reber) Date: Sun, 4 Jan 2009 23:55:12 +0100 Subject: error syncing archive.fedoraproject.org Message-ID: <20090104225510.GA2290@lisas.de> Syncing archive.fedoraproject.org::fedora-archive/fedora/ I get following errors: rsync: send_files failed to open "/fedora/linux/core/1/i386/iso/.yarrow-SRPMS-disc3.iso.zLIL8J" (in fedora-archive): Permission denied (13) rsync: send_files failed to open "/fedora/linux/core/1/x86_64/iso/.yarrow-x86_64-disc1.iso.kBKjTE" (in fedora-archive): Permission denied (13) Adrian From thinklinux.ssh at gmail.com Mon Jan 5 05:10:32 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 5 Jan 2009 10:40:32 +0530 Subject: Is executing php scripts from fedorapeople possible? Message-ID: http://susmit.fedorapeople.org/freemedia/form.php When I click on submit, it shows the code, but does not execute. Is there any workaround for this? Or I am missing something really easy? Thanks. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From jeff at ocjtech.us Mon Jan 5 05:23:50 2009 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Sun, 4 Jan 2009 23:23:50 -0600 Subject: Is executing php scripts from fedorapeople possible? In-Reply-To: References: Message-ID: <935ead450901042123l253e8619td91e116f38daace0@mail.gmail.com> On Sun, Jan 4, 2009 at 11:10 PM, susmit shannigrahi wrote: > http://susmit.fedorapeople.org/freemedia/form.php > > When I click on submit, it shows the code, but does not execute. > Is there any workaround for this? Or I am missing something really easy? fedorapeople.org isn't really meant as a general purpose hosting site, so things like PHP and CGIs aren't allowed. If you want to experiment with Fedora Infrastructure related stuff you can request access to test Xen hosts where new Fedora Infrastructure services can be developed. You'll need to show that you've worked most of the bugs out on a local system first, and you're ready to move onto some more public testing. The process is described in much more detail here: http://fedoraproject.org/wiki/Infrastructure/RFR You'll especially want to consider the language you're writing in. PHP, while not completely verboten, is only accepted if there are really strong reasons why something else is not acceptable. -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" From thinklinux.ssh at gmail.com Mon Jan 5 05:29:38 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 5 Jan 2009 10:59:38 +0530 Subject: Is executing php scripts from fedorapeople possible? In-Reply-To: <935ead450901042123l253e8619td91e116f38daace0@mail.gmail.com> References: <935ead450901042123l253e8619td91e116f38daace0@mail.gmail.com> Message-ID: > fedorapeople.org isn't really meant as a general purpose hosting site, > so things like PHP and CGIs aren't allowed. If you want to experiment > with Fedora Infrastructure related stuff you can request access to > test Xen hosts where new Fedora Infrastructure services can be > developed. Thanks for the information. > You'll need to show that you've worked most of the bugs out on a local > system first, and you're ready to move onto some more public testing. > The process is described in much more detail here: There is nothing in the scripts, they just take input requester details from the form and send a line of text to a trac instance for raising a new ticket. :) Its working nicely on my home machine. Thanks again. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From sascha at spreitzer.name Mon Jan 5 06:40:09 2009 From: sascha at spreitzer.name (Sascha Thomas Spreitzer) Date: Mon, 5 Jan 2009 07:40:09 +0100 Subject: error syncing archive.fedoraproject.org In-Reply-To: <20090104225510.GA2290@lisas.de> References: <20090104225510.GA2290@lisas.de> Message-ID: Hey, looks like these are temporary files being renamed after work to their final names. regards, Sascha 2009/1/4 Adrian Reber : > > Syncing archive.fedoraproject.org::fedora-archive/fedora/ I get > following errors: > > rsync: send_files failed to open "/fedora/linux/core/1/i386/iso/.yarrow-SRPMS-disc3.iso.zLIL8J" (in fedora-archive): Permission denied (13) > rsync: send_files failed to open "/fedora/linux/core/1/x86_64/iso/.yarrow-x86_64-disc1.iso.kBKjTE" (in fedora-archive): Permission denied (13) > > Adrian > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > -- Mit freundlichen Gr??en, / with kind regards, Sascha Thomas Spreitzer http://spreitzer.name/ From mmcgrath at redhat.com Mon Jan 5 14:09:05 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 5 Jan 2009 08:09:05 -0600 (CST) Subject: error syncing archive.fedoraproject.org In-Reply-To: References: <20090104225510.GA2290@lisas.de> Message-ID: On Mon, 5 Jan 2009, Sascha Thomas Spreitzer wrote: > Hey, > > looks like these are temporary files being renamed after work to their > final names. > Should be fixed. -Mike From ivazqueznet at gmail.com Wed Jan 7 19:56:43 2009 From: ivazqueznet at gmail.com (Ignacio Vazquez-Abrams) Date: Wed, 07 Jan 2009 14:56:43 -0500 Subject: [Fwd: Account Security Question] Message-ID: <1231358203.7037.70.camel@ignacio.lan> For your consideration. -------- Forwarded Message -------- From: Michael Tant To: webmaster at fedoraproject.org Subject: Account Security Question Date: Wed, 7 Jan 2009 14:22:20 -0500 Upon creating my account on the fedoraproject site, I was asked to submit a public key and download a client certificate. First, what is the public key used for? I sent a 1024 rsa pubkey made with ssh-keygen. Does it have to be rsa or can I change that to a 2048 dsa key? I commonly use my windows side to access the internet and my linux side more as a server than a terminal side, though it has client side available. Should the dsa public key be kept on the browser side, or isolated to the linux side? The Private Key is kept offline on removable media. In regards to the certificate, it requests I add this to a particular location in the system. Is the certificate used to authenticate my sessions with fedoraproject or just for the purposes of linux developing? If it is used for authentication, can this be used on a windows based system, or should I login from my linux side? I'm not a developer as of yet, my programming skills are hardly up to par yet. Regardless of the use, events of yesterday lead me to ask, is this a MD5 hash or SHA1 or SHA2 hash? I ask this because of the collision exploit to md5 certificates. Please let me know, and if it is a MD5 hash, can I request a SHA clientside certificate? Being new to Linux, I am thrilled to to have membership in fedoraproject, as I have found linux nearly superior to windows in many areas. Thank You, Michael Tant -- Ignacio Vazquez-Abrams -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From ricky at fedoraproject.org Wed Jan 7 23:31:17 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Wed, 7 Jan 2009 18:31:17 -0500 Subject: [Fwd: Account Security Question] In-Reply-To: <1231358203.7037.70.camel@ignacio.lan> References: <1231358203.7037.70.camel@ignacio.lan> Message-ID: <20090107233117.GA15753@sphe.fedora.phx.redhat.com> On 2009-01-07 02:56:43 PM, Ignacio Vazquez-Abrams wrote: > For your consideration. > > -------- Forwarded Message -------- > From: Michael Tant > To: webmaster at fedoraproject.org > Subject: Account Security Question > Date: Wed, 7 Jan 2009 14:22:20 -0500 > > Upon creating my account on the fedoraproject site, I was asked to > submit a public key and download a client certificate. First, what is > the public key used for? I sent a 1024 rsa pubkey made with ssh-keygen. > Does it have to be rsa or can I change that to a 2048 dsa key? I > commonly use my windows side to access the internet and my linux side > more as a server than a terminal side, though it has client side > available. Should the dsa public key be kept on the browser side, or > isolated to the linux side? The Private Key is kept offline on > removable media. The public key is used if you need to authenticate to any of our services over SSH. This includes commit access for CVS and other code repositories or any shell access to our machines. We currently require RSA keys. You'll want to have your private key available on any machine that you use to SSH or commit code from. The public key is only needed on the machines that will be accepting your private key (which is why we ask for it). > In regards to the certificate, it requests I add this to a particular > location in the system. Is the certificate used to authenticate my > sessions with fedoraproject or just for the purposes of linux > developing? If it is used for authentication, can this be used on a > windows based system, or should I login from my linux side? I'm not a > developer as of yet, my programming skills are hardly up to par yet. > Regardless of the use, events of yesterday lead me to ask, is this a MD5 > hash or SHA1 or SHA2 hash? I ask this because of the collision exploit > to md5 certificates. Please let me know, and if it is a MD5 hash, can I > request a SHA clientside certificate? This certificiate is currently only used to authenticate to koji and plague, the buildsystems for Fedora and EPEL, although we're considering using key authentication in more places in the future. Right now, you'll only need a copy of it if you plan on becoming a package maintainer. > Being new to Linux, I am thrilled to to have membership in > fedoraproject, as I have found linux nearly superior to windows in many > areas. Welcome! Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Thu Jan 8 05:14:29 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 7 Jan 2009 23:14:29 -0600 (CST) Subject: FUDCon Message-ID: Just a reminder to everyone, FUDCon is on the way soon. Many of us (myself included) will be traveling and not as available as usual. Please be extra careful about any changes you make. For example, don't make a change to our global.pp file and then get on an air plane. -Mike From nigjones at redhat.com Thu Jan 8 05:58:15 2009 From: nigjones at redhat.com (Nigel Jones) Date: Thu, 8 Jan 2009 00:58:15 -0500 (EST) Subject: FUDCon In-Reply-To: Message-ID: <3507232.131231394306836.JavaMail.njones@njones> I'll be sitting here in Brisbane if there is any urgentish issues during Brisbane hours (UTC+10), might as well let the FUDCon'ers have their fun :) - Nigel ----- Original Message ----- From: "Mike McGrath" To: "Fedora Infrastructure List" Sent: Thursday, January 8, 2009 3:14:29 PM GMT +10:00 Brisbane Subject: FUDCon Just a reminder to everyone, FUDCon is on the way soon. Many of us (myself included) will be traveling and not as available as usual. Please be extra careful about any changes you make. For example, don't make a change to our global.pp file and then get on an air plane. -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list at redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From atl.jd.williams at gmail.com Thu Jan 8 15:24:51 2009 From: atl.jd.williams at gmail.com (Jeff Williams) Date: Thu, 8 Jan 2009 10:24:51 -0500 Subject: Introduction: This is me... Message-ID: Hello. My name is Jeff Williams and have been looking for a Fedora group to join to contribute in at least a small way. I have been a Unix and Linux sysadmin for at least 13 years (in addition to other sysadmin experience on other platforms). I am also a systems programmer (mostly C but lots of ksh/bash/awk) and all-around computer handyman. I don't have a ton of time to contribute to the efforts of this group right now but would like to at least see how the group operates and what the processes are. Looking forward to it. Jeff -------------- next part -------------- An HTML attachment was scrubbed... URL: From dreiland at hotmail.com Thu Jan 8 15:48:35 2009 From: dreiland at hotmail.com (Doug Reiland) Date: Thu, 8 Jan 2009 10:48:35 -0500 Subject: koji and package dependencies Message-ID: Is this list the right place to ask koji releated questions? If so: I am playing with koji by setting up a local build system. I have am able to do some examples like build the bash package. I am now attempting to setup a large collection of packages and wondering about package dependencies and ordering. How do you prepare a koji-builder system or is that taken care of? For example, if package X requires program foo to build, do I need to be aware of this and make sure foo is on koji-builder system. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From dennis at ausil.us Thu Jan 8 15:53:03 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Thu, 8 Jan 2009 09:53:03 -0600 Subject: koji and package dependencies In-Reply-To: References: Message-ID: <200901080953.10165.dennis@ausil.us> On Thursday 08 January 2009 09:48:35 am Doug Reiland wrote: > Is this list the right place to ask koji releated questions? > > If so: > > I am playing with koji by setting up a local build system. > I have am able to do some examples like build the bash package. > > I am now attempting to setup a large collection of packages and wondering > about package dependencies and ordering. How do you prepare a koji-builder > system or is that taken care of? For example, if package X requires program > foo to build, do I need to be aware of this and make sure foo is on > koji-builder system. you need to have either built/imported all packages that you need to build against. and they need to be available via inheritance to the build tag. Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: From stickster at gmail.com Thu Jan 8 17:05:48 2009 From: stickster at gmail.com (Paul W. Frields) Date: Thu, 8 Jan 2009 12:05:48 -0500 Subject: FUDCon In-Reply-To: <3507232.131231394306836.JavaMail.njones@njones> References: <3507232.131231394306836.JavaMail.njones@njones> Message-ID: <20090108170548.GC5284@localhost.localdomain> On Thu, Jan 08, 2009 at 12:58:15AM -0500, Nigel Jones wrote: > I'll be sitting here in Brisbane if there is any urgentish issues > during Brisbane hours (UTC+10), might as well let the FUDCon'ers > have their fun :) That's really good of you, Nigel -- thanks for pitching in! :-) -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From thinklinux.ssh at gmail.com Thu Jan 8 18:31:20 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Fri, 9 Jan 2009 00:01:20 +0530 Subject: Installed Trac plugins not showing up. In-Reply-To: References: <1230572123.17296.48.camel@localhost.localdomain> <20081229204650.GG6975@sphe.fedora.phx.redhat.com> <20081229213746.GD25189@sphe.fedora.phx.redhat.com> <4959EBC9.9000207@redhat.com> Message-ID: > This plugin is packaged and available for use, I had a problem with it > last night that turned out to be a simple typo in the trac.ini (I was > apparently too tired to notice, since I stared at it for a bit and > since the upstream site was down, I just gave up, but I immediately > saw it this morning).... > > I've enabled it in the famnarequests and freemedia projects. Let me > know if you have any problems. A big thanks...it is working properly and solved my problems. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From soimafreak at gmail.com Sat Jan 10 13:26:51 2009 From: soimafreak at gmail.com (Matthew ...) Date: Sat, 10 Jan 2009 13:26:51 +0000 Subject: Hello List... Message-ID: <600c3330901100526t1213e146we355520dc5d12879@mail.gmail.com> Hi all, Just a quick introduction, to say my names Matt, and after using Linux for several years I thought I'd try and make a contribution of some sort. Not really sure what I can do to help but thought i would start by just watching what goes on. I have a few skills that may/may not be of help. I'm quite good with PHP/AJAX/XML I can use mysql, but have never done anything overly complicated with it. I have done some Bash/Perl scripting and I'm not afraid to do more! I would like to learn more about Python. I'm a certified RHCE and i'm pretty good with RHN-Satellite although that probably is not so useful :) other than that... i'm pretty good with Cisco ASA's and switches and general networky things. Hope I can be of help, Regards, Matt. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Sat Jan 10 14:35:44 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 10 Jan 2009 08:35:44 -0600 (CST) Subject: Introduction: This is me... In-Reply-To: References: Message-ID: On Thu, 8 Jan 2009, Jeff Williams wrote: > Hello.? My name is Jeff Williams and have been looking for a Fedora group to join to contribute in at least a small way. > > I have been a Unix and Linux sysadmin for at least 13 years (in addition to other sysadmin experience on other > platforms).? I am also a systems programmer (mostly C but lots of ksh/bash/awk) and all-around computer handyman. > > I don't have a ton of time to contribute to the efforts of this group right now but would like to at least see how the > group operates and what the processes are. > > Looking forward to it. > Welcome Jeff, feel free to contribute or talk whenever the itch comes up. -Mike From mmcgrath at redhat.com Sat Jan 10 14:40:24 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 10 Jan 2009 08:40:24 -0600 (CST) Subject: Hello List... In-Reply-To: <600c3330901100526t1213e146we355520dc5d12879@mail.gmail.com> References: <600c3330901100526t1213e146we355520dc5d12879@mail.gmail.com> Message-ID: On Sat, 10 Jan 2009, Matthew ... wrote: > Hi all, > > Just a quick introduction, to say my names Matt, and after using Linux for several years I thought I'd try and make a > contribution of some sort. > > Not really sure what I can do to help but thought i would start by just watching what goes on. > > I have a few skills that may/may not be of help. I'm quite good with PHP/AJAX/XML I can use mysql, but have never done > anything overly complicated with it. I have done some Bash/Perl scripting and I'm not afraid to do more! I would like to > learn more about Python. > I'm a certified RHCE and i'm pretty good with RHN-Satellite although that probably is not so useful :) other than that... > i'm pretty good with Cisco ASA's and switches and general networky things. > Welcome Matthew, stop by #fedora-admin on irc.freenode.net. Also participate on this list, we don't have too much in the way of needing php stuff but RHCE level skills are always nice to have around so whenver you want to say something, just say it :) -Mike From atl.jd.williams at gmail.com Sat Jan 10 14:57:30 2009 From: atl.jd.williams at gmail.com (Jeff Williams) Date: Sat, 10 Jan 2009 09:57:30 -0500 Subject: Introduction: This is me... In-Reply-To: References: Message-ID: Thanks, Mike, I won't hesitate to speak up. 2009/1/10 Mike McGrath > On Thu, 8 Jan 2009, Jeff Williams wrote: > > > Hello. My name is Jeff Williams and have been looking for a Fedora group > to join to contribute in at least a small way. > > > > I have been a Unix and Linux sysadmin for at least 13 years (in addition > to other sysadmin experience on other > > platforms). I am also a systems programmer (mostly C but lots of > ksh/bash/awk) and all-around computer handyman. > > > > I don't have a ton of time to contribute to the efforts of this group > right now but would like to at least see how the > > group operates and what the processes are. > > > > Looking forward to it. > > > > Welcome Jeff, feel free to contribute or talk whenever the itch comes up. > > -Mike > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From n1ghtcr4wler at gmail.com Sat Jan 10 19:25:47 2009 From: n1ghtcr4wler at gmail.com (Ricardo Ichizo) Date: Sat, 10 Jan 2009 17:25:47 -0200 Subject: Introduction Message-ID: <9ae7d5480901101125l9cf688el566d05ee84a4cb3b@mail.gmail.com> Hi all, I'm Ricardo Ichizo from Brazil. Currently, I'm involved with Fedora Ambassador project, but I'd like to contribute and help this project too. I'm a LPI 2 certificate and I work as System Analyst (C and Python/Django). I have three year of experience with PostgreSQL and Oracle Databases (DBA). And I also work as infrastructure consultant (independent). Before send this email I was looking the trac system of Infrastructure project and I guess I could help a little ;) Best Regards, -- Ricardo Ichizo -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Sun Jan 11 16:32:37 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 11 Jan 2009 10:32:37 -0600 (CST) Subject: RFC - sysadmin guidelines Message-ID: This isn't really required but it's my intention to implement these policies (or what we come to after some discussion). This is targeted _ONLY_ at this team and those with shell access to our servers. Its not my intention to roll it out to the larger community, though its certainly a good idea for people to read through it. http://mmcgrath.fedorapeople.org/policy/ Give these a read and think on them some. There's quite a bit there. I understand that much of what is listed there is impossible to enforce, and I certainly don't think we'll be at the point where I'm removing people from groups who aren't following the policies but I'm hoping it won't come to that. For now though I'm thinking the honor system. -Mike From mmcgrath at redhat.com Sun Jan 11 17:01:01 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sun, 11 Jan 2009 11:01:01 -0600 (CST) Subject: Introduction In-Reply-To: <9ae7d5480901101125l9cf688el566d05ee84a4cb3b@mail.gmail.com> References: <9ae7d5480901101125l9cf688el566d05ee84a4cb3b@mail.gmail.com> Message-ID: On Sat, 10 Jan 2009, Ricardo Ichizo wrote: > Hi all, > > I'm Ricardo Ichizo from Brazil. > Currently, I'm involved with Fedora Ambassador project, but I'd like to contribute and help this project too. > > I'm a LPI 2 certificate and I work as System Analyst (C and Python/Django). I have three year of > experience with PostgreSQL and Oracle Databases (DBA). And I also work as infrastructure consultant > (independent). > > Before send this email I was looking the trac system of Infrastructure project and I guess I could help a > little ;) > Welcome Ricardo from Brazil :) Always feel free to participate on this list and, when you can, stop by irc.freenode.net in #fedora-admin. We have weekly meetings as well that are good to attend. http://fedoraproject.org/wiki/Infrastructure/Meetings -Mike From francois.cami at free.fr Sun Jan 11 17:25:59 2009 From: francois.cami at free.fr (FD Cami) Date: Sun, 11 Jan 2009 18:25:59 +0100 Subject: Introduction - =?utf-8?b?RnJhbsOnb2lz?= Cami Message-ID: <20090111182559.6e205a92@olorin> Hi list, I'd like to get involved in the Fedora Infratructure projet, helping with RHEL/Xen administration, network security, backups... I have been running Linux for close to ten years, going from then-Mandrake to Slackware, then Gentoo, CentOS and Fedora. I know Bash, Python, C, and some Perl/PHP ; and also LVM, squid, apache, postfix, iptables/netfilter, bind, samba, and assorted apps like mailman and request-tracker. My day life gravitates between RHEL5/Xen and Cisco PIX and Catalyst administration. I live in UTC+1/UTC+2. My Freenode IRC nickname and FAS account are both fcami. Best regards, F.D. Cami From dmalcolm at redhat.com Wed Jan 14 00:47:17 2009 From: dmalcolm at redhat.com (David Malcolm) Date: Tue, 13 Jan 2009 19:47:17 -0500 Subject: mod_wsgi issue: solved Message-ID: <1231894037.2371.18.camel@radiator.bos.redhat.com> I've been trying to deploy rpmgrok (a Turbogears 1 app [1]) behind mod_wsgi, and finally figured out why mod_wsgi stopped working when I added a WSGIProcessGroup directive (which avoids having to start a new process per http request) I know bpeck has had similar issues with his "beaker" code [2] It was working on publictest14.fp.org, but not on my local workstation (both RHEL-5 running mod_wsgi from EPEL). Attempts to browse led to no response coming from httpd, and no log. It turned out, I had mod_python installed on the box. Upon disabling "LoadModule python_module modules/mod_python.so" from /etc/httpd/conf.d/python.conf it worked. Known issue? http://code.google.com/p/modwsgi/wiki/InstallationIssues describes another mod_wsgi/mod_python incompatibility, but the symptoms seem different [3] Hope this helps Dave [1] https://fedorahosted.org/rpmgrok/ [2] https://fedorahosted.org/beaker/ [3] debugging attempts led me to find "stuck" httpd threads waiting forever for the global interpreter lock, presumably acquired by mod_python elsewhere in the process: (gdb) bt #0 0x005bf402 in __kernel_vsyscall () #1 0x0018331e in sem_wait at GLIBC_2.0 () from /lib/i686/nosegneg/libpthread.so.0 #2 0x01d97f3b in PyThread_acquire_lock () from /usr/lib/libpython2.4.so.1.0 #3 0x01d74d57 in PyEval_RestoreThread () from /usr/lib/libpython2.4.so.1.0 #4 0x01d9104f in PyGILState_Ensure () from /usr/lib/libpython2.4.so.1.0 #5 0x00c65785 in wsgi_start_process (p=0x918a550, daemon=0x92b91a8) at mod_wsgi.c:8706 #6 0x00c661b3 in wsgi_hook_init (pconf=0x918a550, ptemp=0x91b8608, plog=0x91bc618, s=0x918c3f0) at mod_wsgi.c:8919 #7 0x00c27783 in ap_run_post_config (pconf=0x918a550, plog=0x91b8608, ptemp=0x91bc618, s=0x918c3f0) at /usr/src/debug/httpd-2.2.3/server/config.c:91 #8 0x00c1311d in main (argc=152602056, argv=0x9281448) at /usr/src/debug/httpd-2.2.3/server/main.c:706 and: grep /proc/$PID/maps mod_ showed mod_python to be loaded. From a.badger at gmail.com Wed Jan 14 01:17:43 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Tue, 13 Jan 2009 17:17:43 -0800 Subject: mod_wsgi issue: solved In-Reply-To: <1231894037.2371.18.camel@radiator.bos.redhat.com> References: <1231894037.2371.18.camel@radiator.bos.redhat.com> Message-ID: <496D3D37.9030007@gmail.com> David Malcolm wrote: > I've been trying to deploy rpmgrok (a Turbogears 1 app [1]) behind > mod_wsgi, and finally figured out why mod_wsgi stopped working when I > added a WSGIProcessGroup directive (which avoids having to start a new > process per http request) > > I know bpeck has had similar issues with his "beaker" code [2] > > It was working on publictest14.fp.org, but not on my local workstation > (both RHEL-5 running mod_wsgi from EPEL). > > Attempts to browse led to no response coming from httpd, and no log. > > It turned out, I had mod_python installed on the box. > > Upon disabling "LoadModule python_module modules/mod_python.so" > from /etc/httpd/conf.d/python.conf it worked. > > Known issue? http://code.google.com/p/modwsgi/wiki/InstallationIssues > describes another mod_wsgi/mod_python incompatibility, but the symptoms > seem different [3] > I know that we had problems with mod_wsgi and mod_python running together but don't know if it was the same issue. At this point I believe we aren't running mod_python anywhere (definitely not on the app servers in any case). -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From nigjones at redhat.com Wed Jan 14 14:48:12 2009 From: nigjones at redhat.com (Nigel Jones) Date: Wed, 14 Jan 2009 09:48:12 -0500 (EST) Subject: mod_wsgi issue: solved In-Reply-To: <496D3D37.9030007@gmail.com> Message-ID: <1932622540.869961231944492145.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> Only trac (hosted1/hosted2) if memory serves correct. - Nigel ----- "Toshio Kuratomi" wrote: > David Malcolm wrote: > > I've been trying to deploy rpmgrok (a Turbogears 1 app [1]) behind > > mod_wsgi, and finally figured out why mod_wsgi stopped working when > I > > added a WSGIProcessGroup directive (which avoids having to start a > new > > process per http request) > > > > I know bpeck has had similar issues with his "beaker" code [2] > > > > It was working on publictest14.fp.org, but not on my local > workstation > > (both RHEL-5 running mod_wsgi from EPEL). > > > > Attempts to browse led to no response coming from httpd, and no > log. > > > > It turned out, I had mod_python installed on the box. > > > > Upon disabling "LoadModule python_module modules/mod_python.so" > > from /etc/httpd/conf.d/python.conf it worked. > > > > Known issue? > http://code.google.com/p/modwsgi/wiki/InstallationIssues > > describes another mod_wsgi/mod_python incompatibility, but the > symptoms > > seem different [3] > > > I know that we had problems with mod_wsgi and mod_python running > together but don't know if it was the same issue. At this point I > believe we aren't running mod_python anywhere (definitely not on the > app > servers in any case). > > -Toshio > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From a.badger at gmail.com Wed Jan 14 15:57:15 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 14 Jan 2009 07:57:15 -0800 Subject: mod_wsgi issue: solved In-Reply-To: <1932622540.869961231944492145.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> References: <1932622540.869961231944492145.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> Message-ID: <496E0B5B.8020702@gmail.com> Nigel Jones wrote: > Only trac (hosted1/hosted2) if memory serves correct. > That's been converted too. -Toshio > - Nigel > ----- "Toshio Kuratomi" wrote: > >> David Malcolm wrote: >>> I've been trying to deploy rpmgrok (a Turbogears 1 app [1]) behind >>> mod_wsgi, and finally figured out why mod_wsgi stopped working when >> I >>> added a WSGIProcessGroup directive (which avoids having to start a >> new >>> process per http request) >>> >>> I know bpeck has had similar issues with his "beaker" code [2] >>> >>> It was working on publictest14.fp.org, but not on my local >> workstation >>> (both RHEL-5 running mod_wsgi from EPEL). >>> >>> Attempts to browse led to no response coming from httpd, and no >> log. >>> It turned out, I had mod_python installed on the box. >>> >>> Upon disabling "LoadModule python_module modules/mod_python.so" >>> from /etc/httpd/conf.d/python.conf it worked. >>> >>> Known issue? >> http://code.google.com/p/modwsgi/wiki/InstallationIssues >>> describes another mod_wsgi/mod_python incompatibility, but the >> symptoms >>> seem different [3] >>> >> I know that we had problems with mod_wsgi and mod_python running >> together but don't know if it was the same issue. At this point I >> believe we aren't running mod_python anywhere (definitely not on the >> app >> servers in any case). >> >> -Toshio >> >> >> _______________________________________________ >> Fedora-infrastructure-list mailing list >> Fedora-infrastructure-list at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From jeff at ocjtech.us Wed Jan 14 21:55:25 2009 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Wed, 14 Jan 2009 15:55:25 -0600 Subject: Infrastructure FAD? Message-ID: <935ead450901141355i57b9fd8bh7c61bc29fe331d4c@mail.gmail.com> Regarding: https://www.redhat.com/archives/fedora-advisory-board/2009-January/msg00017.html What do people think of having an Infrastructure-related FAD (Fedora Activity Day)? Something more along the lines of a hackfest rather than a barcamp style thing. Rel-Eng folks would be welcome too since I'm sure buildsystem stuff will get discussed. Having it in Chicago or the vicinity would be cool since Mike McGrath and Dennis Gilmore are nearby (and I'm not that far off either). Or if you really wanted to get crazy we could have it in Des Moines and I'd be willing to take care of most of the legwork. I might even be able to get some conference space at $DAYJOB for relatively little cost (one bonus of this would be better-than-most-hotel wireless and Internet). Timewise I'm thinking a Saturday in February... Anyway, as long as it's no further from Des Moines than Chicago I'd make a serious attempt to attend... (It's really sucked that I haven't been able to get to a FUDCon). -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" From stickster at gmail.com Wed Jan 14 22:30:57 2009 From: stickster at gmail.com (Paul W. Frields) Date: Wed, 14 Jan 2009 17:30:57 -0500 Subject: Infrastructure FAD? In-Reply-To: <935ead450901141355i57b9fd8bh7c61bc29fe331d4c@mail.gmail.com> References: <935ead450901141355i57b9fd8bh7c61bc29fe331d4c@mail.gmail.com> Message-ID: <20090114223057.GG14350@localhost.localdomain> On Wed, Jan 14, 2009 at 03:55:25PM -0600, Jeffrey Ollie wrote: > Regarding: > > https://www.redhat.com/archives/fedora-advisory-board/2009-January/msg00017.html > > What do people think of having an Infrastructure-related FAD (Fedora > Activity Day)? Something more along the lines of a hackfest rather > than a barcamp style thing. Rel-Eng folks would be welcome too since > I'm sure buildsystem stuff will get discussed. > > Having it in Chicago or the vicinity would be cool since Mike McGrath > and Dennis Gilmore are nearby (and I'm not that far off either). Or > if you really wanted to get crazy we could have it in Des Moines and > I'd be willing to take care of most of the legwork. I might even be > able to get some conference space at $DAYJOB for relatively little > cost (one bonus of this would be better-than-most-hotel wireless and > Internet). > > Timewise I'm thinking a Saturday in February... > > Anyway, as long as it's no further from Des Moines than Chicago I'd > make a serious attempt to attend... (It's really sucked that I haven't > been able to get to a FUDCon). I talked to Mike about this very topic at FUDCon and assured him that we'd support such a FAD whenever someone is interested in planning it. This is exactly the kind of thinking that makes sense for FAD -- getting together people within a day's drive to work on the tasks in which they're regularly participating -- or in which they want to involve or interest other nearby community members. Huzzah! -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From mmcgrath at redhat.com Thu Jan 15 16:17:53 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 15 Jan 2009 10:17:53 -0600 (CST) Subject: DRBD Message-ID: I have a small research project if someone is interested in taking it up. I want to know of Debian, Ubuntu, SuSE and the other major distributions, How many of them include DRBD by default or via some official channel. Also, of people on this list, how many of you use DRBD, in what capacity and what do you think of it? -Mike From gfidente at redhat.com Thu Jan 15 16:37:28 2009 From: gfidente at redhat.com (Giulio Fidente) Date: Thu, 15 Jan 2009 17:37:28 +0100 Subject: DRBD In-Reply-To: References: Message-ID: <496F6648.6050304@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike McGrath wrote: > I have a small research project if someone is interested in taking it up. > I want to know of Debian, Ubuntu, SuSE and the other major distributions, > How many of them include DRBD by default or via some official channel. can't help on this, but > Also, of people on this list, how many of you use DRBD, in what capacity > and what do you think of it? I used it for many purposes ... I think it needs more attention during the configuration phase that how it could appear at a first look, but then it's quite stable and fast too I also managed to use in the active/active mode, with gfs, and in that specific case it wasn't very reliable on heavy loads when it frequently ended hanging the gfs locker, but this was circa 1 year ago! - -- Giulio Fidente, key 08D733BA You must be the change you want to see in the world. -- Gandhi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAklvZkgACgkQUSr9JAjXM7rxRgCfaCIbigquY/DLEq6JoiOpaam+ i7kAn3wQzZZRMYdZcalpXKvK18rCQUzt =3LhE -----END PGP SIGNATURE----- From john.e.anderson at gmail.com Thu Jan 15 16:43:04 2009 From: john.e.anderson at gmail.com (John Anderson) Date: Thu, 15 Jan 2009 10:43:04 -0600 Subject: DRBD In-Reply-To: References: Message-ID: <52e17eb0901150843h305882c0n164cd9999cd48144@mail.gmail.com> CentOS does include them and I use them occasionally. The only specifc instance I can think of off hand was an HA mailfilter. Ubuntu / Debian does not yet include them as far as I am aware. It's not a bad option for replicating on non-SAN boxes. It would be really nice to see it accepted upstream, probably see quite a bit more use. On Thu, Jan 15, 2009 at 10:17 AM, Mike McGrath wrote: > > I have a small research project if someone is interested in taking it up. > I want to know of Debian, Ubuntu, SuSE and the other major distributions, > How many of them include DRBD by default or via some official channel. > > > Also, of people on this list, how many of you use DRBD, in what capacity > and what do you think of it? > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From david at gnsa.us Thu Jan 15 16:38:21 2009 From: david at gnsa.us (David Nalley) Date: Thu, 15 Jan 2009 11:38:21 -0500 Subject: DRBD In-Reply-To: References: Message-ID: On Thu, Jan 15, 2009 at 11:17 AM, Mike McGrath wrote: > > I have a small research project if someone is interested in taking it up. > I want to know of Debian, Ubuntu, SuSE and the other major distributions, > How many of them include DRBD by default or via some official channel. > > > Also, of people on this list, how many of you use DRBD, in what capacity > and what do you think of it? > > -Mike > Debian: Has it. http://packages.debian.org/search?searchon=sourcenames&keywords=drbd SuSE/openSuSE: Has it Find the following note in the drbd changelog for the src rpm: * Mon Jan 29 2007 - lmb at suse.de - Mark drbd as supported by Novell. Ubuntu: Has it http://packages.ubuntu.com/search?keywords=drbd&searchon=names&suite=intrepid§ion=all From david.nalley at fedoraproject.org Thu Jan 15 16:43:14 2009 From: david.nalley at fedoraproject.org (David Nalley) Date: Thu, 15 Jan 2009 11:43:14 -0500 Subject: DRBD In-Reply-To: References: Message-ID: On Thu, Jan 15, 2009 at 11:17 AM, Mike McGrath wrote: > > I have a small research project if someone is interested in taking it up. > I want to know of Debian, Ubuntu, SuSE and the other major distributions, > How many of them include DRBD by default or via some official channel. > > > Also, of people on this list, how many of you use DRBD, in what capacity > and what do you think of it? > > -Mike > Debian: Has it. http://packages.debian.org/search?searchon=sourcenames&keywords=drbd SuSE/openSuSE: Has it Find the following note in the drbd changelog for the src rpm: * Mon Jan 29 2007 - lmb at suse.de - Mark drbd as supported by Novell. Ubuntu: Has it http://packages.ubuntu.com/search?keywords=drbd&searchon=names&suite=intrepid§ion=all From mmcgrath at redhat.com Thu Jan 15 17:35:25 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 15 Jan 2009 11:35:25 -0600 (CST) Subject: RFC - sysadmin guidelines In-Reply-To: References: Message-ID: On Sun, 11 Jan 2009, Mike McGrath wrote: > This isn't really required but it's my intention to implement these > policies (or what we come to after some discussion). This is targeted > _ONLY_ at this team and those with shell access to our servers. Its not > my intention to roll it out to the larger community, though its certainly > a good idea for people to read through it. > > http://mmcgrath.fedorapeople.org/policy/ > > Give these a read and think on them some. There's quite a bit there. I > understand that much of what is listed there is impossible to enforce, and > I certainly don't think we'll be at the point where I'm removing people > from groups who aren't following the policies but I'm hoping it won't come > to that. For now though I'm thinking the honor system. > Just a reminder that we have a meeting today, I'd like to discuss this during that meeting. -Mike From rhanna at informatiq.org Thu Jan 15 17:57:02 2009 From: rhanna at informatiq.org (Ramez Hanna) Date: Thu, 15 Jan 2009 19:57:02 +0200 Subject: DRBD In-Reply-To: References: Message-ID: <6a65d5240901150957u26edec7bmeed19d6508daa71@mail.gmail.com> so what is the project? On Thu, Jan 15, 2009 at 6:17 PM, Mike McGrath wrote: > > I have a small research project if someone is interested in taking it up. > I want to know of Debian, Ubuntu, SuSE and the other major distributions, > How many of them include DRBD by default or via some official channel. > > > Also, of people on this list, how many of you use DRBD, in what capacity > and what do you think of it? > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Thu Jan 15 18:25:55 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 15 Jan 2009 12:25:55 -0600 (CST) Subject: DRBD In-Reply-To: <6a65d5240901150957u26edec7bmeed19d6508daa71@mail.gmail.com> References: <6a65d5240901150957u26edec7bmeed19d6508daa71@mail.gmail.com> Message-ID: On Thu, 15 Jan 2009, Ramez Hanna wrote: > so what is the project? > Finding out if Fedora/RHEL is one of the few major distros without drbd. -Mike > On Thu, Jan 15, 2009 at 6:17 PM, Mike McGrath wrote: > > I have a small research project if someone is interested in taking it up. > I want to know of Debian, Ubuntu, SuSE and the other major distributions, > How many of them include DRBD by default or via some official channel. > > > Also, of people on this list, how many of you use DRBD, in what capacity > and what do you think of it? > > ? ? ? ?-Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > > > From ke4qqq at fedoraproject.org Thu Jan 15 18:39:09 2009 From: ke4qqq at fedoraproject.org (David Nalley) Date: Thu, 15 Jan 2009 13:39:09 -0500 Subject: DRBD In-Reply-To: References: Message-ID: On Thu, Jan 15, 2009 at 11:17 AM, Mike McGrath wrote: > > I have a small research project if someone is interested in taking it up. > I want to know of Debian, Ubuntu, SuSE and the other major distributions, > How many of them include DRBD by default or via some official channel. > > > Also, of people on this list, how many of you use DRBD, in what capacity > and what do you think of it? Debian: Has it. http://packages.debian.org/search?searchon=sourcenames&keywords=drbd SuSE/openSuSE: Has it Find the following note in the drbd changelog for the src rpm: * Mon Jan 29 2007 - lmb at suse.de - Mark drbd as supported by Novell. Ubuntu: Has it http://packages.ubuntu.com/search?keywords=drbd&searchon=names&suite=intrepid§ion=all From francois.cami at free.fr Thu Jan 15 21:16:12 2009 From: francois.cami at free.fr (FD Cami) Date: Thu, 15 Jan 2009 22:16:12 +0100 Subject: DRBD In-Reply-To: References: Message-ID: <20090115221612.5c37eaee@olorin> On Thu, 15 Jan 2009 10:17:53 -0600 (CST) Mike McGrath wrote: > > I have a small research project if someone is interested in taking it up. > I want to know of Debian, Ubuntu, SuSE and the other major distributions, > How many of them include DRBD by default or via some official channel. CentOS packages DRBD in -extra. http://mirrors.ircam.fr/pub/CentOS/5.2/extras/x86_64/RPMS/ Ubuntu has it, including the 8.04 LTS : http://packages.ubuntu.com/search?suite=hardy&searchon=names&keywords=drbd Gentoo has it : http://packages.gentoo.org/package/sys-cluster/drbd As others have already pointed out, it seems present in all if not all major distributions used in any server role. Having it in Fedora/RHEL would provide us with a very nice SAN-like capability (coupled with iSCSI target support). > Also, of people on this list, how many of you use DRBD, in what capacity > and what do you think of it? I've used the CentOS-extra package in master/slave replication as in : http://www.drbd.org/home/mirroring/ It also supports master/master but I've never needed it and it's not recommended to use it anyway. I am seriously considering to use it at work to replicate about 2TB of data (Xen VMs) accross a 4x1Gb/s aggregated link. I have not been able to fault it yet and I will probably have more results in the coming weeks. -- fdc From jeff at ocjtech.us Thu Jan 15 22:21:53 2009 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Thu, 15 Jan 2009 16:21:53 -0600 Subject: DRBD In-Reply-To: <20090115221612.5c37eaee@olorin> References: <20090115221612.5c37eaee@olorin> Message-ID: <935ead450901151421r1a81cd56p77c6f81d2667fd99@mail.gmail.com> On Thu, Jan 15, 2009 at 3:16 PM, FD Cami wrote: > > As others have already pointed out, it seems present in all if not all > major distributions used in any server role. Having it in Fedora/RHEL > would provide us with a very nice SAN-like capability (coupled with > iSCSI target support). >From what I've seen so far, DRBD seems to require kernel modules that aren't upstream. Anyone know the story on that? Getting the kernel modules upstream would make it much easier to get DRBD into Fedora. -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" From frankc.fedora at gmail.com Fri Jan 16 05:25:32 2009 From: frankc.fedora at gmail.com (Frank Chiulli) Date: Thu, 15 Jan 2009 21:25:32 -0800 Subject: RFC - sysadmin guidelines In-Reply-To: References: Message-ID: On Thu, Jan 15, 2009 at 9:35 AM, Mike McGrath wrote: > On Sun, 11 Jan 2009, Mike McGrath wrote: > >> This isn't really required but it's my intention to implement these >> policies (or what we come to after some discussion). This is targeted >> _ONLY_ at this team and those with shell access to our servers. Its not >> my intention to roll it out to the larger community, though its certainly >> a good idea for people to read through it. >> >> http://mmcgrath.fedorapeople.org/policy/ >> Mike, Take a look at Section 1.2. Host Network Security. There is a duplicate setting. The 4th setting is: net.ipv4.conf.all.accept_redirects = 0 This setting is duplicated in the 14th setting. I'm guessing that the 4th setting should be removed. Frank From oliver at linux-kernel.at Fri Jan 16 09:51:46 2009 From: oliver at linux-kernel.at (Oliver Falk) Date: Fri, 16 Jan 2009 10:51:46 +0100 Subject: DRBD In-Reply-To: References: <6a65d5240901150957u26edec7bmeed19d6508daa71@mail.gmail.com> Message-ID: <497058B2.3070102@linux-kernel.at> Mike McGrath wrote: > On Thu, 15 Jan 2009, Ramez Hanna wrote: > >> so what is the project? >> > Finding out if Fedora/RHEL is one of the few major distros without drbd. It *IS*! :-( Although it's not too hard to generate RPMs from the tarballs and use it... I'd be happy to see it included in Fedora/RHEL! I guess the guys from Linbit (located here in Austria), wouldn't mind as well :-) -of From mmcgrath at redhat.com Fri Jan 16 14:11:36 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 16 Jan 2009 08:11:36 -0600 (CST) Subject: DRBD In-Reply-To: <497058B2.3070102@linux-kernel.at> References: <6a65d5240901150957u26edec7bmeed19d6508daa71@mail.gmail.com> <497058B2.3070102@linux-kernel.at> Message-ID: On Fri, 16 Jan 2009, Oliver Falk wrote: > Mike McGrath wrote: > > On Thu, 15 Jan 2009, Ramez Hanna wrote: > > > > > so what is the project? > > > > > Finding out if Fedora/RHEL is one of the few major distros without drbd. > > It *IS*! :-( > > Although it's not too hard to generate RPMs from the tarballs and use it... > > I'd be happy to see it included in Fedora/RHEL! I guess the guys from Linbit > (located here in Austria), wouldn't mind as well :-) > I've been talking with those guys a bit too. Seems the kernel module is the last thing blocking getting this in. I'm still trying to figure out what our options are here. -Mike From skvidal at fedoraproject.org Fri Jan 16 18:21:02 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Fri, 16 Jan 2009 13:21:02 -0500 Subject: transport maps for bastion Message-ID: <1232130062.4912.44.camel@rosebud> Currently all mail which goes through bastion (for example all @fedoraproject.org mail) then relays through mx.util.phx.redhat.com. So, if we look at our mail route it is: primary mxes for fedoraproject.org are: ;; ANSWER SECTION: IN MX 40 smtp.fedora.redhat.com. IN MX 10 mx1.fedoraproject.org. IN MX 20 mx2.fedoraproject.org. IN MX 30 mx3.fedoraproject.org. Which are all redhat.com boxes. So our mail goes from there, to bastion to expand out the aliases we have (ultimately) then back to mx.util.phx.redhat.com to be relayed out to the rest of the world. For various reasons mail bound from bastion to @redhat.com addresses probably needs to go through mx.util.phx.redhat.com, however, mail not bound for @redhat.com shouldn't have to. I'm proposing using a postfix transport map which explicitly says: .redhat.com smtp:mx.util.phx.redhat.com redhat.com smtp:mx.util.phx.redhat.com * : This says: for mail bound to redhat.com or anyhost.redhat.com - relay to mx.util.phx.redhat.com for any other email, relay normally (ie: by the destinations normal paths) So my question for all you nice people is: Can anyone see any problem with doing this? I've tested it out on a different mail server I take care of and it works fine. -sv From jeff at ocjtech.us Fri Jan 16 19:18:36 2009 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Fri, 16 Jan 2009 13:18:36 -0600 Subject: transport maps for bastion In-Reply-To: <1232130062.4912.44.camel@rosebud> References: <1232130062.4912.44.camel@rosebud> Message-ID: <935ead450901161118s41c0ea02w39a91e7ab05512b@mail.gmail.com> On Fri, Jan 16, 2009 at 12:21 PM, seth vidal wrote: > > for mail bound to redhat.com or anyhost.redhat.com - relay to > mx.util.phx.redhat.com > > for any other email, relay normally (ie: by the destinations normal > paths) > > So my question for all you nice people is: > > Can anyone see any problem with doing this? I've tested it out on a > different mail server I take care of and it works fine. I'm not a postfix guru so I won't comment on the postfix details, but I do similar things at $DAYJOB so I approve of the general concept. The only thing that I would suggest would be to have more than one box handling @fedoraproject.org email relays rather than relying on bastion. -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" From j.chris.johnson at gmail.com Fri Jan 16 22:19:24 2009 From: j.chris.johnson at gmail.com (Chris Johnson) Date: Fri, 16 Jan 2009 16:19:24 -0600 Subject: transport maps for bastion Message-ID: I'm new to the environment but have exp with postfix @ $DAYJOB, so I figure this might be something I can contribute to without sounding too dumb, but if I do please take it easy. :) >Currently all mail which goes through bastion (for example all >@fedoraproject.org mail) then relays through mx.util.phx.redhat.com. I'm not sure what bastion is but my question is why is the relay going through mx.util.phx.redhat.com currently? I'm guessing bastion is the host the @fedoraproject.org email is delivered on. (?) I can't find mx.util.phx.redhat.com in public dns is there an ACL on the zone or is this an /etc/host entry? Is the relay to mx.util.phx.redhat.com done via a relayhost entry in main.cf? Also, where does mail go after mx.util.phx.redhat.com, I'm guessing there's another hop before the internet because of the dns failure. >Which are all redhat.com boxes. So our mail goes from there, to bastion >to expand out the aliases we have (ultimately) then back to >mx.util.phx.redhat.com to be relayed out to the rest of the world. back to mx.util.phx.redhat.com? does it come from their or from the MX hosts? > >For various reasons mail bound from bastion to @redhat.com addresses >probably needs to go through mx.util.phx.redhat.com, however, mail not >bound for @redhat.com shouldn't have to. Just curious as the the "various reasons" you mention here. >I'm proposing using a postfix transport map which explicitly says: >.redhat.com smtp:mx.util.phx.redhat.com >redhat.com smtp:mx.util.phx.redhat.com >* : > I believe you could also remove the last line and if a relayhost is used in main.cf comment it out. It should do the same thing since postfix uses dns mx or A record for next hop delivery. > >So my question for all you nice people is: > >Can anyone see any problem with doing this? I've tested it out on a >different mail server I take care of and it works fine. I would wonder if this is needed at all? why can't the redhat.com domain go to the mx too? just curious. As long as redhat.com isn't one of bastion's postfix mydestination I would expect everything to still work and be a much easier config to change or troubleshoot later. /me likes things as simple as possible :-) PS. was there a meeting yesterday? I was planning on joining but had a conf call scheduled and didn't see notes from the list. JCJ From frankc.fedora at gmail.com Sat Jan 17 05:13:40 2009 From: frankc.fedora at gmail.com (Frank Chiulli) Date: Fri, 16 Jan 2009 21:13:40 -0800 Subject: RFC - sysadmin guidelines In-Reply-To: References: Message-ID: On Thu, Jan 15, 2009 at 9:25 PM, Frank Chiulli wrote: > On Thu, Jan 15, 2009 at 9:35 AM, Mike McGrath wrote: >> On Sun, 11 Jan 2009, Mike McGrath wrote: >> >>> This isn't really required but it's my intention to implement these >>> policies (or what we come to after some discussion). This is targeted >>> _ONLY_ at this team and those with shell access to our servers. Its not >>> my intention to roll it out to the larger community, though its certainly >>> a good idea for people to read through it. >>> >>> http://mmcgrath.fedorapeople.org/policy/ >>> > > Mike, > Take a look at Section 1.2. Host Network Security. There is a > duplicate setting. > The 4th setting is: > net.ipv4.conf.all.accept_redirects = 0 > > This setting is duplicated in the 14th setting. > > I'm guessing that the 4th setting should be removed. > > Frank > Mike, First let me say that the examples are a great addition to the page. I was looking at the iptables sample configuration and had some questions. I compared your suggested configuration to my current configuration (Fedora 10). With the exception of the lines with '--tcp-flags' in your sample configuration, they're pretty close. I don't have those yet. The first three lines that start with '-A' in your sample are the same as mine except the order is different. Does the order make a difference? Here are the lines from my file: -A INPUT -m state --state ESTABLISHED,RELATED -j accept -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT Here are yours: -A INPUT -i lo -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT Thanks, Frank From mmcgrath at redhat.com Sat Jan 17 17:43:55 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Sat, 17 Jan 2009 11:43:55 -0600 (CST) Subject: RFC - sysadmin guidelines In-Reply-To: References: Message-ID: On Fri, 16 Jan 2009, Frank Chiulli wrote: > Mike, > First let me say that the examples are a great addition to the page. > > I was looking at the iptables sample configuration and had some > questions. I compared your suggested configuration to my current > configuration (Fedora 10). With the exception of the lines with > '--tcp-flags' in your sample configuration, they're pretty close. I > don't have those yet. The first three lines that start with '-A' in > your sample are the same as mine except the order is different. Does > the order make a difference? > > Here are the lines from my file: > -A INPUT -m state --state ESTABLISHED,RELATED -j accept > -A INPUT -p icmp -j ACCEPT > -A INPUT -i lo -j ACCEPT > > Here are yours: > -A INPUT -i lo -j ACCEPT > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A INPUT -p icmp -j ACCEPT > The order isn't that important though I should really have established,related come first. The main reason for this is because IPTables runs like a list, any already approved content doesn't have to get checked against much of the list but instead is automatically approved. This has security implications but for most setups its a good policy. I'll actually move that up now and refresh that page soon. -Mike From thinklinux.ssh at gmail.com Mon Jan 19 04:31:15 2009 From: thinklinux.ssh at gmail.com (susmit shannigrahi) Date: Mon, 19 Jan 2009 10:01:15 +0530 Subject: Why puppet uses config instead of configs? Message-ID: Hi, In puppet when we add a new file, we use this lines in the .pp files: source => 'puppet:///config/web/applications/FreeMedia-error.html', where as the actual location of the file (FreeMedia-error.html) is [susmit at puppet1 puppet]$ find -name FreeMedia-error.html ./configs/web/applications/FreeMedia-error.html So the source in the .pp file should be 'puppet:///configs/web/applications/FreeMedia-error.html' Why this discrepancy? Just curious... Thanks. -- Regards, Susmit. ============================================= ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit ============================================= From kanarip at kanarip.com Mon Jan 19 11:44:36 2009 From: kanarip at kanarip.com (Jeroen van Meeuwen) Date: Mon, 19 Jan 2009 12:44:36 +0100 Subject: Why puppet uses config instead of configs? In-Reply-To: References: Message-ID: <497467A4.2060404@kanarip.com> susmit shannigrahi wrote: > Hi, > > In puppet when we add a new file, we use this lines in the .pp files: > > source => 'puppet:///config/web/applications/FreeMedia-error.html', > > where as the actual location of the file (FreeMedia-error.html) is > > [susmit at puppet1 puppet]$ find -name FreeMedia-error.html > ./configs/web/applications/FreeMedia-error.html > > So the source in the .pp file should be > 'puppet:///configs/web/applications/FreeMedia-error.html' > > Why this discrepancy? Just curious... > The [config] fileserver mount may point to /path/to/configs/, which would allow this discrepancy to exist. If you are going to change anything, maybe consider using [files] vs. /path/to/files/ since that "name" for the "mount" appears to be most commonly used. Kind regards, Jeroen van Meeuwen -kanarip From skvidal at fedoraproject.org Mon Jan 19 14:59:59 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Mon, 19 Jan 2009 09:59:59 -0500 Subject: transport maps for bastion In-Reply-To: <935ead450901161118s41c0ea02w39a91e7ab05512b@mail.gmail.com> References: <1232130062.4912.44.camel@rosebud> <935ead450901161118s41c0ea02w39a91e7ab05512b@mail.gmail.com> Message-ID: <1232377199.4044.1.camel@rosebud> On Fri, 2009-01-16 at 13:18 -0600, Jeffrey Ollie wrote: > I'm not a postfix guru so I won't comment on the postfix details, but > I do similar things at $DAYJOB so I approve of the general concept. > The only thing that I would suggest would be to have more than one box > handling @fedoraproject.org email relays rather than relying on > bastion. To do that we'll need 1. another box/instance to do the @fedoraproject.org relaying 2. to setup that other box to get the alias updates at the same time -sv From skvidal at fedoraproject.org Mon Jan 19 15:12:59 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Mon, 19 Jan 2009 10:12:59 -0500 Subject: transport maps for bastion In-Reply-To: References: Message-ID: <1232377979.4044.6.camel@rosebud> On Fri, 2009-01-16 at 16:19 -0600, Chris Johnson wrote: > I'm not sure what bastion is but my question is why is the relay going > through mx.util.phx.redhat.com currently? I'm guessing bastion is the > host the @fedoraproject.org email is delivered on. (?) I can't find > mx.util.phx.redhat.com in public dns is there an ACL on the zone or is > this an /etc/host entry? Is the relay to mx.util.phx.redhat.com done > via a relayhost entry in main.cf? Also, where does mail go after > mx.util.phx.redhat.com, I'm guessing there's another hop before the > internet because of the dns failure. mx.util.phx.redhat.com is inside the internal network. bastion can reach it - but not everything else. and yes bastion currently sends things to mx.util b/c of the relayhost entry. > back to mx.util.phx.redhat.com? does it come from their or from the MX hosts? internal dns. > Just curious as the the "various reasons" you mention here. some legal, some administrative. > >I'm proposing using a postfix transport map which explicitly says: > >.redhat.com smtp:mx.util.phx.redhat.com > >redhat.com smtp:mx.util.phx.redhat.com > >* : > > > > I believe you could also remove the last line and if a relayhost is > used in main.cf comment it out. It should do the same thing since > postfix uses dns mx or A record for next hop delivery. I put the last line in so there was no doubt what the last action should be. You're correct, though, that it's not required. > >So my question for all you nice people is: > > > >Can anyone see any problem with doing this? I've tested it out on a > >different mail server I take care of and it works fine. > > I would wonder if this is needed at all? why can't the redhat.com > domain go to the mx too? just curious. As long as redhat.com isn't one > of bastion's postfix mydestination I would expect everything to still > work and be a much easier config to change or troubleshoot later. /me > likes things as simple as possible :-) b/c aiui it's an internal mail routing mechanism. -sv From mmcgrath at redhat.com Mon Jan 19 15:38:06 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 19 Jan 2009 09:38:06 -0600 (CST) Subject: Infrastructure FAD? In-Reply-To: <935ead450901141355i57b9fd8bh7c61bc29fe331d4c@mail.gmail.com> References: <935ead450901141355i57b9fd8bh7c61bc29fe331d4c@mail.gmail.com> Message-ID: On Wed, 14 Jan 2009, Jeffrey Ollie wrote: > Regarding: > > https://www.redhat.com/archives/fedora-advisory-board/2009-January/msg00017.html > > What do people think of having an Infrastructure-related FAD (Fedora > Activity Day)? Something more along the lines of a hackfest rather > than a barcamp style thing. Rel-Eng folks would be welcome too since > I'm sure buildsystem stuff will get discussed. > > Having it in Chicago or the vicinity would be cool since Mike McGrath > and Dennis Gilmore are nearby (and I'm not that far off either). Or > if you really wanted to get crazy we could have it in Des Moines and > I'd be willing to take care of most of the legwork. I might even be > able to get some conference space at $DAYJOB for relatively little > cost (one bonus of this would be better-than-most-hotel wireless and > Internet). > > Timewise I'm thinking a Saturday in February... > So for me at least, February is out. The first weekend is to close to organize anything, the next two I'll have classes during the week and an exam on Friday and will likely be exhausted on the weekend. The last weekend (combined with march 1st) I have plans that I can't break :-/. While I'd hate for an entire event to hinge on me, it'd be kind of silly to have a small infrastructure hackfest in my home town that I can't attend :) So +1 the following dates (pretend lodging and travel aren't an issue right now) March 6-8 March 13-15 March 20-22 March 27-29 -Mike From mmcgrath at redhat.com Mon Jan 19 16:02:18 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 19 Jan 2009 10:02:18 -0600 (CST) Subject: Disk IO issues In-Reply-To: References: Message-ID: On Wed, 31 Dec 2008, Mike McGrath wrote: > Lets pool some knowledge together because at this point, I'm missing > something. > > I've been doing all measurements with sar as bonnie, etc, causes builds to > timeout. > > Problem: We're seeing slower then normal disk IO. At least I think we > are. This is a PERC5/E and MD1000 array. > > When I try to do a normal copy "cp -adv /mnt/koji/packages /tmp/" I get > around 4-6MBytes/s > > When I do a cp of a large file "cp /mnt/koji/out /tmp/" I get > 30-40MBytes/s. > > Then I "dd if=/dev/sde of=/dev/null" I get around 60-70 MBytes/s read. > > If I "cat /dev/sde > /dev/null" I get between 225-300MBytes/s read. > > The above tests are pretty consistent. /dev/sde is a raid5 array, > hardware raid. > > So my question here is, wtf? I've been working to do a backup which I > would think would either cause network utilization to max out, or disk io > to max out. I'm not seeing either. Sar says the disks are 100% utilized > but I can cause major increases in actual disk reads and writes by just > running additional commands. Also, if the disks were 100% utilized I'd > expect we would see lots more iowait. We're not though, iowait on the box > is only %0.06 today. > > So, long story short, we're seeing much better performance when just > reading or writing lots of data (though dd is many times slower then cat). > But with our real-world traffic, we're just seeing crappy crappy IO. > > Thoughts, theories or opinions? Some of the sysadmin noc guys have access > to run diagnostic commands, if you want more info about a setting, let me > know. > > I should also mention there's lots going on with this box, for example its > hardware raid, lvm and I've got xen running on it (though the tests above > were not in a xen guest). > So we all talked about this quite a bit so I felt the need to let everyone know the latest status. One of our goals was to lower utilization on the netapp. While high utilization itself isn't a problem, its just a measurement after all, we did decide other problems could be solved if we could get utilization to go down. So after a bunch of tweaking on the share and in the scripts we run, average utilization has dropped significantly. Take a look here: http://mmcgrath.fedorapeople.org/util.html Thats a latest 30 day view (from a couple days ago). You'll notice it was around 90-100% pretty much all the time. That went on like that for MONTHS. Even christmas day was pretty busy even though that whole period we generally saw low traffic everywhere else in Fedora. Now we're sitting pretty with a 20% utilization average. You'll also notice generally our service time and await are lower. I'm trying to get a bigger view of those numbers over time so we'll see if thats an actual trend or not. The big changers? 1) Better use of the share in our scripts. 2) A larger readahead value (blockdev) Some smaller changes included changing from cfq to deadline (and now noop). In the future there are two things I'd still like to do long term. 1) Move our snapshots to different devices to lower our seeks 2) Full re-index of the filesystem (requiring around 24-36 hours of downtime) but I'm going to schedule this sometime after the Alpha ships. -Mike From mmcgrath at redhat.com Mon Jan 19 16:17:36 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 19 Jan 2009 10:17:36 -0600 (CST) Subject: Disk IO issues In-Reply-To: References: Message-ID: On Mon, 19 Jan 2009, Mike McGrath wrote: > > The big changers? 1) Better use of the share in our scripts. 2) A larger > readahead value (blockdev) > I forgot one more big change, kojipkgs (the web server our builders use to get the packages off the nfs share) now has a squid server on it. Instead of pulling from the nfs share for every build, it pulls from squid now instead. We're seeing a 98% hit rate. (So only 2% of the requests for our builds now actually hit our NFS share) -Mike From jkeating at redhat.com Mon Jan 19 16:32:36 2009 From: jkeating at redhat.com (Jesse Keating) Date: Mon, 19 Jan 2009 08:32:36 -0800 Subject: Disk IO issues In-Reply-To: References: Message-ID: <1232382756.3539.43.camel@localhost.localdomain> On Mon, 2009-01-19 at 10:02 -0600, Mike McGrath wrote: > on the > netapp. Er, this is on nfs1 right, not the netapp? -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From mmcgrath at redhat.com Mon Jan 19 16:55:35 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 19 Jan 2009 10:55:35 -0600 (CST) Subject: Disk IO issues In-Reply-To: <1232382756.3539.43.camel@localhost.localdomain> References: <1232382756.3539.43.camel@localhost.localdomain> Message-ID: On Mon, 19 Jan 2009, Jesse Keating wrote: > On Mon, 2009-01-19 at 10:02 -0600, Mike McGrath wrote: > > on the > > netapp. > > Er, this is on nfs1 right, not the netapp? > My mistake, correct. All this is on nfs1 which has directly attached storage. -Mike From a.badger at gmail.com Mon Jan 19 16:53:03 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Mon, 19 Jan 2009 08:53:03 -0800 Subject: Infrastructure FAD? In-Reply-To: References: <935ead450901141355i57b9fd8bh7c61bc29fe331d4c@mail.gmail.com> Message-ID: <4974AFEF.2020909@gmail.com> Mike McGrath wrote: > On Wed, 14 Jan 2009, Jeffrey Ollie wrote: > >> Regarding: >> >> https://www.redhat.com/archives/fedora-advisory-board/2009-January/msg00017.html >> >> What do people think of having an Infrastructure-related FAD (Fedora >> Activity Day)? Something more along the lines of a hackfest rather >> than a barcamp style thing. Rel-Eng folks would be welcome too since >> I'm sure buildsystem stuff will get discussed. >> >> Having it in Chicago or the vicinity would be cool since Mike McGrath >> and Dennis Gilmore are nearby (and I'm not that far off either). Or >> if you really wanted to get crazy we could have it in Des Moines and >> I'd be willing to take care of most of the legwork. I might even be >> able to get some conference space at $DAYJOB for relatively little >> cost (one bonus of this would be better-than-most-hotel wireless and >> Internet). >> >> Timewise I'm thinking a Saturday in February... >> > > So for me at least, February is out. The first weekend is to close to > organize anything, the next two I'll have classes during the week and an > exam on Friday and will likely be exhausted on the weekend. The last > weekend (combined with march 1st) I have plans that I can't break :-/. > While I'd hate for an entire event to hinge on me, it'd be kind of silly > to have a small infrastructure hackfest in my home town that I can't > attend :) > > So +1 the following dates (pretend lodging and travel aren't an issue right > now) > > March 6-8 > March 13-15 > March 20-22 > March 27-29 > March 27 through Sunday March 29, 2009 is pycon and I know you and I are giving talks :-) -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From jonstanley at gmail.com Mon Jan 19 19:58:08 2009 From: jonstanley at gmail.com (Jon Stanley) Date: Mon, 19 Jan 2009 14:58:08 -0500 Subject: Infrastructure FAD? In-Reply-To: <4974AFEF.2020909@gmail.com> References: <935ead450901141355i57b9fd8bh7c61bc29fe331d4c@mail.gmail.com> <4974AFEF.2020909@gmail.com> Message-ID: 2009/1/19 Toshio Kuratomi : > March 27 through Sunday March 29, 2009 is pycon and I know you and I are > giving talks :-) Maybe arrange it around pycon? If a large group of folks are already going to be in Chicago for something else, it makes sense to piggy-back our efforts on it. I might even attend, but I'll have to undergo Chicago decontamination quickly afterwards :) From smooge at gmail.com Mon Jan 19 20:21:00 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Mon, 19 Jan 2009 13:21:00 -0700 Subject: RFC - sysadmin guidelines In-Reply-To: References: Message-ID: <80d7e4090901191221j702c44d5ja787c59fe3e3b84d@mail.gmail.com> On Sat, Jan 17, 2009 at 10:43 AM, Mike McGrath wrote: > On Fri, 16 Jan 2009, Frank Chiulli wrote: > >> Mike, >> First let me say that the examples are a great addition to the page. >> >> I was looking at the iptables sample configuration and had some >> questions. I compared your suggested configuration to my current >> configuration (Fedora 10). With the exception of the lines with >> '--tcp-flags' in your sample configuration, they're pretty close. I >> don't have those yet. The first three lines that start with '-A' in >> your sample are the same as mine except the order is different. Does >> the order make a difference? >> >> Here are the lines from my file: >> -A INPUT -m state --state ESTABLISHED,RELATED -j accept >> -A INPUT -p icmp -j ACCEPT >> -A INPUT -i lo -j ACCEPT >> >> Here are yours: >> -A INPUT -i lo -j ACCEPT >> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >> -A INPUT -p icmp -j ACCEPT >> > > The order isn't that important though I should really have > established,related come first. The main reason for this is because > IPTables runs like a list, any already approved content doesn't have to > get checked against much of the list but instead is automatically > approved. It used to be that the state lookup might take more 'energy' than the general accept.. and some servers which threw mostly stuff over loopback in single packets would experience a higher load than others. That is probably an issue that is not as relevant today as it was in the past.. but the general rule was get easy decisions done quickly, do hard ones later (especially if you were in a very hostile/noisy network). I think that theory would need to be tested again as the iptables weight for dealing with state is different from when you found a higher CPU and some packet delay if you didn't just drop worm port traffic first and then dealt with state. - > This has security implications but for most setups its a good policy. > I'll actually move that up now and refresh that page soon. > -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From mmcgrath at redhat.com Mon Jan 19 21:32:40 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 19 Jan 2009 15:32:40 -0600 (CST) Subject: Infrastructure FAD? In-Reply-To: <4974AFEF.2020909@gmail.com> References: <935ead450901141355i57b9fd8bh7c61bc29fe331d4c@mail.gmail.com> <4974AFEF.2020909@gmail.com> Message-ID: On Mon, 19 Jan 2009, Toshio Kuratomi wrote: > > > > So +1 the following dates (pretend lodging and travel aren't an issue right > > now) > > > > March 6-8 > > March 13-15 > > March 20-22 > > March 27-29 > > > March 27 through Sunday March 29, 2009 is pycon and I know you and I are > giving talks :-) > True dat. SO thats out 9at least those exact days. jds's suggestion about combining with pycon might be good. Any thoughts on that? It might give us a bigger presence at pycon (we had a booth last year) -Mike From jeff at ocjtech.us Mon Jan 19 21:53:59 2009 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Mon, 19 Jan 2009 15:53:59 -0600 Subject: Infrastructure FAD? In-Reply-To: References: <935ead450901141355i57b9fd8bh7c61bc29fe331d4c@mail.gmail.com> <4974AFEF.2020909@gmail.com> Message-ID: <935ead450901191353m65372f5en8f1ac9d3f8bb6475@mail.gmail.com> On Mon, Jan 19, 2009 at 3:32 PM, Mike McGrath wrote: > On Mon, 19 Jan 2009, Toshio Kuratomi wrote: >> >> March 27 through Sunday March 29, 2009 is pycon and I know you and I are >> giving talks :-) > > True dat. SO thats out 9at least those exact days. jds's suggestion > about combining with pycon might be good. Any thoughts on that? It might > give us a bigger presence at pycon (we had a booth last year) Unless Fedora sponsored me to attend PyCon (I'd be willing to do some booth bunny duties) I don't think I could afford to go to PyCon itself. But we'd already have another Infrastructure person in the Chicagoland area. I'd be more worried about burning you guys out, especially if the FAD was _after_ PyCon. Other than that, I'm willing to roll with it to see this thing happen! The first weekend in March (6th-7th) we're likely to have guests at the house, but I should be good with any of the other weekends. -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" From mmcgrath at redhat.com Mon Jan 19 23:02:19 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 19 Jan 2009 17:02:19 -0600 (CST) Subject: Fedora Weekly news Message-ID: Any volunteers to keep in touch with FWN about our goings on? https://fedoraproject.org/wiki/FWN/Issue159 -Mike From nicu_fedora at nicubunu.ro Tue Jan 20 08:09:35 2009 From: nicu_fedora at nicubunu.ro (Nicu Buculei) Date: Tue, 20 Jan 2009 10:09:35 +0200 Subject: Fedora Weekly news In-Reply-To: References: Message-ID: <497586BF.2060409@nicubunu.ro> Mike McGrath wrote: > Any volunteers to keep in touch with FWN about our goings on? > > https://fedoraproject.org/wiki/FWN/Issue159 It is usually covered by Huzaifa Sidhpurwala. Don't know why, but it looks like he was busy lately with no time to update his beat https://fedoraproject.org/wiki/FWN/Beats/Infrastructure But Huzaifa is not just a beat writer, he is also an editor so I expect him to restart his activity. -- nicu :: http://nicubunu.ro :: http://nicubunu.blogspot.com Cool Fedora wallpapers: http://fedora.nicubunu.ro/wallpapers/ Open Clip Art Library: http://www.openclipart.org my Fedora stuff: http://fedora.nicubunu.ro From huzaifas at redhat.com Tue Jan 20 08:20:31 2009 From: huzaifas at redhat.com (Huzaifa Sidhpurwala) Date: Tue, 20 Jan 2009 13:50:31 +0530 Subject: Fedora Weekly news In-Reply-To: <497586BF.2060409@nicubunu.ro> References: <497586BF.2060409@nicubunu.ro> Message-ID: <4975894F.5010201@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nicu Buculei wrote: > Mike McGrath wrote: >> Any volunteers to keep in touch with FWN about our goings on? >> >> https://fedoraproject.org/wiki/FWN/Issue159 > > It is usually covered by Huzaifa Sidhpurwala. Don't know why, but it > looks like he was busy lately with no time to update his beat > https://fedoraproject.org/wiki/FWN/Beats/Infrastructure > > But Huzaifa is not just a beat writer, he is also an editor so I expect > him to restart his activity. Mike, yeah i am one of editors of FWN, and have been really busy lately with $DAYJOB, but that is done now and from next week, you i will continue my work for FWN. :) > - -- Regards, Huzaifa Sidhpurwala, RHCE, CCNA (IRC: huzaifas) Research and Development Lead, Global Help Desk, Pune Phone: +91 20 4005 7322 (UTC +5.5) GnuPG Fingerprint: 3A0F DAFB 9279 02ED 273B FFE9 CC70 DCF2 DA5B DAE5 Visit the Help Desk portal at : http://helpdesk.corp.redhat.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org iD8DBQFJdYlPzHDc8tpb2uURAjU3AJ9jFMGzgXwt+9IF5N2WnDAQGCgcIQCfanEV bW7vcAg1IOuJff8e8XVThyg= =FcAV -----END PGP SIGNATURE----- From mmcgrath at redhat.com Tue Jan 20 14:18:44 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 20 Jan 2009 08:18:44 -0600 (CST) Subject: Fedora Weekly news In-Reply-To: <4975894F.5010201@redhat.com> References: <497586BF.2060409@nicubunu.ro> <4975894F.5010201@redhat.com> Message-ID: On Tue, 20 Jan 2009, Huzaifa Sidhpurwala wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Nicu Buculei wrote: > > Mike McGrath wrote: > >> Any volunteers to keep in touch with FWN about our goings on? > >> > >> https://fedoraproject.org/wiki/FWN/Issue159 > > > > It is usually covered by Huzaifa Sidhpurwala. Don't know why, but it > > looks like he was busy lately with no time to update his beat > > https://fedoraproject.org/wiki/FWN/Beats/Infrastructure > > > > But Huzaifa is not just a beat writer, he is also an editor so I expect > > him to restart his activity. > Mike, > yeah i am one of editors of FWN, and have been really busy lately with > $DAYJOB, but that is done now and from next week, you i will continue my > work for FWN. :) Thanks Huzaifa! -Mike From mmcgrath at redhat.com Tue Jan 20 16:07:12 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 20 Jan 2009 10:07:12 -0600 (CST) Subject: Infrastructure FAD? In-Reply-To: References: <935ead450901141355i57b9fd8bh7c61bc29fe331d4c@mail.gmail.com> Message-ID: On Mon, 19 Jan 2009, Mike McGrath wrote: > On Wed, 14 Jan 2009, Jeffrey Ollie wrote: > > > Regarding: > > > > https://www.redhat.com/archives/fedora-advisory-board/2009-January/msg00017.html > > > > What do people think of having an Infrastructure-related FAD (Fedora > > Activity Day)? Something more along the lines of a hackfest rather > > than a barcamp style thing. Rel-Eng folks would be welcome too since > > I'm sure buildsystem stuff will get discussed. > > > > Having it in Chicago or the vicinity would be cool since Mike McGrath > > and Dennis Gilmore are nearby (and I'm not that far off either). Or > > if you really wanted to get crazy we could have it in Des Moines and > > I'd be willing to take care of most of the legwork. I might even be > > able to get some conference space at $DAYJOB for relatively little > > cost (one bonus of this would be better-than-most-hotel wireless and > > Internet). > > > > Timewise I'm thinking a Saturday in February... > > > > So for me at least, February is out. The first weekend is to close to > organize anything, the next two I'll have classes during the week and an > exam on Friday and will likely be exhausted on the weekend. The last > weekend (combined with march 1st) I have plans that I can't break :-/. > While I'd hate for an entire event to hinge on me, it'd be kind of silly > to have a small infrastructure hackfest in my home town that I can't > attend :) > > So +1 the following dates (pretend lodging and travel aren't an issue right > now) > > March 6-8 > March 13-15 > March 20-22 > March 27-29 > So there's not been much response to this thread, is this a lack of interest, poor timing or just people that aren't sure yet? -Mike From mmcgrath at redhat.com Tue Jan 20 16:34:05 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 20 Jan 2009 10:34:05 -0600 (CST) Subject: Fedora Security Policy Message-ID: So I've added some suggested changes and would like to do this on the list instead of on IRC. So here's what I propose: http://mmcgrath.fedorapeople.org/policy/ [1] 1) I'd like everyone in a sysadmin* group to be compliant with this policy as part of orientation for new members. 2) I'd like everyone who is already in a sysadmin* group to become compliant with this standard by March 31st 2009. PLENTY of time to make whatever changes you need to make. 3) We'll continue to refine this policy but never with the assumption that everyone is immediately compliant. Notice will be given. -Mike [1] I'm working on finding permanent hosting for that, but for now fedorapeople will work. From mmcgrath at redhat.com Tue Jan 20 20:40:20 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 20 Jan 2009 14:40:20 -0600 (CST) Subject: TMOUT Message-ID: Hey guys, so we talked about this... well, a long time ago and decided to do it but it never got implemented. So I'm going to implement it now and its likely going to cause some people pain for now. I'm going to set the default bash TMOUT value to 32400 (9 hours). If you need to overwrite this, you can do it in your bashrc though its recommended that you not do that. I'm going to add this to the security policy as this is a security measure. I'll do it tomorrow morning so get ready. -Mike From jorge at konnekt.org Tue Jan 20 22:22:42 2009 From: jorge at konnekt.org (Jorge Bras) Date: Tue, 20 Jan 2009 22:22:42 +0000 Subject: Fedora Security Policy In-Reply-To: References: Message-ID: <43123488-3417-4D65-8D26-8682B2783DD9@konnekt.org> Hi there, in iptables config, why not, change the default forward policy to drop ? by default ip forwarding is off, but I think is a good practice deny everything by default, just in case. cheers, ./bras On Jan 20, 2009, at 4:34 PM, Mike McGrath wrote: > > So I've added some suggested changes and would like to do this on > the list > instead of on IRC. So here's what I propose: > > http://mmcgrath.fedorapeople.org/policy/ [1] > > 1) I'd like everyone in a sysadmin* group to be compliant with this > policy > as part of orientation for new members. > > 2) I'd like everyone who is already in a sysadmin* group to become > compliant with this standard by March 31st 2009. PLENTY of time to > make > whatever changes you need to make. > > 3) We'll continue to refine this policy but never with the > assumption that > everyone is immediately compliant. Notice will be given. > > -Mike > > [1] I'm working on finding permanent hosting for that, but for now > fedorapeople will work. > > > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From mmcgrath at redhat.com Tue Jan 20 22:54:21 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 20 Jan 2009 16:54:21 -0600 (CST) Subject: Fedora Security Policy In-Reply-To: <43123488-3417-4D65-8D26-8682B2783DD9@konnekt.org> References: <43123488-3417-4D65-8D26-8682B2783DD9@konnekt.org> Message-ID: On Tue, 20 Jan 2009, Jorge Bras wrote: > Hi there, > > in iptables config, why not, change the default forward policy to drop ? > by default ip forwarding is off, but I think is a good practice deny > everything by default, just in case. > I could be wrong on this but: net.ipv4.ip_forward = 0 listed in 1.2 should cover that. I'm not sure how its all designed to work. I just know how it seems to work. Its probably not a bad idea to set it in both places though. -Mike From soimafreak at gmail.com Wed Jan 21 10:40:46 2009 From: soimafreak at gmail.com (Matthew ...) Date: Wed, 21 Jan 2009 10:40:46 +0000 Subject: Fedora Security Policy In-Reply-To: References: <43123488-3417-4D65-8D26-8682B2783DD9@konnekt.org> Message-ID: <600c3330901210240k49356491mac38740c8e11511c@mail.gmail.com> Hiya, There's subtle differences between both of the forward statements though. net.ipv4.ip_forward = 0 is referring to allowing IP traffic to forward between two networks, be it virtual or physical. The IP Tables forwarding rules are more for forwarding traffic into different IP tables chains to then be dealt with. i.e. http://jengelh.medozas.de/images/nf-packet-flow.png This doesn't mean it can't be used to then send the traffic out of another network port, but to do that you need the net.ipv4.ip_forward = 1 where as sendign it down a different IP tables chain you do not necessarily need that set. Hope that made sense :) Matt 2009/1/20 Mike McGrath > On Tue, 20 Jan 2009, Jorge Bras wrote: > > > Hi there, > > > > in iptables config, why not, change the default forward policy to drop ? > > by default ip forwarding is off, but I think is a good practice deny > > everything by default, just in case. > > > > I could be wrong on this but: > > net.ipv4.ip_forward = 0 > > listed in 1.2 should cover that. I'm not sure how its all designed to > work. I just know how it seems to work. > > Its probably not a bad idea to set it in both places though. > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Wed Jan 21 15:52:37 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 21 Jan 2009 09:52:37 -0600 (CST) Subject: TMOUT In-Reply-To: References: Message-ID: On Tue, 20 Jan 2009, Mike McGrath wrote: > Hey guys, so we talked about this... well, a long time ago and decided to > do it but it never got implemented. So I'm going to implement it now and > its likely going to cause some people pain for now. > > I'm going to set the default bash TMOUT value to 32400 (9 hours). If you > need to overwrite this, you can do it in your bashrc though its > recommended that you not do that. > > I'm going to add this to the security policy as this is a security > measure. I'll do it tomorrow morning so get ready. > I just put this in, it should only impact interactive shells so any of our scripts or other apps that might take longer then 9 hours shouldn't be impacted. FYI, the 9 hour timeout is 9 hours from the last command entered / ended. SO if you just hit the spacebar, that doesn't count. If you're actually running a command that takes longer then 9 hours, you'll be ok. -Mike From a.badger at gmail.com Wed Jan 21 22:53:45 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 21 Jan 2009 14:53:45 -0800 Subject: FYI: New packagedb depends on python-bugzilla snapshot Message-ID: <4977A779.6050905@gmail.com> Just a heads up. I've updated the app servers with a new version of the packagedb today. This reflects the most recent code from the bzr repository. It requires a snapshot package of python-bugzilla in order to do checking of bugzilla email accounts. I've added both python-bugzilla-0.4-0.2.20080121git packages and packagedb packages to the infrastructure repo for epel-5[1]_ and fedora-10[2]_. If you need it for a different release, the SRPMs are present so you should be able to do a rebuild. .. _[1]: http://infrastructure.fedoraproject.org/el/5/ .. _[2]: http://infrastructure.fedoraproject.org/fedora/10/ -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From rayvd at bludgeon.org Thu Jan 22 01:49:09 2009 From: rayvd at bludgeon.org (Ray Van Dolson) Date: Wed, 21 Jan 2009 17:49:09 -0800 Subject: Disk IO issues In-Reply-To: References: <1232382756.3539.43.camel@localhost.localdomain> Message-ID: <20090122014909.GA14223@bludgeon.org> On Mon, Jan 19, 2009 at 10:55:35AM -0600, Mike McGrath wrote: > On Mon, 19 Jan 2009, Jesse Keating wrote: > > > On Mon, 2009-01-19 at 10:02 -0600, Mike McGrath wrote: > > > on the > > > netapp. > > > > Er, this is on nfs1 right, not the netapp? > > > > My mistake, correct. All this is on nfs1 which has directly attached > storage. > Which is backed by an MD1000? MD3000? The stats you generated in your link are from sar? Ray From mmcgrath at redhat.com Thu Jan 22 16:07:31 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 22 Jan 2009 10:07:31 -0600 (CST) Subject: Disk IO issues In-Reply-To: <20090122014909.GA14223@bludgeon.org> References: <1232382756.3539.43.camel@localhost.localdomain> <20090122014909.GA14223@bludgeon.org> Message-ID: On Wed, 21 Jan 2009, Ray Van Dolson wrote: > On Mon, Jan 19, 2009 at 10:55:35AM -0600, Mike McGrath wrote: > > On Mon, 19 Jan 2009, Jesse Keating wrote: > > > > > On Mon, 2009-01-19 at 10:02 -0600, Mike McGrath wrote: > > > > on the > > > > netapp. > > > > > > Er, this is on nfs1 right, not the netapp? > > > > > > > My mistake, correct. All this is on nfs1 which has directly attached > > storage. > > > > Which is backed by an MD1000? MD3000? The stats you generated in your > link are from sar? > MD1000 and yes. -Mike From poelstra at redhat.com Thu Jan 22 20:13:16 2009 From: poelstra at redhat.com (John Poelstra) Date: Thu, 22 Jan 2009 12:13:16 -0800 Subject: Alpha Release Readiness Message-ID: <4978D35C.8010806@redhat.com> With the Alpha Release for Fedora 11 scheduled for Tuesday, February 3, 2009, this means it is time to meet again with representatives from each of the teams to have our release readiness meeting. We usually have this meeting at 18:00 UTC (13:00 EST) the Wednesday before, which means next Wednesday, January 28, 2009, is the day. On Monday, January 26, 2009, I will be sending out the dial-in information and a meeting reminder to all the attendees. In the meantime I need to know who will be representing your group at these meetings for the Fedora 11 meetings. Usually this is the designated team leader, but I wanted to ask to make sure you coordinate within your team to make sure someone comes. When responding to this list, please CC me so that I am sure to see the reply. This message is going out to the respective mailings lists for these groups: Ambassadors Artwork/Design Documentation FESCo Infrastructure Marketing Quality Release Engineering Translation Websites Thanks, John From mmcgrath at redhat.com Thu Jan 22 22:08:32 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 22 Jan 2009 16:08:32 -0600 (CST) Subject: Change freeze Message-ID: We are FROZEN! Sorry for the short notice, the alpha always sneaks up on us. But we are now FROZEN! Whats this mean? Well, http://fedoraproject.org/wiki/Infrastructure/SOP/Release#Change_Freeze BAM! It means that. This is a pre-freeze so many things aren't frozen (see that link to find what does and does not apply to you). We will unfreeze 2009-02-04. If you've got something to do, make sure it gets +1'ed. Also, we'll be doing a fairly major upgrade after the Alpha ships of moving from RHEL 5.2 to RHEL5.3 I haven't done any work on this yet but will over the coming months to see if we will run in to any issues. -Mike From mmcgrath at redhat.com Thu Jan 22 22:59:18 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 22 Jan 2009 16:59:18 -0600 (CST) Subject: Alpha Release Readiness In-Reply-To: <4978D35C.8010806@redhat.com> References: <4978D35C.8010806@redhat.com> Message-ID: Hey John, I'll be there. Send the info when it gets setup. -Mike On Thu, 22 Jan 2009, John Poelstra wrote: > With the Alpha Release for Fedora 11 scheduled for Tuesday, February 3, 2009, > this means it is time to meet again with representatives from each of the > teams to have our release readiness meeting. We usually have this meeting at > 18:00 UTC (13:00 EST) the Wednesday before, which means next Wednesday, > January 28, 2009, is the day. > > On Monday, January 26, 2009, I will be sending out the dial-in information and > a meeting reminder to all the attendees. > > In the meantime I need to know who will be representing your group at these > meetings for the Fedora 11 meetings. Usually this is the designated team > leader, but I wanted to ask to make sure you coordinate within your team to > make sure someone comes. When responding to this list, please CC me so that I > am sure to see the reply. > > This message is going out to the respective mailings lists for these groups: > > Ambassadors > Artwork/Design > Documentation > FESCo > Infrastructure > Marketing > Quality > Release Engineering > Translation > Websites > > Thanks, > John > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > From a.badger at gmail.com Fri Jan 23 04:31:09 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 22 Jan 2009 20:31:09 -0800 Subject: Change Request: python-bugzilla and packagedb on app servers Message-ID: <4979480D.5020803@gmail.com> The update of the packagedb yesterday has a problem. The bugzilla checking code doesn't work when started as the apache user because python-bugzilla issues a traceback when it's unable to write to a cookiefile in the user's home directory. This is preventing anyone from taking ownership of a package including new branch requests. I've got an updated python-bugzilla and packagedb that address this. I'd like to install them on the app servers. Can I get some +1's to do this tomorrow? -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From nigjones at redhat.com Fri Jan 23 04:39:41 2009 From: nigjones at redhat.com (Nigel Jones) Date: Thu, 22 Jan 2009 23:39:41 -0500 (EST) Subject: Change Request: python-bugzilla and packagedb on app servers In-Reply-To: <4979480D.5020803@gmail.com> Message-ID: <25435884.241232685639013.JavaMail.njones@njones> +1 ----- "Toshio Kuratomi" wrote: > The update of the packagedb yesterday has a problem. The bugzilla > checking code doesn't work when started as the apache user because > python-bugzilla issues a traceback when it's unable to write to a > cookiefile in the user's home directory. This is preventing anyone > from > taking ownership of a package including new branch requests. > > I've got an updated python-bugzilla and packagedb that address this. > I'd like to install them on the app servers. Can I get some +1's to > do > this tomorrow? > > -Toshio > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From ricky at fedoraproject.org Fri Jan 23 04:50:22 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Thu, 22 Jan 2009 23:50:22 -0500 Subject: Change Request: python-bugzilla and packagedb on app servers In-Reply-To: <4979480D.5020803@gmail.com> References: <4979480D.5020803@gmail.com> Message-ID: <20090123045022.GB24340@sphe.res.cmu.edu> On 2009-01-22 08:31:09 PM, Toshio Kuratomi wrote: > The update of the packagedb yesterday has a problem. The bugzilla > checking code doesn't work when started as the apache user because > python-bugzilla issues a traceback when it's unable to write to a > cookiefile in the user's home directory. This is preventing anyone from > taking ownership of a package including new branch requests. > > I've got an updated python-bugzilla and packagedb that address this. > I'd like to install them on the app servers. Can I get some +1's to do > this tomorrow? +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From rordway at oregonstate.edu Mon Jan 26 20:24:42 2009 From: rordway at oregonstate.edu (Ryan Ordway) Date: Mon, 26 Jan 2009 12:24:42 -0800 Subject: DRBD In-Reply-To: References: Message-ID: On Jan 15, 2009, at 8:17 AM, Mike McGrath wrote: > > I have a small research project if someone is interested in taking > it up. > I want to know of Debian, Ubuntu, SuSE and the other major > distributions, > How many of them include DRBD by default or via some official channel. > > > Also, of people on this list, how many of you use DRBD, in what > capacity > and what do you think of it? I love it. I use it in both active/active and active/passive modes. Saves me from having to hook some of my systems up to our SAN. Ryan -- Ryan Ordway E-mail: rordway at oregonstate.edu Unix Systems Administrator rordway at library.oregonstate.edu OSU Libraries, Corvallis, OR 97331 Office: Valley Library #4657 From mmcgrath at redhat.com Mon Jan 26 21:53:46 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 26 Jan 2009 15:53:46 -0600 (CST) Subject: Change request Message-ID: I'd like to diff --git a/manifests/servergroups/phx.pp b/manifests/servergroups/phx.pp index 312b378..038caea 100644 --- a/manifests/servergroups/phx.pp +++ b/manifests/servergroups/phx.pp @@ -10,6 +10,7 @@ class phx { } host { 'admin.fedoraproject.org': ip => '10.8.32.121', + alias => ['mirrors.fedoraproject.org',] } host { 'cvs.fedoraproject.org': ip => '10.8.34.151', Can I get 2 +1's? -Mike From mmcgrath at redhat.com Mon Jan 26 21:56:06 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Mon, 26 Jan 2009 15:56:06 -0600 (CST) Subject: Change request In-Reply-To: References: Message-ID: On Mon, 26 Jan 2009, Mike McGrath wrote: > I'd like to > > diff --git a/manifests/servergroups/phx.pp > b/manifests/servergroups/phx.pp > index 312b378..038caea 100644 > --- a/manifests/servergroups/phx.pp > +++ b/manifests/servergroups/phx.pp > @@ -10,6 +10,7 @@ class phx { > } > host { 'admin.fedoraproject.org': > ip => '10.8.32.121', > + alias => ['mirrors.fedoraproject.org',] > } > host { 'cvs.fedoraproject.org': > ip => '10.8.34.151', > > > Can I get 2 +1's? > Actually I want that to go to an external IP so it'd be more like: host { 'mirrors.fedoraproject.org': ip => '66.35.62.166', } -Mike From ricky at fedoraproject.org Mon Jan 26 21:56:41 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Mon, 26 Jan 2009 16:56:41 -0500 Subject: Change request In-Reply-To: References: Message-ID: <20090126215641.GE20614@sphe.res.cmu.edu> On 2009-01-26 03:53:46 PM, Mike McGrath wrote: > I'd like to > > diff --git a/manifests/servergroups/phx.pp > b/manifests/servergroups/phx.pp > index 312b378..038caea 100644 > --- a/manifests/servergroups/phx.pp > +++ b/manifests/servergroups/phx.pp > @@ -10,6 +10,7 @@ class phx { > } > host { 'admin.fedoraproject.org': > ip => '10.8.32.121', > + alias => ['mirrors.fedoraproject.org',] > } > host { 'cvs.fedoraproject.org': > ip => '10.8.34.151', > > > Can I get 2 +1's? +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From ricky at fedoraproject.org Mon Jan 26 22:02:41 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Mon, 26 Jan 2009 17:02:41 -0500 Subject: Change request In-Reply-To: References: Message-ID: <20090126220241.GF20614@sphe.res.cmu.edu> On 2009-01-26 03:56:06 PM, Mike McGrath wrote: > Actually I want that to go to an external IP so it'd be more like: > > host { 'mirrors.fedoraproject.org': > ip => '66.35.62.166', > } +1 to this, then - Mike said it's so that mirrormanager will see PHX's IP and redirect to the internal mirror. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From skvidal at fedoraproject.org Mon Jan 26 22:03:24 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Mon, 26 Jan 2009 17:03:24 -0500 Subject: Change request In-Reply-To: References: Message-ID: <1233007404.3249.23.camel@rosebud> On Mon, 2009-01-26 at 15:56 -0600, Mike McGrath wrote: > On Mon, 26 Jan 2009, Mike McGrath wrote: > > > I'd like to > > > > diff --git a/manifests/servergroups/phx.pp > > b/manifests/servergroups/phx.pp > > index 312b378..038caea 100644 > > --- a/manifests/servergroups/phx.pp > > +++ b/manifests/servergroups/phx.pp > > @@ -10,6 +10,7 @@ class phx { > > } > > host { 'admin.fedoraproject.org': > > ip => '10.8.32.121', > > + alias => ['mirrors.fedoraproject.org',] > > } > > host { 'cvs.fedoraproject.org': > > ip => '10.8.34.151', > > > > > > Can I get 2 +1's? > > > > Actually I want that to go to an external IP so it'd be more like: > > host { 'mirrors.fedoraproject.org': > ip => '66.35.62.166', > } > +1. -sv From stickster at gmail.com Mon Jan 26 22:13:42 2009 From: stickster at gmail.com (Paul W. Frields) Date: Mon, 26 Jan 2009 17:13:42 -0500 Subject: Automating hosted projects? Message-ID: <20090126221342.GP14131@localhost.localdomain> Hi Infrastructure team, Not sure if this inquiry belongs here or on websites, but I'll start here. Personally my experience has been that the Fedora admins act on requests for Fedora Hosted projects requests very quickly. Some potential contributors may want or need more instantaneous results, and I would hate to see folks going to somewhere like Google Code if we can keep their projects more open and transparent (and portable) to the community. Does the team have any sense as to whether we could further automate the Fedora Hosted project creation process? -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From skvidal at fedoraproject.org Tue Jan 27 02:22:03 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Mon, 26 Jan 2009 21:22:03 -0500 Subject: Automating hosted projects? In-Reply-To: <20090126221342.GP14131@localhost.localdomain> References: <20090126221342.GP14131@localhost.localdomain> Message-ID: <1233022923.14094.1.camel@rosebud> On Mon, 2009-01-26 at 17:13 -0500, Paul W. Frields wrote: > Hi Infrastructure team, > > Not sure if this inquiry belongs here or on websites, but I'll start > here. Personally my experience has been that the Fedora admins act on > requests for Fedora Hosted projects requests very quickly. Some > potential contributors may want or need more instantaneous results, > and I would hate to see folks going to somewhere like Google Code if > we can keep their projects more open and transparent (and portable) to > the community. > > Does the team have any sense as to whether we could further > automate the Fedora Hosted project creation process? imo -1. Part of the benefit of the process being manual is that a little sanity checking is applied. if someone needs hosting RIGHT NOW, then they can use their fedorapeople account for the hour or two it'll take for someone from fedora infrastructure to get to it. Making it instantaneous and automatic just makes it prone to abuse. -sv From ianweller at gmail.com Tue Jan 27 03:43:47 2009 From: ianweller at gmail.com (Ian Weller) Date: Mon, 26 Jan 2009 21:43:47 -0600 Subject: Automating hosted projects? In-Reply-To: <1233022923.14094.1.camel@rosebud> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> Message-ID: <20090127034347.GA21007@gmail.com> On Mon, Jan 26, 2009 at 09:22:03PM -0500, seth vidal wrote: > On Mon, 2009-01-26 at 17:13 -0500, Paul W. Frields wrote: > > Hi Infrastructure team, > > > > Not sure if this inquiry belongs here or on websites, but I'll start > > here. Personally my experience has been that the Fedora admins act on > > requests for Fedora Hosted projects requests very quickly. Some > > potential contributors may want or need more instantaneous results, > > and I would hate to see folks going to somewhere like Google Code if > > we can keep their projects more open and transparent (and portable) to > > the community. > > > > Does the team have any sense as to whether we could further > > automate the Fedora Hosted project creation process? > > imo -1. Part of the benefit of the process being manual is that a little > sanity checking is applied. > > if someone needs hosting RIGHT NOW, then they can use their fedorapeople > account for the hour or two it'll take for someone from fedora > infrastructure to get to it. > > Making it instantaneous and automatic just makes it prone to abuse. > I agree with this statement -- I'd rather have people manually checking requests as they come rather than manually checking each automated request and possibly going through a revocation process if any abuse were to arise. -- Ian Weller http://ianweller.org GnuPG fingerprint: E51E 0517 7A92 70A2 4226 B050 87ED 7C97 EFA8 4A36 "Technology is a word that describes something that doesn't work yet." ~ Douglas Adams -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From sundaram at fedoraproject.org Tue Jan 27 09:26:14 2009 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Tue, 27 Jan 2009 14:56:14 +0530 Subject: Automating hosted projects? In-Reply-To: <1233022923.14094.1.camel@rosebud> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> Message-ID: <497ED336.2040409@fedoraproject.org> seth vidal wrote: > imo -1. Part of the benefit of the process being manual is that a little > sanity checking is applied. Can that be automated? > Making it instantaneous and automatic just makes it prone to abuse. http://repo.or.cz/ seems to do it well. So do other bigger project hosting sites. Rahul From stickster at gmail.com Tue Jan 27 13:09:28 2009 From: stickster at gmail.com (Paul W. Frields) Date: Tue, 27 Jan 2009 08:09:28 -0500 Subject: Automating hosted projects? In-Reply-To: <20090127034347.GA21007@gmail.com> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <20090127034347.GA21007@gmail.com> Message-ID: <20090127130928.GG30712@localhost.localdomain> On Mon, Jan 26, 2009 at 09:43:47PM -0600, Ian Weller wrote: > On Mon, Jan 26, 2009 at 09:22:03PM -0500, seth vidal wrote: > > On Mon, 2009-01-26 at 17:13 -0500, Paul W. Frields wrote: > > > Hi Infrastructure team, > > > > > > Not sure if this inquiry belongs here or on websites, but I'll start > > > here. Personally my experience has been that the Fedora admins act on > > > requests for Fedora Hosted projects requests very quickly. Some > > > potential contributors may want or need more instantaneous results, > > > and I would hate to see folks going to somewhere like Google Code if > > > we can keep their projects more open and transparent (and portable) to > > > the community. > > > > > > Does the team have any sense as to whether we could further > > > automate the Fedora Hosted project creation process? > > > > imo -1. Part of the benefit of the process being manual is that a little > > sanity checking is applied. > > > > if someone needs hosting RIGHT NOW, then they can use their fedorapeople > > account for the hour or two it'll take for someone from fedora > > infrastructure to get to it. > > > > Making it instantaneous and automatic just makes it prone to abuse. > > > I agree with this statement -- I'd rather have people manually checking > requests as they come rather than manually checking each automated > request and possibly going through a revocation process if any abuse > were to arise. Does the Fedora Hosted FAQ or instruction sheet have a link to the location on the wiki describing how people can get by with fpeeps.o until their Hosted project appears? -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From skvidal at fedoraproject.org Tue Jan 27 13:19:50 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Tue, 27 Jan 2009 08:19:50 -0500 Subject: Automating hosted projects? In-Reply-To: <497ED336.2040409@fedoraproject.org> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <497ED336.2040409@fedoraproject.org> Message-ID: <1233062390.14094.11.camel@rosebud> On Tue, 2009-01-27 at 14:56 +0530, Rahul Sundaram wrote: > seth vidal wrote: > > > imo -1. Part of the benefit of the process being manual is that a little > > sanity checking is applied. > > Can that be automated? Can't we automate manual checking? Do you understand that the word 'manual' is opposite to the word 'automate'? If you automate it then it is no longer manual. If it is manual, then it is not automatic. > > Making it instantaneous and automatic just makes it prone to abuse. > > http://repo.or.cz/ seems to do it well. So do other bigger project > hosting sites. If by 'it' you mean "have a giant pile of unmaintained pkgs that no one is updating or caring for and are just wasting space", then yes, repo.or.cz does that very well. -sv From skvidal at fedoraproject.org Tue Jan 27 13:23:00 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Tue, 27 Jan 2009 08:23:00 -0500 Subject: Automating hosted projects? In-Reply-To: <20090127130928.GG30712@localhost.localdomain> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <20090127034347.GA21007@gmail.com> <20090127130928.GG30712@localhost.localdomain> Message-ID: <1233062580.14094.14.camel@rosebud> On Tue, 2009-01-27 at 08:09 -0500, Paul W. Frields wrote: > Does the Fedora Hosted FAQ or instruction sheet have a link to the > location on the wiki describing how people can get by with fpeeps.o > until their Hosted project appears? > All the info about the things you can do on fedorapeople is here: http://fedoraproject.org/wiki/Infrastructure/fedorapeople.org Paul: Is there a specific case where someone was outraged by having to wait to get a fedorahosted project and stormed off to google code instead? And, frankly, do we care? Is our goal to get angry, impatient developers to host their code at fedorahosted? -sv From sundaram at fedoraproject.org Tue Jan 27 13:37:05 2009 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Tue, 27 Jan 2009 19:07:05 +0530 Subject: Automating hosted projects? In-Reply-To: <1233062390.14094.11.camel@rosebud> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <497ED336.2040409@fedoraproject.org> <1233062390.14094.11.camel@rosebud> Message-ID: <497F0E01.8000202@fedoraproject.org> seth vidal wrote: > On Tue, 2009-01-27 at 14:56 +0530, Rahul Sundaram wrote: >> seth vidal wrote: >> >>> imo -1. Part of the benefit of the process being manual is that a little >>> sanity checking is applied. >> Can that be automated? > > Can't we automate manual checking? Do you understand that the word > 'manual' is opposite to the word 'automate'? > If you automate it then it is no longer manual. > If it is manual, then it is not automatic. Oh, come on. No need to play super smart. Isn't it obvious? I meant, can the sanity checking be automated? > If by 'it' you mean "have a giant pile of unmaintained pkgs that no one > is updating or caring for and are just wasting space", then yes, > repo.or.cz does that very well. Lots of people are taking advantage of it precisely because it is trivial to sign up. Yes, that means some of the projects will be abandoned but look at the number of projects in fedorahosted.org which haven't even bothered to edit the front page and provide a simple description of what it is all about. I don't think we are doing anything that is obviously better. Rahul From skvidal at fedoraproject.org Tue Jan 27 13:42:30 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Tue, 27 Jan 2009 08:42:30 -0500 Subject: Automating hosted projects? In-Reply-To: <497F0E01.8000202@fedoraproject.org> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <497ED336.2040409@fedoraproject.org> <1233062390.14094.11.camel@rosebud> <497F0E01.8000202@fedoraproject.org> Message-ID: <1233063750.14094.16.camel@rosebud> On Tue, 2009-01-27 at 19:07 +0530, Rahul Sundaram wrote: > Oh, come on. No need to play super smart. Isn't it obvious? I meant, can > the sanity checking be automated? Part of the sanity checking is looking at what's requested itself. > > If by 'it' you mean "have a giant pile of unmaintained pkgs that no one > > is updating or caring for and are just wasting space", then yes, > > repo.or.cz does that very well. > > Lots of people are taking advantage of it precisely because it is > trivial to sign up. Yes, that means some of the projects will be > abandoned but look at the number of projects in fedorahosted.org which > haven't even bothered to edit the front page and provide a simple > description of what it is all about. I don't think we are doing anything > that is obviously better. And do you think the quality of the projects at fedorahosted is going to get better or get worse if we make it happen automatically? I think it will decline. -sv From sundaram at fedoraproject.org Tue Jan 27 13:49:20 2009 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Tue, 27 Jan 2009 19:19:20 +0530 Subject: Automating hosted projects? In-Reply-To: <1233063750.14094.16.camel@rosebud> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <497ED336.2040409@fedoraproject.org> <1233062390.14094.11.camel@rosebud> <497F0E01.8000202@fedoraproject.org> <1233063750.14094.16.camel@rosebud> Message-ID: <497F10E0.3080108@fedoraproject.org> seth vidal wrote: > Part of the sanity checking is looking at what's requested itself. What do you look for? > And do you think the quality of the projects at fedorahosted is going > to get better or get worse if we make it happen automatically? > > I think it will decline. Perhaps it will but maybe it will be offset by more people taking advantage of it. A thriving community can afford to have a few less active members. It is a potential trade off to consider. Rahul From mmcgrath at redhat.com Tue Jan 27 15:01:22 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 27 Jan 2009 09:01:22 -0600 (CST) Subject: What is doing this? Message-ID: We've got a cron job that creates the fedorahosted webpage. It produces (on occasion) this output: ========== START ============== ...... done. ...... done. ========== END OUTPUT ========= I've been poking at it for a bit and I just don't know what is causing that, so to the list I came. Anyone have any bright ideas? I've attached the script. My first inclination is that it's the make. But what in it is causing this to happen sometimes but not every time? -Mike From mmcgrath at redhat.com Tue Jan 27 15:01:55 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 27 Jan 2009 09:01:55 -0600 (CST) Subject: What is doing this? In-Reply-To: References: Message-ID: On Tue, 27 Jan 2009, Mike McGrath wrote: > > We've got a cron job that creates the fedorahosted webpage. It produces > (on occasion) this output: > ========== START ============== > ...... done. > ...... done. > ========== END OUTPUT ========= > > I've been poking at it for a bit and I just don't know what is causing > that, so to the list I came. Anyone have any bright ideas? I've attached > the script. My first inclination is that it's the make. But what in it > is causing this to happen sometimes but not every time? > Now with an actual attachment. -Mike -------------- next part -------------- A non-text attachment was scrubbed... Name: updateFedorahosted.org.sh Type: application/x-sh Size: 747 bytes Desc: URL: From stickster at gmail.com Tue Jan 27 15:42:07 2009 From: stickster at gmail.com (Paul W. Frields) Date: Tue, 27 Jan 2009 10:42:07 -0500 Subject: Automating hosted projects? In-Reply-To: <1233062580.14094.14.camel@rosebud> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <20090127034347.GA21007@gmail.com> <20090127130928.GG30712@localhost.localdomain> <1233062580.14094.14.camel@rosebud> Message-ID: <20090127154207.GG4727@localhost.localdomain> On Tue, Jan 27, 2009 at 08:23:00AM -0500, seth vidal wrote: > On Tue, 2009-01-27 at 08:09 -0500, Paul W. Frields wrote: > > Does the Fedora Hosted FAQ or instruction sheet have a link to the > > location on the wiki describing how people can get by with fpeeps.o > > until their Hosted project appears? > > > > All the info about the things you can do on fedorapeople is here: > > http://fedoraproject.org/wiki/Infrastructure/fedorapeople.org > > Paul: Is there a specific case where someone was outraged by having to > wait to get a fedorahosted project and stormed off to google code > instead? And, frankly, do we care? Is our goal to get angry, impatient > developers to host their code at fedorahosted? Outraged, not that I'm aware of. That shouldn't stop us from seeing if there are specific improvements we can make that lower contributor barriers. Our goal is not to encourage angry, impatient developers, but simply to make sure that we make things as easy as sanity allows for everyone to work with our project. I'll take on the role of $RANDOM_NONANGRY_DEVELOPER to demonstrate. I hear about Fedora Hosted from a marketing related activity like an article on the web or word of mouth from a friend or a list post. I google it and arrive at the top link, http://fedorahosted.org. Neither the FAQ nor the New Project instructions tell me that I have an alternative available, the fedorapeople.org route. A wiki search for 'git repo' or 'git repository' doesn't tell me either. Wouldn't just adding a FAQ entry be an easy way to give people more information without requiring them to scour the wiki? Patch attached as a suggestion. -- Paul W. Frields http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug -------------- next part -------------- diff --git a/fedorahosted.org/data/content/faq.html b/fedorahosted.org/data/content/faq.html index 5d7fc75..7259ecd 100644 --- a/fedorahosted.org/data/content/faq.html +++ b/fedorahosted.org/data/content/faq.html @@ -22,7 +22,7 @@

${_('Create the archive on your workstation and run <code>scp myProject-0.1.tar.gz fedorahosted.org:&lt;Project Name&gt;</code>. The archive will be located under <a href="https://fedorahosted.org/releases/">https://fedorahosted.org/releases/</a>')}

${_('I just got a new git repository, how can I push/pull?')}

${_('Before anyone can clone/push the new repository a master push must be done with the command (from your local git repo): git push ssh://git.fedorahosted.org/git/yourproject.git/ master')}

- - +

${_('While I wait for my repository to be created, can I work on my code elsewhere?')}

+

${_('Of course. Visit <a href="http://fedoraproject.org/wiki/Infrastructure/fedorapeople.org">http://fedoraproject.org/wiki/Infrastructure/fedorapeople.org</a> for instructions on how to set up a temporary repository in your fedorapeople.org space.')}

-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From smooge at gmail.com Tue Jan 27 16:57:05 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Tue, 27 Jan 2009 09:57:05 -0700 Subject: Automating hosted projects? In-Reply-To: <497F10E0.3080108@fedoraproject.org> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <497ED336.2040409@fedoraproject.org> <1233062390.14094.11.camel@rosebud> <497F0E01.8000202@fedoraproject.org> <1233063750.14094.16.camel@rosebud> <497F10E0.3080108@fedoraproject.org> Message-ID: <80d7e4090901270857i4e0d3d26he96b038b1e44fc37@mail.gmail.com> On Tue, Jan 27, 2009 at 6:49 AM, Rahul Sundaram wrote: > seth vidal wrote: > >> Part of the sanity checking is looking at what's requested itself. > > What do you look for? Things that would probably be looked for: Easy to automatically sanity check Fedora Sucks project Fedora Eats Donkey Dicks project Hard to sanity check automatically check Upload of the cisco source code from pirate bay saying it is a Public Domain project. Upload of the entire Millie Vanili ogg archive under the same license. Fedora Unity and Cooperation KDE- Gnome might raise some eyebrows but would not be easy to auto-sanity-check. >> And do you think the quality of the projects at fedorahosted is going >> to get better or get worse if we make it happen automatically? >> >> I think it will decline. > > Perhaps it will but maybe it will be offset by more people taking advantage > of it. A thriving community can afford to have a few less active members. It > is a potential trade off to consider. A thriving community also requires the resources to maintain it. Are we positioning ourselves as a new SourceForge? Do we have the resources to make it not suck because everyone and their brother have uploaded their 3 line patch to the kernel as a new git tree? Having seen what happens when Red Hat is not ready to add disk/cpu/bandwidth as much as people want it.. its better to be picky and up than popular and down. Those who forget sourceware.org are prone to repeat it. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From ivazqueznet at gmail.com Tue Jan 27 17:30:40 2009 From: ivazqueznet at gmail.com (Ignacio Vazquez-Abrams) Date: Tue, 27 Jan 2009 12:30:40 -0500 Subject: Automating hosted projects? In-Reply-To: <20090127130928.GG30712@localhost.localdomain> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <20090127034347.GA21007@gmail.com> <20090127130928.GG30712@localhost.localdomain> Message-ID: <1233077440.1025.38.camel@ignacio.lan> On Tue, 2009-01-27 at 08:09 -0500, Paul W. Frields wrote: > Does the Fedora Hosted FAQ or instruction sheet have a link to the > location on the wiki describing how people can get by with fpeeps.o > until their Hosted project appears? Are we then going to require new hostees to have access to fedorapeople.org? Because I don't think that will really help either them or us. -- Ignacio Vazquez-Abrams PLEASE don't CC me; I'm already subscribed -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From kanarip at kanarip.com Tue Jan 27 17:33:43 2009 From: kanarip at kanarip.com (Jeroen van Meeuwen) Date: Tue, 27 Jan 2009 18:33:43 +0100 Subject: Automating hosted projects? In-Reply-To: <80d7e4090901270857i4e0d3d26he96b038b1e44fc37@mail.gmail.com> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <497ED336.2040409@fedoraproject.org> <1233062390.14094.11.camel@rosebud> <497F0E01.8000202@fedoraproject.org> <1233063750.14094.16.camel@rosebud> <497F10E0.3080108@fedoraproject.org> <80d7e4090901270857i4e0d3d26he96b038b1e44fc37@mail.gmail.com> Message-ID: <497F4577.3080803@kanarip.com> Stephen John Smoogen wrote: > Fedora Unity and Cooperation KDE- Gnome might raise some eyebrows but > would not be easy to auto-sanity-check. > /me raises one or two eyebrows... I see we're being used as an example but I'm not sure I understand what you're saying ;-) Kind regards, Jeroen van Meeuwen -kanarip From ricky at fedoraproject.org Tue Jan 27 17:45:14 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Tue, 27 Jan 2009 12:45:14 -0500 Subject: What is doing this? In-Reply-To: References: Message-ID: <20090127174514.GE16977@sphe.res.cmu.edu> On 2009-01-27 09:01:55 AM, Mike McGrath wrote: > > ...... done. > > ...... done. This is just a random guess, but the text reminds me of: receiving file list ... done from rsync. I wonder what could cause this to be printed if it were rsync... Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From skvidal at fedoraproject.org Tue Jan 27 17:44:47 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Tue, 27 Jan 2009 12:44:47 -0500 Subject: Automating hosted projects? In-Reply-To: <1233077440.1025.38.camel@ignacio.lan> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <20090127034347.GA21007@gmail.com> <20090127130928.GG30712@localhost.localdomain> <1233077440.1025.38.camel@ignacio.lan> Message-ID: <1233078287.14094.27.camel@rosebud> On Tue, 2009-01-27 at 12:30 -0500, Ignacio Vazquez-Abrams wrote: > On Tue, 2009-01-27 at 08:09 -0500, Paul W. Frields wrote: > > Does the Fedora Hosted FAQ or instruction sheet have a link to the > > location on the wiki describing how people can get by with fpeeps.o > > until their Hosted project appears? > > Are we then going to require new hostees to have access to > fedorapeople.org? Because I don't think that will really help either > them or us. require? no - but it tells them if they have a fedorapeople account that they can set up a git repo there, instead, if they so wish. -sv From a.badger at gmail.com Tue Jan 27 18:08:25 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Tue, 27 Jan 2009 10:08:25 -0800 Subject: Automating hosted projects? In-Reply-To: <497ED336.2040409@fedoraproject.org> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <497ED336.2040409@fedoraproject.org> Message-ID: <497F4D99.8070801@gmail.com> Rahul Sundaram wrote: > seth vidal wrote: > >> imo -1. Part of the benefit of the process being manual is that a little >> sanity checking is applied. > > Can that be automated? > >> Making it instantaneous and automatic just makes it prone to abuse. > > http://repo.or.cz/ seems to do it well. So do other bigger project > hosting sites. > Can you list which ones? google code might be automated (The docs make it look like fill out web form, instantly have hosting) but Sourceforge, gna, and berlios have a manual review. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From n1ghtcr4wler at gmail.com Tue Jan 27 18:23:32 2009 From: n1ghtcr4wler at gmail.com (Ricardo Ichizo) Date: Tue, 27 Jan 2009 16:23:32 -0200 Subject: What is doing this? In-Reply-To: <20090127174514.GE16977@sphe.res.cmu.edu> References: <20090127174514.GE16977@sphe.res.cmu.edu> Message-ID: <9ae7d5480901271023g51cbfa48g9ffaf80952f17207@mail.gmail.com> Hi, 2009/1/27 Ricky Zhou : > On 2009-01-27 09:01:55 AM, Mike McGrath wrote: >> > ...... done. >> > ...... done. > This is just a random guess, but the text reminds me of: > > receiving file list ... done > > from rsync. I wonder what could cause this to be printed if it were > rsync... > Yes, rsync always do that: building file list ... done ... receiving file list ... done -- Ricardo Ichizo From mmcgrath at redhat.com Tue Jan 27 19:19:05 2009 From: mmcgrath at redhat.com (mmcgrath at redhat.com) Date: Tue, 27 Jan 2009 14:19:05 -0500 (EST) Subject: What is doing this? In-Reply-To: <9ae7d5480901271023g51cbfa48g9ffaf80952f17207@mail.gmail.com> References: <20090127174514.GE16977@sphe.res.cmu.edu> <9ae7d5480901271023g51cbfa48g9ffaf80952f17207@mail.gmail.com> Message-ID: On Jan 27, 2009, at 12:23 PM, Ricardo Ichizo wrote: > Hi, > > 2009/1/27 Ricky Zhou : >> On 2009-01-27 09:01:55 AM, Mike McGrath wrote: >>>> ...... done. >>>> ...... done. >> This is just a random guess, but the text reminds me of: >> >> receiving file list ... done >> >> from rsync. I wonder what could cause this to be printed if it were >> rsync... >> > > Yes, rsync always do that: > > building file list ... done > ... > receiving file list ... done This makes me wonder if rsync is sending part of that message to stderr. I tried to reproduce it but have been unable to. It just sortof happens sometimes. -Mike From cra at WPI.EDU Tue Jan 27 21:11:36 2009 From: cra at WPI.EDU (Chuck Anderson) Date: Tue, 27 Jan 2009 16:11:36 -0500 Subject: What is doing this? In-Reply-To: References: <20090127174514.GE16977@sphe.res.cmu.edu> <9ae7d5480901271023g51cbfa48g9ffaf80952f17207@mail.gmail.com> Message-ID: <20090127211136.GB16541@angus.ind.WPI.EDU> On Tue, Jan 27, 2009 at 02:19:05PM -0500, mmcgrath at redhat.com wrote: >> Yes, rsync always do that: >> >> building file list ... done >> ... >> receiving file list ... done > > This makes me wonder if rsync is sending part of that message to stderr. > I tried to reproduce it but have been unable to. It just sortof happens > sometimes. I tried this and the only thing that appeared in /tmp/stderr was the remote host's SSH banner: rsync --rsh=ssh -avHn . remotehost:foo/ 2> /tmp/stderr 1> /tmp/stdout The "file list ... done" lines all appeared in /tmp/stdout. From valholla75 at gmail.com Tue Jan 27 21:13:49 2009 From: valholla75 at gmail.com (Mike) Date: Tue, 27 Jan 2009 15:13:49 -0600 Subject: What is doing this? In-Reply-To: References: <20090127174514.GE16977@sphe.res.cmu.edu> <9ae7d5480901271023g51cbfa48g9ffaf80952f17207@mail.gmail.com> Message-ID: If memory serves me, cron jobs do not get their own tty. tty based file handels can get flaky in cron jobs. I have run across situations in Solaris and AIX, where the the last filehandle accessed --redirected to /dev/null or not-- by a cron script is the one that gets the output. I am not sure why or what causes it. I would force the STDOUT and STDERR of each command in the job to $0.$DATESTAMP log files until the error(s) reproduce. that way it can "hopefully" be determined where it is comming from and suppression or remediation can take place. Mike On Tue, Jan 27, 2009 at 1:19 PM, wrote: > > On Jan 27, 2009, at 12:23 PM, Ricardo Ichizo > wrote: > > Hi, >> >> 2009/1/27 Ricky Zhou : >> >>> On 2009-01-27 09:01:55 AM, Mike McGrath wrote: >>> >>>> ...... done. >>>>> ...... done. >>>>> >>>> This is just a random guess, but the text reminds me of: >>> >>> receiving file list ... done >>> >>> from rsync. I wonder what could cause this to be printed if it were >>> rsync... >>> >>> >> Yes, rsync always do that: >> >> building file list ... done >> ... >> receiving file list ... done >> > > This makes me wonder if rsync is sending part of that message to stderr. I > tried to reproduce it but have been unable to. It just sortof happens > sometimes. > > -Mike > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: From valholla75 at gmail.com Tue Jan 27 21:20:37 2009 From: valholla75 at gmail.com (Mike) Date: Tue, 27 Jan 2009 15:20:37 -0600 Subject: Automating hosted projects? In-Reply-To: <497F4D99.8070801@gmail.com> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <497ED336.2040409@fedoraproject.org> <497F4D99.8070801@gmail.com> Message-ID: I can confirm that google-code is automated. I have one project hosted there. do you think a "happy medium" would work? set it up for "instant access" to "owner" but review by Fedora Infrastructure is required before read only and/or read write repositories are opened? Mike. 2009/1/27 Toshio Kuratomi > Rahul Sundaram wrote: > > seth vidal wrote: > > > >> imo -1. Part of the benefit of the process being manual is that a little > >> sanity checking is applied. > > > > Can that be automated? > > > >> Making it instantaneous and automatic just makes it prone to abuse. > > > > http://repo.or.cz/ seems to do it well. So do other bigger project > > hosting sites. > > > Can you list which ones? google code might be automated (The docs make > it look like fill out web form, instantly have hosting) but Sourceforge, > gna, and berlios have a manual review. > > -Toshio > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Tue Jan 27 21:29:41 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Tue, 27 Jan 2009 15:29:41 -0600 (CST) Subject: Automating hosted projects? In-Reply-To: References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <497ED336.2040409@fedoraproject.org> <497F4D99.8070801@gmail.com> Message-ID: On Tue, 27 Jan 2009, Mike wrote: > I can confirm that google-code is automated.? I have one project hosted there. > > do you think a "happy medium" would work? > set it up for "instant access" to "owner" but review by Fedora Infrastructure is required > before read only and/or read write repositories are opened? > I think it's time to chime in on this. I'm generally 100% for self service but in this case I like the way we have it now. Especially until a reaping policy can be put in place that people won't flip their lids about. As far as I'm concerned, Fedora Hosted is not a place for fly by night vaporware and I think having this manual process prevents it a bit. Having to create a ticket, having to respond when we ask questions, etc, shows they have at least the commitment to create the project and wait for it. Does it have its downsides? Yes, you have to wait a little bit. But this is supposed to be a high quality hosting setup, the cost is a bit of time. Additionally I like the personal touch of having to interact with someone to actually get this done. To me it feels more like a partnership, there actually is someone on the other end of this stuff, its not just some large souless machine. If they've got problems they know exactly where to go. -1 from me unless someone can give me a clear benefit from the views of Fedora, (and no, making stuff up doesn't count, do research, draw a conclusion, send your proposition to the list) -Mike From smooge at gmail.com Tue Jan 27 22:44:59 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Tue, 27 Jan 2009 15:44:59 -0700 Subject: Automating hosted projects? In-Reply-To: <497F4577.3080803@kanarip.com> References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <497ED336.2040409@fedoraproject.org> <1233062390.14094.11.camel@rosebud> <497F0E01.8000202@fedoraproject.org> <1233063750.14094.16.camel@rosebud> <497F10E0.3080108@fedoraproject.org> <80d7e4090901270857i4e0d3d26he96b038b1e44fc37@mail.gmail.com> <497F4577.3080803@kanarip.com> Message-ID: <80d7e4090901271444s5d53c66ap789ff752915f18d1@mail.gmail.com> On Tue, Jan 27, 2009 at 10:33 AM, Jeroen van Meeuwen wrote: > Stephen John Smoogen wrote: >> >> Fedora Unity and Cooperation KDE- Gnome might raise some eyebrows but >> would not be easy to auto-sanity-check. >> > > /me raises one or two eyebrows... > > I see we're being used as an example but I'm not sure I understand what > you're saying ;-) > The acronym for the project could be F. U. C. K. Gnome. I was trying to remember various project names that have gotten past auto-testers and then come up as a problem (Getting a username of first letter firstname, last name... with the name given as Frederick Uckyou (where you was replaced with various things.) -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From jkeating at redhat.com Tue Jan 27 23:28:36 2009 From: jkeating at redhat.com (Jesse Keating) Date: Tue, 27 Jan 2009 15:28:36 -0800 Subject: Automating hosted projects? In-Reply-To: References: <20090126221342.GP14131@localhost.localdomain> <1233022923.14094.1.camel@rosebud> <497ED336.2040409@fedoraproject.org> <497F4D99.8070801@gmail.com> Message-ID: <1233098916.8363.222.camel@localhost.localdomain> On Tue, 2009-01-27 at 15:29 -0600, Mike McGrath wrote: > On Tue, 27 Jan 2009, Mike wrote: > > > I can confirm that google-code is automated. I have one project hosted there. > > > > do you think a "happy medium" would work? > > set it up for "instant access" to "owner" but review by Fedora Infrastructure is required > > before read only and/or read write repositories are opened? > > > > I think it's time to chime in on this. I'm generally 100% for self > service but in this case I like the way we have it now. Especially until > a reaping policy can be put in place that people won't flip their lids > about. > > As far as I'm concerned, Fedora Hosted is not a place for fly by night > vaporware and I think having this manual process prevents it a bit. > Having to create a ticket, having to respond when we ask questions, etc, > shows they have at least the commitment to create the project and wait for > it. Does it have its downsides? Yes, you have to wait a little bit. > But this is supposed to be a high quality hosting setup, the cost is a bit > of time. > > Additionally I like the personal touch of having to interact with someone > to actually get this done. To me it feels more like a partnership, there > actually is someone on the other end of this stuff, its not just some > large souless machine. If they've got problems they know exactly where to > go. > > -1 from me unless someone can give me a clear benefit from the views of > Fedora, (and no, making stuff up doesn't count, do research, draw a > conclusion, send your proposition to the list) > > -Mike As one of the initial creators of the Fedora Hosted offerings, I have to agree with Mike McGrath here. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From skvidal at fedoraproject.org Wed Jan 28 20:42:35 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Wed, 28 Jan 2009 15:42:35 -0500 Subject: change request: python-hashlib install on fedorapeople.org and new yum Message-ID: <1233175355.14094.95.camel@rosebud> in order to stop the rss feed generator from kvetching I'd like to install the new python-hashlib and new yum pkgs (from rhel 5.3) on fedorapeople. Can I get a couple of +1's? thanks, -sv From jeff at ocjtech.us Wed Jan 28 21:16:52 2009 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Wed, 28 Jan 2009 15:16:52 -0600 Subject: change request: python-hashlib install on fedorapeople.org and new yum In-Reply-To: <1233175355.14094.95.camel@rosebud> References: <1233175355.14094.95.camel@rosebud> Message-ID: <935ead450901281316m47940e26je0e15d1024fdb2be@mail.gmail.com> On Wed, Jan 28, 2009 at 2:42 PM, seth vidal wrote: > in order to stop the rss feed generator from kvetching I'd like to > install the new python-hashlib and new yum pkgs (from rhel 5.3) on > fedorapeople. > > Can I get a couple of +1's? +1 -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" From dennis at ausil.us Wed Jan 28 21:29:10 2009 From: dennis at ausil.us (Dennis Gilmore) Date: Wed, 28 Jan 2009 15:29:10 -0600 Subject: change request: python-hashlib install on fedorapeople.org and new yum In-Reply-To: <1233175355.14094.95.camel@rosebud> References: <1233175355.14094.95.camel@rosebud> Message-ID: <200901281529.18578.dennis@ausil.us> On Wednesday 28 January 2009 02:42:35 pm seth vidal wrote: > in order to stop the rss feed generator from kvetching I'd like to > install the new python-hashlib and new yum pkgs (from rhel 5.3) on > fedorapeople. > > Can I get a couple of +1's? Amen, umm +1 :) Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: From a.badger at gmail.com Wed Jan 28 21:29:15 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 28 Jan 2009 13:29:15 -0800 Subject: change request: python-hashlib install on fedorapeople.org and new yum In-Reply-To: <1233175355.14094.95.camel@rosebud> References: <1233175355.14094.95.camel@rosebud> Message-ID: <4980CE2B.2010002@gmail.com> seth vidal wrote: > in order to stop the rss feed generator from kvetching I'd like to > install the new python-hashlib and new yum pkgs (from rhel 5.3) on > fedorapeople. > > Can I get a couple of +1's? > Seems like this will only affect fedorapeople and it can be reverted by downgrading the package if necessary. +1 -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From hassonofer at gmail.com Wed Jan 28 21:36:33 2009 From: hassonofer at gmail.com (Ofer Hasson) Date: Wed, 28 Jan 2009 23:36:33 +0200 Subject: change request: python-hashlib install on fedorapeople.org and new yum In-Reply-To: <4980CE2B.2010002@gmail.com> References: <1233175355.14094.95.camel@rosebud> <4980CE2B.2010002@gmail.com> Message-ID: <32fd46d0901281336g52136650s48026d0f9101a233@mail.gmail.com> i agree +1 2009/1/28 Toshio Kuratomi > seth vidal wrote: > > in order to stop the rss feed generator from kvetching I'd like to > > install the new python-hashlib and new yum pkgs (from rhel 5.3) on > > fedorapeople. > > > > Can I get a couple of +1's? > > > Seems like this will only affect fedorapeople and it can be reverted by > downgrading the package if necessary. > > +1 > > -Toshio > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jkeating at redhat.com Wed Jan 28 21:51:46 2009 From: jkeating at redhat.com (Jesse Keating) Date: Wed, 28 Jan 2009 13:51:46 -0800 Subject: change request: python-hashlib install on builders Message-ID: <1233179506.8363.241.camel@localhost.localdomain> Since the change on fedorapeople was a success, we need to make this change on the builders as well. The problem is that when we create rawhide each night, we have random builders create a chroot in order to run pungi in. The chroot is generated from the freshly made rawhide repos, which have the newer sha256 sum in them. We need a newer yum and the python-hashlib build in order for the host yum to be able to process that metadata and generate the chroot. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From ricky at fedoraproject.org Wed Jan 28 21:56:48 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Wed, 28 Jan 2009 16:56:48 -0500 Subject: change request: python-hashlib install on builders In-Reply-To: <1233179506.8363.241.camel@localhost.localdomain> References: <1233179506.8363.241.camel@localhost.localdomain> Message-ID: <20090128215648.GA7195@sphe.res.cmu.edu> On 2009-01-28 01:51:46 PM, Jesse Keating wrote: > Since the change on fedorapeople was a success, we need to make this > change on the builders as well. > > The problem is that when we create rawhide each night, we have random > builders create a chroot in order to run pungi in. The chroot is > generated from the freshly made rawhide repos, which have the newer > sha256 sum in them. We need a newer yum and the python-hashlib build in > order for the host yum to be able to process that metadata and generate > the chroot. +1 Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From mmcgrath at redhat.com Wed Jan 28 21:58:26 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 28 Jan 2009 15:58:26 -0600 (CST) Subject: change request: python-hashlib install on fedorapeople.org and new yum In-Reply-To: <4980CE2B.2010002@gmail.com> References: <1233175355.14094.95.camel@rosebud> <4980CE2B.2010002@gmail.com> Message-ID: On Wed, 28 Jan 2009, Toshio Kuratomi wrote: > seth vidal wrote: > > in order to stop the rss feed generator from kvetching I'd like to > > install the new python-hashlib and new yum pkgs (from rhel 5.3) on > > fedorapeople. > > > > Can I get a couple of +1's? > > > Seems like this will only affect fedorapeople and it can be reverted by > downgrading the package if necessary. > > +1 > and technically fedorapeople isn't covered by the minor freeze so this one could go through without +1's. -Mike From mmcgrath at redhat.com Wed Jan 28 21:59:46 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Wed, 28 Jan 2009 15:59:46 -0600 (CST) Subject: change request: python-hashlib install on builders In-Reply-To: <1233179506.8363.241.camel@localhost.localdomain> References: <1233179506.8363.241.camel@localhost.localdomain> Message-ID: On Wed, 28 Jan 2009, Jesse Keating wrote: > Since the change on fedorapeople was a success, we need to make this > change on the builders as well. > > The problem is that when we create rawhide each night, we have random > builders create a chroot in order to run pungi in. The chroot is > generated from the freshly made rawhide repos, which have the newer > sha256 sum in them. We need a newer yum and the python-hashlib build in > order for the host yum to be able to process that metadata and generate > the chroot. > +1 low risk, easy to revert. Side question: Do we know what we're looking for if this breaks something? -Mike From skvidal at fedoraproject.org Wed Jan 28 22:05:35 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Wed, 28 Jan 2009 17:05:35 -0500 Subject: change request: python-hashlib install on builders In-Reply-To: References: <1233179506.8363.241.camel@localhost.localdomain> Message-ID: <1233180335.14094.103.camel@rosebud> On Wed, 2009-01-28 at 15:59 -0600, Mike McGrath wrote: > On Wed, 28 Jan 2009, Jesse Keating wrote: > > > Since the change on fedorapeople was a success, we need to make this > > change on the builders as well. > > > > The problem is that when we create rawhide each night, we have random > > builders create a chroot in order to run pungi in. The chroot is > > generated from the freshly made rawhide repos, which have the newer > > sha256 sum in them. We need a newer yum and the python-hashlib build in > > order for the host yum to be able to process that metadata and generate > > the chroot. > > > > +1 low risk, easy to revert. > > Side question: Do we know what we're looking for if this breaks something? the crowd of people screaming REGRESSION in rhel 5.3 bug reports? More or less anything completely hurky happening in mock is what to look out for. -sv From a.badger at gmail.com Wed Jan 28 22:07:59 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Wed, 28 Jan 2009 14:07:59 -0800 Subject: change request: python-hashlib install on builders In-Reply-To: <1233179506.8363.241.camel@localhost.localdomain> References: <1233179506.8363.241.camel@localhost.localdomain> Message-ID: <4980D73F.4050107@gmail.com> Jesse Keating wrote: > Since the change on fedorapeople was a success, we need to make this > change on the builders as well. > > The problem is that when we create rawhide each night, we have random > builders create a chroot in order to run pungi in. The chroot is > generated from the freshly made rawhide repos, which have the newer > sha256 sum in them. We need a newer yum and the python-hashlib build in > order for the host yum to be able to process that metadata and generate > the chroot. > So you need both yum and python-hashlib upgrades? -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From jkeating at redhat.com Wed Jan 28 22:13:10 2009 From: jkeating at redhat.com (Jesse Keating) Date: Wed, 28 Jan 2009 14:13:10 -0800 Subject: change request: python-hashlib install on builders In-Reply-To: <4980D73F.4050107@gmail.com> References: <1233179506.8363.241.camel@localhost.localdomain> <4980D73F.4050107@gmail.com> Message-ID: <1233180790.8363.243.camel@localhost.localdomain> On Wed, 2009-01-28 at 14:07 -0800, Toshio Kuratomi wrote: > Jesse Keating wrote: > > Since the change on fedorapeople was a success, we need to make this > > change on the builders as well. > > > > The problem is that when we create rawhide each night, we have random > > builders create a chroot in order to run pungi in. The chroot is > > generated from the freshly made rawhide repos, which have the newer > > sha256 sum in them. We need a newer yum and the python-hashlib build in > > order for the host yum to be able to process that metadata and generate > > the chroot. > > > So you need both yum and python-hashlib upgrades? > Yes. sha256 support lives in python-hashlib, and the updated yum handles such checksums, using the updated hashlib. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From skvidal at fedoraproject.org Wed Jan 28 22:15:43 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Wed, 28 Jan 2009 17:15:43 -0500 Subject: change request: python-hashlib install on builders In-Reply-To: <4980D73F.4050107@gmail.com> References: <1233179506.8363.241.camel@localhost.localdomain> <4980D73F.4050107@gmail.com> Message-ID: <1233180943.14094.104.camel@rosebud> On Wed, 2009-01-28 at 14:07 -0800, Toshio Kuratomi wrote: > Jesse Keating wrote: > > Since the change on fedorapeople was a success, we need to make this > > change on the builders as well. > > > > The problem is that when we create rawhide each night, we have random > > builders create a chroot in order to run pungi in. The chroot is > > generated from the freshly made rawhide repos, which have the newer > > sha256 sum in them. We need a newer yum and the python-hashlib build in > > order for the host yum to be able to process that metadata and generate > > the chroot. > > > So you need both yum and python-hashlib upgrades? > yum needs to update to the version from rhel 5.3 - 3.2.19 python-hashlib doesn't need an update - it just needs to be installed. -sv From jkeating at redhat.com Thu Jan 29 06:44:48 2009 From: jkeating at redhat.com (Jesse Keating) Date: Wed, 28 Jan 2009 22:44:48 -0800 Subject: change request: python-hashlib install on builders In-Reply-To: <1233179506.8363.241.camel@localhost.localdomain> References: <1233179506.8363.241.camel@localhost.localdomain> Message-ID: <1233211488.8363.265.camel@localhost.localdomain> On Wed, 2009-01-28 at 13:51 -0800, Jesse Keating wrote: > Since the change on fedorapeople was a success, we need to make this > change on the builders as well. This change did cause some fallout. The previous yum would not consider scriptlet (like %post) errors to be fatal. The new yum does. This matters because bash apparently has had a %post failure since December, both F11 and F10 builds it seems. Once the new yum was in place, no buildroot for F10 or F11 could init. This is quite bad. Instead of rolling back yum, I'm attempting to replace bash's %post that was in bash, and instead writing it in native lua. This will allow bash to complete its %post without any external deps. If this works, I'll create a F10 bash for dist-f10-override so that buildroots there will init as well. To get the build done, I've reverted yum on ppc10 and x86-2, and disabled every other builder. I'll re-enable things once we're able to reliably create buildroots. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From jkeating at redhat.com Thu Jan 29 08:05:41 2009 From: jkeating at redhat.com (Jesse Keating) Date: Thu, 29 Jan 2009 00:05:41 -0800 Subject: change request: python-hashlib install on builders In-Reply-To: <1233211488.8363.265.camel@localhost.localdomain> References: <1233179506.8363.241.camel@localhost.localdomain> <1233211488.8363.265.camel@localhost.localdomain> Message-ID: <1233216341.8363.267.camel@localhost.localdomain> On Wed, 2009-01-28 at 22:44 -0800, Jesse Keating wrote: > Instead of rolling back yum, I'm attempting to replace bash's %post that > was in bash, and instead writing it in native lua. This will allow bash > to complete its %post without any external deps. If this works, I'll > create a F10 bash for dist-f10-override so that buildroots there will > init as well. > > To get the build done, I've reverted yum on ppc10 and x86-2, and > disabled every other builder. I'll re-enable things once we're able to > reliably create buildroots. This was successful. I've got new f10 and f11 repos with a fixed bash, and all builders have been re-enabled with the new yum. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From skvidal at fedoraproject.org Thu Jan 29 13:55:19 2009 From: skvidal at fedoraproject.org (seth vidal) Date: Thu, 29 Jan 2009 08:55:19 -0500 Subject: change request: python-hashlib install on builders In-Reply-To: <1233216341.8363.267.camel@localhost.localdomain> References: <1233179506.8363.241.camel@localhost.localdomain> <1233211488.8363.265.camel@localhost.localdomain> <1233216341.8363.267.camel@localhost.localdomain> Message-ID: <1233237319.14094.105.camel@rosebud> On Thu, 2009-01-29 at 00:05 -0800, Jesse Keating wrote: > On Wed, 2009-01-28 at 22:44 -0800, Jesse Keating wrote: > > Instead of rolling back yum, I'm attempting to replace bash's %post that > > was in bash, and instead writing it in native lua. This will allow bash > > to complete its %post without any external deps. If this works, I'll > > create a F10 bash for dist-f10-override so that buildroots there will > > init as well. > > > > To get the build done, I've reverted yum on ppc10 and x86-2, and > > disabled every other builder. I'll re-enable things once we're able to > > reliably create buildroots. > > This was successful. I've got new f10 and f11 repos with a fixed bash, > and all builders have been re-enabled with the new yum. Thanks, Jesse. -sv From simon at zikula.org Thu Jan 29 15:52:28 2009 From: simon at zikula.org (Simon Birtwistle) Date: Thu, 29 Jan 2009 15:52:28 -0000 Subject: Introducing Myself Message-ID: <026601c98229$96f83a10$c4e8ae30$@org> All, Having just requested access to the sysadmin and sysadmin-test groups on FAS and on the advice of David Nalley I thought I should introduce myself. I have been working with the docs team over the last week on the possibility of running the Zikula Application Framework as the CMS behind docs.fedoraproject.org. I am a member of the board of the Zikula Software Foundation and the Zikula Steering Committee, and I have been acting as the lead in discussions about how to best address the needs of the docs project on their website, and the needs of the Fedora project at large. My name is Simon Birtwistle, and I'm currently located in Cambridge in the UK. I am in the final year of studying for a degree in Computer Science at Cambridge University, and providing all goes well I'll be graduating in June. I've used Fedora on and off for years and years, though despite thinking about it I never got around to contributing. Most of my time is taken up with the Zikula project, where my work with the Steering Committee involves project management and day to day organisation, but I'm hoping that I can combine my work there with useful work on the Fedora websites where it's helpful. Skills wise, I am mainly a web developer, as you'd expect, with a good knowledge of PHP and MySQL. I also have experience with Java as well as C# .NET and some other less well known languages from my degree course. I have also used Docbook in the past for Zikula project documentation, so I at least have a vague idea where the docs project are coming from. I'm hoping that I, and Zikula as a project, will be able to provide a big boost to the docs project's publishing workflow. Simon -------------- next part -------------- An HTML attachment was scrubbed... URL: From teb at zikula.nl Thu Jan 29 16:43:43 2009 From: teb at zikula.nl (Teb (Zikula NL)) Date: Thu, 29 Jan 2009 17:43:43 +0100 Subject: Introduction Teb (Zikula / Documentation project) Message-ID: <4981DCBF.8020905@zikula.nl> Hi all, I have just subscribed to both the fedora-infrastructure-list and the fedora-docs-list to keep you (and myself) updated about the documentation project. My name is Arjen Tebbenhof, 32 years old and currently employed at AMB-IT / ChampionChip in the Netherlands as a (web) software engineer. In this function, I maintain a backend-portal for our clients, and I am responsible for planning and implementation in this specific field (using PHP and an Oracle DBMS). Before this, I owned a company specialized in delivering CMS solutions, but that never really got lucrative enough to make a living :) I have a Bachelors Degree in Econometrics and Operations Research, at the Erasmus University Rotterdam, The Netherlands. I am the current maintainer of the packaging environment for the Zikula Application Framework for the last year or so. Besides that, I am the team leader of the Dutch Zikula Community for the last five years, and maintain all dutch translations for the project. I never really contributed any code to the project, but behaved more as a sidekick between developers and the users, mainly providing support. I have basic knowledge of *nix systems, but have better specialties in PHP OOP, Databases, CVS/SVN repositories and packaging. For the Documentation Project, I will assist Simon and the rest of the newly involved list members with the new Fedora Docs portal. And therefore have applied to the sysadmin and sysadmin-test groups. Arjen (aka Teb) From a.badger at gmail.com Thu Jan 29 16:41:42 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 29 Jan 2009 08:41:42 -0800 Subject: Introducing Myself In-Reply-To: <026601c98229$96f83a10$c4e8ae30$@org> References: <026601c98229$96f83a10$c4e8ae30$@org> Message-ID: <4981DC46.9010002@gmail.com> Simon Birtwistle wrote: > > Having just requested access to the sysadmin and sysadmin-test groups on > FAS and on the advice of David Nalley I thought I should introduce > myself. I have been working with the docs team over the last week on > the possibility of running the Zikula Application Framework as the CMS > behind docs.fedoraproject.org. I am a member of the board of the Zikula > Software Foundation and the Zikula Steering Committee, and I have been > acting as the lead in discussions about how to best address the needs of > the docs project on their website, and the needs of the Fedora project > at large. > Welcome Simon! Since I've been working with docs as part of my Packaging Committee duties, I'll sponsor you for infrastructure work. I'm abadger1999 on irc.freenode.net if you need any help. As a team, we tend to talk a lot in #fedora-admin, keeping each other up to date on happenings, socialising, etc. We also have weekly meetings in #fedora-meeting on Thursday at 20:00 UTC where we summarise the weeks goings on and identify things we need to work on more. > > I?m hoping that I, and Zikula as a project, will be able to provide a > big boost to the docs project?s publishing workflow. > It sounds like docs is ready to get a test instance up and running. If you can make the meeting today to give us an update (near the end we have an open discussion session) that would be great. If not, catch us in #fedora-admin and we'll make sure you have what you need to get setup. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From a.badger at gmail.com Thu Jan 29 17:19:04 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 29 Jan 2009 09:19:04 -0800 Subject: [Fwd: Re: CMS Option: Zikula] Message-ID: <4981E508.3040405@gmail.com> I sent this to the docs list when they started considering Zikula. Now that we're setting up a test instance and getting some people on the infrastructure team to work on it it seems like a good point in time to forward it here. -------- Original Message -------- Date: Fri, 23 Jan 2009 16:55:03 -0800 From: Toshio Kuratomi To: fedora-docs-list at redhat.com Paul W. Frields wrote: > I think we should also be considering the other major players in the > CMS game, if there are people available to deploy and maintain them. > Drupal and Joomla! immediately come to mind, the latter especially > because it actually has some DocBook XML support. Features aren't > particularly compelling, though, if we have no one around to help with > the maintenance. > One of the things I didn't know until I did some browsing around their website is that Zikula started off as PostNuke but that they changed the name in June. So they are a long term player in the CMS market. > None of this has any bearing on the quality of Zikula, which I'm sure > is excellent. > I was impressed by a few of the things I've learned since this morning :-) The answers to how proactive the security is was a nice change from the usual thoughts I've seen:: https://fedoraproject.org/wiki/Zikula_IRC_Chat_Interview#t12:20 Here's my naive search of cve.mitre.org for issues reported in 2008. Note that some people would say to exclude plugins from this but my view is that we're going to be running plugins as part of our deployment and we'll want to know if we can expand our capabilities by pulling in functionality via plugins without compromising security. So knowing this does a *little* towards understanding whether the Core provides an API for writing secure plugins and the plugin community is security minded as well as Core developers. And like I say, this is naive :-) 91 Joomla -- Lots of plugins a few in core 79 Drupal -- Lots of plugins a few in core 60 Wordpress -- Lots of plugins, a few in core 53 Mambo --Lots of plugins, at least one in core 4 zikula + postnuke -- 1 in Core, 3 in plugins 1 midgard 0 zikula 0 enano For reference, mediawiki, which we think has an acceptable security-to-benefit ratio had 8 vulnerabilities reported in 2008 using the same naive count. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From a.badger at gmail.com Thu Jan 29 17:37:36 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 29 Jan 2009 09:37:36 -0800 Subject: Introduction Teb (Zikula / Documentation project) In-Reply-To: <4981DCBF.8020905@zikula.nl> References: <4981DCBF.8020905@zikula.nl> Message-ID: <4981E960.5020209@gmail.com> Teb (Zikula NL) wrote: > Hi all, > Hi Teb! > I have just subscribed to both the fedora-infrastructure-list and the > fedora-docs-list to keep you (and myself) updated about the > documentation project. > Excellent. > I am the current maintainer of the packaging environment for the Zikula > Application Framework for the last year or so. Besides that, I am the > team leader of the Dutch Zikula Community for the last five years, and > maintain all dutch translations for the project. I never really > contributed any code to the project, but behaved more as a sidekick > between developers and the users, mainly providing support. I have basic > knowledge of *nix systems, but have better specialties in PHP OOP, > Databases, CVS/SVN repositories and packaging. > > For the Documentation Project, I will assist Simon and the rest of the > newly involved list members with the new Fedora Docs portal. And > therefore have applied to the sysadmin and sysadmin-test groups. > I've sponsored you into both groups. Welcome to the Infrastructure team! I'll give you the same spiel I gave to Simon earlier. I'm abadger1999 on irc.freenode.net if you need any help. Since I've been working with docs in my Packaging Committee role, it seems natural to work with you guys for the infrastructure/docs needs. The infrastructure team tends to talk a lot in #fedora-admin, keeping each other up to date on happenings, socialising, etc. We also have weekly meetings in #fedora-meeting on Thursday at 20:00 UTC where we summarise the weeks goings on and identify things we need to work on more. Simon is going to be at this week's meeting so we can get a feel for what Zikula needs, what we have to give, and how we want to run it in production. You're welcome to stop by too if the meeting time works for you. Otherwise, stop on by #fedora-admin anytime. You're a part of the team now so welcome aboard. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Thu Jan 29 17:51:55 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 29 Jan 2009 11:51:55 -0600 (CST) Subject: CSI (Security Policy) Message-ID: Hey all. I've placed our security policy CSI docs in a standard location now. Just a reminder: If you have shell access on any of our servers you need to be compliant with all of these rules by the end of March. Which should be plenty of time to get any oddities worked out. http://infrastructure.fedoraproject.org/csi/security-policy/en-US/ -Mike From david at gnsa.us Thu Jan 29 17:52:57 2009 From: david at gnsa.us (David Nalley) Date: Thu, 29 Jan 2009 12:52:57 -0500 Subject: Introduction Message-ID: Let me first apologize for what will inevitably be a stream of people introducing themselves for work on setting up Zikula. My name is David Nalley, and I am ke4qqq on IRC. Eric (sparks) has asked me to come work with the Zikula guys on getting things setup on Fedora's infrastructure. I work as a mainly Linux sysadmin in Liberty, SC and have done so for around 6-7 years now. The bulk of my work focusing on RHEL/CentOS 3-5. So as far as identifying what I want to work on, Ticket 1155 is I suppose my first priority, though I did tell Mike I'd volunteer to do some inventory-type stuff for him. I've applied for sysadmin and sysadmin-test for the time being. Let me know if there is more needed of me. From frankc.fedora at gmail.com Thu Jan 29 18:13:59 2009 From: frankc.fedora at gmail.com (Frank Chiulli) Date: Thu, 29 Jan 2009 10:13:59 -0800 Subject: CSI (Security Policy) In-Reply-To: References: Message-ID: On Thu, Jan 29, 2009 at 9:51 AM, Mike McGrath wrote: > Hey all. I've placed our security policy CSI docs in a standard location > now. Just a reminder: If you have shell access on any of our servers you > need to be compliant with all of these rules by the end of March. Which > should be plenty of time to get any oddities worked out. > > http://infrastructure.fedoraproject.org/csi/security-policy/en-US/ > > -Mike > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > Mike, This is probably nothing but there is a duplicate rule in your /etc/sysctl.conf. The line: net.ipv4.conf.all.accept_redirects = 0 appears twice. Frank From mmcgrath at redhat.com Thu Jan 29 18:21:33 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 29 Jan 2009 12:21:33 -0600 (CST) Subject: CSI (Security Policy) In-Reply-To: References: Message-ID: On Thu, 29 Jan 2009, Frank Chiulli wrote: > On Thu, Jan 29, 2009 at 9:51 AM, Mike McGrath wrote: > > Hey all. I've placed our security policy CSI docs in a standard location > > now. Just a reminder: If you have shell access on any of our servers you > > need to be compliant with all of these rules by the end of March. Which > > should be plenty of time to get any oddities worked out. > > > > http://infrastructure.fedoraproject.org/csi/security-policy/en-US/ > > > > -Mike > > > > _______________________________________________ > > Fedora-infrastructure-list mailing list > > Fedora-infrastructure-list at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > > > Mike, > This is probably nothing but there is a duplicate rule in your > /etc/sysctl.conf. The line: > > net.ipv4.conf.all.accept_redirects = 0 > > appears twice. > Thanks, fixed upstream and will be updated on the site soon. -Mike From paulo.banon at googlemail.com Thu Jan 29 18:21:31 2009 From: paulo.banon at googlemail.com (Paulo Santos) Date: Thu, 29 Jan 2009 19:21:31 +0100 Subject: CSI (Security Policy) In-Reply-To: References: Message-ID: <7a41c4bc0901291021vf9bd3eci26bb9fc51830f161@mail.gmail.com> Mike, Where can we send corrections to it ? Thanks, Paulo On Thu, Jan 29, 2009 at 7:13 PM, Frank Chiulli wrote: > On Thu, Jan 29, 2009 at 9:51 AM, Mike McGrath wrote: > > Hey all. I've placed our security policy CSI docs in a standard location > > now. Just a reminder: If you have shell access on any of our servers you > > need to be compliant with all of these rules by the end of March. Which > > should be plenty of time to get any oddities worked out. > > > > http://infrastructure.fedoraproject.org/csi/security-policy/en-US/ > > > > -Mike > > > > _______________________________________________ > > Fedora-infrastructure-list mailing list > > Fedora-infrastructure-list at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > > > Mike, > This is probably nothing but there is a duplicate rule in your > /etc/sysctl.conf. The line: > > net.ipv4.conf.all.accept_redirects = 0 > > appears twice. > > Frank > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mmcgrath at redhat.com Thu Jan 29 18:25:35 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 29 Jan 2009 12:25:35 -0600 (CST) Subject: CSI (Security Policy) In-Reply-To: <7a41c4bc0901291021vf9bd3eci26bb9fc51830f161@mail.gmail.com> References: <7a41c4bc0901291021vf9bd3eci26bb9fc51830f161@mail.gmail.com> Message-ID: On Thu, 29 Jan 2009, Paulo Santos wrote: > Mike, > > Where can we send corrections to it ? > To me directly or to the csi mailing list: https://fedorahosted.org/mailman/listinfo/csi-devel -Mike > > Thanks, > Paulo > > On Thu, Jan 29, 2009 at 7:13 PM, Frank Chiulli wrote: > On Thu, Jan 29, 2009 at 9:51 AM, Mike McGrath wrote: > > Hey all. ?I've placed our security policy CSI docs in a standard location > > now. ?Just a reminder: If you have shell access on any of our servers you > > need to be compliant with all of these rules by the end of March. ?Which > > should be plenty of time to get any oddities worked out. > > > > http://infrastructure.fedoraproject.org/csi/security-policy/en-US/ > > > > ? ? ? ?-Mike > > > > _______________________________________________ > > Fedora-infrastructure-list mailing list > > Fedora-infrastructure-list at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > > > Mike, > This is probably nothing but there is a duplicate rule in your > /etc/sysctl.conf. ?The line: > > net.ipv4.conf.all.accept_redirects = 0 > > appears twice. > > Frank > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list > > > > From a.badger at gmail.com Thu Jan 29 20:51:49 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 29 Jan 2009 12:51:49 -0800 Subject: Introduction In-Reply-To: References: Message-ID: <498216E5.8030705@gmail.com> David Nalley wrote: > Let me first apologize for what will inevitably be a stream of people > introducing themselves for work on setting up Zikula. > > My name is David Nalley, and I am ke4qqq on IRC. Eric (sparks) has > asked me to come work with the Zikula guys on getting things setup on > Fedora's infrastructure. > I work as a mainly Linux sysadmin in Liberty, SC and have done so for > around 6-7 years now. The bulk of my work focusing on RHEL/CentOS 3-5. > > So as far as identifying what I want to work on, Ticket 1155 is I > suppose my first priority, though I did tell Mike I'd volunteer to do > some inventory-type stuff for him. > > I've applied for sysadmin and sysadmin-test for the time being. > > Let me know if there is more needed of me. > I'll sponsor you David. So you, itbegins, and teb seem to be our maintainers for the CMS. I've updated ticket #1155 with the notes for moving forward that we generated in the meeting today. Feel free to contact me if you need any help. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From smooge at gmail.com Fri Jan 30 00:39:15 2009 From: smooge at gmail.com (Stephen John Smoogen) Date: Thu, 29 Jan 2009 17:39:15 -0700 Subject: [Fwd: Re: CMS Option: Zikula] In-Reply-To: <4981E508.3040405@gmail.com> References: <4981E508.3040405@gmail.com> Message-ID: <80d7e4090901291639i279f149ld5725ff8f8eec1a9@mail.gmail.com> 2009/1/29 Toshio Kuratomi : > I sent this to the docs list when they started considering Zikula. Now > that we're setting up a test instance and getting some people on the > infrastructure team to work on it it seems like a good point in time to > forward it here. > > -------- Original Message -------- > Date: Fri, 23 Jan 2009 16:55:03 -0800 > From: Toshio Kuratomi > To: fedora-docs-list at redhat.com > > Paul W. Frields wrote: >> I think we should also be considering the other major players in the >> CMS game, if there are people available to deploy and maintain them. >> Drupal and Joomla! immediately come to mind, the latter especially >> because it actually has some DocBook XML support. Features aren't >> particularly compelling, though, if we have no one around to help with >> the maintenance. >> > One of the things I didn't know until I did some browsing around their > website is that Zikula started off as PostNuke but that they changed the > name in June. So they are a long term player in the CMS market. > >> None of this has any bearing on the quality of Zikula, which I'm sure >> is excellent. >> > I was impressed by a few of the things I've learned since this morning > :-) The answers to how proactive the security is was a nice change from > the usual thoughts I've seen:: > https://fedoraproject.org/wiki/Zikula_IRC_Chat_Interview#t12:20 > > Here's my naive search of cve.mitre.org for issues reported in 2008. > Note that some people would say to exclude plugins from this but my view > is that we're going to be running plugins as part of our deployment and > we'll want to know if we can expand our capabilities by pulling in > functionality via plugins without compromising security. So knowing > this does a *little* towards understanding whether the Core provides an > API for writing secure plugins and the plugin community is security > minded as well as Core developers. And like I say, this is naive :-) > > 91 Joomla -- Lots of plugins a few in core > 79 Drupal -- Lots of plugins a few in core > 60 Wordpress -- Lots of plugins, a few in core > 53 Mambo --Lots of plugins, at least one in core > 4 zikula + postnuke -- 1 in Core, 3 in plugins That sounds awfully low for Postnuke. Doing a quick google search of postnuke security fixes and just looking at different releases.. there should be about 20 with some amount in core and a lot in plugins. My information about the current state of PostNuke is not good. I am betting that they are doing a lot more for security but a number of 4 problems just was too low for the amount of systems I have had to 'clean' since 2002. -- Stephen J Smoogen. -- BSD/GNU/Linux How far that little candle throws his beams! So shines a good deed in a naughty world. = Shakespeare. "The Merchant of Venice" From a.badger at gmail.com Fri Jan 30 01:44:56 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Thu, 29 Jan 2009 17:44:56 -0800 Subject: [Fwd: Re: CMS Option: Zikula] In-Reply-To: <80d7e4090901291639i279f149ld5725ff8f8eec1a9@mail.gmail.com> References: <4981E508.3040405@gmail.com> <80d7e4090901291639i279f149ld5725ff8f8eec1a9@mail.gmail.com> Message-ID: <49825B98.5050304@gmail.com> Stephen John Smoogen wrote: > 2009/1/29 Toshio Kuratomi : >> I sent this to the docs list when they started considering Zikula. Now >> that we're setting up a test instance and getting some people on the >> infrastructure team to work on it it seems like a good point in time to >> forward it here. >> >> -------- Original Message -------- >> Date: Fri, 23 Jan 2009 16:55:03 -0800 >> From: Toshio Kuratomi >> To: fedora-docs-list at redhat.com >> >> Paul W. Frields wrote: >>> I think we should also be considering the other major players in the >>> CMS game, if there are people available to deploy and maintain them. >>> Drupal and Joomla! immediately come to mind, the latter especially >>> because it actually has some DocBook XML support. Features aren't >>> particularly compelling, though, if we have no one around to help with >>> the maintenance. >>> >> One of the things I didn't know until I did some browsing around their >> website is that Zikula started off as PostNuke but that they changed the >> name in June. So they are a long term player in the CMS market. >> >>> None of this has any bearing on the quality of Zikula, which I'm sure >>> is excellent. >>> >> I was impressed by a few of the things I've learned since this morning >> :-) The answers to how proactive the security is was a nice change from >> the usual thoughts I've seen:: >> https://fedoraproject.org/wiki/Zikula_IRC_Chat_Interview#t12:20 >> >> Here's my naive search of cve.mitre.org for issues reported in 2008. >> Note that some people would say to exclude plugins from this but my view >> is that we're going to be running plugins as part of our deployment and >> we'll want to know if we can expand our capabilities by pulling in >> functionality via plugins without compromising security. So knowing >> this does a *little* towards understanding whether the Core provides an >> API for writing secure plugins and the plugin community is security >> minded as well as Core developers. And like I say, this is naive :-) >> >> 91 Joomla -- Lots of plugins a few in core >> 79 Drupal -- Lots of plugins a few in core >> 60 Wordpress -- Lots of plugins, a few in core >> 53 Mambo --Lots of plugins, at least one in core >> 4 zikula + postnuke -- 1 in Core, 3 in plugins > > That sounds awfully low for Postnuke. Doing a quick google search of > postnuke security fixes and just looking at different releases.. there > should be about 20 with some amount in core and a lot in plugins. My > information about the current state of PostNuke is not good. I am > betting that they are doing a lot more for security but a number of 4 > problems just was too low for the amount of systems I have had to > 'clean' since 2002. > Is that 20 for 2008? -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Fri Jan 30 04:43:15 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Thu, 29 Jan 2009 22:43:15 -0600 (CST) Subject: [Fwd: Re: CMS Option: Zikula] In-Reply-To: <80d7e4090901291639i279f149ld5725ff8f8eec1a9@mail.gmail.com> References: <4981E508.3040405@gmail.com> <80d7e4090901291639i279f149ld5725ff8f8eec1a9@mail.gmail.com> Message-ID: On Thu, 29 Jan 2009, Stephen John Smoogen wrote: > > That sounds awfully low for Postnuke. Doing a quick google search of > postnuke security fixes and just looking at different releases.. there > should be about 20 with some amount in core and a lot in plugins. My > information about the current state of PostNuke is not good. I am > betting that they are doing a lot more for security but a number of 4 > problems just was too low for the amount of systems I have had to > 'clean' since 2002. > > :( We haven't even installed it yet and the honeymoon is over? Just curious, what kind of problems did you have? Script kiddies or targeted attacks? We have options with mod_security as well. I do want to make sure we have ourselves covered. -Mike From kanarip at kanarip.com Fri Jan 30 06:43:18 2009 From: kanarip at kanarip.com (Jeroen van Meeuwen) Date: Fri, 30 Jan 2009 07:43:18 +0100 Subject: Introduction Teb (Zikula / Documentation project) In-Reply-To: <4981DCBF.8020905@zikula.nl> References: <4981DCBF.8020905@zikula.nl> Message-ID: <4982A186.6050205@kanarip.com> Teb (Zikula NL) wrote: > Hi all, > > I have just subscribed to both the fedora-infrastructure-list and the > fedora-docs-list to keep you (and myself) updated about the > documentation project. > Hello Arjen, good to hear we have another Dutchman on board ;-) Welkom! Kind regards, Jeroen van Meeuwen -the Other Dutchman From simon at zikula.org Fri Jan 30 08:38:33 2009 From: simon at zikula.org (Simon Birtwistle) Date: Fri, 30 Jan 2009 08:38:33 -0000 Subject: [Fwd: Re: CMS Option: Zikula] In-Reply-To: References: <4981E508.3040405@gmail.com> <80d7e4090901291639i279f149ld5725ff8f8eec1a9@mail.gmail.com> Message-ID: <000001c982b6$242c6dc0$6c854940$@org> > > That sounds awfully low for Postnuke. Doing a quick google search of > > postnuke security fixes and just looking at different releases.. > there > > should be about 20 with some amount in core and a lot in plugins. My > > information about the current state of PostNuke is not good. I am > > betting that they are doing a lot more for security but a number of 4 > > problems just was too low for the amount of systems I have had to > > 'clean' since 2002. 2002 was a _very_ long time ago in PostNuke development - though I accept there are some sites on the web that haven't been updated since then. I can safely say there is virtually 0 lines of code left from 2002. If you must include PostNuke, please do so only for the .760 version and above - all prior versions bear absolutely no resemblance to the current codebase at all, even .760 is only 25% like Zikula. Having been closely involved with the project for almost 7 years, I can say that the figures above are certainly accurate for 2008, and you won't see many more in 2007 either. All the security advisories I have seen were for legacy code which has been completely removed from Zikula now. As I've said before, Zikula 1.0 has been reviewed both by automatic security tools (which gave Zikula a very favourable report compared to the competition) and by a security expert who has reported many security vulnerabilities in PHP CMSs over the years - and he didn't find any of the usual vulnerabilities like SQL injections. I'd also encourage anyone with a knowledge of PHP to take a look at the code. You'll see the culture of using the APIs is incredibly well spread to our extension developers, so that no one makes direct access to GET and POST, our database library automatically cleans variables before SQL queries and we have both input and output filters against XSS. Finally, we also have some advanced features like form tokens (to protect against CSRF), cookie signing, session regeneration etc that I haven't seen in (m)any other CMSs at all. Seriously, I can accept that PostNuke in the dim and distant past had its issues, mainly due to its heritage, but I can't remember the last time I saw a vulnerability in any API compliant modules or the non-legacy parts of the core itself. Zikula has had 0 since its release almost 8 months ago. > > :( We haven't even installed it yet and the honeymoon is over? Just > curious, what kind of problems did you have? Script kiddies or > targeted > attacks? > > We have options with mod_security as well. I do want to make sure we > have > ourselves covered. From a.badger at gmail.com Fri Jan 30 21:46:22 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 30 Jan 2009 13:46:22 -0800 Subject: Change Request -- mediawiki auth plugin Message-ID: <4983752E.2030507@gmail.com> The Mediawiki auth plugin has to contact admin.fedoraproject.org in order to lookup the users and verify their passwords. It's using curl to do so. One of the options being given to curl is the following: # This is only required because of the wildcard cert on pt10 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); That turns off verifying the host via SSL. From the comment it appears to only be needed with the test FAS server. I'd like to comment this line out. This is a flaw that potentially opens us to a DNS spoofing attack to compromise authentication. Luckily for us, there is a problem with routing to admin.fedoraproject.org within PHX so we have an /etc/hosts entry for admin.fp.o that directs the wiki to use an internal IP address. That means for this flaw to affect us, someone would have to compromise the /etc/hosts files rather than a DNS server. So we should fix this but compromising it is not as easy. If this fails, we will see authentication failures when we try to login to the wiki and can revert. Can I get a couple +1's? -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From ricky at fedoraproject.org Fri Jan 30 21:55:39 2009 From: ricky at fedoraproject.org (Ricky Zhou) Date: Fri, 30 Jan 2009 16:55:39 -0500 Subject: Change Request -- mediawiki auth plugin In-Reply-To: <4983752E.2030507@gmail.com> References: <4983752E.2030507@gmail.com> Message-ID: <20090130215539.GC22067@sphe.res.cmu.edu> On 2009-01-30 01:46:22 PM, Toshio Kuratomi wrote: > If this fails, we will see authentication failures when we try to login > to the wiki and can revert. > > Can I get a couple +1's? +1, thanks for catching this. Thanks, Ricky -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From jeff at ocjtech.us Fri Jan 30 22:18:16 2009 From: jeff at ocjtech.us (Jeffrey Ollie) Date: Fri, 30 Jan 2009 16:18:16 -0600 Subject: Change Request -- mediawiki auth plugin In-Reply-To: <4983752E.2030507@gmail.com> References: <4983752E.2030507@gmail.com> Message-ID: <935ead450901301418j623cab26gb9ffece0db6f28ac@mail.gmail.com> 2009/1/30 Toshio Kuratomi : > The Mediawiki auth plugin has to contact admin.fedoraproject.org in > order to lookup the users and verify their passwords. It's using curl > to do so. One of the options being given to curl is the following: > > # This is only required because of the wildcard cert on pt10 > curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); > > That turns off verifying the host via SSL. From the comment it appears > to only be needed with the test FAS server. I'd like to comment this > line out. > > Can I get a couple +1's? +1 -- Jeff Ollie "You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe." -- Marcus to Franklin in Babylon 5: "A Late Delivery from Avalon" From a.badger at gmail.com Fri Jan 30 23:38:15 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 30 Jan 2009 15:38:15 -0800 Subject: Change Request -- mediawiki auth plugin In-Reply-To: <4983752E.2030507@gmail.com> References: <4983752E.2030507@gmail.com> Message-ID: <49838F67.10004@gmail.com> Toshio Kuratomi wrote: > The Mediawiki auth plugin has to contact admin.fedoraproject.org in > order to lookup the users and verify their passwords. It's using curl > to do so. One of the options being given to curl is the following: > > # This is only required because of the wildcard cert on pt10 > curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); > > That turns off verifying the host via SSL. From the comment it appears > to only be needed with the test FAS server. I'd like to comment this > line out. > > This is a flaw that potentially opens us to a DNS spoofing attack to > compromise authentication. Luckily for us, there is a problem with > routing to admin.fedoraproject.org within PHX so we have an /etc/hosts > entry for admin.fp.o that directs the wiki to use an internal IP > address. That means for this flaw to affect us, someone would have to > compromise the /etc/hosts files rather than a DNS server. So we should > fix this but compromising it is not as easy. > > If this fails, we will see authentication failures when we try to login > to the wiki and can revert. > After looking at this a little more with G, there's two settings to toggle: CURLOPT_SSL_VERIFYPEER CURLOPT_SSL_VERIFYHOST They're both set to off right now and I'd like to turn them both back on. Tested with a small php script that turning them on doesn't interfere with retrieving data. > Can I get a couple +1's? -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From mmcgrath at redhat.com Fri Jan 30 23:45:14 2009 From: mmcgrath at redhat.com (Mike McGrath) Date: Fri, 30 Jan 2009 17:45:14 -0600 (CST) Subject: Change Request -- mediawiki auth plugin In-Reply-To: <49838F67.10004@gmail.com> References: <4983752E.2030507@gmail.com> <49838F67.10004@gmail.com> Message-ID: On Fri, 30 Jan 2009, Toshio Kuratomi wrote: > Toshio Kuratomi wrote: > > The Mediawiki auth plugin has to contact admin.fedoraproject.org in > > order to lookup the users and verify their passwords. It's using curl > > to do so. One of the options being given to curl is the following: > > > > # This is only required because of the wildcard cert on pt10 > > curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); > > > > That turns off verifying the host via SSL. From the comment it appears > > to only be needed with the test FAS server. I'd like to comment this > > line out. > > > > This is a flaw that potentially opens us to a DNS spoofing attack to > > compromise authentication. Luckily for us, there is a problem with > > routing to admin.fedoraproject.org within PHX so we have an /etc/hosts > > entry for admin.fp.o that directs the wiki to use an internal IP > > address. That means for this flaw to affect us, someone would have to > > compromise the /etc/hosts files rather than a DNS server. So we should > > fix this but compromising it is not as easy. > > > > If this fails, we will see authentication failures when we try to login > > to the wiki and can revert. > > > After looking at this a little more with G, there's two settings to toggle: > > CURLOPT_SSL_VERIFYPEER > CURLOPT_SSL_VERIFYHOST > > They're both set to off right now and I'd like to turn them both back > on. Tested with a small php script that turning them on doesn't > interfere with retrieving data. > > > Can I get a couple +1's? > +1 from me. -Mike From nigjones at redhat.com Fri Jan 30 23:45:55 2009 From: nigjones at redhat.com (Nigel Jones) Date: Fri, 30 Jan 2009 18:45:55 -0500 (EST) Subject: Change Request -- mediawiki auth plugin In-Reply-To: <49838F67.10004@gmail.com> Message-ID: <12010200.601233359224689.JavaMail.njones@njones> +1 IIRC we needed this at the time of deployment (was it before the wildcard?), but it certainly seems to not be an issue now. - Nigel ----- "Toshio Kuratomi" wrote: > Toshio Kuratomi wrote: > > The Mediawiki auth plugin has to contact admin.fedoraproject.org in > > order to lookup the users and verify their passwords. It's using > curl > > to do so. One of the options being given to curl is the following: > > > > # This is only required because of the wildcard cert on pt10 > > curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); > > > > That turns off verifying the host via SSL. From the comment it > appears > > to only be needed with the test FAS server. I'd like to comment > this > > line out. > > > > This is a flaw that potentially opens us to a DNS spoofing attack > to > > compromise authentication. Luckily for us, there is a problem with > > routing to admin.fedoraproject.org within PHX so we have an > /etc/hosts > > entry for admin.fp.o that directs the wiki to use an internal IP > > address. That means for this flaw to affect us, someone would have > to > > compromise the /etc/hosts files rather than a DNS server. So we > should > > fix this but compromising it is not as easy. > > > > If this fails, we will see authentication failures when we try to > login > > to the wiki and can revert. > > > After looking at this a little more with G, there's two settings to > toggle: > > CURLOPT_SSL_VERIFYPEER > CURLOPT_SSL_VERIFYHOST > > They're both set to off right now and I'd like to turn them both back > on. Tested with a small php script that turning them on doesn't > interfere with retrieving data. > > > Can I get a couple +1's? > > -Toshio > > > _______________________________________________ > Fedora-infrastructure-list mailing list > Fedora-infrastructure-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list From a.badger at gmail.com Fri Jan 30 23:42:20 2009 From: a.badger at gmail.com (Toshio Kuratomi) Date: Fri, 30 Jan 2009 15:42:20 -0800 Subject: Change Request -- mediawiki auth plugin In-Reply-To: <20090130215539.GC22067@sphe.res.cmu.edu> References: <4983752E.2030507@gmail.com> <20090130215539.GC22067@sphe.res.cmu.edu> Message-ID: <4983905C.70901@gmail.com> Ricky Zhou wrote: > On 2009-01-30 01:46:22 PM, Toshio Kuratomi wrote: >> If this fails, we will see authentication failures when we try to login >> to the wiki and can revert. >> >> Can I get a couple +1's? > +1, thanks for catching this. > Thanks go to the newly added docs guys :-) itbegins, sparks, and ke4qqq are the three that caught it while porting the mediawiki auth plugin to work with zikula. -Toshio -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP digital signature URL: From jkeating at redhat.com Sat Jan 31 20:14:39 2009 From: jkeating at redhat.com (Jesse Keating) Date: Sat, 31 Jan 2009 12:14:39 -0800 Subject: /releases/10/Everything: several packages changed In-Reply-To: <20090131181012.GA3721@victor.nirvana> References: <20090131181012.GA3721@victor.nirvana> Message-ID: <1233432879.3650.387.camel@localhost.localdomain> On Sat, 2009-01-31 at 20:10 +0200, Axel Thimm wrote: > a current rsync shows that thousands of files have been changed in the > last week. This is not expected as /releases/ is considered to only > change for the release day and then never again. > > The files have a date of Jan 23rd. Although I don't have a copy to > compare with looking at the internal date it looks like the files have > just been `touch'ed (but I only checked a coupl of the 2000+ changed > ones). Could someone bring back the old dates to make it consistent > again? Thanks! Hrm, there was no action on my part to touch everything, so I'll have to do some investigation into what's going on. Looking on the server, all the files in releases/10/Everything/i386/os/Packages/ have varying timestamps, but I do indeed see some things with a stamp as new as Jan 22. Its certainly not every file, but I'm still not quite finding any commonality in my brief looking. More investigation to follow. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From jkeating at redhat.com Sat Jan 31 20:21:47 2009 From: jkeating at redhat.com (Jesse Keating) Date: Sat, 31 Jan 2009 12:21:47 -0800 Subject: /releases/10/Everything: several packages changed In-Reply-To: <1233432879.3650.387.camel@localhost.localdomain> References: <20090131181012.GA3721@victor.nirvana> <1233432879.3650.387.camel@localhost.localdomain> Message-ID: <1233433307.3650.391.camel@localhost.localdomain> On Sat, 2009-01-31 at 12:14 -0800, Jesse Keating wrote: > Hrm, there was no action on my part to touch everything, so I'll have to > do some investigation into what's going on. > > Looking on the server, all the files in > releases/10/Everything/i386/os/Packages/ have varying timestamps, but I > do indeed see some things with a stamp as new as Jan 22. Its certainly > not every file, but I'm still not quite finding any commonality in my > brief looking. More investigation to follow. > I take that back. This happened when I was trying to pre-stage some 11-Alpha content. I misread/misunderstood what --size-only option would do, in relation to --link-dest. I was trying to link 11-Alpha packages to the same ones found in /pub/fedora/linux/releases/development/. However these that were touched were packages that were in development/ that hadn't changed since the F10 release. --size-only seems to have updated the timestamps on these files to match something that was going on with my compose output I was trying to sync in. This was certainly unexpected, and repairing this is going to be... interesting. I need to investigate why my compose hosts are creating a timestamp on these files when they shouldn't be. Sorry for the churn! -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From jkeating at redhat.com Sat Jan 31 20:25:01 2009 From: jkeating at redhat.com (Jesse Keating) Date: Sat, 31 Jan 2009 12:25:01 -0800 Subject: /releases/10/Everything: several packages changed In-Reply-To: <1233433307.3650.391.camel@localhost.localdomain> References: <20090131181012.GA3721@victor.nirvana> <1233432879.3650.387.camel@localhost.localdomain> <1233433307.3650.391.camel@localhost.localdomain> Message-ID: <1233433501.3650.392.camel@localhost.localdomain> On Sat, 2009-01-31 at 12:21 -0800, Jesse Keating wrote: > I misread/misunderstood what --size-only option would > do, in relation to --link-dest Actually it may have nothing to do with --size-only, that may have just been my clue that something was wrong. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: From jkeating at redhat.com Sat Jan 31 21:58:28 2009 From: jkeating at redhat.com (Jesse Keating) Date: Sat, 31 Jan 2009 13:58:28 -0800 Subject: /releases/10/Everything: several packages changed In-Reply-To: <1233433307.3650.391.camel@localhost.localdomain> References: <20090131181012.GA3721@victor.nirvana> <1233432879.3650.387.camel@localhost.localdomain> <1233433307.3650.391.camel@localhost.localdomain> Message-ID: <1233439108.3650.395.camel@localhost.localdomain> On Sat, 2009-01-31 at 12:21 -0800, Jesse Keating wrote: > This was certainly unexpected, and repairing this is going to be... > interesting. > Through some fun work with /sbin/hardlink I got a lot of the packages fixed up. There are some more that aren't quite right, due to the development tree having moved on, so I'll have to fix this individually. -- Jesse Keating Fedora -- Freedom? is a feature! identi.ca: http://identi.ca/jkeating -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: