| Line 8: | Line 8: | ||
Contributing Writer: HuzaifaSidhpurwala | Contributing Writer: HuzaifaSidhpurwala | ||
== | == So everyone is aware == | ||
Mike McGrath writes for fedora-infrastructure-list [1] | |||
This is the first notice when came out to the community that there will be outages and a lot of the servers are being rebuild. Mike pointed to the mail on fedora-announce-list [2] | |||
[1] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00108.html | |||
[ | [2] http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00008.html | ||
=== securing FAS certs === | |||
Toshio Kuratomi writes for fedora-infrastructure-list [3] | |||
The | The Fedora Certificates issued by FAS are currently set to be autogenerated if you have an account in FAS. This has one drawback. We have to keep the password for the CA keys that sign the FAS certificates in a file on the filesystem so that the automatic signing can use them. | ||
Toshio suggested that we use a system which utilizes human interaction to sign the certs. | |||
[3] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00122.html | |||
== FAS authentication for Red Hat bugzilla == | == FAS authentication for Red Hat bugzilla == | ||
Revision as of 03:18, 25 August 2008
Infrastructure
This section contains the discussion happening on the fedora-infrastructure-list
http://fedoraproject.org/wiki/Infrastructure
Contributing Writer: HuzaifaSidhpurwala
So everyone is aware
Mike McGrath writes for fedora-infrastructure-list [1]
This is the first notice when came out to the community that there will be outages and a lot of the servers are being rebuild. Mike pointed to the mail on fedora-announce-list [2]
[1] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00108.html
[2] http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00008.html
securing FAS certs
Toshio Kuratomi writes for fedora-infrastructure-list [3]
The Fedora Certificates issued by FAS are currently set to be autogenerated if you have an account in FAS. This has one drawback. We have to keep the password for the CA keys that sign the FAS certificates in a file on the filesystem so that the automatic signing can use them.
Toshio suggested that we use a system which utilizes human interaction to sign the certs.
[3] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00122.html
FAS authentication for Red Hat bugzilla
Rahul Sundaram writes for fedora-infrastructure-list [4]
Rahul asked if configuring FAS Auth for Red Hat bugzilla was possible. At which Mike replies saying that it was not our call, and Red Hat will need to decide that.
[4] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00039.html
RFC: script to run sqlalchemy migrations on the db
Toshio Kuratomi writes for fedora-infrastructure-list [5]
FAS started using the python-migrate package to update its db. This is a good thing for third-parties that want to install their own FAS server as it lets us ship the database changes in a way that is easy for those users to apply to their own production databases.
However, it doesn't work very well in our particular environment because we're a bit more strict about our permissions than the migrate authors envision. In order to perform migrations, you need to have a user that can modify the schema for the db. This is either the owner of the db or the superuser. In our setup, we create the db with the superuser and then run our web apps with another user. This prevents the normal web app from modifying the db schema. Toshio proposed a couple of solutions to this.
[5] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00059.html