Infrastructure/Meetings/2007-02-22

= Meeting of 2007-02-22 =


 * Time shown in EST

14:59 Yo, we about ready to have a meeting? 15:00 * mdomsch here 15:00 * jcollie here 15:00 mmcgrath, thanks for setting up publictest7 for me again 15:01 mdomsch: I just hope it doesn't disappear again 15:01 abadger1999, dgilmore, skvidal: ping? 15:02 * daMaestro here 15:02 yes? 15:02 pong 15:02 mmcgrath: sup 15:02 Ready for a meeting? 15:03 If its just the same with everyone I'd prefer to keep this meeting short so we can focus on buildsys and wiki topics, any objections? 15:03 * jcollie is ALWAYS ready for a meeting ;) 15:03 no objection 15:03 < CodeX> hi 15:03 Cool deal. 15:03 I object! 15:03 So I'll start on the wiki - The upgrade went ok.  We are actually running proxy1 -> app1, proxy2 -> app2. 15:03 okay, no really, I'm just fucking with you 15:03 la la 15:03 skvidal! 15:04 :) 15:04 please, continue 15:04 app1 has app2 mounted via NFS. 15:04 The thing is actually working. 15:04 We are starting to run into performance issues though, I don't know if you guys have saved a page on the wiki in a while, it takes time. 15:04 20-30 seconds. 15:04 The moin guys seem to think this is because of how many users we have. 15:04 When deciding who to email, it has to grep over all the user files to see who's watching that page. 15:05 mmcgrath: :( 15:05 mmcgrath: so we need to delete people? 15:05 We have options, but thats what we think is happening there. 15:05 skvidal: not sure. 15:05 I mean, 20-30 seconds isn't THAT long, but think about it. If someone wanted to DDOS the site, just script an add of a bunch of users. 15:06 do the moin people have any alternative user stores? 15:06 or can we store the user pages in a hashed subdir, for example? 15:06 also the kindofblue theme has some issues with the new wiki, I'm working on that.  glezos created a new CSS that fixed some issues and generally looks nicer. 15:06 or maybe on a local path? 15:06 One of theme was talking about a way to create a user cache 15:06 But that was right before this meeting so we haven't discussed it much further. 15:07 -!- Netsplit orwell.freenode.net <-> irc.freenode.net quits: c4chris 15:08 looks like we've got 8510 users. 15:08 they said the ubuntu guys have the same issue. 15:08 < CodeX> How to make a successfull connection from FC6 to MSSQL  15:08 CodeX you want #fedora, we're having an infrastructure meeting right now. 15:08 dgilmore: whats the word on koji? 15:08 f13: ping as well 15:09 sorry, was in another meeting. 15:09 mmcgrath: things are moving f13 got koji through review 15:09 it passed package review, but I'm reluctant to build it until we get some test deployments going. 15:09 we need to add ssl auth before we can do to much with koji 15:10 we have our test box up 15:10 Are we going to let apache do that or koji? 15:10 are we going to re-use the ssl certs that we've been using for plague? 15:10 mmcgrath: it needs added to koji 15:10 jcollie: thats the plan 15:10 k 15:11 we need to change the default config  location 15:11 mikem23: any of your guys done any ssl auth stuff yet? 15:13 dgilmore: are we blocked until that gets done? 15:13 mmcgrath: until then we can do very minimal testing 15:13 -!- Netsplit over, joins: c4chris 15:14 k 15:14 FC-5 doesnt have all the requirements  so im going to yum update the FC-5 builder to FC-6 15:14 k 15:14 So aside from the auth stuff, anything to report? 15:15 not yet. we are making progress 15:15 i need to sit down with abadger1999 and work out how to sysnc packagedb to kojidb 15:15 15:15 yeah. 15:15 abadger1999: speaking of which, how's it going? Sounds like you've been working magic. 15:15 we need a fudcon chicago :) 15:16 Yep :-) I've been busy on the packagedb 15:16 Any feedback from it? 15:16 The front end (from user input => db) is almost complete. 15:16 People say looks cool but not too much else yet. 15:16 abadger1999: id like to see somewhere what all i own 15:17 dgilmore: That's a good idea. 15:17 I'll add that to the ROADMAP. 15:17 bbiab 15:17 Let's see -- I've one more feature to add (owner ability to approve acls) 15:17 All, if you have time, take a look - https://admin.fedoraproject.org/pkgdb/ 15:18 Then I have to work with notting, sopwith, et al to implement syncing of ACLs, notification and bugzilla. 15:18 Unless I'm missing something, we should then be able to get rid of owners.list. 15:18 That'd be awesome. 15:19 or at least generate owners.list from the database. 15:19 Has notting had a chance to look at this? 15:19 I talked briefly with him today. I don't think he's had much chance to look. 15:19 * mmcgrath pings notting 15:20 -!- notting [i=notting@redhat/notting] has joined #fedora-admin 15:20 back 15:20 notting: we're talking about the package database. Have you had a chance to take a look? 15:20 https://admin.fedoraproject.org/pkgdb/ 15:21 i looked a few weeks ago 15:21 notting: look now 15:21 He's done a lot of good work over the last couple of days. 15:21 I think it's a lot different 15:21 abadger1999: can you give him a roundup of what the status is. 15:22 abadger1999: one minor suggestion 15:22 pleeease, can i search by name :) 15:22 Users can request acls and notification through the interface. 15:22 notting: Username or package name? 15:22 in the 'browse all packages view' would it be possible to make the top item alphabets - not numbers? 15:22 (Both are necessary) 15:22 abadger1999: package name 15:23 skvidal: Not easy easy. But it does need to be done. 15:23 I'm using the turbogears paginate decorator to generate that. 15:23 what is 'checkout' perms? 15:23 It's just taking a select list from the db and limiting it to a range of packages (1-100, 100-200, etc) 15:24 notting: For embargoed packages we're going to want to limit who can checkout a package. 15:24 I'm thinking of hiding both checkout perm and build perm on the F7 rollout. 15:24 we don't have embargoes 15:24 (checkout because there should be very few packages that apply - build because we have to integrate that with koji) 15:25 It was on the list of requested features for the new VCS and packagedb. 15:25 So security updates can be hidden. 15:25 yeah, just not sure if we actually need it 15:25 k. 15:25 i'm not too keen on delegating approveacls to others 15:25 Well it's in the db but I'll hide it from end user view for now. 15:26 notting: That' done now, thogh. 15:26 what's the interface for approving people who want to be added to the package? 15:26 Co-maintainership is the ability to approve acls for others. 15:27 Requestor clicks button to get an acl row added to the pkgdb interface. Checks "commits" 15:27 notting: at a glance, how close do you think this is? 15:27 Owner gets notification (unwritten). Then owner goes to interface and changes status from 'Awaiting Review' t 'Approved' 15:28 the approvals don't seem to stick 15:28 Yeah -- that's the one feature that hasn't been written yet. 15:28 I'm working on it in the pkgdb-dev branch. 15:28 so, i can request approval for my own package. you might want to catch that case ;) 15:29 I can only pull so many all-nighters in a week ;-) 15:29 notting: I actually left that in on purpose. 15:29 abadger1999: if someone requests access to one of my package, where do I go to see what actions are pending my approval? 15:29 abadger1999: things we'd want before we go live 15:29 notting: The reason being that right now we have orphaned packages that have people watching and pseud-maintaining them. 15:29 1) notifications (probably via mail) to package owners that there are people requesting access/want approval 15:30 mmcgrath: To the package's page. 15:30 2) notifications via mail of ownership changes (people complained when this broke for owners.list) 15:30 3) how does this work for adding a new package? 15:30 -!- c4chris [n=chris@186.14.78.83.cust.bluewin.ch] has quit [Connection timed out] 15:31 abadger1999: no, what i meant is that requesting commit/build/etc access for a package that i already own doesn't make much sense 15:32 notting: To enable orphaned packages to have someone watching them, you need some way to approve the person who wants watch. 15:32 So you take ownership, add yourself to the acl.  Approve your own acls, drop ownership. 15:32 Enabling this behaviour might be bad -- but it's something we have now. 15:33 abadger1999: by 'me', you mean 'anyone', or 'me' == 'admin'? 15:34 notting: I'll steal heavily from your scripts for 1 & 2.  3 -- I'm open to suggestions.  cvs-import contacts the packagedb?  Some commandline tool for the cvs-admins torun? 15:34 me == anyone. 15:35 -!- c4chris [n=chris@213-191.0-85.cust.bluewin.ch]  has joined #fedora-admin 15:35 abadger1999: needs to be pre-cvs import - basically, at the same time the directories are created. if it's a script, dgilmore can tie it into his stuff 15:35 Okay. So admins need to run it at the same time as directory creation. 15:36 And dgilmore is working on that. 15:36 abadger1999: is there a concept of admin access to packagedb? 15:36 cvsadmin? 15:36 Not yet. We've got to work out how we're going to integrate with the FAS on that. 15:37 Of course, people who can touch the db can make changes. 15:37 And it's not hard to code command line scripts that automate those changes. 15:37 but GUI admin interface... not yet. 15:38 cvsadmin in FAS would be admin in packagedb? 15:38 That would be fine. 15:38 I can make that kind of restriction pretty easily. 15:39 What about FESCo-sponsors have the ability to make changes though? 15:39 abadger1999: roadmap it? I'd say just get what we need. 15:40 We don't want them to be cvsadmin's but we do want them to be able to make changes like "This owner is AWOL, asign his packages to orphan" 15:41 abadger1999: right now, all ownership changes go through cvsadmin 15:42 notting: True. But FESCo policy is different. So we're going to have to change that. 15:42 notting, only because the tools don't allow anything else yet (right?) 15:42 mmcgrath: You're right. I'll implement cvsadmin for now. 15:42 abadger1999: an owner should be able to drop -> orphan. perhaps a sponsor should drop -> orphan. i'd prefer picking up of a package go through admin. 15:42 And we'll work on something else as FAS2 shapes up. 15:43 warren: no, because ownership changes impact access control to the source repository 15:43 notting, so a sponsor shouldn't be able to change ownership of a sponsoree's packages? 15:44 notting: Are you talking all taking of packages should require admin approval? 15:45 abadger1999: i'm paranoid. 15:46 I see your view but don't support it. Is it a policy decision that FESCo needs to decide? 15:47 notting: im with you 15:47 -!- warren [i=warren@redhat/wombat/warren] has quit ["Leaving"] 15:47 id rather have a sanity check in there 15:47 -!- warren [i=warren@nat/redhat/x-63bf95f68dd0f1a6] has joined #fedora-admin 15:48 hmm 15:48 abadger1999: well, they approved the locking down of owners.list 15:49 These are things we can always change later if wee need to. 15:49 abadger1999: so, keeping a similar policy in the new tool seems simplest 15:49 True. but locking down owners.list was the only way to get what we wanted (people unable to change other people's packages if acls are set.) 15:50 and your current proposal appears to break that - a user could take an orphan package and set acl w/o any other intervention 15:50 The rest of the things that come with it are too burdensome in my opinion. 15:50 yes. Orphan package. 15:51 They can't do the same to an owned package, though. 15:51 * mmcgrath just noticed its been 50 minutes. 15:51 heh -- we best move on. 15:51 yeah. 15:51 Real quick I'll just open the floor. 15:52 Does anyone else have anything to discuss? 15:52 has everyone had a chance to look at puppet? 15:52 < daMaestro> has there been any discussion about a need for a single point of entry for file access? 15:52 The little bit I interacted with the other day looked nice. 15:52 < daMaestro> (using public mirrors) 15:53 daMaestro: I must have missed your email? Can you send me the thread link? 15:53 < daMaestro> such: a user wants foo.rpm ... http://download.fedoraproject.org/core/foo.rpm? 15:53 < daMaestro> mmcgrath, lol.. ok.. you caught me.. i will send a message. 15:53 k, anyone have anything else? 15:54 allllrighty. =============== MEETING END =====================