Infrastructure/Meetings/2007-02-08

= Meeting of 2007-02-08 =


 * Time shown in EST

15:00 <@mmcgrath> Alllright, we ready to have a meeting? 15:00 -!- mmcgrath changed the topic of #fedora-admin to: role call 15:00 <@mmcgrath> Who's here? 15:00 here, more or less 15:00 * kim0 here 15:00 * skvidal is here 15:00 * abadger1999 is here 15:01 -!- abompard [n=gauret@bne75-8-88-161-125-228.fbx.proxad.net] has joined #fedora-admin 15:01 <@mmcgrath> We'll be following http://fedoraproject.org/wiki/Infrastructure/Schedule as always 15:01 * dgilmore is here 15:01 -!- mmcgrath changed the topic of #fedora-admin to: Packaging Database - abadger1999 15:01 <@mmcgrath> abadger1999: whats up? 15:02 Well, we didn't hack it as much as I hoped during fudcon. 15:02 <@mmcgrath> how'd the discussion go with the Brew guy? 15:02 But dgilmore and I got to sit down with mikem from red hat and talk about koji/brew. 15:02 That was somewhat enlightening. 15:02 Koji's database is heavily involved with all aspects of building packages. 15:03 OUr database is more heavily involved with maintainers of packages. 15:03 it seems we will need to add some stuff on top of whats in koji 15:03 mikem23: any word from up above yet? 15:03 Since we don't know when koji will emerge from legal my thinking is to aim for packagedb on top of koji for F7. 15:04 Plan to merge the two databases in time for F8. 15:04 Packagers will mainly interact with the packagedb front end to maintain ACLs and etc. 15:04 <@mmcgrath> So in your current plan for F7 does the packagedb have a blocker of koji or can it be implemented even if koji doesn't make it out the door? 15:05 mmcgrath: i think it can be done without koji 15:05 When necessary, the packageDB will call out to koji to set things on the build system. 15:06 we can add to plague 15:06 It can be done without koji. 15:06 <@mmcgrath> So, and I have no idea exactly whats going on with this, but I'd suggest going forward thinking koji isn't going to be out by F7 and then be pleasantly surprised if it make s it. 15:06 But we'll have to have some timeframe of "koji has to come out by $DATE" so we can write any necessary backend for PackgeDB totalk to plague. 15:06 <@mmcgrath> Mostly because in the past, legal was english for 'slower than it needs to be' 15:06 <@mmcgrath> to me at least. 15:06 <@mmcgrath> 15:06 mmcgrath: thats how it is :( 15:06 mmcgrath: i have a rough plan for migration from plague to koji 15:06 Okay. I'll get owners.list in followed by cvs ACLs.  Then we can worry about integrating with either of plague or koji. 15:06 <@mmcgrath> 15:07 <@mmcgrath> that it? 15:07 Think so. 15:07 -!- mmcgrath changed the topic of #fedora-admin to: SCM 15:07 <@mmcgrath> so the scm is on hold till Fedora 7. 15:07 Fedora 8? 15:07 <@mmcgrath> errr Fedora 8 15:07 fedora 9? 15:07 fedora 'it goes to' 11? 15:08 <@mmcgrath> Our fedora might go all the way to 11 before the scm gets out 15:08 <@mmcgrath> heh beat me to it 15:08 <@mmcgrath> long story short, its floundering because no one cares. 15:08 -!- mmcgrath changed the topic of #fedora-admin to: upgrading systems 15:08 <@mmcgrath> I think iwolf isn't here. 15:08 -!- mmcgrath changed the topic of #fedora-admin to: firewalls 15:09 <@mmcgrath> luke isn't here 15:09 mmcgrath: did the old cvs box get the firmware updates? 15:09 <@mmcgrath> dgilmore: not sure, I need to talk to mgalgoci about that. 15:09 <@mmcgrath> one sec, sending email.. 15:09 <@mmcgrath> I'll finish it later 15:09 -!- mmcgrath changed the topic of #fedora-admin to: System Documentation 15:10 <@mmcgrath> I'll be putting together an inventory for the actual systems as well as something like a Visio diagram soon. 15:10 -!- mmcgrath changed the topic of #fedora-admin to: Xen 15:10 mmcgrath: :) dia 15:10 <@mmcgrath> We should probably move this to done, we have the xen boxes. 15:10 or kivio 15:10 dgilmore, inkscape 15:10 mmcgrath: yeah 15:11 <@mmcgrath> moved to done 15:11 SOunds good. 15:11  * warren here 15:11 -!- mmcgrath changed the topic of #fedora-admin to: Wiki Upgrade 15:11 <@mmcgrath> Yo warren 15:11 <@mmcgrath> So I was talking to skvidal last night about this and that. 15:12 mmcgrath: thats dangerous 15:12 <@mmcgrath> heh 15:12 dgilmore: be nice! :) 15:12 <@mmcgrath> So here's what I'm proposing. 15:12 <@mmcgrath> Instead of just upgrading the wiki on fpserv we move the wiki to our internal apps and use fpserv for something else. 15:12 skvidal: ;) 15:13 mmcgrath: sure 15:13 dgilmore: if you're not nice I'll ask spot to throw up on you :) 15:13 <@mmcgrath> possibly the primary CVS lace or a backup of it as the CVS and lookaside cache are things that we just cannot lose. 15:13 <@mmcgrath> s/lace/place/ 15:13 skvidal: :( i dont want that 15:13 -!- mmcgrath changed the topic of #fedora-admin to: what happens at fudcon stays at fudcon 15:13 -!- mmcgrath changed the topic of #fedora-admin to: wiki upgrade 15:13 <@mmcgrath> So anyway, does anyone have any objections / suggestions for that? 15:13 mmcgrath: 250GB of disk on fpserv 15:13 sounds good to me 15:13 mmcgrath: fpserv  could be backup cvs and backup wiki  we really dont wnat to lose either 15:14 <@mmcgrath> dgilmore: 15:14 fpserv == insurance policy  works for me 15:14 skvidal: if we get you more disk space  can you host it? 15:14 <@mmcgrath> more details / plan on that will follow over the next week or two.  I'm hoping to work with kim0 and paulobanon on getting this stuff on our app servers. 15:14 dgilmore: .... _maybe_ 15:14 it's not definite 15:15 looks fine 15:15 <@mmcgrath> we'll deal with that when we get to it.  I guess if worse comes to worse could we purchase drives and send them to duke? 15:15 mmcgrath: yah - if worse comes to much worse :) 15:15 skvidal: ok 15:15 <@mmcgrath> heh 15:15 skvidal: we will need more for extras64 15:15 dgilmore: 15:16 well 15:16 we have 147G free now 15:16 on extras64 15:16 less than half used 15:16 skvidal: koji will use alot more 15:16 unless we change its garbage collection 15:16 is koji operating on extras64? 15:16 <@mmcgrath> koji has infinite disk needs though :-/ 15:17 I thought the plan was to talk to the netapps for koji and friends 15:17 skvidal: i was hoping to have the master head on extras64 15:17 BTW, did anybody figure out what caused fpserv to freak yesterday? 15:17 <@mmcgrath> I didn't, skvidal? 15:17 not really. My money's on the wiki 15:17 where is f13?  we need him regarding koji no? 15:18 warren: koji is not born  yet 15:18 <@mmcgrath> warren: dgilmore and abadger1999 had a good talk with mikem about koji at hackfest. 15:18 to us its the eternal pregnacy 15:18 it will be here when its here 15:19 -!- mmcgrath changed the topic of #fedora-admin to: Config Management 15:19 when we get code we will worry about it until then  i just want to get a few bits and pieces in place 15:19 I'm here 15:19 <@mmcgrath> I'm doing more research on this and have a few new leads, its coming though seriously. 15:19 sorry, I have another 3pm meeting this day. 15:19 <@mmcgrath> Config management is my white whale. 15:19 Quiqueg! 15:19 bcfg2 is now in FE-devel :) 15:20 <@mmcgrath> heh 15:20 -!- mmcgrath changed the topic of #fedora-admin to: Metrics / smolt 15:20 <@mmcgrath> This is going well, jcollie and dgilmore have helped out quite a bit on the client. 15:20 -!- mspevack [i=mspevack@fedora/mspevack] has quit ["Leaving"] 15:20 <@mmcgrath> more is coming every day, blah blah. 15:20 -!- mmcgrath changed the topic of #fedora-admin to: postfix 15:20 errr 15:20 <@mmcgrath> All I can tell you is "Blocking on legal" right now. 15:20 mmcgrath: i think postfix is ready 15:21 mmcgrath: postfix? 15:21 <@mmcgrath> dgilmore: yes it is. 15:21 technically ready yes 15:21 <@mmcgrath> I'm going to go up and talk to them in about 5 minutes to see what they're confused about. 15:21 why does legal care what we use? 15:21 dgilmore, long and boring story with no actual details 15:21 mmcgrath will find out soon. 15:21 mmcgrath, talked to nate yet? You NEED to go there first. 15:22 warren: ok im really confused by legal giving a fuck what we use 15:22 <@mmcgrath> Yeah, we talked to nate yesterday 15:22 postfix is blocking on legal? 15:22 not postfix 15:22 <@mmcgrath> dgilmore: I have a feeling red hat may be liable for things people send from fp.o... 15:22 <@mmcgrath> Not sure though. 15:22 jcollie, yes, legal dislikes HP calculators. 15:22 mmcgrath: ok keep me in the loop please 15:22 <@mmcgrath> not postfix just our own smtp server in general. 15:22 ahh 15:22 <@mmcgrath> will do. 15:22 -!- mmcgrath changed the topic of #fedora-admin to: hardware reporting tool / smolt 15:22 <@mmcgrath> I love smolt 15:23 -!- mmcgrath changed the topic of #fedora-admin to: FI Noc 15:23 smoon 15:23 f13: that's not a moon 15:23 mmcgrath, so, when do we get our fiber channel SAN and blade center? 15:23 <@mmcgrath> The FI Noc is designed and will be very soon. 15:23 mmcgrath, more realistically, do we have another rack yet? 15:23 <@mmcgrath> warren: Tuesday 15:23 <@mmcgrath> Not yet, I haven't had a chance to talk to stacy yet. 15:23 o_O 15:23 we're actually getting a SAN and blades? 15:23 <@mmcgrath> heh no 15:23 oh 15:23 <@mmcgrath> sorry to get your hopes up :-D 15:24 hehe 15:24 mmcgrath: prarit is looking for ia64 hardware, and part of that is a rack to put it in, and there should be space left in the rack for other FI needs 15:24 <@mmcgrath> what is prarit? 15:24 mmcgrath: he wants to host some donated ia64 h ardware in teh colo for doing that arch. 15:24 sorry, Prarit is a RH employee, involved in the Fedora ia64 efforts 15:24 <@mmcgrath> ahh, yeah I'm going to work out what we have where, if we can tap tampa, etc, etc. 15:24 mmcgrath, a guy in our office that drives a car with "PRARIT" on his license plate. 15:24 <@mmcgrath> 15:25 * mmcgrath has a lot of administrivia to do over the next week. 15:25 -!- mmcgrath changed the topic of #fedora-admin to: Project hosted - f13 15:25 * mmcgrath has to run upstairs to talk to legal in about 5 minutes... 15:25 too bad we can't create FI network DMZ's within the raleigh and westford office. It would be SO EASY to do things that way. 15:26 Project Hosting has nothing really to report lately, although I hate git more now. 15:26 whenver we can move SCMs off to their own setup would be nice, revamp how they're done, add svn to the mix, feel better about enabling git:// 15:27 <@mmcgrath> f13: I may have something cooking there, we'll see. 15:27 <@mmcgrath> there's general confusion as to what resources Fedora actually has. 15:27 are hosted SCM's completely separate from cvs-int? 15:27 warren: same box i believe 15:27 -!- craigt [n=craigt@ool-43512319.dyn.optonline.net] has quit [Read error: 110 (Connection timed out)] 15:27 * warren chokes. 15:27 warren: same box, different chroot 15:27 different sshd 15:27 Is that prudent? 15:28 no, its horrible and we need to fix it 15:28 ok 15:28 we can thank sopwith for this, but at least he does have it somewhat secure 15:28 < Sopwith> eh what? 15:28 WHOA 15:28 haha 15:28 <@mmcgrath> actually the current system works and will be pretty similar to the new one. 15:28 <@mmcgrath> as far as chroots go. 15:28 f13, is the userspace within the chroots actually updated though? 15:28 Sopwith: I was told that you setup cvs-int with chroots and such? 15:29 < Sopwith> Yea... If you want to have separate xen instances for each VC system, that'd work too, but failing that, the present setup is OK-ish. 15:29 mmcgrath: I'd much rather to xen guests for each scm, nfs mounting the storage from say netapp for the scm storage. 15:29 Sopwith, are the userspace bits within chroots updated? (security?) 15:29 <@mmcgrath> each chroot may have its own host, but the chroots will probably stay so that a proper shell can be set for everyone. I'm still looking at whats best to do here, always op en to ideas. 15:29 f13, ++ 15:29 < Sopwith> warren: There's a script that's supposed to update the chroot from the main system, but I doubt it gets run frequently. 15:29 Sopwith, ah, it uses binaries from the host? 15:29 <@mmcgrath> Sopwith: I'm afraid to run it :-D Though it was last updated in november or so. 15:29 mmcgrath: if we split each scm into its own xen guest, then the shell can be set for that guest 15:30 <@mmcgrath> f13: but what if I want to log in and admin the box? 15:30 mmcgrath: admins can serial console into the xen guest to do somethign on it. 15:30 < Sopwith> warren: Yea (although they are copies and not hardlinks, so the chroots are probably outdated) 15:30 mmcgrath: virtual serial console that is 15:30 <@mmcgrath> 15:30 <@mmcgrath> mdomsch: around? 15:30 -!- mmcgrath changed the topic of #fedora-admin to: mirror management 15:30 mmcgrath: and we could run sshd on another port that only allows connections from inside the colo 15:30 mmcgrath, f13: chroot is fine, as long as we keep it documented and automated in a secure way. 15:31 <@mmcgrath> hmm, mdomsch isn't here. no worries 15:31 warren: dealing w/ the chroot is a bit ugly. I'd rather they be split out. 15:31 -!- mmcgrath changed the topic of #fedora-admin to: deltarpm - kim0 15:31 f13, that's fine too. 15:31 I have some basic working code now. The project is named "presto" and has its own hosted project now, https://hosted.fedoraproject.org/projects/presto. code not up yet. 15:31 The next step, I guess I will need some mirror owner willing to run the server scripts to generate/host drpms 15:31 I should post to the list asking for that, eh ? 15:31 hm 15:31 <@mmcgrath> kim0: I've been thinking about this at some point we should probably discuss this more in #fedora-devel as I think its more relevant to Fedora the os rather than our infras tructure. 15:32 <@mmcgrath> though I can see you've been doing some pretty good work. 15:32 ok 15:32 You may want to write clear and obvious documentation showing how this is NOT like previous crack. 15:32 what's previous crack 15:32 People have wanted this for a long time, but past ideas were bad 15:33 I haven't been following your implementation so I don't know your specifics 15:33 so posting your code would be goo 15:33 good 15:33 yeah this has been on the list, basically all server side code was killed 15:33 <@mmcgrath> kim0: If you're think you're ready take it to the fedora-devel :-D 15:33 <@mmcgrath> and be prepared. 15:33 which I guess was the main issue 15:33 mmcgrath: guess I will 15:34 <@mmcgrath> :-D time for the big leagues. 15:34 -!- mmcgrath changed the topic of #fedora-admin to: open floor 15:34 <@mmcgrath> anyone have anything before I close the meeting? 15:34 * kim0 smiles 15:34 kim0: Some examples: Must run a special server to generate deltarpms for the users, generating deltas for files on the filesystem so there's no rpm signature, etc. 15:34 <@mmcgrath> Next week will be my first full time week. 15:34 mmcgrath: just keep us in the loop 15:34 kim0, good, no serverside =) 15:34 <@mmcgrath> dgilmore: always. Matt just got back to me, the old cvs firmware will be upgraded next week when he'll be on site. 15:34 mmcgrath: When you look into hosting bits at Universities, tibbs might be able to volunteer some resources. 15:34 My implementation: no server side code, no on the fly generation, Yes for all sig checking 15:34 mmcgrath: :)  great 15:35 <@mmcgrath> Alrighty guys, thanks for coming 15:35 -!- mmcgrath changed the topic of #fedora-admin to: --- Meeting End ---