Infrastructure > Meetings -> 2007-02-22
Meeting of 2007-02-22
*** Time shown in EST
14:59 < mmcgrath> Yo, we about ready to have a meeting?
15:00 * mdomsch here
15:00 * jcollie here
15:00 < mdomsch> mmcgrath, thanks for setting up publictest7 for me again
15:01 < mmcgrath> mdomsch: I just hope it doesn't disappear again
15:01 < mmcgrath> abadger1999, dgilmore, skvidal: ping?
15:02 * daMaestro here
15:02 < skvidal> yes?
15:02 < abadger1999> pong
15:02 < dgilmore> mmcgrath: sup
15:02 < mmcgrath> Ready for a meeting?
15:03 < mmcgrath> If its just the same with everyone I'd prefer to keep this meeting short so we can focus on buildsys and wiki topics, any objections?
15:03 * jcollie is ALWAYS ready for a meeting ;)
15:03 < mdomsch> no objection
15:03 < CodeX> hi
15:03 < abadger1999> Cool deal.
15:03 < skvidal> I object!
15:03 < mmcgrath> So I'll start on the wiki - The upgrade went ok. We are actually running proxy1 -> app1, proxy2 -> app2.
15:03 < skvidal> okay, no really, I'm just fucking with you
15:03 < skvidal> la la
15:03 < mmcgrath> skvidal!
15:04 < skvidal> :)
15:04 < skvidal> please, continue
15:04 < mmcgrath> app1 has app2 mounted via NFS.
15:04 < mmcgrath> The thing is actually working.
15:04 < mmcgrath> We are starting to run into performance issues though, I don't know if you guys have saved a page on the wiki in a while, it takes time.
15:04 < mmcgrath> 20-30 seconds.
15:04 < mmcgrath> The moin guys seem to think this is because of how many users we have.
15:04 < mmcgrath> When deciding who to email, it has to grep over all the user files to see who's watching that page.
15:05 < skvidal> mmcgrath: :(
15:05 < skvidal> mmcgrath: so we need to delete people?
15:05 < mmcgrath> We have options, but thats what we think is happening there.
15:05 < mmcgrath> skvidal: not sure.
15:05 < mmcgrath> I mean, 20-30 seconds isn't THAT long, but think about it. If someone wanted to DDOS the site, just script an add of a bunch of users.
15:06 < skvidal> do the moin people have any alternative user stores?
15:06 < skvidal> or can we store the user pages in a hashed subdir, for example?
15:06 < mmcgrath> also the kindofblue theme has some issues with the new wiki, I'm working on that. glezos created a new CSS that fixed some issues and generally looks nicer.
15:06 < skvidal> or maybe on a local path?
15:06 < mmcgrath> One of theme was talking about a way to create a user cache
15:06 < mmcgrath> But that was right before this meeting so we haven't discussed it much further.
15:07 -!- Netsplit orwell.freenode.net <-> irc.freenode.net quits: c4chris
15:08 < mmcgrath> looks like we've got 8510 users.
15:08 < mmcgrath> they said the ubuntu guys have the same issue.
15:08 < CodeX> How to make a successfull connection from FC6 to MSSQL <php-mssql>
15:08 < mmcgrath> CodeX you want #fedora, we're having an infrastructure meeting right now.
15:08 < mmcgrath> dgilmore: whats the word on koji?
15:08 < mmcgrath> f13: ping as well
15:09 < f13> sorry, was in another meeting.
15:09 < dgilmore> mmcgrath: things are moving f13 got koji through review
15:09 < f13> it passed package review, but I'm reluctant to build it until we get some test deployments going.
15:09 < dgilmore> we need to add ssl auth before we can do to much with koji
15:10 < dgilmore> we have our test box up
15:10 < mmcgrath> Are we going to let apache do that or koji?
15:10 < jcollie> are we going to re-use the ssl certs that we've been using for plague?
15:10 < dgilmore> mmcgrath: it needs added to koji
15:10 < dgilmore> jcollie: thats the plan
15:10 < mmcgrath> k
15:11 < dgilmore> we need to change the default config location
15:11 < dgilmore> mikem23: any of your guys done any ssl auth stuff yet?
15:13 < mmcgrath> dgilmore: are we blocked until that gets done?
15:13 < dgilmore> mmcgrath: until then we can do very minimal testing
15:13 -!- Netsplit over, joins: c4chris
15:14 < mmcgrath> k
15:14 < dgilmore> FC-5 doesnt have all the requirements so im going to yum update the FC-5 builder to FC-6
15:14 < mmcgrath> k
15:14 < mmcgrath> So aside from the auth stuff, anything to report?
15:15 < dgilmore> not yet. we are making progress
15:15 < dgilmore> i need to sit down with abadger1999 and work out how to sysnc packagedb to kojidb
15:15 < mmcgrath> <nod>
15:15 < abadger1999> yeah.
15:15 < mmcgrath> abadger1999: speaking of which, how's it going? Sounds like you've been working magic.
15:15 < jcollie> we need a fudcon chicago :)
15:16 < abadger1999> Yep :-) I've been busy on the packagedb
15:16 < mmcgrath> Any feedback from it?
15:16 < abadger1999> The front end (from user input => db) is almost complete.
15:16 < abadger1999> People say looks cool but not too much else yet.
15:16 < dgilmore> abadger1999: id like to see somewhere what all i own
15:17 < abadger1999> dgilmore: That's a good idea.
15:17 < abadger1999> I'll add that to the ROADMAP.
15:17 < dgilmore> bbiab
15:17 < abadger1999> Let's see -- I've one more feature to add (owner ability to approve acls)
15:17 < mmcgrath> All, if you have time, take a look - https://admin.fedoraproject.org/pkgdb/
15:18 < abadger1999> Then I have to work with notting, sopwith, et al to implement syncing of ACLs, notification and bugzilla.
15:18 < abadger1999> Unless I'm missing something, we should then be able to get rid of owners.list.
15:18 < mmcgrath> That'd be awesome.
15:19 < mmcgrath> or at least generate owners.list from the database.
15:19 < mmcgrath> Has notting had a chance to look at this?
15:19 < abadger1999> I talked briefly with him today. I don't think he's had much chance to look.
15:19 * mmcgrath pings notting
15:20 -!- notting [i=notting@redhat/notting] has joined #fedora-admin
15:20 < dgilmore> back
15:20 < mmcgrath> notting: we're talking about the package database. Have you had a chance to take a look?
15:20 < mmcgrath> https://admin.fedoraproject.org/pkgdb/
15:21 < notting> i looked a few weeks ago
15:21 < skvidal> notting: look now
15:21 < mmcgrath> He's done a lot of good work over the last couple of days.
15:21 < skvidal> I think it's a lot different
15:21 < mmcgrath> abadger1999: can you give him a roundup of what the status is.
15:22 < skvidal> abadger1999: one minor suggestion
15:22 < notting> pleeease, can i search by name :)
15:22 < abadger1999> Users can request acls and notification through the interface.
15:22 < abadger1999> notting: Username or package name?
15:22 < skvidal> in the 'browse all packages view' would it be possible to make the top item alphabets - not numbers?
15:22 < abadger1999> (Both are necessary)
15:22 < notting> abadger1999: package name
15:23 < abadger1999> skvidal: Not easy easy. But it does need to be done.
15:23 < abadger1999> I'm using the turbogears paginate decorator to generate that.
15:23 < notting> what is 'checkout' perms?
15:23 < abadger1999> It's just taking a select list from the db and limiting it to a range of packages (1-100, 100-200, etc)
15:24 < abadger1999> notting: For embargoed packages we're going to want to limit who can checkout a package.
15:24 < abadger1999> I'm thinking of hiding both checkout perm and build perm on the F7 rollout.
15:24 < notting> we don't have embargoes
15:24 < abadger1999> (checkout because there should be very few packages that apply - build because we have to integrate that with koji)
15:25 < abadger1999> It was on the list of requested features for the new VCS and packagedb.
15:25 < abadger1999> So security updates can be hidden.
15:25 < notting> yeah, just not sure if we actually need it
15:25 < abadger1999> k.
15:25 < notting> i'm not too keen on delegating approveacls to others
15:25 < abadger1999> Well it's in the db but I'll hide it from end user view for now.
15:26 < abadger1999> notting: That' done now, thogh.
15:26 < notting> what's the interface for approving people who want to be added to the package?
15:26 < abadger1999> Co-maintainership is the ability to approve acls for others.
15:27 < abadger1999> Requestor clicks button to get an acl row added to the pkgdb interface. Checks "commits"
15:27 < mmcgrath> notting: at a glance, how close do you think this is?
15:27 < abadger1999> Owner gets notification (unwritten) . Then owner goes to interface and changes status from 'Awaiting Review' t 'Approved'
15:28 < notting> the approvals don't seem to stick
15:28 < abadger1999> Yeah -- that's the one feature that hasn't been written yet.
15:28 < abadger1999> I'm working on it in the pkgdb-dev branch.
15:28 < notting> so, i can request approval for my own package. you might want to catch that case ;)
15:29 < abadger1999> I can only pull so many all-nighters in a week ;-)
15:29 < abadger1999> notting: I actually left that in on purpose.
15:29 < mmcgrath> abadger1999: if someone requests access to one of my package, where do I go to see what actions are pending my approval?
15:29 < notting> abadger1999: things we'd want before we go live
15:29 < abadger1999> notting: The reason being that right now we have orphaned packages that have people watching and pseud-maintaining them.
15:29 < notting> 1) notifications (probably via mail) to package owners that there are people requesting access/want approval
15:30 < abadger1999> mmcgrath: To the package's page.
15:30 < notting> 2) notifications via mail of ownership changes (people complained when this broke for owners.list)
15:30 < notting> 3) how does this work for adding a new package?
15:30 -!- c4chris [email@example.com] has quit [Connection timed out]
15:31 < notting> abadger1999: no, what i meant is that requesting commit/build/etc access for a package that i already own doesn't make much sense
15:32 < abadger1999> notting: To enable orphaned packages to have someone watching them, you need some way to approve the person who wants watch.
15:32 < abadger1999> So you take ownership, add yourself to the acl. Approve your own acls, drop ownership.
15:32 < abadger1999> Enabling this behaviour might be bad -- but it's something we have now.
15:33 < notting> abadger1999: by 'me', you mean 'anyone', or 'me' == 'admin'?
15:34 < abadger1999> notting: I'll steal heavily from your scripts for 1 & 2. 3 -- I'm open to suggestions. cvs-import contacts the packagedb? Some commandline tool for the cvs-admins torun?
15:34 < abadger1999> me == anyone.
15:35 -!- c4chris [firstname.lastname@example.org] has joined #fedora-admin
15:35 < notting> abadger1999: needs to be pre-cvs import - basically, at the same time the directories are created. if it's a script, dgilmore can tie it into his stuff
15:35 < abadger1999> Okay. So admins need to run it at the same time as directory creation.
15:36 < abadger1999> And dgilmore is working on that.
15:36 < notting> abadger1999: is there a concept of admin access to packagedb?
15:36 < warren> cvsadmin?
15:36 < abadger1999> Not yet. We've got to work out how we're going to integrate with the FAS on that.
15:37 < abadger1999> Of course, people who can touch the db can make changes.
15:37 < abadger1999> And it's not hard to code command line scripts that automate those changes.
15:37 < abadger1999> but GUI admin interface... not yet.
15:38 < warren> cvsadmin in FAS would be admin in packagedb?
15:38 < abadger1999> That would be fine.
15:38 < abadger1999> I can make that kind of restriction pretty easily.
15:39 < abadger1999> What about FESCo-sponsors have the ability to make changes though?
15:39 < mmcgrath> abadger1999: roadmap it? I'd say just get what we need.
15:40 < abadger1999> We don't want them to be cvsadmin's but we do want them to be able to make changes like "This owner is AWOL, asign his packages to orphan"
15:41 < notting> abadger1999: right now, all ownership changes go through cvsadmin
15:42 < abadger1999> notting: True. But FESCo policy is different. So we're going to have to change that.
15:42 < warren> notting, only because the tools don't allow anything else yet (right?)
15:42 < abadger1999> mmcgrath: You're right. I'll implement cvsadmin for now.
15:42 < notting> abadger1999: an owner should be able to drop -> orphan. perhaps a sponsor should drop -> orphan. i'd prefer picking up of a package go through admin.
15:42 < abadger1999> And we'll work on something else as FAS2 shapes up.
15:43 < notting> warren: no, because ownership changes impact access control to the source repository
15:43 < warren> notting, so a sponsor shouldn't be able to change ownership of a sponsoree's packages?
15:44 < abadger1999> notting: Are you talking all taking of packages should require admin approval?
15:45 < notting> abadger1999: i'm paranoid.
15:46 < abadger1999> I see your view but don't support it. Is it a policy decision that FESCo needs to decide?
15:47 < dgilmore> notting: im with you
15:47 -!- warren [i=warren@redhat/wombat/warren] has quit ["Leaving"]
15:47 < dgilmore> id rather have a sanity check in there
15:47 -!- warren [i=warren@nat/redhat/x-63bf95f68dd0f1a6] has joined #fedora-admin
15:48 < mmcgrath> hmm
15:48 < notting> abadger1999: well, they approved the locking down of owners.list
15:49 < mmcgrath> These are things we can always change later if wee need to.
15:49 < notting> abadger1999: so, keeping a similar policy in the new tool seems simplest
15:49 < abadger1999> True. but locking down owners.list was the only way to get what we wanted (people unable to change other people's packages if acls are set.)
15:50 < notting> and your current proposal appears to break that - a user could take an orphan package and set acl w/o any other intervention
15:50 < abadger1999> The rest of the things that come with it are too burdensome in my opinion.
15:50 < abadger1999> yes. Orphan package.
15:51 < abadger1999> They can't do the same to an owned package, though.
15:51 * mmcgrath just noticed its been 50 minutes.
15:51 < abadger1999> heh -- we best move on.
15:51 < mmcgrath> yeah.
15:51 < mmcgrath> Real quick I'll just open the floor.
15:52 < mmcgrath> Does anyone else have anything to discuss?
15:52 < mmcgrath> has everyone had a chance to look at puppet?
15:52 < daMaestro> has there been any discussion about a need for a single point of entry for file access?
15:52 < abadger1999> The little bit I interacted with the other day looked nice.
15:52 < daMaestro> (using public mirrors)
15:53 < mmcgrath> daMaestro: I must have missed your email? Can you send me the thread link?
15:53 < daMaestro> such: a user wants foo.rpm ... http://download.fedoraproject.org/core/foo.rpm?
15:53 < daMaestro> mmcgrath, lol.. ok.. you caught me.. i will send a message.
15:53 < mmcgrath> k, anyone have anything else?
15:54 < mmcgrath> allllrighty. =============== MEETING END =====================