Meeting of 2007-02-08

*** Time shown in EST

15:00 <@mmcgrath> Alllright, we ready to have a meeting?
15:00 -!- mmcgrath changed the topic of #fedora-admin to: role call
15:00 <@mmcgrath> Who's here?
15:00 < jcollie> here, more or less
15:00  * kim0 here
15:00  * skvidal is here
15:00  * abadger1999 is here
15:01 -!- abompard [n=gauret@bne75-8-88-161-125-228.fbx.proxad.net]  has joined #fedora-admin
15:01 <@mmcgrath> We'll be following http://fedoraproject.org/wiki/Infrastructure/Schedule as always
15:01  * dgilmore is here
15:01 -!- mmcgrath changed the topic of #fedora-admin to: Packaging Database - abadger1999
15:01 <@mmcgrath> abadger1999: whats up?
15:02 < abadger1999> Well, we didn't hack it as much as I hoped during fudcon.
15:02 <@mmcgrath> <nod>  how'd the discussion go with the Brew guy?
15:02 < abadger1999> But dgilmore and I got to sit down with mikem from red hat and talk about koji/brew.
15:02 < abadger1999> That was somewhat enlightening.
15:02 < abadger1999> Koji's database is heavily involved with all aspects of building packages.
15:03 < abadger1999> OUr database is more heavily involved with maintainers of packages.
15:03 < dgilmore> it seems we will need to add some stuff on top of whats in koji
15:03 < dgilmore> mikem23: any word from up above yet?
15:03 < abadger1999> Since we don't know when koji will emerge from legal my thinking is to aim for packagedb on top of koji for F7.
15:04 < abadger1999> Plan to merge the two databases in time for F8.
15:04 < abadger1999> Packagers will mainly interact with the packagedb front end to maintain ACLs and etc.
15:04 <@mmcgrath> So in your current plan for F7 does the packagedb have a blocker of koji or can it be implemented even if koji doesn't make it out the door?
15:05 < dgilmore> mmcgrath: i think it can be done without koji
15:05 < abadger1999> When necessary, the packageDB will call out to koji to set things on the build system.
15:06 < dgilmore> we can add to plague
15:06 < abadger1999> It can be done without koji.
15:06 <@mmcgrath> So, and I have no idea exactly whats going on with this, but I'd suggest going forward thinking koji isn't going to be out by F7 and then be pleasantly surprised if it make
s it.
15:06 < abadger1999> But we'll have to have some timeframe of "koji has to come out by $DATE" so we can write any necessary backend for PackgeDB totalk to plague.
15:06 <@mmcgrath> Mostly because in the past, legal was english for 'slower than it needs to be'
15:06 <@mmcgrath> to me at least.
15:06 <@mmcgrath> <nod>
15:06 < dgilmore> mmcgrath: thats how it is :(
15:06 < dgilmore> mmcgrath: i have a rough plan for migration from plague to koji
15:06 < abadger1999> Okay.  I'll get owners.list in followed by cvs ACLs.  Then we can worry about integrating with either of plague or koji.
15:06 <@mmcgrath> <nod>
15:07 <@mmcgrath> that it?
15:07 < abadger1999> Think so.
15:07 -!- mmcgrath changed the topic of #fedora-admin to: SCM
15:07 <@mmcgrath> so the scm is on hold till Fedora 7.
15:07 < dgilmore> Fedora 8?
15:07 <@mmcgrath> errr Fedora 8
15:07 < skvidal> fedora 9?
15:07 < skvidal> fedora 'it goes to' 11?
15:08 <@mmcgrath> Our fedora might go all the way to 11 before the scm gets out
15:08 <@mmcgrath> heh beat me to it
15:08 <@mmcgrath> long story short, its floundering because no one cares.
15:08 -!- mmcgrath changed the topic of #fedora-admin to: upgrading systems
15:08 <@mmcgrath> I think iwolf isn't here.
15:08 -!- mmcgrath changed the topic of #fedora-admin to: firewalls
15:09 <@mmcgrath> luke isn't here
15:09 < dgilmore> mmcgrath: did the old cvs box get the firmware updates?
15:09 <@mmcgrath> dgilmore: not sure, I need to talk to mgalgoci about that.
15:09 <@mmcgrath> one sec, sending email..
15:09 <@mmcgrath> I'll finish it later
15:09 -!- mmcgrath changed the topic of #fedora-admin to: System Documentation
15:10 <@mmcgrath> I'll be putting together an inventory for the actual systems as well as something like a Visio diagram soon.
15:10 -!- mmcgrath changed the topic of #fedora-admin to: Xen
15:10 < dgilmore> mmcgrath: :)  dia
15:10 <@mmcgrath> We should probably move this to done, we have the xen boxes.
15:10 < dgilmore> or kivio
15:10 < jcollie> dgilmore, inkscape
15:10 < dgilmore> mmcgrath: yeah
15:11 <@mmcgrath> moved to done
15:11 < abadger1999> SOunds good.
15:11  * warren here
15:11 -!- mmcgrath changed the topic of #fedora-admin to: Wiki Upgrade
15:11 <@mmcgrath> Yo warren
15:11 <@mmcgrath> So I was talking to skvidal last night about this and that.
15:12 < dgilmore> mmcgrath: thats dangerous
15:12 <@mmcgrath> heh
15:12 < skvidal> dgilmore: be nice! :)
15:12 <@mmcgrath> So here's what I'm proposing.
15:12 <@mmcgrath> Instead of just upgrading the wiki on fpserv we move the wiki to our internal apps and use fpserv for something else.
15:12 < dgilmore> skvidal:  ;)
15:13 < dgilmore> mmcgrath: sure
15:13 < skvidal> dgilmore: if you're not nice I'll ask spot to throw up on you :)
15:13 <@mmcgrath> possibly the primary CVS lace or a backup of it as the CVS and lookaside cache are things that we just cannot lose.
15:13 <@mmcgrath> s/lace/place/
15:13 < dgilmore> skvidal: :(  i dont want that
15:13 -!- mmcgrath changed the topic of #fedora-admin to: what happens at fudcon stays at fudcon
15:13 -!- mmcgrath changed the topic of #fedora-admin to: wiki upgrade
15:13 <@mmcgrath> So anyway, does anyone have any objections / suggestions for that?
15:13 < skvidal> mmcgrath: 250GB of disk on fpserv
15:13 < jcollie> sounds good to me
15:13 < dgilmore> mmcgrath: fpserv  could be backup cvs and backup wiki  we really dont wnat to lose either
15:14 <@mmcgrath> dgilmore: <nod>
15:14 < dgilmore> fpserv == insurance policy  works for me
15:14 < dgilmore> skvidal: if we get you more disk space  can you host it?
15:14 <@mmcgrath> more details / plan on that will follow over the next week or two.  I'm hoping to work with kim0 and paulobanon on getting this stuff on our app servers.
15:14 < skvidal> dgilmore: .... _maybe_
15:14 < skvidal> it's not definite
15:15 < kim0> looks fine
15:15 <@mmcgrath> we'll deal with that when we get to it.  I guess if worse comes to worse could we purchase drives and send them to duke?
15:15 < skvidal> mmcgrath: yah - if worse comes to much worse :)
15:15 < dgilmore> skvidal: ok
15:15 <@mmcgrath> heh
15:15 < dgilmore> skvidal: we will need more for extras64
15:15 < skvidal> dgilmore: <nod>
15:16 < skvidal> well
15:16 < skvidal> we have 147G free now
15:16 < skvidal> on extras64
15:16 < skvidal> less than half used
15:16 < dgilmore> skvidal: koji  will use alot more
15:16 < dgilmore> unless we change its garbage collection
15:16 < skvidal> is koji operating on extras64?
15:16 <@mmcgrath> koji has infinite disk needs though :-/
15:17 < skvidal> I thought the plan was to talk to the netapps for koji and friends
15:17 < dgilmore> skvidal: i was hoping to have the master head on extras64
15:17 < warren> BTW, did anybody figure out what caused fpserv to freak yesterday?
15:17 <@mmcgrath> I didn't, skvidal?
15:17 < skvidal> not really. My money's on the wiki
15:17 < warren> where is f13?  we need him regarding koji no?
15:18 < dgilmore> warren: koji is not born  yet
15:18 <@mmcgrath> warren: dgilmore and abadger1999 had a good talk with mikem about koji at hackfest.
15:18 < dgilmore> to us its the eternal pregnacy
15:18 < dgilmore> it will be here when its here
15:19 -!- mmcgrath changed the topic of #fedora-admin to: Config Management
15:19 < dgilmore> when we get code we will worry about it  until then  i just want to get a few bits and pieces in place
15:19 < f13> I'm here
15:19 <@mmcgrath> I'm doing more research on this and have a few new leads, its coming though seriously.
15:19 < f13> sorry, I have another 3pm meeting this day.
15:19 <@mmcgrath> Config management is my white whale.
15:19 < warren> Quiqueg!
15:19 < jcollie> bcfg2 is now in FE-devel :)
15:20 <@mmcgrath> heh
15:20 -!- mmcgrath changed the topic of #fedora-admin to: Metrics / smolt
15:20 <@mmcgrath> This is going well, jcollie and dgilmore have helped out quite a bit on the client.
15:20 -!- mspevack [i=mspevack@fedora/mspevack]  has quit ["Leaving"] 
15:20 <@mmcgrath> more is coming every day, blah blah.
15:20 -!- mmcgrath changed the topic of #fedora-admin to: postfix
15:20 < warren> errr
15:20 <@mmcgrath> All I can tell you is "Blocking on legal" right now.
15:20 < dgilmore> mmcgrath: i think postfix is ready
15:21 < dgilmore> mmcgrath: postfix?
15:21 <@mmcgrath> dgilmore: yes it is.
15:21 < warren> technically ready yes
15:21 <@mmcgrath> I'm going to go up and talk to them in about 5 minutes to see what they're confused about.
15:21 < dgilmore> why does legal care what we use?
15:21 < warren> dgilmore, long and boring story with no actual details
15:21 < warren> mmcgrath will find out soon.
15:21 < warren> mmcgrath, talked to nate yet?  You NEED to go there first.
15:22 < dgilmore> warren: ok  im really confused by legal giving a fuck what we use
15:22 <@mmcgrath> Yeah, we talked to nate yesterday
15:22 < jcollie> postfix is blocking on legal?
15:22 < skvidal> not postfix
15:22 <@mmcgrath> dgilmore: I have a feeling red hat may be liable for things people send from fp.o...
15:22 <@mmcgrath> Not sure though.
15:22 < warren> jcollie, yes, legal dislikes HP calculators.
15:22 < dgilmore> mmcgrath: ok  keep me in the loop please
15:22 <@mmcgrath> not postfix just our own smtp server in general.
15:22 < jcollie> ahh
15:22 <@mmcgrath> will do.
15:22 -!- mmcgrath changed the topic of #fedora-admin to: hardware reporting tool / smolt
15:22 <@mmcgrath> I love smolt
15:23 -!- mmcgrath changed the topic of #fedora-admin to: FI Noc
15:23 < f13> smoon
15:23 < skvidal> f13: that's not a moon
15:23 < warren> mmcgrath, so, when do we get our fiber channel SAN and blade center?
15:23 <@mmcgrath> The FI Noc is designed and will be very soon.
15:23 < warren> mmcgrath, more realistically, do we have another rack yet?
15:23 <@mmcgrath> warren: Tuesday
15:23 <@mmcgrath> Not yet, I haven't had a chance to talk to stacy yet.
15:23 < warren> o_O
15:23 < warren> we're actually getting a SAN and blades?
15:23 <@mmcgrath> heh no
15:23 < warren> oh
15:23 <@mmcgrath> sorry to get your hopes up :-D
15:24 < warren> hehe
15:24 < f13> mmcgrath: prarit is looking for ia64 hardware, and part of that is a rack to put it in, and there should be space left in the rack for other FI needs
15:24 <@mmcgrath> what is prarit?
15:24 < f13> mmcgrath: he wants to host some donated ia64 h ardware in teh colo for doing that arch.
15:24 < f13> sorry, Prarit is a RH employee, involved in the Fedora ia64 efforts
15:24 <@mmcgrath> ahh, yeah I'm going to work out what we have where, if we can tap tampa, etc, etc.
15:24 < warren> mmcgrath, a guy in our office that drives a car with "PRARIT" on his license plate.
15:24 <@mmcgrath> <nod>
15:25  * mmcgrath has a lot of administrivia to do over the next week.
15:25 -!- mmcgrath changed the topic of #fedora-admin to: Project hosted - f13
15:25  * mmcgrath has to run upstairs to talk to legal in about 5 minutes...
15:25 < warren> too bad we can't create FI network DMZ's within the raleigh and westford office.  It would be SO EASY to do things that way.
15:26 < f13> Project Hosting has nothing really to report lately, although I hate git more now.
15:26 < f13> whenver we can move SCMs off to their own setup would be nice, revamp how they're done, add svn to the mix, feel better about enabling git://
15:27 <@mmcgrath> f13: I may have something cooking there, we'll see.
15:27 <@mmcgrath> there's general confusion as to what resources Fedora actually has.
15:27 < warren> are hosted SCM's completely separate from cvs-int?
15:27 < dgilmore> warren: same box i believe
15:27 -!- craigt [n=craigt@ool-43512319.dyn.optonline.net]  has quit [Read error: 110 (Connection timed out)] 
15:27  * warren chokes.
15:27 < f13> warren: same box, different chroot
15:27 < f13> different sshd
15:27 < warren> Is that prudent?
15:28 < f13> no, its horrible and we need to fix it
15:28 < warren> ok
15:28 < f13> we can thank sopwith for this, but at least he does have it somewhat secure
15:28 < Sopwith> eh what?
15:28 < warren> WHOA
15:28 < warren> haha
15:28 <@mmcgrath> actually the current system works and will be pretty similar to the new one.
15:28 <@mmcgrath> as far as chroots go.
15:28 < warren> f13, is the userspace within the chroots actually updated though?
15:28 < f13> Sopwith: I was told that you setup cvs-int with chroots and such?
15:29 < Sopwith> Yea... If you want to have separate xen instances for each VC system, that'd work too, but failing that, the present setup is OK-ish.
15:29 < f13> mmcgrath: I'd much rather to xen guests for each scm, nfs mounting the storage from say netapp for the scm storage.
15:29 < warren> Sopwith, are the userspace bits within chroots updated?  (security?)
15:29 <@mmcgrath> each chroot may have its own host, but the chroots will probably stay so that a proper shell can be set for everyone.  I'm still looking at whats best to do here, always op
en to ideas.
15:29 < warren> f13, ++
15:29 < Sopwith> warren: There's a script that's supposed to update the chroot from the main system, but I doubt it gets run frequently.
15:29 < warren> Sopwith, ah, it uses binaries from the host?
15:29 <@mmcgrath> Sopwith: I'm afraid to run it :-D  Though it was last updated in november or so.
15:29 < f13> mmcgrath: if we split each scm into its own xen guest, then the shell can be set for that guest
15:30 <@mmcgrath> f13: but what if I want to log in and admin the box?
15:30 < f13> mmcgrath: admins can serial console into the xen guest to do somethign on it.
15:30 < Sopwith> warren: Yea (although they are copies and not hardlinks, so the chroots are probably outdated)
15:30 < f13> mmcgrath: virtual serial console that is
15:30 <@mmcgrath> <nod>
15:30 <@mmcgrath> mdomsch: around?
15:30 -!- mmcgrath changed the topic of #fedora-admin to: mirror management
15:30 < f13> mmcgrath: and we could run sshd on another port that only allows connections from inside the colo
15:30 < warren> mmcgrath, f13: chroot is fine, as long as we keep it documented and automated in a secure way.
15:31 <@mmcgrath> hmm, mdomsch isn't here.  no worries
15:31 < f13> warren: dealing w/ the chroot is a bit ugly.  I'd rather they be split out.
15:31 -!- mmcgrath changed the topic of #fedora-admin to: deltarpm - kim0
15:31 < warren> f13, that's fine too.
15:31 < kim0> I have some basic working code now. The project is named "presto" and has its own hosted project now, https://hosted.fedoraproject.org/projects/presto. code not up yet.
15:31 < kim0> The next step, I guess I will need some mirror owner willing to run the server scripts to generate/host drpms
15:31 < kim0> I should post to the list asking for that, eh ?
15:31 < warren> hm
15:31 <@mmcgrath> kim0: I've been thinking about this at some point we should probably discuss this more in #fedora-devel as I think its more relevant to Fedora the os rather than our infras
tructure.
15:32 <@mmcgrath> though I can see you've been doing some pretty good work.
15:32 < kim0> ok
15:32 < warren> You may want to write clear and obvious documentation showing how this is NOT like previous crack.
15:32 < kim0> what's previous crack
15:32 < warren> People have wanted this for a long time, but past ideas were bad
15:33 < warren> I haven't been following your implementation so I don't know your specifics
15:33 < warren> so posting your code would be goo
15:33 < warren> good
15:33 < kim0> yeah this has been on the list, basically all server side code was killed
15:33 <@mmcgrath> kim0: If you're think you're ready take it to the fedora-devel :-D
15:33 <@mmcgrath> and be prepared.
15:33 < kim0> which I guess was the main issue
15:33 < kim0> mmcgrath: guess I will
15:34 <@mmcgrath> :-D  time for the big leagues.
15:34 -!- mmcgrath changed the topic of #fedora-admin to: open floor
15:34 <@mmcgrath> anyone have anything before I close the meeting?
15:34  * kim0 smiles
15:34 < abadger1999> kim0: Some examples: Must run a special server to generate deltarpms for the users, generating deltas for files on the filesystem so there's no rpm signature, etc.
15:34 <@mmcgrath> Next week will be my first full time week.
15:34 < dgilmore> mmcgrath: just keep us in the loop
15:34 < warren> kim0, good, no serverside =)
15:34 <@mmcgrath> dgilmore: always.  Matt just got back to me, the old cvs firmware will be upgraded next week when he'll be on site.
15:34 < abadger1999> mmcgrath: When you look into hosting bits at Universities, tibbs might be able to volunteer some resources.
15:34 < kim0> My implementation: no server side code, no on the fly generation, Yes for all sig checking
15:34 < dgilmore> mmcgrath: :)  great
15:35 <@mmcgrath> Alrighty guys, thanks for coming
15:35 -!- mmcgrath changed the topic of #fedora-admin to: ----------- Meeting End ---------------