Freeze break request: update koji package on rawhide/branched-composers

[Kevin Fenzi]

I'd like to update the koji package on
rawhide-composer.phx2.fedoraproject.org and
branched-composer.phx2.fedoraproject.org

This should fix the blocking retired packages issue noted in: 

https://fedorahosted.org/rel-eng/ticket/6244

If it causes some issue we can roll back to the current version of the
package. 

+1s?

kevin




pgp_8Qt_KNlQi.pgp
Description: OpenPGP digital signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Re: Freeze break request: update koji package on rawhide/branched-composers

[Patrick Uiterwijk]

+1

With kind regards,
Patrick Uiterwijk
Fedora Infra

- Original Message -
> I'd like to update the koji package on
> rawhide-composer.phx2.fedoraproject.org and
> branched-composer.phx2.fedoraproject.org
> 
> This should fix the blocking retired packages issue noted in:
> 
> https://fedorahosted.org/rel-eng/ticket/6244
> 
> If it causes some issue we can roll back to the current version of the
> package.
> 
> +1s?
> 
> kevin
> 
> 
> 
> ___
> infrastructure mailing list
> infrastructure@lists.fedoraproject.org
> http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
> 
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Re: Freeze Break Request: Proxy RequestTimeout

[Kevin Fenzi]

+1 here

kevin


pgpxyOnAdnTD9.pgp
Description: OpenPGP digital signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Re: Freeze break request: update koji package on rawhide/branched-composers

[Ralph Bean]

On Wed, Oct 14, 2015 at 12:18:23PM -0400, Patrick Uiterwijk wrote:
> +1

+1 here too.


signature.asc
Description: PGP signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Re: Freeze break request: update koji package on rawhide/branched-composers

[Kevin Fenzi]

Applied. Thanks. 

kevin


pgpjPQjuS9NwW.pgp
Description: OpenPGP digital signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Freeze Break Request: Proxy RequestTimeout

[Patrick Uiterwijk]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi all,

Could I get +1s for the following patch?
This patch is to prevent broken (or malicious) clients from
taking up connection resources on the reverse proxies if they
don't finish sending their request within a reasonable period
of time (10 seconds for headers should be more than enough).
This has been live on proxy02 for about 8 hours now, and resulted
it a lot lower CPU usage.



commit 4f96c69a2a0777cd1a474ac23bb5b37fe05ddfde
Author: Patrick Uiterwijk 
Date:   Wed Oct 14 16:35:26 2015 +

Set requesttimeout on headers

Signed-off-by: Patrick Uiterwijk 

diff --git a/roles/httpd/proxy/tasks/main.yml b/roles/httpd/proxy/tasks/main.yml
index 45140d9..b909de9 100644
- --- a/roles/httpd/proxy/tasks/main.yml
+++ b/roles/httpd/proxy/tasks/main.yml
@@ -25,6 +25,7 @@
   - 00-namevirtualhost.conf
   - 01-keepalives.conf
   - 02-ticketkey.conf
+  - 03-reqtimeout.conf
   notify:
   - restart httpd
   tags:
diff --git a/roles/httpd/proxy/templates/03-reqtimeout.conf 
b/roles/httpd/proxy/templates/03-reqtimeout.conf
new file mode 100644
index 000..595595c
- --- /dev/null
+++ b/roles/httpd/proxy/templates/03-reqtimeout.conf
@@ -0,0 +1 @@
+RequestReadTimeout header=10



- -- 
With kind regards,
Patrick Uiterwijk
Fedora Infra
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJWHoS3AAoJEIZXmA2atR5QvLEP/jTyJ+Y2GMg1kWcSAXQKtwdo
NPBGILqYhpsP5rWEVyx/7R+MRd0mlY7ECPFX9Vlkga39Q2isr3N5HUUmSWfAviDU
yaIo9/OAXepcmMguz9nese2mxlMKNtHY1RWiblpDlG39OFtgmhJcG5biN1xBvExO
xUJ221u45VWtV8QUMvL5DXpfPZ+ULXKI3ZysSX3k5eTozcmIFgA0XusJwE9/Wx+q
pW03fsU20LtPnLOT1+ZWAQ01StgCKzOU0kddKYG4LFVQHJnWu65tplqozOoyyqaN
enKlGuFeB4cdfg6f5bmO1FAx65RJeT47dLQ2zSozM30/f23bTm1sqLyLLNeIApa5
G25TlyjGe0DQ/H32YiTH0GXW/TFl8RSScPhyS8uraS4EVWcETRcBqcT4YKqEjL9V
6QgYHh3eWK8mvTgZC30lF/sr0wV4Jjd4DTJ7piQdlwyt21jviBDvS8KAiMqt7fdN
y0mi3jyls/DsOT7GEfguNY8Z0Qg8i4rrlOxz4+k6cInmMioc0c+TkhYTxvSbAmzd
h848Ah7uyoNoBgrZpCz9LMLmTSmV1h4YP2zmUkqteIqHVCeY7ko8TikD9Ry/w72K
ZmnenXu8rTwHhfyw7x5R3oIsa+V91Y3ilKi4uYftuw2ybTlEpndeDDTEqVjn8AnA
VBxy1T3ar9B9LAFR/2/w
=KuEj
-END PGP SIGNATURE-
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Re: Freeze Break Request: Proxy RequestTimeout

[Ralph Bean]

On Wed, Oct 14, 2015 at 11:08:11AM -0600, Kevin Fenzi wrote:
> +1 here
> 
> kevin

+1 here too.


signature.asc
Description: PGP signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Freeze break request: add /etc/hosts entry on bodhi-backend01 (retroactive)

[Kevin Fenzi]

I had 2 failed f23-updates-testing pushes when it was unable to
download repodata from "download.fedoraproject.org"

Oct 13 22:40:23 bodhi-backend01.phx2.fedoraproject.org
fedmsg-hub[8163]:
http://download.fedoraproject.org/pub/fedora/linux/development/23/x86_64/os/repodata/repomd.xml:
[Errno 14] HTTPS Error 302 - Found

download.fedoraproject.org is a redirect to mirrormanager which gives
you a (somewhat) random mirror. 

We shouldn't depend on a random selection here, so I've hard
coded it to use one of the master mirrors in phx2.

I've already applied this as I needed to get updates pushes going
again, but I thought I would get some retroactive +1s/approval. ;) 

kevin
--
diff --git a/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts 
b/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts
index 206ff9a..1ed50a8 100644
--- a/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts
+++ b/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts
@@ -13,3 +13,5 @@
 10.5.124.191 s390.koji.fedoraproject.org
 10.5.124.182 ppc.koji.fedoraproject.org
 10.5.124.138 arm.koji.fedoraproject.org
+# Point download.fedoraproject.org to dl01.phx2.fedoraproject.org
+10.5.126.93  download.fedoraproject.org



pgpB7lHgcIakU.pgp
Description: OpenPGP digital signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Re: Freeze break request: add /etc/hosts entry on bodhi-backend01 (retroactive)

[Patrick Uiterwijk]

+1

With kind regards,
Patrick Uiterwijk
Fedora Infra

- Original Message -
> I had 2 failed f23-updates-testing pushes when it was unable to
> download repodata from "download.fedoraproject.org"
> 
> Oct 13 22:40:23 bodhi-backend01.phx2.fedoraproject.org
> fedmsg-hub[8163]:
> http://download.fedoraproject.org/pub/fedora/linux/development/23/x86_64/os/repodata/repomd.xml:
> [Errno 14] HTTPS Error 302 - Found
> 
> download.fedoraproject.org is a redirect to mirrormanager which gives
> you a (somewhat) random mirror.
> 
> We shouldn't depend on a random selection here, so I've hard
> coded it to use one of the master mirrors in phx2.
> 
> I've already applied this as I needed to get updates pushes going
> again, but I thought I would get some retroactive +1s/approval. ;)
> 
> kevin
> --
> diff --git a/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts
> b/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts
> index 206ff9a..1ed50a8 100644
> --- a/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts
> +++ b/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts
> @@ -13,3 +13,5 @@
>  10.5.124.191 s390.koji.fedoraproject.org
>  10.5.124.182 ppc.koji.fedoraproject.org
>  10.5.124.138 arm.koji.fedoraproject.org
> +# Point download.fedoraproject.org to dl01.phx2.fedoraproject.org
> +10.5.126.93  download.fedoraproject.org
> 
> 
> ___
> infrastructure mailing list
> infrastructure@lists.fedoraproject.org
> http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
> 
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Plan for tomorrow's Fedora Infrastructure meeting - 2015-10-15

[Kevin Fenzi]

The infrastructure team will be having it's weekly meeting tomorrow, 
2015-10-15 at 18:00 UTC in #fedora-meeting on the freenode network.

We have a gobby document
(see: https://fedoraproject.org/wiki/Gobby )
NOTE: Gobby has changed, we are now using gobby05 and infinote. :) 

fedora-infrastructure-meeting-next is the document.

Please try and review and edit that document before the meeting and we
will use it to have our agenda of things to discuss. A copy as of today
is included in this email. 

If you have something to discuss, add the topic to the discussion area
with your name. If you would like to teach other folks about some
application or setup in our infrastructure, please add that topic and
your name to the learn about section. 

kevin
--
= Introduction =
This shared document is for the next fedora infrastructure meeting.
We will use it over the week before the meeting to gather status and info and 
discussion items and so forth, then use it in the irc meeting to transfer 
information to the meetbot logs.

= Meeting start stuff =

#startmeeting Infrastructure (2015-10-15)
#meetingname infrastructure
#topic aloha
#chair smooge relrod nirik abadger1999 lmacken dgilmore mdomsch threebean 
pingou puiterwijk pbrobinson
#topic New folks introductions / Apprentice feedback

= Status / information / Trivia / Announcements =

(We put things here we want others on the team to know, but don't need to 
discuss)
(Please use #info  - your name)

#topic announcements and information
#info Fedora 23 Final Freeze now in effect - Kevin - 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/O57Q3CE4Z4M7TA5FFQYASKX6CJGSRYUL/
#info [release] pagure: 0.1.31 - Pierre-Yves
#link 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/XKCH44XS2RH6QFYBTBJMZU3U7XAFKI5K/
#link 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/45ANBM3MABE7IVD7T4MOSGZFDF3Z2L3T/
#link 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/VNM52BXRN2CMQDHC3IIN7OYGSZ3QD7PH/
#link 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/DULZOZ2XGMWYNMFT75V5IDRSOHDCWZ6W/
#info [release] pkgdb2: 1.31 - Pierre-Yves
#link 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/YHLZKAQHZSVAZEP35JMWHOLLDJMRKPJJ/
#link 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/CBPQDH3UXTETIMNA5CUPMT3I52KYWBMP/
#info [release] fedmsg_meta_fedora_infrastructure: 0.15.4 - Ralph
#link 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/72ZX2T7GVBHUMTEGYSXFEGLFMU7DC4DR/
#link 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/6ATE2NKCVOGHN3GMH5TDGGNUNPAAHKA6/
#info [release] supybot-fedora-0.3.5 - Ralph - 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/XZGIPXAC2P4EOQ4JC6GTYMLBPXHT6KKA/
#info Upgraded taiga.cloud.fp.o from 1.6.0 to 1.8.0 - Ralph - 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/5VJ6RC7JBYMLTELQIMMIJSOFNVLK2TNC/
#info [release] python-fedora-0.6.0 - Ralph - 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/HRFG4C6W5EQ3ZMGHNJ7RQXODPGKA32DM/
#info [release] the-new-hotness: 0.6.3 - Ralph - 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/JFBUQJO5D7PISYJJ5OMA2QKGF7ENDQGH/
#info [release] bodhi-2.1.2 - Luke - 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/GG52IU2WENKP7OBSSMEC5QN5YDUNEGVX/
#info [release] datagrepper: 0.7.1 - Ralph
#link 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/PFQK5J7FYZTER5TCCWYJKXZI7ZRVRYOC/
#link 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/ZQGHRAWVSRC6LUAP7P5KR2ZDRJYVP5MP/
#info [release] fedmsg: 0.16.2 - Ralph - 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/6Y7WHRXCNZPVDHRXSUUSKILMLFA4CGSE/
#info Firefox addon for askbot sites - Ankur - 
http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/Q3UH6H3RBFWCIHCLSYNJEUUMCRSGCGYT/
#info kevin out next week (wed->sunday) Can someone run the meeting next week? 
- kevin
#info new gobby/infinote server in place - kevin
#info pkgdb2 scm processing is live and announced now - kevin/pingou
#info Bunch of tweaking on proxies to get them stable (ongoing) - 
kevin/patrick/smooge
#info We are now down to under 100 tickets in the infrastructure trac! - 
everyone
#info 

= Things we should discuss =

We use this section to bring up discussion topics. Things we want to talk about
as a group and come up with some consensus or decision or just brainstorm a

New infinote / gobby collaborative document server available

[Kevin Fenzi]

Greetings. 

For many years Fedora Infrastructure has hosted a collaborative editor
server based on the 'sobby' server/protocol. We have finally finished
upgrading this service to use the new 'infinote' server/protocol, and
it's ready for community use. 

Please See:

https://fedoraproject.org/wiki/Gobby

for more information and access details. 

We hope this will be a valuable service to the 
Fedora Development Community. 

kevin


pgp5oN3gv2YMO.pgp
Description: OpenPGP digital signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Freeze Break Request: Ipsilon CVE update

[Patrick Uiterwijk]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

Can I get +1s to apply the fix for CVE-2015-5301 in production?
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1271530

While this bug has less impact for us as SP's cannot be deleted
permanently (because we use file-based configuration), the SP will
be removed from the in-memory config state, meaning that until
httpd is restarted it will be gone.

- -- 
With kind regards,
Patrick Uiterwijk
Fedora Infra
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJWHlt9AAoJEIZXmA2atR5QuF0P/11iKPQpPHc1NcUcJxmRzPv2
7E/uXSqiQqWlaSV3N4k40Eemj2K8e2gSNhH+jbGWGfMbVGh4bV+me9blWlTY/RJI
S1vdKmwnRSf3EkJ0g2LqfbFShX+CZgwUWAL8G2JIgBogVHZP105kjDqUd1GWlelw
0160eDxFPZ4XYPS9ylhbV/Mod9pCKKyynXbnH8P8wCvhG+l7vj2wzYVjCW8Gk1P9
H8MTDlCgY+HLOXtFGhMotn7DzsF5PyHEMfk418y9DVGiD6mdbeLppkdKFrc3GwZP
W6ZV0HSKxldGQ8OtWMB36FngGTfWanHr2wabgMVAzA4+b+p1nPiPaKzuak2TatqU
mQIBBx9TMM+9cnv4W8/hgnjF1lV+9fiGofdIUJj0WbECtwntRz75WWCn65Dg6UlC
tJHM3V2GfABkiUA76J7l5AU9G0AcA47gF2rRAdzDb/VcPmPZZcZ6vmpJtkvScwOw
NiKf/iEKYUOZcU3Xx97FtqITQ0CTfyHN+3ECMYtYPWD1ZBq6DzxQhrxLlU51nons
0D1GGVyC6Ij+Su/CF5Ugb9SRDfKyfUcMRYih/WYk/LFdU0z5V48uQiFB/LfHIPAu
dZAKrsozDA46nsO6o3ghPcBTJARR7ycknEyOIuaDOr5hvJKe2ZNv1QIyaG9ha/K0
Afur0fVHvWElEQYhkPIW
=fnR8
-END PGP SIGNATURE-
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Re: Freeze Break Request: Ipsilon CVE update

[Dennis Gilmore]

On Wednesday, October 14, 2015 03:41:17 PM Patrick Uiterwijk wrote:
> Hi,
> 
> Can I get +1s to apply the fix for CVE-2015-5301 in production?
> RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1271530
> 
> While this bug has less impact for us as SP's cannot be deleted
> permanently (because we use file-based configuration), the SP will
> be removed from the in-memory config state, meaning that until
> httpd is restarted it will be gone.

+1
I think this is something you can do and get retrospective +1's for  

Dennis

signature.asc
Description: This is a digitally signed message part.
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Re: Freeze Break Request: Ipsilon CVE update

[Patrick Uiterwijk]

Fair enough.
I just deployed this patch in stg and prod.
Can I get a retrospective +1?

With kind regards,
Patrick Uiterwijk
Fedora Infra

- Original Message -
> On Wednesday, October 14, 2015 03:41:17 PM Patrick Uiterwijk wrote:
> > Hi,
> > 
> > Can I get +1s to apply the fix for CVE-2015-5301 in production?
> > RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1271530
> > 
> > While this bug has less impact for us as SP's cannot be deleted
> > permanently (because we use file-based configuration), the SP will
> > be removed from the in-memory config state, meaning that until
> > httpd is restarted it will be gone.
> 
> +1
> I think this is something you can do and get retrospective +1's for
> 
> Dennis
> ___
> infrastructure mailing list
> infrastructure@lists.fedoraproject.org
> http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
> 
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org

Re: [PATCH] Disable the google login

[Pierre-Yves Chibon]

On Wed, Oct 14, 2015 at 07:15:06AM -0600, Kevin Fenzi wrote:
> Sure. +1
> 
> Are there any plans to support the new one someday? 

Hopefully, but don't hold your breath on it :)


Pierre


pgpnUh1nTbUMI.pgp
Description: PGP signature
___
infrastructure mailing list
infrastructure@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org