Freeze break request: update koji package on rawhide/branched-composers
I'd like to update the koji package on rawhide-composer.phx2.fedoraproject.org and branched-composer.phx2.fedoraproject.org This should fix the blocking retired packages issue noted in: https://fedorahosted.org/rel-eng/ticket/6244 If it causes some issue we can roll back to the current version of the package. +1s? kevin pgp_8Qt_KNlQi.pgp Description: OpenPGP digital signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Re: Freeze break request: update koji package on rawhide/branched-composers
+1 With kind regards, Patrick Uiterwijk Fedora Infra - Original Message - > I'd like to update the koji package on > rawhide-composer.phx2.fedoraproject.org and > branched-composer.phx2.fedoraproject.org > > This should fix the blocking retired packages issue noted in: > > https://fedorahosted.org/rel-eng/ticket/6244 > > If it causes some issue we can roll back to the current version of the > package. > > +1s? > > kevin > > > > ___ > infrastructure mailing list > infrastructure@lists.fedoraproject.org > http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org > ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Re: Freeze Break Request: Proxy RequestTimeout
+1 here kevin pgpxyOnAdnTD9.pgp Description: OpenPGP digital signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Re: Freeze break request: update koji package on rawhide/branched-composers
On Wed, Oct 14, 2015 at 12:18:23PM -0400, Patrick Uiterwijk wrote: > +1 +1 here too. signature.asc Description: PGP signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Re: Freeze break request: update koji package on rawhide/branched-composers
Applied. Thanks. kevin pgpjPQjuS9NwW.pgp Description: OpenPGP digital signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Freeze Break Request: Proxy RequestTimeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi all, Could I get +1s for the following patch? This patch is to prevent broken (or malicious) clients from taking up connection resources on the reverse proxies if they don't finish sending their request within a reasonable period of time (10 seconds for headers should be more than enough). This has been live on proxy02 for about 8 hours now, and resulted it a lot lower CPU usage. commit 4f96c69a2a0777cd1a474ac23bb5b37fe05ddfde Author: Patrick UiterwijkDate: Wed Oct 14 16:35:26 2015 + Set requesttimeout on headers Signed-off-by: Patrick Uiterwijk diff --git a/roles/httpd/proxy/tasks/main.yml b/roles/httpd/proxy/tasks/main.yml index 45140d9..b909de9 100644 - --- a/roles/httpd/proxy/tasks/main.yml +++ b/roles/httpd/proxy/tasks/main.yml @@ -25,6 +25,7 @@ - 00-namevirtualhost.conf - 01-keepalives.conf - 02-ticketkey.conf + - 03-reqtimeout.conf notify: - restart httpd tags: diff --git a/roles/httpd/proxy/templates/03-reqtimeout.conf b/roles/httpd/proxy/templates/03-reqtimeout.conf new file mode 100644 index 000..595595c - --- /dev/null +++ b/roles/httpd/proxy/templates/03-reqtimeout.conf @@ -0,0 +1 @@ +RequestReadTimeout header=10 - -- With kind regards, Patrick Uiterwijk Fedora Infra -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJWHoS3AAoJEIZXmA2atR5QvLEP/jTyJ+Y2GMg1kWcSAXQKtwdo NPBGILqYhpsP5rWEVyx/7R+MRd0mlY7ECPFX9Vlkga39Q2isr3N5HUUmSWfAviDU yaIo9/OAXepcmMguz9nese2mxlMKNtHY1RWiblpDlG39OFtgmhJcG5biN1xBvExO xUJ221u45VWtV8QUMvL5DXpfPZ+ULXKI3ZysSX3k5eTozcmIFgA0XusJwE9/Wx+q pW03fsU20LtPnLOT1+ZWAQ01StgCKzOU0kddKYG4LFVQHJnWu65tplqozOoyyqaN enKlGuFeB4cdfg6f5bmO1FAx65RJeT47dLQ2zSozM30/f23bTm1sqLyLLNeIApa5 G25TlyjGe0DQ/H32YiTH0GXW/TFl8RSScPhyS8uraS4EVWcETRcBqcT4YKqEjL9V 6QgYHh3eWK8mvTgZC30lF/sr0wV4Jjd4DTJ7piQdlwyt21jviBDvS8KAiMqt7fdN y0mi3jyls/DsOT7GEfguNY8Z0Qg8i4rrlOxz4+k6cInmMioc0c+TkhYTxvSbAmzd h848Ah7uyoNoBgrZpCz9LMLmTSmV1h4YP2zmUkqteIqHVCeY7ko8TikD9Ry/w72K ZmnenXu8rTwHhfyw7x5R3oIsa+V91Y3ilKi4uYftuw2ybTlEpndeDDTEqVjn8AnA VBxy1T3ar9B9LAFR/2/w =KuEj -END PGP SIGNATURE- ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Re: Freeze Break Request: Proxy RequestTimeout
On Wed, Oct 14, 2015 at 11:08:11AM -0600, Kevin Fenzi wrote: > +1 here > > kevin +1 here too. signature.asc Description: PGP signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Freeze break request: add /etc/hosts entry on bodhi-backend01 (retroactive)
I had 2 failed f23-updates-testing pushes when it was unable to download repodata from "download.fedoraproject.org" Oct 13 22:40:23 bodhi-backend01.phx2.fedoraproject.org fedmsg-hub[8163]: http://download.fedoraproject.org/pub/fedora/linux/development/23/x86_64/os/repodata/repomd.xml: [Errno 14] HTTPS Error 302 - Found download.fedoraproject.org is a redirect to mirrormanager which gives you a (somewhat) random mirror. We shouldn't depend on a random selection here, so I've hard coded it to use one of the master mirrors in phx2. I've already applied this as I needed to get updates pushes going again, but I thought I would get some retroactive +1s/approval. ;) kevin -- diff --git a/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts b/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts index 206ff9a..1ed50a8 100644 --- a/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts +++ b/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts @@ -13,3 +13,5 @@ 10.5.124.191 s390.koji.fedoraproject.org 10.5.124.182 ppc.koji.fedoraproject.org 10.5.124.138 arm.koji.fedoraproject.org +# Point download.fedoraproject.org to dl01.phx2.fedoraproject.org +10.5.126.93 download.fedoraproject.org pgpB7lHgcIakU.pgp Description: OpenPGP digital signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Re: Freeze break request: add /etc/hosts entry on bodhi-backend01 (retroactive)
+1 With kind regards, Patrick Uiterwijk Fedora Infra - Original Message - > I had 2 failed f23-updates-testing pushes when it was unable to > download repodata from "download.fedoraproject.org" > > Oct 13 22:40:23 bodhi-backend01.phx2.fedoraproject.org > fedmsg-hub[8163]: > http://download.fedoraproject.org/pub/fedora/linux/development/23/x86_64/os/repodata/repomd.xml: > [Errno 14] HTTPS Error 302 - Found > > download.fedoraproject.org is a redirect to mirrormanager which gives > you a (somewhat) random mirror. > > We shouldn't depend on a random selection here, so I've hard > coded it to use one of the master mirrors in phx2. > > I've already applied this as I needed to get updates pushes going > again, but I thought I would get some retroactive +1s/approval. ;) > > kevin > -- > diff --git a/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts > b/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts > index 206ff9a..1ed50a8 100644 > --- a/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts > +++ b/roles/hosts/files/bodhi-backend01.phx2.fedoraproject.org-hosts > @@ -13,3 +13,5 @@ > 10.5.124.191 s390.koji.fedoraproject.org > 10.5.124.182 ppc.koji.fedoraproject.org > 10.5.124.138 arm.koji.fedoraproject.org > +# Point download.fedoraproject.org to dl01.phx2.fedoraproject.org > +10.5.126.93 download.fedoraproject.org > > > ___ > infrastructure mailing list > infrastructure@lists.fedoraproject.org > http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org > ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Plan for tomorrow's Fedora Infrastructure meeting - 2015-10-15
The infrastructure team will be having it's weekly meeting tomorrow, 2015-10-15 at 18:00 UTC in #fedora-meeting on the freenode network. We have a gobby document (see: https://fedoraproject.org/wiki/Gobby ) NOTE: Gobby has changed, we are now using gobby05 and infinote. :) fedora-infrastructure-meeting-next is the document. Please try and review and edit that document before the meeting and we will use it to have our agenda of things to discuss. A copy as of today is included in this email. If you have something to discuss, add the topic to the discussion area with your name. If you would like to teach other folks about some application or setup in our infrastructure, please add that topic and your name to the learn about section. kevin -- = Introduction = This shared document is for the next fedora infrastructure meeting. We will use it over the week before the meeting to gather status and info and discussion items and so forth, then use it in the irc meeting to transfer information to the meetbot logs. = Meeting start stuff = #startmeeting Infrastructure (2015-10-15) #meetingname infrastructure #topic aloha #chair smooge relrod nirik abadger1999 lmacken dgilmore mdomsch threebean pingou puiterwijk pbrobinson #topic New folks introductions / Apprentice feedback = Status / information / Trivia / Announcements = (We put things here we want others on the team to know, but don't need to discuss) (Please use #info - your name) #topic announcements and information #info Fedora 23 Final Freeze now in effect - Kevin - http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/O57Q3CE4Z4M7TA5FFQYASKX6CJGSRYUL/ #info [release] pagure: 0.1.31 - Pierre-Yves #link http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/XKCH44XS2RH6QFYBTBJMZU3U7XAFKI5K/ #link http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/45ANBM3MABE7IVD7T4MOSGZFDF3Z2L3T/ #link http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/VNM52BXRN2CMQDHC3IIN7OYGSZ3QD7PH/ #link http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/DULZOZ2XGMWYNMFT75V5IDRSOHDCWZ6W/ #info [release] pkgdb2: 1.31 - Pierre-Yves #link http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/YHLZKAQHZSVAZEP35JMWHOLLDJMRKPJJ/ #link http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/CBPQDH3UXTETIMNA5CUPMT3I52KYWBMP/ #info [release] fedmsg_meta_fedora_infrastructure: 0.15.4 - Ralph #link http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/72ZX2T7GVBHUMTEGYSXFEGLFMU7DC4DR/ #link http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/6ATE2NKCVOGHN3GMH5TDGGNUNPAAHKA6/ #info [release] supybot-fedora-0.3.5 - Ralph - http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/XZGIPXAC2P4EOQ4JC6GTYMLBPXHT6KKA/ #info Upgraded taiga.cloud.fp.o from 1.6.0 to 1.8.0 - Ralph - http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/5VJ6RC7JBYMLTELQIMMIJSOFNVLK2TNC/ #info [release] python-fedora-0.6.0 - Ralph - http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/HRFG4C6W5EQ3ZMGHNJ7RQXODPGKA32DM/ #info [release] the-new-hotness: 0.6.3 - Ralph - http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/JFBUQJO5D7PISYJJ5OMA2QKGF7ENDQGH/ #info [release] bodhi-2.1.2 - Luke - http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/GG52IU2WENKP7OBSSMEC5QN5YDUNEGVX/ #info [release] datagrepper: 0.7.1 - Ralph #link http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/PFQK5J7FYZTER5TCCWYJKXZI7ZRVRYOC/ #link http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/ZQGHRAWVSRC6LUAP7P5KR2ZDRJYVP5MP/ #info [release] fedmsg: 0.16.2 - Ralph - http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/6Y7WHRXCNZPVDHRXSUUSKILMLFA4CGSE/ #info Firefox addon for askbot sites - Ankur - http://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/Q3UH6H3RBFWCIHCLSYNJEUUMCRSGCGYT/ #info kevin out next week (wed->sunday) Can someone run the meeting next week? - kevin #info new gobby/infinote server in place - kevin #info pkgdb2 scm processing is live and announced now - kevin/pingou #info Bunch of tweaking on proxies to get them stable (ongoing) - kevin/patrick/smooge #info We are now down to under 100 tickets in the infrastructure trac! - everyone #info = Things we should discuss = We use this section to bring up discussion topics. Things we want to talk about as a group and come up with some consensus or decision or just brainstorm a
New infinote / gobby collaborative document server available
Greetings. For many years Fedora Infrastructure has hosted a collaborative editor server based on the 'sobby' server/protocol. We have finally finished upgrading this service to use the new 'infinote' server/protocol, and it's ready for community use. Please See: https://fedoraproject.org/wiki/Gobby for more information and access details. We hope this will be a valuable service to the Fedora Development Community. kevin pgp5oN3gv2YMO.pgp Description: OpenPGP digital signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Freeze Break Request: Ipsilon CVE update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Can I get +1s to apply the fix for CVE-2015-5301 in production? RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1271530 While this bug has less impact for us as SP's cannot be deleted permanently (because we use file-based configuration), the SP will be removed from the in-memory config state, meaning that until httpd is restarted it will be gone. - -- With kind regards, Patrick Uiterwijk Fedora Infra -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJWHlt9AAoJEIZXmA2atR5QuF0P/11iKPQpPHc1NcUcJxmRzPv2 7E/uXSqiQqWlaSV3N4k40Eemj2K8e2gSNhH+jbGWGfMbVGh4bV+me9blWlTY/RJI S1vdKmwnRSf3EkJ0g2LqfbFShX+CZgwUWAL8G2JIgBogVHZP105kjDqUd1GWlelw 0160eDxFPZ4XYPS9ylhbV/Mod9pCKKyynXbnH8P8wCvhG+l7vj2wzYVjCW8Gk1P9 H8MTDlCgY+HLOXtFGhMotn7DzsF5PyHEMfk418y9DVGiD6mdbeLppkdKFrc3GwZP W6ZV0HSKxldGQ8OtWMB36FngGTfWanHr2wabgMVAzA4+b+p1nPiPaKzuak2TatqU mQIBBx9TMM+9cnv4W8/hgnjF1lV+9fiGofdIUJj0WbECtwntRz75WWCn65Dg6UlC tJHM3V2GfABkiUA76J7l5AU9G0AcA47gF2rRAdzDb/VcPmPZZcZ6vmpJtkvScwOw NiKf/iEKYUOZcU3Xx97FtqITQ0CTfyHN+3ECMYtYPWD1ZBq6DzxQhrxLlU51nons 0D1GGVyC6Ij+Su/CF5Ugb9SRDfKyfUcMRYih/WYk/LFdU0z5V48uQiFB/LfHIPAu dZAKrsozDA46nsO6o3ghPcBTJARR7ycknEyOIuaDOr5hvJKe2ZNv1QIyaG9ha/K0 Afur0fVHvWElEQYhkPIW =fnR8 -END PGP SIGNATURE- ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Re: Freeze Break Request: Ipsilon CVE update
On Wednesday, October 14, 2015 03:41:17 PM Patrick Uiterwijk wrote: > Hi, > > Can I get +1s to apply the fix for CVE-2015-5301 in production? > RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1271530 > > While this bug has less impact for us as SP's cannot be deleted > permanently (because we use file-based configuration), the SP will > be removed from the in-memory config state, meaning that until > httpd is restarted it will be gone. +1 I think this is something you can do and get retrospective +1's for Dennis signature.asc Description: This is a digitally signed message part. ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Re: Freeze Break Request: Ipsilon CVE update
Fair enough. I just deployed this patch in stg and prod. Can I get a retrospective +1? With kind regards, Patrick Uiterwijk Fedora Infra - Original Message - > On Wednesday, October 14, 2015 03:41:17 PM Patrick Uiterwijk wrote: > > Hi, > > > > Can I get +1s to apply the fix for CVE-2015-5301 in production? > > RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1271530 > > > > While this bug has less impact for us as SP's cannot be deleted > > permanently (because we use file-based configuration), the SP will > > be removed from the in-memory config state, meaning that until > > httpd is restarted it will be gone. > > +1 > I think this is something you can do and get retrospective +1's for > > Dennis > ___ > infrastructure mailing list > infrastructure@lists.fedoraproject.org > http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org > ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org
Re: [PATCH] Disable the google login
On Wed, Oct 14, 2015 at 07:15:06AM -0600, Kevin Fenzi wrote: > Sure. +1 > > Are there any plans to support the new one someday? Hopefully, but don't hold your breath on it :) Pierre pgpnUh1nTbUMI.pgp Description: PGP signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org http://lists.fedoraproject.org/admin/infrastructure@lists.fedoraproject.org