IPv6 for Fedora services?
Is there any IPv6 plan for *.fedoraproject.org ? One plan chosen by projects (including wikimedia) is a staged rollout, like this: 1) enable IPv6 reachability and records for DNS servers 2) enable IPv6 for small-audience or developer-only services, such as cvs/svn/git services 3) enable IPv6 for primary services, such as public web Such staged rollouts attempt to balance the potential for service disruption due to end-user misconfiguration, with pushing technological progress foward. As of today, for months, the DNS root servers are reachable via IPv6 and have records. Any chance we could look at step #1 or #2 for Fedora? I am hoping that Fedora can be a leader rather than a follower in deploying this new technology. Jeff ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines?
On Sunday, August 16 2009, Mike McGrath said: I'm conflicted on this, there's valid points here but also the risks are fairly low. As far as disabling agent forwarding, that's trivial to re-enable if the box gets rooted. We could add something to the security doc suggesting something like the following in ~/.ssh/config Host publictest*.fedoraproject.org ForwardAgent no Jeremy ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: IPv6 for Fedora services?
Do we know if native IPv6 connectivity is available in any of our colo sites, or if we would need to use some form of tunnel? --Original Message-- From: Mike McGrath Sender: fedora-infrastructure-list-boun...@redhat.com To: Fedora Infrastructure ReplyTo: Fedora Infrastructure Subject: Re: IPv6 for Fedora services? Sent: Aug 17, 2009 10:01 AM On Mon, 17 Aug 2009, Jeff Garzik wrote: Is there any IPv6 plan for *.fedoraproject.org ? There is currently no plan. -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com www.dell.com/linux ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: IPv6 for Fedora services?
The Server(s) in Germany is/are hosted at Telia which AFAIK has native IPv6 support. Greetings, Felix Am 17.08.2009 16:33, schrieb Matt Domsch: Do we know if native IPv6 connectivity is available in any of our colo sites, or if we would need to use some form of tunnel? --Original Message-- From: Mike McGrath Sender: fedora-infrastructure-list-boun...@redhat.com To: Fedora Infrastructure ReplyTo: Fedora Infrastructure Subject: Re: IPv6 for Fedora services? Sent: Aug 17, 2009 10:01 AM On Mon, 17 Aug 2009, Jeff Garzik wrote: Is there any IPv6 plan for *.fedoraproject.org ? There is currently no plan. -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com www.dell.com/linux ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: IPv6 for Fedora services?
On Monday 17 August 2009 09:33:15 am Matt Domsch wrote: Do we know if native IPv6 connectivity is available in any of our colo sites, or if we would need to use some form of tunnel? We would have to use tunnels. one or two of our sites may offer ipv6 but AFIAK the bulk do not. Dennis --Original Message-- From: Mike McGrath Sender: fedora-infrastructure-list-boun...@redhat.com To: Fedora Infrastructure ReplyTo: Fedora Infrastructure Subject: Re: IPv6 for Fedora services? Sent: Aug 17, 2009 10:01 AM On Mon, 17 Aug 2009, Jeff Garzik wrote: Is there any IPv6 plan for *.fedoraproject.org ? There is currently no plan. -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com www.dell.com/linux ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list signature.asc Description: This is a digitally signed message part. ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: IPv6 for Fedora services?
On 17/08/09 16:29, Dennis Gilmore wrote: On Monday 17 August 2009 09:33:15 am Matt Domsch wrote: Do we know if native IPv6 connectivity is available in any of our colo sites, or if we would need to use some form of tunnel? We would have to use tunnels. one or two of our sites may offer ipv6 but AFIAK the bulk do not. Dennis --Original Message-- From: Mike McGrath Sender: fedora-infrastructure-list-boun...@redhat.com To: Fedora Infrastructure ReplyTo: Fedora Infrastructure Subject: Re: IPv6 for Fedora services? Sent: Aug 17, 2009 10:01 AM On Mon, 17 Aug 2009, Jeff Garzik wrote: Is there any IPv6 plan for *.fedoraproject.org ? There is currently no plan. -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list -- Matt Domsch Technology Strategist, Dell Office of the CTO linux.dell.com www.dell.com/linux ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list 6 to 4 could be deployed anywhere, pretty easily. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Thawte Notary For Fedora related issues, please email me at: tsant...@fedoraproject.org smime.p7s Description: S/MIME Cryptographic Signature ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: IPv6 for Fedora services?
On 08/17/2009 10:01 AM, Mike McGrath wrote: On Mon, 17 Aug 2009, Jeff Garzik wrote: Is there any IPv6 plan for *.fedoraproject.org ? There is currently no plan. What needs to be done to create a plan, and move forward? Jeff ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Self-introduction: Mel Chua
Hiya. Infrastructure newbie here. I'm Mel; some of you have seen me around (particularly in Marketing). https://fedoraproject.org/wiki/User:Mchua has more introduction-esque stuff. Ricky sponsored me for sysadmin-test so I can get up a test instance of zikula for FI (https://fedoraproject.org/wiki/Fedora_Insight) - copious documentation being written at http://blog.melchua.com/2009/08/16/how-the-zikula-based-test-instance-of-fi-was-put-up-part-1/ (to be turned into wiki notes when everything is up and working). [1] This is the first time I've done sysadmin-type stuff on a box that wasn't my own personal computer, and it's been fascinating so far to learn how things work when multiple users get involved. You'll see questions from me on IRC (mchua) once in a while - thanks to everyone who's been extending such a warm welcome! This is much less scary than I thought it would be. ;) --Mel [1] If anyone's interested in playing with a Real Zikula Project early, we could definitely use help; we're serving as a guinea pig for future bigger projects like The Great Docs Migration, so there's a ton of stuff I don't think anybody really knows yet. If someone's looking for a project for the remainder of F12 and wants to learn about zikula and run with the tech/infrastructure stuff for FI for a few months, we should talk. ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: IPv6 for Fedora services?
On Mon, 17 Aug 2009, Jeff Garzik wrote: On 08/17/2009 10:01 AM, Mike McGrath wrote: On Mon, 17 Aug 2009, Jeff Garzik wrote: Is there any IPv6 plan for *.fedoraproject.org ? There is currently no plan. What needs to be done to create a plan, and move forward? Someone with a clear idea of the benefits, costs, and a plan for implementation. -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines?
On Mon, 17 Aug 2009, Ricky Zhou wrote: On 2009-08-16 09:23:37 PM, Mike McGrath wrote: I'm conflicted on this, there's valid points here but also the risks are fairly low. As far as disabling agent forwarding, that's trivial to re-enable if the box gets rooted. Yeah, that's true - what Jeremy suggested sounds like a better idea (and perhaps it could be added to CSI). Specifically we're trying to protect against a rooted publictest box becoming a password harvester right? Yup (and SSH agent harvesters as well). The goal is that if a publictest machine were compromised (since it'd probably be one of the easier targets), any damage would be confined to that machine as much as possible. On a related note, I would like to have a policy of rebuilding the test boxes more often then we do. Just a thought. -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines?
On 2009-08-17 02:44:58 PM, Mike McGrath wrote: On a related note, I would like to have a policy of rebuilding the test boxes more often then we do. Just a thought. Agreed. publictest15 is nearing a year old, which I think is way too long for a publictest machine. It has all sorts of junk on it now (like the errors that Eric got about /opt/zimbra when trying to setup zikula). Here s a summary of our currently running publictest machines and the date they were built on (from an rpm -qa --last | tail -1): publictest1: Sun 10 May 2009 09:46:49 PM GMT publictest2: Fri 29 May 2009 11:06:26 PM UTC publictest3: Thu 11 Jun 2009 09:25:56 PM UTC publictest6: Tue 23 Jun 2009 08:34:50 PM UTC publictest7: Tue 30 Jun 2009 08:24:36 PM UTC publictest10: Tue 02 Dec 2008 10:45:16 PM UTC publictest14: Tue 16 Dec 2008 10:38:09 PM UTC publictest15: Thu 28 Aug 2008 06:26:33 PM UTC publictest16: Thu 23 Oct 2008 06:14:22 PM UTC All the 2008 ones should probably be rebuilt when possible - any thoughts as to what a good policy for this would be? Maybe after ~4-6 months, we should stop putting new projects on publictest machines, and rebuild them once all current projects are finished? The wiki pages could also be great for tracking some of this stuff. Thanks, Ricky pgp90SiRBsGTu.pgp Description: PGP signature ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines?
On Mon, Aug 17, 2009 at 03:36:40PM -0500, Mike McGrath wrote: On Mon, 17 Aug 2009, Ricky Zhou wrote: On 2009-08-17 02:44:58 PM, Mike McGrath wrote: On a related note, I would like to have a policy of rebuilding the test boxes more often then we do. Just a thought. Agreed. publictest15 is nearing a year old, which I think is way too Ugh, a year old. /me checks his calendar. My god has it been a year already? https://www.redhat.com/archives/fedora-announce-list/2008-August/msg8.html wow. It seems like only a few months since... oh wait, it was: https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html -- Paul W. Frieldshttp://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Self-introduction: Mel Chua
On Mon, 17 Aug 2009, Mel Chua wrote: Hiya. Infrastructure newbie here. I'm Mel; some of you have seen me around (particularly in Marketing). https://fedoraproject.org/wiki/User:Mchua has more introduction-esque stuff. Ricky sponsored me for sysadmin-test so I can get up a test instance of zikula for FI (https://fedoraproject.org/wiki/Fedora_Insight) - copious documentation being written at http://blog.melchua.com/2009/08/16/how-the-zikula-based-test-instance-of-fi-was-put-up-part-1/ (to be turned into wiki notes when everything is up and working). [1] This is the first time I've done sysadmin-type stuff on a box that wasn't my own personal computer, and it's been fascinating so far to learn how things work when multiple users get involved. You'll see questions from me on IRC (mchua) once in a while - thanks to everyone who's been extending such a warm welcome! This is much less scary than I thought it would be. ;) --Mel [1] If anyone's interested in playing with a Real Zikula Project early, we could definitely use help; we're serving as a guinea pig for future bigger projects like The Great Docs Migration, so there's a ton of stuff I don't think anybody really knows yet. If someone's looking for a project for the remainder of F12 and wants to learn about zikula and run with the tech/infrastructure stuff for FI for a few months, we should talk. Hey Mel, thanks for the intro. I'd say more to you but you already know your way around and I see you on IRC from time to time so I'll see you around :) -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Wan't to join and why
Hi guys and gals, I am looking to join both the sysadmin-test and sysadmin-cvs groups. Why you might ask? Well I'll tell you. I wan't to get more involved in Fedora. Here is my current Fedora resume... - BugZapper for both KDE and Packagekit. - Maintain 20+ packages and am a Sponsor in the packaging group. - Work closely with the OLPC and Sugar folks at getting and maintaining the packages in Fedora - Responsible for creating builds of F11 with Sugar specifically for the OLPC XO-1 (Hope to get an XO-1.5 soon) see http://wiki.laptop.org/go/F11_for_XO-1 for info on this. What I am looking to do now is create a very simplified bugzilla interface that can be used by OLPC users, mostly children, to report issues with Sugar Activities in Fedora. Will develop in PHP and would like to develop and test it on one of the publictest servers. Also would like to help maintain the cvs servers and projects contained there. Any questions just ask. = Steven M. Parrish - gpg fingerprint: 4B6C 8357 059E B7ED 8095 0FD6 1F4B EDA0 A9A6 13C0 http://tuxbrewr.fedorapeople.org/ irc.freenode.net: SMParrish @ #fedora-kde, #fedora-devel, #fedora-olpc, #sugar ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
publictest10 rebuild
Hey, is anybody currently using publictest10? I haven't seen any logins from anybody other than mmcgrath, myself, smooge, and nb (for doing a yum update) since May, and this machine is due for a rebuild, as mentioned in the earlier thread. If anybody still needs anything from pt10, now's a good time to copy it off - otherwise, it'll be rebuilt sometime in the next few days. Thanks, Ricky pgpxw9LHfCC7C.pgp Description: PGP signature ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Thoughts on NOPASSWD and disabling agent forwarding on publictest machines?
Agreed. publictest15 is nearing a year old, which I think is way too long for a publictest machine. It has all sorts of junk on it now (like the errors that Eric got about /opt/zimbra when trying to setup zikula). Yes, It have 15 different calender setup ad other related things. So it already had zikula and probably zimbra too. ;) Notify me if you plan to rebuild it. The webcalender, on which testing is pending, is there too. -- Regards, Susmit. = ssh 0x86DD170A http://www.fedoraproject.org/wiki/user:susmit = ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Wan't to join and why
On 08/17/2009 03:48 PM, Steven M. Parrish wrote: Hi guys and gals, I am looking to join both the sysadmin-test and sysadmin-cvs groups. Why you might ask? Well I'll tell you. I wan't to get more involved in Fedora. Here is my current Fedora resume... - BugZapper for both KDE and Packagekit. - Maintain 20+ packages and am a Sponsor in the packaging group. - Work closely with the OLPC and Sugar folks at getting and maintaining the packages in Fedora - Responsible for creating builds of F11 with Sugar specifically for the OLPC XO-1 (Hope to get an XO-1.5 soon) see http://wiki.laptop.org/go/F11_for_XO-1 for info on this. What I am looking to do now is create a very simplified bugzilla interface that can be used by OLPC users, mostly children, to report issues with Sugar Activities in Fedora. Will develop in PHP and would like to develop and test it on one of the publictest servers. Also would like to help maintain the cvs servers and projects contained there. Any questions just ask. Is this intended to be deployed onto Fedora Infrastructure boxes eventually or just be developed/demoed on the publictest infrastructure? We haven't had development of known-non-Fedora stuff done previously but this might be a valid first case. If it's intended to run on Fedora Infrastructure, we very much prefer developing them in python. In fact, I don't think we have any non-python developed stuff. -Toshio signature.asc Description: OpenPGP digital signature ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Wan't to join and why
What I am looking to do now is create a very simplified bugzilla interface that can be used by OLPC users, mostly children, to report issues with Sugar Activities in Fedora. Will develop in PHP and would like to develop and test it on one of the publictest servers. I am ignorant of much of the context surrounding this, but it seems to me that this may be... (1) technically an upstream-in-bugzilla project, perhaps (2) potentially awesome for getting feedback from fedora users (provide a better on-ramp for participation - though I don't know all the ways we're getting user feedback now, and how effective current methods are at turning users into contributors). This would be if the interface is generalizable to simplified bugzilla interface and is customizable for audiences beyond OLPC-using children. If #2, might be handy to deploy for Fedora in general as well (so long as we can think of ways to make sure the feedback/brainstorms actually get filtered into actionableness, and that the folks who submit that feedback are encouraged to take those actions.) These are side musings, though. --Mel ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list