Re: Goals for F13?
On Wed, 2010-01-06 at 10:35 -0600, Mike McGrath wrote: > What does everyone else have? 1) no frozen rawhide which requires faster composes 2) dist-git 3) A functioning message bus with services passing messages -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Creating a trusted sha256sum.exe binary for verifying *-CHECKSUM files on Windows
On Tue, 2009-11-24 at 13:06 -0500, Todd Zullinger wrote: > I believe that providing a sha256sum.exe via https://fp.o/ is surely > an improvement over "Download the .iso and hope it works or check it > with some third-party checksum tool that we can't even hope to > verify." I agree, I just wanted to point out the catch-22. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Creating a trusted sha256sum.exe binary for verifying *-CHECKSUM files on Windows
On Tue, 2009-11-24 at 10:33 -0500, Todd Zullinger wrote: > Some of you might be aware that the instructions for verifying our > *-CHECKSUM files on Windows have been broken since we moved to SHA256. > Previously, we linked users to a sha1sum.exe built by the GnuPG > project. With SHA256, we don't have that ability. > > Fortunately, the good folks working on MingW have made it possible for > us to build a sha256sum.exe from the coreutils sources. We can do > this in koji even. (A huge thanks to Richard Jones for his help and > patches.) > > Much of this is discussed at https://bugzilla.redhat.com/527060. > > I've created a simple mingw32-sha256sum package, built it in koji and > tested it on the lone Windows XP system I have readily available. Of > course, I just built this as a scratch build, so it will expire at > some point. > > What I'm here for is to gather ideas for how to properly go about > building the mingw32-sha256sum and keeping it around so that when I > extract the sha256sum.exe and upload it to fedoraproject.org we will > have the koji built rpm to compare the binary against. Otherwise, the > whole process falls back to "Trust that Todd didn't trojan the > executable." And while I'd be flattered if folks had that much trust > in me, I think it would be unwise to encourage or expect. :) > > (I really don't want to maintain the mingw32-sha256sum package for > Fedora, as it's just a quick and dirty hack to built a small subset of > of coreutils for Windows.) > > Thoughts? Well, if you have to use a tool from the project, to verify other bits from the project, the verification just became a lot less trusted. If you don't trust the bits you got from the project, why would you trust the tool the project gives you to verify the bits? "Here use this tool to verify our bits. Trust us, we swear!" -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [PATCH] Close freemedia form
On Sun, 2009-11-08 at 20:47 +, n...@fedoraproject.org wrote: > From: Nick Bebout +1 -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: old torrents
On Wed, 2009-10-21 at 15:23 -0400, Seth Vidal wrote: > Hi, > I'm working on some torrent statistics an I noticed that we still have > fedora8 and fedora9 on the torrent. Would anyone cry if we deleted them > from the torrent? > I removed all the old torrents from the webpages, to see if anybody would cry. Nobody did, I'm fine with killing everything older than F10. -- Jesse Keating RHCE (http://jkeating.livejournal.com) Fedora Project (http://fedoraproject.org/wiki/JesseKeating) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) identi.ca (http://identi.ca/jkeating) signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [PATCH] Add a module for lftp package
On Thu, 2009-10-15 at 22:48 +, Jesse Keating wrote: > +++ b/modules/lftp/manifests/init.pp > @@ -0,0 +1,5 @@ > +class sigul { > + > +package { "lftp": > +ensure => installed, > +} > -- Mike pointed out that this is wrong. It now reads: class lftp::package { package { "lftp": ensure => installed, } -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[PATCH] Add sigul and lftp packages to compose hosts
--- manifests/servergroups/compose.pp |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/manifests/servergroups/compose.pp b/manifests/servergroups/compose.pp index b2cb3ab..49c78f4 100644 --- a/manifests/servergroups/compose.pp +++ b/manifests/servergroups/compose.pp @@ -11,6 +11,8 @@ class composer { include rsync::server include mock include git::package +include sigul::package +include lftp::package # Firewall Rules, $tcpPorts = [ 80, 8887, , 8889 ] -- 1.5.5.6 ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[PATCH] Add a module for lftp package
--- modules/lftp/manifests/init.pp |5 + 1 files changed, 5 insertions(+), 0 deletions(-) create mode 100644 modules/lftp/manifests/init.pp diff --git a/modules/lftp/manifests/init.pp b/modules/lftp/manifests/init.pp new file mode 100644 index 000..abd88b8 --- /dev/null +++ b/modules/lftp/manifests/init.pp @@ -0,0 +1,5 @@ +class sigul { + +package { "lftp": +ensure => installed, +} -- 1.5.5.6 ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: CVS Outage Notification - 2009-09-29 04:25 UTC
On Tue, 2009-09-29 at 00:40 -0700, Jesse Keating wrote: > The outage is now over. Please contact me or anybody else in > #fedora-admin if you have issues with your branch (don't forget to cvs > up -d) or with building. > > It was pointed out to me that many of the packages starting with "a" were not properly branched. I've restarted the branch run for the "a" packages, however this time email will go out for the branch events, and this won't incur another outage. The branching of "a" packages should be done in 10 or 15 minutes. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: CVS Outage Notification - 2009-09-29 04:25 UTC
On Mon, 2009-09-28 at 21:22 -0700, Jesse Keating wrote: > There will be a CVS outage starting at 2009-09-29 04:25 UTC, which will > last approximately 3 hours. > > To convert UTC to your local time, take a look at > http://fedoraproject.org/wiki/Infrastructure/UTCHowto > or run: > > date -d '2009-09-29 04:25 UTC' > > Affected Services: > CVS / Source Control > > Unaffected Services: > Everything else. > > Reason for Outage: > The CVS server will not accept connections so that we can mass-branch for > Fedora 12. > > Contact Information: > > Please join #fedora-admin in irc.freenode.net or respond to this email to > track > the status of this outage. > The outage is now over. Please contact me or anybody else in #fedora-admin if you have issues with your branch (don't forget to cvs up -d) or with building. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
CVS Outage Notification - 2009-09-29 04:25 UTC
There will be a CVS outage starting at 2009-09-29 04:25 UTC, which will last approximately 3 hours. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2009-09-29 04:25 UTC' Affected Services: CVS / Source Control Unaffected Services: Everything else. Reason for Outage: The CVS server will not accept connections so that we can mass-branch for Fedora 12. Contact Information: Please join #fedora-admin in irc.freenode.net or respond to this email to track the status of this outage. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Torrent changes
On Sep 10, 2009, at 18:14, Mike McGrath wrote: On Thu, 10 Sep 2009, Jesse Keating wrote: I've done a couple things with the torrents this week and I want you all to be aware of it, in case something happens. 1) I've removed anything that is older than F-10. All F8/9 content has been removed from the web listing, and if nobody complains in a week or so I'll remove the torrent files themselves. 2) I've re-generated all the live torrents, all the Fedora 12 Alpha torrents, and the Snapshot 1 torrents. These have been re-generated with a README-SOURCES file that tells users where they can go to get the matching sources. This has reset the download counters for all of the torrents that got re-generated, but was necessary for GPL compliance. Please ping me if anybody discovers an issue with the torrents. Do we not need to have the same, regenerated isos on the mirrors? The iso itself is not changed. The torrents just have a file added to them. On the mirror, the location o the source is pretty self evident but the case wasn't the same on the torrents, particularly for the snapshots and alpha. -- Jes ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Torrent changes
I've done a couple things with the torrents this week and I want you all to be aware of it, in case something happens. 1) I've removed anything that is older than F-10. All F8/9 content has been removed from the web listing, and if nobody complains in a week or so I'll remove the torrent files themselves. 2) I've re-generated all the live torrents, all the Fedora 12 Alpha torrents, and the Snapshot 1 torrents. These have been re-generated with a README-SOURCES file that tells users where they can go to get the matching sources. This has reset the download counters for all of the torrents that got re-generated, but was necessary for GPL compliance. Please ping me if anybody discovers an issue with the torrents. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [Change Request] Update xz on the builders
On Aug 19, 2009, at 18:36, Toshio Kuratomi wrote: A data corruption bug was found in the current xz package for certain files. The xz package was updated to a snapshot in Fedora and EPEL. We'd like to update the builders with the new xz to make sure we aren't producing packages with corrupted payloads. The corruption bug report is here: https://bugzilla.redhat.com/show_bug.cgi?id=517806 which includes confirmation that it fixes the bug and jnovy's recommendation to update the buildsystem. The EPEL-5 update is here: https://admin.fedoraproject.org/updates/xz-4.999.8-0.10.beta.20090817git.el5 Can I get two +1's for this? The host xz wouldn't be used to produce any rpms, the rpm inside the chroot would. Does this come into play when initing the buildroot? -- Jes ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [Change Request]
On Wed, 2009-08-19 at 16:44 -0600, Stephen John Smoogen wrote: > Both changes look of little impact from infrastructure side. > Provisional +1 unless a release engineer says "OH MY ZOD, didnt you > think about Kryptonite?" I don't know of any release engineering item that relies on buildsys. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [Change Request] Don't replace sigul db files.
On Wed, 2009-08-19 at 16:41 -0400, Ricky Zhou wrote: > > --- > modules/sigul/manifests/init.pp |3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) These look good to me, thanks! -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Freeze break request for sigul fine tuning
Sigul changes are very low risk, as we're mostly done with the signing and puppet is currently disabled on these hosts. However vault may be rebuilt tomorrow and if so I want the puppet modules to be correct for the rebuild. -- Jes ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[PATCH] Fix up the puppet modules for bridge and vault
New certs for bridge and server Make sure puppet remains off after the initial run --- .../nodes/sign-bridge1.fedora.phx.redhat.com.pp| 11 ++- .../nodes/sign-vault1.fedora.phx.redhat.com.pp | 12 ++-- modules/sigul/files/server.conf|2 +- modules/sigul/templates/bridge.conf.erb|2 +- 4 files changed, 14 insertions(+), 13 deletions(-) diff --git a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp index 5251155..d710016 100644 --- a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp +++ b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp @@ -1,4 +1,5 @@ node "sign-bridge1.fedora.phx.redhat.com" { +$autodisablePuppet = 1 $fas_groups = [ 'sysadmin-main', 'sysadmin-releng' ] include phx include fas::client @@ -13,11 +14,11 @@ node "sign-bridge1.fedora.phx.redhat.com" { # cwd => '/', # command => '/etc/init.d/sshd stop; /sbin/chkconfig sshd off', # } -# exec { "disable-puppet": -# cwd => '/', -# onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1', -# command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off', -# } + exec { "disable-puppet": + cwd => '/', + onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1', + command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off', + } # Firewall Rules, allow sigul server through. $tcpPorts = [ '44333:443334' ] diff --git a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp index 20c1615..1b5641d 100644 --- a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp +++ b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp @@ -1,5 +1,5 @@ node "sign-vault1" { -#$autodisablePuppet = 1 +$autodisablePuppet = 1 $fas_groups = [ 'sysadmin-main', 'sysadmin-releng' ] include phx include fas::client @@ -14,11 +14,11 @@ node "sign-vault1" { # cwd => '/', # command => '/etc/init.d/sshd stop; /sbin/chkconfig sshd off', # } -# exec { "disable-puppet": -# cwd => '/', -# onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1', -# command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off', -# } + exec { "disable-puppet": + cwd => '/', + onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1', + command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off', + } # Need iptables blocking everything here diff --git a/modules/sigul/files/server.conf b/modules/sigul/files/server.conf index 9145343..6b57753 100644 --- a/modules/sigul/files/server.conf +++ b/modules/sigul/files/server.conf @@ -10,7 +10,7 @@ max-file-payload-size: 1073741824 # Maximum accepted size of payload stored in server's memory max-memory-payload-size: 1048576 # Nickname of the server's certificate in the NSS database specified below -server-cert-nickname: sigul-server - Fedora Project +server-cert-nickname: sign-vault1 - Fedora Project [database] # Path to a directory containing a SQLite database diff --git a/modules/sigul/templates/bridge.conf.erb b/modules/sigul/templates/bridge.conf.erb index dde6bf7..f834e52 100644 --- a/modules/sigul/templates/bridge.conf.erb +++ b/modules/sigul/templates/bridge.conf.erb @@ -2,7 +2,7 @@ [bridge] # Nickname of the bridge's certificate in the NSS database specified below -bridge-cert-nickname: sigul - Fedora Project +bridge-cert-nickname: sign-bridge1 - Fedora Project # Port on which the bridge expects client connections client-listen-port: 44334 # Port on which the bridge expects server connections -- 1.5.5.6 ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Messaging SIG - proposal for our notification infrastructure
On Tue, 2009-08-04 at 18:20 -0400, John Palmieri wrote: > > [1] > https://fedoraproject.org/wiki/Messaging_SIG/PublishSubscribeNotificationProposal Thanks for moving forward with this. I haven't read the page yet, but I renamed it to fit with the wiki schema we've got going on. I also put it in appropriate categories. https://fedoraproject.org/wiki/Publish_Subscribe_Notification_Proposal -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [PATCH] Setup sigul bridge and client
On Sat, 2009-07-25 at 06:55 -0700, Toshio Kuratomi wrote: > Not necessarily related to enabling the builder repo: Is having the same > rpm versions as the builders necessary? Yes. The bridge and server will be dealing with rpms that are being built by koji, and will need to be able to understand the payloads and checksums, as well as perform the larger signing. As we make changes to rpm and update the builders to handle those changes, we'll have to update the signing and composing systems too. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Second try, patch set for sigul
Here is a second try. This time I fixed with Ricky pointed out and squashed everything into one commit since it is all related. Arguably it should be two commits, one for the addition of the module and another commit for the .pp changes, but I'm already writing this so oh well. -- Jes ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[PATCH] Setup sigul bridge and client
Add a sigul module with bridge and server classes. Adjust the sign-bridge1 node to use the new classes. Have sign-vault1 use the sigul::server class to get its configuration --- .../nodes/sign-bridge1.fedora.phx.redhat.com.pp| 17 +++- .../nodes/sign-vault1.fedora.phx.redhat.com.pp |6 +- modules/sigul/files/server.conf| 47 + modules/sigul/manifests/init.pp| 99 modules/sigul/templates/bridge.conf.erb| 30 ++ 5 files changed, 196 insertions(+), 3 deletions(-) create mode 100644 modules/sigul/files/server.conf create mode 100644 modules/sigul/manifests/init.pp create mode 100644 modules/sigul/templates/bridge.conf.erb diff --git a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp index 3bfcb8a..6c5d295 100644 --- a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp +++ b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp @@ -3,7 +3,9 @@ node "sign-bridge1.fedora.phx.redhat.com" { include phx include fas::client #include global -#include pkgsigner +# Include the builder infrastructure so that we get the same rpm versions +include yum::repo::builder-infrastructure +include sigul::bridge # Hack but it's easy to predict and easy to follow: # exec { "disable-ssh": @@ -16,6 +18,17 @@ node "sign-bridge1.fedora.phx.redhat.com" { # command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off', # } +# Firewall Rules, allow sigul server through. +$tcpPorts = [ '44333' ] +$custom = [ ] + +iptables { '/etc/sysconfig/iptables': +content => template('system/iptables-template.conf.erb'), +} + +service { iptables: +ensure => running, +hasstatus => true, +} - } diff --git a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp index 4c57d01..912d050 100644 --- a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp +++ b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp @@ -4,7 +4,9 @@ node "sign-vault1" { include phx include fas::client #include global -include pkgsigner +# Include the builder infrastructure so that we get the same rpm versions +include yum::repo::builder-infrastructure +include sigul::server # Hack but it's easy to predict and easy to follow: # exec { "disable-ssh": @@ -17,5 +19,7 @@ node "sign-vault1" { # command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off', # } +# Need iptables blocking everything here + } diff --git a/modules/sigul/files/server.conf b/modules/sigul/files/server.conf new file mode 100644 index 000..513cad5 --- /dev/null +++ b/modules/sigul/files/server.conf @@ -0,0 +1,47 @@ +# This is a configuration for the sigul server. + +[server] +# Host name of the publically acessible bridge to clients +bridge-hostname: sign-bridge1 +# Port on which the bridge expects server connections +bridge-port: 44333 +# Maximum accepted size of payload stored on disk +max-file-payload-size: 1073741824 +# Maximum accepted size of payload stored in server's memory +max-memory-payload-size: 1048576 +# Nickname of the server's certificate in the NSS database specified below +server-cert-nickname: sigul-server-cert + +[database] +# Path to a directory containing a SQLite database +;database-path: /var/lib/sigul + +[gnupg] +# Path to a directory containing GPG configuration and keyrings +gnupg-home: /var/lib/sigul/gnupg +# Default primary key type for newly created keys +gnupg-key-type: RSA +# Default primary key length for newly created keys +gnupg-key-length: 4096 +# Default subkey type for newly created keys, empty for no subkey +gnupg-subkey-type: +# Default subkey length for newly created keys if gnupg-subkey-type is not empty +; gnupg-subkey-length: 2048 +# Default key usage flags for newly created keys +gnupg-key-usage: encrypt, sign +# Length of key passphrases used for newsly created keys +passphrase-length: 64 + +[daemon] +# The user to run as +unix-user: sigul +# The group to run as +unix-group: sigul + +[nss] +# Path to a directory containing a NSS database +nss-dir: /var/lib/sigul +# Password for accessing the NSS database. If not specified, the server will +# ask on startup +; nss-password is not specified by default + diff --git a/modules/sigul/manifests/init.pp b/modules/sigul/manifests/init.pp new file mode 100644 index 000..be7023d --- /dev/null +++ b/modules/sigul/manifests/init.pp @@ -0,0 +1,99 @@ +class sigul { + +package { "sigul": +ensure => installed, +} +} + +class sigul::bridge inherits sigul { + +package { "koji"; +ensure => installed, +} + +file { "/etc/sigul/bridge.conf": +owner => "root", +group => "sigul", +mode=> 0640, +content => template("sigul/bridge.conf.erb") +
Re: Proposed setup for sigul bridge/server for review
On Sat, 2009-07-25 at 00:14 -0400, Ricky Zhou wrote: > Looks excellent to me, my only two comments are that you might want to > make the files: > > /var/lib/sigul/.fedora-server-ca.cert > /var/lib/sigul/.fedora.cert > > require => Package["sigul"], > > as well since they require the /var/lib/sigul directory (which I assume > is provided by the package). Good catch. I'll do that. I'm also going to squash the two commits into one since they are all related and the second one was an after thought. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Proposed setup for sigul bridge/server for review
Here is my initial stab at a class for the signing server(s). There is a bridge that clients communicate with (and I'm thinking of forcing this through an ssh tunnel through bastion) and that interacts with koji. There is also the server itself that has the gpg keys on it and does the signing action. The server initiates a connection to the bridge, so only the bridge has to listen for connections. I think I have this mostly setup right, but I'd like some more eyes on it before I commit. Thanks! -- Jes ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[PATCH] Setup sigul bridge and client
Add a sigul module with bridge and server classes. Adjust the sign-bridge1 node to use the new classes. --- .../nodes/sign-bridge1.fedora.phx.redhat.com.pp| 17 +++- modules/sigul/files/server.conf| 47 ++ modules/sigul/manifests/init.pp| 97 modules/sigul/templates/bridge.conf.erb| 30 ++ 4 files changed, 189 insertions(+), 2 deletions(-) create mode 100644 modules/sigul/files/server.conf create mode 100644 modules/sigul/manifests/init.pp create mode 100644 modules/sigul/templates/bridge.conf.erb diff --git a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp index 3bfcb8a..6c5d295 100644 --- a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp +++ b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp @@ -3,7 +3,9 @@ node "sign-bridge1.fedora.phx.redhat.com" { include phx include fas::client #include global -#include pkgsigner +# Include the builder infrastructure so that we get the same rpm versions +include yum::repo::builder-infrastructure +include sigul::bridge # Hack but it's easy to predict and easy to follow: # exec { "disable-ssh": @@ -16,6 +18,17 @@ node "sign-bridge1.fedora.phx.redhat.com" { # command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off', # } +# Firewall Rules, allow sigul server through. +$tcpPorts = [ '44333' ] +$custom = [ ] + +iptables { '/etc/sysconfig/iptables': +content => template('system/iptables-template.conf.erb'), +} + +service { iptables: +ensure => running, +hasstatus => true, +} - } diff --git a/modules/sigul/files/server.conf b/modules/sigul/files/server.conf new file mode 100644 index 000..513cad5 --- /dev/null +++ b/modules/sigul/files/server.conf @@ -0,0 +1,47 @@ +# This is a configuration for the sigul server. + +[server] +# Host name of the publically acessible bridge to clients +bridge-hostname: sign-bridge1 +# Port on which the bridge expects server connections +bridge-port: 44333 +# Maximum accepted size of payload stored on disk +max-file-payload-size: 1073741824 +# Maximum accepted size of payload stored in server's memory +max-memory-payload-size: 1048576 +# Nickname of the server's certificate in the NSS database specified below +server-cert-nickname: sigul-server-cert + +[database] +# Path to a directory containing a SQLite database +;database-path: /var/lib/sigul + +[gnupg] +# Path to a directory containing GPG configuration and keyrings +gnupg-home: /var/lib/sigul/gnupg +# Default primary key type for newly created keys +gnupg-key-type: RSA +# Default primary key length for newly created keys +gnupg-key-length: 4096 +# Default subkey type for newly created keys, empty for no subkey +gnupg-subkey-type: +# Default subkey length for newly created keys if gnupg-subkey-type is not empty +; gnupg-subkey-length: 2048 +# Default key usage flags for newly created keys +gnupg-key-usage: encrypt, sign +# Length of key passphrases used for newsly created keys +passphrase-length: 64 + +[daemon] +# The user to run as +unix-user: sigul +# The group to run as +unix-group: sigul + +[nss] +# Path to a directory containing a NSS database +nss-dir: /var/lib/sigul +# Password for accessing the NSS database. If not specified, the server will +# ask on startup +; nss-password is not specified by default + diff --git a/modules/sigul/manifests/init.pp b/modules/sigul/manifests/init.pp new file mode 100644 index 000..aae73eb --- /dev/null +++ b/modules/sigul/manifests/init.pp @@ -0,0 +1,97 @@ +class sigul { + +package { "sigul": +ensure => installed, +} +} + +class sigul::bridge inherits sigul { + +package { "koji"; +ensure => installed, +} + +file { "/etc/sigul/bridge.conf": +owner => "root", +group => "sigul", +mode=> 0640, +content => template("sigul/bridge.conf.erb") +require => [ Package["sigul"] ], +} + +file { "/var/lib/sigul/cert8.db": +owner => "sigul", +group => "sigul", +mode=> 0600, +source => "puppet:///config/secure/sigul_bridge_cert8.db", +require => Package["sigul"], +} + +file { "/var/lib/sigul/key3.db": +owner => "sigul", +group => "sigul", +mode=> 0600, +source => "puppet:///config/secure/sigul_bridge_key3.db", +require => Package["sigul"], +} + +file { "/var/lib/sigul/secmod.db": +owner => "sigul", +group => "sigul", +mode=> 0600, +source => "puppet:///config/secure/sigul_bridge_secmod.db", +require => Package["sigul"], +} + +file { "/var/lib/sigul/.fedora-server-ca.cert": +owner => "sigul", +group => "sigul", +mode => 0644, +source => "puppet:///config/secure/fedora
[PATCH] Have sign-vault1 use the sigul::server class to get its
--- .../nodes/sign-vault1.fedora.phx.redhat.com.pp |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp index 4c57d01..912d050 100644 --- a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp +++ b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp @@ -4,7 +4,9 @@ node "sign-vault1" { include phx include fas::client #include global -include pkgsigner +# Include the builder infrastructure so that we get the same rpm versions +include yum::repo::builder-infrastructure +include sigul::server # Hack but it's easy to predict and easy to follow: # exec { "disable-ssh": @@ -17,5 +19,7 @@ node "sign-vault1" { # command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off', # } +# Need iptables blocking everything here + } -- 1.5.5.6 ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Add patch to global.pp
On Jul 16, 2009, at 21:24, Toshio Kuratomi wrote: On 07/16/2009 08:50 PM, Jesse Keating wrote: On Thu, 2009-07-16 at 19:59 -0700, Toshio Kuratomi wrote: What's the consensus here? If we install patch, will git come next, since people will want to git am stuff? Not that I'm against having patch, it would make things easier. Well I won't be adding that one :-) Thinking about this more seriously, patch can be useful on text files on any system. git is only useful on systems where we're making git checkouts. git-am, if I'm reading the man page right would only be useful where we have git checkouts and are receiving patches via mail? Git am works on any file generated with git format-patch. That is most often used with email but it does encapsulate the author and the commit message and has a checksum itself that can be verified against the upstream repo. Probably not something we need in global. -- Jes ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Add patch to global.pp
On Thu, 2009-07-16 at 19:59 -0700, Toshio Kuratomi wrote: > What's the consensus here? If we install patch, will git come next, since people will want to git am stuff? Not that I'm against having patch, it would make things easier. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Relicensing Part II
On Thu, 2009-07-16 at 15:57 -0700, Toshio Kuratomi wrote: > > * admin.stg.fedoraproject.org is accessible by the general public but it > isn't meant for the general public's use -- it's for developers to > collaborate on what will be on the production site, > admin.fedoraproject.org. Those developers collaborate over the internet > which is why it's available on the internet. Does this excuse us from > providing source to people who do not have shell access to the server > itself? > > * Can we be just as liberal with what's running on the publictest > machines as we are with staging? Its worth noting that Publictest instances are also accessible by the public, so AGPL concerns may strike us there, just as they may strike us with the staging environment. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
trac-git-plugin updated on hosted1/2
This is a new upstream snapshot that fixes some of the ongoing issues we've had with the git plugin. Some were already patched from a different upstream, but I've had to throw those changes out in favor of the actual upstream changes. I tested it a bit on hosted2 and couldn't find any problems, but keep your eye open for any tickets related to git plugin in hosted. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [PATCH] Re-enable rawhide compose.
On Mon, 2009-06-15 at 10:28 -0700, Jesse Keating wrote: > There isn't, we don't have a formal policy about patches when we aren't > in an infrastructure freeze. I just haven't had a chance to review the > patch and/or apply it. The patch is flagged for follow up so I will get > to it soon. Looks like Bill already applied this patch. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: package category "new-package" for fedora-package-announce
On Jul 6, 2009, at 7:09, David Juran wrote: On Mon, 2009-07-06 at 10:01 -0400, Luke Macken wrote: Would prepending something like [NEW] to the subject (similar to how we add [SECURITY]) suffice? This would be a fairly trivial change to bodhi. Sure, that would make it easy enough to filter (-: I would prefer x-update_type or similar. Allow for filtering without dirtying up the subject. I would also make it easier to make topics on the mailman side. -- Jes ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: CVS upgrade step2
On Jun 24, 2009, at 20:50, Mike McGrath wrote: So I was going to finish the upgrade to cvs1 on Thursday or Friday. Both Jesse and Toshio are out of the country though and it strikes me as a bad idea to make potentially massive changes to that box without having at least one of them around as backup :) So I'm going to wait until next week. Honestly Bill knows more about the cvs system than I do. -- Jes ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Travelling
On Jun 21, 2009, at 18:35, Toshio Kuratomi wrote: I'm going to be going to Brazil for FISL and a FUDCon this week. I'm not sure what my Internet situation is going to be but if anything comes up send me a message and I'll work on it once I get the message. -Toshio Same for me, but Berlin Germany. Will get on when I can. -- Jes ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: 2-3 hour CVS outage
On Thu, 2009-06-18 at 22:36 -0500, Mike McGrath wrote: > Hey guys, I need to schedule a 2-3 hour cvs outage. Any time work better > or worse for any of you in the next week or so? FUDCon Berlin is at the tail end of next week. I don't know if there are any planned events that would require CVS access, but doing the outage before that would probably be prudent. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [PATCH] Re-enable rawhide compose.
On Sun, 2009-06-14 at 20:50 +0200, Jim Meyering wrote: > Hi Jesse, > > Is there an ACK-requirement exemption for patches that > are sufficiently simple? There isn't, we don't have a formal policy about patches when we aren't in an infrastructure freeze. I just haven't had a chance to review the patch and/or apply it. The patch is flagged for follow up so I will get to it soon. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [PATCH] Re-enable rawhide compose.
On Mon, 2009-06-08 at 23:20 +0200, Jim Meyering wrote: > Sure. > What repo? > I have a couple fedora-infra-related ones, > but none that contain that file, and a few quick > searches didn't show me the light. Oh, it's in puppet, wasn't sure if you had puppet access. Sorry I was short, a bit busy with the FAD and release. I'll circle back to this and get a diff from you at some point. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [PATCH] Re-enable rawhide compose.
On Mon, 2009-06-08 at 21:10 +0200, Jim Meyering wrote: > It'd be good to change the other semicolons to " &&", too. > Otherwise, failing mktemp will not stop the script, and > the git clone will run in $HOME. > Send a patch? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[PATCH] Re-enable rawhide compose.
Massive rawhide for start of F12 finally finished. Also increase the number of random chars for mktemp and ensure it worked before continuing. --- configs/build/rawhide |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configs/build/rawhide b/configs/build/rawhide index eab9097..4a90bb3 100644 --- a/configs/build/rawhide +++ b/configs/build/rawhide @@ -1,3 +1,3 @@ # rawhide compose mailto=jkeat...@fedoraproject.org -#15 6 * * * masher TMPDIR=`mktemp -d /tmp/rawhide.X`; cd $TMPDIR; git clone -n git://git.fedorahosted.org/git/releng; cd releng; git checkout -b rawhide-stable; LANG=en_US.UTF-8 ./scripts/buildrawhide $(date "+\%Y\%m\%d"); sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora +15 6 * * * masher TMPDIR=`mktemp -d /tmp/rawhide.XX` && cd $TMPDIR; git clone -n git://git.fedorahosted.org/git/releng; cd releng; git checkout -b rawhide-stable; LANG=en_US.UTF-8 ./scripts/buildrawhide $(date "+\%Y\%m\%d"); sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora -- 1.5.5.6 ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[PATCH] Disable rawhide for now.
Moving to F12 content has caused the rawhide compose to take longer than one day, mostly to create all the new delta rpms. This disables the attempt to build rawhide so that we don't have two composes happening at once. --- configs/build/rawhide |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configs/build/rawhide b/configs/build/rawhide index e0697d9..eab9097 100644 --- a/configs/build/rawhide +++ b/configs/build/rawhide @@ -1,3 +1,3 @@ # rawhide compose mailto=jkeat...@fedoraproject.org -15 6 * * * masher TMPDIR=`mktemp -d /tmp/rawhide.X`; cd $TMPDIR; git clone -n git://git.fedorahosted.org/git/releng; cd releng; git checkout -b rawhide-stable; LANG=en_US.UTF-8 ./scripts/buildrawhide $(date "+\%Y\%m\%d"); sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora +#15 6 * * * masher TMPDIR=`mktemp -d /tmp/rawhide.X`; cd $TMPDIR; git clone -n git://git.fedorahosted.org/git/releng; cd releng; git checkout -b rawhide-stable; LANG=en_US.UTF-8 ./scripts/buildrawhide $(date "+\%Y\%m\%d"); sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora -- 1.5.5.6 ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: mobile phone + password = 2 factor auth?
On Tue, 2009-05-26 at 17:44 +0200, Till Maas wrote: > A problem with phones is, that they are typically not as secure as hardware > tokens. Users can install custom software on them. Also the phone may be > compromised via bluetooth. It might be even possible to directly access text > messages via bluetooth or maybe also wifi nowadays. > Wouldn't that be why you have to combine what comes up on your phone with the password you know, so that just the phone alone can't get you in? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: mobile phone + password = 2 factor auth?
On Tue, 2009-05-26 at 11:01 -0400, Seth Vidal wrote: > 2. cost structure of sending/receiving a lot of txt msgs. Don't most carriers offer an email gateway to sms? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Change Request - Stop puppet on releng2 for the night.
On Wed, 2009-05-13 at 18:30 -0700, Jesse Keating wrote: > I want to start the rawhide compose early, since I'm done > tagging/signing things for today, so that it will finish maybe in time > for me to compose out pre-RCs from it for more intensive testing > tomorrow. To do this, I need to modify the cron job that kicks off > rawhide on releng2, and stop the puppet service from updating that cron > job for the evening. I'll turn on puppet again in my morning. Strike this. Josh has already scheduled another updates push tonight for some Mozilla upstream testing, so I'm going to let rawhide go as normal. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Change Request - Stop puppet on releng2 for the night.
I want to start the rawhide compose early, since I'm done tagging/signing things for today, so that it will finish maybe in time for me to compose out pre-RCs from it for more intensive testing tomorrow. To do this, I need to modify the cron job that kicks off rawhide on releng2, and stop the puppet service from updating that cron job for the evening. I'll turn on puppet again in my morning. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Change Freeze (telia1 reboot)
On Wed, 2009-05-13 at 11:29 -0500, Mike McGrath wrote: > This is a multi-part change request. I'd like to reboot telia1 which > would take app6 noc2 pb14 pt16 smtp-mm1 proxy5 pt15 offline. To do this > I'll mark it dead in the dns servers for the reboot. > > The cause is this box didn't get rebooted during a recent update so the > running xen and xen kernels aren't compatable. We have other servers in > this situation too (that one's on me) but as long as we don't have > problems I don't see any need to reboot them yet. We can wait till after > the freeze to avoid downtime. > > > The impact of this freeze will only impact our test servers and noc2. > > 2+1's? > +1 from me, this shoudln't impact the F11 process. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Bit flip
On Tue, 2009-04-28 at 13:16 -0500, Matt Domsch wrote: > > So, I'd like to propose we back up the bitflip by at least 4 hours > from release time, perhaps as much as 6. Hrm. This means we have unlocked mirrors for up to 6 hours before we make the announcement. This could lead to a lot of confusion and uncertainty about the isos and their validity, something we see whenever a mirror leaks early. Honestly I think we need a vastly different way of getting mirrors to bit flip aside from waiting on random cron jobs to pick up the change. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[PATCH] Add dist-f12 to the static repos.
We're allowing for early branching now. --- configs/build/update-static-repos.py |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configs/build/update-static-repos.py b/configs/build/update-static-repos.py index 16ee6ac..98d48c9 100755 --- a/configs/build/update-static-repos.py +++ b/configs/build/update-static-repos.py @@ -4,7 +4,7 @@ import os import sys import koji -TAGS = ('dist-olpc2-build', 'dist-olpc3-build', 'dist-olpc4-build', 'dist-f8-build', 'dist-f9-build', 'dist-f10-build', 'dist-f11-build', 'dist-rawhide', 'olpc2-update1', 'olpc2-ship2') +TAGS = ('dist-olpc2-build', 'dist-olpc3-build', 'dist-olpc4-build', 'dist-f9-build', 'dist-f10-build', 'dist-f11-build', 'dist-f12-build', 'dist-rawhide', 'olpc2-update1', 'olpc2-ship2') STATICPATH = '/mnt/koji/static-repos' SUFFIX = '-current' -- 1.5.5.6 ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Meeting Today
On Thu, 2009-03-12 at 13:19 -0500, Mike McGrath wrote: > (3:00 pm Chicago Cubs time) Chicago Cubs time, is that when everybody drinks because the cubs lost again? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [PATCH] Added compose-x86/x86-8 to the ssh known hosts list
On Thu, 2009-03-12 at 18:41 +, Mike McGrath wrote: > > This is technically a global change. Very low risk Diffs of this file are nearly impossible to read, but I'll trust what you're doing rather than the diff. +1 -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[PATCH] Make sure git and git-email are installed on puppet systems
--- manifests/servergroups/puppet.pp |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/manifests/servergroups/puppet.pp b/manifests/servergroups/puppet.pp index d054fef..c393f9a 100644 --- a/manifests/servergroups/puppet.pp +++ b/manifests/servergroups/puppet.pp @@ -13,6 +13,8 @@ class puppetServer { include scripts::geoip-retriever include geoip-retriever include drbackupPubKey +include git-package +include git-email-package # Firewall Rules, allow web, smolt, Plone, mirrormanager, noc, pkgdb, certmaster and bodhi traffic through $tcpPorts = [ 80, 8140, 873, 51235 ] -- 1.5.5.6 ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Change Request - Puppetize git(-email) being on puppet systems
I already installed git-email on puppet1, but this puts it in puppet itself. I also noticed that git wasn't puppetized for puppet1 either. -- Jes ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[PATCH] Add a git-email package class
--- manifests/services/packages.pp |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/manifests/services/packages.pp b/manifests/services/packages.pp index bd3f667..8cd7ed7 100644 --- a/manifests/services/packages.pp +++ b/manifests/services/packages.pp @@ -193,6 +193,12 @@ class git-package { } } +class git-email-package { +package { git-email: +ensure => present, +} +} + class fedora-packager-package { package { fedora-packager: ensure => present, -- 1.5.5.6 ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[PATCH] Disable rawhide.
From: Jesse Keating This is a test commit for email send testing --- configs/build/rawhide |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/configs/build/rawhide b/configs/build/rawhide index 2bdaa57..4c7f0b8 100644 --- a/configs/build/rawhide +++ b/configs/build/rawhide @@ -1,3 +1,4 @@ # rawhide compose mailto=jkeat...@fedoraproject.org -1 6 * * * masher TMPDIR=`mktemp -d /tmp/rawhide.X`; cd $TMPDIR; git clone -n git://git.fedorahosted.org/git/releng; cd releng; git checkout -b rawhide-stable; LANG=en_US.UTF-8 ./scripts/buildrawhide $(date "+\%Y\%m\%d"); sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora +# Disabled as a test commit +#1 6 * * * masher TMPDIR=`mktemp -d /tmp/rawhide.X`; cd $TMPDIR; git clone -n git://git.fedorahosted.org/git/releng; cd releng; git checkout -b rawhide-stable; LANG=en_US.UTF-8 ./scripts/buildrawhide $(date "+\%Y\%m\%d"); sudo -u ftpsync /usr/local/bin/update-fullfilelist fedora -- 1.5.5.6 ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Change request - Using git send-email
Here is a message from git send-email. To get here, I used: $ git commit -a Created commit cb85f54: Disable rawhide. 1 files changed, 2 insertions(+), 1 deletions(-) $ git format-patch HEAD^ 0001-Disable-rawhide.patch $ git send-email --compose --to Fedora-infrastructure-list@redhat.com 0001-Disable-rawhide.patch -- Jes ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: sanity request
On Wed, 2009-03-11 at 15:32 -0500, Mike McGrath wrote: > > > > In other words please describe your change requests in the subject line > > to help with differentiation. Thanks, The Non-Management :) > > > > FWIW, these only happen during a change freeze and aren't really list > stuff but more workflow stuff, I'll try to be more descriptive but they > can all safely be ignored unless you're a sysadmin-mainer. One thing I think we could do is do more of what mmcgrath just did, posting the proposed change as a diff. As long as it isn't sensitive info, we can just use the git send-email program to send the commit we'd like to push to this list, using --compose to allow us to compose a message that the patch will be in reply to. That'll give the subject some context, the email body the actual change and some sanity to the whole thing (: Of course, changes that aren't just git commits are not going to be helped by this. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: New SOP page
On Sat, 2009-02-14 at 11:54 -0600, Mike McGrath wrote: > My only concern here is we're not the only group with SOP's, releng also > uses them. Although as long as we don't conflict it might not be a > terrible idea to merge them. Interesting thought. What purpose does grouping them into a Category serve? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Calendaring system?
On Fri, 2009-02-06 at 15:56 -0700, Clint Savage wrote: > > Bret, > > I don't know, part of me wants to look at calendarserver, but I can't > find what the licensing is there. It looks like maybe it's a ruby > project? I looked around on the site and there's no clear link to > any good information on its licensing. calendarserver appears to be a python project, and it appears to be licensed at least partly under apache 2.0 http://trac.calendarserver.org/browser/CalendarServer/trunk/LICENSE More clear info at http://trac.calendarserver.org/browser/CalendarServer/trunk/README -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Interesting mirror rediness results for alpha
On Thu, 2009-02-05 at 16:57 -0600, Mike McGrath wrote: > What I don't understand is why we've actually started losing mirrors. We > were almost at 90% hit rate for a bit today, and now we're back down to > just above 60. Any theories? I'm going to keep monitoring. Feel free to > monitor yourself. I've basically been going to: That one is easy. As mirrors get swarmed by users, they start refusing connections or just timing out. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Change request: reenable last-modified (was Re: squid issues)
On Mon, 2009-02-02 at 21:08 -0500, Ricky Zhou wrote: > Oops, I cleared the Last-Modified headers in the configs hoping that it > might somehow save some NFS load. Here's a patch to remove those lines > - can I get two +1s? Wrong diff? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
squid issues
I noticed something while composing this release. Packages gotten from kojipkgs (and thus the proxy) all have a timestamp of when the file was downloaded, vs the timestamp of the file on the fileserver. This has caused me some... frustration in getting my composes synced on the master mirror using hardlinks to rawhide. Can somebody help me debug why this is? I'm not familiar with our squid setup, and I couldn't find it in a quick wiki search for 'squid'. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Upgrading Fedora Hosted to Trac-0.11
On Mon, 2009-02-02 at 11:11 -0600, Mike McGrath wrote: > > After the alpha ships we can do a test upgrade on hosted2 for a > project. > If the tests and everything go ok we can do the rest and verify the > upgrade produces no errors and warnings. The last upgrade was very > smooth. It was pretty much a > > for f in * > do >the upgrade > done We'll have to do some pre work, building trac-0.11 and then building any plugins that are still 3rd party for 0.11 as well. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Change request: Another tmpfile fix
On Mon, 2009-02-02 at 09:35 -0500, Ricky Zhou wrote: > Sorry again. I just realized that I reversed the if statement. That's > what I get for not sleeping. Here the corrected version: +1, I'll change buildrawhide to match. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Upgrading Fedora Hosted to Trac-0.11
On Mon, 2009-02-02 at 08:36 -0500, seth vidal wrote: > > I'm willing to help, but I have to ask - would it make sense to hold > this until after F11 is out? I don't necessarily think so. If done right, the change is pretty unnoticeable to the end user, just one day they get more features. I think the only real risk wrt F11 is me spending too much time on Trac, which is why I'm asking for some help (: -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Upgrading Fedora Hosted to Trac-0.11
There are some features I'd really like to make use of in 0.11, particularly the metrics feature, but I think there are others as well. Trac 0.11 is where all the development seems to be happening, we'll slowly fall farther and farther behind. There is a catch with 0.11, in that it requires an ondisk change of the project db, so I don't feel comfortable just putting 0.11 in EPEL-5 as an upgrade to 0.10. What I'd like is some help in investigating and planning how to do the upgrade in such a way that will be a low cost to the Infra team to maintain, but could also perhaps be pushed into EPEL for other trac users. Would anybody like to help me with this? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Change request; tmpfile cleanup
I added some code just after FUDCon to generate a fullfilelist at the top of /pub/fedora/. I made an error in this leading to lots of /tmp/ files. Subject: [PATCH] Fix an alias assignment. This was causing /tmp/ to fill up with lots of tmpfiles of no use. Also, use a more modern syntax. --- configs/system/fedora-updates-push |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configs/system/fedora-updates-push b/configs/system/fedora-updates-push index 473048a..8c09e27 100755 --- a/configs/system/fedora-updates-push +++ b/configs/system/fedora-updates-push @@ -36,7 +36,7 @@ rsync -rlptDvHh --delay-updates $RSYNC_OPTS --delete --delete-after \ done pushd /pub/fedora/ -TMPFILE = `mktemp -p /tmp/` +TMPFILE=$(mktemp -p /tmp/) find * -print > $TMPFILE diff $TMPFILE fullfilelist >/dev/null if [ "$?" = "1" ]; then -- 1.5.5.6 -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: /releases/10/Everything: several packages changed
On Sun, 2009-02-01 at 10:16 +0100, Axel Thimm wrote: > Isn't there a backup of /releases/ to pull back the original files? I do believe there is, but it would involve tape and a long wait, for something as easy to fix as timestamps. I have most of them fixed, there are only a tiny few that are not, something that I'm almost willing to live with. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: /releases/10/Everything: several packages changed
On Sat, 2009-01-31 at 12:21 -0800, Jesse Keating wrote: > This was certainly unexpected, and repairing this is going to be... > interesting. > Through some fun work with /sbin/hardlink I got a lot of the packages fixed up. There are some more that aren't quite right, due to the development tree having moved on, so I'll have to fix this individually. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: /releases/10/Everything: several packages changed
On Sat, 2009-01-31 at 12:21 -0800, Jesse Keating wrote: > I misread/misunderstood what --size-only option would > do, in relation to --link-dest Actually it may have nothing to do with --size-only, that may have just been my clue that something was wrong. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: /releases/10/Everything: several packages changed
On Sat, 2009-01-31 at 12:14 -0800, Jesse Keating wrote: > Hrm, there was no action on my part to touch everything, so I'll have to > do some investigation into what's going on. > > Looking on the server, all the files in > releases/10/Everything/i386/os/Packages/ have varying timestamps, but I > do indeed see some things with a stamp as new as Jan 22. Its certainly > not every file, but I'm still not quite finding any commonality in my > brief looking. More investigation to follow. > I take that back. This happened when I was trying to pre-stage some 11-Alpha content. I misread/misunderstood what --size-only option would do, in relation to --link-dest. I was trying to link 11-Alpha packages to the same ones found in /pub/fedora/linux/releases/development/. However these that were touched were packages that were in development/ that hadn't changed since the F10 release. --size-only seems to have updated the timestamps on these files to match something that was going on with my compose output I was trying to sync in. This was certainly unexpected, and repairing this is going to be... interesting. I need to investigate why my compose hosts are creating a timestamp on these files when they shouldn't be. Sorry for the churn! -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: /releases/10/Everything: several packages changed
On Sat, 2009-01-31 at 20:10 +0200, Axel Thimm wrote: > a current rsync shows that thousands of files have been changed in the > last week. This is not expected as /releases/ is considered to only > change for the release day and then never again. > > The files have a date of Jan 23rd. Although I don't have a copy to > compare with looking at the internal date it looks like the files have > just been `touch'ed (but I only checked a coupl of the 2000+ changed > ones). Could someone bring back the old dates to make it consistent > again? Thanks! Hrm, there was no action on my part to touch everything, so I'll have to do some investigation into what's going on. Looking on the server, all the files in releases/10/Everything/i386/os/Packages/ have varying timestamps, but I do indeed see some things with a stamp as new as Jan 22. Its certainly not every file, but I'm still not quite finding any commonality in my brief looking. More investigation to follow. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: change request: python-hashlib install on builders
On Wed, 2009-01-28 at 22:44 -0800, Jesse Keating wrote: > Instead of rolling back yum, I'm attempting to replace bash's %post that > was in bash, and instead writing it in native lua. This will allow bash > to complete its %post without any external deps. If this works, I'll > create a F10 bash for dist-f10-override so that buildroots there will > init as well. > > To get the build done, I've reverted yum on ppc10 and x86-2, and > disabled every other builder. I'll re-enable things once we're able to > reliably create buildroots. This was successful. I've got new f10 and f11 repos with a fixed bash, and all builders have been re-enabled with the new yum. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: change request: python-hashlib install on builders
On Wed, 2009-01-28 at 13:51 -0800, Jesse Keating wrote: > Since the change on fedorapeople was a success, we need to make this > change on the builders as well. This change did cause some fallout. The previous yum would not consider scriptlet (like %post) errors to be fatal. The new yum does. This matters because bash apparently has had a %post failure since December, both F11 and F10 builds it seems. Once the new yum was in place, no buildroot for F10 or F11 could init. This is quite bad. Instead of rolling back yum, I'm attempting to replace bash's %post that was in bash, and instead writing it in native lua. This will allow bash to complete its %post without any external deps. If this works, I'll create a F10 bash for dist-f10-override so that buildroots there will init as well. To get the build done, I've reverted yum on ppc10 and x86-2, and disabled every other builder. I'll re-enable things once we're able to reliably create buildroots. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: change request: python-hashlib install on builders
On Wed, 2009-01-28 at 14:07 -0800, Toshio Kuratomi wrote: > Jesse Keating wrote: > > Since the change on fedorapeople was a success, we need to make this > > change on the builders as well. > > > > The problem is that when we create rawhide each night, we have random > > builders create a chroot in order to run pungi in. The chroot is > > generated from the freshly made rawhide repos, which have the newer > > sha256 sum in them. We need a newer yum and the python-hashlib build in > > order for the host yum to be able to process that metadata and generate > > the chroot. > > > So you need both yum and python-hashlib upgrades? > Yes. sha256 support lives in python-hashlib, and the updated yum handles such checksums, using the updated hashlib. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
change request: python-hashlib install on builders
Since the change on fedorapeople was a success, we need to make this change on the builders as well. The problem is that when we create rawhide each night, we have random builders create a chroot in order to run pungi in. The chroot is generated from the freshly made rawhide repos, which have the newer sha256 sum in them. We need a newer yum and the python-hashlib build in order for the host yum to be able to process that metadata and generate the chroot. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Automating hosted projects?
On Tue, 2009-01-27 at 15:29 -0600, Mike McGrath wrote: > On Tue, 27 Jan 2009, Mike wrote: > > > I can confirm that google-code is automated. I have one project hosted > > there. > > > > do you think a "happy medium" would work? > > set it up for "instant access" to "owner" but review by Fedora > > Infrastructure is required > > before read only and/or read write repositories are opened? > > > > I think it's time to chime in on this. I'm generally 100% for self > service but in this case I like the way we have it now. Especially until > a reaping policy can be put in place that people won't flip their lids > about. > > As far as I'm concerned, Fedora Hosted is not a place for fly by night > vaporware and I think having this manual process prevents it a bit. > Having to create a ticket, having to respond when we ask questions, etc, > shows they have at least the commitment to create the project and wait for > it. Does it have its downsides? Yes, you have to wait a little bit. > But this is supposed to be a high quality hosting setup, the cost is a bit > of time. > > Additionally I like the personal touch of having to interact with someone > to actually get this done. To me it feels more like a partnership, there > actually is someone on the other end of this stuff, its not just some > large souless machine. If they've got problems they know exactly where to > go. > > -1 from me unless someone can give me a clear benefit from the views of > Fedora, (and no, making stuff up doesn't count, do research, draw a > conclusion, send your proposition to the list) > > -Mike As one of the initial creators of the Fedora Hosted offerings, I have to agree with Mike McGrath here. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Disk IO issues
On Mon, 2009-01-19 at 10:02 -0600, Mike McGrath wrote: > on the > netapp. Er, this is on nfs1 right, not the netapp? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Disk IO issues
On Fri, 2009-01-02 at 13:28 -0600, Mike McGrath wrote: > > There are other directories at /mnt/koji/static-repos/. A directory like > static-repos contains almost exclusively hardlinks to those packages. > > Since many of those hardlink oriented directories can be recreated, we > don't bother backing them up so I haven't been testing with them. We stopped making hardlinks in those directories a while back, during the last round of "make it faster". /mnt/koji/repos/ contains a number of directories that just have repodata in them, that reference the relative path back to /mnt/koji/packages. The /mnt/koji/mash/ tree is where all the hardlinks are. These are composes of koji tags for things like rawhide and releases. It's here that we make hardlinks back to /mnt/koji/packages/ for the individual rpms. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Installed Trac plugins not showing up.
On Mon, 2008-12-29 at 11:19 -0600, Mike McGrath wrote: > On Mon, 29 Dec 2008, susmit shannigrahi wrote: > > > > > > > When you say you have installed the eggs, you mean you've packaged it for > > > epel and told puppet to install it? Everything that runs in hosted > > > requires a package, even the plugins. > > > > nope... > > I tried using admin panel to upload them, there is a install field out there > > https://fedorahosted.org/freemedia/admin/general/plugin > > > > Thats a nono. If you want to use a plugin you'll need to package it for > Fedora/EPEL and install it (or have one of us install it) via yum. > > -Mike I need to look at how we can disable this "feature" of the webadmin plugin. The webadmin does give access to a lot of other useful functionality, but I don't like that users can upload eggs. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: everything spin trouble
On Sat, 2008-12-27 at 16:33 +, Matt Domsch wrote: > If a mirror excludes ia64 in their rsync, and uses report_mirror to > claim that dir is correct and up to date, MM may still redirect there > incorrectly as it only tracks at the whole dir level. It would be > better if the ia64 sha1sum file weren't in the i386 dir... They're in every dir, they're hardlinks. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
RE: Noisy cron
On Mon, 2008-12-22 at 11:00 -0600, scott_coll...@dell.com wrote: > > I'd like to help out here. I've been trying to get familiar with the > Infrastructure for a while now. Is there a ticket open for this that > has more details? I have yet to even shell into a box, so I'll be > pinging you and others for assistance if that's ok. > > This will truly be a starting point for me regarding Fedora > Infrastructure... There is no ticket yet, pop into #fedora-admin and we'll chat about it. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Noisy cron
Could somebody start looking into the noisy cron jobs? We seem to have quite a few that are failing or spitting unnecessary text out into email. Could be a fun project for somebody looking to get familiar with Infrastructure, since the jobs seem to span all parts of our realm. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: proper way to update /var/lib/puppet/application/mirrors/releases.txt
On Mon, 2008-11-24 at 18:18 -0600, Mike McGrath wrote: > Try again. I cheated and used sudo.. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
proper way to update /var/lib/puppet/application/mirrors/releases.txt
This looks like it is its own git repo, but apparently you need to be in the sysadmin-web group to edit this. I'm not in the group, so in order for me to manage this we either need to add me to the group (yuck, more groups) or move this to a different ownership set, or something else. Either way a couple things need to be done to the file. 1) removing F10 Preview and Beta 2) adding F10 itself. These will need to be done by the release tomorrow. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Congratulations to Nigel Jones
On Mon, 2008-11-24 at 16:38 -0600, Mike McGrath wrote: > I'm happy to announce I've just approved Nigel Jones in to the > sysadmin-main group. He's the first new member we've had to that group > since Ricky Zhou was approved in May earlier this year. Quick! Blame everything on the FNG! -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Change request, F10 updates
In order to push out the first round of Fedora 10 updates, a few changes need to be made in the infrastructure. 1) add the 10 release to fedora-updates-push in puppet 2) Update bodhi with 10 mash configs Can I get a few +1s on this? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Change Request Koji
On Wed, 2008-11-12 at 15:03 -0600, Mike McGrath wrote: > Lets try to add more ram, if that doesn't work let us know and I'll +1 > this. We should at least make sure to get jesse's input on it, its the > release that would be most affected. +1. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Freeze reminder
On Fri, 2008-11-07 at 12:02 +0800, Gregory Hosler wrote: > Will building in the newly created F-10 directory become a "0 day" > update ? If you use bodhi and request it as an update, yes. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Freeze reminder
On Fri, 2008-11-07 at 11:24 +0800, Gregory Hosler wrote: > I tried to do a "make build" in my package "devel" branch last night, and I > got > the following error message: > > koji: error: Destination tag dist-f10 is locked > > > I took this to mean that packages cannot be updated until after the release ? Do a cvs up -d from your module/ directory so that it updates your common/ folder. It'll set up your build target correctly. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: rsync fixups for secondary1
On Sat, 2008-11-01 at 00:31 -0500, Matt Domsch wrote: > Acks please. +1 -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Change freeze request: /etc/resolv.conf on backup1, bacula-dir.conf
On Wed, 2008-10-22 at 21:39 -0400, Ricky Zhou wrote: > Can I get two +1s for these (do these changes seem safe enough to do > now)? +1 from me. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: oops sorry.
On Wed, 2008-10-22 at 15:40 -0500, Dennis Gilmore wrote: > i forgot we are in the infrastructure freeze, and made a change. > > We were using the default koji-gc config file which sent out email from "Koji > Build System <[EMAIL PROTECTED]>" > > i added the config to puppet and set the email to "Koji Build System > <[EMAIL PROTECTED]>" > > can i please get a pair of +1's for this. and a slap for being bad. > +1 && slap -- Jesse Keating RHCE (http://jkeating.livejournal.com) Fedora Project (http://fedoraproject.org/wiki/JesseKeating) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub) identi.ca (http://identi.ca/jkeating) signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: metalinks for F10 download pages
On Fri, 2008-10-03 at 08:34 -0500, Jeffrey Ollie wrote: > > Are these links supposed to work in Firefox (at least for testing)? I > get "# Server Error" when I click on it in Firefox. There was some MirrorManager work done yesterday, are you still seeing this issue? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Beta freeze lift
Since beta went out this morning, I'm +1 to lift the change freeze. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Stale Fedora Hosted Projects (revisited)
On Wed, 2008-09-24 at 13:36 -0500, Matt Domsch wrote: > Whomever distributes the binaries is responsible for ensuring source > is available, either concurrently (ideally)(such as GPLv2 3a), or via > offer-to-provide-source-on-media (GPLv2 3b). > > If binaries are not distributed from fedorahosted, then fedorahosted > is not responsible for providing source for any length of time. > > If binaries _are_ distributed from fedorahosted, e.g. compiled bits > put into releases/, then I would expect fedorahosted to concurrently > carry the source code used to build those binaries. Yes, this should > be fedorahosted policy. It keeps us 100% out of the GPLv2 3b time > bomb. I would think of Fedorahosted just as i would think of a paid colo facility. Just because I may have offered software for download via the colo facility, and then I terminate my account (either due to ending a contract, or breach of contract) doesn't put the colo facility on the legal hook for software I may have hosted there. Same goes for Fedorahosted. We can have a clear agreement as to what would breach one's "contract" with Fedorahosted, and that Fedorahosted is not responsible for any legal obligations regarding source availability. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Fedora 10 Beta Release Planning Meeting
On Fri, 2008-09-19 at 12:53 -0400, Josh Boyer wrote: > I was wrong in thinking it was public. It was a phone call, not an IRC > meeting. Just for more fun and confusion, a meeting doesn't have to be on IRC for it to be "public". While this meeting wasn't announced on one of the major lists (for good reason), it was somewhat assumed that if a leader for a group couldn't make it that they would have somebody else go in their steed. Perhaps we'll call that out a bit more clearly next time. These people were sent mail multiple times leading up to the meeting so there was plenty of chance to find an alternative. The release readiness meetings are designed to be very high bandwith information exchanges between the various groups involved with doing releases. Obviously the later releases (preview, final) are more important and have more people involved than the earlier (alpha, beta) ones. It's an exchange of information that each group should already have through through and discussed in lower bandwith higher visibility meetings within each group. The readiness meeting is just like a mini mission control meeting to ensure things go off without a hitch and that those leading the groups and responsible for the functions are aware of whats going on. If nobody from your group showed up, I'm sorry, but we gave them ample time to find a replacement. You can be prepared as these meetings will come up for each major milestone during our development cycle. If you want, we can probably embed this information into the schedule pages that John creates, it's not like those aren't busy enough as they are (: -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Fedora 10 Beta Release Planning Meeting
On Thu, 2008-09-18 at 18:20 +0530, Rahul Sundaram wrote: > Wouldn't it be useful to invite more than person as part of the > different groups? Currently it seems a number of people have not > attended which leaves that group voice unheard. These are supposed to be representatives from the various groups, who should have had release meetings on their own already and just reporting information back to the other groups. Having a 50 person meeting doesn't work very well. Is this just speculation on your part, or is there an actual issue to talk about? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Fedora 10 Beta Release Planning Meeting
On Thu, 2008-09-18 at 18:20 +0530, Rahul Sundaram wrote: > > Wouldn't it be useful to invite more than person as part of the > different groups? Currently it seems a number of people have not > attended which leaves that group voice unheard. These are supposed to be representatives from the various groups, who should have had release meetings on their own already and just reporting information back to the other groups. Having a 50 person meeting doesn't work very well. Is this just speculation on your part, or is there an actual issue to talk about? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: More puppet training!
On Mon, 2008-09-08 at 10:16 -0500, Mike McGrath wrote: > So I'm going to hold a couple more training seminars for Puppet in > Fedora's Infrastructure. I was hoping you guys could also throw some > questions together so i make sure I don't miss anything. The "standard" way to define users, packages, directories, files, cron jobs, and using variables or host specific definitions within a shared class file. I think our current files have multiple ways of doing all the above and I'd like to see the current thought of standard practice (and then maybe an effort to convert the current setup to the standards). -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Last week
On Mon, 2008-09-08 at 08:56 -0500, Mike McGrath wrote: > > Strange week last week, many of you noticed a bunch of nagios outages so I > thought I'd send a roundup of what happened. Any ideas what has been making releng2 flap? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: New Key Repo Locations
On Sun, 2008-08-31 at 10:35 +0300, Axel Thimm wrote: > The benefits, other than staying in line with the established layout > practices are that one could merge in the updates (like the unity > project does) and even offer an advantage to the user when installing > from 9.1. Furthermore one could always check whether a system is > "vulnerable" by checking its version. > > Or does this need export regulations due to changing the version > number? Hopefully not. It would need new export controls, which is the least of the problems. We are going to have a hard enough time doing a full release for Fedora 10, trying to squeeze in a 9.1 and an 8.1 release is just going to make 10 that much worse. Add to that it won't help at all the already burned or mastered copies of the original isos in existence. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list