Re: FBR: clean up disk space on mirrors
On Mon, 25 Mar 2019 at 16:01, Mohan Boddu wrote: > > > > On Mon, Mar 25, 2019 at 8:37 AM Stephen John Smoogen wrote: >> >> 1. Remove F29beta from mirrors so mirrors can keep up >> /pub/fedora/linux/releases/test/29_Beta/ > > +1 >> >> >> 2. Move F27 to archives >> a. Have mirrormanager point to /pub/archives/fedora/linux/27 >> b. Remove /pub/fedora/linux/27 > > +1 OK will look at tomorrow morning -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: clean up disk space on mirrors
On Mon, Mar 25, 2019 at 8:37 AM Stephen John Smoogen wrote: > 1. Remove F29beta from mirrors so mirrors can keep up > /pub/fedora/linux/releases/test/29_Beta/ > +1 > > 2. Move F27 to archives > a. Have mirrormanager point to /pub/archives/fedora/linux/27 > b. Remove /pub/fedora/linux/27 > +1 > > -- > Stephen J Smoogen. > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to > infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [FBR] Adjust #fedora-diversity fedmsg IRC bot topics
On 3/25/19 1:22 PM, Kevin Fenzi wrote: > Applied and playbook run, thanks. > Thanks all! :-) -- Cheers, Justin W. Flory jflo...@gmail.com signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: clean up disk space on mirrors
On 3/25/19 5:37 AM, Stephen John Smoogen wrote: > 1. Remove F29beta from mirrors so mirrors can keep up > /pub/fedora/linux/releases/test/29_Beta/ +1 from me. > 2. Move F27 to archives > a. Have mirrormanager point to /pub/archives/fedora/linux/27 > b. Remove /pub/fedora/linux/27 +1 also... kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [FBR] Adjust #fedora-diversity fedmsg IRC bot topics
Applied and playbook run, thanks. kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [FBR] proxies: adding rewritecond to reverseproxy for ws if remotepath exists
Thanks for the +1s. Pushed to ansible repo and has been run on
proxies-stg.
Tim
On Fri, 22 Mar 2019 14:04:37 -0600
Tim Flink wrote:
> I was hitting an issue where there were multiple reverseproxy
> instances configured for a single host and some of the rewrite rules
> were changing the request when they shouldn't be.
>
> This patch adds a rewritecond to the websocket rewrite rule to make
> sure that the REQUEST_URI starts with $remotepath before it's
> rewritten. ---
> roles/httpd/reverseproxy/templates/reversepassproxy.conf | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.conf
> b/roles/httpd/reverseproxy/templates/reversepassproxy.conf index
> 38950e4..1e4afe0 100644 ---
> a/roles/httpd/reverseproxy/templates/reversepassproxy.conf +++
> b/roles/httpd/reverseproxy/templates/reversepassproxy.conf @@ -47,6
> +47,9 @@ SSLProxyEngine On RewriteEngine on
> RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC]
> RewriteCond %{HTTP:Connection} Upgrade [NC]
> +{% if remotepath is defined %}
> +RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.)*
> +{% endif %}
> RewriteRule .*
> "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
>
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FYI FBR: libseccomp upgraded on builders
I am treating this one as an outage so I already applied it, but FYI: * last night our fedora29 builders applied a qemu security update. * after this update, images fail to build with: "internal error: process exited while connectin g to monitor: 2019-03-25T15:46:33.471016Z qemu-system-x86_64: -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny ,resourcecontrol=deny: failed to install seccomp syscall filter in the kernel" * The 'fix' is to update also libseccomp (which has been in stable updates for 10 days, but we didn't apply it because it was not a security update and we are in freeze). Since this was preventing any compose, I went ahead and applied it to all builders. kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [FBR] Adjust #fedora-diversity fedmsg IRC bot topics
I missed this. My apologies. +1 On Wed, 20 Mar 2019 at 11:43, Kevin Fenzi wrote: > > On 3/19/19 2:54 PM, Justin W. Flory wrote: > > Hi, the attached patch makes a small change to ircbot.py to change the > > #fedora-diversity IRC bot to only listen for new Pagure tickets, pull > > requests, and comments. This helps reduce the noise in the IRC channel > > and hopefully makes the bot more useful for the team. > > > > Let me know if anyone has feedback on this patch. > > Looks good to me. +1 > > I can run the playbook if there's another +1 > > kevin > > > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [FBR] proxies: adding rewritecond to reverseproxy for ws if remotepath exists
On 3/22/19 1:04 PM, Tim Flink wrote:
> I was hitting an issue where there were multiple reverseproxy instances
> configured for a single host and some of the rewrite rules were changing
> the request when they shouldn't be.
>
> This patch adds a rewritecond to the websocket rewrite rule to make
> sure that the REQUEST_URI starts with $remotepath before it's rewritten.
> ---
> roles/httpd/reverseproxy/templates/reversepassproxy.conf | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.conf
> b/roles/httpd/reverseproxy/templates/reversepassproxy.conf index
> 38950e4..1e4afe0 100644 ---
> a/roles/httpd/reverseproxy/templates/reversepassproxy.conf +++
> b/roles/httpd/reverseproxy/templates/reversepassproxy.conf @@ -47,6
> +47,9 @@ SSLProxyEngine On RewriteEngine on
> RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC]
> RewriteCond %{HTTP:Connection} Upgrade [NC]
> +{% if remotepath is defined %}
> +RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.)*
> +{% endif %}
> RewriteRule .*
> "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
>
>
+1
kevin
signature.asc
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: What are we going to do about sigul?
Dne 25. 03. 19 v 14:49 Patrick Uiterwijk napsal(a): > Additionally, I would not call it dead since I took it over, given > that I've been adding new features to it over time. > There's not a huge set of new features people have been asking for, so > I've only been adding what I do hear about or need myself. ... > What kind of documentation are you missing? I'd like to point out that > the project README contains a reasonable set of instructions > on how to get it set up and how to use the most common operations. Great! I was merely describing the situation in time when I started Copr. I was not correct about those two items, sorry. Miroslav ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: What are we going to do about sigul?
On Mon, 25 Mar 2019 at 14:17, Miroslav Suchý wrote: > > Dne 21. 03. 19 v 13:57 Neal Gompa napsal(a): > > Forgive me, but what does sigul do that signd cannot? I'm unaware of > > any material differences between the two. Sigul has very strong network isolation against the server and protections on on-disk keys (which are useless without a user passphrase), key binding against hardware (client and/or server-side), supports PKCS11 modules via NSS for the transport layer, and very strong auditing in its logs on what exactly has been signed/decrypted by whom. > > When I started Copr I considered both Sigul and OBS signd. I spent several > hours with Mirek Trmač - original author of > Sigul and we talked about the pros and cons. It is several years, but IIRC: > > Sigul allows better isolation. It even has its own transport layer. When you > want to generate new private key, the > procedure is very strict. (That was cons for Copr as we had to automate this > step). > No one is using Sigul but Fedora and RHEL. I would like to point out that this conclusion is wrong: there are more parties using it, but not many of them are as well-known as Fedora, and most of them do not (want to) publish about their usage of it. > I can even say it is upstream dead, there are only fixes which keep it alive > (like Py3 migration). Additionally, I would not call it dead since I took it over, given that I've been adding new features to it over time. There's not a huge set of new features people have been asking for, so I've only been adding what I do hear about or need myself. > The cons of Sigul is that you must transfer whole file to Sigul, Sigul will > sign it and send whole file back. Quite > painful for some packages which are several hundred MB big. On the other hand > this keeps good track of the files which > were signed. OBS Sign get just checksum and sign the file base on the > checksum. It is fast. > OBS Signd is used by several projects. OBS and Copr are likely the biggest > ones. It is documented (Sigul not). What kind of documentation are you missing? I'd like to point out that the project README contains a reasonable set of instructions on how to get it set up and how to use the most common operations. > And it > gets some enhancements over time - the pace is very slow, but better than > Sigul. > While OBS Signd was designed for OBS it is nicely isolated and can be used as > standalone module. > > My conlusion for Copr was - OBS Signd is secure enough for Copr so we rather > cooperate with other distribution on common > project rather than keeping alive project with unknown future. > > Miroslav > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [FBR] Adjust #fedora-diversity fedmsg IRC bot topics
+1 On Tue, Mar 19, 2019 at 10:54 PM Justin W. Flory wrote: > > Hi, the attached patch makes a small change to ircbot.py to change the > #fedora-diversity IRC bot to only listen for new Pagure tickets, pull > requests, and comments. This helps reduce the noise in the IRC channel > and hopefully makes the bot more useful for the team. > > Let me know if anyone has feedback on this patch. > > -- > Cheers, > Justin W. Flory > jflo...@gmail.com > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [FBR] Adjust #fedora-diversity fedmsg IRC bot topics
On 3/20/19 11:43 AM, Kevin Fenzi wrote: > On 3/19/19 2:54 PM, Justin W. Flory wrote: >> Hi, the attached patch makes a small change to ircbot.py to change the >> #fedora-diversity IRC bot to only listen for new Pagure tickets, pull >> requests, and comments. This helps reduce the noise in the IRC channel >> and hopefully makes the bot more useful for the team. >> >> Let me know if anyone has feedback on this patch. > > Looks good to me. +1 > > I can run the playbook if there's another +1 > Did anyone else have a chance to review this patch? -- Cheers, Justin W. Flory jflo...@gmail.com signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: What are we going to do about sigul?
Dne 21. 03. 19 v 13:57 Neal Gompa napsal(a): > Forgive me, but what does sigul do that signd cannot? I'm unaware of > any material differences between the two. When I started Copr I considered both Sigul and OBS signd. I spent several hours with Mirek Trmač - original author of Sigul and we talked about the pros and cons. It is several years, but IIRC: Sigul allows better isolation. It even has its own transport layer. When you want to generate new private key, the procedure is very strict. (That was cons for Copr as we had to automate this step). No one is using Sigul but Fedora and RHEL. I can even say it is upstream dead, there are only fixes which keep it alive (like Py3 migration). The cons of Sigul is that you must transfer whole file to Sigul, Sigul will sign it and send whole file back. Quite painful for some packages which are several hundred MB big. On the other hand this keeps good track of the files which were signed. OBS Sign get just checksum and sign the file base on the checksum. It is fast. OBS Signd is used by several projects. OBS and Copr are likely the biggest ones. It is documented (Sigul not). And it gets some enhancements over time - the pace is very slow, but better than Sigul. While OBS Signd was designed for OBS it is nicely isolated and can be used as standalone module. My conlusion for Copr was - OBS Signd is secure enough for Copr so we rather cooperate with other distribution on common project rather than keeping alive project with unknown future. Miroslav ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: batcave allows / run bastion playbook for vpn
On Mon, Mar 25, 2019 at 08:16:23AM -0400, Stephen John Smoogen wrote: > On Fri, 22 Mar 2019 at 21:32, Kevin Fenzi wrote: > > > > On 3/22/19 2:13 PM, Stephen John Smoogen wrote: > > > I added repospanner to vpn earlier but have not run playbook on bastions > > > > > > > > > [smooge@batcave01 ansible (master)]$ git diff > > > f7c0985d56228bae8332aa3360a086f033e641d8 > > > diff --git a/roles/batcave/files/allows b/roles/batcave/files/allows > > > index 5439b2a..2a721d8 100644 > > > --- a/roles/batcave/files/allows > > > +++ b/roles/batcave/files/allows > > > @@ -107,7 +107,13 @@ require ip 8.43.85.69 > > > require ip 8.43.85.70 > > > require ip 8.43.85.71 > > > require ip 8.43.85.72 > > > +require ip 8.43.85.73 > > > require ip 8.43.85.74 > > > +require ip 8.43.85.75 > > > +require ip 8.43.85.76 > > > +require ip 8.43.85.77 > > > +require ip 8.43.85.78 > > > +require ip 8.43.85.79 > > > > I take it this is to allow rdu2 machines to access batcave for packages, > > etc right? > > > > Yes. This is to extend to the rdu2 space an allowance so we don't have > to do more freeze breaks in case we add more systems there. +1 for me Pierre ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: clean up disk space on mirrors
1. Remove F29beta from mirrors so mirrors can keep up /pub/fedora/linux/releases/test/29_Beta/ 2. Move F27 to archives a. Have mirrormanager point to /pub/archives/fedora/linux/27 b. Remove /pub/fedora/linux/27 -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: update prod tag name in WaiverDB
Yeah, in general we want to keep the two tags separated, so that if there is some freeze internally or in Fedora we don't block the other one. On Mon, Mar 25, 2019 at 11:46 AM Pierre-Yves Chibon wrote: > On Mon, Mar 25, 2019 at 06:34:27PM +0800, Yuxiang Zhu wrote: > >Hi, we are going to follow the same practice as Greenwave, where tag > >`prod` will be used for Red Hat internal deployments and > `prod-fedora` for > >Fedora deployments. > >The image pointed by `prod` tag will be updated by automated process > while > >`prod-fedora` will be still changed manually. It should be harmless. > > I guess you need this now because you want to deploy something internally > and > not in Fedora yet. > > In this case +1 for me. > > > Pierre > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to > infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [FBR] proxies: adding rewritecond to reverseproxy for ws if remotepath exists
Reviewed. +1
On Fri, 22 Mar 2019 at 16:04, Tim Flink wrote:
>
> I was hitting an issue where there were multiple reverseproxy instances
> configured for a single host and some of the rewrite rules were changing
> the request when they shouldn't be.
>
> This patch adds a rewritecond to the websocket rewrite rule to make
> sure that the REQUEST_URI starts with $remotepath before it's rewritten.
> ---
> roles/httpd/reverseproxy/templates/reversepassproxy.conf | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.conf
> b/roles/httpd/reverseproxy/templates/reversepassproxy.conf index
> 38950e4..1e4afe0 100644 ---
> a/roles/httpd/reverseproxy/templates/reversepassproxy.conf +++
> b/roles/httpd/reverseproxy/templates/reversepassproxy.conf @@ -47,6
> +47,9 @@ SSLProxyEngine On RewriteEngine on
> RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC]
> RewriteCond %{HTTP:Connection} Upgrade [NC]
> +{% if remotepath is defined %}
> +RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.)*
> +{% endif %}
> RewriteRule .*
> "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
>
> --
> 1.8.3.1
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
--
Stephen J Smoogen.
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: batcave allows / run bastion playbook for vpn
On Fri, 22 Mar 2019 at 21:32, Kevin Fenzi wrote: > > On 3/22/19 2:13 PM, Stephen John Smoogen wrote: > > I added repospanner to vpn earlier but have not run playbook on bastions > > > > > > [smooge@batcave01 ansible (master)]$ git diff > > f7c0985d56228bae8332aa3360a086f033e641d8 > > diff --git a/roles/batcave/files/allows b/roles/batcave/files/allows > > index 5439b2a..2a721d8 100644 > > --- a/roles/batcave/files/allows > > +++ b/roles/batcave/files/allows > > @@ -107,7 +107,13 @@ require ip 8.43.85.69 > > require ip 8.43.85.70 > > require ip 8.43.85.71 > > require ip 8.43.85.72 > > +require ip 8.43.85.73 > > require ip 8.43.85.74 > > +require ip 8.43.85.75 > > +require ip 8.43.85.76 > > +require ip 8.43.85.77 > > +require ip 8.43.85.78 > > +require ip 8.43.85.79 > > I take it this is to allow rdu2 machines to access batcave for packages, > etc right? > Yes. This is to extend to the rdu2 space an allowance so we don't have to do more freeze breaks in case we add more systems there. > +1 in any case... > > kevin > > > > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: update prod tag name in WaiverDB
On Mon, 25 Mar 2019 at 06:46, Pierre-Yves Chibon wrote: > > On Mon, Mar 25, 2019 at 06:34:27PM +0800, Yuxiang Zhu wrote: > >Hi, we are going to follow the same practice as Greenwave, where tag > >`prod` will be used for Red Hat internal deployments and `prod-fedora` > > for > >Fedora deployments. > >The image pointed by `prod` tag will be updated by automated process > > while > >`prod-fedora` will be still changed manually. It should be harmless. > > I guess you need this now because you want to deploy something internally and > not in Fedora yet. > > In this case +1 for me. > +1. > > Pierre > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Need someone to run Thursday meeting
I will be gone Wed->Sun this week and will need someone to run the Thursday Infrastructure meeting. The basics of the meeting are in the gobby-0.5 on infinote.fedoraproject.org On Wednesday, call for items to be added to the document on IRC in #fedora-admin, #fedora-apps, #fedora-noc, #fedora-releng . Send out an email around 20:00 UTC. On Thursday, go to IRC an hour before meeting and remind people on #fedora-admin, #fedora-apps, #fedora-noc, #fedora-releng . Start the meeting and follow the form. After each section either mark sub-items to be used next meeting or remove it. Thanks -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: update prod tag name in WaiverDB
On Mon, Mar 25, 2019 at 06:34:27PM +0800, Yuxiang Zhu wrote: >Hi, we are going to follow the same practice as Greenwave, where tag >`prod` will be used for Red Hat internal deployments and `prod-fedora` for >Fedora deployments. >The image pointed by `prod` tag will be updated by automated process while >`prod-fedora` will be still changed manually. It should be harmless. I guess you need this now because you want to deploy something internally and not in Fedora yet. In this case +1 for me. Pierre ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: update prod tag name in WaiverDB
On Mon, Mar 25, 2019 at 10:57:38AM +0100, Clement Verna wrote: > On Mon, 25 Mar 2019 at 10:49, Yuxiang Zhu wrote: > > > > Currently the prod-fedora tag points to the same image as prod tag. > > > > I just checked `quay.io/factory2/waiverdb:prod-fedora` > > (sha256:726a6c6465e066bc1056c17b71c16117150266490fed8fa2b096e7bb249eba8e) > > from quay.io's Web UI. It is built from > > https://pagure.io/waiverdb/tree/d4ea9bffd9da52efbef147b0e2d42cc726c1d7c6 so > > the change of messaging is not included. If they point to the same image, what is the need for this FBR? (in other words, why should we change a frozen system during an infra freeze if it doesn't change anything? :)) If it is harmless, I don't want to block it, but I'd argue there is a bit of context missing :) Thanks, Pierre ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: update prod tag name in WaiverDB
On Mon, 25 Mar 2019 at 10:49, Yuxiang Zhu wrote:
>
> Currently the prod-fedora tag points to the same image as prod tag.
>
> I just checked `quay.io/factory2/waiverdb:prod-fedora`
> (sha256:726a6c6465e066bc1056c17b71c16117150266490fed8fa2b096e7bb249eba8e)
> from quay.io's Web UI. It is built from
> https://pagure.io/waiverdb/tree/d4ea9bffd9da52efbef147b0e2d42cc726c1d7c6 so
> the change of messaging is not included.
Great Thanks :)
It would be +1 for me, but my vote does not count :)
>
> On Mon, Mar 25, 2019 at 5:39 PM Clement Verna
> wrote:
>>
>> On Mon, 25 Mar 2019 at 10:22, Giulia Naponiello wrote:
>> >
>> > Hello,
>> > we would like to change the name of the tag in quay.io for WaiverDB. Could
>> > you make this change?
>>
>> Does that contains the change to use fedora-messaging instead of fedmsg ?
>>
>> >
>> > Here's the patch:
>> > diff --git a/roles/openshift-apps/waiverdb/templates/imagestream.yml
>> > b/roles/openshift-apps/waiverdb/templates/imagestream.yml
>> > index 3fe37a481..7758ea5c6 100644
>> > --- a/roles/openshift-apps/waiverdb/templates/imagestream.yml
>> > +++ b/roles/openshift-apps/waiverdb/templates/imagestream.yml
>> > @@ -20,5 +20,5 @@ spec:
>> >name: quay.io/factory2/waiverdb:latest
>> > {% else %}
>> ># This is 'prod' tag is maintained by hand.
>> > - name: quay.io/factory2/waiverdb:prod
>> > + name: quay.io/factory2/waiverdb:prod-fedora
>> > {% endif %}
>> >
>> >
>> > Thank you!
>> > Cheers
>> >
>> > Giulia
>> > ___
>> > infrastructure mailing list -- infrastructure@lists.fedoraproject.org
>> > To unsubscribe send an email to
>> > infrastructure-le...@lists.fedoraproject.org
>> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
>> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> > List Archives:
>> > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
>
>
>
> --
> Thanks,
> Yuxiang
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: update prod tag name in WaiverDB
On Mon, 25 Mar 2019 at 10:22, Giulia Naponiello wrote:
>
> Hello,
> we would like to change the name of the tag in quay.io for WaiverDB. Could
> you make this change?
Does that contains the change to use fedora-messaging instead of fedmsg ?
>
> Here's the patch:
> diff --git a/roles/openshift-apps/waiverdb/templates/imagestream.yml
> b/roles/openshift-apps/waiverdb/templates/imagestream.yml
> index 3fe37a481..7758ea5c6 100644
> --- a/roles/openshift-apps/waiverdb/templates/imagestream.yml
> +++ b/roles/openshift-apps/waiverdb/templates/imagestream.yml
> @@ -20,5 +20,5 @@ spec:
>name: quay.io/factory2/waiverdb:latest
> {% else %}
># This is 'prod' tag is maintained by hand.
> - name: quay.io/factory2/waiverdb:prod
> + name: quay.io/factory2/waiverdb:prod-fedora
> {% endif %}
>
>
> Thank you!
> Cheers
>
> Giulia
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: update prod tag name in WaiverDB
Hello,
we would like to change the name of the tag in quay.io for WaiverDB. Could
you make this change?
Here's the patch:
diff --git a/roles/openshift-apps/waiverdb/templates/imagestream.yml
b/roles/openshift-apps/waiverdb/templates/imagestream.yml
index 3fe37a481..7758ea5c6 100644
--- a/roles/openshift-apps/waiverdb/templates/imagestream.yml
+++ b/roles/openshift-apps/waiverdb/templates/imagestream.yml
@@ -20,5 +20,5 @@ spec:
name: quay.io/factory2/waiverdb:latest
{% else %}
# This is 'prod' tag is maintained by hand.
- name: quay.io/factory2/waiverdb:prod
+ name: quay.io/factory2/waiverdb:prod-fedora
{% endif %}
Thank you!
Cheers
Giulia
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
