|
[14:46:19] <Ada_Lovelace> Hello everybody! :)
|
|
[14:50:01] <IonutVan_> hi
|
|
[14:50:35] <Ada_Lovelace> Who wants to log our meeting?
|
|
[14:51:42] <tampakrap> I'm logging
|
|
[14:51:58] <Ada_Lovelace> Cool. :)
|
|
[14:56:48] <IonutVan_> I knew that the meeting was postponed because of FOSDEM and now I have some visitors. But, I will check the logs, of course
|
|
[14:57:36] <cboltz> IonutVan_: some of us are at fosdem
|
|
[14:57:43] <cboltz> come to the ownCloud booth ;-)
|
|
[14:57:50] <Ada_Lovelace> You can read all here, too. That will be enough for you.
|
|
[14:58:10] <IonutVan_> cboltz, I am not there :)
|
|
[14:58:23] <Ada_Lovelace> We are using the ownCloud wifi at FOSDEM. :)
|
|
[14:58:25] <cboltz> your fault ;-)
|
|
[14:58:28] <IonutVan_> Ada_Lovelace, I will have a look from time to time :)
|
|
[14:58:45] <IonutVan_> cboltz, :P
|
|
[15:00:19] <Ada_Lovelace> Let's start the meeting. :)
|
|
[15:00:53] <Ada_Lovelace> We saw new attacks on our infrastructure.
|
|
[15:01:09] <Ada_Lovelace> Look to news.opensuse.org.
|
|
[15:01:48] *** Joins: orangecms (~cyrevolt@2001:67c:1810:f055:410:62c6:1e9b:8295)
|
|
[15:01:56] <orangecms> helloooo
|
|
[15:02:35] <Ada_Lovelace> Theo? What do you say?
|
|
[15:03:09] <tampakrap> regarding the attack?
|
|
[15:03:15] <Ada_Lovelace> Yes
|
|
[15:03:40] <IonutVan_> Ada_Lovelace, there is a vulnerability in wordpress 4.7.1. https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
|
|
[15:03:45] <tampakrap> the issue has been raised to MF-IT to update wordpress and restore the content, and make sure nothing else was touched
|
|
[15:03:58] <tampakrap> also notified my managed christian
|
|
[15:04:12] <tampakrap> meanwhile, if you can find somebody at fosdem that has proper access to restore the content do it please
|
|
[15:04:18] <Ada_Lovelace> Ok. We'll recommend Doug to change the password, too.
|
|
[15:04:24] <tampakrap> I asked for access as well
|
|
[15:04:41] <tampakrap> the password doesn't have to be changed
|
|
[15:04:45] <Ada_Lovelace> Who is admin for wordpress?
|
|
[15:05:00] <tampakrap> I don't know
|
|
[15:05:12] <tampakrap> I'm trying to figure out
|
|
[15:05:21] <Ada_Lovelace> I'll ask Doug.
|
|
[15:05:41] <Ada_Lovelace> Anybody gave him access....
|
|
[15:06:33] <IonutVan_> what about a kind of list with: service -> responsible person? I think something like that could be useful
|
|
[15:07:34] <tampakrap> IonutVan_: already wip https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/List_of_machines
|
|
[15:08:04] *** Joins: lars_ (bc69a4a6@gateway/web/freenode/ip.188.105.164.166)
|
|
[15:08:13] <tampakrap> but news.o.o along with the rest of the services that are hosted in provo have people from MF-IT as responsible, and I am not sure who is supposed to be our opensuse admin from MF-IT provo now
|
|
[15:08:55] <Ada_Lovelace> @Lars: Do you know wordpress admins?
|
|
[15:09:12] <lars_> Ada_Lovelace: not really, sorry.
|
|
[15:09:37] <lars_> ...and sorry for being late, but my pidgin does not want to log in :-/
|
|
[15:09:41] <Ada_Lovelace> Ok. My next step after the meeting: Asking Doug who gave him access.
|
|
[15:10:00] <lars_> Do we have a bot - or someone who is keeping a log ?
|
|
[15:10:01] <tampakrap> Ada_Lovelace: the guy that gave him access could be whoever has appropriate perms to do that on the wordpress instance
|
|
[15:10:02] <Ada_Lovelace> We speak about the spam on news.opensuse.org
|
|
[15:10:15] <tampakrap> doesn't mean that the same guy has appropriate perms to udpate wordpress
|
|
[15:10:19] <tampakrap> lars_: I am logging
|
|
[15:10:25] <Ada_Lovelace> Yes. And the person has admin access...
|
|
[15:10:27] <lars_> thanks!
|
|
[15:10:42] <tampakrap> maybe not, this is what I am trying to explain
|
|
[15:10:50] <Ada_Lovelace> ok
|
|
[15:10:57] <cboltz> the interesting detail is that news.o.o seems to get wordpress updates - just not fast enough :-/
|
|
[15:11:06] <tampakrap> feel free to ask douglas who gave him access, but the person he might point you out doesn't necessarily mean he is the guy we are searching for
|
|
[15:11:17] <lars_> you mean that "Hacked By MuhmadEmad" entry?
|
|
[15:11:23] <Ada_Lovelace> yes
|
|
[15:11:32] <lars_> ah, ok
|
|
[15:12:05] *** Joins: mrz__ (~mrz@122.177.219.203)
|
|
[15:12:14] <lars_> IMHO the problem is the same as with all the other services hosted "outside" Nuremberg: we do not really have access nor do we really know who takes care, right?
|
|
[15:12:21] <Ada_Lovelace> We need a wordpress update very fast.
|
|
[15:12:42] <lars_> well: we do not only need an update, we need someone who can shut down the instance and investigate the issue
|
|
[15:12:44] <Ada_Lovelace> UI access as a admin should be enough
|
|
[15:12:59] <tampakrap> nope it is not
|
|
[15:13:02] <lars_> otherwise nobody will know what else might be affected
|
|
[15:13:14] * cboltz considers switching to S9Y, which is "boring" on the security side (maybe one update per year)
|
|
[15:13:28] <cboltz> (but obviously, that's a long-term goal, nothing for today)
|
|
[15:13:48] *** Quits: mrz_ (~mrz@122.177.196.36) (Ping timeout: 240 seconds)
|
|
[15:14:07] <lars_> well: I'm always thinking why we do not have the "Automatic-Update" feature enabled for all the wordpress instances, if the admins do not really care
|
|
[15:14:44] <lars_> but I'm also not sure if the problem was not simply the password rom Doug - so without further investigation, I doubt that everything we want or do is senseless
|
|
[15:14:51] <tampakrap> it is not the password
|
|
[15:14:59] <tampakrap> so I will sum up because you are missing the details
|
|
[15:15:06] <lars_> probably yes, right
|
|
[15:15:16] <tampakrap> there is a vuln on 4.7.1, fixed on 4.7.2 regarding API
|
|
[15:15:28] <tampakrap> I sent a mail to people that might be able to restore the post
|
|
[15:15:32] <lars_> tampakrap: do you know if some one escalated the issue already ?
|
|
[15:15:48] <tampakrap> and also raised a ticket to MF-IT, and pointed it to cmueller already so he can mark it as urgent
|
|
[15:15:55] <lars_> ok, thanks!
|
|
[15:15:58] <tampakrap> you have a copy of that in ops-services@s.d
|
|
[15:16:30] <tampakrap> so what we need to do is: 1) more people with admin access on the UI (already volunteered for that) 2) figure out who is our provo opensuse contact
|
|
[15:16:40] <cboltz> what does urgent mean in provo terms? *SCNR*
|
|
[15:16:43] <tampakrap> 3) shut down the instance and check what has been compromised
|
|
[15:17:02] <lars_> funny: lizards.opensuse.org seems currently not to be affected
|
|
[15:17:18] <tampakrap> 4) restore the posts
|
|
[15:17:24] <tampakrap> 5) update wordpress and bring it back online
|
|
[15:17:26] <tampakrap> that's all
|
|
[15:17:35] <lars_> tampakrap: ui access will not really help if the crap is on the system already ;-)
|
|
[15:18:00] <tampakrap> I know but it is an improvement
|
|
[15:18:07] <tampakrap> because root access I know we can't get
|
|
[15:18:23] <tampakrap> and not only for this case, but for the future as well
|
|
[15:18:23] <Ada_Lovelace> That was the reason for me to speak with Doug additionally....
|
|
[15:19:11] <lars_> tampakrap: no, I doubt that we will get root access...
|
|
[15:19:28] <tampakrap> my point exactly
|
|
[15:19:50] <cboltz> looks like news.o.o is the next thing to migrate to the new infra...
|
|
[15:19:59] <tampakrap> even if they can set up wordpress to run with a dedicated user and give me access to this user I would be happy
|
|
[15:20:08] <tampakrap> so I can update wordpress myself instead of waiting for them
|
|
[15:20:18] <tampakrap> but I'm pretty sure any ssh access to that machine is restricted
|
|
[15:21:16] <lars_> tampakrap: well, the plan was to migrate everything openSUSE related to the Provo cloud asap
|
|
[15:21:25] <lars_> that included also all the PHP-stuff
|
|
[15:21:33] <Ada_Lovelace> What is the status? ;)
|
|
[15:22:01] <lars_> but as it looks like we get more and more problems, I think we need to escalate it further and check for alternatives
|
|
[15:22:34] <tampakrap> regarding opensuse cloud, last thing I heard is that it was supposed to be ready on friday, but on friday I was sick and didn't get the final status
|
|
[15:22:41] <lars_> Ada_Lovelace: the status is a bit better than a few weeks ago - but still not satisfying
|
|
[15:23:07] <cboltz> what's the problem this time?
|
|
[15:23:15] <lars_> tampakrap: if it would not be so sad, I would say: did you ask which Friday ? ;-)
|
|
[15:23:48] <lars_> cboltz: you should ask gschlotter for details
|
|
[15:24:07] <orangecms> We could also ask for sponsoring at DigitalOcean, they are quite open and approachable
|
|
[15:24:09] <tampakrap> yeah let's not make assumptions, we can have a concrete status from gschlotter on monday
|
|
[15:24:19] <lars_> cboltz: but IMHO the access to the storage was the last problem - before the connection got lost completely
|
|
[15:24:41] <lars_> but that's all I can tell from a far view point
|
|
[15:24:49] <cboltz> nice[tm]
|
|
[15:24:54] <lars_> orangecms: good idea? Do you have any contacts?
|
|
[15:25:05] <cboltz> gschlotter: do you know more details?
|
|
[15:25:30] <tampakrap> he is not here
|
|
[15:26:24] <orangecms> Well, I could approach Allan Jude, who's running the BSDNow podcast, and that is sponsored by DO
|
|
[15:26:37] <orangecms> He's at the FreeBSD stand :-)
|
|
[15:26:58] <cboltz> another option would be to ask Hetzner if they can sponsor some servers
|
|
[15:28:04] <Ada_Lovelace> noris networks is the sponsor of debian. I don't believe they support openSUSE....
|
|
[15:28:32] <Ada_Lovelace> heinlein is open for us and has got his own ISP.
|
|
[15:29:16] <Ada_Lovelace> But he isn't at FOSDEM.
|
|
[15:29:28] <orangecms> It would also be a cool thing if DigitalOcean could be bumped to offer openSUSE images in general. For now they have Ubuntu, FreeBSD, Fedora, Debian, CoreOS and CentOS
|
|
[15:29:49] <lars_> cool ideas!
|
|
[15:29:54] <Ada_Lovelace> Should I ask Peer?
|
|
[15:30:07] <lars_> I would say: go for it! for all ideas
|
|
[15:30:17] <lars_> better to have too much alternatives in the end than nothing ;-)
|
|
[15:30:45] <lars_> Ada_Lovelace: ..and you probably want to get the openSUSE board with you
|
|
[15:31:06] <Ada_Lovelace> He can become our rack sponsor instead of marketing sponsor. :)
|
|
[15:31:07] <lars_> as I think we need to push the Provo guys to get things done asap
|
|
[15:31:40] <cboltz> this time please _really_ take a video of it ;-)
|
|
[15:32:23] <lars_> cboltz: I think "50 shades of Provo" might not be a good title :-)
|
|
[15:32:45] <cboltz> why not? ;-)
|
|
[15:33:00] <cboltz> oh, wait - make it "100 shades of Provo" ;-)
|
|
[15:34:21] <lars_> do we have some other topics ?
|
|
[15:34:28] <orangecms> Absolutely, I'll go over there later and poke Allan :D
|
|
[15:35:28] *** Joins: kl_eisbaer1 (~kl_eisbae@dslb-188-105-164-166.188.105.pools.vodafone-ip.de)
|
|
[15:35:35] <Ada_Lovelace> I'll write tomorrow (after my last test in Computer Science this semester).
|
|
[15:36:23] <kl_eisbaer1> so we do not have other topics than the hacked news.o.o ?
|
|
[15:36:41] <cboltz> we have ;-)
|
|
[15:36:54] <cboltz> do you prefer a nice one or a not-so-nice one first?
|
|
[15:37:09] <lars_> after the first topic, I would prefer a nice one :-)
|
|
[15:37:10] <Ada_Lovelace> No.No.
|
|
[15:37:11] <orangecms> Start with the bad ones :D
|
|
[15:37:21] <lars_> *seufz*
|
|
[15:37:24] <lars_> ok
|
|
[15:37:28] * orangecms sighs
|
|
[15:37:39] <Ada_Lovelace> status of progress
|
|
[15:38:08] <cboltz> we have lots of bitrotting tickets
|
|
[15:38:23] <cboltz> and lots of them even block external contributors
|
|
[15:38:28] <Ada_Lovelace> Who wants to create all the OBS repositories?
|
|
[15:38:55] <Ada_Lovelace> Who wants to add mirrors or fixes issues there?
|
|
[15:38:56] <lars_> Ada_Lovelace: that area will be covered by Darix in a few days
|
|
[15:39:07] <cboltz> define "a few" ;-)
|
|
[15:39:12] <lars_> Ada_Lovelace: ...and mirrors was a topic for mcaj and gschlotter
|
|
[15:39:13] <Ada_Lovelace> What is "in a few days"?
|
|
[15:39:25] <lars_> Ada_Lovelace: once he feels better, I would say
|
|
[15:39:38] <Ada_Lovelace> Should we assign it all to them? ;)
|
|
[15:40:43] <lars_> Ada_Lovelace: I would say yes
|
|
[15:41:00] <Ada_Lovelace> Ok. We'll do. :)
|
|
[15:41:04] <lars_> Ada_Lovelace: and use the "Due date"
|
|
[15:41:18] <Ada_Lovelace> How long do they have time?
|
|
[15:41:34] <lars_> Ada_Lovelace: as they are not here, I would say we need to think for them
|
|
[15:41:39] <lars_> what about 2 weeks ?
|
|
[15:41:40] <tampakrap> put me there as well
|
|
[15:42:25] <Ada_Lovelace> We are happy with 2 weeks. We would have a really empty queue if they would fix all in this time. :)
|
|
[15:42:26] <lars_> should we think about an "obs" and "mirror" group ?
|
|
[15:42:40] <Ada_Lovelace> Ok. We'll add you.
|
|
[15:42:50] <tampakrap> we have both
|
|
[15:42:56] <tampakrap> group and category
|
|
[15:43:18] <tampakrap> I would actually kill groups and keep categories only
|
|
[15:43:20] <Ada_Lovelace> But admin groups. And Adrian asked why he got these issues.
|
|
[15:43:40] <tampakrap> I don't follow
|
|
[15:43:45] <Ada_Lovelace> He doesn't create OBS repositories.
|
|
[15:43:54] <tampakrap> true, darix does
|
|
[15:44:19] <Ada_Lovelace> Adrian is in the OBS admin group and doesn't fix "Create repository" issues.
|
|
[15:44:30] <cboltz> BTW: is there a way to see who is "behind" a group in progress? (as in: who gets mailed?)
|
|
[15:44:33] <tampakrap> correct, don't assign them to obs group but to darix
|
|
[15:44:41] <tampakrap> cboltz: yes at the admin settings
|
|
[15:44:48] <tampakrap> you want a link?
|
|
[15:44:52] <lars_> cboltz: IMHO only progress admins can have a look who is in which group
|
|
[15:45:05] <tampakrap> https://progress.opensuse.org/groups
|
|
[15:45:19] <cboltz> that goes 403 for me
|
|
[15:45:24] <orangecms> This looks interesting, regaring news.o.o http://www.zone-h.org/archive/notifier=muhmademad?zh=1
|
|
[15:46:00] <lars_> Ada_Lovelace: so we have assigned all mirror and OBS tickets. Are there more ?
|
|
[15:46:14] <Ada_Lovelace> Yes.
|
|
[15:46:53] <cboltz> there are 5 pages with various tickets that don't fit into any group
|
|
[15:46:59] <cboltz> (or I was too lazy to sort them)
|
|
[15:47:13] <cboltz> so please check them and assign them to the right person
|
|
[15:47:18] <cboltz> (and set the due date ;-)
|
|
[15:47:31] <orangecms> Apparently someone has simply automated crawling the web for WP < 4.7.2 instances and injects her defacements automatically.
|
|
[15:47:37] <Ada_Lovelace> We'll have fun with 2 weeks. ;)
|
|
[15:48:27] <tampakrap> anything more? should we move?
|
|
[15:48:40] <Ada_Lovelace> next topic: wiki ideas
|
|
[15:50:18] <Ada_Lovelace> We had a discusion on our wiki mailing list because of too many tools for documentation. I found the github extension for mediawiki. So we can get upstream docu from github. All will be loaded from there at the timestamp of loading the wiki page. :)
|
|
[15:50:56] <Ada_Lovelace> We will have the updated documentation in the wiki you can ever have. ^^
|
|
[15:51:01] <cboltz> for an example, see http://paste.opensuse.org/68489949
|
|
[15:51:16] <cboltz> (just a random README.md loaded into the test wiki on my laptop)
|
|
[15:51:24] <Ada_Lovelace> We tested it today. :)
|
|
[15:51:34] <tampakrap> I don't follow sorry
|
|
[15:51:37] <cboltz> at the wiki side, it's just {{#github:README.md|openSUSE/geekodoc|develop}}
|
|
[15:51:40] <tampakrap> bear with me, still sick
|
|
[15:51:58] <cboltz> tampakrap: think of "iframes on steroids" ;-)
|
|
[15:52:16] <tampakrap> you create a github repository, and then load its README.md into the opensuse wiki?
|
|
[15:52:25] <cboltz> right
|
|
[15:52:51] <cboltz> and it gets updated automatically if it changes on github
|
|
[15:53:00] <Ada_Lovelace> We don't want to write documentation. We want to automate it with the github extension (documentation of different projects on github).
|
|
[15:53:02] <tampakrap> okay and if I change it on the web?
|
|
[15:53:10] <tampakrap> doesn't get automatically committed on github?
|
|
[15:53:26] <cboltz> in the wiki, you just need {{#github:README.md|openSUSE/geekodoc|develop}}
|
|
[15:53:34] <cboltz> so you can't edit it directly in the wiki
|
|
[15:53:38] <tampakrap> ah okay, so you can't touch it
|
|
[15:54:01] <tampakrap> okay and which repos' docs you want to load on the wiki?
|
|
[15:54:12] <tampakrap> or you just want to offer it as a generic feature for the community?
|
|
[15:54:16] <Ada_Lovelace> You work in github then.That's easier for our developers, too.
|
|
[15:54:33] <cboltz> we'll offer it as feature for everybody who wants to use it
|
|
[15:54:38] <orangecms> You can add above/below if you want to state errata or have more info etc
|
|
[15:54:47] <orangecms> The best thing would be contributing to upstream imho
|
|
[15:54:59] <Ada_Lovelace> We want to represent it at the next oSC.
|
|
[15:55:22] <tampakrap> okay
|
|
[15:55:39] <tampakrap> assuming there are no security concerns for this plugin, +1 from me
|
|
[15:55:55] <Ada_Lovelace> Thanks! We'll try it.
|
|
[15:56:55] <tampakrap> okay anything further to discuss on it, or it was just to inform us?
|
|
[15:57:23] <Ada_Lovelace> We wanted to get your feedback and your SUSE view.
|
|
[15:58:06] <tampakrap> there's no SUSE view, we are all volunteers here :)
|
|
[15:58:09] <tampakrap> next topic?
|
|
[15:58:13] <Ada_Lovelace> You know many SOSE developers who write documentations. Do they prefer github?
|
|
[15:58:44] <tampakrap> there are quite of suse/opensuse projects on github
|
|
[15:59:12] <tampakrap> what everyone prefers is not that relevant actually, there are reasons to use a web wiki or a git based documentation based on various factors
|
|
[15:59:18] <Ada_Lovelace> Yes. That's it!
|
|
[16:00:02] <tampakrap> so next topic?
|
|
[16:00:24] <orangecms> tampakrap, should everyone you created an account for on gitlab.o.o have received some individual inviation email?
|
|
[16:00:35] <Ada_Lovelace> It seems we have all finished.
|
|
[16:00:40] <tampakrap> so my turn
|
|
[16:00:59] <tampakrap> as orangecms said, gitlab.o.o is on the internet now, along with the salt repository
|
|
[16:01:30] <tampakrap> relevant people should have gotten a mail with their account, and also should have been granted appropriate permissions to see the salt repository
|
|
[16:01:38] <tampakrap> if you didn't get one of those two, let me know please
|
|
[16:01:58] * orangecms raises a hand
|
|
[16:02:14] <tampakrap> also, I will create two-three VMs for testing purposes so we can experiment
|
|
[16:02:14] <lars_> tampakrap: I'm not sure, but I guess if I can not log in any more, I can simply use the "password forgotten" link, right?
|
|
[16:02:31] <tampakrap> orangecms: what's your connect profile please?
|
|
[16:02:39] <tampakrap> lars_: yes and if it doesn't work let me know please
|
|
[16:02:46] <lars_> ok, thanks
|
|
[16:03:04] <orangecms> It's orangecms
|
|
[16:03:31] <tampakrap> in order to check out the repo you need to put in your .ssh/config something that cboltz will tell you, I don't have it now handy sorry :)
|
|
[16:04:03] <tampakrap> I also sent mail to a few opensuse guys that are quite experienced with salt, one of them joined us already
|
|
[16:04:21] <orangecms> Yup, I've done that already
|
|
[16:04:37] <orangecms> the SSH config I mean :)
|
|
[16:04:45] <tampakrap> regarding the salt code, you do NOT have access to the production branch (yet)
|
|
[16:04:55] <orangecms> It's here https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/Salt_repository_layout
|
|
[16:05:05] <cboltz> the details for SSH are in the admin wiki, and a link to it is on the heroes ML
|
|
[16:05:12] <tampakrap> so you will need to file merge requests and one of me, darix kl_eisbaer and gschlotter should be able to merge it
|
|
[16:05:28] <orangecms> It's fine, I prefer having a review anyway
|
|
[16:05:40] <orangecms> brb
|
|
[16:06:06] <tampakrap> for questions regarding ops/structure/whatever feel free to contact me
|
|
[16:06:13] <tampakrap> questions?
|
|
[16:06:57] <tampakrap> I take that as a no
|
|
[16:06:59] <cboltz> FYI - I'll probably ping you in the next days to get the wiki salt files into the repo
|
|
[16:07:08] <tampakrap> okay
|
|
[16:07:12] <lars_> tampakrap: I know it's in the repo, but which hosts and which formulas (or files) are under Salt control now? Do you have some percentages=
|
|
[16:07:25] <lars_> s/=/?
|
|
[16:07:30] <tampakrap> lars_: this brings me to my last topic :)
|
|
[16:07:47] <tampakrap> although already said it before, just so that everybody is aware
|
|
[16:08:03] <tampakrap> I have started a wiki page with inventory regarding all of the opensuse hosts https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/List_of_machines
|
|
[16:08:15] <lars_> ...and also interesting to me is: https://progress.opensuse.org/issues/16126
|
|
[16:08:47] <tampakrap> it has the hosts fqdn, cnames, admin contacts, to which salt environment they belong and to which virt cluster
|
|
[16:09:01] <tampakrap> so I started with the machines that are under the opensuse.org salt master, minnie.opensuse.org
|
|
[16:09:11] <lars_> as it looks like we need to make sure that we know which packages are currently comming from other repositories before we disable the non-standard ones
|
|
[16:09:22] <tampakrap> and I will continue with the opensuse.org or mixed suse/opensuse hosts that are controlled by SUSE-IT
|
|
[16:09:28] <tampakrap> and the hsots that are in provo
|
|
[16:09:41] <cboltz> FYI: doug said that henne created his account for news.o.o
|
|
[16:09:45] <lars_> tampakrap: this list seems to be handcrafted
|
|
[16:09:55] <tampakrap> yes still wip
|
|
[16:09:57] <lars_> tampakrap: isn't there a way to get it automated via Salt ?
|
|
[16:10:11] <lars_> otherwise I fear that this table will get outated very soon
|
|
[16:10:16] <tampakrap> it is, but the information is in salt first
|
|
[16:11:06] <lars_> tampakrap: ok, so my question would be: can we agree on using only Salt to host this information?
|
|
[16:11:26] <lars_> having duplicate information somewhere is always the starting point of nightmares
|
|
[16:11:32] <tampakrap> regarding your repos ticket, I replied there already, I took care of the packages' being in the openSUSE:infrastructure repo, so please be more specific on what is missing so I can fix it (I did like 3 hosts only iirc)
|
|
[16:11:57] <tampakrap> to do this, we need to agree on how to have that info in salt first (documented)
|
|
[16:12:01] <lars_> ...and if we need the information about the hosts and their admins in Salt anyway, I do not really see why we need to maintain a manual list elsewhere
|
|
[16:12:10] <tampakrap> then I can create the script that exports them from salt and puts them into the wiki
|
|
[16:12:29] <lars_> tampakrap: I did not tell you which hosts I mean because this would be the easy fix ;-)
|
|
[16:12:31] <tampakrap> and yes I really support this idea
|
|
[16:12:38] <cboltz> lars_: I completely agree about storing this in salt, but _for now_ the list in the wiki is better than nothing
|
|
[16:12:55] <tampakrap> cboltz: putting the info into salt is much less effort than the wiki page
|
|
[16:12:56] <lars_> tampakrap: we should run a script that prints out all the packages NOT from our standard repos
|
|
[16:13:39] <lars_> tampakrap: if it's currently more effort to maintain the list in the wiki, please stop doing it and concentrate on the real work :-)
|
|
[16:14:08] <lars_> once we have time, we can write a script to update a wiki page automatically - if this is still needed
|
|
[16:14:37] <tampakrap> agreed
|
|
[16:15:15] <lars_> cboltz: and having an updated list in the wiki is a good starting point for failures, so even if I can understand your wish (especially as wiki admin ;-), I would love to NOT have it
|
|
[16:15:28] <lars_> s/updated/outdated/
|
|
[16:17:16] <lars_> for the package issue, here is a very quick hack:
|
|
[16:17:19] <lars_> for pkg in $(rpmqpack); do rpm -q --qf "%{NAME} %{DISTURL}\n" $pkg | grep -v "openSUSE:Leap:42.2"; done
|
|
[16:18:24] <lars_> or maybe better search for the DISTRIBUTION string, which should not match "openSUSE Leap 42.2"
|
|
[16:18:57] <lars_> something like this (together with the list in /etc/nagios/check_zypper-ignores.txt) should bring us on the right track
|
|
[16:19:27] <lars_> I guess especially the check_zypper-ignores.txt file should indeed be very helpfull for a first look on a machine
|
|
[16:19:43] <lars_> because there I listed all the unmaintained packages anyway
|
|
[16:19:53] <tampakrap> I also have the code ready to install a bunch of packages on salt based on roles (also for common packages)
|
|
[16:19:56] <Ada_Lovelace> Theo: You should lolgin into the atreju cluster and shutdown the vm with wordpress.
|
|
[16:19:58] <lars_> so it's just a question if all those packages in that file are still installed
|
|
[16:20:24] <lars_> Ada_Lovelace: we do not have access to those machines - they are running in Provo, not in NUE
|
|
[16:20:25] <tampakrap> there will be able also the opportunity to select from which repo you want the package installed
|
|
[16:20:49] <tampakrap> then the zypper-ignores.txt can be generated from salt as well
|
|
[16:20:51] <Ada_Lovelace> via UI, too?
|
|
[16:21:01] <lars_> tampakrap: that sounds great !
|
|
[16:21:21] <lars_> Ada_Lovelace: not at all
|
|
[16:24:01] <tampakrap> I have another topic regarding naming pattern, but I'll skip it for the meeting and probably discuss it over mail
|
|
[16:24:12] <tampakrap> so if there is nothing else to discuss let's close the meeting please
|
|
[16:24:20] <tampakrap> as I'm sick and want to go back to bed
|
|
[16:24:21] <lars_> tampakrap: can you sent me the ticket ID for the hacked wordpress , please?
|
|
[16:24:27] <Ada_Lovelace> nothing else
|
|
[16:24:50] <tampakrap> lars_: didn't get an incident response yet, do they create them manually?
|
|
[16:24:59] <lars_> tampakrap: please do not ask ;-)
|
|
[16:25:25] <lars_> tampakrap: JFYI: I added Mike and Roland into the loop
|
|
[16:25:28] <tampakrap> okay meeting over then, next one 5th of march
|
|
[16:25:40] <tampakrap> good
|
|
[16:25:43] <lars_> but now to something completely different - if you agree ;-)
|
|
[16:25:44] <Ada_Lovelace> good
|
|
[16:25:59] <lars_> https://demo.cachethq.io/
|
|
[16:25:59] <Ada_Lovelace> close the log ;)
|
|
[16:26:16] <lars_> I was thinking about the status page that I wanted to create
|
|
[16:26:55] <lars_> ...and my current assumption (if I look on our "always red" monitoring page): if we just use the output from our monitoring as status page, that will not really be what our users want to see
|
|
[16:27:07] <lars_> even if we use the business process add-on
|
|
[16:27:33] <lars_> So what do your think about the idea to use the software "Cachet" https://github.com/CachetHQ/Cachet instead ?
|
|
[16:27:52] <lars_> there we can create Categories (like OBS, Email, Wiki) and add information there
|
|
[16:28:00] <lars_> information from humans like us
|
|
[16:28:11] <lars_> or information from ticket or monitoring systems
|
|
[16:28:35] <lars_> the only problem I have at the moment. Cachet can be patched to accept LDAP accounts - but not more
|
|
[16:29:07] <lars_> and as long as we do not have the FreeIPA solution ready, I'm unsure how to proceed
|
|
[16:29:31] <lars_> because I do not want to open it up for everyone inside the community how might have a wiki account to create incidents there
|
|
[16:29:59] <lars_> instead again just allowing us access
|
|
[16:30:16] <lars_> this might be the same number of people who now has access to the github pages
|
|
[16:30:48] <lars_> so I'm a bit blocked by now by the availability of the FreeIPA solution :-(
|
|
[16:31:06] <lars_> ....otherwise, it might be a good time now to think if Cachet would make sense as status page ?
|
|
[16:31:14] <lars_> What do YOU think?
|
|
[16:31:29] <Ada_Lovelace> We have to close the session. The FOSDEM is closed in half an hour.
|
|
[16:31:37] <lars_> ok
|
|
[16:31:54] <lars_> Just write me an email ;-)
|
|
[16:32:07] <lars_> ....and sent some pictures from FOSDEM :-)
|
|
[16:32:13] <Ada_Lovelace> I'll add you on CC in the mail to Peer. :)
|
|
[16:32:51] <IonutVan_> it seems that the spam was removed from news.o.o. https://news.opensuse.org/
|
|
[16:33:06] <cboltz> lars_: no pictures - you'll need to come to FOSDEM next year to see it ;-)
|
|
[16:33:23] <lars_> och, menno! ;-)
|
|
[16:33:46] <Ada_Lovelace> Doug has got the information. :)
|
|
[16:34:34] <Ada_Lovelace> Bye!
|