Web   ·   Wiki   ·   Activities   ·   Blog   ·   Lists   ·   Chat   ·   Meeting   ·   Bugs   ·   Git   ·   Translate   ·   Archive   ·   People   ·   Donate

#treehouse, 2010-02-09

Index | Today     Channels | Search | Join

All times shown according to UTC.

Time Nick Message
16:03 dogi #topic agenda
16:04 * last meeting
16:04 * aslo and RIT update - dfarning
16:04 * update on the sending of the 12 wikimedia machines
16:04  - 3 boston servers arrived today - walter
16:04 * lightwaveVM and ldap - bernie/silbe
16:04 * new template lucid - dogi
16:04  - ubuntu-sugarteam buildslaveVM
16:05 * ideaVM and google summer of code
16:05  - http://idea.sugarlabs.org
16:05 * update from develVMs/productionVMs
16:05  - tracVM - silbe
16:05  - pootleVM - unmadindu
16:05  - meetingVM - dogi
16:05 * access fairy
16:05  - the right place to ask for access to the server infrastructure
16:05  - http://wiki.sugarlabs.org/go/S[…]l_account_request
16:06 #topic last meeting
16:07 Action check:
16:07 * dogi poke walter for the 3 boston wikipedia servers -> done
16:07 * dogi finish template lucid for dfarning ubuntu-sugarteam -> done
16:07 * dogi access for _bernie on lucid -> done
16:07 * dogi will setup meetingVM -> not done, but fixed some error with the bot
16:07 * dogi update http://wiki.sugarlabs.org/go/I[…]ure_Team/Meetings
16:07 * bernie new namescheme for backup -> not possible on backup.sl.o
16:08 _bernie waves
16:08 dogi hi _bernie
16:09 silbe hopes it'll get as short as last week ;)
16:09 dogi #topic update on the sending of the 12 wikimedia machines
16:09 <walterbender> bernie, dogi, lfaraone: the server arrived just now to my house
16:09 <dogi> walterbender, :)
16:10 _bernie dogi: yay
16:10 dogi I will meet walter on friday morning for doing the first look onto them
16:11 lfaraone hm. that also means it should be at the arlington career center in VA, but that's closed today.
16:11 dogi #action dogi send mail on the status of 3 boston servers
16:11 thx lfaraone
16:11 can u tell us more about the arlington career center?
16:11 link?
16:12 is there some news about the servers which have RIT as destiantion?
16:12 decause, cdeslandes ?
16:13 lfaraone dogi: http://www.careercenter.arlington.k12.va.us/
16:13 dogi #link http://www.careercenter.arlington.k12.va.us/
16:13 thx :)
16:13 lfaraone dogi: that's just where I had them delivered. We'll probably be hosting most or all of the servers at Trans World IX (TWIX), http://www.transworldix.net/
16:14 dogi #link http://www.transworldix.net/
16:14 that sounds great :)
16:15 decause sorry all, just sat down
16:15 catches up on backlog
16:15 dogi hi decause
16:15 decause dogi: /me wave
16:15 waves _bernie
16:16 _bernie waves back
16:16 decause: maybe servers arrived there too?
16:16 decause the servers have yet to get here, word from CSH
16:16 dogi _bernie, is there any special test i should run on them after installation?
16:17 lfaraone dogi: well, we could run mprime for a few hours and see if the processer melts :)
16:18 dogi +1 lfaraone
16:18 #topic aslo and RIT update
16:19 decause listening
16:19 silbe lfaraone: you mean to see whether they reversed the fan like in one machine we know of? ;)
16:19 dogi I looked into how to travel to RIT
16:19 there is a daily train and/or bus going there from boston
16:20 think i will be prepared by the 21of february
16:21 cdeslandes, decause is that true that until the 8th of march there are exams ?
16:22 decause after speaking with dfarning and professor jacobs, we decided to wait until the first week of spring(march8th), due to this fact, yes
16:22 dogi ok
16:23 is there something else ...
16:23 _bernie dogi: I would run memtest86 for a few hours if possible
16:23 dogi +1 _bernie
16:23 _bernie dogi: also cpuburn ;-)
16:24 dogi: which helped us find the power supply problem in treehouse :-)
16:24 dogi nono that was bernie which found this error :P
16:25 that gives us some time ~20days
16:26 that s why we should think about what the students should prepare ...
16:27 * sshkeys
16:27 * visit http://acitivities.sugarlabs.org/
16:27 * read http://wiki.sugarlabs.org/go/M[…]ine/Discovery_One
16:27 * join #treehouse on irc.oftc.net
16:27 * ...
16:27 silbe dogi: I thought the point is they don't have time to prepare anything?
16:27 dogi jupp silbe
16:27 silbe dogi: or do you mean we have 20 days to think about what the student should prepare after march 8th?
16:28 dogi but we should tell them how they can prepare
16:28 +1 silbe
16:29 #action RIT/CSH/dogi/david create an intruduction site to aslo from the students perspective
16:30 #link http://wiki.sugarlabs.org/go/M[…]ine/Discovery_One
16:31 decause, cdeslandes hope u agree to this ...
16:32 cdeslandes looks good to me, if I find time I'll start testing
16:32 dogi :)
16:33 think that was everything reguarding aslo and rit
16:33 ?
16:34 decause nod
16:34 dogi nod?
16:35 decause nods head twice
16:35 dogi #topic aslo on treehouse
16:35 cdeslandes nod
16:36 dogi bernie started to move the asloVM from housetree back to treehouse
16:37 cause sunjammer had some problems last week
16:38 ping _bernie
16:39 silbe, did we found out what caused the reboots?
16:39 silbe dogi: not that I know of, but I haven't investigated.
16:40 chrowe: have you changed the destination for the reboot mails yet, BTW?
16:40 dogi it looks like ...
16:42 will ask bernie later
16:43 #topic lightwaveVM ldap migration from bender
16:44 right now all our accounts are managed by an ldap
16:44 which runs on a machine only bernie has access to
16:45 thats why bernie and me created lightwave a month ago
16:45 lightwave is right now the master dns
16:45 and silbe asked to take care of this
16:46 _bernie silbe, dogi: sorry, I was afk.  the reboots were caused by a kernel bug
16:46 dogi ups
16:46 silbe dogi: asked to is a bit much. ;)
16:46 _bernie silbe, dogi: two of them, at least. the last one was the fsf restarting to run the new kernel
16:46 they don't seem to be sending announcements to identi.ca :-(
16:46 silbe dogi: I'll definitely need help with it, never used LDAP before.
16:47 dogi no djbclark working there
16:47 _bernie dogi, silbe: regarding lightwave, this is the plan... but I have not moved ldap yet. ldap is still on sunjammer (to which we all have access)
16:48 dogi #action dogi/bernie give silbe access to lightwave
16:48 _bernie dogi, silbe: the dns master is on trinity, to which only I (and develer folks) have access... sorry, I'm too busy here with deployment stuff
16:48 dogi: +1
16:48 dogi #action bernie switch master dns to lightwave
16:48 :P
16:48 _bernie ok I will
16:48 silbe _bernie: do we want to keep using LDAP? or is there something else that fits our needs?
16:49 dogi silbe, first migrate then we look for something else... thats at least my opinion
16:50 silbe dogi: ok, good plan.
16:50 dogi likes ldaps
16:50 _bernie silbe: I did some research. there are many ad hoc systems to distribute accounts or ssh keys, but nothing was as generic and well supported as ldap.
16:50 silbe: as ugly as ldap is, apache barely supports anything else. even kerberos lags behind.
16:50 silbe _bernie: OK. Did we ever find out what our LDAP trouble was?
16:50 dogi +1 _bernie
16:50 _bernie silbe: then there are all the posix-account-only things such as hesiod and nis+...
16:51 silbe: do we have trouble of any kind? it works very reliably.
16:51 silbe _bernie: what's the connection between Apache and LDAP in our case?
16:51 _bernie: I remember well that sudo stopped working intermittently some months ago.
16:52 _bernie silbe: oh, wait.. yes... I remember chasing ldap problems a few months ago, but I thought it was for develer :-)
16:52 silbe: we had a file descriptor leak, iirc.
16:52 dogi that was because ubuntu introduced the sudo group
16:52 not? anyway
16:53 _bernie dogi: ah ok. then the ldap problems were really at develer (which uses fedora 11 with this file descriptor leak bug)
16:53 dogi next topic?
16:53 _bernie, can u give us an update what u did with the asloVMs
16:53 _bernie silbe: apache uses ldap for basic authentication of users (password change dialog, munin, webmail, etc)
16:54 silbe _bernie: we have webmail?
16:54 is puzzled
16:54 dogi lol
16:54 _bernie silbe: (basic auth over ssl of course... it could also be digest, I think)
16:54 silbe: webmail.sugarlabs.org
16:54 silbe: it's roundcube. if you don't want email forwarding and google apps
16:54 silbe oh, Roundcube :-/
16:54 _bernie silbe: we're a serious office in the cloud, eh :-)
16:54 dogi #link http://webmail.sugarlabs.org/
16:55 _bernie silbe: roundcube or squirrelmail, choose your medicine.
16:55 silbe: or courier's webmail shit
16:55 silbe _bernie: competition for Litl? ;)
16:55 _bernie silbe: why, they also have an office in the cloud?
16:56 silbe _bernie: had trouble with any of them (except maybe Courier) - on the other side of the line, that is.
16:56 _bernie damn, everyone wants to move into the cloud, it's going to be crowded.
16:56 dogi :P
16:56 silbe i.e. they sent mails with broken encodings, didn't grok PGP or SMIME mails, don't support Mail-Followup-To, etc.pp. :(
16:56 _bernie: lol!
16:56 dogi #topic new lucid template
16:57 _bernie silbe: the only one that's under very active development and approaching gmail's usability seems to be roundcube. people at develer prefer it to thunderbird.
16:57 silbe _bernie: they sell cloud computers ;)
16:57 _bernie silbe: oh you're right
16:57 dogi #link http://wiki.sugarlabs.org/go/I[…]ual_machine_lucid
16:57 _bernie silbe: I wonder how many they will actually sell.
16:58 dogi: no colored prompt?
16:58 dogi: :-(
16:58 dogi I will clone the template for the buildslave
16:58 soon _bernie
16:58 :)
17:00 _bernie dogi: oh, if you did the devtools thing, I know why it's not working!
17:00 dogi #topic ideaVM and google summer of code
17:00 _bernie dogi: ubuntu likes to reset PS1 somewhere in /etc/profile* or /etc/bashrc*
17:00 dogi ups sorry bernie
17:00 ok
17:01 _bernie dogi: and they also mess with umask (they reset it to 002 which is utterly stupid)
17:01 dogi no they reset it to 022
17:01 _bernie dogi: on template-karmic, you'll find "bernie" comments where I commented out those things
17:01 dogi: yeah, sorry, 022 which is stupid. 002 is smart.
17:01 dogi bingo
17:02 think since u now have access there we will find everything we need to change :)
17:02 silbe _bernie / dogi: do the templates use etckeeper and push their /etc repos somewhere, like we do with the build slaves?
17:03 dogi #action dogi/bernie clone lucid template
17:03 silbe, yes we use etckeeper
17:04 but i dont know if we push the git somewhere
17:04 ... local
17:05 silbe in the long run I'd like to have all configs available in a central location
17:05 dogi +1 silbe
17:05 #link http://idea.sugarlabs.org/
17:06 is knowledge management service for collecting ideas
17:06 like http://brainstorm.ubuntu.com
17:07 walter asked me some time ago to turn this service on again
17:07 #link http://idea.olpcorps.net/drupa[…]soc/latest_ideas/
17:08 would be the place for google summer of code students to commit their ideas
17:09 silbe, _bernie and others ... what do think about this?
17:10 _bernie reads
17:10 silbe dogi: IIRC it was discussed on sugar-devel, but more or less rejected because it would just turn into a pile of junk not monitored by developers.
17:11 dogi: personally I don't care as long as someone else maintains it ;)
17:11 _bernie silbe: good idea (centralizing configs). we already do full backups, though.
17:11 silbe: I'd like to experiment with puppet but $TIME_EXCUSE
17:11 silbe _bernie: that's exactly the reason
17:12 actually both reasons - to use central repos and why I didn't investigate bcfg/puppet/whatever yet
17:12 dogi #action dogi ask adam and melchua reguarding idea and gsoc
17:13 silbe, the nice thing with idea is: you don t need a developer to maintain it
17:14 but you need some help anyway ...
17:14 will ask support-gang ...
17:15 #topic update from develVMs/productionVMs
17:15 silbe dogi: unless I misunderstood the purpose you'll need someone who actually implements the ideas, which usually means a developer.
17:15 _bernie silbe, dogi: I just added a new user:
17:15 system-useradd aks Abhishek Singh abhishek.singh@olenepal.org
17:16 silbe _bernie: never heard that name...
17:16 dogi update on pootle
17:16 dogi> morning unmadindu
17:16 <unmadindu> hello :)
17:16 <dogi> :)
17:16 <dogi> hope everything is fine with pootle ... http://sunjammer.sugarlabs.org[…]s.org-memory.html
17:16 * chrowe has quit (Quit: chrowe)
17:16 <dogi> an other GB of pootle?
17:16 <dogi> unmadindu, what do u think?
17:17 * dogi is maybe thinking too much :P
17:17 <unmadindu> dogi: I think I'll fiddle with the pootle settings a bit before taking a look at memory increase
17:17 <dogi> thx :)
17:17 <dogi> I like this word "fiddle"
17:17 <unmadindu> :D
17:17 update on meeting
17:18 did some changes there
17:18 the main change is that after endmeeting the hole link to the log is posted
17:19 #topic access fairy
17:19 silbe dogi: does it recognize #action / #link issued by a non-chair nick?
17:20 dogi think not but I know were to fix this ...
17:20 _bernie> silbe, dogi: I just added a new user:
17:20 <_bernie> system-useradd aks Abhishek Singh abhishek.singh@olenepal.org
17:21 silbe dogi: that would be appreciated
17:21 dogi _bernie, +1 for the new account
17:22 somebody else wants an access to services of sugarlabs/olpcorps?
17:22 ups does
17:23 I hope _bernie and you silbe agree to this kind of voting for new users?
17:24 it is good for the transparency ...
17:24 silbe what access does system-useradd imply?
17:24 _bernie dogi, silbe: I reworked the account request page: http://wiki.sugarlabs.org/go/S[…]l_account_request
17:24 silbe i.e. do we need voting at all?
17:25 _bernie silbe: aks works at olenepal. he sent the first formal account request in our history :)
17:25 dogi silbe more publishing then voting
17:26 _bernie, :)
17:26 _bernie dogi: lfaraone wanted a test vm on which he could install launchpad
17:26 dogi uuuhhh
17:26 forgot
17:26 sure
17:26 silbe how about seconding on IRC + CCing systems@ on the reply email?
17:26 _bernie dogi: if you'd like to use housetree, I don't think he requires a public IPv4.
17:26 dogi #topic launchpadVM
17:26 lfaraone _bernie: and a RT VM :)
17:26 _bernie silbe: root
17:27 silbe: for system-useradd
17:27 silbe: at this time, this is on sunjammer. in the future, I guess it will have to be on lightwave
17:27 silbe _bernie: no, I mean what kind of access does a user added with system-useradd get?
17:27 dogi for me is more the question who will setup the VM ... you bernie?
17:27 _bernie silbe: I'd like lightwave to be our sancta-sanctorum, with only 2-3 operators (namely dogi, you and me)
17:27 silbe what can (s)he break?
17:28 _bernie silbe: oh, no groups at all. there's a system-groupadd too
17:28 silbe: those commands I wrote myself many years ago. they're just stuppid shell wrappers around ldap commands.
17:29 silbe: have a look
17:29 dogi lfaraone, next time i forget something in the agenda feel free to add urself there :P
17:29 silbe _bernie: so no access at all? or is there a default set (e.g. webmail, shell on sunjammer, ...) everybody has access to?
17:29 _bernie silbe: in theory, with no groups, a user shouldn't be able to touch anything outside their home. if it's not so, then we have a security bug.
17:29 silbe _bernie: I already gave it a quick look today (even invoked ldapvi), but am still missing some overview
17:29 _bernie silbe: oh yeah. they get webmail and munin, I think.
17:30 silbe _bernie: so they can churn CPU/memory and fill up disk. Is there quota in place?
17:31 _bernie silbe: if you do "grep access.conf /etc/apached
17:31 oops
17:31 silbe (trying to assess the risk of giving random people an account)
17:31 _bernie grep access.conf /etc/apache2/sites-enabled/*
17:31 silbe: this will show all places where we authenticate users against their ldap account
17:33 dogi lfaraone, I can give you one VM this week and the other after i see a progress... tell which one you like to have first?
17:33 _bernie silbe: usually, I do "Require group staff" to exclude friends accounts, but in the case of sugarlabs all accounts have same access to web services.
17:33 silbe _bernie: interesting, thanks!
17:34 lfaraone _bernie: which is more important, lp or rt?
17:34 dogi rt?
17:34 _bernie silbe: as we add multiple web servers etc, ldap becomes crucial. this is why, as horrible as it is, you can't live without over a certain size.
17:34 lfaraone: rt... hmmm... I'm not sure I'd want rt until I have 2-3 people volunteering to do the account requests
17:34 lfaraone: it's not a tools issue, it's a staffing issue :-)
17:35 silbe _bernie: I take your word for that. Would have used passwd replication myself probably. :)
17:35 _bernie silbe: does not work any more with apache and modern distros. passwords are crypted with different algos now :-(
17:36 silbe _bernie: great :-/
17:36 _bernie silbe: to be honest, our ldap just stores sha1... it should do multiple hashes (since they're not readable anyway)
17:36 silbe at least not md5 ;)
17:37 dogi #action dogi create faraoneVM
17:37 _bernie silbe: believe me, I tried hard to get rid of ldap for enterprise account management 'cause I hated it so much.
17:37 silbe so ldap it will be. going to get interesting how to store and distribute the ssh key using LDAP...
17:37 dogi lfaraone, so u can decide later :)
17:37 _bernie silbe: there's an ssh patch for this and an ldap schema to store the keys
17:37 dogi ok?
17:38 _bernie silbe: osuosl uses it
17:38 dogi: yoshi!
17:38 silbe _bernie: Interesting. But I guess it's not in the distros, which would be no-go for me (OpenSSH has way to many security flaws / updates).
17:38 dogi lfaraone, ?
17:38 silbe _bernie: and I remember periodically patching OpenSSH for AFS support to be a major PITA
17:39 _bernie silbe: yep :-(
17:39 dogi #topic other
17:39 _bernie silbe: monkeysphere is also not packaged everywhere yet
17:39 dogi endmeeting?
17:39 lfaraone dogi: works for me.
17:39 silbe _bernie: as long as it doesn't need updates often that's more or less fine
17:39 dogi :)
17:40 silbe dogi: you can't finish yet, it's still tuesday here :-P
17:40 dogi #endmeeting

Index | Today     Channels | Search | Join

Powered by ilbot/Modified.