jcpunk / centos / centos.org

Forked from centos/centos.org 9 days ago
Clone
Blob Blame History Raw
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
<title>#centos-devel log</title>
<style type="text/css">
/* For the .log.html */
pre { /*line-height: 125%;*/
      white-space: pre-wrap; }
body { background: #f0f0f0; }

body .tm  { color: #007020 }                      /* time */
body .nk  { color: #062873; font-weight: bold }   /* nick, regular */
body .nka { color: #007020; font-weight: bold }  /* action nick */
body .ac  { color: #00A000 }                      /* action line */
body .hi  { color: #4070a0 }                 /* hilights */
/* Things to make particular MeetBot commands stick out */
body .topic     { color: #007020; font-weight: bold }
body .topicline { color: #000080; font-weight: bold }
body .cmd       { color: #007020; font-weight: bold }
body .cmdline  { font-weight: bold }

</style>
</head>

<body>
<pre><a name="l-1"></a><span class="tm">13:02:39</span><span class="nk"> &lt;bstinson&gt;</span> <span class="cmd">#startmeeting </span><span class="cmdline">cbs/infra</span>
<a name="l-2"></a><span class="tm">13:02:39</span><span class="nk"> &lt;centbot&gt;</span> Meeting started Mon Sep 22 13:02:39 2014 UTC.  The chair is bstinson. Information about MeetBot at http://wiki.debian.org/MeetBot.
<a name="l-3"></a><span class="tm">13:02:39</span><span class="nk"> &lt;centbot&gt;</span> Useful Commands: #action #agreed #help #info #idea #link #topic.
<a name="l-4"></a><span class="tm">13:02:42</span><span class="nk"> &lt;kbsingh&gt;</span> ok, check if you can get to the trello board - both you and alphacc are added there.
<a name="l-5"></a><span class="tm">13:02:50</span><span class="nk"> &lt;kbsingh&gt;</span> https://trello.com/b/CKGGvcKU/cbs-centos-org is the url to the board
<a name="l-6"></a><span class="tm">13:03:03</span><span class="nk"> &lt;bstinson&gt;</span> <span class="topic">#topic </span><span class="topicline">Greetings / Who's Here?</span>
<a name="l-7"></a><span class="tm">13:03:03</span><span class="nk"> &lt;alphacc&gt;</span> <span class="hi">kbsingh:</span> works for me
<a name="l-8"></a><span class="tm">13:03:07</span><span class="nk"> &lt;bstinson&gt;</span> looks like i'm in
<a name="l-9"></a><span class="tm">13:03:09</span><span class="nk"> &lt;MerlinTHP&gt;</span> Hello!
<a name="l-10"></a><span class="tm">13:03:09 </span><span class="nka">* quaid</span> <span class="ac">is here</span>
<a name="l-11"></a><span class="tm">13:03:14</span><span class="nk"> &lt;kbsingh&gt;</span> I'm here as well
<a name="l-12"></a><span class="tm">13:03:21 </span><span class="nka">* Arrfab</span> <span class="ac">echoes "me too"</span>
<a name="l-13"></a><span class="tm">13:03:44</span><span class="nk"> &lt;bstinson&gt;</span> <span class="cmd">#chair </span><span class="cmdline">kbsingh quaid alphacc MerlinTHP Arrfab Evolution</span>
<a name="l-14"></a><span class="tm">13:03:44</span><span class="nk"> &lt;centbot&gt;</span> Current chairs: Arrfab Evolution MerlinTHP alphacc bstinson kbsingh quaid
<a name="l-15"></a><span class="tm">13:03:54 </span><span class="nka">* wolfy</span> <span class="ac">lurks</span>
<a name="l-16"></a><span class="tm">13:04:21</span><span class="nk"> &lt;bstinson&gt;</span> <span class="topic">#topic </span><span class="topicline">Agenda</span>
<a name="l-17"></a><span class="tm">13:04:24</span><span class="nk"> &lt;bstinson&gt;</span> <span class="cmd">#info </span><span class="cmdline">FAS/IPA Testing - Short Status Update</span>
<a name="l-18"></a><span class="tm">13:04:28</span><span class="nk"> &lt;bstinson&gt;</span> <span class="cmd">#info </span><span class="cmdline">Centpkg Progress - Short Status Update</span>
<a name="l-19"></a><span class="tm">13:04:32</span><span class="nk"> &lt;bstinson&gt;</span> <span class="cmd">#info </span><span class="cmdline">Blocker List</span>
<a name="l-20"></a><span class="tm">13:04:35</span><span class="nk"> &lt;bstinson&gt;</span> <span class="cmd">#info </span><span class="cmdline">Brainstorming SIG Branch and Build Target Names</span>
<a name="l-21"></a><span class="tm">13:04:41</span><span class="nk"> &lt;bstinson&gt;</span> <span class="cmd">#info </span><span class="cmdline">Open Floor</span>
<a name="l-22"></a><span class="tm">13:05:00</span><span class="nk"> &lt;mikem&gt;</span> good morning
<a name="l-23"></a><span class="tm">13:05:09</span><span class="nk"> &lt;jitseklomp&gt;</span> Hi
<a name="l-24"></a><span class="tm">13:05:19</span><span class="nk"> &lt;bstinson&gt;</span> hi folks!
<a name="l-25"></a><span class="tm">13:05:28</span><span class="nk"> &lt;bstinson&gt;</span> <span class="topic">#topic </span><span class="topicline">FAS/IPA Testing</span>
<a name="l-26"></a><span class="tm">13:05:47</span><span class="nk"> &lt;MerlinTHP&gt;</span> FAS folks first ;)
<a name="l-27"></a><span class="tm">13:06:20</span><span class="nk"> &lt;bstinson&gt;</span> It sounds like Arrfab has started on some VMs for this project
<a name="l-28"></a><span class="tm">13:06:27 </span><span class="nka">* MerlinTHP</span> <span class="ac">nods</span>
<a name="l-29"></a><span class="tm">13:06:27</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#info </span><span class="cmdline">Infra team provisioned three VMs last week to use for FAS &amp; IPA testing</span>
<a name="l-30"></a><span class="tm">13:06:39</span><span class="nk"> &lt;MerlinTHP&gt;</span> I've got access to the VM for IPA testing
<a name="l-31"></a><span class="tm">13:06:43</span><span class="nk"> &lt;Arrfab&gt;</span> <span class="hi">bstinson:</span> yes and quaid got account/sudo on those VMs
<a name="l-32"></a><span class="tm">13:07:02</span><span class="nk"> &lt;quaid&gt;</span> <span class="hi">Arrfab:</span> is one of them the one MerlinTHP has
<a name="l-33"></a><span class="tm">13:07:02</span><span class="nk"> &lt;quaid&gt;</span> ?
<a name="l-34"></a><span class="tm">13:07:18</span><span class="nk"> &lt;kbsingh&gt;</span> no, MerlinTHP's setup is in rackspace
<a name="l-35"></a><span class="tm">13:07:18</span><span class="nk"> &lt;Arrfab&gt;</span> <span class="hi">quaid:</span> no, a different one, running c7 for his IPA test
<a name="l-36"></a><span class="tm">13:07:35</span><span class="nk"> &lt;quaid&gt;</span> great
<a name="l-37"></a><span class="tm">13:08:08</span><span class="nk"> &lt;bstinson&gt;</span> great! is there anything the testing teams need going forward?
<a name="l-38"></a><span class="tm">13:08:17</span><span class="nk"> &lt;quaid&gt;</span> we need then a bit of requirements of what to test for
<a name="l-39"></a><span class="tm">13:09:04</span><span class="nk"> &lt;kbsingh&gt;</span> <span class="hi">quaid:</span> does the centos-devel thread give you all you need for scope ?
<a name="l-40"></a><span class="tm">13:09:10</span><span class="nk"> &lt;MerlinTHP&gt;</span> Evolution listed a few requirements on the mailing list for what we need the account system to do (self-service account creation, self-management for SIGs, etc).  IPA is missing a bunch of that stuff.
<a name="l-41"></a><span class="tm">13:09:21</span><span class="nk"> &lt;quaid&gt;</span> and just to interact with anyone who can help with tie-in to Koji
<a name="l-42"></a><span class="tm">13:09:34</span><span class="nk"> &lt;MerlinTHP&gt;</span> However, I've started writing a PoC web front end for IPA to do self-service.
<a name="l-43"></a><span class="tm">13:09:51</span><span class="nk"> &lt;quaid&gt;</span> <span class="hi">kbsingh:</span> I think so, can easily work up a wiki page on that
<a name="l-44"></a><span class="tm">13:09:58</span><span class="nk"> &lt;MerlinTHP&gt;</span> ( thus far users can sign up their own accounts )
<a name="l-45"></a><span class="tm">13:10:06</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#info </span><span class="cmdline">can use the mailing list discussion to get requirements</span>
<a name="l-46"></a><span class="tm">13:10:39</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#action </span><span class="cmdline">quaid can write-up the requirements in to a wiki page to reference</span>
<a name="l-47"></a><span class="tm">13:10:54</span><span class="nk"> &lt;alphacc&gt;</span> <span class="hi">quaid:</span> contact me if you need info on koji during your tests.
<a name="l-48"></a><span class="tm">13:11:35</span><span class="nk"> &lt;quaid&gt;</span> <span class="hi">MerlinTHP:</span> that's great! do you have the contacts you need with FreeIPA folks for that front end work?
<a name="l-49"></a><span class="tm">13:11:41</span><span class="nk"> &lt;Evolution&gt;</span> I'm assuming both ipa or fas would require a rekey of koji to test the ssl bits.
<a name="l-50"></a><span class="tm">13:11:53</span><span class="nk"> &lt;alphacc&gt;</span> <span class="hi">Evolution:</span> correct
<a name="l-51"></a><span class="tm">13:11:54</span><span class="nk"> &lt;quaid&gt;</span> <span class="hi">alphacc:</span> thanks
<a name="l-52"></a><span class="tm">13:11:55</span><span class="nk"> &lt;Evolution&gt;</span> would a second koji instance simply for ssl testing be in order?
<a name="l-53"></a><span class="tm">13:11:58</span><span class="nk"> &lt;MerlinTHP&gt;</span> <span class="hi">Evolution:</span> IPA would, certainly.
<a name="l-54"></a><span class="tm">13:12:13</span><span class="nk"> &lt;MerlinTHP&gt;</span> <span class="hi">quaid:</span> yeah, I already hang out in #freeipa ;)
<a name="l-55"></a><span class="tm">13:12:17</span><span class="nk"> &lt;Evolution&gt;</span> (once we get to that stage)
<a name="l-56"></a><span class="tm">13:12:42</span><span class="nk"> &lt;MerlinTHP&gt;</span> I'm planning to have the test IPA instance up with the front-end to poke at a bit later this week
<a name="l-57"></a><span class="tm">13:12:44</span><span class="nk"> &lt;quaid&gt;</span> <span class="hi">Evolution:</span> might be easier than messing with the running instance
<a name="l-58"></a><span class="tm">13:13:17</span><span class="nk"> &lt;quaid&gt;</span> similarly, I plan to have the basic FAS in place, and will rely upon smooge to help me get it further for actual testing
<a name="l-59"></a><span class="tm">13:13:31</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#idea </span><span class="cmdline">should we have a second koji for ease of SSL testing, etc.?</span>
<a name="l-60"></a><span class="tm">13:14:10</span><span class="nk"> &lt;kbsingh&gt;</span> there is a git.dev.centos.org that is already online - for testing scope on that side
<a name="l-61"></a><span class="tm">13:15:01</span><span class="nk"> &lt;bstinson&gt;</span> fantastic! it sounds like we're making progress
<a name="l-62"></a><span class="tm">13:15:10</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#ingo </span><span class="cmdline">git.dev.centos.org can be used for testing git connection</span>
<a name="l-63"></a><span class="tm">13:15:18</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#info </span><span class="cmdline">git.dev.centos.org can be used for testing git connection</span>
<a name="l-64"></a><span class="tm">13:15:21</span><span class="nk"> &lt;MerlinTHP&gt;</span> :)
<a name="l-65"></a><span class="tm">13:15:45</span><span class="nk"> &lt;quaid&gt;</span> that's all I've got right now, I think
<a name="l-66"></a><span class="tm">13:16:04</span><span class="nk"> &lt;kbsingh&gt;</span> dev.git.centos.org :)
<a name="l-67"></a><span class="tm">13:16:32</span><span class="nk"> &lt;MerlinTHP&gt;</span> In the course of doing research for the lookaside upload script, I've come to the conclusion that it'd help if the CA had an OCSP responder, and the host running the upload script was running apache 2.4 (so c7)
<a name="l-68"></a><span class="tm">13:17:06</span><span class="nk"> &lt;MerlinTHP&gt;</span> apache supports CRLs for certificate revocation, but you need to restart it every time you change the CRL file
<a name="l-69"></a><span class="tm">13:17:20</span><span class="nk"> &lt;kbsingh&gt;</span> we can run either c7 or c6 on the lookaside machine..
<a name="l-70"></a><span class="tm">13:17:53</span><span class="nk"> &lt;MerlinTHP&gt;</span> Whereas apache 2.4's OCSP support means it always goes ask the CA, so certificate revocations are instantly live.
<a name="l-71"></a><span class="tm">13:18:14</span><span class="nk"> &lt;MerlinTHP&gt;</span> Just a thought.
<a name="l-72"></a><span class="tm">13:18:18</span><span class="nk"> &lt;quaid&gt;</span> .undo
<a name="l-73"></a><span class="tm">13:18:27</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#info </span><span class="cmdline">dev.git.centos.org can be used for testing git connection</span>
<a name="l-74"></a><span class="tm">13:18:31</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#undo</span><span class="cmdline"></span>
<a name="l-75"></a><span class="tm">13:18:31</span><span class="nk"> &lt;centbot&gt;</span> Removing item from minutes: INFO by quaid at 13:18:27 : dev.git.centos.org can be used for testing git connection
<a name="l-76"></a><span class="tm">13:18:32</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#undo</span><span class="cmdline"></span>
<a name="l-77"></a><span class="tm">13:18:32</span><span class="nk"> &lt;centbot&gt;</span> Removing item from minutes: INFO by quaid at 13:15:18 : git.dev.centos.org can be used for testing git connection
<a name="l-78"></a><span class="tm">13:18:38</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#info </span><span class="cmdline">dev.git.centos.org can be used for testing git connection</span>
<a name="l-79"></a><span class="tm">13:19:11</span><span class="nk"> &lt;bstinson&gt;</span> ok, anything else before I move along?
<a name="l-80"></a><span class="tm">13:19:16</span><span class="nk"> &lt;MerlinTHP&gt;</span> Nothing from me
<a name="l-81"></a><span class="tm">13:19:29</span><span class="nk"> &lt;bstinson&gt;</span> thanks for researching the lookaside MerlinTHP
<a name="l-82"></a><span class="tm">13:19:39</span><span class="nk"> &lt;MerlinTHP&gt;</span> np
<a name="l-83"></a><span class="tm">13:19:50</span><span class="nk"> &lt;MerlinTHP&gt;</span> tbh, I spent more time on the IPA stuff...
<a name="l-84"></a><span class="tm">13:20:00</span><span class="nk"> &lt;bstinson&gt;</span> <span class="topic">#topic </span><span class="topicline">Centpkg Progress</span>
<a name="l-85"></a><span class="tm">13:20:38</span><span class="nk"> &lt;bstinson&gt;</span> ok this will be very short, I have Centpkg reading in user certs and i've been able to kick off koji builds
<a name="l-86"></a><span class="tm">13:20:45</span><span class="nk"> &lt;MerlinTHP&gt;</span> \o/
<a name="l-87"></a><span class="tm">13:20:52</span><span class="nk"> &lt;MerlinTHP&gt;</span> Oh, one thought
<a name="l-88"></a><span class="tm">13:21:06</span><span class="nk"> &lt;MerlinTHP&gt;</span> Currently, git branch to koji target is hard-coded
<a name="l-89"></a><span class="tm">13:21:16</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#info </span><span class="cmdline">centpkg is reading in user certs and is able to kick off koji builds</span>
<a name="l-90"></a><span class="tm">13:21:16</span><span class="nk"> &lt;MerlinTHP&gt;</span> I've thought for a while that it probably should be a config file
<a name="l-91"></a><span class="tm">13:21:17</span><span class="nk"> &lt;bstinson&gt;</span> i need to see if we can make it easer for centpkg to co-exist with fedpkg and its cousins
<a name="l-92"></a><span class="tm">13:21:38</span><span class="nk"> &lt;MerlinTHP&gt;</span> Does that sound like a sensible idea?
<a name="l-93"></a><span class="tm">13:21:40</span><span class="nk"> &lt;kbsingh&gt;</span> <span class="hi">bstinson:</span> can it pull from and do some level of mangling of git.centos.org hosted repos
<a name="l-94"></a><span class="tm">13:21:47</span><span class="nk"> &lt;MerlinTHP&gt;</span> I can work with you on it, bstinson
<a name="l-95"></a><span class="tm">13:21:53</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#idea </span><span class="cmdline">put git branch to koji target in a config file instead of being hard-coded</span>
<a name="l-96"></a><span class="tm">13:22:05</span><span class="nk"> &lt;kbsingh&gt;</span> <span class="hi">MerlinTHP:</span> we likely need a wider convo on git branch naming, i believe its in the schedule for later in the meeting
<a name="l-97"></a><span class="tm">13:22:25</span><span class="nk"> &lt;bstinson&gt;</span> <span class="hi">kbsingh:</span> yes it can pull (and push when we work out cert auth)
<a name="l-98"></a><span class="tm">13:22:33</span><span class="nk"> &lt;MerlinTHP&gt;</span> This is a bit orthagonal to that, imo
<a name="l-99"></a><span class="tm">13:22:40</span><span class="nk"> &lt;Evolution&gt;</span> so long as we can tie koji naming into that as well.. (bananas?)
<a name="l-100"></a><span class="tm">13:23:23</span><span class="nk"> &lt;bstinson&gt;</span> <span class="hi">MerlinTHP:</span> let's get together soon to talk about what you're thinking
<a name="l-101"></a><span class="tm">13:23:32</span><span class="nk"> &lt;MerlinTHP&gt;</span> Sure thing
<a name="l-102"></a><span class="tm">13:23:32</span><span class="nk"> &lt;kbsingh&gt;</span> what people can commit to - is tied into the targets they can consume in koji, but they should be able to ready from anywhere and build to the places they have acls to
<a name="l-103"></a><span class="tm">13:23:56</span><span class="nk"> &lt;kbsingh&gt;</span> tagging might have a role to play in here as well
<a name="l-104"></a><span class="tm">13:24:10</span><span class="nk"> &lt;alphacc&gt;</span> for semantic build=tag. policy work on tagging operation.
<a name="l-105"></a><span class="tm">13:25:08</span><span class="nk"> &lt;kbsingh&gt;</span> ok
<a name="l-106"></a><span class="tm">13:25:15</span><span class="nk"> &lt;bstinson&gt;</span> <span class="cmd">#action </span><span class="cmdline">bstinson will clean up his commits and send centpkg patches to the mailing list</span>
<a name="l-107"></a><span class="tm">13:25:31</span><span class="nk"> &lt;kbsingh&gt;</span> are we going to put this into a rpm ?
<a name="l-108"></a><span class="tm">13:25:37</span><span class="nk"> &lt;alphacc&gt;</span> I investigated the policy side and the easiest way now is to have a flat file and generate a policy. sig:user1,user2 and sig-admins:user1,user2
<a name="l-109"></a><span class="tm">13:25:58</span><span class="nk"> &lt;bstinson&gt;</span> <span class="hi">kbsingh:</span> i have a copr out there right now
<a name="l-110"></a><span class="tm">13:26:13</span><span class="nk"> &lt;kbsingh&gt;</span> we should have a more official process for this
<a name="l-111"></a><span class="tm">13:26:17</span><span class="nk"> &lt;kbsingh&gt;</span> maybe into centos-extras
<a name="l-112"></a><span class="tm">13:26:32</span><span class="nk"> &lt;kbsingh&gt;</span> but ok, lets do that as a second iteration
<a name="l-113"></a><span class="tm">13:26:54</span><span class="nk"> &lt;quaid&gt;</span> <span class="hi">bstinson:</span> what's the copr URL? (for the record)
<a name="l-114"></a><span class="tm">13:27:13</span><span class="nk"> &lt;bstinson&gt;</span> http://copr.fedoraproject.org/coprs/bstinson/Centpkg/
<a name="l-115"></a><span class="tm">13:27:33</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#idea </span><span class="cmdline">have centpkg eventually live in e.g. CentOS Extras</span>
<a name="l-116"></a><span class="tm">13:27:56</span><span class="nk"> &lt;MerlinTHP&gt;</span> That sounds sensible.
<a name="l-117"></a><span class="tm">13:28:11</span><span class="nk"> &lt;MerlinTHP&gt;</span> We'll have to decide where rpkg lives, though.
<a name="l-118"></a><span class="tm">13:28:17</span><span class="nk"> &lt;kbsingh&gt;</span> same place
<a name="l-119"></a><span class="tm">13:28:26</span><span class="nk"> &lt;MerlinTHP&gt;</span> rpkg is in EPEL, though
<a name="l-120"></a><span class="tm">13:28:32</span><span class="nk"> &lt;kbsingh&gt;</span> thats ok, were not relying on epel for now
<a name="l-121"></a><span class="tm">13:28:38</span><span class="nk"> &lt;MerlinTHP&gt;</span> ( that's just a note, not an objection )
<a name="l-122"></a><span class="tm">13:28:43 </span><span class="nka">* MerlinTHP</span> <span class="ac">nods</span>
<a name="l-123"></a><span class="tm">13:28:45</span><span class="nk"> &lt;MerlinTHP&gt;</span> Fair enough
<a name="l-124"></a><span class="tm">13:29:02</span><span class="nk"> &lt;kbsingh&gt;</span> anything in epel that we need - for now , we pull into local builds - longer term this is going to need a whole lot of conversation and attention :)
<a name="l-125"></a><span class="tm">13:29:09</span><span class="nk"> &lt;MerlinTHP&gt;</span> Mm
<a name="l-126"></a><span class="tm">13:29:54</span><span class="nk"> &lt;MerlinTHP&gt;</span> OK, centpkg looks to be cracking on
<a name="l-127"></a><span class="tm">13:29:59</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#info </span><span class="cmdline">not currently relying upon EPEL directly, anything needed gets pulled in to local build, e.g. rpkg</span>
<a name="l-128"></a><span class="tm">13:30:20</span><span class="nk"> &lt;Evolution&gt;</span> our interactions with epel will need to be a separate mailing list discussion or meeting here.
<a name="l-129"></a><span class="tm">13:30:31</span><span class="nk"> &lt;Evolution&gt;</span> that needs to happen semi-soon anyway to start getting expectations
<a name="l-130"></a><span class="tm">13:30:41</span><span class="nk"> &lt;Evolution&gt;</span> but I don't want to hijack this meeting for that
<a name="l-131"></a><span class="tm">13:31:00</span><span class="nk"> &lt;kbsingh&gt;</span> yeah
<a name="l-132"></a><span class="tm">13:31:14 </span><span class="nka">* MerlinTHP</span> <span class="ac">pushes Evolution back down into his box</span>
<a name="l-133"></a><span class="tm">13:31:42</span><span class="nk"> &lt;bstinson&gt;</span> ok, let's keep moving
<a name="l-134"></a><span class="tm">13:31:44</span><span class="nk"> &lt;bstinson&gt;</span> <span class="topic">#topic </span><span class="topicline">Blocker List</span>
<a name="l-135"></a><span class="tm">13:32:23</span><span class="nk"> &lt;alphacc&gt;</span> <span class="cmd">#info </span><span class="cmdline">integrate upstream patch in koji to support git.c.o</span>
<a name="l-136"></a><span class="tm">13:32:50</span><span class="nk"> &lt;kbsingh&gt;</span> ok, so what is the blocker list.. maybe we should first define what it is that is being blocked
<a name="l-137"></a><span class="tm">13:32:56</span><span class="nk"> &lt;alphacc&gt;</span> I have the RPMs ready.
<a name="l-138"></a><span class="tm">13:33:18</span><span class="nk"> &lt;alphacc&gt;</span> I will rebuild them in koji, and push it to infrastrcuture6 tag.
<a name="l-139"></a><span class="tm">13:33:32</span><span class="nk"> &lt;kbsingh&gt;</span> ok, so thats about 50% of the blocker problem fixed right ? if people can use centpkg to request builds from git.centos.org delivered into a target at cbs.centos.org
<a name="l-140"></a><span class="tm">13:33:53</span><span class="nk"> &lt;kbsingh&gt;</span> <span class="hi">bstinson:</span> once alphacc does his piece of work would that be possible ?
<a name="l-141"></a><span class="tm">13:35:36</span><span class="nk"> &lt;bstinson&gt;</span> should be
<a name="l-142"></a><span class="tm">13:35:52</span><span class="nk"> &lt;alphacc&gt;</span> <span class="cmd">#action </span><span class="cmdline">Build CentOS koji rpms and install them (server-side).</span>
<a name="l-143"></a><span class="tm">13:36:21</span><span class="nk"> &lt;bstinson&gt;</span> right now, i've just been kicking off builds using --srpm which creates an intermediate src rpm and uploads it for building
<a name="l-144"></a><span class="tm">13:37:08</span><span class="nk"> &lt;bstinson&gt;</span> <span class="hi">alphacc:</span> does the patch need any extra voices on the mailing lists?
<a name="l-145"></a><span class="tm">13:37:58</span><span class="nk"> &lt;alphacc&gt;</span> <span class="hi">bstinson:</span> I think we decided that we will have our own koji rpms, so no, just more testing.
<a name="l-146"></a><span class="tm">13:38:30</span><span class="nk"> &lt;bstinson&gt;</span> ok great
<a name="l-147"></a><span class="tm">13:39:10</span><span class="nk"> &lt;kbsingh&gt;</span> its been upstreamed as well right ? just not in a release
<a name="l-148"></a><span class="tm">13:39:21</span><span class="nk"> &lt;kbsingh&gt;</span> if they reject the patch upstream then we've got something to think about
<a name="l-149"></a><span class="tm">13:39:28</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#agreed </span><span class="cmdline">Project will carry own koji RPMs to carry our own patches etc.</span>
<a name="l-150"></a><span class="tm">13:39:51</span><span class="nk"> &lt;alphacc&gt;</span> mikem proposed the patch, but I don't think it is in master yet.
<a name="l-151"></a><span class="tm">13:40:39</span><span class="nk"> &lt;mikem&gt;</span> alphacc, which patch was that?
<a name="l-152"></a><span class="tm">13:41:32</span><span class="nk"> &lt;alphacc&gt;</span> <span class="hi">mikem:</span> koji-rpm-source-layout
<a name="l-153"></a><span class="tm">13:41:33</span><span class="nk"> &lt;mikem&gt;</span> "Support rpm source layout (SPECS and SOURCES dirs) when building srpms from source control."?  That's in upstream git
<a name="l-154"></a><span class="tm">13:42:07</span><span class="nk"> &lt;alphacc&gt;</span> ok great I missed it.
<a name="l-155"></a><span class="tm">13:42:56</span><span class="nk"> &lt;bstinson&gt;</span> ok, is anyone else have a component blocked on something?
<a name="l-156"></a><span class="tm">13:42:59</span><span class="nk"> &lt;kbsingh&gt;</span> so thats a good sign that were ok to carry it
<a name="l-157"></a><span class="tm">13:43:11</span><span class="nk"> &lt;bstinson&gt;</span> s/is/does/
<a name="l-158"></a><span class="tm">13:43:14</span><span class="nk"> &lt;kbsingh&gt;</span> the second half of the issue is auth into git.centos.org
<a name="l-159"></a><span class="tm">13:43:37</span><span class="nk"> &lt;kbsingh&gt;</span> i can import content in, and give people access based in login names, but its going to be https http_basic auth
<a name="l-160"></a><span class="tm">13:43:44</span><span class="nk"> &lt;kbsingh&gt;</span> works now, works for a few people, wont scale
<a name="l-161"></a><span class="tm">13:44:03</span><span class="nk"> &lt;kbsingh&gt;</span> and how much of a problem might we be creating for ipa folks to import this into their setup later ?
<a name="l-162"></a><span class="tm">13:44:55</span><span class="nk"> &lt;Evolution&gt;</span> <span class="hi">kbsingh:</span> bringing existing users over, or doing http auth?
<a name="l-163"></a><span class="tm">13:45:01</span><span class="nk"> &lt;alphacc&gt;</span> <span class="hi">kbsingh:</span> the forseen solution would be ssh-keys ?
<a name="l-164"></a><span class="tm">13:45:51</span><span class="nk"> &lt;MerlinTHP&gt;</span> If we go the IPA route, it'll just be a matter of converting ACLs into group memberships (or another LDAP attribute, if we go a more customised route for IPA)
<a name="l-165"></a><span class="tm">13:46:03</span><span class="nk"> &lt;kbsingh&gt;</span> <span class="hi">Evolution:</span> either/neither - i presume this will be just using CA keys, shared with koji longer term
<a name="l-166"></a><span class="tm">13:46:30 </span><span class="nka">* quaid</span> <span class="ac">doesn't know yet of any hassles moving to FAS from http auth</span>
<a name="l-167"></a><span class="tm">13:46:35</span><span class="nk"> &lt;kbsingh&gt;</span> <span class="hi">alphacc:</span> cant do sshkeys, the commits need to be over https to use the user&lt;-&gt;branch mapping, since the commit needs to be 'intercepted' by code that can make that decision easily
<a name="l-168"></a><span class="tm">13:47:16</span><span class="nk"> &lt;bstinson&gt;</span> <span class="hi">kbsingh:</span> is that live on dev.git.c.o?
<a name="l-169"></a><span class="tm">13:47:27</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#info </span><span class="cmdline">can't use sshkeys for auth for git, needs to go over https for code pathway</span>
<a name="l-170"></a><span class="tm">13:47:44</span><span class="nk"> &lt;kbsingh&gt;</span> we could likely write something that does some sanity testing and checks keyname and works out group name and then looks at branch name etc, but the problem with that is still that folks can push at once - multiple branches
<a name="l-171"></a><span class="tm">13:48:06</span><span class="nk"> &lt;kbsingh&gt;</span> <span class="hi">bstinson:</span> it can be fairly easily.
<a name="l-172"></a><span class="tm">13:48:40</span><span class="nk"> &lt;kbsingh&gt;</span> <span class="hi">bstinson:</span> its live at git.centos.org
<a name="l-173"></a><span class="tm">13:48:45</span><span class="nk"> &lt;bstinson&gt;</span> i'd like to poke at it from the client side whenever it's ready
<a name="l-174"></a><span class="tm">13:48:59</span><span class="nk"> &lt;kbsingh&gt;</span> the user -&gt; branch mapping ?
<a name="l-175"></a><span class="tm">13:49:28</span><span class="nk"> &lt;bstinson&gt;</span> the auth component
<a name="l-176"></a><span class="tm">13:50:20</span><span class="nk"> &lt;kbsingh&gt;</span> ok, i dont get what you want to poke at
<a name="l-177"></a><span class="tm">13:50:45</span><span class="nk"> &lt;kbsingh&gt;</span> the only way to commit to git.centos.org is over https, unless its the upstream buildservices, that can use a privileged path
<a name="l-178"></a><span class="tm">13:51:56</span><span class="nk"> &lt;bstinson&gt;</span> right, rpkg does all the committing over ssh so centpkg will need a few tweaks
<a name="l-179"></a><span class="tm">13:52:46</span><span class="nk"> &lt;kbsingh&gt;</span> ok
<a name="l-180"></a><span class="tm">13:53:01</span><span class="nk"> &lt;kbsingh&gt;</span> technically it should just be a case of using a different git remote url
<a name="l-181"></a><span class="tm">13:53:44</span><span class="nk"> &lt;kbsingh&gt;</span> iirc, there is a centpkg.git in git.centos.org's root git's
<a name="l-182"></a><span class="tm">13:53:47</span><span class="nk"> &lt;MerlinTHP&gt;</span> I suspect it'd work just by changing the git URL in the config file
<a name="l-183"></a><span class="tm">13:53:50</span><span class="nk"> &lt;kbsingh&gt;</span> isnt that how this works as well
<a name="l-184"></a><span class="tm">13:54:07</span><span class="nk"> &lt;kbsingh&gt;</span> https://git.centos.org/summary/centpkg.git
<a name="l-185"></a><span class="tm">13:54:56</span><span class="nk"> &lt;kbsingh&gt;</span> just going over this again to make sure i understand what piece of work you want me to deliver on
<a name="l-186"></a><span class="tm">13:56:10</span><span class="nk"> &lt;mattymo&gt;</span> hey Evolution
<a name="l-187"></a><span class="tm">13:56:37</span><span class="nk"> &lt;bstinson&gt;</span> when you say http_basic auth, are you meaning username/password?
<a name="l-188"></a><span class="tm">13:56:42</span><span class="nk"> &lt;kbsingh&gt;</span> yeah
<a name="l-189"></a><span class="tm">13:56:48</span><span class="nk"> &lt;Evolution&gt;</span> <span class="hi">mattymo:</span> meeting presently. wait one (or pm)
<a name="l-190"></a><span class="tm">13:56:54</span><span class="nk"> &lt;mattymo&gt;</span> oh ok
<a name="l-191"></a><span class="tm">13:57:32</span><span class="nk"> &lt;mattymo&gt;</span> I'll write here just b/c anyone can comment. I see this bug here: https://github.com/karelzak/util-linux/issues/121
<a name="l-192"></a><span class="tm">13:57:32</span><span class="nk"> &lt;bstinson&gt;</span> ah, we may need to hash out some details on that, I was hoping to hand you a client cert and get the user account info that way
<a name="l-193"></a><span class="tm">13:57:45</span><span class="nk"> &lt;kbsingh&gt;</span> <span class="hi">bstinson:</span> my understanding is that this will go away and fas or ipa will provide the certauthority to auth with
<a name="l-194"></a><span class="tm">13:58:13</span><span class="nk"> &lt;MerlinTHP&gt;</span> Mm
<a name="l-195"></a><span class="tm">13:58:57</span><span class="nk"> &lt;kbsingh&gt;</span> so the user will actually only have the one set of certs they use for koji and git
<a name="l-196"></a><span class="tm">13:59:10</span><span class="nk"> &lt;MerlinTHP&gt;</span> Yeah
<a name="l-197"></a><span class="tm">13:59:24</span><span class="nk"> &lt;MerlinTHP&gt;</span> ( + the lookaside, depending if you count that as part of git )
<a name="l-198"></a><span class="tm">13:59:37</span><span class="nk"> &lt;kbsingh&gt;</span> and somewhere in there will be a mechanism that says what branches ( or what groups ) this person belongs to
<a name="l-199"></a><span class="tm">13:59:50</span><span class="nk"> &lt;kbsingh&gt;</span> <span class="hi">MerlinTHP:</span> right, lookaside too
<a name="l-200"></a><span class="tm">14:00:12</span><span class="nk"> &lt;MerlinTHP&gt;</span> That mechanism could e.g. be an LDAP query against IPA
<a name="l-201"></a><span class="tm">14:00:55</span><span class="nk"> &lt;alphacc&gt;</span> <span class="hi">MerlinTHP:</span> I could query same ldap for the koji policy
<a name="l-202"></a><span class="tm">14:01:05</span><span class="nk"> &lt;MerlinTHP&gt;</span> That'd be neat
<a name="l-203"></a><span class="tm">14:01:16</span><span class="nk"> &lt;MerlinTHP&gt;</span> But you can probably s/IPA/FAS/ too
<a name="l-204"></a><span class="tm">14:01:51 </span><span class="nka">* MerlinTHP</span> <span class="ac">wonders if we need to make this meeting slot longer</span>
<a name="l-205"></a><span class="tm">14:02:03</span><span class="nk"> &lt;gwd&gt;</span> Sorry to interrupt -- could someone with koji admin privileges make a virt6-testing tag?  (I think that's what I want...)
<a name="l-206"></a><span class="tm">14:02:30</span><span class="nk"> &lt;bstinson&gt;</span> we are making good progress, at some point they'll get shorter :)
<a name="l-207"></a><span class="tm">14:02:34</span><span class="nk"> &lt;MerlinTHP&gt;</span> :)
<a name="l-208"></a><span class="tm">14:02:41</span><span class="nk"> &lt;alphacc&gt;</span> <span class="hi">gwd:</span> already there. pm.
<a name="l-209"></a><span class="tm">14:02:49</span><span class="nk"> &lt;MerlinTHP&gt;</span> I've got to go shortly
<a name="l-210"></a><span class="tm">14:02:55</span><span class="nk"> &lt;bstinson&gt;</span> since we're in the weeds, let's bring this back up offline and again next week
<a name="l-211"></a><span class="tm">14:03:08</span><span class="nk"> &lt;kbsingh&gt;</span> sounds good
<a name="l-212"></a><span class="tm">14:03:19</span><span class="nk"> &lt;kbsingh&gt;</span> i think the integration layers might be what needs the most effort
<a name="l-213"></a><span class="tm">14:03:26</span><span class="nk"> &lt;MerlinTHP&gt;</span> Agreed.
<a name="l-214"></a><span class="tm">14:03:27</span><span class="nk"> &lt;quaid&gt;</span> <span class="cmd">#info </span><span class="cmdline">need to settle on temp auth method for git.centos.org over https</span>
<a name="l-215"></a><span class="tm">14:03:40</span><span class="nk"> &lt;kbsingh&gt;</span> if we can offload auth for lookaside into httpd, we might do the same for git as well, but lets cross that bridge
<a name="l-216"></a><span class="tm">14:03:57</span><span class="nk"> &lt;alphacc&gt;</span> ok good for me too.
<a name="l-217"></a><span class="tm">14:04:19</span><span class="nk"> &lt;gwd&gt;</span> <span class="hi">alphacc:</span> Oops, sorry... missed the 2nd page on the web interface.
<a name="l-218"></a><span class="tm">14:05:01</span><span class="nk"> &lt;alphacc&gt;</span> <span class="hi">gwd:</span> it's a tag not a target, what are you yting to achieve ?
<a name="l-219"></a><span class="tm">14:05:16</span><span class="nk"> &lt;alphacc&gt;</span> s/yting/trying
<a name="l-220"></a><span class="tm">14:05:20</span><span class="nk"> &lt;bstinson&gt;</span> we can probably save SIG Branch and Build Target naming until next week also
<a name="l-221"></a><span class="tm">14:05:21</span><span class="nk"> &lt;kbsingh&gt;</span> cool, are we closing meeting ?
<a name="l-222"></a><span class="tm">14:05:41</span><span class="nk"> &lt;bstinson&gt;</span> closing in 1 minute
<a name="l-223"></a><span class="tm">14:05:44</span><span class="nk"> &lt;kbsingh&gt;</span> <span class="hi">mattymo:</span> still waiting for you guys to actually start doing some contributing and things into CentOS
<a name="l-224"></a><span class="tm">14:06:19</span><span class="nk"> &lt;bstinson&gt;</span> <span class="cmd">#info </span><span class="cmdline">Next Meeting: Monday 29-Sept, 13:00 UTC</span>
<a name="l-225"></a><span class="tm">14:06:35</span><span class="nk"> &lt;bstinson&gt;</span> thanks everyone!
<a name="l-226"></a><span class="tm">14:06:40</span><span class="nk"> &lt;MerlinTHP&gt;</span> Cheers!
<a name="l-227"></a><span class="tm">14:06:41</span><span class="nk"> &lt;gwd&gt;</span> <span class="hi">alphacc:</span> I'm trying to build ipxe into an actual repo, so that I can then try building xen (which depends on ipxe).
<a name="l-228"></a><span class="tm">14:06:50</span><span class="nk"> &lt;quaid&gt;</span> nice meeting, thx
<a name="l-229"></a><span class="tm">14:06:55</span><span class="nk"> &lt;bstinson&gt;</span> <span class="cmd">#endmeeting</span><span class="cmdline"></span></pre>
</body></html>