Hey, Chatting with Klaas here about infrastructure issues, and I suggested investigating OSUOSL: http://osuosl.org/ http://osuosl.org/services/hosting Apparently, that's something we could discuss at the next team meeting. Vincent -- Les gens heureux ne sont pas pressés. -- To unsubscribe, e-mail: opensuse-boosters+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-boosters+help@opensuse.org
On 09/11/2011 03:34 PM, Vincent Untz wrote:
Hey,
Chatting with Klaas here about infrastructure issues, and I suggested investigating OSUOSL: http://osuosl.org/ http://osuosl.org/services/hosting
What infrastructure exactly are we talking about? -- Best Regards / S pozdravom, Pavol RUSNAK SUSE LINUX, s.r.o openSUSE Boosters Team Lihovarska 1060/12 PGP 0xA6917144 19000 Praha 9 prusnak[at]opensuse.org Czech Republic -- To unsubscribe, e-mail: opensuse-boosters+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-boosters+help@opensuse.org
Am Montag, 12. September 2011, 09:45:55 schrieb Pavol Rusnak:
On 09/11/2011 03:34 PM, Vincent Untz wrote:
Hey,
Chatting with Klaas here about infrastructure issues, and I suggested
investigating OSUOSL: http://osuosl.org/ http://osuosl.org/services/hosting
What infrastructure exactly are we talking about? AFAIK Wiki, news, these things.
Klaas -- To unsubscribe, e-mail: opensuse-boosters+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-boosters+help@opensuse.org
On 11.09.2011 15:34, Vincent Untz wrote:
Hey,
Chatting with Klaas here about infrastructure issues, and I suggested investigating OSUOSL: http://osuosl.org/ http://osuosl.org/services/hosting
Apparently, that's something we could discuss at the next team meeting.
Sounds really cool, with dns-management, monitoring, backups... Much better than our own infrastructure, and it would be easier to let community members take responsibility over services. We should discuss which of our services we could use to test this. Greetings -- Thomas Schmidt (tom [at] opensuse.org) openSUSE Boosters Team "Don't Panic", Douglas Adams (1952 - 11.05.2001) -- To unsubscribe, e-mail: opensuse-boosters+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-boosters+help@opensuse.org
Vincent Untz - 15:34 11.09.11 wrote:
Hey,
Chatting with Klaas here about infrastructure issues, and I suggested investigating OSUOSL: http://osuosl.org/ http://osuosl.org/services/hosting
Apparently, that's something we could discuss at the next team meeting.
Just few ideas before that meeting will happen. Whatever we will move there will be probably unable to use iChain setup for our services. So I would suggest to discuss and pickup as our next milestone first item from "What to improve"[1] session held on openSUSE Conference - get rid of iChain. I know it's a little bit of heresy and there will be a lot of complaining and flaming around... But I think that now is the right time, as people kind of expect some results from openSUSE Conference and we can use it as an excuse to break some stuff :-B And it will help with setting up stuff outside of SuSE internal infrastructure... [1] http://en.opensuse.org/openSUSE:What_to_improve_osc11_session -- Michal HRUSECKY SUSE LINUX, s.r.o openSUSE Boosters Team Lihovarska 1060/12 PGP 0xFED656F6 19000 Praha 9 mhrusecky[at]suse.cz Czech Republic http://michal.hrusecky.net http://www.suse.cz
Am Dienstag, 20. September 2011 schrieb Michal Hrusecky:
Vincent Untz - 15:34 11.09.11 wrote:
Hey,
Chatting with Klaas here about infrastructure issues, and I suggested
investigating OSUOSL: http://osuosl.org/ http://osuosl.org/services/hosting
Apparently, that's something we could discuss at the next team meeting.
Just few ideas before that meeting will happen. Whatever we will move there will be probably unable to use iChain setup for our services. So I Well, there is no moving away from ichain without moving away from provo datacenter. But if you host something somewhere else, you can still use login.opensuse.org to verify ichain passwords.
BTW: I find the reasons given for eliminating ichain strange - especially as we do not use ichain for connect, but login.opensuse.org Greetings, Stephan -- To unsubscribe, e-mail: opensuse-boosters+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-boosters+help@opensuse.org
Stephan Kulow - 9:24 21.09.11 wrote:
Am Dienstag, 20. September 2011 schrieb Michal Hrusecky:
Vincent Untz - 15:34 11.09.11 wrote:
Hey,
Chatting with Klaas here about infrastructure issues, and I suggested
investigating OSUOSL: http://osuosl.org/ http://osuosl.org/services/hosting
Apparently, that's something we could discuss at the next team meeting.
Just few ideas before that meeting will happen. Whatever we will move there will be probably unable to use iChain setup for our services. So I Well, there is no moving away from ichain without moving away from provo datacenter. But if you host something somewhere else, you can still use login.opensuse.org to verify ichain passwords.
BTW: I find the reasons given for eliminating ichain strange - especially as we do not use ichain for connect, but login.opensuse.org
What is login.opensuse.org and how it works? Strange question, but is it documented somewhere? And isn't it just another iChain instance? AFAIK Connect is behind some proxy that provides authentication which is impossible (or at least hard) to do on servers hosted out of our internal network. So if we are going to move some services out of Provo, we need to move them away from iChain as well anyway. Also using some standard mean of authentication can be useful for people wanting to provide more services to members of openSUSE Community... Not speaking about possibility to use Connect login for example on sf.net ;-) -- Michal HRUSECKY SUSE LINUX, s.r.o openSUSE Boosters Team Lihovarska 1060/12 PGP 0xFED656F6 19000 Praha 9 mhrusecky[at]suse.cz Czech Republic http://michal.hrusecky.net http://www.suse.cz
Am Mittwoch, 21. September 2011 schrieb Michal Hrusecky:
What is login.opensuse.org and how it works? Strange question, but is it documented somewhere? And isn't it just another iChain instance? AFAIK
Connect is behind some proxy that provides authentication which is impossible (or at least hard) to do on servers hosted out of our internal network. So if we are going to move some services out of Provo, connect is behind login.opensuse.org, yes. And there is no reason why the authenification can't stay behind login.opensuse.org if the real traffic is
No, it's our own implementation. then directly to the hoster. We can then later switch from ldap auth to connect auth, but for now I consider it a major regression if I need different accounts for different openSUSE services. Greetings, Stephan -- To unsubscribe, e-mail: opensuse-boosters+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-boosters+help@opensuse.org
Stephan Kulow - 10:53 21.09.11 wrote:
Am Mittwoch, 21. September 2011 schrieb Michal Hrusecky:
What is login.opensuse.org and how it works? Strange question, but is it documented somewhere? And isn't it just another iChain instance? AFAIK
No, it's our own implementation.
Ok, so it is our own implementation of something like iChain, nonstandard and undocumented? Sounds great :-D
Connect is behind some proxy that provides authentication which is impossible (or at least hard) to do on servers hosted out of our internal network. So if we are going to move some services out of Provo, connect is behind login.opensuse.org, yes. And there is no reason why the authenification can't stay behind login.opensuse.org if the real traffic is then directly to the hoster.
We can then later switch from ldap auth to connect auth, but for now I consider it a major regression if I need different accounts for different openSUSE services.
Interesting point from this response is, the LDAP you are talking about, I guess we don't have access to it, right? It would make things much simpler. Do we have control over login.opensuse.org? One of the issues with iChain is that whenever we need something, it has to go through Provo. Other reason is that whenever we want to set up new website (if we want to update bugzilla, mediawiki, if we decide that we want something else) we need to create/maintain iChain authentication plugin while openID is widely supported. With login.opensuse.org, just name would change from iChain to login.opensuse.org. And if we will be setting up new infrastructure, I think it would be a good opportunity to get rid of some legacy technologies we have around. If we would get our hands on that LDAP, we could just setup Connect to use it and provide openID fro everybody else. So same login/password, just different way... -- Michal HRUSECKY SUSE LINUX, s.r.o openSUSE Boosters Team Lihovarska 1060/12 PGP 0xFED656F6 19000 Praha 9 mhrusecky[at]suse.cz Czech Republic http://michal.hrusecky.net http://www.suse.cz
Am Mittwoch, 21. September 2011 schrieb Michal Hrusecky:
Stephan Kulow - 10:53 21.09.11 wrote:
Am Mittwoch, 21. September 2011 schrieb Michal Hrusecky:
What is login.opensuse.org and how it works? Strange question, but is it documented somewhere? And isn't it just another iChain instance? AFAIK
No, it's our own implementation.
Ok, so it is our own implementation of something like iChain, nonstandard and undocumented? Sounds great :-D No, it's apache doing basic auth and a proxy caching the session. http://www.gitorious.org/opensuse/apache-mod_auth_memcookie
Connect is behind some proxy that provides authentication which is impossible (or at least hard) to do on servers hosted out of our internal network. So if we are going to move some services out of Provo,
connect is behind login.opensuse.org, yes. And there is no reason why the authenification can't stay behind login.opensuse.org if the real traffic is then directly to the hoster.
We can then later switch from ldap auth to connect auth, but for now I consider it a major regression if I need different accounts for different openSUSE services.
Interesting point from this response is, the LDAP you are talking about, I guess we don't have access to it, right? It would make things much simpler.
I'm talking about the novell account LDAP, yes. and login.oo is the only host that has access to it - and all other hosts have no access to the password, which is a very big adventage. I'm not argueing that openid doesn't have the same advantage, but openid is a completely different beast and "getting rid of ichain" doesn't translate to "use openid" to me.
Do we have control over login.opensuse.org? One of the issues with
As I said: it's our own.
iChain is that whenever we need something, it has to go through Provo. Yes, but provo ichain we only use for stuff hosted in provo right now. Wiki and bugzilla basically.
Other reason is that whenever we want to set up new website (if we want to update bugzilla, mediawiki, if we decide that we want something else) we need to create/maintain iChain authentication plugin while openID is widely supported. With login.opensuse.org, just name would change from iChain to login.opensuse.org. And if we will be setting up new infrastructure, I think it would be a good opportunity to get rid of some legacy technologies we have around. If we would get our hands on that LDAP, we could just setup Connect to use it and provide openID fro everybody else. So same login/password, just different way...
Yes, connect can be the openid provider, but it can still authenficate against login.opensuse.org aka ichain creditionals. login.opensuse.org can be the openid provider itself too I guess, but having it in connect makes future changes easier. Greetings, Stephan -- To unsubscribe, e-mail: opensuse-boosters+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-boosters+help@opensuse.org
On Sunday, September 11, 2011 15:34:39 Vincent Untz wrote:
Hey,
Chatting with Klaas here about infrastructure issues, and I suggested investigating OSUOSL: http://osuosl.org/ http://osuosl.org/services/hosting
We also have an offer of sponsorship for services on the table - and I suggest we evaluate both. I've created a wiki page to list *our* requirements for this, please help adding to it: http://en.opensuse.org/openSUSE:Server_move Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-boosters+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-boosters+help@opensuse.org
participants (7)
-
Andreas Jaeger
-
Klaas Freitag
-
Michal Hrusecky
-
Pavol Rusnak
-
Stephan Kulow
-
Thomas Schmidt
-
Vincent Untz