February 2019 - Heroes - openSUSE Mailing Lists

Job opening at the SUSE Engineering Infrastructure team

by Theo Chatzimichos

Hello, my team (Engineering Infrastructure) has an open position for an Infrastructure Automation Engineer [1], for working on new cool DevOps technologies like salt, docker and k8s. Part of the responsibilities will be also the maintenance and automation of the openSUSE Infrastructure. The position is at the SUSE HQ in Nuremberg. Feel free to contact me if you need further details (either by personal mail or by PM on the #opensuse-admin channel on Freenode). [1] https://jobs.suse.com/job/nuremberg/infrastructure-automation-engineer/3486… -- Theo Chatzimichos <tampakrap(a)opensuse.org> <tchatzimichos(a)suse.com> System Administrator SUSE Engineering Infrastructure team

1 year, 7 months

1
1
0 0

somebody please unclose issue 42599

by Felix Miata

https://progress.opensuse.org/issues/42599 is back with a vengeance. I can't login on forums or B.O.O., yet can elsewhere, and cookie deletion does not help. There's a very active bug I want to comment in. Clicking the login link in the forums just reloads the page. -- Evolution as taught in public schools is religion, not science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

1 year, 9 months

2
1
0 0

membership system evaluation (was: Re: [opensuse-project] huge amount of SPAM)

by Lars Vogdt

Am February 23, 2019 3:33:36 PM UTC schrieb "jdd(a)dodin.org" <jdd(a)dodin.org>: >Let me start a fork of this thread to focus on evaluation of possible >solution and list of volunteers to do so > >Voluteers (may be) are: > >christian Boltz (data base) >jdd (galette and more) >Ish Sookun >Edwin >Carlos (?) > >(add or remove yourself :-) I would join, but I don't have a good relationship with our chairman and probably some other members any longer, so I don't expect that my help is welcome. Which I accept, btw, no worries. But as I explained my problems in this thread and these complaints might be one of the starting points of the whole discussion, you can add Lars as general contact for technical questions. I'm not sure if I'm allowed to do some hands on stuff, but I will for sure do my best to answer any question or offer help in other areas. >needs to fulfill: > >* manage a member database with identification, allowing members to >check they data and keep them safe >* manage a way to allow people to ask to be a members >* connect the present base to the new one > > >solution proposed are: > >opensource for sure: > >* plain paper >* Nextcloud session + libreoffice calc >* galette (http://galette.eu/dc/?navlang=en) >* mysql + phpmyadmin > >probably opensource (to check): > >* admidio (https://www.admidio.org/) >* clubmaster (http://www.clubmaster.org/) >* civicrm (http://groupspaces.com/) > > >please ad ideas here at will, but fork to add comments (change subject >or open a new one) thanks I've one addition: * FreeIPA + maybe some additional forms But be warned: the idea behind this is bigger than a replacement of connect and might end up in more work. The idea behind: Establish a new user directory for openSUSE. You might know that the heroes use FreeIPA internally since a while for authentication and DNS. FreeIPA is utilizing 389 directory (I will call it LDAP from now, as I'm too old to remember numbers ;-) and has a bunch of other features. Especially around authentication and systems management. I think we should be able to define some new groups like "hero", "board", "election_commitee", "member", "applicant", "user", ... and assign users to these groups. -> all in LDAP. This needs ~10min initial work on the already established system. The freeipa server is running inside the private network. No setup needed. The system is productive and maintained by the heroes already. Exporting members with their Email settings might not even be needed: using an ldapsearch with a special filter on the mail systems will already do the trick. For the IRC nicknames export script, its about the adaption of the mysql to a ldap query... Funnily, bugzilla, wikis and other openSUSE tools allow authentication against LDAP since a long time. It might be possible to add the "freeipa LDAP" as authorization source to the running services (in addition or as replacement). This needs migration, cooperation, trust and some time - but would in the end mean that openSUSE would become a bit more independent. FreeIPA already has a WebUI, that would allow to manage the group membership and other details very user friendly. So, what is missing? * There is currently no WebUI available in the public. The Heroes could forward the existing UI to the public (especially for evaluation by the membership committee), but this has to be discussed with them (in CC). * There could be a form, that allows users to request their membership. This could end up in a flag in LDAP, which in turn might result in a notification to the membership committee - but IMHO a mailing list or a real ticket system might be better for membership requests. This has to be discussed with the membership committee (in CC). * Once approved, members could be added in FreeIPA. Either by asking them to fill out a registration form or by someone with enough rights in FreeIPA. Of course: the best way might be to let them register themselves before they submit their request. In this case, someone could simply add them the the right group and everybody is happy. We need to discuss if they should/could use the same username as they have now, but this is a detail. * After some evaluation and testing, the community might want to migrate the current Novell/openSUSE login stuff to FreeIPA - but this is not the question here and should be discussed with the openSUSE community (in TO :-). Regards, Lars -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

1 year, 9 months

2
1
0 0

Re: membership system evaluation

by Lars Vogdt

Am 2019-02-23 21:20, schrieb Richard Brown: > On Sat, 23 Feb 2019 at 20:49, Lars Vogdt <lrupp(a)suse.de> wrote: >> But as I explained my problems in this thread and these complaints >> might be one of the starting points of the whole discussion, you can >> add Lars as general contact for technical questions. I'm not sure if >> I'm allowed to do some hands on stuff, but I will for sure do my best >> to answer any question or offer help in other areas. > > I don't know what you mean by "if I'm allowed". Well: I was kicked from machines in the past, without any further information. So I assume that there was either an order from someone or someone inside the heroes team did not want me to contribute any longer. As I explained the weeks before that event that I probably have to step back because my time for the heroes in 2019 is limited, I accepted the removal of my keys (while I still not understand that nobody talked to me about this in front or explained me the reasons). More details are on the heroes list. So from my point of view, I'm asking the heroes if I'm allowed to help. >> I've one addition: >> * FreeIPA + maybe some additional forms [...] > Might be worth the work Thanks. Lars -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

1 year, 9 months

1
0
0 0

connect.o.o - why don't we just stop publishing those member pages?

by Per Jessen

Where does connect.o.o run anyway? It's aka login2.o.o, but I don't see either on our list: https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/Machines If Carlos volunteers to help tidy up the spam, is it easy for him to remove/disable spammers' profiles ? -- Per Jessen, Zürich (7.4°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

1 year, 9 months

1
0
0 0

Re: Fwd: Awaiting permission to join board@opensuse.org

by Simon Lees

Can one of the Hero's take a look please On 20/02/2019 18:04, Axel Braun wrote: > Hi, > Looks I'm able to send to the list, but I do not receive mails from there > Schöne Grüße > Axel > -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

1 year, 9 months

2
1
0 0

[infra-discuss] bye, bye keyserver.o.o (WAS: Re: SKS keyserver EoL? / WKD not yet finished? What's next?)

by Thorsten Bro | openSUSE Heroes

Hi all, with immediate effect, I will take down keyserver.o.o, because the sks-keyserver pool received an official GDPR request (see below) from British ICO. Unfortunately, as a cautious and responsible Sysadmin, I can't ignore that fact and can't take the blame on openSUSE Heroes that we might not follow GDPR. That's why, until further notice, the openSUSE Heroes are no longer providing keyserver.o.o as a service. If SUSE needs that service for the business, we can talk about alternatives, but we need to plan on this and it needs to take some time to evaluate a GDPR compliant solution together with works council. ---- snip ---- Full story about sks GDPR take-down notice: https://lists.nongnu.org/archive/html/sks-devel/2019-02/msg00070.html ---- snap ---- Best regards, -- Thorsten Bro <tbro(a)opensuse.org> - Member of openSUSE Heroes - -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

1 year, 9 months

1
0
0 0

anna rebooted last night?

by Per Jessen

When anna was rebooted last night, postfix failed to start - couldn't find an interface with the 192.168.47 address. Postfix did wait for network.target to complete (17:32:00) and started at 17:32:01, but still couldn't find an interface with the address ? I started up postfix this morning just before 8, the sudden flood of messages might have caused some receiving servers to start rate limiting. In the queue I see a few messages from icinga - recovery status or recovery notification - sent from "icinga(a)monitor.opensuse.org" to "icinga(a)localhost.opensuse.org". This can't be delivered, so an NDR is attempted sent back to "icinga(a)monitor.opensuse.org" which can't be delivered either. delivery temporarily suspended: connect to monitor.opensuse.org[2620:113:80c0:8::16]:25: Connection refused about 250 such mails right now :-) There were a few other issues - systemd-sysctl[397]: Couldn't write '655360' to 'net/nf_conntrack_max', ignoring: No such file or directory (long list of those). Some conntrack module not being loaded early enough? Keepalived - config problems Keepalived_vrrp - config problem I've captured all the output. Unless someone puts a hand up, I'll probably just open some issues for us to look at later. -- Per Jessen, Zürich (-0.4°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

1 year, 9 months

2
2
0 0

Mirrorbrain configuration adjustments

by Dominique Leuenberger / DimStar

Dear Heroes, I was assigned https://bugzilla.opensuse.org/show_bug.cgi?id=1120962 and, together with Theo, managed to fix the issue. But I want to make sure all heroes are aware of the trouble and the reasons behind. First, the bug happened becuase of an outdated mirror (suse.inode.at in this case). The file yast2-trans-en_US.rpm was not updated on that mirror. In normal repos, this does not cause issues, as all RPMs are named NAME-VERSION.rpm, with a changing VERSION field. So if a mirror is not updating, it simply won't have the new RPMs with VERSION+1. Simple enough. For stuff in repo/oss/boot though, this does not apply: there are unversioned files, including a bunch of squashfs images. Most don't have a number in the name, so they are excempt from mirror redirection anyway, so all good.. except for yast_2_-* :( In the past, we had a block in apache;s configuration to redirect all of repo/oss/boot to downloadcontent, where we have control over the state and basically can guarantee it being up-to-date. Somewhen, this block had been disabled with a comment like: # why is that needed at all? # we have mirrors outside who can handle this content... So, by now we know the 'why' :) As said, together with Theo this block had been re-enabled and mirrorbrain is again redirectnig all of boot/ to downloadcontent.opensuse.org Additionally, I disabled suse.inode.at in the MB database: this mirror has not been updating in 1.5 years. I hope to have you informed sufficiently and nobody feels like I stepped on anybodys toes. Cheers Dominique

1 year, 9 months

3
2
0 0

provo mirror - something broke yesterday

by Per Jessen

https://progress.opensuse.org/issues/47468 OSError: [Errno 5] Input/output error: '/srv/www/vhosts/mirrors.opensuse.org/list/.ports.txtQDAgNd' /usr/bin/createmirrorbrain-webpages: line 69: /srv/www/vhosts/mirrors.opensuse.org/list/.timestamp: Input/output error -- Per Jessen, Zürich (-0.2°C) Member, openSUSE Heroes -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

1 year, 9 months

1
0
0 0

2020

2019

2018

2017

2016

Heroes February 2019