Hello,
my team (Engineering Infrastructure) has an open position for an Infrastructure
Automation Engineer [1], for working on new cool DevOps technologies like salt,
docker and k8s. Part of the responsibilities will be also the maintenance and
automation of the openSUSE Infrastructure. The position is at the SUSE HQ in
Nuremberg. Feel free to contact me if you need further details (either by
personal mail or by PM on the #opensuse-admin channel on Freenode).
[1] https://jobs.suse.com/job/nuremberg/infrastructure-automation-engineer/3486…
--
Theo Chatzimichos <tampakrap(a)opensuse.org> <tchatzimichos(a)suse.com>
System Administrator
SUSE Engineering Infrastructure team
https://progress.opensuse.org/issues/42599 is back with a vengeance.
I can't login on forums or B.O.O., yet can elsewhere, and cookie deletion does not help. There's a
very active bug I want to comment in. Clicking the login link in the forums just reloads the page.
--
Evolution as taught in public schools is religion, not science.
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Am February 23, 2019 3:33:36 PM UTC schrieb "jdd(a)dodin.org" <jdd(a)dodin.org>:
>Let me start a fork of this thread to focus on evaluation of possible
>solution and list of volunteers to do so
>
>Voluteers (may be) are:
>
>christian Boltz (data base)
>jdd (galette and more)
>Ish Sookun
>Edwin
>Carlos (?)
>
>(add or remove yourself :-)
I would join, but I don't have a good relationship with our chairman and probably some other members any longer, so I don't expect that my help is welcome. Which I accept, btw, no worries.
But as I explained my problems in this thread and these complaints might be one of the starting points of the whole discussion, you can add Lars as general contact for technical questions. I'm not sure if I'm allowed to do some hands on stuff, but I will for sure do my best to answer any question or offer help in other areas.
>needs to fulfill:
>
>* manage a member database with identification, allowing members to
>check they data and keep them safe
>* manage a way to allow people to ask to be a members
>* connect the present base to the new one
>
>
>solution proposed are:
>
>opensource for sure:
>
>* plain paper
>* Nextcloud session + libreoffice calc
>* galette (http://galette.eu/dc/?navlang=en)
>* mysql + phpmyadmin
>
>probably opensource (to check):
>
>* admidio (https://www.admidio.org/)
>* clubmaster (http://www.clubmaster.org/)
>* civicrm (http://groupspaces.com/)
>
>
>please ad ideas here at will, but fork to add comments (change subject
>or open a new one) thanks
I've one addition:
* FreeIPA + maybe some additional forms
But be warned: the idea behind this is bigger than a replacement of connect and might end up in more work.
The idea behind:
Establish a new user directory for openSUSE.
You might know that the heroes use FreeIPA internally since a while for authentication and DNS. FreeIPA is utilizing 389 directory (I will call it LDAP from now, as I'm too old to remember numbers ;-) and has a bunch of other features. Especially around authentication and systems management.
I think we should be able to define some new groups like "hero", "board", "election_commitee", "member", "applicant", "user", ... and assign users to these groups. -> all in LDAP. This needs ~10min initial work on the already established system.
The freeipa server is running inside the private network. No setup needed. The system is productive and maintained by the heroes already. Exporting members with their Email settings might not even be needed: using an ldapsearch with a special filter on the mail systems will already do the trick. For the IRC nicknames export script, its about the adaption of the mysql to a ldap query...
Funnily, bugzilla, wikis and other openSUSE tools allow authentication against LDAP since a long time. It might be possible to add the "freeipa LDAP" as authorization source to the running services (in addition or as replacement). This needs migration, cooperation, trust and some time - but would in the end mean that openSUSE would become a bit more independent.
FreeIPA already has a WebUI, that would allow to manage the group membership and other details very user friendly.
So, what is missing?
* There is currently no WebUI available in the public. The Heroes could forward the existing UI to the public (especially for evaluation by the membership committee), but this has to be discussed with them (in CC).
* There could be a form, that allows users to request their membership. This could end up in a flag in LDAP, which in turn might result in a notification to the membership committee - but IMHO a mailing list or a real ticket system might be better for membership requests. This has to be discussed with the membership committee (in CC).
* Once approved, members could be added in FreeIPA. Either by asking them to fill out a registration form or by someone with enough rights in FreeIPA. Of course: the best way might be to let them register themselves before they submit their request. In this case, someone could simply add them the the right group and everybody is happy. We need to discuss if they should/could use the same username as they have now, but this is a detail.
* After some evaluation and testing, the community might want to migrate the current Novell/openSUSE login stuff to FreeIPA - but this is not the question here and should be discussed with the openSUSE community (in TO :-).
Regards,
Lars
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Am 2019-02-23 21:20, schrieb Richard Brown:
> On Sat, 23 Feb 2019 at 20:49, Lars Vogdt <lrupp(a)suse.de> wrote:
>> But as I explained my problems in this thread and these complaints
>> might be one of the starting points of the whole discussion, you can
>> add Lars as general contact for technical questions. I'm not sure if
>> I'm allowed to do some hands on stuff, but I will for sure do my best
>> to answer any question or offer help in other areas.
>
> I don't know what you mean by "if I'm allowed".
Well: I was kicked from machines in the past, without any further
information. So I assume that there was either an order from someone or
someone inside the heroes team did not want me to contribute any longer.
As I explained the weeks before that event that I probably have to step
back because my time for the heroes in 2019 is limited, I accepted the
removal of my keys (while I still not understand that nobody talked to
me about this in front or explained me the reasons). More details are on
the heroes list.
So from my point of view, I'm asking the heroes if I'm allowed to help.
>> I've one addition:
>> * FreeIPA + maybe some additional forms
[...]
> Might be worth the work
Thanks.
Lars
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Where does connect.o.o run anyway? It's aka login2.o.o, but I don't see
either on our list:
https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/Machines
If Carlos volunteers to help tidy up the spam, is it easy for him to
remove/disable spammers' profiles ?
--
Per Jessen, Zürich (7.4°C)
Member, openSUSE Heroes
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Can one of the Hero's take a look please
On 20/02/2019 18:04, Axel Braun wrote:
> Hi,
> Looks I'm able to send to the list, but I do not receive mails from there
> Schöne Grüße
> Axel
>
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hi all,
with immediate effect, I will take down keyserver.o.o, because the
sks-keyserver pool received an official GDPR request (see below) from
British ICO. Unfortunately, as a cautious and responsible Sysadmin, I
can't ignore that fact and can't take the blame on openSUSE Heroes that
we might not follow GDPR.
That's why, until further notice, the openSUSE Heroes are no longer
providing keyserver.o.o as a service.
If SUSE needs that service for the business, we can talk about
alternatives, but we need to plan on this and it needs to take some time
to evaluate a GDPR compliant solution together with works council.
---- snip ----
Full story about sks GDPR take-down notice:
https://lists.nongnu.org/archive/html/sks-devel/2019-02/msg00070.html
---- snap ----
Best regards,
--
Thorsten Bro <tbro(a)opensuse.org>
- Member of openSUSE Heroes -
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
When anna was rebooted last night, postfix failed to start - couldn't
find an interface with the 192.168.47 address. Postfix did wait for
network.target to complete (17:32:00) and started at 17:32:01, but
still couldn't find an interface with the address ?
I started up postfix this morning just before 8, the sudden flood of
messages might have caused some receiving servers to start rate
limiting.
In the queue I see a few messages from icinga - recovery status or
recovery notification - sent from "icinga(a)monitor.opensuse.org"
to "icinga(a)localhost.opensuse.org". This can't be delivered, so an NDR
is attempted sent back to "icinga(a)monitor.opensuse.org" which can't be
delivered either.
delivery temporarily suspended: connect to
monitor.opensuse.org[2620:113:80c0:8::16]:25: Connection refused
about 250 such mails right now :-)
There were a few other issues -
systemd-sysctl[397]: Couldn't write '655360' to 'net/nf_conntrack_max',
ignoring: No such file or directory
(long list of those). Some conntrack module not being loaded early
enough?
Keepalived - config problems
Keepalived_vrrp - config problem
I've captured all the output. Unless someone puts a hand up, I'll
probably just open some issues for us to look at later.
--
Per Jessen, Zürich (-0.4°C)
Member, openSUSE Heroes
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Dear Heroes,
I was assigned https://bugzilla.opensuse.org/show_bug.cgi?id=1120962
and, together with Theo, managed to fix the issue. But I want to make sure all heroes are aware of the trouble and the reasons behind.
First, the bug happened becuase of an outdated mirror (suse.inode.at in
this case). The file yast2-trans-en_US.rpm was not updated on that
mirror.
In normal repos, this does not cause issues, as all RPMs are named
NAME-VERSION.rpm, with a changing VERSION field. So if a mirror is not
updating, it simply won't have the new RPMs with VERSION+1. Simple
enough.
For stuff in repo/oss/boot though, this does not apply: there are
unversioned files, including a bunch of squashfs images. Most don't
have a number in the name, so they are excempt from mirror redirection
anyway, so all good.. except for yast_2_-* :(
In the past, we had a block in apache;s configuration to redirect all
of repo/oss/boot to downloadcontent, where we have control over the
state and basically can guarantee it being up-to-date. Somewhen, this
block had been disabled with a comment like:
# why is that needed at all?
# we have mirrors outside who can handle this content...
So, by now we know the 'why' :)
As said, together with Theo this block had been re-enabled and
mirrorbrain is again redirectnig all of boot/ to
downloadcontent.opensuse.org
Additionally, I disabled suse.inode.at in the MB database: this mirror
has not been updating in 1.5 years.
I hope to have you informed sufficiently and nobody feels like I
stepped on anybodys toes.
Cheers
Dominique