Hello,
the next heroes meeting will be next tuesday (2019-10-01) 18:00 UTC /
20:00 CEST in the #opensuse-admin IRC channel.
The usual topics are already listed on
https://progress.opensuse.org/issues/56435
Feel free to add things you want to discuss, or bring them up during the
meeting.
Regards,
Christian Boltz
--
[KDE3 vs. KDE4] My guess is the vocal minority will only be satisfied
when KDE4 gets dropped. We need to let them know that might happen
round about the release of KDE5.4 . [from a comment on
http://blogs.warwick.ac.uk/bweber/entry/opensuse_110_kde4/]
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hi all,
this is just to inform you that we addressed the issues with Let's
Encrypt in the openSUSE infrastructure and renewed the certificates (in
time), so no outages are to be expected. The certificate was about to
expire on Oct 8, and automatic issuance did no longer wore (we were made
aware of this by Thorsten Bro in time).
For - as to now - unclear reasons, "kinit" was missing on the machine
responsible for this (crtmgr.infra.opensuse.org). Kerberos is needed in
some script to update the DNS records needed for authorization.
Most probably this happened due to an upgrade, and the one doing the
upgrade, didn't realize right away, since it takes a while until the
problem manifests itself. Simply installing krb5-client, did the trick,
so this should work automatically again for the future now.
Best regards,
Karol Babioch
Dear openSUSE Heroes,
The status page [1] should reflect the current incident, otherwise users
might be prompted to report it to admin(a)opensuse.org while it's been
already tracked on an existing ticket.
Also, please mention the ticket number in the status updates.
All the best.
Ish Sookun
[1] https://status.opensuse.org/
On 9/26/19 5:39 AM, Felix Miata wrote:
> Mark Misulich composed on 2019-09-25 21:30 (UTC-0400):
>
>> I am to be locked out of updates, what has happened to openSuse?
>
> Looks like everybody is:
>
> https://progress.opensuse.org/issues/57383
>
> If you need to update immediately you can switch URLs of your repos to use any
> specific mirror not suffering this failure.
>
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hi all,
today in the evening there was a meeting to discuss the current state of
the openSUSE infrastructure. It was "initiated" by the openSUSE heroes
and was meant to sync on current challenges and find ways to improve
collaboration between SUSE and the openSUSE heroes.
We've taken some notes during this meeting and would like to share them
with you publicly. Its only a plain text dump and not very well
formatted (it is structured, though). You'll find the original Etherpad
here [1].
We agreed upon on some action items, so we will take small steps towards
a better openSUSE infrastructure. Obviously there is still a lot of work
left to do, and we couldn't solve all topics being discussed.
Further meetings are planned in the future. Feel free to ask for more
details, etc.. Also some of this might be discussed in the next heroes
meeting (on Oct 1).
Best regards,
Karol Babioch
---
Topics
- Bare metal access
- Bugzilla and services provided by MF IT
- Available ressources to get out of firefighting mode
- login
- GDPR -- data processing catalogue and DP statements
- [Responsibilities: EngInfra vs. heroes, reality vs expectations]
Attendees
- Christian Boltz
- Per Jessen
- Kurt Garloff
- Martin Caj
- Ricardo Klein
- Karol Babioch
Bare Metal Access
Current issue: Shared infrastructure for openSUSE and SUSE assets
Cannot provide access to community (non employees) with current mode
of operation
Split infrastructure (openSUSE vs. SUSE)
Self-service infrastructure (Cloud, etc.)
Prohibitive cost (for compute intese workloads)?
Rough estimates: 4k$/m (AWS) -
https://calculator.s3.amazonaws.com/index.html#key=calc-4BB503BF-BDAE-4EDE-…
Concerns about service levels -- probably not a real issue
Open-source platform would be better -- OTC / OVH / CityNetwork (all
european public OpenStack Cloud providers)?
Keep Core services in SUSE?
Two places may create challenges
Setup internal SUSE OpenStack Cloud env hosting an openSUSE tenant
(alongside other tenants)?
Best solution <= VISION
Would need semi-public access to API/Dashboard and Floating IPs
Also needs storage system (ideally dedicated for this cloud)
Might become easier with external sponsorships in an independent
openSUSE Foundation -- but may take another year?
Also needs SUSE operations manpower ...
Unrelated: Not enough manpower to maintain the VMs either
Not enough heroes with enough time
Available resources to get out of firefighting mode
Two backfill positions posted (Theo, Thorsten)
get more resources within the engineering infrastructure team
Prague is very difficult
slightly better now after summer
Recruiting through personal connections
Team now shares the load instead of having dedicated persons that
are the only ones with knowledge and access
Ricardo joined team recently, getting up to speed, very eager to help
openSUSE CaaS Platform
Fixing is WIP
Commitment to keep supporting from CaaS team
Currently used for learning, testing not really for providing
production level services
Attracting new heroes requires advanced technology to play with?
Darix and Lars have built a lot of infra, not currently contributing
any more
personal issue may be resolved by involved persons no longer being
involved?
AI Karol: Speak to the both of them
More commitment (in terms of FTEs) from SUSE?
Also in other teams (not only EngInfra?)
Bugzilla and services provided by MF IT
What will the login provider be in the future?
Novell eDirectory will be shut down - solution will be needed by
then (otherwise SUSE goes out of business ;-))
Currently SUSE is evaluating different identity management solutions
internally (for SUSE's own needs)
No final decisions has been made
Needs to happen within the next couple of weeks
openSUSE will be affected by whatever happens to the "customer" tree
DNS provided by FreeIPA
Transition from MF-IT to ACN on AWS should not change the approach
(zone-transfer from FreeIPA)
bugzilla will be migrated to SUSE via Lift&Shift
SUSE-internal move towards JIRA+Confluence - unsure whether at some
point openSUSE needs to consider this
AI: EngInfra -> Let openSUSE board / heroes / community know once
there is a decision on which system will be used
GDPR -- data processing catalogue and DP statements
We are processing PII (Personally Identifiable Information) -- SUSE
is the data holder for openSUSE
We lack a good overview of what is handled where and how
Occasional requests cause a lot of manual fiddling
We need to look at this service by service to document this
Create a template once
Fill it service by service
Ensure that this is done when establishing new services
Best knowledge is in handover docs from Theo + Thorsten (AI: EngInfra)
Can be shared (-> put this on openSUSE heroes wiki)
Start documentation process (AI: EngInfra)
[Responsibilities: EngInfra vs. heroes, reality vs expectations]
EngInfra team cannot meet all expectations (understaffed, many other
responsibilities)
Board / Gerald should re-visit SLA with SUSE (it is outdated and
does not reflect reality) - refresh
Lots of VMs / services are not well maintained
VMs to be de-commissioned
AI: Christian will double-check and send us a list / assign tickets
to us
Backup
Lack of proper backup & restore strategy, needs to be worked out
Situation of snapshots of VMs on storage backend is unclear (need to
verify) [AI: EngInfra]
Heroes meeting event
No specific plans for an upcoming heroes meeting event
AI: Karol will ask some questions to figure out whether this might
be an option (budget, facilities, etc. pp.)
See $Subject.
I think it should forward to seife(a)opensuse.slipkontur.de, but it no longer does:
<seife(a)opensuse.org>: host mx1.suse.de[195.135.220.2] said: 550 5.1.1
<seife(a)opensuse.org>: Recipient address rejected: User unknown in virtual
alias table (in reply to RCPT TO command)
The last time it definitely worked was at 2019-01-25, this is the last mail
I have received on the seife(a)opensuse.org address and that I have still in
my mailbox.
The last trace of auto-detected SPAM to the address in my logs is
Received: from adm.com (admex13ews6.adm.com [12.43.88.206])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
(No client certificate requested)
by mx1.suse.de (Postfix) with ESMTPS id 763B1AF2A
for <seife(a)opensuse.org>; Wed, 20 Feb 2019 07:50:32 +0000 (UTC)
So it looks like my Alias has gone AWOL, right now when I need it to avoid
a project name change ;-)
Thanks,
seife
--
Stefan Seyfried
"For a successful technology, reality must take precedence over
public relations, for nature cannot be fooled." -- Richard Feynman
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hi,
Can you please fix my e-mail alias (rjschwei(a)opensuse.org), it should be
forwarding messages to rjschwei(a)suse.com
Thanks,
Robert
--
Robert Schweikert MAY THE SOURCE BE WITH YOU
Distinguished Architect LINUX
Technical Team Lead Public Cloud
rjschwei(a)suse.com
IRC: robjo
Hello everyone,
I was made aware of the ticket at https://progress.opensuse.org/issues/54977.
It seems that help is needed with the openSUSE cluster and I am eager to help you get a running CaaSP setup again.
AFAIK you have already been contacted by Ludovic and I would work together with him to setup a new v4 cluster for the openSUSE community.
Please let me know if there is anything else you need to know.
Best regards,
--
Florian Bergmann fbergmann(a)suse.de
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
T: +49 (0) 911 74053 0
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org
Hi,
You know perhaps that Stefan and I volunteered to curtail spam on the
<https://connect.opensuse.org> platform. I'm seeing a suspicious
activity from one user and need advice. I don't know whom to ask, but I
do not want to ask on main mail list.
A "she" user registered yesterday. I did not notice anything definitely
suspicious. But today she seems to be "making friends" with everybody,
pages and pages of that.
I don't know what to make of it.
<https://connect.opensuse.org/pg/friends/rose25/>
170 pages of friends. Should I ban and or delete her?
She is also "friend of" 10 users.
--
Cheers / Saludos,
Carlos E. R.
(from 15.0 x86_64 at Telcontar)
Correcting mail address of Marcus....
Hi all,
as I get (as one of the org admins) several security alerts (repeatedly)
from GitHub were dependencies are old/outdated and a severe problem for
some openSUSE projects (like e.g. OSEM, TSP or searchPage) which affects
quite a number of openSUSE users.
Unfortunately, this needs to be enabled PER REPO that non-org-admins can
see those alerts.
As I find it very important, that you security guys can see this
[Robert, Johannes and Marcus - nospecificorderhere :)] I will take the
responsibility as openSUSE hero and add you to these repos security
alerts with your mail adress, as soon as I get the report. As we have
more than 400 repos, I can't do this for all repos as there is no API by
GitHub to do this right now.
See here:
https://github.community/t5/GitHub-API-Development-and/Security-vulnerabili…
Also I will try to forward you the security reports as soon as they
enter my Inbox.
Best regards,
Thorsten
--
To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org
To contact the owner, e-mail: heroes+owner(a)opensuse.org