September 2019 - Heroes - openSUSE Mailing Lists

[heroes] Reminder: Heroes meeting on tuesday
by Christian Boltz 29 Sep '19

29 Sep '19

Hello, the next heroes meeting will be next tuesday (2019-10-01) 18:00 UTC / 20:00 CEST in the #opensuse-admin IRC channel. The usual topics are already listed on https://progress.opensuse.org/issues/56435 Feel free to add things you want to discuss, or bring them up during the meeting. Regards, Christian Boltz -- [KDE3 vs. KDE4] My guess is the vocal minority will only be satisfied when KDE4 gets dropped. We need to let them know that might happen round about the release of KDE5.4 . [from a comment on http://blogs.warwick.ac.uk/bweber/entry/opensuse_110_kde4/] -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

1 0

[heroes] Fixed Let's Encrypt
by Karol Babioch 27 Sep '19

27 Sep '19

Hi all, this is just to inform you that we addressed the issues with Let's Encrypt in the openSUSE infrastructure and renewed the certificates (in time), so no outages are to be expected. The certificate was about to expire on Oct 8, and automatic issuance did no longer wore (we were made aware of this by Thorsten Bro in time). For - as to now - unclear reasons, "kinit" was missing on the machine responsible for this (crtmgr.infra.opensuse.org) Kerberos is needed in some script to update the DNS records needed for authorization. Most probably this happened due to an upgrade, and the one doing the upgrade, didn't realize right away, since it takes a while until the problem manifests itself. Simply installing krb5-client, did the trick, so this should work automatically again for the future now. Best regards, Karol Babioch

5 5

[heroes] Re: [opensuse] Can't Update
by Ish Sookun 26 Sep '19

26 Sep '19

Dear openSUSE Heroes, The status page [1] should reflect the current incident, otherwise users might be prompted to report it to admin(a)opensuse.org while it's been already tracked on an existing ticket. Also, please mention the ticket number in the status updates. All the best. Ish Sookun [1] https://status.opensuse.org/ On 9/26/19 5:39 AM, Felix Miata wrote: > Mark Misulich composed on 2019-09-25 21:30 (UTC-0400): > >> I am to be locked out of updates, what has happened to openSuse? > > Looks like everybody is: > > https://progress.opensuse.org/issues/57383 > > If you need to update immediately you can switch URLs of your repos to use any > specific mirror not suffering this failure. > -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

1 0

[heroes] Results from meeting about openSUSE infrastructure
by Karol Babioch 25 Sep '19

25 Sep '19

Hi all, today in the evening there was a meeting to discuss the current state of the openSUSE infrastructure. It was "initiated" by the openSUSE heroes and was meant to sync on current challenges and find ways to improve collaboration between SUSE and the openSUSE heroes. We've taken some notes during this meeting and would like to share them with you publicly. Its only a plain text dump and not very well formatted (it is structured, though). You'll find the original Etherpad here [1]. We agreed upon on some action items, so we will take small steps towards a better openSUSE infrastructure. Obviously there is still a lot of work left to do, and we couldn't solve all topics being discussed. Further meetings are planned in the future. Feel free to ask for more details, etc.. Also some of this might be discussed in the next heroes meeting (on Oct 1). Best regards, Karol Babioch --- Topics - Bare metal access - Bugzilla and services provided by MF IT - Available ressources to get out of firefighting mode - login - GDPR -- data processing catalogue and DP statements - [Responsibilities: EngInfra vs. heroes, reality vs expectations] Attendees - Christian Boltz - Per Jessen - Kurt Garloff - Martin Caj - Ricardo Klein - Karol Babioch Bare Metal Access Current issue: Shared infrastructure for openSUSE and SUSE assets Cannot provide access to community (non employees) with current mode of operation Split infrastructure (openSUSE vs. SUSE) Self-service infrastructure (Cloud, etc.) Prohibitive cost (for compute intese workloads)? Rough estimates: 4k$/m (AWS) - https://calculator.s3.amazonaws.com/index.html#key=calc-4BB503BF-BDAE-4EDE-… Concerns about service levels -- probably not a real issue Open-source platform would be better -- OTC / OVH / CityNetwork (all european public OpenStack Cloud providers)? Keep Core services in SUSE? Two places may create challenges Setup internal SUSE OpenStack Cloud env hosting an openSUSE tenant (alongside other tenants)? Best solution <= VISION Would need semi-public access to API/Dashboard and Floating IPs Also needs storage system (ideally dedicated for this cloud) Might become easier with external sponsorships in an independent openSUSE Foundation -- but may take another year? Also needs SUSE operations manpower ... Unrelated: Not enough manpower to maintain the VMs either Not enough heroes with enough time Available resources to get out of firefighting mode Two backfill positions posted (Theo, Thorsten) get more resources within the engineering infrastructure team Prague is very difficult slightly better now after summer Recruiting through personal connections Team now shares the load instead of having dedicated persons that are the only ones with knowledge and access Ricardo joined team recently, getting up to speed, very eager to help openSUSE CaaS Platform Fixing is WIP Commitment to keep supporting from CaaS team Currently used for learning, testing not really for providing production level services Attracting new heroes requires advanced technology to play with? Darix and Lars have built a lot of infra, not currently contributing any more personal issue may be resolved by involved persons no longer being involved? AI Karol: Speak to the both of them More commitment (in terms of FTEs) from SUSE? Also in other teams (not only EngInfra?) Bugzilla and services provided by MF IT What will the login provider be in the future? Novell eDirectory will be shut down - solution will be needed by then (otherwise SUSE goes out of business ;-)) Currently SUSE is evaluating different identity management solutions internally (for SUSE's own needs) No final decisions has been made Needs to happen within the next couple of weeks openSUSE will be affected by whatever happens to the "customer" tree DNS provided by FreeIPA Transition from MF-IT to ACN on AWS should not change the approach (zone-transfer from FreeIPA) bugzilla will be migrated to SUSE via Lift&Shift SUSE-internal move towards JIRA+Confluence - unsure whether at some point openSUSE needs to consider this AI: EngInfra -> Let openSUSE board / heroes / community know once there is a decision on which system will be used GDPR -- data processing catalogue and DP statements We are processing PII (Personally Identifiable Information) -- SUSE is the data holder for openSUSE We lack a good overview of what is handled where and how Occasional requests cause a lot of manual fiddling We need to look at this service by service to document this Create a template once Fill it service by service Ensure that this is done when establishing new services Best knowledge is in handover docs from Theo + Thorsten (AI: EngInfra) Can be shared (-> put this on openSUSE heroes wiki) Start documentation process (AI: EngInfra) [Responsibilities: EngInfra vs. heroes, reality vs expectations] EngInfra team cannot meet all expectations (understaffed, many other responsibilities) Board / Gerald should re-visit SLA with SUSE (it is outdated and does not reflect reality) - refresh Lots of VMs / services are not well maintained VMs to be de-commissioned AI: Christian will double-check and send us a list / assign tickets to us Backup Lack of proper backup & restore strategy, needs to be worked out Situation of snapshots of VMs on storage backend is unclear (need to verify) [AI: EngInfra] Heroes meeting event No specific plans for an upcoming heroes meeting event AI: Karol will ask some questions to figure out whether this might be an option (budget, facilities, etc. pp.)

1 0

[heroes] seife@opensuse.org email alias no longer working
by Stefan Seyfried 19 Sep '19

19 Sep '19

See $Subject. I think it should forward to seife(a)opensuse.slipkontur.de, but it no longer does: <seife(a)opensuse.org>: host mx1.suse.de[195.135.220.2] said: 550 5.1.1 <seife(a)opensuse.org>: Recipient address rejected: User unknown in virtual alias table (in reply to RCPT TO command) The last time it definitely worked was at 2019-01-25, this is the last mail I have received on the seife(a)opensuse.org address and that I have still in my mailbox. The last trace of auto-detected SPAM to the address in my logs is Received: from adm.com (admex13ews6.adm.com [12.43.88.206]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mx1.suse.de (Postfix) with ESMTPS id 763B1AF2A for <seife(a)opensuse.org>; Wed, 20 Feb 2019 07:50:32 +0000 (UTC) So it looks like my Alias has gone AWOL, right now when I need it to avoid a project name change ;-) Thanks, seife -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

3 2

[heroes] e-mail alias
by Robert Schweikert 18 Sep '19

18 Sep '19

Hi, Can you please fix my e-mail alias (rjschwei(a)opensuse.org) it should be forwarding messages to rjschwei(a)suse.com Thanks, Robert -- Robert Schweikert MAY THE SOURCE BE WITH YOU Distinguished Architect LINUX Technical Team Lead Public Cloud rjschwei(a)suse.com IRC: robjo

2 1

[heroes] Supporting the openSUSE CaaSP cluster
by Florian Bergmann 17 Sep '19

17 Sep '19

Hello everyone, I was made aware of the ticket at https://progress.opensuse.org/issues/54977. It seems that help is needed with the openSUSE cluster and I am eager to help you get a running CaaSP setup again. AFAIK you have already been contacted by Ludovic and I would work together with him to setup a new v4 cluster for the openSUSE community. Please let me know if there is anything else you need to know. Best regards, -- Florian Bergmann fbergmann(a)suse.de SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany T: +49 (0) 911 74053 0 -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

1 0

[heroes] Need RFC on some suspicious activity
by Carlos E. R. 16 Sep '19

16 Sep '19

Hi, You know perhaps that Stefan and I volunteered to curtail spam on the <https://connect.opensuse.org> platform. I'm seeing a suspicious activity from one user and need advice. I don't know whom to ask, but I do not want to ask on main mail list. A "she" user registered yesterday. I did not notice anything definitely suspicious. But today she seems to be "making friends" with everybody, pages and pages of that. I don't know what to make of it. <https://connect.opensuse.org/pg/friends/rose25/> 170 pages of friends. Should I ban and or delete her? She is also "friend of" 10 users. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)

2 3

[heroes] *.opensuse.org virtually unreachable when apache2 running
by Felix Miata 16 Sep '19

16 Sep '19

Last night I put a DVD .iso on my website and emailed a link to it to a bunch of friends. Since then, bugzilla.opensuse.org and forums.opensuse.org frequently are unreachable or timeout in the middle of using them, such as trying to reply to a forum post, or load a saved bug search. At best the waits before *.o.o page load are 10 times as long as other sites. Even on good days most b.o.o searches totally timeout eventually into a blank page[1]. Startpage, Google, their hits and other commonly used sites (e.g. eBay) are producing no such trouble. I found that by stopping apache2 that b.o.o and f.o.o will become reachable shortly following "systemctl stop apache2". Today is hardly the first time *.opensuse.org has been painful if not impossible to use. See e.g.: https://progress.opensuse.org/issues/53396 https://progress.opensuse.org/issues/52178 https://progress.opensuse.org/issues/56189 https://bugzilla.opensuse.org/show_bug.cgi?id=1133589 https://bugzilla.opensuse.org/show_bug.cgi?id=1084827 https://bugzilla.opensuse.org/show_bug.cgi?id=1065560 https://bugzilla.opensuse.org/show_bug.cgi?id=1051768 https://bugzilla.opensuse.org/show_bug.cgi?id=753203 (logs for irc://freenode/opensuse-admin) What has to be done, short of removing this .iso file from my website or keeping apache2 stopped, to stop this recurring pain and waste of time? [1] https://bugzilla.opensuse.org/show_bug.cgi?id=1100506 -- Evolution as taught in public schools is religion, not science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

2 3

[heroes] Security Alerts für openSUSE Repos
by Thorsten Bro 16 Sep '19

16 Sep '19

Correcting mail address of Marcus.... Hi all, as I get (as one of the org admins) several security alerts (repeatedly) from GitHub were dependencies are old/outdated and a severe problem for some openSUSE projects (like e.g. OSEM, TSP or searchPage) which affects quite a number of openSUSE users. Unfortunately, this needs to be enabled PER REPO that non-org-admins can see those alerts. As I find it very important, that you security guys can see this [Robert, Johannes and Marcus - nospecificorderhere :)] I will take the responsibility as openSUSE hero and add you to these repos security alerts with your mail adress, as soon as I get the report. As we have more than 400 repos, I can't do this for all repos as there is no API by GitHub to do this right now. See here: https://github.community/t5/GitHub-API-Development-and/Security-vulnerabili… Also I will try to forward you the security reports as soon as they enter my Inbox. Best regards, Thorsten -- To unsubscribe, e-mail: heroes+unsubscribe(a)opensuse.org To contact the owner, e-mail: heroes+owner(a)opensuse.org

2 1