I'm receiving lots of spam messages (see example Received: headers below).
Is Spamassasin working correctly?
--------------------------- snip ---------------------------
Received: from hydra.opensuse.org (proxy-nue1.opensuse.org
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
(Client did not present a certificate)
by srv1.stroeder.com (Postfix) with ESMTPS id 2A7C92194E
for <michael(a)stroeder.com>; Thu, 15 Jul 2021 18:29:46 +0200 (CEST)
Received: from mailman3.infra.opensuse.org (mailman3.infra.opensuse.org
by hydra.opensuse.org (Postfix) with ESMTP id 586E223AE6;
Thu, 15 Jul 2021 16:12:35 +0000 (UTC)
Received: from mx2.opensuse.org (mx2.infra.opensuse.org [192.168.47.96])
by mailman3.infra.opensuse.org (Postfix) with ESMTP id C4CBF6FB
for <packaging(a)lists.opensuse.org>; Wed, 3 Mar 2021 08:49:16 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
X-Spam-Status: No, score=4.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
Received: from a55-249.smtp-out.eu-west-1.amazonses.com
(using TLSv1.2 with cipher ECDHE-ECDSA-AES128-SHA256 (128/128 bits))
(No client certificate requested)
by mx2.opensuse.org (Postfix) with ESMTPS
for <opensuse-packaging(a)opensuse.org>; Wed, 3 Mar 2021 08:49:14 +0000
Running as a container + freezing instead of packaging as .rpm +
migrating are two recommendations I fully support. Can we proceed this
way? What would be the strongest blockers if any?
-------- Message transféré --------
Sujet : Re: Packaging Discourse
Date : Tue, 27 Jul 2021 05:16:54 +0000
De : Attila Pinter <adathor(a)protonmail.com>
Répondre à : Attila Pinter <adathor(a)protonmail.com>
Pour : Adrien Glauser <adrien.glauser(a)gmail.com>
Copie à : Marcus Rueckert <mrueckert(a)suse.de>, KaratekHD(a)opensuse.org
I started to play around with the Discourse rpm, but I doubt that this
route should be taken. It is not recommended by upstream to package it
due to the heavy dependencies and the effort it takes to maintain such
Wouldn't it be more reasonable to take the containerization avenue on
the matter? We could still add our own branding and apply changes where
needed and push the image to registry-o-o.
Just my two cents, but if we put if we're to replace vbulletin it gives
us a chance to innovate and taking the MicroOS+container route and
automate as much as we can IMHO would worth it.
While we're at the VBulletin part, I know Adrien already suggested to
freeze the forums as is, archive it and leave it in a ro state. This is
not unheard of in the FOSS world. Or the licensing would cause issue and
best to migrate everything? (Sorry if this is the wrong thread for this
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, July 19th, 2021 at 8:38 PM, Adrien Glauser
> "Discourse is packaged already to be used"
> ... What is there left to do with so that the openSUSE has its Discourse instance up and running? How can we help you with?
> Le 19/07/2021 à 12:03, Marcus Rueckert a écrit :
> > On Sat, 17 Jul 2021 09:55:31 +0200
> > Adrien Glauser adrien.glauser(a)gmail.com wrote:
> > > Hello Marcus,
> > >
> > > Sorry to reply to an old email, but I wanted to catch up with the
> > >
> > > Discourse migration todo list. After months of other priorities I am
> > >
> > > finally able to secure some time to do this, and I have 1-2 other
> > >
> > > folks ready to help me.
> > >
> > > Sasi and other heroes have told us that you were the latest person
> > >
> > > who had their hands on it. Could you share with us the next steps
> > >
> > > there are to do, according to you? Do we need to Salt or is there
> > >
> > > something else to do on the roadmap? If yes, how would you suggest
> > >
> > > going about it?
> > >
> > > Discourse is packaged already and ready to be used?
> > https://discuss.pixls.us/
> > uses it e.g.
> > darix
As mentioned in the last Heroes meeting we (Jens, Martín and I) are
looking into building a user-friendly REST API to allow users across the
entire platforms (web, Matrix, Telegram, Discord, future forums) to
perform a variety of queries. The ultimate goal is to make important
community tools and services more accessible by providing a single,
user-friendly interface where basically any question that doesn't need a
human respondent can be addressed by a simple query. (That's half the of
it; it other half is to make channels, people and activities more
discoverable, but that's for another day.)
The domain of resources we want to provide access to is evolving as we
learn new things about oS infra but it goes roughly like:
- packages listed under "zypper search"
- packages displayed on build.opensuse.org
- the opensue bugzilla
- community news & activities (from news-o-o)
Now before we start building new tools we'd like to see if we can use
tools that exist already. Thus we would like to know a few things:
1) Since this API is likely to depend on bots to provide in-app
searches, we need to know if the bots bridging between the various
instant messaging services could be used to forward queries to the API.
Who's maintaining that / these bots and where can read the code?
2) Bugzilla comes with a REST API from version 5+; does
bugzilla.opensuse.org have this feature currently enabled? Who should we
get in touch with to negotiate enabling it?
3) Does Progress expose an API for doing queries and if yes, where's the
docs about using this feature?
Thanks a lot, any piece of information would be greatly appreciated!
On 15/07/2021 20.43, Per Jessen wrote:
> Andrii Nikitin wrote:
>>> Andrii is there anything I can do? shouldn't we take this to
>> mirror(a)opensuse.org is in CC, but the problem is not with mirrors, but
>> with the folder on ftp-stage, which is empty.
> Isn't this simply dealt with by hardlinking
> However, trying to do that fails with "invalid cross-device link" which
> I don't really get.
I think, this discussion is rather off-topic for most mirror operators
on the ML => moving to heroes who should be the ones operating pontifex2
(I also did some work there in the past).
You cannot hardlink directories anyway. What you could do is do a bind
mount from one place to the other.
I added to fstab:
/srv/ftp-stage/pub/opensuse/update/leap/15.3/backports bind bind 0 0
there were already similar lines next to it, e.g.
/srv/ftp/pub/opensuse/update/leap/15.3/backports auto bind 0 0
/srv/ftp-stage/pub/opensuse/update auto bind
Sorry that I missed the meeting. I just forgot it...
Here are my short notes (sorry, long day, just trying to make it short):
* DNSSec is enabled for opensuse.org domain since last weekend.
Meanwhile also the caches should be purged and all DNS servers should
provide valid responses. Please check, if we missed something...
* mirrordb2 is currently the one and only PostgreSQL DB. I am not 100%
sure if this is really wanted, but...
...on the other side, it forced me to think about a backup of the
databases. Currently there is a NFS mount (mirrordb2:/backup) from
backup.infra.opensuse.org, allowing the postgresql-backupscript to
dump a backup of each database (individually) every day around
* The new (Hey, nearly...) widehat is ready and syncing. I just did
neither find the time to prepare some more VMs (like MX, static,
DB-Server, more?) nor to exchange it with the current one. Sorry for
that. I hope to find some time during the next two weeks for this. As
result, our old widehat aka rsync.opensuse.org will not be available
for a day.
* There is still some old stuff up and running, that we should shut
down, if we follow our old policy (or should I better say: idea?):
+ users.o.o -> old ELGG instance
+ wiki.o.o -> old mediawiki instance
+ elections.o.o -> old helios instance
* We could simply upgrade Redmine (aka progress.o.o) to the latest
version, if we would not use these old, self-backed plugins. Some of
them might be obsolete already, some not used - but others?
Anyway: there is progress-test.o.o - a new machine running the new
Redmine on an old DB dump. Authentication does not work (yet), as we
might simply switch to one of the supported authentication mechanisms
(and get rid of another, old plugin).
Anyone interested to drive this?
* We plan to move more and more traffic to the MirrorCache instances
during the next days, to test them under more load. For this, ~50% of
the traffic on download.o.o will be redirected to the MirrorCache
instance. This should be transparent for the users.
For those interested: https://mirrorcache-eu.opensuse.org/ looks more
and more like http://download.opensuse.org/ - but still needs some
styling to be "openSUSE".
* DNS management is meanwhile on chip:
If you like to get access, please ping me. LDAP authentication works,
but we need to put you in the right group in the WebUI, so you can
edit DNS settings.
Note 1: infra.opensuse.org is currently still on FreeIPA. Can be
moved at any time. I'm just waiting for *your* go here. After that,
everything DNS related is on chip.
Note 2: `pdnutil edit-zone opensuse.org` on the command line might be
much easier. Don't worry, if you get asked if you want to increase
the serial number of the zone once you saved your changes. Please
answer 'y', so the DNS servers get aware of your changes (they just
compare the serial to know if something has changed).
* There is a backup.infra.opensuse.org machine with 3T space, waiting
to get filled by clients. Anyone who wants to suggest a good, open
source, backup tool?
* I like to build some redundancy of machines running in Nuermberg in
Provo and at our CoLo, to survive outages better in the future.
Anyone, who wants to join this "project business continuity"?
With kind regards,
Noticed as of late a few issues around the infra and I would be interested in helping out with the admin workload and was wondering how could one join the Heroes? What are the requirements?
here are the meeting minutes of today's meeting.
* postgresql database issues in the last weeks should be fixed (downgraded to postgresql 12 for now)
* internal network issues caused short outages last week (caused by a misconfigured switch, fixed in the meantime)
* matrix problems
* federated messages are delayed or lost
* some encrypted chats cannot be decrypted - need to drop/renew keys in Elements
* ssh forward for pagure was silently removed because non-interactive updates are not done
* automatic updates should be done via cron-job applied via salt
* board wants calendar system deployed ; also for Doc ; fedora's fedocal https://calendar.fedoraproject.org/
* discourse related to vbulletin migration
* Adrien + Jens want to help ; https://code.opensuse.org/heroes/salt
* needs some packaging work
* and data migration
* Adrien proposed unified API for querying openSUSE services for bots+users ; auth with id.opensuse.org openid or openidc
* add an equivalent of Fedora badges for recognizing openSUSE users across different platforms
* Telegram bots:
* unify using above API
* Jens' bot is already modular (https://github.com/KaratekHD/Nemesis)
* problems in one module can break the whole thing, but output will point towards the bad module
* there is a bot to search packages
* one CAPTCHA bot
* one doc search bot
* forums DDoS on 2021-07-05 from Chinese IPs
[Bernhard Voelker in opensuse-factory about the Staging Dashboard]
the next heroes meeting will be on Tuesday (2021-07-06) at 18:00 UTC /
20:00 CEST in https://meet.opensuse.org/heroes
So far, https://progress.opensuse.org/issues/93366 lists the usual
suspects^Wtopics ;-) - feel free to add whatever you want to discuss, or
just bring it up in the meeting.
> Then many hours later after everyone has gone to sleep:
There is no such thing "everyone has gone to sleep", this is a 24/7
community, with people worldwide.
[> Archie Cobbs and Cristian Rodríguez in opensuse-buildservice]