As mentioned in the last Heroes meeting we (Jens, Martín and I) are
looking into building a user-friendly REST API to allow users across the
entire platforms (web, Matrix, Telegram, Discord, future forums) to
perform a variety of queries. The ultimate goal is to make important
community tools and services more accessible by providing a single,
user-friendly interface where basically any question that doesn't need a
human respondent can be addressed by a simple query. (That's half the of
it; it other half is to make channels, people and activities more
discoverable, but that's for another day.)
The domain of resources we want to provide access to is evolving as we
learn new things about oS infra but it goes roughly like:
- packages listed under "zypper search"
- packages displayed on build.opensuse.org
- the opensue bugzilla
- community news & activities (from news-o-o)
Now before we start building new tools we'd like to see if we can use
tools that exist already. Thus we would like to know a few things:
1) Since this API is likely to depend on bots to provide in-app
searches, we need to know if the bots bridging between the various
instant messaging services could be used to forward queries to the API.
Who's maintaining that / these bots and where can read the code?
2) Bugzilla comes with a REST API from version 5+; does
bugzilla.opensuse.org have this feature currently enabled? Who should we
get in touch with to negotiate enabling it?
3) Does Progress expose an API for doing queries and if yes, where's the
docs about using this feature?
Thanks a lot, any piece of information would be greatly appreciated!
On 15/07/2021 20.43, Per Jessen wrote:
> Andrii Nikitin wrote:
>>> Andrii is there anything I can do? shouldn't we take this to
>> mirror(a)opensuse.org is in CC, but the problem is not with mirrors, but
>> with the folder on ftp-stage, which is empty.
> Isn't this simply dealt with by hardlinking
> However, trying to do that fails with "invalid cross-device link" which
> I don't really get.
I think, this discussion is rather off-topic for most mirror operators
on the ML => moving to heroes who should be the ones operating pontifex2
(I also did some work there in the past).
You cannot hardlink directories anyway. What you could do is do a bind
mount from one place to the other.
I added to fstab:
/srv/ftp-stage/pub/opensuse/update/leap/15.3/backports bind bind 0 0
there were already similar lines next to it, e.g.
/srv/ftp/pub/opensuse/update/leap/15.3/backports auto bind 0 0
/srv/ftp-stage/pub/opensuse/update auto bind
I'm receiving lots of spam messages (see example Received: headers below).
Is Spamassasin working correctly?
--------------------------- snip ---------------------------
Received: from hydra.opensuse.org (proxy-nue1.opensuse.org
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
(Client did not present a certificate)
by srv1.stroeder.com (Postfix) with ESMTPS id 2A7C92194E
for <michael(a)stroeder.com>; Thu, 15 Jul 2021 18:29:46 +0200 (CEST)
Received: from mailman3.infra.opensuse.org (mailman3.infra.opensuse.org
by hydra.opensuse.org (Postfix) with ESMTP id 586E223AE6;
Thu, 15 Jul 2021 16:12:35 +0000 (UTC)
Received: from mx2.opensuse.org (mx2.infra.opensuse.org [192.168.47.96])
by mailman3.infra.opensuse.org (Postfix) with ESMTP id C4CBF6FB
for <packaging(a)lists.opensuse.org>; Wed, 3 Mar 2021 08:49:16 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
X-Spam-Status: No, score=4.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
Received: from a55-249.smtp-out.eu-west-1.amazonses.com
(using TLSv1.2 with cipher ECDHE-ECDSA-AES128-SHA256 (128/128 bits))
(No client certificate requested)
by mx2.opensuse.org (Postfix) with ESMTPS
for <opensuse-packaging(a)opensuse.org>; Wed, 3 Mar 2021 08:49:14 +0000
Sorry that I missed the meeting. I just forgot it...
Here are my short notes (sorry, long day, just trying to make it short):
* DNSSec is enabled for opensuse.org domain since last weekend.
Meanwhile also the caches should be purged and all DNS servers should
provide valid responses. Please check, if we missed something...
* mirrordb2 is currently the one and only PostgreSQL DB. I am not 100%
sure if this is really wanted, but...
...on the other side, it forced me to think about a backup of the
databases. Currently there is a NFS mount (mirrordb2:/backup) from
backup.infra.opensuse.org, allowing the postgresql-backupscript to
dump a backup of each database (individually) every day around
* The new (Hey, nearly...) widehat is ready and syncing. I just did
neither find the time to prepare some more VMs (like MX, static,
DB-Server, more?) nor to exchange it with the current one. Sorry for
that. I hope to find some time during the next two weeks for this. As
result, our old widehat aka rsync.opensuse.org will not be available
for a day.
* There is still some old stuff up and running, that we should shut
down, if we follow our old policy (or should I better say: idea?):
+ users.o.o -> old ELGG instance
+ wiki.o.o -> old mediawiki instance
+ elections.o.o -> old helios instance
* We could simply upgrade Redmine (aka progress.o.o) to the latest
version, if we would not use these old, self-backed plugins. Some of
them might be obsolete already, some not used - but others?
Anyway: there is progress-test.o.o - a new machine running the new
Redmine on an old DB dump. Authentication does not work (yet), as we
might simply switch to one of the supported authentication mechanisms
(and get rid of another, old plugin).
Anyone interested to drive this?
* We plan to move more and more traffic to the MirrorCache instances
during the next days, to test them under more load. For this, ~50% of
the traffic on download.o.o will be redirected to the MirrorCache
instance. This should be transparent for the users.
For those interested: https://mirrorcache-eu.opensuse.org/ looks more
and more like http://download.opensuse.org/ - but still needs some
styling to be "openSUSE".
* DNS management is meanwhile on chip:
If you like to get access, please ping me. LDAP authentication works,
but we need to put you in the right group in the WebUI, so you can
edit DNS settings.
Note 1: infra.opensuse.org is currently still on FreeIPA. Can be
moved at any time. I'm just waiting for *your* go here. After that,
everything DNS related is on chip.
Note 2: `pdnutil edit-zone opensuse.org` on the command line might be
much easier. Don't worry, if you get asked if you want to increase
the serial number of the zone once you saved your changes. Please
answer 'y', so the DNS servers get aware of your changes (they just
compare the serial to know if something has changed).
* There is a backup.infra.opensuse.org machine with 3T space, waiting
to get filled by clients. Anyone who wants to suggest a good, open
source, backup tool?
* I like to build some redundancy of machines running in Nuermberg in
Provo and at our CoLo, to survive outages better in the future.
Anyone, who wants to join this "project business continuity"?
With kind regards,
Noticed as of late a few issues around the infra and I would be interested in helping out with the admin workload and was wondering how could one join the Heroes? What are the requirements?
here are the meeting minutes of today's meeting.
* postgresql database issues in the last weeks should be fixed (downgraded to postgresql 12 for now)
* internal network issues caused short outages last week (caused by a misconfigured switch, fixed in the meantime)
* matrix problems
* federated messages are delayed or lost
* some encrypted chats cannot be decrypted - need to drop/renew keys in Elements
* ssh forward for pagure was silently removed because non-interactive updates are not done
* automatic updates should be done via cron-job applied via salt
* board wants calendar system deployed ; also for Doc ; fedora's fedocal https://calendar.fedoraproject.org/
* discourse related to vbulletin migration
* Adrien + Jens want to help ; https://code.opensuse.org/heroes/salt
* needs some packaging work
* and data migration
* Adrien proposed unified API for querying openSUSE services for bots+users ; auth with id.opensuse.org openid or openidc
* add an equivalent of Fedora badges for recognizing openSUSE users across different platforms
* Telegram bots:
* unify using above API
* Jens' bot is already modular (https://github.com/KaratekHD/Nemesis)
* problems in one module can break the whole thing, but output will point towards the bad module
* there is a bot to search packages
* one CAPTCHA bot
* one doc search bot
* forums DDoS on 2021-07-05 from Chinese IPs
[Bernhard Voelker in opensuse-factory about the Staging Dashboard]
the next heroes meeting will be on Tuesday (2021-07-06) at 18:00 UTC /
20:00 CEST in https://meet.opensuse.org/heroes
So far, https://progress.opensuse.org/issues/93366 lists the usual
suspects^Wtopics ;-) - feel free to add whatever you want to discuss, or
just bring it up in the meeting.
> Then many hours later after everyone has gone to sleep:
There is no such thing "everyone has gone to sleep", this is a 24/7
community, with people worldwide.
[> Archie Cobbs and Cristian Rodríguez in opensuse-buildservice]
It seems that two of my messages to mailman were not forwarded back to
me while others came through just fine.
One recent example which was successfully delivered to mx2.opensuse.org
(see logs below).
2021-06-15T18:54:51.636290+02:00 mx1 postfix/cleanup: 99E3B21493:
2021-06-15T18:54:52.011315+02:00 mx1 postfix/qmgr: 99E3B21493:
from=<michael(a)stroeder.com>, size=4283, nrcpt=1 (queue active)
2021-06-15T18:54:52.018747+02:00 mx1 postfix/smtpd: disconnect
from mail1.hv.local[10.1.1.7] ehlo=2 starttls=1 mail=1 rcpt=1 data=1
2021-06-15T18:54:52.141691+02:00 mx1 unbound: [653:0] info: 127.0.0.1 .
2021-06-15T18:54:52.141769+02:00 mx1 unbound: [653:0] info: 127.0.0.1 .
NS IN NOERROR 0.000000 1 525
2021-06-15T18:54:52.163731+02:00 mx1 unbound: [653:0] info: 127.0.0.1
mx1.opensuse.org. A IN
2021-06-15T18:54:52.432899+02:00 mx1 unbound: [653:0] info: 127.0.0.1
mx1.opensuse.org. A IN NOERROR 0.267891 0 50
2021-06-15T18:54:52.788450+02:00 mx1 postfix/smtp: Untrusted TLS
connection established to mx2.opensuse.org[22.214.171.124]:25: TLSv1.3
with cipher TLS_AES_256_GCM_SHA384 (256/256 bi
ts) key-exchange ECDHE (P-256) server-signature ECDSA (P-384)
2021-06-15T18:54:55.156828+02:00 mx1 postfix/smtp: 99E3B21493:
.0.0, status=sent (250 2.0.0 Ok: queued as D7BD48C81)
-----BEGIN PGP SIGNED MESSAGE-----
I notice that what I see on "irc.libera.chat" #opensuse-admin, is not what
I see on the logs at https://monitor.opensuse.org/heroes/
The logs show long conversations, while the chat shows nothing or just a
line or two. And some times, not the same lines, as if both were different
Carlos E. R.
(from openSUSE Leap 15.1 at Telcontar)
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----