[opensuse-project] iChain or iPain?
Hi, I'm suffering from a very disappointing issue with ichain enabled services. Especially build.o.o and en.opensuse.org (wiki). I get basically logged out every two minutes or so. That's not a fixed interval. Editing wiki pages is almost impossibe sind when I try to save I'm already logged out again. This is no fun! Wolfgang -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On 2011-04-16T09:16:43, Wolfgang Rosenauer <wolfgang@rosenauer.org> wrote:
I'm suffering from a very disappointing issue with ichain enabled services. Especially build.o.o and en.opensuse.org (wiki). I get basically logged out every two minutes or so. That's not a fixed interval. Editing wiki pages is almost impossibe sind when I try to save I'm already logged out again. This is no fun!
Trust me, it's no more fun for us either ... I heard word that this will be resolved fairly soon and for good. Maybe Adrian can comment. Regards, Lars -- Architect Storage/HA, OPS Engineering, Novell, Inc. SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) "Experience is the name everyone gives to their mistakes." -- Oscar Wilde -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Am 16.04.2011 17:00, schrieb Lars Marowsky-Bree:
Trust me, it's no more fun for us either ... I heard word that this will be resolved fairly soon and for good. Maybe Adrian can comment. I got these issue also.... After some time it disappears and sometimes it come back.... hope you can fix it.
good luck -- Kim Leyendecker (kimleyendecker@hotmail.de) openSUSE Ambassador / openSUSE Wiki Team DE HAVE A LOT OF FUN! http://www.opensuse.org | http://www.suse.de Have you tried SUSE Studio? Need to create a Live CD, an app you want to package and distribute , or create your own linux distro. Give SUSE Studio a try. www.susestudio.com. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
I also tried to create a Bugreport @Bugzilla, but I don´t came clear with the api and was really in hury... Am 16.04.2011 18:28, schrieb Kim Leyendecker:
Am 16.04.2011 17:00, schrieb Lars Marowsky-Bree:
Trust me, it's no more fun for us either ... I heard word that this will be resolved fairly soon and for good. Maybe Adrian can comment. I got these issue also.... After some time it disappears and sometimes it come back.... hope you can fix it.
good luck
-- Kim Leyendecker (kimleyendecker@hotmail.de) openSUSE Ambassador / openSUSE Wiki Team DE HAVE A LOT OF FUN! http://www.opensuse.org | http://www.suse.de Have you tried SUSE Studio? Need to create a Live CD, an app you want to package and distribute , or create your own linux distro. Give SUSE Studio a try. www.susestudio.com. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Am 16.04.2011 17:00, schrieb Lars Marowsky-Bree:
On 2011-04-16T09:16:43, Wolfgang Rosenauer <wolfgang@rosenauer.org> wrote:
I'm suffering from a very disappointing issue with ichain enabled services. Especially build.o.o and en.opensuse.org (wiki). I get basically logged out every two minutes or so. That's not a fixed interval. Editing wiki pages is almost impossibe sind when I try to save I'm already logged out again. This is no fun!
Trust me, it's no more fun for us either ... I heard word that this will be resolved fairly soon and for good. Maybe Adrian can comment.
Apparently iChain is now broken again completely for build.o.o. I understand that the SUSE buildservice people are not really involved in iChain and are upset as well. Sorry, but I still have to stress that issue even more. This is nothing personal but I'm tired of it. I spend many many hours a week to maintain stuff for openSUSE Evergreen, all the mozilla work and some minor stuff. This is all done in my free time voluntarily and given that now is weekend and OBS broken again this is very disappointing. What I would like to see is a statement from whoever in the openSUSE community is responsible for the OBS (and other iChain enabled services) what the roadmap is to get this resolved. I consider it harmful and crucial to block community contributors with those issues which makes it a problem for the whole openSUSE project. Wolfgang -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Sun, 17 Apr 2011, Wolfgang Rosenauer wrote:
I consider it harmful and crucial to block community contributors with those issues which makes it a problem for the whole openSUSE project.
This is not about (non-Novell) community contributors versus Novell employees, by the way. When it's broken, it's broken for everyone. And, yes, this has attention as high as it gets and should be addressed really soon now. Gerald -- Dr. Gerald Pfeifer <gp@novell.com> Director Product Management, SUSE Linux Enterprise, openSUSE, Appliances -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On 04/17/2011 03:49 PM, Gerald Pfeifer wrote:
On Sun, 17 Apr 2011, Wolfgang Rosenauer wrote:
I consider it harmful and crucial to block community contributors with those issues which makes it a problem for the whole openSUSE project.
This is not about (non-Novell) community contributors versus Novell employees, by the way. When it's broken, it's broken for everyone.
And, yes, this has attention as high as it gets and should be addressed really soon now.
Gerald
Can we add, fixed for more than 2 weeks ... It really harmfull, when you try to "market it" and potential new users just get frustrated ... -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Ambassador GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Am 17.04.2011 15:49, schrieb Gerald Pfeifer:
On Sun, 17 Apr 2011, Wolfgang Rosenauer wrote:
I consider it harmful and crucial to block community contributors with those issues which makes it a problem for the whole openSUSE project.
This is not about (non-Novell) community contributors versus Novell employees, by the way. When it's broken, it's broken for everyone.
There still seems a bit of a difference (also proven on some list posts) since Novell contributors in many cases don't need the system on weekends (I know there are exceptions but I'm talking general), while external contributors are more likely to have only time on weekends. But anyway that's not really the topic. Let's bring it down: It hurts the openSUSE project in general which is bad enough. Wolfgang -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Sunday, April 17, 2011 17:44:41 Wolfgang Rosenauer wrote:
Am 17.04.2011 15:49, schrieb Gerald Pfeifer:
On Sun, 17 Apr 2011, Wolfgang Rosenauer wrote:
I consider it harmful and crucial to block community contributors with those issues which makes it a problem for the whole openSUSE project.
This is not about (non-Novell) community contributors versus Novell employees, by the way. When it's broken, it's broken for everyone.
There still seems a bit of a difference (also proven on some list posts) since Novell contributors in many cases don't need the system on weekends (I know there are exceptions but I'm talking general), while external contributors are more likely to have only time on weekends. But anyway that's not really the topic. Let's bring it down: It hurts the openSUSE project in general which is bad enough.
Yes, it does hurt the project - and we're as frustrated as you are. The build service team has been developing a completely new proxy server that uses ldap directly to get rid of the broken ichain proxy. The systems is ready but we would have loved to give it some more testing and had hoped that ichain would be with us a few more days... Adrian is moving the machine from the test environment to the external environment today and once everything is usable, he'll tell us. Andreas -- Andreas Jaeger, Program Manager openSUSE, aj@{novell.com,opensuse.org} Twitter: jaegerandi | Identica: jaegerandi SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On 2011-04-18 11:02:49 (+0200), Andreas Jaeger <aj@novell.com> wrote: [...]
The build service team has been developing a completely new proxy server that uses ldap directly to get rid of the broken ichain proxy. The systems is ready but we would have loved to give it some more testing and had hoped that ichain would be with us a few more days...
On a side note ... Let me first state this, just to try to avoid being misunderstood: thanks a lot to the OBS team at Novell to come up with a solution [1]. [1] which is most probably this, looks cool: https://gitorious.org/opensuse/apache-mod_auth_memcookie But it is yet another example of something being developed as an in-breed solution in a couple of offices at Maxtorgraben, 5 in Nürnberg. If we are one community, one (huge) team, why aren't things like these discussed openly on one of our way-too-many mailing-lists? Why don't people try to profit from the experience and knowledge of other members of our community ? Maybe someone has extensive experience with such requirements (it's SSO, basically) and can provide good information or even time and code. It's probably not so much of a problem with this particular issue, as most of us will never have access to the LDAP where all our accounts are stored, but the same happens with e.g. architectural brainstorming and decisions for the OBS itself. And yes, I'm as guilty of making the same mistakes over and over again, like so many of us, and I'm *not* trying to blame anyone, it's not personal, just a general comment which, hopefully, will make us all think about doing stuff in the wide open at the earliest stages, not when everything is decided already. One cannot expect people to contribute when all the architectural decisions, all the thinking about how to do something has taken place already. cheers -- -o) Pascal Bleser /\\ http://opensuse.org -- we haz green _\_v http://fosdem.org -- we haz conf
On Wed, Apr 20, 2011 at 08:02:04PM +0200, Pascal Bleser wrote:
Let me first state this, just to try to avoid being misunderstood: thanks a lot to the OBS team at Novell to come up with a solution [1].
[1] which is most probably this, looks cool: https://gitorious.org/opensuse/apache-mod_auth_memcookie
But it is yet another example of something being developed as an in-breed solution in a couple of offices at Maxtorgraben, 5 in Nürnberg.
Sorry to interrupt your fine rant, but the mod_auth_memcookie modules wasn't created by us. We just modified it a bit so that we can use mod_ldap to create a session. M. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On 2011-04-20 20:08:09 (+0200), Michael Schroeder <mls@suse.de> wrote:
On Wed, Apr 20, 2011 at 08:02:04PM +0200, Pascal Bleser wrote:
(changed the Subject, more suitable, but still related to "iChain or iPain")
Let me first state this, just to try to avoid being misunderstood: thanks a lot to the OBS team at Novell to come up with a solution [1].
[1] which is most probably this, looks cool: https://gitorious.org/opensuse/apache-mod_auth_memcookie
But it is yet another example of something being developed as an in-breed solution in a couple of offices at Maxtorgraben, 5 in Nürnberg.
Sorry to interrupt your fine rant, but the mod_auth_memcookie modules wasn't created by us. We just modified it a bit so that we can use mod_ldap to create a session.
I know, I found the original mod_auth_memcookie. It's a nice concept, I'm absolutely not arguing against the solution, at all. The rant (yes, it's a rant, sorry for the tone, but please extract the content in it) was about the fact that many architectural decisions, such as this one, or the technical design of the OBS itself, happens exclusively in a few offices in Nürnberg. I'm sure you can see that our community consists of many people, some of which have experience with such things, and ideas and know-how to contribute. Some actually do that kind of stuff for work. And might even have a lot more know-how about a particular topic than you do (or Adrian or myself or ...). I'm merely saying that such architectural discussions and brainstormings should happen in the public, not just in a very few Novell offices, because I'm sure that at least on some topics, there are a few people who can contribute. And they should happen early, not when everything has already been decided. In this particular case, I'm not arguing about mod_auth_memcookie, I'm arguing about 1) the initiative to replace ichain (which is awesome), 2) the brainstorming about what alternative SSO solution to use (and what you've picked seems like a good idea), 3) the decision on which solution to implement, have all happened behind closed doors. You may very well do this, of course, but then don't be surprised if no one contributes time and code. Because that just comes around as "here is what must be done, now do" and then complain "pfff community here, community there, but no one contributes". Wrong way around, IMHO. And I know it isn't easy, almost every good software engineer just jumps on an issue and tries to solve it by herself, rather than writing about it and exchange ideas with others. I've been and still will be guilty of the same shortcoming too. I hope my formulation is more useful like this, rather than as a rant :) cheers -- -o) Pascal Bleser /\\ http://opensuse.org -- we haz green _\_v http://fosdem.org -- we haz conf
On Wed, Apr 20, 2011 at 09:23:38PM +0200, Pascal Bleser wrote:
In this particular case, I'm not arguing about mod_auth_memcookie, I'm arguing about 1) the initiative to replace ichain (which is awesome), 2) the brainstorming about what alternative SSO solution to use (and what you've picked seems like a good idea), 3) the decision on which solution to implement, have all happened behind closed doors.
Getting rid of iChain was a mostly political issue. There's a Novell security guideline that says that: - user passwords mustn't reach application servers - the server certs mustn't be stored on application servers. That's basically what iChain does, it's a black box that does the authentification and acts like a proxy. Problem being the "black", there's no way for us to see what's going on in iChain. So when we saw that iChain started to have problems some weeks ago and there was no fix in sight we did some phone calls and got permission to replace it with something that also conforms to the guideline. So it had to be a proxy again, and nothing in the application servers was to be changed (i.e. no architectural changes). We went with the most lightweight solution we found, thus using the existing mod_authmemcookie as session management and mod_ldap as auth mechanism. It had to be: - proven technology, or - as few lines of code as possible, so that our security guys can to a fast security audit So no new big SSO framework or architectual changes for now. Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Markus Rex, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Wed, Apr 20, 2011 at 12:02, Pascal Bleser <pascal.bleser@opensuse.org> wrote:
On 2011-04-18 11:02:49 (+0200), Andreas Jaeger <aj@novell.com> wrote: [...]
The build service team has been developing a completely new proxy server that uses ldap directly to get rid of the broken ichain proxy. The systems is ready but we would have loved to give it some more testing and had hoped that ichain would be with us a few more days...
On a side note ...
Let me first state this, just to try to avoid being misunderstood: thanks a lot to the OBS team at Novell to come up with a solution [1].
[1] which is most probably this, looks cool: https://gitorious.org/opensuse/apache-mod_auth_memcookie
But it is yet another example of something being developed as an in-breed solution in a couple of offices at Maxtorgraben, 5 in Nürnberg.
<SNIP>
cheers -- -o) Pascal Bleser
I don't have a problem with how this was handled. I don't think it came as a surprise to anyone that they were switching. Where this was something that was impacting a mission critical service opening it up to the community would have only pushed the fix off. I mean seriously. Look at any of the "way-too-many mailing-lists" and the discussions on them. It takes us weeks if not months to argue over the topic to only have everyone get upset and walk away from it. And heck, even on the occasion that we actually arrive at a decision, close the topic, effectively implement it we still have people rehash it over and over again. So, the long and short of my rant. If getting OBS back to a stable state in a matter of days/couple weeks meant cutting out the weeks of arguing over what implementation would in theory be better, then I'll take the executed decision any day (when talking about getting a mission critical service back up and running correctly). Just as a side note... How many community people currently contribute to the development/design of OBS? I'd say with exception they are the only ones in any real position to give advise here. Cheers, Stephen PS. Just food for thought here. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Am 20.04.2011 21:13, schrieb Stephen Shaw:
I don't have a problem with how this was handled. I don't think it came as a surprise to anyone that they were switching. Where this was something that was impacting a mission critical service opening it up to the community would have only pushed the fix off. I mean seriously. Look at any of the "way-too-many mailing-lists" and the discussions on them. It takes us weeks if not months to argue over the topic to only have everyone get upset and walk away from it. And heck, even on the occasion that we actually arrive at a decision, close the topic, effectively implement it we still have people rehash it over and over again.
So, the long and short of my rant. If getting OBS back to a stable state in a matter of days/couple weeks meant cutting out the weeks of arguing over what implementation would in theory be better, then I'll take the executed decision any day (when talking about getting a mission critical service back up and running correctly).
I basically agree with your points above.
Just as a side note... How many community people currently contribute to the development/design of OBS? I'd say with exception they are the only ones in any real position to give advise here.
That's not true at all. This doesn't have much to do with OBS but mainly with SSO for webservices and there might be community people knowing about that stuff. Wolfgang -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On 2011-04-20 13:13:29 (-0600), Stephen Shaw <sshaw@decriptor.com> wrote:
On Wed, Apr 20, 2011 at 12:02, Pascal Bleser <pascal.bleser@opensuse.org> wrote:
On 2011-04-18 11:02:49 (+0200), Andreas Jaeger <aj@novell.com> wrote: [...]
The build service team has been developing a completely new proxy server that uses ldap directly to get rid of the broken ichain proxy. The systems is ready but we would have loved to give it some more testing and had hoped that ichain would be with us a few more days... [...] But it is yet another example of something being developed as an in-breed solution in a couple of offices at Maxtorgraben, 5 in Nürnberg. [...] I don't have a problem with how this was handled. I don't think it came as a surprise to anyone that they were switching. Where this was
It does come as a (very good) surprise, because we've been plagued by iChain since quite some time now. Now suddenly, we hear that there's a replacement. Don't get me wrong: it's great that there will be a replacement, I don't think anyone argues about that :))
something that was impacting a mission critical service opening it up to the community would have only pushed the fix off. I mean seriously. Look at any of the "way-too-many mailing-lists" and the discussions on them. It takes us weeks if not months to argue over the topic to only have everyone get upset and walk away from it. And heck, even on the occasion that we actually arrive at a decision, close the topic, effectively implement it we still have people rehash it over and over again.
I think that there is definitely a difference between technical topics and soft topics, for one. And then, there is rarely any discussion about such topics in the first place. It's "we've done this", at best, and that's it. Discussions getting too long is actually an entirely different problem, and a big one, which certainly requires attention and taking action, but that's not an excuse for not at least blogging or posting about something to give people a chance of chiming in with ideas and advice, or even with code. Heck, at least blog about it. "Michael and I have started to think about a replacement for iChain, because yada yada. There are a few options out there, and we need yada yada. mod_auth_memcookie looks neat, Michael is currently investigating it. If you have some experience or ideas to share, poke us on yada yada" How hard is it ? (I know, I don't do it all that much myself :))
So, the long and short of my rant. If getting OBS back to a stable state in a matter of days/couple weeks meant cutting out the weeks of arguing over what implementation would in theory be better, then I'll take the executed decision any day (when talking about getting a mission critical service back up and running correctly).
It's not about this particular case, but in general, those discussions never happen that way. And that way of working doesn't happen with non-mission-critical topics either.
Just as a side note... How many community people currently contribute to the development/design of OBS? I'd say with exception they are the only ones in any real position to give advise here.
Hey, *precisely* my point :) "Here is what we've done. No we won't discuss it nor change it. Now contribute." -- you really think that has any chance of working? I don't think so, personally :) cheers -- -o) Pascal Bleser /\\ http://opensuse.org -- we haz green _\_v http://fosdem.org -- we haz conf
<blah blah blah> <snip> <I hate when the email gets insanely long> <blah blah blah> < :) >
Just as a side note... How many community people currently contribute to the development/design of OBS? I'd say with exception they are the only ones in any real position to give advise here.
Hey, *precisely* my point :)
"Here is what we've done. No we won't discuss it nor change it. Now contribute." -- you really think that has any chance of working? I don't think so, personally :)
cheers -- -o) Pascal Bleser
I understand what you are saying and largely agree. It just seems that most people like to talk a big game, but are very short on code/contributions. Though speaking of contributions, most of the ldap stuff was actually contributed by the community'. My assumption is more that we just finally started using all of the community contributions. Personally, it would be cool to see the technically discussion from a learning perspective. But, usually its just a linux/open source/pride/etc holy religious crusade argument, ie, a linux discussion :) Now, don't get me wrong. I'm not suggesting that we shouldn't have open discussions. Granted, if I know that its only going to turn into a flame fest I can understand not wanting to deal with that and just announcing something. Just some random thoughts. Cheers, Stephen -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Wed, Apr 20, 2011 at 2:02 PM, Pascal Bleser <pascal.bleser@opensuse.org> wrote:
On 2011-04-18 11:02:49 (+0200), Andreas Jaeger <aj@novell.com> wrote: [...]
The build service team has been developing a completely new proxy server that uses ldap directly to get rid of the broken ichain proxy. The systems is ready but we would have loved to give it some more testing and had hoped that ichain would be with us a few more days...
On a side note ...
Let me first state this, just to try to avoid being misunderstood: thanks a lot to the OBS team at Novell to come up with a solution [1].
[1] which is most probably this, looks cool: https://gitorious.org/opensuse/apache-mod_auth_memcookie
But it is yet another example of something being developed as an in-breed solution in a couple of offices at Maxtorgraben, 5 in Nürnberg.
Pascal, I suspect this is one time where you got it wrong. Or at least not as "right" as you think. =============== details with timeline The iChain/iPain problem only became critical a month or so ago. Looking back at emails on opensuse-buildservice, Mar. 26 is when I see the first serious complaints. Then on Apr 5, the OBS team meeting minutes have: === * iChain remains to block connections, we work parallel on - fixing the issue - workarounding the issue for api.o.o - getting a long term solution === Again, that was sent to opensuse-buildservice, I don't know if those meetings are open, but it says the following were present: mls, saschpe, coolo, adrian So an interested party knew at that point that discussions were ongoing and who the likely players were. They even had an email they could reply to if they wanted to get involved or find out more details. Then on Apr 16, Lars said "I heard word that this will be resolved fairly soon and for good. " On April 17, Gerald said == When it's broken, it's broken for everyone. And, yes, this has attention as high as it gets and should be addressed really soon now. == On April 18, Andreas said == The build service team has been developing a completely new proxy server that uses ldap directly to get rid of the broken ichain proxy. The systems is ready but we would have loved to give it some more testing and had hoped that ichain would be with us a few more days... Adrian is moving the machine from the test environment to the external environment today and once everything is usable, he'll tell us. == Admittedly, it wasn't ultra-public, but neither was it a secret project. I would guess the biggest reason of lack of publicity is that it was only about 3 weeks from source of pain, to new infrastructure rollout. And as someone else said, the OBS LDAP SSO stuff was community developed over the last year or two. If this is just taking those community contributions and rolling them to OBS, I don't see much reason to complain. Greg -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On 2011-04-20 17:38:30 (-0400), Greg Freemyer <greg.freemyer@gmail.com> wrote:
On Wed, Apr 20, 2011 at 2:02 PM, Pascal Bleser <pascal.bleser@opensuse.org> wrote:
On 2011-04-18 11:02:49 (+0200), Andreas Jaeger <aj@novell.com> wrote: [...]
The build service team has been developing a completely new proxy server that uses ldap directly to get rid of the broken ichain proxy. The systems is ready but we would have loved to give it some more testing and had hoped that ichain would be with us a few more days... [...] But it is yet another example of something being developed as an in-breed solution in a couple of offices at Maxtorgraben, 5 in Nürnberg. Pascal, I suspect this is one time where you got it wrong. Or at least not as "right" as you think.
No doubt that happens :)
=============== details with timeline The iChain/iPain problem only became critical a month or so ago.
Sort of. We've been plagued by hiccups for quite some time. But it's not really the point :)
Looking back at emails on opensuse-buildservice, Mar. 26 is when I see the first serious complaints.
It got a lot worse by then, that's for sure. And iChain is an EOL product.
Then on Apr 5, the OBS team meeting minutes have: === * iChain remains to block connections, we work parallel on - fixing the issue - workarounding the issue for api.o.o - getting a long term solution === Again, that was sent to opensuse-buildservice, I don't know if those meetings are open, but it says the following were present: mls, saschpe, coolo, adrian So an interested party knew at that point that discussions were ongoing and who the likely players were. They even had an email they could reply to if they wanted to get involved or find out more details. [...]
Again, it isn't about this specific item. Seems I still fail to get my point across, lemme try again :) And, of course, I might be wrong. Or just missed the many announcements and posts about stuff (OBS, connect, openfate). My point is this: if you want contributors, then ask for contributors from the start, and not when everything important has been set into stone already. Complaining that there isn't enough people who contribute to projects when you fail at making it also 'their' project, and not just 'your' project, is also by opening it up early enough. And I don't see that happening. As said, that might just be me not seeing that communication. But is it ? cheers -- -o) Pascal Bleser /\\ http://opensuse.org -- we haz green _\_v http://fosdem.org -- we haz conf
On Thu, 2011-04-21 at 00:42 +0200, Pascal Bleser wrote:
On 2011-04-20 17:38:30 (-0400), Greg Freemyer <greg.freemyer@gmail.com> wrote:
On Wed, Apr 20, 2011 at 2:02 PM, Pascal Bleser <pascal.bleser@opensuse.org> wrote:
On 2011-04-18 11:02:49 (+0200), Andreas Jaeger <aj@novell.com> wrote: [...]
The build service team has been developing a completely new proxy server that uses ldap directly to get rid of the broken ichain proxy. The systems is ready but we would have loved to give it some more testing and had hoped that ichain would be with us a few more days... [...] But it is yet another example of something being developed as an in-breed solution in a couple of offices at Maxtorgraben, 5 in Nürnberg. Pascal, I suspect this is one time where you got it wrong. Or at least not as "right" as you think.
No doubt that happens :)
=============== details with timeline The iChain/iPain problem only became critical a month or so ago.
Sort of. We've been plagued by hiccups for quite some time. But it's not really the point :)
Looking back at emails on opensuse-buildservice, Mar. 26 is when I see the first serious complaints.
It got a lot worse by then, that's for sure. And iChain is an EOL product.
Then on Apr 5, the OBS team meeting minutes have: === * iChain remains to block connections, we work parallel on - fixing the issue - workarounding the issue for api.o.o - getting a long term solution === Again, that was sent to opensuse-buildservice, I don't know if those meetings are open, but it says the following were present: mls, saschpe, coolo, adrian So an interested party knew at that point that discussions were ongoing and who the likely players were. They even had an email they could reply to if they wanted to get involved or find out more details. [...]
Again, it isn't about this specific item. Seems I still fail to get my point across, lemme try again :)
And, of course, I might be wrong. Or just missed the many announcements and posts about stuff (OBS, connect, openfate).
My point is this: if you want contributors, then ask for contributors from the start, and not when everything important has been set into stone already.
Complaining that there isn't enough people who contribute to projects when you fail at making it also 'their' project, and not just 'your' project, is also by opening it up early enough.
And I don't see that happening. As said, that might just be me not seeing that communication. But is it ?
cheers
Responding to several posts on this thread actually. I would hardly characterize iChain only recently become an epic issue. For as long as I've been in this community, "iPain" has always been an associated moniker of iChain. it's a topic that has been brought up frequently over the years and discussed at length in various venues. And I would even submit that the recently debacle is actually a result of the years of ire people have had against iChain, where an attempt to move away from it singed our hair a bit. Don't get me wrong, I have nothing against iChain itself. I actually used to implement it for customers years ago and considered it a good product. But, it was not a good fit for the openSUSE Projec'ts community needs, and in some ways it even became a barrier to attracting new contributors who did not want to go through the process of registering with Novell in order to participate and utilize openSUSE infrastructure. With regards to "long threads and endless discussions" I think there is actually a correlation between such threads and what Pascal is trying to point out. It's my experience that when there is something tangible in front of you, there's far less discussion. As long as there is nothing tangible or concrete to look at and work with, people will go on and on discussing this and that without any real meaning or solution. So... if we went the way Pascal is pushing for, we would have put the code directly in front of us. People who can actually understand and work with it will zero in on actual issues and fixes and the rest of us will be less likely to harp cuz we know a) its actually being worked on by the community and b) we know when to shut up when its something we can't give real contribution to (e.g. I'm not a coder so I'm unlikely to comment on such a thread.) So, Pascal's point is extremely relevant here. We *can* turn our mailing list from a rant list to a solution list. But if we're only given a chance to react to the fact, it gets harder and harder to assume we can really attract more people to contribute to the project overall. Don't get me wrong. This isn't a criticism of the end-product that these people came up with for the iChain/iPain problem. I think its fantastic and we should definitely join in by helping to "test hard" as AJ said. But not putting it out on the table in front of us just continues to further the pervasive perception that any real development should and does occur internally on Novell's side. It's creating a co-dependency issue and has real implications that won't be helpful to us when we create the Foundation and start managing our own infrastructure if we continue to stand by helplessly and assume "the other guys" (Novell) take care of everything for us. Time for us to grow up and talk it out and be able to see the solutions directly in front of us. Bryen -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
On Saturday, April 16, 2011 09:16:43 Wolfgang Rosenauer wrote:
Hi,
I'm suffering from a very disappointing issue with ichain enabled services. Especially build.o.o and en.opensuse.org (wiki). I get basically logged out every two minutes or so. That's not a fixed interval. Editing wiki pages is almost impossibe sind when I try to save I'm already logged out again. This is no fun!
Adrian just announced the following: http://news.opensuse.org/2011/04/19/infrastructure-updates/ So, give it the new proxy a heavy testing *now* and help us fixing all problems! A big applause to Coolo, Michael and Adrian on fixing this! Andreas -- Andreas Jaeger, Program Manager openSUSE, aj@{novell.com,opensuse.org} Twitter: jaegerandi | Identica: jaegerandi SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
Am 19.04.2011 14:23, schrieb Andreas Jaeger:
A big applause to Coolo, Michael and Adrian on fixing this! A big thank you from me too. It was really a pain when the wiki logs me out automaticly during editing an article!
So, thank you guys! kind regards -- Kim Leyendecker (kimleyendecker@hotmail.de) openSUSE Ambassador / openSUSE Wiki Team DE HAVE A LOT OF FUN! http://www.opensuse.org | http://www.suse.de Have you tried SUSE Studio? Need to create a Live CD, an app you want to package and distribute , or create your own linux distro. Give SUSE Studio a try. www.susestudio.com. -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org
participants (11)
-
Andreas Jaeger
-
Bruno Friedmann
-
Bryen M. Yunashko
-
Gerald Pfeifer
-
Greg Freemyer
-
Kim Leyendecker
-
Lars Marowsky-Bree
-
Michael Schroeder
-
Pascal Bleser
-
Stephen Shaw
-
Wolfgang Rosenauer