SAC Meeting 2018-03-02

Where and When

 * in IRC on Freenode, channel: osgeo-sac Mar 2 2018 UTC: 8 PM
 * Web IRC client: https://webchat.freenode.net/

FOSS4G2018 move main site to OSGeo Servers

 * Website code: https://github.com/foss4g2018/foss4g2018
 * Plan is to host this on webextra and change DNS accordingly after have webextra automatically pulling github repo
 * The code for the payments is also very simple HTML - we'd be happy to host in a single point
 * 3rd party payment service: Pesapal
 * post-meeting. To be moved to webextra, with ssl in front
 * merge them and have the payment site be something like https://2018.foss4g.org/registration
 * ragnvald: https://github.com/timlinux/foss4g2018
 * Ensure we have continuity within our payment systems


 * 1) Sent an e-mail inviting to this meeting
 * 2) https://trac.osgeo.org/osgeo/ticket/2008
 * 3) https://trac.osgeo.org/osgeo/ticket/2007



New Website status report
Report: Eventual shutoff of cloudvps.com hosting Plan to move www.osgeo.org this weekend
 * [robe] Status of staging.www.osgeo.org now setup on web18a.osgeo.osuosl.org (plans to migrate production to there as well)

Sys Admin Contract

 * [martin]:

Martin's report of items worked on
2018-02-16:   #1981, Upgrading TraSVN and Download VM's to Debian7, almost the entire day, see: https://wiki.osgeo.org/wiki/SAC:Debian_System_Administration

2018-02-19:   #1981, Preparational work for upgrading Web and Wiki VM's to Debian7

2018-02-27:   #1981, Preparing notes on upgrade procedure #2128, chasing SVN authentication issues

2018-03-02:   #1981, adding to the Wiki #2128, investigating the SVN authentication process, most of the day

Martin to report on what he's been working on.

Migration off old hard-ware AND Virtualization, Containerization, or None

 * Discussion pending on list (moderator: could not find the mail thread)

Leaning to libvrt since it can be done with one server (less resource intensive than ganeti), with possibility of moving to ganeti next year when we get more hardware.

TODO: It seems we have no new purchase or hardware yet. Followup on mailing list what's holding up the purchase.

DONE: Alex sent quote to mailing list, Updated Feb 15 ~$6300-7000. Chris Gorgi has some ideas, may provide enhancements
 * DONE: provide clarification of new hardware purchase options suitability for hosting type. (wildintellect)
 * LXD was suggested as a drop-in alternative to full Virtualization with KVM for most service; this more similar to the feel of a virtual machine than say Docker.
 * We can mix, nest, and layer both containers and virtualization interchangeably.
 * Easy candidates for containers include Downloads and Webextra (FOSS4G) which are static files.
 * Suggestions:
 * Optane card for extra disk caching beyond memory - Question how do we configure this:
 * 25% is reserved as unallocated to reduce write-wearing and maintain speed over the expected life of the server.
 * A portion (~25-50%) would be allocated to the ZFS L2ARC (or equivalent) to keep warm FS blocks instantly accessible.
 * The remainder is available to be used essentially as a large persistent ramdisk.
 * Fill RAM, mostly caches requests, in particular file downloads
 * This will happen automatically as files are accessed and added to the filesystem's cache.
 * Data can be pre-cached simply by accessing the files and directories -- a simple script can run periodically to ensure they are kept marked as hot.
 * Larger DWPD rating for SSDs to better handle writes - Question, we didn't do this for OSGeo6, anything we should look out for? Should we estimate life of OSGeo6 drives and replace pre-failure next couple of years.
 * Total write volume can be checked with smart-tools and drives approaching the stated limit should be replaced or move to storage-only applications.
 * Write endurance and long-term speed can be improved by leaving 20-50% of each drive unallocated.
 * Mirrored pair of SATA SSDs for write-caching and high io loads.
 * Reserve 25-33% unallocated.
 * Provide ZFS ZIL SLOG with 32-64GB to minimize write latency for data stored on HDDs.
 * The remainder can be used for loads with high mixed read/write transactional loads, such as active databases, mail, etc.
 * 4 TB Spinning disks, still plenty of space (7+ usable), takes less time to rebuild on failure, cost diverted to other features.
 * (Please note - an active storage pool should never be filled to more than 2/3 of capacity to avoid serious performance degradation and fragmentation - C.G.)

Any other feedback from others to be discussed

Dropbox replacement for board
Board wants a Dropbox replacement, wrote requirements on the wiki. See https://trac.osgeo.org/osgeo/ticket/2110

We should provide a solution

Trac SVN status

 * Seems good been upgraded to Debian 7

Ticket Triage

 * More https setup (got a couple of these, last our downloads which seems critical)
 * DONE: Bas has tested and gave blessing. I added download apache configs to gitea


 * Question, force https by default, I recall some maven stuff breaks on that. --Discussed,NO we don't want to enforce as no benefit and will disrupt caching.  Now people can use it if they want or use http if they prefer.


 * Also related there was a bug requiring newer Debian to get correct algorithms for some https services.
 * Add support for registering public user SSH keys in LDAP

GeoForAll DNS
Jeff to report on status of GeoForALL and other DNS issues he's been fixing TODO: Keep nudging GeoForAll folks

Weblate instance ?
Some projects requested a translate.osgeo.org, we could pay Weblate core developers for the initial setup of a multi-user instance.

Minutes
www.osgeo.org Website move planned this weekend - robe

Hardware still outstanding. Followed up on mailing list with comment from TemptorSent.

SVN Martin still has checkup, robe said seems to work where it didn't before for svn updating/svn checkout anonymous. Updated ticket.

MartinSpott now has access to web18a to install bacula (after strk fixed robe's screw up)

MartinSpott and TemptorSent got into cat fight about different views on insuring security and managing things with Martin erring on side of making sure things still work and easy to maintain and TemptorSent wanting to make sure we have tight controls and don't have a PR security nightmare and being able to redundantly support things (have some redundancy).

cvvergara showed up late to the party and strk wept at her absence calling us screaming kiddies without her orderly presence.

Attendance
Regina Obe (robe)

Chris Giorgi (TemptorSent)

Martin Spott (MartinSpot)

Sandro Santilli (strk)

Jeff Mckenna (jmckenna)

Vicky Vergara (cvvergara) - came one minute after the meeting end and was disappointed to have missed it

Full transcript
Transcript

= Details =

= Next Meeting =

Proposed Time: UTC: Thursday, March 15th, 2018 at 8:00 pm

SAC main page