SAC Meeting 2019-05

= Where and When ==
 * in IRC on Freenode, channel: osgeo-sac


 * Web IRC client: https://webchat.freenode.net/ [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2019&month=05&day=9&hour=20&min=0&sec=0&p1=217&p2=37&p3=43 Thursday May 8th 2019 20

Agenda
I think geotools is the only one that uses the webdav so should be fine. Other issue is I couldn't make the webdav and non-webdav url the same so geotools is via https://download-testing.osgeo.org/geotools and the webdav is https://download-testing.osgeo.org/webdav/geotools. I see this as a temporary fix since geotools wishes to use artifactory or something more modernish.
 * OSGeo7 - Have a download container on OSGeo7 only iffy thing is webdav. I can't get webdav with LDAP using nginx without doing a custom compile of nginx.  So I settled on just webdav and an basic auth account for geotools.

Since last we spoke secure, adhoc, old-web (which houses id.osgeo.org) have been moved to osgeo7. adhoc.osgeo.osuosl.org now points to osgeo7 Also setup a grass container which neteler is configuring to replace the current grass on osgeo6
 * OSUOSL wants to get rid of osgeo4, most drives have failed we need two new - move everything off to OSGeo7 that needs moving, reformat and install lxd.

We also toyed with osgeo6. Sadly osgeo6 OS (jessie) is already too old to support snap lxd, I think we can do with regular lxd, but that means it would be an older version than what is on osgeo7 so not a very good backup. Funtoo is another option - but two issues (I could only get it up to lxd 3.8 (will talk with funtoo about raising it higher), and it's only got
 * New Server? We had planned to reformat osgeo3 as a secondary lxd host, but we might not have all stuff off it soon enough.  wildintellect proposed getting a smaller secondary server.


 * DONE Got rid of wildcard cert ssl.com, for servers I couldn't migrate or haven't yet (I got a new wildcard cert from letsencrypt, that is what download.osgeo.org is using at the moment) and what the new-secure is using since it can't directly get a cert since it has no webserver and the cert would still need to be copied into the container. I plan to use this wildcard cert for general testing stuff or when we are inbetween getting a single domain cert.


 * Setup Bacula (need some thoughts on best way to go about this since osgeo7 is not setup quite the same and for some containers seems overkill to install a bacular fd client
 * DONE I rebuilt secure server as a debian 9 so it has the latest LDAP which means we can start thinking about changing the schema to support storing public keys
 * Wiki is old and needs to be replaced the MySQL 5.5 EOL'd a couple of years ago for one.

Talk about hardware plans

 * Should we get a new smaller server as a backup for osgeo7 lxd

Budget

 * OSUOSL donation and FunToo donation are we set?
 * FunToo submitted to monthly payment plan, did treasurer figure it out?
 * OSUOSL, need to submit request to treasurer.

System Contracts

 * DONE Regina System Contract in place and she worked (and used up the $5000)
 * Regina -- looking for second contract to finish off the work she started (like rebuilding wiki, enabling sshkeys in LDAP, changing wiki to use LDAP)
 * New contract for Vicky for supporting Wordpress www.osgeo.org,
 * TODO: Draft contract and discuss
 * LDAP+SSH Keys
 * Migrating OSGeo Wiki Logins to OSGeo LDAP

Open tickets needing attention

 * 2019.foss4g.org needs oauth with github - 22228 wildintellect should close if no further feedback from requester [CLOSED]
 * https://trac.osgeo.org/osgeo/ticket/2190 (Vicky has in progress, needs feedback) [DONE still need feedback? ] - Assume DONE DONE
 * maybe we could also setup a domain like elections.osgeo.org too
 * important that only CRO has access to elections stuff
 * #2199 Upload FOSS4G PDF Waiting for feedback from Studio 17 -CLOSED because of lack of response
 * [https://trac.osgeo.org/osgeo/ticket/2195 Blog account for Astride - this should be on www.osgeo.org? Asked for clarification - CLOSED because of lack of response
 * Domain Renewals (needs ticket)

Other topics

 * are we feeling ok now with the cracked geotools account on osgeo6?
 * We need to change the passwords, and move to key only login
 * the question is how to deploy the keys
 * One or all 4 keys? (4??)
 * Add support for registering public user SSH keys in LDAP: https://trac.osgeo.org/osgeo/ticket/2116
 * confirmed password auth is now off
 * we should clean the keys and deploy new ones
 * geotools should create new keys and supply the public key.

SAC main page