Difference between revisions of "SAC Meeting 2018-03-02"
(7 intermediate revisions by the same user not shown) | |||
Line 60: | Line 60: | ||
Leaning to libvrt since it can be done with one server (less resource intensive than ganeti), with possibility | Leaning to libvrt since it can be done with one server (less resource intensive than ganeti), with possibility | ||
of moving to ganeti next year when we get more hardware. | of moving to ganeti next year when we get more hardware. | ||
+ | |||
+ | TODO: It seems we have no new purchase or hardware yet. Followup on mailing list what's holding up the purchase. | ||
DONE: Alex sent quote to mailing list, [https://drive.google.com/file/d/1X-z66jXXBUZuPqh6EP0d43g2NUCL7xcL/view?usp=sharing Updated Feb 15] ~$6300-7000. Chris Gorgi has some ideas, may provide enhancements | DONE: Alex sent quote to mailing list, [https://drive.google.com/file/d/1X-z66jXXBUZuPqh6EP0d43g2NUCL7xcL/view?usp=sharing Updated Feb 15] ~$6300-7000. Chris Gorgi has some ideas, may provide enhancements | ||
Line 105: | Line 107: | ||
* DONE: [https://trac.osgeo.org/osgeo/ticket/2115 Bas has tested and gave blessing. I added download apache configs to gitea] | * DONE: [https://trac.osgeo.org/osgeo/ticket/2115 Bas has tested and gave blessing. I added download apache configs to gitea] | ||
− | ** Question, force https by default, I recall some maven stuff breaks on that. | + | ** Question, force https by default, I recall some maven stuff breaks on that. --Discussed,NO we don't want to enforce as no benefit and will disrupt caching. Now people can use it if they want or use http if they prefer. |
+ | |||
** Also related there was a bug requiring newer Debian to get correct algorithms for some https services. | ** Also related there was a bug requiring newer Debian to get correct algorithms for some https services. | ||
* [https://trac.osgeo.org/osgeo/ticket/2116 Add support for registering public user SSH keys in LDAP] | * [https://trac.osgeo.org/osgeo/ticket/2116 Add support for registering public user SSH keys in LDAP] | ||
Line 121: | Line 124: | ||
== Minutes == | == Minutes == | ||
+ | www.osgeo.org Website move planned this weekend - robe | ||
+ | |||
+ | Hardware still outstanding. Followed up on mailing list with comment from TemptorSent. | ||
+ | |||
+ | SVN Martin still has checkup, robe said seems to work where it didn't before for svn updating/svn checkout anonymous. | ||
+ | Updated ticket. | ||
+ | |||
+ | MartinSpott now has access to web18a to install bacula (after strk fixed robe's screw up) | ||
+ | |||
+ | MartinSpott and TemptorSent got into cat fight about different views on insuring security and managing things | ||
+ | with Martin erring on side of making sure things still work and easy to maintain | ||
+ | and TemptorSent wanting to make sure we have tight controls and don't have a PR security nightmare and being able | ||
+ | to redundantly support things (have some redundancy). | ||
+ | |||
+ | cvvergara showed up late to the party and strk wept at her absence calling us screaming kiddies without her orderly presence. | ||
+ | |||
+ | |||
=== Attendance === | === Attendance === | ||
+ | Regina Obe (robe) | ||
+ | |||
+ | Chris Giorgi (TemptorSent) | ||
+ | Martin Spott (MartinSpot) | ||
+ | |||
+ | Sandro Santilli (strk) | ||
+ | |||
+ | Jeff Mckenna (jmckenna) | ||
+ | |||
+ | Vicky Vergara (cvvergara) - came one minute after the meeting end and was disappointed to have missed it | ||
=== Full transcript === | === Full transcript === | ||
− | + | [[Talk:SAC_Meeting_2018-03-02#Transcript|Transcript]] | |
= Details = | = Details = |
Latest revision as of 16:25, 2 March 2018
Where and When
- in IRC on Freenode, channel: osgeo-sac Mar 2 2018 UTC: 8 PM
- Web IRC client: https://webchat.freenode.net/
Agenda
FOSS4G2018 move main site to OSGeo Servers
- Website code: https://github.com/foss4g2018/foss4g2018
- Plan is to host this on webextra and change DNS accordingly after have webextra automatically pulling github repo
- The code for the payments is also very simple HTML - we'd be happy to host in a single point
- 3rd party payment service: Pesapal
- post-meeting. To be moved to webextra, with ssl in front
- merge them and have the payment site be something like https://2018.foss4g.org/registration
- ragnvald: https://github.com/timlinux/foss4g2018
- Ensure we have continuity within our payment systems
- Sent an e-mail inviting to this meeting
- https://trac.osgeo.org/osgeo/ticket/2008
- https://trac.osgeo.org/osgeo/ticket/2007
<Fill report here>
New Website status report
Report:
- [robe] Status of staging.www.osgeo.org now setup on web18a.osgeo.osuosl.org (plans to migrate production to there as well)
Eventual shutoff of cloudvps.com hosting Plan to move www.osgeo.org this weekend [1]
Sys Admin Contract
- [martin]:
Martin's report of items worked on
2018-02-16:
#1981, Upgrading TraSVN and Download VM's to Debian7, almost the entire day, see: https://wiki.osgeo.org/wiki/SAC:Debian_System_Administration
2018-02-19:
#1981, Preparational work for upgrading Web and Wiki VM's to Debian7
2018-02-27:
#1981, Preparing notes on upgrade procedure #2128, chasing SVN authentication issues
2018-03-02:
#1981, adding to the Wiki #2128, investigating the SVN authentication process, most of the day
Martin to report on what he's been working on.
Migration off old hard-ware AND Virtualization, Containerization, or None
- Discussion pending on list (moderator: could not find the mail thread)
Leaning to libvrt since it can be done with one server (less resource intensive than ganeti), with possibility of moving to ganeti next year when we get more hardware.
TODO: It seems we have no new purchase or hardware yet. Followup on mailing list what's holding up the purchase.
DONE: Alex sent quote to mailing list, Updated Feb 15 ~$6300-7000. Chris Gorgi has some ideas, may provide enhancements
- DONE: provide clarification of new hardware purchase options suitability for hosting type. (wildintellect)
- LXD was suggested as a drop-in alternative to full Virtualization with KVM for most service; this more similar to the feel of a virtual machine than say Docker.
- We can mix, nest, and layer both containers and virtualization interchangeably.
- Easy candidates for containers include Downloads and Webextra (FOSS4G) which are static files.
- Suggestions:
- Optane card for extra disk caching beyond memory - Question how do we configure this:
- 25% is reserved as unallocated to reduce write-wearing and maintain speed over the expected life of the server.
- A portion (~25-50%) would be allocated to the ZFS L2ARC (or equivalent) to keep warm FS blocks instantly accessible.
- The remainder is available to be used essentially as a large persistent ramdisk.
- Fill RAM, mostly caches requests, in particular file downloads
- This will happen automatically as files are accessed and added to the filesystem's cache.
- Data can be pre-cached simply by accessing the files and directories -- a simple script can run periodically to ensure they are kept marked as hot.
- Larger DWPD rating for SSDs to better handle writes - Question, we didn't do this for OSGeo6, anything we should look out for? Should we estimate life of OSGeo6 drives and replace pre-failure next couple of years.
- Total write volume can be checked with smart-tools and drives approaching the stated limit should be replaced or move to storage-only applications.
- Write endurance and long-term speed can be improved by leaving 20-50% of each drive unallocated.
- Mirrored pair of SATA SSDs for write-caching and high io loads.
- Reserve 25-33% unallocated.
- Provide ZFS ZIL SLOG with 32-64GB to minimize write latency for data stored on HDDs.
- The remainder can be used for loads with high mixed read/write transactional loads, such as active databases, mail, etc.
- 4 TB Spinning disks, still plenty of space (7+ usable), takes less time to rebuild on failure, cost diverted to other features.
- (Please note - an active storage pool should never be filled to more than 2/3 of capacity to avoid serious performance degradation and fragmentation - C.G.)
- Optane card for extra disk caching beyond memory - Question how do we configure this:
Any other feedback from others to be discussed
Dropbox replacement for board
Board wants a Dropbox replacement, wrote requirements on the wiki. See https://trac.osgeo.org/osgeo/ticket/2110
We should provide a solution
Others
Trac SVN status
- Seems good been upgraded to Debian 7
Ticket Triage
- More https setup (got a couple of these, last our downloads which seems critical)
- DONE: Bas has tested and gave blessing. I added download apache configs to gitea
- Question, force https by default, I recall some maven stuff breaks on that. --Discussed,NO we don't want to enforce as no benefit and will disrupt caching. Now people can use it if they want or use http if they prefer.
- Also related there was a bug requiring newer Debian to get correct algorithms for some https services.
- Add support for registering public user SSH keys in LDAP
GeoForAll DNS
Jeff to report on status of GeoForALL and other DNS issues he's been fixing TODO: Keep nudging GeoForAll folks
Weblate instance ?
Some projects requested a translate.osgeo.org, we could pay Weblate core developers for the initial setup of a multi-user instance.
Minutes
www.osgeo.org Website move planned this weekend - robe
Hardware still outstanding. Followed up on mailing list with comment from TemptorSent.
SVN Martin still has checkup, robe said seems to work where it didn't before for svn updating/svn checkout anonymous. Updated ticket.
MartinSpott now has access to web18a to install bacula (after strk fixed robe's screw up)
MartinSpott and TemptorSent got into cat fight about different views on insuring security and managing things with Martin erring on side of making sure things still work and easy to maintain and TemptorSent wanting to make sure we have tight controls and don't have a PR security nightmare and being able to redundantly support things (have some redundancy).
cvvergara showed up late to the party and strk wept at her absence calling us screaming kiddies without her orderly presence.
Attendance
Regina Obe (robe)
Chris Giorgi (TemptorSent)
Martin Spott (MartinSpot)
Sandro Santilli (strk)
Jeff Mckenna (jmckenna)
Vicky Vergara (cvvergara) - came one minute after the meeting end and was disappointed to have missed it
Full transcript
Details
Next Meeting
Proposed Time: UTC: Thursday, March 15th, 2018 at 8:00 pm