Difference between revisions of "SAC Meeting 2019-05"
(Created page with "= Where and When == * in IRC on Freenode, channel: osgeo-sac * Web IRC client: https://webchat.freenode.net/ [https://www.timeanddate.com/worldclock/meetingdetails.html?yea...") |
|||
(8 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
* in IRC on Freenode, channel: osgeo-sac | * in IRC on Freenode, channel: osgeo-sac | ||
− | * Web IRC client: https://webchat.freenode.net/ [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2019&month= | + | * Web IRC client: https://webchat.freenode.net/ [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2019&month=06&day=06&hour=20&min=0&sec=0&p1=217&p2=37&p3=43 Thursday Jun 6th 2019 20 UTC |
== Meetings Happened == | == Meetings Happened == | ||
+ | [http://irclogs.geoapt.com/osgeo-sac/%23osgeo-sac.2019-05-08.log Thursday May 9th 2019 20] | ||
+ | [http://irclogs.geoapt.com/osgeo-sac/%23osgeo-sac.2019-05-23.log Thursday May 23rd 2019 20] | ||
+ | == Agenda == | ||
+ | |||
+ | * '''DONE''' download.osgeo.org is now live on OSGeo7 and OSUOSL has setup rsync - Have a download container on OSGeo7 only iffy thing is webdav. I can't get webdav with LDAP using nginx without doing a custom compile of nginx. So I settled on just webdav and an basic auth account for geotools. | ||
+ | I think geotools is the only one that uses the webdav so should be fine. Other issue is I couldn't make the webdav and non-webdav url the same so geotools is via https://download-testing.osgeo.org/geotools | ||
+ | and the webdav is https://download-testing.osgeo.org/webdav/geotools. I see this as a temporary fix since geotools wishes to use artifactory or something more modernish. | ||
− | + | * osgeo4 [https://trac.osgeo.org/osgeo/ticket/1940 #1940] - osgeo4 has been shutoff since all VMS have been moved off of it. we need to put in new drives so we can reformat it reformat and install lxd as a backup for osge7 and also so we can install experimental lxd containers like drone bots etc.. | |
− | |||
Since last we spoke secure, adhoc, old-web (which houses id.osgeo.org) have been moved to osgeo7. adhoc.osgeo.osuosl.org now points to osgeo7 | Since last we spoke secure, adhoc, old-web (which houses id.osgeo.org) have been moved to osgeo7. adhoc.osgeo.osuosl.org now points to osgeo7 | ||
Also setup a grass container which neteler is configuring to replace the current grass on osgeo6 | Also setup a grass container which neteler is configuring to replace the current grass on osgeo6 | ||
+ | * Website slow | ||
* New Server? We had planned to reformat osgeo3 as a secondary lxd host, but we might not have all stuff off it soon enough. wildintellect proposed getting a smaller secondary server. | * New Server? We had planned to reformat osgeo3 as a secondary lxd host, but we might not have all stuff off it soon enough. wildintellect proposed getting a smaller secondary server. | ||
We also toyed with osgeo6. Sadly osgeo6 OS (jessie) is already too old to support snap lxd, I think we can do with regular lxd, but that means it would be an older version than what is on osgeo7 so not a very good backup. | We also toyed with osgeo6. Sadly osgeo6 OS (jessie) is already too old to support snap lxd, I think we can do with regular lxd, but that means it would be an older version than what is on osgeo7 so not a very good backup. | ||
Funtoo is another option - but two issues (I could only get it up to lxd 3.8 (will talk with funtoo about raising it higher), and it's only got | Funtoo is another option - but two issues (I could only get it up to lxd 3.8 (will talk with funtoo about raising it higher), and it's only got | ||
− | + | ||
− | |||
− | |||
* ''DONE'' Got rid of wildcard cert ssl.com, for servers I couldn't migrate or haven't yet (I got a new wildcard cert from letsencrypt, that is what download.osgeo.org is using at the moment) and what the new-secure is using since it can't directly get a cert since it has no webserver and the cert would still need to be copied into the container. I plan to use this wildcard cert for general testing stuff or when we are inbetween getting a single domain cert. | * ''DONE'' Got rid of wildcard cert ssl.com, for servers I couldn't migrate or haven't yet (I got a new wildcard cert from letsencrypt, that is what download.osgeo.org is using at the moment) and what the new-secure is using since it can't directly get a cert since it has no webserver and the cert would still need to be copied into the container. I plan to use this wildcard cert for general testing stuff or when we are inbetween getting a single domain cert. | ||
Line 25: | Line 30: | ||
* Setup Bacula (need some thoughts on best way to go about this since osgeo7 is not setup quite the same and for some containers seems overkill to install a bacular fd client | * Setup Bacula (need some thoughts on best way to go about this since osgeo7 is not setup quite the same and for some containers seems overkill to install a bacular fd client | ||
* ''DONE'' I rebuilt secure server as a debian 9 so it has the latest LDAP which means we can start thinking about changing the schema to support storing public keys | * ''DONE'' I rebuilt secure server as a debian 9 so it has the latest LDAP which means we can start thinking about changing the schema to support storing public keys | ||
− | * Wiki is old and needs to be | + | * Wiki is old and needs to be replaced the MySQL 5.5 EOL'd a couple of years ago for one. |
=== Talk about hardware plans === | === Talk about hardware plans === |
Latest revision as of 11:56, 6 June 2019
Where and When =
- in IRC on Freenode, channel: osgeo-sac
- Web IRC client: https://webchat.freenode.net/ [https://www.timeanddate.com/worldclock/meetingdetails.html?year=2019&month=06&day=06&hour=20&min=0&sec=0&p1=217&p2=37&p3=43 Thursday Jun 6th 2019 20 UTC
Meetings Happened
Thursday May 9th 2019 20 Thursday May 23rd 2019 20
Agenda
- DONE download.osgeo.org is now live on OSGeo7 and OSUOSL has setup rsync - Have a download container on OSGeo7 only iffy thing is webdav. I can't get webdav with LDAP using nginx without doing a custom compile of nginx. So I settled on just webdav and an basic auth account for geotools.
I think geotools is the only one that uses the webdav so should be fine. Other issue is I couldn't make the webdav and non-webdav url the same so geotools is via https://download-testing.osgeo.org/geotools and the webdav is https://download-testing.osgeo.org/webdav/geotools. I see this as a temporary fix since geotools wishes to use artifactory or something more modernish.
- osgeo4 #1940 - osgeo4 has been shutoff since all VMS have been moved off of it. we need to put in new drives so we can reformat it reformat and install lxd as a backup for osge7 and also so we can install experimental lxd containers like drone bots etc..
Since last we spoke secure, adhoc, old-web (which houses id.osgeo.org) have been moved to osgeo7. adhoc.osgeo.osuosl.org now points to osgeo7 Also setup a grass container which neteler is configuring to replace the current grass on osgeo6
- Website slow
- New Server? We had planned to reformat osgeo3 as a secondary lxd host, but we might not have all stuff off it soon enough. wildintellect proposed getting a smaller secondary server.
We also toyed with osgeo6. Sadly osgeo6 OS (jessie) is already too old to support snap lxd, I think we can do with regular lxd, but that means it would be an older version than what is on osgeo7 so not a very good backup. Funtoo is another option - but two issues (I could only get it up to lxd 3.8 (will talk with funtoo about raising it higher), and it's only got
- DONE Got rid of wildcard cert ssl.com, for servers I couldn't migrate or haven't yet (I got a new wildcard cert from letsencrypt, that is what download.osgeo.org is using at the moment) and what the new-secure is using since it can't directly get a cert since it has no webserver and the cert would still need to be copied into the container. I plan to use this wildcard cert for general testing stuff or when we are inbetween getting a single domain cert.
- Setup Bacula (need some thoughts on best way to go about this since osgeo7 is not setup quite the same and for some containers seems overkill to install a bacular fd client
- DONE I rebuilt secure server as a debian 9 so it has the latest LDAP which means we can start thinking about changing the schema to support storing public keys
- Wiki is old and needs to be replaced the MySQL 5.5 EOL'd a couple of years ago for one.
Talk about hardware plans
- Should we get a new smaller server as a backup for osgeo7 lxd
Budget
- OSUOSL donation and FunToo donation are we set?
- FunToo submitted to monthly payment plan, did treasurer figure it out?
- OSUOSL, need to submit request to treasurer.
System Contracts
- DONE Regina System Contract in place and she worked (and used up the $5000)
- Regina -- looking for second contract to finish off the work she started (like rebuilding wiki, enabling sshkeys in LDAP, changing wiki to use LDAP)
- New contract for Vicky for supporting Wordpress www.osgeo.org,
- TODO: Draft contract and discuss
- LDAP+SSH Keys
- Migrating OSGeo Wiki Logins to OSGeo LDAP
Open tickets needing attention
- 2019.foss4g.org needs oauth with github - 22228 wildintellect should close if no further feedback from requester [CLOSED]
- https://trac.osgeo.org/osgeo/ticket/2190 (Vicky has in progress, needs feedback) [DONE still need feedback? ] - Assume DONE DONE
- maybe we could also setup a domain like elections.osgeo.org too
- important that only CRO has access to elections stuff
- #2199 Upload FOSS4G PDF Waiting for feedback from Studio 17 -CLOSED because of lack of response
- [https://trac.osgeo.org/osgeo/ticket/2195 Blog account for Astride - this should be on www.osgeo.org? Asked for clarification - CLOSED because of lack of response
- Domain Renewals (needs ticket)
Other topics
- are we feeling ok now with the cracked geotools account on osgeo6?
- We need to change the passwords, and move to key only login
- the question is how to deploy the keys
- One or all 4 keys? (4??)
- Add support for registering public user SSH keys in LDAP: https://trac.osgeo.org/osgeo/ticket/2116
- confirmed password auth is now off
- we should clean the keys and deploy new ones
- geotools should create new keys and supply the public key.