SAC Meeting 2019-05

From OSGeo
Jump to navigation Jump to search

Where and When =

  • in IRC on Freenode, channel: osgeo-sac

Meetings Happened

Agenda

  • OSGeo7 - Have a download container on OSGeo7 only iffy thing is webdav. I can't get webdav with LDAP using nginx without doing a custom compile of nginx. So I settled on just webdav and an basic auth account for geotools.

I think geotools is the only one that uses the webdav so should be fine. Other issue is I couldn't make the webdav and non-webdav url the same so geotools is via https://download-testing.osgeo.org/geotools and the webdav is https://download-testing.osgeo.org/webdav/geotools. I see this as a temporary fix since geotools wishes to use artifactory or something more modernish.

  • OSUOSL wants to get rid of osgeo4, most drives have failed we need two new - move everything off to OSGeo7 that needs moving, reformat and install lxd.

Since last we spoke secure, adhoc, old-web (which houses id.osgeo.org) have been moved to osgeo7. adhoc.osgeo.osuosl.org now points to osgeo7 Also setup a grass container which neteler is configuring to replace the current grass on osgeo6

  • New Server? We had planned to reformat osgeo3 as a secondary lxd host, but we might not have all stuff off it soon enough. wildintellect proposed getting a smaller secondary server.

We also toyed with osgeo6. Sadly osgeo6 OS (jessie) is already too old to support snap lxd, I think we can do with regular lxd, but that means it would be an older version than what is on osgeo7 so not a very good backup. Funtoo is another option - but two issues (I could only get it up to lxd 3.8 (will talk with funtoo about raising it higher), and it's only got


  • DONE Got rid of wildcard cert ssl.com, for servers I couldn't migrate or haven't yet (I got a new wildcard cert from letsencrypt, that is what download.osgeo.org is using at the moment) and what the new-secure is using since it can't directly get a cert since it has no webserver and the cert would still need to be copied into the container. I plan to use this wildcard cert for general testing stuff or when we are inbetween getting a single domain cert.
  • Setup Bacula (need some thoughts on best way to go about this since osgeo7 is not setup quite the same and for some containers seems overkill to install a bacular fd client
  • DONE I rebuilt secure server as a debian 9 so it has the latest LDAP which means we can start thinking about changing the schema to support storing public keys
  • Wiki is old and needs to be replaced the MySQL 5.5 EOL'd a couple of years ago for one.

Talk about hardware plans

  • Should we get a new smaller server as a backup for osgeo7 lxd

Budget

  • OSUOSL donation and FunToo donation are we set?
    • FunToo submitted to monthly payment plan, did treasurer figure it out?
    • OSUOSL, need to submit request to treasurer.

System Contracts

  • DONE Regina System Contract in place and she worked (and used up the $5000)
  • Regina -- looking for second contract to finish off the work she started (like rebuilding wiki, enabling sshkeys in LDAP, changing wiki to use LDAP)
  • New contract for Vicky for supporting Wordpress www.osgeo.org,
    • TODO: Draft contract and discuss
  • LDAP+SSH Keys
  • Migrating OSGeo Wiki Logins to OSGeo LDAP

Open tickets needing attention

  • 2019.foss4g.org needs oauth with github - 22228 wildintellect should close if no further feedback from requester [CLOSED]
  • https://trac.osgeo.org/osgeo/ticket/2190 (Vicky has in progress, needs feedback) [DONE still need feedback? ] - Assume DONE DONE
    • maybe we could also setup a domain like elections.osgeo.org too
    • important that only CRO has access to elections stuff
  • #2199 Upload FOSS4G PDF Waiting for feedback from Studio 17 -CLOSED because of lack of response
  • [https://trac.osgeo.org/osgeo/ticket/2195 Blog account for Astride - this should be on www.osgeo.org? Asked for clarification - CLOSED because of lack of response
  • Domain Renewals (needs ticket)

Other topics

  • are we feeling ok now with the cracked geotools account on osgeo6?
  • We need to change the passwords, and move to key only login
  • confirmed password auth is now off
  • we should clean the keys and deploy new ones
  • geotools should create new keys and supply the public key.


SAC main page