Talk:SAC Meeting 2017-11-09
Jump to navigation Jump to search
Decided we should host code in Gogs. Need to setup repo for osgeotest2 to be able to post. 
For DNS name leaning to staging.www.osgeo.org  Already done by Alex. Regina has informed Jeff of the change.
Git Services Status report and Gitea/ Gogs upgrade
Strk says drone 0.5 will work with gitea. So first step is to put Gogs in readonly mode and then do a dump /restore into gitea and turn off gogs.
Bjorn will try to setup SSL with letsencrypt on the current. Waiting for beefier server to put it on.
Plan to allocate $20000. Of which at least $5000 will be spent on new server, $5000 on EU contract for Martin, and remaining $10,000 to be split on Cloud Hosting and other things.
Vote for Martin sys admin contract reposted on mailing list
20:02:44 robe2: All ready for meeting 20:03:08 robe2: strk svn was down for a bit I think 20:03:18 robe2: pramsey was delayed committing his changes as a result 20:05:09 wildintellect: I see some short gaps in the munin charts http://webextra.osgeo.osuosl.org/munin/osgeo.org/trac.osgeo.org/index.html 20:05:10 sigabrt: Title: Munin :: osgeo.org :: trac.osgeo.org (at webextra.osgeo.osuosl.org) 20:05:45 wildintellect: Hmm, the wiki machine is running low on space 20:08:17 wildintellect: anyone else beside robe2 here for the meeting? 20:08:22 MartinSpott: yes 20:09:28 MartinSpott: 4 GByte of MediaWiki logs .... 20:10:15 MartinSpott: outdated logs 20:10:19 MartinSpott: will remove 20:11:59 wildintellect: robe2, go ahead and start 20:13:19 MartinSpott: I'd like to restart the Apache server process on the Wiki VM 20:14:19 wildintellect: MartinSpott, sure unless you think it would take a long time 20:14:31 MartinSpott: no, just a few seconds 20:14:41 MartinSpott: to check, if there'll be a new MW log 20:15:00 robe2: okay - agenda here - http://wiki.osgeo.org/wiki/SAC_Meeting_2017-11-09 20:15:30 robe2: For Website, GetInteractive has restored the wordpress site 20:15:35 MartinSpott: restart successful :-) 20:15:48 robe2: and given us the mysql root password, of which I have yet to post to secure. Will do that later today 20:16:17 robe2: They asked what to do with the files, put on github or if we have some git repo for them to post it to. I was thinking gogs? 20:16:55 robe2: as I assume there might be some things we want kept private in the repo 20:17:10 wildintellect: I'm not so sure there's anything private 20:17:15 wildintellect: it's just a wordpress theme 20:17:27 robe2: wildintellect not yet at anyrate but could be in future 20:17:40 cvvergara: I am here 20:17:52 wildintellect: robe2, lets start with gogs if that's easy 20:18:05 MartinSpott: hobu: Howard - hi ! 20:18:14 hobu: cheers! 20:18:16 wildintellect: I'll not the rest of the deliverables went to github 20:18:20 wildintellect: note 20:18:22 robe2: yah I think it would be they've already got an osgeo account so we'd just need to setup to allow that account access to post etc. 20:19:15 wildintellect: go ahead with that, we can always copy somewhere else if needed 20:21:59 wildintellect: in regards to website, we need to finalize the name for the new copy of the site. beta and staging were suggested, with 2 votes for staging - any one else have a vote? 20:22:33 MartinSpott: no, I don't mind at all, I'm just waiting for the result ;-) 20:23:02 robe2: wildintellect - beta is slightly shorter to type :) 20:23:14 robe2: but aside from that I'm indifferent 20:23:29 cvvergara: beta is easier to rtemember 20:23:48 robe2: okay lets do beta :) 20:24:15 wildintellect: well, please vote 20:24:16 robe2: who proposed staging? 20:24:28 wildintellect: strk proposed staging 20:24:46 wildintellect: I agreed it less ambiguous than beta 20:24:52 wildintellect: which could be anything 20:24:52 MartinSpott: dot or hyphen .... ;-) 20:25:37 cvvergara: yes staging is less ambiguous 20:26:02 robe2: did we vote on mailing list? I've been out for a bit still not back to normal 20:26:14 wildintellect: yes a vote was started on the list 20:26:35 wildintellect: or at least a discussion, with stated preference 20:27:08 robe2: nevermind I see the vote 20:27:48 cvvergara: dot 20:28:01 robe2: dot? 20:28:09 robe2: staging.www.osgeo.org? 20:28:33 * cvvergara dot or hyphen staging.www.osgeo.org 20:28:37 robe2: how about just staging.osgeo.org (people are going to get to it eventually by osgeo.org anyway) 20:28:46 wildintellect: that's what I said on the list 20:29:55 MartinSpott: anybody here editing the wiki right now ? 20:30:05 strk: I'm here but not really here 20:30:31 strk: no bike shedding please, pick one and move on :) 20:30:54 strk: I suggested <something>.www.osgeo.org so you know it's a beta/staging/test deploy of "www.osgeo.org" 20:31:01 strk: rather than something else like "trac.osgeo.org" for example 20:31:12 strk: just to get the full final real name included 20:31:26 strk: but robe2 point is a good one 20:31:38 robe2: MartinSpott I've been putting notes in the discussion tab 20:31:42 strk: if they get there by "osgeo.org" then "staging.osgeo.org" still has that characteristic 20:32:27 MartinSpott: robe2: please check if they're still available 20:33:26 MartinSpott: staging.www.osgeo.org ? 20:33:45 robe2: MartinSpott if what is still available? staging.osgeo.org (lets not add www to it) 20:34:08 MartinSpott: No, if the discusion notes are still available :-) 20:34:37 MartinSpott: and to make a long discussion short, I proposed to enable staging.www.osgeo.org in DNS 20:34:57 * robe2 confused what we are talking about -- https://wiki.osgeo.org/wiki/Talk:SAC_Meeting_2017-11-09 20:34:59 sigabrt: Title: Talk:SAC Meeting 2017-11-09 - OSGeo (at wiki.osgeo.org) 20:35:52 MartinSpott: robe2: I just restarted the Apache instance on the Wiki VM in order to disable Debug logging and I was hoping I didn't purge anybody's edits 20:36:06 robe2: MartinSpott ah okay 20:36:12 robe2: I still see my notes 20:36:22 MartinSpott: fine 20:36:42 robe2: anyway you want to do staging.www.osgeo.org or just staging.osgeo.org -- I just want the quickest way to end this boring discussion 20:36:47 robe2: I'll agree to anything :) 20:37:02 MartinSpott: staging.www.osgeo.org - for no particular reason 20:37:41 robe2: strk you feeling? 20:37:50 robe2: your feeling 20:38:19 robe2: okay staging.www.osgeo.org it is 20:38:23 wildintellect: sounds good 20:38:37 wildintellect: robe2, please inform Jeff Lasut? 20:38:47 wildintellect: I can put it in the DNS 20:38:56 MartinSpott: I'm already there 20:39:29 robe2: okay put it in and close the related ticket - https://trac.osgeo.org/osgeo/ticket/2012 20:39:31 sigabrt: Title: #2012 (Beta website DNS entry) â€“ OSGeo (at trac.osgeo.org) 20:39:52 strk: my feeling is whoever is facing the DNS configuration takes the decision 20:40:26 strk: great, next item ? :) 20:42:01 strk: GIT service status: nothing changed on my side, but I've heard Gitea-1.2.3 should work with Drone-0.5 so there may be no need to upgrade Drone, and I tried Gitea migration to be pretty straightforward 20:42:51 strk: for a perfect upgrade we should only find a way to put the service in read-only mode, which I'm not sure how to do (probably Apache preventing POST/DELETE/PUT methods is enough) 20:45:03 robe2: strk so are you going to put gitea in read only or gogs in read-only? 20:49:32 robe2: wildintellect sent him the note. Oh I forgot we were also going to do ssl letsencrypt right? 20:51:17 strk: (1) gogs in readonly mode (2) dump gogs db for a backup (3) start gitea in readonly mode (4) check that things work (5) switch gitea to readwrite 20:51:30 strk: ^^^ that's the plan, but I don't have a schedule to do that 20:51:57 MartinSpott: letsencrypt is quite new to me, I have no idea wether it meets OSGeo's needs 20:51:59 strk: robe2: I was also hoping you'd be doing that test yourself (you got the dump right ?) 20:52:11 strk: letsencrypt is already in use for some OSGeo services, it works great with Apache 20:52:16 strk: it's called "certbot" now 20:52:18 MartinSpott: if it was decided to go this route, then I'll have a look at it 20:52:20 strk: and packaged 20:52:28 strk: (for newer systems ofc) 20:52:47 strk: you do something like: certbot -d staging.osgeo.org 20:53:03 robe2: strk the gogs dump yet. 20:53:05 strk: and it should figure out all the rest (changes apache config, logs status somwhere) 20:53:07 robe2: yes 20:53:09 strk: later you do: certbot renew 20:53:22 strk: and it renews all certs for which it has logged status (/etc/lesencrypt I think) 20:53:24 robe2: I can redump again I guess -- its standard pg_dump right? from the trac vm? 20:53:31 strk: standard pg_dump robe2 20:53:37 strk: db name is "gogs" 20:53:38 MartinSpott: I'd prefer not to let any unknown tool change my Apache config .... 20:53:49 strk: MartinSpott: you can ask "certbot" not to touch configs too 20:54:03 strk: I think it's a --certonly switch or similar, it does have an help 20:54:18 strk: or --webroot only if it doesn't need to even know about which server you're using 20:54:32 strk: I'm sure you'll like it MartinSpott 20:54:45 strk: it uses a protocol called I think ACME 20:55:02 strk: which only verifies that you have access to the root of that domain, via .known-uri 20:55:26 robe2: Do we have a ticket for the ssl piece. for staging.www.osgeo.org 20:55:29 strk: sorry, it is .well-known 20:55:50 strk: any.domain/.well-known <-- is a standad URI, can't remember the name of this thing 20:55:59 strk: things like Webfinger are based on that 20:55:59 robe2: strk I've seen lots of sites use it gaining wide popularity and soon they'll have wild-card support too 20:56:59 strk: so "certbot" I think will ask letsencrypt.org for a certificate, and it has to prove it can modify something in .well-known url, I think it's something under an "acme" directory or something 20:57:54 MartinSpott: BTW, staging.www.osgeo.org works after adding a ServerAlias - but it's redirecting to www.osgeo.org ;-) 20:58:42 strk: are we keeping the new server configuration under a Git repository too ? I suggest we do 20:58:59 strk: and maybe also have it published on Gogs (to become Gitea some day in the future) 20:59:03 strk: as a private repo I guess 20:59:14 robe2: strk yes we should that's why I was saying we wouldn't want it on github public so might as well use our private git repo 20:59:38 strk: boycott github ! 21:00:10 robe2: strk it's .well-known folder like you said I think a lot of SSL providers do it that way 21:00:34 robe2: I had to do that when I got a comodo ssl recently had to create a .well-known/pki-validation folder 21:01:15 robe2: strk we shall boycott github but not say "Boycott" we are just not using it for pragmatic reasons :) 21:03:20 MartinSpott: Moggeeen ! 21:03:29 markusN: Moin moin 21:03:36 MartinSpott: Wobissndugerade? 21:03:42 markusN: hab wohl mal wieder das meeting verpasst 21:03:44 * markusN still on the road 21:03:45 markusN: Italia 21:03:51 MartinSpott: ah 21:04:00 markusN: tomorrow speaking @ sfscon.it 21:04:23 MartinSpott: ! 21:04:30 jef: markusN: you didn't miss much ;) 21:05:10 robe2: MartinSpott so you going to take on the SSL for staging.www.osgeo.org? 21:05:35 robe2: Guess next on agenda is bj0rn[m] 21:05:56 MartinSpott: First we need intervention from the site maintainers to make it properly respond to the new DNS name 21:05:59 bj0rn[m]: oh? I'm on an agenda? :) 21:06:09 * strk reading backlog 21:06:20 robe2: bj0rn[m] yah the gitlab thing 21:06:36 robe2: though maybe you are being held up with our server farm discussion 21:07:17 robe2: https://wiki.osgeo.org/wiki/SAC_Meeting_2017-11-09 we are up to steps needed for GitLab 21:07:18 sigabrt: Title: SAC Meeting 2017-11-09 - OSGeo (at wiki.osgeo.org) 21:07:27 strk: guess he told everything last time ? he gave size required for new machine, the rest is on SAC to decide on ? 21:07:49 strk: like: do we buy a new machine like we did for staging.www.osgeo.org ? 21:07:58 robe2: MartinSpott -- yah it will happen when Jeffrey Lasut switches the config 21:08:20 robe2: I wouldn't wait that long for that. 21:08:46 robe2: wordpress always does that since they have it coded for www.osgeo.org at moment so it will try to redirect 21:08:52 robe2: that actually proves it works 21:09:28 bj0rn[m]: robe2: ok, got nothing new there. I'm going to try to fix the existing servcer because we now know it's a cert issue - so will try to create a new one with letsencrypt. Other than that, I'm kind of just waiting for response on new server as strk says above ^ 21:11:11 robe2: oh yeh my favorite topic now server load 21:11:47 robe2: is this our best state of things - https://wiki.osgeo.org/wiki/Infrastructure_Transition_Plan_2010#osgeo3_.26_osgeo4 21:11:48 sigabrt: Title: Infrastructure Transition Plan 2010 - OSGeo (at wiki.osgeo.org) 21:11:53 robe2: we just have 2 servers? 21:12:07 MartinSpott: 4 21:12:14 MartinSpott: 2 VM hosts 21:12:28 MartinSpott: plus Osgeo6 and Backup 21:13:36 robe2: so osgeo3 and 4 are VM hosts. What does Osgeo6 do? 21:13:55 MartinSpott: a lot 21:14:04 robe2: Should we create a 2017 transition plan or we already have one somewhere? 21:14:37 MartinSpott: I think the stuff is listed on the Osgeo6 page 21:15:47 robe2: this listing looks a bit outdated is it maintained - https://wiki.osgeo.org/wiki/SAC_DNS_Registry 21:15:48 sigabrt: Title: SAC DNS Registry - OSGeo (at wiki.osgeo.org) 21:16:49 MartinSpott: Mmmm, I've probably never seen this page 21:16:53 MartinSpott: quite outdated 21:17:27 robe2: ah I see so osgeo6 runs all the mailing lists and a bunch of websites, but it's not a vm hoster right? everything is installed in single server instance 21:17:39 MartinSpott: yes, on bare metal 21:18:07 robe2: I'm tempted to just remove that SAC DNS Registry page 21:18:22 MartinSpott: +1 21:20:16 MartinSpott: I assume not a single one of these entries is valid any more 21:20:55 robe2: MartinSpott do we have an instruction page for where to edit the DNS that would be more useful. Not seeing it in Procedures 21:20:56 MartinSpott: My memory is referring these addresses to historic infrastructure 21:21:06 wildintellect: yes 21:21:27 robe2: would be nice if we just replaced that page with where to check and add dns entries rather than listing the data.. Then move link to procedures 21:21:33 jef: "(note this list is far out of date now)" - what's the point 21:22:29 wildintellect: as for the transition plan, this https://wiki.osgeo.org/wiki/Infrastructure_Transition_Plan_2014 is the undone precursor to 2017 most of the same questions exist 21:22:30 sigabrt: Title: Infrastructure Transition Plan 2014 - OSGeo (at wiki.osgeo.org) 21:22:51 jef: decision in the last QGIS psc meeting also host the website where it's build (ie. qgis' machine at hetzner) - no time frame yet. 21:24:00 MartinSpott: jef: I'd rather not duplicate DNS data anywhere else, I think it's just causing confusion 21:24:23 MartinSpott: therefore I'm in favour of having it removed 21:24:26 robe2: are we still using pair for DNS hosting. 21:24:46 MartinSpott: yes, we do 21:24:56 robe2: I agree with MartinSpott let's not bother writing DNS data there, but I think this page should have basic instructions of where we host our DNS 21:25:12 robe2: and where to get the security stuff to log in and edit it 21:26:08 MartinSpott: Do you really suggest explaining to the world where OSGeo is storing their secrets for editing DNS ? 21:26:27 wildintellect: right the security stuff is word of mouth on purpose 21:26:57 wildintellect: it's also sudo only on purpose 21:28:09 robe2: MartinSpott yes I do :) you can just say on secure server 21:28:29 MartinSpott: the meeting has started approx one and a half hours ago, bed time is approaching 21:28:57 robe2: anyway I wiped out all the obsolete entries -- at the very least we should verify those are still DNS administrators etc. 21:29:28 robe2: okay I agree we should end soon -- so sounds like we need a new server 21:30:35 wildintellect: which was in the budget this year 21:31:10 wildintellect: we need to cover budget since the board wants a response before our next meeting 21:31:27 robe2: okay want to go over budget quickly 21:31:51 wildintellect: I checked we have enough for the next 5000 EUR contract, for this year 21:31:53 robe2: is the plan to get new hardware to host on osuosl, get additional cloud hosting or a bit of both 21:32:09 wildintellect: I think we should plan for either scenario 21:32:45 wildintellect: I'm going to suggest we request $20,000 for 2018, to cover 2 contracts, hardware, and cloud hosting as needed 21:34:00 robe2: wildintellect sounds good. So how much you think would new debian 9 cost us hardware wise? 21:34:01 MartinSpott: Note that in order to retire Osgeo4 we need to migrate more than just a few websites off of the Projects VM 21:34:15 robe2: this one I imagine would also be used to host vms? 21:34:41 wildintellect: or containers, depending on how we decide we want to deal with it 21:34:59 wildintellect: yes osgeo4 has Projects, Adhoc and QGIS 21:35:01 robe2: yah we could also move some to cloud hosters. 21:35:09 robe2: could ask projects which they prefer 21:35:32 robe2: Sounds like QGIS just wants to host everything on the heffy thing 21:36:12 wildintellect: robe2, as for specific hardware costs, that depends on what we want, we tend to spend about $5000 on a new server at a time, there are cheaper options 21:36:32 robe2: $5000 sounds about right to me. 21:36:36 wildintellect: sure but QGIS is paying it's own bill on hetzner 21:36:54 robe2: I wouldn't want to go any cheaper 21:37:22 wildintellect: well cheaper tends to mean less ram or disks 21:37:36 wildintellect: you'd be surprised what you can get 21:37:48 MartinSpott: the choice and sizing for Osgeo6 was pretty good, I'd say 21:38:05 robe2: I expect a 1TB SSD, 64GB ram with $5000, 8 cores 21:38:17 robe2: at least that anyway 21:38:25 wildintellect: I'll draft a budget based on my idea and circulate for 1 week for edits/ideas, then we can vote 21:38:30 wildintellect: how does that sound 21:38:36 MartinSpott: perfectly 21:38:43 robe2: wildintellect sounds good to me 21:38:56 wildintellect: I'll also re-open the vote on the contract 21:38:58 cvvergara: perfect 21:39:05 wildintellect: now that I know we have the budget 21:39:08 MartinSpott: so I may now fall asleep ? ;-) 21:39:12 robe2: wildintellect I already voted as soon as you said "We have money" 21:39:17 strk: sorry, just came back 21:39:27 MartinSpott: strk: vote ! ;-)) 21:39:30 strk: any vote needed from me ? If so please restate the question(mailing lists are better thoug) 21:39:33 strk: +1 ! 21:39:35 strk: MartinSpott: :) 21:39:38 strk: got your contract yet ? 21:39:42 robe2: strk I already restated :) 21:39:44 robe2: and mailed 21:39:55 strk: that's the biggest interest from me at the moment 21:40:00 wildintellect: looks like that motion is passing with no objections 21:40:01 robe2: top posting to wildintellect's email just like you like it :) 21:40:04 strk: I want Martin on the payroll! 21:40:20 strk: MOTION: blacklist any top-poster 21:41:00 MartinSpott: note, there's not the slightest personal benefit in contracting with my employer 21:41:01 robe2: okay we should probably end now. It's almost my bed time too 21:41:32 MartinSpott: but I'd appreciate spending more time with OSGeo/SAC 21:41:59 robe2: MartinSpott yes we'd like you to have are a reason to spend time with us 21:42:04 strk: MartinSpott: are we guaranteed it's going to be you on the systems and not somebody else from the company yes ? 21:42:07 wildintellect: MartinSpott, can you update https://trac.osgeo.org/osgeo/ticket/2025#ticket with what logs your removed or other actions on wiki 21:42:09 robe2: you have put up with a lot from us :) 21:42:12 sigabrt: Title: #2025 (Wiki VM low on disk space) â€“ OSGeo (at trac.osgeo.org) 21:42:13 markusN: +1 21:42:25 MartinSpott: BTW: http://www.magellan-net.de/ 21:42:26 sigabrt: Title: Startseite - magellan netzwerke GmbH (at www.magellan-net.de) 21:42:43 MartinSpott: SAC is guaranteed it'll be just me working on the systems 21:43:04 MartinSpott: I'm not going to promote OSGeo access credentials in the company 21:43:21 MartinSpott: we're working on an English presentation ;-) 21:43:58 robe2: we done? 21:44:25 MartinSpott: wildintellect: just MediaWiki debug logs 21:44:42 strk: I'll wait to read a report about the meeting, hoping someone will write it :) 21:44:45 * strk looks at robe2 21:44:46 wildintellect: ah debug logs, so not anything we really need to keep 21:44:58 robe2: strk I've been writing it duh 21:45:01 wildintellect: yes meeting is done for today 21:45:17 robe2: okay great. ttyl 21:45:27 cvvergara: out of topic: OSGeoLive wiki is on the OSGeo Wiki, is it possibe to separate and make it have its own wiki? 21:45:43 cvvergara: (similar problem as the trac) 21:46:24 strk: cvvergara: did you vote on that ? the motion was to have your own Trac env 21:46:26 MartinSpott: cvvergara: what does it mean: "is on the OSGeo Wiki" ? 21:46:33 strk: SAC was waiting for the outcome of that vote 21:46:51 strk: not sure if there was a ticket filed already or not, if you decided to go there, ticket would be next step 21:46:52 cvvergara: yes, for example: 21:47:11 cvvergara: https://wiki.osgeo.org/wiki/Live_GIS_Disc 21:47:12 sigabrt: Title: Live GIS Disc - OSGeo (at wiki.osgeo.org) 21:47:35 cvvergara: its a huge file because the project does not have a wiki of its won, its on the OSGeo Wiki