SAC Meeting 2019-04
Where and When =
- in IRC on Freenode, channel: osgeo-sac
- OSUOSL wants to get rid of osgeo4, most drives have failed we need two new - move everything off to OSGeo7 that needs moving, reformat and install lxd. Thoughts if that is okay. markus_N said only thing he needs on adhoc is earthquake, he'll ping Jachym about pyws and martinS if anything he knows left on osgeo4
- OSGeo7 - Have a download container on OSGeo7 and did a trial rsync of the home and osgeo folders (note bottle.download.osgeo.org is already live on it. I set on a non-standard ssh port. markusN tried to ssh into the new container and confirmed my rsync of home folders was successful and his download stuff is in good shape (permissions/date wise).
- DONE OSGeo7 - I am going to switch the host to 2022 for ssh and leave the remainder free so if we need 22, we can use for the containers.
- DONE 2269 OSGeo7 issue with seeing real ip - 2 ways to go - upgrade to LXD 3.11 using snap/lxd - and changed so logs are logged in nginx with the real ip. I think some work might need to be done for containers to see the real ip( but haven't checked them)
- Setup Bacula (need some thoughts on best way to go about this since osgeo7 is not setup quite the same and for some containers seems overkill to install a bacular fd client
Talk about hardware plans
- Regina completed install of nginx lxd container, and nextcloud.osgeo.org (which proxies thru the nginx container), set up a debian9 lxd container for ssh access but shut it down until we decide what to do with it.
- Completed migration of projects.osgeo.osuosl.org - accessible on osgeo7 via port 50025
- Completed migration of adhoc.osgeo.osuosl.org - accessible on osgeo7 via port 50024 - waiting for OSUOSL to repoint that domain to osgeo7
- docker template container completed and used to build dronie server / agent
- Discovered nginx the way currently set up can't see external ip - need to do differently than just proxying port which means we'll need a dedicated IP for nginx *UPDATE* supposedly LXD 3.0 does support nginx proxy pass ip feature, so might be fine the way it is and just need to tweak some settings
- Can we ask OSUOSL for an extra ip
NEXT STEPS: For robe - setup container downloads.osgeo.org (will be based off of the debian9 ssh image) (for testing first with no data) and with nginx will require LDAP ssh
- Details of what's done so far on SAC_Service_Status#osgeo_7.
- FTP mirror on OSUOSL hardware, do we want an to push or pull with rsync or other method. [ticket](https://trac.osgeo.org/osgeo/ticket/2235).
- OSUOSL donation and FunToo donation are we set?
- FunToo submitted to monthly payment plan, did treasurer figure it out?
- OSUOSL, need to submit request to treasurer.
- DONE Regina System Contract in place and she's working
- New contract for Vicky for supporting Wordpress www.osgeo.org,
- TODO: Draft contract and discuss
- LDAP+SSH Keys
- Migrating OSGeo Wiki Logins to OSGeo LDAP
Open tickets needing attention
- 2019.foss4g.org needs oauth with github - 22228 wildintellect should close if no further feedback from requester [CLOSED]
- https://trac.osgeo.org/osgeo/ticket/2190 (Vicky has in progress, needs feedback) [DONE still need feedback? ] - Assume DONE DONE
- maybe we could also setup a domain like elections.osgeo.org too
- important that only CRO has access to elections stuff
- #2199 Upload FOSS4G PDF Waiting for feedback from Studio 17 -CLOSED because of lack of response
- [https://trac.osgeo.org/osgeo/ticket/2195 Blog account for Astride - this should be on www.osgeo.org? Asked for clarification - CLOSED because of lack of response
- Domain Renewals (needs ticket)
- are we feeling ok now with the cracked geotools account on osgeo6?
- We need to change the passwords, and move to key only login
- the question is how to deploy the keys
- One or all 4 keys? (4??)
- Add support for registering public user SSH keys in LDAP: https://trac.osgeo.org/osgeo/ticket/2116
- confirmed password auth is now off
- we should clean the keys and deploy new ones
- geotools should create new keys and supply the public key.