Talk:SAC Meeting 2017-10-26

From OSGeo
Jump to navigation Jump to search

Website Status

  1. CloudVPS account created by Treasurer (Mike) and Debian 8, 4GB VPS (2 months paid for)
  2. Regina setup OSGeo LDAP on new server
  3. Regina setup sudo account for osgeotest2 (the account GetInteractive has on OSGeo LDAP) and informed GetInteractive to try to login
  4. Martin Spott rechecked Regina's work and redid it properly to use newer LDAP and not require local account
  5. Alex received bill. According to Jody Garnett Michael has already paid the invoice.
  6. GetInteractive said they'll get to it next week around 11/1 (installing wordpress and backup)
  7. Next steps - Regina and Jody Garnett confirms work is done

Transcript

   [15:01] <robe2> Everyone ready to meet
   [15:02] * wildintellect is here
   [15:02] <robe2> https://wiki.osgeo.org/wiki/SAC_Meeting_2017-10-26
   [15:02] <sigabrt> Title: SAC Meeting 2017-10-26 - OSGeo (at wiki.osgeo.org)
   [15:04] <robe2> wildintellect so first off I guess website.  Are you all settled with GetInteractive on the money matters?
   [15:04] <robe2> I haven't heard back from them since I handed them the keys
   [15:04] <wildintellect> I have the bill for the migration
   [15:04] <wildintellect> will pay when you tell me they've done the work
   [15:05] <robe2> ah okay so I'll write them now and ask if they are waiting for anything from us
   [15:07] <robe2> I just have to find the mail I sent them.  Boy I hpe I didn't imagine the whole thing
   [15:08] <robe2> next on list is git status report -- strk want to talk
   [15:10] <wildintellect> robe2, I can confirm you sent the email on Oct 20th
   [15:10] <wildintellect> I also see a reply on the 23rd
   [15:10] <wildintellect> They plan to work on it next week
   [15:11] <robe2> ah great
   [15:12] <robe2> I must have missed that reply too flooded with email
   [15:12] <wildintellect> I only found it be searching
   [15:13] <robe2> ah now I see it, was checking wrong account :)
   [15:13] <robe2> ping strk you alive :)
   [15:16] <robe2> okay I updated the Discuss tab with web status
   [15:16] <robe2> bj0rn[m] since strk is uncustomarily not yapping you want to talk about gitlab and what you think you'll need
   [15:18] <bj0rn[m]> sure thing :)
   [15:18] <strk> hey
   [15:18] <strk> just got back
   [15:18] <strk> didn't expect to be so early :)
   [15:19] <robe2> strk okay want to fill us in on what's needed to upgrade gogs
   [15:19] <strk> by "gogs upgrade" I mean migrating to Gitea, which can be seen as a "new version" of Gogs
   [15:19] <strk> latest Gitea release came out recently, it's 1.2.0 (followed shortly after by 1.2.1)
   [15:19] <strk> I tried the upgrade on the existing database and it seemed to be smooth
   [15:20] <strk> it's just a binary, no other files needed
   [15:20] <strk> no configuration change needed either, if I recall correctly
   [15:20] <wildintellect> side question, is gogs the reason we have custom git binaries installed?
   [15:21] <strk> anyway, I created a "gitea" branch in https://git.osgeo.org/gogs/sac/gogs-config.git
   [15:21] <robe2> strk I meant drone not gogs sorry
   [15:21] <strk> with the updated config
   [15:21] <robe2> thought your hold up was with drone
   [15:21] <strk> oh, right
   [15:21] <strk> custom git binaries
   [15:21] <strk> while testing the Gitea upgrade I found out that Gitea was not happy with git-1.7 but wanted 1.8+
   [15:21] <strk> so I installed a .deb package from a more recent Debian version
   [15:21] <strk> in turn it requried another thing (shell completion package)
   [15:21] <strk> which I also installed
   [15:22] <wildintellect> ah maybe Martin would have preferred using backports
   [15:22] <strk> sorry for that mess - I complained *after* with Gitea devs, but was probably not convincent enough
   [15:22] <robe2> https://git.osgeo.org/gogs/sac/gogs-config/src/gitea
   [15:22] <wildintellect> I figured that was the reason
   [15:22] <strk> theoretically I am a "maintainer" of Gitea, but "maintainers" there don't have much power
   [15:22] <strk> just to say that if we want 1.7 to be enough, a PR could be sent to be more tolerant to that older version
   [15:23] <strk> it takes 2 approvals (from 2 maintainers) to accept
   [15:23] <strk> so if anyone wants to go there, a PR is welcome and I'd be one of the 2 approvers
   [15:23] <wildintellect> no it's fine, we really should be looking to get the servers upgraded when needed
   [15:23] <robe2> strk is there a reason they need 1.8.  Might be okay if a good reason
   [15:23] <strk> (but I cannot approve my own PR)
   [15:23] == MartinSpott [~martin@pdpc/supporter/active/martinspott] has joined #osgeo-sac
   [15:23] <robe2> as wildintellect said we could use backports if we need a package rather than custom build
   [15:24] <strk> robe2: I think there's no reason, there's a ticket but maybe this is not a good moment to dig it up
   [15:24] <strk> well, dug it: https://github.com/go-gitea/git/pull/48
   [15:24] <sigabrt> Title: ask git version from 1.7.10 to 1.8.1.6 since git log command needs by lunny · Pull Request #48 · go-gitea/git · GitHub (at github.com)
   [15:25] <wildintellect> ah MartinSpott you just missed  the explanation about the git version question you have
   [15:25] <strk> I was already suspicious about that PR, as you can see from comments, and recently (8 days ago) I got back to it, asking for a revert
   [15:25] <strk> MartinSpott: reason for git 1.8 is here - https://github.com/go-gitea/git/pull/48
   [15:25] <sigabrt> Title: ask git version from 1.7.10 to 1.8.1.6 since git log command needs by lunny · Pull Request #48 · go-gitea/git · GitHub (at github.com)
   [15:25] <MartinSpott> Hi
   [15:26] <wildintellect> we were wondering if you preferred using backports over using directly downloaded deb files for something like that
   [15:26] <strk> backports for Debian6 (what's on TracSVN) do not have 1.8
   [15:26] <strk> I think I checked
   [15:26] <jgarnett> just out of a work meeting, lurking if needed
   [15:26] <strk> but I could have been wrong
   [15:26] <bj0rn[m]> On gitlab, simply put I'd like to migrate the experimental gitlab to an official osgeo host. Preferably a reasonably recent debian or ubuntu (v)machine. I think it will run fine with min 4 GB RAM and 10 GB dedicated partition space.
   [15:26] <robe2> strk their reasoning looks like for security
   [15:26] <strk> anyway, beside Gogs->Gitea there's also Drone that needs to be upgraded
   [15:27] <robe2> I tend to think we should be running with newer git anyway :)
   [15:27] <strk> bj0rn[m]: may I finish the Gogs upgrade first ?
   [15:27] <robe2> but I'm a maverick of sorts
   [15:27] <strk> robe2: yeah, actually mee too
   [15:27] <strk> so, Drone is the CI system which is working with Gogs
   [15:27] <MartinSpott> I was wondering because the way it was set up on the TracSVN VM breaks dependencies
   [15:27] <strk> https://drone.osgeo.org
   [15:27] <bj0rn[m]> strk: sure I'll repeat what I wrote when your subject is closed. :)
   [15:28] <strk> https://drone.io  is the main dev site. Is another Go system, like Gogs and Gitea
   [15:28] <sigabrt> Title: Continuous Delivery | Drone (at drone.io)
   [15:28] <jgarnett> robe2 / wildintellect - I can confirm that they get interactive has sent an invoice that Michael has paid (we did not need to ask venka to sign)
   [15:28] <robe2> jgarnett you probably missed our note about website update.  Alex got bill.  He's waiting for GetInteractive to do the work which sounds like this week or next
   [15:28] <strk> Drone is a fast moving target. We're running 0.5 but latest stable is 0.8
   [15:28] <robe2> and then I put on todo for you jgarnett  and me to check out the work so that Alex can pay
   [15:28] <strk> Gitea API is different from Gogs one, so Drone needs to be upgraded to support Gitea
   [15:29] <strk> newer Drone also supports current Gogs so it could be upgraded *before* upgrading Gogs->Gitea
   [15:29] <robe2> strk so what's the hold up with upgrading drone?
   [15:29] <strk> I wasn't able to do the Drone side
   [15:29] <strk> there was some problem with communication between Agents and the server
   [15:29] <strk> didn't spent much time with it though
   [15:30] <strk> bottomline is: if it's just me, it'll have to wait for me to have more time
   [15:30] <robe2> okay nothing you need from MartinSpott or wildintellect then -- just need to set aside some time?
   [15:30] <strk> robe2: if you can handle to setup a drone-0.8 server which talks with a drone-0.8 agent, we'd be fine
   [15:30] <wildintellect> So strk is looking for another contributor to help with Drone?
   [15:30] <strk> well, either I find time or someone else finds time
   [15:30] <strk> yes, contributor for Drone would be useful
   [15:31] <robe2> strk okay I guess I can give it a shot but never done anything with drone.  Maybe I'll experiment on the VMS I'm setting up
   [15:31] <strk> or, alternatively, some other CI system which works with Gitea (Jenkins for example does work with Gitea)
   [15:31] <robe2> well we can have both
   [15:31] <strk> even better :)
   [15:31] <wildintellect> Are these good candidates for Containerization?
   [15:31] <robe2> I won't have time probably until I get back from Taiwan.
   [15:31] <strk> I have a "drone-0.8" branch in https://git.osgeo.org/gogs/sac/drone-server-config.git
   [15:32] <strk> server starts fine with it
   [15:32] <robe2> but yah as a general rule, we should probably always have at least 2 people involved in anything.  Because 1 is a very lonely number :)
   [15:32] <strk> and a "drone-0.8" branch in https://git.osgeo.org/gogs/sac/drone-agent-config.git
   [15:32] <strk> for the agent part
   [15:32] <strk> what I'm not sure about is the reverse-proxy
   [15:32] <strk> I think there might lay the issue
   [15:32] <strk> +1, it takes 2 to tango
   [15:33] <strk> all of these services are currently being served via Apache as the reverse proxy
   [15:33] <strk> modern developers (I'm old) tend to use other things :)
   [15:33] <strk> like nginx, or, in the Go scene, Caddy (a Go web server)
   [15:33] <wildintellect> I'm familiar with reverse proxy
   [15:34] <strk> so the Apache reverse-proxy configuration for Drone-0.5 was a trial and error done by myself (which ended up becoming a PR to official drone documentation)
   [15:34] <wildintellect> Apache or Nginx are the norm, there is not real difference as far as a proxy is concerned
   [15:34] <strk> it probably takes a similar approach for 0.8, to figure out how to setup apache and contribute a PR
   [15:34] <strk> drone-0.5 used websockets
   [15:34] * robe2 never used nginx.  Just know Apache and IIS
   [15:35] <strk> so there was a ws:// reverse-proxy config in Apache (we also have that Apache thing under git IIRC)
   [15:35] <wildintellect> oh, I've never successfully gotten websockets working
   [15:35] <strk> well, we have websockets working :)
   [15:35] <strk> but Drone-0.8 changed to something different
   [15:35] <wildintellect> sure that's just not a normal reverse proxy
   [15:35] <strk> I forgot the name, was mentioned, a 4 letters acronym involving a G :)
   [15:36] <strk> the osgeo6 /etc directory is under git, but there's no gogs private repository associated with it, so no URL I can write here, sorry
   [15:36] <strk> (should we get one?)
   [15:36] <strk> anyway, refs: #drone-ci on IRC and #gitea on IRC
   [15:36] <strk> both also accessible via matrix (#drone-ci:matrix.org, #gitea:matrix.org)
   [15:37] <strk> but the actual Drone developers are elsewhere, unfortunately, so it's a bit of a pain to be in contact (enough that I'm ready to drop Drone if nobody else is interested)
   [15:37] <wildintellect> sounds like you and robe2 have it under control, and we can put out a email looking for an additional person who wants to help
   [15:38] <strk> the Docs for Drone are still stuck with 0.5 times, looks like: http://docs.drone.io/setup-with-apache/
   [15:38] <sigabrt> Title: Setup with Apache (at docs.drone.io)
   [15:39] <wildintellect> should we move to the next topic?
   [15:39] <strk> it is possible we could upgrade to a slightly older Gitea (1.1.4) which may be pre-API break, but I'm not sure - yes please next topic, this one ends with: we need more help with Gitea/Drone if we want to keep the service
   [15:39] <MartinSpott> wildintellect: which ones did you already discuss ?
   [15:40] <robe2> I think we were up to gitlab
   [15:40] <robe2> bj0rn[m] was going to fill us in on what he needs there
   [15:40] <strk> as we spoke I was just made aware that Gitea-1.2.2 is now also tagged
   [15:40] <robe2> strk I think we should just go with latest gitea and gogs as planned
   [15:41] <robe2> drone seems fairly active project to me - https://github.com/drone/drone/issues?q=is%3Aissue+is%3Aclosed
   [15:41] <sigabrt> Title: Issues · drone/drone · GitHub (at github.com)
   [15:41] <robe2> they've closed prs fairly recently so not terribly concerned at moment
   [15:42] <bj0rn[m]> On gitlab, simply put I'd like to migrate the experimental gitlab to an official osgeo host. Preferably a reasonably recent debian or ubuntu (v)machine. I think it will run fine with min 4 GB RAM and 10 GB dedicated partition space. AFAIK the only help I need is adjusting the proxy and perhaps something about the LDAP integration/encryption keys.
   [15:43] <wildintellect> bj0rn[m], are the repos stored outside that 10 GB?
   [15:43] <bj0rn[m]> can be configured, but yes that's a quite low minimum. but on the current host I have much less than that.
   [15:44] <wildintellect> sure I just anticipate if it gets used it will grow past that somewhat quickly
   [15:44] <strk> I can help with the proxy, as I setup the previous one
   [15:44] <strk> but maybe we can avoid the proxy completely
   [15:44] <wildintellect> is this worth containerizing?
   [15:44] <robe2> speaking of LDAP MartinSpott did you get a chance to look at my work to make sure it's okay on new website?
   [15:44] <strk> can GitLab limit the size of repositories on a per-user basis ?
   [15:45] <MartinSpott> I looked at the OS side of the setup, need to check what else is at stake
   [15:45] <bj0rn[m]> wildintellect: it can definitely be containerized but requires more initial work.
   [15:46] <bj0rn[m]> I'm up for the challange though, but can't estimate the value of it.
   [15:46] <wildintellect> ok, so we'll officially note the request for the hosting, and the base requirements - I think where to put it will follow the discussion thats next on the agenda of what we are currently running
   [15:46] <wildintellect> bj0rn[m], I was wondering if gitlab already has a docker image?
   [15:47] <bj0rn[m]> yes it does
   [15:47] <wildintellect> https://hub.docker.com/r/gitlab/gitlab-ce/
   [15:47] <wildintellect> so that might make it easier
   [15:48] <bj0rn[m]> sure, the actual base image works fine I've tried it before. but proper deployment might require some additional configuration/composition and thought on what to keep inside and outside of the container.
   [15:49] <bj0rn[m]> if there is already a container service that I can use, I can see the value.
   [15:49] <strk> isn't Gitea already in a container bj0rn[m] ?
   [15:49] <MartinSpott> robe2: is there a "robe" account in OSGeo LDAP ?
   [15:49] <strk> sorry, I meant GitLab, not Gitea
   [15:49] <robe2> yes robe
   [15:50] <robe2> MartinSpott robe is my OSGeo LDAP name
   [15:51] <strk> (my question was already answered above, please disreguard)
   [15:51] <bj0rn[m]> strk: no, I'm running it through omnibus package management. it's the most simple setup and the current host is too weak for docker.
   [15:51] <MartinSpott> Maybe not relevant to the meeting, but I'd like to  replace local accounts by LDAP
   [15:51] <strk> MartinSpott: you talking about the website ? Website is one of the points in the meeting agenda
   [15:51] <robe2> MartinSpott all for that too
   [15:52] <wildintellect> MartinSpott, we're all fine with that, I don't think robe2 knows how to do that (nor do I )
   [15:52] <MartinSpott> robe2: should now be able to log in with your LDAP account
   [15:52] <robe2> on which host?
   [15:52] <strk> did we switch to Website topic ? (please keep order :)
   [15:53] <robe2> I was always able to on the new website
   [15:53] <robe2> I mean with my LDAP
   [15:53] <MartinSpott> no, you've still been using a local account
   [15:53] <MartinSpott> as robe
   [15:53] <MartinSpott> I'm fine with leaving this for later
   [15:53] <wildintellect> strk, I think this is an unlisted topic that came up, which is open questions about LDAP configuration
   [15:53] <bj0rn[m]> for the site content / issue management etc. gitlab can use a few diff databases. postgresql is a nice choice. this is also something that needs consideration when running containerized.. internal or external db.
   [15:53] <robe2> really how doe sthat work. It accepted my LDAP password
   [15:54] <wildintellect> robe2 account and auth can be 2 different things
   [15:54] <MartinSpott> by default, local accounts are first
   [15:54] <bj0rn[m]> if there are no more questions I have no more info/items to bring up regarding gitlav.
   [15:54] <robe2> so how do local accounts get authenticated?
   [15:55] <wildintellect> bj0rn[m], thanks for the info
   [15:55] <MartinSpott> by password  :-)
   [15:55] <robe2> that was my question.  I had setup wildintellect without a password he was able to log in with his LDAP password
   [15:55] <wildintellect> robe2,  I think this gets at the having to create users before the LDAP password works
   [15:55] <robe2> so we don't need to create users?
   [15:56] <wildintellect> I think there's a way to have LDAP do it when needed if user has correct permissions in LDAP
   [15:56] <robe2> MartinSpott so how did you fix that I guess is the question
   [15:56] <robe2> it should be outlined somewhere for future reference
   [15:57] <MartinSpott> I've tweaked the LDAP configuration as outlined recently and afterwards started removing local users
   [15:57] <robe2> okay I guess that would address strk cschmidt thing as well
   [15:59] <strk> bj0rn[m]: question: does GitLab support "external tracker" ? (ie: to keep using Trac)
   [15:59] <robe2> MartinSpott confirmed I can still log into osgeo.public.cloudvps.com  with my robe / LDAP password
   [15:59] <MartinSpott> fine
   [16:00] <strk> MartinSpott: any reason not to automatically create homes on first login ?
   [16:00] <strk> ie: choice or just not-easy ?
   [16:00] <MartinSpott> well, maybe it's a matter of taste
   [16:00] <bj0rn[m]> strk: I haven't looked into it. I recollect a recent conversation recently that there was some kind of bridge to trac.. but I forgot who wrote that.
   [16:01] <strk> who's chairing btw ? as I think we're mixing topics which isn't nice :)
   [16:01] <strk> bj0rn[m]: and what about migration tools from Trac to GitLab, are you aware of any ?
   [16:01] <strk> say if some existing project would like to move...
   [16:02] <bj0rn[m]> strk: there is this page on external tracker integration - https://docs.gitlab.com/ce/integration/external-issue-tracker.html
   [16:02] <robe2> MartinSpott where on Wiki is the page you updated?
   [16:02] <sigabrt> Title: External issue tracker - GitLab Documentation (at docs.gitlab.com)
   [16:02] * strk might abandon Gogs/Gitea/Drone if GitLab/OSGeo has more sysadmins ...
   [16:02] <robe2> didn't see anything updated here - https://wiki.osgeo.org/wiki/SAC:betawebsite
   [16:02] <sigabrt> Title: SAC:betawebsite - OSGeo (at wiki.osgeo.org)
   [16:02] <MartinSpott> I think I put it into a Trac ticket
   [16:03] <strk> bj0rn[m]: Trac is missing from there, unfortunately
   [16:04] <bj0rn[m]> strk: mm, long list here but still no trac: https://docs.gitlab.com/ce/user/project/integrations/project_services.html#accessing-the-project-services
   [16:04] <sigabrt> Title: Project services - GitLab Documentation (at docs.gitlab.com)
   [16:05] <bj0rn[m]> strk: google finds some lonely trac to gitlab importer projects, not found anything convincing yet though.
   [16:05] <strk> no more question from my side about GitLab
   [16:06] <robe2> MartinSpott I'm blind not seeing it.  Could be jsut too many trac tickets to follow
   [16:06] <robe2> can you put on wiki somewhere
   [16:06] <strk> other than maybe asking how many projects would use GitLab shall it get more resources
   [16:06] <strk> more resources == those 4 GB of RAM and 10 GB of disk
   [16:06] <MartinSpott> robe2: Indeed, too many tickets ....
   [16:07] <MartinSpott> #2010
   [16:08] <MartinSpott> I'm sure there was a page containing these instructions, but I searched the wiki without success
   [16:08] <strk> current Gogs git repositories take 9.7G of disk space, ~4 of which are taken by foss4g-europe
   [16:08] <strk> followed by 1.7G of astrid_emde and 1.2G of qgis (a mirror)
   [16:08] <robe2> MartinSpott ah the obvious ticket I should have checked :)
   [16:09] <strk> those numbers could go to https://wiki.osgeo.org/wiki/VisibilityStats (toghether with numbers from GitLab)
   [16:09] <sigabrt> Title: VisibilityStats - OSGeo (at wiki.osgeo.org)
   [16:09] <robe2> MartinSpott so I'll add these to the SAC:betawebsite setup first
   [16:09] <MartinSpott> fine with me
   [16:10] <robe2> what's the difference between aptitude and apt-get
   [16:10] <wildintellect> a holy war in the debian world
   [16:10] <robe2> does it matter which is used
   [16:10] <wildintellect> it does
   [16:10] <wildintellect> we should always use the same
   [16:10] <robe2> I think website I just used apt-get for everything
   [16:11] <wildintellect> they are 2 different programs with the same purpose that don't talk to each other
   [16:11] <wildintellect> so things can get weird if you mix
   [16:11] <bj0rn[m]> strk: might be worth trying - https://github.com/nazavode/tracboat
   [16:11] <sigabrt> Title: GitHub - nazavode/tracboat: Trac to GitLab migration toolbox (at github.com)
   [16:11] <robe2> okay so transcribing instructions, I should switch your use to apt-get instead of aptitude
   [16:11] <robe2> we should have a separate instruction for setting up new vms I guess
   [16:12] <robe2> that one can use aptitude but seems apt-get is more popular
   [16:13] <strk> bj0rn[m]: if you want to try it feel free to migrate PostGIS and show the results :)
   [16:15] <robe2> what's the difference between libpam-ldapd  and libpam-ldap
   [16:15] <bj0rn[m]> strk: well, right now I don't have any working gitlab installation. :) proxy says it doesn't respond as it should but don't know why, it seems ok.. but haven't dug into it, and would avoid it if the old host can be put to rest.
   [16:15] <MartinSpott> robe2: entirely different implementation
   [16:15] <robe2> ah
   [16:15] <robe2> so did you unintall what I had on server and install the new stuff
   [16:15] <MartinSpott> and -ldapd handles the encryption in a different way
   [16:16] <MartinSpott> because GnuTLS refuses to run setuid
   [16:16] <robe2> Maybe would be better if you updated this - https://wiki.osgeo.org/index.php?title=SAC:betawebsite
   [16:16] <sigabrt> Title: SAC:betawebsite - OSGeo (at wiki.osgeo.org)
   [16:16] <robe2> as I'm not sure what is on there at this point
   [16:17] <strk> ah right, GitLab died !
   [16:17] <jef> strk: I know.
   [16:17] <robe2> MartinSpott strk knows about this but I've been setting up vms on my winnie.postgis.net server to get a flavor for this
   [16:17] <robe2> so was thinking I should probably do a debian 8 (I have a debian 9 setup)
   [16:17] <jef> strk: no idea. I have my own mirror - everyone has ;)
   [16:18] <robe2> go thru the process of integrating osgeo ldap following what ever steps we outline
   [16:18] <strk> jef: as https://git.osgeo.org/gogs/qgis/qgis is high on the list of top-big-sized repos, is it ok to just drop it ?
   [16:18] <sigabrt> Title: qgis/qgis: QGIS is a free, open source, cross platform (lin/win/mac) geographical information system (GIS) - OSGeo - your opensource compass (at git.osgeo.org)
   [16:18] <MartinSpott> robe2: Debian 8 and 9 behave in the same way concerning LDAP/PAM/TLS
   [16:19] <strk> robe2, MartinSpott I agree a wiki page describing _how_ to setup LDAP mediated shell access is needed
   [16:19] <MartinSpott> I think the change was in Debian7
   [16:19] <MartinSpott> .... or 6
   [16:19] <strk> should we get back to the agenda ? https://wiki.osgeo.org/wiki/SAC_Meeting_2017-10-26
   [16:19] <sigabrt> Title: SAC Meeting 2017-10-26 - OSGeo (at wiki.osgeo.org)
   [16:19] <robe2> Yah we should label something like setting up LDAP on new Debian7+
   [16:19] <strk> which topics were covered already ?
   [16:20] <robe2> strk sorry for getting us off topic, hard for my mind not to deviate
   [16:20] <strk> - Refresh lit of primary administrators | done ?
   [16:20] <strk> is Shawn Barnes still a aprimary administrator ?
   [16:20] <strk> and who is Wlof Bergenheim ?
   [16:20] <MartinSpott> Wolf took care of the Drupal setup for a while
   [16:21] <strk> which is the website being abandoned for Wordpress, correct ?
   [16:21] <MartinSpott> but he's gone long time ago, I suspect
   [16:21] <MartinSpott> Drupal is used on the main OSgeo website
   [16:21] <MartinSpott> only
   [16:21] <MartinSpott>   ;-)
   [16:21] <MartinSpott> Hah, the Wiki page even lists Drupal for Wolf
   [16:21] <strk> right, so it's being replaced by the one robe2 is setting up a VM for
   [16:22] <MartinSpott> I think so
   [16:22] <strk> so, Wolf stroke out: https://wiki.osgeo.org/wiki/SAC:Primary_Administrators
   [16:22] <sigabrt> Title: SAC:Primary Administrators - OSGeo (at wiki.osgeo.org)
   [16:22] <wildintellect> Shawn also retired from SAC service
   [16:23] <strk> how about Shawn ? I remember something about removing "sbarnes" from sudo but hadn't found a log of the why and how
   [16:23] <strk> Shawn stroke out too
   [16:23] <strk> please reload
   [16:23] <strk> I saw Frank helping some (with Chris contact, for example)
   [16:23] <robe2> strk what did you just volunteer me for?  I heard my name :)
   [16:24] <strk> so, should anyone else be added up there ?
   [16:24] <wildintellect> yes Frank and Howard are still active in OSGeo , I would call them "Reserve", people who can help if things get stuck but aren't active in SAC
   [16:24] <strk> maybe we can add a "Reserve" section ?
   [16:24] <robe2> Do howard and frank still do stuff for SAC?
   [16:24] <strk> as "Reserve", looks like
   [16:24] <robe2> I know they are still active OSGeo members but for sAC too?
   [16:25] <wildintellect> only occasionally when no one else can figure it out or is overloaded
   [16:25] <strk> also, that page mention "Peer1", is that still a thing ? Or can we please drop those references ?
   [16:25] <strk> and a clear definition of what is a "Primary Admin" would be nice
   [16:25] <wildintellect> no Peer1 is long gone
   [16:25] <strk> all sudoers on "secure" machine ? or what else ?
   [16:25] <MartinSpott> we don't use peer1 any more, as far as I can tell
   [16:25] <wildintellect> Primary Admins historically had ssh keys to root
   [16:26] <strk> robe2: so, I volunteer you to drop "Peer1" from wiki pages which are not considered obsoleted
   [16:26] <strk> starting from https://wiki.osgeo.org/wiki/SAC:Primary_Administrators
   [16:26] <sigabrt> Title: SAC:Primary Administrators - OSGeo (at wiki.osgeo.org)
   [16:26] <robe2> strk okay those peer1 things were annoying me.  So happy to do that
   [16:26] <strk> second page would be: https://wiki.osgeo.org/wiki/SAC_Service_Status
   [16:26] <sigabrt> Title: SAC Service Status - OSGeo (at wiki.osgeo.org)
   [16:27] <strk> there they are already marked as "retired" but I'd drop them completely
   [16:27] <robe2> what about telascience?
   [16:27] <strk> too much noise for a single page anyway
   [16:27] <strk> good question. MartinSpott ? What about telascience ?
   [16:27] <strk> https://wiki.osgeo.org/wiki/SAC_Service_Status#Servers_at_Telascience_Blades
   [16:27] <sigabrt> Title: SAC Service Status - OSGeo (at wiki.osgeo.org)
   [16:27] <strk> there's a question from 2015 (missing a question mark, but looks like a question)
   [16:28] <MartinSpott> The last telascience machines I've been using broke several years ago
   [16:28] <strk> bj0rn[m]: how's your SAC impression forming ? :)
   [16:28] <MartinSpott> the former FlightGear Map Server ....
   [16:28] <strk> DarkStar like :) http://www.imdb.com/title/tt0069945/
   [16:28] <sigabrt> Title: Dark Star (1974) - IMDb (at www.imdb.com)
   [16:29] <bj0rn[m]> strk: trick question? :D
   [16:29] <strk> so you know where you are asking for 4GB RAM and 10GB disk :P
   [16:29] <robe2> what's osgeo1 it's under peer but those domains look still active
   [16:30] <wildintellect> osgeo1 and osgeo2 were rented machines at peer1
   [16:30] <bj0rn[m]> strk: I'm currently battling Gdal C# bindings so most things seems nicer.
   [16:30] <wildintellect> everything from there was moved to osgeo3 and 4
   [16:30] <MartinSpott> osgeo1/2 were at peer1
   [16:30] <MartinSpott> sorry, duplicate
   [16:31] <robe2> bj0rn[m] oh know what are you doing playing with c#
   [16:31] <robe2> MartinSpott so where is www.osgeo.org housed now
   [16:31] <robe2> still listed under osgeo1 but that can't be right
   [16:31] <MartinSpott> it's a VM on osgeo3 or 4
   [16:32] <wildintellect> osgeo3 web vm
   [16:32] <wildintellect> robe2 https://wiki.osgeo.org/wiki/Infrastructure_Transition_Plan_2010#osgeo3_.26_osgeo4 is more up to date
   [16:32] <sigabrt> Title: Infrastructure Transition Plan 2010 - OSGeo (at wiki.osgeo.org)
   [16:32] <wildintellect> we need to copy data from there to the Service status
   [16:33] <wildintellect> and modify a few things that are now on osgeo6
   [16:33] <MartinSpott> better move instead of copy
   [16:34] <strk> I use "Service status" as my current compass in OSGeo infra
   [16:34] <strk> so plase let's make it so :)
   [16:34] <bj0rn[m]> robe2: gotta choose battles. at least I was able to get sql server switched out to postgres.
   [16:35] <strk> robe2: "Web" is 1.1.4 in https://wiki.osgeo.org/wiki/SAC_Service_Status
   [16:35] <sigabrt> Title: SAC Service Status - OSGeo (at wiki.osgeo.org)
   [16:35] <strk> "clearly" (more or less) showing it being a VM in osgeo3
   [16:35] <robe2> bj0rn[m] well on bright side .net framework is mostly open source now
   [16:35] <strk> focus please (it's late :)
   [16:35] <strk> - Refresh list of "primary administrators" | done now ?
   [16:36] <robe2> osgeo3 and osgeo4 aren't pingable
   [16:36] <strk> I just removed "peer1" references there
   [16:36] <MartinSpott> they're hidden
   [16:37] <wildintellect> robe2, correct they do not have a public ip
   [16:37] <strk> it's still not clear what makes a SAC member a "Primary Administrator"
   [16:37] <MartinSpott> jive: 22:37:02 ~> ping osgeo3.osuosl.bak
   [16:37] <MartinSpott> PING osgeo3.osuosl.bak (10.1.0.171) 56(84) bytes of data.
   [16:37] <MartinSpott> 64 bytes from osgeo3.osuosl.bak (10.1.0.171): icmp_seq=1 ttl=63 time=176 ms
   [16:37] <strk> the page says "highest level of access to OSGeo system resources"
   [16:37] <strk> and goes in details to mention "DNS account" and "LDAP Admin Password"
   [16:37] <wildintellect> strk, I think that's one of those things we need to formally define at some point
   [16:38] <strk> both those (and more) are given to anyone in "sudo" group on the "secure" machine
   [16:38] <MartinSpott> strk: public key in root and access to the surrounding infrastructure like DNS, I'd say
   [16:38] <strk> sudo:x:27:tmitchell,warmerdam,hobu,martin,wolf,neteler,aboudreault,wildintellect,strk
   [16:38] <wildintellect> yes anyone with access to the sudo on secure essentially has access to everything
   [16:38] <strk> to be ticketed: remove wolf
   [16:39] <wildintellect> also remove tmitchell and aboudreault from there
   [16:40] <robe2> I thought primary administrators can still sudo/ root in even when LDAP is down
   [16:42] <strk> right, sudo *and* pubkey in root authorized_key
   [16:43] <strk> I need to leave, sorry, if anyone can at least ticket these tasks we have an outcome for that point on the agenda
   [16:43] <strk> did you handle to discuss contract ?
   [16:44] <strk> might have a few more mins, but this meeting seems to have run longer than expected already ?
   [16:44] <strk> it looks like there's been a single answer to the call-for-interest
   [16:44] <strk> from MartinSpott
   [16:45] <strk> do you think it can be discussed/decided on today ?
   [16:45] <robe2> strk oh yah contract important
   [16:46] <robe2> I'm okay with Martin's company have contract
   [16:46] <MartinSpott> BTW, my employer was kindly asking for the same amount of Euros instead of $ USD
   [16:46] <robe2> strk your opinion
   [16:46] <MartinSpott> after realizing that similar conversion had been discussed for strk's contract
   [16:46] <robe2> I think it would be nice to rotate.  I'd be willing to do next contract once I feel more comfortable with my abilities
   [16:46] <strk> +1 for MartinSpott
   [16:47] <MartinSpott> I don't remember how Sandro's contract finally looked like
   [16:47] <strk> and +1 for EUR instead of USD
   [16:47] <strk> I got 5k EUR
   [16:47] <wildintellect> I don't see any issue with that
   [16:48] <wildintellect> we just need to do the conversion for our budget sheet in USD
   [16:49] <MartinSpott> we're having a strong IT security department and people first made fun when I was talking about contracting with a US American organization  ;-)
   [16:49] <robe2> MartinSpott snobs
   [16:49] <robe2> we invented the internet :)
   [16:50] <MartinSpott> and we're still lagging ....
   [16:50] <robe2> will be interesting to experience internet from Taiwan
   [16:51] <wildintellect> ok so we need to work on getting the contract wording, documents prepared, and officially voting on what tasks will be covered (via mailing list)
   [16:51] <robe2> Leo, my husband says Taiwan is way ahead, public internet everywhere and transit is so super now they have transit to every airport terminal
   [16:51] <MartinSpott> may we use strk's contract as a template ?
   [16:51] <robe2> and universal healthcare
   [16:51] <robe2> I think he's glad he didn't turn in his Taiwan citizenship
   [16:52] <strk> Venka should hav ea template
   [16:52] <strk> from the last time
   [16:52] <MartinSpott> ok
   [16:52] <strk> is he still president ?
   [16:52] <wildintellect> MartinSpott, yes I'll ask for that as a template
   [16:52] <robe2> strk I think so
   [16:53] <robe2> didn't think we voted for a new one yet or am I that out of it
   [16:53] <strk> I have an .odt too, but better if Venka has his own, just let me know if you need assistance for that
   [16:53] <wildintellect> robe2, no I want to put the details in an email for vote
   [16:53] <strk> check your spam folder robe2, it's been a mess this year
   [16:53] <robe2> I switched to digest mode
   [16:53] <robe2> too much information
   [16:53] <strk> wildintellect: I think she's talkign about OSGeo president
   [16:54] <robe2> strk yah Osgeo president
   [16:54] <wildintellect> ah, well final meeting topic - next meeting time?
   [16:54] <strk> for contract it is sensible to put out an official [MOTION]
   [16:54] <strk> will you do the motion for sysadmin contract wildintellect ?
   [16:55] <wildintellect> strk, yes that will be my task
   [16:55] <strk> great, thanks for that!
   [16:55] <MartinSpott> and to phrase a reasonable statement of work
   [16:55] <wildintellect> https://www.timeanddate.com/worldclock/fixedtime.html?iso=20171109T1900
   [16:55] <sigabrt> Title: Event Time Announcer (at www.timeanddate.com)
   [16:56] <wildintellect> does that time work or should we shift, due to Daylight Savings changes in some countries?
   [16:56] <strk> how about we trust MartinSpott on his ability to be self-directed ? I'm afraid voting on tasks list may take forever...
   [16:56] <wildintellect> strk, it will be more generic, like yours, high value trac tickets related to topics x,y,z
   [16:56] <strk> I dont' think trac supports votes , in its current form at least
   [16:56] <MartinSpott> well, having a primary and secondary focus might be beneficial
   [16:57] <robe2> time works okay for me
   [16:57] <wildintellect> there is a trac polling plugin
   [16:57] <wildintellect> but I'm not suggesting we need that
   [16:57] <MartinSpott> time's too early, no daylight savings in November
   [16:57] <strk> yeah, generic is ok. I think for example LDAP improvements, Wiki updates and trac tickets cleanup for example
   [16:57] <robe2> I think general is good enough  from my perspective high priority seem like LDAP, SSL
   [16:58] <strk> ah right, SSL is urgent
   [16:58] <robe2> and then it's going to be how much Martin can fit in x hours paid
   [16:58] <strk> right, in priority order
   [16:59] <robe2> MartinSpott what time works better for you
   [16:59] <MartinSpott> Sunday morning
   [16:59] <robe2> I'm fairly open - like I said my schedule is chaotic so most any time is good as any other
   [16:59] <MartinSpott> :-)
   [17:00] <wildintellect> we can move +1 to keep it roughly the same time accounting for Daylight Savings countries
   [17:00] <MartinSpott> I just wanted to remain that the different to UTC will change in a couple of days
   [17:00] <MartinSpott> remain/remark
   [17:00] <wildintellect> ya that's why I brought up the topic
   [17:02] <robe2> Sunday morning what time is that UTC?
   [17:02] <MartinSpott> Sunday morning 9 UTC would be perfect, but I sense it isn't for everybody
   [17:02] <wildintellect> ya that like 2am for me
   [17:02] <strk> works for me too, should be 7am Friday in NZ (don't count on me though to be there :)
   [17:02] <robe2> I'm okay with that time
   [17:03] <strk> https://www.timeanddate.com/worldclock/fixedtime.html?iso=20171109T1900
   [17:03] <robe2> but maybe we can push a little later?
   [17:03] <sigabrt> Title: Event Time Announcer (at www.timeanddate.com)
   [17:03] <MartinSpott> I didn't mean to wake people up around midnight
   [17:03] <robe2> so works for Alex?
   [17:03] * strk leaves, talk to you from airports or sky next
   [17:03] <wildintellect> no I can't make 2am on any day (not anymore)
   [17:03] <MartinSpott> hey, stay with Thursday evening, in case of doubt I'll read the transcript
   [17:04] <wildintellect> do you want us to bump it back an hour on Thursday?
   [17:04] <robe2> well would be nice to have you in next especially if we are going to go over contract
   [17:05] <MartinSpott> I'd say choose the same local time and I'll try to catch it
   [17:05] <MartinSpott> which means 8PM UTC
   [17:05] <wildintellect> ok so +1 hr to https://www.timeanddate.com/worldclock/fixedtime.html?iso=20171109T2000
   [17:05] <sigabrt> Title: Event Time Announcer (at www.timeanddate.com)
   [17:06] <MartinSpott> yup
   [17:07] <wildintellect> ok noted, thanks everyone for coming
   [17:07] <MartinSpott> long time no see  :-)
   [17:10] <robe2> great I'll create next agenda page
   [17:10] <MartinSpott> Concerning the osgeotest2 account on the vps: May we switch that one to OSGeo LDAP as well
   [17:20] <robe2> MartinSpott yes
   [17:20] <robe2> osgeotest2 is getinteractive's LDAP account