Talk:SAC Meeting 2017-11-09

From OSGeo
Jump to navigation Jump to search

New Website

Decided we should host code in Gogs. Need to setup repo for osgeotest2 to be able to post. [1]

For DNS name leaning to [2] Already done by Alex. Regina has informed Jeff of the change.

Git Services Status report and Gitea/ Gogs upgrade

Strk says drone 0.5 will work with gitea. So first step is to put Gogs in readonly mode and then do a dump /restore into gitea and turn off gogs.


Bjorn will try to setup SSL with letsencrypt on the current. Waiting for beefier server to put it on.

Budget Report

Plan to allocate $20000. Of which at least $5000 will be spent on new server, $5000 on EU contract for Martin, and remaining $10,000 to be split on Cloud Hosting and other things.

Vote for Martin sys admin contract reposted on mailing list


   20:02:44	robe2:	All ready for meeting
   20:03:08	robe2:	strk svn was down for a bit I think
   20:03:18	robe2:	pramsey was delayed committing his changes as a result
   20:05:09	wildintellect:	I see some short gaps in the munin charts
   20:05:10	sigabrt:	Title: Munin :: :: (at
   20:05:45	wildintellect:	Hmm, the wiki machine is running low on space
   20:08:17	wildintellect:	anyone else beside robe2 here for the meeting?
   20:08:22	MartinSpott:	yes
   20:09:28	MartinSpott:	4 GByte of MediaWiki logs ....
   20:10:15	MartinSpott:	outdated logs
   20:10:19	MartinSpott:	will remove
   20:11:59	wildintellect:	robe2, go ahead and start
   20:13:19	MartinSpott:	I'd like to restart the Apache server process on the Wiki VM
   20:14:19	wildintellect:	MartinSpott, sure unless you think it would take a long time
   20:14:31	MartinSpott:	no, just a few seconds
   20:14:41	MartinSpott:	to check, if there'll be a new MW log
   20:15:00	robe2:	okay - agenda here -
   20:15:30	robe2:	For Website, GetInteractive has restored the wordpress site
   20:15:35	MartinSpott:	restart successful :-)
   20:15:48	robe2:	and given us the mysql root password, of which I have yet to post to secure. Will do that later today
   20:16:17	robe2:	They asked what to do with the files, put on github or if we have some git repo for them to post it to. I was thinking gogs?
   20:16:55	robe2:	as I assume there might be some things we want kept private in the repo
   20:17:10	wildintellect:	I'm not so sure there's anything private
   20:17:15	wildintellect:	it's just a wordpress theme
   20:17:27	robe2:	wildintellect not yet at anyrate but could be in future
   20:17:40	cvvergara:	I am here
   20:17:52	wildintellect:	robe2, lets start with gogs if that's easy
   20:18:05	MartinSpott:	hobu: Howard - hi !
   20:18:14	hobu:	cheers!
   20:18:16	wildintellect:	I'll not the rest of the deliverables went to github
   20:18:20	wildintellect:	note
   20:18:22	robe2:	yah I think it would be they've already got an osgeo account so we'd just need to setup to allow that account access to post etc.
   20:19:15	wildintellect:	go ahead with that, we can always copy somewhere else if needed
   20:21:59	wildintellect:	in regards to website, we need to finalize the name for the new copy of the site. beta and staging were suggested, with 2 votes for staging - any one else have a vote?
   20:22:33	MartinSpott:	no, I don't mind at all, I'm just waiting for the result ;-)
   20:23:02	robe2:	wildintellect - beta is slightly shorter to type :)
   20:23:14	robe2:	but aside from that I'm indifferent
   20:23:29	cvvergara:	beta is easier to rtemember
   20:23:48	robe2:	okay lets do beta :)
   20:24:15	wildintellect:	well, please vote
   20:24:16	robe2:	who proposed staging?
   20:24:28	wildintellect:	strk proposed staging
   20:24:46	wildintellect:	I agreed it less ambiguous than beta
   20:24:52	wildintellect:	which could be anything
   20:24:52	MartinSpott:	dot or hyphen .... ;-)
   20:25:37	cvvergara:	yes staging is less ambiguous
   20:26:02	robe2:	did we vote on mailing list? I've been out for a bit still not back to normal
   20:26:14	wildintellect:	yes a vote was started on the list
   20:26:35	wildintellect:	or at least a discussion, with stated preference
   20:27:08	robe2:	nevermind I see the vote
   20:27:48	cvvergara:	dot
   20:28:01	robe2:	dot?
   20:28:09	robe2:
   20:28:33		* cvvergara dot or hyphen
   20:28:37	robe2:	how about just (people are going to get to it eventually by anyway)
   20:28:46	wildintellect:	that's what I said on the list
   20:29:55	MartinSpott:	anybody here editing the wiki right now ?
   20:30:05	strk:	I'm here but not really here
   20:30:31	strk:	no bike shedding please, pick one and move on :)
   20:30:54	strk:	I suggested <something> so you know it's a beta/staging/test deploy of ""
   20:31:01	strk:	rather than something else like "" for example
   20:31:12	strk:	just to get the full final real name included
   20:31:26	strk:	but robe2 point is a good one
   20:31:38	robe2:	MartinSpott I've been putting notes in the discussion tab
   20:31:42	strk:	if they get there by "" then "" still has that characteristic
   20:32:27	MartinSpott:	robe2: please check if they're still available
   20:33:26	MartinSpott: ?
   20:33:45	robe2:	MartinSpott if what is still available? (lets not add www to it)
   20:34:08	MartinSpott:	No, if the discusion notes are still available :-)
   20:34:37	MartinSpott:	and to make a long discussion short, I proposed to enable in DNS
   20:34:57		* robe2 confused what we are talking about --
   20:34:59	sigabrt:	Title: Talk:SAC Meeting 2017-11-09 - OSGeo (at
   20:35:52	MartinSpott:	robe2: I just restarted the Apache instance on the Wiki VM in order to disable Debug logging and I was hoping I didn't purge anybody's edits
   20:36:06	robe2:	MartinSpott ah okay
   20:36:12	robe2:	I still see my notes
   20:36:22	MartinSpott:	fine
   20:36:42	robe2:	anyway you want to do or just -- I just want the quickest way to end this boring discussion
   20:36:47	robe2:	I'll agree to anything :)
   20:37:02	MartinSpott: - for no particular reason
   20:37:41	robe2:	strk you feeling?
   20:37:50	robe2:	your feeling
   20:38:19	robe2:	okay it is
   20:38:23	wildintellect:	sounds good
   20:38:37	wildintellect:	robe2, please inform Jeff Lasut?
   20:38:47	wildintellect:	I can put it in the DNS
   20:38:56	MartinSpott:	I'm already there
   20:39:29	robe2:	okay put it in and close the related ticket -
   20:39:31	sigabrt:	Title: #2012 (Beta website DNS entry) – OSGeo (at
   20:39:52	strk:	my feeling is whoever is facing the DNS configuration takes the decision
   20:40:26	strk:	great, next item ? :)
   20:42:01	strk:	GIT service status: nothing changed on my side, but I've heard Gitea-1.2.3 should work with Drone-0.5 so there may be no need to upgrade Drone, and I tried Gitea migration to be pretty straightforward
   20:42:51	strk:	for a perfect upgrade we should only find a way to put the service in read-only mode, which I'm not sure how to do (probably Apache preventing POST/DELETE/PUT methods is enough)
   20:45:03	robe2:	strk so are you going to put gitea in read only or gogs in read-only?
   20:49:32	robe2:	wildintellect sent him the note. Oh I forgot we were also going to do ssl letsencrypt right?
   20:51:17	strk:	(1) gogs in readonly mode (2) dump gogs db for a backup (3) start gitea in readonly mode (4) check that things work (5) switch gitea to readwrite
   20:51:30	strk:	^^^ that's the plan, but I don't have a schedule to do that
   20:51:57	MartinSpott:	letsencrypt is quite new to me, I have no idea wether it meets OSGeo's needs
   20:51:59	strk:	robe2: I was also hoping you'd be doing that test yourself (you got the dump right ?)
   20:52:11	strk:	letsencrypt is already in use for some OSGeo services, it works great with Apache
   20:52:16	strk:	it's called "certbot" now
   20:52:18	MartinSpott:	if it was decided to go this route, then I'll have a look at it
   20:52:20	strk:	and packaged
   20:52:28	strk:	(for newer systems ofc)
   20:52:47	strk:	you do something like: certbot -d
   20:53:03	robe2:	strk the gogs dump yet.
   20:53:05	strk:	and it should figure out all the rest (changes apache config, logs status somwhere)
   20:53:07	robe2:	yes
   20:53:09	strk:	later you do: certbot renew
   20:53:22	strk:	and it renews all certs for which it has logged status (/etc/lesencrypt I think)
   20:53:24	robe2:	I can redump again I guess -- its standard pg_dump right? from the trac vm?
   20:53:31	strk:	standard pg_dump robe2
   20:53:37	strk:	db name is "gogs"
   20:53:38	MartinSpott:	I'd prefer not to let any unknown tool change my Apache config ....
   20:53:49	strk:	MartinSpott: you can ask "certbot" not to touch configs too
   20:54:03	strk:	I think it's a --certonly switch or similar, it does have an help
   20:54:18	strk:	or --webroot only if it doesn't need to even know about which server you're using
   20:54:32	strk:	I'm sure you'll like it MartinSpott
   20:54:45	strk:	it uses a protocol called I think ACME
   20:55:02	strk:	which only verifies that you have access to the root of that domain, via .known-uri
   20:55:26	robe2:	Do we have a ticket for the ssl piece. for
   20:55:29	strk:	sorry, it is .well-known
   20:55:50	strk:	any.domain/.well-known <-- is a standad URI, can't remember the name of this thing
   20:55:59	strk:	things like Webfinger are based on that
   20:55:59	robe2:	strk I've seen lots of sites use it gaining wide popularity and soon they'll have wild-card support too
   20:56:59	strk:	so "certbot" I think will ask for a certificate, and it has to prove it can modify something in .well-known url, I think it's something under an "acme" directory or something
   20:57:54	MartinSpott:	BTW, works after adding a ServerAlias - but it's redirecting to ;-)
   20:58:42	strk:	are we keeping the new server configuration under a Git repository too ? I suggest we do
   20:58:59	strk:	and maybe also have it published on Gogs (to become Gitea some day in the future)
   20:59:03	strk:	as a private repo I guess
   20:59:14	robe2:	strk yes we should that's why I was saying we wouldn't want it on github public so might as well use our private git repo
   20:59:38	strk:	boycott github !
   21:00:10	robe2:	strk it's .well-known folder like you said I think a lot of SSL providers do it that way
   21:00:34	robe2:	I had to do that when I got a comodo ssl recently had to create a .well-known/pki-validation folder
   21:01:15	robe2:	strk we shall boycott github but not say "Boycott" we are just not using it for pragmatic reasons :)
   21:03:20	MartinSpott:	Moggeeen !
   21:03:29	markusN:	Moin moin
   21:03:36	MartinSpott:	Wobissndugerade?
   21:03:42	markusN:	hab wohl mal wieder das meeting verpasst
   21:03:44		* markusN still on the road
   21:03:45	markusN:	Italia
   21:03:51	MartinSpott:	ah
   21:04:00	markusN:	tomorrow speaking @
   21:04:23	MartinSpott:	!
   21:04:30	jef:	markusN: you didn't miss much ;)
   21:05:10	robe2:	MartinSpott so you going to take on the SSL for
   21:05:35	robe2:	Guess next on agenda is bj0rn[m]
   21:05:56	MartinSpott:	First we need intervention from the site maintainers to make it properly respond to the new DNS name
   21:05:59	bj0rn[m]:	oh? I'm on an agenda? :)
   21:06:09		* strk reading backlog
   21:06:20	robe2:	bj0rn[m] yah the gitlab thing
   21:06:36	robe2:	though maybe you are being held up with our server farm discussion
   21:07:17	robe2: we are up to steps needed for GitLab
   21:07:18	sigabrt:	Title: SAC Meeting 2017-11-09 - OSGeo (at
   21:07:27	strk:	guess he told everything last time ? he gave size required for new machine, the rest is on SAC to decide on ?
   21:07:49	strk:	like: do we buy a new machine like we did for ?
   21:07:58	robe2:	MartinSpott -- yah it will happen when Jeffrey Lasut switches the config
   21:08:20	robe2:	I wouldn't wait that long for that.
   21:08:46	robe2:	wordpress always does that since they have it coded for at moment so it will try to redirect
   21:08:52	robe2:	that actually proves it works
   21:09:28	bj0rn[m]:	robe2: ok, got nothing new there. I'm going to try to fix the existing servcer because we now know it's a cert issue - so will try to create a new one with letsencrypt. Other than that, I'm kind of just waiting for response on new server as strk says above ^
   21:11:11	robe2:	oh yeh my favorite topic now server load
   21:11:47	robe2:	is this our best state of things -
   21:11:48	sigabrt:	Title: Infrastructure Transition Plan 2010 - OSGeo (at
   21:11:53	robe2:	we just have 2 servers?
   21:12:07	MartinSpott:	4
   21:12:14	MartinSpott:	2 VM hosts
   21:12:28	MartinSpott:	plus Osgeo6 and Backup
   21:13:36	robe2:	so osgeo3 and 4 are VM hosts. What does Osgeo6 do?
   21:13:55	MartinSpott:	a lot
   21:14:04	robe2:	Should we create a 2017 transition plan or we already have one somewhere?
   21:14:37	MartinSpott:	I think the stuff is listed on the Osgeo6 page
   21:15:47	robe2:	this listing looks a bit outdated is it maintained -
   21:15:48	sigabrt:	Title: SAC DNS Registry - OSGeo (at
   21:16:49	MartinSpott:	Mmmm, I've probably never seen this page
   21:16:53	MartinSpott:	quite outdated
   21:17:27	robe2:	ah I see so osgeo6 runs all the mailing lists and a bunch of websites, but it's not a vm hoster right? everything is installed in single server instance
   21:17:39	MartinSpott:	yes, on bare metal
   21:18:07	robe2:	I'm tempted to just remove that SAC DNS Registry page
   21:18:22	MartinSpott:	+1
   21:20:16	MartinSpott:	I assume not a single one of these entries is valid any more
   21:20:55	robe2:	MartinSpott do we have an instruction page for where to edit the DNS that would be more useful. Not seeing it in Procedures
   21:20:56	MartinSpott:	My memory is referring these addresses to historic infrastructure
   21:21:06	wildintellect:	yes
   21:21:27	robe2:	would be nice if we just replaced that page with where to check and add dns entries rather than listing the data.. Then move link to procedures
   21:21:33	jef:	"(note this list is far out of date now)" - what's the point
   21:22:29	wildintellect:	as for the transition plan, this is the undone precursor to 2017 most of the same questions exist
   21:22:30	sigabrt:	Title: Infrastructure Transition Plan 2014 - OSGeo (at
   21:22:51	jef:	decision in the last QGIS psc meeting also host the website where it's build (ie. qgis' machine at hetzner) - no time frame yet.
   21:24:00	MartinSpott:	jef: I'd rather not duplicate DNS data anywhere else, I think it's just causing confusion
   21:24:23	MartinSpott:	therefore I'm in favour of having it removed
   21:24:26	robe2:	are we still using pair for DNS hosting.
   21:24:46	MartinSpott:	yes, we do
   21:24:56	robe2:	I agree with MartinSpott let's not bother writing DNS data there, but I think this page should have basic instructions of where we host our DNS
   21:25:12	robe2:	and where to get the security stuff to log in and edit it
   21:26:08	MartinSpott:	Do you really suggest explaining to the world where OSGeo is storing their secrets for editing DNS ?
   21:26:27	wildintellect:	right the security stuff is word of mouth on purpose
   21:26:57	wildintellect:	it's also sudo only on purpose
   21:28:09	robe2:	MartinSpott yes I do :) you can just say on secure server
   21:28:29	MartinSpott:	the meeting has started approx one and a half hours ago, bed time is approaching
   21:28:57	robe2:	anyway I wiped out all the obsolete entries -- at the very least we should verify those are still DNS administrators etc.
   21:29:28	robe2:	okay I agree we should end soon -- so sounds like we need a new server
   21:30:35	wildintellect:	which was in the budget this year
   21:31:10	wildintellect:	we need to cover budget since the board wants a response before our next meeting
   21:31:27	robe2:	okay want to go over budget quickly
   21:31:51	wildintellect:	I checked we have enough for the next 5000 EUR contract, for this year
   21:31:53	robe2:	is the plan to get new hardware to host on osuosl, get additional cloud hosting or a bit of both
   21:32:09	wildintellect:	I think we should plan for either scenario
   21:32:45	wildintellect:	I'm going to suggest we request $20,000 for 2018, to cover 2 contracts, hardware, and cloud hosting as needed
   21:34:00	robe2:	wildintellect sounds good. So how much you think would new debian 9 cost us hardware wise?
   21:34:01	MartinSpott:	Note that in order to retire Osgeo4 we need to migrate more than just a few websites off of the Projects VM
   21:34:15	robe2:	this one I imagine would also be used to host vms?
   21:34:41	wildintellect:	or containers, depending on how we decide we want to deal with it
   21:34:59	wildintellect:	yes osgeo4 has Projects, Adhoc and QGIS
   21:35:01	robe2:	yah we could also move some to cloud hosters.
   21:35:09	robe2:	could ask projects which they prefer
   21:35:32	robe2:	Sounds like QGIS just wants to host everything on the heffy thing
   21:36:12	wildintellect:	robe2, as for specific hardware costs, that depends on what we want, we tend to spend about $5000 on a new server at a time, there are cheaper options
   21:36:32	robe2:	$5000 sounds about right to me.
   21:36:36	wildintellect:	sure but QGIS is paying it's own bill on hetzner
   21:36:54	robe2:	I wouldn't want to go any cheaper
   21:37:22	wildintellect:	well cheaper tends to mean less ram or disks
   21:37:36	wildintellect:	you'd be surprised what you can get
   21:37:48	MartinSpott:	the choice and sizing for Osgeo6 was pretty good, I'd say
   21:38:05	robe2:	I expect a 1TB SSD, 64GB ram with $5000, 8 cores
   21:38:17	robe2:	at least that anyway
   21:38:25	wildintellect:	I'll draft a budget based on my idea and circulate for 1 week for edits/ideas, then we can vote
   21:38:30	wildintellect:	how does that sound
   21:38:36	MartinSpott:	perfectly
   21:38:43	robe2:	wildintellect sounds good to me
   21:38:56	wildintellect:	I'll also re-open the vote on the contract
   21:38:58	cvvergara:	perfect
   21:39:05	wildintellect:	now that I know we have the budget
   21:39:08	MartinSpott:	so I may now fall asleep ? ;-)
   21:39:12	robe2:	wildintellect I already voted as soon as you said "We have money"
   21:39:17	strk:	sorry, just came back
   21:39:27	MartinSpott:	strk: vote ! ;-))
   21:39:30	strk:	any vote needed from me ? If so please restate the question(mailing lists are better thoug)
   21:39:33	strk:	+1 !
   21:39:35	strk:	MartinSpott: :)
   21:39:38	strk:	got your contract yet ?
   21:39:42	robe2:	strk I already restated :)
   21:39:44	robe2:	and mailed
   21:39:55	strk:	that's the biggest interest from me at the moment
   21:40:00	wildintellect:	looks like that motion is passing with no objections
   21:40:01	robe2:	top posting to wildintellect's email just like you like it :)
   21:40:04	strk:	I want Martin on the payroll!
   21:40:20	strk:	MOTION: blacklist any top-poster
   21:41:00	MartinSpott:	note, there's not the slightest personal benefit in contracting with my employer
   21:41:01	robe2:	okay we should probably end now. It's almost my bed time too
   21:41:32	MartinSpott:	but I'd appreciate spending more time with OSGeo/SAC
   21:41:59	robe2:	MartinSpott yes we'd like you to have are a reason to spend time with us
   21:42:04	strk:	MartinSpott: are we guaranteed it's going to be you on the systems and not somebody else from the company yes ?
   21:42:07	wildintellect:	MartinSpott, can you update with what logs your removed or other actions on wiki
   21:42:09	robe2:	you have put up with a lot from us :)
   21:42:12	sigabrt:	Title: #2025 (Wiki VM low on disk space) – OSGeo (at
   21:42:13	markusN:	+1
   21:42:25	MartinSpott:	BTW:
   21:42:26	sigabrt:	Title: Startseite - magellan netzwerke GmbH (at
   21:42:43	MartinSpott:	SAC is guaranteed it'll be just me working on the systems
   21:43:04	MartinSpott:	I'm not going to promote OSGeo access credentials in the company
   21:43:21	MartinSpott:	we're working on an English presentation ;-)
   21:43:58	robe2:	we done?
   21:44:25	MartinSpott:	wildintellect: just MediaWiki debug logs
   21:44:42	strk:	I'll wait to read a report about the meeting, hoping someone will write it :)
   21:44:45		* strk looks at robe2
   21:44:46	wildintellect:	ah debug logs, so not anything we really need to keep
   21:44:58	robe2:	strk I've been writing it duh
   21:45:01	wildintellect:	yes meeting is done for today
   21:45:17	robe2:	okay great. ttyl
   21:45:27	cvvergara:	out of topic: OSGeoLive wiki is on the OSGeo Wiki, is it possibe to separate and make it have its own wiki?
   21:45:43	cvvergara:	(similar problem as the trac)
   21:46:24	strk:	cvvergara: did you vote on that ? the motion was to have your own Trac env
   21:46:26	MartinSpott:	cvvergara: what does it mean: "is on the OSGeo Wiki" ?
   21:46:33	strk:	SAC was waiting for the outcome of that vote
   21:46:51	strk:	not sure if there was a ticket filed already or not, if you decided to go there, ticket would be next step
   21:46:52	cvvergara:	yes, for example:
   21:47:11	cvvergara:
   21:47:12	sigabrt:	Title: Live GIS Disc - OSGeo (at
   21:47:35	cvvergara:	its a huge file because the project does not have a wiki of its won, its on the OSGeo Wiki