00:27.36 | shalkie | herlo ping |
00:30.57 | shalkie | hotsdpot to study python and/or openshift. SMS if interested. |
00:31.30 | shalkie | argh. going to public hotspot. |
00:31.53 | shalkie | puts the phone done and walks away... |
00:57.11 | herlo | shalkie: too tired |
00:58.09 | shalkie | no worries. i will just enjoy the caffiene by my self. :-p |
00:59.20 | herlo | shalkie: caffeine is good all by itself :) |
01:00.02 | herlo | shalkie: just spent a day (Saturday) boating with my brother at Yuba and another day (today) at Heber Valley RR with Thomas the tanke engine for AJ |
01:00.30 | herlo | got back about 3pm, still have to mow the lawn and a bunch of other yard work, too... |
01:42.31 | shalkie | Yeah, you have had a busy busy weekend already. :-) |
02:27.36 | herlo | shalkie: indeed. I'm going to be testing goosepkg a bit more tomorrow. Then I'll probably email an announcement about it tomorrow afternoon. |
02:37.59 | *** join/#gooseproject bochecha_ (~bochecha@175.45.17.220) |
02:38.00 | *** join/#gooseproject bochecha_ (~bochecha@fedora/bochecha) |
15:23.19 | herlo | GoOSe morning |
16:02.47 | herlo | goozbach: ping |
17:37.36 | goozbach | pong. i am just finishing lunch will be online in a bit |
18:38.51 | goozbach | herlo: ping |
19:44.37 | herlo | goozbach: pong, I thought you said 12pm EDT |
19:46.05 | goozbach | I did, apparetnly my wife had scheduled me to grill at noon |
19:46.07 | goozbach | :/ |
19:46.10 | goozbach | I'm working now |
19:46.19 | goozbach | but I can't seem to gain root access on pilgrim |
19:46.27 | goozbach | which is where I should be doing the mash, correct? |
19:47.00 | goozbach | if you can't help now I understand. I'm trying to get as much done as I can |
19:48.13 | herlo | no worries |
19:48.20 | herlo | I'll be there in a bit, potty training |
19:52.53 | goozbach | k, when you get back try and put my ssh key from roman into root for pilgram and roman |
19:55.35 | herlo | you don't need root for those |
19:55.56 | herlo | you ssh as yourself... |
19:55.59 | herlo | goozbach: ^^ |
19:56.15 | goozbach | I'd like to install make on pilgrim |
19:56.19 | herlo | sudo |
19:56.40 | herlo | you should have rights... what are you using make for, just out of curiosity... |
19:57.23 | goozbach | my dotfiles :) |
19:57.44 | herlo | ahh, okay. You aren't in wheel, I'll put you in there. |
19:57.55 | goozbach | I don't have a pw and I can't sudo |
19:57.59 | goozbach | that's the issue! |
19:58.04 | herlo | try again |
19:58.07 | herlo | log out and back in |
19:58.31 | herlo | wants to get freeipa in place for us. Would be so much easier. |
19:59.18 | goozbach | I'm in! |
19:59.23 | goozbach | +1 to freeipa |
19:59.29 | goozbach | we have a server to put it on? |
19:59.34 | goozbach | I've been wanting to play with that |
20:02.45 | herlo | no |
20:02.57 | herlo | but I can get us one at prgmr, probably. Right nb? :) |
20:03.41 | herlo | goozbach: if you don't have rights on a certain box, let me know. |
20:04.38 | goozbach | will do, we keeping user accounts in our salt? |
20:04.48 | goozbach | might make things more consistent? |
20:06.19 | herlo | not yet, but ipa will take care of that |
20:06.24 | herlo | nb: ping! |
20:07.37 | herlo | goozbach: the trick is handling dns in one place. Since we're doing most everything server related with gooselinux.org that won't be too hard. I'm only debating the security of the proces... |
20:07.56 | goozbach | freeipa should be able to do splitdns no? |
20:08.22 | goozbach | if not, just use iPA for internal dns and keep maintaining external dns on admin. |
20:11.32 | herlo | goozbach: I'm not debating that actually. We don't have to have gooseproject.org on there and it does support zone transfers to a standard dns (aka bind) server. |
20:11.54 | herlo | but that's not really a concernt since gooselinux.org is where everything would reside for our infrastructure. |
20:12.07 | goozbach | true |
20:12.16 | goozbach | then what's the concern? |
20:12.18 | herlo | I just need to move it from tosdomains.net to freeipa. I'm more concerned about the security of freeipa access and krb |
20:12.34 | herlo | I need to better understand it if we just do that sort of stuff in the open... |
20:12.50 | goozbach | ahh |
20:22.23 | herlo | I might want to limit where we do that. Machines will auth themselves, users, sudo, etc via krb |
20:28.43 | herlo | goozbach: how can I help you now? |
20:28.57 | goozbach | got the first mash running in a tempdir |
20:29.14 | herlo | goozbach: there's a script for mashing already |
20:29.21 | herlo | and we need to sign them first |
20:29.27 | goozbach | ahh |
20:29.34 | herlo | goozbach: the order is posted here |
20:29.35 | herlo | https://github.com/gooseproject/main/wiki/How-to-Cook-A-GoOSe |
20:29.36 | goozbach | I'm out of order |
20:29.44 | herlo | yep, it won't hurt anything |
20:29.49 | herlo | just won't have signed packages yet |
20:30.36 | herlo | besides. http://koji.gooselinux.org/pub/updates/6.0/ |
20:31.02 | herlo | goozbach: those are already mashed, we did this last week. Thus my desire to start making things show up via email or something. :) |
20:31.32 | herlo | is starting to think of something like a task chart for each release would be good with statuses of each. |
20:32.52 | herlo | email at the end of a mash run, email at the end of a signing run, email at the end of a build, etc. Email when we finish a compose, etc. |
20:33.03 | herlo | probably be good to store this in a db of some sort too |
20:33.10 | herlo | goozbach: want help signing? |
20:34.32 | goozbach | let's use something like trello.com |
20:34.39 | herlo | I considered that |
20:34.43 | goozbach | yeah, can you point me in the right direction |
20:34.48 | herlo | but I want the status to be automatic when something finishes |
20:35.07 | goozbach | https://github.com/gooseproject/main/wiki/Sigul tells me what to run |
20:35.15 | goozbach | where do I run it though? |
20:35.34 | herlo | yeah, we need to update that on the wiki |
20:35.41 | herlo | you run it as kojiadmin user on roman |
20:37.09 | goozbach | and I should be signing 6.1? or 6.0-updates? |
20:37.17 | herlo | 6.0-updates |
20:37.23 | herlo | but it just uses the 6.0-gold key |
20:37.39 | herlo | goozbach: we also need a place to store our passphrases securely |
20:37.46 | herlo | lastpass could work, I suppose. |
20:38.45 | herlo | goozbach: you want to open a screen session as root on roman? |
20:39.56 | goozbach | done |
20:43.47 | herlo | <PROTECTED> |
20:44.49 | herlo | goozbach: check you prm |
20:44.51 | herlo | er pm |
20:50.51 | herlo | goozbach: anything I can help with? |
20:52.57 | goozbach | signing now I suppose |
20:53.12 | goozbach | INFO: Calling koji to write 0 rpms |
20:53.21 | goozbach | that mean it succeeded? |
20:54.11 | herlo | I saw the same thing. We can check by visiting the repo |
20:54.55 | herlo | goozbach: look here: http://kojiweb.gooselinux.org/mnt/koji/ |
20:55.18 | herlo | you can go to one of the packages that was built as 6.0-updates tag and see if it has a signed file |
20:55.51 | herlo | oh, goozbach I tihnk I know why |
20:56.13 | herlo | the target is gl6.0-updates, but the tag the target points to is gl6.0-updates-candidate |
20:56.30 | herlo | which makes sense why the darn thing was so huge |
20:58.02 | goozbach | so I should change to gl6.0-updates-candidate |
20:58.12 | goozbach | ? |
20:58.13 | herlo | yep, that should do it. |
20:58.14 | goozbach | or re-tag |
20:58.28 | herlo | no, check the gl6.0-updates-candidate tag on koji.gooselinux.org |
20:59.54 | herlo | goozbach: you can check any package to see if it has the gl6.0-updates-candidate tag. like nss: http://kojiweb.gooselinux.org/koji/buildinfo?buildID=2695 |
21:02.30 | goozbach | that looks better |
21:02.39 | herlo | yeah, it sure does |
21:04.27 | goozbach | kk, I'll let that run, and then mash it |
21:04.31 | goozbach | thanks for the help |
21:04.44 | herlo | yeah, no problem. Can you document this process on the sigul page? |
21:04.58 | goozbach | yup |
21:05.07 | herlo | thanks! |
21:07.06 | herlo | goozbach: with gl6.0-updates-candidate, we don't want to mash in the parent packages from gl6.0. So the /etc/mash/updates.mash file indicates inherit = False, where /etc/updates/gold.mash indicates inherit = True |
21:07.14 | herlo | this is when the signing is done. |
21:07.54 | goozbach | https://github.com/gooseproject/main/wiki/Sigul |
21:08.45 | goozbach | alrighty got something runnint now |
21:08.50 | goozbach | gonna go hang with the family |
21:08.55 | goozbach | I'll email the list when it's done |
21:09.04 | herlo | goozbach: hmm, could we ad something there? |
21:09.06 | goozbach | maybe even write up a script which will email the last |
21:09.11 | herlo | add |
21:09.18 | herlo | goozbach: well, we could add it to the python script |
21:10.07 | herlo | but for the docs, could you instead indicate the tag is specific |
21:10.25 | herlo | something like, if we're doing version 6.1, the tag might be gl6.1 |
21:10.41 | herlo | we'll also need to explain how sigul is set up at some point. |
21:14.32 | goozbach | yeah |
21:14.38 | goozbach | modified slightly with those updates |
21:17.49 | goozbach | INFO: Signing batch 172/1292 with 1 rpms |
21:26.02 | herlo | thanks |
22:30.53 | nb | herlo, you have a server for goose at prgmr |
22:52.06 | herlo | nb: true, I was thinking that was for building. I was hoping to transfer more stuff there. |
22:52.18 | nb | herlo, hey, come in #prgmrclubhouse |
22:52.27 | nb | herlo, and talk to prgmrcom real quick |
22:52.31 | nb | if he says ok, i can set up another one |
22:52.42 | herlo | we can put them up as a sponsor |
22:53.52 | nb | BTW, that's a basically prgmr-staff-only channel |
22:53.57 | nb | so no one else go there please |
22:54.02 | herlo | lol |
22:54.12 | herlo | spams invites to all his friends... |
22:54.43 | nb | we need to register it so we can set up acls and stuff |
22:54.58 | herlo | yeah, you totally should. |
23:40.16 | nb | herlo, so how many, and what kind of specs vps's woudl you want |
23:53.13 | goozbach | signing complete |
23:53.17 | goozbach | now to mash! |
23:53.34 | goozbach | FWIU it should be updates |