Date: prev next · Thread: first prev next last
2018 Archives by date, by thread · List index


 1. guilhem
 2. Brett
 3. cloph


 * FYI: No more hosts running Debian 7 (Wheezy), LTS of which ended on May 31th
 * [rdm#2463] Gerrit staging instance
   + Up and running on
   + AI cloph: Still need to test the maintenance scripts (account merging, etc.)
   + AI guilhem: Upgrade the prod instance during the next weeks (before RC1),
     ideally before the end of the month (failing that before the second week
     of July)?
   + Defer OS upgrade (Debian 8 → 9) to later
 * [rdm#1836] Bitergia dashboard <>
   needs upgrade and refactoring (move out of docker containers)
   + Old vm (vm167) not using our current baseline, we can deploy on another
     VM and switch DNS records in due time
   + AI guilhem: Deploy new VM and hand over to Brett
 * [rdm#2141] Replace reCAPTCHA with self-hosted version?  At least on our own
   SSO portals?
   + The captcha solution we are using currently is quite weak
   + cloph: want (wishes for, but doesn't know anything) something as
     effective as reCAPTCHA, not aware of a solution that's as good
   + TODO: list and evaluate list of self-hosted solutions?
   + cloph: accessibility is another issue (shouldn't be visual only)
 * Saltstack 
   + Brett's 'papercut' branch
     /etc/cron.d is present here, but maybe a dependency on 'cron' is missing?
       $ dpkg -S /etc/cron.d
       sysstat, cron: /etc/cron.d
     Brett: removed that commit and added 'cron' to core's installed pkgs.
     Brett: There's still a MR open 
( ^^
 * Monitoring
   + deployed new exporters for wmi and snmp (jenkins slaves, mikrotik)
     - cut down on what metrics are collected? → not necessary atm, when
       server runs out of space we can purge the uninteresting data
   + update wrt alert system? not yet, Brett wants to jump on that
   + update wrt status page? not yet, AI guilhem
 * whitebox monitoring from graylog; todo later
 * TDF wiki
   + Force WebSSO authentication (SAML 2.0)
     - Users with an active WebSSO session might need to log out
       <> and in again to refresh
     - This is still the *transition phase*: having an LDAP account is
       necessary but (currently) not sufficient to authenticate on the wiki. 
       Best way to get access at the moment is to poke admins.
     - Only 260 LDAP accounts were granted auth right on the wiki at the time
       of the migration (now 271).  40 (now 36) of the 140 recent wiki editors
       (last 90 days) aren't known to LDAP yet, hence are barred from access
     - Of these 271 LDAP accounts, 83 have a wiki username that doesn't match
       the LDAP username.  Ultimately we want to unify them (ie rename them)
       but it's not done yet, to make it easier to revert to legacy auth if
       people complain too loudly.
   + Question: Case sensitivity seem to be a problem too, can Mediawiki be
     made case insensitive
   + Next steps (once the dust has settled):
     - poke the 83 account mismatches and rename them (is there a better
     - automatically grant auth access to any LDAP user, but ensure that only
       the wiki account owner can create an LDAP account with the wiki
   + MediaWiki 1.31 LTS was released on June 13, we should upgrade ASAP
     (possibly via 1.30) since the 1.29.x series which we are currently using
     will be EOL by the end of June.
   + PHP 7.0 is required (for 1.31), so need first we need to upgrade the host
     from Debian 8 (Jessie) to Debian 9 (Stretch)
   + guilhem to upgrade to 1.30 first
 * SSO adoption stats:
   + 997 accounts in total, 289 since the last call, 262 since wiki auth
     change (mostly spam-looking…)
   + 30/193 (15%) TDF members not in LDAP
   + 36/140 (25%) recent wiki contributors not in LDAP
 * hypervisor reboots ETA?
   + AI guilhem: upgrade charly to Debian 9, then wait for things to settle
   + excelsior, dauntless, falco within the first 3 weeks of July
 * Next call: Tuesday July 17 2018 at 18:30 Berlin time (16:30 UTC)


To unsubscribe e-mail to:
Posting guidelines + more:
List archive:
Privacy Policy:


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.