[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libreoffice-website] Minutes from the Tue Jun 19 infra call


Participants
============

1. guilhem
2. Brett
3. cloph

Agenda
======

* FYI: No more hosts running Debian 7 (Wheezy), LTS of which ended on May 31th
* [rdm#2463] Gerrit staging instance
+ Up and running on https://vm178.documentfoundation.org
+ AI cloph: Still need to test the maintenance scripts (account merging, etc.)
+ AI guilhem: Upgrade the prod instance during the next weeks (before RC1),
ideally before the end of the month (failing that before the second week
of July)?
+ Defer OS upgrade (Debian 8 → 9) to later
* [rdm#1836] Bitergia dashboard <https://dashboard.documentfoundation.org>
needs upgrade and refactoring (move out of docker containers)
+ https://github.com/grimoirelab/use_cases/tree/master/documentfoundation
+ Old vm (vm167) not using our current baseline, we can deploy on another
VM and switch DNS records in due time
+ AI guilhem: Deploy new VM and hand over to Brett
* [rdm#2141] Replace reCAPTCHA with self-hosted version?  At least on our own
SSO portals?
+ The captcha solution we are using currently is quite weak
+ cloph: want (wishes for, but doesn't know anything) something as
effective as reCAPTCHA, not aware of a solution that's as good
+ TODO: list and evaluate list of self-hosted solutions?
+ cloph: accessibility is another issue (shouldn't be visual only)
* Saltstack 
+ Brett's 'papercut' branch
/etc/cron.d is present here, but maybe a dependency on 'cron' is missing?
$ dpkg -S /etc/cron.d
sysstat, cron: /etc/cron.d
Brett: removed that commit and added 'cron' to core's installed pkgs.
Brett: There's still a MR open (https://infratools.documentfoundation.org/infra/salt/merge_requests/11) ^^
* Monitoring
+ deployed new exporters for wmi and snmp (jenkins slaves, mikrotik)
- cut down on what metrics are collected? → not necessary atm, when
server runs out of space we can purge the uninteresting data
+ update wrt alert system? not yet, Brett wants to jump on that
+ update wrt status page? not yet, AI guilhem
* whitebox monitoring from graylog; todo later
* TDF wiki
  + Force WebSSO authentication (SAML 2.0)
- Users with an active WebSSO session might need to log out
<https://auth.documentfoundation.org/?logout=1> and in again to refresh
ACLs
- This is still the *transition phase*: having an LDAP account is
necessary but (currently) not sufficient to authenticate on the wiki. 
Best way to get access at the moment is to poke admins.
- Only 260 LDAP accounts were granted auth right on the wiki at the time
of the migration (now 271).  40 (now 36) of the 140 recent wiki editors
(last 90 days) aren't known to LDAP yet, hence are barred from access
- Of these 271 LDAP accounts, 83 have a wiki username that doesn't match
the LDAP username.  Ultimately we want to unify them (ie rename them)
but it's not done yet, to make it easier to revert to legacy auth if
people complain too loudly.
+ Question: Case sensitivity seem to be a problem too, can Mediawiki be
made case insensitive
+ Next steps (once the dust has settled):
- poke the 83 account mismatches and rename them (is there a better
solution?)
- automatically grant auth access to any LDAP user, but ensure that only
the wiki account owner can create an LDAP account with the wiki
username
+ MediaWiki 1.31 LTS was released on June 13, we should upgrade ASAP
(possibly via 1.30) since the 1.29.x series which we are currently using
will be EOL by the end of June.
+ PHP 7.0 is required (for 1.31), so need first we need to upgrade the host
from Debian 8 (Jessie) to Debian 9 (Stretch)
+ guilhem to upgrade to 1.30 first
* SSO adoption stats:
+ 997 accounts in total, 289 since the last call, 262 since wiki auth
change (mostly spam-looking…)
+ 30/193 (15%) TDF members not in LDAP
+ 36/140 (25%) recent wiki contributors not in LDAP
* hypervisor reboots ETA?
+ AI guilhem: upgrade charly to Debian 9, then wait for things to settle
+ excelsior, dauntless, falco within the first 3 weeks of July
* Next call: Tuesday July 17 2018 at 18:30 Berlin time (16:30 UTC)

--
Guilhem.

--
To unsubscribe e-mail to: website+unsubscribe@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.