* Du sprichst jetzt in #sysadmin * Das Thema für #sysadmin ist: the topic was lost * Das Thema für #sysadmin wurde gesetzt durch bkor um Thu Jun 4 21:05:35 2009 howdy hey hi all meeting in 10 minutes? yessir vvvery good. * sri will sysadmin at work till then :D * sri is playing around with hadoop * behdad (~behdad@ip-209-167-232-100-yyz.redhat.com) hat #sysadmin betreten sri: ooh shiny shiny im making tea and updating the wiki so it looks like i have a plan for this meeting ok 19.00 BST, 18.00 UTC. is everybody here? alexos is missing.. * mneptok is present ... at least physically excellent here yep SEJeff: ready? leonko, csenger, are you guys here for the meeting :)? csenger, yep, for the part about plone deployment Jc2k, no, for watching) Jc2k, sorry, tired ^^^ pcutler: you doing minutes? i am cool. well i guess i'll make a slow start... Jc2k, In all honestly I can watch, but can not start Our entire team stopped working on all projects to build a new cluster. They moved the deadline up 3 weeks pcutler, I can rebuild the docbook package tonight sometimes SEJeff: no worries. so for people watching or reading the minutes, the elders decided to form a new sysadmin team and that Codethink would provide me as an interim coordinator to put people in place and start formalising the team the initial team is (in no particular order) pcutler, SEJeff, sri and penguim. Jc2k, You're not going to "officially" be a member? ah. good point. pcutler, SEJeff, sri, penguim and me. mneptok and owen are also members of the team time permitting. i'm happy to help when time permits. that hasn't been much over the past year, sadly. but i can do some accounts work here and there, and provide guidance if/when necessary. this is the first of our monthly (hopefully) team meetings is first friday of the month a good day for people? is for me, other than next month with guadec travel yeah, that should be fine. maybe i didn't pay attention but why these people are in the team (apart you owen and mnepotek)? did you choose them or? i mean sri pcutler SEJeff and penguim :) giskard: volunteers. giskard, A call for volunteers was put on p.g.o giskard: good question. people volunteered. we checked them out. they have vouchers (even better, vouchers in the foundation). they had experience and time. * mneptok hat das Thema geändert zu: home of the GNOME sysadmins. please use #opers for network issues. please just state the nature of the issue, and be patient ... uh cool :) /me whines i wrote some mails to sysadmin@ whitout any answer i had to blog about that :) when? last time?19 march I am a sysadmin (storage engineer) I've been working on some kind of unix system since 1990. giskard: may we assume you are now volunteering? giskard: i only recently got access to gnome-sysadmin mails, the requests i were aware of were on the gnome-infrastructure mailing list or to me personally and everyone got a mail giskard: sorry you were missed out of the initial round :( giskard: a few people filed RT tickets and had a similar fate - i've had RT access even less time Jc2k: no problem i was only wondering how these people has been choosen mneptok: i'm * muelli volunteers as well. While I certainly have experience adminstrating Linux machines, I don't have time the next month or so, especially due to GUADEC. But I'd happily take jobs afterwards, if there are any :) mneptok: i will continue do account in my spare time... :) giskard: pull up a chair and join the meeting, then. :) so what do people think about expanding the team right now? there are 7 of us if we count mneptok and owen. At work we have 3 admins for thousands of machines. Gnome has how many? :) I don't think going from 7 to 10 is that big of a deal, all things considered But we volunteer so sure * mneptok counts as .25 7 sounds good. More people smells like more overhead. SEJeff: system stuff is kind of easy, but hadnling git stuff not so much. I have no clue about that. SEJeff: well, it is number of services not number of machines really... sri, ha! Easy until you try HPC or financial stuff :) (one of the reasons why I joined.. dealing with a software shop will be good experience) owen, Yes, the services need a lot of love owen: :) SEJeff: HPC? high perf computing where nanosecond increases actually matter SEJeff: oh right.. that's the name of our group internally. :D * hanthana_ hat die Verbindung getrennt (Read error: 104 (Connection reset by peer)) ha Jc2k: I don't have any strong feelings about what the team size should be. My main feeling is that it should be trackable and not fuzzy around the edges -t here shouldn't be 20 people with root access, only 3 of which actually do stuff *nods* owen: agreed.. root should be very limited. owen: agreed owen: and we should set up sudo to do the common jobs if we need root access. most of the time, root is not required, but we can restrict access as root to certain commands. your 3 sysadmins should also be geologically distributed for coverage. Lets do intros to see where everyone is at sri: i hope you mean "geographically," otherwise, we all have to line in coal mines. yeah, sorry, I meant geographically haha :D *live (so i'd be open to allowing giskard and muelli join the team because they have most of the powers already) * sri will volunteer to work from a volcano. +1 for muelli He seems pretty intent on fixing the AccountTeam to be more responsive i live in sheffield, england. this morning it was sunny and i got a bit of a tan, and now its raining At least for foundation stuff nothing like a man wtih a mission there are no coal mines, any more cl0b i need to move along to Monty Program tasks soon (he signs the paycheck). but i would *strongly* encourage people not to work on tasks/services/platforms with which they are not 100% comfortable. this is why i have not done ANY LDAP work for GNOME. gah! connserver shortcut for a sysrq b is CTRL ecl0b uhm, i guess we have to list all the services hosted by gnome and then maybe point people on the are they want to help i'm sort of referring to Christian's e-mail from yesterday about putting RT comments on spam tickets. that's ajust a Bad Idea(tm), and is self-evident to anyone that is familiar with RT, if you need a RT tutorial, just ask. well, thats partly my fault. ive still got to add them to the gnome-sysadmin mailing list so they get the joyous RT spam do NOT comment or reply to spam tickets. just mark them deleted. and the easiest way is via the "Bulk Update" view from RT was probably my fault, I had been deleting them, and then fat fingered 2 of them as resolved instead anyway we went off at a tangent and at a tangent and at a tangent I need to run guys.. (I could only stay for 30 minutes) Jc2k can explain my XP. later sri ciao sri rather than going over every service right now i was going to talk about some short term targets and ask who felt comfortable with them sri: ciao so responding to RT tickets is mostly going to be simple stuff that specific to GNOME infrastructure we all need to get used to and probably not worth talking about id ask if anyone had problems but i think only pcutler and 1/2 of SEJeff are available... :) I'm good Just doing 3 things at once ok :) so some tasks * claude (~claude@222-198.104-92.cust.bluewin.ch) hat #sysadmin betreten there were some simple requests fredp made on the gnome-infrastructure list they are varied but bite sized I can rebuild a newer copy of the docbook-xsl for window Responding now cool. pcutler: do you want to look into what needs to happen for http://mail.gnome.org/archives/gnome-infrastructure/2009-May/msg00051.html ? sure owen is probably your friend, but i think it means finding friends on RH sysadmin team who are they ? Any changes to firewall rules should go to me And I'll file a ticket in RH IT darn, that was easy lol go pcutler owen: do you want me to forward you the email? So, does the sysadmin team want port 9070 open to the world? (having Red Hat IT open it to the world and firewalling in iptables on the systeam is another option if the buildbot security isn't sufficient) pcutler: I might as well do it now, if there's sufficient information to make the request have RH IT open it to the world and firewall it locally pcutler: Otherwise, send me a mail when you have things sorted out pcutler: i guess speak to fredp about how many more changes are expected will do owen: is there any other route if you were unavailable? pretty sure olav had a direct line Jc2k: In an emergency, if I'm not around, contact jrb, and failing that any other Red Hat desktop team member ok, good to know Jc2k: mgalgoci used to be somewhat involved, but is pretty much out of the loop now, and requests that go to him are much more likely to get lost than things that get filed into the Red Hat IT ticket system ah, also good to know :) right. damned lies. i forgot to put this on agenda. web app that can (wants to) poke git pcutler: OK, so you are going to check with fredp about a) number of more changes expected b) what level of security is provided by buildbot itself ? owen: yes and then I will email you owen: how do you feel about DL being able to push transltions straight into git? pcutler: (my take is that there's no point in having port filtering at the Red hat level, if it's there's already some sort of auth in buildbot, or if the damage is mimimal if evildoers get access to the port, but if we are really relying on it for the only security, then belt-and-suspenders is probably good) i think i'd be OK with it with a hook to make sure it is only translations that get pushed owen,pcutler: from what i remember its got username/password for each slave but its in the clear, no ssl or anything Jc2k: I'd agree. Without the hook, I'm not comfortable with it at all. With the hook, I'm sort of comfortable with it. is there a set number of IP address(es) that will be pushing into 9070? that would be great for a number of l10n coordinators mneptok: the plan is to grow the number of build slaves but its gonna be happening somewhat eratically. Jc2k: limiting connections by IP address or range in iptables would be nice mneptok: i agree Jc2k: if that's the case, sounds like filtering at our level is good enough for that, but anyways, we can let pcutler check with fredp for details yep will do Jc2k: if you can find someone else to write the hook, I can review it. Don't want to take the task myself though. owen: ok so sri wants to learn more about the git side of sysadmin - i'd like to have him have a stab at the git hook and then we'll review it sound ok? Jc2k: sure the hook should be similar to the existing one with po files (msgfmt check) Jc2k: Should mostly be picking and combining pieces of checks already there yes ok. next thing. test plone instance for the new www.gnome.org http://live.gnome.org/GnomeWeb/Plone/Deployment csenger: is here to talk about this we've already decided to deploy it on socket so we dont disrupt anything important * diegoe (~diego@190.232.188.245) hat #sysadmin betreten (Also needs a little thought to auth. Presumably it would be committing from a no-passphrase ssh key on progress.gnome.org. Is there a point in IP limiting the authorized key? Doesn't really help much if damned-lies is compromised) owen: (i think im happy with a no-passphrase ssh key, and no ip limiting) just in case csenger isn't here, he's on the CMS team, I'm on the Content team for the wgo revamp lucas put together our milestones here: http://live.gnome.org/TwoPointTwentyseven owen: it doesn't hurt either darn, wrong link I'm here i guess if debian still has broken ssh keys it helps :] claude: well, it would require create-auth modifications, so it hurts in that way http://live.gnome.org/GnomeWeb/TwoPointTwentyseven owen: yes, i'd like to say that it doesn't hurt to check ip owen, Can't we just ssh triggers? SEJeff: Not sure I understand. The request here is to be able to have a web interface for editing translations SEJeff: so damned-lies would no longer just be statistics, but would need to activtely push changes into modules so we dont really have any plone experts on board right now. i'd like to throw pcutler to csenger no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="git commit -a -m 'auto-checkin for translations' ssh-dss AAAA... You can limit certain keys to run certain commands. So when that key logs in, sshd will ignore what the user tries to do and only run what is in authorized_keys SEJeff: thats already the case SEJeff: Yes. Sure.That's how git.gnome.org is locked down. I'm open to that, but I'm also probably the least experienced sysadmin person, and will probably need some help SEJeff: the worry is that damn lies could inject bad code into our git modules if damned lies is hacked or make autogen.sh do bad things etc etx Right, so we quasi-mitigate that with a git hook At least that is the thought, right? yes Seems bad, surely there is a better way its an increasing effort for diminishing levels of protection. we could have damned lies e-mail gpg signed patches and git a-m them, but thats not really any better. What will d-l be committing, translations? yep i think people with ordinary git access pose more threat than damend-lies with the translations-only pre- hook. Jc2k: +1 Could we setup someting clever with git-tag and signed commits? But in the end, you're right Jc2k i think the hook is the most stable and clean option we have right now. Right i thought we reached an agreement here, but if someone has better ideas, i'm always open, feel free to discuss on ML * owen hat die Verbindung getrennt (Leaving) the more dancing and hand waving we do, the more attack vectors we introduce. so. sri can implement a hook and i'll review it and then owen has final say * owen (~otaylor@lan-nat-pool-bos.redhat.com) hat #sysadmin betreten * root gibt Op-Status an owen so, consensus and back to csenger, pcutler and plone. so as pcutler said, he's the least experienced but as this is on socket and a test instance i think its a great chance for him to own something Zope is a beast unto itsself with help in here from all of us. sounds good, we have some of it documented, and listening to csenger and jens they have some experience with this as well Jc2k, pcutler, deploying a plone installation is quite simple as it's automated (zc.buildout). my old company knows a thing or 2 about plone if we get stuck, too Even Zope is pulled in and compiled csenger, Is it possible to have it pull down exact versions of zope and deps? To keep from the problems like with gem maddness The only (odd) dependency is python 2.4.4+ csenger: i think that upset the security guy at my old firm because he likes things packaged and wants nagios alerts for security updates pcutler/csenger: Make sure you think about backup, that was an issue with Zope 10 years ago when we used it for news.gnome.org will do owen, I've got a tool from zenoss for that SEJeff, dependencies are pinned with versions and seperated from the system's python environment Backup (for the Red Hat machines) is done by rsync'ing to a machine that is then tape backed up, so tbasically there needs to be some file(s) somehwere in a consistent state that can be rsync'ed, and we can exclude other files from the rsync as necessary csenger, perfect owen, we can work out an backup mechanism depending on gnome's backup system Jc2k: afaik you spoke about adding features to what is atm in production, but what about other stuff? (socket is different, don't know the backup details there, if the socket location isn't temporary, someone will have to track down a canonical sysadmin about the details) Are you comfortable with an installation that isn't managed by the distributions package management? giskard: i dont understand your question csenger, I would prefer not but it doesn't look like thats possible with zope Jc2k: plone git zope git hooks, but what about bugzilla mysql ldap mailman (-> searchable public archives...( ) SEJeff, there are no usable distribution managed packages. I know some guys that build rpm's, but use buildout directly myself zope upstream does not play well with others. It isn't an option for zope really So we'll deal with getting the right deps and whatnot for it giskard: im concentrating on short term goals or we'll be here forever. existing services arent going anywhere and we've got more time but e.g. people want the plone test instance running in 2 weeks giskard: new things are also a good way to get our feet wet without crippling something like bugzilla * yippi hat die Verbindung getrennt (Leaving) The dependencies are handles. The intresting areas are running updates across maschines and monitoring security updates. Jc2k: ok i see your point. i was wondering who will start getting knowledge about what the old sysadmin team did in the past years. owen, Jc2k You'd mentioned something about ldap sucking or breaking often. That needs to be fixed. SEJeff: getting to that, and something i ear marked for you :] csenger, Can we cheat a little bit in the same way you'd "secure" an iis webserver by fronting it with apache + mod_proxy? i need to take a call for work, be back in 5, semi-here giskard: i want to try and have each sysadmin member with a project (a bit like a sprint) for each month. and they are where we'll slowly learn the systems inside and out giskard: so pcutler doing plone stuff, sri doing the damned lies/git stuff, jeff playing with ldap SEJeff, The setting for wgo will be something like httpd -> reverse caching proxy -> load balancer -> zope server csenger, great Jc2k, Sounds great. Maybe sri can teach me some git when he's a guru like owen and you can teach us some ldap.. :] No problem SEJeff: so the low hanging fruit is the create-auth-script which has edge cases that remove access, and then we also need to get to the bottom of what breaks ldap. but we can talk about that outside of the meeting. we need some statistical data to say somthing about the size of the installation. The public stats list the hit's to many gnome services. We need to have numbers for the parts that will be covered by plone (mostly w.g.o stuff) where can we get a log for only w.g.o? we'll arrange for that for you. im not sure there is anything public. there is http://www.gnome.org/stats/ ha, well there you go oh yeah, stormy had a request too for a new stats package pretty crappy compared to say google analytics, but gives you some idea http://mail.gnome.org/archives/gnome-infrastructure/2009-May/msg00044.html piwik her request was for what is basically a OSS version of google analytics yeah, that's it Jc2k, piwik is good but has had some scary security holes. SEJeff: thats why i havent committed to it just yet... owen, that combines many (all) public gnome site's including downloads, home directories etc. We need a subset of that csenger: well, it is broken out there as well So you can certainly get some idea of how many requests to the www.gnome.org frontpage etc. csenger: The sysadmin team can definitely get you raw log data as well, if you have some way you want to access it (or if you are in gnomeweb, you can get it yourself) ok. so pcutler and csenger can talk offline about this and feedback about what the plan is. i'll be available for questionable input I'll probably have a bunch of questions :) if piwik has security holes i guess we should tell stormy that its not an option right now unless its improved which will bring up the question of google analytics which I think is more of a debate about using FOSS or not Yeah but what will we do then, have a "gnome gmail"? we want better analytics around friends of gnome specifically Lets be pragmatic, not philosophical here We need stats and it fills a void. we want to understand hits and conversion, and drive some traffic to it Jc2k: count me for old stuff then new :) there was a request to host the current development test instance on wgo. How can we start with this? csenger: that's what I've been assigned atm it is hosted on my server pcutler, ah we're going to put the test instance on socket.gnome.org so you and I will be working together to get that done per lucas' timetable pcutler, ok giskard: do you want to work with penguim on getting to the bottom of the live.gnome.org/bugzilla slowness? Jc2k: i had some irc-onversation with bkor about bugzilla slowness all i know on the matter is that at some points that box is waaaay low on memory i can try to run some test metrics blablabla pcutler, SEJeff: on piwik. the guy who suggested it was willing to host it. if we really arent ready to host it ourselves because of security issues in its past, i think him hosting it would be an option. Jc2k, Absolutely Sounds good to me Jc2k, depending on this quarter, I'll likely be donating a new server to the foundation. To make a new db server but a more concrete answer on its security would make me happier. like does it have a constant stream of security problems? are there unpatched issues. So bugzilla and wiki aren't so slow Probably one of the newer DL 360s or 65s with nehalems SEJeff: cool. * sri is back. hey sri. * sri scrolls back to see what he missed. tons of fun and excitement So priority is plone plone plone huh? * claude is congratulating sri 2 week rush yes, lucas is quite the stern taskmaster Well it is understandable for the new website ok the only other short term priority is for us to bend over backwards to help muelli get the elections stuff going :] But plone needs a lot of ram, right? Jc2k, Yeah he doesn't seem to have access to approve foundation members in mango Would he need to be on the AccountsTeam to do that? I think so Jc2k: the only other thing on my to-do list at some point is to get gnomejournal fixed on blogs.gnome.org SEJeff: it will be on its own on socket pretty much, and heavily proxied - afaik not much dynamic content Ok good SEJeff: yeah i reckon he needs account team for that so has everyone got a task to think about (or badger me about) apart from day to day RT tasks? muelli, Check your mango Jc2k: so you are going to re-write who is doing what or? SEJeff, yes, the memory requirements are high, but depend a lot on the specific scenario that is not clear yet SEJeff: No password falls out of "mango" :-\ How does 1 reset a mango password? giskard: yes SEJeff: with great pain and misery. i'll document it after the meeting. Jc2k, good so in summary: SEJeff, ldap. (talk to me about the create-auth scripts and to owen or bkor about the problem that makes ldap fall over). giskard/penguim, bugzilla/lgo. pcutler: wgo. sri: damned lies. SEJeff: if you think piwik is insecure can you put together a few paragraphs that say as much for us to send to stormy. maybe suggest other options we could deploy? Jc2k: Maybe a topic for next months meeting is the sudo/password-propagation; people may have a better sense of the tradeoffs there once they've been working within the system for a bit owen: good idea owen, once we fix ldap, we'll upgrade to the latest sudo and do ldap-ized sudo I will save the log on lgo and publish meeting minutes there as well (minutes will be done by tomorrow) 2 last points before i let you guys go what access rights do we still need to sort out ah, I see.. damned lies/git hook eh? muelli needs access to approve foundation membership applications i have access to signal and torrent now so need to give owen access there SEJeff: that should work, we just need to reset his password :) I'll have to read up on git.. I'm a total newbie, Jc2k knows that I'm a bzr fan :D yep. It's not that important right now because all members eligible to vote are processed. and looks like there is something that was already done before for hooks. Jc2k, It is surprising that you can't do that through mango. We'll have to fix that. we have a coding style template or is it just GNU coding style? sri: bwahaha. ive some experience. i'll talk to you after hte meeting sri: hooks are in the gitadmin-bin module in git SEJeff: its certainly planned (django-mango branch) Jc2k: oh, okay. owen: thanks. SEJeff: the plan was to make password resets and such self service. Jc2k: eggselent. I can't do much until tuesday, no problems with that? * sri has a final exam on tuesday. so access. i have to pass on access to signal and torrent to everyone, and i think label. sri: run-git-or-special-command in the sysadmin-bin module might also be relevant, but I don't think so offhand. (It's the wrapper that controls what can be done via ssh) sri: sure, thats fine for me everyone has mango access afaik I need to test mango access. everyone has rt acces s owen: okay, tahnks. I'm going to probably spend a little time just documenting the setup, it'll help me get acquainted with the infrastructure. i havent added anyone to teh private gnome-sysadmin mailing list. owen described it briefly but i havent had time to think about it and press go. I don't have access to rt tickets other than elections and foundation. But that might be no problem, as I won't have time the next month anyway. Jc2k, if it is super high traffic can you not hit go just yet? SEJeff: its about 20-40 emails a day? im no even sure Ah thats not horrible muelli, giskard: if you want to join us i'll finish off your access. Jc2k: it would be cool. Jc2k: in fact now i'm totally lost about people/who are they working on. i mean who is willing to help accounts@ moderator@ SEJeff: it is if you're already reading that much at work :D because account is around 20mail week afaik, but moderator is a pain. multiply that by about 2 or 5 first :) yeah, if there is a problem. Jc2k: RT accounts queue sent me 21 mail since the 2 of july; i have 165 mails for the moderator@ queue :) (some info about e-mail traffic) i think everyone is happy to do accounts@ stuff, and have already started to some extent. im not familiar with moderator@ though. but we dont want to get bogged down in stuff like that and not have time to fix the infrastructure presumably we can recruit from anywhere for moderating duties? its not a priviledged thing, is it? no, there is ashared password for the list handled by moderators@ password == for the mailman interface web* fatalerror: know it for sure ok im confused now, :) you need access to moderators@? is that what your asking? no i have my access i don't have the password here right now :) ok your trying to recruit helpers? :P ahahah true s/helpers/minions to do his bidding/ id love to help, but i had free time id put it into the sysadmin team first, conduit second, and then i might have time beer? * pcutler doesn't dare sign up for anything more beer third, good point :P (he likes whiskey) this is also true :P ok this meetings be going on too long. giskard, are you joining the sysadmins? what is your area of expertise? i think we've all got some stuff to be getting on with and can go through details offline. SEJeff: I ahve minions! although they won't help me in gnome sysadmin i wanted to talk about the big plan, but i think i'll move that to the mailing list (there isnt one yet) Jc2k: yes i'm asking to join the team, i can't say i'm an expert of blablabla i'm interested in helping in what i define the old services, like bugzilla mysql jabber blablabla i work with them and i can share my knowledge hey sri - go into rt3 and take the ticket I just sent in, and test your mango access by giving me a gnome.org email alias =) giskard: excellent excellent ok any other business? ok meeting over, back to bed guys see you ~= 1 month :P thanks Jc2k I'll have the minutes up tomorrow, and will drop an email to the list when they're published pcutler: awesome yeah, please publish the action items and owners too. :) pcutler: I haven't seen the ticket yet. (at any of my two addresses) sri: you wont get an email i dont think, unless its a ticket you commented on already sri: its this one, though https://www.gnome.org/rt3/Ticket/Display.html?id=8822 Jc2k: oh, okay. thanks.. I need to book mark that. :] when i add you all to the gnome-sysadmin list you'll get RT spam too Jc2k: so how do I set up the mail alias? sri, log in to mango sri: in mango, find user and tick the 'has a cool @gnome.org alias' pcutler: doh.. right.. you said that earlier. click users, search for pcutler check if the mail is the same listed in the foundation-member list ;) hmm.. trouble authenticating.. I'm using 'sri' but it might be 'sri@gnome.org' no, only sri you have to wait until ldap is replicated afaik ok. well, sri should have access. sri, what password are you using.. this is the weird mango password, not the password you gave me an md5 of pcutler: in theory afaik we can't setup the "has a cool.." because the mail in mango is not the same yeah, I think that's where I'm stuck. Id on't know hte password. it's not the one you /msg sometime back is it? (the one for RT) you have to file a ticket i will send you an auth token and then i will change your mail address for a mango password? i like some much burocracy :) (not so much kidding btw) I just checked, it was only the RT password you gave me on /msg. sri: were you able to get your Mango pw by http://live.gnome.org/MangoFAQ ssh -l $USERNAME svn.gnome.org mango (you can only do that once) WARNING one time only WARNING let me read the faq before going forward. so looking through the faq, and doing a search on my mail, I don't think I ever got a "welcome mail" from mango. I have gotten mail from mango stating that my ssh key was uploaded but that's about it. anyways, I'm going to try that mango command. /usr/bin/mango: 3: cannot create /var/local/mango/sri: Permission denied hmm, you may need a new password rather than just a reset password. joy. see, I was a good test for you and Mango :) heh pcutler, sri: can you guys ssh into label? yes, and sudo works yep, sudo works for me as well. oh, cool! btw, in terms of master plans have you looked at the SysadminToDoList? oh, never mind.. I see this is pretty current, I thought it was old. oh, speaking of blogs.gnome.org wordpress is phasing out wp-mu starting next week, and going to build it into normal wordpress i'm not sure what that means for us long term as we use wp-mu for security updates and what not well, I would guess that it would take about 6 months to stabilize. what is the jabber server for out of curiosity? yeah, with wordpress you need to wait for .1 release, they like their security updates sri: in theory, it's for users to have @gnome.org jabber accounts to chat with. In practice, for many reasons, never got significant sri: openfire? crossfire? something thats written in java and uses 4% of memory on label traction dammit, misread bedtime :) night. pcutler: mango password resets are here http://www.mail-archive.com/gnome-infrastructure@gnome.org/msg00981.html owen: ah, I see. I vaguely remember that idea. sri: it was jdub's project thanks pcutler: run the command it gives on socket and you can find the ldap password in... is it worth pursuing? holy crap, what a pita /home/admin/secret/ldap. but that isnt on socket, you can see it on label tho. pcutler: the command reset-passwd only works if they have had mango access before. for sri, i think new-passwd is needed. 1 more cup of tea before bed if you want to try and sort sri out with some access i'm re-reading this, but I really need to get some work done over the next 90 minutes, so it might have to wait until later in the weekend yeah, I got a meeting in 20 minutes too. damn meetings. * diegoe hat die Verbindung getrennt (Floaty, crowny things!) pcutler: no worries. dont get distracted by links of that page. the ssh magic, the handle-ldap-modules and the stuff i said here should cover all your needs. $#(&$#'ing xchat-gnoem can someone send me a log of the meeting please? i've irc logs since 21:03 (utc + 2) giskard: if you can just send me a raw log to pcutler@foresightlinux.org I'd appreciate it mango looks like it requires some love.. but it has some strict design parameters. pcutler, can send it to you