Hi,
Earlier in the evening today Ralph, Fabian and I had a chat about the
present state of the language subsites. This email sort of summarises
the main issue ( s/w ).
We seem to have run into a slight technical hitch with punbb/fluxbb.
They dont support LDAP as a backend. And we had decided a few months
back that all new rollouts must have ldap backend so we can rollin
CentOS-DS / openldap based backend.
So we need to look at alternatives, and since the primary focus of these
international sites is going be forums : Here is a shortlist ( if there
is anything else that people are aware of, please add to this list )
- phpBB
- SMF
- Fudforum
- phorum
- fluxbb
Requirements:
- Must be able to scale ( couple of hundred thousand msgs )
- Must be able to handle ldap auth ( if it cant, whats involved in
writing the ldap-auth portion )
- Must address the specific requirements raised by the present
www.centos.org forum users ( Can you please fill this section in ? )
- Must support all languages we need ( pure utf8 support would be good )
- Secure
- Skin'able
Nice to have:
- Capable of running multiple instances from a single deployment
- responsive community :D
Things we will need to do:
- Decide on what s/w to use.
- Give the ArtWork people enough time to get the look & feel sorted.
- Migrate newbb forums from www.centos.org to $system ( hey, english is
a language too :D ).
- Migrate fr.centos.org into the final s/w
- setup {de/es/ja/it/pt_br}.centos.org
Actions:
Ralph and Fabian are going to work on setting up a test ldap server,
once that is online we will then start by installing into our
test-vm-farm the various s/w to eval them.
If anyone would like to help, please feel free to jump right in.
I'll setup a wiki page for this issue, which might be a good place to
track progress.
--
Karanbir Singh : http://www.karan.org/ : 2522219@icq
All,
This is a friendly reminder.
CentOS 6.10 will EOL at the end of November 2020.
During the first week in December 2020, the 6.10 directory will move to
vault.centos.org
Packages will still be available at:
http://vault.centos.org/centos/6.10/
However, once moved, there will be no more updates pushed to
vault.centos.org. Therefore, security issues will no longer be fixed,
etc.
You should take the rest of the month to either move to a newer versoin
of CentOS Linux ... or to procure Extended el6 support from Red Hat (EUS
RHEL 6).
Thanks,
Johnny Hughes
Reminder: The CFP for the FOSDEM CentOS Dojo is now open -
https://wiki.centos.org/Events/Dojo/FOSDEM2021 - and closes on December
20th.
We are tentatively planning for February 4th and 5th, but will scale
back to just the 5th if we don't get sufficient submissions.
We are looking for talks about:
CentOS Linux
CentOS Stream and the RHEL contribution workflow
Anything that you are doing in the CentOS ecosystem (including, but not
limited to: SIG activity, CentOS infra, governance, community, etc)
Anything you're doing *on* CentOS - stuff you're running on CentOS,
interesting research projects, useful CentOS tools/utilities/techniques.
Larger ecosystem topics - Linux, Cloud, Open Source, etc.
I encourage you to look at previous event schedules for further inspiration:
https://wiki.centos.org/Events/Dojo/Brussels2020https://wiki.centos.org/Events/Dojo/ORNL2019https://wiki.centos.org/Events/Dojo/Brussels2019
Thanks!
--Rich
Hi Vit,
the generated policy fixes the issue. I've opened an issue at https://github.com/ClusterLabs/fence-agents/issues/368
@Kaleb Keithley ,
It's already in the previous e-mail and in the issue I just created.
Best Regards,
Strahil Nikolov
В понеделник, 23 ноември 2020 г., 16:28:01 Гринуич+2, Vit Mojzis <vmojzis(a)redhat.com> написа:
Hi,
based on the policy module generated by audit2allow it seems that this is an issue in the base policy (selinux-policy package).
Init_t is only allowed to access files and directories labeled var_lib_nfs_t (and not link_files). But I believe "getattr" permission was added in rhel-8.3.
Does the generated policy module (my-systemd) resolve the issue?
Vit
On 11/23/20 2:54 PM, Kaleb Keithley wrote:
>
Can you collect any AVC messages from /var/log/audit/audit.log or /var/log/messsages, or dmesg on the host that would only boot after setting enforcing=0?
Thanks
On Mon, Nov 23, 2020 at 7:55 AM Kaleb Keithley <kkeithle(a)redhat.com> wrote:
>
>
>
>
>
>
>
> On Sat, Nov 21, 2020 at 4:48 PM Strahil Nikolov <hunter86_bg(a)yahoo.com> wrote:
>
>
>> Hi All,
>>
>> I have been testing EL8 + NFS Ganesha 3 (from CentOS Storage SIG) and Gluster v8 (tested both Storage SIG rpms and built from source ) and I have noticed a bug in the SELINUX policy causing the system to fail to boot after the node is fenced until a kernel parameter 'enforcing=0' is passed.
>>
>> The reason seems to be the link "/var/lib/nfs" pointing to the shared storage.When the cluster software is stopped gracefully, no issues are observed,as the nfs_setup resource restores /var/lib/nfs .
>>
>> Should I open a bug to bugzilla.redhat.com or it's specific to CentOS only ?
>>
>
>
>
>
> Off hand I don't think that's a bug in the nfs-ganesha-selinux package. I've asked the cluster (pacemaker, etc.) devs and the selinux devs what they think. You asked about opening a BZ in bugzilla.redhat.com; but https://github.com/gluster/glusterfs/issues is the correct place to report gluster issues.
>
>
>
>
> For this though I suggest opening an issue in https://github.com/ClusterLabs/ somewhere, maybe https://github.com/ClusterLabs/fence-agents/issues?? So it doesn't get lost.
>
>
>
>>
>> More details:
>> [root@glustere ~]# rpm -qa | grep ganesha | sort
>> centos-release-nfs-ganesha30-1.0-2.el8.noarch
>> glusterfs-ganesha-8.2-0.5.git77eb5e838.el8.x86_64
>> nfs-ganesha-3.3-2.el8.x86_64
>> nfs-ganesha-gluster-3.3-2.el8.x86_64
>> nfs-ganesha-selinux-3.3-2.el8.noarch
>>
>> [root@glustere ~]# dmesg | grep -e type=1300 -e type=1400
>> [ 14.414782] audit: type=1400 audit(1605994499.985:3): avc: denied { getattr } for pid=1 comm="systemd" path="/var/lib/nfs" dev="dm-0" ino=33596932 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=lnk_file permissive=1
>>
>> [root@glustere ~]# dmesg | grep -e type=1300 -e type=1400 | audit2allow -M my-systemd
>> ******************** IMPORTANT ***********************
>> To make this policy package active, execute:
>>
>>
>> semodule -i my-systemd.pp
>>
>>
>> [root@glustere ~]# cat my-systemd.te
>>
>>
>> module my-systemd 1.0;
>>
>>
>> require {
>> type var_lib_nfs_t;
>> type init_t;
>> class lnk_file getattr;
>> }
>>
>>
>> #============= init_t ==============
>> allow init_t var_lib_nfs_t:lnk_file getattr;
>>
>>
>> Best Regards,
>> Strahil Nikolov
>>
>>
>
>
>
Hi All,
I have been testing EL8 + NFS Ganesha 3 (from CentOS Storage SIG) and Gluster v8 (tested both Storage SIG rpms and built from source ) and I have noticed a bug in the SELINUX policy causing the system to fail to boot after the node is fenced until a kernel parameter 'enforcing=0' is passed.
The reason seems to be the link "/var/lib/nfs" pointing to the shared storage.When the cluster software is stopped gracefully, no issues are observed,as the nfs_setup resource restores /var/lib/nfs .
Should I open a bug to bugzilla.redhat.com or it's specific to CentOS only ?
More details:
[root@glustere ~]# rpm -qa | grep ganesha | sort
centos-release-nfs-ganesha30-1.0-2.el8.noarch
glusterfs-ganesha-8.2-0.5.git77eb5e838.el8.x86_64
nfs-ganesha-3.3-2.el8.x86_64
nfs-ganesha-gluster-3.3-2.el8.x86_64
nfs-ganesha-selinux-3.3-2.el8.noarch
[root@glustere ~]# dmesg | grep -e type=1300 -e type=1400
[ 14.414782] audit: type=1400 audit(1605994499.985:3): avc: denied { getattr } for pid=1 comm="systemd" path="/var/lib/nfs" dev="dm-0" ino=33596932 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=lnk_file permissive=1
[root@glustere ~]# dmesg | grep -e type=1300 -e type=1400 | audit2allow -M my-systemd
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i my-systemd.pp
[root@glustere ~]# cat my-systemd.te
module my-systemd 1.0;
require {
type var_lib_nfs_t;
type init_t;
class lnk_file getattr;
}
#============= init_t ==============
allow init_t var_lib_nfs_t:lnk_file getattr;
Best Regards,
Strahil Nikolov
Hi Everyone,
Below is this week's CPE weekly for week ending 2020-11-22 for both
Fedora & CentOS, and if you want to visit the hackmd link
https://hackmd.io/8iV7PilARSG68Tqv8CzKOQ?view you can then use the
header bar on your left to skip to Fedora or CentOS updates that
interest you.
## General Project Updates
Final project submission date for consideration in Q1 is Friday 27th
November. If you have an initiative that may take weeks/months and
multiple people to work on and want to request it to CPE, please
follow the steps outlined in our initiatives repo and create your
issue before 27th November https://pagure.io/cpe/initiatives-proposal
Our updated initative timetable can be viewed here for 2021
https://docs.fedoraproject.org/en-US/cpe/time_tables/
Below are the projects the CPE team are currently working on for the
months of October, November & December:
* CentOS Stream Phase 4 - Build system services
* Noggin Phase 4 - Data Migration of Fedora & CentOS Accounts, Community testing
* OSBS for aarch64 - this will begin in November
* Fedora Messaging Schemas - this work is continuing from Q3 and is
being worked on part-time
### Misc
#### GitLab
New GitLab topic sent to devel-announce(a)lists.fedoraproject.org &
centos-devel(a)centos.org on Message Bus is out. See email in hackmd
here
https://hackmd.io/oZrDwbSeSWO-l_X65A1ndg?view
## Project Updates
*The below updates are pulled directly from our CPE team call we have
every week.*
## CentOS Updates
### CentOS
* CentOS 6 is EOL 30th November
* CFP for FOSDEM Dojo - https://wiki.centos.org/Events/Dojo/FOSDEM2021
* Updated CentOS CI Openshift staging cluster to latest 4.6.4, Waiting
for stable release in the 4.6 branch before rolling out to production.
* CentOS 7.9.2009 is released! (for x86_64, i386, ppc64, ppc64le,
armhfp and aarch64 architectures)
* Lot of work done for Noggin/AAA
### CentOS Stream
* Use centos-stream-release package to convert from CentOS 6 to CentOS
Stream before 30th November
* Working on integrating ODCS in Stream
* Curating out t_functional suite
https://github.com/centos/sig-core-t_functional
* Refining our testing for finding issues at distro-level
### Fedora
### Staging Environment
* Completed - any issues you find please report them in fedora infra
https://pagure.io/fedora-infrastructure/issues
### Noggin/AAA
* Testing team owned apps in staging with Noggin
* We will be requesting community member testing before December so
keep an eye out for an announcement!
* The teams kanban board where they track their work can be found here
https://github.com/orgs/fedora-infra/projects/6
* And we have a project tracker available to be viewed here
https://github.com/fedora-infra/aaa-tracker
### OSBS for aarch64
* Basic OKD 3.11 working on aarm64 with F31
* Working on repeating that install with F33
* Next step will be to
### Fedora Messaging Schemas
* This project is worked on on a part time basis as we are
prioritizing completing Noggin first before fully committing to its
completion
* There is a list of applications that require messaging schemas can
be found here https://hackmd.io/@nilsph/H1i8CAbkP/edit
* There is a readme which contains documentation on messaging schemas,
a cookie-cutter template to create the schema and a definition of Done
for writing a schemas
https://github.com/fedora-infra/fedora-messaging-schemas-issues
* The board they are working from can be viewed here
https://github.com/orgs/fedora-infra/projects/7
## Team Info
### CPE Product Owner Office Hours
IRC office hours are now once per month.Below are the logs from the
most recent meetings and dates for the next ones.
#### #fedora-meeting-1
* Next Meeting: 2020-12-17 @ 1300 UTC on #fedora-meeting-1
#### #centos-meeting
* Next Meeting: 2020-12-15 @ 1500 UTC on #centos-meeting
## Background:
The Community Platform Engineering group, or CPE for short, is the Red
Hat team combining IT and release engineering from Fedora and CentOS.
Our goal is to keep core servers and services running and maintained,
build releases, and other strategic tasks that need more dedicated
time than volunteers can give.
See our wiki page here for more
information:https://docs.fedoraproject.org/en-US/cpe/
As always, feedback is welcome, and we will continue to look at ways
to improve the delivery and readability of this weekly report.
Have a great week!
Aoife
Source: https://hackmd.io/8iV7PilARSG68Tqv8CzKOQ?view
--
Aoife Moloney
Product Owner
Community Platform Engineering Team
Red Hat EMEA
Communications House
Cork Road
Waterford
ReplyForward
Hi everyone,
I've posted this to devel-announce(a)lists.fedoraproject.org but I will
always post this over here too in case there are interested people on
this mailing list that may not see it on the Fedora one. Thanks again
for your involvement in the GitLab AMA session on IRC in September.
This email discussion thread is on Namespace & Issue Tracking. I have
pulled the relevant questions and answers from the original hackmd doc
into one email and if you would like to discuss this topic
specifically, here might be a good place to do so so your
conversations don't go down a 'rabbit hole' :)
Here are some links to resources as well:
* Questions and Answers hackmd link https://hackmd.io/RW8HahOeR7OJPON1dwuo3w
* Chat log from session
https://meetbot.fedoraproject.org/fedora-meeting-1/2020-09-10/ama_session_w…
* AMA Blog post
https://communityblog.fedoraproject.org/gitlab-ama-follow-up/#more-9346
* Here is this email in hackmd if you wish to view it there:
https://hackmd.io/oZrDwbSeSWO-l_X65A1ndg?view
## Namespace & Issue Tracking
- Question: Currently dist-git in Fedora has several namespaces: rpms,
modules, containers, tests... All namespaces but the ``tests``
namespace have their issue tracker in bugzilla. Would this work in
gitlab? Can we selectively enable/disable issue tracking per namespace
for the entire instance? (ie: w/o giving the possibility to ``owner``
or ``maintainer`` to toggle that setting.)
- Answer: It may need to be checked again, but it appears you can
turn on/off the issue tracker at the project level.
- Question: Currently dist-git in Fedora has several namespaces: rpms,
modules, containers, tests... All namespaces but the ``tests``
namespace have their issue tracker in bugzilla. Would this work in
gitlab? Can we selectively enable/disable issue tracking per namespace
for the entire instance? (ie: w/o giving the possibility to ``owner``
or ``maintainer`` to toggle that setting.)
- Answer: You can turn the GitLab issue tracker on and off by
project. See https://docs.gitlab.com/ee/user/project/settings/#sharing-and-permissions
Namespaces map to “group” in GitLab. Here’s more info about them:
https://docs.gitlab.com/ee/api/namespaces.html
- Question: Fedora, as far as I understand, still plan on using
bugzilla as issue tracker. Currently default assignee and the CC are
gathered using the ``main admin`` (ie: the ``owner`` for GitLab iiuc),
the other maintainers (who did not ``unwatch issues`` in the project -
mechanism for them to opt-out of being in the CC list) and the people
having enabled ``Issue watching`` for the project (mechanism for them
to opt-in into being in the CC list). Would this work in a GitLab
world?
- Answer: There are a number of options related to that. For one,
users can control their notifications globally and by name space in a
fine grained way (see GitLab Notification Emails).
- Question: Fedora is part of GitLab’s Open Source program and we have
a migration tracker issue that we are using to keep track of feature
requests, bugs, etc that are important to Fedora. The Fedora migration
team has been working with us at GitLab to maintain that and community
members can add relevant issues there so we can track them. It’s also
helpful for our product managers to hear about why particular issues
are important for the Fedora use case, and to have upvotes, so doing
that will help! Where can you submit requests/bugs/report issues?
- Answer:
Fedora Migration Tracker:
https://gitlab.com/gitlab-org/gitlab/-/issues/217350
Feature template:
https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Feature…
Bug template:
https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Bug
Please do review the original questions doc in case I have missed any
that relate to namespace and issue tracking and thank you again for
your engagement with these emails! The next email topic will be on
'Branches'.
Have a good week!
Aoife
--
Aoife Moloney
Product Owner
Community Platform Engineering Team
Red Hat EMEA
Communications House
Cork Road
Waterford
Hello,
I don't see the 7.9.2009 release directory in
http://mirror.centos.org/centos-7/. Up until now each minor release used to
have it's own directory with the latest minor having same contents as the
major release. Did something change recently and those minor release
directories won't be provided going forward?
Regards,
Giedrius
All,
Currently, here is a list of tags in the CBS who can build against
CentOS Stream.
https://cbs.centos.org/koji/search?match=glob&type=tag&terms=*8s-*
If your SIG is interested in building against CentOS Stream, you can ask
on this list to get a new tag created.
The CentOS Project would be happy to enable building against CentOS
Stream, so just let us know.
Thanks,
Johnny Hughes
=============================================
#centos-meeting: NFV SIG meeting - 2020-11-18
=============================================
Meeting started by amoralej at 15:08:57 UTC. The full logs are available
athttps://www.centos.org/minutes/2020/November/centos-meeting.2020-11-18-15…
.
Meeting summary
---------------
* ovs/ovn update to FDP 20.H (amoralej, 15:12:02)
* ovs and ovn 2.13 from FDP 20.H have been tested and pushed to
official mirrors (amoralej, 15:12:29)
* ovs and ovn 2.11 from FDP 20.H have been tested and pushed to
official mirrors (dholler, 15:12:45)
* RDO Ussuri is also moving to OVS/OVN 2.13 from NFV SIG builds
(amoralej, 15:18:54)
* New centos-release-nfv pushed to mirror (amoralej, 15:20:56)
* now the network-extras repo can be enabled by installing
centos-release-nfv-extras (amoralej, 15:21:44)
* LINK: https://pagure.io/centos-infra/issue/50 (ykarel, 15:31:55)
Meeting ended at 15:34:36 UTC.
Action Items
------------
Action Items, by person
-----------------------
* **UNASSIGNED**
* (none)
People Present (lines said)
---------------------------
* amoralej (32)
* dholler (10)
* ykarel (6)
* centbot (4)
Generated by `MeetBot`_ 0.1.4
.. _`MeetBot`: http://wiki.debian.org/MeetBot