Day 4 jumped right into sessions:
Protecting the batcave against the Joker: Fedora infra hardening workshop Michael Scherer. Some interesting vulnerabilities that misc found (but did tell us about in advance), and how they were found and some ideas to help mitigate such things moving forward. The big one was a predictable git checkout in tmp, so we could add noexec to tmp and/or do seperate tmp for all users. Running ansible-lint also is something we should really look at doing.
After that I again jumped to hallway track, and then a team lunch, which I was late getting back from.
After running back late from lunch I got to the Fedora Infrastructure hacking and planning and hacking workshop session. I wrote up a bunch of areas we wanted to talk about or work on in the coming year. There really wasn’t too much discussion on most of them, they were all things we knew we wanted to do it’s just a matter of doing them. Neal Gompa did a live demo of the current pagure 5.0 themes and appearence. It looks nice!
The list was:
- new cloud – this is just very very close, so we decided to finish it asap.
- project tracking – I will setup a test for this once pagure 5.0 is out.
- replace nagios – many people suggested we look at zabbix again.
- CAIAPI/noggin – asked folks to file requests for features
- Repospanner – very close to existing, just need to finish it off.
- fedora messaging – abompard gave us a overview of where we are and we discussed corner cases like FMN and datanommer.
- sigul 1.0 – pretty much done we just need to have a flag day to update everything in step (since it’s not compatible with 0.9)
- copr – we discussed plans to move parts of copr into main infra. Possiblly frontend in openshift and dist git and keysign replaced by sigul.
We had a number more we didn’t get to because we ran out of time:
- python3 all the things
- more openshift
- more ci stuff
Next up was my Infrastructure Fix Fest. I was hoping we would get folks to come to us with all the small bugs they hit that we just haven’t had time to fix up and we could fix them right then in the session. Unfortunately, I think because it was the last session of the day and later in the week, many people went back to their rooms to rest for the evening activity or went to the hallway track to talk to people. We did get a few things fixed… I managed to close about 5 infra tickets, track down and fix a issue with kerneltest application that Justin wanted me to fix and discuss a few others. I think next year if we do this again I would ask people for items before hand and we can use it as a chance to show how to fix things.
The evening entertainment was a ‘roller coaster’ restaurant. You order from a tablet and they send your beer or food down on a set of rails. It was pretty amusing. There was a lot of sci-fi clash (the servers were wearing star trek the next generation outfits, but there were star wars characters all around too). At one point a bottle of beer broke, but no one was hurt and they got it cleaned up pretty fast. Overall a lot of good company and amusement.