June 11, 2013


Seth Vidal
ansible as infrastructure-wide cron

A discussion last week made me think of the following:
Ansible as a mechanism to provide network/infrastructure-wide cron.

A couple of systems that do major administrative tasks could have a infra-cron file like:

01 04 * * * root run_system_wide_task
0 01 * * Sun root trigger_client_backups

Now, I’m sure lots of you are saying ‘yes, that’s cron, you don’t need another one’ but with ansible you could have an orchestrated cron. A cron that properly says ‘wait for the previous task to finish before you launch this other one’ or a cron that is able to better contingency handling if some of your systems are offline or disconnected.

I don’t have any code for this but I wanted to toss it out as a potentially odd idea that maybe someone would love.


June 11, 2013 03:38 AM

May 23, 2013


Seth Vidal
documenting for posterity – ansible – wait for a dir to exist before continuing

Got a ridiculous process **cough**Jenkins**Cough** that you have to wait to create a dir before doing things?

This might help you as godawful ugly as it is.

– name: wait for a dir to exist – this is just ugly
shell: while `true`; do [ -d /var/lib/jenkins/plugins/openid/WEB-INF/lib/ ] && break; sleep 5; done
async: 1800
poll: 20


May 23, 2013 09:07 PM

May 17, 2013


Seth Vidal
sorting srpms by buildorder

Hey folks,
Working on something for Spot I revived some code I had written a
few years ago and then discovered that other people had made much more
robust leveled topological sorts than I had written :)

Anyway – if you grab the files from:

http://skvidal.fedorapeople.org/misc/buildorder/

And run:

python buildorder.py /path/to/*.src.rpm

it will look up the interdependencies of the src.rpm to figure out a
build order. It outputs a bunch of different things:
1. a flat build order
2. a build order broken out by groups – you can build all the pkgs in
any group in parallel provided that all the pkgs in the previous group
have finished building.
3. outputs lists of direct loops between srpms.
4. probably will output A LOT of noise and garbage from the rpm
specfile parsing from the rpm.spec() module

But it might be worth a look at and, ideally, patches to make it a bit
more robust.

If you have a set of pkgs which you need to build but you can’t figure
out the buildorder this might help you out.

I’d love to know how often it is right or ‘right enough’.

Known Issues:
1. some spec files make the rpm.spec() parsing break in interesting
ways – sometimes tracing back :)
2. if a pkg is not dependent on any other pkg and nothing else depends
on it – they get lumped in the last grouping. Not really an issue -
just something someone noticed and was surprised.
3. It will handle file-buildreqs not at all, it will handle virtual
provide buildreqs, not at all, if your buildreqs are REALLY picky about
requiring <= Version – it will ignore all of that. :)
4. I fully expect that 2 or more level circular build deps (foo req bar
req baz req quux) will not be detected but will make the topological
sort function die). If so…. tough… go fix your packaging.

Anyway – give it a run and see if it helps you solve a problem.

If it does let me know about it. Some of us are curious if this could
fit well in mockchain or wrapped around/in mockchain.


May 17, 2013 07:09 PM

May 10, 2013


Christoph Wickert
Vienna Calling!

Last weekend I attended Linuxwochen Wien for the first time. I heard a lot about the event, so I totally wanted to go there. Now that I’m back from Vienna, I am a little disappointed – but nevertheless happy I went there.

The Austrian Linuxwochen (Linux Weeks) is a series of events all over the country. It started in Graz, but there is also Eisenstadt, Krems and Vienna. The event in Salzburg is delayed until further notice, Linz was canceled off this year (only the LUG meeting took place) and Klagenfurt seems dead for years. Overall not very encouraging, but we wouldn’t be Fedora if we were not to change that. So we brought 7 people to Vienna which were supported by two locals, Kevin and Volker. Both did an excellent job, even though they are (officially) no ambassadors. Together we submitted 16 talks and workshops. All were accepted, this is roughly one fourth of the 3 day program. I delivered two talks, one on Kolab and one on postscreen. Both went very well and I’m very happy about the feedback I received. Overall the talks and workshops were very interesting and the speakers very competent.

Fedora booth at Linuxwochen Wien

Fedora booth at Linuxwochen Wien

Fedora delivered a good show. We had by far the biggest and most professional stand and lots of goodies. As a special gimmick Miro had brought his 3D printer and as always it attracted a lot of people. The rest of exhibition however was not impressive. That’s a well know problem for events where the focus is on talks, but this one was worse: It was moved to a new building with more space on the hallways, but the number of exhibitors hadn’t really changed. The booths looked quite lost and there were hardly visitors as most people were attending talks. On Friday we had at least some students from the university showing up and hoped for more people over the weekend, but that was wishful thinking. Maybe it was bad promotion, maybe the weather or a combination of both.

Empty hallway at Linuxwochen Wien

Empty hallway at Linuxwochen Wien

The weather in Vienna was bad compared to Berlin, but on Saturday afternoon it changed and the rest of the weekend turned out to be very sunny. As there were not many visitors and we had more than enough people at the booth, later that afternoon I decided to go for some sightseeing. People told me Vienna is beautiful, but I hadn’t seen anything of that beauty. I have been to Vienna before, but usually it was just for transfer at the airport or on my way to Brno. So I went to the historic city center and I have to admit, it really is impressive. There are a lot of buildings from the imperial times of the Austro-Hungarian monarchy and also from the Art Nouveau (or ‘Jugendstil’ as we call it) era. I love Jugendstil.

Subway station 'Karlsplatz'

The subway station ‘Karlsplatz’ in Vienna – an icon of the ‘Art Nouveau’ era.

On Friday we had a social event. It wasn’t really a social event, instead we just went to a Chinese restaurant down the street for an ‘all you can eat’ buffet. We were around 30 people and I was lucky to sit next to Bernhard. We talked about packaging and he asked me if I could help him with continuous integration of rpm build. It turned out Bernhard is a FreeRDP developer and told him I’m the poor bastard maintainer of remmina in Fedora. Remmina is a GTK-based RDP, SSH, NX and Telepathy client, developed by the FreeRDP project. It’s powerful but in bad shape as FreeRDP is still a young project and constantly moving forward. Unfortunately there haven’t been stable releases for quite a while and backporting fixes is cumbersome. So we agreed that FreeRDP will try to maintain a ‘release’ branch in git, even if there are no actual releases, and we will help them with continuous integration. If Mads, our FreeRDP maintainer, agrees we will build and host nightly versions of Fedora’s freerdp and matching remmina packages. An interesting project and I’m looking forward to it.

My flight back to Berlin left very early on Sunday morning. I had to get up at 5 am, but it allowed me to be in Berlin at half past eight and enjoy a sunny Sunday after which I was very tired – but happy.

Not sure I will attend Linuxwochen Wien next year, we have other awesome people to run the event. Personally, I learned some important lessons:

  • Talks are getting more professional and so is the target audience. When you give a talk, be professional – but don’t forget the fun!
  • Exhibitions on the other hand receive lesser attention. We need to think of new way to attract people and how to interacting with them. We need something more playful like the Fedora photo booth.
  • Renting an apartment is a good idea: Not only that it’s cheaper than a hotel, but more fun, too.
  • The people who told me Vienna is beautiful didn’t lie.

Thanks everybody for making Linuxwochen a successful event. A special thanks goes out to Sirko for being a perfect event owner. He took care of everything, not just the booth and apartment and he was a good tourist guide.

May 10, 2013 05:11 PM

April 29, 2013


Seth Vidal
adding an openstack cinder volume server to an existing cloud with an existing cinder setup

We needed more space for cinder and had no nice way to expand it on our existing cinder server so after banging my head a bit I got assistance from Giulio Fidente who was able to show me a working config that let me figure out what I was missing. Below I document it so others might be able to find it, too.

NOTE: this works under folsom on rhel 6.4. I cannot vouch for anything else -but Giulio had it running on grizzly I think so…

Usage:

You have an existing cinder server setup and running – which includes
a volume server, an api service and a scheduler service. You need to
add more space and you have a system where that can run.

Here’s all you need to do:

1. install openstack-cinder on the server you want to be a new volume server

2. make sure your new system can access the mysql server on your primary
controller system

3. make sure tgtd knows to import the files /etc/cinder/volumes

add
include /etc/cinder/volumes/*
to:
/etc/tgt/targets.conf

4. make sure your other computer nodes can access the iscsi-target port
iscsi-target 3260/tcp on the system you want to add as an cinder-volume server

5. setup your /etc/cinder/cinder.conf
example:

[DEFAULT]
sql_connection = mysql://cinder_user:cinder_pass@mysqlhost/cinder
api_paste_config=/etc/cinder/api-paste.ini
auth_strategy = keystone
rootwrap_config = /etc/cinder/rootwrap.conf
rpc_backend = cinder.openstack.common.rpc.impl_qpid
qpid_hostname = qpid_hostname_ip_here
volume_group = cinder-volumes
iscsi_helper = tgtadm
iscsi_ip_address = my_volume_ip
logdir = /var/log/cinder
state_path = /var/lib/cinder
lock_path = /var/lib/cinder/tmp
volumes_dir = /etc/cinder/volumes

6. start tgtd and openstack-cinder-volume

service tgtd start
service openstack-cinder-volume start

7. check out /var/log/cinder/volume.log

8. Verifying it worked:
on your cloud controller run:
cinder-manage host list
you should see all of your volume servers there.

9. creating a volume. – just make a volume as usual – the scheduler
should default to the volume server with the most space available

10. on your new cinder-volume server run lvs to look for the new volume.


April 29, 2013 10:36 PM

April 27, 2013


Seth Vidal
Things I Learned while building f19alpha imgs for our openstack cloud

Things I learned today:

1. the predictable network device naming stuff in systemd is kinda arbitrary when it comes to cloud imgs that may run on a variety of virt systems – so to turn it off just add this to your %post in your kickstart:

# disable systemd ‘predictable’ device names for networks w/a hammer

ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules

cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
TYPE="Ethernet"
EOF

 

That last bit is just to make a generic ifcfg-eth0 so ifup eth0 works normally.

2. the hostonly initramfs that dracut makes now plays up when you are moving an image around. make sure you add
dracut-nohostonly

to %packages to get it to behave as you’d expect

3. if you don’t have a lot of memory then you may not  want tmpfs for /tmp  - to turn that off just do:

systemctl mask tmp.mount

in %post and it will be as you’d expect.

4. syslinux-extlinux is WAY nicer and simpler to use than grub2 :)

 

Thanks to Mattdm for making the syslinux-extlinux option for anaconda happen.

 

 


April 27, 2013 02:59 AM

April 25, 2013


Seth Vidal
ansible rpm compare

A while back I wrote this for func – and I found I needed it ported to ansible.

I enhanced it to make it take more than just 2 systems. It can now compare any number of systems to the base system

http://fedorapeople.org/cgit/skvidal/public_git/scripts.git/tree/ansible/ans_rpm_compare.py

 

Takes a first argument of your ‘baseline’ host that’s the host all the other hosts package sets will be compared to.

It grabs the list of rpms installed on each system (just using rpm -qa, I’m lazy, or I could have used the yum list=installed option)

It transforms that output into a set – then does a difference on them each way.

Output looks like this

$ ans_rpm_compare.py app01.phx2.fedoraproject.org app02.phx2.fedoraproject.org
Packages on app01.phx2.fedoraproject.org not on app02.phx2.fedoraproject.org
words-3.0-17.el6.noarch
fedmsg-relay-0.6.8-1.el6.noarch
gdb-7.2-60.el6.i686

Packages on app02.phx2.fedoraproject.org not on app01.phx2.fedoraproject.org

 

Trivial but should be straightforward to follow how it works in the code.

No idea where else to put it so it goes into my scripts git repo.

 


April 25, 2013 03:57 AM

April 22, 2013


Seth Vidal
mailman archiver failure

If you see this traceback in your /var/log/mailman/error file

 

 

File “/usr/lib/mailman/Mailman/Queue/Runner.py”, line 120, in _oneloop
self._onefile(msg, msgdata)
File “/usr/lib/mailman/Mailman/Queue/Runner.py”, line 191, in _onefile
keepqueued = self._dispose(mlist, msg, msgdata)
File “/usr/lib/mailman/Mailman/Queue/ArchRunner.py”, line 73, in _dispose
mlist.ArchiveMail(msg)
File “/usr/lib/mailman/Mailman/Archiver/Archiver.py”, line 216, in ArchiveMail
h.processUnixMailbox(f)
File “/usr/lib/mailman/Mailman/Archiver/pipermail.py”, line 583, in processUnixMailbox
self.add_article(a)
File “/usr/lib/mailman/Mailman/Archiver/pipermail.py”, line 635, in add_article
article.parentID = parentID = self.get_parent_info(arch, article)
File “/usr/lib/mailman/Mailman/Archiver/pipermail.py”, line 669, in get_parent_info
if parentID and not self.database.hasArticle(archive, parentID):
File “/usr/lib/mailman/Mailman/Archiver/HyperDatabase.py”, line 273, in hasArticle
self.__openIndices(archive)
File “/usr/lib/mailman/Mailman/Archiver/HyperDatabase.py”, line 251, in __openIndices
t = DumbBTree(os.path.join(arcdir, archive + ‘-’ + i))
File “/usr/lib/mailman/Mailman/Archiver/HyperDatabase.py”, line 65, in __init__
self.load()
File “/usr/lib/mailman/Mailman/Archiver/HyperDatabase.py”, line 170, in load
self.dict = marshal.load(fp)
ValueError: bad marshal data

It is due to a corrupted archive database. Those live in /var/lib/mailman/archives/private/$list/database/*

In order to figure out which one it is – you have to run this:

 

#!/usr/bin/python

import os, sys
sys.path.insert(0, ‘/usr/lib/mailman’)

import Mailman.Archiver
import marshal
for fn in sys.argv[1:]:
if os.path.exists(fn):
c = marshal.load(open(fn))

 

against the files in the dir I mentioned above.

like this

python thatscript /var/lib/mailman/archives/private/$list/database/2013-April*

That will tell you if a file is busted, (it will print out an exception) but it won’t fix it.

You will probably need to run it against all of the current files for all the lists you have :(

Once you figure out which lists are broken you SHOULD be able to run

bin/arch –wipe listname /var/lib/archives/private/$list.mbox/$list.mbox

and have it recreate the whole thing.

 


April 22, 2013 05:22 PM

March 28, 2013


Paul Frields
Moving to Fedora 19 Alpha!

The post Moving to Fedora 19 Alpha! appeared first on The Grand Fallacy.

Usually I wait until later in the pre-release cycle — a few weeks before Beta on average — before I move to the pre-release of the next Fedora operating system. But for Fedora 19, I’m too excited to see GNOME 3.8 and all the other improvements, so I tried out the Fedora 19 Test Candidate 2 (TC2) during lunch yesterday. I burned it to a USB key and was happy with what I saw. I decided it was time to move over now and fit in with the cool kids.

 

Getting ready to install

Now, I could have just thrown caution to the wind and installed right away. But since I wanted to move over on my main workhorse laptop, a ThinkPad x220, I really needed to back up my user files first. I hadn’t done that in a month or two (I know, I know!) so this was a must. I figured, if I was going to have a little downtime for the backup, I might as well make it worthwhile and install the Fedora 19 Alpha TC2 while I was at it. Thankfully, this afternoon was free of meetings so it was a good time to be offline for a short while.

I keep my backups in several places, but the easiest one to get to right away, with the fastest write speed, is a portable USB 2.0/FireWire enclosure I keep around for my own backups. It has a 500 GB SATA drive inside and plenty of room for my data. I was already running the Fedora 19 Alpha TC2 using the Live USB. I attached the disk, and of course it was mounted up for my convenience. I used the Disks utility to unlock and mount my home volume from the encrypted hard disk, and used the rsync utility to freshen the backup.

Installing Fedora 19 Alpha TC2

I decided to do a network installation rather than just burning a Live image. There were a bunch of other packages I wanted, and I figured I might as well grab them all during installation; plus, I wanted to see how that process was working. I burned the F19 Alpha TC2 boot.iso to a USB key and booted up.

I was hoping to hold on to my current partitioning setup as part of the installation process. I have a /boot partition on /dev/sda1, and an LVM physical volume with a single volume group, subdivided into separate logical volumes. Some are encrypted, including my /home folder. Unfortunately this is where I ran into my first issue — the current F19 Alpha can’t handle custom partitioning in the installer interface. I don’t believe this is required in the release criteria for an Alpha, so it’s not a huge surprise.

Nor was it a huge impediment; fortunately, the installer GUI is not tied that closely to the OS version or package content anymore. That means I was able to boot off a Fedora 18 boot.iso (written to USB), and simply point to a Fedora 19 mirror as the software source. I used the existing (and working) Fedora 18 installer GUI to do my required custom partitioning, so I could retain my current partition setup. Then I was off to the races, while I worked on other things.

Initial thoughts

There are some cool interface changes during login. A finished desktop screen expands nicely from the center rather than having elements appear gradually in sequence. There is some work being done on an initial setup routine, kind of like an orientation for new users of GNOME 3. It’s still a bit rough, and there are bugs, but you can see where things are going: it’s definitely a useful feature.

I love the fact that the screensaver reports notifications gathered while the screen was off. This would be useful for things like chat where you might want to know whether someone was looking for you before you decide to log in. I’m thinking of quickly getting on the console to answer IRC pings, but I suppose, reading back, it might just as easily be used to avoid people. Heh. But again, neat improvement. Another nice notification improvement: the larger bar introduced in GNOME 3.6 also now confirms for you that you have no new notifications, a nice added visual cue.

The control center has a smorgasbord of upgrades, from a privacy control, to per-application notification settings, to easier to read layouts for numerous controls including NetworkManager. And the overview search now is easier to read as well. And of course, none of the changes sacrifice my ability to navigate around by keyboard instead of mouse, which I really like.

Are there bugs? Sure, although I haven’t hit any identifiable ones yet. I’ll keep playing with the pre-release over the weekend and file some bugs as I poke around into the corners. But so far, I really like what I see, and I think Fedora 19 is going to be a great release!

March 28, 2013 01:13 PM

March 27, 2013


Seth Vidal
polling/diffing instances in openstack

I’m trying to produce a simple list of instances on the fedora

openstack instance. I want to produce a list every 10m or so and diff

it against the last copy of that list and output the changes.

Here’s what I came up with:
http://fedorapeople.org/cgit/skvidal/public_git/scripts.git/tree/openstack/gather-diff-instances.py

it is based originally on nova-manage. It runs as root on the head system in our cloud and just dumps out json, then diffs the json.

Everything works but I’m trying to figure out if this is the ‘right’
way of going about this.
I thought about doing it via nova instead of using the nova-manage
direct-to-db api but I had 2 problems:

1. I would need to save the plaintext admin pw somewhere on disk to
poll for that info

2. or get a token which I would have to renew every 24 hours

We’re using the above the script as a simple cron job that lets us know
what things are changing in our cloud (who is bringing up new
instances, how many, what ips they are attaching to them, etc)

Additionally, is there a way in the db api to easily query the tenant and user info from keystone? I’d like to expand out the user uuid into username/project name.

 

 


March 27, 2013 04:04 AM

March 22, 2013


Seth Vidal
gitproxy

gitproxy:
http://skvidal.fedorapeople.org/misc/gitproxy

Dealing with a potential problem we were trying to figure out a way to proxy/redirect git:// calls from one server to another one. This is a fairly ridiculous script I hacked up in the wee-small hours of thursday morning after talking to+Sitaram Chamarty on #git  for a while.

I fully expect this won’t work well under load but it does seem to function in my small tests here.

 

 


March 22, 2013 07:01 PM

Seth Vidal
diffing two ini files

Ever need to diff 2 ini files but their sections and options aren’t in the right order?

Well, I do. I googled but I couldn’t find anything trivially available that did this.

I swear I wrote this once before but I couldn’t find it when I looked through my dirs of misc scripts so:

http://fedorapeople.org/cgit/skvidal/public_git/scripts.git/tree/inidiff

hope it is useful to someone.


March 22, 2013 04:24 PM

March 10, 2013


Christoph Wickert
Don’t use a programming language for configuration

Dear developers,

please don’t use a programming language for configuration files. Seriously. Don’t. Just don’t. You are only making live hard for people.

Here is what my polkit custom desktop policy looked like in Fedora <= 17:

Identity=unix-group:wheel
Action=org.freedesktop.packagekit.package-install;org.freedesktop.packagekit.package-remove;org.freedesktop.packagekit.system-rollback;org.freedesktop.packagekit.system-sources*;org.opensuse.cupspkhelper.mechanism.*;org.libvirt.unix.*;dk.yumex.backend.pkexec.run
ResultAny=no 
ResultInactive=no 
ResultActive=yes

I think this is pretty straight forward, but some people found it confusing and too complex. So David rewrote it.

If you keep complaining about polkit configuration I'll rewrite it in JavascriptNow let’s see how the same looks in Fedora >=18:

polkit.addRule(function(action, subject) {
    if (subject.isInGroup("wheel") && subject.active) {
        polkit.log("action=" + action);
        polkit.log("subject=" + subject);
        if (action.id.indexOf("org.freedesktop.packagekit.package-install") == 0) {
            return polkit.Result.YES;
        }
        if (action.id.indexOf("org.freedesktop.packagekit.package-remove") == 0) {
            return polkit.Result.YES;
        }
        if (action.id.indexOf("org.freedesktop.packagekit.system-rollback") == 0) {
            return polkit.Result.YES;
        }
        if (action.id.indexOf("org.freedesktop.packagekit.system-sources.") == 0) {
            return polkit.Result.YES;
        }
        if (action.id.indexOf("org.opensuse.cupspkhelper.mechanism.") == 0) {
            return polkit.Result.YES;
        }
        if (action.id.indexOf("org.libvirt.unix.") == 0) {
            return polkit.Result.YES;
        }
        if (action.id.indexOf("dk.yumex.backend.pkexec.run") == 0) {
            return polkit.Result.YES;
        }
    }
});

What do we learn from this?

One doe not simply use JavaScript for config files

March 10, 2013 01:05 PM

March 07, 2013


Seth Vidal
async actions in ansible playbooks

A number of people have been surprised by this feature, even though it is documented, so I thought I’d mention it.

Ansible can run actions async. This means it connects to the client system, starts the process and disconnects.

In general you would want all your plays to be synchronous (do thing X, wait for it to be done/watch it, do thing Y).

However, there are times when what you want to do will take a VERY long time or could kill your ssh connection off.

An example is a yum update:

tasks:

- name: yum update

action: command yum -y update

That can take a long time, depending on what’s going on. You want to monitor what it does, but you don’t want a timeout or a reset ssh session/network to kill off that process.

So what do you do? You make it async:

tasks:

- name: yum update

action: command yum -y update

async: 7200

poll: 15

That means – run yum -y update – wait for up to 7200s and poll every 15s to check on the status of the action.

Here’s where we’re using it in fedora:

http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/playbooks/package-update.yml#n11

However, this means if your ssh or network were to die – the yum update process would still run to completion.

But if your connection does die and you cannot check on the status of the job what do you do?

Well -you can connect to any system as the user who was running the job and look in ~/.ansible_async

there will be a file in there for each job that was being run. It may just be a place holder and empty (if the job is still running) or it made be filled with the results if the job is finished.

Pretty handy for a variety of tasks.

 


March 07, 2013 12:49 AM

February 27, 2013


Mark Cox
Enterprise Linux 6.3 to 6.4 risk report
You can read my Enterprise Linux 6.3 to 6.4 risk report on the Red Hat Security Blog.

"for all packages, from release of 6.3 up to and including 6.4, we shipped 108 advisories to address 311 vulnerabilities. 18 advisories were rated critical, 28 were important, and the remaining 62 were moderate and low."

"Updates to correct 77 of the 78 critical vulnerabilities were available via Red Hat Network either the same day or the next calendar day after the issues were public. The other one was in OpenJDK 1.60 where the update took 4 calendar days (over a weekend)."

And if you are interested in how the figures were calculated, here is the working out:

Note that we can't just use a date range because we've pushed some RHSA the weeks before 6.4 that were not included in the 6.4 spin. These issues will get included when we do the 6.4 to 6.5 report (as anyone installing 6.4 will have got them when they first updated).

So just after 6.4 before anything else was pushed that day: 

** Product: Red Hat Enterprise Linux 6 server (all packages)
** Dates: 20101110 - 20130221 (835 days)
** 397 advisories (C=55 I=109 L=47 M=186 )
** 1151 vulnerabilities (C=198 I=185 L=279 M=489 )

** Product: Red Hat Enterprise Linux 6 Server (default installation packages)
** Dates: 20101110 - 20130221 (835 days)
** 177 advisories (C=11 I=71 L=19 M=76 )
** 579 vulnerabilities (C=35 I=133 L=159 M=252 )

And we need to exclude errata released before 2013-02-21 but not in 6.4:

RHSA-2013:0273 [critical, default]
RHSA-2013:0275 [important, not default]
RHSA-2013:0272 [critical, not default]
RHSA-2013:0271 [critical, not default]
RHSA-2013:0270 [moderate, not default]
RHSA-2013:0269 [moderate, not default]
RHSA-2013:0250 [moderate, default]
RHSA-2013:0247 [important, not default]
RHSA-2013:0245 [critical, default]
RHSA-2013:0219 [moderate, default]
RHSA-2013:0216 [important, default]

Default vulns from above: critical:12 important:2 moderate:16 low:3
Non-Default vulns from above: critical:4 important:2 moderate:5 low:0

This gives us "Fixed between GA and 6.4 iso": 

** Product: Red Hat Enterprise Linux 6 server (all packages)
** Dates: 20101110 - 20130221 (835 days)
** 386 advisories (C=51 I=106 L=47 M=182 )
** 1107 vulnerabilities (C=182 I=181 L=276 M=468 )

** Product: Red Hat Enterprise Linux 6 Server (default installation packages)
** Dates: 20101110 - 20130221 (835 days)
** 172 advisories (C=9 I=70 L=19 M=74 )
** 546 vulnerabilities (C=23 I=131 L=156 M=236 )

And taken from the last report "Fixed between GA and 6.3 iso": 

** Product: Red Hat Enterprise Linux 6 server (all packages)
** Dates: 20101110 - 20120620 (589 days)
** 278 advisories (C=33 I=78 L=31 M=136 )
** 796 vulnerabilities (C=104 I=140 L=196 M=356 )

** Product: Red Hat Enterprise Linux 6 Server (default installation packages)
** Dates: 20101110 - 20120620 (589 days)
** 134 advisories (C=6 I=56 L=15 M=57 )
** 438 vulnerabilities (C=16 I=110 L=126 M=186 )

Therefore between 6.3 iso and 6.4 iso: 

** Product: Red Hat Enterprise Linux 6 server (all packages)
** Dates: 20120621 - 20130221 (246 days)
** 108 advisories (C=18 I=28 L=16 M=46 )
** 311 vulnerabilities (C=78 I=41 L=80 M=112 )

** Product: Red Hat Enterprise Linux 6 Server (default installation packages)
** Dates: 20120621 - 20130221 (246 days)
** 38 advisories (C=3 I=14 L=4 M=17 )
** 108 vulnerabilities (C=7 I=21 L=30 M=50 )

Note: although we have 3 default criticals, they are in openjdk-1.6.0, but we only call Java issues critical if they can be exploited via a browser, and in RHEL6 the Java browser plugin is in the icedtea-web package, which isn't a default package. So that means on a default install you don't get Java plugins running in your browser, so really these are not default criticals in RHEL6 default at all.

February 27, 2013 01:03 PM

February 24, 2013


Paul Frields
DevConf.cz event, day 1 part 2.

The post DevConf.cz event, day 1 part 2. appeared first on The Grand Fallacy.

I’m sure you already saw my post on part 1 of day 1 of DevConf.cz, right? Well, not much time for lunch afterward — this conference is packed with content! It’s also packed with friends from around the world. Here’s a few of mine:

Ludek is a man of charm! (from DevConf.cz 2013)

Radek: I'm too sexy for this conference! (Denise: I'm not listening.) (from DevConf.cz 2013)

There are about 5 minutes between talks, and a quick 15 minute break in between morning and afternoon sessions. So after said break, I attended the following sessions:

  • Ales Kozumplik spoke about DNF, a next generation package management library and utility for Fedora. There’s an explanatory Fedora wiki page here.
  • Michael Schröder presented on the functions of package management in SuSE, including libsolv (which underlies DNF). This included explanations of many of the additional functions in libsolv that can be cherry-picked if appropriate for Fedora.
  • Vratislav Podzimek gave a fantastic presentation on the reasons behind and for the Anaconda NewUI. He showed the many problems and maintainability issues with the Anaconda we’ve had for something like 7-8 years in Fedora. He also demonstrated how the new UI presents a simpler, faster way to install in Fedora and even allows you to quickly craft custom “addon” spokes. devconf-2013-no-more-scary-sm
  • Following this, I attended the Anaconda NewUI discussion in one of the hacklabs. A partial list of discussions that happened there:
    • Confirmed that Anaconda redesign is meant to make it possible for people with little or no Linux experience to use the installer.
    • Someone said that this is perhaps exactly why some experienced people struggle with the new UI. While acknowledging that such users would have to become accustomed to the new UI, apart from two cases (LVM on mdraid and [UPDATE: reserving space in a VG -- see comments below]) at this time the new UI can do everything the old one did. Completing storage configuration is more streamlined for the middle of the bell curve cases, but still can be done for the outlying cases.
    • Quite a bit of discussion about addons and what the vision is for them in Fedora. Chris Lumens expressed this really well; his opinion is that they would only be used in Fedora for things that are really helpful for the Project but in which the Anaconda team has no expertise. In concept, any particular site that wants to use addons would only use one, or maybe two. Throwing lots of addons at a user would be confusing and unhelpful. Anaconda team doesn’t want to set policy about when to use addons, probably this would be a FESCo matter.
    • There are many difficulties with choosing default languages based on simple measurements. Inevitably you end up making the wrong choice for a substantial number of users and it becomes difficult for them to continue or complete their task.
    There was more, but these were some of the major topics I heard while bouncing around trying to publish things to various networks about the conference.
  • I also attended the set of short talks for the core OS. Although they were labeled “lightning,” they were a little slower paced, but still good content. I’d like to see the next DevConf.cz include real lightning talks — perhaps 5 minutes, timed mercilessly, and following each other rapidly with a high energy and entertainment level. But the talks themselves were quite good, and included Tomas Mraz on password quality with libpwquality, and Hans de Goede on the current state and future of the Spice protocol and tools. Hans’ demonstrations were especially high in “wow factor,” and featured splitting a window across two diferent guests’ displays, and drag and drop of files from host to guest.

Following the short talks, it was almost time for the conference event. I went back to the hotel to drop off my bag, and several times I narrowly avoided death by sidewalk ice. Thankfully I was walking with Fabian Affolter who would have been able to call for help if I slipped and broke anything important! (I had met up with Fabian and fellow Fedora luminary Gerrold Kassube earlier in the day.)

I quickly headed back out into the cold and a few blocks later, met up with our hundreds of attendees at Klub Fléda. There was a huge variety of good food and, of course, the omnipresent Starobrno beer. There was also live music on stage, with a power trio doing their best to entertain the sedate geeks customarily grouped together 10 meters away from the stage.

I was able to hang out a bit with some of the hardcore hackers doing great work to solve hard problems in the Linux world, including Kay Sievers, Lennart Poettering, and Harald Hoyer. I haven’t seen Lennart and Harald in a number of years — since I was in Berlin for a LinuxTag event. After a few hours, I accompanied Dan “Strikemaker” Walsh back to the hotel where we had a quiet round or two before retiring. All in all, it was a fine day and I was looking forward to day 2.

Speaking of which, stay tuned for a report for the second day of DevConf.cz!

February 24, 2013 10:08 AM

February 23, 2013


Paul Frields
DevConf.cz event, day 1 part 1.

The post DevConf.cz event, day 1 part 1. appeared first on The Grand Fallacy.

I’ve been at the Red Hat Czech Republic office in Brno this week for meetings and RHEL-related work. But I organized the visit around this weekend’s DevConf.cz event, a conference for free and open source software hackers in Europe. The organizers in the Brno office have done a fabulous job of putting this conference together. I arrived a little later than I wanted, just before the start of the first session. That was mostly because we were out far too late the night before, bowling and having Czech pilsner with friends in the hotel basement bar! Anyway, we joined a small queue where we picked up the agenda, a ticket to the Saturday night event, and a cute gift: Red Hat branded gloves. These would come in handy in the cold and snowy, but beautiful, Brno weather this weekend!

Red Hat branded gloves from the 5th annual DevConf.cz event

I headed to the first DevConf.cz talk of interest to me, on color management. This talk mainly covered the current state of color management in Linux. It didn’t give me a lot of new information, but it was well done. The speaker did mention some of Richard Hughes’ work on colord. He also mentioned the ColorHug device for calibrating screen displays to get correct color. I need to pick up one of these! He also covered the OpenICC group’s formation. I have to admit, I was still just waking up, and didn’t have as much attention to give here as the topic deserved. So I apologize for the lame recounting here.

Next I sat in Debarshi Ray’s talk on GNOME Online Accounts (GOA) for users and developers. Debarshi did a great job showing how GOA works in GNOME. He had some videos that show accessing online documents from a local desktop. In the developer section, he also explained some current problems with increasingly popular 2FA schemes, and with specific service integration through GOA. Despite significant issues with some underlying frameworks needed for better GOA support, there are smart people working to solve these issues in GNOME, which was good to hear. This will give the platform a better foothold on the seamless sharing users have learned to expect.

My energy started to flag at this point, so I grabbed a quick cup of caffeinated soda and ran back upstairs to see Tom ‘spot’ Callaway’s talk. His topic was improving the Fedora user experience through design-driven methodology. I saw a version of this talk at FUDCon in Lawrence, Kansas, where it generated excellent audience interaction. I was curious to see how it was received in Brno. I was happy to see a huge turnout for this talk here at DevConf.cz. UPDATE: Spot’s slides are here (ODP format).

Spot talked about focus on user experience as the first step in development process, as opposed to “let’s write code now, and make this pretty later.” This is not a path that many open source development projects take, but it’s one that tends to produce great results for recipients. Spot followed up with some intriguing examples:

  • The new HyperKitty system that allows users and contributors to interact in ways they prefer. HyperKitty also can help raise the signal to noise ratio by allowing forum-like ratings of posts.
  • A mockup of a Fedora Smorgasbord app-store like application to succeed PackageKit, and abstract away confusing details users don’t need when trying to install or update.
  • A mocked up solution to reduce friction when filing bugs, and frustration when dealing with them.
  • A Fedora Badges app to produce better user affinity in Fedora. Badges can also give some insight into what users are doing, from running specific applications to participating in community events.

I stayed in the same room to hear Leslie Hawthorn talk about negotiation theory in FOSS projects. (You can find an excellent summary of the topic in this post on Leslie’s blog.) A fundamental lesson I took away was often we prevent a great result because we care more about a conversation’s outcome than our goals. Leslie is an entertaining and engaging speaker and I really enjoyed this talk. Hopefully I’ll get to hang out with her a bit at DevConf.cz. I feel like we’ve crossed paths often before, but somehow miss each other through happenstance.

And since I just used the word “happenstance,” I think it’s time to end this post and get lunch. Stay tuned for part 2 of DevConf.cz day 1!

February 23, 2013 11:32 AM

February 21, 2013


Seth Vidal
openstack and resizing qcow-based instances

So – the trick with resizing a qcow based instances is this:

1. either you have to resize the partitions in the initramfs of the instance (which is not yet available as something we can easily do, but we’re working on it :)

2. you have to resize the partition on the live instance and then reboot the instance.

Since 1 is going to take more time/testing – I went ahead to make 2 as painless as possible.

using the cloud-utils and ansible I came up with this:

http://skvidal.fedorapeople.org/misc/openstack-qcow-disk-resize.yml

Put in the hosts you want to run it against. It installs cloud-utils, resizes the partitions using growpart, reboots, waits for the instance to come back alive, then does the fs resizing.

I timed it – it took a total of 1m2s and that includes installing cloud-utils, waiting at minimum 10s for the instance to reboot and then resizing the  actual fs.

The example I gave checks the values from growpart – so it  won’t run more than once (and it won’t run if you cannot resize). So you can run this play over and over and not reboot it all the time. I’m thinking I’ll probably include this as a tasklist for a quick instance provisioning playbook.

 


February 21, 2013 10:37 PM

February 20, 2013


Seth Vidal
1 step forward 2 steps back? openstack and img creation issues

dealing with image creation in all clouds is completely full of suck. I’d more or less come to terms on it with euca but now I’m trying to do the same thing with openstack and encountering some super-duper happy fun times.

I have a rhel6 img which works and boots – it is qcow2 based so it handles kernel updates, etc properly, yay. However it handles resizing  the / filesystem exactly not at all.

If I make the rhel6 img an ami and upload kernel/ramdisk – it’ll resize (well dump it out) into a large filesystem – no problem – but it handles kernel updates not at all.

I would like to have both, I think I deserve to have both, i’ll be damned if any of my testing comes up with both. I’ve done a fair amount of googling and LOTS of things I’ve found say that the qcow2 or raw img should just work in either openstack essex or folsom but I am not having that experience.

Anyone have a suggestion?


February 20, 2013 05:52 AM

February 19, 2013


Seth Vidal
hubris

Is thinking that because something is working well that it will continue to do so.

 

Silly me.

 

 


February 19, 2013 06:43 PM

February 01, 2013


Seth Vidal
coprs and buildsystems and a question I was asked today.

Work continues on coprs but today someone asked me if I knew of a simpler buildsystem that would let them spin up a builder, stuff a bunch of packages at it, and return a pile of results.

I said well… ansible and mockremote could do it.

I started thinking about HOW that would work and realized I have all the pieces – but not a lot of motivation to put it together at the moment.

So I thought I’d tell folks how I would do it and maybe someone will:

 

1. write a playbook to spin up an instance in one of the public clouds using ansible and it’s ec2 module:

http://skvidal.fedorapeople.org/misc/ansible-euca-transient.yml

2. then provision the system with mock, a mockbuilder user and mockchain.

3. tell the user the ip the instance has

4. user submits jobs to it with:

mockremote.py -r chroot -b ip –destdir=/somewhere/ -c –recurse pkg1 pkg2 pkg3

5. user comes back whenever it feels like it

6. user runs a terminate playbook like:

http://infrastructure.fedoraproject.org/infra/ansible/files/copr/provision/terminatepb.yml

which shuts down the instance they had spun up.

I can see wrapping that whole thing in a single script or just letting the user do it a bit at a time. Either way – trivial to setup your own personal, temporary and pristine builder.

 


February 01, 2013 09:38 PM

January 22, 2013


Seth Vidal
coprs and fudcon

I’m still working on recaps from fudcon but I wanted to mention this to anyone who asked:

 

If you asked for access to coprs and you haven’t received a reply from me that is b/c I forgot that you asked. Please drop me an email and I can add you.

 

Thanks


January 22, 2013 04:53 PM

January 15, 2013


Seth Vidal
copr status

We’ve gone through about 45 individual builds of a goodly number of pkgs thanks to the help of the testing volunteers. We’ve found a bunch of bugs and fixed many of them.

Here’s what’s changed:

1. we’re working on cli for copr – more info in this thread: https://lists.fedorahosted.org/pipermail/copr-devel/2013-January/000216.html

2. we’ve got some mockups from the UI team which should help mold where things can go

3. better logs and results for multiple builds

4. I took a first cut of an outline for setting up copr: http://git.fedorahosted.org/cgit/copr.git/tree/copr-setup.txt

 


January 15, 2013 08:12 PM

January 14, 2013


Remi Collet
PHP and Apache Security, SetHandler vs AddHandler

In official PHP packages in Enterprise Linux and Fedora <= 17, the engine was activated by the AddHandler directive. With Fedora 18, or for the users of my repository it is now activated by the SetHandler directive.

Some explanations.

Old version (in the /etc/httpd/conf.d/php.conf file)

AddHandler php5-script .php

As written in Apache documentation, the suffix presence, anywhere in the file name, will activate the engine. This can raise a security problem, in a public upload space, when a lack of control will allow a user to send an image.php.png file and execute it.

New version, recommended (§8) by PHP project documentation:

<FilesMatch \.php$>
    SetHandler application/x-httpd-php
</FilesMatch>

Now, only a final suffix will activate the engine. So security is improved (even if I really think that giving the control on uploaded file name to the user is really a huge design error). I haven't notice any performance change.

Warning, this change may breaks some configurations.

In the case when you want to allow users to upload .php files in a public space, but deactivate the php engine (as on this blog).

With old configuration, you just have to remove the handler (and probably change the mime type):

<Directory /path/to/blog/public>
    RemoveHandler .php
    <Files ~ "\.php$">
        ForceType text/plain
    </Files>
</Directory>

This configuration will not work anymore, and must be changed.

For example, I use (and also enable the colorized output of sources for this space) :

<Directory /path/to/blog/public>
    <FilesMatch \.php$>
        SetHandler None
        ForceType text/plain
    </FilesMatch>
    <FilesMatch \.phps$>
        SetHandler application/x-httpd-php-source
    </FilesMatch>
</Directory>

Ex : twit.php ou twit.phps

So, if you upgrade from Fedora 17 to Fedora 18, or if you update from PHP 5.3 to PHP 5.4 using my repository, don't forget to check and fix all your httpd configuration files.

January 14, 2013 04:16 PM

January 10, 2013


Seth Vidal
fudcon tips and the flu

Hi everyone, it is time for my annual plea to everyone going to fudcon to wash their hands many many times, try not to cough or sneeze on anyone and to do their best to not touch me at all.

It is winter and we’re in the middle of a massive flu and norovirus outbreak here in the US.

http://www.nytimes.com/2013/01/10/health/flu-widespread-leading-a-range-of-winters-ills.html?hp&_r=0

If at all possible I would like to come back from fudcon without bringing any sort of pestilence with me.

This is just a reminder that if you see me incased in a plastic ball don’t be alarmed just smile and wave. :)

 

 

 


January 10, 2013 03:15 PM

January 08, 2013


Seth Vidal
coprs status

My call for testers was successful. We have 21 people now who have access to coprs and a number of folks have started testing builds out. We’ve found some bugs and some feature enhancements needed. Also discussion has started on the copr devel mailing list and we’ve gotten some patches contributed to help us make a cli come to pass.

If anyone else wants to take a look at the code and help out, you can see it all here in copr cgit.

thanks to all the folks who are helping test and develop the copr code.

 

 


January 08, 2013 06:30 PM

January 02, 2013


Seth Vidal
call for serious testers

Right now, we have coprs working. It’s not fancy or beautiful and I am POSITIVE many bugs are lurking there (and some aren’t lurking at all just sitting there). So, we need people who will seriously undertake testing. I don’t want people who want to build things and don’t care about reporting issues. I also don’t want people who are going to be filled with destructive criticism.

If you want to test it out and cite issues please email me: skvidal at fedoraproject.org

you must already have an active fas account and some srpms you want to build.

I only need maybe 10 or 20 people at the moment. Not looking to overdo it :)

Thanks

 


January 02, 2013 08:09 PM

December 19, 2012


Seth Vidal
jenkins and ansible and ‘the cloud’

Working with Pingou on this I merged the playbooks into a single playbook. We were setting up jenkins and wanted a way of putting all the systems together quickly and easily. All it does is spin up a master instance, provision it, spin up 2 workers (one in el6 the other f17) provision them and end:

It could easily be done in ec2, euca, openstack or pretty much any system. I know there are more ways to skin this cat but I thought this was simple enough to follow along and others might find it interesting.

This is the playbook:

http://infrastructure.fedoraproject.org/infra/ansible/playbooks/groups/jenkins-cloud.yml

 

all of our ansible playbooks and inventory files are available here:

http://infrastructure.fedoraproject.org/infra/ansible/

 


December 19, 2012 06:15 AM

December 14, 2012


Paul Frields
PulseCaster 0.1.9 is released!

The post PulseCaster 0.1.9 is released! appeared first on The Grand Fallacy.

Yup, 0.1.9 has finally made it out the door. Here’s the tarball and the git repo. There are also updated packages coming shortly in Fedora 17, 18, and Rawhide. If you want to help test those to get them out sooner, look here for the package for your Fedora release.

Plus, did you know there’s a Facebook page for PulseCaster? Visit it, like it, and feel the love.

PulseCaster 0.1.9: The gruesome details

I have no witty release name attached to any of the releases, so let’s call this “The One Where We Figured Out How to Give People an Expert Option and Translations, Too.” Some of the secret features you’ll find in this release:

  • An expert option
  • Translations

OK, I’m being a bit snarky here. Mainly I’m trying to play all nonchalant about how long it actually took me to get around to working on another release. Here’s a better listing of new stuff in 0.1.9:

  • PulseCaster now uses GTK+ 3.0.
  • PulseCaster also now uses PyGObject and GObject introspection for most stuff. The GStreamer bits are still a bit rough in the gir code. Specifically I found it difficult to get at messages on the bus. I’ll keep working on that, possibly for 0.2.
  • There’s now an expert option that writes the recorded streams to two separate files in lossless FLAC format, so you can mix your own recording later. The default mode still writes a single Ogg Vorbis file, which suffices for most people. (The code here’s more than a bit hacky and needs to be cleaned up in 0.2.)
  • Using the excellent Transifex service, translations are now part of PulseCaster! Many thanks to the wonderful volunteer translators around the world who contributed translations to the release, and to the Transifex folks for their great service.

Future work

Some of the features on the current roadmap:

  • Clean up messy separate-stream code (see above)
  • Provide a recording pause button
  • Do some volume leveling and/or compression to help recordings sound better
  • Provide more helpful information on disk space available/used

As always, you can find the PulseCaster site at http://pulsecaster.org — bugs and enhancement requests are welcome. Input from users helped to drive (eventually!) the work for this release, so a tip of the hat to them for participating!

December 14, 2012 10:34 PM

December 10, 2012


Seth Vidal
copr – testers needed soon

Bohuslav and I have been diligently working on the copr buildsystem code in the last month or so. We originally targetted the middle of november but that wasn’t to be. However, right now we have working rough-around-the-edges code. It has some completed successful builds so we know that part works.

A little background:

copr is intended to provide a safe place for packages to be built that are not packages that are not or cannot be built in fedora. Think of it as a place where you can scratch and chain build whatever you want (up to the obvious limits of legality :) . It takes your packages, builds them against themselves and puts the repo up available for download.

Why not just do this in koji?

  1. koji is just for fedora builds
  2. koji does not allow external, arbitrary repositories for build deps
  3. koji’s builders are not destroyed and cleaned after each build
  4. koji just isn’t designed to do what copr does and grafting it on top of koji is a dangerous proposition to the safety and security of fedora builds.

How does copr do things?

You submit your build request (name of the copr, chroots to build against, repos to use to build and the list of src.rpms to build) into the frontend. The backend takes this request, creates a builder in our private cloud, builds the pkgs, pulls back the results onto a webserver, provides you with a link to the results and destroys the builder.

What’s the status right now?

The backend code works, but there are a lot of rough edges to sand down. The frontend code works, but there is a bunch of ui work needed there (right now Ryan Lerch is creating some mockups for how things should be). The code is available from the link at the top. Right now everything is in two branches a front end branch (bkabrda-workspace) and a backend branch (skvidal-backend). We’ll be merging them into master in short order.

We’ll be sending out a call for folks to help test in the not-so-distant future. The whole goal is to provide a place for people to build packages they would like to have available but maybe cannot have in fedora for one reason or another.

Examples:

  • alternative configuration/build options for an existing package
  • not very easy to package in fedora (bundling, etc) but perfectly good software otherwise
  • test builds
  • your idea here
  • builds based on other repos that are not included in fedora

Things which cannot be in a copr:

  • software which are not legal to include in fedora

 

The fedora buildsys mailing list (buildsys@lists.fedoraproject.org) is where we will discuss things  going forward but I just wanted to let people know what we’ve been working on.

 


December 10, 2012 03:45 PM

December 09, 2012


Christoph Wickert
FAD EMEA wrap up

It turns out we have to leave early. Some people need to travel home and others have family duties – or both. Fortunately we worked hard and managed to complete our agenda.

For now, I just put all the results, todo items and open questions into the wiki. It’s still a rough draft, I will clean it up, format and elaborate it later today. Some of the most important decisions include:

  • We’ll make a Fedora Ambassadors Census. In previous years, we used to do this before this FAD: We ask all the local communities to report their state: How many (active) ambassadors are there, how many events did they attend and what is the overall situation for them.
  • We looked for new ways to bring people into the project. We have communities that are not officially part of the project, like local community websites, IRC channels or groups on social networks. We should actively try to recruit new contributors there.
  • Improve the new contributors experience: Once they joined Fedora, we should make sure new ambassadors can attend at least one major event to get to know other contributors. Mentors should have an eye on how people do within the first year and support them better.
  • Run country-wide ambassadors event: All countries should strive for an event that brings all ambassadors to a table at least once a year.

Still, the real work begins after this FAD. We need to implement what we discussed, whether this is in the wiki, in trac or on various events. But we have gotten a new boost for our community and we are very optimistic that it will have a big impact.

Thanks everybody for coming and especially to Gerold for making this event happen.

December 09, 2012 12:06 PM

December 08, 2012


Christoph Wickert
FAD EMEA Day 1

So we are sitting at Beuggen Castle and having some drinks after an awesome social event: A dinner in complete darkness at a restaurant called “Blinde Kuh” (“Blind cow”). If you have not yet had it, give it a try, it’s very interesting experience.

The first day of FAD EMEA turned out to be very productive. We managed to discuss a lot of topics, most importantly:

  • Event planning for 2013. We want to attend 31 events, and for most of them we already have event owners.
  • Budget planning for 2013. Based on the list of events, we’ll spend 11.700 EUR. Sure, this is a lot of money, but we want really to rock at a lot of places and our draft is very conservative.
  • Sponsoring and reimbursements: While FAmSCo has already achieved a lot, we need to do a better job in explaining contributors how to get money easily and how to effectively track all requests.
  • Swag shipping and event box: We think it does not make sense to ship a complete event box within Europe, instead continue shipping what we really need. But this needs improvements: Better tracking of who has what and more ‘bases’ in different countries.
  • Swag production planning: We have a lot of new ideas for awesome swag and need to follow up with getting different quotes and making desisions.

I am going to add all relevant info to the wiki later, because a lot of the topic we discussed needs to be followed up. Tomorrow we’ll have some more discussions, but given that we are already more than half way through the agenda, we should have some time left to document and implement our results. This mainly is wiki gardening an improvements in our trac instance.

Stay tuned for another blog post before I fly home tomorrow.

December 08, 2012 11:55 PM

December 07, 2012


Christoph Wickert
Fedora elections – don’t forget to vote!

Fedora Elections are ongoing. Deadline is December 9th at 23:59:59 UTC - vote now!

Fedora Logo

 

 

December 07, 2012 06:53 PM

November 30, 2012


Seth Vidal
FAD: Two-Factor Auth setup

This week we held a Fedora Activity Day in Raleigh at RH HQ to get two-factor auth setup for Fedora Infrastructure. We had a pretty good plan and we knew the pieces we needed to put together – it was just a matter of doing it. We got our goals accomplished but that’s not what I wanted to talk about.

We ended up with 9 people there. I was originally a bit concerned that was too many people, that we would end talking more than accomplishing things and that would suck, especially if we had failed to get things implemented. I was keeping track of what everyone was doing, how they were helping. What I noticed was that everyone contributed in some way. There wasn’t anyone on the sidelines. At one point we had 2 people working on the package reviews of the pkgs we needed to get into fedora (totpcgi and pam_url). We had a person writing the cgi to let us use both yubikeys and google auth, a person working on the provisioning interface to get people setup using google auth, a person working on the puppet config, a person setting up the certs/pki needed to let pam_url connect securely. We had a person setting up cloud instances for us to use to test/blow things up and we had a couple of people writing/rewriting their yubikeys and auth secrets in order to test and retest and reretest.

 

The FAD just removed all friction (as someone else put it to me yesterday). It meant that instead of waiting a few days or more to solve the problems we only waited 20minutes. Like often said about mediation – good facilities are sometimes all that is required to get things done.

It was great having everyone there and able to work it was great being able to ONLY focus on this one thing. I think we will have this again in the future to help accomplish tasks which are just too involved to bite off a little at a time or will take years to get done at that rate.

 


November 30, 2012 02:38 PM

November 26, 2012


Toshio Kuratomi
Security FAD

All packed up and waiting for my plane to Raleigh. Going there to work on enabling two-factor authentication for the hosts that give shell access inside of Fedora’s Infrastructure. For the first round, I think we’re planning on going for simple and minimal to show what we can do. Briefly, the simplest and minimalist is:

* Server to verify a one time password (we already have one for yubikeys)
* CGI to take a username, password, and otp to verify in fas and the otp server
* pam module for sudo that verifies the user via the cgi
* database to store the secret keys for the otp generation and associate them with the fas username

We’re hoping to go a little beyond the minimal at the FAD:

* Have a web frontend to configure the secret keys that are stored for an account.
* Presently we’re thinking that this is a FAS frontend but we may end up re-evaluating this depending on what we decide to do for web apps and what to require for changing an auth source.
* Allow both yubikey and google-authenticator as otp

I’m also hoping that since we’ll have most of the sysadmin side of infrastructure present that we’ll get a chance to discuss and write down a few OTP policies for the future:

* Do we want to make two-factor optional for some people and required for others?
* How many auth sources do we require in order to change a separate auth source (email address, password, secret for otp generation, phone number, gpg key, etc)?

If we manage to get through all of that work, there’s a few other things we could work on as well:

* Design and implement OTP for our web apps


November 26, 2012 07:19 PM

November 24, 2012


Chris Tyler
When is an SRPM not Architecture-neutral?

Source RPM packages -- SRPMs -- have an architecture of "src". In other words, a source RPM is a source RPM, with no architecture associated with it. There's an assumption that the package is architecture-neutral in source form, and only become architecture-specific when built into a binary RPM (unless it builds into a "noarch" RPM, which is the case with scripts, fonts, graphics, and data files).

An SRPM contains source code (typically a tarball, and sometimes patch files) and a spec file which serves as manifest and build-recipe, plus metadata generated from the spec file when the SRPM is built -- including dependencies (which, unlike binary RPMs, are actually the build dependencies).

However, the build dependencies may vary by platform. If package foo is built against bar and baz, and baz exists on some architectures but not others, then the spec file may be written to build without baz (and the accompanying features that baz enables) on some architectures. The corresponding BuildRequires lines will also be made conditional on the architecture -- and this make total sense. However, querying an SRPM on a given platform may give incorrect build dependency information for that platform if the SRPM was built on another platform -- and only rebuilding the SRPM on the target arch will correct the rpm metadata (and possibly render it incorrect for other platforms). Thus, I've come to realize, SRPMs are not truly architecture-neutral -- and I'm not sure if all our tools take this into consideration.

Edit: I know that not all of our tools take this into consideration.



Continue reading "When is an SRPM not Architecture-neutral?"
November 24, 2012 03:13 AM

November 08, 2012


Seth Vidal
ansible presentation from @jp_mens

Great presentation slidedeck:

 

https://speakerdeck.com/jpmens/ansible-an-introduction

 

introducing ansible.

 


November 08, 2012 04:29 PM

November 02, 2012


Seth Vidal
euca-terminate-instances

As I find the need I write functionality I need into the existing euca2ools using their lovely cli python api.

I hate trying to remember an instance id. I know the ip of the host or I know the dns name of the hose. I don’t need to go find the instance id to know which one I want to kill.

But euca-terminate-instances is silly and won’t let me pass in an ip or a hostname. Nor will it let me specify globs :(

So I wrote this

http://fedorapeople.org/cgit/skvidal/public_git/scripts.git/tree/euca/my-terminate-instances.py

It takes public or private ips, public or private dns names (the ones euca or ec2 has) or instance ids.

It also lets you pass file-globs to them. So you can do things like:

my-terminate-instances i-\*

and kill everything you’re running. Isn’t that fun!

enjoy

 


November 02, 2012 10:10 PM

October 31, 2012


Seth Vidal
ansible and cloud instances

A few days ago I posted about using ansible to provision persistent ip instances in a public or private cloud.

Today I finished up the next piece I needed to make this work for copr builders w/transient ips/instances.

I needed a way to create a new instance, provision it as if it was one of the normal inventory of our systems, and return back the ip of that was given to it via eucalyptus (or ec2) automatically. And when I was done with it – I didn’t want any record of it preserved in our inventory system. I wanted it gone.

The problem was ansible wants to act only on the hosts it knows about in its inventory. This is quite understandable. But since I’m not specifying an ip to this host and I don’t know it in advance I wanted a way, in a single playbook to do this.

So I wrote add_host an action_plugin for ansible. These let you interact with the internal state of the inventory/playbook/etc while executing a playbook.

All it does is to add the host to the in-memory inventory the ansible playbook object has. And it adds that host to a group you specify. This is so in the second play in the playbook you can say ‘oh operate on hosts in this special group name’ and that will be the only host in that group.

I’ve sent in a pull request for it but it’s not been accepted quite yet. :) However, if you want to try it out you can just toss it into your  action_plugins dir in ansible and call it.

Here’s an example playbook. It’s very similar to the one for creating a persistent instance. In the fedora public ansible repo we are, in fact, importing the same set of tasks from another file to set them up the same.

It just means if anyone wants an instance in our private cloud running f17 or el6 it is incredibly trivial to make one available for you.

 

 


October 31, 2012 05:52 AM

October 26, 2012


Seth Vidal
handy ansible action for adding root keys to cloud instances

You’ve just spun up a new instance and you need to give additional people access to the system as root. You have a common IDMS that houses ssh pub keys for your users. You want to trivially specify a list of those users and have their keys show up in root’s .ssh/authorized_keys file.

Here’s what you do:

 

- name: add root keys for other allowed users
action: authorized_key user=root key=’$PIPE(/path/to/script/for/keys ${root_auth_users})’
only_if: is_set(‘${root_auth_users}’}

 

In our infrastructure FAS houses all the pubkeys. So Toshio wrote this script: http://infrastructure.fedoraproject.org/infra/ansible/scripts/auth-keys-from-fas

So if you define a hostvar in your ansible inventory for this host – then the above will automatically populate your root authorized_keys with the right pub keys.

Kinda awesome, I think.


October 26, 2012 05:42 PM

October 25, 2012


Seth Vidal
creating and provisioning euca/ec2/cloud* instances using ansible in one step

Since we’ve been working more and more with our private cloud setups on eucalyptus and openstack I’ve been trying to come up with a semi-sane way of having persistent hosts in the cloudlets.

So that if we shut things down or an instance dies – it can be brought back up automatically without someone having to explicitly say ‘go start this up’. I’ve also been working on setting up ansible such that we can run it via cron on our central command host to maintain our systems.

So, of course, I’ve combined those two things into one task :)

We want certain cloud instances to:

  1. always exist
  2. have the same ip each time they come up.

These are for things like the build master for COPRs/PPAs or for the jenkins-master server or for any number of random services where they need a persistent ip throughout recreations. For the ips we’re using euca-associate-address after allocating a number to our account.

So I started on a mechanism to create those instances and give me results I could use in ansible for other actions. I came up with ec2 which lets you do that from a local_action call in ansible.

Once you have that module in your ansible library path you just need to:

  • add the host to your ansible inventory file
  • take  this playbook example
  • modify it for your host
  • run it like: ansible-playbook thatplaybook.yml

you’ll need euca2ools installed along with the deps for ansible.

Here’s what the playbook does:

  1. it looks to see if the host is running (by a simple nc connect to port 22)
  2. if it is not running then it will run ec2 with your args
  3. then associate the ip
  4. wait for the host to get the ip and become available
  5. then it goes on to the next play which is normal ansible provisioning

which is perfect, for the next time you run – steps 2-4 won’t happen – it just goes directly to provisioning. Since ansible playbooks are idempotent you can run them as many times as you want w/o maligning your server.

Now the example playbook is all merged together – but if you use host_vars in your ansible inventory and you setup the check/create tasks as an includable task file – then the playbook for creation and provisioning of any new cloud instance you want becomes VERY short.

More to come as I finish it.


October 25, 2012 10:33 PM

October 18, 2012


Seth Vidal
ansible and cloud notes

I’ve been working with ansible a lot recently. Fedora has a new public repo:
http://infrastructure.fedoraproject.org/infra/ansible/
and
http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/

That’s just the beginnings of our repo for managing systems. There’s a number of details to work out, though and I have to merge over all the non-private things from our builder repo. I’ve started that process it’s just a matter of making reasonable decisions on where the tasks should live.

Recently I’ve been looking at:
https://github.com/ansible/ansible-provisioning

and figuring out how a euca2ools-based local_action module would work. I can spin up new instances, if they don’t already exist, and then provision them then I can create an entire network from more or less nothing.

Also working out how best to use euca-allocate-address and and associate-address in our infrastructure to provide some persistent and consistent servers/apps in the cloud. I think I have that bit hashed out but we’re discussing some tracking for cloud instances so we can sensibly shut them down when we need to w/o making everyone angry :)

I’m positive I can do all these things with ansible and euca/openstack. The question now is how long it will take to make them all happen. Anyone interested in helping out, come by #fedora-admin and talk to me.

 

 


October 18, 2012 03:42 PM

October 16, 2012


Christoph Wickert
Last call for F19 naming proposals

This is the final reminder that the Fedora 19 naming collection ends today at 23:59 UTC. This means you have 5 hours left to propose a name. Before proposing a name, please make sure to read the guidelines.

October 16, 2012 07:07 PM

October 09, 2012


Mark Cox
OpenShift, perl, YouTube API
tracy My wife is part of a competition to be the next face representing her college; with the final number of positive 'likes' on YouTube videos determining the winners. I thought it would be neat to create a scoreboard to track her progress, but also to learn how to use OpenShift all in one. It took me longer to write this blog than to write the code and deploy it live!

After creating an account on Red Hat OpenShift I created a new app based on perl and added a cron container so we can run our script every few minutes (to stop overloading the YouTube API if the site gets popular): 

rhc-create-app -a fomc -t perl-5.10
rhc-ctl-app -a fomc -e add-cron-1.4
cd fomc
That was all the configuration needed, the 'fomc' directory is populated with everything you need. OpenShift when you deploy your app, figures out your perl dependencies and grabs and builds them for you, so no messing around needing root or even logging into the host.

By default the file perl/index.pl will get served, but since we're going to cache the output from the script let's make it a html file index. To do this simply add to the existing perl/.htaccess file: 

DirectoryIndex index.html
I wrote this quick perl program to query the YouTube API and do a simplistic HTML page of the number of likes for each of the videos in the playlist, and placed it in the main directory as youtube.pl. Now to get it created every ten minutes we use the cron container by creating a file .openshift/cron/minutely/perljob with the contents: 
#!/bin/bash
MIN=`date +%M`
if [ $((${MIN#0} % 10)) == 0 ]; then
    perl ${OPENSHIFT_REPO_DIR}/youtube.pl > ${OPENSHIFT_REPO_DIR}/index.html
    mv -f ${OPENSHIFT_REPO_DIR}/index.html ${OPENSHIFT_REPO_DIR}/perl/index.html
fi
The cron job is run every minute, but the "modulus 10" ensures we only run the perl script once every 10 minutes. We use an intermediate file so that anyone visiting the site during the time it takes to create the file doesn't get a blank page. Finally we want to make sure that we don't have to wait ten minutes for the file to be created when we push the app, and give people the ability to see the source, so we create .openshift/action_hooks/post_deploy with the contents: 
cp ${OPENSHIFT_REPO_DIR}/youtube.pl ${OPENSHIFT_REPO_DIR}/perl/youtubepl.txt
perl ${OPENSHIFT_REPO_DIR}/youtube.pl > ${OPENSHIFT_REPO_DIR}/perl/index.html
And that's it. Just run 
git add .
git commit -a -m 'first app'
git push
And the app is up and running; here it is: http://fomc-esoom.rhcloud.com/. If this blog was useful (blatent plug!) please click on "Tracy Cox", make sure you're logged in, and click "like" ;)
October 09, 2012 08:25 PM

October 03, 2012


Mark Cox
Enterprise Linux 6.2 to 6.3 risk report
You can read my Enterprise Linux 6.2 to 6.3 risk report on the Red Hat Security Blog.
"for all packages, from release of 6.2 up to and including 6.3, we shipped 88 advisories to address 233 vulnerabilities. 15 advisories were rated critical, 23 were important, and the remaining 50 were moderate and low."

"Updates to correct 34 of the 36 critical vulnerabilities were available via Red Hat Network either the same day or the next calendar day after the issues were public. The Kerberos telnet flaw was fixed in 2 calendar days as the issue was published on Christmas day. The second PHP flaw took 4 calendar days (over a weekend) as the initial fix released upstream was incomplete."

And if you are interested in how the figures were calculated, as always view the source of this blog entry.
October 03, 2012 03:16 PM

September 28, 2012


Mark Cox
Fedora or Android?
20120928_prime For a two day trip I decided to test using my Android tablet instead of also taking a laptop, and it worked out okay for the most part.

I was booked to go to Red Hat HQ in Raleigh, NC at the start of August for a two-day business trip, well more accurately two-days in the office and another two-days of travelling. I'd usually take my trusty ThinkPad x201 on the trip with me, it's small and light, but it's battery life isn't so great anymore. Earlier this year I'd bought an Android tablet, an ASUS Transformer Prime which with a long battery life would be perfect for movies, but could it replace my ThinkPad completely and save me travelling with two devices? I worked through my requirements and it seemed plausible in theory, so here is how it stacked up in practice:

  • Connectivity. In the UK you can only buy the Prime with the keyboard dock, the keyboard dock is great. The in-built wifi was okay for the airport, hotel, and office. I carry a USB network adapter anyway just in case the hotel has a physical connection. The wifi signal on the Prime is terrible compared to other things (like a phone) though, so be prepared to walk around a bit to the best signal. Partial Win.

  • In flight entertainment. I wanted something to watch movies (as US Airways transatlantic don't yet have seat-back video, really!). The large internal memory meant I could store a few films in decent quality to watch and battery life wasn't a problem. I'd used the tablet continously (without wifi) with the keyboard connected for 6 hours and wasn't even down to 50% battery. Although hardware decoding of videos was a bit hit-and-miss, and after trying a dozen apps only "BS Player" seemed to do a reasonable job. A couple of the movies I'd brought had low audio and I couldn't figure out a way to boost it enough to hear over the noise of the plane, even with decent in-ear noise blocking headphones. Having the keyboard dock helped considerably as with the tablet on the tray-table I could set a decent angle to watch a movie. Win.

  • Reading material. I had a few papers and magazines to read which I'd preloaded onto the tablet in PDF format. The Adobe PDF viewer is acceptable, but it seems a little sluggish for something running on a quad-core processor, and the screen resolution isn't really good enough for magazines. The new Transformer Infinity would help here. Partial Win.

  • Keeping in touch with home. The standard Android GMail app and Facebook app are okay, and I was able to use GMail talk to have video chats with my family from both the hotel and office. Win.

  • Working. With just a couple days away I figured all that was needed was the ability to read and send email and browse intranet internal web pages. The standard VPN client on the Prime worked perfectly, and along with the Firefox beta app gave me perfect access to internal sites. For email I prefer command-line text-window clients anyway, so I just needed to be able to connect to a work machine. "Connectbot" on Android works well enough for ssh, and there are a few forked versions you can get that work with the Prime keyboard. The AndChat app works for irc. Win.

  • Presentations. I was giving a presentation at a meeting, but fortunately they had a laptop set up with the projector and I didn't need to worry about taking a HDMI lead and hoping it was a recent projector. Unexpectedly I needed to edit an existing OpenOffice presentation to remove a couple of slides and then convert to PDF to send to another company. I had to ask a colleague to do it for me. There are apps that can view OpenOffice files, but no native OpenOffice suite for android. I'd probably make sure I had access to a VNC server in the future and use a VNC client for anything like this. Fail.

  • Privacy. My thinkpad has full-disk encryption but I didn't bother for Android as I wasn't going to be storing anything sensitive on the machine. My thinkpad has a 3M privacy filter, which is great for airplanes and airports to stop people either side and behind you looking at your screen. The same filters do exist for Android, but are not as straightforward (it of couse only works in one orientation and attaches like a screen protector, so isn't the easiest thing to continuously take on and off, and forces you to use your screen in portrait mode for everything). Fail.

  • Printing a boarding card. When it was time to return home I was able to use Firefox to check in online, and printing my boarding passes gave me a PDF file. I didn't have any printer apps set up, but it was easy enough to email a PDF to a colleague to print for me. Partial Win.

So in summary I think I got away with it; having just the tablet didn't stop me doing anything that had to be done on the trip and I'll definately do the same thing again in the future for very short trips. For anything more than a couple of days or where connectivity might be an issue I'd miss having a full-featured OS.

September 28, 2012 02:48 PM

September 20, 2012


Mark Cox
Red Hat Security Blog
We now have an official Red Hat Security Blog, and you'll find all my future reports and discussions about security metrics there. In the meantime here are a few already published articles:
September 20, 2012 12:54 PM

September 19, 2012


Fedora Italia
Rilasciata Fedora 18 "Sperical Cow" Alpha

L'alpha release di Fedora 18 “Spherical Cow” è pronta per essere testata! Questo rilascio offre un'anteprima di alcune delle migliori tecnologie open source attualmente sotto sviluppo. Ci sono molte nuove features veramente interessanti, dedicate a un audience molto vasto, in questa nuova release.

Di seguito un piccolo assaggio di quello che ci aspetta nel futuro di Fedora 18.

Per il Desktop

  • NetworkManager Hotspots migliora la capacità di usare la nostra scheda wi-fi e trasformate il nostro computer in un hot spot.
  • Il sistema di installazione riprogettato aggiunge flessibilità al processo di installazione, semplificando l'interfaccia utente.
  • Desktop updates in abbondanza: Gnome 3.6, KDE Plasma Workspace 4.9, Xfce
  • 4.10, Sugar 0.98, e l'introduzione di MATE Desktop in Fedora.

Per i Sysadmin

  • Il database NoSQL Riak, un sistema di database fault-tolerant e scalabile, è incluso per la prima volta in Fedora 18.
  • Samba 4 aggiunge il supporto a SMB3 e ai FreeIPA trusted domains.
  • Aggiunge il supporto per l'installazione dei pacchetti del sistema operativo in avvio agli Aggiornamenti del sistema non in linea . In questo modo gli amministratori di sistema avranno la possibilità di effettuare gli upgrade in modo controllato.

Per gli sviluppatori

  • Lo stack di Python 3 è aggiornato alla versione 3.3
  • Rails è aggiornato dalla versione 3.0 alla 3.2
  • Perl 5.16 aggiunge il supporto ad Unicode 6.1

Problemi noti e Bug

Per chi fosse interessato a testare la nuova Fedora 18 ci sono già una serie di problemi e bug noti. Qui di seguito ne riportiamo alcuni, ma potete trovare la lista completa a questo indirizzo: http://fedoraproject.org/wiki/Common_F18_bugs

  • Utilizzando il partizionamento automatico durante l'installazione verranno formattati tutti i dischi selezionati per l'installazione , senza alcun ulteriore preavviso; TUTTI I DATI ESISTENTI SUI DISCHI ANDRANNO PERSI. In questo momento, non c'è l'opzione per poter utilizzare lo spazio libero sui dischi, o per ridimensionare esistente partizioni. Esiste comunque un workaround per risolvere questo problema.
  • Alcune schede grafiche NVIDIA hanno problemi con l'avvio o la visualizzazione del login manager o il desktop. Questo impedisce di avere un desktop usabile, quando si avvia la live o un sistema installato. In questi casi, il login manager o il desktop può non apparire del tutto, o potrebbe essere, ma con il cursore mancante o con problemi di visualizzazione.

Questo rilascio, come detto prima, presenta una nuova interfaccia utente per anaconda, che rafforzerà in modo significativo l'esperienza dell'utente finale di installazione.Problemi noti relativi alla nuova interfaccia utente di installazione includono:

  • Per le installazione non-grafiche, la pssword di root deve essere settata per abilitare il login; per le installazioni grafiche, il primo utente deve essere settato come amministratore. Questo è attualmente il setup di default durante l'installazione.
  • Non ci sono aggiornamenti anaconda-based o preupgrade a Fedora 18 Alpha, se è necessario aggiornare un sistema installato, si deve usare yum.

Per ulteriori informazioni, comprese le informazioni sui bug più comuni, suggerimenti su come segnalare i bug, e il calendario di rilascio ufficiale, è possibile consultare le note di rilascio nella pagina del wiki di Fedora 18

Per il download delle ISO l'indirizzo è questo: http://fedoraproject.org/get-prerelease

Fonte: Announcing the release of Fedora 18 Alpha!!

September 19, 2012 07:56 AM

September 18, 2012


Fedora Italia
Fedora Test Day: 2012-09-18 OpenStack

Oggi si terrà il test day focalizzato su OpenStack IaaS (openstack.org) per Fedora 18.

OpenStack è uno dei progetti cloud di maggior successo e lo si può trovare anche in Fedora.

Potete trovare tutte le informazioni riguardanti questo test day, pre-requisiti per il test ed istruzioni su come effettuare i test nella pagina dedicata del wiki: Test Day:2012-09-18 OpenStack

Tutti sono invitati a contribuire ai test! Potete confermare la vostra presenza nell'evento creato dall'account uffiale di Fedora su Google+: Fedora 18 Test Day - OpenStack

September 18, 2012 10:02 AM

September 13, 2012


Fedora Italia
Fedora video contest

Da qualche giorno è partito un video contest che servirà a trovare un template per l'intro/outro dei video del Fedora Videos Project. Il contest è iniziato il 5 settembre 2012 e terminerà il 5 ottobre 2012.

Per inviare il vostro video, è necessario caricarlo in una posizione accessibile al pubblico e inviare una e-mail a videos@fedoraproject.org con oggetto: "Fedora Videos Contest".

Il video dovrebbe essere idealmente tra i cinque e trenta secondi. Ovviamente, il contenuto deve essere appropriato per uso pubblico.

Dal momento che la 'libertà' è uno dei fondamenti del Fedora Project, è consigliato l'utilizzo di strumenti open source per la realizzazione dei video. Tuttavia, non è obbligatorio.

L'email deve contenere:

  • Il link al video
  • La licenza con la quale è stato rilasciato il video, potete trovare maggiori informazioni qui.
  • Il vostro FAS (Fedora Account System ID), è obbligatoria, per registrarsi basta un minuto Smile
  • Se avete una pagina utente sul wiki, inserite anche questo collegamento.

Le specifiche tecniche del video sono queste:

  1. Qualità video (minimo suggerito): SD
  2. Dimensioni Intro (minimo suggerito): 1600x1200
  3. Dimensioni Outro (minimo suggerito): 1600x1200
  4. Frame rate (minimo suggerito): 24fps
  5. Formato video: ogg
  6. Formato audio: ogv
  7. Durata del video: tra i 10 e i 30 secondi

Potete trovare le regole, i criteri di giudizio e tutte le altre informazioni dettagliate del contest a questo indirizzo: https://fedoraproject.org/wiki/Videos/FedoraVideos_Contest_Intro/Outro

Il premio in palio è un t-shirt Fedora.

September 13, 2012 07:15 AM