Minutes from the Tue Jul 16 infra call

classic Classic list List threaded Threaded
2 messages Options
Guilhem Moulin Guilhem Moulin
Reply | Threaded
Open this post in threaded view
|

Minutes from the Tue Jul 16 infra call

Participants
============

1. guilhem
2. Brett (early drop off)
3. Dennis (without mic)
4. cloph
5. luke

Agenda
======

 * Luke: 32bit Linux tinderbox still offline. Send access info to luke if help needed.
   ( http://document-foundation-mail-archive.969070.n3.nabble.com/minutes-of-ESC-call-td4262680.html )
   - cloph: blocking on receiving ssh pubkey from luke
   - luke: ok will mail now
 * Baseline upgrade to Buster (released on july 06), requires tweaks to
   - shorewall
     . config change & change of interface naming
     . userpace nf default tool is nftables not iptables, but some
       legacy symlinks are installed so nothing to do here (for now)
   - python3
     . items instead of iteritems
   - PHP-FPM (7.0 → 7.3)
     . upgrade to nextcloud 16 blocking on that
   - SSL/TLS endpoints
     . <TLSv1.2 disabled default — might need override on some services
       visited by very old clients (need to log TLS handshake info to get some
       metrics anyway)
     . experiment with removing non-AEAD ciphers modes — all "recent" clients
     (from the past ~10 years) should still be able to connect and AFAICT others
     don't support SNI so are mostly out already
       https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.14.2&openssl=1.1.1c&hsts=yes&profile=intermediate
   - some boxes upgraded already (non-prod and/or not user facing), for the
     facing boxes we better wait until fall
 * PiTR
   - Brett: Nothing presentable yet, sorry :(. g. no worries!
   - But the Buster upgrade (PostgreSQL 11) was very helpful in making the
     process easier.
 * Guilhem: Redmine auth migrated to SSO, so far so good but still manual
   approval (as before), will change once back from vacation
 * MW 1.33 released 2 weeks ago but we stick to LTS (1.31 right now,
   1.35 in a year) https://www.mediawiki.org/wiki/Version_lifecycle
   + blessing from Dennis
 * LOOL upgrade (to 6.3, right now on 6.1) blocking on buster-bpo
   packages, will do likely in late july/early august when back from vac
 * gandalf: cloph to handle if there is urgent feedback/follow-up needed
   from lars, guilhem will be traveling (and later on vac)
 * Next call: Aug 20 at 16:30 UTC

--
Guilhem.

--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy
Florian Effenberger Florian Effenberger
Reply | Threaded
Open this post in threaded view
|

Re: Minutes from the Tue Jul 16 infra call

Hello,

Guilhem Moulin wrote:

> Participants
> ============
>
> 1. guilhem
> 2. Brett (early drop off)
> 3. Dennis (without mic)
> 4. cloph
> 5. luke

cool, really happy to see so many people there! :)

>   * Baseline upgrade to Buster (released on july 06), requires tweaks to

Thanks to the infra team for keeping our systems up to date and doing
that with due diligence!

>   * Guilhem: Redmine auth migrated to SSO, so far so good but still manual
>     approval (as before), will change once back from vacation

Works like a charm, really happy to see this connected to SSO now as
well. :)

Florian

--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy