Friday after getting finally a mostly good nights sleep and having some hotel breakfast, it was time for the ansible best practices workshop that misc setup. The plan was to work on some infrastructure playbooks that had bitrotted over the years and clean things up so it was a better example of how playbooks should be setup. However, when it came time, it seemed lots of people there didn't have too much experience with ansible, so instead we spent almost the entire time talking about best practices and how things were setup. We went over the mailman3 playbooks and noted a number of things for cleanup. There was mention of ansible-lint, ansible-report and molicule. So, in the end we didn't get much fixed, but we did have some good information sharing and education of new folks to ansible. After a quick lunch, it was time for the Server working group Pow-wow. This session was great, we had a lot of lively discussion from modularity folks, server working group members and other interested parties. We have a bunch of things we now need to follow up on and get more information about:

• if rolekit can easily use or be made to use ansible as it's backend.
• if not, how easily we can get ansible tied into cockpit
• how easily we can re-write the current server roles as ansible playbooks taking input via rolekit
• how much configuration will be done as part of module profiles

The basic plan is to see if we can't replace the rolekit backend with ansible and leverage all the ansible knowledge out there to make new roles. If we can use existing rolekit the interface can stay the same and cockpit can continue to talk to it. Modularity work will help us with life cycle and other common problems people run into with servers. After that session, flock was over for this year. ;( A bunch of us went down to the city center and wandered around and had dinner. Everything was quite tasty and I finally found some dark beer.

Unfortunately, I managed to oversleep on thursday (forgot to set my alarm), so I missed the lightning talks. Will have to look up the recording of them when they are up. I went to go to the automation workshop, but it was standing room only, so I went and had more coversations in the hallway track. Then it was time for our infrastructure workshop. Things went really well! We did a whiteboard/etherpad of items we wanted to discuss and come up with plans on and managed to finish the last of them with just a few minutes to spare. In no particular order:

• containers in Fedora Infrastructure
  • mirrorlist container is a good first candidate
  • will run on proxies
  • will run the wsgi server in container and expose the socket to apache on proxy
  • haproxy with container as first and old ones as secondary/backups
  • could spin up more capacity as needed in our cloud or others
• fedorainfracloud - per contributor resources
  • contributor per tenant resources
  • add packager and qa groups and talk to docs and i18n and others if they would find it of use
  • 1 external ip
  • outgoing restricted to disallow "spammy" ports
  • Will update docs and announce once it's ready
• build setup for infra packageskoji side tag for infra packages
  • up to maintainer to decide on EPEL/Fedora
  • dogfooding our own deployed services/processes where it makes sense
• fas3 status
  • https://admin.stg.fedoraproject.org/fas3/
  • python-fedora backward compatibility questions.
    • tokens vs passwords
    • fas-client is ready to be packaged
    • fas/fas-client in stg, test/fix python-fedora, announce so people can test, fix broken apps, push to prod
    • fas3 security audit, SOON since in stg it is using a copy of the prod db.
•  community projects / domain names support
  • domain names to reflect support status of projects (fedoraproject.org, fedorainfracloud.org, fedoracommunity.org)
  • fedorainfracloud: unsupported, run by community members
  • currently used for geographical community sites. Idea is to make it be used for slightly-more-supported apps
    • Still uses RFR process. Less burden on FI team, but don't let people deploy random things to it.
    • COPR is a primary candidate
    • actions: adjust docs, adjust status, adjust RFR docs
• CA certs and such
  • freeipa testing to happen soon
  • if that looks good, move to kerberos
  • need to figure out sigul
• koji rework for new alternative arch support
  • Will need more storage space, but will reduce space used on mirrors
  • archs aren't "primary" or "secondary" but build output will be tag as such, instead.
  • aarch64 import after hardware is received, single mass rebuild at end of cycle like for F20.
  • GOAL: Get proposal approved by FESCO for F26 (aarch64), PPC for F27, s390x possibly for F27
  • Discussion with IBM about access to untimed mainframe
  • unused aarch64 and PPC servers for cloud VMs

A bit of sleep and time for the next day of flock! The second keynote was quite interesting. It was Radosław Krowiak Co-owner, Akademia Programowania. His company uses open source programming to tech children valuable skills. There was a NASA survey on creativity and 5 year olds scored an average 98%, and 15 year olds on 12%. It's so important to tech programing and science and teamwork when young. Very interesting stuff, I hope there's more of this sort of company out there. Next was Michael Scherer's talk on Desktop security. Lots of good suggestions. I would recommend looking at the video as soon as it's up and adjusting your security practices. It's a dangerous world out there. After lunch, I went to Ralph Beans "Factory 2.0" talk. Great stuff. Basically these are the changes that need to happen to Fedora's build/release pipeline to support all the cool modularity and other changing deliverables. I think they took a great approach here by scoping things, then only adding what they need to add and adjusting existing services. Trying to re-write the entire factory would take far too long. Will be interesting to see how this all progresses. Then on to my talk about using Rawhide day to day. I think it went pretty well, there were some good questions and everyone seemed interested in the topic. I hope we get some more Rawhide users from it. I should have my slides up once I get home, will make a note of it when they are up. After that I hung out in the hallway/lobby and talked to too many people to mention. Flock is great for putting faces to names you only see on mailing lists or IRC. It's also great to talk to people higher bandwith on some topics. Something that would take you many back and forth emails can be discussed in a short real conversation. The evenings event was great! Dinner on a boat on the river and a short river ride around. The food was good and Krakow is a lovely city. Tomorrow: workshops!

Tuesday started bright and early with breakfast at the hotel. A reasonable selection of breakfast goods and the staple of flock: coffee. Then it was time for the first keynote: The Fedora Project Leader's state of the Fedora union. Some nice numbers here and a few nice questions on other nmbers that would be good to gather. Then, I went to Adam Miller's talk on the Open Shift Build Service in Fedora. I knew most of this before, but it was a really nice overview of the parts and how they fit together. This talk gave me a nice list of questions to feed into our infrastructure workshop later when designing mirrorlist containers. Lunch was again in the hotel, and was just fine. Lots of discussion with various people on various topics. After lunch I went to the state of the Fedora server talk. Since I am in the Server working group I knew this discussion ahead of time, but it was good to be there to help the others giving the talk. There were some good suggestions from the audience, especially mentioning a ansible based replacement for rolekit. I then took to the hallway track for a while and talked with some old friends and new. Final talk for me of the day was the kernel talk. This time given by Laura Abbott. A great talk to point new contributors to, and some nice questions. I hope there's more folks from the community wanting to step up and help out with the kernel, there's always a ton to do. Finally the day ended with an absolutely wonderful dinner at Restauracja Pod Baranem. Very good food and company. A short 6 block walk back from the tram and it was time for sleep. Looking forward to day two.

Sunday started my travels to flock 2016. First up, a flight from Denver to Munich. 10 hours in the air, but at least fewer hops. Things started out on a troubling note as the flight was already delayed ~20min before I even left for the airport, which would cut my time between flights in Munich to just ~45min. However, by the time I got to the plane and through security (just ~20min), things were actually back on time. The flight was long, but uneventful. Luftansa sure does a good job. My flight in Munch to Krakow changed gates, but they texted me and I got it as soon as I landed. A bit of a walk to the new gate, but ran into Luke Macken and Mike Mclean there and once we arrived in Krakow, we also met Peter Robinson and shared a short cab right to the hotel. The hotel seems quite nice... it's in a quiet area and the desk folks seem nice. After checking in, I decided it would be best to stay awake and go to bed later tonight at a reasonable hour for this timezone. My Roomate showed up in an hour or two and then we went and worked on polishing up our talk we are co-presenting tomorrow. Then it was off to a quick walk to the nearby mall to have some Shwarma. Now it's time to get some sleep. Looking forward to flock keynote tomorrow at 9am.

Just over one week until flock ( https://flocktofedora.org ), Fedora's main yearly conference. This time it's in Kraków, Poland. This of course means a long time traveling for myself and other North American Fedorans, but it's always well worth it. In addition to seeing old and new friends, I'm looking forward to quite a lot of the talks (see https://flock2016.sched.org/ for the full schedule) along with workshops and hallway discussions. I'm going to be giving a talk on using Fedora Rawhide as your daily driver OS. Hopefully lots of tips and workflows that people will find useful. Also, I am co-presenting with Pierre-Yves Chibon (pingou) on the current state of Fedora Infrastructure along with lots of upcoming plans. If you aren't able to make it to Kraków in person, do follow along on #fedora-flock ( on freenode ) and in blogs and other project communications.

Kneel before the new Zodbot! We have upgraded our beloved evil super villain IRC bot on freenode from an old version of supybot-gribble to a new shiny version of limnoria ( https://github.com/ProgVal/Limnoria ).  This doesn't change much in the interface, but it does mean we are using something that is maintained and gets updates and is a good deal more secure. If you notice problems please do let us know with a Fedora Infrastructure ticket. Also, as one of the maintainers of supybot-gribble in Fedora and EPEL, I will be retiring that in favor of the limnoria package very soon. It should be now available in updates repos for your upgrading pleasure.

Today, astute observers may have noticed that lists.fedoraproject.org and lists.fedorahosted.org didn't participate in the long running, annoying, insecure and exasperating tradition called "mailman day". This is where mailman spams you with a reminder for every list you are on with your plaintext "password" in clear email. Since we have now fully switched over to mailman 3, you can relax and rest easy that we DID NOT spam you with your mailman password today, nor will we from now on. ;) Our mailman3 instances authenticate users via Fedora Account System OpenID, persona or yahoo, no local throwaway passwords to look for or remember.

In mailman2 there is a feature called 'topics'. What this allowed you to do was create some filters on the list and when those filters matched mailman would add a header telling the user that this post was part of a 'topic' or not. You can then use the mailman interface to tell it you only wanted posts on a specific list of topics and no others. As far as I know there aren't too many lists that used them, but there are a few we run in the Fedora Project that do: The prime example being the 'package-announce' list. The package-announce list gets emails from bodhi (the Fedora updates system) about each update when it's pushed into the stable updates repo. As you can imagine with a fast moving distro like Fedora, this list gets a LOT of posts. This list has topics for each Fedora release (22, 23, 24, etc) and also "Security" and "New package" updates. Using topics users could get a subset of these emails that they wanted. Sadly, topic support isn't yet available in mailman3, and it's unclear right now when it might be implemented. Not wanting to hold up our migration to mailman3 forever, we want to go ahead and move lists like package-announce over as soon as we can. Of course this means those folks using topics are going to be in a bind. However, there are some alternatives:

• You can switch to using a RSS feed directly from bodhi itself. For example: https://bodhi.fedoraproject.org/rss/updates/?releases=F23 will give you all stable Fedora 23 updates. https://bodhi.fedoraproject.org/rss/updates/?releases=F23&type=newpackage will give you all newpackage type updates, etc. Pretty much any search or page with a rss symbol on it on bodhi is an RSS feed.
• You can set up notifications in the Fedora notifications service: https://apps.fedoraproject.org/notifications/ to either email or IRC. For packages you are interested in, all updates, security or newpackage updates or any combo.
• You can of course just stay on the package-announce list and filter things locally. You will be getting emails about some things you don't care about, but emails are pretty small in this day of streaming video. :)

Hopefully those interested can switch over to one of the alternative methods above until topic support once again lands in mailman.

Over the years, a number of times, people have asked us about migrating from our own custom Fedora Account System (FAS) to FreeIPA. We would love to, but right now as things stand it's just not a great fit for us. In the past we have had trouble articulating what the issues are, but now Patrick has written up a wiki page with all the items we know of: https://fedoraproject.org/wiki/Infrastructure/fas_freeipa Hopefully we can keep open a dialog with FreeIPA folks and keep the above wiki page synced up so perhaps someday we can migrate when blockers are no longer in our way. :)