Home Home > Infrastructure
Sign up | Login

Archive for the ‘Infrastructure’ Category

Downtime of software.opensuse.org

April 12th, 2012 by

Failed geekoWe had some network problems in our Nürnberg data center this afternoon and now the site software.opensuse.org is not reachable.

To download the openSUSE 12.2 Milestone 3, go directly to the download directory.

To download openSUSE 12.1, go directly to the 12.1 download directory.

For everything else, please wait until the server is fully up again.

Update 2012-04-12 19:37 UTC: Everything should be up again.

Open Build Service Delivers Website Integration

April 4th, 2012 by

OBS download pageThe Open Build Service, a system to collaboratively build and easily distribute packages for a wide variety of operating systems and platforms, has introduced the ability to integrate the intelligent OBS ‘download package’ page into websites. This is useful for projects who want to offer their users easy access to downloads for a wide variety of Linux (and non-linux) systems. Moreover, the Open Build Service 2.3 Release Candidate is out and the final release is near. (more…)

software.openSUSE.org calling for Ruby Hackers!

March 27th, 2012 by

About 2 weeks ago Thomas “digitaltom” Schmidt of the openSUSE Boosters started working on a refresh of the software.opensuse.org search interface. In that time, he has transformed the quite technical search UI into one which is a lot more modern and far easier to use. But there’s quite a bit of work in designing and building a new way of searching the whole buildservice repository with its 170.000+ packages in an userfriendly and logical way. If you’re up for it, we could use your help!
(more…)

SSL cert update for opensuse.org hosts in Nuremberg

January 30th, 2012 by

Thursday 2012-02-02 we will update the SSL certificates for all openSUSE hosts located Nuremberg (see detailed list below). The fingerprint of the new certificate is:

Signed with security@suse.de key:
pub   2048R/3D25D3D9 1999-03-06
uid                  SuSE 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SHA1 Fingerprint=F0:76:9C:42:D3:F1:C0:ED:C6:F6:15:C0:F8:D5:C7:29:60:EB:53:46
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)

iQEVAwUBTyAnZXey5gA9JdPZAQI7yQf/d4OqlBnV4WT80cqI3DVGGcEacTSES8Ux
dK0z9aW/UQWFTHGoQmDk8xcgHED/mHVAlywIPgccbleWNi3NND3+1EAvsxnR5M1m
mdVsNYOEsGDrk/3qvPVzyTjkBgINOnetH/0Hd77NhxaDVkU0f1Tl0wbO5NdhKy6m
0dmGwJgUESi3IQjubaibmGZHCZPfEEO0ReW00tRDjFpV4MnU923/BZWT30WuvfMo
ClSedk0r6PBt3FGr5yqIFyjM1i3CX/dioW1nJ3qOP1GKMDGLSL20YEY6ZE/F8nL4
bycPLfTjDxKodWXeAmeBlXNTNVYxjphowtjYMQqFe7hXyUkSHBCLLQ==
=UhMT
-----END PGP SIGNATURE-----

The following hosts will be affected:

  • static.opensuse.org
  • api.opensuse.org
  • build.opensuse.org
  • connect.opensuse.org
  • features.opensuse.org
  • hermes.opensuse.org
  • login.opensuse.org
  • notify.opensuse.org
  • svn.opensuse.org
  • ci.opensuse.org

We do not expect any service interruptions, but some users run with strict certificate checks.

Why openSUSE.org goes on strike tomorrow

January 17th, 2012 by

End of January the US Congress will vote to pass two laws, the “PROTECT IP Act” (PIPA) and the “Stop Online Piracy Act” (SOPA). If these laws pass they would enable copyright holders to get court orders against websites accused of doing or facilitating copyright infringement. So far so good, the openSUSE Project is against copyright violations.

We are a community that provides free and easy access to Free and Open Source Software. We innovate, integrate, polish, document, distribute, maintain and support one of the world’s best Linux distributions. We are working together in an open, transparent and friendly manner as part of the worldwide Free and Open Source community. And in this community there is no room for copyright abuses. That however does not mean that the end justifies the means. We at openSUSE are opposed to the proposals because we depend on our users to not only be able to freely and openly contribute their code but also their opinion and other information. Why that is threatened by these proposals, you can read over at the EFF, or watch this video from Fight for the Future



PROTECT IP / SOPA Breaks The Internet
from Fight for the Future on Vimeo.

We hope the decision to blackout openSUSE.org will educate people around the world about this issue that threatens the basics of the internet, will make some US based contributors, friends and users contact their representatives in congress and inspire others to join the strike.

build.opensuse.org binary backend was down

January 14th, 2012 by

Working to fix the problem...

The SAN array of the backend server server lost 3 hard disks over the weekend.

That means the array with the built RPMs was broken. We checked and replaced a lot of files from backups – but since not all binary parts of the projects are in backup we need to rebuild some of them (31 from 24,194) afterwards.

The good news: sources and project configurations were affected by this.

Forums and Wikis and Blogs, Oh MY!

December 12th, 2011 by

It has been suggested that I write a post explaining some of the big changes that we have been doing with the forums, wikis, and blogs over the last few weeks.  Here is a quick list:

  • Forums, wikis, and blogs have been moved from iChain to Novell Access Manager
  • Wikis have been upgraded to MediaWiki 1.17
  • Blogs have been upgraded to the latest version of WordPress
  • Blog and wiki servers have been patched to the latest kernel, Apache, and PHP

Now for the details…

Novell Access Manager

Until a couple of weeks ago, the openSUSE blogs, wikis, and forums were running on a product called iChain.  iChain is an appliance that acts as an accelerating (caching) proxy that can perform SSO, authorization, and identity injection for applications.  While iChain does its job very well, it was discontinued a number of years ago, and it has become increasingly difficult to keep it in service.  Some of the major problems are that the hardware it is running on is aging, and it will not run on newer hardware.  It is also having trouble with the extensions and field formatting of newer certificates, and it also has a lot of trouble with clients attempting to use newer TLS protocols.  Those of you who tried logging in to openSUSE.org with an iOS5 device more than two weeks ago have probably noticed this.

Novell Access Manager is the successor to iChain. While it is slightly more buggy, it has a lot of additional features, and is an actively developed and supported product. Recent builds have also been much more stable and issue-free. It works on a different principle than iChain in that it is based on a federation model. This makes SSO across domains and organizations much easier. For example, openSUSE.org is now single sign-on with www.novell.com and www.suse.com. We can also do SAML 2 federation with other sites, if that ever becomes necessary.

While we are working on moving the rest of the Novell related sites to Access Manager, we are running in what we call “migration mode”. In this setup, iChain continues to handle the authentication for itself and Novell Access Manager. This allows us to retain single sign-on between the two systems as we migrate. As some of you have noticed, a side effect of this is that the openSUSE sites now log in via a Novell-branded login page. When the rest of the sites have been moved off of iChain, we will be able to change back to an openSUSE branded login. This will probably take some time, but we will get there.

Since the openSUSE blogs, wikis, and forums were running on a single iChain server that is out of warranty and irreplaceable, they were among the first sites to be moved to Access Manager. While this provides some benefits, it has also led to a couple of problems that come with being the guinea pig.  The first is that we are having a few problems with the IPv6 tunnel that was set up for these sites, and the IDP domain (login.novell.com) does not have an IPv6 address yet.  I have reached out to the networking team to get this resolved, hopefully this week.  The second is that the default Access Manager timeout is very short compared to what the openSUSE contributors are used to.  I changed the timeout to 4 hours last night, so this should no longer be an issue.  I know the change has been frustrating for a few of you, but I hope that you can agree that it’s better to work out the kinks now, rather than waiting for the old system to break down.

Wiki Upgrade

While MediaWiki 1.17 comes with a lot of improvements, many of you have also noticed that it came with a lot of heartburns.  The biggest one was the UTF8 corruption that happened on most of the wikis.  This seems to have come from a combination of an outdated collation on the “older” wikis and the way that the update script handled the schema changes.  This highlighted a problem that I was not aware of before, which is that there are some major collation differences between the “new” (i.e. English and German) wikis, and the “older” wikis that were not recently rebuilt.  After many hours, I found a way to fix the UTF8 corruption, and  I also worked with our DBA to get the collation of the other wikis to match the new wikis as best as we could.  This should minimize the chance of future upgrade issues.

We also had a couple of smaller issues, mostly an Apache rewrite rule interfering with the new resource loader that came with 1.17.  Those issues were also resolved last week.  Despite these problems, the new MW software is working very well.  I have noticed a major improvement in performance, mostly due to the new resource loader optimizing the javascript and stylesheet load times.

Blog Upgrade

The WordPress upgrades are usually much easier than the MediaWiki upgrades, and this was no exception.  Except for a minor glitch in the theme for logged in users, there are no known issues with the new software.

System Patches

Similarly to the WordPress upgrades, this was a pretty uneventful change.  This update fixes a lot of vulnerabilities, including the “Apache killer” DoS attack discovered over the summer.

Maintenance downtime Thursday 2011-11-24

November 23rd, 2011 by

We need some maintenance downtime to work on the following issues:

  • Failed geekofix storage problems on Build Service machines
  • increase network subnet mask for external available servers (means: we are growing ;-)
  • exchange some SSL certificates on servers delivering content via HTTPS

We are trying to get everything done during the standard infrastructure window:

Thursday (2011-11-24), 08:00 – 10:00 CET (7:00 -9:00 UTC)

but some services might need a bit longer (for example the schedulers of the Build Service).

Please contact admin@opensuse.org with any queries.
Your openSUSE Admins

Continuous Integration testing for openSUSE available!

November 10th, 2011 by

Front page of CI.opensuse.org
The development process of the Open Build Service (OBS) code base as well as it’s accompanying tools is largely test-driven. Major parts of the OBS source code are covered by a comprehensive test-suite. Traditionally, after each new code submission, these tests have been run by a custom shell-script on a local machine that wasn’t publicly available for several reasons. Even though this setup served us well for a long time, but we needed more. We want to provide a more transparent solution that allows the community to participate and maybe take over some responsibilities. Thus, your hard-working OBS-team hereby kindly introduces ci.opensuse.org, our new public interface for continuous integration (CI) testing!
(more…)

The Green Planet

November 7th, 2011 by

The last few days those of you linked to the planet by http://planetsuse.org/ are experiencing connection problems. This is not because openSUSE Planet is down but as Pascal Bleser announced a few days ago into the openSUSE Project ML because this domain name is not under the Project’s control but by and individual who left the openSUSE Project some years ago.

The only way to go to the openSUSE planet is now by typing http://planet.opensuse.org/ and the correct way to connect your RSS is by adding that .xml .

(more…)