You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@allura.apache.org by Dave Brondsema <da...@brondsema.net> on 2013/08/19 18:50:09 UTC
allura instance at Apache is UP
Thanks to infra, we now have https://forge-allura.apache.org/ up and running.
It has SSL (unlike before) so it's good for us to log in and start using it.
Email routing should be set up, but Tim Van Steenburgh is checking on it and we
may need to make some code changes - https://sourceforge.net/p/allura/tickets/6547/
What overall direction do we want to take with this Allura instance? Right now
it just has the Allura project on it: https://forge-allura.apache.org/p/allura/
(and a few test projects) And that just has the git code browser (updated via
cron). I am thinking we should make https://forge-allura.apache.org/p/allura/
be the main page for everything related to allura. So, start moving over
content from http://sf.net/p/allura/ like wiki, chat logs, tickets. Also move
content from http://incubator.apache.org/allura/ over. (and set up redirects on
both of those). We can also add links to our docs, jenkins build status, etc
(although the wiki has those sorts of links too).
And on a more technical level, I think there's a lot of work cut out for us on
our Allura instance. Here's what comes to mind (many of these have tickets for
them already, I think):
* add logo & name to header
* customize home page
* disable OpenID login (since that feature doesn't even work)
* disable new projects (make Allura-only for now)
* disable forking (no git server running for it to work)
* CSS fixes in standard theme
Oh, and what about logins? We could authenticate with Apache LDAP, but that
would restrict it to ASF committers only. I think letting anyone make an
account so they can report a bug, make a comment, etc would be good. I don't
have any great ideas of how to use both LDAP + separate allura-only accounts.
We can also get all PMC members set up as admins on the site. Just let me know
your username and I can add you.
--
Dave Brondsema : dave@brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
<><
Re: allura instance at Apache is UP
Posted by Tim Van Steenburgh <tv...@gmail.com>.
Update on email handling:
Outbound: working correctly
Inbound: Still working with Infra to resolve some MX and postfix config issues. Once that's done and we actually have inbound mail routing correctly, I'll be able to tell for sure whether we need to parse the recipient address out of a different header.
--
Tim Van Steenburgh
On Thursday, August 22, 2013 at 5:46 PM, Dave Brondsema wrote:
> Acting on lazy consensus, I've started to fill out the project menu by adding
> several external links until content is moved. (
> http://community.apache.org/committers/lazyConsensus.html is a good read on lazy
> consensus. There's quite a lot of good info on that site about Apache processes)
>
> Any update on inbound & outbound email, Tim?
>
> I also have noticed that
> https://forge-allura.apache.org/p/allura/git/ref/master/ frequently says "The
> metadata for this repository is missing. To fix, please try a refresh." and a
> refresh fixes it, but then it comes back (presumably after cron pulls in new
> commits). So that's something else to put on our TODO list :)
>
> -Dave
>
> On 8/19/13 12:50 PM, Dave Brondsema wrote:
> > Thanks to infra, we now have https://forge-allura.apache.org/ up and running.
> > It has SSL (unlike before) so it's good for us to log in and start using it.
> > Email routing should be set up, but Tim Van Steenburgh is checking on it and we
> > may need to make some code changes - https://sourceforge.net/p/allura/tickets/6547/
> >
> > What overall direction do we want to take with this Allura instance? Right now
> > it just has the Allura project on it: https://forge-allura.apache.org/p/allura/
> > (and a few test projects) And that just has the git code browser (updated via
> > cron). I am thinking we should make https://forge-allura.apache.org/p/allura/
> > be the main page for everything related to allura. So, start moving over
> > content from http://sf.net/p/allura/ like wiki, chat logs, tickets. Also move
> > content from http://incubator.apache.org/allura/ over. (and set up redirects on
> > both of those). We can also add links to our docs, jenkins build status, etc
> > (although the wiki has those sorts of links too).
> >
> > And on a more technical level, I think there's a lot of work cut out for us on
> > our Allura instance. Here's what comes to mind (many of these have tickets for
> > them already, I think):
> >
> > * add logo & name to header
> > * customize home page
> > * disable OpenID login (since that feature doesn't even work)
> > * disable new projects (make Allura-only for now)
> > * disable forking (no git server running for it to work)
> > * CSS fixes in standard theme
> >
> > Oh, and what about logins? We could authenticate with Apache LDAP, but that
> > would restrict it to ASF committers only. I think letting anyone make an
> > account so they can report a bug, make a comment, etc would be good. I don't
> > have any great ideas of how to use both LDAP + separate allura-only accounts.
> >
> > We can also get all PMC members set up as admins on the site. Just let me know
> > your username and I can add you.
> >
>
>
>
>
> --
> Dave Brondsema : dave@brondsema.net (mailto:dave@brondsema.net)
> http://www.brondsema.net : personal
> http://www.splike.com : programming
> <><
>
>
Re: allura instance at Apache is UP
Posted by Dave Brondsema <da...@brondsema.net>.
On 08/26/2013 11:17 PM, Olemis Lang wrote:
> On 8/26/13, Dave Brondsema <da...@brondsema.net> wrote:
>> On 8/26/13 1:45 PM, Olemis Lang wrote:
>>> On 8/26/13, Rich Bowen <rb...@rcbowen.com> wrote:
>>>> On 08/26/2013 01:04 PM, Rich Bowen wrote:
> [...]
>>>> Is there an LDAP <-> OpenID thing anywhere that would let us use LDAP
>>>> directly as an auth source?
>>>>
>>>
>>> Generally speaking ? gracie
> [...]
>>
>> Good ideas. I don't see an openid provider listed at
>> http://www.apache.org/dev/services.html but maybe there is one out there, if
>> we
>> ask infra.
>>
>
> If you find one, please share it on the list for awareness .
I have asked, and there is not one. There is some good discussion going
on, on the infrastructure@ list. Unfortunately that's not a public
list, so I can't point you to the archive or repeat it verbatim here.
(Apparently infrastructure-dev@ is public and archived, and better
suited for such discussions - now i know). Committers can subscribe to
the list now if they want to see any further comments. Sorry I didn't
mention it here earlier.
Some ideas from the thread so far: access to plaintext passwords to pass
to LDAP isn't safe. Delegating via OpenID, OAuth, etc is a lot of work
to set up, and hard to secure. Perhaps an HTTP LDAP-auth proxy that
Infra runs could go in front of Allura. Dual logins (i.e. both ASF LDAP
& adhoc random users creating accounts on just Allura) could work if
usernames are separated somehow. For example, by a prefix (e.g. asf-)
or special invalid char (eg. trailing _ on non-asf usernames) and
enforced by custom auth providers.
Its looking promising :)
>
>> We do have a direct LDAP auth provider in Allura. But I'm not sure if we
>> can
>> make it work side-by-side with regular usernames.
>
> AFAICT , OpenId will support using both apache.org as well as external
> IDs to log in to the site ... something I consider important once
> users will be creating tickets against the Allura instance at
> apache.org
>
> However I am not sure of whether that really matters at all .
>
> [...]
>
--
Dave Brondsema : dave@brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
<><
Re: allura instance at Apache is UP
Posted by Olemis Lang <ol...@gmail.com>.
On 8/26/13, Dave Brondsema <da...@brondsema.net> wrote:
> On 8/26/13 1:45 PM, Olemis Lang wrote:
>> On 8/26/13, Rich Bowen <rb...@rcbowen.com> wrote:
>>> On 08/26/2013 01:04 PM, Rich Bowen wrote:
[...]
>>> Is there an LDAP <-> OpenID thing anywhere that would let us use LDAP
>>> directly as an auth source?
>>>
>>
>> Generally speaking ? gracie
[...]
>
> Good ideas. I don't see an openid provider listed at
> http://www.apache.org/dev/services.html but maybe there is one out there, if
> we
> ask infra.
>
If you find one, please share it on the list for awareness .
> We do have a direct LDAP auth provider in Allura. But I'm not sure if we
> can
> make it work side-by-side with regular usernames.
AFAICT , OpenId will support using both apache.org as well as external
IDs to log in to the site ... something I consider important once
users will be creating tickets against the Allura instance at
apache.org
However I am not sure of whether that really matters at all .
[...]
--
Regards,
Olemis - @olemislc
Apache™ Bloodhound contributor
http://issues.apache.org/bloodhound
http://blood-hound.net
Blog ES: http://simelo-es.blogspot.com/
Blog EN: http://simelo-en.blogspot.com/
Featured article:
Re: allura instance at Apache is UP
Posted by Dave Brondsema <da...@brondsema.net>.
On 8/26/13 1:45 PM, Olemis Lang wrote:
> On 8/26/13, Rich Bowen <rb...@rcbowen.com> wrote:
>> On 08/26/2013 01:04 PM, Rich Bowen wrote:
>>> On 08/22/2013 05:46 PM, Dave Brondsema wrote:
>>>> Oh, and what about logins? We could authenticate with Apache LDAP,
>>>> but that
>>>>> would restrict it to ASF committers only. I think letting anyone
>>>> make an
>>>>> account so they can report a bug, make a comment, etc would be
>>>> good. I don't
>>>>> have any great ideas of how to use both LDAP + separate allura-only
>>>> accounts.
>>>
>>> It would be really awesome if we could let any Apache LDAP account
>>> have access without registering, and also allow other folks to
>>> register. Possibly someone from Infra could suggest how we might sync
>>> LDAP account into Allura accounts?
>>>
>> Is there an LDAP <-> OpenID thing anywhere that would let us use LDAP
>> directly as an auth source?
>>
>
> Generally speaking ? gracie I do not know what's the more
> up-to-date/supported version among [1]_ [2]_ . Nevertheless isn't
> there already an openid provider for apache.org domain ?
>
> .. [1] Gracie @ github
> (https://github.com/petertodd/gracie/)
>
> .. [2] Gracie @ pypi
> (https://pypi.python.org/pypi/gracie/0.2.6)
>
Good ideas. I don't see an openid provider listed at
http://www.apache.org/dev/services.html but maybe there is one out there, if we
ask infra.
We do have a direct LDAP auth provider in Allura. But I'm not sure if we can
make it work side-by-side with regular usernames. What would you do with
username conflicts? Both LDAP and OpenID providers have bitrotted a bit and
need a little work.
--
Dave Brondsema : dave@brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
<><
Re: allura instance at Apache is UP
Posted by Olemis Lang <ol...@gmail.com>.
On 8/26/13, Rich Bowen <rb...@rcbowen.com> wrote:
> On 08/26/2013 01:04 PM, Rich Bowen wrote:
>> On 08/22/2013 05:46 PM, Dave Brondsema wrote:
>>> Oh, and what about logins? We could authenticate with Apache LDAP,
>>> but that
>>> >would restrict it to ASF committers only. I think letting anyone
>>> make an
>>> >account so they can report a bug, make a comment, etc would be
>>> good. I don't
>>> >have any great ideas of how to use both LDAP + separate allura-only
>>> accounts.
>>
>> It would be really awesome if we could let any Apache LDAP account
>> have access without registering, and also allow other folks to
>> register. Possibly someone from Infra could suggest how we might sync
>> LDAP account into Allura accounts?
>>
> Is there an LDAP <-> OpenID thing anywhere that would let us use LDAP
> directly as an auth source?
>
Generally speaking ? gracie I do not know what's the more
up-to-date/supported version among [1]_ [2]_ . Nevertheless isn't
there already an openid provider for apache.org domain ?
.. [1] Gracie @ github
(https://github.com/petertodd/gracie/)
.. [2] Gracie @ pypi
(https://pypi.python.org/pypi/gracie/0.2.6)
--
Regards,
Olemis - @olemislc
Apache™ Bloodhound contributor
http://issues.apache.org/bloodhound
http://blood-hound.net
Blog ES: http://simelo-es.blogspot.com/
Blog EN: http://simelo-en.blogspot.com/
Featured article:
Apache™ Bloodhound 0.7 listo para descarga - http://goo.gl/fb/OwzmM
Re: allura instance at Apache is UP
Posted by Rich Bowen <rb...@rcbowen.com>.
On 08/26/2013 01:04 PM, Rich Bowen wrote:
> On 08/22/2013 05:46 PM, Dave Brondsema wrote:
>> Oh, and what about logins? We could authenticate with Apache LDAP,
>> but that
>> >would restrict it to ASF committers only. I think letting anyone
>> make an
>> >account so they can report a bug, make a comment, etc would be
>> good. I don't
>> >have any great ideas of how to use both LDAP + separate allura-only
>> accounts.
>
> It would be really awesome if we could let any Apache LDAP account
> have access without registering, and also allow other folks to
> register. Possibly someone from Infra could suggest how we might sync
> LDAP account into Allura accounts?
>
Is there an LDAP <-> OpenID thing anywhere that would let us use LDAP
directly as an auth source?
--
Rich Bowen
rbowen@rcbowen.com
Shosholoza
Re: allura instance at Apache is UP
Posted by Rich Bowen <rb...@rcbowen.com>.
On 08/22/2013 05:46 PM, Dave Brondsema wrote:
> Oh, and what about logins? We could authenticate with Apache LDAP, but that
> >would restrict it to ASF committers only. I think letting anyone make an
> >account so they can report a bug, make a comment, etc would be good. I don't
> >have any great ideas of how to use both LDAP + separate allura-only accounts.
It would be really awesome if we could let any Apache LDAP account have
access without registering, and also allow other folks to register.
Possibly someone from Infra could suggest how we might sync LDAP account
into Allura accounts?
--
Rich Bowen
rbowen@rcbowen.com
Shosholoza
Re: allura instance at Apache is UP
Posted by Dave Brondsema <da...@brondsema.net>.
Acting on lazy consensus, I've started to fill out the project menu by adding
several external links until content is moved. (
http://community.apache.org/committers/lazyConsensus.html is a good read on lazy
consensus. There's quite a lot of good info on that site about Apache processes)
Any update on inbound & outbound email, Tim?
I also have noticed that
https://forge-allura.apache.org/p/allura/git/ref/master/ frequently says "The
metadata for this repository is missing. To fix, please try a refresh." and a
refresh fixes it, but then it comes back (presumably after cron pulls in new
commits). So that's something else to put on our TODO list :)
-Dave
On 8/19/13 12:50 PM, Dave Brondsema wrote:
> Thanks to infra, we now have https://forge-allura.apache.org/ up and running.
> It has SSL (unlike before) so it's good for us to log in and start using it.
> Email routing should be set up, but Tim Van Steenburgh is checking on it and we
> may need to make some code changes - https://sourceforge.net/p/allura/tickets/6547/
>
> What overall direction do we want to take with this Allura instance? Right now
> it just has the Allura project on it: https://forge-allura.apache.org/p/allura/
> (and a few test projects) And that just has the git code browser (updated via
> cron). I am thinking we should make https://forge-allura.apache.org/p/allura/
> be the main page for everything related to allura. So, start moving over
> content from http://sf.net/p/allura/ like wiki, chat logs, tickets. Also move
> content from http://incubator.apache.org/allura/ over. (and set up redirects on
> both of those). We can also add links to our docs, jenkins build status, etc
> (although the wiki has those sorts of links too).
>
> And on a more technical level, I think there's a lot of work cut out for us on
> our Allura instance. Here's what comes to mind (many of these have tickets for
> them already, I think):
>
> * add logo & name to header
> * customize home page
> * disable OpenID login (since that feature doesn't even work)
> * disable new projects (make Allura-only for now)
> * disable forking (no git server running for it to work)
> * CSS fixes in standard theme
>
> Oh, and what about logins? We could authenticate with Apache LDAP, but that
> would restrict it to ASF committers only. I think letting anyone make an
> account so they can report a bug, make a comment, etc would be good. I don't
> have any great ideas of how to use both LDAP + separate allura-only accounts.
>
> We can also get all PMC members set up as admins on the site. Just let me know
> your username and I can add you.
>
>
>
--
Dave Brondsema : dave@brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
<><