Hi
I have just filed the RFR for Ask Fedora at
https://fedorahosted.org/fedora-infrastructure/ticket/2884
Askbot - http://askbot.org is a question and answer oriented forum that I am requesting Fedora infrastructure team. As some of you might already know, I have been working on packaging Askbot and its dependencies for Fedora for the last several weeks. At this point, except for Askbot itself, all its dependencies are in Fedora. Most of the dependencies have been built for EPEL 6 as well. We originally tried building for EPEL 5 but many of the dependencies are expected to be more recent versions and went with EPEL 6 instead. I expect to finish all the packaging work before the end of this week. There are some minor patches for Askbot I am working on that I want to test before importing Askbot itself but the process is mostly complete and I along with others have tested it locally. I thought I would get a early start on the proposal and answer any questions on this and get the discussions going in parallel while I do the last steps.
I have been working with upstream for a while now and on our request, upstream has made the authentication system extensible via plugins. We have added a plugin for authentication via Fedora account system. The next step is to run a test instance, test it more publicly and fix any issues and add some minor features (identi.ca support, auto linking to Red Hat bugzilla for bug references etc) and I hope to be able to go into production stage or atleast a soft launch before Fedora 16.
I have explained in length my motivations for working on this and rest of the details at
https://mether.wordpress.com/2011/07/16/the-case-for-ask-fedora/
Do let me know your thoughts
Rahul
On Tue, 19 Jul 2011 22:14:15 +0530 Rahul Sundaram metherid@gmail.com wrote:
Hi
I have just filed the RFR for Ask Fedora at
...snip...
Do let me know your thoughts
Hey Rahul. Looks interesting. ;)
Some things to note:
* This is a Django app. We have had Django apps before in infrastructure (transifex, reviewboard) and they have done fine with load balancing/etc. I hope this one will too. ;)
* This app looks like it would be pretty self contained. Ie, we could have it using it's own database, etc.
Some questions (which may not be known yet, but I thought I would toss them out there):
* If FAS is unavailable, how does askbot behave? No one can auth? or falls back on a local file? or ?
* Do we have any idea how much load/capacity this will take? I guess it will depend on how much it takes off and how much people use it. Are posts/answers stored in db? Or on the filesystem?
* Will there be any guidelines or the like for content? Should all questions be fedora related? Do we want to remove posts that are offensive? (Not a technical issue, but thought I would mention it, it would be good to have guidelines for moderation before content appears to meet people's expectations)
* Are updates of the app pretty transparent? ie, just yum update? or do they require database changes?
* Is there any security history for the application? Have their been security issues and have they been fixed in a timely manner?
* Is there themeing available? Would we want to involve the design folks in making a fedora branded theme for it?
Some issues:
* Currently our app servers are rhel5. We are working to move them to rhel6, but it's not clear when that will be done. We could of course in the mean time just add this on it's own server(s).
kevin
upstream On 07/20/2011 09:32 PM, Kevin Fenzi wrote:
Some questions (which may not be known yet, but I thought I would toss them out there):
- If FAS is unavailable, how does askbot behave? No one can auth? or falls back on a local file? or ?
Askbot has openid support. Will support using Google, Twitter etc as you can see in http://askbot.org.
- Do we have any idea how much load/capacity this will take? I guess it will depend on how much it takes off and how much people use it. Are posts/answers stored in db? Or on the filesystem?
Stored in the db. Supports MySQL or Postgres. Postgres is recommended by upstream since it supports full text search. I don't know how much load it will take. I have tested it but not with thousands of users.
- Will there be any guidelines or the like for content? Should all questions be fedora related? Do we want to remove posts that are offensive? (Not a technical issue, but thought I would mention it, it would be good to have guidelines for moderation before content appears to meet people's expectations)
We would recommend people post Fedora related questions in the FAQ but if there is a community to answer general open source questions, that is alright too. As people vote up/vote down answers, answer other questions etc and gain points they incrementally get more administrative access in the forum and become moderators. Moderators have very similar rights to admins. Offensive posts (both questions and answers) can be flagged by anyone and administrators/moderators can close it and suspend/block users as necessary.
- Are updates of the app pretty transparent? ie, just yum update? or do they require database changes?
Just yum update so far. If db changes are necessary, it requires two commands (backup db for safety)
* python manage.py syncdb * python manage.py migrate
- Is there any security history for the application? Have their been security issues and have they been fixed in a timely manner?
No security issues so far but upstream has been responsive to issues we have reported and fixed them within days.
- Is there themeing available? Would we want to involve the design folks in making a fedora branded theme for it?
Yes indeed. This is my TODO list
https://fedoraproject.org/wiki/Askbot
Upstream theming support is not awesome but good enough for our purposes and upstream is willing to work on enhancing is as needed
Rahul
On Wed, 20 Jul 2011 22:50:27 +0530 Rahul Sundaram metherid@gmail.com wrote:
- If FAS is unavailable, how does askbot behave? No one can auth? or falls back on a local file? or ?
Askbot has openid support. Will support using Google, Twitter etc as you can see in http://askbot.org.
Nice.
- Do we have any idea how much load/capacity this will take? I
guess it will depend on how much it takes off and how much people use it. Are posts/answers stored in db? Or on the filesystem?
Stored in the db. Supports MySQL or Postgres. Postgres is recommended by upstream since it supports full text search. I don't know how much load it will take. I have tested it but not with thousands of users.
Yeah, thats hard to say for sure.
- Will there be any guidelines or the like for content? Should all questions be fedora related? Do we want to remove posts that are offensive? (Not a technical issue, but thought I would mention
it, it would be good to have guidelines for moderation before content appears to meet people's expectations)
We would recommend people post Fedora related questions in the FAQ but if there is a community to answer general open source questions, that is alright too. As people vote up/vote down answers, answer other questions etc and gain points they incrementally get more administrative access in the forum and become moderators. Moderators have very similar rights to admins. Offensive posts (both questions and answers) can be flagged by anyone and administrators/moderators can close it and suspend/block users as necessary.
Sure, just wanting to know if there were general guidelines thought of already, or if they will evolve from the community.
- Are updates of the app pretty transparent? ie, just yum update?
or do they require database changes?
Just yum update so far. If db changes are necessary, it requires two commands (backup db for safety)
- python manage.py syncdb
- python manage.py migrate
ok.
- Is there any security history for the application? Have their been security issues and have they been fixed in a timely manner?
No security issues so far but upstream has been responsive to issues we have reported and fixed them within days.
Thats a good sign.
- Is there themeing available? Would we want to involve the design folks in making a fedora branded theme for it?
Yes indeed. This is my TODO list
https://fedoraproject.org/wiki/Askbot
Upstream theming support is not awesome but good enough for our purposes and upstream is willing to work on enhancing is as needed
Cool.
well, I think this sounds like a interesting and potentially useful resource, so I would be happy to sponsor it and work with you on it.
I guess the next step is a publictest instance to set things up and do some further testing. Then, once thats good, we can work on adding it into puppet and a stg node, then finally production.
I will see about getting you a publictest in the next few days.
kevin
On Wed, Jul 20, 2011 at 10:50:27PM +0530, Rahul Sundaram wrote:
upstream On 07/20/2011 09:32 PM, Kevin Fenzi wrote:
Some questions (which may not be known yet, but I thought I would toss them out there):
- If FAS is unavailable, how does askbot behave? No one can auth? or falls back on a local file? or ?
Askbot has openid support. Will support using Google, Twitter etc as you can see in http://askbot.org.
Will you want single sign on (meaning if you log into pkgdb, you are also logged into askbot)? If not, I would suggest we try and use the openid support in askbot with the fas openid provider. That way we may be able to eliminate the need to maintain the fas auth plugin.
- Do we have any idea how much load/capacity this will take? I guess it will depend on how much it takes off and how much people use it. Are posts/answers stored in db? Or on the filesystem?
Stored in the db. Supports MySQL or Postgres. Postgres is recommended by upstream since it supports full text search. I don't know how much load it will take. I have tested it but not with thousands of users.
Is there a version of postgres that is too old? We're currently running postgresl84 from RHEL5.x... I don't think that'll be too old for most apps but figured I should check.
- Are updates of the app pretty transparent? ie, just yum update? or do they require database changes?
Just yum update so far. If db changes are necessary, it requires two commands (backup db for safety)
- python manage.py syncdb
- python manage.py migrate
Will this work over the network? Will we be able to run the app normally with an account that cannot modify db schema and only use a schema-modifying account if these commands become necessary for an upgrade?
- Is there any security history for the application? Have their been security issues and have they been fixed in a timely manner?
No security issues so far but upstream has been responsive to issues we have reported and fixed them within days.
Do you have a sense of how often we will need to respin and install new packages (or hotfix the application)? Only frequently while we're in testing? Even after we're in production, there will be new features and bugfixes that we'll want to pull in?
-Toshio
On 07/21/2011 04:20 AM, Toshio Kuratomi wrote:
Will you want single sign on (meaning if you log into pkgdb, you are also logged into askbot)? If not, I would suggest we try and use the openid support in askbot with the fas openid provider. That way we may be able to eliminate the need to maintain the fas auth plugin.
I think single sign on will make Askbot more integrated with Fedora and fas auth plugin code is pretty small
https://github.com/pjps/fasauth/
Is there a version of postgres that is too old? We're currently running postgresl84 from RHEL5.x... I don't think that'll be too old for most apps but figured I should check.
Postgres, 8.3 and above is supported
Will this work over the network? Will we be able to run the app normally with an account that cannot modify db schema and only use a schema-modifying account if these commands become necessary for an upgrade?
I haven't checked. CC'ing upstream developer.
Do you have a sense of how often we will need to respin and install new packages (or hotfix the application)? Only frequently while we're in testing? Even after we're in production, there will be new features and bugfixes that we'll want to pull in?
For testing, I expect we would require frequent changes and atleast during the initial stages of deployment, we would probably want to rev up now and then. This will likely slow down over time but since we haven't had such a major end user facing deployment before, I find it hard to say for sure. I would like to add a number of features but those are mostly nice to have. Not much that would need immediate attention.
Rahul
On Thu, Jul 21, 2011 at 09:04:45AM +0530, Rahul Sundaram wrote:
On 07/21/2011 04:20 AM, Toshio Kuratomi wrote:
Will you want single sign on (meaning if you log into pkgdb, you are also logged into askbot)? If not, I would suggest we try and use the openid support in askbot with the fas openid provider. That way we may be able to eliminate the need to maintain the fas auth plugin.
I think single sign on will make Askbot more integrated with Fedora and fas auth plugin code is pretty small
Okay... If we want single sign on we'd also need to run it at something like https://admin.fedoraproject.org/askbot as cookies are only sent back to the same domain as they come from (we can't remove the admin and use fedoraproject.org either as we have less secure servers on fedoraproject.org [like publictestXX.fedoraproject.org] and wouldn't want user's session cookies to go to those boxes.) But if that's also okay, then the plugin does have value. We'll have to set it to use the tg-visit session cookie as a way to verify the user.
-Toshio
infrastructure@lists.fedoraproject.org