Server Team Meeting, 2017-04-13

Attendees: Andri Steiner, Bastian Bringenberg, Michael Stucki, Steffen Gebert
Excused: Andreas Beutel

Beginning of the meeting: 07:00 CEST (!!!)

Open Issues from last meetings

Docker Daemon Listen

  • [INFO] Docker's idea is to have a CA with server and client certificates. Seperate server certificates for each Docker daemon, seperate client certificates for each connector (Portainer or others)
  • [INFO] Andri: i don't think it is realistic to implement a solution with a central CA for us right now, especially because this will be only a step on our way to a more integrated solutoin
  • [INFO] Andri: i propose to just generate local certificates on each Docker machine (openssl oneliner), and use the very same certificate manually to connect to this machine. any objections or better ideas?
  • [INFO] Discussed several solutions within the team, e.g. using Chef certificates or rollout own CA through Chef. We agreed that the original proposal with own certificates per Docker instance is the way to go right now
  • [TODO] see https://forge.typo3.org/issues/80770 @andri

HTTPS everywhere (browser plugin)

  • [INFO] HTTP-only hosts: lists.typo3.org, lists.association.typo3.org, monitoring.typo3.org, + some sites on srv105
  • [TODO] Enable lists.typo3.org, lists.association.typo3.org with LetsEncrypt @stucki
  • [TODO] Move some sites from srv105 to our internal webhosting: https://forge.typo3.org/issues/79475 @bastian
  • [TODO] Someone who has time will enable SSL for monitoring.typo3.org: https://forge.typo3.org/issues/80832
  • [INFO] Shell script Letsencrypt client: https://github.com/lukas2511/dehydrated
  • [TODO] Communicate with HTTPs Everywhere, when we are done with HSTS so we are able to drop our configuration from HTTPS everywhere @bastian

Review of our latest sprint

  • [INFO] The report is not finished yet. This should be done by Friday.
  • [TODO] Write some lines about the LDAP work that was done. @bastian
  • [TODO] Finish the report and take care of publication @stucki
  • [TODO] Make sure to send your travel reimbursement forms to https://reimbursement.typo3.com/ until end of next week! @all
  • [TODO] We should give feedback to Benni regarding the points he brought up before the sprint. Michael will call him. @stucki

Forge Update

Various

  • Status my.typo3.org: Bastian gives a small status of what has been done so far. Further work will be handled in <ticket>. @bastian (extra TODO: add link to the Forge ticket)
  • Hosting Call for Offers: Michael will reach out to Olivier (not done yet) to discuss the next steps. @stucki
  • Anja requested dedicated name fields for typo3.org users. Bastian reports that this is already possible on our end (LDAP server). He will coordinate with Anja and Thomas that this will be used everywhere in the same way. @bastian
  • Trello: Michael will cleanup the board that was used during the sprint as soon as the report has been finished. @stucki

Next meeting

  • The next meeting will take place on Thursday, April 27, 2017 07:00 CEST

End of the meeting: 08:00 CEST.