**Session Date/Time:** 12 Apr 2022 18:00 # [TOOLS](../wg/tools.html) ## Summary The TOOLS working group discussed several critical infrastructure updates and upcoming changes. Key discussions included a major decision to revert to anonymous access for Author Tools and BibXML service APIs, while still allowing API keys, with rate limiting as a mitigation for abuse. A significant production server migration is planned for April 25th, expecting a 2-4 hour multi-service downtime. The DataTracker is also slated for a Bootstrap 5 styling update soon, with communication plans being finalized. The search for a Project Manager for RFC tools was highlighted, with a potential volunteer emerging. ## Key Discussion Points * **Meeting Logistics**: Initial audio/video checks and issues with the calendar link for the meeting were noted. * **Web XML Service Migration**: * The temporary BAP service is available for RFC production until Author Tools integration. * The web XML service migration has nearly 50 remaining issues, almost all related to data quality, not application functionality. * The service is considered to be in a deployable state, with an instance expected to be brought up for acceptance testing later this week or next. * The web service relies on data and GitHub Actions in GitHub repositories (e.g., bibxml1, bibxml2, etc.) for serving and generating formatted entities. This implies a current reliance on GitHub, but the architecture allows for migration to other Git repositories if needed. * Carson inquired about cloning repositories for a backup instance, which was confirmed as possible. * **API Key Requirement for Author Tools/BibXML Service**: * The initial design for Author Tools and BibXML service required a DataTracker personal API key for API access, similar to Cloudflare's API Shield. * This design creates friction for tools like `kdrsc` (Carson's tool), which previously used `xmlrfc.tools.ietf.org` anonymously. Users would need to obtain a DataTracker API key, which was deemed too complex. * Alternatives discussed included creating an application-specific key (which would be publicly accessible, negating security benefits) or simplifying the key acquisition process. * It was noted that the web interface for Author Tools uses a separate, effectively open, API via a reverse proxy, making the current API key requirement somewhat moot with a little effort. * A sense of those present indicated a preference to allow anonymous access with rate limiting, dealing with abuse if and when it occurs, rather than imposing significant user friction. * **Zulip**: The Zulip instance is running, with no further discussion planned unless issues arise or integration with Medico is pursued. * **RPC Tools Project Manager**: * Jay reported difficulty finding a contractor for a ~2-year project to act as a Business Analyst, conduct requirements analysis for RPC toolchain replacement, support tender processes, and project manage implementation. * A meeting participant (Rich) expressed potential interest in this role after his current role concludes, and offline discussions were suggested. * Other avenues for recruitment, including contacting previous RFP respondents, were mentioned. * **IETF Infrastructure Services Design Team**: An initial call is planned to gather experiences from West Hardaker's automation work and discuss future infrastructure design for a more automatable target. * **Workshops Poll**: A poll for workshop priorities is still pending. * **Completed Projects**: The SVN/Trac migration is complete. Wiki.js migration (crowd-sourced) is pending DataTracker Wiki.js integration. * **DataTracker Cloudflare Integration**: * The DataTracker has been running through Cloudflare successfully for several weeks, with a few exceptions. * Cloudflare's stricter enforcement of transaction timeouts impacts Draft Submission views and other processes that involve extensive backend processing before returning. * Workflows are being changed to be asynchronous to address these timeouts. Coordination with automated tooling users (e.g., Martin Thompson) is needed for API changes. * A temporary workaround for large draft submissions involves using the manual submission process or the Secretariat going around proxies. * **NomCom Eligibility Calculations**: Work is needed to ensure correct eligibility calculations for the upcoming July NomCom. Volunteers will be sought, with a fallback plan for the Secretariat to manually verify eligibility if the tool is not ready. * **DataTracker Bootstrap 5 Release**: * A DataTracker production release including Bootstrap 5 styling is planned for later this week or early next week. * Anticipating user surprise, additional heads-up communication to chairs and the `ietf@` list was recommended. * The top menu bar will change to a Bootstrap blue, but other colors will match the sandbox. * **Author Tools Release**: * A release is planned for this week, with future releases every fortnight (two weeks). * `go-sk2` was temporarily removed due to breaking changes and lack of developer support; a better installation method is sought. * The `cramdown` tool's update frequency was raised as a concern, as its rapid fixes mean users wait two weeks for updates. Automated deployment for Author Tools is a long-term goal to address this. * A plan for wider tool coverage is in development. * **XML RFC Tool**: A release with bug fixes is expected this week or next, with current development time focused on tools replacement. * **Web Analytics**: Adding Matomo to DataTracker is planned after the current set of disruptions. * **MySQL Tuning & ZDX Security Audit**: Initial simple recommendations for MySQL tuning will be implemented after server transition. ZDX security audit for web services and DataTracker is scheduled for mid-May to mid-June, pending server transition. * **RFC Editor Model Transition**: DataTracker support for the new model is expected around mid-May, following new server deployment and Bootstrap 5 integration. * **Production Server Transition (itfa -> itfn)**: * Glenn has a replacement server (`itfn`) up and running, and a process to keep it in sync with `itfa`. * Current estimates for downtime are 2-4 hours, impacting many services, most notably mail (mail will be queued by senders and re-transmitted, not lost). * The target date is Monday, April 25th (Pacific Time) to ensure availability of key personnel. * Wes suggested adding a temporary outsourced MX record to a third-party to guarantee mail queuing and delivery during the outage. * Cloudflare's caching behavior for logged-in DataTracker users means they wouldn't have cached pages served during downtime. * Broad communication about the disruption is planned for today or tomorrow. * The technical plan involves stopping `itfa` services, a final replication (rsync, estimated 2 hours for file system alone), promotion of `itfn` services (e.g., MySQL master), and bringing services online on `itfn`. Discussions are ongoing to potentially reduce the mail service downtime. ## Decisions and Action Items * **Decision**: Author Tools and BibXML service APIs will allow anonymous access by default. API keys will still be accepted for tracking purposes and potential future differentiated service, but not required. Rate limiting will be considered for anonymous queries to mitigate abuse. * **Decision**: Proceed with DataTracker production release including Bootstrap 5 styling this week or next. * **Decision**: Proceed with the production server transition (`itfa` to `itfn`) on **Monday, April 25th (Pacific Time)**, anticipating a 2-4 hour multi-service downtime. * **Action Item**: Robert (Chair) to coordinate with Martin Thompson regarding asynchronous workflow changes for the draft submission API. * **Action Item**: Robert (Chair) to coordinate with Greg for broad communication to chairs and `ietf@` regarding the DataTracker Bootstrap 5 release. * **Action Item**: Jay to put together a poll for workshops priority. * **Action Item**: Robert (Chair) to convey Wes's suggestion for a temporary outsourced MX record to Glenn for consideration during the server migration. * **Action Item**: Robert (Chair) to send the detailed server migration plan from Glenn to the `tools-discuss` mailing list. * **Action Item**: Jay to explore potential interest from Rich in the RPC Tools Project Manager role offline. ## Next Steps * Continue work on NomCom eligibility calculations to be ready for the July NomCom. * Complete the DataTracker Bootstrap 5 styling and release to production. * Execute the production server transition on April 25th. * Initiate the IETF Infrastructure Services Design Team work. * Collect volunteers for NomCom eligibility calculation work. * Continue fortnightly releases for Author Tools and address `cramdown` update frequency. * Release XML RFC tool with bug fixes. * Implement Matomo web analytics for the DataTracker. * Implement MySQL tuning recommendations following the server transition. * Conduct the ZDX security audit (scheduled mid-May to mid-June). * Implement RFC Editor Model transition changes in DataTracker around mid-May.