Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Jenkins / Infrastructure Project / 7 Apr 2020
Jenkins / Infrastructure Project / 7 Apr 2020
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: INFRA Weekly Meeting 2020 04 07

Description

Jenkins Infrastructure Project Meeting - 2020-01-07

Notes - http://bit.ly/2T0oZ9v

A

Cords hi everybody welcome for this new. Taking you for a meeting. We have few things that you have to discuss on today's the first one that I want to announce is that, firstly, we would sponsor the Jenkins projects, so they will give us $1,000 credit per month that we can use. So the good thing is that we can use it for old website. I changes that I you plug in such changes that I you documentation site and so on.

A

What I initially wanted to use it also for the mirrors I, don't think we will have enough credit to do that, so as a first iteration I just proposed to to work with the people I'm holding with the same things that I yield in order to enable the skin for that, and then we just add more more more websites more website, one by one but yeah, so basically the sponsoring this city or for at least one year, and then it would be automatically renew the only thing right now is so I gotta prove program.

A

Do anything else. We still have to find other courage vastly accounts, because apparently, in my consciousness, I don't have the credit in micron, but did something I'm I'm trying to solve this past news report, but yeah. That's I'm really happy to share this. So if you are involved in you want to participate, I can also add you to the to the first account. So you can also have I mean I, have access to be dashboard up configuring that Stefan's on.

A

So that's regarding fasting I, don't know if it's me, but it's time, I move to automated release at the end of the meeting, so I can keep you busy and complete during the meeting with someone to sentiment with at the second level. So we just put this in our.

A

Instead, question regarding past me and using a CDN I hope that all know how it works so yeah. Basically it just means that to do that's creating a PDF of the websites on servers closer to work if your people are located, so it's drastic increase the speed of the of the service, and so we don't have to replicate the sim. So it will be really interesting, I think for people in Asia, as they are quite far from drinking that idea website, but in the end it would benefit everybody.

A

So that's a great move. So the next topic that I wanted to discuss was- and it's kind of also related to the automated release. But it's who has access to the turbine disk master. So right now, in order to deploy a new application, you have to go to Jenkins across our charts. Just I mean everything is explained there, but you define using ham file the application that you want to have running on the kubernetes cluster and everything is going there. 2002 that was I was young.

A

I was the only one being able to encrypt certain commands. I was only one to be able to, let say the eater parts we start a container or whatever, if something more on, what's happening, and so basically I decided to add two new people, Jim jockle a lot with the communities clusters in several months now and I also asked Marty Jackson to participate.

A

So the idea is to review how the configuration of the cluster and and I mean make suggestions about how we can improve the process and how we can make it more secure, so yeah the main, the main unchanged there. So, if you see anything interesting, if you have any suggestion would be to ask.

A

Thanks thanks for your help here, what I was also working on the communities. Access also did some work on Azure, so I also granted access to marketing and and teamjacob on the azure access right now, it's mainly as your function for Team Jacob and ribbon instance, project for team and and Marquis so I put in place a process that we can add more people depending on the service. I will just try to keep the number as low as possible.

A

So if you really need to have access to their accounts, I'm real glad to give you on, depending which kind of access to ask and then once you don't need those access. I really invite you to mention that and circle. You don't need it, so we can take say, for example, disable your user account. So you just reuse the risk of having someone accessing the accounts, but meanwhile I did some work on having more people on their accounts, while I'm talking about the other account the result.

A

So that's open e, but we are having some issues with the Amazon account provided by third piece, because the sponsoring was approved by Amazon was for some reason assigned to other attribute accounts, so we are currently investigating and why why Dickens wider the credits I mean why the krint was used by other services, the other accounts and will soon find a solution, but yeah this we bring this really I'll I defy that we need to move to the Amazon account to the CDF, as it will simplify the management of it, and it will be clear what it's, what it's the change in process and what this means in this case, but yeah.

A

We thought that it would be easier and quicker to do it work this way, but we may maybe we blue or wrong, but this thing that we have to to salt now any any question until now, so I will just continue so otherwise ask you, as you saw under our see the main activity has been working on the change in score, automated release, we made a lot of progress and you are quite close to the final solution.

A

So just a quick overview of what we did so regarding the release process, so we releasing Jenkins, not packaging but releasing Jenkins. We had additional steps to really visualize which certificate we are using to sign to a file. So now, if you have access to the release yeah the changes value, so you have access to the service.

A

As long as you are in the VPN we can, you can check, you can double check, that we are signing when's, the red certificates and the right and- and the next part is working in the packaging part, and in this case we are so as reminder. We are packaging right now for Debian RedHat opens use and in Windows, and so the idea is to build the package to sign the package in to publish the package. The main worth now is first, but it did that we are publishing the package in the right location.

A

So for that we deployed and a virtual machine a copy of of package or Jenkins value, and we are publishing packages there, checking that they are correctly sign. They contain the right file and so on. We are almost against I. Think the last time I checked. We, the an issue, was with the Windows packages, but something that will be fixed.

A

Otherwise, the main other area were mainly Markus working on is to test test the release process. So we have different thing that we can test here. We can test that we can correctly build packages for that I have the combos and I have few scripts that I have to put in a Jenkins 5. So the idea is to be sure that you can test on the different packages. We can sign them with dump certificates and dump tgp.

A

The next step is to test that we can also install the generated packages in different distribution. So for that mark, open, a pure and so basically was able to test for the gentleman to it wasn't possible to test for centralized, because by default set, does not allow you to run sit empty container. Am I right March your muted marking, you.

B

Are correct but I took the added step of putting an install test for for CentOS and for openSUSE without a test for services, so they it can do the install without system D, and it can then use the RPM verify tools to check the thing so that piece we're doing we. It still can't check that the services start and stop because Santos docker images and openSUSE docker images don't by default, provide system deep, ok,.

A

So one is not a blocker to go to go live with the release process is something that will greatly stabilize on magnification for next iteration, but yeah. That's that's blocker for now, but if you have some time to review those pair, we'll put something in the documents after a meeting, if you have some time to review- and you want to help on those and see how we can automate those tests in either CI arteries environments, but also either inside objective, that you are this environment or somewhere else, which makes more sense, maybe yeah.

A

That's that's what I want to say. So on my side, the next step will be to document in things like what. If what it looks like I mean what are the different steps to release, but you can you which, where you're supposed to go, which put on your supporter Katyn?

A

What only thing that you have to verify in order to be sure that everything is working well, so, once the documentation is written, we should be able to really update the different credentials in order to be live so just to be clear, heard different credentials that we said to not put to still use temporary credentials or the SSH key used to upload packages to package it in the value. So the current state. We want to be sure that we don't accidentally push our testing packages to the real production server.

A

We also have to define to specify the mavin repository that we are going to use for the release, and so but people just have to grab a clinician to the current user that we configure for the release.

A

So so, as I said, to upload files.

A

The mavin repository and I think it's pretty old. Maybe we'll do some settings but something that need to be highlights in the documentation. Is there any question so far until now, so I can continue. So one of the things that I've been asked that I asked to Marquis was to will you have someone else who did not work on this time? Who did not work out on this part to have some external eyes? And so we can just try to see if everything seems to be fine.

A

Secure enough and so marki now should have when he has sometimes will have all, should have all the permission to hold it the relief environment and to make suggestions. So we won't go live as long as we don't have green lights and yeah. We were in the process to have as many with you as possible, but we are getting closer I.

C

Will be setting up an audit documentation, an audit spreadsheet that I'll be performing the audit and I'll share it with I'll share it with you and then you can decide who else should actually see that audit I do think it'll be good that once we do a cluster audit, we publish it sort of say you know what we found this transparent, but I'm gonna leave that up to you so.

A

Basically to me, the rules will just be like for the document that we set up to take notes. So whoever is interested to participate can read the document, but as long as we don't go, live.

A

And that's that's pretty old! For me! That's yeah! That's that's all for the drinking's course to meet a really spread process. Do you have any other topic that who you want to bring? Are you want to discuss.

A

I mean if you're all good, then I think we can close the meeting earlier so one time to time. Thank for your time and see you on our sea.