►
From YouTube: 2021 03 16 Jenkins Infra Meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Gonna
record
recording
has
started
hi
everybody
welcome
for
this
new
jenkinson
from
eating.
We
have
really.
I
mean
we
have
a
few
topics
that
we
want
that
we
that
will
cover
during
during
this
infrastructure
meeting.
So
the
first
one
is
damien
solve
the
ldap
issues
we
had
for
a
while
just
to
bring
the
context
we
are.
We
are
using
multiple
jenkins
instances
in
the
jenkins
project
and
few
of
them.
A
Each
time
we
tried
to
login,
we
got
a
timeout
issues
after
20
seconds,
our
authentication
was
rejected
and
the
thing
is,
the
configuration
was
apparently
not
almost
the
same
than
on
ci,
the
tanki
that
I
o,
but
the
problems
I
mean
appeared
like
two
weeks
ago
and
damien
did
spend
quite
a
lot
of
time
investigating
to
try
to
understand
what
was
wrong
there.
So
maybe
they
mean
you
can
just
explain
a
little
bit
more.
B
Yes,
so,
based
on
some
feedback
from
tim
first,
in
fact
it's
been
month,
is
that
the
issue
was
happening
some
time
to
time,
but
it
started
happening
more
and
more
recently,
so
the
we
tried
different
different
areas
that
are
all
written
on
the
us
associated
issue.
So
the
conclusion
were
we
had
to
use
this
exactly
the
same.
Jim's
cast
configuration
as
what
we
have
on
cigo,
which
currently
work
and
in
fact
we
had
to
specify
some
search
base.
B
B
B
It's
a
bit
slower
on
gdec
11,
though
than
on
jdk8,
and
it
looks
like
there
are
still
some
open
issue
on
the
ldap
plugin
with
gdkr11,
where
some
class
on
the
class
loader
are
not
there,
so
it
trig
it.
It
writes
some
warnings
on
the
log,
but
it's
just
it's
eight.
It's
11,
it's
10
seconds
more
for
the
initial
request
and
then
no
difference,
but
it's
a
bit
slower
in
gdk
11
for
the
initial
request.
A
And
one
of
the
things
that
we
noticed
was
the
the
member
attribute
in
the
group
was
not
indexed,
so
we
also
saw
many
errors,
so
this
is
something
that
we
could
easily
add
to
the
ldap
container.
I
mean
that's
one
line
configuration.
The
only
thing
is
the
first
time
that
we
index
that
new
member
attributes.
It
will
take
like
20
minutes,
so
the
ldap
would
be
done
for
20-20
minutes
damien.
Do
you
think
that
we
still
have
to
do
that
or.
B
No,
it's
not.
It
should
be
okay,
even
though
it
could
be
good
for
the
agent
of
the
request
to
have
the
index
disattributes,
because
we
have
a
lot
of
requests
coming
from
ci
release
on
infrasie.
B
So
this
is
this
was
a
tip
from
from
from
our
daniel
beck,
and
it
looked
also
a
good
idea
in
the
sense
that,
even
if
the
instance
is
behind
the
vpn,
an
authenticated
access
should
be
prohibited
because
it
has
access
to
all
the
infrastructure.
B
The
the
let's
say,
the
threat
for
this
case
would
be
when
a
process
run
somewhere
in
the
cluster
or
when
one
of
the
agents
of
infrastructures
are
executing
a
process,
malicious
process
that
already
has
access
to
the
internal
network
of
kubernetes.
B
A
B
A
B
B
So
compared
to
what
you
said
so
with
this,
it
looks
like
that
infrastr
is
able
to
work
again.
So
I
encourage
you,
everyone
who
have
access
to
test
it
and
tomorrow
I
will
wait
24
hours.
If
everything
is
going
right
on
infrasi.
With
this
new
setup,
I
will
propagate
the
setup
to
the
release
dot
ci
instance
as
well.
A
So
re
specifically
for
the
release,
so
the
release
was
not
affected
in
the
fight
that
is
still
working.
So
normally
a
weekly
release
would
have
been
published
now
so
would
be
nice
to
double
check
that,
because,
if
we
don't
have
I
mean
if
something
happen
there,
we
may
have
to
to
temporarily
put
that
the
configuration
to
the
release
environment
as
well.
C
B
A
B
F
F
A
A
Technically
for
daniel
it
should
be
for
alex.
It
should
be
fine,
okay,
because
I
guess
he's
still
in
the
right
group,
but
yeah
different
yeah.
A
No,
I
I
I
wouldn't.
I
wouldn't
worry,
because
anyway,
really
little
people,
I
mean
a
really
few.
People
have
access
to
strategi.
So
for
those
for
the
people
who
have
access
to
the
choice,
we
could
easily
grant
them
access
to
release
the
ti,
maybe
not
maybe
not.
Maybe
they
won't
be
able
to
trigger
build
a
job,
but
at
least
they
should
be
able
to
watch
the
results.
A
Right
is
that
all
on
the
ldap
topic,
yep
thanks.
Let's
move
to
another
topic,
so
the
next
one
that
I
want
to
bring
is
the
captain
oops.
So
this
is
a
small
project
that
carrots
have
been
working
on.
We
haven't
deployed
yet
so
we
haven't
tested
it
yet
at
the
moment,
but
yeah
the
bear
is
spending.
Maybe
garrett.
You
want
to
explain
a
little
bit.
E
Yeah
sure
so
it
came
out
of
the
contributor
sunlight
on
the
cloud
native
track
with
one
of
the
frustrations
of
running
jenkins
in
a
balm
or
a
docker
environment.
Was
that
when
it's
restarted,
you
tend
to
lose
web
books
and
if
you're
trying
to
continuously
continuously
deliver
jenkins,
it's
restarted
quite
a
bit,
especially
if
you're,
using
the
process
of
building
the
plugins
into
the
docker
image
and
doing
it
that
way.
E
So
the
idea
is
just.
This
was
a
simple
sort
of
a
very
much
lightweight
web
handler
that
could
store
and
forward
webhook
events
and
get
up
to
jenkins
or
in
in
theory,
many
things
jenkins.
So
I
can
paste
the
link
to
the
actual
repo
in
here.
It
seems
to
be
working
quite
nicely.
I
have
it
on
a
test
cluster
and
hooks
are
being
stored
forward.
I
can
take
jenkins
down
for
a
period
of
time
and
then,
when
it
comes
back
up,
they
they
will
nicely
recover.
E
It
adds
the
hooks
in
as
a
crd,
so
you
can
debug.
What's
going
on
by
doing
qctl
get
hooks
and
you'll
you'll
see
a
list
of
all
the
hooks
that
are
there
and
the
status
of
them,
and
you
could
add
something
to
force
a
retrigger
of
a
particular
one,
or
at
least
you'll
see
the
error
message
about
a
hook
is
being
rejected
or
not,
I
think
that's
about
it.
E
It
probably
is
ready
to
go
into
infra,
at
least
for
a
bit
of
testing,
because
we
can
test
on
a
on
a
subset
of
repositories.
E
E
A
So,
regarding
having
a
different
ingress,
I
think
we
definitely
need
a
different
ingress.
Adding
a
new
dns
name
is
pretty
easy,
so
maybe
you
can
just
take
like
30
minutes
and
do
that
together
we
just
have
to
decide.
F
E
So
you
could
either
configure
it.
I
would
probably
recommend
configuring
it
on
a
repo
by
repo
basis,
initially
to
so
ones
that
we,
let's
start
off
with
some
repositories
that
aren't
particularly
important
just
to
see
that
they
are
going
across,
because
if
it
starts
to
fail,
we
don't
want
to
break
too
much
so
update
those
manually.
Apparently
there
is
a
process
in,
I
think
the
have
branch
source
plugin
or
one
of
the
plugins,
where
you
can
specify
a
different
workflow
endpoint
and
tell
it
to
update
everything.
E
B
So
the
way
we
are
doing
it
on
most
of
the
jobs
is
using
a
github
organization
in
the
case
of
the
github
organization,
I
don't
know
for
multibranch,
but
in
the
case
of
giteborg,
either
you're
using
a
old
token
or
a
github
app.
In
both
cases,
the
github
organization
has
authentication
and
the
rights
to
create
the
web
books
by
default.
B
You
try
to
create
it
at
the
organization
level,
which
means
you
don't
see
your
web
book
per
repository
by
default
and
it
is
a
organization
level
web
book
that
say
each
time
there
is
a
repository
in
that
or
that
has
a
new
request.
Whatever
event
you
select,
then
it
will
send
so
the
configuration
is
centralized.
B
I
know
for
a
fact
that
the
multi
branch
web
books
should
create
automatically
web
books.
If
you
define
the
github
source,
but
in
reality
that's
a
really
a
pain
and
I'm
not
really
sure
if
it's
working
as
for
today,
it
wasn't
past
year
during
all
the
year,
it
was
not
working
on
the
lts.
So
this
is
something
to
be
checked.
That's
a
good
point
you're
doing
mark
because
it's
really
a
pain
to
manually
check
the
way
books.
B
D
A
How
does
that
works?
When
you
have
so
you,
so
you?
Basically
you
receive
two
different
web
hooks.
You
have
the
classic
one
that
arrive
right
now
and
then
we
would
have
the
second
one
that
just
handled
when
jenkins
is
down
like
a
cache
or
it's
something.
That's.
A
E
That's
if
we
have
the
organizational
level
hooks
installed.
Thank
you.
Thank
you.
Yeah
I
mean
I
I
don't
know
we
have
no
access
at
the
organizational
level
to
see
or
debug
whether
or
not
that
is
even
happening.
My
thinking
is
that
it's
not
happening
because,
because
there's
none
of
the
repos
are
getting
web
block
events
anyway,
unless
you
you
actually
go
in
and
manually
define
on
a
per
repair
basis,.
E
Be
because
this
is
a
difference
in
the
credential
type,
this
there's
something
there's
something
to
do
with
that,
like
the
bit
that
updates
the
web
hook,
but
the
organizational
level
can
only
handle
a
particular
credential
type
and
we're
using
a
different
one.
C
B
Okay,
I
took
the
we
had
to
configure
a
github
server
on
the
main
menu
jenkins
page,
one
time
linked
to
the
github
server
and
then,
when
you
create
a
multi-branch
github
source,
in
fact
internally,
it
tells
the
jenkins
administration
to
declare
the
webs
through
this
kind
of
internal
proxy.
So
it
was
not
directly
the
multi
branch
in
itself.
As
far
as
I
remember.
B
But
yeah
we
have
to
check
all
the
cases,
because
there
are
a
lot
of
cases
depending
on
kind
of
jobs.
This
one
is
really
tricky
and
what
happened
if
that
to
answer
your
question,
olivier,
if
you
have
a
way
books
that
come
from
captain
hook
and
another
it
will
trigger
two
scans
on
each
repository,
changed
and
jenkins
will
determine
that.
There
is
no
build
to
run
again,
because
if
the
first
one
trigger
a
build
on
a
given
commit,
then
the
second
scan
will
say
nothing
to
do
so.
F
A
Thanks
right,
so
I
guess
you
are
good
on
the
captain.
A
The
next
one
is
brief,
so
marx
and
published
a
blog
post
about
the
update
center
certificate
rotation,
so
the
initial
date
was
proposed
to
do
it
on
next
week
on
the
22,
but
because
of
the
time
we
took
to
find
the
last
blog
post
we'll
do
that
on
the
29th
generating
the
new
certificate
is
pretty
simple:
we
just
have
to
modify
trust.ci
with
a
new
certificate,
so
the
next
time
the
update
center
to
narrate
its
data.
It's
used
the
correct
certificate.
A
Again,
it
won't
affect.
I
mean
it,
won't
affect
user,
who
have
been
updating
that
jenkins
instance
for
the
past
two
years.
So
I
mean
that
should
be
fine
but
yeah
that
that
remained
a
pretty
big
change
anyway.
A
Next
topic,
which
is
about
on
duty,
experience,
improvements,
so
mark
you
had
a
session
with
garrett
and
mark
two
days
ago.
I
think
about
data
docking
pagerduty.
Do
you
want
to
share
that
here?
Yeah
just.
F
So
I
had
received
an
alert
on
a
weird
response
time
and
so
with
damien
and
with
gareth
we
went
through
talked
about
it
and
thought.
Okay.
What
we
probably
ought
to
consider
is
rather
than
monitoring
on
http
response
time
long
term.
Let's
shift
our
monitoring
to
something
higher
level,
something
closer
to
the
user,
because
the
short
term
http
response
time
wasn't
actually
an
indication
of
of
a
user
problem.
A
A
The
challenge
that
we
have
here
is
so
we
are
using
data
to
monitor,
to
monitor
the
http,
endpoints
and
historically
we're
just
monitoring
each
endpoint
from
one
machine
from
the
puppet
master,
so
that
machine
was
configured
to
ping,
the
main
website,
plugin
site
and
so
on
several
weeks
ago.
A
What
we
did
is
we
also
configured
the
datadog
agent
running
on
on
our
probabilities
cluster
to
ping
those
endpoints,
which
means
that
now,
instead
of
just
being
just
checking
if
the
service
we're
up
from
one
location,
we
are
doing
that
from
that
location,
but
also
from
the
communities
cluster
and
at
the
same
time
we
are
also
using
data
doc.
Synthetic
in
that
case,
that's
data
that
will
provide
the
monitoring
agent
and
check
from
I
think
from
germany.
A
But
the
challenge
that
we
have
here
is
because
we
are
checking
if
one
hand
point
is
available
or
not
from
one
location
typically
website
located
in
the
us
are
pretty
responsive.
Usually
they
are
the
under
the
request
below
once
again,
but
at
the
same
time,
services
that
are
like
closer
to
china,
like
miracles
in
china,
they
usually
take
three
seconds
from
the
u.s
to
answer
them
the
loads.
A
To
answer
the
request,
sorry
and
so
yeah
that
threshold
can
be
tricky
to
put
in
place
depending
on
how
close
the
monitoring
agent
is
from
the
service
and
so
yeah.
That's
that's.
Definitely.
B
Don't
forget
it's
not
the
thresholds
that
we
are
looking
for.
This
is
what
the
slo
defined.
So
we
should
not
change.
The
threshold
is
a
ver
is
the
vertical
measure
on
the
graph.
It
is
really
easy.
Well,
what
we
want
with
the
seo
is
to
say:
if
these
peaks
happen
too
often
so
on
different
props,
then
it
means
that
it
impact
the
user
and
then
in
that
case
it
should
awake
or
raise
an
alert
and
awake
someone.
A
So
yeah
and
last
topic,
which
is
infra
buchet
update
from
a
lake
that
you
want
to
bring
that
topic
here,
is
there
anything
new
that
all
right
just.
C
A
quick
update,
but
good
news,
so
cdf
board
has
debuted
the
2021
budget.
They
confirmed
that
we
compress
it
with
their
budget
from
2020.,
so
what
it
means
that
we
still
have
10k
a
year
for
asian
sponsorship,
plus
some
additional
expenses.
If
we
need
there
is
a
disclaimer
that
they
might
reach
out
and
to
see
changes.
If
there
are
more
projects
joining
the
continuous
delivery
foundation
and
the
big
one
can
infrastructure
budget.
But
for
now
we
should
be
fine
and
from
what
I've
seen
in
the
asia
console,
we
are
well
below
the
limit.
A
A
Right,
yeah,
that's
perfect!
That's
a
really
good
news,
because
that
means
that
we
wouldn't
have
to
pay
too
much
attention
on
I
mean
last
last
last
year
we
spent
quite
a
lot
of
time
reducing
the
costs
and
yeah
that
that's
really
nice,
that
we
can
work
on
other
things,
yeah
yeah
of.
A
A
That's
great
anyway,
our
objective
is
always
to
be
less
to
less
rely
on
sponsoring,
so
we
can
have
unless
we
less,
we
have
to
pay
for
better.
It
is
because,
if
we
don't
have
I
mean,
if
you
don't
have
pressure
to
reduce
the
cost,
if
we
have
yeah,
if
we
don't
have
strong
pressure
to
reduce
the
cost,
that
means
that
we
can
plan
more
in
advance.
So
but
that's
definitely
great
news.
C
We
can
add
more
services
if
needed,
for
example,
spending
proposal
about
security
scans,
which
may
require
some
more
tools
on
our
infrastructure.
There
is
also
a
plugin
delivery
pipeline,
which
is
definitely
expected
to
happen
on
our
infrastructure,
and
since
we
have
some
budget
now
we
can
use
so
here
we
can
find
these
efforts.
A
A
Thanks
thanks
everybody
thanks
for
your
time,
we
have
two
minutes
left
before
the
end
of
the
meeting.
So
if
you
want
to
bring
a
last
pick,
that's
a
nice
moment.
I
need.
B
Help
on
the
budget
part
to
evaluate
how
much
we
should
ask
for
scale
way,
taking
an
account
that,
given
the
last
mail,
I'm
not
sure
they
will
give
things
for
free.
It
looks
like
they
are
gonna
give
us
a
reduction
in.
F
B
A
C
If
scalaway
is
just
a
discount,
it's
unlikely
that
we
would
press
it
there
when
there
is
opportunity
to
get
basically
credits
from
other
providers.
B
Is
basically
a
french
hosting
provider
right?
Yes,
austria
and
holland
as
well.
C
B
F
Good,
that's
roughly
roughly
akin
to
what
we've
seen
with
oracle
is
oracle's
offered
us
a
discount
same
same
thing,
so
it's
worth
considering
they've
also
donated
1
500
to
the
project
outright.
But
1500
in
terms
of
our
infrastructure
cost
is
a
tiny
amount
right.
We
we
have
10
000
a
month
that
we're
spending
at
azure,
and
I
would
guess
comparable
to
that
from
aws
right
now.
Right
so
so,
we've
got,
we've
got
significant
expenses,
but
it's
it's
worth
at
least
evaluating.
Continue
the
question.
F
A
So
so,
right,
right
now
we
are
spending
around.
I
mean
close
to
20
to
20k
per
month
the
jenkins
infrared
project
as
a
represent
half
of
the
cost.
The
thing
is
it
it's
I
mean
it
take
time
to
put
in
place
a
billing
process.
So
if
we
just
have
a
discount
that's
annoying
because
then
it
means
that
we
have
to
work
with
the
linux
foundation.
A
To
I
mean
to
have
to
have
invoices
and
stuff
like
that,
and
so,
if
we
have
to
go
with
the
invoice,
I'm
sorry
with
with
a
discount
which
is
something
possible,
but
then
we
have
to
be
sure
that
it
holds
wild.
So
let's
say
we
I
mean
if
it.
If
the
benefit
is
just
to
have
a
discount
for
one
year,
it's
probably
not
worthwhile
to
to
spend
the
time
there,
but
otherwise
yeah
it.
A
May
it
may
be
useful
to
have
a
discount
as
well,
but
I
think
we'll
have
a
better
vision
once
when
so
demon
once
you're
done
with
the
amazon
cluster.
So
once
this
is
working
and
we
can
use
it
on
the
ci
to
take
the
layout,
it
will
already
be
easier
to
identify.
However,
how
much.
B
B
The
this
is
the
block
storage
mounted
for
persistence
between
machines,
given
that
the
goal
of
these
clusters
is
only
to
bring
up
ephemeral
agents
and
switching
to
machines
that
have
nvme
local
drives
instead,
which
aws
provides
which
scaleway
provides
on
gcp
as
well,
because
you
don't
have
to
pay
for
the
ebs.
So
what
is
the
added
cost
of
the
nvme?
Machines
is
gain
on
the
ebs
roughly
per
month.
B
A
Thanks,
I
just
have
one
last
topic
that
I
just
want
to
bring.
I
don't
think
I
mentioned
it,
but
so
I
worked
on
kick
lock
over
the
past
week
to
update
it,
and
I
would
need
some
help
from
someone
with
java
experience,
because
one
of
the
limits
that
we
had
to
replace
kick
lock
to
replace
the
account
app
by
key
cloak
was
the
rules
that
we
put
in
place
for
the
username.
I
mean
during
the
registration
process
and
kicklock
allow
us
to
override
the
class
that
define
the
registration
process.
A
So
we
could
inject
just
some
piece
of
code
from
the
icons
up
into
key
clock,
so
we
would
be
able
to
finalize
the
migration
from
account
up
to
quick
load.
So
I
put
the
documentation
here.
I
won't.
I
won't
spend
too
much
time
here.
So
I
put
the
documentation
here
but
yeah.
If
someone
is
willing
to
give
me
an
app
here
just
to
identify
how
much
esport
is
needed
to
do
that,
I
would
be
more
than
happy
so
basically,
the
two.
A
The
two
last
element
that
are
missing
to
officially
use
kit
lock
is
first
for
danielle
the
account
app
automatically
inject
user
in
jira,
which
is
not
done
by
default
because
of
the
way
the
ldap
plug-in
with
the
adapt
connector
work
on
jira.
A
And
the
second
thing
is
the
icon
app
ensure
that
we
don't
use
specific
names
like
admins
and
stuff
like
that,
the
username,
and
so
this
is
also
something
that
need
to
be
that
need
to
be
put
that
need
to
be
added
for
the
yeah
for
keychart,
but
yeah.
A
That's
it
for
me,
I
propose
to
finish
meeting.
We
are
a
little
bit
over
the
time.
So
thanks
everybody
for
staying
until
now
and
see
you
bye.