►
From YouTube: 2023 03 28 Jenkins Infra Meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
Let's
start
with
the
announcements,
the
weekly
release,
2.397
is
currently
being
packaged.
The
release
and
the
signing
of
the
war
went
perfectly
fine.
The
packages,
though,
were
in
were
in
failures.
We
are
currently
watching.
The
last
builds
where
to
fix
some
elements.
Some
issues
came
from
Puppet
management
changes
that
I
did
last
week
and
so
many
months
where
we
we
under-evaluated
the
amount
of
requests
of
Ip
in
a
subnet
that
we
are
using
a
new
instance
overall.
These
are
these
are
all
just
minor
hiccups
that
were
a
bit
stressful
for
us.
A
However,
everything
is
overall,
going
really
great.
The
new
release,
CI
controller
on
the
new
private
cluster,
is
behaving
as
expected,
with
agents
on
their
own
subnets
different
from
infras
AI.
So
we
are
on
a
very
nice
state.
That's
a
nice
job,
so
I
hope
we
should
be
able
to
finish
the
packages
after
that
meeting.
If
it's
not
already
finished
the,
when
I
started
the
zoom
call,
we
were
waiting
for
Microsoft
Windows
to
pull
another
Microsoft
Windows
Docker
image
and
detail
waiting
lists
10
to
20
minutes.
So
we
have
plenty
time.
Synchronizing.
A
A
I
haven't
checked
the
war
signature,
though
we
will
see
in
a
few
minutes.
C
The
war
signature
should
be
signature.
Okay,
the
war,
the
war
signing
is
still
using.
This
digicert
signing
certificate
right,
so
it'll.
A
Be
valid,
the
maven
is
a
fed,
both
the
gpg
key
and
the
git
search,
and
it's
using
both
I
see.
C
And
could
someone
launch
the
the
docker
container
build
process?
It's
far
enough
along
now,
or
maybe
it's
already
been
done.
A
A
A
A
Can
I
someone
to
help
me
on
the
notes?
Just
to
add
the
blog
post
instructions.
A
A
Okay,
so
that
new
gpg
key
is
that's
the
second
announcement.
We
have
a
new
gpg
key
valid
for
three
years
that
will
sign
the
new
Jenkins
release,
so
the
weekly
today
used
that
new
gpg
key
so
uses
it
and
the
next
LTS
next
week
we'll
use
the
new
the
new
key.
There
is
no
problem
for
for
you
to
import
that
new
key
already
today,
and
so
when
you
will
upgrade
to
the
new
weekly
oil
TS
line,
if
next
week,
that
will
automatically
pick
the
new
key
ID
there
is
a
blog
post.
A
A
A
E
A
One
two:
three:
okay,
let's
start
so
this
week.
Well,
where
are
we
able
to
achieve
thanks,
Alex
brandes
for
taking
care
of
Maintenance
request
about
the
Gradle
plugin?
A
A
The
summary
is
this:
plugin
was
using
dependency
and
remote
Maven
repository,
which
is
not
mirrored
inside
repo
Jenkins
CI,
that's
an
external
one!
So
since
we
put
everything
on
the
ACP
as
expected,
the
bill
failed
because
it
wasn't
able
to
get
that
dependency.
A
However,
if
I
understand
correctly,
you
earn
short
term
to
allow
the
contributors
to
cut
a
release
and
fix
their
builds.
You
added
an
exception
with
the
ID
they
use
on
the
perm
XML,
for
that
repository,
so
ACP
does
not
is
not
used
and
bypass
the
Builder
directly
eating
that
repository,
allowing
them
to
get
that
thing.
There
is
a
question
asked
on
the
mailing
lists
about,
should
we
add
that
external
repository
to
as
a
mirror
inside
g-frog,
so
we
should
remove
that
exception,
or
should
they
switch
to
it's
a
Jackson
API
dependencies?
A
So
should
they
switch
to
a
normal?
The
new
group
ID
artifact
ID
that
might
or
might
not
be
on
g-frog
I,
don't
know,
but
we
have
a
point
where
we
have
a
plugin
that
come
from
that
come
from
an
external
repository,
and
in
that
case
they
are
using
external
dependency
that
we
don't
control.
So
there
is
a
point
here.
We
should
follow
up
with
these
maintenance
to
avoid
any
external
repo.
A
A
We
were
able
to
close
the
apply
to
Docker
open
source
program.
Just
a
side
note,
I
still
sent
an
email
to
Docker,
because
Jenkins
are
in
front
Jenkins
forever.
Docker
organization
were
expected
to
already
be
on
part
of
that
program
since
one
year,
I'm,
not
sure
if
they
forgot-
or
there
was
a
misunderstanding.
A
We
closed
the
issue
because
Docker
went
back
and
finally
canceled
the
Precision
of
the
free
team,
which
these
two
organization
and
the
Legacy
Jenkins
CI
are
using
anyway.
I
will
just
push
on
Docker
to
see
if
they
can
move
this
to
organization
under
the
OSS,
because
for
us
in
terms
of
Security
Management,
that
will
allow
us
to
Grant
more
than
free
administrator,
and
that
should
also
avoid
rate
limiting
for
these
images,
which
is
quite
useful.
A
Those
two
organization
could
be
moved
to
Alternative.
The
good
thing
of
that
issue
is
that
we
raised
the
question.
Maybe
we
should
switch
the
images
to
a
GitHub
container
registry
or
another
one,
depending
on
the
main.
The
main
question
is:
what
kind
of
role
based
on
permission
do
we
want?
What
kind
of
airbag
pattern
do
we
want?
The
problem
of
Docker
web
organization
is
that
a
lot
of
we
don't
have
the
scope
of
each
repository
each
image.
We
cannot
separate
concern
while
we
can
on
GitHub
access.
A
A
Next
Issue,
updates,
Center
job
is
failing.
That
was
an
old
issue.
We
had
to
add
as
code
in
puppets
some
changes,
in
particular
the
fact
that
most
of
the
package
machine
has
some
untracked
dependencies,
for
instance,
blob
XFL,
which
is
a
command
line.
Tool
used
to
synchronize
plugins
score
release
from
that
machine
to
another
location
mirrors
at
least
that
tool
is
a
kind
of
AirSync,
but
for
Microsoft,
Azure,
blob
storage
and
that
tool,
even
though,
could
be
replaced
by
the
AZ
command
line
or
survey
upon
an
issue
for
that.
A
That
tool
is
still
required
by
the
mirrors
and
the
scripts.
So
we
add
to
move
this
as
code
to
avoid
byte
surprises.
Why
wasn't
it
as
code?
Because
it's
a
legacy
thing
that
was
done
manually
at
least
five
years
ago.
We
have
been
hit
by
this
one.
Please
note
that
by
fixing
this
I
created
issues
that
we
had
to
fix,
we
lost
the
authorized
key
on
that
machine
for
the
mirror
brain
user.
A
A
C
A
Make
sense
we
had
two
issues
closed
as
not
plan.
One
issue
was
a
wrong
issue.
Tracker
and
the
other
I
closed
it
because
after
one
week,
without
feeding
back
from
a
user
requesting
an
email
for
the
accounts
in
kinsayo,
no
answer
back
from
the
user,
no
email
so
I've
closed
the
issue.
A
I,
don't
I,
never
know
if
it
was
a
naved
on
the
team
to
eject
an
account
or
if
it's
someone
that
just
was
fed
up
and
stop
trying
to
create
an
account.
That
might
be
that,
if
that's
sorry
for
for
this,
but
that's
why
I'm
closing
the
issue
after
one
week
without
answer,
of
course,
if
the
user
reopen,
we
will
fix
the
issue.
A
Let's
switch
to
the
work
in
progress
that
which
this
week
was
yeah,
it's
pretty
intense,
first
new
gpg
key,
so
a
few
details
that
we
learned
along
the
way.
First
of
all,
we
must
use
an
area
RSA
key.
The
new
cryptographic
algorithm
that
we
use
for
the
first
stuntative
for
new
key
I
run
supported
on
the
Reddit
distributions.
A
C
B
A
A
So
that
new
key
has
been
added
next
to
the
existing
current
key,
that
expire
only
a
Thursday,
so
we
can,
we
can
switch
in
and
off.
We
had
updated
the
release
properties
process
that
went
with
the
new
key
thanks
Alex
thanks
Mark
Thanksgiving,
for
working
on
the
different
communication
channels.
We
might
have
forgotten
some,
but
more
communication
is
won't,
kill
here,
so
we
have
a
blog
post.
A
We
have
the
wall
package,
release
process
that
should
have
been
updated
for
the
weekly,
so
we
can
verify
if
the
new
HTML
static
files
are
okay.
There
is
a
there's
been
a
tweets.
We
announced
that
on
IRC
and
guitar.
It
has
been
also
a
nonsense
and
Community
Jenkins
and
also
pull
request
on
the
Jenkins
documentation.
So
we
have
a
lot
of
Communication
channel.
If
you
see
others,
don't
hesitate
thanks
survey
for
adding
on
status
as
well
a
notice
that
will
stay
one
or
two
week.
A
That's
also
a
good
idea
after
I
propose
that
we
send
an
email
to
the
developer,
mailing
list
and
infrastructure
today
after
the
weekly,
if
it's
okay
for
everyone,
I.
D
C
I
think
we
could
invite
Kevin
Kevin
Martins
to
do
that
because
Kevin
can
he
may
never
have
done
a
post
to
the
to
the
Jumbotron,
so
all
the
better.
This
sounds
like
a
great
opportunity
for
Kevin.
Sorry
to
use
the
word
opportunity
in
this
case
to
mean
volunteer
opportunity.
Yeah
exactly
Kevin
feels
voluntold.
That's
right!.
A
This
issue
will
be
closable
after
the
LTS
release
will
have
been
generated
with
the
new
gpg
key
and
after
we
will
have
edits
a
calendar
events
in
three
years
with
a
six
month.
Reminder
just
to
be
sure
that
we
don't
forget
it,
and
we
have
enough
time
to
make
the
announcement
in
the
future.
C
A
You,
let's
give
back
to
Caesar,
what's
what
is
owned
by
Caesar
I,
get
the
inspiration
from
data
dog,
documentation,
I've
added
the
link
on
the
issue,
because
they
have
a
very
well
explained
process
for
rotating
their
package
key
they
did
that
last
year
and
we
had
two
updates
and
I
found
their
instruction
pretty
clear
and
they
kept
both
keys.
Also
ashicorp
did
that
in
2020,
so
that's
makes
sense
when
we
rotate
key
to
have
shorter
time.
Three
years
is
quite
enough.
One
one
per
year
is
a
bit
of
pain
for
end
users.
A
So
is
there
something
else
about
the
gpg
key
so
that
one
moves
to
the
next
Milestone?
Obviously,
until
it's
close,
closable
Next
Issue
introduce
an
artification
proxy
for
CI
Jenkins
IO,
so
it
appear
that
we
had
issues
on
the
bomb
builds
in
soons
like
very
weird
cases,
since
we
removed
the
ec2
agent
on
decreased,
the
capacity
of
cig
and
Kim.
So
you
to
run
an
AWS
agents.
Most
of
the
workload,
particularly
the
bomb,
builds,
are
running
on
digital
ocean
only
on
digital
version.
A
These
agents
use
the
local
ACP
that
runs
inside
digitalocem
and,
as
we
understand,
almost
all
the
bomb
builds
using.
This
one
are
failing
with
the
word
error.
The
error
looked
client
sites,
but
we
cannot
be
100
sure.
As
per
airway
research
is
no.
No
error
were
seen
on
server
sites,
so
we
are
trying
to
reproduce
to
be
sure
that
it's
not
that
we
lost
the
role
or
the
body
were
terminating
or
something
happen.
A
A
A
A
Thanks
folks,
thanks
for
the
work
so
I'm
adding
that
issue
on
the
next
Milestone
as
usual,
next
issue
is
ADD
cluster,
a
new
cluster
private
Gates,
so
that
one
is
almost
closable.
If
I
understand
correctly,
because
today
we
validated
that
the
new
release
cigen
Kingston's,
that
was
migrated
Friday
from
the
Legacy
public
cluster
to
the
new
private
cluster
worked
quite
well.
B
A
And
then
so
that
one
should
be
crossable
during
the
next
Milestone
we
just
validated
that
it
work
as
expected,
there
isn't
any
other
service
to
be
migrated
on
the
private
cluster.
So
once
cleaned
up,
we
can
proceed
with
the
public
cluster
that
time
so
great
job
on
this
one,
that's
a
long
running
task.
So
finally,
we
get
there
any
question
things
I
could
have
forget.
A
A
A
So
the
last
miles
are
now
studying
the
possibility
to
use
irm
virtual
machine
on
Azure
because
we
are
using
since
one
and
a
half
this
kind
of
instances
in
directly
inside
ec2,
but
now
Azure
supports
that
since
December,
so
Stephanie
is
working
on
trying
to
build
new
images
that
might
need
a
bit
of
configuration
on
our
sites,
but
that
should
allow
us
to
stop
using
ec2
at
all
from
infrastia.
That
would
be
a
nice
thing.
A
Nope,
so
thanks
Stefan
for
that
work.
If
it's
okay
for
you,
we
should,
if
you
can
report
on
that
issue.
For
me,
it's
closable,
because
the
next
step
will
be
a
separated
issue
about
the
irm
part
that
the
server
will
issue.
A
So,
if
you're,
okay,
to
get
to
had
a
report
there
listing
what
kind
of
instances
did
we
removed,
so
we
should
be
able
to
close
that
issue,
because
the
initial
problem
is
good,
so
for
me
that
one
can
be
closed
and
there
isn't
any
work
and
your
mission
will
be
to
open
a
new
issue
about
diagram.
Migration,
of
course
looks
good.
A
A
Realign
repo
Jenkins
CI
ARG
mission-
summary
nothing
done
still
to
be
done.
The
expected
work
is
working
on
a
highly
available
end
up
which
I
wasn't
able
to
to
walk
on
I'm,
adding
it
to
next
milestone.
A
The
goal
is
to
manage
as
code
on
the
terraform
as
your
old
credentials
and
Associated
resources
that
CI
Jenkins
uses
for
its
agents
by
starting
to
walk
and
import
on
this
task
and
importing
I
nearly
broke
and
deleted.
Cigen
can
say
you
as
a
consequence
of
the
production
issue.
We
did
so
I'm.
Sorry,
for
that
I
should
be
more
careful
and
I
will
try
to
not
delete
Cigna
next
time
right
now,
cig
and
kinsayo
is
currently
in
incidents.
It's
not
able
to
spawn
virtual
machines,
so
we
should
fix
that
issue
today.
After
that
meeting.
A
One
point
this
one
is
spawning
virtual
machine
inside
an
Azure
subnets,
which
has
all
the
permission
and
working
as
expected.
That
subnet
is
not
tracked
on
terraform
as
well,
so
I
will
try
to
to
also
add
it
after
the
issue
is
fixed
on
the
production
is
back
so
moving
it
to
the
next
Milestone
as
usual,.
A
We
weren't
able
to
walk
about
the
agent.
Is
stability
raised
by
James
Nord.
However,
he
did
not
answer
so
I'm
prone
to.
A
Yeah
I'm
that
need
more
diagnostic,
given
the
Quran
State,
since
we
remove
the
EC
to
agents.
So
if
you
know
one
object,
I
will
move
it
to
next
Milestone,
with
the
with
no
answer
from
gems
and
no
time
to
diagnose
I
will
close,
because
it
wasn't
for
reproduced
any
objection
on
moving
it.
One
week,
time
for
us
to
carefully
check
with
the
currency
agent
inside
your
status.
A
E
A
Okay,
can
I
ask
you
to
report,
at
least
with
links
to
the
pull
request
and
or
issues
about
VPN
access,
because
that
was
required
for
Kevin
and
we
need
to
check
that
yellow
slab
either
already
has
access
to
the
private,
VPN
or
open
an
issue
for
that
one,
and
then
we
will
have
airbag
setup
to
do
on
release
CI,
but
the
VPN
party
was
treated
by
urv.
So
that's
why
I'm
asking
for
just
a
quick
report.
A
Any
question
or
things
I
forgot:
nope,
Next,
Step,
Grant,
limited
sorry
document
code,
signing
certificate
and
renew
designer
certificates,
so
the
status
is
yesterday.
We
received
an
email
from
fatty
from
the
CDF,
so
it
looks
like
that
the
the
certificate
is
being
renewed,
thanks
Mark
for
putting
the
unfazition
that
we
need
that
as
soon
as
possible.
I'm,
not
sure
if
we
will
have
the
new
certificate
before
the
30th
of
March.
However,
Fati
was
positive
that
we
should
be
able
to
do
it
before
next
LTS.
A
Ideally,
if
it
we
can
have
it
for
the
next
week.
That
should
be
perfect
for
reminder.
The
impacts
will
be
on
people
using
the
jenkins.msi
installer
on
Windows
starting
Friday
31
of
March.
They
will
see
error
about
the
fact
that
its
installer
is
not
signed
by
Microsoft
or
bios
trusty
developer
and
the
people
who
are
checking
the
war
file,
not
only
it,
has
to
be
checked
through
gpg,
gpg
key
for
checking
the
metadatas,
but
also
it's
signed
by
that
trusted
certificate.
A
A
E
A
A
That
okay,
so
we
might
have
minor
changes.
Yeah
cherry
pick
just
to
note
about
Compuware
and
BMC
plugin
removal,
so
BMC
did
what
they
had
to
do
with
the
GitHub
trust
safety.
Github
confirmed
yesterday
relates
that
it's
okay.
Finally,
so
Danielle
thanks
Danielle
took
back
all
the
plugins
is
putting
back
the
plugin
to
distribution,
no
action
expected
for
us
folks,
but
let's
keep
an
eye
just
in
case
if
something
is
going
wrong,
but
the
update
Center
is
working
as
expected.
So
let's
continue
putting
the
infrastructure
in
good
shape.
A
Last
we
created
an
issue
about
migrating
from
service
principle
to
workload:
identity,
our
Jenkins
controller
in
Azure,
so
they
should
not
require
any
credential
that
one
is
in
in
the
backlog.
I
don't
expect
to
be
able
to
walk
on
its
next
Milestone,
so
I'm
just
putting
it
away.
A
So
it's
a
four
so
that
service
we
use,
I,
think
it's
lettuce
on
one
of
the
OSU
SL
sponsor
virtual
machine
where
a
Confluence
was
running
before
it
went
to
the
Linux,
Foundation
hosting
and
then
was
stopped
at
all
and
that
on
that
machine,
it's
idamami,
sorry
and
that
machine
was
also
hosting
the
former
meeting
notes
and
that
bot
Robo
Butler
was
used
on
IRC
for
both
the
board
and
infra
meetings
like
the
one
today
and
they
were
using
the
bot
to
take
care.
A
We
had
an
issue
of
a
few
months
ago
that
we
don't
know
why
and
how,
but
the
meeting
notes
and
the
content
of
the
dock
route
of
that
Apache
was
deleted
a
few
weeks
month
ago.
So
everything
was
retrieved
and
put
on
a
GitHub
page
and
the
board
is
managing
now
their
own
nodes.
So
now
that
we
don't
use
that
the
DNS
was
changed
to
be
the
page,
so
there
is
nothing
pointing
to
that
machine
anymore
and
the
Apache
server
has
been
shut
down.
A
So
the
goal
now
is
to
remove
all
the
resources
on
puppets
and
also
on
the
virtual
machine
and
GitHub.
So
we
can
Sunset
that
service
definitively,
that
one
should
be
quick.
I
tried
an
exhaustive
list,
so
yeah
I'm
I'm
volunteering,
but
if
anyone
want
to
help
or
participate
on
that,
don't
hesitate.
Add
yourself
as
I,
sign
in
and
specify
on
a
comment.
What
do
you
want
to
work
on
on
that
list
of
elements.
A
A
My
GitHub
is
absolutely
Frozen:
okay,
better
at
the
upgrade
campaign,
so
I'm
adding
this
to
the
next
Milestone.
We
need
to
work
on
that
now.
That's
our
next
priority!
A
Every
already
did
the
EV
Lifting
for
the
packer
images.
So
this
week
later,
we
will
release
first,
a
new
minor
version
of
the
Packer
templates
that
will
features
Maven
3.9.1
instead
of
3.9.0
and
ones.
Who
will
have
deployed
that
version.
The
goal
will
be
to
switch
the
Packer
image
base
from
Ubuntu
20
to
Ubuntu
22.
That's
the
first
step
Stefan.
A
A
We
might
have
some
differences
for
The
Trusted
agent,
though,
but
I'm
not
really
stressed
out
by
that
one,
because
most
of
the
tooling
is
not
python
or
whatever,
where
tooling
is
only
GDK
and
we
use
Tamarind.
So
that
should
be
quite
easy.
That
will
be
the
next
step
and
for
Irvin
I
there
will
be
a
few
Docker
images
using
Ubuntu
19
that
are,
for
instance,
the
VPN
is
one
of
them
foreign,
the
biggest
one
will
be
the
docker
packaging
that
one
is
already
on
Ubuntu
222,
but
the
PKG
virtual
machine.
A
You
know
the
one
that
is
always
causing
us
trouble.
The
proposal
we
discussed
last
week
on
that
meeting.
C
A
A
So
for
this
one
we
cannot
upgrade
from
18
to
20.
That
will
break
the
release
process.
We
need
absolutely
to
upgrade
to
22.
by
doing
that,
that
will
break
all
the
python
and
also
all
the
Debian
repositories
things
that's
why
if
we
can
switch
the
release
process
script
from
whatever
they
do
today
to
running
on
a
Docker
run,
Jenkins
CI,
infra
Packaging.
A
A
That's
my
proposal.
It's
not
mandatory!
If
you
have
control
proposal
or
other
ideas
or
don't
hesitate,.