►
From YouTube: 2022 06 28 Jenkins Infra Meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
B
A
Okay
cool,
so
let's
go
to
the
task
that
we
have
closed
during
past
week.
First
of
all,
as
your
service
principal
expired
for
a
case,
cluster
10
private
gates,
it
expired.
Today.
I
failed
to
remind
the
team
last
week
because
I
was
off-
and
I
forgot
to
put
that,
but
we
had
a
calendar.
I
was
reminded
of
that
by
my
calendar
this
morning,
so
the
calendar
is
still
a
good
idea
for
expired
credentials.
A
We
run
the
operation,
the
three
of
us
stephanie
and
I,
for
the
sake
of
knowledge,
sharing
everything
went
fine.
The
impacts
were
our
details
on
the
issue
only
on
infra
ci,
so
no
public
impact
we
didn't
went
on
a
situation
where
the
cluster
was
broken
or
in
a
world
state.
We
did
that
quite
early.
A
A
A
No
next
one,
a
huge
one,
update
center
stopped
updating.
Last
week
we
had
an
issue
with
the
algorithm
used
by
the
update
center
generator,
so
the
job
that
read
all
the
latest
published
plugin
and
try
to
generate
that
index
chosen
file
that
everyone
download
when
starting
a
jenkins
instance
or
checking
for
new
plugins.
A
So
there
have
been
multiple
exchanges.
It's
now
closed.
The
impact
was
some
users
during
the
weekend
due
to
a
bad
decision
for
from
male,
literally
so
good
experience.
Collectively
they
were
unable
to
update
or
install
aws
plugins,
because
one
of
the
plugin
was
ignored
because
it
was
the
plugin
causing
the
file
name
to
long
issue.
A
That
will
be
the
default
to
go
when
when
you
are
alone-
and
you
have
to
take
that
decision-
please
let
it
in
a
failed
state
as
soon
as
the
json
file
is
on
the
correct
state
at
a
given
moment
on
time,
and
let's
wait
a
few
days,
we
can
always
go
back
and
correct.
It
exception
for
security
issues,
but
the
security
team
know
how
to
handle
that.
A
A
Next
topic
migrate,
documentation
from
wiki
to
github
for
nutanix,
calm
plugin,
so
that's
a
usual
plugin
maintenance
tasks.
So
thanks
for
the
person
who
did
that
not
really
infrastructure
but
still
part
of
directly
but
yeah,
we
have
a
notification.
Our
lds
system
is
the
entry
point
for
this
user
so
happy
that
we
were
able
to
fix
that
quickly.
A
A
It
was
blocked
with
a
file
inside
that
cache
system
a
file
was
empty.
Usually
it's
a
downloading
error
that
happened.
We
have
a
run
book
with
a
set
of
commands
to
type
on
the
ssh
agent
machine,
so
that
procedure
is
really
easy.
You
connect
to
the
machine
indicated
on
the
run
book,
which
is
a
private
link
by
the
way
you
copy
and
paste
the
command.
You
run
it
and
then
even
better.
You
run
it
on
trusted.
Ci.
Sorry,
it's
a
groovy
command
executed
on
the
agent
really
useful.
A
A
Jenkins,
so
the
latest
lts
jenkins
released
last
week
during
the
security
advisory
who,
as
during
the
24
hours
following
matominos
following
the
release,
was
putting
a
warning.
There
was
a
new
jenkins
version,
while
users
were
already
using
the
latest,
so
that
one
was
a
consequence
of
one
issue
on
the
update
center
that
was
fixed
and
then,
since
the
update
center
was
not
updated,
we
weren't
able
to
publish
to
end
user
that
change
did
by
daniel
after
the
release,
so
that
took
a
few
hours
to
be
available
for
everyone.
A
So
thanks
a
lot
for
everyone
involved
in
notifying
this.
That
was
really
useful
to
have
a
quick
notification.
At
the
end
of
the
release,
we
were
able
to
fix
that
really
quickly,
so
lts
released
weekly
released
previous
lts
release,
so
that
means
we
had
to
update
all
our
controller
instance
to
benefit
from
the
security
updates
done
in
less
than
one
day
so
good
job
people,
good
job
automation
as
well
build
failure.
Javadoc
cannot
produce
locally.
I
have
no
idea
what
this
issue
is
about.
A
A
Okay,
okay,
so
thanks
peter
you
open
thinking,
it
could
have
been
infra
while
it
was
configuration
issue
so
still
better
to
have
issues
open
thinking,
it's
infra.
We
can
always
help
and
then
close
it.
But
yes,
it
wasn't
thanks
basil
for
solving
that
one
thanks
harvey
for
the
reminder:
migrate
from
workflow
cps
global
lib
to
pipeline
groovylib.
So
that
was
an
annoying
warning
on
new
jenkins
instance,
because
we
moved
the
pipeline
chat,
library,
logic
and
maybe
other
things
from
one
plugin
to
others.
A
A
A
A
Okay,
adding
a
note
that
we
checks
for
third.ci
with
the
security
team,
so
yeah
we
have
to
check
with
them
if
they
want
to
do
the
plugin
changes
or
if
they
want
us
to
do
it,
no
problem,
but
we
have
to
check
with
them
last
task
weekly,
ci
default
view.
Description
diverge
from
the
defined
one,
so
wikici
is
a
public
jenkins
instance
hosted
at
weekly.ci.
A
It
has
been
created
to
show
the
latest
design
of
material,
what
we
call
a
jenkins
design
library,
and
that
requires
to
be
using
jenkins
weekly
version.
The
only
weekly
version
that
we
run
is
infrasi,
which
is
not
public,
so
it's
a
kind
of
public
demonstrator
so
that
demonstrator
had
as
a
description
on
top
here.
As
you
can
see,
and
we
discovered
that
the
way
we
were
configuring
it
using
jenkins
configuration
as
code
was
wasn't
the
correct
version.
So
changes
were
made
on
the
influence
code,
but
not
applied,
so
it
was
not
doing.
A
A
A
A
So
I
assume
it's
a
jenkins
that
is
quite
old,
or
at
least
that
existed
since
years,
even
if
updated,
they
fixed
the
issue
by
themselves.
A
Okay,
remember
now
we
gave
them
information
for
anyone
with
the
same
error
that
we'll
make
here.
That
task
is
still
open,
because
that
will
be
useful
for
us
to
add
an
https
redirection
from
the
old
domain
in
http
and
https
to
the
new
one
that
will
be
the
redirection
of
the
apache
server
on
that
machine,
so
any
user
using
the
old
links
will
be
automatically
redirected
to
the
new
one
without
any
problem,
because
it's
not
the
case
today.
A
A
A
When
checking
updates,
jenkins
io
and
get
jenkins
io,
we
also
have
a
user
that
did
something
else,
weird.
What
is
hidden
behind
that?
I
try
to
show
some
elements.
We
have
to
dig
a
bit
more
forget
jenkins.
A
The
first
packages
on
tcp
are
unencrypted
and
provide
the
domain
name
as
part
of
the
first
packet
packets.
The
goal
is
to
have
the
first
uncheck
and
then
unclip
to
the
connection,
and
then
you
can
have
whatever
you
want
in
that
channel,
and
that
is
scenario
since
it's
unencrypted
it
can
be
used
to
do
the
same
thing
as
the
virtual
host
routing.
A
So
in
the
case
of
apache,
nginx,
2ds
and
other
web
server.
If
they
don't
have
an
host
header
on
the
incoming
request,
they
check
the
sni
and
then
they
try
to
determine
the
host
name
for
the
vhost
and
then
they
can
select
and
choose
a
certificate.
Otherwise
they
fall
back
to
their
default
virtual
host
configuration
to
provide
certificate.
A
A
We
have
issues
with
the
machine
update
jenkins
io.
Sometimes
it
drops
the
tls
and
check
connection
which
might
lead
to
the
issue
that
the
user
reported
initially
so
right
now,
no
action
for
us
to
be
done.
There
trust
me.
I've
spent
quite
the
amount
of
time
this
weekend
to
run
some
tcp
dumps
on
the
machine
for
another
subject
on
the
docker
area.
A
No
and
that's
a
good
thing,
otherwise
the
machine
will
spend
its
time.
Absolutely.
However,
by
tcpdump
you
can
see
the
issue
happen.
Some
packets
are
lost.
I
propose
that
we
link
that
issue
to
the
oracle
update
center.
So
we
remove
that
issue
from
the
milestone.
We
had
a
command
there
explaining
that.
So
once
we
have
migrated,
we
can
test
again
that
issue
and
put
it
back
on
our
priority
list,
but
right
now
it
has
to
be
kept
open
and
there
is
no
action
item
for
us,
so
I
propose
we
will
remove
it
from
milestones.
A
B
A
A
Haven't
done
that
yet,
but
yeah
next
task
is
remo.
Consider
removing
unbeatable
build
status
plugin,
that's
the
plugin
that
provides
this
tiny
building
or
failing
or
passing
icons
images.
That's
a
request
from
security
team,
because
security,
a
lot
of
security
and
the
main
maintenance
of
the
plugin
is
not
able
to
work
on
it
anymore.
So
he
helped
to
solve
the
latest
security
issue
from
the
free
passed
advisories.
A
However,
security
team
seems
pretty
frightened
by
that
plugin.
So
either
someone
jump
up
to
maintain
that
plugin
either
we
remove
it
so
we
removed
on
almost
all
the
controllers
are
unsure.
It
wasn't
installed,
except
ci,
jenkins
io,
because
we
have
one
last
task:
it's
sending
an
email
to
the
mailing
list
telling
the
developer
hey.
We
are
removing
now
that
plugin
from
ci
jenkins
io.
So
you
might
see
these
images
broken
on
your
readme
of
your
junkies
plugin.
You
have
to
remove
it.
C
C
A
Cool
or
if
anyone
else
is
interested,
of
course,
you
can
pair
with
rv
it's
just
that
it's
interesting,
but
I
I
don't
have
the
time
I'm
focusing
on
the
infra.
No,
no
honestly,
I
would
like
that
would
have
been
really
useful
for
me
during
the
past
months
is
so
as
soon
as
someone
on
the
till
is
able
to
automate
such
change.
That's
that's
really
important,
because
when
we
do
large
scale
changes
on
the
infrared
that
need
to
be
applied
to
thousands
of
pipelines
if
we're
able
to
automate
such
change.
C
C
Yeah,
I
also
I
will
make
a
good
version
with
like
jesus
did,
which
isn't
that
crude,
but
yeah.
A
A
A
The
goal
is
to
integrate
your
integration
again
with
the
github
issue,
so
tierra
is
able
to
mention
pull
requests
or
the
other
way
around
on
something
we
cannot
use
like.
We
say
we
said
two
weeks
ago
that
we
should
use
a
github
app,
it's
not
possible
with
the
version
and
the
configuration
we
have,
so
we
need
to
create
technical
user
on
jenkins,
ci
port.
That
would
have
the
some
rights,
I
hope
not
too
much
administration
and
that
user
will
have
the
same
permission
on
all
the
repositories
of
jenkins
ei.
A
I
don't
think
we
should
do
it
for
jenkins
and
fra,
but
that
might
happen
because
some
that
might
be
some
needs
to
synchronize
the
task
of
different
trackers,
so
I
hope
no,
but
we
might
need
so.
I
will
double
check
unless
someone
wants
to
take
it
er.
Is
it
okay?
If
I
remove
your
assignment
from
this
one,
since
you
have
already
other
tasks
or
do
you
want
to
keep
working
on
this
one.
A
See
the
first
to
finish
his
task,
we'll
take
it:
okay,
evaluate
retro
condition
to
improve
stability
of
the
builds,
so
this
is
an
experimental
plugin.
We
should
have
done
that
last
week,
but
between
the
security
advisory,
the
overload
of
all
the
team
and
the
issue
with
update
hunter.
We
weren't
able
to
do
that.
So
I
will
try.
We
will
try
to
resume
that
that
will
mean
installing
plugins
that
are
not
the
latest
stable
version,
but
they
are
incremental,
builds
plug-in
from
pull
request.
A
The
goal
again
is
to
be
able
to
have
build
restarted
when
the
agent
goes
down
for
an
unexpected
reason:
that's
a
war
from
jesse
glick
and
we
should
be
able
to
try
it
again
on
cigar.
A
I
keep
working
on
that
one
unless
someone
is
interested,
because
now
everyone
has
played
with
the
plugin
on
ci
jenkins
io
with
the
removal,
so
anyone
should
be
able
to
try
this
one
so
by
default.
I
keep
my
assignment
because
I
started
discussing
with
jesse,
but
anyone
interested
can
take
over.
I
don't
mind.
A
C
C
To
get
the
last
tag,
build,
I'm
not
sure,
maybe
yeah
yes,
finished.
Okay,
I
have
to
bump
it
used
to
drinking
saffron
and
see
what
need
to
be
done
on
the
carrying
engine.
C
C
A
B
A
A
I
will
try
to
remove
the
high
memory
instances
that
are
not
used
for
docker,
even
though
they
have
docker
and
that
will
allow
us
to
spawn
more
machines,
because
we
have
a
hard
limit
on
azure
that
we
cannot
grow
of
a
50
per
whatever
region,
or
I
don't
remember
the
grain
and
still
we
need
docker
to
answer
to
us.
Yes
or
no,
so
we
can
decide
of
the
strategy.
A
Then
harvey
mentioned
the
idea
of
using
jasher
images
which
might
require
for
us
to
mirror
what
is
daily,
the
image
from
docker
rob
to
jersey,
which
might
require
rate
limit,
but
once
a
day
that
should
be
okay
and
then
we
could
do
the
amount
of
bill
we
want.
We
can
have
a
proxied
our
solution,
but
we
need
an
answer
to
decide
the
next
course.
A
So
I'm
taking
over
that
one.
Is
it
okay,
everyone?
If
next
week,
if
we
don't
still
don't,
have
an
answer
from
docker,
then
we
start
deciding
stop
using
the
docker
herb
and
selecting
another
solution.
Either
changing
the
registry
or
putting
a
proxy
in
front
of
this
one
so
next
week
we
start
taking.
Another
decision
sounds
good
to
you.
A
A
A
So
I've
taken
over
temporarily
that
task
from
stefan
to
let
him
focus
on
kubernetes
upgrade
with
rv.
So
stefan
did
already
a
lot
of
work
on
the
terraform
management.
He
was
able
to
dig
on
all
oracle
cloud
works,
so
huge
work
there.
I
took
over
the
iem
parts.
So
how
do
we?
How
do
we
separate
production
and
staging
on
the
oracle
cloud?
Because
the
way
we
use
oracle
cloud
right
now
is
all
users
have
all
permissions,
which
I
don't
mind
for
humans,
like
you
folks,
but
that's
a
problem
for
terraform
automatic
changes.
A
We
don't
want
the
terraform
test
harness
trying
to
manipulate
resources
in
production,
so
I'm
currently
losing
my
errors,
like
stefan
lost,
is
last
week
on
how
do
we
set
permission
between
cloud
services,
users,
groups
etc,
but
we're
almost
there
thanks
to
stefan
walks.
I
already
have
some
pre-built
work
and
now
I'm
trying
to
make
it
really
fine
tune
like
we
do
on
aws,
so
expect
some
change.
The
first
virtual
machine
should
be
created
this
week.
A
A
The
goal
is
to
have
an
ills
indicator
based
on
some
attributes
for
each
plugin.
It's
an
experimental
project
as
part
of
the
google
summer
of
code,
the
gsoc
they
ask
for
us
to
help
to
be
able
to
build
and
test
the
application.
For
now
no
deployment
involved
adrian
gave
us
some
details
on
what
he
expect
what
he
needs.
So
we
have
to
answer
him
by
pointing
him
to
some
documentation
and
eventually
example
pipeline.
You
need
to
know
what
agent
and
capabilities
can
he
use
in
ci
jenkins,
io.
A
C
A
A
That's
the
summary
we
initially
had
the
discussion
with
stefan
on
that
part,
but
given
the
workload
yes,
when
we
were
all
together
in
brussels,
however,
it's
not
an
expectation,
so
I'm
challenging
that
element
right
now.
Is
it?
Do
you
still
want
it,
given
you
what
you
want
or
don't
want
to
do,
and
given
your
bandwidth
I'd
like
not
to
please,
I
don't
want
to
not
probably
be
rude
for
adrian,
but
I
don't.
A
A
No
problem
next
one
is
require
java,
11
infrastructure,
fred.
So
in
fact,
that
task
was
already
worked
on
that
has
been
created
by
brazil.
A
A
A
A
So
that's
why
I
want
it
to
be
part
of
the
milestone
to
materialize,
the
fact
that
it's
being
worked
on
not
always
by
the
infrastructure
team
but
still
team,
brazil
and
I
were
working
on
that,
but
that
serve
as
a
source
of
truth,
especially
given
the
the
big
work
that
brazil
did
on
that
part
still
really
useful
for
us
to
audit.
If
something
goes
wrong
in
the
future.
A
A
And
the
reason
why
I
mention
it
is
because
since
jdk
17
will
be
the
next
one,
I
propose
that
in
the
upcoming
week
I
might
create
an
issue
on
the
infra
for
not
this
iteration,
but
the
next
one.
So
don't
be
surprised.
I
will
want
to
try
running
in
frasier,
since
it's
a
kind
of.
B
A
numerous
reason
for
that
the
most
important
one
for
us
is
that,
with
the
upcoming
kubernetes
upgrade
1.22
that
you
are
going
to
do
thursday,
the
underlying
machine
are
going
to
use
c
groups
version
2,
which
means
the
way
memory
is
handled
is
different
and
gdk11
hasn't
had
the
back
port
required
to
correctly
set
the
memory
limit.
So
it's
like
going
back
on
gdk8
before
the
c
groups.
A
I
mentioned
this
one:
it's
not
mandatory
to
take
it
over
it's
nice
to
have
managing
the
version
of
the
elastic
kubernetes
cluster,
so
the
kubernetes
cluster
managed
on
aws
that
has
been
upgraded
yesterday
by
by
you
folks.
The
goal
is
now
being
able
to
manage
the
version
of
the
modules
installed,
so
modules
are
plugins
to
manage
network
and
dns
inside
the
cluster.
Mainly,
we
have
three
modules.
These
modules
are
installed
when
you
create
a
new
cluster,
and
we
add
seen
during
the
past
two
kubernetes
upgrades
to
update
this
module
manually
in
the
ui.
A
It
seems
that
our
terraform
configuration
is
able
to
track
the
presence
or
not
of
these
modules,
and
it's
mentioning
as
a
warning,
but
not
as
an
actionable
item
that
the
version
can
have
changed
because
of
the
manual
updates
that
mean
that
if
we
find
a
source
of
truth,
where
are
the
latest
version
of
the
plugins,
depending
on
the
kubernetes
version
that
we
are
running?
There
is
a
big
matrix
on
the
aws
documentation,
at
least
if
we
are
able
to
find
a
way
to
get
that
version
number.