Hi everyone,
This is a weekly report from the CPE (Community Platform Engineering) Team. If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on libera.chat (https://libera.chat/).
Week: 23rd May - 27th May 2022
If you wish to read this in form of a blog post, check the post on Fedora community blog:
https://communityblog.fedoraproject.org/cpe-weekly-update---week-21-2022/
# Highlights of the week
## Infrastructure & Release Engineering
Goal of this Initiative
-----------------------
Purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
The ARC (which is a subset of the team) investigates possible initiatives that CPE might take on.
Link to planning board: https://zlopez.fedorapeople.org/I&R-2022-05-25.pdf
Update
------
* Infra and releng team was investigating Openshift in AWS for communishift and CentOS CI
### Fedora Infra
* Ocp3 certs expired, had to renew/push new ones (~20min outage)
* Finished up a mass update/reboot. Things up on 8.6 now.
* Hit bug in new ansible-freeipa and filed it upstream
* Got first RHEL9 staging virthost installed
* Bunch of email issues to/from redhat.com, hopefully almost all solved now.
* OCP4 clusters moved to 4.10.
* Some compose machines moved to f36 already.
### CentOS Infra including CentOS CI
* CentOS Stream storage migration spike (Netapp for nfs/iscsi) (blocked : no news)
* Duffy/CI progress:
* Site-to-site vpn tunnel between VPC (us-east-1) and CI infra
* delegated/hosted (dynamic) pool.ci.centos.org zone on route53
* Dns forwarding (both directions : vpc ⇔ ci infra)
* Ansible playbooks ready
* Git.centos.org pagure upgrade/migration (blocked, waiting on internal - EXD)
* Business as usual (mirrors, tags)
### Release Engineering
* f32/33 archived. Old rc’s cleaned up
## CentOS Stream
Goal of this Initiative
-----------------------
This initiative is working on CentOS Stream/Emerging RHEL to make this new distribution a reality. The goal of this initiative is to prepare the ecosystem for the new CentOS Stream.
Updates
-------
* Working on first modules and software collections for CentOS Stream 9
* Changing the Fedora ELN Everything repository to only contain what's not in AppStream, BaseOS, and CRB, and renaming it to Extras
* Getting CentOS Stream 8 workflow closer to 9:
* Currently testing "import latest modules", expect to have modules imported early next week.
* Updating is currently manual for both modules and normal RPMs, also working on an automated import script to run at regular intervals. Expect to be finished next week.
## CentOS Duffy CI
Goal of this Initiative
-----------------------
Duffy is a system within CentOS CI Infra which allows tenants to provision and access bare metal resources of multiple architectures for the purposes of CI testing.
We need to add the ability to checkout VMs in CentOS CI in Duffy. We have OpenNebula hypervisor available, and have started developing playbooks which can be used to create VMs using the OpenNebula API, but due to the current state of how Duffy is deployed, we are blocked with new dev work to add the VM checkout functionality.
Updates
-------
* Skip beta and release 3.0.0
* Continue work on provisioning nodes for Duffy in EC2
* CLI for tenants (what was cicoclient, ongoing)
## Package Automation (Packit Service)
Goal of this initiative
-----------------------
Automate RPM packaging of infra apps/packages
Updates
-------
* Package proposal on fasjson created on bugzilla
* Release of fedora-messaging 3.0.2
* Packit added to noggin-messaging (noggin dependency)
* Packaging datanommer.models in progress (datagrepper dependency)
* Business as usual, a lot of manual packaging
## Flask-oidc: oauth2client replacement
Goal of this initiative
-----------------------
Flask-oidc is a library used across the Fedora infrastructure and is the client for ipsilon for its authentication. flask-oidc uses oauth2client. This library is now deprecated and no longer maintained. This will need to be replaced with authlib.
Updates:
--------
* Test-auth app running, allows user to successfully login using Fedora acct details (https://app-flask-oidc-dev.apps.ocp.stg.fedoraproject.org/)
* Implementing authlib function changes in codebase (https://github.com/fedora-infra/test-auth/blob/authlib_dev/test_auth/flask_oidc.py)
* Trying to pull user info from login creds
## EPEL
Goal of this initiative
-----------------------
Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).
EPEL packages are usually based on their Fedora counterparts and will never conflict with or replace packages in the base Enterprise Linux distributions. EPEL uses much of the same infrastructure as Fedora, including buildsystem, bugzilla instance, updates manager, mirror manager and more.
Updates
-------
* epel9 available at the launch of rhel9 with 5764 packages, from 2678 source packages, built by 249 different packagers
* epel9 update of python-jwt to fix CVE-2022-29217
* epel8 and epel9 update of epel-rpm-macros to require ansible-srpm-macros (provides macros for packaging ansible collections)
* bdii installation from epel9 problem resolved for c9s, will be resolved in RHEL 9.1
* Documentation improvements:
* added list of channels/repos epel9 and epel9-next are built against
* updated quickstart guide for rhel9 GA and alma9 beta
* removed mentions of CentOS Linux 8
Kindest regards,
CPE Team
This is a weekly report from the CPE (Community Platform Engineering) Team. If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on libera.chat (https://libera.chat/).
Week: 23rd May - 27th May 2022
If you wish to read this in form of a blog post, check the post on Fedora community blog:
https://communityblog.fedoraproject.org/cpe-weekly-update---week-21-2022/
# Highlights of the week
## Infrastructure & Release Engineering
Goal of this Initiative
-----------------------
Purpose of this team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work.
It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.).
The ARC (which is a subset of the team) investigates possible initiatives that CPE might take on.
Link to planning board: https://zlopez.fedorapeople.org/I&R-2022-05-25.pdf
Update
------
* Infra and releng team was investigating Openshift in AWS for communishift and CentOS CI
### Fedora Infra
* Ocp3 certs expired, had to renew/push new ones (~20min outage)
* Finished up a mass update/reboot. Things up on 8.6 now.
* Hit bug in new ansible-freeipa and filed it upstream
* Got first RHEL9 staging virthost installed
* Bunch of email issues to/from redhat.com, hopefully almost all solved now.
* OCP4 clusters moved to 4.10.
* Some compose machines moved to f36 already.
### CentOS Infra including CentOS CI
* CentOS Stream storage migration spike (Netapp for nfs/iscsi) (blocked : no news)
* Duffy/CI progress:
* Site-to-site vpn tunnel between VPC (us-east-1) and CI infra
* delegated/hosted (dynamic) pool.ci.centos.org zone on route53
* Dns forwarding (both directions : vpc ⇔ ci infra)
* Ansible playbooks ready
* Git.centos.org pagure upgrade/migration (blocked, waiting on internal - EXD)
* Business as usual (mirrors, tags)
### Release Engineering
* f32/33 archived. Old rc’s cleaned up
## CentOS Stream
Goal of this Initiative
-----------------------
This initiative is working on CentOS Stream/Emerging RHEL to make this new distribution a reality. The goal of this initiative is to prepare the ecosystem for the new CentOS Stream.
Updates
-------
* Working on first modules and software collections for CentOS Stream 9
* Changing the Fedora ELN Everything repository to only contain what's not in AppStream, BaseOS, and CRB, and renaming it to Extras
* Getting CentOS Stream 8 workflow closer to 9:
* Currently testing "import latest modules", expect to have modules imported early next week.
* Updating is currently manual for both modules and normal RPMs, also working on an automated import script to run at regular intervals. Expect to be finished next week.
## CentOS Duffy CI
Goal of this Initiative
-----------------------
Duffy is a system within CentOS CI Infra which allows tenants to provision and access bare metal resources of multiple architectures for the purposes of CI testing.
We need to add the ability to checkout VMs in CentOS CI in Duffy. We have OpenNebula hypervisor available, and have started developing playbooks which can be used to create VMs using the OpenNebula API, but due to the current state of how Duffy is deployed, we are blocked with new dev work to add the VM checkout functionality.
Updates
-------
* Skip beta and release 3.0.0
* Continue work on provisioning nodes for Duffy in EC2
* CLI for tenants (what was cicoclient, ongoing)
## Package Automation (Packit Service)
Goal of this initiative
-----------------------
Automate RPM packaging of infra apps/packages
Updates
-------
* Package proposal on fasjson created on bugzilla
* Release of fedora-messaging 3.0.2
* Packit added to noggin-messaging (noggin dependency)
* Packaging datanommer.models in progress (datagrepper dependency)
* Business as usual, a lot of manual packaging
## Flask-oidc: oauth2client replacement
Goal of this initiative
-----------------------
Flask-oidc is a library used across the Fedora infrastructure and is the client for ipsilon for its authentication. flask-oidc uses oauth2client. This library is now deprecated and no longer maintained. This will need to be replaced with authlib.
Updates:
--------
* Test-auth app running, allows user to successfully login using Fedora acct details (https://app-flask-oidc-dev.apps.ocp.stg.fedoraproject.org/)
* Implementing authlib function changes in codebase (https://github.com/fedora-infra/test-auth/blob/authlib_dev/test_auth/flask_oidc.py)
* Trying to pull user info from login creds
## EPEL
Goal of this initiative
-----------------------
Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).
EPEL packages are usually based on their Fedora counterparts and will never conflict with or replace packages in the base Enterprise Linux distributions. EPEL uses much of the same infrastructure as Fedora, including buildsystem, bugzilla instance, updates manager, mirror manager and more.
Updates
-------
* epel9 available at the launch of rhel9 with 5764 packages, from 2678 source packages, built by 249 different packagers
* epel9 update of python-jwt to fix CVE-2022-29217
* epel8 and epel9 update of epel-rpm-macros to require ansible-srpm-macros (provides macros for packaging ansible collections)
* bdii installation from epel9 problem resolved for c9s, will be resolved in RHEL 9.1
* Documentation improvements:
* added list of channels/repos epel9 and epel9-next are built against
* updated quickstart guide for rhel9 GA and alma9 beta
* removed mentions of CentOS Linux 8
Kindest regards,
CPE Team
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure