Infrastructure SIG meeting 2023-03-30

Present: @evgeni (chair), @ekohl (notes), @ehelms, @Griffin-Sullivan

Discourse posts since last time

Done

Migrate Puppetserver to stand-alone instance · Issue #1685 · theforeman/foreman-infra · GitHub

Notes kept in Puppetserver migration
Backups remain: Decommission puppetmaster.theforeman.org · Issue #1805 · theforeman/foreman-infra · GitHub
@evgeni will try to find a proper offsite location so the source and target aren’t on the same physical machine

Migrate Foreman instance to new infrastructure · Issue #1686 · theforeman/foreman-infra · GitHub

Resolved, see Puppetserver migration

move centos jenkins usage over to jenkins-foreman.apps.ocp.cloud.ci.centos.org · Issue #1800 · theforeman/foreman-infra · GitHub

CentOS CI has migrated their setup. Thanks to jenkins-job-builder it was easy to migrate our config.

New card to call Duffy from our own Jenkins so we don’t need the CentOS CI anymore: stop using centos jenkins now that Duffy API is available on the Internet · Issue #1828 · theforeman/foreman-infra · GitHub

In progress

Allow building on RHEL in our Koji setup · Issue #1670 · theforeman/foreman-infra · GitHub

On hold, with COPR in mind as an alternative. Moving bak to TODO.

Investigate Copr as the build system · Issue #1795 · theforeman/foreman-infra · GitHub

We need to figure out how to deal with it in the release process (branching, etc).

GPG signing: today we give a guarantee that it was at least manually verified that a release was done by a human and gaining control of Jenkins doesn’t mean you can add additional packages.

Decided we want to start with relying on COPR to sign with GPG and later decide if we want to bring back manual signing.

Our own GPG key will remain at least for our tarballs.

We’ll continue relying on obal, which will either wrap the COPR Python API or the COPR CLI.

@ehelms and @evgeni will write up a conclusion on this issue and close it out.

Decommission puppetmaster.theforeman.org · Issue #1805 · theforeman/foreman-infra · GitHub

@ekohl wants to wrap it up this month, so today / tomorrow

Migrate Jenkins off of Rackspace · Issue #1684 · theforeman/foreman-infra · GitHub

@ekohl wants to wrap it up this month, so today / tomorrow

Set up a Monitoring System · Issue #471 · theforeman/foreman-infra · GitHub

When we migrate away from Rackspace, we’ll lose monitoring. This may need to gain priority.

Replace exim Puppet module (or exim) · Issue #1692 · theforeman/foreman-infra · GitHub

Back to TO DO

Update Foreman to 3.6 · Issue #1676 · theforeman/foreman-infra · GitHub

Changed from 3.5 to 3.6, assigned @evgeni

Rotate REX SSH key on puppet01 and client old puppetmaster entry · Issue #1804 · theforeman/foreman-infra · GitHub

Maybe done? @ekohl to check

Migrate Discourse off of Scaleway VM · Issue #1710 · theforeman/foreman-infra · GitHub

@evgeni wants to talk to @nofaralfasi about Discourse maintenance. There are several updates pending.

move EL Jenkins nodes to EL8 · Issue #1706 · theforeman/foreman-infra · GitHub

Should be easier now that Conova is set up networking wise, so adding an EL8 node there should be easy.

Red Hat sponsored AWS nodes may need to migrate internally to another account. Re-deploying them with EL8 would be good. @ehelms to check.

Given our current capacity usage, it may also be possible to phase out the nodes at OSUOSL, given they are rather slow.