Present: @evgeni (chair), @ekohl (notes), @ehelms, @Griffin-Sullivan
Discourse posts since last time
- Puppetserver migration
- Jenkins updated to 2.375.2
- Deb-node01.jenkins.conova and node01.jenkins.conova network changed
- Jenkins updated to 2.387.1
- Jenkins migration on 2023-03-23
Done
Migrate Puppetserver to stand-alone instance · Issue #1685 · theforeman/foreman-infra · GitHub
Notes kept in Puppetserver migration
Backups remain: Decommission puppetmaster.theforeman.org · Issue #1805 · theforeman/foreman-infra · GitHub
@evgeni will try to find a proper offsite location so the source and target aren’t on the same physical machine
Migrate Foreman instance to new infrastructure · Issue #1686 · theforeman/foreman-infra · GitHub
Resolved, see Puppetserver migration
move centos jenkins usage over to jenkins-foreman.apps.ocp.cloud.ci.centos.org · Issue #1800 · theforeman/foreman-infra · GitHub
CentOS CI has migrated their setup. Thanks to jenkins-job-builder it was easy to migrate our config.
New card to call Duffy from our own Jenkins so we don’t need the CentOS CI anymore: stop using centos jenkins now that Duffy API is available on the Internet · Issue #1828 · theforeman/foreman-infra · GitHub
In progress
Allow building on RHEL in our Koji setup · Issue #1670 · theforeman/foreman-infra · GitHub
On hold, with COPR in mind as an alternative. Moving bak to TODO.
Investigate Copr as the build system · Issue #1795 · theforeman/foreman-infra · GitHub
We need to figure out how to deal with it in the release process (branching, etc).
GPG signing: today we give a guarantee that it was at least manually verified that a release was done by a human and gaining control of Jenkins doesn’t mean you can add additional packages.
Decided we want to start with relying on COPR to sign with GPG and later decide if we want to bring back manual signing.
Our own GPG key will remain at least for our tarballs.
We’ll continue relying on obal, which will either wrap the COPR Python API or the COPR CLI.
@ehelms and @evgeni will write up a conclusion on this issue and close it out.
Decommission puppetmaster.theforeman.org · Issue #1805 · theforeman/foreman-infra · GitHub
@ekohl wants to wrap it up this month, so today / tomorrow
Migrate Jenkins off of Rackspace · Issue #1684 · theforeman/foreman-infra · GitHub
@ekohl wants to wrap it up this month, so today / tomorrow
Set up a Monitoring System · Issue #471 · theforeman/foreman-infra · GitHub
When we migrate away from Rackspace, we’ll lose monitoring. This may need to gain priority.
Replace exim Puppet module (or exim) · Issue #1692 · theforeman/foreman-infra · GitHub
Back to TO DO
Update Foreman to 3.6 · Issue #1676 · theforeman/foreman-infra · GitHub
Changed from 3.5 to 3.6, assigned @evgeni
Rotate REX SSH key on puppet01 and client old puppetmaster entry · Issue #1804 · theforeman/foreman-infra · GitHub
Maybe done? @ekohl to check
Migrate Discourse off of Scaleway VM · Issue #1710 · theforeman/foreman-infra · GitHub
@evgeni wants to talk to @nofaralfasi about Discourse maintenance. There are several updates pending.
move EL Jenkins nodes to EL8 · Issue #1706 · theforeman/foreman-infra · GitHub
Should be easier now that Conova is set up networking wise, so adding an EL8 node there should be easy.
Red Hat sponsored AWS nodes may need to migrate internally to another account. Re-deploying them with EL8 would be good. @ehelms to check.
Given our current capacity usage, it may also be possible to phase out the nodes at OSUOSL, given they are rather slow.