Skip to main content

Flock 2016 - krakow - day 3 (thursday)

Unfortunately, I managed to oversleep on thursday (forgot to set my alarm), so I missed the lightning talks. Will have to look up the recording of them when they are up. I went to go to the automation workshop, but it was standing room only, so I went and had more coversations in the hallway track. Then it was time for our infrastructure workshop. Things went really well! We did a whiteboard/etherpad of items we wanted to discuss and come up with plans on and managed to finish the last of them with just a few minutes to spare. In no particular order:

  • containers in Fedora Infrastructure
    • mirrorlist container is a good first candidate
    • will run on proxies
    • will run the wsgi server in container and expose the socket to apache on proxy
    • haproxy with container as first and old ones as secondary/backups
    • could spin up more capacity as needed in our cloud or others
  • fedorainfracloud - per contributor resources
    • contributor per tenant resources
    • add packager and qa groups and talk to docs and i18n and others if they would find it of use
    • 1 external ip
    • outgoing restricted to disallow "spammy" ports
    • Will update docs and announce once it's ready
  • build setup for infra packageskoji side tag for infra packages
    • up to maintainer to decide on EPEL/Fedora
    • dogfooding our own deployed services/processes where it makes sense
  • fas3 status
    • https://admin.stg.fedoraproject.org/fas3/
    • python-fedora backward compatibility questions.
      • tokens vs passwords
      • fas-client is ready to be packaged
      • fas/fas-client in stg, test/fix python-fedora, announce so people can test, fix broken apps, push to prod
      • fas3 security audit, SOON since in stg it is using a copy of the prod db.
  •  community projects / domain names support
    • domain names to reflect support status of projects (fedoraproject.org, fedorainfracloud.org, fedoracommunity.org)
    • fedorainfracloud: unsupported, run by community members
    • currently used for geographical community sites. Idea is to make it be used for slightly-more-supported apps
      • Still uses RFR process. Less burden on FI team, but don't let people deploy random things to it.
      • COPR is a primary candidate
      • actions: adjust docs, adjust status, adjust RFR docs
  • CA certs and such
    • freeipa testing to happen soon
    • if that looks good, move to kerberos
    • need to figure out sigul
  • koji rework for new alternative arch support
    • Will need more storage space, but will reduce space used on mirrors
    • archs aren't "primary" or "secondary" but build output will be tag as such, instead.
    • aarch64 import after hardware is received, single mass rebuild at end of cycle like for F20.
    • GOAL: Get proposal approved by FESCO for F26 (aarch64), PPC for F27, s390x possibly for F27
    • Discussion with IBM about access to untimed mainframe
    • unused aarch64 and PPC servers for cloud VMs
Then off to a brewery for the evening. It was nice food and beer and I got back on the last bus and headed to sleep. Sure not enough sleep at flock. ;)