 Go. Hello. This is Jenkins Platform SIG meeting. We're on March 14, 2023 It's by day More on that later on. Yeah, it's by day today. Whoo-hoo Today we're lucky enough to have Mark Wait with us and Kenneth Ken Salerno. Hope I didn't butcher your name We have a few open-action items This one you've seen them for a few meetings and you'll see them in a few meetings too for a few meetings That's okay. Some things have changed. We'll see what's done Some updates experiments. We'll still discuss about CentOS 7 and Today we have another subject about power pc. That should be interesting anyhow So on the open-action items, we still have the docker images container Docker container for ablution. Um, it's Deprecated but we haven't announced it yet So we need to announce it uh a big page of docker. Let's hope We start the meeting the same way. We've been doing that for quite a while now Someday, uh, we'll dread that issue Um Mark I can't remember. Uh, we told that we would create an issue to promote the deprecation and the needed steps Yeah, that's me. That's you. Oh, right. That is because oh, sorry I think it's this is part of the bigger picture of us Of the jep we want we want a jankins enhancement proposal that provides us a way to communicate to users That they are now running a system that will be deprecated or after the deprecation date They are running a system that has been deprecated And right now the jankins administrative monitors don't really have the concept So it's we think it's a concept we need to add and then a way to communicate That concept into the into the code So, uh, if you don't mind we could switch then to the center s7 jankins control docker image because It's linked somehow because it's a product that will go end of life Sooner or later. So yes, we will need a jep. So, uh, jankins enhancement proposal To end the center s7 image earlier than june. And that's part of it. I'll I'll do that And I'm reasonably comfortable writing jeps. So I'm not not frightened by the Level of detail. There's there are a bunch of things that this exposes that oh, we got to think about this and about this, etc Yeah, maybe what will take the big part of time is discussing about the jep instead of implementing I get that should be not a well-miner of course, but We have to know What the community thinks about that before doing anything, of course Thanks mark Um Next what's done because yes, we not only have open action items. We also do things from time to time. So the latest, uh Images for the agent have been released. We have a release for sysh docker agent and inbud inbound agent It's not Groundbreaking it's just debian most of the time that has been updated so from an older version From to another more recent version of both eye And our climax also for the docker agent has been updated We don't know how much time we will keep updating our climax or if we will get rid of it one of these days We'll see that later on Now a subject, which is not yet official, but nonetheless, I'm working on that From time to time rix 5 and jenkins. So I wrote a blog post last week and kevin martens helped me Greatly in correcting and making some suggestions to the article so that now it is readable So it's all about my experience with jenkins on a rix 5 machine first timing. It's only for the agent So no controller and no docker image but That will come one of these days Then power pc supports in the container image controller and agents maybe so can What can you tell us about that? If I may let me um, of course share my screen. Oh, please do so Okay, it's I think we have to wait Mm-hmm. So first I'll show you what Okay, so this is the The node that's running in the in docker So you'll see This was built On an Ubuntu server And the server is amd amd 64 So I believe I believe there's a way I can actually show you In the script console So here So there you go So it's showing that the container itself is Being run with QEMU user static I think you're both familiar with that Are you using that? Mark with your s390 build I I don't know if we're using QEMU static or just QEMU, but we're definitely using Something like that because we're not building the container images on s390 I don't assume you have a Mainframe actually we we have access to one and that that's the really cool thing But we we are delighted not to have to use it So let me share what I do Yes, we build eggs, of course. Yeah All right, are you are you able to see my console? Yes. Yes. Okay So as I mentioned, this is x86 And what's running now as a docker container Is um what I used as my build host This is a docker-buildex And then I put the arc the architecture which we can you can actually specify there's many Many different architectures that's provided By the the minus minus platform No, so what I use is um, so I made a script because I I'm lazy and I just wanted to To document it So after So after I so this code block here is just to initialize the Ubuntu server with the community edition of docker So these steps are familiar to you already Uh, so once docker is up and running I have a build command where I I create a new docker container that Is the QEMU user static? container And if you give this privileges To mount partitions from the host And you give it certain parameters that are needed to make QEMU user static fully functional It will create the necessary bin format miss For the kernel to know that when you're executing When you're executing something that's in power pc The little indian or if you chose system 390 It'll know to use this The user static binary to execute the container command that you're running automatically So this is how you can Make a container that's a foreign architecture And not have to emulate the entire kernel and operating system, which is much much slower so when I So I'll show you my log file. So this is the log file of when I installed QEMU user static container and this is all the architectures that it supports here. So you'll see it's got arm It's got power pc big indian n little indian. It's got everything you'd ever wanted risk five is in here And and of course the mainframe system 390 x is here So I of course chose to install the power pc 64 little indian a boom to is my container And then I installed the packages I need to have a build x environment So one important detail that I didn't Really spell out is You can't you can't run the docker service Inside of a QEMU user static container So what I did was I start the docker service on my host And then I forward My socket To the container You see that there So you so if I connect to my container right now So right now i'm on the container and you'll see here. It's a power pc architecture When I do a docker ps It's can it's communicating with the hosts docker And you'll notice it sees itself And it sees my jenkins container that I created So this is the way I get around when I want to build and test I have and then when you build it wants to load the image to The docker the finish so These images got written by the build by the build x script right here But again, this is all happening impossible because I forwarded my docker socket to the container While i'm inside this foreign architecture So just talk a little bit about the patch Very simple So what I was talking what I was referring to earlier mark was I just took what you're doing with system 390 Added my little endian power pc 64 so that we you know to enable the build to not die on unknown cpu and then in the bake hcl file I just added myself to the end here and i'm only building this depi in jdk 11 Which is copying what you did with the system 390 Yeah, I think uh, we had something like that a few Month ago, but we removed just about everything because we lost access on to the ppc 64 le machines am I right mark? That was part of it. The other part was that qam qam u was not working for us and I think ken has solved The qam u not working for us. Okay, so So the the the unavailability and and organ state university is willing to give us access give open source projects access to the ppc 64 le hardware If we request it and since we've already gotten a relationship with osu I'm not terribly worried about them granting that they already they've hosted us for years ken. Could you bring that back up? I wanted to so so this patch I think means that it's the controller so this is This you you made this patch you applied this patch in the repository Whose name is jenkin ci slash docker? I suspect yes Okay, good. All right. So this is the controller and the consumers that needed this was this enough for them? Or have they not yet given you an answer of oh, yeah, this is what we need So I my colleague daniel casale is the one who opened the ticket in the first place I'll I'll go back and ask him. I think it's his account Okay And I'll explain this is what I built so far and if they need something else if you if you don't mind maybe Putting it in the chat what I have to build Oh, absolutely here. Let me paste. So let's I'm gonna first paste into the chat what I think You where I think you were based on and then then you can say oh, well, no, that's not even where I did it So the It was here Yeah It was that one Good. Okay. So that matches it and that's that's the controller image Okay So and and that's the one that's the one that the con our contact who I forget her name, but uh a woman Of an indian or east asian name Was was helping coordinate the work on s390 And she wanted to be sure we had a controller image and and so that was the There and I'll have to check to see if if we've got S390 or if we've got any other images If we did they would be in this one Is the agent base image? And then there are two consumed by users agent images That derive from the base image. There's this one is the Agent used in Places like kubernetes So that inbound agent is is used in kubernetes cases. Okay the ssh agent This one Is used in In cases where Where the controller orchestrates or controller launches And controls the connection to the agent Yeah, but when mark says derives if in the idea not in the code yet. Yes, right Thanks, but it's a project we have brunos. Correct the architecture. I was I was describing mythical rather the Rather than literal dependency. Yeah, right So ken and I don't I I'm assuming that what they wanted was controllers Because they've got something they they want to do and I suspect they haven't yet arrived at the point of saying Oh, but we also need agents But I would assume they will eventually say oh, yes, we need agents particularly if they say Oh, we're running kubernetes on power pc Then they're going to need the inbound agent if they say, oh, we're not running kubernetes We're just running our own static agents. We're a financial institution. We need this or that Then then it may just be The ssh agents Got it. All right. Well, I'll build All three of them and let you know Um, and I assume I'm I'm going to need a similar patch to a make file and and the big uh each deal Yeah, the big for sure make file. Why am I not? Yeah, yeah, and I I don't remember if those if those those agents are A little bit cringe worthy and we apologize in advance I'm I'm actually quite pleased with how the controller builds the that build x stuff Is really elegant. I'm not sure that the agents are nearly that elegant. So you may find ugly Rather unpleasant things there. Just ask questions if you do Sure. Yeah, but maybe just a docker bag. I think I remember I removed A few weeks ago all references to ppc 64 le from the agent images or was it from the documentation? Yeah, can I ask a question since I have to build working For the controller Would it be too much to just ask you to put them back in for all four of these since I'm doing builds and this why I won't have to patch them Because as far as the agents I'm I'm going to have to go and read the code and figure out where I need to insert myself Anyway, would you guys be able to just put that back in there? I think it's a reasonable request But I feel like I've got to check with the security team That was one of the one of the things that we had we had a visit from the security team a few meetings ago And they said specifically hey, please be careful about what you add because everything that you add Increases responsibility on the security team to worry about caring for it So so I the I Your attendance here is the crucial step that says okay. Let's start that conversation And we bruno and I or bruno can bring it to the security team and say hey We've got a proposal. We've got a maintainer can is willing to be a maintainer and he said he's willing to be a maintainer And so having a maintainer that's that's aligned with for instance another an IBM employee Oliver oliver gonja Is the maintainer of the ubi 9 image? And and we rely on maintainers right so having a maintainer is the is the crucial thing I mean, it's easy enough. And like I said, I already scripted it. So it's not a big amount of heavy lift Great So yeah, and that's that's the piece that So long as so long as we've got your involvement and your willingness to continue being involved That feels like a reasonable request that we can take to the security team Okay, I could start um toying around with it in the meantime, but I'll wait for those commits Make sense Yeah, thank you Cam and bruno, could you could you note just for the controller image for now? Oh So this this initial step is Yeah, can we can we enable it for the controller image because that will simplify Things for can as he evolves it further Okay So let me do that in the action items Then mark if you have a contact outside of the forum, I could report to you if I was able to build those agents Oh, sure. Yeah mark. Yeah, you're welcome to just send me email mark dot url dot wait at gmail.com It's all over the place Or you can do it in in pull requests. That's fine too. Just meant at mention me in github either is fine Okay, uh, not thinking about security. I would be thrilled to have ppc 64 early back You know each platform we add. I know it's a security issue But uh, it's a nice thing for me to have another platform. So another other potential users. You never know Uh can anything you would like to add before switching subject? No, that's all I had. Thank you. Okay, cool. Thank you for coming by the way Mark, uh, you were at scale x last weekend and you had a Jenkins booth and on these booths you had a demo Uh And did each work I think the goal was just to have a nice breaker So can you tell us more about that? Sure. Yeah, so we I I created a stack of six raspberry pies from that I've acquired over the course of the last seven years and connected them to a network switch each of them running raspbian and One of them running the Jenkins controller the other five running Jenkins agents and I built Jenkins plugins with them So I built the implied I know it's kind of boring that really I use Jenkins to build Jenkins, but It's I you built the implied labels plug-in the crush platform shell plug-in and the platform label or plug-in and interesting experience because building big java code in a 500 500 Megabyte Pi is is not always successful, right? I mean that's Made it Well, it I like it much better when I've got at least a gig of memory and much much better when I've got four or eight Yeah, because I failed the platform lab the plug-in for example with one gig byte of memory and also failed the git Client plugin I would expect the git plugins to fail with anything less than eight because I have never given one thought to how much memory those things use of course in terms of In terms of their tests their focus was always check that they are functional that they're well behaved and use as much memories as available Yeah, so so it went great It was a good icebreaker several people asked the question. Wow. How did you get your raspberry pi since They're hard to get right now and the answer was I bought them years ago Which is not a very satisfying answer to the people who attend, but it's the truth Yeah, you could have made a few bucks by setting them on those table Yeah, congrats. Well done Is there any other subject you would like to address before we wrap it up? That's it from me. So ken will continue our conversation either by email or in poll requests Sounds good great. All right. Nice meeting everybody Cool, thanks for that game Um, the video should be available on youtube from 24 to 48 hours And we'll see each other In two weeks from now. Have a good rest of the day. Bye. Bye Thanks. Take care