 English and French no one will understand okay it's recording hello everyone welcome to the weekly infrastructure team meeting we are the 15 of March 2022 so today we have LV mark is not there team is not there we have Stefan Stefan Mer and Aditya do you have a a discourse on the long community Jenkin sayo Aditya yes they think it's they are they can hear them can you share it on the zoom chats please because I'm really bad at typing thanks so you will be mentioned when we will publish to community okay announcement for this week first of all we have the weekly release that's as every week was released automatically earlier today so the version 2.30 39 is available everywhere there is a checklist about the docker image that might not be available yet because someone has to run the job right now but the rest went really really nicely it took a bit more time than usual though the testing part took 25 minutes more not sure why and there is currently a plugin advisory being released so a bunch of plug-in will be updated for security reasons that's the reason why CI Jenkin say you is offline right now status Jenkin say you is up to date do you have any announcement okay so today we are trying something new based on a bunch of really good ideas from RV here we keep the meeting notes as usual in akmd that is for now because it's a collaborative meeting notes so I continue to help me maintaining these notes in a proper and readable way however we are trying to use a GitHub milestone so I'm splitting my screen in two so we can have both okay here we are so I'm starting with this week so I propose the following process first we're going to cover what task has been done during that milestone so the milestone represents the work done during one week it's not strict in timestamps that's on order of magnitude then we will cover the work in progress to see if the tasks that we worked on this week we should if we should keep continuing working next week if they are still important if some these tasks are late for some unknown reason we can discuss it and challenge ourselves finally we will also check the to-do list which means the task that we should have done but we never had the time or the willingness to start and the new incoming things that we discover or that were communicated to us the work in progress and to-do list should result on issues on a new milestone that I've just opened before the meeting so we have this one here that should be closed at the end of the meeting and we have the new one you have the link directly on the notes is that clear as the is there any question or things unclear and that that's a proposal that's perfect okay that yep sorry Harvey I see you're unmuted one reminder for us mainly for me but for everyone though when we have issues on a desk we have and we start working on we have to add them automatically to the current week milestone so most of the time if someone open an issue complaining about something not working and we start diagnosing as they to the operation don't forget to add it to the milestone is it's not a problem if we forget it's just that it's better for us to see oh we worked we did all these cool things that's better for us to see the work we all did as a team let's get started during the past week we worked on so it's not on the right order but yeah I'm gonna take the order on the left part the security groups used on the Kubernetes management config of Jenkins when using EC2 agent is now always automatically update from our Terraform so thanks Stefan for that that's mean contribution on update CLI and adding the whole system and the system has been tested successfully so great job now we can change fearlessly the name of the security groups or the ID and it will be kept updated on other systems also thanks for the work on Azure part so first for the resource group garbage collector so now the packer process that sometimes has some leftover on because it crushes because whatever reasons now we are cleaning up these resources on Azure on each build so at least once per week and it ensures that we don't pay for your newest resources so thanks a lot for that part Jenkins the is the way the website the marketing campaign was a WordPress website and it has been transformed by gave in Morgan thanks a lot into a static website that we can keep hosting so it has been migrated as a static website and is now built by infra.ci so thanks giving for taking care of that and thanks team for the help the same area thanks RV and team for handling the Azure credential management so following a contribution that team did now we can use native Azure credential in infra.ci Jenkins controller which means instead of a bunch of strings we can now have one single credential so both Stefan and RV then apply these changes on packer and other resources including the garbage collector for Stefan and some leftovers somewhere else so thanks a lot for that part that also helps us to maintain in a sustainable way the infrastructure with less moving pieces and a centralized way to change and rotate credentials for the reminder that was a consequence of expiring credentials on Azure last week or two weeks ago two weeks ago another big change it's a GitHub app instead of personal access token so based on what we learn we in fact Jenkins has the same ability as GitHub action to generate a temporary token during a build name an installation access token which is valid for one hour straight that is generated by using GitHub app authentication which means users have a finer grain for authorization you can select not only permission but also repositories on your organization that can be used it doesn't require a GitHub account the GitHub app can be defined at repository organization level so that's clearly better for security and thanks to RV we are now using that mechanism on all our repository so we shouldn't need at least for Jenkins infra port any GitHub specific technical account so better security because we should be able now to remove these users from user and cleaning it up in the future ci jenkin sayo wasn't up to date immediately after the LTS release from last week so yeah i think that's something i forgot on the announcement that's quite an important one right so the LTS has been released last Wednesday successfully and during the one or two day after we had to update ci jenkins and all the other controllers that are based on the LTS line no issue whatsoever so good news there have been some minor hiccups left over on the infra report work due to the GitHub app change so RV thanks for standing up and fixing that the the plugin contributor are really greeting you for that because that helped to keep plugins touching kins that are up to date with the correct maintainer but not only we've worked also on docker images the way we build docker images with container less environment is now causing problems since a few weeks so we fully have the ability to build using virtual machine it has run for three weeks so we were able to close the issue related where emg failing to build images based on alpine linux 3.14 or more so that's really good news because we can proceed and go ahead for a recent versions finally so github app credential for infra report i think we discussed that one last week but let's put the word so the same as for the task and the other and stuff not using replace the use of github but user by github app token okay the only difference if i understand correctly is that the github app here are not within our organization these are github apps on jenkin cia organization that we don't have administration right into yeah it's this script is running on jenkin ski organization we are the manager of the app but jenkin ski admin still have to accept and accept the permission if they change or something some setting like that cool so that's separation of concern between jenkin sanfra and jenkin ci which makes sense so that's a bunch of issues thanks everyone we have on the currently open issues for that milestone we still have two two issues open and then we'll check the other ones terraform refresh azure so for that one it's on me i've spent some time i'm almost there i'm able to now to create azure rm backend secured and encrypted and replicated so now the goal is to get started and apply all our terraform changes to the azure repository which means removing all the existing azure terraform files that are out of date since at least 18 months if it's not more so let's start from a clean state and then create the new resource that we need now such as database for rating or other tasks and import undergo every resource within azure so it's work in progress i'm opening it to put it on the new milestone and there is that issue it seems that there is we still have a dmx dns record for jenkin sayo that should be managed on azure like all the other dns record however that mx is delegated to mailgun no one at least between mark olivier or uh high or even gavin and team no one seems to have access to the mailgun accounts so i need to reach out to kosuke or taylor but i think kosuke just to ask them to remove the delegation i i missed the message from gavin about we should ask the linux foundation maybe to manage email servers so we should delegate the mx to linux foundation i'm not sure who is our contact seems very similar on the left the cdf sorry but i'm not sure to get that because you just need to change the dns record to have the mx to to point somewhere else you don't have to deal with with melgan they are just receiving it because we say to the dns that the mx record is going to melgun but if you change in the dns you don't have to to say anything to melgun that they are just receiving it because of the ip or yes that's correct you just make sense of abuse you just have to change the dns so the question is who um deal the dns of jenkin sayo we we do um so yes we should be able to do it if it's okay are you okay that we pair on that topic uh after the meeting or later in the week okay so let me let me remove more can that you so let's consider we have that task to do during the week is that correct for for everyone i just want to cover uh yeah uh that's what we should do next week but since both you and i already moved some task i want to cover the to-do task before adding everything just to avoid but yeah correct and you're correct so ever you have the email notification from gfrog cloud status yeah it was an experiment to see if we could have an issue uh collecting all gfrog cloud status notification but uh since the i can i can open an issue and uh comment on an issue uh every time a new email arrived with an external services service like uh zapier but uh the problem with that is uh the issue or comment uh issue comment uh contains uh the unsubscribe links so uh it's not good but i um i might have other ideas to do that like uh uh putting the rss feed if they are for an or something like that even maybe scrap their status page i don't i'm i'm sure there are other possibilities okay um is there uh were you able to write on that status and the issue as self documentation um what you just said so okay it's on the status okay do you need help on that one is there anything someone else or is it a to-do task for this week um let's proceed two tasks for this week or next week it wasn't it was an experiment so there isn't any hurry to do that okay next one is switch from git abaction uh to genkins for update cli tasks yeah there are uh several uh repository where um update cli has been set up as git abaction since there wasn't it wasn't possible before and uh i've looked at them but i have to for some of them i have to create a pipeline and for the other you have to adapt and convert the descriptive pipeline library pipeline into a scripted one all right um okay so there are some okay so you need some okay is it okay i have seen myself to mark that then just for myself so i can track which one um question allowed do you think it should be worth it to work on to delay that one after having a specific infrascii multi branch pipeline for all update cli tasks or do you prefer starting this one and then we can i don't have any advice working with a git abaction now there isn't any hurry for this one too i can delay this one now uh whatever you prefer if if you want to keep some time on that one i don't know yet okay so potentially we could uh change and delay that one to and remove it from the milestone and instead replace it by uh the update cli but if you feel it's important no problem for doing that then should it be done before uh multi branch job early for update cli on infra.ci okay thanks for the explanation are we on my side i have the migrate infra report from trusted ci to infrascii so that one in fact was a work in progress i need to update the links um so the idea is to to run that the scripts that erve mentioned earlier that we switched from p80 to git abap that are checking the genkinci organization for statistics but not only also gira and everything and we want to migrate this job this single pipeline with multi branches into a set of different pipelines running on infrascii so it's a two-step process there is no order on these two steps one of the requirement is to be able to define credential at job level to be sure that only this job have access to this credential on infrascii and not the other jobs even accidentally uh there it's technically possible with job dsl but it's hard in the way we use job dsl because we are using iteration so uh what i have to do for this week is to use go templating on elm file and elm will generate the job dsl for us and that should be really good enough for us to start going that pattern same if you're on some airplane this uh yes if i i propose the following let me know if it's okay for you uh i will want to finish it myself uh because uh i want to let's say uh be more or less rusty with go long template and elm as a kind of exercise for myself if it's okay for you then we could pair or i could delegate with no problem the same exercise for all the other jobs and infrascii like only the terraform would have the credential for terraform only packer for packer etc so we can really split between all the existing jobs sounds good for you if you are willing to take it we can exchange tasks or whatever i don't mind okay okay let's go then um so let me add two previous issues to the milestone okay are there other topics that we tracked on the milestone and we forgot to talk about do you have other topics you want to bring or should i check the note from previous meeting should check the notch to make sure because that's the beginning okay so yes click on the previous milestone here i put the link in there okay this one uh the one from yep nice job okay what did we have testing it of milestone so the con trigger we added it as your portal management there isn't any shoe that i need to open one it's uh there is my name there so i should have open one my pet uh engineering singress and self manager that was done two weeks ago uh fail deployment because the credential it's okay infra report we spent quite some time today on that topic gfrog incident oh nothing to do here so i will call that section others uh gfrog answered to our requests there are two things here there's no space left on device has been solved it was an error on their side we should have unlimited response about we should be unlimited on storage even though we still have garbage collecting a process thanks to daniel it's still a good thing to clean up but that should be okay at least we should be able to reach the 12 terabytes before the next slowness and they have added the internal monitoring based on private discussion i had with them however gfrog asked her so there is a to-do list for me as well uh gfrog asked us who were the person in charge of the partnership uh just for the reminder the partnership started when gfrog uh before way before the ipo they have way before the assas platform it was a specific and standard state and managers for us as part of a long-term partnership sounds like that most of the people who did that on gfrog have left the company so they are asking us who are the person there uh eight or ten months ago we had to create again the new accounts migrate the previous data from the previous instance to the new one change everything so daniel and olivia took care of that uh ten months ago uh because we had to be able to reach their support so they had to keep track of us as a free customer on the database which they didn't before so feel like that them asking that kind of question might uh reconsider the partnership or at least they want to have it more formal which makes sense so i have to answer to them uh do you feel i should open an issue for that part or is it okay for you if i just go ahead and answer the email good so thanks mark when you will check that recording for sharing the contacts you have with us because my knowledge was close to zero on that area is there any question about gfrog okay um firstly purge requests so i don't remember if we had time last week so just to note the protection for purge has been reverted because it was uh slowing down some of the contributor like team so thanks rv because you had to go through the pain to enabling it and disabling it sorry for for making you live through that but at least we know how it works and it opened the vastly terraform management for upcoming days by the way do we have an issue about vastly terraform that we should be able to put and we have cool it's on the terraform uh winter spring okay which is an imported milestone um do you feel uh one of us can start working on that topic this week or i don't remember if we'd say the oracle first and vastly then or i don't remember what we said yesterday we said that we will we will pair with rv first and then change we do and then we change and i forgot if there was one before the other between oracle and and vastly do you remember rv or do you have do you have one you prefer to do select one do you think you you could be able to work on it on that milestone otherwise we we wait for later uh we can but we would have to discuss a little bit about affecting it to issues or projects uh milestone or project to we can't have two milestones on an issue yes i'm not sure switching milestone every time we want to do it quickly or not is a good session we have to discuss it before yeah that this project management questions so no problem for discussing that and that's correct however my question is do you feel between this meeting and next week meeting on the upcoming seven day do you feel you you could be able to start working on either vastly terraform or oracle terraform if you can that's not a problem but i'm asking the question lastly is a new one so when i spoke about it when we spoke about it together it was i was more in i was thinking uh it should be a task for stefan as aren't any new and existing resources to import it's an easy one in court so you should you should do the oracle one and i pair with you and then i will do the vastly and i can i can do the vastly already but it's yeah but that's a nice one for me to try that's what we might have thought that a bit too quickly we have resources and vastly as for today we have currently free website managed by fastly so we'll have to import these resources so i'm thinking a lot but that should be the same amount of work for both let me try uh fast this week and so i know what what to expect when importing existing resources okay so no problem for you to get started on one of these two okay so let's start with fastly and let's see if we have time or not no problem cool what other notes did we have uh similarity help desk way we talk about that update security group that has been done garbage collector that has been done um now we have okay we have past five minutes so there is one last task for me report superior issues yes reports stale issues from previous meeting into a desk issues and let me add okay okay that's all for me are there other topics that we forgot that you want to bring that you want to talk about that's good okay thanks folks have a good day and see you next week thank you bye bye