At the recent flock conference Infrastructure workshop, we had a nice
lively discussion on a number of items.
However, as is normal, we don't want to make decisions about things
without being open and allowing input from everyone, including those
that couldn't be at flock. So, I thought I would write up what we
talked about and the consensus we came up with and ask for any more
input from this list before we start implementing things. It's
possible there's something we didn't think about or that needs more
discussion, so do feel free to reply to this email with any parts you
want to comment on.
* Containers in Fedora Infrastructure:
* We want to look at moving things that make sense to containers.
* A good initial candidate is the mirrorlist servers.
* Would use the existing OSBS build system to build them.
* Would run on proxies.
* Would have haproxy list their socket as primary and old
mirrorlists as secondary.
* The container would have mirrorlist-server wsgi in it along with
the pkl updated hourly.
* Could allow us to spin up more as needed, but also should allow
faster answers from proxies as they don't have to depend on or
query over the vpn.
* Contributor resources in the fedorainfracloud
* Once our cloud is upgraded, we can use ipsilon to let users login
to the cloud and spin up instances for Fedora related needs.
* Outgoing restrictions would be added on port 25 and the like
* To start with users would only get 1 external floating ip.
* Initial rollout would enable qa and packager groups, need to see if
docs and i18n or other groups would have a use for it.
* would note that we can terminate any instance for any reason.
* Patrick would write some scripting to notify users after some time
and terminate if we didn't get an answer back.
* Long term instances should be moved to persistent infra playbooks.
* Build setup and requirements for infrastructure applications.
* Will get releng to set us up some side tags that we can build from
* all prod builds to be done in koji.
* Up to maintainers what priority they place on getting into
EPEL/Fedora. Encouraged for many reasons.
* FAS3 status
* Was running in staging, but we disabled for now until we can finish
a security audit.
* Need to get python-fedora changes lined up and ready/pushed out.
* Need to get fas3 fas_client packaged and ready to go.
* Need more testing in staging.
* Hopefully move production over after f25 is out.
* Fedora Infrastructure support setup
* Talked about on the list a fair bit.
* Support can be determined by looking at the domain:
- full 24x7 support, monitoring, uses RFR
- 8x5 support, monitoring
- some support, monitoring, uses simple RFR
- unsupported, apps run by contributors
* Fedora CA and cert infrastructure.
* Current CA expires in 2018.
* Plans being worked on now to back fas3 with freeipa so we could
move to kerberos tickets for koji then
* Need to figure out what would need to happen to sigul for that.
* Wait and see pending freeipa/fas3 integration.
* koji alternative arch proposals (on devel list, fesco ticket)
* Not too much infrastructure work here.
* will need to increase storage for primary koji, but can regain from
secondaries once their last releases go end of life.
Thats all I had notes on from the workshop, but there may well have
been other items, please do chime in with them if you think of
anything, or have any thoughts on the above.