new sigul rolled out
Hey folks. Just a heads up that I have migrated sigul to the new 1.2 version with rhel9 vault/bridge. Please let me know if you see any signing issues in the coming days. It seems to be processing as expected, so hopefully everything will be transparent to everyone, and look for some nice improvements to hopefully be enabled in coming weeks. See: https://pagure.io/fedora-infrastructure/issue/11505 for more info. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Meeting Agenda Item: Introduction Paul Maconi
On Thu, Apr 25, 2024 at 08:46:17PM GMT, Paul Maconi wrote: > Hello everyone! My name is Paul Maconi, aka @aggraxis on matrix, across > the FAS, and a bunch of other places. I attended the meeting earlier > today. Thank you again for the warm welcome. Welcome again. Nice seeing you around... ...snip... > Honestly, I'm just a computer nerd who grew up to be a computer nerd. > I love learning things and solving problems. I will say that I was a > little intimidated at first by the outstanding issues. Even some of > the Eaxyfix items looked kind of wild from the newcomer point of view. > Still, I'm excited for the opportunity to come learn, grow, and create > with you all. Yeah, we struggle with easyfix items (or at least I do). If something is super easy and anyone can do it, it's hard to just let it wait for someone, it's easier to just do it... :) But do chime in if you see something go by you would like to help out with. Our ansible repo is available for PRs...there is a ton of cruft over the years there, and once we finally decide to roll out to AWX, we are going to be needing to do a lot of ansible re-writing/cleanup. :) kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora 40 Final Freeze now over!
With the release of Fedora 40 yesterday, infrastructure freeze is now over. Our next freeze is for Fedora 41 beta, currently scheduled for 2024-08-20. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Freeze break request: koji update on builders
Thanks everyone. I got the builders updated. Hopefully that will do the right thing for now. ;) kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Freeze break request: koji update on builders
In the run up to f40 final we were using a koji with a patch to _not_ enable the builroot repo when making containers via kiwi plugin. This was to fix the fact that pulling from the buildroot repo pulls unsigned rpms, making all the rpms installed in the container unsigned. Foolishly, I pulled a newer/expansion of that patch from upstream in in the last round of updates, but something in it's defaults/logic causes it to not disable the buildroot repo, and again containers have unsigned rpms. ;( So, what I would like to do is go back to the previous patch we had that just has the 'only enable buildroot when no repos are passed' patch. Ideally we would do this today so the last f40 nightly would be right. If not tho, we could land it anytime and then the nightly container builds would be fixed. Can I get +1s for this plan? Thanks, kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Freeze break request: redirect labs.fp-o to the new labs website
On Thu, Apr 18, 2024 at 07:40:11PM GMT, darknao wrote: > Hi o/ > > I would like to retire the old labs.fedoraproject.org website and redirect it > to the new one on the main site at https://fedoraproject.org/labs/ > > If possible, the redirect would be enabled on F40 release day so we don't > need to update the old site for F40. > > PR: https://pagure.io/fedora-infra/ansible/pull-request/1968 > > Any +1s? Sounds good. +1 Is that the last of the 'old' sites now? kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Freeze break request: update koji package on builders
When I did the updates before final freeze, I missed updating the builders with the latest koji package from the f39-infra tag. At the time for some reason I thought it didn't matter, because the patches were all hub related, but turns out thats not the case. 2 of the patches affect builders: * One adding --debug to kiwi builds so we can see whats going on. * One changing it so kiwi build tasks don't use the koji buildroot for packages. When they do this they get unsigned packages and it shows up in the containers made with kiwi. So, I'd like to update all the builders to the latest f39-infra koji package with these patches and restart kojid on them. +1s? kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Fedora 40 beta freeze now over
On Sat, Apr 06, 2024 at 04:34:05PM +0100, jdie...@gmail.com wrote: > On Tue, 2024-04-02 at 16:55 -0700, Kevin Fenzi wrote: > > On Tue, Apr 02, 2024 at 09:28:31PM +0100, Jonathan Dieter wrote: > > > * Alternatively, we could update whatever's calling createrepo_c > > > to > > > add the `f` prefix to all non-rawhide builds. > > > > I like this option. ;) > > > > https://pagure.io/pungi-fedora/pull-request/1269 > > I just wanted to follow up on this. I just checked the metadata, and > primary.zck is down from 33MB to 19MB. > > Thanks so much for this! Thanks for the reminder. ;) We should probibly add a thing to the release schedule to check it before final each time. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Meeting Agenda Item: Introduction Aditi Mishra
On Wed, Apr 03, 2024 at 05:22:52PM +0530, Aditi Mishra wrote: > Hello, > > Just for the information, I'm very new to fedora but want to contribute in > the development of future fedora. > > Below are my specfications: > > IRC handle: aditiLinux > > * Skills that I can offer: > > - Programming languages: python and C. > > - System adminstraion skills: I'm working very close to linux and > also worked in scheduler area as an intern. > > - Association: working in linux technology as an software developer > in IBM firm. > > * Skills to learn: > > - Debugging in area of packing. > > - Maintaining servers. > > * Questions to ask: > > - Can I collaborate in some bringup projects ? Welcome! Do take a look at our getting started doc: https://docs.fedoraproject.org/en-US/infra/gettingstarted/ kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Fedora 40 beta freeze now over
On Tue, Apr 02, 2024 at 09:28:31PM +0100, Jonathan Dieter wrote: > On Sat, 2024-03-30 at 09:39 -0700, Kevin Fenzi wrote: > > On Fri, Mar 29, 2024 at 11:32:10PM +, Jonathan Dieter wrote: > > > On Wed, 2024-03-27 at 09:12 -0700, Kevin Fenzi wrote: > > > > Our next freeze is for Fedora 40 Final, currently scheduled for > > > > 2024-04-02, which is NEXT TUESDAY! > > > > > > Could you please update fedora-repo-zdicts to 2403.1 on the server(s) > > > used to generate the metadata? This will reduce the size of the zchunk > > > metadata for the fedora repo. > > > > Yeah, I already updated the rawhide composer the other day... will get > > the rest today. > > > > Thanks for the reminder. > > Hey Kevin, thanks for looking into this. I've just checked today's > compose and it's still not using the dictionaries. Looking at the logs > at > https://kojipkgs.fedoraproject.org/compose/branched/Fedora-40-20240402.n.0/logs/x86_64/createrepo-Everything.rpm.x86_64.log > , it looks like it's not using the expected dictionary path: > > The dictionaries are in: > /usr/share/fedora-repo-zdicts/f40 > > But createrepo_c is looking in: > /usr/share/fedora-repo-zdicts/40 > > Our options are: > * I can push out a new build of fedora-repo-zdicts with paths added > that strip out the `f`, but we'll need to get a final freeze exception. > > * Alternatively, we could update whatever's calling createrepo_c to > add the `f` prefix to all non-rawhide builds. I like this option. ;) https://pagure.io/pungi-fedora/pull-request/1269 kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Deleting old AMIs in AWS
On Tue, Apr 02, 2024 at 09:39:46PM +0200, Miroslav Suchý wrote: > Dne 02. 04. 24 v 7:45 odp. Kevin Fenzi napsal(a): > > On Tue, Apr 02, 2024 at 07:13:56AM +0200, Miroslav Suchý wrote: > > > Dne 14. 03. 24 v 9:58 dop. Miroslav Suchý napsal(a): > > > > FYI I plan to continue in AWS cleanup on Friday. > > > > > > > > I waited till Freeze is over - just to be safe. And now I want to delete > > > > the old AMIs. Likely in several waves. Going from oldest to ~2021. > > > I deleted all AMIs that does not have tag FedoraGroup and that were older > > > than 2019-01-01. > > > > > > For the record, the list of deleted AMIs is in attachement. And the script > > > that I used is > > > https://github.com/xsuchy/fedora-infra-scripts/blob/main/delete-old-amis.py > > > > > > The script deregistered 36996 AMIs. The associated snapshots still exists. > > Hurray! > > > > Thanks again for doing this. > > You are welcome. But I have to say I am scared. > I just ask myself: and centos AMIs are stored under which account? > > Our account, is the answer! Yep. ;( It is scary, but it should be done... > So, I have just tagged all AMIs from > > https://www.centos.org/download/aws-images/ > > with FedoraGroup=ga-archives ok. I suspect there's a lot fewer of them than the fedora ones? > Any idea if I missed something else before I start deleting the more recent > ones? I don't think so... kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora 40 Final Freeze now in effect!
Greetings. we are now in the infrastructure freeze leading up to the Fedora 40 Final release. This is a final release freeze. We do this to ensure that our infrastructure is stable and ready to release Fedora 40 when it's available. You can see a list of hosts that do not freeze by checking out the ansible repo and running the freezelist script: git clone https://infrastructure.fedoraproject.org/infra/ansible.git ansible/scripts/freezelist -i inventory Any hosts listed as freezes is frozen until 2024-04-16 (or later if release slips). Frozen hosts should have no changes made to them without a sign-off on the change from at least 2 sysadmin-main or rel-eng members, along with (in most cases) a patch of the exact change to be made to this list and/or a pull-request to the infra/ansible repo. Thanks, kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Deleting old AMIs in AWS
On Tue, Apr 02, 2024 at 07:13:56AM +0200, Miroslav Suchý wrote: > Dne 14. 03. 24 v 9:58 dop. Miroslav Suchý napsal(a): > > FYI I plan to continue in AWS cleanup on Friday. > > > > I waited till Freeze is over - just to be safe. And now I want to delete > > the old AMIs. Likely in several waves. Going from oldest to ~2021. > > I deleted all AMIs that does not have tag FedoraGroup and that were older > than 2019-01-01. > > For the record, the list of deleted AMIs is in attachement. And the script > that I used is > https://github.com/xsuchy/fedora-infra-scripts/blob/main/delete-old-amis.py > > The script deregistered 36996 AMIs. The associated snapshots still exists. Hurray! Thanks again for doing this. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS usage per group (March)
On Tue, Apr 02, 2024 at 01:21:55AM +0200, Miroslav Suchý wrote: > Here comes January edition of resources running in AWS. It's a snapshot of > resources running today. > > Per request of Miro Vadkerti I grouped it by (FedoraGroup, region, > ServiceName). I will try to make it more compact next time, but giving up > now as it already cost me half of the night. Nice improvement. I like it. :) kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Untagged resources in AWS
On Mon, Apr 01, 2024 at 09:45:18PM +0200, Miroslav Suchý wrote: > This is without AMIs and Snapshots that still produce looong list. > > Region: us-west-1 > Volumes - [id name (attached to instance, owner)]: > * vol-0d7702fbe7ab94c6f N/A (famna.fedorainfracloud.org, N/A) Oops. Thiw was me. I thought it was all tagged. Fixed. > Region: us-west-2 > Instances: (name, id, owner) > * openscanhub-test (i-0c32e3d4eff4bf1a4, N/A) > Volumes - [id name (attached to instance, owner)]: > * vol-0e9ad438b3cf1e5b9 N/A (openscanhub-test, N/A) This is the new openscanhub app. ...snip... I think all the testing farm ones might be because they are able to do spot images now and need to make sure those get tagged right? Not sure. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Fedora 40 beta freeze now over
On Fri, Mar 29, 2024 at 11:32:10PM +, Jonathan Dieter wrote: > On Wed, 2024-03-27 at 09:12 -0700, Kevin Fenzi wrote: > > Our next freeze is for Fedora 40 Final, currently scheduled for > > 2024-04-02, which is NEXT TUESDAY! > > Could you please update fedora-repo-zdicts to 2403.1 on the server(s) > used to generate the metadata? This will reduce the size of the zchunk > metadata for the fedora repo. Yeah, I already updated the rawhide composer the other day... will get the rest today. Thanks for the reminder. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Planning infra and releng hackfest for flock 2024
Hey folks, started a discussion thread: https://discussion.fedoraproject.org/t/planning-for-infra-and-releng-hackfest-at-flock-2024/110244 Please read and reply over there (or I guess here if you really must ;) kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora 40 beta freeze now over
With the release of Fedora 40 Beta yesterday, infrastructure freeze is now over. Our next freeze is for Fedora 40 Final, currently scheduled for 2024-04-02, which is NEXT TUESDAY! kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Freeze Break request: small koji update for builders
I'd like to update koji on builders. This build ( https://koji.fedoraproject.org/koji/buildinfo?buildID=2423765 ) has added: * A fix to make kiwi builds only use passed repos if there is one passed https://pagure.io/koji/pull-request/4061 ). I have tested this in staging and it does fix the bug we want it to fix: https://bugzilla.redhat.com/show_bug.cgi?id=2270397 (basically if kiwi adds the buildroot repo from koji it gets unsigned rpms, we only want it to use the compose repo). * a small fix to add --debug to kiwi tasks so we can get much better compose output to debug problems. Also, I dropped some old patches around rpmdir issues debugging (but that shouldn't affect this freeze break because it only applies on builders, not hubs). So, can I get +1s to: apply this to koji builders restart kojid on them I might just do this and ask for forgiveness as we need to fire off rc 1.10 here in a short time. ;( kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Freeze Break Request: update proxies and ipsilon for kerneltest
On Wed, Mar 20, 2024 at 12:41:49PM +1000, Ryan Lerch wrote: > Working on switching kerneltest over to openshift, and the final step > is to update the proxies: > > https://pagure.io/fedora-infra/ansible/pull-request/1872 > > and then also run the iplison playbook so the oidc config gets copied > over to ipsilon. (from the secrets repo) +1 here. kerneltest shouldn't affect any release things and this should be easy to revert if needed. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Deleting old AMIs in AWS
On Thu, Mar 14, 2024 at 09:58:47AM +0100, Miroslav Suchý wrote: > FYI I plan to continue in AWS cleanup on Friday. > > I waited till Freeze is over - just to be safe. And now I want to delete the > old AMIs. Likely in several waves. Going from oldest to ~2021. Sure, but note that freeze is only over once we ship a beta. ;) But I don't knot that this needs to wait on that. It seems pretty safe. > In this step I plan to keep the associated snapshots. So if I break something > we can still restore the AMI. > > > BTW - quick summary where we are with the cleanup stuff: > > * all VM, volumes have tag FedoraGroup > > * all gp2 volumes are migrated to gp3 > > * All AMIs with name 'Fedora-AtomicHost-*' are deleted. Including associated > snapshots > > * all Fedora GA AMIs and snapshots are tagged with FedoraGroup. > > * all old (2021-) snapshots with no associated AMIs are deleted. Thanks again for moving this forward. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Planned Outage - fedora.im / chat.fedoraproject.org matrix server - 2024-03-14 07:00 UTC
Planned Outage - fedora.im / chat.fedoraproject.org matrix server - 2024-03-14 07:00 UTC There will be an outage starting at 2024-03-14 07:00UTC, which will last approximately 1 hour. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2024-03-14 07:00UTC' Reason for outage: The fedora.im / chat.fedoraproject.org and fedoraproject.org matrix servers will be down for 30-45minutes for database maintainance. Messages sent during the outage should arrive after the outage via federation. Affected Services: fedora.im / chat.fedoraproject.org matrix server fedoraproject.org matrix server Ticket Link: https://pagure.io/fedora-infrastructure/issue/11812 Please join #fedora-admin or #fedora-noc on irc.libera.chat or #admin:fedoraproject.org / #noc:fedoraproject.org on matrix. Please add comments to the ticket for this outage above. Updated status for this outage may be available at https://www.fedorastatus.org/ signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: When is the freeze break going to be over
On Wed, Mar 06, 2024 at 11:18:25PM -, Ryan Bach wrote: > I want to know because maybe we can see hyperkitty updated after that. It should be the day after the Beta is released. We missed next week's 'early' date, so the next target is a week from next tuesday. Note though that hyperkitty/mailman3 work is ongoing, it's not being blocked by the freeze. We are working on standing up a staging instance to get everything set. After thats all working we can look at upgrading production. I am sure once there's a staging instance we will call for testing on it... hopefully you and others can help us check for issues. :) kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Freeze Break request: update kernel on buildhw-x86*
Thanks. This is done now. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Freeze break request: update pungi on compose hosts
We need a newer pungi version that adds support for kiwi and has changes for osbuild arm minimal. These are both things we are trying to land for beta. There's a 4.6.2 release upstream that we need. So, I'd like to build this for f39 (which our compose hosts are) and update them. If something goes very wrong we should be able to just downgrade back to the previous version. +1s? kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Freeze Break request: update kernel on buildhw-x86*
Hey everyone. The koji builders are currently using 6.7.6-200.fc39, which is mostly fine, but on i386 builds there's some kind of memory issue and (some) builds run out of memory and fail. ;( See: https://pagure.io/fedora-infrastructure/issue/11775 I'd like to upgrade the buildhw-x86* builders to the latest 6.8.x kernel. We tried this in staging and it let the build complete fine. We only need to do those builders because those are the only ones in the 'heavybuilder' channel that webkitgtk builds use, and the x86 ones are the only ones that do i386 builds. ;) We could I suppose update all the buildvm-x86* also in case there are other packages we don't know about that are affected, but then the change is wider. So, +1s? Thoughts? kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Untagged resources in AWS
On Fri, Mar 01, 2024 at 04:20:30PM +0100, Miroslav Suchý wrote: > This is without AMIs and Snapshots that still produce looong list. > > Region: ap-southeast-1 > Instances: (name, id, owner) > * proxy38 (i-0a1ee820c765d573c, N/A) > Volumes - [id name (attached to instance, owner)]: > * vol-0cbc4cc3e8cab429f N/A (proxy38, N/A) Thanks. I had reprovisioned this a while back and I did set the tags right, but then shortly after I reprovisioned it again for some change and likely didn't set them again. ;( They should be marked right now. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora 40 beta freeze now in effect
Greetings. We are now in the infrastructure freeze leading up to the Fedora 40 Beta release. This is a pre release freeze. We do this to ensure that our infrastructure is stable and ready to release the Fedora 40 Beta when it's available. You can see a list of hosts that do not freeze by checking out the ansible repo and running the freezelist script: git clone https://pagure.io/fedora-infra/ansible.git ansible/scripts/freezelist -i inventory Any hosts listed as freezes is frozen until 2024-03-12 (or later if release slips). Frozen hosts should have no changes made to them without a sign-off on the change from at least 2 sysadmin-main or rel-eng members, along with (in most cases) a patch of the exact change to be made to this list or a pull request for review. Thanks, Kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Planned Outage - koji upgrade - 2024-02-21 21:00 UTC
Planned Outage - koji upgrade - 2024-02-21 21:00 UTC There will be an outage starting at 2024-02-21 21:00 UTC, which will last approximately 3 hours. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2024-02-21 21:00UTC' Reason for outage: koji will be upgraded to 1.34.0, which requires a schema update that touches many rows. We estimate this will take about 45minutes to complete and during that time, koji will be completely offline. Package maintainers are advised to not start any long term builds before the outage. Affected Services: koji bodhi Ticket Link: https://pagure.io/fedora-infrastructure/issue/11778 Please join #fedora-admin or #fedora-noc on irc.libera.chat or #admin:fedoraproject.org / #noc:fedoraproject.org on matrix. Please add comments to the ticket for this outage above. Updated status for this outage may be available at https://www.fedorastatus.org/ signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Where can I find "Packages Restricting Arches" script.
On Wed, Feb 14, 2024 at 02:20:39PM +0100, Sandro wrote: > Hi, > > Some script running on pkgs01.iad2.fedoraproject.org sends a report titled > "Packages Restricting Arches" to arch-exclu...@lists.fp.o every night > (between 04:00 and 05:00 UTC)[1]. I was wondering where I could find that > script. > > The report appears to be for ExclusiveArch only. It would help me if I could > generate a similar report for ExcludeArch. > > [1] > https://lists.fedoraproject.org/archives/list/arch-exclu...@lists.fedoraproject.org/thread/QGEZ7CKLNZVX6OKTF6ZGPNCB2LNZOCKB/ Its a hook, defined in our ansible repo: https://pagure.io/fedora-infra/ansible/blob/main/f/roles/git/hooks/files/post-receive-alternativearch kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS cleanup - what to delete next?
On Mon, Feb 12, 2024 at 08:40:32PM +0100, Miroslav Suchý wrote: > Dne 09. 02. 24 v 20:34 Miroslav Suchý napsal(a): > > > I think we should leave "GA" images. Even thought they are EOL for the > > > most part, I think it's still possibly nice to be able to spin one up to > > > test something or the like. We can find the names on our download > > > server, ie, > > > > > > https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/35/Cloud/x86_64/images/ > > > Fedora-Cloud-Base-35-1.2 is the GA for fedora 35 cloud. > > > > Nod. I was about to ask how can I find them... but the name match > > nicely. And going manualy over 35 names is likely not big deal. > > > > I will tag them. Then they disappear from my radar. > > > > I propose tag > > > > FedoraGroup=ga-archives > > > > Any objections? > > > I tagged all GA images with this ^^^ tag. Thanks. > I went from Fedora 39 down to Fedora 19. But I did not find any image for > Fedora 19 and 20 (that is year 2013) so I stopped there. > > I label AMIs and associated snapshots. > > For the record, this is the the script I used for labeling the AMI in all > regions > https://github.com/xsuchy/fedora-infra-scripts/blob/main/label-ami.py > > > Who is responsible for uploading Fedora Cloud images to AWS? Fedora Cloud > SIG? Somebody else? I want to make sure that consequent GA images, will be > properly tagged. Well, it's done with the fedimg app in fedora infra currently, so thats where it would need to change right now. The cloud sig has plans to replace fedimg, which I hope they can do well before rhel7 eol in a few months, because fedimg is python2/rhel7. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Different owner of some Fedora-Cloud-Base images in AWS?
On Mon, Feb 12, 2024 at 11:10:57AM -0500, Dusty Mabe wrote: > > > On 2/12/24 05:14, Miroslav Suchý wrote: > > I was wondering why I cannot tag some images in AWS and I found that some > > GA images in AWS have different owner. > > > > I.e. all our images has > > > > Owner account ID 125523088429 > > > > But e.g. ami-0e4e634d022c1a3f8 in ap-southeast-4 region has owner id > > 569228561889. There are more such cases, but it seems quite random. > > > > To see this AMI in WebUI you have to switch from "AMIs owned by me" to > > "Public images". > > > > Is this expected? Is this some malicious thing? > > We have a community cloud AWS account (predates the official AWS account used > today) with ID 013116697141, so if you see any > from that account they aren't malicious, but we should probably clean them up. > > We use the community cloud AWS account for dev (occasionally) and for testing > created Cloud and CoreOS images. Nothing "official" should be produced by > that account. > > 569228561889 could be just a individual/company/org that makes copies of our > images they are using as a hedge in case we ever delete the images. So it's > not necessarily malicious, but not ideal. Ideally we'd get our official > images into the AWS marketplace and it would be easier to tell which were > official and which aren't. Right. I think this is something we don't need to worry about? kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: FYI: removal of bastion server in DNSBL spam.dnsbl.anonmails.de requested
On Mon, Feb 12, 2024 at 09:04:25AM -0500, Stephen Smoogen wrote: > On Mon, 12 Feb 2024 at 06:12, Marius Schwarz wrote: > > > Hi, > > > > as die Infrastructure ML did not react ( or could not react ;) ), I > > requested the removal at that antispam blacklist. > > > > > I did not see any email to the infrastructure list about this so I am > wondering if your email (and other emails) have gotten trashed? Did you > open a ticket on this at https://pagure.io/fedora-infrastructure/ already? > There is another email issue that was listed there earlier today but I > don't know if they are related. I didn't see any emails on this subject either but it sounds like it got addressed somehow anyhow? But yes, always open a ticket if you want something addressed... I try and watch lists and such for issues, but I could easily miss something. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS cleanup - what to delete next?
On Thu, Feb 08, 2024 at 05:09:27PM +0100, Miroslav Suchý wrote: > Yesterday I finally deleted all Fedora-AtomicHost AMIs and associated > snapshots (it took whole night to finish). > > This time, I know we have to start with AMIs first (and only then delete > snapshots). > > Where I can continue witht the cleanup? There is several dozen thousand of > AMIs. At the end of this email I will give random sample from the list. > > I am very afraid of deleting something that is still currently in use and > that is somewhere listed as golden image. > > Or we do not care about anything but images of stable Fedoras and everything > that matches 'Fedora.*-X-.*' where X is number bellow < 38? So... my take: I think we should leave "GA" images. Even thought they are EOL for the most part, I think it's still possibly nice to be able to spin one up to test something or the like. We can find the names on our download server, ie, https://dl.fedoraproject.org/pub/archive/fedora/linux/releases/35/Cloud/x86_64/images/ Fedora-Cloud-Base-35-1.2 is the GA for fedora 35 cloud. We should exclude all 'current' releases (ie, 38/39/40) We should exclude "Rawhide" ones that are 2024? I don't think we need to keep all the old ones there. We have them koji if we really need them. (At least the last month or two) Perhaps for the coreos ones use similar rules? Dusty? I am unsure about the CentOS ones. We should check with them on that. Would it be worth it to rename the ones we plan to delete with a 'about to delete' name, wait a while and then delete? Or is there any way to tell who/how many people are using a ami? kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Not tagged resource in AWS
On Wed, Feb 07, 2024 at 02:49:01PM +0100, Miroslav Suchý wrote: > This is a resource from AWS that does not have propper tag: > > Region: eu-west-1 > Volumes - [id name (attached to instance, owner)]: > * vol-0e5efafe67ed944ad N/A (apps-containerization, N/A) > > Can the owner please tag (or delete) it? Fixed. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Planned Outage - server updates - 2024-02-07 22:00 UTC
There will be an outage starting at 2024-02-07 22:00UTC, which will last approximately 6 hours. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2024-02-07 22:00UTC' Reason for outage: We will be applying updates and rebooting servers. No one service should be down long, but may be up and down in the outage window. Additionally, as time permits we will be doing the following additional work: - resizing disks on database servers - moving some database servers to rhel9 and newer postgresql - applying some firmware updates Affected Services: Most services will be affected for a short time, but end user facing services (mirrorlists, websites) should not be affected. Ticket Link: https://pagure.io/fedora-infrastructure/issue/11752 Please join #fedora-admin or #fedora-noc on irc.libera.chat or #admin:fedoraproject.org / #noc:fedoraproject.org on matrix. Please add comments to the ticket for this outage above. Updated status for this outage may be available at https://www.fedorastatus.org/ signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Bugzilla and Groups
On Thu, Dec 21, 2023 at 01:19:46PM -0700, Tim Flink wrote: > What are the general rules around default bugzilla assignee for packages? I'm > trying to set the default assignee for rocm-cmake to rocm-packagers-sig but > keep getting an error: > > Unable to update the bugzilla assignee(s): Invalid user or group name as > fedora_assignee > > As far as I know, rocm-packagers-sig is a pkgdb group. Do I need to request a > change to the group for it to be the default bugzilla assignee? Is setting a > group as the default assignee against some policy that I don't know about? > > My search-fu has been failing me on this so I figured I would ask to see if > someone here has an answer. I think this is a interface confusion... when adding a group as bugzilla asignee, you have to prefix it with @ If you do that does it work? kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Holiday reminder 2023
Just a gentle reminder that the holiday season is coming up. Many contributors have more time to work on things, others are spending time away with friends and family. When you push changes during the holidays be extra aware of anything that might cause outages or breakage that might pull someone who was enjoying time away back to fix things. Happy holidays everyone. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Heads up - AWS Snapshots cleanup
On Sat, Dec 02, 2023 at 10:57:11PM +0100, Miroslav Suchý wrote: > Dne 02. 12. 23 v 22:45 Miroslav Suchý napsal(a): > > I wonder - do we have written retention policy for our images? Do we > > want to keep the old one? Public ones? Private ones? > > It seems that Fedora Atomic Host is EOLed since 2019-11-26 > https://projectatomic.io/blog/2019/11/fedora-atomic-host-nearing-eol/ > > The images for historical purposes are available at > https://dl.fedoraproject.org/pub/alt/atomic/stable/ > > So it seems to me that we can safely delete all AMIs with name > "Fedora-AtomicHost*' Yeah, I would think so, yes. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
congrats to another new sysadmin-mainer
I'm happy to announce that We have approved a new member in our sysadmin-main group: praiskup This is the core group of trusted folks that high level access to most everything in fedora infrastructure. As many of you know, he's wrangled copr for quite some time, as well as taking on other critical projects like maintaining mock and it's various configs. Adding him to sysadmin-main will help the copr team to more quickly change items that need that level of access, as well as hopefully allowing him to help out in other places around infrastructure as his time permits. Congrats! Use your powers for good! :) kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Introduction - Chris(devic3)
On Tue, Nov 28, 2023 at 12:10:54PM +0100, Krzysztof Kuberski wrote: > I will be there :) > As I can see it is #fedora-meeting-3 in this Thursday at 16:00 UTC Yeah, except... last time for the first time, we met over on matrix instead of IRC, and likely we will try again this coming week too. So thats: [#meeting-3:fedoraproject.org](https://matrix.to/#/%23meeting-3%3Afedoraproject.org) kevin -- > > Chris > > wt., 28 lis 2023 o 01:29 Kevin Fenzi napisał(a): > > > On Mon, Nov 27, 2023 at 07:18:55PM +0100, Krzysztof Kuberski wrote: > > > Hello, > > > > > > I wish to help in contributing at Fedora, below some informations about > > me > > > > > > IRC - DeviC3 > > > > > > Skills/job: > > > Actually, I'm working as sysadmin in the RHEL environment and a secondary > > > job as LSE in the same company. > > > > > > Skills which can be useful: > > > scirpts - Bash;Python, > > > with background in networking and low level OS debugging, > > > automation, > > > monitoring, > > > storage > > > > > > Wish to learn? > > > If still used, C programming and working with kernel > > > > > > Best regards, Christopher ! > > > > Hey Christopher! Welcome! > > > > We meet up on thursdays on matrix for a meeting as well as daily > > standups mon-thursday. Hope you can join us over there. > > > > kevin > > -- > > ___ > > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > > To unsubscribe send an email to > > infrastructure-le...@lists.fedoraproject.org > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > > Do not reply to spam, report it: > > https://pagure.io/fedora-infrastructure/new_issue > > > -- > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Introduction - Chris(devic3)
On Mon, Nov 27, 2023 at 07:18:55PM +0100, Krzysztof Kuberski wrote: > Hello, > > I wish to help in contributing at Fedora, below some informations about me > > IRC - DeviC3 > > Skills/job: > Actually, I'm working as sysadmin in the RHEL environment and a secondary > job as LSE in the same company. > > Skills which can be useful: > scirpts - Bash;Python, > with background in networking and low level OS debugging, > automation, > monitoring, > storage > > Wish to learn? > If still used, C programming and working with kernel > > Best regards, Christopher ! Hey Christopher! Welcome! We meet up on thursdays on matrix for a meeting as well as daily standups mon-thursday. Hope you can join us over there. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS Snapshots without FedoraGroup tag
On Thu, Nov 23, 2023 at 04:38:01PM +0100, Miroslav Suchý wrote: > > I had time to investigate it a bit: Thanks for digging into it. ...snip... > > Based on this founding I propose: > > 1) Delete **all** snapshots without FedoraGroup tag older than - let say - > 2021. This way we can actually review if there are some snapshots other than > leftovers form clean-amis that is worth preserving. But right now I am > unable to review manually anything. If the snapshot will be linked to live > AMI then AWS refuse to delete it and I will ignore such errors. If there > will be no objection I will top post this as separate headsup email. Sounds pretty reasonable to me. > 2) Open ticket that owners of fedimg should fix the tooling to delete the > snapshots > > 3) Open tickets that owners of fedimg should delete cleanup AMIs with > Deprecation time lower than todays date. "Owner of fedimg" is... us I guess? but as far as I know, no one is doing anything with it. The plan was that the cloud-sig was going to look at a new, better tool to manage uploading. I am not sure what the status of that is. kevin signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Planned Outage - pagure.io network switch updates - 2023-11-17 13:00 UTC
Planned Outage - pagure.io network switch updates - 2023-11-17 13:00 UTC There will be an outage starting at 2023-11-17 13:00UTC, which will last approximately 4 hours. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2023-11-17 13:00UTC' Reason for outage: Network switches in the datacenter that hosts pagure.io will be updated and rebooted. This should result in a small (~20m) break in connectivity sometime in the outage window. Affected Services: pagure.io Ticket Link: https://pagure.io/fedora-infrastructure/issue/11626 Please join #fedora-admin or #fedora-noc on irc.libera.chat or #admin:fedoraproject.org / #noc:fedoraproject.org on matrix. Please add comments to the ticket for this outage above. Updated status for this outage may be available at https://www.fedorastatus.org/ signature.asc Description: PGP signature -- ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
intent to retire: fedmsg-irc, old fmn, osbs
Greetings everyone. Now that fedora 39 is out the door, I'd like to schedule some retirements of a few old services: fedmsg-irc: This is a old fedmsg process that send fedmsg's to IRC. Currently we have one running in production and one in staging, both on rhel7 vm's that we would like to retire. They currently gateway the entire message bus to #fedora-fedmsg (prod) and #fedora-fedmsg-stg (staging), but due to the volume and IRC throttling they are way behind. It's often behind by 12-48 hours. Additionally, it sends some matching messages to the #fedora-releng channel (composes, etc). We plan to replace that with a matrix bot webhook at some point. old fmn (old fedora notifications service). https://apps.fedoraproject.org/notifications-old/ This was replaced with https://notifications.fedoraproject.org/ and we said we would sunset the old one after f39 was out. If you're missing features with the new one, please make sure they are tracked at https://github.com/fedora-infra/fmn/issues osbs (openshift build service). This is 4 openshift 3.11 clusters. (one each for x86_64 and aarch64 x production and staging). This service built containers for us, but all the containers we now build are done via ImageFactory (base, minimal, toolbox) or elsewhere (quay.io, etc). I'd like to turn these services off next wed (2023-11-15) if there's no reasons I missed to do so before then. We will keep the data from them around in case we need to bring them back or get data from them. Please let us know if there's any uses for these services we aren't aware of before next wed. https://pagure.io/fedora-infrastructure/issue/11504 is a tracking ticket for the osbs cluster retirement. Thanks! kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS Snapshots without FedoraGroup tag
On Mon, Nov 06, 2023 at 10:22:57PM +0100, Miroslav Suchý wrote: > Dne 06. 11. 23 v 20:45 Kevin Fenzi napsal(a): > > Can we get what volume they are snapshots of? Perhaps the volume name > > would help us figure things out? > > Most of the 6GiB volumes like snap-098326d474a07f706 is snapshot of > vol- which does not exist (this snapshot is from 2018) > > Even if I take > > snap-0fdf88e3527a6ca6e (fedora-coreos-39.20231101.1.0-x86_64) > that was created > > Fri Nov 03 2023 04:12:53 GMT+0100 > > with description > Copied for DestinationAmi ami-0e62f1adedc546f4d from SourceAmi > ami-0b9d8baf52b75e62c for SourceSnapshot snap-033116129e665e380. Task > created on 1,698,981,171,355.Copied for DestinationAmi ami-0e62f1adedc546f4d > from SourceAmi ami-0b9d8baf52b75e62c for SourceSnapshot > snap-033116129e665e380. Task created on 1,698,981,171,355.Copied for > DestinationAmi ami-0e62f1adedc546f4d from SourceAmi ami-0b9d8baf52b75e62c > for SourceSnapshot snap-033116129e665e380. Task created on > 1,698,981,171,355.Copied for DestinationAmi ami-0e62f1adedc546f4d from > SourceAmi ami-0b9d8baf52b75e62c for SourceSnapshot snap-033116129e665e380. > Task created on 1,698,981,171,355. as snapshot of vol- > that does not exists. > > Hmm, > fromhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html > : > > During the AMI-creation process, Amazon EC2 creates snapshots of your > instance's root volume and any other EBS volumes attached to your instance. > You're charged for the snapshots until you deregister the AMI > <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/deregister-ami.html> > and delete the snapshots. If any volumes attached to the instance are > encrypted, the new AMI only launches successfully on instances that support > Amazon EBS encryption > <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html>. yeah, I am not sure here. I guess we could check fedimg code, and/or ask any subject matter experts to chime in. Well, actually, we should probibly check in on the thing thats cleaning up the amis? and confirm that it is deleting the snapshots? I think that is this: roles/fedimg/templates/clean-amis.py in ansible. and it does delete the snapshot... so, perhaps indeed all these ones with vol- are some mistake or some other amis? kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora 39 Final freeze now over!
With the release of Fedora 39 yesterday, infrastructure freeze is now over. Our next freeze is for Fedora 40 beta, currently scheduled for 2024-02-20. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS Snapshots without FedoraGroup tag
On Thu, Nov 02, 2023 at 10:32:20AM +0100, Miroslav Suchý wrote: > We have (almost) all instances and volumes properly tagged. Now let check > Snapshots. Thanks for continuing to drive this forward. ;) > OMG - there are A LOT of them. The list has 97k lines! Because of the size I > will not attach it and instead provide link to download it: > https://k00.fr/8p59mvcw > > If you help me to identify something, I can either delete or tag it for you. > > Few things I spotted: > * snapshots of volumes that no longer exists. Can it be deleted? > * lots of snapshots like fedora-coreos-36.20221030.2.3-aarch64 - do we still > need 36 and older? > * Fedora-Cloud-Base-29-20190729.0.x86_64-hvm-us-east-1-standard-0 - is this > snapshots used to generate AMIs for getfedora.org? Do we still need it? > > If you have snapshots that are important, please check that it have tag > FedoraGroup=* So, if the non coreos ones are mostly fedimg, it doesn't tag things. ;( It predates our tagging setup entirely... I've not dug into it, but yeah, I think it uses snapshots to make the ami's... but it's unclear to me if it does or should clean those up after the ami is made? https://github.com/fedora-infra/fedimg/blob/develop/docs/services/ec2.md I'm not sure how we can tell which of these are fedimg related and wich aren't. Can we tell when something was created? I guess we could mount them on a instance and see whats in them, but that doesn't seem practical for 97k snapshots. ;) Can we get what volume they are snapshots of? Perhaps the volume name would help us figure things out? Open to ideas on how to clean it up. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS discontinue IAM...
On Mon, Oct 30, 2023 at 08:46:04PM +0100, Miroslav Suchý wrote: > From > > https://us-east-1.console.aws.amazon.com/iamv2/home?region=us-east-2#/home > > Attention: Extended Deadline for Updating Your Access Permissions - December > 11, 2023 > AWS has discontinued use of old IAM permissions for Billing, Cost > Management, and Accounts consoles. If you do not take action, you may lose > access to these consoles. We are granting an extension until December 11, > 2023 for you to update your IAM policies.Update your policies > or contact your organization's access administrator.For assistance, please > visit the blog > ,or review the policy migration utilities- Bulk Policy Migrator > ,old to granular action mapping guide > . > > The Billing does not worry us. But Cost Management and Account consoles? Is > this something we should handle. Or we have everything handled? We aren't affected. If you click on the 'view affected policies' it shows none. This should only be iam policies that used the old permissions for billing/cost/accounts, which we never used apparently. ;) So, I think we are fine... but thanks for bringing it up. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Meeting Agenda Item: Introduction Blake Ridgway
On Wed, Oct 11, 2023 at 08:13:50AM -0500, Blake Ridgway wrote: > Good day Fedora Infrastructure team, > > I'm Blake Ridgway. My IRC alias is /Zormak/ and my Matrix alias is > /@blakeridgway:fedora.im. /I am reaching out to introduce myself to the > Fedora Infrastructure team and express my enthusiasm for collaboration. > > I serve as a System Administrator in the Agribusiness sector, where my role > is diverse and vital for the organization's operational efficiency. My > responsibilities encompass the maintenance of our Windows Server, Office 365 > environment, Asterisk PBX system running on CentOS, and Ubuntu Server > infrastructure. Beyond my professional duties, I'm actively engaged in > crafting a custom application suite for a non-profit organization based in > Oklahoma. > > I run Fedora on all of my hardware, which includes two servers, my desktop, > and a variety of laptops. This comprehensive setup enables me to thoroughly > test and verify the Operating System's compatibility across diverse hardware > configurations. > > While I've been quietly observing and familiarizing myself with how the team > operates and communicates, I'm not approaching this with a blank slate. I > plan to explore the open issues and Easyfix tasks to identify areas where I > can make a valuable contribution before tackling more longstanding > challenges. > > I'm genuinely eager to contribute to the Fedora community. I am excited to > both help offer my assistance and learn from the experienced members of the > Fedora Infrastructure team. > > I look forward to hearing from you all. Welcome Blake! Feel free to ask questions or join in as you like. Hopefully you can make our weekly meeting tomorrow and say hi. :) kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Freeze Break request: update koji-flatpak on builders
On Thu, Oct 05, 2023 at 11:27:56AM -0400, Stephen Smoogen wrote: > On Wed, 4 Oct 2023 at 11:52, Kevin Fenzi wrote: > > > We tried to get everything working with the new flatpak building setup > > before freeze, but at the last minute we ran into some issues between > > bodhi and the metadata that flatpak builds store in koji. We got several > > things sorted out yesterday before freeze, but there's still an issue > > with the metadata we need to fix. > > > > See: > > > > https://pagure.io/fedora-infrastructure/issue/11557 > > > > So, I'd like to tag that build into f38-infra and update it on all the > > builders and reload kojid. > > > > +1s? > > > > > Reminder During freezes, +1 / -1 are only counted from people in > sysadmin-main. That group is currently > > puiterwijk, kevin, pingou, abompard, mohanboddu, adamwill, mizdebsk, > ryanlerch, nphilipp, pbrobinson, nb, jstanley, darknao, humaton, zlopez, > dkirwan, mobrien Yes, but also 'releng' which we don't really have a great group for thats up to date. Also, feedback is welcome from anyone. If you see a problem or have questions, definitely do ask about it. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Freeze Break request: update koji-flatpak on builders
We tried to get everything working with the new flatpak building setup before freeze, but at the last minute we ran into some issues between bodhi and the metadata that flatpak builds store in koji. We got several things sorted out yesterday before freeze, but there's still an issue with the metadata we need to fix. See: https://pagure.io/fedora-infrastructure/issue/11557 So, I'd like to tag that build into f38-infra and update it on all the builders and reload kojid. +1s? kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora 39 Final freeze now in effect!
Greetings. we are now in the infrastructure freeze leading up to the Fedora 39 Final release. This is a final release freeze. We do this to ensure that our infrastructure is stable and ready to release Fedora 39 when it's available. You can see a list of hosts that do not freeze by checking out the ansible repo and running the freezelist script: git clone https://infrastructure.fedoraproject.org/infra/ansible.git ansible/scripts/freezelist -i inventory Any hosts listed as freezes is frozen until 2023-10-18 (or later if release slips). Frozen hosts should have no changes made to them without a sign-off on the change from at least 2 sysadmin-main or rel-eng members, along with (in most cases) a patch of the exact change to be made to this list and/or a pull-request to the infra/ansible repo. Thanks, kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Resource usage in AWS per group
On Mon, Sep 25, 2023 at 05:38:44AM +0200, Miroslav Suchý wrote: > Now when we have all instances and volumes tagged. I can say who is using > what resources. Below you will find the aggregated overview of resources we > are using in AWS. > > If you will not mind, I plan to send this overview every month. My intention > is to be able to see the overview of long-term provisioned resources across > regions. This is just snapshot of one moment. This report does not catch how > long the resource has been provisioned. > > This report does not include: > > * snapshots - this is something I want to focus in next step in near future > > * CloudFront - this is actualy biggest item on our invoice. But there is > nothing we can do about it. There is no cheaper option and no way to > optimize it further. I have no intention to report our usage of CloudFront. > > * price of instances - this report does not differ if the instance is spot, > reserved one, or on demand. I am not sure if I want to report it as my main > goal is to catch forgotten resources rather than aiming for lowering the > total cost. > > If you have ideas how to improve this report, let me know. Might it be possible to put all the resources under the same tag, ie, FedoraGroup: infra volumes: ... instances: ... That way it's easier if you are looking at only one group. Or, perhaps a more csv type thing? Group,region,kind,size/type/count infra,us-west-2,volume,gp3,500GB infra,us-west-2,instance,t2.large,3 But in any case, thanks, this will be helpful over time. I think monthly is about right. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS Instances without tag FedoraGroup=*
On Fri, Sep 22, 2023 at 02:32:00PM +0200, Miroslav Suchý wrote: > = Current status > > We have almost everything tagged with FedoraGroup. There are some small > leftovers (see bottom of this email). > > If no one stop me (or tag it) I will delete them by end of next week. Awesome. Thanks again for doing this. > There may appear some new volumes without propper tags. Because Kubernetese > cluster does not tag them automaticaly. Miro Vadkerti will be working on > this. Sounds good. I made some IAM changes that should allow things to work there, but if needed, please file a new ticket and we can sort out any further things needed. > Some volumes are backedup in snapshots with tag > FedoraGroup=garbage-collector. I will keep it few weeks. And delete them at > the end of November. > > There is still some work to do. I clean up volumes and instances "only". > There is still lots of snapshots. But I will give me and you few weeks > before I start cleaning up that. :) Sounds good. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora 39 beta freeze now over
With the release of Fedora 39 Beta yesterday, infrastructure freeze is now over. Our next freeze is for Fedora 39 final release, currently scheduled for 2023-10-03. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS Instances without tag FedoraGroup=*
On Thu, Sep 14, 2023 at 01:35:58PM +0200, Miroslav Suchý wrote: > I have cleanup a lot. I notified Testing farm, they will tag their resource > soon. > > BTW if you are in CC, then you likely own one of the resources in AWS. > Please add tag FedoraGroup=* to it. Otherwise it may be deleted. > > The remaining stuff is: I fixed: ...snip... Tagged and named this one: > * vol-0ad5c4cde450a9bdd N/A (aarch64-test02.fedorainfracloud.org, N/A) ...snip... Tagged these 3 as we may want to keep them for historical reasons: > * vol-00091c41e655ed4f7 taiga_database (N/A, N/A) > * vol-0ec92f0ec8b8e86e0 taiga_data (N/A, N/A) > * vol-094ff3bcc5acca40b taiga_backup (N/A, N/A) ...snip... > What is AutoScaling? Does it belong to TestingFarm? No idea. ;( It might... kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS - strange error: volume in use, but is not attached
On Wed, Sep 13, 2023 at 09:22:27AM +0200, Miroslav Suchý wrote: > When cleaning the old volumes I find strange error > > This volume: > > https://ap-southeast-1.console.aws.amazon.com/ec2/home?region=ap-southeast-1#VolumeDetails:volumeId=vol-495d4a40 > > i.e. vol-495d4a40 in ap-southeast-1 > > cannot be deleted, because is "in-use". And I can only "detach" or "force > detach", but there is no attached instances listed. > > In this region are 3 instances: proxy38.fedoraproject.org, > proxy30.fedoraproject.org and mref1.apse1.stream.centos.org but none of them > list this volume as attached. > > BTW, this volume is already snapshoted as snap-017a9145cd8099a06 so it can be > safely deleted. > > Does somebody ever experienced this kind of error? Any ideas? > > If I get no suggestions by end of the week, I will try to detach it (not > sure from where), and if it fails (I kind of expect it) I will raise a > support ticket. Yeah, I never have seen that before... very odd. I would try the detach and support ticket. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS gp2 -> gp3
On Wed, Sep 13, 2023 at 11:17:41AM +0200, Miroslav Suchý wrote: > Dne 05. 09. 23 v 17:11 Kevin Fenzi napsal(a): > > So, I think it would be ok to just do anytime, but you can wait until > > after freeze if you want to be extra careful. > > > Freeze is over. I migrated all the remaining volumes. For the record, > complete list is at the bottom of mail (and it is loong). It's actually not... we missed the early f39 beta release target, so we are still in freeze at least another week. ;) But thats ok. I think this was just fine to get done. > There are still some gp2 images now, because old cloud images still create > rootfs as gp2. This will change with F39+. But all persistent data volumes > are now gp3. Awesome. Thanks for doing this! kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: PDC replacement proposal
On Mon, Sep 11, 2023 at 03:08:50PM +0200, Tomas Hrcka wrote: > Sorry for the confusion with work that is already done, > We can drop the critpath thanks Adam! > > > As it goes for EoL and package retirement we for the past few releases we > are saving EOL date in bodhi. > So getting EOL for specific release is not a problem once the release is > out. yeah, the reason we needed it in pdc before was stream branches. I think once flatpaks are moved to the new setup we won't have any _new_ stream branches. However, if we are going to support updating modules for f37/f38, we may need to figure out something there... > > For storing the orphaning reason and other potential metadata. We can store > some of it in git in form of notes on branches not necessarily in > pagure-disgit specific code-base. yeah, I think moving some of this that makes sense into git is reasonable. > > With toddlers i think the path is clear we need to use bodhi as a source of > truth about releases. > Similar work as on toddlers will need to be done on mdapi > > For the compose metadata we can store the the json blobs on fedorapeople > for now and search for some stable place. I don't think we should use fedorapeople for anything like this. If we need just a space we could use /pub/alt/something/ ? These are the things that fedfind/qa users? Do we have examples of this data? Thanks for working on this! kevin -- > On Wed, Sep 6, 2023 at 12:23 PM Pierre-Yves Chibon > wrote: > > > On Tue, Sep 05, 2023 at 11:35:19AM -0700, Kevin Fenzi wrote: > > > On Mon, Sep 04, 2023 at 04:51:22PM +0200, Tomas Hrcka wrote: > > > > Hello all, it took us a few years but we are finally getting rid of > > the PDC > > > > project. Thanks to the ARC research we identified use cases in our > > tooling > > > > and proposed solution. > > > > > > > > The essential functionalities currently provided by PDC will be > > > > re-implemented in other applications within our release > > infrastructure, as > > > > there are no immediate plans for their replacement and are currently > > > > maintained > > > > > > > > This work is anticipated to span several months for completion. > > However, > > > > before we embark on this endeavor, > > > > > > > > we would like to proactively share our proposed solution with all of > > you > > > > and gather your valuable feedback. > > > > > > > > Below, we outline our strategy to preserve the core functionality of > > PDC by > > > > leveraging existing applications within our ecosystem. > > > > > > > > Current uses of PDC: > > > > > > > > Currently, we rely on the Package Database (PDC) for various data > > > > management tasks, including: > > > > > > > > > > > >1. > > > > > > > >Critical Path Package Tracking: Bodhi leverages PDC to track > > packages on > > > >the critical path. > > > > > > As Adam mentioned this is already not in pdc. ;) > > > > > > >2. > > > > > > > >Retirement of Packages and Service Level Agreements (SLAs): PDC > > assists > > > >in managing the retirement of packages and their associated SLAs. > > > > > > Yeah. The super big one is that its queried from a git commit hook for > > > all src.fedoraproject.org git commits. Right now if pdc is down, no one > > > could commit anything. > > > > > > > > > >3. > > > > > > > >Metadata for Nightly Composes: Our Release Engineering and Fedora > > > >Quality Assurance teams rely on PDC for metadata related to nightly > > > >composes. > > > > > > > > > > > > More info on the usage can be found here: > > > > https://fedora-arc.readthedocs.io/en/latest/pdc/users.html > > > > > > mass rebuild of modules can be dropped. ;) > > > > > > fedscm-admin is now the scm requests toddler. It still uses pdc tho > > > of course. > > > > > > > Specific Endpoints in Use: > > > > > > ...snip... > > > > > > > Upcoming Changes > > > > > > > > Bodhi: > > > > > > > > Bodhi will assume responsibility for the following tasks, reducing our > > > > reliance on PDC: > > > > > > > > /rest_api/v1/releases/: Bodhi will now manage release-related data. > > > > > >
Re: AWS Instances without tag FedoraGroup=*
On Mon, Sep 11, 2023 at 02:40:18PM +0200, Miroslav Suchý wrote: > Dne 11. 09. 23 v 6:45 Fabian Arrotin napsal(a): > > AFAIK the ec2 instances in the .centos.org domain are all tagged though, > > so do you have a list of ec2 instances/volumes that are really from > > centos and not tagged properly ? In a previous mail I saw something like > > "centos stream builders" mentioned but there are zero centos stream > > builders in public space like aws (for obvious reasons as they are > > internals) > > Right. I cannot see anything not-tagged that belongs to Centos. If I find > something, I will let you know. wasn't the possible centos items volumes not attached to any instances? kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS Instances without tag FedoraGroup=*
On Fri, Sep 08, 2023 at 01:45:02AM +0200, Miroslav Suchý wrote: > Dne 07. 09. 23 v 20:49 Kevin Fenzi napsal(a): > > Nice! I think dkirwan should know about Discourse-test and mobrien > > should know about mobrien-test, and I think the rest are centos ones? > > Due diligence of instances: > > Region: ap-northeast-1 > Instances: (name, id, owner) > * N/A (i-0399e6de6e283c229, N/A) > > This is up and running and has siwalter@redhat@ap-northeast-1 > <https://ap-northeast-1.console.aws.amazon.com/ec2/home?region=ap-northeast-1#KeyPairs:keyName=siwalter@redhat@ap-northeast-1> > ssh key. Good catch. Can you mail them about it, or would you like me to? > Region: us-east-2 > Instances: (name, id, owner) > * N/A (i-0278bbf7d7b9801b2, N/A) > * N/A (i-07678cd3d615ca52a, N/A) > > These two has centos-stream-builders ssh key > > > * N/A (i-030bd89ccd0a66013, N/A) > > This has astepano-real > <https://us-east-2.console.aws.amazon.com/ec2/home?region=us-east-2#KeyPairs:keyName=astepano-real> > ssh key > > * N/A (i-01350e4dc91dd5f31, N/A) > > * N/A (i-01e07e6e302d60a4d, N/A) > * N/A (i-07759ac45a275da45, N/A > > These seems to belong to testing farm. > > That is all from instances. Should I mail testing farm folks about this? Or would you like to? > But I am not sure how to proceed with volumes. Wait. I was not querying the > name of the volumes. That can give more insight. And it does. Lot of them > are TestingFarm, Kubernetes. Some of them belong to Taiga. (see bottom of > email). I'd like to keep the last tiaga ones for an archive in case we need anything off it, but otherwise we don't need those. I bet the testing farm ones are just that eks isn't tagging things when deploying. Hopefully we can get it to do so. > I have no idea what to do with the rest. E.g., vol-ef097386 from eu-west-1. > Not attached to anything. No tags. No reference in ansible.git. No > information.The only thing that comes to my mind is: make a snapshot, tag > the snapshot with FedoraGroup=snapshot-before-deleting, delete the volume. > If somebody will miss it, then restore it from snapshot. Otherwise delete > the snapshot after several months. That sounds a good plan to me. That way if we break anything we can put it back. ;) > Mirek kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Freeze Break Request: update fedora-repos-zchunk on composers
The new fedora-repo-zdicts-2309.1-1.fc38 update has f39 zchunk dictionaries, which should make the zchunk deltas better for f39. I'd like to update compose-branched01/compose-rawhide01/compose-x86_01 so we can get this advantage. I think this is a pretty low impact change and we can always just back out to the older version if something happens. +1s? kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Migration from registry.fp.o to quay.io
On Thu, Sep 07, 2023 at 11:07:15AM -0400, Neal Gompa wrote: > On Thu, Sep 7, 2023 at 10:15 AM Michal Konecny wrote: > > > > So I contacted William Dettelback from quay.io Team about the feedback I > > got here. > > > > This is the e-mail I sent: > > ``` > > 1) Mock switched to "--use-bootstrap-image" (podman pulling images > > from various registries by default) and we had no single issue reported > > against the Fedora's registry, but CentOS (on quay.io) gives us random > > "pull" failures: > > > > https://github.com/rpm-software-management/mock/issues/1191 > > > > Are you aware of this issue? > > > > 2) Quay.io is moving into console.redhat.com[2], which makes it even less > > fun since RH accounts for the console require giving a lot more > > information. > > > > Do we need to be Red Hat customers to access that? Could it be possible to > > allow Fedora Account System login? > > > > 3) There is a rate limiting enabled for pulling on quay.io [3]. Could it be > > possible to > > remove that if some Fedora services start hitting that? > > ``` > > > > And here is the response I got: > > ``` > > Thanks for reaching out- we'd certainly like to support your migration. > > Fedora makes perfect sense as a tenant on quay.io. Let me try to answer > > your questions: > > > > 1) Not aware of this issue- I don't believe anyone has raised a support > > ticket with us on it. > > Wasn't clear to me from the GH issue if you had a stable reproducer. If you > > do, > > please feel free to raise a bug report at > > https://issues.redhat.com/projects/PROJQUAY > > and we can take a look. > > > > 2) Our long term plan is to move all authenticated web UI access to > > console.redhat.com > > but we will keep our quay.io web UI available for unauthenticated access > > (e.g. google search results linking to public images). So only users who > > need authenticated > > access to your namespace(s)- for example to administer a Team, etc.. would > > need to sign up > > for a Red Hat Account. Robot account / docker CLI access will still work > > directly and not require RH SSO- so your automation can still push images, > > etc.. Yeah, I am not sure this is a big deal, as 99.999% of people will not have any need to login there. > > We have no plans to integrate the Fedora Account System login- but open to > > discuss what that > > could look like (esp. if it supports OIDC). > > > > 3) We can disable the rate limiting on your namespace(s)- it's usually not > > a problem, we do this > > for other Red Hat teams (e.g. Openshift). I would be interested to > > understand more of your > > expected traffic loads for push/pull so we can plan accordingly on our side. We may be able to pull that information from logs on oci-registry01/02? Or... now that we have logs going into splunk, we could ask them to just look in splunk? ;) > > 1) Corresponds with what Pavel wrote. I sent it before I noticed the > > response from Pavel. > > > > 2) As FAS is supporting OIDC, we can start negotiating that. Or it would be > > just mandatory for maintainers of quay.io namespaces to have RedHat account > > (not that different from managing AWS now). > > > > AWS supports being accessed via OIDC SSO, so it's possible to (for it's actually SAML2, but yeah... > example) tie Fedora's AWS account to FAS. I would really like to see > FAS supported by Red Hat SSO across the board, especially since now > CentOS contributors are forced to deal with Red Hat's Jira instance > with the completion of the RHEL-in-JIRA (RIJ) project. Yeah, thats a bigger conversation we should start. I'm not fully sure where... > > 3) That is really great to hear. Do we have any traffic statistics for > > registry.fp.o in that regard? > > > > Can we have an alias for registry.fp.o that goes to our quay namespace > too? Breaking the world is not fun, and if Quay doesn't work out, we > should be able to painlessly switch to something else. Yep. Agree 100%. We should make it so we can switch out if needed and so things move smoothly without users having to change anything or even know too much that it happened. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS Instances without tag FedoraGroup=*
On Thu, Sep 07, 2023 at 11:28:18AM +0200, Pavel Raiskup wrote: > JFYI, I just updated the script Mirek had, and created a simple cron job > on one of our staging VMs that collects some AWS instance statistics. > Result is hosted here: > > https://copr-be-dev.cloud.fedoraproject.org/infra-stats/ > > Especially interesting might be the list of currently "erroring" > instances: > > > https://copr-be-dev.cloud.fedoraproject.org/infra-stats/last-run-errors.log Nice! I think dkirwan should know about Discourse-test and mobrien should know about mobrien-test, and I think the rest are centos ones? kevin -- > > Pavel > > > On neděle 3. září 2023 20:59:15 CEST Miroslav Suchý wrote: > > According our SOP > > > > https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/aws-access/#_role_and_user_policies > > > >Users MUST tag resources with their FedoraGroup tag within one day, or > > the resource may be removed. > > > > I created a small script and queried all resources in all regions for > > resources without this tag. I am NOT going to > > delete resources without this tag as that would destroy half of the > > infrastructure. Please check if one of these > > resources is yours and properly tag them. (BTW when you will work on that, > > please add tag Owner=* too): > > > > Region: ap-south-2 > > > > Region: ap-south-1 > > Instances: > > * mref1.aps1.stream.centos.org (i-0f566f5a8d0544a9d) > > Volumes - [id (attached to instance)]: > > * vol-04ba60d39cfda0873 (mref1.aps1.stream.centos.org) > > * vol-0624a43d78bbcf1e3 (mref1.aps1.stream.centos.org) > > * vol-0dbcb65fadcadfd56 (N/A) > > > > Region: eu-south-1 > > > > Region: eu-south-2 > > > > Region: me-central-1 > > > > Region: il-central-1 > > > > Region: ca-central-1 > > Instances: > > Volumes - [id (attached to instance)]: > > * vol-067b5f163d2320171 (cloud-fedora-34-aws-ssd) > > * vol-07a41964b391cbe75 (cloud-fedora-34-aws-ssd) > > * vol-05fa6f0557ab1e44b (cloud-fedora-34-aws-ssd) > > * vol-00d79ef4b4e1f92e8 (cloud-fedora-34-aws-ssd) > > * vol-0712085157d0bade9 (cloud-fedora-34-aws-ssd) > > * vol-037fb93e199476ee1 (cloud-fedora-34-aws) > > > > Region: eu-central-1 > > Instances: > > * risc-v koji hub (i-096911a251a31b09f) > > * mref1.euc1.stream.centos.org (i-0db35e5f70750e87f) > > * vault.euc1.centos.org (i-0bc52b0cc68e4499d) > > Volumes - [id (attached to instance)]: > > * vol-0ce62ad946d5356e9 (id.dev.centos.org) > > * vol-0e630691e76128447 (proxy36.fedoraproject.org) > > * vol-0bd681a8a7537d2e7 (minetest) > > * vol-05b6b70293a262e2b (risc-v koji hub) > > * vol-0a6a0692e6db3a4cd (risc-v koji hub) > > * vol-06e0ad3a62ff40ee4 (mref1.euc1.stream.centos.org) > > * vol-0fd3b08bd32b095b7 (mref1.euc1.stream.centos.org) > > * vol-0fccc73d1328ff978 (vault.euc1.centos.org) > > > > Region: eu-central-2 > > > > Region: us-west-1 > > Instances: > > Volumes - [id (attached to instance)]: > > * vol-b07165de (N/A) > > * vol-b82037d6 (N/A) > > * vol-54657c3a (N/A) > > * vol-8349ade2 (N/A) > > * vol-3ffc2b1f (N/A) > > > > Region: us-west-2 > > Instances: > > * mref1.uw2.stream.centos.org (i-0cc5dceddb5b661af) > > * proxy09.fedoraproject.org (i-07a30fbb93ec0030d) > > * aarch64-test02.fedorainfracloud.org (i-09d5619b3782ff940) > > * pdns3.uw2.centos.org (i-0d448e1f3f6552ce1) > > * vault.uw2.centos.org (i-08f1d848cc1da073a) > > Volumes - [id (attached to instance)]: > > * vol-0a3391b6d83a69e3e (mref1.uw2.stream.centos.org) > > * vol-0df5eb0cf0d4e8855 (mref1.uw2.stream.centos.org) > > * vol-070ba525db8d62425 (proxy09.fedoraproject.org) > > * vol-0ad5c4cde450a9bdd (aarch64-test02.fedorainfracloud.org) > > * vol-0c728f179988d4f1c (pdns3.uw2.centos.org) > > * vol-48b8ec21 (N/A) > > * vol-a998df91 (N/A) > > * vol-06173c2bf59801079 (N/A) > > * vol-03f61f31b964390b4 (N/A) > > * vol-0acf2f1309656dbf0 (f37-test.fedorainfracloud.org) > > * vol-09b92bac86df1d577 (vault.uw2.centos.org) > > * vol-074066a4fb17c2ccd (f38-test.fedorainfracloud.org) > > * vol-05c43dd45de9ec8dc (f39-test.fedorainfracloud.org) > > * vol-60cc8458 (N/A) > > > > Region: af-south-1 > > Instances: > > * proxy33.fedoraproject.org (i-091c3a0a9b51b746c) > > * mref1.afs1.stream.centos.org (i-05e8706b4d1c1dbe3) > > Volumes - [id (attached to instance)]: > > * vol-0474b44ac60470546 (proxy33.fedoraproject.org) > > * vol-00ffe8821d7313bbf (mref1.afs1.stream.centos.org) > > * vol-02b6f520ece872075 (mref1.afs1.stream.centos.org) > > > > Region: eu-north-1 > > > > Region: eu-west-3 > > Instances: > > * pdns1.euw3.centos.org (i-07724f80561513ae4) > > * people.euw3.centos.org (i-0629a7c9146e04290) > > Volumes - [id (attached to instance)]: > > * vol-01517db42903637d9 (mirrorlist.euw3.aws.centos.org) > > * vol-00c760fbdd555a77d (pdns1.euw3.centos.org) > > * vol-033eed789811e4d73 (people.euw3.centos.org) > > * vol-0879d3b255788e2b9 (people.euw3.centos.org) > > *
Re: Freeze Break request: update *.apps.ocp.fedoraproject.org cert
On Wed, Sep 06, 2023 at 06:56:36AM -0400, Stephen Smoogen wrote: > On Wed, 6 Sept 2023 at 06:51, Sandro wrote: > > > On 05-09-2023 21:53, Kevin Fenzi wrote: > > > I already have the cert ready to push into ansible-private, just need > > > +1's to run the proxies playbook and update the cert there. > > > > Not sure if my vote counts, but updating certs seems low risk: > > > > +1 > > > > My vote no longer counts but I agree with Sandro. This is low risk and > darknao and others are available for backup. Thanks everyone. Pushing it out now. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS Instances without tag FedoraGroup=*
Took a look and fixed a number of fedora ones: > Region: ca-central-1 > Instances: > Volumes - [id (attached to instance)]: > * vol-067b5f163d2320171 (cloud-fedora-34-aws-ssd) > * vol-07a41964b391cbe75 (cloud-fedora-34-aws-ssd) > * vol-05fa6f0557ab1e44b (cloud-fedora-34-aws-ssd) > * vol-00d79ef4b4e1f92e8 (cloud-fedora-34-aws-ssd) > * vol-0712085157d0bade9 (cloud-fedora-34-aws-ssd) This instance (cloud-fedora-34-aws-ssd) is stopped. Not sure what it is/was. > * vol-037fb93e199476ee1 (cloud-fedora-34-aws) This one is up, but I can't login with any keypair I have. > Region: eu-central-1 > Instances: > * risc-v koji hub (i-096911a251a31b09f) Fixed > * mref1.euc1.stream.centos.org (i-0db35e5f70750e87f) > * vault.euc1.centos.org (i-0bc52b0cc68e4499d) >Volumes - [id (attached to instance)]: > * vol-0ce62ad946d5356e9 (id.dev.centos.org) > * vol-0e630691e76128447 (proxy36.fedoraproject.org) Fixed. > * vol-0bd681a8a7537d2e7 (minetest) Fixed, but I wonder if this instance is still in use? > * vol-05b6b70293a262e2b (risc-v koji hub) > * vol-0a6a0692e6db3a4cd (risc-v koji hub) Fixed. ...snip... > Region: us-west-2 > Instances: > * mref1.uw2.stream.centos.org (i-0cc5dceddb5b661af) > * proxy09.fedoraproject.org (i-07a30fbb93ec0030d) > * aarch64-test02.fedorainfracloud.org (i-09d5619b3782ff940) Fixed > * pdns3.uw2.centos.org (i-0d448e1f3f6552ce1) > * vault.uw2.centos.org (i-08f1d848cc1da073a) > Volumes - [id (attached to instance)]: > * vol-0a3391b6d83a69e3e (mref1.uw2.stream.centos.org) > * vol-0df5eb0cf0d4e8855 (mref1.uw2.stream.centos.org) > * vol-070ba525db8d62425 (proxy09.fedoraproject.org) > * vol-0ad5c4cde450a9bdd (aarch64-test02.fedorainfracloud.org) Fixed > * vol-0c728f179988d4f1c (pdns3.uw2.centos.org) > * vol-48b8ec21 (N/A) > * vol-a998df91 (N/A) > * vol-06173c2bf59801079 (N/A) > * vol-03f61f31b964390b4 (N/A) > * vol-0acf2f1309656dbf0 (f37-test.fedorainfracloud.org) Fixed > * vol-09b92bac86df1d577 (vault.uw2.centos.org) > * vol-074066a4fb17c2ccd (f38-test.fedorainfracloud.org) > * vol-05c43dd45de9ec8dc (f39-test.fedorainfracloud.org) Fixed > * vol-60cc8458 (N/A) > Region: af-south-1 > Instances: > * proxy33.fedoraproject.org (i-091c3a0a9b51b746c) Fixed. > * mref1.afs1.stream.centos.org (i-05e8706b4d1c1dbe3) > Volumes - [id (attached to instance)]: > * vol-0474b44ac60470546 (proxy33.fedoraproject.org) Fixed. > * vol-00ffe8821d7313bbf (mref1.afs1.stream.centos.org) > * vol-02b6f520ece872075 (mref1.afs1.stream.centos.org) ...snip... > Region: us-east-1 > Instances: > * N/A (i-0b369063062ca52c9) > * fedora-packages-ng (test) (i-0f15e4c4b9a49be4a) I don't think this one is needed anymore. > * N/A (i-0931da1d5eda4eb93) > * Discourse-test (i-0eca039ae29709710) > * mobrien-test (i-0b96a11ec696351a5) Will ask about these two. These are in use right: ? > * vol-05180f7bf9fcac534 (copr-keygen-dev) > * vol-0749c34ff6655165b (copr-distgit-dev) > * vol-00d69ba2bd22822a9 (copr-frontend-dev) > * vol-05d6160567d56ab37 (copr-distgit-prod) > * vol-0b414449faa733f4e (copr-keygen-prod) > * vol-0c6b76d3da6468410 (copr-frontend-prod) ...snip a bunch of volumes... The volumes from the last list mostly belongs to CentOS Stream builders. ah, ok. Thanks again for looking into this! kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: PDC replacement proposal
On Mon, Sep 04, 2023 at 04:51:22PM +0200, Tomas Hrcka wrote: > Hello all, it took us a few years but we are finally getting rid of the PDC > project. Thanks to the ARC research we identified use cases in our tooling > and proposed solution. > > The essential functionalities currently provided by PDC will be > re-implemented in other applications within our release infrastructure, as > there are no immediate plans for their replacement and are currently > maintained > > This work is anticipated to span several months for completion. However, > before we embark on this endeavor, > > we would like to proactively share our proposed solution with all of you > and gather your valuable feedback. > > Below, we outline our strategy to preserve the core functionality of PDC by > leveraging existing applications within our ecosystem. > > Current uses of PDC: > > Currently, we rely on the Package Database (PDC) for various data > management tasks, including: > > >1. > >Critical Path Package Tracking: Bodhi leverages PDC to track packages on >the critical path. As Adam mentioned this is already not in pdc. ;) >2. > >Retirement of Packages and Service Level Agreements (SLAs): PDC assists >in managing the retirement of packages and their associated SLAs. Yeah. The super big one is that its queried from a git commit hook for all src.fedoraproject.org git commits. Right now if pdc is down, no one could commit anything. >3. > >Metadata for Nightly Composes: Our Release Engineering and Fedora >Quality Assurance teams rely on PDC for metadata related to nightly >composes. > > > More info on the usage can be found here: > https://fedora-arc.readthedocs.io/en/latest/pdc/users.html mass rebuild of modules can be dropped. ;) fedscm-admin is now the scm requests toddler. It still uses pdc tho of course. > Specific Endpoints in Use: ...snip... > Upcoming Changes > > Bodhi: > > Bodhi will assume responsibility for the following tasks, reducing our > reliance on PDC: > > /rest_api/v1/releases/: Bodhi will now manage release-related data. Do note that bodhi still has a window after we are 'go' for a relase where it thinks it's released, but it's not yet. We probibly need to address this if we are moving this to bodhi. > /rest_api/v1/component-branches/: Specifically, Bodhi will handle the > critical-path flag. Already done. ...snip... > > Pagure-dist-git: > > Pagure-dist-git will take over several responsibilities from PDC, including: > > /rest_api/v1/product-versions > > /rest_api/v1/global-components > > /rest_api/v1/component-branches/ > > /rest_api/v1/component-branch-slas/ > > Pagure already has a robust database of global components (repositories) > and product versions (repository branches). > > It utilizes the PDC API to query component branches when a package is > retired, and an auxiliary table in Pagure-dist-git will store the reasons > for orphaning these components. So, I know this will work... but it means more closely tying ourselves to pagure-dist-git. ;( With modules going out of the picture, most branches just have the release cycle of the fedora or rhel release they are based on, so couldn't we just default that somewhere? There's also flatpaks, but I think we could also tie them to release eol's. So, is it possible to just not keep these things? > > A list of all identified uses of PDC API can be found in the original ARC > investigation: https://fedora-arc.readthedocs.io/en/latest/pdc/users.html > > Projects not considered in the original arc investigation: > > MDapi > > Toddlers > > Toddlers took over the functionality of the fedscm-admin tool and it's more > or less a 1:1 rewrite of the tool, use cases should be the same as > fedscm-admin. yeah. > Remaining Endpoints: > > A few endpoints will remain unchanged: > > /rest_api/v1/compose-images/: Given that we primarily store JSON blobs > here, we have decided, based on discussions, to store the JSON data on a > network-accessible file server. What server? Where? I think the only thing that uses this is fedfind? I really suggest at the start of this work, we just plan out exactly what changes before doing anything. (ie, merge this exact PR that changes this). kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Migration from registry.fp.o to quay.io
On Mon, Sep 04, 2023 at 01:57:34PM -0400, Neal Gompa wrote: > On Mon, Sep 4, 2023 at 12:47 PM Pavel Raiskup wrote: > > > > On pondělí 4. září 2023 15:35:41 CEST Michal Konecny wrote: > > > Hi everyone, > > > > > > I finished investigation for migration from registry.fp.o to quay.io. It > > > is available in ARC investigation document [0]. The investigation ticket > > > [1] is on fedora-infra tracker. > > > > JFYI, Mock switched to "--use-bootstrap-image" (podman pulling images > > from various registries by default) and we had no single issue reported > > against the Fedora's registry, but CentOS (on quay.io) gives us random > > "pull" failures: > > > > https://github.com/rpm-software-management/mock/issues/1191 > > > > So the stability might not be as ideal as with the current registry. Huh, good to know. Is this something anyone has taken to upstream quay.io? > I'm not super-enthused about this from a few perspectives: > > 1. Core artifacts should be able to be produced, hosted, and consumed > from Fedora infrastructure. Well, they still are in koji of course... > 2. Quay ultimately does not need to care about Fedora as a stakeholder Sure, but do we have complex needs that require stakeholderness (ok, thats not a word, but you know what I mean. ;) > 3. Quay.io is moving into console.redhat.com[a], which makes it even less > fun since RH accounts for the console require giving a lot more > information. Huh, good to know. Of course the vast majority of people will just pull from it, never look at the ui. I think it would be good for us to try and talk to quay.io folks and see if there's any issues or reasons not to head that way. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Cleaning infra groups on Pagure and GitHub
On Fri, Sep 01, 2023 at 02:59:12PM +0200, Michal Konecny wrote: > Hi everyone, > > I did a cleaning in Fedora infra groups in both Github (fedora-infra > organization https://github.com/fedora-infra) and Pagure (fedora-infra group > https://pagure.io/group/fedora-infra). I removed the people that were > inactive in the last year. > > I also removed people from infra-sig FAS group > (https://accounts.fedoraproject.org/group/infra-sig/) I only left the same > members as in fedora-infra pagure group (I didn't add any). I thought that > those groups should be synced, but it doesn't seem like they are. Is this > correct? > > If I accidentally removed somebody who should be in those groups, let me > know and I will add you back. Thanks for doing the cleanup. I think perhaps we should try and do this more regularly (once a year? twice a year after releases?) and use a more open method. I like the method nb used for clearing out groups a while back: * Identify the potentially inactive people * Open a ticket explaining that we are removing inactive people and @mention all of the people on the list. * If they see it and decide they want to be active again, they can comment in the ticket about that * After a week or whatever we remove everyone who hasn't responded. That gives people a chance to notice and become active again and also prevents any surprize when they are removed. Thoughts? kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS Instances without tag FedoraGroup=*
On Mon, Sep 04, 2023 at 08:30:26AM +0200, Fabian Arrotin wrote: > On 03/09/2023 20:59, Miroslav Suchý wrote: > > According our SOP > > https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/aws-access/#_role_and_user_policies > > > > Users MUST tag resources with their FedoraGroup tag within one day, > > or the resource may be removed. > > > > Hi Miroslav, > > Thanks for the pointer, as I wasn't really aware of the *need* for that tag > but I'll tag all *centos.org resources in that shared fedora/centos account > to have the missing FedoraGroup=centos tag/value. Yeah, I thought we established that a long time ago in order to make sure we could set iam perms so that someone couldn't affect another group's resources. Sorry if it wasn't documented/communicated. > BTW, just quickly checked the Fedora Communityshift Openshift cluster (so > volumes, EFS, ec2, load-balancers, etc) and none is tagged with > FedoraGroup=fedora :-) Yeah, but thats also in another account right? not the main one? > @Kevin : what about we try to have a common set of AWS rules/policies/SOPs > for both project sharing resources within one or two accounts and > review/audit also permissions, rules, ACLs, etc ? +1 for sure. Anyhow, I can go through the fedora related ones this week and make sure they are tagged. Thanks for doing this Miroslav! kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: AWS gp2 -> gp3
On Sun, Sep 03, 2023 at 09:33:49PM +0200, Miroslav Suchý wrote: > FYI > > after I moved manually most of the big volumes to gp3 at the beginning of > summer, I finally get to write script that converts all the remaining > volumes. > > I run it for two minor regions: > > ap-south-1 > Migrating volume vol-0dbcb65fadcadfd56 in region ap-south-1 from gp2 to gp3... > Volume vol-0dbcb65fadcadfd56 in region ap-south-1 migrated to gp3 > Migrating volume vol-0058e60aaa125e5d2 in region ap-south-1 from gp2 to gp3... > Volume vol-0058e60aaa125e5d2 in region ap-south-1 migrated to gp3 > Migrating volume vol-0a105d78b59ce2c23 in region ap-south-1 from gp2 to gp3... > Volume vol-0a105d78b59ce2c23 in region ap-south-1 migrated to gp3 > Migrating volume vol-0d9419cdad700549a in region ap-south-1 from gp2 to gp3... > Volume vol-0d9419cdad700549a in region ap-south-1 migrated to gp3 > Migrating volume vol-0e15a552fdd51a391 in region ap-south-1 from gp2 to gp3... > Volume vol-0e15a552fdd51a391 in region ap-south-1 migrated to gp3 > Migrating volume vol-07c8e6df4ad605935 in region ap-south-1 from gp2 to gp3... > Volume vol-07c8e6df4ad605935 in region ap-south-1 migrated to gp3 > Migrating volume vol-0526490438425fae8 in region ap-south-1 from gp2 to gp3... > Volume vol-0526490438425fae8 in region ap-south-1 migrated to gp3 > > ca-central-1 > Migrating volume vol-067b5f163d2320171 in region ca-central-1 from gp2 to > gp3... > Volume vol-067b5f163d2320171 in region ca-central-1 migrated to gp3 > Migrating volume vol-07a41964b391cbe75 in region ca-central-1 from gp2 to > gp3... > Volume vol-07a41964b391cbe75 in region ca-central-1 migrated to gp3 > Migrating volume vol-05fa6f0557ab1e44b in region ca-central-1 from gp2 to > gp3... > Volume vol-05fa6f0557ab1e44b in region ca-central-1 migrated to gp3 > Migrating volume vol-00d79ef4b4e1f92e8 in region ca-central-1 from gp2 to > gp3... > Volume vol-00d79ef4b4e1f92e8 in region ca-central-1 migrated to gp3 > Migrating volume vol-0712085157d0bade9 in region ca-central-1 from gp2 to > gp3... > Volume vol-0712085157d0bade9 in region ca-central-1 migrated to gp3 > Migrating volume vol-037fb93e199476ee1 in region ca-central-1 from gp2 to > gp3... > Volume vol-037fb93e199476ee1 in region ca-central-1 migrated to gp3 > > But then I realized I may accidentally touched volumes that belongs to set > under Fedora 39 Beta Freeze. > > So I will postpone any other action till 2023-09-12. When the freeze will be > over I plan to run it for all remaining regions. Thanks for that. I don't think anything affected by freeze would be in this list. I already moved all our proxies a while ago... and we dont have any other frozen things in aws. So, I think it would be ok to just do anytime, but you can wait until after freeze if you want to be extra careful. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: GitLab Grouping and Naming
On Tue, Aug 15, 2023 at 03:06:36PM -0600, Tim Flink wrote: > > Has there been a conclusion to this? The AI/ML SIG is looking to request a > FAS group to manage access to the sigs/ai-ml project in GitLab but we're not > sure what to request for a name. > > Thanks, > > Tim Somehow I didn't notice this email until just now. ;( I think we should adopt the naming that fabian suggests upthread. So, you would have: gitlab-fedora-ai-ml-admin -> admin users gitlab-fedora-ai-ml-developers -> developer users etc. At least I think that makes sense... kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Fedora 39 beta freeze now in effect
On Mon, Aug 28, 2023 at 01:05:16AM -, Ryan Bach wrote: > > On Sat, Aug 26, 2023 at 03:28:26AM -, Ryan Bach wrote: > > > > Yes? Did you have a question here? > > > > I did post here and also in discussion... > > > > kevin > I guess. Will hyperkitty be updated after the freeze is over? Thanks for your > work. Well, here's the steps I see: * Wait until everything lands in epel9. We want to deploy on RHEL9 to avoid having to update often, so ideally we wait for this. There's a bunch of progress on it. * Once that lands, setup a mailman01.stg instance again. This will allow us to work out all the issues around deploying the new version and also allow us to test importing the existing content from production. * Then setup a new production mailman instance, import everything and have a outage probibly to switch over to it. So, not right after freeze, but hopefully in the not too distant future. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Fedora 39 beta freeze now in effect
On Sat, Aug 26, 2023 at 03:28:26AM -, Ryan Bach wrote: > > Greetings. > > > > We are now in the infrastructure freeze leading up to the Fedora 39 > > Beta release. This is a pre release freeze. > > > > We do this to ensure that our infrastructure is stable and ready to > > release the Fedora 39 Beta when it's available. > > > > You can see a list of hosts that do not freeze by checking out the > > ansible repo and running the freezelist script: > > > > git clone > > https://pagure.io/fedora-infra/ansible.git > > ansible/scripts/freezelist -i inventory > > > > Any hosts listed as freezes is frozen until 2023-09-12 (or later if > > release slips). Frozen hosts should have no changes made to them without > > a sign-off on the change from at least 2 sysadmin-main or rel-eng > > members, along with (in most cases) a patch of the exact change to be > > made to this list or a pull request for review. > > > > Thanks, > > > > Kevin > "Any hosts listed as freezes is frozen until 2023-09-12 (or later if > release slips)" > https://discussion.fedoraproject.org/t/fedora-39-beta-infrastructure-freeze-now-in-effect/87839 Yes? Did you have a question here? I did post here and also in discussion... kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Fedora 39 beta freeze now in effect
Greetings. We are now in the infrastructure freeze leading up to the Fedora 39 Beta release. This is a pre release freeze. We do this to ensure that our infrastructure is stable and ready to release the Fedora 39 Beta when it's available. You can see a list of hosts that do not freeze by checking out the ansible repo and running the freezelist script: git clone https://pagure.io/fedora-infra/ansible.git ansible/scripts/freezelist -i inventory Any hosts listed as freezes is frozen until 2023-09-12 (or later if release slips). Frozen hosts should have no changes made to them without a sign-off on the change from at least 2 sysadmin-main or rel-eng members, along with (in most cases) a patch of the exact change to be made to this list or a pull request for review. Thanks, Kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Planned Outage - Sever updates/reboots - 2023-08-16 21:00 UTC
I've started a hackmd doc to track this: https://hackmd.io/DB-c7z5sQqGHx2me9PWsVg kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Planned Outage - Sever updates/reboots - 2023-08-16 21:00 UTC
Planned Outage - Sever updates/reboots - 2023-08-16 21:00 UTC There will be an outage starting at 2023-08-16 21:00 UTC, which will last approximately 4 hours. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2023-08-16 21:00UTC' Reason for outage: We will be applying all updates and rebooting servers into current kernels. Services will be up and down in the outage window. Package maintainers are advised to avoid submitting builds or doing other packaging work in the outage window. Affected Services: Many services will be up and down in the outage window as servers are updated and rebooted. Ticket Link: https://pagure.io/fedora-infrastructure/issue/11475 Please join #fedora-admin or #fedora-noc on irc.libera.chat or #admin:fedoraproject.org / #noc:fedoraproject.org on matrix. Please add comments to the ticket for this outage above. Updated status for this outage may be available at https://www.fedorastatus.org/ signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
congrats to another new sysadmin-mainer
I'm happy to announce that We have approved a new member in our sysadmin-main group: adamwill - Adam Williamson This is the core group of trusted folks that high level access to most everything in fedora infrastructure. Adam has been around for a long time and has setup and run Fedora's OpenQA instance. In addition he's done tons of work on bodhi, packages, and too many other places to mention as well as testing everying and making sure releases and rawhide are working. He has proved his dedication, trustworthiness, and ability. Congrats! Use your powers for good! :) kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: GitLab Grouping and Naming
On Fri, Aug 04, 2023 at 02:04:22PM +0200, Fabian Arrotin wrote: > On 04/08/2023 08:49, Ryan Lerch wrote: > > On Fri, Aug 4, 2023 at 4:41 PM Fabian Arrotin > > wrote: > > > > > > On 04/08/2023 02:25, Ryan Lerch wrote: > > > > I just would get a discussion started with the process of > > > > semi-formalizing the grouping and naming guidelines for the Fedora > > > > GitLab instance. Just a nitpick, this isn't a Fedora Gitlab instance. ;) it's a namespace on gitlab.com provided to us from gitlab. > > > > Currently there are a bunch of groups with subgroups in the main > > > > /fedora/ namespace: > > > > > > > >https://gitlab.com/fedora > > > > > > > > Depending on how we decide to group, some of these may remain there > > > > (or possibly be grouped together in another group) This is however > > > > some repos and groups that i'm not sure what they are or could > > > > probably be moved into some existing groups: > > > > > > > > * Source Git group (https://gitlab.com/fedora/src) -- not what you > > > > think it only has 4 repos so far This was the 'source git sig' wanting to try things out on gitlab. It could be moved to SIGs I think? We might ping them and see if it's even still needed however, since I don't know that they are active much these days. ;( > > > > * Fedora Podcast (https://gitlab.com/fedora/podcast) could possibly go > > > > under marketing maybe Sounds reasonable. > > > > * Packager-Tools (https://gitlab.com/fedora/packager-tools) Yeah, not sure about this one... I mean it's the mass prebuild tool, but not sure where moving it would make sense. > > > > * people (https://gitlab.com/fedora/people) a private group with one > > > > repo in it We likely need to ask that person about where to move these or keep them. > > > > > > > > This might have to be something that we have a meeting to discuss and > > > > figure out a scheme? Sure, or the scheme below seems good to me. > > > > > > > > cheers, > > > > ryanlerch > > > > > > Hi Ryan, > > > > > > We more or less discussed that with Kevin in the past and for CentOS > > > groups (all coming from same common IPA infra) I proposed that we used > > > something like : > > > -- > > > > > > Let me explain : Assuming that we need to grant the CentOS Automotive > > > SIG access to gitlab, the name in FAS/IPA is : > > > gitlab-centos-sig-automotive-developer > > > (https://accounts.fedoraproject.org/group/gitlab-centos-sig-automotive-developer/) > > > > > > Same rule but for openshift/ocp : we need to grant the hyperscale sig > > > access to the openshift CI centos infra : > > > https://accounts.fedoraproject.org/group/ocp-cico-hyperscale/ > > > > > > It's then easier to identify which group has access to what > > > (gitlab/openshift/etc) *while* keeping the existing groups, as IPA > > > supports nested groups (so the ocp-cico-hyperscale group in fact > > > contains the sig-hyperscale group > > > (https://accounts.fedoraproject.org/group/sig-hyperscale/) > > > > > > At least that's the naming convention we agreed on so that we can also > > > easily identify if that's a fedora/centos group (all the sig-* groups > > > weren't following that naming convention as they were coming from > > > previous FAS and so imported/merged with the fedora groups in IPA, but > > > there was no conflicting group back then) > > > > > > > Oh, i can also definitely get on board with a set scheme for Fedora > > Accounts groups <-> Gitlab Groups naming conventions. Yeah, +1 > > However, the one of the main issues i am noticing with our current > > GitLab setup is that the groups that are being added are being done in > > an adhoc setting. > > > > For example, there are groups for Council and Mindshare (and not yet, > > but i can imagine a FesCO group too) -- should these be grouped > > together under, say a "Governance" Sub group? > > > > cheers, > > ryanlerch > > > > Multiple solutions : one can always create new groups and reflect that at > gitlab level (same membership but different group name[s]) and IPA supports > multiple "nesting" levels so you can (in your Governance example) have one > groups containining/nesting multiple other ones Yeah, or 'project' instead of 'govenance'? We should write up a doc with whatever we do to document it and make sure everything is on the same page. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: GitLab Grouping and Naming
On Mon, Aug 07, 2023 at 01:43:09PM +0200, Michal Konecny wrote: > How the FAS and Gitlab groups are synced? Do we need to have them named > same? It's via SAML2 and the groups _can_ be named anything, but we should really use a convention. Basically on the gitlab side you tell it: this saml2 group = this permission on gitlab kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Introduction: Seth Maurice-Brant
On Mon, Aug 07, 2023 at 07:13:13AM +0100, Igor Jagec wrote: > On Sun, 6 Aug 2023, 19:33 Kevin Fenzi, wrote: > > > We just finished our flocktofedora conference, and ran a workshop there > > on onboarding and mentoring. So, you're arriving at a great time to help > > us with that! :) > > > > Look forward to talking with you soon! > > > > Can you please share your talk with us, or at least point us on the video > and the minute when it starts? Thanks! It was not streamed or recorded by video. ;( None of the workshops were. However, James and I plan to write up everything (he took a bunch of notes as we went) and we will be posting here (and/or in discussion.fedoraproject.org) for feedback. ;) Then will come a lot of work to create the docs we wanted to create and try the things we would like to try. ;) kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Introduction: Seth Maurice-Brant
On Fri, Aug 04, 2023 at 01:29:17PM +, Seth wrote: > Hi there, > > I'm Seth, an A level student in the UK, currently studying Computer Science, > Business Studies and Biology. > > I've been using Linux for a good few years and Fedora has been the > distribution I've stuck with the longest, mainly because it is really smooth > and just works. > > Over the past few days, I have decided to commit some time to contributing to > the Fedora Project going forward. I've already joined the websites team, but > the area I'm really interested in getting involved with is the infrastructure > team. I have some experience with Linux sysadmin, Python and SQL and I > thought that this could be an amazing opportunity for me to both refine those > skills whilst also making meaningful contributions back to the community. > > I'm interested in joining the fi-apprentice group and trying to get up to > speed with how the infrastructure team functions. > > I am keen to get started and learn. I've subscribed to the mailing list, and > you can find me in the Matrix (I tend to go by either Seth MB or saluki). I'm > also planning on attending the weekly meetings going forward. > > I hope to get onboarded some time soon and get to know some of you, > Seth Maurice-Brant Welcome! We just finished our flocktofedora conference, and ran a workshop there on onboarding and mentoring. So, you're arriving at a great time to help us with that! :) Look forward to talking with you soon! kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
congrats to our new sysadmin-mainer
I'm happy to announce that We have approved a new member in our sysadmin-main group: darknao - Francois Andrieu This is the core group of trusted folks that high level access to most everything in fedora infrastructure. Francois has done of ton of things around Fedora infrastructure. From helping manage our OpenShift clusters, to revamping how our docs and websites are built and deployed, to just helping anyone with issues all around. He has proved his dedication, trustworthiness, and ability. Congrats! Use your powers for good! :) kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Meeting Agenda Item: (Re-)Introduction Patrick Creech
On Wed, Jul 19, 2023 at 02:31:57PM -0400, Patrick Creech wrote: > Hi there! I popped into the meeting last week and said "Hi", but figured I > should also send this out as well. > > IRC: pcreech > > Since my last introduction[0] the primary thing that has changed is that I > moved into doing release engineering for pulp, which I then moved into doing > release engineering for the Red Hat Satellite product (Foreman/Katello > upstream). I've had the joy of all manner of release engineering related > work, as well as helping manage release engineering infrastructure, and > constantly improving the quality and cadence of our ability to deliver bits > to be tested. > > Recently, my interest in contributing to Fedora has grown again, and I > decided to get involved again, especially since life derailed me for a while > last time. I'm looking forward to helping out! It's awesome to see you (back) around! :) Thanks for digging into some releng stuff... help is always appreciated. Welcome! kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: batcave01 move to rhel9 - 2023-07-13 21UTC
This is now done and I think everything is working. I am sure I missed some things, so do file tickets/let us know when you see things that are broken. ;) kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
batcave01 move to rhel9 - 2023-07-13 21UTC
Hey folks. I keep putting it off, but I need to move it forward, so I am proposing to move batcave01 to rhel9 tomorrow, starting at 21UTC. My plan is roughly: - sync data from batcave01 to batcave02 - at 21UTC take down services on batcave01 - sync data again - take batcave01 down. - rename batcave02 to batcave01 and re-ip it to the right IP - reboot it back up as batcave01 - Fix any issues that come up. This means that the ssh host key for batcave01 WILL CHANGE! If you are using https://admin.fedoraproject.org/ssh_known_hosts in your ~/.ssh/known_hosts it shouldn't matter. If you aren't you may have to accept the new changed host key. For the time when I am switching things, EPEL builds may fail. This is because koji pulls RHEL packages from batcave01. I would expect this to be a very short window. The playbook completes fine on batcave02 and as far as I can see things should work fine there, but there may be some broken items. Please file tickets/let me know if you find anything like that. In the event that things go very poorly for some reason, I can always bring the old vm back up and we can revert to it. Thanks, kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: I'm enabling topic authorization on the production bus
On Tue, Jul 11, 2023 at 08:42:31AM +0200, Aurelien Bompard wrote: > So, something broke, I forgot that the bodhi user also publishes to the > org.fedoraproject.{env}.pungi. > I fixed that now but there were quite a few messages rejected during my > night. It may be necessary to restart the compose. All the composes seem to have finished ok, or failed and will be run again tonight. ;) kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Fedora infra for Secure Boot components - local setup
On Thu, Jul 06, 2023 at 02:18:04PM -, Kamil Aronowski wrote: > Thanks for the reply, Kevin. It means a lot to me, as I no longer feel alone > with this issue. I'll try the mock configuration later on, so I do not > overcomplicate things right now - once a basic config works for me, I'll then > try mock. Sure. > I did try the strace method you suggested, and, as far as I can see, the > socket can be accessed since 0 is returned. This is part of my listing: > > ``` > $ strace pesign-client --unlock --token "NSS Certificate DB" |& grep -i r_ok > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > access("/run//pesign/socket", R_OK) = 0 > ``` > > I experimented a bit more, and via trial-and-error, I came to the conclusion > that the pesign suite of tools has most likely had some regressions, as it > used to have these historically. For instance, the one I mentioned earlier > that I reported at: https://github.com/rhboot/pesign/issues/105. > > Why this conclusion? Let's take a deeper dive into this. ...snip... I can't really help you with upstream or RHEL versions. We run Fedora on our builders, currently pesign-116-2.fc38.x86_64 > > So after this research, I'd like to ask the following: > > - what is the output of the command `modutil -dbdir /etc/pki/pesign/ -list` > ran on the Koji build servers? Listing of PKCS #11 Modules --- 1. NSS Internal PKCS #11 Module uri: pkcs11:library-manufacturer=Mozilla%20Foundation;library-description=NSS%20Internal%20Crypto%20Services;library-version=3.90 slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=;model=NSS%203 slot: NSS User Private Key and Certificate Services token: NSS Certificate DB uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=;model=NSS%203 2. p11-kit-proxy library name: p11-kit-proxy.so uri: pkcs11:library-manufacturer=PKCS%2311%20Kit;library-description=PKCS%2311%20Kit%20Proxy%20Module;library-version=1.1 slots: 1 slot attached status: loaded slot: Alcor Micro AU9520 00 00 token: OpenSC Card (Fedora Signer) uri: pkcs11:token=OpenSC%20Card%20(Fedora%20Signer);manufacturer=OpenSC%20Project;serial=25b585160722;model=PKCS%2315 --- > - where is the entry "token: OpenSC Card (Fedora Signer)" located? Under "NSS > Internal PKCS #11 Module" or under "p11-kit-proxy"? The latter. > - what is the output of the command `ls /usr/share/p11-kit/modules/`? opensc.module p11-kit-trust.module > - are there any commands in the infrastructural Ansible playbooks/Salt > states/shell scripts used for provisioning Koji builders that manipulate that > directory directly or indirectly? If so, what are they? All our ansible content is available at https://pagure.io/fedora-infra/ansible Nothing touches the p11-kit dir that I can see. > - does a command similar to `modutil -dbdir /etc/pki/pesign/ -default > p11-kit-proxy -mechanisms > "RSA:DSA:RC2:RC4:RC5:AES:DES:DH:SHA1:SHA256:SHA512:SSL:TLS:MD5:MD2:RANDOM:FRIENDLY"` > that changes the default provider for security mechanisms run during the > provisioning stage? no > - is filing issues on the `pesign` project's GitHub the proper way to keep in > touch with the developers, or is another way preferred? For instance, file > them directly at bugzilla.redhat.com. I don't know. I would think github. > - if it's possible to redact secrets (usernames, passwords, etc.) from the > provisioning specification (playbooks/states/scripts) Fedora Project uses for > these bootchain-related Koji servers, could these be shared with me, so I > could replicate the configuration 1:1 (apart from the physical smartcard > connected to the servers)? See above. Do note that our builders are Fedora, not RHEL. > I appreciate your help, Kevin. Thank you for everything! Good luck! Sorry it's being such a pain... kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: I'm enabling topic authorization on the production bus
Thanks for driving this forward! kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Fedora infra for Secure Boot components - local setup
On Wed, Jul 05, 2023 at 11:29:27AM -, Kamil Aronowski wrote: > Hello people. I need some help from the good folks who maintain the Fedora > servers responsible for building a bootchain securely, i.e. GRUB2 or the > kernel. For instance, the bkernel01.iad2.fedoraproject.org server. Happy to try and help. > Let's take a look at the build logs of a recent GRUB2 build > (https://koji.fedoraproject.org/koji/buildinfo?buildID=2185557) here: > https://kojipkgs.fedoraproject.org//packages/grub2/2.06/95.fc38/data/logs/x86_64/build.log > As far as I can see, this server has a smart-card with a private key attached > and during the building procedure, the critical components are being signed > with Red Hat Bootloader Team's `pesign` software (version +115) running in > client-server mode rather than standalone mode. By this I mean e.g. line > number 7074 from the log file: > ``` > + /usr/bin/pesign-client -t 'OpenSC Card (Fedora Signer)' -c '/CN=Fedora > Secure Boot Signer' -s -i grubx64.efi.orig -o grubx64.efi.onesig > ``` > > I'd like to replicate the setup Fedora has to rebuild bootchain components on > my own. My question is: how did you make `pesign-client` work fine? Is there > a procedure of some sort that works just fine that I don't know about? > > Here's what I attempted on a Fedora 38 machine: ...snip... > > Please, give me a helping hand with this. What procedure do I have to follow > to replicate what's on Fedora Koji instances? What is there that I'm missing? So, bkernel01/02 are koji builders, so there's kojid and mock in the way there. We have for mock: roles/bkernel/files/bkernel-site-defaults.cfg config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/var/run/pesign', '/var/run/pesign' )) config_opts['nspawn_args'] += ['--bind=/var/run/pesign'] which bind mounts the pesign socket into the chroot. (now of course you aren't using mock, but wanted to mention it) Then, we have some acls on the socket and run directory: roles/bkernel/tasks/main.yml acl: path=/var/run/pesign entity=kojibuilder etype=user permissions=rwx recursive=true state=present (and some more acls). So, might be just being in pesign group isn't enough to connect to the socket? Or there's some selinux denial? I'd try stracing it and see if you can see if it can talk to the socket correctly? If it's talking to the pesign-server ok, then I am not sure what the problem is. ;( kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Koji f38 i686 buildroot setup fail
On Thu, Jun 29, 2023 at 05:02:50PM +0300, Yanko Kaneti wrote: > Hello, > > Have a strange f38 i686 buildroot setup failure in koji > https://koji.fedoraproject.org/koji/taskinfo?taskID=102741271 > > ... > DEBUG util.py:442: Error unpacking rpm package > shadow-utils-2:4.13-6.fc38.i686 > DEBUG util.py:444: error: unpacking of archive failed on file > /usr/bin/newgidmap;649d86fa: cpio: cap_set_file failed - Value too large for > defined data type > DEBUG util.py:444: error: shadow-utils-2:4.13-6.fc38.i686: install failed > ... > > While other i686 builds seems to be working OK e.g. > (pipewire-0.3.72-2.fc38.src.rpm, i686) > https://koji.fedoraproject.org/koji/taskinfo?taskID=102742012 > > The only meaning full difference might be buildvm vs buildhw for the builder > instance This seems like a bug... but where exactly I am not sure. Could be glibc, could be rpm, could be something else. I guess I'd say start with rpm and they could move it if needed? Can you file a bug on it? or would you like me to? kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Ansible role for cron task
On Fri, May 26, 2023 at 04:28:56PM +0200, seddik alaoui ismaili wrote: > Hi folks, > > We decided to add cron to compress some merged logs. So I realize that we > didn't have any Ansible role to do this. > Currently we manage cron tasks separately in the component's role, and IMO > it will be difficult to find/make modifications when needed. > > Do you think it's beneficial to create new one ? Or perhaps someone has > clever ideas :) ? > > +1/-1 ?? I'm not sure cron is big enough to make a role worthwhile. You mean make a role that takes file/template name, when to run and puts it in /etc/cron.d/ ? We do have the ansible 'cron' module, which can do /etc/cron.d/ files as well, but of course still needs copying the template/file script first before it can be scheduled. So, I could be convinced, but I don't think it's worth it off hand... Happy to hear other/more thoughts on it tho, and thanks for bringing up the idea. It's nice when we can consolidate things into less duplication. :) kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Planned Outage - Server updates/reboots - 2023-05-17 21:00 UTC
Planned Outage - Server updates/reboots - 2023-05-17 21:00 UTC There will be an outage starting at 2023-05-17 21:00 UTC which will last approximately 4 hours. To convert UTC to your local time, take a look at http://fedoraproject.org/wiki/Infrastructure/UTCHowto or run: date -d '2023-05-17 21:00UTC' Reason for outage: We will be updating various servers to newest versions of packages and os levels. As part of this outage, koji builders will be moved from Fedora 37 to Fedora 38. Services may be up and down in the outage window. Affected Services: Most services will be affected for short periods of time. Ticket Link: https://pagure.io/fedora-infrastructure/issue/11312 Please join #fedora-admin or #fedora-noc on irc.libera.chat or add comments to the ticket for this outage above. signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: hyperkitty/mailman3 now updated to the latest
On Sat, May 13, 2023 at 10:11:36PM -, Reon Beon wrote: > Nice. yep. Many thanks to Neil and Michael for working on it. Just waiting on the epel9 branch/build and we can look at upgrading. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Do koji's compose directories need cleaning?
On Sun, May 07, 2023 at 08:31:37AM +, Mattia Verga wrote: > I'm unsure if this is something desired or if it is better to open a > formal ticket on [releng|infra]. > > Looking in the compose directories of Koji I've noticed that there seem > to be a lot of garbage leftover from old stuff: > > - in https://kojipkgs.fedoraproject.org/compose/iot/ there are composes > back to Fedora 31 > - in https://kojipkgs.fedoraproject.org/compose/updates/ there are > composes back to Fedora 31, EPEL6, Fedora Modular 30 > - again in https://kojipkgs.fedoraproject.org/compose/updates/ there are > garbage directories starting with "[[ release.id_prefix.title() ]]-" > which seem quite recent > - again in https://kojipkgs.fedoraproject.org/compose/updates/ there are > some ".shelve" files related to f26, f27 and f28 > > Do we want to clean those things up? Yeah, we should. Also, probibly a note in the end of life sop to clean up that. but it has to be done in the right order. ie, you should push out and make sure the updates sync script is no longer trying to sync the just now eoled release before removing the compose directory for it (otherwise it may sync an empty repo to the master mirrors). Anyhow, yeah, I'd say a releng ticket and we should look at adding that to process/automating it. :) Thanks for the note... kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: SOP for adding externally hosted services?
On Wed, May 03, 2023 at 06:54:33PM -0600, Tim Flink wrote: > We're looking to deploy an instance of ReportPortal [1] for displaying and > analyzing the output of automated tests in Fedora. > > This aligns with the goals of Testing Farm and instead of having it hosted > with the other Fedora hosted apps, it looks to be easier to rely on their > setup/infrastructure. yeah, the council has specifically said it's ok to do this. > Are there requirements around having something like > reportportal.fedoraproject.org point to the service once it's up? I couldn't > find anything by searching through the lists but I have a vague recollection > of hearing talk about requirements in the past. > I don't think we have anything written up. Some of it gets handled by going though the process of them becoming a Red Hat vendor (in order for them to be paid for providing the service). On top of that off my head though: * Make sure we have some support avenue to send problems/issues to. If we don't have this, people will bug us and we won't be sure how to address issues or downtime. * Make sure we have some kind of admin contact email or phone or whatever in case there's some issue thats urgent/sensitive. To allow us to contact them in case of a security issue or their site somehow breaking other things. * Make sure they know who is authorized to ask for changes from our side. For setup, we may need to interact with them to setup logins/etc. (Although perhaps not in this case). Would you be willing to start a 'external services' SOP on https://pagure.io/infra-docs-fpo/ ? Otherwise I can try, but I'm currently swamped. ;) kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: clean up on aisle pagure.io
On Thu, Apr 27, 2023 at 08:25:48AM +1000, Ryan Lerch wrote: > > This is my top pick! The one reason why I don't like this choice is that pagure.io was supposed to be distribution agnostic. Just an open source forge. Thats why you see 'fedora-infrastructure' and 'fedora-kickstarts' and such as early project names, to make sure they indicated they were for fedora. But that said, I am not sure that this distinction really matters too much these days. if there's someone that wants a new project, but isn't a contributor in fedora they can ask us (or indeed any contributor) to add it for them. > > Had a quick look at the pagure code, and this looks like we will have to > add some additional logic for this to work (not necessarily difficult, but > it’s not just a config change) yeah. ;( > Afaict, there is no logic to restrict creating new repos (other than > turning it off completely). Additionally. The logic that restricts FPCA is > done at the login phase. So unless we want to restrict login to FPCA+1 > (which I’m not suggesting) it will take a bigger (but not that bad) of a > fix to get working. yeah, I think we do not want to require fpca to login again. The spammers would likely just agree to it, and we don't really need to care what open source license people want to contribute to their projects. > > Would trying to curtail bots registering on the Fedora Accounts side be an > option here too? I don't think so, or at least it would be harder. A lot of times I think these things are initially setup by a human or group of humans, then they spew the spam via script... but I guess I don't know that for sure... kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: clean up on aisle pagure.io
On Wed, Apr 26, 2023 at 01:38:05PM +0200, Michal Konecny wrote: > Regarding the #3, how do you find spam projects now? Could the script do the > same? I find them manually. Go to pagure.io, browse projects and sort by 'most recent'. About 99% of the first 4-5 pages are clearly spam. They are either of the form: 'something something certs' with descriptions like ' 100% Actual Exam Questions for Best Results' or 'username' description 'exam' and tons of issues with the spam by username. So, I am not sure we could script a detection super easily. Or if we did they wouldn't just adjust... On Wed, Apr 26, 2023 at 11:15:51AM -0300, Leon Khan wrote: > Here is my thoughts on this : > > Implement community moderation: Allow the community of users on pagure.io > to help moderate and flag spam projects and users. This could be done > through a reporting system or through user-driven flagging mechanisms that > alert administrators to potentially problematic projects. That would indeed be great, but it would need implementing the way to do that. Would need voting for projects and some way to flag and still admins would have to delete stuff. ;( > > Increase the frequency of automated clean-up scripts: Increasing the > frequency of these scripts could help keep the site cleaner and reduce the > need for manual intervention by administrators. > There's currently 0 automated cleanup. :) It's completely manual, which is what I am saying we need to fix. We would need to write scripts and... I am not sure how automated we could make it. :( but open to ideas... On Wed, Apr 26, 2023 at 10:59:58AM -0400, Frank Ch. Eigler wrote: > Hi - > > > > > 1. only allow fedora 'contributors' to make new projects. (ie, people in > > > > at least one non cla/non base ipa group > > > > [...] > > > > Cons: > > > > - Would block legit people who aren't fedora contributors. > > The other positive edge of that sword could be giving them an > incentive to become fedora contributors at least at some level. Perhaps. So, it's sounding like putting the restriction back in place that you be a contributor to make new projects has reasonable appeal? We will need to investigate how to do that. Might also need code changes? kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: awscli2 and Fedora sso
On Wed, Apr 26, 2023 at 02:41:27PM +0200, Miroslav Suchý wrote: > Has anyone use awscli2? How did you configure it to use Fedora SSO? > > I played with it, but with not luck. > > BTW awcli2 is now in package review process and is available at > > https://copr.fedorainfracloud.org/coprs/g/fedora-review/fedora-review-2189420-awscli2/build/5851296/ Yeah, I looked at it for a short time a year or so ago, and couldn't get it working. ;( I think it's possible, but I wasnt able to figure out how. If anyone does figure it out a howto would be most welcome. kevin signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue