CPE Achievements during Q1 2020 (Jan-Mar 2020)

Tuesday , 19, May 2020 Rich Bowen announcement, Infra Leave a comment

Hi Everyone,

2020 has seen a lot of changes for everyone - understatement of the year right? One of these changes though has been how the Community Platform Engineering Team has decided to try adjust how they work. We are on an agile workflow journey and we began this year with quarterly planning, for the first time ever! We kicked off the start of the year working on some prioritised initiatives that we discussed as a review team during our first quarterly planning session. The review team included Brian ‘Bex’ Exelbierd, Paul Frields, Jim Perrin,Leigh Griffin, Pierre-Yves Chibon, Brian Stinson and Clément Verna.

The initiatives chosen to be worked on during Quarter One were:

  • FAS Replacement Login Phase 1 
  • Fedora Data Centre Move
  • CentOS Stream Phase 1 
  • CI/CD 

It was agreed that the CPE team would work on these from January - March 2020 as well as resourcing our sustaining team to support “lights on” work and Fedora & CentOS releases. 

And let us be the first to tell you, while it did not seem like it would be a monumental change from the outside from switching to  scheduling our work in advance rather than responding to ‘fire fire fire!’, it has been tricky to adjust to but we are getting there!

We had a Q1 celebration call hosted by our Agile Practitioner Sarah Finn to highlight the successes we achieved in that timeframe, and we were all a little surprised and a lot pleased with what we accomplished as a team 🙂

So, what did we achieve in this time?

CPE Sustaining team 

Team members: Clément Verna, Kevin Fenzi, Stephen Smoogen, Mohan Boddu

Michal Konecny, Vipul Siddharth, Tomas Hrcka, Petr Bokoc along with support from wider CPE Team/RH/Community as required.

Achievements: 

  • Preparation for Data Center Move (Archives, Old Cloud retirement, Communication to Community)
  • Applications Update ( Bodhi, Anitya, mdapi, compose-tracker, fedscm-admin, python-cicoclient, …)
  • Fedora 32 Beta release infra and releng support
  • CentOS CI (Update of images used to run tests for Fedora)
  • Mbbox project start (Requirements, PoC, Dev Environment)

User Benefits:

  • Fedora 32 Beta release.
  • It is not too difficult to contribute to Fedora!

FAS Replacement Login Phase 1

Team members: Aoife Moloney, Aurelien Bompard, Rick Elrod (Jan- Feb), Ryan Lerch, Stephen Coady, James Richardson, Leonardo Rossetti along with support from wider CPE Team/RH/Community as required.

Achievements: : 

  • Registration page, user profile, user settings, user groups, groups list
  • 2FA & OTP authentication working
  • Fedora messaging is integrated
  • Users can reset their password when they have forgotten it
  • The FASJSON API is versioned and follows an OpenAPI spec
  • Theming support, with a Fedora and an OpenSUSE theme

Fedora Data Centre Move

Team members: Aoife Moloney, Stephen Smoogen, Kevin Fenzi along with support from wider CPE Team/RH/Community as required.

Achievements: : 

  • Minimum Viable Fedora offering defined
  • Future business growth for Fedora safeguarded in IAD2
  • COPR backups upgraded
  • Hardware budget approved and purchased 
  • Hardware inventory updated
  • Full Move schedule created and published
  • Impacted services list created and published

User Benefits:

  • Red Hat bought us some new stuff
  • New datacenter will provide better access to large cloud providers, and thus Fedora users using those providers.
  • Refreshed hardware should allow Fedora Infrastructure to meet growth needs for this year and beyond.
  • Planning and work should ensure outages for the datacenter move are as short as possible.

CentOS Stream Phase 1

Team members: Aoife Moloney, Brian Stinson, Fabian Arrotin, Johnny Hughes, James Antill, Carl George, Siteshwar Vashisht along with support from wider CPE Team/RH/Community as required.

Achievements: : 

  • Account creation in git.centos.org for Stream
  • Regular compose created & merged
  • Nightly composes running
  • Testing & QA suite running
  • List of packages available in Stream
  • Modules added to Stream
  • RPM signing tool written & implemented for CBS content in Stream
  • Workflow for contributor patches enabled
  • Stream is ahead of RHEL 8.1

User Benefits:

  • CentOS Stream releases ship like a tree and has nightly composes
  • Stream accounts are available on git.stg.centos.org
  • QA and testing in Stream are finding issues quicker than in RHEL and CentOS Linux
  • 240+ packages are now available in Stream
  • There is a new signing tool written for CBS content

CI/CD

Team members: Aoife Moloney, Pierre-Yves Chibon, Nils Philippsen, Adam Saleh along with support from wider CPE Team/RH/Community as required.

Achievements: : 

User Benefits:

  • A backlog of ideas in the Fedora Infra and releng ecosystems can tackle to increase automation
  • The packager workflow is now monitored regularly and automatically
    • This will give us a way to measure the health of the packager workflow and in the long term potentially figure out the least reliable parts to improve them
  • Removing the changelogs and release fields from spec files allows for more automation around spec files and removes the two major sources of conflicts when doing pull-request on dist-git. This can be tested today in staging, allowing to gather more user feedback and experience before deciding on proceeding with this or not.

We have now had our second quarterly planning session for Q2, April - June, and if you want to check out what we are working on, stop by our taiga board to see our ‘in progress’ lane and read our blog post here. If you any questions regarding anything above or want to give us feedback, please reach out on our #redhat-cpe channel on IRC Freenode or mailing lists. 

And it is part for the course that when changes happen things get missed or overlooked, so this blog post is going out a little later than we would like, but we will try to have your next window wins published by the latest mid July. We just won’t say what year 🙂

Thank you everyone for your contributions to the above initiatives in our Q1, we had some great community engagement across our projects and we hope to have the same for the remainder of the year, because some things should never change 🙂

Take care everyone and see you around IRC!

[Video] CentOS Stream Contribution Model

Monday , 18, May 2020 Rich Bowen Video Leave a comment

(A presentation from Red Hat Summit)

CentOS Stream is a rolling preview of the next minor version of Red Hat Enterprise Linux (RHEL), allowing you to try it out, and contribute changes into the RHEL development process. Carl George gives a brief overview of how that contribution model works.

See also https://youtu.be/UA5QCqwma7Y for a walkthrough of a contribution. See https://centos.org/stream for more information about CentOS Stream

Updated CentOS Vagrant Images Available (v2004.01)

Friday , 15, May 2020 Laurențiu Păncescu announcement Leave a comment

We are pleased to announce new official Vagrant images of CentOS Linux 6.10 and CentOS Linux 7.8.2003 for x86_64. All included packages have been updated to May 30th, 2019.

We are unfortunately not able to create images for CentOS 8.x om our build infrastructure at this time, but are working on this.

Known Issues

  1. The VirtualBox Guest Additions are not preinstalled; if you need them for shared folders, please install the vagrant-vbguest plugin and add the following line to your Vagrantfile: 
    config.vm.synced_folder ".", "/vagrant", type: "virtualbox"

    We recommend using NFS instead of VirtualBox shared folders if possible; you can also use the vagrant-sshfs plugin, which, unlike NFS, works on all operating systems.

  2. Since the Guest Additions are missing, our images are preconfigured to use rsync for synced folders. Windows users can either use SMB for synced folders, or disable the sync directory by adding the line 
    config.vm.synced_folder ".", "/vagrant", disabled: true

    to their Vagrantfile, to prevent errors on "vagrant up".

  3. Installing open-vm-tools is not enough for enabling shared folders with Vagrant’s VMware provider. Please follow the detailed instructions in https://github.com/mvermaes/centos-vmware-tools
  4. Some people reported "could not resolve host" errors when running the centos/7 image for VirtualBox on Windows hosts. We don't have access to any Windows computer, but some people reported that adding the following line to the Vagrantfile fixed the problem: 
    vb.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]

Recommended Setup on the Host

Our automatic testing is running on a CentOS Linux 7 host, using Vagrant 1.9.4 with vagrant-libvirt and VirtualBox 5.1.20 (without the Guest Additions) as providers. We strongly recommend using the libvirt provider when stability is required.

Downloads

The official images can be downloaded from Vagrant Cloud. We provide images for HyperV, libvirt-kvm, VirtualBox and VMware.

If you never used our images before:

vagrant box add centos/6 # for CentOS Linux 6, or...
vagrant box add centos/7 # for CentOS Linux 7

Existing users can upgrade their images:

vagrant box update --box centos/6
vagrant box update --box centos/7

Verifying the integrity of the images

The SHA256 checksums of the images are signed with the CentOS 7 Official Signing Key. First, download and verify the checksum file:

$ curl http://cloud.centos.org/centos/7/vagrant/x86_64/images/sha256sum.txt.asc -o sha256sum.txt.asc
$ gpg --verify sha256sum.txt.asc

Once you are sure that the checksums are properly signed by the CentOS Project, you have to include them in your Vagrantfile (Vagrant unfortunately ignores the checksum provided from the command line). Here's the relevant snippet from my own Vagrantfile, using v1803.01 and VirtualBox:

Vagrant.configure(2) do |config|
  config.vm.box = "centos/7"

  config.vm.provider :virtualbox do |virtualbox, override|
    virtualbox.memory = 1024
    override.vm.box_download_checksum_type = "sha256"
    override.vm.box_download_checksum = "b24c912b136d2aa9b7b94fc2689b2001c8d04280cf25983123e45b6a52693fb3"
    override.vm.box_url = "https://cloud.centos.org/centos/7/vagrant/x86_64/images/CentOS-7-x86_64-Vagrant-1803_01.VirtualBox.box"
  end
end

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos on Freenode IRC.

Ackowledgements

I would like to warmly thank Brian Stinson, Fabian Arrotin and Thomas Oulevey for their work on the build infrastructure, as well as Patrick Lang from Microsoft for testing and feedback on the Hyper-V images. I would also like to thank the CentOS Project Lead, Karanbir Singh, without whose years of continuous support we wouldn't have had the Vagrant images in their present form.

I would also like to thank the following people (in alphabetical order):

  • Graham Mainwaring, for helping with tests and validations;
  • Michael Vermaes, for testing our official images, as well as for writing the detailed guide to using them with VMware Fusion Pro and VMware Workstation Pro;
  • Kirill Kalachev, for reporting and debugging the host name errors with VirtualBox on Windows hosts.

CPE Weekly: 2020-05-11

Thursday , 14, May 2020 Rich Bowen Infra Leave a comment

Background:

The Community Platform Engineering group is the Red Hat team combining
IT and release engineering from Fedora and CentOS.Check out our teams
info here https://docs.fedoraproject.org/en-US/cpe/

GitForge Updates

* We are tracking our progress here (nothing new added yet, fyi) https://fedoraproject.org/wiki/Git_forge_update
* And the council are tracking the community issues in this ticket https://pagure.io/Fedora-Council/tickets/issue/292
* I have an Office hours IRC meeting slot on #fedora-meeting-1 @ 1300-1400 UTC every Thursday. Feel free to stop by and say hi! We can talk about Gitforge, or not 🙂 Note, this is an update to the meeting time from when this update was originally posted.

Data Centre Move

* Communishift is unfortunately offline until mid to end of June. The guys hit some unfortunate roadblocks which cost us a lot of time and energy. As we are starting to bring up hardware in IAD2 for the reduced Fedora offering next week, the hard but necessary decision was taken to pause bringing up CommuniShift in RDU-CC for now and come back to this once the  *slightly* more critical work is done or close to complete in IAD2.
* Thank you for your patience, this is a colossal undertaking for the team and your support and understanding is very much appreciated.
* Full amended schedule is here https://hackmd.io/vDwoayVLQ8yjyDk3PDvC8A?view
* And updates are being posted here https://status.fedoraproject.org/
* Again, as this project is currently being run by a two man team, we appreciate and thank you for your patience for delayed replies to tickets/requests/pings related to Fedora infra.

AAA Replacement

* The team have met with openSUSE and are supporting them when deploying Noggin
* Noggin UI improvements based on feedback have also been implemented
* Th2 team will begin to work on upstream code changes of existing apps to the FASjson api in their next sprint
* You can view the teams current, completed and backlog work here https://github.com/orgs/fedora-infra/projects/6

Sustaining Team

* The team are using this dashboard to track their work https://github.com/fedora-infra/mbbox/projects/1
* They are also supportg the ELN work
* The ansible repo has also been moved to pagure! https://pagure.io/fedora-infra/ansible

* Mbbox Upgrade
* ssl fix is done
* The team are also working on CRD for koji-builder
* Work is being tracked here if you wish to view in more detail https://github.com/fedora-infra/mbbox/projects/1

CentOS Updates

CentOS CI

* The team are working on
* Improving monitoring on CI agents
* Manual install of RHCOS bootstrap node on bare metal
* Importing EL6 Image for CICO cloud
* VMs migration from OpenStack to OpenNebula

CentOS

* CentOS 7.8.2003 was released for x86_64, aarch64,ppc64, ppc64le and armhfp architectures. Including Cloud images (on
https://cloud.centos.org) - https://blog.centos.org/2020/04/release-centos last week
* CentOS Linux 8.2 work is ongoing with compose level testing due to start soon

CentOS Stream

* The team are working through debranding CentOS Stream content from CentOS Linux
* Using CentOS Stream in the CentOS QA group to prep for 8.2

As always, feedback is welcome, and we will continue to look at ways to improve the delivery and readability of this weekly report.

Have a great week ahead!

Aoife

Source: https://hackmd.io/8iV7PilARSG68Tqv8CzKOQ

[Video] What is CentOS Stream?

Tuesday , 12, May 2020 Rich Bowen Video Leave a comment

(A presentation from Red Hat Summit)

CentOS Stream is a release from the CentOS Project. It’s an effort, along with the Red Hat Enterprise Linux (RHEL) engineering team, to increase transparency and collaboration around the RHEL development process. This video gives a little more detail about the what, why, and how of CentOS Stream

What’s coming up next in Fedora and CentOS infrastructure?

Wednesday , 6, May 2020 Rich Bowen Infra Leave a comment

As you may know, the Community Platform Engineering (CPE) team that helps manage both infrastructure for both Fedora and CentOS is trying to improve how the different initiatives or requests for changes we receive are planned and prioritized. This effort to improve has led us to look at planning our work in three-month windows. By planning, limiting, and focusing our work every three months, we can dedicate a substantial team around each initiative, driving it to completion before working on the next. Overall this helps us finish and deliver work faster.

The prioritization work involves the Fedora Council, the CentOS Board, a representative of the Red Hat Business Unit and the CPE team for each three-month window. Initiatives are considered against the team’s mission statement and weighed against each other to ensure that the most valuable initiatives are properly prioritized. This way of working  is quite new for us so any feedback on the overall process is greatly appreciated.

So, What’s coming up next (April - June 2020*)?

CentOS Stream (Phase 2)

In the next 3 months the team will be focusing on making CentOS Stream easier to consume and release. This means investing in automation of the packaging and compose processes. 

More information about this effort at : https://tree.taiga.io/project/amoloney1-cpe-team-projects/us/19?kanban-status=2139946

Fedora Account System (FAS) Replacement (Phase 2)

This project is the second phase of the work that was started at the beginning of this year to replace FAS (which you may have heard referred to as “AAA”: Authentication, Authorization, Accounting). T first three months of the year were focused on building the web portal allowing users to register and manage their account. This phase will focus on the integration with other applications. Most of the work will be done in fasjson & fasjson-client.

More information about this effort at : https://tree.taiga.io/project/amoloney1-cpe-team-projects/us/22?kanban-status=2139946

Fedora Data Centre Move

This is a big effort that in fact has already started and will continue for most of the next 3 months (current estimated end date for this is mid-July). The work will involve deploying critical infrastructure in the new data centre so that we can continue to build Fedora while the hardware is shipped from the old data centre. Then as the hardware arrives at the new location we will be working on redeploying the services and adding more capacity to that infrastructure.

More information about this effort at : https://tree.taiga.io/project/amoloney1-cpe-team-projects/us/29?kanban-status=2139946

DNF Counting

This project will update and improve the current solution that gathers anonymous statistics about the number of installed Fedora systems by making use of the new DNF “countme” flag. This will help the project better understand how Fedora’s various offerings are used in the world, and give us better insight into the real-world lifecycle of our releases while taking great care to preserve our user's privacy. 

More information about this effort:  https://tree.taiga.io/project/amoloney1-cpe-team-projects/us/7?kanban-status=2139946

CentOS CI Infrastructure Phase 1

This work will allow us to update the current infrastructure used by ci.centos.org from an OpenShift 3.x version to an OpenShift 4.x version. The goal of this work is also to build up more administration knowledge of OpenShift in the team as well as improving the performance and reducing the maintenance effort needed to run the current infrastructure.

More information about this effort: https://tree.taiga.io/project/amoloney1-cpe-team-projects/us/30?kanban-status=2139946

Mbbox

The goal of this project is to make the current solution used to build rpms and modules for CentOS easier to maintain and update. The core of the work is to deploy koji and MBS using Kubernetes operators in order to manage the upgrade and deployment of new versions.

More information about this effort at: https://tree.taiga.io/project/amoloney1-cpe-team-projects/us/34?kanban-status=2139946

You will find regular updates on our Taiga board relating to teams progress on each initiative. If you have any questions or if you want to know more about any of these initiatives or would like to contribute, please join our #redhat-cpe channel on IRC Freenode or visit the taiga links for more information.

In addition, a dedicated sub-team, the sustaining team, will continue to service the lights on operation work for CentOS & Fedora.

We recognize that this email/blog post is late, our 3 months window has started for a month already, as we said this is still a new process for us and we're still in the adjustment phase. Hopefully we'll do better in June!

CentOS Community newsletter, May 2020 (#2005)

Tuesday , 5, May 2020 Rich Bowen Newsletter Leave a comment

Dear CentOS enthusiast,

We hope you are all doing well and staying healthy, and, as always, thank you for being part of this great community.

In this edition:

  • News
  • Releases and updates
  • Events
  • SIG reports

News

After a great deal of work with Red Hat Legal, we are pleased to announce our new project licencing policy. This is an important step as we continue to move towards accepting more contributions in CentOS Stream  - https://blog.centos.org/2020/04/new-centos-project-licensing-policy/

We're also delighted to welcome Pat and Thomas as new members of the CentOS Board of Directors - https://blog.centos.org/2020/04/welcome-to-our-new-board-members/ 

If you are involved in contributing to CentOS in any way, we ask that you take a moment to read the description of the work on SIG Authentication retooling - https://blog.centos.org/2020/05/sig-authentication-retooling/

CentOS Stream Updates:

CentOS Stream is working to get further ahead than in the past. Previously there were times when the content set of CentOS Stream reset to being ahead only with the Kernel and systemd. We recently pushed a batch of almost 100 source packages intended for the Red Hat Enterprise Linux 8.3 nightly development snapshots. Over the next period of time we expect to focus on pushing more batches into Stream until we're fully caught up with those nightly snapshots.

To give feedback on this content, you can open Red Hat Bugzillas directly against the CentOS Stream component.

CPE updates:

Our friends at CPE - Community Platform Engineering - have been posting weekly updates on their progress on the Fedora and CentOS infrastructure and engineering.

April 4th: https://lists.centos.org/pipermail/centos-devel/2020-April/036725.html

April 14th: https://lists.centos.org/pipermail/centos-devel/2020-April/036734.html

April 18th: https://lists.centos.org/pipermail/centos-devel/2020-April/036755.html

April 26th: https://lists.centos.org/pipermail/centos-devel/2020-April/036799.html

Releases and updates

Errata and Security Advisories

We issued the following CESA (CentOS Errata and Security Advisories) during April:

Errata and Bugfix Advisories

We issued the following CEBA (CentOS Errata and Bugfix Advisories) during April:

Events

Last week we “attended” Red Hat Summit, where we had a number of video presentations, and a well-attended “Ask The Expert” session with Brian Stinson about CentOS Stream. All of this content is available online. Go to https://redhat.com/summit (register for free and log in), then click “Explore” and you’ll see the Fedora/CentOS room there, with video and printed content about our projects.

We’ve also posted the videos to YouTube - https://www.youtube.com/theCentosProject - subscribe today to be notified when we post new content there.

Coming up, we have an AMA - Ask Me Anything - in the works for our Reddit community, https://www.reddit.com/r/CentOS/  We don’t have a date confirmed yet, but we’ll be announcing it there, as well as to the other usual places - Twitter, Facebook, the Blog and the Forums - so subscribe to one or more of those places to find out when that’s coming.

We will soon be announcing our participation in DevConf.US, the annual developer conference. We intend to have a virtual CentOS Dojo as part of that event, and will be announcing our call for presentations soon.

SIG Reports

The SIGs - special interest groups - are where most of the interesting stuff in CentOS happens. They are communities packaging and testing layered projects on top of CentOS, and ensuring that they work reliably.

Cloud SIG Report

Purpose

Packaging and maintaining different FOSS based Private cloud infrastructure applications that one can install and run natively on CentOS.

https://wiki.centos.org/SpecialInterestGroup/Cloud

Membership Update

We are always looking for new members, especially representation from other cloud technologies.

No SIG members have been added in this quarter. However, the SIG membership list was updated on the SIG wiki page to reflect reality.

Releases and Packages

RDO

Aug 27 - Aug 31 Train Release https://blogs.rdoproject.org/2019/10/rdo-train-released/

Interesting things in the Train release include:

Openstack Ansible, which provides ansible playbooks and roles for deployment, added murano support and fully migrated to systemd-journald from rsyslog. This project makes deploying OpenStack from source in a way that makes it scalable while also being simple to operate, upgrade, and grow.

Ironic, the Bare Metal service, aims to produce an OpenStack service and associated libraries capable of managing and provisioning physical machines in a security-aware and fault-tolerant manner. Beyond providing basic support for building software RAID and a myriad of other highlights, this project now offers a new tool for building ramdisk images, ironic-python-agent-builder.

Other improvements include:

Tobiko is now available within RDO! This project is an OpenStack testing framework focusing on areas mostly complementary to Tempest. While the tempest main focus has been testing OpenStack rest APIs, the main Tobiko focus would be to test OpenStack system operations while “simulating” the use of the cloud as the final user would. Tobiko’s test cases populate the cloud with workloads such as instances, allows the CI workflow to perform an operation such as an update or upgrade, and then runs test cases to validate that the cloud workloads are still functional.

Other highlights of the broader upstream OpenStack project may be read via https://releases.openstack.org/train/highlights.html.

Jun 01 - Jun 05 Victoria Release Virtual Project Team Gathering https://www.openstack.org/ptg/

Health and Activity

The Cloud SIG remains fairly healthy. However, it is still, for the most part, a monoculture containing only OpenStack.

Issues for the Board

We have no issues to bring to the board’s attention at this time.

 

[Video] What is CentOS?

Tuesday , 5, May 2020 Rich Bowen Video Leave a comment

A presentation from Red Hat Summit: Community member Karsten Wade gives a quick overview of what the CentOS Project is.

CPE Weekly: 2020-05-02

Monday , 4, May 2020 Rich Bowen Infra Leave a comment

Background:

The Community Platform Engineering group is the Red Hat team combining IT and release engineering from Fedora and CentOS. Check out our teams info here https://docs.fedoraproject.org/en-US/cpe/

GitForge Updates

* We are tracking our progress here (nothing new added yet, fyi) https://fedoraproject.org/wiki/Git_forge_update

* We are still doing a technical deep-dive with our own team on what we need from GitLab and will have a technical plan developed and publically available in the coming weeks - thanks again for your patience, this will take some time to map out.

* Fedora have also released a blog post https://communityblog.fedoraproject.org/fedora-council-and-the-git-forge/and

* And the council are tracking the community issues in this ticket https://pagure.io/Fedora-Council/tickets/issue/292

* We are looking at ways to engage closer with the community too so I will have an *optional* office hours slot on #fedora-meeting @ 1400-1500 UTC every Thursday. Feel free to stop by and say hi! We can talk about Gitforge, or not

Releases!!

* F32 released! Congrats to all those who helped make this such an awesome release

* Lenovo are releasing Fedora as a standard desktop offering!

* CentOS 7.8.2003 was released for x86_64, aarch64,ppc64, ppc64le and armhfp architectures, including Cloud images (on https://cloud.centos.org)!

Data Centre Move

* Communishift is still out, est back online 11th May.

* Full amended schedule will be published week ending 8th May to hackmd & will be sent to the devel & infra lists.

* Connectivity is now in place in IAD2 and should be in place in RDU-CC over the weekend.

* In particular, a HUGE shout out to Stephen Smoogen who has been working all the hours in every day for the last few weeks/months to get this phase of the move operatoinal for the Fedora infrastructure - we would not be able to do this without you Smooge

* This is literally a two man team of Kevin Fenzi and Stephen Smoogen, who are carrying the weight of this infrastructure on their shoulders and are invaluable to the success of this multi-team and multi-month project, so thank you both.

* Given the pressures on the Infra folks, a general ask for patience if your ticket / request / ping takes a little bit longer to reply to

AAA Replacement

* The team will work with openSUSE to deploy FreeIPA + Noggin to deploy it in their infra before we do!

* This is really exciting and the team are looking forward to seeing how the solution works in another infrastructure!

* You can view the teams current, completed and backlog work here https://github.com/orgs/fedora-infra/projects/6

Sustaining Team

* The team are using this dashboard to track their work https://github.com/fedora-infra/mbbox/projects/1

* Mbbox Upgrade

* Zuul CI set up is done

* Koji-hub TLS support added to CR

* Set up ReadTheDocs documentation - webhook missing for automatic build

* Identity container for testing

* Koji-builder CRD PR rebase - SSL authentication with koji-hub

* Refactor molecule test suite to share tests

CentOS Updates

CentOS CI

* OpenShift upgrade

* OpenStack to OpenNebula migration scripts

* Ansible playbooks to manage the creation and bootstrapping of bare metal nodes with RHCOS

* Packaging work (fixing dependencies)

* Updated ci-user list on efforts we are putting for CI Infrastructure

CentOS

* CentOS 7.8.2003 was released for x86_64, aarch64,ppc64, ppc64le and armhfp architectures. Including Cloud images (on https://cloud.centos.org) - https://blog.centos.org/2020/04/release-centos-linux-7-2003/

CentOS Stream

* Congratulations to Brian Stinson on his excellent session of Ask The Expert, facilitated by Rich Bowen during Red Hat Summit - we hope you caught it, it was really good!

* Using CentOS Stream in the CentOS QA group to prep for 8.2 As always, feedback is welcome, and we will continue to look at ways to improve the delivery and readability of this weekly report.

Have a great week ahead!

Aoife

Source: https://hackmd.io/8iV7PilARSG68Tqv8CzKOQ

SIG authentication retooling

Monday , 4, May 2020 Jim Perrin announcement, General Leave a comment

You may have seen the emails from Aoife about the work the Community Platform Engineering (CPE) team is doing around authentication tooling, and what that might mean for CentOS. Here’s a brief explainer for what’s happening.

The authentication software we use for SIGs (FAS or Fedora Account System) and a few other bits around the project will be EOL fairly soon. This is a 10+ year old, difficult to maintain software project with bugs that can’t be effectively addressed with its old code. The CPE team is writing a replacement for FAS that uses more of the standard distribution components, largely built around FreeIPA. This new tooling is intended to be an upgrade for use by anyone, but particularly Fedora and CentOS to replace both uses of FAS currently. There are a number of feature improvements and standardizations included in the new software, but in the end users shouldn’t notice any real impact in operation.

As we engaged with stakeholders including SIG chairs, the CentOS QA team, and other prominent community members, one issue became quickly apparent. We have many SIG contributors who push their work into both CentOS and Fedora, as well as Fedora’s EPEL repository. Having to work with separate auth systems makes it more difficult with automation, testing, and other parts of the contributor workflow. Because of this chance to improve the lives of our current and incoming contributors, our intention with the new authentication rewrite is for the CentOS and Fedora projects to share a single, unified authentication system. This would allow members of our communities who contribute in multiple places to do so via a single account, while having negligible impact on users who don’t. Group management, permissions, etc. will still be the purview of each project to manage as they see fit.

Fixing this gap between the auth systems the CPE team uses also solves some problems for the team itself. Sharing this system also encourages more cross-team work, which benefits both projects and communities (more hands). These communities are already sharing some resources, such as Fedora making use of the CentOS CI system. This work paves the way for easier resource sharing and management, which will cut down on the amount of duplicative work done across both infrastructures.

Over the next few months as the CPE team works toward its October implementation goal, you’ll see additional communication and messaging about the project. That doesn’t mean you need to wait to get involved though. If you’re interested in how we’re designing the auth, or want to participate in the development, please have a look at the git repository and see where you can help!