CI-users August 2020

ci-users@lists.centos.org

1 participants
2 discussions

Infra Pre-Announce : moving CI ssh jump host soon, please read !
by Fabian Arrotin 07 Sep '20

07 Sep '20

Hi, As you noticed recently, we started to refresh the infra used for CentOS CI (not the hardware, still the same, but the software stack and the way to control/manage it). One of the identified nodes still being used and that needs to be converted to the new infra layout is the ssh jumphost (see https://wiki.centos.org/QaWiki/CI/GettingStarted#How_to_use_it) Normally, some of you have switched to OpenShift workload, (including to the new Openshift 4/OCP setup that went live recently) but some Projects are still on the old setup with sometimes a need to reach dedicated/shared VMs acting as Jenkins agent[s], connected to Jenkins behind https://ci.centos.org. We have already provisioned a new VM in the new setup (that can reach the whole CI subnet and VLAN) but here are some points to consider, reason why we wanted to pre-announce long time in advance before we do the real switch) : * New ssh jump host is CentOS 8 based, versus CentOS 6, meaning that if you used ssh-dss key (instead of ssh-rsa), you'll *not* be able to connect through that new host. We already identified such keys and Vipul will try (when it's tied to a real email address for the project) to reach out. But better to announce it here too, so that you have time to ask us to reflect a change (through ticket on https://pagure.io/centos-infra/issues) * Old VM allowed shell access, but it will be disallowed on the new one (there is no need for shell on that intermediate node anyway). Reminder that you can configure your ssh config to directly use ProxyCommand or even now ProxyJump (on recent openssh-client). See https://wiki.centos.org/TipsAndTricks/SshTips/JumpHost) * Because the host has a new sshd_host_key, it will come with a new fingerprint too, so if you have automation and that you don't trust our CA already, the fingerprint for new host will be : [fingerprint] rsa=3072 SHA256:n7y0qZS/FvhjaskOBds3TTKQh5EtgNQ25E7cmTNBATg (RSA) rsa_md5=3072 MD5:9e:83:46:d0:c5:8a:a0:94:50:10:58:9d:af:ca:50:19 (RSA) ecdsa=256 SHA256:ZQacwDsWkKBYL9HJJYwHr94Ny1sMhHMDnz9GiLFb8Uc (ECDSA) ecdsa_md5=256 MD5:dd:24:ea:6a:fd:8b:29:3d:1d:d0:a9:32:8c:b2:ea:62 (ECDSA) As we know that it's August and that some of you are probably on PTO (coming back or leaving soon), after discussion with Vipul , David and myself, we considered that we'll probably go live around beginning of September. Should you have any question around that migration, feel free to reply to this thread (ideally on dedicated ci-users mailing list), or on irc.freenode.net (#centos-ci) On behalf of the CentOS CI infra team, -- Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 17F3B7A1 | twitter: @arrfab

2 4

New CentOS Infra/CBS/CI issues/requests tracker, please read
by Fabian Arrotin 05 Aug '20

05 Aug '20

Hi all, As you probably noticed in the last weeks/months, we have a stronger collaboration and synergy with the Fedora infrastructure team. Combining forces and resources help both projects at the same time, as majority of the CentOS contributors are already Fedora contributors and probably the same in reverse. It's not a secret (it was announced through CPE weekly mails on this list) that the CentOS board approved the idea of merging authentication systems in a near future (as an example). This email to let you know that all RFE/issues concerning the following areas should be reported to a new issues tracker : https://pagure.io/centos-infra/issues/ , to adapt the same workflow as the Fedora infra team is already using. ( see https://docs.fedoraproject.org/en-US/cpe/working_with_us/ ) Concerned areas : - https://cbs.centos.org (Community BuildSystem, aka koji) - Special Interest Groups requests (for mirror, resources, etc) - https://ci.centos.org (All CI infra ecosystem) - Everything around CentOS Infra (mirror issues, etc) We have already moved/migrated for example the (opened) tickets that were filed under the "Buildsys" , "CI" and "Infrastructure" categories to the new issues tracker. The idea being to *not* request work to be done through IRC but rather through new infra issues tracker. Imported tickets will be discussed there and worked on (reviewed on a daily basis) after having been prioritized Should you feel a need to discuss this new process, feel free to do so in #centos-devel on irc.freenode.net or on this centos-devel list. Kind Regards, -- Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 17F3B7A1 | twitter: @arrfab

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

CI-users August 2020