devel

devel@lists.centos.org

3 participants
4613 discussions

GitLab AMA Topic Discussion: Permissions & Access
by Aoife Moloney 25 Oct '20

25 Oct '20

Hi everyone, Thanks again for your involvement in the GitLab AMA session on IRC in September. As promised, this is the first of a 5-part series breaking down main topics that came up during the session. I will send a topic every week for discussion to both Fedora and CentOS devel lists. While this may not impact CentOS directly right now, there may be some crossover in the future, such as the merging of the CentOS account authentication system to be under the same software as Fedora, and I want to make sure you are all kept aware of developments too. So, I have pulled the relevant questions and answers from the original hackmd doc into one email. If you would like to discuss this topic specifically, here might be a good place to do so. I dont consider myself technical enough to weigh in on details, but I am happy to facilitate as best I can via email. And more importantly (for me), learn from the discussion too. Here are some links to resources as well: * Questions and Answers hackmd link https://hackmd.io/RW8HahOeR7OJPON1dwuo3w * Chat log from session https://meetbot.fedoraproject.org/fedora-meeting-1/2020-09-10/ama_session_w… * AMA Blog post https://communityblog.fedoraproject.org/gitlab-ama-follow-up/#more-9346 * Here is this email in hackmd if you wish to view it there: https://hackmd.io/1pjX1cVnTjekOLVowj5UiQ?view ## Topic: Permission and Access - Question: Fedora has a group-based access system. People in the `packager` group have (commit) access to only the packages they maintain. People in the `provenpackager` group have (commit) access to all the active packages, but a few (for legal reason). People in the `releng` group have commit access to all the packages. Is this an access model that GitLab can support? If not, how would this work in a GitLab world? How would notifications work (Esp consider people in the `provenpackager` or `releng` group do not want to be notified for all the projects they have access to)? - Answer: What I explored was something along the lines of : - Packager → Using GitLab’s Maintainer or Developer role for the project they maintain (Maintainer have the ability to access project settings and change pretty much everything there, so that might be blocking here, Developer only have commit access, so we need another way to change some settings for Packagers) - Co-Maintainer → Using GitLab’s Developer role (commit access) - Proven-Packager → GitLab’s Developer role on all repo (expect 2) - Release Engineer/Admin/etc .. → GitLab’s Owner role on all repos - This is not an exact matching with what we currently have but should give us a way to experiment with this and look at what is acceptable or not. - There is also a GitLab ticket (https://gitlab.com/gitlab-org/gitlab/-/issues/7626) to implement policies for the project that could give more granular control of permissions. - Gitlab’s notifications are quite granular and can be managed at the different levels (Merge Requests, Projects, Group, Global) https://docs.gitlab.com/ee/user/profile/notifications.html#global-notificat… - Question: Fedora supports the concept of a retired `project` (ie: archived) that no-one can commit to. Does GitLab have an equivalent concept? (The retired status is not something project admins can change) - Answer: There is an option to have a “retired” group which is configured to have nobody with commit access. Then retiring a project would simply mean to move the project from the “rpm” group to “retired” group for example. There is also possibility to simply archive projects https://docs.gitlab.com/ee/user/project/settings/#archiving-a-project - Question: could gitlab (inc) maintain a Community Edition GitLab instance that Fedora uses? - Answer: There is no plan to create custom versions of GitLab for customers. Instead, GitLab encourages paid customers and free users alike to contribute upstream to make sure that GitLab continues to work well for the most amount of users possible. As an open core company, GitLab has a public roadmap and works with its community members to build a great product. GitLab regularly engages with its community and takes into account its feedback. As a result, features are often ported down into lower tiers in order to make the Community Edition and Free tiers continuously more useful (see example of 18 features moved to open source). GitLab hosting is available to users of GitLab.com SaaS, but GitLab does not offer hosting and management for GitLab CE or EE instances. - Question: Can project creation be restricted to a specific group of people in GitLab? - Answer: Yes this can be configured at the instance level (https://gitlab.com/help/user/admin_area/settings/visibility_and_access_cont…) or at the group level (https://gitlab.com/help/user/group/index.md#default-project-creation-level) - Question: Can project (main project, not fork) deletion be restricted to a specific group of people in GitLab? (ie: project owner/maintainer must not be allowed to delete a main project, they can delete their own fork of course) - Answer: There is an issue https://gitlab.com/gitlab-org/gitlab/-/issues/233379 that could help with this by requiring an additional person approve the deletion & there’s a related issue https://gitlab.com/gitlab-org/gitlab/-/issues/227468 to create a list of authorized approvers for these types of changes (not MRs) that sounds aligned with this ask - Question: How would group membership be sync to GitLab? - Answer: We are still not 100% clear on that, since GitLab supports OpenIDC & we will need to investigate if we could make use of the group scope returned by AAA. Otherwise we will need a solution to sync the groups to GitLab most likely using API calls. - Question:Will there be better support for Podman in CI workflows in GitLab? - Answer: Short term solution might be using a custom executor, long term solution would be getting the Runner executor podman (#4185) feature request issue scheduled and closed. Ultimately product team schedules work, while everyone can contribute MRs or fixes ahead of schedule. In the past, I've seen a lot of enthusiasm from GitLab team members in helping solve problems from Open Source Program members whenever possible. These are all the questions that had answers I could spot from the larger hackmd document, however my apologies if I missed any. next week I will pull in all the questions and answers on 'Message Bus' in a new email and send for discussion. I know there are still some questions unanswered so I will try to chase down answers to these, but it could take some time. If I can get them answered over the next few weeks, I will send a 'misc' topic email at the end of these few weeks worth of emails. I hope you find this helpful and it is going to take some time to work through everything so thank you for your patience and involvement in this, it is very much appreciated. Kindest regards, Aoife -- Aoife Moloney Product Owner Community Platform Engineering Team Red Hat EMEA Communications House Cork Road Waterford

1 0

Backport cloud-init upstream bug fix
by Trunet 20 Oct '20

20 Oct '20

Hello all, Cloud-init 20.1 implemented a fix that is making me unable to fs_setup swap disk/partition. What would be the correct way to have [ https://github.com/canonical/cloud-init/pull/143/files | https://github.com/canonical/cloud-init/pull/143/files ] backported to centos cloud-init 18.3 (from centos 7.8)? My ugly fix for now is having `sed` on bootcmd cloud-config "applying" the patch for me. mkswap on bootcmd doesn't work as sometimes the volume is still not available and I will have to introduce a wait there as well. Best regards, Wagner Sartori Junior

2 1

CPE Weekly: 2020-10-17
by Aoife Moloney 17 Oct '20

17 Oct '20

Hi Everyone, Below is this week's CPE weekly for week ending 2020-10-17. Im gone a little bi-weekly lately with this report. This has been more circumstantial with our quarter 3 projects ending and launching quarter 4 work, and will get back to a weekly report now that Q4 is underway. So, the updates for both Fedora & CentOS are below, and if you want to visit the hackmd link https://hackmd.io/8iV7PilARSG68Tqv8CzKOQ?view you can then use the header bar on your left to skip to Fedora or CentOS updates that interest you. ## General Project Updates We have a CPE Q3 Achievements blog out on the Fedora and CentOS websites https://blog.centos.org/2020/10/cpe-q3-achievements-2020/ https://communityblog.fedoraproject.org/cpe-achievements-during-q3-2020/ And below are the projects the CPE team are working on for the months of October, November & December: * CentOS Stream Phase 4 - Build system services * Noggin Phase 4 - Data Migration of Fedora & CentOS Accounts, Community testing * OSBS for aarch64 - this will begin in November * Fedora Messaging Schemas - this work is continuing from Q3 and is being worked on part-time ### Misc #### GitLab There is now a blog post out on the Fedora community blog on the AMA, you can read it here https://communityblog.fedoraproject.org/gitlab-ama-follow-up/ Im going to be sending one mail per week to the CentOS and Fedora devel lists on Fridays, dedicated to one topic. The first topic will be Permission and Access in GitLab. I will pull the questions and answers from the hackmd doc into an email body to try to facilitate dedicated discussion around this topic. I would like to just set expectations now that I don't consider myself to be technical enough to weigh in on the discussion, but I am looking forward to reading and learning from the conversation. ## Project Updates *The below updates are pulled directly from our CPE team call we have every week.* ## Fedora ### General * Go NoGo meeting was on 15th Oct. F33 was No GO and new date is moved to 2020-10-27 ### Staging Environment * Working on getting OpenQA moved over * Adding boxes to CentOS to test IPA ### Noggin * After the team reviewed the work still left to do to be able to deploy a robust and secure solution, we discovered that there is more development work to do and we are now working towards a release date of January 29th 2021. * Accounts & data will remain secure in the current solution until we can cut over, we have established a monitoring plan to derisk this extended time the team needs to complete their work. * The team are working on completing a full staging environment to deploy Noggin in right now and will hope to have this in place in the next few weeks * We also have some members of CentOS working in this team now to help with the work required for the migration of the CentOS accounts and data to Noggin * The teams kanban board where they track their work can be found here https://github.com/orgs/fedora-infra/projects/6 ### Fedora Messaging Schemas * This project is worked on on a part time basis as we are prioritizing completing Noggin first before fully committing to its completion * There is a list of applications that require messaging schemas can be found here https://hackmd.io/@nilsph/H1i8CAbkP/edit * There is a readme which contains documentation on messaging schemas, a cookie-cutter template to create the schema and a definition of Done for writing a schemas https://github.com/fedora-infra/fedora-messaging-schemas-issues * The board they are working from can be viewed here https://github.com/orgs/fedora-infra/projects/7 ## CentOS Updates ### CentOS * New CI admin added - mobrien, welcome! * Plumbing for duffy being worked on currently and will be deploying to staging in the coming weeks ### CentOS Stream * Looking at ODCS services in the build system * Also working on deploying mbbox operator to the system too * centos-stream-release package is also out, go check it out! ## Team Info ### CPE Product Owner Office Hours IRC office hours are now once per month.Below are the logs from the most recent meetings and dates for the next ones. #### #fedora-meeting-1 * Log from 2020-10-15 meeting: * Next Meeting: 2020-11-12 @ 1300 UTC on #fedora-meeting-1 #### #centos-meeting * Log from 2020-10-13 meeting: * Next Meeting: 2020-11-10 @ 1500 UTC on #centos-meeting ## Background: The Community Platform Engineering group, or CPE for short, is the Red Hat team combining IT and release engineering from Fedora and CentOS. Our goal is to keep core servers and services running and maintained, build releases, and other strategic tasks that need more dedicated time than volunteers can give. See our wiki page here for more information:https://docs.fedoraproject.org/en-US/cpe/ As always, feedback is welcome, and we will continue to look at ways to improve the delivery and readability of this weekly report. Have a great week! Aoife Source: https://hackmd.io/8iV7PilARSG68Tqv8CzKOQ?view -- Aoife Moloney Product Owner Community Platform Engineering Team Red Hat EMEA Communications House Cork Road Waterford

1 0

CPE PO Office Hours IRC Reminder - #centos-meeting @ 1500 UTC
by Aoife Moloney 13 Oct '20

13 Oct '20

Hi everyone, I reduced my IRC office hours to once per month, on the 2nd tuesday of every month and today is that day! :) Ill be on #centos-meeting @ 1500 UTC today if anyone would like to stop by and chant. I have no agenda set, but will probably give a quick rundown of the projects CPE are working on in Q4 and how our quarterly planning session went. If you want to chat about the above, or anything else, you know where to find me! Thanks, Aoife -- Aoife Moloney Product Owner Community Platform Engineering Team Red Hat EMEA <https://www.redhat.com> Communications House Cork Road Waterford <https://www.redhat.com>

1 0

Module version differences between RHEL8 and Centos8?
by Antal Nemeš 08 Oct '20

08 Oct '20

Is there any way to correlate modular package versions in RHEL8.x with ones from Centos8.x in any way, no matter how difficult? For example, looking at package list for https://access.redhat.com/errata/RHSA-2020:3714: - RedHat lists httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64.rpm - in CentOS this (probably?) matches httpd-0:2.4.37-21.module_el8.2.0+494+1df74eae.x86_64 AFAIK, the non-modular packages shared the same NEVRA between RHEL and Centos (not sure if there were exceptions, though). Thanks, Antal

7 15

[NFVSIG] NFV SIG meeting minutes - 2020-10-07
by Alfredo Moralejo Alonso 07 Oct '20

07 Oct '20

============================================= #centos-meeting: NFV SIG meeting - 2020-10-07 ============================================= Meeting started by amoralej at 15:00:44 UTC. The full logs are available athttps://www.centos.org/minutes/2020/October/centos-meeting.2020-10-07-15.… . Meeting summary --------------- * openvswitch and ovn 2.13 updated to sync with FDP 20.G (amoralej, 15:03:10) * ovs and ovn have been updated to sync with FDP erratas (amoralej, 15:03:27) * LINK: https://access.redhat.com/errata/RHBA-2020:3773 (amoralej, 15:03:42) * LINK: https://access.redhat.com/errata/RHBA-2020:3816 (amoralej, 15:03:53) * packages are ready to be tested in nfvsig testing repo https://buildlogs.centos.org/centos/8/nfv/x86_64/openvswitch-2/ (amoralej, 15:04:36) * new centos-release-nfv to include network-extras (amoralej, 15:08:23) * https://git.centos.org/rpms/centos-release-nfv/c/f7cfaf46d4caca3259ec8c723c… (amoralej, 15:09:12) Meeting ended at 15:19:31 UTC. Action Items ------------ Action Items, by person ----------------------- * **UNASSIGNED** * (none) People Present (lines said) --------------------------- * amoralej (29) * dholler (4) * centbot (3)

1 0

Meeting minutes of the CentOS Storage SIG Monthly, October Edition
by Niels de Vos 06 Oct '20

06 Oct '20

============================================================ #centos-meeting: CentOS Storage SIG Monthly, October Edition ============================================================ Meeting started by ndevos at 13:04:08 UTC. The full logs are available at https://www.centos.org/minutes/2020/October/centos-meeting.2020-10-06-13.04… . Meeting summary --------------- * Roll Call (ndevos, 13:04:19) * Agenda (ndevos, 13:06:02) * LINK: https://hackmd.io/Epc35JIESaeotoGzwu5R5w (ndevos, 13:06:06) * Ceph Builds (ndevos, 13:08:11) * AGREED: kkeithley stepped in to help get Ceph back on track, but wasn't volunteering to keep doing building ceph packages for ever (ndevos, 13:08:36) * centos-release-gluster packages (ndevos, 13:09:30) * hughesjr will try to include centos-release-gluster8 when 7.9 is released (ndevos, 13:17:01) * Open Floor (ndevos, 13:21:14) * LINK: https://pagure.io/centos-infra/issue/50 (ndevos, 13:28:35) Meeting ended at 13:30:28 UTC.

1 0

EPEL-6 is End of Life in 2020-11
by Troy Dawson 05 Oct '20

05 Oct '20

EPEL 6 is End Of Life (EOL) on November 2020. EPEL 6 will be moved to archives in December 2020. Plan ahead now.

4 4

[unscheduled outage] hardware issue impacting CI services (including https://ci.centos.org)
by Fabian Arrotin 04 Oct '20

04 Oct '20

Yesterday (Saturday) evening we got zabbix notifications that some nodes in CI environment were unreachable. After a quick look, I discovered that it was an embedded network switch in a chassis hosting multiple nodes (including but not limited to jenkins node behind ci.centos.org) that went nuts. I tried a remote "hardware reset" and nodes were back online after ~10min. But this morning (sunday), I see through zabbix that same issue happened again, and in the hour after I already did the "hardware reset", but this time, even that doesn't work anymore. So that means that we have a network switch not working anymore. As that chassis (like almost *all* equipment in CI) *isn't* under warranty, we'll see on monday what can be done and how we give priority to try to dispatch services elsewhere (and that probably means then powering down other services , depending on priority that will be given), but it's easy to understand that we can't even give any ETA at this point. Thanks for your comprehending, -- Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 17F3B7A1 | twitter: @arrfab

1 1

unable to create an account on bugs.centos.org due to captcha
by Chris Brannon 23 Sep '20

23 Sep '20

Hi, I've been trying to create an account on https://bugs.centos.org. I'm blind, but all I find is a visual captcha. From inspection of the HTML source for the signup page, it appears that there might be an audio captcha implemented in flash, but I don't have flash on any of my devices. I went and grabbed a copy of the mantisbt source code, to get an idea of what it was doing and to determine whether I had any other options. Mantis uses a bundled third-party library to generate those captchas. In the source tree, it's vendor/dapphp/securimage. In the latest version, at least, that library will generate an HTML 5 <audio> tag by default, with a fallback to flash. The <audio> would work just fine for me. I don't know what version of Mantis BT bugs.centos.org is running, and that's why I'm writing here. Is there any chance of an upgrade / patch to fix my issue? Please let me know if there is anything I can do to help. -- Chris

2 2

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

devel