This is a weekly report from the CPE (Community Platform Engineering) Team. If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on libera.chat (https://libera.chat/).

Week: 18th – 22nd of July 2022

This is a summary of the work done on initiatives by the CPE Team. Each quarter CPE Team together with CentOS and Fedora community representatives choose initiatives that will be being worked on in this quarter. The CPE Team is then split into multiple smaller sub-teams that will work on chosen initiatives + day to day work that needs to be done.

Following is the list of sub-teams in this quarter:

• Infra & Releng
• CentOS Stream
• Image Builder
• Bodhi
• Duffy CI
• EPEL

Infra & Releng

About

Purpose of this sub-team is to take care of day to day business regarding CentOS and Fedora Infrastructure and Fedora release engineering work. It’s responsible for services running in Fedora and CentOS infrastructure and preparing things for the new Fedora release (mirrors, mass branching, new namespaces etc.). This sub-team is also investigating possible initiatives. This is done by ARC (The Advance Reconnaissance Crew), which is formed from the Infra & Releng sub-team members based on the initiative that is being investigated.

Issue trackers

• Fedora Infrastructure
• CentOS Infrastructure
• Fedora Release Engineering
• Initiatives proposals investigated by ARC

Documentation

• Fedora Infrastructure
• CentOS Infrastructure
• Fedora Release Engineering
• ARC investigations

Members of sub-team for Q1 2022

• Mark O’Brien (Team Lead) (Fedora/CentOS Operations) (mobrien)
• Kevin Fenzi (Team Lead) (Fedora Operations) (nirik)
• Michal Konečný (Agile Practitioner/Developer) (zlopez)
• Fabian Arrotin (CentOS Operations) (arrfab)
• Pedro Moura (CentOS/Fedora Operations) (phsmoura)
• Tomáš Hrčka (Fedora Release Enginnering) (humaton)
• Petr Bokoč (Documentation) (pbokoc)
• David Fan (Developer) (dfan)
• Vipul Siddharth (Developer) (siddharthvipul)
• Akashdeep Dhar (Developer) (t0xic0der)

What the sub-team did in Q1 2022

Fedora Infrastructure

• Spend some time to focus on Pagure application
  • Fixed the CI – will need to be migrated from current CentOS CI in future
  • Fixed the migration bug preventing migration of git.centos.org
• Finished upgrading koji hub/builders to fedora 35
• Cleaned up users with invalid accounts containing “.”, “-” and only 1-2 characters.
• Added some machines to our OpenShift4 clusters and OpenQA
• Got Firmware and BIOS upgraded on the vast majority of our machines
• Switched all our bugzilla interfacing apps to use API keys
• Moved our ansible control host (batcave01) to ansible-core-2.12.4 from ansible 2.9.x

CentOS Infrastructure

• Decommissioned CentOS 8 from all mirrors (distribution and SIG content)
• Gitlab SSO working for https://gitlab.com/CentOS
• Cbs.centos.org building from gitlab and also supporting “flat-layout” style (vs “rpmbuild style”)
• Upgrade infra to ansible 5.x (aka ansible-core 2.12) 
• SIGs can now tag their centos-release-* package themselves to mirrors (both for CentOS Stream 8 and Stream 9), instead of relying on distro builders (and so having to ask someone from Stream team to process requests)
• https://vault.centos.org CDN moved behind AWS Cloudfront
• Processed all SIGs pub keys to be re-signed with SHA512 digest algo (RHEL9/openssl3 change

Fedora Release Engineering

• Migration of fedscm-admin script to toddler (currently in testing phase)
• Release cycle for F36 started by mass rebuild in January followed by branching f36 from rawhide. Beta was released on 29 of March.

ARC

• Rewrite Flask OIDC
  • Flask oidc relies on a deprecated library for oauth/oidc authentication. This library will need to be updated and authlib seems like the logical choice
  • Docs for investigation: https://fedora-arc.readthedocs.io/en/latest/flask-oidc/index.html 
• Automate packaging of infra apps in Fedora
  • There are a number of applications in Fedora that the CPE team manages. Ideally we would like these applications to be automatically packaged.
  • A few different implementations were investigated but packit seems to be the best fit.
  • Docs for investigation: https://fedora-arc.readthedocs.io/en/latest/package-automation/index.html

CentOS Stream

About

This initiative is working on CentOS Stream/Emerging RHEL to make this new distribution a reality. The goal of this initiative is to prepare the ecosystem for the new CentOS Stream. 

Issue trackers

• Bugzilla

Documentation

• CentOS documentation

Application URLs

• https://centos.org/centos-stream/

Members of sub-team for Q1 2022

• Brian Stinson (Team Lead) (bstinson)
• Adam Samalik (Agile Practitioner) (asamalik)
• James Antill (jantill)
• Johnny Hughes
• Mohan Boddu (mboddu)
• Stephen Gallagher (sgallagher)
• Troy Dawson (tdawson)
• Adam Saleh (asaleh)

What the sub-team did in Q1 2022

The ‘extras-common’ repo for Stream 8 and 9 became available for SIGs to build from. The team also worked on bringing the Stream 8 and Stream 9 workflows closer together by importing existing 8 builds in koji to 9 stream koji . Stream 9’s build environment also found a new home in Q1, we moved its hardware ‘down the street’ aka into a new section of the datacenter they live in now with little to no disruption to workflows of users. We also added Centpkg to EPEL 9 and a new version of Content Resolver  with an integrated buildroot resolver went live with views of ELN and Stream was also released in Q1 of this year.

Image Builder

About

Integration of Image builder as a service with Fedora infra to allow Fedora IoT migrate their pipeline to Fedora infra.

Members of sub-team for Q1 2022

• Stephen Coady (Team Lead)
• Emma Kidney
• David Kirwan
• James Richardson

What the sub-team did in Q1 2022

The team began this initiative by successfully running Image Builder locally while studying documentation on how to write the Koji plugin necessary to complete the pipeline migration. Once that was completed, the sub-team worked with members of the Image Builder team to install the Koji plugin into a staging environment. Further work to be completed by the Image Builder team is to move the plugin to their production environment. The team also completed the handover to the infrastructure team.

Bodhi

About

This initiative is to separate Bodhi into multiple sub packages, fix integration and unit tests in CI, fix dependency management and automate part of the release process.

Read ARC team findings in detail at: https://fedora-arc.readthedocs.io/en/latest/bodhi/index.html

Issue trackers

• GitHub

Documentation

• Bodhi documentation

Application URLs

• Bodhi

Members of sub-team for Q1 2022

• Aurélien Bompard (Team Lead) (abompard)
• Ryan Lerch
• Patrik Polakovic (ppolakov)
• Lenka Segura (lsegura)
• Nils Philippsen (nils)

What the sub-team did in Q1 2022 (a.k.a. “What’s new in Bodhi 6.0”)

Authentication

Bodhi gained support for OpenID Connect (OIDC) authentication, like most of Fedora’s webapps. OpenID still works but is not the default, you can access it by using `/login?method=openid` as the login URL.

Version 6.0 of the Bodhi client uses only OIDC, plain OpenID support has been dropped. Version 5.7.5 of the Bodhi client, however, uses the new OpenID login URL, so you need at least version 5.7.5 to use the Bodhi client.

The client’s API has changed, so if you have a piece of code that imports from `bodhi.client`, you’ll have to update it to use the new API, and in the meantime use version 5.7.5.

As a user of the `bodhi` CLI, you’ll notice that the `–username` and `–password` options have disappeared. Instead the Bodhi client will ask you to open your browser to a URL to authenticate. The authentication tokens will be saved and you’ll be able to use the `bodhi` CLI without authenticating afterwards (or non-interactively).

Code reorganization

The Bodhi source code has been reorganized to drop the hacks used in `setup.py` to support sub-projects. Instead, `bodhi-server`, `bodhi-client` and `bodhi-messages` are now actual Python package directories in the repo. The import path has not changed.

Bodhi’s Python project metadata and dependencies are now managed with Poetry.

Other changes

• Serialized `Release` objects sent in the messages don’t contain the `composes` property anymore
• The `koji-build-group.build.complete` messages now contain an `update` property
• In the Bodhi client API, the `save_override()` method has been extended to allow setting the expiration date directly
• Miscellaneous bug fixes

Duffy CI

About

Duffy is a system within CentOS CI Infra which allows tenants to provision and access bare metal resources of multiple architectures for the purposes of CI testing.

We need to add the ability to checkout VMs in CentOS CI in Duffy. We have OpenNebula hypervisor available, and have started developing playbooks which can be used to create VMs using the OpenNebula API, but due to the current state of how Duffy is deployed, we are blocked with new dev work to add the VM checkout functionality.

Issue trackers

• Project repository

Project Board

• Q3/2021, Q1/2022 Development Initiative

Documentation

• Project Wiki

Application URLs

• Not yet deployed into production

Members of sub-team for Q1 2022

• Nils Philippsen (Team Lead) (nils)
• Akashdeep Dhar (t0xic0der)
• Vipul Siddharth (siddharthvipul)

What the sub-team did in Q1 2022

• Finish development work on Duffy so it’s deployable (from a coding point of view)
• Start handover to infrastructure team

EPEL

About

Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Linux (OL).

EPEL packages are usually based on their Fedora counterparts and will never conflict with or replace packages in the base Enterprise Linux distributions. EPEL uses much of the same infrastructure as Fedora, including buildsystem, bugzilla instance, updates manager, mirror manager and more.

Issue trackers

• Pagure

Documentation

• EPEL documentation

Members of sub-team for Q1 2022

• Carl George (Team Lead) (carlwgeorge)
• Diego Herrera

What the sub-team did in Q1 2022

• Fostered the growth of EPEL9 to over 5300 packages (over 2400 source packages)
• Started tracking EPEL packages that fail to install
• Started tracking open CVE bugs for EPEL packages
• Refined EPEL policies and documentation

Epilogue

If you get here, thank you for reading this. If you want to contact us, feel free to do it in #redhat-cpe channel on libera.chat.

This is a weekly report from the CPE (Community Platform Engineering) Team. If you have any questions or feedback, please respond to this report or contact us on #redhat-cpe channel on libera.chat (https://libera.chat/).

Week: 4th – 7th July 2022