17:01:15 #startmeeting RELENG (2018-06-21) 17:01:15 Meeting started Thu Jun 21 17:01:15 2018 UTC. 17:01:15 This meeting is logged and archived in a public location. 17:01:15 The chair is mboddu. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:01:15 Useful Commands: #action #agreed #halp #info #idea #link #topic. 17:01:15 The meeting name has been set to 'releng_(2018-06-21)' 17:01:15 #meetingname releng 17:01:15 The meeting name has been set to 'releng' 17:01:15 #chair nirik tyll sharkcz masta pbrobinson pingou puiterwijk maxamillion mboddu Kellin dustymabe 17:01:15 #topic init process 17:01:15 Current chairs: Kellin dustymabe masta maxamillion mboddu nirik pbrobinson pingou puiterwijk sharkcz tyll 17:01:43 morning 17:01:52 heya, /me is here this week :-) 17:02:53 Hello guys 17:02:59 cverna: Are you around here today? 17:04:36 kinda late for cverna... 17:04:38 Okay, lets get started 17:04:58 nirik: Yeah, but we are going to talk at 18:00 UTC later today, so I thought he will be around now 17:05:11 oh, alright 17:05:44 since sharkcz is here, lets get started with alt arches 17:05:53 #topic Alternative Architectures updates 17:06:18 nirik, sharkcz : Any ideas on why s390x runroot tasks are getting hung? 17:06:46 for some reason the network link is really really slow... 17:06:54 I have no idea why, but was going to inquire. 17:07:32 nirik: Okay, thanks for tracking it 17:07:58 slow network could explain that, it might be related to the quite high memory overcommit for the VMs, it should get better 17:08:20 there have also been a lot of big jobs of late. 17:08:29 after the resources from the secondary lpar are reused in the primary lpar 17:08:34 like yesterday I looked and 7 of the builders were building openjdk 17:09:25 #info Network link between our infra site and s390x vms is really really slow. Kevin is looking into it 17:09:31 would be good to have performance numbers for the lpar utilization 17:09:45 sharkcz: True, I am very excited about it, I hope it will happen soon 17:09:49 yeah, I did some pinging internally... 17:11:00 Anyway, lets get moving 17:11:17 I dont have anything other than that, so I moving to open floor 17:11:27 #topic Open Floor 17:11:36 This is going to be short meeting 17:11:48 mboddu: we had the thing we tagged in stand up 17:12:29 I was going to ask about 2 things. ;) want me to go or Kellin you want to go first? 17:12:47 nirik: You go ahead, I have to find that ticket 17:13:21 1) was there any progress on adding templates or other pagure customizations ? 17:13:42 2) did one of you want to try a non root test compose so we can figure out what needs tweaking if anything... 17:13:52 nirik: yes, we have templates for 3 tawsks 17:13:54 tasks... 17:14:12 and yes, where do you want to try the non-root compose, stage or prod? 17:14:18 (I prefer stage) 17:14:27 nirik: Yes, I added 4 templates, with 1 generic one 17:14:54 oh, excellent. :) another new thing you could also leverage is the 'quick responses' 17:15:13 Kellin: we can try stg, but I don't think it will give us a real valid test for prod... 17:16:35 Hmm, OK 17:18:23 * cverna is around now 17:18:48 cverna: Hello 17:19:11 mboddu: o/ 17:19:44 #info RelEng added templates to issues and we will look at adding more customizations using 'quick responses' 17:21:45 Kellin: Do you wanna try the rootless pungi runs? 17:22:31 mboddu: sure. that works for me 17:22:47 Kellin: Awesome 17:23:19 #info Kellin is going to work on testing the pungi runs without using root permissions 17:24:10 Now, this is different, go over meeting topics after open floor :D 17:24:16 heh 17:24:19 meh, it happens. 17:24:21 wellw e have a lot of them 17:24:22 #topic #7534 push all arches base images info container registry. 17:24:26 we should take any spare time and keep clearing those out 17:24:38 #link https://pagure.io/releng/issue/7534 17:24:59 Kellin, nirik : :) 17:25:16 cverna: Okay, your turn :) 17:25:56 ok 17:26:21 cverna: We are using https://pagure.io/releng/blob/master/f/scripts/sync-latest-container-base-image.sh#_79 to download just x86_64 images and pushing them to our registry 17:26:28 so from what I understood we are pushing multi arch images to docker hub but not to our internal registry 17:27:06 So, if we just change that to download other arch images and push them, does our registry is capable to understand the arches and work with them properly? 17:27:16 yes so we should add support to push other architecture 17:27:44 mboddu: I believe so since we are using the plain docker registry 17:28:05 mboddu: we can give it a try in stg and see how that goes 17:28:27 cverna: hehe, you read my mind, +1 trying it stg 17:29:37 what we or I can do is open a PR on the script and test it on stg once we are happy with it merge it and do it in prod 17:30:25 cverna: I think we dont need to anything to that script, if we provide -s option it will do stage release 17:30:39 cverna: https://pagure.io/releng/blob/master/f/scripts/sync-latest-container-base-image.sh#_62 17:31:01 mboddu: we need to get the other arch image from koji 17:31:10 cverna: Oh yeah, right 17:32:19 mboddu: do you know how the images are pushed to the docker hub ? 17:33:02 #info RelEng and cverna will work together in testing this in stage by updating the sync-latest-container-base-image.sh to add support for other arches 17:33:34 cverna: If there is anything other than docker tag and docker push, then I dont know 17:35:27 mboddu: so this is a manual process ? or is there a script ? 17:35:39 cverna: Thats the part of the script 17:35:49 cverna: https://pagure.io/releng/blob/master/f/scripts/sync-latest-container-base-image.sh#_88 17:36:29 mboddu: oh ok I meant the images we are pushing on https://hub.docker.com/ 17:37:14 cverna: Sorry, I overlooked at your first message 17:37:25 no worries 17:37:40 cverna: I dont know that process, only puiterwijk and Adam M knows about it 17:38:02 cverna: the process for that is: ping me 17:38:11 (or Adam, but mostly me these days) 17:38:12 IIRC, there is a github repo with the scripts that does it 17:38:25 mboddu: yeah, but only me and Adam have access to do that 17:38:35 So just ping me if you want stuff updated on docker hub 17:38:40 I try to do it myself as well every so often 17:38:57 puiterwijk: I was just wondering how the multi arch is done 17:39:18 puiterwijk: since it is working on docker.io but not in our registry 17:39:21 puiterwijk: Just like keeping things to yourself, just like your yubikeys and not giving to us :P 17:39:29 puiterwijk: I wanted to do it the same way 17:39:49 cverna: https://github.com/fedora-cloud/official-images/blob/master/library/fedora 17:39:56 The docker hub process is really manual 17:40:13 So doing it the same way is... not what we'd want 17:40:32 Basically, I push a repo with all the raw tarballs, then send them a PR for this, they merge it, and htat pushes to docker hub 17:41:34 ok yeah not ideal 17:42:14 The Docker folks wrote bots to grab this and push tsuff 17:42:15 stuff 17:42:58 what was not really clear to me was how to tag the other arch since I guess we want all the images to be name fedora 17:44:57 cverna: I think I can get some help with that, but no promises 17:45:46 mboddu: sounds good :) 17:48:44 cverna: So, from what I understood, manifest lists is what we need to use, but I need more help 17:49:51 cverna: From docker docs - https://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list-field-descriptions 17:49:57 hehe, docker docs :D 17:50:04 Anyway, lets move on to the next topic 17:50:49 #topic #6230 sign our docker images 17:50:57 #link https://pagure.io/releng/issue/6230 17:51:56 puiterwijk: If you are still around, can you tell us briefly about the container image signing? 17:52:08 nirik: ^ If you know anything that will help as well 17:52:24 I don't really know much about it. 17:53:08 nirik: Okay 17:53:17 mboddu: I can later. 17:53:45 But basically, sigul supports signing, we have a place where we place signatures, but autosigning is only in the next robosignatury 17:53:48 robosignatory* 17:53:57 So we have the capability, we don't autosign at the moment 17:54:20 Do note that we are not using the docker signing system, but rather the RH signing system, as used by skopeo 17:54:21 puiterwijk: Okay, we can go over it when you have some free time :) 17:54:31 Well, I'd say that that's the summary 17:55:21 puiterwijk: Okay, just one quick question, when are they getting signed? 17:55:33 mboddu: as I said, right now, they don't. 17:55:45 With new robosig, they will be as soon as bodhi picks them up. 17:55:56 They'll be part of the standard autosigning-on-bodhi-submission 17:56:27 puiterwijk: Ohh, "we don't autosign at the moment" I thought you are signing them manually at some point 17:56:43 puiterwijk: Cool 17:56:48 Thanks for the info puiterwijk 17:56:50 mboddu: no, we don't sign at all 17:56:56 We *can*. but we don't yet 17:57:05 Got it, thanks :) 17:58:57 #info With upcoming new robosig, we will start supporting container signing and they will signed just like what we have with rpms today, containers will be signed when they are submitted to bodhi. 17:59:08 Anybody has anything else? 17:59:24 Oh we are out of time too 17:59:32 I thought this is going to be a short meeting 17:59:35 just we should get to the rest of our meting tagged stuff 17:59:48 so we should try, if we end early, to hit those and clear that backlog 17:59:54 it will help get rid of clutter 17:59:57 Kellin: +1 18:00:15 Anyway, thank you all for joining 18:00:20 #endmeeting