#meeting:fedoraproject.org log

<@davide:cavalca.name>

16:00:16

!startmeeting CentOS Hyperscale SIG

<@meetbot:fedora.im>

16:00:19

Meeting started at 2024-07-03 16:00:16 UTC

<@meetbot:fedora.im>

16:00:19

The Meeting name is 'CentOS Hyperscale SIG'

<@davide:cavalca.name>

16:00:30

!topic Roll call

<@salimma:fedora.im>

16:00:30

!hi

<@zodbot:fedora.im>

16:00:32

Michel Lind (salimma) - he / him / his

<@davide:cavalca.name>

16:00:32

morning everyone

<@salimma:fedora.im>

16:00:49

Davide Cavalca: where did you get the list of builds to put in the hackmd from? that was neat

<@davide:cavalca.name>

16:00:59

copypasta from CBS :)

<@nhanlon:beeper.com>

16:01:09

!hi

<@zodbot:fedora.im>

16:01:11

Neil Hanlon (neil) - he / him / his

<@nhanlon:beeper.com>

16:01:12

morning, folks

<@conan_kudo:matrix.org>

16:01:22

!hi

<@zodbot:fedora.im>

16:01:24

Neal Gompa (ngompa) - he / him / his

<@davide:cavalca.name>

16:03:02

let's get started

<@davide:cavalca.name>

16:03:03

!topic Followups

<@salimma:fedora.im>

16:03:11

this is when I dig up my old JIRA submissions to link to the report to say "hey this is still not addressed upstream" :P

<@davide:cavalca.name>

16:03:19

a bunch of us are recovering from various conference travels :)

<@davide:cavalca.name>

16:04:16

the main thing to sort out today is https://hackmd.io/Nymo_rUBQqKF-4sdxPPNoA as we should get the report finalized

<@davide:cavalca.name>

16:04:41

I updated https://sigs.centos.org/hyperscale/communication/talks/ last week to add a few other missing talks

<@davide:cavalca.name>

16:04:52

at some point we should go over the docs and clean up the old c8s references as well

<@conan_kudo:matrix.org>

16:04:56

yeah... 4 conferences back to back in June was a lot :)

<@davide:cavalca.name>

16:06:07

anything else for followups?

<@conan_kudo:matrix.org>

16:06:25

I don't remember anything anymore 😅

<@davide:cavalca.name>

16:06:41

yeah same

<@davide:cavalca.name>

16:06:44

alright, let's move on

<@davide:cavalca.name>

16:06:53

!topic Announcements

<@davide:cavalca.name>

16:07:10

we're now building packages for c10s!

<@conan_kudo:matrix.org>

16:07:16

w00ts

<@salimma:fedora.im>

16:07:25

faster than EPEL :)

<@davide:cavalca.name>

16:07:31

so far it's only a handful, but I expect to be adding more as things progress

<@conan_kudo:matrix.org>

16:07:33

that means I need to factor it in for new kernel builds, right?

<@davide:cavalca.name>

16:07:37

yup

<@conan_kudo:matrix.org>

16:07:44

oh dear, that also means bootstrapping anaconda too

<@conan_kudo:matrix.org>

16:08:03

we should actually make a real checklist for cXs bootstrap

<@davide:cavalca.name>

16:08:13

for rpmcow we'll wait till ~november to see if upstream does end up rebasing rpm or not as we discussed in Brno

<@salimma:fedora.im>

16:08:14

should we bother with booting something up until the beta is out?

<@davide:cavalca.name>

16:08:33

so yes

<@conan_kudo:matrix.org>

16:08:38

some things we can push off a bit... but not a lot

<@davide:cavalca.name>

16:08:58

this is a great idea

<@conan_kudo:matrix.org>

16:09:08

we forgot to do this last time :)

<@davide:cavalca.name>

16:11:42

anything else for announcements?

<@conan_kudo:matrix.org>

16:12:15

EPEL 10 hackfest at Flock?

<@davide:cavalca.name>

16:12:32

oh right, flock and devconf are the next ones

<@conan_kudo:matrix.org>

16:12:33

EPEL 10 is rather important for us in Hyperscale, so Carl George's hackfest is going to be a must-attend for us

<@daandemeyer/:matrix.org>

16:13:03

When is EPEL 10 becoming a thing?

<@daandemeyer/:matrix.org>

16:13:13

It's painful to get c10s added upstream in systemd without it

<@carlwgeorge:matrix.org>

16:13:14

soon (tm)

<@carlwgeorge:matrix.org>

16:13:41

i actually have a draft of a status update i'm sending out today or tomorrow

<@carlwgeorge:matrix.org>

16:13:51

https://hackmd.io/Gqlz6p7ZQjWjQYIC5XWuwA?view

<@conan_kudo:matrix.org>

16:14:24

once the tags and composes for EPEL 10 are in place, we'll need to reconfigure the hyperscale tags

<@carlwgeorge:matrix.org>

16:14:26

tldr, official launch in q4 this year in conjunction with a c10 announcement, and hopefully a soft launch sooner for packagers to add stuff

<@davide:cavalca.name>

16:17:29

next up

<@davide:cavalca.name>

16:17:30

!topic Tickets

<@davide:cavalca.name>

16:17:56

Conan Kudo: I've filed https://pagure.io/centos-sig-hyperscale/sig/issue/166 to track the kernel for c10s

<@conan_kudo:matrix.org>

16:18:06

cool

<@conan_kudo:matrix.org>

16:18:49

I'm currently working through making the 6.9.x kernel build on c9s too, and I think I can reuse a hack we use for Fedora 39 where libbpf is too old

<@salimma:fedora.im>

16:19:22

what's the hack - bundling libbpf?

<@conan_kudo:matrix.org>

16:19:48

I don't want to maintain multiple kernel codestreams

<@salimma:fedora.im>

16:19:52

fwiw that's the recommendation of bpf developers - which is why a) we have it bundled in a bunch of bpf-using tools and b) I am not looking at packaging any of this in Debian :/

<@salimma:fedora.im>

16:20:08

yeah, so I'm wondering what the hack is in f39

<@conan_kudo:matrix.org>

16:20:15

static linking and using some internal bpf thingy

<@salimma:fedora.im>

16:20:26

ah right. so ... what I suspected

<@conan_kudo:matrix.org>

16:20:33

there's a build flag for it and I use it for the Asahi kernel for F39

<@salimma:fedora.im>

16:20:41

looking forward to when we need to bundle our own rust toolchain too... not

<@conan_kudo:matrix.org>

16:20:44

so I will cherry-pick that fix over to the Hyperscale kernel

<@conan_kudo:matrix.org>

16:20:58

we won't need to past 6.10~6.11

<@conan_kudo:matrix.org>

16:21:09

they're finally starting to support rust toolchain minvers

<@salimma:fedora.im>

16:21:34

oh ... if you know where this was announced maybe I can use that to convince our buck2 people

<@conan_kudo:matrix.org>

16:22:11

yes, one sec

<@conan_kudo:matrix.org>

16:22:37

!link https://lore.kernel.org/rust-for-linux/20240701183625.665574-1-ojeda@kernel.org/

<@conan_kudo:matrix.org>

16:22:51

they have dropped usage of unstable features almost entirely

<@salimma:fedora.im>

16:23:06

nice

<@conan_kudo:matrix.org>

16:24:12

so with kernel 6.11, I will be able to revisit rust enablement for the Fedora kernel

<@conan_kudo:matrix.org>

16:24:22

presuming this patchset lands

<@davide:cavalca.name>

16:25:30

next up

<@davide:cavalca.name>

16:25:31

!topic Membership

<@davide:cavalca.name>

16:25:39

don't think we have anything here this week?

<@conan_kudo:matrix.org>

16:25:49

we're still waiting on Adenilson Cavalcanti

<@davide:cavalca.name>

16:26:01

yeah

<@davide:cavalca.name>

16:26:08

that leaves us with

<@davide:cavalca.name>

16:26:09

!topic Miscellaneous

<@davide:cavalca.name>

16:26:13

anything else folks wanna discuss?

<@conan_kudo:matrix.org>

16:26:24

we've got 30 days until Flock :)

<@conan_kudo:matrix.org>

16:26:46

we need to prep our hackfests, presentations, etc. for that

<@davide:cavalca.name>

16:27:21

yup

<@salimma:fedora.im>

16:29:43

time flies

<@salimma:fedora.im>

16:30:06

will we have some sort of HS hackfest? either at Flock or at devconf.us

<@conan_kudo:matrix.org>

16:30:07

yeah

<@conan_kudo:matrix.org>

16:30:18

I think we planned one?

<@salimma:fedora.im>

16:31:23

one painpoint I have that I do want to discuss - starting here but later in person - is that we increasingly need a flexible notification system

<@salimma:fedora.im>

16:31:23

something like our package update issues but where the upstream does not have to be the centos repo but can be something else - e.g. we have HS packages tracking Fedora, EPEL packages tracking Fedora etc

<@salimma:fedora.im>

16:31:23

<@salimma:fedora.im>

16:31:54

it seems like we should tackle this in general rather than focusing on a single flow (cXs -> hs.cXs)

<@conan_kudo:matrix.org>

16:32:12

yes, especially as now we're doing a lot more of a diverse package set

<@conan_kudo:matrix.org>

16:32:27

c9s shifted midway through from being mostly patches to mostly backports

<@conan_kudo:matrix.org>

16:32:37

and I don't think that we will revert back in c10s

<@salimma:fedora.im>

16:32:50

hs.el9 you mean right, not upstream c9s

<@conan_kudo:matrix.org>

16:33:02

yes, I'm referring to the generic category

<@conan_kudo:matrix.org>

16:33:09

it's faster to type :)

<@salimma:fedora.im>

16:33:29

speaking of patches... one thing I'm not sure if we should discuss it here or not... do we need to, or should we, use HS for emergency security fixes?

<@conan_kudo:matrix.org>

16:34:00

I think that's generally our call... we do rely on CentOS Hyperscale

<@salimma:fedora.im>

16:34:07

<@salimma:fedora.im>

16:34:07

we have not in the past for things like glibc where it's... going to be hard to support, but for say the new openssh issue it seems trivial. the optics is bad though

<@salimma:fedora.im>

16:34:07

(we do have a fixed openssh, but it's only in the FB flavor)

<@conan_kudo:matrix.org>

16:34:21

if we decide to explicitly do security maintenance, then we should probably get on the linux-distros@ list

<@salimma:fedora.im>

16:34:36

anyone can build the non-FB flavor and it should match the c9s package, but I have not tested it :P

<@conan_kudo:matrix.org>

16:34:37

it's something I've thought about lately too

<@salimma:fedora.im>

16:34:51

yeah... it might be worth it just for the visibility alone

<@conan_kudo:matrix.org>

16:35:00

CentOS Hyperscale is distinct enough that we probably can justify the effort

<@salimma:fedora.im>

16:35:26

I'd prefer discussing it with RH folks in person first, but... yeah we do have a use case right. we ship a product, it's not just for R&D of the next RHEL

<@conan_kudo:matrix.org>

16:35:27

in the beginning, it wasn't like that, but we've pretty firmly evolved in a distinct direction

<@nhanlon:beeper.com>

16:35:39

I would agree there

<@conan_kudo:matrix.org>

16:35:44

we ship our own kernel, openssh, rpm, etc.

<@salimma:fedora.im>

16:35:47

we should let Davide and others weigh in before we get carried away here :)

<@nhanlon:beeper.com>

16:35:59

where's the fun in that ? ;)

<@salimma:fedora.im>

16:36:19

but yeah some internal folks have been assuming we are in the distros list and we're not

<@conan_kudo:matrix.org>

16:36:36

people seem to assume I'm on the list and I have never been...

<@salimma:fedora.im>

16:36:56

so we might as well be . reduce the impedance mismatch :P

<@conan_kudo:matrix.org>

16:37:02

yeah

<@conan_kudo:matrix.org>

16:38:41

Davide Cavalca, what do you think?

<@davide:cavalca.name>

16:39:03

sorry got distracted by work, catching up

<@davide:cavalca.name>

16:40:06

I think this is generally reasonable, especially as we position Hyperscale as more of a product

<@davide:cavalca.name>

16:40:29

there's also some conversations on the promo side on getting better visibility for user-facing deliverables that sigs produce on centos.org

<@davide:cavalca.name>

16:40:36

as right now it's pretty confusing to find stuff

<@conan_kudo:matrix.org>

16:40:41

yeah

<@conan_kudo:matrix.org>

16:40:49

something we should aim to change with the c10s launch

<@salimma:fedora.im>

16:40:53

more technically - should we make this a separate repo like the GNOME one or should we just use the main HS repo

<@salimma:fedora.im>

16:41:03

separate repo will be more widely useful but more controversial potentially

<@salimma:fedora.im>

16:41:19

but could be a nice gateway drug^W^Wintroduction to Hyperscale

<@davide:cavalca.name>

16:41:27

wrt the secret mailing list -- if someone wants to take the lead and wrangle the politics involved to get us access be my guest

<@davide:cavalca.name>

16:41:58

I do think there's value especially for things like systemd and openssh, as we do need to get security updates for those quickly if a zero day comes out

<@conan_kudo:matrix.org>

16:42:04

we probably need to have hyperscale mailing lists now

<@salimma:fedora.im>

16:42:06

(it's not the first time we put things in Hyperscale because users are worried about unfixed CVEs, we did this already with slurm and pmix)

<@salimma:fedora.im>

16:42:34

yeah. do we just talk to Fabian to get a list? or does the centos board need to ack it first

<@conan_kudo:matrix.org>

16:42:43

just fabian

<@salimma:fedora.im>

16:42:47

for distro list, yeah I can try and get us access

<@conan_kudo:matrix.org>

16:42:50

the SIG already exists, we just never asked for lists

<@davide:cavalca.name>

16:42:52

yeah just file an infra ticket

<@davide:cavalca.name>

16:43:03

should be even easier now that lists runs on the new setup

<@salimma:fedora.im>

16:43:05

so does someone want to take action on getting our own lists?

<@conan_kudo:matrix.org>

16:43:06

yup

<@salimma:fedora.im>

16:43:15

#action Michel will try and get Hyperscale into the secret distros list

<@conan_kudo:matrix.org>

16:43:19

I can probably handle the request

<@conan_kudo:matrix.org>

16:43:24

for centos lists

<@salimma:fedora.im>

16:43:56

this seems all neatly tied in. if the distros people say "prove you're a real distro" and list missing things we can take that as feedback for the promo discussions

<@conan_kudo:matrix.org>

16:44:02

yup

<@conan_kudo:matrix.org>

16:44:45

I'm familiar with the criteria, and for the most part, we should be gravy

<@nhanlon:beeper.com>

16:45:06

You have my support, for whatever that's worth, and I'll give that publicly on your application

<@conan_kudo:matrix.org>

16:45:23

we are going to have to sort out privileged access code and mailing list locations

<@conan_kudo:matrix.org>

16:45:27

but that's not a new problem for us

<@nhanlon:beeper.com>

16:45:32

IMO more people with eyes on this stuff is better

<@salimma:fedora.im>

16:47:50

thank you!

<@salimma:fedora.im>

16:48:11

yeah... oh do we need to handle sharing access codes?

<@salimma:fedora.im>

16:48:21

are people OK with bitwarden or do people have other preferred solutions

<@conan_kudo:matrix.org>

16:48:28

I'm fine with Bitwarden

<@davide:cavalca.name>

16:48:40

we have a gitlab repo already for that

<@salimma:fedora.im>

16:48:42

IIRC with the normal bitwarden account everyone needs to be on a paid plan

<@salimma:fedora.im>

16:48:51

oh a private repo is probably better

<@conan_kudo:matrix.org>

16:49:07

what I was referring to was embargo'd development

<@salimma:fedora.im>

16:49:17

the other long term alternative is setting up Vaultwarden and hosting it. I know Alma is (because Jonathan is getting vaultwarden packages into fedora/epel)

<@conan_kudo:matrix.org>

16:49:18

we will need to use private git repos for that

<@salimma:fedora.im>

16:49:22

oh development. yeah gitlab then

<@davide:cavalca.name>

16:49:33

https://gitlab.com/centos-sig-hyperscale/secrets

<@davide:cavalca.name>

16:49:42

only downside is it's capped to 5 users

<@salimma:fedora.im>

16:49:49

so we just need to create more private repos

<@nhanlon:beeper.com>

16:49:58

lol

<@davide:cavalca.name>

16:50:11

holy hell gitlab is expensive

<@conan_kudo:matrix.org>

16:50:17

yeeeah

<@conan_kudo:matrix.org>

16:50:18

<@nhanlon:beeper.com>

16:50:19

YUP

<@salimma:fedora.im>

16:50:21

I think 5 person is fine. we will use one repo per project that needs fixing, and just give ACL to people working on it

<@conan_kudo:matrix.org>

16:50:27

I will set up a git server before we pay for gitlab

<@salimma:fedora.im>

16:50:31

heck we can use github private repos if we have to

<@davide:cavalca.name>

16:50:56

yeah I could probably cover this but it really seems like a waste of money

<@davide:cavalca.name>

16:52:21

but yeah in practice I think we'll make do with the 5 users here for now

<@conan_kudo:matrix.org>

16:52:34

if we need to, I can trivially set up a pagure instance with private repos

<@conan_kudo:matrix.org>

16:52:40

that's way cheaper

<@salimma:fedora.im>

16:52:58

I mean, we discussed this in the Fedora context and agreed even without private repos this is still better than nothing

<@salimma:fedora.im>

16:53:23

just get one person to do the work in private and maybe do code review over Matrix private rooms

<@conan_kudo:matrix.org>

16:53:30

yup, and again this only really going to be an issue when we need to stage or develop embargoed patches

<@salimma:fedora.im>

16:53:54

in practice we normally do package releases independently anyway (though that's my annoyance too, we can't really do the Bodhi flow or anything similar right now)

<@conan_kudo:matrix.org>

16:55:58

well, we lack testing infra for centos sigs

<@conan_kudo:matrix.org>

16:56:08

that's really what makes that flow work

<@salimma:fedora.im>

16:57:23

yeah

<@salimma:fedora.im>

16:57:37

I don't mind using either the Fedora/EPEL flow or the cXs flow. but we need something

<@salimma:fedora.im>

16:57:52

right now we're at RPM Fusion level ;)

<@conan_kudo:matrix.org>

16:57:53

I did chat with bookwar about this at the openSUSE Conference

<@conan_kudo:matrix.org>

16:58:11

it is something she's interested in helping us with as part of #centos-integration:fedora.im work

<@davide:cavalca.name>

16:58:16

we're almost out of time

<@salimma:fedora.im>

16:58:17

sweet

<@salimma:fedora.im>

17:00:47

any last minute issue?

<@salimma:fedora.im>

17:00:50

I guess we're out of time now

<@davide:cavalca.name>

17:01:00

yup, thanks everyone!

<@davide:cavalca.name>

17:01:02

!endmeeting