16:01:25 <mkonecny> #startmeeting Infrastructure (2022-05-12) 16:01:26 <zodbot> Meeting started Thu May 12 16:01:25 2022 UTC. 16:01:26 <zodbot> This meeting is logged and archived in a public location. 16:01:26 <zodbot> The chair is mkonecny. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions. 16:01:26 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:01:26 <zodbot> The meeting name has been set to 'infrastructure_(2022-05-12)' 16:01:26 <mkonecny> #meetingname infrastructure 16:01:26 <zodbot> The meeting name has been set to 'infrastructure' 16:01:26 <mkonecny> #chair nirik siddharthvipul mobrien zlopez bodanel dtometzki jnsamyak computerkid 16:01:26 <mkonecny> #info Agenda is at: https://board.net/p/fedora-infra 16:01:26 <mkonecny> #info About our team: https://docs.fedoraproject.org/en-US/cpe/ 16:01:26 <zodbot> Current chairs: bodanel computerkid dtometzki jnsamyak mkonecny mobrien nirik siddharthvipul zlopez 16:01:26 <mkonecny> #info Fedora Infra documentation: https://docs.fedoraproject.org/en-US/infra 16:01:27 <mkonecny> #topic greetings! 16:01:27 <mkonecny> Hi everyone 16:01:32 <mobrien> .hi 16:01:32 <nirik> morning everyone. 16:01:33 <zodbot> mobrien: mobrien 'Mark O'Brien' <markobri@redhat.com> 16:01:35 <mkonecny> .hello zlopez 16:01:37 <zodbot> mkonecny: zlopez 'Michal Konecny' <michal.konecny@psmail.xyz> 16:01:39 <bittin> .hello bittin 16:01:40 <zodbot> bittin: bittin 'Luna Jernberg' <droidbittin@gmail.com> 16:02:20 <darknao> .hi 16:02:21 <zodbot> darknao: darknao 'Francois Andrieu' <darknao@drkn.ninja> 16:03:30 <mkonecny> It seems that we have plenty of people here today :-) 16:03:41 <mkonecny> Let's see if there is anyone new 16:03:45 <mkonecny> #topic New folks introductions 16:03:45 <mkonecny> #info This is a place where people who are interested in Fedora Infrastructure can introduce themselves 16:03:45 <mkonecny> #info Getting Started Guide: https://fedoraproject.org/wiki/Infrastructure/GettingStarted 16:04:05 <nirik> Fedora 36 is new... :) 16:04:08 <mkonecny> Don't be shy :-) 16:04:26 <mkonecny> Welcome Fedora 36 :-D 16:04:31 <bittin> guess i am pretty new, don't really attend the Infra meetings that much but had some spare time 16:04:48 <nirik> welcome bittin! 16:04:52 <bittin> also yay F36, first updates for F36 just dropped and release party online from tommorow: https://hopin.com/events/fedora-linux-36-release-party 16:05:29 <phsmoura> welcome bittin 16:05:33 <mkonecny> welcome bittin 16:06:08 <mkonecny> It doesn't seem we have anybody else, who is new here 16:06:16 <mkonecny> So let's go to the next item on our list 16:06:31 <mkonecny> #topic Next chair 16:06:31 <mkonecny> #info magic eight ball says: 16:06:34 <mkonecny> #info chair 2022-05-12 - zlopez 16:06:34 <mkonecny> #info chair 2022-05-19 - nirik 16:06:34 <mkonecny> #info chair 2022-05-26 - ? 16:06:52 <mkonecny> Anybody wants to chair 2022-05-26? 16:07:42 <mobrien> I can do that day 16:08:22 <mkonecny> Sold! 16:08:32 <mkonecny> #info chair 2022-05-26 - mobrien 16:08:56 <mkonecny> And now let's see what is there to announce 16:09:00 <eddiejennings> .hi 16:09:01 <zodbot> eddiejennings: eddiejennings 'Eddie Jennings' <eddie@eddiejennings.net> 16:09:03 <mkonecny> #topic announcements and information 16:09:03 <mkonecny> #info CPE Infra&Releng EU-hours team has a Monday through Thursday 30 minute meeting going through tickets at 1030 Europe/paris in #centos-meeting 16:09:03 <mkonecny> #info CPE Infra&Releng NA-hours team has a Monday through Thursday 30 minute meeting going through tickets at 1800 UTC in #fedora-meeting-3 16:09:09 <mkonecny> #info If your team wants support from the Fedora Program Management Team, file an isssue: https://pagure.io/fedora-pgm/pgm_team/issues?template=support_request 16:09:09 <mkonecny> #info thread on fedoraplanet on infrastructure list, chime in if you have thoughts on it 16:09:09 <mkonecny> #info please help us with improving contribution to fedora infra 16:09:19 <mkonecny> https://discussion.fedoraproject.org/t/improving-contribution-to-fedora-infrastructure/38294/8 16:09:19 <mkonecny> #info oncall should also handling #fedora-releng pings if possible 16:09:19 <mkonecny> #info Fedora 36 released! get it now! https://getfedora.org/ 16:09:54 <mobrien> I have a semi announcement 16:10:10 <nirik> I have a potential announcement, but needs a bit of discussion first. ;) 16:10:23 <mobrien> Where possible try to use the oncall rather than pinging people directly 16:10:46 <mkonecny> Also you can ask on the standups 16:11:01 <nirik> +1 16:12:02 <mobrien> We encourage anyone to join our standups and ask questions 16:12:57 <mkonecny> You can even talk to us on jitsi on Monday and Thursday EU meeting :-) 16:14:12 <mkonecny> Any other announcement? 16:14:29 <nirik> so, I was thinking we should perhaps do a mass update/reboot next week... 16:14:36 <nirik> mobrien: what do you think? next wed? 16:14:49 <nirik> since rhel8.6 came out... 16:15:13 <mkonecny> nirik: It's already in our plan :-) 16:15:18 <mobrien> Yep 16:15:24 <mobrien> I'm game 16:15:34 <bittin> so the infra is running rhel and not fedora?, just curious 16:15:48 <mobrien> bittin: We use both 16:16:06 <bittin> i see so F36 and rhel 8.6 mass updates 16:16:07 <nirik> yeah, depends on the need... 16:16:17 <nirik> we do have many more fedora instances than rhel 16:16:30 <bittin> ah i see. was just curious 16:16:35 <nirik> also, I need to generate a list of Fedora-34 things... so we can move them up. 16:17:27 <mobrien> We wouldn't automatically move everything up to F36 as there maybe some legacy dependancies on some servers 16:18:05 <mobrien> But we try to keep as up to date as we can 16:18:56 <mkonecny> Let's continue with oncall 16:18:57 <mkonecny> #topic Oncall 16:18:57 <mkonecny> #info https://fedoraproject.org/wiki/Infrastructure/Oncall 16:18:57 <mkonecny> #info https://docs.fedoraproject.org/en-US/cpe/day_to_day_fedora/ 16:18:57 <mkonecny> ## .oncalltakeeu .oncalltakeus 16:19:03 <mkonecny> #info mobrien on call from 2022-05-06 to 2022-05-12 16:19:03 <mkonecny> #info mkonecny on call from 2022-05-13 to 2022-05-19 16:19:03 <mkonecny> #info ??? on call from 2022-05-20 to 2022-05-26 16:19:23 <nirik[m]> Here's the distribution for anyone who cares: 285 35... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/f2970d4a55b492adfb9598edad350eea81d940b7) 16:19:27 <mkonecny> So we still have free oncall slot for taking from 2022-05-20 to 2022-05-26 16:19:27 <eddiejennings> I can be on-call for 2022-05-20 16:19:51 <mkonecny> Who wants to take it? 16:19:57 <bittin> nirik[m], neat thx 16:20:05 <eddiejennings> mkonecny, I'll take it 16:21:07 <darknao> and I can take the next slot 16:21:18 <mobrien> I think we have a small turnout today so short on volunteers 16:21:33 <mobrien> ha! I am wrong 16:21:44 <mkonecny> I will give it to you 16:22:01 <mkonecny> #info eddiejennings on call from 2022-05-20 to 2022-05-26 16:22:19 <eddiejennings> :D 16:22:28 <mkonecny> #info darknao on call from 2022-05-27 to 2022-06-02 16:23:30 <mkonecny> Ok, we are pretty ready for the oncall in following weeks 16:23:40 <mkonecny> .oncalltakeeu 16:23:40 <zodbot> mkonecny: Kneel before zod! 16:23:53 <mkonecny> #info Summary of last week: (from current oncall ) 16:24:13 <mkonecny> mobrien: Any ping? 16:24:34 <mobrien> I actually took this late as I wasn't here for the meeting last week and didn't realise, sorry nirik 16:24:38 <mobrien> I had 2 pings 16:24:53 <mobrien> One was zodbot acting up so I restarted it. 16:25:12 <mobrien> The other was a wiki issue that I asked them to take a ticket about 16:25:28 <mobrien> s/take/create 16:26:38 <mkonecny> Ok, thanks mobrien 16:26:44 <mkonecny> #topic Monitoring discussion [nirik] 16:26:44 <mkonecny> #info https://nagios.fedoraproject.org/nagios 16:26:44 <mkonecny> #info Go over existing out items and fix 16:27:24 <nirik> so, nothing really changed here 16:27:43 <nirik> we continue to get badges and resultsdb alerts anoyingly 16:27:56 <mobrien> I will do that ocp cert tomorrow now that freeze is over 16:28:22 <nirik> was just about to mention that one. ;) 16:28:43 <nirik> also, in other news... I got that zabbix staging instance we setup a long time ago working. 16:28:44 <mobrien> 🙂 16:28:51 <nirik> It's currently only monitoring... itself... 16:28:52 <mobrien> Nice one! 16:29:09 <nirik> but I thought I would add the client to all stg and see what it looks like... 16:29:20 <mobrien> everything healthy I hope 16:30:00 <nirik> yeah, I also need to look at the centos configs for any ideas. 16:30:05 <mobrien> Is it local users for auth? 16:30:32 <nirik> oddly, the gssapi/kerberos auth I was trying to get working the other day, now works. 16:30:42 <nirik> You have to create a local user, but then you can auth via kerberos. 16:31:55 <mobrien> ah ok 16:33:01 <nirik> thats all on monitoring for now I think. 16:33:41 <mkonecny> Thanks nirik 16:33:57 <mkonecny> And we have a learning topic for today 16:34:02 <mkonecny> #topic Learning topic 16:34:03 <mkonecny> #info Intro to AWS and Terraform [mobrien] 2022-05-12 16:34:36 <mobrien> I actually forgot I was doing this till this morning so its a bit rough and ready but here goes 16:34:46 <mobrien> Terraform is a tool made by hashicorp. It is primarily used to deploy Infrastructure as code. 16:34:54 <mobrien> One of the key benefits of Terraform over something like AWS Cloudformation is that it is vendor agnostic. 16:35:11 <mobrien> This means you can deploy to multiple different cloud providers using terraform code. 16:35:17 <mobrien> Terraform is written declaritively which means that you just provide what infrastructure you want and don't have to worry about how the api works to create it. 16:35:56 <mobrien> Terraform uses HCL (Hashicorp Configuration Language) although json can be used. All the docs which are quite good are in HCL 16:36:29 <mobrien> Documentation can be found here https://www.terraform.io/language/syntax/configuration 16:37:00 <mobrien> Generally it based on blocks and argument definitions which I will show as we go. 16:37:12 <mobrien> There is a ton of examples here for aws: https://github.com/hashicorp/terraform-provider-aws/tree/main/examples 16:37:20 <mobrien> They also provide examples for other providers too which can be found on github. 16:37:50 <mobrien> It uses "providers" to define your target, these are plugins which you define depending on where or what you would like to build. 16:38:01 <mobrien> Aws or Azure for example are providers. A list of which you can see here: 16:38:13 <mobrien> https://registry.terraform.io/browse/providers 16:38:29 <mobrien> You will need to define a provider for terraform to understand your code. 16:38:39 <mobrien> An example of defining a provider: 16:38:52 <mobrien> provider "aws" {region = "us-east-1"} 16:39:01 <mobrien> I will be flattening any of the code block examples I use for ease of reading on irc 16:39:21 <mobrien> Generaaly that would be written something like : 16:39:31 <mobrien> provider "aws" { 16:39:44 <mobrien> region = "us-east-1" 16:39:47 <mobrien> } 16:40:55 <mobrien> The HCL language doesn't use "," to separate objects so newlines are important 16:41:07 <mobrien> These are a little awkward to show on irc however 16:41:29 <mobrien> Anyway I digress... 16:41:46 <mobrien> Resource blocks are the back bone of Terraform, they are somewhat like modules in Ansible 16:42:05 <mobrien> They are defined for each object and take variables needed to define the object. 16:42:18 <mobrien> For example creating a vpc in AWS is as simple as 16:42:28 <mobrien> resource "aws_vpc" "vpc_name" { cidr_block = "10.0.0.0/16" } 16:42:53 <mobrien> "resource" is a key word in terraform to say what you are defining, much like provider in the example above 16:43:11 <mobrien> "aws_vpc" is the resource type. These are defined by the provider plugin and specify the type of resource you wish to deploy. 16:43:24 <mobrien> Inside the braces is where the required vars are defined. 16:43:48 <mobrien> Variables are also defined in blocks (the clunkiest part of Terraform in my opinion) 16:43:59 <mobrien> It does however let you more tightly type the variable. An example: 16:44:03 <mobrien> variable "image_id" { type = string } 16:44:19 <mobrien> In this case "image_id" is the variable name. It is not required to pass any parameters to a variable. 16:44:32 <mobrien> Variables can then be used with the var keyword e.g. "var.image_id" would use the variable above. 16:45:16 <mobrien> I will pause there for a minute to give people a chance to read the wall of text and ask any questions on what I have so far before I go on 16:46:41 <nirik> so, I have one: 16:47:06 <nirik> where does one 'run' this? do you install run terraform on your local machine? or do you upload the scripts and it runs in the cloud side? 16:47:09 <mobrien> go for it 16:47:29 <mobrien> You install and run locally 16:48:06 <mobrien> You could set up something like what we have in the batcave for team use 16:48:09 <nirik> ok, cool. 16:48:25 <nirik> so it has some config to know how to talk to your provider? 16:48:29 <mobrien> It is important to keep track of the state of the infra but I will get to that later 16:49:25 <mobrien> So when you write the code you set a provider in the code and then before you run it it will install the required plugins to talk to that provider 16:49:48 * nirik nods 16:50:25 <mobrien> So terraform has a base package and then relies on "providers" which are plugins. They support a lot themselves and there are also community ones 16:51:23 <mobrien> One of the best things about terraform in my opinion is it tries to keep writing the code simple and abstracts a lot away from the user 16:51:49 <mobrien> Now let me move onto the next part 16:51:56 <mobrien> ll the files needed are appended with a ".tf" extension. 16:52:07 <mobrien> When you run a terraform command all the files in the folder with the .tf extension are combined as one and run. 16:52:17 <mobrien> It is up to the developer if they wish to modularise into different files or put everything in one. 16:52:51 <mobrien> Although it is recommended to group objects in files for easier development 16:53:39 <mobrien> As I alluded to earlier Terraform keeps its state in a local file terraform.state by default although this can be stored remotely. 16:54:15 <mobrien> This state file is used when attempting to apply your code for idempotency and bindings. 16:54:27 <mobrien> For exapmle if you just add a new resource to existing infra it will check the state file to know that it only needs to deploy that and not the whole file again. 16:54:38 <mobrien> Also if you wish to delete something with a dependancy it will stop you from doing so. 16:54:58 <mobrien> More info on that here: https://www.terraform.io/language/state 16:55:22 <mobrien> and here: https://www.terraform.io/language/state/purpose 16:55:57 <mobrien> It is integral to how terraform works so if you are thinking of using terraform I strongly advise you read those docs 16:56:22 <mobrien> Finally, running the code. 16:56:30 <mobrien> Terraform has an inbuilt cli: https://www.terraform.io/cli/commands 16:56:39 <mobrien> Some of the important commands: 16:56:46 <mobrien> terraform init 16:56:53 <mobrien> This needs to be run before you run any other commands as it will install and needed plugins 16:57:29 <mobrien> So nirik this is where terraform will pull the required plugins for the providers. it will then store them locally for future runs. 16:57:51 <mobrien> If you add new providers you will need to run this command again otherwise its a run once command 16:58:22 <mobrien> `terraform plan` 16:58:32 <mobrien> This shows an output of what will be created if you run your code 16:58:53 <mobrien> This is very useful to ensure what you are planning to run does exactly what you want. 16:59:08 <nirik> cool. So where would one want to use this over say a ansible playbook? where it's more complex or ? (I have another meeting in a few min, so may need to head out so thought I would toss this out) 17:00:18 <mobrien> The idea is that Terraform is better for infrastructure as code, it's generally simpler and ansible is better at provisioning machines. 17:00:18 <mkonecny> Ok, we are at the end of your time 17:00:30 <mobrien> They would be used in tandem ideally 17:00:49 <mobrien> Dang! 17:00:58 <mkonecny> It's interesting, but we need to end it 17:01:04 <davdunc[m> mobrien: is there still a requirement to maintain a state file? 17:01:17 <mobrien> The end of my talk was just about the cli 17:01:17 <mkonecny> You can continue with discussion outside the meeting 17:01:40 <mobrien> Its mostly whats in the docs anyway 17:01:40 <mkonecny> Thanks everybody for joining today 17:01:43 <mkonecny> #endmeeting