Infrastructure Team Meeting - Apr 12, 2022

Attendees

• @dduportal (Damien Duportal)
• @MarkEWaite (Mark Waite)
• Gaurav Thosani

Announcements

1. DigitalOcean Suspicious Activity (more to come later, no harm done)
   • Public communication later this week based on audit results
2. Weekly 2.343
   • Docker image confirmed visible, changelog visible
   • Need to run the release checklist
3. Security advisory today: Jenkins Security Advisory 2022-04-12
   • 14 plugins in the advisory, ci.jenkins.io and other instances are up to date
4. Slowness on updates.jenkins.io
   • Detailed issue report needed on helpdesk
   • Damien and Mark receive notice on Pagerduty, Apache restart on unusual timeout
   • Will sunset the deprecated mirror system that was http only
     • Will redirect all mirror requests to https mirrors
     • Blog post and email notification will be provided

Notes

• Done (infra-team-sync-2022-04-12 Milestone · GitHub)

  • recover account
  • Missing/Incorrect headers
  • Kubernetes Ingresses: Bump Nginx Chart to 4.0.18 + Cert-manager chart to 1.8.0 cert-manager
  • Update services to latest LTS version (2.332.2) cert.ci.jenkins.io, ci.jenkins.io, release.ci.jenkins.io and trusted.ci.jenkins.io
  • Archive parallel-test-executor-plugin-sample
  • Repository Permissions Updater not syncing logged in user from Artifactory accounts artifactory
  • Request access to Jenkins project VPN vpn
  • weekly.ci.jenkins.io
  • Archive old analysis plugins github imported-jira-issue jira-component:github
  • Deprecated Evergreen Infrastructure
  • Unable to publish Docker images (insufficient_scope: authorization failed)
  • [plugin-site-issues]Docker image is autotagged while it should not

• Work in Progress (infra-team-sync-2022-04-12 Milestone · GitHub)

  • [plugin-site-issues] production not bumped to v0.2.0
  • Migrate infra-report from trusted.ci to infra.ci
    • Done: Opened PR friday, broke RPU and caused mayhem, closed PR, reopened PR with changes
    • Todo: check new PR full result + need help to check the integrity of reports
    • Reopened the pull request, creating separated non-empty reports
      • Will need help with repository permission updater
      • Will attempt another merge of the pull request in the future
      • Job continues running on trusted.ci, if infra.ci is broken, we stop infra.ci publishing
  • Migrating rating.jenkins.io
    • Done: ingress. WiP on DB migration
  • Apply to Docker Open Source Program
    • Done: cleanup of the DockerHub accounts
    • WiP:
      • Doc: https://github.com/jenkins-infra/runbooks/pull/47
      • Add credentials to the vaults (Damien & Stephane)
  • Add a email alias for press
    • Done: created request for LF to host + contacted mailgun
    • Todo: waiting for feedback from both
  • GC AWS Old Images (from packer)
    • Done: dev GC + describing cleanup rules for staging + prod
    • Todo: staging GC
  • Delayed:
    • Kubernetes 1.21
      • Work starting for next milestone: @smerle & @lemeurherve
    • Artifactory Proxy Caching
      • Work starting for next milestone: @dduportal
      • One instance per cloud, watch the behavior within each cloud provider
      • A “nexus client” is making many requests to the Jenkins artifactory repository
        • Not clear on the source, needs more investigation
      • Recent slowness may be due to requests from that “nexus client”
    • DockerHub credential for vm agents
    • Infracost

• New/Importants infra-team-sync-next

  • Delayed until all team members are back.

• ToDo (next milestone) (infra-team-sync-2022-04-19 Milestone · GitHub)

  • All the WiP tasks