Attendees 
- @dduportal (Damien Duportal)
- @smerle33 (Stéphane Merle)
- @jayfranco999 (Jay Reddy)
Announcements 
- Weekly 2.464 (25 June 2024)
- Mirror sync failed due to OSUOSL slowness (as usual: 90% of the builds)
- Weekly 2.465 (02 July 2024)
- Started on time, let’s watch it
- Changelog might be late (due to both Mark and Kevin off)
- Jenkins Security Advisory (plugins only) last week - Jenkins Security Advisory 2024-06-26
- CVE-2024-6387 (OpenSSH)
- CVE - CVE-2024-6387
- https://ubuntu.com/security/CVE-2024-6387
- We have to check our SSH restrictions on VMs
- Mirrors for Russia, Romania and East-Europe
- Thanks Yandex (blog post again? Other? => raise this question again next week)
- Thanks Hostico (confirmed they are good with it)
- East Europe traffic on get.jio is now back to Aachen U. or Belnet
Upcoming Calendar 
- Next Weekly: 2.466 (09 July 2024)
- Next LTS: 2.452.3, on July 10th, 2024 (next week, Wednesday)
- This LTS still uses Maven 3.8.x and JDK11 as expected (Docker jenkinsciinfra/packaging 4.x line)
- Let’s watch the Controller Docker image build with JDK11 (should be good but better to check)
- Next Security Release as per jenkinsci-advisories: N.A.
- Upcoming credentials expirations (~3 weeks):
- 16/17 July:
- Terraform States Azure SP (for Terraform backends and also Azure project Terraform technical users)
- Let’s Encrypt Azure SPs for trusted.ci and cert.ci (used for the certificate renewal DNS challenges)
- 16/17 July:
Cloud Budgets
- Azure (CDF paid)
- April: $4,550 (invoice)
- May: $4,339 (invoice)
- June: $4,287 (estimated, $4187 of billing + $100 support)
- July (current): $171 consumed (Forecast at ~4.1k but only 2 days so not trustable yet)
- Azure Sponsorship (Microsoft Credits)
- April: $2k
- May: $5k consumed
- June: $7.3k consumed
- July (current): $321 consumed (Forecast at ~6k but only 2 days so not trustable yet)
- DigitalOcean
- April: $840
- May: $648
- June: $165.32
- July (current): $10 consumed (Forecast at $150 but only 2 days so not trustable yet)
- AWS:
- CloudBees:
- April: $9,782
- May: $8,281
- June: $5,862
- July (current): $298 consumed (Forecast at $6k but only 2 days so not trustable yet)
- Sponsored account
- Global Status:
- Credits left: $60,000 until 31 January 2025
- Untouched
- Global Status:
- CloudBees:
Notes 
Previous milestone (as 25 June’s weekly meeting was cancelled)
-
Done:
- Plugin manager inside Jenkins does not show latest platformlabeler release
- [get.jenkins.io] provide a mirror for Jenkins Russian users
- New mirror in India
- [contribution stats] publication of honored contributor fails
- Compilation of
jenkins-contribution-*GO applications does not publish CodeCoverage report - Release of
jenkins-contribution-*GO applications fail: homebrew token not found - Move the jenkins-stats repositories to the jenkins-infra organization
- Cannot publish my plugin anymore
- [reports.jenkins.io][infrastructure data API] Add outbound IPs for get.jenkins.io
- Streamline Maven versions across the infrastructure
- Add a new private kubernetes cluster in the new sponsored azure subscription
Current milestone
-
Done:
- ci.jenkins.io reports HTTP 502 for many jobs
- Tracked to an issue with Docker 27.0.2, with network causing high CPU load.
- Upgraded Docker, restarts and it is now fixed
- Improvement: we should have alerts when so much high CPU for so long on controllers
- Failing to find jenkins.war in repo.azure.jenkins.io
- Fixed thanks to @basil !
- Wasn’t ACP related
- Block some issue spammers
- Cloudflare API tokens expires the 2nd July 2024
- [infra.ci.jenkins.io] Service Principal used to spawn Azure agents expires on 2024-06-30
- Store jenkins-infra/infra-statistics data in a public location
- Bump Maven to 3.9.8
- Ensure website file share credentials are using the client password and not the service principal password
- [get.jenkins.io] provide a mirror for Jenkins Russian users
- New mirror in India
- ACP timing out
- ci.jenkins.io reports HTTP 502 for many jobs
-
- Upgrade to Kubernetes 1.28
- publick8s planned for Thursday 4 July
- [INFRA-3100] Migrate updates.jenkins.io to another Cloud
- We need to update rotated credentials in trusted.ci.jenkins.io (with the ZIP secrets method)
- If it goes well, we’ll merge the PR by ourselfs (jenkins-infra) due to JenSec being busy
- Getting logs from plugin-health.jenkins.io
- Adrien responded to Stéphane, he was unable to decrypt logs. We need to send him again logs.
- As Adrien is on PTO and we have users reporting no health score updates since the past 2 months, we need to investigate without Adrien
- Then we’ll need to find a way to monitor the “last updated time” to be alerted earlier
- [trusted.ci,cert.ci] Let’s Encrypt Azure Credential expires the 16/17 July 2024
- Let’s start working on it (we have automation with documented PRs)
- Planning for Friday (or earlier)
- To host stats.jenkins.io GSoC 2024 project in jenkins-infra
- Last blocker fixed
- Putting on hold until Hervé is back with time allocated to this
- migrate storage from premium to standard for jenkins-infra, jenkins-weekly and jenkins-release
- Done: weekly.ci storage migrated
- Uses Standard SSD (less expensive than Premium) ZRS (can move AZs) fully managed by Terraform (both disk and Kubernetes PV/PVC)
- Next steps:
- Cleanup unused resources (24h waiting before doing it)
- release.ci.jenkins (PR ready)
- infra.ci.jenkins.io (todo)
- Runbook for data migration (usefull for upcoming arm64 LDAP/Keycloak migrations)
- Done: weekly.ci storage migrated
- Add JDK21 agents (build)
- Goal: provide JDK21 on all of our build systems (missing trusted.ci and cert.ci for VMs)
- Jay working on preparing this task
- Upgrade to Kubernetes 1.28
-
ToDo (next milestone) (infra-team-sync-2024-07-09 Milestone · GitHub)