Attendees 
- @dduportal (Damien Duportal)
- @jayfranco999 (Jay Reddy)
- @MarkEWaite (Mark Waite)
- @smerle33 (Stéphane Merle)
- @kmartens27 (Kevin Martens)
Announcements 
- Jenkins Weekly Releases
- Last Week: 2.477 was successfully delivered
- This Week: 2.478 started on time (1h30 ago)
- Damien off from 30 Sep. until 14 Oct.
- Need handling (or cancelling) team meetings (2024-10-01 and 2024-10-08)
- 02 Oct. => need Stephane and Mark to handle the Core upgrade
- Mark start the meeting
- Stephane assemble the agenda, lead the meeting
- Jay off
- Jenkins Elections are in progress
- Nomination completed
- Voter registration begins (WiP by Mark)
- 6 board candidates, 2 candidates for release officer, other officers only have 1 candidate
Upcoming Calendar 
- Next Weekly: 2024-10-01 - 2.479
- Next LTS:
- 2024-10-02 - 2.462.3 - Kris Stern release lead
- 2024-10-30 - 2.477.1 - Mark Waite release lead
- Requires JDK17
- Uses Jetty 12
- Uses Spring Security 6
- Upcoming credentials expirations (~3 weeks):
- 2024-10-01: cloudflare API tokens - (private) https://github.com/jenkins-infra/terraform-states/pull/27
- 2024-10-06: Azure Principals used for Let’s Encrypt DNS challenges expires for cert.ci and trusted.ci
- [cert.ci.jenkins.io, trusted.ci.jenkins.io] Azure Principal used for Let's Encrypt DNS challenges expires on `2024-10-06` · Issue #4301 · jenkins-infra/helpdesk · GitHub
- Won’t expire the certificate
- Long term: we have to replace this credential by an Azure Identity
- 2024-10-07 / 2024-10-08: Terraform Backends Azure SP:
- Next major event:
- FOSDEM 2025 - Brussels - Feb 1-2, 2025
Cloud Budgets
-
Azure (CDF paid)
- June: $4,287 (invoice)
- July: $4,571 (invoice)
- August: $4,552 ($4,452 cost + $100 monthly support)
- September: $2980 consumed (Forecast at ~ $3.9k)
-
Azure Sponsorship (Microsoft Credits) - Remaining: $49166 ($50834 consumed) until May 2025
- June: $7.3k consumed
- July: $10k consumed
- August: $10.5k consumed
- September: $8268 (Forecast at ~10.3k)
- ci.jenkins.io
- Redis databases
-
DigitalOcean - Remaining $15,852.91 (~4k consumed) until 02 January 2025
- June: $165.32 (invoice)
- July: $176.01 (invoice)
- August $200.08 (invoice)
- September: $125 (Forecast at ~$160)
- Half is (outbound) bandwidth for archives.jio
-
AWS:
- CloudBees:
- June: $5,862
- July: $6.5k
- August: $6.3k
- September: $4812, forecast at ~6.2k
- Sponsored account
- Global Status:
- Credits left: $60,000 until 31 January 2025
- Untouched
- Global Status:
- CloudBees:
-
To open an issue describing the “cloud billing plans” for the upcomings 4 months
- Moving ci.jenkins.io out from Azure (credits) to AWS (to consume credits in AWS and allow Azure Credits to be spent until May)
- Controller is easy to move
- Agent VMs is easy (packer, then EC2 plugin) both Linux (Intel, ARM64) and Windows are supported
- Linux container agent is easy => EKS (includes internal ACP)
- !! Windows container agents: ACI → Kubernetes
- !! Docker Registry: does AWS ECR support mirroring mode
- Move CloudBees AW remaining VMs to DigitalOcean (to consume credits)
- Moving ci.jenkins.io out from Azure (credits) to AWS (to consume credits in AWS and allow Azure Credits to be spent until May)
Notes 
-
Done:
- VPN access for usage VM
- [infra.ci.jenkins.io] Azure SP (for VM Agents) credential rotation
- [trusted.ci.jenkins.io] Credential rotation of Azure Files for
updates.jenkins.io(bothcontentandredirectioncomponents) - [infra.ci.jenkins.io] Credential rotation for deployment of
contributors.jenkins.ioandstats.jenkins.io - Grant
jenkins-infra/securityteam commit access tojenkins-infra/release - Update permissions for the tinfoil-scan-plugin
- “404” pages on stats.jenkins.io served with
200 OKstatus code- Used custom location on Nginx to fix the problem. Static list for the “old” endpoints (server side endpoints) while dynamic list for new frontend paths (cliend side routes)
- [Updatecli/kubernetes-management] Improve the Maven manifest.
-
- infra-statistics has no new data since July 1st 2024
- KK now has VPN access
- Need to check with Andrew for the next data update from KK’s data
- [ci.jenkins.io] Ensure our build agents have enough entropy (
rngd,haveged, etc.)- ci.jenkins.io Azure VM agents (Linux) and containers (Linux) now have enough entropy
- Acknowledged by James Nord
- 2 agents left: Jay and Damien will work on this
- [GeoIP database][subtask] Add a
CronJobgeoip updater task for mirrorbits- Container + chart working locally for updating data locally
- PR applied to add Azure Credential to allow copying to the File Share with azcopy
- Next step: finish local end to end testing with new credentials
- Finally: PRs everywhere
- Gradle plugin uses a proprietary dependency
- Multiple requests for GSoC 2024 Plugin Modernizer Tool
- Adding GSoC project to jenkins-infra
- RPU GSoC project with terraform integration on infra’s backend
- [get.jenkins.io, azure.updates.jenkins.io] MaxMind GeoIP Rate Limit hit when redeploying/upgrading
mirrorbitschart - [infra.ci.jenkins.io] Builds stucks due to GH API rate limit
- Moving ti mid-October
- To host stats.jenkins.io GSoC 2024 project in jenkins-infra
- 404 solved
- Next step for closure:
- changing branch name
- fix azcopy deployment errors
- use new site for plugin-site generation again
- [INFRA-3100] Migrate updates.jenkins.io to another Cloud
- HTTP is ready!
- Minor config fixes in progress
- 4th brownout 26 → 27 Sept.
- Final migration (if no issues) proposed for 15 October
- infra-statistics has no new data since July 1st 2024
-
ToDo (next milestone) (infra-team-sync-2024-10-01 Milestone · GitHub)