2024-04-23T16:00:00Z
Attending:
- Mark Waite
- Damien Duportal
- Kenneth Salerno
- Kevin Martens
Agenda:
- Container image updates for the Jenkins controller
- Install Java from Eclipse Temurin tar.gz, not Eclipse Temurin container
- Use updatecli to manage Java versions for Linux and Windows
- Use shell script to check Java version availability with Eclipse Temurin API
- Java 21.0.3 is available for all our supported containers
- Java 17.0.11 is available for all our supported containers
- Java 11.0.23 is not available for all our supported containers
- Alpine build of Java 11.0.23 is not yet available
- Thanks to Bruno Verachten and Herve Le Meur for their container work
- Need to add to the changelog that we are providing a jlink JDK for Windows
- Windows JDK now uses jlink to reduce size
- Mark add that note to the controller image changelog (done)
- Container image updates for Jenkins agents
- Need the same types of changes as the controller
- Controller images have two very nice shell scripts that do lots of work
- Simplify integration with those scripts
- Use the Temurin API to identify and download the JDK releases
- Proceed with similar path on the agent containers
- Proposed to continue forward, eventually remove duplication from images
- DockerHub keeps sending HTTP/429 errors. It failed the deployment of the Windows images but Linux is ok.
- Failures during deploy of agents (rate limits through their abuse defense)
- We were building many platforms very rapidly in parallel on a single private subnet
- Peaked at 2200 requests per minute from a single IP address
- Spread our outbound requests across multiple IP addresses
- Using 3 IP addresses instead of 1 IP address on trusted.ci
- Replaced Eclipse Temurin base image with Eclipse Temurin installer
- Avoids many layers of download, decrease layer download by ⅓
- Reduced our requests per minute
- Action items are done, issue is solved for infrastructure, left to Platform SIG to complete the container image improvements
- Using Temurin binaries and not Temurin Docker images is done for controller
- Confirmed working in Jenkins 2.455 23 Apr 2024
- Failures during deploy of agents (rate limits through their abuse defense)
- Docker-based quickstart tutorials
- The tutorials ceased to work when docker compose reached version 2.4.27
- Back to working on the main Jenkins installation thanks to docker.
- Work in progress on images:
- Controller:
- Docker-agent: PRs are work in progress:
- Switch from Windows Temurin container to Temurin binary - PR-787
- Bruno’s simplified process for controller would help here
- Draft PR’s
- Switch from Windows Temurin container to Temurin binary - PR-787
- Docker-ssh-agent:
- Bump OpenSSH version to v9.5.0.0p1-Beta
- Still fails for several images, we have to investigate
- Bump OpenSSH version to v9.5.0.0p1-Beta
- Java 21 support - 2+2+2 Java Support Plan
- Jenkins enhancement proposal by Mark Waite submitted and being reviewed
- Needs more details before it is merged
- The Spring project made an end of life announcement - JENKINS-68698
- The last public build of Spring security framework 5.8.x is August 2024
- Spring security 6.x requires Jetty 11 with Jakarta EE 9 (jakarta.servlet), not Jetty 10 with Jakarta EE 8 (javax.servlet)
- August 31, 2024 date seems likely to stick
- The last public build of Spring framework 5.3.x is August 2024
- Spring framework 6.1 and later require Java 17
- Alternatives:
- Accept that if there is a security vulnerability reported in Spring security 5.8.x between August 2024 and the end Oct 2024, we may need to fork Spring Security and fix it ourselves
- Mark to start discussions in the mailing list to find alternatives
- The last public build of Spring security framework 5.8.x is August 2024
- Jenkins enhancement proposal by Mark Waite submitted and being reviewed