#6183 [RFR] Freshmaker VMs
Closed: Fixed 3 years ago Opened 4 years ago by sochotni.

This is a request for resources for new Factory 2 service: Freshmaker

Focus doc for ODCS for more background information:
Sources: https://pagure.io/freshmaker

Requested 3 VMs: dev, stg and prod
- 2 vCPUs
- 4GB ram for stg/prod, dev can be 2G
- 20 GB HDD

Requested setup details:
* We'll need a long-lived ipsilon session to talk to MBS for module builds
* We'll need a long-lived ipsilon session to talk to ODCS (see #6182) to generate composes
* We'll need some setup with pagure on dist-git to commit to module yaml files.
* We'll need a krb service principal keytab to submit container builds to koji

@ralph will be the infra sponsor I believe

See #6166 for the security audit.

Can I get a :+1: from another sysadmin to go ahead and start provisioning these VMs even though we don't have feedback on the security audit yet?

Metadata Update from @pingou:
- Issue tagged with: security

4 years ago

Metadata Update from @ralph:
- Issue untagged with: security
- Issue tagged with: request-for-resources

4 years ago

Metadata Update from @ralph:
- Issue tagged with: security

4 years ago

OK - I created stg nodes and I claimed IPs for the prod node, although they're commented out in the ansible inventory so they won't be created.

Please note that an SOP is required between development and staging.
Could we please get an SOP committed to https://pagure.io/infra-docs?

Phase I

  • Software: Freshmaker
  • Advantage for Fedora: Automatically rebuild compound artifacts. Modules introduce a potentially higher overhead for packagers. If you patch a specfile, you have to submit a build of all modules that include that specfile. After building rpms (or modules), you have to rebuild all containers including those rpms (or modules). Freshmaker automates this.
  • Sponsor: @ralph

Phase II

Phase III

Phase IV

Metadata Update from @ralph:
- Issue tagged with: freshmaker

4 years ago

OK, the audit is passed, and the VMs should be in place. @qwan, can you take on the ansible role? Sync with @jkaluza - we should have a card for it in jira, too.

@ralph, sure, and we already have a card in jira assigned to me.

So, initial dumb (without any handlers/parsers) Freshmaker on staging is deployed, but it seems haproxy is not configured to forward data to its frontend, so https://freshmaker.stg.fedoraproject.org/api/1/events does not work.

@ralph: Can you configure it somehow? It would also helped a lot to get us sudo on backend(s) to do "journalctl -f -u fedmsg".

Stg is answering haproxy for me now. :)

Looks like prod is in place now too? What else is left to complete this RFR?

Metadata Update from @kevin:
- Issue priority set to: Waiting on Reporter

4 years ago

I think this is done as far as I can tell, so I am going to close it.

If there's anything anyone can see missing, please finish it up asap or let me know...


Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.