Ok, welcome back to the second session
of the day.

It's going to be Alexander Wirt talking
about salsa.debian.org.

[Applause]

Thank you, good morning.

I usually don't give talks in english,
so please be nice to me.

However, I'm here.

I want to talk today about our journey
for Alioth

which is still running, but not for long
anymore,

to our new service, salsa.

I want to get a little bit into the history
of old things

and what we have already achieved,
what we still need to achieve

and what are our plans for the future.

Let's start with the basic things,
who am I.

I am the guy who rejects the mails
on lists.debian.org,

I am a listmaster.

I am the guy that rejects your backports.

I am the backports ftp master.

And I am the guy that will destroy
alioth.debian.org.

For the last ten years

[Applause]

I was an admin by accident of
alioth.debian.org.

This is another story I will tell you
in a few minutes.

Beside from that, I work as an OpenSource
consultant at credativ,

which is a small company in Germany
which is specialized in OpenSource,

we only do OpenSource consulting
in Germany.

We do what today is called DevOps,
we do every kind of consulting.

If you do something with OpenSource,
we are probably the ones you can talk with.

I am a father of two wonderful girls,

they're not here unfortunately,

but otherwise I wouldn't be able
to work.

And in my little bit spare time, I do
role playing games and Tabletop games.

In theory there should be a picture now.

There's a picture missing,
I don't know why,

which should tell "We need you".

A little bit of advertisement, if you
want to do OpenSource work in Germany,

paid,

and you need a job, please talk to me.

We are always looking for good people,
especially in C development,

kernel development, but also of course
consulting.

So please talk to me.

Some steps in history.

Some years ago, ???
2008, 2009,

I told the alioth channel

"Hey, if you need help, I can help with
system administration,

not the GForge stuff which is running
above,

but if you need help, tell me."

[Audience] Big mistake

Yeah.

One or two years went by,
and step by step

all alioth admins left.

We were alone in the channel.

And around that time, I detected

"Hey, I have sudo permissions
and I'm admin"

Somebody made me an admin.

So, I had to decide that I will be
the person that is the future alioth admin

and I stepped in.

So it was the beginning of our alioth
journey.

Then, in DebConf15, we had a long
'Birds of a Feather'

where we talked about several security
problems in collab-maint,

some of you are maybe not aware of it,

but since we use git at filesystem level
on alioth,

we are introducing a number of interesting
security problems

like if someone writes a hook, that hook
gets executed every time someone pushes.

So you have basically shell access.

And of course you execute it as
your own uid.

So, if some DM (Debian Maintainer) or even
not DM, nearly the whole world

has write access to collab-maint,

drops some hooks in,

it can make you execute code on Alioth
at your uid, which is a problem.

We did some things to solve that problem,
but the main problem remained.

So, along that time, we decided that we
would need a successor for git.debian.org.

At that point, we are talking about gitolite

which we evaluated at that time.

However, as ???

Two years went into the land and
nothing real happened,

we just played with it.

Then, May 2017, a thread comes up,
"Moving away from fusionforge".

What nobody was really aware of, is that
alioth is on a Wheezy machine

and Wheezy is ??? out of security
support end of the month.

So time was running up.

The thread was long as usual on
debian-devel and

we decided to do a few steps, like
evaluating things

and in June 2017, I did a survey about
our new alioth services.

It was clear at that point that I wouldn't
be able to maintain all the things

alioth had in the future

so we decided to just bring over
the important things.

What is important? For everyone,
everything else is important

so I decided to do a survey which was
pretty successful

with a few hundreds submissions.

Then, in…

Then we evaluated… "we" as probably "me",

evaluated a few solutions, named pagure,
which is the git solution Fedora is using,

which is a Python thing based on gitolite,

gitlab, which is the biggest Github
competitor

gogs/gitea, which is some golang-based
small git service.

pagure turned out to be not stable enough
for our needs

and we would have to do to much coding
inside pagure to use it in our infrastructure

because pagure is very strongly ???
with the Fedora infrastructure,

specially its user authentication and
user management stuff.

Gitlab had an other problem called
"opencore" and

"contributor license agreement"
which means

I and others were not very happy with
contributing code to Gitlab

which is something that will always
happen if you maintain such a service.

And gogs and gitea is nice but it's small

It will not be able to manage 10,000s
of repositories.

Next step happened in August 2017 when
we had a sprint here in Hamburg

at the hackerlab CCC on the other side
of the building,

where we talked about it.

After long discussions, we decided to go
with Gitlab

because Gitlab, at that point, was
the best solution that was already ready.

We didn't have to adapt too much, we don't
need to patch it

which turned out it isn't true, but it's
an other problem

It had features like continuous integration
ready,

it had features like code review ready,
wiki pretty good working

and ??? very scalable
in all directions

Every component is scalable which is
good for us.

This is a TODO point, I wanted to add
an image about the restaurant

where we decided on the name "salsa".

Somebody of you may ask yourself where
the name is coming from.

There's a small mexican restaurant
a few hundred meters from here

where you can get great burritos and
they have a painting at the back

with the term "salsa" written

and we were deciding on a name which
just not describes the type of service on it

so we wanted…

Yes, it's also a sauce. So salsa had sauce.

I wanted to call it Klaus, but we decided
against it so somebody came up

in the restaurant with the name "salsa"
and so it's called salsa.

In the meanwhile, we talked a lot with
the Gitlab people

which were very kind and helped us
with our problems.

We also talked with them about the CLA
problem and after some discussions,

the lawyer of SPI was also involved,

we made them to remove the CLA
and replace it with something better.

Contributing patches to Gitlab is now
much easier and better

which is something we are very proud of

[Applause]

And between November and the 25th of
December, we implemented salsa two times

First time on ???.debian.net where we had
root but

after more discussions we decided having
this maintained at a (debian).org box

would be better, which made us
??? ansible stuff

and develop a ??? to be able to install
gitlab as a non-privileged user

but we did that.

In Christmas, he was able to release
salsa into public beta.

Things went well, which allowed, at the
end of January, salsa to leave the beta

Since then it's official, our official
git successor.

What will happen in the future?

Oh no, this is already past.

On May, we disable user and project
creation on alioth.

Still in May, we disabled the not so much
used version control systems,

bazaar, mercurial and darcs

On Thursday (May 17th 2018), I disabled
projects web sites.

And this is future, at the end the month,

all other remaining version control systems
on alioth will get disabled.

So if you have anything running on alioth,
still running on alioth,

cron jobs are also disabled so
you don't have cron jobs enabled anymore

Be it whatever you think of, remove it.

1st of June, alioth will be off, you won't
be able to get any data anymore

from alioth.

You can get the ??? via DSA to get
subsequent backups, that's up to you

but I don't recommend it and they won't
like it.

Yeah

In June, alioth will come to an end.

It served us well for 10, 15 years, but
its time is over.

Some numbers.
Where are we now?

Yesterday (May 18th 2018), we had
23,700 repositories on gitlab,

3200 users, 400 groups, which sums up
around 90GB on disk, which is nice.

For a service running for more or less
6 months, it's a pretty nice number.

What are our future plans.

??? Docker registry, by now
you can use external registries

which is working

You can the gitlab registry for
Docker images

but it will be nicer to have our own
registry.

That is pretty high on my todo list, after
alioth is gone.

We want more runners, so you are able to
sponsor runners, if you have machines or

some money you want to spend on runners,
please tell us.

What are runners? Runners are the things
that are used by Gitlab CI to build code

or test code, or do things.

You can use it to build your packages,
you can use it to autopkgtest you packages

you can use it to build websites or
whatever you like.

It's pretty useful and I think using CI more
will be a big step forward for Debian.

We should really get more into it.

There are already some projects like
the reproducible builds, the debci guys

that are working on such stuff

and now we have the infrastructure that
every DD, every developer or package maintainer

can use it.

There's also an other feature called

"devops" which is based on kubernetes
which allows you to even

deploy and test things properly.

So if you have package which implements
a web service, you can even run

??? kubernetes part which runs
a web server,

you can test it, you can even record it,
do QA test and so on

all based on this devops feature which
would also be a nice thing.

By now, we don't have a kubernetes instance
we can use for it,

so if you have a spare kubernetes instance
you want to offer Debian,

please talk to us.