salsa.debian.org state of affairs
-
Not SyncedOk, welcome back to the second session
of the day. -
Not SyncedIt's going to be Alexander Wirt talking
about salsa.debian.org. -
Not Synced[Applause]
-
Not SyncedThank you, good morning.
-
Not SyncedI usually don't give talks in english,
so please be nice to me. -
Not SyncedHowever, I'm here.
-
Not SyncedI want to talk today about our journey
for Alioth -
Not Syncedwhich is still running, but not for long
anymore, -
Not Syncedto our new service, salsa.
-
Not SyncedI want to get a little bit into the history
of old things -
Not Syncedand what we have already achieved,
what we still need to achieve -
Not Syncedand what are our plans for the future.
-
Not SyncedLet's start with the basic things,
who am I. -
Not SyncedI am the guy who rejects the mails
on lists.debian.org, -
Not SyncedI am a listmaster.
-
Not SyncedI am the guy that rejects your backports.
-
Not SyncedI am the backports ftp master.
-
Not SyncedAnd I am the guy that will destroy
alioth.debian.org. -
Not SyncedFor the last ten years
-
Not Synced[Applause]
-
Not SyncedI was an admin by accident of
alioth.debian.org. -
Not SyncedThis is another story I will tell you
in a few minutes. -
Not SyncedBeside from that, I work as an OpenSource
consultant at credativ, -
Not Syncedwhich is a small company in Germany
which is specialized in OpenSource, -
Not Syncedwe only do OpenSource consulting
in Germany. -
Not SyncedWe do what today is called DevOps,
we do every kind of consulting. -
Not SyncedIf you do something with OpenSource,
we are probably the ones you can talk with. -
Not SyncedI am a father of two wonderful girls,
-
Not Syncedthey're not here unfortunately,
-
Not Syncedbut otherwise I wouldn't be able
to work. -
Not SyncedAnd in my little bit spare time, I do
role playing games and Tabletop games. -
Not SyncedIn theory there should be a picture now.
-
Not SyncedThere's a picture missing,
I don't know why, -
Not Syncedwhich should tell "We need you".
-
Not SyncedA little bit of advertisement, if you
want to do OpenSource work in Germany, -
Not Syncedpaid,
-
Not Syncedand you need a job, please talk to me.
-
Not SyncedWe are always looking for good people,
especially in C development, -
Not Syncedkernel development, but also of course
consulting. -
Not SyncedSo please talk to me.
-
Not SyncedSome steps in history.
-
Not SyncedSome years ago, ???
2008, 2009, -
Not SyncedI told the alioth channel
-
Not Synced"Hey, if you need help, I can help with
system administration, -
Not Syncednot the GForge stuff which is running
above, -
Not Syncedbut if you need help, tell me."
-
Not Synced[Audience] Big mistake
-
Not SyncedYeah.
-
Not SyncedOne or two years went by,
and step by step -
Not Syncedall alioth admins left.
-
Not SyncedWe were alone in the channel.
-
Not SyncedAnd around that time, I detected
-
Not Synced"Hey, I have sudo permissions
and I'm admin" -
Not SyncedSomebody made me an admin.
-
Not SyncedSo, I had to decide that I will be
the person that is the future alioth admin -
Not Syncedand I stepped in.
-
Not SyncedSo it was the beginning of our alioth
journey. -
Not SyncedThen, in DebConf15, we had a long
'Birds of a Feather' -
Not Syncedwhere we talked about several security
problems in collab-maint, -
Not Syncedsome of you are maybe not aware of it,
-
Not Syncedbut since we use git at filesystem level
on alioth, -
Not Syncedwe are introducing a number of interesting
security problems -
Not Syncedlike if someone writes a hook, that hook
gets executed every time someone pushes. -
Not SyncedSo you have basically shell access.
-
Not SyncedAnd of course you execute it as
your own uid. -
Not SyncedSo, if some DM (Debian Maintainer) or even
not DM, nearly the whole world -
Not Syncedhas write access to collab-maint,
-
Not Synceddrops some hooks in,
-
Not Syncedit can make you execute code on Alioth
at your uid, which is a problem. -
Not SyncedWe did some things to solve that problem,
but the main problem remained. -
Not SyncedSo, along that time, we decided that we
would need a successor for git.debian.org. -
Not SyncedAt that point, we are talking about gitolite
-
Not Syncedwhich we evaluated at that time.
-
Not SyncedHowever, as ???
-
Not SyncedTwo years went into the land and
nothing real happened, -
Not Syncedwe just played with it.
-
Not SyncedThen, May 2017, a thread comes up,
"Moving away from fusionforge". -
Not SyncedWhat nobody was really aware of, is that
alioth is on a Wheezy machine -
Not Syncedand Wheezy is ??? out of security
support end of the month. -
Not SyncedSo time was running up.
-
Not SyncedThe thread was long as usual on
debian-devel and -
Not Syncedwe decided to do a few steps, like
evaluating things -
Not Syncedand in June 2017, I did a survey about
our new alioth services. -
Not SyncedIt was clear at that point that I wouldn't
be able to maintain all the things -
Not Syncedalioth had in the future
-
Not Syncedso we decided to just bring over
the important things. -
Not SyncedWhat is important? For everyone,
everything else is important -
Not Syncedso I decided to do a survey which was
pretty successful -
Not Syncedwith a few hundreds submissions.
-
Not SyncedThen, in…
-
Not SyncedThen we evaluated… "we" as probably "me",
-
Not Syncedevaluated a few solutions, named pagure,
which is the git solution Fedora is using, -
Not Syncedwhich is a Python thing based on gitolite,
-
Not Syncedgitlab, which is the biggest Github
competitor -
Not Syncedgogs/gitea, which is some golang-based
small git service. -
Not Syncedpagure turned out to be not stable enough
for our needs -
Not Syncedand we would have to do to much coding
inside pagure to use it in our infrastructure -
Not Syncedbecause pagure is very strongly ???
with the Fedora infrastructure, -
Not Syncedspecially its user authentication and
user management stuff. -
Not SyncedGitlab had an other problem called
"opencore" and -
Not Synced"contributor license agreement"
which means -
Not SyncedI and others were not very happy with
contributing code to Gitlab -
Not Syncedwhich is something that will always
happen if you maintain such a service. -
Not SyncedAnd gogs and gitea is nice but it's small
-
Not SyncedIt will not be able to manage 10,000s
of repositories. -
Not SyncedNext step happened in August 2017 when
we had a sprint here in Hamburg -
Not Syncedat the hackerlab CCC on the other side
of the building, -
Not Syncedwhere we talked about it.
-
Not SyncedAfter long discussions, we decided to go
with Gitlab -
Not Syncedbecause Gitlab, at that point, was
the best solution that was already ready. -
Not SyncedWe didn't have to adapt too much, we don't
need to patch it -
Not Syncedwhich turned out it isn't true, but it's
an other problem -
Not SyncedIt had features like continuous integration
ready, -
Not Syncedit had features like code review ready,
wiki pretty good working -
Not Syncedand ??? very scalable
in all directions -
Not SyncedEvery component is scalable which is
good for us. -
Not SyncedThis is a TODO point, I wanted to add
an image about the restaurant -
Not Syncedwhere we decided on the name "salsa".
-
Not SyncedSomebody of you may ask yourself where
the name is coming from. -
Not SyncedThere's a small mexican restaurant
a few hundred meters from here -
Not Syncedwhere you can get great burritos and
they have a painting at the back -
Not Syncedwith the term "salsa" written
-
Not Syncedand we were deciding on a name which
just not describes the type of service on it -
Not Syncedso we wanted…
-
Not SyncedYes, it's also a sauce. So salsa had sauce.
-
Not SyncedI wanted to call it Klaus, but we decided
against it so somebody came up -
Not Syncedin the restaurant with the name "salsa"
and so it's called salsa. -
Not SyncedIn the meanwhile, we talked a lot with
the Gitlab people -
Not Syncedwhich were very kind and helped us
with our problems. -
Not SyncedWe also talked with them about the CLA
problem and after some discussions, -
Not Syncedthe lawyer of SPI was also involved,
-
Not Syncedwe made them to remove the CLA
and replace it with something better. -
Not SyncedContributing patches to Gitlab is now
much easier and better -
Not Syncedwhich is something we are very proud of
-
Not Synced[Applause]
-
Not SyncedAnd between November and the 25th of
December, we implemented salsa two times -
Not SyncedFirst time on ???.debian.net where we had
root but -
Not Syncedafter more discussions we decided having
this maintained at a (debian).org box -
Not Syncedwould be better, which made us
??? ansible stuff -
Not Syncedand develop a ??? to be able to install
gitlab as a non-privileged user -
Not Syncedbut we did that.
-
Not SyncedIn Christmas, he was able to release
salsa into public beta. -
Not SyncedThings went well, which allowed, at the
end of January, salsa to leave the beta -
Not SyncedSince then it's official, our official
git successor. -
Not SyncedWhat will happen in the future?
-
Not SyncedOh no, this is already past.
-
Not SyncedOn May, we disable user and project
creation on alioth. -
Not SyncedStill in May, we disabled the not so much
used version control systems, -
Not Syncedbazaar, mercurial and darcs
-
Not SyncedOn Thursday (May 17th 2018), I disabled
projects web sites. -
Not SyncedAnd this is future, at the end the month,
-
Not Syncedall other remaining version control systems
on alioth will get disabled. -
Not SyncedSo if you have anything running on alioth,
still running on alioth, -
Not Syncedcron jobs are also disabled so
you don't have cron jobs enabled anymore -
Not SyncedBe it whatever you think of, remove it.
-
Not Synced1st of June, alioth will be off, you won't
be able to get any data anymore -
Not Syncedfrom alioth.
-
Not SyncedYou can get the ??? via DSA to get
subsequent backups, that's up to you -
Not Syncedbut I don't recommend it and they won't
like it. -
Not SyncedYeah
-
Not SyncedIn June, alioth will come to an end.
-
Not SyncedIt served us well for 10, 15 years, but
its time is over. -
Not SyncedSome numbers.
Where are we now? -
Not SyncedYesterday (May 18th 2018), we had
23,700 repositories on gitlab, -
Not Synced3200 users, 400 groups, which sums up
around 90GB on disk, which is nice. -
Not SyncedFor a service running for more or less
6 months, it's a pretty nice number. -
Not SyncedWhat are our future plans.
-
Not Synced??? Docker registry, by now
you can use external registries -
Not Syncedwhich is working
-
Not SyncedYou can the gitlab registry for
Docker images -
Not Syncedbut it will be nicer to have our own
registry. -
Not SyncedThat is pretty high on my todo list, after
alioth is gone. -
Not SyncedWe want more runners, so you are able to
sponsor runners, if you have machines or -
Not Syncedsome money you want to spend on runners,
please tell us. -
Not SyncedWhat are runners? Runners are the things
that are used by Gitlab CI to build code -
Not Syncedor test code, or do things.
-
Not SyncedYou can use it to build your packages,
you can use it to autopkgtest you packages -
Not Syncedyou can use it to build websites or
whatever you like. -
Not SyncedIt's pretty useful and I think using CI more
will be a big step forward for Debian. -
Not SyncedWe should really get more into it.
-
Not SyncedThere are already some projects like
the reproducible builds, the debci guys -
Not Syncedthat are working on such stuff
-
Not Syncedand now we have the infrastructure that
every DD, every developer or package maintainer -
Not Syncedcan use it.
-
Not SyncedThere's also an other feature called
-
Not Synced"devops" which is based on kubernetes
which allows you to even -
Not Synceddeploy and test things properly.
-
Not SyncedSo if you have package which implements
a web service, you can even run -
Not Synced??? kubernetes part which runs
a web server, -
Not Syncedyou can test it, you can even record it,
do QA test and so on -
Not Syncedall based on this devops feature which
would also be a nice thing. -
Not SyncedBy now, we don't have a kubernetes instance
we can use for it, -
Not Syncedso if you have a spare kubernetes instance
you want to offer Debian, -
Not Syncedplease talk to us.
- Title:
- salsa.debian.org state of affairs
- Description:
-
more » « less
Talk given by Alexander Wirt at Minidebconf Hamburg 18
https://meetings-archive.debian.net/pub/debian-meetings/2018/miniconf-hamburg/2018-05-19/salsa.debian.org_state.webm - Video Language:
- English
- Team:
Debconf
- Project:
- 2018_mini-debconf-hamburg
- Duration:
- 48:02
|
tvincent edited English subtitles for salsa.debian.org state of affairs | |
|
|
tvincent edited English subtitles for salsa.debian.org state of affairs | |
|
|
tvincent edited English subtitles for salsa.debian.org state of affairs | |
|
|
tvincent edited English subtitles for salsa.debian.org state of affairs | |
|
|
tvincent edited English subtitles for salsa.debian.org state of affairs | |
|
|
tvincent edited English subtitles for salsa.debian.org state of affairs | |
|
|
tvincent edited English subtitles for salsa.debian.org state of affairs | |
|
|
tvincent edited English subtitles for salsa.debian.org state of affairs |