salsa.debian.org state of affairs
-
Not SyncedOk, welcome back to the second session
of the day. -
Not SyncedIt's going to be Alexander Wirt talking
about salsa.debian.org. -
Not Synced[Applause]
-
Not SyncedThank you, good morning.
-
Not SyncedI usually don't give talks in english,
so please be nice to me. -
Not SyncedHowever, I'm here.
-
Not SyncedI want to talk today about our journey
for Alioth -
Not Syncedwhich is still running, but not for long
anymore, -
Not Syncedto our new service, salsa.
-
Not SyncedI want to get a little bit into the history
of old things -
Not Syncedand what we have already achieved,
what we still need to achieve -
Not Syncedand what are our plans for the future.
-
Not SyncedLet's start with the basic things,
who am I. -
Not SyncedI am the guy who rejects the mails
on lists.debian.org, -
Not SyncedI am a listmaster.
-
Not SyncedI am the guy that rejects your backports.
-
Not SyncedI am the backports ftp master.
-
Not SyncedAnd I am the guy that will destroy
alioth.debian.org. -
Not SyncedFor the last ten years
-
Not Synced[Applause]
-
Not SyncedI was an admin by accident of
alioth.debian.org. -
Not SyncedThis is another story I will tell you
in a few minutes. -
Not SyncedBeside from that, I work as an OpenSource
consultant at credativ, -
Not Syncedwhich is a small company in Germany
which is specialized in OpenSource, -
Not Syncedwe only do OpenSource consulting
in Germany. -
Not SyncedWe do what today is called DevOps,
we do every kind of consulting. -
Not SyncedIf you do something with OpenSource,
we are probably the ones you can talk with. -
Not SyncedI am a father of two wonderful girls,
-
Not Syncedthey're not here unfortunately,
-
Not Syncedbut otherwise I wouldn't be able
to work. -
Not SyncedAnd in my little bit spare time, I do
role playing games and Tabletop games. -
Not SyncedIn theory there should be a picture now.
-
Not SyncedThere's a picture missing,
I don't know why, -
Not Syncedwhich should tell "We need you".
-
Not SyncedA little bit of advertisement, if you
want to do OpenSource work in Germany, -
Not Syncedpaid,
-
Not Syncedand you need a job, please talk to me.
-
Not SyncedWe are always looking for good people,
especially in C development, -
Not Syncedkernel development, but also of course
consulting. -
Not SyncedSo please talk to me.
-
Not SyncedSome steps in history.
-
Not SyncedSome years ago, ???
2008, 2009, -
Not SyncedI told the alioth channel
-
Not Synced"Hey, if you need help, I can help with
system administration, -
Not Syncednot the GForge stuff which is running
above, -
Not Syncedbut if you need help, tell me."
-
Not Synced[Audience] Big mistake
-
Not SyncedYeah.
-
Not SyncedOne or two years went by,
and step by step -
Not Syncedall alioth admins left.
-
Not SyncedWe were alone in the channel.
-
Not SyncedAnd around that time, I detected
-
Not Synced"Hey, I have sudo permissions
and I'm admin" -
Not SyncedSomebody made me an admin.
-
Not SyncedSo, I had to decide that I will be
the person that is the future alioth admin -
Not Syncedand I stepped in.
-
Not SyncedSo it was the beginning of our alioth
journey. -
Not SyncedThen, in DebConf15, we had a long
'Birds of a Feather' -
Not Syncedwhere we talked about several security
problems in collab-maint, -
Not Syncedsome of you are maybe not aware of it,
-
Not Syncedbut since we use git at filesystem level
on alioth, -
Not Syncedwe are introducing a number of interesting
security problems -
Not Syncedlike if someone writes a hook, that hook
gets executed every time someone pushes. -
Not SyncedSo you have basically shell access.
-
Not SyncedAnd of course you execute it as
your own uid. -
Not SyncedSo, if some DM (Debian Maintainer) or even
not DM, nearly the whole world -
Not Syncedhas write access to collab-maint,
-
Not Synceddrops some hooks in,
-
Not Syncedit can make you execute code on Alioth
at your uid, which is a problem. -
Not SyncedWe did some things to solve that problem,
but the main problem remained. -
Not SyncedSo, along that time, we decided that we
would need a successor for git.debian.org. -
Not SyncedAt that point, we are talking about gitolite
-
Not Syncedwhich we evaluated at that time.
-
Not SyncedHowever, as ???
-
Not SyncedTwo years went into the land and
nothing real happened, -
Not Syncedwe just played with it.
-
Not SyncedThen, May 2017, a thread comes up,
"Moving away from fusionforge". -
Not SyncedWhat nobody was really aware of, is that
alioth is on a Wheezy machine -
Not Syncedand Wheezy is ??? out of security
support end of the month. -
Not SyncedSo time was running up.
-
Not SyncedThe thread was long as usual on
debian-devel and -
Not Syncedwe decided to do a few steps, like
evaluating things -
Not Syncedand in June 2017, I did a survey about
our new alioth services. -
Not SyncedIt was clear at that point that I wouldn't
be able to maintain all the things -
Not Syncedalioth had in the future
-
Not Syncedso we decided to just bring over
the important things. -
Not SyncedWhat is important? For everyone,
everything else is important -
Not Syncedso I decided to do a survey which was
pretty successful -
Not Syncedwith a few hundreds submissions.
-
Not SyncedThen, in…
-
Not SyncedThen we evaluated… "we" as probably "me",
-
Not Syncedevaluated a few solutions, named pagure,
which is the git solution Fedora is using, -
Not Syncedwhich is a Python thing based on gitolite,
-
Not Syncedgitlab, which is the biggest Github
competitor -
Not Syncedgogs/gitea, which is some golang-based
small git service. -
Not Syncedpagure turned out to be not stable enough
for our needs -
Not Syncedand we would have to do to much coding
inside pagure to use it in our infrastructure -
Not Syncedbecause pagure is very strongly ???
with the Fedora infrastructure, -
Not Syncedspecially its user authentication and
user management stuff. -
Not SyncedGitlab had an other problem called
"opencore" and -
Not Synced"contributor license agreement"
which means -
Not SyncedI and others were not very happy with
contributing code to Gitlab -
Not Syncedwhich is something that will always
happen if you maintain such a service. -
Not SyncedAnd gogs and gitea is nice but it's small
-
Not SyncedIt will not be able to manage 10,000s
of repositories. -
Not SyncedNext step happened in August 2017 when
we had a sprint here in Hamburg -
Not Syncedat the hackerlab CCC on the other side
of the building, -
Not Syncedwhere we talked about it.
-
Not SyncedAfter long discussions, we decided to go
with Gitlab -
Not Syncedbecause Gitlab, at that point, was
the best solution that was already ready. -
Not SyncedWe didn't have to adapt too much, we don't
need to patch it -
Not Syncedwhich turned out it isn't true, but it's
an other problem -
Not SyncedIt had features like continuous integration
ready, -
Not Syncedit had features like code review ready,
wiki pretty good working -
Not Syncedand ??? very scalable
in all directions -
Not SyncedEvery component is scalable which is
good for us. -
Not SyncedThis is a TODO point, I wanted to add
an image about the restaurant -
Not Syncedwhere we decided on the name "salsa".
-
Not SyncedSomebody of you may ask yourself where
the name is coming from. -
Not SyncedThere's a small mexican restaurant
a few hundred meters from here -
Not Syncedwhere you can get great burritos and
they have a painting at the back -
Not Syncedwith the term "salsa" written
-
Not Syncedand we were deciding on a name which
just not describes the type of service on it -
Not Syncedso we wanted…
-
Not SyncedYes, it's also a sauce. So salsa had sauce.
-
Not SyncedI wanted to call it Klaus, but we decided
against it so somebody came up -
Not Syncedin the restaurant with the name "salsa"
and so it's called salsa. -
Not SyncedIn the meanwhile, we talked a lot with
the Gitlab people -
Not Syncedwhich were very kind and helped us
with our problems. -
Not SyncedWe also talked with them about the CLA
problem and after some discussions, -
Not Syncedthe lawyer of SPI was also involved,
-
Not Syncedwe made them to remove the CLA
and replace it with something better. -
Not SyncedContributing patches to Gitlab is now
much easier and better -
Not Syncedwhich is something we are very proud of
-
Not Synced[Applause]
-
Not SyncedAnd between November and the 25th of
December, we implemented salsa two times -
Not SyncedFirst time on ???.debian.net where we had
root but -
Not Syncedafter more discussions we decided having
this maintained at a (debian).org box -
Not Syncedwould be better, which made us
??? ansible stuff -
Not Syncedand develop a ??? to be able to install
gitlab as a non-privileged user -
Not Syncedbut we did that.
-
Not SyncedIn Christmas, he was able to release
salsa into public beta. -
Not SyncedThings went well, which allowed, at the
end of January, salsa to leave the beta -
Not SyncedSince then it's official, our official
git successor. -
Not SyncedWhat will happen in the future?
-
Not SyncedOh no, this is already past.
-
Not SyncedOn May, we disable user and project
creation on alioth. -
Not SyncedStill in May, we disabled the not so much
used version control systems, -
Not Syncedbazaar, mercurial and darcs
-
Not SyncedOn Thursday (May 17th 2018), I disabled
projects web sites. -
Not SyncedAnd this is future, at the end the month,
-
Not Syncedall other remaining version control systems
on alioth will get disabled. -
Not SyncedSo if you have anything running on alioth,
still running on alioth, -
Not Syncedcron jobs are also disabled so
you don't have cron jobs enabled anymore -
Not SyncedBe it whatever you think of, remove it.
-
Not Synced1st of June, alioth will be off, you won't
be able to get any data anymore -
Not Syncedfrom alioth.
-
Not SyncedYou can get the ??? via DSA to get
subsequent backups, that's up to you -
Not Syncedbut I don't recommend it and they won't
like it. -
Not SyncedYeah
-
Not SyncedIn June, alioth will come to an end.
-
Not SyncedIt served us well for 10, 15 years, but
its time is over. -
Not SyncedSome numbers.
Where are we now? -
Not SyncedYesterday (May 18th 2018), we had
23,700 repositories on gitlab, -
Not Synced3200 users, 400 groups, which sums up
around 90GB on disk, which is nice. -
Not SyncedFor a service running for more or less
6 months, it's a pretty nice number. -
Not SyncedWhat are our future plans.
-
Not Synced??? Docker registry, by now
you can use external registries -
Not Syncedwhich is working
-
Not SyncedYou can the gitlab registry for
Docker images -
Not Syncedbut it will be nicer to have our own
registry. -
Not SyncedThat is pretty high on my todo list, after
alioth is gone. -
Not SyncedWe want more runners, so you are able to
sponsor runners, if you have machines or -
Not Syncedsome money you want to spend on runners,
please tell us. -
Not SyncedWhat are runners? Runners are the things
that are used by Gitlab CI to build code -
Not Syncedor test code, or do things.
-
Not SyncedYou can use it to build your packages,
you can use it to autopkgtest you packages -
Not Syncedyou can use it to build websites or
whatever you like. -
Not SyncedIt's pretty useful and I think using CI more
will be a big step forward for Debian. -
Not SyncedWe should really get more into it.
-
Not SyncedThere are already some projects like
the reproducible builds, the debci guys -
Not Syncedthat are working on such stuff
-
Not Syncedand now we have the infrastructure that
every DD, every developer or package maintainer -
Not Syncedcan use it.
-
Not SyncedThere's also an other feature called
-
Not Synced"devops" which is based on kubernetes
which allows you to even -
Not Synceddeploy and test things properly.
-
Not SyncedSo if you have package which implements
a web service, you can even run -
Not Synced??? kubernetes part which runs
a web server, -
Not Syncedyou can test it, you can even record it,
do QA test and so on -
Not Syncedall based on this devops feature which
would also be a nice thing. -
Not SyncedBy now, we don't have a kubernetes instance
we can use for it, -
Not Syncedso if you have a spare kubernetes instance
you want to offer Debian, -
Not Syncedplease talk to us.
-
Not SyncedAnd integration with sso.debian.org,
which is another side project of mine -
Not Syncedand some of ??? students, sitting there.
-
Not SyncedWe want to build a successor for
the command sso.debian.org -
Not Syncedwhich has a problem that it doesn't have
a user backend, -
Not Syncedthe user backend is alioth,
you see the problem -
Not SyncedBut it just the case for our guest users.
-
Not SyncedThe official Debian Developers come from
the ldap which will still work, -
Not Syncedbut we have a problem with guest users,
so we currently don't have a way to -
Not Syncedsource for managing those guest users,
especially give additional groups like -
Not Synced"Hey, the user's a DM"
-
Not SyncedI would love to give all DMs access to
the Debian group, write access, -
Not Syncedbut I can't currently because I'm not able
to ??? -
Not Syncedwhich is something we want to solve with
the new sso.debian.org feature. -
Not Syncedsso.debian.org should also develop a new
authentication protocol like OAuth2, -
Not Syncedwhich we will use for salsa but new
services can also rely on, -
Not Synced??? a way from this certificate stuff
which is somewhat nice -
Not Syncedbut it's not that good integrated in most
browsers anymore -
Not Syncedand it doesn't work that well.
-
Not SyncedWe hope to have, we already have
a prototype, and we hope to have it live -
Not Synceduntil the end of the summer.
-
Not SyncedWhat we left behind.
-
Not SyncedWe don't have shells anymore.
-
Not SyncedSo you won't be able to run any cron jobs
or other stuff on salsa and -
Not Syncedplease don't ask, we won't give anyone
a shell on salsa.debian.org or godard -
Not Syncedwhich is the host hosting it.
-
Not SyncedWe hape APIs, several of them,
I will show them -
Not SyncedPlease use them, we won't run any
cron jobs or custom stuff on gitlab, -
Not Syncedit was a nightmare on alioth to maintain
and to administrate -
Not Syncedand I will never, never want to get
into this again. -
Not SyncedWhat we also don't have are custom domains
which is a feature gitlab has, but -
Not SyncedDSA decided against it, so you will have
to live with -
Not Syncedprojectname.pages.debian.net until
someone decides for that feature. -
Not SyncedWe also left behind old version…
not so much anymore version control systems -
Not Syncedlike darcs, bazaar, subversion which isn't
a problem, -
Not Syncedbut we also don't have cvs anymore,
which may be a surprise for someone -
Not Syncedbut Debian is still a heavy user of cvs,
especially for our web site -
Not Syncedand translations.
-
Not SyncedBut maybe they will now migrate faster
away from cvs. -
Not SyncedThey are working on it, I know,
they're working on it for 10 years -
Not Syncedbut things are getting faster and
they're making progress -
Not Syncedin migrating away from cvs.
-
Not SyncedYeah, ???, that's right,
we also left mercurial, -
Not Syncedor whatever people have in their
home directory. -
Not SyncedYeah we also had rcs on alioth, there
were rcs repos, yes. -
Not SyncedWhat we got instead.
-
Not SyncedWe got a bunch of new features
we didn't have before. -
Not SyncedSo, this is such… maybe a start of new
ways of working in Debian, -
Not Syncedwe got a bunch of collaboration features.
-
Not SyncedIn the past, collaboration often meant
finding the right mailing list, -
Not Syncedsending a patch and hoping.
-
Not SyncedNow we can use merge requests, which
allow people to easily fork and -
Not Syncedmodify packages or repositories, and after
they are done, they can just hit a button -
Not Syncedor whatever and create a nice merge
request which is already heavily used -
Not Syncedby some projects like apt or dak or my own
redirector. -
Not SyncedThat allows ???, the admins
of those repositories/projects -
Not Syncedto review code easily, they can add
comments, they can discuss with -
Not Synced??? people out of the mailing list.
-
Not SyncedIf people update a bunch and they
commited, those merge requests -
Not Syncedget updated which is a workflow we are
also using very heavily in our company -
Not Syncedwhich is pretty nice in my eyes.
- Title:
- salsa.debian.org state of affairs
- Description:
-
Talk given by Alexander Wirt at Minidebconf Hamburg 18
https://meetings-archive.debian.net/pub/debian-meetings/2018/miniconf-hamburg/2018-05-19/salsa.debian.org_state.webm - Video Language:
- English
- Team:
Debconf
- Project:
- 2018_mini-debconf-hamburg
- Duration:
- 48:02
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs | |
![]() |
tvincent edited English subtitles for salsa.debian.org state of affairs |