salsa.debian.org state of affairs

Edit subtitles

0:06 - 0:09

Ok, welcome back to the second session
of the day.
0:10 - 0:13

It's going to be Alexander Wirt talking
about salsa.debian.org.
0:14 - 0:19

[Applause]
0:19 - 0:21

Thank you, good morning.
0:22 - 0:26

I usually don't give talks in english,
so please be nice to me.
0:27 - 0:29

However, I'm here.
0:30 - 0:33

I want to talk today about our journey
from Alioth
0:34 - 0:36

which is still running, but not for long
anymore,
0:37 - 0:39

to our new service, salsa.
0:40 - 0:43

I want to get a little bit into the history
of old things
0:43 - 0:47

and what we have already achieved,
what we still need to achieve
0:47 - 0:50

and what are our plans for the future.
0:54 - 0:57

Let's start with the basic things,
who am I.
0:59 - 1:03

I am the guy who rejects the mails
on lists.debian.org,
1:03 - 1:05

I am a listmaster.
1:08 - 1:11

I am the guy that rejects your backports.
1:11 - 1:13

I am the backports ftp master.
1:15 - 1:18

And I am the guy that will destroy
alioth.debian.org.
1:18 - 1:21

For the last ten years
1:21 - 1:23

[Applause]
1:23 - 1:26

I was an admin by accident of
alioth.debian.org.
1:26 - 1:29

This is another story I will tell you
in a few minutes.
1:31 - 1:36

Beside from that, I work as an OpenSource
consultant at credativ,
1:37 - 1:41

which is a small company in Germany
which is specialized in OpenSource,
1:41 - 1:44

we only do OpenSource consulting
in Germany.
1:44 - 1:51

We do what today is called DevOps,
we do every kind of consulting.
1:51 - 1:55

If you do something with OpenSource,
we are probably the ones you can talk with.
1:58 - 2:01

I am a father of two wonderful girls,
2:01 - 2:03

they're not here unfortunately,
2:03 - 2:05

but otherwise I wouldn't be able
to work.
2:07 - 2:13

And in my little bit spare time, I do
role playing games and Tabletop games.
2:17 - 2:20

In theory there should be a picture now.
2:22 - 2:25

There's a picture missing,
I don't know why,
2:26 - 2:27

which should tell "We need you".
2:28 - 2:32

A little bit of advertisement, if you
want to do OpenSource work in Germany,
2:32 - 2:33

paid,
2:34 - 2:37

and you need a job, please talk to me.
2:37 - 2:42

We are always looking for good people,
especially in C development,
2:42 - 2:47

kernel development, but also of course
consulting.
2:48 - 2:50

So please talk to me.
2:51 - 2:52

Some steps in history.
2:54 - 2:58

Some years ago, ???
2008, 2009,
2:59 - 3:01

I told the #alioth channel
3:01 - 3:05

"Hey, if you need help, I can help with
system administration,
3:05 - 3:09

not the GForge stuff which is running
above,
3:09 - 3:11

but if you need help, tell me."
3:12 - 3:13

[Audience] Big mistake
3:13 - 3:14

Yeah.
3:14 - 3:19

One or two years went by,
and step by step
3:19 - 3:22

all remaining alioth admins left.
3:23 - 3:24

We were alone in the channel.
3:25 - 3:27

And around that time, I detected
3:27 - 3:31

"Hey, I have sudo permissions
and I'm admin"
3:32 - 3:34

Somebody made me an admin.
3:35 - 3:41

So, I had to decide that I will be
the person that is the future alioth admin
3:41 - 3:43

and I stepped in.
3:44 - 3:47

So it was the beginning of our alioth
journey.
3:49 - 3:53

Then, in DebConf15, we had a long
'Birds of a Feather'
3:54 - 3:58

where we talked about several security
problems in collab-maint,
4:00 - 4:03

some of you are maybe not aware of it,
4:03 - 4:09

but since we use git at filesystem level
on alioth,
4:09 - 4:13

we are introducing a number of interesting
security problems
4:13 - 4:19

like if someone writes a hook, that hook
gets executed every time someone pushes.
4:20 - 4:22

So you have basically shell access.
4:23 - 4:25

And of course you execute it as
your own uid.
4:26 - 4:32

So, if some DM (Debian Maintainer) or even
not DM, nearly the whole world
4:32 - 4:34

has write access to collab-maint,
4:34 - 4:36

drops some hooks in,
4:38 - 4:43

it can make you execute code on Alioth
at your uid, which is a problem.
4:44 - 4:51

We did some things to solve that problem,
but the main problem remained.
4:52 - 4:57

So, along that time, we decided that we
would need a successor for git.debian.org.
4:58 - 5:03

At that point, we are talking about gitolite
5:03 - 5:06

which we evaluated at that time.
5:07 - 5:11

However, as it sometimes happens.
5:11 - 5:14

Two years went into the land and
nothing real happened,
5:15 - 5:16

we just played with it.
5:17 - 5:23

Then, May 2017, a thread comes up,
"Moving away from fusionforge".
5:25 - 5:31

What nobody was really aware of, is that
alioth is on a Wheezy machine
5:31 - 5:34

and Wheezy is running out of security
support end of the month.
5:34 - 5:36

So time was running up.
5:39 - 5:44

The thread was long as usual on
debian-devel and
5:44 - 5:49

we decided to do a few steps, like
evaluating things
5:50 - 5:59

and in June 2017, I did a survey about
our new alioth services.
6:01 - 6:06

It was clear at that point that I wouldn't
be able to maintain all the things
6:06 - 6:08

alioth had in the future
6:09 - 6:14

so we decided to just bring over
the important things.
6:15 - 6:18

What is important? For everyone,
everything else is important
6:18 - 6:23

so I decided to do a survey which was
pretty successful
6:23 - 6:25

with a few hundreds submissions.
6:26 - 6:28

Then, in…
6:44 - 6:50

Then we evaluated… "we" as probably "me",
6:51 - 6:58

evaluated a few solutions, named pagure,
which is the git solution Fedora is using,
6:58 - 7:02

which is a Python thing based on gitolite,
7:03 - 7:12

gitlab, which is the biggest Github
competitor
7:15 - 7:21

gogs/gitea, which is some golang-based
small git service.
7:23 - 7:29

pagure turned out to be not stable enough
for our needs
7:29 - 7:37

and we would have to do to much coding
inside pagure to use it in our infrastructure
7:37 - 7:42

because pagure is very strongly binded
with the Fedora infrastructure,
7:42 - 7:47

specially its user authentication and
user management stuff.
7:48 - 7:52

Gitlab had an other problem called
"opencore" and
7:52 - 7:56

"contributor license agreement"
which means
7:56 - 8:01

I and others were not very happy with
contributing code to Gitlab
8:01 - 8:06

which is something that will always
happen if you maintain such a service.
8:08 - 8:12

And gogs and gitea is nice but it's small
8:12 - 8:18

It will not be able to manage 10,000s
of repositories.
8:23 - 8:28

Next step happened in August 2017 when
we had a sprint here in Hamburg
8:28 - 8:32

at the hackerlab CCC on the other side
of the building,
8:34 - 8:35

where we talked about it.
8:36 - 8:41

After long discussions, we decided to go
with Gitlab
8:41 - 8:49

because Gitlab, at that point, was
the best solution that was already ready.
8:50 - 8:53

We didn't have to adapt too much, we don't
need to patch it
8:55 - 8:59

which turned out it isn't true, but it's
an other problem
9:01 - 9:06

It had features like continuous integration
ready,
9:06 - 9:12

it had features like code review ready,
wiki pretty good working
9:13 - 9:18

and ??? very scalable
in all directions
9:19 - 9:24

Every component is scalable which is
good for us.
9:30 - 9:35

This is a TODO point, I wanted to add
an image about the restaurant
9:35 - 9:38

where we decided on the name "salsa".
9:38 - 9:43

Somebody of you may ask yourself where
the name is coming from.
9:43 - 9:46

There's a small mexican restaurant
a few hundred meters from here
9:47 - 9:52

where you can get great burritos and
they have a painting at the back
9:52 - 9:55

with the term "salsa" written
9:55 - 10:01

and we were deciding on a name which
just not describes the type of service on it
10:01 - 10:03

so we wanted…
10:05 - 10:12

Yes, it's also a sauce. So salsa had sauce.
10:13 - 10:19

I wanted to call it Klaus, but we decided
against it so somebody came up
10:19 - 10:24

in the restaurant with the name "salsa"
and so it's called salsa.
10:28 - 10:31

In the meanwhile, we talked a lot with
the Gitlab people
10:31 - 10:35

which were very kind and helped us
with our problems.
10:36 - 10:42

We also talked with them about the CLA
problem and after some discussions,
10:42 - 10:47

the lawyer of SPI was also involved,
10:47 - 10:51

we made them to remove the CLA
and replace it with something better.
10:53 - 10:58

Contributing patches to Gitlab is now
much easier and better
10:58 - 11:00

which is something we are very proud of
11:00 - 11:05

[Applause]
11:07 - 11:13

And between November and the 25th of
December, we implemented salsa two times
11:14 - 11:17

First time on godard.debian.net where we had
root but
11:18 - 11:25

after more discussions we decided having
this maintained at a (debian).org box
11:26 - 11:30

would be better, which made us
??? ansible stuff
11:30 - 11:36

and develop a ??? to be able to install
gitlab as a non-privileged user
11:37 - 11:38

but we did that.
11:40 - 11:46

In Christmas, he was able to release
salsa into public beta.
11:50 - 11:56

Things went well, which allowed, at the
end of January, salsa to leave the beta
11:56 - 12:01

Since then it's official, our official
git successor.
12:05 - 12:07

What will happen in the future?
12:08 - 12:09

Oh no, this is already past.
12:11 - 12:16

On May, we disabled user and project
creation on alioth.
12:22 - 12:28

Still in May, we disabled the not so much
used version control systems,
12:28 - 12:30

bazaar, mercurial and darcs
12:34 - 12:37

On Thursday (May 17th 2018), I disabled
projects web sites.
12:39 - 12:41

And this is future, at the end the month,
12:41 - 12:46

all other remaining version control systems
on alioth will get disabled.
12:46 - 12:51

So if you have anything running on alioth,
still running on alioth,
12:51 - 12:55

cron jobs are also disabled so
you don't have cron jobs enabled anymore
12:56 - 13:00

Be it whatever you think of, remove it.
13:02 - 13:08

1st of June, alioth will be off, you won't
be able to get any data anymore
13:08 - 13:10

from alioth.
13:10 - 13:16

You can get the ??? via DSA to get
subsequent backups, that's up to you
13:16 - 13:19

but I don't recommend it and they won't
like it.
13:24 - 13:25

Yeah
13:28 - 13:30

In June, alioth will come to an end.
13:31 - 13:38

It served us well for 10, 15 years, but
its time is over.
13:42 - 13:44

Some numbers.
Where are we now?
13:46 - 13:51

Yesterday (May 18th 2018), we had
23,700 repositories on gitlab,
13:53 - 14:04

3200 users, 400 groups, which sums up
around 90GB on disk, which is nice.
14:05 - 14:11

For a service running for more or less
6 months, it's a pretty nice number.
14:17 - 14:19

What are our future plans.
14:21 - 14:27

??? Docker registry, by now
you can use external registries
14:27 - 14:28

which is working
14:28 - 14:31

You can the gitlab registry for
Docker images
14:31 - 14:34

but it will be nicer to have our own
registry.
14:35 - 14:39

That is pretty high on my todo list, after
alioth is gone.
14:42 - 14:47

We want more runners, so you are able to
sponsor runners, if you have machines or
14:47 - 14:53

some money you want to spend on runners,
please tell us.
14:53 - 14:59

What are runners? Runners are the things
that are used by Gitlab CI to build code
15:00 - 15:02

or test code, or do things.
15:04 - 15:10

You can use it to build your packages,
you can use it to autopkgtest your packages
15:10 - 15:15

you can use it to build websites or
whatever you like.
15:16 - 15:22

It's pretty useful and I think using CI more
will be a big step forward for Debian.
15:25 - 15:28

We should really get more into it.
15:29 - 15:35

There are already some projects like
the reproducible builds, the debci guys
15:35 - 15:37

that are working on such stuff
15:37 - 15:43

and now we have the infrastructure that
every DD, every developer or package maintainer
15:43 - 15:44

can use it.
15:49 - 15:50

There's also an other feature called
15:50 - 15:55

"devops" which is based on kubernetes
which allows you to even
15:55 - 15:59

deploy and test things properly.
15:59 - 16:03

So if you have package which implements
a web service, you can even run
16:03 - 16:07

??? kubernetes part which runs
a web server,
16:07 - 16:11

you can test it, you can even record it,
do QA test and so on
16:11 - 16:16

all based on this devops feature which
would also be a nice thing.
16:17 - 16:20

By now, we don't have a kubernetes instance
we can use for it,
16:20 - 16:25

so if you have a spare kubernetes instance
you want to offer Debian,
16:25 - 16:26

please talk to us.
16:29 - 16:35

And integration with sso.debian.org,
which is another side project of mine
16:35 - 16:38

and some of ??? students, sitting there.
16:40 - 16:44

We want to build a successor for
the command sso.debian.org
16:44 - 16:48

which has a problem that it doesn't have
a user backend,
16:48 - 16:50

the user backend is alioth,
you see the problem
16:53 - 16:55

But it just the case for our guest users.
16:56 - 17:00

The official Debian Developers come from
the ldap which will still work,
17:00 - 17:07

but we have a problem with guest users,
so we currently don't have a way to
17:07 - 17:14

source for managing those guest users,
especially give additional groups like
17:14 - 17:16

"Hey, the user's a DM"
17:17 - 17:22

I would love to give all DMs access to
the Debian group, write access,
17:22 - 17:25

but I can't currently because I'm not able
to identify them
17:26 - 17:30

which is something we want to solve with
the new sso.debian.org feature.
17:31 - 17:37

sso.debian.org should also develop a new
authentication protocol like OAuth2,
17:37 - 17:43

which we will use for salsa but new
web services can also rely on,
17:44 - 17:51

??? a way from this certificate stuff
which is somewhat nice
17:51 - 17:55

but it's not that good integrated in most
browsers anymore
17:55 - 17:58

and it doesn't work that well.
18:01 - 18:06

We hope to have, we already have
a prototype, and we hope to have it live
18:06 - 18:08

until the end of the summer.
18:11 - 18:13

What we left behind.
18:15 - 18:17

We don't have shells anymore.
18:18 - 18:22

So you won't be able to run any cron jobs
or other stuff on salsa and
18:22 - 18:30

please don't ask, we won't give anyone
a shell on salsa.debian.org or godard
18:30 - 18:32

which is the host hosting it.
18:34 - 18:37

We have APIs, several of them,
I will show them
18:38 - 18:44

Please use them, we won't run any
cron jobs or custom stuff on gitlab,
18:44 - 18:50

it was a nightmare on alioth to maintain
and to administrate
18:50 - 18:54

and I will never, never want to get
into this again.
18:56 - 19:03

What we also don't have are custom domains
which is a feature gitlab has, but
19:03 - 19:08

DSA decided against it, so you will have
to live with
19:08 - 19:17

projectname.pages.debian.net until
someone decides for that feature.
19:18 - 19:27

We also left behind old version…
not so much used anymore version control systems
19:27 - 19:31

like darcs, bazaar, subversion which isn't
a problem,
19:32 - 19:38

but we also don't have cvs anymore,
which may be a surprise for someone
19:38 - 19:44

but Debian is still a heavy user of cvs,
especially for our web site
19:44 - 19:45

and translations.
19:47 - 19:53

But maybe they will now migrate faster
away from cvs.
19:53 - 19:57

They are working on it, I know,
they're working on it for 10 years
19:58 - 20:04

but things are getting faster and
they're making progress
20:04 - 20:06

in migrating away from cvs.
20:08 - 20:13

Yeah, ???, that's right,
we also left mercurial,
20:15 - 20:17

or whatever people have in their
home directory.
20:20 - 20:24

Yeah we also had rcs on alioth, there
were rcs repos, yes.
20:28 - 20:29

What we got instead.
20:33 - 20:36

We got a bunch of new features
we didn't have before.
20:38 - 20:45

So, this is such… maybe a start of new
ways of working in Debian,
20:45 - 20:48

we got a bunch of collaboration features.
20:48 - 20:53

In the past, collaboration often meant
finding the right mailing list,
20:53 - 20:55

sending a patch and hoping.
20:57 - 21:03

Now we can use merge requests, which
allow people to easily fork and
21:03 - 21:09

modify packages or repositories, and after
they are done, they can just hit a button
21:09 - 21:16

or whatever and create a nice merge
request which is already heavily used
21:16 - 21:21

by some projects like apt or dak or my own
redirector.
21:22 - 21:27

That allows ???, the admins
of those repositories/projects
21:27 - 21:34

to review code easily, they can add
comments, they can discuss with
21:34 - 21:37

those people out of the mailing list.
21:38 - 21:44

If people update a bunch and they
commited, those merge requests
21:44 - 21:51

get updated which is a workflow we are
also using very heavily in our company
21:51 - 21:54

which is pretty nice in my eyes.
21:57 - 22:00

This also allows contribution to packages
from outside people
22:01 - 22:05

It lowers the barrier for people to
collaborate with Debian,
22:05 - 22:07

which is in my eyes a good feature,
22:07 - 22:14

something I always liked on Github and
I'm happy we are having it too now.
22:19 - 22:24

Gitlab has a nice feature of good, well
designed web frontend,
22:24 - 22:27

some things could be better, but it's
always the case,
22:27 - 22:33

but in most cases Gitlab is still
blazingly fast
22:33 - 22:37

except if you've hit some of the bugs
in the API
22:37 - 22:39

but that's an other problem.
22:42 - 22:43

And you can work with it.
22:44 - 22:46

If you don't like the web frontend,
use the API,
22:46 - 22:49

nearly everything the web frontend
supports is exposed via the API
22:52 - 22:55

And there are also a bunch of
command line clients
22:56 - 23:02

which can integrate into git to allow
things like merge requests,
23:02 - 23:06

allow you to process merge requests
from the command line
23:06 - 23:08

if you don't like web frontends.
23:13 - 23:21

You can also open merge requests
by e-mail if you still like it
23:22 - 23:25

you can just hit the right buttons,
you'll get a mail address
23:26 - 23:27

that you can use.
23:27 - 23:30

And if you send a patch to that mail address
you will create a merge request,
23:31 - 23:33

some of the not so known features.
23:42 - 23:43

Issues.
23:44 - 23:46

You can track todo items or bugs.
23:48 - 23:51

Please, this is not intended for Debian
packages,
23:51 - 23:54

so please don't replace the BTS
23:54 - 23:57

but using it as an issue tracker or todo
lists is great.
23:58 - 23:59

We are using it all the time.
24:00 - 24:05

We're also having some upstream projects
on salsa, like sane or ???
24:06 - 24:07

which is ???
24:08 - 24:10

So, they're using issues, that's fine too.
24:10 - 24:13

Issues are disabled by default for
a project,
24:13 - 24:17

but every project has ??? to just
enable it and to use it.
24:17 - 24:20

You have boards where you can organize
your work,
24:20 - 24:27

you can add sprints, you can add
milestones and other things,
24:27 - 24:31

all the basic stuff you need to have
an issue tracker is included.
24:33 - 24:39

And we also enabled reply by mail so
you don't have to use the web frontend,
24:40 - 24:45

you can just use your mail client
to reply your answers into Gitlab.
24:48 - 24:51

You can also close issues by merge requests.
24:52 - 24:57

So, similar to our BTS, Gitlab has
this "closes" feature.
25:00 - 25:06

It's all the same. So "Close", "Closes"…
and so on, it's all the same
25:07 - 25:09

and we close here your issues.
25:11 - 25:14

You can even close issues in other
projects,
25:14 - 25:20

so if you have projects related together
and you fix something in another project
25:20 - 25:22

you can even close it with that syntax.
25:26 - 25:30

You can also create issues by mail,
which is basically the same
25:30 - 25:33

as for merge requests,
25:33 - 25:39

you have that "email new issue" button
where you get a custom mail address you can use
25:39 - 25:41

and then you can use that mail address
for the future
25:41 - 25:47

to submit bugs if you don't want to use
the issue tracker.
26:01 - 26:03

What we also got are webhooks.
26:04 - 26:09

Custom hooks are not anymore possible
because you don't have access to
26:09 - 26:11

the repositories directly
26:11 - 26:13

but what you can use are webhooks.
26:14 - 26:17

Webhooks are common standard in the
web world,
26:18 - 26:22

you can use them to react to events
in your repository,
26:22 - 26:27

events may be things like someone created
an issue, someone created a pull request,
26:27 - 26:32

someone pushed something, someone took
something, things like that.
26:34 - 26:38

And you can use those events to create
IRC notifications,
26:38 - 26:43

we have two IRC bots available for you
to use, which is KGB
26:43 - 26:45

and my own irker instance.
26:46 - 26:49

You can automatically close or tag
bugs
26:49 - 26:53

If you look into our documentation,
wiki.debian.org,
26:53 - 26:58

you find a small paragraph about it
where you can just,
26:58 - 27:03

as we did before, if you close a bug
and you enable the tag pending,
27:03 - 27:10

tag pending webhook, your bug will
be tagged automatically as pending
27:10 - 27:16

like before if you used the ???
hooks on alioth.
27:16 - 27:21

And you can also trigger external CI QA
systems, like Jenkins or SonarQube
27:21 - 27:24

or whatever you like to test you code.
27:27 - 27:31

In the future, we will also use it
for collab, for the collaboration stuff
27:31 - 27:38

from tincho, where we will just forward
every push happened on the whole salsa system
27:38 - 27:45

so you don't have to configure that
manually, it will happen automatically
27:45 - 27:52

So if you contribute something to Debian,
it will come up on collab.debian.net
28:02 - 28:05

If you want to provide webhooks but you
don't want to run your own web server,
28:06 - 28:09

you can come to us, which means you have
to code Ruby.
28:10 - 28:14

We have our own webhook server implementation
for salsa.debian.org,
28:14 - 28:20

which is currently also running on salsa,
but that must be the case in the future.
28:20 - 28:26

So, if you want to run a webhook, provide us
a patch for our webhook implementation
28:26 - 28:31

which is pluggable, so write a plugin which
listens to your webhooks,
28:31 - 28:37

provide a patch, a merge request and we'll
happily add it to our webhook implementation
28:37 - 28:40

so it can be used for everybody.
28:42 - 28:43

Documentation is in the wiki.
28:48 - 28:51

Currently provided hooks are, as already
mentioned, tagpending
28:52 - 28:58

which allows you to tag bug as pending if
you mention them in you changelog
28:58 - 29:06

and some projects directly working with
commits are using the close webhook
29:06 - 29:09

which allows you to directly close
a bug with a commit
29:10 - 29:15

which is used by some web servers and
other stuff directly used in Debian.
29:20 - 29:23

One of the most powerful features we got
is Gitlab CI.
29:24 - 29:27

Gitlab CI is a system that allows
a continuous integration,
29:27 - 29:30

continuous development on salsa
29:31 - 29:37

and that allows you to build, test and
eventually deploy software and packages
29:37 - 29:39

from within Gitlab.
29:40 - 29:43

You can nearly do whatever you want
in this CI stuff,
29:44 - 29:51

you can compile ???, run linter,
run autopkgtest,
29:52 - 29:54

whatever you can imagine you can do.
29:55 - 29:59

We have two runners provided.
30:00 - 30:05

One of it is running as an ???
on Google cloud,
30:06 - 30:09

the other one is hardware sponsored
by a sponsor
30:10 - 30:16

and for every CI run, we launch a docker
container in it,
30:16 - 30:21

You can even provide an image you want
to use as this one
30:21 - 30:24

and then you can do whatever you want
with it.
30:25 - 30:28

But please don't do bitmining or
something like that,
30:31 - 30:34

be kind to them, we all have to use them
and we have only two of them,
30:34 - 30:38

so please, if you want to do something
bigger, talk to us
30:39 - 30:41

like the KDE people already did.
30:44 - 30:45

How to use it?
30:46 - 30:48

Using Gitlab CI is surprisingly easy.
30:49 - 30:55

There is this gitlab-ci.yml file which is
usually in the root of your repository
30:56 - 31:01

but you can add configuration to your
repository, for example to
31:01 - 31:04

add it to your /debian repository
which works better for
31:04 - 31:07

??? packages
31:08 - 31:13

or whatever you have, if you don't want to
clutter the upstream directories
31:13 - 31:15

of your gitlab-ci file.
31:17 - 31:27

[Question about potential conflicts with
gitlab-ci files from upstream]
31:29 - 31:32

We already have a bug opened on the
Gitlab issue tracker
31:32 - 31:37

that allows us to change the default name
of the gitlab-ci file because
31:37 - 31:42

currently, if you import an external
repository, which has a gitlab-ci file
31:42 - 31:43

which can happen,
31:43 - 31:48

if we happily run on our infrastructure
and for example,
31:48 - 31:52

it's ansible or some other project
which has it
31:52 - 31:56

for every upstream commit, salsa will
happily run our runners
31:56 - 31:59

and build the pipeline.
32:02 - 32:04

After you edit your file, that's it.
32:06 - 32:11

From then on, you can watch every commit
happening on your pipeline.
32:12 - 32:16

This is a simple gitlab-ci file, gitlab-ci
files are yaml-based,
32:16 - 32:22

documentation is in the Gitlab repository,
the documentation repository and
32:28 - 32:33

as you can see, it's pretty easy, you have
a pre-step, which allows you to do things
32:33 - 32:37

like installing dependencies which is
what's happening here.
32:38 - 32:46

Since Gitlab CI is running a detached
head, if you want to ???
32:46 - 32:48

use git buildpackage, we will have to
checkout master
32:49 - 32:50

for it to properly work,
32:51 - 32:54

then you can do a git pull, git buildpackage
and, after that,
32:54 - 32:57

you have build your package.
32:58 - 32:59

That's basically all.
33:00 - 33:01

You can also use artifacts.
33:01 - 33:11

Artifacts allow you to… keep a build
artifact for downloading, so
33:11 - 33:18

if you want someone to use a package,
you can just add an artifact stanza here
33:18 - 33:21

and that allows you to later download
your deb files.
33:21 - 33:27

Now that doesn't allow you to create
a repository ???
33:27 - 33:29

but it's an other problem.
33:31 - 33:36

If it's too much, you can also use this
thing we published yesterday.
33:37 - 33:44

This is a prepared docker container which
is prepared for git buildpackage and
33:44 - 33:47

all you have to do is to execute this.
33:49 - 33:50

After that, you have Gitlab CI.
33:51 - 33:55

[Applause]
33:55 - 33:59

I don't know who provided it, but it popped
up in the wiki yesterday
33:59 - 34:00

or something like that.
34:05 - 34:07

We also have Gitlab pages.
34:07 - 34:13

Gitlab pages are like Github pages and
allow you to host web sites,
34:13 - 34:16

static web sites from within Gitlab.
34:18 - 34:24

Internally they also use Gitlab CI, so
you provide a Gitlab CI job
34:24 - 34:30

that just deploys your website, so
it's nothing to do
34:30 - 34:32

and here's our build artifact feature.
34:33 - 34:39

All we do here is just add those public
files in the public directory to our pages
34:39 - 34:43

and we only do this on the master branch
34:43 - 34:45

and basically that's it.
34:46 - 34:51

The magic is happening here, it's the
"pages" step and
34:51 - 34:57

if you correctly configure pages in your
repository configuration,
34:57 - 34:59

you have a Gitlab page after that.
35:03 - 35:06

You can also do more fancy things like
a Hugo web site,
35:06 - 35:11

just depend on a docker image which has
hugo installed
35:11 - 35:20

and then execute a script which builds
Hugo, add some artifacts
35:20 - 35:22

and after that you have a Hugo website.
35:22 - 35:27

You can also use it for blogs, you can
use it in personal repositories,
35:27 - 35:30

then for example for your own web site
or blogs.
35:30 - 35:35

Of course, it's not intended to serve
big web sites
35:35 - 35:42

but providing blogs for planet.debian.org
is perfectly fine, for example
35:42 - 35:49

or web site of ??? project or
whatever is Debian-related.
35:52 - 35:56

This brings me to an other topic
not mentioned in my slides
35:57 - 36:00

some people asked us what is fine to host
on salsa.
36:02 - 36:07

As long as it's open source, as long as
it's intended to be Debian-related
36:07 - 36:11

or open source related or can be included
in Debian,
36:11 - 36:14

it's perfectly fine to host it on salsa.
36:15 - 36:18

So we invite every upstream which is
looking for a home,
36:18 - 36:22

like the SANE guys, to host them
on salsa.
36:28 - 36:32

What we got with the latest major version
is a web editor
36:34 - 36:36

which is pretty new,
36:37 - 36:40

probably buggy, but it works.
36:41 - 36:43

So, if you don't want to clone
a repository
36:45 - 36:50

or you have just to have simple changes,
you can add your file in the web editor,
36:50 - 36:52

you get a web editor with syntax
highlighting,
36:52 - 36:56

you get even a markdown preview if you
just do documentation,
36:57 - 37:00

so that's great for every one just doing
documentation
37:00 - 37:03

that doesn't want to ??? with git
37:04 - 37:09

or the code inside, you can even
preview it,
37:10 - 37:12

then you can write a commit message,
37:16 - 37:18

and that's it.
37:48 - 37:52

What we also have is two-factor
authentication, which is a security feature
37:52 - 37:55

that allows you to add a second factor
to your Gitlab login.
37:56 - 38:04

I can only recommend to use it, that's
well integrated and adds a lot of security.
38:09 - 38:12

It works with Yubikeys or any U2F-compatible
key
38:13 - 38:17

and also with software solutions that
implement TOTP,
38:17 - 38:22

time-based one time passwords.
38:23 - 38:29

So every TOTP-compatible generator also
works, for example the Google authenticator
38:29 - 38:32

but there are also others which are
open source, that all works.
38:33 - 38:35

Adding it is easy.
38:39 - 38:42

???
38:47 - 38:47

It's easy.
38:48 - 38:51

What you can't see now is me getting
my smartphone out,
38:52 - 38:55

scanning the bar code, generating a PIN
code,
38:56 - 39:00

and in 2 seconds I will enter the PIN code
39:08 - 39:11

What you see here are recovery codes,
39:11 - 39:13

I will mention them in a few minutes.
39:14 - 39:19

You can use them to recover your account
if you lost your one-time password generator
39:21 - 39:23

So, if I log in now,
39:28 - 39:32

I have to use my smartphone to generate
an authentication code, add it,
39:33 - 39:35

and now I'm in, that's it.
39:35 - 39:37

So it's pretty easy.
39:38 - 39:44

Some people say "Oh, what if I lost
my token, that is such much work."
39:46 - 39:47

No, it's easy.
39:47 - 39:50

If you want to recover your token,
I do that all the time,
39:50 - 39:56

you can just use SSH and do
"ssh git@salsa.debian.org"
39:57 - 40:01

and the command "2fa_recovery_codes"
which will generate you
40:01 - 40:03

a number of new recovery codes,
40:04 - 40:06

and you can use it to log in.
40:07 - 40:12

So if I don't have my authentication
token with, I just use this every time.
40:15 - 40:16

It works.
40:16 - 40:19

And SSH also has an other token.
Huh?
40:19 - 40:20

[Q] It's cheating.
40:20 - 40:23

[A] No, it works, it's a second factor,
so it's fine.
40:29 - 40:32

So, the API.
40:32 - 40:33

I have to get faster.
40:38 - 40:40

Gitlab exposes a powerful JSON REST API,
40:41 - 40:44

that allows you to query and to manipulate
nearly all aspects of Gitlab.
40:45 - 40:50

If I say "all", I really mean all, nearly
everything you can do with the web frontend
40:50 - 40:51

is covered by the API.
40:52 - 40:56

The API has an extensive documentation
in that link.
40:57 - 41:02

Ensure that you use the CE, for
"Community Edition", in the docs,
41:02 - 41:07

otherwise you will see features that
aren't available in our edition.
41:09 - 41:11

You can use it for everything.
41:12 - 41:17

Small hint, you often see the term
"namespace ID".
41:18 - 41:22

In nearly all cases, you can replace
the namespace ID with the path
41:22 - 41:27

of the project, of the thing, mostly
projects,
41:27 - 41:32

but if your project includes slashes,
which is nearly always the case,
41:32 - 41:41

you have to replace a slash with "%2F"
and you can use it as the namespace ID
41:41 - 41:47

so you don't have to look up every time
your IDs, you can just use names.
41:51 - 41:53

Some examples.
41:53 - 41:54

Get data about your user.
41:54 - 41:56

If you want to know ???
in your user,
41:56 - 41:58

you can just ask the API.
41:59 - 42:03

For every use of things that need
authentication,
42:03 - 42:05

you need to generate a private token,
which is easy,
42:06 - 42:10

just go to your profile and there's
a link to access tokens
42:10 - 42:12

and generate one for your usecase.
42:13 - 42:15

You can also add expiration dates.
42:17 - 42:21

Even if I use curl here, I can only
recommend to use a proper library.
42:22 - 42:25

Don't use curl, please do me a favor and
don't use curl.
42:26 - 42:31

There's a bunch of ???
flying around ??? curl
42:32 - 42:35

then they hit the first time pagination
or something like that,
42:35 - 42:37

and they start wondering why
it doesn't work.
42:40 - 42:43

There are Python libraries, Ruby libraries,
Perl libraries for Gitlab,
42:43 - 42:46

so we have everything in place that
you need.
42:47 - 42:50

What you can do too, create a repo
in your namespace.
42:50 - 42:53

If you do it that way, the repo will be
private.
42:53 - 42:56

Of course, there are parameters to create
a public repo,
42:56 - 42:59

but that means you have to read
the documentation.
43:06 - 43:10

List open merge requests of a project,
also easy,
43:10 - 43:14

just go to Projects, which is a namespace
for project-related stuff,
43:15 - 43:18

add your project, in my case it's
"AliothRewriter",
43:19 - 43:22

it's a merge request, ???
specific state
43:22 - 43:28

and you get a nice formatted JSON
to get nice JSON you can format
43:30 - 43:31

to list all your merge request.
43:32 - 43:33

So, I have to get to an end.
43:34 - 43:36

How to get support.
43:37 - 43:41

If you have any problems with alioth,
you can of course talk to me or to ganneff
43:43 - 43:47

The channel is still #alioth, and will
probably stay for some time.
43:50 - 43:55

You find us on IRC, you can ???
e-mail, salsa-admin@debian.org.
43:56 - 43:59

We also have an issue tracker, so if you
have a problem, open an issue
44:00 - 44:04

but please don't open upstream gitlab
stuff in our issue tracker.
44:04 - 44:06

If you have a problem with salsa, fine,
create a ticket.
44:07 - 44:10

If you have some problem with how Gitlab
is doing things,
44:10 - 44:14

or have found a bug in Gitlab, please
do us a favor and open those bugs
44:14 - 44:18

in the Gitlab issue tracker because it's
the same thing we would have to do,
44:19 - 44:21

and we won't ??? your bugs.
44:24 - 44:27

How we do it. If you're interested in
how we did those stuff,
44:28 - 44:32

we are all doing it unprivileged in git
on godard.debian.org,
44:32 - 44:35

and everything we do is automated
via ansible
44:36 - 44:41

and you find it in our ansible repository
in the salsa group on salsa.debian.org.
44:44 - 44:45

Who are we?
44:49 - 44:51

Salsa currently has 3 administrators:
44:51 - 44:57

Bastian Blank (waldi), Jörg Jaspert (ganneff)
here, and me.
45:03 - 45:05

My picture is gone.
45:06 - 45:09

What you would see here is a "thanks"
picture.
45:09 - 45:14

Thank you for your attention, and we have
maybe 1 or 2 minutes left for questions.
45:15 - 45:23

[Applause]
45:27 - 45:31

[Q] I have a quick question about SSO
going down.
45:31 - 45:34

Is SSO going down with alioth? On the first
of June?
45:34 - 45:35

[A] No, but…
45:36 - 45:39

As mentioned in the announcement,
I usually do wide annoucements
45:39 - 45:40

and I hope people read it.
45:41 - 45:48

I will back up authentication database
of alioth to ???.debian.org,
45:48 - 45:50

which is the host running SSO
45:51 - 45:57

and I will maintain those users by hand
until we have the new SSO backend ready.
45:58 - 46:02

[Q] So, if there's people going to
the registers of debconf, which are not
46:02 - 46:07

Debian Developpers, in Taiwan, can they
still register after the first of June, or not?
46:08 - 46:10

[A] They can, they can't SSO anymore
for registration,
46:10 - 46:14

but they did implement a second
authentication, but…
46:15 - 46:21

It's been 3 years since debconf doesn't
need SSO.
46:23 - 46:25

Any further questions on salsa?
46:30 - 46:33

[Q] I have a little question about salsa
at all.
46:34 - 46:40

There is some howtos, how to create
an account on salsa,
46:40 - 46:46

how to manipulate that account, create
repositories for example.
46:47 - 47:00

I mean, just for people who never came
to it, just use it. ??? documentation.
47:01 - 47:04

[A] Except for user registration, there's
nothing specific on salsa.debian.org,
47:04 - 47:10

so you can just use the gitlab documentation
which has videos, webcasts,
47:10 - 47:12

tutorials and so on.
47:12 - 47:16

Just use it, it's good documentation,
nearly everything is covered by it
47:17 - 47:19

and if you still have questions after that,
ask us.
47:20 - 47:23

If you have Debian-specific stuff, look
at the wiki.
47:24 - 47:30

wiki.debian.org/salsa/doc has nearly
everything, I hope, most things covered.
47:31 - 47:34

If not, tell us, and in the end it's a wiki
47:35 - 47:38

so if you find something or think it's
interesting for other people,
47:38 - 47:40

please, please add it to the wiki.
47:44 - 47:46

Any other questions?
47:49 - 47:50

Ok, everything's answered.
47:51 - 47:52

Thanks a lot again.
47:52 - 47:57

[Applause]

Title:: salsa.debian.org state of affairs
Description:: Talk given by Alexander Wirt at Minidebconf Hamburg 18
https://meetings-archive.debian.net/pub/debian-meetings/2018/miniconf-hamburg/2018-05-19/salsa.debian.org_state.webm

more » « less
Video Language:: English
Team:: Debconf
Project:: 2018_mini-debconf-hamburg
Duration:: 48:02

	tvincent edited English subtitles for salsa.debian.org state of affairs
	tvincent edited English subtitles for salsa.debian.org state of affairs
	tvincent edited English subtitles for salsa.debian.org state of affairs
	tvincent edited English subtitles for salsa.debian.org state of affairs
	tvincent edited English subtitles for salsa.debian.org state of affairs
	tvincent edited English subtitles for salsa.debian.org state of affairs
	tvincent edited English subtitles for salsa.debian.org state of affairs
	tvincent edited English subtitles for salsa.debian.org state of affairs

Show all

English subtitles

Incomplete

Revisions Compare revisions

Revision 15 Edited

tvincent
Revision 14 Uploaded

tvincent
Revision 13 Edited

tvincent
Revision 12 Edited

tvincent
Revision 11 Edited

tvincent
Revision 10 Edited

tvincent
Revision 9 Edited

tvincent
Revision 8 Edited

tvincent
Revision 7 Edited

tvincent
Revision 6 Edited

tvincent
Revision 5 Edited

tvincent
Revision 4 Edited

tvincent
Revision 3 Edited

tvincent
Revision 2 Edited

tvincent
Revision 1 Edited

tvincent

	Revision Number	Author	Created
	15	tvincent
	14	tvincent
	13	tvincent
	12	tvincent
	11	tvincent
	10	tvincent
	9	tvincent
	8	tvincent
	7	tvincent
	6	tvincent
	5	tvincent
	4	tvincent
	3	tvincent
	2	tvincent
	1	tvincent

salsa.debian.org state of affairs

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)