Fedora Infrastructure Hackathon 2017
Last week, hot on the heels of my trip to Boston for Red Hat Summit, I attended the 2017 Edition Fedora Infrastructure Hackathon. The primary goal of the Hackathon was to make a lot of progress in a relatively short amount of time on defining Fedora Infrastructure requirements necessary to support upcoming Fedora Project objectives, as defined by the Council and FESCo, and doing work to satisfy those requirements. In some cases this was simply "define policies around how this should work with the infrastructure", but in most it scenarios is meant digging in and doing work such as patching multiple code bases to support new AuthN/AuthZ protocols and providers, deploying net-new infrastructure services, or even bringing up services in a new datacenter hosted by a fellow Open Source Community Project in order to leverage newly donated hardware. We'll cover all of that in the recap of the journey below.
It all started Monday 2017-05-08, we were hosted graciously in the Red Hat Tower, which as a proud Red Hatter and overall Red Hat fanboi it was extremely cool to get to spend a week there, and worked as hard as we could to get a lot done in about 4.5 days (Monday-Friday, but most people had to travel home on Friday evening). Representative members of various aspects of the Fedora Community were in attendance, the obvious Fedora Infrastructure Team was well represented, but also Fedora QA, Fedora Modularity, Fedora Atomic CI, CentOS, and Fedora RelEng.
Things kicked off by defining an agenda, all notes held in a Gobby Doc. We effectively came up with a loose fitting outline of the following:
AuthN / AuthZ - FAS, FreeIPA, CommunityIPA, Ipsilon, CentOS Infra overlap
OpenShift in the AM, CI in the PM
Hack sessions on OpenShift and CI (break out into teams)
Breakout hack sessions and wrap up
Things started off with Patrick explaining many aspects of various AuthN/AuthZ protocols and technologies that are currently in use within the Fedora Infrastructure as well as migration plans to bring systems and services using older technology in line with newer technologies. There were discussions focused around Fedora Authentication, OAuth2, Kerberos, OpenID, OpenID Connect, FreeIPA, FAS2, and how different Fedora Apps are using different combinations of these technologies. From there and identification of what apps need to be ported away from older technologies was done along with work assigned to people in the room with the intent of accomplishing these tasks over the next few days (and beyond, if necessary).
Something that's come up a lot in recent history within the Fedora Infrastructure is database high availability. The Fedora Infrastructure Team already maintains a high level of best practices around database administration but being able to do maintenance with extremely minimal or zero downtime to the database servers is an extremely nice-to-have. Therefore a section of time was dedicated to working through an approach to roll out Postgres BDR for certain applications in the Fedora Infrastructure.
App Porting and Libraries
The Fedora Apps developers in the room had a some targeted breakout session focusing on porting old Fedora web applications away from outdated or no longer recommended libraries and frameworks in order to bring more uniformity to how the applications are developed and maintained, but also make them easier to support by reigning in the spread of tooling required by the group to have to follow along with upstream developments.
Members from the Fedora Modularity Team presented on the Module Build Service and Arbitrary Branching concept in order to discuss integration points into the Fedora Infrastructure's existing systems. This was a lot of discussion that resulted in documentation of processes, identification of issues to resolve, and establishing a realistic timeline for a phased approach to accomplish these tasks.
The Fedora Infrastructure Team is always trying to make the most out of the hardware that it has, and as such has been evaluating container technologies for use in the Infrastructure. Recently an evaluation of OpenShift began and the decision was made to move forward with using it for applications within Fedora. During this session we worked through a series of questions about OpenShift as they would pertain to a production deployment and had the good fortune of being able to ask for best practices and general recommendations from the OpenShift Online Ops Team. We then formulated a plan to have an OpenShift Environment up and running fully automated with Ansible Playbooks (based on openshift-ansible and ansible-ansible-openshift-ansible) in stage by the end of the week. We were successful in this endeavor but are waiting on a certificate for new domain names.
Next up we hear from a group within Fedora who are taking on the massive task of attempting to perform Continuous Integration on the entire Fedora Operating System. Alright, maybe not the entire set of packages but they are targeting an installable Fedora Operating System via Fedora Atomic Host. For more information, check out the Fedora Atomic CI wiki page.
During this working session we were joined by our good friends from the CentOS team because they were graciously offering up hardware resources in their very own CentOS CI environment. There was a lot of work done here in the initial days discussion around how to tie the two infrastructures together as well as bridge things like account systems and grant appropriate permissions throughout. Action items were tackled as the week continued.
We met at the end of the week for a short time before most folks departed to
travel home and tallied up the score. All in all we accomplished all but one of
the objectives we set out for the hack days and the one that wasn't had
progress made on it but it was too large a piece of work to accomplish in just
a couple days and is still being worked on at this time. There's all sorts of
great info on the Fedora Infrastructure Hackathon wiki page for anyone who's
interested in digging into the details (also, check the
CI-Infrastructure-Hackathon-2017 Gobby Doc for a pay-by-play).
It was absolutely fantastic to get so many members of the Fedora Community into one room and hack on things. It's also great just to get to spend time hanging out with everyone since we rarely see one another in person. I'm even more excited about Flock 2017 than I was before!
Until next time...