Fedora Infrastructure Hackathon 2017

AuthN/AuthZ

Things started off with Patrick explaining many aspects of various AuthN/AuthZ protocols and technologies that are currently in use within the Fedora Infrastructure as well as migration plans to bring systems and services using older technology in line with newer technologies. There were discussions focused around Fedora Authentication, OAuth2, Kerberos, OpenID, OpenID Connect, FreeIPA, FAS2, and how different Fedora Apps are using different combinations of these technologies. From there and identification of what apps need to be ported away from older technologies was done along with work assigned to people in the room with the intent of accomplishing these tasks over the next few days (and beyond, if necessary).

Bi-Directional Replication

Something that's come up a lot in recent history within the Fedora Infrastructure is database high availability. The Fedora Infrastructure Team already maintains a high level of best practices around database administration but being able to do maintenance with extremely minimal or zero downtime to the database servers is an extremely nice-to-have. Therefore a section of time was dedicated to working through an approach to roll out Postgres BDR for certain applications in the Fedora Infrastructure.

App Porting and Libraries

The Fedora Apps developers in the room had a some targeted breakout session focusing on porting old Fedora web applications away from outdated or no longer recommended libraries and frameworks in order to bring more uniformity to how the applications are developed and maintained, but also make them easier to support by reigning in the spread of tooling required by the group to have to follow along with upstream developments.

Modularity

Members from the Fedora Modularity Team presented on the Module Build Service and Arbitrary Branching concept in order to discuss integration points into the Fedora Infrastructure's existing systems. This was a lot of discussion that resulted in documentation of processes, identification of issues to resolve, and establishing a realistic timeline for a phased approach to accomplish these tasks.

OpenShift

The Fedora Infrastructure Team is always trying to make the most out of the hardware that it has, and as such has been evaluating container technologies for use in the Infrastructure. Recently an evaluation of OpenShift began and the decision was made to move forward with using it for applications within Fedora. During this session we worked through a series of questions about OpenShift as they would pertain to a production deployment and had the good fortune of being able to ask for best practices and general recommendations from the OpenShift Online Ops Team. We then formulated a plan to have an OpenShift Environment up and running fully automated with Ansible Playbooks (based on openshift-ansible and ansible-ansible-openshift-ansible) in stage by the end of the week. We were successful in this endeavor but are waiting on a certificate for new domain names.

Continuous Integration

Next up we hear from a group within Fedora who are taking on the massive task of attempting to perform Continuous Integration on the entire Fedora Operating System. Alright, maybe not the entire set of packages but they are targeting an installable Fedora Operating System via Fedora Atomic Host. For more information, check out the Fedora Atomic CI wiki page.

During this working session we were joined by our good friends from the CentOS team because they were graciously offering up hardware resources in their very own CentOS CI environment. There was a lot of work done here in the initial days discussion around how to tie the two infrastructures together as well as bridge things like account systems and grant appropriate permissions throughout. Action items were tackled as the week continued.