#94: Producing Updated Cloud/Atomic Images ------------------------------+--------------------- Reporter: dustymabe | Owner: Type: task | Status: new Priority: normal | Milestone: Future Component: Cloud Base Image | Keywords: meeting ------------------------------+--------------------- We need to finalize our policy around producing updated images and then start doing it.
Right now we have loosely decided to release new images once a month or whenever security updates require it.
Additionally, as part of this we should also decide on a policy that determines when we stop updating images for a particular release. I imagine that we don't want to be producing updated images for Fedora X, Y, and Z all at the same time. Ideally we would only be producing updated images for the current/latest major version.
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------ Changes (by roshi):
* status: new => assigned * owner: => oddshocks
Comment:
For this, we need to figure out a couple things: - Cadence (I think monthly was discussed on list) - Who's going to file tickets with websites to update ids on getfedora.org/cloud - Are we updating the whole image, or just somethings - What does releng need from us in order to kick off the builds - ... (I'm sure there's more here)
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by oddshocks):
I sent an email to rel-eng[1] and spoke briefly with dgilmore. The releng process for this is on his to-do list. Ultimately, for an updated build, we'll file a ticket with releng, who will make the build and post it to staging. From there, QA will be pushing it live.
[1]: https://lists.fedoraproject.org/pipermail/rel- eng/2015-February/019274.html
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by oddshocks):
And FWIW, I'm cool with being the guy to file the ticket with the new AMI IDs.
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------ Changes (by robyduck):
* cc: robyduck@… (added)
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by oddshocks):
Just noting[1], and that there's apparently been progress some sort of script Dennis has developed to help facilitate this process.
[1]: https://fedorahosted.org/rel-eng/ticket/6098#comment:6
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------ Changes (by kparal):
* cc: kparal@… (added)
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by oddshocks):
To keep everyone updated:
At the Cloud team meeting yesterday, it was determined that the ball is now in our (Cloud's) court at this point. I spoke to Kushal about this means for us. Until we formalize this updates process (possibly next month), the process is something like:
1. Test images 2. Fix any issues 3. Wait for next nightly build 4. Repeat 1-3 until satisfied 5. Ask rel-eng to build a new tree and build the image
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by dustymabe):
So the ball is in our court and we have everything we need (as far as I know). We have decided a few things in the meeting today:
1 - Since it is so late in F21 we will start doing this for F22 rather than start now in F21. 2 - We will initially only release updated images for the "current" release. Meaning as soon as F23 comes out we will no longer release updated images for F22.
If this model doesn't turn out to be good we can vote to change it.
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: closed Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: fixed Keywords: meeting | ------------------------------+------------------------ Changes (by roshi):
* status: assigned => closed * resolution: => fixed
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: reopened Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------ Changes (by dustymabe):
* resolution: fixed => * status: closed => reopened
Comment:
opening back up and tagging with 'meeting' since F22 has been released. Now we can actually go through the process of releasing images with updates.
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: reopened Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by dustymabe):
We are going to try to get an updated image out at the end of the month and do this monthly for F22. Lets target maybe thursday 06/25 for the release of the updated images.
Here are some things that I would like to target for the first image update:
- put out qcow2 v2 formatted image - Fix selinux policy for dnf/cloud-init BZ#1227484 [1] - include updated packages. - cockpit resolution for atomic [2]
[1] - https://bugzilla.redhat.com/show_bug.cgi?id=1227484 [2] - https://fedorahosted.org/cloud/ticket/105
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: reopened Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by dustymabe):
Two other bugs to consider as blockers for atomic:
https://bugzilla.redhat.com/show_bug.cgi?id=1219700 https://bugzilla.redhat.com/show_bug.cgi?id=1219871
There is a new nfs-utils package out can we get some karma please: https://admin.fedoraproject.org/updates/nfs-utils-1.3.2-7.fc22
walters is there any more to these two bugs than the updated nfs-utils package?
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: reopened Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by walters):
https://lists.projectatomic.io/projectatomic- archives/atomic/2015-June/msg00001.html is also critical to get in. Should just happen when a respin of images happens.
For NFS, I believe that update should work once it gets karma but I didn't retest.
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: reopened Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by dustymabe):
For "put out qcow2 v2 formatted image" there is this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1226979
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: reopened Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by mattdm):
See: https://fedoraproject.org/wiki/Changes/Two_Week_Atomic
While this proposed change covers just the Atomic image, basically the same thing could work for Cloud Base images as well (and Docker base image). It might be nice to add a layer of human testing to those, however — perhaps integration with Bodhi?
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: reopened Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by kushal):
Opened a ticket with rel-eng for the first set of updated cloud images.
https://fedorahosted.org/rel-eng/ticket/6219
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: reopened Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by walters):
Might consider waiting to pull in: https://admin.fedoraproject.org/updates/libuser-0.62-1.fc22
It's an easily exploitable local root escalation in the default install.
#94: Producing Updated Cloud/Atomic Images ------------------------------+------------------------ Reporter: dustymabe | Owner: oddshocks Type: task | Status: reopened Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+------------------------
Comment (by walters):
What is the status on this? Does someone own this?
#94: Producing Updated Cloud/Atomic Images ------------------------------+----------------------- Reporter: dustymabe | Owner: kushal Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+----------------------- Changes (by mattdm):
* owner: oddshocks => kushal * status: reopened => assigned
Comment:
Kushal just mentioned this morning that this is something he is and or did work on. Reassigning to Kushal and he can fill in details.
#94: Producing Updated Cloud/Atomic Images ------------------------------+----------------------- Reporter: dustymabe | Owner: kushal Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+-----------------------
Comment (by walters):
This is still outstanding, right?
#94: Producing Updated Cloud/Atomic Images ------------------------------+----------------------- Reporter: dustymabe | Owner: kushal Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+-----------------------
Comment (by dustymabe):
Replying to [comment:20 walters]:
This is still outstanding, right?
Walters.. correct. We discussed this at the meeting today and decided to concentrate on the F23 release for now and use the infrastructure that was built for this to produce updated images for F23 and onward. Since F23 is a little over a month away I think this is reasonable.
Thoughts?
#94: Producing Updated Cloud/Atomic Images ------------------------------+----------------------- Reporter: dustymabe | Owner: kushal Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+-----------------------
Comment (by dustymabe):
in the meeting today we decided that f23 is a reasonable goal. the short summary is that the infrastructure is in place for this all we need to do is start testing and releasing images on a cadence, which we will do after f23 release.
#94: Producing Updated Cloud/Atomic Images ------------------------------+----------------------- Reporter: dustymabe | Owner: kushal Type: task | Status: assigned Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: Keywords: meeting | ------------------------------+-----------------------
Comment (by mattdm):
The atomic two week images updated plan approved by FESCo: https://fedorahosted.org/fesco/ticket/1452
#94: Producing Updated Cloud/Atomic Images ------------------------------+--------------------- Reporter: dustymabe | Owner: kushal Type: task | Status: closed Priority: normal | Milestone: Future Component: Cloud Base Image | Resolution: fixed Keywords: meeting | ------------------------------+--------------------- Changes (by dustymabe):
* status: assigned => closed * resolution: => fixed
Comment:
Closing in favor of https://fedorahosted.org/cloud/ticket/138 https://fedorahosted.org/cloud/ticket/139
cloud@lists.stg.fedoraproject.org