Hi all, today in the evening there was a meeting to discuss the current state of the openSUSE infrastructure. It was "initiated" by the openSUSE heroes and was meant to sync on current challenges and find ways to improve collaboration between SUSE and the openSUSE heroes. We've taken some notes during this meeting and would like to share them with you publicly. Its only a plain text dump and not very well formatted (it is structured, though). You'll find the original Etherpad here [1]. We agreed upon on some action items, so we will take small steps towards a better openSUSE infrastructure. Obviously there is still a lot of work left to do, and we couldn't solve all topics being discussed. Further meetings are planned in the future. Feel free to ask for more details, etc.. Also some of this might be discussed in the next heroes meeting (on Oct 1). Best regards, Karol Babioch --- Topics - Bare metal access - Bugzilla and services provided by MF IT - Available ressources to get out of firefighting mode - login - GDPR -- data processing catalogue and DP statements - [Responsibilities: EngInfra vs. heroes, reality vs expectations] Attendees - Christian Boltz - Per Jessen - Kurt Garloff - Martin Caj - Ricardo Klein - Karol Babioch Bare Metal Access Current issue: Shared infrastructure for openSUSE and SUSE assets Cannot provide access to community (non employees) with current mode of operation Split infrastructure (openSUSE vs. SUSE) Self-service infrastructure (Cloud, etc.) Prohibitive cost (for compute intese workloads)? Rough estimates: 4k$/m (AWS) - https://calculator.s3.amazonaws.com/index.html#key=calc-4BB503BF-BDAE-4EDE-A14F-892CA05A6EE5&r=FRA&s=EC2 Concerns about service levels -- probably not a real issue Open-source platform would be better -- OTC / OVH / CityNetwork (all european public OpenStack Cloud providers)? Keep Core services in SUSE? Two places may create challenges Setup internal SUSE OpenStack Cloud env hosting an openSUSE tenant (alongside other tenants)? Best solution <= VISION Would need semi-public access to API/Dashboard and Floating IPs Also needs storage system (ideally dedicated for this cloud) Might become easier with external sponsorships in an independent openSUSE Foundation -- but may take another year? Also needs SUSE operations manpower ... Unrelated: Not enough manpower to maintain the VMs either Not enough heroes with enough time Available resources to get out of firefighting mode Two backfill positions posted (Theo, Thorsten) get more resources within the engineering infrastructure team Prague is very difficult slightly better now after summer Recruiting through personal connections Team now shares the load instead of having dedicated persons that are the only ones with knowledge and access Ricardo joined team recently, getting up to speed, very eager to help openSUSE CaaS Platform Fixing is WIP Commitment to keep supporting from CaaS team Currently used for learning, testing not really for providing production level services Attracting new heroes requires advanced technology to play with? Darix and Lars have built a lot of infra, not currently contributing any more personal issue may be resolved by involved persons no longer being involved? AI Karol: Speak to the both of them More commitment (in terms of FTEs) from SUSE? Also in other teams (not only EngInfra?) Bugzilla and services provided by MF IT What will the login provider be in the future? Novell eDirectory will be shut down - solution will be needed by then (otherwise SUSE goes out of business ;-)) Currently SUSE is evaluating different identity management solutions internally (for SUSE's own needs) No final decisions has been made Needs to happen within the next couple of weeks openSUSE will be affected by whatever happens to the "customer" tree DNS provided by FreeIPA Transition from MF-IT to ACN on AWS should not change the approach (zone-transfer from FreeIPA) bugzilla will be migrated to SUSE via Lift&Shift SUSE-internal move towards JIRA+Confluence - unsure whether at some point openSUSE needs to consider this AI: EngInfra -> Let openSUSE board / heroes / community know once there is a decision on which system will be used GDPR -- data processing catalogue and DP statements We are processing PII (Personally Identifiable Information) -- SUSE is the data holder for openSUSE We lack a good overview of what is handled where and how Occasional requests cause a lot of manual fiddling We need to look at this service by service to document this Create a template once Fill it service by service Ensure that this is done when establishing new services Best knowledge is in handover docs from Theo + Thorsten (AI: EngInfra) Can be shared (-> put this on openSUSE heroes wiki) Start documentation process (AI: EngInfra) [Responsibilities: EngInfra vs. heroes, reality vs expectations] EngInfra team cannot meet all expectations (understaffed, many other responsibilities) Board / Gerald should re-visit SLA with SUSE (it is outdated and does not reflect reality) - refresh Lots of VMs / services are not well maintained VMs to be de-commissioned AI: Christian will double-check and send us a list / assign tickets to us Backup Lack of proper backup & restore strategy, needs to be worked out Situation of snapshots of VMs on storage backend is unclear (need to verify) [AI: EngInfra] Heroes meeting event No specific plans for an upcoming heroes meeting event AI: Karol will ask some questions to figure out whether this might be an option (budget, facilities, etc. pp.)