Re: Next team meeting: Wed Jul 14 @19:00UTC

To: debian-cloud@lists.debian.org
Subject: Re: Next team meeting: Wed Jul 14 @19:00UTC
From: Ross Vandegrift <rvandegrift@debian.org>
Date: Wed, 14 Jul 2021 23:13:09 -0700
Message-id: <[🔎] 20210715061309.v36o2nev4fvt7e5b@stgulik>
In-reply-to: <[🔎] 20210712013543.adxtr2bhjjbrog2w@stgulik>
References: <[🔎] 20210712013543.adxtr2bhjjbrog2w@stgulik>

Here are my notes on today's meeting:

casulana.d.o status
-------------------

The top issue is that casulana is out of commission.  As a result, we're unable
to do any official image builds.  A case is open for repair, but we don't know
when it will be complete.

Previously, we discussed using petterson as another build host.  Bastian
thought there might be some challenges with additional setup required.  But it
looks like the required setup may be complete.  See [1] for details.

Since the images are copied from casulana -> petterson for cdimage.d.o
distribution, this might be a good long-term change anyhow.

salsa secret storage
--------------------

Bastian raised an issue with the present state of salsa's secret storage.  An
arbitrary file read bug may expose secrets.  For now, the public cloud secrets
used for uploads have been disabled or revoked.  This means that our image
builds cannot complete successfully even if the above issues are resolved.  The
bug is not believed to affect runner credentials.

Since the bullseye release is close, a short-term solution may be needed.  If
required, Bastian has agreed to issue new credentials, trigger the builds, and
then revoke them after completion.

A longer term solution is still required.

Public AWS SSM parameters
-------------------------

AWS Secure Systems Manager (SSM) has added public parameters to help users find
pre-loaded images for EC2.  Noah reported that our access has been setup, and
we should be able to publish data on the Debian AMIs that we upload.  No data
been published yet though.

For more information see [2].

AWS hosted docker images
------------------------

Debian images are now available on Amazon's public image gallery [3].  If
Docker Hub's image pull rate limits have caused you pain, this may be a useful
alternative.

There are a few outstanding issues, but basic functionality is working.  Thanks
to Tianon Gravi for providing this!


Thanks,
Ross

[1] https://rt.debian.org/Ticket/Display.html?id=7826
[2] https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters.html
[3] https://gallery.ecr.aws/debian/

Reply to:

References:
- Next team meeting: Wed Jul 14 @19:00UTC
  - From: Ross Vandegrift <rvandegrift@debian.org>

Prev by Date: Next team meeting: Wed Jul 14 @19:00UTC
Next by Date: manage_etc_hosts: true
Previous by thread: Next team meeting: Wed Jul 14 @19:00UTC
Next by thread: manage_etc_hosts: true
Index(es):
- Date
- Thread