From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id B8046158092 for ; Tue, 14 Sep 2021 23:10:49 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 83145E0863; Tue, 14 Sep 2021 23:10:48 +0000 (UTC) Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 007B1E085E for ; Tue, 14 Sep 2021 23:10:47 +0000 (UTC) Received: by mail-ed1-x536.google.com with SMTP id c22so1230336edn.12 for ; Tue, 14 Sep 2021 16:10:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gentoo-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=6JcWZs2JKEiAStioqtVYrEYgMjhA0YApDN+2DOsiocQ=; b=pzRy/Sw9n2ZH1CJ2XQlcA3fSnYQSsJ94YzyOXwIr6jbjSUD4V7hqt2dISIDlGgNUbQ 0XHncHa62a+EI3rnqiR2Y0Ohpwr8iez3E1mtgi75turZjj3ppavVdbcqVZm40foV3GjV BEFvXzhoKpwBMGMjowKqZ0FJWqvCcY4kAQMuFVV0lKns4jk0kuEmTOKO/bkjke1fY04v 3ZHCsQZwilFmviCiZW+ENKR6r8vGtg958qd/2MaBZLpX+XcL9cgGgdZ2FrCmRxVBibkW xkVbSlbK88tcL5m34NasVJIp1EzBWGaWq6DE/lfClQ+UxCFVzcuM4hBUikIe/Wohz/C7 yjUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=6JcWZs2JKEiAStioqtVYrEYgMjhA0YApDN+2DOsiocQ=; b=lqijmacOvzTcyXbdmwthvzVhjn7q0pAye2WeJvWtsx0h0ap0o/4Y2Cl4mTOptGpVuq n5zwm6BIqqMqtqsW0JB/rh9vth1AlMyGI2Ru/sJdBHqxoLQgTeFP59URSLnETY4mu+Ue dV+qM88YGqR0raGMnwaQdbjZqm8Pgt625nUhv93Wcl/xXSI9Otw/rCl4EZktinKmr7Kt a7RufeMMM46qdFik57sNvXpFphPkqYX4iVmmll5RkZYDX5E8Dd7IioGEMmP4y4S7QkLy oSH+8Etn1zwuKvDwyw1o+DJckIjk/rFccxID0+hS+Tl1qfwnn6Dsiqf8QQed6ws0HZQY oqDw== X-Gm-Message-State: AOAM530f/X02AZ8uvO9MXy5L8ICW5OVyaFUW20noKHksVGUW6pbzLjta pIkn7Ey9h3KxcAoaT2dB0US1M3McX2J/g13edRHuFJu9BCqBjZ5k X-Google-Smtp-Source: ABdhPJyZTqhtYXN+V8CgqzUvlrIIWncyOgkxeZ7oithD7/VYB8h+mQbRTtL+317RjWe2DNbkQSl0X2S8++NlbTn6j9A= X-Received: by 2002:a50:ce44:: with SMTP id k4mr22057629edj.375.1631661046240; Tue, 14 Sep 2021 16:10:46 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 From: Alec Warner Date: Tue, 14 Sep 2021 16:10:35 -0700 Message-ID: Subject: [gentoo-project] Celebrating three infra milestones in 2021 To: gentoo-project Content-Type: text/plain; charset="UTF-8" X-Archives-Salt: 9af7b67b-84de-4210-921a-46665f7f2272 X-Archives-Hash: 838748f70f5794a0a2c50c359462e4b7 * Ganeti Upgrade to geneti-3 series (python2.7 deprecation.) * Removal of cfengine2 from the fleet. * openssl upgrade to a supported version Infra ran cfengine-2 based configuration management since the early 00's (inherited from the OSL). While we have been deploying new services in puppet, a number of services remained in cfengine. We never upgraded to cfengine3, leaving us on an old codebase that lacked support for newer openssl versions. Due to this, we had been stuck on openssl-1.0.2u (released Dec 2019.) However we closed the cfengine repo (and completed the migration to puppet) on August 19th 2021. This enabled us to begin the openssl upgrade in earnest. That upgrade was completed today; and the fleet is now in a recent openssl version[0]. Similarly we had been running a ganeti-2 series ganeti cluster for about 10 years and this too needed an upgrade to a supported ganeti version. This was completed a couple of weeks ago and unblocked our python2.X deprecation efforts, and we can now continue the migration to the python-3 series. ganeti: Thanks goes to robbat2 for getting the ganeti-3 ebuilds to build and testing and deploying the cluster. cfengine: Thanks to robbat2 and antarus for porting the last of the services to puppet; allowing us to turn off cfengine. openssl: Thanks to sam, jmbsvicetto, robbat2, and antarus for doing the upgrades and helping with exciting dependency problems. -A [0] Running an old openssl and old python caused numerous exciting upgrade problems for us; it also made it difficult to apply all GSLA fixes, so these were big priorities for us this year.