owned this note
owned this note
Published
Linked with GitHub
# CentOS Hyperscale SIG meetup @ Dojo/DevConf.US 2022
This is a live document for the CentOS Hyperscale SIG meetup [event](https://www.eventbrite.com/e/centos-hyperscale-sig-meetup-dojodevconfus-2022-tickets-384259589777) co-located with Dojo and DevConf.US 2022.
## Venue
When: Aug 16 9am-5pm EDT
Where:
- in person: Boston University, George Sherman Union, conference room GSU 310 on the 3rd floor
- online: [Zoom invite](https://us06web.zoom.us/j/88941044761?pwd=SUdVUkJ3a0ZxWEN4MW9PK2VVNjc5dz09), meeting id is 889 4104 4761 and passcode is 771994
## Topics
Add things here that you want to discuss; conversely, we'll add topics that come up as the meetup progresses.
### systemd
- selinux stuff
- currently broken: https://pagure.io/centos-sig-hyperscale/package-bugs/issue/15
- need CI for regression testing: spin up a VM, install our package, check that is works; probably wait for the duffy replacement thing
- we need cloud-init support first
- generally in good shape, Meta committed to long term support
### cloud-init
- missing selinux support, davdunc interested in adding it: https://pagure.io/centos-sig-hyperscale/sig/issue/126
### kernel
- need to unfuck build process for el8, Neal will look into it: https://pagure.io/centos-sig-hyperscale/package-bugs/issue/19
- will keep supporting el8 up to the EOL
- still stuck in experimental until we have secure boot
- follow up to see if anyone is actually using the aarch64 stuff
### Image builds
- need kiwi support in cbs: https://pagure.io/centos-infra/issue/696
- open to moving to osbuild long term if/when it becomes viable
- work with alternate images sig
#### Live media
- C8 needs livemedia-tools; we will keep C8 images as "experimental" going forward, not worth porting to kiwi at this point
- will use kiwi for C9
#### Cloud image builds
- should already work with kiwi
- we'll just do C9 unless someone asks for C8 and volunteers to do the work
- need e2e testing, look into avocado: https://avocado-framework.readthedocs.io
- large: openstack, ec2, gcp, azure
- small: linode, digital ocean, vultr, hetzner, operate first
- vsphere? build images, need to figure out testing
- oracle? need OSS client tools first
- ibm: need OSS client tools first
### mkosi
- reproducible support in progress
- need a koji plugin to be used in image build flows
- Daan, Neal to scope this
- Meta will look into doing this as an intern project
### OpenShift
- start engaging with cloud sig and okd
- need ability to swap OS variants without a rebuild
- davdunc to write a plan/position document to start engagement
### btrfs transactional updates
- postponed after dnf5
- planning to backport dnf5 around/after F39
### SIG housekeeping
- go over open issues and discuss status/prioritiation/etc
- comms: what is working, what isn't, what should we change
### reproducible builds
- rpm already has knobs for this
```
%source_date_epoch_from_changelog 1
%clamp_mtime_to_source_date_epoch 1
%use_source_date_epoch_as_buildtime 1
%_buildhost fedorabuilder
```
- most of the build process in Fedora is already there, bitwise needs work
- stuff to do
- build host is currently embedded in the package header
- timestamps
- randomness seeds (would require VM builders support in koji)
- something to test whether things are actually reproducible
- suse has something for this, Neal to talk to them
- write Change for F38 to get rpm macros turned on
- davdunc will write this
### CI improvements
- scratch builds for automate package update notifications
- e2e tests spinning up VMs
- will-it: https://pagure.io/centos-sig-hyperscale/sig/issue/119
### vendor packaging best practices
- rpminspect/rpmlint ruleset
- fedora packaging guideline
- sha256
- gpg sign not from a random person
- need an equivalent for yum repos too (check for signed metadata, etc)
- "in a box solution" for testing and building (container, VM, etc) that we can give the vendor