Infrastructure/infra-docs-fpo
5
0
Fork 0
Code Issues 100 Pull requests 5 Projects Releases Packages Wiki Activity Actions

Start EPEL10+ minor branching draft

Browse source 
Signed-off-by: Diego Herrera <dherrera@redhat.com>
This commit is contained in:
Diego Herrera 2025-03-10 14:21:08 -03:00
parent 3e0e8d3a85
commit 3e55f5c776
2 changed files with 285 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/ROOT/nav.adoc
View file

@ -41,6 +41,7 @@
*** xref:release_guide:sop_file_ftbfs.adoc[File FTBFS bugs]
*** xref:release_guide:mass_branching_checklist.adoc[Mass Branching Checklist]
*** xref:release_guide:sop_mass_branching.adoc[Mass Branching]
*** xref:release_guide:sop_epel_minor_mass_branching.adoc[EPEL Minor Version Mass Branching]
*** xref:release_guide:beta_freeze.adoc[Beta freeze and updates-testing activation]
*** xref:release_guide:beta_RC_compose.adoc[Beta RC compose]
*** xref:release_guide:beta_release.adoc[Beta release]

284
modules/release_guide/pages/sop_epel_minor_mass_branching.adoc Normal file
View file

@ -0,0 +1,284 @@
include::_partials/attributes.adoc[]
= EPEL Minor Version Mass Branching
== Description
WARNING: TODO: Talk about the minor branching process
== Send announcement
One day before the mass branching, we send out announcemt because during mass branching,
new koji builds for rawhide are disabled.
== Disable EPEL10 builds in koji
<Same as in Fedora, rules are firewall rules are applied to stop submissions to koji>.
WARNING: TODO: Check if they are the same servers and if it will imply an outage for Fedora too.
The recommended method to achieve this is by adding firewall rules to both koji01 and koji02 servers, effectively blocking connections from proxy01 and proxy10. This can be achieved with the following iptables commands:
[source,bash,subs="attributes"]
----
iptables -I INPUT -m tcp -p tcp --dport 80 -s proxy01.iad2.fedoraproject.org -j REJECT
iptables -I INPUT -m tcp -p tcp --dport 80 -s proxy10.iad2.fedoraproject.org -j REJECT
----
These commands reject incoming traffic on port 80 from the specified proxies, preventing external submissions. Internal connections routed via proxy101 and proxy110 will continue to function as expected.
To reverse the firewall changes and allow external submissions again, use:
[source,bash,subs="attributes"]
----
iptables -D INPUT -m tcp -p tcp --dport 80 -s proxy01.iad2.fedoraproject.org -j REJECT
iptables -D INPUT -m tcp -p tcp --dport 80 -s proxy10.iad2.fedoraproject.org -j REJECT
----
This change should be implemented on both koji01 and koji02 machine.
=== Cancel all running build for EPEL10
List all running tasks and select only those relevant for current branching.
WARNING: TODO: Check if grep requires to filter minor commits.
[source,bash,subs="attributes"]
----
$ koji list-builds --state=0 --type=rpm | grep epel10 | awk '{print $1}'
----
Cancel each of those tasks
```
$ koji cancel <build>
```
== dist-git
Now we need to update dist-git in two steps:
* Create the new branch in git
* Update the gitolite.conf to allow user to push to this new branch
For both of these actions you will need the file generated by pdc above.
=== Create the git branches
On `pkgs01.stg` (for testing) or `pkgs02` (for production), run:
[WARNING]
====
TODO:
* Check if this works for EPEL.
* Check how to generate input file, since we are not using pdc
====
```
$ sudo -u pagure python /usr/local/bin/mass-branching-git.py <new branch name> <input file>
```
Where `<new branch name>` will be like `epel10.<new minor>` and the
`<input file>` the path to the file generated by pdc above.
== Ansible
Apps in https://pagure.io/fedora-infra/ansible[ansible] need to be updated to be aware of a new branch.
=== Bodhi
WARNING: TODO: Associate epel10 to the new minor
Bodhi needs to be updated to add new release. This needs to be done in
https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2[bodhi2 role] in
infra ansible repo. This change includes, updating `koji-sync-listener.py`,
`new-updates-sync`, pungi configs for rpm updates, bodhi templates.
* `roles/bodhi2/backend/files/new-updates-sync`
* `roles/bodhi2/backend/tasks/main.yml`
* `roles/bodhi2/backend/templates/pungi.rpm.conf.j2`
* `roles/bodhi2/backend/templates/koji_sync_listener.toml`
Please check these files from the https://pagure.io/fedora-infra/ansible/c/549e5d3ace41c04fdbef9d81f359f16c2fe0c2fa?branch=main[commit] for your reference.
== Toddlers
WARNING: TODO: Check if any of these apply for EPEL10
=== Add new SLA to the toddlers App
Use https://pagure.io/fedora-infra/ansible/pull-request/1527[this PR] for reference and add new version to the config.
=== Fedora Branched
. Set https://pagure.io/fedora-infra/ansible/blob/main/f/vars/all/FedoraBranched.yaml[FedoraBranched] to True.
. Set https://pagure.io/fedora-infra/ansible/blob/main/f/vars/all/FedoraBranchedBodhi.yaml[FedoraBranchedBodhi] to preenable.
Please check the file `FedoraBranched.yaml` and `FedoraBranchedBodhi.yaml` from the https://pagure.io/fedora-infra/ansible/c/549e5d3ace41c04fdbef9d81f359f16c2fe0c2fa?branch=main[commit] for your reference.
=== Koji hub
Update the koji hub config to allow side tags for new koji rawhide (currently f{rawhide}) tag.
Please check the file `roles/koji_hub/templates/hub.conf.j2` from the https://pagure.io/fedora-infra/ansible/c/549e5d3ace41c04fdbef9d81f359f16c2fe0c2fa?branch=main[commit] for your reference.
=== Push the changes
When done editing the files, commit, push and apply them via the corresponding
ansible playbook:
```
$ sudo rbac-playbook groups/koji-hub.yml
$ sudo rbac-playbook groups/releng-compose.yml
$ sudo rbac-playbook groups/bodhi-backend.yml
$ sudo rbac-playbook openshift-apps/greenwave.yml
$ sudo -i ansible-playbook /srv/web/infra/ansible/playbooks/$ groups/proxies.yml -t pkgdb2
$ sudo rbac-playbook groups/mbs.yml -t mbs
```
Ask someone in fedora infra to run the robosignatory playbook.
== Koji
WARNING: TODO: Check if any of these applies for EPEL10
The koji build system needs to have some tag/target work done to handle
builds from the new branch and to update where builds from rawhide go.
Run
https://pagure.io/releng/blob/main/f/scripts/branching/make-koji-release-tags[make-koji-release-tags]
script in https://pagure.io/releng[pagure releng] repo
== Bodhi
=== Linking Empty Repos
WARNING: TODO: Check if any of this applies for EPEL10
We need to link empty repos so that new-updates-sync wont complain about
missing repos. The following commands should be run on
*bodhi-backend01.phx2.fedoraproject.org*
[source,bash,subs="attributes"]
----
$ sudo ln -s /mnt/koji/compose/updates/empty-repo/ /mnt/koji/compose/updates/f{branched}-updates
$ sudo ln -s /mnt/koji/compose/updates/empty-repo/ /mnt/koji/compose/updates/f{branched}-updates-testing
----
=== Creating Empty Repos
WARNING: TODO: Check if any of this applies for EPEL10
To create empty repos on the master mirror, run
https://pagure.io/releng/blob/main/f/scripts/branching/create_empty_repos.sh[create_emtpy_repos.sh]
from https://pagure.io/releng[pagure releng] repo. This should be run on
*bodhi-backend01.phx2.fedoraproject.org*
[source,bash,subs="attributes"]
----
$ sudo -u ftpsync sh scripts/branching/create_empty_repos.sh {branched}
----
[NOTE]
====
Update the link in /mnt/koji/repos/rawhide/latest as per https://pagure.io/releng/issue/12255.
====
[NOTE]
====
Please verify the repo permissions that are created under
/pub/fedora/linux/development/<fedora_release_number> and
/pub/fedora-secondary/development/<fedora_release_number>. They should
be owned by _ftpsync:ftpsync_
Check directory permissions (should be "0755") to ensure new composes synchronize correctly.
====
=== Creating EPEL10.<new minor> release
To create a new minor release in bodhi, you need to run:
WARNING: TODO: Update scripts for EPEL10 (check hackmd)
[source,bash,subs="attributes"]
----
$ bodhi releases create \
--name "F{rawhide}" --long-name "Fedora {rawhide}" \
--id-prefix FEDORA --version {rawhide} --branch f{rawhide} \
--dist-tag f{rawhide} \
--stable-tag f{rawhide} \
--testing-tag f{rawhide}-updates-testing \
--candidate-tag f{rawhide}-updates-candidate \
--pending-stable-tag f{rawhide}-updates-pending \
--pending-testing-tag f{rawhide}-updates-testing-pending \
--pending-signing-tag f{rawhide}-signing-pending \
--state pending \
--override-tag f{rawhide}-override \
-create-automatic-updates \
--not-composed-by-bodhi
----
WARNING: TODO: Check if any of this applies for EPEL10
You need to run the `bodhi openshift` playbook, so that UI will know
about the new release. Then, you need to restart
*fm-consumer@config.service* and *bodhi-celery.service* services on
*bodhi-backend01.phx2.fedoraproject.org*:
```
$ sudo rbac-playbook openshift-apps/bodhi.yml
$ sudo systemctl restart fm-consumer@config.service bodhi-celery.service
```
=== Update rawhide koji repo
WARNING: TODO: Check if any of this applies for EPEL10
We need to point the _rawhide_ buildroot repo to the newly created
rawhide buildroot. This way kojira doesn't make a newrepo for _rawhide_
target as often as fxx-build (new rawhide buildroot).
Run the following commands from any of the compose boxes:
[source,bash,subs="attributes"]
----
$ cd /mnt/koji/repos/rawhide
$ rm -f latest
$ ln -s ../f{rawhide}-build/latest ./latest
----
=== Update block_retired.py script
WARNING: TODO: Check if any of this apply for EPEL10
https://pagure.io/releng/blob/main/f/scripts/block_retired.py[block_retired.py]
script in releng repo should be updated with rawhide release and also
branched release should be added to the script.
Please look at this
https://pagure.io/releng/c/9eb97f491f7a767ab8b90498adfa3b34ee235247?branch=main[block_retired.py
commit] as an example.
=== Updating MirrorManager
WARNING: TODO: Check if any of this applies for EPEL10
We need to update the mirrormanager so that it will point EPEL10 to the
new EPEL10 minor.
Please follow the instructions in the
https://pagure.io/fedora-infrastructure/issue/9239#comment-671446[fedora
infra ticket] to update the database of mirrormanager.
=== Branch new rawhide in Koschei
WARNING: TODO: Check if any of this applies for EPEL10
Branch new fedora rawhide in
https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/koschei/#_branching_a_new_fedora_release[koschei].
== Consider Before Running
NOTE: FIXME: Need some love here