[service-announce] A not so Short OpenDev Activity Update

[Clark Boylan]

It has been a busy few weeks for the OpenDev team. We thought it would be a good idea to capture some of the more user facing aspects of what we have been doing lately.

Git-review and Bindep both have new releases. Git-review 2.3.0 and 2.3.1 [0] bring better support for newer OpenSSH and signed Git commits, as well as drop compatibility with Python 3.5. Bindep 2.11.0 [1] adds support for AlmaLinux.

Git fixed a security issue [2] that broke DevStack and other test jobs. The OpenDev team helped to quickly diagnose the problem and proposed fixes to projects once the issue was understood. If you have jobs with unexpected git operation failures or Python package install issues there is a good chance it is related to this update. You will want to ensure that the user running git commands in a repo is the same user that owns the files in the repo (typically "zuul"). Otherwise you will need to mark the repository as a "safe" repository.

Our Twitter status account [3] has been resurrected to provide another way for our users to follow along as we make changes. Whenever we make `#status` messages in IRC that content gets mirrored to this account which you can follow on Twitter.

We have also been doing quite a bit of Spring Cleaning (it is spring for some of us anyway).

We no longer build Debian Buster or Python 3.7 versions of opendevorg/python-builder and opendevorg/python-base. We did our best to check that no one was using these images, but if you are, the images will remain on Docker Hub until Docker Hub times them out. You should update to a Bullseye Python 3.8 or newer image. Bullseye Python 3.10 images are newly available too.

The OpenStack Health service was shut down some time ago, and its configuration management and source repositories have been retired or cleaned up as appropriate. The ELK system that powered elastic-recheck is in the process of being shutdown and retired in favor of a new OpenSearch hosted system managed by OpenStack more directly. Please read the documentation [4] for using the new system if you would like to continue to query job logs using Kibana.

Our distro mirrors are getting a haircut to remove packages for unused architectures in our CI system, ISOs/images, and old distro releases. This cleanup will ensure we have plenty of room to add a Jammy Jellyfish mirror to our collection. We'd like to remind our users that while these mirrors are publicly available they are not intended for public consumption. We can and do modify them as our CI system needs change.

Finally, looking ahead we'll begin to work on rolling out Jammy Jellyfish images for the CI system now that this latest Ubuntu LTS is available. Our Gerrit 3.5 upgrade should also pick up steam. Most of the changes we expect Gerrit users to see will be in the UI itself. You can read the release notes [5] to find out more. We aren't ready to set a date for this, but you should expect a short downtime which we will announce via service-announce at lists.opendev.org. Unfortunately, the Gerrit problems with SSH RSA keys won't be resolved until Gerrit 3.6.

[0] https://lists.opendev.org/pipermail/service-announce/2022-April/000036.html
[1] https://lists.opendev.org/pipermail/service-announce/2022-April/000035.html
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765
[3] https://twitter.com/opendevinfra/
[4] https://governance.openstack.org/sigs/tact-sig.html#opensearch
[5] https://www.gerritcodereview.com/3.5.html