Rocky's Infrastructure Platform

Comrades,

We’ve been beyond fortunate to receive so many offers for services and support from individuals and organizations. This includes mirror time, CDNs, physical hardware, you name it. The community outreach to help get this off the ground has been astounding! We’re all so grateful for it, really.

Building on AWS

We’re going to be building out our initial infrastructure within AWS. Here are some reasons why:

  • Fine grained tooling for permissions, access monitoring, and auditing
  • The ability to setup an AWS Organization and standardize on roles
  • Templates for resource allocation. Users can be automatically assigned a set of resources according to the group they’re a member of
  • Regional and physical security, especially across ITAR and other closed boundaries to enable development and delivery of services to restricted regions (GovCloud, China)
  • Ease of integration with the AWS Marketplace to enable cloud AWS users access to Rocky builds easily and quickly

Concerns

We’re aware of the concerns that some of you may have, such as the reliance upon one vendor, and needing to ensure the integrity of the Rocky Linux Foundation to keep it free from corporate/government/organization influence. We’ve discussed these items at length, and we feel confident we can maintain control. To that end, leads of each team will be following development and design principals that are platform and vendor agnostic–that is, should the need to move out of AWS completely (or any other vendor or provider) arise, we can do so quickly, and easily. As you work to develop, please keep this tenant in mind. There should be no reliance upon AWS-specific tooling (Lambda, as an example).

Plan B and Offers

We are still working on identifying additional vendors and datacenter access for secondary and tertiary development migration if needed, and so we are still accepting the many gracious offers of hardware and other services for donation to the project. If you have not heard back from us regarding your offer, please be patient with us as we work through, document, and respond to the hundreds (thousands?) of notices, offers, and requests we’ve so far received.

Helping Out

If you’re unsure of what you can do to help and are awaiting advisement, please ensure you’ve reached out to the appropriate team on Slack or via email:

Team Slack Contact
Community #rocky-outreach outreach@rockylinux.org
Development #rocky-devel development@rockylinux.org
Identity Management #rocky-security identitymanagement@rockylinux.org
Infrastructure #rocky-infra infrastructure@rockylinux.org
Security #rocky-security security@rockylinux.org
Web #rocky-www web@rockylinux.org

Security@ will be working to identify and organize teams, users, and permissions. Once this has been accomplished we’ll be able to allocate resources in AWS for you to begin actual work on developing Rocky Linux!

Thank you!

Finally, we want to make it clear to everyone that no one’s offer is being snubbed or otherwise rejected. We’re all incredibly thankful for your generosity and support. We have an incredibly tight deadline to organize ourselves and follow through with a deliverable, all the while ensuring security and continuity for the organization. Thank you all so much for your insight, advocacy, and offers.

19 Likes

Hi,

So far this looks great.

If we want to be able to switch cloud vendor when the need arises an exit strategy should be in place long before the need arises.

I know… you will cross that bridge when you get there, so much work.
We will do this when we need it…

This is a problem, and I promise you that if you get to that point where you need to switch and you don’t have an exit strategy in place, you will be at the mercy of your cloud provider.

Not only do you require an exit strategy, but you will need to perform exit strategy exercises with regular intervals. ( just like backup/restore procedures…we all learned this the hard way )

Rob

3 Likes

Hi @RobVerduijn

Couldn’t agree more, I am in the process of building an exchange to help make this easier for everyone to switch easier.

I have 5 areas covered

  1. Standard API
  2. Billing repurposed from wholesale telecom
  3. Security based on secp256k1 self signing algo
  4. Security accelerator
  5. Standard interconnect API.

The idea is to allow applications move by streaming the relevant data to the new provisioned service, early days but this is a massive problem to solve.

I am very much looking forward to seeing rocky evolve as I built my vpp / dataplane on Centos and my roadmap for smartnics needs some careful thoughts.

The exut strategy could be to build everything on top of k8s. This would allow us to swith to may other cloud providers while changing as little as possible.

OKD as kubernetes distro would also be great IMO.

1 Like