Page MenuHomePhabricator

Find CI container build location
Closed, ResolvedPublic

Description

Important for streamlined service delivery, we need a secure machine or machines on which we can build containers using blubber and push to the docker registry for use in staging.

Event Timeline

thcipriani closed subtask Restricted Task as Resolved.Aug 25 2017, 5:45 PM
thcipriani triaged this task as Medium priority.Aug 30 2017, 4:22 PM

Now that we have locked down the security for Jenkins a bit, contint1001 seems like a logical place to store credentials and run builds. We've discussed this a bit in the deployment pipeline meetings.

Ideally credentials would be managed there by puppet and used by the jenkins-deploy user to build containers via blubber.

elukey reopened subtask Restricted Task as Open.Sep 13 2017, 10:33 AM
MoritzMuehlenhoff closed subtask Restricted Task as Resolved.Sep 18 2017, 7:36 AM

Change 382608 had a related patch set uploaded (by Thcipriani; owner: Thcipriani):
[operations/puppet@production] Deployment pipeline profile

https://gerrit.wikimedia.org/r/382608

Current plan is to build and push containers from the CI hosts in production (currently contint1001).

Change 382608 merged by Alexandros Kosiaris:
[operations/puppet@production] Deployment pipeline profile

https://gerrit.wikimedia.org/r/382608

That will be on the ci::master hosts. Eg contint1001 / contint2001.