Page MenuHomePhabricator

Find CI container build location
Closed, ResolvedPublic

Description

Important for streamlined service delivery, we need a secure machine or machines on which we can build containers using blubber and push to the docker registry for use in staging.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 11 2017, 6:10 PM
thcipriani added a subtask: Restricted Task.Aug 11 2017, 6:10 PM
thcipriani closed subtask Restricted Task as Resolved.Aug 25 2017, 5:45 PM
thcipriani triaged this task as Medium priority.Aug 30 2017, 4:22 PM

Now that we have locked down the security for Jenkins a bit, contint1001 seems like a logical place to store credentials and run builds. We've discussed this a bit in the deployment pipeline meetings.

Ideally credentials would be managed there by puppet and used by the jenkins-deploy user to build containers via blubber.

dduvall moved this task from Backlog to CI on the Release Pipeline board.Aug 30 2017, 9:30 PM
elukey reopened subtask Restricted Task as Open.Sep 13 2017, 10:33 AM
MoritzMuehlenhoff closed subtask Restricted Task as Resolved.Sep 18 2017, 7:36 AM

Change 382608 had a related patch set uploaded (by Thcipriani; owner: Thcipriani):
[operations/puppet@production] Deployment pipeline profile

https://gerrit.wikimedia.org/r/382608

Current plan is to build and push containers from the CI hosts in production (currently contint1001).

Change 382608 merged by Alexandros Kosiaris:
[operations/puppet@production] Deployment pipeline profile

https://gerrit.wikimedia.org/r/382608

thcipriani closed this task as Resolved.Oct 16 2017, 5:10 PM

That will be on the ci::master hosts. Eg contint1001 / contint2001.