Page MenuHomePhabricator
Create Task
Maniphest T214431

Pipeline: provide a way to rebuild all blubber images
Open, LowPublic
Actions

Description

Currently the CD pipeline rebuilds production images from scratch, not using any layer caching in Docker so rebuilding all production images for issues in base layers should be as simple as re-triggering the pipeline for an image; however, there is no easy way to trigger a rebuild for all images produced by the pipeline.

Ideally there would be a mechanism by which someone could retrigger a build of all images similar to the way docker-pkg is used currently.

Related Objects

Event Timeline

thcipriani created this task.Jan 22 2019, 7:11 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 22 2019, 7:11 PM
greg edited projects, added Release-Engineering-Team (Backlog); removed Release-Engineering-Team.Jan 23 2019, 7:16 AM
Joe added a comment.Jan 23 2019, 8:16 AM

The general idea (specified in some ticket I lost track of, to be added later) for long-term support is:

  • when an image is ready to be published (or is published), we register it with debmonitor (see debmonitor.wikimedia.org), which also collects feedback from clair, so that it can know of the presence of an image, and what's installed in it, at which version
  • Debmonitor will then tell us which images (both coming from docker-pkg and blubber) have vulnerable software versions, and also know a tree of dependencies so that it can re-trigger the build for all of them.

Of course nothing like this is implemented at the moment, but we should get to it before the end of the FY hopefully.

For the time being, you can't just trigger a rebuild of your blubber images - I guess they use a specific tag of their base images, and will need to use the updated one.

Phabricator_maintenance edited projects, added Release-Engineering-Team-TODO; removed Release-Engineering-Team (Backlog).Jun 12 2019, 11:51 PM
Phabricator_maintenance moved this task from Should be empty (use Release-Engineering-Team) to Later / Need volunteer on the Release-Engineering-Team-TODO board.Jun 12 2019, 11:55 PM
greg added a project: Release-Engineering-Team.Jun 21 2019, 10:34 PM
Joe edited projects, added serviceops-radar; removed serviceops.Jun 24 2019, 3:36 PM
greg edited projects, added Release-Engineering-Team (Pipeline); removed Release-Engineering-Team.Jun 24 2019, 9:20 PM
LarsWirzenius added a comment.Sep 21 2020, 10:55 AM

Meta comment: I have no strong opinion on this, but I note that this task was opened in 2019, and is still untriaged. It would be good to, at least, decide if this is urgent or not.

thcipriani triaged this task as Low priority.Mar 3 2021, 4:57 PM
In T214431#6479172, @LarsWirzenius wrote:

Meta comment: I have no strong opinion on this, but I note that this task was opened in 2019, and is still untriaged. It would be good to, at least, decide if this is urgent or not.

Setting as low prio since there is a current workaround. I think this task is not urgent but important. I was reminded of this today after seeing: T274262: Rebuild all blubber build docker images running on kubernetes.

JMeybohm subscribed.Mar 3 2021, 8:13 PM
thcipriani removed a project: Release-Engineering-Team (Pipeline).Apr 20 2021, 1:25 AM
thcipriani edited projects, added Release-Engineering-Team (thcipriani-workboard-fiddling); removed Release-Engineering-Team-TODO.Apr 20 2021, 3:41 AM
thcipriani moved this task from thcipriani-workboard-fiddling to Seen (ARCHIVE) on the Release-Engineering-Team board.Apr 20 2021, 3:53 AM
thcipriani edited projects, added Release-Engineering-Team; removed Release-Engineering-Team (thcipriani-workboard-fiddling).
thcipriani edited projects, added Release-Engineering-Team (Seen); removed Release-Engineering-Team.Apr 20 2021, 3:23 PM
MSantos subscribed.Jun 7 2021, 11:51 AM
LarsWirzenius unsubscribed.Jun 15 2021, 5:34 AM
Joe added a subscriber: LarsWirzenius.Oct 4 2021, 9:20 AM
In T214431#6879376, @thcipriani wrote:
In T214431#6479172, @LarsWirzenius wrote:

Meta comment: I have no strong opinion on this, but I note that this task was opened in 2019, and is still untriaged. It would be good to, at least, decide if this is urgent or not.

Setting as low prio since there is a current workaround. I think this task is not urgent but important. I was reminded of this today after seeing: T274262: Rebuild all blubber build docker images running on kubernetes.

Sorry but what happened with T274262 is *not* a workaround: several people had to rebuild their images by explicitly bumping the version in their repositories; we need to have a better mechanism in general.

hashar unsubscribed.Apr 20 2022, 10:18 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL