Page MenuHomePhabricator
Create Task
Maniphest T215458

Convert zuul to use scap
Closed, ResolvedPublic
Actions

Description

Zuul is deployed on contint1001 using a Debian package intended for Jessie. The whole process is unnecessarily complicated and predate a lot of improvement we have accomplished over the last few years with regard to deploying python application.

We need to deploy it using Scap and using wheels to satisfy the requirements.

A potentially helpful overview: https://docs.google.com/drawings/d/1WTnZGO_2WS8OkWUVAVwpd9eg3nXKWVQvDPoUyoPTC1s/edit

Legacy deployment

The repository is https://gerrit.wikimedia.org/g/integration/zuul Our code is a fork of upstream ~ version 2.5 and comes with hotfixes and backports and has Debian packaging information.

Since some of the required python modules are either missing from Jessie or to new, we have the Debian package to fetch dependencies from pypi using dh_virtualenv. Hence the package building requires network access. Zuul is then running from a virtualenv. Some dependencies are fullfilled using the regulard debian/control Depends: field and are thus installed by apt when installing the package.

The branches that matters:

patch-queue/debian/jessie-wikimediaFork of upstream + code hotfixes and HEAD of the repository
debian/jessie-wikimediaHas the ./debian directory for packaging

The process is roughly:

  • patches are pilled up in patch-queue/debian/jessie-wikimedia
  • Using git buildpackage patch manager, the patches are exported in as a Debian patch serie into the branch debian/jessie-wikimedia. That is done using gbp pq export
  • The package is build using DIST=jessie-wikimedia gbp buildpackage which requires pbuilder hooks installed from operations/puppet.git modules/package_builder and a cowbuilder environment to be setup on the build host.
  • pbuilder install the build dependencies then invoke dh_virtualenv reusing system packages and fetch the list in requirements.txt

The outcome is a virtualenv deployed under /usr/share/python/zuul/.

Checking on contint1001, the embedded python modules are:

$ /usr/share/python/zuul/bin/pip list --local
APScheduler (3.0.6)
futures (3.0.5)
gear (0.7.0)
gitdb2 (2.0.5)
GitPython (2.1.11)
lockfile (0.12.2)
pip (1.5.6)
python-daemon (2.0.6)
setuptools (5.5.1)
smmap2 (2.0.5)
statsd (2.1.2)
tzlocal (1.2.2)
zuul (2.5.1-wmf11)

debian/control has a list of the requirements. Some would fail on Stretch/Buster such as python-voluptuous which would be to new for our version of Zuul. I guess we will have to proceed by trial and errors to find the proper set of requirements.

New deployment

@Paladox has made an attempt to convert to use wheels. It might not match the systems we have put in place for other software. A few repositories worth looking at for inspiration:

I guess people from SRE can be involved to help start on the proper rails.

Scap target and services

The Zuul Debian package ships two services which are configured via puppet.git.

zuul is the main daemon, it is only active on contint1001. The instance on contint2001 is masked via systemd.

zuul-merger they process git merge commit of the patches against the target branch. There is one running on each of contint1001 and contint2001.

The Zuul daemon hosts a tiny web server to expose it's internal status as a json file. That is exposed publicly as integration.wikimedia.org/zuul/status.json and pass through an Apache proxy forwarding requests made for https://integration.wikimedia.org/zuul/ .

Migration

Once the Debian package is build and a Buster server is available, the new version can be installed there. Then:

  • Change the Apache proxy for integration.wikimedia.org to have requests to zuul to be send to that new server instead of the locally running zuul.
  • Stop the old zuul
  • Bring back the new one
  • have the Jenkins Gearman client to be pointed to that new server

And that might do it.

Details

SubjectRepoBranchLines +/-
scap: drop git_rev: masterintegration/zuul/deploymaster+0 -1
zuul: provision the scap repositoryoperations/puppetproduction+41 -6
zuul: Convert to using scapoperations/puppetproduction+207 -13
Scap3 deploy repo for zuulintegration/zuul/deploymaster+143 -0
Add an image for python2 app based on Busteroperations/docker-images/production-imagesmaster+49 -2
Add fake ssh key pair for zuul scap deploymentlabs/privatemaster+4 -0
python-build: add gcc etc + libssl-devoperations/docker-images/production-imagesmaster+21 -3
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 StalledNoneT302086 Set scap minimum python version to 3.7
 ResolvedNoneT247045 Migrate all of production metal and VMs to Buster or later
 ResolvedakosiarisT249724 Track and remove jessie based container images from production
 ResolvedJdforrester-WMFT224908 Drop jessie testing support
 ResolvedJdforrester-WMFT224906 Drop php56 testing support
 ResolvedJdforrester-WMFT211784 Upgrade all CI jobs from node6/npm3 to node10/npm6 across all projects
 InvalidJdforrester-WMFT211785 Upgrade the mobileapps CI job from npm3 to npm6
 ResolvedMoritzMuehlenhoffT203239 Create Debian packages for Node.js 10 upgrade
 ResolvedKrinkleT213944 Jenkins jobs for npm-test fail on project with deps on node-gyp which requires python2.7
 ResolvedKrinkleT215562 npm 6 consistently fails with "Z_DATA_ERROR: invalid distance too far back" on some repos
 ResolvedhasharT217545 Update selenium-daily-beta-* jobs to node10/npm6
 ResolvedJdforrester-WMFT222406 Switch quibble-based CI jobs from node6 to node10
 ResolvedJdforrester-WMFT224983 mediawiki-phpunit-coverage-patch-docker fails to install fibers@3.1.1
 DeclinedJdforrester-WMFT224997 Update MobileFrontend-npm-run-lint-modules-docker to run node10
 DuplicateNoneT224978 WikibaseMediaInfo selenium tests failing when run against beta commons
 ResolvedMilimetricT228451 Fix the analytics/mediawiki-storage repo to work on node10
 ResolvedMilimetricT228452 Fix the analytics/wikistats2 repo to work on node10
 ResolvedLadsgroupT228453 Fix the data-values/value-view repo to work on node10
 ResolvedakosiarisT218733 Migrate mobileapps to k8s and node 10
 DeclinedNoneT215539 Node.js 10 changes encoding for at least one Georgian character
 Resolved MhollowayT258186 Investigate why mobileapps in k8s "/{domain}/v1/data/css/mobile/site" endpoint takes way longer than on scb to complete
 DuplicateNoneT225107 Migrate recommendation-api to node 10
 ResolvedNoneT225678 Migrate 3d2png to k8s
 ResolvedNoneT267327 Run latest Thumbor on Docker with Buster + Python 3
 DeclinedNoneT269215 Blubber "copies" and "builder command" steps should run in the opposite order
 ResolvedMSantosT217114 Migrate Proton to k8s and nodejs 10
 DuplicateNoneT228907 Migrate the wikimedia-portals-build timed CI job to node10
 ResolvedjeenaT213806 Migrate wikimedia-portals-build to Docker container
 ResolvedJdforrester-WMFT237479 Update the wikimedia-portals repo's CI/linting code for various security issues
 ResolvedJdrewniakT247996 Fix issues with Gulp 4 migration
 DuplicateNoneT229276 Fix the data-values/value-view repo to work on node10
 ResolvedJdforrester-WMFT230841 Migrate documentation generation to Node 10.15.2 from node 6.11.0
 ResolvedJdforrester-WMFT235570 Move the OOUI repo to a new custom docker image for node10 and php72
 ResolvedJdforrester-WMFT247536 Migrate mediawiki-core-jsduck-docker-publish off node 6 so it works again
 ResolvedMoritzMuehlenhoffT224549 Track remaining jessie systems in production
 ResolvedhasharT249268 Reduce size of artifacts stored on the CI Jenkins master
 ResolvedhasharT224591 Migrate contint* hosts to Buster
 Resolved mmodellT215458 Convert zuul to use scap
 ResolvedhasharT240551 Remove Zuul Debian package from WMCS instances
 ResolvedJoeT249110 Build and publish a python2 based container to build wheels

Event Timeline

Paladox created this task.Feb 6 2019, 8:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 6 2019, 8:35 PM
Paladox claimed this task.Feb 6 2019, 8:36 PM

Per chat with @thcipriani im going to work on switching zuul to use scap.

(Assigning to me so i can implement this first)

Paladox triaged this task as Medium priority.Feb 7 2019, 2:51 AM

I have this some what working

paladox@gerrit-test:~/zuul2$ /usr/bin/zuul-server2 --version
Zuul version: 2.5.2.dev17

We will have to use git-fat for the python deps.

We will also have to symnlink dist-packages to the zuul package.

Paladox added a comment.Feb 7 2019, 6:44 PM

I've successfully deployed this to https://gerrit-zuul.wmflabs.org/zuul/ using https://gerrit.wikimedia.org/r/#/c/integration/zuul/+/488579/

Tests work when i type "recheck" on gerrit.

Stashbot subscribed.Feb 7 2019, 7:05 PM

Mentioned in SAL (#wikimedia-releng) [2019-02-07T19:05:08Z] <paladox> created integration/zuul/wheels gerrit repo for T215458

Stashbot added a comment.Feb 7 2019, 7:09 PM

Mentioned in SAL (#wikimedia-releng) [2019-02-07T19:09:31Z] <paladox> created integration/zuul/build gerrit repo for T215458

gerritbot subscribed.Feb 8 2019, 1:20 AM

Change 489012 had a related patch set uploaded (by Paladox; owner: Paladox):
[operations/puppet@production] [wip] zuul: Convert to using scap

https://gerrit.wikimedia.org/r/489012

gerritbot added a project: Patch-For-Review.Feb 8 2019, 1:20 AM
greg moved this task from INBOX to Backlog on the Release-Engineering-Team board.Apr 6 2019, 10:26 PM
greg edited projects, added Release-Engineering-Team (Backlog); removed Release-Engineering-Team.
gerritbot added a comment.May 21 2019, 9:26 PM

Change 489012 had a related patch set uploaded (by Paladox; owner: Paladox):
[operations/puppet@production] zuul: Convert to using scap

https://gerrit.wikimedia.org/r/489012

Phabricator_maintenance edited projects, added Release-Engineering-Team-TODO; removed Release-Engineering-Team (Backlog).Jun 12 2019, 11:52 PM
Phabricator_maintenance moved this task from Should be empty (use Release-Engineering-Team) to Later / Need volunteer on the Release-Engineering-Team-TODO board.Jun 12 2019, 11:55 PM
greg added a project: Release-Engineering-Team.Jun 21 2019, 10:35 PM
greg moved this task from INBOX to CI & Testing services on the Release-Engineering-Team board.Jul 8 2019, 7:24 PM
greg edited projects, added Release-Engineering-Team (CI & Testing services); removed Release-Engineering-Team.
hashar added a project: Continuous-Integration-Infrastructure (phase-out-jessie).Dec 9 2019, 8:03 PM
hashar added a parent task: T224591: Migrate contint* hosts to Buster.
hashar closed subtask T240551: Remove Zuul Debian package from WMCS instances as Resolved.Dec 12 2019, 1:21 PM
hashar mentioned this in T240570: Upload zuul_2.5.1-wmf11 to apt.wikimedia.org.Dec 13 2019, 8:41 AM
hashar updated the task description. (Show Details)Dec 19 2019, 4:46 PM
hashar updated the task description. (Show Details)Dec 19 2019, 4:50 PM
thcipriani edited projects, added Release-Engineering-Team-TODO (2020-01 to 2020-03 (Q3)); removed Release-Engineering-Team-TODO.Dec 19 2019, 8:31 PM
thcipriani moved this task from INBOX to Maintenance on the Release-Engineering-Team-TODO (2020-01 to 2020-03 (Q3)) board.Jan 6 2020, 1:32 AM
hashar added a comment.Jan 13 2020, 9:10 AM

SRE maintains two python projects deployed by scap which use Docker containers to build the wheels for the target distribution. One can seek inspiration from them:

Another potential option would be to have Zuul in a Docker container and run the scheduler and mergers on Kubernetes. But that is potentially a lot more breaking changes.

mmodell subscribed.Jan 28 2020, 10:12 PM
mmodell claimed this task.Jan 28 2020, 10:26 PM
mmodell added a comment.Jan 28 2020, 10:31 PM

Sorry @Paladox, not meaning to step on your toes here but I am assigned to move this forward.

mmodell raised the priority of this task from Medium to High.Feb 5 2020, 6:28 PM
mmodell moved this task from Maintenance to New Work on the Release-Engineering-Team-TODO (2020-01 to 2020-03 (Q3)) board.Feb 12 2020, 6:10 PM
mmodell changed the task status from Open to Stalled.Feb 19 2020, 6:19 PM

blocked because I need to consult with @hashar before doing this

hashar changed the task status from Stalled to Open.Mar 5 2020, 8:55 AM

@mmodell and I have a meeting today about it :)

mmodell added a comment.Mar 5 2020, 7:29 PM

Deployment repo: https://gerrit.wikimedia.org/r/admin/projects/integration/zuul/deploy

hashar added a comment.Mar 5 2020, 7:35 PM

The code to deploy is in integration/zuul in branch patch-queue/debian/jessie-wikimedia. It is a fork of upstream code with a dozens or so of custom patches on top of it.

Those patches are managed using git-buildpackage gb pq which automatically export our patches to a Debian patch serie in the branch debian/jessie-wikimedia under the directory ./debian/patches. That makes maintenance of patch rather "easy".

From discussion with @mmodell , scap v3 needs a separate git repository (eg: integration/zuul/deploy) which then has the code to deploy registered as a submodule.

List of requirements are in the task description:

Checking on contint1001, the embedded python modules are:

$ /usr/share/python/zuul/bin/pip list --local
APScheduler (3.0.6)
futures (3.0.5)
gear (0.7.0)
gitdb2 (2.0.5)
GitPython (2.1.11)
lockfile (0.12.2)
pip (1.5.6)
python-daemon (2.0.6)
setuptools (5.5.1)
smmap2 (2.0.5)
statsd (2.1.2)
tzlocal (1.2.2)
zuul (2.5.1-wmf11)

+ other dependencies of the Debian package (defined in debian/control).

mmodell added a comment.Mar 6 2020, 2:17 PM

The first issue I see is that we don't have a python2-build-* image in the registry.

hashar added a comment.Mar 6 2020, 6:11 PM

Eek. I guess we can try with python 3. Our Zuul version might support it thought I haven't verified that :-( At least it has six as a dependency which is an indication that at least some of the code has been worked toward supporting python 3.

Jdforrester-WMF moved this task from Backlog to In progress on the Continuous-Integration-Infrastructure (phase-out-jessie) board.Mar 6 2020, 7:14 PM
gerritbot added a comment.Mar 11 2020, 5:19 PM

Change 577846 had a related patch set uploaded (by 20after4; owner: 20after4):
[integration/zuul/deploy@master] Scap3 deploy repo for zuul

https://gerrit.wikimedia.org/r/577846

gerritbot added a comment.Mar 12 2020, 3:15 PM

Change 579290 had a related patch set uploaded (by Hashar; owner: Hashar):
[operations/docker-images/production-images@master] python-build: add gcc etc + libssl-dev

https://gerrit.wikimedia.org/r/579290

gerritbot added a comment.Mar 13 2020, 12:02 PM

Change 579290 abandoned by Hashar:
python-build: add gcc etc libssl-dev

Reason:
From a discussion with Giuseppe, it seems we should instead have an intermediate build container in which we inject the build dependencies and build wheels from that.

An example is operations/software/homer/deploy:

https://gerrit.wikimedia.org/r/plugins/gitiles/operations/software/homer/deploy/ /master/Dockerfile.build

https://gerrit.wikimedia.org/r/579290

gerritbot added a comment.Mar 13 2020, 3:57 PM

Change 579587 had a related patch set uploaded (by Hashar; owner: Hashar):
[operations/puppet@production] zuul: provision the scap repository

https://gerrit.wikimedia.org/r/579587

gerritbot added a comment.Mar 16 2020, 9:22 PM

Change 580128 had a related patch set uploaded (by Hashar; owner: Hashar):
[operations/docker-images/production-images@master] Add an image for python2 app based on Buster

https://gerrit.wikimedia.org/r/580128

gerritbot added a comment.Mar 23 2020, 7:49 PM

Change 582895 had a related patch set uploaded (by Hashar; owner: Hashar):
[labs/private@master] Add fake ssh key pair for zuul scap deployment

https://gerrit.wikimedia.org/r/582895

gerritbot added a comment.Mar 23 2020, 7:52 PM

Change 582895 merged by Hashar:
[labs/private@master] Add fake ssh key pair for zuul scap deployment

https://gerrit.wikimedia.org/r/582895

hashar mentioned this in rLPRI6e985ca904b8: Add fake ssh key pair for zuul scap deployment.Mar 23 2020, 8:13 PM
hashar mentioned this in T249110: Build and publish a python2 based container to build wheels.Apr 1 2020, 1:57 PM
hashar added a subtask: T249110: Build and publish a python2 based container to build wheels.
Jdforrester-WMF edited projects, added Release-Engineering-Team-TODO (2020-04 to 2020-06 (Q4)); removed Release-Engineering-Team-TODO (2020-01 to 2020-03 (Q3)).Apr 1 2020, 3:05 PM
Jdforrester-WMF moved this task from INBOX to New Work on the Release-Engineering-Team-TODO (2020-04 to 2020-06 (Q4)) board.
gerritbot added a comment.Apr 2 2020, 9:14 AM

Change 580128 merged by Giuseppe Lavagetto:
[operations/docker-images/production-images@master] Add an image for python2 app based on Buster

https://gerrit.wikimedia.org/r/580128

Joe closed subtask T249110: Build and publish a python2 based container to build wheels as Resolved.Apr 2 2020, 9:45 AM
gerritbot added a comment.Apr 2 2020, 6:45 PM

Change 577846 merged by Jforrester:
[integration/zuul/deploy@master] Scap3 deploy repo for zuul

https://gerrit.wikimedia.org/r/577846

hashar mentioned this in T224591: Migrate contint* hosts to Buster.Apr 2 2020, 7:33 PM
gerritbot added a comment.Apr 3 2020, 1:16 PM

Change 489012 abandoned by Hashar:
zuul: Convert to using scap

Reason:
We are going to deploy Zuul using an intermediate repo: integration/zuul/deploy :)

https://gerrit.wikimedia.org/r/489012

hashar closed this task as Resolved.Apr 6 2020, 3:30 PM

I say the conversion is done. The switch will be handled in the parent task T224591: Migrate contint* hosts to Buster.

gerritbot added a comment.Apr 9 2020, 2:38 PM

Change 579587 merged by Dzahn:
[operations/puppet@production] zuul: provision the scap repository

https://gerrit.wikimedia.org/r/579587

gerritbot added a comment.Apr 9 2020, 2:48 PM

Change 587780 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/zuul/deploy@master] scap: drop git_rev: master

https://gerrit.wikimedia.org/r/587780

gerritbot added a comment.Apr 9 2020, 2:49 PM

Change 587780 merged by 20after4:
[integration/zuul/deploy@master] scap: drop git_rev: master

https://gerrit.wikimedia.org/r/587780

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL