Page MenuHomePhabricator
Create Task
Maniphest T250808

Decide how to run a test involving docker inside WMF CI
Closed, ResolvedPublic
Actions

Description

... specifically for the use case of Fresh, but possibly also more generally which might inform how we'd run testing short-mid term for Blubber, Beaker test for operations/puppet, and anything that either needs to run Docker itself or needs its own VM for other reasons.

Some things to think about:

  • Docker-in-Docker (D-in-D): Probably not feasible. Basically requires giving the executable access to the host. Either by granting the first container root (so that the second one can be spawned inside), or by granting the first container access to the host docker socket so that it can spawn the second one as a sibling, directly on the host.
  • Let the Jenkins job create a VM (using Qemu/KVM), and then run git-clone and test command inside that. (The VM would resume from a snapshot with docker, git, etc. pre-installed).

Details

SubjectRepoBranchLines +/-
bin: Ignore non-zero exit for tput color codesfreshmaster+6 -5
Remove use of Qemu build parameterintegration/configmaster+7 -7
Enable Qemu VM job for Freshintegration/configmaster+5 -5
Create a Jenkins job for Fresh that runs tests inside a Qemu VMintegration/configmaster+91 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Krinkle created this task.Apr 21 2020, 2:12 PM
Krinkle added a project: Release-Engineering-Team-TODO.Apr 21 2020, 2:14 PM
Krinkle added a subscriber: jbond.EditedApr 21 2020, 2:37 PM

(The VM would resume from a snapshot with docker, git, etc. pre-installed).

I suppose we can do without that for now. Just installing what we need within the job run-time using apt-get. That will be a bit slower, but should be fine for the MVP.

Let the Jenkins job create a VM using Qemu/KVM […]

Based on current CI worker provisioning from puppet, the qemu-system-x86_64 command is not available, but qemu-img is. It seems similar but I'm not sure. In any event, I suppose we could easily add that to the puppet role via apt if needed.

These naturally need an OS base image, so I guess the next step would be to decide which one to use and where to get it from and/or where to store it.

@hashar wrote (IRC):

Link: https://gerrit.wikimedia.org/r/#/c/operations/puppet/+/318272/2/modules/role/manifests/ci/slave/android.pp

Stashbot added a comment.Apr 21 2020, 2:48 PM

Mentioned in SAL (#wikimedia-releng) [2020-04-21T14:48:11Z] <Krinkle> Creating integration-agent-qemu-1001 to experiment with VM-based CI jobs – T250808

Krinkle added a subscriber: LarsWirzenius.Apr 21 2020, 3:24 PM
integration-agent-qemu-1001:~$ qemu-system-x86_64 -enable-kvm
 Could not access KVM kernel module: No such file or director
 failed to initialize KVM: No such file or directory

Per @LarsWirzenius, for it to be not as slow, the kvm_intel kernel module is needed. E.g. by creating /etc/modprobe.d/kvm-nested.conf with (source):

options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1
options kvm-intel enable_apicv=1
options kvm-intel ept=1

We'd need that to be enabled on the openstack host as well, which it seems to not be right now. For now though we can proceed without KVM, in userland.

hashar added a comment.Apr 21 2020, 7:55 PM

Note that integration-agent-qemu-1001.integration.eqiad.wmflabs does not have /dev/kvm. I tried earlier to load the kvm and kvm_intel kernel modules but:

$ sudo modprobe kvm-intel
modprobe: ERROR: could not insert 'kvm_intel': Operation not supported

dmesg reports it is not available:

kvm: no hardware support

None of the other WMCS instances I have access to have /dev/kvm. I guess that is explicitly disabled on the hosts?

For the record, nested virtualization (running vm in vm) was definitely available at some point. We used it to run the Android Emulator.

An alternative is to have those VM based jobs to run elsewhere than on the WMCS infrastructure.

LarsWirzenius added a comment.Apr 27 2020, 9:58 AM

The host needs to enable nested KVM (nested=1 parameter to the kvm module), and then the guest should be able to load the kvm module as well. Or at least that's what I did on my own hardware.

gerritbot added a comment.Apr 28 2020, 5:45 PM

Change 593012 had a related patch set uploaded (by Krinkle; owner: Krinkle):
[fresh@master] bin: Ignore non-zero exit for tput color codes

https://gerrit.wikimedia.org/r/593012

gerritbot added a project: Patch-For-Review.Apr 28 2020, 5:45 PM
Krinkle mentioned this in T251309: bin/fresh fails on `CLR_GREEN=`tput setaf 2` (Debian 10, Qemu, default TERM=vt220).Apr 28 2020, 6:10 PM
gerritbot added a comment.Apr 28 2020, 6:55 PM

Change 593034 had a related patch set uploaded (by Krinkle; owner: Krinkle):
[integration/config@master] [WIP] Draft Jenkins job for running tests inside a sub-VM

https://gerrit.wikimedia.org/r/593034

gerritbot added a comment.May 7 2020, 9:44 AM

Change 593034 merged by jenkins-bot:
[integration/config@master] Create a Jenkins job for Fresh that runs tests inside a Qemu VM

https://gerrit.wikimedia.org/r/593034

gerritbot added a comment.May 7 2020, 6:53 PM

Change 595026 had a related patch set uploaded (by Krinkle; owner: Krinkle):
[integration/config@master] Enable Qemu VM job for Fresh

https://gerrit.wikimedia.org/r/595026

gerritbot added a comment.May 7 2020, 7:34 PM

Change 595026 merged by jenkins-bot:
[integration/config@master] Enable Qemu VM job for Fresh

https://gerrit.wikimedia.org/r/595026

Krinkle updated the task description. (Show Details)May 7 2020, 7:53 PM
Krinkle added a comment.EditedMay 7 2020, 9:15 PM

@hashar Looks like it worked when I triggered the builds manually, but not via Zuul. The issue seems to be that default parameters does not work? If I search online, I see this is a common complaint. It seems this feature only applies to the input field of the "Build" web page on Jenkins. It does not apply when Zuul is triggering the build.

But when clicking "Rebuild Last" on the web interface, it works, given that that will consider the default input value for QEMU_TEST_COMMAND.

The idea is that fresh-test (and other jobs that might need Qemu) are the same, except for a different value for the QEMU_TEST_COMMAND parameter. Ideally the command would be defined together with the job, in jjb/misc.yaml so that it can be maintained together.

  • I tried using paramets: string: default in https://gerrit.wikimedia.org/r/593034, but this does not work per the above reason.
  • I tried adding a one-line shell before the main one, to export FOO=123 but that does not work either. It is not retained to the next build step.
  • I tried maybe defining in in zuul/layout.yaml in the section where fresh and fresh-test are declared, however there does not seem to be a way to set job parameters there directly. There is also not a way to set any extra meta data on a per-project level.
  • I tried using the job section in zuul/layout.yaml, but that only supports setting parameter_function. It does not have a way to e.g. pass a key-value pair like "qemu command: test.sh" to the parameter function.

Is really the only way to set a parameter (simple, static, not variable) for a Jenkins job to add an if-statement in zuul/parameter_function and hardcode the job name there?

gerritbot added a comment.May 8 2020, 1:36 AM

Change 595080 had a related patch set uploaded (by Krinkle; owner: Krinkle):
[integration/config@master] Remove use of Qemu build parameter

https://gerrit.wikimedia.org/r/595080

gerritbot added a comment.May 8 2020, 1:45 AM

Change 595080 merged by jenkins-bot:
[integration/config@master] Remove use of Qemu build parameter

https://gerrit.wikimedia.org/r/595080

Krinkle closed this task as Resolved.May 8 2020, 8:57 PM
Krinkle claimed this task.
Krinkle added a project: Performance-Team.
gerritbot added a comment.May 11 2020, 7:12 PM

Change 593012 merged by jenkins-bot:
[fresh@master] bin: Ignore non-zero exit for tput color codes

https://gerrit.wikimedia.org/r/593012

Maintenance_bot removed a project: Patch-For-Review.May 11 2020, 8:11 PM
hashar mentioned this in T259586: Add CI to mediawiki/tools/train-dev.Aug 4 2020, 7:25 AM
Krinkle moved this task from Inbox to Support & Meta on the Fresh board.Aug 8 2020, 3:00 PM
hashar mentioned this in T266081: Evaluate how we might run buildpack's `pack` in CI.Oct 21 2020, 1:48 PM
dancy mentioned this in T267433: Enable support for nested VMs.Nov 6 2020, 6:40 PM
kostajh mentioned this in T248779: Set up CI for mwcli.Apr 26 2021, 7:26 AM
hashar mentioned this in T283724: Tracking task to support running arbitrary Docker images.May 26 2021, 2:22 PM
Krinkle mentioned this in T284774: Provide one or more Qemu agents in CI that use a newer version than 2.x.Jul 1 2021, 9:21 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL