Page MenuHomePhabricator

Change CI image for acme-chief from Stretch to Buster
Open, Needs TriagePublic

Description

The CI container for testing operations/software/acme-chief uses golang-11-go from stretch-backports which we need to sunset T256877.

The container is based on Stretch. The Debian packaging targets Buster and tox.ini mentions python3.7 which is the default in Buster. So we can change the CI image and switch to Buster

Event Timeline

hashar created this task.Jul 8 2020, 1:49 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 8 2020, 1:49 PM
hashar added a comment.Jul 8 2020, 1:54 PM

Turns out we can still have CI runs using Stretch and the python 3.7 version from there. golang is used in a multistage build to generate peble.

Change 610292 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/config@master] dockerfiles: use golang from Buster to build pebble

https://gerrit.wikimedia.org/r/610292

hashar claimed this task.Jul 8 2020, 1:58 PM
hashar removed hashar as the assignee of this task.Jul 8 2020, 2:46 PM

The CI job uses an old version of the image: docker-registry.wikimedia.org/releng/tox-acme-chief:0.3.4 and the test suite works fine.

However when building https://gerrit.wikimedia.org/r/610292 , the suite failed. The reason is that building the image grabs the latest master from github.

The CI image 0.3.4 has been cut in February 2019 a few days before letsencrypt/pebble released v2.0.0. Turns out the acme-chief testsuite does not work anymore with it.

@Vgutierrez I guess that instead we could move the dependency definition to acme-chief maybe using Go modules? Then the CI image entry point would invoke go mod to install pebble and then run tox as usual.

Change 611303 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/config@master] Add extra non voting job for acme-chief

https://gerrit.wikimedia.org/r/611303

Change 610292 merged by jenkins-bot:
[integration/config@master] dockerfiles: use golang from Buster to build pebble

https://gerrit.wikimedia.org/r/610292

Mentioned in SAL (#wikimedia-releng) [2020-07-10T13:00:33Z] <hashar> Successfully tagged docker-registry.discovery.wmnet/releng/tox-acme-chief:0.5.0 # T257456

Change 611303 merged by jenkins-bot:
[integration/config@master] Add extra non voting job for acme-chief

https://gerrit.wikimedia.org/r/611303

I have deployed the jenkins job for acme chief which has the failures with the new letsencrypt/pebble

Example on a change pending review: https://gerrit.wikimedia.org/r/c/operations/software/acme-chief/+/611309

:]

Change 617720 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[integration/config@master] dockerfiles: target specific pebble version

https://gerrit.wikimedia.org/r/617720

Change 617720 merged by jenkins-bot:
[integration/config@master] dockerfiles: target specific pebble version

https://gerrit.wikimedia.org/r/617720

Change 618533 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[integration/config@master] dockerfiles: bump tox-acme-chief container version

https://gerrit.wikimedia.org/r/618533

Change 618534 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[integration/config@master] jjb: Use tox-acme-chief 0.5.1 for the new-pebble acme-chief job

https://gerrit.wikimedia.org/r/618534

Change 618533 merged by jenkins-bot:
[integration/config@master] dockerfiles: bump tox-acme-chief container version

https://gerrit.wikimedia.org/r/618533

Change 618534 merged by jenkins-bot:
[integration/config@master] jjb: Use tox-acme-chief 0.5.1 for the new-pebble acme-chief job

https://gerrit.wikimedia.org/r/618534