Page MenuHomePhabricator
Create Task
Maniphest T287900

Switch Toolforge installation of "composer" to use the Debian package
Closed, ResolvedPublic
Actions

Description

At the time we set up the integration/composer git repo because there was no Debian package and we wanted to use a relatively recent version. The version of composer in buster+ is recent enough (https://tracker.debian.org/pkg/composer) and I think switching to the packaged version would help us get rid of one more oddity. This is blocked on Toolforge fully moving to buster AIUI.

This will also take care of T249949: Stop using integration/composer and then archive the repo.

Details

SubjectRepoBranchLines +/-
Stop building buster based imagesoperations/docker-images/toollabs-imagesmaster+1 -367
P::toolforge: Use composer package on busteroperations/puppetproduction+32 -20
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedhasharT249949 Stop using integration/composer and then archive the repo
 ResolvedtaaviT287900 Switch Toolforge installation of "composer" to use the Debian package
 ResolvedaborreroT277653 Toolforge: add Debian Buster to the grid and eliminate Debian Stretch
 ResolvedaborreroT277866 cloud-init: figure out how to change /etc/hosts from cloud-init/vendordata
 ResolvedaborreroT278232 Toolforge: figure out how to work with the new domain in the grid
 ResolvedaborreroT278748 Toolforge: introduce support for selecting grid queue release
 ResolvedaborreroT282972 "--release is not implemented for --backend=kubernetes" with latest tools-webservice from Git
 ResolvedtaaviT288961 /usr/local/bin/webservice:109: DeprecationWarning: dist() and linux_distribution() functions are deprecated in Python 3.5
 ResolvedaborreroT300501 Toolforge grid: uwsgi in buster fails to load python3 venvs
 ResolvedtaaviT280037 Toolforge: set up monitoring tooling for stretch deprecation
 DuplicateNoneT280252 Toolforge Buster bastion no longer tab completes become command
 ResolvedtaaviT284767 Toolforge: migrate cron servers to Debian Buster
 DeclinedNoneT298089 Sort out Mono repositories for the buster grid
 ResolvedaborreroT298948 Toolforge grid deployment/management automation
 DeclinedNoneT300032 spicerack: introduce GridEngine controller
 ResolvedaborreroT301665 Toolforge jobs framework: create documentation on wikitech
 ResolvedtaaviT309525 Toolforge: Create a cookbook to decomission a SGE node
 ResolvedtaaviT309732 New SGE nodes can't talk to the grid engine master
 Resolved nskaggsT309821 Buster webservice grid went BOOM!
 DeclinedtaaviT309902 Tiny swap on many grid nodes

Event Timeline

Legoktm created this task.Aug 2 2021, 6:03 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 2 2021, 6:03 PM
Legoktm added a parent task: T249949: Stop using integration/composer and then archive the repo.Aug 2 2021, 6:03 PM
gerritbot added a comment.Sep 26 2021, 4:04 PM

Change 723760 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P::toolforge: Use composer package on buster

https://gerrit.wikimedia.org/r/723760

gerritbot added a project: Patch-For-Review.Sep 26 2021, 4:04 PM
taavi changed the task status from Open to In Progress.Sep 26 2021, 4:05 PM
taavi claimed this task.
taavi subscribed.

This was already done when building Bullseye based containers (php74). The above patch also does it on the grid for Buster and newer.

Restricted Application added a project: User-Majavah. · View Herald TranscriptSep 26 2021, 4:05 PM
Legoktm added a comment.Sep 28 2021, 8:00 AM

Note that buster's composer is broken when run in containers, but it's fine for usage on bastions/grid.

gerritbot added a comment.Sep 28 2021, 6:57 PM

Change 723760 merged by Legoktm:

[operations/puppet@production] P::toolforge: Use composer package on buster

https://gerrit.wikimedia.org/r/723760

Maintenance_bot removed a project: Patch-For-Review.Sep 28 2021, 7:10 PM
hashar mentioned this in T249949: Stop using integration/composer and then archive the repo.Oct 12 2021, 7:28 AM
taavi added a subtask: T277653: Toolforge: add Debian Buster to the grid and eliminate Debian Stretch.Oct 12 2021, 7:36 AM
aborrero changed the status of subtask T277653: Toolforge: add Debian Buster to the grid and eliminate Debian Stretch from Stalled to In Progress.Dec 15 2021, 10:37 AM
Reedy moved this task from Backlog to Features/Improvements on the Composer board.Feb 25 2022, 12:31 AM
taavi closed subtask T277653: Toolforge: add Debian Buster to the grid and eliminate Debian Stretch as Resolved.Jun 27 2022, 6:18 PM
bd808 moved this task from Backlog to In Progress on the Toolforge board.Aug 10 2022, 5:03 PM
Jdforrester-WMF subscribed.Oct 17 2022, 3:17 PM

Is there anything left to do here with regards to unblocking the parent? Is that now done?

Legoktm added a comment.Oct 19 2022, 12:53 AM

No, we're still using the integration/composer repository:

user@dev ~/g/o/d/toollabs-images> rg composer
php74-sssd/base/Dockerfile.template
6:# Unzip improves composer's handling of certain zip features (unix permissions for example)
9:        "composer",

php5-sssd/base/Dockerfile.template
25:# T172358 - install composer simlarly to ::toollabs::composer
26:{{ macros.integration_composer() }}

macros.jinja2
59: # Install composer from integration/composer.git.
61:{% macro integration_composer() %}
63:    "https://gerrit.wikimedia.org/r/p/integration/composer.git",
64:    "/srv/composer",
67:    && ln -s /srv/composer/vendor/bin/composer /usr/local/bin/composer

php72-sssd/base/Dockerfile.template
37:# T172358 - install composer simlarly to ::toollabs::composer
38:{{ macros.integration_composer() }}

php73-sssd/base/Dockerfile.template
31:# T172358 - install composer simlarly to ::toollabs::composer
32:{{ macros.integration_composer() }}

I think we should switch the older images to just download a phar with a pinned sha checksum.

hashar subscribed.Nov 3 2022, 2:52 PM

Does anyone know where those toollabs-images live and how to update the process running those images?

If it helps, for the CI image it is done at https://gerrit.wikimedia.org/g/integration/config/+/refs/heads/master/dockerfiles/composer-scratch/

Dockerfile.template
FROM {{ "ci-buster" | image_tag }} AS build

USER root

RUN mkdir /srv/composer

COPY composer.phar.sha256sum /srv/composer/composer.phar.sha256sum

RUN {{ "curl" | apt_install }}

RUN cd /srv/composer \
    && curl --silent --fail --output composer.phar https://getcomposer.org/download/2.3.3/composer.phar \
    && sha256sum -c composer.phar.sha256sum

RUN chmod +x /srv/composer/composer.phar \
    && mv /srv/composer/composer.phar /usr/bin/composer

# Various helpful scripts, copied to /srv/composer; child containers are expected to copy them if needed.

# Wrapper script for composer that uses `COMPOSER_GITHUB_OAUTHTOKEN` if set.
COPY run-composer.sh /srv/composer/run-composer.sh


FROM scratch

COPY --from=build /srv/composer /srv/composer
COPY --from=build /usr/bin/composer /usr/bin/composer
composer.phar.sha256sum
d6931ec2b38b41bd0ad62f9d157908e6688bac091bbf0bd6a619c1067b922402 composer.phar
bd808 subscribed.Nov 3 2022, 3:36 PM
In T287900#8366922, @hashar wrote:

Does anyone know where those toollabs-images live and how to update the process running those images?

hashar added a comment.Feb 6 2023, 9:28 AM

The operations/docker-images/toollabs-images repository has a Jinja2 macro named integration_composer:

macros.jinja2
{##
 # Install composer from integration/composer.git.
 #}
{% macro integration_composer() %}
{{ git_clone(
    "https://gerrit.wikimedia.org/r/p/integration/composer.git",
    "/srv/composer",
    continue=True,
) }}
    && ln -s /srv/composer/vendor/bin/composer /usr/local/bin/composer
{% endmacro %}

It is used by three php sssd images:

git grep integration_composer
php5-sssd/base/Dockerfile.template:{{ macros.integration_composer() }}
php72-sssd/base/Dockerfile.template:{{ macros.integration_composer() }}
php73-sssd/base/Dockerfile.template:{{ macros.integration_composer() }}

Which are based respectively on Debian Jessie, Stretch and Buster. I don't know whether those images are still of any use though.

bd808 added a comment.Feb 6 2023, 7:04 PM
In T287900#8588779, @hashar wrote:

Which are based respectively on Debian Jessie, Stretch and Buster. I don't know whether those images are still of any use though.

All three are still actively used by Toolforge tools per https://k8s-status.toolforge.org/images/:

  • php5: 171 running
  • php72: 88 running
  • php73: 391 running (most used image in all of the Toolforge k8s cluster)
hashar added a comment.Sep 26 2023, 7:15 AM
In T287900#8588779, @hashar wrote:
git grep integration_composer
php5-sssd/base/Dockerfile.template:{{ macros.integration_composer() }}
php72-sssd/base/Dockerfile.template:{{ macros.integration_composer() }}
php73-sssd/base/Dockerfile.template:{{ macros.integration_composer() }}

Which are based respectively on Debian Jessie, Stretch and Buster. I don't know whether those images are still of any use though.

Jessie and Stretch got removed by 7fc63314f51db5e0a92b69949fdb3e29e02e0448.

Debian Buster provides composer 1.8.4.

I guess the remaining image can be switched to download composer.phar. From the releng/composer-scratch image we have:

dockerfiles/composer-scratch/composer.phar.sha256sum
f1b94fee11a5bd6a1aae5d77c8da269df27c705fcc806ebf4c8c2e6fa8645c20 composer.phar
Dockerfile.template
FROM {{ "ci-buster" | image_tag }} AS build

USER root

RUN mkdir /srv/composer

COPY composer.phar.sha256sum /srv/composer/composer.phar.sha256sum

RUN {{ "curl" | apt_install }}

RUN cd /srv/composer \
    && curl --silent --fail --output composer.phar https://getcomposer.org/download/2.5.1/composer.phar \
    && sha256sum -c composer.phar.sha256sum

RUN chmod +x /srv/composer/composer.phar \
    && mv /srv/composer/composer.phar /usr/bin/composer

# Various helpful scripts, copied to /srv/composer; child containers are expected to copy them if needed.

# Wrapper script for composer that uses `COMPOSER_GITHUB_OAUTHTOKEN` if set.
COPY run-composer.sh /srv/composer/run-composer.sh

FROM scratch

COPY --from=build /srv/composer /srv/composer
COPY --from=build /usr/bin/composer /usr/bin/composer
taavi moved this task from In Progress to Ready to be worked on on the Toolforge board.Nov 7 2023, 2:21 PM
gerritbot added a comment.Jan 18 2024, 1:01 PM

Change 991594 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/docker-images/toollabs-images@master] Stop building buster based images

https://gerrit.wikimedia.org/r/991594

gerritbot added a project: Patch-For-Review.Jan 18 2024, 1:01 PM
dcaro triaged this task as Low priority.Jan 24 2024, 3:54 PM
dcaro moved this task from Ready to be worked on to Workspace for triaging whenever needed on the Toolforge board.
gerritbot added a comment.Feb 1 2024, 9:16 PM

Change 991594 merged by jenkins-bot:

[operations/docker-images/toollabs-images@master] Stop building buster based images

https://gerrit.wikimedia.org/r/991594

bd808 mentioned this in rODIT36fb5b658732: Stop building buster based images.Feb 1 2024, 9:51 PM
taavi closed this task as Resolved.Feb 8 2024, 3:32 PM
Maintenance_bot removed a project: Patch-For-Review.Feb 8 2024, 4:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits