Page MenuHomePhabricator
Create Task
Maniphest T347004

Create a staging apt repository for CI-based builds of Debian packages
Closed, ResolvedPublic
Actions

Description

CI-built Debian packages built by the Gitlab runners will initially be available on a staging apt repository (to allow testing e.g.). Compared to our main repository the content of this staging repository will very relatively short-lived (since packages will be synced to the main repo or discarded). For an initial buildout:

  • Create an apt-staging2001 host (we're fine without DC redundancy for the prototype and we have way more space in codfw since there's no WMCS and analytics there).
  • We can fully reuse the component configs etc. from Puppet (and they'd be in sync for all changes as well), but will need some smaller Pupppet changes.
  • Create a repo signing PGP key which is used by the CI runners to sign the .changes file
  • Configure automated incoming processing (there's already an old task for it as T215812) and distribute the public key of the CI signing key via Puppet to the staging repo server so that it can validate the .changes files

Eventually when the whole system works and we've finetuned it, we can figure out how to fold the staging repo into the main repository server or whether we keep it in parallel. I think both approaches have their ups and downs, but let's figure that out when we have something running.

For the later progression from staging -> apt.wikimedia.org I'm thinking of something similar to puppet-merge, e.g. a command line "apt-merge bookworm component/ci jenkins-glue=1.23-1+wmf1", which prompts an SRE for confirmation and then syncs the packages to apt.wikimedia.org (and drops them from the staging repo).

Details

SubjectRepoBranchLines +/-
aptrepo::staging: use gitlab client to download file, fix get_alloperations/puppetproduction+14 -13
apt-staging: Add timer for gitlab package puller joboperations/puppetproduction+8 -1
apt-staging: Add access token for gitlab package pulleroperations/puppetproduction+8 -0
[apt-staging] Deploy gitlab-package-puller scriptoperations/puppetproduction+10 -0
[apt-staging] Add apt_staging role to new staging vmoperations/puppetproduction+2 -3
Customize query in gerrit

Related Objects
Search...

Event Timeline

MoritzMuehlenhoff created this task.Sep 21 2023, 7:44 AM
eoghan claimed this task.Sep 21 2023, 11:50 AM
eoghan moved this task from Incoming to Work in Progress on the collaboration-services board.
eoghan added a subtask: T347032: Site: 1 VM request for apt-staging.Sep 21 2023, 12:43 PM
jbond subscribed.Sep 21 2023, 1:59 PM
LSobanski triaged this task as High priority.Sep 27 2023, 12:47 PM
VirginiaPoundstone mentioned this in T349325: [Sprint 03 Goal] Transition to 50/25/25 capacity structure.Oct 19 2023, 4:43 PM
gerritbot added a comment.Nov 3 2023, 12:57 PM

Change 971450 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] [apt-staging] Add apt_staging role to new staging vm

https://gerrit.wikimedia.org/r/971450

gerritbot added a project: Patch-For-Review.Nov 3 2023, 12:57 PM
gerritbot added a comment.Nov 3 2023, 2:49 PM

Change 971450 merged by EoghanGaffney:

[operations/puppet@production] [apt-staging] Add apt_staging role to new staging vm

https://gerrit.wikimedia.org/r/971450

Maintenance_bot removed a project: Patch-For-Review.Nov 3 2023, 3:10 PM
dancy unsubscribed.Nov 3 2023, 5:02 PM
gerritbot added a comment.Dec 11 2023, 3:54 PM

Change 982119 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] [apt-staging] Deploy gitlab-package-puller script

https://gerrit.wikimedia.org/r/982119

gerritbot added a project: Patch-For-Review.Dec 11 2023, 3:54 PM
gerritbot added a comment.Dec 15 2023, 12:20 PM

Change 982119 merged by EoghanGaffney:

[operations/puppet@production] [apt-staging] Deploy gitlab-package-puller script

https://gerrit.wikimedia.org/r/982119

Maintenance_bot removed a project: Patch-For-Review.Dec 15 2023, 12:30 PM
MoritzMuehlenhoff closed subtask T347032: Site: 1 VM request for apt-staging as Resolved.Jan 22 2024, 4:05 PM
Joe added a comment.Jan 23 2024, 8:01 AM

Please let's make apt-merge less cumbersome to use.

apt-merge bookworm component/ci jenkins-glue should work without needing to specify the version, IMHO.

LSobanski moved this task from Work in Progress to Backlog on the collaboration-services board.Jan 29 2024, 4:50 PM
gerritbot added a comment.Apr 30 2024, 9:33 AM

Change #1025358 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] apt-staging: Add access token for gitlab package puller

https://gerrit.wikimedia.org/r/1025358

gerritbot added a project: Patch-For-Review.Apr 30 2024, 9:33 AM
gerritbot added a comment.Apr 30 2024, 9:43 AM

Change #1025358 merged by EoghanGaffney:

[operations/puppet@production] apt-staging: Add access token for gitlab package puller

https://gerrit.wikimedia.org/r/1025358

Maintenance_bot removed a project: Patch-For-Review.Apr 30 2024, 10:31 AM
gerritbot added a comment.May 2 2024, 10:54 PM

Change #1026699 had a related patch set uploaded (by EoghanGaffney; author: EoghanGaffney):

[operations/puppet@production] apt-staging: Add timer for gitlab package puller job

https://gerrit.wikimedia.org/r/1026699

gerritbot added a project: Patch-For-Review.May 2 2024, 10:54 PM
gerritbot added a comment.May 9 2024, 10:02 AM

Change #1026699 merged by EoghanGaffney:

[operations/puppet@production] apt-staging: Add timer for gitlab package puller job

https://gerrit.wikimedia.org/r/1026699

Maintenance_bot removed a project: Patch-For-Review.May 9 2024, 10:30 AM
gerritbot added a comment.Jun 5 2024, 1:37 PM

Change #1039217 had a related patch set uploaded (by Jelto; author: Jelto):

[operations/puppet@production] aptrepo::staging: use gitlab client to download file, fix get_all

https://gerrit.wikimedia.org/r/1039217

gerritbot added a project: Patch-For-Review.Jun 5 2024, 1:37 PM
gerritbot added a comment.Jun 7 2024, 8:22 AM

Change #1039217 merged by Jelto:

[operations/puppet@production] aptrepo::staging: use gitlab client to download file, fix get_all

https://gerrit.wikimedia.org/r/1039217

Maintenance_bot removed a project: Patch-For-Review.Jun 7 2024, 8:31 AM
LSobanski moved this task from Backlog to Work in Progress on the collaboration-services board.Oct 25 2024, 1:37 PM
eoghan closed this task as Resolved.Tue, Nov 26, 1:37 PM

The pipeline seems to be working correctly, and we've got documentation in place. I think we can close this out as completed!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits