Page MenuHomePhabricator
Create Task
Maniphest T406384

Add a zuul tenant config on the zuul scheduler host (zuul1001)
Closed, ResolvedPublic
Actions

Description

See tenant config docs.

The tenant config:

  • Lists projects zuul should operate on
  • Lists the projects from which zuul should fetch its configuration

The tenant config will need to change every time we add a project to zuul.

It's possible to specify a tenant_config_script that generates a valid tenant config on stdout, which may be an option.

The path to the tenant_config or tenant_config_script will need to be set in the [scheduler] section of zuul.conf, which is in puppet:modules/profile/templates/zuul/zuul.conf.erb. Currently this points to a non-existent file.

For this task, we'll need to:

  • Figure out the initial contents of the tenant config
  • Figure out how we will update the tenant config easily
  • Ensure that either the script to generate the tenant config, or the tenant config itself is known to puppet
  • Update the file path for the [scheduler] section of the zuul.conf in puppet

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
zuul: Provide tenant configurationoperations/puppetproduction+51 -2
zuul: Name service containers and remove them when stoppedoperations/puppetproduction+8 -0
zuul: Configure environment variables for http(s) proxyoperations/puppetproduction+36 -4
Customize query in gerrit

Related Objects
Search...

Event Timeline

thcipriani created this task.Oct 3 2025, 7:52 PM
thcipriani added projects: Release-Engineering-Team (Priority Backlog 📥), Essential-Work.Oct 3 2025, 7:57 PM

Tagging in Release-Engineering-Team since it seems like this will require some deep-diving into our CI configuration to generate a proposal. After we have a proposal, we'll need feedback from collaboration-services about puppetization/ongoing management of this file.

LSobanski subscribed.Oct 7 2025, 12:17 PM
thcipriani added a comment.Oct 8 2025, 4:47 PM

@dduvall should be able to look at this after 2025-10-15.

dduvall claimed this task.Apr 15 2026, 10:04 PM
dduvall triaged this task as Medium priority.
dduvall moved this task from Backlog to In Progress on the Continuous-Integration-Infrastructure (Zuul upgrade) board.
gerritbot added a comment.Apr 15 2026, 10:04 PM

Change #1271948 had a related patch set uploaded (by Dduvall; author: Dduvall):

[operations/puppet@production] zuul: Configure environment variables for http(s) proxy

https://gerrit.wikimedia.org/r/1271948

gerritbot added a project: Patch-For-Review.Apr 15 2026, 10:04 PM
gerritbot added a comment.Apr 16 2026, 6:31 PM

Change #1271948 merged by Dzahn:

[operations/puppet@production] zuul: Configure environment variables for http(s) proxy

https://gerrit.wikimedia.org/r/1271948

Maintenance_bot removed a project: Patch-For-Review.Apr 16 2026, 7:31 PM
Dzahn added a comment.Apr 16 2026, 7:37 PM
[zuul1001:~] $ grep -i proxy /lib/systemd/system/zuul-*

/lib/systemd/system/zuul-nodepool.service:         --env HTTP_PROXY=http://webproxy.eqiad.wmnet:8080 \
/lib/systemd/system/zuul-nodepool.service:         --env HTTPS_PROXY=http://webproxy.eqiad.wmnet:8080 \
/lib/systemd/system/zuul-nodepool.service:         --env NO_PROXY=wikimediacloud.org,wmnet,127.0.0.1,::1 \
/lib/systemd/system/zuul-scheduler.service:         --env HTTP_PROXY=http://webproxy.eqiad.wmnet:8080 \
/lib/systemd/system/zuul-scheduler.service:         --env HTTPS_PROXY=http://webproxy.eqiad.wmnet:8080 \
/lib/systemd/system/zuul-scheduler.service:         --env NO_PROXY=wikimediacloud.org,wmnet,127.0.0.1,::1 \
[zuul1002:~] $ grep -i proxy /lib/systemd/system/zuul-*
         --env HTTP_PROXY=http://webproxy.eqiad.wmnet:8080 \
         --env HTTPS_PROXY=http://webproxy.eqiad.wmnet:8080 \
         --env NO_PROXY=wikimediacloud.org,wmnet,127.0.0.1,::1 \
Stashbot added a comment.Apr 16 2026, 8:49 PM

Mentioned in SAL (#wikimedia-releng) [2026-04-16T20:49:55Z] <dduvall> creating integration/zuul-jobs repo to serve as a mirror of opendev.org/zuul/zuul-jobs (T406384)

gerritbot added a comment.Apr 16 2026, 10:46 PM

Change #1272961 had a related patch set uploaded (by Dduvall; author: Dduvall):

[operations/puppet@production] zuul: Name service containers and remove them when stopped

https://gerrit.wikimedia.org/r/1272961

gerritbot added a project: Patch-For-Review.Apr 16 2026, 10:46 PM
gerritbot added a comment.Apr 16 2026, 10:58 PM

Change #1272970 had a related patch set uploaded (by Dduvall; author: Dduvall):

[operations/puppet@production] zuul: Provide tenant configuration

https://gerrit.wikimedia.org/r/1272970

gerritbot added a comment.Apr 17 2026, 12:19 AM

Change #1272961 merged by Dzahn:

[operations/puppet@production] zuul: Name service containers and remove them when stopped

https://gerrit.wikimedia.org/r/1272961

gerritbot added a comment.Apr 17 2026, 12:36 AM

Change #1272970 merged by Dzahn:

[operations/puppet@production] zuul: Provide tenant configuration

https://gerrit.wikimedia.org/r/1272970

Maintenance_bot removed a project: Patch-For-Review.Apr 17 2026, 1:30 AM
dduvall closed this task as Resolved.Apr 21 2026, 4:26 PM

The zuul-scheduler is now configured with a tenant config (see https://gerrit.wikimedia.org/r/c/operations/puppet/+/1272970). It's managed via puppet for now meaning that subsequent changes to the project list will require a puppet patch. We can revisit this requirement down the road via the tenant_config_script if this workflow is not flexible enough.

Communication between the zuul-scheduler and gerrit.wikimedia.org is now functioning as well but the scheduler is not yet configured to vote on changes. We'll save this configuration change for when the executor and builds are working.

dduvall mentioned this in T424061: Ensure zuul-executor can prepare workspaces and dispatch builds.Apr 21 2026, 4:34 PM
hashar added a comment.May 6 2026, 10:29 AM

While looking at the hosts I noticed old containers were still present.

puppet #1272961 - zuul: Name service containers and remove them when stopped recently changed the docker run command to pass --rm and thus have the containers deleted upon exiting.

I have cleared the old ones using sudo docker container prune --force. There were 2269 containers on zuul1001 / 53.71MB.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits