Page MenuHomePhabricator

Design the Jenkins isolation architecture
Closed, ResolvedPublic


We need a technical document describing how the Jenkins jobs are going to be isolated ( T47499 ). Most importantly the flow between Gerrit/Zuul/Jenkins/Nodepool/OpenStack and the servers/instances responsibilities.

Event Timeline

hashar claimed this task.
hashar raised the priority of this task from to Needs Triage.
hashar updated the task description. (Show Details)

I have poked the internal ops list to get some early feedbacks.

I have updated the architecture document this week. A concern I had was to have all Jenkins runner to be able to access the Zuul mergers. During the transitions we will have slaves:

  • gallium prod, public address
  • lanthanum prod, public address
  • labs instances

In the current system they all can access zuul.eqiad.wmnet which is the public IP of gallium. With the new systems all three kind of slaves would need to be able to reach the Zuul merger in labs subnet. We will have to open firewalls rules to permit traffic from the prod slaves (gallium and lanthanum) to the labs subnet IP of the Zuul mergers.

@zeljkofilipin has read the document and we had a quick 1/1 today about it. We scheduled three weekly one hours checkins to talk more about this project and other things.

hashar lowered the priority of this task from High to Medium.Jun 9 2015, 2:24 PM

I need a bootable images in labs to further progress on this.

Moving to backlog. Lets do the proof of concept project first.

Nodepool has been deployed. The rest of the components are being slowly added as time allow. We have just started adding scandium as a Zuul merger in the labs infra (T95046).

I am getting the documentation updated on the wiki:

Not much more design work will happen. The original inception back in beginning of 2015 is more or less what we have/are deploying.