Page MenuHomePhabricator

Review Jenkins isolation architecture with Antoine
Closed, ResolvedPublic

Description

The CI test runs needs to be run in isolated/disposable sandboxes which is the Continuous-Integration-Scaling project. I wrote an architecture document and now need a peer review / refining with members of the SRE team.

Since the architecture will reuse the OpenStack wmflabs infrastructure, one of the labs engineers would be ideal.

We would need additional help from our preferred Debian Developers to review the packaging of two python softwares: Zuul and Nodepool.

From a quick discussion with Ops-RelEng liaison @Andrew, it seems the architecture backend should aim at using Debian/Jessie which will surely simplify the packaging/dependency work.


https://www.mediawiki.org/wiki/Continuous_integration/Architecture/Isolation

Event Timeline

hashar raised the priority of this task from to Needs Triage.
hashar updated the task description. (Show Details)
hashar added a project: acl*sre-team.
hashar added subscribers: hashar, Andrew, greg, zeljkofilipin.

I have poked ops list about it.

Krinkle set Security to None.

I have lost track of whom I should review this with or whether any action is needed on my side. The task is listed on ops team meeting but not sure how to progress from there.

Stepping out on a limb here but I think this has the potential, or is probable, to become a large Ops requiring project of Quarterly goal proportions. That is the reason I haven't yet tried to throw in on this, not because I want to leave you hanging, but because this is going to be a large thing that should get dedicated resources. To give due diligence review of the documents and design strategy, and overall problem set is a big ask. Not a bad or unreasonable one, but it seems like a "This is one of CI's quarterly goals and we need allocated Ops support to make it happen".

Thanks Chase, I guess the project seems bigger than it really is for ops. I am looking to get:

  • one or two servers added to labs subnet
  • the networks flow validated since I am not sure what is allowed to speak to what
  • validate the usage of the OpenStack API (boot VMs, possibly upload new images)
  • and of course support from some ops :-)

I am currently creating Debian packages for Zuul (almost done) and NodePool. All the software configuration is done via puppet manifests written by upstream/our team. So definitely some more review time needed there.

I am probably underestimating ops involvement, hence this task asking to review the architecture with your team and estimate the work that needs to be done.

fgiunchedi added a subscriber: fgiunchedi.

We had three meeting already with @chasemp @Andrew and @hashar . We are exchanging on a weekly basis.

Andrew lowered the priority of this task from High to Medium.Apr 11 2015, 9:29 PM
Andrew removed a project: Blocked-on-Operations.
hashar claimed this task.

Got solved/agreed etc and we eventually have Nodepool installed on a machine in the labs support network.