Seems to work just fine, added a few thoughts inline.
Works in testing. python setup.py install works fine, scap version gives me the right thing:
(/^ヮ^)/*:・ﾟ✧ go install -v -p 1 -ldflags "-X phabricator.wikimedia.org/source/blubber/meta.Version=0.2.0 -X phabricator.wikimedia.org/source/blubber/meta.GitCommit=72fdd23" phabricator.wikimedia.org/source/blubber phabricator.wikimedia.org/source/blubber/vendor/github.com/docker/distribution/digest phabricator.wikimedia.org/source/blubber/vendor/github.com/docker/distribution/reference phabricator.wikimedia.org/source/blubber/vendor/github.com/go-playground/locales/currency phabricator.wikimedia.org/source/blubber/vendor/github.com/go-playground/locales phabricator.wikimedia.org/source/blubber/vendor/github.com/go-playground/universal-translator phabricator.wikimedia.org/source/blubber/vendor/gopkg.in/go-playground/validator.v9 phabricator.wikimedia.org/source/blubber/vendor/gopkg.in/yaml.v2 phabricator.wikimedia.org/source/blubber/config phabricator.wikimedia.org/source/blubber/docker phabricator.wikimedia.org/source/blubber
WMF: was able to build a new debian package \o/
Wed, Nov 15
Tue, Nov 14
Mon, Nov 13
The problem that this specific task deals with was fixed by removing the specific revision being deployed on the 1 target server that was affected. This may have been a weird interaction between scap and an ORES check https://github.com/wikimedia/mediawiki-services-ores-deploy/blob/master/scap/cmd_worker.sh#L4-L5
Fri, Nov 10
Thu, Nov 9
To document the discussion from IRC the other day, docker run requires --sig-proxy=true to proxy signals to running containers; however, --sig-proxy=true doesn't seem to work if a tty has been allocated. To get the stdout/stderr to output to console log while still proxying signals, the docker run command should be something like:
(.venv)(/^ヮ^)/*:・ﾟ✧ pip3 freeze certifi==2017.11.5 chardet==3.0.4 docker==2.6.0 -e git+https://github.com/wikimedia/operations-docker-images-docker-pkg.git@287b719daedefa16bf04439c324aee44adacbade#egg=docker_pkg docker-pycreds==0.2.1 idna==2.6 Jinja2==2.9.6 MarkupSafe==1.0 python-debian==0.1.31 PyYAML==3.12 requests==2.18.4 six==1.11.0 urllib3==1.22 websocket-client==0.44.0
Wed, Nov 8
Look like the fix got lost in the deb build pipeline somewhere. New scap version 3.6.0-1~20171108193833.232 should now be installed with this fix:
Tue, Nov 7
Everything seems to work as intended, I have a few thoughts/questions inline about your intentions, but overall works well!
Mon, Nov 6
Change caused a failure to deploy in beta cluster: https://www.irccloud.com/pastebin/aVkJJuka/
Seems like he probably needs to extend the signing and encryption subkeys as you mention.
Wed, Nov 1
Worked for me in testing. Logic seem sound.
couple random things from testing this morning.
Tue, Oct 31
Sort packages correctly
Ah docker conventions. Making things nicer :)
T179353: Scap: Standardize git version should resolve whether or not this can merge.
Adding @MoritzMuehlenhoff explicitly since IIRC he did the work to add git 2.11 to jessie-backports.
Mon, Oct 30
squish the risqué one on line 68 to keep us PG/PC, then LGTM.
deploy with fancy_progress: True worked for me.
In some fiddling I realized this error message is coming from phab and not tin.
hrm. I was able to clone this locally on tin FWIW:
A workaround over the short-term may be to use git_upstream_submodules: True in the scap.cfg file. This would cause a fetch of the submodules from whatever is in the .gitmodules file in the repo on tin. This means that any local changes on tin won't be reflected in the checkout on the targets, but hopefully this is a workaround that won't have to stay in place forever.
Inline typo, otherwise looks good!
Thu, Oct 19
This also depends on the storage driver used. So we could use:
Looks good. Does what it says on the tin:
Oct 18 2017
nitpick inline, but seems to work in fine. Rebuilt the package and installed locally and all worked well.
@dduvall already has a good start here, reassigning.
Oct 17 2017
I don't know if this is related to the work on T174720: letsencrypt::cert::integrated and non-http servers but I added folks from that task here.
Oct 16 2017
Oct 13 2017
Works for me
prefer php7 over hhvm
scap 3.7.1-1 is now live. php5-cli | hhvm | php-cli is now part of Suggests