Mon, Sep 18
This is probably related to T172333 where keyholder_key: deploy_service is added.
All subtasks closed. Closing this one out.
Closing this task as invalid for now as tests for mathoid container are defined within the mathoid test entry point as built by blubber and not in scope for releng to define.
Fri, Sep 15
Thu, Sep 14
Able to build, new inline lintian nitpicks.
Deployed! Thanks @Gehel !
Wed, Sep 13
Mon, Sep 11
space around version number to make tox happy
Fri, Sep 8
Added 2 new memcached instances: deployment-memc06 and deployment-memc07 (already had a memc5). Both running memcached ran into T153468 but apart from that role::memcached seems to be all they needed.
Remove commented out code, remove else block in docker compile
Use fmt.Errorf vs errors.New(fmt.Sprintf, document ExpandVariant
Thu, Sep 7
I like moving the artifacts to using InstructionsForPhase. I have Weird Feelings™ about the defaultArtifacts method. Comments inline.
Wed, Sep 6
Since D766: Add scap3 deployment support landed I think this should be good to deploy whenever the puppet patches merged.
The fix for this went out with scap 3.7.0-1 on Monday.
Now that scap 3.7.0-1 is live, this should be fixed. To use a specific keyholder key, use the keyholder_key configuration value with the value that is the same as key_name for scap::target in puppet. e.g., for gerrit:
Now that scap 3.7.0-1 is live, the configuration variable require_valid_service should ensure that scap does not attempt to restart a service when systemctl show --property LoadState [service] comes back either not-found or masked.
Tue, Sep 5
The core issue here is that scap locking failed and allowed two sync* processes to happen at the same time. This caused some weird behavior as there are some race conditions within the deployment since it is not meant to run concurrently with itself.
I think the problem was caused by (from SAL):
So there a few items in the output that are red herrings:
Hrm, so it's failing at:
Fri, Sep 1
Looks good from the scap side. IEGReview code matches what was done with scholarships, lgtm although I have no experience with the application.
Thu, Aug 31
in favor of D765: Recursive variant expansion
Hi @fgiunchedi just tagged debian/3.7.0-1 on scap's release branch. Could you update scap on carbon please? Puppet patch on the way!
Wed, Aug 30
For clarification, can this task be removed as a blocker for sunsetting salt?
Calling this one done, blubber has an example yaml format that can generate Dockerfiles: https://phabricator.wikimedia.org/source/blubber/browse/master/blubber.example.yaml
Now that we have locked down the security for Jenkins a bit, contint1001 seems like a logical place to store credentials and run builds. We've discussed this a bit in the deployment pipeline meetings.
Tue, Aug 29
I remember talking about the necessity for this directory.
Mon, Aug 28
Code reviewed the patches that are outstanding for scholarships. One thing I noticed in my review is that krypton may not be accessible from tin via ssh(?):
minor nit + the golint errors, but overall lgtm!
Fri, Aug 25
Thu, Aug 24
It looks like this commit added mw as an undefined reference to that script: https://gerrit.wikimedia.org/r/#/c/372496/
instead of continuing the pattern inside the parameter_functions.py file of hard-coding repository names, i.e.:
You can inject environmental variables in a job inside the set_parameters function inside parameter_functions in the integration/config repo.
Wed, Aug 23
Added as blocking task to wmf.16 so that it doesn't slip off the radar.
Re-cherry picked the change to the wmf.14 branch to wmf.15.
The assertion has been active for these jobs for 2 weeks: