From walters at verbum.org  Tue May 10 13:35:07 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:35:07 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
Message-ID: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>

```
[atomic-sig at slave01 ~]$ host cbs.centos.org
cbs.centos.org has address 172.20.1.15
[atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
^C
```

Just times out - I'm guessing there's some intermediate firewall, or
perhaps IP conflict on the 172.19 subnet?

Using the external IP works:

```
[atomic-sig at slave01 ~]$ host cbs.centos.org 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

cbs.centos.org has address 66.187.224.194
[atomic-sig at slave01 ~]$ curl http://66.187.224.194/repos/virt7-docker-common-candidate/x86_64/os/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
```


From walters at verbum.org  Tue May 10 13:38:50 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:38:50 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
Message-ID: <1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>



On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
> ```
> [atomic-sig at slave01 ~]$ host cbs.centos.org
> cbs.centos.org has address 172.20.1.15
> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
> ^C
> ```
> 
> Just times out 

Argh!  It turns out it's https:// vs http://.  I broke it with:
https://github.com/CentOS/sig-atomic-buildscripts/pull/68

I can work around this for now by sed'ing the repo to use
http just inside the CI infra.


From arrfab at centos.org  Tue May 10 13:47:03 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Tue, 10 May 2016 15:47:03 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
Message-ID: <5731E657.80607@centos.org>

On 10/05/16 15:38, Colin Walters wrote:
> 
> 
> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>> ```
>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>> cbs.centos.org has address 172.20.1.15
>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>> ^C
>> ```
>>
>> Just times out 
> 
> Argh!  It turns out it's https:// vs http://.  I broke it with:
> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
> 
> I can work around this for now by sed'ing the repo to use
> http just inside the CI infra.

CI environment is located in the same DC as cbs, but in a different
subnet/vlan and with ip/port filtering at the gw level. Initially we
only opened http from ci to cbs, but I now added https too.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160510/9225757b/attachment.sig>

From walters at verbum.org  Tue May 10 13:53:58 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:53:58 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <5731E657.80607@centos.org>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
	<5731E657.80607@centos.org>
Message-ID: <1462888438.289727.603523505.3EB1F994@webmail.messagingengine.com>

On Tue, May 10, 2016, at 09:47 AM, Fabian Arrotin wrote:

> CI environment is located in the same DC as cbs, but in a different
> subnet/vlan and with ip/port filtering at the gw level. Initially we
> only opened http from ci to cbs, but I now added https too.

Thanks for the quick response, [confirmed] the fix works.

FWIW it's quite important to use https:// for CBS because the RPMs
are unsigned.  (And even if they were signed one would want to use
https:// anyways due to https://isis.poly.edu/%7Ejcappos/papers/cappos_mirror_ccs_08.pdf )



From jbrooks at redhat.com  Tue May 10 18:37:28 2016
From: jbrooks at redhat.com (Jason Brooks)
Date: Tue, 10 May 2016 11:37:28 -0700
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <5731E657.80607@centos.org>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
	<5731E657.80607@centos.org>
Message-ID: <CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>

On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
> On 10/05/16 15:38, Colin Walters wrote:
>>
>>
>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>> ```
>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>> cbs.centos.org has address 172.20.1.15
>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>> ^C
>>> ```
>>>
>>> Just times out
>>
>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>
>> I can work around this for now by sed'ing the repo to use
>> http just inside the CI infra.
>
> CI environment is located in the same DC as cbs, but in a different
> subnet/vlan and with ip/port filtering at the gw level. Initially we
> only opened http from ci to cbs, but I now added https too.

I'm getting a similar-looking issue w/ https from the ci artifacts location:

https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/

I'm trying to pull pkgs built in the ci and stored there in another ci job...

Jason

>
> --
> Fabian Arrotin
> The CentOS Project | http://www.centos.org
> gpg key: 56BEC54E | twitter: @arrfab
>
>
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>


From arrfab at centos.org  Tue May 10 18:43:41 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Tue, 10 May 2016 20:43:41 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
Message-ID: <57322BDD.80602@centos.org>

On 10/05/16 20:37, Jason Brooks wrote:
> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>> On 10/05/16 15:38, Colin Walters wrote:
>>>
>>>
>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>> ```
>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>> cbs.centos.org has address 172.20.1.15
>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>> ^C
>>>> ```
>>>>
>>>> Just times out
>>>
>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>
>>> I can work around this for now by sed'ing the repo to use
>>> http just inside the CI infra.
>>
>> CI environment is located in the same DC as cbs, but in a different
>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>> only opened http from ci to cbs, but I now added https too.
> 
> I'm getting a similar-looking issue w/ https from the ci artifacts location:
> 
> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
> 
> I'm trying to pull pkgs built in the ci and stored there in another ci job...
> 
> Jason
> 

Different issue as artifact node is internal and that has been discussed
some time ago :
https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
(and people confirmed that the solution worked for them)
And the wiki/doc was also adapted to only show one url that works both
internally and externally :
https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
http://artifacts.ci.centos.org/


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160510/324b4648/attachment.sig>

From walters at verbum.org  Tue May 10 18:53:46 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 14:53:46 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <57322BDD.80602@centos.org>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
Message-ID: <1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>

On Tue, May 10, 2016, at 02:43 PM, Fabian Arrotin wrote:
>
> http://artifacts.ci.centos.org/

That URL is currently only accessible via insecure HTTP (presented
cert's CN is just ci.centos.org), so I don't think it's a good idea to point
users or systems at it.


From jbrooks at redhat.com  Tue May 10 19:06:38 2016
From: jbrooks at redhat.com (Jason Brooks)
Date: Tue, 10 May 2016 12:06:38 -0700
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
	<1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>
Message-ID: <CAF=rfpBQ-YCxs98Vq6BwjQ-hjZnGS9261k5f3b0TyGwFb-B5iQ@mail.gmail.com>

On Tue, May 10, 2016 at 11:53 AM, Colin Walters <walters at verbum.org> wrote:
> On Tue, May 10, 2016, at 02:43 PM, Fabian Arrotin wrote:
>>
>> http://artifacts.ci.centos.org/
>
> That URL is currently only accessible via insecure HTTP (presented
> cert's CN is just ci.centos.org), so I don't think it's a good idea to point
> users or systems at it.

OK, for now I'm going to work around this in the ci job definition w/ some sed.

> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users


From mail-lists at karan.org  Wed May 11 13:12:19 2016
From: mail-lists at karan.org (Karanbir Singh)
Date: Wed, 11 May 2016 14:12:19 +0100
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <57322BDD.80602@centos.org>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
Message-ID: <8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>

On 10/05/16 19:43, Fabian Arrotin wrote:
> On 10/05/16 20:37, Jason Brooks wrote:
>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>
>>>>
>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>> ```
>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>> cbs.centos.org has address 172.20.1.15
>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>> ^C
>>>>> ```
>>>>>
>>>>> Just times out
>>>>
>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>
>>>> I can work around this for now by sed'ing the repo to use
>>>> http just inside the CI infra.
>>>
>>> CI environment is located in the same DC as cbs, but in a different
>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>> only opened http from ci to cbs, but I now added https too.
>>
>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>
>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>
>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>
>> Jason
>>
> 
> Different issue as artifact node is internal and that has been discussed
> some time ago :
> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
> (and people confirmed that the solution worked for them)
> And the wiki/doc was also adapted to only show one url that works both
> internally and externally :
> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
> http://artifacts.ci.centos.org/
> 

options on how the https:// might work on the CDN for buildlogs ?


-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc


From arrfab at centos.org  Wed May 11 13:34:48 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Wed, 11 May 2016 15:34:48 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>
References: <57322BDD.80602@centos.org>
	<8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>
Message-ID: <573334F8.2060808@centos.org>

On 11/05/16 15:12, Karanbir Singh wrote:
> On 10/05/16 19:43, Fabian Arrotin wrote:
>> On 10/05/16 20:37, Jason Brooks wrote:
>>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>>
>>>>>
>>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>>> ```
>>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>>> cbs.centos.org has address 172.20.1.15
>>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>>> ^C
>>>>>> ```
>>>>>>
>>>>>> Just times out
>>>>>
>>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>>
>>>>> I can work around this for now by sed'ing the repo to use
>>>>> http just inside the CI infra.
>>>>
>>>> CI environment is located in the same DC as cbs, but in a different
>>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>>> only opened http from ci to cbs, but I now added https too.
>>>
>>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>>
>>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>>
>>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>>
>>> Jason
>>>
>>
>> Different issue as artifact node is internal and that has been discussed
>> some time ago :
>> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
>> (and people confirmed that the solution worked for them)
>> And the wiki/doc was also adapted to only show one url that works both
>> internally and externally :
>> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
>> http://artifacts.ci.centos.org/
>>
> 
> options on how the https:// might work on the CDN for buildlogs ?
> 
> 

Well, buildlogs is external but also internal copy (yeah ....) but we'd
be able to setup proper https support for that, but the automatic
http->https redirection is what needs to be tested and how yum follows
the redirection for the repomd.xml file (if that works)
Something added on the TODO list, but not priority #1 this week though

OTOH, it's true that it was also discussed that people needing a lot of
artifacts file should ask those to be published on the CDN, and not
retrieved from CI network at all (but can be problematic if people want
the same test to work inside and outside too)

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160511/f25ea924/attachment.sig>

From walters at verbum.org  Fri May 13 20:18:37 2016
From: walters at verbum.org (Colin Walters)
Date: Fri, 13 May 2016 16:18:37 -0400
Subject: [Ci-users] Request for
	https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
Message-ID: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>

It's a handy way to implement cleanup actions, such as de-provisioning a duffy machine regardless of whether or not a job succeeds.


From dms at redhat.com  Fri May 13 22:20:43 2016
From: dms at redhat.com (David Moreau Simard)
Date: Fri, 13 May 2016 18:20:43 -0400
Subject: [Ci-users] Request for
	https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
In-Reply-To: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
References: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
Message-ID: <CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>

I'm already using this for several jobs, exactly for the use case of
cleaning up nodes and collecting nodes.

Is it not working for you ?
Is post-tasks the same thing ?

This is what it looks like in a Jenkins Job Builder template:
https://github.com/rdo-infra/ci-config/blob/master/jenkins/jobs/weirdo-defaults.yml#L34

David Moreau Simard
Senior Software Engineer | Openstack RDO

dmsimard = [irc, github, twitter]
It's a handy way to implement cleanup actions, such as de-provisioning a
duffy machine regardless of whether or not a job succeeds.
_______________________________________________
Ci-users mailing list
Ci-users at centos.org
https://lists.centos.org/mailman/listinfo/ci-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160513/92b23692/attachment.html>

From dominic at cleal.org  Mon May 16 09:46:33 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Mon, 16 May 2016 10:46:33 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <56964871.90109@karan.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org>
Message-ID: <573996F9.1070001@cleal.org>

On 13/01/16 12:52, Karanbir Singh wrote:
> We've been looking at and trying to scope up
> getting an RDO cloud in place, that could then be used for 3 things :
> 
> 1) making an openstack api available for people who want to just consume
> VM's for their workloads
> 
> 2) migrating the slaves into openstack managed ( ie, self/user managed )
> virtual machines
> 
> 3) offering up image backed resources for people looking at doing
> testing with other OSs, eg what the libvirt and libguestfs folks do at
> the moment.
> 
> We have a dedicated hardware slab ( ~ 24 phy machines worth ) dedicated
> to this task ( so as to not cut into the ci baremetal pools ), but are
> waiting on the RH facility folks to get it wired up and dial-toned.
> 
> Given the nature and impact of this setup, I am going to try and see if
> we can speed up delivery of that infra from the present timeline of end
> Feb '16.

Do you expect this service to be available soon?

-- 
Dominic Cleal
dominic at cleal.org


From kbsingh at centos.org  Mon May 16 11:26:58 2016
From: kbsingh at centos.org (Karanbir Singh)
Date: Mon, 16 May 2016 12:26:58 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <573996F9.1070001@cleal.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org> <573996F9.1070001@cleal.org>
Message-ID: <03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16/05/16 10:46, Dominic Cleal wrote:
> On 13/01/16 12:52, Karanbir Singh wrote:
>> We've been looking at and trying to scope up getting an RDO cloud
>> in place, that could then be used for 3 things :
>> 
>> 1) making an openstack api available for people who want to just
>> consume VM's for their workloads
>> 
>> 2) migrating the slaves into openstack managed ( ie, self/user
>> managed ) virtual machines
>> 
>> 3) offering up image backed resources for people looking at
>> doing testing with other OSs, eg what the libvirt and libguestfs
>> folks do at the moment.
>> 
>> We have a dedicated hardware slab ( ~ 24 phy machines worth )
>> dedicated to this task ( so as to not cut into the ci baremetal
>> pools ), but are waiting on the RH facility folks to get it wired
>> up and dial-toned.
>> 
>> Given the nature and impact of this setup, I am going to try and
>> see if we can speed up delivery of that infra from the present
>> timeline of end Feb '16.
> 
> Do you expect this service to be available soon?
> 

I've got the basic stuff in place, and we should be able to open for
wider testing in the next day or so.

regards

- -- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXOa6CAAoJEI3Oi2Mx7xbtx1QIAK2Qa6vpvr7PIeTM7uBFP54B
kFKrh4ivyYJLAboLT8NlrSjhFuKWYcBY2P+5nUXi2lzB93M41ZnZdKSBQcBxAgC7
DMjQpGbvWsHOwcaev7y2cg3QwEMVtejPJX7Tx2+aZwX0Zr3i1Zdc7ah26YRAenm7
F3MDdvfQuZeMWBBfUm0ENDXx4eEMjMt4O8Cs1DpTqtCq3ZLDbeSAvNFU+zazocfG
zTfII9/w2uajWWWOGjZWAzffzf2x2/93uPz1ZYqsk9pK6T/MNaLr+pLIYLewUHXG
piNk1ibuTl2qmrK9FoQZYbROqFKgCoQfgnXAldMekjMDhkOldVLddUbZjmh7GlQ=
=MAkC
-----END PGP SIGNATURE-----


From dominic at cleal.org  Mon May 16 13:11:50 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Mon, 16 May 2016 14:11:50 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org> <573996F9.1070001@cleal.org>
	<03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>
Message-ID: <5739C716.8020101@cleal.org>

On 16/05/16 12:26, Karanbir Singh wrote:
> On 16/05/16 10:46, Dominic Cleal wrote:
>> On 13/01/16 12:52, Karanbir Singh wrote:
>>> We've been looking at and trying to scope up getting an RDO cloud
>>> in place, that could then be used for 3 things :
>>>
>>> 1) making an openstack api available for people who want to just
>>> consume VM's for their workloads
>>>
>>> 2) migrating the slaves into openstack managed ( ie, self/user
>>> managed ) virtual machines
>>>
>>> 3) offering up image backed resources for people looking at
>>> doing testing with other OSs, eg what the libvirt and libguestfs
>>> folks do at the moment.
>>>
>>> We have a dedicated hardware slab ( ~ 24 phy machines worth )
>>> dedicated to this task ( so as to not cut into the ci baremetal
>>> pools ), but are waiting on the RH facility folks to get it wired
>>> up and dial-toned.
>>>
>>> Given the nature and impact of this setup, I am going to try and
>>> see if we can speed up delivery of that infra from the present
>>> timeline of end Feb '16.
> 
>> Do you expect this service to be available soon?
> 
> 
> I've got the basic stuff in place, and we should be able to open for
> wider testing in the next day or so.

That's great news, thanks. I'd be happy to help test.

-- 
Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160516/292b4178/attachment.sig>

From walters at verbum.org  Mon May 16 15:24:48 2016
From: walters at verbum.org (Colin Walters)
Date: Mon, 16 May 2016 11:24:48 -0400
Subject: [Ci-users] Request for
 https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
In-Reply-To: <CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>
References: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
	<CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>
Message-ID: <1463412288.4049714.609249617.5D2C4243@webmail.messagingengine.com>

 
 
 
On Fri, May 13, 2016, at 06:20 PM, David Moreau Simard wrote:
> I'm already using this for several jobs, exactly for the use case of
> cleaning up nodes and collecting nodes.
> Is it not working for you ?
>  Is post-tasks the same thing ?
 
Looks like that's a different plugin, but indeed seems pretty close.? I
actually ended up using:
 
```
publishers:
- trigger-parameterized-builds:
```
 
Which is installed now, because I wanted to serialize around a single
cleanup builder for duffy.? I'lll post more about this later.
 
Thanks though for the link to your JJB - it's really useful to see what
other people are doing in this area.? What I'm working on now is in:
https://github.com/cgwalters/sig-atomic-buildscripts/tree/pr-testing/centos-ci
for those interested.
 
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160516/f9fee501/attachment.html>

From hhorak at redhat.com  Tue May 17 16:46:56 2016
From: hhorak at redhat.com (Honza Horak)
Date: Tue, 17 May 2016 18:46:56 +0200
Subject: [Ci-users] Test results not sent to github PR
Message-ID: <573B4B00.4060408@redhat.com>

I'm fighting with github+jenkins integration; specifically I'd like to 
make jenkins to run a job [1] for every commit in PR [2] or after 
writing message '[test]' in this PR. Then I expect the test result to be 
set in github PR.

One issue I see is that when trying to follow [3] and adding 
'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent 
Deliveries' section.

Well, when adding [test] comment, the job is run, but the output is not 
sent into github.

I'd appreciate any help here, since I'm quite new to jenkins..

[1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
[2] https://github.com/sclorg/mariadb-container/pull/1
[3] https://wiki.centos.org/QaWiki/CI/GithubIntegration

Honza


From brian at bstinson.com  Tue May 17 16:52:14 2016
From: brian at bstinson.com (Brian Stinson)
Date: Tue, 17 May 2016 11:52:14 -0500
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <573B4B00.4060408@redhat.com>
References: <573B4B00.4060408@redhat.com>
Message-ID: <20160517165214.GT4349@ender.bstinson.lan>

On May 17 18:46, Honza Horak wrote:
> I'm fighting with github+jenkins integration; specifically I'd like to make
> jenkins to run a job [1] for every commit in PR [2] or after writing message
> '[test]' in this PR. Then I expect the test result to be set in github PR.
> 
> One issue I see is that when trying to follow [3] and adding
> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent Deliveries'
> section.
> 
> Well, when adding [test] comment, the job is run, but the output is not sent
> into github.
> 
> I'd appreciate any help here, since I'm quite new to jenkins..
> 
> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
> [2] https://github.com/sclorg/mariadb-container/pull/1
> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
> 
> Honza
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users

Be sure you have the trailing slash in the webhook url:

https://ci.centos.org/ghbrphook/ 

I'll update [3] to make sure that's more clear.

Cheers!

--
Brian Stinson 


From hhorak at redhat.com  Tue May 17 18:18:58 2016
From: hhorak at redhat.com (Honza Horak)
Date: Tue, 17 May 2016 20:18:58 +0200
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <20160517165214.GT4349@ender.bstinson.lan>
References: <573B4B00.4060408@redhat.com>
	<20160517165214.GT4349@ender.bstinson.lan>
Message-ID: <573B6092.8060704@redhat.com>

On 05/17/2016 06:52 PM, Brian Stinson wrote:
> On May 17 18:46, Honza Horak wrote:
>> I'm fighting with github+jenkins integration; specifically I'd like to make
>> jenkins to run a job [1] for every commit in PR [2] or after writing message
>> '[test]' in this PR. Then I expect the test result to be set in github PR.
>>
>> One issue I see is that when trying to follow [3] and adding
>> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent Deliveries'
>> section.
>>
>> Well, when adding [test] comment, the job is run, but the output is not sent
>> into github.
>>
>> I'd appreciate any help here, since I'm quite new to jenkins..
>>
>> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
>> [2] https://github.com/sclorg/mariadb-container/pull/1
>> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
>>
>> Honza
>> _______________________________________________
>> Ci-users mailing list
>> Ci-users at centos.org
>> https://lists.centos.org/mailman/listinfo/ci-users
>
> Be sure you have the trailing slash in the webhook url:
>
> https://ci.centos.org/ghbrphook/
>
> I'll update [3] to make sure that's more clear.

I'm afraid it still doesn't work, this is my output in 'Recent Deliveries':

Headers

Cache-Control: must-revalidate,no-cache,no-store
Connection: keep-alive
Content-Length: 1441
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 17 May 2016 18:18:07 GMT
Server: nginx/1.0.15
X-Content-Type-Options: nosniff

Body

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /ghbrphook/. Reason:
<pre>    No valid crumb was included in the request</pre></p><hr 
/><i><small>Powered by Jetty://</small></i><br/> 

<br/>

Honza


From walters at verbum.org  Wed May 18 16:40:23 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 12:40:23 -0400
Subject: [Ci-users] duffy requests
Message-ID: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>

1) Public source code
2) Arbitrary metadata (could be JSON or just a blob) like /Node/get/?key=blah&metadata=<base64 encoded json>
   Then a new /InventoryExt verb that returns JSON like:

[
    { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded json>" },
    { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded json>" }
]

3) Also add a new option to /get/  named "longpoll" which means the machine is automatically deallocated when the requester's TCP connection closes.  This would help ensure that e.g. cancelling the job or a Jenkins restart etc. automatically deallocated the machine


From herlo at redhat.com  Wed May 18 17:04:18 2016
From: herlo at redhat.com (Clint Savage)
Date: Wed, 18 May 2016 11:04:18 -0600
Subject: [Ci-users] duffy requests
In-Reply-To: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
Message-ID: <CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>

I like this concept. I wonder if the base64 encoding is really necessary.

Here's what our internal tool reads. I would love to see something that
could work in both environments with very little adjustment.

This example uses openstack, thus the 'user-data-files' is unnecessary, and
the main resources might look different also.

{
    "resources": [
        {
            "name": "openshift-node1",
            "count": "1",
            "flavor": "m1.medium",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'primary', 'zone':
'east'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["nodes", "OSEv3"]
            }
        },
        {
            "name": "openshift-node2",
            "count": "1",
            "flavor": "m1.medium",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'primary', 'zone':
'west'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["nodes", "OSEv3", "repo_host"]
            }
        },
        {
            "name": "openshift-master",
            "count": "1",
            "flavor": "m1.large",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'infra', 'zone':
'default'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["masters", "nodes", "OSEv3"]
            }
        }
   ]
}

Cheers,

herlo

On Wed, May 18, 2016 at 10:40 AM, Colin Walters <walters at verbum.org> wrote:

> 1) Public source code
> 2) Arbitrary metadata (could be JSON or just a blob) like
> /Node/get/?key=blah&metadata=<base64 encoded json>
>    Then a new /InventoryExt verb that returns JSON like:
>
> [
>     { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded
> json>" },
>     { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded
> json>" }
> ]
>
> 3) Also add a new option to /get/  named "longpoll" which means the
> machine is automatically deallocated when the requester's TCP connection
> closes.  This would help ensure that e.g. cancelling the job or a Jenkins
> restart etc. automatically deallocated the machine
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/2e5906ab/attachment.html>

From ari at redhat.com  Wed May 18 17:11:09 2016
From: ari at redhat.com (Ari LiVigni)
Date: Wed, 18 May 2016 13:11:09 -0400
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
Message-ID: <CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>

It would be great if this could be generated as dynamic ansible inventory.
We do this with the output of the node creation.  This way it becomes very
easy to use ansible to do any follow on tasks once you have the resources.

On Wed, May 18, 2016 at 1:04 PM, Clint Savage <herlo at redhat.com> wrote:

> I like this concept. I wonder if the base64 encoding is really necessary.
>
> Here's what our internal tool reads. I would love to see something that
> could work in both environments with very little adjustment.
>
> This example uses openstack, thus the 'user-data-files' is unnecessary,
> and the main resources might look different also.
>
> {
>     "resources": [
>         {
>             "name": "openshift-node1",
>             "count": "1",
>             "flavor": "m1.medium",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'primary', 'zone':
> 'east'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["nodes", "OSEv3"]
>             }
>         },
>         {
>             "name": "openshift-node2",
>             "count": "1",
>             "flavor": "m1.medium",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'primary', 'zone':
> 'west'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["nodes", "OSEv3", "repo_host"]
>             }
>         },
>         {
>             "name": "openshift-master",
>             "count": "1",
>             "flavor": "m1.large",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'infra', 'zone':
> 'default'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["masters", "nodes", "OSEv3"]
>             }
>         }
>    ]
> }
>
> Cheers,
>
> herlo
>
> On Wed, May 18, 2016 at 10:40 AM, Colin Walters <walters at verbum.org>
> wrote:
>
>> 1) Public source code
>> 2) Arbitrary metadata (could be JSON or just a blob) like
>> /Node/get/?key=blah&metadata=<base64 encoded json>
>>    Then a new /InventoryExt verb that returns JSON like:
>>
>> [
>>     { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded
>> json>" },
>>     { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded
>> json>" }
>> ]
>>
>> 3) Also add a new option to /get/  named "longpoll" which means the
>> machine is automatically deallocated when the requester's TCP connection
>> closes.  This would help ensure that e.g. cancelling the job or a Jenkins
>> restart etc. automatically deallocated the machine
>> _______________________________________________
>> Ci-users mailing list
>> Ci-users at centos.org
>> https://lists.centos.org/mailman/listinfo/ci-users
>>
>
>
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
>


-- 
-== @ri ==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/c1de0f04/attachment.html>

From herlo at redhat.com  Wed May 18 17:15:10 2016
From: herlo at redhat.com (Clint Savage)
Date: Wed, 18 May 2016 11:15:10 -0600
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
Message-ID: <CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>

On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com> wrote:

> It would be great if this could be generated as dynamic ansible
> inventory.  We do this with the output of the node creation.  This way it
> becomes very easy to use ansible to do any follow on tasks once you have
> the resources.
>
>
+1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/0e0d45cc/attachment.html>

From kbsingh at centos.org  Wed May 18 17:22:13 2016
From: kbsingh at centos.org (Karanbir Singh)
Date: Wed, 18 May 2016 18:22:13 +0100
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
	<CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
Message-ID: <fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/05/16 18:15, Clint Savage wrote:
> 
> 
> On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com 
> <mailto:ari at redhat.com>> wrote:
> 
> It would be great if this could be generated as dynamic ansible 
> inventory.  We do this with the output of the node creation.  This 
> way it becomes very easy to use ansible to do any follow on tasks 
> once you have the resources.
> 
> 
> +1

what might that actually look like ?


- -- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXPKTFAAoJEI3Oi2Mx7xbt7DIH/iQ2dc/OaW60cH21dEnt6WuL
aqB6rnoBLjws3v0AbYKFzoFjYtA3xd/UNTERa4CjIPWkcdkz/QlUAxRVuuuvC3A1
h29WFnSWhxnEIbRQROAI8dv+qkBum5KjN85ZyVN66mllXPPlLLC1A7w0x+29V8Zo
Keq7+UPPbIQItzyUrJjzRVXIhy456GtUoco+BvmUkESG7eBRyGePjyHH8iFzdArY
jAkNrakPr/CSmXunoYThRDx6I0mAiGnNqXTPoBH2T6bRWWFFfbQdJc0App9uqNa6
gxHGEPLQ7Bt+gCyqgQ8ViGH3U8Rury0kXT83pVYJl7Y4wyowiQEy7Ld/8zRt2oA=
=4ADD
-----END PGP SIGNATURE-----


From ari at redhat.com  Wed May 18 17:47:02 2016
From: ari at redhat.com (Ari LiVigni)
Date: Wed, 18 May 2016 13:47:02 -0400
Subject: [Ci-users] duffy requests
In-Reply-To: <fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
	<CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
	<fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>
Message-ID: <CAMqnh2O2RrfwxD1MMKRmyYqNQ+QDiKKJ3e9njR6OPSEQOqPoow@mail.gmail.com>

*The input is the file that Clint provided which is called a topology file:*
https://paste.fedoraproject.org/368077/35929591/

*Our tools generates output:*
resources.json
https://paste.fedoraproject.org/368075/46359285/

*Then we use this script to use as an inventory file to ansible:*
https://paste.fedoraproject.org/368080/46359306/

*We run the this command to get the inventory:*
python ci-factory/utils/central_ci_dynamic_hosts.py | python -m json.tool

*Inventory looks like:*
https://paste.fedoraproject.org/368081/63593258/

Then you can run:
ansible-playbook -i ci-factory/utils/central_ci_dynamic_hosts.py
--private-key <ssh-key> <playbook-you-want-to-run>

Sounds like from Brian's demo that this could be done after you get the
resources as well by the user, but it may be nice to have this as an
infrastructure toolset.

On Wed, May 18, 2016 at 1:22 PM, Karanbir Singh <kbsingh at centos.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 18/05/16 18:15, Clint Savage wrote:
> >
> >
> > On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com
> > <mailto:ari at redhat.com>> wrote:
> >
> > It would be great if this could be generated as dynamic ansible
> > inventory.  We do this with the output of the node creation.  This
> > way it becomes very easy to use ansible to do any follow on tasks
> > once you have the resources.
> >
> >
> > +1
>
> what might that actually look like ?
>
>
> - --
> Karanbir Singh, Project Lead, The CentOS Project
> +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
> GnuPG Key : http://www.karan.org/publickey.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQEcBAEBAgAGBQJXPKTFAAoJEI3Oi2Mx7xbt7DIH/iQ2dc/OaW60cH21dEnt6WuL
> aqB6rnoBLjws3v0AbYKFzoFjYtA3xd/UNTERa4CjIPWkcdkz/QlUAxRVuuuvC3A1
> h29WFnSWhxnEIbRQROAI8dv+qkBum5KjN85ZyVN66mllXPPlLLC1A7w0x+29V8Zo
> Keq7+UPPbIQItzyUrJjzRVXIhy456GtUoco+BvmUkESG7eBRyGePjyHH8iFzdArY
> jAkNrakPr/CSmXunoYThRDx6I0mAiGnNqXTPoBH2T6bRWWFFfbQdJc0App9uqNa6
> gxHGEPLQ7Bt+gCyqgQ8ViGH3U8Rury0kXT83pVYJl7Y4wyowiQEy7Ld/8zRt2oA=
> =4ADD
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>



-- 
-== @ri ==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/feed6e5d/attachment.html>

From walters at verbum.org  Wed May 18 21:05:47 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 17:05:47 -0400
Subject: [Ci-users] centos-ci-skeleton v2016.1
Message-ID: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>

Hi,

https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

is a repo I put together today that's factoring out some recent work
I did on a new duffy wrapper script:

https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

Combined with JJB templates:

https://github.com/cgwalters/centos-ci-skeleton/blob/master/jjb-tmpl/cciskel-duffy.yml

My high level goal is to try to establish a bit more of a shared
baseline codebase.  It seems for example that most CentOS CI users
are using Jenkins Job Builder.  (If you're not, you should really consider it).

If you look at my demo job:

https://github.com/cgwalters/centos-ci-skeleton/tree/master/jjb-demo

It shows how to pair together things so that you get a reusable node
that's provisioned via an Ansible playbook.



From walters at verbum.org  Thu May 19 00:08:21 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 20:08:21 -0400
Subject: [Ci-users] centos-ci-skeleton v2016.1
In-Reply-To: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
References: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
Message-ID: <1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>



On Wed, May 18, 2016, at 05:05 PM, Colin Walters wrote:
> Hi,
> 
> https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
> 
> is a repo I put together today that's factoring out some recent work
> I did on a new duffy wrapper script:
> 
> https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

This second link should have been 
https://github.com/cgwalters/centos-ci-skeleton/blob/master/cciskel-duffy


From ndevos at redhat.com  Thu May 19 10:17:20 2016
From: ndevos at redhat.com (Niels de Vos)
Date: Thu, 19 May 2016 12:17:20 +0200
Subject: [Ci-users] Request for virtual IP-addresses in the CI for fail-over
	testing
Message-ID: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>

An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/c2c0831e/attachment.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/c2c0831e/attachment.sig>

From arrfab at centos.org  Thu May 19 11:56:46 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Thu, 19 May 2016 13:56:46 +0200
Subject: [Ci-users] Request for virtual IP-addresses in the CI for
 fail-over testing
In-Reply-To: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>
References: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>
Message-ID: <573DA9FE.7000606@centos.org>

On 19/05/16 12:17, Niels de Vos wrote:
> Hi,
> 
> there is an integration in place with Gluster, NFS-Ganesha and
> Pacemaker. This combination makes it possible to have an active-active
> high-available NFS-server backed by Gluster volumes.
> 
> We'd like to add automated testing for functional fail-over in the CI.
> This requires the use of virtual-IPs that get assigned to the different
> NFS-Ganesha servers, which will migrate to other servers upon failure.
> 
> On https://wiki.centos.org/QaWiki/PubHardware is a mentioning of
> "reserved IP addresses" where the Gluster project in the CI would like
> to get listed too. What is the process to request a few IPs, and what
> are the restrictions we need to be aware of (and how to put them in the
> Jenkins job)?
> 
> Thanks,
> Niels

Hi Niels,

There are probably multiple ways to solve that. For example you have
multiple interfaces (and eth0 -> eth3 are now in the same vlan, but only
eth0 is configured )
So you can for example use another subnet not conflicting with the
172.19.0.0/22 (nor 172.19.4.0/22 also alocated for remote VMs), but I
don't know how you'll test the virtual ip : I guess from another
provisioned node (like a nfs client).
I've reserved the following range for Gluster : 172.19.2.21 ->
172.19.1.30 (and documented it on the wiki page)

Does that work for you ?

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/6d0b3bb3/attachment.sig>

From herlo at redhat.com  Thu May 19 15:23:26 2016
From: herlo at redhat.com (Clint Savage)
Date: Thu, 19 May 2016 09:23:26 -0600
Subject: [Ci-users] centos-ci-skeleton v2016.1
In-Reply-To: <1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>
References: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
	<1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>
Message-ID: <CAMwYf-6BtSxVjHWsG_rJ3Cae7Zh-L5bejVQ7J24kzVCwicMVJA@mail.gmail.com>

Colin,

+1 on this. I've just created
https://github.com/CentOS-PaaS-SIG/centos-paas-ci and will be contributing
there PaaS CI things. I intend to use the cciskel-duffy script, and hope to
model things similarly.

One thought I have been having about the metadata bits we discussed
yesterday in the meeting. What if we didn't have duffy do the metadata, but
rather consumed the session values, nodes, etc. from duffy, then allowed
the cciskel-duffy to pull in a json file that helped define metadata. I can
see that you are doing a small inventory bit in the code, it looks mostly
around ansible groups.

Consider the following use case/story. I've requested three nodes from
duffy, for an openshift cluster. One will be the master, the other two will
be nodes. Putting a custom built RPM repository on one node (not the
master), and then installing using the atomic-openshift-installer. a
installer.cfg.yml file will need to be created which details these items.
Having this in a dynamically-generated inventory from your cciskel-duffy
tool seems like a great location, at least until duffy can do this itself.

Thoughts?

herlo

On Wed, May 18, 2016 at 6:08 PM, Colin Walters <walters at verbum.org> wrote:

>
>
> On Wed, May 18, 2016, at 05:05 PM, Colin Walters wrote:
> > Hi,
> >
> > https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
> >
> > is a repo I put together today that's factoring out some recent work
> > I did on a new duffy wrapper script:
> >
> > https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
>
> This second link should have been
> https://github.com/cgwalters/centos-ci-skeleton/blob/master/cciskel-duffy
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/31d73582/attachment.html>

From arrfab at centos.org  Fri May 20 08:27:37 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Fri, 20 May 2016 10:27:37 +0200
Subject: [Ci-users] Important infra outage notification - dates to be
	discussed
Message-ID: <573ECA79.70207@centos.org>

Due to some reorganization at the DC/Cage level, we'll have to
shutdown/move/reconfigure a big part of our hosted infra for the
following services :
- cbs.centos.org (Koji)
- accounts.centos.org (auth backend)
- ci.centos.org (jenkins-driven CI environment)

We're working on a plan to minimize the downtime/reconfiguration part,
but at first sight, due to the hardware move of the racks/recabling
parts/etc, the announced downtime will be probably ~48h.

What does that mean ? That during this window, nobody will be able to
build/tests packages, nor be able to triggers automatically CI jobs
(important).
As said, we're working on an agenda with the team operating the DC, but
we'd like you (cbs and ci users) to give us feedback on the best (or
worst ?) time line for such migration.

For example if you know that your $project will have a release soon, and
already have an agenda for such release (and so build/ci) and that you
rely on that infra, we'd like you to communicate those informations to
us, so that we can try to find the best possible time slot for the
migration, minimizing the impact on the whole CentOS ecosystem (and so
for all our users)

Feel free to answer in this thread, or find us in #centos-devel on freenode.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160520/7eb2d2aa/attachment.sig>

From walters at verbum.org  Sat May 21 13:31:48 2016
From: walters at verbum.org (Colin Walters)
Date: Sat, 21 May 2016 09:31:48 -0400
Subject: [Ci-users] Jenkins SafeRestart to add extra CSRF Protection
 19-Apr-2016 14h30 UTC (09h30 EDT)
In-Reply-To: <20160419135426.GC4349@ender.bstinson.lan>
References: <20160419135426.GC4349@ender.bstinson.lan>
Message-ID: <1463837508.618503.614550297.2097E00D@webmail.messagingengine.com>

On Tue, Apr 19, 2016, at 09:54 AM, Brian Stinson wrote:
> Hi Folks,
> 
> In response to news of directed attacks against public Jenkins
> instances[0], we are enabling some of the CSRF protections in ci.centos.org

It looks like this also caused:

https://github.com/janinko/ghprb/issues/84

However I'm a bit confused - it seems like a lot more
people should be hitting this.  Perhaps people just aren't
turning on CSRF?

Then I also found
https://github.com/jenkinsci/ghprb-plugin/commit/cb8447f991aebe3de688d3548c451dd128e16900
which:
$ git describe --contains cb8447f991aebe3de688d3548c451dd128e16900
ghprb-1.28~3^2

So it *should* be in the 1.30.4 we're running according to
https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]

Did anyone else manage to get the ghprb hooks working?

(Aside, I was trying to work around this by using the raw `github` plugin's webhook
 which does work, but I couldn't quite figure out how to make a single job that builds
 multiple PRs be "stable", i.e. avoid retriggering for previously built PRs, plus in the
 end we do need a way to retrigger as ghprb handles)


From bstinson at redhat.com  Mon May 23 19:58:28 2016
From: bstinson at redhat.com (Brian Stinson)
Date: Mon, 23 May 2016 14:58:28 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
Message-ID: <20160523195828.GC26882@ender.bstinson.lan>

Hi Folks,

We will be having a maintenance window starting at 1AM UTC on Friday,
May 27th to do the following work:

- Upgrade to the latest Jenkins LTS 
- Upgrade all plugins (including the Github Plugin) to their latest
  versions
- Install the Pipeline Plugin (bug: 10825)
- Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
- Reboot the storage node 

The following services will be affected:
- ci.centos.org: Jenkins Frontend
- artifacts.ci.centos.org: File availability

As usual we will have a quiet period starting 1 hour before in order to
let pending jobs clear out.

If there are any questions please let us know.

Cheers!

--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160523/abfd0ba2/attachment.sig>

From hhorak at redhat.com  Mon May 23 20:12:59 2016
From: hhorak at redhat.com (Honza Horak)
Date: Mon, 23 May 2016 22:12:59 +0200
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <573B6092.8060704@redhat.com>
References: <573B4B00.4060408@redhat.com>
	<20160517165214.GT4349@ender.bstinson.lan>
	<573B6092.8060704@redhat.com>
Message-ID: <5743644B.80001@redhat.com>

Thinking about it a bit, I think it might be caused by the fact that 
"GitHub API credentials" only allows to set "Anonymous connection". 
Shouldn't it be configured so that it can use centos-ci user?

honza

On 05/17/2016 08:18 PM, Honza Horak wrote:
> On 05/17/2016 06:52 PM, Brian Stinson wrote:
>> On May 17 18:46, Honza Horak wrote:
>>> I'm fighting with github+jenkins integration; specifically I'd like
>>> to make
>>> jenkins to run a job [1] for every commit in PR [2] or after writing
>>> message
>>> '[test]' in this PR. Then I expect the test result to be set in
>>> github PR.
>>>
>>> One issue I see is that when trying to follow [3] and adding
>>> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent
>>> Deliveries'
>>> section.
>>>
>>> Well, when adding [test] comment, the job is run, but the output is
>>> not sent
>>> into github.
>>>
>>> I'd appreciate any help here, since I'm quite new to jenkins..
>>>
>>> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
>>> [2] https://github.com/sclorg/mariadb-container/pull/1
>>> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
>>>
>>> Honza
>>> _______________________________________________
>>> Ci-users mailing list
>>> Ci-users at centos.org
>>> https://lists.centos.org/mailman/listinfo/ci-users
>>
>> Be sure you have the trailing slash in the webhook url:
>>
>> https://ci.centos.org/ghbrphook/
>>
>> I'll update [3] to make sure that's more clear.
>
> I'm afraid it still doesn't work, this is my output in 'Recent Deliveries':
>
> Headers
>
> Cache-Control: must-revalidate,no-cache,no-store
> Connection: keep-alive
> Content-Length: 1441
> Content-Type: text/html;charset=ISO-8859-1
> Date: Tue, 17 May 2016 18:18:07 GMT
> Server: nginx/1.0.15
> X-Content-Type-Options: nosniff
>
> Body
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
> <title>Error 403 No valid crumb was included in the request</title>
> </head>
> <body><h2>HTTP ERROR 403</h2>
> <p>Problem accessing /ghbrphook/. Reason:
> <pre>    No valid crumb was included in the request</pre></p><hr
> /><i><small>Powered by Jetty://</small></i><br/>
> <br/>
>
> Honza
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users


From dominic at cleal.org  Tue May 24 07:15:42 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Tue, 24 May 2016 08:15:42 +0100
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160523195828.GC26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
Message-ID: <5743FF9E.9010207@cleal.org>

On 23/05/16 20:58, Brian Stinson wrote:
> Hi Folks,
> 
> We will be having a maintenance window starting at 1AM UTC on Friday,
> May 27th to do the following work:
> 
> - Upgrade to the latest Jenkins LTS 

Just a heads up, the latest Jenkins LTS (1.651.2) broke a few plugins in
its default configuration which filters out unknown job parameters.
Notably it broke the matrix project plugin which will probably affect a
few users - I had to disable the new security feature on the Foreman
Jenkins server.

https://issues.jenkins-ci.org/browse/JENKINS-34758 and
https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170
have more details about the plugins affected.

-- 
Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160524/22505e56/attachment.sig>

From brian at bstinson.com  Thu May 26 17:14:30 2016
From: brian at bstinson.com (Brian Stinson)
Date: Thu, 26 May 2016 12:14:30 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160523195828.GC26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
Message-ID: <20160526171430.GG26882@ender.bstinson.lan>

On May 23 14:58, Brian Stinson wrote:
> Hi Folks,
> 
> We will be having a maintenance window starting at 1AM UTC on Friday,
> May 27th to do the following work:
> 
> - Upgrade to the latest Jenkins LTS 
> - Upgrade all plugins (including the Github Plugin) to their latest
>   versions
> - Install the Pipeline Plugin (bug: 10825)
> - Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
> - Reboot the storage node 
> 
> The following services will be affected:
> - ci.centos.org: Jenkins Frontend
> - artifacts.ci.centos.org: File availability
> 
> As usual we will have a quiet period starting 1 hour before in order to
> let pending jobs clear out.
> 
> If there are any questions please let us know.
> 
> Cheers!
> 
> --
> Brian Stinson
> CentOS CI Infrastructure Team

Hi All,

Just a reminder that this maintenance window will take place tonight!

Cheers!

--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160526/fbb61b81/attachment.sig>

From brian at bstinson.com  Fri May 27 01:41:20 2016
From: brian at bstinson.com (Brian Stinson)
Date: Thu, 26 May 2016 20:41:20 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160526171430.GG26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
Message-ID: <20160527014120.GH26882@ender.bstinson.lan>

On May 26 12:14, Brian Stinson wrote:
> On May 23 14:58, Brian Stinson wrote:
> > Hi Folks,
> > 
> > We will be having a maintenance window starting at 1AM UTC on Friday,
> > May 27th to do the following work:
> > 
> > - Upgrade to the latest Jenkins LTS 
> > - Upgrade all plugins (including the Github Plugin) to their latest
> >   versions
> > - Install the Pipeline Plugin (bug: 10825)
> > - Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
> > - Reboot the storage node 
> > 
> > The following services will be affected:
> > - ci.centos.org: Jenkins Frontend
> > - artifacts.ci.centos.org: File availability
> > 
> > As usual we will have a quiet period starting 1 hour before in order to
> > let pending jobs clear out.
> > 
> > If there are any questions please let us know.
> > 
> > Cheers!
> > 
> > --
> > Brian Stinson
> > CentOS CI Infrastructure Team
> 
> Hi All,
> 
> Just a reminder that this maintenance window will take place tonight!
> 
> Cheers!
> 
> --
> Brian Stinson
> CentOS CI Infrastructure Team

Ok Folks,

We should be back up and accepting new jobs. 

Please let us know if there is any trouble

Cheers!
--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160526/9d08afb3/attachment.sig>

From walters at verbum.org  Fri May 27 15:44:38 2016
From: walters at verbum.org (Colin Walters)
Date: Fri, 27 May 2016 11:44:38 -0400
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160527014120.GH26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
Message-ID: <1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>

On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:

> Please let us know if there is any trouble

jenkins-job-builder now fails with:

```
$ /usr/bin/make update
jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
Traceback (most recent call last):
  File "/usr/bin/jenkins-jobs", line 10, in <module>
    sys.exit(main())
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
    execute(options, config)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
    options.names)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
    self.load_files(input_fn)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
    self.parser = YamlParser(self.global_config, self.plugins_list)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
    self._plugins_list = self.jenkins.get_plugins_info()
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
    raise e
jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
```

It seems it's trying to do the equivalent of:

https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]

For which I now get:

Access Denied

atomic-sig is missing the Overall/Administer permission

Even though both I and JJB aren't trying to administer anything, just retrieve
the list of plugins.


From dshah at redhat.com  Fri May 27 16:50:28 2016
From: dshah at redhat.com (Dharmit Shah)
Date: Fri, 27 May 2016 22:20:28 +0530
Subject: [Ci-users] Networking query (Vagrant + Duffy + Jenkins)
Message-ID: <95e7dce6-b26e-897a-c3c9-c702226fa708@redhat.com>

Hi all,

I'm trying to get access to OpenShift service running inside the Vagrant 
box on one of the systems provided by Duffy. I'm attempting to access it 
from Jenkins slave.

I tried to forward the port 8443 inside the Vagrant box to port 8443 on 
Duffy provided system. And then when I try to access it from Jenkins 
slave, it fails with error:

$ ./oc login <duffy-provided-slave>
Unable to connect to the server: dial tcp <ip-address>:8443: getsockopt: 
no route to host

A rough mapping of the systems involved should look like this:

Jenkins Slave --> Duffy provisioned host (CentOS 7) --> Vagrant box 
running OpenShift (CentOS 7)			

I want to check with the group if someone's ever tried something like 
this and succeeded. Would love to hear some ideas that we should be trying.

Regards,
Dharmit.


From brian at bstinson.com  Fri May 27 17:01:36 2016
From: brian at bstinson.com (Brian Stinson)
Date: Fri, 27 May 2016 12:01:36 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
	<1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
Message-ID: <20160527170136.GI26882@ender.bstinson.lan>

On May 27 11:44, Colin Walters wrote:
> On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:
> 
> > Please let us know if there is any trouble
> 
> jenkins-job-builder now fails with:
> 
> ```
> $ /usr/bin/make update
> jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
> INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
> Traceback (most recent call last):
>   File "/usr/bin/jenkins-jobs", line 10, in <module>
>     sys.exit(main())
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
>     execute(options, config)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
>     options.names)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
>     self.load_files(input_fn)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
>     self.parser = YamlParser(self.global_config, self.plugins_list)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
>     self._plugins_list = self.jenkins.get_plugins_info()
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
>     raise e
> jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
> ```
> 
> It seems it's trying to do the equivalent of:
> 
> https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]
> 
> For which I now get:
> 
> Access Denied
> 
> atomic-sig is missing the Overall/Administer permission
> 
> Even though both I and JJB aren't trying to administer anything, just retrieve
> the list of plugins.

This is due to a fix for SECURITY-250:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

We had a hotfix to re-enable plugin lists but it looks like I missed one
of the permission checks. I'll investigate, re-patch and report back
here.

Cheers!
-- Brian


From walters at verbum.org  Tue May 31 17:00:44 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 31 May 2016 13:00:44 -0400
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160527170136.GI26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
	<1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
	<20160527170136.GI26882@ender.bstinson.lan>
Message-ID: <1464714044.3726246.623829185.2C5FEA22@webmail.messagingengine.com>



On Fri, May 27, 2016, at 01:01 PM, Brian Stinson wrote:

> We had a hotfix to re-enable plugin lists but it looks like I missed one
> of the permission checks. I'll investigate, re-patch and report back
> here.

Anything we can do to help with this?  At the moment this is
a blocker for continuing to use CentOS CI, and while no time
is opportune for CI to break, I've been in the middle of increasing
investment in it and trying to bring others on board.




From walters at verbum.org  Tue May 10 13:35:07 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:35:07 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
Message-ID: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>

```
[atomic-sig at slave01 ~]$ host cbs.centos.org
cbs.centos.org has address 172.20.1.15
[atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
^C
```

Just times out - I'm guessing there's some intermediate firewall, or
perhaps IP conflict on the 172.19 subnet?

Using the external IP works:

```
[atomic-sig at slave01 ~]$ host cbs.centos.org 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

cbs.centos.org has address 66.187.224.194
[atomic-sig at slave01 ~]$ curl http://66.187.224.194/repos/virt7-docker-common-candidate/x86_64/os/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
```


From walters at verbum.org  Tue May 10 13:38:50 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:38:50 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
Message-ID: <1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>



On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
> ```
> [atomic-sig at slave01 ~]$ host cbs.centos.org
> cbs.centos.org has address 172.20.1.15
> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
> ^C
> ```
> 
> Just times out 

Argh!  It turns out it's https:// vs http://.  I broke it with:
https://github.com/CentOS/sig-atomic-buildscripts/pull/68

I can work around this for now by sed'ing the repo to use
http just inside the CI infra.


From arrfab at centos.org  Tue May 10 13:47:03 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Tue, 10 May 2016 15:47:03 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
Message-ID: <5731E657.80607@centos.org>

On 10/05/16 15:38, Colin Walters wrote:
> 
> 
> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>> ```
>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>> cbs.centos.org has address 172.20.1.15
>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>> ^C
>> ```
>>
>> Just times out 
> 
> Argh!  It turns out it's https:// vs http://.  I broke it with:
> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
> 
> I can work around this for now by sed'ing the repo to use
> http just inside the CI infra.

CI environment is located in the same DC as cbs, but in a different
subnet/vlan and with ip/port filtering at the gw level. Initially we
only opened http from ci to cbs, but I now added https too.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160510/9225757b/attachment-0001.sig>

From walters at verbum.org  Tue May 10 13:53:58 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:53:58 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <5731E657.80607@centos.org>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
	<5731E657.80607@centos.org>
Message-ID: <1462888438.289727.603523505.3EB1F994@webmail.messagingengine.com>

On Tue, May 10, 2016, at 09:47 AM, Fabian Arrotin wrote:

> CI environment is located in the same DC as cbs, but in a different
> subnet/vlan and with ip/port filtering at the gw level. Initially we
> only opened http from ci to cbs, but I now added https too.

Thanks for the quick response, [confirmed] the fix works.

FWIW it's quite important to use https:// for CBS because the RPMs
are unsigned.  (And even if they were signed one would want to use
https:// anyways due to https://isis.poly.edu/%7Ejcappos/papers/cappos_mirror_ccs_08.pdf )



From jbrooks at redhat.com  Tue May 10 18:37:28 2016
From: jbrooks at redhat.com (Jason Brooks)
Date: Tue, 10 May 2016 11:37:28 -0700
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <5731E657.80607@centos.org>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
	<5731E657.80607@centos.org>
Message-ID: <CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>

On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
> On 10/05/16 15:38, Colin Walters wrote:
>>
>>
>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>> ```
>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>> cbs.centos.org has address 172.20.1.15
>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>> ^C
>>> ```
>>>
>>> Just times out
>>
>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>
>> I can work around this for now by sed'ing the repo to use
>> http just inside the CI infra.
>
> CI environment is located in the same DC as cbs, but in a different
> subnet/vlan and with ip/port filtering at the gw level. Initially we
> only opened http from ci to cbs, but I now added https too.

I'm getting a similar-looking issue w/ https from the ci artifacts location:

https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/

I'm trying to pull pkgs built in the ci and stored there in another ci job...

Jason

>
> --
> Fabian Arrotin
> The CentOS Project | http://www.centos.org
> gpg key: 56BEC54E | twitter: @arrfab
>
>
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>


From arrfab at centos.org  Tue May 10 18:43:41 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Tue, 10 May 2016 20:43:41 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
Message-ID: <57322BDD.80602@centos.org>

On 10/05/16 20:37, Jason Brooks wrote:
> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>> On 10/05/16 15:38, Colin Walters wrote:
>>>
>>>
>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>> ```
>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>> cbs.centos.org has address 172.20.1.15
>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>> ^C
>>>> ```
>>>>
>>>> Just times out
>>>
>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>
>>> I can work around this for now by sed'ing the repo to use
>>> http just inside the CI infra.
>>
>> CI environment is located in the same DC as cbs, but in a different
>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>> only opened http from ci to cbs, but I now added https too.
> 
> I'm getting a similar-looking issue w/ https from the ci artifacts location:
> 
> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
> 
> I'm trying to pull pkgs built in the ci and stored there in another ci job...
> 
> Jason
> 

Different issue as artifact node is internal and that has been discussed
some time ago :
https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
(and people confirmed that the solution worked for them)
And the wiki/doc was also adapted to only show one url that works both
internally and externally :
https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
http://artifacts.ci.centos.org/


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160510/324b4648/attachment-0001.sig>

From walters at verbum.org  Tue May 10 18:53:46 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 14:53:46 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <57322BDD.80602@centos.org>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
Message-ID: <1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>

On Tue, May 10, 2016, at 02:43 PM, Fabian Arrotin wrote:
>
> http://artifacts.ci.centos.org/

That URL is currently only accessible via insecure HTTP (presented
cert's CN is just ci.centos.org), so I don't think it's a good idea to point
users or systems at it.


From jbrooks at redhat.com  Tue May 10 19:06:38 2016
From: jbrooks at redhat.com (Jason Brooks)
Date: Tue, 10 May 2016 12:06:38 -0700
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
	<1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>
Message-ID: <CAF=rfpBQ-YCxs98Vq6BwjQ-hjZnGS9261k5f3b0TyGwFb-B5iQ@mail.gmail.com>

On Tue, May 10, 2016 at 11:53 AM, Colin Walters <walters at verbum.org> wrote:
> On Tue, May 10, 2016, at 02:43 PM, Fabian Arrotin wrote:
>>
>> http://artifacts.ci.centos.org/
>
> That URL is currently only accessible via insecure HTTP (presented
> cert's CN is just ci.centos.org), so I don't think it's a good idea to point
> users or systems at it.

OK, for now I'm going to work around this in the ci job definition w/ some sed.

> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users


From mail-lists at karan.org  Wed May 11 13:12:19 2016
From: mail-lists at karan.org (Karanbir Singh)
Date: Wed, 11 May 2016 14:12:19 +0100
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <57322BDD.80602@centos.org>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
Message-ID: <8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>

On 10/05/16 19:43, Fabian Arrotin wrote:
> On 10/05/16 20:37, Jason Brooks wrote:
>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>
>>>>
>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>> ```
>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>> cbs.centos.org has address 172.20.1.15
>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>> ^C
>>>>> ```
>>>>>
>>>>> Just times out
>>>>
>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>
>>>> I can work around this for now by sed'ing the repo to use
>>>> http just inside the CI infra.
>>>
>>> CI environment is located in the same DC as cbs, but in a different
>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>> only opened http from ci to cbs, but I now added https too.
>>
>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>
>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>
>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>
>> Jason
>>
> 
> Different issue as artifact node is internal and that has been discussed
> some time ago :
> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
> (and people confirmed that the solution worked for them)
> And the wiki/doc was also adapted to only show one url that works both
> internally and externally :
> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
> http://artifacts.ci.centos.org/
> 

options on how the https:// might work on the CDN for buildlogs ?


-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc


From arrfab at centos.org  Wed May 11 13:34:48 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Wed, 11 May 2016 15:34:48 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>
References: <57322BDD.80602@centos.org>
	<8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>
Message-ID: <573334F8.2060808@centos.org>

On 11/05/16 15:12, Karanbir Singh wrote:
> On 10/05/16 19:43, Fabian Arrotin wrote:
>> On 10/05/16 20:37, Jason Brooks wrote:
>>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>>
>>>>>
>>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>>> ```
>>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>>> cbs.centos.org has address 172.20.1.15
>>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>>> ^C
>>>>>> ```
>>>>>>
>>>>>> Just times out
>>>>>
>>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>>
>>>>> I can work around this for now by sed'ing the repo to use
>>>>> http just inside the CI infra.
>>>>
>>>> CI environment is located in the same DC as cbs, but in a different
>>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>>> only opened http from ci to cbs, but I now added https too.
>>>
>>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>>
>>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>>
>>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>>
>>> Jason
>>>
>>
>> Different issue as artifact node is internal and that has been discussed
>> some time ago :
>> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
>> (and people confirmed that the solution worked for them)
>> And the wiki/doc was also adapted to only show one url that works both
>> internally and externally :
>> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
>> http://artifacts.ci.centos.org/
>>
> 
> options on how the https:// might work on the CDN for buildlogs ?
> 
> 

Well, buildlogs is external but also internal copy (yeah ....) but we'd
be able to setup proper https support for that, but the automatic
http->https redirection is what needs to be tested and how yum follows
the redirection for the repomd.xml file (if that works)
Something added on the TODO list, but not priority #1 this week though

OTOH, it's true that it was also discussed that people needing a lot of
artifacts file should ask those to be published on the CDN, and not
retrieved from CI network at all (but can be problematic if people want
the same test to work inside and outside too)

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160511/f25ea924/attachment-0001.sig>

From walters at verbum.org  Fri May 13 20:18:37 2016
From: walters at verbum.org (Colin Walters)
Date: Fri, 13 May 2016 16:18:37 -0400
Subject: [Ci-users] Request for
	https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
Message-ID: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>

It's a handy way to implement cleanup actions, such as de-provisioning a duffy machine regardless of whether or not a job succeeds.


From dms at redhat.com  Fri May 13 22:20:43 2016
From: dms at redhat.com (David Moreau Simard)
Date: Fri, 13 May 2016 18:20:43 -0400
Subject: [Ci-users] Request for
	https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
In-Reply-To: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
References: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
Message-ID: <CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>

I'm already using this for several jobs, exactly for the use case of
cleaning up nodes and collecting nodes.

Is it not working for you ?
Is post-tasks the same thing ?

This is what it looks like in a Jenkins Job Builder template:
https://github.com/rdo-infra/ci-config/blob/master/jenkins/jobs/weirdo-defaults.yml#L34

David Moreau Simard
Senior Software Engineer | Openstack RDO

dmsimard = [irc, github, twitter]
It's a handy way to implement cleanup actions, such as de-provisioning a
duffy machine regardless of whether or not a job succeeds.
_______________________________________________
Ci-users mailing list
Ci-users at centos.org
https://lists.centos.org/mailman/listinfo/ci-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160513/92b23692/attachment-0001.html>

From dominic at cleal.org  Mon May 16 09:46:33 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Mon, 16 May 2016 10:46:33 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <56964871.90109@karan.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org>
Message-ID: <573996F9.1070001@cleal.org>

On 13/01/16 12:52, Karanbir Singh wrote:
> We've been looking at and trying to scope up
> getting an RDO cloud in place, that could then be used for 3 things :
> 
> 1) making an openstack api available for people who want to just consume
> VM's for their workloads
> 
> 2) migrating the slaves into openstack managed ( ie, self/user managed )
> virtual machines
> 
> 3) offering up image backed resources for people looking at doing
> testing with other OSs, eg what the libvirt and libguestfs folks do at
> the moment.
> 
> We have a dedicated hardware slab ( ~ 24 phy machines worth ) dedicated
> to this task ( so as to not cut into the ci baremetal pools ), but are
> waiting on the RH facility folks to get it wired up and dial-toned.
> 
> Given the nature and impact of this setup, I am going to try and see if
> we can speed up delivery of that infra from the present timeline of end
> Feb '16.

Do you expect this service to be available soon?

-- 
Dominic Cleal
dominic at cleal.org


From kbsingh at centos.org  Mon May 16 11:26:58 2016
From: kbsingh at centos.org (Karanbir Singh)
Date: Mon, 16 May 2016 12:26:58 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <573996F9.1070001@cleal.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org> <573996F9.1070001@cleal.org>
Message-ID: <03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16/05/16 10:46, Dominic Cleal wrote:
> On 13/01/16 12:52, Karanbir Singh wrote:
>> We've been looking at and trying to scope up getting an RDO cloud
>> in place, that could then be used for 3 things :
>> 
>> 1) making an openstack api available for people who want to just
>> consume VM's for their workloads
>> 
>> 2) migrating the slaves into openstack managed ( ie, self/user
>> managed ) virtual machines
>> 
>> 3) offering up image backed resources for people looking at
>> doing testing with other OSs, eg what the libvirt and libguestfs
>> folks do at the moment.
>> 
>> We have a dedicated hardware slab ( ~ 24 phy machines worth )
>> dedicated to this task ( so as to not cut into the ci baremetal
>> pools ), but are waiting on the RH facility folks to get it wired
>> up and dial-toned.
>> 
>> Given the nature and impact of this setup, I am going to try and
>> see if we can speed up delivery of that infra from the present
>> timeline of end Feb '16.
> 
> Do you expect this service to be available soon?
> 

I've got the basic stuff in place, and we should be able to open for
wider testing in the next day or so.

regards

- -- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXOa6CAAoJEI3Oi2Mx7xbtx1QIAK2Qa6vpvr7PIeTM7uBFP54B
kFKrh4ivyYJLAboLT8NlrSjhFuKWYcBY2P+5nUXi2lzB93M41ZnZdKSBQcBxAgC7
DMjQpGbvWsHOwcaev7y2cg3QwEMVtejPJX7Tx2+aZwX0Zr3i1Zdc7ah26YRAenm7
F3MDdvfQuZeMWBBfUm0ENDXx4eEMjMt4O8Cs1DpTqtCq3ZLDbeSAvNFU+zazocfG
zTfII9/w2uajWWWOGjZWAzffzf2x2/93uPz1ZYqsk9pK6T/MNaLr+pLIYLewUHXG
piNk1ibuTl2qmrK9FoQZYbROqFKgCoQfgnXAldMekjMDhkOldVLddUbZjmh7GlQ=
=MAkC
-----END PGP SIGNATURE-----


From dominic at cleal.org  Mon May 16 13:11:50 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Mon, 16 May 2016 14:11:50 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org> <573996F9.1070001@cleal.org>
	<03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>
Message-ID: <5739C716.8020101@cleal.org>

On 16/05/16 12:26, Karanbir Singh wrote:
> On 16/05/16 10:46, Dominic Cleal wrote:
>> On 13/01/16 12:52, Karanbir Singh wrote:
>>> We've been looking at and trying to scope up getting an RDO cloud
>>> in place, that could then be used for 3 things :
>>>
>>> 1) making an openstack api available for people who want to just
>>> consume VM's for their workloads
>>>
>>> 2) migrating the slaves into openstack managed ( ie, self/user
>>> managed ) virtual machines
>>>
>>> 3) offering up image backed resources for people looking at
>>> doing testing with other OSs, eg what the libvirt and libguestfs
>>> folks do at the moment.
>>>
>>> We have a dedicated hardware slab ( ~ 24 phy machines worth )
>>> dedicated to this task ( so as to not cut into the ci baremetal
>>> pools ), but are waiting on the RH facility folks to get it wired
>>> up and dial-toned.
>>>
>>> Given the nature and impact of this setup, I am going to try and
>>> see if we can speed up delivery of that infra from the present
>>> timeline of end Feb '16.
> 
>> Do you expect this service to be available soon?
> 
> 
> I've got the basic stuff in place, and we should be able to open for
> wider testing in the next day or so.

That's great news, thanks. I'd be happy to help test.

-- 
Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160516/292b4178/attachment-0001.sig>

From walters at verbum.org  Mon May 16 15:24:48 2016
From: walters at verbum.org (Colin Walters)
Date: Mon, 16 May 2016 11:24:48 -0400
Subject: [Ci-users] Request for
 https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
In-Reply-To: <CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>
References: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
	<CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>
Message-ID: <1463412288.4049714.609249617.5D2C4243@webmail.messagingengine.com>

 
 
 
On Fri, May 13, 2016, at 06:20 PM, David Moreau Simard wrote:
> I'm already using this for several jobs, exactly for the use case of
> cleaning up nodes and collecting nodes.
> Is it not working for you ?
>  Is post-tasks the same thing ?
 
Looks like that's a different plugin, but indeed seems pretty close.? I
actually ended up using:
 
```
publishers:
- trigger-parameterized-builds:
```
 
Which is installed now, because I wanted to serialize around a single
cleanup builder for duffy.? I'lll post more about this later.
 
Thanks though for the link to your JJB - it's really useful to see what
other people are doing in this area.? What I'm working on now is in:
https://github.com/cgwalters/sig-atomic-buildscripts/tree/pr-testing/centos-ci
for those interested.
 
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160516/f9fee501/attachment-0001.html>

From hhorak at redhat.com  Tue May 17 16:46:56 2016
From: hhorak at redhat.com (Honza Horak)
Date: Tue, 17 May 2016 18:46:56 +0200
Subject: [Ci-users] Test results not sent to github PR
Message-ID: <573B4B00.4060408@redhat.com>

I'm fighting with github+jenkins integration; specifically I'd like to 
make jenkins to run a job [1] for every commit in PR [2] or after 
writing message '[test]' in this PR. Then I expect the test result to be 
set in github PR.

One issue I see is that when trying to follow [3] and adding 
'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent 
Deliveries' section.

Well, when adding [test] comment, the job is run, but the output is not 
sent into github.

I'd appreciate any help here, since I'm quite new to jenkins..

[1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
[2] https://github.com/sclorg/mariadb-container/pull/1
[3] https://wiki.centos.org/QaWiki/CI/GithubIntegration

Honza


From brian at bstinson.com  Tue May 17 16:52:14 2016
From: brian at bstinson.com (Brian Stinson)
Date: Tue, 17 May 2016 11:52:14 -0500
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <573B4B00.4060408@redhat.com>
References: <573B4B00.4060408@redhat.com>
Message-ID: <20160517165214.GT4349@ender.bstinson.lan>

On May 17 18:46, Honza Horak wrote:
> I'm fighting with github+jenkins integration; specifically I'd like to make
> jenkins to run a job [1] for every commit in PR [2] or after writing message
> '[test]' in this PR. Then I expect the test result to be set in github PR.
> 
> One issue I see is that when trying to follow [3] and adding
> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent Deliveries'
> section.
> 
> Well, when adding [test] comment, the job is run, but the output is not sent
> into github.
> 
> I'd appreciate any help here, since I'm quite new to jenkins..
> 
> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
> [2] https://github.com/sclorg/mariadb-container/pull/1
> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
> 
> Honza
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users

Be sure you have the trailing slash in the webhook url:

https://ci.centos.org/ghbrphook/ 

I'll update [3] to make sure that's more clear.

Cheers!

--
Brian Stinson 


From hhorak at redhat.com  Tue May 17 18:18:58 2016
From: hhorak at redhat.com (Honza Horak)
Date: Tue, 17 May 2016 20:18:58 +0200
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <20160517165214.GT4349@ender.bstinson.lan>
References: <573B4B00.4060408@redhat.com>
	<20160517165214.GT4349@ender.bstinson.lan>
Message-ID: <573B6092.8060704@redhat.com>

On 05/17/2016 06:52 PM, Brian Stinson wrote:
> On May 17 18:46, Honza Horak wrote:
>> I'm fighting with github+jenkins integration; specifically I'd like to make
>> jenkins to run a job [1] for every commit in PR [2] or after writing message
>> '[test]' in this PR. Then I expect the test result to be set in github PR.
>>
>> One issue I see is that when trying to follow [3] and adding
>> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent Deliveries'
>> section.
>>
>> Well, when adding [test] comment, the job is run, but the output is not sent
>> into github.
>>
>> I'd appreciate any help here, since I'm quite new to jenkins..
>>
>> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
>> [2] https://github.com/sclorg/mariadb-container/pull/1
>> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
>>
>> Honza
>> _______________________________________________
>> Ci-users mailing list
>> Ci-users at centos.org
>> https://lists.centos.org/mailman/listinfo/ci-users
>
> Be sure you have the trailing slash in the webhook url:
>
> https://ci.centos.org/ghbrphook/
>
> I'll update [3] to make sure that's more clear.

I'm afraid it still doesn't work, this is my output in 'Recent Deliveries':

Headers

Cache-Control: must-revalidate,no-cache,no-store
Connection: keep-alive
Content-Length: 1441
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 17 May 2016 18:18:07 GMT
Server: nginx/1.0.15
X-Content-Type-Options: nosniff

Body

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /ghbrphook/. Reason:
<pre>    No valid crumb was included in the request</pre></p><hr 
/><i><small>Powered by Jetty://</small></i><br/> 

<br/>

Honza


From walters at verbum.org  Wed May 18 16:40:23 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 12:40:23 -0400
Subject: [Ci-users] duffy requests
Message-ID: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>

1) Public source code
2) Arbitrary metadata (could be JSON or just a blob) like /Node/get/?key=blah&metadata=<base64 encoded json>
   Then a new /InventoryExt verb that returns JSON like:

[
    { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded json>" },
    { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded json>" }
]

3) Also add a new option to /get/  named "longpoll" which means the machine is automatically deallocated when the requester's TCP connection closes.  This would help ensure that e.g. cancelling the job or a Jenkins restart etc. automatically deallocated the machine


From herlo at redhat.com  Wed May 18 17:04:18 2016
From: herlo at redhat.com (Clint Savage)
Date: Wed, 18 May 2016 11:04:18 -0600
Subject: [Ci-users] duffy requests
In-Reply-To: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
Message-ID: <CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>

I like this concept. I wonder if the base64 encoding is really necessary.

Here's what our internal tool reads. I would love to see something that
could work in both environments with very little adjustment.

This example uses openstack, thus the 'user-data-files' is unnecessary, and
the main resources might look different also.

{
    "resources": [
        {
            "name": "openshift-node1",
            "count": "1",
            "flavor": "m1.medium",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'primary', 'zone':
'east'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["nodes", "OSEv3"]
            }
        },
        {
            "name": "openshift-node2",
            "count": "1",
            "flavor": "m1.medium",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'primary', 'zone':
'west'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["nodes", "OSEv3", "repo_host"]
            }
        },
        {
            "name": "openshift-master",
            "count": "1",
            "flavor": "m1.large",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'infra', 'zone':
'default'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["masters", "nodes", "OSEv3"]
            }
        }
   ]
}

Cheers,

herlo

On Wed, May 18, 2016 at 10:40 AM, Colin Walters <walters at verbum.org> wrote:

> 1) Public source code
> 2) Arbitrary metadata (could be JSON or just a blob) like
> /Node/get/?key=blah&metadata=<base64 encoded json>
>    Then a new /InventoryExt verb that returns JSON like:
>
> [
>     { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded
> json>" },
>     { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded
> json>" }
> ]
>
> 3) Also add a new option to /get/  named "longpoll" which means the
> machine is automatically deallocated when the requester's TCP connection
> closes.  This would help ensure that e.g. cancelling the job or a Jenkins
> restart etc. automatically deallocated the machine
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/2e5906ab/attachment-0001.html>

From ari at redhat.com  Wed May 18 17:11:09 2016
From: ari at redhat.com (Ari LiVigni)
Date: Wed, 18 May 2016 13:11:09 -0400
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
Message-ID: <CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>

It would be great if this could be generated as dynamic ansible inventory.
We do this with the output of the node creation.  This way it becomes very
easy to use ansible to do any follow on tasks once you have the resources.

On Wed, May 18, 2016 at 1:04 PM, Clint Savage <herlo at redhat.com> wrote:

> I like this concept. I wonder if the base64 encoding is really necessary.
>
> Here's what our internal tool reads. I would love to see something that
> could work in both environments with very little adjustment.
>
> This example uses openstack, thus the 'user-data-files' is unnecessary,
> and the main resources might look different also.
>
> {
>     "resources": [
>         {
>             "name": "openshift-node1",
>             "count": "1",
>             "flavor": "m1.medium",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'primary', 'zone':
> 'east'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["nodes", "OSEv3"]
>             }
>         },
>         {
>             "name": "openshift-node2",
>             "count": "1",
>             "flavor": "m1.medium",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'primary', 'zone':
> 'west'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["nodes", "OSEv3", "repo_host"]
>             }
>         },
>         {
>             "name": "openshift-master",
>             "count": "1",
>             "flavor": "m1.large",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'infra', 'zone':
> 'default'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["masters", "nodes", "OSEv3"]
>             }
>         }
>    ]
> }
>
> Cheers,
>
> herlo
>
> On Wed, May 18, 2016 at 10:40 AM, Colin Walters <walters at verbum.org>
> wrote:
>
>> 1) Public source code
>> 2) Arbitrary metadata (could be JSON or just a blob) like
>> /Node/get/?key=blah&metadata=<base64 encoded json>
>>    Then a new /InventoryExt verb that returns JSON like:
>>
>> [
>>     { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded
>> json>" },
>>     { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded
>> json>" }
>> ]
>>
>> 3) Also add a new option to /get/  named "longpoll" which means the
>> machine is automatically deallocated when the requester's TCP connection
>> closes.  This would help ensure that e.g. cancelling the job or a Jenkins
>> restart etc. automatically deallocated the machine
>> _______________________________________________
>> Ci-users mailing list
>> Ci-users at centos.org
>> https://lists.centos.org/mailman/listinfo/ci-users
>>
>
>
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
>


-- 
-== @ri ==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/c1de0f04/attachment-0001.html>

From herlo at redhat.com  Wed May 18 17:15:10 2016
From: herlo at redhat.com (Clint Savage)
Date: Wed, 18 May 2016 11:15:10 -0600
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
Message-ID: <CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>

On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com> wrote:

> It would be great if this could be generated as dynamic ansible
> inventory.  We do this with the output of the node creation.  This way it
> becomes very easy to use ansible to do any follow on tasks once you have
> the resources.
>
>
+1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/0e0d45cc/attachment-0001.html>

From kbsingh at centos.org  Wed May 18 17:22:13 2016
From: kbsingh at centos.org (Karanbir Singh)
Date: Wed, 18 May 2016 18:22:13 +0100
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
	<CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
Message-ID: <fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/05/16 18:15, Clint Savage wrote:
> 
> 
> On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com 
> <mailto:ari at redhat.com>> wrote:
> 
> It would be great if this could be generated as dynamic ansible 
> inventory.  We do this with the output of the node creation.  This 
> way it becomes very easy to use ansible to do any follow on tasks 
> once you have the resources.
> 
> 
> +1

what might that actually look like ?


- -- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXPKTFAAoJEI3Oi2Mx7xbt7DIH/iQ2dc/OaW60cH21dEnt6WuL
aqB6rnoBLjws3v0AbYKFzoFjYtA3xd/UNTERa4CjIPWkcdkz/QlUAxRVuuuvC3A1
h29WFnSWhxnEIbRQROAI8dv+qkBum5KjN85ZyVN66mllXPPlLLC1A7w0x+29V8Zo
Keq7+UPPbIQItzyUrJjzRVXIhy456GtUoco+BvmUkESG7eBRyGePjyHH8iFzdArY
jAkNrakPr/CSmXunoYThRDx6I0mAiGnNqXTPoBH2T6bRWWFFfbQdJc0App9uqNa6
gxHGEPLQ7Bt+gCyqgQ8ViGH3U8Rury0kXT83pVYJl7Y4wyowiQEy7Ld/8zRt2oA=
=4ADD
-----END PGP SIGNATURE-----


From ari at redhat.com  Wed May 18 17:47:02 2016
From: ari at redhat.com (Ari LiVigni)
Date: Wed, 18 May 2016 13:47:02 -0400
Subject: [Ci-users] duffy requests
In-Reply-To: <fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
	<CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
	<fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>
Message-ID: <CAMqnh2O2RrfwxD1MMKRmyYqNQ+QDiKKJ3e9njR6OPSEQOqPoow@mail.gmail.com>

*The input is the file that Clint provided which is called a topology file:*
https://paste.fedoraproject.org/368077/35929591/

*Our tools generates output:*
resources.json
https://paste.fedoraproject.org/368075/46359285/

*Then we use this script to use as an inventory file to ansible:*
https://paste.fedoraproject.org/368080/46359306/

*We run the this command to get the inventory:*
python ci-factory/utils/central_ci_dynamic_hosts.py | python -m json.tool

*Inventory looks like:*
https://paste.fedoraproject.org/368081/63593258/

Then you can run:
ansible-playbook -i ci-factory/utils/central_ci_dynamic_hosts.py
--private-key <ssh-key> <playbook-you-want-to-run>

Sounds like from Brian's demo that this could be done after you get the
resources as well by the user, but it may be nice to have this as an
infrastructure toolset.

On Wed, May 18, 2016 at 1:22 PM, Karanbir Singh <kbsingh at centos.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 18/05/16 18:15, Clint Savage wrote:
> >
> >
> > On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com
> > <mailto:ari at redhat.com>> wrote:
> >
> > It would be great if this could be generated as dynamic ansible
> > inventory.  We do this with the output of the node creation.  This
> > way it becomes very easy to use ansible to do any follow on tasks
> > once you have the resources.
> >
> >
> > +1
>
> what might that actually look like ?
>
>
> - --
> Karanbir Singh, Project Lead, The CentOS Project
> +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
> GnuPG Key : http://www.karan.org/publickey.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQEcBAEBAgAGBQJXPKTFAAoJEI3Oi2Mx7xbt7DIH/iQ2dc/OaW60cH21dEnt6WuL
> aqB6rnoBLjws3v0AbYKFzoFjYtA3xd/UNTERa4CjIPWkcdkz/QlUAxRVuuuvC3A1
> h29WFnSWhxnEIbRQROAI8dv+qkBum5KjN85ZyVN66mllXPPlLLC1A7w0x+29V8Zo
> Keq7+UPPbIQItzyUrJjzRVXIhy456GtUoco+BvmUkESG7eBRyGePjyHH8iFzdArY
> jAkNrakPr/CSmXunoYThRDx6I0mAiGnNqXTPoBH2T6bRWWFFfbQdJc0App9uqNa6
> gxHGEPLQ7Bt+gCyqgQ8ViGH3U8Rury0kXT83pVYJl7Y4wyowiQEy7Ld/8zRt2oA=
> =4ADD
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>



-- 
-== @ri ==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/feed6e5d/attachment-0001.html>

From walters at verbum.org  Wed May 18 21:05:47 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 17:05:47 -0400
Subject: [Ci-users] centos-ci-skeleton v2016.1
Message-ID: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>

Hi,

https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

is a repo I put together today that's factoring out some recent work
I did on a new duffy wrapper script:

https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

Combined with JJB templates:

https://github.com/cgwalters/centos-ci-skeleton/blob/master/jjb-tmpl/cciskel-duffy.yml

My high level goal is to try to establish a bit more of a shared
baseline codebase.  It seems for example that most CentOS CI users
are using Jenkins Job Builder.  (If you're not, you should really consider it).

If you look at my demo job:

https://github.com/cgwalters/centos-ci-skeleton/tree/master/jjb-demo

It shows how to pair together things so that you get a reusable node
that's provisioned via an Ansible playbook.



From walters at verbum.org  Thu May 19 00:08:21 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 20:08:21 -0400
Subject: [Ci-users] centos-ci-skeleton v2016.1
In-Reply-To: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
References: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
Message-ID: <1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>



On Wed, May 18, 2016, at 05:05 PM, Colin Walters wrote:
> Hi,
> 
> https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
> 
> is a repo I put together today that's factoring out some recent work
> I did on a new duffy wrapper script:
> 
> https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

This second link should have been 
https://github.com/cgwalters/centos-ci-skeleton/blob/master/cciskel-duffy


From ndevos at redhat.com  Thu May 19 10:17:20 2016
From: ndevos at redhat.com (Niels de Vos)
Date: Thu, 19 May 2016 12:17:20 +0200
Subject: [Ci-users] Request for virtual IP-addresses in the CI for fail-over
	testing
Message-ID: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>

An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/c2c0831e/attachment-0001.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/c2c0831e/attachment-0001.sig>

From arrfab at centos.org  Thu May 19 11:56:46 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Thu, 19 May 2016 13:56:46 +0200
Subject: [Ci-users] Request for virtual IP-addresses in the CI for
 fail-over testing
In-Reply-To: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>
References: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>
Message-ID: <573DA9FE.7000606@centos.org>

On 19/05/16 12:17, Niels de Vos wrote:
> Hi,
> 
> there is an integration in place with Gluster, NFS-Ganesha and
> Pacemaker. This combination makes it possible to have an active-active
> high-available NFS-server backed by Gluster volumes.
> 
> We'd like to add automated testing for functional fail-over in the CI.
> This requires the use of virtual-IPs that get assigned to the different
> NFS-Ganesha servers, which will migrate to other servers upon failure.
> 
> On https://wiki.centos.org/QaWiki/PubHardware is a mentioning of
> "reserved IP addresses" where the Gluster project in the CI would like
> to get listed too. What is the process to request a few IPs, and what
> are the restrictions we need to be aware of (and how to put them in the
> Jenkins job)?
> 
> Thanks,
> Niels

Hi Niels,

There are probably multiple ways to solve that. For example you have
multiple interfaces (and eth0 -> eth3 are now in the same vlan, but only
eth0 is configured )
So you can for example use another subnet not conflicting with the
172.19.0.0/22 (nor 172.19.4.0/22 also alocated for remote VMs), but I
don't know how you'll test the virtual ip : I guess from another
provisioned node (like a nfs client).
I've reserved the following range for Gluster : 172.19.2.21 ->
172.19.1.30 (and documented it on the wiki page)

Does that work for you ?

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/6d0b3bb3/attachment-0001.sig>

From herlo at redhat.com  Thu May 19 15:23:26 2016
From: herlo at redhat.com (Clint Savage)
Date: Thu, 19 May 2016 09:23:26 -0600
Subject: [Ci-users] centos-ci-skeleton v2016.1
In-Reply-To: <1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>
References: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
	<1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>
Message-ID: <CAMwYf-6BtSxVjHWsG_rJ3Cae7Zh-L5bejVQ7J24kzVCwicMVJA@mail.gmail.com>

Colin,

+1 on this. I've just created
https://github.com/CentOS-PaaS-SIG/centos-paas-ci and will be contributing
there PaaS CI things. I intend to use the cciskel-duffy script, and hope to
model things similarly.

One thought I have been having about the metadata bits we discussed
yesterday in the meeting. What if we didn't have duffy do the metadata, but
rather consumed the session values, nodes, etc. from duffy, then allowed
the cciskel-duffy to pull in a json file that helped define metadata. I can
see that you are doing a small inventory bit in the code, it looks mostly
around ansible groups.

Consider the following use case/story. I've requested three nodes from
duffy, for an openshift cluster. One will be the master, the other two will
be nodes. Putting a custom built RPM repository on one node (not the
master), and then installing using the atomic-openshift-installer. a
installer.cfg.yml file will need to be created which details these items.
Having this in a dynamically-generated inventory from your cciskel-duffy
tool seems like a great location, at least until duffy can do this itself.

Thoughts?

herlo

On Wed, May 18, 2016 at 6:08 PM, Colin Walters <walters at verbum.org> wrote:

>
>
> On Wed, May 18, 2016, at 05:05 PM, Colin Walters wrote:
> > Hi,
> >
> > https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
> >
> > is a repo I put together today that's factoring out some recent work
> > I did on a new duffy wrapper script:
> >
> > https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
>
> This second link should have been
> https://github.com/cgwalters/centos-ci-skeleton/blob/master/cciskel-duffy
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/31d73582/attachment-0001.html>

From arrfab at centos.org  Fri May 20 08:27:37 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Fri, 20 May 2016 10:27:37 +0200
Subject: [Ci-users] Important infra outage notification - dates to be
	discussed
Message-ID: <573ECA79.70207@centos.org>

Due to some reorganization at the DC/Cage level, we'll have to
shutdown/move/reconfigure a big part of our hosted infra for the
following services :
- cbs.centos.org (Koji)
- accounts.centos.org (auth backend)
- ci.centos.org (jenkins-driven CI environment)

We're working on a plan to minimize the downtime/reconfiguration part,
but at first sight, due to the hardware move of the racks/recabling
parts/etc, the announced downtime will be probably ~48h.

What does that mean ? That during this window, nobody will be able to
build/tests packages, nor be able to triggers automatically CI jobs
(important).
As said, we're working on an agenda with the team operating the DC, but
we'd like you (cbs and ci users) to give us feedback on the best (or
worst ?) time line for such migration.

For example if you know that your $project will have a release soon, and
already have an agenda for such release (and so build/ci) and that you
rely on that infra, we'd like you to communicate those informations to
us, so that we can try to find the best possible time slot for the
migration, minimizing the impact on the whole CentOS ecosystem (and so
for all our users)

Feel free to answer in this thread, or find us in #centos-devel on freenode.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160520/7eb2d2aa/attachment-0001.sig>

From walters at verbum.org  Sat May 21 13:31:48 2016
From: walters at verbum.org (Colin Walters)
Date: Sat, 21 May 2016 09:31:48 -0400
Subject: [Ci-users] Jenkins SafeRestart to add extra CSRF Protection
 19-Apr-2016 14h30 UTC (09h30 EDT)
In-Reply-To: <20160419135426.GC4349@ender.bstinson.lan>
References: <20160419135426.GC4349@ender.bstinson.lan>
Message-ID: <1463837508.618503.614550297.2097E00D@webmail.messagingengine.com>

On Tue, Apr 19, 2016, at 09:54 AM, Brian Stinson wrote:
> Hi Folks,
> 
> In response to news of directed attacks against public Jenkins
> instances[0], we are enabling some of the CSRF protections in ci.centos.org

It looks like this also caused:

https://github.com/janinko/ghprb/issues/84

However I'm a bit confused - it seems like a lot more
people should be hitting this.  Perhaps people just aren't
turning on CSRF?

Then I also found
https://github.com/jenkinsci/ghprb-plugin/commit/cb8447f991aebe3de688d3548c451dd128e16900
which:
$ git describe --contains cb8447f991aebe3de688d3548c451dd128e16900
ghprb-1.28~3^2

So it *should* be in the 1.30.4 we're running according to
https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]

Did anyone else manage to get the ghprb hooks working?

(Aside, I was trying to work around this by using the raw `github` plugin's webhook
 which does work, but I couldn't quite figure out how to make a single job that builds
 multiple PRs be "stable", i.e. avoid retriggering for previously built PRs, plus in the
 end we do need a way to retrigger as ghprb handles)


From bstinson at redhat.com  Mon May 23 19:58:28 2016
From: bstinson at redhat.com (Brian Stinson)
Date: Mon, 23 May 2016 14:58:28 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
Message-ID: <20160523195828.GC26882@ender.bstinson.lan>

Hi Folks,

We will be having a maintenance window starting at 1AM UTC on Friday,
May 27th to do the following work:

- Upgrade to the latest Jenkins LTS 
- Upgrade all plugins (including the Github Plugin) to their latest
  versions
- Install the Pipeline Plugin (bug: 10825)
- Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
- Reboot the storage node 

The following services will be affected:
- ci.centos.org: Jenkins Frontend
- artifacts.ci.centos.org: File availability

As usual we will have a quiet period starting 1 hour before in order to
let pending jobs clear out.

If there are any questions please let us know.

Cheers!

--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160523/abfd0ba2/attachment-0001.sig>

From hhorak at redhat.com  Mon May 23 20:12:59 2016
From: hhorak at redhat.com (Honza Horak)
Date: Mon, 23 May 2016 22:12:59 +0200
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <573B6092.8060704@redhat.com>
References: <573B4B00.4060408@redhat.com>
	<20160517165214.GT4349@ender.bstinson.lan>
	<573B6092.8060704@redhat.com>
Message-ID: <5743644B.80001@redhat.com>

Thinking about it a bit, I think it might be caused by the fact that 
"GitHub API credentials" only allows to set "Anonymous connection". 
Shouldn't it be configured so that it can use centos-ci user?

honza

On 05/17/2016 08:18 PM, Honza Horak wrote:
> On 05/17/2016 06:52 PM, Brian Stinson wrote:
>> On May 17 18:46, Honza Horak wrote:
>>> I'm fighting with github+jenkins integration; specifically I'd like
>>> to make
>>> jenkins to run a job [1] for every commit in PR [2] or after writing
>>> message
>>> '[test]' in this PR. Then I expect the test result to be set in
>>> github PR.
>>>
>>> One issue I see is that when trying to follow [3] and adding
>>> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent
>>> Deliveries'
>>> section.
>>>
>>> Well, when adding [test] comment, the job is run, but the output is
>>> not sent
>>> into github.
>>>
>>> I'd appreciate any help here, since I'm quite new to jenkins..
>>>
>>> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
>>> [2] https://github.com/sclorg/mariadb-container/pull/1
>>> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
>>>
>>> Honza
>>> _______________________________________________
>>> Ci-users mailing list
>>> Ci-users at centos.org
>>> https://lists.centos.org/mailman/listinfo/ci-users
>>
>> Be sure you have the trailing slash in the webhook url:
>>
>> https://ci.centos.org/ghbrphook/
>>
>> I'll update [3] to make sure that's more clear.
>
> I'm afraid it still doesn't work, this is my output in 'Recent Deliveries':
>
> Headers
>
> Cache-Control: must-revalidate,no-cache,no-store
> Connection: keep-alive
> Content-Length: 1441
> Content-Type: text/html;charset=ISO-8859-1
> Date: Tue, 17 May 2016 18:18:07 GMT
> Server: nginx/1.0.15
> X-Content-Type-Options: nosniff
>
> Body
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
> <title>Error 403 No valid crumb was included in the request</title>
> </head>
> <body><h2>HTTP ERROR 403</h2>
> <p>Problem accessing /ghbrphook/. Reason:
> <pre>    No valid crumb was included in the request</pre></p><hr
> /><i><small>Powered by Jetty://</small></i><br/>
> <br/>
>
> Honza
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users


From dominic at cleal.org  Tue May 24 07:15:42 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Tue, 24 May 2016 08:15:42 +0100
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160523195828.GC26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
Message-ID: <5743FF9E.9010207@cleal.org>

On 23/05/16 20:58, Brian Stinson wrote:
> Hi Folks,
> 
> We will be having a maintenance window starting at 1AM UTC on Friday,
> May 27th to do the following work:
> 
> - Upgrade to the latest Jenkins LTS 

Just a heads up, the latest Jenkins LTS (1.651.2) broke a few plugins in
its default configuration which filters out unknown job parameters.
Notably it broke the matrix project plugin which will probably affect a
few users - I had to disable the new security feature on the Foreman
Jenkins server.

https://issues.jenkins-ci.org/browse/JENKINS-34758 and
https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170
have more details about the plugins affected.

-- 
Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160524/22505e56/attachment-0001.sig>

From brian at bstinson.com  Thu May 26 17:14:30 2016
From: brian at bstinson.com (Brian Stinson)
Date: Thu, 26 May 2016 12:14:30 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160523195828.GC26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
Message-ID: <20160526171430.GG26882@ender.bstinson.lan>

On May 23 14:58, Brian Stinson wrote:
> Hi Folks,
> 
> We will be having a maintenance window starting at 1AM UTC on Friday,
> May 27th to do the following work:
> 
> - Upgrade to the latest Jenkins LTS 
> - Upgrade all plugins (including the Github Plugin) to their latest
>   versions
> - Install the Pipeline Plugin (bug: 10825)
> - Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
> - Reboot the storage node 
> 
> The following services will be affected:
> - ci.centos.org: Jenkins Frontend
> - artifacts.ci.centos.org: File availability
> 
> As usual we will have a quiet period starting 1 hour before in order to
> let pending jobs clear out.
> 
> If there are any questions please let us know.
> 
> Cheers!
> 
> --
> Brian Stinson
> CentOS CI Infrastructure Team

Hi All,

Just a reminder that this maintenance window will take place tonight!

Cheers!

--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160526/fbb61b81/attachment-0001.sig>

From brian at bstinson.com  Fri May 27 01:41:20 2016
From: brian at bstinson.com (Brian Stinson)
Date: Thu, 26 May 2016 20:41:20 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160526171430.GG26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
Message-ID: <20160527014120.GH26882@ender.bstinson.lan>

On May 26 12:14, Brian Stinson wrote:
> On May 23 14:58, Brian Stinson wrote:
> > Hi Folks,
> > 
> > We will be having a maintenance window starting at 1AM UTC on Friday,
> > May 27th to do the following work:
> > 
> > - Upgrade to the latest Jenkins LTS 
> > - Upgrade all plugins (including the Github Plugin) to their latest
> >   versions
> > - Install the Pipeline Plugin (bug: 10825)
> > - Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
> > - Reboot the storage node 
> > 
> > The following services will be affected:
> > - ci.centos.org: Jenkins Frontend
> > - artifacts.ci.centos.org: File availability
> > 
> > As usual we will have a quiet period starting 1 hour before in order to
> > let pending jobs clear out.
> > 
> > If there are any questions please let us know.
> > 
> > Cheers!
> > 
> > --
> > Brian Stinson
> > CentOS CI Infrastructure Team
> 
> Hi All,
> 
> Just a reminder that this maintenance window will take place tonight!
> 
> Cheers!
> 
> --
> Brian Stinson
> CentOS CI Infrastructure Team

Ok Folks,

We should be back up and accepting new jobs. 

Please let us know if there is any trouble

Cheers!
--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160526/9d08afb3/attachment-0001.sig>

From walters at verbum.org  Fri May 27 15:44:38 2016
From: walters at verbum.org (Colin Walters)
Date: Fri, 27 May 2016 11:44:38 -0400
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160527014120.GH26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
Message-ID: <1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>

On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:

> Please let us know if there is any trouble

jenkins-job-builder now fails with:

```
$ /usr/bin/make update
jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
Traceback (most recent call last):
  File "/usr/bin/jenkins-jobs", line 10, in <module>
    sys.exit(main())
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
    execute(options, config)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
    options.names)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
    self.load_files(input_fn)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
    self.parser = YamlParser(self.global_config, self.plugins_list)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
    self._plugins_list = self.jenkins.get_plugins_info()
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
    raise e
jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
```

It seems it's trying to do the equivalent of:

https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]

For which I now get:

Access Denied

atomic-sig is missing the Overall/Administer permission

Even though both I and JJB aren't trying to administer anything, just retrieve
the list of plugins.


From dshah at redhat.com  Fri May 27 16:50:28 2016
From: dshah at redhat.com (Dharmit Shah)
Date: Fri, 27 May 2016 22:20:28 +0530
Subject: [Ci-users] Networking query (Vagrant + Duffy + Jenkins)
Message-ID: <95e7dce6-b26e-897a-c3c9-c702226fa708@redhat.com>

Hi all,

I'm trying to get access to OpenShift service running inside the Vagrant 
box on one of the systems provided by Duffy. I'm attempting to access it 
from Jenkins slave.

I tried to forward the port 8443 inside the Vagrant box to port 8443 on 
Duffy provided system. And then when I try to access it from Jenkins 
slave, it fails with error:

$ ./oc login <duffy-provided-slave>
Unable to connect to the server: dial tcp <ip-address>:8443: getsockopt: 
no route to host

A rough mapping of the systems involved should look like this:

Jenkins Slave --> Duffy provisioned host (CentOS 7) --> Vagrant box 
running OpenShift (CentOS 7)			

I want to check with the group if someone's ever tried something like 
this and succeeded. Would love to hear some ideas that we should be trying.

Regards,
Dharmit.


From brian at bstinson.com  Fri May 27 17:01:36 2016
From: brian at bstinson.com (Brian Stinson)
Date: Fri, 27 May 2016 12:01:36 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
	<1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
Message-ID: <20160527170136.GI26882@ender.bstinson.lan>

On May 27 11:44, Colin Walters wrote:
> On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:
> 
> > Please let us know if there is any trouble
> 
> jenkins-job-builder now fails with:
> 
> ```
> $ /usr/bin/make update
> jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
> INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
> Traceback (most recent call last):
>   File "/usr/bin/jenkins-jobs", line 10, in <module>
>     sys.exit(main())
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
>     execute(options, config)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
>     options.names)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
>     self.load_files(input_fn)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
>     self.parser = YamlParser(self.global_config, self.plugins_list)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
>     self._plugins_list = self.jenkins.get_plugins_info()
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
>     raise e
> jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
> ```
> 
> It seems it's trying to do the equivalent of:
> 
> https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]
> 
> For which I now get:
> 
> Access Denied
> 
> atomic-sig is missing the Overall/Administer permission
> 
> Even though both I and JJB aren't trying to administer anything, just retrieve
> the list of plugins.

This is due to a fix for SECURITY-250:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

We had a hotfix to re-enable plugin lists but it looks like I missed one
of the permission checks. I'll investigate, re-patch and report back
here.

Cheers!
-- Brian


From walters at verbum.org  Tue May 31 17:00:44 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 31 May 2016 13:00:44 -0400
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160527170136.GI26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
	<1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
	<20160527170136.GI26882@ender.bstinson.lan>
Message-ID: <1464714044.3726246.623829185.2C5FEA22@webmail.messagingengine.com>



On Fri, May 27, 2016, at 01:01 PM, Brian Stinson wrote:

> We had a hotfix to re-enable plugin lists but it looks like I missed one
> of the permission checks. I'll investigate, re-patch and report back
> here.

Anything we can do to help with this?  At the moment this is
a blocker for continuing to use CentOS CI, and while no time
is opportune for CI to break, I've been in the middle of increasing
investment in it and trying to bring others on board.




From walters at verbum.org  Tue May 10 13:35:07 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:35:07 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
Message-ID: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>

```
[atomic-sig at slave01 ~]$ host cbs.centos.org
cbs.centos.org has address 172.20.1.15
[atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
^C
```

Just times out - I'm guessing there's some intermediate firewall, or
perhaps IP conflict on the 172.19 subnet?

Using the external IP works:

```
[atomic-sig at slave01 ~]$ host cbs.centos.org 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

cbs.centos.org has address 66.187.224.194
[atomic-sig at slave01 ~]$ curl http://66.187.224.194/repos/virt7-docker-common-candidate/x86_64/os/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
```


From walters at verbum.org  Tue May 10 13:38:50 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:38:50 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
Message-ID: <1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>



On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
> ```
> [atomic-sig at slave01 ~]$ host cbs.centos.org
> cbs.centos.org has address 172.20.1.15
> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
> ^C
> ```
> 
> Just times out 

Argh!  It turns out it's https:// vs http://.  I broke it with:
https://github.com/CentOS/sig-atomic-buildscripts/pull/68

I can work around this for now by sed'ing the repo to use
http just inside the CI infra.


From arrfab at centos.org  Tue May 10 13:47:03 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Tue, 10 May 2016 15:47:03 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
Message-ID: <5731E657.80607@centos.org>

On 10/05/16 15:38, Colin Walters wrote:
> 
> 
> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>> ```
>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>> cbs.centos.org has address 172.20.1.15
>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>> ^C
>> ```
>>
>> Just times out 
> 
> Argh!  It turns out it's https:// vs http://.  I broke it with:
> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
> 
> I can work around this for now by sed'ing the repo to use
> http just inside the CI infra.

CI environment is located in the same DC as cbs, but in a different
subnet/vlan and with ip/port filtering at the gw level. Initially we
only opened http from ci to cbs, but I now added https too.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160510/9225757b/attachment-0002.sig>

From walters at verbum.org  Tue May 10 13:53:58 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:53:58 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <5731E657.80607@centos.org>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
	<5731E657.80607@centos.org>
Message-ID: <1462888438.289727.603523505.3EB1F994@webmail.messagingengine.com>

On Tue, May 10, 2016, at 09:47 AM, Fabian Arrotin wrote:

> CI environment is located in the same DC as cbs, but in a different
> subnet/vlan and with ip/port filtering at the gw level. Initially we
> only opened http from ci to cbs, but I now added https too.

Thanks for the quick response, [confirmed] the fix works.

FWIW it's quite important to use https:// for CBS because the RPMs
are unsigned.  (And even if they were signed one would want to use
https:// anyways due to https://isis.poly.edu/%7Ejcappos/papers/cappos_mirror_ccs_08.pdf )



From jbrooks at redhat.com  Tue May 10 18:37:28 2016
From: jbrooks at redhat.com (Jason Brooks)
Date: Tue, 10 May 2016 11:37:28 -0700
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <5731E657.80607@centos.org>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
	<5731E657.80607@centos.org>
Message-ID: <CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>

On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
> On 10/05/16 15:38, Colin Walters wrote:
>>
>>
>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>> ```
>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>> cbs.centos.org has address 172.20.1.15
>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>> ^C
>>> ```
>>>
>>> Just times out
>>
>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>
>> I can work around this for now by sed'ing the repo to use
>> http just inside the CI infra.
>
> CI environment is located in the same DC as cbs, but in a different
> subnet/vlan and with ip/port filtering at the gw level. Initially we
> only opened http from ci to cbs, but I now added https too.

I'm getting a similar-looking issue w/ https from the ci artifacts location:

https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/

I'm trying to pull pkgs built in the ci and stored there in another ci job...

Jason

>
> --
> Fabian Arrotin
> The CentOS Project | http://www.centos.org
> gpg key: 56BEC54E | twitter: @arrfab
>
>
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>


From arrfab at centos.org  Tue May 10 18:43:41 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Tue, 10 May 2016 20:43:41 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
Message-ID: <57322BDD.80602@centos.org>

On 10/05/16 20:37, Jason Brooks wrote:
> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>> On 10/05/16 15:38, Colin Walters wrote:
>>>
>>>
>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>> ```
>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>> cbs.centos.org has address 172.20.1.15
>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>> ^C
>>>> ```
>>>>
>>>> Just times out
>>>
>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>
>>> I can work around this for now by sed'ing the repo to use
>>> http just inside the CI infra.
>>
>> CI environment is located in the same DC as cbs, but in a different
>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>> only opened http from ci to cbs, but I now added https too.
> 
> I'm getting a similar-looking issue w/ https from the ci artifacts location:
> 
> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
> 
> I'm trying to pull pkgs built in the ci and stored there in another ci job...
> 
> Jason
> 

Different issue as artifact node is internal and that has been discussed
some time ago :
https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
(and people confirmed that the solution worked for them)
And the wiki/doc was also adapted to only show one url that works both
internally and externally :
https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
http://artifacts.ci.centos.org/


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160510/324b4648/attachment-0002.sig>

From walters at verbum.org  Tue May 10 18:53:46 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 14:53:46 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <57322BDD.80602@centos.org>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
Message-ID: <1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>

On Tue, May 10, 2016, at 02:43 PM, Fabian Arrotin wrote:
>
> http://artifacts.ci.centos.org/

That URL is currently only accessible via insecure HTTP (presented
cert's CN is just ci.centos.org), so I don't think it's a good idea to point
users or systems at it.


From jbrooks at redhat.com  Tue May 10 19:06:38 2016
From: jbrooks at redhat.com (Jason Brooks)
Date: Tue, 10 May 2016 12:06:38 -0700
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
	<1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>
Message-ID: <CAF=rfpBQ-YCxs98Vq6BwjQ-hjZnGS9261k5f3b0TyGwFb-B5iQ@mail.gmail.com>

On Tue, May 10, 2016 at 11:53 AM, Colin Walters <walters at verbum.org> wrote:
> On Tue, May 10, 2016, at 02:43 PM, Fabian Arrotin wrote:
>>
>> http://artifacts.ci.centos.org/
>
> That URL is currently only accessible via insecure HTTP (presented
> cert's CN is just ci.centos.org), so I don't think it's a good idea to point
> users or systems at it.

OK, for now I'm going to work around this in the ci job definition w/ some sed.

> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users


From mail-lists at karan.org  Wed May 11 13:12:19 2016
From: mail-lists at karan.org (Karanbir Singh)
Date: Wed, 11 May 2016 14:12:19 +0100
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <57322BDD.80602@centos.org>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
Message-ID: <8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>

On 10/05/16 19:43, Fabian Arrotin wrote:
> On 10/05/16 20:37, Jason Brooks wrote:
>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>
>>>>
>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>> ```
>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>> cbs.centos.org has address 172.20.1.15
>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>> ^C
>>>>> ```
>>>>>
>>>>> Just times out
>>>>
>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>
>>>> I can work around this for now by sed'ing the repo to use
>>>> http just inside the CI infra.
>>>
>>> CI environment is located in the same DC as cbs, but in a different
>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>> only opened http from ci to cbs, but I now added https too.
>>
>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>
>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>
>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>
>> Jason
>>
> 
> Different issue as artifact node is internal and that has been discussed
> some time ago :
> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
> (and people confirmed that the solution worked for them)
> And the wiki/doc was also adapted to only show one url that works both
> internally and externally :
> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
> http://artifacts.ci.centos.org/
> 

options on how the https:// might work on the CDN for buildlogs ?


-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc


From arrfab at centos.org  Wed May 11 13:34:48 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Wed, 11 May 2016 15:34:48 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>
References: <57322BDD.80602@centos.org>
	<8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>
Message-ID: <573334F8.2060808@centos.org>

On 11/05/16 15:12, Karanbir Singh wrote:
> On 10/05/16 19:43, Fabian Arrotin wrote:
>> On 10/05/16 20:37, Jason Brooks wrote:
>>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>>
>>>>>
>>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>>> ```
>>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>>> cbs.centos.org has address 172.20.1.15
>>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>>> ^C
>>>>>> ```
>>>>>>
>>>>>> Just times out
>>>>>
>>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>>
>>>>> I can work around this for now by sed'ing the repo to use
>>>>> http just inside the CI infra.
>>>>
>>>> CI environment is located in the same DC as cbs, but in a different
>>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>>> only opened http from ci to cbs, but I now added https too.
>>>
>>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>>
>>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>>
>>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>>
>>> Jason
>>>
>>
>> Different issue as artifact node is internal and that has been discussed
>> some time ago :
>> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
>> (and people confirmed that the solution worked for them)
>> And the wiki/doc was also adapted to only show one url that works both
>> internally and externally :
>> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
>> http://artifacts.ci.centos.org/
>>
> 
> options on how the https:// might work on the CDN for buildlogs ?
> 
> 

Well, buildlogs is external but also internal copy (yeah ....) but we'd
be able to setup proper https support for that, but the automatic
http->https redirection is what needs to be tested and how yum follows
the redirection for the repomd.xml file (if that works)
Something added on the TODO list, but not priority #1 this week though

OTOH, it's true that it was also discussed that people needing a lot of
artifacts file should ask those to be published on the CDN, and not
retrieved from CI network at all (but can be problematic if people want
the same test to work inside and outside too)

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160511/f25ea924/attachment-0002.sig>

From walters at verbum.org  Fri May 13 20:18:37 2016
From: walters at verbum.org (Colin Walters)
Date: Fri, 13 May 2016 16:18:37 -0400
Subject: [Ci-users] Request for
	https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
Message-ID: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>

It's a handy way to implement cleanup actions, such as de-provisioning a duffy machine regardless of whether or not a job succeeds.


From dms at redhat.com  Fri May 13 22:20:43 2016
From: dms at redhat.com (David Moreau Simard)
Date: Fri, 13 May 2016 18:20:43 -0400
Subject: [Ci-users] Request for
	https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
In-Reply-To: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
References: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
Message-ID: <CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>

I'm already using this for several jobs, exactly for the use case of
cleaning up nodes and collecting nodes.

Is it not working for you ?
Is post-tasks the same thing ?

This is what it looks like in a Jenkins Job Builder template:
https://github.com/rdo-infra/ci-config/blob/master/jenkins/jobs/weirdo-defaults.yml#L34

David Moreau Simard
Senior Software Engineer | Openstack RDO

dmsimard = [irc, github, twitter]
It's a handy way to implement cleanup actions, such as de-provisioning a
duffy machine regardless of whether or not a job succeeds.
_______________________________________________
Ci-users mailing list
Ci-users at centos.org
https://lists.centos.org/mailman/listinfo/ci-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160513/92b23692/attachment-0002.html>

From dominic at cleal.org  Mon May 16 09:46:33 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Mon, 16 May 2016 10:46:33 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <56964871.90109@karan.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org>
Message-ID: <573996F9.1070001@cleal.org>

On 13/01/16 12:52, Karanbir Singh wrote:
> We've been looking at and trying to scope up
> getting an RDO cloud in place, that could then be used for 3 things :
> 
> 1) making an openstack api available for people who want to just consume
> VM's for their workloads
> 
> 2) migrating the slaves into openstack managed ( ie, self/user managed )
> virtual machines
> 
> 3) offering up image backed resources for people looking at doing
> testing with other OSs, eg what the libvirt and libguestfs folks do at
> the moment.
> 
> We have a dedicated hardware slab ( ~ 24 phy machines worth ) dedicated
> to this task ( so as to not cut into the ci baremetal pools ), but are
> waiting on the RH facility folks to get it wired up and dial-toned.
> 
> Given the nature and impact of this setup, I am going to try and see if
> we can speed up delivery of that infra from the present timeline of end
> Feb '16.

Do you expect this service to be available soon?

-- 
Dominic Cleal
dominic at cleal.org


From kbsingh at centos.org  Mon May 16 11:26:58 2016
From: kbsingh at centos.org (Karanbir Singh)
Date: Mon, 16 May 2016 12:26:58 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <573996F9.1070001@cleal.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org> <573996F9.1070001@cleal.org>
Message-ID: <03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16/05/16 10:46, Dominic Cleal wrote:
> On 13/01/16 12:52, Karanbir Singh wrote:
>> We've been looking at and trying to scope up getting an RDO cloud
>> in place, that could then be used for 3 things :
>> 
>> 1) making an openstack api available for people who want to just
>> consume VM's for their workloads
>> 
>> 2) migrating the slaves into openstack managed ( ie, self/user
>> managed ) virtual machines
>> 
>> 3) offering up image backed resources for people looking at
>> doing testing with other OSs, eg what the libvirt and libguestfs
>> folks do at the moment.
>> 
>> We have a dedicated hardware slab ( ~ 24 phy machines worth )
>> dedicated to this task ( so as to not cut into the ci baremetal
>> pools ), but are waiting on the RH facility folks to get it wired
>> up and dial-toned.
>> 
>> Given the nature and impact of this setup, I am going to try and
>> see if we can speed up delivery of that infra from the present
>> timeline of end Feb '16.
> 
> Do you expect this service to be available soon?
> 

I've got the basic stuff in place, and we should be able to open for
wider testing in the next day or so.

regards

- -- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXOa6CAAoJEI3Oi2Mx7xbtx1QIAK2Qa6vpvr7PIeTM7uBFP54B
kFKrh4ivyYJLAboLT8NlrSjhFuKWYcBY2P+5nUXi2lzB93M41ZnZdKSBQcBxAgC7
DMjQpGbvWsHOwcaev7y2cg3QwEMVtejPJX7Tx2+aZwX0Zr3i1Zdc7ah26YRAenm7
F3MDdvfQuZeMWBBfUm0ENDXx4eEMjMt4O8Cs1DpTqtCq3ZLDbeSAvNFU+zazocfG
zTfII9/w2uajWWWOGjZWAzffzf2x2/93uPz1ZYqsk9pK6T/MNaLr+pLIYLewUHXG
piNk1ibuTl2qmrK9FoQZYbROqFKgCoQfgnXAldMekjMDhkOldVLddUbZjmh7GlQ=
=MAkC
-----END PGP SIGNATURE-----


From dominic at cleal.org  Mon May 16 13:11:50 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Mon, 16 May 2016 14:11:50 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org> <573996F9.1070001@cleal.org>
	<03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>
Message-ID: <5739C716.8020101@cleal.org>

On 16/05/16 12:26, Karanbir Singh wrote:
> On 16/05/16 10:46, Dominic Cleal wrote:
>> On 13/01/16 12:52, Karanbir Singh wrote:
>>> We've been looking at and trying to scope up getting an RDO cloud
>>> in place, that could then be used for 3 things :
>>>
>>> 1) making an openstack api available for people who want to just
>>> consume VM's for their workloads
>>>
>>> 2) migrating the slaves into openstack managed ( ie, self/user
>>> managed ) virtual machines
>>>
>>> 3) offering up image backed resources for people looking at
>>> doing testing with other OSs, eg what the libvirt and libguestfs
>>> folks do at the moment.
>>>
>>> We have a dedicated hardware slab ( ~ 24 phy machines worth )
>>> dedicated to this task ( so as to not cut into the ci baremetal
>>> pools ), but are waiting on the RH facility folks to get it wired
>>> up and dial-toned.
>>>
>>> Given the nature and impact of this setup, I am going to try and
>>> see if we can speed up delivery of that infra from the present
>>> timeline of end Feb '16.
> 
>> Do you expect this service to be available soon?
> 
> 
> I've got the basic stuff in place, and we should be able to open for
> wider testing in the next day or so.

That's great news, thanks. I'd be happy to help test.

-- 
Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160516/292b4178/attachment-0002.sig>

From walters at verbum.org  Mon May 16 15:24:48 2016
From: walters at verbum.org (Colin Walters)
Date: Mon, 16 May 2016 11:24:48 -0400
Subject: [Ci-users] Request for
 https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
In-Reply-To: <CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>
References: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
	<CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>
Message-ID: <1463412288.4049714.609249617.5D2C4243@webmail.messagingengine.com>

 
 
 
On Fri, May 13, 2016, at 06:20 PM, David Moreau Simard wrote:
> I'm already using this for several jobs, exactly for the use case of
> cleaning up nodes and collecting nodes.
> Is it not working for you ?
>  Is post-tasks the same thing ?
 
Looks like that's a different plugin, but indeed seems pretty close.? I
actually ended up using:
 
```
publishers:
- trigger-parameterized-builds:
```
 
Which is installed now, because I wanted to serialize around a single
cleanup builder for duffy.? I'lll post more about this later.
 
Thanks though for the link to your JJB - it's really useful to see what
other people are doing in this area.? What I'm working on now is in:
https://github.com/cgwalters/sig-atomic-buildscripts/tree/pr-testing/centos-ci
for those interested.
 
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160516/f9fee501/attachment-0002.html>

From hhorak at redhat.com  Tue May 17 16:46:56 2016
From: hhorak at redhat.com (Honza Horak)
Date: Tue, 17 May 2016 18:46:56 +0200
Subject: [Ci-users] Test results not sent to github PR
Message-ID: <573B4B00.4060408@redhat.com>

I'm fighting with github+jenkins integration; specifically I'd like to 
make jenkins to run a job [1] for every commit in PR [2] or after 
writing message '[test]' in this PR. Then I expect the test result to be 
set in github PR.

One issue I see is that when trying to follow [3] and adding 
'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent 
Deliveries' section.

Well, when adding [test] comment, the job is run, but the output is not 
sent into github.

I'd appreciate any help here, since I'm quite new to jenkins..

[1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
[2] https://github.com/sclorg/mariadb-container/pull/1
[3] https://wiki.centos.org/QaWiki/CI/GithubIntegration

Honza


From brian at bstinson.com  Tue May 17 16:52:14 2016
From: brian at bstinson.com (Brian Stinson)
Date: Tue, 17 May 2016 11:52:14 -0500
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <573B4B00.4060408@redhat.com>
References: <573B4B00.4060408@redhat.com>
Message-ID: <20160517165214.GT4349@ender.bstinson.lan>

On May 17 18:46, Honza Horak wrote:
> I'm fighting with github+jenkins integration; specifically I'd like to make
> jenkins to run a job [1] for every commit in PR [2] or after writing message
> '[test]' in this PR. Then I expect the test result to be set in github PR.
> 
> One issue I see is that when trying to follow [3] and adding
> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent Deliveries'
> section.
> 
> Well, when adding [test] comment, the job is run, but the output is not sent
> into github.
> 
> I'd appreciate any help here, since I'm quite new to jenkins..
> 
> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
> [2] https://github.com/sclorg/mariadb-container/pull/1
> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
> 
> Honza
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users

Be sure you have the trailing slash in the webhook url:

https://ci.centos.org/ghbrphook/ 

I'll update [3] to make sure that's more clear.

Cheers!

--
Brian Stinson 


From hhorak at redhat.com  Tue May 17 18:18:58 2016
From: hhorak at redhat.com (Honza Horak)
Date: Tue, 17 May 2016 20:18:58 +0200
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <20160517165214.GT4349@ender.bstinson.lan>
References: <573B4B00.4060408@redhat.com>
	<20160517165214.GT4349@ender.bstinson.lan>
Message-ID: <573B6092.8060704@redhat.com>

On 05/17/2016 06:52 PM, Brian Stinson wrote:
> On May 17 18:46, Honza Horak wrote:
>> I'm fighting with github+jenkins integration; specifically I'd like to make
>> jenkins to run a job [1] for every commit in PR [2] or after writing message
>> '[test]' in this PR. Then I expect the test result to be set in github PR.
>>
>> One issue I see is that when trying to follow [3] and adding
>> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent Deliveries'
>> section.
>>
>> Well, when adding [test] comment, the job is run, but the output is not sent
>> into github.
>>
>> I'd appreciate any help here, since I'm quite new to jenkins..
>>
>> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
>> [2] https://github.com/sclorg/mariadb-container/pull/1
>> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
>>
>> Honza
>> _______________________________________________
>> Ci-users mailing list
>> Ci-users at centos.org
>> https://lists.centos.org/mailman/listinfo/ci-users
>
> Be sure you have the trailing slash in the webhook url:
>
> https://ci.centos.org/ghbrphook/
>
> I'll update [3] to make sure that's more clear.

I'm afraid it still doesn't work, this is my output in 'Recent Deliveries':

Headers

Cache-Control: must-revalidate,no-cache,no-store
Connection: keep-alive
Content-Length: 1441
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 17 May 2016 18:18:07 GMT
Server: nginx/1.0.15
X-Content-Type-Options: nosniff

Body

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /ghbrphook/. Reason:
<pre>    No valid crumb was included in the request</pre></p><hr 
/><i><small>Powered by Jetty://</small></i><br/> 

<br/>

Honza


From walters at verbum.org  Wed May 18 16:40:23 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 12:40:23 -0400
Subject: [Ci-users] duffy requests
Message-ID: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>

1) Public source code
2) Arbitrary metadata (could be JSON or just a blob) like /Node/get/?key=blah&metadata=<base64 encoded json>
   Then a new /InventoryExt verb that returns JSON like:

[
    { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded json>" },
    { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded json>" }
]

3) Also add a new option to /get/  named "longpoll" which means the machine is automatically deallocated when the requester's TCP connection closes.  This would help ensure that e.g. cancelling the job or a Jenkins restart etc. automatically deallocated the machine


From herlo at redhat.com  Wed May 18 17:04:18 2016
From: herlo at redhat.com (Clint Savage)
Date: Wed, 18 May 2016 11:04:18 -0600
Subject: [Ci-users] duffy requests
In-Reply-To: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
Message-ID: <CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>

I like this concept. I wonder if the base64 encoding is really necessary.

Here's what our internal tool reads. I would love to see something that
could work in both environments with very little adjustment.

This example uses openstack, thus the 'user-data-files' is unnecessary, and
the main resources might look different also.

{
    "resources": [
        {
            "name": "openshift-node1",
            "count": "1",
            "flavor": "m1.medium",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'primary', 'zone':
'east'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["nodes", "OSEv3"]
            }
        },
        {
            "name": "openshift-node2",
            "count": "1",
            "flavor": "m1.medium",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'primary', 'zone':
'west'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["nodes", "OSEv3", "repo_host"]
            }
        },
        {
            "name": "openshift-master",
            "count": "1",
            "flavor": "m1.large",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'infra', 'zone':
'default'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["masters", "nodes", "OSEv3"]
            }
        }
   ]
}

Cheers,

herlo

On Wed, May 18, 2016 at 10:40 AM, Colin Walters <walters at verbum.org> wrote:

> 1) Public source code
> 2) Arbitrary metadata (could be JSON or just a blob) like
> /Node/get/?key=blah&metadata=<base64 encoded json>
>    Then a new /InventoryExt verb that returns JSON like:
>
> [
>     { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded
> json>" },
>     { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded
> json>" }
> ]
>
> 3) Also add a new option to /get/  named "longpoll" which means the
> machine is automatically deallocated when the requester's TCP connection
> closes.  This would help ensure that e.g. cancelling the job or a Jenkins
> restart etc. automatically deallocated the machine
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/2e5906ab/attachment-0002.html>

From ari at redhat.com  Wed May 18 17:11:09 2016
From: ari at redhat.com (Ari LiVigni)
Date: Wed, 18 May 2016 13:11:09 -0400
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
Message-ID: <CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>

It would be great if this could be generated as dynamic ansible inventory.
We do this with the output of the node creation.  This way it becomes very
easy to use ansible to do any follow on tasks once you have the resources.

On Wed, May 18, 2016 at 1:04 PM, Clint Savage <herlo at redhat.com> wrote:

> I like this concept. I wonder if the base64 encoding is really necessary.
>
> Here's what our internal tool reads. I would love to see something that
> could work in both environments with very little adjustment.
>
> This example uses openstack, thus the 'user-data-files' is unnecessary,
> and the main resources might look different also.
>
> {
>     "resources": [
>         {
>             "name": "openshift-node1",
>             "count": "1",
>             "flavor": "m1.medium",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'primary', 'zone':
> 'east'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["nodes", "OSEv3"]
>             }
>         },
>         {
>             "name": "openshift-node2",
>             "count": "1",
>             "flavor": "m1.medium",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'primary', 'zone':
> 'west'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["nodes", "OSEv3", "repo_host"]
>             }
>         },
>         {
>             "name": "openshift-master",
>             "count": "1",
>             "flavor": "m1.large",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'infra', 'zone':
> 'default'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["masters", "nodes", "OSEv3"]
>             }
>         }
>    ]
> }
>
> Cheers,
>
> herlo
>
> On Wed, May 18, 2016 at 10:40 AM, Colin Walters <walters at verbum.org>
> wrote:
>
>> 1) Public source code
>> 2) Arbitrary metadata (could be JSON or just a blob) like
>> /Node/get/?key=blah&metadata=<base64 encoded json>
>>    Then a new /InventoryExt verb that returns JSON like:
>>
>> [
>>     { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded
>> json>" },
>>     { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded
>> json>" }
>> ]
>>
>> 3) Also add a new option to /get/  named "longpoll" which means the
>> machine is automatically deallocated when the requester's TCP connection
>> closes.  This would help ensure that e.g. cancelling the job or a Jenkins
>> restart etc. automatically deallocated the machine
>> _______________________________________________
>> Ci-users mailing list
>> Ci-users at centos.org
>> https://lists.centos.org/mailman/listinfo/ci-users
>>
>
>
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
>


-- 
-== @ri ==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/c1de0f04/attachment-0002.html>

From herlo at redhat.com  Wed May 18 17:15:10 2016
From: herlo at redhat.com (Clint Savage)
Date: Wed, 18 May 2016 11:15:10 -0600
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
Message-ID: <CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>

On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com> wrote:

> It would be great if this could be generated as dynamic ansible
> inventory.  We do this with the output of the node creation.  This way it
> becomes very easy to use ansible to do any follow on tasks once you have
> the resources.
>
>
+1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/0e0d45cc/attachment-0002.html>

From kbsingh at centos.org  Wed May 18 17:22:13 2016
From: kbsingh at centos.org (Karanbir Singh)
Date: Wed, 18 May 2016 18:22:13 +0100
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
	<CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
Message-ID: <fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/05/16 18:15, Clint Savage wrote:
> 
> 
> On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com 
> <mailto:ari at redhat.com>> wrote:
> 
> It would be great if this could be generated as dynamic ansible 
> inventory.  We do this with the output of the node creation.  This 
> way it becomes very easy to use ansible to do any follow on tasks 
> once you have the resources.
> 
> 
> +1

what might that actually look like ?


- -- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXPKTFAAoJEI3Oi2Mx7xbt7DIH/iQ2dc/OaW60cH21dEnt6WuL
aqB6rnoBLjws3v0AbYKFzoFjYtA3xd/UNTERa4CjIPWkcdkz/QlUAxRVuuuvC3A1
h29WFnSWhxnEIbRQROAI8dv+qkBum5KjN85ZyVN66mllXPPlLLC1A7w0x+29V8Zo
Keq7+UPPbIQItzyUrJjzRVXIhy456GtUoco+BvmUkESG7eBRyGePjyHH8iFzdArY
jAkNrakPr/CSmXunoYThRDx6I0mAiGnNqXTPoBH2T6bRWWFFfbQdJc0App9uqNa6
gxHGEPLQ7Bt+gCyqgQ8ViGH3U8Rury0kXT83pVYJl7Y4wyowiQEy7Ld/8zRt2oA=
=4ADD
-----END PGP SIGNATURE-----


From ari at redhat.com  Wed May 18 17:47:02 2016
From: ari at redhat.com (Ari LiVigni)
Date: Wed, 18 May 2016 13:47:02 -0400
Subject: [Ci-users] duffy requests
In-Reply-To: <fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
	<CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
	<fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>
Message-ID: <CAMqnh2O2RrfwxD1MMKRmyYqNQ+QDiKKJ3e9njR6OPSEQOqPoow@mail.gmail.com>

*The input is the file that Clint provided which is called a topology file:*
https://paste.fedoraproject.org/368077/35929591/

*Our tools generates output:*
resources.json
https://paste.fedoraproject.org/368075/46359285/

*Then we use this script to use as an inventory file to ansible:*
https://paste.fedoraproject.org/368080/46359306/

*We run the this command to get the inventory:*
python ci-factory/utils/central_ci_dynamic_hosts.py | python -m json.tool

*Inventory looks like:*
https://paste.fedoraproject.org/368081/63593258/

Then you can run:
ansible-playbook -i ci-factory/utils/central_ci_dynamic_hosts.py
--private-key <ssh-key> <playbook-you-want-to-run>

Sounds like from Brian's demo that this could be done after you get the
resources as well by the user, but it may be nice to have this as an
infrastructure toolset.

On Wed, May 18, 2016 at 1:22 PM, Karanbir Singh <kbsingh at centos.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 18/05/16 18:15, Clint Savage wrote:
> >
> >
> > On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com
> > <mailto:ari at redhat.com>> wrote:
> >
> > It would be great if this could be generated as dynamic ansible
> > inventory.  We do this with the output of the node creation.  This
> > way it becomes very easy to use ansible to do any follow on tasks
> > once you have the resources.
> >
> >
> > +1
>
> what might that actually look like ?
>
>
> - --
> Karanbir Singh, Project Lead, The CentOS Project
> +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
> GnuPG Key : http://www.karan.org/publickey.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQEcBAEBAgAGBQJXPKTFAAoJEI3Oi2Mx7xbt7DIH/iQ2dc/OaW60cH21dEnt6WuL
> aqB6rnoBLjws3v0AbYKFzoFjYtA3xd/UNTERa4CjIPWkcdkz/QlUAxRVuuuvC3A1
> h29WFnSWhxnEIbRQROAI8dv+qkBum5KjN85ZyVN66mllXPPlLLC1A7w0x+29V8Zo
> Keq7+UPPbIQItzyUrJjzRVXIhy456GtUoco+BvmUkESG7eBRyGePjyHH8iFzdArY
> jAkNrakPr/CSmXunoYThRDx6I0mAiGnNqXTPoBH2T6bRWWFFfbQdJc0App9uqNa6
> gxHGEPLQ7Bt+gCyqgQ8ViGH3U8Rury0kXT83pVYJl7Y4wyowiQEy7Ld/8zRt2oA=
> =4ADD
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>



-- 
-== @ri ==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/feed6e5d/attachment-0002.html>

From walters at verbum.org  Wed May 18 21:05:47 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 17:05:47 -0400
Subject: [Ci-users] centos-ci-skeleton v2016.1
Message-ID: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>

Hi,

https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

is a repo I put together today that's factoring out some recent work
I did on a new duffy wrapper script:

https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

Combined with JJB templates:

https://github.com/cgwalters/centos-ci-skeleton/blob/master/jjb-tmpl/cciskel-duffy.yml

My high level goal is to try to establish a bit more of a shared
baseline codebase.  It seems for example that most CentOS CI users
are using Jenkins Job Builder.  (If you're not, you should really consider it).

If you look at my demo job:

https://github.com/cgwalters/centos-ci-skeleton/tree/master/jjb-demo

It shows how to pair together things so that you get a reusable node
that's provisioned via an Ansible playbook.



From walters at verbum.org  Thu May 19 00:08:21 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 20:08:21 -0400
Subject: [Ci-users] centos-ci-skeleton v2016.1
In-Reply-To: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
References: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
Message-ID: <1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>



On Wed, May 18, 2016, at 05:05 PM, Colin Walters wrote:
> Hi,
> 
> https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
> 
> is a repo I put together today that's factoring out some recent work
> I did on a new duffy wrapper script:
> 
> https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

This second link should have been 
https://github.com/cgwalters/centos-ci-skeleton/blob/master/cciskel-duffy


From ndevos at redhat.com  Thu May 19 10:17:20 2016
From: ndevos at redhat.com (Niels de Vos)
Date: Thu, 19 May 2016 12:17:20 +0200
Subject: [Ci-users] Request for virtual IP-addresses in the CI for fail-over
	testing
Message-ID: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>

An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/c2c0831e/attachment-0002.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/c2c0831e/attachment-0002.sig>

From arrfab at centos.org  Thu May 19 11:56:46 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Thu, 19 May 2016 13:56:46 +0200
Subject: [Ci-users] Request for virtual IP-addresses in the CI for
 fail-over testing
In-Reply-To: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>
References: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>
Message-ID: <573DA9FE.7000606@centos.org>

On 19/05/16 12:17, Niels de Vos wrote:
> Hi,
> 
> there is an integration in place with Gluster, NFS-Ganesha and
> Pacemaker. This combination makes it possible to have an active-active
> high-available NFS-server backed by Gluster volumes.
> 
> We'd like to add automated testing for functional fail-over in the CI.
> This requires the use of virtual-IPs that get assigned to the different
> NFS-Ganesha servers, which will migrate to other servers upon failure.
> 
> On https://wiki.centos.org/QaWiki/PubHardware is a mentioning of
> "reserved IP addresses" where the Gluster project in the CI would like
> to get listed too. What is the process to request a few IPs, and what
> are the restrictions we need to be aware of (and how to put them in the
> Jenkins job)?
> 
> Thanks,
> Niels

Hi Niels,

There are probably multiple ways to solve that. For example you have
multiple interfaces (and eth0 -> eth3 are now in the same vlan, but only
eth0 is configured )
So you can for example use another subnet not conflicting with the
172.19.0.0/22 (nor 172.19.4.0/22 also alocated for remote VMs), but I
don't know how you'll test the virtual ip : I guess from another
provisioned node (like a nfs client).
I've reserved the following range for Gluster : 172.19.2.21 ->
172.19.1.30 (and documented it on the wiki page)

Does that work for you ?

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/6d0b3bb3/attachment-0002.sig>

From herlo at redhat.com  Thu May 19 15:23:26 2016
From: herlo at redhat.com (Clint Savage)
Date: Thu, 19 May 2016 09:23:26 -0600
Subject: [Ci-users] centos-ci-skeleton v2016.1
In-Reply-To: <1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>
References: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
	<1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>
Message-ID: <CAMwYf-6BtSxVjHWsG_rJ3Cae7Zh-L5bejVQ7J24kzVCwicMVJA@mail.gmail.com>

Colin,

+1 on this. I've just created
https://github.com/CentOS-PaaS-SIG/centos-paas-ci and will be contributing
there PaaS CI things. I intend to use the cciskel-duffy script, and hope to
model things similarly.

One thought I have been having about the metadata bits we discussed
yesterday in the meeting. What if we didn't have duffy do the metadata, but
rather consumed the session values, nodes, etc. from duffy, then allowed
the cciskel-duffy to pull in a json file that helped define metadata. I can
see that you are doing a small inventory bit in the code, it looks mostly
around ansible groups.

Consider the following use case/story. I've requested three nodes from
duffy, for an openshift cluster. One will be the master, the other two will
be nodes. Putting a custom built RPM repository on one node (not the
master), and then installing using the atomic-openshift-installer. a
installer.cfg.yml file will need to be created which details these items.
Having this in a dynamically-generated inventory from your cciskel-duffy
tool seems like a great location, at least until duffy can do this itself.

Thoughts?

herlo

On Wed, May 18, 2016 at 6:08 PM, Colin Walters <walters at verbum.org> wrote:

>
>
> On Wed, May 18, 2016, at 05:05 PM, Colin Walters wrote:
> > Hi,
> >
> > https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
> >
> > is a repo I put together today that's factoring out some recent work
> > I did on a new duffy wrapper script:
> >
> > https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
>
> This second link should have been
> https://github.com/cgwalters/centos-ci-skeleton/blob/master/cciskel-duffy
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/31d73582/attachment-0002.html>

From arrfab at centos.org  Fri May 20 08:27:37 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Fri, 20 May 2016 10:27:37 +0200
Subject: [Ci-users] Important infra outage notification - dates to be
	discussed
Message-ID: <573ECA79.70207@centos.org>

Due to some reorganization at the DC/Cage level, we'll have to
shutdown/move/reconfigure a big part of our hosted infra for the
following services :
- cbs.centos.org (Koji)
- accounts.centos.org (auth backend)
- ci.centos.org (jenkins-driven CI environment)

We're working on a plan to minimize the downtime/reconfiguration part,
but at first sight, due to the hardware move of the racks/recabling
parts/etc, the announced downtime will be probably ~48h.

What does that mean ? That during this window, nobody will be able to
build/tests packages, nor be able to triggers automatically CI jobs
(important).
As said, we're working on an agenda with the team operating the DC, but
we'd like you (cbs and ci users) to give us feedback on the best (or
worst ?) time line for such migration.

For example if you know that your $project will have a release soon, and
already have an agenda for such release (and so build/ci) and that you
rely on that infra, we'd like you to communicate those informations to
us, so that we can try to find the best possible time slot for the
migration, minimizing the impact on the whole CentOS ecosystem (and so
for all our users)

Feel free to answer in this thread, or find us in #centos-devel on freenode.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160520/7eb2d2aa/attachment-0002.sig>

From walters at verbum.org  Sat May 21 13:31:48 2016
From: walters at verbum.org (Colin Walters)
Date: Sat, 21 May 2016 09:31:48 -0400
Subject: [Ci-users] Jenkins SafeRestart to add extra CSRF Protection
 19-Apr-2016 14h30 UTC (09h30 EDT)
In-Reply-To: <20160419135426.GC4349@ender.bstinson.lan>
References: <20160419135426.GC4349@ender.bstinson.lan>
Message-ID: <1463837508.618503.614550297.2097E00D@webmail.messagingengine.com>

On Tue, Apr 19, 2016, at 09:54 AM, Brian Stinson wrote:
> Hi Folks,
> 
> In response to news of directed attacks against public Jenkins
> instances[0], we are enabling some of the CSRF protections in ci.centos.org

It looks like this also caused:

https://github.com/janinko/ghprb/issues/84

However I'm a bit confused - it seems like a lot more
people should be hitting this.  Perhaps people just aren't
turning on CSRF?

Then I also found
https://github.com/jenkinsci/ghprb-plugin/commit/cb8447f991aebe3de688d3548c451dd128e16900
which:
$ git describe --contains cb8447f991aebe3de688d3548c451dd128e16900
ghprb-1.28~3^2

So it *should* be in the 1.30.4 we're running according to
https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]

Did anyone else manage to get the ghprb hooks working?

(Aside, I was trying to work around this by using the raw `github` plugin's webhook
 which does work, but I couldn't quite figure out how to make a single job that builds
 multiple PRs be "stable", i.e. avoid retriggering for previously built PRs, plus in the
 end we do need a way to retrigger as ghprb handles)


From bstinson at redhat.com  Mon May 23 19:58:28 2016
From: bstinson at redhat.com (Brian Stinson)
Date: Mon, 23 May 2016 14:58:28 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
Message-ID: <20160523195828.GC26882@ender.bstinson.lan>

Hi Folks,

We will be having a maintenance window starting at 1AM UTC on Friday,
May 27th to do the following work:

- Upgrade to the latest Jenkins LTS 
- Upgrade all plugins (including the Github Plugin) to their latest
  versions
- Install the Pipeline Plugin (bug: 10825)
- Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
- Reboot the storage node 

The following services will be affected:
- ci.centos.org: Jenkins Frontend
- artifacts.ci.centos.org: File availability

As usual we will have a quiet period starting 1 hour before in order to
let pending jobs clear out.

If there are any questions please let us know.

Cheers!

--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160523/abfd0ba2/attachment-0002.sig>

From hhorak at redhat.com  Mon May 23 20:12:59 2016
From: hhorak at redhat.com (Honza Horak)
Date: Mon, 23 May 2016 22:12:59 +0200
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <573B6092.8060704@redhat.com>
References: <573B4B00.4060408@redhat.com>
	<20160517165214.GT4349@ender.bstinson.lan>
	<573B6092.8060704@redhat.com>
Message-ID: <5743644B.80001@redhat.com>

Thinking about it a bit, I think it might be caused by the fact that 
"GitHub API credentials" only allows to set "Anonymous connection". 
Shouldn't it be configured so that it can use centos-ci user?

honza

On 05/17/2016 08:18 PM, Honza Horak wrote:
> On 05/17/2016 06:52 PM, Brian Stinson wrote:
>> On May 17 18:46, Honza Horak wrote:
>>> I'm fighting with github+jenkins integration; specifically I'd like
>>> to make
>>> jenkins to run a job [1] for every commit in PR [2] or after writing
>>> message
>>> '[test]' in this PR. Then I expect the test result to be set in
>>> github PR.
>>>
>>> One issue I see is that when trying to follow [3] and adding
>>> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent
>>> Deliveries'
>>> section.
>>>
>>> Well, when adding [test] comment, the job is run, but the output is
>>> not sent
>>> into github.
>>>
>>> I'd appreciate any help here, since I'm quite new to jenkins..
>>>
>>> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
>>> [2] https://github.com/sclorg/mariadb-container/pull/1
>>> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
>>>
>>> Honza
>>> _______________________________________________
>>> Ci-users mailing list
>>> Ci-users at centos.org
>>> https://lists.centos.org/mailman/listinfo/ci-users
>>
>> Be sure you have the trailing slash in the webhook url:
>>
>> https://ci.centos.org/ghbrphook/
>>
>> I'll update [3] to make sure that's more clear.
>
> I'm afraid it still doesn't work, this is my output in 'Recent Deliveries':
>
> Headers
>
> Cache-Control: must-revalidate,no-cache,no-store
> Connection: keep-alive
> Content-Length: 1441
> Content-Type: text/html;charset=ISO-8859-1
> Date: Tue, 17 May 2016 18:18:07 GMT
> Server: nginx/1.0.15
> X-Content-Type-Options: nosniff
>
> Body
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
> <title>Error 403 No valid crumb was included in the request</title>
> </head>
> <body><h2>HTTP ERROR 403</h2>
> <p>Problem accessing /ghbrphook/. Reason:
> <pre>    No valid crumb was included in the request</pre></p><hr
> /><i><small>Powered by Jetty://</small></i><br/>
> <br/>
>
> Honza
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users


From dominic at cleal.org  Tue May 24 07:15:42 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Tue, 24 May 2016 08:15:42 +0100
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160523195828.GC26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
Message-ID: <5743FF9E.9010207@cleal.org>

On 23/05/16 20:58, Brian Stinson wrote:
> Hi Folks,
> 
> We will be having a maintenance window starting at 1AM UTC on Friday,
> May 27th to do the following work:
> 
> - Upgrade to the latest Jenkins LTS 

Just a heads up, the latest Jenkins LTS (1.651.2) broke a few plugins in
its default configuration which filters out unknown job parameters.
Notably it broke the matrix project plugin which will probably affect a
few users - I had to disable the new security feature on the Foreman
Jenkins server.

https://issues.jenkins-ci.org/browse/JENKINS-34758 and
https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170
have more details about the plugins affected.

-- 
Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160524/22505e56/attachment-0002.sig>

From brian at bstinson.com  Thu May 26 17:14:30 2016
From: brian at bstinson.com (Brian Stinson)
Date: Thu, 26 May 2016 12:14:30 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160523195828.GC26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
Message-ID: <20160526171430.GG26882@ender.bstinson.lan>

On May 23 14:58, Brian Stinson wrote:
> Hi Folks,
> 
> We will be having a maintenance window starting at 1AM UTC on Friday,
> May 27th to do the following work:
> 
> - Upgrade to the latest Jenkins LTS 
> - Upgrade all plugins (including the Github Plugin) to their latest
>   versions
> - Install the Pipeline Plugin (bug: 10825)
> - Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
> - Reboot the storage node 
> 
> The following services will be affected:
> - ci.centos.org: Jenkins Frontend
> - artifacts.ci.centos.org: File availability
> 
> As usual we will have a quiet period starting 1 hour before in order to
> let pending jobs clear out.
> 
> If there are any questions please let us know.
> 
> Cheers!
> 
> --
> Brian Stinson
> CentOS CI Infrastructure Team

Hi All,

Just a reminder that this maintenance window will take place tonight!

Cheers!

--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160526/fbb61b81/attachment-0002.sig>

From brian at bstinson.com  Fri May 27 01:41:20 2016
From: brian at bstinson.com (Brian Stinson)
Date: Thu, 26 May 2016 20:41:20 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160526171430.GG26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
Message-ID: <20160527014120.GH26882@ender.bstinson.lan>

On May 26 12:14, Brian Stinson wrote:
> On May 23 14:58, Brian Stinson wrote:
> > Hi Folks,
> > 
> > We will be having a maintenance window starting at 1AM UTC on Friday,
> > May 27th to do the following work:
> > 
> > - Upgrade to the latest Jenkins LTS 
> > - Upgrade all plugins (including the Github Plugin) to their latest
> >   versions
> > - Install the Pipeline Plugin (bug: 10825)
> > - Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
> > - Reboot the storage node 
> > 
> > The following services will be affected:
> > - ci.centos.org: Jenkins Frontend
> > - artifacts.ci.centos.org: File availability
> > 
> > As usual we will have a quiet period starting 1 hour before in order to
> > let pending jobs clear out.
> > 
> > If there are any questions please let us know.
> > 
> > Cheers!
> > 
> > --
> > Brian Stinson
> > CentOS CI Infrastructure Team
> 
> Hi All,
> 
> Just a reminder that this maintenance window will take place tonight!
> 
> Cheers!
> 
> --
> Brian Stinson
> CentOS CI Infrastructure Team

Ok Folks,

We should be back up and accepting new jobs. 

Please let us know if there is any trouble

Cheers!
--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160526/9d08afb3/attachment-0002.sig>

From walters at verbum.org  Fri May 27 15:44:38 2016
From: walters at verbum.org (Colin Walters)
Date: Fri, 27 May 2016 11:44:38 -0400
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160527014120.GH26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
Message-ID: <1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>

On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:

> Please let us know if there is any trouble

jenkins-job-builder now fails with:

```
$ /usr/bin/make update
jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
Traceback (most recent call last):
  File "/usr/bin/jenkins-jobs", line 10, in <module>
    sys.exit(main())
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
    execute(options, config)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
    options.names)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
    self.load_files(input_fn)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
    self.parser = YamlParser(self.global_config, self.plugins_list)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
    self._plugins_list = self.jenkins.get_plugins_info()
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
    raise e
jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
```

It seems it's trying to do the equivalent of:

https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]

For which I now get:

Access Denied

atomic-sig is missing the Overall/Administer permission

Even though both I and JJB aren't trying to administer anything, just retrieve
the list of plugins.


From dshah at redhat.com  Fri May 27 16:50:28 2016
From: dshah at redhat.com (Dharmit Shah)
Date: Fri, 27 May 2016 22:20:28 +0530
Subject: [Ci-users] Networking query (Vagrant + Duffy + Jenkins)
Message-ID: <95e7dce6-b26e-897a-c3c9-c702226fa708@redhat.com>

Hi all,

I'm trying to get access to OpenShift service running inside the Vagrant 
box on one of the systems provided by Duffy. I'm attempting to access it 
from Jenkins slave.

I tried to forward the port 8443 inside the Vagrant box to port 8443 on 
Duffy provided system. And then when I try to access it from Jenkins 
slave, it fails with error:

$ ./oc login <duffy-provided-slave>
Unable to connect to the server: dial tcp <ip-address>:8443: getsockopt: 
no route to host

A rough mapping of the systems involved should look like this:

Jenkins Slave --> Duffy provisioned host (CentOS 7) --> Vagrant box 
running OpenShift (CentOS 7)			

I want to check with the group if someone's ever tried something like 
this and succeeded. Would love to hear some ideas that we should be trying.

Regards,
Dharmit.


From brian at bstinson.com  Fri May 27 17:01:36 2016
From: brian at bstinson.com (Brian Stinson)
Date: Fri, 27 May 2016 12:01:36 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
	<1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
Message-ID: <20160527170136.GI26882@ender.bstinson.lan>

On May 27 11:44, Colin Walters wrote:
> On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:
> 
> > Please let us know if there is any trouble
> 
> jenkins-job-builder now fails with:
> 
> ```
> $ /usr/bin/make update
> jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
> INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
> Traceback (most recent call last):
>   File "/usr/bin/jenkins-jobs", line 10, in <module>
>     sys.exit(main())
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
>     execute(options, config)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
>     options.names)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
>     self.load_files(input_fn)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
>     self.parser = YamlParser(self.global_config, self.plugins_list)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
>     self._plugins_list = self.jenkins.get_plugins_info()
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
>     raise e
> jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
> ```
> 
> It seems it's trying to do the equivalent of:
> 
> https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]
> 
> For which I now get:
> 
> Access Denied
> 
> atomic-sig is missing the Overall/Administer permission
> 
> Even though both I and JJB aren't trying to administer anything, just retrieve
> the list of plugins.

This is due to a fix for SECURITY-250:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

We had a hotfix to re-enable plugin lists but it looks like I missed one
of the permission checks. I'll investigate, re-patch and report back
here.

Cheers!
-- Brian


From walters at verbum.org  Tue May 31 17:00:44 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 31 May 2016 13:00:44 -0400
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160527170136.GI26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
	<1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
	<20160527170136.GI26882@ender.bstinson.lan>
Message-ID: <1464714044.3726246.623829185.2C5FEA22@webmail.messagingengine.com>



On Fri, May 27, 2016, at 01:01 PM, Brian Stinson wrote:

> We had a hotfix to re-enable plugin lists but it looks like I missed one
> of the permission checks. I'll investigate, re-patch and report back
> here.

Anything we can do to help with this?  At the moment this is
a blocker for continuing to use CentOS CI, and while no time
is opportune for CI to break, I've been in the middle of increasing
investment in it and trying to bring others on board.




From walters at verbum.org  Tue May 10 13:35:07 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:35:07 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
Message-ID: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>

```
[atomic-sig at slave01 ~]$ host cbs.centos.org
cbs.centos.org has address 172.20.1.15
[atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
^C
```

Just times out - I'm guessing there's some intermediate firewall, or
perhaps IP conflict on the 172.19 subnet?

Using the external IP works:

```
[atomic-sig at slave01 ~]$ host cbs.centos.org 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

cbs.centos.org has address 66.187.224.194
[atomic-sig at slave01 ~]$ curl http://66.187.224.194/repos/virt7-docker-common-candidate/x86_64/os/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
```


From walters at verbum.org  Tue May 10 13:38:50 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:38:50 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
Message-ID: <1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>



On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
> ```
> [atomic-sig at slave01 ~]$ host cbs.centos.org
> cbs.centos.org has address 172.20.1.15
> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
> ^C
> ```
> 
> Just times out 

Argh!  It turns out it's https:// vs http://.  I broke it with:
https://github.com/CentOS/sig-atomic-buildscripts/pull/68

I can work around this for now by sed'ing the repo to use
http just inside the CI infra.


From arrfab at centos.org  Tue May 10 13:47:03 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Tue, 10 May 2016 15:47:03 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
Message-ID: <5731E657.80607@centos.org>

On 10/05/16 15:38, Colin Walters wrote:
> 
> 
> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>> ```
>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>> cbs.centos.org has address 172.20.1.15
>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>> ^C
>> ```
>>
>> Just times out 
> 
> Argh!  It turns out it's https:// vs http://.  I broke it with:
> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
> 
> I can work around this for now by sed'ing the repo to use
> http just inside the CI infra.

CI environment is located in the same DC as cbs, but in a different
subnet/vlan and with ip/port filtering at the gw level. Initially we
only opened http from ci to cbs, but I now added https too.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160510/9225757b/attachment-0003.sig>

From walters at verbum.org  Tue May 10 13:53:58 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:53:58 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <5731E657.80607@centos.org>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
	<5731E657.80607@centos.org>
Message-ID: <1462888438.289727.603523505.3EB1F994@webmail.messagingengine.com>

On Tue, May 10, 2016, at 09:47 AM, Fabian Arrotin wrote:

> CI environment is located in the same DC as cbs, but in a different
> subnet/vlan and with ip/port filtering at the gw level. Initially we
> only opened http from ci to cbs, but I now added https too.

Thanks for the quick response, [confirmed] the fix works.

FWIW it's quite important to use https:// for CBS because the RPMs
are unsigned.  (And even if they were signed one would want to use
https:// anyways due to https://isis.poly.edu/%7Ejcappos/papers/cappos_mirror_ccs_08.pdf )



From jbrooks at redhat.com  Tue May 10 18:37:28 2016
From: jbrooks at redhat.com (Jason Brooks)
Date: Tue, 10 May 2016 11:37:28 -0700
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <5731E657.80607@centos.org>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
	<5731E657.80607@centos.org>
Message-ID: <CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>

On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
> On 10/05/16 15:38, Colin Walters wrote:
>>
>>
>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>> ```
>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>> cbs.centos.org has address 172.20.1.15
>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>> ^C
>>> ```
>>>
>>> Just times out
>>
>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>
>> I can work around this for now by sed'ing the repo to use
>> http just inside the CI infra.
>
> CI environment is located in the same DC as cbs, but in a different
> subnet/vlan and with ip/port filtering at the gw level. Initially we
> only opened http from ci to cbs, but I now added https too.

I'm getting a similar-looking issue w/ https from the ci artifacts location:

https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/

I'm trying to pull pkgs built in the ci and stored there in another ci job...

Jason

>
> --
> Fabian Arrotin
> The CentOS Project | http://www.centos.org
> gpg key: 56BEC54E | twitter: @arrfab
>
>
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>


From arrfab at centos.org  Tue May 10 18:43:41 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Tue, 10 May 2016 20:43:41 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
Message-ID: <57322BDD.80602@centos.org>

On 10/05/16 20:37, Jason Brooks wrote:
> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>> On 10/05/16 15:38, Colin Walters wrote:
>>>
>>>
>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>> ```
>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>> cbs.centos.org has address 172.20.1.15
>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>> ^C
>>>> ```
>>>>
>>>> Just times out
>>>
>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>
>>> I can work around this for now by sed'ing the repo to use
>>> http just inside the CI infra.
>>
>> CI environment is located in the same DC as cbs, but in a different
>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>> only opened http from ci to cbs, but I now added https too.
> 
> I'm getting a similar-looking issue w/ https from the ci artifacts location:
> 
> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
> 
> I'm trying to pull pkgs built in the ci and stored there in another ci job...
> 
> Jason
> 

Different issue as artifact node is internal and that has been discussed
some time ago :
https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
(and people confirmed that the solution worked for them)
And the wiki/doc was also adapted to only show one url that works both
internally and externally :
https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
http://artifacts.ci.centos.org/


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160510/324b4648/attachment-0003.sig>

From walters at verbum.org  Tue May 10 18:53:46 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 14:53:46 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <57322BDD.80602@centos.org>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
Message-ID: <1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>

On Tue, May 10, 2016, at 02:43 PM, Fabian Arrotin wrote:
>
> http://artifacts.ci.centos.org/

That URL is currently only accessible via insecure HTTP (presented
cert's CN is just ci.centos.org), so I don't think it's a good idea to point
users or systems at it.


From jbrooks at redhat.com  Tue May 10 19:06:38 2016
From: jbrooks at redhat.com (Jason Brooks)
Date: Tue, 10 May 2016 12:06:38 -0700
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
	<1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>
Message-ID: <CAF=rfpBQ-YCxs98Vq6BwjQ-hjZnGS9261k5f3b0TyGwFb-B5iQ@mail.gmail.com>

On Tue, May 10, 2016 at 11:53 AM, Colin Walters <walters at verbum.org> wrote:
> On Tue, May 10, 2016, at 02:43 PM, Fabian Arrotin wrote:
>>
>> http://artifacts.ci.centos.org/
>
> That URL is currently only accessible via insecure HTTP (presented
> cert's CN is just ci.centos.org), so I don't think it's a good idea to point
> users or systems at it.

OK, for now I'm going to work around this in the ci job definition w/ some sed.

> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users


From mail-lists at karan.org  Wed May 11 13:12:19 2016
From: mail-lists at karan.org (Karanbir Singh)
Date: Wed, 11 May 2016 14:12:19 +0100
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <57322BDD.80602@centos.org>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
Message-ID: <8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>

On 10/05/16 19:43, Fabian Arrotin wrote:
> On 10/05/16 20:37, Jason Brooks wrote:
>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>
>>>>
>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>> ```
>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>> cbs.centos.org has address 172.20.1.15
>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>> ^C
>>>>> ```
>>>>>
>>>>> Just times out
>>>>
>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>
>>>> I can work around this for now by sed'ing the repo to use
>>>> http just inside the CI infra.
>>>
>>> CI environment is located in the same DC as cbs, but in a different
>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>> only opened http from ci to cbs, but I now added https too.
>>
>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>
>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>
>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>
>> Jason
>>
> 
> Different issue as artifact node is internal and that has been discussed
> some time ago :
> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
> (and people confirmed that the solution worked for them)
> And the wiki/doc was also adapted to only show one url that works both
> internally and externally :
> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
> http://artifacts.ci.centos.org/
> 

options on how the https:// might work on the CDN for buildlogs ?


-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc


From arrfab at centos.org  Wed May 11 13:34:48 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Wed, 11 May 2016 15:34:48 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>
References: <57322BDD.80602@centos.org>
	<8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>
Message-ID: <573334F8.2060808@centos.org>

On 11/05/16 15:12, Karanbir Singh wrote:
> On 10/05/16 19:43, Fabian Arrotin wrote:
>> On 10/05/16 20:37, Jason Brooks wrote:
>>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>>
>>>>>
>>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>>> ```
>>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>>> cbs.centos.org has address 172.20.1.15
>>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>>> ^C
>>>>>> ```
>>>>>>
>>>>>> Just times out
>>>>>
>>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>>
>>>>> I can work around this for now by sed'ing the repo to use
>>>>> http just inside the CI infra.
>>>>
>>>> CI environment is located in the same DC as cbs, but in a different
>>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>>> only opened http from ci to cbs, but I now added https too.
>>>
>>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>>
>>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>>
>>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>>
>>> Jason
>>>
>>
>> Different issue as artifact node is internal and that has been discussed
>> some time ago :
>> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
>> (and people confirmed that the solution worked for them)
>> And the wiki/doc was also adapted to only show one url that works both
>> internally and externally :
>> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
>> http://artifacts.ci.centos.org/
>>
> 
> options on how the https:// might work on the CDN for buildlogs ?
> 
> 

Well, buildlogs is external but also internal copy (yeah ....) but we'd
be able to setup proper https support for that, but the automatic
http->https redirection is what needs to be tested and how yum follows
the redirection for the repomd.xml file (if that works)
Something added on the TODO list, but not priority #1 this week though

OTOH, it's true that it was also discussed that people needing a lot of
artifacts file should ask those to be published on the CDN, and not
retrieved from CI network at all (but can be problematic if people want
the same test to work inside and outside too)

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160511/f25ea924/attachment-0003.sig>

From walters at verbum.org  Fri May 13 20:18:37 2016
From: walters at verbum.org (Colin Walters)
Date: Fri, 13 May 2016 16:18:37 -0400
Subject: [Ci-users] Request for
	https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
Message-ID: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>

It's a handy way to implement cleanup actions, such as de-provisioning a duffy machine regardless of whether or not a job succeeds.


From dms at redhat.com  Fri May 13 22:20:43 2016
From: dms at redhat.com (David Moreau Simard)
Date: Fri, 13 May 2016 18:20:43 -0400
Subject: [Ci-users] Request for
	https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
In-Reply-To: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
References: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
Message-ID: <CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>

I'm already using this for several jobs, exactly for the use case of
cleaning up nodes and collecting nodes.

Is it not working for you ?
Is post-tasks the same thing ?

This is what it looks like in a Jenkins Job Builder template:
https://github.com/rdo-infra/ci-config/blob/master/jenkins/jobs/weirdo-defaults.yml#L34

David Moreau Simard
Senior Software Engineer | Openstack RDO

dmsimard = [irc, github, twitter]
It's a handy way to implement cleanup actions, such as de-provisioning a
duffy machine regardless of whether or not a job succeeds.
_______________________________________________
Ci-users mailing list
Ci-users at centos.org
https://lists.centos.org/mailman/listinfo/ci-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160513/92b23692/attachment-0003.html>

From dominic at cleal.org  Mon May 16 09:46:33 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Mon, 16 May 2016 10:46:33 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <56964871.90109@karan.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org>
Message-ID: <573996F9.1070001@cleal.org>

On 13/01/16 12:52, Karanbir Singh wrote:
> We've been looking at and trying to scope up
> getting an RDO cloud in place, that could then be used for 3 things :
> 
> 1) making an openstack api available for people who want to just consume
> VM's for their workloads
> 
> 2) migrating the slaves into openstack managed ( ie, self/user managed )
> virtual machines
> 
> 3) offering up image backed resources for people looking at doing
> testing with other OSs, eg what the libvirt and libguestfs folks do at
> the moment.
> 
> We have a dedicated hardware slab ( ~ 24 phy machines worth ) dedicated
> to this task ( so as to not cut into the ci baremetal pools ), but are
> waiting on the RH facility folks to get it wired up and dial-toned.
> 
> Given the nature and impact of this setup, I am going to try and see if
> we can speed up delivery of that infra from the present timeline of end
> Feb '16.

Do you expect this service to be available soon?

-- 
Dominic Cleal
dominic at cleal.org


From kbsingh at centos.org  Mon May 16 11:26:58 2016
From: kbsingh at centos.org (Karanbir Singh)
Date: Mon, 16 May 2016 12:26:58 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <573996F9.1070001@cleal.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org> <573996F9.1070001@cleal.org>
Message-ID: <03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16/05/16 10:46, Dominic Cleal wrote:
> On 13/01/16 12:52, Karanbir Singh wrote:
>> We've been looking at and trying to scope up getting an RDO cloud
>> in place, that could then be used for 3 things :
>> 
>> 1) making an openstack api available for people who want to just
>> consume VM's for their workloads
>> 
>> 2) migrating the slaves into openstack managed ( ie, self/user
>> managed ) virtual machines
>> 
>> 3) offering up image backed resources for people looking at
>> doing testing with other OSs, eg what the libvirt and libguestfs
>> folks do at the moment.
>> 
>> We have a dedicated hardware slab ( ~ 24 phy machines worth )
>> dedicated to this task ( so as to not cut into the ci baremetal
>> pools ), but are waiting on the RH facility folks to get it wired
>> up and dial-toned.
>> 
>> Given the nature and impact of this setup, I am going to try and
>> see if we can speed up delivery of that infra from the present
>> timeline of end Feb '16.
> 
> Do you expect this service to be available soon?
> 

I've got the basic stuff in place, and we should be able to open for
wider testing in the next day or so.

regards

- -- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXOa6CAAoJEI3Oi2Mx7xbtx1QIAK2Qa6vpvr7PIeTM7uBFP54B
kFKrh4ivyYJLAboLT8NlrSjhFuKWYcBY2P+5nUXi2lzB93M41ZnZdKSBQcBxAgC7
DMjQpGbvWsHOwcaev7y2cg3QwEMVtejPJX7Tx2+aZwX0Zr3i1Zdc7ah26YRAenm7
F3MDdvfQuZeMWBBfUm0ENDXx4eEMjMt4O8Cs1DpTqtCq3ZLDbeSAvNFU+zazocfG
zTfII9/w2uajWWWOGjZWAzffzf2x2/93uPz1ZYqsk9pK6T/MNaLr+pLIYLewUHXG
piNk1ibuTl2qmrK9FoQZYbROqFKgCoQfgnXAldMekjMDhkOldVLddUbZjmh7GlQ=
=MAkC
-----END PGP SIGNATURE-----


From dominic at cleal.org  Mon May 16 13:11:50 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Mon, 16 May 2016 14:11:50 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org> <573996F9.1070001@cleal.org>
	<03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>
Message-ID: <5739C716.8020101@cleal.org>

On 16/05/16 12:26, Karanbir Singh wrote:
> On 16/05/16 10:46, Dominic Cleal wrote:
>> On 13/01/16 12:52, Karanbir Singh wrote:
>>> We've been looking at and trying to scope up getting an RDO cloud
>>> in place, that could then be used for 3 things :
>>>
>>> 1) making an openstack api available for people who want to just
>>> consume VM's for their workloads
>>>
>>> 2) migrating the slaves into openstack managed ( ie, self/user
>>> managed ) virtual machines
>>>
>>> 3) offering up image backed resources for people looking at
>>> doing testing with other OSs, eg what the libvirt and libguestfs
>>> folks do at the moment.
>>>
>>> We have a dedicated hardware slab ( ~ 24 phy machines worth )
>>> dedicated to this task ( so as to not cut into the ci baremetal
>>> pools ), but are waiting on the RH facility folks to get it wired
>>> up and dial-toned.
>>>
>>> Given the nature and impact of this setup, I am going to try and
>>> see if we can speed up delivery of that infra from the present
>>> timeline of end Feb '16.
> 
>> Do you expect this service to be available soon?
> 
> 
> I've got the basic stuff in place, and we should be able to open for
> wider testing in the next day or so.

That's great news, thanks. I'd be happy to help test.

-- 
Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160516/292b4178/attachment-0003.sig>

From walters at verbum.org  Mon May 16 15:24:48 2016
From: walters at verbum.org (Colin Walters)
Date: Mon, 16 May 2016 11:24:48 -0400
Subject: [Ci-users] Request for
 https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
In-Reply-To: <CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>
References: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
	<CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>
Message-ID: <1463412288.4049714.609249617.5D2C4243@webmail.messagingengine.com>

 
 
 
On Fri, May 13, 2016, at 06:20 PM, David Moreau Simard wrote:
> I'm already using this for several jobs, exactly for the use case of
> cleaning up nodes and collecting nodes.
> Is it not working for you ?
>  Is post-tasks the same thing ?
 
Looks like that's a different plugin, but indeed seems pretty close.? I
actually ended up using:
 
```
publishers:
- trigger-parameterized-builds:
```
 
Which is installed now, because I wanted to serialize around a single
cleanup builder for duffy.? I'lll post more about this later.
 
Thanks though for the link to your JJB - it's really useful to see what
other people are doing in this area.? What I'm working on now is in:
https://github.com/cgwalters/sig-atomic-buildscripts/tree/pr-testing/centos-ci
for those interested.
 
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160516/f9fee501/attachment-0003.html>

From hhorak at redhat.com  Tue May 17 16:46:56 2016
From: hhorak at redhat.com (Honza Horak)
Date: Tue, 17 May 2016 18:46:56 +0200
Subject: [Ci-users] Test results not sent to github PR
Message-ID: <573B4B00.4060408@redhat.com>

I'm fighting with github+jenkins integration; specifically I'd like to 
make jenkins to run a job [1] for every commit in PR [2] or after 
writing message '[test]' in this PR. Then I expect the test result to be 
set in github PR.

One issue I see is that when trying to follow [3] and adding 
'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent 
Deliveries' section.

Well, when adding [test] comment, the job is run, but the output is not 
sent into github.

I'd appreciate any help here, since I'm quite new to jenkins..

[1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
[2] https://github.com/sclorg/mariadb-container/pull/1
[3] https://wiki.centos.org/QaWiki/CI/GithubIntegration

Honza


From brian at bstinson.com  Tue May 17 16:52:14 2016
From: brian at bstinson.com (Brian Stinson)
Date: Tue, 17 May 2016 11:52:14 -0500
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <573B4B00.4060408@redhat.com>
References: <573B4B00.4060408@redhat.com>
Message-ID: <20160517165214.GT4349@ender.bstinson.lan>

On May 17 18:46, Honza Horak wrote:
> I'm fighting with github+jenkins integration; specifically I'd like to make
> jenkins to run a job [1] for every commit in PR [2] or after writing message
> '[test]' in this PR. Then I expect the test result to be set in github PR.
> 
> One issue I see is that when trying to follow [3] and adding
> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent Deliveries'
> section.
> 
> Well, when adding [test] comment, the job is run, but the output is not sent
> into github.
> 
> I'd appreciate any help here, since I'm quite new to jenkins..
> 
> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
> [2] https://github.com/sclorg/mariadb-container/pull/1
> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
> 
> Honza
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users

Be sure you have the trailing slash in the webhook url:

https://ci.centos.org/ghbrphook/ 

I'll update [3] to make sure that's more clear.

Cheers!

--
Brian Stinson 


From hhorak at redhat.com  Tue May 17 18:18:58 2016
From: hhorak at redhat.com (Honza Horak)
Date: Tue, 17 May 2016 20:18:58 +0200
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <20160517165214.GT4349@ender.bstinson.lan>
References: <573B4B00.4060408@redhat.com>
	<20160517165214.GT4349@ender.bstinson.lan>
Message-ID: <573B6092.8060704@redhat.com>

On 05/17/2016 06:52 PM, Brian Stinson wrote:
> On May 17 18:46, Honza Horak wrote:
>> I'm fighting with github+jenkins integration; specifically I'd like to make
>> jenkins to run a job [1] for every commit in PR [2] or after writing message
>> '[test]' in this PR. Then I expect the test result to be set in github PR.
>>
>> One issue I see is that when trying to follow [3] and adding
>> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent Deliveries'
>> section.
>>
>> Well, when adding [test] comment, the job is run, but the output is not sent
>> into github.
>>
>> I'd appreciate any help here, since I'm quite new to jenkins..
>>
>> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
>> [2] https://github.com/sclorg/mariadb-container/pull/1
>> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
>>
>> Honza
>> _______________________________________________
>> Ci-users mailing list
>> Ci-users at centos.org
>> https://lists.centos.org/mailman/listinfo/ci-users
>
> Be sure you have the trailing slash in the webhook url:
>
> https://ci.centos.org/ghbrphook/
>
> I'll update [3] to make sure that's more clear.

I'm afraid it still doesn't work, this is my output in 'Recent Deliveries':

Headers

Cache-Control: must-revalidate,no-cache,no-store
Connection: keep-alive
Content-Length: 1441
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 17 May 2016 18:18:07 GMT
Server: nginx/1.0.15
X-Content-Type-Options: nosniff

Body

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /ghbrphook/. Reason:
<pre>    No valid crumb was included in the request</pre></p><hr 
/><i><small>Powered by Jetty://</small></i><br/> 

<br/>

Honza


From walters at verbum.org  Wed May 18 16:40:23 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 12:40:23 -0400
Subject: [Ci-users] duffy requests
Message-ID: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>

1) Public source code
2) Arbitrary metadata (could be JSON or just a blob) like /Node/get/?key=blah&metadata=<base64 encoded json>
   Then a new /InventoryExt verb that returns JSON like:

[
    { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded json>" },
    { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded json>" }
]

3) Also add a new option to /get/  named "longpoll" which means the machine is automatically deallocated when the requester's TCP connection closes.  This would help ensure that e.g. cancelling the job or a Jenkins restart etc. automatically deallocated the machine


From herlo at redhat.com  Wed May 18 17:04:18 2016
From: herlo at redhat.com (Clint Savage)
Date: Wed, 18 May 2016 11:04:18 -0600
Subject: [Ci-users] duffy requests
In-Reply-To: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
Message-ID: <CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>

I like this concept. I wonder if the base64 encoding is really necessary.

Here's what our internal tool reads. I would love to see something that
could work in both environments with very little adjustment.

This example uses openstack, thus the 'user-data-files' is unnecessary, and
the main resources might look different also.

{
    "resources": [
        {
            "name": "openshift-node1",
            "count": "1",
            "flavor": "m1.medium",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'primary', 'zone':
'east'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["nodes", "OSEv3"]
            }
        },
        {
            "name": "openshift-node2",
            "count": "1",
            "flavor": "m1.medium",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'primary', 'zone':
'west'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["nodes", "OSEv3", "repo_host"]
            }
        },
        {
            "name": "openshift-master",
            "count": "1",
            "flavor": "m1.large",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'infra', 'zone':
'default'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["masters", "nodes", "OSEv3"]
            }
        }
   ]
}

Cheers,

herlo

On Wed, May 18, 2016 at 10:40 AM, Colin Walters <walters at verbum.org> wrote:

> 1) Public source code
> 2) Arbitrary metadata (could be JSON or just a blob) like
> /Node/get/?key=blah&metadata=<base64 encoded json>
>    Then a new /InventoryExt verb that returns JSON like:
>
> [
>     { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded
> json>" },
>     { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded
> json>" }
> ]
>
> 3) Also add a new option to /get/  named "longpoll" which means the
> machine is automatically deallocated when the requester's TCP connection
> closes.  This would help ensure that e.g. cancelling the job or a Jenkins
> restart etc. automatically deallocated the machine
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/2e5906ab/attachment-0003.html>

From ari at redhat.com  Wed May 18 17:11:09 2016
From: ari at redhat.com (Ari LiVigni)
Date: Wed, 18 May 2016 13:11:09 -0400
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
Message-ID: <CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>

It would be great if this could be generated as dynamic ansible inventory.
We do this with the output of the node creation.  This way it becomes very
easy to use ansible to do any follow on tasks once you have the resources.

On Wed, May 18, 2016 at 1:04 PM, Clint Savage <herlo at redhat.com> wrote:

> I like this concept. I wonder if the base64 encoding is really necessary.
>
> Here's what our internal tool reads. I would love to see something that
> could work in both environments with very little adjustment.
>
> This example uses openstack, thus the 'user-data-files' is unnecessary,
> and the main resources might look different also.
>
> {
>     "resources": [
>         {
>             "name": "openshift-node1",
>             "count": "1",
>             "flavor": "m1.medium",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'primary', 'zone':
> 'east'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["nodes", "OSEv3"]
>             }
>         },
>         {
>             "name": "openshift-node2",
>             "count": "1",
>             "flavor": "m1.medium",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'primary', 'zone':
> 'west'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["nodes", "OSEv3", "repo_host"]
>             }
>         },
>         {
>             "name": "openshift-master",
>             "count": "1",
>             "flavor": "m1.large",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'infra', 'zone':
> 'default'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["masters", "nodes", "OSEv3"]
>             }
>         }
>    ]
> }
>
> Cheers,
>
> herlo
>
> On Wed, May 18, 2016 at 10:40 AM, Colin Walters <walters at verbum.org>
> wrote:
>
>> 1) Public source code
>> 2) Arbitrary metadata (could be JSON or just a blob) like
>> /Node/get/?key=blah&metadata=<base64 encoded json>
>>    Then a new /InventoryExt verb that returns JSON like:
>>
>> [
>>     { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded
>> json>" },
>>     { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded
>> json>" }
>> ]
>>
>> 3) Also add a new option to /get/  named "longpoll" which means the
>> machine is automatically deallocated when the requester's TCP connection
>> closes.  This would help ensure that e.g. cancelling the job or a Jenkins
>> restart etc. automatically deallocated the machine
>> _______________________________________________
>> Ci-users mailing list
>> Ci-users at centos.org
>> https://lists.centos.org/mailman/listinfo/ci-users
>>
>
>
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
>


-- 
-== @ri ==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/c1de0f04/attachment-0003.html>

From herlo at redhat.com  Wed May 18 17:15:10 2016
From: herlo at redhat.com (Clint Savage)
Date: Wed, 18 May 2016 11:15:10 -0600
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
Message-ID: <CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>

On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com> wrote:

> It would be great if this could be generated as dynamic ansible
> inventory.  We do this with the output of the node creation.  This way it
> becomes very easy to use ansible to do any follow on tasks once you have
> the resources.
>
>
+1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/0e0d45cc/attachment-0003.html>

From kbsingh at centos.org  Wed May 18 17:22:13 2016
From: kbsingh at centos.org (Karanbir Singh)
Date: Wed, 18 May 2016 18:22:13 +0100
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
	<CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
Message-ID: <fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/05/16 18:15, Clint Savage wrote:
> 
> 
> On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com 
> <mailto:ari at redhat.com>> wrote:
> 
> It would be great if this could be generated as dynamic ansible 
> inventory.  We do this with the output of the node creation.  This 
> way it becomes very easy to use ansible to do any follow on tasks 
> once you have the resources.
> 
> 
> +1

what might that actually look like ?


- -- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXPKTFAAoJEI3Oi2Mx7xbt7DIH/iQ2dc/OaW60cH21dEnt6WuL
aqB6rnoBLjws3v0AbYKFzoFjYtA3xd/UNTERa4CjIPWkcdkz/QlUAxRVuuuvC3A1
h29WFnSWhxnEIbRQROAI8dv+qkBum5KjN85ZyVN66mllXPPlLLC1A7w0x+29V8Zo
Keq7+UPPbIQItzyUrJjzRVXIhy456GtUoco+BvmUkESG7eBRyGePjyHH8iFzdArY
jAkNrakPr/CSmXunoYThRDx6I0mAiGnNqXTPoBH2T6bRWWFFfbQdJc0App9uqNa6
gxHGEPLQ7Bt+gCyqgQ8ViGH3U8Rury0kXT83pVYJl7Y4wyowiQEy7Ld/8zRt2oA=
=4ADD
-----END PGP SIGNATURE-----


From ari at redhat.com  Wed May 18 17:47:02 2016
From: ari at redhat.com (Ari LiVigni)
Date: Wed, 18 May 2016 13:47:02 -0400
Subject: [Ci-users] duffy requests
In-Reply-To: <fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
	<CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
	<fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>
Message-ID: <CAMqnh2O2RrfwxD1MMKRmyYqNQ+QDiKKJ3e9njR6OPSEQOqPoow@mail.gmail.com>

*The input is the file that Clint provided which is called a topology file:*
https://paste.fedoraproject.org/368077/35929591/

*Our tools generates output:*
resources.json
https://paste.fedoraproject.org/368075/46359285/

*Then we use this script to use as an inventory file to ansible:*
https://paste.fedoraproject.org/368080/46359306/

*We run the this command to get the inventory:*
python ci-factory/utils/central_ci_dynamic_hosts.py | python -m json.tool

*Inventory looks like:*
https://paste.fedoraproject.org/368081/63593258/

Then you can run:
ansible-playbook -i ci-factory/utils/central_ci_dynamic_hosts.py
--private-key <ssh-key> <playbook-you-want-to-run>

Sounds like from Brian's demo that this could be done after you get the
resources as well by the user, but it may be nice to have this as an
infrastructure toolset.

On Wed, May 18, 2016 at 1:22 PM, Karanbir Singh <kbsingh at centos.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 18/05/16 18:15, Clint Savage wrote:
> >
> >
> > On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com
> > <mailto:ari at redhat.com>> wrote:
> >
> > It would be great if this could be generated as dynamic ansible
> > inventory.  We do this with the output of the node creation.  This
> > way it becomes very easy to use ansible to do any follow on tasks
> > once you have the resources.
> >
> >
> > +1
>
> what might that actually look like ?
>
>
> - --
> Karanbir Singh, Project Lead, The CentOS Project
> +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
> GnuPG Key : http://www.karan.org/publickey.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQEcBAEBAgAGBQJXPKTFAAoJEI3Oi2Mx7xbt7DIH/iQ2dc/OaW60cH21dEnt6WuL
> aqB6rnoBLjws3v0AbYKFzoFjYtA3xd/UNTERa4CjIPWkcdkz/QlUAxRVuuuvC3A1
> h29WFnSWhxnEIbRQROAI8dv+qkBum5KjN85ZyVN66mllXPPlLLC1A7w0x+29V8Zo
> Keq7+UPPbIQItzyUrJjzRVXIhy456GtUoco+BvmUkESG7eBRyGePjyHH8iFzdArY
> jAkNrakPr/CSmXunoYThRDx6I0mAiGnNqXTPoBH2T6bRWWFFfbQdJc0App9uqNa6
> gxHGEPLQ7Bt+gCyqgQ8ViGH3U8Rury0kXT83pVYJl7Y4wyowiQEy7Ld/8zRt2oA=
> =4ADD
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>



-- 
-== @ri ==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/feed6e5d/attachment-0003.html>

From walters at verbum.org  Wed May 18 21:05:47 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 17:05:47 -0400
Subject: [Ci-users] centos-ci-skeleton v2016.1
Message-ID: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>

Hi,

https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

is a repo I put together today that's factoring out some recent work
I did on a new duffy wrapper script:

https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

Combined with JJB templates:

https://github.com/cgwalters/centos-ci-skeleton/blob/master/jjb-tmpl/cciskel-duffy.yml

My high level goal is to try to establish a bit more of a shared
baseline codebase.  It seems for example that most CentOS CI users
are using Jenkins Job Builder.  (If you're not, you should really consider it).

If you look at my demo job:

https://github.com/cgwalters/centos-ci-skeleton/tree/master/jjb-demo

It shows how to pair together things so that you get a reusable node
that's provisioned via an Ansible playbook.



From walters at verbum.org  Thu May 19 00:08:21 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 20:08:21 -0400
Subject: [Ci-users] centos-ci-skeleton v2016.1
In-Reply-To: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
References: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
Message-ID: <1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>



On Wed, May 18, 2016, at 05:05 PM, Colin Walters wrote:
> Hi,
> 
> https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
> 
> is a repo I put together today that's factoring out some recent work
> I did on a new duffy wrapper script:
> 
> https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

This second link should have been 
https://github.com/cgwalters/centos-ci-skeleton/blob/master/cciskel-duffy


From ndevos at redhat.com  Thu May 19 10:17:20 2016
From: ndevos at redhat.com (Niels de Vos)
Date: Thu, 19 May 2016 12:17:20 +0200
Subject: [Ci-users] Request for virtual IP-addresses in the CI for fail-over
	testing
Message-ID: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>

An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/c2c0831e/attachment-0003.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/c2c0831e/attachment-0003.sig>

From arrfab at centos.org  Thu May 19 11:56:46 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Thu, 19 May 2016 13:56:46 +0200
Subject: [Ci-users] Request for virtual IP-addresses in the CI for
 fail-over testing
In-Reply-To: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>
References: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>
Message-ID: <573DA9FE.7000606@centos.org>

On 19/05/16 12:17, Niels de Vos wrote:
> Hi,
> 
> there is an integration in place with Gluster, NFS-Ganesha and
> Pacemaker. This combination makes it possible to have an active-active
> high-available NFS-server backed by Gluster volumes.
> 
> We'd like to add automated testing for functional fail-over in the CI.
> This requires the use of virtual-IPs that get assigned to the different
> NFS-Ganesha servers, which will migrate to other servers upon failure.
> 
> On https://wiki.centos.org/QaWiki/PubHardware is a mentioning of
> "reserved IP addresses" where the Gluster project in the CI would like
> to get listed too. What is the process to request a few IPs, and what
> are the restrictions we need to be aware of (and how to put them in the
> Jenkins job)?
> 
> Thanks,
> Niels

Hi Niels,

There are probably multiple ways to solve that. For example you have
multiple interfaces (and eth0 -> eth3 are now in the same vlan, but only
eth0 is configured )
So you can for example use another subnet not conflicting with the
172.19.0.0/22 (nor 172.19.4.0/22 also alocated for remote VMs), but I
don't know how you'll test the virtual ip : I guess from another
provisioned node (like a nfs client).
I've reserved the following range for Gluster : 172.19.2.21 ->
172.19.1.30 (and documented it on the wiki page)

Does that work for you ?

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/6d0b3bb3/attachment-0003.sig>

From herlo at redhat.com  Thu May 19 15:23:26 2016
From: herlo at redhat.com (Clint Savage)
Date: Thu, 19 May 2016 09:23:26 -0600
Subject: [Ci-users] centos-ci-skeleton v2016.1
In-Reply-To: <1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>
References: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
	<1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>
Message-ID: <CAMwYf-6BtSxVjHWsG_rJ3Cae7Zh-L5bejVQ7J24kzVCwicMVJA@mail.gmail.com>

Colin,

+1 on this. I've just created
https://github.com/CentOS-PaaS-SIG/centos-paas-ci and will be contributing
there PaaS CI things. I intend to use the cciskel-duffy script, and hope to
model things similarly.

One thought I have been having about the metadata bits we discussed
yesterday in the meeting. What if we didn't have duffy do the metadata, but
rather consumed the session values, nodes, etc. from duffy, then allowed
the cciskel-duffy to pull in a json file that helped define metadata. I can
see that you are doing a small inventory bit in the code, it looks mostly
around ansible groups.

Consider the following use case/story. I've requested three nodes from
duffy, for an openshift cluster. One will be the master, the other two will
be nodes. Putting a custom built RPM repository on one node (not the
master), and then installing using the atomic-openshift-installer. a
installer.cfg.yml file will need to be created which details these items.
Having this in a dynamically-generated inventory from your cciskel-duffy
tool seems like a great location, at least until duffy can do this itself.

Thoughts?

herlo

On Wed, May 18, 2016 at 6:08 PM, Colin Walters <walters at verbum.org> wrote:

>
>
> On Wed, May 18, 2016, at 05:05 PM, Colin Walters wrote:
> > Hi,
> >
> > https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
> >
> > is a repo I put together today that's factoring out some recent work
> > I did on a new duffy wrapper script:
> >
> > https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
>
> This second link should have been
> https://github.com/cgwalters/centos-ci-skeleton/blob/master/cciskel-duffy
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/31d73582/attachment-0003.html>

From arrfab at centos.org  Fri May 20 08:27:37 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Fri, 20 May 2016 10:27:37 +0200
Subject: [Ci-users] Important infra outage notification - dates to be
	discussed
Message-ID: <573ECA79.70207@centos.org>

Due to some reorganization at the DC/Cage level, we'll have to
shutdown/move/reconfigure a big part of our hosted infra for the
following services :
- cbs.centos.org (Koji)
- accounts.centos.org (auth backend)
- ci.centos.org (jenkins-driven CI environment)

We're working on a plan to minimize the downtime/reconfiguration part,
but at first sight, due to the hardware move of the racks/recabling
parts/etc, the announced downtime will be probably ~48h.

What does that mean ? That during this window, nobody will be able to
build/tests packages, nor be able to triggers automatically CI jobs
(important).
As said, we're working on an agenda with the team operating the DC, but
we'd like you (cbs and ci users) to give us feedback on the best (or
worst ?) time line for such migration.

For example if you know that your $project will have a release soon, and
already have an agenda for such release (and so build/ci) and that you
rely on that infra, we'd like you to communicate those informations to
us, so that we can try to find the best possible time slot for the
migration, minimizing the impact on the whole CentOS ecosystem (and so
for all our users)

Feel free to answer in this thread, or find us in #centos-devel on freenode.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160520/7eb2d2aa/attachment-0003.sig>

From walters at verbum.org  Sat May 21 13:31:48 2016
From: walters at verbum.org (Colin Walters)
Date: Sat, 21 May 2016 09:31:48 -0400
Subject: [Ci-users] Jenkins SafeRestart to add extra CSRF Protection
 19-Apr-2016 14h30 UTC (09h30 EDT)
In-Reply-To: <20160419135426.GC4349@ender.bstinson.lan>
References: <20160419135426.GC4349@ender.bstinson.lan>
Message-ID: <1463837508.618503.614550297.2097E00D@webmail.messagingengine.com>

On Tue, Apr 19, 2016, at 09:54 AM, Brian Stinson wrote:
> Hi Folks,
> 
> In response to news of directed attacks against public Jenkins
> instances[0], we are enabling some of the CSRF protections in ci.centos.org

It looks like this also caused:

https://github.com/janinko/ghprb/issues/84

However I'm a bit confused - it seems like a lot more
people should be hitting this.  Perhaps people just aren't
turning on CSRF?

Then I also found
https://github.com/jenkinsci/ghprb-plugin/commit/cb8447f991aebe3de688d3548c451dd128e16900
which:
$ git describe --contains cb8447f991aebe3de688d3548c451dd128e16900
ghprb-1.28~3^2

So it *should* be in the 1.30.4 we're running according to
https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]

Did anyone else manage to get the ghprb hooks working?

(Aside, I was trying to work around this by using the raw `github` plugin's webhook
 which does work, but I couldn't quite figure out how to make a single job that builds
 multiple PRs be "stable", i.e. avoid retriggering for previously built PRs, plus in the
 end we do need a way to retrigger as ghprb handles)


From bstinson at redhat.com  Mon May 23 19:58:28 2016
From: bstinson at redhat.com (Brian Stinson)
Date: Mon, 23 May 2016 14:58:28 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
Message-ID: <20160523195828.GC26882@ender.bstinson.lan>

Hi Folks,

We will be having a maintenance window starting at 1AM UTC on Friday,
May 27th to do the following work:

- Upgrade to the latest Jenkins LTS 
- Upgrade all plugins (including the Github Plugin) to their latest
  versions
- Install the Pipeline Plugin (bug: 10825)
- Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
- Reboot the storage node 

The following services will be affected:
- ci.centos.org: Jenkins Frontend
- artifacts.ci.centos.org: File availability

As usual we will have a quiet period starting 1 hour before in order to
let pending jobs clear out.

If there are any questions please let us know.

Cheers!

--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160523/abfd0ba2/attachment-0003.sig>

From hhorak at redhat.com  Mon May 23 20:12:59 2016
From: hhorak at redhat.com (Honza Horak)
Date: Mon, 23 May 2016 22:12:59 +0200
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <573B6092.8060704@redhat.com>
References: <573B4B00.4060408@redhat.com>
	<20160517165214.GT4349@ender.bstinson.lan>
	<573B6092.8060704@redhat.com>
Message-ID: <5743644B.80001@redhat.com>

Thinking about it a bit, I think it might be caused by the fact that 
"GitHub API credentials" only allows to set "Anonymous connection". 
Shouldn't it be configured so that it can use centos-ci user?

honza

On 05/17/2016 08:18 PM, Honza Horak wrote:
> On 05/17/2016 06:52 PM, Brian Stinson wrote:
>> On May 17 18:46, Honza Horak wrote:
>>> I'm fighting with github+jenkins integration; specifically I'd like
>>> to make
>>> jenkins to run a job [1] for every commit in PR [2] or after writing
>>> message
>>> '[test]' in this PR. Then I expect the test result to be set in
>>> github PR.
>>>
>>> One issue I see is that when trying to follow [3] and adding
>>> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent
>>> Deliveries'
>>> section.
>>>
>>> Well, when adding [test] comment, the job is run, but the output is
>>> not sent
>>> into github.
>>>
>>> I'd appreciate any help here, since I'm quite new to jenkins..
>>>
>>> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
>>> [2] https://github.com/sclorg/mariadb-container/pull/1
>>> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
>>>
>>> Honza
>>> _______________________________________________
>>> Ci-users mailing list
>>> Ci-users at centos.org
>>> https://lists.centos.org/mailman/listinfo/ci-users
>>
>> Be sure you have the trailing slash in the webhook url:
>>
>> https://ci.centos.org/ghbrphook/
>>
>> I'll update [3] to make sure that's more clear.
>
> I'm afraid it still doesn't work, this is my output in 'Recent Deliveries':
>
> Headers
>
> Cache-Control: must-revalidate,no-cache,no-store
> Connection: keep-alive
> Content-Length: 1441
> Content-Type: text/html;charset=ISO-8859-1
> Date: Tue, 17 May 2016 18:18:07 GMT
> Server: nginx/1.0.15
> X-Content-Type-Options: nosniff
>
> Body
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
> <title>Error 403 No valid crumb was included in the request</title>
> </head>
> <body><h2>HTTP ERROR 403</h2>
> <p>Problem accessing /ghbrphook/. Reason:
> <pre>    No valid crumb was included in the request</pre></p><hr
> /><i><small>Powered by Jetty://</small></i><br/>
> <br/>
>
> Honza
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users


From dominic at cleal.org  Tue May 24 07:15:42 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Tue, 24 May 2016 08:15:42 +0100
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160523195828.GC26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
Message-ID: <5743FF9E.9010207@cleal.org>

On 23/05/16 20:58, Brian Stinson wrote:
> Hi Folks,
> 
> We will be having a maintenance window starting at 1AM UTC on Friday,
> May 27th to do the following work:
> 
> - Upgrade to the latest Jenkins LTS 

Just a heads up, the latest Jenkins LTS (1.651.2) broke a few plugins in
its default configuration which filters out unknown job parameters.
Notably it broke the matrix project plugin which will probably affect a
few users - I had to disable the new security feature on the Foreman
Jenkins server.

https://issues.jenkins-ci.org/browse/JENKINS-34758 and
https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170
have more details about the plugins affected.

-- 
Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160524/22505e56/attachment-0003.sig>

From brian at bstinson.com  Thu May 26 17:14:30 2016
From: brian at bstinson.com (Brian Stinson)
Date: Thu, 26 May 2016 12:14:30 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160523195828.GC26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
Message-ID: <20160526171430.GG26882@ender.bstinson.lan>

On May 23 14:58, Brian Stinson wrote:
> Hi Folks,
> 
> We will be having a maintenance window starting at 1AM UTC on Friday,
> May 27th to do the following work:
> 
> - Upgrade to the latest Jenkins LTS 
> - Upgrade all plugins (including the Github Plugin) to their latest
>   versions
> - Install the Pipeline Plugin (bug: 10825)
> - Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
> - Reboot the storage node 
> 
> The following services will be affected:
> - ci.centos.org: Jenkins Frontend
> - artifacts.ci.centos.org: File availability
> 
> As usual we will have a quiet period starting 1 hour before in order to
> let pending jobs clear out.
> 
> If there are any questions please let us know.
> 
> Cheers!
> 
> --
> Brian Stinson
> CentOS CI Infrastructure Team

Hi All,

Just a reminder that this maintenance window will take place tonight!

Cheers!

--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160526/fbb61b81/attachment-0003.sig>

From brian at bstinson.com  Fri May 27 01:41:20 2016
From: brian at bstinson.com (Brian Stinson)
Date: Thu, 26 May 2016 20:41:20 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160526171430.GG26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
Message-ID: <20160527014120.GH26882@ender.bstinson.lan>

On May 26 12:14, Brian Stinson wrote:
> On May 23 14:58, Brian Stinson wrote:
> > Hi Folks,
> > 
> > We will be having a maintenance window starting at 1AM UTC on Friday,
> > May 27th to do the following work:
> > 
> > - Upgrade to the latest Jenkins LTS 
> > - Upgrade all plugins (including the Github Plugin) to their latest
> >   versions
> > - Install the Pipeline Plugin (bug: 10825)
> > - Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
> > - Reboot the storage node 
> > 
> > The following services will be affected:
> > - ci.centos.org: Jenkins Frontend
> > - artifacts.ci.centos.org: File availability
> > 
> > As usual we will have a quiet period starting 1 hour before in order to
> > let pending jobs clear out.
> > 
> > If there are any questions please let us know.
> > 
> > Cheers!
> > 
> > --
> > Brian Stinson
> > CentOS CI Infrastructure Team
> 
> Hi All,
> 
> Just a reminder that this maintenance window will take place tonight!
> 
> Cheers!
> 
> --
> Brian Stinson
> CentOS CI Infrastructure Team

Ok Folks,

We should be back up and accepting new jobs. 

Please let us know if there is any trouble

Cheers!
--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160526/9d08afb3/attachment-0003.sig>

From walters at verbum.org  Fri May 27 15:44:38 2016
From: walters at verbum.org (Colin Walters)
Date: Fri, 27 May 2016 11:44:38 -0400
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160527014120.GH26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
Message-ID: <1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>

On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:

> Please let us know if there is any trouble

jenkins-job-builder now fails with:

```
$ /usr/bin/make update
jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
Traceback (most recent call last):
  File "/usr/bin/jenkins-jobs", line 10, in <module>
    sys.exit(main())
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
    execute(options, config)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
    options.names)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
    self.load_files(input_fn)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
    self.parser = YamlParser(self.global_config, self.plugins_list)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
    self._plugins_list = self.jenkins.get_plugins_info()
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
    raise e
jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
```

It seems it's trying to do the equivalent of:

https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]

For which I now get:

Access Denied

atomic-sig is missing the Overall/Administer permission

Even though both I and JJB aren't trying to administer anything, just retrieve
the list of plugins.


From dshah at redhat.com  Fri May 27 16:50:28 2016
From: dshah at redhat.com (Dharmit Shah)
Date: Fri, 27 May 2016 22:20:28 +0530
Subject: [Ci-users] Networking query (Vagrant + Duffy + Jenkins)
Message-ID: <95e7dce6-b26e-897a-c3c9-c702226fa708@redhat.com>

Hi all,

I'm trying to get access to OpenShift service running inside the Vagrant 
box on one of the systems provided by Duffy. I'm attempting to access it 
from Jenkins slave.

I tried to forward the port 8443 inside the Vagrant box to port 8443 on 
Duffy provided system. And then when I try to access it from Jenkins 
slave, it fails with error:

$ ./oc login <duffy-provided-slave>
Unable to connect to the server: dial tcp <ip-address>:8443: getsockopt: 
no route to host

A rough mapping of the systems involved should look like this:

Jenkins Slave --> Duffy provisioned host (CentOS 7) --> Vagrant box 
running OpenShift (CentOS 7)			

I want to check with the group if someone's ever tried something like 
this and succeeded. Would love to hear some ideas that we should be trying.

Regards,
Dharmit.


From brian at bstinson.com  Fri May 27 17:01:36 2016
From: brian at bstinson.com (Brian Stinson)
Date: Fri, 27 May 2016 12:01:36 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
	<1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
Message-ID: <20160527170136.GI26882@ender.bstinson.lan>

On May 27 11:44, Colin Walters wrote:
> On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:
> 
> > Please let us know if there is any trouble
> 
> jenkins-job-builder now fails with:
> 
> ```
> $ /usr/bin/make update
> jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
> INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
> Traceback (most recent call last):
>   File "/usr/bin/jenkins-jobs", line 10, in <module>
>     sys.exit(main())
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
>     execute(options, config)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
>     options.names)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
>     self.load_files(input_fn)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
>     self.parser = YamlParser(self.global_config, self.plugins_list)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
>     self._plugins_list = self.jenkins.get_plugins_info()
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
>     raise e
> jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
> ```
> 
> It seems it's trying to do the equivalent of:
> 
> https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]
> 
> For which I now get:
> 
> Access Denied
> 
> atomic-sig is missing the Overall/Administer permission
> 
> Even though both I and JJB aren't trying to administer anything, just retrieve
> the list of plugins.

This is due to a fix for SECURITY-250:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

We had a hotfix to re-enable plugin lists but it looks like I missed one
of the permission checks. I'll investigate, re-patch and report back
here.

Cheers!
-- Brian


From walters at verbum.org  Tue May 31 17:00:44 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 31 May 2016 13:00:44 -0400
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160527170136.GI26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
	<1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
	<20160527170136.GI26882@ender.bstinson.lan>
Message-ID: <1464714044.3726246.623829185.2C5FEA22@webmail.messagingengine.com>



On Fri, May 27, 2016, at 01:01 PM, Brian Stinson wrote:

> We had a hotfix to re-enable plugin lists but it looks like I missed one
> of the permission checks. I'll investigate, re-patch and report back
> here.

Anything we can do to help with this?  At the moment this is
a blocker for continuing to use CentOS CI, and while no time
is opportune for CI to break, I've been in the middle of increasing
investment in it and trying to bring others on board.




From walters at verbum.org  Tue May 10 13:35:07 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:35:07 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
Message-ID: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>

```
[atomic-sig at slave01 ~]$ host cbs.centos.org
cbs.centos.org has address 172.20.1.15
[atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
^C
```

Just times out - I'm guessing there's some intermediate firewall, or
perhaps IP conflict on the 172.19 subnet?

Using the external IP works:

```
[atomic-sig at slave01 ~]$ host cbs.centos.org 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

cbs.centos.org has address 66.187.224.194
[atomic-sig at slave01 ~]$ curl http://66.187.224.194/repos/virt7-docker-common-candidate/x86_64/os/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
```


From walters at verbum.org  Tue May 10 13:38:50 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:38:50 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
Message-ID: <1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>



On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
> ```
> [atomic-sig at slave01 ~]$ host cbs.centos.org
> cbs.centos.org has address 172.20.1.15
> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
> ^C
> ```
> 
> Just times out 

Argh!  It turns out it's https:// vs http://.  I broke it with:
https://github.com/CentOS/sig-atomic-buildscripts/pull/68

I can work around this for now by sed'ing the repo to use
http just inside the CI infra.


From arrfab at centos.org  Tue May 10 13:47:03 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Tue, 10 May 2016 15:47:03 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
Message-ID: <5731E657.80607@centos.org>

On 10/05/16 15:38, Colin Walters wrote:
> 
> 
> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>> ```
>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>> cbs.centos.org has address 172.20.1.15
>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>> ^C
>> ```
>>
>> Just times out 
> 
> Argh!  It turns out it's https:// vs http://.  I broke it with:
> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
> 
> I can work around this for now by sed'ing the repo to use
> http just inside the CI infra.

CI environment is located in the same DC as cbs, but in a different
subnet/vlan and with ip/port filtering at the gw level. Initially we
only opened http from ci to cbs, but I now added https too.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160510/9225757b/attachment-0004.sig>

From walters at verbum.org  Tue May 10 13:53:58 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:53:58 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <5731E657.80607@centos.org>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
	<5731E657.80607@centos.org>
Message-ID: <1462888438.289727.603523505.3EB1F994@webmail.messagingengine.com>

On Tue, May 10, 2016, at 09:47 AM, Fabian Arrotin wrote:

> CI environment is located in the same DC as cbs, but in a different
> subnet/vlan and with ip/port filtering at the gw level. Initially we
> only opened http from ci to cbs, but I now added https too.

Thanks for the quick response, [confirmed] the fix works.

FWIW it's quite important to use https:// for CBS because the RPMs
are unsigned.  (And even if they were signed one would want to use
https:// anyways due to https://isis.poly.edu/%7Ejcappos/papers/cappos_mirror_ccs_08.pdf )



From jbrooks at redhat.com  Tue May 10 18:37:28 2016
From: jbrooks at redhat.com (Jason Brooks)
Date: Tue, 10 May 2016 11:37:28 -0700
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <5731E657.80607@centos.org>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
	<5731E657.80607@centos.org>
Message-ID: <CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>

On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
> On 10/05/16 15:38, Colin Walters wrote:
>>
>>
>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>> ```
>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>> cbs.centos.org has address 172.20.1.15
>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>> ^C
>>> ```
>>>
>>> Just times out
>>
>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>
>> I can work around this for now by sed'ing the repo to use
>> http just inside the CI infra.
>
> CI environment is located in the same DC as cbs, but in a different
> subnet/vlan and with ip/port filtering at the gw level. Initially we
> only opened http from ci to cbs, but I now added https too.

I'm getting a similar-looking issue w/ https from the ci artifacts location:

https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/

I'm trying to pull pkgs built in the ci and stored there in another ci job...

Jason

>
> --
> Fabian Arrotin
> The CentOS Project | http://www.centos.org
> gpg key: 56BEC54E | twitter: @arrfab
>
>
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>


From arrfab at centos.org  Tue May 10 18:43:41 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Tue, 10 May 2016 20:43:41 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
Message-ID: <57322BDD.80602@centos.org>

On 10/05/16 20:37, Jason Brooks wrote:
> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>> On 10/05/16 15:38, Colin Walters wrote:
>>>
>>>
>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>> ```
>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>> cbs.centos.org has address 172.20.1.15
>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>> ^C
>>>> ```
>>>>
>>>> Just times out
>>>
>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>
>>> I can work around this for now by sed'ing the repo to use
>>> http just inside the CI infra.
>>
>> CI environment is located in the same DC as cbs, but in a different
>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>> only opened http from ci to cbs, but I now added https too.
> 
> I'm getting a similar-looking issue w/ https from the ci artifacts location:
> 
> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
> 
> I'm trying to pull pkgs built in the ci and stored there in another ci job...
> 
> Jason
> 

Different issue as artifact node is internal and that has been discussed
some time ago :
https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
(and people confirmed that the solution worked for them)
And the wiki/doc was also adapted to only show one url that works both
internally and externally :
https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
http://artifacts.ci.centos.org/


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160510/324b4648/attachment-0004.sig>

From walters at verbum.org  Tue May 10 18:53:46 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 14:53:46 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <57322BDD.80602@centos.org>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
Message-ID: <1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>

On Tue, May 10, 2016, at 02:43 PM, Fabian Arrotin wrote:
>
> http://artifacts.ci.centos.org/

That URL is currently only accessible via insecure HTTP (presented
cert's CN is just ci.centos.org), so I don't think it's a good idea to point
users or systems at it.


From jbrooks at redhat.com  Tue May 10 19:06:38 2016
From: jbrooks at redhat.com (Jason Brooks)
Date: Tue, 10 May 2016 12:06:38 -0700
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
	<1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>
Message-ID: <CAF=rfpBQ-YCxs98Vq6BwjQ-hjZnGS9261k5f3b0TyGwFb-B5iQ@mail.gmail.com>

On Tue, May 10, 2016 at 11:53 AM, Colin Walters <walters at verbum.org> wrote:
> On Tue, May 10, 2016, at 02:43 PM, Fabian Arrotin wrote:
>>
>> http://artifacts.ci.centos.org/
>
> That URL is currently only accessible via insecure HTTP (presented
> cert's CN is just ci.centos.org), so I don't think it's a good idea to point
> users or systems at it.

OK, for now I'm going to work around this in the ci job definition w/ some sed.

> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users


From mail-lists at karan.org  Wed May 11 13:12:19 2016
From: mail-lists at karan.org (Karanbir Singh)
Date: Wed, 11 May 2016 14:12:19 +0100
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <57322BDD.80602@centos.org>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
Message-ID: <8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>

On 10/05/16 19:43, Fabian Arrotin wrote:
> On 10/05/16 20:37, Jason Brooks wrote:
>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>
>>>>
>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>> ```
>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>> cbs.centos.org has address 172.20.1.15
>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>> ^C
>>>>> ```
>>>>>
>>>>> Just times out
>>>>
>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>
>>>> I can work around this for now by sed'ing the repo to use
>>>> http just inside the CI infra.
>>>
>>> CI environment is located in the same DC as cbs, but in a different
>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>> only opened http from ci to cbs, but I now added https too.
>>
>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>
>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>
>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>
>> Jason
>>
> 
> Different issue as artifact node is internal and that has been discussed
> some time ago :
> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
> (and people confirmed that the solution worked for them)
> And the wiki/doc was also adapted to only show one url that works both
> internally and externally :
> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
> http://artifacts.ci.centos.org/
> 

options on how the https:// might work on the CDN for buildlogs ?


-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc


From arrfab at centos.org  Wed May 11 13:34:48 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Wed, 11 May 2016 15:34:48 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>
References: <57322BDD.80602@centos.org>
	<8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>
Message-ID: <573334F8.2060808@centos.org>

On 11/05/16 15:12, Karanbir Singh wrote:
> On 10/05/16 19:43, Fabian Arrotin wrote:
>> On 10/05/16 20:37, Jason Brooks wrote:
>>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>>
>>>>>
>>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>>> ```
>>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>>> cbs.centos.org has address 172.20.1.15
>>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>>> ^C
>>>>>> ```
>>>>>>
>>>>>> Just times out
>>>>>
>>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>>
>>>>> I can work around this for now by sed'ing the repo to use
>>>>> http just inside the CI infra.
>>>>
>>>> CI environment is located in the same DC as cbs, but in a different
>>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>>> only opened http from ci to cbs, but I now added https too.
>>>
>>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>>
>>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>>
>>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>>
>>> Jason
>>>
>>
>> Different issue as artifact node is internal and that has been discussed
>> some time ago :
>> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
>> (and people confirmed that the solution worked for them)
>> And the wiki/doc was also adapted to only show one url that works both
>> internally and externally :
>> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
>> http://artifacts.ci.centos.org/
>>
> 
> options on how the https:// might work on the CDN for buildlogs ?
> 
> 

Well, buildlogs is external but also internal copy (yeah ....) but we'd
be able to setup proper https support for that, but the automatic
http->https redirection is what needs to be tested and how yum follows
the redirection for the repomd.xml file (if that works)
Something added on the TODO list, but not priority #1 this week though

OTOH, it's true that it was also discussed that people needing a lot of
artifacts file should ask those to be published on the CDN, and not
retrieved from CI network at all (but can be problematic if people want
the same test to work inside and outside too)

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160511/f25ea924/attachment-0004.sig>

From walters at verbum.org  Fri May 13 20:18:37 2016
From: walters at verbum.org (Colin Walters)
Date: Fri, 13 May 2016 16:18:37 -0400
Subject: [Ci-users] Request for
	https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
Message-ID: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>

It's a handy way to implement cleanup actions, such as de-provisioning a duffy machine regardless of whether or not a job succeeds.


From dms at redhat.com  Fri May 13 22:20:43 2016
From: dms at redhat.com (David Moreau Simard)
Date: Fri, 13 May 2016 18:20:43 -0400
Subject: [Ci-users] Request for
	https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
In-Reply-To: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
References: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
Message-ID: <CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>

I'm already using this for several jobs, exactly for the use case of
cleaning up nodes and collecting nodes.

Is it not working for you ?
Is post-tasks the same thing ?

This is what it looks like in a Jenkins Job Builder template:
https://github.com/rdo-infra/ci-config/blob/master/jenkins/jobs/weirdo-defaults.yml#L34

David Moreau Simard
Senior Software Engineer | Openstack RDO

dmsimard = [irc, github, twitter]
It's a handy way to implement cleanup actions, such as de-provisioning a
duffy machine regardless of whether or not a job succeeds.
_______________________________________________
Ci-users mailing list
Ci-users at centos.org
https://lists.centos.org/mailman/listinfo/ci-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160513/92b23692/attachment-0004.html>

From dominic at cleal.org  Mon May 16 09:46:33 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Mon, 16 May 2016 10:46:33 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <56964871.90109@karan.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org>
Message-ID: <573996F9.1070001@cleal.org>

On 13/01/16 12:52, Karanbir Singh wrote:
> We've been looking at and trying to scope up
> getting an RDO cloud in place, that could then be used for 3 things :
> 
> 1) making an openstack api available for people who want to just consume
> VM's for their workloads
> 
> 2) migrating the slaves into openstack managed ( ie, self/user managed )
> virtual machines
> 
> 3) offering up image backed resources for people looking at doing
> testing with other OSs, eg what the libvirt and libguestfs folks do at
> the moment.
> 
> We have a dedicated hardware slab ( ~ 24 phy machines worth ) dedicated
> to this task ( so as to not cut into the ci baremetal pools ), but are
> waiting on the RH facility folks to get it wired up and dial-toned.
> 
> Given the nature and impact of this setup, I am going to try and see if
> we can speed up delivery of that infra from the present timeline of end
> Feb '16.

Do you expect this service to be available soon?

-- 
Dominic Cleal
dominic at cleal.org


From kbsingh at centos.org  Mon May 16 11:26:58 2016
From: kbsingh at centos.org (Karanbir Singh)
Date: Mon, 16 May 2016 12:26:58 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <573996F9.1070001@cleal.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org> <573996F9.1070001@cleal.org>
Message-ID: <03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16/05/16 10:46, Dominic Cleal wrote:
> On 13/01/16 12:52, Karanbir Singh wrote:
>> We've been looking at and trying to scope up getting an RDO cloud
>> in place, that could then be used for 3 things :
>> 
>> 1) making an openstack api available for people who want to just
>> consume VM's for their workloads
>> 
>> 2) migrating the slaves into openstack managed ( ie, self/user
>> managed ) virtual machines
>> 
>> 3) offering up image backed resources for people looking at
>> doing testing with other OSs, eg what the libvirt and libguestfs
>> folks do at the moment.
>> 
>> We have a dedicated hardware slab ( ~ 24 phy machines worth )
>> dedicated to this task ( so as to not cut into the ci baremetal
>> pools ), but are waiting on the RH facility folks to get it wired
>> up and dial-toned.
>> 
>> Given the nature and impact of this setup, I am going to try and
>> see if we can speed up delivery of that infra from the present
>> timeline of end Feb '16.
> 
> Do you expect this service to be available soon?
> 

I've got the basic stuff in place, and we should be able to open for
wider testing in the next day or so.

regards

- -- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXOa6CAAoJEI3Oi2Mx7xbtx1QIAK2Qa6vpvr7PIeTM7uBFP54B
kFKrh4ivyYJLAboLT8NlrSjhFuKWYcBY2P+5nUXi2lzB93M41ZnZdKSBQcBxAgC7
DMjQpGbvWsHOwcaev7y2cg3QwEMVtejPJX7Tx2+aZwX0Zr3i1Zdc7ah26YRAenm7
F3MDdvfQuZeMWBBfUm0ENDXx4eEMjMt4O8Cs1DpTqtCq3ZLDbeSAvNFU+zazocfG
zTfII9/w2uajWWWOGjZWAzffzf2x2/93uPz1ZYqsk9pK6T/MNaLr+pLIYLewUHXG
piNk1ibuTl2qmrK9FoQZYbROqFKgCoQfgnXAldMekjMDhkOldVLddUbZjmh7GlQ=
=MAkC
-----END PGP SIGNATURE-----


From dominic at cleal.org  Mon May 16 13:11:50 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Mon, 16 May 2016 14:11:50 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org> <573996F9.1070001@cleal.org>
	<03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>
Message-ID: <5739C716.8020101@cleal.org>

On 16/05/16 12:26, Karanbir Singh wrote:
> On 16/05/16 10:46, Dominic Cleal wrote:
>> On 13/01/16 12:52, Karanbir Singh wrote:
>>> We've been looking at and trying to scope up getting an RDO cloud
>>> in place, that could then be used for 3 things :
>>>
>>> 1) making an openstack api available for people who want to just
>>> consume VM's for their workloads
>>>
>>> 2) migrating the slaves into openstack managed ( ie, self/user
>>> managed ) virtual machines
>>>
>>> 3) offering up image backed resources for people looking at
>>> doing testing with other OSs, eg what the libvirt and libguestfs
>>> folks do at the moment.
>>>
>>> We have a dedicated hardware slab ( ~ 24 phy machines worth )
>>> dedicated to this task ( so as to not cut into the ci baremetal
>>> pools ), but are waiting on the RH facility folks to get it wired
>>> up and dial-toned.
>>>
>>> Given the nature and impact of this setup, I am going to try and
>>> see if we can speed up delivery of that infra from the present
>>> timeline of end Feb '16.
> 
>> Do you expect this service to be available soon?
> 
> 
> I've got the basic stuff in place, and we should be able to open for
> wider testing in the next day or so.

That's great news, thanks. I'd be happy to help test.

-- 
Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160516/292b4178/attachment-0004.sig>

From walters at verbum.org  Mon May 16 15:24:48 2016
From: walters at verbum.org (Colin Walters)
Date: Mon, 16 May 2016 11:24:48 -0400
Subject: [Ci-users] Request for
 https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
In-Reply-To: <CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>
References: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
	<CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>
Message-ID: <1463412288.4049714.609249617.5D2C4243@webmail.messagingengine.com>

 
 
 
On Fri, May 13, 2016, at 06:20 PM, David Moreau Simard wrote:
> I'm already using this for several jobs, exactly for the use case of
> cleaning up nodes and collecting nodes.
> Is it not working for you ?
>  Is post-tasks the same thing ?
 
Looks like that's a different plugin, but indeed seems pretty close.? I
actually ended up using:
 
```
publishers:
- trigger-parameterized-builds:
```
 
Which is installed now, because I wanted to serialize around a single
cleanup builder for duffy.? I'lll post more about this later.
 
Thanks though for the link to your JJB - it's really useful to see what
other people are doing in this area.? What I'm working on now is in:
https://github.com/cgwalters/sig-atomic-buildscripts/tree/pr-testing/centos-ci
for those interested.
 
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160516/f9fee501/attachment-0004.html>

From hhorak at redhat.com  Tue May 17 16:46:56 2016
From: hhorak at redhat.com (Honza Horak)
Date: Tue, 17 May 2016 18:46:56 +0200
Subject: [Ci-users] Test results not sent to github PR
Message-ID: <573B4B00.4060408@redhat.com>

I'm fighting with github+jenkins integration; specifically I'd like to 
make jenkins to run a job [1] for every commit in PR [2] or after 
writing message '[test]' in this PR. Then I expect the test result to be 
set in github PR.

One issue I see is that when trying to follow [3] and adding 
'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent 
Deliveries' section.

Well, when adding [test] comment, the job is run, but the output is not 
sent into github.

I'd appreciate any help here, since I'm quite new to jenkins..

[1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
[2] https://github.com/sclorg/mariadb-container/pull/1
[3] https://wiki.centos.org/QaWiki/CI/GithubIntegration

Honza


From brian at bstinson.com  Tue May 17 16:52:14 2016
From: brian at bstinson.com (Brian Stinson)
Date: Tue, 17 May 2016 11:52:14 -0500
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <573B4B00.4060408@redhat.com>
References: <573B4B00.4060408@redhat.com>
Message-ID: <20160517165214.GT4349@ender.bstinson.lan>

On May 17 18:46, Honza Horak wrote:
> I'm fighting with github+jenkins integration; specifically I'd like to make
> jenkins to run a job [1] for every commit in PR [2] or after writing message
> '[test]' in this PR. Then I expect the test result to be set in github PR.
> 
> One issue I see is that when trying to follow [3] and adding
> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent Deliveries'
> section.
> 
> Well, when adding [test] comment, the job is run, but the output is not sent
> into github.
> 
> I'd appreciate any help here, since I'm quite new to jenkins..
> 
> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
> [2] https://github.com/sclorg/mariadb-container/pull/1
> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
> 
> Honza
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users

Be sure you have the trailing slash in the webhook url:

https://ci.centos.org/ghbrphook/ 

I'll update [3] to make sure that's more clear.

Cheers!

--
Brian Stinson 


From hhorak at redhat.com  Tue May 17 18:18:58 2016
From: hhorak at redhat.com (Honza Horak)
Date: Tue, 17 May 2016 20:18:58 +0200
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <20160517165214.GT4349@ender.bstinson.lan>
References: <573B4B00.4060408@redhat.com>
	<20160517165214.GT4349@ender.bstinson.lan>
Message-ID: <573B6092.8060704@redhat.com>

On 05/17/2016 06:52 PM, Brian Stinson wrote:
> On May 17 18:46, Honza Horak wrote:
>> I'm fighting with github+jenkins integration; specifically I'd like to make
>> jenkins to run a job [1] for every commit in PR [2] or after writing message
>> '[test]' in this PR. Then I expect the test result to be set in github PR.
>>
>> One issue I see is that when trying to follow [3] and adding
>> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent Deliveries'
>> section.
>>
>> Well, when adding [test] comment, the job is run, but the output is not sent
>> into github.
>>
>> I'd appreciate any help here, since I'm quite new to jenkins..
>>
>> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
>> [2] https://github.com/sclorg/mariadb-container/pull/1
>> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
>>
>> Honza
>> _______________________________________________
>> Ci-users mailing list
>> Ci-users at centos.org
>> https://lists.centos.org/mailman/listinfo/ci-users
>
> Be sure you have the trailing slash in the webhook url:
>
> https://ci.centos.org/ghbrphook/
>
> I'll update [3] to make sure that's more clear.

I'm afraid it still doesn't work, this is my output in 'Recent Deliveries':

Headers

Cache-Control: must-revalidate,no-cache,no-store
Connection: keep-alive
Content-Length: 1441
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 17 May 2016 18:18:07 GMT
Server: nginx/1.0.15
X-Content-Type-Options: nosniff

Body

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /ghbrphook/. Reason:
<pre>    No valid crumb was included in the request</pre></p><hr 
/><i><small>Powered by Jetty://</small></i><br/> 

<br/>

Honza


From walters at verbum.org  Wed May 18 16:40:23 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 12:40:23 -0400
Subject: [Ci-users] duffy requests
Message-ID: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>

1) Public source code
2) Arbitrary metadata (could be JSON or just a blob) like /Node/get/?key=blah&metadata=<base64 encoded json>
   Then a new /InventoryExt verb that returns JSON like:

[
    { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded json>" },
    { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded json>" }
]

3) Also add a new option to /get/  named "longpoll" which means the machine is automatically deallocated when the requester's TCP connection closes.  This would help ensure that e.g. cancelling the job or a Jenkins restart etc. automatically deallocated the machine


From herlo at redhat.com  Wed May 18 17:04:18 2016
From: herlo at redhat.com (Clint Savage)
Date: Wed, 18 May 2016 11:04:18 -0600
Subject: [Ci-users] duffy requests
In-Reply-To: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
Message-ID: <CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>

I like this concept. I wonder if the base64 encoding is really necessary.

Here's what our internal tool reads. I would love to see something that
could work in both environments with very little adjustment.

This example uses openstack, thus the 'user-data-files' is unnecessary, and
the main resources might look different also.

{
    "resources": [
        {
            "name": "openshift-node1",
            "count": "1",
            "flavor": "m1.medium",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'primary', 'zone':
'east'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["nodes", "OSEv3"]
            }
        },
        {
            "name": "openshift-node2",
            "count": "1",
            "flavor": "m1.medium",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'primary', 'zone':
'west'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["nodes", "OSEv3", "repo_host"]
            }
        },
        {
            "name": "openshift-master",
            "count": "1",
            "flavor": "m1.large",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'infra', 'zone':
'default'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["masters", "nodes", "OSEv3"]
            }
        }
   ]
}

Cheers,

herlo

On Wed, May 18, 2016 at 10:40 AM, Colin Walters <walters at verbum.org> wrote:

> 1) Public source code
> 2) Arbitrary metadata (could be JSON or just a blob) like
> /Node/get/?key=blah&metadata=<base64 encoded json>
>    Then a new /InventoryExt verb that returns JSON like:
>
> [
>     { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded
> json>" },
>     { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded
> json>" }
> ]
>
> 3) Also add a new option to /get/  named "longpoll" which means the
> machine is automatically deallocated when the requester's TCP connection
> closes.  This would help ensure that e.g. cancelling the job or a Jenkins
> restart etc. automatically deallocated the machine
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/2e5906ab/attachment-0004.html>

From ari at redhat.com  Wed May 18 17:11:09 2016
From: ari at redhat.com (Ari LiVigni)
Date: Wed, 18 May 2016 13:11:09 -0400
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
Message-ID: <CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>

It would be great if this could be generated as dynamic ansible inventory.
We do this with the output of the node creation.  This way it becomes very
easy to use ansible to do any follow on tasks once you have the resources.

On Wed, May 18, 2016 at 1:04 PM, Clint Savage <herlo at redhat.com> wrote:

> I like this concept. I wonder if the base64 encoding is really necessary.
>
> Here's what our internal tool reads. I would love to see something that
> could work in both environments with very little adjustment.
>
> This example uses openstack, thus the 'user-data-files' is unnecessary,
> and the main resources might look different also.
>
> {
>     "resources": [
>         {
>             "name": "openshift-node1",
>             "count": "1",
>             "flavor": "m1.medium",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'primary', 'zone':
> 'east'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["nodes", "OSEv3"]
>             }
>         },
>         {
>             "name": "openshift-node2",
>             "count": "1",
>             "flavor": "m1.medium",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'primary', 'zone':
> 'west'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["nodes", "OSEv3", "repo_host"]
>             }
>         },
>         {
>             "name": "openshift-master",
>             "count": "1",
>             "flavor": "m1.large",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'infra', 'zone':
> 'default'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["masters", "nodes", "OSEv3"]
>             }
>         }
>    ]
> }
>
> Cheers,
>
> herlo
>
> On Wed, May 18, 2016 at 10:40 AM, Colin Walters <walters at verbum.org>
> wrote:
>
>> 1) Public source code
>> 2) Arbitrary metadata (could be JSON or just a blob) like
>> /Node/get/?key=blah&metadata=<base64 encoded json>
>>    Then a new /InventoryExt verb that returns JSON like:
>>
>> [
>>     { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded
>> json>" },
>>     { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded
>> json>" }
>> ]
>>
>> 3) Also add a new option to /get/  named "longpoll" which means the
>> machine is automatically deallocated when the requester's TCP connection
>> closes.  This would help ensure that e.g. cancelling the job or a Jenkins
>> restart etc. automatically deallocated the machine
>> _______________________________________________
>> Ci-users mailing list
>> Ci-users at centos.org
>> https://lists.centos.org/mailman/listinfo/ci-users
>>
>
>
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
>


-- 
-== @ri ==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/c1de0f04/attachment-0004.html>

From herlo at redhat.com  Wed May 18 17:15:10 2016
From: herlo at redhat.com (Clint Savage)
Date: Wed, 18 May 2016 11:15:10 -0600
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
Message-ID: <CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>

On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com> wrote:

> It would be great if this could be generated as dynamic ansible
> inventory.  We do this with the output of the node creation.  This way it
> becomes very easy to use ansible to do any follow on tasks once you have
> the resources.
>
>
+1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/0e0d45cc/attachment-0004.html>

From kbsingh at centos.org  Wed May 18 17:22:13 2016
From: kbsingh at centos.org (Karanbir Singh)
Date: Wed, 18 May 2016 18:22:13 +0100
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
	<CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
Message-ID: <fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/05/16 18:15, Clint Savage wrote:
> 
> 
> On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com 
> <mailto:ari at redhat.com>> wrote:
> 
> It would be great if this could be generated as dynamic ansible 
> inventory.  We do this with the output of the node creation.  This 
> way it becomes very easy to use ansible to do any follow on tasks 
> once you have the resources.
> 
> 
> +1

what might that actually look like ?


- -- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXPKTFAAoJEI3Oi2Mx7xbt7DIH/iQ2dc/OaW60cH21dEnt6WuL
aqB6rnoBLjws3v0AbYKFzoFjYtA3xd/UNTERa4CjIPWkcdkz/QlUAxRVuuuvC3A1
h29WFnSWhxnEIbRQROAI8dv+qkBum5KjN85ZyVN66mllXPPlLLC1A7w0x+29V8Zo
Keq7+UPPbIQItzyUrJjzRVXIhy456GtUoco+BvmUkESG7eBRyGePjyHH8iFzdArY
jAkNrakPr/CSmXunoYThRDx6I0mAiGnNqXTPoBH2T6bRWWFFfbQdJc0App9uqNa6
gxHGEPLQ7Bt+gCyqgQ8ViGH3U8Rury0kXT83pVYJl7Y4wyowiQEy7Ld/8zRt2oA=
=4ADD
-----END PGP SIGNATURE-----


From ari at redhat.com  Wed May 18 17:47:02 2016
From: ari at redhat.com (Ari LiVigni)
Date: Wed, 18 May 2016 13:47:02 -0400
Subject: [Ci-users] duffy requests
In-Reply-To: <fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
	<CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
	<fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>
Message-ID: <CAMqnh2O2RrfwxD1MMKRmyYqNQ+QDiKKJ3e9njR6OPSEQOqPoow@mail.gmail.com>

*The input is the file that Clint provided which is called a topology file:*
https://paste.fedoraproject.org/368077/35929591/

*Our tools generates output:*
resources.json
https://paste.fedoraproject.org/368075/46359285/

*Then we use this script to use as an inventory file to ansible:*
https://paste.fedoraproject.org/368080/46359306/

*We run the this command to get the inventory:*
python ci-factory/utils/central_ci_dynamic_hosts.py | python -m json.tool

*Inventory looks like:*
https://paste.fedoraproject.org/368081/63593258/

Then you can run:
ansible-playbook -i ci-factory/utils/central_ci_dynamic_hosts.py
--private-key <ssh-key> <playbook-you-want-to-run>

Sounds like from Brian's demo that this could be done after you get the
resources as well by the user, but it may be nice to have this as an
infrastructure toolset.

On Wed, May 18, 2016 at 1:22 PM, Karanbir Singh <kbsingh at centos.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 18/05/16 18:15, Clint Savage wrote:
> >
> >
> > On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com
> > <mailto:ari at redhat.com>> wrote:
> >
> > It would be great if this could be generated as dynamic ansible
> > inventory.  We do this with the output of the node creation.  This
> > way it becomes very easy to use ansible to do any follow on tasks
> > once you have the resources.
> >
> >
> > +1
>
> what might that actually look like ?
>
>
> - --
> Karanbir Singh, Project Lead, The CentOS Project
> +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
> GnuPG Key : http://www.karan.org/publickey.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQEcBAEBAgAGBQJXPKTFAAoJEI3Oi2Mx7xbt7DIH/iQ2dc/OaW60cH21dEnt6WuL
> aqB6rnoBLjws3v0AbYKFzoFjYtA3xd/UNTERa4CjIPWkcdkz/QlUAxRVuuuvC3A1
> h29WFnSWhxnEIbRQROAI8dv+qkBum5KjN85ZyVN66mllXPPlLLC1A7w0x+29V8Zo
> Keq7+UPPbIQItzyUrJjzRVXIhy456GtUoco+BvmUkESG7eBRyGePjyHH8iFzdArY
> jAkNrakPr/CSmXunoYThRDx6I0mAiGnNqXTPoBH2T6bRWWFFfbQdJc0App9uqNa6
> gxHGEPLQ7Bt+gCyqgQ8ViGH3U8Rury0kXT83pVYJl7Y4wyowiQEy7Ld/8zRt2oA=
> =4ADD
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>



-- 
-== @ri ==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/feed6e5d/attachment-0004.html>

From walters at verbum.org  Wed May 18 21:05:47 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 17:05:47 -0400
Subject: [Ci-users] centos-ci-skeleton v2016.1
Message-ID: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>

Hi,

https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

is a repo I put together today that's factoring out some recent work
I did on a new duffy wrapper script:

https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

Combined with JJB templates:

https://github.com/cgwalters/centos-ci-skeleton/blob/master/jjb-tmpl/cciskel-duffy.yml

My high level goal is to try to establish a bit more of a shared
baseline codebase.  It seems for example that most CentOS CI users
are using Jenkins Job Builder.  (If you're not, you should really consider it).

If you look at my demo job:

https://github.com/cgwalters/centos-ci-skeleton/tree/master/jjb-demo

It shows how to pair together things so that you get a reusable node
that's provisioned via an Ansible playbook.



From walters at verbum.org  Thu May 19 00:08:21 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 20:08:21 -0400
Subject: [Ci-users] centos-ci-skeleton v2016.1
In-Reply-To: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
References: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
Message-ID: <1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>



On Wed, May 18, 2016, at 05:05 PM, Colin Walters wrote:
> Hi,
> 
> https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
> 
> is a repo I put together today that's factoring out some recent work
> I did on a new duffy wrapper script:
> 
> https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

This second link should have been 
https://github.com/cgwalters/centos-ci-skeleton/blob/master/cciskel-duffy


From ndevos at redhat.com  Thu May 19 10:17:20 2016
From: ndevos at redhat.com (Niels de Vos)
Date: Thu, 19 May 2016 12:17:20 +0200
Subject: [Ci-users] Request for virtual IP-addresses in the CI for fail-over
	testing
Message-ID: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>

An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/c2c0831e/attachment-0004.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/c2c0831e/attachment-0004.sig>

From arrfab at centos.org  Thu May 19 11:56:46 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Thu, 19 May 2016 13:56:46 +0200
Subject: [Ci-users] Request for virtual IP-addresses in the CI for
 fail-over testing
In-Reply-To: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>
References: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>
Message-ID: <573DA9FE.7000606@centos.org>

On 19/05/16 12:17, Niels de Vos wrote:
> Hi,
> 
> there is an integration in place with Gluster, NFS-Ganesha and
> Pacemaker. This combination makes it possible to have an active-active
> high-available NFS-server backed by Gluster volumes.
> 
> We'd like to add automated testing for functional fail-over in the CI.
> This requires the use of virtual-IPs that get assigned to the different
> NFS-Ganesha servers, which will migrate to other servers upon failure.
> 
> On https://wiki.centos.org/QaWiki/PubHardware is a mentioning of
> "reserved IP addresses" where the Gluster project in the CI would like
> to get listed too. What is the process to request a few IPs, and what
> are the restrictions we need to be aware of (and how to put them in the
> Jenkins job)?
> 
> Thanks,
> Niels

Hi Niels,

There are probably multiple ways to solve that. For example you have
multiple interfaces (and eth0 -> eth3 are now in the same vlan, but only
eth0 is configured )
So you can for example use another subnet not conflicting with the
172.19.0.0/22 (nor 172.19.4.0/22 also alocated for remote VMs), but I
don't know how you'll test the virtual ip : I guess from another
provisioned node (like a nfs client).
I've reserved the following range for Gluster : 172.19.2.21 ->
172.19.1.30 (and documented it on the wiki page)

Does that work for you ?

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/6d0b3bb3/attachment-0004.sig>

From herlo at redhat.com  Thu May 19 15:23:26 2016
From: herlo at redhat.com (Clint Savage)
Date: Thu, 19 May 2016 09:23:26 -0600
Subject: [Ci-users] centos-ci-skeleton v2016.1
In-Reply-To: <1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>
References: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
	<1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>
Message-ID: <CAMwYf-6BtSxVjHWsG_rJ3Cae7Zh-L5bejVQ7J24kzVCwicMVJA@mail.gmail.com>

Colin,

+1 on this. I've just created
https://github.com/CentOS-PaaS-SIG/centos-paas-ci and will be contributing
there PaaS CI things. I intend to use the cciskel-duffy script, and hope to
model things similarly.

One thought I have been having about the metadata bits we discussed
yesterday in the meeting. What if we didn't have duffy do the metadata, but
rather consumed the session values, nodes, etc. from duffy, then allowed
the cciskel-duffy to pull in a json file that helped define metadata. I can
see that you are doing a small inventory bit in the code, it looks mostly
around ansible groups.

Consider the following use case/story. I've requested three nodes from
duffy, for an openshift cluster. One will be the master, the other two will
be nodes. Putting a custom built RPM repository on one node (not the
master), and then installing using the atomic-openshift-installer. a
installer.cfg.yml file will need to be created which details these items.
Having this in a dynamically-generated inventory from your cciskel-duffy
tool seems like a great location, at least until duffy can do this itself.

Thoughts?

herlo

On Wed, May 18, 2016 at 6:08 PM, Colin Walters <walters at verbum.org> wrote:

>
>
> On Wed, May 18, 2016, at 05:05 PM, Colin Walters wrote:
> > Hi,
> >
> > https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
> >
> > is a repo I put together today that's factoring out some recent work
> > I did on a new duffy wrapper script:
> >
> > https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
>
> This second link should have been
> https://github.com/cgwalters/centos-ci-skeleton/blob/master/cciskel-duffy
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/31d73582/attachment-0004.html>

From arrfab at centos.org  Fri May 20 08:27:37 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Fri, 20 May 2016 10:27:37 +0200
Subject: [Ci-users] Important infra outage notification - dates to be
	discussed
Message-ID: <573ECA79.70207@centos.org>

Due to some reorganization at the DC/Cage level, we'll have to
shutdown/move/reconfigure a big part of our hosted infra for the
following services :
- cbs.centos.org (Koji)
- accounts.centos.org (auth backend)
- ci.centos.org (jenkins-driven CI environment)

We're working on a plan to minimize the downtime/reconfiguration part,
but at first sight, due to the hardware move of the racks/recabling
parts/etc, the announced downtime will be probably ~48h.

What does that mean ? That during this window, nobody will be able to
build/tests packages, nor be able to triggers automatically CI jobs
(important).
As said, we're working on an agenda with the team operating the DC, but
we'd like you (cbs and ci users) to give us feedback on the best (or
worst ?) time line for such migration.

For example if you know that your $project will have a release soon, and
already have an agenda for such release (and so build/ci) and that you
rely on that infra, we'd like you to communicate those informations to
us, so that we can try to find the best possible time slot for the
migration, minimizing the impact on the whole CentOS ecosystem (and so
for all our users)

Feel free to answer in this thread, or find us in #centos-devel on freenode.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160520/7eb2d2aa/attachment-0004.sig>

From walters at verbum.org  Sat May 21 13:31:48 2016
From: walters at verbum.org (Colin Walters)
Date: Sat, 21 May 2016 09:31:48 -0400
Subject: [Ci-users] Jenkins SafeRestart to add extra CSRF Protection
 19-Apr-2016 14h30 UTC (09h30 EDT)
In-Reply-To: <20160419135426.GC4349@ender.bstinson.lan>
References: <20160419135426.GC4349@ender.bstinson.lan>
Message-ID: <1463837508.618503.614550297.2097E00D@webmail.messagingengine.com>

On Tue, Apr 19, 2016, at 09:54 AM, Brian Stinson wrote:
> Hi Folks,
> 
> In response to news of directed attacks against public Jenkins
> instances[0], we are enabling some of the CSRF protections in ci.centos.org

It looks like this also caused:

https://github.com/janinko/ghprb/issues/84

However I'm a bit confused - it seems like a lot more
people should be hitting this.  Perhaps people just aren't
turning on CSRF?

Then I also found
https://github.com/jenkinsci/ghprb-plugin/commit/cb8447f991aebe3de688d3548c451dd128e16900
which:
$ git describe --contains cb8447f991aebe3de688d3548c451dd128e16900
ghprb-1.28~3^2

So it *should* be in the 1.30.4 we're running according to
https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]

Did anyone else manage to get the ghprb hooks working?

(Aside, I was trying to work around this by using the raw `github` plugin's webhook
 which does work, but I couldn't quite figure out how to make a single job that builds
 multiple PRs be "stable", i.e. avoid retriggering for previously built PRs, plus in the
 end we do need a way to retrigger as ghprb handles)


From bstinson at redhat.com  Mon May 23 19:58:28 2016
From: bstinson at redhat.com (Brian Stinson)
Date: Mon, 23 May 2016 14:58:28 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
Message-ID: <20160523195828.GC26882@ender.bstinson.lan>

Hi Folks,

We will be having a maintenance window starting at 1AM UTC on Friday,
May 27th to do the following work:

- Upgrade to the latest Jenkins LTS 
- Upgrade all plugins (including the Github Plugin) to their latest
  versions
- Install the Pipeline Plugin (bug: 10825)
- Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
- Reboot the storage node 

The following services will be affected:
- ci.centos.org: Jenkins Frontend
- artifacts.ci.centos.org: File availability

As usual we will have a quiet period starting 1 hour before in order to
let pending jobs clear out.

If there are any questions please let us know.

Cheers!

--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160523/abfd0ba2/attachment-0004.sig>

From hhorak at redhat.com  Mon May 23 20:12:59 2016
From: hhorak at redhat.com (Honza Horak)
Date: Mon, 23 May 2016 22:12:59 +0200
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <573B6092.8060704@redhat.com>
References: <573B4B00.4060408@redhat.com>
	<20160517165214.GT4349@ender.bstinson.lan>
	<573B6092.8060704@redhat.com>
Message-ID: <5743644B.80001@redhat.com>

Thinking about it a bit, I think it might be caused by the fact that 
"GitHub API credentials" only allows to set "Anonymous connection". 
Shouldn't it be configured so that it can use centos-ci user?

honza

On 05/17/2016 08:18 PM, Honza Horak wrote:
> On 05/17/2016 06:52 PM, Brian Stinson wrote:
>> On May 17 18:46, Honza Horak wrote:
>>> I'm fighting with github+jenkins integration; specifically I'd like
>>> to make
>>> jenkins to run a job [1] for every commit in PR [2] or after writing
>>> message
>>> '[test]' in this PR. Then I expect the test result to be set in
>>> github PR.
>>>
>>> One issue I see is that when trying to follow [3] and adding
>>> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent
>>> Deliveries'
>>> section.
>>>
>>> Well, when adding [test] comment, the job is run, but the output is
>>> not sent
>>> into github.
>>>
>>> I'd appreciate any help here, since I'm quite new to jenkins..
>>>
>>> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
>>> [2] https://github.com/sclorg/mariadb-container/pull/1
>>> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
>>>
>>> Honza
>>> _______________________________________________
>>> Ci-users mailing list
>>> Ci-users at centos.org
>>> https://lists.centos.org/mailman/listinfo/ci-users
>>
>> Be sure you have the trailing slash in the webhook url:
>>
>> https://ci.centos.org/ghbrphook/
>>
>> I'll update [3] to make sure that's more clear.
>
> I'm afraid it still doesn't work, this is my output in 'Recent Deliveries':
>
> Headers
>
> Cache-Control: must-revalidate,no-cache,no-store
> Connection: keep-alive
> Content-Length: 1441
> Content-Type: text/html;charset=ISO-8859-1
> Date: Tue, 17 May 2016 18:18:07 GMT
> Server: nginx/1.0.15
> X-Content-Type-Options: nosniff
>
> Body
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
> <title>Error 403 No valid crumb was included in the request</title>
> </head>
> <body><h2>HTTP ERROR 403</h2>
> <p>Problem accessing /ghbrphook/. Reason:
> <pre>    No valid crumb was included in the request</pre></p><hr
> /><i><small>Powered by Jetty://</small></i><br/>
> <br/>
>
> Honza
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users


From dominic at cleal.org  Tue May 24 07:15:42 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Tue, 24 May 2016 08:15:42 +0100
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160523195828.GC26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
Message-ID: <5743FF9E.9010207@cleal.org>

On 23/05/16 20:58, Brian Stinson wrote:
> Hi Folks,
> 
> We will be having a maintenance window starting at 1AM UTC on Friday,
> May 27th to do the following work:
> 
> - Upgrade to the latest Jenkins LTS 

Just a heads up, the latest Jenkins LTS (1.651.2) broke a few plugins in
its default configuration which filters out unknown job parameters.
Notably it broke the matrix project plugin which will probably affect a
few users - I had to disable the new security feature on the Foreman
Jenkins server.

https://issues.jenkins-ci.org/browse/JENKINS-34758 and
https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170
have more details about the plugins affected.

-- 
Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160524/22505e56/attachment-0004.sig>

From brian at bstinson.com  Thu May 26 17:14:30 2016
From: brian at bstinson.com (Brian Stinson)
Date: Thu, 26 May 2016 12:14:30 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160523195828.GC26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
Message-ID: <20160526171430.GG26882@ender.bstinson.lan>

On May 23 14:58, Brian Stinson wrote:
> Hi Folks,
> 
> We will be having a maintenance window starting at 1AM UTC on Friday,
> May 27th to do the following work:
> 
> - Upgrade to the latest Jenkins LTS 
> - Upgrade all plugins (including the Github Plugin) to their latest
>   versions
> - Install the Pipeline Plugin (bug: 10825)
> - Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
> - Reboot the storage node 
> 
> The following services will be affected:
> - ci.centos.org: Jenkins Frontend
> - artifacts.ci.centos.org: File availability
> 
> As usual we will have a quiet period starting 1 hour before in order to
> let pending jobs clear out.
> 
> If there are any questions please let us know.
> 
> Cheers!
> 
> --
> Brian Stinson
> CentOS CI Infrastructure Team

Hi All,

Just a reminder that this maintenance window will take place tonight!

Cheers!

--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160526/fbb61b81/attachment-0004.sig>

From brian at bstinson.com  Fri May 27 01:41:20 2016
From: brian at bstinson.com (Brian Stinson)
Date: Thu, 26 May 2016 20:41:20 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160526171430.GG26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
Message-ID: <20160527014120.GH26882@ender.bstinson.lan>

On May 26 12:14, Brian Stinson wrote:
> On May 23 14:58, Brian Stinson wrote:
> > Hi Folks,
> > 
> > We will be having a maintenance window starting at 1AM UTC on Friday,
> > May 27th to do the following work:
> > 
> > - Upgrade to the latest Jenkins LTS 
> > - Upgrade all plugins (including the Github Plugin) to their latest
> >   versions
> > - Install the Pipeline Plugin (bug: 10825)
> > - Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
> > - Reboot the storage node 
> > 
> > The following services will be affected:
> > - ci.centos.org: Jenkins Frontend
> > - artifacts.ci.centos.org: File availability
> > 
> > As usual we will have a quiet period starting 1 hour before in order to
> > let pending jobs clear out.
> > 
> > If there are any questions please let us know.
> > 
> > Cheers!
> > 
> > --
> > Brian Stinson
> > CentOS CI Infrastructure Team
> 
> Hi All,
> 
> Just a reminder that this maintenance window will take place tonight!
> 
> Cheers!
> 
> --
> Brian Stinson
> CentOS CI Infrastructure Team

Ok Folks,

We should be back up and accepting new jobs. 

Please let us know if there is any trouble

Cheers!
--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160526/9d08afb3/attachment-0004.sig>

From walters at verbum.org  Fri May 27 15:44:38 2016
From: walters at verbum.org (Colin Walters)
Date: Fri, 27 May 2016 11:44:38 -0400
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160527014120.GH26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
Message-ID: <1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>

On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:

> Please let us know if there is any trouble

jenkins-job-builder now fails with:

```
$ /usr/bin/make update
jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
Traceback (most recent call last):
  File "/usr/bin/jenkins-jobs", line 10, in <module>
    sys.exit(main())
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
    execute(options, config)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
    options.names)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
    self.load_files(input_fn)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
    self.parser = YamlParser(self.global_config, self.plugins_list)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
    self._plugins_list = self.jenkins.get_plugins_info()
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
    raise e
jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
```

It seems it's trying to do the equivalent of:

https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]

For which I now get:

Access Denied

atomic-sig is missing the Overall/Administer permission

Even though both I and JJB aren't trying to administer anything, just retrieve
the list of plugins.


From dshah at redhat.com  Fri May 27 16:50:28 2016
From: dshah at redhat.com (Dharmit Shah)
Date: Fri, 27 May 2016 22:20:28 +0530
Subject: [Ci-users] Networking query (Vagrant + Duffy + Jenkins)
Message-ID: <95e7dce6-b26e-897a-c3c9-c702226fa708@redhat.com>

Hi all,

I'm trying to get access to OpenShift service running inside the Vagrant 
box on one of the systems provided by Duffy. I'm attempting to access it 
from Jenkins slave.

I tried to forward the port 8443 inside the Vagrant box to port 8443 on 
Duffy provided system. And then when I try to access it from Jenkins 
slave, it fails with error:

$ ./oc login <duffy-provided-slave>
Unable to connect to the server: dial tcp <ip-address>:8443: getsockopt: 
no route to host

A rough mapping of the systems involved should look like this:

Jenkins Slave --> Duffy provisioned host (CentOS 7) --> Vagrant box 
running OpenShift (CentOS 7)			

I want to check with the group if someone's ever tried something like 
this and succeeded. Would love to hear some ideas that we should be trying.

Regards,
Dharmit.


From brian at bstinson.com  Fri May 27 17:01:36 2016
From: brian at bstinson.com (Brian Stinson)
Date: Fri, 27 May 2016 12:01:36 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
	<1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
Message-ID: <20160527170136.GI26882@ender.bstinson.lan>

On May 27 11:44, Colin Walters wrote:
> On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:
> 
> > Please let us know if there is any trouble
> 
> jenkins-job-builder now fails with:
> 
> ```
> $ /usr/bin/make update
> jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
> INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
> Traceback (most recent call last):
>   File "/usr/bin/jenkins-jobs", line 10, in <module>
>     sys.exit(main())
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
>     execute(options, config)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
>     options.names)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
>     self.load_files(input_fn)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
>     self.parser = YamlParser(self.global_config, self.plugins_list)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
>     self._plugins_list = self.jenkins.get_plugins_info()
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
>     raise e
> jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
> ```
> 
> It seems it's trying to do the equivalent of:
> 
> https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]
> 
> For which I now get:
> 
> Access Denied
> 
> atomic-sig is missing the Overall/Administer permission
> 
> Even though both I and JJB aren't trying to administer anything, just retrieve
> the list of plugins.

This is due to a fix for SECURITY-250:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

We had a hotfix to re-enable plugin lists but it looks like I missed one
of the permission checks. I'll investigate, re-patch and report back
here.

Cheers!
-- Brian


From walters at verbum.org  Tue May 31 17:00:44 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 31 May 2016 13:00:44 -0400
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160527170136.GI26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
	<1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
	<20160527170136.GI26882@ender.bstinson.lan>
Message-ID: <1464714044.3726246.623829185.2C5FEA22@webmail.messagingengine.com>



On Fri, May 27, 2016, at 01:01 PM, Brian Stinson wrote:

> We had a hotfix to re-enable plugin lists but it looks like I missed one
> of the permission checks. I'll investigate, re-patch and report back
> here.

Anything we can do to help with this?  At the moment this is
a blocker for continuing to use CentOS CI, and while no time
is opportune for CI to break, I've been in the middle of increasing
investment in it and trying to bring others on board.




From walters at verbum.org  Tue May 10 13:35:07 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:35:07 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
Message-ID: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>

```
[atomic-sig at slave01 ~]$ host cbs.centos.org
cbs.centos.org has address 172.20.1.15
[atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
^C
```

Just times out - I'm guessing there's some intermediate firewall, or
perhaps IP conflict on the 172.19 subnet?

Using the external IP works:

```
[atomic-sig at slave01 ~]$ host cbs.centos.org 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases: 

cbs.centos.org has address 66.187.224.194
[atomic-sig at slave01 ~]$ curl http://66.187.224.194/repos/virt7-docker-common-candidate/x86_64/os/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
```


From walters at verbum.org  Tue May 10 13:38:50 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:38:50 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
Message-ID: <1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>



On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
> ```
> [atomic-sig at slave01 ~]$ host cbs.centos.org
> cbs.centos.org has address 172.20.1.15
> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
> ^C
> ```
> 
> Just times out 

Argh!  It turns out it's https:// vs http://.  I broke it with:
https://github.com/CentOS/sig-atomic-buildscripts/pull/68

I can work around this for now by sed'ing the repo to use
http just inside the CI infra.


From arrfab at centos.org  Tue May 10 13:47:03 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Tue, 10 May 2016 15:47:03 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
Message-ID: <5731E657.80607@centos.org>

On 10/05/16 15:38, Colin Walters wrote:
> 
> 
> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>> ```
>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>> cbs.centos.org has address 172.20.1.15
>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>> ^C
>> ```
>>
>> Just times out 
> 
> Argh!  It turns out it's https:// vs http://.  I broke it with:
> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
> 
> I can work around this for now by sed'ing the repo to use
> http just inside the CI infra.

CI environment is located in the same DC as cbs, but in a different
subnet/vlan and with ip/port filtering at the gw level. Initially we
only opened http from ci to cbs, but I now added https too.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160510/9225757b/attachment-0005.sig>

From walters at verbum.org  Tue May 10 13:53:58 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 09:53:58 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <5731E657.80607@centos.org>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
	<5731E657.80607@centos.org>
Message-ID: <1462888438.289727.603523505.3EB1F994@webmail.messagingengine.com>

On Tue, May 10, 2016, at 09:47 AM, Fabian Arrotin wrote:

> CI environment is located in the same DC as cbs, but in a different
> subnet/vlan and with ip/port filtering at the gw level. Initially we
> only opened http from ci to cbs, but I now added https too.

Thanks for the quick response, [confirmed] the fix works.

FWIW it's quite important to use https:// for CBS because the RPMs
are unsigned.  (And even if they were signed one would want to use
https:// anyways due to https://isis.poly.edu/%7Ejcappos/papers/cappos_mirror_ccs_08.pdf )



From jbrooks at redhat.com  Tue May 10 18:37:28 2016
From: jbrooks at redhat.com (Jason Brooks)
Date: Tue, 10 May 2016 11:37:28 -0700
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <5731E657.80607@centos.org>
References: <1462887307.3924954.603501713.0AF29A8B@webmail.messagingengine.com>
	<1462887530.3925853.603504881.32D67C7F@webmail.messagingengine.com>
	<5731E657.80607@centos.org>
Message-ID: <CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>

On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
> On 10/05/16 15:38, Colin Walters wrote:
>>
>>
>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>> ```
>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>> cbs.centos.org has address 172.20.1.15
>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>> ^C
>>> ```
>>>
>>> Just times out
>>
>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>
>> I can work around this for now by sed'ing the repo to use
>> http just inside the CI infra.
>
> CI environment is located in the same DC as cbs, but in a different
> subnet/vlan and with ip/port filtering at the gw level. Initially we
> only opened http from ci to cbs, but I now added https too.

I'm getting a similar-looking issue w/ https from the ci artifacts location:

https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/

I'm trying to pull pkgs built in the ci and stored there in another ci job...

Jason

>
> --
> Fabian Arrotin
> The CentOS Project | http://www.centos.org
> gpg key: 56BEC54E | twitter: @arrfab
>
>
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>


From arrfab at centos.org  Tue May 10 18:43:41 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Tue, 10 May 2016 20:43:41 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
Message-ID: <57322BDD.80602@centos.org>

On 10/05/16 20:37, Jason Brooks wrote:
> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>> On 10/05/16 15:38, Colin Walters wrote:
>>>
>>>
>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>> ```
>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>> cbs.centos.org has address 172.20.1.15
>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>> ^C
>>>> ```
>>>>
>>>> Just times out
>>>
>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>
>>> I can work around this for now by sed'ing the repo to use
>>> http just inside the CI infra.
>>
>> CI environment is located in the same DC as cbs, but in a different
>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>> only opened http from ci to cbs, but I now added https too.
> 
> I'm getting a similar-looking issue w/ https from the ci artifacts location:
> 
> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
> 
> I'm trying to pull pkgs built in the ci and stored there in another ci job...
> 
> Jason
> 

Different issue as artifact node is internal and that has been discussed
some time ago :
https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
(and people confirmed that the solution worked for them)
And the wiki/doc was also adapted to only show one url that works both
internally and externally :
https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
http://artifacts.ci.centos.org/


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160510/324b4648/attachment-0005.sig>

From walters at verbum.org  Tue May 10 18:53:46 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 10 May 2016 14:53:46 -0400
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <57322BDD.80602@centos.org>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
Message-ID: <1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>

On Tue, May 10, 2016, at 02:43 PM, Fabian Arrotin wrote:
>
> http://artifacts.ci.centos.org/

That URL is currently only accessible via insecure HTTP (presented
cert's CN is just ci.centos.org), so I don't think it's a good idea to point
users or systems at it.


From jbrooks at redhat.com  Tue May 10 19:06:38 2016
From: jbrooks at redhat.com (Jason Brooks)
Date: Tue, 10 May 2016 12:06:38 -0700
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
	<1462906426.3290879.603874169.6B1D857F@webmail.messagingengine.com>
Message-ID: <CAF=rfpBQ-YCxs98Vq6BwjQ-hjZnGS9261k5f3b0TyGwFb-B5iQ@mail.gmail.com>

On Tue, May 10, 2016 at 11:53 AM, Colin Walters <walters at verbum.org> wrote:
> On Tue, May 10, 2016, at 02:43 PM, Fabian Arrotin wrote:
>>
>> http://artifacts.ci.centos.org/
>
> That URL is currently only accessible via insecure HTTP (presented
> cert's CN is just ci.centos.org), so I don't think it's a good idea to point
> users or systems at it.

OK, for now I'm going to work around this in the ci job definition w/ some sed.

> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users


From mail-lists at karan.org  Wed May 11 13:12:19 2016
From: mail-lists at karan.org (Karanbir Singh)
Date: Wed, 11 May 2016 14:12:19 +0100
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <57322BDD.80602@centos.org>
References: <5731E657.80607@centos.org>
	<CAF=rfpBK3iv79c4fVkKAJYhneFDP2zi-2xDtYKNQe7E8q7YE1g@mail.gmail.com>
	<57322BDD.80602@centos.org>
Message-ID: <8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>

On 10/05/16 19:43, Fabian Arrotin wrote:
> On 10/05/16 20:37, Jason Brooks wrote:
>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>
>>>>
>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>> ```
>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>> cbs.centos.org has address 172.20.1.15
>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>> ^C
>>>>> ```
>>>>>
>>>>> Just times out
>>>>
>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>
>>>> I can work around this for now by sed'ing the repo to use
>>>> http just inside the CI infra.
>>>
>>> CI environment is located in the same DC as cbs, but in a different
>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>> only opened http from ci to cbs, but I now added https too.
>>
>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>
>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>
>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>
>> Jason
>>
> 
> Different issue as artifact node is internal and that has been discussed
> some time ago :
> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
> (and people confirmed that the solution worked for them)
> And the wiki/doc was also adapted to only show one url that works both
> internally and externally :
> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
> http://artifacts.ci.centos.org/
> 

options on how the https:// might work on the CDN for buildlogs ?


-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc


From arrfab at centos.org  Wed May 11 13:34:48 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Wed, 11 May 2016 15:34:48 +0200
Subject: [Ci-users] Accessing cbs.centos.org from inside CI
In-Reply-To: <8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>
References: <57322BDD.80602@centos.org>
	<8644e900-f2a4-4bca-2a90-15cd08e801c3@karan.org>
Message-ID: <573334F8.2060808@centos.org>

On 11/05/16 15:12, Karanbir Singh wrote:
> On 10/05/16 19:43, Fabian Arrotin wrote:
>> On 10/05/16 20:37, Jason Brooks wrote:
>>> On Tue, May 10, 2016 at 6:47 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>>>> On 10/05/16 15:38, Colin Walters wrote:
>>>>>
>>>>>
>>>>> On Tue, May 10, 2016, at 09:35 AM, Colin Walters wrote:
>>>>>> ```
>>>>>> [atomic-sig at slave01 ~]$ host cbs.centos.org
>>>>>> cbs.centos.org has address 172.20.1.15
>>>>>> [atomic-sig at slave01 ~]$ curl https://cbs.centos.org/repos/virt7-docker-common-candidate/x86_64/os/
>>>>>> ^C
>>>>>> ```
>>>>>>
>>>>>> Just times out
>>>>>
>>>>> Argh!  It turns out it's https:// vs http://.  I broke it with:
>>>>> https://github.com/CentOS/sig-atomic-buildscripts/pull/68
>>>>>
>>>>> I can work around this for now by sed'ing the repo to use
>>>>> http just inside the CI infra.
>>>>
>>>> CI environment is located in the same DC as cbs, but in a different
>>>> subnet/vlan and with ip/port filtering at the gw level. Initially we
>>>> only opened http from ci to cbs, but I now added https too.
>>>
>>> I'm getting a similar-looking issue w/ https from the ci artifacts location:
>>>
>>> https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/build/
>>>
>>> I'm trying to pull pkgs built in the ci and stored there in another ci job...
>>>
>>> Jason
>>>
>>
>> Different issue as artifact node is internal and that has been discussed
>> some time ago :
>> https://lists.centos.org/pipermail/ci-users/2016-January/000093.html
>> (and people confirmed that the solution worked for them)
>> And the wiki/doc was also adapted to only show one url that works both
>> internally and externally :
>> https://wiki.centos.org/QaWiki/CI/GettingStarted#head-a46ee49e8818ef9b50225c4e9d429f7a079758d2
>> http://artifacts.ci.centos.org/
>>
> 
> options on how the https:// might work on the CDN for buildlogs ?
> 
> 

Well, buildlogs is external but also internal copy (yeah ....) but we'd
be able to setup proper https support for that, but the automatic
http->https redirection is what needs to be tested and how yum follows
the redirection for the repomd.xml file (if that works)
Something added on the TODO list, but not priority #1 this week though

OTOH, it's true that it was also discussed that people needing a lot of
artifacts file should ask those to be published on the CDN, and not
retrieved from CI network at all (but can be problematic if people want
the same test to work inside and outside too)

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160511/f25ea924/attachment-0005.sig>

From walters at verbum.org  Fri May 13 20:18:37 2016
From: walters at verbum.org (Colin Walters)
Date: Fri, 13 May 2016 16:18:37 -0400
Subject: [Ci-users] Request for
	https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
Message-ID: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>

It's a handy way to implement cleanup actions, such as de-provisioning a duffy machine regardless of whether or not a job succeeds.


From dms at redhat.com  Fri May 13 22:20:43 2016
From: dms at redhat.com (David Moreau Simard)
Date: Fri, 13 May 2016 18:20:43 -0400
Subject: [Ci-users] Request for
	https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
In-Reply-To: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
References: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
Message-ID: <CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>

I'm already using this for several jobs, exactly for the use case of
cleaning up nodes and collecting nodes.

Is it not working for you ?
Is post-tasks the same thing ?

This is what it looks like in a Jenkins Job Builder template:
https://github.com/rdo-infra/ci-config/blob/master/jenkins/jobs/weirdo-defaults.yml#L34

David Moreau Simard
Senior Software Engineer | Openstack RDO

dmsimard = [irc, github, twitter]
It's a handy way to implement cleanup actions, such as de-provisioning a
duffy machine regardless of whether or not a job succeeds.
_______________________________________________
Ci-users mailing list
Ci-users at centos.org
https://lists.centos.org/mailman/listinfo/ci-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160513/92b23692/attachment-0005.html>

From dominic at cleal.org  Mon May 16 09:46:33 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Mon, 16 May 2016 10:46:33 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <56964871.90109@karan.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org>
Message-ID: <573996F9.1070001@cleal.org>

On 13/01/16 12:52, Karanbir Singh wrote:
> We've been looking at and trying to scope up
> getting an RDO cloud in place, that could then be used for 3 things :
> 
> 1) making an openstack api available for people who want to just consume
> VM's for their workloads
> 
> 2) migrating the slaves into openstack managed ( ie, self/user managed )
> virtual machines
> 
> 3) offering up image backed resources for people looking at doing
> testing with other OSs, eg what the libvirt and libguestfs folks do at
> the moment.
> 
> We have a dedicated hardware slab ( ~ 24 phy machines worth ) dedicated
> to this task ( so as to not cut into the ci baremetal pools ), but are
> waiting on the RH facility folks to get it wired up and dial-toned.
> 
> Given the nature and impact of this setup, I am going to try and see if
> we can speed up delivery of that infra from the present timeline of end
> Feb '16.

Do you expect this service to be available soon?

-- 
Dominic Cleal
dominic at cleal.org


From kbsingh at centos.org  Mon May 16 11:26:58 2016
From: kbsingh at centos.org (Karanbir Singh)
Date: Mon, 16 May 2016 12:26:58 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <573996F9.1070001@cleal.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org> <573996F9.1070001@cleal.org>
Message-ID: <03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 16/05/16 10:46, Dominic Cleal wrote:
> On 13/01/16 12:52, Karanbir Singh wrote:
>> We've been looking at and trying to scope up getting an RDO cloud
>> in place, that could then be used for 3 things :
>> 
>> 1) making an openstack api available for people who want to just
>> consume VM's for their workloads
>> 
>> 2) migrating the slaves into openstack managed ( ie, self/user
>> managed ) virtual machines
>> 
>> 3) offering up image backed resources for people looking at
>> doing testing with other OSs, eg what the libvirt and libguestfs
>> folks do at the moment.
>> 
>> We have a dedicated hardware slab ( ~ 24 phy machines worth )
>> dedicated to this task ( so as to not cut into the ci baremetal
>> pools ), but are waiting on the RH facility folks to get it wired
>> up and dial-toned.
>> 
>> Given the nature and impact of this setup, I am going to try and
>> see if we can speed up delivery of that infra from the present
>> timeline of end Feb '16.
> 
> Do you expect this service to be available soon?
> 

I've got the basic stuff in place, and we should be able to open for
wider testing in the next day or so.

regards

- -- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXOa6CAAoJEI3Oi2Mx7xbtx1QIAK2Qa6vpvr7PIeTM7uBFP54B
kFKrh4ivyYJLAboLT8NlrSjhFuKWYcBY2P+5nUXi2lzB93M41ZnZdKSBQcBxAgC7
DMjQpGbvWsHOwcaev7y2cg3QwEMVtejPJX7Tx2+aZwX0Zr3i1Zdc7ah26YRAenm7
F3MDdvfQuZeMWBBfUm0ENDXx4eEMjMt4O8Cs1DpTqtCq3ZLDbeSAvNFU+zazocfG
zTfII9/w2uajWWWOGjZWAzffzf2x2/93uPz1ZYqsk9pK6T/MNaLr+pLIYLewUHXG
piNk1ibuTl2qmrK9FoQZYbROqFKgCoQfgnXAldMekjMDhkOldVLddUbZjmh7GlQ=
=MAkC
-----END PGP SIGNATURE-----


From dominic at cleal.org  Mon May 16 13:11:50 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Mon, 16 May 2016 14:11:50 +0100
Subject: [Ci-users] Strategy for scaling jenkins slaves ?
In-Reply-To: <03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>
References: <CAH7C+PqumXAt_iuaFmY1PzhJqLyVbgs23hCs9QybKzdOAwEwhg@mail.gmail.com>
	<56964871.90109@karan.org> <573996F9.1070001@cleal.org>
	<03d7b2a4-d605-8e68-da28-58a1cd46e59f@centos.org>
Message-ID: <5739C716.8020101@cleal.org>

On 16/05/16 12:26, Karanbir Singh wrote:
> On 16/05/16 10:46, Dominic Cleal wrote:
>> On 13/01/16 12:52, Karanbir Singh wrote:
>>> We've been looking at and trying to scope up getting an RDO cloud
>>> in place, that could then be used for 3 things :
>>>
>>> 1) making an openstack api available for people who want to just
>>> consume VM's for their workloads
>>>
>>> 2) migrating the slaves into openstack managed ( ie, self/user
>>> managed ) virtual machines
>>>
>>> 3) offering up image backed resources for people looking at
>>> doing testing with other OSs, eg what the libvirt and libguestfs
>>> folks do at the moment.
>>>
>>> We have a dedicated hardware slab ( ~ 24 phy machines worth )
>>> dedicated to this task ( so as to not cut into the ci baremetal
>>> pools ), but are waiting on the RH facility folks to get it wired
>>> up and dial-toned.
>>>
>>> Given the nature and impact of this setup, I am going to try and
>>> see if we can speed up delivery of that infra from the present
>>> timeline of end Feb '16.
> 
>> Do you expect this service to be available soon?
> 
> 
> I've got the basic stuff in place, and we should be able to open for
> wider testing in the next day or so.

That's great news, thanks. I'd be happy to help test.

-- 
Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160516/292b4178/attachment-0005.sig>

From walters at verbum.org  Mon May 16 15:24:48 2016
From: walters at verbum.org (Colin Walters)
Date: Mon, 16 May 2016 11:24:48 -0400
Subject: [Ci-users] Request for
 https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin
In-Reply-To: <CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>
References: <1463170717.3947275.607287353.15359749@webmail.messagingengine.com>
	<CAH7C+PrA1xuyRg2-VE=uLx2kL6wLZCOmt6OtMLn5wMkot15t=w@mail.gmail.com>
Message-ID: <1463412288.4049714.609249617.5D2C4243@webmail.messagingengine.com>

 
 
 
On Fri, May 13, 2016, at 06:20 PM, David Moreau Simard wrote:
> I'm already using this for several jobs, exactly for the use case of
> cleaning up nodes and collecting nodes.
> Is it not working for you ?
>  Is post-tasks the same thing ?
 
Looks like that's a different plugin, but indeed seems pretty close.? I
actually ended up using:
 
```
publishers:
- trigger-parameterized-builds:
```
 
Which is installed now, because I wanted to serialize around a single
cleanup builder for duffy.? I'lll post more about this later.
 
Thanks though for the link to your JJB - it's really useful to see what
other people are doing in this area.? What I'm working on now is in:
https://github.com/cgwalters/sig-atomic-buildscripts/tree/pr-testing/centos-ci
for those interested.
 
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160516/f9fee501/attachment-0005.html>

From hhorak at redhat.com  Tue May 17 16:46:56 2016
From: hhorak at redhat.com (Honza Horak)
Date: Tue, 17 May 2016 18:46:56 +0200
Subject: [Ci-users] Test results not sent to github PR
Message-ID: <573B4B00.4060408@redhat.com>

I'm fighting with github+jenkins integration; specifically I'd like to 
make jenkins to run a job [1] for every commit in PR [2] or after 
writing message '[test]' in this PR. Then I expect the test result to be 
set in github PR.

One issue I see is that when trying to follow [3] and adding 
'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent 
Deliveries' section.

Well, when adding [test] comment, the job is run, but the output is not 
sent into github.

I'd appreciate any help here, since I'm quite new to jenkins..

[1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
[2] https://github.com/sclorg/mariadb-container/pull/1
[3] https://wiki.centos.org/QaWiki/CI/GithubIntegration

Honza


From brian at bstinson.com  Tue May 17 16:52:14 2016
From: brian at bstinson.com (Brian Stinson)
Date: Tue, 17 May 2016 11:52:14 -0500
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <573B4B00.4060408@redhat.com>
References: <573B4B00.4060408@redhat.com>
Message-ID: <20160517165214.GT4349@ender.bstinson.lan>

On May 17 18:46, Honza Horak wrote:
> I'm fighting with github+jenkins integration; specifically I'd like to make
> jenkins to run a job [1] for every commit in PR [2] or after writing message
> '[test]' in this PR. Then I expect the test result to be set in github PR.
> 
> One issue I see is that when trying to follow [3] and adding
> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent Deliveries'
> section.
> 
> Well, when adding [test] comment, the job is run, but the output is not sent
> into github.
> 
> I'd appreciate any help here, since I'm quite new to jenkins..
> 
> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
> [2] https://github.com/sclorg/mariadb-container/pull/1
> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
> 
> Honza
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users

Be sure you have the trailing slash in the webhook url:

https://ci.centos.org/ghbrphook/ 

I'll update [3] to make sure that's more clear.

Cheers!

--
Brian Stinson 


From hhorak at redhat.com  Tue May 17 18:18:58 2016
From: hhorak at redhat.com (Honza Horak)
Date: Tue, 17 May 2016 20:18:58 +0200
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <20160517165214.GT4349@ender.bstinson.lan>
References: <573B4B00.4060408@redhat.com>
	<20160517165214.GT4349@ender.bstinson.lan>
Message-ID: <573B6092.8060704@redhat.com>

On 05/17/2016 06:52 PM, Brian Stinson wrote:
> On May 17 18:46, Honza Horak wrote:
>> I'm fighting with github+jenkins integration; specifically I'd like to make
>> jenkins to run a job [1] for every commit in PR [2] or after writing message
>> '[test]' in this PR. Then I expect the test result to be set in github PR.
>>
>> One issue I see is that when trying to follow [3] and adding
>> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent Deliveries'
>> section.
>>
>> Well, when adding [test] comment, the job is run, but the output is not sent
>> into github.
>>
>> I'd appreciate any help here, since I'm quite new to jenkins..
>>
>> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
>> [2] https://github.com/sclorg/mariadb-container/pull/1
>> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
>>
>> Honza
>> _______________________________________________
>> Ci-users mailing list
>> Ci-users at centos.org
>> https://lists.centos.org/mailman/listinfo/ci-users
>
> Be sure you have the trailing slash in the webhook url:
>
> https://ci.centos.org/ghbrphook/
>
> I'll update [3] to make sure that's more clear.

I'm afraid it still doesn't work, this is my output in 'Recent Deliveries':

Headers

Cache-Control: must-revalidate,no-cache,no-store
Connection: keep-alive
Content-Length: 1441
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 17 May 2016 18:18:07 GMT
Server: nginx/1.0.15
X-Content-Type-Options: nosniff

Body

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /ghbrphook/. Reason:
<pre>    No valid crumb was included in the request</pre></p><hr 
/><i><small>Powered by Jetty://</small></i><br/> 

<br/>

Honza


From walters at verbum.org  Wed May 18 16:40:23 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 12:40:23 -0400
Subject: [Ci-users] duffy requests
Message-ID: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>

1) Public source code
2) Arbitrary metadata (could be JSON or just a blob) like /Node/get/?key=blah&metadata=<base64 encoded json>
   Then a new /InventoryExt verb that returns JSON like:

[
    { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded json>" },
    { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded json>" }
]

3) Also add a new option to /get/  named "longpoll" which means the machine is automatically deallocated when the requester's TCP connection closes.  This would help ensure that e.g. cancelling the job or a Jenkins restart etc. automatically deallocated the machine


From herlo at redhat.com  Wed May 18 17:04:18 2016
From: herlo at redhat.com (Clint Savage)
Date: Wed, 18 May 2016 11:04:18 -0600
Subject: [Ci-users] duffy requests
In-Reply-To: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
Message-ID: <CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>

I like this concept. I wonder if the base64 encoding is really necessary.

Here's what our internal tool reads. I would love to see something that
could work in both environments with very little adjustment.

This example uses openstack, thus the 'user-data-files' is unnecessary, and
the main resources might look different also.

{
    "resources": [
        {
            "name": "openshift-node1",
            "count": "1",
            "flavor": "m1.medium",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'primary', 'zone':
'east'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["nodes", "OSEv3"]
            }
        },
        {
            "name": "openshift-node2",
            "count": "1",
            "flavor": "m1.medium",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'primary', 'zone':
'west'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["nodes", "OSEv3", "repo_host"]
            }
        },
        {
            "name": "openshift-master",
            "count": "1",
            "flavor": "m1.large",
            "image": "rhel-guest-image-7.1-20150224.0.x86_64",
            "metadata": {
                "product_type": "openshift",
                "deployment_type": "openshift-enterprise",
                "ansible_sudo": "false",
                "ansible_ssh_user": "root",
                "openshift_override_hostname_check": "true",
                "openshift_node_labels": "{'region': 'infra', 'zone':
'default'}",
                "openshift_hostname": "__IP__",
                "openshift_public_hostname": "__IP__",
                "openshift_set_hostname": "true",
                "openshift_docker_additional_registries": "
my.dockerregistry.com:8888",
                "openshift_docker_insecure_registries": "
my.dockerregistry.com:8888",
                "ansible-group": ["masters", "nodes", "OSEv3"]
            }
        }
   ]
}

Cheers,

herlo

On Wed, May 18, 2016 at 10:40 AM, Colin Walters <walters at verbum.org> wrote:

> 1) Public source code
> 2) Arbitrary metadata (could be JSON or just a blob) like
> /Node/get/?key=blah&metadata=<base64 encoded json>
>    Then a new /InventoryExt verb that returns JSON like:
>
> [
>     { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded
> json>" },
>     { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded
> json>" }
> ]
>
> 3) Also add a new option to /get/  named "longpoll" which means the
> machine is automatically deallocated when the requester's TCP connection
> closes.  This would help ensure that e.g. cancelling the job or a Jenkins
> restart etc. automatically deallocated the machine
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/2e5906ab/attachment-0005.html>

From ari at redhat.com  Wed May 18 17:11:09 2016
From: ari at redhat.com (Ari LiVigni)
Date: Wed, 18 May 2016 13:11:09 -0400
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
Message-ID: <CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>

It would be great if this could be generated as dynamic ansible inventory.
We do this with the output of the node creation.  This way it becomes very
easy to use ansible to do any follow on tasks once you have the resources.

On Wed, May 18, 2016 at 1:04 PM, Clint Savage <herlo at redhat.com> wrote:

> I like this concept. I wonder if the base64 encoding is really necessary.
>
> Here's what our internal tool reads. I would love to see something that
> could work in both environments with very little adjustment.
>
> This example uses openstack, thus the 'user-data-files' is unnecessary,
> and the main resources might look different also.
>
> {
>     "resources": [
>         {
>             "name": "openshift-node1",
>             "count": "1",
>             "flavor": "m1.medium",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'primary', 'zone':
> 'east'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["nodes", "OSEv3"]
>             }
>         },
>         {
>             "name": "openshift-node2",
>             "count": "1",
>             "flavor": "m1.medium",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'primary', 'zone':
> 'west'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["nodes", "OSEv3", "repo_host"]
>             }
>         },
>         {
>             "name": "openshift-master",
>             "count": "1",
>             "flavor": "m1.large",
>             "image": "rhel-guest-image-7.1-20150224.0.x86_64",
>             "metadata": {
>                 "product_type": "openshift",
>                 "deployment_type": "openshift-enterprise",
>                 "ansible_sudo": "false",
>                 "ansible_ssh_user": "root",
>                 "openshift_override_hostname_check": "true",
>                 "openshift_node_labels": "{'region': 'infra', 'zone':
> 'default'}",
>                 "openshift_hostname": "__IP__",
>                 "openshift_public_hostname": "__IP__",
>                 "openshift_set_hostname": "true",
>                 "openshift_docker_additional_registries": "
> my.dockerregistry.com:8888",
>                 "openshift_docker_insecure_registries": "
> my.dockerregistry.com:8888",
>                 "ansible-group": ["masters", "nodes", "OSEv3"]
>             }
>         }
>    ]
> }
>
> Cheers,
>
> herlo
>
> On Wed, May 18, 2016 at 10:40 AM, Colin Walters <walters at verbum.org>
> wrote:
>
>> 1) Public source code
>> 2) Arbitrary metadata (could be JSON or just a blob) like
>> /Node/get/?key=blah&metadata=<base64 encoded json>
>>    Then a new /InventoryExt verb that returns JSON like:
>>
>> [
>>     { "name": "n49.pufty", "ssid": "abcde", "metadata": "<base64 encoded
>> json>" },
>>     { "name": "a29.pufty", "ssid": "abcde", "metadata": "<base64 encoded
>> json>" }
>> ]
>>
>> 3) Also add a new option to /get/  named "longpoll" which means the
>> machine is automatically deallocated when the requester's TCP connection
>> closes.  This would help ensure that e.g. cancelling the job or a Jenkins
>> restart etc. automatically deallocated the machine
>> _______________________________________________
>> Ci-users mailing list
>> Ci-users at centos.org
>> https://lists.centos.org/mailman/listinfo/ci-users
>>
>
>
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
>


-- 
-== @ri ==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/c1de0f04/attachment-0005.html>

From herlo at redhat.com  Wed May 18 17:15:10 2016
From: herlo at redhat.com (Clint Savage)
Date: Wed, 18 May 2016 11:15:10 -0600
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
Message-ID: <CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>

On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com> wrote:

> It would be great if this could be generated as dynamic ansible
> inventory.  We do this with the output of the node creation.  This way it
> becomes very easy to use ansible to do any follow on tasks once you have
> the resources.
>
>
+1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/0e0d45cc/attachment-0005.html>

From kbsingh at centos.org  Wed May 18 17:22:13 2016
From: kbsingh at centos.org (Karanbir Singh)
Date: Wed, 18 May 2016 18:22:13 +0100
Subject: [Ci-users] duffy requests
In-Reply-To: <CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
	<CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
Message-ID: <fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/05/16 18:15, Clint Savage wrote:
> 
> 
> On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com 
> <mailto:ari at redhat.com>> wrote:
> 
> It would be great if this could be generated as dynamic ansible 
> inventory.  We do this with the output of the node creation.  This 
> way it becomes very easy to use ansible to do any follow on tasks 
> once you have the resources.
> 
> 
> +1

what might that actually look like ?


- -- 
Karanbir Singh, Project Lead, The CentOS Project
+44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
GnuPG Key : http://www.karan.org/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXPKTFAAoJEI3Oi2Mx7xbt7DIH/iQ2dc/OaW60cH21dEnt6WuL
aqB6rnoBLjws3v0AbYKFzoFjYtA3xd/UNTERa4CjIPWkcdkz/QlUAxRVuuuvC3A1
h29WFnSWhxnEIbRQROAI8dv+qkBum5KjN85ZyVN66mllXPPlLLC1A7w0x+29V8Zo
Keq7+UPPbIQItzyUrJjzRVXIhy456GtUoco+BvmUkESG7eBRyGePjyHH8iFzdArY
jAkNrakPr/CSmXunoYThRDx6I0mAiGnNqXTPoBH2T6bRWWFFfbQdJc0App9uqNa6
gxHGEPLQ7Bt+gCyqgQ8ViGH3U8Rury0kXT83pVYJl7Y4wyowiQEy7Ld/8zRt2oA=
=4ADD
-----END PGP SIGNATURE-----


From ari at redhat.com  Wed May 18 17:47:02 2016
From: ari at redhat.com (Ari LiVigni)
Date: Wed, 18 May 2016 13:47:02 -0400
Subject: [Ci-users] duffy requests
In-Reply-To: <fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>
References: <1463589623.3460640.611687105.700C07CD@webmail.messagingengine.com>
	<CAMwYf-4UVZb038YfrzZCOicb+fOka=WLxAiuN+CQv1xP936Dxw@mail.gmail.com>
	<CAMqnh2Net84vq7Wk47FqQfGRy2FNqZari=AqpGtym1-7KGJ0Qg@mail.gmail.com>
	<CAMwYf-4U6F6fRuGbY1ubJi-4hvSMsq4KoRaHuWsd3UtJFLDfnQ@mail.gmail.com>
	<fd6a5542-c38e-2a87-fe6f-571b29a3557c@centos.org>
Message-ID: <CAMqnh2O2RrfwxD1MMKRmyYqNQ+QDiKKJ3e9njR6OPSEQOqPoow@mail.gmail.com>

*The input is the file that Clint provided which is called a topology file:*
https://paste.fedoraproject.org/368077/35929591/

*Our tools generates output:*
resources.json
https://paste.fedoraproject.org/368075/46359285/

*Then we use this script to use as an inventory file to ansible:*
https://paste.fedoraproject.org/368080/46359306/

*We run the this command to get the inventory:*
python ci-factory/utils/central_ci_dynamic_hosts.py | python -m json.tool

*Inventory looks like:*
https://paste.fedoraproject.org/368081/63593258/

Then you can run:
ansible-playbook -i ci-factory/utils/central_ci_dynamic_hosts.py
--private-key <ssh-key> <playbook-you-want-to-run>

Sounds like from Brian's demo that this could be done after you get the
resources as well by the user, but it may be nice to have this as an
infrastructure toolset.

On Wed, May 18, 2016 at 1:22 PM, Karanbir Singh <kbsingh at centos.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 18/05/16 18:15, Clint Savage wrote:
> >
> >
> > On Wed, May 18, 2016 at 11:11 AM, Ari LiVigni <ari at redhat.com
> > <mailto:ari at redhat.com>> wrote:
> >
> > It would be great if this could be generated as dynamic ansible
> > inventory.  We do this with the output of the node creation.  This
> > way it becomes very easy to use ansible to do any follow on tasks
> > once you have the resources.
> >
> >
> > +1
>
> what might that actually look like ?
>
>
> - --
> Karanbir Singh, Project Lead, The CentOS Project
> +44-207-0999389 | http://www.centos.org/ | twitter.com/CentOS
> GnuPG Key : http://www.karan.org/publickey.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQEcBAEBAgAGBQJXPKTFAAoJEI3Oi2Mx7xbt7DIH/iQ2dc/OaW60cH21dEnt6WuL
> aqB6rnoBLjws3v0AbYKFzoFjYtA3xd/UNTERa4CjIPWkcdkz/QlUAxRVuuuvC3A1
> h29WFnSWhxnEIbRQROAI8dv+qkBum5KjN85ZyVN66mllXPPlLLC1A7w0x+29V8Zo
> Keq7+UPPbIQItzyUrJjzRVXIhy456GtUoco+BvmUkESG7eBRyGePjyHH8iFzdArY
> jAkNrakPr/CSmXunoYThRDx6I0mAiGnNqXTPoBH2T6bRWWFFfbQdJc0App9uqNa6
> gxHGEPLQ7Bt+gCyqgQ8ViGH3U8Rury0kXT83pVYJl7Y4wyowiQEy7Ld/8zRt2oA=
> =4ADD
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>



-- 
-== @ri ==-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160518/feed6e5d/attachment-0005.html>

From walters at verbum.org  Wed May 18 21:05:47 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 17:05:47 -0400
Subject: [Ci-users] centos-ci-skeleton v2016.1
Message-ID: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>

Hi,

https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

is a repo I put together today that's factoring out some recent work
I did on a new duffy wrapper script:

https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

Combined with JJB templates:

https://github.com/cgwalters/centos-ci-skeleton/blob/master/jjb-tmpl/cciskel-duffy.yml

My high level goal is to try to establish a bit more of a shared
baseline codebase.  It seems for example that most CentOS CI users
are using Jenkins Job Builder.  (If you're not, you should really consider it).

If you look at my demo job:

https://github.com/cgwalters/centos-ci-skeleton/tree/master/jjb-demo

It shows how to pair together things so that you get a reusable node
that's provisioned via an Ansible playbook.



From walters at verbum.org  Thu May 19 00:08:21 2016
From: walters at verbum.org (Colin Walters)
Date: Wed, 18 May 2016 20:08:21 -0400
Subject: [Ci-users] centos-ci-skeleton v2016.1
In-Reply-To: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
References: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
Message-ID: <1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>



On Wed, May 18, 2016, at 05:05 PM, Colin Walters wrote:
> Hi,
> 
> https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
> 
> is a repo I put together today that's factoring out some recent work
> I did on a new duffy wrapper script:
> 
> https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1

This second link should have been 
https://github.com/cgwalters/centos-ci-skeleton/blob/master/cciskel-duffy


From ndevos at redhat.com  Thu May 19 10:17:20 2016
From: ndevos at redhat.com (Niels de Vos)
Date: Thu, 19 May 2016 12:17:20 +0200
Subject: [Ci-users] Request for virtual IP-addresses in the CI for fail-over
	testing
Message-ID: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>

An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/c2c0831e/attachment-0005.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/c2c0831e/attachment-0005.sig>

From arrfab at centos.org  Thu May 19 11:56:46 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Thu, 19 May 2016 13:56:46 +0200
Subject: [Ci-users] Request for virtual IP-addresses in the CI for
 fail-over testing
In-Reply-To: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>
References: <20160519101720.GL26895@ndevos-x240.usersys.redhat.com>
Message-ID: <573DA9FE.7000606@centos.org>

On 19/05/16 12:17, Niels de Vos wrote:
> Hi,
> 
> there is an integration in place with Gluster, NFS-Ganesha and
> Pacemaker. This combination makes it possible to have an active-active
> high-available NFS-server backed by Gluster volumes.
> 
> We'd like to add automated testing for functional fail-over in the CI.
> This requires the use of virtual-IPs that get assigned to the different
> NFS-Ganesha servers, which will migrate to other servers upon failure.
> 
> On https://wiki.centos.org/QaWiki/PubHardware is a mentioning of
> "reserved IP addresses" where the Gluster project in the CI would like
> to get listed too. What is the process to request a few IPs, and what
> are the restrictions we need to be aware of (and how to put them in the
> Jenkins job)?
> 
> Thanks,
> Niels

Hi Niels,

There are probably multiple ways to solve that. For example you have
multiple interfaces (and eth0 -> eth3 are now in the same vlan, but only
eth0 is configured )
So you can for example use another subnet not conflicting with the
172.19.0.0/22 (nor 172.19.4.0/22 also alocated for remote VMs), but I
don't know how you'll test the virtual ip : I guess from another
provisioned node (like a nfs client).
I've reserved the following range for Gluster : 172.19.2.21 ->
172.19.1.30 (and documented it on the wiki page)

Does that work for you ?

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/6d0b3bb3/attachment-0005.sig>

From herlo at redhat.com  Thu May 19 15:23:26 2016
From: herlo at redhat.com (Clint Savage)
Date: Thu, 19 May 2016 09:23:26 -0600
Subject: [Ci-users] centos-ci-skeleton v2016.1
In-Reply-To: <1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>
References: <1463605547.3518091.611944337.0945B77E@webmail.messagingengine.com>
	<1463616501.2601205.612074353.4834E530@webmail.messagingengine.com>
Message-ID: <CAMwYf-6BtSxVjHWsG_rJ3Cae7Zh-L5bejVQ7J24kzVCwicMVJA@mail.gmail.com>

Colin,

+1 on this. I've just created
https://github.com/CentOS-PaaS-SIG/centos-paas-ci and will be contributing
there PaaS CI things. I intend to use the cciskel-duffy script, and hope to
model things similarly.

One thought I have been having about the metadata bits we discussed
yesterday in the meeting. What if we didn't have duffy do the metadata, but
rather consumed the session values, nodes, etc. from duffy, then allowed
the cciskel-duffy to pull in a json file that helped define metadata. I can
see that you are doing a small inventory bit in the code, it looks mostly
around ansible groups.

Consider the following use case/story. I've requested three nodes from
duffy, for an openshift cluster. One will be the master, the other two will
be nodes. Putting a custom built RPM repository on one node (not the
master), and then installing using the atomic-openshift-installer. a
installer.cfg.yml file will need to be created which details these items.
Having this in a dynamically-generated inventory from your cciskel-duffy
tool seems like a great location, at least until duffy can do this itself.

Thoughts?

herlo

On Wed, May 18, 2016 at 6:08 PM, Colin Walters <walters at verbum.org> wrote:

>
>
> On Wed, May 18, 2016, at 05:05 PM, Colin Walters wrote:
> > Hi,
> >
> > https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
> >
> > is a repo I put together today that's factoring out some recent work
> > I did on a new duffy wrapper script:
> >
> > https://github.com/cgwalters/centos-ci-skeleton/releases/tag/v2016.1
>
> This second link should have been
> https://github.com/cgwalters/centos-ci-skeleton/blob/master/cciskel-duffy
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160519/31d73582/attachment-0005.html>

From arrfab at centos.org  Fri May 20 08:27:37 2016
From: arrfab at centos.org (Fabian Arrotin)
Date: Fri, 20 May 2016 10:27:37 +0200
Subject: [Ci-users] Important infra outage notification - dates to be
	discussed
Message-ID: <573ECA79.70207@centos.org>

Due to some reorganization at the DC/Cage level, we'll have to
shutdown/move/reconfigure a big part of our hosted infra for the
following services :
- cbs.centos.org (Koji)
- accounts.centos.org (auth backend)
- ci.centos.org (jenkins-driven CI environment)

We're working on a plan to minimize the downtime/reconfiguration part,
but at first sight, due to the hardware move of the racks/recabling
parts/etc, the announced downtime will be probably ~48h.

What does that mean ? That during this window, nobody will be able to
build/tests packages, nor be able to triggers automatically CI jobs
(important).
As said, we're working on an agenda with the team operating the DC, but
we'd like you (cbs and ci users) to give us feedback on the best (or
worst ?) time line for such migration.

For example if you know that your $project will have a release soon, and
already have an agenda for such release (and so build/ci) and that you
rely on that infra, we'd like you to communicate those informations to
us, so that we can try to find the best possible time slot for the
migration, minimizing the impact on the whole CentOS ecosystem (and so
for all our users)

Feel free to answer in this thread, or find us in #centos-devel on freenode.

-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160520/7eb2d2aa/attachment-0005.sig>

From walters at verbum.org  Sat May 21 13:31:48 2016
From: walters at verbum.org (Colin Walters)
Date: Sat, 21 May 2016 09:31:48 -0400
Subject: [Ci-users] Jenkins SafeRestart to add extra CSRF Protection
 19-Apr-2016 14h30 UTC (09h30 EDT)
In-Reply-To: <20160419135426.GC4349@ender.bstinson.lan>
References: <20160419135426.GC4349@ender.bstinson.lan>
Message-ID: <1463837508.618503.614550297.2097E00D@webmail.messagingengine.com>

On Tue, Apr 19, 2016, at 09:54 AM, Brian Stinson wrote:
> Hi Folks,
> 
> In response to news of directed attacks against public Jenkins
> instances[0], we are enabling some of the CSRF protections in ci.centos.org

It looks like this also caused:

https://github.com/janinko/ghprb/issues/84

However I'm a bit confused - it seems like a lot more
people should be hitting this.  Perhaps people just aren't
turning on CSRF?

Then I also found
https://github.com/jenkinsci/ghprb-plugin/commit/cb8447f991aebe3de688d3548c451dd128e16900
which:
$ git describe --contains cb8447f991aebe3de688d3548c451dd128e16900
ghprb-1.28~3^2

So it *should* be in the 1.30.4 we're running according to
https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]

Did anyone else manage to get the ghprb hooks working?

(Aside, I was trying to work around this by using the raw `github` plugin's webhook
 which does work, but I couldn't quite figure out how to make a single job that builds
 multiple PRs be "stable", i.e. avoid retriggering for previously built PRs, plus in the
 end we do need a way to retrigger as ghprb handles)


From bstinson at redhat.com  Mon May 23 19:58:28 2016
From: bstinson at redhat.com (Brian Stinson)
Date: Mon, 23 May 2016 14:58:28 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
Message-ID: <20160523195828.GC26882@ender.bstinson.lan>

Hi Folks,

We will be having a maintenance window starting at 1AM UTC on Friday,
May 27th to do the following work:

- Upgrade to the latest Jenkins LTS 
- Upgrade all plugins (including the Github Plugin) to their latest
  versions
- Install the Pipeline Plugin (bug: 10825)
- Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
- Reboot the storage node 

The following services will be affected:
- ci.centos.org: Jenkins Frontend
- artifacts.ci.centos.org: File availability

As usual we will have a quiet period starting 1 hour before in order to
let pending jobs clear out.

If there are any questions please let us know.

Cheers!

--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160523/abfd0ba2/attachment-0005.sig>

From hhorak at redhat.com  Mon May 23 20:12:59 2016
From: hhorak at redhat.com (Honza Horak)
Date: Mon, 23 May 2016 22:12:59 +0200
Subject: [Ci-users] Test results not sent to github PR
In-Reply-To: <573B6092.8060704@redhat.com>
References: <573B4B00.4060408@redhat.com>
	<20160517165214.GT4349@ender.bstinson.lan>
	<573B6092.8060704@redhat.com>
Message-ID: <5743644B.80001@redhat.com>

Thinking about it a bit, I think it might be caused by the fact that 
"GitHub API credentials" only allows to set "Anonymous connection". 
Shouldn't it be configured so that it can use centos-ci user?

honza

On 05/17/2016 08:18 PM, Honza Horak wrote:
> On 05/17/2016 06:52 PM, Brian Stinson wrote:
>> On May 17 18:46, Honza Horak wrote:
>>> I'm fighting with github+jenkins integration; specifically I'd like
>>> to make
>>> jenkins to run a job [1] for every commit in PR [2] or after writing
>>> message
>>> '[test]' in this PR. Then I expect the test result to be set in
>>> github PR.
>>>
>>> One issue I see is that when trying to follow [3] and adding
>>> 'https://ci.centos.org/ghbrphook', I see 301 response in 'Recent
>>> Deliveries'
>>> section.
>>>
>>> Well, when adding [test] comment, the job is run, but the output is
>>> not sent
>>> into github.
>>>
>>> I'd appreciate any help here, since I'm quite new to jenkins..
>>>
>>> [1] https://ci.centos.org/view/SCLo/job/SCLo-mariadb-container-pr/
>>> [2] https://github.com/sclorg/mariadb-container/pull/1
>>> [3] https://wiki.centos.org/QaWiki/CI/GithubIntegration
>>>
>>> Honza
>>> _______________________________________________
>>> Ci-users mailing list
>>> Ci-users at centos.org
>>> https://lists.centos.org/mailman/listinfo/ci-users
>>
>> Be sure you have the trailing slash in the webhook url:
>>
>> https://ci.centos.org/ghbrphook/
>>
>> I'll update [3] to make sure that's more clear.
>
> I'm afraid it still doesn't work, this is my output in 'Recent Deliveries':
>
> Headers
>
> Cache-Control: must-revalidate,no-cache,no-store
> Connection: keep-alive
> Content-Length: 1441
> Content-Type: text/html;charset=ISO-8859-1
> Date: Tue, 17 May 2016 18:18:07 GMT
> Server: nginx/1.0.15
> X-Content-Type-Options: nosniff
>
> Body
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
> <title>Error 403 No valid crumb was included in the request</title>
> </head>
> <body><h2>HTTP ERROR 403</h2>
> <p>Problem accessing /ghbrphook/. Reason:
> <pre>    No valid crumb was included in the request</pre></p><hr
> /><i><small>Powered by Jetty://</small></i><br/>
> <br/>
>
> Honza
> _______________________________________________
> Ci-users mailing list
> Ci-users at centos.org
> https://lists.centos.org/mailman/listinfo/ci-users


From dominic at cleal.org  Tue May 24 07:15:42 2016
From: dominic at cleal.org (Dominic Cleal)
Date: Tue, 24 May 2016 08:15:42 +0100
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160523195828.GC26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
Message-ID: <5743FF9E.9010207@cleal.org>

On 23/05/16 20:58, Brian Stinson wrote:
> Hi Folks,
> 
> We will be having a maintenance window starting at 1AM UTC on Friday,
> May 27th to do the following work:
> 
> - Upgrade to the latest Jenkins LTS 

Just a heads up, the latest Jenkins LTS (1.651.2) broke a few plugins in
its default configuration which filters out unknown job parameters.
Notably it broke the matrix project plugin which will probably affect a
few users - I had to disable the new security feature on the Foreman
Jenkins server.

https://issues.jenkins-ci.org/browse/JENKINS-34758 and
https://wiki.jenkins-ci.org/display/JENKINS/Plugins+affected+by+fix+for+SECURITY-170
have more details about the plugins affected.

-- 
Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160524/22505e56/attachment-0005.sig>

From brian at bstinson.com  Thu May 26 17:14:30 2016
From: brian at bstinson.com (Brian Stinson)
Date: Thu, 26 May 2016 12:14:30 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160523195828.GC26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
Message-ID: <20160526171430.GG26882@ender.bstinson.lan>

On May 23 14:58, Brian Stinson wrote:
> Hi Folks,
> 
> We will be having a maintenance window starting at 1AM UTC on Friday,
> May 27th to do the following work:
> 
> - Upgrade to the latest Jenkins LTS 
> - Upgrade all plugins (including the Github Plugin) to their latest
>   versions
> - Install the Pipeline Plugin (bug: 10825)
> - Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
> - Reboot the storage node 
> 
> The following services will be affected:
> - ci.centos.org: Jenkins Frontend
> - artifacts.ci.centos.org: File availability
> 
> As usual we will have a quiet period starting 1 hour before in order to
> let pending jobs clear out.
> 
> If there are any questions please let us know.
> 
> Cheers!
> 
> --
> Brian Stinson
> CentOS CI Infrastructure Team

Hi All,

Just a reminder that this maintenance window will take place tonight!

Cheers!

--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160526/fbb61b81/attachment-0005.sig>

From brian at bstinson.com  Fri May 27 01:41:20 2016
From: brian at bstinson.com (Brian Stinson)
Date: Thu, 26 May 2016 20:41:20 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160526171430.GG26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
Message-ID: <20160527014120.GH26882@ender.bstinson.lan>

On May 26 12:14, Brian Stinson wrote:
> On May 23 14:58, Brian Stinson wrote:
> > Hi Folks,
> > 
> > We will be having a maintenance window starting at 1AM UTC on Friday,
> > May 27th to do the following work:
> > 
> > - Upgrade to the latest Jenkins LTS 
> > - Upgrade all plugins (including the Github Plugin) to their latest
> >   versions
> > - Install the Pipeline Plugin (bug: 10825)
> > - Update the ansible version on slave01.ci.centos.org  1.9.2 -> 1.9.6
> > - Reboot the storage node 
> > 
> > The following services will be affected:
> > - ci.centos.org: Jenkins Frontend
> > - artifacts.ci.centos.org: File availability
> > 
> > As usual we will have a quiet period starting 1 hour before in order to
> > let pending jobs clear out.
> > 
> > If there are any questions please let us know.
> > 
> > Cheers!
> > 
> > --
> > Brian Stinson
> > CentOS CI Infrastructure Team
> 
> Hi All,
> 
> Just a reminder that this maintenance window will take place tonight!
> 
> Cheers!
> 
> --
> Brian Stinson
> CentOS CI Infrastructure Team

Ok Folks,

We should be back up and accepting new jobs. 

Please let us know if there is any trouble

Cheers!
--
Brian Stinson
CentOS CI Infrastructure Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/ci-users/attachments/20160526/9d08afb3/attachment-0005.sig>

From walters at verbum.org  Fri May 27 15:44:38 2016
From: walters at verbum.org (Colin Walters)
Date: Fri, 27 May 2016 11:44:38 -0400
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160527014120.GH26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
Message-ID: <1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>

On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:

> Please let us know if there is any trouble

jenkins-job-builder now fails with:

```
$ /usr/bin/make update
jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
Traceback (most recent call last):
  File "/usr/bin/jenkins-jobs", line 10, in <module>
    sys.exit(main())
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
    execute(options, config)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
    options.names)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
    self.load_files(input_fn)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
    self.parser = YamlParser(self.global_config, self.plugins_list)
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
    self._plugins_list = self.jenkins.get_plugins_info()
  File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
    raise e
jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
```

It seems it's trying to do the equivalent of:

https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]

For which I now get:

Access Denied

atomic-sig is missing the Overall/Administer permission

Even though both I and JJB aren't trying to administer anything, just retrieve
the list of plugins.


From dshah at redhat.com  Fri May 27 16:50:28 2016
From: dshah at redhat.com (Dharmit Shah)
Date: Fri, 27 May 2016 22:20:28 +0530
Subject: [Ci-users] Networking query (Vagrant + Duffy + Jenkins)
Message-ID: <95e7dce6-b26e-897a-c3c9-c702226fa708@redhat.com>

Hi all,

I'm trying to get access to OpenShift service running inside the Vagrant 
box on one of the systems provided by Duffy. I'm attempting to access it 
from Jenkins slave.

I tried to forward the port 8443 inside the Vagrant box to port 8443 on 
Duffy provided system. And then when I try to access it from Jenkins 
slave, it fails with error:

$ ./oc login <duffy-provided-slave>
Unable to connect to the server: dial tcp <ip-address>:8443: getsockopt: 
no route to host

A rough mapping of the systems involved should look like this:

Jenkins Slave --> Duffy provisioned host (CentOS 7) --> Vagrant box 
running OpenShift (CentOS 7)			

I want to check with the group if someone's ever tried something like 
this and succeeded. Would love to hear some ideas that we should be trying.

Regards,
Dharmit.


From brian at bstinson.com  Fri May 27 17:01:36 2016
From: brian at bstinson.com (Brian Stinson)
Date: Fri, 27 May 2016 12:01:36 -0500
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
	<1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
Message-ID: <20160527170136.GI26882@ender.bstinson.lan>

On May 27 11:44, Colin Walters wrote:
> On Thu, May 26, 2016, at 09:41 PM, Brian Stinson wrote:
> 
> > Please let us know if there is any trouble
> 
> jenkins-job-builder now fails with:
> 
> ```
> $ /usr/bin/make update
> jenkins-jobs --conf jenkins.ini update centos-ci-skeleton/jjb:.
> INFO:root:Updating jobs in ['centos-ci-skeleton/jjb', '.'] ([])
> Traceback (most recent call last):
>   File "/usr/bin/jenkins-jobs", line 10, in <module>
>     sys.exit(main())
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 171, in main
>     execute(options, config)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/cmd.py", line 330, in execute
>     options.names)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 314, in update_job
>     self.load_files(input_fn)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 224, in load_files
>     self.parser = YamlParser(self.global_config, self.plugins_list)
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 220, in plugins_list
>     self._plugins_list = self.jenkins.get_plugins_info()
>   File "/usr/lib/python2.7/site-packages/jenkins_jobs/builder.py", line 184, in get_plugins_info
>     raise e
> jenkins.JenkinsException: Error in request. Possibly authentication failed [403]: Forbidden
> ```
> 
> It seems it's trying to do the equivalent of:
> 
> https://ci.centos.org/pluginManager/api/json?tree=plugins[shortName,version]
> 
> For which I now get:
> 
> Access Denied
> 
> atomic-sig is missing the Overall/Administer permission
> 
> Even though both I and JJB aren't trying to administer anything, just retrieve
> the list of plugins.

This is due to a fix for SECURITY-250:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11

We had a hotfix to re-enable plugin lists but it looks like I missed one
of the permission checks. I'll investigate, re-patch and report back
here.

Cheers!
-- Brian


From walters at verbum.org  Tue May 31 17:00:44 2016
From: walters at verbum.org (Colin Walters)
Date: Tue, 31 May 2016 13:00:44 -0400
Subject: [Ci-users] CI Maintenance Window 27-May-2016 01h00 - 02h00 UTC
 (26-May-2016 21h00 - 22h00 EDT)
In-Reply-To: <20160527170136.GI26882@ender.bstinson.lan>
References: <20160523195828.GC26882@ender.bstinson.lan>
	<20160526171430.GG26882@ender.bstinson.lan>
	<20160527014120.GH26882@ender.bstinson.lan>
	<1464363878.3519609.620687793.59DC7578@webmail.messagingengine.com>
	<20160527170136.GI26882@ender.bstinson.lan>
Message-ID: <1464714044.3726246.623829185.2C5FEA22@webmail.messagingengine.com>



On Fri, May 27, 2016, at 01:01 PM, Brian Stinson wrote:

> We had a hotfix to re-enable plugin lists but it looks like I missed one
> of the permission checks. I'll investigate, re-patch and report back
> here.

Anything we can do to help with this?  At the moment this is
a blocker for continuing to use CentOS CI, and while no time
is opportune for CI to break, I've been in the middle of increasing
investment in it and trying to bring others on board.