Hi All, Update on recent work done for the CentOS Container Pipeline.
- We went through building the openshift origin images in Container Pipeline and published them to registry.centos.org successfully. We faced many issues with the upstream dockerfiles and moved to rpm based dockerfiles for building the images.
- We have got almost all the monitoring pieces set up in production, now if there is any change in the system (i.e. openshift is down, jenkins is not communicating, or other changes) we get an alert notifying the change in the system.
- We added multiple cron jobs for monitoring and communicating with zabix to get notifications on changes in system level parameters.
-We got test suite set up for pipeline. Now all the images built through pipeline, goes through a set of tests for ensuring the container is runnable. For now we are testing containers based on CentOS 7.
- We got atomic scan set up. This checks the container for rpm update or any other system update required for the container image. For now this process only sends notification to the user, stating the changes required in container, but does not update the container.
- We noticed that all the source repos do not want the Dockerfile to be built for building centos based images. (i.e. for openshift origin we built the dockerfiles with name Dockerfile.centos7). To get these type of repos built in the pipeline, we added one more parameter dockerfile-name to index.yml which allows user to provide name of the dockerfile to be built.
-We saw we are bringing up multiple independent stages (like polling source repo, build, test, delivery, notification) together to work sequentially as well as scale rapidly. Keeping this in mind we came up with beanstalkd tubes for managing communication point between all the independent phases and synchronizing with necessary information provided through job details.
-We got Atomic Registry built in registry.centos.org with all its dependent containers available in registry.c.o. Even though we got all the dependency containers built in registry.co atomic registry is pulling origin-deployer and origin-pod from docker.io as this is hard coded to be pulled from docker.io.
Our immediate next focus is : - implement firewall rules in production machines. - write a wiki page for wiki.centos.org for atomic registry. - work on setting up sanity checks for verifying project entries in index.yml
Regards Bamacharan Kundu