Hi All, Update on recent work done for the CentOS Container Pipeline.
-
We went through building the openshift origin images in Container
Pipeline and published them to registry.centos.org successfully. We
faced many issues with the upstream dockerfiles and moved to rpm based
dockerfiles for building the images.
- We have
got almost all the monitoring pieces set up in production, now if there
is any change in the system (i.e. openshift is down, jenkins is not
communicating, or other changes) we get an alert notifying the change in
the system.
- We added multiple cron
jobs for monitoring and communicating with zabix to get notifications on
changes in system level parameters.
-We
got test suite set up for pipeline. Now all the images built through
pipeline, goes through a set of tests for ensuring the container is
runnable. For now we are testing containers based on CentOS 7.
-
We got atomic scan set up. This checks the container for rpm update or
any other system update required for the container image. For now this
process only sends notification to the user, stating the changes
required in container, but does not update the container.
-
We noticed that all the source repos do not want the Dockerfile to be
built for building centos based images. (i.e. for openshift origin we
built the dockerfiles with name Dockerfile.centos7). To get these type
of repos built in the pipeline, we added one more parameter
dockerfile-name to index.yml which allows user to provide name of the
dockerfile to be built.
-We saw we are
bringing up multiple independent stages (like polling source repo,
build, test, delivery, notification) together to work sequentially as
well as scale rapidly. Keeping this in mind we came up with beanstalkd
tubes for managing communication point between all the independent
phases and synchronizing with necessary information provided through job
details.
-We got Atomic Registry built in
registry.centos.org with all its dependent containers available in
registry.c.o. Even though we got all the dependency containers built in
registry.co atomic registry is pulling origin-deployer and origin-pod
from docker.io as this is hard coded to be pulled from docker.io.
Our immediate next focus is :
- implement firewall rules in production machines.
- write a wiki page for wiki.centos.org for atomic registry.
- work on setting up sanity checks for verifying project entries in index.yml