hi,
it would be great to implement jobs in the CI infra that can tag or reject content in cbs tags based on test output. But in order to do this, we need to be able to run a koji client in the same place, and that in turn means koji credentials.
since the ci infra is all public and we dont want to publish the creds there, thoughts around how we might be able to do this ?
One option might be to host the creds and koji itself on the jenkins-slave nodes, so its not pushed to the ci test infra itself, and use the feedback from the test run to make a decision on the slave. This does ofcourse complicate the jenkins job setup dramatically ( from the existing simple, grab machine, deploy tests, run tests, report success/fail ).
Thoughts on other mechanics ? if at all possible ?
Regards,
Why can't you use credentials on your Jenkins Master as a possible option? I assume not all have admin access so this could be hidden? It can also be stored as a global password and masked in output. On Oct 22, 2015 4:20 AM, "Karanbir Singh" mail-lists@karan.org wrote:
hi,
it would be great to implement jobs in the CI infra that can tag or reject content in cbs tags based on test output. But in order to do this, we need to be able to run a koji client in the same place, and that in turn means koji credentials.
since the ci infra is all public and we dont want to publish the creds there, thoughts around how we might be able to do this ?
One option might be to host the creds and koji itself on the jenkins-slave nodes, so its not pushed to the ci test infra itself, and use the feedback from the test run to make a decision on the slave. This does ofcourse complicate the jenkins job setup dramatically ( from the existing simple, grab machine, deploy tests, run tests, report success/fail ).
Thoughts on other mechanics ? if at all possible ?
Regards,
-- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
On 22/10/15 13:09, Ari LiVigni wrote:
Why can't you use credentials on your Jenkins Master as a possible option? I assume not all have admin access so this could be hidden? It can also be stored as a global password and masked in output.
that might be one option, we dont usually run any code on the master ( or the slave ) - the jenkins hosted code is typically just used to provision baremetal machines, and the test suites all run from there.
Its not a 100% cover statement, but thats the general model we drive towards, would be good if we can find a solution in there. IF not, then we can fall back to hosting the koji certs + configs in the jenkins instances ( and look at some fine tuned koji acl where the certs cant be abused for much other than they are intended for ).
- KB
On Oct 22 09:20, Karanbir Singh wrote:
hi,
it would be great to implement jobs in the CI infra that can tag or reject content in cbs tags based on test output. But in order to do this, we need to be able to run a koji client in the same place, and that in turn means koji credentials.
since the ci infra is all public and we dont want to publish the creds there, thoughts around how we might be able to do this ?
One option might be to host the creds and koji itself on the jenkins-slave nodes, so its not pushed to the ci test infra itself, and use the feedback from the test run to make a decision on the slave. This does ofcourse complicate the jenkins job setup dramatically ( from the existing simple, grab machine, deploy tests, run tests, report success/fail ).
Thoughts on other mechanics ? if at all possible ?
Regards,
-- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
Not sure if this will actually help us (and I haven't done much research into this particular plugin), but we could do something similar to this:
https://wiki.jenkins-ci.org/display/JENKINS/Koji+Plugin
The idea would be having a 'koji' buildstep that happens after the 'run tests' step to do the tagging.
--Brian
On 22/10/15 15:38, Brian Stinson wrote:
On Oct 22 09:20, Karanbir Singh wrote:
hi,
it would be great to implement jobs in the CI infra that can tag or reject content in cbs tags based on test output. But in order to do this, we need to be able to run a koji client in the same place, and that in turn means koji credentials.
since the ci infra is all public and we dont want to publish the creds there, thoughts around how we might be able to do this ?
One option might be to host the creds and koji itself on the jenkins-slave nodes, so its not pushed to the ci test infra itself, and use the feedback from the test run to make a decision on the slave. This does ofcourse complicate the jenkins job setup dramatically ( from the existing simple, grab machine, deploy tests, run tests, report success/fail ).
Thoughts on other mechanics ? if at all possible ?
Regards,
-- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh GnuPG Key : http://www.karan.org/publickey.asc _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
Not sure if this will actually help us (and I haven't done much research into this particular plugin), but we could do something similar to this:
https://wiki.jenkins-ci.org/display/JENKINS/Koji+Plugin
The idea would be having a 'koji' buildstep that happens after the 'run tests' step to do the tagging.
yeah, definitely worth poking! good find.
-
Ari LiVigni -
Brian Stinson -
Karanbir Singh