#291 Submitting automated scratch builds to CBS
Closed: Fixed 2 years ago by siddharthvipul1. Opened 2 years ago by dcavalca.

As part of https://pagure.io/centos-sig-hyperscale/sig/issue/40 we'd like to submit scratch builds to CBS in an automated fashion for continuous testing. There's two parts to this:

  • where to run the job that will submit the builds
  • which credentials to use

For the first one, I guess the CentOS CI infrastructure would probably work, assuming it has access to CBS, though I'm open to other options. For the second one, I think we'll need some kind of bot account with a certificate that's allowed to issue scratch builds against our tag.


Metadata Update from @dkirwan:
- Issue tagged with: cbs, centos-common-infra

2 years ago

After talking to @bstinson, it sounds like what we need here is:
- onboarding onto the CentOS CI infra (we basically just need a place to run batch jobs from)
- a bot account with a long-lived certificate that is able to submit builds to CBS for our tags

@dcavalca , yes seems to be what's needed.
For the "bot" account, you can register for your SIG a bot account as long as you share the email alias that will be used for that user so that it's still under your whole SIG control (or some members at least).
One example is rdobuilder which is the bot account that RDO/Cloud SIG is using for their automated workflow

For where to run, CentOS CI/openshift seems indeed the place to go to, so let me re-tag this ticket so that someone can onboard you through CI (normally there is a template for this but no need to open another ticket on same tracker for this request)

Metadata Update from @arrfab:
- Issue untagged with: cbs, centos-common-infra
- Issue assigned to siddharthvipul1
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: centos-ci-infra, low-gain, low-trouble, namespace-request

2 years ago

For where to run, CentOS CI/openshift seems indeed the place to go to, so let me re-tag this ticket so that someone can onboard you through CI (normally there is a template for this but no need to open another ticket on same tracker for this request)

@dcavalca, for a namespace in CentOS CI, I would need a few things. I am copying-pasting the CI onboarding template. Once I have those information, I will get you a namespace.


CentOS CI - On-boarding

Please note that Infra space is for Fedora and CentOS related projects to
consume. Decision may take some time (often up to 2 weeks) as these are decided
by the whole team.
Once decided as go, we will create you a namespace in a openshift cluster where
you can configure your CI. We do provide a Jenkins template in case you want to be
able to consume vms/baremetal nodes to perform your CI.

Please answer the following questions so that we understand your requirement.

  • How does your project relates to Fedora/CentOS?
  • Describe your workflow and if you need any special permissions (other than
    admin access to namespace), please tell us and provide a reason for them.
  • Do you need bare-metal/vms checkout capability? (we prefer your workflow
    containerized)
  • Resources required
  • PVs:
Project_name:
Project_admins:
 - user1@ACO_registered_email_address
 - user2@ACO_registered_email_address

@dcavalca, I had a discussion with @arrfab. Please ignore all the fields as you don't need jenkins and duffy node. Just let me know what you want the namespace be called and all the email ids (FAS/ACO) that will have admin access

Thanks folks!

@siddharthvipul1, let's use hyperscale as the namespace, and put dcavalca@fb.com and jvreeland@twitter.com as admins for now.

@arrfab I've created an hyperscalebot account on Noggin for this, using an email forwarding alias on a personal domain (if there's something more official I should use instead, let me know) and I've sponsored it into sig-hyperscale.

@dcavalca 'wfm' and if the whole SIG is happy with this (and have a way to recover account in case of), that's fine for me :)

Hi @dcavalca,
I have created the namespace and both the email ids mentioned should be able to see the namespace on their dashboard [0]
Can this ticket be close or do we have more action items?

[0] https://console-openshift-console.apps.ocp.ci.centos.org/dashboards

Thanks @siddharthvipul1. If I need to grant access to other SIG members down the road, is there a self-service way to do so, or should I open another ticket here?

@dcavalca
We have plans to see if we can do grounds that exist outside of openshift but for now we configure roles and groups via ansible that's a private repository (to keep email ids not public)
for now, opening a ticket would be the way. Since this is a very small work, they are closed pretty quickly

Thanks @siddharthvipul1, we can work with that. One more question: I see openshift also allows to provision VMs. Could we get access to that as well? I'm interested in potentially spinning up VMs for doing smoketests of the builds we produce (these VMs would just run for a few minutes for the duration of the test). Finally, I've filed #300 for an issue I just hit, but that's probably best handled there.

Would it be possible to also add me to this? :wink:

(My email address is registered in FAS/Noggin, so you can pull it from there.)

(My email address is registered in FAS/Noggin, so you can pull it from there.)

done

Metadata Update from @siddharthvipul1:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

@siddharths sorry to bump and old ticket, I should've checked earlier.

@siddharthvipul1, let's use hyperscale as the namespace, and put dcavalca@fb.com and jvreeland@twitter.com as admins for now.

My fedora/centos account don't use jvreeland@twitter.com so I don't think I've been added to the hyperscale project in openshift. My email should also be in fas/noggin though if you wouldn't mind adding me please.

Login to comment on this ticket.

Metadata
Boards 1
CentOS CI Infra Status: Backlog