Project

Profile

Help

Task #7884

closed

Move the pulp_installer Vagrant tests off Travis

Added by mdepaulo@redhat.com about 2 years ago. Updated almost 2 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Category:
Installer - Moved to GitHub issues
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
(Total: 0:00 h)
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
CI/CD
Sprint:
Sprint 90
Quarter:

Description

The current plan: Use Qemu emulation on GHA. This is due to us discovering that the performance is tolerable. The advantages of simple security on ephemeral public CI and maintenance outweigh the performance advantage. As a related implication, users' forks/PRs can run on GHA.


Subtasks 1 (0 open1 closed)

Issue #8228: Pulp Connection Timed Out on slow emulated machinesCLOSED - CURRENTRELEASEmdepaulo@redhat.comActions

Related issues

Related to Pulp - Task #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMSCLOSED - COMPLETE

Actions
Related to Pulp - Issue #8095: geerlingguy.postgresql role (pulp_installer) now errors under FIPS modeMODIFIEDfao89Actions
Blocks Pulp - Task #3800: Add FIPS to the CI matrix in the plugin_templateCLOSED - CURRENTRELEASEfao89

Actions
Actions #1

Updated by mdepaulo@redhat.com about 2 years ago

  • Sprint set to Sprint 86
Actions #2

Updated by mdepaulo@redhat.com about 2 years ago

  • Status changed from NEW to ASSIGNED
  • % Done changed from 0 to 10
Actions #3

Updated by rchan about 2 years ago

  • Sprint changed from Sprint 86 to Sprint 87
Actions #4

Updated by rchan about 2 years ago

  • Sprint changed from Sprint 87 to Sprint 88
Actions #5

Updated by daviddavis about 2 years ago

  • Parent task deleted (#7859)
Actions #6

Updated by mdepaulo@redhat.com about 2 years ago

  • Related to Task #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS added
Actions #7

Updated by mdepaulo@redhat.com about 2 years ago

  • Description updated (diff)

This was the previous plan: To use CentOS CI. Largely because Foreman / forklift (Vagrant) is already using it. Work will involve:

  1. Finishing the onboarding process with the CentOS/Fedora infra team
  2. hooking CentOS CI's Jenkins into GitHub
  3. migrating from the Travis yml file to a Jenkinsfile
  4. Migrating scripts from Ubuntu to CentOS 7 or 8

The current plan: Use Qemu emulation on GHA. This is due to us discovering that the performance is tolerable. The advantages of simple security on ephemeral public CI and maintenance outweigh the performance advantage. As a related implication, users' forks/PRs can run on GHA.

Work is ongoing on this branch: https://github.com/pulp/pulp_installer/pull/503/files

Actions #8

Updated by mdepaulo@redhat.com about 2 years ago

  • Related to Issue #8095: geerlingguy.postgresql role (pulp_installer) now errors under FIPS mode added
Actions #9

Updated by daviddavis about 2 years ago

  • Blocks Task #3800: Add FIPS to the CI matrix in the plugin_template added
Actions #10

Updated by rchan about 2 years ago

  • Sprint changed from Sprint 88 to Sprint 89
Actions #11

Updated by mdepaulo@redhat.com about 2 years ago

FYI: Reference on using Qemu emulation: https://github.com/fort-nix/nix-bitcoin/pull/272#issuecomment-736655102 "The runtime increases by factor ~2.5 on x86-64, which is acceptable."

It takes longer for us than that, but still.

Actions #12

Updated by rchan almost 2 years ago

  • Sprint changed from Sprint 89 to Sprint 90
Actions #13

Updated by mdepaulo@redhat.com almost 2 years ago

From the 1/26 open floor:

  • Which pulp_installer FIPS/Vagrant tests, which take ~90 min, to run for PRs vs cronjobs vs tagged jobs?
    • Mike's proposal:
      • PRs:
        • pulp3-source-centos7-fips
        • pulp3-source-centos8-fips
      • cron:
        • pulp3-source-centos7-fips
        • pulp3-source-centos8-fips
        • pulp3-sandbox-centos7-fips
        • pulp3-sandbox-centos8-fips
        • pulp3-source-fedora32
        • pulp3-source-debian10
      • tagged:
        • pulp3-sandbox-centos7-fips
        • pulp3-sandbox-centos8-fips
      • branches:
        • None
      • We'd sometimes merge PRs while the 2 jobs are still running
      • Will re-evaluate once SELinux CI is finished

Added by Mike DePaulo almost 2 years ago

Revision 13db1da1

Use Qemu emulation on GHA for Vagrant tests

Adapted from: https://github.com/pulp/pulplift/pull/66 "RFC: Testing nested Virtualization"

Implementation Includes:

  1. Upgrade Qemu from 4.4 to 5.2 from our PPA to address a severe bug affecting CentOS 7 guests, they could not even validate SSL certs with curl / yum or create the Pulp postgres database.
  2. Upgrade the rest of the virtualization stack on Ubuntu
  3. Address the EL8 vagrant-sshfs workaround task failing due to a GPG signature mismatch.
  4. Workaround a bug with VM storage on the newer virtualization stack.
  5. Switch the boxes used on CentOS 7 for more recent updates.
  6. Reducing how long the pulp health check may take, particularly when there is a connection timed out.

workaround #8095: FIPS failure in geerlingguy.postgresql by using an old version. https://pulp.plan.io/issues/8095

workaround #7993: pulp_installer fails to create the database on EL7 when LANG=C.UTF-8 https://pulp.plan.io/issues/7993

fixes: #7884 Move the pulp_installer Vagrant tests off Travis https://pulp.plan.io/issues/7884

Added by Mike DePaulo almost 2 years ago

Revision 13db1da1

Use Qemu emulation on GHA for Vagrant tests

Adapted from: https://github.com/pulp/pulplift/pull/66 "RFC: Testing nested Virtualization"

Implementation Includes:

  1. Upgrade Qemu from 4.4 to 5.2 from our PPA to address a severe bug affecting CentOS 7 guests, they could not even validate SSL certs with curl / yum or create the Pulp postgres database.
  2. Upgrade the rest of the virtualization stack on Ubuntu
  3. Address the EL8 vagrant-sshfs workaround task failing due to a GPG signature mismatch.
  4. Workaround a bug with VM storage on the newer virtualization stack.
  5. Switch the boxes used on CentOS 7 for more recent updates.
  6. Reducing how long the pulp health check may take, particularly when there is a connection timed out.

workaround #8095: FIPS failure in geerlingguy.postgresql by using an old version. https://pulp.plan.io/issues/8095

workaround #7993: pulp_installer fails to create the database on EL7 when LANG=C.UTF-8 https://pulp.plan.io/issues/7993

fixes: #7884 Move the pulp_installer Vagrant tests off Travis https://pulp.plan.io/issues/7884

Actions #14

Updated by pulpbot almost 2 years ago

  • Status changed from ASSIGNED to POST
Actions #15

Updated by Anonymous almost 2 years ago

  • Status changed from POST to MODIFIED
Actions #16

Updated by ipanova@redhat.com almost 2 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF