Merge "Run zuul-executor using docker"

This commit is contained in:
Zuul 2020-06-24 16:10:32 +00:00 committed by Gerrit Code Review
commit d86cbf379f
10 changed files with 47 additions and 273 deletions

View File

@ -0,0 +1 @@
zuul_executor_start: false

View File

@ -8,6 +8,9 @@ services:
image: docker.io/zuul/zuul-executor:latest
network_mode: host
user: zuul
privileged: true
stop_signal: SIGHUP
stop_grace_period: 3h10m
volumes:
- /etc/zuul:/etc/zuul
- /opt/project-config:/opt/project-config
@ -15,5 +18,5 @@ services:
- /home/zuuld:/home/zuul
- /var/lib/zuul:/var/lib/zuul
- /var/log/zuul:/var/log/zuul
- /etc/openafs:/etc/openafs
- /etc/openafs:/etc/openafs:ro
- /etc/ssl/certs:/etc/ssl/certs

View File

@ -1,122 +0,0 @@
#! /bin/sh
### BEGIN INIT INFO
# Provides: zuul-executor
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Zuul
# Description: Zuul Executor
### END INIT INFO
# Do NOT "set -e"
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
DESC="Zuul Executor"
NAME=zuul-executor
DAEMON=/usr/local/bin/zuul-executor
PIDFILE=/var/run/$NAME/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
USER=zuuld
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
PIDFILE_DIR=$(dirname $PIDFILE)
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
# 3 if pid file already exist
if [ ! -d "$PIDFILE_DIR" ] ; then
mkdir -p $PIDFILE_DIR
chown $USER $PIDFILE_DIR
fi
ulimit -n 8192
ulimit -c unlimited
if [ -f $PIDFILE ]; then
return 3
fi
start-stop-daemon \
--start --quiet --pidfile $PIDFILE -c $USER \
--exec $DAEMON --test > /dev/null || return 1
start-stop-daemon \
--start --quiet --pidfile $PIDFILE -c $USER \
--exec $DAEMON -- $DAEMON_ARGS || return 2
# Add code here, if necessary, that waits for the process to be ready
# to handle requests from services started subsequently which depend
# on this one. As a last resort, sleep for some time.
}
#
# Function that stops the daemon/service
#
do_stop()
{
$DAEMON stop
return 0
}
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
$DAEMON reconfigure
return 0
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
3) echo "Pidfile at $PIDFILE already exists, run service zuul-executor stop to clean up."
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
reload|force-reload)
#
# If do_reload() is not implemented then leave this commented out
# and leave 'force-reload' as an alias for 'restart'.
#
log_daemon_msg "Reloading $DESC" "$NAME"
do_reload
log_end_msg $?
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|force-reload}" >&2
exit 3
;;
esac
:

View File

@ -15,81 +15,6 @@
repo_content: "{{ item.content }}"
loop: '{{ zuul_executor_ppas }}'
- name: Atomic for focal
when: ansible_distribution_version is version('20.04', '>=')
include_role:
name: install-apt-repo
vars:
repo_name: projectatomic
repo_key: "{{ libcontainers_apt_key }}"
repo_content: "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_{{ ansible_lsb.release }}/ /"
- name: Install bindep
pip:
name: bindep
state: present
executable: pip3
become: yes
- name: Install extra packages
package:
name: '{{ item }}'
state: present
loop:
- bubblewrap
- skopeo
- socat
- name: Install distro-specific executor extra packages
package:
name: '{{ item }}'
state: present
loop: '{{ zuul_executor_extra_packages }}'
- name: Clone zuul repo
git:
repo: https://opendev.org/zuul/zuul
dest: /opt/zuul
force: yes
register: zuul_repo
- name: Install zuul bindep packages
shell:
cmd: apt-get install -y $(bindep -b compile)
chdir: /opt/zuul
when: zuul_repo is changed
- name: Install zuul
shell:
cmd: pip3 install .
chdir: /opt/zuul
when: zuul_repo is changed
- name: Run zuul-manage-ansible
shell:
cmd: zuul-manage-ansible
environment:
ANSIBLE_EXTRA_PACKAGES: gear
when: zuul_repo is changed
- name: Install kubectl
include_role:
name: install-kubectl
# This checks the current installed ara version with pip list and the
# latest version of ara on pypi with pip search and if they are different
# then we know we need to upgrade to reconcile the local version with
# the upstream version.
#
# We do this using this check here rather than a pip package resource so
# that ara's deps don't inadverdently update zuuls deps (specifically
# ansible).
- name: Install ARA safely
shell: |
if test $(pip3 list --format columns | sed -ne 's/^ara\s\+\([.0-9]\+\)\s\+$/\1/p') != $(pip3 search 'ara$' | sed -ne 's/^ara (\(.*\)).*$/\1/p') ; then
pip3 install --upgrade --upgrade-strategy=only-if-needed "ara<1.0.0"
fi
- name: Write key for talking to nodepool nodes
copy:
content: '{{ nodepool_test_node_ssh_private_key_contents }}'
@ -133,19 +58,41 @@
vars:
logrotate_file_name: /var/log/zuul/executor-debug.log
- name: Install defaults file
template:
src: zuul-executor.defaults.j2
dest: /etc/default/zuul-executor
- name: Make docker-compose directory
file:
state: directory
path: /etc/zuul-executor
- name: Install init script
- name: Install docker-compose file
copy:
src: zuul-executor.init
dest: /etc/init.d/zuul-executor
mode: 0555
register: install_init_script
src: docker-compose.yaml
dest: /etc/zuul-executor/docker-compose.yaml
- name: Register script with systemd
- name: Run docker-compose pull
shell:
cmd: /bin/systemctl daemon-reload
when: install_init_script is changed
cmd: docker-compose pull
chdir: /etc/zuul-executor
- name: Start containers
include_tasks: start.yaml
when: zuul_executor_start | bool
# We can prune here as it should leave the "latest" tagged images
# as well as the currently running images.
- name: Run docker prune to cleanup unneeded images
shell:
cmd: docker image prune -f
- name: Disable old service
service:
name: zuul-executor
enabled: no
failed_when: false
- name: Remove old init script files
file:
state: absent
path: '{{ item }}'
loop:
- /etc/default/zuul-executor
- /etc/init.d/zuul-executor

View File

@ -1,6 +1,4 @@
- name: Start Zuul Executor
service:
name: zuul-executor
state: started
become: true
become_user: root
- name: Run docker-compose up
shell:
cmd: docker-compose up -d
chdir: /etc/zuul-executor

View File

@ -1,12 +1,6 @@
- name: Stop Zuul Executor
service:
name: zuul-executor
state: stopped
shell:
cmd: docker-compose down
chdir: /etc/zuul-executor
become: true
become_user: root
- name: Wait for (3h10m) to stop Zuul Executor
wait_for:
path: /var/run/zuul/executor.pid
state: absent
timeout: 11400

View File

@ -4,5 +4,3 @@ zuul_executor_ppas:
- name: openafs
content: "deb http://ppa.launchpad.net/openstack-ci-core/openafs/ubuntu focal main"
key: "{{ openstack_ci_core_ppa_key }}"
zuul_executor_extra_packages: []

View File

@ -1,21 +1,6 @@
zuul_executor_ppas:
# For bubblewrap
- name: bubblewrap
content: "deb http://ppa.launchpad.net/openstack-ci-core/bubblewrap/ubuntu xenial main"
key: "{{ openstack_ci_core_ppa_key }}"
# Temporary PPA needed for bpo-27945 while waiting for SRU to be published
- name: python-bpo-27945-backport
content: "deb http://ppa.launchpad.net/openstack-ci-core/python-bpo-27945-backport/ubuntu xenial main"
key: "{{ openstack_ci_core_ppa_key }}"
# We use later HWE kernels for better memory managment, requiring an
# updated AFS version which we install from our custom ppa.
- name: openafs
content: "deb http://ppa.launchpad.net/openstack-ci-core/openafs-amd64-hwe/ubuntu xenial main"
key: "{{ openstack_ci_core_ppa_key }}"
# For skopeo
- name: projectatomic
content: "deb http://ppa.launchpad.net/projectatomic/ppa/ubuntu xenial main"
key: "{{ projectatomic_ppa_key }}"
zuul_executor_extra_packages:
- libjemalloc1

View File

@ -28,34 +28,3 @@ openstack_ci_core_ppa_key: |
5pX70jigBqjtJ0PZGm7jELb8bB70SVSGsvwHmEz0pSs=
=cc1L
-----END PGP PUBLIC KEY BLOCK-----
projectatomic_ppa_key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBFlRJjABEADuE3ZLY/2W++bPsxtcaoi7VaNnkvsXuVYbbHalEh/YwKFVsDTo
PQpuw1UlPpmVTwT3ufWfv2v42eZiiWMZaKG9/aWF/TeIdH5+3anfVi+X+tuIW9sv
GKTHZdtDqd7fIhtY6AuNQ/D629TJxLvafZ5MoGeyxjsebt5dOvOrl0SHpwR75uPP
aCXTWrokhH7W2BbJQUB+47k62BMd03EKe8stz9FzUxptROFJJ2bITijJlDXNfSbV
bwCiyREIkzXS6ZdWliJAqencOIZ4UbUax+5BT8SRbSLtr/c4YxvARilpSVCkxo8/
EkPHBGygmgfw0kRPSGtLL7IqfWip9mFObji2geoU3A8gV/i3s9Ccc9GPKApX8r7b
QFs1tIlgUJKPqVwB2FAh+Xrqlsy/+8r95jL2gfRptSw7u8OP4AySj5WVm7cCEQ69
aLyemCsf+v72bFOUXuYQ22Kr3yqz2O/1IsG/0Usr4riTdG65Aq6gnq4KRHMNgXu8
7fC9omoy3sKHvzeAJsw/eC9chYNwO8pv8KRIvpDSGL5L7Ems8mq2C5xMyzSVegTr
AvXu7nJoZWVBFRluh42bZa9QesX9MzzfOQ+G3085aW8BE++lhtX5QOkfRd74E49H
1I2piAq/aE8P9jUHr60Po1C1Tw9iXeEaULLKut8eTMLkQ/02DXhBfq0I5QARAQAB
tCBMYXVuY2hwYWQgUFBBIGZvciBQcm9qZWN0IEF0b21pY4kCOAQTAQIAIgUCWVEm
MAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQi+zxY3rYx50HLw/5Ad6k
EHf2uT4owvzu393S/bUR6VVwCWYMbg14XgphxnoOfrHZWUjbrETTURyd1UexoHt7
ZDtMCVmzeY0jpvMb1W3WDebFVo+wR4CI15sPjyycsOxWTviD743wxaPCL1s009co
CzWg5AgP88B0D353Y39meC07BBgOJgIfk1OkFdeRjqHfAtucT99NrCuKr/bbBwDn
0E+wWaJoIbQvBzsPIFzMWWQ6RcnrZtyQv35epo+VBmW3VEIkorv1VoStF0RjvJM+
cMW/ogZsIEZk0IUREOtrtTKUXVrMw1hZ9IGYZRpbJ2g670UGuNjW/vo3rRCRSDaF
6Txp5Pn6ZLTgQWsWMw/6M6ooFIEpz3rhYmQSJLNmUN6SgKeWGVmOrQlg4f7YM75o
UEw56GKQWl9FAthO0qH0qF1OMfUKp/Tv2OSV/FNZsokf6alWXOB6Bzj6gYmmGXIv
MfFW5fZ1cuu5/0ULDckxWhVQ1ywLHREEoBQ6oKYONwUjSdWcM+VsKCEFeCqsNwak
qweP8C0fooycfiEZuncc/9ZujgkQ2p7xXTlv3t2SPF9h43xHs3515VS/OTJPGW59
98AqllpfqGxggYs5cwi2LO3xwvHyPoTqj3hcl1dRMspZINRsIo4VC8bSrCOqbjDc
CD2WFOo2c4mwTDmJpz0PLK87ev/WZ8K0OEflTfc=
=jPWv
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -1,3 +1,4 @@
zuul_executor_start: true
nodepool_test_node_ssh_private_key_contents: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn