The translatewiki repository relies on git submodules hosted on github using either http or the git protocol:
https://github.com/puppetlabs/puppetlabs-apt.git
git://github.com/tPl0ch/puppet-composer.git
Since lanthanum does not have direct access to internet, whenever the translatewiki-puppet-validate job is run on that host, the clone of submodules fails:
https://integration.wikimedia.org/ci/job/translatewiki-puppet-validate/1765/console
I have added a http_proxy parameter which still fail the build:
https://integration.wikimedia.org/ci/job/translatewiki-puppet-validate/1768/console
We need an addition https_proxy parameter:
https://integration.wikimedia.org/ci/job/translatewiki-puppet-validate/1769/console
But then that fails fetching git://github.com..
In man git-config, there seems to be possibility to set proxy for both HTTP and GIT protocols and we can even make them on a per host/URL basis!
Example:
; Proxy settings [core] gitproxy=proxy-command for kernel.org gitproxy=default-proxy ; for all the rest ; HTTP [http] sslVerify [http "https://weak.example.com"] sslVerify = false cookieFile = /tmp/cookie.txt
The jobs are running as jenkins-slave user. That user has a .gitconfig which is generated by puppet. So potentially we can figure out the proper parameters and have them populated by puppet.
Version: wmf-deployment
Severity: normal