Page MenuHomePhabricator
Create Task
Maniphest T62164

Jenkins: Use web proxy to let git access repositories on from GitHub (e.g. submodules)
Closed, ResolvedPublic
Actions

Description

The translatewiki repository relies on git submodules hosted on github using either http or the git protocol:

https://github.com/puppetlabs/puppetlabs-apt.git
git://github.com/tPl0ch/puppet-composer.git

Since lanthanum does not have direct access to internet, whenever the translatewiki-puppet-validate job is run on that host, the clone of submodules fails:

https://integration.wikimedia.org/ci/job/translatewiki-puppet-validate/1765/console

I have added a http_proxy parameter which still fail the build:

https://integration.wikimedia.org/ci/job/translatewiki-puppet-validate/1768/console

We need an addition https_proxy parameter:

https://integration.wikimedia.org/ci/job/translatewiki-puppet-validate/1769/console

But then that fails fetching git://github.com..

In man git-config, there seems to be possibility to set proxy for both HTTP and GIT protocols and we can even make them on a per host/URL basis!

Example:

; Proxy settings
[core]
        gitproxy=proxy-command for kernel.org
        gitproxy=default-proxy ; for all the rest

; HTTP
[http]
        sslVerify
[http "https://weak.example.com"]
        sslVerify = false
        cookieFile = /tmp/cookie.txt

The jobs are running as jenkins-slave user. That user has a .gitconfig which is generated by puppet. So potentially we can figure out the proper parameters and have them populated by puppet.

Version: wmf-deployment
Severity: normal

Details

Reference
bz60164
SubjectRepoBranchLines +/-
Move *puppet-validate jobs to labsintegration/configmaster+2 -2
Customize query in gerrit

Related Objects

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 3:01 AM
bzimport added a project: Continuous-Integration-Infrastructure.
bzimport set Reference to bz60164.
bzimport added a subscriber: Unknown Object (MLST).
hashar created this task.Jan 17 2014, 10:20 AM
gerritbot added a comment.Jan 17 2014, 10:24 AM

Change 108021 had a related patch set uploaded by Hashar:
tie translatewiki-puppet-validate to gallium

https://gerrit.wikimedia.org/r/108021

gerritbot added a comment.Jan 17 2014, 10:25 AM

Change 108021 merged by jenkins-bot:
tie translatewiki-puppet-validate to gallium

https://gerrit.wikimedia.org/r/108021

hashar added a comment.Jan 17 2014, 10:26 AM

As a workaround, I have forced translatewiki-puppet-validate to run only on gallium which has direct access to internet.

hashar added a comment.Jan 17 2014, 10:34 AM

Pinged QA list about it: http://lists.wikimedia.org/pipermail/qa/2014-January/000921.html

hashar added a comment.May 19 2014, 3:22 PM

Rephrased summary.

Krinkle added a comment.Oct 15 2014, 10:43 PM

Do these still run on the production slaves? If so, what would it take to have them run on the labs slaves?

demon unsubscribed.Dec 16 2014, 6:05 PM
gerritbot added a project: Patch-For-Review.Jan 13 2015, 4:10 PM

Change 184644 had a related patch set uploaded (by Hashar):
Move *puppet-validate jobs to labs

https://gerrit.wikimedia.org/r/184644

Patch-For-Review

hashar added a comment.Jan 13 2015, 4:11 PM

I have made translatewiki-puppet-validate (which has github repos as submodule) to run on labs slaves. It fetches the submodules and pass.

hashar closed this task as Resolved.Jan 13 2015, 4:11 PM
hashar claimed this task.
gerritbot added a comment.Jan 13 2015, 4:28 PM

Change 184644 merged by jenkins-bot:
Move *puppet-validate jobs to labs

https://gerrit.wikimedia.org/r/184644

hashar mentioned this in rCICF33adb97cefe5: Move *puppet-validate jobs to labs.Jan 13 2015, 4:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL