summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/zuulv3/zuul.rst427
1 files changed, 335 insertions, 92 deletions
diff --git a/src/zuulv3/zuul.rst b/src/zuulv3/zuul.rst
index b38675b..efd6899 100644
--- a/src/zuulv3/zuul.rst
+++ b/src/zuulv3/zuul.rst
@@ -4,7 +4,7 @@
4.. pygments yaml? (only file breaks (---) tinted) 4.. pygments yaml? (only file breaks (---) tinted)
5.. slide on high level v3 changes 5.. slide on high level v3 changes
6.. slide on nodepool 6.. slide on nodepool
7 7
8.. transition:: dissolve 8.. transition:: dissolve
9 :duration: 0.4 9 :duration: 0.4
10 10
@@ -32,7 +32,7 @@ Red Hat
32 i work for 32 i work for
33 33
34.. ansi:: images/redhat.ans 34.. ansi:: images/redhat.ans
35 35
36OpenStack 36OpenStack
37========= 37=========
38.. hidetitle:: 38.. hidetitle::
@@ -72,7 +72,7 @@ Presentation Checklist
72Spoilers 72Spoilers
73======== 73========
74 74
75* What Zuul v3 does 75* What Zuul does
76 76
77 * multiple repositories 77 * multiple repositories
78 * integrated deliverable 78 * integrated deliverable
@@ -128,6 +128,17 @@ Large numbers of
128 * Changes 128 * Changes
129 * Code Repositories (1955 as of this morning) 129 * Code Repositories (1955 as of this morning)
130 130
131Not Bragging About Scale
132========================
133
134OpenStack Scale Comparison
135==========================
136
137 * 2KJPH (2,000 jobs per hour)
138 * Build Nodes from 13 Regions of 5 Public and 2 Private OpenStack Clouds
139 * Rackspace, Internap, OVH, Vexxhost, CityCloud and Linaro, Limestone
140 * 10,000 changes merged per month
141
131OpenStack Scale Comparison 142OpenStack Scale Comparison
132========================== 143==========================
133 144
@@ -136,6 +147,9 @@ OpenStack Scale Comparison
136 * Rackspace, Internap, OVH, Vexxhost, CityCloud and Linaro, Limestone 147 * Rackspace, Internap, OVH, Vexxhost, CityCloud and Linaro, Limestone
137 * 10,000 changes merged per month 148 * 10,000 changes merged per month
138 149
150 * By comparison, our friends at the amazing project Ansible received
151 13,000 changes and had merged 8,000 of them in its first 4 years.
152
139Four Opens 153Four Opens
140========== 154==========
141 155
@@ -203,7 +217,7 @@ Gerrit
203 217
204 but zuul is doing a lot of work behind the scenes, and if you look 218 but zuul is doing a lot of work behind the scenes, and if you look
205 closer, this is what you see 219 closer, this is what you see
206 220
207.. ansi:: images/color-gertty.ans 221.. ansi:: images/color-gertty.ans
208 222
209Zuul Architecture 223Zuul Architecture
@@ -227,11 +241,18 @@ Nodepool
227* Creates and destroys (at least) a vm for every job 241* Creates and destroys (at least) a vm for every job
228 242
229 (Remember that 2,000 jobs per hour number?) 243 (Remember that 2,000 jobs per hour number?)
230 244
245Zuul is not New
246===============
247
248 * Has been in Production for OpenStack for Six Years
249 * Zuul v3 first release where not-OpenStack is first-class use case
250 * Zuul is now a top-level effort of OpenStack Foundation
251
231Not just for OpenStack 252Not just for OpenStack
232====================== 253======================
233 254
234 * Zuul v3 is in production for OpenStack (in OpenStack VMs) 255 * Zuul is in production for OpenStack (in OpenStack VMs)
235 256
236 Also running at: 257 Also running at:
237 258
@@ -254,6 +275,9 @@ Zuul in a nutshell
254 * Collects/reports results 275 * Collects/reports results
255 * Potentially merges change 276 * Potentially merges change
256 277
278All in Service of Gating
279========================
280
257Gating 281Gating
258====== 282======
259 283
@@ -279,7 +303,7 @@ Presentation Checklist
279====================== 303======================
280 304
281:: 305::
282 306
283 [x] Logos 307 [x] Logos
284 [x] Architecture diagram 308 [x] Architecture diagram
285 [x] Cows 309 [x] Cows
@@ -297,7 +321,7 @@ Zuul Simulation
297=============== 321===============
298.. transition:: cut 322.. transition:: cut
299.. container:: handout 323.. container:: handout
300 324
301 * todo 325 * todo
302 326
303.. ansi:: images/zsim-01.ans 327.. ansi:: images/zsim-01.ans
@@ -532,11 +556,11 @@ Live Configuration Changes
532 source: 556 source:
533 gerrit: 557 gerrit:
534 config-repos: 558 config-repos:
535 - 'project-config' 559 - openstack-infra/project-config
536 project-repos: 560 project-repos:
537 - 'nova' 561 - openstack/nova
538 - 'keystone' 562 - openstack/keystone
539 - 'devstack-gate' 563 - openstack-infra/devstack-gate
540 564
541Zuul Startup 565Zuul Startup
542============ 566============
@@ -571,9 +595,9 @@ When .zuul.yaml Changes
571 * Asks mergers for updated content 595 * Asks mergers for updated content
572 * Splices into configuration used for that change 596 * Splices into configuration used for that change
573 * Works with cross-repo dependencies 597 * Works with cross-repo dependencies
574 598
575 ("This change depends on a change to the job definition") 599 ("This change depends on a change to the job definition")
576 600
577How do you use this thing? 601How do you use this thing?
578========================== 602==========================
579.. transition:: tilt 603.. transition:: tilt
@@ -586,7 +610,7 @@ Pipelines
586* A process definition that connects git repositories, jobs, and 610* A process definition that connects git repositories, jobs, and
587 reporting mechanisms. 611 reporting mechanisms.
588* A context to fix a set of jobs to each project. 612* A context to fix a set of jobs to each project.
589 613
590Check Pipeline 614Check Pipeline
591============== 615==============
592 616
@@ -599,7 +623,7 @@ Check Pipeline
599 trigger: 623 trigger:
600 gerrit: 624 gerrit:
601 - event: patchset-created 625 - event: patchset-created
602 - event: change-restored 626 - event: change-restored
603 success: 627 success:
604 gerrit: 628 gerrit:
605 verified: 1 629 verified: 1
@@ -638,23 +662,64 @@ Job
638.. code:: yaml 662.. code:: yaml
639 663
640 - job: 664 - job:
641 name: 'base' 665 name: base
642 timeout: '30m' 666 parent: null
643 nodes: 'ubuntu-xenial' 667 description: |
644 workspace: '/opt/workspace' 668 The base job for Zuul.
645 pre-run: 669 timeout: 1800
646 - 'setup-host' 670 nodeset:
671 nodes:
672 - name: primary
673 label: centos-7
674 pre-run: playbooks/base/pre.yaml
647 post-run: 675 post-run:
648 - 'archive-logs' 676 - playbooks/base/post-ssh.yaml
677 - playbooks/base/post-logs.yaml
678 secrets:
679 - site_logs
649 680
650Simple Job 681Simple Job
651========== 682==========
652 683
653.. code:: yaml 684.. code:: yaml
654 685
686 - job:
687 name: tox
688 pre-run: playbooks/setup-tox.yaml
689 run: playbooks/tox.yaml
690 post-run: playbooks/fetch-tox-output.yaml
691
692Simple Job Inheritance
693======================
694
695.. code:: yaml
696
655 - job: 697 - job:
656 name: 'python27' 698 name: tox-py36
657 parent: 'base' 699 parent: tox
700 vars:
701 tox_envlist: py36
702
703Inheritance Works Like An Onion
704===============================
705
706 * pre-run playbooks run in order of inheritance
707 * run playbook of job runs
708 * post-run playbooks run in reverse order of inheritance
709 * If pre-run playbooks fail, job is re-tried
710 * All post-run playbooks run - as far as pre-run playbooks got
711
712Inheritance Example
713===================
714
715For tox-py36 job
716
717 * base pre-run playbooks/base/pre.yaml
718 * tox pre-run playbooks/setup-tox.yaml
719 * tox run playbooks/tox.yaml
720 * tox post-run playbooks/fetch-tox-output.yaml
721 * base post-run playbooks/base/post-ssh.yaml
722 * base post-run playbooks/base/post-logs.yaml
658 723
659Simple Job Variant 724Simple Job Variant
660================== 725==================
@@ -662,45 +727,102 @@ Simple Job Variant
662.. code:: yaml 727.. code:: yaml
663 728
664 - job: 729 - job:
665 name: 'python27' 730 name: tox-py27
666 branch: 'stable/mitaka' 731 branches: stable/mitaka
667 nodes: 'ubuntu-trusty' 732 nodeset:
668 733 - name: ubuntu-trusty
734 label: ubuntu-trusty
735
736Nodesets for Multi-node Jobs
737============================
738
739.. code:: yaml
740
741 - nodeset:
742 name: ceph-cluster
743 nodes:
744 - name: controller
745 label: centos-7
746 - name: compute1
747 label: fedora-28
748 - name: compute2
749 label: fedora-28
750 groups:
751 - name: ceph-osd
752 nodes:
753 - controller
754 - name: ceph-monitor
755 nodes:
756 - controller
757 - compute1
758 - compute2
759
669Multi-node Job 760Multi-node Job
670============== 761==============
671.. container:: handout
672 762
673 nodepool, shrews 763* nodesets are provided to Ansible for jobs in inventory
674 764
675.. code:: yaml 765.. code:: yaml
676 766
677 - job: 767 - job:
678 name: 'devstack-multinode' 768 name: ceph-multinode
679 parent: 'base' 769 nodeset: ceph-cluster
680 nodes: 770 run: playbooks/install-ceph.yaml
681 - name: 'controller' 771
682 image: 'ubuntu-xenial' 772Multi-node Ceph Job Content
683 - name: 'compute' 773===========================
684 image: 'ubuntu-xenial' 774
775.. code:: yaml
776
777 - hosts: all
778 roles:
779 - install-ceph
780
781 - hosts: ceph-osd
782 roles:
783 - start-ceph-osd
784
785 - hosts: ceph-monitor
786 roles:
787 - start-ceph-monitor
788
789 - hosts: all
790 roles:
791 - do-something-interesting
685 792
686Projects 793Projects
687======== 794========
688 795
689* Projects are git repositories 796* Projects are git repositories
690* Specify a set of jobs for each pipeline 797* Specify a set of jobs for each pipeline
691 798* golang git repo naming as been adopted:
692Project 799
693======= 800::
801
802 zuul@ubuntu-xenial:~$ find /home/zuul/src -mindepth 3 -maxdepth 3 -type d
803 /home/zuul/src/git.openstack.org/openstack-infra/shade
804 /home/zuul/src/git.openstack.org/openstack/keystoneauth
805 /home/zuul/src/git.openstack.org/openstack/os-client-config
806 /home/zuul/src/github.com/ansible/ansible
807
808Project Config
809==============
810
811 * Specify a set of jobs for each pipeline
694 812
695.. code:: yaml 813.. code:: yaml
696 814
697 - project: 815 - project:
698 name: 'nova'
699 check: 816 check:
700 jobs: 817 jobs:
701 - python27 818 - openstack-tox-py27
702 - python35 819 - openstack-tox-py35
703 - docs 820 - openstack-tox-docs
821 gate:
822 jobs:
823 - openstack-tox-py27
824 - openstack-tox-py35
825 - openstack-tox-docs
704 826
705Project with Local Variant 827Project with Local Variant
706========================== 828==========================
@@ -708,14 +830,18 @@ Project with Local Variant
708.. code:: yaml 830.. code:: yaml
709 831
710 - project: 832 - project:
711 name: 'nova'
712 check: 833 check:
713 jobs: 834 jobs:
714 - python27 835 - openstack-tox-py27
715 - python35 836 - openstack-tox-py35
716 - docs 837 - openstack-tox-py36:
717 - pypy: 838 voting: false
718 voting: false 839 - openstack-tox-docs
840 gate:
841 jobs:
842 - openstack-tox-py27
843 - openstack-tox-py35
844 - openstack-tox-docs
719 845
720Project with More Local Variants 846Project with More Local Variants
721================================ 847================================
@@ -723,15 +849,14 @@ Project with More Local Variants
723.. code:: yaml 849.. code:: yaml
724 850
725 - project: 851 - project:
726 name: 'nova'
727 check: 852 check:
728 jobs: 853 jobs:
729 - python27 854 - openstack-tox-py27
730 - python35 855 - openstack-tox-py35
731 - docs: 856 - openstack-tox-py36:
732 files: '^docs/.*$' 857 voting: false
733 - pypy: 858 - openstack-tox-docs:
734 voting: false 859 files: '^docs/.*$'
735 860
736Project with Many Local Variants 861Project with Many Local Variants
737================================ 862================================
@@ -739,34 +864,58 @@ Project with Many Local Variants
739.. code:: yaml 864.. code:: yaml
740 865
741 - project: 866 - project:
742 name: 'nova'
743 check: 867 check:
744 jobs: 868 jobs:
745 - python27: 869 - openstack-tox-py27:
746 nodes: 'ubuntu-xenial' 870 nodeset:
747 - python27: 871 - name: centos-7
748 branch: 'stable/newton' 872 label: centos-7
749 nodes: 'ubuntu-trusty' 873 - openstack-tox-py27:
750 - python35 874 branches: stable/newton
751 - docs: 875 nodeset:
752 files: '^docs/.*$' 876 - name: ubuntu-trusty
753 - pypy: 877 label: ubuntu-trusty
754 voting: false 878 - openstack-tox-py35
879 - openstack-tox-py36:
880 voting: false
881 - openstack-tox-docs:
882 files: '^docs/.*$'
883
884Project With Central and Local Config
885=====================================
886
887.. code:: yaml
888
889 # In git.openstack.org/openstack-infra/project-config:
890 - project:
891 name: openstack/nova
892 templates:
893 - openstack-tox-jobs
894
895.. code:: yaml
896
897 # In git.openstack.org/openstack/nova/.zuul.yaml:
898 - project:
899 check:
900 - nova-placement-functional-devstack
755 901
756Project with Job Dependencies 902Project with Job Dependencies
757============================= 903=============================
758 904
759.. code:: yaml 905.. code:: yaml
760 906
761 - project: 907 - project:
762 name: nova 908 release:
763 release: 909 jobs:
764 jobs: 910 - build-artifacts
765 - build-tarball: 911 - upload-tarball:
766 jobs: 912 dependencies: build-artifacts
767 - upload-tarball: 913 - upload-pypi:
768 jobs: 914 dependencies: build-artifacts
769 - update-mirror 915 - notify-mirror:
916 dependencies:
917 - upload-tarball
918 - upload-pypi
770 919
771Playbooks 920Playbooks
772========= 921=========
@@ -774,32 +923,37 @@ Playbooks
774* Jobs run playbooks 923* Jobs run playbooks
775* Playbooks may be defined centrally or in the repo being tested 924* Playbooks may be defined centrally or in the repo being tested
776* Playbooks can use roles from current or other Zuul repos or Galaxy 925* Playbooks can use roles from current or other Zuul repos or Galaxy
926* Playbooks are not allowed to execute content on 'localhost'
777 927
778Devstack-gate / Tempest Playbook 928devstack-tempest Run Playbook
779================================ 929=============================
780 930
781.. code:: yaml 931.. code:: yaml
782 932
783 # devstack-gate / tempest playbook 933 # Changes that run through devstack-tempest are likely to have an impact on
784 --- 934 # the devstack part of the job, so we keep devstack in the main play to
785 hosts: all 935 # avoid zuul retrying on legitimate failures.
786 roles: 936 - hosts: all
787 - setup-multinode-networking 937 roles:
788 - partition-swap 938 - run-devstack
789 - configure-mirrors 939
790 - run-devstack 940 # We run tests only on one node, regardless how many nodes are in the system
791 - run-tempest 941 - hosts: tempest
942 roles:
943 - setup-tempest-run-dir
944 - setup-tempest-data-dir
945 - acl-devstack-files
946 - run-tempest
792 947
793Simple Shell Playbook 948Simple Shell Playbook
794===================== 949=====================
795 950
796.. code:: yaml 951.. code:: yaml
797 952
798 ---
799 hosts: controller 953 hosts: controller
800 roles: 954 roles:
801 - shell: | 955 - shell: |
802 cd $WORKSPACE 956 cd {{ zuul.project.src_dir }}
803 ./run_tests.sh 957 ./run_tests.sh
804 958
805 959
@@ -808,7 +962,96 @@ Test Like Production
808 962
809If you use Ansible for deployment, your test and deployment processes 963If you use Ansible for deployment, your test and deployment processes
810and playbooks are the same 964and playbooks are the same
811 965
966What if you don't use Ansible?
967==============================
968
969OpenStack Infra Control Plane uses Puppet (for now)
970===================================================
971
972.. code:: yaml
973
974 # In git.openstack.org/openstack-infra/project-config/roles/legacy-install-afs-with-puppet/tasks/main.yaml
975 - name: Install puppet
976 shell: ./install_puppet.sh
977 args:
978 chdir: "{{ ansible_user_dir }}/src/git.openstack.org/openstack-infra/system-config"
979 environment:
980 # Skip setting up pip, our images have already done this.
981 SETUP_PIP: "false"
982 become: yes
983
984 - name: Copy manifest
985 copy:
986 src: manifest.pp
987 dest: "{{ ansible_user_dir }}/manifest.pp"
988
989 - name: Run puppet
990 puppet:
991 manifest: "{{ ansible_user_dir }}/manifest.pp"
992 become: yes
993
994Secrets
995=======
996
997* Inspired by Kubernetes Secrets API
998* Projects can add named encrypted secrets to their .zuul.yaml file
999* Jobs can request to use secrets by name
1000* Jobs using secrets are not reconfigured speculatively
1001* Secrets can only be used by the same project they are defined in
1002* Public key per project:
1003 ``{{ zuul_url }}/{{ tenant }}/{{ project }}.pub``
1004
1005::
1006 GET https://zuul.openstack.org/openstack-infra/shade.pub
1007
1008Secret Example (note, no admins had to enable this)
1009===================================================
1010
1011.. code:: yaml
1012
1013 # In git.openstack.org/openstack/loci/.zuul.yaml:
1014 - secret:
1015 name: loci_docker_login
1016 data:
1017 user: loci-username
1018 password: !encrypted/pkcs1-oaep
1019 - gUEX4eY3JAk/Xt7Evmf/hF7xr6HpNRXTibZjrKTbmI4QYHlzEBrBbHey27Pt/eYvKKeKw
1020 hk8MDQ4rNX7ZK1v+CKTilUfOf4AkKYbe6JFDd4z+zIZ2PAA7ZedO5FY/OnqrG7nhLvQHE
1021 5nQrYwmxRp4O8eU5qG1dSrM9X+bzri8UnsI7URjqmEsIvlUqtybQKB9qQXT4d6mOeaKGE
1022 5h6Ydkb9Zdi4Qh+GpCGDYwHZKu1mBgVK5M1G6NFMy1DYz+4NJNkTRe9J+0TmWhQ/KZSqo
1023 4ck0x7Tb0Nr7hQzV8SxlwkaCTLDzvbiqmsJPLmzXY2jry6QsaRCpthS01vnj47itoZ/7p
1024 taH9CoJ0Gl7AkaxsrDSVjWSjatTQpsy1ub2fuzWHH4ASJFCiu83Lb2xwYts++r8ZSn+mA
1025 hbEs0GzPI6dIWg0u7aUsRWMOB4A+6t2IOJibVYwmwkG8TjHRXxVCLH5sY+i3MR+NicR9T
1026 IZFdY/AyH6vt5uHLQDU35+5n91pUG3F2lyiY5aeMOvBL05p27GTMuixR5ZoHcvSoHHtCq
1027 7Wnk21iHqmv/UnEzqUfXZOque9YP386RBWkshrHd0x3OHUfBK/WrpivxvIGBzGwMr2qAj
1028 /AhJsfDXKBBbhGOGk1u5oBLjeC4SRnAcIVh1+RWzR4/cAhOuy2EcbzxaGb6VTM=
1029
1030Secret Example
1031==============
1032
1033.. code:: yaml
1034
1035 # In git.openstack.org/openstack/loci/.zuul.yaml:
1036 - job:
1037 name: publish-loci-cinder
1038 parent: loci-cinder
1039 post-run: playbooks/push
1040 secrets:
1041 - loci_docker_login
1042
1043 # In git.openstack.org/openstack/loci/playbooks/push.yaml:
1044 - hosts: all
1045 tasks:
1046 - include_vars: vars.yaml
1047
1048 - name: Push project to DockerHub
1049 block:
1050 - command: docker login -u {{ loci_docker_login.user }} -p {{ loci_docker_login.password }}
1051 no_log: True
1052 - command: docker push openstackloci/{{ project }}:{{ branch }}-{{ item.name }}
1053 with_items: "{{ distros }}"
1054
812Important Links 1055Important Links
813=============== 1056===============
814 1057