. display in 68x24 .. display in 88x24 .. pygments yaml? (only file breaks (---) tinted) .. slide on high level v3 changes .. slide on nodepool .. transition:: dissolve :duration: 0.4 Test Slide ========== .. hidetitle:: .. ansi:: images/testslide.ans Preshow ======= .. hidetitle:: .. ansi:: images/cursor.ans images/cursor2.ans Zuul ==== .. hidetitle:: .. ansi:: images/zuul.ans Meta Information ================ * This Talk is Free Software: http://git.inaugust.com/cgit/inaugust.com/tree/src/zuulv3 * Twitter: @e_monty * Freenode: mordred * email: mordred@inaugust.com Red Hat ======= .. hidetitle:: .. container:: handout * I work for Red Hat in the Office of Technology as the Chief Architect for CI/CD .. ansi:: images/redhat.ans OpenStack ========= .. container:: handout * I work on OpenStack. * I sit on the Technical Committee. I was on the Board of Directors .. hidetitle:: .. ansi:: images/openstack.ans OpenStack Infra =============== .. container:: handout * My primary technical role with OpenStack is working on the OpenStack CI system. :: "most insane CI infrastructure I've ever been a part of" -- Alex Gaynor Zuul ==== .. container:: handout * As part of working on OpenStack Infra I work on Zuul .. hidetitle:: .. ansi:: images/zuul.ans Ansible ======= .. container:: handout * And as part of working on Zuul and on OpenStack I work on Ansible * I maintain the OpenStack modules for Ansible as well as the shade library .. hidetitle:: .. ansi:: images/ansible.ans Presentation Checklist ====================== .. container:: handout * Every good presentation needs logos, so we're starting well :: [X] Logos Spoilers ======== * What the old version of Zuul (v2) was * a nifty project gating system * What the new version of Zuul (v3) is * multinode support * live configuration changes * better job definition * sharable job definition * testing like deployment What do I mean by Massive Scale? ================================ * Contributors (~2k / 6 month period) * Companies * Changes * Code Repositories (1827 as of this morning) * Communities OpenStack Scale =============== * 2,000 git repositories * 2KJPH (2,000 jobs per hour) * Nodes 14 Regions off 5 OpenStack Public Clouds and 2 Private Clouds (Thanks Rackspace, Internap, OVH, Vexxhost, CityCloud, HPE, Red Hat) * 10,000 changes merged per month OpenStack Scale =============== * 2,000 git repositories * 2KJPH (2,000 jobs per hour) * Nodes 14 Regions off 5 OpenStack Public Clouds and 2 Private Clouds (Thanks Rackspace, Internap, OVH, Vexxhost, CityCloud, HPE, Red Hat) * 10,000 changes merged per month * By comparison, our friends at the amazing project Ansible received 13,000 changes and had merged 8,000 of them in its first 4 years. Pretty Things to Look for Scale =============================== * http://grafana.openstack.org/dashboard/db/zuul-status * http://grafana.openstack.org/dashboard/db/nodepool * http://zuulv3.openstack.org/ Dealing With Scale ================== * Egalitarian Process * Balance Centralized vs Distributed * Code Review plus Enforced Testing OpenStack Developer Workflow ============================ .. container:: handout :: Hack Review Test ========= ========== ========== push approve +-------------+ +-------------+ | | | | +------+--+ +--v----+--+ +--v-------+ | | | | | | | $EDITOR | | Gerrit | | Zuul | | | | | | | +------^--+ +--+----^--+ +--+-------+ | | | | +-------------+ +-------------+ clone merge Gerrit ====== .. hidetitle:: .. container:: handout the primary interface for our developers is the code review system gerrit. No matter how complex zuul becomes, this is still primary focus we want the developers to have. explain patch upload, zuul runs, test results displayed in gerrit this is all the interface to zuul users need to see but zuul is doing a lot of work behind the scenes, and if you look closer, this is what you see .. ansi:: images/color-gertty.ans Github Developer Workflow ========================= .. container:: handout :: Hack Review Test ========= ========== ========== push approve +-------------+ +-------------+ | | | | +------+--+ +--v----+--+ +--v-------+ | | | | | | | $EDITOR | | Github | | Zuul | | | | | | | +------^--+ +--+----^--+ +--+-------+ | | | | +-------------+ +-------------+ clone merge Zuul Architecture ================= .. ansi:: images/architecture.ans Presentation Checklist ====================== :: [x] Logos [x] Architecture diagram Nodepool ======== .. container:: handout nodepool builds nodes for zuul Remember that 2,000 jobs per hour number? Each job gets a fresh VM - that's 2,000 VMs per hours Treats our 20 regions across 9 clouds as one REALLY big cloud :: * A separate program that works very closely with *zuul* * Builds images daily and uploads to clouds * Creates and destroys (at least) a VM for every job Nodepool can use pre-existing images, BUT ... ============================================= * Clouds have 'helpful' differences between base images * Cloud images have 'helpful' software pre-installed * Distros have 'helpful' different user names * Most clouds use DHCP for networking, but some don't * We can add pre-cached content Gating ====== .. cowsay:: Every change proposed for a repository is tested before it merges. Co-gating ========= .. cowsay:: Changes to a set of repositories merge monotonically such that each change is tested with the current state of all other related repositories before it merges. Parallel Co-gating ================== .. cowsay:: Changes are serialized such that each change is tested with all of the changes ahead of it to satisfy the gating requirement while being able to run tests for multiple changes simultaneously. Presentation Checklist ====================== :: [x] Logos [x] Architecture diagram [x] Cows Zuul Simulation =============== .. transition:: pan .. container:: handout * That was a lot of words - let's walk through it one step at a time * Here we have two git repos, called nova and keystone, and their current HEAD state .. ansi:: images/zsim-00.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * A change is approved for Nova .. ansi:: images/zsim-01.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * Zuul starts running jobs for it * The tests will test the current state of nova and keystone PLUS this nova change .. ansi:: images/zsim-02.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * A change is approved for Keystone .. ansi:: images/zsim-03.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * The tests will test the current state of nova and keystone PLUS this nova change .. ansi:: images/zsim-04.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-05.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-06.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-07.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-08.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-09.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-10.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-11.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-12.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-13.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-14.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-15.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-16.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-17.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-18.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-19.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-20.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-21.ans Zuul Simulation =============== .. transition:: cut .. container:: handout * todo .. ansi:: images/zsim-22.ans Cross-Project Problem ===================== * User reports bug in shade - auto_ip is not discovering their NAT properly * Two fixes, one to detection algorithm, one to config override * Config override requires adding support to os-client-config * Once support is added to os-client-config, it can be consumed in shade * How do we integration test this without releasing os-client-config? Cross-Project Dependencies ========================== Testing or gating dependencies (including jobs) manually specified by developers .. container:: progressive * shade https://review.openstack.org/#/c/513913/ Add unittest tips jobs Change-ID: I5b411be5c5aa43535fa89a51d6099aadd7a8ea60 * os-client-config https://review.openstack.org/#/c/513915 Add shade-tox-tips jobs Change-ID: Ie3e9a4deca1d74b94e810e87e130706fe15fe2c9 Depends-On: I5b411be5c5aa43535fa89a51d6099aadd7a8ea60 * os-client-config https://review.openstack.org/#/c/513751/ Added nat_source flag for networks Change-ID: I3d8dd6d734a1013d2d4a43e11c3538c3a345820b * shade https://review.openstack.org/#/c/513914 Add support for configured NAT source variable Change-Id: I4b50c2323a487b5ce90f9d38a48be249cfb739c5 Depends-On: I3d8dd6d734a1013d2d4a43e11c3538c3a345820b shade: Add unittest tips jobs ============================= * In git.openstack.org/openstack-infra/shade/.zuul.yaml: .. code:: yaml - job: name: shade-tox-py27-tips parent: openstack-tox-py27 description: | Run tox python 27 unittests against master of important libs required-projects: - openstack-infra/shade - openstack/os-client-config - job: name: shade-tox-py35-tips parent: openstack-tox-py35 description: | Run tox python 35 unittests against master of important libs required-projects: - openstack-infra/shade - openstack/keystoneauth - openstack/os-client-config shade: Add unittest tips project-template ========================================= * In git.openstack.org/openstack-infra/shade/.zuul.yaml: .. code:: yaml - project-template: name: shade-tox-tips check: jobs: - shade-tox-py27-tips - shade-tox-py35-tips gate: jobs: - shade-tox-py27-tips - shade-tox-py35-tips shade: Add unittest tips project-template to project ==================================================== * In git.openstack.org/openstack-infra/shade/.zuul.yaml: .. code:: yaml - project: name: openstack-infra/shade templates: - publish-to-pypi - publish-openstack-sphinx-docs - shade-tox-tips os-client-config: Add shade-tox-tips jobs ========================================= * In git.openstack.org/openstack/os-client-config/.zuul.yaml: .. code:: yaml - project: name: openstack/os-client-config templates: - shade-tox-tips check: jobs: - legacy-osc-dsvm-functional-tips: voting: false os-client-config: Add nat_source flag for networks ================================================== :: diff --git a/os_client_config/cloud_config.py b/os_client_config/cloud_config.py index 2e97629..d1a6983 100644 --- a/os_client_config/cloud_config.py +++ b/os_client_config/cloud_config.py @@ -581,3 +581,10 @@ class CloudConfig(object): if net['nat_destination']: return net['name'] return None + + def get_nat_source(self): + """Get network used for NAT source.""" + for net in self.config['networks']: + if net.get('nat_source'): + return net['name'] + return None shade: Add support for configured NAT source variable ===================================================== :: Zuul 10-21 13:57 Patch Set 5: Verified-1 Build failed. openstack-tox-pep8 SUCCESS in 2m 29s openstack-tox-py27 FAILURE in 2m 34s build-openstack-releasenotes SUCCESS in 2m 47s openstack-tox-py35 FAILURE in 2m 41s openstack-tox-cover POST_FAILURE in 3m 52s (non-voting) build-openstack-sphinx-docs SUCCESS in 2m 57s shade-tox-py27-tips SUCCESS in 3m 18s shade-tox-py35-tips SUCCESS in 2m 28s Live Configuration Changes ========================== .. container:: handout Zuul is a distributed system, with a distributed configuration. .. code:: yaml - tenant: name: openstack source: gerrit: config-projects: - project-config untrusted-projects: - openstack-infra/zuul-jobs: shadow: openstack-infra/project-config - openstack-infra/openstack-zuul-jobs - openstack-infra/nodepool - openstack-infra/shade - openstack-infra/zuul - openstack/requirements Zuul Startup ============ * Read config file Zuul Startup ============ * Read config file * Ask mergers for branches of each repo .. ansi:: images/startup1.ans Zuul Startup ============ * Read config file * Ask mergers for branches of each repo * Ask mergers for .zuul.yaml file for each branch of each repo ``.zuul.yaml`` can be ``^\.?zuul.ya?ml$`` file or ``^\.?zuul.d$`` run-parts directory. .. ansi:: images/startup2.ans When .zuul.yaml Changes ======================= .. container:: progressive * Zuul looks for changes to .zuul.yaml * Asks mergers for updated content * Splices into configuration used for that change * Works with cross-repo dependencies ("This change depends on a change to the job definition") How do you use this thing? ========================== .. transition:: tilt .. hidetitle:: .. figlet:: Configuration Pipelines ========= * Describes the process flow and lifecycle **for a change** * A process definition that connects git repositories, jobs, and reporting mechanisms. * A context to fix a set of jobs to each project. Check Pipeline ============== .. code:: yaml - pipeline: name: check manager: independent source: gerrit trigger: gerrit: - event: patchset-created - event: change-restored success: gerrit: verified: 1 Gate Pipeline ============= .. code:: yaml - pipeline: name: gate manager: dependent trigger: gerrit: - event: comment-added approval: - workflow: 1 success: gerrit: verified: 2 submit: true Zuul Github Support =================== .. code:: yaml - pipeline: name: check manager: independent trigger: github: - event: pull_request action: - opened - changed - reopened success: github: status: 'success' failure: github: status: 'failure' OpenStack Github Support for Cross Community Testing ==================================================== * Github App "OpenStack Zuul" * App added to github project by project admin * Project aded to OpenStack's main.yaml * Test interactions between OpenStack and important adjacent communities * Ansible * Kubernetes * Ceph? * Open vSwitch? Cross Community Testing ======================= .. code:: yaml - pipeline: name: check description: | Newly uploaded patchsets enter this pipeline to receive an initial +/-1 Verified vote. manager: independent trigger: gerrit: - event: patchset-created - event: change-restored - event: comment-added comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*recheck - event: comment-added require-approval: - Verified: [-1, -2] username: zuul approval: - Workflow: 1 github: - event: pull_request action: - opened - changed - reopened - event: pull_request action: comment comment: (?i)^\s*recheck\s*$ Cross Community Support cont. ============================= .. code:: yaml start: github: status: pending comment: false success: gerrit: # Note that gerrit keywords are case-sensitive. Verified: 1 github: status: 'success' mysql: failure: gerrit: Verified: -1 github: status: 'failure' mysql: Cross Community Depends-On (coming soon) ======================================== .. container:: progressive * shade https://review.openstack.org/#/c/613914/ Add support for server groups Change-ID: I5b411be5c5aa43535fa89a51d6099aadd7a8ea61 * ansible https://github.com/ansible/ansible/pull/32159 Add os_server_group module Depends-On: https://review.openstack.org/#/613914/ Jobs ==== * Jobs run on nodes from nodepool (static or dynamic) * Metadata defined in Zuul's configuration * Execution content in Ansible (with live streaming!) * Jobs may be defined centrally or in the repo being tested * Jobs have contextual variants that simplify configuration * git.openstack.org/openstack-infra/zuul-jobs repo can be directly shared between zuul installations Job === .. code:: yaml - job: name: base parent: null description: | The base job for Zuul. timeout: 1800 nodeset: nodes: - name: primary label: centos-7 pre-run: playbooks/base/pre post-run: - playbooks/base/post-ssh - playbooks/base/post-logs secrets: - site_logs Simple Job ========== .. code:: yaml - job: name: tox pre-run: playbooks/setup-tox run: playbooks/tox post-run: playbooks/fetch-tox-output - job: name: tox-py27 parent: tox vars: tox_envlist: py27 Simple Job Variant ================== .. code:: yaml - job: name: tox-py27 branch: stable/mitaka nodeset: - name: ubuntu-trusty label: ubuntu-trusty Nodesets for Multi-node Jobs ============================ .. code:: yaml - nodeset: name: ceph-cluster nodes: - name: controller label: centos-7 - name: compute1 label: fedora-26 - name: compute2 label: fedora-26 groups: - name: ceph-osd nodes: - controller - name: ceph-monitor nodes: - controller - compute1 - compute2 Multi-node Job ============== * nodesets are provided to Ansible for jobs in inventory .. code:: yaml - job: name: ceph-multinode nodeset: ceph-cluster run: playbooks/install-ceph Multi-node Ceph Job Content =========================== .. code:: yaml - hosts: all roles: - install-ceph - hosts: ceph-osd roles: - start-ceph-osd - hosts: ceph-monitor roles: - start-ceph-monitor - hosts: all roles: - do-something-interesting Projects ======== * Projects are git repositories * Specify a set of jobs for each pipeline * golang git repo naming as been adopted: :: zuul@ubuntu-xenial:~$ find /home/zuul/src -mindepth 3 -maxdepth 3 -type d src/git.openstack.org/openstack-infra/shade src/git.openstack.org/openstack/os-client-config src/github.com/ansible/ansible Project ======= .. code:: yaml - project: # Needing to name the project in that project's .zuul.yaml is going away name: openstack/nova check: jobs: - openstack-tox-py27 - openstack-tox-py35 - openstack-doc-build Project with Local Variant ========================== .. code:: yaml - project: name: openstack/nova check: jobs: - openstack-tox-py27 - openstack-tox-py35 - openstack-doc-build - openstack-tox-pypy: voting: false Project with More Local Variants ================================ .. code:: yaml - project: name: openstack/nova check: jobs: - openstack-tox-py27 - openstack-tox-py35 - openstack-doc-build: files: '^docs/.*$' - openstack-tox-pypy: voting: false Project with Many Local Variants ================================ .. code:: yaml - project: name: openstack/nova check: jobs: - openstack-tox-py27 nodeset: - name: centos-7 label: centos-7 - openstack-tox-py27 branch: stable/newton nodeset: - name: ubuntu-trusty label: ubuntu-trusty - openstack-doc-build: files: '^docs/.*$' - openstack-tox-pypy: voting: false Project With Central and Local Config ===================================== .. code:: yaml # In git.openstack.org/openstack-infra/project-config: - project: name: openstack/nova templates: - openstack-tox-jobs .. code:: yaml # In git.openstack.org/openstack/nova/.zuul.yaml: - project: name: openstack/nova check: - nova-placement-functional-devstack Project with Job Dependencies ============================= .. code:: yaml - project: name: openstack/nova release: jobs: - build-artifacts - upload-tarball: dependencies: build-artifacts - upload-pypi: dependencies: build-artifacts - notify-mirror: dependencies: - upload-tarball - upload-pypi Playbooks ========= * Jobs run Ansible playbooks * Playbooks may be defined centrally or in the repo being tested * Playbooks can use roles from current or other Zuul repos (or Galaxy, coming soon) * Playbooks are run on the zuul-executor using bubblewrap https://github.com/projectatomic/bubblewrap * Playbooks are not allowed to execute content on 'localhost' Job with Roles ============== .. code:: yaml - job: name: zuul-integration description: | Multi-node Zuul installation and integration test nodeset: zuul-cluster roles: - zuul: openstack/ansible-role-zuul run: playbooks/zuul-integration Job with Multiple Projects ========================== .. code:: yaml - job: name: tox-py35-on-zuul parent: tox-py35 description: | Run zuul's py35 unittests on patches to zuul-jobs vars: zuul_work_dir: src/git.openstack.org/openstack-infra/zuul required-projects: - name: openstack-infra/zuul override-branch: feature/zuulv3 - project: openstack-infra/zuul-jobs check: jobs: - tox-py35-on-zuul Devstack-gate / Tempest Playbook ================================ .. code:: yaml # devstack-gate / tempest playbook hosts: all roles: - setup-multinode-networking - partition-swap - configure-mirrors - run-devstack - run-tempest Simple Shell Playbook ===================== .. code:: yaml hosts: controller tasks: - shell: ./run_tests.sh Test Like Production ==================== If you use Ansible for deployment, your test and deployment processes and playbooks are the same What if you don't use Ansible? ============================== OpenStack Infra Control Plane uses Puppet ========================================= .. code:: yaml # In git.openstack.org/openstack-infra/project-config/roles/legacy-install-afs-with-puppet/tasks/main.yaml - name: Install puppet shell: ./install_puppet.sh args: chdir: "{{ ansible_user_dir }}/src/git.openstack.org/openstack-infra/system-config" environment: # Skip setting up pip, our images have already done this. SETUP_PIP: "false" become: yes - name: Copy manifest copy: src: manifest.pp dest: "{{ ansible_user_dir }}/manifest.pp" - name: Run puppet puppet: manifest: "{{ ansible_user_dir }}/manifest.pp" become: yes Secrets ======= * Inspired by Kubernetes Secrets API * Projects can add named encrypted secrets to their .zuul.yaml file * Jobs can request to use secrets by name * Jobs using secrets are not reconfigured speculatively * Secrets can only be used by the same project they are defined in * Public key per project: ``{{ zuul_url }}/{{ tenant }}/keys/{{ project }}.pub`` :: GET http://zuulv3.openstack.org/keys/openstack-infra/shade.pub Secret Example (note, no admins had to enable this) =================================================== .. code:: yaml # In git.openstack.org/openstack/loci/.zuul.yaml: - secret: name: loci_docker_login data: user: !encrypted/pkcs1-oaep - r8Nbpq5olmfLF035BZ/CUoFLIdhvBi/49KuochOAHbvns+xMiho3C7MEFzYDqJX3IhHde BICYOgK7qnyINOIZL2e7pl75rEdHQwJjSFUMkpdY6wEP7f9hpolj9xVp0ifHUVQqPHMRn zoPFd8MEAHxH5GLmc2SWJ98E/QUqGltxBi1YRSZoCcNtq3tHFK5Y+xQlLhIseJ2HkpDs6 YXOGP9Qt4Va6sdyBcA90H+apSAcYA3Duu962ySZQAsYNui/3NQq3gLA+OZeyTJtcrh4hj Rb5dBnDWfSrMpxdNkbPXXgbQaxO3T0L4jbaOF8VKEsiI9olBrOeV2M9ddYJjSsHGj4XR8 4vwS0+doB7np93fujiDuHVgdG8R40NW2GznyKRlRtzAORla7Mzw1Y1MokcUyY6p1LlLLl wUuWYCCEuRciOPhZXQ2u42qju/zrK2/dPnO8HfUINSrN0WbNq14ZwPpbj0ro02oGPbtwu OTw1z+N0Nc+GuLWlwYJGYM/z0UnvDR3WEBc2kXbVev9w4n0cB3RyphML2PDZZWbw8tjnX h1VsAOJ0Qo4qq1K/ft95ypd+vtjkfepEgHEBmJNwutJa9IHAkGfrkO9VkpUTPpfffnPwz d0/zaaadNl6MLQUSutRwY23YIIbv+fmukxw2vnJmvn6abkBlMya7KgtifwNA8c= password: !encrypted/pkcs1-oaep - gUEX4eY3JAk/Xt7Evmf/hF7xr6HpNRXTibZjrKTbmI4QYHlzEBrBbHey27Pt/eYvKKeKw hk8MDQ4rNX7ZK1v+CKTilUfOf4AkKYbe6JFDd4z+zIZ2PAA7ZedO5FY/OnqrG7nhLvQHE 5nQrYwmxRp4O8eU5qG1dSrM9X+bzri8UnsI7URjqmEsIvlUqtybQKB9qQXT4d6mOeaKGE 5h6Ydkb9Zdi4Qh+GpCGDYwHZKu1mBgVK5M1G6NFMy1DYz+4NJNkTRe9J+0TmWhQ/KZSqo 4ck0x7Tb0Nr7hQzV8SxlwkaCTLDzvbiqmsJPLmzXY2jry6QsaRCpthS01vnj47itoZ/7p taH9CoJ0Gl7AkaxsrDSVjWSjatTQpsy1ub2fuzWHH4ASJFCiu83Lb2xwYts++r8ZSn+mA hbEs0GzPI6dIWg0u7aUsRWMOB4A+6t2IOJibVYwmwkG8TjHRXxVCLH5sY+i3MR+NicR9T IZFdY/AyH6vt5uHLQDU35+5n91pUG3F2lyiY5aeMOvBL05p27GTMuixR5ZoHcvSoHHtCq 7Wnk21iHqmv/UnEzqUfXZOque9YP386RBWkshrHd0x3OHUfBK/WrpivxvIGBzGwMr2qAj /AhJsfDXKBBbhGOGk1u5oBLjeC4SRnAcIVh1+RWzR4/cAhOuy2EcbzxaGb6VTM= Secret Example ============== .. code:: yaml # In git.openstack.org/openstack/loci/.zuul.yaml: - job: name: publish-loci-cinder parent: loci-cinder post-run: playbooks/push secrets: - loci_docker_login # In git.openstack.org/openstack/loci/playbooks/push.yaml: - hosts: all tasks: - include_vars: vars.yaml - name: Push project to DockerHub block: - command: docker login -u {{ loci_docker_login.user }} -p {{ loci_docker_login.password }} no_log: True - command: docker push openstackloci/{{ project }}:{{ branch }}-{{ item.name }} with_items: "{{ distros }}" Status ====== * zuulv3 is running for OpenStack * zuulv3 also runing at BMW (in OpenShift) * automation job migration sucked (I wrote the script, whoops) * cleaning up fixing automation and bugs found running at scale * reference documentation exists and is complete * pre-repository job documentation * will release v3.0 once we're satisfied it's good for other people What's Next? ============ * dashboard + REST API * user and deployer *documentation* - getting started walkthroughs * node providers: * static * OCI/docker * Mac Stadium (for our Ansible friends) * bifrost * support for galaxy roles * in-line code-review comments from Zuul * shared job doc generation * native container/kubernetes execution? Important Links =============== * https://git.openstack.org/cgit/openstack-infra/zuul/log/?h=feature/zuulv3 * https://docs.openstack.org/infra/zuul/feature/zuulv3/ * https://docs.openstack.org/infra/manual/zuulv3.html * https://docs.openstack.org/infra/openstack-zuul-jobs/ * https://storyboard.openstack.org/#!/project/679 * https://storyboard.openstack.org/#!/board/41 * freenode:#zuul Questions ========= .. ansi:: images/questions.ans Presentty ========= .. hidetitle:: .. transition:: pan .. figlet:: Presentty * Console presentations written in reStructuredText * Cross-fade, pan, tilt, cut transitions * Figlet, cowsay! * https://pypi.python.org/pypi/presentty