Run user-provided command as part of build flow #6715
Conversation
|
@bparees @PI-Victor PTAL |
| cpuShares := r.read("/sys/fs/cgroup/cpu,cpuacct/cpu.shares") | ||
| cpuPeriod := r.read("/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_period_us") | ||
| cpuQuota := r.read("/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us") | ||
| memory := r.read("/sys/fs/cgroup/memory/memory.limit_in_bytes") |
There was a problem hiding this comment.
@bparees this is the part you will need in the card Enforce CGroup constraints on build containers.
Worth noting that we need better error handling / implementation here. E.g.:
- the memory limit read from
/sys/fs/cgroupmight overflowint64. The Docker client usesint64, so we can't really send anything > 2^63-1. these values might be incorrectly set or not available with older versions of the Docker daemon.edit: we require Docker 1.8.2, which will place the files as expected.
rhcarvalho
force-pushed
the
build-post-commit-pre-push-usr-cmd
branch
2 times, most recently
from
199a073
to
027404c
Compare
| glog.Flush() | ||
| } | ||
| return nil | ||
| } | ||
|
|
||
| func (s *S2IBuilder) runPostCommitHook(imageID string) error { | ||
| glog.Infof("Running post commit hook with image %s ...", imageID) |
There was a problem hiding this comment.
also log the command being run.
There was a problem hiding this comment.
also not sure the point of this function. whoever is calling it should just call runScriptInContainer directly. (and then it should do the glog.Info)
rhcarvalho
force-pushed
the
build-post-commit-pre-push-usr-cmd
branch
from
027404c
to
a8b0fc9
Compare
| @@ -204,19 +215,42 @@ func (s *S2IBuilder) Build() error { | |||
| return err | |||
| } | |||
|
|
|||
| // TODO: why in docker builds we defer removing the image, while here we don't?! | |||
There was a problem hiding this comment.
probably a bug, I don't see any reason to keep the image cached on the node locally when the image is pushed to remote registry (other than a performance issue when running all-in-one ;-) @csrwng any ideas?
There was a problem hiding this comment.
See my comment on the pull to remove. We stopped removing the image on purpose.
rhcarvalho
force-pushed
the
build-post-commit-pre-push-usr-cmd
branch
from
a8b0fc9
to
4d0798c
Compare
|
I'm working with multiple commits now, as it makes my life easier. |
rhcarvalho
force-pushed
the
build-post-commit-pre-push-usr-cmd
branch
from
4d0798c
to
151ad0f
Compare
| @@ -59,6 +59,10 @@ type BuildSpec struct { | |||
| // Compute resource requirements to execute the build | |||
| Resources kapi.ResourceRequirements | |||
|
|
|||
| // PostCommit is a build hook executed after the build output image is | |||
| // committed, before it is pushed to a registry. | |||
| PostCommit BuildPostCommitSpec | |||
There was a problem hiding this comment.
Why is this not just post like deployments? Will we ever add postPush? What other possible posts are there.
There was a problem hiding this comment.
strictly naming wise as i remember it's trying to outline more the fact that it takes place between the commit and before the push.
There was a problem hiding this comment.
I would recommend we just use Post, and only have one of them ever. The
alignment with deployments matters to me.
On Fri, Jan 22, 2016 at 11:14 AM, Ionut Palade notifications@github.com
wrote:
In pkg/build/api/types.go
#6715 (comment):@@ -59,6 +59,10 @@ type BuildSpec struct {
// Compute resource requirements to execute the build
Resources kapi.ResourceRequirements
- // PostCommit is a build hook executed after the build output image is
- // committed, before it is pushed to a registry.
- PostCommit BuildPostCommitSpec
strictly naming wise as i remember it's trying to outline more the fact
that it takes place between the commit and before the push.—
Reply to this email directly or view it on GitHub
https://github.com/openshift/origin/pull/6715/files#r50555320.
There was a problem hiding this comment.
It is postCommit because not long ago we we were about to add post, which meant postPush and would trigger downstream builds. And longer ago, we were about to add "post build hooks" which were also semantically after push. Since the "push" part of the build can fail, I see value in being able to have post push actions at some point.
There was a problem hiding this comment.
I don't really see that being likely (adding more hooks), and if they are, they wouldn't be the 80% case anyway. However, this is fine for now.
openshift-bot
added
the
needs-rebase
rhcarvalho
force-pushed
the
build-post-commit-pre-push-usr-cmd
branch
2 times, most recently
from
6f98eb4
to
ac08605
Compare
openshift-bot
removed
the
needs-rebase
| func runPostCommitHook(dockerClient DockerClient, build *api.Build, strategyName, imageID string) error { | ||
| glog.Infof("Running post commit hook with image %s ...", imageID) | ||
| containerName := fmt.Sprintf("openshift_%s-build_%s_%s_post-commit_%08x", strategyName, build.Name, build.Namespace, rand.Uint32()) | ||
| return runScriptInContainer(dockerClient, build.Spec.PostCommit.RunBash, imageID, containerName) |
There was a problem hiding this comment.
@bparees @mfojtik @smarterclayton please help me sanity checking here.
Is the only reason not to run the post commit script as a POD the fact that we need to reference a specific image that only exists in the node where it has been built?
This is one more difference between Build Post Commit and Deployment Lifecycle Hooks.
There was a problem hiding this comment.
According to a conversation with @bparees, there's also the problem that starting a pod would consume more of the users quota.
rhcarvalho
force-pushed
the
build-post-commit-pre-push-usr-cmd
branch
from
ac08605
to
3460048
Compare
|
EventHistory is cleared when 1000 events have been written to etcd since On Thu, Feb 11, 2016 at 3:08 PM, Rodolfo Carvalho notifications@github.com
|
|
@smarterclayton is the etcd instance in Jenkins shared? Why would it get 1000 events in a "short" time frame? |
rhcarvalho
force-pushed
the
build-post-commit-pre-push-usr-cmd
branch
from
9efce2d
to
0fefe49
Compare
|
I'm now forcing a timeout of 5 min waiting for the build, let's see what happens in Jenkins... |
|
Events, controllers out of control, bad loop somewhere, etc. On Thu, Feb 11, 2016 at 3:16 PM, Rodolfo Carvalho notifications@github.com
|
rhcarvalho
force-pushed
the
build-post-commit-pre-push-usr-cmd
branch
from
0fefe49
to
10c7245
Compare
@bparees PTAL |
| os::cmd::expect_success 'oc new-build -D "FROM busybox:1"' | ||
| os::cmd::try_until_text 'oc get istag busybox:1' 'busybox@sha256:' | ||
| os::cmd::expect_success 'oc patch bc/busybox -p '\''{"spec":{"postCommit":{"script":"echo hello $1","args":["world"],"command":null}}}'\' | ||
| os::cmd::expect_success_and_text 'oc get bc/busybox -o=jsonpath="{.spec.postCommit['\''script'\'','\''args'\'','\''command'\'']}"' '^echo hello \$1 \[world\] \[\]$' |
There was a problem hiding this comment.
This test makes sure we persist the post commit hook correctly.
The line below is a test that ensures the hook is actually executed as part of the build, pending a fix to #7174.
|
@rhcarvalho squash and lgtm |
|
[test] |
This is meant to be used for running project unit tests as part of a build. Changes: - Add utility to run containers and stream logs - Add build spec API field for post commit actions Includes a common-case API for running a shell script and an kapi.Container-like API for more sophisticated use cases. A good deal of this was done pair programming with @PI-Victor.
rhcarvalho
force-pushed
the
build-post-commit-pre-push-usr-cmd
branch
from
10c7245
to
3e5a859
Compare
|
Evaluated for origin test up to 3e5a859 |
|
@bparees squashed. |
|
[merge] |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_origin/4962/) (Image: devenv-rhel7_3430) |
|
Evaluated for origin merge up to 3e5a859 |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/1146/) |
…sr-cmd Merged by openshift-bot
|
Also, can you guys make sure you have a blurb for me for the release notes On Mon, Feb 15, 2016 at 2:31 PM, OpenShift Bot notifications@github.com
|
|
@smarterclayton as @bparees noted in the issue, the CLI for this is unlike to land soon. The easiest way to use this right now is with $ oc patch bc/my-build-config -p '{"spec":{"postCommit":{"script":"rake test"}}}'Full docs is coming at openshift/openshift-docs#1448 For release notes:
|
|
Please note in the cards for CLI work for this -
#7331 will be the reference
for "mutate a pod template command".
|
|
noted, thanks! |
This is meant to be used for running project unit tests as part of a build.
Trello card: https://trello.com/c/I1v1YeOf
Closes #6758
This PR/card won't introduce changes to
oc new-buildnoroc new-appnor the Web Console.For now, the feature can be used via
oc edit bc.Pending work:
if build fails because of failure in the post commit hook, there should be a clear error message to reflect that (see pkg/build/builder/common.go#L56 and pkg/build/registry/build/strategy.go#L103)trello: https://trello.com/c/nAPDRELK/852-update-build-status-when-post-commit-hook-fails