-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run user-provided command as part of build flow #6715
Run user-provided command as part of build flow #6715
Conversation
@bparees @PI-Victor PTAL |
cpuShares := r.read("/sys/fs/cgroup/cpu,cpuacct/cpu.shares") | ||
cpuPeriod := r.read("/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_period_us") | ||
cpuQuota := r.read("/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us") | ||
memory := r.read("/sys/fs/cgroup/memory/memory.limit_in_bytes") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bparees this is the part you will need in the card Enforce CGroup constraints on build containers.
Worth noting that we need better error handling / implementation here. E.g.:
- the memory limit read from
/sys/fs/cgroup
might overflowint64
. The Docker client usesint64
, so we can't really send anything > 2^63-1. these values might be incorrectly set or not available with older versions of the Docker daemon.edit: we require Docker 1.8.2, which will place the files as expected.
199a073
to
027404c
Compare
glog.Flush() | ||
} | ||
return nil | ||
} | ||
|
||
func (s *S2IBuilder) runPostCommitHook(imageID string) error { | ||
glog.Infof("Running post commit hook with image %s ...", imageID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also log the command being run.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also not sure the point of this function. whoever is calling it should just call runScriptInContainer directly. (and then it should do the glog.Info)
027404c
to
a8b0fc9
Compare
@@ -204,19 +215,42 @@ func (s *S2IBuilder) Build() error { | |||
return err | |||
} | |||
|
|||
// TODO: why in docker builds we defer removing the image, while here we don't?! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably a bug, I don't see any reason to keep the image cached on the node locally when the image is pushed to remote registry (other than a performance issue when running all-in-one ;-) @csrwng any ideas?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See my comment on the pull to remove. We stopped removing the image on purpose.
a8b0fc9
to
4d0798c
Compare
I'm working with multiple commits now, as it makes my life easier. |
4d0798c
to
151ad0f
Compare
@@ -59,6 +59,10 @@ type BuildSpec struct { | |||
// Compute resource requirements to execute the build | |||
Resources kapi.ResourceRequirements | |||
|
|||
// PostCommit is a build hook executed after the build output image is | |||
// committed, before it is pushed to a registry. | |||
PostCommit BuildPostCommitSpec |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this not just post
like deployments? Will we ever add postPush
? What other possible posts
are there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
strictly naming wise as i remember it's trying to outline more the fact that it takes place between the commit and before the push.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would recommend we just use Post, and only have one of them ever. The
alignment with deployments matters to me.
On Fri, Jan 22, 2016 at 11:14 AM, Ionut Palade notifications@github.com
wrote:
In pkg/build/api/types.go
#6715 (comment):@@ -59,6 +59,10 @@ type BuildSpec struct {
// Compute resource requirements to execute the build
Resources kapi.ResourceRequirements
- // PostCommit is a build hook executed after the build output image is
- // committed, before it is pushed to a registry.
- PostCommit BuildPostCommitSpec
strictly naming wise as i remember it's trying to outline more the fact
that it takes place between the commit and before the push.—
Reply to this email directly or view it on GitHub
https://github.com/openshift/origin/pull/6715/files#r50555320.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is postCommit
because not long ago we we were about to add post
, which meant postPush
and would trigger downstream builds. And longer ago, we were about to add "post build hooks" which were also semantically after push. Since the "push" part of the build can fail, I see value in being able to have post push actions at some point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
bump for interest.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't really see that being likely (adding more hooks), and if they are, they wouldn't be the 80% case anyway. However, this is fine for now.
6f98eb4
to
ac08605
Compare
func runPostCommitHook(dockerClient DockerClient, build *api.Build, strategyName, imageID string) error { | ||
glog.Infof("Running post commit hook with image %s ...", imageID) | ||
containerName := fmt.Sprintf("openshift_%s-build_%s_%s_post-commit_%08x", strategyName, build.Name, build.Namespace, rand.Uint32()) | ||
return runScriptInContainer(dockerClient, build.Spec.PostCommit.RunBash, imageID, containerName) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bparees @mfojtik @smarterclayton please help me sanity checking here.
Is the only reason not to run the post commit script as a POD the fact that we need to reference a specific image that only exists in the node where it has been built?
This is one more difference between Build Post Commit and Deployment Lifecycle Hooks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to a conversation with @bparees, there's also the problem that starting a pod would consume more of the users quota.
ac08605
to
3460048
Compare
EventHistory is cleared when 1000 events have been written to etcd since On Thu, Feb 11, 2016 at 3:08 PM, Rodolfo Carvalho notifications@github.com
|
@smarterclayton is the etcd instance in Jenkins shared? Why would it get 1000 events in a "short" time frame? |
9efce2d
to
0fefe49
Compare
I'm now forcing a timeout of 5 min waiting for the build, let's see what happens in Jenkins... |
Events, controllers out of control, bad loop somewhere, etc. On Thu, Feb 11, 2016 at 3:16 PM, Rodolfo Carvalho notifications@github.com
|
0fefe49
to
10c7245
Compare
@bparees PTAL |
os::cmd::expect_success 'oc new-build -D "FROM busybox:1"' | ||
os::cmd::try_until_text 'oc get istag busybox:1' 'busybox@sha256:' | ||
os::cmd::expect_success 'oc patch bc/busybox -p '\''{"spec":{"postCommit":{"script":"echo hello $1","args":["world"],"command":null}}}'\' | ||
os::cmd::expect_success_and_text 'oc get bc/busybox -o=jsonpath="{.spec.postCommit['\''script'\'','\''args'\'','\''command'\'']}"' '^echo hello \$1 \[world\] \[\]$' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test makes sure we persist the post commit hook correctly.
The line below is a test that ensures the hook is actually executed as part of the build, pending a fix to #7174.
@rhcarvalho squash and lgtm |
[test] |
This is meant to be used for running project unit tests as part of a build. Changes: - Add utility to run containers and stream logs - Add build spec API field for post commit actions Includes a common-case API for running a shell script and an kapi.Container-like API for more sophisticated use cases. A good deal of this was done pair programming with @PI-Victor.
10c7245
to
3e5a859
Compare
Evaluated for origin test up to 3e5a859 |
@bparees squashed. |
[merge] |
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_requests_origin/4962/) (Image: devenv-rhel7_3430) |
Evaluated for origin merge up to 3e5a859 |
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/1146/) |
…sr-cmd Merged by openshift-bot
Also, can you guys make sure you have a blurb for me for the release notes On Mon, Feb 15, 2016 at 2:31 PM, OpenShift Bot notifications@github.com
|
@smarterclayton as @bparees noted in the issue, the CLI for this is unlike to land soon. The easiest way to use this right now is with $ oc patch bc/my-build-config -p '{"spec":{"postCommit":{"script":"rake test"}}}' Full docs is coming at openshift/openshift-docs#1448 For release notes:
|
Please note in the cards for CLI work for this -
#7331 will be the reference
for "mutate a pod template command".
|
noted, thanks! |
This is meant to be used for running project unit tests as part of a build.
Trello card: https://trello.com/c/I1v1YeOf
Closes #6758
This PR/card won't introduce changes to
oc new-build
noroc new-app
nor the Web Console.For now, the feature can be used via
oc edit bc
.Pending work:
if build fails because of failure in the post commit hook, there should be a clear error message to reflect that (see pkg/build/builder/common.go#L56 and pkg/build/registry/build/strategy.go#L103)trello: https://trello.com/c/nAPDRELK/852-update-build-status-when-post-commit-hook-fails