[JIRA] (OVIRT-2282) use SSH keys from gerrit for infra users
by Barak Korren (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-2282?page=com.atlassian.jir... ]
Barak Korren edited comment on OVIRT-2282 at 7/8/18 11:50 AM:
--------------------------------------------------------------
{quote}
just my set of thoughts, if we have an automation management product, why not utilize it?
{quote}
Because there is a huge overhead to doing so and very little, if any, benefit.
In this case it will also significantly reduce system reliability, for the cron job to work all you need is:
# Cron to be configured
# The script to run
# A network connection to Gerrit
With Ansible OTOH you need:
# A way to trigger it - as you mention, but this is a Gerrit group, there is no built-in mechanism for triggering when it is changed, so now you'll need some kind of (Jenkins?) job to poll it.
# A host to run Ansible from
# Network connectivity and SSH permissions from this host to all other hosts
# # Network connectivity and SSH permissions from this host to Gerrit
# An inventory you need to maintain (as you mention), or build more automation around.
So many moving parts you'd need to create and maintain... and then you expect it to be reliable enough that youre ability to login will depend on it... really I can't see how Ansible makes sense here.,
was (Author: bkorren(a)redhat.com):
{quote}
just my set of thoughts, if we have an automation management product, why not utilize it?
{quote}
Because there is a huge overhead to doing so and very little, if any, benefit.
In this case it will also significantly reduce system reliability, for the cron job to work all you need is:
# Cron to be configured
# The script to run
# A network connection to Gerrit
With Ansible OTOH you need:
# A way to trigger it - as you mention, but this is a Gerrit group, there is no built-in mechanism for triggering when it is changed, so now you'll need some kind of (Jenkins?) job to poll it.
# A host to run Ansible from
# Network connectivity and SSH permissions from this host to all other hosts
# An inventory you need to maintain (as you mention), or build more automation around.
So many moving parts you'd need to create and maintain... and then you expect it to be reliable enough that youre ability to login will depend on it... really I can't see how Ansible makes sense here.,
> use SSH keys from gerrit for infra users
> ----------------------------------------
>
> Key: OVIRT-2282
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2282
> Project: oVirt - virtualization made easy
> Issue Type: Improvement
> Reporter: Evgheni Dereveanchin
> Assignee: infra
>
> Opening ticket to discuss possibility of managing user accounts through gerrit as it has SSH pubkeys defined.
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100088)
6 years, 5 months
[JIRA] (OVIRT-2282) use SSH keys from gerrit for infra users
by Barak Korren (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-2282?page=com.atlassian.jir... ]
Barak Korren commented on OVIRT-2282:
-------------------------------------
{quote}
just my set of thoughts, if we have an automation management product, why not utilize it?
{quote}
Because there is a huge overhead to doing so and very little, if any, benefit.
In this case it will also significantly reduce system reliability, for the cron job to work all you need is:
# Cron to be configured
# The script to run
# A network connection to Gerrit
With Ansible OTOH you need:
# A way to trigger it - as you mention, but this is a Gerrit group, there is no built-in mechanism for triggering when it is changed, so now you'll need some kind of (Jenkins?) job to poll it.
# A host to run Ansible from
# Network connectivity and SSH permissions from this host to all other hosts
# An inventory you need to maintain (as you mention), or build more automation around.
So many moving parts you'd need to create and maintain... and then you expect it to be reliable enough that youre ability to login will depend on it... really I can't see how Ansible makes sense here.,
> use SSH keys from gerrit for infra users
> ----------------------------------------
>
> Key: OVIRT-2282
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2282
> Project: oVirt - virtualization made easy
> Issue Type: Improvement
> Reporter: Evgheni Dereveanchin
> Assignee: infra
>
> Opening ticket to discuss possibility of managing user accounts through gerrit as it has SSH pubkeys defined.
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100088)
6 years, 5 months
[JIRA] (OVIRT-2282) use SSH keys from gerrit for infra users
by Ehud Yonasi (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-2282?page=com.atlassian.jir... ]
Ehud Yonasi commented on OVIRT-2282:
------------------------------------
I think we should use ansible playbook to run the script
1) use ansible playbook to run the scripts (req user for ssh, maybe we can use jenkins / secret file)
2) trigger the playbook each time that file changes (/etc/group ?), if so run a script that checks if infra-group was changed.
3) to maintain the inventory, we can use a jenkins job that checks on a daily basis if new hosts were added or use other triggers, and if so push a change to inventory and trigger the playbook.
just my set of thoughts, if we have an automation management product, why not utilize it?
> use SSH keys from gerrit for infra users
> ----------------------------------------
>
> Key: OVIRT-2282
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2282
> Project: oVirt - virtualization made easy
> Issue Type: Improvement
> Reporter: Evgheni Dereveanchin
> Assignee: infra
>
> Opening ticket to discuss possibility of managing user accounts through gerrit as it has SSH pubkeys defined.
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100088)
6 years, 5 months
[ CQ Failure Report ] [ RHV Master - ds vdsm ] [ 07-07-2018 ] [
post-004_basic_sanity.py ]
by Ehud Yonasi
Link to suspected patches:
https://gerrit.ovirt.org/#/c/92694/
Link to the job:
https://rhv-devops-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/rhv-master...
Link to all logs:
https://rhv-devops-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/rhv-master...
(Relevant) error snippet from the log:
<error>
2018-07-07 09:47:23,755-04 WARN
[org.ovirt.engine.core.bll.AddVmFromScratchCommand] (default task-23)
[] Validation of action 'AddVmFromScratch' failed for user
admin@internal-authz. Reasons:
VAR__ACTION__ADD,VAR__TYPE__VM,ACTION_TYPE_FAILED_NAME_ALREADY_USED
2018-07-07 09:47:23,756-04 INFO
[org.ovirt.engine.core.bll.AddVmFromScratchCommand] (default task-23)
[] Lock freed to object 'EngineLock:{exclusiveLocks='[vm0=VM_NAME]',
sharedLocks=''}'
2018-07-07 09:47:23,774-04 DEBUG
[org.ovirt.engine.core.common.di.interceptor.DebugLoggingInterceptor]
(default task-23) [] method: runAction, params: [AddVmFromScratch,
AddVmParameters:{commandId='720f8857-26e1-4ce2-8afd-6297372a27e9',
user='null', commandType='Unknown',
vmId='a8064ee0-dc9f-47cc-b211-29d2e8b14873'}], timeElapsed: 121ms
2018-07-07 09:47:23,781-04 ERROR
[org.ovirt.engine.api.restapi.resource.AbstractBackendResource]
(default task-23) [] Operation Failed: [Cannot add VM. The VM name is
already in use, please choose a unique name and try again.]
</error>
6 years, 5 months
[JIRA] (OVIRT-2282) use SSH keys from gerrit for infra users
by Barak Korren (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-2282?page=com.atlassian.jir... ]
Barak Korren commented on OVIRT-2282:
-------------------------------------
As discussed in an infra meeting the approach I think we should take here is to:
# Have a group in Gerrit that defines who the infra team members are
# Have a shell script that lists members of that group (can be done with {{ssh ... gerrit ls-members}}) and
## either:
### Create local accounts for those members
### Download SSH public keys from Gerrit and install in those accounts
### setup password-less sudo for those accounts
## or:
### Download SSH public keys from Gerrit and install in the root acocunt
# Run that shell script from cron every 30 minutes on all slaves.
# Setup this script and cron job on the slave via cloud-init.
# On non-slave hosts we can choose to setup the script and cron job
Discussion about why IMO it should be a script and not Ansible/Puppet/Some other thing:
# This needs to be run locally on every slave - so doing this with a tool will require having that tool be pre-installed on the slave.
# Arguments for using a tool may include the reasoning that it may be easier to add more functionality over time if we use a tool. My counter argument is that we're very much unlikely to add any more functionality, as most if not all other changes we may wish to make to a slave can affect the CI systems and therefore are better done in sync with it via {{globale_setup.sh}}, etc.
> use SSH keys from gerrit for infra users
> ----------------------------------------
>
> Key: OVIRT-2282
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2282
> Project: oVirt - virtualization made easy
> Issue Type: Improvement
> Reporter: Evgheni Dereveanchin
> Assignee: infra
>
> Opening ticket to discuss possibility of managing user accounts through gerrit as it has SSH pubkeys defined.
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100088)
6 years, 5 months
[JIRA] (OVIRT-2287) ovirt-system-tests_he-node-ng-suite-master is
failing on not enough memory to run VMs
by Barak Korren (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-2287?page=com.atlassian.jir... ]
Barak Korren commented on OVIRT-2287:
-------------------------------------
On 6 July 2018 at 11:57, Sandro Bonazzola <sbonazzo(a)redhat.com> wrote:
>
> https://jenkins.ovirt.org/job/ovirt-system-tests_he-node-ng-
> suite-master/165/testReport/(root)/004_basic_sanity/vm_run/
>
> Cannot run VM. There is no host that satisfies current scheduling
> constraints. See below for details:, The host lago-he-node-ng-suite-master-host-0
> did not satisfy internal filter Memory because its available memory is too
> low (656 MB) to run the VM.
>
>
this sounds like something that needs to be fixed in the suit's
LagoInitFile.
> --
>
> SANDRO BONAZZOLA
>
> MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
>
> Red Hat EMEA <https://www.redhat.com/>
>
> sbonazzo(a)redhat.com
> <https://red.ht/sig>
>
> _______________________________________________
> Devel mailing list -- devel(a)ovirt.org
> To unsubscribe send an email to devel-leave(a)ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/
> message/TDKLML6YDBATFHS232GFJF7QVRTWUH74/
>
>
--
Barak Korren
RHV DevOps team , RHCE, RHCi
Red Hat EMEA
redhat.com | TRIED. TESTED. TRUSTED. | redhat.com/trusted
> ovirt-system-tests_he-node-ng-suite-master is failing on not enough memory to run VMs
> -------------------------------------------------------------------------------------
>
> Key: OVIRT-2287
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2287
> Project: oVirt - virtualization made easy
> Issue Type: Bug
> Reporter: sbonazzo
> Assignee: infra
> Priority: Highest
> Labels: ost_failures, ost_lago
> Attachments: srv.log
>
>
> https://jenkins.ovirt.org/job/ovirt-system-tests_he-node-ng-suite-master/...
> Cannot run VM. There is no host that satisfies current scheduling
> constraints. See below for details:, The host
> lago-he-node-ng-suite-master-host-0 did not satisfy internal filter Memory
> because its available memory is too low (656 MB) to run the VM.
> --
> SANDRO BONAZZOLA
> MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
> Red Hat EMEA <https://www.redhat.com/>
> sbonazzo(a)redhat.com
> <https://red.ht/sig>
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100088)
6 years, 5 months
[JIRA] (OVIRT-2288) typo in jenkins
by Barak Korren (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-2288?page=com.atlassian.jir... ]
Barak Korren reassigned OVIRT-2288:
-----------------------------------
Assignee: Daniel Belenky (was: infra)
> typo in jenkins
> ---------------
>
> Key: OVIRT-2288
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2288
> Project: oVirt - virtualization made easy
> Issue Type: Bug
> Components: Change Queue
> Reporter: Greg Sheremeta
> Assignee: Daniel Belenky
> Priority: Low
> Attachments: Selection_075.png
>
>
> Hey,
> I noticed a typo ("basic-suit" etc)
> [image: Selection_075.png]
> s/suit$/suite/g
> (suit == something people wear, or refers to playing cards [heart, spade,
> etc])
> Feel free to close if it's not easy to correct.
> --
> GREG SHEREMETA
> SENIOR SOFTWARE ENGINEER - TEAM LEAD - RHV UX
> Red Hat NA
> <https://www.redhat.com/>
> gshereme(a)redhat.com IRC: gshereme
> <https://red.ht/sig>
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100088)
6 years, 5 months