* [cip-dev] gitlab-ci for CIP tiny profile (Deby)
@ 2019-06-06 5:41 daniel.sangorrin at toshiba.co.jp
2019-06-06 6:51 ` Adler, Michael
0 siblings, 1 reply; 7+ messages in thread
From: daniel.sangorrin at toshiba.co.jp @ 2019-06-06 5:41 UTC (permalink / raw)
To: cip-dev
Hello Michael,
I have added an initial, very simple, gitlab-ci yaml script for building CIP tiny profile (Deby for BBB).
https://gitlab.com/cip-project/cip-core/deby/blob/master/.gitlab-ci.yml
I have tested it with Gitlab's shared runners. I set the timeout to be 4h, but the shared runner seems to have a timeout of 3h.
Hopefully it will finish in time:
https://gitlab.com/cip-project/cip-core/deby/-/jobs/226174734
I read that for public open source projects, the maximum amount of CI time is 2000 minutes per month.
This is clearly not enough for Deby.
For that reason, I would like to register our Runner. Please let me know what should I do.
Thanks,
Daniel
^ permalink raw reply [flat|nested] 7+ messages in thread
* [cip-dev] gitlab-ci for CIP tiny profile (Deby)
2019-06-06 5:41 [cip-dev] gitlab-ci for CIP tiny profile (Deby) daniel.sangorrin at toshiba.co.jp
@ 2019-06-06 6:51 ` Adler, Michael
2019-06-06 8:20 ` daniel.sangorrin at toshiba.co.jp
2019-06-06 14:39 ` Adler, Michael
0 siblings, 2 replies; 7+ messages in thread
From: Adler, Michael @ 2019-06-06 6:51 UTC (permalink / raw)
To: cip-dev
Hi Daniel,
> For that reason, I would like to register our Runner. Please let me know what should I do.
sure, no problem! I suggest moving my instance of the gitlab-ci runner to the project-level.
Then it should be visible to all sub-projects (which includes your project).
For this however, I would require the *runner registration token* of the parent project:
* Go to https://gitlab.com/cip-project, "Settings -> CI/CD"
* Expand "Runners" section, copy&paste the token under "Set up a specific Runner manually"
* Send me the token in in a pgp-encrypted mail (keyserver pgp.mit.edu, keyid: 0xf39a07eca4aabc19)
Best regards,
Michael
--
Michael Adler
Siemens AG, Corporate Technology, CT RDA IOT SES-DE, Otto-Hahn-Ring 6, 81739 Munich, Germany
Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
^ permalink raw reply [flat|nested] 7+ messages in thread
* [cip-dev] gitlab-ci for CIP tiny profile (Deby)
2019-06-06 6:51 ` Adler, Michael
@ 2019-06-06 8:20 ` daniel.sangorrin at toshiba.co.jp
2019-06-06 14:39 ` Adler, Michael
1 sibling, 0 replies; 7+ messages in thread
From: daniel.sangorrin at toshiba.co.jp @ 2019-06-06 8:20 UTC (permalink / raw)
To: cip-dev
Continuing with this conversation on the public list, it seems that the job on gitlab-cloud-ci failed:
https://gitlab.com/cip-project/cip-core/deby/-/jobs/226291592
--- Error summary ---
ERROR: OE-core's config sanity checker detected a potential misconfiguration.
Either fix the cause of this error or at your own risk disable the checker (see sanity.conf).
Following is the list of potential problems / advisories:
Do not use Bitbake as root
Perhaps it has something to do with privileged containers?
Thanks,
Daniel
> -----Original Message-----
> From: Adler, Michael <michael.adler@siemens.com>
> Sent: Thursday, June 6, 2019 3:52 PM
> To: sangorrin daniel(????? ???? ????????) <daniel.sangorrin@toshiba.co.jp>
> Cc: cip-dev at lists.cip-project.org
> Subject: Re: gitlab-ci for CIP tiny profile (Deby)
>
> Hi Daniel,
>
> > For that reason, I would like to register our Runner. Please let me know what should I do.
>
> sure, no problem! I suggest moving my instance of the gitlab-ci runner to the project-level.
> Then it should be visible to all sub-projects (which includes your project).
> For this however, I would require the *runner registration token* of the parent project:
>
> * Go to https://gitlab.com/cip-project, "Settings -> CI/CD"
> * Expand "Runners" section, copy&paste the token under "Set up a specific Runner manually"
> * Send me the token in in a pgp-encrypted mail (keyserver pgp.mit.edu, keyid: 0xf39a07eca4aabc19)
>
> Best regards,
> Michael
>
> --
> Michael Adler
> Siemens AG, Corporate Technology, CT RDA IOT SES-DE, Otto-Hahn-Ring 6, 81739 Munich, Germany
>
> Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser,
> Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel,
> Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries:
> Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
^ permalink raw reply [flat|nested] 7+ messages in thread
* [cip-dev] gitlab-ci for CIP tiny profile (Deby)
2019-06-06 6:51 ` Adler, Michael
2019-06-06 8:20 ` daniel.sangorrin at toshiba.co.jp
@ 2019-06-06 14:39 ` Adler, Michael
2019-06-10 6:52 ` daniel.sangorrin at toshiba.co.jp
1 sibling, 1 reply; 7+ messages in thread
From: Adler, Michael @ 2019-06-06 14:39 UTC (permalink / raw)
To: cip-dev
Alright, the token exchange was successful this morning and gitlab-cloud-ci runner should be visible to all child
projects now. However, we ran into an issue [1] when executing Daniel's CI pipeline:
Gitlab runner does not execute the container's entrypoint [2] which in the above scenario is responsible for switching
to a non-privileged user. This is actually a bug in the Gitlab Kubernetes runner itself [3]. Maybe someone here is
eager enough to fix it :-)? The fix itself should be just a few lines of code, but testing will require some time and
effort.
Meanwhile, various workarounds are possible:
* Use su/sudo in your gitlab-ci.yml to run bitbake as non-root user
* Fork the kas Docker image and insert a USER directive [4]
* ...
As usual, it is better to push the fix upstream instead of downstream and fix the bug in Gitlab runner.
Then I could also get rid of this [5] ugly workaround :-)
I should be back on Tuesday here. So long, Michael.
[1] https://gitlab.com/cip-project/cip-core/deby/-/jobs/226291592
[2] https://github.com/siemens/kas/blob/90ae592ff1b835bb7a8ee5999fe0d619242972c5/docker-entrypoint
[3] https://gitlab.com/gitlab-org/gitlab-runner/issues/4125
[4] https://docs.docker.com/engine/reference/builder/#user
[5] https://gitlab.com/cip-playground/gitlab-cloud-ci/blob/master/share/k8s/setup-host-binfmt/daemonset.yaml
--
Michael Adler
Siemens AG, Corporate Technology, CT RDA IOT SES-DE, Otto-Hahn-Ring 6, 81739 Munich, Germany
Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
^ permalink raw reply [flat|nested] 7+ messages in thread
* [cip-dev] gitlab-ci for CIP tiny profile (Deby)
2019-06-06 14:39 ` Adler, Michael
@ 2019-06-10 6:52 ` daniel.sangorrin at toshiba.co.jp
2019-06-11 9:15 ` Adler, Michael
0 siblings, 1 reply; 7+ messages in thread
From: daniel.sangorrin at toshiba.co.jp @ 2019-06-10 6:52 UTC (permalink / raw)
To: cip-dev
Hi Michael,
> From: Adler, Michael <michael.adler@siemens.com>
[snip]
> Meanwhile, various workarounds are possible:
>
> * Use su/sudo in your gitlab-ci.yml to run bitbake as non-root user
I tried but I got this weird behavior:
https://gitlab.com/cip-project/cip-core/deby/-/jobs/228110647
$ export USER_ID=30000
$ /bin/bash /kas/docker-entrypoint
$ whoami
root
$ cat /etc/passwd
builder:x:30000:30000::/builder:/bin/sh
$ su - builder
$ whoami
root <-- not builder!
$ kas build --target core-image-minimal meta-cip-bbb/kas-bbb.yml
Do not use Bitbake as root.
ERROR: Job failed: command terminated with exit code 1
> * Fork the kas Docker image and insert a USER directive [4]
> * ...
>
> As usual, it is better to push the fix upstream instead of downstream and fix the bug in Gitlab runner.
> Then I could also get rid of this [5] ugly workaround :-)
>
> I should be back on Tuesday here. So long, Michael.
Happy Pfingstmontag ;)
Thanks,
Daniel
>
> [1] https://gitlab.com/cip-project/cip-core/deby/-/jobs/226291592
> [2]
> https://github.com/siemens/kas/blob/90ae592ff1b835bb7a8ee5999fe0d619242972c5/docker-entrypoint
> [3] https://gitlab.com/gitlab-org/gitlab-runner/issues/4125
> [4] https://docs.docker.com/engine/reference/builder/#user
> [5]
> https://gitlab.com/cip-playground/gitlab-cloud-ci/blob/master/share/k8s/setup-host-binfmt/daemonset.yaml
>
> --
> Michael Adler
> Siemens AG, Corporate Technology, CT RDA IOT SES-DE, Otto-Hahn-Ring 6, 81739 Munich, Germany
>
> Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser,
> Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel,
> Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries:
> Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
^ permalink raw reply [flat|nested] 7+ messages in thread
* [cip-dev] gitlab-ci for CIP tiny profile (Deby)
2019-06-10 6:52 ` daniel.sangorrin at toshiba.co.jp
@ 2019-06-11 9:15 ` Adler, Michael
2019-06-12 0:44 ` daniel.sangorrin at toshiba.co.jp
0 siblings, 1 reply; 7+ messages in thread
From: Adler, Michael @ 2019-06-11 9:15 UTC (permalink / raw)
To: cip-dev
Hi Daniel,
I've done some experiments as well [1]. Could you try prefixing the "kas build" command with "gosu builder"?
Something like this:
gosu builder kas build --target core-image-minimal meta-cip-bbb/kas-bbb.yml
See also my gitlab-ci.yml [2].
Best regards,
Michael
[1] https://gitlab.com/therisen06/entrypoint-debug/-/jobs/228882512
[2] https://gitlab.com/therisen06/entrypoint-debug/blob/3c1ffef93ca7880e11a984d4338bf04965962f1f/.gitlab-ci.yml
--
Michael Adler
Siemens AG, Corporate Technology, CT RDA IOT SES-DE, Otto-Hahn-Ring 6, 81739 Munich, Germany
Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
^ permalink raw reply [flat|nested] 7+ messages in thread
* [cip-dev] gitlab-ci for CIP tiny profile (Deby)
2019-06-11 9:15 ` Adler, Michael
@ 2019-06-12 0:44 ` daniel.sangorrin at toshiba.co.jp
0 siblings, 0 replies; 7+ messages in thread
From: daniel.sangorrin at toshiba.co.jp @ 2019-06-12 0:44 UTC (permalink / raw)
To: cip-dev
Thanks Michael,
It seems that worked out!
https://gitlab.com/cip-project/cip-core/deby/-/jobs/229463821
Best regards,
Daniel
> -----Original Message-----
> From: Adler, Michael <michael.adler@siemens.com>
> Sent: Tuesday, June 11, 2019 6:16 PM
> To: sangorrin daniel(????? ???? ????????) <daniel.sangorrin@toshiba.co.jp>
> Cc: cip-dev at lists.cip-project.org
> Subject: Re: [cip-dev] gitlab-ci for CIP tiny profile (Deby)
>
> Hi Daniel,
>
> I've done some experiments as well [1]. Could you try prefixing the "kas build" command with "gosu builder"?
> Something like this:
>
> gosu builder kas build --target core-image-minimal meta-cip-bbb/kas-bbb.yml
>
> See also my gitlab-ci.yml [2].
>
> Best regards,
> Michael
>
> [1] https://gitlab.com/therisen06/entrypoint-debug/-/jobs/228882512
> [2]
> https://gitlab.com/therisen06/entrypoint-debug/blob/3c1ffef93ca7880e11a984d4338bf04965962f1f/.gitlab-
> ci.yml
>
> --
> Michael Adler
> Siemens AG, Corporate Technology, CT RDA IOT SES-DE, Otto-Hahn-Ring 6, 81739 Munich, Germany
>
> Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser,
> Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel,
> Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries:
> Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-06-12 0:44 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-06 5:41 [cip-dev] gitlab-ci for CIP tiny profile (Deby) daniel.sangorrin at toshiba.co.jp
2019-06-06 6:51 ` Adler, Michael
2019-06-06 8:20 ` daniel.sangorrin at toshiba.co.jp
2019-06-06 14:39 ` Adler, Michael
2019-06-10 6:52 ` daniel.sangorrin at toshiba.co.jp
2019-06-11 9:15 ` Adler, Michael
2019-06-12 0:44 ` daniel.sangorrin at toshiba.co.jp
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.