Ubuntu CI Engine

Merge lp://qastaging/~doanac/uci-engine/gk-tempurl-test into lp://qastaging/uci-engine

  1. gk-tempurl-test
  2. Merge into trunk
Proposed by Andy Doan
Status: Merged
Approved by: Andy Doan
Approved revision: 647
Merged at revision: 654
Proposed branch: lp://qastaging/~doanac/uci-engine/gk-tempurl-test
Merge into: lp://qastaging/uci-engine
Diff against target: 306 lines (+146/-14)
3 files modified
ci-utils/ci_utils/json_status.py (+63/-3)
gatekeeper/gatekeeper/resources/tests/test_api.py (+37/-6)
gatekeeper/gatekeeper/resources/v1.py (+46/-5)
To merge this branch: bzr merge lp://qastaging/~doanac/uci-engine/gk-tempurl-test
Reviewer Review Type Date Requested Status
PS Jenkins bot (community) continuous-integration Approve
Celso Providelo (community) Approve
Review via email: mp+225594@code.qastaging.launchpad.net

Commit message

gatekeeper: add a tempurl status check

This adds a health check to prove tempurls work.

Since tempurl creation can take a little time, I added a simple
caching mechanism to hold a response for up to 60s.

Description of the change

serves as the basis for:

 https://app.asana.com/0/8312550429062/14363067901233

This could then use https://code.launchpad.net/~doanac/uci-engine/webui-nagios-check/+merge/222573 if want to wire it up to nagios

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:644
http://s-jenkins.ubuntu-ci:8080/job/uci-engine-ci/1014/
Executed test runs:

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/uci-engine-ci/1014/rebuild

review: Approve (continuous-integration)
Revision history for this message
Celso Providelo (cprov) wrote :

Thanks for working on this, Andy.

The idea and the implementation are great. Although, since we are testing production GK with the testing packages we need to configure it to import the testing keyring (otherwise it will query keyserver.u.c and won't find the testing key):

{{{
export CI_KEYRING_URI='file:///srv/ci-airline-gatekeeper-restish/ci-utils/ci_utils/testing/data/testing_keyring.txt'
}}}

I suggest defaulting this value in deploy.py and if we ever need additional static keyrings in production we can change this option to host CSV content.

Since we have other cached statuses, can we have, a constant in json_status module with the system global cache-timeout (60s) and timestamps in the json_status contents ?

Once you have considered my points, feel free to land. Good job!

review: Approve
Revision history for this message
Evan (ev) wrote :

> The idea and the implementation are great. Although, since we are testing production GK with the testing packages we need to configure it to import the testing keyring (otherwise it will query keyserver.u.c and won't find the testing key):

Why wouldn't we just submit the testing keys to keyserver.u.c? If keyserver.u.c goes down and we need it it to get a tempurl, then we should know about that :)

Revision history for this message
Celso Providelo (cprov) wrote :

Just to be clear, the testing key is only needed for validating the
source packages signed with, not for generating tempurls.

It's okay to submit and maintain it for keyserver.u.c, it will be yet
another testing key available. If the keyserver goes down, not SPU can
be uploaded (validated).

On Mon, Jul 7, 2014 at 7:44 AM, Evan Dandrea <email address hidden> wrote:
>> The idea and the implementation are great. Although, since we are testing production GK with the testing packages we need to configure it to import the testing keyring (otherwise it will query keyserver.u.c and won't find the testing key):
>
> Why wouldn't we just submit the testing keys to keyserver.u.c? If keyserver.u.c goes down and we need it it to get a tempurl, then we should know about that :)
> --
> https://code.launchpad.net/~doanac/uci-engine/gk-tempurl-test/+merge/225594
> You are reviewing the proposed merge of lp:~doanac/uci-engine/gk-tempurl-test into lp:uci-engine.

--
Celso Providelo
<email address hidden>

Revision history for this message
Andy Doan (doanac) wrote :

On 07/04/2014 05:18 PM, Celso Providelo wrote:
> The idea and the implementation are great. Although, since we are testing production GK with the testing packages we need to configure it to import the testing keyring (otherwise it will query keyserver.u.c and won't find the testing key):
>
> {{{
> export CI_KEYRING_URI='file:///srv/ci-airline-gatekeeper-restish/ci-utils/ci_utils/testing/data/testing_keyring.txt'
> }}}

I'm confused about this. Shouldn't this be failing for me at home
without this configured?

Revision history for this message
Celso Providelo (cprov) wrote :

Andy,

Yes, if you are not using the testing keyring in GK configuration it
won't be able to validate the upload signature ...

Unless someone has already uploaded the testing key to keyserver.u.c:

http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xD9A2A8312ABEFCDB

Okay, since the key was already uploaded, as long as our servers can
access keyserver.u.c we don't need the static keyring configuration
anymore.

Everything is fine and once again we coped with the *unexpected*, I am happy.

That said, we should include a check for keyserver_url availability in
the GK health_checks.

[]

On Mon, Jul 7, 2014 at 12:30 PM, Andy Doan <email address hidden> wrote:
> On 07/04/2014 05:18 PM, Celso Providelo wrote:
>> The idea and the implementation are great. Although, since we are testing production GK with the testing packages we need to configure it to import the testing keyring (otherwise it will query keyserver.u.c and won't find the testing key):
>>
>> {{{
>> export CI_KEYRING_URI='file:///srv/ci-airline-gatekeeper-restish/ci-utils/ci_utils/testing/data/testing_keyring.txt'
>> }}}
>
> I'm confused about this. Shouldn't this be failing for me at home
> without this configured?
>
> --
> https://code.launchpad.net/~doanac/uci-engine/gk-tempurl-test/+merge/225594
> You are reviewing the proposed merge of lp:~doanac/uci-engine/gk-tempurl-test into lp:uci-engine.

--
Celso Providelo
<email address hidden>

Revision history for this message
Andy Doan (doanac) wrote :

On 07/08/2014 08:00 AM, Celso Providelo wrote:
> That said, we should include a check for keyserver_url availability in
> the GK health_checks.

add in revno 646. I think this should have everything you are wanting

Revision history for this message
Celso Providelo (cprov) wrote :

Thanks Andy.

review: Approve
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:646
http://s-jenkins.ubuntu-ci:8080/job/uci-engine-ci/1022/
Executed test runs:

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/uci-engine-ci/1022/rebuild

review: Needs Fixing (continuous-integration)
lp://qastaging/~doanac/uci-engine/gk-tempurl-test updated
647. By Andy Doan

oops fix unit tests from last change

Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:647
http://s-jenkins.ubuntu-ci:8080/job/uci-engine-ci/1024/
Executed test runs:

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/uci-engine-ci/1024/rebuild

review: Approve (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches