areas where we can invest in automation?

Robyn Bergeron rbergero at redhat.com
Tue May 28 14:58:23 UTC 2013 


----- Original Message -----
> From: "Ralph Bean" <rbean at redhat.com>
> To: "Fedora Infrastructure" <infrastructure at lists.fedoraproject.org>
> Sent: Tuesday, May 28, 2013 6:45:43 AM
> Subject: Re: areas where we can invest in automation?
> 
> On Tue, May 28, 2013 at 08:33:22AM -0400, Matthew Miller wrote:
> > I was asked (with my Red Hat hat on) to put together a little report on
> > areas in Fedora which could be improved with an investment in better
> > automation. From what I'm working on myself, I'm aware of the gigantic need
> > in the cloud images production process, and I've been keeping an eye on Tim
> > Flink's autoqa revamp ideas. I expect there are others, because I know from
> > my previous jobs that there's always a balance between building
> > condiment-passing machines and just _passing the salt_. [1] Are there other
> > things which could be made better if only someone came up with the spare
> > time and resources to do the work?
> 
> Hi!
> 
> Some observations/ideas:
> 
> 1) The packager workflow is pretty tedious.  There has been some
>    improvement to it, but more can be done.  Things like
>    fedora-review and fedora-create-review (and bodhi!) are a huge
>    help.  But there are plenty of inefficient "blocking" points in the
>    process.
> 
>    For instance, once a new package is approved, only then does the
>    submitter declare what branches they want with an scm admin
>    request.  They then wait for an scm admin to declare that they
>    have created their branches, and then wait for a cronjob to run
>    that gives them permission to push on those branches (manually).
>    They then wait for their koji builds to finish to (manually) submit
>    bodhi updates.
> 
>    It would be nice if we could automate that whole process -- once a
>    package is approved, if there were a "make-it-so" button that
>    required no further intervention from the packager (but still
>    required the keen eye of an scm admin).
> 
>    There are further sequences down the pipeline like requesting that
>    packages in testing be pushed to stable, but there are good
>    arguments against automating that.
> 
> 2) Continuous deployment for infrastructure.  It has been tossed
>    around in IRC, possibly at FUDCon as well.  If application
>    developers could "git push" on the develop branch and have those
>    changes automatically roll out to our staging infrastructure --
>    that would save a lot of time.  Packaging our apps, building rpms,
>    signing them, copying them to our infra yum repos, rebuilding those
>    repos, clearing the cache on the target machines, performing a yum
>    update <-- that process is cumbersome.
> 
>    I suspect that the "release only when we have accumulated enough
>    changes to warrant enduring the burdensome release process" mode
>    of deployment (as opposed to "release early, release often") also
>    poses somewhat of a barrier to new contributors.  They contribute
>    a patch.. nice!  When does it go live?  When one of our
>    overstretched sysadmin-mains can get around to it (it is required
>    that one of them sign the package).

This would be super. And yes - I think that the "instant gratification" combined with having to know what is likely a lot less process seems like it would yield additional contributions.

Do we have tiers for apps according to their "must stay-up" level - things that are critical vs. NTH? It seems like something where we could probably pick a non-critical app or two and work out what the process would be and basically take that process for a in-production-test-run.



> 
>    Caveat #2.1:
>    There are some ways around this.  Individuals can get around the
>    requirement of having a sysadmin-main touch their test release by
>    installing their rpm directly on the target machine.  They still
>    have to jump through some hoops to make it happen.
> 
>    Caveat #2.2:
>    This is one of the reasons we put so much work into our private
>    cloud (dev nodes).  There is no barrier there for teams to set up
>    their own continuous deployment mechanism.  This meets most needs,
>    but we don't have a way to iterate rapidly on some of the more
>    important pieces of our infrastructure.  Apps/services that
>    interact with each other don't quite work out on isolated cloud
>    nodes.  The bodhi masher?  Koji?  fedmsg?  mirror manager?  We
>    can't necessarily test those on dev nodes (and some we can't test
>    in staging -- resolving this down the road would save some
>    headaches).

So I'm definitely treading into "woefully technically unedumacated" territory - but could we not just take snapshots of the associated apps/services/databases, test whatever changes are incoming against the snapshots, and if it passes, push the changes to production and dump the tested nodes? (I realize this is simplifying things - we might have changes that require changes in both places, etc - but just wondering if I'm totally off-base here.) Or is this just a matter of "the infra things aren't running in the same place"?

-robyn

> 
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure

More information about the infrastructure mailing list