GitLab runner update - fix samba-fips on Rackspace runners

Andrew Bartlett abartlet at samba.org
Wed Sep 6 05:18:01 UTC 2023 

On Wed, 2023-09-06 at 07:09 +0200, Stefan Metzmacher wrote:
> Hi Andrew,
> > The old kernels were  4.15.0-159-generic from Ubuntu 18.04
> > The Kernel under our CI images is now 5.15.0-41-generic from
> > Ubuntu22.04
> 
> Can we use the hwe kernels there (linux-generic-hwe-22.04),it would
> mean we would get 6.2.0-31-generic, and even morerecent ones once
> ubuntu 23.10 get stable.
> It would mean we could do io_uring tests with the latestzero copy
> features available with kernels >= 6.1

To do that we would need to build a new CI image, eg with packer from a
Ubuntu minimal image.  We can't at runtime change the kernel image as
(of course) we need to reboot. 
A new minimal CI image would be a really good thing, because currently
it spends way to long upgrading all the packages that we don't use, and
installing docker before the CI can start.
The ideal would be to build and upload that each time we rebuild the
bastion host, and have that process automatically remember the image
ID.  
But currently, no, we can't, sorry!
> > The shared runners are 5.4.109+  BTW.
> > This seems to fix a persistent failure in the samba-fips test, eg
> > asseen here: 
> > https://gitlab.com/samba-team/devel/samba/-/jobs/4840635606
> > 
> > I've also taken the opportunity to set the maximum job timeout in
> > theRackspace side to 4 hours - within 5 hours a VM will be
> > terminated bycloud-checker.py, as script running on the bastion
> > host, and to make itnot block.  (Blocking deleting hosts is bad,
> > sometimes the calls stalland fail to complete, preventing other VMs
> > from being killed off).This should help keep our CI bill under
> > control.
> > Also of interest is a MR to only use shared runners
> > https://gitlab.com/samba-team/samba/-/merge_requests/3255
> > 
> > I'm shocked to see this all green!
> > This would mean we could save our private runners for security
> > workonly.
> > Finally, I've noticed that GitLab upstream has removed their
> > relianceon Docker Hub, so the limitation (an aggressive rate limit)
> > thatblocked our move to OSU OSL a while back no longer applies.  If
> > wechose to go the other direction (move more CI to OSU OSL, say if
> > GitLabchanges their CI terms/fees) that should now be entirely
> > practical.
> 
> Thanks for all the work!

Thanks,
Andrew-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd


Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions

More information about the samba-technical mailing list