Wikimedia Release Engineering Team/Deployment pipeline/2017-05-02

2017-05-02

edit

Who's here: thcipriani marxarelli hashar jrbranaa akosiaris

Last Time

edit
  • Agreed we all hate json
  • Talked a bit about the security needed in a container, creating files as root is bad
  • Dan + Mako to sync-up on blubber and service-runner
  • Async work on Requirements doc

Topics

edit
  • Requirement doc questions
    • Uniform structure of containers /data, /src, logging, etc
    • Deployment and release management for developers
      • elacticity enabled in k8s 1.4, running k8s 1.5, not really to do with deployment pipeline
      • Resources vs unit is up to developer to define
      • resource definitions/information can live inside pipeline configuration
      • Deployment via k8s covers the canary case automagically (lots of unknowns)
      • Sha1 rollback and deployment -- what's the front-end look like (scap maybe?) -- helm is the default currently
    • Config changes as code deploys
    • Many RelEng requirements are Ipso Facto done because of nature of pipeline (pulled from nodepool work, I think)
      • compatibility with production env
      • "arbitrary sudo"
      • isolated (from one another) (not in the networking sense, but rather as a test after test sense)

Team Updates

edit
  • Releng
    • antoine just upgraded Jenkins so now pipeline available on the live instance
    • translate work done on ci-staging to jjb
  • Ops
    • datacenter switch back
  • Services
    • marko at tech mangers meeting

For next time

edit

As Always

edit