- 11 Feb, 2016 7 commits
-
-
Kirill Smelkov authored
- there is a section for gitlab pages, which we stub-out; - there is no longer a need to add /raw/... handling to nginx - as now nginx is just an SSL terminator for gitlab-workhorse, all URL handling is done inside gitlab-workhorse and is dealt with ok by our patches. - as now nginx does not directly connect to unicorn, there is no need to pass unicorn section to nginx's template. /cc @kazuhiko, @jerome
-
Kirill Smelkov authored
Like wih gitlab configs, this does only pure merge. We will slaposify / adjust to updates in the following patches. /cc @kazuhiko, @jerome
-
Kirill Smelkov authored
Slapos'ify config updates brought by sync with omnibus-gitlab (see merge in the previous patch). Changes: - default visibility levels gone away (see merge commit and https://gitlab.com/gitlab-org/omnibus-gitlab/commit/b5ebbab3 ) - there are new settings for GitLab Pages and Elasticsearch, which are EE only and thus we do not support them. - there are new settings for auxiliary cron-like jobs, which we do not support for now, since they are used either for CI (not supported by us) or EE features. Configuration files that were synced, but did not changed are also marked as updated, so it is easier to track their changes to upstream in the future. /cc @kazuhiko, @jerome
-
Kirill Smelkov authored
This does only pure merge. We will slaposify / adjust config and corresponding md5sum in the following patches. /cc @kazuhiko, @jerome
-
Kirill Smelkov authored
Like 61544d87 - pristine copy from omnibus 8.4.4+ce.0-0-g1680742. Most of http handling is moving to gitlab-workhorse. Nginx remains only as ssl terminator. /cc @kazuhiko, @jerome
-
Kirill Smelkov authored
Like 6fd7b987 - pristine copy from omnibus 8.4.4+ce.0-0-g1680742. The only change is in gitlab.yml The following files stay the same: database.yml.erb gitlab-rails-config.ru.erb gitlab-shell-config.yml.erb rack_attack.rb.erb resque.yml.erb smtp_settings.rb.erb unicorn.rb.erb /cc @kazuhiko, @jerome
-
Kirill Smelkov authored
Update GitLab software to - gitlab-ce 8.4 + NXD patches https://lab.nexedi.com/kirr/gitlab-ce/commits/8-4-nxd - gitlab-shell to 2.6.10 which now is pure upstream, as all NXD patches were merged. - gitlab-workhorse 0.6.X + NXD patches. https://lab.nexedi.com/kirr/gitlab-workhorse/commits/y/blobraw-3 https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17 This only updates software and begins SR update to 8.4 - for now gitlab instance becomes non-working -- we'll pull in configuration files updates and fixups in the following patches. /cc @kazuhiko, @jerome
-
- 10 Feb, 2016 1 commit
-
-
Jérome Perrin authored
slapos.recipe.cmmi executes command lines by line, so this build options were ignored.
-
- 09 Feb, 2016 1 commit
-
-
Rafael Monnerat authored
older versions are failing on ARM arch.
-
- 02 Feb, 2016 2 commits
-
-
Kazuhiko Shiozaki authored
version up : OpenBLAS 0.2.15. First try with auto-detected target and if it fails try TARGET=GENERIC. You can also spcify the target explicitly by build-ext-options. reviewd-by @Tyagov (on nexedi/slapos!42).
-
Kazuhiko Shiozaki authored
-
- 01 Feb, 2016 4 commits
-
-
Kirill Smelkov authored
This patch series teaches ERP5 software release to automatically instantiate Jupyter notebook web UI and tune it to connect to ERP5 by default. When Jupyter is enabled, it also installs on-server erp5_data_notebook bt5 (see nexedi/erp5!29 and nexedi/erp5@f662b5a2) which handles code execution requested for Jupyter. For ERP5 - for security and backward compatibility reasons - Jupyter instantiation and erp5_data_notebook bt5 install happen only if jupyter is explicitly enabled in instance parameters. The default is not to have Jupyter out of the box. On the other hand for Wendelin SR, which inherits from ERP5 SR, the default is to have Jupyter out of the box, because Wendelin SR is fresh enough without lots of backward compatibility needs, and Jupyter is usually very handy for people who use Wendelin. -------- NOTE Currently erp5-data-notebook bt5 has the following limitations (see details on nexedi/slapos!43 and nexedi/erp5!29): - errors are not reported properly to users; - state is not fully saved to ZODB. the latter point means notebook works only if it is connected to Zope family with only 1 zope process. Hopefully this will be resolved some day. Technical overview about how the integration is done itself on slapos part and other notes are in 0a446263. /proposed-for-review-on nexedi/slapos!43
-
Douglas authored
Query strings used on GET requests have size limitations on servers and this causes big code cells to not be executed at all, returning only an Internal Server Error with no further explanation. /reviewed-by @kirr, @Tyagov (on nexedi/slapos!43)
-
Kirill Smelkov authored
Pandas and scikit-learn are handy to have for data processing which we are going to do more and more in ERP5 context. Matplotlib is very handy to have when one works with Jupyter, but also can be used by just backend code to generate graphs. From this point of view it makes sense to have this eggs always available out of the box. To do so move them from Wendelin to ERP5. /suggested-by @tiwariayush /reviewed-by @Tyagov (on nexedi/slapos!43)
-
Kirill Smelkov authored
This patch teaches ERP5 software release to automatically instantiate Jupyter notebook web UI and tune it to connect to ERP5 by default. When Jupyter is enabled, it also installs on-server erp5_data_notebook bt5 (nexedi/erp5!29) which handles code execution requested for Jupyter. For ERP5 - for security and backward compatibility reasons - Jupyter instantiation and erp5_data_notebook bt5 install happen only if jupyter is explicitly enabled in instance parameters. The default is not to have Jupyter out of the box. On the other hand for Wendelin SR, which inherits from ERP5 SR, the default is to have Jupyter out of the box, because Wendelin SR is fresh enough without lots of backward compatibility needs, and Jupyter is usually very handy for people who use Wendelin. ~~~~ For integration, we reuse already established in ERP5 infrastructure, to request various slave instances, and request Jupyter in a way so it automatically tunes and connects to balancer of one of Zope family. Jupyter code itself is compiled by reusing software/ipython_notebook/software.cfg, and Jupyter instance code is reused by hooking software/ipython_notebook/instance.cfg.in into ERP5 SR properly (the idea to override instance-jupyter not to render into default template.cfg is taken from previous work by @tiwariayush). ~~~~ I tested this patch inside webrunner with create-erp5-site software type and various configurations (whether to have or not have jupyter, to which zope family to connect it, etc). I have not tested frontend instantiation fully - because tests were done only in webrunner, but I've tried to make sure generated buildout code is valid for cases with frontend. NOTE the code in this patch depends erp5_data_notebook bt5 (nexedi/erp5!29) which just got merged to erp5.git recently (see nexedi/erp5@f662b5a2) NOTE even when erp5_data_notebook bt5 is installed, on a freshly installed ERP5, it is required to "check site consistency" first, so that initial bt5(s) are actually installed and erp5 is ready to function. /cc @vpelletier, @Tyagov, @klaus, @Camata, @tiwariayush, @Kreisel, @jerome, @nexedi /proposed-for-review-on nexedi/slapos!43
-
- 31 Jan, 2016 6 commits
-
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kirill Smelkov authored
Gitlab uses github-markup to render various text-based markups (markdown, rst, ...) into html. For rst github-markup wants to run python and have docutils egg available: https://github.com/github/markup/blob/5393ae93/lib/github/markups.rb#L36 as we were not having docutils installed and path to proper python interpreter setup, rst documents were not automatically rendered and were show just as plain text. We do a lot of documents in rst - that case is important for us. So fix it by providing gitlab with properly setup python interpreter with all needed eggs installed. /cc @kazuhiko, @jerome /proposed-for-review-on nexedi/slapos!39
-
- 27 Jan, 2016 1 commit
-
-
Kirill Smelkov authored
The reason is: we are going to integrate Jupyter into ERP5 SR, and in ERP5 SR code, there is already established infrastructure, which requests slave instances. That infrastructure passes parameters in serialized (= json) form, that's why we need to switch. On the other hand, slapos.cookbook:slapconfiguration.serialised handles non-json instance parameters as well: when there parameters format is not {'_' -> <json>} it decodes them as slapos.cookbook:slapconfiguration would do: https://lab.nexedi.com/nexedi/slapos/blob/69229988/slapos/recipe/slapconfiguration.py#L232 https://lab.nexedi.com/nexedi/slapos/blob/69229988/slapos/recipe/librecipe/__init__.py#L51 So from this point of view, though we don't really need it here (Jupyter SR is relatively new), we are staying backward compatible. /cc @tiwariayush
-
- 26 Jan, 2016 2 commits
-
-
Kazuhiko Shiozaki authored
-
Kirill Smelkov authored
Both numpy and ipython are included in ERP5 SR which wendelin inherits from, and are pinned there. Here are e.g. latest pin-ups for numpy and ipython in erp5: e3144a8a (version up eggs.) 135570c9 (version up eggs.) Furthermore: this is not only a cleanup. As e3144a8a shows current version of numpy in erp5 is 1.10.4 and in wendelin we still have 1.9.2 which is unintentional downgrade compared to erp5. Don't do that. /cc @kazuhiko /reviewed-by @Tyagov (on nexedi/slapos!41)
-
- 25 Jan, 2016 2 commits
-
-
Julien Muchembled authored
-
-
- 24 Jan, 2016 1 commit
-
-
Kirill Smelkov authored
@rafael added this in 971d0bb7 (erp5: Make possible extent the list of initial business templates to install), but we dropped that change while merging erp5-cluster to master - see: 6bbb61a8 "Merge branch 'master' into erp5-cluster", and e84d5e83 "Merge branch 'erp5-cluster'" 6bbb61a8 claimed that it Dropped commit 971d0bb7 ("erp5: Make possible extent the list of initial business templates to install"). but it actually dropped changes only under stack/erp5/ , not software/wendelin/ Fix it. /cc @rafael, @jm, @Tyagov /reviewed-by TrustMe
-
- 22 Jan, 2016 1 commit
-
-
Julien Muchembled authored
-
- 21 Jan, 2016 1 commit
-
-
Jérome Perrin authored
-
- 20 Jan, 2016 3 commits
-
-
Julien Muchembled authored
In slapos.package.git/obs, we need to build binaries for specific paths, without changing where buildout actually install them.
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
- 17 Jan, 2016 8 commits
-
-
Kirill Smelkov authored
Hello up there, Here comes SlapOS port of GitLab. We start from GitLab 8.2.X as that is what we currently run on KVM on lab.nexedi.com, so that our data can be straightforwardly migrated. The SR compiles all needed software and organized all (sub-)services in one partition and interconnects them with unix sockets for security and speed reasons (see patch "gitlab: Make a plan to base instance layout on gitlab-omnibus and to interconnect all internal services"). Services configuration files are originally taken from omnibus-gitlab "distribution" and incrementally ported to slapos variant. This way we establish a (imho) good path on how to track upstream changes and minimize our delta & effort supporting it. GitLab itself is patched (above patches that were already applied by upstream): - to support HTTP(S) only - to show site's ICP number - to speedup raw blob downloading ~ 17x times ( see patch "gitlab: Optimize raw blob downloading" for details and https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17 ) Overall it should work and we should finally be able to migrate slapos.git (because of raw blob downloading is not slow now) to GitLab and all other Nexedi git repositories. Thanks, Kirill P.S. Somewhat outdated, but this picture on GitLab architecture might help to understand how parts are glued together: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/architecture.md P.P.S. Native resiliency is not implemented yet, but we should be able to use gitlab inside resilient webrunner already. /proposed-for-review-on nexedi/slapos!39 /partly-reviewed-by @kazuhiko, @jerome, @Yanni, @jp /cc @rafael, @jm
-
Kirill Smelkov authored
We've reached a state where first gitlab SR version should work. So as promised let's freeze the md5 checksums. All later patches should update corresponding md5 info when they change a file. /cc @kazuhiko, @jerome
-
Kirill Smelkov authored
In slapos we do a lot of automated software rebuild constantly, and thus there is constant flow of requests to get raw blobs from git service, e.g. like this https://lab.nexedi.com/nexedi/slapos/raw/master/software/wendelin/software.cfg A lot of requests comes to slapos.git repository and currently gitlab, out of the box, cannot keep up with that load. I've prepared patches to offload raw blobs download requests handling from unicorn (ruby) to gitlab-workhorse (go), and that resulted in ~ 17x speedup - e.g. previously our std shuttle can handle ~ 70 raw-blob requests/s and with my changes it is now ~ 1200 requests/s. The patches were sent upstream https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17 and we discussed with GitLab people and made a plan how to proceed incrementally. It will probably take some time for gitlab team to fully accept the approach though. For now we can use our gitlab-workhorse fork. The patches itself are: gitlab-workhorse@1b274d0d gitlab-workhorse@2beb8c95 /cc @kazuhiko, @jerome, @jm
-
Kirill Smelkov authored
GitLab Nexedi Edition is currently upstream 8.2.X + the following patches: - HTTP(S) is made to be default clone protocol gitlab-ce@5c1f2fb3 and SSH info is completely removed from UI gitlab-ce@dfe9fb16 gitlab-ce@f3f84743 so essentially the only way to access a repository is via HTTP(S). - Rake check tasks are adjusted to exit with non-zero code if there is a failure gitlab-ce@a93ae418 We need this for promises to work correctly with failures being detected, not silently skipped. The patch was sent upstream: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/1885 - GitLab supports setting up site's ICP License in gitlab.yml and shows it in appropriate places together with info about GitLab itself: gitlab-ce@e7e0fd88 gitlab-ce@79c127e6 + other cosmetic/minor changes. More patches will probably come (e.g. apply a single patch from a merge-request with `git am` without creating merge commit for just 1 patch, etc) but for now that's all. NOTE ICP is non-ascii text with hieroglyphs. slapos.core was taught to be able to pass parameters with non-ascii values to instance: nexedi/slapos.core@347d33d6 That patch is included in slapos.core 1.3.15, but as we currently have a lot of older slapos.core deployed (e.g. 1.3.5 on my development webrunner) a workaround is (hopefully temporarily) used to pass non-ascii values as URL-encoded strings. /cc @kazuhiko, @jerome, @rafael
-
Kirill Smelkov authored
Like with Rails configuration this first step is pristine import of nginx configuration files from omnibus-gitlab. All files were imported as-is in their ERB form and filenames from omnibus-gitlab 8.2.3+ce.0-0-g8eda093 from here: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/8eda093/files/gitlab-cookbooks/gitlab/templates/default We import only nginx main http configuration - nginx's CI and Mattermost configurations are not imported, as we do not support CI and Mattermost (yet ?). As with Rails configuration files, we will convert the templates to jinja2 and adjust them to slapos version in the following patches. We will also use the same (commit from last-erb-mod commit + merge) approach to track upstream changes. /cc @kazuhiko, @jerome
-
Kirill Smelkov authored
In the previous patch we setup nginx service which listens to the world and as such gitlab service becomes to be ready to used - so publish backend URL. NOTE we'll need to optimise and tweak gitlab a bit further in upcoming patches, so it can be really used under load and with our use-cases, but even now it listens to http ok and generally works. /cc @kazuhiko, @jerome
-
Kirill Smelkov authored
Sidekiq[1] is used in GitLab as background jobs manager - i.e. if a request handler needs to spawn some non-light job - it adds it to sidekiq queue (in Redis) and relies on sidekiq service to later pick this job up and execute it. The service is setup with just to run bin/gitlab-sidekiq with appropriate queues (extracted from omnibus-gitlab) and appropriate settings to controlling GitLab's sidekiq Out-Of-Memory killer[2]. NOTE Unlike unicorn OOM killer, Sidekiq memory killer just makes sidekiq processes to be SIGKILL terminated and relies on managing service to restart it. In slapos we don't have mechanism to set autorestart=true, nor bang/watchdog currently work with slapproxy, so we setup to do such monitoring ourselves manually with here-introduced watcher-sigkill program. NOTE2 sidekiq promise, because it is rake/gitlab based, is slow to load/run and thus is put into etc/promise.slow/ [1] http://sidekiq.org/ [2] https://gitlab.com/gitlab-org/gitlab-ce/blob/1322bd78/doc/operations/sidekiq_memory_killer.md /cc @kazuhiko, @jerome
-
Kirill Smelkov authored
Go through nginx configuration templates and convert them to jinja2 with slapos parameters (reminder: names and default values are imported from omnibus-gitlab 8.2.3+ce.0-0-g8eda093), except commenting out features we do not want to support (yet ?). As nginx is a reverse-proxy, i.e. it integrates all internal services and works as frontend to them, our gitlab service is now ready to listen and talk to the world over (standard to slapos services backend) IPv6. Nginx also acts as SSL termination point - for it to work by default we setup self-signed certificate for the backend, which can be manually changed to proper certificate if needed. Backend certificate is used if gitlab is configured to work in HTTPS mode (and frontend certificate is another story). NOTE ssl certificate is generated with just `openssl req ...` - yes, there is slapos.cookbook:certificate_authority.request but it requires to start whole service and has up to 60 seconds latency to generate certificate. And we only need to run 1 command to do that... The features disabled are: - http -> https redirection not needed for us at nginx level - the frontend can do the redirection and also gitlab speaks HSTS on https port so when we access https port via http protocol, it gets redirected to https. - kerberos - ssl_dhparam - providing custom nginx configuration via instance parameter /cc @kazuhiko, @jerome
-