Hi Trevor, I am ok with going for #1
If should not really be me approving patches in releng, so will let the other cores chime in. For #2 I looked at your log and see what you mean. I cannot spot why a normal user is allowed to install. This is what I get when trying to install on my home PC (arch linux): [Errno 13] Permission denied: '/usr/lib/python2.7/site-packages/ Regards, Luke On Tue, Jun 27, 2017 at 5:04 PM, Trevor Bramwell < tbramw...@linuxfoundation.org> wrote: > Hey Luke, > > I'm definitely opting for #1 and have a patch here[1]. This change can > be moved into the docker container later to resolve your concerns about > path changes. > > Unrelated to the specific change, there are two questions this raises > which speak to the nature of our CI infra: > > 1. Why are docker build results not part of the verification for patchsets? > > If we don't provide feedback for docker builds (and also have the > build/publish steps seperate) how will the community know when their > Dockefile changes break builds? > > 2. How did the Docker build work for me locally but not on ericsson-build3? > > I've attached my build log and compared it to the last build[2], but > no major differences jump out to me. The only differences I saw > between the docker environments was a newer version of Go running on > ericsson-build3. > > Regards, > Trevor Bramwell > > [1] https://gerrit.opnfv.org/gerrit/#/c/36601/ > [2] https://build.opnfv.org/ci/job/releng-anteater-docker- > build-push-master/14/console > > On Tue, Jun 27, 2017 at 01:50:15PM +0100, Luke Hinds wrote: > > Hi, > > > > Patch [1] resulted in docker build failing due to a non root user not > > having permissions to write to /usr/lib/python2.7, as seen in job [2]. To > > address this I opened [3] and pushed patch [4] which implements a > > virtualenv, but this now fails as the anteater path is not known. > > > > There are two ways to resolve this. > > > > 1. We hardcode the path to anteater in anteaters jjb scripts. > > 2. We revert back to running docker as before (root) user. > > > > I guess 1 makes sense, but has some risk if the POSIX path were to > change. > > For '2' I am not opposed as I don't see any security risk running the > > commands as root in the container. As I understand, this is a create / > > destroy scenario with no data persisting in any volumes or pulled in > > externally. Looking around others such as functest also run as root to > > create their needed env. > > > > [1] https://gerrit.opnfv.org/gerrit/#/c/36325/ > > [2] > > https://build.opnfv.org/ci/job/releng-anteater-docker- > build-push-master/14/console > > [3] https://jira.opnfv.org/browse/RELENG-260 > > [4] https://gerrit.opnfv.org/gerrit/#/c/36571 > > [5] > > https://build.opnfv.org/ci/job/opnfv-security-audit- > verify-master/133/console > > > > -- > > Luke Hinds | NFV Partner Engineering | Office of Technology | Red Hat > > e: lhi...@redhat.com | irc: lhinds @freenode | m: +44 77 45 63 98 84 | > t: +44 > > 12 52 36 2483 > -- Luke Hinds | NFV Partner Engineering | Office of Technology | Red Hat e: lhi...@redhat.com | irc: lhinds @freenode | m: +44 77 45 63 98 84 | t: +44 12 52 36 2483
_______________________________________________ opnfv-tech-discuss mailing list opnfv-tech-discuss@lists.opnfv.org https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
