Hey Luke, Thanks for the reviews! It looks like the patch[1] fixed the verification[2] and anteater is running again.
Regards, Trevor Bramwell [1] https://gerrit.opnfv.org/gerrit/#/c/36601/ [2] https://build.opnfv.org/ci/job/opnfv-security-audit-verify-master/148/console On Tue, Jun 27, 2017 at 05:15:40PM +0100, Luke Hinds wrote: > Hi Trevor, > > I am ok with going for #1 > > If should not really be me approving patches in releng, so will let the > other cores chime in. > > For #2 I looked at your log and see what you mean. I cannot spot why a > normal user is allowed to install. > > This is what I get when trying to install on my home PC (arch linux): > > [Errno 13] Permission denied: '/usr/lib/python2.7/site-packages/ > > Regards, > > Luke > > > > On Tue, Jun 27, 2017 at 5:04 PM, Trevor Bramwell < > [email protected]> wrote: > > > Hey Luke, > > > > I'm definitely opting for #1 and have a patch here[1]. This change can > > be moved into the docker container later to resolve your concerns about > > path changes. > > > > Unrelated to the specific change, there are two questions this raises > > which speak to the nature of our CI infra: > > > > 1. Why are docker build results not part of the verification for patchsets? > > > > If we don't provide feedback for docker builds (and also have the > > build/publish steps seperate) how will the community know when their > > Dockefile changes break builds? > > > > 2. How did the Docker build work for me locally but not on ericsson-build3? > > > > I've attached my build log and compared it to the last build[2], but > > no major differences jump out to me. The only differences I saw > > between the docker environments was a newer version of Go running on > > ericsson-build3. > > > > Regards, > > Trevor Bramwell > > > > [1] https://gerrit.opnfv.org/gerrit/#/c/36601/ > > [2] https://build.opnfv.org/ci/job/releng-anteater-docker- > > build-push-master/14/console > > > > On Tue, Jun 27, 2017 at 01:50:15PM +0100, Luke Hinds wrote: > > > Hi, > > > > > > Patch [1] resulted in docker build failing due to a non root user not > > > having permissions to write to /usr/lib/python2.7, as seen in job [2]. To > > > address this I opened [3] and pushed patch [4] which implements a > > > virtualenv, but this now fails as the anteater path is not known. > > > > > > There are two ways to resolve this. > > > > > > 1. We hardcode the path to anteater in anteaters jjb scripts. > > > 2. We revert back to running docker as before (root) user. > > > > > > I guess 1 makes sense, but has some risk if the POSIX path were to > > change. > > > For '2' I am not opposed as I don't see any security risk running the > > > commands as root in the container. As I understand, this is a create / > > > destroy scenario with no data persisting in any volumes or pulled in > > > externally. Looking around others such as functest also run as root to > > > create their needed env. > > > > > > [1] https://gerrit.opnfv.org/gerrit/#/c/36325/ > > > [2] > > > https://build.opnfv.org/ci/job/releng-anteater-docker- > > build-push-master/14/console > > > [3] https://jira.opnfv.org/browse/RELENG-260 > > > [4] https://gerrit.opnfv.org/gerrit/#/c/36571 > > > [5] > > > https://build.opnfv.org/ci/job/opnfv-security-audit- > > verify-master/133/console > > > > > > -- > > > Luke Hinds | NFV Partner Engineering | Office of Technology | Red Hat > > > e: [email protected] | irc: lhinds @freenode | m: +44 77 45 63 98 84 | > > t: +44 > > > 12 52 36 2483 > > > > > > -- > Luke Hinds | NFV Partner Engineering | Office of Technology | Red Hat > e: [email protected] | irc: lhinds @freenode | m: +44 77 45 63 98 84 | t: +44 > 12 52 36 2483
signature.asc
Description: PGP signature
_______________________________________________ opnfv-tech-discuss mailing list [email protected] https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
