Thanks Trevor! Just found a bug in my code now its running, so patch on its way.
On Tue, Jun 27, 2017 at 8:14 PM, Trevor Bramwell < tbramw...@linuxfoundation.org> wrote: > Hey Luke, > > Thanks for the reviews! It looks like the patch[1] fixed the > verification[2] and anteater is running again. > > Regards, > Trevor Bramwell > > [1] https://gerrit.opnfv.org/gerrit/#/c/36601/ > [2] https://build.opnfv.org/ci/job/opnfv-security-audit- > verify-master/148/console > > On Tue, Jun 27, 2017 at 05:15:40PM +0100, Luke Hinds wrote: > > Hi Trevor, > > > > I am ok with going for #1 > > > > If should not really be me approving patches in releng, so will let the > > other cores chime in. > > > > For #2 I looked at your log and see what you mean. I cannot spot why a > > normal user is allowed to install. > > > > This is what I get when trying to install on my home PC (arch linux): > > > > [Errno 13] Permission denied: '/usr/lib/python2.7/site-packages/ > > > > Regards, > > > > Luke > > > > > > > > On Tue, Jun 27, 2017 at 5:04 PM, Trevor Bramwell < > > tbramw...@linuxfoundation.org> wrote: > > > > > Hey Luke, > > > > > > I'm definitely opting for #1 and have a patch here[1]. This change can > > > be moved into the docker container later to resolve your concerns about > > > path changes. > > > > > > Unrelated to the specific change, there are two questions this raises > > > which speak to the nature of our CI infra: > > > > > > 1. Why are docker build results not part of the verification for > patchsets? > > > > > > If we don't provide feedback for docker builds (and also have the > > > build/publish steps seperate) how will the community know when their > > > Dockefile changes break builds? > > > > > > 2. How did the Docker build work for me locally but not on > ericsson-build3? > > > > > > I've attached my build log and compared it to the last build[2], but > > > no major differences jump out to me. The only differences I saw > > > between the docker environments was a newer version of Go running on > > > ericsson-build3. > > > > > > Regards, > > > Trevor Bramwell > > > > > > [1] https://gerrit.opnfv.org/gerrit/#/c/36601/ > > > [2] https://build.opnfv.org/ci/job/releng-anteater-docker- > > > build-push-master/14/console > > > > > > On Tue, Jun 27, 2017 at 01:50:15PM +0100, Luke Hinds wrote: > > > > Hi, > > > > > > > > Patch [1] resulted in docker build failing due to a non root user not > > > > having permissions to write to /usr/lib/python2.7, as seen in job > [2]. To > > > > address this I opened [3] and pushed patch [4] which implements a > > > > virtualenv, but this now fails as the anteater path is not known. > > > > > > > > There are two ways to resolve this. > > > > > > > > 1. We hardcode the path to anteater in anteaters jjb scripts. > > > > 2. We revert back to running docker as before (root) user. > > > > > > > > I guess 1 makes sense, but has some risk if the POSIX path were to > > > change. > > > > For '2' I am not opposed as I don't see any security risk running the > > > > commands as root in the container. As I understand, this is a create > / > > > > destroy scenario with no data persisting in any volumes or pulled in > > > > externally. Looking around others such as functest also run as root > to > > > > create their needed env. > > > > > > > > [1] https://gerrit.opnfv.org/gerrit/#/c/36325/ > > > > [2] > > > > https://build.opnfv.org/ci/job/releng-anteater-docker- > > > build-push-master/14/console > > > > [3] https://jira.opnfv.org/browse/RELENG-260 > > > > [4] https://gerrit.opnfv.org/gerrit/#/c/36571 > > > > [5] > > > > https://build.opnfv.org/ci/job/opnfv-security-audit- > > > verify-master/133/console > > > > > > > > -- > > > > Luke Hinds | NFV Partner Engineering | Office of Technology | Red Hat > > > > e: lhi...@redhat.com | irc: lhinds @freenode | m: +44 77 45 63 98 84 > | > > > t: +44 > > > > 12 52 36 2483 > > > > > > > > > > > -- > > Luke Hinds | NFV Partner Engineering | Office of Technology | Red Hat > > e: lhi...@redhat.com | irc: lhinds @freenode | m: +44 77 45 63 98 84 | > t: +44 > > 12 52 36 2483 > -- Luke Hinds | NFV Partner Engineering | Office of Technology | Red Hat e: lhi...@redhat.com | irc: lhinds @freenode | m: +44 77 45 63 98 84 | t: +44 12 52 36 2483
_______________________________________________ opnfv-tech-discuss mailing list opnfv-tech-discuss@lists.opnfv.org https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
