1. 15 Feb, 2016 2 commits
    • Kirill Smelkov's avatar
      slapos/recipe/slapconfiguration: Propagate SR defaults to configuration dict · 8c80807d
      Kirill Smelkov authored
      Currently in slapos / slapconfiguration-recipe we have 2 ways to access instance parameters:
      
          configuration dict,
      
      and
      
          configuration.<key>
      
      for every valid key in configuration dict.
      
      An SR could also provide default value for a key, e.g. like helloworld
      SR does for `name` parameter:
      
          https://lab.nexedi.com/nexedi/slapos/blob/3c552c05/software/helloworld/instance.cfg.in#L38
      
      and if such parameter is not provided in instance parameters, the
      default will be used...
      
      ... Though currently it only works for configuration.<key> way of
      access: if a default value was provided by SR with
      
          configuration.key = ...
      
      it will be available via `configuration.key`, but `configuration` dict
      will not have `key` entry at all.
      
      This looks non-consistent to me, so imho in addition to propagating
      
          configuration {} -> configuration.<key>
      
      on parameters receive, we should also propagate
      
          configuration.<key> -> configuration {} defaults
      
      so that at any time two pictures (configuration {} and set of
      configuration.<key>) agree between each other.
      
      NOTE The fix also works for slapconfiguration.serialised case, where we
          obtain parameters as { _ -> json } and json-decode them to python
          dict after receive.
      
          The reason it works is that we apply defaults after parameters
          decode, so e.g. the following
      
          # in SR
          configuration.name = John Doe
      
          # instance parameters
          _ = { "aaa": "bbb" }
      
          will result in the following `configuration` dict:
      
          { 'aaa': 'bbb', 'name': 'John Doe' }
      
      /cc @vpelletier, @alain.takoudjou, @rafael, @Tyagov
      8c80807d
    • Kirill Smelkov's avatar
      slapos/recipe/slapconfiguration: Move post-expand-parameter-dict actions to __init__ · dda79f36
      Kirill Smelkov authored
      The reason is: in the next patch we'll want to adjust fetched
      parameter_dict with SR defaults, but since currently
      _expandParameterDict(), besides expanding itself, also stores result to
      options - we cannot do that after - options is not a plain dict - it is
      buildout own dictionary-like class
      
          https://lab.nexedi.com/nexedi/slapos.buildout/blob/d5deb01f/src/zc/buildout/buildout.py#L1377
      
      which on __setitem__ not stores a reference to value, but somehow copies value inside
      
          https://lab.nexedi.com/nexedi/slapos.buildout/blob/d5deb01f/src/zc/buildout/buildout.py#L1540
      
      so e.g. after the following:
      
          parameter_dict = {'aaa': 'bbb'}
          options['configuration'] = parameter_dict
          parameter_dict['ccc'] = 'ddd'
      
      parameter_dict is           {'aaa': 'bbb', 'ccc': 'ddd'} and
      options['configuration'] is {'aaa': 'bbb' } # no 'ccc' key
      
      ~~~~
      
      So let's rework the code so that _expandParameterDict() only expands the
      dict and we do (future) postprocessing and options['configuration']
      setting in the main driver code.
      
      P.S. isn't it even more logical now?
      
      /cc @vpelletier, @alain.takoudjou
      dda79f36
  2. 12 Feb, 2016 2 commits
  3. 10 Feb, 2016 2 commits
  4. 09 Feb, 2016 2 commits
  5. 08 Feb, 2016 1 commit
  6. 02 Feb, 2016 2 commits
  7. 01 Feb, 2016 4 commits
    • Kirill Smelkov's avatar
      erp5: ERP5 and Jupyter integrated together · 519a575d
      Kirill Smelkov authored
      This patch series teaches ERP5 software release to automatically instantiate
      Jupyter notebook web UI and tune it to connect to ERP5 by default. When Jupyter
      is enabled, it also installs on-server erp5_data_notebook bt5 (see
      nexedi/erp5!29 and nexedi/erp5@f662b5a2) which handles code execution requested
      for Jupyter.
      
      For ERP5 - for security and backward compatibility reasons - Jupyter
      instantiation and erp5_data_notebook bt5 install happen only if jupyter is
      explicitly enabled in instance parameters. The default is not to have Jupyter
      out of the box.
      
      On the other hand for Wendelin SR, which inherits from ERP5 SR, the
      default is to have Jupyter out of the box, because Wendelin SR is fresh
      enough without lots of backward compatibility needs, and Jupyter is
      usually very handy for people who use Wendelin.
      
      --------
      
      NOTE Currently erp5-data-notebook bt5 has the following limitations (see
      details on nexedi/slapos!43 and nexedi/erp5!29):
      
      - errors are not reported properly to users;
      - state is not fully saved to ZODB.
      
      the latter point means notebook works only if it is connected to Zope family
      with only 1 zope process. Hopefully this will be resolved some day.
      
      Technical overview about how the integration is done itself on slapos part and
      other notes are in 0a446263.
      
      /proposed-for-review-on nexedi/slapos!43
      519a575d
    • Douglas's avatar
      Jupyter: ERP5 kernel sends code using POST · cf117ccd
      Douglas authored
      Query strings used on GET requests have size limitations
      on servers and this causes big code cells to not be executed
      at all, returning only an Internal Server Error with no
      further explanation.
      
      /reviewed-by @kirr, @Tyagov (on nexedi/slapos!43)
      cf117ccd
    • Kirill Smelkov's avatar
      erp5: Provide pandas, scikit-learn & matplotlib out of the box · 5cd3fc51
      Kirill Smelkov authored
      Pandas and scikit-learn are handy to have for data processing which we
      are going to do more and more in ERP5 context. Matplotlib is very handy
      to have when one works with Jupyter, but also can be used by just
      backend code to generate graphs.
      
      From this point of view it makes sense to have this eggs always
      available out of the box. To do so move them from Wendelin to ERP5.
      
      /suggested-by @tiwariayush
      /reviewed-by @Tyagov (on nexedi/slapos!43)
      5cd3fc51
    • Kirill Smelkov's avatar
      ERP5 and Jupyter integrated together · 0a446263
      Kirill Smelkov authored
      This patch teaches ERP5 software release to automatically instantiate Jupyter
      notebook web UI and tune it to connect to ERP5 by default. When Jupyter is
      enabled, it also installs on-server erp5_data_notebook bt5 (nexedi/erp5!29)
      which handles code execution requested for Jupyter.
      
      For ERP5 - for security and backward compatibility reasons - Jupyter
      instantiation and erp5_data_notebook bt5 install happen only if jupyter is
      explicitly enabled in instance parameters. The default is not to have Jupyter
      out of the box.
      
      On the other hand for Wendelin SR, which inherits from ERP5 SR, the
      default is to have Jupyter out of the box, because Wendelin SR is fresh
      enough without lots of backward compatibility needs, and Jupyter is
      usually very handy for people who use Wendelin.
      
      ~~~~
      
      For integration, we reuse already established in ERP5 infrastructure, to
      request various slave instances, and request Jupyter in a way so it
      automatically tunes and connects to balancer of one of Zope family.
      
      Jupyter code itself is compiled by reusing
      software/ipython_notebook/software.cfg, and Jupyter instance code is
      reused by hooking software/ipython_notebook/instance.cfg.in into ERP5 SR
      properly (the idea to override instance-jupyter not to render into
      default template.cfg is taken from previous work by @tiwariayush).
      
      ~~~~
      
      I tested this patch inside webrunner with create-erp5-site software type and
      various configurations (whether to have or not have jupyter, to which zope
      family to connect it, etc).
      
      I have not tested frontend instantiation fully - because tests were done only
      in webrunner, but I've tried to make sure generated buildout code is valid for
      cases with frontend.
      
      NOTE the code in this patch depends erp5_data_notebook bt5 (nexedi/erp5!29) which just got merged to erp5.git recently (see nexedi/erp5@f662b5a2)
      
      NOTE even when erp5_data_notebook bt5 is installed, on a freshly installed ERP5, it
      is required to "check site consistency" first, so that initial bt5(s) are
      actually installed and erp5 is ready to function.
      
      /cc @vpelletier, @Tyagov, @klaus, @Camata, @tiwariayush, @Kreisel, @jerome, @nexedi
      /proposed-for-review-on nexedi/slapos!43
      0a446263
  8. 31 Jan, 2016 6 commits
  9. 28 Jan, 2016 1 commit
  10. 27 Jan, 2016 1 commit
  11. 26 Jan, 2016 2 commits
  12. 25 Jan, 2016 2 commits
  13. 24 Jan, 2016 1 commit
    • Kirill Smelkov's avatar
      wendelin: Remove bt5_list leftover · 9aa86470
      Kirill Smelkov authored
      @rafael added this in 971d0bb7 (erp5: Make possible extent the list of
      initial business templates to install), but we dropped that change while
      merging erp5-cluster to master - see:
      
          6bbb61a8 "Merge branch 'master' into erp5-cluster", and
          e84d5e83 "Merge branch 'erp5-cluster'"
      
      6bbb61a8 claimed that it
      
          Dropped commit 971d0bb7
          ("erp5: Make possible extent the list of initial business templates to install").
      
      but it actually dropped changes only under stack/erp5/ , not software/wendelin/
      
      Fix it.
      
      /cc @rafael, @jm, @Tyagov
      /reviewed-by TrustMe
      9aa86470
  14. 22 Jan, 2016 1 commit
  15. 21 Jan, 2016 1 commit
  16. 20 Jan, 2016 3 commits
  17. 17 Jan, 2016 7 commits
    • Kirill Smelkov's avatar
      GitLab Software Release - first version · 866d9051
      Kirill Smelkov authored
      Hello up there,
      
      Here comes SlapOS port of GitLab. We start from GitLab 8.2.X as that is what we
      currently run on KVM on lab.nexedi.com, so that our data can be
      straightforwardly migrated.
      
      The SR compiles all needed software and organized all (sub-)services in one
      partition and interconnects them with unix sockets for security and speed
      reasons (see patch "gitlab: Make a plan to base instance layout on
      gitlab-omnibus and to interconnect all internal services").
      
      Services configuration files are originally taken from omnibus-gitlab
      "distribution" and incrementally ported to slapos variant. This way we
      establish a (imho) good path on how to track upstream changes and minimize our
      delta & effort supporting it.
      
      GitLab itself is patched (above patches that were already applied by upstream):
      
        - to support HTTP(S) only
        - to show site's ICP number
        - to speedup raw blob downloading ~ 17x times
          ( see patch "gitlab: Optimize raw blob downloading" for details and
            https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17 )
      
      Overall it should work and we should finally be able to migrate slapos.git
      (because of raw blob downloading is not slow now) to GitLab and all other
      Nexedi git repositories.
      
      Thanks,
      Kirill
      
      P.S.
      
      Somewhat outdated, but this picture on GitLab architecture might help to
      understand how parts are glued together:
      
      https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/architecture.md
      
      P.P.S.
      
      Native resiliency is not implemented yet, but we should be able to use gitlab
      inside resilient webrunner already.
      
      /proposed-for-review-on nexedi/slapos!39
      /partly-reviewed-by @kazuhiko, @jerome, @Yanni, @jp
      /cc @rafael, @jm
      866d9051
    • Kirill Smelkov's avatar
      gitlab: First SR version works - freeze md5 sums · 729be3b8
      Kirill Smelkov authored
      We've reached a state where first gitlab SR version should work. So as
      promised let's freeze the md5 checksums.
      
      All later patches should update corresponding md5 info when they change
      a file.
      
      /cc @kazuhiko, @jerome
      729be3b8
    • Kirill Smelkov's avatar
      gitlab: Optimize raw blob downloading · a913c2e4
      Kirill Smelkov authored
      In slapos we do a lot of automated software rebuild constantly, and thus
      there is constant flow of requests to get raw blobs from git service,
      e.g. like this
      
          https://lab.nexedi.com/nexedi/slapos/raw/master/software/wendelin/software.cfg
      
      A lot of requests comes to slapos.git repository and currently gitlab,
      out of the box, cannot keep up with that load.
      
      I've prepared patches to offload raw blobs download requests handling
      from unicorn (ruby) to gitlab-workhorse (go), and that resulted in ~ 17x
      speedup - e.g. previously our std shuttle can handle ~ 70 raw-blob
      requests/s and with my changes it is now ~ 1200 requests/s.
      
      The patches were sent upstream
      
          https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/17
      
      and we discussed with GitLab people and made a plan how to proceed
      incrementally. It will probably take some time for gitlab team to fully
      accept the approach though.
      
      For now we can use our gitlab-workhorse fork. The patches itself are:
      
          kirr/gitlab-workhorse@1b274d0d
          kirr/gitlab-workhorse@2beb8c95
      
      /cc @kazuhiko, @jerome, @jm
      a913c2e4
    • Kirill Smelkov's avatar
      gitlab: Switch to "GitLab Nexedi Edition" · 74d4ea62
      Kirill Smelkov authored
      GitLab Nexedi Edition is currently upstream 8.2.X + the following
      patches:
      
          - HTTP(S) is made to be default clone protocol
      
              kirr/gitlab-ce@5c1f2fb3
      
            and SSH info is completely removed from UI
      
              kirr/gitlab-ce@dfe9fb16
              kirr/gitlab-ce@f3f84743
      
            so essentially the only way to access a repository is via HTTP(S).
      
          - Rake check tasks are adjusted to exit with non-zero code if there
            is a failure
      
              kirr/gitlab-ce@a93ae418
      
            We need this for promises to work correctly with failures being
            detected, not silently skipped. The patch was sent upstream:
      
              https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/1885
      
          - GitLab supports setting up site's ICP License in gitlab.yml and
            shows it in appropriate places together with info about GitLab
            itself:
      
              kirr/gitlab-ce@e7e0fd88
              kirr/gitlab-ce@79c127e6
      
          + other cosmetic/minor changes.
      
      More patches will probably come (e.g. apply a single patch from a
      merge-request with `git am` without creating merge commit for just 1
      patch, etc) but for now that's all.
      
      NOTE ICP is non-ascii text with hieroglyphs. slapos.core was taught to
          be able to pass parameters with non-ascii values to instance:
      
              nexedi/slapos.core@347d33d6
      
          That patch is included in slapos.core 1.3.15, but as we currently
          have a lot of older slapos.core deployed (e.g. 1.3.5 on my
          development webrunner) a workaround is (hopefully temporarily) used
          to pass non-ascii values as URL-encoded strings.
      
      /cc @kazuhiko, @jerome, @rafael
      74d4ea62
    • Kirill Smelkov's avatar
      gitlab: Publish connection URL · 3c445ad3
      Kirill Smelkov authored
      In the previous patch we setup nginx service which listens to the world
      and as such gitlab service becomes to be ready to used - so publish
      backend URL.
      
      NOTE we'll need to optimise and tweak gitlab a bit further in upcoming
          patches, so it can be really used under load and with our use-cases,
          but even now it listens to http ok and generally works.
      
      /cc @kazuhiko, @jerome
      3c445ad3
    • Kirill Smelkov's avatar
      gitlab/nginx: Slapos'ify config and turn nginx into a service · 85f7d7e3
      Kirill Smelkov authored
      Go through nginx configuration templates and convert them to jinja2 with
      slapos parameters (reminder: names and default values are imported from
      omnibus-gitlab 8.2.3+ce.0-0-g8eda093), except commenting out features we
      do not want to support (yet ?).
      
      As nginx is a reverse-proxy, i.e. it integrates all internal services
      and works as frontend to them, our gitlab service is now ready to listen
      and talk to the world over (standard to slapos services backend) IPv6.
      
      Nginx also acts as SSL termination point - for it to work by default we
      setup self-signed certificate for the backend, which can be manually
      changed to proper certificate if needed. Backend certificate is used
      if gitlab is configured to work in HTTPS mode (and frontend certificate
      is another story).
      
      NOTE ssl certificate is generated with just `openssl req ...` - yes, there
          is slapos.cookbook:certificate_authority.request but it requires
          to start whole service and has up to 60 seconds latency to generate
          certificate. And we only need to run 1 command to do that...
      
      The features disabled are:
      
          - http -> https redirection
      
            not needed for us at nginx level - the frontend can do the
            redirection and also gitlab speaks HSTS on https port so when we access
            https port via http protocol, it gets redirected to https.
      
          - kerberos
          - ssl_dhparam
          - providing custom nginx configuration via instance parameter
      
      /cc @kazuhiko, @jerome
      85f7d7e3
    • Kirill Smelkov's avatar
      gitlab: Hook nginx configuration files into SR system · 45127f6d
      Kirill Smelkov authored
      Like with Rails configuration files, hook nginx configuration files into
      SR / instance build process; rename *.erb -> *.in and add our header.
      
      The templates are still not valid - a lot of erb code is left there -
      we'll slapos'ify it incrementally in the following patches.
      
      /cc @kazuhiko, @jerome
      45127f6d