Jump to content

Continuous integration/Jenkins

From mediawiki.org

Jenkins is a Java tool used to handle recurring tasks such as running tests or building packages. Our primary install is at https://integration.wikimedia.org/ci/.

The tool is permanently connected to our review tool (Gerrit) and can be made to react on changes submitted to Gerrit. A typical example, is running MediaWiki unit tests whenever a change is submitted to the mediawiki/core.git repository.

The configuration of individual jobs is abstracted via Jenkins job builder. The jobs are triggered with Zuul (which processes Gerrit events), and configured in the integration/config.git repository.

If you are on the allow list, you can force Zuul to run all tests on a patchset by adding a comment beginning with the word recheck in Gerrit.

Most of the infrastructure is detailed on wikitech:

Comment commands

[edit]

You will need to be added to the allow list to trigger these commands.

You can monitor the running tests at https://integration.wikimedia.org/zuul/. As documented there, there are a number of special commands that you can write in as a gerrit comment to trigger Zuul to (re)run the tests defined in a repo on a given patchset:

  • recheck – the test jobs in the 'test' pipeline (i.e., the standard tests; this is a sub-set of the merge tests)
  • check coverage – the test job in the 'coverage' pipeline (for PHP code coverage)
  • check perf – the test job in the 'patch-performance' pipeline
  • check codehealth – the test job in the 'codehealth' pipeline
  • check experimental – any test jobs in the 'experimental' pipeline (this might be new versions of PHP, Node.js, Python, etc. that aren't yet tested, or alternative environment systems or databases such as PostgreSQL/SQLite)
  • check php – any test jobs in the 'php' pipeline (the tests that will be run on merge that are missing from the 'test' pipeline); you can also trigger this with the legacy triggers check php5, check zend, check sqlite, and check postgres.[1]

Local Installation

[edit]
Potentially obsolete system to install the stack on a local machine

Automatic installation

[edit]

curl https://raw.github.com/valhallasw/wikimedia-mkjenkins/master/mkjenkins.sh | bash

To make the install go faster, it helps to have a mediawiki-core checkout in ~/src/mediawiki-core - if this repository exists, it will make a local clone. If it doesn't, it will download from gerrit instead (slow!).

Manual installation

[edit]

Issue?

[edit]

Hung beta code/db update

[edit]

This deadlock seems to happen more often than not following or during a database update that is taking a while to complete.

Sometimes you have to do this whole dance several times before Jenkins realizes that the there are a bunch of executors that it can use.

Alternate method:

This second method may interrupt communication between running Jenkins jobs and Zuul but it seems to work even when the offline/online method fails to clear the deadlock.

Alternate alternate method:

It seems that this is some conflict between the Jenkins native scheduler and the Gearman scheduler. Cancelling the build seems to fix the problem. Subsequent builds will deploy the same code to production.

Restart

[edit]

Zuul should not be restarted. Zuul preserves the queue and continues after the restart.

Via web interface

Apply the self-serve Jenkins repair!

With a safeRestart any currently running jobs will block a restart until they are canceled. Any long running jobs should be killed. Check for jobs on the main jenkins dashboard, cancel any long-running jobs there. Bonus points: make a note of the patches for which you have canceled jobs on the zuul dashboard, comment "recheck" for any patches in the test queue that you have aborted.

  1. Head to https://integration.wikimedia.org/ci/safeRestart
  2. Login with your labs account being part of the 'wmf' LDAP group
  3. press "Yes"
  4. in #wikimedia-operations connect: "!log restarting stuck Jenkins".

Shell

On the active host (run host contint.wikimedia.org to see which host is currently active):

sudo systemctl restart jenkins

And then wait a while. Monitor logs via sudo journalctl -f -u jenkins

OOM Issues

[edit]

Troubleshooting

Whenever Jenkins appears to be stuck or facing high CPU usage, you will want to look at the Java threads: https://integration.wikimedia.org/ci/threadDump

This is the way to do it from the CLI

   jstack -l -F <pid of jenkins>

Last time this happened (2017-05-20) a restart of Jenkins "fixed" the problem, but we were unable to troubleshoot without a stacktrace from jstack

Build failures look unrelated

[edit]

Sometimes, changes in other repositories may cause your builds to fail. You can check the Shared Build Failure board to see if any existing issues are similar to your build failure; if there aren’t any, and you’re reasonably certain that your build failures are unrelated to your own changes, you can create a new task.

Agent remote call failed

[edit]

Errors like 11:53:37 FATAL: Remote call on integration-agent-docker-1001 failed are caused with problems in the java agent process running on each agent machine.

To fix these errors try restarting the agent on the target machine.

Debugging

[edit]

Start Jenkins with Java option:

-Dhudson.plugins.git.GitSCM.verbose="true"


Text thread dump: https://integration.wikimedia.org/ci/monitoring?part=threadsDump

Secrets

[edit]

Jenkins has built-in mechanisms for storing secrets like ssh keys and service passwords. Unlike most secrets at WMF, Jenkins job secrets are not stored in the private Puppet repository.

See also

[edit]