Auto Package Testing

Use a specific secgroup for each running autopkg nova instance

Bug #1763445 reported by Junien F
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Auto Package Testing
Fix Released
Medium
Julian Andres Klode

Bug Description

Hi,

In order to work around bug 1763442, could you please have each _running_ autopkg nova instance in a different secgroup ?

A new secgroup for each instance is not needed. For example, if you can run 10 instances in parallel, having 10 secgroups (say, adt-sg-0 to adt-sg-9) would be enough - and said secgroups can be reused by successive instances, no need to destroy/recreate them each time.

Thanks !

Tags: sts

Related branches

~juliank/autopkgtest-cloud:copy-security-group
Ubuntu Release Team: Pending requested
Diff: 225 lines (+124/-10)
10 files modified
deployment/charms/xenial/autopkgtest-cloud-worker/autopkgtest@.service (+6/-3)
deployment/charms/xenial/autopkgtest-cloud-worker/hooks/install (+1/-1)
tools/copy-security-group (+89/-0)
tools/exec-in-region (+22/-0)
worker-config-production/worker-bos01.conf (+1/-1)
worker-config-production/worker-bos02-arm64.conf (+1/-1)
worker-config-production/worker-bos02-ppc64el.conf (+1/-1)
worker-config-production/worker-bos02-s390x.conf (+1/-1)
worker-config-production/worker-canonistack.conf (+1/-1)
worker-config-production/worker.conf (+1/-1)
Revision history for this message
Iain Lane (laney) wrote :

Sure, although I'd appreciate it if you could try to get that bug worked on...

To fix this, we need to add an ExecStartPre/ExecStopPost to create/destroy the secgroup. We also need to pass this as "-s" as an argument to the SSH setup script ("args" in the .conf file).

Changed in auto-package-testing:
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Junien F (axino) wrote :

Note that destroying the secgroup should never be needed. Also you can probably assign instances to "random" secgroups (for example, adt-sg-$(($RANDOM%10)) ), that should distribute them enough.

Revision history for this message
Iain Lane (laney) wrote :

Yeah.

It's more that I would rather the workers not have to assume that the secgroup exists. This shouldn't be that hard to do.

Edward Hope-Morley (hopem)
tags: added: sts
Julian Andres Klode (juliank)
Changed in auto-package-testing:
status: Triaged → Fix Committed
assignee: nobody → Julian Andres Klode (juliank)
status: Fix Committed → In Progress
Revision history for this message
Julian Andres Klode (juliank) wrote :

Released, each service uses its own security group now.

Changed in auto-package-testing:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.