Postings by Bamacharan Kundu

CentOS Container Pipeline Service OpenShift upgrade to v3.10

We are going to upgrade OpenShift cluster for CentOS Container
Pipeline service from OpenShift v3.9 to v3.10.

CentOS Community Container Pipeline: re-architecture migration window

Since last few months, we were working on re-architecturing the
CentOS Community Container Pipeline Service to make
<a href="" title=""></a> as a stable and reliable source for CentOS
based container images.

We are now done with the changes for better throughput and stability.
We are working on deploying the new service in production in coming
weekend (between 28th Sep 2018- 1st Oct 2018). During this time service
will be in maintenance mode. We will not be building new images for is down due to maintenance window from the infra side

Hi All,
There is maintenance window going on from the infra side, so is not available for some time.

Impact: users will not be able to pull images from
Resolution time: will update on resolution

We are sorry for the inconvenience caused, will keep you posted.

Bamacharan Kundu

Status update: CentOS Community Container Pipeline Service 14-Mar-2018

Here is an update on the recent works done in Centos Community
Container Pipeline Service
* Fixing beanstalk connection initialization method
* Gates pep8 on service code before running actual tests
* Cleans the log file with redundant queue operational messages
* Prevents logging unnecessary recurring queue operational messages

Our current focus is:
* Fix docker run command for INSTALL labels of scanners
* Fix weekly scan to read through all yaml and yml container-index
* Fix pre-build job entries CI to not check for target file
* Enabling automa

Status Update: CentOS Community Container Pipeline Service 07-Mar-2018

Here is an update on the recent works done in Centos Community
Container Pipeline Service
* Fixed bugs in dangling volume cleanup post scan
* Update ansible script to install latest docker on all the nodes.
* Enable support for yaml in container-index
* Make sure jenkins jobs are stopped properly before starting deployment

Our current focus is:
* Update API with filtering with primary key and names
* Fixing container pipeline service API’s for displaying more details
on UI.
* Fixing beanstalk connection initialization method
* Fix pipeline scanner image rootfs unmounting

Status Update: CentOS Community Container Pipeline Service 28-Feb-2018

Hi All,
Here is an update on the recent works done in Centos Community
Container Pipeline
* <a href="" title=""></a> is updated with new UI allowing users
* search through the content
* shows the dockerfile from which the image is built
* Shows the Readme from the repo which mostly talks about the
usage of the image
* We have refactored garbage collector to get proper diff in
container-index and for removing extra images pushed
to registry in build time.
* We have disable the centos/centos:* base images to be excluded in
RPM repo tracking.

Rebooting the Centos-Community-Container-pipeline servers due to CVE updates

Due to the CVE updates required for the machines.
We are doing the following.

* yum update the machines
* reboot them
* Deploy the service with the code to get weekly scan email back.

so there would be some interruption for the container-pipeline and
<a href="" title=""></a>. we are trying to minimize it as far as we can.

Bamacharan Kundu

Running openshift cluster on aarch64

I am trying to setup openshift allinone cluster in aarch64.
I tried few ways.

1. RPM:
a. I installed the origin RPMs from the centos cbs [1]. started origin
and while trying run the registry with pods it pulls the x86_64
origin-pod and deployer. so fails with go panic.
b. tried running origin start, dockerregistry with config. pods are
running but builds are not starting saying invalid registry endpoints
(as it is trying to push the built image to internal registry)


Container Pipeline: RPM Update tracking disabled temporarily

Hi All,
Due to some issues in RPM update checks, we are temporarily disabling
the feature: image update based on update in RPMS in it, from Centos
Community Container Pipeline Service[1].

* Any update in RPM will not trigger its image rebuilt.

We will update on its resolution.


Bamacharan Kundu

Status Update: Centos Community Container Pipeline

Hi All,
Here is an update on the recent works done in Centos Community
Container Pipeline
* Registry is now accessible through UI, <a href="" title=""></a>.
we have only https enabled for now. This lists down all the images and
tags in the registry[1].
* Sentry is set for monitoring application, with updated application
logs and levels.
* Build notification emails are now segregated based on the stage the
service running on.
* Jenkins jobs are now synced with the container-index.

Update on CentOS Community Container Pipeline

Hi All,

Here is recent updates on CentOS Community Container Pipeline.
* Issues with jenkins for proceeding with builds even in failure are
fixed now.
* Issues with workers not deleting jobs properly in case of failure are
fixed now.
* Jenkins is updated with security fixes
* Repeating failed builds are checked and fixed now
* Updated service logs for better visibility and proper level
* Openshift projects are now cleaned up properly before running a build.
* UI for registry is set up on pre-prod
* Jenkins jobs are now synced up regularly with container-index.

Setting up CentOS Container-Pipeline to build AArch64 images

We are planning to build AArch64 images in centos community container
pipeline[1]. We were trying to setup one POC on this today.

We got stuck in few points.
1. We could not find openshift-orgin RPM or container to use for pipeline.

Update on CentOS Community Container Pipeline

Below is an update on recent works for CentOS Community Container Pipeline
* Now emails from prod and test are distinguished, by prepending test
to subject for emails from test.
* Filters are added for scanner rpm verify for centos base image issues.
* Changed email notification for the user to address the image name
* Issues with linter are fixed now to make sure it does not point as invalid registry.
* Configurable logrotate policy is added to make sure worker logs are
handled properly.
* For every deployment, fresh images are now pulled

GA Release: CentOS Community Container Pipeline

Hi All,
We would like to welcome and introduce you all to the CentOS
Community Container Pipeline Service[1][4].

Status update on CentOS Community Container Pipeline

Hi All,
Below is updates for the recent works done on CentOS Community
Container Pipeline
* Clear up the pods and environment once build is complete
* Getting all mails from container-pipeline logged in a mailing list
* RPM tracking and updating container images based on RPM updates.
* Postgresql (upstream) and making sure they work with openshift
* Wildfly swarm stack is containerized now.
* Ported Alpine based NSQ (<a href="" title=""></a>) container image to CentOS
* Linter upgrade to prevent the message raised by `FROM` statement

Our Current focus is on:
* Single mail notification for end to en

Status update on CentOS Community Container Pipeline

Hi All,
Here is an update for recent works done on centOS Community Container

* Caddy server is now available in
* Nginx with more headers is now available in
* Workers are running from same image now.
* Now we support gitlab repos with url ending with .git
* Fixed node permissions from provisioning scripts for local 4 machine setup
* We are now writing failed build logs to NFS and putting the links to
them rather than attaching the log file.

Our Current focus is:
* Getting all mails logged in a mailing list for tracking the emails

Container rebuilds for Centos-Dockerfiles

Hi All,
We are building most of the dockerfiles from centos-dockerfiles[1]
in CentOS Community Container Pipeline[2]. These are built and pushed to[3].

If there is any update to the source git repo of dockerfile, container
gets updated with rebuilt and pushed to registry.

Now we are having all the dockerfiles for centos-dockerfiles under same
repo[1]. So if there is any change to any of these dockerfiles, all the
images gets rebuilt. Which is not required and making the pipeline to
get busy for a while.

To solve this can we take following routes.