You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by po...@apache.org on 2021/03/20 13:19:42 UTC

[airflow-ci-infra] branch make-docker-login-more-robust created (now 191c31b)

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a change to branch make-docker-login-more-robust
in repository https://gitbox.apache.org/repos/asf/airflow-ci-infra.git.


      at 191c31b  Runners more resiliant to docker login failure

This branch includes the following new commits:

     new 191c31b  Runners more resiliant to docker login failure

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[airflow-ci-infra] 01/01: Runners more resiliant to docker login failure

Posted by po...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch make-docker-login-more-robust
in repository https://gitbox.apache.org/repos/asf/airflow-ci-infra.git

commit 191c31bf2f50642b81fe3e397f8de4ad62d3be27
Author: Jarek Potiuk <ja...@potiuk.com>
AuthorDate: Sat Mar 20 14:15:15 2021 +0100

    Runners more resiliant to docker login failure
    
    Login to docker registry is now done in PreExec and in case it
    fails, it also fails the whole service (leading to subsequent
    service restart).
    
    Also added `set -eux -o pipefail` to be better protected against
    any silent failures.
---
 cloud-init.yml | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/cloud-init.yml b/cloud-init.yml
index d1d0b42..68a9280 100644
--- a/cloud-init.yml
+++ b/cloud-init.yml
@@ -30,6 +30,7 @@ runcmd:
     - -c
     # https://github.com/actions/virtual-environments/blob/525f79f479cca77aef4e0a680548b65534c64a18/images/linux/scripts/installers/docker-compose.sh
     - |
+      set -exu -o pipefail
       URL=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | jq -r '.assets[].browser_download_url | select(endswith("docker-compose-Linux-x86_64"))')
       curl -L $URL -o /usr/local/bin/docker-compose
       chmod +x /usr/local/bin/docker-compose
@@ -51,6 +52,7 @@ runcmd:
     - bash
     - -c
     - |
+      set -exu -o pipefail
       python3 -mvenv /opt/runner-supervisor
       /opt/runner-supervisor/bin/pip install -U pip python-dynamodb-lock-whatnick==0.9.3 click==7.1.2 psutil 'tenacity~=6.0'
   -
@@ -76,10 +78,6 @@ runcmd:
       aws s3 cp s3://airflow-ci-assets/runner-supervisor.py /opt/runner-supervisor/bin/runner-supervisor
       chmod 755 /opt/runner-supervisor/bin/runner-supervisor
 
-      # Log in to a paid docker user to get unlimited docker pulls
-      aws ssm get-parameter --with-decryption --name /runners/apache/airflow/dockerPassword | \
-        jq .Parameter.Value -r | \
-        sudo -u runner docker login --username airflowcirunners --password-stdin
     - 2.277.1-airflow3
   - [systemctl, enable, --now, iptables.service]
   # Restart docker after applying the user firewall -- else some rules/chains might be list!
@@ -90,8 +88,8 @@ runcmd:
     - bash
     - -c
     - |
-      echo "Pre-loading commonly used docker images from S3"
       set -eux -o pipefail
+      echo "Pre-loading commonly used docker images from S3"
       aws s3 cp s3://airflow-ci-assets/pre-baked-images.tar.gz - | docker load
 
 write_files:
@@ -122,11 +120,17 @@ write_files:
   # Don't put this in ~runner, as these get written before the user is added, and this messes up creating the home dir
   - path: /usr/local/sbin/runner-cleanup-workdir.sh
     content: |
-      #!/bin/bash
+      #!/bin/bashq
+      set -exu -o pipefail
       echo "Left-over containers:"
       docker ps -a
       docker ps -qa | xargs --verbose --no-run-if-empty docker rm -fv
 
+      echo "Log in to a paid docker user to get unlimited docker pulls"
+      aws ssm get-parameter --with-decryption --name /runners/apache/airflow/dockerPassword | \
+        jq .Parameter.Value -r | \
+        sudo -u runner docker login --username airflowcirunners --password-stdin
+
       if [[ -d ~runner/actions-runner/_work/airflow/airflow ]]; then
         cd ~runner/actions-runner/_work/airflow/airflow
 
@@ -145,7 +149,7 @@ write_files:
   - path: /usr/local/bin/stop-runner-if-no-job.sh
     content: |
       #!/bin/bash
-      set -u
+      set -exu -o pipefail
 
       MAINPID="${MAINPID:-${1:-}}"
 
@@ -195,7 +199,7 @@ write_files:
     permissions: '0775'
     content: |
       #!/bin/bash
-
+      set -exu -o pipefail
       if pgrep -c Runner.Worker >/dev/null; then
           # Only report metric when we're doing something -- no point paying to submit zeros
           aws cloudwatch put-metric-data --metric-name jobs-running --value "$(pgrep -c Runner.Worker)" --namespace github.actions