Enable kernel2 builds in pipeline

[smacfarlane]

This PR enables x86_64-linux-kernel2 builds in the release pipeline. This will result in a new set of Habitat artifacts that need to be validated on a CentOS6-era Linux system.

Blocked by #5752

TODO:

• Enable kernel2 rootless studio builds
• Update install.sh script to take --target
• Document x86_64-linux-kernel2 validation steps

[thesentinels]

Thanks for the pull request! Here is what will happen next:

1. Your PR will be reviewed by the maintainers
2. If everything looks good, one of them will approve it, and your PR will be merged.

Thank you for contributing!

[christophermaier]

@smacfarlane Looking good so far 👍

[christophermaier]

What's the intention behind the concurrency group for just the kernel2 builds? And also without a corresponding concurrecy key?

[smacfarlane]

That was in part a copy/paste from the bootstrap pipeline where we use it to enforce isolation. I chatted with @scotthain about this after I initially published this branch and we decided we need to think on it a bit when we didn't have end-of-day pudding brain 😹 IIRC the question came down to: Do we need to ensure isolation between our two Linux builds for the release?

[christophermaier]

I don't think we do... the only kind of isolation I think we need is the sequencing, but that's taken care of using the various wait steps.

The only thing we're currently using concurrency on is the macOS builder, and then only because the builder is a single, long-lived machine, and we've had issues with our Travis-based release of having concurrent builds stepping on each other. It doesn't feel like there's a similar concern with the kernel 2 stuff, but I may be missing something; you guys have been more in that work than I have.

[smacfarlane]

☕️ Kicking in now. My concern was that if a kernel-current and kernel2 build were scheduled on the same host, you would end up with failed or corrupted builds because hab pkg build is going to attempt to destroy any existing studio at the current path, which would be the same for the two Targets.

We could probably work around this by naming the studio (-r) with the Target as part of the studio name, but it might just be safer to enforce them executing on separate hosts.

I'm not sure if it's possible for builds to be scheduled on the same host, I'm not familiar enough with how it's set up, so this may be a non-concern.

[christophermaier]

I think the path should be different, though, since they'd be different Buildkite jobs, and I think that's part of the path.

As for being scheduled on the same host, I think that depends on how the agent is configured, which is a question for @scotthain, methinks.

[scotthain]

After more thoughts, we shouldn't need the concurrency group in this case. (And if there's something we've manage to forget/nuke from our brains, we can add it back)

[scotthain]

Also as a side note, if we don't cut the concurrency down to 1 (as we do in some other pipelines as a forced limiting factor) there's no real point in this case :)

[christophermaier]

I'd separate the "kernel2" text from the package name, just so it's very clear that "kernel2" isn't some kind of weird version string 😄

[christophermaier]

Also, is kernel 2 "evil"? 🤣

[smacfarlane]

Good point, I'll fix that.

A little bit 😂 That just happened to be in front of me when I stopped looking for a good representative icon for the kernel2 builds. It was a small delighter for myself at the end of the day 😄 It should change when we decide on an icon to use.

[christophermaier]

I don't necessarily object 😄 I'm a big fan of using "delighter" emoji in Buildkite.

[christophermaier]

Ha, I guess it makes more sense to declare this outside the if/else 😄

[christophermaier]

The comments above about this being a temporary step may be better attached to this function directly.

[christophermaier]

🎉

[christophermaier]

🎉

[scotthain]

Also as a side note, if we don't cut the concurrency down to 1 (as we do in some other pipelines as a forced limiting factor) there's no real point in this case :)

[christophermaier]

@smacfarlane This continues to look really nice 👍

How close do you think we are to having this not be "WIP"?

[smacfarlane]

@christophermaier Very soon. The build portion of the pipeline looks good. I keep hitting what look like infrastructure issues so haven't had a successful end-to-end run without failures yet. I'd like to do a bit more digging to confirm that the errors are unrelated to the changes in the scripts before removing the WIP.

[smacfarlane]

@christophermaier I've removed the WIP 🎉 🌮 I'm working on the docker changes noted in the initial PR. While not a strict blocker to this one, I would like to make sure both changes make it in before our next release so they should be merged around the same time.

[smacfarlane]

@christophermaier One thing to note, I think we'll have to do a manual release of the x86_64-linux-kernel2 docker studio, with a follow on PR to enable that in the pipeline post-release. This is because the image building process relies on a published hab release in bintray, which doesn't occur until after the docker images are built and uploaded.

[christophermaier]

Is this because of a lack of kernel2 workers in Builder (which would normally be building this)?

(Adding or linking to explicit directions for building a kernel2 launcher would be good here.)

Also, why 🍡? 😄

[smacfarlane]

Correct. I will add those steps to the Release documentation and link to them.

I was thinking about how good a dango would be at the time I was working on this. I am happy to report that that particular issue was resolved 😄 Also, three little launchers all lined up?(I just made that up, but I kinda like it)

[christophermaier]

I think we're at the point where we want to refactor the publish function to take repository, target, version, and release arguments, and generate the complete URL internally. Otherwise, we've duplicated the URL creation logic four times.

[smacfarlane]

👍 Will refactor

[christophermaier]

Probably so, particularly once we get the Windows builds working in Buildkite. Might as well take care of that now.

[christophermaier]

Wonder if we can get a bit more consistency, and maybe be able to abstract some of these metadata calls into functions, if we require a package target environment variable to be set everywhere, and then take advantage of that here, rather than hardcoding?

[smacfarlane]

I started to look at this because I think it's the right idea, but I've hit a bit of a snag. We use the meta-data get for both the current $pkg_target, but in the case of bintray_publish for all $pkg_targets.

Creating a function that always requires the target be passed doesn't get us much (anything?) from requiring a Target environment variable. Having the target be optional I'd argue is worse because it would be pretty easy to miss a spot where it's necessary and hard to debug in the pipeline.

We could split out bintray_publish to act only on a single target, and have a step for each target... I think this is what I'll try. Refactoring all scripts to act on a single target where appropriate. It means we'd need N workers to run each curl rather than 1 worker to run N curls. I think the failure case of one not working isn't any worse than current state either.

[christophermaier]

I may have been overly prescriptive... the function doesn't need to operate on the specific environment variable, but we could take advantage of the environment variable and pass it in as an argument.

One thing this would allow us to do is hide the nature of the keys behind a function. For example, we do that here:

habitat/.buildkite/scripts/shared.sh

Lines 47 to 61 in 58f19cf

	# Abstracts the logic (such as it is) for whether we're doing a "fake"
	# release or not.
	set_fake_release() {
	local release=${1}
	buildkite-agent meta-data set fake-release "${release}"
	}
	is_fake_release() {
	buildkite-agent meta-data exists fake-release
	}
	get_fake_release() {
	buildkite-agent meta-data get fake-release
	}

Every place that needs to operate on the metadata for a "fake release" doesn't need to know what the metadata key is (or that it's even stored in Buildkite metadata). It feels like we're getting to the point where we're making more and more use of the metadata feature, to the point where it could become confusing and error prone to be replicating all this logic across the various scripts.

Then here, we'd just have a list of targets we care about (not even environment variables, necessarily) and we'd just iterate through them, operating on each appropriate package in turn.

[christophermaier]

Might be good to create an issue for this and add a link here.

[baumanj]

Some relatively minor issues that you can do what you will with.

Additionally, I notice :? used in a number of places (e.g. ${hab_binary:?}). In contexts where set -u is present, this is redundant, but not harmful. However, it also isn't used consistently, so I think it would be preferable to choose to either alway or never use that form.

Ditto to the other 2 instances

[baumanj]

ensure → ensures

[baumanj]

which is almost certainly fine here, but just FYI it's not POSIX, so command -v is a bit safer in general and has the benefit of being a bash builtin.

[baumanj]

Is this intended to be a global, or would it be better to declare local?

[baumanj]

These declare -gs are both unnecessary (without local, the variables will be global), but being explicit isn't a bad thing.

However, it is a bit confusing to have the declare down here. Why not up next to local pkg_target?

[baumanj]

I tend to prefer

Suggested change

	declare -g new_studio=1
	declare -g new_studio=true

since it allows consumers to write

if "$new_studio"; then

rather than

if [ "$new_studio" -eq 1]; then

or

if [ -n "$new_studio" ]; then

or some variation depending on what we consider truth for that variable.

[baumanj]

I like this idiom a little better since it makes it impossible to forget the popd and you don't need the >/dev/null since cd has no output.

    ( cd "$tempdir"
        curl "$hab_src_url" -o hab-x86_64-linux-kernel2
        sudo mv hab-x86_64-linux-kernel2 /bin/hab-x86_64-linux-kernel2
        sudo chmod +x /bin/hab-x86_64-linux-kernel2
    ) 

[baumanj]

If you need the -f here, I think there's something wrong.

Also, I'd omit the >/dev/null. If this outputs anything, it's because something is amiss.