James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 1 | :title: Job Content |
| 2 | |
| 3 | Job Content |
| 4 | =========== |
| 5 | |
| 6 | Zuul jobs are implemneted as Ansible playbooks. Zuul prepares the |
| 7 | repositories used for a job, installs any required Ansible roles, and |
| 8 | then executes the job's playbooks. Any setup or artifact collection |
| 9 | required is the responsibility of the job itself. While this flexible |
| 10 | arrangement allows for almost any kind of job to be run by Zuul, |
| 11 | batteries are included. Zuul has a standard library of jobs upon |
| 12 | which to build. |
| 13 | |
| 14 | Working Directory |
| 15 | ----------------- |
| 16 | |
| 17 | Before starting each job, the Zuul executor creates a directory to |
| 18 | hold all of the content related to the job. This includes some |
| 19 | directories which are used by Zuul to configure and run Ansible and |
| 20 | may not be accessible, as well as a directory tree, under ``work/``, |
| 21 | that is readable and writable by the job. The hierarchy is: |
| 22 | |
| 23 | **work/** |
| 24 | The working directory of the job. |
| 25 | |
| 26 | **work/src/** |
| 27 | Contains the prepared git repositories for the job. |
| 28 | |
| 29 | **work/logs/** |
| 30 | Where the Ansible log for the job is written; your job |
| 31 | may place other logs here as well. |
| 32 | |
| 33 | Git Repositories |
| 34 | ---------------- |
| 35 | |
| 36 | The git repositories in ``work/src`` contain the repositories for all |
| 37 | of the projects specified in the ``required-projects`` section of the |
| 38 | job, plus the project associated with the queue item if it isn't |
| 39 | already in that list. In the case of a proposed change, that change |
| 40 | and all of the changes ahead of it in the pipeline queue will already |
| 41 | be merged into their respective repositories and target branches. The |
| 42 | change's project will have the change's branch checked out, as will |
| 43 | all of the other projects, if that branch exists (otherwise, a |
| 44 | fallback or default branch will be used). If your job needs to |
| 45 | operate on multiple branches, simply checkout the appropriate branches |
| 46 | of these git repos to ensure that the job results reflect the proposed |
| 47 | future state that Zuul is testing, and all dependencies are present. |
| 48 | Do not use any git remotes; the local repositories are guaranteed to |
| 49 | be up to date. |
| 50 | |
James E. Blair | 4d5dd25 | 2017-06-23 21:40:56 +0100 | [diff] [blame] | 51 | The repositories will be placed on the filesystem in directories |
| 52 | corresponding with the canonical hostname of their source connection. |
| 53 | For example:: |
| 54 | |
| 55 | work/src/git.example.com/project1 |
| 56 | work/src/github.com/project2 |
| 57 | |
| 58 | Is the layout that would be present for a job which included project1 |
| 59 | from the connection associated to git.example.com and project2 from |
| 60 | GitHub. This helps avoid collisions between projects with the same |
| 61 | name, and some language environments, such as Go, expect repositories |
| 62 | in this format. |
| 63 | |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 64 | Note that these git repositories are located on the executor; in order |
| 65 | to be useful to most kinds of jobs, they will need to be present on |
| 66 | the test nodes. The ``base`` job in the standard library contains a |
| 67 | pre-playbook which copies the repositories to all of the job's nodes. |
| 68 | It is recommended to always inherit from this base job to ensure that |
| 69 | behavior. |
| 70 | |
| 71 | .. TODO: link to base job documentation and/or document src (and logs?) directory |
| 72 | |
James E. Blair | 28c8e3b | 2017-07-17 16:27:50 -0700 | [diff] [blame] | 73 | Variables |
| 74 | --------- |
| 75 | |
| 76 | Any variables specified in the job definition are available as Ansible |
| 77 | host variables. They are added to the `vars` section of the inventory |
| 78 | file under the `all` hosts group, so they are available to all hosts. |
| 79 | Simply refer to them by the name specified in the job's `vars` |
| 80 | section. |
| 81 | |
| 82 | Secrets |
| 83 | ~~~~~~~ |
| 84 | |
| 85 | Secrets also appear as variables available to Ansible. Unlike job |
| 86 | variables, these are not added to the inventory file (so that the |
| 87 | inventory file may be kept for debugging purposes without revealing |
| 88 | secrets). But they are still available to Ansible as normal |
| 89 | variables. Because secrets are groups of variables, they will appear |
| 90 | as a dictionary structure in templates, with the dictionary itself |
| 91 | being the name of the secret, and its members the individual items in |
| 92 | the secret. For example, a secret defined as:: |
| 93 | |
| 94 | - secret: |
| 95 | name: credentials |
| 96 | data: |
| 97 | username: foo |
| 98 | password: bar |
| 99 | |
| 100 | Might be used in a template as:: |
| 101 | |
| 102 | {{ credentials.username }} {{ credentials.password }} |
| 103 | |
| 104 | .. TODO: xref job vars |
| 105 | |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 106 | Zuul Variables |
James E. Blair | 28c8e3b | 2017-07-17 16:27:50 -0700 | [diff] [blame] | 107 | ~~~~~~~~~~~~~~ |
James E. Blair | eff5a9d | 2017-06-20 00:00:37 -0700 | [diff] [blame] | 108 | |
| 109 | Zuul supplies not only the variables specified by the job definition |
| 110 | to Ansible, but also some variables from the executor itself. They |
| 111 | are: |
| 112 | |
| 113 | **zuul.executor.hostname** |
| 114 | The hostname of the executor. |
| 115 | |
| 116 | **zuul.executor.src_root** |
| 117 | The path to the source directory. |
| 118 | |
| 119 | **zuul.executor.log_root** |
| 120 | The path to the logs directory. |
| 121 | |
| 122 | SSH Keys |
| 123 | -------- |
| 124 | |
| 125 | Zuul starts each job with an SSH agent running and the key used to |
| 126 | access the job's nodes added to that agent. Generally you won't need |
| 127 | to be aware of this since Ansible will use this when performing any |
| 128 | tasks on remote nodes. However, under some circumstances you may want |
| 129 | to interact with the agent. For example, you may wish to add a key |
| 130 | provided as a secret to the job in order to access a specific host, or |
| 131 | you may want to, in a pre-playbook, replace the key used to log into |
| 132 | the assigned nodes in order to further protect it from being abused by |
| 133 | untrusted job content. |
| 134 | |
| 135 | .. TODO: describe standard lib and link to published docs for it. |
| 136 | |
James E. Blair | 88e79c0 | 2017-07-07 13:36:54 -0700 | [diff] [blame] | 137 | .. _return_values: |
| 138 | |
James E. Blair | 196f61a | 2017-06-30 15:42:29 -0700 | [diff] [blame] | 139 | Return Values |
| 140 | ------------- |
| 141 | |
| 142 | The job may return some values to Zuul to affect its behavior. To |
| 143 | return a value, use the *zuul_return* Ansible module in a job |
| 144 | playbook. For example:: |
| 145 | |
| 146 | tasks: |
| 147 | - zuul_return: |
| 148 | data: |
| 149 | foo: bar |
| 150 | |
| 151 | Will return the dictionary "{'foo': 'bar'}" to Zuul. |
| 152 | |
| 153 | .. TODO: xref to section describing formatting |
| 154 | |
| 155 | Several uses of these values are planned, but the only currently |
| 156 | implemented use is to set the log URL for a build. To do so, set the |
| 157 | **zuul.log_url** value. For example:: |
| 158 | |
| 159 | tasks: |
| 160 | - zuul_return: |
| 161 | data: |
| 162 | zuul: |
| 163 | log_url: http://logs.example.com/path/to/build/logs |