Closed rowanjacobs closed 7 years ago
Hey rowanjacobs!
Thanks for submitting this pull request! I'm here to inform the recipients of the pull request that you and the commit authors have already signed the CLA.
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/150618506
The labels on this github issue will be updated when the story is started.
Hi @rowanjacobs! The RelInt team has multiple traps on EXIT in the cf-deployment-concourse-tasks. We ran into a problem with updating our vars store because your newly-introduced trap is overriding ours on the EXIT signal. We removed EXIT, and kept your INT and TERM signals.
Could we simulate your trapping on EXIT by explicitly calling pkill ssh || true
everywhere where bbl print-env
is shelling out? We're not sure how else to address this, tbh.
You'd have to call pkill ssh || true
at the end of every task that calls setup_bosh_env_vars
(since the ssh
connection from bbl print-env
has to stay alive long enough for bosh
commands to be executed).
Yes, I see! We'll do that to work around the issue. We're not sure how to test this, though. If you have an environment where you could vet the approach, would you mind filing another pull request sans EXIT trap?
We don't yet have a credhub'd environment, so we'd just be guessing on the implementation.
Sure, I can test this in our pipeline and create a new PR.
New PR, #30, has been created.
This PR contains a couple changes designed to enable using
bbl up --credhub
in CI pipelines.The first is that, in order to prevent containers from hanging for a long time after jobs which run
eval "$(bbl print-env)"
(which opens an ssh connection when credhub is enabled), thesetup_bosh_env_vars
task inshared_functions
kills ssh connections on exit.The second change is due to bbl no longer persisting IAAS credentials in
bbl-state.json
when credhub is enabled. As a result, when credhub is enabled, we must pass in the IAAS credentials manually to every task which runs a bbl command (includingbbl print-env
)./cc @mcwumbly