swarmbucket task expire on windows |
|||||
Issue descriptionWhen swarmbucket schedules a swarming task and sets priority to 30, swarming resets it to 100. As a result, Windows tasks often expire because there is a lot of tasks with priority 30. We need the same priority for existing and swarmbucket tasks.
,
Oct 28 2016
swarmbucket's account needs to be considered a bot, e.g. be including in swarming-bots. https://chrome-infra-auth.appspot.com/auth/groups#swarming-bots
,
Oct 28 2016
swarmbucket schedules tasks on behalf of users, so e.g. on behalf of maruel@chromium.org is there a group where I can include project-chromium-tryjob-access, project-infra-tryjob-access groups?
,
Oct 28 2016
alternatively, can we check peer_identity in addition to current identity?
,
Oct 28 2016
Humm interesting. I kinda forgot about that. TL;DR: Yes.
,
Oct 28 2016
i assume this is Yes to my question about peer_identity
,
Oct 28 2016
It's better not to use peer_identity for any authorization decisions. It exists as a hint for debugging/tracing. Evaluating both main identity and peer_identity for authorization is path to an unnecessary complexity. I think we need to introduce a new group for users that are allowed to post high-priority tasks and add 'bots', admin and CQ service account there. All CQ jobs are using CQ service account, e.g. https://chromium-swarm.appspot.com/user/task/3224ff6948c9d110 (look at 'Authenticated' field).
,
Oct 28 2016
i can implement #3/#7. maruel, wdyt?
,
Oct 28 2016
,
Oct 31 2016
I wonder what happens for a CQ job by a non member. It uses the account of the user who LGTM'ed?
,
Oct 31 2016
Discussed offline. The groups needs to be updated, then we can just have swarming-privileged-users allowed to run high priority tasks (a one liner or so)
,
Oct 31 2016
CQ always uses it's own account when scheduling through buildbucket.
,
Oct 31 2016
,
Oct 31 2016
The following revision refers to this bug: https://chromium.googlesource.com/external/github.com/luci/luci-py.git/+/f6ed6fef610f312800f5644ca0c4889d67fd2b20 commit f6ed6fef610f312800f5644ca0c4889d67fd2b20 Author: nodir <nodir@chromium.org> Date: Mon Oct 31 22:09:21 2016 swarming: allow privileged users to schedule high priority tasks allow privileged users to schedule tasks with priority < 100 Context is crbug.com/660446 R=maruel@chromium.org, vadimsh@chromium.org BUG= 660446 Review-Url: https://codereview.chromium.org/2463483002 [modify] https://crrev.com/f6ed6fef610f312800f5644ca0c4889d67fd2b20/appengine/swarming/handlers_endpoints.py [modify] https://crrev.com/f6ed6fef610f312800f5644ca0c4889d67fd2b20/appengine/swarming/handlers_frontend.py [modify] https://crrev.com/f6ed6fef610f312800f5644ca0c4889d67fd2b20/appengine/swarming/server/acl.py
,
Oct 31 2016
This also, naturally, affects boringssl. Nodir@ please make their setup for windows work too (but not for Android bots, because those are scarce and stip@ will kill me afterwards :D)
,
Oct 31 2016
This also, naturally, affects boringssl. Nodir@ please make their setup for windows work too (but not for Android bots, because those are scarce and stip@ will kill me afterwards :D)
,
Oct 31 2016
does CQ schedule boringssl builds that you are concerned about?
,
Oct 31 2016
,
Jan 27 2017
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by no...@chromium.org
, Oct 28 2016