Skip to content

Gitlab

Changes expected as we migrate services from Perlmutter to Cori

As part of the migration from Cori to Perlmutter, we are preparing to offer a new GitLab runner setup for running CI jobs on Perlmutter. At the same time, we will be modifing and retiring the curently offered services on Cori.

Gitlab is a DevOps platform to allow software development teams to collaborate together by hosting code in a source repository and providing infrastructure for automated builds, integration and verification of code using Continuous Integration/Continuous Delivery (CI/CD). The Gitlab Project is open source and actively maintained by Gitlab Inc.

Access

NERSC provides a GitLab service for users available at https://software.nersc.gov/. You will be required to type your NERSC credentials in order to access this service.

Running CI Pipelines at NERSC

The GitLab server provides shared runners in order to run CI jobs on NERSC resources. Currently we have the following runners:

Tag (used in CI yaml file) Runner Name System Access
cori cori20 Cori All Users

The cori runner will use the system default slurm binaries /usr/bin/sbatch to submit jobs to the cluster.

CI Job Parameters

We make use of Jacamar CI which is a Gitlab custom executor for CI/CD jobs on HPC systems. Jacamar provides integration with batch schedulers and downscoping of permissions to ensure jobs are run via your user account. Jacamar will direct CI jobs through the SLURM scheduler. SLURM parameters are defined via the SCHEDULER_PARAMETERS variable which is used to request a job allocation on a compute node. This variable can be defined in your .gitlab-ci.yml file or as a project CI/CD variable.

You are resonsible for CI jobs!

Please be careful of what you automatically run in your CI jobs as they will be run via your user account. Each GitLab job will have access to all your shared filesystems including your $HOME directory. Any sensitive information should not be stored on NERSC systems or displayed in a GitLab job. It is your responsiblity to properly use NERSC systems, including this Gitlab service. We are not responsible for any loss of data or issues with your user environment as a result of CI jobs.

The Gitlab CI configuration is declared in a special file .gitlab-ci.yml (by default) that is typically available in the root of the project. Please review the reference guide for .gitlab-ci.yml. Furthermore, we encourage you to review the Gitlab CI/CD documentation. Please ensure you review the documentation for the appropriate GitLab version. You can see the GitLab version by navigating to https://software.nersc.gov/help.

Scheduler Integration

Please see Slurm example jobs for information about job submission parameters. If options are not correctly defined via SCHEDULER_PARAMETERS your CI job will fail during slurm allocation. Here is a simple example of how one submits a job to the Cori Haswell node. The tags keyword is used to select the GitLab runner to use in this case. tags: [cori] informs GitLab to send job to the Cori system. The keyword script, before_script and after_script are sections where you can run arbitrary shell commands. The stages keyword is used to define a list of stage name to group GitLab jobs; all jobs within a stage can execute in parallel. The stage keyword is used in context of a GitLab job, in this example the name of job is cori-haswell

You can find this example in https://software.nersc.gov/ci-resources/hello-environment.

Note

Gitlab runner will be down when the system is offline which may result in termination or failure of CI jobs

stages:
  - examine

cori-haswell:
  stage: examine
  tags: [cori]
  variables:
    SCHEDULER_PARAMETERS: "-C haswell --qos=debug -N1 -t 00:05:00"    
  script:
    - echo "Script"
    - bash ./environment.bash

before_script:
  - echo "Before Script"
  - pwd
  - ls -la

after_script:
  - echo "After Script"
  - whoami
  - hostname

Increase Job Timeout

By default, GitLab job will timeout after 60min and GitLab will terminate job and mark job as failure. You can increase the job timeout in project settings by navigating to Settings > CI/CD > General Pipelines and set the Timeout value in minutes (10m), hours (10h) or days (10d). The maximum timelimit is 30 days (30d).

For more details see https://docs.gitlab.com/ee/ci/pipelines/settings.html#set-a-limit-for-how-long-jobs-can-run

Access Token

In order to use our GitLab server, you will need to create a Personal Access Token to perform any action since we have disabled SSH authentication when cloning repo. To create an access token navigate to https://software.nersc.gov/-/profile/personal_access_tokens and create a token name with appropriate scope. We recommend you enable scope read_repository and write_repository to read and write to repository, if you plan to use the GitLab API you may enable scope read_api, read_user and api. Once you create a token, you will see a randomly generated token, please save this token, if you are using Mac you can use Keychain Access to store your password.

Resources

Title Date Links
Introduction to CI at NERSC July 7th, 2021 Slides
Video