How Red Hat uses GitLab for kernel development
The transition
Red Hat has transitioned its kernel team from "an old Patchwork server" to GitLab in the last year, Zickus began. Prior to the change, the team had a fairly traditional, email-based workflow that got harder to manage as the patch volume increased. Red Hat has a number of strict rules regarding patch review and getting acknowledgments from the appropriate people; tracking the readiness of patches as they went through this gauntlet, which involves a lot of manual work, became increasingly hard. Reviewers didn't know which patches they should be looking at, and the continuous-integration (CI) system was bolted on.
It was time to make a change, so the company turned to GitLab.
Bhargava briefly introduced the Lab tool, which provides a command-line interface to many GitLab features. Perhaps ironically, this tool is hosted on GitHub. A lot of developers prefer a command-line interface, he said.
In general, kernel maintainers tend to have their own scripts; each maintainer's tooling is different. Some maintainers would detect certain kinds of errors, while others would not. GitLab's ability to run scripts on actions has replaced much of this customization, ensuring that each patch is treated consistently and has the proper signoffs, includes the (apparently mandatory) Bugzilla ID, etc. Patches that come up short in one way or another can be labeled as needing attention.
Email, Bhargava said, makes it easy to comment on patches. It is rather less easy for maintainers to sift through the resulting volume of messages. GitLab is able to thread comments and replies, all organized per merge request, making the process easier. All of this is tied to a "big fat 'approve' button" to allow a merge to proceed. At this point, he said, he's not seeing developers using email-based approvals anymore.
The upstream kernel uses the MAINTAINERS file to determine who should review a given patch, which is another step for contributors to remember. Within Red Hat, that process has now been automated; when a merge request is generated, maintainers and reviewers are assigned automatically based on an owners.yaml file. There are two categories of review, depending on whether the reviewer's approval is required. Interested developers can sign up for notifications for changes to specific areas.
Previously, CI was added to the email-based process, separated from the generation of patches. Nothing required its use. In the new system, CI is integrated directly. While CI systems are not exciting to most maintainers, he said, they should be; they add a lot of stability to the kernel. With some of the CI testing done for the kernel as a whole, developers don't even know that the testing is happening; GitLab makes CI testing explicit and visible.
Zickus took over to say that the experience with GitLab has not been entirely smooth; they have found various problems over time. GitLab has worked with them to resolve these problems, which were mostly with the API and tooling. Red Hat also has a dedicated group working on issues that GitLab has not been able to resolve; there is a "strategic partnership" between the two companies.
There are some open issues, of course, including managing the chain of trust: pull requests for the kernel need to be properly signed. Better logs for merge requests would be helpful. Perhaps the biggest concern, though, has to do with making GitLab into a single point of failure; what if the company is bought out by somebody who is hostile to Red Hat and its goals? In that case, it would be relatively easy to pull all of the necessary data out of the system; the Git trees are already mirrored elsewhere. They have a script now that can take all of the comments from GitLab and dump them into a public-inbox instance.
Prarit closed the prepared talk by saying that it is still not 100% clear that GitLab is the best way forward, even though Red Hat is fairly deeply invested in it at this point. But the Git forge approach is worthwhile, he said. There were a lot of worries about making this kind of transition that turned out not to be real problems.
Discussion
Greg Kroah-Hartman started the discussion by (somewhat jokingly) congratulating the speakers for having integrated all of Gerrit's functionality into GitLab. But, he asked, how many patches are they really managing this way? Zickus answered that they manage 15-16,000 patches for each RHEL update, every three months. Bhargava said that, when they sat down to look at forges two years ago, Gerrit didn't have many of the features they were looking for; perhaps it has gotten better since.
Ted Ts'o said that his biggest worry is collaboration between subsystems.
If information for one subsystem is "orphaned" in GitLab, that is going to
make life harder for developers elsewhere. He is worried about discussions
in particular; comments in Gerrit, for example, are not available anywhere
else. The kernel community could consider hosting a GitLab instance at,
![[Discussion]](https://web.archive.org/web/20240121215638im_/https://static.lwn.net/images/conf/2021/lpc/rh-gitlab-sm.png)
say, kernel.org, but then some patch comments would live there, while
others would be on the mailing lists. Developers would have to search in
two places to get the full picture. Unless email can remain a first-class
citizen in the development process, he said, a workable transition is hard
to see.
Zickus answered that Red Hat is running an email bridge now that is used to ease the transition for developers. It is not intended to be kept around as a long-term solution, though.
Konstantin Ryabitsev said that he is not excited about the possibility of hosting a forge instance on kernel.org. Hosting the Bugzilla instance there has not been a good experience; it is mostly abandoned, but he is stuck cleaning out the spam that accumulates there. Once a tool is added, it is almost impossible to remove, since a couple of people inevitably become dependent on it. So it will have to be maintained forever.
A bigger issue, though, has to do with robustness. If kernel.org is not reachable, kernel development still goes on; an outage is inconvenient but not really a big problem. Adding a central forge, though, risks creating a situation where, should it go down, no work can get done. Imagine a situation, he said, where there is a zero-day vulnerability affecting billions of devices, and an attacker wants to prevent it from being patched. Attacking a crucial piece of infrastructure like a central forge might then look like a good idea. If the answer is "fall back to email", then nothing has really been solved.
Zickus said that GitLab is replicated and stored on the Google cloud, to which Ryabitsev responded that the Google cloud is unavailable in parts of the world like Russia and China. A large cloud provider is not a good solution, he said; on the other hand, self-hosting brings its own set of scaling and expense problems. Zickus said that Red Hat has a large testing team in China, and GitLab works well there. If that were to change, though, it would be a real problem.
Ryabitsev said he is not opposed to subsystems switching to a forge, as long as it doesn't become "a place where discussions go to die". Currently, if the infrastructure goes away, the "fossil record" is still around on sites like lore.kernel.org. Zickus said that dumping conversations to a public-inbox solves some of that problem. He then summarized the conversation by saying that there isn't really opposition to using the tool, but there are worries about preserving the conversations that happen there.
As time ran out, Ts'o said that this session was not the end of the conversation. Forges like GitLab point out what could be in our future, and that features like automatic CI testing are a really good idea.
The video
of this talk is available on YouTube.
| Index entries for this article | |
|---|---|
| Kernel | Development tools/Forges |
| Conference | Linux Plumbers Conference/2021 |
(Log in to post comments)
How Red Hat uses GitLab for kernel development
Posted Oct 2, 2021 16:47 UTC (Sat) by fratti (guest, #105722) [Link]
To me, it seems like something that provides some of the benefits of a forge without the full suite of features (and complexity) of a forge would be the best way forward. Say, a better system to manage and track patch series than patchwork currently is, with a way for maintainers to mark a series as merged or rejected, and a way for submitters of patch series to assign a unique identifier to a series so subsequent versions of it are linked to each other and can be compared. Being able to easily diff the diffs of different versions of a series would likely help. While developing, I often wish there was a meta-history for the actual git history wherein I could track the progress on my patches while still keeping a clean patch-centred history. Perhaps something like this already exists, and I'm simply not aware of it.
I'm fairly new to kernel development, mostly having gotten started writing patches and sending them in in the past 2 months, but I cannot even begin to imagine how painful it must be for reviewers to trust me that I only changed the parts of the driver I said I changed in my cover letter in a subsequent submission of a driver, or to reference back to the comments on the previous submission to see if everything has been addressed.
How Red Hat uses GitLab for kernel development
Posted Oct 2, 2021 20:01 UTC (Sat) by bfields (subscriber, #19510) [Link]
It's not *that* hard to find the previous version in my saved mail and compare.
You could compare two versions with
$ git checkout -b foo-v1 origin/master
$ git am foo-v1-mbox
$ git checkout -b foo-v2 origin/master
$ git am foo-v2-mbox
and then
$ git diff foo-v1..foo-v2
or
$ git diff foo-v1^^..foo-v2^^
though I've rarely done that in practice.
Probably this should all be easier, but it's not impossible.
How Red Hat uses GitLab for kernel development
Posted Oct 2, 2021 20:35 UTC (Sat) by fratti (guest, #105722) [Link]
I've also just found out about the --interdiff switch of git format-patch, so I suppose the ball is in my court to make things easier for maintainers. (Though admittedly, this again places the trust in the submitter to not mess this comparison up, either accidentally or intentionally.)
Perhaps all we need is a --supplants=<message id> for git send-email to get better tracking of patch series.
Thank you for sharing your perspective.
How Red Hat uses GitLab for kernel development
Posted Oct 2, 2021 22:59 UTC (Sat) by zev (subscriber, #88455) [Link]
Personally, I've recently found myself often wishing that "Link:" tags were more universally used. Commit messages are nice, but it's not at all infrequent that I really want to find the discussion that preceded a patch being accepted. Without a nice lore.kernel.org link right there, finding that is a lot more tedious.
How Red Hat uses GitLab for kernel development
Posted Oct 4, 2021 14:19 UTC (Mon) by willy (subscriber, #9762) [Link]
How Red Hat uses GitLab for kernel development
Posted Oct 4, 2021 16:48 UTC (Mon) by zev (subscriber, #88455) [Link]
Indeed I was not -- that does looks quite useful! Though after a few minutes of poking at it semi-randomly, its patch-discussion linking seems fairly spotty unfortunately (oddly, often failing even in cases where there is a Link: tag right there in the commit message). Nevertheless, I'll probably be making use of that in the future, thanks for the tip.
How Red Hat uses GitLab for kernel development
Posted Oct 3, 2021 19:15 UTC (Sun) by mkubecek (subscriber, #130791) [Link]
How Red Hat uses GitLab for kernel development
Posted Oct 3, 2021 6:24 UTC (Sun) by epa (subscriber, #39769) [Link]
How Red Hat uses GitLab for kernel development
Posted Oct 9, 2021 15:49 UTC (Sat) by Lennie (guest, #49641) [Link]
Their are projects which have build a system which allows issues to be tracked in a special git repository:
https://dist-bugs.branchable.com/software/
How Red Hat uses GitLab for kernel development
Posted Oct 3, 2021 6:39 UTC (Sun) by anmoch (subscriber, #85760) [Link]
How Red Hat uses GitLab for kernel development
Posted Oct 3, 2021 17:41 UTC (Sun) by marcH (subscriber, #57642) [Link]
And neither gitlab not github do range-diff : https://gitlab.com/gitlab-org/gitlab/-/issues/24096
Github is especially bad at it.
Of course using a forge and git range-diff are not mutually exclusive, in fact it's easier than pure email + range-diff.
How Red Hat uses GitLab for kernel development
Posted Oct 3, 2021 19:19 UTC (Sun) by bfields (subscriber, #19510) [Link]
It's fun to do things like 'git range-diff origin/master mwork@{1} mywork'
Very neat, I've always wanted that--though honestly I feel like I've gotten long OK without.
How Red Hat uses GitLab for kernel development
Posted Oct 3, 2021 10:48 UTC (Sun) by pbonzini (subscriber, #60935) [Link]
As a Red Hatter and an upstream developer, it's a bit more complicated than this. Despite being on a nominally old version, lots of subsystems in the RHEL kernel are rebased every 4-8 months to the latest version in the upstream kernel. For example, if you compare arch/x86/kvm/ between kernel-4.18.0-333.el8 and upstream 4.18, you get
72 files changed, 45945 insertions(+), 26903 deletions(-)
If you do the same with 5.13, you get
36 files changed, 985 insertions(+), 927 deletions(-)
These differences in turn are mostly because the kernel version backports the bugfix parts of what went into the 5.14 merge window. If it weren't for that, it would be even smaller.
As a result, there are two typical kinds of pull request in the RHEL kernel: bugfixes that are verbatim copies of 1-8 upstream commits, and large backports consisting of 200 to 1000 patches. The former are almost entirely trivial to review; often the developer who posts them is the same person who did the work upstream. The latter account for most of the 15000 patches mentioned in the article; of those, about 3-5% patches will have some difference with the corresponding upstream commit, typically due to bugfixes being backported out of order, and even fewer will be exclusive to RHEL. Of the 15000 patches, perhaps 1000 are going to be ever "clicked on" in the Gitlab merge request web pages.
As a result, review used to be 95+% the menial work of finding which patches have differences with the corresponding upstream. Such work is perfect for bots: they check the correspondance between the RHEL commit and the one in the "cherry picked from ..." lines (and the presence of those lines), signal differences, and let humans actually do the interesting parts of the review.
So, on one hand I absolutely love the GitLab-based development process that Prarit and Donald and many others have implemented. On the other hand, I would be wary to suggest that it could be applied to anything but the stable kernel process. In particular, code review on the web at the scale of Linux development is a complete non-starter until GitLab or GitHub implement a UI that maps to "git range-diff".
How Red Hat uses GitLab for kernel development
Posted Oct 3, 2021 12:24 UTC (Sun) by mathstuf (subscriber, #69389) [Link]
How Red Hat uses GitLab for kernel development
Posted Oct 5, 2021 18:01 UTC (Tue) by johannbg (subscriber, #65743) [Link]
How Red Hat uses GitLab for kernel development
Posted Oct 6, 2021 17:33 UTC (Wed) by prarit (guest, #27126) [Link]
How Red Hat uses GitLab for kernel development
Posted Oct 3, 2021 18:02 UTC (Sun) by marcH (subscriber, #57642) [Link]
>Perhaps the biggest concern, though, has to do with making GitLab into a single point of failure; what if the company is bought out by somebody who is hostile to Red Hat and its goals?
SPOF / centralization is the only real problem. All other issues are either fairly easy to solve or solved already (kudos to RedHat for trying to move things forward _and_ sharing their efforts)
So the next (and big!) step is to find some good distributed database model and implement a free software forge based on it. Funny enough that sounds very much like what Bitkeeper and then git achieved.
> In that case, it would be relatively easy to pull all of the necessary data out of the system; the Git trees are already mirrored elsewhere. They have a script now that can take all of the comments from GitLab and dump them into a public-inbox instance.
Sure but that would be a huge step back.
How Red Hat uses GitLab for kernel development
Posted Oct 7, 2021 12:22 UTC (Thu) by fung1 (subscriber, #144307) [Link]
>
> So the next (and big!) step is to find some good distributed database model and implement a free software forge based on it. Funny enough that sounds very much like what Bitkeeper and then git achieved.
As of a few years ago, Gerrit moved all comments and discussions into Git objects so they can be replicated and fetched along with the merged commits and proposed changes for a repository. They basically got rid of the RDBMS entirely, except for one UI-related feature for tracking which specific files you've already "seen" when reviewing a particular version of a patch (which has fairly ephemeral utility at best, and almost nobody I know relies on that behavior anyway).
Fossil
Posted Oct 21, 2021 22:36 UTC (Thu) by marcH (subscriber, #57642) [Link]
Also realized I forgot to mention Fossil:
https://www.fossil-scm.org/home/doc/trunk/www/fossil-v-gi...
"One way to describe Fossil is that it is "GitHub-in-a-box."
That's probably because I never used it and also because I violently disagree with the lack of history rewriting:
> When every commit is pushed to the parent repo by default, it encourages a working style in which every commit is tested first. It encourages thinking before acting. We believe this is an inherently good thing.
Very ironic considering I use git rebase -i to _test_ a variety of "what if" scenarios every single day.
I find the rest of the page very impressive.
Fossil
Posted Oct 22, 2021 10:56 UTC (Fri) by farnz (subscriber, #17727) [Link]
There's arguably two separate sets of workflows you want out of your SCM:
- Immutable shared history, showing how the product developed. This is curated by the committers to tell a story about the code.
- Mutable private history, where you're checkpointing your work in interesting places so that nothing of interest is lost when you try something out. You will later rebase and restack this to become the immutable shared history you push.
The ability to share the mutable history is useful in some cases, but to do it well adds a lot of complexity (see Mercurial's "Changeset Evolution" extension). But the ability to work locally and store up commits of random changes, then to build and test the final history you wish to push, is extremely useful.
Fossil
Posted Oct 22, 2021 20:56 UTC (Fri) by flussence (subscriber, #85566) [Link]
git "volatile" branches
Posted Oct 25, 2021 0:41 UTC (Mon) by marcH (subscriber, #57642) [Link]
> ...
> The ability to share the mutable history is useful in some cases, ...
Yes it would save a lot of confusion if git provided some kind of "volatile" branch marker so publishers can share their intentions and set mutability expectations. Currently this is performed with poor branch naming conventions or worse: pure word of mouth.
Giving the distinction between 1. and 2. a name would elevate it and also clarify the recurring "don't rebase public branches" advice which is exactly what intel-next and others do all the time!? And hey, who knows it could even stop questions like "why can't I commit and push at the same time" from Fossil and other fans.
https://www.google.com/search?q=git+volatile+rebase+branches
How Red Hat uses GitLab for kernel development
Posted Oct 31, 2021 14:12 UTC (Sun) by misc (guest, #73730) [Link]
While federation do not solve the issue of centralization (as we still need some reference point), it reduce the risks of SPOF, and by making forges interoperable, it would also limit problem if one turn bad.
How Red Hat uses GitLab for kernel development
Posted Oct 4, 2021 9:52 UTC (Mon) by jezuch (subscriber, #52988) [Link]
How Red Hat uses GitLab for kernel development
Posted Oct 5, 2021 9:49 UTC (Tue) by anselm (subscriber, #2796) [Link]
I'm in charge of our company's Gitlab instance and it doesn't require “constant babysitting”. Gitlab publishes new versions on a regular basis (feature updates every month, and bug fix/security updates in between as needed), but these generally install completely seamlessly and with minimal downtime if any.
How Red Hat uses GitLab for kernel development
Posted Oct 5, 2021 14:37 UTC (Tue) by jezuch (subscriber, #52988) [Link]
How Red Hat uses GitLab for kernel development
Posted Oct 22, 2021 13:27 UTC (Fri) by Klavs (guest, #10563) [Link]
How Red Hat uses GitLab for kernel development
Posted Oct 4, 2021 10:37 UTC (Mon) by taladar (subscriber, #68407) [Link]