z/OS Mainframe support for GitLab CI Runner
There is growing interest from both current customers, as well as those looking at GitLab for SCM and CI, who have IBM z/OS Mainframe's in place and want to tap into the use of GitLab runners in their environment. More broadly, we can generalize based on some anecdotal evidence, and IBM's point of view, that these customers have a desire and a business need to continue to simplify and automate their software development and delivery processes by "moving from traditional mainframe library managers" to modern CI/CD processes and tooling.
And for some IBM Z customers that need to maintain a security posture where source code never leaves their infrastructure, then this means looking at whether the GitLab CI/CD platform can be installed and used on-premise on these customer's IBM Z mainframes. Another key point previously mentioned, is that customers need to maintain 24x7 uptime and so that may also translate to running CI/CD tooling on the IBM Z platform.
Summary of key discussion points with Cindy Lee of the IBM Z Open Source Ecosystem team:
- Our goal at IBM is for GitLab to support zOS natively.
- All Linux on Z customers want GitLab CE to run natively on Linux on Z to maintain the security posture offered by IBM Z mainframes.
- We tried porting GitLab CE to z/OS however there were porting challenges - Ruby package compile issues for example.
- Getting the GitLab Runner to work in a Docker container on zOS is not a challenge. The challenge is in getting GitLab CE to run natively on z/OS.
- IBM's instructions for building Gitlab version 11-7-stable on Linux on IBM Z on Ubuntu 18.04 is attached. Gitlab-CE.md
Potential Steps for getting GitLab CI/CD on IBM Z
Step 1: Create a Docker image for the GitLab Runner that runs on zOS. (Linux on zOS)
For this step, the idea here is that we are trying to get the Runner agent running in the ZCX - Linux on Z docker containers running in z/OS.
So we will need to compile the S390 binaries into the container image. So this means we need the Ubuntu base image and the s390 binaries.
Step 2: Create a Docker image for GitLab Server that runs on zOS
Cindy's feedback is that the idea here is that running the GitLab Runner and GitLab Server as docker containers on the Linux OS on IBM Z are pre-requisities or the first step in providing a solution for IBM Z customers.
"So with this approach, zOS will then be able to take advantage of GitLab Server because of zCX (z/OS Container Extensions), as this product enables a zOS user to run LoZ (Linux on Z) container on zOS so if we do have Linux container for both gitlab-ce and runner, zOS should be ok too. At least that is the theory, I'm sure truth will come out when technical team start working with all these. From my porting work earlier in the year, at least we did get gitlab-ce running pretty well on LoZ."
Technology and Architecture Analysis
IBM Z Mainframes (summary of a few technical points)
IBM Z mainframes supports multiple operating systems. For the purpose of this discussion, the supported operating systems that we are primarily focused on are: z/OS
®and Linux on Z (LoZ) - Linux on Z is the collective term for the Linux operating system compiled to run on IBM mainframes, especially IBM Z and IBM LinuxONE servers. Reference wikipedia
IBM’s partners for Linux on Z are: RedHat, Canonical and SUSE
Docker on IBM Z Mainframes (summary of a few technical points)
- On an IBM mainframe, Linux instances with Docker containers can run in LPAR mode or as a guest of z/VM
®or KVM. LPAR = Logical Partition.
- Scaling options depend on whether you run your Docker hosts in LPAR mode or in virtual machines.
- A typical base image for IBM Z or LinuxONE is a basic root file system of a Linux distribution for the mainframe.
- The image must be compiled for the z/Architecture
®or it must be a multi-arch image that includes support for the z/Architecture.
- You can run Prometheus as a Docker image on the mainframe, but you must build it yourself for the z/Architecture.
zOS Container Extensions (summary of a few technical points)
- z/OS Container Extensions (zCX) enables the ability to run almost any Docker container that can run on Linux on IBM Z in a z/OS environment alongside existing z/OS applications and data without a separate provisioned Linux server.
- Anything with s390x architecture (the IBM Z opcode set) in Docker hub can be run in z/OS Container Extensions.
- z/OS Container Extensions (zCX) is a feature of z/OS V2R4 providing a pre-packaged turn-key Docker environment that includes Linux and Docker Engine components supported directly by IBM.
- No root access is allowed, access is as defined by Docker interfaces. zCX runs as an address space on z/OS that contains a Linux Kernel, Docker Engine, and the containers that can run within that instance.
- Multiple z/CX instances can be deployed within a z/OS System. Note - zCX enables architecting and deploying a hybrid solution consisting of z/OS software and Linux on Z Docker containers on the same z/OS system.
- In a zCX instance you do not have access to the underlying Linux operating system like you do on traditional Linux environments.
- z/OS Container Extensions (zCX) are not a replacement for traditional Linux on Z environments. You can deploy and run any software, that is available as Docker image for IBM Z on the Dockerhub repository in your zCX instances.
Specific customers that have show interest:
Links / references
Other reference docs:
Include problem, use cases, benefits, and/or goals