From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by sourceware.org (Postfix) with ESMTPS id 564AA385608E for ; Thu, 16 Jun 2022 22:49:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 564AA385608E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=osuosl.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=osuosl.org Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 2F322418F8 for ; Thu, 16 Jun 2022 22:49:31 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 2F322418F8 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=osuosl.org; s=default; t=1655419771; bh=qBpJmekOpRk22OUBeohEQZgCbD8GnmVvDRxnZy5Ke0w=; h=Subject:From:Reply-To:In-Reply-To:References:Cc:Date:From; b=NVgAEf3v+If4HwXXGJHAuSc/VnMTym8g7G7KEgO3vna/qw4qivv8kQwyR2LozJscG cVd1BmI6MklrNLe+PvkwbkV8AlWUo20v+B48cqVIDBiIZxJB+ekFbeUnLP+9ZrfOC6 Gs+HB8tvTgXHQ3SyXczS3hY8ocbSpAW9UHF7uhRGlKlryV3XsILuDxbSgsIiXKkjOR hHdixcLdLYPKEChMq3BHwdGNj/o+Xq7vGDqVRgN+jOMR7O4jW3nAWxviItRynnVEIj ZL9uSQeTOX/dZnKQJ8b0A3QjjsfIWERdt72EtjBZvDeJEBR8nyrGmlwl58UFIybsta /ederNUueLWXQ== X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jnxlTUMcqzDL for ; Thu, 16 Jun 2022 22:49:29 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp4.osuosl.org (Postfix) with ESMTP id CDC61418F4 for ; Thu, 16 Jun 2022 22:49:29 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org CDC61418F4 Received: by ash.osuosl.org (Postfix, from userid 81) id B41111C1162; Thu, 16 Jun 2022 22:49:29 +0000 (UTC) Subject: Re: [support.osuosl.org #32563] Request CI hosting for builder.sourceware.org From: " via RT" Reply-To: hosting-request@osuosl.org In-Reply-To: References: Message-ID: Precedence: bulk X-RT-Loop-Prevention: support.osuosl.org RT-Ticket: support.osuosl.org #32563 Managed-by: RT 4.0.4 (http://www.bestpractical.com/rt/) RT-Originator: mark@klomp.org Cc: buildbot@sourceware.org MIME-Version: 1.0 X-RT-Original-Encoding: utf-8 Content-type: multipart/mixed; boundary="----------=_1655419769-176523-1" Date: Thu, 16 Jun 2022 15:49:29 -0700 X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, MISSING_HEADERS, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: buildbot@sourceware.org X-Mailman-Version: 2.1.29 List-Id: "The https://builder.sourceware.org/ buildbot" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2022 22:49:34 -0000 This is a multi-part message in MIME format... ------------=_1655419769-176523-1 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" Hi Lance, On Thu, Jun 16, 2022 at 10:40:42AM -0700, Lance Albertson via RT wrote: > On Tue Jun 07 15:25:09 2022, mark@klomp.org wrote: > > Yes. I didn't know if it was appropriate to include a public list on osuosl > > tickets. But I added the builder project email address buildbot@sourceware.org > > to this email. > > We've done it with other projects so it shouldn't be a problem as long as you're > OK with it. Yes, this makes sure all builder contributors know what is being setup. > > Fedora would be fine. But for the other container builders we are actually > > using Fedora CoreOS, which is an auto updating variant (which is great for our > > zero maintenance infrastructure). We could install that ourselves. Or go with > > plain Fedora if we make sure it also autoupdates. > > I haven't had a chance to get in the data center to allocate a system. I'm > hoping to get to that next week. Sorry for the delay! I'll try and get Fedora > CoreOS installed. If you could use something like the attached butane/ignition file that would be great. You might need to change the disk device name if it isn't /dev/vda but everything else (except the hostname) is generic and allows the buildbot to connect to it through ssh directly (might be on a different port behind NAT). This is all the state/config needed. Everything else (docker images, git repos, buildbot workers, builds, etc) can/will be regenerated when needed. So we don't need any backups, because the whole setup can be regenerated by this butane.yaml file. Assuming you are using openstack, see also https://docs.fedoraproject.org/en-US/fedora-coreos/provisioning-openstack/ You don't need to use my ssh key for the core user. With this setup I don't really need access. You can assign a different authorized key if you want to have access yourself. But we can also go with plain Fedora and then I'll setup docker and the builder user up myself. > > > We typically name systems as -.osuosl.org. So > > > I'd assume we'd go with sourceware-.osuosl.org. Do you have a > > > hostname in mind? > > > > sourceware-builder.osuosl.org but note that we don't need a public reachable > > host. All that is needed is a port to access it through ssh, which doesn't > > need to be port 22. > > I'll likely go with sourceware-builder1.osuosl.org so we can easily increment it > if we add more hosts. I like that :) Thanks, Mark ------------=_1655419769-176523-1 Content-Type: text/plain; charset="utf-8"; name="osuosl-butane.yaml" Content-Disposition: inline; filename="osuosl-butane.yaml" Content-Transfer-Encoding: 7bit RT-Attachment: 32563/694304/2274882 variant: fcos version: 1.4.0 storage: disks: - device: /dev/vda wipe_table: false partitions: # 10GB root (already exists, resize) - number: 4 label: root size_mib: 10240 resize: true # 8GB swap - number: 5 label: swap size_mib: 8192 # Everything else for /var (which includes everything writable) - size_mib: 0 label: var filesystems: - device: /dev/disk/by-partlabel/swap format: swap wipe_filesystem: true with_mount_unit: true - path: /var device: /dev/disk/by-partlabel/var # We can select the filesystem we'd like. format: ext4 wipe_filesystem: true # Ask Butane to generate a mount unit for us so that this filesystem # gets mounted in the real root. with_mount_unit: true files: - path: /etc/hostname mode: 0644 contents: inline: sourceware-builder1 systemd: units: # Create and set selinux context for shared builder dir - name: builder-shared-dir.service enabled: true contents: | [Unit] Description=Builder shared dir Wants=network-online.target After=network-online.target Before=zincati.service ConditionPathExists=!/var/lib/%N.stamp [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/mkdir -p /home/builder/shared ExecStart=/bin/chown builder.builder /home/builder/shared ExecStart=/bin/chcon -t container_file_t /home/builder/shared ExecStart=/bin/touch /var/lib/%N.stamp [Install] WantedBy=multi-user.target passwd: users: - name: core ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgVJJnY8zh8uHn8d/E7p4j+9ueTvTHMRYOS0kkGhHBC7JmxCw6/EvbnbTsI0CQeyIJHlmPIqDVgRVjijcTWacd3vIdazzH9sqs65nl49yMnA23tIya4VWlbHC3J4x/LL84A4GaJO/FVF2vv6hVg3IGbopp5KX+pr6s56TiWddSDqMgjb7rSzjWuNyRK75ToctL7Y/Zn6st3ZioO7LXq3ghkWf8JR7ZaUFIY6P1qS5heiCHP0PxQJSrtpYzH3rKJoHpIkjxnsB/sD0C05cAdlzXBTUVTNLY+DPlQ7FeRkG+VK91briG4tvQ8ohhEiC9HuJu1AKMNWBZ9qeUwsXaJvNz - name: builder uid: 1001 groups: [docker] ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnB//uE66TX+nmLuox3ETfZ7dvjUl2mlwN4Q+107EWCuP05eKxcahyzwenmzODzzC8/hUVeUtuCJJyMW8+CpqCluHd2bEUT9WIzP1C/T22jBUbhY7zXLufSYfKmZe9zHNUizEbqbGAfR01D3jv3wis8JNOq/yopGLKJmAPd/Ye8XN5lsfAUTREIF+xygjxSb6SZPU9UvKlJmnwZoCN2Fd1u4IhSWBcD3dyZyirD80ZLGsSdOUmzX2Z2NaSI5tG6MxjYtQZbzmsG/Z0HY1Y/KiSolX989+7dMKMy2V911SkS6Cx9aVuSY+ig9Rq6GpfjGkBnHrNCCeVFe8PlYJl6DXZ ------------=_1655419769-176523-1--