summaryrefslogtreecommitdiffstats
path: root/hosts/jtk1b-armhf-rb/etc
diff options
context:
space:
mode:
authorVagrant Cascadian <vagrant@debian.org>2017-08-02 17:03:03 -0400
committerHolger Levsen <holger@layer-acht.org>2017-08-03 16:22:39 -0400
commit4c5ea6af7385064575531b1572c9bebf999b005d (patch)
treec8528a53c4157d3e5b945149e887f5eaf117a247 /hosts/jtk1b-armhf-rb/etc
parent34c1dd358e6879664f12703ccdcd1e88f11854b1 (diff)
downloadjenkins.debian.net-4c5ea6af7385064575531b1572c9bebf999b005d.tar.xz
reproducible: Add two new armhf builders (jtk1b, jtx1b).
Temporarily disable two armhf build nodes (jtk1a down, ff64a too slow). Add an additional build job, as the new machines have more capacity than the old. Signed-off-by: Holger Levsen <holger@layer-acht.org>
Diffstat (limited to 'hosts/jtk1b-armhf-rb/etc')
-rw-r--r--hosts/jtk1b-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions1
-rw-r--r--hosts/jtk1b-armhf-rb/etc/apt/apt.conf.d/80proxy2
-rw-r--r--hosts/jtk1b-armhf-rb/etc/apt/listchanges.conf6
-rw-r--r--hosts/jtk1b-armhf-rb/etc/apt/sources.list11
-rwxr-xr-xhosts/jtk1b-armhf-rb/etc/cron.d/dsa10
-rw-r--r--hosts/jtk1b-armhf-rb/etc/logrotate.d/jenkins.debian.net-update_jdn9
-rw-r--r--hosts/jtk1b-armhf-rb/etc/munin/munin-node.conf66
-rw-r--r--hosts/jtk1b-armhf-rb/etc/munin/plugin-conf.d/df6
-rw-r--r--hosts/jtk1b-armhf-rb/etc/munin/plugin-conf.d/diskstats4
-rw-r--r--hosts/jtk1b-armhf-rb/etc/munin/plugin-conf.d/munin-node117
-rwxr-xr-xhosts/jtk1b-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds56
-rwxr-xr-xhosts/jtk1b-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup17
-rwxr-xr-xhosts/jtk1b-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup21
-rwxr-xr-xhosts/jtk1b-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment56
-rw-r--r--hosts/jtk1b-armhf-rb/etc/pbuilderrc53
-rw-r--r--hosts/jtk1b-armhf-rb/etc/postfix/main.cf41
-rwxr-xr-xhosts/jtk1b-armhf-rb/etc/rc.local105
-rw-r--r--hosts/jtk1b-armhf-rb/etc/schroot/default/fstab24
-rw-r--r--hosts/jtk1b-armhf-rb/etc/schroot/default/nssdatabases11
-rw-r--r--hosts/jtk1b-armhf-rb/etc/sudoers.d/jenkins51
-rw-r--r--hosts/jtk1b-armhf-rb/etc/sudoers.d/jenkins-adm7
-rw-r--r--hosts/jtk1b-armhf-rb/etc/systemd/system/rc-local.service.d/local.conf4
22 files changed, 678 insertions, 0 deletions
diff --git a/hosts/jtk1b-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions b/hosts/jtk1b-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions
new file mode 100644
index 00000000..2318f84e
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions
@@ -0,0 +1 @@
+Acquire::Languages "none";
diff --git a/hosts/jtk1b-armhf-rb/etc/apt/apt.conf.d/80proxy b/hosts/jtk1b-armhf-rb/etc/apt/apt.conf.d/80proxy
new file mode 100644
index 00000000..9e738254
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/apt/apt.conf.d/80proxy
@@ -0,0 +1,2 @@
+Acquire::http::Proxy "http://10.0.0.15:8000/";
+
diff --git a/hosts/jtk1b-armhf-rb/etc/apt/listchanges.conf b/hosts/jtk1b-armhf-rb/etc/apt/listchanges.conf
new file mode 100644
index 00000000..8b598c0a
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/apt/listchanges.conf
@@ -0,0 +1,6 @@
+[apt]
+frontend=mail
+email_address=root
+confirm=0
+save_seen=/var/lib/apt/listchanges.db
+which=both
diff --git a/hosts/jtk1b-armhf-rb/etc/apt/sources.list b/hosts/jtk1b-armhf-rb/etc/apt/sources.list
new file mode 100644
index 00000000..a26fb33d
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/apt/sources.list
@@ -0,0 +1,11 @@
+deb http://deb.debian.org/debian/ stretch main contrib non-free
+#deb-src http://deb.debian.org/debian/ stretch main contrib non-free
+
+deb http://deb.debian.org/debian/ stretch-updates main contrib non-free
+#deb-src http://deb.debian.org/debian/ stretch-updates main contrib non-free
+
+deb http://security.debian.org/ stretch/updates main contrib non-free
+#deb-src http://security.debian.org/ stretch/updates main contrib non-free
+
+deb http://deb.debian.org/debian/ stretch-backports main contrib non-free
+#deb-src http://deb.debian.org/debian/ stretch-backports main contrib non-free
diff --git a/hosts/jtk1b-armhf-rb/etc/cron.d/dsa b/hosts/jtk1b-armhf-rb/etc/cron.d/dsa
new file mode 100755
index 00000000..9be64c36
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/cron.d/dsa
@@ -0,0 +1,10 @@
+# m h dom mon dow (0|7=sun,1=mon) command
+
+#
+# cron-jobs for jenkins.debian.net and nodes
+#
+
+MAILTO=root
+
+0 1,13 * * * nobody /usr/bin/chronic /usr/local/bin/dsa-check-running-kernel
+2 1,13 * * * nobody /usr/bin/chronic /usr/local/bin/dsa-check-packages
diff --git a/hosts/jtk1b-armhf-rb/etc/logrotate.d/jenkins.debian.net-update_jdn b/hosts/jtk1b-armhf-rb/etc/logrotate.d/jenkins.debian.net-update_jdn
new file mode 100644
index 00000000..c1f207a7
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/logrotate.d/jenkins.debian.net-update_jdn
@@ -0,0 +1,9 @@
+/var/log/jenkins/update_jdn.log {
+ daily
+ copytruncate
+ missingok
+ rotate 7
+ compress
+ delaycompress
+ notifempty
+}
diff --git a/hosts/jtk1b-armhf-rb/etc/munin/munin-node.conf b/hosts/jtk1b-armhf-rb/etc/munin/munin-node.conf
new file mode 100644
index 00000000..c986ea07
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/munin/munin-node.conf
@@ -0,0 +1,66 @@
+#
+# Example config-file for munin-node
+#
+
+log_level 4
+log_file /var/log/munin/munin-node.log
+pid_file /var/run/munin/munin-node.pid
+
+background 1
+setsid 1
+
+user root
+group root
+
+# This is the timeout for the whole transaction.
+# Units are in sec. Default is 15 min
+#
+# global_timeout 900
+
+# This is the timeout for each plugin.
+# Units are in sec. Default is 1 min
+#
+# timeout 60
+
+# Regexps for files to ignore
+ignore_file [\#~]$
+ignore_file DEADJOE$
+ignore_file \.bak$
+ignore_file %$
+ignore_file \.dpkg-(tmp|new|old|dist)$
+ignore_file \.rpm(save|new)$
+ignore_file \.pod$
+
+# Set this if the client doesn't report the correct hostname when
+# telnetting to localhost, port 4949
+#
+#host_name localhost.localdomain
+
+# A list of addresses that are allowed to connect. This must be a
+# regular expression, since Net::Server does not understand CIDR-style
+# network notation unless the perl module Net::CIDR is installed. You
+# may repeat the allow line as many times as you'd like
+
+allow ^127\.0\.0\.1$
+allow ^::1$
+
+# If you have installed the Net::CIDR perl module, you can use one or more
+# cidr_allow and cidr_deny address/mask patterns. A connecting client must
+# match any cidr_allow, and not match any cidr_deny. Note that a netmask
+# *must* be provided, even if it's /32
+#
+# Example:
+#
+# cidr_allow 127.0.0.1/32
+# cidr_allow 192.0.2.0/24
+# cidr_deny 192.0.2.42/32
+
+# Which address to bind to;
+host *
+# host 127.0.0.1
+
+# And which port
+port 4949
+
+allow ^78\.137\.96\.196
+hostname jtk1b-armhf-rb.debian.net
diff --git a/hosts/jtk1b-armhf-rb/etc/munin/plugin-conf.d/df b/hosts/jtk1b-armhf-rb/etc/munin/plugin-conf.d/df
new file mode 100644
index 00000000..b3fdadcb
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/munin/plugin-conf.d/df
@@ -0,0 +1,6 @@
+[df*]
+env.exclude none unknown iso9660 squashfs udf romfs ramfs debugfs devtmpfs sysfs
+env.exclude_re /srv/workspace/pbuilder /run /dev/disk/by /var/lib/schroot/mount /srv/workspace/varlibschroot /dev/shm /sys/fs/cgroup
+env.warning 92
+env.critical 98
+
diff --git a/hosts/jtk1b-armhf-rb/etc/munin/plugin-conf.d/diskstats b/hosts/jtk1b-armhf-rb/etc/munin/plugin-conf.d/diskstats
new file mode 100644
index 00000000..2d11f397
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/munin/plugin-conf.d/diskstats
@@ -0,0 +1,4 @@
+[diskstats]
+env.trim_labels yes
+env.include_only /dev/sda
+
diff --git a/hosts/jtk1b-armhf-rb/etc/munin/plugin-conf.d/munin-node b/hosts/jtk1b-armhf-rb/etc/munin/plugin-conf.d/munin-node
new file mode 100644
index 00000000..e766928f
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/munin/plugin-conf.d/munin-node
@@ -0,0 +1,117 @@
+# This file is used to configure how the plugins are invoked.
+# Place in /etc/munin/plugin-conf.d/ or corresponding directory.
+#
+# PLEASE NOTE: Changes in the plugin-conf.d directory are only
+# read at munin-node startup, so restart at any changes.
+#
+# user <user> # Set the user to run the plugin as.
+# group <group> # Set the group to run the plugin as.
+# command <command> # Run <command> instead of the plugin. %c expands to
+# what would normally be run.
+# env.<variable> <value> # Sets <variable> in the plugin's environment, see the
+# individual plugins to find out which variables they
+# care about.
+
+
+[amavis]
+group adm
+env.MUNIN_MKTEMP /bin/mktemp -p /tmp/ $1
+env.amavislog /var/log/mail.info
+
+[apt]
+user root
+
+[courier_mta_mailqueue]
+group daemon
+
+[courier_mta_mailstats]
+group adm
+
+[courier_mta_mailvolume]
+group adm
+
+[cps*]
+user root
+
+[exim_mailqueue]
+group adm, (Debian-exim)
+
+[exim_mailstats]
+group adm, (Debian-exim)
+env.logdir /var/log/exim4/
+env.logname mainlog
+
+[fw_conntrack]
+user root
+
+[fw_forwarded_local]
+user root
+
+[hddtemp_smartctl]
+user root
+
+[hddtemp2]
+user root
+
+[if_*]
+user root
+
+[if_err_*]
+user nobody
+
+[ip_*]
+user root
+
+[ipmi_*]
+user root
+
+[mysql*]
+user root
+env.mysqlopts --defaults-file=/etc/mysql/debian.cnf
+env.mysqluser debian-sys-maint
+env.mysqlconnection DBI:mysql:mysql;mysql_read_default_file=/etc/mysql/debian.cnf
+
+[postfix_mailqueue]
+user postfix
+
+[postfix_mailstats]
+group adm
+
+[postfix_mailvolume]
+group adm
+env.logfile mail.log
+
+[smart_*]
+user root
+
+[vlan*]
+user root
+
+[ejabberd*]
+user ejabberd
+env.statuses available away chat xa
+env.days 1 7 30
+
+[dhcpd3]
+user root
+env.leasefile /var/lib/dhcp3/dhcpd.leases
+env.configfile /etc/dhcp3/dhcpd.conf
+
+[jmx_*]
+env.ip 127.0.0.1
+env.port 5400
+
+[samba]
+user root
+
+[munin_stats]
+user munin
+group munin
+
+[postgres_*]
+user postgres
+env.PGUSER postgres
+env.PGPORT 5432
+
+[fail2ban]
+user root
diff --git a/hosts/jtk1b-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds b/hosts/jtk1b-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds
new file mode 100755
index 00000000..e990c127
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds
@@ -0,0 +1,56 @@
+#!/bin/sh
+# -*- sh -*-
+
+: << =cut
+
+=head1 NAME
+
+jenkins_reproducible_builds - Plugin to measure number of reproducible builds running
+
+=head1 AUTHOR
+
+Contributed by Holger Levsen
+
+=head1 LICENSE
+
+GPLv2
+
+=head1 MAGIC MARKERS
+
+ #%# family=auto
+ #%# capabilities=autoconf
+
+=cut
+
+. $MUNIN_LIBDIR/plugins/plugin.sh
+
+if [ "$1" = "autoconf" ]; then
+ echo yes
+ exit 0
+fi
+
+JOB_PREFIXES="first second"
+if [ "$1" = "config" ]; then
+ echo 'graph_title Concurrent reproducible builds running'
+ echo 'graph_args --base 1000 -l 0 '
+ echo 'graph_scale no'
+ echo 'graph_total total'
+ echo 'graph_vlabel Concurrent reproducible builds running'
+ echo 'graph_category jenkins'
+ draw=AREA
+ for PREFIX in $JOB_PREFIXES ; do
+ echo "jenkins_reproducible_${PREFIX}_build.label $PREFIX build"
+ echo "jenkins_reproducible_${PREFIX}_build.draw $draw"
+ if [ "$draw" = "AREA" ] ; then draw=STACK ; fi
+ done
+ exit 0
+fi
+
+for PREFIX in $JOB_PREFIXES ; do
+ if [ "$PREFIX" = "first" ] ; then
+ NR=$(pgrep -fc "bin/bash /srv/jenkins/bin/reproducible_build.sh 1")
+ else
+ NR=$(pgrep -fc "bin/bash /srv/jenkins/bin/reproducible_build.sh 2")
+ fi
+ echo "jenkins_reproducible_${PREFIX}_build.value $NR"
+ done
diff --git a/hosts/jtk1b-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup b/hosts/jtk1b-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup
new file mode 100755
index 00000000..334e03a2
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+BUILDDIR="${BUILDDIR:-/tmp/buildd}"
+
+# exit if we are in the same UTS namespace as init ( != 2nd build )
+[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0
+
+# cease using disorderfs
+if [ -d /tmp/disorderfs ] ; then
+ echo -n "Unmounting /tmp/disorderfs…"
+ fusermount -z -u "$BUILDDIR"
+ rmdir "$BUILDDIR"
+ mv /tmp/disorderfs "$BUILDDIR"
+ echo " done."
+fi
diff --git a/hosts/jtk1b-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup b/hosts/jtk1b-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup
new file mode 100755
index 00000000..47719ae7
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+BUILDDIR="${BUILDDIR:-/tmp/buildd}"
+
+echo "debug output: disk usage on $(hostname) at $(date -u)"
+df -h
+echo
+
+# exit if we are in the same UTS namespace as init ( != 2nd build )
+[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0
+
+# cease using disorderfs
+if [ -d /tmp/disorderfs ] ; then
+ echo -n "Unmounting /tmp/disorderfs…"
+ fusermount -z -u "$BUILDDIR"
+ rmdir "$BUILDDIR"
+ mv /tmp/disorderfs "$BUILDDIR"
+ echo " done."
+fi
diff --git a/hosts/jtk1b-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment b/hosts/jtk1b-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment
new file mode 100755
index 00000000..4b4c9ab3
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+set -e
+
+BUILDDIR="${BUILDDIR:-/tmp/buildd}"
+
+# exit if we are in the same UTS namespace as init ( != 2nd build )
+[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0
+
+#
+# doing variations for the 2nd builds:
+#
+REAL_HOSTNAME=$(hostname)
+echo "disorder-fs debug: Running on $REAL_HOSTNAME."
+
+echo "I: Changing host+domainname to test build reproducibility" >&2
+sed -e '/^127.0.0.1/s/$/ i-capture-the-hostname i-capture-the-hostname.i-capture-the-domain/' -i /etc/hosts
+hostname i-capture-the-hostname
+domainname i-capture-the-domain
+echo "I: Adding a custom variable just for the fun of it..." >&2
+export CAPTURE_ENVIRONMENT="I capture the environment"
+
+echo "I: Changing /bin/sh to bash" >&2
+echo "dash dash/sh boolean false" | debconf-set-selections
+DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash
+if [ -n "$BUILDUSERNAME" ] ; then
+ echo "I: Setting $BUILDUSERNAME's login shell to /bin/bash" >&2
+ usermod -s /bin/bash $BUILDUSERNAME
+ if [ -n "$BUILDUSERGECOS" ] ; then
+ echo "I: Setting $BUILDUSERNAME's GECOS to $BUILDUSERGECOS" >&2
+ usermod -c "$BUILDUSERGECOS" $BUILDUSERNAME
+ fi
+fi
+
+# disable disorderfs due to #844498
+#exit 0
+# use disorderfs on armhf only for now
+if [ "$(dpkg --print-architecture)" != "armhf" ] ; then
+ exit 0
+elif [ "$REAL_HOSTNAME" != "bpi0" ] ; then
+ exit 0
+else
+ echo "disorder-fs debug: bpi0, yay, enabling disorderfs now…"
+fi
+
+# use disorderfs
+if [ -x /usr/bin/disorderfs ] ; then
+ echo -n "Moving $BUILDDIR to /tmp/disorderfs and mounting this as $BUILDDIR via the fuse disorderfs…"
+ mknod -m 666 /dev/fuse c 10 229
+ mv "$BUILDDIR" /tmp/disorderfs
+ mkdir "$BUILDDIR"
+ disorderfs --multi-user=yes /tmp/disorderfs "$BUILDDIR"
+ echo " done."
+else
+ echo "Warning: disorderfs not available."
+fi
diff --git a/hosts/jtk1b-armhf-rb/etc/pbuilderrc b/hosts/jtk1b-armhf-rb/etc/pbuilderrc
new file mode 100644
index 00000000..d97c552b
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/pbuilderrc
@@ -0,0 +1,53 @@
+# this is your configuration file for pbuilder.
+# the file in /usr/share/pbuilder/pbuilderrc is the default template.
+# /etc/pbuilderrc is the one meant for overwriting defaults in
+# the default template
+#
+# read pbuilderrc.5 document for notes on specific options.
+#
+# cater for different locations
+case $HOSTNAME in
+ jenkins|jenkins-test-vm|profitbricks-build*)
+ MIRRORSITE=http://deb.debian.org/debian ;;
+ bbx15|bpi0|cb3*|cbxi4*|hb0|wbq0|odxu4*|odu3*|odc*|wbd0|rpi2*|ff*|ff4*|opi2*|jt?1*|p64*)
+
+ MIRRORSITE=http://deb.debian.org/debian ;;
+ codethink*)
+ MIRRORSITE=http://deb.debian.org/debian ;;
+ *)
+ echo "unsupported host, exiting." ; exit 1 ;;
+esac
+# only use eatmydata on armhf+i386 - on amd64+arm64 we build in tmpfs anyway
+case $HOSTNAME in
+ profitbricks-build*i386)
+ EATMYDATA=yes ;;
+ bbx15|bpi0|cb3*|cbxi4*|hb0|wbq0|odxu4*|odu3*|odc*|wbd0|rpi2*|ff*|ff4*|opi2*|jt?1*|p64*)
+ EATMYDATA=yes ;;
+ *) ;;
+esac
+EXTRAPACKAGES="" # better list them in bin/reproducible_setup_pbuilder.sh
+APTCACHE=""
+COMPRESSPROG="pigz"
+BUILDPLACE=/srv/workspace/pbuilder # build in /srv/workspace, which is in tmpfs
+
+# set PATH to predictable values, see #780729 and #780725
+PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"
+
+# used for reproducible builds tests, when doing the 2nd build
+if [ "$(readlink /proc/1/ns/uts)" != "$(readlink /proc/self/ns/uts)" ]; then
+ PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path"
+fi
+
+# needed to ignore failures due to running 398 days in the future…
+# (only on those 4 nodes running in the future…)
+if [ "$HOSTNAME" = "profitbricks-build5-amd64" ] || [ "$HOSTNAME" = "profitbricks-build6-i386" ] || \
+ [ "$HOSTNAME" = "profitbricks-build15-amd64" ] || [ "$HOSTNAME" = "profitbricks-build16-i386" ] || \
+ [ "$HOSTNAME" = "codethink-sled9-arm64" ] || [ "$HOSTNAME" = "codethink-sled11-arm64" ] || \
+ [ "$HOSTNAME" = "codethink-sled13-arm64" ] || [ "$HOSTNAME" = "codethink-sled15-arm64" ] ; then
+ case "$PBUILDER_OPERATION" in
+ create)
+ APTGETOPT=(-o Acquire::Check-Valid-Until="false")
+ ;;
+ *) ;;
+ esac
+fi
diff --git a/hosts/jtk1b-armhf-rb/etc/postfix/main.cf b/hosts/jtk1b-armhf-rb/etc/postfix/main.cf
new file mode 100644
index 00000000..5434f975
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/postfix/main.cf
@@ -0,0 +1,41 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific: Specifying a file name will cause the first
+# line of that file to be used as the name. The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = jtk1b-armhf-rb.debian.net
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+mydestination = jtk1b-armhf-rb.debian.net, localhost
+relayhost = mail.holgerlevsen.de
+#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mynetworks = 127.0.0.0/8
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+mailbox_command = /usr/bin/procmail -a "$EXTENSION"
diff --git a/hosts/jtk1b-armhf-rb/etc/rc.local b/hosts/jtk1b-armhf-rb/etc/rc.local
new file mode 100755
index 00000000..aa6bfefc
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/rc.local
@@ -0,0 +1,105 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+
+set -x
+
+send_back_to_the_future() {
+ # stop ntp
+ service ntp stop || true
+ # disable systemd date services (and don't fail if systemd ain't running)
+ systemctl disable systemd-timesyncd || true
+ systemctl disable systemd-timedated || true
+ systemctl disable ntp.service || true
+ systemctl stop systemd-timesyncd || true
+ systemctl stop systemd-timedated || true
+ systemctl stop ntp.service || true
+ # set correct date
+ ntpdate -b de.pool.ntp.org
+ # set fake date
+ date --set="+398 days +6 hours + 23 minutes"
+ # finally report success
+ echo "$(date -u) - system is running in the future now" | mail -s "$(hostname -f) in the future" root
+}
+
+put_schroots_on_tmpfs() {
+ # keep schroot sessions on tmpfs
+ [ -L /var/lib/schroot ] || echo "$(date -u) - /var/lib/schroot is not a link (to /srv/workspace/varlibschroot/) as it should, please fix manually"
+ mkdir -p /srv/workspace/varlibschroot
+ cd /srv/workspace/varlibschroot || exit 1
+ mkdir -p mount session union unpack
+ mkdir -p union/overlay union/underlay
+}
+
+fixup_shm() {
+ # this is always harmless
+ chmod 1777 /dev/shm
+}
+
+fixup_mtu() {
+ # only act on systems which have eth0
+ if ip link show eth0 >/dev/null 2>&1 ; then
+ # if MTU != 1500 set it to 1500
+ if [ -z "$(ip link show eth0 | grep 'eth0:' | grep 'mtu 1500 ' || true)" ] ; then
+ ip link set dev eth0 mtu 1500
+ fi
+ ip link show eth0
+ fi
+}
+
+#
+# init, notify about reboots
+#
+MESSAGE="$(hostname -f) rebooted"
+echo "$(date -u) - system was rebooted" | mail -s "$MESSAGE" root
+
+#
+# notify jenkins reboots on irc
+#
+if [ "$(hostname)" = "jenkins" ] ; then
+ for channel in debian-qa debian-reproducible ; do
+ kgb-client --conf /srv/jenkins/kgb/$channel.conf --relay-msg "$MESSAGE"
+ done
+fi
+
+#
+# fixup /(dev|run)/shm if needed
+#
+fixup_shm
+
+#
+# fixup eth0's MTU if needed
+fixup_mtu
+
+#
+# put schroots on tmpfs for non debian hosts
+#
+case $(hostname) in
+ profitbricks-build3*) put_schroots_on_tmpfs ;;
+ profitbricks-build4*) put_schroots_on_tmpfs ;;
+ profitbricks-build7*) put_schroots_on_tmpfs ;;
+ *) ;;
+esac
+
+#
+# run some hosts in the future
+#
+case $(hostname) in
+ codethink-sled9*) send_back_to_the_future ;;
+ codethink-sled11*) send_back_to_the_future ;;
+ codethink-sled13*) send_back_to_the_future ;;
+ codethink-sled15*) send_back_to_the_future ;;
+ profitbricks-build4*) send_back_to_the_future ;;
+ profitbricks-build5*) send_back_to_the_future ;;
+ profitbricks-build6*) send_back_to_the_future ;;
+ profitbricks-build15*) send_back_to_the_future ;;
+ profitbricks-build16*) send_back_to_the_future ;;
+ *) ;;
+esac
+
+echo "$(date -u) - system booted up."
+exit 0
diff --git a/hosts/jtk1b-armhf-rb/etc/schroot/default/fstab b/hosts/jtk1b-armhf-rb/etc/schroot/default/fstab
new file mode 100644
index 00000000..74468dd2
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/schroot/default/fstab
@@ -0,0 +1,24 @@
+# fstab: static file system information for chroots.
+# Note that the mount point will be prefixed by the chroot path
+# (CHROOT_PATH)
+#
+# <file system> <mount point> <type> <options> <dump> <pass>
+/proc /proc none rw,bind 0 0
+/sys /sys none rw,bind 0 0
+/dev /dev none rw,bind 0 0
+/dev/pts /dev/pts none rw,bind 0 0
+/home /home none rw,bind 0 0
+/tmp /tmp none rw,bind 0 0
+/srv/reproducible-results /srv/reproducible-results none rw,bind 0 0
+/srv/d-i /srv/d-i none rw,bind 0 0
+/srv/jenkins /srv/jenkins none rw,bind 0 0
+/srv/live-build /srv/live-build none rw,bind 0 0
+
+# It may be desirable to have access to /run, especially if you wish
+# to run additional services in the chroot. However, note that this
+# may potentially cause undesirable behaviour on upgrades, such as
+# killing services on the host.
+#/run /run none rw,bind 0 0
+#/run/lock /run/lock none rw,bind 0 0
+/dev/shm /dev/shm none rw,bind 0 0
+/run/shm /run/shm none rw,bind 0 0
diff --git a/hosts/jtk1b-armhf-rb/etc/schroot/default/nssdatabases b/hosts/jtk1b-armhf-rb/etc/schroot/default/nssdatabases
new file mode 100644
index 00000000..72615e5d
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/schroot/default/nssdatabases
@@ -0,0 +1,11 @@
+# System databases to copy into the chroot from the host system.
+#
+# <database name>
+passwd
+shadow
+group
+gshadow
+#services
+protocols
+networks
+hosts
diff --git a/hosts/jtk1b-armhf-rb/etc/sudoers.d/jenkins b/hosts/jtk1b-armhf-rb/etc/sudoers.d/jenkins
new file mode 100644
index 00000000..d249be94
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/sudoers.d/jenkins
@@ -0,0 +1,51 @@
+jenkins ALL= \
+ NOPASSWD: /usr/sbin/debootstrap *, \
+ /usr/bin/tee /schroots/*, \
+ /usr/bin/tee -a /schroots/*, \
+ /usr/bin/tee /etc/schroot/chroot.d/jenkins*, \
+ /bin/chmod +x /schroots/*, \
+ /usr/sbin/chroot /schroots/*, \
+ /usr/sbin/chroot /chroots/*, \
+ /usr/sbin/chroot /media/*, \
+ /bin/ls -la /media/*, \
+ /bin/rm -rf --one-file-system /chroots/*, \
+ /bin/rm -rf --one-file-system /schroots/*, \
+ /bin/rm -rf --one-file-system /srv/live-build/*, \
+ /bin/rm -rf --one-file-system /srv/workspace/pbuilder/*, \
+ /bin/cp -v *.iso /srv/live-build/results/*, \
+ /bin/mv /chroots/* /schroots/*, \
+ /bin/mv /schroots/* /schroots/*, \
+ /bin/umount -l /chroots/*, \
+ /bin/umount -l /schroots/*, \
+ /bin/umount -l /media/*, \
+ /bin/rmdir /media/*, \
+ /bin/mount -o loop*, \
+ /bin/mount --bind *, \
+ /usr/bin/du *, \
+ /bin/kill *, \
+ /usr/bin/file *, \
+ /bin/dd if=/dev/zero of=/dev/jenkins*, \
+ /usr/bin/qemu-system-x86_64 *, \
+ /usr/bin/qemu-img *, \
+ /sbin/lvcreate *, /sbin/lvremove *, \
+ /bin/mkdir -p /media/*, \
+ /usr/bin/guestmount *, \
+ /bin/cp -rv /media/*, \
+ /bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*,\
+ SETENV: NOPASSWD: /usr/sbin/pbuilder *, \
+ SETENV: NOPASSWD: /usr/bin/timeout -k ??.?h ??h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder *, \
+ SETENV: NOPASSWD: /usr/bin/timeout -k ??.?h ??h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \
+ /bin/mv /var/cache/pbuilder/*base*.tgz /var/cache/pbuilder/*base*.tgz, \
+ /bin/rm /var/cache/pbuilder/*base*.tgz, \
+ /bin/rm -v /var/cache/pbuilder/*base*.tgz, \
+ /bin/rm /var/cache/pbuilder/result/*, \
+ /usr/bin/dcmd rm *.changes, \
+ /usr/bin/dcmd rm *.dsc, \
+ /usr/bin/apt-get update, \
+ /usr/bin/killall timeout, \
+ /usr/sbin/slay 1111, \
+ /usr/sbin/slay 2222, \
+ /usr/sbin/slay jenkins
+
+# keep these environment variables
+Defaults env_keep += "http_proxy", env_reset
diff --git a/hosts/jtk1b-armhf-rb/etc/sudoers.d/jenkins-adm b/hosts/jtk1b-armhf-rb/etc/sudoers.d/jenkins-adm
new file mode 100644
index 00000000..3c357be2
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/sudoers.d/jenkins-adm
@@ -0,0 +1,7 @@
+# allow member of the jenkins-adm group to sudo-to the jenkins-adm user (owner
+# of jenkins script) and the jenkins user itself
+%jenkins-adm ALL=(jenkins:jenkins) NOPASSWD: ALL
+%jenkins-adm ALL=(jenkins-adm:jenkins-adm) NOPASSWD: ALL
+# allow jenkins-adm to run everything as root
+%jenkins-adm ALL= NOPASSWD: ALL
+
diff --git a/hosts/jtk1b-armhf-rb/etc/systemd/system/rc-local.service.d/local.conf b/hosts/jtk1b-armhf-rb/etc/systemd/system/rc-local.service.d/local.conf
new file mode 100644
index 00000000..91ed832a
--- /dev/null
+++ b/hosts/jtk1b-armhf-rb/etc/systemd/system/rc-local.service.d/local.conf
@@ -0,0 +1,4 @@
+[Unit]
+After=network-online.target
+Wants=network-online.target
+