diff options
author | Holger Levsen <holger@layer-acht.org> | 2017-06-02 13:18:04 +0200 |
---|---|---|
committer | Holger Levsen <holger@layer-acht.org> | 2017-06-02 13:18:04 +0200 |
commit | 344e2a492a776601c7e3b1843102d6918ba30cf0 (patch) | |
tree | 3718c8f2e9584f5facff9a1ebf67a7b7be25ddcf /hosts/p64b-armhf-rb/etc | |
parent | 595ac0c255f140dfb20ef683e994554b93e263b1 (diff) | |
download | jenkins.debian.net-344e2a492a776601c7e3b1843102d6918ba30cf0.tar.xz |
reproducible Debian: fixup directory name and remake link
Signed-off-by: Holger Levsen <holger@layer-acht.org>
Diffstat (limited to 'hosts/p64b-armhf-rb/etc')
22 files changed, 674 insertions, 0 deletions
diff --git a/hosts/p64b-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions b/hosts/p64b-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions new file mode 100644 index 00000000..2318f84e --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions @@ -0,0 +1 @@ +Acquire::Languages "none"; diff --git a/hosts/p64b-armhf-rb/etc/apt/apt.conf.d/80proxy b/hosts/p64b-armhf-rb/etc/apt/apt.conf.d/80proxy new file mode 100644 index 00000000..9e738254 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/apt/apt.conf.d/80proxy @@ -0,0 +1,2 @@ +Acquire::http::Proxy "http://10.0.0.15:8000/"; + diff --git a/hosts/p64b-armhf-rb/etc/apt/listchanges.conf b/hosts/p64b-armhf-rb/etc/apt/listchanges.conf new file mode 100644 index 00000000..8b598c0a --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/apt/listchanges.conf @@ -0,0 +1,6 @@ +[apt] +frontend=mail +email_address=root +confirm=0 +save_seen=/var/lib/apt/listchanges.db +which=both diff --git a/hosts/p64b-armhf-rb/etc/apt/sources.list b/hosts/p64b-armhf-rb/etc/apt/sources.list new file mode 100644 index 00000000..70669281 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/apt/sources.list @@ -0,0 +1,11 @@ +deb http://ftp.us.debian.org/debian/ jessie main contrib non-free +#deb-src http://ftp.us.debian.org/debian/ jessie main contrib non-free + +deb http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free +#deb-src http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free + +deb http://security.debian.org/ jessie/updates main contrib non-free +#deb-src http://security.debian.org/ jessie/updates main contrib non-free + +deb http://ftp.us.debian.org/debian/ jessie-backports main contrib non-free +#deb-src http://ftp.us.debian.org/debian/ jessie-backports main contrib non-free diff --git a/hosts/p64b-armhf-rb/etc/cron.d/dsa b/hosts/p64b-armhf-rb/etc/cron.d/dsa new file mode 100755 index 00000000..9be64c36 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/cron.d/dsa @@ -0,0 +1,10 @@ +# m h dom mon dow (0|7=sun,1=mon) command + +# +# cron-jobs for jenkins.debian.net and nodes +# + +MAILTO=root + +0 1,13 * * * nobody /usr/bin/chronic /usr/local/bin/dsa-check-running-kernel +2 1,13 * * * nobody /usr/bin/chronic /usr/local/bin/dsa-check-packages diff --git a/hosts/p64b-armhf-rb/etc/logrotate.d/jenkins.debian.net-update_jdn b/hosts/p64b-armhf-rb/etc/logrotate.d/jenkins.debian.net-update_jdn new file mode 100644 index 00000000..c1f207a7 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/logrotate.d/jenkins.debian.net-update_jdn @@ -0,0 +1,9 @@ +/var/log/jenkins/update_jdn.log { + daily + copytruncate + missingok + rotate 7 + compress + delaycompress + notifempty +} diff --git a/hosts/p64b-armhf-rb/etc/munin/munin-node.conf b/hosts/p64b-armhf-rb/etc/munin/munin-node.conf new file mode 100644 index 00000000..e42e1972 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/munin/munin-node.conf @@ -0,0 +1,66 @@ +# +# Example config-file for munin-node +# + +log_level 4 +log_file /var/log/munin/munin-node.log +pid_file /var/run/munin/munin-node.pid + +background 1 +setsid 1 + +user root +group root + +# This is the timeout for the whole transaction. +# Units are in sec. Default is 15 min +# +# global_timeout 900 + +# This is the timeout for each plugin. +# Units are in sec. Default is 1 min +# +# timeout 60 + +# Regexps for files to ignore +ignore_file [\#~]$ +ignore_file DEADJOE$ +ignore_file \.bak$ +ignore_file %$ +ignore_file \.dpkg-(tmp|new|old|dist)$ +ignore_file \.rpm(save|new)$ +ignore_file \.pod$ + +# Set this if the client doesn't report the correct hostname when +# telnetting to localhost, port 4949 +# +#host_name localhost.localdomain + +# A list of addresses that are allowed to connect. This must be a +# regular expression, since Net::Server does not understand CIDR-style +# network notation unless the perl module Net::CIDR is installed. You +# may repeat the allow line as many times as you'd like + +allow ^127\.0\.0\.1$ +allow ^::1$ + +# If you have installed the Net::CIDR perl module, you can use one or more +# cidr_allow and cidr_deny address/mask patterns. A connecting client must +# match any cidr_allow, and not match any cidr_deny. Note that a netmask +# *must* be provided, even if it's /32 +# +# Example: +# +# cidr_allow 127.0.0.1/32 +# cidr_allow 192.0.2.0/24 +# cidr_deny 192.0.2.42/32 + +# Which address to bind to; +host * +# host 127.0.0.1 + +# And which port +port 4949 + +allow ^78\.137\.96\.196 +hostname p64b-armhf-rb.debian.net diff --git a/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/df b/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/df new file mode 100644 index 00000000..b3fdadcb --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/df @@ -0,0 +1,6 @@ +[df*] +env.exclude none unknown iso9660 squashfs udf romfs ramfs debugfs devtmpfs sysfs +env.exclude_re /srv/workspace/pbuilder /run /dev/disk/by /var/lib/schroot/mount /srv/workspace/varlibschroot /dev/shm /sys/fs/cgroup +env.warning 92 +env.critical 98 + diff --git a/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/diskstats b/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/diskstats new file mode 100644 index 00000000..2d11f397 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/diskstats @@ -0,0 +1,4 @@ +[diskstats] +env.trim_labels yes +env.include_only /dev/sda + diff --git a/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/munin-node b/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/munin-node new file mode 100644 index 00000000..e766928f --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/munin/plugin-conf.d/munin-node @@ -0,0 +1,117 @@ +# This file is used to configure how the plugins are invoked. +# Place in /etc/munin/plugin-conf.d/ or corresponding directory. +# +# PLEASE NOTE: Changes in the plugin-conf.d directory are only +# read at munin-node startup, so restart at any changes. +# +# user <user> # Set the user to run the plugin as. +# group <group> # Set the group to run the plugin as. +# command <command> # Run <command> instead of the plugin. %c expands to +# what would normally be run. +# env.<variable> <value> # Sets <variable> in the plugin's environment, see the +# individual plugins to find out which variables they +# care about. + + +[amavis] +group adm +env.MUNIN_MKTEMP /bin/mktemp -p /tmp/ $1 +env.amavislog /var/log/mail.info + +[apt] +user root + +[courier_mta_mailqueue] +group daemon + +[courier_mta_mailstats] +group adm + +[courier_mta_mailvolume] +group adm + +[cps*] +user root + +[exim_mailqueue] +group adm, (Debian-exim) + +[exim_mailstats] +group adm, (Debian-exim) +env.logdir /var/log/exim4/ +env.logname mainlog + +[fw_conntrack] +user root + +[fw_forwarded_local] +user root + +[hddtemp_smartctl] +user root + +[hddtemp2] +user root + +[if_*] +user root + +[if_err_*] +user nobody + +[ip_*] +user root + +[ipmi_*] +user root + +[mysql*] +user root +env.mysqlopts --defaults-file=/etc/mysql/debian.cnf +env.mysqluser debian-sys-maint +env.mysqlconnection DBI:mysql:mysql;mysql_read_default_file=/etc/mysql/debian.cnf + +[postfix_mailqueue] +user postfix + +[postfix_mailstats] +group adm + +[postfix_mailvolume] +group adm +env.logfile mail.log + +[smart_*] +user root + +[vlan*] +user root + +[ejabberd*] +user ejabberd +env.statuses available away chat xa +env.days 1 7 30 + +[dhcpd3] +user root +env.leasefile /var/lib/dhcp3/dhcpd.leases +env.configfile /etc/dhcp3/dhcpd.conf + +[jmx_*] +env.ip 127.0.0.1 +env.port 5400 + +[samba] +user root + +[munin_stats] +user munin +group munin + +[postgres_*] +user postgres +env.PGUSER postgres +env.PGPORT 5432 + +[fail2ban] +user root diff --git a/hosts/p64b-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds b/hosts/p64b-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds new file mode 100755 index 00000000..e990c127 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds @@ -0,0 +1,56 @@ +#!/bin/sh +# -*- sh -*- + +: << =cut + +=head1 NAME + +jenkins_reproducible_builds - Plugin to measure number of reproducible builds running + +=head1 AUTHOR + +Contributed by Holger Levsen + +=head1 LICENSE + +GPLv2 + +=head1 MAGIC MARKERS + + #%# family=auto + #%# capabilities=autoconf + +=cut + +. $MUNIN_LIBDIR/plugins/plugin.sh + +if [ "$1" = "autoconf" ]; then + echo yes + exit 0 +fi + +JOB_PREFIXES="first second" +if [ "$1" = "config" ]; then + echo 'graph_title Concurrent reproducible builds running' + echo 'graph_args --base 1000 -l 0 ' + echo 'graph_scale no' + echo 'graph_total total' + echo 'graph_vlabel Concurrent reproducible builds running' + echo 'graph_category jenkins' + draw=AREA + for PREFIX in $JOB_PREFIXES ; do + echo "jenkins_reproducible_${PREFIX}_build.label $PREFIX build" + echo "jenkins_reproducible_${PREFIX}_build.draw $draw" + if [ "$draw" = "AREA" ] ; then draw=STACK ; fi + done + exit 0 +fi + +for PREFIX in $JOB_PREFIXES ; do + if [ "$PREFIX" = "first" ] ; then + NR=$(pgrep -fc "bin/bash /srv/jenkins/bin/reproducible_build.sh 1") + else + NR=$(pgrep -fc "bin/bash /srv/jenkins/bin/reproducible_build.sh 2") + fi + echo "jenkins_reproducible_${PREFIX}_build.value $NR" + done diff --git a/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup b/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup new file mode 100755 index 00000000..334e03a2 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +BUILDDIR="${BUILDDIR:-/tmp/buildd}" + +# exit if we are in the same UTS namespace as init ( != 2nd build ) +[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0 + +# cease using disorderfs +if [ -d /tmp/disorderfs ] ; then + echo -n "Unmounting /tmp/disorderfs…" + fusermount -z -u "$BUILDDIR" + rmdir "$BUILDDIR" + mv /tmp/disorderfs "$BUILDDIR" + echo " done." +fi diff --git a/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup b/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup new file mode 100755 index 00000000..47719ae7 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +BUILDDIR="${BUILDDIR:-/tmp/buildd}" + +echo "debug output: disk usage on $(hostname) at $(date -u)" +df -h +echo + +# exit if we are in the same UTS namespace as init ( != 2nd build ) +[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0 + +# cease using disorderfs +if [ -d /tmp/disorderfs ] ; then + echo -n "Unmounting /tmp/disorderfs…" + fusermount -z -u "$BUILDDIR" + rmdir "$BUILDDIR" + mv /tmp/disorderfs "$BUILDDIR" + echo " done." +fi diff --git a/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment b/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment new file mode 100755 index 00000000..4b4c9ab3 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment @@ -0,0 +1,56 @@ +#!/bin/sh + +set -e + +BUILDDIR="${BUILDDIR:-/tmp/buildd}" + +# exit if we are in the same UTS namespace as init ( != 2nd build ) +[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0 + +# +# doing variations for the 2nd builds: +# +REAL_HOSTNAME=$(hostname) +echo "disorder-fs debug: Running on $REAL_HOSTNAME." + +echo "I: Changing host+domainname to test build reproducibility" >&2 +sed -e '/^127.0.0.1/s/$/ i-capture-the-hostname i-capture-the-hostname.i-capture-the-domain/' -i /etc/hosts +hostname i-capture-the-hostname +domainname i-capture-the-domain +echo "I: Adding a custom variable just for the fun of it..." >&2 +export CAPTURE_ENVIRONMENT="I capture the environment" + +echo "I: Changing /bin/sh to bash" >&2 +echo "dash dash/sh boolean false" | debconf-set-selections +DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash +if [ -n "$BUILDUSERNAME" ] ; then + echo "I: Setting $BUILDUSERNAME's login shell to /bin/bash" >&2 + usermod -s /bin/bash $BUILDUSERNAME + if [ -n "$BUILDUSERGECOS" ] ; then + echo "I: Setting $BUILDUSERNAME's GECOS to $BUILDUSERGECOS" >&2 + usermod -c "$BUILDUSERGECOS" $BUILDUSERNAME + fi +fi + +# disable disorderfs due to #844498 +#exit 0 +# use disorderfs on armhf only for now +if [ "$(dpkg --print-architecture)" != "armhf" ] ; then + exit 0 +elif [ "$REAL_HOSTNAME" != "bpi0" ] ; then + exit 0 +else + echo "disorder-fs debug: bpi0, yay, enabling disorderfs now…" +fi + +# use disorderfs +if [ -x /usr/bin/disorderfs ] ; then + echo -n "Moving $BUILDDIR to /tmp/disorderfs and mounting this as $BUILDDIR via the fuse disorderfs…" + mknod -m 666 /dev/fuse c 10 229 + mv "$BUILDDIR" /tmp/disorderfs + mkdir "$BUILDDIR" + disorderfs --multi-user=yes /tmp/disorderfs "$BUILDDIR" + echo " done." +else + echo "Warning: disorderfs not available." +fi diff --git a/hosts/p64b-armhf-rb/etc/pbuilderrc b/hosts/p64b-armhf-rb/etc/pbuilderrc new file mode 100644 index 00000000..96917baf --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/pbuilderrc @@ -0,0 +1,52 @@ +# this is your configuration file for pbuilder. +# the file in /usr/share/pbuilder/pbuilderrc is the default template. +# /etc/pbuilderrc is the one meant for overwriting defaults in +# the default template +# +# read pbuilderrc.5 document for notes on specific options. +# +# cater for different locations +case $HOSTNAME in + jenkins|jenkins-test-vm|profitbricks-build*) + MIRRORSITE=http://ftp.de.debian.org/debian ;; + bbx15|bpi0|cbxi4*|cb3*|hb0|wbq0|odxu4*|odu3*|wbd0|rpi2*|ff2*|ff4*|opi2*|jtk1*|p64*) + MIRRORSITE=http://ftp.us.debian.org/debian ;; + codethink*) + MIRRORSITE=http://ftp.uk.debian.org/debian ;; + *) + echo "unsupported host, exiting." ; exit 1 ;; +esac +# only use eatmydata on armhf+i386 - on amd64+arm64 we build in tmpfs anyway +case $HOSTNAME in + profitbricks-build*i386) + EATMYDATA=yes ;; + bbx15|bpi0|cbxi4*|cb3*|hb0|wbq0|odxu4*|odu3*|wbd0|rpi2*|ff2*|ff4*|opi2*|jtk1*|p64*) + EATMYDATA=yes ;; + *) ;; +esac +EXTRAPACKAGES="" # better list them in bin/reproducible_setup_pbuilder.sh +APTCACHE="" +COMPRESSPROG="pigz" +BUILDPLACE=/srv/workspace/pbuilder # build in /srv/workspace, which is in tmpfs + +# set PATH to predictable values, see #780729 and #780725 +PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" + +# used for reproducible builds tests, when doing the 2nd build +if [ "$(readlink /proc/1/ns/uts)" != "$(readlink /proc/self/ns/uts)" ]; then + PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" +fi + +# needed to ignore failures due to running 398 days in the future… +# (only on those 4 nodes running in the future…) +if [ "$HOSTNAME" = "profitbricks-build5-amd64" ] || [ "$HOSTNAME" = "profitbricks-build6-i386" ] || \ + [ "$HOSTNAME" = "profitbricks-build15-amd64" ] || [ "$HOSTNAME" = "profitbricks-build16-i386" ] || \ + [ "$HOSTNAME" = "codethink-sled9-arm64" ] || [ "$HOSTNAME" = "codethink-sled11-arm64" ] || \ + [ "$HOSTNAME" = "codethink-sled13-arm64" ] || [ "$HOSTNAME" = "codethink-sled15-arm64" ] ; then + case "$PBUILDER_OPERATION" in + create) + APTGETOPT=(-o Acquire::Check-Valid-Until="false") + ;; + *) ;; + esac +fi diff --git a/hosts/p64b-armhf-rb/etc/postfix/main.cf b/hosts/p64b-armhf-rb/etc/postfix/main.cf new file mode 100644 index 00000000..b1307eab --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/postfix/main.cf @@ -0,0 +1,41 @@ +# See /usr/share/postfix/main.cf.dist for a commented, more complete version + + +# Debian specific: Specifying a file name will cause the first +# line of that file to be used as the name. The Debian default +# is /etc/mailname. +#myorigin = /etc/mailname + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# TLS parameters +smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem +smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +smtpd_use_tls=yes +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache + +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for +# information on enabling SSL in the smtp client. + +myhostname = p64b-armhf-rb.debian.net +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +myorigin = /etc/mailname +mydestination = p64b-armhf-rb.debian.net, localhost +relayhost = mail.holgerlevsen.de +#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mynetworks = 127.0.0.0/8 +mailbox_size_limit = 0 +recipient_delimiter = + +inet_interfaces = all +mailbox_command = /usr/bin/procmail -a "$EXTENSION" diff --git a/hosts/p64b-armhf-rb/etc/rc.local b/hosts/p64b-armhf-rb/etc/rc.local new file mode 100755 index 00000000..23952e35 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/rc.local @@ -0,0 +1,102 @@ +#!/bin/sh -e +# +# rc.local +# +# This script is executed at the end of each multiuser runlevel. +# Make sure that the script will "exit 0" on success or any other +# value on error. + +set -x + +send_back_to_the_future() { + # stop ntp + service ntp stop || true + # disable systemd date services (and don't fail if systemd ain't running) + systemctl disable systemd-timesyncd + systemctl disable systemd-timedated + systemctl stop systemd-timesyncd || true + systemctl stop systemd-timedated || true + # set correct date + ntpdate -b de.pool.ntp.org + # set fake date + date --set="+398 days +6 hours + 23 minutes" + # finally report success + echo "$(date -u) - system is running in the future now" | mail -s "$(hostname -f) in the future" root +} + +put_schroots_on_tmpfs() { + # keep schroot sessions on tmpfs + [ -L /var/lib/schroot ] || echo "$(date -u) - /var/lib/schroot is not a link (to /srv/workspace/varlibschroot/) as it should, please fix manually" + mkdir -p /srv/workspace/varlibschroot + cd /srv/workspace/varlibschroot || exit 1 + mkdir -p mount session union unpack + mkdir -p union/overlay union/underlay +} + +fixup_shm() { + # this is always harmless + chmod 1777 /dev/shm +} + +fixup_mtu() { + # only act on systems which have eth0 + if ip link show eth0 >/dev/null 2>&1 ; then + # if MTU != 1500 set it to 1500 + if [ -z "$(ip link show eth0 | grep 'eth0:' | grep 'mtu 1500 ' || true)" ] ; then + ip link set dev eth0 mtu 1500 + fi + fi +} + +# +# init, notify about reboots +# +MESSAGE="$(hostname -f) rebooted" +echo "$(date -u) - system was rebooted" | mail -s "$MESSAGE" root + +# +# notify jenkins reboots on irc +# +if [ "$(hostname)" = "jenkins" ] ; then + for channel in debian-qa debian-reproducible ; do + kgb-client --conf /srv/jenkins/kgb/$channel.conf --relay-msg "$MESSAGE" + done +fi + +# +# fixup /(dev|run)/shm if needed +# +fixup_shm + +# +# fixup eth0's MTU if needed +fixup_mtu + +# +# put schroots on tmpfs for non debian hosts +# +case $(hostname) in + profitbricks-build3*) put_schroots_on_tmpfs ;; + profitbricks-build4*) put_schroots_on_tmpfs ;; + profitbricks-build7*) put_schroots_on_tmpfs ;; + *) ;; +esac + +# +# run some hosts in the future +# +case $(hostname) in + codethink-sled9*) send_back_to_the_future ;; + codethink-sled11*) send_back_to_the_future ;; + codethink-sled13*) send_back_to_the_future ;; + codethink-sled15*) send_back_to_the_future ;; + profitbricks-build4*) send_back_to_the_future ;; + profitbricks-build5*) send_back_to_the_future ;; + profitbricks-build6*) send_back_to_the_future ;; + profitbricks-build15*) send_back_to_the_future ;; + profitbricks-build16*) send_back_to_the_future ;; + *) ;; +esac + +echo "$(date -u) - system booted up." +exit 0 diff --git a/hosts/p64b-armhf-rb/etc/schroot/default/fstab b/hosts/p64b-armhf-rb/etc/schroot/default/fstab new file mode 100644 index 00000000..74468dd2 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/schroot/default/fstab @@ -0,0 +1,24 @@ +# fstab: static file system information for chroots. +# Note that the mount point will be prefixed by the chroot path +# (CHROOT_PATH) +# +# <file system> <mount point> <type> <options> <dump> <pass> +/proc /proc none rw,bind 0 0 +/sys /sys none rw,bind 0 0 +/dev /dev none rw,bind 0 0 +/dev/pts /dev/pts none rw,bind 0 0 +/home /home none rw,bind 0 0 +/tmp /tmp none rw,bind 0 0 +/srv/reproducible-results /srv/reproducible-results none rw,bind 0 0 +/srv/d-i /srv/d-i none rw,bind 0 0 +/srv/jenkins /srv/jenkins none rw,bind 0 0 +/srv/live-build /srv/live-build none rw,bind 0 0 + +# It may be desirable to have access to /run, especially if you wish +# to run additional services in the chroot. However, note that this +# may potentially cause undesirable behaviour on upgrades, such as +# killing services on the host. +#/run /run none rw,bind 0 0 +#/run/lock /run/lock none rw,bind 0 0 +/dev/shm /dev/shm none rw,bind 0 0 +/run/shm /run/shm none rw,bind 0 0 diff --git a/hosts/p64b-armhf-rb/etc/schroot/default/nssdatabases b/hosts/p64b-armhf-rb/etc/schroot/default/nssdatabases new file mode 100644 index 00000000..72615e5d --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/schroot/default/nssdatabases @@ -0,0 +1,11 @@ +# System databases to copy into the chroot from the host system. +# +# <database name> +passwd +shadow +group +gshadow +#services +protocols +networks +hosts diff --git a/hosts/p64b-armhf-rb/etc/sudoers.d/jenkins b/hosts/p64b-armhf-rb/etc/sudoers.d/jenkins new file mode 100644 index 00000000..96d501ef --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/sudoers.d/jenkins @@ -0,0 +1,51 @@ +jenkins ALL= \ + NOPASSWD: /usr/sbin/debootstrap *, \ + /usr/bin/tee /schroots/*, \ + /usr/bin/tee -a /schroots/*, \ + /usr/bin/tee /etc/schroot/chroot.d/jenkins*, \ + /bin/chmod +x /schroots/*, \ + /usr/sbin/chroot /schroots/*, \ + /usr/sbin/chroot /chroots/*, \ + /usr/sbin/chroot /media/*, \ + /bin/ls -la /media/*, \ + /bin/rm -rf --one-file-system /chroots/*, \ + /bin/rm -rf --one-file-system /schroots/*, \ + /bin/rm -rf --one-file-system /srv/live-build/*, \ + /bin/rm -rf --one-file-system /srv/workspace/pbuilder/*, \ + /bin/cp -v *.iso /srv/live-build/results/*, \ + /bin/mv /chroots/* /schroots/*, \ + /bin/mv /schroots/* /schroots/*, \ + /bin/umount -l /chroots/*, \ + /bin/umount -l /schroots/*, \ + /bin/umount -l /media/*, \ + /bin/rmdir /media/*, \ + /bin/mount -o loop*, \ + /bin/mount --bind *, \ + /usr/bin/du *, \ + /bin/kill *, \ + /usr/bin/file *, \ + /bin/dd if=/dev/zero of=/dev/jenkins*, \ + /usr/bin/qemu-system-x86_64 *, \ + /usr/bin/qemu-img *, \ + /sbin/lvcreate *, /sbin/lvremove *, \ + /bin/mkdir -p /media/*, \ + /usr/bin/guestmount *, \ + /bin/cp -rv /media/*, \ + /bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*,\ + SETENV: NOPASSWD: /usr/sbin/pbuilder *, \ + SETENV: NOPASSWD: /usr/bin/timeout -k ??.?h ??h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder *, \ + SETENV: NOPASSWD: /usr/bin/timeout -k ??.?h ??h /usr/bin/ionice -c 3 /usr/bin/nice /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \ + /bin/mv /var/cache/pbuilder/*base*.tgz /var/cache/pbuilder/*base*.tgz, \ + /bin/rm /var/cache/pbuilder/*base*.tgz, \ + /bin/rm -v /var/cache/pbuilder/*base*.tgz, \ + /bin/rm /var/cache/pbuilder/result/*, \ + /usr/bin/dcmd rm *.changes, \ + /usr/bin/dcmd rm *.dsc, \ + /usr/bin/apt-get update, \ + /usr/bin/killall timeout, \ + /usr/sbin/slay 1111, \ + /usr/sbin/slay 2222, \ + /usr/sbin/slay jenkins + +# keep these environment variables +Defaults env_keep += "http_proxy", env_reset diff --git a/hosts/p64b-armhf-rb/etc/sudoers.d/jenkins-adm b/hosts/p64b-armhf-rb/etc/sudoers.d/jenkins-adm new file mode 100644 index 00000000..3c357be2 --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/sudoers.d/jenkins-adm @@ -0,0 +1,7 @@ +# allow member of the jenkins-adm group to sudo-to the jenkins-adm user (owner +# of jenkins script) and the jenkins user itself +%jenkins-adm ALL=(jenkins:jenkins) NOPASSWD: ALL +%jenkins-adm ALL=(jenkins-adm:jenkins-adm) NOPASSWD: ALL +# allow jenkins-adm to run everything as root +%jenkins-adm ALL= NOPASSWD: ALL + diff --git a/hosts/p64b-armhf-rb/etc/systemd/system/rc-local.service.d/local.conf b/hosts/p64b-armhf-rb/etc/systemd/system/rc-local.service.d/local.conf new file mode 100644 index 00000000..91ed832a --- /dev/null +++ b/hosts/p64b-armhf-rb/etc/systemd/system/rc-local.service.d/local.conf @@ -0,0 +1,4 @@ +[Unit] +After=network-online.target +Wants=network-online.target + |