From 66238afaaf715018dc8f628d9456dc6429121f95 Mon Sep 17 00:00:00 2001 From: Holger Levsen Date: Mon, 10 Aug 2015 12:20:21 +0200 Subject: add design for reproducible remote building, review+feedback most welcome --- TODO | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/TODO b/TODO index 7d2fcf78..65771a6b 100644 --- a/TODO +++ b/TODO @@ -207,7 +207,7 @@ properties: ** variation of $TERM and $COLUMN (and maybe $LINES), unset in the first run, set to "linux" and "77" (and maybe "42") in the 2nd run. maybe vary $SHELL too. *** actually TERM is set to "linux" by default already, COLUMN is unset -* remote building on amd64 +* status of remote build nodes for amd64 ** profitbricks-build1-amd64 is setup *** squid needs proper configuration *** tmpfs needs to be set up @@ -228,6 +228,57 @@ properties: that would be wonderful. ---- +==== design for reproducible remote building + +* open questions: +** save build-host in build_duration table too? (and change to saving the time of a single build, not both combined) + +* reproducible_build.sh behaviour change: +** called without param: behave as always +** called with a single param, "1" or "2": do first or second build (as specified below) +** called with two params: $node1 and $node2 where the build should happen. + +* reproducible_build.sh (with two params) will be still always be run on the main node, that is the one holding reproducible.db, so jenkins.d.n atm +* job definitions: +** reproducible_build_amd64_1 runs "reproducible_build.sh profitbricks-build1-amd64 profitbricks-build2-amd64" # 8 core machines with 32gb ram +** reproducible_build_amd64_2 runs "reproducible_build.sh profitbricks-build1-amd64 profitbricks-build2-amd64" +** reproducible_build_amd64_3 runs "reproducible_build.sh profitbricks-build1-amd64 profitbricks-build2-amd64" +** reproducible_build_amd64_4 runs "reproducible_build.sh profitbricks-build1-amd64 profitbricks-build2-amd64" +** reproducible_build_amd64_5 runs "reproducible_build.sh profitbricks-build1-amd64 profitbricks-build2-amd64" +** reproducible_build_amd64_6 runs "reproducible_build.sh profitbricks-build2-amd64 profitbricks-build1-amd64" +** reproducible_build_amd64_7 runs "reproducible_build.sh profitbricks-build2-amd64 profitbricks-build1-amd64" +** reproducible_build_amd64_8 runs "reproducible_build.sh profitbricks-build2-amd64 profitbricks-build1-amd64" +** reproducible_build_amd64_9 runs "reproducible_build.sh profitbricks-build2-amd64 profitbricks-build1-amd64" +** reproducible_build_amd64_10 runs "reproducible_build.sh profitbricks-build2-amd64 profitbricks-build1-amd64" +** reproducible_build_armhf_1 runs "reproducible_build.sh wbq0-armhf-rb bpi0-armhf-rb" # wbq0 and cbxi4pro0 are the quad cores +** reproducible_build_armhf_2 runs "reproducible_build.sh wbq0-armhf-rb cbxi4pro0-armhf-rb" # with 2gb ram and and the other two +** reproducible_build_armhf_3 runs "reproducible_build.sh cbxi4pro0-armhf-rb hb0-armhf-rb.debian.net" # have dual cores with 1gb ram +** reproducible_build_armhf_4 runs "reproducible_build.sh cbxi4pro0-armhf-rb wbq0-armhf-rb" + +* then we have a new script, reproducible_info.sh which just outputs key-value pairs, like "ARCH=armhf", DATETIME="Mo 10. Aug 11:56:22 CEST 2015" and "TZ=UTC" and whatever. +** this script is run on all nodes, but each run is triggered by a single job running on the main node (jenkins atm), so the results can be captured in /srv/reproducible-results/node-information/$NODE and then eg be used by reproducible_html_dashboard.sh to create the table with the differences between 1st and 2nd build... +** /srv/reproducible-results/node-information/$NODE could also be read by reproducible_build.sh to determine the dpkg-architecture a node is captable of building, but I think we also want that info to be encoded in the build job names, so probably there's no need to read it... + +* how to build remotely, some terms and remarks: +** main node = the one running reproducible_build.sh with two params, so jenkins.d.n atm +** node = generic term for node1 or node2 +** please note the difference between /srv/workspace/reproducible-builds and /srv/workspace/reproducible-results and /srv/workspace/reproducible-builds/$NODE and /srv/workspace/reproducible-builds/pending and whether these are on a node or on the main node. + + +1. reproducible_build.sh on main node determines what to build, +2. downloads the sources, and put's the sha256sum of the .dsc file into /srv/workspace/reproducible-builds/$NODE/$SUITE/$ARCH/$PKG/$VERSION on the main node +3. throws the source files away +4. scp's /srv/workspace/reproducible-builds/$NODE/$SUITE/$ARCH/$PKG/$VERSION on the node where this should be build 1st +5. runs "ssh $NODE1 /srv/jenkins/bin/reproducible_build.sh 1" +6. this causes a 1st build, which downloads the sources as specified in /srv/workspace/reproducible-builds/$NODE/$SUITE/$ARCH/$PKG/$VERSION and compares the sha256sum and builds it and copies the result to /srv/workspace/reproducible-results/$NODE/$SUITE/$ARCH/$PKG/$VERSION and exits. +7. reproducible_build.sh on the main node then tries to scp the result from $NODE:/srv/workspace/reproducible-results/$NODE... +8. reproducible_build.sh on the main node then triggers the 2nd build as the 1st. +9. voila + +* more open questions: +** i believe "reproducible_build.sh 1" should immediatly move /srv/workspace/reproducible-builds/$NODE/$SUITE/$ARCH/$PKG/$VERSION to /srv/workspace/reproducible-builds/pending/$SUITE/$ARCH/$PKG/$VERSION (on the node) so it's only build once and so that we can detect stale builds +** maintenance is general, cleanup of started but interrupted builds... + ==== reproducible Debian armhf * then: include armhf in index_scheduled -- cgit v1.2.3-70-g09d2