From 815c6a65f40082fe4baeb7a44a3b2c99959fc3c8 Mon Sep 17 00:00:00 2001 From: Vincent Sanders Date: Mon, 29 May 2017 00:09:29 +0100 Subject: update CI install instructions for stretch --- continuous_integration/debian_stretch_setup.mdwn | 419 +++++++++++++++++++++++ 1 file changed, 419 insertions(+) create mode 100644 continuous_integration/debian_stretch_setup.mdwn (limited to 'continuous_integration') diff --git a/continuous_integration/debian_stretch_setup.mdwn b/continuous_integration/debian_stretch_setup.mdwn new file mode 100644 index 0000000..12a91cf --- /dev/null +++ b/continuous_integration/debian_stretch_setup.mdwn @@ -0,0 +1,419 @@ +[[!meta title="Continuous Integration Debian Stretch Setup"]] +[[!meta author="Kyllikki"]] +[[!meta date="2017-05-28T12:46:14Z"]] + + +[[!toc]] + +Debian 9 (Stretch) OS install +------------------------------ + +### amd64 VDS install from media + +[[Virtual server setup|virtual_host_server]] + +Install minimal system from netinst CD (attached when VDS is created on +phoenix) Config options: + +- In the "role" selection select "ssh server" and "system utilities" only. +- The whole disc default partitioning is fine +- The base user the install insists on creating should be the netsurf user. +- Boot loader in MBR + +Once installed: + +- install sudo package and add netsurf user to sudo group +- edit /etc/default/grub + +`GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"` + +`# update-grub2` + +### arm64 VDS install + +[[ARM64 virtual server setup|virtual_host_server_arm64]] + +Once installed: + +- create netsurf user +- install sudo package and add netsurf user to sudo group +- edit /etc/inittab comment pty 3 through 6 and uncomment serial T0 +- enable backports + +`echo "deb `[`http://http.debian.net/debian`](http://http.debian.net/debian)` stretch-backports main" > /etc/apt/sources.list.d/backports.list` +`apt-get update` + +- install updated kernel + +`apt-get install linux-image-4.3.0-0.bpo.1-arm64` + +### Banana Pi + +This system is a dual core ARMv7 allwinner using the armhf ABI + +Used the install SD media from +[[http://www.igorpecovnik.com/2014/09/07/banana-pi-debian-sd-image/ Igor Pecovnik|http///www.igorpecovnik.com/2014/09/07/banana-pi-debian-sd-image/_igor_pecovnik]] + +- unzip and write raw file to full size SD card. + +Once installed: + +- first login as root:1234 which will need to be immediately changed +- use the nand-sata-install script and moved the install to sata disc. + The drive needs to be a clean drive with a recognised partition + table (DOS or GPT) and a single partition where the OS will be + installed. +- edit /etc/init.d/armhwinfo to remove the toilet dynamic MOTD banner +- (re)move /etc/bash.bashrc.custom as it issues a lot of unnecessary + commands +- adduser netsurf +- change /etc/apt/sources.list to point at a local mirror +- apt-get update +- apt-get upgrade +- install sudo package and add netsurf user to sudo group + +### Raspberry Pi 2 + +This system is a quad core ARMv7 Broadcom using the armhf ABI + +Used install media from [[http://sjoerd.luon.net/posts/2015/02/debian-stretch-on-rpi2/ Sjored|http///sjoerd.luon.net/posts/2015/02/debian-stretch-on-rpi2/_sjored]] + +- unpack onto micro SD card with bmap-tools + +`On any debian-based linux type "sudo apt-get install bmap-tools" and install it.` +`Then type "sudo bmaptool copy --nobmap 'yourlocation/stretch-rpi2.img' /dev/sdx" (Change yourlocation to the location of the .img file and sdx for the letter where the SD is mounted, if you don't know it type "sudo fdisk -l" and look for it).` + +Once installed: + +- first login as root:debian which will need to be immediately changed +- Prevent package FLASH-KERNEL UPDATING FROM OFFICIAL REPO WITH APT + PINNING + +`'touch /etc/apt/preferences.d/flash-kernel' create a new file` +`'vi /etc/apt/preferences.d/flash-kernel' edit it an add the following lines to it:` +`Package: flash-kernel` +`Pin: origin repositories.collabora.co.uk` +`Pin-Priority: 1000` +`'apt-cache policy flash-kernel' check if the package is pinned` + +- change /etc/apt/sources.list to point at a local mirror +- apt-get update +- apt-get upgrade +- adduser netsurf +- install sudo package and add netsurf user to sudo group + +### Orange Pi PC + +This system is a quad core ARMv7 allwinner H3 using the armhf ABI + +Used "mini" install media from +[[http://www.orangepi.org/orangepibbsen/forum.php?mod=viewthread&tid=342 loboris|http///www.orangepi.org/orangepibbsen/forum.php?mod=viewthread&tid=342_loboris]] + +- unpack image and write to micro SD card and configure as per loboris + instructions, careful installation steps are not immediately obvious + +Once installed: + +- first login as orangepi:orangepi which will need to be immediately + changed + +`* superuser available via sudo -i` + +- change /etc/apt/sources.list to point at a local mirror +- apt-get update +- apt-get upgrade +- alter orangepi user to netsurf by editing + +`/etc/group (dont forget to replace orangepi on the sudo group)` +`/etc/passwd` +`/etc/shadow` +`mv /home/orangepi /home/netsurf` + +Packaged CI worker install +-------------------------- + +Do a base OS install + +The recommended hostname for CI workers is "nsciworker17" this allows us +to clearly identify CI worker nodes. Note historically we have used +"cislave1" which has been objected to by several users. See +[[changing hostname|https://wiki.debian.org/howto/changehostname_changing_hostname]] on how to achive this. + +On master jenkins use "manage nodes" to create new node. Ensure "remote +fs root" is set to /var/lib/jenkins add variable JENKINS\_HOME set to +/var/lib/jenkins + +Note: replace arm64 with architecture name as required (armhf etc.) + +As superuser: + +- create jenkins user + +`adduser --system --group --home /var/lib/jenkins/ --disabled-login jenkins` + +- Add CI server repo to slave apt sources + +`echo "deb `[`http://ci.netsurf-browser.org/debian/`](http://ci.netsurf-browser.org/debian/)` stretch/amd64/" >> /etc/apt/sources.list.d/netsurf-browser.list` + +- update repos + +`apt-get update` + +- install ns-ci-worker package. accept the large package list and the + unsigned package install for gcovr and ns-ci-slave + +`apt-get install ns-ci-worker` + +- edit /etc/default/ns-ci-worker to set the correct url and secret parameters +- ensure /opt is setup correctly to allow toolchains to be built on the node + +`mkdir -p /opt/netsurf` +`chown jenkins:jenkins /opt/netsurf` + +- become jenkins user + +`su -s/bin/bash - jenkins` + +- create ssh keypair (accept defaults - no password) + +`ssh-keygen -t rsa -C "netsurf@nsciworker17.netsurf-browser.org"` + +- copy .ssh/id\_rsa.pub from worker to jenkins master node and append + to /home/netsurf/.ssh/authorized\_keys + +`scp /home/jenkins/.ssh/id_rsa.pub netsurf@ci.netsurf-browser.org:nsciworker17_id_rsa.pub` + +- exit jenkins user shell +- start CI worker daemon + +`/etc/init.d/ns-ci-worker start` + + +Pbuilder setup +-------------- + +This allows a worker to build Debian packages. The worker should be +installed as a normal CI worker node and then: + +as superuser on node: + +- apt-get install pbuilder +- addgroup pbuilder +- addgroup jenkins pbuilder +- create /etc/sudoers.d/pbuilder + +`jenkins         ALL = NOPASSWD:/usr/sbin/pbuilder` + +- visudo and alter Defaults + +`Defaults        env_reset,env_keep="DIST ARCH"` + +- replace /etc/pbuilderrc + +`# this is your configuration file for pbuilder.` +`# the file in /usr/share/pbuilder/pbuilderrc is the default template.` +`# /etc/pbuilderrc is the one meant for overwriting defaults in` +`# the default template` +`#` +`# read pbuilderrc.5 document for notes on specific options.` +`# List of Debian suites.` +`DEBIAN_SUITES=("sid", "stretch", "stretch", "wheezy", "squeeze")` +`` +`# List of Ubuntu suites.` +`UBUNTU_SUITES=("vivid" "utopic" "trusty" "saucy" "raring" "quantal" "precise" "oneiric" "natty" "lucid" "hardy")` +`` +`# Mirrors to use. Update these to your preferred mirror.` +`DEBIAN_MIRROR="ftp.uk.debian.org"` +`UBUNTU_MIRROR="mirrors.kernel.org"` +`` +`# set a default distribution if none is used.` +`: ${DIST:="$(lsb_release --short --codename)"}` +`` +`# set the architecture to the host architecture if none set.` +`: ${ARCH:="$(dpkg --print-architecture)"}` +`` +`NAME="$DIST"` +`if [ -n "${ARCH}" ]; then` +`    NAME="$NAME-$ARCH"` +`    DEBOOTSTRAPOPTS=("--arch" "$ARCH" "${DEBOOTSTRAPOPTS[@]}")` +`fi` +`BASETGZ="/var/cache/pbuilder/$NAME-base.tgz"` +`DISTRIBUTION="$DIST"` +`BUILDRESULT="/var/cache/pbuilder/$NAME/result/"` +`APTCACHE="/var/cache/pbuilder/$NAME/aptcache/"` +`BUILDPLACE="/var/cache/pbuilder/build/"` +`` +`if $(echo ${DEBIAN_SUITES[@]} | grep -q $DIST); then` +`    # Debian configuration` +`    MIRRORSITE="http://$DEBIAN_MIRROR/debian/"` +`    COMPONENTS="main contrib non-free"` +`    if $(echo "$STABLE_CODENAME stable" | grep -q $DIST); then` +`        OTHERMIRROR="$OTHERMIRROR | deb $MIRRORSITE $STABLE_BACKPORTS_SUITE $COMPONENTS"` +`    fi` +`elif $(echo ${UBUNTU_SUITES[@]} | grep -q $DIST); then` +`    # Ubuntu configuration` +`    MIRRORSITE="http://$UBUNTU_MIRROR/ubuntu/"` +`    COMPONENTS="main restricted universe multiverse"` +`else` +`    echo "Unknown distribution: $DIST"` +`    exit 1` +`fi` + +The architecture is assumed to be the native one from + +`dpkg --print-architecture` + +This can be set by passing ARCH to pbuilder (useful for i386 maybe?) + +for each distribution this node will build for: + +- create pbuilder result directory and set ownership permissions + +`mkdir -p /var/cache/pbuilder/stretch-armhf/result` +`chown root:pbuilder /var/cache/pbuilder/stretch-armhf/result` +`chmod g+w /var/cache/pbuilder/stretch-armhf/result` + +- become jenkins user + +`su -s/bin/bash - jenkins` + +- create pbuilder base for distribution + +`sudo DIST=stretch pbuilder create` + +- if desired additional packages and config can be made to the base + with + +`sudo DIST=stretch pbuilder login --save-after-login` + +distcc worker node +------------------ + +Do a basic OS install but \*not\* a CI worker setup. + +A recommended hostname for distcc worker is something like "cicpu0" this +allows us to use systems as processing node for other purposes than just +distcc in future. See debians +[[https://wiki.debian.org/HowTo/ChangeHostname changing hostname|https///wiki.debian.org/howto/changehostname_changing_hostname]] on how to achive this. + +The Netsurf repository has necessary updated packages in it and can be +accessed by doing the following: + +- Add CI server repo to worker apt sources + +`echo "deb `[`http://ci.netsurf-browser.org/builds/debian/`](http://ci.netsurf-browser.org/builds/debian/)` stretch/amd64/" >> /etc/apt/sources.list` + +- update repos + +`apt-get update` + +- use apt to install these packages: + +`build-essential` +`gcc` +`clang` +`distcc` + +- edit /etc/default/distcc + +`STARTDISTCC="true"` +`ALLOWEDNETS="192.168.211.0/24"` +`LISTEN="0.0.0.0"` +`JOBS="8"` + +- start the service + +`service distcc start` + +- ensure the client has hosts set to use the new worker + +Manual CI worker install +------------------------ + +Caution these instructions may not be up to date. + +### required packages + +The Netsurf repository has necessary updated packages in it and can be +accessed by doing the following: + +- Add CI server repo to slave apt sources + +`echo "deb `[`http://ci.netsurf-browser.org/builds/debian/`](http://ci.netsurf-browser.org/builds/debian/)` stretch/amd64/" >> /etc/apt/sources.list` + +- update repos + +`apt-get update` + +use apt to install these packages: + +`openjdk-7-jre-headless ` +`screen ` +`build-essential` +`ccache` +`clang` +`git` +`pkg-config` +`check` +`doxygen` +`libjson0-dev (from our repo - needs bugfixes `[`http://ci.netsurf-browser.org/builds/debian/`](http://ci.netsurf-browser.org/builds/debian/)`)` +`libexpat1-dev` +`libxml-perl` +`libxml-xpath-perl` +`lcov` +`gcovr (from our repo)` +`gperf` +`flex` +`bison` +`libpng-dev` +`libjpeg-dev` +`libmozjs185-dev` +`libglib2.0-dev` +`libcurl4-openssl-dev` +`liblcms1-dev` +`libxml2-dev` +`librsvg2-dev` +`libmng-dev` +`libgtk2.0-dev` +`libmozjs-dev` + +### config + +- on master jenkins use "manage nodes" to create new node. Ensure + "remote fs root" is set to /home/netsurf/jenkins +- create netsurf user +- as netsurf user: + - wget + - run screen + - create jenkins-slave.sh + +`#!/bin/bash` + +`java -Djava.awt.headless=true -jar slave.jar -jnlpUrl `[`http://ci.netsurf-browser.org/jenkins/computer/chimera/slave-agent.jnlp`](http://ci.netsurf-browser.org/jenkins/computer/chimera/slave-agent.jnlp)` -secret 0123456789abcdef01234567890abcdef` + +- - run jenkins-slave.sh + - create new screen tab + - create ssh keypair (accept defaults - no password) + +`ssh-keygen -t rsa -C "netsurf@cislave0.netsurf-browser.org"` + +- - copy .ssh/id\_rsa.pub from slave to jenkins master node and + append to /home/netsurf/.ssh/authorized\_keys + +`scp ci.netsurf-browser.org:.ssh/id_rsa.pub .id_rsa.pub` +`cat id_rsa.pub >> .ssh/authorized_keys` + +- - copy .ssh/id\_rsa.pub from master node to slave and append to + /home/netsurf/.ssh/authorized\_keys + - create reverse-ssh.sh (change tunnel port number!) + +`#!/bin/sh` + +`ssh -R 22224:localhost:22 netsurf@ci.netsurf-browser.org 'bash -c "while true; do echo .; sleep 60; done"'` + +- - run reverse-ssh.sh + - on the master create a shell script to use the ssh tunnel + connection, thus firewalls etc are moot as long as the slave can + connect to the master + +`ssh netsurf@localhost -p 22223` -- cgit v1.2.3