[rb-general] [FOSDEM16] Reproducible FreeBSD and variants

Holger Levsen holger at layer-acht.org
Thu Feb 11 16:11:20 CET 2016


Hi Steven,

thanks for this nice summary! I'll only reply to a few specific points.

On Montag, 1. Februar 2016, Steven Chamberlain wrote:
> Also, I think ho1ger said that the r-b.org Jenkins slave for FreeBSD is
> awkward to manage, but I have ideas for that which I'm slowly working
> on...

well… I was half joking there (at least), it's not that bad, all I have to do 
is eventually run "freebsd-update upgrade -r 10.2" and track FreeBSD security 
updates. What's mostly is cumbersome is that it's something different that 
what I usually do.

and, what's also annoying is that "something" removed root's ssh keys again, 
so that I will need to hack myself in, again. This happened some months ago 
already… it doesnt impact running the tests, but it impacts me doing deploying 
system upgrades.

But as it's FreeBSD and only has sshd running exposed, this rarely is needed…
 
> I've been trying to get started testing Debian GNU/kFreeBSD package
> reproducibility (and I'd like it being mass-rebuilt anyway to find FTBFS
> or other bugs sooner).  Just a few weeks ago I got Jenkins working on
> kfreebsd (after porting some dependency) so it can run as a master or
> slave.

cool. what are the specs, roughly?
 
> I think deployment tools would help, since r-b.org has so many slaves
> now.  It may even help with outsourcing the systems administration, if
> that could be done via Git.  DSA maintains a Puppet configuration
> already for kfreebsd buildds.  We could maybe reuse it someday to deploy
> a kfreebsd slave, or several?

actually, deploying is really easy, even if "update_jdn.sh" and the hosts 
directory in git are rather crude hacks, using them is pretty simple and 
straightforward.

update_jdn.sh and this hosts directory should be replaced with ansible (or 
puppet or chef of foo)… but this solution works and adding a new hosts is 
minimal work (5min…) while switching to ansible/puppet/chef/… is definitly 
some hours work.

when vagrants provides a new host, the most cumbersome part is comparing the 
ssh fingerprint twice… (once here locally and once on jenkins…) :)

(and then there is adding the new host in jenkins as a build slave, which 
needs to be done via the jenkins ui…)

and for managing updates and upgrades of the these 22 nodes (7 amd64, 15 
armjf) I have a script here (locally) which takes care of both or either 
upgrading packages and/or deploying new configs from j.d.n.git (using 
update_jdn.s), so thats really fine.

that said, having a group of people doing this system administration would 
definitly help to take a little load away from me (also because I expect this 
to continue to be needed for some years to come), but not *that* much. and, we 
want to be able to do things DSA doesnt like to be done on hosts managed by 
them, so at least for the medium feature I dont see us moving to DSA 
maintained host. patches for that (="less sudo usage…") welcome ;) 


cheers,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20160211/4eb4bd30/attachment.sig>


More information about the rb-general mailing list