[rb-general] [FOSDEM16] Reproducible FreeBSD and variants
Holger Levsen
holger at layer-acht.org
Thu Feb 11 16:11:20 CET 2016
Hi Steven,
thanks for this nice summary! I'll only reply to a few specific points.
On Montag, 1. Februar 2016, Steven Chamberlain wrote:
> Also, I think ho1ger said that the r-b.org Jenkins slave for FreeBSD is
> awkward to manage, but I have ideas for that which I'm slowly working
> on...
well… I was half joking there (at least), it's not that bad, all I have to do
is eventually run "freebsd-update upgrade -r 10.2" and track FreeBSD security
updates. What's mostly is cumbersome is that it's something different that
what I usually do.
and, what's also annoying is that "something" removed root's ssh keys again,
so that I will need to hack myself in, again. This happened some months ago
already… it doesnt impact running the tests, but it impacts me doing deploying
system upgrades.
But as it's FreeBSD and only has sshd running exposed, this rarely is needed…
> I've been trying to get started testing Debian GNU/kFreeBSD package
> reproducibility (and I'd like it being mass-rebuilt anyway to find FTBFS
> or other bugs sooner). Just a few weeks ago I got Jenkins working on
> kfreebsd (after porting some dependency) so it can run as a master or
> slave.
cool. what are the specs, roughly?
> I think deployment tools would help, since r-b.org has so many slaves
> now. It may even help with outsourcing the systems administration, if
> that could be done via Git. DSA maintains a Puppet configuration
> already for kfreebsd buildds. We could maybe reuse it someday to deploy
> a kfreebsd slave, or several?
actually, deploying is really easy, even if "update_jdn.sh" and the hosts
directory in git are rather crude hacks, using them is pretty simple and
straightforward.
update_jdn.sh and this hosts directory should be replaced with ansible (or
puppet or chef of foo)… but this solution works and adding a new hosts is
minimal work (5min…) while switching to ansible/puppet/chef/… is definitly
some hours work.
when vagrants provides a new host, the most cumbersome part is comparing the
ssh fingerprint twice… (once here locally and once on jenkins…) :)
(and then there is adding the new host in jenkins as a build slave, which
needs to be done via the jenkins ui…)
and for managing updates and upgrades of the these 22 nodes (7 amd64, 15
armjf) I have a script here (locally) which takes care of both or either
upgrading packages and/or deploying new configs from j.d.n.git (using
update_jdn.s), so thats really fine.
that said, having a group of people doing this system administration would
definitly help to take a little load away from me (also because I expect this
to continue to be needed for some years to come), but not *that* much. and, we
want to be able to do things DSA doesnt like to be done on hosts managed by
them, so at least for the medium feature I dont see us moving to DSA
maintained host. patches for that (="less sudo usage…") welcome ;)
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20160211/4eb4bd30/attachment.sig>
More information about the rb-general
mailing list