diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index e66e0d6b2..b4fd6bb2f 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -59,27 +59,28 @@ let ###### The actual build # couple of fast steps: f = util.BuildFactory() + # some slow steps + s = util.BuildFactory() ## fetch repo grab_repo = steps.Git(repourl=stockholm_repo, mode='incremental') f.addStep(grab_repo) + s.addStep(grab_repo) # the dependencies which are used by the test script - deps = [ "gnumake", "jq" ] - nixshell = ["nix-shell", "-p" ] + deps + [ "--run" ] + deps = [ "gnumake", "jq", "(import {}).pkgs.krebs-ci" ] + nixshell = ["nix-shell", "-I", "stockholm=.", "-p" ] + deps + [ "--run" ] + def addShell(f,**kwargs): f.addStep(steps.ShellCommand(**kwargs)) - addShell(f,name="centos7-eval",env={"LOGNAME": "shared", - "get" : "krebs.deploy", - "filter" : "json" - }, - command=nixshell + ["make -s eval system=test-centos7"]) + addShell(f,name="centos7-eval",env={"LOGNAME": "shared"}, + command=nixshell + ["make -s eval get=krebs.deploy filter=json system=test-centos7"]) - addShell(f,name="wolf-eval",env={"LOGNAME": "shared", - "get" : "krebs.deploy", - "filter" : "json" - }, - command=nixshell + ["make -s eval system=wolf"]) + addShell(f,name="wolf-eval",env={"LOGNAME": "shared"}, + command=nixshell + ["make -s eval get=krebs.deploy filter=json system=wolf"]) + + addShell(f,name="eval-cross-check",env={"LOGNAME": "shared"}, + command=nixshell + ["! make eval get=krebs.deploy filter=json system=test-failing"]) c['builders'] = [] c['builders'].append( @@ -87,11 +88,20 @@ let slavenames=slavenames, factory=f)) - # TODO slow build + # slave needs 2 files: + # * cac.json + # * retiolum + for file in ["cac.json", "retiolum.rsa_key.priv"]: + s.addStep(steps.FileDownload(mastersrc="${cfg.workDir}/{}".format(file), + slavedest=file)) + + addShell(s,name="complete-build-centos7",env={"LOGNAME": "shared"}, + command=nixshell + ["krebs-ci"]) + c['builders'].append( util.BuilderConfig(name="full-tests", slavenames=slavenames, - factory=f)) + factory=s)) ####### Status of Builds c['status'] = [] @@ -106,7 +116,7 @@ let forceBuild = 'auth', forceAllBuilds = 'auth', pingBuilder = False, - stopBuild = False, + stopBuild = 'auth', stopAllBuilds = False, cancelPendingBuild = False, ) @@ -119,8 +129,8 @@ let # TODO: multiple channels channels=["${cfg.irc.channel}"], notify_events={ - #'success': 1, - #'failure': 1, + 'success': 1, + 'failure': 1, 'exception': 1, 'successToFailure': 1, 'failureToSuccess': 1, @@ -219,8 +229,12 @@ let after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.git ]; + environment = { + SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + }; serviceConfig = let workdir="${lib.shell.escape cfg.workDir}"; + secretsdir="${lib.shell.escape (toString )}"; # TODO: check if git is the only dep in { PermissionsStartOnly = true; @@ -236,6 +250,10 @@ let fi # always override the master.cfg cp ${buildbot-master-config} ${workdir}/master.cfg + # copy secrets + cp ${secretsdir}/cac.json ${workdir} + cp ${secretsdir}/retiolum-ci.rsa_key.priv \ + ${workdir}/retiolum.rsa_key.priv # sanity ${buildbot}/bin/buildbot checkconfig ${workdir} diff --git a/krebs/3modules/buildbot/slave.nix b/krebs/3modules/buildbot/slave.nix index 65291f63e..8711a287a 100644 --- a/krebs/3modules/buildbot/slave.nix +++ b/krebs/3modules/buildbot/slave.nix @@ -144,6 +144,7 @@ let path = default-packages ++ cfg.packages; environment = { + SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; NIX_REMOTE="daemon"; } // cfg.extraEnviron; diff --git a/krebs/5pkgs/krebs-ci/notes b/krebs/5pkgs/krebs-ci/notes index f6f3da8db..f162656f7 100755 --- a/krebs/5pkgs/krebs-ci/notes +++ b/krebs/5pkgs/krebs-ci/notes @@ -19,10 +19,10 @@ fi krebs_secrets=$(mktemp -d) sec_file=$krebs_secrets/cac_config krebs_ssh=$krebs_secrets/tempssh -cac_resources_cache=$krebs_secrets/res_cache.json -cac_servers_cache=$krebs_secrets/servers_cache.json -cac_tasks_cache=$krebs_secrets/tasks_cache.json -cac_templates_cache=$krebs_secrets/templates_cache.json +export cac_resources_cache=$krebs_secrets/res_cache.json +export cac_servers_cache=$krebs_secrets/servers_cache.json +export cac_tasks_cache=$krebs_secrets/tasks_cache.json +export cac_templates_cache=$krebs_secrets/templates_cache.json # we need to receive this key from buildmaster to speed up tinc bootstrap TRAP="rm -r $krebs_secrets;exit" trap "$TRAP" INT TERM EXIT