[Git][qa/jenkins.debian.net][master] reproducible debian: move the "inner" systemd service to a user unit
Mattia Rizzolo (@mattia)
gitlab at salsa.debian.org
Sat Mar 9 16:34:15 GMT 2024
Mattia Rizzolo pushed to branch master at Debian QA / jenkins.debian.net
Commits:
9e44007a by Mattia Rizzolo at 2024-03-09T17:32:59+01:00
reproducible debian: move the "inner" systemd service to a user unit
this saves us from having to give extra privileges to the script to
start the worker services
Signed-off-by: Mattia Rizzolo <mattia at debian.org>
- - - - -
4 changed files:
- bin/reproducible_build_service.sh
- bin/reproducible_worker.sh
- hosts/jenkins/etc/systemd/system/reproducible_build at .service → jenkins-home/reproducible_build at .service
- update_jdn.sh
Changes:
=====================================
bin/reproducible_build_service.sh
=====================================
@@ -61,10 +61,14 @@ startup_workers() {
#
# actually start the worker
#
+ if [ -z "${XDG_RUNTIME_DIR:-}" ]; then
+ XDG_RUNTIME_DIR="/run/user/$UID"
+ export XDG_RUNTIME_DIR
+ fi
BUILD_BASE=/var/lib/jenkins/userContent/reproducible/debian/build_service/$WORKER_NAME
mkdir -p "$BUILD_BASE"
echo "$(date --utc) - Starting $WORKER_NAME"
- systemctl start "reproducible_build@${WORKER_NAME}.service"
+ systemctl --user start "reproducible_build@${WORKER_NAME}.service"
done
done
}
=====================================
bin/reproducible_worker.sh
=====================================
@@ -172,11 +172,11 @@ main_loop() {
exit 9
fi
# try systemctl twice, but only output and thus log the 2nd attempt…
- RUNNING=$(systemctl show -P SubState "$SERVICE")
+ RUNNING=$(systemctl --user show -P SubState "$SERVICE")
if [ "$RUNNING" != "running" ] ; then
# sometimes systemctl requests time out… handle that gracefully
sleep 23
- RUNNING=$(systemctl show -P SubState "$SERVICE")
+ RUNNING=$(systemctl --user show -P SubState "$SERVICE")
if [ "$RUNNING" != "running" ] ; then
echo "$(date --utc) - '$SERVICE' not running, thus stopping this."
sleep 42.1337m
@@ -228,10 +228,6 @@ main_loop() {
echo " see https://tests.reproducible-builds.org/cgi-bin/nph-logwatch?$WORKER_NAME/$BUILD_ID"
echo "================================================================================================"
echo
- if [ -z "${XDG_RUNTIME_DIR:-}" ]; then
- XDG_RUNTIME_DIR="/run/user/$UID"
- export XDG_RUNTIME_DIR
- fi
RETCODE=0
systemd-run --user --send-sighup --collect --pipe --wait \
--slice=rb.slice -u "rb-build-$WORKER_NAME-$BUILD_ID" \
@@ -262,6 +258,11 @@ fi
# main
#
+if [ -z "${XDG_RUNTIME_DIR:-}" ]; then
+ XDG_RUNTIME_DIR="/run/user/$UID"
+ export XDG_RUNTIME_DIR
+fi
+
# script invoked without specifying the nodes
choose_nodes "$WORKER_NAME"
SERVICE="reproducible_build@${WORKER_NAME}.service"
=====================================
hosts/jenkins/etc/systemd/system/reproducible_build at .service → jenkins-home/reproducible_build at .service
=====================================
@@ -7,8 +7,6 @@ ConditionPathExists=!/var/lib/jenkins/NO-RB-BUILDERS-PLEASE
Restart=always
# special code from _build_service for when the service should not exist, to properly quit
RestartPreventExitStatus=8 9 10
-User=jenkins
-Group=jenkins
ExecStart=/srv/jenkins/bin/reproducible_worker.sh %I
StandardOutput=append:/var/lib/jenkins/userContent/reproducible/debian/build_service/%I/worker.log
StandardError=inherit
@@ -18,6 +16,3 @@ SendSIGHUP=yes
# Note that diffoscope runs within this service.
OOMPolicy=kill
OOMScoreAdjust=100
-
-[Install]
-WantedBy=multi-user.target
=====================================
update_jdn.sh
=====================================
@@ -806,6 +806,8 @@ if [ "$HOSTNAME" = "jenkins" ] ; then
sudo -u jenkins install -m 600 jenkins-home/authorized_keys /var/lib/jenkins/.ssh/authorized_keys
sudo -u jenkins cp jenkins-home/procmailrc /var/lib/jenkins/.procmailrc
sudo -u jenkins cp jenkins-home/offline_nodes /var/lib/jenkins/offline_nodes
+ sudo -u jenkins mkdir /var/lib/jenkins/.config/systemd/user
+ sudo -u jenkins cp jenkins-home/reproducible_build at .service /var/lib/jenkins/.config/systemd/user/
else
sudo cp jenkins-nodes-home/authorized_keys /var/lib/jenkins/.ssh/authorized_keys
fi
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/9e44007a61471b61f80087cbb93c7d0efd337f90
--
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/9e44007a61471b61f80087cbb93c7d0efd337f90
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20240309/d14a2bd8/attachment-0001.htm>
More information about the Qa-jenkins-scm
mailing list