[Git][qa/jenkins.debian.net][master] i386.r.d.n: prepare to move to osuosl5
Holger Levsen (@holger)
gitlab at salsa.debian.org
Mon Jan 20 18:21:36 GMT 2025
Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net
Commits:
c547e8fb by Holger Levsen at 2025-01-20T19:03:27+01:00
i386.r.d.n: prepare to move to osuosl5
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
14 changed files:
- − hosts/infom07-i386/etc/cron.d/rebuilderd
- − hosts/infom07-i386/etc/dehydrated/conf.d/local_local.sh
- − hosts/infom07-i386/etc/dehydrated/domains.txt
- − hosts/infom07-i386/etc/dehydrated/hooks.sh
- − hosts/infom07-i386/etc/nginx/nginx.conf
- hosts/osuosl5-amd64/etc/cron.d/rebuilderd
- hosts/osuosl5-amd64/etc/dehydrated/domains.txt
- hosts/osuosl5-amd64/etc/nginx/nginx.conf
- + hosts/osuosl5-amd64/opt/etc/rebuilderd-i386.conf
- hosts/infom07-i386/opt/etc/rebuilderd-sync.conf → hosts/osuosl5-amd64/opt/etc/rebuilderd-sync.i386.conf
- hosts/infom07-i386/opt/etc/rebuilderd.conf → hosts/osuosl5-amd64/opt/etc/rebuilderd.conf
- hosts/osuosl5-amd64/var/www/html/index.html → hosts/osuosl5-amd64/var/www/html/index_amd64.html
- hosts/infom07-i386/var/www/html/index.html → hosts/osuosl5-amd64/var/www/html/index_i386.html
- update_jdn.sh
Changes:
=====================================
hosts/infom07-i386/etc/cron.d/rebuilderd deleted
=====================================
@@ -1,3 +0,0 @@
-MAILTO=root
-42 */3 * * * rebuilderd mkdir -p /srv/rebuilderd/stats/ && /srv/jenkins/bin/rebuilderd_stats.py i386 /srv/rebuilderd/rebuilderd.db > /srv/rebuilderd/stats/index.html.tmp && mv /srv/rebuilderd/stats/index.html.tmp /srv/rebuilderd/stats/index.html
-23 0,6,12,18 * * * rebuilderd /srv/jenkins/bin/rebuilderd_graph.sh i386
=====================================
hosts/infom07-i386/etc/dehydrated/conf.d/local_local.sh deleted
=====================================
@@ -1,13 +0,0 @@
-# shellcheck shell=sh disable=SC2034
-
-CA="https://acme-v02.api.letsencrypt.org/directory"
-#CA="https://acme-staging-v02.api.letsencrypt.org/directory"
-
-RENEW_DAYS="30"
-KEYSIZE="4096"
-PRIVATE_KEY_RENEW="no"
-
-CHALLENGETYPE="http-01"
-HOOK="/etc/dehydrated/hooks.sh"
-
-CONTACT_EMAIL="contact at reproducible-builds.org"
=====================================
hosts/infom07-i386/etc/dehydrated/domains.txt deleted
=====================================
@@ -1 +0,0 @@
-i386.reproduce.debian.net
=====================================
hosts/infom07-i386/etc/dehydrated/hooks.sh deleted
=====================================
@@ -1,38 +0,0 @@
-#!/bin/bash
-
-set -eu
-
-OP=$1
-
-_log () {
- echo " + ($OP) $*"
-}
-
-reload_apache () {
- _log "Reloading apache..."
- sudo apache2ctl graceful
-}
-
-reload_nginx () {
- _log "Reloading nginx..."
- sudo systemctl reload nginx
-}
-
-email () {
- # $1: domain name $6: timestamp of cert creation
- printf "%s\n\n %s\t%s" \
- "The following SSL certifcate has just been renewed:" \
- "$1" "$(date -u -d @"$6")" | \
- mail -s "R-B SSL certifcate renewed" root
-}
-
-case "$OP" in
- deploy_cert)
- shift
- reload_nginx
- email "$@"
- ;;
- *)
- ;;
-esac
-
=====================================
hosts/infom07-i386/etc/nginx/nginx.conf deleted
=====================================
@@ -1,82 +0,0 @@
-user www-data;
-worker_processes auto;
-error_log /var/log/nginx/error.log;
-pid /run/nginx.pid;
-
-events {
- worker_connections 1024;
-}
-
-http {
- include mime.types;
- sendfile on;
- server_tokens off;
-
- server {
- server_name i386.reproduce.debian.net;
- ssi on;
- index index.html;
- root /var/www/html;
-
- listen 443 ssl;
- ssl_certificate /var/lib/dehydrated/certs/i386.reproduce.debian.net/fullchain.pem;
- ssl_certificate_key /var/lib/dehydrated/certs/i386.reproduce.debian.net/privkey.pem;
-
- ssl_session_cache shared:le_nginx_SSL:10m;
- ssl_session_timeout 1440m;
- ssl_session_tickets off;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_prefer_server_ciphers off;
- ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-C
- HACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
-
-
- location /.well-known/acme-challenge/ {
- alias /var/lib/dehydrated/acme-challenges/;
- disable_symlinks off;
- autoindex off;
- }
-
- location / {
- # First attempt to serve request as file, then
- # as directory, then fall back to displaying a 404.
- try_files $uri $uri/ =404;
- }
-
- location /api/ {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_pass http://127.0.0.1:8484;
- }
- location = /api/v0/build/report {
- client_max_body_size 200M;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_pass http://127.0.0.1:8484;
- }
-
- location /stats/ {
- alias /srv/rebuilderd/stats/ ;
- disable_symlinks off;
- autoindex on;
- }
-
- }
-
-
- server {
- listen 80;
- server_name i386.reproduce.debian.net;
-
- location /.well-known/acme-challenge/ {
- alias /var/lib/dehydrated/acme-challenges/;
- disable_symlinks off;
- autoindex off;
- }
-
- location / {
- return 301 https://$host$request_uri;
- }
-
- }
-
-
-}
=====================================
hosts/osuosl5-amd64/etc/cron.d/rebuilderd
=====================================
@@ -1,3 +1,4 @@
MAILTO=root
42 */3 * * * rebuilderd mkdir -p /srv/rebuilderd/stats/ && /srv/jenkins/bin/rebuilderd_stats.py amd64 /srv/rebuilderd/rebuilderd.db > /srv/rebuilderd/stats/index.html.tmp && mv /srv/rebuilderd/stats/index.html.tmp /srv/rebuilderd/stats/index.html
-23 0,6,12,18 * * * rebuilderd /srv/jenkins/bin/rebuilderd_graph.sh amd64
+#42 */3 * * * for arch in amd64 i386 ; do rebuilderd mkdir -p /srv/rebuilderd/$arch/stats/ && /srv/jenkins/bin/rebuilderd_stats.py $arch /srv/rebuilderd/$arch/rebuilderd.db > /srv/rebuilderd/$arch/stats/index.html.tmp && mv /srv/rebuilderd/$arch/stats/index.html.tmp /srv/rebuilderd/$arch/stats/index.html ; done
+23 0,6,12,18 * * * for arch in amd64 ; do rebuilderd /srv/jenkins/bin/rebuilderd_graph.sh $arch ; done
=====================================
hosts/osuosl5-amd64/etc/dehydrated/domains.txt
=====================================
@@ -1,2 +1,3 @@
reproduce.debian.net
amd64.reproduce.debian.net
+i386.reproduce.debian.net
=====================================
hosts/osuosl5-amd64/etc/nginx/nginx.conf
=====================================
@@ -15,7 +15,7 @@ http {
server {
server_name amd64.reproduce.debian.net;
ssi on;
- index index.html;
+ index index_amd64.html;
root /var/www/html;
listen 443 ssl;
@@ -60,6 +60,54 @@ http {
}
+ server {
+ server_name i386.reproduce.debian.net;
+ ssi on;
+ index index_i386.html;
+ root /var/www/html;
+
+ listen 443 ssl;
+ ssl_certificate /var/lib/dehydrated/certs/i386.reproduce.debian.net/fullchain.pem;
+ ssl_certificate_key /var/lib/dehydrated/certs/i386.reproduce.debian.net/privkey.pem;
+
+ ssl_session_cache shared:le_nginx_SSL:10m;
+ ssl_session_timeout 1440m;
+ ssl_session_tickets off;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_prefer_server_ciphers off;
+ ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-C
+ HACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
+
+ location /.well-known/acme-challenge/ {
+ alias /var/lib/dehydrated/acme-challenges/;
+ disable_symlinks off;
+ autoindex off;
+ }
+
+ location / {
+ # First attempt to serve request as file, then
+ # as directory, then fall back to displaying a 404.
+ try_files $uri $uri/ =404;
+ }
+
+ location /api/ {
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://127.0.0.1:8485;
+ }
+ location = /api/v0/build/report {
+ client_max_body_size 200M;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_pass http://127.0.0.1:8485;
+ }
+
+ location /stats/ {
+ alias /srv/rebuilderd/i386/stats/ ;
+ disable_symlinks off;
+ autoindex on;
+ }
+
+ }
+
server {
server_name reproduce.debian.net;
ssi on;
@@ -118,4 +166,20 @@ http {
}
+ server {
+ listen 80;
+ server_name i386.reproduce.debian.net;
+
+ location /.well-known/acme-challenge/ {
+ alias /var/lib/dehydrated/acme-challenges/;
+ disable_symlinks off;
+ autoindex off;
+ }
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+
+ }
+
}
=====================================
hosts/osuosl5-amd64/opt/etc/rebuilderd-i386.conf
=====================================
@@ -0,0 +1,40 @@
+## Configuration for http daemon
+[http]
+## The address to bind to. This is 127.0.0.1:8484 by default.
+bind_addr = "127.0.0.1:8485"
+## If you use a reverse proxy, use this header instead of the actual connecting ip.
+## Make sure the reverse proxy has filters in place to prevent spoofing issues.
+#real_ip_header = "X-Real-IP"
+## Set a default endpoint for rebuildctl. This is especially useful for the sync timer.
+#endpoint = "http://127.0.0.1:8484"
+
+## A random cookie for administration is generated at startup and written to /var/lib/rebuilderd/auth-cookie
+## You can set this to a fixed value here. Use `pwgen -1s 32` to generate one.
+## rebuildctl is searching for this cookie in ~/.config/rebuilderd.conf, /etc/rebuilderd.conf and
+## /var/lib/rebuilderd/auth-cookie in that order.
+#[auth]
+#cookie = "INSECURE"
+
+## The auth cookie above is only used for the default endpoint.
+## You can use different endpoints with `rebuildctl -H https://rebuilder.example.com status`,
+## In that case you need to configure a section below if you want to attach a cookie.
+#[endpoints."https://rebuilder.example.com"]
+#cookie = "INSECURE"
+
+## IMPORTANT: in production, make sure either `authorized_workers` or `signup_secret` is configured.
+[worker]
+## If we have a fixed set of workers we can allow-list the keys here.
+#authorized_workers = ["key1", "key2"]
+## If we want to spawn new workers dynamically we can configure a sign up secret below.
+## Use `pwgen -1s 32` to generate one.
+signup_secret = "0ARIdaNi8LF6CnOO9siopRWmQ7QHC2qO"
+
+#[schedule]
+## Configure the delay to automatically retry failed rebuilds in hours. The
+## default is 24h, this base is multiplied with the number of rebuilds, so the
+## first retry would happen after 24h, the second retry would happen 48h after the
+## first retry and the third retry would happen 72h after the second retry. There
+## is no upper limit of retries, if you can't afford frequent retries it's
+## recommended to set this to a high value like 168 (1 week) or higher.
+## Successful rebuilds are not retried.
+#retry_delay_base = 24
=====================================
hosts/infom07-i386/opt/etc/rebuilderd-sync.conf → hosts/osuosl5-amd64/opt/etc/rebuilderd-sync.i386.conf
=====================================
=====================================
hosts/infom07-i386/opt/etc/rebuilderd.conf → hosts/osuosl5-amd64/opt/etc/rebuilderd.conf
=====================================
@@ -1,7 +1,7 @@
## Configuration for http daemon
-[http]
+#[http]
## The address to bind to. This is 127.0.0.1:8484 by default.
-bind_addr = "127.0.0.1:8484"
+#bind_addr = "0.0.0.0:8484"
## If you use a reverse proxy, use this header instead of the actual connecting ip.
## Make sure the reverse proxy has filters in place to prevent spoofing issues.
#real_ip_header = "X-Real-IP"
@@ -22,12 +22,12 @@ bind_addr = "127.0.0.1:8484"
#cookie = "INSECURE"
## IMPORTANT: in production, make sure either `authorized_workers` or `signup_secret` is configured.
-[worker]
+#[worker]
## If we have a fixed set of workers we can allow-list the keys here.
#authorized_workers = ["key1", "key2"]
## If we want to spawn new workers dynamically we can configure a sign up secret below.
## Use `pwgen -1s 32` to generate one.
-signup_secret = "INSECURE"
+#signup_secret = "INSECURE"
#[schedule]
## Configure the delay to automatically retry failed rebuilds in hours. The
=====================================
hosts/osuosl5-amd64/var/www/html/index.html → hosts/osuosl5-amd64/var/www/html/index_amd64.html
=====================================
=====================================
hosts/infom07-i386/var/www/html/index.html → hosts/osuosl5-amd64/var/www/html/index_i386.html
=====================================
@@ -176,7 +176,7 @@
i386.reproduce.debian.net
</h1>
<h3>
- trixie (arch: i386)
+ trixie (arch:i386)
</h3>
<div id="stats">Loading stats...</div>
@@ -194,7 +194,7 @@
<footer>
pew pew, <a href="https://github.com/kpcyrd/rebuilderd">rebuilderd</a> using <a href="https://tracker.debian.org/pkg/devscripts">debrebuild</a> (with <a href="https://tracker.debian.org/pkg/sbuild">sbuild+unshare</a> as backend) to reproduce what Debian distributes via <code><a href="https://deb.debian.org/debian/dists/">deb.debian.org</a></code>. ♥️
<br/>
- <a href="https://reproduce.debian.net">https://reproduce.debian.net</a> / <a href="https://amd64.reproduce.debian.net">amd64</a> / i386
+ <a href="https://reproduce.debian.net">https://reproduce.debian.net</a> / i386 / <a href="https://amd64.reproduce.debian.net">amd64</a>
<br/>
<a href="/stats/">Statistics about BAD packages</a> on i386.
<br/>
=====================================
update_jdn.sh
=====================================
@@ -551,7 +551,7 @@ if [ -f /etc/debian_version ] ; then
esac
# packages needed for rebuilderd-worker for https://reproduce.debian.net
case $HOSTNAME in
- infom08*) DEBS="$DEBS
+ infom07*|infom08*) DEBS="$DEBS
diffoscope
python3-rpy2
" ;;
@@ -559,7 +559,7 @@ if [ -f /etc/debian_version ] ; then
esac
# packages needed for rebuilderd on https://reproduce.debian.net
case $HOSTNAME in
- osuosl4*|osuosl5*|infom07*) DEBS="$DEBS
+ osuosl4*|osuosl5*) DEBS="$DEBS
nginx-full dehydrated
diffoscope
python3-rpy2
@@ -736,8 +736,8 @@ if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "ionos7-amd64" ] || [ "$HOSTNA
fi
# set secret for remote rebuilderd-workers
case $HOSTNAME in
- infom07*|infom08*) SIGNUPSECRET="$(sudo cat /opt/etc/rebuilderd.secret)"
- for i in rebuilderd.conf rebuilderd-worker.conf ; do
+ osuosl5*|infom07*|infom08*) SIGNUPSECRET="$(sudo cat /opt/etc/rebuilderd.secret)"
+ for i in rebuilderd-i386.conf rebuilderd-worker.conf ; do
if [ -f /opt/etc/$i ] ; then
if grep -q '^signup_secret = "INSECURE"' /opt/etc/$i ; then
sudo sed -i "s#^signup_secret = \"INSECURE\"#signup_secret = \"$SIGNUPSECRET\"#g" /opt/etc/$i
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/c547e8fb73dab055c28e982898c297304d5fce8b
--
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/c547e8fb73dab055c28e982898c297304d5fce8b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20250120/a4616d66/attachment-0001.htm>
More information about the Qa-jenkins-scm
mailing list