EgeeWiki - Recent changes [en] http://egee.cesnet.cz/mediawiki/index.php/Special:Recentchanges Track the most recent changes to the wiki on this page. en MediaWiki 1.5.5 Tue, 21 May 2013 03:19:16 GMT User:Valtri/Jenkins http://egee.cesnet.cz/mediawiki/index.php/User:Valtri/Jenkins <p>/* Info */ - more gpg keys</p> <p><b>New page</b></p><div>= Info =<br /> <br /> * '''URL''': https://emian.zcu.cz:8443/jenkins/<br /> * '''credentials''': root@emain.zcu.cz:/etc/tomcat6/tomcat-users.xml<br /> * '''platforms''': SL5/32, SL5/64, SL6/32, SL6/64, Fedora 17/64, Fedora 18/64, Debian 6/64<br /> * '''gpg keys''':<br /> ** http://scientific.zcu.cz/repos/jenkins-builder.asc (main) - 7BBFDF7C<br /> ** http://scientific.zcu.cz/repos/jenkins-builder-sl5.asc (for SL5) - 64FA8786<br /> ** http://scientific.zcu.cz/repos/valtri.asc (externals) - 7157882F<br /> <br /> = Builds =<br /> <br /> There are two parts of each build:<br /> # '''source''' build (canl-c-sources-*, gridsite-sources-*, glite-lb-soures-*, ...)<br /> # '''binary''' build (canl-c-build-*, gridsite-build-*, glite-lb-build-*, ...)<br /> <br /> The reason is to have the same source tarballs for all binary builds.<br /> <br /> There are different builds for each branch:<br /> # '''devel''' - current development branches (master, g_with_canl_1_0, ...)<br /> # '''release''' - latest tagged versions<br /> <br /> == Cloning configurations ==<br /> <br /> The origin for all configurations should be the development ones.<br /> <br /> Create or update release configurations:<br /> <br /> # create a new job COMPONENT-build-release<br /> #* clone of COMPONENT-build-devel (or clone of other active branch)<br /> #* (keep &quot;Discard Old Builds&quot;)<br /> #* replace download in Build/Commands: from '*-sources-devel&quot; to &quot;*-sources-release&quot;<br /> # create a new job COMPONENT-sources-release<br /> #* clone of COMPONENT-sources-devel (or clone of other active branch)<br /> #* (keep &quot;Discard Old Builds&quot;)<br /> #* edit git tag (or update build commands if checkout is there)<br /> #* remove &quot;Build/Triggers/Poll SCM&quot;<br /> #* comment out sed on project/version.properties (and update Makefile.inc if it's gridsite)<br /> #* change &quot;Post-build Actions/Build other project&quot;: from COMPONENT-build-devel to COMPONENT-build-release<br /> <br /> = Tricks =<br /> <br /> '''Trigger Build''':<br /> wget -q http://localhost:8080/jenkins/job/log4c/build?token=BUILD<br /> <br /> = Installation =<br /> <br /> * '''Key preparation''':<br /> # X509 -&gt; pkcs12<br /> # (enter some passphrase)<br /> openssl pkcs12 -export -in server.crt -inkey server.key \<br /> -out server.p12 -name some-alias \<br /> -certfile concatenedCAFiles.pem<br /> # pkcs12 -&gt; java<br /> # (use the same password for store and for key)<br /> keytool -importkeystore \<br /> -deststorepass changeit -destkeypass changeit -destkeystore server.keystore \<br /> -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass some-password \<br /> -alias some-alias<br /> <br /> * '''User''':<br /> adduser --disabled-password jenkins<br /> usermod -a -G jenkins tomcat6<br /> #? usermod -a -G tomcat6 jenkins<br /> chmod -R g+w /home/jenkins<br /> <br /> * '''Tomcat''':<br /> &lt;tt&gt;/etc/tomcat6/server.xml&lt;/tt&gt; - &lt;tt&gt;Connector&lt;/tt&gt;:<br /> &amp;lt;!-- Define a SSL HTTP/1.1 Connector on port 8443<br /> This connector uses the JSSE configuration, when using APR, the <br /> connector should be using the OpenSSL style configuration<br /> described in the APR documentation --&amp;gt;<br /> &amp;lt;Connector port=&quot;8443&quot; protocol=&quot;HTTP/1.1&quot; SSLEnabled=&quot;true&quot;<br /> maxThreads=&quot;150&quot; scheme=&quot;https&quot; secure=&quot;true&quot;<br /> clientAuth=&quot;want&quot; sslProtocol=&quot;TLS&quot; <br /> keystorePass=&quot;*CENSOORED*&quot; URIEncoding=&quot;UTF-8&quot; /&amp;gt;<br /> <br /> &lt;tt&gt;/etc/default/tomcat6&lt;/tt&gt; - java opts:<br /> # increase maximal memory heap<br /> # set jenkins home<br /> # for example:<br /> JAVA_OPTS=&quot;-Djava.awt.headless=true -Xmx512m -XX:+UseConcMarkSweepGC -DJENKINS_HOME=/home/jenkins&quot;<br /> <br /> * '''Tomcat6 &amp;amp; Debian''':<br /> sed -i 's/.*\(TOMCAT6_SECURITY\)=.*/\1=yes/' /etc/default/tomcat6<br /> <br /> # TODO: specific properties<br /> # TODO2: properties for who?<br /> cat &gt;/etc/tomcat6/policy.d/04webapps.policy &lt;&lt;EOF<br /> grant {<br /> permission java.util.PropertyPermission &quot;*&quot;, &quot;read&quot;;<br /> };<br /> grant codeBase &quot;file:/var/lib/tomcat6/webapps/jenkins/-&quot; {<br /> permission java.security.AllPermission;<br /> };<br /> grant codeBase &quot;file:/home/jenkins/-&quot; {<br /> permission java.security.AllPermission;<br /> };<br /> EOF<br /> <br /> * '''GUI''':<br /> ** Configure Global Security<br /> *** Matrix-based security ...<br /> *** Security Realm: Delegate to servlet container (then edit &lt;tt&gt;/etc/tomcat6/tomcat-users.xml&lt;/tt&gt;)<br /> ** Manage Plugins<br /> *** update<br /> *** install &quot;Git Plugin&quot;, &quot;Jenkins Mailer&quot;, &quot;GitHub Plugin&quot;<br /> ** copy https://software.sandia.gov/trac/fast/browser/hudson/master/launch_krb5_slave.sh to &lt;tt&gt;~jenkins/scripts&lt;/tt&gt; and adjust<br /> <br /> = Node preparation =<br /> <br /> * we need gpg key for Jenkins<br /> ** beware of SL 5: there is limited support of keys, use SL 5 gnupg defaults to generate<br /> <br /> Now, let's compare SL/Fedora build system setup (one useradd) with the Debian machinery. :-)<br /> <br /> == Scientific Linux ==<br /> ~/guest/epel.sh<br /> <br /> # SELinux<br /> ...<br /> # for SL5:<br /> semanage fcontext -a -s system_u -t user_home_t '/var/lib/jenkins/.+'<br /> semanage fcontext -a -s system_u -t krb5_home_t '/var/lib/jenkins/\.k5login'<br /> restorecon -Rv /var/lib/jenkins<br /> # for SL6:<br /> semanage fcontext -a -e /home/SOME_USER /var/lib/jenkins<br /> restorecon -R -v /var/lib/jenkins<br /> <br /> yum install createrepo rpm-sign<br /> # install old version of mock and add exception to repository<br /> #rpm -i mock-1.0.28-1.el5.noarch.rpm<br /> #rpm -i mock-1.1.21-1.el6.noarch.rpm<br /> ...<br /> <br /> yum install policycoreutils-python<br /> yum install java-1.7.0-openjdk<br /> <br /> useradd -m -d /var/lib/jenkins -u 1000 jenkins<br /> echo &quot;jenkins/emian.zcu.cz@ZCU.CZ&quot; &gt; ~jenkins/.k5login<br /> chown jenkins:jenkins ~jenkins/.k5login<br /> usermod -a -G mock jenkins<br /> echo &quot;%_gpg_name Jenkins Builder &lt;jenkins@emian.zcu.cz&gt;&quot; &gt;&gt; ~jenkins/.rpmmacros<br /> chown jenkins:jenkins ~jenkins/.rpmmacros<br /> <br /> # copy .gnupg<br /> # beware for SL5: RSA &gt;= 2048 bit doesn't work, use gnupg default<br /> ...<br /> chown -R jenkins:jenkins ~jenkins/.gnupg/<br /> #rpm --import ...<br /> ...<br /> <br /> == Fedora ==<br /> yum install createrepo rpm-sign<br /> # install old version of mock and add exception to repository<br /> #rpm -i mock-1.1.26-2.fc17.noarch.rpm<br /> #rpm -i mock-1.1.26-2.fc18.noarch.rpm<br /> ...<br /> <br /> useradd -m -d /var/lib/jenkins -u 1000 jenkins<br /> echo &quot;jenkins/emian.zcu.cz@ZCU.CZ&quot; &gt; ~jenkins/.k5login<br /> chown jenkins:jenkins ~jenkins/.k5login<br /> usermod -a -G mock jenkins<br /> echo &quot;%_gpg_name Jenkins Builder &lt;jenkins@emian.zcu.cz&gt;&quot; &gt;&gt; ~jenkins/.rpmmacros<br /> chown jenkins:jenkins ~jenkins/.rpmmacros<br /> <br /> # copy .gnupg<br /> ...<br /> chown -R jenkins:jenkins ~jenkins/.gnupg/<br /> #rpm --import ...<br /> ...<br /> <br /> == Debian ==<br /> <br /> '''pbuilder machinery''':<br /> cat &gt; /root/.pbuilderrc &lt;&lt;EOF<br /> OTHERMIRROR='deb http://scientific.zcu.cz/repos/EMI3-external/debian/ stable/|deb file:///home/jenkins/tomcat-debian-externals/ stable/|deb file:///home/jenkins/tomcat-debian/ stable/'<br /> BINDMOUNTS=&quot;/home/jenkins/tomcat-debian-externals /home/jenkins/tomcat-debian&quot;<br /> EOF<br /> <br /> cat &gt; ~jenkins/.pbuilderrc &lt;&lt;EOF<br /> OTHERMIRROR='deb http://scientific.zcu.cz/repos/EMI3-external/debian/ stable/|deb file:///home/jenkins/debian-externals/ stable/|deb file:///home/jenkins/debian/ stable/'<br /> BINDMOUNTS=&quot;/home/jenkins/debian-externals /home/jenkins/debian&quot;<br /> EOF<br /> <br /> cat &gt; ~jenkins/.mini-dinstall.conf &lt;&lt;EOF<br /> [DEFAULT]<br /> archive_style=flat<br /> archivedir=~/debian<br /> architectures=all, i386, powerpc, sparc, amd64<br /> mail_on_success=false<br /> generate_release=true<br /> <br /> [stable]<br /> alias=squeezy<br /> <br /> [unstable]<br /> alias=wheezy<br /> EOF<br /> <br /> cat &gt; ~jenkins/.mini-dinstall-externals.conf &lt;&lt;EOF<br /> [DEFAULT]<br /> archive_style=flat<br /> archivedir=~/debian-externals<br /> architectures=all, i386, powerpc, sparc, amd64<br /> mail_on_success=false<br /> generate_release=true<br /> <br /> [stable]<br /> alias=squeezy<br /> <br /> [unstable]<br /> alias=wheezy<br /> EOF<br /> <br /> cat &gt; ~jenkins/.dput.cf &lt;&lt;EOF<br /> [local]<br /> fqdn = localhost<br /> method = local<br /> incoming = ~/debian/mini-dinstall/incoming<br /> run_dinstall = 0<br /> post_upload_command = /usr/bin/mini-dinstall -v --debug --batch ~/debian<br /> <br /> [local_externals]<br /> fqdn = localhost<br /> method = local<br /> incoming = ~/debian-externals/mini-dinstall/incoming<br /> run_dinstall = 0<br /> post_upload_command = /usr/bin/mini-dinstall -v --debug --batch -c ~/.mini-dinstall-externals.conf ~/debian-externals<br /> EOF<br /> <br /> chown jenkins:jenkins ~jenkins/.pbuilderrc ~jenkins/.mini-dinstall.conf ~jenkins/.mini-dinstall-externals.conf ~jenkins/.dput.cf<br /> mkdir -p /home/jenkins/debian/mini-dinstall/incoming /home/jenkins/debian-externals/mini-dinstall/incoming<br /> chown jenkins:jenkins /home/jenkins/debian/mini-dinstall/incoming /home/jenkins/debian-externals/mini-dinstall/incoming<br /> <br /> # to build by Jenkins under tomcat too<br /> cd ~jenkins<br /> cp .dput.cf .mini-dinstall*.conf .pbuilderrc ~tomcat6/<br /> cd ~tomcat6<br /> sed -i 's,~,/home/jenkins,' .dput.cf .mini-dinstall*.conf<br /> chown tomcat6:tomcat6 .dput.cf .mini-dinstall*.conf .pbuilderrc<br /> <br /> cp -rp ~jenkins/.gnupg ~tomcat6/<br /> chown -R ~tomcat6/.gnupg<br /> <br /> '''/etc/sudoers''':<br /> jenkins,tomcat6 ALL=(root) NOPASSWD: SETENV: /usr/sbin/pbuilder --build --buildresult /home/jenkins/[a-zA-Z0-9_/-]* --debbuildopts [ ]--debbuildopts [ ]--hookdir /home/jenkins/[a-zA-Z0-9_/-]* *<br /> jenkins,tomcat6 ALL=(root) NOPASSWD: /bin/rm -rfv results, /bin/rm -rfv results/pbuilder<br /> <br /> '''initial image''':<br /> pbuilder --create --distribution squeeze</div> Fri, 17 May 2013 08:33:38 GMT Frantisek Dvorak http://egee.cesnet.cz/mediawiki/index.php/User_talk:Valtri/Jenkins User:Valtri http://egee.cesnet.cz/mediawiki/index.php/User:Valtri <p></p> <table border='0' width='98%' cellpadding='0' cellspacing='4' class='diff'> <tr> <td colspan='2' width='50%' align='center' class='diff-otitle'>Revision as of 20:05, 16 May 2013</td> <td colspan='2' width='50%' align='center' class='diff-ntitle'>Current revision</td> </tr> <tr><td colspan="2" align="left"><strong>Line 24:</strong></td> <td colspan="2" align="left"><strong>Line 24:</strong></td></tr> <tr><td> </td><td class='diff-context'></td><td> </td><td class='diff-context'></td></tr> <tr><td> </td><td class='diff-context'>* VOMS setup-script: [[Image:Voms-install.sh]]</td><td> </td><td class='diff-context'>* VOMS setup-script: [[Image:Voms-install.sh]]</td></tr> <tr><td colspan="2">&nbsp;</td><td>+</td><td class='diff-addedline'></td></tr> <tr><td colspan="2">&nbsp;</td><td>+</td><td class='diff-addedline'>'''Jenkins'''':</td></tr> <tr><td colspan="2">&nbsp;</td><td>+</td><td class='diff-addedline'>* [[User:Valtri/Jenkins]]</td></tr> </table> Thu, 16 May 2013 20:05:59 GMT Frantisek Dvorak http://egee.cesnet.cz/mediawiki/index.php/User_talk:Valtri