diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-06-24 22:24:15 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-06-24 22:24:15 +0200 |
| commit | 200690c9aecec1f38c1a62a65916df2950e1afe7 (patch) | |
| tree | 6aa365dd4c7164016837ac1e728d7bb25a7ce2be /modules/private/buildbot/projects/test | |
| parent | 6689bca19502aa8823dfc0fd3948e8e0a7cb9976 (diff) | |
| download | Nix-200690c9aecec1f38c1a62a65916df2950e1afe7.tar.gz Nix-200690c9aecec1f38c1a62a65916df2950e1afe7.tar.zst Nix-200690c9aecec1f38c1a62a65916df2950e1afe7.zip | |
First attempt at making declarative VMs
In order to make buildbot more secure, the builds need to happen inside
VMs so that they can be thrown out on demand when not needed.
This commit implements this facility on dilion, and also defines
declaratively some previous VMs which used to run on the machine.
Diffstat (limited to 'modules/private/buildbot/projects/test')
| -rw-r--r-- | modules/private/buildbot/projects/test/__init__.py | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/modules/private/buildbot/projects/test/__init__.py b/modules/private/buildbot/projects/test/__init__.py index e6b8d51..e2f6f82 100644 --- a/modules/private/buildbot/projects/test/__init__.py +++ b/modules/private/buildbot/projects/test/__init__.py | |||
| @@ -1,5 +1,6 @@ | |||
| 1 | from buildbot.plugins import * | 1 | from buildbot.plugins import * |
| 2 | from buildbot_common.build_helpers import * | 2 | from buildbot_common.build_helpers import * |
| 3 | import buildbot_common.libvirt as ilibvirt | ||
| 3 | import os | 4 | import os |
| 4 | from buildbot.util import bytes2unicode | 5 | from buildbot.util import bytes2unicode |
| 5 | import json | 6 | import json |
| @@ -10,11 +11,13 @@ class E(): | |||
| 10 | PROJECT = "test" | 11 | PROJECT = "test" |
| 11 | BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT) | 12 | BUILDBOT_URL = "https://git.immae.eu/buildbot/{}/".format(PROJECT) |
| 12 | SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT) | 13 | SOCKET = "unix:/run/buildbot/{}.sock".format(PROJECT) |
| 13 | PB_SOCKET = "unix:address=/run/buildbot/{}_pb.sock".format(PROJECT) | 14 | PB_SOCKET = os.environ["BUILDBOT_WORKER_PORT"] |
| 15 | WORKER_HOST = "{}:{}".format(os.environ["BUILDBOT_HOST"], PB_SOCKET) | ||
| 14 | RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT) | 16 | RELEASE_PATH = "/var/lib/ftp/release.immae.eu/{}".format(PROJECT) |
| 15 | RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT) | 17 | RELEASE_URL = "https://release.immae.eu/{}".format(PROJECT) |
| 16 | GIT_URL = "https://git.immae.eu/perso/Immae/TestProject.git" | 18 | GIT_URL = "https://git.immae.eu/perso/Immae/TestProject.git" |
| 17 | SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key" | 19 | SSH_KEY_PATH = "/var/lib/buildbot/buildbot_key" |
| 20 | LIBVIRT_URL = os.environ["BUILDBOT_VIRT_URL"] + "?keyfile=" + SSH_KEY_PATH | ||
| 18 | PUPPET_HOST = "root@backup-1.v.immae.eu" | 21 | PUPPET_HOST = "root@backup-1.v.immae.eu" |
| 19 | LDAP_HOST = "ldap.immae.eu" | 22 | LDAP_HOST = "ldap.immae.eu" |
| 20 | LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu" | 23 | LDAP_DN = "cn=buildbot,ou=services,dc=immae,dc=eu" |
| @@ -70,8 +73,14 @@ def configure(c): | |||
| 70 | c["www"]["change_hook_dialects"]["base"] = { | 73 | c["www"]["change_hook_dialects"]["base"] = { |
| 71 | "custom_class": CustomBase | 74 | "custom_class": CustomBase |
| 72 | } | 75 | } |
| 73 | c['workers'].append(worker.LocalWorker("generic-worker-test")) | 76 | c['workers'].append(ilibvirt.LibVirtWorker("test-build", |
| 74 | c['workers'].append(worker.LocalWorker("deploy-worker-test")) | 77 | open(E.SECRETS_FILE + "/worker_password", "r").read().rstrip(), |
| 78 | ilibvirt.Connection(E.LIBVIRT_URL), | ||
| 79 | E.WORKER_HOST)) | ||
| 80 | c['workers'].append(ilibvirt.LibVirtWorker("test-deploy", | ||
| 81 | open(E.SECRETS_FILE + "/worker_password", "r").read().rstrip(), | ||
| 82 | ilibvirt.Connection(E.LIBVIRT_URL), | ||
| 83 | E.WORKER_HOST)) | ||
| 75 | 84 | ||
| 76 | c['schedulers'].append(hook_scheduler("TestProject", timer=1)) | 85 | c['schedulers'].append(hook_scheduler("TestProject", timer=1)) |
| 77 | c['schedulers'].append(force_scheduler("force_test", ["TestProject_build"])) | 86 | c['schedulers'].append(force_scheduler("force_test", ["TestProject_build"])) |
| @@ -109,7 +118,7 @@ def factory(): | |||
| 109 | logEnviron=False, command=["echo", package])) | 118 | logEnviron=False, command=["echo", package])) |
| 110 | factory.addSteps(package_and_upload(package, package_dest, package_url)) | 119 | factory.addSteps(package_and_upload(package, package_dest, package_url)) |
| 111 | 120 | ||
| 112 | return util.BuilderConfig(name="TestProject_build", workernames=["generic-worker-test"], factory=factory) | 121 | return util.BuilderConfig(name="TestProject_build", workernames=["test-build"], factory=factory) |
| 113 | 122 | ||
| 114 | 123 | ||
| 115 | def compute_build_infos(): | 124 | def compute_build_infos(): |
| @@ -143,7 +152,7 @@ def deploy_factory(): | |||
| 143 | ldap_password=util.Secret("ldap"))) | 152 | ldap_password=util.Secret("ldap"))) |
| 144 | factory.addStep(steps.MasterShellCommand(command=[ | 153 | factory.addStep(steps.MasterShellCommand(command=[ |
| 145 | "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host])) | 154 | "ssh", "-o", "UserKnownHostsFile=/dev/null", "-o", "StrictHostKeyChecking=no", "-o", "CheckHostIP=no", "-i", E.SSH_KEY_PATH, puppet_host])) |
| 146 | return util.BuilderConfig(name="TestProject_deploy", workernames=["deploy-worker-test"], factory=factory) | 155 | return util.BuilderConfig(name="TestProject_deploy", workernames=["test-deploy"], factory=factory) |
| 147 | 156 | ||
| 148 | from twisted.internet import defer | 157 | from twisted.internet import defer |
| 149 | from buildbot.process.buildstep import FAILURE | 158 | from buildbot.process.buildstep import FAILURE |