From MdsWiki
| Revision as of 19:31, 10 January 2018 (edit) Twf (Talk | contribs) (→os build job) ← Previous diff |
Revision as of 19:41, 10 January 2018 (edit) Twf (Talk | contribs) (→os build job) Next diff → |
||
| Line 187: | Line 187: | ||
| [[Image:os-build-5.PNG]] | [[Image:os-build-5.PNG]] | ||
| [[Image:os-build-6.PNG]] | [[Image:os-build-6.PNG]] | ||
| + | ===== macosx build job ==== | ||
| + | The macosx build job is very similar to the other os builds except for the Build section. On the macos build system there seems to be an issue with nfs caching such that the mac doesn't see that the source directory accessed over nfs has changed. To fix this we clear the nfs cache before attempting to perform the build. The macos build system also does not have a jenkins user defined so we use sudo to build the software and then change the owner of the workspace to twf since the twf account is used for jenkins and we change the owner of the output of the build placed on the nfs mount to be the uid and gid of the jenkins account. <br/> | ||
| + | [[Image:osx-build-1.PNG]] | ||
| == Jenkins Slave Configuration == | == Jenkins Slave Configuration == | ||
Revision as of 19:41, 10 January 2018
Contents |
Jenkins Master Configuration using Docker
Host configuration
Install Linux operating system
The jenkins server will be run using a docker container so the host should be an operating system that can run docker containers. At this time we are going to start with a Fedora Core 27 system. The initial key pieces of software needed for the jenkins host is openssh server. Once fc27 was installed the following commands were issued:
# dnf update -y # dnf install -y docker firewall-config python2-dateutil python2-requests # umount /home # lvreduce -L 50G -r /dev/mapper/fedora-home # mount /home # lvcreate -L 345G -n mdsplus fedora # mkfs -t ext4 -L mdsplus /dev/mapper/fedora-mdsplus # echo "/dev/mapper/fedora-mdsplus /export/mdsplus ext4 defaults 1 2" >> /etc/fstab # echo "/export/mdsplus /mdsplus-j2 none bind 0 0" >> /etc/fstab # mkdir /export/mdsplus # groupadd jenkins -g 981 # adduser -m jenkins -u 987 -g jenkins # chown jenkins:jenkins /export/mdsplus # systemctl start docker # systemctl enable docker
Create /etc/exports with the following contents:
/export 198.125.176.1/20(rw,fsid=0,insecure,no_subtree_check,async) /export/mdsplus 198.125.176.1/20(rw,nohide,insecure,no_subtree_check,async)
Add a few ports and services to the firewall using firewall-config:
Add a port 8080 to the allowed ports Add the following services: mountd, nfs, rpc-bind, ssh
# filewall-config
Start nfs server:
systemctl enable nfs-server systemctl start nfs-server
Add MDSplus ssh and signing keys to the /exports/mdsplus. Obtain the signing key tar file from dropbox then:
# su -l jenkins $ cd /exports $ tar zvxf ~/jenkins-certs.tgz
Set up ssh credentials for the jenkins account (after the su -l jenkins):
$ cd .ssh $ ln -s /export/mdsplus/certs/mdsplus_builder_rsa ./id_rsa $ cat /export/mdsplus/certs/mdsplus_builder_rsa.pub >> ./authorized_keys $ chmod 0600 ./authorized_keys
When you begin setting up jenkins slave nodes you will need to ssh from the jenkins master system using the jenkins account to populate the ~jenkins/.ssh/known_hosts file. Jenkins will not connect to a slave if the slave's host key is not in the known_hosts file.
Setup the jenkins service
Initial Jenkins Startup
The documentation of the Jenkins docker image can be found here. The first time starting up jenkins must be done manually to setup the authentication method. Start the container using:
# docker run -p 8080:8080 -p 50000:50000 -u 987:981 -v /etc/passwd:/etc/passwd -v /home/jenkins:/var/jenkins_home jenkins
In the terminal you should see output from jenkins which includes a password you will need to initially setup jenkins. Once the output on the terminal stops you should be able to bring up a browser and connect to this host on port 8080 to get to the jenkins web server. It will ask for the password and then ask you to select plugins. Initially I would click on the option to select your plugins vs using the default set. I would then deselect most if not all the options that are checked as the needed set of plugins will be added later. Once jenkins finishes installing any plugins you can enter a <ctl-c> in the terminal where you ran the docker command to exit jenkins.
Next we will set up jenkins to run as a system service. Replace the <jenkins-id> and <jenkins-gid> with the appropriate uid and gid of the jenkins account.
# cd /etc/systemd/system # cat - <<EOF > jenkins.service [Unit] Description=Jenkins Docker service Documentation=http://jenkins-ci.org After=docker.service Requires=docker.service [Service] TimeoutStartSec=0 ExecStartPre=-/usr/bin/docker kill jenkins ExecStartPre=-/usr/bin/docker rm jenkins ExecStartPre=/usr/bin/docker pull jenkins/jenkins:lts ExecStart=/usr/bin/docker run --name jenkins -p 8080:8080 -p 50000:50000 -u 987:981 \ -e "TZ=America/New_York" \ -v /home/jenkins/.ssh/known_hosts:/home/jenkins/.ssh/known_hosts \ -v /home/jenkins:/var/jenkins_home \ -v /export/mdsplus:/mdsplus \ -v /etc/passwd:/etc/passwd \ jenkins/jenkins:lts [Install] WantedBy=multi-user.target EOF # systemctl enable jenkins # systemctl start jenkins
Configure Jenkins
Authentication
When jenkins is first started and you used the password output on the terminal you should have been prompted to create an admin account. Open a browser to the jenkins host port 8080 and log in as administrator. Then click on "Manage Jenkins" and then click on "Manage Plugins". Next click on the "Available" tab and search for "GitHub Authentication plugin" and select it. Next click to install the plugin. It should not be necessary to restart jenkins. Next click on "Manage Jenkins" and this time click on "Configure Global Security". Next you will need to create an github OAuth application. This is a bit complicated. In the case of the MDSplus jenkins service we have set up a proxy service from the www.mdsplus.org web site and the jenkins server host is given a dns alias of jenkins2.mdsplus.org pointing to www.mdsplus.org. You create these OAuth applications by logging into github and clicking on "Settings" from the pulldown menu from your account icon at the top right of the web page. You then click on "Developer settings" and from the Outh Apps page you click on "New OAuth App". You can upload the MDSplus logo if you want but probably doesn't do much for you. The important part of the app is the "Authorization callback URL" which would be in our case: http://jenkins2.mdsplus.org/securityRealm/finishLogin.
Once you create an OAuth App you will be presented with a "Client ID" and a "Client Secret" which will be used to configure the GitHub Authentication plugin for jenkins. After creating the OAuth App go back into jenkins in the "Configure Global Security" page mentioned above and click on the "Github Authentication Plugin" in the "Access Control" section and fill in the "Client Id" and "Client Secret" values from github.
Plugins
The following plugins should be installed:
| Plugin Name | Description |
|---|---|
| AnsiColor | Provides terminal color output in console (i.e. red error messages) |
| GitHub Pull Request Builder | Communicates with github for triggering of test when pull requests are made for MDSplus/mdsplus |
| HipChat Plugin | Add notification of build status on HipChat |
| TAP Plugin | Check tap test results and display them on jenkins job pages |
| Parameterized Trigger plugin | Used in trigger jobs which fire up the builds for all the different platforms |
| Green Balls | Shows green balls instead of blue to indicate successful job completion |
| Folders Plugin | Add ability to organize jobs in folders. |
| Workspace Cleanup plugin | Enable deletion of workspace before builds to prevent conflicts with previous builds using same workspace. |
| Valgrind (special MDSplus version) | Parses valgrind test output files and provides useful information about any failures. See below for installation instructions. |
Install Valgrind Plugin
You must first download the special valgrind plugin To install this in jenkins to the "Manage Plugins" page and click on the "Advanced" tab and in the "Upload Plugin" section click on the "Choose File" button and select the valgrind.hpi file you just downloaded and then click on "Upload"
This valgrind.hpi was created using the following commands:
git clone git@github.com:MDSplus/valgrind-plugin.git cd valgrind-plugin mvn install
This should produce the valgrind.hpi file in the ./target subdirectory.
Plugin Configuration
HipChat Notifier Settings
GitHub Pull Request Builder
Credentials
Add credentials to jenkins. From the top page of the MDSplus jenkins web site click on "Credentials" on the left. Click on "System" on the left and then on the "Global credentials (unrestricted)" link. Next click on "Add Credential" on the left. Select "SSH USername with private key" for the "Kind" and enter jenkins in the "Username" field. Click on "From a file on Jenkins master" for the "Private Key" location and enter /mdsplus/certs/mdsplus_builder_rsa in the "File" field. Enter jenkins(mdsplus_builder_rsa) in the "Description" field. Then click "OK". Repeat the same steps to create a second key but this time enter MDSplusBuilder in the "Username" field and MDSplusBuilder(mdsplus_builder_rsa) in the "Description" field. For now the jenkins credential will be used for connecting to jenkins slaves and the MDSplusBuilder credential will be used for connecting to github.
Job Configurations
1-alpha-release
1-stable-release
Same as alpha except using stable branch in Source Code Management section.
1-pull-request-test
os build job
The name of the job should match the operating system you are building for. For example, fc27, ubuntu16, windows
= macosx build job
The macosx build job is very similar to the other os builds except for the Build section. On the macos build system there seems to be an issue with nfs caching such that the mac doesn't see that the source directory accessed over nfs has changed. To fix this we clear the nfs cache before attempting to perform the build. The macos build system also does not have a jenkins user defined so we use sudo to build the software and then change the owner of the workspace to twf since the twf account is used for jenkins and we change the owner of the output of the build placed on the nfs mount to be the uid and gid of the jenkins account.
Jenkins Slave Configuration
Linux and Windows
Linux slaves are other systems with a Linux based operating system with docker installed. A jenkins account should be created and the jenkins account should be added to a docker group (similar to that done on the Jenkins master host setup above). The jenkins-master:/mdsplus nfs share should be mounted on a /mdsplus directory (initially on the cmodws systems used as slaves this will be mounted on /mdsplus-j2 since the existing /mdsplus directory is used by the original jenkins system.)
Macosx
The mac slave needs to be able to build MDSplus. Details to follow.