diff --git a/config-joey.hs b/config-joey.hs index 4580589..3d464e3 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -189,28 +189,37 @@ hosts = -- (o) ` (Just "remotes/origin/old-kitenet.net") -- git-annex autobuilder containers - , gitAnnexBuilder "amd64" 15 - , gitAnnexBuilder "i386" 45 - -- armel builder has a companion container that run amd64 and + , standardGitAnnexBuilder "amd64" 15 "2h" + , standardGitAnnexBuilder "i386" 45 "2h" + -- armel builder has a companion container using amd64 that -- runs the build first to get TH splices. They share a home -- directory, and need to have the same versions of all haskell - -- libraries installed. + -- libraries installed. The armel builder can ssh in to the + -- companion. , Docker.container "armel-git-annex-builder-companion" (image $ System (Debian Unstable) "amd64") & Docker.volume GitAnnexBuilder.homedir & Apt.unattendedUpgrades + & GitAnnexBuilder.treeDeps "armel" + & GitAnnexBuilder.cabalDeps + & GitAnnexBuilder.sshKeyGen + & Docker.expose "22" + & Apt.serviceInstalledRunning "ssh" , Docker.container "armel-git-annex-builder" (image $ System (Debian Unstable) "armel") & Docker.link "armel-git-annex-builder-companion" "companion" & Docker.volumes_from "armel-git-annex-builder-companion" --- & GitAnnexBuilder.builder "armel" "15 * * * *" True + & GitAnnexBuilder.builder "armel" "1 3 * * *" "5h" True + -- TODO: automate installing haskell libs + -- (Currently have to run + -- git-annex/standalone/linux/install-haskell-packages) & Apt.unattendedUpgrades ] ++ monsters -gitAnnexBuilder :: Architecture -> Int -> Host -gitAnnexBuilder arch buildminute = Docker.container (arch ++ "-git-annex-builder") +standardGitAnnexBuilder :: Architecture -> Int -> GitAnnexBuilder.TimeOut -> Host +standardGitAnnexBuilder arch buildminute timeout = Docker.container (arch ++ "-git-annex-builder") (image $ System (Debian Unstable) arch) - & GitAnnexBuilder.builder arch (show buildminute ++ " * * * *") True + & GitAnnexBuilder.builder arch (show buildminute ++ " * * * *") timeout True & Apt.unattendedUpgrades -- This is my standard system setup. diff --git a/src/Propellor/Property/Docker.hs b/src/Propellor/Property/Docker.hs index 09d7d6a..68fbced 100644 --- a/src/Propellor/Property/Docker.hs +++ b/src/Propellor/Property/Docker.hs @@ -156,6 +156,10 @@ name = runProp "name" publish :: String -> Property publish = runProp "publish" +-- | Expose a container's port without publishing it. +expose :: String -> Property +expose = runProp "expose" + -- | Username or UID for container. user :: String -> Property user = runProp "user" diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs index 677aa76..9754d4f 100644 --- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs +++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs @@ -18,25 +18,14 @@ gitbuilderdir = homedir "gitbuilder" builddir :: FilePath builddir = gitbuilderdir "build" -builder :: Architecture -> CronTimes -> Bool -> Property -builder arch crontimes rsyncupload = combineProperties "gitannexbuilder" - [ Apt.stdSourcesList Unstable - , Apt.buildDep ["git-annex"] - , Apt.installed ["git", "rsync", "moreutils", "ca-certificates", - "liblockfile-simple-perl", "cabal-install", "vim", "less"] +type TimeOut = String -- eg, 5h + +builder :: Architecture -> CronTimes -> TimeOut -> Bool -> Property +builder buildarch crontimes timeout rsyncupload = combineProperties "gitannexbuilder" + [ treeDeps buildarch , Apt.serviceInstalledRunning "cron" - , User.accountFor builduser - , check (not <$> doesDirectoryExist gitbuilderdir) $ userScriptProperty builduser - [ "git clone git://git.kitenet.net/gitannexbuilder " ++ gitbuilderdir - , "cd " ++ gitbuilderdir - , "git checkout " ++ arch - ] - `describe` "gitbuilder setup" - , check (not <$> doesDirectoryExist builddir) $ userScriptProperty builduser - [ "git clone git://git-annex.branchable.com/ " ++ builddir - ] - , "git-annex source build deps installed" ==> Apt.buildDepIn builddir - , Cron.niceJob "gitannexbuilder" crontimes builduser gitbuilderdir "git pull ; ./autobuild" + , Cron.niceJob "gitannexbuilder" crontimes builduser gitbuilderdir $ + "git pull ; timeout " ++ timeout ++ " ./autobuild" -- The builduser account does not have a password set, -- instead use the password privdata to hold the rsync server -- password used to upload the built image. @@ -55,3 +44,37 @@ builder arch crontimes rsyncupload = combineProperties "gitannexbuilder" , makeChange $ writeFile f "no password configured" ) ] + +treeDeps :: Architecture -> Property +treeDeps buildarch = combineProperties "gitannexbuilder" + [ Apt.stdSourcesList Unstable + , Apt.buildDep ["git-annex"] + , Apt.installed ["git", "rsync", "moreutils", "ca-certificates", + "liblockfile-simple-perl", "cabal-install", "vim", "less"] + , User.accountFor builduser + , check (not <$> doesDirectoryExist gitbuilderdir) $ userScriptProperty builduser + [ "git clone git://git.kitenet.net/gitannexbuilder " ++ gitbuilderdir + , "cd " ++ gitbuilderdir + , "git checkout " ++ buildarch + ] + `describe` "gitbuilder setup" + , check (not <$> doesDirectoryExist builddir) $ userScriptProperty builduser + [ "git clone git://git-annex.branchable.com/ " ++ builddir + ] + , "git-annex source build deps installed" ==> Apt.buildDepIn builddir + ] + +-- Installs current versions of git-annex's deps from cabal, but only +-- does so once. +cabalDeps :: Property +cabalDeps = flagFile go cabalupdated + where + go = userScriptProperty builduser ["cabal update && cabal install git-annex --only-dependencies || true"] + cabalupdated = homedir ".cabal" "packages" "hackage.haskell.org" "00-index.cache" + +-- Ensure a ssh key is set up. +sshKeyGen :: Property +sshKeyGen = flagFile gen f + where + gen = userScriptProperty builduser ["ssh-keygen -t RSA -N '' -f " ++ f] + f = homedir ".ssh" "id_rsa"