propellor spin

config-joey.hs

@@ -189,28 +189,37 @@ hosts =               --                  (o)  `
 			(Just "remotes/origin/old-kitenet.net")
 	
 	-- git-annex autobuilder containers
-	, gitAnnexBuilder "amd64" 15
+	, standardGitAnnexBuilder "amd64" 15 "2h"
-	, gitAnnexBuilder "i386" 45
+	, standardGitAnnexBuilder "i386" 45 "2h"
-	-- armel builder has a companion container that run amd64 and
+	-- armel builder has a companion container using amd64 that
 	-- runs the build first to get TH splices. They share a home
 	-- directory, and need to have the same versions of all haskell
-	-- libraries installed.
+	-- libraries installed. The armel builder can ssh in to the
+	-- companion.
 	, Docker.container "armel-git-annex-builder-companion"
 		(image $ System (Debian Unstable) "amd64")
 		& Docker.volume GitAnnexBuilder.homedir
 		& Apt.unattendedUpgrades
+		& GitAnnexBuilder.treeDeps "armel"
+		& GitAnnexBuilder.cabalDeps
+		& GitAnnexBuilder.sshKeyGen
+		& Docker.expose "22"
+		& Apt.serviceInstalledRunning "ssh"
 	, Docker.container "armel-git-annex-builder"
 		(image $ System (Debian Unstable) "armel")
 		& Docker.link "armel-git-annex-builder-companion" "companion"
 		& Docker.volumes_from "armel-git-annex-builder-companion"
---		& GitAnnexBuilder.builder "armel" "15 * * * *" True
+		& GitAnnexBuilder.builder "armel" "1 3 * * *" "5h" True
+		-- TODO: automate installing haskell libs
+		-- (Currently have to run
+		-- git-annex/standalone/linux/install-haskell-packages)
 		& Apt.unattendedUpgrades
 	] ++ monsters
 
-gitAnnexBuilder :: Architecture -> Int -> Host
+standardGitAnnexBuilder :: Architecture -> Int -> GitAnnexBuilder.TimeOut -> Host
-gitAnnexBuilder arch buildminute = Docker.container (arch ++ "-git-annex-builder")
+standardGitAnnexBuilder arch buildminute timeout = Docker.container (arch ++ "-git-annex-builder")
 	(image $ System (Debian Unstable) arch)
-	& GitAnnexBuilder.builder arch (show buildminute ++ " * * * *") True
+	& GitAnnexBuilder.builder arch (show buildminute ++ " * * * *") timeout True
 	& Apt.unattendedUpgrades
 
 -- This is my standard system setup.

src/Propellor/Property/Docker.hs

@@ -156,6 +156,10 @@ name = runProp "name"
 publish :: String -> Property
 publish = runProp "publish"
 
+-- | Expose a container's port without publishing it.
+expose :: String -> Property
+expose = runProp "expose"
+
 -- | Username or UID for container.
 user :: String -> Property
 user = runProp "user"

src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs

@@ -18,25 +18,14 @@ gitbuilderdir = homedir </> "gitbuilder"
 builddir :: FilePath
 builddir = gitbuilderdir </> "build"
 
-builder :: Architecture -> CronTimes -> Bool -> Property
+type TimeOut = String -- eg, 5h
-builder arch crontimes rsyncupload = combineProperties "gitannexbuilder"
+
-	[ Apt.stdSourcesList Unstable
+builder :: Architecture -> CronTimes -> TimeOut -> Bool -> Property
-	, Apt.buildDep ["git-annex"]
+builder buildarch crontimes timeout rsyncupload = combineProperties "gitannexbuilder"
-	, Apt.installed ["git", "rsync", "moreutils", "ca-certificates",
+	[ treeDeps buildarch
-		"liblockfile-simple-perl", "cabal-install", "vim", "less"]
 	, Apt.serviceInstalledRunning "cron"
-	, User.accountFor builduser
+	, Cron.niceJob "gitannexbuilder" crontimes builduser gitbuilderdir $
-	, check (not <$> doesDirectoryExist gitbuilderdir) $ userScriptProperty builduser
+		"git pull ; timeout " ++ timeout ++ " ./autobuild"
-		[ "git clone git://git.kitenet.net/gitannexbuilder " ++ gitbuilderdir
-		, "cd " ++ gitbuilderdir
-		, "git checkout " ++ arch
-		]
-		`describe` "gitbuilder setup"
-	, check (not <$> doesDirectoryExist builddir) $ userScriptProperty builduser
-		[ "git clone git://git-annex.branchable.com/ " ++ builddir
-		]
-	, "git-annex source build deps installed" ==> Apt.buildDepIn builddir
-	, Cron.niceJob "gitannexbuilder" crontimes builduser gitbuilderdir "git pull ; ./autobuild"
 	-- The builduser account does not have a password set,
 	-- instead use the password privdata to hold the rsync server
 	-- password used to upload the built image.
@@ -55,3 +44,37 @@ builder arch crontimes rsyncupload = combineProperties "gitannexbuilder"
 					, makeChange $ writeFile f "no password configured"
 					)
 	]
+
+treeDeps :: Architecture -> Property
+treeDeps buildarch = combineProperties "gitannexbuilder"
+	[ Apt.stdSourcesList Unstable
+	, Apt.buildDep ["git-annex"]
+	, Apt.installed ["git", "rsync", "moreutils", "ca-certificates",
+		"liblockfile-simple-perl", "cabal-install", "vim", "less"]
+	, User.accountFor builduser
+	, check (not <$> doesDirectoryExist gitbuilderdir) $ userScriptProperty builduser
+		[ "git clone git://git.kitenet.net/gitannexbuilder " ++ gitbuilderdir
+		, "cd " ++ gitbuilderdir
+		, "git checkout " ++ buildarch
+		]
+		`describe` "gitbuilder setup"
+	, check (not <$> doesDirectoryExist builddir) $ userScriptProperty builduser
+		[ "git clone git://git-annex.branchable.com/ " ++ builddir
+		]
+	, "git-annex source build deps installed" ==> Apt.buildDepIn builddir
+	]
+
+-- Installs current versions of git-annex's deps from cabal, but only
+-- does so once.
+cabalDeps :: Property
+cabalDeps = flagFile go cabalupdated
+	where
+		go = userScriptProperty builduser ["cabal update && cabal install git-annex --only-dependencies || true"]
+		cabalupdated = homedir </> ".cabal" </> "packages" </> "hackage.haskell.org" </> "00-index.cache"
+
+-- Ensure a ssh key is set up.
+sshKeyGen :: Property
+sshKeyGen = flagFile gen f
+  where
+  	gen = userScriptProperty builduser ["ssh-keygen -t RSA -N '' -f " ++ f]
+	f = homedir </> ".ssh" </> "id_rsa"