You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Nova Resource:Integration/Setup: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>Krinkle
(→‎npm upgrade: Remove outdated docs. npm should no longer be upgraded this way. Since moved to puppet and more recently to the container)
imported>Krinkle
mNo edit summary
Line 11: Line 11:
Wait a few minutes (during which the instance is created, initial setup happens). Then connect to the instance over SSH and fix puppet:
Wait a few minutes (during which the instance is created, initial setup happens). Then connect to the instance over SSH and fix puppet:


* <code>rm -fR /var/lib/puppet/ssl && puppet agent -tv</code>
* <code>sudo rm -fR /var/lib/puppet/ssl && sudo puppet agent -tv</code>
* If that complains:
* If that complains:
** get the instance fully qualified domain name (FQDN): <code>hostname --fqdn</code>
** get the instance fully qualified domain name (FQDN): <code>hostname --fqdn</code>
** On <code>integration-puppetmaster01.integration.eqiad.wmflabs</code>, clean the old and invalid certificate(s): <code>sudo puppet cert clean <FQDN OF INSTANCE HERE</code>
** On <code>integration-puppetmaster-02.integration.eqiad.wmflabs</code>, clean the old and invalid certificate(s): <code>sudo puppet cert clean <FQDN OF INSTANCE HERE</code>


Apply the Puppet role:
Apply the Puppet role:
Line 36: Line 36:
#* Type: Permanent Agent
#* Type: Permanent Agent
#* Executors: 1 (for Docker agents: 4)
#* Executors: 1 (for Docker agents: 4)
#* Filesystem root: <code>/srv/jenkins/workspace</code>
#* Remote root directory: <code>/srv/jenkins/workspace</code>
#* Labels:
#* Labels:
#** <code>contintLabsSlave</code>
#** <code>contintLabsSlave</code>

Revision as of 15:01, 21 April 2020

Roles

integration-agent-{type}-XXXX

Updated September 2019 based on https://phabricator.wikimedia.org/T226233

On https://horizon.wikimedia.org/project/instances/

  • Create a new instance named integration-agent-{type}-XXXX where {type} is a role (example: docker) and XXXX increments starting from 1001.
  • Source: pick the Stretch image
  • Flavor: pick mediumram flavor

Wait a few minutes (during which the instance is created, initial setup happens). Then connect to the instance over SSH and fix puppet:

  • sudo rm -fR /var/lib/puppet/ssl && sudo puppet agent -tv
  • If that complains:
    • get the instance fully qualified domain name (FQDN): hostname --fqdn
    • On integration-puppetmaster-02.integration.eqiad.wmflabs, clean the old and invalid certificate(s): sudo puppet cert clean <FQDN OF INSTANCE HERE

Apply the Puppet role:

Run puppet on the instance (puppet agent -tv) and verify:

  • If a Docker agent, make sure there is a /var/lib/docker partition for Docker
  • Clean unused packages: apt-get autoremove --purge
  • Upgrade packages: apt-get -y dist-upgrade

Reboot the instance (Before adding to Jenkins). This cleans state, launches deamons, and fixes Shinken monitoring (phabricator:T91351). Once it is back, you can then add it to Jenkins

Add the instance to Jenkins

  1. Create "New Node" in Jenkins management
    • Name: (short hostname of instance)
    • Type: Permanent Agent
    • Executors: 1 (for Docker agents: 4)
    • Remote root directory: /srv/jenkins/workspace
    • Labels:
      • contintLabsSlave
      • For Docker agents: Docker
    • Usage: EXCLUSIVE (Only build jobs with label restrictions matching this node)
    • Launch method: SSH
      • Host: (internal IP of instance)
      • Credentials: jenkins-deploy (key from role::ci::slave::labs::common)
    • Availability: Always (Keep this slave on-line as much as possible)

The Jenkins master will automatically trust the ssh key upon the first connection.

integration-dev

  1. Create instance:
    • m1.medium
    • Security group: Default
  2. Wait 10 minutes
  3. Reconfigure instance from wikitech: Enable role::ci::slave::labs.
  4. Via SSH, force a puppet run (applies role).

Utilities

puppet

Use sudo /usr/local/sbin/puppet-run &. Don't use sudo puppet agent -t, because that is not what cron uses and leads to inconsistencies with e.g. umask and other factors affecting default values used at runtime.

Retrieved from "https://wikitech-static.wikimedia.org/w/index.php?title=Nova_Resource:Integration/Setup&oldid=460082"