Changes between Version 6 and Version 7 of SettingUpABuildServer


Ignore:
Timestamp:
11/19/12 12:04:47 (12 years ago)
Author:
jdreed
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SettingUpABuildServer

    v6 v7  
    14145. Append to /etc/approx/approx.conf the contents of `scripts/build-server/approx.conf.tail`.  Restart approx (as of precise, approx is run from inetd). 
    1515 
     166. Apply scripts/build-server/mount-defaults.patch to /etc/schroot/mount-defaults.  If for some reason that patch fails to apply, note that it's simply adding `/afs` as a bind mount. 
     17 
     18       /afs             /afs            none    rw,bind         0       0 
     19 
     207. Apply scripts/build-server/pam-schroot.patch to /etc/pam.d/schroot.  This patch does not include common-session and instead adds a basic pam_unix session module.  This prevents PAM from mucking with Kerberos and AFS. 
    1621 
    1722 
    18   7. Apply scripts/build-server/mount-defaults.patch and 
    19  
    20 No, just add the AFS line: 
    21  
    22 /afs            /afs            none    rw,bind         0       0 
    23  
    24      scripts/build-server/pam-schroot.patch. 
    25 Unneeded, schroot ships with the correct pam config. 
    26  
    27 Ensure that schroot's pam-config is sane (Specifically, that it includes the usual pam 
    28 stack, e.g. 
    29 @include common-auth 
    30 @include common-account 
    31 @include common-session 
    32  
    33  
    34 TODO: Deal with the /run mess once that's finalized. 
    35  
    36  
    37   8. For each supported DIST (see scripts/debian-versions.sh) run: 
     238. For each supported DIST (see scripts/debian-versions.sh) run: 
    3824 
    3925       scripts/build-server/make-chroot DIST i386 
     
    5036       N.B. In the old days, the UID was relevant for AFS and matching Hesiod.  With OpenAFS 1.6, it is likely no longer relevant, but double-checking never hurt. 
    5137 
    52  * Make the home directory mode 700.   
    53  * Install a daemon/linux-build-10.mit.edu keytab in the home directory as 
    54      "keytab".  Install a copy of the secret repository-signing key 
    55      (debathena@mit.edu) in the home directory's keyring with 
    56      something like: 
    57  
    58        kinit builder 
    59        gpg --export-secret-keys debathena@mit.edu | \ 
    60          ssh -l builder machinename gpg --import 
    61  
    62   * Create a file named `.sbuildrc` in builder's homedir containing: 
     382. Make the home directory mode 700.   
     393. Install a `daemon` keytab for the host (e.g. daemon/linux-build-10.mit.edu) in the home directory, named `keytab`.  Ensure that this principal also has a PTS id in both the `sipb` and `athena` cells, and add it to the list `debathena-build-server-acl`.  
     404. Install a copy of the secret repository-signing key (for debathena@mit.edu) in the home directory's keyring with something like: 
     41{{{ 
     42builder@old-build-server:~$ kinit builder 
     43builder@old-build-server:~$ gpg --export-secret-keys debathena@mit.edu | \ 
     44   ssh -l builder new-build-server gpg --import 
     45}}} 
     46You may transfer the key securely via another method, but ensure that the key is not left lying around anywhere.  (Even a correctly-ACL'd directory in AFS is not ideal). 
     475.Create a file named `.sbuildrc` in builder's homedir containing: 
    6348{{{ 
    6449$mailto = undef; 
     
    6954# Pass all DEBATHENA-specific variables to external commands 
    7055# (e.g. chroot-sources) 
    71 $environment_filter = [ '^DEBATHENA_', ]; 
     56# N.B. This replaces the default value, it does not union them. 
     57# So ensure that this has the defaults as noted in sbuild.conf 
     58$environment_filter = [ '^DEBATHENA_',  
     59                        '^KRB5CCNAME_', 
     60                        '^PATH$', 
     61                        '^DEB(IAN|SIGN)?_[A-Z_]+$', 
     62                        '^(C(PP|XX)?|LD|F)FLAGS(_APPEND)?$', 
     63                        '^USER(NAME)?$', 
     64                        '^LOGNAME$', 
     65                        '^HOME$', 
     66                        '^TERM$', 
     67                        '^SHELL$']; 
    7268# Ensure file evaluates as true in Perl 
    73691; 
    7470}}} 
     716. Create a file named .ssh/config in builder's homedir containing: 
    7572 
    76      Create a file named .ssh/config in builder's homedir containing: 
    77  
    78        Host svn.mit.edu 
    79          User debuildsvn 
    80  
    81      Add builder to the sbuild group in /etc/group. 
    82  
    83 Ensure that daemon.(build-server) exists in Kerberos and has a pts id.   
    84  
    85 Add it to debathena-build-server-acl 
    86  
    87 Ensure daemon.(build-server) exists in -c sipb (assuming the debathena locker is still in -c sipb) 
    88  
    89  
    90  
    91      Copy scripts/build-server/autodebathenify to builder's homedir. 
    92      Create a file named autodebathenify.config in builder's homedir 
    93      containing: 
     73{{{ 
     74Host svn.mit.edu 
     75  User debuildsvn 
     76}}} 
     777. Add builder to the sbuild group in /etc/group. 
     788. Create a file named .devscripts in builder's homedir containing: 
     79{{{ 
     80DEBUILD_DPKG_BUILDPACKAGE_OPTS="-sa -us -uc -i -I.svn" 
     81}}} 
     829. In builder's homedir, append to .bashrc: 
     83{{{ 
     84       add debathena 
     85       export PATH=$PATH:~/bin 
     86       export DEBATHENA_APT=/mit/debathena/apt 
     87}}} 
     8810. Copy ~/bin from the old build server. 
     8911. Run `sbuild-update --keygen` to generate the key for signing the temporary repo used during the build process.  This requires entropy, and the rng-tools package is helpful for generating the necessary entropy, seeing as how you probably don't have access to the machine's keyboard or mouse. 
     9012. Copy scripts/build-server/autodebathenify to builder's homedir.  Create a file named autodebathenify.config in builder's homedir containing: 
     91{{{ 
    9492       error_addr=debathena-root@mit.edu 
    9593       scripts_dir=/mit/debathena/bin 
     
    9795       packages="lprng openafs" 
    9896       export DEBATHENA_APT=/mit/debathena/apt 
     97}}} 
     9813. Copy scripts/build-server/autodebathenify.cron to builder's homedir and install it with "crontab autodebathenify.cron".  You should probably test autodebathenify by hand to ensure it works. 
    9999 
    100      Copy scripts/build-server/autodebathenify.cron to builder's 
    101      homedir and install it with "crontab autodebathenify.cron". 
     100=== Autolive Builder === 
    102101 
    103      Copy scripts/build-server/autolivebuilder to builder's 
    104      homedir. Create a file called autolivebuilder.config in builder's 
    105      homedir containing: 
     102'''NOT CURRENTLY USED''' 
    106103 
     104Copy scripts/build-server/autolivebuilder to builder's homedir. Create a file called autolivebuilder.config in builder's homedir containing: 
     105{{{ 
    107106       error_addr=debathena-root@mit.edu 
    108107       release_version='9.04' 
     
    112111       gpg_opts=("-u" "0D8A9E8F") 
    113112       live_dir=/net/sipb-isilon-sc.mit.edu/ifs/mirror/sipb/debathena/livecd 
    114  
    115      Create a file named .devscripts in builder's homedir containing: 
    116  
    117        DEBUILD_DPKG_BUILDPACKAGE_OPTS="-sa -us -uc -i -I.svn" 
    118  
    119      In builder's homedir, append to .bashrc: 
    120  
    121        add debathena 
    122        export PATH=$PATH:~/bin 
    123        export DEBATHENA_APT=/mit/debathena/apt 
    124  
    125  
    126 blah blah copy ~/bin too 
    127  
    128 sbuild-update --keygen 
    129 rng-tools is helpful for entropy 
     113}}}