File: README_pejacevic.txt

package info (click to toggle)
piuparts 1.0.0
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid
  • size: 2,108 kB
  • sloc: python: 7,409; sh: 3,989; makefile: 167
file content (187 lines) | stat: -rw-r--r-- 6,230 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
Notes about the piuparts installation on pejacevic.debian.org and it's slave(s)
===============================================================================

This document describes the setup for https://piuparts.debian.org - it's used
for reference for the Debian System Administrators (DSA) as well as a guide
for other setting up a similar system, with the piuparts source code
installed from git. For regular installations we recommend to use the
piuparts-master and piuparts-slaves packages as described in
/usr/share/doc/piuparts-master/README_server.txt

== Installation

piuparts.debian.org is a setup running on three systems:

* pejacevic.debian.org, running the piuparts-master instance and an apache
  webserver to display the results.
* piu-slave-bm-a.debian.org, running four piuparts-slave nodes to run the
  actual tests.
* piu-slave-ubc-01.debian.org, running four piuparts-slave nodes as well.

=== piuparts installation from source

* basically, apt-get build-dep piuparts - in reality both systems get their
  package configuration from git.debian.org/git/mirror/debian.org.git
* pejacevic runs a webserver as well (see below for apache configuration)
* Copy 'https://salsa.debian.org/debian/piuparts/blob/develop/update-piuparts-master-setup'
  and 'https://salsa.debian.org/debian/piuparts/blob/develop/update-piuparts-slave-setup'
  to the hosts which should be master and slave. (It's possible and has been
  done for a long time to run them on the same host.(
  Run the scripts as the piupartsm and piupartss users and clone that git
  repository into '/srv/piuparts.debian.org/src' in the first place. Then
  checkout the develop branch.
* Ideally provide '/srv/piuparts.debian.org/tmp' on (a sufficiently large)
  tmpfs.
* `sudo ln -s /srv/piuparts.debian.org/etc/piuparts /etc/piuparts`
* See below for further user setup instructions.

=== User setup

On pejacevic the piuparts-master user piupartsm needs to be created, on
piu-slave-bm-a and piu-slave-ubc-01 a piupartss user is needed for the slave.
Both are members of the group piuparts and '/srv/piuparts.debian.org' needs to
be chmod 2775 and chown piuparts(sm):piuparts.

==== '~/bashrc' for piupartsm and piupartss

Do this for the piupartsm user on pejacevic and piupartss on the slave(s):

----
piupartsm@pejacevic$ cat >> ~/.bashrc <<-EOF

# added manually for piuparts
umask 0002
export PATH="~/bin:\$PATH"
EOF
----

==== set up ssh pubkey authentification

Then create an SSH keypair for piupartss and put it into
'/etc/ssh/userkeys/piupartsm' on pejacevic, so the piupartss user can login
with ssh and run only piuparts-master. Restrict it like this:

----
$ cat /etc/ssh/userkeys/piupartsm
command="/srv/piuparts.debian.org/share/piuparts/piuparts-master",from="2001:41c8:1000:21::21:7,5.153.231.7",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa ...
----

=== Setup sudo for the slave(s)

This is actually done by DSA:

==== '/etc/sudoers' for piu-slave-bm-a and piu-slave-ubc-01

----
# The piuparts slave needs to handle chroots.
piupartss       ALL = NOPASSWD: /usr/sbin/piuparts *, \
                                /bin/umount /srv/piuparts.debian.org/tmp/tmp*, \
                                /usr/bin/test -f /srv/piuparts.debian.org/tmp/tmp*, \
                                /usr/bin/rm -rf --one-file-system /srv/piuparts.debian.org/tmp/tmp*
----

=== Apache configuration

Any other webserver will do but apache is used on pejacevic (and maintained by DSA):

----
<VirtualHost *:80>
	ServerName piuparts.debian.org

	ServerAdmin debian-admin@debian.org

	ErrorLog /var/log/apache2/piuparts.debian.org-error.log
	CustomLog /var/log/apache2/piuparts.debian.org-access.log combined

	DocumentRoot /srv/piuparts.debian.org/htdocs
	AddType text/plain .log
	AddDefaultCharset utf-8

	HostnameLookups Off
	UseCanonicalName Off
	ServerSignature On
	<IfModule mod_userdir.c>
		UserDir disabled
	</IfModule>
</VirtualHost>
# vim:set syn=apache:
----

== Running piuparts

=== Updating the piuparts installation

Updating the master, pejacevic.debian.org:

----
holger@pejacevic~$ sudo su - piupartsm update-piuparts-master-setup develop origin
----

Updating the slave(s), for example on piu-slave-bm-a.debian.org:

----
holger@piu-slave-bm-a~$ sudo su - piupartss update-piuparts-slave-setup develop origin
----

=== Running piuparts

When running piuparts in master/slave mode, the master is never run by itself,
instead it is always started by the slave(s).

==== Starting and stopping the slaves

Run the following script under *your* user account to start four instances of
piuparts-slave on pejacevic, piuparts-master will be started automatically by
the slaves.

----
holger@piu-slave-bm-a:~$ sudo -u piupartss -i slave_run
----

There are several cronjobs installed via '~piupartsm/crontab' and
'~piupartss/crontab') to monitor both master and slave as well as the hosts
they are running on.

It's possible to kill a slave any time by pressing Ctrl-C.
Pressing Ctrl-C once will wait for the current test to finish,
pressing twice will abort the currently running test (which will be redone).
Clean termination may take some time and can be aborted by a third Ctrl-C,
but that may leave temporary directories and processes around.

See the 'piuparts_slave_run (8)' manpage for more information on 'slave_run'.

==== Joining an existing slave session

Run the following script under *your* user account:

----
holger@pejacevic:~$ sudo -u piupartss -i slave_join
----

See the 'piuparts_slave_join (8)' manpage for more information on 'slave_join'.

=== Generating reports for the website

'piuparts-report' is run daily at midnight and at noon from
'~piupartsm/crontab' on pejacevic.

=== Cronjobs to aid problem spotting

Some cronjobs to aid problem spotting reside in '~piupartsm/bin/' and are run
daily by '~piupartsm/crontab'.

- 'detect_network_issues' should detect failed piuparts runs due to network
  issues on the host.
- 'detect_stale_mounts' should detect stale mountpoints (usually of /proc)
  from failed piuparts runs.

More checks should be added as we become aware of them.


== Authors

Last updated: February 2017

Holger Levsen <holger@layer-acht.org>

// vim: set filetype=asciidoc: