From ef97cc848f379f84dcbe1aa3ed327bd5c30dadc2 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 8 Mar 2016 18:35:32 +0100 Subject: ma 1 omo: replace crypt2 --- krebs/3modules/makefu/default.nix | 1 + makefu/1systems/omo.nix | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 24f0cdd8..1fcf07b1 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -272,6 +272,7 @@ with config.krebs.lib; addrs6 = ["42:f9f0::10"]; aliases = [ "omo.retiolum" + "omo.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e6a1434a..aa4a8a5c 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -10,8 +10,8 @@ let homePartition = byid "ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN-part3"; # cryptsetup luksFormat $dev --cipher aes-xts-plain64 -s 512 -h sha512 # cryptsetup luksAddKey $dev tmpkey - # cryptsetup luksOpen $dev crypt0 - # mkfs.xfs /dev/mapper/crypt0 -L crypt0 + # cryptsetup luksOpen $dev crypt0 --key-file tmpkey --keyfile-size=4096 + # mkfs.ext4 /dev/mapper/crypt0 -L crypt0 -T largefile # omo Chassis: # __FRONT_ @@ -27,10 +27,10 @@ let # |_______| cryptDisk0 = byid "ata-ST2000DM001-1CH164_Z240XTT6"; cryptDisk1 = byid "ata-TP02000GB_TPW151006050068"; - # cryptDisk2 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WCAZA5548487"; - cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; + cryptDisk2 = byid "ata-ST4000DM000-1F2168_Z303HVSG"; + # cryptDisk3 = byid "ata-WDC_WD20EARS-00MVWB0_WD-WMAZA1786907"; # all physical disks - allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk3 ]; + allDisks = [ rootDisk cryptDisk0 cryptDisk1 cryptDisk2 ]; in { imports = [ @@ -99,7 +99,7 @@ in { (usbkey "home" homePartition) (usbkey "crypt0" cryptDisk0) (usbkey "crypt1" cryptDisk1) - (usbkey "crypt2" cryptDisk3) + (usbkey "crypt2" cryptDisk2) ]; }; loader.grub.device = rootDisk; -- cgit v1.2.3 From 05e4f0f7b551685ea2ce8b23b4d1829867239767 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 9 Mar 2016 22:49:29 +0100 Subject: k 4 infest/prepare: build nixos-install --- krebs/4lib/infest/prepare.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/krebs/4lib/infest/prepare.sh b/krebs/4lib/infest/prepare.sh index a217e7be..e265b0e6 100644 --- a/krebs/4lib/infest/prepare.sh +++ b/krebs/4lib/infest/prepare.sh @@ -98,6 +98,19 @@ prepare_nixos_iso() { sed -i "s@^NIX_PATH=\"[^\"]*\"@NIX_PATH=$target_path@" bin/nixos-install } +get_nixos_install() { + echo "installing nixos-install" 2>&1 + c=$(mktemp) + + cat < $c +{ fileSystems."/" = {}; + boot.loader.grub.enable = false; +} +EOF + export NIXOS_CONFIG=$c + nix-env -i -A config.system.build.nixos-install -f "" + rm -v $c +} prepare_common() {( if ! getent group nixbld >/dev/null; then @@ -191,6 +204,7 @@ prepare_common() {( mount --rbind /mnt/"$target_path" "$target_path" fi + get_nixos_install mkdir -p bin rm -f bin/nixos-install cp "$(type -p nixos-install)" bin/nixos-install -- cgit v1.2.3 From 95dcf70cd619b19734773b20225f7f55a02a749e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 9 Mar 2016 22:51:04 +0100 Subject: k 5 infest-cac-centos7: 0.2.0 -> 0.2.6 so much stuff happened --- krebs/5pkgs/test/infest-cac-centos7/default.nix | 2 +- krebs/5pkgs/test/infest-cac-centos7/notes | 78 ++++++++++++++++++------- 2 files changed, 58 insertions(+), 22 deletions(-) diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix index f5fe8482..ba3ff30b 100644 --- a/krebs/5pkgs/test/infest-cac-centos7/default.nix +++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { name = "${shortname}-${version}"; shortname = "infest-cac-centos7"; - version = "0.2.0"; + version = "0.2.6"; src = ./notes; diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes index 6bb0258a..5b8f08c3 100755 --- a/krebs/5pkgs/test/infest-cac-centos7/notes +++ b/krebs/5pkgs/test/infest-cac-centos7/notes @@ -1,10 +1,26 @@ -# nix-shell -p gnumake jq openssh cac-api cac-panel sshpass -set -eufx +#! /bin/sh +# usage: user=makefu target_system=wry debug=true \ +# krebs_cred=~/secrets/cac.json \ +# retiolum_key=~/secrets/wry/retiolum.rsa_key.priv \ +# infest-cac-centos7 -# 2 secrets are required: +# IMPORTANT: set debug to TRUE if you want to actually keep the system + +# must be run in +set -euf +# 2 secrets are required: +# login to panel krebs_cred=${krebs_cred-./cac.json} +# tinc retiolum key for host retiolum_key=${retiolum_key-./retiolum.rsa_key.priv} +# build this host +user=${user:-shared} +target=${target_system:-test-centos7} + +log(){ + echo "[$(date +"%Y-%m-%d %T")] $@" 2>&1 +} clear_defer(){ echo "${trapstr:-exit}" @@ -14,9 +30,13 @@ defer(){ if test -z "${debug:-}"; then trapstr="$1;${trapstr:-exit}" trap "$trapstr" INT TERM EXIT KILL + else + log "ignored defer: $1" fi } +test -z "${debug:-}" && log "debug enabled, vm will not be deleted on error" + # Sanity if test ! -r "$krebs_cred";then echo "\$krebs_cred=$krebs_cred must be readable"; exit 1 @@ -25,6 +45,11 @@ if test ! -r "$retiolum_key";then echo "\$retiolum_key=$retiolum_key must be readable"; exit 1 fi +if test ! -r "${user}/1systems/${target}.nix" ;then + echo "cannot find ${user}/1systems/${target}.nix , not started in stockholm directory?" + exit 1 +fi + krebs_secrets=$(mktemp -d) sec_file=$krebs_secrets/cac_config krebs_ssh=$krebs_secrets/tempssh @@ -32,7 +57,7 @@ export cac_resources_cache=$krebs_secrets/res_cache.json export cac_servers_cache=$krebs_secrets/servers_cache.json export cac_tasks_cache=$krebs_secrets/tasks_cache.json export cac_templates_cache=$krebs_secrets/templates_cache.json -# we need to receive this key from buildmaster to speed up tinc bootstrap + defer "trap - INT TERM EXIT" defer "rm -r $krebs_secrets" @@ -42,10 +67,13 @@ cac_key="$(cac-panel --config $krebs_cred settings | jq -r .apicode)" EOF export cac_secrets=$sec_file +log "adding own ip to allowed ips via cac-panel" cac-panel --config $krebs_cred add-api-ip # test login: +log "updating cac-api state" cac-api update +log "list of cac servers:" cac-api servers # preserve old trap @@ -56,10 +84,10 @@ while true;do out=$(cac-api build cpu=1 ram=512 storage=10 os=26 2>&1) if name=$(echo "$out" | jq -r .servername);then id=servername:$name - echo "got a working machine, id=$id" + log "got a working machine, id=$id" else - echo "Unable to build a virtual machine, retrying in 15 seconds" >&2 - echo "Output of build program: $out" >&2 + elog "Unable to build a virtual machine, retrying in 15 seconds" + log "Output of build program: $out" sleep 15 continue fi @@ -74,22 +102,23 @@ while true;do for t in `seq 180`;do # now we have a working cac-api server if cac-api ssh $1 -o ConnectTimeout=10 \ - cat /etc/redhat-release | \ - grep CentOS ;then + cat /etc/redhat-release >/dev/null 2>&1 ;then return 0 fi + log "cac-api ssh $1 failed, retrying" sleep 10 done + log "cac-api ssh failed for 30 minutes, assuming something else broke. bailing ou.t" return 1 } # die on timeout if ! wait_login_cac $id;then - echo "unable to boot a working system within time frame, retrying..." >&2 - echo "Cleaning up old image,last status: $(cac-api update;cac-api getserver $id | jq -r .status)" + log "unable to boot a working system within time frame, retrying..." + log "Cleaning up old image,last status: $(cac-api update;cac-api getserver $id | jq -r .status)" eval "$(clear_defer | sed 's/;exit//')" sleep 15 else - echo "got a working system" >&2 + log "got a working system: $id" break fi done @@ -101,16 +130,16 @@ cac-api generatenetworking $id > \ shared/2configs/temp/networking.nix # new temporary ssh key we will use to log in after install ssh-keygen -f $krebs_ssh -N "" -cp $retiolum_key $krebs_secrets/retiolum.rsa_key.priv +cp "$retiolum_key" $krebs_secrets/retiolum.rsa_key.priv # we override the directories for secrets and stockholm # additionally we set the ssh key we generated ip=$(cac-api getserver $id | jq -r .ip) cat > shared/2configs/temp/dirs.nix </dev/null 2>&1;then + log "login to host $1 successful" return 0 fi + log "unable to log into server, waiting" sleep 10 done + log "unable to log in after 15 minutes, bailing out" return 1 } +log "waiting for system to come up" wait_login $ip -- cgit v1.2.3 From 2741e97fc0a950511961211e7aab15b5eb4eb635 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 9 Mar 2016 22:52:51 +0100 Subject: s 2 base: bump nixpkgs --- shared/2configs/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/2configs/base.nix b/shared/2configs/base.nix index 9f998b55..f6ec93a9 100644 --- a/shared/2configs/base.nix +++ b/shared/2configs/base.nix @@ -18,7 +18,7 @@ with config.krebs.lib; krebs.build.source = { nixpkgs = mkDefault { url = https://github.com/NixOS/nixpkgs; - rev = "77f8f35d57618c1ba456d968524f2fb2c3448295"; # for urlwatch-minidb + rev = "40c586b7ce2c559374df435f46d673baf711c543"; }; secrets = mkDefault "${getEnv "HOME"}/secrets/krebs/${config.krebs.build.host.name}"; stockholm = mkDefault "${getEnv "HOME"}/stockholm"; -- cgit v1.2.3 From 5d6cf7bf717baf9943a3b6d53a8b57d98d3cb50c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 10 Mar 2016 09:09:47 +0100 Subject: add proot dependency --- krebs/5pkgs/test/infest-cac-centos7/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix index ba3ff30b..5dbb4ebd 100644 --- a/krebs/5pkgs/test/infest-cac-centos7/default.nix +++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix @@ -1,5 +1,5 @@ { stdenv, coreutils, makeWrapper, - cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, sshpass, + cac-api, cac-cert, cac-panel, gnumake, gnused, jq, openssh, sshpass, proot, ... }: stdenv.mkDerivation rec { @@ -24,6 +24,7 @@ stdenv.mkDerivation rec { jq openssh sshpass + proot ]; installPhase = '' @@ -37,7 +38,7 @@ stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { homepage = http://krebsco.de; - description = "Krebs CI Scripts"; + description = "infest a CaC box with stockholm"; license = licenses.wtfpl; maintainers = [ maintainers.makefu ]; }; -- cgit v1.2.3 From 4ca96e8b04056ae9d06c2ff2e153d2e592991c15 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 10 Mar 2016 10:09:02 +0100 Subject: k 5 test/infest-cac-centos7: remove hardcoded path --- krebs/5pkgs/test/infest-cac-centos7/notes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes index 5b8f08c3..fafc1157 100755 --- a/krebs/5pkgs/test/infest-cac-centos7/notes +++ b/krebs/5pkgs/test/infest-cac-centos7/notes @@ -156,7 +156,7 @@ make install \ system=${target} \ target=$ip log "finalizing installation" -cac-api ssh $id < ~/stockholm/krebs/4lib/infest/finalize.sh +cac-api ssh $id < krebs/4lib/infest/finalize.sh log "reset $id" cac-api powerop $id reset -- cgit v1.2.3 From e58921e546e68366f2b294a01ab1afa262ab8b95 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 10 Mar 2016 12:32:29 +0100 Subject: Makefile: ifndef HOSTNAME, def it --- Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 226c0f29..bd454400 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,10 @@ stockholm ?= . +export HOSTNAME ?= $(shell cat /proc/sys/kernel/hostname) + export STOCKHOLM_VERSION ?= $(shell \ version=git.$$(git describe --always --dirty); \ - case $$version in (*-dirty) version=$$version@$$(hostname); esac; \ + case $$version in (*-dirty) version=$$version@$$HOSTNAME; esac; \ date=$$(date +%y.%m); \ printf '%s' "$$date.$$version"; \ ) -- cgit v1.2.3 From 17be0772c5cfcb57f99299ad541b76dfabf8a62d Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 10 Mar 2016 12:41:24 +0100 Subject: Makefile: define nixos-config using ?= --- Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index bd454400..7252ca70 100644 --- a/Makefile +++ b/Makefile @@ -9,10 +9,9 @@ export STOCKHOLM_VERSION ?= $(shell \ printf '%s' "$$date.$$version"; \ ) -ifndef nixos-config $(if $(system),,$(error unbound variable: system)) -nixos-config = ./$(LOGNAME)/1systems/$(system).nix -endif + +nixos-config ?= $(stockholm)/$(LOGNAME)/1systems/$(system).nix # target = [target_user@]target_host[:target_port][/target_path] ifdef target -- cgit v1.2.3 From 8629a9de8bcc98686d10387c02489178183b616d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 10 Mar 2016 15:23:36 +0100 Subject: infest-cac-centos7: target => system --- krebs/5pkgs/test/infest-cac-centos7/default.nix | 2 +- krebs/5pkgs/test/infest-cac-centos7/notes | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/krebs/5pkgs/test/infest-cac-centos7/default.nix b/krebs/5pkgs/test/infest-cac-centos7/default.nix index 5dbb4ebd..9b14bf48 100644 --- a/krebs/5pkgs/test/infest-cac-centos7/default.nix +++ b/krebs/5pkgs/test/infest-cac-centos7/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { name = "${shortname}-${version}"; shortname = "infest-cac-centos7"; - version = "0.2.6"; + version = "0.2.7"; src = ./notes; diff --git a/krebs/5pkgs/test/infest-cac-centos7/notes b/krebs/5pkgs/test/infest-cac-centos7/notes index fafc1157..ab6bc557 100755 --- a/krebs/5pkgs/test/infest-cac-centos7/notes +++ b/krebs/5pkgs/test/infest-cac-centos7/notes @@ -16,7 +16,7 @@ krebs_cred=${krebs_cred-./cac.json} retiolum_key=${retiolum_key-./retiolum.rsa_key.priv} # build this host user=${user:-shared} -target=${target_system:-test-centos7} +system=${target_system:-test-centos7} log(){ echo "[$(date +"%Y-%m-%d %T")] $@" 2>&1 @@ -45,8 +45,8 @@ if test ! -r "$retiolum_key";then echo "\$retiolum_key=$retiolum_key must be readable"; exit 1 fi -if test ! -r "${user}/1systems/${target}.nix" ;then - echo "cannot find ${user}/1systems/${target}.nix , not started in stockholm directory?" +if test ! -r "${user}/1systems/${system}.nix" ;then + echo "cannot find ${user}/1systems/${system}.nix , not started in stockholm directory?" exit 1 fi @@ -86,7 +86,7 @@ while true;do id=servername:$name log "got a working machine, id=$id" else - elog "Unable to build a virtual machine, retrying in 15 seconds" + log "Unable to build a virtual machine, retrying in 15 seconds" log "Output of build program: $out" sleep 15 continue @@ -153,7 +153,7 @@ make install \ LOGNAME=${user} \ SSHPASS="$(cac-api getserver $id | jq -r .rootpass)" \ ssh='sshpass -e ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' \ - system=${target} \ + system=${system} \ target=$ip log "finalizing installation" cac-api ssh $id < krebs/4lib/infest/finalize.sh -- cgit v1.2.3 From ac5cb4436e1f8056caffda5310bf811a5370cc45 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 15 Mar 2016 13:55:01 +0100 Subject: tv git: add newbot-js --- tv/2configs/git.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/tv/2configs/git.nix b/tv/2configs/git.nix index 7a42ca9f..4c1fba59 100644 --- a/tv/2configs/git.nix +++ b/tv/2configs/git.nix @@ -30,6 +30,7 @@ let load-env = {}; make-snapshot = {}; much = {}; + newsbot-js = {}; nixpkgs = {}; push = {}; regfish = {}; -- cgit v1.2.3