status-im
/
infra-nimbus
mirror of https://github.com/status-im/infra-nimbus.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

beacon-node-builds: drop building docker containers 

All Linux hosts will be migrated to using systemd services.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2021-09-29 19:14:59 +02:00
parent 0c60f0ad09
commit c8f539dd89
No known key found for this signature in database
GPG Key ID: 4EF064D0E6D63020
14 changed files with 0 additions and 337 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
ansible/host_vars/testing-large-01.aws-eu-central-1a.nimbus.prater.yml
View File

@ -1,21 +0,0 @@
---
# Builds use quite a bit of RAM
swap_file_size_mb: 4096
# Docker image builds
beacon_node_builds_docker_hub_user: '{{lookup("passwordstore", "cloud/DockerHub/user")}}'
beacon_node_builds_docker_hub_token: '{{lookup("passwordstore", "cloud/DockerHub/token")}}'
# The -large suffix is because of native compilation.
beacon_node_builds_branches:
- name: 'unstable-large'
version: 'unstable'
frequency: '*-*-* 10:00:00'
- name: 'testing-large'
version: 'testing'
frequency: '*-*-* 06:00:00'
- name: 'stable-large'
version: 'stable'
frequency: '*-*-* 02:00:00'

22
ansible/host_vars/testing-large-02.aws-eu-central-1a.nimbus.prater.yml
View File

@ -1,22 +0,0 @@
---
# Builds use quite a bit of RAM
swap_file_size_mb: 4096
# Docker image builds
beacon_node_builds_docker_hub_user: '{{lookup("passwordstore", "cloud/DockerHub/user")}}'
beacon_node_builds_docker_hub_token: '{{lookup("passwordstore", "cloud/DockerHub/token")}}'
# The -large suffix is because of native compilation.
beacon_node_builds_branches:
- name: 'deploy-eth2-prod'
version: 'v1.4.1'
enabled: false
update: true
- name: 'unstable-libp2p-stable-large'
version: 'nim-libp2p-auto-bump'
frequency: '*-*-* 14:00:00'
- name: 'unstable-libp2p-unstable-large'
version: 'nim-libp2p-auto-bump-unstable'
frequency: '*-*-* 18:00:00'

11
ansible/prater.yml
View File

@ -107,14 +107,3 @@
loop_control:
loop_var: node
index_var: port_offset
- name: Deploy beacon node build nodes
become: true
hosts:
- testing-large-01.aws-eu-central-1a.nimbus.prater
- testing-large-02.aws-eu-central-1a.nimbus.prater
roles:
- role: swap-file
tags: swap-file
- role: beacon-node-builds
tags: beacon-node-builds

5
ansible/requirements.yml
View File

@ -39,11 +39,6 @@
version: 87f4498f90f0cbb66a1ddb425e8953b04ced1891
scm: git
- name: infra-role-beacon-node-docker
src: git@github.com:status-im/infra-role-beacon-node-docker.git
version: 9abf4e8c62d52b106aa6062ae84c01d035db7a42
scm: git
- name: infra-role-beacon-node-linux
src: git@github.com:status-im/infra-role-beacon-node-linux.git
version: 75e8e7199302e8980da8870e056b9eefebd7edde

38
ansible/roles/beacon-node-builds/README.md
View File

@ -1,38 +0,0 @@
# Description
This role configures a set of Systemd timers that build configured branches of [nimbus-eth2]() and push the built docker images.
# Configuration
The minimal configuration would look something like:
```yaml
# Branch to build and frequency
beacon_node_builds_branches:
- name: 'xyz'
version: 'feature/xyz'
frequency: '*-*-* 02:00:00'
enabled: true
update: true
# Required to push Docker images
beacon_node_builds_docker_hub_user: 'docker-hub-user'
beacon_node_builds_docker_hub_token: 'super-secret-password'
```
# Management
You can check the status of the timers using:
```
> sudo systemctl list-timers 'beacon-node-build-*'
NEXT LEFT LAST PASSED UNIT ACTIVATES
Tue 2020-11-10 18:00:00 UTC 2h 3min left Mon 2020-11-09 18:00:03 UTC 21h ago beacon-node-build-libp2p.timer beacon-node-build-libp2p.service
Wed 2020-11-11 10:00:00 UTC 18h left Tue 2020-11-10 10:00:03 UTC 5h 56min ago beacon-node-build-unstable.timer beacon-node-build-unstable.service
Wed 2020-11-11 10:00:00 UTC 18h left Tue 2020-11-10 10:00:03 UTC 5h 56min ago beacon-node-build-testing.timer beacon-node-build-testing.service
Wed 2020-11-11 02:00:00 UTC 10h left Tue 2020-11-10 02:00:03 UTC 13h ago beacon-node-build-stable.timer beacon-node-build-stable.service
4 timers listed.
```
You can start a job without having to wait for it with:
```
sudo systemctl --no-block start beacon-node-build-stable
```

19
ansible/roles/beacon-node-builds/defaults/main.yml
View File

@ -1,19 +0,0 @@
---
beacon_node_builds_user: 'nimbus'
beacon_node_builds_group: 'staff'
beacon_node_builds_path: '/data/beacon-node-builds'
beacon_node_builds_image_name: 'statusteam/nimbus_beacon_node'
beacon_node_builds_days_kept: 3
# Required for pushing the images
beacon_node_builds_docker_hub_user: ~
beacon_node_builds_docker_hub_token: ~
# Timers
beacon_node_builds_timer_timeout: 3600
beacon_node_builds_branches: []
# - name: 'unstable'
# version: 'unstable'
# frequency: '*-*-* 10:00:00'
# enabled: false

2
ansible/roles/beacon-node-builds/files/dockerignore
View File

@ -1,2 +0,0 @@
repo
!repo/build/*

60
ansible/roles/beacon-node-builds/tasks/build.yml
View File

@ -1,60 +0,0 @@
---
- name: '{{ item.name }} - Create builds folder'
file:
path: '{{ beacon_node_builds_path }}'
owner: '{{ beacon_node_builds_user }}'
group: 'adm'
mode: 0755
state: 'directory'
- name: '{{ item.name }} - Clone repo version'
git:
repo: 'https://github.com/status-im/nimbus-eth2'
version: '{{ item.version }}'
dest: '{{ beacon_node_builds_path }}/{{ item.name }}/repo'
force: true
update: true
# Fix for issues with clobbering of nightly tag
# WARNING: Requires Ansible 2.11 or newer.
single_branch: true
become_user: '{{ beacon_node_builds_user }}'
- name: '{{ item.name }} - Create script'
template:
src: 'build.sh.j2'
dest: '{{ beacon_node_builds_path }}/{{ item.name }}/build.sh'
owner: '{{ beacon_node_builds_user }}'
group: 'adm'
mode: 0775
- name: '{{ item.name }} - Create Dockerfile'
template:
src: 'Dockerfile.j2'
dest: '{{ beacon_node_builds_path }}/{{ item.name }}/Dockerfile'
owner: '{{ beacon_node_builds_user }}'
group: '{{ beacon_node_builds_group }}'
mode: 0664
- name: '{{ item.name }} - Create .dockerignore'
copy:
src: 'dockerignore'
dest: '{{ beacon_node_builds_path }}/{{ item.name }}/.dockerignore'
owner: '{{ beacon_node_builds_user }}'
group: 'adm'
mode: 0644
- name: Create timer for rebuilding image
include_role: name=systemd-timer
vars:
systemd_timer_name: 'beacon-node-build-{{ item.name }}'
systemd_timer_user: '{{ beacon_node_builds_user }}'
systemd_timer_group: '{{ beacon_node_builds_group }}'
systemd_timer_description: 'Docker image build for Nimbus beacon node'
systemd_timer_requires_extra: 'docker.service'
systemd_timer_start_on_creation: false
systemd_timer_consul_warning: true
systemd_timer_enabled: '{{ item.enabled | default(true) }}'
systemd_timer_frequency: '{{ item.frequency | default("daily") }}'
systemd_timer_timeout_sec: '{{ beacon_node_builds_timer_timeout }}'
systemd_timer_work_dir: '{{ beacon_node_builds_path }}/{{ item.name }}'
systemd_timer_script_path: '{{ beacon_node_builds_path }}/{{ item.name }}/build.sh'

6
ansible/roles/beacon-node-builds/tasks/install.yml
View File

@ -1,6 +0,0 @@
---
- name: Install build dependencies
apt:
name:
- build-essential
- libpcre3-dev

5
ansible/roles/beacon-node-builds/tasks/main.yml
View File

@ -1,5 +0,0 @@
---
- include_tasks: install.yml
- include_tasks: user.yml
- include_tasks: build.yml
with_items: '{{ beacon_node_builds_branches }}'

26
ansible/roles/beacon-node-builds/tasks/user.yml
View File

@ -1,26 +0,0 @@
---
- name: Create user for beacon node builds
user:
name: '{{ beacon_node_builds_user }}'
group: '{{ beacon_node_builds_group }}'
groups: ['docker']
shell: '/bin/zsh'
- name: Set disable rebase as merge strategy
git_config:
scope: 'global'
name: 'pull.rebase'
value: false
become_user: '{{ beacon_node_builds_user }}'
- name: Configure access to Docker Hub
docker_login:
username: '{{ beacon_node_builds_docker_hub_user | mandatory }}'
password: '{{ beacon_node_builds_docker_hub_token | mandatory }}'
become_user: '{{ beacon_node_builds_user }}'
- name: Sudoers file to let non-root users start jobs
template:
src: 'builds_sudoers.j2'
dest: '/etc/sudoers.d/80-beacon-node-builds'
mode: 0440

17
ansible/roles/beacon-node-builds/templates/Dockerfile.j2
View File

@ -1,17 +0,0 @@
FROM debian:bullseye-slim
ARG COMMIT
RUN apt-get -qq update \
&& apt-get -qq -y install libpcre3-dev 1>/dev/null \
&& apt-get -qq clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
COPY repo/build/nimbus_beacon_node_${COMMIT} /usr/local/bin/nimbus_beacon_node
COPY repo/build/nimbus_signing_process_${COMMIT} /usr/local/bin/nimbus_signing_process
STOPSIGNAL SIGINT
ENTRYPOINT ["/usr/local/bin/nimbus_beacon_node"]
CMD ["--help"]

95
ansible/roles/beacon-node-builds/templates/build.sh.j2
View File

@ -1,95 +0,0 @@
#!/usr/bin/env bash
# vim: ft=sh
set -e
function headIsDetached() {
[[ $(git rev-parse --abbrev-ref --symbolic-full-name HEAD) == "HEAD" ]];
}
function dockerImageExists() {
docker image inspect "${IMAGE}:${COMMIT}" 2>&1 1>/dev/null;
}
function binaryExists() {
ls -l build/nimbus_beacon_node_${COMMIT} 2>&1 1>/dev/null
}
function fetchChanges() {
# We cannot use "git pull" in here, because history may be changed upstream
git fetch
git reset --hard "origin/${BRANCH}"
}
function buildBinaries() {
# Lower CPU and I/O priority so it doesn't affect the running beacon node
NICE="nice -n 19 ionice -c2 -n7"
${NICE} make -j1 update
${NICE} make -j1 nimbus_beacon_node nimbus_signing_process \
LOG_LEVEL="TRACE" NIMFLAGS="-d:testnet_servers_image -d:noSignalHandler"
# Rename binaries to match commit the were built from.
mv "build/nimbus_beacon_node" "build/nimbus_beacon_node_${COMMIT}"
mv "build/nimbus_signing_process" "build/nimbus_signing_process_${COMMIT}"
# Delete copies that are older than 7 days
find build -mtime +{{ beacon_node_builds_days_kept }} -exec rm '{}' \+
}
# Adds binary into a simple Alpine image
function buildDockerImage() {
docker build -t "${IMAGE}:${COMMIT}" \
--build-arg=COMMIT=${COMMIT} \
--label "commit=${COMMIT}" .
}
function pushImageTag() {
docker tag "${IMAGE}:${COMMIT}" "${IMAGE}:${TAG}"
docker push "${IMAGE}:${TAG}"
}
#-------------------------------------------------------------------------------
BRANCH="{{ item.version }}"
IMAGE="{{ beacon_node_builds_image_name }}"
TAG="{{ item.name }}"
if [[ "${USER}" != "{{ beacon_node_builds_user }}" ]]; then
echo "Incorrect user: ${USER}" >&2
echo "Expected: {{ beacon_node_builds_user }}" >&2
exit 1
fi
# Build the Beacon node binaries
pushd repo >/dev/null
# Detached HEAD means we're probably on a tag
if headIsDetached; then
echo " >>> Deatached HEAD, nothing to fetch."
else
echo " >>> Fetching changes..."
fetchChanges
fi
COMMIT=$(git rev-parse --short=8 HEAD)
if binaryExists && [[ "$1" != "--force" ]]; then
echo " >>> Binary already built"
else
echo " >>> Building binaries..."
buildBinaries
fi
popd >/dev/null
if dockerImageExists && [[ "$1" != "--force" ]]; then
echo " >>> Image already built: ${IMAGE}:${COMMIT}"
else
echo " >>> Building Docker image..."
buildDockerImage
fi
echo " >>> Pushing Docker image..."
pushImageTag
echo " >>> SUCCESS - Pushed: ${IMAGE}:${TAG}"

10
ansible/roles/beacon-node-builds/templates/builds_sudoers.j2
View File

@ -1,10 +0,0 @@
# Allow non-root users start Nimbus builds with sudo.
{% for service in beacon_node_builds_branches %}
# {{ service.name }}
%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *status beacon-node-build-{{ service.name }}*
%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *start beacon-node-build-{{ service.name }}*
%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *stop beacon-node-build-{{ service.name }}*
%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *restart beacon-node-build-{{ service.name }}*
{% endfor %}