beacon-node-builds: drop building docker containers
All Linux hosts will be migrated to using systemd services. Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
parent
0c60f0ad09
commit
c8f539dd89
|
@ -1,21 +0,0 @@
|
|||
---
|
||||
# Builds use quite a bit of RAM
|
||||
swap_file_size_mb: 4096
|
||||
|
||||
# Docker image builds
|
||||
beacon_node_builds_docker_hub_user: '{{lookup("passwordstore", "cloud/DockerHub/user")}}'
|
||||
beacon_node_builds_docker_hub_token: '{{lookup("passwordstore", "cloud/DockerHub/token")}}'
|
||||
|
||||
# The -large suffix is because of native compilation.
|
||||
beacon_node_builds_branches:
|
||||
- name: 'unstable-large'
|
||||
version: 'unstable'
|
||||
frequency: '*-*-* 10:00:00'
|
||||
|
||||
- name: 'testing-large'
|
||||
version: 'testing'
|
||||
frequency: '*-*-* 06:00:00'
|
||||
|
||||
- name: 'stable-large'
|
||||
version: 'stable'
|
||||
frequency: '*-*-* 02:00:00'
|
|
@ -1,22 +0,0 @@
|
|||
---
|
||||
# Builds use quite a bit of RAM
|
||||
swap_file_size_mb: 4096
|
||||
|
||||
# Docker image builds
|
||||
beacon_node_builds_docker_hub_user: '{{lookup("passwordstore", "cloud/DockerHub/user")}}'
|
||||
beacon_node_builds_docker_hub_token: '{{lookup("passwordstore", "cloud/DockerHub/token")}}'
|
||||
|
||||
# The -large suffix is because of native compilation.
|
||||
beacon_node_builds_branches:
|
||||
- name: 'deploy-eth2-prod'
|
||||
version: 'v1.4.1'
|
||||
enabled: false
|
||||
update: true
|
||||
|
||||
- name: 'unstable-libp2p-stable-large'
|
||||
version: 'nim-libp2p-auto-bump'
|
||||
frequency: '*-*-* 14:00:00'
|
||||
|
||||
- name: 'unstable-libp2p-unstable-large'
|
||||
version: 'nim-libp2p-auto-bump-unstable'
|
||||
frequency: '*-*-* 18:00:00'
|
|
@ -107,14 +107,3 @@
|
|||
loop_control:
|
||||
loop_var: node
|
||||
index_var: port_offset
|
||||
|
||||
- name: Deploy beacon node build nodes
|
||||
become: true
|
||||
hosts:
|
||||
- testing-large-01.aws-eu-central-1a.nimbus.prater
|
||||
- testing-large-02.aws-eu-central-1a.nimbus.prater
|
||||
roles:
|
||||
- role: swap-file
|
||||
tags: swap-file
|
||||
- role: beacon-node-builds
|
||||
tags: beacon-node-builds
|
||||
|
|
|
@ -39,11 +39,6 @@
|
|||
version: 87f4498f90f0cbb66a1ddb425e8953b04ced1891
|
||||
scm: git
|
||||
|
||||
- name: infra-role-beacon-node-docker
|
||||
src: git@github.com:status-im/infra-role-beacon-node-docker.git
|
||||
version: 9abf4e8c62d52b106aa6062ae84c01d035db7a42
|
||||
scm: git
|
||||
|
||||
- name: infra-role-beacon-node-linux
|
||||
src: git@github.com:status-im/infra-role-beacon-node-linux.git
|
||||
version: 75e8e7199302e8980da8870e056b9eefebd7edde
|
||||
|
|
|
@ -1,38 +0,0 @@
|
|||
# Description
|
||||
|
||||
This role configures a set of Systemd timers that build configured branches of [nimbus-eth2]() and push the built docker images.
|
||||
|
||||
# Configuration
|
||||
|
||||
The minimal configuration would look something like:
|
||||
```yaml
|
||||
# Branch to build and frequency
|
||||
beacon_node_builds_branches:
|
||||
- name: 'xyz'
|
||||
version: 'feature/xyz'
|
||||
frequency: '*-*-* 02:00:00'
|
||||
enabled: true
|
||||
update: true
|
||||
|
||||
# Required to push Docker images
|
||||
beacon_node_builds_docker_hub_user: 'docker-hub-user'
|
||||
beacon_node_builds_docker_hub_token: 'super-secret-password'
|
||||
```
|
||||
|
||||
# Management
|
||||
|
||||
You can check the status of the timers using:
|
||||
```
|
||||
> sudo systemctl list-timers 'beacon-node-build-*'
|
||||
NEXT LEFT LAST PASSED UNIT ACTIVATES
|
||||
Tue 2020-11-10 18:00:00 UTC 2h 3min left Mon 2020-11-09 18:00:03 UTC 21h ago beacon-node-build-libp2p.timer beacon-node-build-libp2p.service
|
||||
Wed 2020-11-11 10:00:00 UTC 18h left Tue 2020-11-10 10:00:03 UTC 5h 56min ago beacon-node-build-unstable.timer beacon-node-build-unstable.service
|
||||
Wed 2020-11-11 10:00:00 UTC 18h left Tue 2020-11-10 10:00:03 UTC 5h 56min ago beacon-node-build-testing.timer beacon-node-build-testing.service
|
||||
Wed 2020-11-11 02:00:00 UTC 10h left Tue 2020-11-10 02:00:03 UTC 13h ago beacon-node-build-stable.timer beacon-node-build-stable.service
|
||||
|
||||
4 timers listed.
|
||||
```
|
||||
You can start a job without having to wait for it with:
|
||||
```
|
||||
sudo systemctl --no-block start beacon-node-build-stable
|
||||
```
|
|
@ -1,19 +0,0 @@
|
|||
---
|
||||
beacon_node_builds_user: 'nimbus'
|
||||
beacon_node_builds_group: 'staff'
|
||||
beacon_node_builds_path: '/data/beacon-node-builds'
|
||||
beacon_node_builds_image_name: 'statusteam/nimbus_beacon_node'
|
||||
beacon_node_builds_days_kept: 3
|
||||
|
||||
# Required for pushing the images
|
||||
beacon_node_builds_docker_hub_user: ~
|
||||
beacon_node_builds_docker_hub_token: ~
|
||||
|
||||
# Timers
|
||||
beacon_node_builds_timer_timeout: 3600
|
||||
|
||||
beacon_node_builds_branches: []
|
||||
# - name: 'unstable'
|
||||
# version: 'unstable'
|
||||
# frequency: '*-*-* 10:00:00'
|
||||
# enabled: false
|
|
@ -1,2 +0,0 @@
|
|||
repo
|
||||
!repo/build/*
|
|
@ -1,60 +0,0 @@
|
|||
---
|
||||
- name: '{{ item.name }} - Create builds folder'
|
||||
file:
|
||||
path: '{{ beacon_node_builds_path }}'
|
||||
owner: '{{ beacon_node_builds_user }}'
|
||||
group: 'adm'
|
||||
mode: 0755
|
||||
state: 'directory'
|
||||
|
||||
- name: '{{ item.name }} - Clone repo version'
|
||||
git:
|
||||
repo: 'https://github.com/status-im/nimbus-eth2'
|
||||
version: '{{ item.version }}'
|
||||
dest: '{{ beacon_node_builds_path }}/{{ item.name }}/repo'
|
||||
force: true
|
||||
update: true
|
||||
# Fix for issues with clobbering of nightly tag
|
||||
# WARNING: Requires Ansible 2.11 or newer.
|
||||
single_branch: true
|
||||
become_user: '{{ beacon_node_builds_user }}'
|
||||
|
||||
- name: '{{ item.name }} - Create script'
|
||||
template:
|
||||
src: 'build.sh.j2'
|
||||
dest: '{{ beacon_node_builds_path }}/{{ item.name }}/build.sh'
|
||||
owner: '{{ beacon_node_builds_user }}'
|
||||
group: 'adm'
|
||||
mode: 0775
|
||||
|
||||
- name: '{{ item.name }} - Create Dockerfile'
|
||||
template:
|
||||
src: 'Dockerfile.j2'
|
||||
dest: '{{ beacon_node_builds_path }}/{{ item.name }}/Dockerfile'
|
||||
owner: '{{ beacon_node_builds_user }}'
|
||||
group: '{{ beacon_node_builds_group }}'
|
||||
mode: 0664
|
||||
|
||||
- name: '{{ item.name }} - Create .dockerignore'
|
||||
copy:
|
||||
src: 'dockerignore'
|
||||
dest: '{{ beacon_node_builds_path }}/{{ item.name }}/.dockerignore'
|
||||
owner: '{{ beacon_node_builds_user }}'
|
||||
group: 'adm'
|
||||
mode: 0644
|
||||
|
||||
- name: Create timer for rebuilding image
|
||||
include_role: name=systemd-timer
|
||||
vars:
|
||||
systemd_timer_name: 'beacon-node-build-{{ item.name }}'
|
||||
systemd_timer_user: '{{ beacon_node_builds_user }}'
|
||||
systemd_timer_group: '{{ beacon_node_builds_group }}'
|
||||
systemd_timer_description: 'Docker image build for Nimbus beacon node'
|
||||
systemd_timer_requires_extra: 'docker.service'
|
||||
systemd_timer_start_on_creation: false
|
||||
systemd_timer_consul_warning: true
|
||||
systemd_timer_enabled: '{{ item.enabled | default(true) }}'
|
||||
systemd_timer_frequency: '{{ item.frequency | default("daily") }}'
|
||||
systemd_timer_timeout_sec: '{{ beacon_node_builds_timer_timeout }}'
|
||||
systemd_timer_work_dir: '{{ beacon_node_builds_path }}/{{ item.name }}'
|
||||
systemd_timer_script_path: '{{ beacon_node_builds_path }}/{{ item.name }}/build.sh'
|
|
@ -1,6 +0,0 @@
|
|||
---
|
||||
- name: Install build dependencies
|
||||
apt:
|
||||
name:
|
||||
- build-essential
|
||||
- libpcre3-dev
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
- include_tasks: install.yml
|
||||
- include_tasks: user.yml
|
||||
- include_tasks: build.yml
|
||||
with_items: '{{ beacon_node_builds_branches }}'
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
- name: Create user for beacon node builds
|
||||
user:
|
||||
name: '{{ beacon_node_builds_user }}'
|
||||
group: '{{ beacon_node_builds_group }}'
|
||||
groups: ['docker']
|
||||
shell: '/bin/zsh'
|
||||
|
||||
- name: Set disable rebase as merge strategy
|
||||
git_config:
|
||||
scope: 'global'
|
||||
name: 'pull.rebase'
|
||||
value: false
|
||||
become_user: '{{ beacon_node_builds_user }}'
|
||||
|
||||
- name: Configure access to Docker Hub
|
||||
docker_login:
|
||||
username: '{{ beacon_node_builds_docker_hub_user | mandatory }}'
|
||||
password: '{{ beacon_node_builds_docker_hub_token | mandatory }}'
|
||||
become_user: '{{ beacon_node_builds_user }}'
|
||||
|
||||
- name: Sudoers file to let non-root users start jobs
|
||||
template:
|
||||
src: 'builds_sudoers.j2'
|
||||
dest: '/etc/sudoers.d/80-beacon-node-builds'
|
||||
mode: 0440
|
|
@ -1,17 +0,0 @@
|
|||
FROM debian:bullseye-slim
|
||||
|
||||
ARG COMMIT
|
||||
|
||||
RUN apt-get -qq update \
|
||||
&& apt-get -qq -y install libpcre3-dev 1>/dev/null \
|
||||
&& apt-get -qq clean \
|
||||
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||
|
||||
COPY repo/build/nimbus_beacon_node_${COMMIT} /usr/local/bin/nimbus_beacon_node
|
||||
COPY repo/build/nimbus_signing_process_${COMMIT} /usr/local/bin/nimbus_signing_process
|
||||
|
||||
STOPSIGNAL SIGINT
|
||||
|
||||
ENTRYPOINT ["/usr/local/bin/nimbus_beacon_node"]
|
||||
|
||||
CMD ["--help"]
|
|
@ -1,95 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
# vim: ft=sh
|
||||
set -e
|
||||
|
||||
function headIsDetached() {
|
||||
[[ $(git rev-parse --abbrev-ref --symbolic-full-name HEAD) == "HEAD" ]];
|
||||
}
|
||||
|
||||
function dockerImageExists() {
|
||||
docker image inspect "${IMAGE}:${COMMIT}" 2>&1 1>/dev/null;
|
||||
}
|
||||
|
||||
function binaryExists() {
|
||||
ls -l build/nimbus_beacon_node_${COMMIT} 2>&1 1>/dev/null
|
||||
}
|
||||
|
||||
function fetchChanges() {
|
||||
# We cannot use "git pull" in here, because history may be changed upstream
|
||||
git fetch
|
||||
git reset --hard "origin/${BRANCH}"
|
||||
}
|
||||
|
||||
function buildBinaries() {
|
||||
# Lower CPU and I/O priority so it doesn't affect the running beacon node
|
||||
NICE="nice -n 19 ionice -c2 -n7"
|
||||
|
||||
${NICE} make -j1 update
|
||||
${NICE} make -j1 nimbus_beacon_node nimbus_signing_process \
|
||||
LOG_LEVEL="TRACE" NIMFLAGS="-d:testnet_servers_image -d:noSignalHandler"
|
||||
|
||||
# Rename binaries to match commit the were built from.
|
||||
mv "build/nimbus_beacon_node" "build/nimbus_beacon_node_${COMMIT}"
|
||||
mv "build/nimbus_signing_process" "build/nimbus_signing_process_${COMMIT}"
|
||||
|
||||
# Delete copies that are older than 7 days
|
||||
find build -mtime +{{ beacon_node_builds_days_kept }} -exec rm '{}' \+
|
||||
}
|
||||
|
||||
# Adds binary into a simple Alpine image
|
||||
function buildDockerImage() {
|
||||
docker build -t "${IMAGE}:${COMMIT}" \
|
||||
--build-arg=COMMIT=${COMMIT} \
|
||||
--label "commit=${COMMIT}" .
|
||||
}
|
||||
|
||||
function pushImageTag() {
|
||||
docker tag "${IMAGE}:${COMMIT}" "${IMAGE}:${TAG}"
|
||||
docker push "${IMAGE}:${TAG}"
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------------------
|
||||
|
||||
BRANCH="{{ item.version }}"
|
||||
IMAGE="{{ beacon_node_builds_image_name }}"
|
||||
TAG="{{ item.name }}"
|
||||
|
||||
if [[ "${USER}" != "{{ beacon_node_builds_user }}" ]]; then
|
||||
echo "Incorrect user: ${USER}" >&2
|
||||
echo "Expected: {{ beacon_node_builds_user }}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Build the Beacon node binaries
|
||||
pushd repo >/dev/null
|
||||
|
||||
# Detached HEAD means we're probably on a tag
|
||||
if headIsDetached; then
|
||||
echo " >>> Deatached HEAD, nothing to fetch."
|
||||
else
|
||||
echo " >>> Fetching changes..."
|
||||
fetchChanges
|
||||
fi
|
||||
|
||||
COMMIT=$(git rev-parse --short=8 HEAD)
|
||||
|
||||
if binaryExists && [[ "$1" != "--force" ]]; then
|
||||
echo " >>> Binary already built"
|
||||
else
|
||||
echo " >>> Building binaries..."
|
||||
buildBinaries
|
||||
fi
|
||||
|
||||
popd >/dev/null
|
||||
|
||||
if dockerImageExists && [[ "$1" != "--force" ]]; then
|
||||
echo " >>> Image already built: ${IMAGE}:${COMMIT}"
|
||||
else
|
||||
echo " >>> Building Docker image..."
|
||||
buildDockerImage
|
||||
fi
|
||||
|
||||
echo " >>> Pushing Docker image..."
|
||||
pushImageTag
|
||||
|
||||
echo " >>> SUCCESS - Pushed: ${IMAGE}:${TAG}"
|
|
@ -1,10 +0,0 @@
|
|||
# Allow non-root users start Nimbus builds with sudo.
|
||||
|
||||
{% for service in beacon_node_builds_branches %}
|
||||
# {{ service.name }}
|
||||
%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *status beacon-node-build-{{ service.name }}*
|
||||
%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *start beacon-node-build-{{ service.name }}*
|
||||
%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *stop beacon-node-build-{{ service.name }}*
|
||||
%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *restart beacon-node-build-{{ service.name }}*
|
||||
|
||||
{% endfor %}
|
Loading…
Reference in New Issue