From c8f539dd89031b2600a261f90723c8d79a192b0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Wed, 29 Sep 2021 19:14:59 +0200 Subject: [PATCH] beacon-node-builds: drop building docker containers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All Linux hosts will be migrated to using systemd services. Signed-off-by: Jakub SokoĊ‚owski --- ...rge-01.aws-eu-central-1a.nimbus.prater.yml | 21 ---- ...rge-02.aws-eu-central-1a.nimbus.prater.yml | 22 ----- ansible/prater.yml | 11 --- ansible/requirements.yml | 5 - ansible/roles/beacon-node-builds/README.md | 38 -------- .../beacon-node-builds/defaults/main.yml | 19 ---- .../beacon-node-builds/files/dockerignore | 2 - .../roles/beacon-node-builds/tasks/build.yml | 60 ------------ .../beacon-node-builds/tasks/install.yml | 6 -- .../roles/beacon-node-builds/tasks/main.yml | 5 - .../roles/beacon-node-builds/tasks/user.yml | 26 ----- .../templates/Dockerfile.j2 | 17 ---- .../beacon-node-builds/templates/build.sh.j2 | 95 ------------------- .../templates/builds_sudoers.j2 | 10 -- 14 files changed, 337 deletions(-) delete mode 100644 ansible/host_vars/testing-large-01.aws-eu-central-1a.nimbus.prater.yml delete mode 100644 ansible/host_vars/testing-large-02.aws-eu-central-1a.nimbus.prater.yml delete mode 100644 ansible/roles/beacon-node-builds/README.md delete mode 100644 ansible/roles/beacon-node-builds/defaults/main.yml delete mode 100644 ansible/roles/beacon-node-builds/files/dockerignore delete mode 100644 ansible/roles/beacon-node-builds/tasks/build.yml delete mode 100644 ansible/roles/beacon-node-builds/tasks/install.yml delete mode 100644 ansible/roles/beacon-node-builds/tasks/main.yml delete mode 100644 ansible/roles/beacon-node-builds/tasks/user.yml delete mode 100644 ansible/roles/beacon-node-builds/templates/Dockerfile.j2 delete mode 100644 ansible/roles/beacon-node-builds/templates/build.sh.j2 delete mode 100644 ansible/roles/beacon-node-builds/templates/builds_sudoers.j2 diff --git a/ansible/host_vars/testing-large-01.aws-eu-central-1a.nimbus.prater.yml b/ansible/host_vars/testing-large-01.aws-eu-central-1a.nimbus.prater.yml deleted file mode 100644 index e250cfe..0000000 --- a/ansible/host_vars/testing-large-01.aws-eu-central-1a.nimbus.prater.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Builds use quite a bit of RAM -swap_file_size_mb: 4096 - -# Docker image builds -beacon_node_builds_docker_hub_user: '{{lookup("passwordstore", "cloud/DockerHub/user")}}' -beacon_node_builds_docker_hub_token: '{{lookup("passwordstore", "cloud/DockerHub/token")}}' - -# The -large suffix is because of native compilation. -beacon_node_builds_branches: - - name: 'unstable-large' - version: 'unstable' - frequency: '*-*-* 10:00:00' - - - name: 'testing-large' - version: 'testing' - frequency: '*-*-* 06:00:00' - - - name: 'stable-large' - version: 'stable' - frequency: '*-*-* 02:00:00' diff --git a/ansible/host_vars/testing-large-02.aws-eu-central-1a.nimbus.prater.yml b/ansible/host_vars/testing-large-02.aws-eu-central-1a.nimbus.prater.yml deleted file mode 100644 index 3fbccb5..0000000 --- a/ansible/host_vars/testing-large-02.aws-eu-central-1a.nimbus.prater.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Builds use quite a bit of RAM -swap_file_size_mb: 4096 - -# Docker image builds -beacon_node_builds_docker_hub_user: '{{lookup("passwordstore", "cloud/DockerHub/user")}}' -beacon_node_builds_docker_hub_token: '{{lookup("passwordstore", "cloud/DockerHub/token")}}' - -# The -large suffix is because of native compilation. -beacon_node_builds_branches: - - name: 'deploy-eth2-prod' - version: 'v1.4.1' - enabled: false - update: true - - - name: 'unstable-libp2p-stable-large' - version: 'nim-libp2p-auto-bump' - frequency: '*-*-* 14:00:00' - - - name: 'unstable-libp2p-unstable-large' - version: 'nim-libp2p-auto-bump-unstable' - frequency: '*-*-* 18:00:00' diff --git a/ansible/prater.yml b/ansible/prater.yml index 28161fa..bddd542 100644 --- a/ansible/prater.yml +++ b/ansible/prater.yml @@ -107,14 +107,3 @@ loop_control: loop_var: node index_var: port_offset - -- name: Deploy beacon node build nodes - become: true - hosts: - - testing-large-01.aws-eu-central-1a.nimbus.prater - - testing-large-02.aws-eu-central-1a.nimbus.prater - roles: - - role: swap-file - tags: swap-file - - role: beacon-node-builds - tags: beacon-node-builds diff --git a/ansible/requirements.yml b/ansible/requirements.yml index f7148f9..1a8dc09 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -39,11 +39,6 @@ version: 87f4498f90f0cbb66a1ddb425e8953b04ced1891 scm: git -- name: infra-role-beacon-node-docker - src: git@github.com:status-im/infra-role-beacon-node-docker.git - version: 9abf4e8c62d52b106aa6062ae84c01d035db7a42 - scm: git - - name: infra-role-beacon-node-linux src: git@github.com:status-im/infra-role-beacon-node-linux.git version: 75e8e7199302e8980da8870e056b9eefebd7edde diff --git a/ansible/roles/beacon-node-builds/README.md b/ansible/roles/beacon-node-builds/README.md deleted file mode 100644 index a26823d..0000000 --- a/ansible/roles/beacon-node-builds/README.md +++ /dev/null @@ -1,38 +0,0 @@ -# Description - -This role configures a set of Systemd timers that build configured branches of [nimbus-eth2]() and push the built docker images. - -# Configuration - -The minimal configuration would look something like: -```yaml -# Branch to build and frequency -beacon_node_builds_branches: - - name: 'xyz' - version: 'feature/xyz' - frequency: '*-*-* 02:00:00' - enabled: true - update: true - -# Required to push Docker images -beacon_node_builds_docker_hub_user: 'docker-hub-user' -beacon_node_builds_docker_hub_token: 'super-secret-password' -``` - -# Management - -You can check the status of the timers using: -``` - > sudo systemctl list-timers 'beacon-node-build-*' -NEXT LEFT LAST PASSED UNIT ACTIVATES -Tue 2020-11-10 18:00:00 UTC 2h 3min left Mon 2020-11-09 18:00:03 UTC 21h ago beacon-node-build-libp2p.timer beacon-node-build-libp2p.service -Wed 2020-11-11 10:00:00 UTC 18h left Tue 2020-11-10 10:00:03 UTC 5h 56min ago beacon-node-build-unstable.timer beacon-node-build-unstable.service -Wed 2020-11-11 10:00:00 UTC 18h left Tue 2020-11-10 10:00:03 UTC 5h 56min ago beacon-node-build-testing.timer beacon-node-build-testing.service -Wed 2020-11-11 02:00:00 UTC 10h left Tue 2020-11-10 02:00:03 UTC 13h ago beacon-node-build-stable.timer beacon-node-build-stable.service - -4 timers listed. -``` -You can start a job without having to wait for it with: -``` -sudo systemctl --no-block start beacon-node-build-stable -``` diff --git a/ansible/roles/beacon-node-builds/defaults/main.yml b/ansible/roles/beacon-node-builds/defaults/main.yml deleted file mode 100644 index 25496da..0000000 --- a/ansible/roles/beacon-node-builds/defaults/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -beacon_node_builds_user: 'nimbus' -beacon_node_builds_group: 'staff' -beacon_node_builds_path: '/data/beacon-node-builds' -beacon_node_builds_image_name: 'statusteam/nimbus_beacon_node' -beacon_node_builds_days_kept: 3 - -# Required for pushing the images -beacon_node_builds_docker_hub_user: ~ -beacon_node_builds_docker_hub_token: ~ - -# Timers -beacon_node_builds_timer_timeout: 3600 - -beacon_node_builds_branches: [] -# - name: 'unstable' -# version: 'unstable' -# frequency: '*-*-* 10:00:00' -# enabled: false diff --git a/ansible/roles/beacon-node-builds/files/dockerignore b/ansible/roles/beacon-node-builds/files/dockerignore deleted file mode 100644 index 032b54a..0000000 --- a/ansible/roles/beacon-node-builds/files/dockerignore +++ /dev/null @@ -1,2 +0,0 @@ -repo -!repo/build/* diff --git a/ansible/roles/beacon-node-builds/tasks/build.yml b/ansible/roles/beacon-node-builds/tasks/build.yml deleted file mode 100644 index 9babe66..0000000 --- a/ansible/roles/beacon-node-builds/tasks/build.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -- name: '{{ item.name }} - Create builds folder' - file: - path: '{{ beacon_node_builds_path }}' - owner: '{{ beacon_node_builds_user }}' - group: 'adm' - mode: 0755 - state: 'directory' - -- name: '{{ item.name }} - Clone repo version' - git: - repo: 'https://github.com/status-im/nimbus-eth2' - version: '{{ item.version }}' - dest: '{{ beacon_node_builds_path }}/{{ item.name }}/repo' - force: true - update: true - # Fix for issues with clobbering of nightly tag - # WARNING: Requires Ansible 2.11 or newer. - single_branch: true - become_user: '{{ beacon_node_builds_user }}' - -- name: '{{ item.name }} - Create script' - template: - src: 'build.sh.j2' - dest: '{{ beacon_node_builds_path }}/{{ item.name }}/build.sh' - owner: '{{ beacon_node_builds_user }}' - group: 'adm' - mode: 0775 - -- name: '{{ item.name }} - Create Dockerfile' - template: - src: 'Dockerfile.j2' - dest: '{{ beacon_node_builds_path }}/{{ item.name }}/Dockerfile' - owner: '{{ beacon_node_builds_user }}' - group: '{{ beacon_node_builds_group }}' - mode: 0664 - -- name: '{{ item.name }} - Create .dockerignore' - copy: - src: 'dockerignore' - dest: '{{ beacon_node_builds_path }}/{{ item.name }}/.dockerignore' - owner: '{{ beacon_node_builds_user }}' - group: 'adm' - mode: 0644 - -- name: Create timer for rebuilding image - include_role: name=systemd-timer - vars: - systemd_timer_name: 'beacon-node-build-{{ item.name }}' - systemd_timer_user: '{{ beacon_node_builds_user }}' - systemd_timer_group: '{{ beacon_node_builds_group }}' - systemd_timer_description: 'Docker image build for Nimbus beacon node' - systemd_timer_requires_extra: 'docker.service' - systemd_timer_start_on_creation: false - systemd_timer_consul_warning: true - systemd_timer_enabled: '{{ item.enabled | default(true) }}' - systemd_timer_frequency: '{{ item.frequency | default("daily") }}' - systemd_timer_timeout_sec: '{{ beacon_node_builds_timer_timeout }}' - systemd_timer_work_dir: '{{ beacon_node_builds_path }}/{{ item.name }}' - systemd_timer_script_path: '{{ beacon_node_builds_path }}/{{ item.name }}/build.sh' diff --git a/ansible/roles/beacon-node-builds/tasks/install.yml b/ansible/roles/beacon-node-builds/tasks/install.yml deleted file mode 100644 index b459a88..0000000 --- a/ansible/roles/beacon-node-builds/tasks/install.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Install build dependencies - apt: - name: - - build-essential - - libpcre3-dev diff --git a/ansible/roles/beacon-node-builds/tasks/main.yml b/ansible/roles/beacon-node-builds/tasks/main.yml deleted file mode 100644 index abdad20..0000000 --- a/ansible/roles/beacon-node-builds/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- include_tasks: install.yml -- include_tasks: user.yml -- include_tasks: build.yml - with_items: '{{ beacon_node_builds_branches }}' diff --git a/ansible/roles/beacon-node-builds/tasks/user.yml b/ansible/roles/beacon-node-builds/tasks/user.yml deleted file mode 100644 index 5fb313e..0000000 --- a/ansible/roles/beacon-node-builds/tasks/user.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Create user for beacon node builds - user: - name: '{{ beacon_node_builds_user }}' - group: '{{ beacon_node_builds_group }}' - groups: ['docker'] - shell: '/bin/zsh' - -- name: Set disable rebase as merge strategy - git_config: - scope: 'global' - name: 'pull.rebase' - value: false - become_user: '{{ beacon_node_builds_user }}' - -- name: Configure access to Docker Hub - docker_login: - username: '{{ beacon_node_builds_docker_hub_user | mandatory }}' - password: '{{ beacon_node_builds_docker_hub_token | mandatory }}' - become_user: '{{ beacon_node_builds_user }}' - -- name: Sudoers file to let non-root users start jobs - template: - src: 'builds_sudoers.j2' - dest: '/etc/sudoers.d/80-beacon-node-builds' - mode: 0440 diff --git a/ansible/roles/beacon-node-builds/templates/Dockerfile.j2 b/ansible/roles/beacon-node-builds/templates/Dockerfile.j2 deleted file mode 100644 index d87db50..0000000 --- a/ansible/roles/beacon-node-builds/templates/Dockerfile.j2 +++ /dev/null @@ -1,17 +0,0 @@ -FROM debian:bullseye-slim - -ARG COMMIT - -RUN apt-get -qq update \ - && apt-get -qq -y install libpcre3-dev 1>/dev/null \ - && apt-get -qq clean \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - -COPY repo/build/nimbus_beacon_node_${COMMIT} /usr/local/bin/nimbus_beacon_node -COPY repo/build/nimbus_signing_process_${COMMIT} /usr/local/bin/nimbus_signing_process - -STOPSIGNAL SIGINT - -ENTRYPOINT ["/usr/local/bin/nimbus_beacon_node"] - -CMD ["--help"] diff --git a/ansible/roles/beacon-node-builds/templates/build.sh.j2 b/ansible/roles/beacon-node-builds/templates/build.sh.j2 deleted file mode 100644 index ae7551b..0000000 --- a/ansible/roles/beacon-node-builds/templates/build.sh.j2 +++ /dev/null @@ -1,95 +0,0 @@ -#!/usr/bin/env bash -# vim: ft=sh -set -e - -function headIsDetached() { - [[ $(git rev-parse --abbrev-ref --symbolic-full-name HEAD) == "HEAD" ]]; -} - -function dockerImageExists() { - docker image inspect "${IMAGE}:${COMMIT}" 2>&1 1>/dev/null; -} - -function binaryExists() { - ls -l build/nimbus_beacon_node_${COMMIT} 2>&1 1>/dev/null -} - -function fetchChanges() { - # We cannot use "git pull" in here, because history may be changed upstream - git fetch - git reset --hard "origin/${BRANCH}" -} - -function buildBinaries() { - # Lower CPU and I/O priority so it doesn't affect the running beacon node - NICE="nice -n 19 ionice -c2 -n7" - - ${NICE} make -j1 update - ${NICE} make -j1 nimbus_beacon_node nimbus_signing_process \ - LOG_LEVEL="TRACE" NIMFLAGS="-d:testnet_servers_image -d:noSignalHandler" - - # Rename binaries to match commit the were built from. - mv "build/nimbus_beacon_node" "build/nimbus_beacon_node_${COMMIT}" - mv "build/nimbus_signing_process" "build/nimbus_signing_process_${COMMIT}" - - # Delete copies that are older than 7 days - find build -mtime +{{ beacon_node_builds_days_kept }} -exec rm '{}' \+ -} - -# Adds binary into a simple Alpine image -function buildDockerImage() { - docker build -t "${IMAGE}:${COMMIT}" \ - --build-arg=COMMIT=${COMMIT} \ - --label "commit=${COMMIT}" . -} - -function pushImageTag() { - docker tag "${IMAGE}:${COMMIT}" "${IMAGE}:${TAG}" - docker push "${IMAGE}:${TAG}" -} - -#------------------------------------------------------------------------------- - -BRANCH="{{ item.version }}" -IMAGE="{{ beacon_node_builds_image_name }}" -TAG="{{ item.name }}" - -if [[ "${USER}" != "{{ beacon_node_builds_user }}" ]]; then - echo "Incorrect user: ${USER}" >&2 - echo "Expected: {{ beacon_node_builds_user }}" >&2 - exit 1 -fi - -# Build the Beacon node binaries -pushd repo >/dev/null - -# Detached HEAD means we're probably on a tag -if headIsDetached; then - echo " >>> Deatached HEAD, nothing to fetch." -else - echo " >>> Fetching changes..." - fetchChanges -fi - -COMMIT=$(git rev-parse --short=8 HEAD) - -if binaryExists && [[ "$1" != "--force" ]]; then - echo " >>> Binary already built" -else - echo " >>> Building binaries..." - buildBinaries -fi - -popd >/dev/null - -if dockerImageExists && [[ "$1" != "--force" ]]; then - echo " >>> Image already built: ${IMAGE}:${COMMIT}" -else - echo " >>> Building Docker image..." - buildDockerImage -fi - -echo " >>> Pushing Docker image..." -pushImageTag - -echo " >>> SUCCESS - Pushed: ${IMAGE}:${TAG}" diff --git a/ansible/roles/beacon-node-builds/templates/builds_sudoers.j2 b/ansible/roles/beacon-node-builds/templates/builds_sudoers.j2 deleted file mode 100644 index 2b3f56f..0000000 --- a/ansible/roles/beacon-node-builds/templates/builds_sudoers.j2 +++ /dev/null @@ -1,10 +0,0 @@ -# Allow non-root users start Nimbus builds with sudo. - -{% for service in beacon_node_builds_branches %} -# {{ service.name }} -%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *status beacon-node-build-{{ service.name }}* -%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *start beacon-node-build-{{ service.name }}* -%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *stop beacon-node-build-{{ service.name }}* -%{{ beacon_node_builds_group }} ALL= NOPASSWD: /usr/bin/systemctl *restart beacon-node-build-{{ service.name }}* - -{% endfor %}