containers | ||
docs | ||
kubernetes | ||
.gitignore | ||
k8s_config | ||
LICENSE | ||
local_setup.sh | ||
README.md |
Overview
This repository contains the configuration files for the merge guards for the LLVM project. It configures a cluster of build machines that are used to check all incoming commits to the LLVM project.
Merge guards
TODO(@christiankuehnel): describe objective of merge guards
Cluster overview
The cluster consists of these services:
- Jenkins build server: http://jenkins.llvm-merge-guard.org
- a set of Jenkins agents running the builds
- an nginx server with the build results/logs http://jenkins.llvm-merge-guard.org
Jenkins-Phabricator integration
The Jenkins-Phabricator is based on the instructions provided with the Phabricator-Jenkins Plugin.
On the Phabricator side these things were configured:
- the Harbormaster build plan
- the Herald rule
On the Jenkins side:
- in the Jenkins configuration page as explained in the instrucitons
- in the build job
There is no backup of the credentials. If you need to change it, generate a new one and update it in Jenkins and Phabricator.
Playbooks
deployment to a clean infrastructure
General remarks:
- GCP does not route any traffic to your services unless the service is "healthy". It might take a few minutes after startup before the services is classified as healthy. Until then you will only see some generic error message.
These are the steps to set up the build server on a clean infrastructure:
- Configure the tools on your local machine:
./local_setup.sh
- Delete the old cluster, if it still exists:
cd kubernetes/cluster ./cluster_delete.sh
- Create the cluster:
cd kubernetes/cluster ./cluster_create.sh
- Create the disk storage, if it does not yet exist:
cd kubernetes/cluster ./disk_create.sh
- SSH into the VM instance mounting the volume, find the mount point and then set
# go to the mount point of the volume cd /var/lib/kubelet/plugins/kubernetes.io/gce-pd/mounts/jenkins-home # change the permissions sudo chmod a+rwx
- Push the docker images to gcr.io:
cd containers/debian-testing-clang8 ./build_deploy.sh cd ../jenkins-master ./build_deploy.sh
- Deploy the stack:
cd kubernetes ./deploy.sh
- Configure it
handling SSH keys
The Jenkins server SSHs into the agents to start the agent application. Thus the master needs SSH access to the agent. To set this up:
- Create an SSH key pair locally with
ssh-keygen
. - Copy the contents of
id_rsa
to the credentials section of the Jenkins UI. - Configure the agent in the Jenkins UI to use the new SSH keys you just uploaded.
- Copy the contents of
id_rsa.pub
tocontainers/<agent dir>/authorized keys
. - Rebuild and deploy the agents.
While this works, it does not fell like the perfect solution. I'm happy to get better ideas on this.
creating basic authentication for reverse proxy
- create auth file, based on ingress-nginx documentation
cd kubernetes/reverse-proxy htpasswd -c auth <username> # enter password at prompt # add more users as required kubectl create secret generic proxy-auth --from-file=auth --namespace=jenkins
License
This project is licensed unter the "Apache 2.0 with LLVM Exception" license. See LICENSE for details.