Hi,
Our community have very few dedicated official resources: running www.squeak.org and so on either takes cash or donations. The new CI work is rather heavy CPU wise, and limited to (CentOS) Linux builds only. However, Jenkins supports the use of headless build slaves that connect TO a Jenkins master, permitting these slaves to run while still behind NATs. I've been experimenting these past few days investigating using build slaves. I've set up jobs for building FreeBSD VMs (both broken, because FreeBSD support does lag behind the other platforms) and for running Trunk tests on OS X. You can see that we have some (known) network issues on OS X here: http://squeakci.org/job/SqueakTrunk-OSX/9/testReport/? It's pretty easy to run a build slave. If you wish to donate some computing time, ask here and we can create a node for you, with a (unique) name of your choice. Once that's done, you need to * have (a recent version of) Java installed * download the slave.jar from http://squeakci.org/jnlpJars/slave.jar * run the jar somehow. On a Unix machine that'll be $ java -jar slave.jar -jnlpUrl http://squeakci.org/computer/${SLAVENAME}/slave-agent.jnlp. On a Windows machine, running java from a command prompt should be perfectly sufficient, if you don't feel like figuring out how to turn the agent into a service. What are the downsides? Jenkins masters can send arbitrary Java classes to a slave for running. That means that if squeakci.org's Jenkins was compromised, your build slave could potentially be compromised. You will want to, at the minimum, run the slave under a dedicated user with low privileges. You can find more reading material here: https://wiki.jenkins-ci.org/display/JENKINS/Distributed+builds Thanks, frank |
On 7 January 2013 20:51, Frank Shearar <[hidden email]> wrote:
> I've been experimenting these past few days investigating using build > slaves. I've set up jobs for building FreeBSD VMs (both broken, > because FreeBSD support does lag behind the other platforms) and for > running Trunk tests on OS X. You can see that we have some (known) > network issues on OS X here: > http://squeakci.org/job/SqueakTrunk-OSX/9/testReport/? > > It's pretty easy to run a build slave. As a result of a recent Jenkins vulnerability, this is now more complicated: build slaves must now authenticate to the master (because we've turned off read permissions for anonymous users as per the vulnerability report suggestion), which means you'll need a Jenkins username/password. Right now I haven't figured out the precise steps to authenticate: it SHOULD be as easy as adding -jnlpCredentials username:password to the incantation I'd previously given, but (a) suddenly you need Apache's common-codecs jar and (b) I'm getting connection terminations. Once I've figured out the new way to do things I'll report back. For now, if you want to donate build infrastructure, the Jenkins master will have to connect to the slave. For Unix-like machines that means having the master ssh into your machine. This in turn requires either a publically accessible machine, or setting up port forwarding on your NAT, or similar. frank |
On 9 January 2013 09:47, Frank Shearar <[hidden email]> wrote:
> On 7 January 2013 20:51, Frank Shearar <[hidden email]> wrote: > >> I've been experimenting these past few days investigating using build >> slaves. I've set up jobs for building FreeBSD VMs (both broken, >> because FreeBSD support does lag behind the other platforms) and for >> running Trunk tests on OS X. You can see that we have some (known) >> network issues on OS X here: >> http://squeakci.org/job/SqueakTrunk-OSX/9/testReport/? >> >> It's pretty easy to run a build slave. > > As a result of a recent Jenkins vulnerability, this is now more > complicated: build slaves must now authenticate to the master (because > we've turned off read permissions for anonymous users as per the > vulnerability report suggestion), which means you'll need a Jenkins > username/password. Right now I haven't figured out the precise steps > to authenticate: it SHOULD be as easy as adding -jnlpCredentials > username:password to the incantation I'd previously given, but (a) > suddenly you need Apache's common-codecs jar and (b) I'm getting > connection terminations. > > Once I've figured out the new way to do things I'll report back. For > now, if you want to donate build infrastructure, the Jenkins master > will have to connect to the slave. For Unix-like machines that means > having the master ssh into your machine. This in turn requires either > a publically accessible machine, or setting up port forwarding on your > NAT, or similar. The issues I had seem limited to FreeBSD. My OS X build slave is quite happy connecting to the master. frank |
Free forum by Nabble | Edit this page |