Hi Chris Cunnington and fellow box-admins,
I'm ready to report on my distributed build slave experiment, and wondered if you'd take a look at my proposed announcement before I hit the send button. Usually I'd just send these kinds of things, but since I _use_ squeakci but don't _own_ it (in the responsibility sense), I thought I'd check here first for things like tone, and whether we'd want to allow people to help out in the below fashion.
In particular, there are possible security concerns, mostly on the client side, but possibly (in the sense that I don't know) on the server side. So:
<proposal> Hi,
Our community have very few dedicated official resources: running www.squeak.org and so on either takes cash or donations.
The new CI work is rather heavy CPU wise, and limited to (CentOS) Linux builds only. However, Jenkins supports the use of headless build slaves that connect TO a Jenkins master, permitting these slaves to run while still behind NATs.
I've been experimenting these past few days investigating using build slaves. I've set up jobs for building FreeBSD VMs (both broken, because FreeBSD support does lag behind the other platforms) and for running Trunk tests on OS X. You can see that we have some (known) network issues on OS X here: http://squeakci.org/job/SqueakTrunk-OSX/9/testReport/?
It's pretty easy to run a build slave. If you wish to donate some computing time, ask here and we can create a node for you, with a (unique) name of your choice. Once that's done, you need to * have (a recent version of) Java installed * download the slave.jar from http://squeakci.org/jnlpJars/slave.jar * run the jar somehow. On a Unix machine that'll be $ java -jar slave.jar -jnlpUrl http://squeakci.org/computer/$%7BSLAVENAME%7D/slave-agent.jnlp
What are the downsides? Jenkins masters can send arbitrary Java classes to a slave for running. That means that if squeakci.org's Jenkins was compromised, your build slave could potentially be compromised. You will want to, at the minimum, run the slave under a dedicated user with low privileges.
You can find more reading material here: https://wiki.jenkins-ci.org/display/JENKINS/Distributed+builds </proposal>
frank
Looks good to me. It opens up the possibility of testing on more OSs, which sounds good. I'm figuring you'll post this on Squeak-dev for wider exposure. I can blog about it, too. Borg away.
Chris
Sent from my iWillJoinTheCollectivePad
On 2013-01-06, at 12:33 PM, Frank Shearar frank.shearar@gmail.com wrote:
Hi Chris Cunnington and fellow box-admins,
I'm ready to report on my distributed build slave experiment, and wondered if you'd take a look at my proposed announcement before I hit the send button. Usually I'd just send these kinds of things, but since I _use_ squeakci but don't _own_ it (in the responsibility sense), I thought I'd check here first for things like tone, and whether we'd want to allow people to help out in the below fashion.
In particular, there are possible security concerns, mostly on the client side, but possibly (in the sense that I don't know) on the server side. So:
<proposal> Hi,
Our community have very few dedicated official resources: running www.squeak.org and so on either takes cash or donations.
The new CI work is rather heavy CPU wise, and limited to (CentOS) Linux builds only. However, Jenkins supports the use of headless build slaves that connect TO a Jenkins master, permitting these slaves to run while still behind NATs.
I've been experimenting these past few days investigating using build slaves. I've set up jobs for building FreeBSD VMs (both broken, because FreeBSD support does lag behind the other platforms) and for running Trunk tests on OS X. You can see that we have some (known) network issues on OS X here: http://squeakci.org/job/SqueakTrunk-OSX/9/testReport/?
It's pretty easy to run a build slave. If you wish to donate some computing time, ask here and we can create a node for you, with a (unique) name of your choice. Once that's done, you need to
- have (a recent version of) Java installed
- download the slave.jar from http://squeakci.org/jnlpJars/slave.jar
- run the jar somehow. On a Unix machine that'll be $ java -jar
slave.jar -jnlpUrl http://squeakci.org/computer/$%7BSLAVENAME%7D/slave-agent.jnlp
What are the downsides? Jenkins masters can send arbitrary Java classes to a slave for running. That means that if squeakci.org's Jenkins was compromised, your build slave could potentially be compromised. You will want to, at the minimum, run the slave under a dedicated user with low privileges.
You can find more reading material here: https://wiki.jenkins-ci.org/display/JENKINS/Distributed+builds
</proposal>
frank
box-admins@lists.squeakfoundation.org