aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBoris Kolpackov <boris@codesynthesis.com>2017-04-18 15:55:39 +0200
committerBoris Kolpackov <boris@codesynthesis.com>2017-04-18 15:55:39 +0200
commitfa910a11d351a496a7db8da65b33625cf790c928 (patch)
tree469235ee3c24b8b6fd852f499d1a19210bd10f8c
parent6e306c77d3bd945dd48fd9746ac1b07610e85f36 (diff)
Add controller_url, controller_trust parameters
-rwxr-xr-xbuildos88
-rw-r--r--doc/manual.cli14
2 files changed, 88 insertions, 14 deletions
diff --git a/buildos b/buildos
index 6c3e008..bb7434e 100755
--- a/buildos
+++ b/buildos
@@ -65,15 +65,30 @@ for v in "${cmdline[@]}"; do
val="$(sed -re 's/^[^=]+=(.*)$/\1/' <<<"$v")" # Extract value.
val="$(sed -re "s/^('(.*)'|\"(.*)\")$/\2\3/" <<<"$val")" # Strip quoted.
- # If the variable contains a dot, then it is a toolchain variable.
+ # Recognize some variables as arrays.
+ #
+ a=
+
+ # If the variable contains a dot, then it is a toolchain name-specific
+ # variable.
#
if [[ "$var" == *.* ]]; then
tn="$(sed -re 's/^[^.]+\.(.+)$/\1/' <<<"$var")"
- var="${tn}_$(sed -re 's/^([^.]+)\..+$/\1/' <<<"$var")"
+ var="$(sed -re 's/^([^.]+)\..+$/\1/' <<<"$var")"
+
+ if [ "$var" = "controller_url" -o "$var" = "controller_trust" ]; then
+ a=true
+ fi
+
+ var="${tn}_$var"
toolchains["$tn"]="${tn}_"
fi
- declare "$var=$val"
+ if [ -n "$a" ]; then
+ declare -a "$var+=('$val')"
+ else
+ declare "$var=$val"
+ fi
fi
done
@@ -103,6 +118,10 @@ function restart ()
sudo systemctl reboot
}
+if [ -z "$buildid_url" ]; then
+ info "no buildos.buildid_url specified, not monitoring for new os builds"
+fi
+
# Process toolchains.
#
@@ -143,8 +162,19 @@ for tn in "${!toolchains[@]}"; do
if [ -z "$(toolchain_value "$tp" toolchain_trust)" ]; then
declare "${tp}toolchain_trust=no"
fi
+
+ # Warn if we have no controller URLs for this toolchain.
+ #
+ n="${tp}controller_url[0]"
+ if [ -z "${!n}" ]; then
+ info "no buildos.controller_url.$tn specified, not starting bbot agent"
+ fi
done
+if [ "${#toolchain_names[@]}" -eq 0 ]; then
+ info "no buildos.toolchain_url specified, not bootstrapping"
+fi
+
# Divide CPUs and RAM (in kB) among the toolchains.
#
# Reserve 4G of RAM for ourselves (rootfs, tmpfs).
@@ -179,27 +209,31 @@ function print ()
echo "buildid_url: $buildid_url"
echo
+ local n i tn tp tu tt
for tn in "${toolchain_names[@]}"; do
tp="${toolchains["$tn"]}"
tu="$(toolchain_value "$tp" toolchain_url)"
tt="$(toolchain_value "$tp" toolchain_trust)"
- echo "$tn.toolchain_url: $tu"
- echo "$tn.toolchain_trust: $tt"
+ echo "$tn.toolchain_url: $tu"
+ echo "$tn.toolchain_trust: $tt"
+
+ n="${tp}controller_url[@]"
+ for i in "${!n}"; do
+ echo "$tn.controller_url: $i"
+ done
+
+ n="${tp}controller_trust[@]"
+ for i in "${!n}"; do
+ echo "$tn.controller_trust: $i"
+ done
+
echo
done
}
print | email "starting build os monitor"
-if [ -z "$buildid_url" ]; then
- info "no buildos.buildid_url specified, not monitoring for new os builds"
-fi
-
-if [ "${#toolchain_names[@]}" -eq 0 ]; then
- info "no buildos.toolchain_url specified, not bootstrapping"
-fi
-
# Machines cleanup (/build/machines/).
#
diag=()
@@ -639,7 +673,7 @@ function bbot_start () # <toolchain-name> <toolchain-index>
local r=1
- local b_word
+ local i n b_word
while true; do # The "breakout loop".
b_word="$(bpkg status bbot | cut -d ' ' -f 1)"
@@ -684,6 +718,24 @@ function bbot_start () # <toolchain-name> <toolchain-index>
-e "s/^(Environment=TOOLCHAIN_NUM)=.*/\1=$ti/" \
"$id/lib/systemd/system/bbot-agent@.service"
+ # Patch in the controller URLs.
+ #
+ n="${tp}controller_url[@]"
+ for i in "${!n}"; do
+ sed -i -r \
+ -e "s#^(Environment=\"CONTROLLER_URL=[^\"]*)\"\$#\1 $i\"#" \
+ "$id/lib/systemd/system/bbot-agent@.service"
+ done
+
+ # Patch in the controller trust fingerprints.
+ #
+ n="${tp}controller_trust[@]"
+ for i in "${!n}"; do
+ sed -i -r \
+ -e "s#^(Environment=\"CONTROLLER_TRUST=[^\"]*)\"\$#\1 --trust $i\"#" \
+ "$id/lib/systemd/system/bbot-agent@.service"
+ done
+
sudo ln -sf "$id/lib/systemd/system/bbot-agent@.service" \
"/usr/lib/systemd/system/bbot-agent@$tn.service"
@@ -830,6 +882,14 @@ EOF
continue
fi
+ # Or those that have no controllers (maybe it would have been better
+ # to build it but not start).
+ #
+ n="${tp}controller_url[0]"
+ if [ -z "${!n}" ]; then
+ continue
+ fi
+
s=
bbot_check "$tn" 2>&1 | tee "$tr/bbot-$count.log" 1>&2
diff --git a/doc/manual.cli b/doc/manual.cli
index 2d275aa..3abd639 100644
--- a/doc/manual.cli
+++ b/doc/manual.cli
@@ -356,6 +356,20 @@ While the monitor itself only needs the \c{build2-toolchain} package, build
machine toolchain bootstrap may require additional packages (which will be
accessed via TFTP using predictable names).
+\h#config-controllers|Controllers|
+
+For each toolchain the \c{bbot} agent polls one or more controllers for build
+tasks to perform. The controller URLs are configured with the
+the \c{buildos.controller_url[.<name>]} kernel command line parameter (where
+\c{<name>} is optional toolchain name). To specify multiple controllers,
+repeat this parameter.
+
+Additionally, we can use the \c{buildos.controller_trust[.<name>]} kernel
+command line parameter to specify SHA256 repository certificate fingerprints
+to trust (see the \c{trust} build task manifest value for details). To specify
+multiple fingerprints, repeat this parameter.
+
+
\h1#machines|Build Machines|
At the top level, a machine storage volume (see \l{#config-storage-machines