diff --git a/contrib/teamcity/gitian.sh b/contrib/teamcity/gitian.sh --- a/contrib/teamcity/gitian.sh +++ b/contrib/teamcity/gitian.sh @@ -1,16 +1,5 @@ #!/bin/bash -e -wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr494.orig.tar.gz -echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c -# (verification -- must return OK) -tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz -cd vm-builder-0.12.4+bzr494 -sudo python setup.py install -cd .. - -## Install Gitian -git clone https://github.com/devrandom/gitian-builder.git - export COMMIT=HEAD export URL=`pwd` export USE_LXC=1 @@ -18,7 +7,7 @@ export GITIAN_HOST_IP=10.0.3.1 export LXC_GUEST_IP=10.0.3.5 -cd gitian-builder +cd ~/gitian-builder if [[ "${OS_NAME}" == "osx" ]]; then wget https://storage.googleapis.com/f4936e83b2dcbca742be51fb9692b153/MacOSX10.11.sdk.tar.gz @@ -31,8 +20,7 @@ ## Determine the number of build threads THREADS=$(nproc || sysctl -n hw.ncpu) -./bin/make-base-vm --lxc --distro debian --suite stretch --arch amd64 -./bin/gbuild -j${THREADS} -m3500 --commit bitcoin=${COMMIT} --url bitcoin=${URL} ../contrib/gitian-descriptors/gitian-${OS_NAME}.yml +./bin/gbuild -j${THREADS} -m3500 --commit bitcoin=${COMMIT} --url bitcoin=${URL} ${URL}/contrib/gitian-descriptors/gitian-${OS_NAME}.yml cd .. mkdir ${OS_NAME} diff --git a/contrib/teamcity/setup-agent.sh b/contrib/teamcity/setup-agent.sh new file mode 100755 --- /dev/null +++ b/contrib/teamcity/setup-agent.sh @@ -0,0 +1,205 @@ +#!/usr/bin/env bash + +### CHECK THE SCRIPT IS RUNNING ON DEBIAN 9, WARN OTHERWISE + +# Debian based distributions put definitions in /etc/os-release +DIST_FILE=/etc/os-release + +DIST_WARNING="WARNING: this script is targeting Debian 9 only. Use at your own risk." + +# Additional packages to install +if [[ ! -f "${DIST_FILE}" ]]; then + echo "WARNING: unable to locate the distribution definitions file ${DIST_FILE}." + echo "${DIST_WARNING}" +fi + +DIST_ID=`cat ${DIST_FILE} | grep "^ID=" | cut -d'=' -f2` +DIST_VERSION_ID=`cat ${DIST_FILE} | grep "^VERSION_ID=" | cut -d'=' -f2` + +echo "Distribution: ${DIST_ID}" +echo "Version: ${DIST_VERSION_ID}" + +if [[ "${DIST_ID}" != "debian" || "${DIST_VERSION_ID}" != '"9"' ]]; then + echo "${DIST_WARNING}" +fi + + +### FIND THE WAN NETWORK INTERFACE +echo "INFO: start WAN network interface detection" + +NET_PING_SITE="google.com" + +# Get the active network interfaces +NET_DEVS=`ip addr show | awk '/inet.*brd/{print $NF}'` +for d in ${NET_DEVS} +do + echo "INFO: trying network interface $d" + ping -c 1 -I $d "${NET_PING_SITE}" + if [[ $? -eq 0 ]]; then + NET_DEV=$d + break + fi +done + +if [[ -z "${NET_DEV}" ]]; then + echo "ERROR: could not determine an active WAN network interface. Aborting" + exit 1 +fi + +echo "INFO: using ${NET_DEV} as the main network interface" + + +### INSTALL ADDITIONAL PACKAGES +echo "INFO: start installing additional packages" + +set -e + +INSTALL_PACKAGES=( + # Server management + fail2ban + sudo + + # Build dependencies + automake + autotools-dev + bsdmainutils + build-essential + ccache + default-jdk-headless + git + libboost-all-dev + libdb-dev + libdb++-dev + libevent-dev + libminiupnpc-dev + libprotobuf-dev + libqrencode-dev + libqt5core5a + libqt5dbus5 + libqt5gui5 + libssl-dev + libtool + libzmq3-dev + pkg-config + protobuf-compiler + python3 + python3-zmq + qttools5-dev + qttools5-dev-tools + + # Teamcity dependencies + default-jre + unzip + + # Gitian dependencies + apparmor + apt-cacher-ng + bridge-utils + curl + debootstrap + firewalld + git + iptables + kpartx + lxc + make + parted + python-cheetah + qemu-utils + ruby + ubuntu-archive-keyring +) + +function join_by { local IFS="$1"; shift; echo "$*"; } + +echo "INFO: updating package list" +apt update + +echo "INFO: installing ${INSTALL_PACKAGES[*]}" +apt install -y $(join_by ' ' ${INSTALL_PACKAGES[@]}) + + +### TEAMCITY SETUP +echo "INFO: start Teamcity agent setup" + +# Add the Teamcity user (no password) +useradd -m teamcity +adduser teamcity sudo +passwd -d teamcity + +# Setup Java environment variable +echo 'JAVA_HOME="/usr/lib/jvm/default-java"' >> /etc/environment + +# Move to the teamcity user home directory +cd /home/teamcity + +# Get the Teamcity agent script and configure the agent +sudo -u teamcity wget https://build.bitcoinabc.org/update/buildAgent.zip +sudo -u teamcity echo "4e0e5409ffd81b2a3605f824e2d59887efab2659717a4558fbb5ea386a2a5ed9 buildAgent.zip" | sha256sum -c +sudo -u teamcity unzip -d buildAgent -q buildAgent.zip +rm buildAgent.zip +cd buildAgent/conf +sudo -u teamcity cp buildAgent.dist.properties buildAgent.properties +sudo -u teamcity sed -i "s#serverUrl=.*#serverUrl=https://build.bitcoinabc.org/#g" buildAgent.properties +sudo -u teamcity sed -i "s#name=.*#name=`hostname`#g" buildAgent.properties +cd ../bin +sudo -u teamcity chmod +x agent.sh + +# Setup automatic start for the Teamcity agent +cd /etc/init.d +wget https://raw.githubusercontent.com/Bitcoin-ABC/bitcoin-abc/master/contrib/teamcity/buildAgent-autostart -O buildAgent +echo "03b35e5af5d943c7b5228ac1ac945e0114829d563424d356e3f58d67aaa93e33 buildAgent" | sha256sum -c +chmod 755 buildAgent +update-rc.d buildAgent defaults + + +### GITIAN SETUP + +# the version of lxc-start in Debian needs to run as root, so make sure +# that the build script can execute it without providing a password +echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc +echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-execute" >> /etc/sudoers.d/gitian-lxc + +# make /etc/rc.local script that sets up bridge between guest and host +echo '#!/bin/sh -e' > /etc/rc.local +echo 'brctl addbr lxcbr0' >> /etc/rc.local +echo 'ip addr add 10.0.3.1/24 broadcast 10.0.3.255 dev lxcbr0' >> /etc/rc.local +echo 'ip link set lxcbr0 up' >> /etc/rc.local +echo 'firewall-cmd --zone=trusted --add-interface=lxcbr0' >> /etc/rc.local +echo "iptables -t nat -A POSTROUTING -o ${NET_DEV} -j MASQUERADE" >> /etc/rc.local +echo 'echo 1 > /proc/sys/net/ipv4/ip_forward' >> /etc/rc.local +echo 'exit 0' >> /etc/rc.local +chmod +x /etc/rc.local + +# make sure that USE_LXC is always set when logging in as teamcity, +# and configure LXC IP addresses +echo 'export USE_LXC=1' >> /home/teamcity/.profile +echo 'export GITIAN_HOST_IP=10.0.3.1' >> /home/teamcity/.profile +echo 'export LXC_GUEST_IP=10.0.3.5' >> /home/teamcity/.profile + +# Install vm-builder +cd /home/teamcity +sudo -u teamcity wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr494.orig.tar.gz +sudo -u teamcity echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c +sudo -u teamcity tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz +rm vm-builder_0.12.4+bzr494.orig.tar.gz +cd vm-builder-0.12.4+bzr494 +python setup.py install +cd .. + +# Prepare Gitian base VM +sudo -u teamcity git clone https://github.com/devrandom/gitian-builder.git +sudo -u teamcity git clone https://github.com/Bitcoin-ABC/bitcoin-abc.git +cd gitian-builder +sudo -u teamcity bin/make-base-vm --lxc --arch amd64 --distro debian --suite stretch + + +### CLEANUP AND REBOOT +echo "INFO: cleaning up and rebooting the machine" + +# Reset teamcity password to something more secure +usermod -p '$6$pHcBHB0i$wPFaojwrPdlYl9mWnAiiWoSFkwDvJq6mTMrP5AP.JSaVZVm7RF..P7wx5a3hQsJf9tcH.1M8OHc7IMndlDNlM.' teamcity +echo "INFO: teamcity user password reset to default. Don't forget to change the password after first login !" + +echo "INFO: rebooting the machine" +reboot