Servers¶
http://jenkins.plone.org runs on a number of different servers, see below.
Master¶
- hosted at hetzner.de
- IP: 78.47.49.108
- donor: Timo Stollenwerk
- contact: Timo Stollenwerk (tisto) and Gil Forcada (gforcada)
Nodes¶
Nodes server¶
- hosted at hetzner.de
- IP: 88.99.26.113 / 2a01:4f8:10a:2ae::2
- donor: Plone Foundation
- contact: Paul Roeland (polyester) and Gil Forcada (gforcada)
Configuration¶
Base system: Ubuntu 16.04 LTS minimal
Install lxd:
apt-get install lxd
Initial configuration:
lxd init
(all default options)
Create nodes:
lxc launch ubuntu:16.04 node1
lxc launch ubuntu:16.04 node2
lxc launch ubuntu:16.04 node3
Add SSH keys:
lxc file push /root/.ssh/authorized_keys node1/root/.ssh/authorized_keys
lxc file push /root/.ssh/authorized_keys node2/root/.ssh/authorized_keys
lxc file push /root/.ssh/authorized_keys node3/root/.ssh/authorized_keys
Write down nodes IPs:
lxc list
Configure a jump host to connect to them:
Host jenkins-plone-org-nodes-host
HostName 88.99.26.113
User root
ProxyCommand none
Host node1-jenkins-plone-org
HostName XX.XX.XX.XX
User root
ProxyCommand ssh jenkins-plone-org-nodes-host nc %h %p 2> /dev/null
Host node2-jenkins-plone-org
HostName XX.XX.XX.XX
User root
ProxyCommand ssh jenkins-plone-org-nodes-host nc %h %p 2> /dev/null
Host node3-jenkins-plone-org
HostName XX.XX.XX.XX
User root
ProxyCommand ssh jenkins-plone-org-nodes-host nc %h %p 2> /dev/null
Connect to all nodes to accept their fingerprint:
ssh node1-jenkins-plone-org
ssh node2-jenkins-plone-org
ssh node3-jenkins-plone-org
Install python 2.7 (as ansible still needs it):
ssh node1-jenkins-plone-org "apt-get update && apt-get install -y python2.7"
ssh node2-jenkins-plone-org "apt-get update && apt-get install -y python2.7"
ssh node3-jenkins-plone-org "apt-get update && apt-get install -y python2.7"
Add iptables rules to let jenkins master connect to the nodes, these two lines are needed for each node:
iptables -t nat -A PREROUTING -p tcp --dport ${SPECIFIC_PORT} -j DNAT --to-destination ${NODE_IP}:22
iptables -t nat -A POSTROUTING -p tcp -d ${NODE_IP} --dport ${SPECIFIC_PORT} -j SNAT --to-source ${SERVER_IP}
Note
update SPECIFIC_PORT to something like 808X (each node a different port),
NODE_IP to the IP of each node (node IP can be seen with lxc list)
and SERVER_IP to the server host (i.e. 88.99.26.113)
TODO¶
- create ansible playbook for bootstrap the server so it does:
- create containers with ansible
- configure SSH
- install python2.7 on containers
- configure firewall