Как установить Buildbot

Подготовка

pip3 install --upgrade pyopenssl

Мастер

Подготовка

Создаём нужные группы и нужных пользователей

groupadd bmaster
useradd -m -d /home/bmaster -s /bin/bash -g bmaster -m bmaster

Устанавливаем пакеты

pip install buildbot buildbot-worker buildbot-www \
buildbot-waterfall-view buildbot-console-view buildbot-grid-view \
service_identity 'buildbot[tls]' treq

Установка buildmaster на центральном узле

buildbot create-master -r /home/bmaster/master

Конфигурационный файл

cp /home/bmaster/master/master.cfg.sample /home/bmaster/master/master.cfg

nginx

/etc/nginx/conf.d/buildbot.conf

server {
    listen 80;
    server_name buildbot.specialistoff.net;
    access_log /var/log/nginx/buildbot.specialistoff.net-access.log main;
    error_log /var/log/nginx/buildbot.specialistoff.net-error.log info;
    location / {
        return 302 https://buildbot.specialistoff.net$request_uri;
    }
}

server {
    listen 443 ssl;
    # listen [::]:443 ssl;
    server_name buildbot.specialistoff.net;

    ssl_certificate /etc/letsencrypt/buildbot.specialistoff.net/public.crt;
    ssl_certificate_key /etc/letsencrypt/buildbot.specialistoff.net/private.key;
    ssl_session_timeout 1h;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers off;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;

    # OCSP stapling
#    ssl_stapling on;
#    ssl_stapling_verify on;

#    resolver 127.0.0.1;

    access_log /var/log/nginx/buildbot.specialistoff.net-access.log main;
    access_log /var/log/nginx/buildbot.specialistoff.net-access-ch.log ch;

    error_log /var/log/nginx/buildbot.specialistoff.net-error.log debug;

    proxy_max_temp_file_size 0;

    location / {
        include proxy_params;
        proxy_pass http://127.0.0.1:8010;
    }
    location /sse/ {
        # proxy buffering will prevent sse to work
        proxy_buffering off;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8010/sse/;
    }
    # required for websocket
    location /ws {
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://127.0.0.1:8010/ws;
        # raise the proxy timeout for the websocket
        proxy_read_timeout 6000s;
    }
}

Запуск

buildbot start /home/bmaster/master

Вход http://IP:8010

Файл /etc/systemd/system/buildbot.master.service

[Unit]
Description=Buildbot master
After=network-online.target
Wants=network-online.target

[Service]
WorkingDirectory=/home/bmaster/master
ExecStart=/usr/local/bin/buildbot start
ExecStop=/usr/local/bin/buildbot stop
# ExecReload=/usr/local/bin/buildbot reconfig
ExecReload=/usr/local/bin/buildbot restart
User=bmaster
Group=bmaster
StandardOutput=file:/var/log/buildbot/master.log
NotifyAccess=all

[Install]
WantedBy=multi-user.target

Файл /etc/tmpfiles.d/buildbot.conf

d /var/log/buildbot.master 0755 bmaster bmaster -
f /var/log/buildbot.master/master.log 0644 bmaster bmaster -

Применяем изменения

systemctl daemon-reload
systemd-tmpfiles --create

Запуск и автозапуск

systemctl start buildbot.master
systemctl enable buildbot.master

nftables

Правила на сервере

table filter {
    set buildbot-worker {
        type ipv4_addr
        elements = {
            IPWorker
        }
    }

    chain input {
        type filter hook input priority 0;
        policy drop;

        ip saddr @buildbot-worker tcp dport 9989 accept comment "Accept Buildbot worker on port 9989";
    }
}

Добавление нового воркера

nft add element ip filter buildbot-worker { IPWorker }

Воркеры (workers)

Создаём нужные группы и нужных пользователей

groupadd bworker
useradd -m -d /home/bworker -s /bin/bash -g bworker -m bworker

Инициализация

buildbot-worker create-worker worker IPorServerName nodename pass

где:

• worker - каталог с настройками
• IPorServerName - адрес мастера
• nodename - уникальное имя воркера (на него будем ссылаться при настройке master.cfg)
• pass - пароль воркера (также будет в файле master.cfg)

Запуск

buildbot-worker start /home/bworker/worker 

Файл /etc/systemd/system/buildbot.worker.service

[Unit]
Description=Buildbot worker
Wants=network-online.target
After=network-online.target

[Service]
WorkingDirectory=/home/bworker/worker
ExecStart=/usr/local/bin/buildbot-worker start --nodaemon
ExecStop=/usr/local/bin/buildbot-worker stop
# ExecReload=/usr/local/bin/buildbot-worker restart
ExecReload=/usr/local/bin/buildbot-worker restart --nodaemon
Restart=always
User=bworker
Group=bworker
StandardOutput=file:/var/log/buildbot.worker/worker.log
NotifyAccess=all

[Install]
WantedBy=multi-user.target

Файл /etc/tmpfiles.d/buildbot-worker.conf

d /var/log/buildbot.worker 0755 bworker bworker -
f /var/log/buildbot.worker/worker.log 0644 bworker bworker -

Регистрируем новый сервис в системе

systemctl daemon-reload
systemd-tmpfiles --create

Запуск и автозапуск

systemctl start buildbot.worker
systemctl enable buildbot.worker

Для доступа к docker

usermod -aG docker bworker