@@ -16,19 +16,206 @@ hosts:
1616 # eth0: 2.5G RTL8125B from mainboard
1717 - hostname : podone
1818 role : corerouter
19- openwrt_version : snapshot
19+ openwrt_version : 24.10-SNAPSHOT
2020 model : " x86-64"
2121 image_search_pattern : " *-ext4-combined-efi.img*"
2222 imagebuilder_config :
2323 CONFIG_TARGET_ROOTFS_PARTSIZE : 256
24- CONFIG_GRUB_BOOTOPTS : " usb_storage.quirks=152d:0583:ut"
2524 host__packages__to_merge :
26- - bash rsync screen tmux htop mtr
27- - parted fdisk e2fsprogs btrfs-progs losetup resize2fs coreutils-shred
25+ - parted losetup resize2fs blkid
26+ - podman kmod-tun kmod-fuse conmon crun catatonit netavark external-protocol
27+ host__rclocal__to_merge :
28+ - " sed -i 's|#firewall_driver|firewall_driver|g' /etc/containers/containers.conf"
29+ - " sed -i 's|runroot = \" .*\" |runroot = \" /opt/run/containers/storage\" |g' /etc/containers/storage.conf"
30+ - " sed -i 's|graphroot = \" .*\" |graphroot = \" /opt/var/lib/containers/storage\" |g' /etc/containers/storage.conf"
31+ host__files__to_merge :
32+ - path : /etc/uci-defaults/70-rootpt-resize
33+ content : |
34+ if [ ! -e /etc/rootpt-resize ] \
35+ && type parted > /dev/null \
36+ && lock -n /var/lock/root-resize
37+ then
38+ ROOT_BLK="$(readlink -f /sys/dev/block/"$(awk -e \
39+ '$9=="/dev/root"{print $3}' /proc/self/mountinfo)")"
40+ ROOT_DISK="/dev/$(basename "${ROOT_BLK%/*}")"
41+ ROOT_PART="${ROOT_BLK##*[^0-9]}"
42+ parted -f -s "${ROOT_DISK}" \
43+ resizepart "${ROOT_PART}" 100%
44+ mount_root done
45+ touch /etc/rootpt-resize
46+ if [ -e /boot/cmdline.txt ]
47+ then
48+ NEW_UUID=`blkid ${ROOT_DISK}p${ROOT_PART} | sed -n 's/.*PARTUUID="\([^"]*\)".*/\1/p'`
49+ sed -i "s/PARTUUID=[^ ]*/PARTUUID=${NEW_UUID}/" /boot/cmdline.txt
50+ fi
51+ reboot
52+ fi
53+ exit 1
54+ path : /etc/uci-defaults/80-rootfs-resize
55+ content : |
56+ if [ ! -e /etc/rootfs-resize ] \
57+ && [ -e /etc/rootpt-resize ] \
58+ && type losetup > /dev/null \
59+ && type resize2fs > /dev/null \
60+ && lock -n /var/lock/root-resize
61+ then
62+ ROOT_BLK="$(readlink -f /sys/dev/block/"$(awk -e \
63+ '$9=="/dev/root"{print $3}' /proc/self/mountinfo)")"
64+ ROOT_DEV="/dev/${ROOT_BLK##*/}"
65+ LOOP_DEV="$(awk -e '$5=="/overlay"{print $9}' \
66+ /proc/self/mountinfo)"
67+ if [ -z "${LOOP_DEV}" ]
68+ then
69+ LOOP_DEV="$(losetup -f)"
70+ losetup "${LOOP_DEV}" "${ROOT_DEV}"
71+ fi
72+ resize2fs -f "${LOOP_DEV}"
73+ mount_root done
74+ touch /etc/rootfs-resize
75+ reboot
76+ fi
77+ exit 1
78+ path : /usr/share/buildbot/Dockerfile
79+ content : |
80+ FROM docker.io/library/debian:12
81+ MAINTAINER pktpls@systemli.org
82+ ARG DEBIAN_FRONTEND=noninteractive
83+ ARG BUILDBOT_VERSION=4.3.0
84+ USER root
85+ RUN apt-get update && apt-get install -y podman sudo vim build-essential ccache curl file gawk g++-multilib gcc-multilib genisoimage git-core gosu libdw-dev libelf-dev libncurses5-dev locales pv pwgen python3 python3-venv python3-pip python3-pyelftools python3-cryptography qemu-utils rsync signify-openbsd subversion swig unzip wget zstd && apt-get clean && localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
86+ RUN python3 -m venv /opt/venv
87+ ENV PATH="/opt/venv/bin:$PATH"
88+ RUN pip3 install -U pip
89+ RUN pip3 install "buildbot-worker==$BUILDBOT_VERSION" pyelftools pyOpenSSL service_identity
90+ ENV LANG=en_US.utf8
91+ COPY entry.sh /entry.sh
92+ COPY start.sh /start.sh
93+ RUN echo "buildbot ALL=(root) NOPASSWD: /usr/bin/podman" > /etc/sudoers.d/buildbot-podman
94+ RUN groupadd buildbot && useradd --create-home --home-dir /builder --comment "Freifunk Berlin buildbot" --gid buildbot --shell /bin/bash buildbot && chown buildbot:buildbot /builder && chmod 0755 /entry.sh /start.sh
95+ VOLUME [ "/builder" ]
96+ ENTRYPOINT [ "/entry.sh" ]
97+ CMD [ "/start.sh" ]
98+ path : /usr/share/buildbot/entry.sh
99+ mode : ' 0755'
100+ content : |
101+ #!/usr/bin/env bash
102+ chown buildbot:buildbot /builder
103+ /usr/sbin/gosu buildbot "$@"
104+ path : /usr/share/buildbot/start.sh
105+ mode : ' 0755'
106+ content : |
107+ #!/usr/bin/env bash
108+ cleanup_buildworker_env_variables() {
109+ for var in "${!BUILDWORKER_@}"; do
110+ unset "$var"
111+ done
112+ }
113+ [ -n "$BUILDWORKER_NAME" ] || {
114+ echo "Please supply a name via --env BUILDWORKER_NAME=XXX" >&2
115+ exit 1
116+ }
117+ [ -n "$BUILDWORKER_PASSWORD" ] || {
118+ echo "Please supply a password via --env BUILDWORKER_PASSWORD=XXX" >&2
119+ exit 2
120+ }
121+ rm -f /builder/buildbot.tac
122+ /opt/venv/bin/buildbot-worker create-worker \
123+ --force \
124+ --umask="0o22" \
125+ ${BUILDWORKER_TLS:+--connection-string="SSL:$BUILDWORKER_MASTER"} \
126+ /builder \
127+ "$BUILDWORKER_MASTER" \
128+ "$BUILDWORKER_NAME" \
129+ "$BUILDWORKER_PASSWORD"
130+ echo "$BUILDWORKER_ADMIN" > /builder/info/admin
131+ echo "$BUILDWORKER_DESCRIPTION" > /builder/info/host
132+ cleanup_buildworker_env_variables
133+ rm -f /builder/twistd.pid
134+ exec /opt/venv/bin/buildbot-worker start --nodaemon /builder
135+ path : /usr/share/buildbot/init.sh
136+ mode : ' 0644'
137+ content : |
138+ start_service() {
139+ podman pull -q --retry=3 --retry-delay=5s docker.io/library/debian:11 >/dev/null
140+ img=$(podman build -q /usr/share/buildbot)
141+ echo "image: $img"
142+ procd_open_instance
143+ procd_set_param command /usr/bin/podman run --rm -i \
144+ --security-opt label=disable --security-opt unmask=ALL \
145+ --cap-add CAP_SYS_ADMIN --cap-add CAP_NET_ADMIN \
146+ --cap-add CAP_SYS_RESOURCE --cap-add CAP_MKNOD \
147+ --device /dev/fuse --device /dev/net/tun \
148+ --ip6 $ip6 --ip $ip4 --dns $dns --no-hosts \
149+ -e BUILDWORKER_NAME=$name \
150+ -e BUILDWORKER_PASSWORD=$password \
151+ -e BUILDWORKER_MASTER=buildbot.berlin.freifunk.net \
152+ -e BUILDWORKER_ADMIN=pktpls@systemli.org \
153+ -e BUILDWORKER_DESCRIPTION="Container testing" \
154+ --name $name $img
155+ procd_set_param respawn 60 10 0 # respawn indefinitely, wait 10s before retry
156+ procd_set_param stdout 1
157+ procd_set_param stderr 1
158+ procd_close_instance
159+ }
160+ stop_service() {
161+ podman kill $name
162+ }
163+ path : /etc/init.d/podone-buildbot1
164+ mode : ' 0755'
165+ content : |
166+ #!/bin/sh /etc/rc.common
167+ USE_PROCD=1
168+ START=99
169+ STOP=1
170+ name="podone-buildbot1"
171+ password="trustno1"
172+ ip6="2001:bf7:820:3302::2"
173+ ip4="10.248.33.42"
174+ dns="10.248.33.41"
175+ . /usr/share/buildbot/init.sh
176+ path : /etc/init.d/podone-buildbot2
177+ mode : ' 0755'
178+ content : |
179+ #!/bin/sh /etc/rc.common
180+ USE_PROCD=1
181+ START=99
182+ STOP=1
183+ name="podone-buildbot2"
184+ password="trustno1"
185+ ip6="2001:bf7:820:3302::3"
186+ ip4="10.248.33.43"
187+ dns="10.248.33.41"
188+ . /usr/share/buildbot/init.sh
189+ path : /etc/init.d/podone-buildbot3
190+ mode : ' 0755'
191+ content : |
192+ #!/bin/sh /etc/rc.common
193+ USE_PROCD=1
194+ START=99
195+ STOP=1
196+ name="podone-buildbot3"
197+ password="trustno1"
198+ ip6="2001:bf7:820:3302::4"
199+ ip4="10.248.33.44"
200+ dns="10.248.33.41"
201+ . /usr/share/buildbot/init.sh
202+ path : /etc/init.d/podone-buildbot4
203+ mode : ' 0755'
204+ content : |
205+ #!/bin/sh /etc/rc.common
206+ USE_PROCD=1
207+ START=99
208+ STOP=1
209+ name="podone-buildbot4"
210+ password="trustno1"
211+ ip6="2001:bf7:820:3302::5"
212+ ip4="10.248.33.45"
213+ dns="10.248.33.41"
214+ . /usr/share/buildbot/init.sh
28215
29216# 10.248.33.32/27 - pktpls+bbb@systemli.org
30217# - 10.248.33.32/29 - mgmt
31- # - 10.248.33.40/29 - unused
218+ # - 10.248.33.40/29 - podman
32219# - 10.248.33.48/29 - mesh
33220# - 10.248.33.56/29 - unused
34221ipv6_prefix : 2001:bf7:820:3300::/56
@@ -49,3 +236,15 @@ networks:
49236 ipv6_subprefix : 42
50237 assignments :
51238 podone : 1
239+
240+ - role : podman
241+ ifname : podman0
242+ untagged : true
243+ inbound_filtering : true
244+ prefix : 10.248.33.40/29
245+ ipv6_subprefix : 2
246+ assignments :
247+ podone-buildbot1 : 2
248+ podone-buildbot2 : 3
249+ podone-buildbot3 : 4
250+ podone-buildbot4 : 5
0 commit comments