From 8c8bf93d4c4dcf2adbffb556f367f8f846a80969 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 18:13:42 -0500 Subject: [PATCH] Add poudriere config. --- .gitattributes | 1 + ansible/roles/poudriere/files/poudriere.conf | 27 ++++++++++++++----- ansible/roles/poudriere/files/poudriere.key | Bin 0 -> 3265 bytes ansible/roles/poudriere/tasks/freebsd.yaml | 24 ++++++++--------- 4 files changed, 33 insertions(+), 19 deletions(-) create mode 100644 ansible/roles/poudriere/files/poudriere.key diff --git a/.gitattributes b/.gitattributes index 505af13..cf5db54 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,3 @@ cargo_credentials.toml filter=git-crypt diff=git-crypt **/wireguard_configs/** filter=git-crypt diff=git-crypt +*.key filter=git-crypt diff=git-crypt diff --git a/ansible/roles/poudriere/files/poudriere.conf b/ansible/roles/poudriere/files/poudriere.conf index 2b3ff41..8b0e368 100644 --- a/ansible/roles/poudriere/files/poudriere.conf +++ b/ansible/roles/poudriere/files/poudriere.conf @@ -1,7 +1,7 @@ # Poudriere can optionally use ZFS for its ports/jail storage. For # ZFS define ZPOOL, otherwise set NO_ZFS=yes -# +# #### ZFS # The pool where poudriere will create all the filesystems it needs # poudriere will use ${ZPOOL}/${ZROOTFS} as its root @@ -10,6 +10,7 @@ # poudriere. # #ZPOOL=zroot +ZPOOL=zroot ### NO ZFS # To not use ZFS, define NO_ZFS=yes @@ -17,6 +18,7 @@ # root of the poudriere zfs filesystem, by default /poudriere # ZROOTFS=/poudriere +ZROOTFS=/poudriere # the host where to download sets for the jails setup # You can specify here a host or an IP @@ -27,7 +29,7 @@ # Also note that every protocols supported by fetch(1) are supported here, even # file:/// # Suggested: https://download.FreeBSD.org -FREEBSD_HOST=_PROTO_://_CHANGE_THIS_ +FREEBSD_HOST=https://download.FreeBSD.org # By default the jails have no /etc/resolv.conf, you will need to set # RESOLV_CONF to a file on your hosts system that will be copied has @@ -64,11 +66,14 @@ USE_PORTLINT=no # yes - Enables tmpfs(5) for wrkdir and data # no - Disable use of tmpfs(5) # EXAMPLE: USE_TMPFS="wrkdir data" -USE_TMPFS=yes +USE_TMPFS=all +# USE_TMPFS=yes +# USE_TMPFS=no # How much memory to limit tmpfs size to for *each builder* in GiB # (default: none) #TMPFS_LIMIT=8 +TMPFS_LIMIT=16 # How much memory to limit jail processes to for *each builder* # in GiB (default: none) @@ -132,10 +137,10 @@ DISTFILES_CACHE=/usr/ports/distfiles # Default: no #BAD_PKGNAME_DEPS_ARE_FATAL=yes + # Path to the RSA key to sign the PKG repo with. See pkg-repo(8) -# This produces a repo that supports SIGNATURE_TYPE=PUBKEY -# Default: not set #PKG_REPO_SIGNING_KEY=/etc/ssl/keys/repo.key +PKG_REPO_SIGNING_KEY=/usr/local/etc/poudriere.d/poudriere.key # Command to sign the PKG repo with. See pkg-repo(8) # This produces a repo that supports SIGNATURE_TYPE=FINGERPRINTS @@ -181,6 +186,7 @@ DISTFILES_CACHE=/usr/ports/distfiles # # Example to define PARALLEL_JOBS to one single job # PARALLEL_JOBS=1 +PARALLEL_JOBS=1 # How many jobs should be used for preparing the build? These tend to # be more IO bound and may be worth tweaking. Default: PARALLEL_JOBS * 1.25 @@ -190,9 +196,10 @@ DISTFILES_CACHE=/usr/ports/distfiles # If set, failed builds will save the WRKDIR to ${POUDRIERE_DATA}/wrkdirs # SAVE_WRKDIR=yes -# Choose the default format for the workdir packing: could be tar,tgz,tbz,txz,tzst +# Choose the default format for the workdir packing: could be tar,tgz,tbz,txz # default is tbz # WRKDIR_ARCHIVE_FORMAT=tbz +WRKDIR_ARCHIVE_FORMAT=txz # Disable Linux support # NOLINUX=yes @@ -215,6 +222,7 @@ DISTFILES_CACHE=/usr/ports/distfiles # By default MAKE_JOBS is disabled to allow only one process per cpu # Use the following to allow it anyway # ALLOW_MAKE_JOBS=yes +ALLOW_MAKE_JOBS=yes # List of packages that will always be allowed to use MAKE_JOBS # regardless of ALLOW_MAKE_JOBS. This is useful for allowing ports @@ -228,16 +236,19 @@ DISTFILES_CACHE=/usr/ports/distfiles # URL where your POUDRIERE_DATA/logs are hosted # This will be used for giving URL hints to the HTML output when # scheduling and starting builds -#URL_BASE=http://yourdomain.com/poudriere/ +# URL_BASE=https://freebsdpkg.fizz.buzz/logs # This defines the max time (in seconds) that a command may run for a build # before it is killed for taking too long. Default: 86400 #MAX_EXECUTION_TIME=86400 +# 2 days +MAX_EXECUTION_TIME=172800 # This defines the time (in seconds) before a command is considered to # be in a runaway state for having no output on stdout. Default: 7200 #NOHANG_TIME=7200 +NOHANG_TIME=14400 # The repository is updated atomically if set yes. This leaves the @@ -254,6 +265,7 @@ DISTFILES_CACHE=/usr/ports/distfiles # are encountered. # Default: yes #COMMIT_PACKAGES_ON_FAILURE=yes +COMMIT_PACKAGES_ON_FAILURE=no # Keep older package repositories. This can be used to rollback a system # or to bisect issues by changing the repository to one of the older @@ -330,6 +342,7 @@ DISTFILES_CACHE=/usr/ports/distfiles # Set to hosted to use the /data directory instead of inline style HTML # Default: inline #HTML_TYPE="hosted" +HTML_TYPE="hosted" # Set to track remaining ports in the HTML interface. This can slow down # processing of the queue slightly, especially for bulk -a builds. diff --git a/ansible/roles/poudriere/files/poudriere.key b/ansible/roles/poudriere/files/poudriere.key new file mode 100644 index 0000000000000000000000000000000000000000..7f11634ed8296e14c2d9a152e7a9fab70827fbb1 GIT binary patch literal 3265 zcmV;y3_kM!M@dveQdv+`0MEc&{R7mZ{r^KEkTvquws$CHupr1ZhP4N+XbG*gSoHNI zbL3vxp8ap%0Yvska(y@Dp9T8? zN^DqjR^jSSH=ZyR1cc%^{d+)$-Oi+J}a&@skYeY#@s z?@9|+ZlUEEzNO>4bo5klt=a27K*I}bezwx`65RSy`TIkH9KJRtsgt;0p~y;Pr ze?q4EA0gxvZ()t%!g=iXU=5>LL?xk0)!B~zSuI&L*-k6GZOr^O0Go#+4=nYqf~^0f zwnLDIqtBmobd3=9ejbI&W--068h-zz$MMgycdJ4G)BGw6Y_ zfKevJ=m$HZIW+X4L~OpMZtPL1ATND2jTZ5jxAfKb@|*O&rf0pFcTv(>9CyYWwk%C2q>RbaI%$AZHm*I27( z!QLjxs^Kv3Q-XRi#>Qn&*~1EIRtQWL0l-fJls~Hu=VxO$*Eo3K2hbA`&dM+Qlze=H z9I=GT+U|$le4rD7atplcrG5D zBnXKKLAXUeN)8PP7a`G6WXK19_?(SfqS|F`+Nc@tp$C}ycaqkr6N$WciGTnI`V)_} zhS*nh?xAWQY}#ETca0TM9)?)@i)!RQ82mC&Q!=#vyj(*>=9jkzv5gPRG`#!o;8UE; z=4T4*Pz1*6snUc&Zsq1ekFv?LWLp^LOz$x~UTe4~4zV?YBgwf7@|L&5cB5?D?~L-A z;^t>WL=Z7y>9W*M;Y|s%0}Wh|!-Kilo@Q}B&39yfS;D4m_Df{@qIO^56G9F0_y5Y!fu-swb3rd}gVqKfvZc zu?f_=*kZ?TZVf(X{;p&sHU5*9Th&S)&WG;16;-0KNkTdP0c!h<%OCqzNvQ)EGG%9P zcml`GMU^eQFD#~f#v!Bs(R(2x7CP(ad#v%zjK`jT`ef}4&9WDTuN3-u)Gpd%W;ghw zt>2p}F(DEGMT2wMVS>w-JfAq(dVq#K--|*pj+>P7&wq!)JFCp22bW~bR z!@fG8tD=~4VG9_t5u#V<>%t23aK!95K0cwS{hc0FjnqQZS_fLRQGAb^(bmbnQ5as< zY>gp*%*Sn64b=Vp2SG`&j8NB$^q}CFl$eyMttKa?3m^tsa-tf-b1Y;jQm*hhZa$RS zTmFkm0VR5_#^cts)_C*$4T#j8=!3r_3#LY$b=C+(mZ}}$;O2qIQyHP-e&{9VINd|D znwC$l5n=?(gW4OGZRZ*t*rl~U<6B*=b{_aknAG$jFhH5ny!b{Z=sP6VL350-qRck2 zU&T>@s~^sBiDyc#HH`%-$cvY&#l;=78Lbb_pBM1~-FC}bxXBswHU(D!Xxj!RhIcHg z9Kb3hCoe*`wsc~UXBOuS)(Zi~EEst3`tYibN zKEiAeNCi#Z=)dSU%)9u_7&IBV6v=0vN(;3g>+r+_@X39vVBwKlOCzOsX)P=1I%?4? zQ$-G<_;`^@mjpf)ok9U7u^jmG>CE_75TLzU6x+PyCqX=I?Pz@E548S@sJU1IXy=N! z1a>rN6;uNhBFfl9M{&3CZ7jkIPAIOW#>5hKUMO4E3xOYP>%9$?Wx@s%WcCtwJ9kE|V|-ar2~mBhs!WlIwI$Dy+mJoF z_tQlM>6m|f_uwc04K#!*DSf<5=-9KS32>wTe%kMqIX`3wQZvmxW4XtlW7NXl!kRnI z$t`iTi-_u@n8VQbX(VCKy{Tn+2wF^os}`8oIMp!9?1%IaCx`D;usrtQ;MC_<>(|IQ z9u#|7utBe}jl0mJ5BDnts!Vt8QhRWV{+{NS*Oji-!#7)C(`6c52J^T7tM$-m5#{I} zX`F%Mrfx?ChZj8lNaZxj*LG>$KxD&^J)PYiy{u3#M!AVRiTA#9Uf-vl zk##+{ilyjyI+mphB-D&|_yz^UYmJVr9u@tj&6BEUw&{d`gStPvcYoW{s&-n5-%Jl% z=J6WFl0w|Tz~{~*yWdT56Zs0jO7a@I&woWLJ8wwnZ)-NtdbD1q|CtGJnZy0U=rI$? zl?eEsf12F|WnAJ>(JZtH9R&UkDUYJ;^X%?Y_+`e$KnT6q<}vwT(4UlF*5NH= z83Nsh>EY@jzAxx5N;@DyhZpM&cdVsjQnm>%Qvo?pt&;8jvPE&1UWH}}DG4F4cUMOM zs?n53aW_;M^%{r^4dW}yVIn>Z#8I?q<)13|1=g*clEagzf-w(MgbW|8T^?mN;uu`O z*FLoS!-iRU2H*98=;?p zLM?)+1*@hQKPNUYwgrZ1^uznu#Uwx`tLlEiia<~-pR+hgAlJ?B6=NPsda!cq;IHL@ zW`AOhV;8Rf^| zFrb}0(4~^)MEauydd6tU|Br5hrelU_y^HUz5{9hvCrM8U3SmtXNVaaca}L!LWn><< zNOUApD*c%9Q)kk4FFxKbQpj*S`K6A`F#1$y7qPDN6@a>rtHOcJ#8aB$GbkPm=oHkS zCR)g6WLHZsNnf*`^wM3J>^VJUQ#3M1M{l|YzqR1mu?=schL?2HclbV41%f(Wy(^Os z5T?L#{H9m+7u-`dxr~%fzgkA-7+E7m-r-AD_q_(92c63HU zC*=C&cB&}!`{&scJ?^9L;(_u1Tsi>#9=1IJY_AH9+q0l4L^1BQN8N^j@D