MozillaWiki

ReleaseEngineering/Applications/Slavealloc

< ReleaseEngineering‎ | Applications
Revision as of 16:24, 22 March 2011 by Djmitche (talk | contribs) (Created page with "(still being deployed .. so at the moment much of this is future) == Application Description == Slavealloc is a client-server application. The client is [http://hg.mozilla.org/b...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

(still being deployed .. so at the moment much of this is future)

Application Description

Slavealloc is a client-server application. The client is runslave.py. Communication is via a very basic HTTP request to http://slavealloc.build.mozilla.org/production/gettac/$slavename, where the response is expected to be a buildbot.tac file suitable for use to start buildslave.

The slavealloc server is a implemented as a small Twisted application (source) which serves the tac generator, a JSON REST interface, and a client-side JavaScript interface.

The same source code also implements a command-line frontend to the REST interface.

Requirements

Deployment

The slave allocator server is deployed on a single host, slavealloc.build.mozilla.org.

Server Setup

IT installed RHEL6 along with MySQL client libraries, and set up the proper firewall rules to allow database access.

As root, virtualenv-1.5.2 was installed into the system Python library. The following system packages were installed via yum:

Nginx

Nginx frontends for both

Twisted Daemon

The 'slavealloc' user runs the twisted daemon on this host. The user account is locked and accessed only via su from root.

The daemon is installed in a virtualenv at /tools/slavealloc-$rev, using the pre-checked python packages on the puppet server. Note that --no-site-packages is not used here, because we need access to the (binary) MySQL-python package which is installed systemwide: 

cd /tools
virtualenv slavealloc-8fe4dbc09d03
ln -s slavealloc-8fe4dbc09d03 slavealloc
/slavealloc-8fe4dbc09d03/bin/pip install -e hg+http://hg.mozilla.org/build/tools@8fe4dbc09d03#egg=tools \
   --no-index --find-links=http://staging-puppet.build.mozilla.org/staging/python-packages/

Once this was set up, the 'slavealloc dbinit' command was used to initialize the database.

The production and staging tac files are in /build/slavealloc. Staging runs on port 1079, and production runs on 1080.

TODO (temp)

  • initscript
  • nginx
  • set up production

External Resources

Security

The slave allocator hands out low-security slave passwords in the .tac files, which are stored in cleartext in the database. It does not do any sort of authentication either for read or modify operations, and relies on the Build VLAN firewalls to prevent external access.

Development

Install tools in a virtualenv: 

cd tools
virtualenv sandbox
sandbox/bin/pip install -e .

Then you can run the slavealloc daemon locally from the root of the tools repository with a simple: 

sandbox/bin/twistd -noy slavealloc-combined.tac

Note that due to what I believe to be a bug in pip, you may need to explicitly install Twisted to get the twistd executable installed: 

pip install -U twisted

To set up a fresh database, use 

sandbox/bin/slavealloc dbinit -D sqlite:///slavealloc.db

This configuration will use SQLite to access {{{slavealloc.db}}} in the current directory. You can hack on the static web content while the daemon is running.

See Also

See User:Djmitche/Slave Allocator Proposal

Retrieved from "https://wiki.allizom.org/index.php?title=ReleaseEngineering/Applications/Slavealloc&oldid=293190"