provision mac minis at nearform as osx machines in jenkins CI #1695
Comments
|
@BethGriggs, @jasnell I'm hoping we only need Nearform to do the first step on the list above. |
|
We have it most of the way. I need to follow up this week with our infrastructure guy |
|
@jasnell, any updates? |
|
I'm not sure running bare is going to be a good idea, isolating via vm is nice for security and the ease of clean-up & replace as needed |
|
Using just the 2 VMs makes sense to me. I thought somebody had mentioned using bare metal as the third, but avoiding that seems safer to me as well. Don't think that really changes any of the steps above except we won't do it for the bare metal machine. |
|
@AshCripps and I have started looking at this. ssh and vnc was already setup, its working. The next steps are VMWare setup. @jasnell this can (EDIT: "must") only be done locally, but we are still looking into it, it might not be possible to use VMWare at all on a mac. |
It is, I ran test-requireio-osx-* and release-requireio-osx-* from a single MacMini for years and it was the only machine we had when Voxer dropped us and before we got MacStadium sponsorship. You have to use VMWare Fusion on a standard Mac though, Apple have a strong-arm against VMWare, they force them to special-case macOS. VSphere like in MacStadium might be an option but I've never tried it. |
|
Got VMware Fusion installed on one of the mac minis downloading on the other one right now but internet is being slow. Was able to spin up a 10.14 vm succesfully but Im not able to get ahold of any earlier versions of macOS |
|
Next steps would be:
|
sam-github
changed the title
|
@rvagg We're banging our heads against getting JumpHost configuration working through the host macmini into its guests. We'll keep working at it, but in case you have some advice for us, here is where we are at, @AshCripps and I will take another crack at it tomorrow. Manual Not so much luck yet with ansible. It looks to me that ansible is getting into the host, but then trying to auth as the "admin" user into the guest OS. I suspect that there are some assumptions about the user accounts that must exist on the macs. The manual setup is missing any information about what users to create, so I'm poking around macstadium to see how they are setup. We have made an iojs user on the guests, but it looks like ansible is trying to login to the guest OS as the "admin" user. I'm not sure why yet, and macstadium uses the name "administrator"... mostly, the 10.12 machines don't have administrator, they have a "root1". We hit the end of the day, next step is to figure out what we need to setup on the guest VMs in terms of users, and what we need to config in ansible to mirror the macstadium config. |
|
Can I safely run the jenkins/worker/create.yml against any of the current macs? It would be helpful to have a sucessful run against a mac to compare the nearform setup to. |
|
I'm not sure I understand the comment about the JumpBox. For the Nearform setup if we can get an additional IP for each of the virtual machines that will be much easier. |
|
OK, I'll contact nearform. If we take that approach we can't go any further with ansible until they allocate IPs. |
|
see ansible.cfg, the |
|
We found and copied that, no luck. I emailed nearform, if we get static IPs, its a problem that doesn't need solving. And I guess we can PR our WIP. |
|
If you or michael have a comment on whether I can ansible macstadium hosts, I'd appreciate it. There are machines that haven't been ansibled in ages, and its risky to run on them, and some that get ansibled regularly, so its safe. I don't know what category the macstadium fits in. |
|
@sam-github as far as I'm aware yes, I think I did 10.11's recently. I'm always hesitant with older versions because who knows what's broken in the time since they were last run but you're welcome to try. As far as I know there's nothing custom on them. To be safe, maybe not all at the same time. |
|
Discussed in nodejs/build WG meeting today -- @AshCripps needs an apple dev account to download older OS images, @mhdawson will give both @AshCripps and @sam-github access to the account credentials. |
|
Update: @AshCripps took this as far as possible, at this point we are waiting for @jasnell to organize with NearForm IT static IPs for the VMs in the macminis. Until then, the effort to get modern OS X machines in CI (test or release) via the nearform macminis is blocked. /cc @jasnell @MylesBorins |
He is employed full-time by IBM in my team to work on Node.js community build infrastructure, and I am mentoring him. He has setup and has ongoing "special access" to maintain build machines: - #2054 - #2081 - #1695 He doesn't have the ability to run CI jobs much less configure CI jobs, so he can't complete the rhel7-s390x or aix7.1-ppc64 setup or nearform macmini setup, I have to run all the jobs for him. Criteria: https://github.com/nodejs/build/blob/master/doc/access.md#build-working-group-membership History: - Continous involvement in build-wg since joining our team - nodejs/build PRs: 10 close, 2 open: https://github.com/nodejs/build/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3AAshCripps+ - nodejs/node PRs: 3 closed: https://github.com/nodejs/node/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3AAshCripps+ - ansibilization of 3 systems to prep them for joining to CI (aix, rhel, and os x)
He is employed full-time by IBM in my team to work on Node.js community build infrastructure, and I am mentoring him. He has setup and has ongoing "special access" to maintain build machines: - #2054 - #2081 - #1695 He doesn't have the ability to run CI jobs much less configure CI jobs, so he can't complete the rhel7-s390x or aix7.1-ppc64 setup or nearform macmini setup, I have to run all the jobs for him. Criteria: https://github.com/nodejs/build/blob/master/doc/access.md#build-working-group-membership History: - Continous involvement in build-wg since joining our team - nodejs/build PRs: 10 close, 2 open: https://github.com/nodejs/build/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3AAshCripps+ - nodejs/node PRs: 3 closed: https://github.com/nodejs/node/pulls?utf8=%E2%9C%93&q=is%3Apr+author%3AAshCripps+ - ansibilization of 3 systems to prep them for joining to CI (aix, rhel, and os x)
|
Is this resolved now? |
|
Nope, @AshCripps is going to take it up again tomorrow, as it happens. We aren't blocked, we've the static IPs from your sysadmins. |
|
@jasnell @nodejs/platform-macos I have updated the description with a checklist of what next for me to do. Bare in mind we only have space for 4 VMs so we have decided to go with all four as 10.15 (1 release, 3 test) as otherwise we wont have enough coverage as the absolute minimum is 1 release and 2 test of the same os level which leave one machine that can't be used for any other level. This can be changed if needed if more resource become available to the build WG. @sam-github and I propose we use the 10.15 release machine to run all releases on all lines to ensure that notorization, when ready, can be run on all releases which cannot be done on the current release machines. I have done some tests which shows the |
|
Weve hit a snag with setting up the new machines and assigning them the IPs so I contacted nearforms tech and got this response. So now awaiting his update on monday. |
|
Current ETA on the network fix is Tuesday next week (28th Jan 2020) |
|
@AshCripps can we have an update on this? It would be good to get a new release machine up to at least start getting 13.x on newer macOS & Xcode with notarization. Ideally we could get two new release machines, one in nearForm and one in Macstadium and run all release lines through the same setup. |
|
Update in draft meeting minutes: https://docs.google.com/document/d/1l72fuEnKuy5uBCc3vRCj18tSko5heGP4skdYofdLmvk/edit |
|
I'll check with Eamonn again tomorrow to see where we're at but still appear to be blocked by the provider :-/ |
|
Yeah I emailed Eamonn yesterday as well but it has been blocked on the provider for many weeks now :( |
|
Update: |
|
Finally some good news we have the IPs and I can confirm they work on the VMs. Will hopefully have a draft PR in later today to kick off adding these machines to CI |
We've realized we dont' have an issue covering this as email was used to do the initial arrangements with the Foundation.
We have 2 mac minis at NearForm (bought by the Foundation) to be added to the CI.
We have VMware so we should be able to have 3 machines on each (1 bare metal and 2 VMs).
Next steps include:
The text was updated successfully, but these errors were encountered: