From 508a9cf9d87fe89989138acbca655a8d5969f972 Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Tue, 7 Feb 2023 17:26:06 +0000 Subject: [PATCH 01/19] Create initial playbook for mac agents RE #62 --- .../ansible/.jenkins-agent.yml.swp | Bin 0 -> 12288 bytes .../ansible/jenkins-agent.yml | 8 +++ .../ansible/roles/agent/tasks/main.yml | 48 ++++++++++++++++++ 3 files changed, 56 insertions(+) create mode 100644 jenkins-node/mantid-builder-macos/ansible/.jenkins-agent.yml.swp create mode 100644 jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml create mode 100644 jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml diff --git a/jenkins-node/mantid-builder-macos/ansible/.jenkins-agent.yml.swp b/jenkins-node/mantid-builder-macos/ansible/.jenkins-agent.yml.swp new file mode 100644 index 0000000000000000000000000000000000000000..ff14650d7d9b389f14387923a5a0e93f908407c2 GIT binary patch literal 12288 zcmeI&Jx;?g7zSX6iGd0P7cgZ`(iS0A-4JB}QILSLJBibVI(C(Wp##5%;0&Arv6TyO z1qRN+=QMzX)b5Da$}7wE=R|q7C=MDI2R+{QT8!EnW3}OXI9+*hK29AL8f`K!PPDd* z^V@Ov=)AepZuWNf<`>b*&Cd<}OpZ7fIv>SBZ*b z=B6T~YN7KaQ1ZJ{45Ti+Nvak;6^jsn0J|z;w_WRRx0(&Bu~pyX8|!_*KmY;|fB*y_ z009U<00RF=pcp&smfm-%dgtY;cYgKN5FG>{009U<00Izz00bZa0SG_<0)J3IM2zjP zGImd~|NptGPgiCY2pNk$E}e^2{h2mqj#VM|sEIVQBJ#whN`0%eAnZx^k?{ Zgwx6SlQVueJ6k{7$zzl8UU|UYW1oOhV}$?! literal 0 HcmV?d00001 diff --git a/jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml b/jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml new file mode 100644 index 0000000..6fc973d --- /dev/null +++ b/jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml @@ -0,0 +1,8 @@ +- name: Deploy macOS Jenkins agent for Mantid. + hosts: all + + roles: + - role: agent + become: yes + tags: "agent" + diff --git a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml new file mode 100644 index 0000000..23342fa --- /dev/null +++ b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml @@ -0,0 +1,48 @@ +--- + +- name: Deploy Jenkins agent on macOS + tasks: + # Install Requirements + + - name: Install homebrew + include_role: + name: geerlingguy.mac.homebrew + + - name: Make sure homebrew bin is in the path + ansible.builtin.lineinfile: + path: /etc/paths + state: present + line: '/opt/homebrew/bin' + become: true + become_user: root + + - name: Install git + community.general.homebrew: + name: git + state: latest + + - name: Install Java 11 + community.general.homebrew: + name: java11 + state: present + + # Configure macOS Settings + + - name: Disable screensaver + shell: defaults write com.apple.screensaver idleTime 0 + + - name: Disable saved application states to avoid dialog + shell: defaults write org.python.python NSQuitAlwaysKeepsWindows -bool false + + # TODO: Disable autolock (this seems to change between versions, so might not be possible to script) + + - name: Download jenkins slave script + shell: curl -o ~/jenkins-slave.sh https://raw.githubusercontent.com/mantidproject/mantid/main/buildconfig/Jenkins/jenkins-slave.sh + + - name: Start script as chrontab entry + ansible.builtin.cron: + name: "Run slave script" + minute: "*/5" + job: "$HOME/jenkins-slave.sh {{ agent_name }} {{ agent_secret }}" + + From df064a5885704e15a3e3c28ddfeda590a6b900ca Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Wed, 8 Feb 2023 09:41:22 +0000 Subject: [PATCH 02/19] Add playbook RE #62 --- .../ansible/.jenkins-agent.yml.swp | Bin 12288 -> 0 bytes .../ansible/jenkins-agent.yml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 jenkins-node/mantid-builder-macos/ansible/.jenkins-agent.yml.swp diff --git a/jenkins-node/mantid-builder-macos/ansible/.jenkins-agent.yml.swp b/jenkins-node/mantid-builder-macos/ansible/.jenkins-agent.yml.swp deleted file mode 100644 index ff14650d7d9b389f14387923a5a0e93f908407c2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12288 zcmeI&Jx;?g7zSX6iGd0P7cgZ`(iS0A-4JB}QILSLJBibVI(C(Wp##5%;0&Arv6TyO z1qRN+=QMzX)b5Da$}7wE=R|q7C=MDI2R+{QT8!EnW3}OXI9+*hK29AL8f`K!PPDd* z^V@Ov=)AepZuWNf<`>b*&Cd<}OpZ7fIv>SBZ*b z=B6T~YN7KaQ1ZJ{45Ti+Nvak;6^jsn0J|z;w_WRRx0(&Bu~pyX8|!_*KmY;|fB*y_ z009U<00RF=pcp&smfm-%dgtY;cYgKN5FG>{009U<00Izz00bZa0SG_<0)J3IM2zjP zGImd~|NptGPgiCY2pNk$E}e^2{h2mqj#VM|sEIVQBJ#whN`0%eAnZx^k?{ Zgwx6SlQVueJ6k{7$zzl8UU|UYW1oOhV}$?! diff --git a/jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml b/jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml index 6fc973d..8627d71 100644 --- a/jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml +++ b/jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml @@ -1,6 +1,6 @@ - name: Deploy macOS Jenkins agent for Mantid. hosts: all - + roles: - role: agent become: yes From b705c7938ee220b81f5d23c08e1110beebbc0f53 Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Wed, 8 Feb 2023 11:08:40 +0000 Subject: [PATCH 03/19] Fix all commands being run as root RE #62 --- jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml b/jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml index 8627d71..364c8e4 100644 --- a/jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml +++ b/jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml @@ -3,6 +3,5 @@ roles: - role: agent - become: yes tags: "agent" From b77badf432fa25a9ae0859055c80a51443ff65e4 Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Wed, 8 Feb 2023 11:10:10 +0000 Subject: [PATCH 04/19] Fix homebrew and git installation RE #62 --- .../ansible/requirements.yml | 3 + .../ansible/roles/agent/tasks/main.yml | 81 +++++++++---------- 2 files changed, 43 insertions(+), 41 deletions(-) create mode 100644 jenkins-node/mantid-builder-macos/ansible/requirements.yml diff --git a/jenkins-node/mantid-builder-macos/ansible/requirements.yml b/jenkins-node/mantid-builder-macos/ansible/requirements.yml new file mode 100644 index 0000000..9357fc7 --- /dev/null +++ b/jenkins-node/mantid-builder-macos/ansible/requirements.yml @@ -0,0 +1,3 @@ +--- +collections: + - name: geerlingguy.mac \ No newline at end of file diff --git a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml index 23342fa..c646360 100644 --- a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml +++ b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml @@ -1,48 +1,47 @@ --- +# Deploy Jenkins agent on macOS -- name: Deploy Jenkins agent on macOS - tasks: - # Install Requirements +# Install Requirements - - name: Install homebrew - include_role: - name: geerlingguy.mac.homebrew - - - name: Make sure homebrew bin is in the path - ansible.builtin.lineinfile: - path: /etc/paths - state: present - line: '/opt/homebrew/bin' - become: true - become_user: root - - - name: Install git - community.general.homebrew: - name: git - state: latest - - - name: Install Java 11 - community.general.homebrew: - name: java11 - state: present - - # Configure macOS Settings - - - name: Disable screensaver - shell: defaults write com.apple.screensaver idleTime 0 - - - name: Disable saved application states to avoid dialog - shell: defaults write org.python.python NSQuitAlwaysKeepsWindows -bool false +- name: Install homebrew + include_role: + name: geerlingguy.mac.homebrew + +- name: Make sure homebrew bin is in the path + ansible.builtin.lineinfile: + path: /etc/paths + state: present + line: '/opt/homebrew/bin' + become: true + become_user: root + +- name: Install git + community.general.homebrew: + name: git + state: latest + +- name: Install Java 11 + community.general.homebrew: + name: java11 + state: present + +# Configure macOS Settings + +- name: Disable screensaver + shell: defaults write com.apple.screensaver idleTime 0 + +- name: Disable saved application states to avoid dialog + shell: defaults write org.python.python NSQuitAlwaysKeepsWindows -bool false - # TODO: Disable autolock (this seems to change between versions, so might not be possible to script) +# TODO: Disable autolock (this seems to change between versions, so might not be possible to script) - - name: Download jenkins slave script - shell: curl -o ~/jenkins-slave.sh https://raw.githubusercontent.com/mantidproject/mantid/main/buildconfig/Jenkins/jenkins-slave.sh - - - name: Start script as chrontab entry - ansible.builtin.cron: - name: "Run slave script" - minute: "*/5" - job: "$HOME/jenkins-slave.sh {{ agent_name }} {{ agent_secret }}" +- name: Download jenkins slave script + shell: curl -o ~/jenkins-slave.sh https://raw.githubusercontent.com/mantidproject/mantid/main/buildconfig/Jenkins/jenkins-slave.sh + +- name: Start script as chrontab entry + ansible.builtin.cron: + name: "Run slave script" + minute: "*/5" + job: "$HOME/jenkins-slave.sh {{ agent_name }} {{ agent_secret }}" From 463a0a80c979bfbf7c610c7ab77e7a4aa766ab82 Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Wed, 8 Feb 2023 15:35:41 +0000 Subject: [PATCH 05/19] Add privileges setters for new managed macs RE #62 --- .../ansible/roles/agent/tasks/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml index c646360..5b85687 100644 --- a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml +++ b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml @@ -2,6 +2,10 @@ # Deploy Jenkins agent on macOS # Install Requirements + +- name: Add user to sudoers on new macs + shell: /Applications/Privileges.app/Contents/Resources/PrivilegesCLI --add + ignore_errors: true # Not all the macs have these, so don't panic if it fails. - name: Install homebrew include_role: @@ -44,4 +48,8 @@ minute: "*/5" job: "$HOME/jenkins-slave.sh {{ agent_name }} {{ agent_secret }}" +- name: Remove user from sudoers on new macs + shell: /Applications/Privileges.app/Contents/Resources/PrivilegesCLI --remove + ignore_errors: true # Not all the macs have these, so don't panic if it fails. + From e844aec85bdf2675dcf62bf7768fb9d1b6f51f48 Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Wed, 8 Feb 2023 16:21:20 +0000 Subject: [PATCH 06/19] Add a test run of the slave script to the tasks RE #62 --- .../roles/agent/tasks/check-connection.sh | 40 +++++++++++++++++++ .../ansible/roles/agent/tasks/main.yml | 38 ++++++++++-------- 2 files changed, 62 insertions(+), 16 deletions(-) create mode 100644 jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/check-connection.sh diff --git a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/check-connection.sh b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/check-connection.sh new file mode 100644 index 0000000..2b1e4ca --- /dev/null +++ b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/check-connection.sh @@ -0,0 +1,40 @@ +#! /bin/sh + +AGENT_NAME=${1} +AGENT_SECRET=${2} + + +echo "Check if the secret or name has changed and kill the current java process if it has. " + +cron_entry=$(crontab -l | grep jenkins-slave.sh) +cron_name_and_secret=$(echo "$cron_entry" | grep -o "$AGENT_NAME .*") + +if [[ "$AGENT_NAME $AGENT_SECRET" != "$cron_name_and_secret" ]]; then + pgrep java | xargs kill -9 +fi + + +echo "Run the agent startup script in the background. " + +$HOME/jenkins-slave.sh $AGENT_NAME $AGENT_SECRET & + + +echo "Wait for the script to get to its hang point. " + +sleep 5 + + +echo "Check that the script has connected the agent to the controller. " + +jenkins_json=$(curl https://builds.mantidproject.org/manage/computer/$AGENT_NAME/api/json) +is_offline=$(echo "$jenkins_json" | grep \"icon\":\"symbol-computer-offline\") + +if [[ $is_offline ]]; then + echo "Agent failed to connect to Jenkins controller. " + exit 1 +fi + + +echo "Agent connected successfully. " + +exit 0 \ No newline at end of file diff --git a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml index 5b85687..0a82476 100644 --- a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml +++ b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml @@ -3,7 +3,7 @@ # Install Requirements -- name: Add user to sudoers on new macs +- name: Add user to sudoers on new macs. shell: /Applications/Privileges.app/Contents/Resources/PrivilegesCLI --add ignore_errors: true # Not all the macs have these, so don't panic if it fails. @@ -11,7 +11,7 @@ include_role: name: geerlingguy.mac.homebrew -- name: Make sure homebrew bin is in the path +- name: Make sure homebrew bin is in the path. ansible.builtin.lineinfile: path: /etc/paths state: present @@ -19,37 +19,43 @@ become: true become_user: root -- name: Install git +- name: Install git. community.general.homebrew: name: git state: latest -- name: Install Java 11 +- name: Install Java 11. community.general.homebrew: name: java11 state: present -# Configure macOS Settings +# Configure macOS Settings. -- name: Disable screensaver +- name: Disable screensaver. shell: defaults write com.apple.screensaver idleTime 0 -- name: Disable saved application states to avoid dialog +- name: Disable saved application states to avoid dialog. shell: defaults write org.python.python NSQuitAlwaysKeepsWindows -bool false - -# TODO: Disable autolock (this seems to change between versions, so might not be possible to script) - -- name: Download jenkins slave script - shell: curl -o ~/jenkins-slave.sh https://raw.githubusercontent.com/mantidproject/mantid/main/buildconfig/Jenkins/jenkins-slave.sh -- name: Start script as chrontab entry +# Test and start the agent. Note: Connection will only begin consistently every 5th minute if changes are made. + +- name: Download jenkins slave script. + shell: curl -o $HOME/jenkins-slave.sh https://raw.githubusercontent.com/mantidproject/mantid/main/buildconfig/Jenkins/jenkins-slave.sh + +- name: Make the slave script executable. + shell: chmod 777 $HOME/jenkins-slave.sh + +- name: Check the Jenkins agent connection script. + script: ./check-connection.sh {{ agent_name }} {{ agent_secret }} + +- name: Setup a chrontab entry to run the agent script every 5th minute. ansible.builtin.cron: name: "Run slave script" minute: "*/5" job: "$HOME/jenkins-slave.sh {{ agent_name }} {{ agent_secret }}" -- name: Remove user from sudoers on new macs +# Tidy up the evironment. + +- name: Remove user from sudoers on new macs. shell: /Applications/Privileges.app/Contents/Resources/PrivilegesCLI --remove ignore_errors: true # Not all the macs have these, so don't panic if it fails. - - From f92d3b68417f215f39653a26745f132b82b88c7d Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Wed, 8 Feb 2023 17:59:44 +0000 Subject: [PATCH 07/19] Add documentation for ansible mac deployment RE #62 --- .vscode/settings.json | 5 ++ jenkins-node/mantid-builder-macos/README.md | 76 +++++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 .vscode/settings.json create mode 100644 jenkins-node/mantid-builder-macos/README.md diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..0c13e71 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,5 @@ +{ + "cSpell.words": [ + "workdir" + ] +} \ No newline at end of file diff --git a/jenkins-node/mantid-builder-macos/README.md b/jenkins-node/mantid-builder-macos/README.md new file mode 100644 index 0000000..d0767be --- /dev/null +++ b/jenkins-node/mantid-builder-macos/README.md @@ -0,0 +1,76 @@ +# Jenkins macOS nodes for Mantid + +This describes how to deploy a macOS build node. Such a node is able to perform any of the macOS jobs. + +## Prerequisites + +- Access to the Keeper password manager and the `ISIS Jenkins Nodes` file. +- Access to the [`mantidproject/ansible-linode`](https://github.com/mantidproject/ansible-linode) and [`dockerfiles`](https://github.com/mantidproject/dockerfiles) repositories. +- If the machine was already setup, you will need your SSH key adding to the list so you can connect remotely. + + +## Manual Setup + +There are few steps that need to be manually taken on a brand new machine before ansible can take over. + +- Login to the provided administrator account. +- Set up a `mantidbuilder` user on the new machine: + - Open the `System Preferences -> Users & Groups` menu. + - Press the `+` button below the list of users and add a new administrator account. Use `mantidbuilder` for both the name fields and provide a strong password. +- Enable remote access: + - Open `System Preferences -> Sharing`. + - Enable `Remote Login` for all users and allow full disk access. + - Make a note of the `ssh` login instructions, especially the hostname after the `@`. + - Store the chosen password and the hostname in the `ISIS Jenkins Nodes` file in Keeper. + - Enable `Remote Management` for all users. +- Set security settings to allow for builds and consistent access: + - Open `System Preferences -> Security & Privacy`. + - In `General`, untick the `Require password [...] after sleep or screensaver begins` checkbox. + - In `FileVault` press the button to `Turn Off FileVault`. + - FileVault encrypts the contents of the disk until the first login. This means that the `ssh` service is not started until someone logs in on the physical machine, which makes the machine a pain to access after reboot. + +## Jenkins Controller Node Creation + +- Provision a new node in [Jenkins](https://builds.mantidproject.org/computer) with the following changes: + - Set *Remote root directory* to `/jenkins_workdir` + - Set environment variables: + - `BUILD_THREADS` => set based on system, e.g. number of cores + - `MANTID_DATA_STORE` => `/mantid_data` +- Once created make a note of the node's name and secret (the long string of letters and numbers) + +## Deploying to the Agent + +**We're calling nodes _agents_ from here on out. There's some nuance, but they're mostly interchangeable terms.** + +The ansible scripts will set up the machine and connect it to the Jenkins controller ready for running builds and other jobs. + +### Getting the Right Environment + +1. If you already have the `ansible-linode` repo and associated conda environment, activate it and skip to step 4. +2. Clone the [`mantidproject/ansible-linode`](https://github.com/mantidproject/ansible-linode) repo. +3. Navigate to the base of the cloned repo and run: + - `mamba create --prefix ./condaenv ansible` + - `mamba activate ./condaenv` + - Note: You can activate the environment from anywhere by providing the full path to the `condaenv` directory. +4. Clone the [`dockerfiles`](https://github.com/mantidproject/dockerfiles) repo and navigate to `jenkins-node/mantid-builder-macos/ansible`. +5. Install the required collections from Ansible Galaxy by running: + - `ansible-galaxy install -r requirements.yml` +6. Time to use that secret you made a note of. Create an `inventory.txt` file with the details of the machines to deploy to (one per line): +```ini +[all] + agent_name= agent_secret= + agent_name= agent_secret= +``` +If you've forgotten the secret, it can be found under `Environment Variables` in the `System Information` section of the agent. + +### Running the Script to Deploy the Agent + +1. Run the playbook to deploy to all the machines defined in your `inventory.txt` file: + +```sh +ansible-playbook -i inventory.txt jenkins-agent.yml -u mantidbuilder -K +``` + +2. When prompted, enter the agent's password that you made earlier. If you weren't the one who made the password, it should be in the `ISIS Jenkins Nodes` file on Keeper. +3. Wait for the play to complete and visit `https://builds.mantidproject.org/computer/NAME_OF_AGENT_ON_JENKINS`. The agent should be connected within five minutes. + - Note: The agent is kept connected to the controller by a crontab entry that runs on every 5th minute. This means that on first setup the note may not connect until a minute divisible by five has passed. From ccbb1decbff5cd3020633308388c46492f5d91fa Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Wed, 8 Feb 2023 18:02:41 +0000 Subject: [PATCH 08/19] Remove mistakenly added vscode settings RE #62 --- .vscode/settings.json | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 0c13e71..0000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "cSpell.words": [ - "workdir" - ] -} \ No newline at end of file From bd6089fe29ad66c119b2b7c7b713c3dcf2e5e75f Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Wed, 8 Feb 2023 18:03:57 +0000 Subject: [PATCH 09/19] Fix docs formatting RE #62 --- jenkins-node/mantid-builder-macos/README.md | 59 ++++++++++++--------- 1 file changed, 34 insertions(+), 25 deletions(-) diff --git a/jenkins-node/mantid-builder-macos/README.md b/jenkins-node/mantid-builder-macos/README.md index d0767be..36b5623 100644 --- a/jenkins-node/mantid-builder-macos/README.md +++ b/jenkins-node/mantid-builder-macos/README.md @@ -15,19 +15,24 @@ There are few steps that need to be manually taken on a brand new machine before - Login to the provided administrator account. - Set up a `mantidbuilder` user on the new machine: - - Open the `System Preferences -> Users & Groups` menu. - - Press the `+` button below the list of users and add a new administrator account. Use `mantidbuilder` for both the name fields and provide a strong password. + + - Open the `System Preferences -> Users & Groups` menu. + - Press the `+` button below the list of users and add a new administrator account. Use `mantidbuilder` for both the name fields and provide a strong password. + - Enable remote access: - - Open `System Preferences -> Sharing`. - - Enable `Remote Login` for all users and allow full disk access. - - Make a note of the `ssh` login instructions, especially the hostname after the `@`. - - Store the chosen password and the hostname in the `ISIS Jenkins Nodes` file in Keeper. - - Enable `Remote Management` for all users. + + - Open `System Preferences -> Sharing`. + - Enable `Remote Login` for all users and allow full disk access. + - Make a note of the `ssh` login instructions, especially the hostname after the `@`. + - Store the chosen password and the hostname in the `ISIS Jenkins Nodes` file in Keeper. + - Enable `Remote Management` for all users. + - Set security settings to allow for builds and consistent access: - - Open `System Preferences -> Security & Privacy`. - - In `General`, untick the `Require password [...] after sleep or screensaver begins` checkbox. - - In `FileVault` press the button to `Turn Off FileVault`. - - FileVault encrypts the contents of the disk until the first login. This means that the `ssh` service is not started until someone logs in on the physical machine, which makes the machine a pain to access after reboot. + + - Open `System Preferences -> Security & Privacy`. + - In `General`, untick the `Require password [...] after sleep or screensaver begins` checkbox. + - In `FileVault` press the button to `Turn Off FileVault`. + - FileVault encrypts the contents of the disk until the first login. This means that the `ssh` service is not started until someone logs in on the physical machine, which makes the machine a pain to access after reboot. ## Jenkins Controller Node Creation @@ -49,28 +54,32 @@ The ansible scripts will set up the machine and connect it to the Jenkins contro 1. If you already have the `ansible-linode` repo and associated conda environment, activate it and skip to step 4. 2. Clone the [`mantidproject/ansible-linode`](https://github.com/mantidproject/ansible-linode) repo. 3. Navigate to the base of the cloned repo and run: - - `mamba create --prefix ./condaenv ansible` - - `mamba activate ./condaenv` - - Note: You can activate the environment from anywhere by providing the full path to the `condaenv` directory. + + - `mamba create --prefix ./condaenv ansible` + - `mamba activate ./condaenv` + - Note: You can activate the environment from anywhere by providing the full path to the `condaenv` directory. + 4. Clone the [`dockerfiles`](https://github.com/mantidproject/dockerfiles) repo and navigate to `jenkins-node/mantid-builder-macos/ansible`. 5. Install the required collections from Ansible Galaxy by running: - - `ansible-galaxy install -r requirements.yml` + - `ansible-galaxy install -r requirements.yml` 6. Time to use that secret you made a note of. Create an `inventory.txt` file with the details of the machines to deploy to (one per line): -```ini -[all] - agent_name= agent_secret= - agent_name= agent_secret= -``` -If you've forgotten the secret, it can be found under `Environment Variables` in the `System Information` section of the agent. + + ```ini + [all] + agent_name= agent_secret= + agent_name= agent_secret= + ``` + + If you've forgotten the secret, it can be found under `Environment Variables` in the `System Information` section of the agent. ### Running the Script to Deploy the Agent 1. Run the playbook to deploy to all the machines defined in your `inventory.txt` file: -```sh -ansible-playbook -i inventory.txt jenkins-agent.yml -u mantidbuilder -K -``` + ```sh + ansible-playbook -i inventory.txt jenkins-agent.yml -u mantidbuilder -K + ``` 2. When prompted, enter the agent's password that you made earlier. If you weren't the one who made the password, it should be in the `ISIS Jenkins Nodes` file on Keeper. 3. Wait for the play to complete and visit `https://builds.mantidproject.org/computer/NAME_OF_AGENT_ON_JENKINS`. The agent should be connected within five minutes. - - Note: The agent is kept connected to the controller by a crontab entry that runs on every 5th minute. This means that on first setup the note may not connect until a minute divisible by five has passed. + - Note: The agent is kept connected to the controller by a crontab entry that runs on every 5th minute. This means that on first setup the note may not connect until a minute divisible by five has passed. From 91f260c79c2cc40c3872dd54ea09538daf96a849 Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Wed, 8 Feb 2023 18:11:24 +0000 Subject: [PATCH 10/19] Fix other file's formatting RE #62 --- jenkins-node/mantid-builder-macos/ansible/requirements.yml | 2 +- .../ansible/roles/agent/tasks/check-connection.sh | 2 +- .../mantid-builder-macos/ansible/roles/agent/tasks/main.yml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/jenkins-node/mantid-builder-macos/ansible/requirements.yml b/jenkins-node/mantid-builder-macos/ansible/requirements.yml index 9357fc7..cb9538a 100644 --- a/jenkins-node/mantid-builder-macos/ansible/requirements.yml +++ b/jenkins-node/mantid-builder-macos/ansible/requirements.yml @@ -1,3 +1,3 @@ --- collections: - - name: geerlingguy.mac \ No newline at end of file + - name: geerlingguy.mac diff --git a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/check-connection.sh b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/check-connection.sh index 2b1e4ca..1482de1 100644 --- a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/check-connection.sh +++ b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/check-connection.sh @@ -37,4 +37,4 @@ fi echo "Agent connected successfully. " -exit 0 \ No newline at end of file +exit 0 diff --git a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml index 0a82476..ffd4a26 100644 --- a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml +++ b/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml @@ -1,12 +1,14 @@ --- # Deploy Jenkins agent on macOS -# Install Requirements +# Set up the environment - name: Add user to sudoers on new macs. shell: /Applications/Privileges.app/Contents/Resources/PrivilegesCLI --add ignore_errors: true # Not all the macs have these, so don't panic if it fails. +# Install Requirements + - name: Install homebrew include_role: name: geerlingguy.mac.homebrew From c68915a88da86cd3134dfa81b74fee7020945d3d Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Fri, 10 Feb 2023 13:40:58 +0000 Subject: [PATCH 11/19] Fix typo in docs RE #62 --- jenkins-node/mantid-builder-macos/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jenkins-node/mantid-builder-macos/README.md b/jenkins-node/mantid-builder-macos/README.md index 36b5623..dd04378 100644 --- a/jenkins-node/mantid-builder-macos/README.md +++ b/jenkins-node/mantid-builder-macos/README.md @@ -82,4 +82,4 @@ The ansible scripts will set up the machine and connect it to the Jenkins contro 2. When prompted, enter the agent's password that you made earlier. If you weren't the one who made the password, it should be in the `ISIS Jenkins Nodes` file on Keeper. 3. Wait for the play to complete and visit `https://builds.mantidproject.org/computer/NAME_OF_AGENT_ON_JENKINS`. The agent should be connected within five minutes. - - Note: The agent is kept connected to the controller by a crontab entry that runs on every 5th minute. This means that on first setup the note may not connect until a minute divisible by five has passed. + - Note: The agent is kept connected to the controller by a crontab entry that runs on every 5th minute. This means that on first setup the agent may not connect until a minute divisible by five has passed. From 3bbc5838d26b765a41312022f1131febdd6c2d8f Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Mon, 15 May 2023 16:14:49 +0100 Subject: [PATCH 12/19] Move and rename script to match other OSs RE #62 --- .../mantid-builder-macos => macOS/jenkins-node}/README.md | 0 .../jenkins-node}/ansible/jenkins-agent.yml | 0 .../jenkins-node}/ansible/requirements.yml | 0 .../jenkins-node}/ansible/roles/agent/tasks/check-connection.sh | 0 .../jenkins-node}/ansible/roles/agent/tasks/main.yml | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename {jenkins-node/mantid-builder-macos => macOS/jenkins-node}/README.md (100%) rename {jenkins-node/mantid-builder-macos => macOS/jenkins-node}/ansible/jenkins-agent.yml (100%) rename {jenkins-node/mantid-builder-macos => macOS/jenkins-node}/ansible/requirements.yml (100%) rename {jenkins-node/mantid-builder-macos => macOS/jenkins-node}/ansible/roles/agent/tasks/check-connection.sh (100%) rename {jenkins-node/mantid-builder-macos => macOS/jenkins-node}/ansible/roles/agent/tasks/main.yml (100%) diff --git a/jenkins-node/mantid-builder-macos/README.md b/macOS/jenkins-node/README.md similarity index 100% rename from jenkins-node/mantid-builder-macos/README.md rename to macOS/jenkins-node/README.md diff --git a/jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml b/macOS/jenkins-node/ansible/jenkins-agent.yml similarity index 100% rename from jenkins-node/mantid-builder-macos/ansible/jenkins-agent.yml rename to macOS/jenkins-node/ansible/jenkins-agent.yml diff --git a/jenkins-node/mantid-builder-macos/ansible/requirements.yml b/macOS/jenkins-node/ansible/requirements.yml similarity index 100% rename from jenkins-node/mantid-builder-macos/ansible/requirements.yml rename to macOS/jenkins-node/ansible/requirements.yml diff --git a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/check-connection.sh b/macOS/jenkins-node/ansible/roles/agent/tasks/check-connection.sh similarity index 100% rename from jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/check-connection.sh rename to macOS/jenkins-node/ansible/roles/agent/tasks/check-connection.sh diff --git a/jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml b/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml similarity index 100% rename from jenkins-node/mantid-builder-macos/ansible/roles/agent/tasks/main.yml rename to macOS/jenkins-node/ansible/roles/agent/tasks/main.yml From fc4fd35750ea106c917d56fd8062998346f06da0 Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Tue, 6 Jun 2023 15:26:49 +0100 Subject: [PATCH 13/19] Symlink java11 to make sure it's in the path RE #62 --- macOS/jenkins-node/ansible/roles/agent/tasks/main.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml b/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml index ffd4a26..03a6e25 100644 --- a/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml +++ b/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml @@ -31,6 +31,17 @@ name: java11 state: present +- name: Symlink Java 11. + shell: ln -sfn /opt/homebrew/opt/openjdk@11/libexec/openjdk.jdk /Library/Java/JavaVirtualMachines/openjdk-11.jdk + become: true + become_user: root + +- name: Ensure that the java install has been added to the path + ansible.builtin.lineinfile: + path: ~/.zshrc + line: export PATH="/opt/homebrew/opt/openjdk@11/bin:$PATH" + create: true + # Configure macOS Settings. - name: Disable screensaver. From 50096600da6763aedc53605764ed1dbda47cf33f Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Tue, 6 Jun 2023 16:08:51 +0100 Subject: [PATCH 14/19] Add extra manual setup steps to docs RE #62 --- macOS/jenkins-node/README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/macOS/jenkins-node/README.md b/macOS/jenkins-node/README.md index dd04378..d672e0a 100644 --- a/macOS/jenkins-node/README.md +++ b/macOS/jenkins-node/README.md @@ -34,6 +34,12 @@ There are few steps that need to be manually taken on a brand new machine before - In `FileVault` press the button to `Turn Off FileVault`. - FileVault encrypts the contents of the disk until the first login. This means that the `ssh` service is not started until someone logs in on the physical machine, which makes the machine a pain to access after reboot. +- Install XCode Command Line Tools: + + - Launch a terminal. + - Run `xcode-select --install`. + - Wait for the popup to appear and click `Install`. + ## Jenkins Controller Node Creation - Provision a new node in [Jenkins](https://builds.mantidproject.org/computer) with the following changes: @@ -74,6 +80,7 @@ The ansible scripts will set up the machine and connect it to the Jenkins contro ### Running the Script to Deploy the Agent +1. Add your SSH key to the host by running `ssh-copy-id mantidbuilder@` in a terminal. 1. Run the playbook to deploy to all the machines defined in your `inventory.txt` file: ```sh @@ -82,4 +89,11 @@ The ansible scripts will set up the machine and connect it to the Jenkins contro 2. When prompted, enter the agent's password that you made earlier. If you weren't the one who made the password, it should be in the `ISIS Jenkins Nodes` file on Keeper. 3. Wait for the play to complete and visit `https://builds.mantidproject.org/computer/NAME_OF_AGENT_ON_JENKINS`. The agent should be connected within five minutes. + - Note: The agent is kept connected to the controller by a crontab entry that runs on every 5th minute. This means that on first setup the agent may not connect until a minute divisible by five has passed. + + +## Troubleshooting + +- You may need to log in manually or by using VNC at least once to allow the ansible script to run. This can be due to FireVault blocking SSH connections until the machine is unlocked. + - To make use of VNC from a mac: Open finder and press `Cmd+K`, then enter `vnc://`. Use the `mantidbuilder` login for the machine. \ No newline at end of file From 57ed93b7e77062e6f124ba8420185038571398e1 Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Wed, 7 Jun 2023 12:23:36 +0100 Subject: [PATCH 15/19] Download and place the mac sdk for building with conda RE #62 --- .../ansible/roles/agent/tasks/main.yml | 35 ++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml b/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml index 03a6e25..a9956cd 100644 --- a/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml +++ b/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml @@ -26,6 +26,17 @@ name: git state: latest +- name: Install gnu-tar. + community.general.homebrew: + name: gnu-tar + state: present + +- name: Ensure that gnu-tar has been added to the path + ansible.builtin.lineinfile: + path: ~/.zshenv + line: export PATH="/opt/homebrew/opt/gnu-tar/libexec/gnubin:$PATH" + create: true + - name: Install Java 11. community.general.homebrew: name: java11 @@ -36,12 +47,34 @@ become: true become_user: root -- name: Ensure that the java install has been added to the path +- name: Ensure that the java install has been added to the path. ansible.builtin.lineinfile: path: ~/.zshrc line: export PATH="/opt/homebrew/opt/openjdk@11/bin:$PATH" create: true +- name: Download the Mac SDK. + ansible.builtin.get_url: + url: https://github.com/phracker/MacOSX-SDKs/releases/download/11.3/MacOSX10.10.sdk.tar.xz + dest: ~/ + mode: '777' + force: true + +- name: Unarchive the Mac SDK. + ansible.builtin.unarchive: + src: ~/MacOSX10.10.sdk.tar.xz + dest: ~/ + remote_src: yes + +- name: Move the Mac SDK into opt + shell: mv /Users/mantidbuilder/MacOSX10.10.sdk /opt + become: true + +- name: Remove the downloaded Mac SDK's Tarball. + ansible.builtin.file: + path: ~/MacOSX10.10.sdk.tar.xz + state: absent + # Configure macOS Settings. - name: Disable screensaver. From a81bf453af600ebf46a0744501046c7bf20f64df Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Wed, 7 Jun 2023 14:41:54 +0100 Subject: [PATCH 16/19] Refactor installation into different files RE #62 --- .../ansible/roles/agent/tasks/java11.yml | 17 ++++ .../ansible/roles/agent/tasks/mac-sdk.yml | 34 ++++++++ .../ansible/roles/agent/tasks/main.yml | 77 ++++--------------- .../roles/agent/tasks/start-jenkins-agent.yml | 16 ++++ 4 files changed, 81 insertions(+), 63 deletions(-) create mode 100644 macOS/jenkins-node/ansible/roles/agent/tasks/java11.yml create mode 100644 macOS/jenkins-node/ansible/roles/agent/tasks/mac-sdk.yml create mode 100644 macOS/jenkins-node/ansible/roles/agent/tasks/start-jenkins-agent.yml diff --git a/macOS/jenkins-node/ansible/roles/agent/tasks/java11.yml b/macOS/jenkins-node/ansible/roles/agent/tasks/java11.yml new file mode 100644 index 0000000..6aa04be --- /dev/null +++ b/macOS/jenkins-node/ansible/roles/agent/tasks/java11.yml @@ -0,0 +1,17 @@ +# Set up Java 11 Installation. + +- name: Install Java 11. + community.general.homebrew: + name: java11 + state: present + +- name: Symlink Java 11. + shell: ln -sfn /opt/homebrew/opt/openjdk@11/libexec/openjdk.jdk /Library/Java/JavaVirtualMachines/openjdk-11.jdk + become: true + become_user: root + +- name: Ensure that the java install has been added to the path. + ansible.builtin.lineinfile: + path: ~/.zshrc + line: export PATH="/opt/homebrew/opt/openjdk@11/bin:$PATH" + create: true diff --git a/macOS/jenkins-node/ansible/roles/agent/tasks/mac-sdk.yml b/macOS/jenkins-node/ansible/roles/agent/tasks/mac-sdk.yml new file mode 100644 index 0000000..ad77bee --- /dev/null +++ b/macOS/jenkins-node/ansible/roles/agent/tasks/mac-sdk.yml @@ -0,0 +1,34 @@ +# Download and set up the Mac OSX SDK ready for Conda to use. + +- name: Install gnu-tar. + community.general.homebrew: + name: gnu-tar + state: present + +- name: Ensure that gnu-tar has been added to the path + ansible.builtin.lineinfile: + path: ~/.zshenv + line: export PATH="/opt/homebrew/opt/gnu-tar/libexec/gnubin:$PATH" + create: true + +- name: Download the Mac SDK. + ansible.builtin.get_url: + url: https://github.com/phracker/MacOSX-SDKs/releases/download/11.3/MacOSX10.10.sdk.tar.xz + dest: ~/ + mode: '777' + force: true + +- name: Unarchive the Mac SDK. + ansible.builtin.unarchive: + src: ~/MacOSX10.10.sdk.tar.xz + dest: ~/ + remote_src: yes + +- name: Move the Mac SDK into opt + shell: mv /Users/mantidbuilder/MacOSX10.10.sdk /opt + become: true + +- name: Remove the downloaded Mac SDK Tarball. + ansible.builtin.file: + path: ~/MacOSX10.10.sdk.tar.xz + state: absent diff --git a/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml b/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml index a9956cd..04d2dca 100644 --- a/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml +++ b/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml @@ -26,54 +26,17 @@ name: git state: latest -- name: Install gnu-tar. - community.general.homebrew: - name: gnu-tar - state: present - -- name: Ensure that gnu-tar has been added to the path - ansible.builtin.lineinfile: - path: ~/.zshenv - line: export PATH="/opt/homebrew/opt/gnu-tar/libexec/gnubin:$PATH" - create: true - -- name: Install Java 11. - community.general.homebrew: - name: java11 - state: present - -- name: Symlink Java 11. - shell: ln -sfn /opt/homebrew/opt/openjdk@11/libexec/openjdk.jdk /Library/Java/JavaVirtualMachines/openjdk-11.jdk - become: true - become_user: root - -- name: Ensure that the java install has been added to the path. - ansible.builtin.lineinfile: - path: ~/.zshrc - line: export PATH="/opt/homebrew/opt/openjdk@11/bin:$PATH" - create: true - -- name: Download the Mac SDK. - ansible.builtin.get_url: - url: https://github.com/phracker/MacOSX-SDKs/releases/download/11.3/MacOSX10.10.sdk.tar.xz - dest: ~/ - mode: '777' - force: true - -- name: Unarchive the Mac SDK. - ansible.builtin.unarchive: - src: ~/MacOSX10.10.sdk.tar.xz - dest: ~/ - remote_src: yes - -- name: Move the Mac SDK into opt - shell: mv /Users/mantidbuilder/MacOSX10.10.sdk /opt - become: true - -- name: Remove the downloaded Mac SDK's Tarball. - ansible.builtin.file: - path: ~/MacOSX10.10.sdk.tar.xz - state: absent +- name: Install and Set up Java 11 + include_tasks: java11.yml + +- name: Check for the MacOSX SDK + stat: + path: /opt/MacOSX10.10.sdk + register: sdk_stats + +- name: Download and Install MacOSX SDK + include_tasks: mac-sdk.yml + when: not sdk_stats.stat.exists # Configure macOS Settings. @@ -85,22 +48,10 @@ # Test and start the agent. Note: Connection will only begin consistently every 5th minute if changes are made. -- name: Download jenkins slave script. - shell: curl -o $HOME/jenkins-slave.sh https://raw.githubusercontent.com/mantidproject/mantid/main/buildconfig/Jenkins/jenkins-slave.sh - -- name: Make the slave script executable. - shell: chmod 777 $HOME/jenkins-slave.sh - -- name: Check the Jenkins agent connection script. - script: ./check-connection.sh {{ agent_name }} {{ agent_secret }} - -- name: Setup a chrontab entry to run the agent script every 5th minute. - ansible.builtin.cron: - name: "Run slave script" - minute: "*/5" - job: "$HOME/jenkins-slave.sh {{ agent_name }} {{ agent_secret }}" +- name: Start the jenkins agent + include_tasks: start-jenkins-agent.yml -# Tidy up the evironment. +# Tidy up the environment. - name: Remove user from sudoers on new macs. shell: /Applications/Privileges.app/Contents/Resources/PrivilegesCLI --remove diff --git a/macOS/jenkins-node/ansible/roles/agent/tasks/start-jenkins-agent.yml b/macOS/jenkins-node/ansible/roles/agent/tasks/start-jenkins-agent.yml new file mode 100644 index 0000000..fd487d3 --- /dev/null +++ b/macOS/jenkins-node/ansible/roles/agent/tasks/start-jenkins-agent.yml @@ -0,0 +1,16 @@ +# Test and start the agent. Note: Connection will only begin consistently every 5th minute if changes are made. + +- name: Download jenkins slave script. + shell: curl -o $HOME/jenkins-slave.sh https://raw.githubusercontent.com/mantidproject/mantid/main/buildconfig/Jenkins/jenkins-slave.sh + +- name: Make the slave script executable. + shell: chmod 777 $HOME/jenkins-slave.sh + +- name: Check the Jenkins agent connection script. + script: ./check-connection.sh {{ agent_name }} {{ agent_secret }} + +- name: Setup a chrontab entry to run the agent script every 5th minute. + ansible.builtin.cron: + name: "Run slave script" + minute: "*/5" + job: "$HOME/jenkins-slave.sh {{ agent_name }} {{ agent_secret }}" From 8281738369b33425ccbf6e4f8199166c809ccfb6 Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Mon, 17 Jul 2023 09:45:54 +0100 Subject: [PATCH 17/19] Add SSH key step to manual instructions RE #62 --- macOS/jenkins-node/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/macOS/jenkins-node/README.md b/macOS/jenkins-node/README.md index d672e0a..7571cec 100644 --- a/macOS/jenkins-node/README.md +++ b/macOS/jenkins-node/README.md @@ -40,6 +40,11 @@ There are few steps that need to be manually taken on a brand new machine before - Run `xcode-select --install`. - Wait for the popup to appear and click `Install`. + +- Back on the machine you will be doing the deployment on, you will need to add your SSH key to the new mac: + + - `ssh-copy-id mantidbuilder@` + ## Jenkins Controller Node Creation - Provision a new node in [Jenkins](https://builds.mantidproject.org/computer) with the following changes: From db75b56e0e1248813d56b495f13b5cd44c86bce3 Mon Sep 17 00:00:00 2001 From: Conor Finn Date: Tue, 22 Aug 2023 15:55:46 +0100 Subject: [PATCH 18/19] Amend path in docs RE #62 --- macOS/jenkins-node/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/macOS/jenkins-node/README.md b/macOS/jenkins-node/README.md index 7571cec..86f6949 100644 --- a/macOS/jenkins-node/README.md +++ b/macOS/jenkins-node/README.md @@ -70,7 +70,7 @@ The ansible scripts will set up the machine and connect it to the Jenkins contro - `mamba activate ./condaenv` - Note: You can activate the environment from anywhere by providing the full path to the `condaenv` directory. -4. Clone the [`dockerfiles`](https://github.com/mantidproject/dockerfiles) repo and navigate to `jenkins-node/mantid-builder-macos/ansible`. +4. Clone the [`dockerfiles`](https://github.com/mantidproject/dockerfiles) repo and navigate to `macOS/jenkins-node/ansible`. 5. Install the required collections from Ansible Galaxy by running: - `ansible-galaxy install -r requirements.yml` 6. Time to use that secret you made a note of. Create an `inventory.txt` file with the details of the machines to deploy to (one per line): @@ -101,4 +101,4 @@ The ansible scripts will set up the machine and connect it to the Jenkins contro ## Troubleshooting - You may need to log in manually or by using VNC at least once to allow the ansible script to run. This can be due to FireVault blocking SSH connections until the machine is unlocked. - - To make use of VNC from a mac: Open finder and press `Cmd+K`, then enter `vnc://`. Use the `mantidbuilder` login for the machine. \ No newline at end of file + - To make use of VNC from a mac: Open finder and press `Cmd+K`, then enter `vnc://`. Use the `mantidbuilder` login for the machine. From 412d03d11dbc4d2eeaacb408db1fa92240e7ff0f Mon Sep 17 00:00:00 2001 From: Caila Finn <47181718+cailafinn@users.noreply.github.com> Date: Thu, 5 Sep 2024 15:32:23 +0100 Subject: [PATCH 19/19] Reboot after power failure --- macOS/jenkins-node/ansible/roles/agent/tasks/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml b/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml index 04d2dca..b8ba6f5 100644 --- a/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml +++ b/macOS/jenkins-node/ansible/roles/agent/tasks/main.yml @@ -46,6 +46,10 @@ - name: Disable saved application states to avoid dialog. shell: defaults write org.python.python NSQuitAlwaysKeepsWindows -bool false +- name: Ensure the machine boots back up after a power failure. + shell: systemsetup -setrestartpowerfailure on + become: true + # Test and start the agent. Note: Connection will only begin consistently every 5th minute if changes are made. - name: Start the jenkins agent