This is an automated email from the ASF dual-hosted git repository.
vatamane pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb-infra-cm.git
The following commit(s) were added to refs/heads/main by this push:
new c54de4a Add asfminidebian worker (thanks, Jan!)
c54de4a is described below
commit c54de4abdb0e5581187a2c472a03d565acb463bb
Author: Nick Vatamaniuc <[email protected]>
AuthorDate: Fri Jan 16 00:16:57 2026 -0500
Add asfminidebian worker (thanks, Jan!)
It's a Debian 13 arm64 host.
Managed to added it to the CI node list and put it under Ansible management.
To do that had to harmonize some packages between Ubuntu and Debian
Also had to introduce an idea that extra hosts (those are non-IBM ones) also
can have a bastion entry. So that added some complications to setup but the
chances are we'll see much such cases in the future.
The list was generated with `./tools/gen-config`
The input list `~/.couchdb-infra-cm.cfg` was updated with
```
[extra.asfmini]
user = administrator
ip_addr = 207.254.28.245
[extra.asfminidebian]
user = couchdb
ip_addr = 192.168.66.3
arch = arm64
num_cpus = 4
ram = 4
proxyjump = asfmini
```
---
host_vars/asfminidebian.yml | 12 ++++++
production | 22 +++++++++++
roles/ci_agent/tasks/main.yml | 2 +-
roles/common/tasks/main.yml | 3 +-
ssh.cfg | 32 ++++++++++++----
tools/gen-config | 85 ++++++++++++++++++++++++++++++++++++-------
6 files changed, 132 insertions(+), 24 deletions(-)
diff --git a/host_vars/asfminidebian.yml b/host_vars/asfminidebian.yml
new file mode 100644
index 0000000..e940ade
--- /dev/null
+++ b/host_vars/asfminidebian.yml
@@ -0,0 +1,12 @@
+jenkins_secret: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+
33343462643836636134363234383764356135656437316238373232343465653636613866666338
+
3232633731313861623063366263636136636263383133620a326131303831663036353835353161
+
66653834353539393338346563356665363630326533346336616630646334343836306364663962
+
6664323933613931650a636231343166333232383830373765376262303166633064633630613234
+
35373735326266376334373363323361646262656334383038323430633537613264616638316531
+
33313333626461613435303933313633383930656534636531383939333065343165333334613430
+
66346639623231373061626164343463613432623164303936343937663465633461653338396565
+ 38636330623532383931
+
+
diff --git a/production b/production
index ba612c0..ad9cf68 100644
--- a/production
+++ b/production
@@ -2,7 +2,15 @@ all:
children:
bastions:
hosts:
+ asfmini:
+ extra: true
+ instance:
+ name: asfmini
+ ip_addrs:
+ public: 207.254.28.245
+ user: administrator
couchdb-bastion-x86-64-ubuntu-dal-1-01:
+ extra: false
instance:
created_at: '2024-12-03T06:27:13Z'
id: 0717_d4657905-4dcd-488f-9305-a7e1722ee2bf
@@ -21,6 +29,20 @@ all:
user: ubuntu
ci_agents:
hosts:
+ asfminidebian:
+ instance:
+ id: asfminidebian
+ name: asfminidebian
+ subnet: null
+ ip_addrs:
+ bastion_host: null
+ bastion_ip: null
+ public: 192.168.66.3
+ system:
+ arch: arm64
+ num_cpus: 4
+ ram: 4
+ user: couchdb
couchdb-worker-x86-64-ubuntu-dal-1-01:
instance:
created_at: '2024-05-21T03:39:16Z'
diff --git a/roles/ci_agent/tasks/main.yml b/roles/ci_agent/tasks/main.yml
index 41a2a56..0201875 100644
--- a/roles/ci_agent/tasks/main.yml
+++ b/roles/ci_agent/tasks/main.yml
@@ -18,7 +18,7 @@
state: latest
vars:
packages:
- - openjdk-17-jre-headless
+ - openjdk-21-jre-headless
- name: Setup Docker APT repository
become: yes
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 5ac76a9..bba9d4d 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -67,11 +67,10 @@
- gnupg2
- mtr-tiny
- nload
- - ntp
+ - chrony
- python3
- runit
- screen
- - software-properties-common
- strace
- sudo
- tcpdump
diff --git a/ssh.cfg b/ssh.cfg
index 4e22947..66dc7d5 100644
--- a/ssh.cfg
+++ b/ssh.cfg
@@ -1,3 +1,12 @@
+Host asfmini
+ Hostname 207.254.28.245
+ User administrator
+ ForwardAgent yes
+ StrictHostKeyChecking no
+ ControlMaster auto
+ ControlPath /tmp/ansible-%r@%h:%p
+ ControlPersist 30m
+
Host couchdb-bastion-x86-64-ubuntu-dal-1-01
Hostname 52.118.184.106
User ubuntu
@@ -7,53 +16,60 @@ Host couchdb-bastion-x86-64-ubuntu-dal-1-01
ControlPath /tmp/ansible-%r@%h:%p
ControlPersist 30m
+Host asfminidebian
+ Hostname 192.168.66.3
+ User couchdb
+ ForwardAgent yes
+ StrictHostKeyChecking no
+ ProxyJump asfmini
+
Host couchdb-worker-x86-64-ubuntu-dal-1-01
Hostname 10.240.0.4
User ubuntu
StrictHostKeyChecking no
- ProxyCommand /usr/bin/ssh -W %h:%p -q
ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01
+ ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01
Host couchdb-worker-x86-64-ubuntu-dal-1-02
Hostname 10.240.0.5
User ubuntu
StrictHostKeyChecking no
- ProxyCommand /usr/bin/ssh -W %h:%p -q
ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01
+ ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01
Host couchdb-worker-x86-64-ubuntu-dal-1-03
Hostname 10.240.0.6
User ubuntu
StrictHostKeyChecking no
- ProxyCommand /usr/bin/ssh -W %h:%p -q
ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01
+ ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01
Host couchdb-worker-x86-64-ubuntu-dal-1-04
Hostname 10.240.0.7
User ubuntu
StrictHostKeyChecking no
- ProxyCommand /usr/bin/ssh -W %h:%p -q
ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01
+ ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01
Host couchdb-worker-x86-64-ubuntu-dal-1-05
Hostname 10.240.0.8
User ubuntu
StrictHostKeyChecking no
- ProxyCommand /usr/bin/ssh -W %h:%p -q
ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01
+ ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01
Host couchdb-worker-x86-64-ubuntu-dal-1-06
Hostname 10.240.0.9
User ubuntu
StrictHostKeyChecking no
- ProxyCommand /usr/bin/ssh -W %h:%p -q
ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01
+ ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01
Host couchdb-worker-x86-64-ubuntu-dal-1-07
Hostname 10.240.0.10
User ubuntu
StrictHostKeyChecking no
- ProxyCommand /usr/bin/ssh -W %h:%p -q
ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01
+ ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01
Host couchdb-worker-x86-64-ubuntu-dal-1-08
Hostname 10.240.0.11
User ubuntu
StrictHostKeyChecking no
- ProxyCommand /usr/bin/ssh -W %h:%p -q
ubuntu@couchdb-bastion-x86-64-ubuntu-dal-1-01
+ ProxyJump couchdb-bastion-x86-64-ubuntu-dal-1-01
Host linux1
Hostname 148.100.74.32
diff --git a/tools/gen-config b/tools/gen-config
index 24c0c78..33462da 100755
--- a/tools/gen-config
+++ b/tools/gen-config
@@ -53,10 +53,12 @@ def load_environment():
"instance_id" : parser.get(section, "id", fallback=name),
"ip_addr": parser.get(section, "ip_addr"),
"user": parser.get(section, "user"),
+ "proxyjump": parser.get(section, "proxyjump", fallback = None),
+ "is_proxy": False,
"system": {
- "arch": parser.get(section, "arch"),
- "num_cpus": int(parser.get(section, "num_cpus")),
- "ram": int(parser.get(section, "ram"))
+ "arch": parser.get(section, "arch", fallback = None),
+ "num_cpus": int(parser.get(section, "num_cpus", fallback =
0)),
+ "ram": int(parser.get(section, "ram", fallback = 0))
}
}
@@ -86,7 +88,13 @@ def load_environment():
"instance_id" : parser.get(section, "instance_id",
fallback=None)
}
-
+ for k in EXTRA:
+ proxy = EXTRA[k]["proxyjump"]
+ if proxy:
+ if proxy not in EXTRA:
+ print(f"Proxy jump host {proxy} not found in extras")
+ exit(1)
+ EXTRA[proxy]["is_proxy"] = True
def load_iam_tokens():
for env in ENV:
@@ -167,6 +175,7 @@ def load_bastion(bastions, instance):
ip_addr = floating_ips[0]["address"]
bastions[name] = {
+ "extra": False,
"instance": {
"id": instance["id"],
"name": instance["name"],
@@ -188,6 +197,22 @@ def load_bastion(bastions, instance):
"user": "ubuntu"
}
+def load_extra_bastion(bastions, instance):
+ name = instance["name"]
+ if name in bastions:
+ print(f"Duplicate bastion found {name}")
+ exit(2)
+
+ bastions[name] = {
+ "extra": True,
+ "instance": {
+ "name": instance["name"]
+ },
+ "ip_addrs": {
+ "public": instance["ip_addr"]
+ },
+ "user": instance["user"]
+ }
def load_ci_agent(ci_agents, instance):
if instance["status"] != "running":
@@ -258,6 +283,8 @@ def get_private_ip(instance):
def assign_bastions(bastions, ci_agents):
subnets = {}
for (host, bastion) in bastions.items():
+ if bastion["extra"]:
+ continue
subnet = bastion["instance"]["subnet"]
ip_addr = bastion["ip_addrs"]["public"]
assert subnet not in subnets
@@ -301,12 +328,32 @@ def write_ssh_cfg(filename, bastions, ci_agents):
ControlPersist 30m
""")
+ extra_ci_agent_tmpl = textwrap.dedent("""\
+ Host {host}
+ Hostname {ip_addr}
+ User {user}
+ ForwardAgent yes
+ StrictHostKeyChecking no
+ ControlMaster auto
+ ControlPath /tmp/ansible-%r@%h:%p
+ ControlPersist 30m
+
+ """)
+ extra_ci_agent_with_proxy_tmpl = textwrap.dedent("""\
+ Host {host}
+ Hostname {ip_addr}
+ User {user}
+ ForwardAgent yes
+ StrictHostKeyChecking no
+ ProxyJump {proxy}
+
+ """)
ci_agent_tmpl = textwrap.dedent("""\
Host {host}
Hostname {ip_addr}
User {user}
StrictHostKeyChecking no
- ProxyCommand /usr/bin/ssh -W %h:%p -q ubuntu@{bastion_host}
+ ProxyJump {bastion_host}
""")
with open(filename, "w") as handle:
@@ -321,13 +368,22 @@ def write_ssh_cfg(filename, bastions, ci_agents):
for host, info in sorted(ci_agents.items()):
user = info["user"]
if host in EXTRA:
- # extra CI agent use an external IP directly
- args = {
- "user": user,
- "host": host,
- "ip_addr": info["ip_addrs"]["public"]
- }
- entry = bastion_tmpl.format(**args)
+ proxy = EXTRA[host]["proxyjump"]
+ if proxy:
+ args = {
+ "user": user,
+ "host": host,
+ "ip_addr": info["ip_addrs"]["public"],
+ "proxy": proxy
+ }
+ entry = extra_ci_agent_with_proxy_tmpl.format(**args)
+ else:
+ args = {
+ "user": user,
+ "host": host,
+ "ip_addr": info["ip_addrs"]["public"]
+ }
+ entry = extra_ci_agent_tmpl.format(**args)
else:
bastion_ip = info["ip_addrs"]["bastion_ip"]
bastion_host = info["ip_addrs"]["bastion_host"]
@@ -375,7 +431,10 @@ def main():
elif instance["name"].startswith("couchdb-worker"):
load_ci_agent(ci_agents, instance)
elif instance["name"] in EXTRA:
- load_extra_ci_agent(ci_agents, instance)
+ if not EXTRA[instance["name"]]["is_proxy"]:
+ load_extra_ci_agent(ci_agents, instance)
+ else:
+ load_extra_bastion(bastions, instance)
assign_bastions(bastions, ci_agents)
