Gitweb links:
...log
http://git.netsurf-browser.org/netsurf-wiki.git/shortlog/f499ef8cd2f632f09063ff6edbf1f1febad9a90b
...commit
http://git.netsurf-browser.org/netsurf-wiki.git/commit/f499ef8cd2f632f09063ff6edbf1f1febad9a90b
...tree
http://git.netsurf-browser.org/netsurf-wiki.git/tree/f499ef8cd2f632f09063ff6edbf1f1febad9a90b
The branch, master has been updated
via f499ef8cd2f632f09063ff6edbf1f1febad9a90b (commit)
from 815c6a65f40082fe4baeb7a44a3b2c99959fc3c8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commitdiff
http://git.netsurf-browser.org/netsurf-wiki.git/commit/?id=f499ef8cd2f632f09063ff6edbf1f1febad9a90b
commit f499ef8cd2f632f09063ff6edbf1f1febad9a90b
Author: Vincent Sanders <[email protected]>
Commit: Vincent Sanders <[email protected]>
commit instructions for a scaleway node
diff --git a/continuous_integration.mdwn b/continuous_integration.mdwn
index 9d9162f..282b366 100644
--- a/continuous_integration.mdwn
+++ b/continuous_integration.mdwn
@@ -37,6 +37,20 @@ In addition ssh based tunnels are used to copy data between
CI nodes.
The Jenkins install on the master server is a snapshot release version.
+### generating openvpn keys
+
+the VPN is setup to use certificates and signed keys, each client needs a
certificate and key set generating for its openvpn setup.
+
+become superuser on master
+
+ cd open-vpn-easy
+ source ./vars
+ ./build-key ciworker17
+
+answer questions and set no password
+
+keys/certificates are written to open-vpn-easy/keys and can be copied to teh
clients as required.
+
## Slave
The majority of the build slaves are provided by our own
diff --git a/continuous_integration/debian_stretch_setup.mdwn
b/continuous_integration/debian_stretch_setup.mdwn
index 12a91cf..961e8af 100644
--- a/continuous_integration/debian_stretch_setup.mdwn
+++ b/continuous_integration/debian_stretch_setup.mdwn
@@ -47,12 +47,134 @@ Once installed:
`apt-get install linux-image-4.3.0-0.bpo.1-arm64`
+### Scaleway node
+
+Scaleway servers are currently used for ARM64 and armhf
+workers. Although we have self-hosted hardware for both of these node
+types these nodes are conveniant alternatives. For AMD64 workers
+just create zero cost instances on phoenix!
+
+Use the scaleway dashboard to create a server of the correct
+architecture and Debian jessie image (it has to be upgraded currently)
+a minimal 50G root volume is plenty of storage.
+
+once started ssh to the image using the appropriate ssh key
+
+`ssh -i .ssh/keys/id_rsa.netsurf [email protected]`
+
+edit \etc\hostname to contain nsciworker17
+
+edit \etc\hosts to set loopback name resolution
+
+`adduser netsurf`
+
+ensure netsurf user has ssh key installed
+
+edit /etc/group to add netsurf to sudo group
+
+edit /etc/apt/sources/list to be stretch
+
+`apt-get update`
+
+`apt-get dist-upgrade`
+
+`apt-get clean`
+
+`halt`
+
+use dashboard power toggle to force a hard reboot
+
+login as netsurf and use `sudo -i` to get root terminal
+
+edit /etc/ssh/sshd_config to disable password login
+
+ # To disable tunneled clear text passwords, change to no here!
+ PasswordAuthentication no
+
+`# apt-get install fail2ban`
+
+edit /etc/fail2ban/jail.local
+
+ [DEFAULT]
+
+ # "bantime" is the number of seconds that a host is banned.
+ bantime = 1200
+
+ # A host is banned if it has generated "maxretry" during the last
"findtime"
+ # seconds.
+ findtime = 1200
+ maxretry = 3
+
+ [ssh]
+
+ enabled = true
+ port = ssh
+ filter = sshd
+ logpath = /var/log/auth.log
+ maxretry = 2
+
+
+`# apt-get install openvpn`
+
+create /etc/openvpn/netsurf.conf
+
+ client
+ dev tap_netsurf
+ proto tcp
+ remote vpn.netsurf-browser.org 1194
+ resolv-retry infinite
+ nobind
+ user nobody
+ group nogroup
+ persist-key
+ persist-tun
+ lladdr 0E:00:00:00:03:17
+
+ ca /etc/openvpn/netsurf-keys/ca.crt
+ cert /etc/openvpn/netsurf-keys/ciworker17.crt
+ key /etc/openvpn/netsurf-keys/ciworker17.key
+
+ ns-cert-type server
+
+ comp-lzo
+
+ # Set log file verbosity.
+ verb 3
+
+ script-security 2
+ up /etc/openvpn/netsurf-up
+ down /etc/openvpn/netsurf-down
+
+create /etc/openvpn/netsurf-up
+
+ #!/bin/sh
+
+ ifup tap_netsurf
+
+create /etc/openvpn/netsurf-down
+
+ #!/bin/sh
+
+ ifdown tap_netsurf
+
+edit /etc/network/interfaces and add
+
+ # netsurf
+ auto tap_netsurf
+ iface tap_netsurf inet dhcp
+
+mkdir /etc/openvpn/netsurf-keys
+
+copy openvpn keys from master node into /etc/openvpn/netsurf-keys
+
+
+
### Banana Pi
This system is a dual core ARMv7 allwinner using the armhf ABI
Used the install SD media from
-[[http://www.igorpecovnik.com/2014/09/07/banana-pi-debian-sd-image/ Igor
Pecovnik|http///www.igorpecovnik.com/2014/09/07/banana-pi-debian-sd-image/_igor_pecovnik]]
+[[armbian|https://dl.armbian.com/bananapi/Debian_jessie_next.7z]]
- unzip and write raw file to full size SD card.
@@ -106,16 +228,14 @@ Once installed:
This system is a quad core ARMv7 allwinner H3 using the armhf ABI
-Used "mini" install media from
-[[http://www.orangepi.org/orangepibbsen/forum.php?mod=viewthread&tid=342
loboris|http///www.orangepi.org/orangepibbsen/forum.php?mod=viewthread&tid=342_loboris]]
+Use [[armbian||https://dl.armbian.com/orangepipc/Debian_jessie_default.7z]]
-- unpack image and write to micro SD card and configure as per loboris
- instructions, careful installation steps are not immediately obvious
+- unpack image and write to micro SD card and configure as per banana pi
+ instructions
Once installed:
-- first login as orangepi:orangepi which will need to be immediately
- changed
+- first login as root:1234 which will need to be immediately changed
`* superuser available via sudo -i`
-----------------------------------------------------------------------
Summary of changes:
continuous_integration.mdwn | 14 +++
continuous_integration/debian_stretch_setup.mdwn | 134 ++++++++++++++++++++--
2 files changed, 141 insertions(+), 7 deletions(-)
diff --git a/continuous_integration.mdwn b/continuous_integration.mdwn
index 9d9162f..282b366 100644
--- a/continuous_integration.mdwn
+++ b/continuous_integration.mdwn
@@ -37,6 +37,20 @@ In addition ssh based tunnels are used to copy data between
CI nodes.
The Jenkins install on the master server is a snapshot release version.
+### generating openvpn keys
+
+the VPN is setup to use certificates and signed keys, each client needs a
certificate and key set generating for its openvpn setup.
+
+become superuser on master
+
+ cd open-vpn-easy
+ source ./vars
+ ./build-key ciworker17
+
+answer questions and set no password
+
+keys/certificates are written to open-vpn-easy/keys and can be copied to teh
clients as required.
+
## Slave
The majority of the build slaves are provided by our own
diff --git a/continuous_integration/debian_stretch_setup.mdwn
b/continuous_integration/debian_stretch_setup.mdwn
index 12a91cf..961e8af 100644
--- a/continuous_integration/debian_stretch_setup.mdwn
+++ b/continuous_integration/debian_stretch_setup.mdwn
@@ -47,12 +47,134 @@ Once installed:
`apt-get install linux-image-4.3.0-0.bpo.1-arm64`
+### Scaleway node
+
+Scaleway servers are currently used for ARM64 and armhf
+workers. Although we have self-hosted hardware for both of these node
+types these nodes are conveniant alternatives. For AMD64 workers
+just create zero cost instances on phoenix!
+
+Use the scaleway dashboard to create a server of the correct
+architecture and Debian jessie image (it has to be upgraded currently)
+a minimal 50G root volume is plenty of storage.
+
+once started ssh to the image using the appropriate ssh key
+
+`ssh -i .ssh/keys/id_rsa.netsurf [email protected]`
+
+edit \etc\hostname to contain nsciworker17
+
+edit \etc\hosts to set loopback name resolution
+
+`adduser netsurf`
+
+ensure netsurf user has ssh key installed
+
+edit /etc/group to add netsurf to sudo group
+
+edit /etc/apt/sources/list to be stretch
+
+`apt-get update`
+
+`apt-get dist-upgrade`
+
+`apt-get clean`
+
+`halt`
+
+use dashboard power toggle to force a hard reboot
+
+login as netsurf and use `sudo -i` to get root terminal
+
+edit /etc/ssh/sshd_config to disable password login
+
+ # To disable tunneled clear text passwords, change to no here!
+ PasswordAuthentication no
+
+`# apt-get install fail2ban`
+
+edit /etc/fail2ban/jail.local
+
+ [DEFAULT]
+
+ # "bantime" is the number of seconds that a host is banned.
+ bantime = 1200
+
+ # A host is banned if it has generated "maxretry" during the last
"findtime"
+ # seconds.
+ findtime = 1200
+ maxretry = 3
+
+ [ssh]
+
+ enabled = true
+ port = ssh
+ filter = sshd
+ logpath = /var/log/auth.log
+ maxretry = 2
+
+
+`# apt-get install openvpn`
+
+create /etc/openvpn/netsurf.conf
+
+ client
+ dev tap_netsurf
+ proto tcp
+ remote vpn.netsurf-browser.org 1194
+ resolv-retry infinite
+ nobind
+ user nobody
+ group nogroup
+ persist-key
+ persist-tun
+ lladdr 0E:00:00:00:03:17
+
+ ca /etc/openvpn/netsurf-keys/ca.crt
+ cert /etc/openvpn/netsurf-keys/ciworker17.crt
+ key /etc/openvpn/netsurf-keys/ciworker17.key
+
+ ns-cert-type server
+
+ comp-lzo
+
+ # Set log file verbosity.
+ verb 3
+
+ script-security 2
+ up /etc/openvpn/netsurf-up
+ down /etc/openvpn/netsurf-down
+
+create /etc/openvpn/netsurf-up
+
+ #!/bin/sh
+
+ ifup tap_netsurf
+
+create /etc/openvpn/netsurf-down
+
+ #!/bin/sh
+
+ ifdown tap_netsurf
+
+edit /etc/network/interfaces and add
+
+ # netsurf
+ auto tap_netsurf
+ iface tap_netsurf inet dhcp
+
+mkdir /etc/openvpn/netsurf-keys
+
+copy openvpn keys from master node into /etc/openvpn/netsurf-keys
+
+
+
### Banana Pi
This system is a dual core ARMv7 allwinner using the armhf ABI
Used the install SD media from
-[[http://www.igorpecovnik.com/2014/09/07/banana-pi-debian-sd-image/ Igor
Pecovnik|http///www.igorpecovnik.com/2014/09/07/banana-pi-debian-sd-image/_igor_pecovnik]]
+[[armbian|https://dl.armbian.com/bananapi/Debian_jessie_next.7z]]
- unzip and write raw file to full size SD card.
@@ -106,16 +228,14 @@ Once installed:
This system is a quad core ARMv7 allwinner H3 using the armhf ABI
-Used "mini" install media from
-[[http://www.orangepi.org/orangepibbsen/forum.php?mod=viewthread&tid=342
loboris|http///www.orangepi.org/orangepibbsen/forum.php?mod=viewthread&tid=342_loboris]]
+Use [[armbian||https://dl.armbian.com/orangepipc/Debian_jessie_default.7z]]
-- unpack image and write to micro SD card and configure as per loboris
- instructions, careful installation steps are not immediately obvious
+- unpack image and write to micro SD card and configure as per banana pi
+ instructions
Once installed:
-- first login as orangepi:orangepi which will need to be immediately
- changed
+- first login as root:1234 which will need to be immediately changed
`* superuser available via sudo -i`
--
NetSurf Developer Wiki Backing Store
_______________________________________________
netsurf-commits mailing list
[email protected]
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/netsurf-commits-netsurf-browser.org
