Used for
- Scala 2.12 / 2.13 PR validation
- Scala 2.12 / 2.13 community build
Old documentation in doc directory; some pieces are still relevant, some are outdated.
The AWS infra was originally deployed and maintanied using ansible (this repo). We no longer use ansible to update the infra, but manage it manually (AWS console, ssh to the machines, jenkins UI, artifactory UI).
We are gradually moving away from using this infra
- releases and integration builds are published on travis / appveyor
- mergely tests for windows and on various jdks on github actions
But we still need it because
- where would we put PR / integration builds?
- where would we get enough resources to run the community build?
- Jenkins auth via GitHub. GitHub OAuth App owned by the Scala org: https://github.com/organizations/scala/settings/applications/154904
- Scabot posts build status to GitHub using an access token of the scala-jenkins user: https://github.com/settings/tokens
- Scabot starts Jenkins builds using an access token of the scala-jenkins user (log in to GitHub as scala-jenkins, then to Jenkins): https://scala-ci.typesafe.com/user/scala-jenkins/security/
- GitHub webhooks to notify scabot: https://github.com/scala/scala/settings/hooks
- Jenkins webhooks to notify scabot: Job configuration, notifications: e.g., https://scala-ci.typesafe.com/job/scala-2.13.x-validate-main/configure
- Jenkins workers: ssh, credentials: https://scala-ci.typesafe.com/manage/credentials/
- Jenkins plugin to start / stop workers: auth unclear, see README in https://github.com/lightbend-labs/ec2-start-stop
Add the following to your ~/.ssh/config
Host jenkins-master
HostName 54.67.111.226
User admin
Host jenkins-worker-behemoth-1
HostName 54.153.2.9
User admin
Host jenkins-worker-behemoth-2
HostName 54.153.1.99
User admin
Host jenkins-worker-behemoth-3
HostName 54.183.156.89
User admin
# no public ip, jumphost through master
Host influxdb
HostName 172.31.0.100
User ubuntu
ProxyCommand ssh -q -W %h:%p jenkins-master
Nginx for scala-ci.typesafe.com on jenkins-master, /etc/nginx/conf.d/jenkins.conf.
Handles jenkins, /artifactory, /grafana, /benchq, ...
Auth goes via GitHub. In the configuraton there's a field "Admin User Names".
AWS Workers are started / stopped by custom jenkins plugin: https://github.com/lightbend-labs/ec2-start-stop
TODO: how to get logs?
- After a recent upgrade, scabot was no longer receiving job notifications from jenkins (it fixed itself...)
- lrytz didn't figure out how to enable debug logs in jenkins
- The notifications plugin produces logs, but no idea how to enable / find them
scala-ci.typesafe.com/artifactory/ to log in to the UI.
Repositories:
scala-pr-validation-snapshotsscala-integrationfor mergely buildsdbuildis an aggregate of cached remote repositories. used for the community build.
The config file is /opt/jfrog/artifactory/var/etc/system.yaml.
/opt/jfrog/artifactory/var/log/console.log has aggregated logs, logs for individual services in the same directory.
/opt/jfrog/artifactory/var/data/derby is the main database for our artifactory; its large (19G in Aug 2024).
The access service has its own db at /opt/jfrog/artifactory/var/data/access/derby.
Scabot triggers Jenkins builds and updates their state on github commits / PRs.
- Logs:
journalctl -u scabot -f -n 100
brew install awscli- via okta, go to AWS IAM
- unfold the "EngOps Scala" entry, click "Access keys" to get the
SSO start URLandSSO Region aws configure sso- set
AWS_DEFAULT_PROFILE aws ec2 describe-instancesto test
Use ncdu -x /path to analyze disk usage.
Artifactory disk usage report: https://scala-ci.typesafe.com/ui/admin/monitoring/storage-summary.
Steps to delete old builds from scala-pr-validation-snapshots:
Create a file search.json, adjust the cutoff date on the last line:
items.find({
"repo": "scala-pr-validation-snapshots",
"$or": [ { "name": { "$match": "scala-compiler*" } }, {"name": { "$match": "scala-reflect*" } }, { "name": { "$match": "scala-library*" } }, { "name": { "$match": "scala-dist*" } }, { "name": { "$match": "scala-partest*" } }, { "name": { "$match": "scalap*" } } ],
"created": { "$lt": "2020-01-01" }
})
curl -u 'lukas:SEEEKREET' -X POST "https://scala-ci.typesafe.com/artifactory/api/search/aql" -T search.json > artifacts.json
In an up-to-date Scala 2.13.x checkout, the following tests which of the artifacts correspond to revisions that were actually merged into scala/scala. Builds for those revisions are kept, builds for revisions that never made it are added to to-delete.txt.
n=$(cat artifacts.json | jq -r '.results[] | .path' | uniq | wc -l)
for p in $(cat artifacts.json | jq -r '.results[] | .path' | uniq); do
n=$((n-1))
sha=$(echo $p | awk -F'-' '{print $(NF-1)}')
if git branch --contains $sha | grep 2.13.x > /dev/null; then
echo "$sha y - $n"
else
echo "$sha n - $n"
echo $p >> to-delete.txt
fi
doneDelete the artifacts; best run it on ssh jenkins-master for performance.
n=$(cat to-delete.txt | wc -l)
for p in $(cat to-delete.txt); do
n=$((n-1))
echo "$p - $n"
curl -u 'lukas:PASSWORDSEKRET' -X DELETE "https://scala-ci.typesafe.com/artifactory/scala-pr-validation-snapshots/$p"
doneAfter that
- Empty "Trash Can"
curl -I -u 'lukas:SEEEKREET' -X POST "https://scala-ci.typesafe.com/artifactory/api/trash/empty"
- Run artifactory's "Garbage Collection" 20 times (😆)
for i in {1..20}; do curl -I -u 'lukas:SEEEKREET' -X POST "https://scala-ci.typesafe.com/artifactory/api/system/storage/gc"; done- wait for it to complete, it runs in the background. check Binaries Size / Artifacts Size in Storage
- Run "Prune Unreferenced Data"
api/system/storage/optimize
- https://jfrog.com/knowledge-base/what-is-the-difference-between-garbage-collector-and-prune-unreferenced-data-processes-in-artifactory/
Other measures
- https://scala-ci.typesafe.com/ui/admin/artifactory/configuration/artifactory_general "Empty Trash Can"
- Derby database (
/var/opt/jfrog/artifactory/data/derby/seg0) may be big.- https://scala-ci.typesafe.com/ui/admin/artifactory/advanced/maintenance "Compress the Internal Database".
- Did not work for me. "lock could not be obtained due to a deadlock".
- Doc says "We recommend running this when Artifactory activity is low, since compression may not be able to complete when storage is busy (in which case the storage will not be affected)."
Enlarging drives and their partitions seems to work well, even for the root partition of a running system (Debian).
- Take a snapshot of the EBS Volume, wait for it to be completed
- Use "Modify volume" and increase the size
- Increase the partition and file system sizes (details here)
sudo growpart /dev/nvme0n1 1(if there are partitions)sudo resize2fs /dev/nvme0n1p1
To recreate a drive / file system (to shrink it, or to move to a different file system), create a new EBS volume, mount it and copy the data over using rsync.
- new EBS volume, gp3, 400g, default iops/throughput. us-west-1c.
- attach to instance as
/dev/xvdN lsblkmkfs -t ext4 -N 50000000 /dev/xvdN(-Nto specify the number of inodes;df -hito display)mkdir /home/jenkins-newchown jenkins:root /home/jenkins-newblkidto show UUID- fstab:
UUID=YYYYYYYYYYYYYYYY /home/jenkins-new ext4 noatime 0 0 systemctl daemon-reloadmount -achown jenkins:root /home/jenkins-newrsync -a -H --info=progress2 --info=name0 /home/jenkins/ /home/jenkins-new/-His important, git checkouts use hard links
- fstab, mount new volume at
/home/jenkins. comment out old volume systemctl daemon-reloadreboot(old volume might be in use)
Enabled on master and behemoths
- default config on behemoths, installs all updates.
- only security updates on master, plus jenkins. Not artifactory because an
apt upgradeof it doesn't restart the service. Also, artifactory updates tend to be more breaking.
Only a basic jre is installed through apt (eg openjdk-17-jre-headless).
Use sudo su and cd to /usr/lib/jvm, see the README file.
Install new JDKs here, we default to adoptium.
On all machines (chronyc tracking to check):
root@ip-172-31-10-237:~# cat /etc/chrony/sources.d/aws.sources
#https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-ec2-ntp.html
server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4