|author||Vincent Sanders <email@example.com>||2017-05-29 11:52:56 +0100|
|committer||Vincent Sanders <firstname.lastname@example.org>||2017-05-29 11:52:56 +0100|
commit instructions for a scaleway node
2 files changed, 141 insertions, 7 deletions
diff --git a/continuous_integration.mdwn b/continuous_integration.mdwn
index 9d9162f..282b366 100644
@@ -37,6 +37,20 @@ In addition ssh based tunnels are used to copy data between CI nodes.
The Jenkins install on the master server is a snapshot release version.
+### generating openvpn keys
+the VPN is setup to use certificates and signed keys, each client needs a certificate and key set generating for its openvpn setup.
+become superuser on master
+ cd open-vpn-easy
+ source ./vars
+ ./build-key ciworker17
+answer questions and set no password
+keys/certificates are written to open-vpn-easy/keys and can be copied to teh clients as required.
The majority of the build slaves are provided by our own
diff --git a/continuous_integration/debian_stretch_setup.mdwn b/continuous_integration/debian_stretch_setup.mdwn
index 12a91cf..961e8af 100644
@@ -47,12 +47,134 @@ Once installed:
`apt-get install linux-image-4.3.0-0.bpo.1-arm64`
+### Scaleway node
+Scaleway servers are currently used for ARM64 and armhf
+workers. Although we have self-hosted hardware for both of these node
+types these nodes are conveniant alternatives. For AMD64 workers
+just create zero cost instances on phoenix!
+Use the scaleway dashboard to create a server of the correct
+architecture and Debian jessie image (it has to be upgraded currently)
+a minimal 50G root volume is plenty of storage.
+once started ssh to the image using the appropriate ssh key
+`ssh -i .ssh/keys/id_rsa.netsurf email@example.com`
+edit \etc\hostname to contain nsciworker17
+edit \etc\hosts to set loopback name resolution
+ensure netsurf user has ssh key installed
+edit /etc/group to add netsurf to sudo group
+edit /etc/apt/sources/list to be stretch
+use dashboard power toggle to force a hard reboot
+login as netsurf and use `sudo -i` to get root terminal
+edit /etc/ssh/sshd_config to disable password login
+ # To disable tunneled clear text passwords, change to no here!
+ PasswordAuthentication no
+`# apt-get install fail2ban`
+ # "bantime" is the number of seconds that a host is banned.
+ bantime = 1200
+ # A host is banned if it has generated "maxretry" during the last "findtime"
+ # seconds.
+ findtime = 1200
+ maxretry = 3
+ enabled = true
+ port = ssh
+ filter = sshd
+ logpath = /var/log/auth.log
+ maxretry = 2
+`# apt-get install openvpn`
+ dev tap_netsurf
+ proto tcp
+ remote vpn.netsurf-browser.org 1194
+ resolv-retry infinite
+ user nobody
+ group nogroup
+ lladdr 0E:00:00:00:03:17
+ ca /etc/openvpn/netsurf-keys/ca.crt
+ cert /etc/openvpn/netsurf-keys/ciworker17.crt
+ key /etc/openvpn/netsurf-keys/ciworker17.key
+ ns-cert-type server
+ # Set log file verbosity.
+ verb 3
+ script-security 2
+ up /etc/openvpn/netsurf-up
+ down /etc/openvpn/netsurf-down
+ ifup tap_netsurf
+ ifdown tap_netsurf
+edit /etc/network/interfaces and add
+ # netsurf
+ auto tap_netsurf
+ iface tap_netsurf inet dhcp
+copy openvpn keys from master node into /etc/openvpn/netsurf-keys
### Banana Pi
This system is a dual core ARMv7 allwinner using the armhf ABI
Used the install SD media from
-[[http://www.igorpecovnik.com/2014/09/07/banana-pi-debian-sd-image/ Igor Pecovnik|http///www.igorpecovnik.com/2014/09/07/banana-pi-debian-sd-image/_igor_pecovnik]]
- unzip and write raw file to full size SD card.
@@ -106,16 +228,14 @@ Once installed:
This system is a quad core ARMv7 allwinner H3 using the armhf ABI
-Used "mini" install media from
-- unpack image and write to micro SD card and configure as per loboris
- instructions, careful installation steps are not immediately obvious
+- unpack image and write to micro SD card and configure as per banana pi
-- first login as orangepi:orangepi which will need to be immediately
+- first login as root:1234 which will need to be immediately changed
`* superuser available via sudo -i`