summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVincent Sanders <vince@kyllikki.org>2017-05-29 10:52:56 (GMT)
committer Vincent Sanders <vince@kyllikki.org>2017-05-29 10:52:56 (GMT)
commitf499ef8cd2f632f09063ff6edbf1f1febad9a90b (patch)
treeb139e1ba777f91ec386e2505ad88b0fd1ee13d7a
parent815c6a65f40082fe4baeb7a44a3b2c99959fc3c8 (diff)
downloadnetsurf-wiki-f499ef8cd2f632f09063ff6edbf1f1febad9a90b.tar.gz
netsurf-wiki-f499ef8cd2f632f09063ff6edbf1f1febad9a90b.tar.bz2
commit instructions for a scaleway node
-rw-r--r--continuous_integration.mdwn14
-rw-r--r--continuous_integration/debian_stretch_setup.mdwn134
2 files changed, 141 insertions, 7 deletions
diff --git a/continuous_integration.mdwn b/continuous_integration.mdwn
index 9d9162f..282b366 100644
--- a/continuous_integration.mdwn
+++ b/continuous_integration.mdwn
@@ -37,6 +37,20 @@ In addition ssh based tunnels are used to copy data between CI nodes.
The Jenkins install on the master server is a snapshot release version.
+### generating openvpn keys
+
+the VPN is setup to use certificates and signed keys, each client needs a certificate and key set generating for its openvpn setup.
+
+become superuser on master
+
+ cd open-vpn-easy
+ source ./vars
+ ./build-key ciworker17
+
+answer questions and set no password
+
+keys/certificates are written to open-vpn-easy/keys and can be copied to teh clients as required.
+
## Slave
The majority of the build slaves are provided by our own
diff --git a/continuous_integration/debian_stretch_setup.mdwn b/continuous_integration/debian_stretch_setup.mdwn
index 12a91cf..961e8af 100644
--- a/continuous_integration/debian_stretch_setup.mdwn
+++ b/continuous_integration/debian_stretch_setup.mdwn
@@ -47,12 +47,134 @@ Once installed:
`apt-get install linux-image-4.3.0-0.bpo.1-arm64`
+### Scaleway node
+
+Scaleway servers are currently used for ARM64 and armhf
+workers. Although we have self-hosted hardware for both of these node
+types these nodes are conveniant alternatives. For AMD64 workers
+just create zero cost instances on phoenix!
+
+Use the scaleway dashboard to create a server of the correct
+architecture and Debian jessie image (it has to be upgraded currently)
+a minimal 50G root volume is plenty of storage.
+
+once started ssh to the image using the appropriate ssh key
+
+`ssh -i .ssh/keys/id_rsa.netsurf root@1.2.3.4`
+
+edit \etc\hostname to contain nsciworker17
+
+edit \etc\hosts to set loopback name resolution
+
+`adduser netsurf`
+
+ensure netsurf user has ssh key installed
+
+edit /etc/group to add netsurf to sudo group
+
+edit /etc/apt/sources/list to be stretch
+
+`apt-get update`
+
+`apt-get dist-upgrade`
+
+`apt-get clean`
+
+`halt`
+
+use dashboard power toggle to force a hard reboot
+
+login as netsurf and use `sudo -i` to get root terminal
+
+edit /etc/ssh/sshd_config to disable password login
+
+ # To disable tunneled clear text passwords, change to no here!
+ PasswordAuthentication no
+
+`# apt-get install fail2ban`
+
+edit /etc/fail2ban/jail.local
+
+ [DEFAULT]
+
+ # "bantime" is the number of seconds that a host is banned.
+ bantime = 1200
+
+ # A host is banned if it has generated "maxretry" during the last "findtime"
+ # seconds.
+ findtime = 1200
+ maxretry = 3
+
+ [ssh]
+
+ enabled = true
+ port = ssh
+ filter = sshd
+ logpath = /var/log/auth.log
+ maxretry = 2
+
+
+`# apt-get install openvpn`
+
+create /etc/openvpn/netsurf.conf
+
+ client
+ dev tap_netsurf
+ proto tcp
+ remote vpn.netsurf-browser.org 1194
+ resolv-retry infinite
+ nobind
+ user nobody
+ group nogroup
+ persist-key
+ persist-tun
+ lladdr 0E:00:00:00:03:17
+
+ ca /etc/openvpn/netsurf-keys/ca.crt
+ cert /etc/openvpn/netsurf-keys/ciworker17.crt
+ key /etc/openvpn/netsurf-keys/ciworker17.key
+
+ ns-cert-type server
+
+ comp-lzo
+
+ # Set log file verbosity.
+ verb 3
+
+ script-security 2
+ up /etc/openvpn/netsurf-up
+ down /etc/openvpn/netsurf-down
+
+create /etc/openvpn/netsurf-up
+
+ #!/bin/sh
+
+ ifup tap_netsurf
+
+create /etc/openvpn/netsurf-down
+
+ #!/bin/sh
+
+ ifdown tap_netsurf
+
+edit /etc/network/interfaces and add
+
+ # netsurf
+ auto tap_netsurf
+ iface tap_netsurf inet dhcp
+
+mkdir /etc/openvpn/netsurf-keys
+
+copy openvpn keys from master node into /etc/openvpn/netsurf-keys
+
+
+
### Banana Pi
This system is a dual core ARMv7 allwinner using the armhf ABI
Used the install SD media from
-[[http://www.igorpecovnik.com/2014/09/07/banana-pi-debian-sd-image/ Igor Pecovnik|http///www.igorpecovnik.com/2014/09/07/banana-pi-debian-sd-image/_igor_pecovnik]]
+[[armbian|https://dl.armbian.com/bananapi/Debian_jessie_next.7z]]
- unzip and write raw file to full size SD card.
@@ -106,16 +228,14 @@ Once installed:
This system is a quad core ARMv7 allwinner H3 using the armhf ABI
-Used "mini" install media from
-[[http://www.orangepi.org/orangepibbsen/forum.php?mod=viewthread&tid=342 loboris|http///www.orangepi.org/orangepibbsen/forum.php?mod=viewthread&tid=342_loboris]]
+Use [[armbian||https://dl.armbian.com/orangepipc/Debian_jessie_default.7z]]
-- unpack image and write to micro SD card and configure as per loboris
- instructions, careful installation steps are not immediately obvious
+- unpack image and write to micro SD card and configure as per banana pi
+ instructions
Once installed:
-- first login as orangepi:orangepi which will need to be immediately
- changed
+- first login as root:1234 which will need to be immediately changed
`* superuser available via sudo -i`