services/nomad/build/buildsync-{aarch64,musl}.nomad: use rsyncd

instead of a cron job, use rwc to trigger rsync jobs. This should also push to the glibc builder now, instead of the glibc builder pulling from the other builders
void-linux · Aug 13, 2023 · 6853b65 · 6853b65
1 parent 0fe2dab
commit 6853b65
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 51 deletions.
diff --git a/services/nomad/build/buildsync-aarch64.nomad b/services/nomad/build/buildsync-aarch64.nomad
@@ -13,20 +13,11 @@ job "buildsync-aarch64" {
     }
 
     task "rsync" {
-      leader = true
       driver = "docker"
 
-      vault {
-        policies = ["void-secrets-buildsync"]
-      }
-
       config {
-        image = "eeacms/rsync"
-        args = ["client"]
-      }
-
-      env {
-        CRON_TASK_1="*/5 * * * * flock -n /run/rsync.lock rsync -vurk -e 'ssh -i /secrets/id_rsa -o UserKnownHostsFile=/local/known_hosts' --exclude '*.sig' --delete-after -f '+ */' -f '+ aarch64*-repodata' -f '+ *.aarch64*.xbps' -f '+ *.noarch*.xbps' -f '+ otime' -f '- *' [email protected]:/hostdir/binpkgs/ /pkgs/aarch64"
+        image = "ghcr.io/void-linux/infra-rsync:202308" # TODO
+        args = ["/local/buildsync-watch", "aarch64"]
       }
 
       volume_mount {
@@ -35,20 +26,9 @@ job "buildsync-aarch64" {
       }
 
       template {
-        data = <<EOF
-{{- with secret "secret/buildsync/ssh" -}}
-{{.Data.private_key}}
-{{- end -}}
-EOF
-        destination = "secrets/id_rsa"
-        perms = "0400"
-      }
-
-      template {
-        data = <<EOF
-b-fsn-de.node.consul ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP1ykMRsB3/DOv/NhnhajQIB99xUdM7RauBS5ptj2i4q
-EOF
-        destination = "local/known_hosts"
+        data = file("buildsync-watch")
+        destination = "local/buildsync-watch"
+        perms = "0755"
       }
     }
   }

diff --git a/services/nomad/build/buildsync-musl.nomad b/services/nomad/build/buildsync-musl.nomad
@@ -13,20 +13,11 @@ job "buildsync-musl" {
     }
 
     task "rsync" {
-      leader = true
       driver = "docker"
 
-      vault {
-        policies = ["void-secrets-buildsync"]
-      }
-
       config {
-        image = "eeacms/rsync"
-        args = ["client"]
-      }
-
-      env {
-        CRON_TASK_1="*/5 * * * * flock -n /run/rsync.lock rsync -vurk -e 'ssh -i /secrets/id_rsa -o UserKnownHostsFile=/local/known_hosts' --exclude '*.sig' --delete-after -f '+ */' -f '+ *-repodata' -f '+ *.xbps' -f '+ otime' -f '- *' [email protected]:/hostdir/binpkgs/ /pkgs/musl/"
+        image = "ghcr.io/void-linux/infra-rsync:202308" # TODO
+        args = ["/local/buildsync-watch", "musl"]
       }
 
       volume_mount {
@@ -35,20 +26,9 @@ job "buildsync-musl" {
       }
 
       template {
-        data = <<EOF
-{{- with secret "secret/buildsync/ssh" -}}
-{{.Data.private_key}}
-{{- end -}}
-EOF
-        destination = "secrets/id_rsa"
-        perms = "0400"
-      }
-
-      template {
-        data = <<EOF
-a-hel-fi.node.consul ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIW8voCZh9nQpdx3fAsvfZO4mCYv0/OUVNPF9A/GsHtX
-EOF
-        destination = "local/known_hosts"
+        data = file("buildsync-watch")
+        destination = "local/buildsync-watch"
+        perms = "0755"
       }
     }
   }

diff --git a/services/nomad/build/buildsync-watch b/services/nomad/build/buildsync-watch
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+BUILDER="$1"
+
+rwc "/pkgs/$BUILDER" "/pkgs/$BUILDER/bootstrap" "/pkgs/$BUILDER/nonfree" "/pkgs/$BUILDER/debug" | \
+xe -s 'flock -n /run/rsync.lock rsync -vurk
+ --delete-after -f "+ */" -f "+ *-repodata" -f "+ *.xbps" -f "+ otime" -f "- *"
+ /pkgs/'"$BUILDER"'/ [email protected]::/pkgs/'"$BUILDER"
diff --git a/services/pkg/rsync/Dockerfile b/services/pkg/rsync/Dockerfile
@@ -1,6 +1,6 @@
 FROM  ghcr.io/void-linux/void-glibc:latest
 
-RUN xbps-install -Sy rsync tini snooze && \
+RUN xbps-install -Sy rsync tini snooze rwc xe util-linux findutils && \
         mkdir -p /etc/rsyncd.conf.d/ && \
         rm -rf /var/cache/xbps