Details
After reading the previous sentence, It can be cool to know how to use new flavoured drydock for different reason :
- you was using it before the almanac (like haskell) and thus can't upgrade since rPc44f9d80def9fe1932c2be4fa4b65aca166ae7ea
- you are masochist and wanna try bleeding edge feature
- you are Chuck Norris and thus you are sure that if upstream can do it, you also shall.
So what are the steps to successfully deploy a almanac flavoured resource ? How to test it ?
PS : While I will answer it with what I've found, feel free to comment or add alternative stuff.
Answers
There is basically three parts :
- configure an almanac service
- configure a drydock blueprint
- add the key in the device
Thus you must have both Drydockand Almanac prototype installed.
First Part : Almanac
Create a network
→ → → Create Network
(That mean first navigate to Almanac app. Then click on Networks tab. Then click on Create Network)
Give it a name : something like Private network or 10.0.0.1/24
Create a device
→ → → Create Device
Give it a name : something like high-secure-build or 10.0.1.23
On the device page, Add an interface: choose you ssh port (since drydock will use ssh) which is normally 22 if you don't do any change, one ip and the networks you created earlier.
On the device page, Generate a keypair (if so be sure to save the private part) or Upload an existing public key
In one console ((on phabricator host), trust this key with redacted command where xx is the key id. Do not do this ! It would allow full acces to your phabricator (thank to @epriestley answer).
Create a service
→ → → Create Service
Select Drydock: Resource Pool, Give it a name like highly-secure-builder.
On the service page, add a binding : phabricator will typeahed you the device you created earlier.
(Unnecessary step but I think it is more secure) Check everything is correct and then lock the service in console (on phabricator host) with /path/to/phab/.bin/almanac lock yyyyyy where yyyyy is your service name ( highly-secure-builder)
Second Part : Drydock
Create a blueprint
→ → → New blueprint
Select almanac host.
Give it a name (like builder-worker-contract), select the almanac service (highly-secure-builder) and create a credential (with private key (from device step) and the user you want that drydock connect to root or something else if you are conscientious).
You can lock the key content if you want too.
Last Part : adding the key and testing
Go on your build host and add the key to {the home directory of the user you chose}/.ssh/authorised_keys2`
You can test from your phabricator if it is working with :
- bin/drydock lease --type host which should output something like Activated lease "31"
- bin/drydock command --lease xx ls / where xx is what previous command return (31 in our case) and it shall return you the result of ls / on build host.
What remains now to make CI works is menaging to get working copy works. This will be covered elsewhere.