2023-05-04 08:57:54 -04:00
---
layout: '~/layouts/Markdown.astro'
title: Hardware infrastructure
license: 'CC-BY-SA-4.0'
---
2023-06-11 03:23:29 -04:00
## Codeberg
Codeberg provides a LXC container with 48GB RAM, 24 threads and SSD drive to be used for the CI. A Forgejo Runner is installed in `/opt/runner` and registered with a token obtained from https://codeberg.org/forgejo. It does not allow running privileged containers or LXC containers for security reasons. The runner is intended to be used for pull requests, for instance in https://codeberg.org/forgejo/forgejo.
2023-05-04 08:57:54 -04:00
## Octopuce
2023-05-13 18:33:09 -04:00
[Octopuce provides hardware ](https://codeberg.org/forgejo/sustainability ) managed by [the devops team ](https://codeberg.org/forgejo/governance/src/branch/main/TEAMS.md#devops ). It can be accessed via a VPN which provides a DNS for the `octopuce.forgejo.org` internal domain.
2023-05-04 08:57:54 -04:00
The VPN is deployed and upgraded using the following [Enough command line ](https://enough-community.readthedocs.io ):
```shell
$ mkdir -p ~/.enough
2023-07-03 17:52:16 -04:00
$ git clone https://forgejo.octopuce.forgejo.org/forgejo/enough-octopuce ~/.enough/octopuce.forgejo.org
2023-05-13 18:33:09 -04:00
$ enough --domain octopuce.forgejo.org service create openvpn
2023-05-04 08:57:54 -04:00
```
2023-07-03 17:52:16 -04:00
## Hetzner
https://hetzner01.forgejo.org runs on an [EX101 ](https://www.hetzner.com/dedicated-rootserver/ex101 ) Hetzner hardware.
2023-05-04 08:57:54 -04:00
## OVH
https://code.forgejo.org runs on an OVH virtual machine using the same
OVH account used for the forgejo.org domain name and mails.
It is deployed and upgraded using the following [Enough command line ](https://enough-community.readthedocs.io ):
```shell
$ mkdir -p ~/.enough
2023-07-03 17:52:16 -04:00
$ git clone https://forgejo.octopuce.forgejo.org/forgejo/enough-code ~/.enough/code.forgejo.org
2023-05-04 08:57:54 -04:00
$ enough --domain code.forgejo.org service create --host bind-host forgejo
```
Upgrading only Forgejo:
```shell
$ enough --domain code.forgejo.org playbook -- --limit bind-host,localhost --private-key ~/.enough/code.forgejo.org/infrastructure_key venv/share/enough/playbooks/forgejo/forgejo-playbook.yml
```
Login in the machine hosting the Forgejo instance for debugging purposes:
```shell
enough --domain code.forgejo.org ssh bind-host
```
2023-06-18 02:51:06 -04:00
## Installing Forgejo runners
### Preparing the LXC hypervisor
```shell
git clone https://code.forgejo.org/forgejo/lxc-helpers/
2023-06-19 02:12:38 -04:00
lxc-helpers.sh lxc_prepare_environment
sudo lxc-helpers.sh lxc_install_lxc_inside 10.120.13
2023-06-18 02:51:06 -04:00
```
### Creating an LXC container
```shell
2023-06-19 12:38:02 -04:00
lxc-helpers.sh lxc_container_create forgejo-runners
lxc-helpers.sh lxc_container_start forgejo-runners
lxc-helpers.sh lxc_container_user_install forgejo-runners $(id -u) $USER
2023-06-18 06:12:01 -04:00
lxc-helpers.sh lxc_container_run forgejo-runners -- sudo --user debian bash
2023-06-18 02:51:06 -04:00
sudo apt-get update
2023-06-19 02:12:38 -04:00
sudo apt-get install -y wget docker.io emacs-nox
sudo usermod -aG docker $USER # exit & enter again for the group to be active
2023-06-18 02:51:06 -04:00
lxc-helpers.sh lxc_prepare_environment
2023-06-19 02:12:38 -04:00
sudo wget -O /usr/local/bin/forgejo-runner https://code.forgejo.org/forgejo/runner/releases/download/v2.0.4/forgejo-runner-amd64
sudo chmod +x /usr/local/bin/forgejo-runner
2023-06-18 06:12:01 -04:00
echo 'export TERM=vt100' >> .bashrc
2023-06-18 02:51:06 -04:00
```
### Creating a runner
2023-06-18 07:19:33 -04:00
Multiple runners can co-exist on the same machine. To keep things
organized they are located in a directtory that is the same as the url
from which the token is obtained. For instance
DIR=codeberg.org/forgejo-integration means that the token was obtained from the
https://codeberg.org/forgejo-integration organization.
If a runner only provides unprivileged docker containers, the labels
should be
`LABELS=docker:docker://node:16-bullseye,ubuntu-latest:docker://node:16-bullseye` .
If a runner provides LXC containers and unprivileged docker
containers, the labels should be
`LABELS=docker:docker://node:16-bullseye,self-hosted` .
2023-06-18 02:51:06 -04:00
```shell
2023-06-18 07:19:33 -04:00
mkdir -p $DIR ; cd $DIR
2023-06-18 02:51:06 -04:00
forgejo-runner generate-config > config.yml
## edit config.yml
2023-06-18 07:19:33 -04:00
## Obtain a $TOKEN from https://$DIR
forgejo-runner register --no-interactive --token $TOKEN --name runner --instance https://codeberg.org --labels $LABELS
2023-06-18 06:12:01 -04:00
forgejo-runner --config config.yml daemon |& cat -v > runner.log &
2023-06-18 02:51:06 -04:00
```
#### codeberg.org config.yml
- `fetch_timeout: 30s` # because it can be slow at times
- `fetch_interval: 60s` # because there is throttling and 429 replies will mess up the runner
2023-06-18 06:12:01 -04:00
- cache `enabled: false` # because codeberg.org is still v1.19