1. About jenkins.debian.net

https://jenkins.debian.net is a tool for automated quality monitoring of Debian. It is work in progress despite being in existence since October 15th 2012.

Get the source by running git clone git://git.debian.org/git/qa/jenkins.debian.net.git. It’s all in there, no (relevant) manual setup has been done besides what’s in this git repository. (The irrelevant bits are some very simple configuration files containing passwords.)

The (virtualized) hardware is sponsored since October 2012 by http://www.profitbricks.co.uk - currently it’s using more than hundred cores and almost 300 GB memory, thanks a lot!

Some stats are available using munin-plugins for jenkins.

Three persons have shell access (incl. root) to the machine: Holger Levsen, Helmut Grohne and Mattia Rizzolo. All of them have also access to the web intereface, where tasks like stopping and scheduling job runs can be done, also they enough rights to edit the jenkins scripts (i.e. what jenkins executes), though this is done in case of firefighting (e.g. changes throught the git repository are really preferred). The deploying of changes is still limited to people with root powers.

2. Getting involved

jenkins.debian.net is intended to be a QA resource for the whole Debian project. Please contact us (via #debian-qa on IRC or via the debian-qa mailinglist) If you / your project is interested to run tests in this setup!

If you notice some jobs has problems and you want to find out why, read debug certain jobs to learn how to do debug jobs locally.

2.1. Contributing code to this project

It’s helpful to track fixes or new features via wishlist bugs against the jenkins.debian.org package, eg with the reportbug tool (devscripts package). The BTS will ensure the developers' mailing list qa-jenkins-dev@lists.debian.org is notified.

The code is available in the jenkins.debian.net.git repository.

Patches can be submitted as requests to pull from a publicly-visible git repository (this is the prefered way) communicated via IRC or mail, or completly via mail (using git format-patch, see below). If appropriate, please make a topic branch based on the master branch.

You can send patches or requests to the development list, or to the tracking bug: <bugnumber>@bugs.debian.org.

One possible workflow:

  git clone git://anonscm.debian.org/qa/jenkins.debian.net.git
  git checkout origin/master -b <topicname>
  # <edits>
  git commit -a
  git format-patch -M origin/master

  reportbug jenkins.debian.org
  # <describe the issue, attach the patch>

2.2. Contributing bugs to other projects

Another very useful type of contributions are filing bug reports based on jenkins job runs. Another useful kind of contribution would be to improve the documentation, eg to better describe how to debug stuff.

3. Notifications

There are two types of notifications being used: email and IRC. At the end of each builds console log it says to where notifications have been sent. An address of the form jenkins-foo means an IRC notification has been sent to the #foo IRC channel.

All job result notifications should be sent to https://lists.alioth.debian.org/mailman/listinfo/qa-jenkins-scm and optionally to other recipients as well.

4. Jobs being run

There are over 900 jobs being run currently. If you can think of ways to improve the usefulness of certain jobs, please do give feedback!

4.1. g-i-installation jobs

Installation tests with g-i, the graphical version of d-i, the debian-installer.

  • g-i-installation_debian_sid_daily-rescue

    • boot of rescue system with daily build sid image

  • g-i-installation_debian_sid_daily-lxde and -xfce and -kfreebsd and -hurd

    • sid installation of Xfce/LXDE desktop with daily build sid image

  • g-i-installation_debian_jessie_lxde,-xfce,-kde and -gnome and -kfreebsd

    • jessie installation of Xfce/LXDE/KDE desktop and kfreebsd install with weekly build jessie image

  • g-i-installation_debian_wheezy_lxde,-xfce,-kde and -gnome and -kfreebsd

    • wheezy installation of Xfce/LXDE/KDE desktop and kfreebsd install with wheezy release image

4.2. debian-installer jobs

  • d_i_build_$source_package

    • there is one job for each git repo referred to in http://anonscm.debian.org/viewvc/d-i/trunk/.mrconfig?view=co

    • each job pdebuilds the master branch of its git repo on every git push in a sid environment. (If the architecture(s) specified in debian/control are not amd64,all or any the build exits cleanly.)

    • while these jobs are triggered on commits, the SCM is only polled every 6min to see if there are new commits.

  • d_i_manual

    • builds the full installation-guide package with pdebuild in sid on every commit to svn://anonscm.debian.org/svn/d-i/ matching suitable patterns.

    • while this job is triggered on commits, the SCM is only polled every 15min to see if there are new commits.

  • d_i_manual_$language_html

    • builds a language (on jessie) on every commit of svn/trunk/manual/$LANG with make languages=$LANG architectures=amd64 formats=html.

    • while these jobs are triggered on commits, the SCM is only polled every 15min to see if there are new commits.

    • on successful build, d_i_manual_$lang_pdf is triggered.

  • d_i_parse_build_logs - parses logs from http://d-i.debian.org/daily-images/build-logs.html daily, to give them a bit more exposure.

    • this job is run daily.

4.3. chroot-installation jobs

Installation tests inside chroot environments.

  • chroot-installation_maintenance_$distro:

    • make sure chroots have been cleaned up properly

    • runs daily at 05:00 UTC and triggers the $distro specific bootstrap job on success

    • wheezy is only triggered on the 4th day and 18th of each month (as it was released on the 4th)

  • $distro-bootstrap jobs:

    • just debootstrap $distro (install a base Debian distribution $distro)

    • there is one job for sid, one for wheezy and one for jessie: chroot-installation_sid_bootstrap, chroot-installation_wheezy_bootstrap and chroot-installation_jessie_bootstrap

    • on successful run of the bootstrap job, six $distro-install(+upgrade) jobs are triggered.

  • $distro-install jobs (and $distro-install+upgrade jobs):

    • debootstrap $distro, install a $set_of_packages (and upgrade to $2nd_distro)

    • these $set_of_packages exist: gnome, kde, kde-full, lxde, xfc, full_desktop (all five desktops plus vlc evince iceweasel chromium cups build-essential devscripts wine texlive-full asciidoc vim emacs and (libreoffice virt-manager mplayer (stretch/sid) and develop

      • install is done with apt-get install, except for develop where apt-get build-dep is used to install the build dependencies of these packages.

    • Then there are also all the corresponding upgrade jobs, eg chroot-installation_wheezy_install_gnome_upgrade_to_jessie

  • All Debian Edu related jobs can be seen at these two URLs:

  • Then there are three types of jobs:

    • g-i-installation_$(distro)_$(profile):

      • tests installation of a profile with preseeding in the graphical installer,

      • screenshots and logs are preserved and a movie created,

      • testing clients against the main-server is planned too, for some time…

    • chroot-installation_$(distro)install$(education-metapackage):

      • tests apt installation of a metapackage in a specific distro.

  • edu-packages_$(distro)_$(src-package):

    • builds one of the six debian-edu packages (debian-edu, debian-edu-config, debian-edu-install, debian-edu-doc, debian-edu-artwork, debian-edu-archive-keyring on every push to it’s git master branch

    • and whenever debian-edu-doc is build, https://jenkins.debian.net/userContent/debian-edu-doc/ get’s updated automatically afterwards too.

  • There are jobs for lintian and for piuparts:

    • they simply run a build and/or the tests of the master branch of their git repository on every commit against sid. If that succeeds, the same source will be built on stretch, then on jessie and - in the lintian case only - also for wheezy.

  • There are also jobs related to UDD:

    • they check for multiarch version screws in various suites or issues with orphaned packages without the correct the relevant bug.

  • Last but not least, dpkg related jobs:

4.6. haskell jobs

4.7. rebootstrap jobs

4.8. reproducible builds jobs

  • See https://wiki.debian.org/ReproducibleBuilds to learn more about "Reproducible Builds" in Debian and beyond.

  • Several jobs are being used to assemble the website https://tests.reproducible-builds.org which is actually a collection of static html and log files (and very few images) being served from this host. Besides the logfiles data is stored in a database which can be downloaded from https://tests.reproducible-builds.org/reproducible.sql.xz. (That copy is updated daily.)

  • The (current) purpose of https://tests.reproducible-builds.org is to show the potential of reproducible builds for Debian - and six other projects currently. This is research, showing what could (and should) be done… check https://wiki.debian.org/ReproducibleBuilds for the real status of the project for Debian!

  • For Debian, four suites, stretch, buster, unstable and experimental, are tested on four architectures: amd64, i386, arm64 and armhf. The tests are done using pbuilder through several concurrent workers: 40 for amd64, 24 for i386, 32 for arm64 and 51 for armhf, which are each constantly testing packages and saving the results of these tests. There’s a single systemd service starting all of these workers which in turn launch the actual build script. (So the actual builds and tests are happening outside the jenkins service.)

    • To shutdown all the workers use: sudo systemctl stop reproducible_build@startup.service ; /srv/jenkins/bin/reproducible_cleanup_nodes.sh

    • To start all the workers use: sudo systemctl start reproducible_build@startup.service

  • These builds on remote nodes run on very different hardware:

    • for amd64 we are using four virtual machines, profitbricks-build(1+5+11+15)-amd64, which have 15 or 16 cores and 48gb ram each. These nodes are sponsored by Profitbricks.

    • for i386 we are also using four virtual machines, profitbricks-build(2+6+12+16)-i386, which have 10 or 9 cores and 36gb ram each. pb2+12 run emulated AMD Opteron CPUs and pb6+16 Intel Xeon CPUs. These nodes are also sponsored by Profitbricks.

    • for arm64 we are using eight "moonshot" sleds, codethink-sled9-15-arm64, which have 8 cores and 64gb ram each. These nodes are sponsored by Codethink.

    • To test armhf we are using 27 small boards donated by vagrant@d.o:

      • four quad-cores (cbxi4a, cbxi4b, ff4a and jtx1a) with 4gb ram,

      • three octo-cores (odxu4, odxu4b and odxu4c) with 2gb ram,

      • one hexa-core (ff64a) with 2gb ram

      • twelve quad-cores (wbq0, cbxi4pro0, ff2a, ff2b, odc2a, odu3a, opi2a, opi2b, opi2c, jtk1a, p64b and p64c) with 2gb ram,

      • two dual-core (bbx15 and cb3a) with 2gb ram and,

      • two quad-cores (rpi2b and rpi2c) with 1gb ram and

      • three dual-cores (bpi0, hb0 and wbd0) with 1gb ram, each.

  • We would love to have more or more powerful ARM hardware in the future, if you can help, please talk to us!

  • Packages to be build are scheduled in the database via a scheduler job, which runs every hour and if the queue is below a certain threshold schedules four types of packages:

    • new untested packages (either uploaded to unstable or experimental or migrated to buster or stretch),

    • new versions of existing packages, which were already tested - these are always scheduled, no matter how full the queue is

    • old versions, already tested (at least two weeks ago)

    • and also some old versions which failed to build (at least ten days ago), if no bug has been filed.

  • Several other jobs exist to build the HTML pages and to create two JSON files which can be downloaded from https://tests.reproducible-builds.org/reproducible.json and https://tests.reproducible-builds.org/reproducible-tracker.json. The 1st one has all the data (except history) and the 2nd has all the data we consider relevant to bother maintainers with, that is, some ftbfs isses are excluded.

  • Information from https://anonscm.debian.org/git/reproducible/notes.git is incorporated on pushes to that git repo.

  • There are suite specific jobs to create the pbuilder base.tgz’s per suite, which have the reproducible apt repo added. Similarly there’s another job per suite to create the schroots used by the builder jobs to download the packages sources to build.

  • Then there are two more jobs to create sid and testing schroots to run diffoscope on the the two results. This is necessary since to investigate haskell binaries, diffoscope needs access to the same haskell compiler version as the investigated packages have been built with.

  • For making sure things are considerably under control at any time, there is a maintenance job running every 3h, mostly doing cleanups.

  • The jenkins job overview at https://jenkins.debian.net/view/reproducible/ probably makes it clearer how the job scheduling works in practice.

  • If you are in the reproducible team you can reschedule packages by yourself:

    • log into alioth.debian.org via ssh, in the team home (/home/groups/reproducible/) there is a reschedule.sh script you can call. Use the --help switch to get the online help.

    • The team IRC channel will get a notification about the scheduling and optionally when the build finishes too.

  • If you are not in the reproducible team or if you want to reschedule big sets of packages please ask for a manual rescheduling in the #debian-reproducible IRC channel on OFTC. Those with shell access to jenkins can bypass the limitations imposed to remote calls, which are limited to 500 schedulings per day, which should be plenty for normal usage.

  • Blacklisting packages can be done similarly:

jenkins@jenkins:~$ /srv/jenkins/bin/reproducible_blacklist.sh $suite $package1
  • We support sending automatic email notification for status changes to maintainers. Enabling/disabling these notifications can be done by people with shell access to jenkins:

jenkins@jenkins:~$ /srv/jenkins/bin/reproducible_setup_notify.py -h
usage: reproducible_setup_notify.py [-h] [-o] [-p PACKAGES [PACKAGES ...]]
                                    [-m MAINTAINER]
  -h, --help            show this help message and exit
  -o, --deactivate      Deactivate the notifications
  -p PACKAGES [PACKAGES ...], --packages PACKAGES [PACKAGES ...]
                        list of packages for which activate notifications
  -m MAINTAINER, --maintainer MAINTAINER
                        email address of a maintainer

4.9. torbrowser-launcher jobs

Tor Browser is not part of Debian. To easily and securely use it, one can run <pre>sudo apt-get install torbrowser-launcher</pre> and then run torbrowser-launcher which will download Tor Browser and well, launch it. And this sometimes breaks, when things change, which is rather frequently the caseā€¦

There is a graphical status overview of torbrowser tests on Debian which are tests installing torbrowser-launcher on and from sid, stretch, jessie-backports, jessie and wheezy-backports, which first download torbrowser via https and via tor, then launches it to finally connect to a debian mirror via an onion-address and then to www.debian.org. In addition to these there are also tests installing the package from stretch on jessie as well as the package from sid on stretch and jessie. Finally there are also tests for building the package from our git branches for various suites and finally there’s a daily build of the package based on the upstream git master branch merged with our sid packaging.

There are 17 different tests currently and they are configured in just two files, a 220 line yaml file defining the jenkins jobs and 528 lines of bash script containing the actual test code.

These tests are executed either daily or weekly (those testing the package from ftp.d.o) or on every commit and at least once every month (those testing the package build from git).

4.10. jenkins.d.n jobs

These are jobs for making sure jenkins.debian.net is running smoothly.

5. Debugging certain jobs

To debug most jobs, a jenkins setup is actually not needed.

  • In principle the shell commands from the various jobs should run on any Debian system just fine. Please use a test system though, as all your data might be eaten.

    • A good first step is to use this git repo as a Debian source package, build it and then install the jenkins.d.n-debug package and all it’s recommends on your test system. NOTE: this ain’t as helpful as it used to be as many depends have only been added to update_jdn.sh and not to debian/control.

5.1. Feedback

We love to get feedback on this! Either by sending an email to debian-qa@lists.debian.org or by joining #debian-qa on irc.debian.org and expressing yourself there. The best way is to report bugs, even better if accompanied by patches or pull requests. But really, all feedback is appreciated!

5.2. Setup


5.3. ToDo

There is still a lot of work left, check the current ToDo list.

5.4. Thanks


6. License

  • everything except features and bin/libvirt_cucumber_tests:

  • features and bin/libvirt_cucumber_tests:

    • GPLv3+