HOWTO: Build an Objective-C Continuos Integration Server on FreeBSD
Purpose:
The purpose of this HOWTO is to explain how to build a continuos integration (CI) server that conforms to a jailed server architecture. The CI software we'll be using is /devel/jenkins, the repository we'll be using is /devel/git, the Objective-C runtime framework is /deve/gnustep and finally we'll be using /sysutils/ezjail-admin as our jails management application.
Background:
Why use CI?
A common problem with developing software in teams is actually getting a build ready - one developer manages to build successfully while another not. Why is this? Various reasons can explain this, one of which could be one developer forgetting to upload a file to the repository but regardless of excuses the question becomes how can we successfully release builds and get away from such problems? One of the answers to this question is continuos integration servers - every time a developer submits code to the central repository, the code gets built by the CI server and a pass / fail is determined whether the newest changes successfully run or break the build. If you are interested in such a solution for your project ... this article is for you.
Why use a Jailed Architecture
A common security problem with servers is if one service (example: Nginx, Apache) gets hacked, then the entire computer is considered compromised. One remedy to this situation is locking away each major server process in a separate jail with it's own virtual environment and prevent access from outside it - this is called a jailed architecture. The benefit is if a single server gets hacked, the entire system and all the separate servers remain secure. Therefore in this article, we will demonstrate how to implement such a architecture to build a production quality CI server.
Assumption:
Setup Jailed Server Architecture
The following series of step will install the jail administration management framework for our architecture. Note: ezjail is a fantastic program, it simplifies a great deal of complex jails modification & scales well with new services as you will observe in this HOWTO:
(Note: Step takes a VERY LONG time!)
(Note: Allow jails to use tcp/ip)
What's Next:
Now that we created a FreeBSD with a jail system, the idea is that from now on out, whenever we want to add a new 'server' type process to our system, we will create a designated jail for that process and install the server process in that jail. This HOWTO explains how to create two jails and make them interoperable: jenkins and git. If you want to follow this architecture, from now one whenever you want a new 'server' process, try to create a separate process in a jail.
Purpose:
The purpose of this HOWTO is to explain how to build a continuos integration (CI) server that conforms to a jailed server architecture. The CI software we'll be using is /devel/jenkins, the repository we'll be using is /devel/git, the Objective-C runtime framework is /deve/gnustep and finally we'll be using /sysutils/ezjail-admin as our jails management application.
Background:
Why use CI?
A common problem with developing software in teams is actually getting a build ready - one developer manages to build successfully while another not. Why is this? Various reasons can explain this, one of which could be one developer forgetting to upload a file to the repository but regardless of excuses the question becomes how can we successfully release builds and get away from such problems? One of the answers to this question is continuos integration servers - every time a developer submits code to the central repository, the code gets built by the CI server and a pass / fail is determined whether the newest changes successfully run or break the build. If you are interested in such a solution for your project ... this article is for you.
Why use a Jailed Architecture
A common security problem with servers is if one service (example: Nginx, Apache) gets hacked, then the entire computer is considered compromised. One remedy to this situation is locking away each major server process in a separate jail with it's own virtual environment and prevent access from outside it - this is called a jailed architecture. The benefit is if a single server gets hacked, the entire system and all the separate servers remain secure. Therefore in this article, we will demonstrate how to implement such a architecture to build a production quality CI server.
Assumption:
- You have installed a fresh copy of FreeBSD 9.1 on your computer
- You have included 'ports' & 'src' during the fresh install.
- Your computer can connect to the internet.
- You are an intermediate/advanced UNIX user but I will write assuming you are a rambo-type survivalist newbie who is determined to getting things working
- You are familiar with 'vi'
- You are using an Apple Macintosh Computer (Or UNIX-like computer) and a separate computer with FreeBSD installed on it where you are building the CI server.
- You are familiar with Apple Xcode and develop Objective-C code on it (Or some-sort of Objective-C SDK/IDE)
- You have a lot of time to dedicate to trying this out!
Setup Jailed Server Architecture
The following series of step will install the jail administration management framework for our architecture. Note: ezjail is a fantastic program, it simplifies a great deal of complex jails modification & scales well with new services as you will observe in this HOWTO:
# cd /usr/ports/sysutils/ezjail
# make install clean
# rehash
# ezjail-admin install
(Note: Step takes a VERY LONG time!)
# ezjail-admin update -b
(Note: Allow jails to use tcp/ip)
# echo 'security.jail.allow_raw_sockets=1' >> /etc/sysctl.conf
# echo 'ezjail_enable="YES"' >> /etc/rc.conf
What's Next:
Now that we created a FreeBSD with a jail system, the idea is that from now on out, whenever we want to add a new 'server' type process to our system, we will create a designated jail for that process and install the server process in that jail. This HOWTO explains how to create two jails and make them interoperable: jenkins and git. If you want to follow this architecture, from now one whenever you want a new 'server' process, try to create a separate process in a jail.