Contents
Binary Distribution
GitHub webhooks are setup to send notifications to blake. Blake forwards those to three build machines. Currently, webhooks are being listened to only on Linux. Linux runs the server that drives the Jenkins jobs.
Jenkins Setup
Jenkins server runs on Linux, Jenkins agents on Linux, Mac and Windows. The server instance manages Jenkins, the agents run the jobs.
On Linux, to start Jenkins, run command:
docker stop jenkins-master docker rm jenkins-master docker run -d -u root --name jenkins-master -p 8080:8080 -p 50000:50000 --restart unless-stopped -v /home/eman2/jenkins_home:/var/jenkins_home -e PLUGINS_FORCE_UPGRADE=true -e TRY_UPGRADE_IF_NO_MARKER=true --restart unless-stopped jenkins/jenkins:lts
- Server login info: 10.10.11.176:8080/ username: eman2
- Install Java on agents.
- Setup passwordless ssh connections from Linux server to agents.
Binary builds require conda-build and constructor. Packaging is done with constructor, a tool for making installers from conda packages.
Nodes: http://10.10.11.176:8080/computer/
http://10.10.11.176:8080/computer/linux/configure
- name: linux
- remoteFS: /home/eman2/linux-1-agent/
- numExecutors: 100
- host: eman-centos7-01
- credentialsId: jenkins-key-eman2
- label: eman
- envVars
- DEPLOY_PATH: /opt/web2py_apps/web2py/applications/cryoem/static/software/
- HOME_DIR: /home/eman2
- PATH+EXTRA: /home/eman2/miniconda3/bin
http://10.10.11.176:8080/computer/mac/configure
- name: mac
- remoteFS: /Users/eman/mac-1-agent
- numExecutors: 100
- host: eman-macmini
- credentialsId: jenkins-key-eman
- label: eman
- envVars
- DEPLOY_PATH: /opt/web2py_apps/web2py/applications/cryoem/static/software/
- HOME_DIR: /Users/eman/
- PATH+EXTRA: /Users/eman/miniconda3/bin
http://10.10.11.176:8080/computer/win/configure
- name: win
- remoteFS: D:\workspace\win-1-agent
- numExecutors: 100
- host: BM-WIN-01
- credentialsId: jenkins-key-eman
JavaPath: "D:\Downloads\openjdk-11+28_windows-x64_bin\jdk-11\bin\java.exe"
Prefix Start Agent Command: "D: &&"
- label: eman
- envVars
- DEPLOY_PATH: /opt/web2py_apps/web2py/applications/cryoem/static/software/
- HOME_DIR: D:
- PATH+EXTRA: D:\Miniconda3;D:\Miniconda3\Scripts
- On Windows for sh calls in jenkins to work "Git for Windows" might need to be installed.
Jenkins Server Setup (on Linux)
http://10.10.11.176:8080/manage/configure
- Labels: main master
Jenkins URL: http://10.10.11.176:8080/
System Admin e-mail address: eman-bot (linux)<eman.github@gmail.com>
- SSH Servers
- Name: Installer-Server
- Hostname: cryoem.bcm.edu
- Username: eman-binary-uploader
- Remote Directory: /opt/web2py_apps/web2py/applications/cryoem/static/software/
http://10.10.11.176:8080/manage/configureSecurity/
- Agents
- TCP port for inbound agents
- Fixed: 50000
- TCP port for inbound agents
- Git Host Key Verification Configuration
- Host Key Verification Strategy
- Known hosts file
- Host Key Verification Strategy
- Agents
Credentials: http://10.10.11.176:8080/manage/credentials/
ID Name gh-eman-bot eman-bot (gh-eman- jenkins-key-eman eman (jenkins-key-eman) jenkins-key-eman2 eman2 (jenkins-key-eman2)
- Jobs
http://10.10.11.176:8080/job/cryoem-eman2-trigger/: Triggers job cryoem-eman2 on agents
http://10.10.11.176:8080/job/cryoem-eman2/: Test(?) and binary builds
- eman-dev(?): Triggers new build of eman-dev
http://10.10.11.176:8080/job/eman-feedstock-trigger-from-eman-master/
http://10.10.11.176:8080/job/eman-feedstock-building-eman-v2.99/
JenkinsCI: Jenkinsfile
- Secrets like ssh keys are stored locally in Jenkins
Manually triggered by including "[ci build]" anywhere in the last commit message. Manually triggered builds on master branch are uploaded as continuous builds and builds triggered from any other branch are uploaded to testing area.
- Any branch in the form of "release-" triggers continuous builds without having to include "[ci build]" in the commit message. Once the release branch is ready, release binaries are manually copied from cont. builds folder into the release folder on the server.
Anaconda
Dependencies not available on anaconda or conda-forge are available on cryoem. The binaries are built and uploaded using conda-forge's conda-smithy. conda-smithy takes care of generating feedstocks, registering them on GitHub and online CI services and building conda recipes.
conda is the package manager.
https://anaconda.org is the online repository of binaries.
conda-build is the tool to build from source.
constructor is the tool to package eman2 and dependency binaries into a single installer file.
EMAN2 is distributed as a single installer which includes all its dependencies.
Conda
Packages that are available on https://anaconda.org can be installed into any conda environment by issuing the command conda install <package>. Conda installs the package along with its dependencies. In order for packages to benefit from this automation, they need to be packaged in a specific way. That can be done with conda-build. conda-build builds packages according to instructions provided in a recipe. A recipe consists of a file with package metadata, meta.yaml, and any other necessary resources like build scripts, (build.sh, bld.bat), patches and so on.
Recipes, Feedstocks and anaconda.org channel: cryoem
Most of EMAN2 dependencies can be found on anaconda's channels, defaults and conda-forge. A few that do not exist or need to be customized have been built and uploaded to channel cryoem. The recipes are hosted in separate repositories on GitHub. Every recipe repository follows the feedstock approach of conda-forge. See here for a complete list.
Feedstocks
General instructions
- Existing feedstocks
- Files to edit: recipe/, conda-build.yaml, conda-forge.yaml
- conda create -n smithy conda-smithy -c conda-forge
- conda-smithy rerender
- More info in conda-smithy/README.md, conda smithy -h, conda-forge.org/docs
- New feedstocks
- conda-smithy/README.md, conda smithy -h
Conda-smithy Workflow
Conda smithy uses tokens to authenticate with GitHub.
Conda-smithy commands:
1 conda create -n smithy conda-smithy 2 conda activate smithy 3 conda smithy init <recipe_directory> 4 conda smithy register-github <feedstock_directory> --organization cryoem 5 conda smithy register-ci --organization cryoem --without-azure --without-drone 6 conda smithy rerender --no-check-uptodate
Build System Notes
CMake
libpython can be linked statically or dynamically when python is built. It is important for python extensions to be aware of the type of linking in order to avoid segfaults. This can be accomplished by querying Py_ENABLE_SHARED.
1 python -c "import sysconfig; print(sysconfig.get_config_var('Py_ENABLE_SHARED'))"
In EMAN, it is done in cmake/FindPython.cmake
OpenGL detection when Anaconda's compilers are used is done using a cmake toolchain file.
- glext.h file needed for OpenGL related module compilation is already present on Linux and Mac. On Windows, it is manually copied once into C:\Program Files\Microsoft SDKs\Windows\v6.0A\Include\gl. On Appveyor it is downloaded as part of env setup every time a test is run.
Mac: slave clock sync https://blog.shameerc.com/2017/03/quick-tip-fixing-time-drift-issue-on-docker-for-mac docker run --rm --privileged alpine hwclock -s
Windows: OPENGL: https://github.com/conda/conda-recipes/blob/master/qt5/notes.md
Not sure if this is true