Used for
- Scala 2.12 / 2.13 PR validation
- Scala 2.12 / 2.13 community build
Old documentation in doc directory; some pieces are still relevant, some are outdated.
The AWS infra was originally deployed and maintanied using ansible (this repo). We no longer use ansible to update the infra, but manage it manually (AWS console, ssh to the machines, jenkins UI, artifactory UI).
We are gradually moving away from using this infra
- releases and integration builds are published on travis / appveyor
- mergely tests for windows and on various jdks on github actions
But we still need it because
- where would we put PR / integration builds?
- where would we get enough resources to run the community build?
- Jenkins auth via GitHub. GitHub OAuth App owned by the Scala org:
- Scabot posts build status to GitHub using an access token of the scala-jenkins user:
- Scabot starts Jenkins builds using an access token of the scala-jenkins user (log in to GitHub as scala-jenkins, then to Jenkins):
- GitHub webhooks to notify scabot:
- Jenkins webhooks to notify scabot: Job configuration, notifications: e.g.,
- Jenkins workers: ssh, credentials:
- Jenkins plugin to start / stop workers: auth unclear, see README in
Add the following to your ~/.ssh/config
Host jenkins-master
User admin
Host jenkins-worker-behemoth-1
User admin
Host jenkins-worker-behemoth-2
User admin
Host jenkins-worker-behemoth-3
User admin
# no public ip, jumphost through master
Host influxdb
User ubuntu
ProxyCommand ssh -q -W %h:%p jenkins-master
Nginx for
on jenkins-master
, /etc/nginx/conf.d/jenkins.conf
Handles jenkins, /artifactory
, /grafana
, /benchq
, ...
Auth goes via GitHub. In the configuraton there's a field "Admin User Names".
AWS Workers are started / stopped by custom jenkins plugin:
TODO: how to get logs?
- After a recent upgrade, scabot was no longer receiving job notifications from jenkins (it fixed itself...)
- lrytz didn't figure out how to enable debug logs in jenkins
- The notifications plugin produces logs, but no idea how to enable / find them
to log in to the UI.
for mergely buildsdbuild
are aggregates of cached remote repositories. used for the community build.
File locations
- config file:
sudo tail -f /opt/jfrog/artifactory/var/log/console.log
has aggregated logs, logs for individual services in the same directory/opt/jfrog/artifactory/var
is a symlink to/var/opt/jfrog/artifactory
is a separate mount (600G volume)data/filestore
stores the data (artifacts are stored with their hash as filename for deduplication, possible sharding)data/backup
for manual and automated backups
- apt-installed postgres, details see
is a symlink to/var/opt/jfrog/artifactory/data/postgresql-data
on the 600G artifactory volume
Upgrading artifactory
- breaking changes seem common! release notes:
apt package- backup: use "Export System" in the UI to
, check "Exclude Content"sudo tail -f /opt/jfrog/artifactory/var/log/console.log
to see if it's done, UI will time out- restore: start with an empty database, import from
should not be affected. maybe there's a danger if GC starts when running the empty instance?
Scabot triggers Jenkins builds and updates their state on github commits / PRs.
- Logs:
journalctl -u scabot -f -n 100
brew install awscli
- via okta, go to AWS IAM
- unfold the "EngOps Scala" entry, click "Access keys" to get the
SSO start URL
andSSO Region
aws configure sso
- set
aws ec2 describe-instances
to test
Use ncdu -x /path
to analyze disk usage.
- Change "Idle delay" of Jenkins worker to 500 (
- prevents shutting down while the files are being deleted
ssh jenkins-worker-behemoth-1
- delete
- Revert "Idle delay" to 5
- More details:
Artifactory disk usage report:
Steps to delete old builds from scala-pr-validation-snapshots
Create a file search.json
, adjust the cutoff date on the last line:
"repo": "scala-pr-validation-snapshots",
"$or": [ { "name": { "$match": "scala-compiler*" } }, {"name": { "$match": "scala-reflect*" } }, { "name": { "$match": "scala-library*" } }, { "name": { "$match": "scala-dist*" } }, { "name": { "$match": "scala-partest*" } }, { "name": { "$match": "scalap*" } } ],
"created": { "$lt": "2020-01-01" }
curl -u 'lukas:SEEEKREET' -X POST "" -T search.json > artifacts.json
In an up-to-date Scala 2.13.x checkout, the following tests which of the artifacts correspond to revisions that were actually merged into scala/scala. Builds for those revisions are kept, builds for revisions that never made it are added to to-delete.txt
n=$(cat artifacts.json | jq -r '.results[] | .path' | uniq | wc -l)
for p in $(cat artifacts.json | jq -r '.results[] | .path' | uniq); do
sha=$(echo $p | awk -F'-' '{print $(NF-1)}')
if git branch --contains $sha | grep 2.13.x > /dev/null; then
echo "$sha y - $n"
echo "$sha n - $n"
echo $p >> to-delete.txt
Delete the artifacts; best run it on ssh jenkins-master
for performance.
n=$(cat to-delete.txt | wc -l)
for p in $(cat to-delete.txt); do
echo "$p - $n"
curl -u 'lukas:PASSWORDSEKRET' -X DELETE "$p"
After that
- Empty "Trash Can"
curl -I -u 'lukas:SEEEKREET' -X POST ""
- Run artifactory's "Garbage Collection" 20 times (😆)
for i in {1..20}; do curl -I -u 'lukas:SEEEKREET' -X POST ""; done
- wait for it to complete, it runs in the background. check Binaries Size / Artifacts Size in Storage
- Run "Prune Unreferenced Data"
Other measures
- "Empty Trash Can"
- Derby database (
) may be big.- "Compress the Internal Database".
- Did not work for me. "lock could not be obtained due to a deadlock".
- Doc says "We recommend running this when Artifactory activity is low, since compression may not be able to complete when storage is busy (in which case the storage will not be affected)."
Enlarging drives and their partitions seems to work well, even for the root partition of a running system (Debian).
- Take a snapshot of the EBS Volume, wait for it to be completed
- Use "Modify volume" and increase the size
- Increase the partition and file system sizes (details here)
sudo growpart /dev/nvme0n1 1
(if there are partitions)sudo resize2fs /dev/nvme0n1p1
To recreate a drive / file system (to shrink it, or to move to a different file system), create a new EBS volume, mount it and copy the data over using rsync
- new EBS volume, gp3, 400g, default iops/throughput. us-west-1c.
- attach to instance as
mkfs -t ext4 -N 50000000 /dev/xvdN
to specify the number of inodes;df -hi
to display)mkdir /home/jenkins-new
chown jenkins:root /home/jenkins-new
to show UUID- fstab:
UUID=YYYYYYYYYYYYYYYY /home/jenkins-new ext4 noatime 0 0
systemctl daemon-reload
mount -a
chown jenkins:root /home/jenkins-new
rsync -a -H --info=progress2 --info=name0 /home/jenkins/ /home/jenkins-new/
is important, git checkouts use hard links
- fstab, mount new volume at
. comment out old volume systemctl daemon-reload
(old volume might be in use)
Enabled on master and behemoths
- default config on behemoths, installs all updates.
- only security updates on master, plus jenkins. Not artifactory because an
apt upgrade
of it doesn't restart the service. Also, artifactory updates tend to be more breaking.
Only a basic jre is installed through apt (eg openjdk-17-jre-headless
Use sudo su
and cd to /usr/lib/jvm
, see the README
Install new JDKs here, we default to adoptium.
On all machines (chronyc tracking
to check):
root@ip-172-31-10-237:~# cat /etc/chrony/sources.d/aws.sources
server prefer iburst minpoll 4 maxpoll 4