Table of Contents

1. piuparts README_server
1.1. piuparts runs itself and other stuff as root
2. piuparts in master/slave mode
2.1. Setting up the master
2.2. Setting up the slave(s)
2.3. Tuning the setup
2.4. Setup from GIT
3. Distributed piuparts testing protocol
4. piuparts.conf configuration file
4.1. global configuration
4.2. section specific configuration
4.3. specific configuration
5. Running piuparts-report as it is done for

1. piuparts README_server

Authors: Lars Wirzenius, Holger Levsen and Andreas Beckmann Email: <>

1.1. piuparts runs itself and other stuff as root


Please note that running piuparts on unknown packages is somewhat risky, to say the least. There are security implications that you want to consider. It’s best to do it on machines that you don’t mind wiping clean at a moment’s notice, and preferably so that they don’t have direct network access.

You have been warned.

2. piuparts in master/slave mode

As part of the quality assurance efforts of Debian, piuparts is run on the Debian package archive. This requires a lot of processing power, and so the work can be distributed over several hosts.

There is one central machine, the master, and any number of slave machines. Each piuparts-slave instance connects to the master, via ssh, and runs the piuparts-master program to report results of packages it has tested already, and to get more work.

To set this up for yourself, the following steps should suffice:

2.1. Setting up the master

  1. Pick a machine for running the piuparts master. It cannot be a chroot, but basically any real (or properly virtualized) Debian system is good enough.
  2. Install the package piuparts-master on it.
  3. Create an account for the master, if you install the piuparts-master package it will automatically create a piupartsm user for you.
  4. Configure /etc/piuparts/piuparts.conf appropriately.
  5. Create the master and backup directories as defined in that piuparts.conf and make sure master owns them.
  6. To generate the web reports, configure your webserver as needed. If you want to use the supplied conf-available/piuparts-master.conf for apache2, you will need to do two things: a.) enable it and b.) link the htdocs directory defined in piuparts.conf to /var/lib/piuparts/htdocs (thats the DocumentRoot as defined in conf-available/piuparts-master.conf).

2.2. Setting up the slave(s)

  1. Pick one or more machines for running one or several piuparts slaves. You can use the machine which is running the master also for running a slave. It’s also perfectly ok to run several slaves on a multi-core machine which has lots of IO available.
  2. Install the package piuparts-slave on it.
  3. Configure /etc/piuparts/piuparts.conf appropriately - if master and slave share the machine, they also share the config file. If you want to run more than one slave on a machine, set the slave-count parameter as desired. By default one slave will be run.
  4. Create the slave and tmp directories as defined in that piuparts.conf and make sure the slave can read and write there.
  5. Create an account for the slave. This must be different from the master account. The piuparts-slave package will create a piupartss user on installation. Whether you run one or many slaves, they run with the same user.
  6. Create an ssh keypair for the slave. No passphrase. If you installed the piuparts-slave package this was done automatically and the public key can be found in /var/lib/piuparts/piupartss/.ssh/
  7. Copy the slave’s public key to the master’s .ssh/authorized_keys, for an installation from packages this will be /var/lib/piuparts/piupartsm/.ssh/authorized_keys. The key should be restricted to only allow running piuparts-master by prefixing it with 'command="/usr/share/piuparts/piuparts-master",no-port-forwarding,no-X11-forwarding,no-agent-forwarding '
  8. Configure sudo to allow the slave account to run several commands as root as root without password. See the example provided in /usr/share/doc/piuparts-slave/examples/ to learn which.
  9. Run /usr/bin/piuparts_slave_run and piuparts_slave_join to actually let the slave(s) run and to join their sessions.
  10. Run /usr/bin/piuparts_slave_stop to stop all piuparts-slaves on a host.
  11. The logs go into the master account, into subdirectories.

2.3. Tuning the setup

The piuparts-server package installs a piuparts server along the lines of

Custome /etc/piuparts/piuparts.conf according to your needs, most probably you will want to re-define the sections to be tested (e.g. sid) and also maybe use a different Debian mirror. Note that the server can place a significant load on the repository. Consider setting up a local mirror, or a caching proxy for http and apt-get, to reduce the load. Running multiple slaves on a fast host can easily saturate a 100 MBit link.

Logs are stored under /var/lib/piuparts by default. They are stored there because they are basically the result of piuparts running.

There are maintenance cron jobs defined in /usr/share/doc/piuparts-(master|slave)/examples/. In particular, piuparts-report will create static html pages, defaulting to http://localhost/piuparts to be served by any webserver.

2.4. Setup from GIT has been set up directly from GIT, this is described in /usr/share/doc/piuparts-master/README_pejacevic.txt.

3. Distributed piuparts testing protocol

The slave machine and the piuparts-master program communicate using a simplistic line based protocol. SSH takes care of authentication, so there is nothing in the protocol for that. The protocol is transaction based: the slave gives a command, the master program responds. Commands and responses can be simple (a single line) or long (a status line plus additional data lines). Simple commands and responses are of the following format:

'keyword arg1 arg2 arg3 ... argN'

The keyword is a command or status code ("ok"), and it and the arguments are separated by spaces. An argument may not contain a space.

A long command or response is deduced from the context: certain commands always include additional data, and certain commands always get a long response, if successful (error responses are always simple). The first line of a long command or response is the same as for a simple one, the additional lines are prefixed with a space, and followed by a line containing only a period.

A sample session (">>" indicates what the slave sends, "<<" what the master responds with):

<< hello
>> section sid
<< ok
>> pass liwc 1.2.3-4
>>  The piuparts
>>  log file comes
>>  here
>> .
<< ok
>> reserve
<< ok vorbisgain 2.3-4

Here the slave first reports a successful test of package liwc, version 1.2.3-4, and sends the piuparts log file for it. Then it reserves a new package to test and the master gives it vorbisgain, version 2.3-4.

The communication always starts with the master saying "hello". The slave shall not speak until the master has spoken.

Commands and responses in this protocol:

Command: section <string>
Success: ok
Failure: error
Failure: busy

Slave asks master to select the given section. This must be the very first command sent by the slave, but may be repeated later on to switch between sections. It will return "error" if the section is unknown and "busy" if it is currently processed by another master instance. If the section command fails, no other commands than "section" will be allowed until one succeeds.

Command: recycle
Success: ok
Failure: error

Slave asks master to enable logfile recycling mode. In this mode logfiles that have been marked for rechecking will be deleted and reissued in subsequent "reserve" commands. The "recycle" command must be issued before the first "reserve" (or "status") command. It will return "error" if no more logfiles are marked for rechecking or the command is issued too late.

Command: idle
Success: ok <int>

Slave asks master whether it remembers having no packages available at a previous "reserve" command. Returns 0 (not known to be idle or timeout expired) or the number of seconds until the master wants to recompute the package state. This command should be given after "recycle" and logfile submission, but before "reserve" or "status" commands. If the slave closes the connection without issuing a "reserve" or "status" command, the expensive Packages file parsing and status computation will be skipped.

Command: reserve
Success: ok <packagename> <packageversion>
Failure: error

Slave asks master to reserve a package (a particular version of it) for the slave to test. The slave may reserve any number of packages to test. If the transaction fails, there are no more packages to test, and the slave should disconnect, wait some time and try again.

Command: unreserve <packagename> <packageversion>
Success: ok

Slave informs master it cannot test the desired version of a package and the package should be rescheduled by the master.

Command: pass <packagename> <packageversion>
          log file contents
Success: ok

Slave reports that it has tested a particular version of a package and that the package passed all tests. Master records this and stores the log file somewhere suitable.

Command: fail <packagename> <packageversion>
          log file contents
Success: ok

Same as "pass", but package failed one or more tests.

Command: untestable <packagename> <packageversion>
          log file contents
Success: ok

Slave informs master it cannot test the desired version of a package (perhaps it went away from the mirror?).

Command: status
Success: ok <package-state>=<count> <package-state>=<count>...

Slave asks master to report the number of packages in all different states. The "status" command should only be issued after all logs have been transmitted ("pass", "fail", and "untestable" commands).

In all cases, if the master cannot respond with "ok" (e.g., because of a disk error storing a log file), it aborts and the connection fails. The slave may only assume the command has succeeded if the master responds with "ok".

The master may likewise abort, without an error message, if the slave sends garbage, or sends too much data.

4. piuparts.conf configuration file

piuparts-master, piuparts-slave and piuparts-report share the configuration file /etc/piuparts/piuparts.conf. The syntax is defined by the Python ConfigParser class, and is, briefly, like this:

    foo = bar

4.1. global configuration

These settings have to be placed in the [global] section and are used for all further sections.

  • "sections" defaults to sid and defines which sections should be processed in master-slave mode. Each section defined here has to have a section with the section specific settings explained below. The first section defined should always be sid, because the data from first section a package is in is used for the source package html report.
  • "basetgz-sections" is an additional list of sections that are only used to maintain the basetgz tarballs and will therefore be ignored by all scripts except piuparts-slave. This list is empty by default.
  • "master-host" is the host where the master exists. The slave will give this host to ssh. This option is mandatory.
  • "master-user" is the username of the master. The slave will log in using this username. This option is mandatory.
  • "master-directory" is the directory where the master keeps its files. Can be relative to the master’s home directory.
  • "slave-directory" is the directory where the slave keeps its files. Can be relative to the slave’s home directory.
  • "slave-count" is the number of concurrent slaves to start. Default: "1".
  • "slave-flush-interval" is an interval (in seconds) of processing a section which has more queued work after that the slave will connect to the master and flush pending logfiles before resuming the section. Default: "0", i.e. disabled.
  • "output-directory" is the directory where piuparts-report places the logfiles, generated html files, charts, … that can be served by a webserver.
  • "backup-directory" is the directory where the prepare_backup script will place copies of the history data needed to generate the plots. This directory should be included in system backups while the logfiles and html pages in master-directory and output-directory (several GB of data) are regeneratable with some effort and can be excluded from backups. By default this is undefined meaning that no backups of the history data will be made.
  • "web-host" is the domain name for the reporting web server. Default: "".
  • "doc-root" is the location where the webserver will serve the piuparts report from. Default: "/".
  • "slave-load-max" specifies the system load limit when piuparts-slave will enter sleep mode. Operation will be resumed after load drops below slave-load-max - 1.0. Floating point value. Defaults to 0 (= disabled).
  • "proxy" sets the http_proxy that will be used for fetching Packages files etc. (by master/slave/report) and .debs etc. (by piuparts). This will override a http_proxy setting in the environment. By default (no value being set) the http_proxy variable from the environment will be used (and no proxy will be used if this is not set). It is highly recommended to use a proxy running on localhost (e.g. installing squid and using a setting of "http://localhost:3128") due to the high bandwidth consumption of piuparts and repeated downloading of the same files.

4.2. section specific configuration

The section specific settings will be reloaded each time a section is being run. All these keys can be specified in the [global] section, too, and will serve as defaults for all other sections (overriding the builtin defaults).

  • "master-command" is the command to run on master-host to start the master. Better then setting it here is actually setting it in ~piupartsm/.ssh/authorized_keys to limit ssh access to that single command. The key should be restricted to only allow running piuparts-master by prefixing it with command="/usr/share/piuparts/piuparts-master",no-pty,no-port-forwarding.
  • "idle-sleep" is the length of time the slave should wait before querying the master again if the master didn’t have any new packages to test. In seconds, so a value of 300 would mean five minutes, and that seems to be a good value for a repo that gets updated frequently. The default is 300 seconds.
  • "max-tgz-age" is used to specify the maximum age (in seconds) after which basesystem tarballs will be recreated. If recreation fails, the old tarball will be used again. The default is 2592000 seconds, which is 30 days. A value of 0 disables recreation.
  • "min-tgz-retry-delay" is used to specify the minimum time (in seconds) between attempts to recreate a tarball which was created more than "max-tgz-age" seconds ago. The default is 21600 seconds, which is 6h.
  • "log-file" is the name of a file to where the master should write its log messages. In the default configuration file it is "$SECTION/master.log". To disable logging, set it to "/dev/null". The global "log-file" setting (defaulting to master-error.log) is used for logging stderr output from piuparts-master. This logfile will be placed in the master-directory and has the PID appended.
  • "setarch" contains arguments for an optional setarch command that can be prepended to the piuparts-command. Recommended value for running i386 tests on an amd64 host is linux32.
  • "piuparts-command" is the command the slave uses to start piuparts. It should include sudo if necessary so that piuparts runs with sufficient priviledges to do its testing (and that means root priviledges). This command should be given in the [global] section and include all flags that are common for all sections.
  • "piuparts-flags" are appended to "piuparts-command" and should contain the section-specific flags.
  • "tmpdir" is the scratch area where piuparts will create the chroots. Note: the filesystem where this is located must not be mounted with the nodev or nosuid options. This is a mandatory setting with no default. The scripts that are monitoring this directory for leftover mountpoints and chroots only evaluate the [global] setting.
  • "description" is a synopsis of the test used in the report. A default description will be generated if this is not set or will be prepended (appended) if the description starts (ends) with +.
  • "mirror" tells the slave which mirror it is to use. The slave gives this to piuparts when it runs it. The URLs for Packages and Sources files will be generated from this setting, too. Default (for fetching Packages/Sources): "".
  • "distro" is the distribution the slave should tell piuparts to use for basic install/purge testing. It is also possible to use a "partial" distribution as defined in distros.conf. No default. If upgrade-test-distros is set, this selects the distribution that will be used for getting the packages to be tested. Defaults to the last entry in upgrade-test-distros, but other useful settings are the first entry (to test upgrades of "disappearing" packages) or the restricted set in a partial distribution (e.g. stable to backports to testing). The special keyword "None" is used to denote that no packages are to be tested, but only the basetgz tarball will be created and refreshed regularily (for the distribution given in upgrade-test-distros). This reference basetgz can be shared between several sections without being affected by their flags.
  • "area" is the archive area used to get the list of packages to be tested. The Packages file for this area will be loaded. The default is "main" and the possible values depend on the vendor, for Debian these are main, contrib, non-free.
  • "components" sets the archive areas that will be available when testing the packages selected via the "area" setting. These will be enabled in the generated sources.list. Defaults to "", which means all components will be available. A useful setting is "main" together with area = main to avoid using packages outside main. Testing packages from a partial area like contrib or non-free usually requires additional or all components to be available.
  • "arch" is the architecture to use. Default: dpkg --print-architecture.
  • "chroot-tgz" is the name of the file the slave should use for the tarball containing the base chroot. The default name is generated automatically from the "distro" or "upgrade-test-distros" setting. If the tarball doesn’t exist, the slave creates it.
  • "basetgz-directory" is the directory where "chroot-tgz" (or the automatically selected default name) is located. The default is ..
  • "chroot-meta-auto" (global, section) is a file in "chroot-meta-directory" (falling back to the section directory) where the slave will store cached chroot meta data for the reference target chroot in distupgrade tests. This speeds up distupgrade tests since it avoids doing an empty upgrade test to generate this data on-the-fly as part of each test. Cached data will be valid for 6 hours unless a mismatch in the package versions available in the chroot is detected earlier. This is not set (and therefore not enabled) by default.
  • "chroot-meta-directory" is the directory where "chroot-meta-auto" stores the reference target chroot metadata.
  • "upgrade-test-distros" is the space delimited list of distributions the slave should use for testing upgrades between distributions (i.e., Debian versions). Using "partial" distributions as defined in distros.conf is possible. Currently, "jessie stretch sid" is a good choice. Setting this switches from doing install/purge tests to dist-upgrade tests. Not set by default.
  • "max-reserved" is the maximum number of packages the slave will reserve at once. It should be large enough that the host that runs master is not unduly stressed by frequent ssh logins and running master (both of which take quite a bit of CPU cycles), yet at the same time it should not be so large that one slave grabs so many packages all other slaves just sit idle. The number obviously depends on the speed of the slave. A good value seems to be enough to let the slave test packages for about an hour before reporting results and reserving more. For a contemporary AMD64 machine with a reasonably fast disk subsystem the value 50 seems to work fine. To disable a section set this to 0.
  • "keep-sources-list" controls whether the slave runs piuparts with the --keep-sources-list option. This option does not apply to upgrade tests. The value should be "yes" or "no", with the default being "no". Use this option for dists that you need a custom sources.list for, such as "stable-proposed-updates".
  • "precedence" controls the order the sections are being processed by the slave. Sections with a larger precedence value will be run only if all sections with a smaller precedence value are idle, i.e. master does not have any packages that this slave could test. Sections with the same precedence value will be processed round-robin until they are all idle (or a more important section has packages to be tested). The default is 1.
  • "depends-sections" lists additional sections that will be searched for dependencies that are not available in the current section if that describes a partial distro.
  • "known-problem-directory" is the path to the directory containing definitions of known problems.
  • "debug" tells the slave whether to log debug level messages. The value should be "yes" or "no", with the default being "no". piuparts itself currently always produces debug output and there is no way to disable that.
  • "PYTHONPATH" (global) sets the search path to the piupartslib python modules if they are not installed in their default location in /usr.
  • "reschedule-untestable-days" (global) sets the rescheduling delay for untestable packages (e.g. due to unsatisfied dependencies). This is handled by the report_untestable_packages script and the default is "7" days.
  • "reschedule-old-days" (global, section) and the following five settings define the rescheduling scheme that it performed by the reschedule_oldest_logs script. Passed/failed logs that are older than reschedule-(old|fail)-days will be marked for rechecking (limited to reschedule-(old|fail)-count). Only packages that are actually testable will be reissued by piuparts-master (and the "old" log will be deleted at that time). Logs that are marked for recycling but have not been rechecked due to missing/failing dependencies will be deleted anyway if they are older than expire-(old|fail)-days.
  • "reschedule-old-count" (global, section) is the maximum number of passed logs that will be marked for recycling. Set to 0 to disable rescheduling passed logs.
  • "expire-old-days" (global, section) can be set to a value larger than reschedule-old-days to delete logs older than the setting that are marked for recycling but haven’t been rechecked due to failing or missing dependencies. A value starting with "+" is relative to reschedule-old-days. Disabled by default ("0").
  • "reschedule-fail-days" (global, section) sets the minimum age of failing logs (fail/.log or affected/.log) before they will be rechecked.
  • "reschedule-fail-count" (global, section) is the maximum number of failed logs that will be marked for recycling. Set to 0 to disable rescheduling failed logs.
  • "expire-fail-days" (global, section) can be set to a value larger than reschedule-fail-days to delete logs older than the setting that are marked for recycling but haven’t been rechecked due to failing or missing dependencies. A value starting with "+" is relative to reschedule-fail-days. Disabled by default ("0").
  • "auto-reschedule" (section) can be set to "no" to disable rescheduling of passed and failed packages. To disable only rescheduling one of passed or failed logs, set the corresponding -count variable to zero.
  • "json-sections" is a space-separated list of the section/distribution names which receive test results for this section. The results, by package, are stored with this name/these names in the section and global test summary.json files. If "json-sections" is undefined, or defined as "default", piuparts will assign the section to one of "unstable", "testing", "stable", "oldstable", "experimental", or "unknown". If "json-sections" is "none", the summary will not be created. The "json-sections" name "overall" is reserved.
  • "exclude-known-problems" (global, section) can be set to a list of known_problems conffile names (including the .conf suffix) that should not be used for this section. Useful if a known problem triggers on (nearly) all logfiles.

Some of the configuration items are not required, but it is best to set them all to be sure what the configuration actually is.

4.3. specific configuration

In addition to some of the above settings the following configuration settings are used by the scripts in ~piuparts?/bin/ used to run They are all optional, default values are set in the scripts.

  • "urlbase" (global) is the base url of the webserver serving this piuparts instance. Used to provide links to logfiles in email reports. It defaults to "".

5. Running piuparts-report as it is done for

If you want to run piuparts-report (which is only+very useful if you run piuparts in master-slave mode), you need to apt-get install python-rpy r-recommended r-base-dev. For more information see

To generate the report on the master host run:

piupartsm@pejacevic:~$ /usr/share/piuparts/master/generate_daily_report