--- /dev/null
+## Description
+Packer files to create OpenStack base image for ONAP jenkins slave build server.
+Image is base on Ubuntu 18.04 OS with Java 8, Java 11 and Java 12 installed as ONAP projects has different Java build version requirements.
+
+## Steps To Run
+ 1. Source OpenStack RC file `source <openstack-rc-file.sh>` that points to **"Default Project 34201"** in Karlskrona region as this is where the build servers for Nordix are located. This will set up environment variables used by packer e.g. OS_USERNAME, OS_PASSWORD and OS_AUTH_URL.
+ 2. Run `packer build <packerfile.json>`
+
+
+This will create the image specified (image_name) onto the OpenStack (identity_endpoint). Modify packer parameters as required and add packages to be installed into the shell script. For more info see [Packer docs](https://www.packer.io/docs/builders/openstack)
+## Note
+### Image public key handling
+The public key for jenkins user will be injected by [OpenStack Cloud plugin](https://github.com/jenkinsci/openstack-cloud-plugin) and this key should be configured for the slave in Nordix Jenkins. There is also an option to inject they public key in the image using the file authorized_keys.packer. This file is used for injecting user keys into image during cloud-init phase for ssh access to the slaves for troubleshooting. If you want to have access to the slaves, please add your ssh public key in it.
+### Maven configuration handling
+The mvn configuration file (settings.xml) is not part of the ONAP build server image. The mvn settings.xml will be provided as part of the ONAP java verify jobs: [verify-jobs.sh](https://gerrit.nordix.org/gitweb?p=infra/cicd.git;a=blob;f=jjb/onap/verify-jobs.sh;hb=HEAD). If commitid is not provided for the settings.xml, the latest master version is used as default for backward compatibility for existing ONAP jobs.
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+set -o nounset
+set -o errexit
+set -o pipefail
+#set -o xtrace
+DPKG_LOCK="/var/lib/dpkg/lock-frontend"
+
+# Wait for other apt process to finish by checking the dpkg lock file.
+try=0
+while sudo lsof ${DPKG_LOCK} >/dev/null 2>&1; do
+ echo "DPKG file locked: ${DPKG_LOCK}."
+ echo " Waiting for another pkg instalaltion process to finish ..."
+ sleep 10
+ if [[ ${try} -gt 60 ]]; then
+ echo "ERROR: Max number of re-tries reached, exiting..."
+ exit 1
+ fi
+ try=$((try + 1))
+done
+
+# list of basic packages to install
+PKG_LIST=(
+ apt-utils
+ apt-transport-https
+ ca-certificates
+ gnupg-agent
+ software-properties-common
+ git
+ vim
+ curl
+ wget
+ zip
+ unzip
+ chrony
+ curl
+ jq
+ docker-ce
+ docker-ce-cli
+ containerd.io
+ openjdk-8-jre
+ openjdk-8-jdk
+)
+# we need apt to proceed without any prompt asking for user input
+export DEBIAN_FRONTEND=noninteractive
+
+echo "Info : Install packages"
+# update packages to their latest
+sudo -H -E apt update
+sudo -H -E apt upgrade -y -q=3
+
+# install packages
+sudo apt remove -y docker docker-engine docker.io containerd runc
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+sudo add-apt-repository \
+ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+ $(lsb_release -cs) \
+ stable"
+sudo apt-get update
+sudo -H -E apt -y -q=3 --no-install-recommends install "${PKG_LIST[@]}"
+
+# Enable and start docker
+docker --version
+sudo systemctl enable docker
+sudo systemctl start docker
+
+# install command-line YAML processor from Snappy
+sudo snap install yq
+
+# remove unnecessary packages
+sudo -H -E apt autoremove -y
+
+echo "Info : Install additional Java version"
+# INSTALL additional Java 11 and 12 while keep pointing alternatives to JDK8
+sudo cp -R /etc/alternatives /etc/keep-alternatives
+sudo add-apt-repository -y ppa:openjdk-r/ppa
+sudo apt-get update
+sudo -H -E apt -y -q=3 install \
+ openjdk-11-jdk \
+ openjdk-12-jdk
+sudo rm -rf /etc/alternatives
+sudo mv /etc/keep-alternatives /etc/alternatives
+java -version
+
+echo "Info : Enable time sync"
+# ensure time sync is setup
+sudo systemctl enable chrony --now
+sudo chronyc -a 'burst 4/4' && sudo chronyc -a makestep
+
+echo "Info : Create and configure jenkins user"
+# create and configure jenkins user
+sudo useradd -G sudo,docker -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins
+sudo mkdir -p /home/jenkins/nordix/slave_root
+sudo chown -R jenkins:jenkins /home/jenkins/nordix/slave_root
+sudo chmod -R 755 /home/jenkins/nordix/slave_root
+
+# Modify sudoers - disable env_reset, !requiretty and passwordless sudo
+sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:jenkins \!requiretty/" /etc/sudoers
+sudo sed -i "s/^%sudo.*ALL/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/" /etc/sudoers
+
+# Disable ssh password login, enable ssh with keys for jenkins user
+sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config"
+sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config"
+sudo bash -c "echo AllowUsers jenkins >> /etc/ssh/sshd_config"
+sudo systemctl restart sshd
+
+echo "Info : Create cloud-init script"
+# get cloud-init script in place so we can place the keys into ~jenkins/.ssh
+sudo bash -c 'cat << EOF > /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh
+#!/bin/bash
+sudo mkdir -p /home/jenkins/.ssh
+# append ssh key injected by openstack to authorized_keys
+sudo cat /home/ubuntu/.ssh/authorized_keys >> /home/jenkins/.ssh/authorized_keys
+# append user ssh public keys uploaded by packer to authorized_keys
+sudo cat /home/ubuntu/authorized_keys.packer >> /home/jenkins/.ssh/authorized_keys
+# remove /home/ubuntu/authorized_keys.packer
+sudo rm -f /home/jenkins/authorized_keys.packer
+sudo chown -R jenkins:jenkins /home/jenkins/.ssh
+sudo chmod -R go-rwx /home/jenkins/.ssh
+sudo userdel -f -r ubuntu
+EOF'
+
+sudo chmod +x /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh
Code Review / infra / tools.git / commitdiff