--- /dev/null
+The packer file and corresponding script in this folder are used
+for building Eiffel projects on Nordix Jenkins.
+Nordix Jenkins.
+
+The packer file is specific to City Cloud Karlskrona region since
+it contains the Karlskrona region endpoint and UUID of the network
+created there. For other regions or clouds, a similar file needs
+to be created. The actual script that is executed by packer on
+provisioned temporary instances should work on any Ubuntu2004
+regardless of cloud and region.
+
+Eiffel projects build container images and the script
+configure-image-ubuntu2004.sh installs and configures podman so
+the proxy for Docker Hub setup on Nordix Container Image Registry
+can be utilized.
+
+A final note is that the file authorized_keys.packer is used for
+injecting user keys into image during cloud-init phase for ssh
+access to the slaves for troubleshooting. If you want to have
+access to the slaves, please add your ssh public key in it.
--- /dev/null
+{
+ "builders": [
+ {
+ "type": "openstack",
+ "identity_endpoint": "https://identity1.citycloud.com:5000/v3/",
+ "image_name": "eiffel-build-ubuntu2004",
+ "ssh_username": "ubuntu",
+ "source_image_name": "Ubuntu 20.04 Focal Fossa 20200423",
+ "flavor": "2C-4GB-50GB",
+ "networks": [
+ "e310fab3-cfef-4107-b40e-791e9c01903d"
+ ],
+ "floating_ip_network": "ext-net"
+ }
+ ],
+ "provisioners": [
+ {
+ "type": "file",
+ "source": "authorized_keys",
+ "destination": "/home/ubuntu/authorized_keys.packer"
+ },
+ {
+ "type": "file",
+ "source": "podman_registries.conf",
+ "destination": "/home/ubuntu/podman_registries.conf.packer"
+ },
+ {
+ "type": "file",
+ "source": "podman_storage.conf",
+ "destination": "/home/ubuntu/podman_storage.conf.packer"
+ },
+ {
+ "script": "configure-image-ubuntu2004.sh",
+ "type": "shell"
+ }
+ ]
+}
--- /dev/null
+#!/bin/bash
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+set -o nounset
+set -o pipefail
+
+# ensure apt is not running before proceeding with the rest
+echo "Info : Wait for completion of an existing apt process before proceeding..."
+while true; do
+ pkg_mgr_process=$(pgrep -f apt | cat)
+ if [[ -n $pkg_mgr_process ]]; then
+ sleep 10
+ else
+ break
+ fi
+done
+echo "Info : apt process done. Continuing..."
+
+# list of basic packages to install
+PKG_LIST=(
+ apt-utils
+ apt-transport-https
+ ca-certificates
+ gnupg-agent
+ software-properties-common
+ git
+ vim
+ curl
+ wget
+ chrony
+ openjdk-11-jre-headless
+)
+
+# we need apt to proceed without any prompt asking for user input
+export DEBIAN_FRONTEND=noninteractive
+
+echo "Info : Install packages"
+# update packages to their latest
+sudo -H -E apt update
+sudo -H -E apt upgrade -y -q=3
+
+# install packages
+sudo -H -E apt -y -q=3 install ${PKG_LIST[@]}
+
+# remove unnecessary packages
+sudo -H -E apt autoremove -y
+
+echo "Info : Enable time sync"
+# ensure time sync is setup
+sudo systemctl enable chrony --now
+sudo chronyc -a 'burst 4/4' && sudo chronyc -a makestep
+
+echo "Info : Enable nested virtualization"
+# enable nested virtualization
+sudo bash -c 'cat << EOF > /etc/modprobe.d/qemu-system-x86.conf
+options kvm-intel nested=y enable_apicv=n
+EOF'
+sudo modprobe -r kvm_intel kvm
+sudo modprobe -a kvm_intel kvm
+sudo lsmod | grep kvm_intel
+sudo cat /sys/module/kvm_intel/parameters/nested
+
+echo "Info : Create and configure jenkins user"
+# create and configure jenkins user
+sudo useradd -G sudo -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins
+sudo mkdir -p /home/jenkins/nordix/slave_root
+sudo chown -R jenkins:jenkins /home/jenkins/nordix
+sudo chmod -R 755 /home/jenkins/nordix/slave_root
+
+# modify sudoers - disable env_reset, !requiretty and passwordless sudo
+sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:jenkins \!requiretty/" /etc/sudoers
+sudo sed -i "s/^%sudo.*ALL/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/" /etc/sudoers
+
+# disable ssh password login, enable ssh with keys for jenkins user
+sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config"
+sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config"
+sudo bash -c "echo AllowUsers jenkins >> /etc/ssh/sshd_config"
+sudo systemctl restart sshd
+
+echo "Info : Install and configure podman"
+# install and configure podman
+. /etc/os-release
+echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
+curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add -
+sudo apt-get update
+sudo apt-get -y upgrade
+sudo apt-get -y install podman fuse-overlayfs
+
+echo "Info : Create cloud-init script"
+# get cloud-init script in place so we can place the required files in place during cloud-init phase
+sudo bash -c 'cat << EOF > /var/lib/cloud/scripts/per-instance/configure-instance.sh
+#!/bin/bash
+sudo mkdir -p /home/jenkins/.ssh
+# append ssh key injected by openstack to authorized_keys
+sudo cat /home/ubuntu/.ssh/authorized_keys >> /home/jenkins/.ssh/authorized_keys
+# append user ssh public keys uploaded by packer to authorized_keys
+sudo cat /home/ubuntu/authorized_keys.packer >> /home/jenkins/.ssh/authorized_keys
+
+# create podman configuration
+sudo mkdir -p /home/jenkins/.config/containers
+sudo mv /home/ubuntu/podman_registries.conf.packer /home/jenkins/.config/containers/registries.conf
+sudo mv /home/ubuntu/podman_storage.conf.packer /home/jenkins/.config/containers/storage.conf
+sudo chown -R jenkins:jenkins /home/jenkins/.config
+sudo chmod -R go-rwx /home/jenkins/.config
+
+# remove /home/ubuntu/authorized_keys.packer
+sudo rm -f /home/jenkins/authorized_keys.packer
+sudo chown -R jenkins:jenkins /home/jenkins/.ssh
+sudo chmod -R go-rwx /home/jenkins/.ssh
+
+# remove ubuntu user
+sudo userdel -f -r ubuntu
+EOF'
+
+sudo chmod +x /var/lib/cloud/scripts/per-instance/configure-instance.sh
Code Review / infra / tools.git / commitdiff