From: sankar palanivel <sankar.palanivel@est.tech>
Date: Fri, 7 Jan 2022 10:58:01 +0000 (+0000)
Subject: Update jenkins build slave packer script
X-Git-Url: https://gerrit.nordix.org/gitweb?a=commitdiff_plain;h=6c2f376765a1dd121fa93be7dfba86f8203f55e7;p=infra%2Ftools.git

Update jenkins build slave packer script

In this change,
 - Packer image build scripts updated with below entries in order to fix an issue
   with Let's Encrypt certificate when cloning repo from gerrit.est.tech due to DST
   Root CA X3 Expiration: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

   1. Remove outdated certificate from system:
      # rm -rf /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
   2. Update CA certificates on the system
      # sudo update-ca-certificates --fresh --verbose

Change-Id: I7a0eebe0e3ea6b7624b89e090cac566bca47e401
---

diff --git a/infra/jenkins/slave-setup/cloud-infra/configure-image-ubuntu1804.sh b/infra/jenkins/slave-setup/cloud-infra/configure-image-ubuntu1804.sh
index 7aebf32..ab00278 100644
--- a/infra/jenkins/slave-setup/cloud-infra/configure-image-ubuntu1804.sh
+++ b/infra/jenkins/slave-setup/cloud-infra/configure-image-ubuntu1804.sh
@@ -59,6 +59,13 @@ sudo -H -E apt upgrade -y -q=3
 # install packages
 sudo -H -E apt -y -q=3 install ${PKG_LIST[@]}
 
+# If you have a issue with Let's Encrypt certificate when cloning repo due to DST Root CA X3 Expiration:
+# https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
+# remove outdated certificate from system
+sudo rm -rf /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
+# update ca-certificates
+sudo update-ca-certificates --fresh --verbose
+
 # remove unnecessary packages
 sudo -H -E apt autoremove -y
 
diff --git a/infra/jenkins/slave-setup/nordix-nsm-build-server/configure-image-ubuntu1804.sh b/infra/jenkins/slave-setup/nordix-nsm-build-server/configure-image-ubuntu1804.sh
index 5b2561b..038ed47 100644
--- a/infra/jenkins/slave-setup/nordix-nsm-build-server/configure-image-ubuntu1804.sh
+++ b/infra/jenkins/slave-setup/nordix-nsm-build-server/configure-image-ubuntu1804.sh
@@ -28,6 +28,13 @@ sudo apt upgrade -y
 # install basic dependencies
 sudo apt install -y make openjdk-11-jre-headless apt-transport-https ca-certificates curl gnupg jq software-properties-common build-essential
 
+# If you have a issue with Let's Encrypt certificate when cloning repo due to DST Root CA X3 Expiration:
+# https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
+# remove outdated certificate from system
+sudo rm -rf /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
+# update ca-certificates
+sudo update-ca-certificates --fresh --verbose
+
 # set versions of various things for NSM for visibility and ease of maintenance
 DOCKER_CE_VERSION="5:20.10.5~3-0~ubuntu-bionic"
 DOCKER_CE_CLI_VERSION="5:20.10.5~3-0~ubuntu-bionic"
diff --git a/infra/jenkins/slave-setup/nordix-onap-jenkins-build-server/configure-image.sh b/infra/jenkins/slave-setup/nordix-onap-jenkins-build-server/configure-image.sh
index a59a7e2..d3b6f99 100644
--- a/infra/jenkins/slave-setup/nordix-onap-jenkins-build-server/configure-image.sh
+++ b/infra/jenkins/slave-setup/nordix-onap-jenkins-build-server/configure-image.sh
@@ -75,6 +75,13 @@ sudo add-apt-repository \
 sudo apt-get update
 sudo -H -E apt -y -q=3 --no-install-recommends install "${PKG_LIST[@]}"
 
+# If you have a issue with Let's Encrypt certificate when cloning repo due to DST Root CA X3 Expiration:
+# https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
+# remove outdated certificate from system
+sudo rm -rf /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
+# update ca-certificates
+sudo update-ca-certificates --fresh --verbose
+
 # Enable and start docker
 docker --version
 sudo systemctl enable docker
diff --git a/infra/jenkins/slave-setup/oransc-build-server/configure-image.sh b/infra/jenkins/slave-setup/oransc-build-server/configure-image.sh
index 8ba4783..66d2e54 100644
--- a/infra/jenkins/slave-setup/oransc-build-server/configure-image.sh
+++ b/infra/jenkins/slave-setup/oransc-build-server/configure-image.sh
@@ -50,6 +50,13 @@ docker --version
 sudo systemctl enable docker
 sudo systemctl start docker
 
+# If you have a issue with Let's Encrypt certificate when cloning repo due to DST Root CA X3 Expiration:
+# https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
+# remove outdated certificate from system
+sudo rm -rf /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
+# update ca-certificates
+sudo update-ca-certificates --fresh --verbose
+
 echo "Info  : Install ORANSC build dependency packages"
 sudo apt install -y  \
     diffstat \
diff --git a/infra/jenkins/slave-setup/uds-build-server/configure-image.sh b/infra/jenkins/slave-setup/uds-build-server/configure-image.sh
index 5ddc68f..34e361b 100644
--- a/infra/jenkins/slave-setup/uds-build-server/configure-image.sh
+++ b/infra/jenkins/slave-setup/uds-build-server/configure-image.sh
@@ -44,6 +44,13 @@ docker --version
 sudo systemctl enable docker
 sudo systemctl start docker
 
+# If you have a issue with Let's Encrypt certificate when cloning repo due to DST Root CA X3 Expiration:
+# https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
+# remove outdated certificate from system
+sudo rm -rf /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
+# update ca-certificates
+sudo update-ca-certificates --fresh --verbose
+
 # CREATE JENKINS USER
 # Crete homedir, add to sudo group, add entry in /etc/passwd
 sudo useradd -G sudo,docker -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins