From: Fatih Degirmenci Date: Thu, 25 Mar 2021 21:19:50 +0000 (+0100) Subject: nsm: Create build server packer file X-Git-Url: https://gerrit.nordix.org/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F43%2F8143%2F2;p=infra%2Ftools.git nsm: Create build server packer file Change-Id: I31fc180a09a4e6deb36741d7aea3c02e5ba0ca75 --- diff --git a/infra/jenkins/slave-setup/nordix-nsm-build-server/README.md b/infra/jenkins/slave-setup/nordix-nsm-build-server/README.md new file mode 100644 index 0000000..622e47b --- /dev/null +++ b/infra/jenkins/slave-setup/nordix-nsm-build-server/README.md @@ -0,0 +1,10 @@ +## Description +Packer files for creating virtual machine image used for Nordix NSM build server. + +## Steps To Run + 1. Source OpenStack RC file `source `to set environment variables used by packer e.g. OS_USERNAME, OS_PASSWORD and OS_AUTH_URL + 2. Run `packer build ` + +This will create the image specified on OpenStack. +Modify packer parameters as required and add packages to be installed into the shell script. +For more info, see [Packer docs](https://www.packer.io/docs/builders/openstack) diff --git a/infra/jenkins/slave-setup/nordix-nsm-build-server/configure-image.sh b/infra/jenkins/slave-setup/nordix-nsm-build-server/configure-image.sh new file mode 100644 index 0000000..b1ce3c7 --- /dev/null +++ b/infra/jenkins/slave-setup/nordix-nsm-build-server/configure-image.sh @@ -0,0 +1,73 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# Copyright (C) 2021 The Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +set -o errexit +set -o pipefail + +# update and upgrade +export DEBIAN_FRONTEND=noninteractive +sudo apt update +sudo apt upgrade -y + +# install basic dependencies +sudo apt install -y make openjdk-11-jre-headless apt-transport-https ca-certificates curl gnupg jq software-properties-common + +# set versions of docker-ce, docker-ce-cli, and containerd.io so we know and pin what we use +DOCKER_CE_VERSION="5:20.10.5~3-0~ubuntu-bionic" +DOCKER_CE_CLI_VERSION="5:20.10.5~3-0~ubuntu-bionic" +CONTAINERD_IO_VERSION="1.4.4-1" + +# install docker-ce, docker-ce-cli, containerd.io and mark them hold +sudo apt remove -y docker docker-engine docker.io containerd runc +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg +echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +sudo apt update +sudo apt install -y docker-ce=$DOCKER_CE_VERSION docker-ce-cli=$DOCKER_CE_CLI_VERSION containerd.io=$CONTAINERD_IO_VERSION +sudo apt-mark hold docker-ce docker-ce-cli containerd.io +sudo systemctl enable docker +sudo systemctl start docker + +# Create jenkins user, add it to required groups, configure sudoers and sshd_config +sudo useradd -G sudo,docker -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins +# Create slave root directory +sudo mkdir -p /home/jenkins/nordix/slave_root +sudo chown -R jenkins:jenkins /home/jenkins/nordix/slave_root +sudo chmod -R 755 /home/jenkins/nordix/slave_root +# Modify sudoers - disable env_reset, !requiretty and passwordless sudo +sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:jenkins \!requiretty/" /etc/sudoers +sudo sed -i "s/^%sudo.*ALL/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/" /etc/sudoers +# Disable ssh password login, enable ssh with keys for jenkins user +sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config" +sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config" +sudo bash -c "echo AllowUsers jenkins >> /etc/ssh/sshd_config" +sudo systemctl restart sshd + +# get cloud-init script in place so we can place the keys into ~jenkins/.ssh +sudo bash -c 'cat << EOF > /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh +#!/bin/bash +sudo mkdir -p /home/jenkins/.ssh +sudo cat /home/ubuntu/.ssh/authorized_keys >> /home/jenkins/.ssh/authorized_keys +sudo chown -R jenkins:jenkins /home/jenkins/.ssh +sudo chmod -R go-rwx /home/jenkins/.ssh +sudo userdel -f -r ubuntu +EOF' +sudo chmod +x /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh + +# vim: set ts=2 sw=2 expandtab: diff --git a/infra/jenkins/slave-setup/nordix-nsm-build-server/nordix-nsm-build-server-ubuntu1804.json b/infra/jenkins/slave-setup/nordix-nsm-build-server/nordix-nsm-build-server-ubuntu1804.json new file mode 100644 index 0000000..d0b19b9 --- /dev/null +++ b/infra/jenkins/slave-setup/nordix-nsm-build-server/nordix-nsm-build-server-ubuntu1804.json @@ -0,0 +1,22 @@ +{ + "builders": [ + { + "type": "openstack", + "identity_endpoint": "https://fra1.citycloud.com:5000", + "image_name": "nordix-nsm-build-ubuntu1804", + "ssh_username": "ubuntu", + "source_image_name": "Ubuntu 18.04 Bionic Beaver 20190724.1", + "flavor": "2C-4GB-10GB", + "networks": [ + "3703a0fe-b900-4553-92ae-2913bba32ae1" + ], + "floating_ip_network": "ext-net" + } + ], + "provisioners": [ + { + "script": "configure-image.sh", + "type": "shell" + } + ] +}