From 4a36defbb41b7a528c2bb8e8de90ba5e125653ac Mon Sep 17 00:00:00 2001
From: "robert.tomczyk" <robert.tomczyk@est.tech>
Date: Wed, 1 Dec 2021 17:32:44 +0000
Subject: [PATCH] ORANSC: Introduce ORANSC packer image

Change-Id: I47e35c95f98070d2e1166693edc14253a1112c4d
---
 .../slave-setup/oransc-build-server/README.md |  10 ++
 .../oransc-build-server/authorized_keys       |   3 +
 .../oransc-build-server/configure-image.sh    | 111 ++++++++++++++++++
 .../oransc-build-ubuntu2004.json              |  29 +++++
 4 files changed, 153 insertions(+)
 create mode 100644 infra/jenkins/slave-setup/oransc-build-server/README.md
 create mode 100644 infra/jenkins/slave-setup/oransc-build-server/authorized_keys
 create mode 100644 infra/jenkins/slave-setup/oransc-build-server/configure-image.sh
 create mode 100644 infra/jenkins/slave-setup/oransc-build-server/oransc-build-ubuntu2004.json

diff --git a/infra/jenkins/slave-setup/oransc-build-server/README.md b/infra/jenkins/slave-setup/oransc-build-server/README.md
new file mode 100644
index 0000000..7cb6c15
--- /dev/null
+++ b/infra/jenkins/slave-setup/oransc-build-server/README.md
@@ -0,0 +1,10 @@
+## Description
+Packer files for creating virtual machine image used for ORANSC jenkins build server.
+Based on Ubuntu 20.04 image with Java & Docker installed ontop.
+
+## Steps To Run
+ 1. Source OpenStack RC file `source <openstack-rc-file.sh>`to set environment variables used by packer e.g. OS_USERNAME, OS_PASSWORD and OS_AUTH_URL
+ 2. Run `packer build <packerfile.json>`
+
+
+This will create the image specified (image_name) onto the OpenStack Server (identity_endpoint). Modify packer parameters as required and add packages to be installed into the shell script. For more info see [Packer docs](https://www.packer.io/docs/builders/openstack)
diff --git a/infra/jenkins/slave-setup/oransc-build-server/authorized_keys b/infra/jenkins/slave-setup/oransc-build-server/authorized_keys
new file mode 100644
index 0000000..4831994
--- /dev/null
+++ b/infra/jenkins/slave-setup/oransc-build-server/authorized_keys
@@ -0,0 +1,3 @@
+# injected by packer
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArXQug0RDmcbEWKcVnTbffD8jAgzm/lVhwG+Qdlz6iZZwEyLSU4nq6ymo2ukG7xTC8yBv5T0rjTtjQollFPc6CcM4I8aPnr8adI3ajDEseI4k/9bjr8+YrnXzLEszsoeYqCEqXz8gm1tbV1MMtxN3w7IUEdekAslFeMpJ8fEzFj8Ii5IiIGVJtz2mKdhReJEmqkW0u0UBQbg8L8n4YLj2wuW4V6hkDS/p96DJeBXb/wgB4u2bRWRFB45wlHyuVImeLxlMJTvWc6G1U7B7s/mcBLFX2Fis8brvMZDMiNPaUwWfYIJN+m2wzHhx0SkeboO6Svvcn7qe2qzgnDMOEUVQjQ== fdegir
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDiCJoG0x+wVM4T8GWMTHZobCDqnrDGEkyprNHrpUGchExhYUwu7B33zbz6F/A3ScpycBgiRTc47q+W8UB+cvfpol8CuvgmF7qU2E+/pe37Uee3ZDdXsxSg5rDp2ZDY1404/m1EKCmVMzBq0292KInsS7nWu9WsgPCKdalsHEBrWgAU3ft7FJX+5ybjMqhMZ3eXs6MAC1+ppLR6JhBPRInW5s1dYNUsQMKzHZvVmVzwPsa7KZEOKfPF0IKZiGCFsWzoLiRY60tmL0r/C1HXigUuHj0vITBePKx/YV06VLbzUffH+Lpa1asA5Rm27BcQ4ucIYucdv9x/+cnum8yoxHsAmgK+PvnqPk0qa7vRqcs7crTxgNyk3fRhttg4Sq+m1o4NQncfQW+JJNO7c8gPxawZ63onPMPUnAE3WNxu8N1Z2UPtMoAwicIyldggpt8oxmjC7B3OoxM2IwmoRNvW4x2Bq/VVjALFg9pRsoIrTp4040zhKaQLIkmaTnneE85ZsTTUcOJv66odf4e9gKcHA7J0BzwYNOuwlWmDnlqC7vQmyDc7N2FoFOBYVUem4KdTvNsBG/gFpglA7NRqD0REcfNMMdxi9pltW7gbowhBD5L0rBqXDYlROhBg3jWuwTvKOmcRrCROgS0zlZxLqO7vK3c39XMpuZdsOCP2OrQORoxFaw== Robert-Nordix-City-ssh
\ No newline at end of file
diff --git a/infra/jenkins/slave-setup/oransc-build-server/configure-image.sh b/infra/jenkins/slave-setup/oransc-build-server/configure-image.sh
new file mode 100644
index 0000000..8ba4783
--- /dev/null
+++ b/infra/jenkins/slave-setup/oransc-build-server/configure-image.sh
@@ -0,0 +1,111 @@
+#!/bin/bash
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2021 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+set -ex
+
+# 3PP versions
+DOCKER_VERSION="5:20.10.11~3-0~ubuntu-focal"
+GO_VERSION="1.17"
+GO_LINT_VERSION="1.39.0"
+
+sudo apt-get update
+sudo DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
+sudo apt-get install -y unzip
+
+# INSTALL JAVA
+sudo apt-get install -y openjdk-11-jdk
+java -version
+
+# INSTALL DOCKER
+sudo DEBIAN_FRONTEND=noninteractive apt-get install -y \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    gnupg-agent \
+    software-properties-common
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+sudo add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+   $(lsb_release -cs) \
+   stable"
+sudo apt-get update
+sudo apt-get install -y docker-ce=${DOCKER_VERSION} docker-ce-cli=${DOCKER_VERSION} containerd.io
+docker --version
+
+sudo systemctl enable docker
+sudo systemctl start docker
+
+echo "Info  : Install ORANSC build dependency packages"
+sudo apt install -y  \
+    diffstat \
+    gcc \
+    build-essential 
+
+# INSTALL GO
+cd /tmp
+# golang
+wget https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz
+tar xzvf go${GO_VERSION}.linux-amd64.tar.gz
+sudo mv go /usr/local
+# golangci-lint
+wget https://github.com/golangci/golangci-lint/releases/download/v${GO_LINT_VERSION}/golangci-lint-${GO_LINT_VERSION}-linux-amd64.deb
+sudo dpkg -i golangci-lint-${GO_LINT_VERSION}-linux-amd64.deb
+/bin/rm -rf  go${GO_VERSION}.linux-amd64.tar.gz golangci-lint-${GO_LINT_VERSION}-linux-amd64.deb
+
+# CREATE JENKINS USER
+# Crete homedir, add to sudo group, add entry in /etc/passwd
+sudo useradd -G sudo,docker -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins
+# Create slave root directory
+sudo mkdir -p /home/jenkins/nordix/slave_root
+sudo chown -R jenkins:jenkins /home/jenkins/nordix/slave_root
+sudo chmod -R 755 /home/jenkins/nordix/slave_root
+# Modify sudoers - disable env_reset, !requiretty and passwordless sudo
+sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:jenkins  \!requiretty/" /etc/sudoers
+sudo sed -i "s/^%sudo.*ALL/%sudo   ALL=(ALL:ALL)   NOPASSWD: ALL/" /etc/sudoers
+# Disable ssh password login, enable ssh with keys for jenkins user
+sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config"
+sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config"
+sudo bash -c "echo AllowUsers jenkins >> /etc/ssh/sshd_config"
+sudo systemctl restart sshd
+
+# configure sysctl
+sudo sysctl -w net.ipv4.tcp_keepalive_time=120
+sudo sysctl -w net.ipv4.tcp_keepalive_intvl=30
+sudo sysctl -w net.ipv4.tcp_keepalive_probes=8
+sudo sysctl -w net.ipv4.tcp_fin_timeout=30
+
+# update ~jenkins/.profile
+sudo bash -c "echo 'export PATH=\$PATH:/usr/local/go/bin' >> /home/jenkins/.profile"
+
+echo "Info  : Create cloud-init script"
+# get cloud-init script in place so we can place the keys into ~jenkins/.ssh
+sudo bash -c 'cat << EOF > /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh
+#!/bin/bash
+sudo mkdir -p /home/jenkins/.ssh
+# append ssh key injected by openstack to authorized_keys
+sudo cat /home/ubuntu/.ssh/authorized_keys >> /home/jenkins/.ssh/authorized_keys
+# append user ssh public keys uploaded by packer to authorized_keys
+sudo cat /home/ubuntu/authorized_keys.packer >> /home/jenkins/.ssh/authorized_keys
+# remove /home/ubuntu/authorized_keys.packer
+sudo rm -f /home/jenkins/authorized_keys.packer
+sudo chown -R jenkins:jenkins /home/jenkins/.ssh
+sudo chmod -R go-rwx /home/jenkins/.ssh
+sudo userdel -f -r ubuntu
+EOF'
+
+sudo chmod +x /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh
diff --git a/infra/jenkins/slave-setup/oransc-build-server/oransc-build-ubuntu2004.json b/infra/jenkins/slave-setup/oransc-build-server/oransc-build-ubuntu2004.json
new file mode 100644
index 0000000..bc0c730
--- /dev/null
+++ b/infra/jenkins/slave-setup/oransc-build-server/oransc-build-ubuntu2004.json
@@ -0,0 +1,29 @@
+{
+    "builders": [
+        {
+            "type": "openstack",
+            "region": "Kna1",
+            "domain_name": "CCP_Domain_34201",
+            "identity_endpoint": "https://kna1.citycloud.com:5000",
+            "image_name": "oransc-build-ubuntu2004",
+            "ssh_username": "ubuntu",
+            "source_image_name": "Ubuntu 20.04 Focal Fossa 20200423",
+            "flavor": "1C-2GB",
+            "networks": [
+                "e310fab3-cfef-4107-b40e-791e9c01903d"
+            ],
+            "floating_ip_network": "ext-net"
+        }
+    ],
+    "provisioners": [
+        {
+            "type": "file",
+            "source": "authorized_keys",
+            "destination": "/home/ubuntu/authorized_keys.packer"
+        },
+        {
+            "script": "configure-image.sh",
+            "type": "shell"
+        }
+    ]
+}
-- 
2.25.1