diff options
Diffstat (limited to 'roles/jenkins-slave-deps')
8 files changed, 132 insertions, 29 deletions
diff --git a/roles/jenkins-slave-deps/files/docker_ssh/buildslave.config b/roles/jenkins-slave-deps/files/docker_ssh/buildslave.config deleted file mode 100644 index bc51a135..00000000 --- a/roles/jenkins-slave-deps/files/docker_ssh/buildslave.config +++ /dev/null @@ -1,4 +0,0 @@ -Host dev-private-git.linaro.org - User git -Host dev-private-review.linaro.org - User git diff --git a/roles/jenkins-slave-deps/files/docker_ssh/buildslave.known_hosts b/roles/jenkins-slave-deps/files/docker_ssh/buildslave.known_hosts index d896d799..bdf13dcf 100644 --- a/roles/jenkins-slave-deps/files/docker_ssh/buildslave.known_hosts +++ b/roles/jenkins-slave-deps/files/docker_ssh/buildslave.known_hosts @@ -10,5 +10,18 @@ github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXY |1|gBlziVA7T5UkU9UMsI6C/Eu2crM=|3xwAQhxBNnCI6Z1p4pRO2Sep7fE= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== |1|QoMH945rHmz0qtsACnj3AGIGrHM=|WdoVaa80MYkiPlfl+/UDCb9LROQ= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== lhg-review.linaro.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN3HxAgbbcvWvCvJ9sTKN1oxDMj4UqkYZ3MvAvRNPM9NoYedEHT/YPSgpIVl280ANsGxtZTKDYp30VH4CN3S1lRogiMKodA0wE5ORnMEXV8QyVHAk9C+sye1EHnx6R8Ma0Y/Jdzf6qwThSd2/hcwXFB07QetQ6HNa0NUkEMSiiml+eW+MRje3iyYCCJhx9PFkh/S4pk6+P5dUVDwo6BKjQ8Zay6b9+ym4rKtOPcv3jg5lBdK8n3CNHAVUFVXRTIS5l5PY3pl0uQsKAyZlkaMNk0zqsBns7SsPRR3eTUQIx/9S1cpLoMlvzpAY/BBgkSG6S27incyG7+afK+xT/WWlZ - - +51.148.40.56 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEQjPJk0fveMb/M7/Lib5e2yeWVya9IjoN8hnl/BRMXxjwM/mJBwHFD4nNTFcc0QekEo/KDrX/nJpk7iJHYchNA= +51.148.40.56 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR4EhTlQPY0Ut0p5N23DEapFe3t6WQgX52ULPXP92QW857CN65DP1E+Tcmwnddx1FNbHXaYt4SU7DfYlxGdPj034W5a3pzkOtjeTNlaqb9XW06SOn/G2UjNRkQ6PCphw8Fp4OzVX0Z7E/7puYVFab2JT6o++APxsivLHLDv8zNRyK7mDibMAUSCGDDoDpSGTtwYzs4qkv2CiiC9vEG95UY12lnr0ZGvFSKeIe+mKQ3Uuk+NHev27OE53NIKtP2Eln5HTzDbAEQVd5lzu2HmDTYBH/aIZ1chnTWzwe5NgdS+zLnd/mNHdcg4L92CfY3g82eZKnVSELc3+BqX+oxNIbR +|1|yUDJcusSu0In2wFRYT9zjRdIUYQ=|JYa1CRNcxQ58WTcrZHjTYN73Ud4= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvq8E5HPzrBlxmckzsE3rz9LAx9c0faEfofALaO+UGC4HAst9fMaZcHaCqu+b8SVY/2VcBvMYMwO1ZPgOn0rXs= +|1|jQM0oE53LjDVckRFoStitNAaPtM=|3lrKTTVy3dbsSf4IzO9it9EwKms= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvq8E5HPzrBlxmckzsE3rz9LAx9c0faEfofALaO+UGC4HAst9fMaZcHaCqu+b8SVY/2VcBvMYMwO1ZPgOn0rXs= +|1|pSE2FFdkPbRa4Z7ztgBd5xzouts=|PlXn4UfOMj1TyXNyC5GMrVjppfA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvq8E5HPzrBlxmckzsE3rz9LAx9c0faEfofALaO+UGC4HAst9fMaZcHaCqu+b8SVY/2VcBvMYMwO1ZPgOn0rXs= +|1|T15+df3X7qfkfCp949JVM1hJ0RY=|d9FMRmHciM9xfpIi/PfDgxmk1PA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvq8E5HPzrBlxmckzsE3rz9LAx9c0faEfofALaO+UGC4HAst9fMaZcHaCqu+b8SVY/2VcBvMYMwO1ZPgOn0rXs= +[android-review.linaro.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF/+slCWCRR5QYFjSCMgrV1nfaoEJ5LyQzPWFYJHK46gmN0arMWuWsaY4tO/t260kyd+ZXyzBUy+rlo5FKiT1f+nSb+VlQPq3mgbFtd6XAT3XlIFtmlfXvxI4mQy2Ibc1vV7WRSpXKbcTf1HnQWA5ipoLGLjIFFtG2jQVOYFVJoi3wlBHkFtisxJU8uFeAR4zXsLBd+oBnOOEc0gjoxImcutynMUpz0CpOrUfFXECeTs1C31cGi6QWY2MVkAYBVfoHiFp6NCCaVTNpNcWBM7WrzQlJPEEj5scOl1Cgb+Z+UK4+bpiaPZzvWwcH2mjHP9Zmnjb+8iaIvPTggQxBKOY1 +[android-review.linaro.org]:29418 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF7TALshEtz8pLmmqrK6/yi6ft2OJsYFimQUba+12SbDpMH5Z9O8M4yg5d8j8Bq6aqX2E7A9MPlyFQsAcYrFX+g= +[android-review.linaro.org]:29418 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESyOih+8OBkWqjbfMpYuSOn9lowAyHzN533q0hvd7s0 +[review.linaro.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfTLkTmsbtahAiVJTKXRFbR9MQ/vDH/JPj4QN3XPHJuubxLhUf8WObEBtML7J11uvVM1oDTwM5YG5yjyBnc+85OaQaB9tMPDheGhfMG40F4vxdSnQL29ihyrls0hrFTY9UZ4Y2FmJwYL0rOnGU7iPyNuExQwfg2bkdw67aH9nEGjSd2eXYl2bI4DHujy5GJiV3dR9TlUF0iaSeHVSIX5t9I/BXK+AiSqHTrvwdGGi9XvL6xEWYMOZOpJnCH8Q4OSibsFfQXnCMgIFeO7J/ZMGXqltXOtztgQMr8VvRRD3S+Lcp8yKb5aUjWwoCxb4YzEUbQE04SRVeAGjsfNJcXgT +[review.linaro.org]:29418 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPzkmW4axU/BXRtRkR42I8FVvWjGhB4CUtTC3cSkhu6L0Oo9i+ija/hahkPT0DC+S0k/vEL7s4mC5SrdNCeJO/0= +[review.linaro.org]:29418 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFc6ZLtKFrdDI1dYcnYnfrZ9aZDSEVuYvjrsuGDXE0hj +[dev-private-review.linaro.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCofUDWYYwzE4YWotCffwCxLoRuVCMb6DP+eObwbTPHMe5asK94Y1jPNeK1yUVJIuIAUO8aA6pIq3uLKlusyGLZe1YBpM+7YX3HMOBfCOeOemHFxETlj/HC7islYLYT7Sm/DweiN1kxgP8Q/PhPIA5czCZGHS/+T/VLbMApyyzdTmswaqfgJejyK9juHAcmxT3Tupj2SGOuOamyKfhfsPxGwIchivy/mt7xBTk5cNiSDeLAfMn2rHsilfLjb+IoeE6EvtqG3+rTh+ttulHp2vSeZkK79tuyVWt+XOZjD4RDfk1taW9JjaafkyOW0VCF4gqOMfJU24u88xTCgqkgT1bN +[dev-private-review.linaro.org]:29418 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDZ6AQ2WyZSO43657/fFpxGgVY73kUwh1R1eXpZp27T6lAI5XFQ7YS8HjQ2O7e4edGSpJHHrqVuZphKpqu11Lz8= +[dev-private-review.linaro.org]:29418 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqjPck6EM0H0tlZSKAnleuvhvhhB+jrcGPCt/DD8PB2 diff --git a/roles/jenkins-slave-deps/files/jenkins_sudoers b/roles/jenkins-slave-deps/files/jenkins_sudoers index 80259bcf..0d1eb35e 100644 --- a/roles/jenkins-slave-deps/files/jenkins_sudoers +++ b/roles/jenkins-slave-deps/files/jenkins_sudoers @@ -7,4 +7,6 @@ buildslave ALL = NOPASSWD: /bin/umount buildslave ALL = NOPASSWD: /usr/sbin/chroot buildslave ALL = NOPASSWD: /usr/bin/apt-get buildslave ALL = NOPASSWD: /bin/tar -buildslave ALL = NOPASSWD: /home/buildslave/workspace/lt-qcom-cros-*/cros_builds/chromiumos/chromite/bin/cros_sdk +buildslave ALL = NOPASSWD: /home/buildslave/workspace/lt-qcom-cros-*/MACHINE/mistral/label/qcomlt/cros_builds/chromiumos/chromite/bin/cros_sdk +buildslave ALL = NOPASSWD: /home/buildslave/workspace/lt-qcom-cros-*/MACHINE/qcs404-evb-1000/label/qcomlt/cros_builds/chromiumos/chromite/bin/cros_sdk +buildslave ALL = NOPASSWD: /home/buildslave/workspace/lt-qcom-cros-*/MACHINE/qcs404-evb-4000/label/qcomlt/cros_builds/chromiumos/chromite/bin/cros_sdk diff --git a/roles/jenkins-slave-deps/tasks/main.yml b/roles/jenkins-slave-deps/tasks/main.yml index 29042571..678d4afa 100644 --- a/roles/jenkins-slave-deps/tasks/main.yml +++ b/roles/jenkins-slave-deps/tasks/main.yml @@ -13,7 +13,8 @@ port: "{{item.port}}" src: "{{item.src}}" with_items: - - {port: 2375, src: '88.99.136.175'} #ci.linaro.org + - {port: 2375, src: '{{ jenkins_ip }}' } # Jenkins master + - {port: 2375, src: '{{ jenkins_ip_staging }}' } # Jenkins master - {port: 16509, src: '172.17.0.0/24'} - name: Open firewall port for Nexus @@ -29,15 +30,6 @@ - name: flush handlers so UFW is restarted before docker is installed meta: flush_handlers -- name: Install sudo rule for QCOM builds - copy: - src: jenkins_sudoers - dest: /etc/sudoers.d/jenkins - owner: root - group: root - mode: 0400 - when: ansible_hostname == 'oe-x86_64-02' - - name: Create directory for docker service supplementary config file: path: /etc/systemd/system/docker.service.d @@ -63,6 +55,7 @@ - "{{inventory_hostname}}-key.pem" - "{{inventory_hostname}}-cert.pem" notify: + - reload-systemd - restart-docker ignore_errors: '{{ ansible_check_mode }}' @@ -77,32 +70,58 @@ - reload-systemd - restart-docker -# https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/ppa -- name: Add repos (ubuntu) - apt_repository: repo=ppa:canonical-kernel-team/ppa - when: ansible_distribution == 'Ubuntu' and ansible_machine == 'x86_64' - -- name: Upgrade to kernel with overlayfs fixes - apt: pkg=linux-image-4.15.0-42-generic update_cache=yes - when: ansible_distribution == 'Ubuntu' and ansible_machine == 'x86_64' - - name: Install openjdk for Jenkins slave apt: name: "{{packages}}" update_cache: yes vars: packages: - - openjdk-8-jdk-headless - - openjdk-8-jre-headless + - openjdk-11-jdk-headless + - openjdk-11-jre-headless + +- name: Set system to use openjdk by default + alternatives: + name: java + path: /usr/lib/jvm/java-11-openjdk-amd64/bin/java + +- name: Install extra deps + apt: pkg={{item}} state=present + with_items: + - smartmontools + - unzip - name: Append Systems team to docker group user: name={{item}} groups=docker append=yes with_items: "{{docker_group_user}}" -- name: Copy docker ssh config +- name: Copy ssh files for docker copy: src: files/docker_ssh/ dest: /srv/docker/ssh + owner: "1000" + group: "1000" + mode: 0600 + +- name: Create .ssh directory + file: + path: /home/buildslave/.ssh/ + state: directory + owner: buildslave + group: primary + mode: 0700 + +- name: Copy ssh host key for system + copy: + src: files/docker_ssh/buildslave.known_hosts + dest: /etc/ssh/ssh_known_hosts + owner: root + group: root + mode: 0444 + +- name: Set up docker ssh config + template: + src: buildslave.config + dest: /srv/docker/ssh/buildslave.config owner: 1000 group: 1000 mode: 0600 @@ -118,3 +137,39 @@ owner: 1000 group: 1000 state: directory + +- name: Ensure ECR update directory exists + file: + path: /root/aws + owner: root + group: root + mode: 0700 + state: directory + when: ansible_hostname == 'x86-TF-03' or ansible_hostname == 'x86-TF-04' + +- name: Install FVP sync cron job + template: + src: update_ecr_images.sh + dest: /root/aws/update_ecr_images.sh + owner: root + group: root + mode: 0700 + when: ansible_hostname == 'x86-TF-03' or ansible_hostname == 'x86-TF-04' + +- name: Install AWS credentials for ECR + template: + src: credentials.sh + dest: /root/aws/credentials.sh + owner: root + group: root + mode: 0600 + when: ansible_hostname == 'x86-TF-03' or ansible_hostname == 'x86-TF-04' + +- name: Install AWS credentials for ECR + template: + src: ecr-sync.crontab + dest: /etc/cron.d/ecr-sync + owner: root + group: root + mode: 0755 + when: ansible_hostname == 'x86-TF-03' or ansible_hostname == 'x86-TF-04' diff --git a/roles/jenkins-slave-deps/templates/buildslave.config b/roles/jenkins-slave-deps/templates/buildslave.config new file mode 100644 index 00000000..ad62a755 --- /dev/null +++ b/roles/jenkins-slave-deps/templates/buildslave.config @@ -0,0 +1,19 @@ +Host dev-private-git.linaro.org + User git +Host dev-private-review.linaro.org + User git +{% if inventory_hostname == "aosp-x86-13" %} +Host nexus-machine + ForwardAgent yes + Hostname 51.148.40.56 + User vishal.bhoj + ServerAliveInterval 60 + Port 7676 +{% elif inventory_hostname == "aosp-x86-10" %} +Host nexus-machine + ForwardAgent yes + Hostname 51.148.40.56 + User vishal.bhoj + ServerAliveInterval 60 + Port 7878 +{%endif%} diff --git a/roles/jenkins-slave-deps/templates/credentials.sh b/roles/jenkins-slave-deps/templates/credentials.sh new file mode 100644 index 00000000..f8e1729d --- /dev/null +++ b/roles/jenkins-slave-deps/templates/credentials.sh @@ -0,0 +1,3 @@ +export AWS_ACCESS_KEY_ID={{ aws_access_key_id }} +export AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }} +export AWS_REGION=us-east-1 diff --git a/roles/jenkins-slave-deps/templates/ecr-sync.crontab b/roles/jenkins-slave-deps/templates/ecr-sync.crontab new file mode 100644 index 00000000..a877b099 --- /dev/null +++ b/roles/jenkins-slave-deps/templates/ecr-sync.crontab @@ -0,0 +1,4 @@ +# Update the FVP images from the ECR every 30 minutes by doing +# a docker pull. + +*/30 * * * * root /root/aws/update_ecr_images.sh fvp >> /var/log/ecr-sync.log diff --git a/roles/jenkins-slave-deps/templates/update_ecr_images.sh b/roles/jenkins-slave-deps/templates/update_ecr_images.sh new file mode 100755 index 00000000..4ce15f0e --- /dev/null +++ b/roles/jenkins-slave-deps/templates/update_ecr_images.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +. /root/aws/credentials.sh + +ECR=987685672616.dkr.ecr.us-east-1.amazonaws.com +REPO=${1:-fvp} + +aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $ECR + + +for i in $(aws ecr list-images --repository-name $REPO --filter tagStatus=TAGGED --query 'imageIds[*].imageTag' --output text);do docker pull $ECR/$REPO:$i; done |