8 files changed, 132 insertions, 29 deletions
diff --git a/roles/jenkins-slave-deps/files/docker_ssh/buildslave.config b/roles/jenkins-slave-deps/files/docker_ssh/buildslave.config
deleted file mode 100644
index bc51a135..00000000
--- a/roles/jenkins-slave-deps/files/docker_ssh/buildslave.config
+++ /dev/null
@@ -1,4 +0,0 @@
-Host dev-private-git.linaro.org
-    User git
-Host dev-private-review.linaro.org
-    User git
diff --git a/roles/jenkins-slave-deps/files/docker_ssh/buildslave.known_hosts b/roles/jenkins-slave-deps/files/docker_ssh/buildslave.known_hosts
index d896d799..bdf13dcf 100644
--- a/roles/jenkins-slave-deps/files/docker_ssh/buildslave.known_hosts
+++ b/roles/jenkins-slave-deps/files/docker_ssh/buildslave.known_hosts
@@ -10,5 +10,18 @@ github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXY
 |1|gBlziVA7T5UkU9UMsI6C/Eu2crM=|3xwAQhxBNnCI6Z1p4pRO2Sep7fE= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
 |1|QoMH945rHmz0qtsACnj3AGIGrHM=|WdoVaa80MYkiPlfl+/UDCb9LROQ= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
 lhg-review.linaro.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN3HxAgbbcvWvCvJ9sTKN1oxDMj4UqkYZ3MvAvRNPM9NoYedEHT/YPSgpIVl280ANsGxtZTKDYp30VH4CN3S1lRogiMKodA0wE5ORnMEXV8QyVHAk9C+sye1EHnx6R8Ma0Y/Jdzf6qwThSd2/hcwXFB07QetQ6HNa0NUkEMSiiml+eW+MRje3iyYCCJhx9PFkh/S4pk6+P5dUVDwo6BKjQ8Zay6b9+ym4rKtOPcv3jg5lBdK8n3CNHAVUFVXRTIS5l5PY3pl0uQsKAyZlkaMNk0zqsBns7SsPRR3eTUQIx/9S1cpLoMlvzpAY/BBgkSG6S27incyG7+afK+xT/WWlZ
-
-
+51.148.40.56 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEQjPJk0fveMb/M7/Lib5e2yeWVya9IjoN8hnl/BRMXxjwM/mJBwHFD4nNTFcc0QekEo/KDrX/nJpk7iJHYchNA=
+51.148.40.56 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR4EhTlQPY0Ut0p5N23DEapFe3t6WQgX52ULPXP92QW857CN65DP1E+Tcmwnddx1FNbHXaYt4SU7DfYlxGdPj034W5a3pzkOtjeTNlaqb9XW06SOn/G2UjNRkQ6PCphw8Fp4OzVX0Z7E/7puYVFab2JT6o++APxsivLHLDv8zNRyK7mDibMAUSCGDDoDpSGTtwYzs4qkv2CiiC9vEG95UY12lnr0ZGvFSKeIe+mKQ3Uuk+NHev27OE53NIKtP2Eln5HTzDbAEQVd5lzu2HmDTYBH/aIZ1chnTWzwe5NgdS+zLnd/mNHdcg4L92CfY3g82eZKnVSELc3+BqX+oxNIbR
+|1|yUDJcusSu0In2wFRYT9zjRdIUYQ=|JYa1CRNcxQ58WTcrZHjTYN73Ud4= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvq8E5HPzrBlxmckzsE3rz9LAx9c0faEfofALaO+UGC4HAst9fMaZcHaCqu+b8SVY/2VcBvMYMwO1ZPgOn0rXs=
+|1|jQM0oE53LjDVckRFoStitNAaPtM=|3lrKTTVy3dbsSf4IzO9it9EwKms= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvq8E5HPzrBlxmckzsE3rz9LAx9c0faEfofALaO+UGC4HAst9fMaZcHaCqu+b8SVY/2VcBvMYMwO1ZPgOn0rXs=
+|1|pSE2FFdkPbRa4Z7ztgBd5xzouts=|PlXn4UfOMj1TyXNyC5GMrVjppfA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvq8E5HPzrBlxmckzsE3rz9LAx9c0faEfofALaO+UGC4HAst9fMaZcHaCqu+b8SVY/2VcBvMYMwO1ZPgOn0rXs=
+|1|T15+df3X7qfkfCp949JVM1hJ0RY=|d9FMRmHciM9xfpIi/PfDgxmk1PA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvq8E5HPzrBlxmckzsE3rz9LAx9c0faEfofALaO+UGC4HAst9fMaZcHaCqu+b8SVY/2VcBvMYMwO1ZPgOn0rXs=
+[android-review.linaro.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF/+slCWCRR5QYFjSCMgrV1nfaoEJ5LyQzPWFYJHK46gmN0arMWuWsaY4tO/t260kyd+ZXyzBUy+rlo5FKiT1f+nSb+VlQPq3mgbFtd6XAT3XlIFtmlfXvxI4mQy2Ibc1vV7WRSpXKbcTf1HnQWA5ipoLGLjIFFtG2jQVOYFVJoi3wlBHkFtisxJU8uFeAR4zXsLBd+oBnOOEc0gjoxImcutynMUpz0CpOrUfFXECeTs1C31cGi6QWY2MVkAYBVfoHiFp6NCCaVTNpNcWBM7WrzQlJPEEj5scOl1Cgb+Z+UK4+bpiaPZzvWwcH2mjHP9Zmnjb+8iaIvPTggQxBKOY1
+[android-review.linaro.org]:29418 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF7TALshEtz8pLmmqrK6/yi6ft2OJsYFimQUba+12SbDpMH5Z9O8M4yg5d8j8Bq6aqX2E7A9MPlyFQsAcYrFX+g=
+[android-review.linaro.org]:29418 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESyOih+8OBkWqjbfMpYuSOn9lowAyHzN533q0hvd7s0
+[review.linaro.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfTLkTmsbtahAiVJTKXRFbR9MQ/vDH/JPj4QN3XPHJuubxLhUf8WObEBtML7J11uvVM1oDTwM5YG5yjyBnc+85OaQaB9tMPDheGhfMG40F4vxdSnQL29ihyrls0hrFTY9UZ4Y2FmJwYL0rOnGU7iPyNuExQwfg2bkdw67aH9nEGjSd2eXYl2bI4DHujy5GJiV3dR9TlUF0iaSeHVSIX5t9I/BXK+AiSqHTrvwdGGi9XvL6xEWYMOZOpJnCH8Q4OSibsFfQXnCMgIFeO7J/ZMGXqltXOtztgQMr8VvRRD3S+Lcp8yKb5aUjWwoCxb4YzEUbQE04SRVeAGjsfNJcXgT
+[review.linaro.org]:29418 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPzkmW4axU/BXRtRkR42I8FVvWjGhB4CUtTC3cSkhu6L0Oo9i+ija/hahkPT0DC+S0k/vEL7s4mC5SrdNCeJO/0=
+[review.linaro.org]:29418 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFc6ZLtKFrdDI1dYcnYnfrZ9aZDSEVuYvjrsuGDXE0hj
+[dev-private-review.linaro.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCofUDWYYwzE4YWotCffwCxLoRuVCMb6DP+eObwbTPHMe5asK94Y1jPNeK1yUVJIuIAUO8aA6pIq3uLKlusyGLZe1YBpM+7YX3HMOBfCOeOemHFxETlj/HC7islYLYT7Sm/DweiN1kxgP8Q/PhPIA5czCZGHS/+T/VLbMApyyzdTmswaqfgJejyK9juHAcmxT3Tupj2SGOuOamyKfhfsPxGwIchivy/mt7xBTk5cNiSDeLAfMn2rHsilfLjb+IoeE6EvtqG3+rTh+ttulHp2vSeZkK79tuyVWt+XOZjD4RDfk1taW9JjaafkyOW0VCF4gqOMfJU24u88xTCgqkgT1bN
+[dev-private-review.linaro.org]:29418 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDZ6AQ2WyZSO43657/fFpxGgVY73kUwh1R1eXpZp27T6lAI5XFQ7YS8HjQ2O7e4edGSpJHHrqVuZphKpqu11Lz8=
+[dev-private-review.linaro.org]:29418 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqjPck6EM0H0tlZSKAnleuvhvhhB+jrcGPCt/DD8PB2
diff --git a/roles/jenkins-slave-deps/files/jenkins_sudoers b/roles/jenkins-slave-deps/files/jenkins_sudoers
index 80259bcf..0d1eb35e 100644
--- a/roles/jenkins-slave-deps/files/jenkins_sudoers
+++ b/roles/jenkins-slave-deps/files/jenkins_sudoers
@@ -7,4 +7,6 @@ buildslave ALL = NOPASSWD: /bin/umount
 buildslave ALL = NOPASSWD: /usr/sbin/chroot
 buildslave ALL = NOPASSWD: /usr/bin/apt-get
 buildslave ALL = NOPASSWD: /bin/tar
-buildslave ALL = NOPASSWD: /home/buildslave/workspace/lt-qcom-cros-*/cros_builds/chromiumos/chromite/bin/cros_sdk
+buildslave ALL = NOPASSWD: /home/buildslave/workspace/lt-qcom-cros-*/MACHINE/mistral/label/qcomlt/cros_builds/chromiumos/chromite/bin/cros_sdk
+buildslave ALL = NOPASSWD: /home/buildslave/workspace/lt-qcom-cros-*/MACHINE/qcs404-evb-1000/label/qcomlt/cros_builds/chromiumos/chromite/bin/cros_sdk
+buildslave ALL = NOPASSWD: /home/buildslave/workspace/lt-qcom-cros-*/MACHINE/qcs404-evb-4000/label/qcomlt/cros_builds/chromiumos/chromite/bin/cros_sdk
diff --git a/roles/jenkins-slave-deps/tasks/main.yml b/roles/jenkins-slave-deps/tasks/main.yml
index 29042571..678d4afa 100644
--- a/roles/jenkins-slave-deps/tasks/main.yml
+++ b/roles/jenkins-slave-deps/tasks/main.yml
@@ -13,7 +13,8 @@
     port: "{{item.port}}"
     src: "{{item.src}}"
   with_items:
-    - {port: 2375, src: '88.99.136.175'} #ci.linaro.org
+    - {port: 2375, src: '{{ jenkins_ip }}' } # Jenkins master
+    - {port: 2375, src: '{{ jenkins_ip_staging }}' } # Jenkins master
     - {port: 16509, src: '172.17.0.0/24'}
 
 - name: Open firewall port for Nexus
@@ -29,15 +30,6 @@
 - name: flush handlers so UFW is restarted before docker is installed
   meta: flush_handlers
 
-- name: Install sudo rule for QCOM builds
-  copy:
-    src: jenkins_sudoers
-    dest:  /etc/sudoers.d/jenkins
-    owner: root
-    group: root
-    mode:  0400
-  when: ansible_hostname == 'oe-x86_64-02'
-
 - name: Create directory for docker service supplementary config
   file:
     path:  /etc/systemd/system/docker.service.d
@@ -63,6 +55,7 @@
    - "{{inventory_hostname}}-key.pem"
    - "{{inventory_hostname}}-cert.pem"
   notify:
+    - reload-systemd
     - restart-docker
   ignore_errors: '{{ ansible_check_mode }}'
 
@@ -77,32 +70,58 @@
     - reload-systemd
     - restart-docker
 
-# https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/ppa
-- name: Add repos (ubuntu)
-  apt_repository: repo=ppa:canonical-kernel-team/ppa
-  when: ansible_distribution == 'Ubuntu' and ansible_machine == 'x86_64'
-
-- name: Upgrade to kernel with overlayfs fixes
-  apt: pkg=linux-image-4.15.0-42-generic update_cache=yes
-  when: ansible_distribution == 'Ubuntu' and ansible_machine == 'x86_64'
-
 - name: Install openjdk for Jenkins slave
   apt:
     name: "{{packages}}"
     update_cache: yes
   vars:
     packages:
-    - openjdk-8-jdk-headless
-    - openjdk-8-jre-headless
+    - openjdk-11-jdk-headless
+    - openjdk-11-jre-headless
+
+- name: Set system to use openjdk by default
+  alternatives:
+    name: java
+    path: /usr/lib/jvm/java-11-openjdk-amd64/bin/java
+
+- name: Install extra deps
+  apt: pkg={{item}} state=present
+  with_items:
+    - smartmontools
+    - unzip
 
 - name: Append Systems team to docker group
   user: name={{item}} groups=docker append=yes
   with_items: "{{docker_group_user}}"
 
-- name: Copy docker ssh config
+- name: Copy ssh files for docker
   copy:
     src: files/docker_ssh/
     dest: /srv/docker/ssh
+    owner: "1000"
+    group: "1000"
+    mode: 0600
+
+- name: Create .ssh directory
+  file:
+    path: /home/buildslave/.ssh/
+    state: directory
+    owner: buildslave
+    group: primary
+    mode: 0700
+
+- name: Copy ssh host key for system
+  copy:
+    src: files/docker_ssh/buildslave.known_hosts
+    dest: /etc/ssh/ssh_known_hosts
+    owner: root
+    group: root
+    mode: 0444
+
+- name: Set up docker ssh config
+  template:
+    src: buildslave.config
+    dest: /srv/docker/ssh/buildslave.config
     owner: 1000
     group: 1000
     mode: 0600
@@ -118,3 +137,39 @@
     owner: 1000
     group: 1000
     state: directory
+
+- name: Ensure ECR update directory exists
+  file:
+    path: /root/aws
+    owner: root
+    group: root
+    mode: 0700
+    state: directory
+  when: ansible_hostname == 'x86-TF-03' or ansible_hostname == 'x86-TF-04'
+
+- name: Install FVP sync cron job
+  template:
+    src: update_ecr_images.sh
+    dest: /root/aws/update_ecr_images.sh
+    owner: root
+    group: root
+    mode: 0700
+  when: ansible_hostname == 'x86-TF-03' or ansible_hostname == 'x86-TF-04'
+
+- name: Install AWS credentials for ECR
+  template:
+    src: credentials.sh
+    dest: /root/aws/credentials.sh
+    owner: root
+    group: root
+    mode: 0600
+  when: ansible_hostname == 'x86-TF-03' or ansible_hostname == 'x86-TF-04'
+
+- name: Install AWS credentials for ECR
+  template:
+    src: ecr-sync.crontab
+    dest: /etc/cron.d/ecr-sync
+    owner: root
+    group: root
+    mode: 0755
+  when: ansible_hostname == 'x86-TF-03' or ansible_hostname == 'x86-TF-04'
diff --git a/roles/jenkins-slave-deps/templates/buildslave.config b/roles/jenkins-slave-deps/templates/buildslave.config
new file mode 100644
index 00000000..ad62a755
--- /dev/null
+++ b/roles/jenkins-slave-deps/templates/buildslave.config
@@ -0,0 +1,19 @@
+Host dev-private-git.linaro.org
+    User git
+Host dev-private-review.linaro.org
+    User git
+{% if inventory_hostname == "aosp-x86-13" %}
+Host nexus-machine
+    ForwardAgent yes
+    Hostname 51.148.40.56
+    User vishal.bhoj
+    ServerAliveInterval 60
+    Port 7676
+{% elif inventory_hostname == "aosp-x86-10" %}
+Host nexus-machine
+    ForwardAgent yes
+    Hostname 51.148.40.56
+    User vishal.bhoj
+    ServerAliveInterval 60
+    Port 7878
+{%endif%}
diff --git a/roles/jenkins-slave-deps/templates/credentials.sh b/roles/jenkins-slave-deps/templates/credentials.sh
new file mode 100644
index 00000000..f8e1729d
--- /dev/null
+++ b/roles/jenkins-slave-deps/templates/credentials.sh
@@ -0,0 +1,3 @@
+export AWS_ACCESS_KEY_ID={{ aws_access_key_id }}
+export AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }}
+export AWS_REGION=us-east-1
diff --git a/roles/jenkins-slave-deps/templates/ecr-sync.crontab b/roles/jenkins-slave-deps/templates/ecr-sync.crontab
new file mode 100644
index 00000000..a877b099
--- /dev/null
+++ b/roles/jenkins-slave-deps/templates/ecr-sync.crontab
@@ -0,0 +1,4 @@
+# Update the FVP images from the ECR every 30 minutes by doing
+# a docker pull.
+
+*/30 * * * * root /root/aws/update_ecr_images.sh fvp >> /var/log/ecr-sync.log
diff --git a/roles/jenkins-slave-deps/templates/update_ecr_images.sh b/roles/jenkins-slave-deps/templates/update_ecr_images.sh
new file mode 100755
index 00000000..4ce15f0e
--- /dev/null
+++ b/roles/jenkins-slave-deps/templates/update_ecr_images.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+. /root/aws/credentials.sh
+
+ECR=987685672616.dkr.ecr.us-east-1.amazonaws.com
+REPO=${1:-fvp}
+
+aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $ECR
+
+
+for i in $(aws ecr list-images --repository-name $REPO --filter tagStatus=TAGGED --query 'imageIds[*].imageTag' --output text);do docker pull $ECR/$REPO:$i; done