diff options
author | Kelley Spoon <kelley.spoon@linaro.org> | 2023-03-27 09:30:06 -0500 |
---|---|---|
committer | Kelley Spoon <kelley.spoon@linaro.org> | 2023-08-11 22:54:06 +0000 |
commit | 0b4c5b4fdba21c8820fe8a8d44e68acf04141e2d (patch) | |
tree | 918e2e1cef7a98a1cd7c25e63d15f9d5bc54704f | |
parent | 427a1175e684f7929a869080a0d8451bb1906c0f (diff) |
x86-TF-03 and 04: add fvp ECR sync script to cron
Previously the fvp images for LAVA were synced to
the jenkins main node to run FVP jobs, and this was
handled by a cron job on the server.
Since we moved the workers to x86-TF-03 and 04, we
need to implement the sync script to login into the
private ECR and 'docker pull' the latest images.
Change-Id: I0fe5304e62608188223eb966f5272e7f67fe78a9
Signed-off-by: Kelley Spoon <kelley.spoon@linaro.org>
Reviewed-on: https://review.linaro.org/c/infrastructure/ansible-playbooks/+/43571
-rw-r--r-- | jenkins.yml | 1 | ||||
-rw-r--r-- | roles/jenkins-slave-deps/tasks/main.yml | 36 | ||||
-rw-r--r-- | roles/jenkins-slave-deps/templates/credentials.sh | 3 | ||||
-rw-r--r-- | roles/jenkins-slave-deps/templates/ecr-sync.crontab | 4 | ||||
-rwxr-xr-x | roles/jenkins-slave-deps/templates/update_ecr_images.sh | 11 |
5 files changed, 55 insertions, 0 deletions
diff --git a/jenkins.yml b/jenkins.yml index 2d9a8fdf..c766a032 100644 --- a/jenkins.yml +++ b/jenkins.yml @@ -79,6 +79,7 @@ become: yes vars_files: - ["{{secrets_dir}}/group_vars/all", "vars/empty.yml" ] + - ["{{secrets_dir}}/host_vars/{{inventory_hostname}}", "vars/empty.yml"] roles: - {role: jenkins-slave-deps, tags: [jenkins]} - {role: nfs-client, tags: [nfs], diff --git a/roles/jenkins-slave-deps/tasks/main.yml b/roles/jenkins-slave-deps/tasks/main.yml index 33b4d70f..678d4afa 100644 --- a/roles/jenkins-slave-deps/tasks/main.yml +++ b/roles/jenkins-slave-deps/tasks/main.yml @@ -137,3 +137,39 @@ owner: 1000 group: 1000 state: directory + +- name: Ensure ECR update directory exists + file: + path: /root/aws + owner: root + group: root + mode: 0700 + state: directory + when: ansible_hostname == 'x86-TF-03' or ansible_hostname == 'x86-TF-04' + +- name: Install FVP sync cron job + template: + src: update_ecr_images.sh + dest: /root/aws/update_ecr_images.sh + owner: root + group: root + mode: 0700 + when: ansible_hostname == 'x86-TF-03' or ansible_hostname == 'x86-TF-04' + +- name: Install AWS credentials for ECR + template: + src: credentials.sh + dest: /root/aws/credentials.sh + owner: root + group: root + mode: 0600 + when: ansible_hostname == 'x86-TF-03' or ansible_hostname == 'x86-TF-04' + +- name: Install AWS credentials for ECR + template: + src: ecr-sync.crontab + dest: /etc/cron.d/ecr-sync + owner: root + group: root + mode: 0755 + when: ansible_hostname == 'x86-TF-03' or ansible_hostname == 'x86-TF-04' diff --git a/roles/jenkins-slave-deps/templates/credentials.sh b/roles/jenkins-slave-deps/templates/credentials.sh new file mode 100644 index 00000000..f8e1729d --- /dev/null +++ b/roles/jenkins-slave-deps/templates/credentials.sh @@ -0,0 +1,3 @@ +export AWS_ACCESS_KEY_ID={{ aws_access_key_id }} +export AWS_SECRET_ACCESS_KEY={{ aws_secret_access_key }} +export AWS_REGION=us-east-1 diff --git a/roles/jenkins-slave-deps/templates/ecr-sync.crontab b/roles/jenkins-slave-deps/templates/ecr-sync.crontab new file mode 100644 index 00000000..a877b099 --- /dev/null +++ b/roles/jenkins-slave-deps/templates/ecr-sync.crontab @@ -0,0 +1,4 @@ +# Update the FVP images from the ECR every 30 minutes by doing +# a docker pull. + +*/30 * * * * root /root/aws/update_ecr_images.sh fvp >> /var/log/ecr-sync.log diff --git a/roles/jenkins-slave-deps/templates/update_ecr_images.sh b/roles/jenkins-slave-deps/templates/update_ecr_images.sh new file mode 100755 index 00000000..4ce15f0e --- /dev/null +++ b/roles/jenkins-slave-deps/templates/update_ecr_images.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +. /root/aws/credentials.sh + +ECR=987685672616.dkr.ecr.us-east-1.amazonaws.com +REPO=${1:-fvp} + +aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $ECR + + +for i in $(aws ecr list-images --repository-name $REPO --filter tagStatus=TAGGED --query 'imageIds[*].imageTag' --output text);do docker pull $ECR/$REPO:$i; done |