From 50bfa394bc84836d2c966efe1cea3ffc77de74a9 Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Thu, 28 Nov 2019 12:25:26 +1100 Subject: [PATCH 1/7] TMP FIXME --- ansible/roles/baselayout/vars/main.yml | 2 +- ansible/roles/docker/vars/main.yml | 2 +- ansible/roles/jenkins-worker/vars/main.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/roles/baselayout/vars/main.yml b/ansible/roles/baselayout/vars/main.yml index bf1f85564..b6d86c6e1 100644 --- a/ansible/roles/baselayout/vars/main.yml +++ b/ansible/roles/baselayout/vars/main.yml @@ -23,7 +23,7 @@ sshd_service_map: { sshd_service_name: "{{ sshd_service_map[os]|default(sshd_service_map[os|stripversion])|default('sshd') }}" ntp_service: { - systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804'], + systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804', 'ubuntu1904'], ntp_package: ['ubuntu1404'] } diff --git a/ansible/roles/docker/vars/main.yml b/ansible/roles/docker/vars/main.yml index 3ad6f777f..0b30bfcf6 100644 --- a/ansible/roles/docker/vars/main.yml +++ b/ansible/roles/docker/vars/main.yml @@ -13,7 +13,7 @@ sshd_service_map: { sshd_service_name: "{{ sshd_service_map[os]|default(sshd_service_map[os|stripversion])|default('sshd') }}" ntp_service: { - systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804'], + systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804', 'ubuntu1904'], ntp_package: ['ubuntu1404'] } diff --git a/ansible/roles/jenkins-worker/vars/main.yml b/ansible/roles/jenkins-worker/vars/main.yml index 1b75e6995..8d8dc834c 100644 --- a/ansible/roles/jenkins-worker/vars/main.yml +++ b/ansible/roles/jenkins-worker/vars/main.yml @@ -12,7 +12,7 @@ init: { ibmi: 'ibmi72', macos: 'macos', rhel7: 'rhel7', - systemd: ['centos7', 'debian8', 'debian9', 'debian10', 'fedora', 'ubuntu1604', 'ubuntu1804'], + systemd: ['centos7', 'debian8', 'debian9', 'debian10', 'fedora', 'ubuntu1604', 'ubuntu1804', 'ubuntu1910'], svc: 'smartos', upstart: ['ubuntu12', 'ubuntu1404'], zos_start: 'zos' From 8a76e6051af856244643742d0909cbcd4f9bb10a Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Tue, 22 Oct 2019 19:35:10 +1100 Subject: [PATCH 2/7] ansible: docker-host-x64 setup --- .../jenkins-worker/files/docker-node-exec.sh | 56 +++++++++++++++++++ ansible/roles/jenkins-worker/tasks/main.yml | 4 ++ .../tasks/partials/docker-host-x64.yml | 30 ++++++++++ 3 files changed, 90 insertions(+) create mode 100644 ansible/roles/jenkins-worker/files/docker-node-exec.sh create mode 100644 ansible/roles/jenkins-worker/tasks/partials/docker-host-x64.yml diff --git a/ansible/roles/jenkins-worker/files/docker-node-exec.sh b/ansible/roles/jenkins-worker/files/docker-node-exec.sh new file mode 100644 index 000000000..e997a5a5b --- /dev/null +++ b/ansible/roles/jenkins-worker/files/docker-node-exec.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +## This script is designed to be enabled in /etc/sudoers for the `iojs` user, +## the only privileged access that user has to Docker. +## Since there is considerable access given by selecting arbitrary images and +## execution commands, there are still security concerns and additions of new +## images and changes to existing ones as well as the Bash that's executed +## inside them should be monitored for malicious activity. + +set -e + +OPTIND=1 +image_base="rvagg/node-ci-containers" +image_tag= +exec_script="node-ci-exec.sh" + +while getopts "i:" opt; do + case "$opt" in + i) + if [[ "$OPTARG" =~ ^[a-zA-Z0-9_-]+$ ]]; then + image_tag=$OPTARG + else + echo "Bad -i value" + exit 1 + fi + ;; + *) + echo "Wut?" + exit 1 + esac +done + +if test "$image_tag" = ""; then + echo "Did not provide the docker image [-i]" + exit 1 +fi + +if [ ! -f "$(pwd)/$exec_script" ]; then + echo "Did not provide a node-ci-exec.sh script" + exit 1 +fi + +set -x + +image="${image_base}:${image_tag}" +# failure to pull is acceptable if Docker Hub is offline or erroring and we have the image +docker pull "${image}" || true +docker run \ + --init \ + --rm \ + -v $(pwd):/home/iojs/workspace \ + -v /home/iojs/.ccache/${image_tag}:/home/iojs/.ccache \ + -u iojs \ + "${image}" \ + /bin/bash -xec "cd /home/iojs/workspace && . ./$exec_script" + diff --git a/ansible/roles/jenkins-worker/tasks/main.yml b/ansible/roles/jenkins-worker/tasks/main.yml index 1a4b16a23..f6047d575 100644 --- a/ansible/roles/jenkins-worker/tasks/main.yml +++ b/ansible/roles/jenkins-worker/tasks/main.yml @@ -104,6 +104,10 @@ cmd: "./bootstrap --verbose && make -j6 VERBOSE=1 && make install" creates: "/usr/local/bin/cmake" +- name: run docker-host-x64 jenkins-worker setup + when: "'ubuntu1804_docker-x64' in inventory_hostname" + include: "{{ role_path }}/tasks/partials/docker-host-x64.yml" + # @TODO(mhdawson): get tap2junit working on zOS - name: prepare installing tap2junit when: type != "release" and not os|startswith("zos") diff --git a/ansible/roles/jenkins-worker/tasks/partials/docker-host-x64.yml b/ansible/roles/jenkins-worker/tasks/partials/docker-host-x64.yml new file mode 100644 index 000000000..c0a805094 --- /dev/null +++ b/ansible/roles/jenkins-worker/tasks/partials/docker-host-x64.yml @@ -0,0 +1,30 @@ +--- + +- name: docker-host-x64 | check if docker exists + shell: which docker + register: docker_exists + ignore_errors: yes + +- name: docker-host-x64 | install docker from docker.com + when: "docker_exists.stdout == ''" + raw: curl -fsSL get.docker.com | bash - + +- name: docker-host-x64 | copy docker-node-exec.sh + copy: + src: "{{ role_path }}/files/docker-node-exec.sh" + dest: "/usr/local/bin/docker-node-exec.sh" + owner: root + group: root + mode: 0755 + +- name: docker-host-x64 | give {{ server_user }} sudoers access to docker-exec script + lineinfile: + line: "{{ server_user }} ALL=(ALL) NOPASSWD: /usr/local/bin/docker-node-exec.sh" + dest: "/etc/sudoers" + regexp: docker-node-exec.sh$ + +- name: docker-host-x64 | install shyaml + pip: + name: shyaml + state: present + executable: pip3 From d03da9d5cc64489059694aa8c281def83ba4ddb9 Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Sun, 27 Oct 2019 19:43:39 +1100 Subject: [PATCH 3/7] fixup! ansible: docker-host-x64 setup --- ansible/inventory.yml | 2 ++ ansible/roles/baselayout/vars/main.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible/inventory.yml b/ansible/inventory.yml index 33032a9e0..00a61407a 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -116,6 +116,8 @@ hosts: ubuntu1604-x86-2: {ip: 104.131.191.135} ubuntu1804_docker-x64-1: {ip: 134.209.55.216} ubuntu1804_docker-x64-2: {ip: 159.89.183.200} + ubuntu1804_docker-x64-3: {ip: 167.71.99.4} + ubuntu1804_docker-x64-4: {ip: 159.203.120.157} ubuntu1804-x64-1: {ip: 178.128.181.213} - ibm: diff --git a/ansible/roles/baselayout/vars/main.yml b/ansible/roles/baselayout/vars/main.yml index b6d86c6e1..cf973f34c 100644 --- a/ansible/roles/baselayout/vars/main.yml +++ b/ansible/roles/baselayout/vars/main.yml @@ -143,7 +143,7 @@ packages: { ], ubuntu: [ - 'ccache,g++,gcc,g++-6,gcc-6,git,libfontconfig1,sudo,python3-pip', + 'ccache,g++,gcc,g++-6,gcc-6,git,libfontconfig1,sudo,python3-pip,python-setuptools,python3-setuptools', ], ubuntu1404: [ From a7e740bd936a7b52d6e6120c3fa7d979b384c70f Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Fri, 1 Nov 2019 21:20:56 +1100 Subject: [PATCH 4/7] fixup! ansible: docker-host-x64 setup --- .../jenkins-worker/files/docker-node-exec.sh | 30 +++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/ansible/roles/jenkins-worker/files/docker-node-exec.sh b/ansible/roles/jenkins-worker/files/docker-node-exec.sh index e997a5a5b..2827b9651 100644 --- a/ansible/roles/jenkins-worker/files/docker-node-exec.sh +++ b/ansible/roles/jenkins-worker/files/docker-node-exec.sh @@ -45,12 +45,38 @@ set -x image="${image_base}:${image_tag}" # failure to pull is acceptable if Docker Hub is offline or erroring and we have the image docker pull "${image}" || true -docker run \ +#docker run \ +# --init \ +# -e TINI_SUBREAPER=true \ +# -e TINI_KILL_PROCESS_GROUP=true \ +# -e TINI_VERBOSITY=3 \ +# --rm \ +# -v $(pwd):/home/iojs/workspace \ +# -v /home/iojs/.ccache/${image_tag}:/home/iojs/.ccache \ +# -u iojs \ +# "${image}" \ +# /bin/sh -xec "cd /home/iojs/workspace && . ./$exec_script" + +container=$(docker run \ --init \ --rm \ + -d \ -v $(pwd):/home/iojs/workspace \ -v /home/iojs/.ccache/${image_tag}:/home/iojs/.ccache \ -u iojs \ "${image}" \ - /bin/bash -xec "cd /home/iojs/workspace && . ./$exec_script" + tail -f /dev/null) + +sleep 2 + +echo -e "Container is running ($image_tag)...\n" +docker exec $container /bin/sh -c "cat /etc/os-release || true" +echo -e "\n" + +set +e +docker exec -i $container /bin/bash -xec "cd /home/iojs/workspace && . ./$exec_script" +exit_code=$? + +docker stop $container +exit $exit_code From 7b02b79d5bd00815a28ab0b5c9e0f96672ab4f44 Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Thu, 28 Nov 2019 16:42:42 +1100 Subject: [PATCH 5/7] switch docker-hosts to 1910 --- ansible/inventory.yml | 4 ++-- ansible/roles/baselayout/vars/main.yml | 7 ++++++- ansible/roles/jenkins-worker/tasks/main.yml | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ansible/inventory.yml b/ansible/inventory.yml index 00a61407a..6ec1ba893 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -116,8 +116,8 @@ hosts: ubuntu1604-x86-2: {ip: 104.131.191.135} ubuntu1804_docker-x64-1: {ip: 134.209.55.216} ubuntu1804_docker-x64-2: {ip: 159.89.183.200} - ubuntu1804_docker-x64-3: {ip: 167.71.99.4} - ubuntu1804_docker-x64-4: {ip: 159.203.120.157} + ubuntu1910_docker-x64-1: {ip: 167.71.99.4} + ubuntu1910_docker-x64-2: {ip: 159.203.120.157} ubuntu1804-x64-1: {ip: 178.128.181.213} - ibm: diff --git a/ansible/roles/baselayout/vars/main.yml b/ansible/roles/baselayout/vars/main.yml index cf973f34c..b12d213eb 100644 --- a/ansible/roles/baselayout/vars/main.yml +++ b/ansible/roles/baselayout/vars/main.yml @@ -148,5 +148,10 @@ packages: { ubuntu1404: [ 'ntp,gcc-8,g++-8,gcc-6,g++-6,g++-4.8,gcc-4.8,g++-4.9,gcc-4.9,binutils-2.26', - ] + ], + + ubuntu: [ + 'ccache,g++,gcc,g++,git,libfontconfig1,sudo,python3-pip,python-setuptools,python3-setuptools', + ], + } diff --git a/ansible/roles/jenkins-worker/tasks/main.yml b/ansible/roles/jenkins-worker/tasks/main.yml index f6047d575..ede1da5ed 100644 --- a/ansible/roles/jenkins-worker/tasks/main.yml +++ b/ansible/roles/jenkins-worker/tasks/main.yml @@ -105,7 +105,7 @@ creates: "/usr/local/bin/cmake" - name: run docker-host-x64 jenkins-worker setup - when: "'ubuntu1804_docker-x64' in inventory_hostname" + when: "'_docker-x64' in inventory_hostname" include: "{{ role_path }}/tasks/partials/docker-host-x64.yml" # @TODO(mhdawson): get tap2junit working on zOS From a857e056671520c60f4345a4cda1ee8110f97a4e Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Mon, 29 Jun 2020 12:23:37 +1000 Subject: [PATCH 6/7] try 20.04 docker host --- ansible/inventory.yml | 4 ++-- ansible/roles/baselayout/vars/main.yml | 2 +- ansible/roles/docker/vars/main.yml | 2 +- ansible/roles/jenkins-worker/vars/main.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ansible/inventory.yml b/ansible/inventory.yml index 6ec1ba893..a1ec0b995 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -116,8 +116,8 @@ hosts: ubuntu1604-x86-2: {ip: 104.131.191.135} ubuntu1804_docker-x64-1: {ip: 134.209.55.216} ubuntu1804_docker-x64-2: {ip: 159.89.183.200} - ubuntu1910_docker-x64-1: {ip: 167.71.99.4} - ubuntu1910_docker-x64-2: {ip: 159.203.120.157} + ubuntu2004_docker-x64-1: {ip: 167.71.99.4} + ubuntu2004_docker-x64-2: {ip: 159.203.120.157} ubuntu1804-x64-1: {ip: 178.128.181.213} - ibm: diff --git a/ansible/roles/baselayout/vars/main.yml b/ansible/roles/baselayout/vars/main.yml index b12d213eb..e662b5011 100644 --- a/ansible/roles/baselayout/vars/main.yml +++ b/ansible/roles/baselayout/vars/main.yml @@ -23,7 +23,7 @@ sshd_service_map: { sshd_service_name: "{{ sshd_service_map[os]|default(sshd_service_map[os|stripversion])|default('sshd') }}" ntp_service: { - systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804', 'ubuntu1904'], + systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804', 'ubuntu2004'], ntp_package: ['ubuntu1404'] } diff --git a/ansible/roles/docker/vars/main.yml b/ansible/roles/docker/vars/main.yml index 0b30bfcf6..97b06bc98 100644 --- a/ansible/roles/docker/vars/main.yml +++ b/ansible/roles/docker/vars/main.yml @@ -13,7 +13,7 @@ sshd_service_map: { sshd_service_name: "{{ sshd_service_map[os]|default(sshd_service_map[os|stripversion])|default('sshd') }}" ntp_service: { - systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804', 'ubuntu1904'], + systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804', 'ubuntu2004'], ntp_package: ['ubuntu1404'] } diff --git a/ansible/roles/jenkins-worker/vars/main.yml b/ansible/roles/jenkins-worker/vars/main.yml index 8d8dc834c..495952a6c 100644 --- a/ansible/roles/jenkins-worker/vars/main.yml +++ b/ansible/roles/jenkins-worker/vars/main.yml @@ -12,7 +12,7 @@ init: { ibmi: 'ibmi72', macos: 'macos', rhel7: 'rhel7', - systemd: ['centos7', 'debian8', 'debian9', 'debian10', 'fedora', 'ubuntu1604', 'ubuntu1804', 'ubuntu1910'], + systemd: ['centos7', 'debian8', 'debian9', 'debian10', 'fedora', 'ubuntu1604', 'ubuntu1804', 'ubuntu2004'], svc: 'smartos', upstart: ['ubuntu12', 'ubuntu1404'], zos_start: 'zos' From 2de2393db7ed0aae1ae638d2b5daf3ab4f2a189b Mon Sep 17 00:00:00 2001 From: Rod Vagg Date: Mon, 29 Jun 2020 12:39:17 +1000 Subject: [PATCH 7/7] python3 hack --- .../roles/jenkins-worker/tasks/partials/tap2junit/ubuntu.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/roles/jenkins-worker/tasks/partials/tap2junit/ubuntu.yml b/ansible/roles/jenkins-worker/tasks/partials/tap2junit/ubuntu.yml index fe5d82a86..ed0ff4b85 100644 --- a/ansible/roles/jenkins-worker/tasks/partials/tap2junit/ubuntu.yml +++ b/ansible/roles/jenkins-worker/tasks/partials/tap2junit/ubuntu.yml @@ -4,8 +4,12 @@ # ubuntu series: python 2.7 # +# TODO(@rvagg): a hack, how do we handle py3? + - name: install pip package: name=python-pip state=present + when: os != "ubuntu2004" - name: install tap2junit pip: name=tap2junit state=present + when: os != "ubuntu2004"