diff --git a/ansible/inventory.yml b/ansible/inventory.yml index 33032a9e0..a1ec0b995 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -116,6 +116,8 @@ hosts: ubuntu1604-x86-2: {ip: 104.131.191.135} ubuntu1804_docker-x64-1: {ip: 134.209.55.216} ubuntu1804_docker-x64-2: {ip: 159.89.183.200} + ubuntu2004_docker-x64-1: {ip: 167.71.99.4} + ubuntu2004_docker-x64-2: {ip: 159.203.120.157} ubuntu1804-x64-1: {ip: 178.128.181.213} - ibm: diff --git a/ansible/roles/baselayout/vars/main.yml b/ansible/roles/baselayout/vars/main.yml index bf1f85564..e662b5011 100644 --- a/ansible/roles/baselayout/vars/main.yml +++ b/ansible/roles/baselayout/vars/main.yml @@ -23,7 +23,7 @@ sshd_service_map: { sshd_service_name: "{{ sshd_service_map[os]|default(sshd_service_map[os|stripversion])|default('sshd') }}" ntp_service: { - systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804'], + systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804', 'ubuntu2004'], ntp_package: ['ubuntu1404'] } @@ -143,10 +143,15 @@ packages: { ], ubuntu: [ - 'ccache,g++,gcc,g++-6,gcc-6,git,libfontconfig1,sudo,python3-pip', + 'ccache,g++,gcc,g++-6,gcc-6,git,libfontconfig1,sudo,python3-pip,python-setuptools,python3-setuptools', ], ubuntu1404: [ 'ntp,gcc-8,g++-8,gcc-6,g++-6,g++-4.8,gcc-4.8,g++-4.9,gcc-4.9,binutils-2.26', - ] + ], + + ubuntu: [ + 'ccache,g++,gcc,g++,git,libfontconfig1,sudo,python3-pip,python-setuptools,python3-setuptools', + ], + } diff --git a/ansible/roles/docker/vars/main.yml b/ansible/roles/docker/vars/main.yml index 3ad6f777f..97b06bc98 100644 --- a/ansible/roles/docker/vars/main.yml +++ b/ansible/roles/docker/vars/main.yml @@ -13,7 +13,7 @@ sshd_service_map: { sshd_service_name: "{{ sshd_service_map[os]|default(sshd_service_map[os|stripversion])|default('sshd') }}" ntp_service: { - systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804'], + systemd: ['debian8', 'debian9', 'debian10', 'ubuntu1604', 'ubuntu1804', 'ubuntu2004'], ntp_package: ['ubuntu1404'] } diff --git a/ansible/roles/jenkins-worker/files/docker-node-exec.sh b/ansible/roles/jenkins-worker/files/docker-node-exec.sh new file mode 100644 index 000000000..2827b9651 --- /dev/null +++ b/ansible/roles/jenkins-worker/files/docker-node-exec.sh @@ -0,0 +1,82 @@ +#!/bin/bash + +## This script is designed to be enabled in /etc/sudoers for the `iojs` user, +## the only privileged access that user has to Docker. +## Since there is considerable access given by selecting arbitrary images and +## execution commands, there are still security concerns and additions of new +## images and changes to existing ones as well as the Bash that's executed +## inside them should be monitored for malicious activity. + +set -e + +OPTIND=1 +image_base="rvagg/node-ci-containers" +image_tag= +exec_script="node-ci-exec.sh" + +while getopts "i:" opt; do + case "$opt" in + i) + if [[ "$OPTARG" =~ ^[a-zA-Z0-9_-]+$ ]]; then + image_tag=$OPTARG + else + echo "Bad -i value" + exit 1 + fi + ;; + *) + echo "Wut?" + exit 1 + esac +done + +if test "$image_tag" = ""; then + echo "Did not provide the docker image [-i]" + exit 1 +fi + +if [ ! -f "$(pwd)/$exec_script" ]; then + echo "Did not provide a node-ci-exec.sh script" + exit 1 +fi + +set -x + +image="${image_base}:${image_tag}" +# failure to pull is acceptable if Docker Hub is offline or erroring and we have the image +docker pull "${image}" || true +#docker run \ +# --init \ +# -e TINI_SUBREAPER=true \ +# -e TINI_KILL_PROCESS_GROUP=true \ +# -e TINI_VERBOSITY=3 \ +# --rm \ +# -v $(pwd):/home/iojs/workspace \ +# -v /home/iojs/.ccache/${image_tag}:/home/iojs/.ccache \ +# -u iojs \ +# "${image}" \ +# /bin/sh -xec "cd /home/iojs/workspace && . ./$exec_script" + +container=$(docker run \ + --init \ + --rm \ + -d \ + -v $(pwd):/home/iojs/workspace \ + -v /home/iojs/.ccache/${image_tag}:/home/iojs/.ccache \ + -u iojs \ + "${image}" \ + tail -f /dev/null) + +sleep 2 + +echo -e "Container is running ($image_tag)...\n" +docker exec $container /bin/sh -c "cat /etc/os-release || true" +echo -e "\n" + +set +e +docker exec -i $container /bin/bash -xec "cd /home/iojs/workspace && . ./$exec_script" +exit_code=$? + +docker stop $container + +exit $exit_code diff --git a/ansible/roles/jenkins-worker/tasks/main.yml b/ansible/roles/jenkins-worker/tasks/main.yml index 1a4b16a23..ede1da5ed 100644 --- a/ansible/roles/jenkins-worker/tasks/main.yml +++ b/ansible/roles/jenkins-worker/tasks/main.yml @@ -104,6 +104,10 @@ cmd: "./bootstrap --verbose && make -j6 VERBOSE=1 && make install" creates: "/usr/local/bin/cmake" +- name: run docker-host-x64 jenkins-worker setup + when: "'_docker-x64' in inventory_hostname" + include: "{{ role_path }}/tasks/partials/docker-host-x64.yml" + # @TODO(mhdawson): get tap2junit working on zOS - name: prepare installing tap2junit when: type != "release" and not os|startswith("zos") diff --git a/ansible/roles/jenkins-worker/tasks/partials/docker-host-x64.yml b/ansible/roles/jenkins-worker/tasks/partials/docker-host-x64.yml new file mode 100644 index 000000000..c0a805094 --- /dev/null +++ b/ansible/roles/jenkins-worker/tasks/partials/docker-host-x64.yml @@ -0,0 +1,30 @@ +--- + +- name: docker-host-x64 | check if docker exists + shell: which docker + register: docker_exists + ignore_errors: yes + +- name: docker-host-x64 | install docker from docker.com + when: "docker_exists.stdout == ''" + raw: curl -fsSL get.docker.com | bash - + +- name: docker-host-x64 | copy docker-node-exec.sh + copy: + src: "{{ role_path }}/files/docker-node-exec.sh" + dest: "/usr/local/bin/docker-node-exec.sh" + owner: root + group: root + mode: 0755 + +- name: docker-host-x64 | give {{ server_user }} sudoers access to docker-exec script + lineinfile: + line: "{{ server_user }} ALL=(ALL) NOPASSWD: /usr/local/bin/docker-node-exec.sh" + dest: "/etc/sudoers" + regexp: docker-node-exec.sh$ + +- name: docker-host-x64 | install shyaml + pip: + name: shyaml + state: present + executable: pip3 diff --git a/ansible/roles/jenkins-worker/tasks/partials/tap2junit/ubuntu.yml b/ansible/roles/jenkins-worker/tasks/partials/tap2junit/ubuntu.yml index fe5d82a86..ed0ff4b85 100644 --- a/ansible/roles/jenkins-worker/tasks/partials/tap2junit/ubuntu.yml +++ b/ansible/roles/jenkins-worker/tasks/partials/tap2junit/ubuntu.yml @@ -4,8 +4,12 @@ # ubuntu series: python 2.7 # +# TODO(@rvagg): a hack, how do we handle py3? + - name: install pip package: name=python-pip state=present + when: os != "ubuntu2004" - name: install tap2junit pip: name=tap2junit state=present + when: os != "ubuntu2004" diff --git a/ansible/roles/jenkins-worker/vars/main.yml b/ansible/roles/jenkins-worker/vars/main.yml index 1b75e6995..495952a6c 100644 --- a/ansible/roles/jenkins-worker/vars/main.yml +++ b/ansible/roles/jenkins-worker/vars/main.yml @@ -12,7 +12,7 @@ init: { ibmi: 'ibmi72', macos: 'macos', rhel7: 'rhel7', - systemd: ['centos7', 'debian8', 'debian9', 'debian10', 'fedora', 'ubuntu1604', 'ubuntu1804'], + systemd: ['centos7', 'debian8', 'debian9', 'debian10', 'fedora', 'ubuntu1604', 'ubuntu1804', 'ubuntu2004'], svc: 'smartos', upstart: ['ubuntu12', 'ubuntu1404'], zos_start: 'zos'