From: Andrew Grimberg Date: Fri, 22 Sep 2017 14:23:19 +0000 (-0700) Subject: Base sigul macros and scripts X-Git-Tag: v0.14.0~7^2 X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=645a9eac13aa19e8307a61ad178586f71c339cf3;p=releng%2Fglobal-jjb.git Base sigul macros and scripts Before any jobs can be created using sigul we need to have some basic scaffolding for setting up the sigul enviroment. Changes to lftools to extend the signing command to leverage sigul will then allow us to create a meta macro which combines this scaffolding into a single cohesive macro. Change-Id: I080c1eb7271a2a64559b2c2f7b1011be1e9a8b16 Signed-off-by: Andrew Grimberg --- diff --git a/jjb/lf-macros.yaml b/jjb/lf-macros.yaml index 1167ca4e..14c23933 100644 --- a/jjb/lf-macros.yaml +++ b/jjb/lf-macros.yaml @@ -137,6 +137,20 @@ - file-id: '{settings-file}' variable: 'SETTINGS_FILE' +- builder: + name: lf-provide-sigul-configuration + # Push configuration files to interact with sigul + builders: + - config-file-provider: + files: + - file-id: sigul-config + variable: SIGUL_CONFIG + - file-id: sigul-password + variable: SIGUL_PASSWORD + - file-id: sigul-pki + variable: SIGUL_PKI + - shell: !include-raw-escape: ../shell/sigul-configuration.sh + - builder: name: lf-pip-install builders: @@ -161,6 +175,12 @@ # DO NOT fail build if any of the above lines fail. exit 0 +- builder: + name: lf-provide-sigul-configuration-cleanup + # Clear sigul configuration files after we're done using them + builders: + - shell: !include-raw-escape: ../shell/sigul-configuration-cleanup.sh + - builder: name: lf-rtd-trigger-build builders: @@ -177,6 +197,13 @@ - ../shell/tox-install.sh - ../shell/rtd-verify.sh +- builder: + name: lf-sigul-install + # Requires that Jenkins be configured with SIGUL_BRIDGE_IP as a global + # Environment variable + builder: + - shell: !include-raw-escape: ../shell/sigul-install.sh + ############## # PARAMETERS # ############## @@ -204,6 +231,7 @@ name: MVN # Sets an env var for shell scripts to be able to call the dynamically # installed maven without having to calculate the path themselves. + # yamllint disable-line rule:line-length default: '/w/tools/hudson.tasks.Maven_MavenInstallation/{mvn-version}/bin/mvn' description: 'Maven selector to be used by shell scripts' - string: @@ -333,6 +361,7 @@ exec-pattern: "**/**.exec" class-pattern: "**/classes" source-pattern: "**/src/main/java" + # yamllint disable-line rule:line-length exclusion-pattern: "**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**" status-update: true targets: diff --git a/shell/sigul-configuration-cleanup.sh b/shell/sigul-configuration-cleanup.sh new file mode 100644 index 00000000..57c761c9 --- /dev/null +++ b/shell/sigul-configuration-cleanup.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# SPDX-License-Identifier: EPL-1.0 +############################################################################## +# Copyright (c) 2017 The Linux Foundation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +############################################################################## +echo "---> sigul-configuration-cleanup.sh" + +# Do NOT cause build failure if any of the rm calls fail +set +e + +rm "${SIGUL_CONFIG}" "${SIGUL_PASSWORD}" "${SIGUL_PKI}" +# Sigul pki configuration is designed to live in ${HOME}/sigul +rm -rf "${HOME}/sigul*" + +# DO NOT fail build if any of the above lines fail. +exit 0 diff --git a/shell/sigul-configuration.sh b/shell/sigul-configuration.sh new file mode 100644 index 00000000..bdc4de67 --- /dev/null +++ b/shell/sigul-configuration.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# SPDX-License-Identifier: EPL-1.0 +############################################################################## +# Copyright (c) 2017 The Linux Foundation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +############################################################################## +echo "---> sigul-configuration.sh" + +# Ensure we fail the job if any steps fail. +set -eu -o pipefail + +# Sigul pki configuration is designed to live in ${HOME}/sigul +cd "${HOME}" + +# decrypt the sigul-pki tarball and extract it +gpg --batch --passphrase-file "${SIGUL_PASSWORD}" -o sigul.tar.xz \ + -d "${SIGUL_PKI}" +tar Jxf sigul.tar.xz + +# Any future use of $SIGUL_PASSWORD needs to have it null terminated +sed -i 's/$/\x0/' "${SIGUL_PASSWORD}" + diff --git a/shell/sigul-install.sh b/shell/sigul-install.sh new file mode 100644 index 00000000..71db7869 --- /dev/null +++ b/shell/sigul-install.sh @@ -0,0 +1,41 @@ +#!/bin/bash +# SPDX-License-Identifier: EPL-1.0 +############################################################################## +# Copyright (c) 2017 The Linux Foundation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +############################################################################## +echo "---> sigul-install.sh" + +# Ensure we fail the job if any steps fail. +set -eu -o pipefail + +# Setup sigul RPM repo +echo "[fedora-infra-sigul] +name=Fedora builder packages for sigul +baseurl=https://infrastructure.fedoraproject.org/repo/infra/epel\$releasever-infra/\$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=https://infrastructure.fedoraproject.org/repo/infra/RPM-GPG-KEY-INFRA-TAGS +includepkgs=sigul* +skip_if_unavailable=True" > fedora-infra-sigul.repo + +sudo cp fedora-infra-sigul.repo /etc/yum.repos.d +rm fedora-infra-sigul.repo + +# install sigul +sudo yum install -y -q sigul + +# configure /etc/hosts with the sigul bridge hostname +# This is needed as build minions can't always get DNS resolution +# on the bridge +BRIDGE_HOST=$(grep bridge-hostname "$SIGUL_CONFIG" | awk '{print $2}') + +# SIGUL_BRIDGE_IP must be defined as a Jenkins env variable +cp /etc/hosts hosts +echo -e "$SIGUL_BRIDGE_IP\t$BRIDGE_HOST" >> hosts +sudo cp hosts /etc/hosts +rm hosts