updated container and deployment to store ssh keys for github uploads

2020-03-23 15:34:23 +01:00 · 2020-03-23 15:34:23 +01:00 · 24e751f6ec
commit 24e751f6ec
parent 9f6480fa64
5 changed files with 26 additions and 5 deletions
--- a/containers/agent-debian-testing-ssd/Dockerfile
+++ b/containers/agent-debian-testing-ssd/Dockerfile
@ -3,7 +3,7 @@ FROM debian:testing
 RUN echo "deb [trusted=yes] http://apt.llvm.org/buster/ llvm-toolchain-buster-10 main\n$(cat /etc/apt/sources.list)" > /etc/apt/sources.list;\
    apt-get update ;\
    apt-get install -y --no-install-recommends locales \
-        cmake ninja-build git ca-certificates clang lld ccache python3 build-essential \
+        cmake ninja-build git ca-certificates clang lld ccache python3 build-essential openssh-client\
        clang-tidy clang-format \
        python3-psutil arcanist zip wget \
        openjdk-11-jdk \
@ -13,8 +13,6 @@ RUN echo "deb [trusted=yes] http://apt.llvm.org/buster/ llvm-toolchain-buster-10

 # Make python3 default (needed by git-clang-format and others).
 RUN rm -f /usr/bin/python && ln -s /usr/bin/python3 /usr/bin/python
-# required for openssh server
-RUN mkdir -p /run/sshd

 ARG user=jenkins
 ARG group=jenkins
@ -31,6 +29,10 @@ RUN cd /scripts ;\

 COPY start_agent.sh report_results.sh /scripts/

+# store SSH known hosts for github, required for ssh authentication
+RUN mkdir -p /home/${user}/.ssh
+COPY known_hosts /home/${user}/.ssh/known_hosts
+
 # install python dependencies for the scripts
 # ADD will checks that contentent of a file has changed.
 ADD "https://raw.githubusercontent.com/google/llvm-premerge-checks/master/scripts/requirements.txt" requirements.txt
--- a/containers/agent-debian-testing-ssd/known_hosts
+++ b/containers/agent-debian-testing-ssd/known_hosts
@ -0,0 +1,4 @@
+|1|bJzGXTLCQ4FZRpq+RQu+NfQOugI=|45lSmEMlpfJx7897p2Th4tZj6rM= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==|1|CA5hL0xfZtRH24/h4PieLzQaV5E=|gEuFUpdJK9mwpp1PH8RFi3DFLis= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+|1|K6qo2Wrdv5gQipncPel2cFaNT/w=|k+coolWLGXsJ/oM4G9PBY3GLJQQ= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+|1|hIGbHg7+Z8TQrZ/OEiRxa7f9TZs=|h6iCbIE5wV5wjMo4auBXVXgNWtU= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+|1|PdWOrYv48xcuktJiKm97UQTg2d0=|zZImMkWTMV8HfZAUv34OvQvKyds= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
--- a/containers/agent-debian-testing-ssd/start_agent.sh
+++ b/containers/agent-debian-testing-ssd/start_agent.sh
@ -15,6 +15,11 @@

 SSD_ROOT="/mnt/disks/ssd0"
 AGENT_ROOT="${SSD_ROOT}/agent"
+SSH_KEY_SOURCE="/github-ssh-key"
+SSH_KEY_TARGET="/home/jenkins/.ssh"
+
+# wipe the local cache on restart
+rm -rf "$SSD_ROOT"

 # prepare root folder for Jenkins agent
 mkdir -p "${AGENT_ROOT}"
@ -24,7 +29,12 @@ chown -R jenkins:jenkins "${AGENT_ROOT}"
 mkdir -p "${CCACHE_PATH}"
 chown -R jenkins:jenkins "${CCACHE_PATH}"

-# TODO(kuhnel): wipe the disk(s) on startup
+# copy ssh keys to user jenkins
+mkdir -p ${SSH_KEY_TARGET}
+cp ${SSH_KEY_SOURCE}/* ${SSH_KEY_TARGET}
+chmod 700 ${SSH_KEY_TARGET}
+chmod 600 ${SSH_KEY_TARGET}/*
+chown -R jenkins:jenkins ${SSH_KEY_TARGET}

 # start swarm agent as user jenkins
 # description of arguments: https://wiki.jenkins.io/display/JENKINS/Swarm+Plugin
--- a/containers/build_deploy.sh
+++ b/containers/build_deploy.sh
@ -25,6 +25,6 @@ IMAGE_NAME="${1%/}"
 QUALIFIED_NAME="${GCR_HOSTNAME}/${GCP_PROJECT}/${IMAGE_NAME}"

 cd "${DIR}/${IMAGE_NAME}"
-docker build --no-cache -t ${IMAGE_NAME} .
+docker build -t ${IMAGE_NAME} .
 docker tag ${IMAGE_NAME} ${QUALIFIED_NAME}
 docker push ${QUALIFIED_NAME}
--- a/kubernetes/jenkins.yaml
+++ b/kubernetes/jenkins.yaml
@ -177,6 +177,8 @@ spec:
          mountPath: /mnt/nfs          
        - name: ssd 
          mountPath: /mnt/disks/ssd0
+        - mountPath: /github-ssh-key
+          name: github-ssh-key
      volumes:
      - name: nfs-pvc
        persistentVolumeClaim:
@ -186,5 +188,8 @@ spec:
          # directory location on host
          path: /mnt/disks/ssd0
          type: Directory          
+      - name: github-ssh-key
+        secret:
+          secretName: github-ssh-key
      nodeSelector:
        cloud.google.com/gke-nodepool: jenkins-agents