1
0
Fork 0

updated container and deployment to store ssh keys for github uploads

This commit is contained in:
Christian Kühnel 2020-03-23 15:34:23 +01:00
parent 9f6480fa64
commit 24e751f6ec
5 changed files with 26 additions and 5 deletions

View file

@ -3,7 +3,7 @@ FROM debian:testing
RUN echo "deb [trusted=yes] http://apt.llvm.org/buster/ llvm-toolchain-buster-10 main\n$(cat /etc/apt/sources.list)" > /etc/apt/sources.list;\ RUN echo "deb [trusted=yes] http://apt.llvm.org/buster/ llvm-toolchain-buster-10 main\n$(cat /etc/apt/sources.list)" > /etc/apt/sources.list;\
apt-get update ;\ apt-get update ;\
apt-get install -y --no-install-recommends locales \ apt-get install -y --no-install-recommends locales \
cmake ninja-build git ca-certificates clang lld ccache python3 build-essential \ cmake ninja-build git ca-certificates clang lld ccache python3 build-essential openssh-client\
clang-tidy clang-format \ clang-tidy clang-format \
python3-psutil arcanist zip wget \ python3-psutil arcanist zip wget \
openjdk-11-jdk \ openjdk-11-jdk \
@ -13,8 +13,6 @@ RUN echo "deb [trusted=yes] http://apt.llvm.org/buster/ llvm-toolchain-buster-10
# Make python3 default (needed by git-clang-format and others). # Make python3 default (needed by git-clang-format and others).
RUN rm -f /usr/bin/python && ln -s /usr/bin/python3 /usr/bin/python RUN rm -f /usr/bin/python && ln -s /usr/bin/python3 /usr/bin/python
# required for openssh server
RUN mkdir -p /run/sshd
ARG user=jenkins ARG user=jenkins
ARG group=jenkins ARG group=jenkins
@ -31,6 +29,10 @@ RUN cd /scripts ;\
COPY start_agent.sh report_results.sh /scripts/ COPY start_agent.sh report_results.sh /scripts/
# store SSH known hosts for github, required for ssh authentication
RUN mkdir -p /home/${user}/.ssh
COPY known_hosts /home/${user}/.ssh/known_hosts
# install python dependencies for the scripts # install python dependencies for the scripts
# ADD will checks that contentent of a file has changed. # ADD will checks that contentent of a file has changed.
ADD "https://raw.githubusercontent.com/google/llvm-premerge-checks/master/scripts/requirements.txt" requirements.txt ADD "https://raw.githubusercontent.com/google/llvm-premerge-checks/master/scripts/requirements.txt" requirements.txt

View file

@ -0,0 +1,4 @@
|1|bJzGXTLCQ4FZRpq+RQu+NfQOugI=|45lSmEMlpfJx7897p2Th4tZj6rM= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==|1|CA5hL0xfZtRH24/h4PieLzQaV5E=|gEuFUpdJK9mwpp1PH8RFi3DFLis= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
|1|K6qo2Wrdv5gQipncPel2cFaNT/w=|k+coolWLGXsJ/oM4G9PBY3GLJQQ= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
|1|hIGbHg7+Z8TQrZ/OEiRxa7f9TZs=|h6iCbIE5wV5wjMo4auBXVXgNWtU= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
|1|PdWOrYv48xcuktJiKm97UQTg2d0=|zZImMkWTMV8HfZAUv34OvQvKyds= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

View file

@ -15,6 +15,11 @@
SSD_ROOT="/mnt/disks/ssd0" SSD_ROOT="/mnt/disks/ssd0"
AGENT_ROOT="${SSD_ROOT}/agent" AGENT_ROOT="${SSD_ROOT}/agent"
SSH_KEY_SOURCE="/github-ssh-key"
SSH_KEY_TARGET="/home/jenkins/.ssh"
# wipe the local cache on restart
rm -rf "$SSD_ROOT"
# prepare root folder for Jenkins agent # prepare root folder for Jenkins agent
mkdir -p "${AGENT_ROOT}" mkdir -p "${AGENT_ROOT}"
@ -24,7 +29,12 @@ chown -R jenkins:jenkins "${AGENT_ROOT}"
mkdir -p "${CCACHE_PATH}" mkdir -p "${CCACHE_PATH}"
chown -R jenkins:jenkins "${CCACHE_PATH}" chown -R jenkins:jenkins "${CCACHE_PATH}"
# TODO(kuhnel): wipe the disk(s) on startup # copy ssh keys to user jenkins
mkdir -p ${SSH_KEY_TARGET}
cp ${SSH_KEY_SOURCE}/* ${SSH_KEY_TARGET}
chmod 700 ${SSH_KEY_TARGET}
chmod 600 ${SSH_KEY_TARGET}/*
chown -R jenkins:jenkins ${SSH_KEY_TARGET}
# start swarm agent as user jenkins # start swarm agent as user jenkins
# description of arguments: https://wiki.jenkins.io/display/JENKINS/Swarm+Plugin # description of arguments: https://wiki.jenkins.io/display/JENKINS/Swarm+Plugin

View file

@ -25,6 +25,6 @@ IMAGE_NAME="${1%/}"
QUALIFIED_NAME="${GCR_HOSTNAME}/${GCP_PROJECT}/${IMAGE_NAME}" QUALIFIED_NAME="${GCR_HOSTNAME}/${GCP_PROJECT}/${IMAGE_NAME}"
cd "${DIR}/${IMAGE_NAME}" cd "${DIR}/${IMAGE_NAME}"
docker build --no-cache -t ${IMAGE_NAME} . docker build -t ${IMAGE_NAME} .
docker tag ${IMAGE_NAME} ${QUALIFIED_NAME} docker tag ${IMAGE_NAME} ${QUALIFIED_NAME}
docker push ${QUALIFIED_NAME} docker push ${QUALIFIED_NAME}

View file

@ -177,6 +177,8 @@ spec:
mountPath: /mnt/nfs mountPath: /mnt/nfs
- name: ssd - name: ssd
mountPath: /mnt/disks/ssd0 mountPath: /mnt/disks/ssd0
- mountPath: /github-ssh-key
name: github-ssh-key
volumes: volumes:
- name: nfs-pvc - name: nfs-pvc
persistentVolumeClaim: persistentVolumeClaim:
@ -186,5 +188,8 @@ spec:
# directory location on host # directory location on host
path: /mnt/disks/ssd0 path: /mnt/disks/ssd0
type: Directory type: Directory
- name: github-ssh-key
secret:
secretName: github-ssh-key
nodeSelector: nodeSelector:
cloud.google.com/gke-nodepool: jenkins-agents cloud.google.com/gke-nodepool: jenkins-agents