particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tools/appsre-build-worker-packer: Run entire workflow in container

Browse source 
Avoids the issue with artifacts that jenkins can't clean up.
This commit is contained in:
sanne 2022-01-13 14:15:18 +01:00 committed by Sanne Raymaekers
parent 2d0bfedc9d
commit a6f40f807d
2 changed files with 84 additions and 101 deletions
Download patch file Download diff file Expand all files Collapse all files

3
distribution/Dockerfile-ubi-packer
View file

@ -8,3 +8,6 @@ RUN ansible-galaxy collection install ansible.posix
RUN curl https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip -o /tmp/awscli.zip RUN curl https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip -o /tmp/awscli.zip
RUN unzip /tmp/awscli.zip RUN unzip /tmp/awscli.zip
RUN aws/install RUN aws/install
# copy in entire workspace
COPY . /osbuild-composer

182
tools/appsre-build-worker-packer.sh
View file

@ -5,22 +5,18 @@ set -exv
COMMIT_SHA=$(git rev-parse HEAD) COMMIT_SHA=$(git rev-parse HEAD)
COMMIT_BRANCH=$(git rev-parse --abbrev-ref HEAD) COMMIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
ON_JENKINS=true
# Use CI variables if available # Use CI variables if available
if [ -n "$CI_COMMIT_SHA" ]; then if [ -n "$CI_COMMIT_SHA" ]; then
ON_JENKINS=false
COMMIT_SHA="$CI_COMMIT_SHA" COMMIT_SHA="$CI_COMMIT_SHA"
fi fi
if [ -n "$CI_COMMIT_BRANCH" ]; then if [ -n "$CI_COMMIT_BRANCH" ]; then
COMMIT_BRANCH="$CI_COMMIT_BRANCH" COMMIT_BRANCH="$CI_COMMIT_BRANCH"
fi fi
# $WORKSPACE is set by jenkins and in gitlab, if [ "$ON_JENKINS" = false ]; then
# for gitlab change it to the current directory
if [ -n "$CI_COMMIT_SHA" ]; then
WORKSPACE="$PWD"
fi
if [ -n "$CI_COMMIT_SHA" ]; then
sudo dnf install -y podman jq sudo dnf install -y podman jq
fi fi
@ -38,127 +34,111 @@ function greenprint {
echo -e "\033[1;32m[$(date -Isecond)] ${1}\033[0m" echo -e "\033[1;32m[$(date -Isecond)] ${1}\033[0m"
} }
KEY_NAME=$(uuidgen)
function cleanup { function cleanup {
set +e set +e
if [ -z "$CI_COMMIT_SHA" ]; then
if [ -n "$AWS_INSTANCE_ID" ]; then
$CONTAINER_RUNTIME run --rm \
-e AWS_ACCESS_KEY_ID="$PACKER_AWS_ACCESS_KEY_ID" \
-e AWS_SECRET_ACCESS_KEY="$PACKER_AWS_SECRET_ACCESS_KEY" \
-e AWS_DEFAULT_REGION="us-east-1" \
"packer:$COMMIT_SHA" aws ec2 terminate-instances \
--instance-ids "$AWS_INSTANCE_ID"
fi
$CONTAINER_RUNTIME run --rm \
-e AWS_ACCESS_KEY_ID="$PACKER_AWS_ACCESS_KEY_ID" \
-e AWS_SECRET_ACCESS_KEY="$PACKER_AWS_SECRET_ACCESS_KEY" \
-e AWS_DEFAULT_REGION="us-east-1" \
"packer:$COMMIT_SHA" aws ec2 delete-key-pair --key-name "$KEY_NAME"
fi
$CONTAINER_RUNTIME rmi "packer:$COMMIT_SHA" $CONTAINER_RUNTIME rmi "packer:$COMMIT_SHA"
} }
trap cleanup EXIT trap cleanup EXIT
# What we will cp and exec
cat > worker-packer.sh<<'EOF'
#!/bin/bash
set -exv
EOF
chmod +x worker-packer.sh
function ec2_rpm_build { function ec2_rpm_build {
RPMBUILD_DIR="./templates/packer/ansible/roles/common/files/rpmbuild/RPMS" cat >> worker-packer.sh <<'EOF'
mkdir -p "$RPMBUILD_DIR" function cleanup {
set +e
greenprint "🚀 Start RHEL Cloud Access image to build rpms on" if [ "$ON_JENKINS" = true ]; then
$CONTAINER_RUNTIME run --rm \ if [ -n "$AWS_INSTANCE_ID" ]; then
-e AWS_ACCESS_KEY_ID="$PACKER_AWS_ACCESS_KEY_ID" \ aws ec2 terminate-instances --instance-ids "$AWS_INSTANCE_ID"
-e AWS_SECRET_ACCESS_KEY="$PACKER_AWS_SECRET_ACCESS_KEY" \
-e AWS_DEFAULT_REGION="us-east-1" \
"packer:$COMMIT_SHA" aws ec2 create-key-pair \
--key-name "$KEY_NAME" \
--query 'KeyMaterial' \
--output text \
> ./keypair.pem
chmod 600 ./keypair.pem
$CONTAINER_RUNTIME run --rm \
-e AWS_ACCESS_KEY_ID="$PACKER_AWS_ACCESS_KEY_ID" \
-e AWS_SECRET_ACCESS_KEY="$PACKER_AWS_SECRET_ACCESS_KEY" \
-e AWS_DEFAULT_REGION="us-east-1" \
"packer:$COMMIT_SHA" aws ec2 run-instances \
--image-id ami-0b0af3577fe5e3532 --instance-type c5.large \
--key-name "$KEY_NAME" \
--tag-specifications "ResourceType=instance,Tags=[{Key=commit,Value=$COMMIT_SHA},{Key=name,Value=rpm-builder-$COMMIT_SHA}]" \
> ./rpminstance.json
AWS_INSTANCE_ID=$(jq -r '.Instances[].InstanceId' "rpminstance.json")
$CONTAINER_RUNTIME run --rm \
-e AWS_ACCESS_KEY_ID="$PACKER_AWS_ACCESS_KEY_ID" \
-e AWS_SECRET_ACCESS_KEY="$PACKER_AWS_SECRET_ACCESS_KEY" \
-e AWS_DEFAULT_REGION="us-east-1" \
"packer:$COMMIT_SHA" aws ec2 wait instance-running \
--instance-ids "$AWS_INSTANCE_ID"
$CONTAINER_RUNTIME run --rm \
-e AWS_ACCESS_KEY_ID="$PACKER_AWS_ACCESS_KEY_ID" \
-e AWS_SECRET_ACCESS_KEY="$PACKER_AWS_SECRET_ACCESS_KEY" \
-e AWS_DEFAULT_REGION="us-east-1" \
"packer:$COMMIT_SHA" aws ec2 describe-instances \
--instance-ids "$AWS_INSTANCE_ID" \
> "instances.json"
RPMBUILDER_HOST=$(jq -r '.Reservations[].Instances[].PublicIpAddress' "instances.json")
for LOOP_COUNTER in {0..30}; do
if ssh -i ./keypair.pem -o ConnectTimeout=5 -o StrictHostKeyChecking=no "ec2-user@$RPMBUILDER_HOST" true; then
break
fi fi
sleep 5 if [ -n "$KEY_NAME" ]; then
echo "sleeping, try #$LOOP_COUNTER" aws ec2 delete-key-pair --key-name "$KEY_NAME"
done fi
fi
}
trap cleanup EXIT
cat > tools/appsre-ansible/inventory <<EOF KEY_NAME=$(uuidgen)
RPMBUILD_DIR="/osbuild-composer/templates/packer/ansible/roles/common/files/rpmbuild/RPMS"
mkdir -p "$RPMBUILD_DIR"
aws ec2 create-key-pair --key-name "$KEY_NAME" --query 'KeyMaterial' --output text > /osbuild-composer/keypair.pem
chmod 600 /osbuild-composer/keypair.pem
aws ec2 run-instances --image-id ami-0b0af3577fe5e3532 --instance-type c5.large --key-name "$KEY_NAME" \
--tag-specifications "ResourceType=instance,Tags=[{Key=commit,Value=$COMMIT_SHA},{Key=name,Value=rpm-builder-$COMMIT_SHA}]" \
> ./rpminstance.json
AWS_INSTANCE_ID=$(jq -r '.Instances[].InstanceId' "rpminstance.json")
aws ec2 wait instance-running --instance-ids "$AWS_INSTANCE_ID"
aws ec2 describe-instances --instance-ids "$AWS_INSTANCE_ID" > "instances.json"
RPMBUILDER_HOST=$(jq -r '.Reservations[].Instances[].PublicIpAddress' "instances.json")
for LOOP_COUNTER in {0..30}; do
if ssh -i /osbuild-composer/keypair.pem -o ConnectTimeout=5 -o StrictHostKeyChecking=no "ec2-user@$RPMBUILDER_HOST" true; then
break
fi
sleep 5
echo "sleeping, try #$LOOP_COUNTER"
done
cat > /osbuild-composer/tools/appsre-ansible/inventory <<EOF2
[rpmbuilder] [rpmbuilder]
$RPMBUILDER_HOST ansible_ssh_private_key_file=/osbuild-composer/keypair.pem ansible_ssh_common_args='-o StrictHostKeyChecking=no -o ServerAliveInterval=5' $RPMBUILDER_HOST ansible_ssh_private_key_file=/osbuild-composer/keypair.pem ansible_ssh_common_args='-o StrictHostKeyChecking=no -o ServerAliveInterval=5'
EOF EOF2
greenprint "📦 Building the rpms" ansible-playbook \
$CONTAINER_RUNTIME run --rm \ -i /osbuild-composer/tools/appsre-ansible/inventory \
-v "$WORKSPACE:/osbuild-composer:z" \ /osbuild-composer/tools/appsre-ansible/rpmbuild.yml \
"packer:$COMMIT_SHA" ansible-playbook \ -e "COMPOSER_COMMIT=$COMMIT_SHA" \
-i /osbuild-composer/tools/appsre-ansible/inventory \ -e "OSBUILD_COMMIT=$(jq -r '.["rhel-8.4"].dependencies.osbuild.commit' /osbuild-composer/Schutzfile)"
/osbuild-composer/tools/appsre-ansible/rpmbuild.yml \ EOF
-e "COMPOSER_COMMIT=$COMMIT_SHA" \
-e "OSBUILD_COMMIT=$(jq -r '.["rhel-8.4"].dependencies.osbuild.commit' Schutzfile)"
} }
# Use prebuilt rpms on CI
SKIP_TAGS="rpmcopy"
if [ "$ON_JENKINS" = true ]; then
# Append rpm build to script when running on AppSRE's infra
ec2_rpm_build
SKIP_TAGS="rpmrepo"
fi
# Format: PACKER_IMAGE_USERS="\"000000000000\",\"000000000001\""
if [ -n "$PACKER_IMAGE_USERS" ]; then
cat >> worker-packer.sh <<'EOF'
cat > /osbuild-composer/templates/packer/share.auto.pkrvars.hcl <<EOF2
image_users = [$PACKER_IMAGE_USERS]
EOF2
EOF
fi
cat >> worker-packer.sh <<'EOF'
/usr/bin/packer build /osbuild-composer/templates/packer
EOF
greenprint "📦 Building the packer container" greenprint "📦 Building the packer container"
$CONTAINER_RUNTIME build \ $CONTAINER_RUNTIME build \
-f distribution/Dockerfile-ubi-packer \ -f distribution/Dockerfile-ubi-packer \
-t "packer:$COMMIT_SHA" \ -t "packer:$COMMIT_SHA" \
. .
if [ -n "$CI_COMMIT_SHA" ]; then
# Use prebuilt rpms on CI
SKIP_TAGS="rpmcopy"
else
# Build rpms when running on AppSRE's infra
ec2_rpm_build
SKIP_TAGS="rpmrepo"
fi
# Format: PACKER_IMAGE_USERS="\"000000000000\",\"000000000001\""
if [ -n "$PACKER_IMAGE_USERS" ]; then
cat > templates/packer/share.auto.pkrvars.hcl <<EOF
image_users = [$PACKER_IMAGE_USERS]
EOF
fi
greenprint "🖼️ Building the image using packer container" greenprint "🖼️ Building the image using packer container"
# Use an absolute path to packer binary to avoid conflicting cracklib-packer symling in /usr/sbin, # Use an absolute path to packer binary to avoid conflicting cracklib-packer symling in /usr/sbin,
# installed during ansible installation process # installed during ansible installation process
$CONTAINER_RUNTIME run --rm \ $CONTAINER_RUNTIME run --rm \
-e AWS_ACCESS_KEY_ID="$PACKER_AWS_ACCESS_KEY_ID" \
-e AWS_SECRET_ACCESS_KEY="$PACKER_AWS_SECRET_ACCESS_KEY" \
-e AWS_DEFAULT_REGION="us-east-1" \
-e COMMIT_SHA="$COMMIT_SHA" \
-e ON_JENKINS="$ON_JENKINS" \
-e PACKER_IMAGE_USERS="$PACKER_IMAGE_USERS" \
-e PKR_VAR_aws_access_key="$PACKER_AWS_ACCESS_KEY_ID" \ -e PKR_VAR_aws_access_key="$PACKER_AWS_ACCESS_KEY_ID" \
-e PKR_VAR_aws_secret_key="$PACKER_AWS_SECRET_ACCESS_KEY" \ -e PKR_VAR_aws_secret_key="$PACKER_AWS_SECRET_ACCESS_KEY" \
-e PKR_VAR_image_name="osbuild-composer-worker-$COMMIT_BRANCH-$COMMIT_SHA" \ -e PKR_VAR_image_name="osbuild-composer-worker-$COMMIT_BRANCH-$COMMIT_SHA" \
-e PKR_VAR_composer_commit="$COMMIT_SHA" \ -e PKR_VAR_composer_commit="$COMMIT_SHA" \
-e PKR_VAR_osbuild_commit="$(jq -r '.["rhel-8.4"].dependencies.osbuild.commit' Schutzfile)" \ -e PKR_VAR_osbuild_commit="$(jq -r '.["rhel-8.4"].dependencies.osbuild.commit' Schutzfile)" \
-e PKR_VAR_ansible_skip_tags="$SKIP_TAGS" \ -e PKR_VAR_ansible_skip_tags="$SKIP_TAGS" \
-v "$WORKSPACE:/osbuild-composer:z" \ "packer:$COMMIT_SHA" /osbuild-composer/worker-packer.sh
"packer:$COMMIT_SHA" /usr/bin/packer build /osbuild-composer/templates/packer