Add jenkins-slave element for nodepool

This should be the final step needed to stop puppet from running on our images. This also will be the entry point for 3rd party CI users still depending on jenkins. Change-Id: I33a67f980289002618a55f4221dcf195dc4a787f Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-04-26 11:04:54 -04:00
parent b3d8f8f85b
commit 2fe9c2125d
3 changed files with 56 additions and 0 deletions
--- a/nodepool/elements/jenkins-slave/extra-data.d/20-jenkins-user
+++ b/nodepool/elements/jenkins-slave/extra-data.d/20-jenkins-user
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+# TODO(pabelanger): Once we complete remove puppet from our diskimages, we
+# should also remove our default SSH key. Since only 3rdparty CI system would be
+# using this element moving forward, it doesn't make sense to bake in our
+# default key.
+NODEPOOL_SSH_KEY=${NODEPOOL_SSH_KEY:-AAAAB3NzaC1yc2EAAAADAQABAAABAQC6WutNHfM+YdnjeNFeaIpvxqt+9aDn95Ykpmc+fASSjlDZJtOrueH3ch/v08wkE4WQKg03i+t8VonqEwMGmApYA3VzFsURUQbxzlSz5kHlBQSqgz5JTwUmnt1RH5sePL5pkuJ6JgqJ8PxJod6fiD7YDjaKJW/wBzXGnGg2EkgqrkBQXYL4hyaPuSwsQF0Gdwg3QFqXl+R/GrM6FscUkkJzbjqGKI2GhLT8mf2BIMEAiMFhF5Wl4FFrbvhTfPfW+9VdcsiMxCXaxp00n1x1+Y7OqR5AZ/id0Lkz9ZoFVGS901OB/L4xXrvUtI2y+kIYeF6hxfmAl/zhY0eWzwo9lDPz}
+
+if [ -z $NODEPOOL_SSH_KEY ]; then
+    die "Can not find public key for jenkins user!"
+fi
+
+# save the public key inside the chroot
+echo "ssh-rsa $NODEPOOL_SSH_KEY" > $TMP_HOOKS_PATH/jenkins-user-ssh-public-key
--- a/nodepool/elements/jenkins-slave/install.d/20-jenkins-slave
+++ b/nodepool/elements/jenkins-slave/install.d/20-jenkins-slave
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+groupadd jenkins
+useradd -g jenkins -m jenkins
+
+# this was copied from outside the chroot by extras.d
+_pub_key=/tmp/in_target.d/jenkins-user-ssh-public-key
+if [ ! -f $_pub_key ]; then
+    die "Can not find Jenkins public key!"
+fi
+
+mkdir /home/jenkins/.ssh
+chmod 700 /home/jenkins/.ssh
+
+cp $_pub_key /home/jenkins/.ssh/authorized_keys
+chmod 644 /home/jenkins/.ssh/authorized_keys
+
+cat > /home/jenkins/.gitconfig <<EOF
+[user]
+    name = OpenStack Jenkins
+    email = jenkins@openstack.org
+    signingkey = jenkins@openstack.org
+[gitreview]
+    rebase = false
+    username = jenkins
+EOF
+
+# cleanup everything to the right owner
+chown -R jenkins:jenkins /home/jenkins
--- a/nodepool/elements/nodepool-base/element-deps
+++ b/nodepool/elements/nodepool-base/element-deps
@@ -1,3 +1,4 @@
+jenkins-slave
 package-installs
 pip-and-virtualenv
 puppet