Fixing Nodepool app

* Adding credentials configuration to Jenkins app
 * Fixed nodepool configuration
 * Added retrieving API token from Jenkins
 * Providing parameters for configuration of OpenStack cloud
 * Fixed providing public and private keys to nodepool nodes

Change-Id: I5c8be834f33870b9733df0041e96ffe94a9618b4

murano-apps/Jenkins/package/Classes/Jenkins.yaml

@@ -211,6 +211,17 @@ Methods:
       - $script: $resource.string('upgrade_git_plugin.sh')
       - $linux.runCommand($.instance.agent, $script)
 
+  configureCredentials:
+    Body:
+      - $._environment.reporter.report($this, 'Configuring standard SSH credentials for jenkins slaves...')
+      - $resources: new(sys:Resources)
+      - $template: $resources.yaml('ConfigureCredentials.template')
+      - $.instance.agent.call($template, $resources)
+
+      # Return current credentials id. (see scripts/configure_credentials/files/credentials.xml)
+      - $._environment.reporter.report($this, 'SSH Credentials are configured.')
+      - Return: '8039f3e0-1eb6-4505-81bc-c616a31fd7d1'
+
   destroy:
     Body:
       - $.reportDestroyed()

murano-apps/Jenkins/package/Resources/ConfigureCredentials.template

@@ -0,0 +1,19 @@
+FormatVersion: 2.1.0
+Version: 1.0.0
+Name: Configure Credentials
+
+Body: |
+  return configureCredentials().stdout
+
+Scripts:
+  configureCredentials:
+    Type: Application
+    Version: 1.0.0
+    EntryPoint: configure_credentials.sh
+    Files:
+      - configure_credentials/files/credentials.xml
+      - configure_credentials/manifests/init.pp
+      - configure_credentials.pp
+    Options:
+      captureStdout: true
+      captureStderr: true

murano-apps/Jenkins/package/Resources/scripts/configure_credentials.pp

@@ -0,0 +1,4 @@
+node default {
+  class { 'configure_credentials':
+  }
+}

murano-apps/Jenkins/package/Resources/scripts/configure_credentials.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# No error if already exists.
+mkdir -p /etc/puppet/modules/configure_credentials/manifests/
+mkdir -p /etc/puppet/modules/configure_credentials/files/
+
+cp configure_credentials/manifests/init.pp /etc/puppet/modules/configure_credentials/manifests/
+cp configure_credentials/files/credentials.xml /etc/puppet/modules/configure_credentials/files/
+
+puppet apply configure_credentials.pp

murano-apps/Jenkins/package/Resources/scripts/configure_credentials/files/credentials.xml

@@ -0,0 +1,22 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<com.cloudbees.plugins.credentials.SystemCredentialsProvider plugin="credentials@1.18">
+  <domainCredentialsMap class="hudson.util.CopyOnWriteMap$Hash">
+    <entry>
+      <com.cloudbees.plugins.credentials.domains.Domain>
+        <specifications/>
+      </com.cloudbees.plugins.credentials.domains.Domain>
+      <java.util.concurrent.CopyOnWriteArrayList>
+        <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.10">
+          <scope>GLOBAL</scope>
+          <id>8039f3e0-1eb6-4505-81bc-c616a31fd7d1</id>
+          <description>Standard SSH credentials for jenkins slaves.</description>
+          <username>jenkins</username>
+          <passphrase></passphrase>
+          <privateKeySource class="com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey$FileOnMasterPrivateKeySource">
+            <privateKeyFile>/var/lib/jenkins/.ssh/id_rsa</privateKeyFile>
+          </privateKeySource>
+        </com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey>
+      </java.util.concurrent.CopyOnWriteArrayList>
+    </entry>
+  </domainCredentialsMap>
+</com.cloudbees.plugins.credentials.SystemCredentialsProvider>

murano-apps/Jenkins/package/Resources/scripts/configure_credentials/manifests/init.pp

@@ -0,0 +1,15 @@
+class configure_credentials (
+) {
+  service { 'jenkins':
+    ensure => running,
+    enable => true,
+  }
+  file { '/var/lib/jenkins/credentials.xml':
+      notify  => Service['jenkins'],
+      ensure  => present,
+      owner   => 'jenkins',
+      group   => 'jenkins',
+      mode    => '0644',
+      content => file('configure_credentials/credentials.xml'),
+    }
+}

murano-apps/Jenkins/package/Resources/scripts/deploy.sh

@@ -5,4 +5,3 @@ bash gen_rsa_key.sh
 puppet apply site.pp
 
 sudo apt-get install default-jdk -y
-

murano-apps/Nodepool/package/Classes/Nodepool.yaml

@@ -5,6 +5,7 @@ Namespaces:
   sys: io.murano.system
   ci_cd_pipeline_murano_app: org.openstack.ci_cd_pipeline_murano_app
   puppet: org.openstack.ci_cd_pipeline_murano_app.puppet
+  conf: io.murano.configuration
 
 Name: Nodepool
 
@@ -17,7 +18,17 @@ Properties:
     Contract: $.string().notNull()
   jenkins:
     Contract: $.class(ci_cd_pipeline_murano_app:Jenkins).notNull()
-  # TODO(nmakhotkin) Add zuul property.
+  zuul:
+    Contract: $.class(ci_cd_pipeline_murano_app:Zuul).notNull()
+  # Openstack credentials.
+  authUrl:
+    Contract: $.string().notNull()
+  username:
+    Contract: $.string().notNull()
+  tenant:
+    Contract: $.string().notNull()
+  password:
+    Contract: $.string().notNull()
 
 Methods:
   .init:
@@ -49,6 +60,16 @@ Methods:
       - $._environment.reporter.report($this, 'Waiting while Jenkins is being deployed...')
       - $.jenkins.deploy()
 
+      - $._environment.reporter.report($this, 'Configure Jenkins gearman plugin...')
+      - $.jenkins.configureGearmanPlugin($.detectPrimaryIP($.zuul.instance))
+      - $._environment.reporter.report($this, 'Gearman plugin is configured.')
+
+      - $credentialsId: $.jenkins.configureCredentials()
+      - $.instance.setHieraValue('jenkins_credentials_id', $credentialsId)
+
+      - $._environment.reporter.report($this, 'Waiting while Zuul is being deployed...')
+      - $.zuul.deploy()
+      - $._environment.reporter.report($this, 'Loading configuration data for nodepool...')
       - $.createConfiguration()
 
       - $resources: new(sys:Resources)
@@ -62,13 +83,44 @@ Methods:
 
   createConfiguration:
     Body:
+      - $jenkinsKey: $.jenkins.instance.getHieraValue('jenkins_ssh_private_key_contents')
+      - $.instance.setHieraValue(
+          'nodepool_ssh_private_key',
+          $jenkinsKey
+          )
+      - $jenkinsPubKey: $.jenkins.instance.getHieraValue('jenkins_ssh_pubkey_contents')
+      # Extract only the key itself without 'ssh-rsa' and 'username@fqdn'.
+      - $jenkinsPubKey: $jenkinsPubKey.split(' ')[1]
+
+      - $.instance.setHieraValue('nodepool_ssh_pubkey', $jenkinsPubKey)
       - $.instance.setHieraValue('nodepool_mysql_password', 'nodepool')
       - $.instance.setHieraValue('nodepool_mysql_root_password', 'root')
       - $.instance.setHieraValue('jenkins_api_user', $.jenkins.ldap.ldapRootUser)
-      - $.instance.setHieraValue('jenkins_api_key', $.jenkins.ldap.ldapRootPass)
+      - $.instance.setHieraValue('zuul_host', $.detectPrimaryIP($.zuul.instance))
+
+      - $.instance.setHieraValue('os_auth_url', $.authUrl)
+      - $.instance.setHieraValue('os_tenant_name', $.tenant)
+      - $.instance.setHieraValue('os_username', $.username)
+      - $.instance.setHieraValue('os_password', $.password)
+
       - $jenkinsHost: $.detectPrimaryIP($.jenkins.instance)
+
       - $.instance.setHieraValue('jenkins_host', $jenkinsHost)
 
+      - $netInfo: $._environment.defaultNetworks.environment.describe()
+      - $.instance.setHieraValue('nodepool_network_uuid', $netInfo.netId)
+
+      # Command to retrieve Jenkins API Token.
+      - $linux: new(conf:Linux)
+      - $resource: new(sys:Resources)
+      - $replacements:
+          "%USERNAME%": $.jenkins.ldap.ldapRootUser
+          "%PASSWORD%": $.jenkins.ldap.ldapRootPass
+          "%JENKINS_HOST%": $jenkinsHost
+      - $script: $resource.string('get_api_token.sh').replace($replacements)
+      - $apiKey: $linux.runCommand($.instance.agent, $script).stdout
+      - $.instance.setHieraValue('jenkins_api_key', $apiKey)
+
   detectPrimaryIP:
     Arguments:
       - instance:

murano-apps/Nodepool/package/Resources/DeployNodepool.template

@@ -13,10 +13,9 @@ Scripts:
     Version: 1.0.0
     EntryPoint: deploy_nodepool.sh
     Files:
-      - 'gen_rsa_key.sh'
-      - 'site.pp'
-      - 'nodepool_configure/templates/nodepool.yaml.erb'
-      - 'nodepool_configure/manifests/init.pp'
+      - site.pp
+      - nodepool_configure/templates/nodepool.yaml.erb
+      - nodepool_configure/manifests/init.pp
     Options:
       captureStdout: false
       captureStderr: true

murano-apps/Nodepool/package/Resources/get_api_token.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+username="%USERNAME%"
+password="%PASSWORD%"
+jenkins_host="%JENKINS_HOST%"
+cmd="curl --user '$username:$password' http://${jenkins_host}:8080/me/configure | grep -o '\"[0-9a-f]\{32\}\"' | cut -d '\"' -f 2"
+
+# Jenkins might not be ready at this point.
+# Retry logic is used here.
+token=$(eval $cmd)
+tries=10
+
+while [ -z $token ]; do
+  sleep 20
+  token=$(eval $cmd)
+
+  tries=$((tries-1))
+
+  if [ $tries -lt 1 ]; then
+    break
+  fi
+done
+
+echo $token

murano-apps/Nodepool/package/Resources/scripts/deploy_nodepool.sh

@@ -2,11 +2,9 @@
 
 logger Deploying Nodepool...
 
-/bin/bash ./gen_rsa_key.sh
-
-mkdir /etc/puppet/modules/nodepool_configure
-mkdir /etc/puppet/modules/nodepool_configure/manifests
-mkdir /etc/puppet/modules/nodepool_configure/templates
+# No error if already exists.
+mkdir -p /etc/puppet/modules/nodepool_configure/manifests
+mkdir -p /etc/puppet/modules/nodepool_configure/templates
 
 cp nodepool_configure/manifests/init.pp /etc/puppet/modules/nodepool_configure/manifests/
 cp nodepool_configure/templates/nodepool.yaml.erb /etc/puppet/modules/nodepool_configure/templates/

murano-apps/Nodepool/package/Resources/scripts/gen_rsa_key.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-logger Generate SSH Private key for nodepool
-
-datafile='/etc/puppet/hieradata/murano.yaml'
-
-#
-# nodepool ssh key
-#
-ssh-keygen -t rsa -N "" -f nodepool_ssh.key -q
-
-content=`cat nodepool_ssh.key`
-puppet apply --execute "yaml_setting { 'example': target=>'$datafile', key=>'nodepool_ssh_private_key', value=>'$content', }"
-
-exit

murano-apps/Nodepool/package/Resources/scripts/nodepool_configure/manifests/init.pp

@@ -1,6 +1,8 @@
 class nodepool_configure (
   $jenkins_host    = undef,
+  $jenkins_user    = undef,
   $zuul_host       = undef,
+  $net_id          = undef,
 ) {
   file { '/etc/nodepool/nodepool.yaml':
     ensure  => present,

murano-apps/Nodepool/package/Resources/scripts/nodepool_configure/templates/nodepool.yaml.erb

@@ -5,54 +5,57 @@ images-dir: /opt/nodepool_dib
 
 cron:
   check: '*/15 * * * *'
-  cleanup: '0 * * * *'
-  image-update: '30 * * * *'
+  cleanup: '*/1 * * * *'
+  image-update: '14 14 * * *'
 
 zmq-publishers:
-  - tcp://localhost:8888 # Jenkins host
+  - tcp://<%= @jenkins_host %>:8888 # Jenkins host
 
 gearman-servers: # Zuul host
-  - host: localhost
+  - host: <%= @zuul_host %>
     port: 4730
 
 diskimages:
-- name: ubuntu-trusty
-  elements:
-    - ubuntu
-    - vm
-    - simple-init
-  release: trusty
-  env-vars:
+  - name: ubuntu-trusty
+    elements:
+      - ubuntu
+      - vm
+      - growroot
+      - infra-package-needs
+      - jenkins-slave
+    release: trusty
+    env-vars:
+      TMPDIR: /opt/dib_tmp
       DIB_IMAGE_CACHE: /opt/dib_cache
+      DIB_APT_LOCAL_CACHE: '0'
+      DIB_DISABLE_APT_CLEANUP: '1'
 
 labels:
-  - name: ubuntu-server
-    image: ubuntu-trusty-node
+  - name: ubuntu-trusty
+    image: ubuntu-trusty
     min-ready: 2
     providers:
       - name: openstack-provider
 
 providers:
   - name: openstack-provider
-    keypair: 'nmakhotkin'
     region-name: 'RegionOne'
-    username: 'dev-user'
-    password: 'sw0rdfish'
-    auth-url: 'http://172.16.167.137:5000/v2.0'
-    project-name: 'dev'
+    username: <%= @os_username %>
+    password: <%= @os_password %>
+    auth-url: <%= @os_auth_url %>
+    project-name: <%= @os_tenant_name %>
     image-type: qcow2
     max-servers: 20
     use-neutron: true
     networks:
-      - name: dev-net
-      #- id: uuid
+      - net-id: <%= @net_id %>
     images:
-      - name: ubuntu-trusty-node
+      - name: ubuntu-trusty
         diskimage: ubuntu-trusty
         min-ram: 2048
         private-key: /home/nodepool/.ssh/id_rsa
         setup: prepare_node.sh
-        username: ubuntu
+        username: jenkins
 
 targets:
   - name: jenkins

murano-apps/Nodepool/package/Resources/scripts/site.pp

@@ -18,22 +18,55 @@ node default {
     revision                      => 'master',
     vhost_name                    => $::fqdn,
     statsd_host                   => '',
+    elements_dir                  => '/etc/project-config/nodepool/elements',
+    scripts_dir                   => '/etc/project-config/nodepool/scripts',
     image_log_document_root       => '/var/log/nodepool/image',
     image_log_periodic_cleanup    => true,
     enable_image_log_via_http     => true,
-    environment                   => {},
+    environment                   => {
+      'NODEPOOL_SSH_KEY' => hiera('nodepool_ssh_pubkey'),
+      'NODEPOOL_PRIVATE_SSH_KEY' => hiera('nodepool_ssh_private_key')
+    },
     jenkins_masters               => [
       {
         name        => 'jenkins',
         url         => sprintf('http://%s:8080', hiera('jenkins_host')),
         user        => hiera('jenkins_api_user', 'username'),
-        apikey      => hiera('jenkins_api_key')
+        apikey      => hiera('jenkins_api_key'),
+        credentials => hiera('jenkins_credentials_id')
       }
-    ]
+    ],
+    require                       => Class['project_config']
   }
 
+  $os_auth_url = hiera('os_auth_url')
+  $os_tenant_name = hiera('os_tenant_name')
+  $os_username = hiera('os_username')
+  $os_password = hiera('os_password')
+
   class { 'nodepool_configure':
     jenkins_host => hiera('jenkins_host'),
-    require => Class['nodepool']
+    jenkins_user => hiera('jenkins_api_user'),
+    zuul_host    => hiera('zuul_host'),
+    net_id       => hiera('nodepool_network_uuid'),
+    require      => Class['nodepool']
+  }
+
+  exec { 'start_nodepool' :
+    command     => 'service nodepool start',
+    path        => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+    require     => [
+      Class['nodepool'],
+      Class['nodepool_configure'],
+    ]
+  }
+
+  exec { 'start_nodepool_builder' :
+    command     => 'service nodepool-builder start',
+    path        => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
+    require     => [
+      Class['nodepool'],
+      Class['nodepool_configure'],
+    ]
   }
 }

murano-apps/Nodepool/package/UI/ui.yaml

@@ -5,6 +5,11 @@ Application:
     type: org.openstack.ci_cd_pipeline_murano_app.Nodepool
   name: $.appConfiguration.name
   jenkins: $.appConfiguration.Jenkins
+  zuul: $.appConfiguration.Zuul
+  authUrl: $.openstackConfiguration.authUrl
+  username: $.openstackConfiguration.username
+  tenant: $.openstackConfiguration.tenant
+  password: $.openstackConfiguration.password
   instance:
     ?:
       type: org.openstack.ci_cd_pipeline_murano_app.puppet.PuppetInstance
@@ -34,9 +39,39 @@ Forms:
           required: false
         - name: Jenkins
           type: org.openstack.ci_cd_pipeline_murano_app.Jenkins
+          label: Jenkins
           required: true
           description: >-
             Specify Jenkins.
+        - name: Zuul
+          type: org.openstack.ci_cd_pipeline_murano_app.Zuul
+          label: Zuul
+          required: true
+          description: >-
+            Specify Zuul.
+
+  - openstackConfiguration:
+      fields:
+        - name: authUrl
+          type: string
+          label: Keystone Auth URL
+          description: Provide Keystone Auth URL.
+          initial: http://192.168.0.2:5000/v2.0
+        - name: username
+          type: string
+          label: Keystone username
+          description: Provide Keystone username.
+          initial: admin
+        - name: tenant
+          type: string
+          label: Keystone tenant
+          description: Provide Keystone tenant name.
+          initial: admin
+        - name: password
+          type: string
+          description: Provide Keystone password.
+          label: Keystone password
+          initial: secret
 
   - instanceConfiguration:
       fields:

murano-apps/Nodepool/package/manifest.yaml

@@ -17,4 +17,4 @@ Require:
   org.openstack.ci_cd_pipeline_murano_app.puppet.SystemConfig:
   org.openstack.ci_cd_pipeline_murano_app.puppet.Puppet:
   org.openstack.ci_cd_pipeline_murano_app.Jenkins:
-# TODO(nmakhotkin): Add zuul to requirements.
+  org.openstack.ci_cd_pipeline_murano_app.Zuul: