Gitiles
Code Review Sign In
gerrit.opencord.org / ci-management / 9708ed83910db324595d3739e32110888c3c6bde^! / . / packer / provision / baseline.yaml
commit9708ed83910db324595d3739e32110888c3c6bde[log] [tgz]
authorHung-Wei Chiu <hungwei@opennetworking.org>Wed Apr 14 14:20:08 2021 -0700
committerHung-Wei Chiu <hungwei@opennetworking.org>Wed Apr 21 16:37:34 2021 -0700
tree5764b398f633fda6063ae61fc0f9ffaeebc36db1
parentf0bf4025e480e8110be920ec5ec260467899fc2b [diff] [blame]
Update Jenkins executors to Ubuntu 18.04

- Upgrade global jjb to v0.57.4
- Upgrade packer to v0.7.0
- Use the Ansible approach to install most required services

Change-Id: I1a56db63e14d847971131eef96828004c6ae4478

diff --git a/packer/provision/baseline.yaml b/packer/provision/baseline.yaml
new file mode 100644
index 0000000..1aad172
--- /dev/null
+++ b/packer/provision/baseline.yaml

@@ -0,0 +1,88 @@
+---
+- hosts: all
+  become_user: root
+  become_method: sudo
+
+  pre_tasks:
+    - include_role: name=lfit.system-update
+
+    - name: Install base packages
+      include_tasks: "{{item}}"
+      with_first_found:
+        - "install-base-pkgs-{{ansible_distribution}}.yaml"
+        - "install-base-pkgs-{{ansible_os_family}}.yaml"
+
+    - name: Allow jenkins user sudo access
+      copy:
+        dest: /etc/sudoers.d/89-jenkins-user-defaults
+        content: |
+          Defaults:jenkins !requiretty
+          jenkins ALL=(ALL) NOPASSWD:ALL
+        validate: /usr/sbin/visudo -cf %s
+      become: yes
+
+  roles:
+    - lfit.lf-recommended-tools
+    - lfit.lf-dev-libs
+    - lfit.haveged-install
+    - lfit.java-install
+    - lfit.python-install
+    - lfit.shellcheck-install
+    - lfit.sysstat-install
+
+  post_tasks:
+    - name: Update /etc/nss-switch.conf to map hostname with IP
+      # Update /etc/nss-switch.conf to map hostname with IP instead of using `localhost`
+      # from /etc/hosts which is required by some of the Java API's to avoid
+      # Java UnknownHostException: "Name or service not known" error.
+      replace:
+        path: /etc/nsswitch.conf
+        regexp: '^hosts:(\s+.*)?$'
+        replace: 'hosts:\1 myhostname'
+        backup: yes
+      become: yes
+
+    - name: Disable periodic updates
+      block:
+        - name: Set all periodic update options to 0
+          replace:
+            path: /etc/apt/apt.conf.d/10periodic
+            regexp: "1"
+            replace: "0"
+        - name: Set all auto update options to 0
+          replace:
+            path: /etc/apt/apt.conf.d/20auto-upgrades
+            regexp: "1"
+            replace: "0"
+        - name: Disable unattended upgrades
+          lineinfile:
+            path: /etc/apt/apt.conf.d/10periodic
+            regexp: "^APT::Periodic::Unattended-Upgrade"
+            line: 'APT::Periodic::Unattended-Upgrade "0";'
+            create: yes
+        - name: Uninstall unattended upgrades
+          apt:
+            name: unattended-upgrades
+            state: absent
+        - name: Prevent unattended upgrades from being installed
+          dpkg_selections:
+            name: unattended-upgrades
+            selection: hold
+        - name: Disable apt-daily.* systemd services
+          systemd:
+            name: "{{service}}"
+            enabled: no
+            masked: yes
+          with_items:
+            - apt-daily.service
+            - apt-daily.timer
+            - apt-daily-upgrade.service
+            - apt-daily-upgrade.timer
+          loop_control:
+            loop_var: service
+      when: ansible_distribution == 'Ubuntu'
+      become: yes
+
+    - name: System Reseal
+      script: system-reseal.sh
+      become: true