Added stuff related to the CI NG development instance

Change-Id: I7775e3da2ba7b77bae3fa0d5c80d742dd08afaac

devel/jenkins/jobs/builders/update-jenkins-post-job.sh

@@ -0,0 +1,23 @@
+#!/bin/bash -xe
+
+
+echo "This is job for update jenkins jobs after merge"
+
+git clone ssh://nextgen-ci01-dev@review.fuel-infra.org:29418/$ZUUL_PROJECT .
+
+tox -e nextgen-ci
+
+source ".tox/nextgen-ci/bin/activate"
+
+cat > jenkins_jobs.ini << EOF
+[jenkins]
+user=${JJB_USER}
+password=${JJB_PASS}
+url=https://ci01-dev.ng.mirantis.net/
+query_plugins_info=False
+[job_builder]
+ignore_cache=True
+recursive=True
+EOF
+
+jenkins-jobs --flush-cache --conf jenkins_jobs.ini update --delete-old jenkins/jobs

devel/jenkins/jobs/macros.yaml

@@ -0,0 +1,102 @@
+#
+# Configurable repository sources
+#
+- scm:
+    name: openstack
+    scm:
+      - git:
+         url: 'https://git.openstack.org/openstack/{scm-repo}.git'
+         branches:
+          - '{scm-branch}'
+         basedir: '{scm-basedir}'
+
+- scm:
+    name: fuel-infra
+    scm:
+      - git:
+          url: 'ssh://nextgen-ci01-dev@review.fuel-infra.org:29418/{scm-repo}.git'
+          basedir: '{scm-basedir}'
+          skip-tag: true
+          branches:
+            - '{scm-branch}'
+
+- scm:
+    name: zuul_repo
+    scm:
+      - git:
+          url: $ZUUL_URL/$ZUUL_PROJECT
+          branches:
+            - $ZUUL_BRANCH
+
+#
+# Repository source with gerrit changes
+#
+- scm:
+    name: zuul_repo_trigger
+    scm:
+      - git:
+          basedir: '{scm-basedir}'
+          branches:
+            - $ZUUL_BRANCH
+          remotes:
+            - gerrit:
+                refspec: $ZUUL_REF
+                url: $ZUUL_URL/$ZUUL_PROJECT
+#
+# Static repositories
+#
+
+
+#
+# SSH credentials
+#
+- wrapper:
+    name: nextgen-ci01-dev
+    wrappers:
+      - ssh-agent-credentials:
+          users:
+            - 'TBD'
+
+- wrapper:
+    name: 'ng-cleanup'
+    wrappers:
+      - workspace-cleanup
+
+#
+# Publishers
+#
+- publisher:
+    name: logs-private
+    publishers:
+      - archive:
+          allow-empty: true
+          artifacts: 'logs/*'
+          latest-only: false
+
+#
+# Builders
+#
+- builder:
+    name: check-tox
+    builders:
+      - shell: 'tox -v -e {tox-test}'
+
+- builder:
+    name: get-from-zuul-container
+    builders:
+      - shell: |
+          git clone ssh://nextgen-ci01-dev@review.fuel-infra.org:29418/nextgen/microservices
+          mkdir -p containers/$ZUUL_PROJECT
+          cd containers/$ZUUL_PROJECT
+          git clone ssh://nextgen-ci01-dev@review.fuel-infra.org:29418/$ZUUL_PROJECT .
+          git fetch $ZUUL_URL/$ZUUL_PROJECT $ZUUL_REF
+          git checkout FETCH_HEAD
+
+- builder:
+    name: get-from-zuul
+    builders:
+      - shell: |
+          git clone ssh://nextgen-ci01-dev@review.fuel-infra.org:29418/$ZUUL_PROJECT .
+          git fetch $ZUUL_URL/$ZUUL_PROJECT $ZUUL_REF
+          git checkout FETCH_HEAD
+          git status

devel/jenkins/jobs/nextgen-post-jobs.yaml

@@ -0,0 +1,16 @@
+- job:
+    name: update-jenkins-jobs
+    description: |
+      Update jenkins jobs after merge
+    node: standard
+    builders:
+      - shell: !include-raw builders/update-jenkins-post-job.sh
+    concurrent: true
+    wrappers:
+      - ng-cleanup
+      - nextgen-ci-jenkins
+      - inject-passwords:
+          global: true
+    triggers:
+      - zuul
+

devel/jenkins/jobs/verify-ci.yaml

@@ -0,0 +1,47 @@
+#
+# Jobs used to verify syntax in CI repository
+#
+
+# Shell
+- job-template:
+    name: verify-bashate-{repo}
+    builders:
+      - get-from-zuul
+      - check-tox:
+          tox-test: bashate
+    concurrent: true
+    description: |
+      Bashate syntax test
+    node: standard
+    wrappers:
+      - ng-cleanup
+      - nextgen-ci-jenkins
+
+# JJB
+- job-template:
+    name: verify-jjb-{repo}
+    builders:
+      - get-from-zuul
+      - check-tox:
+          tox-test: nextgen-ci
+    concurrent: true
+    description: |
+      JJB syntax test
+    node: standard
+    wrappers:
+      - ng-cleanup
+      - nextgen-ci-jenkins
+
+- project:
+    name: verify-ci-bashate
+    jobs:
+       - 'verify-bashate-{repo}'
+    repo:
+       - 'project-config'
+
+- project:
+    name: verify-ci-jjb
+    jobs:
+       - 'verify-jjb-{repo}'
+    repo:
+       - 'project-config'

devel/jenkins/jobs/verify-nextgen.yaml

@@ -0,0 +1,9 @@
+- project:
+    name: verify-tox-tests
+    jobs:
+      - 'verify-tox-{tox-test}':
+          tox-test:
+            - pep8
+            - py27
+            - bashate
+            - py34

devel/nodepool/elements/dpkg/README.rst

@@ -0,0 +1,22 @@
+====
+dpkg
+====
+Provide dpkg specific image building glue.
+
+The ubuntu element needs customisations at the start and end of the image build
+process that do not apply to RPM distributions, such as using the host machine
+HTTP proxy when installing packages. These customisations live here, where they
+can be used by any dpkg based element.
+
+The dpkg specific version of install-packages is also kept here.
+
+### Environment Variables ###
+
+* DIB\_ADD\_APT\_KEYS: If an extra or updated apt key is needed then define
+  DIB\_ADD\_APT\_KEYS with the path to a folder. Any key files inside will be
+  added to the key ring before any apt-get commands take place.
+* DIB\_APT\_LOCAL\_CACHE: You can use this variable to disable the internal cache
+  of the /var/cache/apt/archives directory by setting it to 0. The default is to bind
+  mount the $DIB_IMAGE_CACHE/apt/$DISTRO_NAME directory in
+  /var/cache/apt/archives, this to cache the .deb files downloaded during the image
+  creation.

devel/nodepool/elements/dpkg/bin/install-packages

@@ -0,0 +1,73 @@
+#!/bin/bash
+
+# Copyright 2012 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+# install-packages package [package ...]
+
+ACTION=install
+MAP_ELEMENT=""
+
+SCRIPTNAME=$(basename $0)
+function show_options () {
+    echo "Usage: $SCRIPTNAME [package ...]"
+    echo
+    echo "Options:"
+    echo "    -u          -- update all packages"
+    echo "    -e          -- erase/remove packages"
+    echo "    -m          -- use custom element package map (Example: -m nova)"
+    exit 0
+}
+
+install_deb_packages () {
+    DEBIAN_FRONTEND=noninteractive \
+        http_proxy=${http_proxy:-} https_proxy=${https_proxy:-} \
+        no_proxy=${no_proxy:-} \
+        apt-get --option "Dpkg::Options::=--force-confold" --assume-yes "$@"
+}
+
+TEMP=$(getopt -o hudem: -n $SCRIPTNAME -- "$@")
+if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
+eval set -- "$TEMP"
+
+while true ; do
+    case "$1" in
+        -u) install_deb_packages dist-upgrade; exit 0;;
+        -e) ACTION="remove"; shift;;
+        -m) MAP_ELEMENT=$2; shift 2;;
+        -h) show_options;;
+        --) shift; break ;;
+        *) echo "Error: unsupported option $1."; exit 1;;
+    esac
+done
+
+PKGS=$@
+if [ -n "$MAP_ELEMENT" ]; then
+    if ! PKGS=$(pkg-map --element $MAP_ELEMENT $@); then
+        echo "bin/pkg-map error. $PKGS"
+        exit 1
+    fi
+fi
+
+if [ -z "${PKGS}" ]; then
+    echo "Not running install-packages $ACTION with empty packages list"
+else
+    install_deb_packages $ACTION $PKGS
+fi

devel/nodepool/elements/dpkg/cleanup.d/40-unblock-daemons

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+[ -n "$TARGET_ROOT" ]
+
+sudo mv $TARGET_ROOT/sbin/start-stop-daemon.REAL $TARGET_ROOT/sbin/start-stop-daemon
+
+if [ -f $TARGET_ROOT/sbin/initctl.REAL ]; then
+    sudo mv $TARGET_ROOT/sbin/initctl.REAL $TARGET_ROOT/sbin/initctl
+fi
+
+sudo rm $TARGET_ROOT/usr/sbin/policy-rc.d

devel/nodepool/elements/dpkg/cleanup.d/50-remove-img-build-proxy

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+[ -n "$TARGET_ROOT" ]
+
+# Undo our proxy support
+sudo rm -f $TARGET_ROOT/etc/apt/apt.conf.d/60img-build-proxy

devel/nodepool/elements/dpkg/cleanup.d/60-untrim-dpkg

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+[ -n "$TARGET_ROOT" ]
+
+sudo rm $TARGET_ROOT/etc/dpkg/dpkg.cfg.d/02apt-speedup
+sudo rm $TARGET_ROOT/etc/apt/apt.conf.d/no-languages

devel/nodepool/elements/dpkg/element-deps

@@ -0,0 +1,2 @@
+manifests
+package-installs

devel/nodepool/elements/dpkg/extra-data.d/01-copy-apt-keys

@@ -0,0 +1,39 @@
+#!/bin/bash
+#
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+DIB_ADD_APT_KEYS=${DIB_ADD_APT_KEYS:-""}
+if [ -z "${DIB_ADD_APT_KEYS}" ]; then
+    echo "DIB_ADD_APT_KEYS is not set - not importing keys"
+    exit 0
+fi
+
+DIR=${TMP_MOUNT_PATH}/tmp/apt_keys
+if [ -e ${DIR} ]; then
+    echo "${DIR} already exists!"
+    exit 1
+fi
+sudo mkdir -p ${DIR}
+
+# Copy to DIR
+for KEY in $(find ${DIB_ADD_APT_KEYS} -type f); do
+    sudo cp -L ${KEY} ${DIR}
+done

devel/nodepool/elements/dpkg/finalise.d/99-clean-up-cache

@@ -0,0 +1,10 @@
+#!/bin/bash
+# Do an apt-get clean. This will free some space.
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+apt-get clean

devel/nodepool/elements/dpkg/finalise.d/99-write-dpkg-manifest

@@ -0,0 +1,35 @@
+#!/bin/bash
+#
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+DPKG_MANIFEST_NAME=dib-manifest-dpkg-$(basename ${IMAGE_NAME})
+
+# Write the json preamble
+echo '{"packages": [' > ${DIB_MANIFEST_IMAGE_DIR}/${DPKG_MANIFEST_NAME}
+
+# Write a json-format output for the packages installed
+format='{"package": "${binary:Package}","arch": "${Architecture}","version": "${Version}","status": "${db:Status-Abbrev}"},'
+# Use the configurable dpkg --show output as a manifest
+dpkg-query --show --showformat="${format}" | tee -a ${DIB_MANIFEST_IMAGE_DIR}/${DPKG_MANIFEST_NAME}
+
+# Finish off the json structure and make it easier for human inspection
+sed -i -e 's/,$/\n]}/g' -e 's/\(},\)/    \1\n/g' ${DIB_MANIFEST_IMAGE_DIR}/${DPKG_MANIFEST_NAME}

devel/nodepool/elements/dpkg/pre-install.d/00-disable-apt-recommends

@@ -0,0 +1,15 @@
+#!/bin/bash
+# Prevent apt from installing recommended packages
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+dd of=/etc/apt/apt.conf.d/95disable-recommends << _EOF_
+APT::Install-Recommends "0";
+Apt::Install-Suggests "0";
+_EOF_
+
+

devel/nodepool/elements/dpkg/pre-install.d/01-dpkg-install-bin

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+install -m 0755 -o root -g root $(dirname $0)/../bin/* /usr/local/bin

devel/nodepool/elements/dpkg/pre-install.d/02-add-apt-keys

@@ -0,0 +1,35 @@
+#!/bin/bash
+#
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+KEY_DIRECTORY=/tmp/apt_keys
+if [ ! -d "${KEY_DIRECTORY}" ]; then
+    exit 0
+fi
+
+for KEY in ${KEY_DIRECTORY}/*; do
+    if ! file -b "${KEY}" | grep -q 'PGP public key block'; then
+        echo "Skipping ${KEY}, not a valid GPG public key"
+        continue
+    fi
+
+    apt-key add ${KEY}
+done

devel/nodepool/elements/dpkg/pre-install.d/99-apt-get-update

@@ -0,0 +1,10 @@
+#!/bin/bash
+# Do an apt-get update, so that packages can be installed.
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+apt-get -y update

devel/nodepool/elements/dpkg/root.d/50-build-with-http-cache

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+[ -n "$TARGET_ROOT" ]
+
+# If we have a network proxy, use it.
+if [ -n "${http_proxy:-}" ] ; then
+    sudo dd of=$TARGET_ROOT/etc/apt/apt.conf.d/60img-build-proxy << _EOF_
+Acquire::http::Proxy "$http_proxy";
+_EOF_
+fi

devel/nodepool/elements/dpkg/root.d/60-block-apt-translations

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+[ -n "$TARGET_ROOT" ]
+
+# Configure APT not to fetch translations files
+sudo dd of=$TARGET_ROOT/etc/apt/apt.conf.d/95no-translations <<EOF
+APT::Acquire::Languages "none";
+EOF
+
+# And now make sure that we don't fall foul of Debian bug 641967
+find $TARGET_ROOT/var/lib/apt/lists/ -path $TARGET_ROOT/var/lib/apt/lists/partial -prune -o -type f -name '*_i18n_Translation-*' -print -exec sudo rm -f {} +

devel/nodepool/elements/dpkg/root.d/99-block-daemons

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+[ -n "$TARGET_ROOT" ]
+
+# Prevent package installs from starting daemons
+sudo mv $TARGET_ROOT/sbin/start-stop-daemon $TARGET_ROOT/sbin/start-stop-daemon.REAL
+sudo dd of=$TARGET_ROOT/sbin/start-stop-daemon <<EOF
+#!/bin/sh
+echo
+echo "Warning: Fake start-stop-daemon called, doing nothing"
+EOF
+sudo chmod 755 $TARGET_ROOT/sbin/start-stop-daemon
+
+if [ -f $TARGET_ROOT/sbin/initctl ]; then
+    sudo mv $TARGET_ROOT/sbin/initctl $TARGET_ROOT/sbin/initctl.REAL
+    sudo dd of=$TARGET_ROOT/sbin/initctl <<EOF
+#!/bin/sh
+echo "initctl (tripleo 1.0)"
+echo "Warning: Fake initctl called, doing nothing"
+EOF
+    sudo chmod 755 $TARGET_ROOT/sbin/initctl
+fi
+
+sudo dd of=$TARGET_ROOT/usr/sbin/policy-rc.d <<EOF
+#!/bin/sh
+# 101 Action not allowed. The requested action will not be performed because
+#     of runlevel or local policy constraints.
+exit 101
+EOF
+sudo chmod 755 $TARGET_ROOT/usr/sbin/policy-rc.d

devel/nodepool/elements/dpkg/root.d/99-shared_apt_cache

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+DIB_APT_LOCAL_CACHE=${DIB_APT_LOCAL_CACHE:-1}
+
+if [ $DIB_APT_LOCAL_CACHE = "0" ]; then
+    exit 0
+fi
+
+apt_cache_dir=$DIB_IMAGE_CACHE/apt/$DISTRO_NAME
+if [ ! -d $apt_cache_dir ]; then
+    mkdir -p $apt_cache_dir
+fi
+sudo mount --bind $apt_cache_dir $TARGET_ROOT/var/cache/apt/archives

devel/nodepool/elements/dpkg/root.d/99-trim-dpkg

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+[ -n "$TARGET_ROOT" ]
+
+# During image build, sync calls are expensive overhead
+echo 'force-unsafe-io' | sudo tee $TARGET_ROOT/etc/dpkg/dpkg.cfg.d/02apt-speedup > /dev/null
+
+# and remove the translations, too
+echo 'Acquire::Languages "none";' | sudo tee $TARGET_ROOT/etc/apt/apt.conf.d/no-languages > /dev/null

devel/nodepool/elements/k8s-prep/element-deps

@@ -0,0 +1 @@
+package-installs

devel/nodepool/elements/k8s-prep/install.d/10-jenkins

@@ -0,0 +1,37 @@
+#!/bin/bash
+set -x
+
+#add user
+useradd -s /bin/bash -m jenkins
+usermod jenkins -a -G sudo,docker,libvirtd
+
+#add pubkey
+mkdir /home/jenkins/.ssh
+cat > /home/jenkins/.ssh/authorized_keys <<EOF
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClT2iRC2/NyKxK+ZVHDMkAynwYBVOVeqABA4MBNecIXmlYEKpxT0uqKIOEFpeBxiune1saOeWdlqSlLRcM1uuVVLNZYMMY1Ys1iI46l+WKRFwuCrJM6eXiWllDCrG2rOhTodFW3LMFPRKat3uRL2pgeELEs2rwz0Jtx5ujcZ1Q4CJ8baQUXy0dn0Tul+8z02DGPttEJulM1GDtsHu1kXgadNFFbLZaoPMUqgxEv8uWV/vMM6c1lmDmwzEk4NV9CXedwg6GVgR9JvZ4sSuzAFOn7yDFJ9i6G2aGKaI+T6zdQtNAc5Qj9lx7YxeCEIXkIYl/6+Z2GaFqiV0jWFYe1JLR nodepool@nodepool01-scc.dev.mirantis.net
+# Jenkins pubkey todo
+#
+#
+EOF
+
+#known_hosts
+ssh-keyscan -p 29418 review.fuel-infra.org > /home/jenkins/.ssh/known_hosts
+
+chmod 600 /home/jenkins/.ssh/authorized_keys
+chmod 600 /home/jenkins/.ssh/known_hosts
+chown -R jenkins:jenkins /home/jenkins/
+
+#directory for nodepool metadata
+mkdir /etc/nodepool
+chown jenkins:jenkins /etc/nodepool
+
+#workaround for old paramiko on nodepool host
+cat >> /etc/ssh/sshd_config <<EOF
+Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,hmac-sha1
+KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1
+EOF
+
+#libvirt dir for E2E tests
+mkdir -p /var/lib/libvirt/images/kubernetes
+chown jenkins:jenkins /var/lib/libvirt/images/kubernetes

devel/nodepool/elements/k8s-prep/install.d/11-sudo

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -ex
+
+#passwordless sudo for a disposable slave
+cat > /etc/sudoers.d/jenkins <<EOF
+jenkins ALL=(ALL) NOPASSWD:ALL
+EOF

devel/nodepool/elements/k8s-prep/package-installs.yaml

@@ -0,0 +1,15 @@
+bridge-utils:
+build-essential:
+docker.io:
+git:
+golang:
+golang-race-detector-runtime:
+isc-dhcp-client:
+ifupdown:
+libvirt-bin:
+net-tools:
+openjdk-8-jre-headless:
+openssh-server:
+qemu-kvm:
+qemu-utils:
+ubuntu-vm-builder:

devel/nodepool/elements/k8s-prep/pre-install.d/01-ubuntu-apt-update

@@ -0,0 +1,39 @@
+#!/bin/bash
+# Copyright (c) 2014 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+#
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
+    set -x
+fi
+set -eu
+set -o pipefail
+
+DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://archive.ubuntu.com/ubuntu}
+
+# We should manage this in a betterer way
+cat << EOF >/etc/apt/sources.list
+deb $DIB_DISTRIBUTION_MIRROR $DIB_RELEASE main restricted universe
+deb $DIB_DISTRIBUTION_MIRROR $DIB_RELEASE-updates main restricted universe
+deb $DIB_DISTRIBUTION_MIRROR $DIB_RELEASE-backports main restricted universe
+deb $DIB_DISTRIBUTION_MIRROR $DIB_RELEASE-security main restricted universe
+EOF
+
+# Need to update to retrieve the signed Release file
+apt-get update
+
+apt-get clean
+apt-get dist-upgrade -y
+apt-get install -y python

devel/nodepool/elements/k8s-repos/element-deps

@@ -0,0 +1 @@
+source-repositories

devel/nodepool/elements/k8s-repos/source-repository-kubernetes

@@ -0,0 +1 @@
+kubernetes git /home/jenkins/kubernetes ssh://ng-repo-cacher@review.fuel-infra.org:29418/kubernetes/kubernetes

devel/nodepool/nodepool.yaml

@@ -0,0 +1,80 @@
+script-dir: /etc/nodepool/scripts
+elements-dir: /etc/nodepool/elements
+images-dir: /opt/nodepool_dib
+dburi: '{{ DBURI }}'
+
+#cron:
+#  cleanup: '*/1 * * * *'
+#  check: '*/15 * * * *'
+#  image-update: '14 14 * * *'
+
+zmq-publishers:
+  - tcp://ci01-dev.ng.mirantis.net:8888
+
+gearman-servers:
+  - host: zuul01-dev.ng.mirantis.net
+
+labels:
+  - name: ng-minimal
+    image: ng-ubuntu
+    min-ready: 5
+    providers:
+      - name: nextgen-ci01-dev
+  - name: k8s-xenial
+    image: k8s-xenial
+    min-ready: 5
+    providers:
+      - name: nextgen-ci01-dev
+
+providers:
+  - name: nextgen-ci01-dev
+    region-name: 'RegionOne'
+    service-type: 'compute'
+    service-name: 'nova'
+    username: '{{ PROVIDERS_USERNAME }}'
+    password: '{{ PROVIDERS_PASSWORD }}'
+    project-id: 'nextgen-ci-dev'
+    auth-url: 'https://horizon-us.ssl.mirantis.net:5000/v2.0'
+    boot-timeout: 120
+    max-servers: 10
+    rate: 0.001
+    #networks:
+    # - net-label: 'sandbox-net'
+    pool: 'ext_float'
+    images:
+      - name: ng-ubuntu
+        base-image: 'pub-ub14.04-64v2.qcow2'
+        setup: ng-slave.sh
+        username: jenkins
+        private-key: /var/lib/nodepool/.ssh/id_rsa
+        min-ram: 4096
+        name-filter: 'm1.medium'
+      - name: k8s-xenial
+        min-ram: 8192
+        diskimage: k8s-xenial
+        private-key: /var/lib/nodepool/.ssh/id_rsa
+        username: jenkins
+        name-filter: 'm1.large'
+
+targets:
+  - name: jenkins
+    jenkins:
+      url: 'https://jenkins.test.local'
+      user: '{{ TARGETS_USERNAME }}'
+      apikey: '{{ TARGETS_APIKEY }}'
+      credentials-id: '{{ TARGETS_CREDENTIALSID }}'
+
+diskimages:
+  - name: ng-minimal
+    elements:
+      - base
+      - ubuntu
+    release: trusty
+    qemu-img-options: compat=0.10
+  - name: k8s-xenial
+    elements:
+      - ubuntu
+      - vm
+      - k8s-prep
+      - k8s-repos
+    release: xenial

devel/nodepool/scripts/ng-slave.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+
+set -x
+
+source /etc/profile
+
+# Fix problem with hostname
+hostname $HOSTNAME
+if [ -n "$HOSTNAME" ] && ! grep -q $HOSTNAME /etc/hosts ; then
+    echo "127.0.1.1 $HOSTNAME" | tee -a /etc/hosts
+fi
+
+# ssh keys for root user TEMPORARY
+mkdir /root/.ssh
+cat > /root/.ssh/authorized_keys <<EOF
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClT2iRC2/NyKxK+ZVHDMkAynwYBVOVeqABA4MBNecIXmlYEKpxT0uqKIOEFpeBxiune1saOeWdlqSlLRcM1uuVVLNZYMMY1Ys1iI46l+WKRFwuCrJM6eXiWllDCrG2rOhTodFW3LMFPRKat3uRL2pgeELEs2rwz0Jtx5ujcZ1Q4CJ8baQUXy0dn0Tul+8z02DGPttEJulM1GDtsHu1kXgadNFFbLZaoPMUqgxEv8uWV/vMM6c1lmDmwzEk4NV9CXedwg6GVgR9JvZ4sSuzAFOn7yDFJ9i6G2aGKaI+T6zdQtNAc5Qj9lx7YxeCEIXkIYl/6+Z2GaFqiV0jWFYe1JLR nodepool
+EOF
+chmod 600 /root/.ssh/authorized_keys
+
+apt-get update
+apt-get dist-upgrade -y
+apt-get install puppet puppet-common -y
+
+exit 0
+
+# puppet part!
+echo "puppet part!"
+LOG_FILE="/var/log/firstboot.log"
+touch "${LOG_FILE}"
+chown root:root "${LOG_FILE}"
+chmod 400 "${LOG_FILE}"
+# stoppping puppet agent if running
+service puppet stop
+if pgrep puppet; then
+  pkill puppet
+  sleep 5
+  pkill -9 puppet
+fi
+puppet agent --enable
+PUPPET_CMD="puppet agent \
+        --debug \
+        --verbose \
+        --onetime \
+        --no-daemonize \
+        --show_diff"
+PUPPET_MASTER="puppet.fuel-infra.org"
+export FACTER_ROLE="nextgen_slave"
+export FACTER_LOCATION="scc"
+# if autosign is set it would apply manifests
+timeout 30m $PUPPET_CMD --server "${PUPPET_MASTER}" 2>&1 | tee -a "${LOG_FILE}"
+exit_code=$?
+# Because we running with set -x we'll see this regex in $LOG_FILE
+# so 'E[x]iting' with '[x]' is a hack to find this text from puppet
+if grep 'E[x]iting; no certificate found and waitforcert is disabled' "${LOG_FILE}"; then
+  timeout 30m $PUPPET_CMD --waitforcert 180 --server "${PUPPET_MASTER}" | tee -a "${LOG_FILE}"
+  exit_code=$?
+fi
+rm -rf /var/lib/puppet/ssl/*
+echo "Puppet exit code was: $exit_code"
+if [[ ${exit_code} -eq 0 ]]; then
+  reboot
+fi
+
+exit ${exit_code}

devel/zuul/layout.yaml

@@ -0,0 +1,85 @@
+pipelines:
+  - name: check
+    description: Verify new patchset
+    success-message: Build succeeded
+    failure-message: Build failed
+    manager: IndependentPipelineManager
+    source: gerrit
+    precedence: normal
+    require:
+      open: True
+      current-patchset: True
+    trigger:
+      gerrit:
+        - event: patchset-created
+        - event: comment-added
+          comment: (?i)^(Patch Set [0-9]+:)?( [\w\\+-]*)*(\n\n)?\s*(recheck|reverify)
+    start:
+      gerrit:
+        verified: 0
+    success:
+      gerrit:
+        verified: 1
+    failure:
+      gerrit:
+        verfied: -1
+
+  - name: gate
+    description: Test after verifed and workflow
+    success-message: Build succeded
+    failure-message: Build failed
+    manager: DependentPipelineManager
+    source: gerrit
+    precedence: high
+    require:
+      open: True
+      current-patchset: True
+      approval:
+        - verified: [1,2]
+          username: nextgen-ci01-dev
+        - workflow: 1
+        - code-review: 2
+    trigger:
+      gerrit:
+        - event: comment-added
+          approval:
+            - workflow: 1
+        - event: comment-added
+          approval:
+            - verified: 1
+              username: nextgen-ci01-dev
+    start:
+      gerrit:
+        verified: 0
+    success:
+      gerrit:
+        verified: 2
+        submit: true
+    failure:
+      gerrit:
+        verfied: -2
+
+  - name: post
+    description: Job run after merge
+    manager: IndependentPipelineManager
+    source: gerrit
+    precedence: low
+    trigger:
+      gerrit:
+        - event: ref-updated
+          ref: ^(?!refs/).*$
+
+project-templates:
+  - name: verify-tox
+    check:
+      - 'verify-tox-pep8'
+      - 'verify-tox-py27'
+
+projects:
+  - name: nextgen/project-config
+    check:
+      - verify-jjb-project-config
+    gate:
+      - verify-jjb-project-config
+    post:
+      - update-jenkins-jobs