From 2ff7343c11aad93d1d6e00c9bb8ac316d9320227 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 28 Sep 2019 13:09:31 +0200 Subject: Jenkins: import Pipeline from vyos-1x commit bd00ec7 --- Jenkinsfile | 252 +++++++++++++++++++++++++++++++++++------------------------- 1 file changed, 148 insertions(+), 104 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 563ead2..20eb253 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,119 +1,163 @@ -pipeline { - agent none - stages { - stage('build-package') { - parallel { - stage('Build package amd64') { - agent { - docker { - label 'jessie-amd64' - args '--privileged --sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=1006 -e GOSU_GID=1006 -v /tmp:/tmp' - image 'higebu/vyos-build:current' - } +// Copyright (C) 2019 VyOS maintainers and contributors +// +// This program is free software; you can redistribute it and/or modify +// in order to easy exprort images built to "external" world +// it under the terms of the GNU General Public License version 2 or later as +// published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +@NonCPS + +def getGitBranchName() { + def branch = scm.branches[0].name + return branch.split('/')[-1] +} + +def getGitRepoURL() { + return scm.userRemoteConfigs[0].url +} + +def getGitRepoName() { + return getGitRepoURL().split('/').last() +} + +// Returns true if this is a custom build launched on any project fork. +// Returns false if this is build from git@github.com:vyos/. +// can be e.g. vyos-1x.git or vyatta-op.git +def isCustomBuild() { + // GitHub organisation base URL + def gitURI = 'git@github.com:vyos/' + getGitRepoName() + def httpURI = 'https://github.com/vyos/' + getGitRepoName() + + return ! ((getGitRepoURL() == gitURI) || (getGitRepoURL() == httpURI)) +} + +def setDescription() { + def item = Jenkins.instance.getItemByFullName(env.JOB_NAME) + + // build up the main description text + def description = "" + description += "

VyOS individual package build: " + getGitRepoName().replace('.git', '') + "

" + + if (isCustomBuild()) { + description += "

" + description += "Build not started from official Git repository!
" + description += "
" + description += "Repository: " + getGitRepoURL() + "
" + description += "Branch: " + getGitBranchName() + "
" + description += "

" + } else { + description += "Sources taken from Git branch: " + getGitBranchName() + "
" + } + + item.setDescription(description) + item.save() +} + +/* Only keep the 10 most recent builds. */ +def projectProperties = [ + [$class: 'BuildDiscarderProperty',strategy: [$class: 'LogRotator', numToKeepStr: '10']], +] + +properties(projectProperties) +setDescription() - } - steps { - sh '''#!/bin/bash -git clone --single-branch --branch $GIT_BRANCH $GIT_URL $BUILD_NUMBER -cd $BUILD_NUMBER -sudo apt-get -o Acquire::Check-Valid-Until=false update -sudo mk-build-deps -i -r -t \'apt-get --no-install-recommends -yq\' debian/control -dpkg-buildpackage -b -us -uc -tc -mkdir -p /tmp/$GIT_BRANCH/packages/script -mv ../*.deb /tmp/$GIT_BRANCH/packages/''' - } +pipeline { + agent { + docker { + args '--sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=1006 -e GOSU_GID=1006' + image 'vyos/vyos-build:current' } - stage('Build package armhf') { - agent { - docker { - label 'jessie-amd64' - image 'vyos-build-armhf:current' - args '--privileged --sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=1006 -e GOSU_GID=1006 -v /tmp:/tmp' + } + options { + disableConcurrentBuilds() + skipDefaultCheckout() + timeout(time: 30, unit: 'MINUTES') + timestamps() + } + stages { + stage('Fetch') { + steps { + script { + dir('build') { + git branch: getGitBranchName(), url: getGitRepoURL() + } + } } - - } - steps { - sh '''#!/bin/bash -git clone --single-branch --branch $GIT_BRANCH $GIT_URL $BUILD_NUMBER -cd $BUILD_NUMBER -sudo apt-get -o Acquire::Check-Valid-Until=false update -sudo mk-build-deps -i -r -t \'apt-get --no-install-recommends -yq\' debian/control -dpkg-buildpackage -b -us -uc -tc -mkdir -p /tmp/$GIT_BRANCH/packages/script -mv ../*.deb /tmp/$GIT_BRANCH/packages/''' - } } - stage('Build package arm64') { - agent { - docker { - label 'jessie-amd64' - args '--privileged --sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=1006 -e GOSU_GID=1006 -v /tmp:/tmp' - image 'vyos-build-arm64:current' + stage('Build') { + steps { + script { + dir('build') { + sh "dpkg-buildpackage -b -us -uc -tc" + } + } } - - } - steps { - sh '''#!/bin/bash -git clone --single-branch --branch $GIT_BRANCH $GIT_URL $BUILD_NUMBER -cd $BUILD_NUMBER -sudo apt-get -o Acquire::Check-Valid-Until=false update -sudo mk-build-deps -i -r -t \'apt-get --no-install-recommends -yq\' debian/control -dpkg-buildpackage -b -us -uc -tc -mkdir -p /tmp/$GIT_BRANCH/packages/script -mv ../*.deb /tmp/$GIT_BRANCH/packages/''' - } } - } } - stage('Deploy packages') { - agent { - node { - label 'jessie-amd64' + post { + cleanup { + deleteDir() } + success { + script { + // archive *.deb artifact on custom builds, deploy to repo otherwise + if ( isCustomBuild()) { + archiveArtifacts artifacts: '*.deb', fingerprint: true + } else { + // publish build result, using SSH-dev.packages.vyos.net Jenkins Credentials + sshagent(['SSH-dev.packages.vyos.net']) { + // build up some fancy groovy variables so we do not need to write/copy + // every option over and over again! - } - steps { - sh '''#!/bin/bash -cd /tmp/$GIT_BRANCH/packages/script -/var/lib/vyos-build/pkg-build.sh $GIT_BRANCH''' - } - } - stage('Cleanup') { - parallel { - stage('Cleanup amd64') { - agent { - node { - label 'jessie-amd64' - } + def VYOS_REPO_PATH = '/home/sentrium/web/dev.packages.vyos.net/public_html/repositories/' + getGitBranchName() + '/' + if (getGitBranchName() != "equuleus") + VYOS_REPO_PATH += 'vyos/' - } - steps { - cleanWs(cleanWhenAborted: true, cleanWhenFailure: true, cleanWhenNotBuilt: true, cleanWhenSuccess: true, cleanWhenUnstable: true, cleanupMatrixParent: true, deleteDirs: true, disableDeferredWipeout: true) - } - } - stage('Cleanup armhf') { - agent { - node { - label 'jessie-amd64' - } + def SSH_OPTS = '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=ERROR' + def SSH_REMOTE = 'khagen@10.217.48.113' - } - steps { - cleanWs(cleanWhenAborted: true, cleanWhenFailure: true, cleanWhenNotBuilt: true, cleanWhenSuccess: true, cleanWhenUnstable: true, cleanupMatrixParent: true, deleteDirs: true, disableDeferredWipeout: true) - } - } - stage('Cleanup arm64') { - agent { - node { - label 'jessie-amd64' - } + echo "Uploading package(s) and updating package(s) in the repository ..." + + files = findFiles(glob: '*.deb') + files.each { PACKAGE -> + def RELEASE = getGitBranchName() + def ARCH = sh(returnStdout: true, script: "dpkg-deb -f ${PACKAGE} Architecture").trim() + def SUBSTRING = sh(returnStdout: true, script: "dpkg-deb -f ${PACKAGE} Package").trim() + def SSH_DIR = '~/VyOS/' + RELEASE + '/' + ARCH + def ARCH_OPT = '' + if (ARCH != 'all') + ARCH_OPT = '-A ' + ARCH - } - steps { - cleanWs(cleanWhenAborted: true, cleanWhenFailure: true, cleanWhenNotBuilt: true, cleanWhenSuccess: true, cleanWhenUnstable: true, cleanupMatrixParent: true, deleteDirs: true, disableDeferredWipeout: true) - } + // No need to explicitly check the return code. The pipeline + // will fail if sh returns a non 0 exit code + sh """ + ssh ${SSH_OPTS} ${SSH_REMOTE} -t "bash --login -c 'mkdir -p ${SSH_DIR}'" + """ + sh """ + scp ${SSH_OPTS} ${PACKAGE} ${SSH_REMOTE}:${SSH_DIR}/ + """ + sh """ + ssh ${SSH_OPTS} ${SSH_REMOTE} -t "uncron-add 'reprepro -v -b ${VYOS_REPO_PATH} ${ARCH_OPT} remove ${RELEASE} ${SUBSTRING}'" + """ + sh """ + ssh ${SSH_OPTS} ${SSH_REMOTE} -t "uncron-add 'reprepro -v -b ${VYOS_REPO_PATH} deleteunreferenced'" + """ + sh """ + ssh ${SSH_OPTS} ${SSH_REMOTE} -t "uncron-add 'reprepro -v -b ${VYOS_REPO_PATH} ${ARCH_OPT} includedeb ${RELEASE} ${SSH_DIR}/${PACKAGE}'" + """ + } + } + } + } } - } } - } } + -- cgit v1.2.3 From 495c59a20cf35aeb5449f9166859f823c0ab08a7 Mon Sep 17 00:00:00 2001 From: DmitriyEshenko Date: Thu, 31 Oct 2019 07:45:34 +0000 Subject: T1780 Adding IPSec IKE close-action --- scripts/vpn-config.pl | 8 ++++++++ templates/vpn/ipsec/ike-group/node.tag/close-action/node.def | 8 ++++++++ 2 files changed, 16 insertions(+) create mode 100644 templates/vpn/ipsec/ike-group/node.tag/close-action/node.def diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index d68e419..369e568 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -810,6 +810,14 @@ if ($vcVPN->exists('ipsec')) { $genout .= "\tdpdaction=$dpd_action\n"; } + # + # Check for closeaction + # + my $close_act = $vcVPN->returnValue("ipsec ike-group $ike_group close-action"); + if (defined($close_act)) { + $genout .= "\tcloseaction=$close_act\n"; + } + # # Allow the user for force UDP encapsulation for the ESP # payload. diff --git a/templates/vpn/ipsec/ike-group/node.tag/close-action/node.def b/templates/vpn/ipsec/ike-group/node.tag/close-action/node.def new file mode 100644 index 0000000..0c05c21 --- /dev/null +++ b/templates/vpn/ipsec/ike-group/node.tag/close-action/node.def @@ -0,0 +1,8 @@ +help: Action if the remote peer unexpectedly closes a CHILD_SA +type: txt +default: "none" +syntax:expression: $VAR(@) in "none","hold", "clear", "restart"; "must be none, hold clear, or restart" +val_help: none; Set action to none (default) +val_help: hold; Set action to hold +val_help: clear; Set action to clear +val_help: restart; Set action to restart -- cgit v1.2.3 From 69678925f5383f0087b0c764e272b6c2ff25f4bd Mon Sep 17 00:00:00 2001 From: DmitriyEshenko Date: Thu, 5 Dec 2019 12:45:23 +0000 Subject: dmvpn: T1784: Run ipsec-settings before DMVPN --- templates/vpn/node.def | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/templates/vpn/node.def b/templates/vpn/node.def index cfb0e64..311f59d 100644 --- a/templates/vpn/node.def +++ b/templates/vpn/node.def @@ -5,9 +5,8 @@ end: sudo /opt/vyatta/sbin/vyatta-vti-config.pl || exit 1 --config_file='/etc/ipsec.conf' \ --secrets_file='/etc/ipsec.secrets' \ --init_script='/etc/init.d/ipsec' || exit 1 + sudo ${vyos_conf_scripts_dir}/ipsec-settings.py || exit 1 sudo /opt/vyatta/sbin/dmvpn-config.pl \ --config_file='/etc/swanctl/swanctl.conf' \ --init_script='/etc/init.d/ipsec' || exit 1 sudo /opt/vyatta/sbin/vyos-update-nhrp.pl --set_ipsec || exit 1 - sudo ${vyos_conf_scripts_dir}/ipsec-settings.py || exit 1 -# sudo /opt/vyatta/sbin/vyatta-update-l2tp.pl || exit 1 -- cgit v1.2.3