From 53faf39ed15bc352e611d06a869c5b7380f84168 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 4 Jan 2019 10:26:02 +0100 Subject: CI/CD: Build VyOS submodules from source --- Jenkinsfile | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 122 insertions(+), 1 deletion(-) (limited to 'Jenkinsfile') diff --git a/Jenkinsfile b/Jenkinsfile index d46fdcbf..6db29fea 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -21,7 +21,7 @@ pipeline { dockerfile { filename 'Dockerfile' label 'jessie-amd64' - args '--privileged' + args '--privileged --sysctl net.ipv6.conf.lo.disable_ipv6=0' } } @@ -31,6 +31,126 @@ pipeline { sh './configure --build-by="autobuild@vyos.net" --debian-mirror="http://ftp.us.debian.org/debian/"' } } + stage('Init Submodules') { + environment { + // there values are exportesd to all commands in this stage + GIT_BRANCH_PACKAGE = "current" + GIT_BRANCH_KERNEL = "linux-vyos-4.19.y" + } + steps { + parallel ( + "mdns-repeater": { + sh ''' + git submodule update --init packages/mdns-repeater + cd packages/mdns-repeater + git checkout $GIT_BRANCH_PACKAGE + ''' + }, + "pmacct": { + sh ''' + git submodule update --init packages/pmacct + cd packages/pmacct + git checkout $GIT_BRANCH_PACKAGE + ''' + }, + "udp-broadcast-relay": { + sh ''' + git submodule update --init packages/udp-broadcast-relay + cd packages/udp-broadcast-relay + git checkout $GIT_BRANCH_PACKAGE + ''' + }, + "vyatta-bash": { + sh ''' + git submodule update --init packages/vyatta-bash + cd packages/vyatta-bash + git checkout $GIT_BRANCH_PACKAGE + ''' + }, + "vyatta-cfg": { + sh ''' + git submodule update --init packages/vyatta-cfg + cd packages/vyatta-cfg + git checkout $GIT_BRANCH_PACKAGE + ''' + }, + "vyatta-cfg-firewall": { + sh ''' + git submodule update --init packages/vyatta-cfg-firewall + cd packages/vyatta-cfg-firewall + git checkout $GIT_BRANCH_PACKAGE + ''' + }, + "vyatta-cfg-op-pppoe": { + sh ''' + git submodule update --init packages/vyatta-cfg-op-pppoe + cd packages/vyatta-cfg-op-pppoe + git checkout $GIT_BRANCH_PACKAGE + ''' + }, + "vyatta-cfg-qos": { + sh ''' + git submodule update --init packages/vyatta-cfg-qos + cd packages/vyatta-cfg-qos + git checkout $GIT_BRANCH_PACKAGE + ''' + }, + "vyatta-cfg-quagga": { + sh ''' + git submodule update --init packages/vyatta-cfg-quagga + cd packages/vyatta-cfg-quagga + git checkout $GIT_BRANCH_PACKAGE + ''' + }, + "vyatta-cfg-system": { + sh ''' + git submodule update --init packages/vyatta-cfg-system + cd packages/vyatta-cfg-system + git checkout $GIT_BRANCH_PACKAGE + ''' + }, + "vyatta-cfg-vpn": { + sh ''' + git submodule update --init packages/vyatta-cfg-vpn + cd packages/vyatta-cfg-vpn + git checkout $GIT_BRANCH_PACKAGE + ''' + }, + "vyos-kernel": { + sh ''' + git submodule update --init packages/vyos-kernel + cd packages/vyos-kernel + git checkout $GIT_BRANCH_KERNEL + ''' + }, + "vyos-wireguard": { + sh ''' + git submodule update --init packages/vyos-wireguard + cd packages/vyos-wireguard + git checkout $GIT_BRANCH_PACKAGE + ''' + }, + "vyos-accel-ppp": { + sh ''' + git submodule update --init packages/vyos-accel-ppp + cd packages/vyos-accel-ppp + git checkout $GIT_BRANCH_PACKAGE + ''' + } + ) + } + } + stage('Build Packages') { + steps { + sh 'scripts/build-submodules' + } + } + stage('Show Dir') { + steps { + sh 'ls -al' + sh 'ls -al packages' + } + } stage('Build ISO') { steps { sh 'sudo make iso' @@ -44,6 +164,7 @@ pipeline { // change build dir file permissions so wen can cleanup as regular // user (jenkins) afterwards sh 'sudo chmod -R 777 .' + echo 'No cleanup for now ....' deleteDir() /* cleanup our workspace */ } } -- cgit v1.2.3 From d0d363186d180f9d16d0d33983e088726214f25d Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 6 Jan 2019 11:29:44 +0100 Subject: CI/CD: extend error reporting for Jenkins builds --- Jenkinsfile | 6 +----- scripts/build-submodules | 11 +++++++---- 2 files changed, 8 insertions(+), 9 deletions(-) (limited to 'Jenkinsfile') diff --git a/Jenkinsfile b/Jenkinsfile index 6db29fea..37bdeeee 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -145,14 +145,10 @@ pipeline { sh 'scripts/build-submodules' } } - stage('Show Dir') { + stage('Build ISO') { steps { sh 'ls -al' sh 'ls -al packages' - } - } - stage('Build ISO') { - steps { sh 'sudo make iso' } } diff --git a/scripts/build-submodules b/scripts/build-submodules index 43568cfd..294f5404 100755 --- a/scripts/build-submodules +++ b/scripts/build-submodules @@ -1,5 +1,5 @@ -#!/bin/bash -#set -x +#!/bin/bash + if [ ! -d "packages" ]; then echo "This script needs to be executed inside the top root of vyos-build" exit 1 @@ -13,7 +13,7 @@ if [ "$1" == "-h" ] || [ "$1" == "--help" ]; then echo "or from the vyos-builder docker container" echo "docker instructions" echo "Build the container:" - echo " docker build -t vyos-builder ." + echo " docker build -t vyos-builder ." echo "Compile packages:" echo " docker run --rm -it -v $(pwd):/vyos -w /vyos --sysctl net.ipv6.conf.lo.disable_ipv6=0 vyos-builder scripts/build-docker-subpaclages" fi @@ -112,6 +112,7 @@ if [ -f "packages/vyos-kernel/Makefile" ]; then bash -c '../../scripts/build-kernel' >$PKGDIR/vyos-kernel.buildlog 2>&1 if [ $? -ne 0 ]; then status_fail + cat $PKGDIR/vyos-kernel.buildlog error_msg "Failed to build package vyos-kernel, look in vyos-kernel.buildlog to examine the fault\n" else VERSION=$(grep "^VERSION" Makefile | grep -Eo '[0-9]{1,4}') @@ -142,6 +143,7 @@ if [ -d "packages/vyos-wireguard/debian" ]; then bash -c 'KERNELDIR=/vyos/packages/vyos-kernel dpkg-buildpackage -uc -us -tc -b' >$PKGDIR/vyos-wireguard.buildlog 2>&1 if [ $? -ne 0 ]; then status_fail + cat $PKGDIR/vyos-wireguard.buildlog error_msg "Failed to build package vyos-wireguard, look in vyos-wireguard.buildlog to examine the fault\n" else status_ok @@ -154,7 +156,7 @@ if [ -d "packages/vyos-wireguard/debian" ]; then else seeor_msg "Something wrong with the kernel module?" fi -else +else status_skip "No source for: vyos-wireguard" fi @@ -175,6 +177,7 @@ if [ -d "packages/vyos-accel-ppp/debian" ]; then KERNELDIR=$PKGDIR/vyos-kernel dpkg-buildpackage -uc -us -tc -b >$PKGDIR/vyos-accel-ppp.buildlog 2>&1 if [ $? -ne 0 ]; then status_fail + cat $PKGDIR/vyos-accel-ppp.buildlog error_msg "Failed to build package vyos-accel-ppp, look in vyos-accel-ppp.buildlog to examine the fault\n" else status_ok -- cgit v1.2.3 From 21becfd719541206c22be2459dd10448172d6c37 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 6 Jan 2019 17:42:52 +0100 Subject: CI/CD: Update all submodules to latest HEAD Update all registered submodules to the latest HEAD revision of its configured branch in .gitmodules # --- Jenkinsfile | 1 + 1 file changed, 1 insertion(+) (limited to 'Jenkinsfile') diff --git a/Jenkinsfile b/Jenkinsfile index 37bdeeee..6151fb72 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -142,6 +142,7 @@ pipeline { } stage('Build Packages') { steps { + sh 'git submodule update --remote' sh 'scripts/build-submodules' } } -- cgit v1.2.3 From 88c8b3440bd4e4a31ca86cd5d6e8d23bbc0684e7 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 6 Jan 2019 17:52:52 +0100 Subject: CI/CD: add verbose output option to for 'build-submodules' script --- Jenkinsfile | 129 +++++------------------------------------------ scripts/build-submodules | 27 +++++++--- 2 files changed, 32 insertions(+), 124 deletions(-) (limited to 'Jenkinsfile') diff --git a/Jenkinsfile b/Jenkinsfile index 6151fb72..611777cc 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -26,131 +26,28 @@ pipeline { } stages { - stage('Configure') { + stage('Submodule Init') { steps { - sh './configure --build-by="autobuild@vyos.net" --debian-mirror="http://ftp.us.debian.org/debian/"' - } - } - stage('Init Submodules') { - environment { - // there values are exportesd to all commands in this stage - GIT_BRANCH_PACKAGE = "current" - GIT_BRANCH_KERNEL = "linux-vyos-4.19.y" - } - steps { - parallel ( - "mdns-repeater": { - sh ''' - git submodule update --init packages/mdns-repeater - cd packages/mdns-repeater - git checkout $GIT_BRANCH_PACKAGE - ''' - }, - "pmacct": { - sh ''' - git submodule update --init packages/pmacct - cd packages/pmacct - git checkout $GIT_BRANCH_PACKAGE - ''' - }, - "udp-broadcast-relay": { - sh ''' - git submodule update --init packages/udp-broadcast-relay - cd packages/udp-broadcast-relay - git checkout $GIT_BRANCH_PACKAGE - ''' - }, - "vyatta-bash": { - sh ''' - git submodule update --init packages/vyatta-bash - cd packages/vyatta-bash - git checkout $GIT_BRANCH_PACKAGE - ''' - }, - "vyatta-cfg": { - sh ''' - git submodule update --init packages/vyatta-cfg - cd packages/vyatta-cfg - git checkout $GIT_BRANCH_PACKAGE - ''' - }, - "vyatta-cfg-firewall": { - sh ''' - git submodule update --init packages/vyatta-cfg-firewall - cd packages/vyatta-cfg-firewall - git checkout $GIT_BRANCH_PACKAGE - ''' - }, - "vyatta-cfg-op-pppoe": { - sh ''' - git submodule update --init packages/vyatta-cfg-op-pppoe - cd packages/vyatta-cfg-op-pppoe - git checkout $GIT_BRANCH_PACKAGE - ''' - }, - "vyatta-cfg-qos": { - sh ''' - git submodule update --init packages/vyatta-cfg-qos - cd packages/vyatta-cfg-qos - git checkout $GIT_BRANCH_PACKAGE - ''' - }, - "vyatta-cfg-quagga": { - sh ''' - git submodule update --init packages/vyatta-cfg-quagga - cd packages/vyatta-cfg-quagga - git checkout $GIT_BRANCH_PACKAGE - ''' - }, - "vyatta-cfg-system": { - sh ''' - git submodule update --init packages/vyatta-cfg-system - cd packages/vyatta-cfg-system - git checkout $GIT_BRANCH_PACKAGE - ''' - }, - "vyatta-cfg-vpn": { - sh ''' - git submodule update --init packages/vyatta-cfg-vpn - cd packages/vyatta-cfg-vpn - git checkout $GIT_BRANCH_PACKAGE - ''' - }, - "vyos-kernel": { - sh ''' - git submodule update --init packages/vyos-kernel - cd packages/vyos-kernel - git checkout $GIT_BRANCH_KERNEL - ''' - }, - "vyos-wireguard": { - sh ''' - git submodule update --init packages/vyos-wireguard - cd packages/vyos-wireguard - git checkout $GIT_BRANCH_PACKAGE - ''' - }, - "vyos-accel-ppp": { - sh ''' - git submodule update --init packages/vyos-accel-ppp - cd packages/vyos-accel-ppp - git checkout $GIT_BRANCH_PACKAGE - ''' - } - ) + sh ''' + git submodule update --init --recursive + git submodule update --remote + ''' } } stage('Build Packages') { steps { - sh 'git submodule update --remote' - sh 'scripts/build-submodules' + sh 'scripts/build-submodules --verbose' } } stage('Build ISO') { steps { - sh 'ls -al' - sh 'ls -al packages' - sh 'sudo make iso' + sh ''' + #!/bin/sh + ./configure --build-by="autobuild@vyos.net" --debian-mirror="http://ftp.us.debian.org/debian/" + ls -al + ls -al packages + sudo make iso + ''' } } } diff --git a/scripts/build-submodules b/scripts/build-submodules index 3a7ea3a5..ae9d131c 100755 --- a/scripts/build-submodules +++ b/scripts/build-submodules @@ -5,7 +5,6 @@ if [ ! -d "packages" ]; then exit 1 fi - print_help() { echo "Script for building all subpackages to vyos" echo "Execute this sctipt from the root of the vyos-build directory" @@ -20,6 +19,7 @@ print_help() { echo "" echo "Parameters:" echo " --init-packages - Initiate all subpackages before building" + echo " --verbose|-v - Enable verbose output" } while test $# -gt 0 @@ -32,6 +32,9 @@ do --init-packages) INIT_PACKAGES=1 ;; + --verbose|-v) + VERBOSE=1 + ;; *) (>&2 echo "Error: Argument $1 is not valid") echo "" @@ -42,24 +45,23 @@ do shift done - status_start() { -echo -ne "[ ] $1" + echo -ne "[ ] $1" } status_ok() { -echo -ne "\r[\e[32m OK \e[39m]\n" + echo -ne "\r[\e[32m OK \e[39m]\n" } status_fail() { -echo -ne "\r[\e[31mFAIL\e[39m]\n" + echo -ne "\r[\e[31mFAIL\e[39m]\n" } status_skip() { -echo -ne "\r[SKIP] $1\n" + echo -ne "\r[SKIP] $1\n" } error_msg() { -echo -ne " $1\n" + echo -ne " $1\n" } ROOTDIR="$(pwd)" PKGDIR="$(pwd)/packages" @@ -170,9 +172,13 @@ build_kernel() { ) if [ $? -ne 0 ]; then status_fail + if [ $VERBOSE ]; then + cat $PKGDIR/vyos-kernel.buildlog + fi error_msg "Failed to build package vyos-kernel, look in vyos-kernel.buildlog to examine the fault\n" return 1 fi + VERSION=$(grep "^VERSION" Makefile | grep -Eo '[0-9]{1,4}') PATCHLEVEL=$(grep "^PATCHLEVEL" Makefile | grep -Eo '[0-9]{1,4}') SUBLEVEL=$(grep "^SUBLEVEL" Makefile | grep -Eo '[0-9]{1,4}') @@ -216,6 +222,9 @@ build_wireguard() { ) if [ $? -ne 0 ]; then status_fail + if [ $VERBOSE ]; then + cat $PKGDIR/vyos-wireguard.buildlog + fi error_msg "Failed to build package vyos-wireguard, look in vyos-wireguard.buildlog to examine the fault\n" return 2 fi @@ -249,13 +258,15 @@ build_accel-ppp() { ( set -e pushd packages/vyos-accel-ppp > /dev/null - #echo "src/wireguard.ko /lib/modules/$VERSION.$PATCHLEVEL.$SUBLEVEL-$ARCH-vyos/extra" > debian/wireguard-modules.install echo "lib/modules/$VERSION.$PATCHLEVEL.$SUBLEVEL-$ARCH-vyos/extra/*.ko" > debian/vyos-accel-ppp-ipoe-kmod.install sed -i "s#[0-9].[0-9][0-9].[0-9]-amd64-vyos#$VERSION.$PATCHLEVEL.$SUBLEVEL-$ARCH-vyos#g" debian/rules KERNELDIR=$PKGDIR/vyos-kernel dpkg-buildpackage -uc -us -tc -b >$PKGDIR/vyos-accel-ppp.buildlog 2>&1 ) if [ $? -ne 0 ]; then status_fail + if [ $VERBOSE ]; then + cat $PKGDIR/vyos-accel-ppp.buildlog + fi error_msg "Failed to build package vyos-accel-ppp, look in vyos-accel-ppp.buildlog to examine the fault\n" return 1 fi -- cgit v1.2.3 From 041bc80e71c3c700ff0c01702d9ffd0885d2b75b Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 11 Jan 2019 07:31:05 +0100 Subject: CI/CD: Improve 'goso' handling for Docker and Jenkins * Inside the container user can call 'sudo' without password * Added Docker environment variables to controll the 'gosu' UID/GID --- Dockerfile | 13 +++++-------- Jenkinsfile | 5 ++--- scripts/docker-entrypoint.sh | 33 ++++++++++++++++++++++----------- 3 files changed, 29 insertions(+), 22 deletions(-) (limited to 'Jenkinsfile') diff --git a/Dockerfile b/Dockerfile index 4c66a15a..a76dc8b7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -123,7 +123,7 @@ RUN apt-get update && apt-get install -y \ liblua5.1-dev # Packages needed for vyos-frr -RUN sudo apt-get update && sudo apt-get install -y \ +RUN apt-get update && apt-get install -y \ texinfo \ imagemagick \ groff \ @@ -156,12 +156,9 @@ RUN export LATEST="$(curl -s https://checkpoint-api.hashicorp.com/v1/check/packe curl -K- | gzip -d > /usr/bin/packer && \ chmod +x /usr/bin/packer -COPY scripts/docker-entrypoint.sh /usr/local/bin/ -# Create vyos_bld user account and enable sudo -#RUN useradd -ms /bin/bash -u 1006 --gid users vyos_bld && \ -# usermod -aG sudo vyos_bld && \ -# echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers +# Allow password-less 'sudo' for all users in group 'sudo' +RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \ + chmod a+s /usr/sbin/useradd /usr/sbin/gosu /usr/sbin/usermod -#USER vyos_bld -#WORKDIR /home/vyos_bld +COPY scripts/docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/Jenkinsfile b/Jenkinsfile index 611777cc..3406e606 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -21,7 +21,7 @@ pipeline { dockerfile { filename 'Dockerfile' label 'jessie-amd64' - args '--privileged --sysctl net.ipv6.conf.lo.disable_ipv6=0' + args '--privileged --sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=1006 -e GOSU_GID=1006' } } @@ -44,8 +44,7 @@ pipeline { sh ''' #!/bin/sh ./configure --build-by="autobuild@vyos.net" --debian-mirror="http://ftp.us.debian.org/debian/" - ls -al - ls -al packages + ls -al packages/*.deb sudo make iso ''' } diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh index 7520a8d9..845cb2ff 100755 --- a/scripts/docker-entrypoint.sh +++ b/scripts/docker-entrypoint.sh @@ -1,17 +1,28 @@ #!/bin/bash - set -e -# Use GOSU_USER if its specified, else wirking dir user -if [ -n "$GOSU_USER" ]; then - ID=$GOSU_USER -else - ID=$(stat -c "%u:%g" .) +USER_NAME="vyos_bld" +NEW_UID=$(stat -c "%u" .) +NEW_GID=$(stat -c "%g" .) + +# Change effective UID to the one specified via "-e GOSU_UID=`id -u $USER`" +if [ -n "$GOSU_UID" ]; then + NEW_UID=$GOSU_UID fi -# Don't use GOSU if we are root -if [ ! "$ID" = "0:0" ]; then - exec gosu $ID "$@" -else - exec "$@" +# Change effective UID to the one specified via "-e GOSU_GID=`id -g $USER`" +if [ -n "$GOSU_GID" ]; then + NEW_GID=$GOSU_GID fi + +# Notify user about selected UID/GID +echo "Current UID/GID: $NEW_UID/$NEW_GID" + +# Create user called "docker" with selected UID +useradd --shell /bin/bash -u $NEW_UID -g $NEW_GID -o -m $USER_NAME +usermod -aG sudo $USER_NAME +sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME +export HOME=/home/$USER_NAME + +# Execute process +exec /usr/sbin/gosu $USER_NAME "$@" -- cgit v1.2.3 From 4004496e89d2a27cfb4cc3a87253dd9dac54e160 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 11 Jan 2019 09:15:33 +0100 Subject: Docker build files for entrypoint and UIDs --- Dockerfile | 164 ------------------------------------------- Jenkinsfile | 1 + docker/Dockerfile | 164 +++++++++++++++++++++++++++++++++++++++++++ docker/entrypoint.sh | 27 +++++++ scripts/docker-entrypoint.sh | 28 -------- 5 files changed, 192 insertions(+), 192 deletions(-) delete mode 100644 Dockerfile create mode 100644 docker/Dockerfile create mode 100755 docker/entrypoint.sh delete mode 100755 scripts/docker-entrypoint.sh (limited to 'Jenkinsfile') diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index a76dc8b7..00000000 --- a/Dockerfile +++ /dev/null @@ -1,164 +0,0 @@ -# Must be run with --privileged flag -# Recommended to run the container with a volume mapped -# in order to easy exprort images built to "external" world -FROM debian:jessie - -RUN echo 'deb http://ftp.debian.org/debian jessie-backports main' | tee -a /etc/apt/sources.list &&\ - apt-get update && apt-get install -y \ - gosu \ - vim \ - git \ - make \ - sudo \ - locales \ - live-build \ - pbuilder \ - devscripts \ - python3-pystache \ - squashfs-tools \ - autoconf \ - dpkg-dev \ - syslinux \ - genisoimage \ - lsb-release \ - fakechroot \ - kernel-package \ - libtool \ - libglib2.0-dev \ - libboost-filesystem-dev \ - libapt-pkg-dev \ - flex \ - bison \ - libperl-dev \ - libnfnetlink-dev \ - python3-git \ - parted \ - kpartx \ - jq \ - qemu-system-x86 \ - qemu-utils \ - quilt \ - python3-lxml \ - python3-setuptools \ - python3-nose \ - python3-coverage - -# Packages needed for building vyos-strongswan -RUN apt-get update && apt-get install -y -t jessie-backports \ - debhelper &&\ - apt-get install -y \ - dh-apparmor \ - gperf \ - iptables-dev \ - libcap-dev \ - libgcrypt20-dev \ - libgmp3-dev \ - libldap2-dev \ - libpam0g-dev \ - libsystemd-dev \ - libgmp-dev \ - iptables \ - xl2tpd \ - libcurl4-openssl-dev \ - libcurl4-openssl-dev \ - libkrb5-dev \ - libsqlite3-dev \ - libssl-dev \ - libxml2-dev \ - pkg-config - -# Package needed for mdns-repeater -RUN apt-get update && apt-get install -y -t jessie-backports \ - dh-systemd - -# Packages needed for vyatta-bash -RUN apt-get update && apt-get install -y \ - libncurses5-dev \ - locales - -# Packages needed for vyatta-cfg -RUN apt-get update &&apt-get install -y \ - libboost-filesystem-dev - -# Packages needed for vyatta-iproute -RUN apt-get update && apt-get install -y \ - libatm1-dev \ - libdb-dev - -# Packages needed for vyatta-webgui -RUN apt-get update && apt-get install -y \ - libexpat1-dev \ - subversion - -# Packages needed for pmacct -RUN apt-get update && apt-get install -y \ - libpcap-dev \ - libpq-dev \ - libmysqlclient-dev \ - libgeoip-dev \ - librabbitmq-dev \ - libjansson-dev \ - librdkafka-dev \ - libnetfilter-log-dev - -# Packages needed for vyos-keepalived -RUN apt-get update && apt-get install -y \ - libnl-3-dev \ - libnl-genl-3-dev \ - libpopt-dev \ - libsnmp-dev - -# Pavkages needed for wireguard -RUN apt-get update && apt-get install -y \ - libmnl-dev - -# Packages needed for kernel -RUN apt-get update && apt-get install -y \ - libelf-dev - -# Packages needed for vyos-accel-ppp -RUN apt-get update && apt-get install -y \ - cdbs \ - cmake \ - liblua5.1-dev - -# Packages needed for vyos-frr -RUN apt-get update && apt-get install -y \ - texinfo \ - imagemagick \ - groff \ - hardening-wrapper \ - gawk \ - chrpath \ - libjson0 \ - libjson0-dev \ - python-ipaddr - -# Update live-build -RUN echo 'deb http://ftp.debian.org/debian stretch main' | tee -a /etc/apt/sources.list.d/stretch.list &&\ - apt-get update &&\ - apt-get install -y -t stretch live-build &&\ - rm -f /etc/apt/sources.list.d/stretch.list &&\ - apt-get update &&\ - rm -rf /var/lib/apt/lists/* - -# Standard shell should be bash not dash -RUN echo "dash dash/sh boolean false" | debconf-set-selections && \ - DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash - -RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen -ENV LANG en_US.utf8 - -# Install packer -RUN export LATEST="$(curl -s https://checkpoint-api.hashicorp.com/v1/check/packer | \ - jq -r -M '.current_version')"; \ - echo "url https://releases.hashicorp.com/packer/"$LATEST"/packer_"$LATEST"_linux_amd64.zip" |\ - curl -K- | gzip -d > /usr/bin/packer && \ - chmod +x /usr/bin/packer - -# Allow password-less 'sudo' for all users in group 'sudo' -RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \ - chmod a+s /usr/sbin/useradd /usr/sbin/gosu /usr/sbin/usermod - -COPY scripts/docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/Jenkinsfile b/Jenkinsfile index 3406e606..7a780286 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -21,6 +21,7 @@ pipeline { dockerfile { filename 'Dockerfile' label 'jessie-amd64' + dir 'docker' args '--privileged --sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=1006 -e GOSU_GID=1006' } } diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 00000000..2744d291 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,164 @@ +# Must be run with --privileged flag +# Recommended to run the container with a volume mapped +# in order to easy exprort images built to "external" world +FROM debian:jessie + +RUN echo 'deb http://ftp.debian.org/debian jessie-backports main' | tee -a /etc/apt/sources.list &&\ + apt-get update && apt-get install -y \ + gosu \ + vim \ + git \ + make \ + sudo \ + locales \ + live-build \ + pbuilder \ + devscripts \ + python3-pystache \ + squashfs-tools \ + autoconf \ + dpkg-dev \ + syslinux \ + genisoimage \ + lsb-release \ + fakechroot \ + kernel-package \ + libtool \ + libglib2.0-dev \ + libboost-filesystem-dev \ + libapt-pkg-dev \ + flex \ + bison \ + libperl-dev \ + libnfnetlink-dev \ + python3-git \ + parted \ + kpartx \ + jq \ + qemu-system-x86 \ + qemu-utils \ + quilt \ + python3-lxml \ + python3-setuptools \ + python3-nose \ + python3-coverage + +# Packages needed for building vyos-strongswan +RUN apt-get update && apt-get install -y -t jessie-backports \ + debhelper &&\ + apt-get install -y \ + dh-apparmor \ + gperf \ + iptables-dev \ + libcap-dev \ + libgcrypt20-dev \ + libgmp3-dev \ + libldap2-dev \ + libpam0g-dev \ + libsystemd-dev \ + libgmp-dev \ + iptables \ + xl2tpd \ + libcurl4-openssl-dev \ + libcurl4-openssl-dev \ + libkrb5-dev \ + libsqlite3-dev \ + libssl-dev \ + libxml2-dev \ + pkg-config + +# Package needed for mdns-repeater +RUN apt-get update && apt-get install -y -t jessie-backports \ + dh-systemd + +# Packages needed for vyatta-bash +RUN apt-get update && apt-get install -y \ + libncurses5-dev \ + locales + +# Packages needed for vyatta-cfg +RUN apt-get update &&apt-get install -y \ + libboost-filesystem-dev + +# Packages needed for vyatta-iproute +RUN apt-get update && apt-get install -y \ + libatm1-dev \ + libdb-dev + +# Packages needed for vyatta-webgui +RUN apt-get update && apt-get install -y \ + libexpat1-dev \ + subversion + +# Packages needed for pmacct +RUN apt-get update && apt-get install -y \ + libpcap-dev \ + libpq-dev \ + libmysqlclient-dev \ + libgeoip-dev \ + librabbitmq-dev \ + libjansson-dev \ + librdkafka-dev \ + libnetfilter-log-dev + +# Packages needed for vyos-keepalived +RUN apt-get update && apt-get install -y \ + libnl-3-dev \ + libnl-genl-3-dev \ + libpopt-dev \ + libsnmp-dev + +# Pavkages needed for wireguard +RUN apt-get update && apt-get install -y \ + libmnl-dev + +# Packages needed for kernel +RUN apt-get update && apt-get install -y \ + libelf-dev + +# Packages needed for vyos-accel-ppp +RUN apt-get update && apt-get install -y \ + cdbs \ + cmake \ + liblua5.1-dev + +# Packages needed for vyos-frr +RUN apt-get update && apt-get install -y \ + texinfo \ + imagemagick \ + groff \ + hardening-wrapper \ + gawk \ + chrpath \ + libjson0 \ + libjson0-dev \ + python-ipaddr + +# Update live-build +RUN echo 'deb http://ftp.debian.org/debian stretch main' | tee -a /etc/apt/sources.list.d/stretch.list &&\ + apt-get update &&\ + apt-get install -y -t stretch live-build &&\ + rm -f /etc/apt/sources.list.d/stretch.list &&\ + apt-get update &&\ + rm -rf /var/lib/apt/lists/* + +# Standard shell should be bash not dash +RUN echo "dash dash/sh boolean false" | debconf-set-selections && \ + DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash + +RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen +ENV LANG en_US.utf8 + +# Install packer +RUN export LATEST="$(curl -s https://checkpoint-api.hashicorp.com/v1/check/packer | \ + jq -r -M '.current_version')"; \ + echo "url https://releases.hashicorp.com/packer/"$LATEST"/packer_"$LATEST"_linux_amd64.zip" |\ + curl -K- | gzip -d > /usr/bin/packer && \ + chmod +x /usr/bin/packer + +# Allow password-less 'sudo' for all users in group 'sudo' +RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \ + chmod a+s /usr/sbin/useradd /usr/sbin/gosu /usr/sbin/usermod + +COPY entrypoint.sh /usr/local/bin/entrypoint.sh +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh new file mode 100755 index 00000000..00e1e139 --- /dev/null +++ b/docker/entrypoint.sh @@ -0,0 +1,27 @@ +#!/bin/bash +set -e + +USER_NAME="vyos_bld" +NEW_UID=$(stat -c "%u" .) +NEW_GID=$(stat -c "%g" .) + +# Change effective UID to the one specified via "-e GOSU_UID=`id -u $USER`" +if [ -n "$GOSU_UID" ]; then + NEW_UID=$GOSU_UID +fi + +# Change effective UID to the one specified via "-e GOSU_GID=`id -g $USER`" +if [ -n "$GOSU_GID" ]; then + NEW_GID=$GOSU_GID +fi + +# Notify user about selected UID/GID +echo "Current UID/GID: $NEW_UID/$NEW_GID" + +useradd --shell /bin/bash -u $NEW_UID -g $NEW_GID -o -m $USER_NAME +usermod -aG sudo $USER_NAME +sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME +export HOME=/home/$USER_NAME + +# Execute process +exec /usr/sbin/gosu $USER_NAME "$@" diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh deleted file mode 100755 index 845cb2ff..00000000 --- a/scripts/docker-entrypoint.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -set -e - -USER_NAME="vyos_bld" -NEW_UID=$(stat -c "%u" .) -NEW_GID=$(stat -c "%g" .) - -# Change effective UID to the one specified via "-e GOSU_UID=`id -u $USER`" -if [ -n "$GOSU_UID" ]; then - NEW_UID=$GOSU_UID -fi - -# Change effective UID to the one specified via "-e GOSU_GID=`id -g $USER`" -if [ -n "$GOSU_GID" ]; then - NEW_GID=$GOSU_GID -fi - -# Notify user about selected UID/GID -echo "Current UID/GID: $NEW_UID/$NEW_GID" - -# Create user called "docker" with selected UID -useradd --shell /bin/bash -u $NEW_UID -g $NEW_GID -o -m $USER_NAME -usermod -aG sudo $USER_NAME -sudo chown $NEW_UID:$NEW_GID /home/$USER_NAME -export HOME=/home/$USER_NAME - -# Execute process -exec /usr/sbin/gosu $USER_NAME "$@" -- cgit v1.2.3 From 61a76c01cafa0efb237b40a390aa15bf3c2721b1 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 11 Jan 2019 09:17:44 +0100 Subject: Jenkins: add deploy stage do pipeline --- Jenkinsfile | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'Jenkinsfile') diff --git a/Jenkinsfile b/Jenkinsfile index 7a780286..5dda60ef 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -50,6 +50,11 @@ pipeline { ''' } } + stage('Deploy') { + steps { + archiveArtifacts artifacts: 'build/vyos-*-rolling*.iso', fingerprint: true + } + } } post { -- cgit v1.2.3 From f212e76a3b17ac792653f5639ac7ab62576ac433 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 13 Jan 2019 11:16:27 +0100 Subject: Docker: frr-deps: add librtr and libyang --- Jenkinsfile | 9 --------- docker/Dockerfile | 35 ++++++++++++++++++++++++----------- 2 files changed, 24 insertions(+), 20 deletions(-) (limited to 'Jenkinsfile') diff --git a/Jenkinsfile b/Jenkinsfile index 5dda60ef..fc08eff2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -50,20 +50,11 @@ pipeline { ''' } } - stage('Deploy') { - steps { - archiveArtifacts artifacts: 'build/vyos-*-rolling*.iso', fingerprint: true - } - } } post { always { echo 'One way or another, I have finished' - // change build dir file permissions so wen can cleanup as regular - // user (jenkins) afterwards - sh 'sudo chmod -R 777 .' - echo 'No cleanup for now ....' deleteDir() /* cleanup our workspace */ } } diff --git a/docker/Dockerfile b/docker/Dockerfile index cf5071cc..55bfa5cb 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -123,6 +123,28 @@ RUN apt-get update && apt-get install -y \ cmake \ liblua5.1-dev +# Prerequisites for building FRR from source +# see http://docs.frrouting.org/projects/dev-guide/en/latest/building-frr-for-debian8.html +# +# librtr +RUN apt-get update && apt-get install -y \ + doxygen \ + libssh-dev + +RUN export RTRLIB_COMMIT="v0.6.3" && \ + git clone https://github.com/rtrlib/rtrlib.git && \ + cd rtrlib && git checkout $RTRLIB_COMMIT && \ + dpkg-buildpackage -uc -us -tc -b && dpkg -i ../*.deb + +# Prerequisites for building FRR from source +# see http://docs.frrouting.org/projects/dev-guide/en/latest/building-frr-for-debian8.html +# +RUN export LIBYANG_COMMIT="v0.16-r2" && \ + git clone https://github.com/CESNET/libyang.git && \ + cd libyang && git checkout $LIBYANG_COMMIT && mkdir build && cd build && \ + cmake -DENABLE_LYD_PRIV=ON -DCMAKE_INSTALL_PREFIX:PATH=/usr .. && \ + make && make install + # Packages needed for frr RUN apt-get update && apt-get install -y \ libreadline-dev \ @@ -137,20 +159,11 @@ RUN apt-get update && apt-get install -y \ libjson0-dev \ python-ipaddr \ python3-dev \ - python3-pip \ + python3-pytest \ + install-info \ libc-ares-dev \ libc-ares2 -# 3rd-party depndencies required for building FRR, see -# http://docs.frrouting.org/projects/dev-guide/en/latest/building-frr-for-debian8.html -RUN pip3 install pytest -RUN git clone https://github.com/opensourcerouting/libyang /tmp/libyang && \ - cd /tmp/libyang && \ - git checkout -b tmp origin/tmp && \ - mkdir build; cd build && \ - cmake -DENABLE_LYD_PRIV=ON .. && \ - make && make install - # Update live-build RUN echo 'deb http://ftp.debian.org/debian stretch main' | tee -a /etc/apt/sources.list.d/stretch.list &&\ apt-get update &&\ -- cgit v1.2.3 From 1c6bc54504da1d2ce52df1775c6c44ad11bd0e33 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 14 Jan 2019 21:51:59 +0100 Subject: Jenkins: allow regular user to clean 'build/' directory --- Jenkinsfile | 3 +++ 1 file changed, 3 insertions(+) (limited to 'Jenkinsfile') diff --git a/Jenkinsfile b/Jenkinsfile index fc08eff2..32ddcd65 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -55,6 +55,9 @@ pipeline { post { always { echo 'One way or another, I have finished' + // the 'build' directory got elevated permissions during the build + // cdjust permissions so it can be cleaned up by the regular user + sh 'sudo chmod -R 777 build/' deleteDir() /* cleanup our workspace */ } } -- cgit v1.2.3 From 2003c0c276f66d9761180dd42ef37102a3634349 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 14 Jan 2019 22:00:05 +0100 Subject: Jenkins: move post always to post cleanup section --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Jenkinsfile') diff --git a/Jenkinsfile b/Jenkinsfile index 32ddcd65..b5210544 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -53,7 +53,7 @@ pipeline { } post { - always { + cleanup { echo 'One way or another, I have finished' // the 'build' directory got elevated permissions during the build // cdjust permissions so it can be cleaned up by the regular user -- cgit v1.2.3 From f33c047da1350ec47cf01385359e12085373944d Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Mon, 21 Jan 2019 20:11:59 +0100 Subject: Jenkins: force usage of self compiled packages Remove all references to the vyos package mirror via Python vyos_repo_entry variable. Thus we ensure that only the packages the have been compiled from source are used. --- Jenkinsfile | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'Jenkinsfile') diff --git a/Jenkinsfile b/Jenkinsfile index b5210544..d1d8ad95 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -40,12 +40,23 @@ pipeline { sh 'scripts/build-submodules --verbose' } } + stage('Build ISO') { steps { sh ''' #!/bin/sh + + # we do not want to fetch VyOS packages from the mirror, + # we rather prefer all build by ourself! + sed -i '/vyos_repo_entry/d' scripts/live-build-config + + # Configure the ISO ./configure --build-by="autobuild@vyos.net" --debian-mirror="http://ftp.us.debian.org/debian/" + + # Debug to see which Debian packages we have so far ls -al packages/*.deb + + # Finally build our ISO sudo make iso ''' } -- cgit v1.2.3 From fdf47c42269f7adb7d5f3e60b8180e8b9bc77503 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 26 Jan 2019 10:04:13 +0100 Subject: Jenkins: cleanup --- Jenkinsfile | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'Jenkinsfile') diff --git a/Jenkinsfile b/Jenkinsfile index d1d8ad95..4bc64b26 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -30,14 +30,16 @@ pipeline { stage('Submodule Init') { steps { sh ''' - git submodule update --init --recursive - git submodule update --remote + git submodule update --init --recursive --remote ''' } } stage('Build Packages') { steps { - sh 'scripts/build-submodules --verbose' + sh ''' + #!/bin/sh + scripts/build-submodules --verbose + ''' } } @@ -68,7 +70,12 @@ pipeline { echo 'One way or another, I have finished' // the 'build' directory got elevated permissions during the build // cdjust permissions so it can be cleaned up by the regular user - sh 'sudo chmod -R 777 build/' + sh ''' + #!/bin/bash + if [ -d build ]; then + sudo chmod -R 777 build/ + fi + ''' deleteDir() /* cleanup our workspace */ } } -- cgit v1.2.3