LM
/
nwl-ci
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

doc/nwl-ci: updated sections about integrating seed job in NWL HAC instance 

On the ansible instance we saw that the seed job concept was working.
To be as felxible as possible as well on the HAC instance this
concept shall be integrated into this instance. Therefore this commit
holds all the steps so that the yocto build pipeline is starting to
build.
NOTE: currently the NWL project is in progress and the build is not
succeeding.

Signed-off-by: Marc Mattmüller <marc.mattmueller@netmodule.com>
This commit is contained in:
Marc Mattmüller 2023-08-28 18:22:42 +02:00
parent fede53b9f5
commit 3364307149
1 changed files with 427 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

432
doc/src/setup/nwl-ci.rst
View File

@ -1178,10 +1178,7 @@ We have now prepared the repository for the setup of the CI environment. Let's i
.. code-block:: bash
# on your local machine enter the directory
within the cloned repository build-docker on branch
# on the local machine in build-docker, run:
# on your local machine in build-docker, run:
DOCKER_BUILDKIT=1 ./build.sh nwl 0.3.0
# upload the newly created images to the build server:
@ -1239,6 +1236,32 @@ We have now prepared the repository for the setup of the CI environment. Let's i
# add the nginx webserver to known_hosts:
ssh-keyscan 10.115.101.100 >> ~/work/ci/config/known_hosts
+ Adapt *~/work/ci/config/config.xml* on the server (10.115.101.98) according this snippet:
.. code-block:: bash
diff --git a/config/config.xml b/config/config.xml
index 3913680..4e39085 100644
--- a/config/config.xml
+++ b/config/config.xml
@@ -24,13 +24,13 @@
</javaweb>
-->
- <build platform="hios">
+ <build platform="nwl">
<revision type="alpha" role="mainline" number="99.9.99" codeName="master"/>
-
+ <!--
<notification>
<user name="CBE07011"/>
</notification>
-
+ -->
<types>
<!--
<buildType>user</buildType>
+ Adapt the manage script for the new ssh key mount:
.. code-block:: bash
@ -1256,7 +1279,6 @@ We have now prepared the repository for the setup of the CI environment. Let's i
fi
# start container
* Setup the new instance on the build server:
@ -1506,6 +1528,406 @@ this issue:
Approve the DSL seed script within Jenkins under *Manage Jenkins* > *In-process Script Approval* press *Approve* for the
Seed Job content. Now the seed job runs as expected and creates the two jobs.
**Another possibility** would be to add the following Configuration snippet to your JCasC yaml file:
.. code-block::
security:
GlobalJobDslSecurityConfiguration:
useScriptSecurity: false
In the current version of the seed job we use pipelineJob instead of multibranchPipelineJob. Additionally as you can see
as follows, we created an overall pipeline and a specific Yocto build pipeline:
.. code-block::
pipelineJob('nwl') {
displayName('1. NWL CI Pipeline')
description('CI pipeline for the NetModule Wireless Linux')
authenticationToken('buildNwlToken')
logRotator {
artifactDaysToKeep(7)
artifactNumToKeep(7)
daysToKeep(7)
numToKeep(7)
}
definition {
cpsScm {
scm {
git {
branches('main')
extensions {
cloneOptions {
depth(1)
}
}
remote {
credentials('gitCredentials')
url('ssh://git@bitbucket.gad.local:7999/nm-nsp/nwl-ci.git')
}
}
scriptPath('jobs/Jenkinsfile_BuildAll')
}
}
}
}
pipelineJob('nwl-target') {
displayName('2. NWL Yocto Build')
description('CI pipeline building a NetModule Wireless Linux Yocto Target')
authenticationToken('buildNwlToken')
logRotator {
artifactDaysToKeep(7)
artifactNumToKeep(7)
daysToKeep(7)
numToKeep(7)
}
definition {
cpsScm {
scm {
git {
branches('main')
extensions {
cloneOptions {
depth(1)
}
}
remote {
credentials('gitCredentials')
url('ssh://git@bitbucket.gad.local:7999/nm-nsp/nwl-ci.git')
}
}
scriptPath('jobs/Jenkinsfile_BuildTarget')
}
}
}
}
pipelineJob('doc') {
displayName('Documentation')
description('Builds the Documentation of the work concerning NWL CI')
authenticationToken('buildDocToken')
logRotator {
artifactDaysToKeep(7)
artifactNumToKeep(7)
daysToKeep(7)
numToKeep(7)
}
properties {
disableConcurrentBuilds()
}
definition {
cpsScm {
scm {
git {
branches('main')
extensions {
cloneOptions {
depth(1)
}
}
remote {
credentials('gitCredentials')
url('ssh://git@bitbucket.gad.local:7999/nm-nsp/nwl-ci.git')
}
}
scriptPath('jobs/Jenkinsfile_Documentation')
}
}
}
}
.. note::
The DSL API is accessible by ``https://your.jenkins.installation/plugin/job-dsl/api-viewer/index.html``, in our case
``https://10.115.101.98:32780/plugin/job-dsl/api-viewer/index.html``
Integration of Seed Job
***********************
The proof of concept with the seed job worked and was tested on the Ansible Jenkins instance. Now we want to integrate
the seed job as the pipeline integrated in the Guardian way of CI environment :-)
First of all the SSH connection issue to NetModule's Gitea needed to be resolved because the repository of the kernel of
the NWL resides on Gitea due to the cooperation with the NRSW. As soon as the IT opened port 22 on the testnet as well,
NetModule's GitLab and Gitea could be accessed.
With this we now can integrate the seed job in the NWL-HAC Jenkins Instance:
* Adapt the seed script with the additional Job in *build-docker* (branch *feature/ci/nwl*):
.. code-block:: bash
diff --git a/jenkins-ci/jobs/seed.groovy b/jenkins-ci/jobs/seed.groovy
index 79d3781..033eacf 100644
--- a/jenkins-ci/jobs/seed.groovy
+++ b/jenkins-ci/jobs/seed.groovy
@@ -44,54 +44,32 @@ if (config.build.types.buildType.size() != 0) {
}
-multibranchPipelineJob('build-pipeline') {
- displayName('NWL Pipeline')
- description('Builds all NWL targets')
+def SEEDING_BRANCH = 'main'
+freeStyleJob('nwl-seed-job') {
+ displayName('NWL Seed Job')
+ description('Seeds all NWL jobs residing in the specified branch')
authorization {
permissionAll('anonymous')
}
- factory {
- workflowBranchProjectFactory {
- scriptPath('jobs/Jenkinsfile_BuildAll')
- }
- }
- orphanedItemStrategy {
- discardOldItems {
- numToKeep(5)
- }
- }
- branchSources {
+ scm {
git {
- id('nwl-ci')
- remote('ssh://git@bitbucket.gad.local:7999/nm-nsp/nwl-ci.git')
- credentialsId("admin_credentials")
- includes('develop release*')
+ remote {
+ url('ssh://git@bitbucket.gad.local:7999/nm-nsp/nwl-ci.git')
+ credentials('admin_credentials')
+ }
+ extensions {
+ wipeWorkspace()
+ }
}
}
-}
-
-multibranchPipelineJob('build-yocto-target-pipeline') {
- displayName('Build Yocto Target')
- description('Builds a NWL target')
- authorization {
- permissionAll('anonymous')
- }
- factory {
- workflowBranchProjectFactory {
- scriptPath('jobs/Jenkinsfile_BuildTarget')
- }
+ parameters {
+ stringParam('SEEDING_BRANCH', 'main', "The branch to seed the jobs from, e.g. develop or main")
}
- orphanedItemStrategy {
- discardOldItems {
- numToKeep(5)
- }
- }
- branchSources {
- git {
- id('nwl-target-ci')
- remote('ssh://git@bitbucket.gad.local:7999/nm-nsp/nwl-ci.git')
- credentialsId("admin_credentials")
- includes('develop release*')
+ steps {
+ shell('git checkout $SEEDING_BRANCH')
+ dsl {
+ external("jobs/Jenkinsfile_Seed")
+ removeAction('DELETE')
}
}
}
* Add a new groovy script configuring the jobDSL plugin in *build-docker* (branch *feature/ci/nwl*):
.. code-block:: bash
diff --git a/jenkins-ci/scripts/dsl.groovy b/jenkins-ci/scripts/dsl.groovy
new file mode 100644
index 0000000..f1c33ee
--- /dev/null
+++ b/jenkins-ci/scripts/dsl.groovy
@@ -0,0 +1,12 @@
+import hudson.model.*;
+import jenkins.model.*;
+import javaposse.jobdsl.plugin.GlobalJobDslSecurityConfiguration.*;
+
+def config = new XmlSlurper().parse(new File('/var/lib/ci/config/jenkins.xml'));
+def isDslScriptSecurityUsed = config.jenkins.jobdsl.@useScriptSecurity.text().toBoolean();
+
+def jobDslSecurityConfig = Jenkins.instance.getDescriptor("javaposse.jobdsl.plugin.GlobalJobDslSecurityConfiguration");
+jobDslSecurityConfig.setUseScriptSecurity(isDslScriptSecurityUsed);
+jobDslSecurityConfig.save();
+
+Jenkins.instance.save();
* Adapt credentials.groovy to add new git credentials to jenkins in *build-docker* (branch *feature/ci/nwl*):
.. code-block:: bash
diff --git a/jenkins-ci/scripts/credentials.groovy b/jenkins-ci/scripts/credentials.groovy
index e03ffe2..dc0b6c4 100644
--- a/jenkins-ci/scripts/credentials.groovy
+++ b/jenkins-ci/scripts/credentials.groovy
@@ -9,6 +9,7 @@ import com.cloudbees.plugins.credentials.impl.*;
def config = new XmlSlurper().parse(new File('/var/lib/ci/config/jenkins.xml'));
def keyFilePath = "/var/lib/ci/keys/id_ed25519";
def nginxKeyFilePath = "/var/lib/ci/keys/nginx-nwl";
+def nmGitKeyFilePath = "/var/lib/ci/keys/nmgit";
def managerSecret = config.jenkins.ldap.@managerPw.text();
def domain = Domain.global();
def store = Jenkins.instance.getExtensionList('com.cloudbees.plugins.credentials.SystemCredentialsProvider')[0].getStore();
@@ -25,6 +26,12 @@ def nginxcredentials = new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL, "ngin
config.jenkins.nginx.@syncPw.text(), "");
store.addCredentials(domain, nginxcredentials);
+def nmgitcredentials = new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL, "nmgit_credentials",
+ config.jenkins.nmgit.@user.text(),
+ new BasicSSHUserPrivateKey.FileOnMasterPrivateKeySource(nmGitKeyFilePath),
+ config.jenkins.nmgit.@gitPw.text(), "");
+store.addCredentials(domain, nmgitcredentials);
+
Credentials c = (Credentials) new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL,
"admin_ldap_credentials", "",
config.jenkins.admin.@user.text(), managerSecret);
* Build the new NWL docker image *nwl-env-ci* locally and upload it to the server:
.. code-block:: bash
# locally in your build-docker repository root directory, run
DOCKER_BUILDKIT=1 ./build.sh nwl 0.3.1
# upload the newly created images to the build server:
docker save nwl-env-ci:latest | bzip2 | pv | ssh user@10.115.101.98 docker load
# NOTE the nwl-jenkins-ci image is not needed
# log into the build server unless already done --> ssh user@10.115.101.98
# tag the uploaded images:
docker image tag nwl-env-ci:latest nwl-env-ci:0.3.1
* Adapt the manage script on the build server (10.115.101.98) by adding the new git access key:
.. code-block:: bash
diff --git a/manage.sh b/manage.sh
index bf3435c..7e1d8e1 100755
--- a/manage.sh
+++ b/manage.sh
@@ -203,6 +203,7 @@ create_instance()
extras="-v $here/config/maven.xml:/var/lib/ci/config/maven.xml --env JDKDIR=/opt/jdk1.11"
elif [ "$platform" == "nwl" ]; then
extras="-v $here/keys/$platform/nginx-nwl:/var/lib/ci/keys/nginx-nwl:ro"
+ extras="-v $here/keys/$platform/nginx-nwl:/var/lib/ci/keys/nginx-nwl:ro \
+ -v $here/keys/$platform/nmgit:/var/lib/ci/keys/nmgit:ro"
fi
# start container
* Adapt *~/work/ci/config/jenkins.xml* on the server (10.115.101.98) with the jobdsl configuration and the Gitea SSH
access password:
.. code-block:: bash
# NOTE: this is not a properly formatted git diff. It just illustrates the necessary changes:
diff --git a/config/jenkins.xml b/config/jenkins.xml
--- a/config/jenkins.xml
+++ b/config/jenkins.xml
<nginx name="CI_Nginx" user="user" syncPw="nginx4NWL!" email="GA_ContinuousIntegration@belden.com"/>
+ <nmgit name="NM_Git" user="testvm" gitPw="vmSSHpassphrase!" email="GA_ContinuousIntegration@belden.com"/>
<smtp server="host.docker.internal" suffix="@belden.com"/>
+
+ <jobdsl useScriptSecurity="false" />
<executors count="8"/>
</jenkins>
* We use the same SSH key for the Gitea access as the Ansible instance (testvm@testenv), thus copy this SSH key to
*~/work/ci/keys/nwl/* on the server (10.115.101.98):
.. code-block:: bash
scp user@10.115.101.101:/home/user/.ssh/testvm_ed25519 keys/nwl/nmgit
* Add the public key of this SSH key (testvm_ed25519.pub) to the build user account on Gitea (in our case it is
svc-git-ci)
* Add the hostkey of the Gitea server to know_hosts on the server (10.115.101.98):
.. code-block:: bash
ssh-keyscan git.netmodule.intranet >> ~/work/ci/config/known_hosts
* Setup the new instance on the build server:
.. code-block:: bash
# assuming you are on the server in the directory ~/work/ci
# stop and destroy the current running instance
./manage.sh --name=nwl_0_3_0 destroy
# remove the residing file system content
rm -rf instances/nwl/main
# create and launch the new instance:
./manage.sh --image=nwl-env-ci:0.3.1 --branch=main \
--name=nwl_0_3_1 --platform=nwl \
--config=/home/user/work/ci/config/config.xml \
--revision=0.3.1 --maintainer=TeamCHBE create
Creating new instance...
Done!
# check the entry:
./manage.sh -p
+-----------+----------------------------+-------+---------+--------+----------+------------+----------+------------------+--------------+---------+
| name | host | port | status | branch | revision | maintainer | platform | image | container | display |
+-----------+----------------------------+-------+---------+--------+----------+------------+----------+------------------+--------------+---------+
| nwl_0_3_1 | netmodule-03.tcn.gad.local | 32780 | running | main | 0.3.1 | TeamCHBE | nwl | nwl-env-ci:0.3.1 | 1164df794c42 | NULL |
+-----------+----------------------------+-------+---------+--------+----------+------------+----------+------------------+--------------+---------+
* Run a pipeline for tests, e.g. *nwl-target* aka *2. NWL Yocto Build*
.. note::
So far the pipeline nwl-target (NWL Yocto Build) runs. There is currently an issue in NWL that the ci artifact file
is not generated and thus the pipeline fails.
Some side information about the directory structure of the JENKINS_HOME. The tree is often structured as follows:
.. code-block::
JENKINS_HOME
+- builds (build records)
+- [BUILD_ID] (subdirectory for each build)
+- build.xml (build result summary)
+- changelog.xml (change log)
+- config.xml (Jenkins root configuration file)
+- *.xml (other site-wide configuration files)
+- fingerprints (stores fingerprint records, if any)
+- identity.key.enc (RSA key pair that identifies an instance)
+- jobs (root directory for all Jenkins jobs)
+- [JOBNAME] (sub directory for each job)
+- config.xml (job configuration file)
+- [FOLDERNAME] (sub directory for each folder)
+- config.xml (folder configuration file)
+- jobs (subdirectory for all nested jobs)
+- plugins (root directory for all Jenkins plugins)
+- [PLUGIN] (sub directory for each plugin)
+- [PLUGIN].jpi (.jpi or .hpi file for the plugin)
+- secret.key (deprecated key used for some plugins' secure operations)
+- secret.key.not-so-secret (used for validating _$JENKINS_HOME_ creation date)
+- secrets (root directory for the secret+key for credential decryption)
+- hudson.util.Secret (used for encrypting some Jenkins data)
+- master.key (used for encrypting the hudson.util.Secret key)
+- InstanceIdentity.KEY (used to identity this instance)
+- userContent (files served under your https://server/userContent/)
+- workspace (working directory for the version control system)
.. |nwlCiChain| image:: ./media/nwl-ci-jenkins-dashboard.png