Merge branch 'develop' into ansible-instance

2023-09-12 14:41:35 +02:00 · 2023-09-12 14:41:35 +02:00 · 7a103e7eae
parent 57873d15cd aa1e58f58c
commit 7a103e7eae
4 changed files with 98 additions and 0 deletions
--- a/doc/src/nextlevel-ci/researchAnsible.rst
+++ b/doc/src/nextlevel-ci/researchAnsible.rst
@ -1360,6 +1360,89 @@ With this conceptional work we should be able to bring up our infrastructure eas
 we were used to in the past :-D


+Integration of SSTATE-CACHE Sync
+################################
+In :ref:`nwlYoctoSstateCacheMirror` the sstate-cache mirror was set up for the NWL instance according setup of HAC. To
+bring this ansible instance on the same state, we have to adde the nginx credentials and add the server containing the
+sstate-cache mirror to known hosts. Here are the steps:
+
+
+#.  Log into the build server (*netmodule-02*) unless already done: ``ssh user@10.115.101.101``
+#.  Enter the NWL CI repository ``/home/user/nwl-ci``
+#.  Stop the current instance: ``docker-compose down``
+#.  Adding the sstate-cache mirror server to knwon_host:
+
+     .. code-block::
+
+         # add the server to known hosts:
+         ssh-keyscan 10.115.101.100 >> ./secrets/.ssh/known_hosts
+
+#.  Get the ssh keypair for nginx (are on the other NWL build server 10.115.101.98):
+
+     .. code-block::
+
+         # we copy the pair from 10.115.101.98 (confirm any host fingerprint questions):
+         scp user@10.115.101.98:/home/user/.ssh/nginx-nwl* ./secrets/.ssh/
+
+#.  Setting up the docker environment to integrate the new connection:
+
+     .. code-block::
+
+         # create the pw file:
+         echo -n "<theNginxSshPassword>" > secrets/pw/nginxSsh
+
+         # adapt the docker environment according this diff:
+         diff --git a/docker-compose.yaml b/docker-compose.yaml
+         index eebf75e..2853c6c 100644
+         --- a/docker-compose.yaml
+         +++ b/docker-compose.yaml
+         @@ -17,11 +17,13 @@ services:
+                - jenkinsUserAdmin
+                - jenkinsUserDeveloper
+                - gitSsh
+         +      - nginxSsh
+                - nexusUser
+              environment:
+                - COMPOSE_PROJECT_NAME=jk_server_nwl
+                - CASC_JENKINS_CONFIG=/var/jenkins_conf/nwl-cicd.yaml
+                - SSH_GIT_FILE_PATH=/var/jenkins_home/.ssh/testvm_ed25519
+         +      - SSH_NGINX_FILE_PATH=/var/jenkins_home/.ssh/nginx-nwl
+          secrets: #Be careful with newlines in your secrets, make sure to remove them before running docker-compose up.
+            jenkinsUserAdmin:
+              file: $PWD/secrets/pw/jenkinsUserAdmin
+         @@ -29,6 +31,8 @@ secrets: #Be careful with newlines in your secrets, make sure to remove them bef
+              file: $PWD/secrets/pw/jenkinsUserDeveloper
+            gitSsh:
+              file: $PWD/secrets/pw/gitSsh
+         +  nginxSsh:
+         +    file: $PWD/secrets/pw/nginxSsh
+            nexusUser:
+              file: $PWD/secrets/pw/nexusUser
+          networks:
+         diff --git a/docker/nwl-cicd.yaml b/docker/nwl-cicd.yaml
+         index 042a61a..0de5680 100644
+         --- a/docker/nwl-cicd.yaml
+         +++ b/docker/nwl-cicd.yaml
+         @@ -54,6 +54,15 @@ credentials:
+                      privateKeySource:
+                        directEntry:
+                          privateKey: "${readFile:${SSH_GIT_FILE_PATH}}"
+         +        - basicSSHUserPrivateKey:
+         +            scope: GLOBAL
+         +            id: nginxCredentials
+         +            username: user
+         +            passphrase: "${nginxSsh}"
+         +            description: "nginx access over SSH"
+         +            privateKeySource:
+         +              directEntry:
+         +                privateKey: "${readFile:${SSH_NGINX_FILE_PATH}}"
+                  - usernamePassword:
+                        scope: GLOBAL
+                        id: nexusCredentials
+
+#.  Start and build the adapted instance: ``docker-compose up --build -d``
+
+
 Further Research
 ################
 Running Job on specific Host
--- a/doc/src/setup/nwl-ci.rst
+++ b/doc/src/setup/nwl-ci.rst
@ -1016,6 +1016,8 @@ For latter request it makes sense to add a new job and adapt the current setup a
    only do it once.


+.. _nwlYoctoSstateCacheMirror:
+
 SSTATE-CACHE Mirror Information
 *******************************
 The guardians use one sstate-cache mirror for all projects, e.g. BIL and CoreOS. Currently the team wants to progress
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -17,11 +17,13 @@ services:
      - jenkinsUserAdmin
      - jenkinsUserDeveloper
      - gitSsh
+      - nginxSsh
      - nexusUser
    environment:
      - COMPOSE_PROJECT_NAME=jk_server_nwl
      - CASC_JENKINS_CONFIG=/var/jenkins_conf/nwl-cicd.yaml
      - SSH_GIT_FILE_PATH=/var/jenkins_home/.ssh/testvm_ed25519
+      - SSH_NGINX_FILE_PATH=/var/jenkins_home/.ssh/nginx-nwl
 secrets: #Be careful with newlines in your secrets, make sure to remove them before running docker-compose up.
  jenkinsUserAdmin:
    file: $PWD/secrets/pw/jenkinsUserAdmin
@ -29,6 +31,8 @@ secrets: #Be careful with newlines in your secrets, make sure to remove them bef
    file: $PWD/secrets/pw/jenkinsUserDeveloper
  gitSsh:
    file: $PWD/secrets/pw/gitSsh
+  nginxSsh:
+    file: $PWD/secrets/pw/nginxSsh
  nexusUser:
    file: $PWD/secrets/pw/nexusUser
 networks:
--- a/docker/nwl-cicd.yaml
+++ b/docker/nwl-cicd.yaml
@ -54,6 +54,15 @@ credentials:
            privateKeySource:
              directEntry:
                privateKey: "${readFile:${SSH_GIT_FILE_PATH}}"
+        - basicSSHUserPrivateKey:
+            scope: GLOBAL
+            id: nginxCredentials
+            username: user
+            passphrase: "${nginxSsh}"
+            description: "nginx access over SSH"
+            privateKeySource:
+              directEntry:
+                privateKey: "${readFile:${SSH_NGINX_FILE_PATH}}"
        - usernamePassword:
              scope: GLOBAL
              id: nexusCredentials