docker: integrate nginx credentials for docker-compose instance

The ansible instance is set up using ansible. The nginx credentials
were missing which let the sync of the sstate-cache mirror fail.
Thus, adapting the environment by adding the credentials.
Including the update of the documentation

Signed-off-by: Marc Mattmüller <marc.mattmueller@netmodule.com>

doc/src/nextlevel-ci/researchAnsible.rst

@@ -1360,6 +1360,89 @@ With this conceptional work we should be able to bring up our infrastructure eas
 we were used to in the past :-D
 
 
+Integration of SSTATE-CACHE Sync
+################################
+In :ref:`nwlYoctoSstateCacheMirror` the sstate-cache mirror was set up for the NWL instance according setup of HAC. To
+bring this ansible instance on the same state, we have to adde the nginx credentials and add the server containing the
+sstate-cache mirror to known hosts. Here are the steps:
+
+
+#.  Log into the build server (*netmodule-02*) unless already done: ``ssh user@10.115.101.101``
+#.  Enter the NWL CI repository ``/home/user/nwl-ci``
+#.  Stop the current instance: ``docker-compose down``
+#.  Adding the sstate-cache mirror server to knwon_host:
+
+     .. code-block::
+
+         # add the server to known hosts:
+         ssh-keyscan 10.115.101.100 >> ./secrets/.ssh/known_hosts
+
+#.  Get the ssh keypair for nginx (are on the other NWL build server 10.115.101.98):
+
+     .. code-block::
+
+         # we copy the pair from 10.115.101.98 (confirm any host fingerprint questions):
+         scp user@10.115.101.98:/home/user/.ssh/nginx-nwl* ./secrets/.ssh/
+
+#.  Setting up the docker environment to integrate the new connection:
+
+     .. code-block::
+
+         # create the pw file:
+         echo -n "<theNginxSshPassword>" > secrets/pw/nginxSsh
+
+         # adapt the docker environment according this diff:
+         diff --git a/docker-compose.yaml b/docker-compose.yaml
+         index eebf75e..2853c6c 100644
+         --- a/docker-compose.yaml
+         +++ b/docker-compose.yaml
+         @@ -17,11 +17,13 @@ services:
+                - jenkinsUserAdmin
+                - jenkinsUserDeveloper
+                - gitSsh
+         +      - nginxSsh
+                - nexusUser
+              environment:
+                - COMPOSE_PROJECT_NAME=jk_server_nwl
+                - CASC_JENKINS_CONFIG=/var/jenkins_conf/nwl-cicd.yaml
+                - SSH_GIT_FILE_PATH=/var/jenkins_home/.ssh/testvm_ed25519
+         +      - SSH_NGINX_FILE_PATH=/var/jenkins_home/.ssh/nginx-nwl
+          secrets: #Be careful with newlines in your secrets, make sure to remove them before running docker-compose up.
+            jenkinsUserAdmin:
+              file: $PWD/secrets/pw/jenkinsUserAdmin
+         @@ -29,6 +31,8 @@ secrets: #Be careful with newlines in your secrets, make sure to remove them bef
+              file: $PWD/secrets/pw/jenkinsUserDeveloper
+            gitSsh:
+              file: $PWD/secrets/pw/gitSsh
+         +  nginxSsh:
+         +    file: $PWD/secrets/pw/nginxSsh
+            nexusUser:
+              file: $PWD/secrets/pw/nexusUser
+          networks:
+         diff --git a/docker/nwl-cicd.yaml b/docker/nwl-cicd.yaml
+         index 042a61a..0de5680 100644
+         --- a/docker/nwl-cicd.yaml
+         +++ b/docker/nwl-cicd.yaml
+         @@ -54,6 +54,15 @@ credentials:
+                      privateKeySource:
+                        directEntry:
+                          privateKey: "${readFile:${SSH_GIT_FILE_PATH}}"
+         +        - basicSSHUserPrivateKey:
+         +            scope: GLOBAL
+         +            id: nginxCredentials
+         +            username: user
+         +            passphrase: "${nginxSsh}"
+         +            description: "nginx access over SSH"
+         +            privateKeySource:
+         +              directEntry:
+         +                privateKey: "${readFile:${SSH_NGINX_FILE_PATH}}"
+                  - usernamePassword:
+                        scope: GLOBAL
+                        id: nexusCredentials
+
+#.  Start and build the adapted instance: ``docker-compose up --build -d``
+
+
 Further Research
 ################
 Running Job on specific Host

doc/src/setup/nwl-ci.rst

@@ -1016,6 +1016,8 @@ For latter request it makes sense to add a new job and adapt the current setup a
     only do it once.
 
 
+.. _nwlYoctoSstateCacheMirror:
+
 SSTATE-CACHE Mirror Information
 *******************************
 The guardians use one sstate-cache mirror for all projects, e.g. BIL and CoreOS. Currently the team wants to progress

docker-compose.yaml

@@ -17,11 +17,13 @@ services:
       - jenkinsUserAdmin
       - jenkinsUserDeveloper
       - gitSsh
+      - nginxSsh
       - nexusUser
     environment:
       - COMPOSE_PROJECT_NAME=jk_server_nwl
       - CASC_JENKINS_CONFIG=/var/jenkins_conf/nwl-cicd.yaml
       - SSH_GIT_FILE_PATH=/var/jenkins_home/.ssh/testvm_ed25519
+      - SSH_NGINX_FILE_PATH=/var/jenkins_home/.ssh/nginx-nwl
 secrets: #Be careful with newlines in your secrets, make sure to remove them before running docker-compose up.
   jenkinsUserAdmin:
     file: $PWD/secrets/pw/jenkinsUserAdmin
@@ -29,6 +31,8 @@ secrets: #Be careful with newlines in your secrets, make sure to remove them bef
     file: $PWD/secrets/pw/jenkinsUserDeveloper
   gitSsh:
     file: $PWD/secrets/pw/gitSsh
+  nginxSsh:
+    file: $PWD/secrets/pw/nginxSsh
   nexusUser:
     file: $PWD/secrets/pw/nexusUser
 networks:

docker/nwl-cicd.yaml

@@ -54,6 +54,15 @@ credentials:
             privateKeySource:
               directEntry:
                 privateKey: "${readFile:${SSH_GIT_FILE_PATH}}"
+        - basicSSHUserPrivateKey:
+            scope: GLOBAL
+            id: nginxCredentials
+            username: user
+            passphrase: "${nginxSsh}"
+            description: "nginx access over SSH"
+            privateKeySource:
+              directEntry:
+                privateKey: "${readFile:${SSH_NGINX_FILE_PATH}}"
         - usernamePassword:
               scope: GLOBAL
               id: nexusCredentials