aboutsummaryrefslogtreecommitdiff
path: root/tcwg-base
diff options
context:
space:
mode:
authorMaxim Kuvyrkov <maxim.kuvyrkov@linaro.org>2018-06-05 07:54:20 +0000
committerLinaro Code Review <review@review.linaro.org>2018-06-05 07:54:20 +0000
commit70e4517c8db330f8c30a2faaa4c676c471eecc46 (patch)
tree2fc567d3fde5267a5954443c76741ca02873f2dd /tcwg-base
parent1e444e7aa0559784d679be8044c29063bccc7174 (diff)
parenta7f862f08787fd60e05dfa156459cb32ab475481 (diff)
Merge changes Icbfea97a,Ia85d4092,Idd91d3b7,I4263bb1b
* changes: tcwg-host: New TCWG images for running "host" containers on vanilla machines. tcwg-base: Adjust handling of "--key file" option tcwg-base/: Move new-user.sh here from tcwg-build/ tcwg-build: Generalize new-user.sh to handle passwd entries as argument
Diffstat (limited to 'tcwg-base')
-rw-r--r--tcwg-base/Dockerfile.in1
-rwxr-xr-xtcwg-base/build.sh3
-rwxr-xr-xtcwg-base/new-user.sh76
-rw-r--r--tcwg-base/tcwg-build/Dockerfile.in7
-rwxr-xr-xtcwg-base/tcwg-build/build.sh3
-rwxr-xr-xtcwg-base/tcwg-build/new-user.sh55
-rw-r--r--tcwg-base/tcwg-host/Dockerfile.in10
-rw-r--r--tcwg-base/tcwg-host/authorized_keys-maxim.kuvyrkov1
-rwxr-xr-xtcwg-base/tcwg-host/build.sh27
l---------tcwg-base/tcwg-host/gerrit-branches1
-rw-r--r--tcwg-base/tcwg-host/passwd1
-rwxr-xr-xtcwg-base/tcwg-host/start.sh59
12 files changed, 182 insertions, 62 deletions
diff --git a/tcwg-base/Dockerfile.in b/tcwg-base/Dockerfile.in
index 6abf52dd..6c591a6a 100644
--- a/tcwg-base/Dockerfile.in
+++ b/tcwg-base/Dockerfile.in
@@ -135,6 +135,7 @@ RUN install -D -p -m0755 /usr/share/doc/git/contrib/workdir/git-new-workdir /usr
&& echo "MaxStartups 256" >> /etc/ssh/sshd_config \
&& echo "MaxSessions 256" >> /etc/ssh/sshd_config
+COPY new-user.sh /usr/local/bin/
COPY postfix-main.cf.in /etc/postfix/main.cf
COPY postfix-sasl_password.in /etc/postfix/sasl_password
diff --git a/tcwg-base/build.sh b/tcwg-base/build.sh
index 24ede180..6330582b 100755
--- a/tcwg-base/build.sh
+++ b/tcwg-base/build.sh
@@ -6,7 +6,7 @@ trap cleanup_exit INT TERM EXIT
cleanup_exit()
{
- rm -rf postfix*.in
+ rm -rf new-user.sh postfix*.in
}
export LANG=C
@@ -17,6 +17,7 @@ name=$(basename ${PWD} | cut -f3- -d '-')
image=linaro/ci-${arch}-${name}-ubuntu:${distro}
baseimage=$(grep "^FROM" Dockerfile | head -n 1 | cut -d" " -f 2)
+cp $top/tcwg-base/new-user.sh ./
cp $top/tcwg-base/postfix*.in .
"$top"/tcwg-base/validate-dockerfile.sh Dockerfile
diff --git a/tcwg-base/new-user.sh b/tcwg-base/new-user.sh
new file mode 100755
index 00000000..d3abe709
--- /dev/null
+++ b/tcwg-base/new-user.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+set -euf -o pipefail
+
+usage ()
+{
+ exit 1
+}
+
+passwd_ent=""
+group=""
+key=""
+user=""
+verbose=false
+
+while [ $# -gt 0 ]; do
+ case "$1" in
+ --passwd) passwd_ent="$2" ;;
+ --group) group="$2" ;;
+ --key) key="$2" ;;
+ --user) user="$2" ;;
+ --verbose) verbose="$2"; shift ;;
+ *) echo "ERROR: Wrong option: $1"; usage ;;
+ esac
+ shift 2
+done
+
+if $verbose; then set -x; fi
+
+if [ x"$group" != x"" ]; then
+ gid=$(echo "$group" | cut -s -d: -f 2)
+ group=$(echo "$group" | cut -d: -f 1)
+
+ if [ x"$gid" != x"" ]; then
+ groupadd -g $gid $group
+ fi
+
+ group_opt="-g $group"
+elif [ x"$passwd_ent" != x"" ]; then
+ gid=$(echo $passwd_ent | cut -d: -f 4)
+ group_opt="-g $gid"
+else
+ group_opt=""
+fi
+
+if [ x"$user" = x"" ]; then
+ user=$(echo "$passwd_ent" | cut -s -d: -f 1,3)
+fi
+
+uid=$(echo "$user" | cut -s -d: -f 2)
+user=$(echo "$user" | cut -d: -f 1)
+
+if [ x"$user" != x"" ]; then
+ if [ x"$passwd_ent" != x"" ]; then
+ comment=$(echo $passwd_ent | cut -d: -f 5)
+ shell=$(echo $passwd_ent | cut -d: -f 7)
+ fi
+
+ useradd -m $group_opt -G kvm \
+ ${uid:+-u $uid} \
+ ${comment:+-c "$comment"} \
+ ${shell:+-s "$shell"} \
+ $user
+
+ sudoers_file=/etc/sudoers.d/$(echo $user | tr "." "-")
+ echo "$user ALL = NOPASSWD: ALL" > $sudoers_file
+ chmod 0440 $sudoers_file
+fi
+
+if [ x"$key" != x"" ]; then
+ key_user=$(echo "$key" | sed -e "s/.*authorized_keys-//")
+ sudo -i -u $key_user mkdir -p /home/$key_user/.ssh
+ sudo -i -u $key_user chmod 0700 /home/$key_user/.ssh
+ cat "$key" | sudo -i -u $key_user tee /home/$key_user/.ssh/authorized_keys > /dev/null
+ sudo -i -u $key_user chmod 0600 /home/$key_user/.ssh/authorized_keys
+fi
diff --git a/tcwg-base/tcwg-build/Dockerfile.in b/tcwg-base/tcwg-build/Dockerfile.in
index 39ef4f39..937d1384 100644
--- a/tcwg-base/tcwg-build/Dockerfile.in
+++ b/tcwg-base/tcwg-build/Dockerfile.in
@@ -1,9 +1,8 @@
FROM linaro/ci-#{ARCH}-tcwg-base-ubuntu:#{DISTRO}
-COPY new-user.sh /usr/local/bin/
-
-RUN new-user.sh --user tcwg-buildslave:11827 --group tcwg-infra:9000 \
- && new-user.sh --user tcwg-benchmark:12326 --group tcwg-infra \
+RUN new-user.sh --group tcwg-infra:9000 \
+ && new-user.sh --passwd "tcwg-buildslave:x:11827:9000:TCWG Buildslave::/bin/bash" \
+ && new-user.sh --passwd "tcwg-benchmark:x:12326:9000:TCWG Benchmark::/bin/bash" \
&& mkdir -p /home/tcwg-buildslave/workspace
COPY tcwg-buildslave /home/tcwg-buildslave
diff --git a/tcwg-base/tcwg-build/build.sh b/tcwg-base/tcwg-build/build.sh
index 99795026..8624b7fd 100755
--- a/tcwg-base/tcwg-build/build.sh
+++ b/tcwg-base/tcwg-build/build.sh
@@ -6,7 +6,7 @@ trap cleanup_exit INT TERM EXIT
cleanup_exit()
{
- rm -rf new-user.sh tcwg-buildslave tcwg-benchmark
+ rm -rf tcwg-buildslave tcwg-benchmark
}
export LANG=C
@@ -16,7 +16,6 @@ name=$(basename ${PWD} | cut -f3- -d '-')
image=linaro/ci-${arch}-${name}-ubuntu:${distro}
top=$(git rev-parse --show-toplevel)
-cp $top/tcwg-base/tcwg-build/new-user.sh ./
rsync -a $top/tcwg-base/tcwg-build/tcwg-buildslave/ ./tcwg-buildslave/
rsync -a $top/tcwg-base/tcwg-build/tcwg-benchmark/ ./tcwg-benchmark/
diff --git a/tcwg-base/tcwg-build/new-user.sh b/tcwg-base/tcwg-build/new-user.sh
deleted file mode 100755
index d1b18953..00000000
--- a/tcwg-base/tcwg-build/new-user.sh
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/bash
-
-set -euf -o pipefail
-
-usage ()
-{
- exit 1
-}
-
-group=""
-key=""
-user=""
-verbose=false
-
-while [ $# -gt 0 ]; do
- case "$1" in
- --group) group="$2" ;;
- --key) key="$2" ;;
- --user) user="$2" ;;
- --verbose) verbose="$2"; shift ;;
- *) echo "ERROR: Wrong option: $1"; usage ;;
- esac
- shift 2
-done
-
-if $verbose; then set -x; fi
-
-if [ x"$group" != x"" ]; then
- gid=$(echo "$group" | cut -s -d: -f 2)
- group=$(echo "$group" | cut -d: -f 1)
-
- if [ x"$gid" != x"" ]; then
- groupadd -g $gid $group
- fi
-
- group_opt="-g $group"
-else
- group_opt=""
-fi
-
-uid=$(echo "$user" | cut -s -d: -f 2)
-user=$(echo "$user" | cut -d: -f 1)
-
-useradd -m $group_opt -G kvm ${uid:+-u $uid} $user
-
-sudoers_file=/etc/sudoers.d/$(echo $user | tr "." "-")
-echo "$user ALL = NOPASSWD: ALL" > $sudoers_file
-chmod 0440 $sudoers_file
-
-if [ x"$key" != x"" ] ; then
- sudo -i -u $user mkdir -p /home/$user/.ssh
- sudo -i -u $user chmod 0700 /home/$user/.ssh
- cat "$key" | sudo -i -u $user tee /home/$user/.ssh/authorized_keys > /dev/null
- sudo -i -u $user chmod 0600 /home/$user/.ssh/authorized_keys
-fi
diff --git a/tcwg-base/tcwg-host/Dockerfile.in b/tcwg-base/tcwg-host/Dockerfile.in
new file mode 100644
index 00000000..e28a08dd
--- /dev/null
+++ b/tcwg-base/tcwg-host/Dockerfile.in
@@ -0,0 +1,10 @@
+FROM linaro/ci-#{ARCH}-tcwg-base-ubuntu:#{DISTRO}
+
+COPY authorized_keys-* passwd /
+
+RUN new-user.sh --group primary:10000 \
+ && while read line; do new-user.sh --passwd "$line"; done </passwd \
+ && for key in /authorized_keys-*; do new-user.sh --key "$key"; done \
+ && rm /passwd /authorized_keys-*
+
+COPY start.sh /
diff --git a/tcwg-base/tcwg-host/authorized_keys-maxim.kuvyrkov b/tcwg-base/tcwg-host/authorized_keys-maxim.kuvyrkov
new file mode 100644
index 00000000..fa17c380
--- /dev/null
+++ b/tcwg-base/tcwg-host/authorized_keys-maxim.kuvyrkov
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR1x3iMEd7BSXx6QE3NtfVF8kYUUVoWUKCCC0jxOiLYCY3wf1i7bfQD7YMITEwXMvwQe6thGefBMLRPWr7WdoiUvxdaLYbSB72T4zN5tK/oQhFOHR8cqG68oSZIY89lUzFaGJRMGzSxUvYUWkwUhOIsjOBKFm+/yT4CD4SmUuFwQAadC6/t+jwc1LinYRMqphgfssUk8uzrvB0cqj2UsYrDF0jTVALfyTwWKHBokuZPnUER92v5e70/vAyOzJv13YdsQcwQBa1tBLrJJPpz8uX65bMLXJ6k+9U6bYSeVtRzYtmdDj5BYvdkJTR8diChLRS75roJclYpLEv0U9foCjd maxim.kuvyrkov@linaro.org-20150420
diff --git a/tcwg-base/tcwg-host/build.sh b/tcwg-base/tcwg-host/build.sh
new file mode 100755
index 00000000..346e0ccc
--- /dev/null
+++ b/tcwg-base/tcwg-host/build.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -e
+
+trap cleanup_exit INT TERM EXIT
+
+cleanup_exit()
+{
+ rm -f authorized_keys-* passwd start.sh
+}
+
+export LANG=C
+distro=$(basename ${PWD} | cut -f1 -d '-')
+arch=$(basename ${PWD} | cut -f2 -d '-')
+name=$(basename ${PWD} | cut -f3- -d '-')
+image=linaro/ci-${arch}-${name}-ubuntu:${distro}
+top=$(git rev-parse --show-toplevel)
+
+cp $top/tcwg-base/tcwg-host/authorized_keys-* ./
+cp $top/tcwg-base/tcwg-host/passwd ./
+cp $top/tcwg-base/tcwg-host/start.sh ./
+
+(cd ..; ./build.sh)
+"$top"/tcwg-base/validate-dockerfile.sh Dockerfile
+docker pull $image 2>/dev/null || true
+docker build --tag=$image .
+echo $image > .docker-tag
diff --git a/tcwg-base/tcwg-host/gerrit-branches b/tcwg-base/tcwg-host/gerrit-branches
new file mode 120000
index 00000000..11f6d349
--- /dev/null
+++ b/tcwg-base/tcwg-host/gerrit-branches
@@ -0,0 +1 @@
+../gerrit-branches \ No newline at end of file
diff --git a/tcwg-base/tcwg-host/passwd b/tcwg-base/tcwg-host/passwd
new file mode 100644
index 00000000..62479561
--- /dev/null
+++ b/tcwg-base/tcwg-host/passwd
@@ -0,0 +1 @@
+maxim.kuvyrkov:x:10967:10000:Maxim Kuvyrkov:/home/maxim.kuvyrkov:/bin/bash
diff --git a/tcwg-base/tcwg-host/start.sh b/tcwg-base/tcwg-host/start.sh
new file mode 100755
index 00000000..e730d95a
--- /dev/null
+++ b/tcwg-base/tcwg-host/start.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+set -e
+
+usage ()
+{
+ cat <<EOF
+$0 [OPTIONS] -- IMAGE
+
+Options:
+ --verbose true/false
+ Whether to run in verbose mode
+EOF
+ exit 1
+}
+
+verbose=false
+
+while [ $# -gt 0 ]; do
+ case $1 in
+ --verbose) verbose="$2"; shift ;;
+ --) shift; break ;;
+ *) echo "ERROR: Wrong option: $1"; usage ;;
+ esac
+ shift
+done
+
+image="$1"
+
+if $verbose; then
+ set -x
+fi
+
+if [ x"$image" = x"" ]; then
+ echo "ERROR: image name not provided"
+ usage
+fi
+
+if groups tcwg-buildslave 2>/dev/null | grep -q docker; then
+ # If tcwg-buildslave user is present, use it to start the container
+ # to have [sudo] log record of container startups.
+ DOCKER="sudo -u tcwg-buildslave docker"
+elif [ x"$(id -u)" = x"0" ] || groups 2>/dev/null | grep -q docker; then
+ # Run docker straight up if $USER is root or in "docker" group.
+ DOCKER="docker"
+else
+ # Fallback to sudo otherwise.
+ DOCKER="sudo docker"
+fi
+
+mounts=""
+mounts="$mounts -v host-home:/home"
+mounts="$mounts -v /var/run/docker.sock:/var/run/docker.sock"
+mounts="$mounts -v $(which docker):$(which docker)"
+
+# Use at most half of all available RAM.
+memlimit=$(($(free -g | awk '/^Mem/ { print $2 }') / 2))G
+
+$DOCKER run -dt -p 2222:22 --name=host --hostname=$(hostname)-dckr $mounts --memory=$memlimit --pids-limit=5000 --restart=unless-stopped $image
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 05:43:54 +0000