From b7381b3fb167452e1e70a6c11b2e5c75efd823b1 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Thu, 2 May 2019 09:31:54 -0500 Subject: [PATCH] ci: Use lockable resource to enforce serial runs It is important that only one configuration management job run at a time. Currently, this is enforced by having only one agent with the *ansible* label, and that agent has only one executor. This is not an ideal solution, because it requires maintaining a separate machine for this purpose. The *Lockable Resources Plugin* provides an alternate solution to this problem. Using this plugin, jobs can acquire an exclusive lock on a "resource" that prevents other jobs that require the same resource from running. Any job that starts while the lock is held will wait until it is released before executing. This will enforce the same serial execution policy, but does not require a separate, dedicated machine. Jobs will be able to run on any executor with the appropriate label. Using this option, it is now possible to run configuration management jobs on the normal agents, defining the execution environment in a Docker image, so the *cm0.pyrocufflink.blue* agent can be decommissioned. --- ci/Dockerfile | 15 +++++++++++++++ ci/dch-vpn.jenkinsfile | 16 +++++++++++++++- ci/default-realm.krb5.conf | 2 ++ ci/koji.jenkinsfile | 16 +++++++++++++++- ci/ntp.jenkinsfile | 12 +++++++++++- ci/pyrocufflink.jenkinsfile | 16 +++++++++++++++- ci/radius.jenkinsfile | 16 +++++++++++++++- ci/samba-dc.jenkinsfile | 16 +++++++++++++++- ci/smtp.jenkinsfile | 16 +++++++++++++++- ci/zabbix.jenkinsfile | 16 +++++++++++++++- 10 files changed, 133 insertions(+), 8 deletions(-) create mode 100644 ci/Dockerfile create mode 100644 ci/default-realm.krb5.conf diff --git a/ci/Dockerfile b/ci/Dockerfile new file mode 100644 index 0000000..b3c35c1 --- /dev/null +++ b/ci/Dockerfile @@ -0,0 +1,15 @@ +FROM fedora:29 + +RUN useradd -l -u 3000018 jenkins + +RUN dnf install -y \ + ansible \ + krb5-workstation \ + openssh-clients \ + python3-dns \ + python3-netaddr \ + -- + +COPY default-realm.krb5.conf /etc/krb5.conf.d/default-realm.conf + +ENV LANG=en_US.UTF-8 diff --git a/ci/dch-vpn.jenkinsfile b/ci/dch-vpn.jenkinsfile index e372bce..21bcda7 100644 --- a/ci/dch-vpn.jenkinsfile +++ b/ci/dch-vpn.jenkinsfile @@ -2,13 +2,27 @@ pipeline { agent { - label 'ansible' + dockerfile { + dir 'ci' + args '''\ + -v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + ''' + } + } + + options { + lock 'cfgpol' + timeout(time: 1, unit: 'HOURS') } triggers { cron 'H H * * *' } + environment { + KRB5CCNAME = "${WORKSPACE}/.krb5cc" + } + stages { stage('kinit') { steps { diff --git a/ci/default-realm.krb5.conf b/ci/default-realm.krb5.conf new file mode 100644 index 0000000..90f0fff --- /dev/null +++ b/ci/default-realm.krb5.conf @@ -0,0 +1,2 @@ +[libdefaults] +default_realm = PYROCUFFLINK.BLUE diff --git a/ci/koji.jenkinsfile b/ci/koji.jenkinsfile index 792da1c..10042a0 100644 --- a/ci/koji.jenkinsfile +++ b/ci/koji.jenkinsfile @@ -2,13 +2,27 @@ pipeline { agent { - label 'ansible' + dockerfile { + dir 'ci' + args '''\ + -v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + ''' + } + } + + options { + lock 'cfgpol' + timeout(time: 1, unit: 'HOURS') } triggers { cron 'H H * * *' } + environment { + KRB5CCNAME = "${WORKSPACE}/.krb5cc" + } + stages { stage('kinit') { steps { diff --git a/ci/ntp.jenkinsfile b/ci/ntp.jenkinsfile index 7972fdf..bba5e0d 100644 --- a/ci/ntp.jenkinsfile +++ b/ci/ntp.jenkinsfile @@ -2,7 +2,17 @@ pipeline { agent { - label 'ansible' + dockerfile { + dir 'ci' + args '''\ + -v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + ''' + } + } + + options { + lock 'cfgpol' + timeout(time: 1, unit: 'HOURS') } triggers { diff --git a/ci/pyrocufflink.jenkinsfile b/ci/pyrocufflink.jenkinsfile index 23b0386..f33624c 100644 --- a/ci/pyrocufflink.jenkinsfile +++ b/ci/pyrocufflink.jenkinsfile @@ -2,13 +2,27 @@ pipeline { agent { - label 'ansible' + dockerfile { + dir 'ci' + args '''\ + -v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + ''' + } + } + + options { + lock 'cfgpol' + timeout(time: 1, unit: 'HOURS') } triggers { cron 'H H * * *' } + environment { + KRB5CCNAME = "${WORKSPACE}/.krb5cc" + } + stages { stage('kinit') { steps { diff --git a/ci/radius.jenkinsfile b/ci/radius.jenkinsfile index aa3b752..52bf9bf 100644 --- a/ci/radius.jenkinsfile +++ b/ci/radius.jenkinsfile @@ -2,13 +2,27 @@ pipeline { agent { - label 'ansible' + dockerfile { + dir 'ci' + args '''\ + -v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + ''' + } + } + + options { + lock 'cfgpol' + timeout(time: 1, unit: 'HOURS') } triggers { cron 'H H * * *' } + environment { + KRB5CCNAME = "${WORKSPACE}/.krb5cc" + } + stages { stage('kinit') { steps { diff --git a/ci/samba-dc.jenkinsfile b/ci/samba-dc.jenkinsfile index efcd9b0..7125527 100644 --- a/ci/samba-dc.jenkinsfile +++ b/ci/samba-dc.jenkinsfile @@ -2,13 +2,27 @@ pipeline { agent { - label 'ansible' + dockerfile { + dir 'ci' + args '''\ + -v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + ''' + } + } + + options { + lock 'cfgpol' + timeout(time: 1, unit: 'HOURS') } triggers { cron 'H H * * *' } + environment { + KRB5CCNAME = "${WORKSPACE}/.krb5cc" + } + stages { stage('kinit') { steps { diff --git a/ci/smtp.jenkinsfile b/ci/smtp.jenkinsfile index 4e56896..bad51a5 100644 --- a/ci/smtp.jenkinsfile +++ b/ci/smtp.jenkinsfile @@ -2,13 +2,27 @@ pipeline { agent { - label 'ansible' + dockerfile { + dir 'ci' + args '''\ + -v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + ''' + } + } + + options { + lock 'cfgpol' + timeout(time: 1, unit: 'HOURS') } triggers { cron 'H H * * *' } + environment { + KRB5CCNAME = "${WORKSPACE}/.krb5cc" + } + stages { stage('kinit') { steps { diff --git a/ci/zabbix.jenkinsfile b/ci/zabbix.jenkinsfile index 2f3f9d4..7b89bad 100644 --- a/ci/zabbix.jenkinsfile +++ b/ci/zabbix.jenkinsfile @@ -2,13 +2,27 @@ pipeline { agent { - label 'ansible' + dockerfile { + dir 'ci' + args '''\ + -v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + ''' + } + } + + options { + lock 'cfgpol' + timeout(time: 1, unit: 'HOURS') } triggers { cron 'H H * * *' } + environment { + KRB5CCNAME = "${WORKSPACE}/.krb5cc" + } + stages { stage('kinit') { steps {