From db6fb8fe0a0a903d8cbaa5a83d631530b6e84424 Mon Sep 17 00:00:00 2001 From: Oleksandr Miroshnychenko Date: Sun, 10 Dec 2023 13:33:23 +0200 Subject: [PATCH 1/3] ENG-7 remove withCredentials and use default cred provider --- IaC/spot-price-auto-updater.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/IaC/spot-price-auto-updater.yml b/IaC/spot-price-auto-updater.yml index 2a47ba0606..0c95fddc07 100644 --- a/IaC/spot-price-auto-updater.yml +++ b/IaC/spot-price-auto-updater.yml @@ -92,7 +92,6 @@ // Create the EC2 client using the instance profile credentials provider def ec2Client = AmazonEC2ClientBuilder.standard() - .withCredentials(new InstanceProfileCredentialsProvider(false)) .withRegion(region) .build() From f2fc3aa23ad273f5737f467c8a9f2b8c89ecc317 Mon Sep 17 00:00:00 2001 From: Oleksandr Miroshnychenko Date: Sun, 10 Dec 2023 16:52:19 +0200 Subject: [PATCH 2/3] ENG7 ps3.cd: setup Hetzner cloud --- IaC/ps3.cd/init.groovy.d/htz.cloud.groovy | 113 ++++++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 IaC/ps3.cd/init.groovy.d/htz.cloud.groovy diff --git a/IaC/ps3.cd/init.groovy.d/htz.cloud.groovy b/IaC/ps3.cd/init.groovy.d/htz.cloud.groovy new file mode 100644 index 0000000000..3ea84d7e5b --- /dev/null +++ b/IaC/ps3.cd/init.groovy.d/htz.cloud.groovy @@ -0,0 +1,113 @@ +import cloud.dnation.jenkins.plugins.hetzner.* +import cloud.dnation.jenkins.plugins.hetzner.launcher.* +import hudson.model.* +import jenkins.model.Jenkins +import java.util.logging.Logger + +def cloudName = "ps3-htz" + +imageMap = [:] // ID TYPE NAME DESCRIPTION ARCHITECTURE IMAGE SIZE DISK SIZE CREATED DEPRECATED +imageMap['deb12-x64'] = '114690387' // 114690387 system debian-12 Debian 12 x86 - 5 GB Tue Jun 13 09:00:02 EEST 2023 - +imageMap['deb12-aarch64'] = '114690389' // 114690389 system debian-12 Debian 12 arm - 5 GB Tue Jun 13 09:00:03 EEST 2023 - +imageMap['launcher-x64'] = imageMap['deb12-x64'] + +execMap = [:] +execMap['deb'] = 1 +execMap['deb12-x64'] = execMap['deb'] +execMap['deb12-aarch64'] = execMap['deb'] +execMap['launcher-x64'] = 10 + +bootDeadlineMap =[:] +bootDeadlineMap['default'] = 3 +bootDeadlineMap['deb12-x64'] = bootDeadlineMap['default'] +bootDeadlineMap['deb12-aarch64'] = bootDeadlineMap['default'] +bootDeadlineMap['launcher-x64'] = bootDeadlineMap['default'] + +jvmOptsMap = [:] +jvmOptsMap['deb12'] = '-Xmx512m -Xms512m --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED' +jvmOptsMap['deb12-x64'] = jvmOptsMap['deb12'] +jvmOptsMap['deb12-aarch64'] = jvmOptsMap['deb12'] +jvmOptsMap['launcher-x64'] = jvmOptsMap['deb12'] + +labelMap = [:] +labelMap['deb12-x64'] = 'docker-x64 docker-deb12-x64 deb12-x64' +labelMap['deb12-aarch64'] = 'docker-aarch64 docker-deb12-aarch64 deb12-aarch64' +labelMap['launcher-x64'] = 'launcher-x64' + +initMap = [:] +initMap['deb-docker'] = '''#!/bin/bash -x + set -o xtrace + export DEBIAN_FRONTEND=noninteractive + until sudo apt-get update; do + sleep 1 + echo try again + done + until sudo apt-get -y install openjdk-17-jre-headless apt-transport-https ca-certificates curl gnupg lsb-release unzip; do + sleep 1 + echo try again + done + curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + until sudo apt-get update; do + sleep 1 + echo try again + done + until sudo apt-get -y install docker-ce docker-ce-cli containerd.io; do + sleep 1 + echo try again + done + if ! $(aws --version | grep -q 'aws-cli/2'); then + find /tmp -maxdepth 1 -name "*aws*" | xargs sudo rm -rf + until curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip"; do + sleep 1 + echo try again + done + unzip -o /tmp/awscliv2.zip -d /tmp + cd /tmp/aws && sudo ./install + fi + sudo install -o $(id -u -n) -g $(id -g -n) -d /mnt/jenkins + sudo sysctl net.ipv4.tcp_fin_timeout=15 + sudo sysctl net.ipv4.tcp_tw_reuse=1 + sudo sysctl net.ipv6.conf.all.disable_ipv6=1 + sudo sysctl net.ipv6.conf.default.disable_ipv6=1 + sudo sysctl -w fs.inotify.max_user_watches=10000000 || true + sudo sysctl -w fs.aio-max-nr=1048576 || true + sudo sysctl -w fs.file-max=6815744 || true + echo "* soft core unlimited" | sudo tee -a /etc/security/limits.conf + sudo sed -i.bak -e 's^ExecStart=.*^ExecStart=/usr/bin/dockerd --data-root=/mnt/docker --default-ulimit nofile=900000:900000^' /lib/systemd/system/docker.service + sudo systemctl daemon-reload + sudo install -o root -g root -d /mnt/docker + sudo usermod -aG docker $(id -u -n) + sudo mkdir -p /etc/docker + echo '{"experimental": true, "ipv6": true, "fixed-cidr-v6": "fd3c:a8b0:18eb:5c06::/64"}' | sudo tee /etc/docker/daemon.json + sudo systemctl restart docker + echo "* * * * * root /usr/sbin/route add default gw 10.177.1.1 eth0" | sudo tee /etc/cron.d/fix-default-route +''' +initMap['deb12-x64'] = initMap['deb-docker'] +initMap['deb12-aarch64'] = initMap['deb-docker'] +initMap['launcher-x64'] = initMap['deb-docker'] + +def templates = [ + /* new HetznerServerTemplate("ubuntu20-cx21", "java", "name=ubuntu20-docker", "fsn1", "cx21"), */ + // tmplName tmplLabels tmplImage region server type + new HetznerServerTemplate("deb12-x64", labelMap['deb12-x64'], imageMap['deb12-x64'], "fsn1", "cx51"), + new HetznerServerTemplate("deb12-aarch64", labelMap['deb12-aarch64'], imageMap['deb12-aarch64'], "fsn1", "cax31"), + new HetznerServerTemplate("launcher-x64", labelMap['launcher-x64'], imageMap['launcher-x64'], "fsn1", "cx21") +] + +templates.each { it -> it.setConnector(new SshConnectorAsRoot("hz.ps3.cd")) + def tmplName = it.name + it.setNumExecutors(execMap[tmplName]) + it.bootDeadline = bootDeadlineMap[tmplName] + it.remoteFs = "/mnt/jenkins/" + it.jvmOpts = jvmOptsMap[tmplName] + it.userData = initMap[tmplName] + } + +def cloud = new HetznerCloud(cloudName, "ps3.cd.hz", "10", templates) + +def jenkins = Jenkins.get() + +jenkins.clouds.remove(jenkins.clouds.getByName(cloudName)) +jenkins.clouds.add(cloud) +jenkins.save() From 5962a8c049ede9c77e077309fbbd7a9435ecc517 Mon Sep 17 00:00:00 2001 From: Oleksandr Miroshnychenko Date: Sun, 10 Dec 2023 16:57:53 +0200 Subject: [PATCH 3/3] Revert "ENG-7 remove withCredentials and use default cred provider" This reverts commit db6fb8fe0a0a903d8cbaa5a83d631530b6e84424. --- IaC/spot-price-auto-updater.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/IaC/spot-price-auto-updater.yml b/IaC/spot-price-auto-updater.yml index 0c95fddc07..2a47ba0606 100644 --- a/IaC/spot-price-auto-updater.yml +++ b/IaC/spot-price-auto-updater.yml @@ -92,6 +92,7 @@ // Create the EC2 client using the instance profile credentials provider def ec2Client = AmazonEC2ClientBuilder.standard() + .withCredentials(new InstanceProfileCredentialsProvider(false)) .withRegion(region) .build()