diff --git a/resources/jenkins-masters/ps3/init.groovy.d/cloud.groovy b/resources/jenkins-masters/ps3/init.groovy.d/cloud.groovy deleted file mode 100644 index 35d2883..0000000 --- a/resources/jenkins-masters/ps3/init.groovy.d/cloud.groovy +++ /dev/null @@ -1,907 +0,0 @@ -import com.amazonaws.services.ec2.model.InstanceType -import hudson.model.* -import hudson.plugins.ec2.EC2Cloud -import hudson.plugins.ec2.EC2Tag -import hudson.plugins.ec2.SlaveTemplate -import hudson.plugins.ec2.SpotConfiguration -import hudson.plugins.ec2.ConnectionStrategy -import hudson.plugins.ec2.HostKeyVerificationStrategyEnum -import hudson.plugins.ec2.UnixData -import java.util.logging.Logger -import jenkins.model.Jenkins - -System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "sandbox allow-scripts; script-src 'unsafe-inline' https://www.gstatic.com;") - -def logger = Logger.getLogger("") -logger.info("Cloud init started") - -// get Jenkins instance -Jenkins jenkins = Jenkins.getInstance() - -netMap = [:] -netMap['eu-west-1b'] = 'subnet-06b7b6c7fd86a48e8' -netMap['eu-west-1c'] = 'subnet-0de17643aea1f04a4' - -// ===== Common block of global config starts -def home_dir = System.properties['JENKINS_HOME'] -assert home_dir != "" - -File initGroovyDir = new File("$home_dir/init.groovy.d") -if (!initGroovyDir.exists()) { - initGroovyDir.mkdirs() -} -File amiProperties = new File(initGroovyDir, "ami-defs.properties") -try { - def propertiesChecksum = new URL("https://raw.githubusercontent.com/Percona-Lab/jenkins-pipelines/master/IaC/init.groovy.d/ami-defs.properties.sha256").text.trim() - boolean writeProperties = true - if (amiProperties.exists()) { - // String.digest() is not available in Groovy 2.4 :-( - //if (amiProperties.text.digest('SHA-256') == propertiesChecksum) { - if (org.apache.commons.codec.digest.DigestUtils.sha256Hex(amiProperties.text) == propertiesChecksum) { - writeProperties = false - } - } - if (writeProperties) { - def propertiesText = new URL("https://raw.githubusercontent.com/Percona-Lab/jenkins-pipelines/master/IaC/init.groovy.d/ami-defs.properties").text - // We should continue with existing properties file, so we can't just assert: - // assert propertiesText.digest('SHA-256') == propertiesChecksum - //if (propertiesText.digest('SHA-256') == propertiesChecksum) { - if (org.apache.commons.codec.digest.DigestUtils.sha256Hex(propertiesText) == propertiesChecksum) { - if (amiProperties.exists()) { - // Looks like we do not need tmpFile here, but let's use it to avoid misunderstanings - File tmpFile = new File(amiProperties.toURI()) - tmpFile.renameTo(new File(initGroovyDir, "ami-defs." + new Date().getTime().toString() + ".properties").absolutePath) - //println(tmpFile.toURI().toString()) - } - amiProperties.write(propertiesText) - } - } -} catch (Exception ex) { - println(ex.toString()) -} - -assert amiProperties.exists() -assert amiProperties.text != "" - -def properties = new ConfigSlurper().parse(amiProperties.toURI().toURL()) -//println(properties.toString()) -// ===== Common block of global config ends - -imageMap = [:] -imageMap['eu-west-1a.docker'] = properties.AwsAmi['AmazonLinux2_x86_64']['euWest1'] -imageMap['eu-west-1a.docker-32gb'] = properties.AwsAmi['AmazonLinux2_x86_64']['euWest1'] -imageMap['eu-west-1a.docker2'] = properties.AwsAmi['AmazonLinux2_x86_64']['euWest1'] -imageMap['eu-west-1a.micro-amazon'] = properties.AwsAmi['AmazonLinux2_x86_64']['euWest1'] -imageMap['eu-west-1a.min-al2023-x64'] = properties.AwsAmi['AmazonLinux2023_x86_64']['euWest1'] -imageMap['eu-west-1a.fips-centos-7-x64'] = properties.AwsAmi['FipsCentos7_x86_64']['euWest1'] - -imageMap['eu-west-1a.min-centos-7-x64'] = properties.AwsAmi['Centos7_x86_64']['euWest1'] -imageMap['eu-west-1a.min-ol-8-x64'] = properties.AwsAmi['OracleLinux8_x86_64']['euWest1'] -imageMap['eu-west-1a.min-ol-9-x64'] = properties.AwsAmi['OracleLinux9_x86_64']['euWest1'] -imageMap['eu-west-1a.min-rhel-10-x64'] = properties.AwsAmi['RHEL10_x86_64']['euWest1'] -imageMap['eu-west-1a.min-bookworm-x64'] = properties.AwsAmi['Debian12_x86_64']['euWest1'] -imageMap['eu-west-1a.min-bullseye-x64'] = properties.AwsAmi['Debian11_x86_64']['euWest1'] -imageMap['eu-west-1a.min-buster-x64'] = properties.AwsAmi['Debian10_x86_64']['euWest1'] -imageMap['eu-west-1a.min-bionic-x64'] = properties.AwsAmi['Ubuntu1804_x86_64']['euWest1'] -imageMap['eu-west-1a.min-stretch-x64'] = properties.AwsAmi['Debian9_x86_64']['euWest1'] -imageMap['eu-west-1a.min-xenial-x64'] = properties.AwsAmi['Ubuntu1604_x86_64']['euWest1'] -imageMap['eu-west-1a.min-trixie-x64'] = properties.AwsAmi['Debian13_x86_64']['euWest1'] -imageMap['eu-west-1a.docker-32gb-hirsute'] = properties.AwsAmi['Ubuntu2104_x86_64']['euWest1'] -imageMap['eu-west-1a.docker-32gb-focal'] = properties.AwsAmi['Ubuntu2004_x86_64']['euWest1'] -imageMap['eu-west-1a.docker-32gb-jammy'] = properties.AwsAmi['Ubuntu2204_x86_64']['euWest1'] -imageMap['eu-west-1a.docker-32gb-noble'] = properties.AwsAmi['Ubuntu2404_x86_64']['euWest1'] -imageMap['eu-west-1a.docker-32gb-resolute'] = properties.AwsAmi['Ubuntu2604_x86_64']['euWest1'] -imageMap['eu-west-1a.docker-32gb-bullseye'] = imageMap['eu-west-1a.min-bullseye-x64'] - -imageMap['eu-west-1a.min-centos-7-aarch64'] = properties.AwsAmi['Centos7_aarch64']['euWest1'] -imageMap['eu-west-1a.min-bookworm-aarch64'] = properties.AwsAmi['Debian12_aarch64']['euWest1'] -imageMap['eu-west-1a.min-bullseye-aarch64'] = properties.AwsAmi['Debian11_aarch64']['euWest1'] -imageMap['eu-west-1a.min-jammy-aarch64'] = properties.AwsAmi['Ubuntu2204_aarch64']['euWest1'] -imageMap['eu-west-1a.min-noble-aarch64'] = properties.AwsAmi['Ubuntu2404_aarch64']['euWest1'] -imageMap['eu-west-1a.min-resolute-aarch64'] = properties.AwsAmi['Ubuntu2604_aarch64']['euWest1'] -imageMap['eu-west-1a.min-trixie-aarch64'] = properties.AwsAmi['Debian13_aarch64']['euWest1'] -imageMap['eu-west-1a.min-al2023-aarch64'] = properties.AwsAmi['AmazonLinux2023_aarch64']['euWest1'] - -imageMap['eu-west-1b.docker'] = imageMap['eu-west-1a.docker'] -imageMap['eu-west-1b.docker-32gb'] = imageMap['eu-west-1a.docker-32gb'] -imageMap['eu-west-1b.docker2'] = imageMap['eu-west-1a.docker2'] -imageMap['eu-west-1b.micro-amazon'] = imageMap['eu-west-1a.micro-amazon'] -imageMap['eu-west-1b.min-centos-7-x64'] = imageMap['eu-west-1a.min-centos-7-x64'] -imageMap['eu-west-1b.fips-centos-7-x64'] = imageMap['eu-west-1a.fips-centos-7-x64'] -imageMap['eu-west-1b.min-ol-8-x64'] = imageMap['eu-west-1a.min-ol-8-x64'] -imageMap['eu-west-1b.min-ol-9-x64'] = imageMap['eu-west-1a.min-ol-9-x64'] -imageMap['eu-west-1b.min-rhel-10-x64'] = imageMap['eu-west-1a.min-rhel-10-x64'] -imageMap['eu-west-1b.min-al2023-x64'] = imageMap['eu-west-1a.min-al2023-x64'] - -imageMap['eu-west-1b.min-bookworm-x64'] = imageMap['eu-west-1a.min-bookworm-x64'] -imageMap['eu-west-1b.min-bullseye-x64'] = imageMap['eu-west-1a.min-bullseye-x64'] -imageMap['eu-west-1b.min-buster-x64'] = imageMap['eu-west-1a.min-buster-x64'] -imageMap['eu-west-1b.min-bionic-x64'] = imageMap['eu-west-1a.min-bionic-x64'] -imageMap['eu-west-1b.min-stretch-x64'] = imageMap['eu-west-1a.min-stretch-x64'] -imageMap['eu-west-1b.min-xenial-x64'] = imageMap['eu-west-1a.min-xenial-x64'] -imageMap['eu-west-1b.min-trixie-x64'] = imageMap['eu-west-1a.min-trixie-x64'] -imageMap['eu-west-1b.docker-32gb-hirsute'] = imageMap['eu-west-1a.docker-32gb-hirsute'] -imageMap['eu-west-1b.docker-32gb-focal'] = imageMap['eu-west-1a.docker-32gb-focal'] -imageMap['eu-west-1b.docker-32gb-jammy'] = imageMap['eu-west-1a.docker-32gb-jammy'] -imageMap['eu-west-1b.docker-32gb-noble'] = imageMap['eu-west-1a.docker-32gb-noble'] -imageMap['eu-west-1b.docker-32gb-resolute'] = imageMap['eu-west-1a.docker-32gb-resolute'] -imageMap['eu-west-1b.docker-32gb-bullseye'] = imageMap['eu-west-1a.docker-32gb-bullseye'] - -imageMap['eu-west-1b.min-centos-7-aarch64'] = imageMap['eu-west-1a.min-centos-7-aarch64'] -imageMap['eu-west-1b.min-bookworm-aarch64'] = imageMap['eu-west-1a.min-bookworm-aarch64'] -imageMap['eu-west-1b.min-bullseye-aarch64'] = imageMap['eu-west-1a.min-bullseye-aarch64'] -imageMap['eu-west-1b.min-jammy-aarch64'] = imageMap['eu-west-1a.min-jammy-aarch64'] -imageMap['eu-west-1b.min-noble-aarch64'] = imageMap['eu-west-1a.min-noble-aarch64'] -imageMap['eu-west-1b.min-resolute-aarch64'] = imageMap['eu-west-1a.min-resolute-aarch64'] -imageMap['eu-west-1b.min-trixie-aarch64'] = imageMap['eu-west-1a.min-trixie-aarch64'] -imageMap['eu-west-1b.min-al2023-aarch64'] = imageMap['eu-west-1a.min-al2023-aarch64'] - -imageMap['eu-west-1c.docker'] = imageMap['eu-west-1a.docker'] -imageMap['eu-west-1c.docker-32gb'] = imageMap['eu-west-1a.docker-32gb'] -imageMap['eu-west-1c.docker2'] = imageMap['eu-west-1a.docker2'] -imageMap['eu-west-1c.micro-amazon'] = imageMap['eu-west-1a.micro-amazon'] -imageMap['eu-west-1c.min-centos-7-x64'] = imageMap['eu-west-1a.min-centos-7-x64'] -imageMap['eu-west-1c.fips-centos-7-x64'] = imageMap['eu-west-1a.fips-centos-7-x64'] -imageMap['eu-west-1c.min-ol-8-x64'] = imageMap['eu-west-1a.min-ol-8-x64'] -imageMap['eu-west-1c.min-ol-9-x64'] = imageMap['eu-west-1a.min-ol-9-x64'] -imageMap['eu-west-1c.min-rhel-10-x64'] = imageMap['eu-west-1a.min-rhel-10-x64'] -imageMap['eu-west-1c.min-al2023-x64'] = imageMap['eu-west-1a.min-al2023-x64'] - -imageMap['eu-west-1c.min-bookworm-x64'] = imageMap['eu-west-1a.min-bookworm-x64'] -imageMap['eu-west-1c.min-bullseye-x64'] = imageMap['eu-west-1a.min-bullseye-x64'] -imageMap['eu-west-1c.min-buster-x64'] = imageMap['eu-west-1a.min-buster-x64'] -imageMap['eu-west-1c.min-bionic-x64'] = imageMap['eu-west-1a.min-bionic-x64'] -imageMap['eu-west-1c.min-stretch-x64'] = imageMap['eu-west-1a.min-stretch-x64'] -imageMap['eu-west-1c.min-xenial-x64'] = imageMap['eu-west-1a.min-xenial-x64'] -imageMap['eu-west-1c.min-trixie-x64'] = imageMap['eu-west-1a.min-trixie-x64'] -imageMap['eu-west-1c.docker-32gb-hirsute'] = imageMap['eu-west-1a.docker-32gb-hirsute'] -imageMap['eu-west-1c.docker-32gb-focal'] = imageMap['eu-west-1a.docker-32gb-focal'] -imageMap['eu-west-1c.docker-32gb-jammy'] = imageMap['eu-west-1a.docker-32gb-jammy'] -imageMap['eu-west-1c.docker-32gb-noble'] = imageMap['eu-west-1a.docker-32gb-noble'] -imageMap['eu-west-1c.docker-32gb-resolute'] = imageMap['eu-west-1a.docker-32gb-resolute'] -imageMap['eu-west-1c.docker-32gb-bullseye'] = imageMap['eu-west-1a.docker-32gb-bullseye'] - -imageMap['eu-west-1c.min-centos-7-aarch64'] = imageMap['eu-west-1a.min-centos-7-aarch64'] -imageMap['eu-west-1c.min-bookworm-aarch64'] = imageMap['eu-west-1a.min-bookworm-aarch64'] -imageMap['eu-west-1c.min-bullseye-aarch64'] = imageMap['eu-west-1a.min-bullseye-aarch64'] -imageMap['eu-west-1c.min-jammy-aarch64'] = imageMap['eu-west-1a.min-jammy-aarch64'] -imageMap['eu-west-1c.min-noble-aarch64'] = imageMap['eu-west-1a.min-noble-aarch64'] -imageMap['eu-west-1c.min-resolute-aarch64'] = imageMap['eu-west-1a.min-resolute-aarch64'] -imageMap['eu-west-1c.min-trixie-aarch64'] = imageMap['eu-west-1a.min-trixie-aarch64'] -imageMap['eu-west-1c.min-al2023-aarch64'] = imageMap['eu-west-1a.min-al2023-aarch64'] - - -priceMap = [:] -priceMap['c5n.2xlarge'] = '0.36' // type=c5n.2xlarge, vCPU=8, memory=21GiB, saving=60%, interruption='<5%', price=0.283100 -priceMap['t3.2xlarge'] = '0.31' // type=t3.2xlarge, vCPU=8, memory=32GiB, saving=62%, interruption='<5%', price=0.238600 -priceMap['i4i.2xlarge'] = '0.36' // type=i4i.2xlarge, vCPU=8, memory=64GiB, saving=69%, interruption='<5%', price=0.285600 -priceMap['m5.2xlarge'] = '0.29' // type=m5.2xlarge, vCPU=8, memory=32GiB, saving=65%, interruption='<5%', price=0.220600 -priceMap['r6g.2xlarge'] = '0.33' // type=r6g.2xlarge, vCPU=8, memory=64GiB, saving=61%, interruption='<5%', price=0.254700 - -userMap = [:] -userMap['docker'] = properties.AwsAmi['AmazonLinux2_x86_64']['user'] -userMap['docker-32gb'] = properties.AwsAmi['AmazonLinux2_x86_64']['user'] -userMap['docker2'] = properties.AwsAmi['AmazonLinux2_x86_64']['user'] -userMap['micro-amazon'] = properties.AwsAmi['AmazonLinux2_x86_64']['user'] -userMap['min-al2023-x64'] = properties.AwsAmi['AmazonLinux2023_x86_64']['user'] -userMap['min-bionic-x64'] = properties.AwsAmi['Ubuntu1804_x86_64']['user'] -userMap['min-xenial-x64'] = properties.AwsAmi['Ubuntu1604_x86_64']['user'] -userMap['min-centos-7-x64'] = properties.AwsAmi['Centos7_x86_64']['user'] -userMap['fips-centos-7-x64'] = properties.AwsAmi['FipsCentos7_x86_64']['user'] -userMap['min-ol-8-x64'] = properties.AwsAmi['OracleLinux8_x86_64']['user'] -userMap['min-ol-9-x64'] = properties.AwsAmi['OracleLinux9_x86_64']['user'] -userMap['min-rhel-10-x64'] = properties.AwsAmi['RHEL10_x86_64']['user'] -userMap['min-bookworm-x64'] = properties.AwsAmi['Debian12_x86_64']['user'] -userMap['min-bullseye-x64'] = properties.AwsAmi['Debian11_x86_64']['user'] -userMap['min-stretch-x64'] = properties.AwsAmi['Debian9_x86_64']['user'] -userMap['min-buster-x64'] = properties.AwsAmi['Debian10_x86_64']['user'] -userMap['min-trixie-x64'] = properties.AwsAmi['Debian13_x86_64']['user'] -userMap['docker-32gb-hirsute'] = properties.AwsAmi['Ubuntu2104_x86_64']['user'] -userMap['docker-32gb-focal'] = properties.AwsAmi['Ubuntu2004_x86_64']['user'] -userMap['docker-32gb-jammy'] = properties.AwsAmi['Ubuntu2204_x86_64']['user'] -userMap['docker-32gb-noble'] = properties.AwsAmi['Ubuntu2404_x86_64']['user'] -userMap['docker-32gb-resolute'] = properties.AwsAmi['Ubuntu2604_x86_64']['user'] -userMap['docker-32gb-bullseye'] = properties.AwsAmi['Debian11_x86_64']['user'] - -userMap['min-centos-7-aarch64'] = properties.AwsAmi['Centos7_aarch64']['user'] -userMap['min-bookworm-aarch64'] = properties.AwsAmi['Debian12_aarch64']['user'] -userMap['min-bullseye-aarch64'] = properties.AwsAmi['Debian11_aarch64']['user'] -userMap['min-jammy-aarch64'] = properties.AwsAmi['Ubuntu2204_aarch64']['user'] -userMap['min-noble-aarch64'] = properties.AwsAmi['Ubuntu2404_aarch64']['user'] -userMap['min-resolute-aarch64'] = properties.AwsAmi['Ubuntu2604_aarch64']['user'] -userMap['min-trixie-aarch64'] = properties.AwsAmi['Debian13_aarch64']['user'] -userMap['min-al2023-aarch64'] = properties.AwsAmi['AmazonLinux2023_aarch64']['user'] - - -initMap = [:] -initMap['docker'] = ''' - set -o xtrace - - if ! mountpoint -q /mnt; then - for DEVICE_NAME in $(lsblk -ndpbo NAME,SIZE | sort -n -r | awk '{print $1}'); do - if ! grep -qs "${DEVICE_NAME}" /proc/mounts; then - DEVICE="${DEVICE_NAME}" - break - fi - done - if [ -n "${DEVICE}" ]; then - sudo mkfs.ext4 ${DEVICE} - sudo mount -o noatime ${DEVICE} /mnt - fi - fi - sudo ethtool -K eth0 sg off - until sudo yum makecache; do - sleep 1 - echo try again - done - - sudo amazon-linux-extras install epel -y - sudo amazon-linux-extras install java-openjdk11 -y - sudo yum -y install java-17-amazon-corretto-headless - sudo yum -y install git docker p7zip tzdata-java - sudo yum -y remove awscli - - if ! $(aws --version | grep -q 'aws-cli/2'); then - sudo rm -rf /tmp/aws* || true - - until curl "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip" -o "/tmp/awscliv2.zip"; do - sleep 1 - echo try again - done - - 7za -aoa -o/tmp x /tmp/awscliv2.zip - cd /tmp/aws && sudo ./install - fi - - sudo install -o $(id -u -n) -g $(id -g -n) -d /mnt/jenkins - - sudo sysctl net.ipv4.tcp_fin_timeout=15 - sudo sysctl net.ipv4.tcp_tw_reuse=1 - sudo sysctl net.ipv6.conf.all.disable_ipv6=1 - sudo sysctl net.ipv6.conf.default.disable_ipv6=1 - sudo sysctl -w fs.inotify.max_user_watches=10000000 || true - sudo sysctl -w fs.aio-max-nr=1048576 || true - sudo sysctl -w fs.file-max=6815744 || true - echo "* soft core unlimited" | sudo tee -a /etc/security/limits.conf - sudo sed -i.bak -e 's/nofile=1024:4096/nofile=900000:900000/; s/DAEMON_MAXFILES=.*/DAEMON_MAXFILES=990000/' /etc/sysconfig/docker - echo 'DOCKER_STORAGE_OPTIONS="--data-root=/mnt/docker"' | sudo tee -a /etc/sysconfig/docker-storage - sudo sed -i.bak -e 's^ExecStart=.*^ExecStart=/usr/bin/dockerd --data-root=/mnt/docker --default-ulimit nofile=900000:900000^' /lib/systemd/system/docker.service - sudo systemctl daemon-reload - sudo install -o root -g root -d /mnt/docker - sudo usermod -aG docker $(id -u -n) - sudo mkdir -p /etc/docker - echo '{"experimental": true}' | sudo tee /etc/docker/daemon.json - sudo systemctl status docker || sudo systemctl start docker - sudo service docker status || sudo service docker start - echo "* * * * * root /usr/sbin/route add default gw 10.177.1.1 eth0" | sudo tee /etc/cron.d/fix-default-route -''' - -initMap['docker-32gb-hirsute'] = ''' - set -o xtrace - if ! mountpoint -q /mnt; then - for DEVICE_NAME in $(lsblk -ndpbo NAME,SIZE | sort -n -r | awk '{print $1}'); do - if ! grep -qs "${DEVICE_NAME}" /proc/mounts; then - DEVICE="${DEVICE_NAME}" - break - fi - done - if [ -n "${DEVICE}" ]; then - sudo mkfs.ext2 ${DEVICE} - sudo mount ${DEVICE} /mnt - fi - fi - export DEBIAN_FRONTEND=noninteractive - until sudo apt-get update; do - sleep 1 - echo try again - done - - until sudo apt-get -y install openjdk-11-jre-headless apt-transport-https ca-certificates curl gnupg lsb-release unzip; do - sleep 1 - echo try again - done - - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg - echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - until sudo apt-get update; do - sleep 1 - echo try again - done - until sudo apt-get -y install docker-ce docker-ce-cli containerd.io; do - sleep 1 - echo try again - done - - if ! $(aws --version | grep -q 'aws-cli/2'); then - find /tmp -maxdepth 1 -name "*aws*" | xargs sudo rm -rf - - until curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip"; do - sleep 1 - echo try again - done - - unzip -o /tmp/awscliv2.zip -d /tmp - cd /tmp/aws && sudo ./install - fi - - sudo install -o $(id -u -n) -g $(id -g -n) -d /mnt/jenkins - - sudo sysctl net.ipv4.tcp_fin_timeout=15 - sudo sysctl net.ipv4.tcp_tw_reuse=1 - sudo sysctl net.ipv6.conf.all.disable_ipv6=1 - sudo sysctl net.ipv6.conf.default.disable_ipv6=1 - sudo sysctl -w fs.inotify.max_user_watches=10000000 || true - sudo sysctl -w fs.aio-max-nr=1048576 || true - sudo sysctl -w fs.file-max=6815744 || true - echo "* soft core unlimited" | sudo tee -a /etc/security/limits.conf - sudo sed -i.bak -e 's^ExecStart=.*^ExecStart=/usr/bin/dockerd --data-root=/mnt/docker --default-ulimit nofile=900000:900000^' /lib/systemd/system/docker.service - sudo systemctl daemon-reload - sudo install -o root -g root -d /mnt/docker - sudo usermod -aG docker $(id -u -n) - sudo mkdir -p /etc/docker - echo '{"experimental": true, "ipv6": true, "fixed-cidr-v6": "fd3c:a8b0:18eb:5c06::/64"}' | sudo tee /etc/docker/daemon.json - sudo systemctl restart docker - echo "* * * * * root /usr/sbin/route add default gw 10.177.1.1 eth0" | sudo tee /etc/cron.d/fix-default-route -''' -initMap['docker-32gb-focal'] = initMap['docker-32gb-hirsute'] -initMap['docker-32gb-jammy'] = initMap['docker-32gb-hirsute'] -initMap['docker-32gb-noble'] = initMap['docker-32gb-hirsute'] -initMap['docker-32gb-resolute'] = initMap['docker-32gb-hirsute'] - -initMap['docker-32gb-bullseye'] = ''' - set -o xtrace - if ! mountpoint -q /mnt; then - for DEVICE_NAME in $(lsblk -ndpbo NAME,SIZE | sort -n -r | awk '{print $1}'); do - if ! grep -qs "${DEVICE_NAME}" /proc/mounts; then - DEVICE="${DEVICE_NAME}" - break - fi - done - if [ -n "${DEVICE}" ]; then - sudo mkfs.ext2 ${DEVICE} - sudo mount ${DEVICE} /mnt - fi - fi - export DEBIAN_FRONTEND=noninteractive - until sudo apt-get update; do - sleep 1 - echo try again - done - until sudo apt-get -y install openjdk-11-jre-headless apt-transport-https ca-certificates curl gnupg lsb-release unzip; do - sleep 1 - echo try again - done - curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg - echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - until sudo apt-get update; do - sleep 1 - echo try again - done - until sudo apt-get -y install docker-ce docker-ce-cli containerd.io; do - sleep 1 - echo try again - done - if ! $(aws --version | grep -q 'aws-cli/2'); then - find /tmp -maxdepth 1 -name "*aws*" | xargs sudo rm -rf - until curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip"; do - sleep 1 - echo try again - done - unzip -o /tmp/awscliv2.zip -d /tmp - cd /tmp/aws && sudo ./install - fi - sudo install -o $(id -u -n) -g $(id -g -n) -d /mnt/jenkins - sudo sysctl net.ipv4.tcp_fin_timeout=15 - sudo sysctl net.ipv4.tcp_tw_reuse=1 - sudo sysctl net.ipv6.conf.all.disable_ipv6=1 - sudo sysctl net.ipv6.conf.default.disable_ipv6=1 - sudo sysctl -w fs.inotify.max_user_watches=10000000 || true - sudo sysctl -w fs.aio-max-nr=1048576 || true - sudo sysctl -w fs.file-max=6815744 || true - echo "* soft core unlimited" | sudo tee -a /etc/security/limits.conf - sudo sed -i.bak -e 's^ExecStart=.*^ExecStart=/usr/bin/dockerd --data-root=/mnt/docker --default-ulimit nofile=900000:900000^' /lib/systemd/system/docker.service - sudo systemctl daemon-reload - sudo install -o root -g root -d /mnt/docker - sudo usermod -aG docker $(id -u -n) - sudo mkdir -p /etc/docker - echo '{"experimental": true, "ipv6": true, "fixed-cidr-v6": "fd3c:a8b0:18eb:5c06::/64"}' | sudo tee /etc/docker/daemon.json - sudo systemctl restart docker - echo "* * * * * root /usr/sbin/route add default gw 10.177.1.1 eth0" | sudo tee /etc/cron.d/fix-default-route -''' - -initMap['rpmMap'] = ''' - set -o xtrace - RHVER=$(rpm --eval %rhel) - ARCH=$(uname -m) - - if ! mountpoint -q /mnt; then - for DEVICE_NAME in $(lsblk -ndbo NAME,SIZE | sort -n -r | awk '{print $1}'); do - if ! grep -qs "${DEVICE_NAME}" /proc/mounts; then - DEVICE="/dev/${DEVICE_NAME}" - break - fi - done - if [ -n "${DEVICE}" ]; then - sudo mkfs.ext2 ${DEVICE} - sudo mount ${DEVICE} /mnt - fi - fi - - - if [[ ${RHVER} -eq 8 ]] || [[ ${RHVER} -eq 7 ]]; then - sudo sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* - sudo sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* - fi - - until sudo yum makecache; do - sleep 1 - echo try again - done - - # Install Java based on RHEL version and OS type - if [[ -f /etc/system-release ]] && grep -q "Amazon Linux" /etc/system-release; then - sudo yum -y install java-17-amazon-corretto-headless || : - elif [[ ${RHVER} -eq 7 ]]; then - sudo yum -y install java-17-openjdk-headless || sudo yum -y install java-11-openjdk-headless || : - else - sudo yum -y install java-17-openjdk-headless || : - fi - - sudo yum -y install git tzdata-java || : - sudo yum -y install aws-cli || : - sudo install -o $(id -u -n) -g $(id -g -n) -d /mnt/jenkins - -''' - -initMap['min-al2023-x64'] = ''' - set -o xtrace - - if ! mountpoint -q /mnt; then - for DEVICE_NAME in $(lsblk -ndpbo NAME,SIZE | sort -n -r | awk '{print $1}'); do - if ! grep -qs "${DEVICE_NAME}" /proc/mounts; then - DEVICE="${DEVICE_NAME}" - break - fi - done - if [ -n "${DEVICE}" ]; then - sudo mkfs.ext4 ${DEVICE} - sudo mount -o noatime ${DEVICE} /mnt - fi - fi - sudo ethtool -K eth0 sg off - until sudo yum makecache; do - sleep 1 - echo try again - done - - sudo yum -y install java-17-amazon-corretto-headless || : - sudo yum -y install git docker p7zip - sudo yum -y remove awscli - - if ! $(aws --version | grep -q 'aws-cli/2'); then - find /tmp -maxdepth 1 -name "*aws*" | xargs sudo rm -rf - - until curl "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip" -o "/tmp/awscliv2.zip"; do - sleep 1 - echo try again - done - - 7za -o/tmp x /tmp/awscliv2.zip - cd /tmp/aws && sudo ./install - fi - - sudo install -o $(id -u -n) -g $(id -g -n) -d /mnt/jenkins - - sudo sysctl net.ipv4.tcp_fin_timeout=15 - sudo sysctl net.ipv4.tcp_tw_reuse=1 - sudo sysctl net.ipv6.conf.all.disable_ipv6=1 - sudo sysctl net.ipv6.conf.default.disable_ipv6=1 - sudo sysctl -w fs.inotify.max_user_watches=10000000 || true - sudo sysctl -w fs.aio-max-nr=1048576 || true - sudo sysctl -w fs.file-max=6815744 || true - echo "* soft core unlimited" | sudo tee -a /etc/security/limits.conf - sudo sed -i.bak -e 's/nofile=1024:4096/nofile=900000:900000/; s/DAEMON_MAXFILES=.*/DAEMON_MAXFILES=990000/' /etc/sysconfig/docker - echo 'DOCKER_STORAGE_OPTIONS="--data-root=/mnt/docker"' | sudo tee -a /etc/sysconfig/docker-storage - sudo sed -i.bak -e 's^ExecStart=.*^ExecStart=/usr/bin/dockerd --data-root=/mnt/docker --default-ulimit nofile=900000:900000^' /lib/systemd/system/docker.service - sudo systemctl daemon-reload - sudo install -o root -g root -d /mnt/docker - sudo usermod -aG docker $(id -u -n) - sudo mkdir -p /etc/docker - echo '{"experimental": true, "ipv6": true, "fixed-cidr-v6": "fd3c:a8b0:18eb:5c06::/64"}' | sudo tee /etc/docker/daemon.json - sudo systemctl status docker || sudo systemctl start docker - sudo service docker status || sudo service docker start - #echo "* * * * * root /usr/sbin/route add default gw 10.177.1.1 eth0" | sudo tee /etc/cron.d/fix-default-route -''' - -initMap['debMap'] = ''' - set -o xtrace - if ! mountpoint -q /mnt; then - for DEVICE_NAME in $(lsblk -ndpbo NAME,SIZE | sort -n -r | awk '{print $1}'); do - if ! grep -qs "${DEVICE_NAME}" /proc/mounts; then - DEVICE="${DEVICE_NAME}" - break - fi - done - if [ -n "${DEVICE}" ]; then - sudo mkfs.ext2 ${DEVICE} - sudo mount ${DEVICE} /mnt - fi - fi - - sudo sed -i '/bullseye-backports/ s/cdn-aws.deb.debian.org/archive.debian.org/' /etc/apt/sources.list - - until sudo apt-get update; do - sleep 1 - echo try again - done - until sudo apt-get install -y lsb-release; do - sleep 1 - echo try again - done - - DEB_VER=$(lsb_release -sc) - - if [[ ${DEB_VER} == "trixie" ]]; then - JAVA_VER="openjdk-21-jre-headless" - else - JAVA_VER="openjdk-17-jre-headless" - fi - - if [[ ${DEB_VER} == "trixie" ]] || [[ ${DEB_VER} == "bookworm" ]] || [[ ${DEB_VER} == "buster" ]]; then - sudo apt-get -y install ${JAVA_VER} git - sudo mv /etc/ssl /etc/ssl_old - sudo apt-get -y install ${JAVA_VER} - sudo cp -r /etc/ssl_old /etc/ssl - sudo apt-get -y install ${JAVA_VER} - else - sudo apt-get -y install ${JAVA_VER} git - fi - - sudo install -o $(id -u -n) -g $(id -g -n) -d /mnt/jenkins -''' - -initMap['docker-32gb'] = initMap['docker'] -initMap['docker2'] = initMap['docker'] - -initMap['micro-amazon'] = initMap['rpmMap'] -initMap['min-centos-7-x64'] = initMap['rpmMap'] -initMap['fips-centos-7-x64'] = initMap['rpmMap'] -initMap['min-ol-8-x64'] = initMap['rpmMap'] -initMap['min-ol-9-x64'] = initMap['rpmMap'] -initMap['min-rhel-10-x64'] = ''' - set -o xtrace - RHVER=$(rpm --eval %rhel) - if ! mountpoint -q /mnt; then - for DEVICE_NAME in $(lsblk -ndpbo NAME,SIZE | sort -n -r | awk '{print $1}'); do - if ! grep -qs "${DEVICE_NAME}" /proc/mounts; then - DEVICE="${DEVICE_NAME}" - break - fi - done - if [ -n "${DEVICE}" ]; then - sudo mkfs.ext2 ${DEVICE} - sudo mount ${DEVICE} /mnt - fi - fi - - until sudo yum makecache; do - sleep 1 - echo try again - done - sudo yum -y install java-21-openjdk-headless tzdata-java || : - sudo yum -y install awscli2 || : - sudo yum -y install git || : - sudo install -o $(id -u -n) -g $(id -g -n) -d /mnt/jenkins -''' - -initMap['min-bookworm-x64'] = initMap['debMap'] -initMap['min-bullseye-x64'] = initMap['debMap'] -initMap['min-buster-x64'] = initMap['debMap'] -initMap['min-bionic-x64'] = initMap['debMap'] -initMap['min-stretch-x64'] = initMap['debMap'] -initMap['min-xenial-x64'] = initMap['debMap'] -initMap['min-trixie-x64'] = initMap['debMap'] - -initMap['min-centos-7-aarch64'] = initMap['rpmMap'] -initMap['min-bookworm-aarch64'] = initMap['debMap'] -initMap['min-bullseye-aarch64'] = initMap['debMap'] -initMap['min-jammy-aarch64'] = initMap['debMap'] -initMap['min-noble-aarch64'] = initMap['debMap'] -initMap['min-resolute-aarch64'] = initMap['debMap'] -initMap['min-trixie-aarch64'] = initMap['debMap'] -initMap['min-al2023-aarch64'] = initMap['min-al2023-x64'] - -capMap = [:] -capMap['c5n.2xlarge'] = '60' -capMap['t3.2xlarge'] = '60' -capMap['i4i.2xlarge'] = '40' -capMap['m5.2xlarge'] = '10' -capMap['r6g.2xlarge'] = '40' - -typeMap = [:] -typeMap['micro-amazon'] = 'c5n.2xlarge' -typeMap['docker'] = 'c5n.2xlarge' -typeMap['docker-32gb'] = 'i4i.2xlarge' -typeMap['docker2'] = 'm5.2xlarge' -typeMap['min-al2023-x64'] = typeMap['docker'] -typeMap['min-centos-7-x64'] = typeMap['docker'] -typeMap['fips-centos-7-x64'] = typeMap['min-centos-7-x64'] -typeMap['min-ol-8-x64'] = typeMap['min-centos-7-x64'] -typeMap['min-ol-9-x64'] = 'i4i.2xlarge' -typeMap['min-rhel-10-x64'] = typeMap['docker'] -typeMap['min-bionic-x64'] = typeMap['min-centos-7-x64'] -typeMap['min-bookworm-x64'] = typeMap['min-centos-7-x64'] -typeMap['min-bullseye-x64'] = typeMap['min-centos-7-x64'] -typeMap['min-buster-x64'] = typeMap['min-centos-7-x64'] -typeMap['min-stretch-x64'] = typeMap['min-centos-7-x64'] -typeMap['min-xenial-x64'] = typeMap['min-centos-7-x64'] -typeMap['min-trixie-x64'] = typeMap['min-centos-7-x64'] -typeMap['docker-32gb-hirsute'] = 'i4i.2xlarge' -typeMap['docker-32gb-focal'] = 'i4i.2xlarge' -typeMap['docker-32gb-jammy'] = 'i4i.2xlarge' -typeMap['docker-32gb-noble'] = 'i4i.2xlarge' -typeMap['docker-32gb-resolute'] = 'i4i.2xlarge' -typeMap['docker-32gb-bullseye'] = 'i4i.2xlarge' - -typeMap['min-centos-7-aarch64'] = 'r6g.2xlarge' -typeMap['min-bookworm-aarch64'] = 'r6g.2xlarge' -typeMap['min-bullseye-aarch64'] = 'r6g.2xlarge' -typeMap['min-jammy-aarch64'] = 'r6g.2xlarge' -typeMap['min-noble-aarch64'] = 'r6g.2xlarge' -typeMap['min-resolute-aarch64'] = 'r6g.2xlarge' -typeMap['min-trixie-aarch64'] = 'r6g.2xlarge' -typeMap['min-al2023-aarch64'] = 'r6g.2xlarge' - -execMap = [:] -execMap['docker'] = '1' -execMap['docker-32gb'] = execMap['docker'] -execMap['docker2'] = execMap['docker'] -execMap['micro-amazon'] = '30' -execMap['min-al2023-x64'] = '1' -execMap['min-bionic-x64'] = '1' -execMap['min-centos-7-x64'] = '1' -execMap['fips-centos-7-x64'] = '1' -execMap['min-ol-8-x64'] = '1' -execMap['min-ol-9-x64'] = '1' -execMap['min-rhel-10-x64'] = '1' -execMap['min-stretch-x64'] = '1' -execMap['min-xenial-x64'] = '1' -execMap['min-buster-x64'] = '1' -execMap['docker-32gb-hirsute'] = '1' -execMap['docker-32gb-focal'] = '1' -execMap['docker-32gb-jammy'] = '1' -execMap['docker-32gb-noble'] = '1' -execMap['docker-32gb-resolute'] = '1' -execMap['min-bookworm-x64'] = '1' -execMap['min-bullseye-x64'] = '1' -execMap['docker-32gb-bullseye'] = '1' -execMap['min-trixie-x64'] = '1' - -execMap['min-centos-7-aarch64'] = '1' -execMap['min-bookworm-aarch64'] = '1' -execMap['min-bullseye-aarch64'] = '1' -execMap['min-jammy-aarch64'] = '1' -execMap['min-noble-aarch64'] = '1' -execMap['min-resolute-aarch64'] = '1' -execMap['min-trixie-aarch64'] = '1' -execMap['min-al2023-aarch64'] = '1' - -devMap = [:] -devMap['docker'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['docker2'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['docker-32gb'] = devMap['docker'] -devMap['micro-amazon'] = devMap['docker'] -devMap['min-al2023-x64'] = devMap['docker'] -devMap['min-bionic-x64'] = '/dev/sda1=:8:true:gp3,/dev/sdd=:80:true:gp3' -devMap['min-centos-7-x64'] = devMap['min-bionic-x64'] -devMap['fips-centos-7-x64'] = devMap['min-bionic-x64'] -devMap['min-ol-8-x64'] = devMap['min-bionic-x64'] -devMap['min-ol-9-x64'] = '/dev/sda1=:10:true:gp3,/dev/sdd=:80:true:gp3' -devMap['min-rhel-10-x64'] = '/dev/sda1=:30:true:gp3,/dev/sdd=:80:true:gp3' -devMap['min-jessie-x64'] = devMap['micro-amazon'] -devMap['min-stretch-x64'] = 'xvda=:8:true:gp3,xvdd=:80:true:gp3' -devMap['min-xenial-x64'] = devMap['min-bionic-x64'] -devMap['min-buster-x64'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['docker-32gb-hirsute'] = devMap['docker'] -devMap['docker-32gb-focal'] = devMap['docker'] -devMap['docker-32gb-jammy'] = devMap['docker'] -devMap['docker-32gb-noble'] = devMap['docker'] -devMap['min-bookworm-x64'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['min-bullseye-x64'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['min-trixie-x64'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['docker-32gb-resolute'] = devMap['docker'] -devMap['docker-32gb-bullseye'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' - -devMap['min-centos-7-aarch64'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['min-bookworm-aarch64'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['min-bullseye-aarch64'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['min-jammy-aarch64'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['min-noble-aarch64'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['min-resolute-aarch64'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['min-trixie-aarch64'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' -devMap['min-al2023-aarch64'] = '/dev/xvda=:8:true:gp3,/dev/xvdd=:80:true:gp3' - -labelMap = [:] -labelMap['docker'] = '' -labelMap['docker-32gb'] = '' -labelMap['docker2'] = 'docker-32gb' -labelMap['micro-amazon'] = 'master' -labelMap['min-al2023-x64'] = '' -labelMap['min-bionic-x64'] = 'asan' -labelMap['min-centos-7-x64'] = '' -labelMap['fips-centos-7-x64'] = '' -labelMap['min-ol-8-x64'] = '' -labelMap['min-ol-9-x64'] = '' -labelMap['min-rhel-10-x64'] = '' -labelMap['min-stretch-x64'] = '' -labelMap['min-xenial-x64'] = '' -labelMap['min-buster-x64'] = '' -labelMap['docker-32gb-hirsute'] = '' -labelMap['docker-32gb-focal'] = '' -labelMap['docker-32gb-jammy'] = '' -labelMap['docker-32gb-noble'] = '' -labelMap['docker-32gb-resolute'] = '' -labelMap['min-bookworm-x64'] = '' -labelMap['min-bullseye-x64'] = '' -labelMap['min-trixie-x64'] = '' -labelMap['docker-32gb-bullseye'] = '' - -labelMap['min-centos-7-aarch64'] = '' -labelMap['min-bookworm-aarch64'] = '' -labelMap['min-bullseye-aarch64'] = '' -labelMap['min-jammy-aarch64'] = '' -labelMap['min-noble-aarch64'] = '' -labelMap['min-resolute-aarch64'] = '' -labelMap['min-trixie-aarch64'] = '' -labelMap['min-al2023-aarch64'] = '' - -jvmoptsMap = [:] -jvmoptsMap['docker'] = '-Xmx512m -Xms512m' -jvmoptsMap['docker-32gb'] = jvmoptsMap['docker'] -jvmoptsMap['docker2'] = jvmoptsMap['docker'] -jvmoptsMap['micro-amazon'] = jvmoptsMap['docker'] -jvmoptsMap['min-al2023-x64'] = jvmoptsMap['docker'] -jvmoptsMap['min-bionic-x64'] = jvmoptsMap['docker'] -jvmoptsMap['min-centos-7-x64'] = jvmoptsMap['docker'] -jvmoptsMap['fips-centos-7-x64'] = jvmoptsMap['docker'] -jvmoptsMap['min-ol-8-x64'] = jvmoptsMap['docker'] -jvmoptsMap['min-ol-9-x64'] = jvmoptsMap['docker'] -jvmoptsMap['min-rhel-10-x64'] = jvmoptsMap['docker'] -jvmoptsMap['min-stretch-x64'] = jvmoptsMap['docker'] -jvmoptsMap['min-xenial-x64'] = jvmoptsMap['docker'] -jvmoptsMap['min-buster-x64'] = jvmoptsMap['docker'] -jvmoptsMap['docker-32gb-hirsute'] = jvmoptsMap['docker'] -jvmoptsMap['docker-32gb-focal'] = jvmoptsMap['docker'] -jvmoptsMap['docker-32gb-jammy'] = jvmoptsMap['docker'] -jvmoptsMap['docker-32gb-noble'] = jvmoptsMap['docker'] -jvmoptsMap['docker-32gb-resolute'] = jvmoptsMap['docker'] -jvmoptsMap['min-bookworm-x64'] = '-Xmx512m -Xms512m --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED' -jvmoptsMap['min-bullseye-x64'] = jvmoptsMap['docker'] -jvmoptsMap['min-trixie-x64'] = '-Xmx512m -Xms512m --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED' -jvmoptsMap['docker-32gb-bullseye'] = jvmoptsMap['docker'] - -jvmoptsMap['min-centos-7-aarch64'] = jvmoptsMap['docker'] -jvmoptsMap['min-bookworm-aarch64'] = jvmoptsMap['docker'] -jvmoptsMap['min-bullseye-aarch64'] = jvmoptsMap['docker'] -jvmoptsMap['min-jammy-aarch64'] = jvmoptsMap['docker'] -jvmoptsMap['min-noble-aarch64'] = jvmoptsMap['docker'] -jvmoptsMap['min-resolute-aarch64'] = jvmoptsMap['docker'] -jvmoptsMap['min-trixie-aarch64'] = jvmoptsMap['docker'] -jvmoptsMap['min-al2023-aarch64'] = jvmoptsMap['docker'] - -// https://github.com/jenkinsci/ec2-plugin/blob/ec2-1.41/src/main/java/hudson/plugins/ec2/SlaveTemplate.java -SlaveTemplate getTemplate(String OSType, String AZ) { - return new SlaveTemplate( - imageMap[AZ + '.' + OSType].toString(), // String ami - '', // String zone - new SpotConfiguration(true, priceMap[typeMap[OSType]], false, '0'), // SpotConfiguration spotConfig - 'default', // String securityGroups - '/mnt/jenkins', // String remoteFS - InstanceType.fromValue(typeMap[OSType]), // InstanceType type - ( typeMap[OSType].startsWith("c4") || typeMap[OSType].startsWith("m4") || typeMap[OSType].startsWith("c5") || typeMap[OSType].startsWith("m5") || typeMap[OSType].startsWith("r6") ), // boolean ebsOptimized - OSType + ' ' + labelMap[OSType], // String labelString - Node.Mode.NORMAL, // Node.Mode mode - OSType, // String description - initMap[OSType], // String initScript - '', // String tmpDir - '', // String userData - execMap[OSType], // String numExecutors - userMap[OSType].toString(), // String remoteAdmin - new UnixData('', '', '', '22', ''), // AMITypeData amiType - jvmoptsMap[OSType], // String jvmopts - false, // boolean stopOnTerminate - netMap[AZ], // String subnetId - [ - new EC2Tag('Name', 'jenkins-ps3-' + OSType), - new EC2Tag('iit-billing-tag', 'jenkins-ps3-worker') - ], // List tags - '15', // String idleTerminationMinutes - 0, // Init minimumNumberOfInstances - 0, // minimumNumberOfSpareInstances - capMap[typeMap[OSType]], // String instanceCapStr - 'arn:aws:iam::119175775298:instance-profile/jenkins-ps3-worker', // String iamInstanceProfile - true, // boolean deleteRootOnTermination - false, // boolean useEphemeralDevices - false, // boolean useDedicatedTenancy - '', // String launchTimeoutStr - true, // boolean associatePublicIp - devMap[OSType], // String customDeviceMapping - true, // boolean connectBySSHProcess - false, // boolean monitoring - false, // boolean t2Unlimited - ConnectionStrategy.PUBLIC_DNS, // connectionStrategy - -1, // int maxTotalUses - null, - HostKeyVerificationStrategyEnum.OFF, - ) -} - -String privateKey = '' -jenkins.clouds.each { - if (it.hasProperty('name') && it.name == 'AWS-Dev b') { - privateKey = it['privateKey'] - } -} - -String sshKeysCredentialsId = '2ab73cff-5575-4ca2-be48-17761b165103' - -String region = 'eu-west-1' -('b'..'c').each { - // https://github.com/jenkinsci/ec2-plugin/blob/ec2-1.41/src/main/java/hudson/plugins/ec2/AmazonEC2Cloud.java - EC2Cloud ec2Cloud = new EC2Cloud( - "AWS-Dev ${it}", // String cloudName - true, // boolean useInstanceProfileForCredentials - '', // String credentialsId - region, // String region - privateKey, // String privateKey - sshKeysCredentialsId, // String sshKeysCredentialsId - '240', // String instanceCapStr - [ - getTemplate('docker', "${region}${it}"), - getTemplate('docker-32gb', "${region}${it}"), - getTemplate('micro-amazon', "${region}${it}"), - getTemplate('min-al2023-x64', "${region}${it}"), - getTemplate('min-centos-7-x64', "${region}${it}"), - getTemplate('fips-centos-7-x64', "${region}${it}"), - getTemplate('min-ol-8-x64', "${region}${it}"), - getTemplate('min-ol-9-x64', "${region}${it}"), - getTemplate('min-rhel-10-x64', "${region}${it}"), - getTemplate('min-bionic-x64', "${region}${it}"), - getTemplate('min-buster-x64', "${region}${it}"), - getTemplate('min-bookworm-x64', "${region}${it}"), - getTemplate('min-bullseye-x64', "${region}${it}"), - getTemplate('min-trixie-x64', "${region}${it}"), - getTemplate('min-stretch-x64', "${region}${it}"), - getTemplate('min-xenial-x64', "${region}${it}"), - getTemplate('docker-32gb-hirsute', "${region}${it}"), - getTemplate('docker-32gb-focal', "${region}${it}"), - getTemplate('docker-32gb-jammy', "${region}${it}"), - getTemplate('docker-32gb-noble', "${region}${it}"), - getTemplate('docker-32gb-resolute', "${region}${it}"), - getTemplate('docker-32gb-bullseye', "${region}${it}"), - getTemplate('min-centos-7-aarch64', "${region}${it}"), - getTemplate('min-bookworm-aarch64', "${region}${it}"), - getTemplate('min-bullseye-aarch64', "${region}${it}"), - getTemplate('min-jammy-aarch64', "${region}${it}"), - getTemplate('min-noble-aarch64', "${region}${it}"), - getTemplate('min-resolute-aarch64', "${region}${it}"), - getTemplate('min-trixie-aarch64', "${region}${it}"), - getTemplate('min-al2023-aarch64', "${region}${it}"), - ], // List templates - '', - '' - ) - - // add cloud configuration to Jenkins - jenkins.clouds.each { - if (it.hasProperty('name') && it.name == ec2Cloud.name) { - jenkins.clouds.remove(it) - } - } - jenkins.clouds.add(ec2Cloud) -} - -// save current Jenkins state to disk -jenkins.save() - -logger.info("Cloud init finished") diff --git a/resources/jenkins-masters/ps3/init.groovy.d/durability.groovy b/resources/jenkins-masters/ps3/init.groovy.d/durability.groovy deleted file mode 100644 index ea6a2e8..0000000 --- a/resources/jenkins-masters/ps3/init.groovy.d/durability.groovy +++ /dev/null @@ -1,53 +0,0 @@ -/** - * Persist the global pipeline durability hint as MAX_SURVIVABILITY at - * every JVM boot, by calling the GlobalDefaultFlowDurabilityLevel - * descriptor's setDurabilityHint() + save() so the value lands in - * $JENKINS_HOME/org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel.xml - * (the descriptor's standard config file). Idempotent on the happy - * path: when the hint already matches the target, the script is a no-op. - * - * Background. Pipeline builds use one of three durability hints: - * PERFORMANCE_OPTIMIZED - FlowNode state kept in memory until the - * build finishes; an abrupt JVM stop - * (kill -9, AWS spot interrupt) loses the - * whole in-flight build. - * SURVIVABLE_NONATOMIC - persists eventually, weaker ordering. - * MAX_SURVIVABILITY - persists each FlowNode as it executes, so - * a build resumes at the same step on JVM - * return. - * - * Why explicit when workflow-api already advertises MAX_SURVIVABILITY - * as the default? The default is fragile: any operator change in - * Manage Jenkins -> System silently writes the descriptor's XML and - * can replace the hint with no IaC trace. Writing the value ourselves - * at every boot anchors the canary's resilience guarantee. - * - * Note on the descriptor: when no XML exists, the descriptor's in-memory - * field is null (the MAX_SURVIVABILITY default lives at a higher - * layer in workflow-api). So `current != target` correctly fires the - * write path on a fresh master, and the resulting save() materialises - * the on-disk XML. - * - * Scope: ps3 canary only. PS-11173 Phase 2. - */ -import org.jenkinsci.plugins.workflow.flow.FlowDurabilityHint -import jenkins.model.Jenkins - -def descCls = Class.forName('org.jenkinsci.plugins.workflow.flow.GlobalDefaultFlowDurabilityLevel$DescriptorImpl') -def descriptors = Jenkins.instance.getExtensionList(descCls) -if (descriptors.isEmpty()) { - println "durability.groovy: GlobalDefaultFlowDurabilityLevel descriptor missing (workflow-api plugin not installed?)" - return -} - -def d = descriptors[0] -def current = d.durabilityHint -def target = FlowDurabilityHint.MAX_SURVIVABILITY - -if (current != target) { - d.setDurabilityHint(target) - d.save() - println "durability.groovy: ${current} -> ${target}" -} else { - println "durability.groovy: GlobalDefaultFlowDurabilityLevel already ${target}" -} diff --git a/resources/jenkins-masters/ps3/init.groovy.d/ec2FleetCloud.groovy b/resources/jenkins-masters/ps3/init.groovy.d/ec2FleetCloud.groovy deleted file mode 100644 index 46cf92d..0000000 --- a/resources/jenkins-masters/ps3/init.groovy.d/ec2FleetCloud.groovy +++ /dev/null @@ -1,77 +0,0 @@ -// ec2FleetCloud.groovy (PS-11179) -// -// Registers the diversified Graviton EC2 Fleet (ASG-backed via the ec2-fleet -// plugin) as a Jenkins Cloud serving the `docker-32gb-aarch64` label on ps3, -// replacing the classic single-SKU `r6g.2xlarge` SlaveTemplate that previously -// served the same label (retired from cloud.groovy in the same commit). -// Uniform multi-SKU fallback path with ps57 and ps80. -// -// IAM: the `Ec2FleetPluginAutoScaling` policy is attached to the -// jenkins-ps3-master role by the standalone TF block in terraform/master-ps3.tf -// (jenkins-arm-fleet module). The plugin uses the master IAM instance profile -// (`awsCredentialsId = ""`). -// -// SSH: the `percona-jenkins` private-key credential is loaded into ps3; it -// matches the AWS key pair on the Launch Template (`key_name = "percona-jenkins"`). -// `privateIpUsed = true` because the eu-west-1 master's egress does not reliably -// reach the worker's public IP; master + worker share the same VPC, so private -// IP routing works. -// -// Idempotent: re-applying via `jenkins iac deploy` removes the prior cloud -// instance with the same name before adding the fresh one. - -import com.amazon.jenkins.ec2fleet.EC2FleetCloud -import hudson.plugins.sshslaves.SSHConnector -import hudson.plugins.sshslaves.verifiers.NonVerifyingKeyVerificationStrategy -import jenkins.model.Jenkins -import java.util.logging.Logger - -final Logger LOG = Logger.getLogger('ec2FleetCloud') -final String CLOUD_NAME = 'arm-graviton-fleet' -final String REGION = 'eu-west-1' -final String ASG_NAME = 'jenkins-ps3-arm-graviton' -final String LABEL = 'docker-32gb-aarch64' -final String SSH_CRED_ID = 'percona-jenkins' - -Jenkins.instance.clouds.findAll { it.name == CLOUD_NAME }.each { - Jenkins.instance.clouds.remove(it) -} - -def sshConn = new SSHConnector( - 22, SSH_CRED_ID, - '', '', '', '', - null, null, null, - new NonVerifyingKeyVerificationStrategy() -) - -def fleet = new EC2FleetCloud( - CLOUD_NAME, - '', // awsCredentialsId (empty -> master IAM instance profile) - '', // credentialsId (legacy field, kept empty) - REGION, - '', // endpoint - ASG_NAME, - LABEL, - '/mnt/jenkins', // fsRoot - sshConn, // computerConnector - true, // privateIpUsed -- master + worker share the master VPC; public-IP SSH egress is not reliable in eu-west-1 - false, // alwaysReconnect - (Integer) 10, // idleMinutes (NON-zero: 0 = never scale down) - 0, // minSize - 16, // maxSize (matches TF) - 0, // minSpareSize - 1, // numExecutors - true, // addNodeOnlyIfRunning - false, // restrictUsage - '-1', // maxTotalUses (-1 = unlimited) - false, // disableTaskResubmit - (Integer) 600, // initOnlineTimeoutSec - (Integer) 15, // initOnlineCheckIntervalSec - (Integer) 10, // cloudStatusIntervalSec - false, // noDelayProvision - false, // scaleExecutorsByWeight - new EC2FleetCloud.NoScaler() -) - -Jenkins.instance.clouds.add(fleet) -LOG.info("ec2FleetCloud: registered cloud='${CLOUD_NAME}' label='${LABEL}' fleet='${ASG_NAME}' region='${REGION}'") diff --git a/resources/jenkins-masters/ps3/init.groovy.d/hetznerArmHealth.groovy b/resources/jenkins-masters/ps3/init.groovy.d/hetznerArmHealth.groovy deleted file mode 100644 index 4d9edcd..0000000 --- a/resources/jenkins-masters/ps3/init.groovy.d/hetznerArmHealth.groovy +++ /dev/null @@ -1,145 +0,0 @@ -// hetznerArmHealth.groovy (PS-11179) -// -// Master-side health probe that publishes whether Hetzner arm64 (CAX) capacity is -// currently usable, as Jenkins GLOBAL env vars consumed by vars/resolveArmWorker: -// -// HETZNER_ARM64_HEALTHY "true" | "false" -// HETZNER_ARM64_HEALTH_AT epoch seconds of the last SUCCESSFUL observation -// HETZNER_ARM64_REASON short human-readable verdict -// -// Runs ON THIS CONTROLLER (not a worker). Every 60s on the Jenkins Timer pool it -// reads this master's OWN loopback metrics endpoint -// (http://127.0.0.1:8080/hetzner-prometheus) and inspects -// hetzner_dc_circuit_breaker_state{arch="arm64"} for every arm64 DC. -// -// Verdict: -// - UNHEALTHY when every arm64 DC breaker is non-CLOSED (state >= 1, i.e. OPEN or -// HALF_OPEN): no German DC can currently fulfil an arm64 server. -// - HEALTHY otherwise (at least one arm64 DC breaker CLOSED, or no arm64 series yet). -// It reads the metrics TEXT only; it never calls DcCircuitBreaker.getState() from -// Groovy (that would mutate breaker state / arm a HALF_OPEN probe lease). -// -// Hysteresis: flip to UNHEALTHY immediately (divert away from dead capacity fast), -// but require CLEAR_POLLS consecutive healthy observations before flipping back to -// HEALTHY (avoid flapping a half-recovered DC back and forth). -// -// Fail-safe by OMISSION: on any fetch/parse error we DO NOT touch the flag, so it -// goes stale and resolveArmWorker treats stale/absent as healthy (-> Hetzner, the -// current behaviour). UNHEALTHY is published only on POSITIVE fresh evidence, so a -// metrics glitch can never force the costly AWS fallback on. -// -// In-memory by design: the env vars live in globalNodeProperties and are NOT saved -// to disk (no per-minute config churn). After a restart this script republishes -// within ~1 min; until then resolveArmWorker's stale/absent fail-safe holds. -// -// Idempotent re-deploy: re-evaluating this file (jenkins iac deploy / boot) bumps a -// generation token; the previously scheduled task sees the mismatch on its next tick -// and self-terminates, so exactly one probe converges within 60s. - -import jenkins.model.Jenkins -import jenkins.util.Timer -import java.util.concurrent.TimeUnit -import java.util.concurrent.CancellationException -import java.util.logging.Logger - -final Logger LOG = Logger.getLogger('hetznerArmHealth') -final String METRICS_URL = 'http://127.0.0.1:8080/hetzner-prometheus/' // trailing slash avoids a 302 -final int CLEAR_POLLS = 2 // consecutive healthy polls before re-enabling Hetzner -final long PERIOD_SEC = 60L -final long INITIAL_DELAY_SEC = 15L - -// Generation token: supersede any schedule left by an earlier eval of this file. -final String GEN = UUID.randomUUID().toString() -System.setProperty('hetznerArmHealth.gen', GEN) - -def parseArmBreakerStates = { String body -> - def states = [] - body.eachLine { String line -> - if (line.startsWith('hetzner_dc_circuit_breaker_state') && line.contains('arch="arm64"')) { - def m = (line =~ /\}\s+([0-9.eE+-]+)\s*$/) - if (m.find()) { states << (m.group(1) as double) } - } - } - return states -} - -def publishEnv = { boolean healthy, long atSec, String reason -> - def props = Jenkins.instance.globalNodeProperties - def envProp = props.get(hudson.slaves.EnvironmentVariablesNodeProperty) - if (envProp == null) { - envProp = new hudson.slaves.EnvironmentVariablesNodeProperty() - props.add(envProp) - } - def vars = envProp.envVars - vars.put('HETZNER_ARM64_HEALTHY', healthy ? 'true' : 'false') - vars.put('HETZNER_ARM64_HEALTH_AT', atSec.toString()) - vars.put('HETZNER_ARM64_REASON', reason) -} - -Runnable probe = { - try { - if (System.getProperty('hetznerArmHealth.gen') != GEN) { - throw new CancellationException('superseded by newer hetznerArmHealth eval') - } - - String body - try { - def conn = (java.net.HttpURLConnection) new URL(METRICS_URL).openConnection() - conn.connectTimeout = 4000 - conn.readTimeout = 4000 - int code = conn.responseCode - if (code != 200) { - LOG.warning("hetznerArmHealth: metrics HTTP ${code}; leaving flag untouched (stale->healthy fail-safe)") - return - } - body = conn.inputStream.getText('UTF-8') - } catch (CancellationException ce) { - throw ce - } catch (Exception fe) { - LOG.warning("hetznerArmHealth: metrics fetch failed (${fe.message}); leaving flag untouched (stale->healthy fail-safe)") - return - } - - def states = parseArmBreakerStates(body) - boolean observedHealthy - String reason - if (states.isEmpty()) { - observedHealthy = true - reason = 'no arm64 DC breaker series (assuming healthy)' - } else { - int closed = states.count { it < 1.0d } - observedHealthy = (closed > 0) - reason = observedHealthy ? - "${closed}/${states.size()} arm64 DC breakers CLOSED".toString() : - "all ${states.size()} arm64 DC breakers non-CLOSED (OPEN/HALF_OPEN)".toString() - } - - boolean priorHealthy = (System.getProperty('hetznerArmHealth.published', 'true') != 'false') - int priorStreak = (System.getProperty('hetznerArmHealth.streak', '0')) as int - boolean publishHealthy - int streak - if (!observedHealthy) { - publishHealthy = false - streak = 0 - } else { - streak = priorStreak + 1 - publishHealthy = priorHealthy || (streak >= CLEAR_POLLS) - if (!publishHealthy) { - reason = "recovering (${streak}/${CLEAR_POLLS} healthy polls); holding AWS fallback".toString() - } - } - System.setProperty('hetznerArmHealth.published', publishHealthy ? 'true' : 'false') - System.setProperty('hetznerArmHealth.streak', streak.toString()) - - long nowSec = (long) (System.currentTimeMillis() / 1000L) - publishEnv(publishHealthy, nowSec, reason) - LOG.fine("hetznerArmHealth: healthy=${publishHealthy} (${reason})") - } catch (CancellationException supersede) { - throw supersede // let scheduleAtFixedRate suppress this stale generation - } catch (Throwable t) { - LOG.warning("hetznerArmHealth: unexpected ${t}") // swallow so the probe keeps running - } -} - -Timer.get().scheduleAtFixedRate(probe, INITIAL_DELAY_SEC, PERIOD_SEC, TimeUnit.SECONDS) -LOG.info("hetznerArmHealth: scheduled (gen=${GEN}, every ${PERIOD_SEC}s, loopback ${METRICS_URL})") diff --git a/resources/jenkins-masters/ps3/init.groovy.d/htz.cloud.groovy b/resources/jenkins-masters/ps3/init.groovy.d/htz.cloud.groovy deleted file mode 100644 index 7fea505..0000000 --- a/resources/jenkins-masters/ps3/init.groovy.d/htz.cloud.groovy +++ /dev/null @@ -1,202 +0,0 @@ -import cloud.dnation.jenkins.plugins.hetzner.* -import cloud.dnation.jenkins.plugins.hetzner.launcher.* -import hudson.model.* -import jenkins.model.Jenkins -import java.util.logging.Logger - -def cloudName = "ps3-htz" - -imageMap = [:] // ID TYPE NAME DESCRIPTION ARCHITECTURE IMAGE SIZE DISK SIZE CREATED DEPRECATED -imageMap['deb12-x64'] = '114690387' // 114690387 system debian-12 Debian 12 x86 - 5 GB Tue Jun 13 09:00:02 EEST 2023 - -imageMap['deb12-aarch64'] = '114690389' // 114690389 system debian-12 Debian 12 arm - 5 GB Tue Jun 13 09:00:03 EEST 2023 - -imageMap['launcher-x64'] = imageMap['deb12-x64'] - -execMap = [:] -execMap['deb'] = 1 -execMap['deb12-x64-nbg1'] = execMap['deb'] -execMap['deb12-x64-hel1'] = execMap['deb'] -execMap['deb12-x64-fsn1'] = execMap['deb'] -execMap['deb12-aarch64-nbg1'] = execMap['deb'] -execMap['deb12-aarch64-hel1'] = execMap['deb'] -execMap['deb12-aarch64-fsn1'] = execMap['deb'] -execMap['deb12-x64-nbg1-min'] = execMap['deb'] -execMap['deb12-x64-hel1-min'] = execMap['deb'] -execMap['deb12-x64-fsn1-min'] = execMap['deb'] -execMap['deb12-aarch64-nbg1-min'] = execMap['deb'] -execMap['deb12-aarch64-hel1-min'] = execMap['deb'] -execMap['deb12-aarch64-fsn1-min'] = execMap['deb'] -execMap['launcher-x64-nbg1'] = 30 -execMap['launcher-x64-hel1'] = 30 -execMap['launcher-x64-fsn1'] = 30 - -bootDeadlineMap =[:] -bootDeadlineMap['default'] = 8 -bootDeadlineMap['deb12-x64-nbg1'] = bootDeadlineMap['default'] -bootDeadlineMap['deb12-x64-hel1'] = bootDeadlineMap['default'] -bootDeadlineMap['deb12-x64-fsn1'] = bootDeadlineMap['default'] -bootDeadlineMap['deb12-aarch64-nbg1'] = bootDeadlineMap['default'] -bootDeadlineMap['deb12-aarch64-hel1'] = bootDeadlineMap['default'] -bootDeadlineMap['deb12-aarch64-fsn1'] = bootDeadlineMap['default'] -bootDeadlineMap['deb12-x64-nbg1-min'] = bootDeadlineMap['default'] -bootDeadlineMap['deb12-x64-hel1-min'] = bootDeadlineMap['default'] -bootDeadlineMap['deb12-x64-fsn1-min'] = bootDeadlineMap['default'] -bootDeadlineMap['deb12-aarch64-nbg1-min'] = bootDeadlineMap['default'] -bootDeadlineMap['deb12-aarch64-hel1-min'] = bootDeadlineMap['default'] -bootDeadlineMap['deb12-aarch64-fsn1-min'] = bootDeadlineMap['default'] -bootDeadlineMap['launcher-x64-nbg1'] = bootDeadlineMap['default'] -bootDeadlineMap['launcher-x64-hel1'] = bootDeadlineMap['default'] -bootDeadlineMap['launcher-x64-fsn1'] = bootDeadlineMap['default'] - -jvmOptsMap = [:] -jvmOptsMap['deb12'] = '-Xms4g -Xmx16g -Xss4m -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:+AlwaysPreTouch --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED' -jvmOptsMap['deb12-x64-nbg1'] = jvmOptsMap['deb12'] -jvmOptsMap['deb12-x64-hel1'] = jvmOptsMap['deb12'] -jvmOptsMap['deb12-x64-fsn1'] = jvmOptsMap['deb12'] -jvmOptsMap['deb12-aarch64-nbg1'] = jvmOptsMap['deb12'] -jvmOptsMap['deb12-aarch64-hel1'] = jvmOptsMap['deb12'] -jvmOptsMap['deb12-aarch64-fsn1'] = jvmOptsMap['deb12'] -jvmOptsMap['deb12-x64-nbg1-min'] = jvmOptsMap['deb12'] -jvmOptsMap['deb12-x64-hel1-min'] = jvmOptsMap['deb12'] -jvmOptsMap['deb12-x64-fsn1-min'] = jvmOptsMap['deb12'] -jvmOptsMap['deb12-aarch64-nbg1-min'] = jvmOptsMap['deb12'] -jvmOptsMap['deb12-aarch64-hel1-min'] = jvmOptsMap['deb12'] -jvmOptsMap['deb12-aarch64-fsn1-min'] = jvmOptsMap['deb12'] -jvmOptsMap['launcher-x64-nbg1'] = jvmOptsMap['deb12'] -jvmOptsMap['launcher-x64-hel1'] = jvmOptsMap['deb12'] -jvmOptsMap['launcher-x64-fsn1'] = jvmOptsMap['deb12'] - -labelMap = [:] -labelMap['deb12-x64-min'] = 'docker-x64-min docker-deb12-x64-min deb12-x64-min' -labelMap['deb12-aarch64-min'] = 'docker-aarch64-min docker-deb12-aarch64-min deb12-aarch64-min' -labelMap['deb12-x64'] = 'docker-x64 docker-deb12-x64 deb12-x64' -labelMap['deb12-aarch64'] = 'docker-aarch64 docker-deb12-aarch64 deb12-aarch64' -labelMap['launcher-x64'] = 'launcher-x64' - -networkMap = [:] -networkMap['percona-vpc-eu'] = '10442325' // percona-vpc-eu - -initMap = [:] -initMap['deb-docker'] = '''#!/bin/bash -x - set -o xtrace - # Force IPv4 early (Hetzner -> Cloudflare CDN IPv6 routing is intermittently broken, see PKG-1325) - sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1 || true - sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1 || true - sudo sysctl -w net.ipv6.conf.eth0.disable_ipv6=1 || true - echo "precedence ::ffff:0:0/96 100" | sudo tee -a /etc/gai.conf - echo -e "nameserver 9.9.9.9\nnameserver 1.1.1.1" | sudo tee /etc/resolv.conf - echo '10.30.6.9 repo.ci.percona.com' | sudo tee -a /etc/hosts - sudo install -o $(id -u -n) -g $(id -g -n) -d /mnt/jenkins - sudo fallocate -l 32G /swapfile - sudo chmod 600 /swapfile - sudo mkswap /swapfile - sudo swapon /swapfile - - # Pin apt to deb.debian.org (avoid Hetzner mirror lottery, see PKG-1323/PKG-1324) - sudo tee /etc/apt/sources.list > /dev/null <<'APT_EOF' -deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware -deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware -deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware -deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware -APT_EOF - - export DEBIAN_FRONTEND=noninteractive - until sudo apt-get update; do - sleep 1 - echo try again - done - until sudo apt-get -y install openjdk-17-jre-headless apt-transport-https ca-certificates curl gnupg lsb-release unzip git; do - sleep 1 - echo try again - done - curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - until sudo apt-get update; do - sleep 1 - echo try again - done - until sudo apt-get -y install docker-ce docker-ce-cli containerd.io; do - sleep 1 - echo try again - done - if ! $(aws --version | grep -q 'aws-cli/2'); then - find /tmp -maxdepth 1 -name "*aws*" | xargs sudo rm -rf - until curl "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m)-2.22.35.zip" -o "/tmp/awscliv2.zip"; do - sleep 1 - echo try again - done - unzip -o /tmp/awscliv2.zip -d /tmp - cd /tmp/aws && sudo ./install - fi - sudo sysctl net.ipv4.tcp_fin_timeout=15 - sudo sysctl net.ipv4.tcp_tw_reuse=1 - sudo sysctl net.ipv6.conf.all.disable_ipv6=1 - sudo sysctl net.ipv6.conf.default.disable_ipv6=1 - sudo sysctl -w fs.inotify.max_user_watches=10000000 || true - sudo sysctl -w fs.aio-max-nr=1048576 || true - sudo sysctl -w fs.file-max=6815744 || true - echo "* soft core unlimited" | sudo tee -a /etc/security/limits.conf - sudo sed -i.bak -e 's^ExecStart=.*^ExecStart=/usr/bin/dockerd --data-root=/mnt/docker --default-ulimit nofile=900000:900000^' /lib/systemd/system/docker.service - sudo systemctl daemon-reload - sudo install -o root -g root -d /mnt/docker - sudo usermod -aG docker $(id -u -n) - sudo mkdir -p /etc/docker - echo '{"experimental": true, "ipv6": true, "fixed-cidr-v6": "fd3c:a8b0:18eb:5c06::/64"}' | sudo tee /etc/docker/daemon.json - sudo systemctl restart docker -''' -initMap['deb12-x64-nbg1'] = initMap['deb-docker'] -initMap['deb12-x64-hel1'] = initMap['deb-docker'] -initMap['deb12-x64-fsn1'] = initMap['deb-docker'] -initMap['deb12-aarch64-nbg1'] = initMap['deb-docker'] -initMap['deb12-aarch64-hel1'] = initMap['deb-docker'] -initMap['deb12-aarch64-fsn1'] = initMap['deb-docker'] -initMap['deb12-x64-nbg1-min'] = initMap['deb-docker'] -initMap['deb12-x64-hel1-min'] = initMap['deb-docker'] -initMap['deb12-x64-fsn1-min'] = initMap['deb-docker'] -initMap['deb12-aarch64-nbg1-min'] = initMap['deb-docker'] -initMap['deb12-aarch64-hel1-min'] = initMap['deb-docker'] -initMap['deb12-aarch64-fsn1-min'] = initMap['deb-docker'] -initMap['launcher-x64-nbg1'] = initMap['deb-docker'] -initMap['launcher-x64-hel1'] = initMap['deb-docker'] -initMap['launcher-x64-fsn1'] = initMap['deb-docker'] - -def templates = [ - /* new HetznerServerTemplate("ubuntu20-cx21", "java", "name=ubuntu20-docker", "fsn1", "cx21"), */ - // tmplName tmplLabels tmplImage region server type - new HetznerServerTemplate("deb12-x64-nbg1-min", labelMap['deb12-x64-min'], imageMap['deb12-x64'], "nbg1", "cpx42"), - new HetznerServerTemplate("deb12-aarch64-nbg1-min", labelMap['deb12-aarch64-min'], imageMap['deb12-aarch64'], "nbg1", "cax31"), - new HetznerServerTemplate("deb12-x64-hel1-min", labelMap['deb12-x64-min'], imageMap['deb12-x64'], "hel1", "cpx42"), - new HetznerServerTemplate("deb12-aarch64-hel1-min", labelMap['deb12-aarch64-min'], imageMap['deb12-aarch64'], "hel1", "cax31"), - new HetznerServerTemplate("deb12-x64-fsn1-min", labelMap['deb12-x64-min'], imageMap['deb12-x64'], "fsn1", "cpx42"), - new HetznerServerTemplate("deb12-aarch64-fsn1-min", labelMap['deb12-aarch64-min'], imageMap['deb12-aarch64'], "fsn1", "cax31"), - new HetznerServerTemplate("deb12-x64-nbg1", labelMap['deb12-x64'], imageMap['deb12-x64'], "nbg1", "cpx62"), - new HetznerServerTemplate("deb12-aarch64-nbg1", labelMap['deb12-aarch64'], imageMap['deb12-aarch64'], "nbg1", "cax41"), - new HetznerServerTemplate("deb12-x64-hel1", labelMap['deb12-x64'], imageMap['deb12-x64'], "hel1", "cpx62"), - new HetznerServerTemplate("deb12-aarch64-hel1", labelMap['deb12-aarch64'], imageMap['deb12-aarch64'], "hel1", "cax41"), - new HetznerServerTemplate("deb12-x64-fsn1", labelMap['deb12-x64'], imageMap['deb12-x64'], "fsn1", "cpx62"), - new HetznerServerTemplate("deb12-aarch64-fsn1", labelMap['deb12-aarch64'], imageMap['deb12-aarch64'], "fsn1", "cax41"), - new HetznerServerTemplate("launcher-x64-nbg1", labelMap['launcher-x64'], imageMap['launcher-x64'], "nbg1", "cpx22"), - new HetznerServerTemplate("launcher-x64-hel1", labelMap['launcher-x64'], imageMap['launcher-x64'], "hel1", "cpx22"), - new HetznerServerTemplate("launcher-x64-fsn1", labelMap['launcher-x64'], imageMap['launcher-x64'], "fsn1", "cpx22") -] - -templates.each { it -> - def sshConnector = new SshConnectorAsRoot("htz.cd.key") - sshConnector.setConnectionMethod(new PublicAddressOnly()) // Replace with the desired method - it.setConnector(sshConnector) - def tmplName = it.name - it.setNumExecutors(execMap[tmplName]) - it.bootDeadline = bootDeadlineMap[tmplName] - it.remoteFs = "/mnt/jenkins/" - it.jvmOpts = jvmOptsMap[tmplName] - it.network = networkMap['percona-vpc-eu'] - it.userData = initMap[tmplName] - } - -// public HetznerCloud(String name, String credentialsId, String instanceCapStr, List serverTemplates) -def cloud = new HetznerCloud(cloudName, "htz.cd.token", "100", templates) - -def jenkins = Jenkins.get() - -jenkins.clouds.remove(jenkins.clouds.getByName(cloudName)) -jenkins.clouds.add(cloud) -jenkins.save() diff --git a/resources/jenkins-masters/ps3/init.groovy.d/matrix.groovy b/resources/jenkins-masters/ps3/init.groovy.d/matrix.groovy deleted file mode 100644 index 66562bd..0000000 --- a/resources/jenkins-masters/ps3/init.groovy.d/matrix.groovy +++ /dev/null @@ -1,188 +0,0 @@ -/* - Copyright (c) 2015-2020 Sam Gleske - https://github.com/samrocketman/jenkins-bootstrap-shared - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - */ -/* - Configure matrix authorization strategy with permissions for users and - groups. This script is idempotent and will only change configuration if - necessary. - - Example configuration: - authz_strategy_config = [ - strategy: 'GlobalMatrixAuthorizationStrategy', - user_permissions: [ - anonymous: ['Job Discover'], - authenticated: ['Overall Read', 'Job Read', 'View Read'], - admin: ['Overall Administer'] - ] - ] - - Available Authorization Strategies: - GlobalMatrixAuthorizationStrategy - ProjectMatrixAuthorizationStrategy - - Available user permissions: - Overall Administer - Overall Read - Agent Configure - Agent Delete - Agent Create - Agent Disconnect - Agent Connect - Agent Build - Agent Provision - Run Delete - Run Update - Job Create - Job Delete - Job Configure - Job Read - Job Discover - Job Build - Job Workspace - Job Cancel - SCM Tag - Credentials Create - Credentials Update - Credentials View - Credentials Delete - Credentials ManageDomains - Job Move - View Create - View Delete - View Configure - View Read - Run Replay - - "Job ViewStatus" permission becomes available after installing the - embeddable build status plugin. - */ - -import hudson.security.GlobalMatrixAuthorizationStrategy -import hudson.security.Permission -import hudson.security.ProjectMatrixAuthorizationStrategy -import jenkins.model.Jenkins - -/** - * FUNCTIONS AND SETUP CODE - */ -String shortName(Permission p) { - p.id.tokenize('.')[-2..-1].join(' ') - .replace('Hudson','Overall') - .replace('Computer', 'Agent') - .replace('Item', 'Job') - .replace('CredentialsProvider', 'Credentials') -} - -Map getCurrentPermissions(Map config = [:]) { - Map currentPermissions = [:].withDefault { [].toSet() } - if(!('getGrantedPermissions' in Jenkins.instance.authorizationStrategy.metaClass.methods*.name.sort().unique())) { - return currentPermissions - } - Closure merger = { Map nmap, Map m -> - m.each { k, v -> - nmap[k] += v - } - } - Jenkins.instance.authorizationStrategy.grantedPermissions.collect { permission, userList -> - userList.collect { user -> - [ (user): shortName(permission) ] - } - }.flatten().each merger.curry(currentPermissions) - currentPermissions -} - -boolean isConfigurationEqual(Map config) { - Map currentPermissions = getCurrentPermissions(config) - Jenkins.instance.authorizationStrategy.class.name.endsWith(config['strategy']) && - !(false in config['user_permissions'].collect { k, v -> currentPermissions[k] == v.toSet() }) && - currentPermissions.keySet() == config['user_permissions'].keySet() -} - -boolean isValidConfig(def config, List validPermissions) { - Map currentPermissions = getCurrentPermissions() - config instanceof Map && - config.keySet().containsAll(['strategy', 'user_permissions']) && - config['strategy'] && - config['strategy'] instanceof String && - config['strategy'] in ['GlobalMatrixAuthorizationStrategy', 'ProjectMatrixAuthorizationStrategy'] && - config['user_permissions'] && - !(false in config['user_permissions'].collect { k, v -> - k instanceof String && - (v instanceof List || v instanceof Set) && - !(false in v.collect { - validPermissions.contains(it) - }) - }) -} - -Map permissionIds = Permission.all.findAll { permission -> - List nonConfigurablePerms = ['RunScripts', 'UploadPlugins', 'ConfigureUpdateCenter'] - permission.enabled && - !permission.id.startsWith('hudson.security.Permission') && - !(true in nonConfigurablePerms.collect { permission.id.endsWith(it) }) -}.collect { permission -> - [ (shortName(permission)): permission ] -}.sum() - -/** - * MAIN EXECUTION - */ - -authz_strategy_config = [ - strategy: 'GlobalMatrixAuthorizationStrategy', - user_permissions: [ - 'percona*build-engineers': ['Overall Administer'], - 'percona*iit': ['Overall Administer'], - 'percona*dev-ps': ['Overall Read','Agent Configure','Agent Delete','Agent Create','Agent Disconnect','Agent Connect','Agent Build','Agent Provision','Run Delete','Run Update','Run Replay','Job Create','Job Delete','Job Configure','Job Read','Job Discover','Job Build','Job Workspace','Job Cancel','Job Move','View Create','View Delete','View Configure','View Read'], - 'percona*QA-ps': ['Overall Read','Agent Configure','Agent Delete','Agent Create','Agent Disconnect','Agent Connect','Agent Build','Agent Provision','Run Delete','Run Update','Run Replay','Job Create','Job Delete','Job Configure','Job Read','Job Discover','Job Build','Job Workspace','Job Cancel','Job Move','View Create','View Delete','View Configure','View Read'], - 'percona*doc': ['Overall Read','Agent Build','Agent Connect','Agent Provision','Job Discover','Job Read','Job Build','Job Cancel','Job Workspace','View Read'], - ] -] - -if(!binding.hasVariable('authz_strategy_config')) { - authz_strategy_config = [:] -} - -if(!isValidConfig(authz_strategy_config, permissionIds.keySet().toList())) { - println([ - 'Skip configuring matrix authorization strategy because no valid config was provided.', - 'Available Authorization Strategies:\n GlobalMatrixAuthorizationStrategy\n ProjectMatrixAuthorizationStrategy', - "Available Permissions:\n ${permissionIds.keySet().join('\n ')}" - ].join('\n')) - return -} - -if(isConfigurationEqual(authz_strategy_config)) { - println "Nothing changed. ${authz_strategy_config['strategy']} authorization strategy already configured." - return -} - -println "Configuring authorization strategy ${authz_strategy_config['strategy']}" - -def authz_strategy = Class.forName("hudson.security.${authz_strategy_config['strategy']}").newInstance() - -// build the permissions in the strategy -authz_strategy_config['user_permissions'].each { user, permissions -> - permissions.each { p -> - authz_strategy.add(permissionIds[p], user) - println " For user ${user} grant permission ${p}." - } -} - -// configure global authorization -Jenkins.instance.authorizationStrategy = authz_strategy - -// save settings to persist across restarts -Jenkins.instance.save()