From c7cd75f2a3eb4c7b3730f33692650dca2b17a4b5 Mon Sep 17 00:00:00 2001 From: Andrew Grimberg Date: Mon, 13 Feb 2017 16:05:07 -0800 Subject: Bring in fail build and stomp on Ubuntu auto-up Bring in changes to fail the build if something does not properly install or has an error during the build. Also, forcibly disable and mask out the apt-daily service and timer on Ubuntu 16.04 and hopefully destroy any cron related to it for 14.04 Change-Id: I301d9c696c3d166ecece8060d415dd931d446335 Signed-off-by: Andrew Grimberg --- jenkins-scripts/basic_settings.sh | 1 - packer/provision/baseline.sh | 93 +++++++++++++++++++++++++++------------ 2 files changed, 66 insertions(+), 28 deletions(-) diff --git a/jenkins-scripts/basic_settings.sh b/jenkins-scripts/basic_settings.sh index 09563cd59..ed3743925 100755 --- a/jenkins-scripts/basic_settings.sh +++ b/jenkins-scripts/basic_settings.sh @@ -19,7 +19,6 @@ case "$(facter operatingsystem)" in # Configure Ubuntu mirror perl -pi -e 'unless(m{(security|fd\.io)}){ s{://[^/]+/}{://ca.archive.ubuntu.com/} }' /etc/apt/sources.list - apt-get update ;; *) # Do nothing on other distros for now diff --git a/packer/provision/baseline.sh b/packer/provision/baseline.sh index 055252595..36ce1ee25 100644 --- a/packer/provision/baseline.sh +++ b/packer/provision/baseline.sh @@ -2,6 +2,9 @@ # vim: ts=4 sw=4 sts=4 et tw=72 : +# force any errors to cause the script and job to end in failure +set -xeu -o pipefail + rh_systems() { # Handle the occurance where SELINUX is actually disabled SELINUX=$(grep -E '^SELINUX=(disabled|permissive|enforcing)$' /etc/selinux/config) @@ -39,24 +42,24 @@ rh_systems() { esac echo "---> Updating operating system" - yum clean all -q - yum install -y -q deltarpm - yum update -y -q + yum clean all + yum install -y deltarpm + yum update -y # add in components we need or want on systems echo "---> Installing base packages" - yum install -y -q @base https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + yum install -y @base https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm # separate group installs from package installs since a non-existing # group with dnf based systems (F21+) will fail the install if such # a group does not exist - yum install -y -q unzip xz puppet git git-review perl-XML-XPath wget make + yum install -y unzip xz puppet git git-review perl-XML-XPath wget make # All of our systems require Java (because of Jenkins) # Install all versions of the OpenJDK devel but force 1.7.0 to be the # default echo "---> Configuring OpenJDK" - yum install -y -q 'java-*-openjdk-devel' + yum install -y 'java-*-openjdk-devel' FACTER_OS=$(/usr/bin/facter operatingsystem) FACTER_OSVER=$(/usr/bin/facter operatingsystemrelease) @@ -70,14 +73,23 @@ rh_systems() { alternatives --set java_sdk_openjdk /usr/lib/jvm/java-1.7.0-openjdk.x86_64 fi ;; + RedHat|CentOS) + if [ "$(echo $FACTER_OSVER | cut -d'.' -f1)" -ge "7" ] + then + echo "---> not modifying java alternatives as OpenJDK 1.7.0 does not exist" + else + alternatives --set java /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java + alternatives --set java_sdk_openjdk /usr/lib/jvm/java-1.7.0-openjdk.x86_64 + fi + ;; *) alternatives --set java /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java alternatives --set java_sdk_openjdk /usr/lib/jvm/java-1.7.0-openjdk.x86_64 ;; esac - # Needed to parse OpenStack commands used by infra - # stack commands to initialize Heat template based systems. + # Needed to parse OpenStack commands used by infra stack commands + # to initialize Heat template based systems. yum install -y jq } @@ -103,34 +115,61 @@ Dpkg::Options { EOF - # make jdk8 available - add-apt-repository -y ppa:openjdk-r/ppa > /dev/null - # We need to force openjdk-8-jdk to install - apt-get install -qq openjdk-8-jdk > /dev/null - - # disable unattended upgrades & daily updates - echo '---> Disabling automatic daily upgrades' - grep -lR 'APT::Periodic' /etc/apt/apt.conf.d/ | perl -pi -e 's/"1"/"0"/g' - echo "---> Updating operating system" - apt-get update -qq > /dev/null - apt-get upgrade -qq > /dev/null + apt-get update + apt-get upgrade # add in stuff we know we need echo "---> Installing base packages" - apt-get install -qq unzip xz-utils puppet git git-review libxml-xpath-perl make wget > /dev/null + apt-get install unzip xz-utils puppet git git-review libxml-xpath-perl make wget # install Java 7 echo "---> Configuring OpenJDK" - apt-get install -qq openjdk-7-jdk > /dev/null + FACTER_OSVER=$(/usr/bin/facter operatingsystemrelease) + case "$FACTER_OSVER" in + 14.04) + apt-get install openjdk-7-jdk + # make jdk8 available + add-apt-repository -y ppa:openjdk-r/ppa + apt-get update + # We need to force openjdk-8-jdk to install + apt-get install openjdk-8-jdk + # make sure that we still default to openjdk 7 + update-alternatives --set java /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java + update-alternatives --set javac /usr/lib/jvm/java-7-openjdk-amd64/bin/javac + + # disable auto-update service? + if [ -f /etc/cron.daily/apt ] + then + rm -rf /etc/cron.daily/apt + fi + ;; + 16.04) + apt-get install openjdk-8-jdk + + # force auto-update services off and mask them so they can't + # be started + for i in apt-daily{service,timer} + do + systemctl disable ${i} + systemctl mask ${i} + done + ;; + *) + echo "---> Unknown Ubuntu version $FACTER_OSVER" + exit 1 + ;; + esac + + - # make sure that we still default to openjdk 7 - update-alternatives --set java /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java - update-alternatives --set javac /usr/lib/jvm/java-7-openjdk-amd64/bin/javac + # Needed to parse OpenStack commands used by infra stack commands + # to initialize Heat template based systems. + apt-get install jq - # Needed to parse OpenStack commands used by infra - # stack commands to initialize Heat template based systems. - apt-get install -qq jq > /dev/null + # disable unattended upgrades & daily updates + echo '---> Disabling automatic daily upgrades' + grep -lR 'APT::Periodic' /etc/apt/apt.conf.d/ | perl -pi -e 's/"1"/"0"/g' } -- cgit 1.2.3-korg