From b118489df0a04ffc4b8d55854c76da41c3c83b64 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Fri, 8 Jul 2022 14:11:13 +0200 Subject: [PATCH 1/8] hostname and puppet script as template --- cloudinit-updates-jenkins-io.tftpl | 19 +++++++++++++++++++ updates.jenkins.io.tf | 7 +++++-- 2 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 cloudinit-updates-jenkins-io.tftpl diff --git a/cloudinit-updates-jenkins-io.tftpl b/cloudinit-updates-jenkins-io.tftpl new file mode 100644 index 0000000..6c9be11 --- /dev/null +++ b/cloudinit-updates-jenkins-io.tftpl @@ -0,0 +1,19 @@ +#cloud-config +write_files: + - path: /run/puppetinstall/puppet.conf + owner: root:root + permissions: '0755' + content: | + [main] + server = puppet.jenkins.io + [agent] + certname = ${hostname} +runcmd: + - [ mkdir, -p, /run/puppetinstall ] + - [ wget, "https://apt.puppetlabs.com/puppet6-release-focal.deb", -O, /run/puppetinstall/puppet6-release-focal.deb ] + - [ dpkg, -i, /run/puppetinstall/puppet6-release-focal.deb ] + - [ apt-get, update, -y ] + - [ apt-get, install, "puppet-agent=6.23.0*", --yes, --quiet, --no-install-recommends ] + - [ mv, /run/puppetinstall/puppet.conf, /etc/puppetlabs/puppet/puppet.conf] + - [ systemctl, start, puppet ] + - [ systemctl, enable, puppet ] diff --git a/updates.jenkins.io.tf b/updates.jenkins.io.tf index 2291aee..e0c0359 100644 --- a/updates.jenkins.io.tf +++ b/updates.jenkins.io.tf @@ -1,7 +1,7 @@ data "oci_core_images" "updates_jenkins_io" { compartment_id = var.compartment_ocid operating_system = "Canonical Ubuntu" - operating_system_version = "22.04" + operating_system_version = "20.04" state = "AVAILABLE" shape = local.updates_jenkins_io_shape sort_by = "TIMECREATED" @@ -9,7 +9,8 @@ data "oci_core_images" "updates_jenkins_io" { } locals { - updates_jenkins_io_shape = "VM.Standard.A1.Flex" #imply ARM + updates_jenkins_io_shape = "VM.Standard.A1.Flex" #imply ARM + updates_jenkins_io_hostname = "oracle.updates.jenkins.io" } resource "oci_core_volume_backup_policy" "updates_jenkins_io" { @@ -57,9 +58,11 @@ resource "oci_core_instance" "updates_jenkins_io" { subnet_id = oci_core_subnet.public_subnet.id assign_public_ip = false #will assign a non ephemeral one (RESERVED ip) nsg_ids = [oci_core_network_security_group.updates_jenkins_io.id] + hostname_label = local.updates_jenkins_io_hostname } metadata = { ssh_authorized_keys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFrPRIlP8qplANgNa3IO5c1gh0ZqNNj17RZeYcm+Jcb jenkins-infra-team@googlegroups.com" + user_data = base64encode(templatefile("./cloudinit-updates-jenkins-io.tftpl", { hostname = "${local.updates_jenkins_io_hostname}" })) } display_name = "Virtual Machine for updates.jenkins.io service" freeform_tags = local.all_tags From 62c6f7f29f91bb17bc707a1265bc60e074589a35 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Fri, 8 Jul 2022 14:19:28 +0200 Subject: [PATCH 2/8] assign_private_dns_record is mandatory for hostname --- updates.jenkins.io.tf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/updates.jenkins.io.tf b/updates.jenkins.io.tf index e0c0359..4b4396d 100644 --- a/updates.jenkins.io.tf +++ b/updates.jenkins.io.tf @@ -55,10 +55,11 @@ resource "oci_core_instance" "updates_jenkins_io" { source_id = data.oci_core_images.updates_jenkins_io.images[0].id } create_vnic_details { - subnet_id = oci_core_subnet.public_subnet.id - assign_public_ip = false #will assign a non ephemeral one (RESERVED ip) - nsg_ids = [oci_core_network_security_group.updates_jenkins_io.id] - hostname_label = local.updates_jenkins_io_hostname + subnet_id = oci_core_subnet.public_subnet.id + assign_public_ip = false #will assign a non ephemeral one (RESERVED ip) + nsg_ids = [oci_core_network_security_group.updates_jenkins_io.id] + hostname_label = local.updates_jenkins_io_hostname + assign_private_dns_record = true } metadata = { ssh_authorized_keys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFrPRIlP8qplANgNa3IO5c1gh0ZqNNj17RZeYcm+Jcb jenkins-infra-team@googlegroups.com" From d3212b1582d8785e54c34fe397ffc67377817d0e Mon Sep 17 00:00:00 2001 From: smerle33 Date: Fri, 8 Jul 2022 14:33:20 +0200 Subject: [PATCH 3/8] remove hostname_label and use display_name --- updates.jenkins.io.tf | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/updates.jenkins.io.tf b/updates.jenkins.io.tf index 4b4396d..0420b35 100644 --- a/updates.jenkins.io.tf +++ b/updates.jenkins.io.tf @@ -55,17 +55,15 @@ resource "oci_core_instance" "updates_jenkins_io" { source_id = data.oci_core_images.updates_jenkins_io.images[0].id } create_vnic_details { - subnet_id = oci_core_subnet.public_subnet.id - assign_public_ip = false #will assign a non ephemeral one (RESERVED ip) - nsg_ids = [oci_core_network_security_group.updates_jenkins_io.id] - hostname_label = local.updates_jenkins_io_hostname - assign_private_dns_record = true + subnet_id = oci_core_subnet.public_subnet.id + assign_public_ip = false #will assign a non ephemeral one (RESERVED ip) + nsg_ids = [oci_core_network_security_group.updates_jenkins_io.id] } metadata = { ssh_authorized_keys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFrPRIlP8qplANgNa3IO5c1gh0ZqNNj17RZeYcm+Jcb jenkins-infra-team@googlegroups.com" user_data = base64encode(templatefile("./cloudinit-updates-jenkins-io.tftpl", { hostname = "${local.updates_jenkins_io_hostname}" })) } - display_name = "Virtual Machine for updates.jenkins.io service" + display_name = local.updates_jenkins_io_hostname freeform_tags = local.all_tags } From 7e9b007d085a6473204bc0b943d4a57032a855ff Mon Sep 17 00:00:00 2001 From: smerle33 Date: Fri, 8 Jul 2022 18:42:11 +0200 Subject: [PATCH 4/8] add comment on script --- cloudinit-updates-jenkins-io.tftpl | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cloudinit-updates-jenkins-io.tftpl b/cloudinit-updates-jenkins-io.tftpl index 6c9be11..54e08ad 100644 --- a/cloudinit-updates-jenkins-io.tftpl +++ b/cloudinit-updates-jenkins-io.tftpl @@ -1,8 +1,10 @@ #cloud-config write_files: + #config file for puppet agent on this VM (updates.jenkins.io) + #not directly at the destination path as it will fail the packet installation - path: /run/puppetinstall/puppet.conf owner: root:root - permissions: '0755' + permissions: '0640' content: | [main] server = puppet.jenkins.io @@ -14,6 +16,7 @@ runcmd: - [ dpkg, -i, /run/puppetinstall/puppet6-release-focal.deb ] - [ apt-get, update, -y ] - [ apt-get, install, "puppet-agent=6.23.0*", --yes, --quiet, --no-install-recommends ] + # move the temporaty puppetagent config file in the correct place /run/puppetinstall/puppet.conf - [ mv, /run/puppetinstall/puppet.conf, /etc/puppetlabs/puppet/puppet.conf] - [ systemctl, start, puppet ] - [ systemctl, enable, puppet ] From b9432321d5b3ee882c8b2e45f3b287f487f62ed4 Mon Sep 17 00:00:00 2001 From: smerle33 Date: Mon, 11 Jul 2022 15:31:26 +0200 Subject: [PATCH 5/8] chore(cloudinit): comment and order --- cloudinit-updates-jenkins-io.tftpl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cloudinit-updates-jenkins-io.tftpl b/cloudinit-updates-jenkins-io.tftpl index 54e08ad..cfa5a38 100644 --- a/cloudinit-updates-jenkins-io.tftpl +++ b/cloudinit-updates-jenkins-io.tftpl @@ -2,6 +2,8 @@ write_files: #config file for puppet agent on this VM (updates.jenkins.io) #not directly at the destination path as it will fail the packet installation + #when writing files, do not use /tmp dir as it races with systemd-tmpfiles-clean LP: #1707222. Use /run/somedir instead. : https://cloudinit.readthedocs.io/en/latest/topics/modules.html#runcmd + - path: /run/puppetinstall/puppet.conf owner: root:root permissions: '0640' @@ -16,7 +18,7 @@ runcmd: - [ dpkg, -i, /run/puppetinstall/puppet6-release-focal.deb ] - [ apt-get, update, -y ] - [ apt-get, install, "puppet-agent=6.23.0*", --yes, --quiet, --no-install-recommends ] - # move the temporaty puppetagent config file in the correct place /run/puppetinstall/puppet.conf + # see above comment in the write_files section - [ mv, /run/puppetinstall/puppet.conf, /etc/puppetlabs/puppet/puppet.conf] - - [ systemctl, start, puppet ] - [ systemctl, enable, puppet ] + - [ systemctl, start, puppet ] From 6b6d17a3cd2bc5f9f22d48dce01c2e6113842359 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20MERLE?= <95630726+smerle33@users.noreply.github.com> Date: Mon, 11 Jul 2022 16:26:05 +0200 Subject: [PATCH 6/8] Update cloudinit-updates-jenkins-io.tftpl Co-authored-by: Damien Duportal --- cloudinit-updates-jenkins-io.tftpl | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/cloudinit-updates-jenkins-io.tftpl b/cloudinit-updates-jenkins-io.tftpl index cfa5a38..c1c9819 100644 --- a/cloudinit-updates-jenkins-io.tftpl +++ b/cloudinit-updates-jenkins-io.tftpl @@ -1,9 +1,8 @@ #cloud-config write_files: - #config file for puppet agent on this VM (updates.jenkins.io) - #not directly at the destination path as it will fail the packet installation - #when writing files, do not use /tmp dir as it races with systemd-tmpfiles-clean LP: #1707222. Use /run/somedir instead. : https://cloudinit.readthedocs.io/en/latest/topics/modules.html#runcmd - + # Configuration file for puppet agent on this VM (${hostname}) + # Not directly at the destination path as it would get the the puppet package installation stuck (asking to override) + # Also, when writing files, do not use /tmp dir as it races with systemd-tmp. Use /run/ instead (as per. : https://cloudinit.readthedocs.io/en/latest/topics/modules.html#runcmd) - path: /run/puppetinstall/puppet.conf owner: root:root permissions: '0640' From 0e9ee026b0aee397ae417650b7629116f42c6668 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20MERLE?= <95630726+smerle33@users.noreply.github.com> Date: Mon, 11 Jul 2022 16:26:15 +0200 Subject: [PATCH 7/8] Update cloudinit-updates-jenkins-io.tftpl Co-authored-by: Damien Duportal --- cloudinit-updates-jenkins-io.tftpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudinit-updates-jenkins-io.tftpl b/cloudinit-updates-jenkins-io.tftpl index c1c9819..e9b5d33 100644 --- a/cloudinit-updates-jenkins-io.tftpl +++ b/cloudinit-updates-jenkins-io.tftpl @@ -17,7 +17,7 @@ runcmd: - [ dpkg, -i, /run/puppetinstall/puppet6-release-focal.deb ] - [ apt-get, update, -y ] - [ apt-get, install, "puppet-agent=6.23.0*", --yes, --quiet, --no-install-recommends ] - # see above comment in the write_files section + # see above comment in the "write_files" section - [ mv, /run/puppetinstall/puppet.conf, /etc/puppetlabs/puppet/puppet.conf] - [ systemctl, enable, puppet ] - [ systemctl, start, puppet ] From 67d713fd0a4b4429bc9bef22398caa993daa38b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20MERLE?= <95630726+smerle33@users.noreply.github.com> Date: Mon, 11 Jul 2022 17:52:06 +0200 Subject: [PATCH 8/8] Update cloudinit-updates-jenkins-io.tftpl Co-authored-by: Damien Duportal --- cloudinit-updates-jenkins-io.tftpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cloudinit-updates-jenkins-io.tftpl b/cloudinit-updates-jenkins-io.tftpl index e9b5d33..4d47339 100644 --- a/cloudinit-updates-jenkins-io.tftpl +++ b/cloudinit-updates-jenkins-io.tftpl @@ -17,6 +17,8 @@ runcmd: - [ dpkg, -i, /run/puppetinstall/puppet6-release-focal.deb ] - [ apt-get, update, -y ] - [ apt-get, install, "puppet-agent=6.23.0*", --yes, --quiet, --no-install-recommends ] + # Pin package version to avoid agent newer than the puppetmaster + - [ apt-mark, hold, puppet-agent] # see above comment in the "write_files" section - [ mv, /run/puppetinstall/puppet.conf, /etc/puppetlabs/puppet/puppet.conf] - [ systemctl, enable, puppet ]