jjb: Enable the use of .ssh/authorized_keys2 when building images

[lttng-ci.git] / pipelines / images / imagebuild.sh

diff --git a/pipelines/images/imagebuild.sh b/pipelines/images/imagebuild.sh
index 1b36a0331f5d6290493742957d4089c1fe0f6c2d..befc9bf0fb2f1e302b0901f486f9246c686b71ae 100644 (file)
--- a/pipelines/images/imagebuild.sh
+++ b/pipelines/images/imagebuild.sh
@@ -49,7 +49,7 @@ if [[ ! "${MISSING_VARS}" == "0" ]] ; then
 fi
 
 # Default optional variables
-INSTANCE_START_TIMEOUT="${INSTANCE_START_TIMEOUT:-60}"
+INSTANCE_START_TIMEOUT="${INSTANCE_START_TIMEOUT:-120}"
 NETWORK_SLEEP="${NETWORK_SLEEP:-15}"
 
 # Dependencies
@@ -91,9 +91,9 @@ set +e
 TRIES_MAX=3
 TRIES=0
 while [[ "${TRIES}" -lt "${TRIES_MAX}" ]] ; do
-    if ! INSTANCE_NAME=$(lxc -q launch -e "${VM_ARG[@]}" -p default -p "${LXD_INSTANCE_PROFILE}" "${SOURCE_IMAGE_NAME}/${IMAGE_TYPE}") ; then
+    if ! INSTANCE_NAME=$(lxc -q launch "${VM_ARG[@]}" -p default -p "${LXD_INSTANCE_PROFILE}" "${SOURCE_IMAGE_NAME}/${IMAGE_TYPE}") ; then
         # Try from images
-        if ! INSTANCE_NAME=$(lxc -q launch -e "${VM_ARG[@]}" -p default -p "${LXD_INSTANCE_PROFILE}" images:"${SOURCE_IMAGE_NAME}") ; then
+        if ! INSTANCE_NAME=$(lxc -q launch "${VM_ARG[@]}" -p default -p "${LXD_INSTANCE_PROFILE}" images:"${SOURCE_IMAGE_NAME}") ; then
             TRIES=$((TRIES + 1))
             echo "Failed to deployed ephemereal instance attempt ${TRIES}/${TRIES_MAX}"
             if [[ "${TRIES}" -lt  "${TRIES_MAX}" ]] ; then
@@ -111,6 +111,7 @@ INSTANCE_NAME="$(echo "${INSTANCE_NAME}" | cut -d ':' -f 2 | tr -d ' ')"
 set -e
 
 CLEANUP+=(
+    "lxc delete -f ${INSTANCE_NAME}"
     "lxc stop ${INSTANCE_NAME}"
 )
 
@@ -172,6 +173,10 @@ CLEANUP+=(
     "rm -f ${HOME}/.ssh/id_rsa"
 )
 lxc file push ~/.ssh/id_rsa.pub "ci:${INSTANCE_NAME}/root/.ssh/authorized_keys2"
+# Some distros, eg. Rocky Linux, don't enable the use of authorized_keys2
+# by default
+lxc exec "ci:${INSTANCE_NAME}" -- bash -c 'if test -f /etc/redhat-release ; then sed -i "s#^AuthorizedKeysFile.*#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2#" /etc/ssh/sshd_config ; systemctl restart sshd ; fi'
+
 
 # Confirm working SSH connection
 if ! ssh "${INSTANCE_IP}" hostname ; then
@@ -196,22 +201,29 @@ LANG=C ANSIBLE_STRATEGY=linear ansible-playbook \
        playbooks/post-imagebuild-clean.yml \
        -l "${INSTANCE_IP}" -i fake-inventory
 
+# Graceful shutdown
+lxc stop "${INSTANCE_NAME}"
+
 # Publish
-lxc publish "${INSTANCE_NAME}" --alias "${TARGET_IMAGE_NAME}" -f
+if FINGERPRINT=$(lxc publish "${INSTANCE_NAME}" 2>&1 | grep -E -o '[A-Fa-f0-9]{64}') ; then
+    echo "Published instance with fingerprint '${FINGERPRINT}'"
+else
+    fail 1 "No fingerprint for published instance"
+fi
 
 TRIES=0
 
 if [[ "${TEST}" == "true" ]] ; then
     set +e
     while [[ "${TRIES}" -lt "${TRIES_MAX}" ]] ; do
-        if ! INSTANCE_NAME=$(lxc -q launch -e "${VM_ARG[@]}" -p default -p "${LXD_INSTANCE_PROFILE}" "${TARGET_IMAGE_NAME}")  ; then
+        if ! INSTANCE_NAME=$(lxc -q launch -e "${VM_ARG[@]}" -p default -p "${LXD_INSTANCE_PROFILE}" "${FINGERPRINT}")  ; then
             TRIES=$((TRIES + 1))
             echo "Failed to launch instance try ${TRIES}/${TRIES_MAX}"
             if [[ "${TRIES}" -lt "${TRIES_MAX}" ]] ; then
                 sleep $((1 + RANDOM % 10))
                 continue
             fi
-            fail 1 "Failed to launch an instance using newly published image '${TARGET_IMAGE_NAME}'"
+            fail 1 "Failed to launch an instance using newly published image '${FINGERPRINT}'"
         else
             INSTANCE_NAME="$(echo "${INSTANCE_NAME}" | cut -d':' -f2 | tr -d ' ')"
             CLEANUP+=(
@@ -222,3 +234,6 @@ if [[ "${TEST}" == "true" ]] ; then
     done
     set -e
 fi
+
+lxc image alias delete "${TARGET_IMAGE_NAME}" || true
+lxc image alias create "${TARGET_IMAGE_NAME}" "${FINGERPRINT}"