Disable spectre-class fixes for mos image

We do not need this security level but we heavily need
fast virtual jenkins slaves

Change-Id: Iaadf073120611668c25c66d9940218a155126e96

diff --git a/maintenance-ci/common/data/jenkins-slave.yml b/maintenance-ci/common/data/jenkins-slave.yml
index df56b027c862f1a5b44295e72dee1930f4a9c7f1..bd310a2cbf1fa0154ddb6ac32c1cfb383ee559d2 100644 (file)
--- a/maintenance-ci/common/data/jenkins-slave.yml
+++ b/maintenance-ci/common/data/jenkins-slave.yml
@@ -116,8 +116,15 @@ resources:
             echo "FLAVOR LABELS" > /etc/jenkins-agent/labels
             echo "127.0.0.1 $(hostname)" >> /etc/hosts
             echo "FLOATING" > /etc/jenkins-agent/description
-            service jenkins-swarm-agent restart
+            systemctl enable jenkins-swarm-agent
+            #service jenkins-swarm-agent start
+            apt update
+            sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT=\).*$/\1\"console=tty1 console=ttyS0 noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier\"/g' /etc/default/grub.d/50-cloudimg-settings.cfg
+            apt install -y linux-generic-hwe-16.04 linux-tools-generic-hwe-16.04 linux-cloud-tools-generic-hwe-16.04 linux-tools-common
+            update-grub
+
             wc_notify --data-binary '{"status": "SUCCESS"}'
+            reboot
           params:
            FLAVOR: {get_param: flavor}
            LABELS: {get_param: jenkins_labels}

diff --git a/maintenance-ci/common/data/mos-dev-slave.yml b/maintenance-ci/common/data/mos-dev-slave.yml
index 3f044b89515f810e38877cbdfd554ad14a776dfc..ce0fb7dfc403e5b09c6ddfeb50bb0aa421f08874 100644 (file)
--- a/maintenance-ci/common/data/mos-dev-slave.yml
+++ b/maintenance-ci/common/data/mos-dev-slave.yml
@@ -116,8 +116,15 @@ resources:
             echo "LABELS" > /etc/jenkins-agent/labels
             echo "127.0.0.1 $(hostname)" >> /etc/hosts
             echo "FLOATING" > /etc/jenkins-agent/description
-            service jenkins-swarm-agent restart
+
+            apt update
+            sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT=\).*$/\1\"console=tty1 console=ttyS0 noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier\"/g' /etc/default/grub.d/50-cloudimg-settings.cfg
+            apt install -y linux-generic-hwe-16.04 linux-tools-generic-hwe-16.04 linux-cloud-tools-generic-hwe-16.04 linux-tools-common
+            update-grub
+
+            systemctl enable jenkins-swarm-agent
             wc_notify --data-binary '{"status": "SUCCESS"}'
+            reboot
           params:
            LABELS: {get_param: jenkins_labels}
            wc_notify: { get_attr: [wait_handle, curl_cli] }

diff --git a/maintenance-ci/common/data/mos-slave.yml b/maintenance-ci/common/data/mos-slave.yml
index d5884fa41a787620d662b1b25f641869e5081e12..91e6621372341ce606ce3a573428e70484bfbfe3 100644 (file)
--- a/maintenance-ci/common/data/mos-slave.yml
+++ b/maintenance-ci/common/data/mos-slave.yml
@@ -116,8 +116,15 @@ resources:
             echo "FLAVOR LABELS" > /etc/jenkins-agent/labels
             echo "127.0.0.1 $(hostname)" >> /etc/hosts
             echo "FLOATING" > /etc/jenkins-agent/description
-            service jenkins-swarm-agent restart
+
+            apt update
+            sed -i 's/^\(GRUB_CMDLINE_LINUX_DEFAULT=\).*$/\1\"console=tty1 console=ttyS0 noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier\"/g' /etc/default/grub.d/50-cloudimg-settings.cfg
+            apt install -y linux-generic-hwe-16.04 linux-tools-generic-hwe-16.04 linux-cloud-tools-generic-hwe-16.04 linux-tools-common
+            update-grub
+
+            systemctl enable jenkins-swarm-agent
             wc_notify --data-binary '{"status": "SUCCESS"}'
+            reboot
           params:
            FLAVOR: {get_param: flavor}
            LABELS: {get_param: jenkins_labels}

diff --git a/maintenance-ci/common/scripts/build_base_swarm_slave_image.sh b/maintenance-ci/common/scripts/build_base_swarm_slave_image.sh
index 0429e790183bf7ba7c309c3ef63b6c5a137e807d..915ec343c5bb82e4b78cd13eaa3906e26565c234 100644 (file)
--- a/maintenance-ci/common/scripts/build_base_swarm_slave_image.sh
+++ b/maintenance-ci/common/scripts/build_base_swarm_slave_image.sh
@@ -74,6 +74,7 @@ java -jar /home/jenkins/jenkins-swarm-client.jar -fsroot \${fsroot:-/home/jenkin
 
 EOF
 chmod +x /home/jenkins/launch_jenkins_agent.sh
+# service jenkins-swarm-agent must be "enable"d in heat template
 cat > /etc/systemd/system/jenkins-swarm-agent.service << EOF
 [Unit]
 Description=jenkins-swarm-agent
@@ -89,7 +90,6 @@ ExecStart=/home/jenkins/launch_jenkins_agent.sh
 [Install]
 WantedBy=cloud-init.target
 EOF
-systemctl enable jenkins-swarm-agent
 
 shopt -s dotglob
 chown -R jenkins:jenkins /home/jenkins/

diff --git a/maintenance-ci/common/scripts/build_mos_swarm_slave_image.sh b/maintenance-ci/common/scripts/build_mos_swarm_slave_image.sh
index 8123cc5f1ff70844cfe4ad4855a8105cecfba921..9d6824709aa9e537df3c35a08acef587c4b1a78b 100644 (file)
--- a/maintenance-ci/common/scripts/build_mos_swarm_slave_image.sh
+++ b/maintenance-ci/common/scripts/build_mos_swarm_slave_image.sh
@@ -118,6 +118,7 @@ java -jar /home/jenkins/jenkins-swarm-client.jar -fsroot \${fsroot:-/home/jenkin
 
 EOF
 chmod +x /home/jenkins/launch_jenkins_agent.sh
+# service jenkins-swarm-agent must be "enable"d in heat template
 cat > /etc/systemd/system/jenkins-swarm-agent.service << EOF
 [Unit]
 Description=jenkins-swarm-agent
@@ -133,7 +134,6 @@ ExecStart=/home/jenkins/launch_jenkins_agent.sh
 [Install]
 WantedBy=cloud-init.target
 EOF
-systemctl enable jenkins-swarm-agent
 
 pg_version=$(dpkg-query --show --showformat='${version;3}' postgresql)
 pg_createcluster $pg_version main --start || true

diff --git a/maintenance-ci/common/scripts/prepare_build_upload_image.sh b/maintenance-ci/common/scripts/prepare_build_upload_image.sh
index 9187bd84bd5477dcc1f35707a8dc19e2bd615049..929d55a7d14f5ac5ca5fc9b82b06b5ece9487b14 100755 (executable)
--- a/maintenance-ci/common/scripts/prepare_build_upload_image.sh
+++ b/maintenance-ci/common/scripts/prepare_build_upload_image.sh
@@ -15,11 +15,11 @@ if [[ ! -z ${CUSTOM_UPDATE_SCRIPT} ]] ; then
 fi
 echo "${UPDATE_SCRIPT?} will be used for image building"
 
-if [[ ! -f /tmp/xenial-server-cloudimg-amd64-disk1.img ]] ; then
-  wget -q https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img -O /tmp/xenial-server-cloudimg-amd64-disk1.img
-  cp /tmp/xenial-server-cloudimg-amd64-disk1.img xenial-server-cloudimg-amd64-disk1.img
+if [[ ! -f /home/jenkins/xenial-server-cloudimg-amd64-disk1.img.bpk ]] ; then
+  wget -q https://cloud-images.ubuntu.com/xenial/current/xenial-server-cloudimg-amd64-disk1.img -O /home/jenkins/xenial-server-cloudimg-amd64-disk1.img.bpk
+  cp /home/jenkins/xenial-server-cloudimg-amd64-disk1.img.bpk xenial-server-cloudimg-amd64-disk1.img
 else
-  cp /tmp/xenial-server-cloudimg-amd64-disk1.img xenial-server-cloudimg-amd64-disk1.img
+  cp /home/jenkins/xenial-server-cloudimg-amd64-disk1.img.bpk xenial-server-cloudimg-amd64-disk1.img
 fi
 
 # collect maintenance team ssh keys from reclass-system
@@ -48,6 +48,7 @@ sudo mkdir -p /mnt/image
 sudo mount /dev/nbd0p1 /mnt/image
 sudo mount --bind /dev /mnt/image/dev
 sudo mount --bind /proc /mnt/image/proc
+sudo mount --bind /sys /mnt/image/sys
 sudo mv /mnt/image/etc/resolv.conf /mnt/image/etc/resolv.conf.bak
 sudo cp -f /etc/resolv.conf /mnt/image/etc/resolv.conf
 
@@ -64,6 +65,7 @@ sudo mv /mnt/image/etc/resolv.conf.bak /mnt/image/etc/resolv.conf
 sudo rm -rf /mtn/image/tmp/*
 sudo umount -l /mnt/image/dev/
 sudo umount -l /mnt/image/proc/
+sudo umount -l /mnt/image/sys/
 sudo umount -l /mnt/image
 sudo qemu-nbd -d /dev/nbd0
 sudo rm -rf /mnt/image