From: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
Date: Mon, 30 Nov 2020 23:23:30 +0000 (+0000)
Subject: Merge "Schedule icn-bluval-daily-master at midnight"
X-Git-Tag: v0.4.0~3
X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=c8483eeb22b493d194b9b9d5b6caac911d87989b;hp=15cc67da65031ed7a628bd6ce5967a952ca9ec8b;p=icn.git

Merge "Schedule icn-bluval-daily-master at midnight"
---

diff --git a/ci/jjb/akraino-icn-templates.yaml b/ci/jjb/akraino-icn-templates.yaml
index f0cac38..f322491 100644
--- a/ci/jjb/akraino-icn-templates.yaml
+++ b/ci/jjb/akraino-icn-templates.yaml
@@ -226,3 +226,13 @@
           unstable-on-warning: false
           fail-on-error: true
           show-graphs: true
+      - postbuildscript:
+          mark-unstable-if-failed: true
+          builders:
+              - build-on:
+                    - SUCCESS
+                    - UNSTABLE
+                    - FAILURE
+                build-steps:
+                    - shell: !include-raw-escape:
+                        shell/bluval-postbuild.sh
diff --git a/ci/jjb/shell/bluval-postbuild.sh b/ci/jjb/shell/bluval-postbuild.sh
new file mode 100644
index 0000000..622ad7a
--- /dev/null
+++ b/ci/jjb/shell/bluval-postbuild.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+set -e
+set -o errexit
+set -o pipefail
+
+echo "[ICN] Uninstalling EMCO k8s"
+cd k8s/kud/hosting_providers/vagrant
+ansible-playbook -i inventory/hosts.ini /opt/kubespray-2.12.6/reset.yml --become --become-user=root -e reset_confirmation=yes
+
+echo "[ICN] Purging Docker fully"
+cat << EOF | tee purge-docker.yml
+---
+- hosts: all
+  gather_facts: True
+  tasks:
+    - name: reset | remove all docker images
+      shell: "/usr/bin/docker image ls -a -q | xargs -r /usr/bin/docker rmi -f"
+      retries: 2
+      delay: 5
+      tags:
+        - docker
+    - name: reset | remove docker itself
+      shell: "apt-get purge docker-* -y --allow-change-held-packages"
+      retries: 2
+      delay: 30
+      tags:
+        - docker
+EOF
+ansible-playbook -i inventory/hosts.ini purge-docker.yml --become --become-user=root
diff --git a/ci/jjb/shell/bluval.sh b/ci/jjb/shell/bluval.sh
index a08c39a..87b3c57 100644
--- a/ci/jjb/shell/bluval.sh
+++ b/ci/jjb/shell/bluval.sh
@@ -3,6 +3,46 @@ set -e
 set -o errexit
 set -o pipefail
 
+echo "[ICN] Downloading EMCO k8s"
+git clone "https://gerrit.onap.org/r/multicloud/k8s"
+cp ~/aio.sh k8s/kud/hosting_providers/baremetal/aio.sh
+cp ~/installer.sh k8s/kud/hosting_providers/vagrant/installer.sh
+
+echo "[ICN] Installing EMCO k8s"
+sudo chown root:root /var/lib/jenkins/.netrc
+sudo k8s/kud/hosting_providers/baremetal/aio.sh
+sudo chown jenkins:jenkins /var/lib/jenkins/.netrc
+sudo chown jenkins:jenkins -R /var/lib/jenkins/workspace/icn-bluval-daily-master/k8s/kud/hosting_providers/vagrant
+# the .netrc chown is a temporary workaround, needs to be fixed in multicloud-k8s
+sleep 5
+
+echo "[ICN] Patching EMCO k8s security vulnerabilities"
+kubectl replace -f - << EOF
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: pod-reader
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "false"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:public-info-viewer
+rules:
+- nonResourceURLs:
+  - /livez
+  - /readyz
+  - /healthz
+  verbs:
+  - get
+EOF
+kubectl replace -f - << EOF
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: default
+automountServiceAccountToken: false
+EOF
+
 echo "[ICN] Downloading run_bluval.sh from upstream ci-management"
 wget --read-timeout=10 --timeout=10 --waitretry=10 -t 10 https://raw.githubusercontent.com/akraino-edge-stack/ci-management/master/jjb/shell/run_bluval.sh