unstable-on-warning: false
fail-on-error: true
show-graphs: true
+ - postbuildscript:
+ mark-unstable-if-failed: true
+ builders:
+ - build-on:
+ - SUCCESS
+ - UNSTABLE
+ - FAILURE
+ build-steps:
+ - shell: !include-raw-escape:
+ shell/bluval-postbuild.sh
--- /dev/null
+#!/bin/bash
+set -e
+set -o errexit
+set -o pipefail
+
+echo "[ICN] Uninstalling EMCO k8s"
+cd k8s/kud/hosting_providers/vagrant
+ansible-playbook -i inventory/hosts.ini /opt/kubespray-2.12.6/reset.yml --become --become-user=root -e reset_confirmation=yes
+
+echo "[ICN] Purging Docker fully"
+cat << EOF | tee purge-docker.yml
+---
+- hosts: all
+ gather_facts: True
+ tasks:
+ - name: reset | remove all docker images
+ shell: "/usr/bin/docker image ls -a -q | xargs -r /usr/bin/docker rmi -f"
+ retries: 2
+ delay: 5
+ tags:
+ - docker
+ - name: reset | remove docker itself
+ shell: "apt-get purge docker-* -y --allow-change-held-packages"
+ retries: 2
+ delay: 30
+ tags:
+ - docker
+EOF
+ansible-playbook -i inventory/hosts.ini purge-docker.yml --become --become-user=root
set -o errexit
set -o pipefail
+echo "[ICN] Downloading EMCO k8s"
+git clone "https://gerrit.onap.org/r/multicloud/k8s"
+cp ~/aio.sh k8s/kud/hosting_providers/baremetal/aio.sh
+cp ~/installer.sh k8s/kud/hosting_providers/vagrant/installer.sh
+
+echo "[ICN] Installing EMCO k8s"
+sudo chown root:root /var/lib/jenkins/.netrc
+sudo k8s/kud/hosting_providers/baremetal/aio.sh
+sudo chown jenkins:jenkins /var/lib/jenkins/.netrc
+sudo chown jenkins:jenkins -R /var/lib/jenkins/workspace/icn-bluval-daily-master/k8s/kud/hosting_providers/vagrant
+# the .netrc chown is a temporary workaround, needs to be fixed in multicloud-k8s
+sleep 5
+
+echo "[ICN] Patching EMCO k8s security vulnerabilities"
+kubectl replace -f - << EOF
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: pod-reader
+ annotations:
+ rbac.authorization.kubernetes.io/autoupdate: "false"
+ labels:
+ kubernetes.io/bootstrapping: rbac-defaults
+ name: system:public-info-viewer
+rules:
+- nonResourceURLs:
+ - /livez
+ - /readyz
+ - /healthz
+ verbs:
+ - get
+EOF
+kubectl replace -f - << EOF
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: default
+automountServiceAccountToken: false
+EOF
+
echo "[ICN] Downloading run_bluval.sh from upstream ci-management"
wget --read-timeout=10 --timeout=10 --waitretry=10 -t 10 https://raw.githubusercontent.com/akraino-edge-stack/ci-management/master/jjb/shell/run_bluval.sh