diff options
author | Christophe Lyon <christophe.lyon@linaro.org> | 2017-02-16 14:20:17 +0000 |
---|---|---|
committer | Christophe Lyon <christophe.lyon@linaro.org> | 2017-02-16 19:49:32 +0000 |
commit | f5cd936e64dbf7926e034505ca90ef18a7d87aae (patch) | |
tree | 9af4fb98f8bb48f8cbe231012e1321b2d1f3caa1 | |
parent | bc10573bdd10b56c7ced7a9b63a133a40a92cd1e (diff) |
start-container-docker.sh: Propagate tcwg-buildslave ssh key.
This is a workaround to Jenkins/ssh-agent problems.
The keys are present on the host where the script is run,
we make sure the docker container will accept them.
Start ssh-agent if necessary, provide it with the
key, and export related environment variables.
Change-Id: Ic787a34993700c5878fc450e6023ed6e2c858fd4
-rwxr-xr-x | start-container-docker.sh | 40 |
1 files changed, 36 insertions, 4 deletions
diff --git a/start-container-docker.sh b/start-container-docker.sh index 9dd7e89f..75efc502 100755 --- a/start-container-docker.sh +++ b/start-container-docker.sh @@ -6,12 +6,15 @@ set -e # This script is meant to be executed from Jenkins jobs inside TCWG # lab. It prints shell commands meant to be executed in the parent # shell, consisting in: -# - a cleanup statement, to remove the container on exit for instance # - definition of ${CONTAINER}, used to prefix commands that you want # to run inside the container. +# - definition of ${CONTAINER_CLEANUP}, a cleanup statement remove the +# container on exit for instance # - definition of ${session_host} and ${session_port}, can be used for # a remote connexion to the container - +# - if needed, the script starts ssh-agent and adds the required key, +# and returns shell statements to export the related variables. In +# this case, it also updates ${CONTAINER_CLEANUP}. usage() { echo "Usage: $0 --arch container-arch --distro flavour [--session-host host] [--session-name name] [--task {build|test}]" echo @@ -137,6 +140,22 @@ trap "$DOCKER rm -fv $session_id ; exec 1>&3 2>&4" EXIT session_port=$($DOCKER port $session_id 22 | cut -d: -f 2) +# Special case for tcwg-buildslave: we use a dedicated ssh key for +# builds in TCWG lab. Update the docker container authorized_keys with +# a copy from the main host. +if [ "x`whoami`" = "xtcwg-buildslave" ]; then + docker cp $HOME/.ssh/authorized_keys ${session_id}:/home/tcwg-buildslave/.ssh/authorized_keys + + # Start ssh-agent locally and add the right private key to it, but + # only if it is not already running. Indeed, even if we want to + # start several containers, we need only one ssh-agent. + if [ -f $HOME/.ssh/id_rsa -a "x${SSH_AGENT_PID}" = "x" ]; then + eval `ssh-agent -s` + ssh-add $HOME/.ssh/id_rsa + CONTAINER_CLEANUP="ssh-agent -k" + fi +fi + # Wait until the ssh server is ready to serve connexions # Make sure connexion messages go to stderr, so that in case of @@ -162,9 +181,22 @@ trap EXIT # Restore stdout/stderr exec 1>&3 2>&4 +# Non-empty CONTAINER_CLEANUP means we have started ssh-agent here, so +# update the cleanup code and make sure to share the relevant +# information with the parent shell +if [ "x${CONTAINER_CLEANUP}" = "x" ]; then + CONTAINER_CLEANUP="$DOCKER rm -fv ${session_id}" +else + CONTAINER_CLEANUP="${CONTAINER_CLEANUP} ; $DOCKER rm -fv ${session_id}" + cat <<EOF +export SSH_AGENT_PID=${SSH_AGENT_PID} +export SSH_AUTH_SOCK=${SSH_AUTH_SOCK} +EOF +fi + cat <<EOF -CONTAINER="ssh -p $session_port -A $session_host" -CONTAINER_CLEANUP="$DOCKER rm -fv $session_id" +CONTAINER="ssh -p ${session_port} -A ${session_host}" +CONTAINER_CLEANUP="${CONTAINER_CLEANUP}" session_host=${session_host} session_port=${session_port} EOF |