HOSTS: el6-build-server: roles: - default - master - agent - build_server platform: el-6-x86_64 hypervisor: docker image: centos:6 docker_image_commands: - 'yum install -y epel-release' - "echo 'Defaults:build_user !requiretty' >> /etc/sudoers" - "echo 'build_user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers" - 'useradd -b /home -m -c "Build User" -s /bin/bash -U build_user' - 'yum install -y facter rubygem-json' # simp build-deps - 'yum install -y rpm-build augeas-devel createrepo genisoimage git gnupg2 libicu-devel libxml2 libxml2-devel libxslt libxslt-devel rpmdevtools which' # rvm build-deps - 'yum install -y libyaml-devel glibc-headers autoconf gcc-c++ glibc-devel readline-devel libffi-devel openssl-devel automake libtool bison sqlite-devel' # # Do our best to get one of the keys from at one of the servers, and to # trust the right ones if the GPG keyservers return bad keys # # These are the keys we want: # # 409B6B1796C275462A1703113804BB82D39DC0E3 # mpapis@gmail.com # 7D2BAF1CF37B13E2069D6956105BD0E739499BDB # piotr.kuczynski@gmail.com # # See: # - https://rvm.io/rvm/security # - https://github.com/rvm/rvm/blob/master/docs/gpg.md # - https://github.com/rvm/rvm/issues/4449 # - https://github.com/rvm/rvm/issues/4250 # - https://seclists.org/oss-sec/2018/q3/174 # # NOTE (mostly to self): In addition to RVM's documented procedures, # importing from https://keybase.io/mpapis may be a practical # alternative for 409B6B1796C275462A1703113804BB82D39DC0E3: # # curl https://keybase.io/mpapis/pgp_keys.asc | gpg2 --import # - 'runuser build_user -l -c "for i in {1..5}; do { gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3; } && break || sleep 1; done"' - 'runuser build_user -l -c "for i in {1..5}; do { gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB; } && break || sleep 1; done"' # - 'runuser build_user -l -c "gpg2 --refresh-keys"' - 'runuser build_user -l -c "curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer -o rvm-installer && curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer.asc -o rvm-installer.asc && gpg2 --verify rvm-installer.asc rvm-installer && bash rvm-installer"' - 'runuser build_user -l -c "rvm install 2.4"' - 'runuser build_user -l -c "rvm use --default 2.4"' - 'runuser build_user -l -c "rvm all do gem install bundler"' mount_folders: folder1: host_path: ./ container_path: /host_files docker_preserve_image: true el7-build-server: roles: - build_server platform: el-7-x86_64 hypervisor: docker image: centos:7 docker_cmd: '/sbin/sshd; tail -f /dev/null' docker_image_commands: - 'yum install -y epel-release' - 'ln -sf /bin/true /usr/bin/systemctl' # Work around regression in beaker-docker # https://github.com/puppetlabs/beaker-docker/pull/15/files - 'yum install -y sudo openssh-server openssh-clients' - "sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config" - "sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config" - "sed -ri 's/^#?UseDNS .*/UseDNS no/' /etc/ssh/sshd_config" - "echo 'Defaults:build_user !requiretty' >> /etc/sudoers" - "echo 'build_user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers" - 'useradd -b /home -m -c "Build User" -s /bin/bash -U build_user' - 'yum install -y facter rubygem-json' # simp build-deps - 'yum install -y rpm-build augeas-devel createrepo genisoimage git gnupg2 libicu-devel libxml2 libxml2-devel libxslt libxslt-devel rpmdevtools clamav-update which' # rvm build-deps # # Do our best to get one of the keys from at one of the servers, and to # trust the right ones if the GPG keyservers return bad keys # # These are the keys we want: # # 409B6B1796C275462A1703113804BB82D39DC0E3 # mpapis@gmail.com # 7D2BAF1CF37B13E2069D6956105BD0E739499BDB # piotr.kuczynski@gmail.com # # See: # - https://rvm.io/rvm/security # - https://github.com/rvm/rvm/blob/master/docs/gpg.md # - https://github.com/rvm/rvm/issues/4449 # - https://github.com/rvm/rvm/issues/4250 # - https://seclists.org/oss-sec/2018/q3/174 # # NOTE (mostly to self): In addition to RVM's documented procedures, # importing from https://keybase.io/mpapis may be a practical # alternative for 409B6B1796C275462A1703113804BB82D39DC0E3: # # curl https://keybase.io/mpapis/pgp_keys.asc | gpg2 --import # - 'runuser build_user -l -c "for i in {1..5}; do { gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3; } && { gpg2 --keyserver hkp://pgp.mit.edu --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB || gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 7D2BAF1CF37B13E2069D6956105BD0E739499BDB; } && break || sleep 1; done"' - 'runuser build_user -l -c "gpg2 --refresh-keys"' - 'runuser build_user -l -c "curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer -o rvm-installer && curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer.asc -o rvm-installer.asc && gpg2 --verify rvm-installer.asc rvm-installer && bash rvm-installer"' - 'runuser build_user -l -c "rvm install 2.4"' - 'runuser build_user -l -c "rvm use --default 2.4"' - 'runuser build_user -l -c "rvm all do gem install bundler"' - 'yum install -y rpm-sign' mount_folders: folder1: host_path: ./ container_path: /host_files docker_preserve_image: true ssh: password: root auth_methods: - password CONFIG: log_level: verbose type: aio <% if ENV['BEAKER_PUPPET_COLLECTION'] -%> puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %> <% else -%> puppet_collection: puppet5 <% end -%>