Merge pull request #4698 from edx/youngstrom/jenkins_container_compose

Rip out mongo from jenkins_worker container and rework users to reduce image size

docker/build/jenkins_worker/Dockerfile

@@ -23,21 +23,11 @@ ARG OPENEDX_RELEASE=master
 ENV OPENEDX_RELEASE=${OPENEDX_RELEASE}
 RUN sudo /edx/app/edx_ansible/venvs/edx_ansible/bin/ansible-playbook edxapp.yml \
     -c local -i '127.0.0.1,' \
-    -t 'install,assets,devstack,jenkins-worker' \
+    -t 'install,assets,devstack' \
     --extra-vars="edx_platform_version=${OPENEDX_RELEASE}" \
     --extra-vars="@/jenkins_worker/ansible_overrides.yml" \
     --extra-vars="@/devstack/ansible_overrides.yml"
 
-# Run the mongo play
-COPY docker/build/mongo/ansible_overrides.yml /mongo/ansible_overrides.yml
-
-RUN mkdir -p /data/db
-WORKDIR /edx/app/edx_ansible/edx_ansible/docker/plays
-RUN /edx/app/edx_ansible/venvs/edx_ansible/bin/ansible-playbook mongo.yml \
-    -i '127.0.0.1,' -c local \
-    -t 'install' \
-    --extra-vars="@/mongo/ansible_overrides.yml"
-
 # Add sshd to enable jenkins master to ssh into containers
 RUN apt-get update \
   && apt-get install -y openssh-server \
@@ -45,11 +35,7 @@ RUN apt-get update \
 
 ARG JENKINS_WORKER_KEY_URL=https://files.edx.org/testeng/jenkins.keys
 RUN mkdir /var/run/sshd \
-  && groupadd ubuntu \
-  && useradd -ms /bin/bash ubuntu -g ubuntu -d /home/ubuntu \
-  && curl ${JENKINS_WORKER_KEY_URL} --create-dirs -o /home/ubuntu/.ssh/authorized_keys
-
-RUN chown -R ubuntu /home/ubuntu /edx/app/edxapp/edx-platform /edx/app/edxapp/venvs
-CMD ["/edx/app/supervisor/venvs/supervisor/bin/supervisord", "-n", "--configuration", "/edx/app/supervisor/supervisord.conf"]
+  && curl ${JENKINS_WORKER_KEY_URL} --create-dirs -o /edx/app/edxapp/.ssh/authorized_keys
 
+CMD ["/usr/sbin/sshd", "-D"]
 EXPOSE 22

docker/build/jenkins_worker/ansible_overrides.yml

@@ -6,16 +6,23 @@ EDXAPP_LMS_GUNICORN_EXTRA_CONF: 'reload = True'
 EDXAPP_NO_PREREQ_INSTALL: 0
 EDXAPP_OAUTH_ENFORCE_SECURE: false
 EDXAPP_PYTHON_SANDBOX: false
-EDXAPP_SETTINGS: devstack_docker
+EDXAPP_SETTINGS: 'devstack_docker'
 MONGO_AUTH: false
 SECURITY_UPGRADE_ON_ANSIBLE: true
 
 devstack: true
 edxapp_debian_pkgs_extra:
   - mongodb-clients
+edxapp_environment_extra:
+  SELENIUM_BROWSER: 'firefox'
+  SELENIUM_HOST: 'localhost'
+  SELENIUM_PORT: '4444'
 edxapp_npm_production: 'no'
 edxapp_requirements_files:
   - "{{ testing_requirements_file }}"
+edxapp_user: ubuntu
+edxapp_user_createhome: 'yes'
+edxapp_user_shell: '/bin/bash'
 migrate_db: false
 mongo_enable_journal: false
 service_variants_enabled: []

playbooks/roles/edxapp/defaults/main.yml

@@ -916,6 +916,8 @@ edxapp_node_version: "{{ common_node_version }}"
 # This is where node installs modules, not node itself
 edxapp_node_bin: "{{ edxapp_code_dir }}/node_modules/.bin"
 edxapp_user: edxapp
+edxapp_user_createhome: 'no'
+edxapp_user_shell: '/bin/false'
 edxapp_deploy_path: "{{ edxapp_venv_bin }}:{{ edxapp_code_dir }}/bin:{{ edxapp_node_bin }}:{{ edxapp_nodeenv_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 edxapp_staticfile_dir: "{{ edxapp_data_dir }}/staticfiles"
 edxapp_media_dir: "{{ edxapp_data_dir }}/media"

playbooks/roles/edxapp/tasks/main.yml

@@ -6,8 +6,8 @@
   user:
     name: "{{ edxapp_user }}"
     home: "{{ edxapp_app_dir }}"
-    createhome: no
-    shell: /bin/false
+    createhome: "{{ edxapp_user_createhome }}"
+    shell: "{{ edxapp_user_shell }}"
   tags:
     - install
     - install:base

playbooks/roles/edxapp/tasks/service_variant_config.yml

@@ -66,40 +66,6 @@
     - install
     - install:configuration
 
-# write the supervisor script for mongod and sshd
-# this should only be run when provisioning a jenkins-worker container
-- name: Set ignore_jenkins_worker_command when no tags present
-  set_fact: ignore_jenkins_worker_command=true
-
-- name: writing mongod and sshd supervisor scripts
-  template:
-    src: "edx/app/supervisor/conf.d.available/{{ item }}.j2"
-    dest: "{{ supervisor_available_dir }}/{{ item }}"
-    owner: "{{ supervisor_user }}"
-    group: "{{ supervisor_user }}"
-    mode: 0644
-  become_user: "{{ supervisor_user }}"
-  with_items:
-    - mongod.conf
-    - sshd.conf
-  when: 'ignore_jenkins_worker_command is not defined'
-  tags:
-    - jenkins-worker
-
-- name: "enable mongod and sshd supervisor script"
-  file:
-    src: "{{ supervisor_available_dir }}/{{ item }}.conf"
-    dest: "{{ supervisor_cfg_dir }}/{{ item }}.conf"
-    state: link
-    force: yes
-  become_user: "{{ supervisor_user }}"
-  with_items:
-    - mongod
-    - sshd
-  when: 'ignore_jenkins_worker_command is not defined'
-  tags:
-    - jenkins-worker
-
 # Enable the supervisor jobs
 - name: "enable {{ item }} supervisor script"
   file:

playbooks/roles/edxapp/templates/edx/app/supervisor/conf.d.available/mongod.conf.j2

-[program:mongod]
-command=mongod --smallfiles --nojournal --storageEngine wiredTiger
-stdout_logfile={{ supervisor_log_dir }}/%(program_name)s-stdout.log
-stderr_logfile={{ supervisor_log_dir }}/%(program_name)s-stderr.log
-autorestart=true

playbooks/roles/edxapp/templates/edx/app/supervisor/conf.d.available/sshd.conf.j2

-[program:sshd]
-command=/usr/sbin/sshd -D
-stdout_logfile={{ supervisor_log_dir }}/%(program_name)s-stdout.log
-stderr_logfile={{ supervisor_log_dir }}/%(program_name)s-stderr.log
-autorestart=true

util/parsefiles_config.yml

@@ -32,7 +32,7 @@ weights:
   - mongo: 1
   - devpi: 1
   - jenkins_build: 8
-  - jenkins_worker: 26
+  - jenkins_worker: 23
   - analytics_pipeline: 8
   - analytics_pipeline_hadoop_datanode: 2
   - analytics_pipeline_hadoop_namenode: 3