From dd92edfb58cd7b857341062c30d81175c155aca4 Mon Sep 17 00:00:00 2001
From: Pete Birley <pete@port.direct>
Date: Thu, 10 May 2018 15:15:15 -0500
Subject: [PATCH] Gate: use infra mirror when in infra for kubeadm aio image

This PS uses the infra mirrors in the kubeadm aio build when
running the gate in openstack-infra.

Change-Id: Id9a4bf2b13051dfcf5aea688511da24cd245de9c
---
 playbooks/osh-infra-dev-deploy.yaml       |  4 ++++
 roles/build-images/tasks/kubeadm-aio.yaml | 19 ++++++++++++++++++-
 tools/images/kubeadm-aio/Dockerfile       | 16 ++++++++++++++--
 tools/images/kubeadm-aio/sources.list     |  4 ++++
 4 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 tools/images/kubeadm-aio/sources.list

diff --git a/playbooks/osh-infra-dev-deploy.yaml b/playbooks/osh-infra-dev-deploy.yaml
index 2b65302fa..1974069a7 100644
--- a/playbooks/osh-infra-dev-deploy.yaml
+++ b/playbooks/osh-infra-dev-deploy.yaml
@@ -20,12 +20,16 @@
         ./tools/deployment/developer/000-install-packages.sh
       args:
         chdir: "{{ zuul.project.src_dir }}"
+      environment:
+        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
     - name: Deploy Kubernetes
       shell: |
         set -xe;
         ./tools/deployment/developer/005-deploy-k8s.sh
       args:
         chdir: "{{ zuul.project.src_dir }}"
+      environment:
+        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
     - name: Deploy Registry NFS, Redis, and Docker Registry
       shell: |
         set -xe;
diff --git a/roles/build-images/tasks/kubeadm-aio.yaml b/roles/build-images/tasks/kubeadm-aio.yaml
index ed3ed149b..99eb99dbe 100644
--- a/roles/build-images/tasks/kubeadm-aio.yaml
+++ b/roles/build-images/tasks/kubeadm-aio.yaml
@@ -12,6 +12,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: set zuul_site_mirror_fqdn from env var if not defined
+  when: zuul_site_mirror_fqdn is not defined
+  set_fact:
+    zuul_site_mirror_fqdn: "{{ lookup('env','zuul_site_mirror_fqdn') }}"
+
 #NOTE(portdirect): Untill https://github.com/ansible/ansible/issues/21433 is
 # reolved, we build with a shell script to make use of the host network.
 - name: Kubeadm-AIO build
@@ -51,6 +56,12 @@
                 --build-arg HTTP_PROXY="{{ proxy.http }}" \
                 --build-arg HTTPS_PROXY="{{ proxy.https }}" \
                 --build-arg NO_PROXY="{{ proxy.noproxy }}" \
+                {% if zuul_site_mirror_fqdn is defined and zuul_site_mirror_fqdn %}
+                --build-arg UBUNTU_URL="http://{{ zuul_site_mirror_fqdn }}/ubuntu/" \
+                --build-arg ALLOW_UNAUTHENTICATED="true" \
+                --build-arg PIP_INDEX_URL="http://{{ zuul_site_mirror_fqdn }}/pypi/simple" \
+                --build-arg PIP_TRUSTED_HOST="{{ zuul_site_mirror_fqdn }}" \
+                {% endif %}
                 .
       args:
         chdir: "{{ kubeadm_aio_path.stdout }}/"
@@ -68,7 +79,13 @@
                 --build-arg CNI_VERSION="{{ version.cni }}" \
                 --build-arg HELM_VERSION="{{ version.helm }}" \
                 --build-arg CHARTS="calico,flannel,tiller,kube-dns" \
+                {% if zuul_site_mirror_fqdn is defined and zuul_site_mirror_fqdn %}
+                --build-arg UBUNTU_URL="http://{{ zuul_site_mirror_fqdn }}/ubuntu/" \
+                --build-arg ALLOW_UNAUTHENTICATED="true" \
+                --build-arg PIP_INDEX_URL="http://{{ zuul_site_mirror_fqdn }}/pypi/simple" \
+                --build-arg PIP_TRUSTED_HOST="{{ zuul_site_mirror_fqdn }}" \
+                {% endif %}
                 .
       args:
         chdir: "{{ kubeadm_aio_path.stdout }}/"
-        executable: /bin/bash
\ No newline at end of file
+        executable: /bin/bash
diff --git a/tools/images/kubeadm-aio/Dockerfile b/tools/images/kubeadm-aio/Dockerfile
index 093502a47..f572ae313 100644
--- a/tools/images/kubeadm-aio/Dockerfile
+++ b/tools/images/kubeadm-aio/Dockerfile
@@ -12,10 +12,22 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#https://github.com/kubernetes/kubernetes/tree/master/build/debian-base
-FROM gcr.io/google-containers/debian-base-amd64:0.3
+FROM docker.io/ubuntu:xenial
 MAINTAINER pete.birley@att.com
 
+ARG UBUNTU_URL=http://archive.ubuntu.com/ubuntu/
+ARG ALLOW_UNAUTHENTICATED=false
+ARG PIP_INDEX_URL=https://pypi.python.org/simple/
+ARG PIP_TRUSTED_HOST=pypi.python.org
+ENV PIP_INDEX_URL=${PIP_INDEX_URL}
+ENV PIP_TRUSTED_HOST=${PIP_TRUSTED_HOST}
+
+COPY ./tools/images/kubeadm-aio/sources.list /etc/apt/
+RUN sed -i \
+        -e "s|%%UBUNTU_URL%%|${UBUNTU_URL}|g" \
+        /etc/apt/sources.list ;\
+    echo "APT::Get::AllowUnauthenticated \"${ALLOW_UNAUTHENTICATED}\";" > /etc/apt/apt.conf.d/allow-unathenticated
+
 ARG KUBE_VERSION="v1.10.2"
 ENV KUBE_VERSION ${KUBE_VERSION}
 
diff --git a/tools/images/kubeadm-aio/sources.list b/tools/images/kubeadm-aio/sources.list
new file mode 100644
index 000000000..3fb443fea
--- /dev/null
+++ b/tools/images/kubeadm-aio/sources.list
@@ -0,0 +1,4 @@
+deb %%UBUNTU_URL%% xenial main universe
+deb %%UBUNTU_URL%% xenial-updates main universe
+deb %%UBUNTU_URL%% xenial-backports main universe
+deb %%UBUNTU_URL%% xenial-security main universe