Add setup scripts for the GCE workers.
Change-Id: Ib1f1dfda1be25dca69768b0faa798260a1030b6b
diff --git a/worker/README.md b/worker/README.md
new file mode 100644
index 0000000..341f4cb
--- /dev/null
+++ b/worker/README.md
@@ -0,0 +1,40 @@
+This holds scripts for spinning up extra workers for gerrit CI on GCE.
+
+VMs should be created as:
+
+ * named city-hackathon-40, city-hackathon-41, etc; the numbers should
+ be free in the CI master
+
+ * Machine: 24 CPUs/90G RAM.
+
+ * Disk: RHEL 7 hardened image on 100G SSD Persistent Disk
+
+ * SSH: add your personal key.
+
+
+Steps:
+
+1. Become root `sudo su -`
+
+1. `yum install -y git`
+
+1. Install the private key under .ssh/id_ecdsa, available to gerritcodereview-team members.
+
+1. Download:
+
+ ```
+ git clone https://gerrit.googlesource.com/gerrit-ci-scripts/
+ ```
+
+1. Run setup.sh (one time)
+
+ ```
+ sh gerrit-ci-scripts/worker/setup.sh
+ ```
+
+1. Run tunnel.sh (TODO(hanwen): setup in crontab from setup.sh)
+
+ ```
+ sh gerrit-ci-scripts/worker/tunnel.sh
+ ```
+
diff --git a/worker/setup-tunnel.service b/worker/setup-tunnel.service
new file mode 100644
index 0000000..4212d29
--- /dev/null
+++ b/worker/setup-tunnel.service
@@ -0,0 +1,10 @@
+[Unit]
+After=network.target
+
+[Service]
+ExecStart=/root/gerrit-ci-scripts/worker/tunnel.sh
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=default.target
diff --git a/worker/setup.sh b/worker/setup.sh
new file mode 100755
index 0000000..0654469
--- /dev/null
+++ b/worker/setup.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# install reqs.
+yum install -y docker ppp telnet
+
+mkdir -p .ssh
+
+# recognize gerritforge.
+echo '[gerrit-ci.gerritforge.com]:1022,[8.26.94.23]:1022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUylKwtTDROpPce/sCfdMMR+N116TsZx5n4YHO8qPLaEhEXld+1T+hWe/HuITafW182hTnOjMHlK/GwH9A7KOS9XHHdBtHCYx0lH78kb+fvZsUtyuGlbQNXzQuyBIpJoYOtMRhn5aHR1sn1USHnnZp1V1dpDu/HYHjpj4pyA8I4i2BE89OVblxyggdulvgLfaLFJ+6Q9U+Mf+SHpufgsXDNlG/KTQVHioONoOnu47qbhJLSK+w5Q3dzaLa2CTPCZgdOFf3g6AQJWMKDEkTnReT9bR97lg1T59GoK2pLpem1gokiUQ052/qH/cL/b38XtW/IJCK9HmrV5Whc26dDg95' > .ssh/known_hosts
+
+# Docker on port 2375
+found=$(grep -l 2375 /lib/systemd/system/docker.service)
+if [[ -z "$found" ]] ; then
+ sed -i 's|$OPTIONS|$OPTIONS -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375|' /lib/systemd/system/docker.service
+fi
+
+cp $(dirname $0)/setup-tunnel.service /etc/systemd/system/
+
+systemctl daemon-reload
+systemctl enable setup-tunnel.service
+systemctl start docker
+systemctl restart docker
diff --git a/worker/tunnel.sh b/worker/tunnel.sh
new file mode 100755
index 0000000..cdc0f85
--- /dev/null
+++ b/worker/tunnel.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+
+if [[ -z "$1" ]]; then
+ WORKER=$(hostname | sed 's|.*-\([0-9]*\)$|\1|')
+ echo "using worker ID $WORKER"
+else
+ WORKER=$1
+fi
+
+cd /root
+set -ue
+
+if [[ -f ".ssh/id_ecdsa" ]]; then
+ chmod 0600 .ssh/id_ecdsa
+else
+ echo "SSH ID missing."
+ exit 1
+fi
+
+export TIMEOUT=10
+export SUBNET=10.0.$WORKER
+
+echo "Checking connectivity to new-ci ..."
+PIDS=$(ps -a -o pid,ppid,cmd | grep ssh | grep gerrit-ci.gerritforge.com | grep -v grep | awk '{print $1}')
+
+if [[ -n "$PIDS" ]] ; then
+ if ping -q -c 1 -w $TIMEOUT $SUBNET.2 > /dev/null
+ then
+ echo OK
+ exit 0
+ fi
+fi
+
+echo "no connection; Killing stale PIDs $PIDS"
+for i in $PIDS; do
+ kill -9 $i;
+done
+
+# Ugh. SELinux disallows PPPD to execute SSH.
+setenforce 0
+
+/usr/sbin/pppd \
+ nodetach noauth silent nodeflate pty \
+ "/usr/bin/ssh -p 1022 gerrit-ci.gerritforge.com /usr/sbin/pppd nodetach notty noauth" ipparam vpn $SUBNET.1:$SUBNET.2
+
