add packer based docker builds

[mapuri]

Overview of changes:

• packer/docker/centos: added packer build scripts to build centos based docker images
• vendor in the updated ansible repo

Motivation:

• we would like to sandbox our CI builds inside a container to secure our baremetal test environments from rogue PRs, without needing any special handling inside the projects.
• a docker image provisioned using our ansible will ensure that we have all necessary tools to stage our CI environment in a container
• this will also take us closer to trying parallel builds on same bare-metal host for better resource utilization. But this is not the primary goal atm.
• @unclejack proved that this is doable with his simple experiments for the same!! It was easy to take it to next logical level.

What I have tested:

• I was able to verify a local build and test of cluster manager using this container image, i.e.

#  docker run --name sysd --privileged -itd \
   -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
   -v /tmp/$(mktemp -d):/run \
   -v /home/ladmin/goroot/src/github.com/contiv/cluster:/go/src/github.com/contiv/cluster \
   -v /home/ladmin/.vagrant.d:/.vagrant.d \
   -e VAGRANT_HOME=/.vagrant.d \
   -e http_proxy=$http_proxy \
   -e https_proxy=$https_proxy \
   contiv/centos7:0.1 /usr/sbin/init

# docker exec -it sysd /bin/bash
[root@386b7c8ec8c0 /]# cd /go/src/github.com/contiv/cluster/management/src
[root@386b7c8ec8c0 /]# make build unit-test system-test
...
...

Notes / Observations:

• docker image size is considerably huge. I measured it to be around 100G with docker 1.9 but it was reduced considerably to only around 10G with docker 1.11.
  • I think the new image size with docker 1.11 should not be a big concern as this image will only need occasional updates just like our vagrant boxes
• the vbox version need to be same between the the test container and the host.
  • I think this should also not be an issue as we use the same ansible to configure our baremetal hosts using contiv/lab repo !
• we need to mount the vagrant directory inside the test container to make the boxes available and save a lot of time not having to download these boxes inside the test container.
  • again this should not be an issue as I was able to see it work but I still need to try it out in CI environment.
• user is root inside the test container.
  • I don't think it should be an issue as we are in a sandbox, but please let me know if I am missing something.
• container needs to run as --privileged to be able to run docker, vbox etc in it
  • will this be a security issue??

Next steps :

• Get a yay! or nay! to the approach from you folks
• integrate this image with the docker plugin for jenkins (https://wiki.jenkins-ci.org/display/JENKINS/Docker+Plugin), especially :
  • need to figure out how to remove the need to mount the git workspace being tested inside the container and rather have it pulled.
  • need to study the configuration part of the docker plugin in more detail and map what I did in manual steps above to it. Otherwise we may need to write a simple bash wrapper for our use.
• slowly transition all CI jobs to use docker plugin before we start getting more public contributions

/cc @erikh @unclejack @shaleman @jainvipin

[erikh]

+1 for the idea. I'll review the code tonight.