2 # ============LICENSE_START=======================================================
3 # Copyright (C) 2020 The Nordix Foundation. All rights reserved.
4 # ================================================================================
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 # SPDX-License-Identifier: Apache-2.0
18 # ============LICENSE_END=========================================================
23 # ensure apt is not running before proceeding with the rest
24 echo "Info : Wait for completion of an existing apt process before proceeding..."
26 pkg_mgr_process=$(pgrep -f apt | cat)
27 if [[ -n $pkg_mgr_process ]]; then
33 echo "Info : apt process done. Continuing..."
35 # list of basic packages to install
41 software-properties-common
47 openjdk-11-jre-headless
50 # we need apt to proceed without any prompt asking for user input
51 export DEBIAN_FRONTEND=noninteractive
53 echo "Info : Install packages"
54 # update packages to their latest
56 sudo -H -E apt upgrade -y -q=3
59 sudo -H -E apt -y -q=3 install ${PKG_LIST[@]}
61 # remove unnecessary packages
62 sudo -H -E apt autoremove -y
64 echo "Info : Enable time sync"
65 # ensure time sync is setup
66 sudo systemctl enable chrony --now
67 sudo chronyc -a 'burst 4/4' && sudo chronyc -a makestep
69 echo "Info : Enable nested virtualization"
70 # enable nested virtualization
71 sudo bash -c 'cat << EOF > /etc/modprobe.d/qemu-system-x86.conf
72 options kvm-intel nested=y enable_apicv=n
74 sudo modprobe -r kvm_intel kvm
75 sudo modprobe -a kvm_intel kvm
76 sudo lsmod | grep kvm_intel
77 sudo cat /sys/module/kvm_intel/parameters/nested
79 echo "Info : Create and configure jenkins user"
80 # create and configure jenkins user
81 sudo useradd -G sudo -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins
82 sudo mkdir -p /home/jenkins/nordix/slave_root
83 sudo chown -R jenkins:jenkins /home/jenkins/nordix
84 sudo chmod -R 755 /home/jenkins/nordix/slave_root
86 # modify sudoers - disable env_reset, !requiretty and passwordless sudo
87 sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:jenkins \!requiretty/" /etc/sudoers
88 sudo sed -i "s/^%sudo.*ALL/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/" /etc/sudoers
90 # disable ssh password login, enable ssh with keys for jenkins user
91 sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config"
92 sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config"
93 sudo bash -c "echo AllowUsers jenkins >> /etc/ssh/sshd_config"
94 sudo systemctl restart sshd
96 echo "Info : Install and configure podman"
97 # install and configure podman
99 echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
100 curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add -
102 sudo apt-get -y upgrade
103 sudo apt-get -y install podman fuse-overlayfs
105 echo "Info : Create cloud-init script"
106 # get cloud-init script in place so we can place the required files in place during cloud-init phase
107 sudo bash -c 'cat << EOF > /var/lib/cloud/scripts/per-instance/configure-instance.sh
109 sudo mkdir -p /home/jenkins/.ssh
110 # append ssh key injected by openstack to authorized_keys
111 sudo cat /home/ubuntu/.ssh/authorized_keys >> /home/jenkins/.ssh/authorized_keys
112 # append user ssh public keys uploaded by packer to authorized_keys
113 sudo cat /home/ubuntu/authorized_keys.packer >> /home/jenkins/.ssh/authorized_keys
115 # create podman configuration
116 sudo mkdir -p /home/jenkins/.config/containers
117 sudo mv /home/ubuntu/podman_registries.conf.packer /home/jenkins/.config/containers/registries.conf
118 sudo mv /home/ubuntu/podman_storage.conf.packer /home/jenkins/.config/containers/storage.conf
119 sudo chown -R jenkins:jenkins /home/jenkins/.config
120 sudo chmod -R go-rwx /home/jenkins/.config
122 # remove /home/ubuntu/authorized_keys.packer
123 sudo rm -f /home/jenkins/authorized_keys.packer
124 sudo chown -R jenkins:jenkins /home/jenkins/.ssh
125 sudo chmod -R go-rwx /home/jenkins/.ssh
128 sudo userdel -f -r ubuntu
131 sudo chmod +x /var/lib/cloud/scripts/per-instance/configure-instance.sh