2 # ============LICENSE_START=======================================================
3 # Copyright (C) 2021 The Nordix Foundation. All rights reserved.
4 # ================================================================================
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 # SPDX-License-Identifier: Apache-2.0
18 # ============LICENSE_END=========================================================
24 export DEBIAN_FRONTEND=noninteractive
28 # install basic dependencies
29 sudo apt install -y make openjdk-11-jre-headless apt-transport-https ca-certificates curl gnupg jq software-properties-common
31 # set versions of docker-ce, docker-ce-cli, and containerd.io so we know and pin what we use
32 DOCKER_CE_VERSION="5:20.10.5~3-0~ubuntu-bionic"
33 DOCKER_CE_CLI_VERSION="5:20.10.5~3-0~ubuntu-bionic"
34 CONTAINERD_IO_VERSION="1.4.4-1"
36 # install docker-ce, docker-ce-cli, containerd.io and mark them hold
37 sudo apt remove -y docker docker-engine docker.io containerd runc
38 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
39 echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
40 $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
42 sudo apt install -y docker-ce=$DOCKER_CE_VERSION docker-ce-cli=$DOCKER_CE_CLI_VERSION containerd.io=$CONTAINERD_IO_VERSION
43 sudo apt-mark hold docker-ce docker-ce-cli containerd.io
44 sudo systemctl enable docker
45 sudo systemctl start docker
47 # Create jenkins user, add it to required groups, configure sudoers and sshd_config
48 sudo useradd -G sudo,docker -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins
49 # Create slave root directory
50 sudo mkdir -p /home/jenkins/nordix/slave_root
51 sudo chown -R jenkins:jenkins /home/jenkins/nordix/slave_root
52 sudo chmod -R 755 /home/jenkins/nordix/slave_root
53 # Modify sudoers - disable env_reset, !requiretty and passwordless sudo
54 sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:jenkins \!requiretty/" /etc/sudoers
55 sudo sed -i "s/^%sudo.*ALL/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/" /etc/sudoers
56 # Disable ssh password login, enable ssh with keys for jenkins user
57 sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config"
58 sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config"
59 sudo bash -c "echo AllowUsers jenkins >> /etc/ssh/sshd_config"
60 sudo systemctl restart sshd
62 # get cloud-init script in place so we can place the keys into ~jenkins/.ssh
63 sudo bash -c 'cat << EOF > /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh
65 sudo mkdir -p /home/jenkins/.ssh
66 # append ssh key injected by openstack to authorized_keys
67 sudo cat /home/ubuntu/.ssh/authorized_keys >> /home/jenkins/.ssh/authorized_keys
68 # append user ssh public keys uploaded by packer to authorized_keys
69 sudo cat /home/ubuntu/authorized_keys.packer >> /home/jenkins/.ssh/authorized_keys
70 # remove /home/ubuntu/authorized_keys.packer
71 sudo rm -f /home/jenkins/authorized_keys.packer
72 sudo chown -R jenkins:jenkins /home/jenkins/.ssh
73 sudo chmod -R go-rwx /home/jenkins/.ssh
74 sudo userdel -f -r ubuntu
77 sudo chmod +x /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh
79 # vim: set ts=2 sw=2 expandtab:
Code Review / infra / tools.git / blob