2 # ============LICENSE_START=======================================================
3 # Copyright (C) 2022 The Nordix Foundation. All rights reserved.
4 # ================================================================================
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 # SPDX-License-Identifier: Apache-2.0
18 # ============LICENSE_END=========================================================
24 export DEBIAN_FRONTEND=noninteractive
28 # install basic dependencies
30 sudo apt install -y make openjdk-11-jre-headless apt-transport-https ca-certificates curl gnupg jq software-properties-common build-essential
32 # If you have a issue with Let's Encrypt certificate when cloning repo due to DST Root CA X3 Expiration:
33 # https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
34 # remove outdated certificate from system
35 sudo rm -rf /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
36 # update ca-certificates
37 sudo update-ca-certificates --fresh --verbose
39 # set versions of various things for NSM for visibility and ease of maintenance
40 DOCKER_CE_VERSION="5:20.10.21~3-0~ubuntu-jammy"
41 DOCKER_CE_CLI_VERSION="5:20.10.21~3-0~ubuntu-jammy"
42 CONTAINERD_IO_VERSION="1.6.9-1"
44 GO_LINT_VERSION="1.51.1"
45 FOSSA_CLI_VERSION="1.1.7"
46 KUBECTL_VERSION="v1.25.0"
47 HELM_VERSION="v3.10.1"
50 # install docker-ce, docker-ce-cli, containerd.io and mark them hold
51 sudo apt remove -y docker docker.io containerd runc
52 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
53 echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
54 $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
56 sudo apt install -y docker-ce=$DOCKER_CE_VERSION docker-ce-cli=$DOCKER_CE_CLI_VERSION containerd.io=$CONTAINERD_IO_VERSION
57 sudo apt-mark hold docker-ce docker-ce-cli containerd.io
58 sudo systemctl enable docker
59 sudo systemctl start docker
61 # install go related stuff
64 wget https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz
65 tar xzvf go${GO_VERSION}.linux-amd64.tar.gz
68 wget https://github.com/golangci/golangci-lint/releases/download/v${GO_LINT_VERSION}/golangci-lint-${GO_LINT_VERSION}-linux-amd64.deb
69 sudo dpkg -i golangci-lint-${GO_LINT_VERSION}-linux-amd64.deb
70 /bin/rm -rf go${GO_VERSION}.linux-amd64.tar.gz golangci-lint-${GO_LINT_VERSION}-linux-amd64.deb
73 wget https://github.com/fossas/fossa-cli/releases/download/v${FOSSA_CLI_VERSION}/fossa-cli_${FOSSA_CLI_VERSION}_linux_amd64.tar.gz
74 tar xzvf fossa-cli_${FOSSA_CLI_VERSION}_linux_amd64.tar.gz
75 sudo mv fossa /usr/local/bin
76 sudo chmod +x /usr/local/bin/fossa
77 /bin/rm -rf fossa-cli_${FOSSA_CLI_VERSION}_linux_amd64.tar.gz
80 wget https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl
81 sudo mv kubectl /usr/local/bin
82 sudo chmod +x /usr/local/bin/kubectl
85 wget https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz
86 tar xzvf helm-${HELM_VERSION}-linux-amd64.tar.gz
87 sudo mv ./linux-amd64/helm /usr/local/bin
88 sudo chmod +x /usr/local/bin/helm
89 /bin/rm -rf helm-${HELM_VERSION}-linux-amd64.tar.gz
92 wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64
93 sudo mv yq_linux_amd64 /usr/local/bin/yq
94 sudo chmod +x /usr/local/bin/yq
96 # Create jenkins user, add it to required groups, configure sudoers and sshd_config
97 sudo useradd -G sudo,docker -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins
98 # Create slave root directory
99 sudo mkdir -p /home/jenkins/nordix/slave_root
100 sudo chown -R jenkins:jenkins /home/jenkins/nordix/slave_root
101 sudo chmod -R 755 /home/jenkins/nordix/slave_root
102 # Modify sudoers - disable env_reset, !requiretty and passwordless sudo
103 sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:jenkins \!requiretty/" /etc/sudoers
104 sudo sed -i "s/^%sudo.*ALL/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/" /etc/sudoers
105 # Disable ssh password login, enable ssh with keys for jenkins user
106 sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config"
107 sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config"
108 sudo bash -c "echo AllowUsers jenkins >> /etc/ssh/sshd_config"
109 sudo systemctl restart sshd
112 sudo sh -c "sysctl -w net.ipv4.tcp_keepalive_time=120 >> /etc/sysctl.conf"
113 sudo sh -c "sysctl -w net.ipv4.tcp_keepalive_intvl=30 >> /etc/sysctl.conf"
114 sudo sh -c "sysctl -w net.ipv4.tcp_keepalive_probes=8 >> /etc/sysctl.conf"
115 sudo sh -c "sysctl -w net.ipv4.tcp_fin_timeout=30 >> /etc/sysctl.conf"
116 sudo sh -c "sysctl -w fs.inotify.max_user_watches=524288 >> /etc/sysctl.conf"
117 sudo sh -c "sysctl -w fs.inotify.max_user_instances=1024 >> /etc/sysctl.conf"
118 sudo sh -c "sysctl -w fs.file-max=2097152 >> /etc/sysctl.conf"
120 # update ~jenkins/.profile
121 sudo bash -c "echo 'export PATH=\$PATH:/usr/local/go/bin' >> /home/jenkins/.profile"
123 # get cloud-init script in place so we can place the keys into ~jenkins/.ssh
124 sudo bash -c 'cat << EOF > /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh
126 sudo mkdir -p /home/jenkins/.ssh
127 # append ssh key injected by openstack to authorized_keys
128 sudo cat /home/ubuntu/.ssh/authorized_keys >> /home/jenkins/.ssh/authorized_keys
129 # append user ssh public keys uploaded by packer to authorized_keys
130 sudo cat /home/ubuntu/authorized_keys.packer >> /home/jenkins/.ssh/authorized_keys
131 # remove /home/ubuntu/authorized_keys.packer
132 sudo rm -f /home/jenkins/authorized_keys.packer
133 sudo chown -R jenkins:jenkins /home/jenkins/.ssh
134 sudo chmod -R go-rwx /home/jenkins/.ssh
135 sudo userdel -f -r ubuntu
138 sudo chmod +x /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh
140 # vim: set ts=2 sw=2 expandtab: