2 # ============LICENSE_START=======================================================
3 # Copyright (C) 2020 The Nordix Foundation. All rights reserved.
4 # ================================================================================
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 # SPDX-License-Identifier: Apache-2.0
18 # ============LICENSE_END=========================================================
23 DPKG_LOCK="/var/lib/dpkg/lock-frontend"
25 # Wait for other apt process to finish by checking the dpkg lock file.
27 while sudo lsof ${DPKG_LOCK} >/dev/null 2>&1; do
28 echo "DPKG file locked: ${DPKG_LOCK}."
29 echo " Waiting for another pkg instalaltion process to finish ..."
31 if [[ ${try} -gt 60 ]]; then
32 echo "ERROR: Max number of re-tries reached, exiting..."
38 # list of basic packages to install
44 software-properties-common
60 # we need apt to proceed without any prompt asking for user input
61 export DEBIAN_FRONTEND=noninteractive
63 echo "Info : Install packages"
64 # update packages to their latest
66 sudo -H -E apt upgrade -y -q=3
69 sudo apt remove -y docker docker-engine docker.io containerd runc
70 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
71 sudo add-apt-repository \
72 "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
76 sudo -H -E apt -y -q=3 --no-install-recommends install "${PKG_LIST[@]}"
78 # Enable and start docker
80 sudo systemctl enable docker
81 sudo systemctl start docker
83 # install command-line YAML processor from Snappy
86 # remove unnecessary packages
87 sudo -H -E apt autoremove -y
89 echo "Info : Install additional Java version"
90 # INSTALL additional Java 11 and 12 while keep pointing alternatives to JDK8
91 sudo cp -R /etc/alternatives /etc/keep-alternatives
92 sudo add-apt-repository -y ppa:openjdk-r/ppa
94 sudo -H -E apt -y -q=3 install \
97 sudo rm -rf /etc/alternatives
98 sudo mv /etc/keep-alternatives /etc/alternatives
101 echo "Info : Enable time sync"
102 # ensure time sync is setup
103 sudo systemctl enable chrony --now
104 sudo chronyc -a 'burst 4/4' && sudo chronyc -a makestep
106 echo "Info : Create and configure jenkins user"
107 # create and configure jenkins user
108 sudo useradd -G sudo,docker -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins
109 sudo mkdir -p /home/jenkins/nordix/slave_root
110 sudo chown -R jenkins:jenkins /home/jenkins/nordix/slave_root
111 sudo chmod -R 755 /home/jenkins/nordix/slave_root
113 # Modify sudoers - disable env_reset, !requiretty and passwordless sudo
114 sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:jenkins \!requiretty/" /etc/sudoers
115 sudo sed -i "s/^%sudo.*ALL/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/" /etc/sudoers
117 # Disable ssh password login, enable ssh with keys for jenkins user
118 sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config"
119 sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config"
120 sudo bash -c "echo AllowUsers jenkins >> /etc/ssh/sshd_config"
121 sudo systemctl restart sshd
123 echo "Info : Create cloud-init script"
124 # get cloud-init script in place so we can place the keys into ~jenkins/.ssh
125 sudo bash -c 'cat << EOF > /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh
127 sudo mkdir -p /home/jenkins/.ssh
128 # append ssh key injected by openstack to authorized_keys
129 sudo cat /home/ubuntu/.ssh/authorized_keys >> /home/jenkins/.ssh/authorized_keys
130 # append user ssh public keys uploaded by packer to authorized_keys
131 sudo cat /home/ubuntu/authorized_keys.packer >> /home/jenkins/.ssh/authorized_keys
132 # remove /home/ubuntu/authorized_keys.packer
133 sudo rm -f /home/jenkins/authorized_keys.packer
134 sudo chown -R jenkins:jenkins /home/jenkins/.ssh
135 sudo chmod -R go-rwx /home/jenkins/.ssh
136 sudo userdel -f -r ubuntu
139 sudo chmod +x /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh