2 # ============LICENSE_START=======================================================
3 # Copyright (C) 2020 The Nordix Foundation. All rights reserved.
4 # ================================================================================
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
17 # SPDX-License-Identifier: Apache-2.0
18 # ============LICENSE_END=========================================================
22 sudo apt-get install -y unzip
25 sudo apt-get install -y openjdk-11-jdk
29 sudo DEBIAN_FRONTEND=noninteractive apt-get install -y \
34 software-properties-common
35 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
36 sudo add-apt-repository \
37 "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
41 sudo apt-get install -y docker-ce=5:19.03.12~3-0~ubuntu-bionic docker-ce-cli=5:19.03.12~3-0~ubuntu-bionic containerd.io
44 sudo systemctl enable docker
45 sudo systemctl start docker
48 # Crete homedir, add to sudo group, add entry in /etc/passwd
49 sudo useradd -G sudo,docker -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins
50 # Create slave root directory
51 sudo mkdir -p /home/jenkins/nordix/slave_root
52 sudo chown -R jenkins:jenkins /home/jenkins/nordix/slave_root
53 sudo chmod -R 755 /home/jenkins/nordix/slave_root
54 # Modify sudoers - disable env_reset, !requiretty and passwordless sudo
55 sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:jenkins \!requiretty/" /etc/sudoers
56 sudo sed -i "s/^%sudo.*ALL/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/" /etc/sudoers
57 # Disable ssh password login, enable ssh with keys for jenkins user
58 sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config"
59 sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config"
60 sudo bash -c "echo AllowUsers jenkins >> /etc/ssh/sshd_config"
61 sudo systemctl restart sshd
63 # get cloud-init script in place so we can place the keys into ~jenkins/.ssh
64 sudo bash -c 'cat << EOF > /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh
66 sudo mkdir -p /home/jenkins/.ssh
67 sudo cat /home/ubuntu/.ssh/authorized_keys >> /home/jenkins/.ssh/authorized_keys
68 sudo chown -R jenkins:jenkins /home/jenkins/.ssh
69 sudo chmod -R go-rwx /home/jenkins/.ssh
70 sudo userdel -f -r ubuntu
72 sudo chmod +x /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh