#!/bin/bash # ============LICENSE_START======================================================= # Copyright (C) 2020 The Nordix Foundation. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= set -o nounset set -o pipefail # ensure apt is not running before proceeding with the rest echo "Info : Wait for completion of an existing apt process before proceeding..." while true; do pkg_mgr_process=$(pgrep -f apt | cat) if [[ -n $pkg_mgr_process ]]; then sleep 10 else break fi done echo "Info : apt process done. Continuing..." # list of basic packages to install PKG_LIST=( apt-utils apt-transport-https ca-certificates gnupg-agent software-properties-common git vim curl wget chrony openjdk-11-jre-headless ) # we need apt to proceed without any prompt asking for user input export DEBIAN_FRONTEND=noninteractive echo "Info : Install packages" # update packages to their latest sudo -H -E apt update sudo -H -E apt upgrade -y -q=3 # install packages sudo -H -E apt -y -q=3 install ${PKG_LIST[@]} # remove unnecessary packages sudo -H -E apt autoremove -y echo "Info : Enable time sync" # ensure time sync is setup sudo systemctl enable chrony --now sudo chronyc -a 'burst 4/4' && sudo chronyc -a makestep echo "Info : Enable nested virtualization" # enable nested virtualization sudo bash -c 'cat << EOF > /etc/modprobe.d/qemu-system-x86.conf options kvm-intel nested=y enable_apicv=n EOF' sudo modprobe -r kvm_intel kvm sudo modprobe -a kvm_intel kvm sudo lsmod | grep kvm_intel sudo cat /sys/module/kvm_intel/parameters/nested echo "Info : Create and configure jenkins user" # create and configure jenkins user sudo useradd -G sudo -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins sudo mkdir -p /home/jenkins/nordix/slave_root sudo chown -R jenkins:jenkins /home/jenkins/nordix sudo chmod -R 755 /home/jenkins/nordix/slave_root # modify sudoers - disable env_reset, !requiretty and passwordless sudo sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:jenkins \!requiretty/" /etc/sudoers sudo sed -i "s/^%sudo.*ALL/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/" /etc/sudoers # disable ssh password login, enable ssh with keys for jenkins user sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config" sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config" sudo bash -c "echo AllowUsers jenkins >> /etc/ssh/sshd_config" sudo systemctl restart sshd echo "Info : Install and configure podman" # install and configure podman . /etc/os-release echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add - sudo apt-get update sudo apt-get -y upgrade sudo apt-get -y install podman fuse-overlayfs echo "Info : Create cloud-init script" # get cloud-init script in place so we can place the required files in place during cloud-init phase sudo bash -c 'cat << EOF > /var/lib/cloud/scripts/per-instance/configure-instance.sh #!/bin/bash sudo mkdir -p /home/jenkins/.ssh # append ssh key injected by openstack to authorized_keys sudo cat /home/ubuntu/.ssh/authorized_keys >> /home/jenkins/.ssh/authorized_keys # append user ssh public keys uploaded by packer to authorized_keys sudo cat /home/ubuntu/authorized_keys.packer >> /home/jenkins/.ssh/authorized_keys # create podman configuration sudo mkdir -p /home/jenkins/.config/containers sudo mv /home/ubuntu/podman_registries.conf.packer /home/jenkins/.config/containers/registries.conf sudo mv /home/ubuntu/podman_storage.conf.packer /home/jenkins/.config/containers/storage.conf sudo chown -R jenkins:jenkins /home/jenkins/.config sudo chmod -R go-rwx /home/jenkins/.config # remove /home/ubuntu/authorized_keys.packer sudo rm -f /home/jenkins/authorized_keys.packer sudo chown -R jenkins:jenkins /home/jenkins/.ssh sudo chmod -R go-rwx /home/jenkins/.ssh # remove ubuntu user sudo userdel -f -r ubuntu EOF' sudo chmod +x /var/lib/cloud/scripts/per-instance/configure-instance.sh