ORANSC: Introduce ORANSC packer image

[infra/tools.git] / infra / jenkins / slave-setup / oransc-build-server / configure-image.sh

diff --git a/infra/jenkins/slave-setup/oransc-build-server/configure-image.sh b/infra/jenkins/slave-setup/oransc-build-server/configure-image.sh
new file mode 100644 (file)
index 0000000..8ba4783
--- /dev/null
+++ b/infra/jenkins/slave-setup/oransc-build-server/configure-image.sh
@@ -0,0 +1,111 @@
+#!/bin/bash
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2021 The Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+set -ex
+
+# 3PP versions
+DOCKER_VERSION="5:20.10.11~3-0~ubuntu-focal"
+GO_VERSION="1.17"
+GO_LINT_VERSION="1.39.0"
+
+sudo apt-get update
+sudo DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
+sudo apt-get install -y unzip
+
+# INSTALL JAVA
+sudo apt-get install -y openjdk-11-jdk
+java -version
+
+# INSTALL DOCKER
+sudo DEBIAN_FRONTEND=noninteractive apt-get install -y \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    gnupg-agent \
+    software-properties-common
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+sudo add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+   $(lsb_release -cs) \
+   stable"
+sudo apt-get update
+sudo apt-get install -y docker-ce=${DOCKER_VERSION} docker-ce-cli=${DOCKER_VERSION} containerd.io
+docker --version
+
+sudo systemctl enable docker
+sudo systemctl start docker
+
+echo "Info  : Install ORANSC build dependency packages"
+sudo apt install -y  \
+    diffstat \
+    gcc \
+    build-essential 
+
+# INSTALL GO
+cd /tmp
+# golang
+wget https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz
+tar xzvf go${GO_VERSION}.linux-amd64.tar.gz
+sudo mv go /usr/local
+# golangci-lint
+wget https://github.com/golangci/golangci-lint/releases/download/v${GO_LINT_VERSION}/golangci-lint-${GO_LINT_VERSION}-linux-amd64.deb
+sudo dpkg -i golangci-lint-${GO_LINT_VERSION}-linux-amd64.deb
+/bin/rm -rf  go${GO_VERSION}.linux-amd64.tar.gz golangci-lint-${GO_LINT_VERSION}-linux-amd64.deb
+
+# CREATE JENKINS USER
+# Crete homedir, add to sudo group, add entry in /etc/passwd
+sudo useradd -G sudo,docker -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins
+# Create slave root directory
+sudo mkdir -p /home/jenkins/nordix/slave_root
+sudo chown -R jenkins:jenkins /home/jenkins/nordix/slave_root
+sudo chmod -R 755 /home/jenkins/nordix/slave_root
+# Modify sudoers - disable env_reset, !requiretty and passwordless sudo
+sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:jenkins  \!requiretty/" /etc/sudoers
+sudo sed -i "s/^%sudo.*ALL/%sudo   ALL=(ALL:ALL)   NOPASSWD: ALL/" /etc/sudoers
+# Disable ssh password login, enable ssh with keys for jenkins user
+sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config"
+sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config"
+sudo bash -c "echo AllowUsers jenkins >> /etc/ssh/sshd_config"
+sudo systemctl restart sshd
+
+# configure sysctl
+sudo sysctl -w net.ipv4.tcp_keepalive_time=120
+sudo sysctl -w net.ipv4.tcp_keepalive_intvl=30
+sudo sysctl -w net.ipv4.tcp_keepalive_probes=8
+sudo sysctl -w net.ipv4.tcp_fin_timeout=30
+
+# update ~jenkins/.profile
+sudo bash -c "echo 'export PATH=\$PATH:/usr/local/go/bin' >> /home/jenkins/.profile"
+
+echo "Info  : Create cloud-init script"
+# get cloud-init script in place so we can place the keys into ~jenkins/.ssh
+sudo bash -c 'cat << EOF > /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh
+#!/bin/bash
+sudo mkdir -p /home/jenkins/.ssh
+# append ssh key injected by openstack to authorized_keys
+sudo cat /home/ubuntu/.ssh/authorized_keys >> /home/jenkins/.ssh/authorized_keys
+# append user ssh public keys uploaded by packer to authorized_keys
+sudo cat /home/ubuntu/authorized_keys.packer >> /home/jenkins/.ssh/authorized_keys
+# remove /home/ubuntu/authorized_keys.packer
+sudo rm -f /home/jenkins/authorized_keys.packer
+sudo chown -R jenkins:jenkins /home/jenkins/.ssh
+sudo chmod -R go-rwx /home/jenkins/.ssh
+sudo userdel -f -r ubuntu
+EOF'
+
+sudo chmod +x /var/lib/cloud/scripts/per-instance/copykeystojenkins.sh