From: matthew-mcneilly <matthew.mcneilly@est.tech>
Date: Wed, 8 Jul 2020 17:18:49 +0000 (+0100)
Subject: Jenkins user and ssh config added
X-Git-Url: https://gerrit.nordix.org/gitweb?a=commitdiff_plain;h=04f74694fcb80c660689f615994833ba751b2763;p=infra%2Ftools.git

Jenkins user and ssh config added

Addition of Jenkins user
Disable ssh via password
Enalbe ssh via tokens
Disable env_reset requiretty
Add passwordless sudo

Signed-off-by: matthew-mcneilly <matthew.mcneilly@est.tech>
Change-Id: I2740677c1338ebdca92f41858088135c20b90774
---

diff --git a/infra/jenkins/slave-setup/uds-build-server/install-packages.sh b/infra/jenkins/slave-setup/uds-build-server/install-packages.sh
index 858fe24..f890a3b 100644
--- a/infra/jenkins/slave-setup/uds-build-server/install-packages.sh
+++ b/infra/jenkins/slave-setup/uds-build-server/install-packages.sh
@@ -16,7 +16,6 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # ============LICENSE_END=========================================================
-
 set -ex
 
 sudo apt-get update
@@ -40,6 +39,21 @@ sudo add-apt-repository \
    stable"
 sudo apt-get update
 sudo apt-get install -y docker-ce=5:19.03.12~3-0~ubuntu-bionic docker-ce-cli=5:19.03.12~3-0~ubuntu-bionic containerd.io
-sudo usermod -aG docker $USER
-newgrp docker
 docker --version
+
+
+# CREATE JENKINS USER
+# Crete homedir, add to sudo group, add entry in /etc/passwd
+sudo useradd -G sudo,docker -d /home/jenkins -m -c "jenkins user" -s /bin/bash jenkins
+# Create slave root directory
+sudo mkdir -p /home/jenkins/nordix/slave_root
+sudo chown -R jenkins:jenkins /home/jenkins/nordix/slave_root
+sudo chmod -R 755 /home/jenkins/nordix/slave_root
+# Modify sudoers - disable env_reset, !requiretty and passwordless sudo
+sudo sed -i "s/^Defaults.*env_reset/#&\nDefaults:jenkins  \!requiretty/" /etc/sudoers
+sudo sed -i "s/^%sudo.*ALL/%sudo   ALL=(ALL:ALL)   NOPASSWD: ALL/" /etc/sudoers
+# Disable ssh password login, enable ssh with keys for jenkins user
+sudo bash -c "echo PasswordAuthentication no >> /etc/ssh/sshd_config"
+sudo bash -c "echo PubkeyAuthentication yes >> /etc/ssh/sshd_config"
+sudo bash -c "echo AllowUsers jenkins >> /etc/ssh/sshd_config"
+sudo systemctl restart sshd