#!/bin/bash -e # This script is used as a user data file when building # machines which use images that are not managed by # nodepool. See https://cloud-init.io for more information # about how cloud-init uses user-data files. # # This script tries to ensure that the machine is prepared # in a consistent way and it has all the required packages # installed on it for the jenkins, ansible and other # rpc-gating platform elements to work. # Get the distribution name echo "Getting the distribution name" if [[ -e /etc/lsb-release ]]; then source /etc/lsb-release DISTRO_RELEASE=${DISTRIB_CODENAME} elif [[ -e /etc/os-release ]]; then source /etc/os-release DISTRO_RELEASE=${UBUNTU_CODENAME} else echo "Unable to determine distribution due to missing lsb/os-release files." exit 1 fi # Save a backup of the original apt sources echo "Saving a backup of the original apt sources" mv /etc/apt/sources.list /etc/apt/sources.list.original # Rewrite the apt sources file echo "Rewriting the apt sources" DISTRO_MIRROR="http://mirror.rackspace.com/ubuntu" DISTRO_COMPONENTS="main,universe" cat << EOF >/etc/apt/sources.list deb ${DISTRO_MIRROR} ${DISTRO_RELEASE} ${DISTRO_COMPONENTS//,/ } deb ${DISTRO_MIRROR} ${DISTRO_RELEASE}-updates ${DISTRO_COMPONENTS//,/ } deb ${DISTRO_MIRROR} ${DISTRO_RELEASE}-backports ${DISTRO_COMPONENTS//,/ } deb ${DISTRO_MIRROR} ${DISTRO_RELEASE}-security ${DISTRO_COMPONENTS//,/ } EOF # Enable debug logging for apt to make diagnosis of apt failures easier echo "Enabling apt debug logging" echo 'Debug::Acquire::http "true";' > /etc/apt/apt.conf.d/99debug # Add jenkins user and group echo "Adding the jenkins user and group" JENKINS_HOME="/var/lib/jenkins" groupadd jenkins useradd --gid jenkins \ --shell /bin/bash \ --home-dir ${JENKINS_HOME} \ --create-home jenkins # Fetch the rcbops public keys and add them to authorized_keys echo "Fetching the rcbops public keys" SSH_PUBLIC_KEYS_URL="https://raw.githubusercontent.com/rcbops/rpc-gating/master/keys/rcb.keys" curl --connect-timeout 5 \ --retry 3 \ ${SSH_PUBLIC_KEYS_URL} > /tmp/ssh-public-keys echo "Configuring authorized_keys for jenkins and root" for usr_home in /root ${JENKINS_HOME}; do mkdir -p ${usr_home}/.ssh chmod 700 ${usr_home}/.ssh cp /tmp/ssh-public-keys ${usr_home}/.ssh/authorized_keys chmod 644 ${usr_home}/.ssh/authorized_keys done # Configure sudoers for the jenkins user echo "Configuring sudoers for jenkins" cat > /etc/sudoers.d/jenkins << EOF jenkins ALL=(ALL) NOPASSWD:ALL EOF chmod 0440 /etc/sudoers.d/jenkins # Ensure everything has the right owner echo "Ensuring jenkins owns all jenkins home files" chown -R jenkins:jenkins ${JENKINS_HOME} # For Ubuntu Trusty add the openjdk PPA for access # to the openjdk8 packages echo "Adding openjdk PPA for Ubuntu Trusty hosts" if [[ "${DISTRO_RELEASE}" == "trusty" ]]; then add-apt-repository -y ppa:openjdk-r/ppa fi # Prepare the list of packages to install echo "Preparing a list of packages to install" pkgs_to_install="" pkgs_to_install+="bzip2" # for log artifact compression pkgs_to_install+=" curl" # for downloading the rpc-gating venv pkgs_to_install+=" git-core" # for git cloning pkgs_to_install+=" libxml2-utils" # for lint checking junit xml results before uploading them pkgs_to_install+=" openjdk-8-jre-headless" # for the jenkins agent pkgs_to_install+=" openssh-client" # for running ssh-keyscan against the repo pkgs_to_install+=" python-minimal" # for replacing the python in the rpc-gating venv pkgs_to_install+=" python-pip" # used commonly by tests pkgs_to_install+=" python-virtualenv" # required in order to prepare the rpc-gating virtualenv pkgs_to_install+=" python-yaml" # required by ansible when running rpc-gating playbooks pkgs_to_install+=" python3-minimal" # for replacing the python in the rpc-gating venv pkgs_to_install+=" python3-pip" # used commonly by tests pkgs_to_install+=" python3-virtualenv" # required in order to prepare the rpc-gating virtualenv pkgs_to_install+=" python3-yaml" # required by ansible when running rpc-gating playbooks pkgs_to_install+=" sudo" # used commonly by tests pkgs_to_install+=" virtualenv" # required in order to prepare the rpc-gating virtualenv # Update the apt cache and installing the required packages echo "Updating the apt cache and installing the required packages" apt-get update apt-get install -y ${pkgs_to_install} # Regardless of the last command's return code, ensure that the script exits # with RC=0, otherwise cloud-init may fail the boot. echo "Host preparation complete" exit 0