From d9aedddc8722e75fd24f9c7a9209e96ee5cea507 Mon Sep 17 00:00:00 2001 From: Thanh Ha Date: Mon, 4 Jun 2018 23:43:25 -0400 Subject: [PATCH] Add jenkins-init-scripts to global-jjb These are the minion initialization scripts that start running when our cloud plugin spawns a new minion. They are responsible for prepping the minion for Jenkins to take over and run the job. Issue: RELENG-994 Change-Id: I68e242297db03752fcc415e5465e7bfa8ab66d79 Signed-off-by: Thanh Ha --- jenkins-init-scripts/README | 15 ++++++++++ jenkins-init-scripts/basic-settings.sh | 43 +++++++++++++++++++++++++++++ jenkins-init-scripts/create-jenkins-user.sh | 31 +++++++++++++++++++++ jenkins-init-scripts/create-swap-file.sh | 15 ++++++++++ jenkins-init-scripts/disable-firewall.sh | 30 ++++++++++++++++++++ jenkins-init-scripts/init.sh | 26 +++++++++++++++++ 6 files changed, 160 insertions(+) create mode 100644 jenkins-init-scripts/README create mode 100755 jenkins-init-scripts/basic-settings.sh create mode 100755 jenkins-init-scripts/create-jenkins-user.sh create mode 100755 jenkins-init-scripts/create-swap-file.sh create mode 100755 jenkins-init-scripts/disable-firewall.sh create mode 100755 jenkins-init-scripts/init.sh diff --git a/jenkins-init-scripts/README b/jenkins-init-scripts/README new file mode 100644 index 00000000..85487864 --- /dev/null +++ b/jenkins-init-scripts/README @@ -0,0 +1,15 @@ +The files in this directory are for initializing a Jenkins minion just before +the cloud plugin hands the minion over to Jenkins. + +init.sh is the entry point script which then calls all other scripts. + +init.sh also provides a local init script entry point by checking for the +existance of the file CIMAN_ROOT/jenkins-init-scripts/local-init.sh. If this +file exists it can be used to further customize the server node before handing +it to Jenkins for job use. + +To use this create a managed file in Jenkins with the contents: + + #!/bin/bash + git clone https://gerrit.example.org/r/ci-management.git /opt/ciman + /opt/ciman/jjb/global-jjb/jenkins-init-scripts/init.sh diff --git a/jenkins-init-scripts/basic-settings.sh b/jenkins-init-scripts/basic-settings.sh new file mode 100755 index 00000000..92cbc872 --- /dev/null +++ b/jenkins-init-scripts/basic-settings.sh @@ -0,0 +1,43 @@ +#!/bin/bash +# SPDX-License-Identifier: EPL-1.0 +############################################################################## +# Copyright (c) 2015 The Linux Foundation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +############################################################################## + +# Increase limits +cat < /etc/security/limits.d/jenkins.conf +jenkins soft nofile 16000 +jenkins hard nofile 16000 +EOF + +cat </etc/sudoers.d/89-jenkins-user-defaults +Defaults:jenkins !requiretty +jenkins ALL = NOPASSWD: ALL +EOF + +cat <> /etc/ssh/ssh_config +Host * + ServerAliveInterval 60 + StrictHostKeyChecking no + UserKnownHostsFile /dev/null +EOSSH + +cat < /etc/ssh/ssh_known_hosts +github.com,192.30.253.112 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== +[140.211.169.26]:29418,[git.opendaylight.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw== +[gerrit.onap.org]:29418,[198.145.29.92]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyAKv0UzEhpGKP/rW+yHpngl32Ppr5Uy42coz/sYZYxbtpI+9yaMqfoBb06ktmt6kV7OCT/Sc0OpyWmpcR0d7KZHxx/LE/nm7Gi+xkNHhb9G+Hn6DagP4V+LS6x1YlUt2InLCb8g07+/n6rfxqCI6emIJYu9aTpDhaARb+mMX1xzJuoa4wp59Yr1mkKK8lXHKGnPCemyl9a0vSRY58b7ZWG/N8giNvqYeptslIF1E/MEI5AP6nx7EupiVulAUdboAnDSD0urt9zdE8KRjboghB7PHguil6/OZhbqOb/uEt/rGCHn+02pig1K/vjFvCqNErNgS6EKj0IkH+cU/vjV6j +[gerrit.opnfv.org]:29418,[198.145.29.81]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/jsHVV7453mz8D9tQp9t4gDZSYEnt7RTbm9dQCHvrjDxjKRaxCwFkEEF/wHgEm2DkiHLroRvcrJAN6aTH8SdMT4xpOIbD9iDw2ucHWjm3pJ0y4KlNcMnpg9uEWArwhR+pDWgxRCU77eCbCwv1ZEdqMfSgmYdO+MudNZXrldbgFAvsO1HbpwP/naCmUuYDfxlp3UCau19wR8BTKYGnROmQQXB5fSmNW7zrPsAdf7+rzktg1jp9JF7ss34T+gmxEigaC1WrpWRRlIsVTMHH3a9efcgJBS8sAcGRYMg5JRCArPP5u0dg6dXNqk8Zbd0CRpF72A9xVINRf7JZdea2yD+L +EOKNOWN + +# To handle the prompt style that is expected all over the environment +# with how use use robotframework we need to make sure that it is +# consistent for any of the users that are created during dynamic spin +# ups +echo 'PS1="[\u@\h \W]> "' >> /etc/skel/.bashrc + +# vim: sw=2 ts=2 sts=2 et : diff --git a/jenkins-init-scripts/create-jenkins-user.sh b/jenkins-init-scripts/create-jenkins-user.sh new file mode 100755 index 00000000..40ac25f3 --- /dev/null +++ b/jenkins-init-scripts/create-jenkins-user.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# SPDX-License-Identifier: EPL-1.0 +############################################################################## +# Copyright (c) 2016 The Linux Foundation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +############################################################################## + +OS=$(facter operatingsystem | tr '[:upper:]' '[:lower:]') + +useradd -m -s /bin/bash jenkins + +if grep -q docker /etc/group; then + usermod -a -G docker jenkins +fi + +# Used for building RPMs +if grep -q mock /etc/group; then + usermod -a -G mock jenkins +fi + +mkdir /home/jenkins/.ssh /w +cp -r "/home/${OS}/.ssh/authorized_keys" /home/jenkins/.ssh/authorized_keys + +# Generate ssh key for use by Robot jobs +echo -e 'y\n' | ssh-keygen -N "" -f /home/jenkins/.ssh/id_rsa -t rsa +chown -R jenkins:jenkins /home/jenkins/.ssh /w +chmod 700 /home/jenkins/.ssh diff --git a/jenkins-init-scripts/create-swap-file.sh b/jenkins-init-scripts/create-swap-file.sh new file mode 100755 index 00000000..cf8d97f1 --- /dev/null +++ b/jenkins-init-scripts/create-swap-file.sh @@ -0,0 +1,15 @@ +#!/bin/bash +# SPDX-License-Identifier: EPL-1.0 +############################################################################## +# Copyright (c) 2018 The Linux Foundation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +############################################################################## + +dd if=/dev/zero of=/swap count=1024 bs=1MiB +chmod 600 /swap +mkswap /swap +swapon /swap diff --git a/jenkins-init-scripts/disable-firewall.sh b/jenkins-init-scripts/disable-firewall.sh new file mode 100755 index 00000000..79e1d3a8 --- /dev/null +++ b/jenkins-init-scripts/disable-firewall.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# SPDX-License-Identifier: EPL-1.0 +############################################################################## +# Copyright (c) 2015 The Linux Foundation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +############################################################################## + +OS=$(facter operatingsystem) + +case "$OS" in + Fedora) + systemctl stop firewalld + ;; + CentOS|RedHat) + if [ "$(facter operatingsystemrelease | cut -d '.' -f1)" -lt "7" ]; then + service iptables stop + else + systemctl stop firewalld + fi + ;; + *) + # nothing to do + ;; +esac + +# vim: ts=4 ts=4 sts=4 et : diff --git a/jenkins-init-scripts/init.sh b/jenkins-init-scripts/init.sh new file mode 100755 index 00000000..ba5cb2a5 --- /dev/null +++ b/jenkins-init-scripts/init.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# SPDX-License-Identifier: EPL-1.0 +############################################################################## +# Copyright (c) 2016 The Linux Foundation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +############################################################################## + +INIT_SCRIPTS_DIR="/opt/ciman/jjb/global-jjb/jenkins-init-scripts" + +"$INIT_SCRIPTS_DIR/basic-settings.sh" +"$INIT_SCRIPTS_DIR/disable-firewall.sh" +"$INIT_SCRIPTS_DIR/create-swap-file.sh" + +# Entry point for additional local minion customization +# Eg. OpenDaylight has additional bootstrap scripts depending on minion type. +if [ -f "/opt/ciman/jenkins-init-scripts/local-init.sh" ]; then + /opt/ciman/jenkins-init-scripts/local-init.sh +fi + +# Create the jenkins user last so that hopefully we DO NOT have to deal with +# guard files +"$INIT_SCRIPTS_DIR/create-jenkins-user.sh" -- 2.16.6