Skip to content

Instantly share code, notes, and snippets.

@imos

imos/install.sh

Last active November 10, 2016 16:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save imos/38e242d1cc3a8db06d90f3368f4a3fa8 to your computer and use it in GitHub Desktop.
Save imos/38e242d1cc3a8db06d90f3368f4a3fa8 to your computer and use it in GitHub Desktop.
Download ZIP
Install Docker
Raw
install.sh
#!/bin/bash
# Usage:
# curl 'https://gist.githubusercontent.com/imos/38e242d1cc3a8db06d90f3368f4a3fa8/raw/install.sh' | bash
set -e -u
################################################################################
# 1. Docker のインストール
################################################################################
if ! which docker; then
curl -sSL https://get.docker.com/ | sudo sh
fi
sudo service docker restart
################################################################################
# 2. ユーザ ninetan (10001) の準備
################################################################################
# ユーザが存在しなければ追加する
if ! id ninetan; then
sudo useradd --home-dir=/home/ninetan --create-home --uid=10001 \
--user-group --shell=/bin/bash ninetan
fi
# ninetan 権限の下で,id_rsa の生成を行い,authorized_keys に追加する
cat <<'EOM' | sudo -u ninetan bash
set -e -u
cd /home/ninetan
mkdir -p .ssh
if [ ! -f ".ssh/id_rsa" ]; then
ssh-keygen -t 'rsa' -N '' -f '.ssh/id_rsa'
fi
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrHaL3kdZ2RekCdpkie3fsiv2yVyyWRBOO6Q68Kr+tFStRqtF8q1/UoeteUIOxzwKaAmHoaM9PkItdMBki0BLQDimCZwjjbkosritGDMTJXGd21O72mWaTv+nfq+/ishCdt6gdBYXTejvpPJhq8ZMYhTYJZkWqlGO2CKrWcnHHu1HhnValeqNWS5nh8BULOTMKaixjdzXIkWgm8HyiewvqjZXC3tZlfFDErRpiS7SYfJHd4PujjFCNyiVxZ5yOvEGMXQa1UFxQlfX8H+lAr6qObK50osAdUbvjjbhIhMvZT2higSNNtv/yiaLRnLbbOHomObvqxob5TUVdCkazXX3N imos@Moltres' > .ssh/imos.pub
cat .ssh/*.pub > .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
EOM
# ninetan が sudo を実行できるようにする
if ! sudo grep ninetan /etc/sudoers; then
echo 'ninetan ALL=(ALL:ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers
fi
################################################################################
# 3. sysctl.conf の設定
################################################################################
if [ ! -f /etc/sysctl.conf.orig -a -f /etc/sysctl.conf ]; then
sudo cp /etc/sysctl.conf /etc/sysctl.conf.orig
fi
cat <<'EOM' | sudo tee /etc/sysctl.conf
net.core.netdev_max_backlog=32768
net.core.rmem_max = 16777216
net.core.somaxconn=32768
net.core.wmem_max = 16777216
net.ipv4.ip_local_port_range= 10000 65535
net.ipv4.tcp_fin_timeout=10
net.ipv4.tcp_max_syn_backlog=32768
net.ipv4.tcp_rmem = 4096 349520 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_rfc1337=1
net.ipv4.tcp_keepalive_probes=5
net.ipv4.tcp_slow_start_after_idle=0
net.core.somaxconn=65535
EOM
sudo sysctl -p
################################################################################
# 4. 基本となる Docker (ninecontroller) の準備
################################################################################
cat <<'EOM' > ~/Dockerfile
FROM ubuntu:16.04
MAINTAINER imos
RUN sed -i -e "s%http://archive.ubuntu.com/ubuntu/%http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu/%g" /etc/apt/sources.list
# sshd のセットアップ.サーバの指紋を早期に確定するために最初に持ってきている.
RUN mkdir -p /var/run/sshd
RUN apt update && apt install --yes openssh-server
# 必要なソフトウェアのインストール
RUN apt update && apt install --yes \
apt-transport-https ca-certificates curl lxc iptables sudo openjdk-8-jdk \
unzip git g++-4.9 supervisor
RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.9 100
RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.9 100
RUN curl -sSL https://get.docker.com/ | sh
RUN useradd --home-dir=/home/ninetan --create-home --uid=10001 --user-group \
--shell=/bin/bash ninetan
RUN echo 'ninetan ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers
RUN curl -L -o /root/installer.sh 'https://github.com/bazelbuild/bazel/releases/download/0.4.0/bazel-0.4.0-installer-linux-x86_64.sh'
RUN bash /root/installer.sh && rm /root/installer.sh
RUN echo '# Bazelrc for GCC' > /etc/bazel.bazelrc
RUN echo 'build --verbose_failures --copt=-fdiagnostics-color=always --copt=-Wno-cpp --copt=-Wno-unused-local-typedefs --copt=-Wno-sign-compare --copt=-Wno-array-bounds' >> /etc/bazel.bazelrc
RUN echo 'test --verbose_failures --test_timeout=3600 --test_output=errors' >> /etc/bazel.bazelrc
# ※ ホストのDockerのAPIバージョンに合わせて変えること
# ホストのAPIバージョンは "docker version" で確認可能
RUN echo 'DOCKER_API_VERSION="1.23"' >> /etc/environment
# TODO(imos): 最初のapt installに入れる
RUN echo '[program:sshd]' > /etc/supervisor/conf.d/sshd.conf
RUN echo 'command=/usr/sbin/sshd -D -p 2222' >> /etc/supervisor/conf.d/sshd.conf
CMD /usr/bin/supervisord --nodaemon
EOM
sudo docker build --tag ninecontroller .
cat <<'EOM' | sudo tee /etc/init.d/ninecontroller
#!/bin/bash
# ninecontroller用init.dスクリプト
# ※ Dockerより後に起動する必要があるので /etc/init.d/docker の優先度を確認すること
#
# chkconfig: 2345 96 04
# description: Daemon for docker.com
start() {
sudo docker rm -f ninecontroller || true
sudo docker run --privileged \
--volume=/var/run/docker.sock:/var/run/docker.sock \
--volume=/home/ninetan:/home/ninetan \
--name=ninecontroller \
--restart=always \
--net=host \
--pid=host \
--detach \
ninecontroller
}
stop() {
sudo docker rm -f ninecontroller || true
}
case "$1" in
start|stop) $1 ;;
status) sudo docker ps --filter=name=ninecontroller ;;
restart) start ;;
*) echo "Usage: $0 {start|stop|restart|status}"; exit 2 ;;
esac
exit $?
EOM
sudo chmod +x /etc/init.d/ninecontroller
if which chkconfig; then
sudo chkconfig --add ninecontroller
else
sudo update-rc.d ninecontroller defaults
fi
sudo service ninecontroller restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment