Last active
November 10, 2016 16:57
-
-
Save imos/38e242d1cc3a8db06d90f3368f4a3fa8 to your computer and use it in GitHub Desktop.
Install Docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Usage: | |
# curl 'https://gist.githubusercontent.com/imos/38e242d1cc3a8db06d90f3368f4a3fa8/raw/install.sh' | bash | |
set -e -u | |
################################################################################ | |
# 1. Docker のインストール | |
################################################################################ | |
if ! which docker; then | |
curl -sSL https://get.docker.com/ | sudo sh | |
fi | |
sudo service docker restart | |
################################################################################ | |
# 2. ユーザ ninetan (10001) の準備 | |
################################################################################ | |
# ユーザが存在しなければ追加する | |
if ! id ninetan; then | |
sudo useradd --home-dir=/home/ninetan --create-home --uid=10001 \ | |
--user-group --shell=/bin/bash ninetan | |
fi | |
# ninetan 権限の下で,id_rsa の生成を行い,authorized_keys に追加する | |
cat <<'EOM' | sudo -u ninetan bash | |
set -e -u | |
cd /home/ninetan | |
mkdir -p .ssh | |
if [ ! -f ".ssh/id_rsa" ]; then | |
ssh-keygen -t 'rsa' -N '' -f '.ssh/id_rsa' | |
fi | |
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrHaL3kdZ2RekCdpkie3fsiv2yVyyWRBOO6Q68Kr+tFStRqtF8q1/UoeteUIOxzwKaAmHoaM9PkItdMBki0BLQDimCZwjjbkosritGDMTJXGd21O72mWaTv+nfq+/ishCdt6gdBYXTejvpPJhq8ZMYhTYJZkWqlGO2CKrWcnHHu1HhnValeqNWS5nh8BULOTMKaixjdzXIkWgm8HyiewvqjZXC3tZlfFDErRpiS7SYfJHd4PujjFCNyiVxZ5yOvEGMXQa1UFxQlfX8H+lAr6qObK50osAdUbvjjbhIhMvZT2higSNNtv/yiaLRnLbbOHomObvqxob5TUVdCkazXX3N imos@Moltres' > .ssh/imos.pub | |
cat .ssh/*.pub > .ssh/authorized_keys | |
chmod 600 .ssh/authorized_keys | |
EOM | |
# ninetan が sudo を実行できるようにする | |
if ! sudo grep ninetan /etc/sudoers; then | |
echo 'ninetan ALL=(ALL:ALL) NOPASSWD: ALL' | sudo tee -a /etc/sudoers | |
fi | |
################################################################################ | |
# 3. sysctl.conf の設定 | |
################################################################################ | |
if [ ! -f /etc/sysctl.conf.orig -a -f /etc/sysctl.conf ]; then | |
sudo cp /etc/sysctl.conf /etc/sysctl.conf.orig | |
fi | |
cat <<'EOM' | sudo tee /etc/sysctl.conf | |
net.core.netdev_max_backlog=32768 | |
net.core.rmem_max = 16777216 | |
net.core.somaxconn=32768 | |
net.core.wmem_max = 16777216 | |
net.ipv4.ip_local_port_range= 10000 65535 | |
net.ipv4.tcp_fin_timeout=10 | |
net.ipv4.tcp_max_syn_backlog=32768 | |
net.ipv4.tcp_rmem = 4096 349520 16777216 | |
net.ipv4.tcp_timestamps = 0 | |
net.ipv4.tcp_tw_recycle=1 | |
net.ipv4.tcp_tw_reuse=1 | |
net.ipv4.tcp_wmem = 4096 65536 16777216 | |
net.ipv4.tcp_rfc1337=1 | |
net.ipv4.tcp_keepalive_probes=5 | |
net.ipv4.tcp_slow_start_after_idle=0 | |
net.core.somaxconn=65535 | |
EOM | |
sudo sysctl -p | |
################################################################################ | |
# 4. 基本となる Docker (ninecontroller) の準備 | |
################################################################################ | |
cat <<'EOM' > ~/Dockerfile | |
FROM ubuntu:16.04 | |
MAINTAINER imos | |
RUN sed -i -e "s%http://archive.ubuntu.com/ubuntu/%http://ap-northeast-1.ec2.archive.ubuntu.com/ubuntu/%g" /etc/apt/sources.list | |
# sshd のセットアップ.サーバの指紋を早期に確定するために最初に持ってきている. | |
RUN mkdir -p /var/run/sshd | |
RUN apt update && apt install --yes openssh-server | |
# 必要なソフトウェアのインストール | |
RUN apt update && apt install --yes \ | |
apt-transport-https ca-certificates curl lxc iptables sudo openjdk-8-jdk \ | |
unzip git g++-4.9 supervisor | |
RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.9 100 | |
RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.9 100 | |
RUN curl -sSL https://get.docker.com/ | sh | |
RUN useradd --home-dir=/home/ninetan --create-home --uid=10001 --user-group \ | |
--shell=/bin/bash ninetan | |
RUN echo 'ninetan ALL=(ALL:ALL) NOPASSWD: ALL' >> /etc/sudoers | |
RUN curl -L -o /root/installer.sh 'https://github.com/bazelbuild/bazel/releases/download/0.4.0/bazel-0.4.0-installer-linux-x86_64.sh' | |
RUN bash /root/installer.sh && rm /root/installer.sh | |
RUN echo '# Bazelrc for GCC' > /etc/bazel.bazelrc | |
RUN echo 'build --verbose_failures --copt=-fdiagnostics-color=always --copt=-Wno-cpp --copt=-Wno-unused-local-typedefs --copt=-Wno-sign-compare --copt=-Wno-array-bounds' >> /etc/bazel.bazelrc | |
RUN echo 'test --verbose_failures --test_timeout=3600 --test_output=errors' >> /etc/bazel.bazelrc | |
# ※ ホストのDockerのAPIバージョンに合わせて変えること | |
# ホストのAPIバージョンは "docker version" で確認可能 | |
RUN echo 'DOCKER_API_VERSION="1.23"' >> /etc/environment | |
# TODO(imos): 最初のapt installに入れる | |
RUN echo '[program:sshd]' > /etc/supervisor/conf.d/sshd.conf | |
RUN echo 'command=/usr/sbin/sshd -D -p 2222' >> /etc/supervisor/conf.d/sshd.conf | |
CMD /usr/bin/supervisord --nodaemon | |
EOM | |
sudo docker build --tag ninecontroller . | |
cat <<'EOM' | sudo tee /etc/init.d/ninecontroller | |
#!/bin/bash | |
# ninecontroller用init.dスクリプト | |
# ※ Dockerより後に起動する必要があるので /etc/init.d/docker の優先度を確認すること | |
# | |
# chkconfig: 2345 96 04 | |
# description: Daemon for docker.com | |
start() { | |
sudo docker rm -f ninecontroller || true | |
sudo docker run --privileged \ | |
--volume=/var/run/docker.sock:/var/run/docker.sock \ | |
--volume=/home/ninetan:/home/ninetan \ | |
--name=ninecontroller \ | |
--restart=always \ | |
--net=host \ | |
--pid=host \ | |
--detach \ | |
ninecontroller | |
} | |
stop() { | |
sudo docker rm -f ninecontroller || true | |
} | |
case "$1" in | |
start|stop) $1 ;; | |
status) sudo docker ps --filter=name=ninecontroller ;; | |
restart) start ;; | |
*) echo "Usage: $0 {start|stop|restart|status}"; exit 2 ;; | |
esac | |
exit $? | |
EOM | |
sudo chmod +x /etc/init.d/ninecontroller | |
if which chkconfig; then | |
sudo chkconfig --add ninecontroller | |
else | |
sudo update-rc.d ninecontroller defaults | |
fi | |
sudo service ninecontroller restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment