Created
February 20, 2020 06:32
-
-
Save makotom/afcc59cdc43832ad733e0d7adecb19e1 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -exu | |
export http_proxy="" | |
export https_proxy="" | |
export no_proxy="" | |
export aws_instance_metadata_url="http://169.254.169.254" | |
export DEBIAN_FRONTEND=noninteractive | |
UNAME="$(uname -r)" | |
echo "-------------------------------------------" | |
echo " Performing System Updates" | |
echo "-------------------------------------------" | |
apt-get update && apt-get -y upgrade | |
echo "--------------------------------------" | |
echo " Installing NTP" | |
echo "--------------------------------------" | |
apt-get install -y ntp | |
# Use AWS NTP config for EC2 instances and default for non-AWS | |
if [ -f /sys/hypervisor/uuid ] && [ `head -c 3 /sys/hypervisor/uuid` == ec2 ]; then | |
cat <<EOT > /etc/ntp.conf | |
driftfile /var/lib/ntp/ntp.drift | |
disable monitor | |
restrict default ignore | |
restrict 127.0.0.1 mask 255.0.0.0 | |
restrict 169.254.169.123 nomodify notrap | |
server 169.254.169.123 prefer iburst | |
EOT | |
else | |
echo "USING DEFAULT NTP CONFIGURATION" | |
fi | |
service ntp restart | |
echo "--------------------------------------" | |
echo " Installing Docker" | |
echo "--------------------------------------" | |
apt-get install -y apt-transport-https ca-certificates curl software-properties-common | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - | |
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | |
apt-get install -y "linux-image-$UNAME" | |
apt-get update | |
apt-get -y install docker-ce=5:18.09.9~3-0~ubuntu-xenial | |
# force docker to use userns-remap to mitigate CVE 2019-5736 | |
apt-get -y install jq | |
mkdir -p /etc/docker | |
[ -f /etc/docker/daemon.json ] || echo '{}' > /etc/docker/daemon.json | |
tmp=$(mktemp) | |
cp /etc/docker/daemon.json /etc/docker/daemon.json.orig | |
jq '.["userns-remap"]="default"' /etc/docker/daemon.json > "$tmp" && mv "$tmp" /etc/docker/daemon.json | |
sudo echo 'export http_proxy=""' >> /etc/default/docker | |
sudo echo 'export https_proxy=""' >> /etc/default/docker | |
sudo echo 'export no_proxy=""' >> /etc/default/docker | |
sudo service docker restart | |
sleep 5 | |
echo "--------------------------------------" | |
echo " Installing nomad" | |
echo "--------------------------------------" | |
apt-get install -y zip | |
curl -o nomad.zip https://releases.hashicorp.com/nomad/0.9.3/nomad_0.9.3_linux_amd64.zip | |
unzip nomad.zip | |
mv nomad /usr/bin | |
echo "--------------------------------------" | |
echo " Creating config.hcl" | |
echo "--------------------------------------" | |
export PRIVATE_IP="$(/sbin/ifconfig ens3 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')" | |
export INSTANCE_ID="$(curl $aws_instance_metadata_url/latest/meta-data/instance-id)" | |
mkdir -p /etc/nomad | |
cat <<EOT > /etc/nomad/config.hcl | |
log_level = "DEBUG" | |
name = "$INSTANCE_ID" | |
data_dir = "/opt/nomad" | |
datacenter = "default" | |
advertise { | |
http = "$PRIVATE_IP" | |
rpc = "$PRIVATE_IP" | |
serf = "$PRIVATE_IP" | |
} | |
client { | |
enabled = true | |
# Expecting to have DNS record for nomad server(s) | |
servers = ["REPLACE_ME_WITH_SERVICE_BOX_IP:4647"] | |
node_class = "linux-64bit" | |
options = {"driver.raw_exec.enable" = "1"} | |
} | |
EOT | |
echo "--------------------------------------" | |
echo " Creating nomad.conf" | |
echo "--------------------------------------" | |
cat <<EOT > /etc/systemd/system/nomad.service | |
[Unit] | |
Description="nomad" | |
[Service] | |
Restart=always | |
RestartSec=30 | |
TimeoutStartSec=1m | |
ExecStart=/usr/bin/nomad agent -config /etc/nomad/config.hcl | |
[Install] | |
WantedBy=multi-user.target | |
EOT | |
echo "--------------------------------------" | |
echo " Creating ci-privileged network" | |
echo "--------------------------------------" | |
docker network create --driver=bridge --opt com.docker.network.bridge.name=ci-privileged ci-privileged | |
echo "--------------------------------------" | |
echo " Starting Nomad service" | |
echo "--------------------------------------" | |
service nomad restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment