makotom/nomad_client_user_data.sh

## nomad_client_user_data.sh
#!/bin/bash

set -exu

export http_proxy=""
export https_proxy=""
export no_proxy=""
export aws_instance_metadata_url="http://169.254.169.254"
export DEBIAN_FRONTEND=noninteractive
UNAME="$(uname -r)"

echo "-------------------------------------------"
echo "     Performing System Updates"
echo "-------------------------------------------"
apt-get update && apt-get -y upgrade

echo "--------------------------------------"
echo "        Installing NTP"
echo "--------------------------------------"
apt-get install -y ntp

# Use AWS NTP config for EC2 instances and default for non-AWS
if [ -f /sys/hypervisor/uuid ] && [ `head -c 3 /sys/hypervisor/uuid` == ec2 ]; then
cat <<EOT > /etc/ntp.conf
driftfile /var/lib/ntp/ntp.drift
disable monitor
restrict default ignore
restrict 127.0.0.1 mask 255.0.0.0
restrict 169.254.169.123 nomodify notrap
server 169.254.169.123 prefer iburst
EOT
else
  echo "USING DEFAULT NTP CONFIGURATION"
fi

service ntp restart

echo "--------------------------------------"
echo "        Installing Docker"
echo "--------------------------------------"
apt-get install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt-get install -y "linux-image-$UNAME"
apt-get update
apt-get -y install docker-ce=5:18.09.9~3-0~ubuntu-xenial

# force docker to use userns-remap to mitigate CVE 2019-5736
apt-get -y install jq
mkdir -p /etc/docker
[ -f /etc/docker/daemon.json ] || echo '{}' > /etc/docker/daemon.json
tmp=$(mktemp)
cp /etc/docker/daemon.json /etc/docker/daemon.json.orig
jq '.["userns-remap"]="default"' /etc/docker/daemon.json > "$tmp" && mv "$tmp" /etc/docker/daemon.json

sudo echo 'export http_proxy=""' >> /etc/default/docker
sudo echo 'export https_proxy=""' >> /etc/default/docker
sudo echo 'export no_proxy=""' >> /etc/default/docker
sudo service docker restart
sleep 5

echo "--------------------------------------"
echo "         Installing nomad"
echo "--------------------------------------"
apt-get install -y zip
curl -o nomad.zip https://releases.hashicorp.com/nomad/0.9.3/nomad_0.9.3_linux_amd64.zip
unzip nomad.zip
mv nomad /usr/bin

echo "--------------------------------------"
echo "      Creating config.hcl"
echo "--------------------------------------"
export PRIVATE_IP="$(/sbin/ifconfig ens3 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')"
export INSTANCE_ID="$(curl $aws_instance_metadata_url/latest/meta-data/instance-id)"
mkdir -p /etc/nomad
cat <<EOT > /etc/nomad/config.hcl
log_level = "DEBUG"
name = "$INSTANCE_ID"
data_dir = "/opt/nomad"
datacenter = "default"
advertise {
    http = "$PRIVATE_IP"
    rpc = "$PRIVATE_IP"
    serf = "$PRIVATE_IP"
}
client {
    enabled = true
    # Expecting to have DNS record for nomad server(s)
    servers = ["REPLACE_ME_WITH_SERVICE_BOX_IP:4647"]
    node_class = "linux-64bit"
    options = {"driver.raw_exec.enable" = "1"}
}
EOT

echo "--------------------------------------"
echo "      Creating nomad.conf"
echo "--------------------------------------"
cat <<EOT > /etc/systemd/system/nomad.service
[Unit]
Description="nomad"
[Service]
Restart=always
RestartSec=30
TimeoutStartSec=1m
ExecStart=/usr/bin/nomad agent -config /etc/nomad/config.hcl
[Install]
WantedBy=multi-user.target
EOT

echo "--------------------------------------"
echo "   Creating ci-privileged network"
echo "--------------------------------------"
docker network create --driver=bridge --opt com.docker.network.bridge.name=ci-privileged ci-privileged

echo "--------------------------------------"
echo "      Starting Nomad service"
echo "--------------------------------------"
service nomad restart
	#!/bin/bash

	set -exu

	export http_proxy=""
	export https_proxy=""
	export no_proxy=""
	export aws_instance_metadata_url="http://169.254.169.254"
	export DEBIAN_FRONTEND=noninteractive
	UNAME="$(uname -r)"

	echo "-------------------------------------------"
	echo " Performing System Updates"
	echo "-------------------------------------------"
	apt-get update && apt-get -y upgrade

	echo "--------------------------------------"
	echo " Installing NTP"
	echo "--------------------------------------"
	apt-get install -y ntp

	# Use AWS NTP config for EC2 instances and default for non-AWS
	if [ -f /sys/hypervisor/uuid ] && [ `head -c 3 /sys/hypervisor/uuid` == ec2 ]; then
	cat <<EOT > /etc/ntp.conf
	driftfile /var/lib/ntp/ntp.drift
	disable monitor
	restrict default ignore
	restrict 127.0.0.1 mask 255.0.0.0
	restrict 169.254.169.123 nomodify notrap
	server 169.254.169.123 prefer iburst
	EOT
	else
	echo "USING DEFAULT NTP CONFIGURATION"
	fi

	service ntp restart

	echo "--------------------------------------"
	echo " Installing Docker"
	echo "--------------------------------------"
	apt-get install -y apt-transport-https ca-certificates curl software-properties-common
	curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| apt-key add -
	add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
	apt-get install -y "linux-image-$UNAME"
	apt-get update
	apt-get -y install docker-ce=5:18.09.9~3-0~ubuntu-xenial

	# force docker to use userns-remap to mitigate CVE 2019-5736
	apt-get -y install jq
	mkdir -p /etc/docker
	[ -f /etc/docker/daemon.json ] \|\| echo '{}' > /etc/docker/daemon.json
	tmp=$(mktemp)
	cp /etc/docker/daemon.json /etc/docker/daemon.json.orig
	jq '.["userns-remap"]="default"' /etc/docker/daemon.json > "$tmp" && mv "$tmp" /etc/docker/daemon.json

	sudo echo 'export http_proxy=""' >> /etc/default/docker
	sudo echo 'export https_proxy=""' >> /etc/default/docker
	sudo echo 'export no_proxy=""' >> /etc/default/docker
	sudo service docker restart
	sleep 5

	echo "--------------------------------------"
	echo " Installing nomad"
	echo "--------------------------------------"
	apt-get install -y zip
	curl -o nomad.zip https://releases.hashicorp.com/nomad/0.9.3/nomad_0.9.3_linux_amd64.zip
	unzip nomad.zip
	mv nomad /usr/bin

	echo "--------------------------------------"
	echo " Creating config.hcl"
	echo "--------------------------------------"
	export PRIVATE_IP="$(/sbin/ifconfig ens3 \| grep 'inet addr:' \| cut -d: -f2 \| awk '{ print $1}')"
	export INSTANCE_ID="$(curl $aws_instance_metadata_url/latest/meta-data/instance-id)"
	mkdir -p /etc/nomad
	cat <<EOT > /etc/nomad/config.hcl
	log_level = "DEBUG"
	name = "$INSTANCE_ID"
	data_dir = "/opt/nomad"
	datacenter = "default"
	advertise {
	http = "$PRIVATE_IP"
	rpc = "$PRIVATE_IP"
	serf = "$PRIVATE_IP"
	}
	client {
	enabled = true
	# Expecting to have DNS record for nomad server(s)
	servers = ["REPLACE_ME_WITH_SERVICE_BOX_IP:4647"]
	node_class = "linux-64bit"
	options = {"driver.raw_exec.enable" = "1"}
	}
	EOT

	echo "--------------------------------------"
	echo " Creating nomad.conf"
	echo "--------------------------------------"
	cat <<EOT > /etc/systemd/system/nomad.service
	[Unit]
	Description="nomad"
	[Service]
	Restart=always
	RestartSec=30
	TimeoutStartSec=1m
	ExecStart=/usr/bin/nomad agent -config /etc/nomad/config.hcl
	[Install]
	WantedBy=multi-user.target
	EOT

	echo "--------------------------------------"
	echo " Creating ci-privileged network"
	echo "--------------------------------------"
	docker network create --driver=bridge --opt com.docker.network.bridge.name=ci-privileged ci-privileged

	echo "--------------------------------------"
	echo " Starting Nomad service"
	echo "--------------------------------------"
	service nomad restart