Created
February 17, 2020 03:34
-
-
Save makotom/b29e060ebcf3a43d40fc113196649f7b to your computer and use it in GitHub Desktop.
Upgrade Nomad clients for CircleCI 2.19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -exu | |
NOMAD_VERSION="0.9.3" | |
DOCKER_VERSION="18.09.9" | |
UNAME="$(uname -r)" | |
export DEBIAN_FRONTEND=noninteractive | |
is_xenial(){ | |
[ "$(cut -d'.' -f1 <<< $UNAME)" = "4" ] && return 0 || return 1 | |
} | |
guess_private_ip(){ | |
INET="eth0" | |
is_xenial && INET="ens3" | |
/sbin/ifconfig $INET | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}' | |
} | |
docker_package_name(){ | |
# Determines the Docker package name based off the version. | |
docker_ver_major=$(echo $DOCKER_VERSION | cut -d "." -f1) | |
docker_ver_minor=$(echo $DOCKER_VERSION | cut -d "." -f2) | |
if [[ $docker_ver_major -ge 19 ]]; then | |
echo "5:$DOCKER_VERSION~3-0~ubuntu-$(lsb_release -cs)" | |
fi | |
if [[ $docker_ver_major == 18 ]]; then | |
if [[ $((10#$docker_ver_minor)) -ge 9 ]]; then | |
echo "5:$DOCKER_VERSION~3-0~ubuntu-$(lsb_release -cs)" | |
elif [[ $((10#$docker_ver_minor)) -le 3 ]]; then | |
echo "$DOCKER_VERSION~ce-0~ubuntu" | |
else | |
echo "$DOCKER_VERSION~ce~3-0~ubuntu" | |
fi | |
fi | |
if [[ $docker_ver_major == 17 ]]; then | |
if [[ $((10#$docker_ver_minor)) -lt 6 ]]; then | |
echo "$DOCKER_VERSION~ce-0~ubuntu-$(lsb_release -cs)" | |
else | |
echo "$DOCKER_VERSION~ce-0~ubuntu" | |
fi | |
fi | |
} | |
# Make sure only root can run our script | |
if [ "$(id -u)" != "0" ]; then | |
echo "This script must be run as root" 1>&2 | |
exit 1 | |
fi | |
echo "--------------------------------------------" | |
echo " Finding Private IP" | |
echo "--------------------------------------------" | |
PRIVATE_IP=${PRIVATE_IP:-$(guess_private_ip)} | |
export PRIVATE_IP | |
echo "Using address: ${PRIVATE_IP}" | |
if [ -z "${NOMAD_SERVER_ADDRESS}" ]; then | |
echo "The NOMAD_SERVER_ADDRESS env var is required." | |
echo "It should point to the ip address of your CircleCI" | |
echo "services installation." | |
exit 1 | |
fi | |
echo "-------------------------------------------" | |
echo " Performing System Updates" | |
echo "-------------------------------------------" | |
apt-get update && apt-get -y upgrade | |
echo "-------------------------------------------" | |
echo " Installing Required Dependencies" | |
echo "-------------------------------------------" | |
apt-get install -y zip | |
echo "--------------------------------------" | |
echo " Installing Docker" | |
echo "--------------------------------------" | |
apt-get install -y apt-transport-https ca-certificates curl | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - | |
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | |
apt-get update | |
if is_xenial; then | |
apt-get install -y "linux-image-${UNAME}" | |
else | |
apt-get install -y "linux-image-extra-$(uname -r)" linux-image-extra-virtual | |
apt-get -y install cgmanager | |
fi | |
apt-get -y --allow-downgrades install docker-ce=$(docker_package_name) | |
# force docker to use userns-remap to mitigate CVE 2019-5736 | |
apt-get -y install jq | |
mkdir -p /etc/docker | |
[ -f /etc/docker/daemon.json ] || echo '{}' > /etc/docker/daemon.json | |
tmp=$(mktemp) | |
cp /etc/docker/daemon.json /etc/docker/daemon.json.orig | |
jq '."userns-remap"= "default"' /etc/docker/daemon.json > "$tmp" && mv "$tmp" /etc/docker/daemon.json | |
echo "--------------------------------------" | |
echo " Installing nomad" | |
echo "--------------------------------------" | |
curl -o nomad.zip "https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip" | |
unzip nomad.zip | |
mv nomad /usr/bin | |
mkdir -p /etc/nomad | |
echo "--------------------------------------" | |
echo " Creating config.hcl" | |
echo "--------------------------------------" | |
cat <<EOT > /etc/nomad/config.hcl | |
log_level = "DEBUG" | |
data_dir = "/opt/nomad" | |
datacenter = "default" | |
advertise { | |
http = "$PRIVATE_IP" | |
rpc = "$PRIVATE_IP" | |
serf = "$PRIVATE_IP" | |
} | |
client { | |
enabled = true | |
servers = ["${NOMAD_SERVER_ADDRESS}:4647"] | |
node_class = "linux-64bit" | |
options = {"driver.raw_exec.enable" = "1"} | |
} | |
EOT | |
echo "--------------------------------------" | |
echo " Creating nomad.conf" | |
echo "--------------------------------------" | |
if is_xenial; then | |
cat <<EOT > /etc/systemd/system/nomad.service | |
[Unit] | |
Description="nomad" | |
[Service] | |
Restart=always | |
RestartSec=30 | |
TimeoutStartSec=1m | |
ExecStart=/usr/bin/nomad agent -config /etc/nomad/config.hcl | |
[Install] | |
WantedBy=multi-user.target | |
EOT | |
else | |
cat <<EOT > /etc/init/nomad.conf | |
start on filesystem or runlevel [2345] | |
stop on shutdown | |
script | |
exec nomad agent -config /etc/nomad/config.hcl | |
end script | |
EOT | |
fi | |
echo "--------------------------------------" | |
echo " Creating ci-privileged network" | |
echo "--------------------------------------" | |
docker network create --driver=bridge --opt com.docker.network.bridge.name=ci-privileged ci-privileged | |
echo "--------------------------------------" | |
echo " Starting Nomad service" | |
echo "--------------------------------------" | |
service nomad restart | |
if is_xenial; then | |
systemctl enable nomad | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment