Changeset View
Changeset View
Standalone View
Standalone View
contrib/teamcity/setup-agent.sh
- This file was added.
| Property | Old Value | New Value |
|---|---|---|
| File Mode | null | 100755 |
| #!/usr/bin/env bash | |||||
| ### CHECK THE SCRIPT IS RUNNING ON DEBIAN 9, WARN OTHERWISE | |||||
| # Debian based distributions put definitions in /etc/os-release | |||||
| DIST_FILE=/etc/os-release | |||||
| DIST_WARNING="WARNING: this script is targeting Debian 9 only. Use at your own risk." | |||||
| # Additional packages to install | |||||
| if [[ ! -f "${DIST_FILE}" ]]; then | |||||
| echo "WARNING: unable to locate the distribution definitions file ${DIST_FILE}." | |||||
| echo "${DIST_WARNING}" | |||||
| fi | |||||
| DIST_ID=`cat ${DIST_FILE} | grep "^ID=" | cut -d'=' -f2` | |||||
| DIST_VERSION_ID=`cat ${DIST_FILE} | grep "^VERSION_ID=" | cut -d'=' -f2` | |||||
| echo "Distribution: ${DIST_ID}" | |||||
| echo "Version: ${DIST_VERSION_ID}" | |||||
| if [[ "${DIST_ID}" != "debian" || "${DIST_VERSION_ID}" != '"9"' ]]; then | |||||
| echo "${DIST_WARNING}" | |||||
| fi | |||||
| ### FIND THE WAN NETWORK INTERFACE | |||||
| echo "INFO: start WAN network interface detection" | |||||
| NET_PING_SITE="google.com" | |||||
| # Get the active network interfaces | |||||
| NET_DEVS=`ip addr show | awk '/inet.*brd/{print $NF}'` | |||||
| for d in ${NET_DEVS} | |||||
| do | |||||
| echo "INFO: trying network interface $d" | |||||
| ping -c 1 -I $d "${NET_PING_SITE}" | |||||
| if [[ $? -eq 0 ]]; then | |||||
| NET_DEV=$d | |||||
| break | |||||
| fi | |||||
| done | |||||
| if [[ -z "${NET_DEV}" ]]; then | |||||
| echo "ERROR: could not determine an active WAN network interface. Aborting" | |||||
| exit 1 | |||||
| fi | |||||
| echo "INFO: using ${NET_DEV} as the main network interface" | |||||
| ### INSTALL ADDITIONAL PACKAGES | |||||
| echo "INFO: start installing additional packages" | |||||
| set -e | |||||
| INSTALL_PACKAGES=( | |||||
| # Server management | |||||
| fail2ban | |||||
| sudo | |||||
| # Build dependencies | |||||
| automake | |||||
| autotools-dev | |||||
| bsdmainutils | |||||
| build-essential | |||||
| default-jdk-headless | |||||
| git | |||||
| libboost-all-dev | |||||
| libdb-dev | |||||
| libdb++-dev | |||||
| libevent-dev | |||||
| libminiupnpc-dev | |||||
| libprotobuf-dev | |||||
| libqrencode-dev | |||||
| libqt5core5a | |||||
| libqt5dbus5 | |||||
| libqt5gui5 | |||||
| libssl-dev | |||||
| libtool | |||||
| libzmq3-dev | |||||
| pkg-config | |||||
| protobuf-compiler | |||||
| python3 | |||||
| python3-zmq | |||||
| qttools5-dev | |||||
| qttools5-dev-tools | |||||
| # Teamcity dependencies | |||||
| default-jre | |||||
| unzip | |||||
| # Gitian dependencies | |||||
| apparmor | |||||
| apt-cacher-ng | |||||
| bridge-utils | |||||
| curl | |||||
| debootstrap | |||||
| firewalld | |||||
| git | |||||
| iptables | |||||
| kpartx | |||||
| lxc | |||||
| make | |||||
| parted | |||||
| python-cheetah | |||||
| qemu-utils | |||||
| ruby | |||||
| ubuntu-archive-keyring | |||||
| ) | |||||
| function join_by { local IFS="$1"; shift; echo "$*"; } | |||||
| echo "INFO: updating package list" | |||||
| apt update | |||||
| echo "INFO: installing ${INSTALL_PACKAGES[*]}" | |||||
| apt install -y $(join_by ' ' ${INSTALL_PACKAGES[@]}) | |||||
| ### TEAMCITY SETUP | |||||
| echo "INFO: start Teamcity agent setup" | |||||
| # Add the Teamcity user (no password) | |||||
| useradd -m teamcity | |||||
| adduser teamcity sudo | |||||
| passwd -d teamcity | |||||
| # Setup Java environment variable | |||||
| echo 'JAVA_HOME="/usr/lib/jvm/default-java"' >> /etc/environment | |||||
| # Move to the teamcity user home directory | |||||
| cd /home/teamcity | |||||
| # Get the Teamcity agent script and configure the agent | |||||
| sudo su teamcity -c 'wget https://build.bitcoinabc.org/update/buildAgent.zip' | |||||
deadalnix: Always verify intergrity of what you get from the internet. | |||||
| sudo su teamcity -c 'unzip -d buildAgent -q buildAgent.zip' | |||||
| cd buildAgent/conf | |||||
| sudo su teamcity -c 'cp buildAgent.dist.properties buildAgent.properties' | |||||
| sudo su teamcity -c "sed -i 's#serverUrl=.*#serverUrl=https://build.bitcoinabc.org/#g' buildAgent.properties" | |||||
| cd ../bin | |||||
| sudo su teamcity -c 'chmod +x agent.sh' | |||||
| # Setup automatic start for the Teamcity agent | |||||
| cd /etc/init.d | |||||
| wget https://raw.githubusercontent.com/Bitcoin-ABC/bitcoin-abc/master/contrib/teamcity/buildAgent-autostart -O buildAgent | |||||
| chmod 755 buildAgent | |||||
| update-rc.d buildAgent defaults | |||||
| ### GITIAN SETUP | |||||
| # the version of lxc-start in Debian needs to run as root, so make sure | |||||
| # that the build script can execute it without providing a password | |||||
| echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc | |||||
| echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-execute" >> /etc/sudoers.d/gitian-lxc | |||||
| # make /etc/rc.local script that sets up bridge between guest and host | |||||
| echo '#!/bin/sh -e' > /etc/rc.local | |||||
| echo 'brctl addbr lxcbr0' >> /etc/rc.local | |||||
| echo 'ip addr add 10.0.3.1/24 broadcast 10.0.3.255 dev lxcbr0' >> /etc/rc.local | |||||
| echo 'ip link set lxcbr0 up' >> /etc/rc.local | |||||
| echo 'firewall-cmd --zone=trusted --add-interface=lxcbr0' >> /etc/rc.local | |||||
| echo "iptables -t nat -A POSTROUTING -o ${NET_DEV} -j MASQUERADE" >> /etc/rc.local | |||||
| echo 'echo 1 > /proc/sys/net/ipv4/ip_forward' >> /etc/rc.local | |||||
| echo 'exit 0' >> /etc/rc.local | |||||
| chmod +x /etc/rc.local | |||||
| # make sure that USE_LXC is always set when logging in as teamcity, | |||||
| # and configure LXC IP addresses | |||||
| echo 'export USE_LXC=1' >> /home/teamcity/.profile | |||||
| echo 'export GITIAN_HOST_IP=10.0.3.1' >> /home/teamcity/.profile | |||||
| echo 'export LXC_GUEST_IP=10.0.3.5' >> /home/teamcity/.profile | |||||
| # Install vm-builder | |||||
| cd /home/teamcity | |||||
| sudo su teamcity -c 'wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr494.orig.tar.gz' | |||||
deadalnixUnsubmitted Not Done Inline Actionssudo -u teamcity command deadalnix: sudo -u teamcity command | |||||
| sudo su teamcity -c 'echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c' | |||||
| sudo su teamcity -c 'tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz' | |||||
| cd vm-builder-0.12.4+bzr494 | |||||
| python setup.py install | |||||
| cd .. | |||||
| # Prepare Gitian base VM | |||||
| sudo su teamcity -c 'git clone https://github.com/devrandom/gitian-builder.git' | |||||
| sudo su teamcity -c 'git clone https://github.com/Bitcoin-ABC/bitcoin-abc.git' | |||||
| cd gitian-builder | |||||
| sudo su teamcity -c 'bin/make-base-vm --lxc --arch amd64 --distro debian --suite stretch' | |||||
| ### CLEANUP AND REBOOT | |||||
| echo "INFO: cleaning up and rebooting the machine" | |||||
| # Reset teamcity password to something more secure | |||||
| usermod -p '$6$pHcBHB0i$wPFaojwrPdlYl9mWnAiiWoSFkwDvJq6mTMrP5AP.JSaVZVm7RF..P7wx5a3hQsJf9tcH.1M8OHc7IMndlDNlM.' teamcity | |||||
deadalnixUnsubmitted Not Done Inline ActionsHaving a machine setup with a user with a default known password that is also a sudoer is probably not the best security practice. The machine can be presetup with pubkeys for login. deadalnix: Having a machine setup with a user with a default known password that is also a sudoer is… | |||||
| echo "INFO: teamcity user password reset to default. Don't forget to change the password after first login !" | |||||
| echo "INFO: rebooting the machine" | |||||
| reboot | |||||
Always verify intergrity of what you get from the internet.