Changeset View
Changeset View
Standalone View
Standalone View
contrib/teamcity/setup-agent.sh
- This file was added.
Property | Old Value | New Value |
---|---|---|
File Mode | null | 100755 |
#!/usr/bin/env bash | |||||
### CHECK THE SCRIPT IS RUNNING ON DEBIAN 9, WARN OTHERWISE | |||||
# Debian based distributions put definitions in /etc/os-release | |||||
DIST_FILE=/etc/os-release | |||||
DIST_WARNING="WARNING: this script is targeting Debian 9 only. Use at your own risk." | |||||
# Additional packages to install | |||||
if [[ ! -f "${DIST_FILE}" ]]; then | |||||
echo "WARNING: unable to locate the distribution definitions file ${DIST_FILE}." | |||||
echo "${DIST_WARNING}" | |||||
fi | |||||
DIST_ID=`cat ${DIST_FILE} | grep "^ID=" | cut -d'=' -f2` | |||||
DIST_VERSION_ID=`cat ${DIST_FILE} | grep "^VERSION_ID=" | cut -d'=' -f2` | |||||
echo "Distribution: ${DIST_ID}" | |||||
echo "Version: ${DIST_VERSION_ID}" | |||||
if [[ "${DIST_ID}" != "debian" || "${DIST_VERSION_ID}" != '"9"' ]]; then | |||||
echo "${DIST_WARNING}" | |||||
fi | |||||
### FIND THE WAN NETWORK INTERFACE | |||||
echo "INFO: start WAN network interface detection" | |||||
NET_PING_SITE="google.com" | |||||
# Get the active network interfaces | |||||
NET_DEVS=`ip addr show | awk '/inet.*brd/{print $NF}'` | |||||
for d in ${NET_DEVS} | |||||
do | |||||
echo "INFO: trying network interface $d" | |||||
ping -c 1 -I $d "${NET_PING_SITE}" | |||||
if [[ $? -eq 0 ]]; then | |||||
NET_DEV=$d | |||||
break | |||||
fi | |||||
done | |||||
if [[ -z "${NET_DEV}" ]]; then | |||||
echo "ERROR: could not determine an active WAN network interface. Aborting" | |||||
exit 1 | |||||
fi | |||||
echo "INFO: using ${NET_DEV} as the main network interface" | |||||
### INSTALL ADDITIONAL PACKAGES | |||||
echo "INFO: start installing additional packages" | |||||
set -e | |||||
INSTALL_PACKAGES=( | |||||
# Server management | |||||
fail2ban | |||||
sudo | |||||
# Build dependencies | |||||
automake | |||||
autotools-dev | |||||
bsdmainutils | |||||
build-essential | |||||
default-jdk-headless | |||||
git | |||||
libboost-all-dev | |||||
libdb-dev | |||||
libdb++-dev | |||||
libevent-dev | |||||
libminiupnpc-dev | |||||
libprotobuf-dev | |||||
libqrencode-dev | |||||
libqt5core5a | |||||
libqt5dbus5 | |||||
libqt5gui5 | |||||
libssl-dev | |||||
libtool | |||||
libzmq3-dev | |||||
pkg-config | |||||
protobuf-compiler | |||||
python3 | |||||
python3-zmq | |||||
qttools5-dev | |||||
qttools5-dev-tools | |||||
# Teamcity dependencies | |||||
default-jre | |||||
unzip | |||||
# Gitian dependencies | |||||
apparmor | |||||
apt-cacher-ng | |||||
bridge-utils | |||||
curl | |||||
debootstrap | |||||
firewalld | |||||
git | |||||
iptables | |||||
kpartx | |||||
lxc | |||||
make | |||||
parted | |||||
python-cheetah | |||||
qemu-utils | |||||
ruby | |||||
ubuntu-archive-keyring | |||||
) | |||||
function join_by { local IFS="$1"; shift; echo "$*"; } | |||||
echo "INFO: updating package list" | |||||
apt update | |||||
echo "INFO: installing ${INSTALL_PACKAGES[*]}" | |||||
apt install -y $(join_by ' ' ${INSTALL_PACKAGES[@]}) | |||||
### TEAMCITY SETUP | |||||
echo "INFO: start Teamcity agent setup" | |||||
# Add the Teamcity user (no password) | |||||
useradd -m teamcity | |||||
adduser teamcity sudo | |||||
passwd -d teamcity | |||||
# Setup Java environment variable | |||||
echo 'JAVA_HOME="/usr/lib/jvm/default-java"' >> /etc/environment | |||||
# Move to the teamcity user home directory | |||||
cd /home/teamcity | |||||
# Get the Teamcity agent script and configure the agent | |||||
sudo su teamcity -c 'wget https://build.bitcoinabc.org/update/buildAgent.zip' | |||||
deadalnix: Always verify intergrity of what you get from the internet. | |||||
sudo su teamcity -c 'unzip -d buildAgent -q buildAgent.zip' | |||||
cd buildAgent/conf | |||||
sudo su teamcity -c 'cp buildAgent.dist.properties buildAgent.properties' | |||||
sudo su teamcity -c "sed -i 's#serverUrl=.*#serverUrl=https://build.bitcoinabc.org/#g' buildAgent.properties" | |||||
cd ../bin | |||||
sudo su teamcity -c 'chmod +x agent.sh' | |||||
# Setup automatic start for the Teamcity agent | |||||
cd /etc/init.d | |||||
wget https://raw.githubusercontent.com/Bitcoin-ABC/bitcoin-abc/master/contrib/teamcity/buildAgent-autostart -O buildAgent | |||||
chmod 755 buildAgent | |||||
update-rc.d buildAgent defaults | |||||
### GITIAN SETUP | |||||
# the version of lxc-start in Debian needs to run as root, so make sure | |||||
# that the build script can execute it without providing a password | |||||
echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-start" > /etc/sudoers.d/gitian-lxc | |||||
echo "%sudo ALL=NOPASSWD: /usr/bin/lxc-execute" >> /etc/sudoers.d/gitian-lxc | |||||
# make /etc/rc.local script that sets up bridge between guest and host | |||||
echo '#!/bin/sh -e' > /etc/rc.local | |||||
echo 'brctl addbr lxcbr0' >> /etc/rc.local | |||||
echo 'ip addr add 10.0.3.1/24 broadcast 10.0.3.255 dev lxcbr0' >> /etc/rc.local | |||||
echo 'ip link set lxcbr0 up' >> /etc/rc.local | |||||
echo 'firewall-cmd --zone=trusted --add-interface=lxcbr0' >> /etc/rc.local | |||||
echo "iptables -t nat -A POSTROUTING -o ${NET_DEV} -j MASQUERADE" >> /etc/rc.local | |||||
echo 'echo 1 > /proc/sys/net/ipv4/ip_forward' >> /etc/rc.local | |||||
echo 'exit 0' >> /etc/rc.local | |||||
chmod +x /etc/rc.local | |||||
# make sure that USE_LXC is always set when logging in as teamcity, | |||||
# and configure LXC IP addresses | |||||
echo 'export USE_LXC=1' >> /home/teamcity/.profile | |||||
echo 'export GITIAN_HOST_IP=10.0.3.1' >> /home/teamcity/.profile | |||||
echo 'export LXC_GUEST_IP=10.0.3.5' >> /home/teamcity/.profile | |||||
# Install vm-builder | |||||
cd /home/teamcity | |||||
sudo su teamcity -c 'wget http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr494.orig.tar.gz' | |||||
deadalnixUnsubmitted Not Done Inline Actionssudo -u teamcity command deadalnix: sudo -u teamcity command | |||||
sudo su teamcity -c 'echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c' | |||||
sudo su teamcity -c 'tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz' | |||||
cd vm-builder-0.12.4+bzr494 | |||||
python setup.py install | |||||
cd .. | |||||
# Prepare Gitian base VM | |||||
sudo su teamcity -c 'git clone https://github.com/devrandom/gitian-builder.git' | |||||
sudo su teamcity -c 'git clone https://github.com/Bitcoin-ABC/bitcoin-abc.git' | |||||
cd gitian-builder | |||||
sudo su teamcity -c 'bin/make-base-vm --lxc --arch amd64 --distro debian --suite stretch' | |||||
### CLEANUP AND REBOOT | |||||
echo "INFO: cleaning up and rebooting the machine" | |||||
# Reset teamcity password to something more secure | |||||
usermod -p '$6$pHcBHB0i$wPFaojwrPdlYl9mWnAiiWoSFkwDvJq6mTMrP5AP.JSaVZVm7RF..P7wx5a3hQsJf9tcH.1M8OHc7IMndlDNlM.' teamcity | |||||
deadalnixUnsubmitted Not Done Inline ActionsHaving a machine setup with a user with a default known password that is also a sudoer is probably not the best security practice. The machine can be presetup with pubkeys for login. deadalnix: Having a machine setup with a user with a default known password that is also a sudoer is… | |||||
echo "INFO: teamcity user password reset to default. Don't forget to change the password after first login !" | |||||
echo "INFO: rebooting the machine" | |||||
reboot |
Always verify intergrity of what you get from the internet.