forked from kata-containers/ci
-
Notifications
You must be signed in to change notification settings - Fork 0
/
user-data.proxy
executable file
·123 lines (110 loc) · 4.05 KB
/
user-data.proxy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#cloud-config
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
users:
- name: USERNAME
gecos: Jenkins User
lock-passwd: false
shell: /bin/bash
sudo: ALL=(ALL) NOPASSWD:ALL
ssh-authorized-keys:
- PUBLICKEYCONTENTS
packages:
- bc
- build-essential
- curl
- default-jre
- gawk
- gcc
- git
- jq
- make
## PROXY specific mods
# We need socat for our git proxy script
- socat
runcmd:
## PROXY specific mods
# Looks like the write_file to the USERNAME user homedir, even though the file
# is owned by USERNAME, makes all the dirs owned by root - so, let's put them
# back
- chown -R USERNAME /home/USERNAME
- chgrp -R USERNAME /home/USERNAME
# Install Go - we use it to bootstrap the metrics environment from the Jenkins scripts.
# The sourceing of environment is a workaround to get any proxy settings we need
- 'bash -c "set -a; source /etc/environment; set +a; curl -L https://dl.google.com/go/go1.10.2.linux-ARCH.tar.gz -o /tmp/go1.10.2.linux-ARCH.tar.gz"'
- tar -C /usr/local -xzf /tmp/go1.10.2.linux-ARCH.tar.gz
- rm /tmp/go1.10.2.linux-ARCH.tar.gz
# Install docker
# The sourceing of environment is a workaround to get any proxy settings we need
- 'bash -c "set -a; source /etc/environment; set +a; curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -"'
- sudo add-apt-repository "deb [arch=ARCH] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- apt-get update
- apt-get install -y docker-ce
- gpasswd -a USERNAME docker
# Remove the unattended upgrade feature, for two reasons:
# - It takes the apt-lock, and can thus make our CI script apt usage fail (and thus
# fail the whole run.
# - It may run in the background and purturb any metrics measurements we are trying to
# take - that is, it injects noise into our test system.
- apt remove -y unattended-upgrades
# Also disable the apt daily service so it does not invoke any polls that may take
# the apt-lock
- systemctl mask apt-daily.service
- systemctl mask apt-daily.timer
- systemctl mask apt-daily-upgrade.service
- systemctl mask apt-daily-upgrade.timer
# Cleanup
- apt-get auto-remove -y
# We leave the VM running, for the user to detach and then run the
# host side completion script, which will then shut the VM down when
# finally configured
## PROXY specific mods
apt:
http_proxy: http://PROXY_IP:PROXY_PORT
https_proxy: https://PROXY_IP:PROXY_PORT
ftp_proxy: http://PROXY_IP:PROXY_PORT
write_files:
- content: |
http_proxy="http://PROXY_IP:PROXY_PORT"
https_proxy="https://PROXY_IP:PROXY_PORT"
ftp_proxy="http://PROXY_IP:PROXY_PORT"
no_proxy="localhost,127.0.0.1"
path: /etc/environment
permissions: '0644'
- content: |
#!/bin/bash
PROXY=PROXY_IP
exec socat STDIO SOCKS4:$PROXY:$1:$2
path: /home/USERNAME/bin/gitproxy
# We need to set up the users git identity, otherwise git complains and
# errors out on some merge/forward operations for PR builds.
# Just can't get these ownerships to work with cloud-init
# we'll fix them in the runcmd section.
# owner: USERNAME:USERNAME
permissions: '0744'
- content: |
[user]
name = USERNAME User
# Safe using a fake email here - we never post to it or expose it outside
# of the VM.
email = USERNAME@HOSTNAME
[core]
gitproxy = /home/USERNAME/bin/gitproxy
[http]
proxy = http://PROXY_IP:PROXY_PORT
[https]
proxy = https://PROXY_IP:PROXY_PORT
path: /home/USERNAME/.gitconfig
# Just can't get these ownerships to work with cloud-init
# we'll fix them in the runcmd section.
# owner: USERNAME:USERNAME
permissions: '0644'
- content: |
[Service]
Environment="HTTP_PROXY=http://PROXY_IP:PROXY_PORT"
Environment="HTTPS_PROXY=https://PROXY_IP:PROXY_PORT"
Environment="FTP_PROXY=http://PROXY_IP:PROXY_PORT"
Environment="NO_PROXY=localhost,127.0.0.1"
path: /etc/systemd/system/docker.service.d/http-proxy.conf
permissions: '0644'