Merge "[VOL-3812] BBSim Igmp Scale"
diff --git a/jenkins-scripts/README b/jenkins-scripts/README
index 63a49a6..0c74035 100644
--- a/jenkins-scripts/README
+++ b/jenkins-scripts/README
@@ -1,8 +1,23 @@
-The scripts in this directory are used by the Jenkins spin-up component
-for dynamic minions.
+These scripts are run at boot time of a VM to configure it as a Jenkins minion.
-The spinup script will be as follows (${system_type} will be replaced
-with the appropriate system_type script)
+See the upstream LF project for where they originated:
-git clone https://github.com/edgexfoundry/ci-management.git /ci-management
-/ci-management/jenkins-scripts/jenkins-init-script.sh
+ https://gerrit.linuxfoundation.org/infra/gitweb?p=releng/global-jjb.git;a=tree;f=jenkins-init-scripts;hb=HEAD
+
+Our versions differ from LF's in a number of ways:
+
+- More secure SSH defaults
+- Omit unneeded portions of the scripts
+
+On bootstrap a script is provided as EC2 User Data that will pull down this
+repo and run the init script. It should look like:
+
+ #!/bin/bash
+
+ # Clone the management repo
+ git clone https://gerrit.opencord.org/ci-management.git /ci-management
+ /ci-management/jenkins-scripts/jenkins-init-script.sh
+
+ # clean-up from the init run
+ rm -rf /ci-management
+
diff --git a/jenkins-scripts/basic_settings.sh b/jenkins-scripts/basic_settings.sh
index bf0eea0..47a3f4c 100755
--- a/jenkins-scripts/basic_settings.sh
+++ b/jenkins-scripts/basic_settings.sh
@@ -9,39 +9,31 @@
# http://www.eclipse.org/legal/epl-v10.html
##############################################################################
-case "$(facter operatingsystem)" in
- Ubuntu)
- apt-get update
- ;;
- *)
- # Do nothing on other distros for now
- ;;
-esac
-
+# set hostname
IPADDR=$(facter ipaddress)
HOSTNAME=$(facter hostname)
FQDN=$(facter fqdn)
echo "${IPADDR} ${HOSTNAME} ${FQDN}" >> /etc/hosts
-#Increase limits
+# Increase limits
cat <<EOF > /etc/security/limits.d/jenkins.conf
jenkins soft nofile 16000
jenkins hard nofile 16000
EOF
+# keepalive SSH sessions
cat <<EOSSH >> /etc/ssh/ssh_config
Host *
ServerAliveInterval 60
-
-# we don't want to do SSH host key checking on spin-up systems
-Host 10.30.122.*
- StrictHostKeyChecking no
- UserKnownHostsFile /dev/null
EOSSH
+# create host-wide known hosts file
cat <<EOKNOWN > /etc/ssh/ssh_known_hosts
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+[gerrit.opencord.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCceEPwEJ5m5tbiL/AB5mY8DfT9UuXsc0l5N4AMxI89g7Vnyb9XOnxubJo2ZmIwDKI6LM5uRCgfIAKmbNNfqA1CL3e/7XKvQ69rrjnM+5swXAvD4ElYppyyU0V9EufuH2AD7zh0VdzqE25TF4nm6A/2neCqcWI7paa8c2h3YbzvHw==
+[gerrit.onosproject.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgqAmRpkpZoq8Efz4sslaQYnoNCOlPy7nS/72FkvWP06WbPUsutJznSw4moKTZcxHJADW5eanBHxJ3nI8jo/bXC0qHZfzXVeDCklR/Shq8pY3B7I+WLufq4OKEuYim/ahrAYUvSYyBnnz3fLc+DLLiBhL4BBqpd9ocJd/3HZv4wRAWYmfKMKzjF84u6rehe8ZDUoNICsA/K6Wy1bYQnyJOXVBYdxSkdUc6Er1NDu6W/ijZbcpEt+Y4sYoChxKAtsqcFkjaKFgJbotDGVLnWzZTu08PGtZTE+0UyIozSQvsy/7bGSrA7t0am2IRXz0fFNCq/qOWfkwVbt8hRbEIUk/5
+[gerrit.onosproject.org]:29418 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMBzs9fkmwgIqvYavMlIFz95RzDoSBQxHIeBj2BuDz0HLz2qrW2Q2Rksq4OwsAuSjRto3+9/BgIKv1ONnh21KMM=
+[gerrit.onosproject.org]:29418 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkIOHzFGowb9yL7FcWD73YF/xDUQ23/As/HAP3flf/L
EOKNOWN
-# vim: sw=2 ts=2 sts=2 et :
diff --git a/jenkins-scripts/create_jenkins_user.sh b/jenkins-scripts/create_jenkins_user.sh
index 86a5c92..e69bbee 100755
--- a/jenkins-scripts/create_jenkins_user.sh
+++ b/jenkins-scripts/create_jenkins_user.sh
@@ -33,9 +33,15 @@
usermod -a -G mock jenkins
fi
+# create SSH config
mkdir /home/jenkins/.ssh
-mkdir /w
cp -r /home/${OS}/.ssh/authorized_keys /home/jenkins/.ssh/authorized_keys
+
# Generate ssh key for use by Robot jobs
echo -e 'y\n' | ssh-keygen -N "" -f /home/jenkins/.ssh/id_rsa -t rsa
+
+# /w is used as the Jenkins "Remote FS root" in the config
+mkdir /w
+
+# Have jenkins user own the ssh and remote fs root
chown -R jenkins:jenkins /home/jenkins/.ssh /w
diff --git a/jenkins-scripts/jenkins-init-script.sh b/jenkins-scripts/jenkins-init-script.sh
index 67987b5..8adf422 100755
--- a/jenkins-scripts/jenkins-init-script.sh
+++ b/jenkins-scripts/jenkins-init-script.sh
@@ -13,10 +13,15 @@
cd /ci-management/jenkins-scripts
chmod +x ./*.sh
-./system_type.sh
+# create system type script and source it
+./system_type.sh
source /tmp/system_type.sh
+
+# run basic settings
./basic_settings.sh
+
+# run per system-type script, if it exists
if [ -f "${SYSTEM_TYPE}.sh" ]
then
./"${SYSTEM_TYPE}.sh"