Cleanup of jenkins init scripts run on EC2 VMs

- Add SSH known_hosts for gerrit instances
- Don't run apt-get update as jenkins doesn't run as root or have
  sudo rights to add/update packages.
- Cleanup and commenting of what each section does

Change-Id: I89571bb988a211b226c0b8568b3c1f8ad7226340
diff --git a/jenkins-scripts/README b/jenkins-scripts/README
index 63a49a6..0c74035 100644
--- a/jenkins-scripts/README
+++ b/jenkins-scripts/README
@@ -1,8 +1,23 @@
-The scripts in this directory are used by the Jenkins spin-up component
-for dynamic minions.
+These scripts are run at boot time of a VM to configure it as a Jenkins minion.
 
-The spinup script will be as follows (${system_type} will be replaced
-with the appropriate system_type script)
+See the upstream LF project for where they originated:
 
-git clone https://github.com/edgexfoundry/ci-management.git /ci-management
-/ci-management/jenkins-scripts/jenkins-init-script.sh
+  https://gerrit.linuxfoundation.org/infra/gitweb?p=releng/global-jjb.git;a=tree;f=jenkins-init-scripts;hb=HEAD
+
+Our versions differ from LF's in a number of ways:
+
+- More secure SSH defaults
+- Omit unneeded portions of the scripts
+
+On bootstrap a script is provided as EC2 User Data that will pull down this
+repo and run the init script. It should look like:
+
+  #!/bin/bash
+
+  # Clone the management repo
+  git clone https://gerrit.opencord.org/ci-management.git /ci-management
+  /ci-management/jenkins-scripts/jenkins-init-script.sh
+
+  # clean-up from the init run
+  rm -rf /ci-management
+
diff --git a/jenkins-scripts/basic_settings.sh b/jenkins-scripts/basic_settings.sh
index bf0eea0..47a3f4c 100755
--- a/jenkins-scripts/basic_settings.sh
+++ b/jenkins-scripts/basic_settings.sh
@@ -9,39 +9,31 @@
 # http://www.eclipse.org/legal/epl-v10.html
 ##############################################################################
 
-case "$(facter operatingsystem)" in
-  Ubuntu)
-    apt-get update
-    ;;
-  *)
-    # Do nothing on other distros for now
-    ;;
-esac
-
+# set hostname
 IPADDR=$(facter ipaddress)
 HOSTNAME=$(facter hostname)
 FQDN=$(facter fqdn)
 
 echo "${IPADDR} ${HOSTNAME} ${FQDN}" >> /etc/hosts
 
-#Increase limits
+# Increase limits
 cat <<EOF > /etc/security/limits.d/jenkins.conf
 jenkins         soft    nofile          16000
 jenkins         hard    nofile          16000
 EOF
 
+# keepalive SSH sessions
 cat <<EOSSH >> /etc/ssh/ssh_config
 Host *
   ServerAliveInterval 60
-
-# we don't want to do SSH host key checking on spin-up systems
-Host 10.30.122.*
-  StrictHostKeyChecking no
-  UserKnownHostsFile /dev/null
 EOSSH
 
+# create host-wide known hosts file
 cat <<EOKNOWN >  /etc/ssh/ssh_known_hosts
 github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
+[gerrit.opencord.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCceEPwEJ5m5tbiL/AB5mY8DfT9UuXsc0l5N4AMxI89g7Vnyb9XOnxubJo2ZmIwDKI6LM5uRCgfIAKmbNNfqA1CL3e/7XKvQ69rrjnM+5swXAvD4ElYppyyU0V9EufuH2AD7zh0VdzqE25TF4nm6A/2neCqcWI7paa8c2h3YbzvHw==
+[gerrit.onosproject.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgqAmRpkpZoq8Efz4sslaQYnoNCOlPy7nS/72FkvWP06WbPUsutJznSw4moKTZcxHJADW5eanBHxJ3nI8jo/bXC0qHZfzXVeDCklR/Shq8pY3B7I+WLufq4OKEuYim/ahrAYUvSYyBnnz3fLc+DLLiBhL4BBqpd9ocJd/3HZv4wRAWYmfKMKzjF84u6rehe8ZDUoNICsA/K6Wy1bYQnyJOXVBYdxSkdUc6Er1NDu6W/ijZbcpEt+Y4sYoChxKAtsqcFkjaKFgJbotDGVLnWzZTu08PGtZTE+0UyIozSQvsy/7bGSrA7t0am2IRXz0fFNCq/qOWfkwVbt8hRbEIUk/5
+[gerrit.onosproject.org]:29418 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMBzs9fkmwgIqvYavMlIFz95RzDoSBQxHIeBj2BuDz0HLz2qrW2Q2Rksq4OwsAuSjRto3+9/BgIKv1ONnh21KMM=
+[gerrit.onosproject.org]:29418 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkIOHzFGowb9yL7FcWD73YF/xDUQ23/As/HAP3flf/L
 EOKNOWN
 
-# vim: sw=2 ts=2 sts=2 et :
diff --git a/jenkins-scripts/create_jenkins_user.sh b/jenkins-scripts/create_jenkins_user.sh
index 86a5c92..becdfd6 100755
--- a/jenkins-scripts/create_jenkins_user.sh
+++ b/jenkins-scripts/create_jenkins_user.sh
@@ -34,8 +34,8 @@
 fi
 
 mkdir /home/jenkins/.ssh
-mkdir /w
 cp -r /home/${OS}/.ssh/authorized_keys /home/jenkins/.ssh/authorized_keys
+
 # Generate ssh key for use by Robot jobs
 echo -e 'y\n' | ssh-keygen -N "" -f /home/jenkins/.ssh/id_rsa -t rsa
 chown -R jenkins:jenkins /home/jenkins/.ssh /w
diff --git a/jenkins-scripts/jenkins-init-script.sh b/jenkins-scripts/jenkins-init-script.sh
index 67987b5..8adf422 100755
--- a/jenkins-scripts/jenkins-init-script.sh
+++ b/jenkins-scripts/jenkins-init-script.sh
@@ -13,10 +13,15 @@
 
 cd /ci-management/jenkins-scripts
 chmod +x ./*.sh
-./system_type.sh
 
+# create system type script and source it
+./system_type.sh
 source /tmp/system_type.sh
+
+# run basic settings
 ./basic_settings.sh
+
+# run per system-type script, if it exists
 if [ -f "${SYSTEM_TYPE}.sh" ]
 then
     ./"${SYSTEM_TYPE}.sh"