Skip to content

Commit f02a3d7

Browse files
author
Makoto Mizukami
committed
Synchronize launch configuration for Nomad clients with enterprise-setup
1 parent 8a1750e commit f02a3d7

File tree

2 files changed

+35
-7
lines changed

2 files changed

+35
-7
lines changed

jekyll/_cci2/nomad-metrics.adoc

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,8 @@ export http_proxy=""
6868
export https_proxy=""
6969
export no_proxy=""
7070
export aws_instance_metadata_url="http://169.254.169.254"
71+
export PUBLIC_IP="$(curl $aws_instance_metadata_url/latest/meta-data/public-ipv4)"
72+
export PRIVATE_IP="$(curl $aws_instance_metadata_url/latest/meta-data/local-ipv4)"
7173
export DEBIAN_FRONTEND=noninteractive
7274
UNAME="$(uname -r)"
7375
export CONTAINER_NAME="nomad_metrics"
@@ -90,9 +92,11 @@ if [ -f /sys/hypervisor/uuid ] && [ `head -c 3 /sys/hypervisor/uuid` == ec2 ]; t
9092
cat <<EOT > /etc/ntp.conf
9193
driftfile /var/lib/ntp/ntp.drift
9294
disable monitor
95+
9396
restrict default ignore
9497
restrict 127.0.0.1 mask 255.0.0.0
9598
restrict 169.254.169.123 nomodify notrap
99+
96100
server 169.254.169.123 prefer iburst
97101
EOT
98102
else
@@ -109,7 +113,7 @@ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
109113
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
110114
apt-get install -y "linux-image-$UNAME"
111115
apt-get update
112-
apt-get -y install docker-ce=5:18.09.9~3-0~ubuntu-xenial --allow-downgrades
116+
apt-get -y install docker-ce=5:18.09.9~3-0~ubuntu-xenial
113117

114118
# force docker to use userns-remap to mitigate CVE 2019-5736
115119
apt-get -y install jq
@@ -125,6 +129,17 @@ sudo echo 'export no_proxy="${no_proxy}"' >> /etc/default/docker
125129
sudo service docker restart
126130
sleep 5
127131

132+
echo "--------------------------------------"
133+
echo " Populating /etc/circleci/public-ipv4"
134+
echo "--------------------------------------"
135+
if ! (echo $PUBLIC_IP | grep -qP "^[\d.]+$")
136+
then
137+
echo "Setting the IPv4 address below in /etc/circleci/public-ipv4."
138+
echo "This address will be used in builds with \"Rebuild with SSH\"."
139+
mkdir -p /etc/circleci
140+
echo $PRIVATE_IP | tee /etc/circleci/public-ipv4
141+
fi
142+
128143
echo "--------------------------------------"
129144
echo " Installing nomad"
130145
echo "--------------------------------------"
@@ -136,7 +151,6 @@ mv nomad /usr/bin
136151
echo "--------------------------------------"
137152
echo " Creating config.hcl"
138153
echo "--------------------------------------"
139-
export PRIVATE_IP="$(/sbin/ifconfig ens3 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')"
140154
export INSTANCE_ID="$(curl $aws_instance_metadata_url/latest/meta-data/instance-id)"
141155
mkdir -p /etc/nomad
142156
cat <<EOT > /etc/nomad/config.hcl

jekyll/_cci2/update-nomad-clients.adoc

Lines changed: 19 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,8 @@ export http_proxy=""
112112
export https_proxy=""
113113
export no_proxy=""
114114
export aws_instance_metadata_url="http://169.254.169.254"
115+
export PUBLIC_IP="$(curl $aws_instance_metadata_url/latest/meta-data/public-ipv4)"
116+
export PRIVATE_IP="$(curl $aws_instance_metadata_url/latest/meta-data/local-ipv4)"
115117
export DEBIAN_FRONTEND=noninteractive
116118
UNAME="$(uname -r)"
117119

@@ -130,9 +132,11 @@ if [ -f /sys/hypervisor/uuid ] && [ `head -c 3 /sys/hypervisor/uuid` == ec2 ]; t
130132
cat <<EOT > /etc/ntp.conf
131133
driftfile /var/lib/ntp/ntp.drift
132134
disable monitor
135+
133136
restrict default ignore
134137
restrict 127.0.0.1 mask 255.0.0.0
135138
restrict 169.254.169.123 nomodify notrap
139+
136140
server 169.254.169.123 prefer iburst
137141
EOT
138142
else
@@ -149,7 +153,7 @@ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
149153
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
150154
apt-get install -y "linux-image-$UNAME"
151155
apt-get update
152-
apt-get -y install docker-ce=5:18.09.9~3-0~ubuntu-xenial docker-ce-cli=5:18.09.9~3-0~ubuntu-xenial
156+
apt-get -y install docker-ce=5:18.09.9~3-0~ubuntu-xenial
153157

154158
# force docker to use userns-remap to mitigate CVE 2019-5736
155159
apt-get -y install jq
@@ -159,12 +163,23 @@ tmp=$(mktemp)
159163
cp /etc/docker/daemon.json /etc/docker/daemon.json.orig
160164
jq '.["userns-remap"]="default"' /etc/docker/daemon.json > "$tmp" && mv "$tmp" /etc/docker/daemon.json
161165

162-
sudo echo 'export http_proxy=""' >> /etc/default/docker
163-
sudo echo 'export https_proxy=""' >> /etc/default/docker
164-
sudo echo 'export no_proxy=""' >> /etc/default/docker
166+
sudo echo 'export http_proxy="${http_proxy}"' >> /etc/default/docker
167+
sudo echo 'export https_proxy="${https_proxy}"' >> /etc/default/docker
168+
sudo echo 'export no_proxy="${no_proxy}"' >> /etc/default/docker
165169
sudo service docker restart
166170
sleep 5
167171

172+
echo "--------------------------------------"
173+
echo " Populating /etc/circleci/public-ipv4"
174+
echo "--------------------------------------"
175+
if ! (echo $PUBLIC_IP | grep -qP "^[\d.]+$")
176+
then
177+
echo "Setting the IPv4 address below in /etc/circleci/public-ipv4."
178+
echo "This address will be used in builds with \"Rebuild with SSH\"."
179+
mkdir -p /etc/circleci
180+
echo $PRIVATE_IP | tee /etc/circleci/public-ipv4
181+
fi
182+
168183
echo "--------------------------------------"
169184
echo " Installing nomad"
170185
echo "--------------------------------------"
@@ -176,7 +191,6 @@ mv nomad /usr/bin
176191
echo "--------------------------------------"
177192
echo " Creating config.hcl"
178193
echo "--------------------------------------"
179-
export PRIVATE_IP="$(/sbin/ifconfig ens3 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')"
180194
export INSTANCE_ID="$(curl $aws_instance_metadata_url/latest/meta-data/instance-id)"
181195
mkdir -p /etc/nomad
182196
cat <<EOT > /etc/nomad/config.hcl

0 commit comments

Comments
 (0)