2021-10-19 19:39:55 +00:00
|
|
|
#!/usr/bin/env bash
|
2023-05-31 15:12:49 +00:00
|
|
|
# The script is downloaded the AWS image builder Task Orchestrator and Executor (AWSTOE)
|
|
|
|
# We can't use `user data script` because cloud-init does not check the exit code
|
2023-06-01 10:58:03 +00:00
|
|
|
# The script is downloaded in the component named ci-infrastructure-prepare in us-east-1
|
|
|
|
# The link there must be adjusted to a particular RAW link, e.g.
|
|
|
|
# https://github.com/ClickHouse/ClickHouse/raw/653da5f00219c088af66d97a8f1ea3e35e798268/tests/ci/worker/prepare-ci-ami.sh
|
|
|
|
|
2021-12-15 10:10:47 +00:00
|
|
|
set -xeuo pipefail
|
2021-10-19 19:39:55 +00:00
|
|
|
|
|
|
|
echo "Running prepare script"
|
|
|
|
export DEBIAN_FRONTEND=noninteractive
|
2023-11-08 12:14:05 +00:00
|
|
|
export RUNNER_VERSION=2.311.0
|
2021-10-19 19:39:55 +00:00
|
|
|
export RUNNER_HOME=/home/ubuntu/actions-runner
|
|
|
|
|
2021-12-15 10:10:47 +00:00
|
|
|
deb_arch() {
|
|
|
|
case $(uname -m) in
|
|
|
|
x86_64 )
|
|
|
|
echo amd64;;
|
|
|
|
aarch64 )
|
|
|
|
echo arm64;;
|
|
|
|
esac
|
|
|
|
}
|
|
|
|
|
|
|
|
runner_arch() {
|
|
|
|
case $(uname -m) in
|
|
|
|
x86_64 )
|
|
|
|
echo x64;;
|
|
|
|
aarch64 )
|
|
|
|
echo arm64;;
|
|
|
|
esac
|
|
|
|
}
|
|
|
|
|
2022-09-28 12:24:45 +00:00
|
|
|
# We have test for cgroups, and it's broken with cgroups v2
|
|
|
|
# Ubuntu 22.04 has it enabled by default
|
|
|
|
sed -r '/GRUB_CMDLINE_LINUX=/ s/"(.*)"/"\1 systemd.unified_cgroup_hierarchy=0"/' -i /etc/default/grub
|
|
|
|
update-grub
|
|
|
|
|
2021-10-19 19:39:55 +00:00
|
|
|
apt-get update
|
|
|
|
|
|
|
|
apt-get install --yes --no-install-recommends \
|
|
|
|
apt-transport-https \
|
2022-10-05 09:47:30 +00:00
|
|
|
at \
|
2022-06-20 13:31:20 +00:00
|
|
|
atop \
|
2021-12-23 10:22:08 +00:00
|
|
|
binfmt-support \
|
2021-12-15 10:10:47 +00:00
|
|
|
build-essential \
|
2021-10-19 19:39:55 +00:00
|
|
|
ca-certificates \
|
|
|
|
curl \
|
|
|
|
gnupg \
|
2021-12-15 10:10:47 +00:00
|
|
|
jq \
|
2021-10-19 19:39:55 +00:00
|
|
|
lsb-release \
|
2021-12-15 10:10:47 +00:00
|
|
|
pigz \
|
2023-01-01 20:17:43 +00:00
|
|
|
ripgrep \
|
|
|
|
zstd \
|
2021-12-15 10:10:47 +00:00
|
|
|
python3-dev \
|
2021-10-19 19:39:55 +00:00
|
|
|
python3-pip \
|
2021-12-23 10:22:08 +00:00
|
|
|
qemu-user-static \
|
2021-10-19 19:39:55 +00:00
|
|
|
unzip
|
|
|
|
|
2023-11-08 12:14:46 +00:00
|
|
|
# Install docker
|
2021-10-19 19:39:55 +00:00
|
|
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
|
|
|
|
2021-12-15 10:10:47 +00:00
|
|
|
echo "deb [arch=$(deb_arch) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
|
2021-10-19 19:39:55 +00:00
|
|
|
|
|
|
|
apt-get update
|
2023-05-30 22:22:12 +00:00
|
|
|
apt-get install --yes --no-install-recommends docker-ce docker-buildx-plugin docker-ce-cli containerd.io
|
2021-10-19 19:39:55 +00:00
|
|
|
|
|
|
|
usermod -aG docker ubuntu
|
|
|
|
|
2021-10-22 12:23:41 +00:00
|
|
|
# enable ipv6 in containers (fixed-cidr-v6 is some random network mask)
|
|
|
|
cat <<EOT > /etc/docker/daemon.json
|
|
|
|
{
|
|
|
|
"ipv6": true,
|
2021-12-17 10:20:48 +00:00
|
|
|
"fixed-cidr-v6": "2001:db8:1::/64",
|
2022-06-27 12:44:59 +00:00
|
|
|
"log-driver": "json-file",
|
|
|
|
"log-opts": {
|
|
|
|
"max-file": "5",
|
|
|
|
"max-size": "1000m"
|
|
|
|
},
|
2021-12-17 10:20:48 +00:00
|
|
|
"insecure-registries" : ["dockerhub-proxy.dockerhub-proxy-zone:5000"],
|
|
|
|
"registry-mirrors" : ["http://dockerhub-proxy.dockerhub-proxy-zone:5000"]
|
2021-10-22 12:23:41 +00:00
|
|
|
}
|
|
|
|
EOT
|
|
|
|
|
2023-11-08 12:14:46 +00:00
|
|
|
# Install azure-cli
|
|
|
|
curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor -o /etc/apt/keyrings/microsoft.gpg
|
|
|
|
AZ_DIST=$(lsb_release -cs)
|
|
|
|
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/azure-cli/ $AZ_DIST main" | tee /etc/apt/sources.list.d/azure-cli.list
|
|
|
|
|
|
|
|
apt-get update
|
|
|
|
apt-get install --yes --no-install-recommends azure-cli
|
|
|
|
|
2023-03-02 17:13:30 +00:00
|
|
|
# Increase the limit on number of virtual memory mappings to aviod 'Cannot mmap' error
|
2023-03-02 17:19:19 +00:00
|
|
|
echo "vm.max_map_count = 2097152" > /etc/sysctl.d/01-increase-map-counts.conf
|
2023-03-02 17:13:30 +00:00
|
|
|
|
2021-10-22 12:23:41 +00:00
|
|
|
systemctl restart docker
|
|
|
|
|
2021-12-23 10:22:08 +00:00
|
|
|
# buildx builder is user-specific
|
|
|
|
sudo -u ubuntu docker buildx version
|
2023-11-08 13:02:28 +00:00
|
|
|
sudo -u ubuntu docker buildx rm default-builder || : # if it's the second attempt
|
2021-12-23 10:22:08 +00:00
|
|
|
sudo -u ubuntu docker buildx create --use --name default-builder
|
|
|
|
|
2023-10-16 15:00:13 +00:00
|
|
|
pip install boto3 pygithub requests urllib3 unidiff dohq-artifactory
|
2021-10-19 19:39:55 +00:00
|
|
|
|
2023-11-08 13:02:28 +00:00
|
|
|
rm -rf $RUNNER_HOME # if it's the second attempt
|
2021-10-19 19:39:55 +00:00
|
|
|
mkdir -p $RUNNER_HOME && cd $RUNNER_HOME
|
|
|
|
|
2021-12-15 10:10:47 +00:00
|
|
|
RUNNER_ARCHIVE="actions-runner-linux-$(runner_arch)-$RUNNER_VERSION.tar.gz"
|
2021-10-19 19:39:55 +00:00
|
|
|
|
2021-12-15 10:10:47 +00:00
|
|
|
curl -O -L "https://github.com/actions/runner/releases/download/v$RUNNER_VERSION/$RUNNER_ARCHIVE"
|
|
|
|
|
|
|
|
tar xzf "./$RUNNER_ARCHIVE"
|
|
|
|
rm -f "./$RUNNER_ARCHIVE"
|
2021-10-19 19:39:55 +00:00
|
|
|
./bin/installdependencies.sh
|
|
|
|
|
|
|
|
chown -R ubuntu:ubuntu $RUNNER_HOME
|
|
|
|
|
|
|
|
cd /home/ubuntu
|
2021-12-15 10:10:47 +00:00
|
|
|
curl "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip" -o "awscliv2.zip"
|
2023-05-31 16:23:21 +00:00
|
|
|
unzip -q awscliv2.zip
|
2021-10-19 19:39:55 +00:00
|
|
|
./aws/install
|
|
|
|
|
|
|
|
rm -rf /home/ubuntu/awscliv2.zip /home/ubuntu/aws
|
2021-12-15 10:10:47 +00:00
|
|
|
|
|
|
|
# SSH keys of core team
|
|
|
|
mkdir -p /home/ubuntu/.ssh
|
|
|
|
|
|
|
|
# ~/.ssh/authorized_keys is cleaned out, so we use deprecated but working ~/.ssh/authorized_keys2
|
2022-06-27 12:45:50 +00:00
|
|
|
TEAM_KEYS_URL=$(aws ssm get-parameter --region us-east-1 --name team-keys-url --query 'Parameter.Value' --output=text)
|
|
|
|
curl "${TEAM_KEYS_URL}" > /home/ubuntu/.ssh/authorized_keys2
|
2021-12-15 10:10:47 +00:00
|
|
|
chown ubuntu: /home/ubuntu/.ssh -R
|
|
|
|
chmod 0700 /home/ubuntu/.ssh
|
2022-06-20 13:31:20 +00:00
|
|
|
|
|
|
|
# Download cloudwatch agent and install config for it
|
|
|
|
wget --directory-prefix=/tmp https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/"$(deb_arch)"/latest/amazon-cloudwatch-agent.deb{,.sig}
|
|
|
|
gpg --recv-key --keyserver keyserver.ubuntu.com D58167303B789C72
|
|
|
|
gpg --verify /tmp/amazon-cloudwatch-agent.deb.sig
|
|
|
|
dpkg -i /tmp/amazon-cloudwatch-agent.deb
|
|
|
|
aws ssm get-parameter --region us-east-1 --name AmazonCloudWatch-github-runners --query 'Parameter.Value' --output text > /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json
|
|
|
|
systemctl enable amazon-cloudwatch-agent.service
|
2023-05-31 15:12:49 +00:00
|
|
|
|
|
|
|
# The following line is used in aws TOE check.
|
|
|
|
touch /var/tmp/clickhouse-ci-ami.success
|
2023-11-08 13:02:28 +00:00
|
|
|
# END OF THE SCRIPT
|
|
|
|
|
|
|
|
# TOE description
|
|
|
|
# name: CIInfrastructurePrepare
|
|
|
|
# description: instals the infrastructure for ClickHouse CI runners
|
|
|
|
# schemaVersion: 1.0
|
|
|
|
#
|
|
|
|
# phases:
|
|
|
|
# - name: build
|
|
|
|
# steps:
|
|
|
|
# - name: DownloadRemoteScript
|
|
|
|
# maxAttempts: 3
|
|
|
|
# action: WebDownload
|
|
|
|
# onFailure: Abort
|
|
|
|
# inputs:
|
|
|
|
# - source: https://github.com/ClickHouse/ClickHouse/raw/653da5f00219c088af66d97a8f1ea3e35e798268/tests/ci/worker/prepare-ci-ami.sh
|
|
|
|
# destination: /tmp/prepare-ci-ami.sh
|
|
|
|
# - name: RunScript
|
|
|
|
# maxAttempts: 3
|
|
|
|
# action: ExecuteBash
|
|
|
|
# onFailure: Abort
|
|
|
|
# inputs:
|
|
|
|
# commands:
|
|
|
|
# - bash -x '{{build.DownloadRemoteScript.inputs[0].destination}}'
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# - name: validate
|
|
|
|
# steps:
|
|
|
|
# - name: RunScript
|
|
|
|
# maxAttempts: 3
|
|
|
|
# action: ExecuteBash
|
|
|
|
# onFailure: Abort
|
|
|
|
# inputs:
|
|
|
|
# commands:
|
|
|
|
# - ls /var/tmp/clickhouse-ci-ami.success
|
|
|
|
# - name: Cleanup
|
|
|
|
# action: DeleteFile
|
|
|
|
# onFailure: Abort
|
|
|
|
# maxAttempts: 3
|
|
|
|
# inputs:
|
|
|
|
# - path: /var/tmp/clickhouse-ci-ami.success
|