buildkite/startup-ubuntu.sh - continuous-integration - Git at Google

 #!/bin/bash
 #
 # Copyright 2017 The Bazel Authors. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.

 set -euxo pipefail

 # Set the image version on the current instance labels.
 # TODO(philwo) we would have to grant setMetadata permission to the service account,
 # but we can't restrict this to specific instances...
 # INSTANCE_NAME=$(curl -s "http://metadata.google.internal/computeMetadata/v1/instance/name" -H "Metadata-Flavor: Google")
 # INSTANCE_ZONE=$(curl -s "http://metadata.google.internal/computeMetadata/v1/instance/zone" -H "Metadata-Flavor: Google")
 # IMAGE_VERSION=$(</etc/image-version)

 # If available: Use a persistent disk as a use-case specific data volume.
 if [[ -e /dev/sdb ]]; then
   if [[ ! -e /dev/vg0 ]]; then
     pvcreate /dev/sdb
     vgcreate vg0 /dev/sdb
   fi

   if [[ $(hostname) == *testing* ]]; then
     # On "testing" machines, we create big /var/lib/docker and /home directories so that everyone
     # has enough space to try out stuff.
     if [[ ! -e /dev/vg0/docker ]]; then
       lvcreate -n docker -l25%FREE vg0
       mkfs.ext4 /dev/vg0/docker
     fi
     mount /dev/vg0/docker /var/lib/docker
     chmod 0711 /var/lib/docker

     if [[ ! -e /dev/vg0/home ]]; then
       lvcreate -n home -l100%FREE vg0
       mkfs.ext4 /dev/vg0/home
     fi
     mkdir /tmp/home
     rsync -a /home/ /tmp/home/
     mount /dev/vg0/home /home
     rsync -a /tmp/home/ /home/
     rm -rf /tmp/home
   elif [[ $(hostname) == *pipeline* ]]; then
     # On "pipeline" machines, we create a big /var/lib/buildkite-agent directory, because these
     # machines check out a lot of different Git repositories.
     if [[ ! -e /dev/vg0/buildkite-agent ]]; then
       lvcreate -n buildkite-agent -l100%FREE vg0
       mkfs.ext4 /dev/vg0/buildkite-agent
     fi
     mount /dev/vg0/buildkite-agent /var/lib/buildkite-agent
     chown -R buildkite-agent:buildkite-agent /var/lib/buildkite-agent
   fi
 fi

 # If available: Use the local SSD as swap space.
 if [[ -e /dev/nvme0n1 ]]; then
   mkswap -f /dev/nvme0n1
   swapon /dev/nvme0n1

   # Move fast and lose data.
   mount -t tmpfs -o mode=1777,uid=root,gid=root,size=$((100 * 1024 * 1024 * 1024)) tmpfs /tmp
   mount -t tmpfs -o mode=0711,uid=root,gid=root,size=$((100 * 1024 * 1024 * 1024)) tmpfs /var/lib/docker
   mount -t tmpfs -o mode=0755,uid=buildkite-agent,gid=buildkite-agent,size=$((100 * 1024 * 1024 * 1024)) tmpfs /var/lib/buildkite-agent
 fi

 # Start Docker if it's installed.
 if [[ $(docker --version 2>/dev/null) ]]; then
   if [[ $(systemctl --version 2>/dev/null) ]]; then
     systemctl start docker
   else
     service docker start
   fi
 fi

 # Only start the Buildkite Agent if this is a worker node (as opposed to a VM
 # being used by someone for testing / development).
 if [[ $(hostname) == buildkite* ]]; then
   # Get the Buildkite Token from GCS and decrypt it using KMS.
   BUILDKITE_TOKEN=$(gsutil cat "gs://bazel-encrypted-secrets/buildkite-agent-token.enc" | \
     gcloud kms decrypt --location global --keyring buildkite --key buildkite-agent-token --ciphertext-file - --plaintext-file -)

   # Insert the Buildkite Token into the agent configuration.
   sed -i "s/token=\"xxx\"/token=\"${BUILDKITE_TOKEN}\"/" /etc/buildkite-agent/buildkite-agent.cfg

   # Fix permissions of the Buildkite agent configuration files and hooks.
   chmod 0400 /etc/buildkite-agent/buildkite-agent.cfg
   chmod 0500 /etc/buildkite-agent/hooks/*
   chown -R buildkite-agent:buildkite-agent /etc/buildkite-agent

   # Start the Buildkite agent service.
   if [[ $(hostname) == *pipeline* ]]; then
     # Start 8 instances of the Buildkite agent.
     for i in $(seq 8); do
       systemctl start buildkite-agent@$i
     done
   elif [[ -e /bin/systemctl ]]; then
     systemctl start buildkite-agent
   else
     service buildkite-agent start
   fi
 fi

 exit 0
	#!/bin/bash
	#
	# Copyright 2017 The Bazel Authors. All rights reserved.
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.

	set -euxo pipefail

	# Set the image version on the current instance labels.
	# TODO(philwo) we would have to grant setMetadata permission to the service account,
	# but we can't restrict this to specific instances...
	# INSTANCE_NAME=$(curl -s "http://metadata.google.internal/computeMetadata/v1/instance/name" -H "Metadata-Flavor: Google")
	# INSTANCE_ZONE=$(curl -s "http://metadata.google.internal/computeMetadata/v1/instance/zone" -H "Metadata-Flavor: Google")
	# IMAGE_VERSION=$(</etc/image-version)

	# If available: Use a persistent disk as a use-case specific data volume.
	if [[ -e /dev/sdb ]]; then
	if [[ ! -e /dev/vg0 ]]; then
	pvcreate /dev/sdb
	vgcreate vg0 /dev/sdb
	fi

	if [[ $(hostname) == testing ]]; then
	# On "testing" machines, we create big /var/lib/docker and /home directories so that everyone
	# has enough space to try out stuff.
	if [[ ! -e /dev/vg0/docker ]]; then
	lvcreate -n docker -l25%FREE vg0
	mkfs.ext4 /dev/vg0/docker
	fi
	mount /dev/vg0/docker /var/lib/docker
	chmod 0711 /var/lib/docker

	if [[ ! -e /dev/vg0/home ]]; then
	lvcreate -n home -l100%FREE vg0
	mkfs.ext4 /dev/vg0/home
	fi
	mkdir /tmp/home
	rsync -a /home/ /tmp/home/
	mount /dev/vg0/home /home
	rsync -a /tmp/home/ /home/
	rm -rf /tmp/home
	elif [[ $(hostname) == pipeline ]]; then
	# On "pipeline" machines, we create a big /var/lib/buildkite-agent directory, because these
	# machines check out a lot of different Git repositories.
	if [[ ! -e /dev/vg0/buildkite-agent ]]; then
	lvcreate -n buildkite-agent -l100%FREE vg0
	mkfs.ext4 /dev/vg0/buildkite-agent
	fi
	mount /dev/vg0/buildkite-agent /var/lib/buildkite-agent
	chown -R buildkite-agent:buildkite-agent /var/lib/buildkite-agent
	fi
	fi

	# If available: Use the local SSD as swap space.
	if [[ -e /dev/nvme0n1 ]]; then
	mkswap -f /dev/nvme0n1
	swapon /dev/nvme0n1

	# Move fast and lose data.
	mount -t tmpfs -o mode=1777,uid=root,gid=root,size=$((100 * 1024 * 1024 * 1024)) tmpfs /tmp
	mount -t tmpfs -o mode=0711,uid=root,gid=root,size=$((100 * 1024 * 1024 * 1024)) tmpfs /var/lib/docker
	mount -t tmpfs -o mode=0755,uid=buildkite-agent,gid=buildkite-agent,size=$((100 * 1024 * 1024 * 1024)) tmpfs /var/lib/buildkite-agent
	fi

	# Start Docker if it's installed.
	if [[ $(docker --version 2>/dev/null) ]]; then
	if [[ $(systemctl --version 2>/dev/null) ]]; then
	systemctl start docker
	else
	service docker start
	fi
	fi

	# Only start the Buildkite Agent if this is a worker node (as opposed to a VM
	# being used by someone for testing / development).
	if [[ $(hostname) == buildkite* ]]; then
	# Get the Buildkite Token from GCS and decrypt it using KMS.
	BUILDKITE_TOKEN=$(gsutil cat "gs://bazel-encrypted-secrets/buildkite-agent-token.enc" \| \
	gcloud kms decrypt --location global --keyring buildkite --key buildkite-agent-token --ciphertext-file - --plaintext-file -)

	# Insert the Buildkite Token into the agent configuration.
	sed -i "s/token=\"xxx\"/token=\"${BUILDKITE_TOKEN}\"/" /etc/buildkite-agent/buildkite-agent.cfg

	# Fix permissions of the Buildkite agent configuration files and hooks.
	chmod 0400 /etc/buildkite-agent/buildkite-agent.cfg
	chmod 0500 /etc/buildkite-agent/hooks/*
	chown -R buildkite-agent:buildkite-agent /etc/buildkite-agent

	# Start the Buildkite agent service.
	if [[ $(hostname) == pipeline ]]; then
	# Start 8 instances of the Buildkite agent.
	for i in $(seq 8); do
	systemctl start buildkite-agent@$i
	done
	elif [[ -e /bin/systemctl ]]; then
	systemctl start buildkite-agent
	else
	service buildkite-agent start
	fi
	fi

	exit 0