| #!/bin/bash |
| # |
| # Copyright 2017 The Bazel Authors. All rights reserved. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| set -euxo pipefail |
| |
| # Set the image version on the current instance labels. |
| # TODO(philwo) we would have to grant setMetadata permission to the service account, |
| # but we can't restrict this to specific instances... |
| # INSTANCE_NAME=$(curl -s "http://metadata.google.internal/computeMetadata/v1/instance/name" -H "Metadata-Flavor: Google") |
| # INSTANCE_ZONE=$(curl -s "http://metadata.google.internal/computeMetadata/v1/instance/zone" -H "Metadata-Flavor: Google") |
| # IMAGE_VERSION=$(</etc/image-version) |
| |
| # If available: Use a persistent disk as a use-case specific data volume. |
| if [[ -e /dev/sdb ]]; then |
| if [[ ! -e /dev/vg0 ]]; then |
| pvcreate /dev/sdb |
| vgcreate vg0 /dev/sdb |
| fi |
| |
| if [[ $(hostname) == *testing* ]]; then |
| # On "testing" machines, we create big /var/lib/docker and /home directories so that everyone |
| # has enough space to try out stuff. |
| if [[ ! -e /dev/vg0/docker ]]; then |
| lvcreate -n docker -l25%FREE vg0 |
| mkfs.ext4 /dev/vg0/docker |
| fi |
| mount /dev/vg0/docker /var/lib/docker |
| chmod 0711 /var/lib/docker |
| |
| if [[ ! -e /dev/vg0/home ]]; then |
| lvcreate -n home -l100%FREE vg0 |
| mkfs.ext4 /dev/vg0/home |
| fi |
| mkdir /tmp/home |
| rsync -a /home/ /tmp/home/ |
| mount /dev/vg0/home /home |
| rsync -a /tmp/home/ /home/ |
| rm -rf /tmp/home |
| elif [[ $(hostname) == *pipeline* ]]; then |
| # On "pipeline" machines, we create a big /var/lib/buildkite-agent directory, because these |
| # machines check out a lot of different Git repositories. |
| if [[ ! -e /dev/vg0/buildkite-agent ]]; then |
| lvcreate -n buildkite-agent -l100%FREE vg0 |
| mkfs.ext4 /dev/vg0/buildkite-agent |
| fi |
| mount /dev/vg0/buildkite-agent /var/lib/buildkite-agent |
| chown -R buildkite-agent:buildkite-agent /var/lib/buildkite-agent |
| fi |
| fi |
| |
| # If available: Use the local SSD as swap space. |
| if [[ -e /dev/nvme0n1 ]]; then |
| mkswap -f /dev/nvme0n1 |
| swapon /dev/nvme0n1 |
| |
| # Move fast and lose data. |
| mount -t tmpfs -o mode=1777,uid=root,gid=root,size=$((100 * 1024 * 1024 * 1024)) tmpfs /tmp |
| mount -t tmpfs -o mode=0711,uid=root,gid=root,size=$((100 * 1024 * 1024 * 1024)) tmpfs /var/lib/docker |
| mount -t tmpfs -o mode=0755,uid=buildkite-agent,gid=buildkite-agent,size=$((100 * 1024 * 1024 * 1024)) tmpfs /var/lib/buildkite-agent |
| fi |
| |
| # Start Docker if it's installed. |
| if [[ $(docker --version 2>/dev/null) ]]; then |
| if [[ $(systemctl --version 2>/dev/null) ]]; then |
| systemctl start docker |
| else |
| service docker start |
| fi |
| fi |
| |
| # Only start the Buildkite Agent if this is a worker node (as opposed to a VM |
| # being used by someone for testing / development). |
| if [[ $(hostname) == buildkite* ]]; then |
| # Get the Buildkite Token from GCS and decrypt it using KMS. |
| BUILDKITE_TOKEN=$(gsutil cat "gs://bazel-encrypted-secrets/buildkite-agent-token.enc" | \ |
| gcloud kms decrypt --location global --keyring buildkite --key buildkite-agent-token --ciphertext-file - --plaintext-file -) |
| |
| # Insert the Buildkite Token into the agent configuration. |
| sed -i "s/token=\"xxx\"/token=\"${BUILDKITE_TOKEN}\"/" /etc/buildkite-agent/buildkite-agent.cfg |
| |
| # Fix permissions of the Buildkite agent configuration files and hooks. |
| chmod 0400 /etc/buildkite-agent/buildkite-agent.cfg |
| chmod 0500 /etc/buildkite-agent/hooks/* |
| chown -R buildkite-agent:buildkite-agent /etc/buildkite-agent |
| |
| # Start the Buildkite agent service. |
| if [[ $(hostname) == *pipeline* ]]; then |
| # Start 8 instances of the Buildkite agent. |
| for i in $(seq 8); do |
| systemctl start buildkite-agent@$i |
| done |
| elif [[ -e /bin/systemctl ]]; then |
| systemctl start buildkite-agent |
| else |
| service buildkite-agent start |
| fi |
| fi |
| |
| exit 0 |