API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 5th, 2019
206
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.35 KB | None | 0 0
raw download clone embed print report
  1. FROM ubuntu:xenial
  2.  
  3. ENV BX_VERSION 0.18.0
  4.  
  5. ENV KS_VERSION 0.3.95
  6. ENV CR_VERSION 0.1.395
  7. ENV CIS_VERSION 1.8.1
  8.  
  9. ENV GRADLE_VERSION 3.2.1
  10. ENV SONAR_SCANNER_VERSION 3.2.0.1227
  11.  
  12. ENV CALICOCTL_VERSION 3.1.1
  13. ENV HELM_VERSION 2.12.3
  14. ENV KUBECTL_VERSION 1.13.7
  15. ENV REDLI_VERSION 0.4.3
  16.  
  17. ENV GLIDE_VERSION 0.13.2
  18. ENV GO_VERSION 1.12.7
  19. ENV GOSEC_VERSION 2.0.0
  20.  
  21. ENV NODE_VERSION 8.16.0
  22. ENV JAVA_VERSION 8
  23.  
  24. ENV DOCKER_VERSION 18.03.0~ce-0~ubuntu
  25.  
  26. ENV NODE_URL https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-x64.tar.xz
  27.  
  28. ENV LANG en_US.UTF-8
  29. ENV LANGUAGE en_US:en
  30. ENV LC_ALL en_US.UTF-8
  31.  
  32. # 1. Make sure the package repository is up to date
  33. # 2. Install a basic SSH server and Java
  34. # 3. clean up after ourselves
  35. RUN echo "deb http://us.archive.ubuntu.com/ubuntu xenial main restricted universe multiverse" >> /etc/apt/sources.list \
  36. && echo "deb http://us.archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse" >> /etc/apt/sources.list \
  37. && echo "deb http://us.archive.ubuntu.com/ubuntu xenial-security main restricted universe multiverse" >> /etc/apt/sources.list \
  38. && echo "deb http://us.archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse" >> /etc/apt/sources.list \
  39. && echo 'Acquire::Check-Valid-Until "false";' >> /etc/apt/apt.conf && apt-get update || true \
  40. && apt-get -y upgrade \
  41. && apt-get install -y openssh-server \
  42. apt-transport-https \
  43. ca-certificates \
  44. curl \
  45. lxc \
  46. iptables \
  47. software-properties-common \
  48. && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 \
  49. && echo 'deb http://ftp.debian.org/debian wheezy-backports main' >> /etc/apt/sources.list \
  50. && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8B48AD6246925553 \
  51. && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7638D0442B90D010 \
  52. && apt-add-repository -y ppa:ansible/ansible \
  53. && sed -i 's|session required pam_loginuid.so|session optional pam_loginuid.so|g' /etc/pam.d/sshd \
  54. && mkdir -p /var/run/sshd \
  55. && apt-get clean \
  56. && apt-get autoclean \
  57. && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* \
  58. && cat /etc/apt/sources.list \
  59. && sed -i 's@deb http://ftp.debian.org/debian wheezy-backports main@@g' /etc/apt/sources.list \
  60. && echo "deb [check-valid-until=no] http://archive.debian.org/debian wheezy-backports main" >> /etc/apt/sources.list \
  61. && echo "deb [check-valid-until=no] http://archive.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
  62. && cat /etc/apt/sources.list \
  63. && add-apt-repository ppa:masterminds/glide \
  64. && apt-get -qq update \
  65. && apt-get -q -y install \
  66. build-essential \
  67. python \
  68. libssl1.0-dev \
  69. liblz4-dev \
  70. libpthread-stubs0-dev \
  71. libsasl2-dev \
  72. libsasl2-modules \
  73. bash \
  74. jq \
  75. make \
  76. git \
  77. sudo \
  78. unzip \
  79. wget \
  80. zip \
  81. && apt-get clean \
  82. && apt-get autoclean \
  83. && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* ~/.cache \
  84. && locale-gen en_US.UTF-8
  85.  
  86. # Standard SSH port
  87. EXPOSE 22
  88.  
  89. # place the docker daemon launcher in the container
  90. COPY wrapdocker /usr/local/bin/wrapdocker
  91.  
  92. # Docker
  93. VOLUME /var/lib/docker/
  94.  
  95. # Install Docker from Docker Inc. repositories.
  96. RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
  97. && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \
  98. && apt-get -qq update \
  99. && apt-get install -y -q \
  100. docker-ce=$DOCKER_VERSION \
  101. && apt-get clean && apt-get autoclean \
  102. && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* ~/.cache \
  103. #
  104. # Install node, npm
  105. #
  106. && curl -sSL $NODE_URL | tar -C /usr --strip-components=1 --wildcards -xJf- \*/bin \*/share \*/include \*/lib \
  107. && npm install -g npm \
  108. && rm -rf ~/.npm /tmp/npm-*
  109.  
  110. # Install npm modules
  111. COPY .npmrc /root/
  112.  
  113. RUN mkdir -p /opt/packages/gradle \
  114. && cd /opt/packages/gradle \
  115. && wget https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip \
  116. && unzip gradle-${GRADLE_VERSION}-bin.zip \
  117. && cd - \
  118. && echo "" >> /root/.profile \
  119. && echo "# Gradle installation" >> /root/.profile \
  120. && echo "GRADLE_HOME=/opt/packages/gradle/gradle-${GRADLE_VERSION}" >> /root/.profile \
  121. && ln -s /opt/packages/gradle/gradle-${GRADLE_VERSION}/bin/gradle /usr/bin/gradle \
  122. && chmod u+s /usr/bin/gradle \
  123. #
  124. # Install yq CLI
  125. #
  126. && curl -s -L https://github.com/mikefarah/yq/releases/download/2.4.0/yq_linux_amd64 -o /bin/yq \
  127. && chmod +x /bin/yq \
  128. #
  129. # Install IBM Cloud CLI
  130. #
  131. && wget https://public.dhe.ibm.com/cloud/bluemix/cli/bluemix-cli/${BX_VERSION}/IBM_Cloud_CLI_${BX_VERSION}_amd64.tar.gz \
  132. && tar -xvf IBM_Cloud_CLI_${BX_VERSION}_amd64.tar.gz \
  133. && cd Bluemix_CLI \
  134. && sudo ./install_bluemix_cli \
  135. && rm -f IBM_Cloud_CLI_${BX_VERSION}_amd64.tar.gz \
  136. && bx config --check-version false \
  137. #
  138. # Install kubectl
  139. #
  140. && wget http://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl \
  141. && mkdir -p /opt/kubectl \
  142. && mv kubectl /opt/kubectl \
  143. && chmod -R 777 /opt/kubectl \
  144. && ln -s /opt/kubectl/kubectl /usr/local/bin \
  145. #
  146. # Install helm
  147. #
  148. && wget https://kubernetes-helm.storage.googleapis.com/helm-v${HELM_VERSION}-linux-amd64.tar.gz \
  149. && mkdir -p /opt/helm \
  150. && tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz -C /opt/helm \
  151. && chmod -R 777 /opt/helm \
  152. && ln -s /opt/helm/linux-amd64/helm /usr/local/bin \
  153. && rm -rf helm-v${HELM_VERSION}-linux-amd64.tar.gz \
  154. #
  155. # Install calicoctl
  156. #
  157. && wget https://github.com/projectcalico/calicoctl/releases/download/v${CALICOCTL_VERSION}/calicoctl-linux-amd64 \
  158. && mkdir -p /opt/calico \
  159. && mv calicoctl-linux-amd64 /opt/calico/calicoctl \
  160. && chmod 777 /opt/calico/calicoctl \
  161. && ln -s /opt/calico/calicoctl /usr/local/bin \
  162. #
  163. # Install sonar scanner
  164. #
  165. && wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip \
  166. && unzip sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip -d /opt \
  167. && ln -s /opt/sonar-scanner-${SONAR_SCANNER_VERSION}-linux/bin/sonar-scanner /usr/local/bin/sonar-scanner \
  168. && rm -rf sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip
  169.  
  170. RUN locale-gen en_US.UTF-8
  171. ENV LANG en_US.UTF-8
  172. ENV LANGUAGE en_US:en
  173. ENV LC_ALL en_US.UTF-8
  174.  
  175. ENV GOROOT /usr/local/go
  176. ENV GOPATH $HOME/go
  177. ENV PATH $PATH:$GOROOT/bin:$GOPATH/bin
  178.  
  179. # Install golang
  180. RUN wget https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz \
  181. && tar -xf go${GO_VERSION}.linux-amd64.tar.gz \
  182. && mv go /usr/local \
  183. && ln -s /usr/local/go/bin/go /usr/local/bin/ \
  184. #
  185. # gosec
  186. #
  187. && wget -O /tmp/gosec_${GOSEC_VERSION}_linux_amd64.tar.gz https://github.com/securego/gosec/releases/download/${GOSEC_VERSION}/gosec_${GOSEC_VERSION}_linux_amd64.tar.gz \
  188. && tar xvfz /tmp/gosec_${GOSEC_VERSION}_linux_amd64.tar.gz -C /usr/local/bin \
  189. && chmod 777 /usr/local/bin/gosec \
  190. && rm -rf /tmp/gosec_${GOSEC_VERSION}_linux_amd64.tar.gz \
  191. #
  192. # Install IBM root and intermediate certificates
  193. && wget -O ibm-ca-certificates.deb http://ocdc.hursley.ibm.com/ocdc/ibm-ca-certificates.deb \
  194. && dpkg -i ibm-ca-certificates.deb \
  195. && rm ibm-ca-certificates.deb \
  196. #
  197. # Allow jenkins user to run docker and sudo
  198. #
  199. && useradd --shell /bin/bash --create-home --groups docker jenkins \
  200. && echo "jenkins:jenkinspass" | chpasswd \
  201. && echo "jenkins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
  202. && chmod u+s /usr/bin/sudo \
  203. && echo "GRADLE_HOME=/opt/packages/gradle/gradle-${GRADLE_VERSION}" >> /home/jenkins/.profile \
  204. && echo "GOROOT=/usr/local/go" >> /home/jenkins/.profile \
  205. && echo "GOPATH=$HOME/go" >> /home/jenkins/.profile \
  206. && echo "PATH=$PATH:$GOROOT/bin:$GOPATH/bin" >> /home/jenkins/.profile \
  207. && ln -sf /bin/bash /bin/sh \
  208. #
  209. # Adjust Java security policy
  210. #
  211. && sed -i 's/jdk.tls.disabledAlgorithms=/jdk.tls.disabledAlgorithms=SSLv2Hello, DES40_CBC, RC4_40, SSLv2, TLSv1, TLSv1.1, /g' /etc/java-8-openjdk/security/java.security
  212.  
  213. USER jenkins
  214.  
  215. RUN mkdir -p /home/jenkins/.ssh \
  216. && mkdir -p /home/jenkins/.m2 \
  217. && chmod -R 777 /home/jenkins/.m2 \
  218. && git config --global user.email "ulbricht@us.ibm.com" \
  219. && git config --global user.name "Brent Ulbricht" \
  220. #
  221. # container service plugin
  222. #
  223. && wget -O /tmp/container-service-linux-amd64-${KS_VERSION} https://public.dhe.ibm.com/cloud/bluemix/cli/bluemix-plugins/container-service/${KS_VERSION}/container-service-linux-amd64-${KS_VERSION} \
  224. && bluemix plugin install /tmp/container-service-linux-amd64-${KS_VERSION} \
  225. && rm -rf /tmp/container-service-linux-amd64-${KS_VERSION} \
  226. #
  227. # container registry plugin
  228. #
  229. && wget -O /tmp/container-registry-linux-amd64-${CR_VERSION} https://plugins.ng.bluemix.net/downloads/bluemix-plugins/container-registry/${CR_VERSION}/container-registry-linux-amd64-${CR_VERSION} \
  230. && bluemix plugin install /tmp/container-registry-linux-amd64-${CR_VERSION} \
  231. && rm -rf /tmp/container-registry-linux-amd64-${CR_VERSION} \
  232. #
  233. # cloud internet service plugin
  234. #
  235. && wget -O /tmp/cloud-internet-services-linux-amd64-${CIS_VERSION} https://public.dhe.ibm.com/cloud/bluemix/cli/bluemix-plugins/cloud-internet-services/${CIS_VERSION}/cloud-internet-services-linux-amd64-${CIS_VERSION} \
  236. && bluemix plugin install /tmp/cloud-internet-services-linux-amd64-${CIS_VERSION} \
  237. && rm -rf /tmp/cloud-internet-services-linux-amd64-${CIS_VERSION}
  238.  
  239. ADD caches.tgz /home/jenkins
  240. COPY settings.xml /home/jenkins/.m2/
  241. COPY .npmrc /home/jenkins/
  242. COPY config /home/jenkins/.ssh
  243. COPY sa_*.xml /home/jenkins/
  244.  
  245. USER root
  246.  
  247. # Use tini as reaper in Docker container to adopt zombie processes
  248. # See https://github.com/krallin/tini for more details
  249. # Current version: 0.9.0
  250. COPY tini-static /bin/tini
  251. ENTRYPOINT ["/bin/tini", "--"]
  252.  
  253. # Add customized slave setup code
  254. COPY setup_slave.sh /var/lib/jenkins_slave/
  255. WORKDIR /var/lib/jenkins_slave
  256.  
  257. #Execute wrapper script
  258. CMD ["./setup_slave.sh"]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!