Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FROM ubuntu:xenial
- ENV BX_VERSION 0.18.0
- ENV KS_VERSION 0.3.95
- ENV CR_VERSION 0.1.395
- ENV CIS_VERSION 1.8.1
- ENV GRADLE_VERSION 3.2.1
- ENV SONAR_SCANNER_VERSION 3.2.0.1227
- ENV CALICOCTL_VERSION 3.1.1
- ENV HELM_VERSION 2.12.3
- ENV KUBECTL_VERSION 1.13.7
- ENV REDLI_VERSION 0.4.3
- ENV GLIDE_VERSION 0.13.2
- ENV GO_VERSION 1.12.7
- ENV GOSEC_VERSION 2.0.0
- ENV NODE_VERSION 8.16.0
- ENV JAVA_VERSION 8
- ENV DOCKER_VERSION 18.03.0~ce-0~ubuntu
- ENV NODE_URL https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-x64.tar.xz
- ENV LANG en_US.UTF-8
- ENV LANGUAGE en_US:en
- ENV LC_ALL en_US.UTF-8
- # 1. Make sure the package repository is up to date
- # 2. Install a basic SSH server and Java
- # 3. clean up after ourselves
- RUN echo "deb http://us.archive.ubuntu.com/ubuntu xenial main restricted universe multiverse" >> /etc/apt/sources.list \
- && echo "deb http://us.archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse" >> /etc/apt/sources.list \
- && echo "deb http://us.archive.ubuntu.com/ubuntu xenial-security main restricted universe multiverse" >> /etc/apt/sources.list \
- && echo "deb http://us.archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse" >> /etc/apt/sources.list \
- && echo 'Acquire::Check-Valid-Until "false";' >> /etc/apt/apt.conf && apt-get update || true \
- && apt-get -y upgrade \
- && apt-get install -y openssh-server \
- apt-transport-https \
- ca-certificates \
- curl \
- lxc \
- iptables \
- software-properties-common \
- && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 \
- && echo 'deb http://ftp.debian.org/debian wheezy-backports main' >> /etc/apt/sources.list \
- && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8B48AD6246925553 \
- && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7638D0442B90D010 \
- && apt-add-repository -y ppa:ansible/ansible \
- && sed -i 's|session required pam_loginuid.so|session optional pam_loginuid.so|g' /etc/pam.d/sshd \
- && mkdir -p /var/run/sshd \
- && apt-get clean \
- && apt-get autoclean \
- && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* \
- && cat /etc/apt/sources.list \
- && sed -i 's@deb http://ftp.debian.org/debian wheezy-backports main@@g' /etc/apt/sources.list \
- && echo "deb [check-valid-until=no] http://archive.debian.org/debian wheezy-backports main" >> /etc/apt/sources.list \
- && echo "deb [check-valid-until=no] http://archive.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
- && cat /etc/apt/sources.list \
- && add-apt-repository ppa:masterminds/glide \
- && apt-get -qq update \
- && apt-get -q -y install \
- build-essential \
- python \
- libssl1.0-dev \
- liblz4-dev \
- libpthread-stubs0-dev \
- libsasl2-dev \
- libsasl2-modules \
- bash \
- jq \
- make \
- git \
- sudo \
- unzip \
- wget \
- zip \
- && apt-get clean \
- && apt-get autoclean \
- && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* ~/.cache \
- && locale-gen en_US.UTF-8
- # Standard SSH port
- EXPOSE 22
- # place the docker daemon launcher in the container
- COPY wrapdocker /usr/local/bin/wrapdocker
- # Docker
- VOLUME /var/lib/docker/
- # Install Docker from Docker Inc. repositories.
- RUN add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
- && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \
- && apt-get -qq update \
- && apt-get install -y -q \
- docker-ce=$DOCKER_VERSION \
- && apt-get clean && apt-get autoclean \
- && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* ~/.cache \
- #
- # Install node, npm
- #
- && curl -sSL $NODE_URL | tar -C /usr --strip-components=1 --wildcards -xJf- \*/bin \*/share \*/include \*/lib \
- && npm install -g npm \
- && rm -rf ~/.npm /tmp/npm-*
- # Install npm modules
- COPY .npmrc /root/
- RUN mkdir -p /opt/packages/gradle \
- && cd /opt/packages/gradle \
- && wget https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip \
- && unzip gradle-${GRADLE_VERSION}-bin.zip \
- && cd - \
- && echo "" >> /root/.profile \
- && echo "# Gradle installation" >> /root/.profile \
- && echo "GRADLE_HOME=/opt/packages/gradle/gradle-${GRADLE_VERSION}" >> /root/.profile \
- && ln -s /opt/packages/gradle/gradle-${GRADLE_VERSION}/bin/gradle /usr/bin/gradle \
- && chmod u+s /usr/bin/gradle \
- #
- # Install yq CLI
- #
- && curl -s -L https://github.com/mikefarah/yq/releases/download/2.4.0/yq_linux_amd64 -o /bin/yq \
- && chmod +x /bin/yq \
- #
- # Install IBM Cloud CLI
- #
- && wget https://public.dhe.ibm.com/cloud/bluemix/cli/bluemix-cli/${BX_VERSION}/IBM_Cloud_CLI_${BX_VERSION}_amd64.tar.gz \
- && tar -xvf IBM_Cloud_CLI_${BX_VERSION}_amd64.tar.gz \
- && cd Bluemix_CLI \
- && sudo ./install_bluemix_cli \
- && rm -f IBM_Cloud_CLI_${BX_VERSION}_amd64.tar.gz \
- && bx config --check-version false \
- #
- # Install kubectl
- #
- && wget http://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl \
- && mkdir -p /opt/kubectl \
- && mv kubectl /opt/kubectl \
- && chmod -R 777 /opt/kubectl \
- && ln -s /opt/kubectl/kubectl /usr/local/bin \
- #
- # Install helm
- #
- && wget https://kubernetes-helm.storage.googleapis.com/helm-v${HELM_VERSION}-linux-amd64.tar.gz \
- && mkdir -p /opt/helm \
- && tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz -C /opt/helm \
- && chmod -R 777 /opt/helm \
- && ln -s /opt/helm/linux-amd64/helm /usr/local/bin \
- && rm -rf helm-v${HELM_VERSION}-linux-amd64.tar.gz \
- #
- # Install calicoctl
- #
- && wget https://github.com/projectcalico/calicoctl/releases/download/v${CALICOCTL_VERSION}/calicoctl-linux-amd64 \
- && mkdir -p /opt/calico \
- && mv calicoctl-linux-amd64 /opt/calico/calicoctl \
- && chmod 777 /opt/calico/calicoctl \
- && ln -s /opt/calico/calicoctl /usr/local/bin \
- #
- # Install sonar scanner
- #
- && wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip \
- && unzip sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip -d /opt \
- && ln -s /opt/sonar-scanner-${SONAR_SCANNER_VERSION}-linux/bin/sonar-scanner /usr/local/bin/sonar-scanner \
- && rm -rf sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip
- RUN locale-gen en_US.UTF-8
- ENV LANG en_US.UTF-8
- ENV LANGUAGE en_US:en
- ENV LC_ALL en_US.UTF-8
- ENV GOROOT /usr/local/go
- ENV GOPATH $HOME/go
- ENV PATH $PATH:$GOROOT/bin:$GOPATH/bin
- # Install golang
- RUN wget https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz \
- && tar -xf go${GO_VERSION}.linux-amd64.tar.gz \
- && mv go /usr/local \
- && ln -s /usr/local/go/bin/go /usr/local/bin/ \
- #
- # gosec
- #
- && wget -O /tmp/gosec_${GOSEC_VERSION}_linux_amd64.tar.gz https://github.com/securego/gosec/releases/download/${GOSEC_VERSION}/gosec_${GOSEC_VERSION}_linux_amd64.tar.gz \
- && tar xvfz /tmp/gosec_${GOSEC_VERSION}_linux_amd64.tar.gz -C /usr/local/bin \
- && chmod 777 /usr/local/bin/gosec \
- && rm -rf /tmp/gosec_${GOSEC_VERSION}_linux_amd64.tar.gz \
- #
- # Install IBM root and intermediate certificates
- && wget -O ibm-ca-certificates.deb http://ocdc.hursley.ibm.com/ocdc/ibm-ca-certificates.deb \
- && dpkg -i ibm-ca-certificates.deb \
- && rm ibm-ca-certificates.deb \
- #
- # Allow jenkins user to run docker and sudo
- #
- && useradd --shell /bin/bash --create-home --groups docker jenkins \
- && echo "jenkins:jenkinspass" | chpasswd \
- && echo "jenkins ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers \
- && chmod u+s /usr/bin/sudo \
- && echo "GRADLE_HOME=/opt/packages/gradle/gradle-${GRADLE_VERSION}" >> /home/jenkins/.profile \
- && echo "GOROOT=/usr/local/go" >> /home/jenkins/.profile \
- && echo "GOPATH=$HOME/go" >> /home/jenkins/.profile \
- && echo "PATH=$PATH:$GOROOT/bin:$GOPATH/bin" >> /home/jenkins/.profile \
- && ln -sf /bin/bash /bin/sh \
- #
- # Adjust Java security policy
- #
- && sed -i 's/jdk.tls.disabledAlgorithms=/jdk.tls.disabledAlgorithms=SSLv2Hello, DES40_CBC, RC4_40, SSLv2, TLSv1, TLSv1.1, /g' /etc/java-8-openjdk/security/java.security
- USER jenkins
- RUN mkdir -p /home/jenkins/.ssh \
- && mkdir -p /home/jenkins/.m2 \
- && chmod -R 777 /home/jenkins/.m2 \
- && git config --global user.email "ulbricht@us.ibm.com" \
- && git config --global user.name "Brent Ulbricht" \
- #
- # container service plugin
- #
- && wget -O /tmp/container-service-linux-amd64-${KS_VERSION} https://public.dhe.ibm.com/cloud/bluemix/cli/bluemix-plugins/container-service/${KS_VERSION}/container-service-linux-amd64-${KS_VERSION} \
- && bluemix plugin install /tmp/container-service-linux-amd64-${KS_VERSION} \
- && rm -rf /tmp/container-service-linux-amd64-${KS_VERSION} \
- #
- # container registry plugin
- #
- && wget -O /tmp/container-registry-linux-amd64-${CR_VERSION} https://plugins.ng.bluemix.net/downloads/bluemix-plugins/container-registry/${CR_VERSION}/container-registry-linux-amd64-${CR_VERSION} \
- && bluemix plugin install /tmp/container-registry-linux-amd64-${CR_VERSION} \
- && rm -rf /tmp/container-registry-linux-amd64-${CR_VERSION} \
- #
- # cloud internet service plugin
- #
- && wget -O /tmp/cloud-internet-services-linux-amd64-${CIS_VERSION} https://public.dhe.ibm.com/cloud/bluemix/cli/bluemix-plugins/cloud-internet-services/${CIS_VERSION}/cloud-internet-services-linux-amd64-${CIS_VERSION} \
- && bluemix plugin install /tmp/cloud-internet-services-linux-amd64-${CIS_VERSION} \
- && rm -rf /tmp/cloud-internet-services-linux-amd64-${CIS_VERSION}
- ADD caches.tgz /home/jenkins
- COPY settings.xml /home/jenkins/.m2/
- COPY .npmrc /home/jenkins/
- COPY config /home/jenkins/.ssh
- COPY sa_*.xml /home/jenkins/
- USER root
- # Use tini as reaper in Docker container to adopt zombie processes
- # See https://github.com/krallin/tini for more details
- # Current version: 0.9.0
- COPY tini-static /bin/tini
- ENTRYPOINT ["/bin/tini", "--"]
- # Add customized slave setup code
- COPY setup_slave.sh /var/lib/jenkins_slave/
- WORKDIR /var/lib/jenkins_slave
- #Execute wrapper script
- CMD ["./setup_slave.sh"]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement