Disabled auto updaters

Author: stanbrub

.github/scripts/setup-test-server-remote.sh

@@ -20,14 +20,14 @@ GIT_BRANCH=$2
 RUN_TYPE=$3                     # ex. nightly | release | compare
 DOCKER_IMG=$4			# ex. edge | 0.32.0 (assumes location ghcr.io/deephaven/server)
 DEEPHAVEN_DIR=/${HOME}/deephaven
+export DEBIAN_FRONTEND=noninteractive
 
 title () { echo; echo $1; }
 
 title "- Setting Up Remote Benchmark Testing on ${HOST} -"
 
 title "-- Waiting for APT to be Free --"
 BEGIN_SECS=$(date +%s)
-export DEBIAN_FRONTEND=noninteractive
 STATUS=0
 for i in {1..60}; do
   if ! sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1 && ! sudo fuser /var/lib/apt/lists/lock >/dev/null 2>&1 \
@@ -44,6 +44,29 @@ if [[ $STATUS -eq 0 ]]; then
   exit 1
 fi
 
+title "-- Disabling Automatic Updates --"
+sudo systemctl stop unattended-upgrades.service 2>/dev/null || true
+sudo systemctl stop apt-daily.service 2>/dev/null || true
+sudo systemctl stop apt-daily-upgrade.service 2>/dev/null || true
+sudo systemctl disable --now apt-daily.timer 2>/dev/null || true
+sudo systemctl disable --now apt-daily-upgrade.timer 2>/dev/null || true
+sudo systemctl mask unattended-upgrades.service 2>/dev/null || true
+sudo systemctl mask apt-daily.service 2>/dev/null || true
+sudo systemctl mask apt-daily-upgrade.service 2>/dev/null || true
+sudo tee /etc/apt/apt.conf.d/10periodic >/dev/null <<EOF
+APT::Periodic::Enable "0";
+EOF
+sudo tee /etc/apt/apt.conf.d/20auto-upgrades >/dev/null <<EOF
+APT::Periodic::Update-Package-Lists "0";
+APT::Periodic::Unattended-Upgrade "0";
+EOF
+
+title "-- Disabling SSH Password Authentication --"
+sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
+sudo sed -i 's/^#\?KbdInteractiveAuthentication.*/KbdInteractiveAuthentication no/' /etc/ssh/sshd_config
+sudo sed -i 's/^#\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
+sudo systemctl reload sshd
+
 title "-- Adding OS Applications --"
 UPDATED=$(sudo update-alternatives --list java | grep -i temurin; echo $?)
 if [[ ${UPDATED} != 0 ]]; then

docs/ForkSetup.md

@@ -10,17 +10,20 @@ In the [Github Main Benchmark Repository](https://github.com/deephaven/benchmark
 
 ### Required Secrets
 
-Not all secrets are required for each workflow. In the following list, each secret is listed, what it means, and what workflows it is relevant for. To populate these secrets, go to the "Actions secrets and variables" page under "Settings -> Secrets and variables -> Actions". Some of these values will need to be supplied by your administrator.
+Not all secrets are required for each workflow. In the following table, each secret is listed, what it means, and what workflows it is relevant for. To populate these secrets, go to the "Actions secrets and variables" page under "Settings -> Secrets and variables -> Actions". Some of these values will need to be supplied by your administrator.
 
 | Variable                   | Description                                                           | Shared (Ask Admin) | Optional |
 | -------------------------- | --------------------------------------------------------------------- | ------------------ | -------- |
 | BENCHMARK_GCLOUD           | The GCloud Service Account Key (credentials) in JSON format           | Yes                | No       |
 | BENCHMARK_HOST             | The host ip for an existing (non-auto-provisioned) server             | No                 | No       |
 | BENCHMARK_USER             | The "run as" user for running benchmarks on the server                | No                 | No       |
 | BENCHMARK_KEY              | A private key used by SSH corresponding to a public key on the server | No                 | No       |
-| BENCHMARK_METAL_AUTH_TOKEN | The key required to access the bare metal provider API                | Yes                | No       |
-| BENCHMARK_METAL_PROJECT_ID | The project id from the bare metal provider for deployments           | Yes                | No       |
+| BENCHMARK_METAL_AUTH_TOKEN | The key/secret required to access the bare metal provider API         | Yes                | No       |
+| BENCHMARK_METAL_PROJECT_ID | The project/client id from the bare metal provider for deployments    | Yes                | No       |
 | BENCHMARK_SLACK_CHANNEL    | Slack channel to notify on workflow completion (ex. @your-slack-user) | No                 | Yes      |
 | BENCHMARK_SLACK_TOKEN      | Slack token for notification                                          | Yes                | Yes      |
 | BENCHMARK_SIGNING_KEY      | Use to GPG-sign published benchmark artifacts to maven central        | Yes                | Yes      |
 
+### Deephaven Users Only
+
+Since this is a public repository, secrets for use of Deephaven servers cannot be supplied here. You can find what you need in our vault under `Benchmark Community Fork Setup`.