Valentin Lab
9 years ago
14 changed files with 561 additions and 440 deletions
-
440precise/host/hooks/install
-
9precise/host/hooks/install.d/00-base.sh
-
7precise/host/hooks/install.d/05-shyaml.sh
-
51precise/host/hooks/install.d/10-gitconfig.sh
-
17precise/host/hooks/install.d/15-etckeeper.sh
-
23precise/host/hooks/install.d/20-kal-scripts.sh
-
52precise/host/hooks/install.d/30-customize.sh
-
28precise/host/hooks/install.d/35-git-access.sh
-
20precise/host/hooks/install.d/36-gitsub.sh
-
93precise/host/hooks/install.d/40-btrfs.sh
-
8precise/host/hooks/install.d/50-lxc.sh
-
69precise/host/hooks/install.d/70-0k.sh
-
111precise/host/hooks/install.d/80-dns-waterfall.sh
-
73precise/host/hooks/install.d/90-shorewall.sh
@ -1,440 +0,0 @@ |
|||||
#!/bin/bash |
|
||||
|
|
||||
set -eux # -x for verbose logging to juju debug-log |
|
||||
|
|
||||
apt-get update |
|
||||
apt-get -y install bash-completion wget bzip2 git-core less language-pack-en python-software-properties tmux mosh sudo git |
|
||||
|
|
||||
## 0k git remote path |
|
||||
GIT_0K_BASE=${GIT_0K_BASE:-"git.0k.io:/var/git"} |
|
||||
|
|
||||
## 0k git remote options |
|
||||
GIT_0K_CLONE_OPTIONS=${GIT_0K_CLONE_OPTIONS:-""} |
|
||||
|
|
||||
|
|
||||
#BTRFS_DEVICE= |
|
||||
BTRFS_MOUNT_ROOT=${BTRFS_MOUNT_ROOT:-"/mnt/btrfs-root"} |
|
||||
if [ -z "$BTRFS_DEVICE" ]; then |
|
||||
echo "You must set a BTRFS_DEVICE environement variable prior to executing this hook." |
|
||||
exit 1 |
|
||||
fi |
|
||||
|
|
||||
MAIL_NAME=${MAIL_NAME:-localhost} |
|
||||
MAIL_DOMAINNAME=${MAIL_DOMAINNAME:-"localdomain"} |
|
||||
MAIL_SATTELITE_RELAYHOST=${MAIL_SATTELITE_RELAYHOST:-} |
|
||||
|
|
||||
|
|
||||
## |
|
||||
## etckeeper |
|
||||
## |
|
||||
|
|
||||
apt-get install etckeeper |
|
||||
|
|
||||
sed -i 's/#VCS="git"/VCS="git"/g' /etc/etckeeper/etckeeper.conf |
|
||||
sed -i 's/VCS="bzr"/#VCS="bzr"/g' /etc/etckeeper/etckeeper.conf |
|
||||
|
|
||||
etckeeper init |
|
||||
|
|
||||
|
|
||||
## |
|
||||
## Git utilities |
|
||||
## |
|
||||
|
|
||||
echo "[alias] |
|
||||
co = checkout |
|
||||
com = commit |
|
||||
st = status |
|
||||
ci = commit |
|
||||
|
|
||||
[color] |
|
||||
branch = auto |
|
||||
diff = auto |
|
||||
interactive = auto |
|
||||
status = auto |
|
||||
|
|
||||
" >> /etc/gitconfig |
|
||||
|
|
||||
|
|
||||
|
|
||||
## |
|
||||
## kal-scripts |
|
||||
## |
|
||||
|
|
||||
cat <<EOF >> /etc/apt/sources.list |
|
||||
|
|
||||
## vlab's shell libraries |
|
||||
deb http://deb.kalysto.org no-dist kal-alpha kal-beta kal-main |
|
||||
|
|
||||
EOF |
|
||||
apt-get update |
|
||||
|
|
||||
apt-get install -y --force-yes kal-scripts python-pip && |
|
||||
pip install shyaml |
|
||||
|
|
||||
## |
|
||||
## More shell configurations (prompt, functions) |
|
||||
## |
|
||||
|
|
||||
mkdir -p /etc/prompt |
|
||||
|
|
||||
cat <<EOF > /etc/prompt/prompt.1.rc |
|
||||
PROMPT_COMMAND="" |
|
||||
parse_git_branch() { |
|
||||
ref=\$(git symbolic-ref HEAD 2> /dev/null) || return |
|
||||
echo -en ' (\033[0;32m'\${ref#refs/heads/}'\033[0m)' |
|
||||
} |
|
||||
export PS1="\[\033[0;37m\][\[\033[1;30m\]\u\[\033[0;37m\]@\[\033[1;30m\]\h\[\033[0;37m\]]-[\[\033[1;34m\]\w\[\033[0;37m\]]\\\$(parse_git_branch)\n\[\033[1;37m\]\\$ \[\033[0;37m\]" |
|
||||
EOF |
|
||||
|
|
||||
cat <<EOF >> /root/.bashrc |
|
||||
|
|
||||
## History management |
|
||||
|
|
||||
export HISTCONTROL=ignoredups |
|
||||
export HISTSIZE=50000 |
|
||||
shopt -s histappend |
|
||||
PROMPT_COMMAND='history -a' |
|
||||
|
|
||||
|
|
||||
## Prompt easy management |
|
||||
|
|
||||
prompt() { |
|
||||
prompt_name="prompt.\$1.rc" |
|
||||
|
|
||||
for i in /etc/prompt ~/.prompt; do |
|
||||
[ -f "\$i/\$prompt_name" ] && |
|
||||
. "\$i/\$prompt_name" |
|
||||
done |
|
||||
} |
|
||||
|
|
||||
|
|
||||
## Git log command |
|
||||
|
|
||||
function glog() { |
|
||||
git log --graph --pretty=tformat:%C\(yellow\ normal\)%h%Creset\ %C\(blue\ normal\)%an%Creset\ %s\ %Cgreen%d%Creset -n 20 "\$@" |
|
||||
} |
|
||||
|
|
||||
|
|
||||
prompt 1 |
|
||||
|
|
||||
EOF |
|
||||
|
|
||||
## |
|
||||
## btrfs install |
|
||||
## |
|
||||
|
|
||||
apt-get install -y btrfs-tools |
|
||||
|
|
||||
echo "the following is dangerous code. Please execute yourself for now." |
|
||||
exit 1 |
|
||||
## Format the device and add entry in fstab |
|
||||
|
|
||||
mkfs.btrfs "$BTRFS_DEVICE" |
|
||||
|
|
||||
UUID="$(blkid -s UUID $BTRFS_DEVICE -o value)" |
|
||||
echo "UUID=$UUID $BTRFS_MOUNT_ROOT btrfs defaults,relatime,compress=lzo,auto 0 0" >> /etc/fstab |
|
||||
|
|
||||
## Mount point and mount device |
|
||||
|
|
||||
mkdir "$BTRFS_MOUNT_ROOT" -p |
|
||||
mount "$BTRFS_MOUNT_ROOT" |
|
||||
|
|
||||
## Build subvolume structure |
|
||||
|
|
||||
btrfs subvolume create $BTRFS_MOUNT_ROOT/var |
|
||||
mkdir $BTRFS_MOUNT_ROOT/var/{lib,cache,backups} -p |
|
||||
for d in $BTRFS_MOUNT_ROOT/var/{lib,cache,backups}; do |
|
||||
btrfs subvolume create $d/lxc |
|
||||
done |
|
||||
|
|
||||
for d in $BTRFS_MOUNT_ROOT/srv/{,lxc-datastore{,/config,/data}}; do |
|
||||
btrfs subvolume create $d |
|
||||
done |
|
||||
|
|
||||
## Add binds to /etc/fstab |
|
||||
|
|
||||
cat <<EOF >> /etc/fstab |
|
||||
|
|
||||
## binds |
|
||||
|
|
||||
/mnt/btrfs-root/var/lib/lxc /var/lib/lxc none bind,defaults,auto 0 0 |
|
||||
/mnt/btrfs-root/var/cache/lxc /var/cache/lxc none bind,defaults,auto 0 0 |
|
||||
/mnt/btrfs-root/var/backups/lxc /var/backups/lxc none bind,defaults,auto 0 0 |
|
||||
/mnt/btrfs-root/srv/lxc-datastore /srv/lxc-datastore none bind,defaults,auto 0 0 |
|
||||
|
|
||||
|
|
||||
EOF |
|
||||
|
|
||||
mkdir -p /var/backups/lxc /srv/lxc-datastore |
|
||||
|
|
||||
## |
|
||||
## lxc tools |
|
||||
## |
|
||||
|
|
||||
apt-get install lxc |
|
||||
|
|
||||
mount -a |
|
||||
|
|
||||
|
|
||||
mkdir -p /opt/apps |
|
||||
|
|
||||
## |
|
||||
## ssh config |
|
||||
## |
|
||||
|
|
||||
|
|
||||
cp src/etc/ssh/lxc_git_access_id_rsa /etc/ssh/lxc_git_access_id_rsa |
|
||||
chmod 0600 /etc/ssh/lxc_git_access_id_rsa |
|
||||
|
|
||||
cat <<EOF >> ~/.ssh/config |
|
||||
|
|
||||
Host git.0k.io |
|
||||
User lxc-user |
|
||||
IdentityFile /etc/ssh/lxc_git_access_id_rsa |
|
||||
UserKnownHostsFile /dev/null |
|
||||
StrictHostKeyChecking no |
|
||||
Port 10022 |
|
||||
|
|
||||
EOF |
|
||||
|
|
||||
|
|
||||
## |
|
||||
## Install 0k-manage |
|
||||
## |
|
||||
|
|
||||
( |
|
||||
if ! [ -d "/opt/apps/0k-manage" ]; then |
|
||||
cd /opt/apps && |
|
||||
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-manage.git" && |
|
||||
cd /opt/apps/0k-manage && |
|
||||
git checkout 0k/prod/master |
|
||||
fi |
|
||||
) |
|
||||
|
|
||||
## |
|
||||
## Install 0k-charms |
|
||||
## |
|
||||
|
|
||||
( |
|
||||
if ! [ -d "/opt/apps/0k-charms" ]; then |
|
||||
cd /opt/apps && |
|
||||
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-charms.git" && |
|
||||
cd /opt/apps/0k-charms && |
|
||||
git checkout master |
|
||||
fi |
|
||||
|
|
||||
if ! [ -d "/srv/charm-store" ]; then |
|
||||
mkdir -p /srv && |
|
||||
ln -sf /opt/apps/0k-charms/precise /srv/charm-store |
|
||||
fi |
|
||||
|
|
||||
|
|
||||
) |
|
||||
|
|
||||
|
|
||||
## |
|
||||
## Install lxc-scripts |
|
||||
## |
|
||||
|
|
||||
( |
|
||||
if ! [ -d "/opt/apps/lxc-scripts" ]; then |
|
||||
cd /opt/apps && |
|
||||
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/lxc-scripts.git" && |
|
||||
cd /opt/apps/0k-manage && |
|
||||
git checkout master && |
|
||||
ln -sf /opt/apps/lxc-scripts/bin/lxc-* /usr/local/sbin/ && |
|
||||
ln -sf /opt/apps/lxc-scripts/usr/lib/lxc/templates/lxc-0k-ubuntu-cloud /usr/lib/lxc/templates/ |
|
||||
fi |
|
||||
) |
|
||||
|
|
||||
## |
|
||||
## Patch some files |
|
||||
## |
|
||||
|
|
||||
stop lxc-net |
|
||||
|
|
||||
( |
|
||||
cp src/etc/default/lxc /etc/default/lxc && |
|
||||
cp src/etc/init/lxc{,-net}.conf /etc/init |
|
||||
) |
|
||||
|
|
||||
start lxc-net |
|
||||
|
|
||||
## |
|
||||
## Install dns waterfall |
|
||||
## |
|
||||
|
|
||||
apt-get install -y bind9 dnsmasq |
|
||||
|
|
||||
echo "Change /etc/default/lxc accordingly (use 172.48.#NB) as prefix" |
|
||||
echo "and add HOST_EXTERNAL_DEVICE=" |
|
||||
exit 1 |
|
||||
|
|
||||
# edit /etc/dnsmaq.conf |
|
||||
echo " |
|
||||
server=$(. /etc/default/lxc && echo "$LXC_ADDR") |
|
||||
interface=lo |
|
||||
no-negcache |
|
||||
log-queries |
|
||||
log-facility=/var/log/dnsmasq.log |
|
||||
" >> /etc/dnsmasq.conf |
|
||||
|
|
||||
( |
|
||||
cp "src/etc/bind/named.conf.options" "/etc/bind/named.conf.options" && |
|
||||
sed -ri "s/%%EXTERNAL_IP%%/$(. /etc/default/lxc && ifip "$HOST_EXTERNAL_DEVICE")/g" "/etc/bind/named.conf.options" |
|
||||
) |
|
||||
## XXXvlab: Maybe we could change this in the service start/stop of the named daemon |
|
||||
|
|
||||
mkdir /var/log/named -p && |
|
||||
chown bind:bind /var/log/named |
|
||||
|
|
||||
/etc/init.d/bind9 restart |
|
||||
/etc/init.d/dnsmasq restart |
|
||||
|
|
||||
## |
|
||||
## Logrotate for dnsmasq and named |
|
||||
## |
|
||||
|
|
||||
cat <<EOF > /etc/logrotate.d/dnsmasq |
|
||||
|
|
||||
/var/log/dnsmasq.log { |
|
||||
missingok |
|
||||
copytruncate |
|
||||
notifempty |
|
||||
compress |
|
||||
|
|
||||
postrotate |
|
||||
kill -s SIGUSR2 "\$(cat /var/run/dnsmasq/dnsmasq.pid)" |
|
||||
endscript |
|
||||
} |
|
||||
|
|
||||
EOF |
|
||||
|
|
||||
|
|
||||
cat <<EOF > /etc/logrotate.d/lxc-dnsmasq |
|
||||
|
|
||||
/var/log/lxc-dnsmasq.log { |
|
||||
missingok |
|
||||
copytruncate |
|
||||
notifempty |
|
||||
compress |
|
||||
|
|
||||
postrotate |
|
||||
kill -s SIGUSR2 "\$(cat /var/run/lxc/dnsmasq.pid)" |
|
||||
endscript |
|
||||
} |
|
||||
|
|
||||
EOF |
|
||||
|
|
||||
cat <<EOF > /etc/logrotate.d/named |
|
||||
/var/log/named/*.log { |
|
||||
missingok |
|
||||
copytruncate |
|
||||
notifempty |
|
||||
compress |
|
||||
} |
|
||||
EOF |
|
||||
|
|
||||
|
|
||||
## |
|
||||
## shorewall |
|
||||
## |
|
||||
|
|
||||
apt-get install -y shorewall |
|
||||
|
|
||||
cat <<EOF > /etc/shorewall/zones |
|
||||
fw firewall |
|
||||
net ipv4 |
|
||||
lan ipv4 |
|
||||
EOF |
|
||||
|
|
||||
cat <<EOF > /etc/shorewall/interfaces |
|
||||
#ZONE INTERFACE BROADCAST OPTIONS |
|
||||
net eth0 |
|
||||
## Uncomment to enable vpn setup |
|
||||
#vpn tun0 detect |
|
||||
lan lxcbr0 - routeback |
|
||||
EOF |
|
||||
|
|
||||
cat <<EOF > /etc/shorewall/policy |
|
||||
#SOURCE DEST RULE LOG |
|
||||
|
|
||||
fw all ACCEPT |
|
||||
lan all ACCEPT |
|
||||
net all DROP info |
|
||||
all all DROP info |
|
||||
EOF |
|
||||
|
|
||||
cat <<EOF > /etc/shorewall/rules |
|
||||
SSH/ACCEPT net fw |
|
||||
Ping/ACCEPT net fw |
|
||||
|
|
||||
|
|
||||
BEGIN SHELL |
|
||||
|
|
||||
host_ip="\$(/sbin/ifconfig eth0 2> /dev/null | sed "s/^.*inet ad\+r://g" | grep ^[0-9] | sed "s/ .*$//g")" |
|
||||
|
|
||||
for name in \$(lxc-ls-running); do |
|
||||
ip=\$(dig +short A "\$name") |
|
||||
[ -e "/var/lib/lxc/\$name/shorewall" ] && |
|
||||
cat /var/lib/lxc/\$name/shorewall | sed -r "s/%%HOST_INTERNET_IP%%/\$host_ip/g" \ |
|
||||
| sed -r "s/%%IP%%/\$ip/g" |
|
||||
|
|
||||
done |
|
||||
|
|
||||
true |
|
||||
|
|
||||
END SHELL |
|
||||
|
|
||||
EOF |
|
||||
|
|
||||
|
|
||||
cat <<EOF > /etc/shorewall/masq |
|
||||
eth0 lxcbr0 |
|
||||
EOF |
|
||||
|
|
||||
## |
|
||||
## Mail facilities |
|
||||
## |
|
||||
|
|
||||
( |
|
||||
debconf-set-selections <<< "postfix postfix/mailname string ${MAIL_NAME}.${MAIL_DOMAINNAME}" && |
|
||||
debconf-set-selections <<< "postfix postfix/main_mailer_type select 'Local only'" && |
|
||||
|
|
||||
apt-get install -y postfix mailutils && |
|
||||
|
|
||||
postconf inet_interfaces=loopback-only && |
|
||||
|
|
||||
[ -z "$MAIL_SATTELITE_RELAYHOST" ] && postconf relayhost="$MAIL_SATTELITE_RELAYHOST" |
|
||||
postfix reload |
|
||||
) |
|
||||
|
|
||||
## |
|
||||
## Warnings |
|
||||
## |
|
||||
|
|
||||
|
|
||||
ln -sf /opt/apps/0k-manage/src/etc/cron.hourly/* /etc/cron.hourly/ |
|
||||
ln -sf /opt/apps/lxc-scripts/etc/cron.hourly/* /etc/cron.hourly/ |
|
||||
|
|
||||
## |
|
||||
## Backup lxc |
|
||||
## |
|
||||
|
|
||||
( |
|
||||
if ! [ -d "/opt/apps/0k-manage" ]; then |
|
||||
cd /opt/apps && |
|
||||
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-manage.git" && |
|
||||
cd /opt/apps/0k-manage && |
|
||||
git checkout 0k/prod/master |
|
||||
fi |
|
||||
|
|
||||
## these are required by /etc/cron.hourly/lxc-backup |
|
||||
|
|
||||
pip install sact.epoch && |
|
||||
(cd /usr/local/lib/python2.7/dist-packages/; |
|
||||
mv zope zope-bad) && |
|
||||
pip install zope.interface --upgrade && |
|
||||
pip install zope.component --upgrade && |
|
||||
ln -sf /opt/apps/0k-manage/src/bin/* /usr/local/bin/ |
|
||||
) |
|
@ -0,0 +1,9 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
set +eux |
||||
|
|
||||
|
apt-get update |
||||
|
apt-get -y --force-yes install bash-completion wget bzip2 git-core \ |
||||
|
less language-pack-en python-software-properties tmux mosh \ |
||||
|
sudo git </dev/null |
||||
|
|
@ -0,0 +1,7 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
## For shyaml |
||||
|
|
||||
|
apt-get install -y --force-yes python-pip libyaml-dev python-dev </dev/null |
||||
|
|
||||
|
pip install shyaml |
@ -0,0 +1,51 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
## |
||||
|
## Git utilities |
||||
|
## |
||||
|
|
||||
|
cat <<EOF > /etc/gitconfig |
||||
|
[alias] |
||||
|
co = checkout |
||||
|
com = commit |
||||
|
st = status |
||||
|
ci = commit |
||||
|
|
||||
|
[color] |
||||
|
branch = auto |
||||
|
diff = auto |
||||
|
interactive = auto |
||||
|
status = auto |
||||
|
|
||||
|
[core] |
||||
|
whitespace = fix |
||||
|
excludesfile = /etc/gitignore |
||||
|
|
||||
|
EOF |
||||
|
|
||||
|
cat <<EOF > /etc/gitignore |
||||
|
docs/build/* |
||||
|
develop-eggs/* |
||||
|
*.pyc |
||||
|
*.o |
||||
|
.installed.cfg |
||||
|
eggs/* |
||||
|
*.egg-info/* |
||||
|
*.orig |
||||
|
dist/* |
||||
|
build/* |
||||
|
buildout.dev.cfg |
||||
|
*~ |
||||
|
*# |
||||
|
.#* |
||||
|
*.swp |
||||
|
*_flymake.* |
||||
|
.svn |
||||
|
|
||||
|
EOF |
||||
|
|
||||
|
|
||||
|
|
||||
|
git config --global user.email "default@$(hostname)" |
||||
|
git config --global user.name "default" |
||||
|
|
@ -0,0 +1,17 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
set +eux |
||||
|
|
||||
|
[ "$DOCKER" ] && exit 0 |
||||
|
|
||||
|
## |
||||
|
## etckeeper |
||||
|
## |
||||
|
|
||||
|
apt-get install -y etckeeper </dev/null |
||||
|
|
||||
|
sed -i 's/#VCS="git"/VCS="git"/g;s/VCS="bzr"/#VCS="bzr"/g' \ |
||||
|
/etc/etckeeper/etckeeper.conf |
||||
|
|
||||
|
etckeeper init |
||||
|
|
@ -0,0 +1,23 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
set -eux |
||||
|
|
||||
|
## |
||||
|
## kal-scripts |
||||
|
## |
||||
|
|
||||
|
|
||||
|
if ! [ -e /etc/apt/sources.list.d/kalysto.org.list ]; then |
||||
|
cat <<EOF > /etc/apt/sources.list.d/kalysto.org.list |
||||
|
|
||||
|
## vlab's shell libraries |
||||
|
deb http://deb.kalysto.org no-dist kal-alpha kal-beta kal-main |
||||
|
|
||||
|
EOF |
||||
|
|
||||
|
## Update only this repo: |
||||
|
apt-get update -o Dir::Etc::sourcelist="sources.list.d/kalysto.org.list" \ |
||||
|
-o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" |
||||
|
fi |
||||
|
|
||||
|
apt-get install -y --force-yes kal-scripts |
@ -0,0 +1,52 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
## Requires kal-script |
||||
|
|
||||
|
|
||||
|
## |
||||
|
## More shell configurations (prompt, functions) |
||||
|
## |
||||
|
|
||||
|
mkdir -p /etc/prompt |
||||
|
|
||||
|
cat <<EOF > /etc/prompt/prompt.1.rc |
||||
|
PROMPT_COMMAND="" |
||||
|
parse_git_branch() { |
||||
|
ref=\$(git symbolic-ref HEAD 2> /dev/null) || return |
||||
|
echo -en ' (\033[0;32m'\${ref#refs/heads/}'\033[0m)' |
||||
|
} |
||||
|
export PS1="\[\033[0;37m\][\[\033[1;30m\]\u\[\033[0;37m\]@\[\033[1;30m\]\H\[\033[0;37m\]]-[\[\033[1;34m\]\w\[\033[0;37m\]]\\\$(parse_git_branch)\n\[\033[1;37m\]\\$ \[\033[0;37m\]" |
||||
|
EOF |
||||
|
|
||||
|
cat <<EOF >> /root/.bashrc |
||||
|
|
||||
|
## History management |
||||
|
|
||||
|
export HISTCONTROL=ignoredups |
||||
|
export HISTSIZE=50000 |
||||
|
shopt -s histappend |
||||
|
PROMPT_COMMAND='history -a' |
||||
|
|
||||
|
|
||||
|
## Prompt easy management |
||||
|
|
||||
|
prompt() { |
||||
|
prompt_name="prompt.\$1.rc" |
||||
|
|
||||
|
for i in /etc/prompt ~/.prompt; do |
||||
|
[ -f "\$i/\$prompt_name" ] && |
||||
|
. "\$i/\$prompt_name" |
||||
|
done |
||||
|
} |
||||
|
|
||||
|
|
||||
|
## Git log command |
||||
|
|
||||
|
function glog() { |
||||
|
git log --graph --pretty=tformat:%C\(yellow\ normal\)%h%Creset\ %C\(blue\ normal\)%an%Creset\ %s\ %Cgreen%d%Creset -n 20 "\$@" |
||||
|
} |
||||
|
|
||||
|
prompt 1 |
||||
|
|
||||
|
EOF |
||||
|
|
@ -0,0 +1,28 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
|
||||
|
## |
||||
|
## ssh config |
||||
|
## |
||||
|
|
||||
|
cp src/etc/ssh/lxc_git_access_id_rsa /etc/ssh/lxc_git_access_id_rsa |
||||
|
chmod 0600 /etc/ssh/lxc_git_access_id_rsa |
||||
|
|
||||
|
SSH_CONFIG_DIR=~/.ssh |
||||
|
|
||||
|
mkdir -p "$SSH_CONFIG_DIR" |
||||
|
|
||||
|
if ! grep '^Host 0k-ro' "$SSH_CONFIG_DIR"/config >/dev/null 2>&1; then |
||||
|
cat <<EOF >> "$SSH_CONFIG_DIR"/config |
||||
|
|
||||
|
Host 0k-ro |
||||
|
Hostname git.0k.io |
||||
|
Port 10022 |
||||
|
User lxc-user |
||||
|
IdentityFile /etc/ssh/lxc_git_access_id_rsa |
||||
|
UserKnownHostsFile /dev/null |
||||
|
StrictHostKeyChecking no |
||||
|
|
||||
|
EOF |
||||
|
|
||||
|
fi |
@ -0,0 +1,20 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
set -eux # -x for verbose logging to juju debug-log |
||||
|
|
||||
|
|
||||
|
## 0k git remote path |
||||
|
GIT_0K_BASE=${GIT_0K_BASE:-"0k-ro:/var/git"} |
||||
|
|
||||
|
## 0k git remote options |
||||
|
GIT_0K_CLONE_OPTIONS=${GIT_0K_CLONE_OPTIONS:-""} |
||||
|
|
||||
|
|
||||
|
## |
||||
|
## install git sub |
||||
|
## |
||||
|
|
||||
|
mkdir -p /opt/apps && |
||||
|
cd /opt/apps && |
||||
|
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE"/0k/git-sub && |
||||
|
ln -sf /opt/apps/git-sub/bin/git-sub /usr/lib/git-core/ |
@ -0,0 +1,93 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
## |
||||
|
## btrfs install |
||||
|
## |
||||
|
|
||||
|
#BTRFS_DEVICE= |
||||
|
BTRFS_MOUNT_ROOT=${BTRFS_MOUNT_ROOT:-"/mnt/btrfs-root"} |
||||
|
if [ -z "$BTRFS_DEVICE" ]; then |
||||
|
echo "You must set a BTRFS_DEVICE environment variable prior to executing this hook." |
||||
|
exit 1 |
||||
|
fi |
||||
|
|
||||
|
apt-get install -y btrfs-tools |
||||
|
|
||||
|
if [ "$FORCE" != "yes" ]; then |
||||
|
echo "the following is dangerous code. Please execute with FORCE=yes." |
||||
|
echo "it DELETES directory /var/lib/docker if you have one." |
||||
|
exit 1 |
||||
|
fi |
||||
|
|
||||
|
## "$BTRFS_DEVICE" device should not be mounted |
||||
|
if mount | egrep ^"$BTRFS_DEVICE\s+" >/dev/null 2>&1; then |
||||
|
umount "$BTRFS_DEVICE" || { |
||||
|
echo "Can't umount $BTRFS_DEVICE. Aborting script." |
||||
|
exit 1 |
||||
|
} |
||||
|
echo "Unmounted $BTRFS_DEVICE." |
||||
|
fi |
||||
|
|
||||
|
|
||||
|
if egrep ^"$BTRFS_DEVICE\s+" /etc/fstab >/dev/null 2>&1; then |
||||
|
sed -r -i "\%^$BTRFS_DEVICE\s+%d" /etc/fstab || { |
||||
|
echo "Couldn't remove device $BTRFS_DEVICE from fstab." |
||||
|
exit 1 |
||||
|
} |
||||
|
echo "Removed device $BTRFS_DEVICE from fstab." |
||||
|
fi |
||||
|
|
||||
|
|
||||
|
## Format the device and add entry in fstab |
||||
|
|
||||
|
mkfs.btrfs -f "$BTRFS_DEVICE" |
||||
|
|
||||
|
## No need of UID it seems: |
||||
|
# UUID="$(blkid -s UUID $BTRFS_DEVICE -o value)" |
||||
|
# echo "UUID=$UUID $BTRFS_MOUNT_ROOT btrfs defaults,relatime,compress=lzo,space_cache,auto 0 0" >> /etc/fstab |
||||
|
echo "$BTRFS_DEVICE $BTRFS_MOUNT_ROOT btrfs defaults,relatime,compress=lzo,space_cache,auto 0 0" >> /etc/fstab |
||||
|
|
||||
|
|
||||
|
## Mount point and mount device |
||||
|
|
||||
|
mkdir "$BTRFS_MOUNT_ROOT" -p |
||||
|
mount "$BTRFS_MOUNT_ROOT" |
||||
|
|
||||
|
|
||||
|
if [ -d /var/lib/docker ] ; then |
||||
|
RESTART_DOCKER=yes |
||||
|
service docker stop |
||||
|
## XXXvlab: moving doesn't work and is not desirable, as we want docker |
||||
|
## to setup and detect new underlying btrfs system. |
||||
|
# mv "/var/lib/docker/"* "$BTRFS_MOUNT_ROOT/var/lib/docker" |
||||
|
rm -rf /var/lib/docker/* |
||||
|
fi |
||||
|
|
||||
|
|
||||
|
## Build subvolume structure |
||||
|
|
||||
|
for d in /home /var{/{lib,cache,backups}/lxc,/lib/docker} \ |
||||
|
/var/backups/snapshot \ |
||||
|
/srv/{lxc,docker}-datastore{,/config,/data}; do |
||||
|
mkdir -p "$(dirname "$BTRFS_MOUNT_ROOT$d")" ## creates parent directory of subvolume |
||||
|
btrfs subvolume create "$BTRFS_MOUNT_ROOT$d" |
||||
|
mkdir -p "$d" |
||||
|
|
||||
|
binds=$(cat /etc/fstab | egrep '\s+none\s+' | grep bind | grep -v '^\s+#' | sed -r 's/^\s*([^ ]+).*$/\1/g') |
||||
|
for b in $binds; do |
||||
|
if [[ "$BTRFS_MOUNT_ROOT$d/" == "$b/"* ]]; then |
||||
|
echo "Directory '$d' is already available via bind '$b'." |
||||
|
continue 2 |
||||
|
fi |
||||
|
done |
||||
|
|
||||
|
## Add bind to /etc/fstab |
||||
|
echo "$BTRFS_MOUNT_ROOT$d $d none bind,defaults,auto 0 0" >> /etc/fstab |
||||
|
done |
||||
|
|
||||
|
|
||||
|
## Mount all binds |
||||
|
|
||||
|
mount -a |
||||
|
|
||||
|
[ -z "$RESTART_DOCKER" ] || service docker start |
@ -0,0 +1,8 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
apt-get install lxc -y --force-yes </dev/null |
||||
|
|
||||
|
## required to access the created lxc ! |
||||
|
if ! [ -e ~/.ssh/id_rsa ]; then |
||||
|
ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa -q |
||||
|
fi |
@ -0,0 +1,69 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
|
||||
|
|
||||
|
## 0k git remote path |
||||
|
GIT_0K_BASE=${GIT_0K_BASE:-"0k-ro:/var/git"} |
||||
|
|
||||
|
## 0k git remote options |
||||
|
GIT_0K_CLONE_OPTIONS=${GIT_0K_CLONE_OPTIONS:-""} |
||||
|
|
||||
|
|
||||
|
## |
||||
|
## Install 0k-manage |
||||
|
## |
||||
|
|
||||
|
mkdir -p /opt/apps |
||||
|
( |
||||
|
if ! [ -d "/opt/apps/0k-manage" ]; then |
||||
|
cd /opt/apps && |
||||
|
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-manage.git" && |
||||
|
cd /opt/apps/0k-manage && |
||||
|
git checkout 0k/prod/master |
||||
|
fi |
||||
|
) |
||||
|
|
||||
|
## |
||||
|
## Install 0k-charms |
||||
|
## |
||||
|
|
||||
|
( |
||||
|
if ! [ -d "/opt/apps/0k-charms" ]; then |
||||
|
cd /opt/apps && |
||||
|
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-charms.git" && |
||||
|
cd /opt/apps/0k-charms && |
||||
|
git checkout master |
||||
|
fi |
||||
|
|
||||
|
if ! [ -d "/srv/charm-store" ]; then |
||||
|
mkdir -p /srv/charm-store && |
||||
|
find /opt/apps/0k-charms -type d -exec /usr/bin/test -e {}/metadata.yml \ |
||||
|
-o -e {}/metadata.yaml \; -print | while read f; do |
||||
|
ln -sf "$f" /srv/charm-store/ |
||||
|
done |
||||
|
fi |
||||
|
|
||||
|
) |
||||
|
|
||||
|
|
||||
|
## |
||||
|
## Install lxc-scripts |
||||
|
## |
||||
|
|
||||
|
( |
||||
|
if ! [ -d "/opt/apps/lxc-scripts" ]; then |
||||
|
cd /opt/apps && |
||||
|
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/lxc-scripts.git" && |
||||
|
cd /opt/apps/0k-manage && |
||||
|
git checkout master && |
||||
|
ln -sf /opt/apps/lxc-scripts/bin/lxc-* /usr/local/sbin/ && |
||||
|
[ -d /usr/lib/lxc/templates ] && { |
||||
|
ln -sf /opt/apps/lxc-scripts/usr/lib/lxc/templates/lxc-0k-ubuntu-cloud /usr/lib/lxc/templates/ |
||||
|
echo TEMPLATE_PATH=/usr/lib/lxc/templates >> /etc/default/lxc |
||||
|
} |
||||
|
[ -d /usr/share/lxc/templates ] && { |
||||
|
ln -sf /opt/apps/lxc-scripts/usr/lib/lxc/templates/lxc-0k-ubuntu-cloud /usr/share/lxc/templates |
||||
|
echo TEMPLATE_PATH=/usr/share/lxc/templates >> /etc/default/lxc |
||||
|
} |
||||
|
fi |
||||
|
) |
@ -0,0 +1,111 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
|
||||
|
[ "$LXC_NETWORK" ] || { |
||||
|
echo "You must set \$LXC_NETWORK (to something like 172.160.0 ) before using this script." |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
HOST_EXTERNAL_DEVICE=${HOST_EXTERNAL_DEVICE:-eth0} |
||||
|
|
||||
|
apt-get install -y bind9 dnsmasq |
||||
|
|
||||
|
echo HOST_EXTERNAL_DEVICE="$HOST_EXTERNAL_DEVICE" >> /etc/default/lxc |
||||
|
sed -ri "s%10\.0\.3\.%$LXC_NETWORK.%g;s%^#LXC_DHCP_CONFILE=%LXC_DHCP_CONFILE=%g" /etc/default/lxc-net |
||||
|
|
||||
|
LXC_ADDR=$(. /etc/default/lxc && echo "$LXC_ADDR") |
||||
|
if [ -z "$LXC_ADDR" ]; then |
||||
|
LXC_ADDR=$(. <(cat /usr/lib/x86_64-linux-gnu/lxc/lxc-net | grep ^LXC_ADDR | head -n 1) && echo "$LXC_ADDR") |
||||
|
fi |
||||
|
|
||||
|
HOST_IP=$(. /etc/default/lxc && ifip "$HOST_EXTERNAL_DEVICE") |
||||
|
|
||||
|
echo " |
||||
|
server=$LXC_ADDR |
||||
|
interface=lo |
||||
|
no-negcache |
||||
|
log-queries |
||||
|
log-facility=/var/log/dnsmasq.log |
||||
|
" >> /etc/dnsmasq.conf |
||||
|
|
||||
|
echo " |
||||
|
server=${HOST_IP} |
||||
|
log-queries |
||||
|
no-negcache |
||||
|
log-facility=/var/log/lxc-dnsmasq.log |
||||
|
" >> /etc/lxc/dnsmasq.conf |
||||
|
|
||||
|
( |
||||
|
cp "src/etc/bind/named.conf.options" "/etc/bind/named.conf.options" && |
||||
|
sed -ri "s/%%EXTERNAL_IP%%/$HOST_IP/g" "/etc/bind/named.conf.options" |
||||
|
) |
||||
|
## XXXvlab: Maybe we could change this in the service start/stop of the named daemon |
||||
|
|
||||
|
mkdir /var/log/named -p && |
||||
|
chown bind:bind /var/log/named |
||||
|
|
||||
|
/etc/init.d/bind9 restart |
||||
|
/etc/init.d/dnsmasq restart |
||||
|
service lxc restart |
||||
|
service lxc-net restart ## had to 'brctl delbr lxcbr0' myself |
||||
|
|
||||
|
cp /etc/resolv.conf{,.orig} |
||||
|
cat <<EOF > /etc/resolv.conf |
||||
|
nameserver 127.0.0.1 |
||||
|
#domain . ## didn't work on 12.04 |
||||
|
search localdomain ## imperfect, we don't want to search www.localdomain |
||||
|
EOF |
||||
|
|
||||
|
## |
||||
|
## Logrotate for dnsmasq and named |
||||
|
## |
||||
|
|
||||
|
cat <<EOF > /etc/logrotate.d/dnsmasq |
||||
|
|
||||
|
/var/log/dnsmasq.log { |
||||
|
missingok |
||||
|
copytruncate |
||||
|
notifempty |
||||
|
compress |
||||
|
|
||||
|
postrotate |
||||
|
kill -s SIGUSR2 "\$(cat /var/run/dnsmasq/dnsmasq.pid)" |
||||
|
endscript |
||||
|
} |
||||
|
|
||||
|
EOF |
||||
|
|
||||
|
|
||||
|
cat <<EOF > /etc/logrotate.d/lxc-dnsmasq |
||||
|
|
||||
|
/var/log/lxc-dnsmasq.log { |
||||
|
missingok |
||||
|
copytruncate |
||||
|
notifempty |
||||
|
compress |
||||
|
|
||||
|
postrotate |
||||
|
kill -s SIGUSR2 "\$(cat /var/run/lxc/dnsmasq.pid)" |
||||
|
endscript |
||||
|
} |
||||
|
|
||||
|
EOF |
||||
|
|
||||
|
cat <<EOF > /etc/logrotate.d/named |
||||
|
/var/log/named/*.log { |
||||
|
missingok |
||||
|
copytruncate |
||||
|
notifempty |
||||
|
compress |
||||
|
} |
||||
|
EOF |
||||
|
|
||||
|
## |
||||
|
## Testing |
||||
|
## |
||||
|
|
||||
|
# lsof -i4tcp:53 -n |
||||
|
# netstat -ltnp | grep :53 |
||||
|
# ping HOST |
||||
|
# host HOST |
||||
|
# tcpdump |
@ -0,0 +1,73 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
## |
||||
|
## shorewall |
||||
|
## |
||||
|
|
||||
|
apt-get install -y shorewall |
||||
|
|
||||
|
cat <<EOF > /etc/shorewall/zones |
||||
|
fw firewall |
||||
|
net ipv4 |
||||
|
lan ipv4 |
||||
|
EOF |
||||
|
|
||||
|
cat <<EOF > /etc/shorewall/interfaces |
||||
|
#ZONE INTERFACE BROADCAST OPTIONS |
||||
|
net eth0 |
||||
|
## Uncomment to enable vpn setup |
||||
|
#vpn tun0 detect |
||||
|
lan lxcbr0 - routeback |
||||
|
EOF |
||||
|
|
||||
|
cat <<EOF > /etc/shorewall/policy |
||||
|
#SOURCE DEST RULE LOG |
||||
|
|
||||
|
fw all ACCEPT |
||||
|
lan all ACCEPT |
||||
|
net all DROP info |
||||
|
all all DROP info |
||||
|
EOF |
||||
|
|
||||
|
cat <<EOF > /etc/shorewall/rules |
||||
|
SSH/ACCEPT net fw |
||||
|
Ping/ACCEPT net fw |
||||
|
|
||||
|
|
||||
|
BEGIN SHELL |
||||
|
|
||||
|
host_ip="\$(/sbin/ifconfig eth0 2> /dev/null | sed "s/^.*inet ad\+r://g" | grep ^[0-9] | sed "s/ .*$//g")" |
||||
|
|
||||
|
for name in \$(lxc-ls-running); do |
||||
|
ip=\$(dig +short A "\$name") |
||||
|
[ -e "/var/lib/lxc/\$name/shorewall" ] && |
||||
|
cat /var/lib/lxc/\$name/shorewall | sed -r "s/%%HOST_INTERNET_IP%%/\$host_ip/g" \ |
||||
|
| sed -r "s/%%IP%%/\$ip/g" |
||||
|
|
||||
|
done |
||||
|
|
||||
|
true |
||||
|
|
||||
|
END SHELL |
||||
|
|
||||
|
EOF |
||||
|
|
||||
|
cat <<EOF > /etc/shorewall/masq |
||||
|
eth0 lxcbr0 |
||||
|
EOF |
||||
|
|
||||
|
cat <<EOF > /etc/shorewall/start |
||||
|
## correct a bug that prevent DHCP packet to be correctly sent between |
||||
|
## LXC, preventing them to receive an IP. |
||||
|
|
||||
|
. /etc/default/lxc |
||||
|
|
||||
|
if [ -d "/sys/class/net/\$LXC_BRIDGE" -a "\$(cat /sys/class/net/\$LXC_BRIDGE/operstate)" == "up" ]; then |
||||
|
source_file=/etc/init/lxc-net.conf |
||||
|
code=\$(egrep '^\s+iptables.*\s+-j\s+' /etc/init/lxc-net.conf | grep -v '\-D' | sed -r 's/^\s+[^-]+/run_iptables /g') |
||||
|
echo "Adding LXC rules:" |
||||
|
echo "\$code" |
||||
|
eval "\$code" |
||||
|
fi |
||||
|
|
||||
|
EOF |
Write
Preview
Loading…
Cancel
Save
Reference in new issue