Browse Source

new: [host/install] shorewall version is forced to be at least 5.0.6 for docker support.

postgres
Valentin Lab 8 years ago
parent
commit
cf345a471e
  1. 9
      precise/host/hooks/install.d/40-btrfs.sh
  2. 7
      precise/host/hooks/install.d/60-docker.sh
  3. 122
      precise/host/hooks/install.d/70-0k.sh
  4. 32
      precise/host/hooks/install.d/90-shorewall.sh
  5. 30
      precise/host/hooks/install.d/92-mail.sh
  6. 5
      precise/host/hooks/install.d/95-checks.sh
  7. 10
      precise/host/hooks/install.d/96-backup-lxc.sh

9
precise/host/hooks/install.d/40-btrfs.sh

@ -68,7 +68,7 @@ fi
for d in /home /var{/{lib,cache,backups}/lxc,/lib/docker} \
/var/backups/snapshot \
/srv/{lxc,docker}-datastore{,/config,/data}; do
/srv/datastore{,/config,/data}; do
mkdir -p "$(dirname "$BTRFS_MOUNT_ROOT$d")" ## creates parent directory of subvolume
btrfs subvolume create "$BTRFS_MOUNT_ROOT$d"
mkdir -p "$d"
@ -91,3 +91,10 @@ done
mount -a
[ -z "$RESTART_DOCKER" ] || service docker start
## Prevent mlocate from fetching unwanted informations
if [ -e "/etc/updatedb.conf" ]; then
## Without this, especially backup host can have 18Go locate database.
sed -ri 's/^\s*#\s*PRUNENAMES=/PRUNENAMES=/g;s%^(\s*PRUNEPATHS=".*)("\s*$)+%\1 /mnt/btrfs-root /var/backup/lxc /var/backup/snapshot\2%g' /etc/updatedb.conf
fi

7
precise/host/hooks/install.d/60-docker.sh

@ -0,0 +1,7 @@
#!/bin/bash
if ! type -p docker; then
echo "Installing docker..."
curl -sSL https://get.docker.io | sh
fi

122
precise/host/hooks/install.d/70-0k.sh

@ -21,8 +21,28 @@ mkdir -p /opt/apps
cd /opt/apps/0k-manage &&
git checkout 0k/prod/master
fi
pip install sact.epoch || exit 1
if [ "$(python -c 'import sact.epoch' 2>&1 | tail -n 1)" == "ImportError: No module named interface" ]; then
echo "Error: conflicting installation of zope.interface detected. Trying workaround."
(
cd /usr/local/lib/python2.7/dist-packages
mv zope zope-bad
) &&
pip install zope.interface --upgrade &&
pip install zope.component --upgrade
if [ "$(python -c 'import sact.epoch' 2>&1 | tail -n 1)" == "" ]; then
echo "Workaround worked."
else
echo "Failed work around."
exit 1
fi
fi
# ln -sf /opt/apps/0k-manage/src/bin/* /usr/local/bin/
)
##
## Install 0k-charms
##
@ -67,3 +87,105 @@ mkdir -p /opt/apps
}
fi
)
##
## Install 0k.io certificate authority
##
## Note that docker should be installed after (or be restarted).
type -p curl >/dev/null 2>&1 || apt-get install -y curl </dev/null
if ! [ -r /etc/ssl/ca.0k.io.pem ]; then
echo "Fetching 0k.io CA certificate..."
curl http://docker.0k.io/get/ca.0k.io.pem > /etc/ssl/ca.0k.io.pem
cat /etc/ssl/ca.0k.io.pem >> /etc/ssl/certs/ca-certificates.crt
fi
service docker restart
echo "Login into our server."
docker login -u vm -p iamavm -e vm@0k.io https://docker.0k.io
sed -ri 's/^#(net\.ipv4\.ip_forward=1)$/\1/g' /etc/sysctl.conf
sysctl -w net.ipv4.ip_forward=1
##
## docker-compose
##
if type -p docker-compose >/dev/null; then
#echo "Found docker-compose..." >&2
if ! docker-compose --version >/dev/null 2>&1; then
echo "'docker-compose' failed ! Please check your docker-compose binary."
echo "Failed install."
docker-compose --version
exit 1
fi
VALID_VERSION_TEXT="docker-compose version 1.6.0dev, build unknown"
if [ "$(docker-compose --version)" != "$VALID_VERSION_TEXT" ]; then
echo "Invalid version of docker-compose: we need exactly:"
echo "version text: $VALID_VERSION_TEXT"
echo "Failed install."
exit 1
fi
else
if ! [ -d /opt/apps/docker-compose ]; then
(
mkdir -p /opt/apps
cd /opt/apps
git clone https://github.com/docker/compose.git docker-compose &&
cd docker-compose &&
git checkout ea8cc1c3dc47c9ed3bff56c5a8d99175b57af650 ## version pinning
)
fi
mkdir -p /opt/venv
if ! type -p virtualenv >/dev/null; then
pip install virtualenv==13.1.2
fi
if ! [ -d /opt/venv/docker-compose ]; then
virtualenv /opt/venv/docker-compose/
fi
. /opt/venv/docker-compose/bin/activate
( cd /opt/apps/docker-compose &&
python setup.py install )
if ! pip freeze | grep "^requests==2.6.1\$" >/dev/null 2>&1; then
pip install requests==2.6.1 --upgrade
fi
deactivate
if ! grep "^. /opt/venv/docker-compose/bin/activate$" /etc/compose.local.conf >/dev/null 2>&1; then
cat <<EOF >> /etc/compose.local.conf
. /opt/venv/docker-compose/bin/activate
EOF
fi
fi
if ! [ -d "/opt/apps/0k-compose" ]; then
mkdir -p /opt/apps && cd /opt/apps
git clone "$GIT_0K_BASE"/0k/0k-compose.git
fi
[ -e /usr/local/bin/compose ] || ln -sfv /opt/apps/0k-compose/bin/compose /usr/local/bin/
cat <<EOF > /etc/compose.conf
## if not provided, this will be the default service launched.
export DEFAULT_SERVICES=""
export DEFAULT_PROJECT_NAME=$(hostname | cut -f 2 -d . )
export DOCKERSTORE=/srv/datastore
export DATASTORE=$DOCKERSTORE/data
export CONFIGSTORE=$DOCKERSTORE/config
EOF
mkdir -p /etc/compose
echo "DEFAULT_COMPOSE_FILE=/etc/compose/compose.yml" >> /etc/compose.local.conf

32
precise/host/hooks/install.d/90-shorewall.sh

@ -1,10 +1,35 @@
#!/bin/bash
##
## shorewall
## Install
##
apt-get install -y shorewall
version_gt() { test "$(echo "$@" | tr " " "\n" | sort -V | head -n 1)" != "$1"; }
shorewall_candidate_version=$(echo $(apt-cache policy shorewall | grep "Candidate:" | cut -f 2 -d :))
## Support for docker introduced in 5.0.6
if version_gt "$shorewall_candidate_version" 5.0.5; then
apt-get install -y shorewall
else
(
VERSION="5.0.7.2-1"
cd /tmp &&
wget http://ftp.fr.debian.org/debian/pool/main/s/shorewall-core/shorewall-core_${VERSION}_all.deb &&
wget http://ftp.fr.debian.org/debian/pool/main/s/shorewall/shorewall_${VERSION}_all.deb &&
dpkg -i shorewall-core_${VERSION}_all.deb shorewall_${VERSION}_all.deb &&
rm shorewall-core_${VERSION}_all.deb shorewall_${VERSION}_all.deb
) || {
echo "Failed to install shorewall."
exit 1
}
fi
##
## Configuration
##
cat <<EOF > /etc/shorewall/zones
fw firewall
@ -71,3 +96,6 @@ if [ -d "/sys/class/net/\$LXC_BRIDGE" -a "\$(cat /sys/class/net/\$LXC_BRIDGE/ope
fi
EOF
## Activate support for docker
sed -ri 's/^DOCKER=No$/DOCKER=Yes/g' /etc/shorewall/shorewall.conf

30
precise/host/hooks/install.d/92-mail.sh

@ -0,0 +1,30 @@
#!/bin/bash
set -eux # -x for verbose logging to juju debug-log
MAIL_NAME=${MAIL_NAME:-localhost}
MAIL_DOMAINNAME=${MAIL_DOMAINNAME:-"localdomain"}
MAIL_SATTELITE_RELAYHOST=${MAIL_SATTELITE_RELAYHOST:-}
##
## Mail facilities (install working 'mail' command)
##
(
debconf-set-selections <<< "postfix postfix/mailname string ${MAIL_NAME}.${MAIL_DOMAINNAME}" &&
debconf-set-selections <<< "postfix postfix/main_mailer_type select 'Local only'" &&
apt-get install -y postfix mailutils &&
postconf inet_interfaces=loopback-only &&
[ -z "$MAIL_SATTELITE_RELAYHOST" ] && postconf relayhost="$MAIL_SATTELITE_RELAYHOST"
postfix reload
)
##
## Test:
##
# echo "test" | mail vaab@kal.fr

5
precise/host/hooks/install.d/95-checks.sh

@ -0,0 +1,5 @@
#!/bin/bash
## REQUIRES: 0k-manage mail
ln -sf /opt/apps/0k-manage/src/etc/cron.hourly/check-* /etc/cron.hourly/

10
precise/host/hooks/install.d/96-backup-lxc.sh

@ -0,0 +1,10 @@
#!/bin/bash
## REQUIRES lxc-scripts, lxc
##
## Backup lxc
##
ln -sf /opt/apps/lxc-scripts/etc/cron.hourly/* /etc/cron.hourly/
ln -sf /opt/apps/lxc-scripts/etc/cron.daily/* /etc/cron.daily/
Loading…
Cancel
Save