From cf345a471ebe760f72de33f32fc8b8b4d558d19d Mon Sep 17 00:00:00 2001
From: Valentin Lab <valentin.lab@kalysto.org>
Date: Wed, 6 Apr 2016 10:39:25 +0800
Subject: [PATCH] new: [host/install] shorewall version is forced to be at
 least 5.0.6 for docker support.

---
 precise/host/hooks/install.d/40-btrfs.sh      |   9 +-
 precise/host/hooks/install.d/60-docker.sh     |   7 +
 precise/host/hooks/install.d/70-0k.sh         | 122 ++++++++++++++++++
 precise/host/hooks/install.d/90-shorewall.sh  |  32 ++++-
 precise/host/hooks/install.d/92-mail.sh       |  30 +++++
 precise/host/hooks/install.d/95-checks.sh     |   5 +
 precise/host/hooks/install.d/96-backup-lxc.sh |  10 ++
 7 files changed, 212 insertions(+), 3 deletions(-)
 create mode 100755 precise/host/hooks/install.d/60-docker.sh
 create mode 100755 precise/host/hooks/install.d/92-mail.sh
 create mode 100755 precise/host/hooks/install.d/95-checks.sh
 create mode 100755 precise/host/hooks/install.d/96-backup-lxc.sh

diff --git a/precise/host/hooks/install.d/40-btrfs.sh b/precise/host/hooks/install.d/40-btrfs.sh
index d8cf903..b740349 100755
--- a/precise/host/hooks/install.d/40-btrfs.sh
+++ b/precise/host/hooks/install.d/40-btrfs.sh
@@ -68,7 +68,7 @@ fi
 
 for d in /home /var{/{lib,cache,backups}/lxc,/lib/docker} \
                /var/backups/snapshot \
-               /srv/{lxc,docker}-datastore{,/config,/data}; do
+               /srv/datastore{,/config,/data}; do
     mkdir -p "$(dirname "$BTRFS_MOUNT_ROOT$d")"   ## creates parent directory of subvolume
     btrfs subvolume create "$BTRFS_MOUNT_ROOT$d"
     mkdir -p "$d"
@@ -91,3 +91,10 @@ done
 mount -a
 
 [ -z "$RESTART_DOCKER" ] || service docker start
+
+## Prevent mlocate from fetching unwanted informations
+
+if [ -e "/etc/updatedb.conf" ]; then
+    ## Without this, especially backup host can have 18Go locate database.
+    sed -ri 's/^\s*#\s*PRUNENAMES=/PRUNENAMES=/g;s%^(\s*PRUNEPATHS=".*)("\s*$)+%\1 /mnt/btrfs-root /var/backup/lxc /var/backup/snapshot\2%g' /etc/updatedb.conf
+fi
diff --git a/precise/host/hooks/install.d/60-docker.sh b/precise/host/hooks/install.d/60-docker.sh
new file mode 100755
index 0000000..89fc97f
--- /dev/null
+++ b/precise/host/hooks/install.d/60-docker.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+
+if ! type -p docker; then
+    echo "Installing docker..."
+    curl -sSL https://get.docker.io | sh
+fi
diff --git a/precise/host/hooks/install.d/70-0k.sh b/precise/host/hooks/install.d/70-0k.sh
index f27ccbd..e0fc73a 100755
--- a/precise/host/hooks/install.d/70-0k.sh
+++ b/precise/host/hooks/install.d/70-0k.sh
@@ -21,8 +21,28 @@ mkdir -p /opt/apps
         cd /opt/apps/0k-manage &&
         git checkout 0k/prod/master
     fi
+
+    pip install sact.epoch || exit 1
+    if [ "$(python -c 'import sact.epoch' 2>&1 | tail -n 1)" == "ImportError: No module named interface" ]; then
+        echo "Error: conflicting installation of zope.interface detected. Trying workaround."
+        (
+            cd /usr/local/lib/python2.7/dist-packages
+            mv zope zope-bad
+        ) &&
+        pip install zope.interface --upgrade &&
+        pip install zope.component --upgrade
+        if [ "$(python -c 'import sact.epoch' 2>&1 | tail -n 1)" == "" ]; then
+            echo "Workaround worked."
+        else
+            echo "Failed work around."
+            exit 1
+        fi
+    fi
+    # ln -sf /opt/apps/0k-manage/src/bin/* /usr/local/bin/
+
 )
 
+
 ##
 ## Install 0k-charms
 ##
@@ -67,3 +87,105 @@ mkdir -p /opt/apps
         }
     fi
 )
+
+##
+## Install 0k.io certificate authority
+##
+
+## Note that docker should be installed after (or be restarted).
+
+type -p curl >/dev/null 2>&1 || apt-get install -y curl </dev/null
+
+if ! [ -r /etc/ssl/ca.0k.io.pem ]; then
+    echo "Fetching 0k.io CA certificate..."
+    curl http://docker.0k.io/get/ca.0k.io.pem > /etc/ssl/ca.0k.io.pem
+    cat /etc/ssl/ca.0k.io.pem >> /etc/ssl/certs/ca-certificates.crt
+fi
+
+service docker restart
+
+echo "Login into our server."
+docker login -u vm -p iamavm -e vm@0k.io https://docker.0k.io
+
+
+sed -ri 's/^#(net\.ipv4\.ip_forward=1)$/\1/g' /etc/sysctl.conf
+sysctl -w net.ipv4.ip_forward=1
+
+
+##
+## docker-compose
+##
+
+if type -p docker-compose >/dev/null; then
+    #echo "Found docker-compose..." >&2
+    if ! docker-compose --version >/dev/null 2>&1; then
+        echo "'docker-compose' failed ! Please check your docker-compose binary."
+        echo "Failed install."
+        docker-compose --version
+        exit 1
+    fi
+    VALID_VERSION_TEXT="docker-compose version 1.6.0dev, build unknown"
+    if [ "$(docker-compose --version)" != "$VALID_VERSION_TEXT" ]; then
+        echo "Invalid version of docker-compose: we need exactly:"
+        echo "version text: $VALID_VERSION_TEXT"
+        echo "Failed install."
+        exit 1
+    fi
+else
+    if ! [ -d /opt/apps/docker-compose ]; then
+        (
+            mkdir -p /opt/apps
+            cd /opt/apps
+            git clone https://github.com/docker/compose.git docker-compose &&
+                cd docker-compose &&
+                git checkout ea8cc1c3dc47c9ed3bff56c5a8d99175b57af650 ## version pinning
+        )
+    fi
+
+    mkdir -p /opt/venv
+    if ! type -p virtualenv >/dev/null; then
+        pip install virtualenv==13.1.2
+    fi
+    if ! [ -d /opt/venv/docker-compose ]; then
+        virtualenv /opt/venv/docker-compose/
+    fi
+
+    . /opt/venv/docker-compose/bin/activate
+
+    ( cd /opt/apps/docker-compose &&
+            python setup.py install )
+    if ! pip freeze | grep "^requests==2.6.1\$" >/dev/null 2>&1; then
+        pip install requests==2.6.1 --upgrade
+    fi
+    deactivate
+
+    if ! grep "^. /opt/venv/docker-compose/bin/activate$" /etc/compose.local.conf >/dev/null 2>&1; then
+        cat <<EOF >> /etc/compose.local.conf
+. /opt/venv/docker-compose/bin/activate
+EOF
+    fi
+fi
+
+if ! [ -d "/opt/apps/0k-compose" ]; then
+    mkdir -p /opt/apps && cd /opt/apps
+    git clone "$GIT_0K_BASE"/0k/0k-compose.git
+fi
+[ -e /usr/local/bin/compose ] || ln -sfv /opt/apps/0k-compose/bin/compose /usr/local/bin/
+
+
+cat <<EOF > /etc/compose.conf
+
+## if not provided, this will be the default service launched.
+export DEFAULT_SERVICES=""
+
+export DEFAULT_PROJECT_NAME=$(hostname | cut -f 2 -d . )
+
+export DOCKERSTORE=/srv/datastore
+export DATASTORE=$DOCKERSTORE/data
+export CONFIGSTORE=$DOCKERSTORE/config
+
+EOF
+
+mkdir -p /etc/compose
+
+echo "DEFAULT_COMPOSE_FILE=/etc/compose/compose.yml" >> /etc/compose.local.conf
diff --git a/precise/host/hooks/install.d/90-shorewall.sh b/precise/host/hooks/install.d/90-shorewall.sh
index dbcdc81..23967c9 100755
--- a/precise/host/hooks/install.d/90-shorewall.sh
+++ b/precise/host/hooks/install.d/90-shorewall.sh
@@ -1,10 +1,35 @@
 #!/bin/bash
 
+
 ##
-## shorewall
+## Install
 ##
 
-apt-get install -y shorewall
+version_gt() { test "$(echo "$@" | tr " " "\n" | sort -V | head -n 1)" != "$1"; }
+
+shorewall_candidate_version=$(echo $(apt-cache policy shorewall | grep "Candidate:" | cut -f 2 -d :))
+
+## Support for docker introduced in 5.0.6
+if version_gt "$shorewall_candidate_version" 5.0.5; then
+    apt-get install -y shorewall
+else
+    (
+        VERSION="5.0.7.2-1"
+        cd /tmp &&
+        wget http://ftp.fr.debian.org/debian/pool/main/s/shorewall-core/shorewall-core_${VERSION}_all.deb &&
+        wget http://ftp.fr.debian.org/debian/pool/main/s/shorewall/shorewall_${VERSION}_all.deb &&
+        dpkg -i shorewall-core_${VERSION}_all.deb shorewall_${VERSION}_all.deb &&
+        rm shorewall-core_${VERSION}_all.deb shorewall_${VERSION}_all.deb
+    ) || {
+        echo "Failed to install shorewall."
+        exit 1
+    }
+fi
+
+
+##
+## Configuration
+##
 
 cat <<EOF > /etc/shorewall/zones
 fw                firewall
@@ -71,3 +96,6 @@ if [ -d "/sys/class/net/\$LXC_BRIDGE" -a "\$(cat /sys/class/net/\$LXC_BRIDGE/ope
 fi
 
 EOF
+
+## Activate support for docker
+sed -ri 's/^DOCKER=No$/DOCKER=Yes/g' /etc/shorewall/shorewall.conf
diff --git a/precise/host/hooks/install.d/92-mail.sh b/precise/host/hooks/install.d/92-mail.sh
new file mode 100755
index 0000000..1d0043d
--- /dev/null
+++ b/precise/host/hooks/install.d/92-mail.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -eux # -x for verbose logging to juju debug-log
+
+
+MAIL_NAME=${MAIL_NAME:-localhost}
+MAIL_DOMAINNAME=${MAIL_DOMAINNAME:-"localdomain"}
+MAIL_SATTELITE_RELAYHOST=${MAIL_SATTELITE_RELAYHOST:-}
+
+##
+## Mail facilities (install working 'mail' command)
+##
+
+(
+    debconf-set-selections <<< "postfix postfix/mailname string ${MAIL_NAME}.${MAIL_DOMAINNAME}" &&
+    debconf-set-selections <<< "postfix postfix/main_mailer_type select 'Local only'" &&
+
+    apt-get install -y postfix mailutils &&
+
+    postconf inet_interfaces=loopback-only &&
+
+    [ -z "$MAIL_SATTELITE_RELAYHOST" ] && postconf relayhost="$MAIL_SATTELITE_RELAYHOST"
+    postfix reload
+)
+
+
+##
+## Test:
+##
+# echo "test"  |  mail vaab@kal.fr
diff --git a/precise/host/hooks/install.d/95-checks.sh b/precise/host/hooks/install.d/95-checks.sh
new file mode 100755
index 0000000..e1918e6
--- /dev/null
+++ b/precise/host/hooks/install.d/95-checks.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+## REQUIRES: 0k-manage mail
+
+ln -sf /opt/apps/0k-manage/src/etc/cron.hourly/check-* /etc/cron.hourly/
diff --git a/precise/host/hooks/install.d/96-backup-lxc.sh b/precise/host/hooks/install.d/96-backup-lxc.sh
new file mode 100755
index 0000000..ebf4908
--- /dev/null
+++ b/precise/host/hooks/install.d/96-backup-lxc.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+## REQUIRES lxc-scripts, lxc
+
+##
+## Backup lxc
+##
+
+ln -sf /opt/apps/lxc-scripts/etc/cron.hourly/* /etc/cron.hourly/
+ln -sf /opt/apps/lxc-scripts/etc/cron.daily/* /etc/cron.daily/