0k
/
0k-charms
6
3
Fork 2
Code Issues 11 Pull Requests 5 Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
50 Commits
27 Branches
14 Tags
41 MiB
 
 
Tree: 70d303ccf5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '70d303ccf5'
${ noResults }
0k-charms/precise/host/hooks/install

440 lines
8.6 KiB
Raw Blame History

#!/bin/bash
set -eux # -x for verbose logging to juju debug-log
apt-get update
apt-get -y install bash-completion wget bzip2 git-core less language-pack-en python-software-properties tmux mosh sudo git
## 0k git remote path
GIT_0K_BASE=${GIT_0K_BASE:-"git.0k.io:/var/git"}
## 0k git remote options
GIT_0K_CLONE_OPTIONS=${GIT_0K_CLONE_OPTIONS:-""}
#BTRFS_DEVICE=
BTRFS_MOUNT_ROOT=${BTRFS_MOUNT_ROOT:-"/mnt/btrfs-root"}
if [ -z "$BTRFS_DEVICE" ]; then
echo "You must set a BTRFS_DEVICE environement variable prior to executing this hook."
exit 1
fi
MAIL_NAME=${MAIL_NAME:-localhost}
MAIL_DOMAINNAME=${MAIL_DOMAINNAME:-"localdomain"}
MAIL_SATTELITE_RELAYHOST=${MAIL_SATTELITE_RELAYHOST:-}
##
## etckeeper
##
apt-get install etckeeper
sed -i 's/#VCS="git"/VCS="git"/g' /etc/etckeeper/etckeeper.conf
sed -i 's/VCS="bzr"/#VCS="bzr"/g' /etc/etckeeper/etckeeper.conf
etckeeper init
##
## Git utilities
##
echo "[alias]
co = checkout
com = commit
st = status
ci = commit
[color]
branch = auto
diff = auto
interactive = auto
status = auto
" >> /etc/gitconfig
##
## kal-scripts
##
cat <<EOF >> /etc/apt/sources.list
## vlab's shell libraries
deb http://deb.kalysto.org no-dist kal-alpha kal-beta kal-main
EOF
apt-get update
apt-get install -y --force-yes kal-scripts python-pip &&
pip install shyaml
##
## More shell configurations (prompt, functions)
##
mkdir -p /etc/prompt
cat <<EOF > /etc/prompt/prompt.1.rc
PROMPT_COMMAND=""
parse_git_branch() {
ref=\$(git symbolic-ref HEAD 2> /dev/null) || return
echo -en ' (\033[0;32m'\${ref#refs/heads/}'\033[0m)'
}
export PS1="\[\033[0;37m\][\[\033[1;30m\]\u\[\033[0;37m\]@\[\033[1;30m\]\h\[\033[0;37m\]]-[\[\033[1;34m\]\w\[\033[0;37m\]]\\\$(parse_git_branch)\n\[\033[1;37m\]\\$ \[\033[0;37m\]"
EOF
cat <<EOF >> /root/.bashrc
## History management
export HISTCONTROL=ignoredups
export HISTSIZE=50000
shopt -s histappend
PROMPT_COMMAND='history -a'
## Prompt easy management
prompt() {
prompt_name="prompt.\$1.rc"
for i in /etc/prompt ~/.prompt; do
[ -f "\$i/\$prompt_name" ] &&
. "\$i/\$prompt_name"
done
}
## Git log command
function glog() {
git log --graph --pretty=tformat:%C\(yellow\ normal\)%h%Creset\ %C\(blue\ normal\)%an%Creset\ %s\ %Cgreen%d%Creset -n 20 "\$@"
}
prompt 1
EOF
##
## btrfs install
##
apt-get install -y btrfs-tools
echo "the following is dangerous code. Please execute yourself for now."
exit 1
## Format the device and add entry in fstab
mkfs.btrfs "$BTRFS_DEVICE"
UUID="$(blkid -s UUID $BTRFS_DEVICE -o value)"
echo "UUID=$UUID $BTRFS_MOUNT_ROOT btrfs defaults,relatime,compress=lzo,auto 0 0" >> /etc/fstab
## Mount point and mount device
mkdir "$BTRFS_MOUNT_ROOT" -p
mount "$BTRFS_MOUNT_ROOT"
## Build subvolume structure
btrfs subvolume create $BTRFS_MOUNT_ROOT/var
mkdir $BTRFS_MOUNT_ROOT/var/{lib,cache,backups} -p
for d in $BTRFS_MOUNT_ROOT/var/{lib,cache,backups}; do
btrfs subvolume create $d/lxc
done
for d in $BTRFS_MOUNT_ROOT/srv/{,lxc-datastore{,/config,/data}}; do
btrfs subvolume create $d
done
## Add binds to /etc/fstab
cat <<EOF >> /etc/fstab
## binds
/mnt/btrfs-root/var/lib/lxc /var/lib/lxc none bind,defaults,auto 0 0
/mnt/btrfs-root/var/cache/lxc /var/cache/lxc none bind,defaults,auto 0 0
/mnt/btrfs-root/var/backups/lxc /var/backups/lxc none bind,defaults,auto 0 0
/mnt/btrfs-root/srv/lxc-datastore /srv/lxc-datastore none bind,defaults,auto 0 0
EOF
mkdir -p /var/backups/lxc /srv/lxc-datastore
##
## lxc tools
##
apt-get install lxc
mount -a all
mkdir -p /opt/apps
##
## ssh config
##
cp src/etc/ssh/lxc_git_access_id_rsa /etc/ssh/lxc_git_access_id_rsa
chmod 0600 /etc/ssh/lxc_git_access_id_rsa
cat <<EOF >> ~/.ssh/config
Host git.0k.io
User lxc-user
IdentityFile /etc/ssh/lxc_git_access_id_rsa
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
Port 10022
EOF
##
## Install 0k-manage
##
(
if ! [ -d "/opt/apps/0k-manage" ]; then
cd /opt/apps &&
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-manage.git" &&
cd /opt/apps/0k-manage &&
git checkout 0k/prod/master
fi
)
##
## Install 0k-charms
##
(
if ! [ -d "/opt/apps/0k-charms" ]; then
cd /opt/apps &&
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-charms.git" &&
cd /opt/apps/0k-charms &&
git checkout master
fi
if ! [ -d "/srv/charm-store" ]; then
mkdir -p /srv &&
ln -sf /opt/apps/0k-charms/precise /srv/charm-store
fi
)
##
## Install lxc-scripts
##
(
if ! [ -d "/opt/apps/lxc-scripts" ]; then
cd /opt/apps &&
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/lxc-scripts.git" &&
cd /opt/apps/0k-manage &&
git checkout master &&
ln -sf /opt/apps/lxc-scripts/bin/lxc-* /usr/local/sbin/ &&
ln -sf /opt/apps/lxc-scripts/usr/lib/lxc/templates/lxc-0k-ubuntu-cloud /usr/lib/lxc/templates/
fi
)
##
## Patch some files
##
stop lxc-net
(
cp src/etc/default/lxc /etc/default/lxc &&
cp src/etc/init/lxc{,-net}.conf /etc/init
)
start lxc-net
##
## Install dns waterfall
##
apt-get install -y bind9 dnsmasq
echo "Change /etc/default/lxc accordingly (use 172.48.#NB) as prefix"
echo "and add HOST_EXTERNAL_DEVICE="
exit 1
# edit /etc/dnsmaq.conf
echo "
server=$(. /etc/default/lxc && echo "$LXC_ADDR")
interface=lo
no-negcache
log-queries
log-facility=/var/log/dnsmasq.log
" >> /etc/dnsmasq.conf
(
cp "src/etc/bind/named.conf.options" "/etc/bind/named.conf.options" &&
sed -ri "s/%%EXTERNAL_IP%%/$(. /etc/default/lxc && ifip "$HOST_EXTERNAL_DEVICE")/g" "/etc/bind/named.conf.options"
)
## XXXvlab: Maybe we could change this in the service start/stop of the named daemon
mkdir /var/log/named -p &&
chown bind:bind /var/log/named
/etc/init.d/bind9 restart
/etc/init.d/dnsmasq restart
##
## Logrotate for dnsmasq and named
##
cat <<EOF > /etc/logrotate.d/dnsmasq
/var/log/dnsmasq.log {
missingok
copytruncate
notifempty
compress
postrotate
kill -s SIGUSR2 "\$(cat /var/run/dnsmasq/dnsmasq.pid)"
endscript
}
EOF
cat <<EOF > /etc/logrotate.d/lxc-dnsmasq
/var/log/lxc-dnsmasq.log {
missingok
copytruncate
notifempty
compress
postrotate
kill -s SIGUSR2 "\$(cat /var/run/lxc/dnsmasq.pid)"
endscript
}
EOF
cat <<EOF > /etc/logrotate.d/named
/var/log/named/*.log {
missingok
copytruncate
notifempty
compress
}
EOF
##
## shorewall
##
apt-get install -y shorewall
cat <<EOF > /etc/shorewall/zones
fw firewall
net ipv4
lan ipv4
EOF
cat <<EOF > /etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
net eth0
## Uncomment to enable vpn setup
#vpn tun0 detect
lan lxcbr0 - routeback
EOF
cat <<EOF > /etc/shorewall/policy
#SOURCE DEST RULE LOG
fw all ACCEPT
lan all ACCEPT
net all DROP info
all all DROP info
EOF
cat <<EOF > /etc/shorewall/rules
SSH/ACCEPT net fw
Ping/ACCEPT net fw
BEGIN SHELL
host_ip="\$(/sbin/ifconfig eth0 2> /dev/null | sed "s/^.*inet ad\+r://g" | grep ^[0-9] | sed "s/ .*$//g")"
for name in \$(lxc-ls-running); do
ip=\$(dig +short A "\$name")
[ -e "/var/lib/lxc/\$name/shorewall" ] &&
cat /var/lib/lxc/\$name/shorewall | sed -r "s/%%HOST_INTERNET_IP%%/\$host_ip/g" \
| sed -r "s/%%IP%%/\$ip/g"
done
true
END SHELL
EOF
cat <<EOF > /etc/shorewall/masq
eth0 lxcbr0
EOF
##
## Mail facilities
##
(
debconf-set-selections <<< "postfix postfix/mailname string ${MAIL_NAME}.${MAIL_DOMAINNAME}" &&
debconf-set-selections <<< "postfix postfix/main_mailer_type select 'Local only'" &&
apt-get install -y postfix mailutils &&
postconf inet_interfaces=loopback-only &&
[ -z "$MAIL_SATTELITE_RELAYHOST" ] && postconf relayhost="$MAIL_SATTELITE_RELAYHOST"
postfix reload
)
##
## Warnings
##
ln -sf /opt/apps/0k-manage/src/etc/cron.hourly/* /etc/cron.hourly/
ln -sf /opt/apps/lxc-scripts/etc/cron.hourly/* /etc/cron.hourly/
##
## Backup lxc
##
(
if ! [ -d "/opt/apps/0k-manage" ]; then
cd /opt/apps &&
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-manage.git" &&
cd /opt/apps/0k-manage &&
git checkout 0k/prod/master
fi
## these are required by /etc/cron.hourly/lxc-backup
pip install sact.epoch &&
(cd /usr/local/lib/python2.7/dist-packages/;
mv zope zope-bad) &&
pip install zope.interface --upgrade &&
pip install zope.component --upgrade &&
ln -sf /opt/apps/0k-manage/src/bin/* /usr/local/bin/
)