You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
#!/bin/bash
set -eux # -x for verbose logging to juju debug-log
apt-get updateapt-get -y install bash-completion wget bzip2 git-core less language-pack-en python-software-properties tmux mosh sudo git
## 0k git remote pathGIT_0K_BASE=${GIT_0K_BASE:-"git.0k.io:/var/git"}
## 0k git remote optionsGIT_0K_CLONE_OPTIONS=${GIT_0K_CLONE_OPTIONS:-""}
#BTRFS_DEVICE=BTRFS_MOUNT_ROOT=${BTRFS_MOUNT_ROOT:-"/mnt/btrfs-root"}if [ -z "$BTRFS_DEVICE" ]; then echo "You must set a BTRFS_DEVICE environement variable prior to executing this hook." exit 1fi
MAIL_NAME=${MAIL_NAME:-localhost}MAIL_DOMAINNAME=${MAIL_DOMAINNAME:-"localdomain"}MAIL_SATTELITE_RELAYHOST=${MAIL_SATTELITE_RELAYHOST:-}
#### etckeeper##
apt-get install etckeeper
sed -i 's/#VCS="git"/VCS="git"/g' /etc/etckeeper/etckeeper.confsed -i 's/VCS="bzr"/#VCS="bzr"/g' /etc/etckeeper/etckeeper.conf
etckeeper init
#### Git utilities##
echo "[alias] co = checkout com = commit st = status ci = commit
[color] branch = auto diff = auto interactive = auto status = auto
" >> /etc/gitconfig
#### kal-scripts##
cat <<EOF >> /etc/apt/sources.list
## vlab's shell librariesdeb http://deb.kalysto.org no-dist kal-alpha kal-beta kal-main
EOFapt-get update
apt-get install -y --force-yes kal-scripts python-pip &&pip install shyaml
#### More shell configurations (prompt, functions)##
mkdir -p /etc/prompt
cat <<EOF > /etc/prompt/prompt.1.rcPROMPT_COMMAND=""parse_git_branch() { ref=\$(git symbolic-ref HEAD 2> /dev/null) || return echo -en ' (\033[0;32m'\${ref#refs/heads/}'\033[0m)'}export PS1="\[\033[0;37m\][\[\033[1;30m\]\u\[\033[0;37m\]@\[\033[1;30m\]\h\[\033[0;37m\]]-[\[\033[1;34m\]\w\[\033[0;37m\]]\\\$(parse_git_branch)\n\[\033[1;37m\]\\$ \[\033[0;37m\]"EOF
cat <<EOF >> /root/.bashrc
## History management
export HISTCONTROL=ignoredupsexport HISTSIZE=50000shopt -s histappendPROMPT_COMMAND='history -a'
## Prompt easy management
prompt() { prompt_name="prompt.\$1.rc"
for i in /etc/prompt ~/.prompt; do [ -f "\$i/\$prompt_name" ] && . "\$i/\$prompt_name" done}
## Git log command
function glog() { git log --graph --pretty=tformat:%C\(yellow\ normal\)%h%Creset\ %C\(blue\ normal\)%an%Creset\ %s\ %Cgreen%d%Creset -n 20 "\$@"}
prompt 1
EOF
#### btrfs install##
apt-get install -y btrfs-tools
echo "the following is dangerous code. Please execute yourself for now."exit 1## Format the device and add entry in fstab
mkfs.btrfs "$BTRFS_DEVICE"
UUID="$(blkid -s UUID $BTRFS_DEVICE -o value)"echo "UUID=$UUID $BTRFS_MOUNT_ROOT btrfs defaults,relatime,compress=lzo,auto 0 0" >> /etc/fstab
## Mount point and mount device
mkdir "$BTRFS_MOUNT_ROOT" -pmount "$BTRFS_MOUNT_ROOT"
## Build subvolume structure
btrfs subvolume create $BTRFS_MOUNT_ROOT/varmkdir $BTRFS_MOUNT_ROOT/var/{lib,cache,backups} -pfor d in $BTRFS_MOUNT_ROOT/var/{lib,cache,backups}; do btrfs subvolume create $d/lxcdone
for d in $BTRFS_MOUNT_ROOT/srv/{,lxc-datastore{,/config,/data}}; do btrfs subvolume create $ddone
## Add binds to /etc/fstab
cat <<EOF >> /etc/fstab
## binds
/mnt/btrfs-root/var/lib/lxc /var/lib/lxc none bind,defaults,auto 0 0/mnt/btrfs-root/var/cache/lxc /var/cache/lxc none bind,defaults,auto 0 0/mnt/btrfs-root/var/backups/lxc /var/backups/lxc none bind,defaults,auto 0 0/mnt/btrfs-root/srv/lxc-datastore /srv/lxc-datastore none bind,defaults,auto 0 0
EOF
mkdir -p /var/backups/lxc /srv/lxc-datastore
#### lxc tools##
apt-get install lxc
mount -a
mkdir -p /opt/apps
#### ssh config##
cp src/etc/ssh/lxc_git_access_id_rsa /etc/ssh/lxc_git_access_id_rsachmod 0600 /etc/ssh/lxc_git_access_id_rsa
cat <<EOF >> ~/.ssh/config
Host git.0k.io User lxc-user IdentityFile /etc/ssh/lxc_git_access_id_rsa UserKnownHostsFile /dev/null StrictHostKeyChecking no Port 10022
EOF
#### Install 0k-manage##
( if ! [ -d "/opt/apps/0k-manage" ]; then cd /opt/apps && git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-manage.git" && cd /opt/apps/0k-manage && git checkout 0k/prod/master fi)
#### Install 0k-charms##
( if ! [ -d "/opt/apps/0k-charms" ]; then cd /opt/apps && git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-charms.git" && cd /opt/apps/0k-charms && git checkout master fi
if ! [ -d "/srv/charm-store" ]; then mkdir -p /srv && ln -sf /opt/apps/0k-charms/precise /srv/charm-store fi
)
#### Install lxc-scripts##
( if ! [ -d "/opt/apps/lxc-scripts" ]; then cd /opt/apps && git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/lxc-scripts.git" && cd /opt/apps/0k-manage && git checkout master && ln -sf /opt/apps/lxc-scripts/bin/lxc-* /usr/local/sbin/ && ln -sf /opt/apps/lxc-scripts/usr/lib/lxc/templates/lxc-0k-ubuntu-cloud /usr/lib/lxc/templates/ fi)
#### Patch some files##
stop lxc-net
( cp src/etc/default/lxc /etc/default/lxc && cp src/etc/init/lxc{,-net}.conf /etc/init)
start lxc-net
#### Install dns waterfall##
apt-get install -y bind9 dnsmasq
echo "Change /etc/default/lxc accordingly (use 172.48.#NB) as prefix"echo "and add HOST_EXTERNAL_DEVICE="exit 1
# edit /etc/dnsmaq.confecho "server=$(. /etc/default/lxc && echo "$LXC_ADDR")interface=lono-negcachelog-querieslog-facility=/var/log/dnsmasq.log" >> /etc/dnsmasq.conf
( cp "src/etc/bind/named.conf.options" "/etc/bind/named.conf.options" && sed -ri "s/%%EXTERNAL_IP%%/$(. /etc/default/lxc && ifip "$HOST_EXTERNAL_DEVICE")/g" "/etc/bind/named.conf.options")## XXXvlab: Maybe we could change this in the service start/stop of the named daemon
mkdir /var/log/named -p &&chown bind:bind /var/log/named
/etc/init.d/bind9 restart/etc/init.d/dnsmasq restart
#### Logrotate for dnsmasq and named##
cat <<EOF > /etc/logrotate.d/dnsmasq
/var/log/dnsmasq.log { missingok copytruncate notifempty compress
postrotate kill -s SIGUSR2 "\$(cat /var/run/dnsmasq/dnsmasq.pid)" endscript}
EOF
cat <<EOF > /etc/logrotate.d/lxc-dnsmasq
/var/log/lxc-dnsmasq.log { missingok copytruncate notifempty compress
postrotate kill -s SIGUSR2 "\$(cat /var/run/lxc/dnsmasq.pid)" endscript}
EOF
cat <<EOF > /etc/logrotate.d/named/var/log/named/*.log { missingok copytruncate notifempty compress}EOF
#### shorewall##
apt-get install -y shorewall
cat <<EOF > /etc/shorewall/zonesfw firewallnet ipv4lan ipv4EOF
cat <<EOF > /etc/shorewall/interfaces#ZONE INTERFACE BROADCAST OPTIONSnet eth0## Uncomment to enable vpn setup#vpn tun0 detectlan lxcbr0 - routebackEOF
cat <<EOF > /etc/shorewall/policy#SOURCE DEST RULE LOG
fw all ACCEPTlan all ACCEPTnet all DROP infoall all DROP infoEOF
cat <<EOF > /etc/shorewall/rulesSSH/ACCEPT net fwPing/ACCEPT net fw
BEGIN SHELL
host_ip="\$(/sbin/ifconfig eth0 2> /dev/null | sed "s/^.*inet ad\+r://g" | grep ^[0-9] | sed "s/ .*$//g")"
for name in \$(lxc-ls-running); do ip=\$(dig +short A "\$name") [ -e "/var/lib/lxc/\$name/shorewall" ] && cat /var/lib/lxc/\$name/shorewall | sed -r "s/%%HOST_INTERNET_IP%%/\$host_ip/g" \ | sed -r "s/%%IP%%/\$ip/g"
done
true
END SHELL
EOF
cat <<EOF > /etc/shorewall/masqeth0 lxcbr0EOF
#### Mail facilities##
( debconf-set-selections <<< "postfix postfix/mailname string ${MAIL_NAME}.${MAIL_DOMAINNAME}" && debconf-set-selections <<< "postfix postfix/main_mailer_type select 'Local only'" &&
apt-get install -y postfix mailutils &&
postconf inet_interfaces=loopback-only &&
[ -z "$MAIL_SATTELITE_RELAYHOST" ] && postconf relayhost="$MAIL_SATTELITE_RELAYHOST" postfix reload)
#### Warnings##
ln -sf /opt/apps/0k-manage/src/etc/cron.hourly/* /etc/cron.hourly/ln -sf /opt/apps/lxc-scripts/etc/cron.hourly/* /etc/cron.hourly/
#### Backup lxc##
( if ! [ -d "/opt/apps/0k-manage" ]; then cd /opt/apps && git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-manage.git" && cd /opt/apps/0k-manage && git checkout 0k/prod/master fi
## these are required by /etc/cron.hourly/lxc-backup
pip install sact.epoch && (cd /usr/local/lib/python2.7/dist-packages/; mv zope zope-bad) && pip install zope.interface --upgrade && pip install zope.component --upgrade && ln -sf /opt/apps/0k-manage/src/bin/* /usr/local/bin/)
|
