forked from 0k/0k-charms
Valentin Lab
9 years ago
14 changed files with 561 additions and 440 deletions
-
440precise/host/hooks/install
-
9precise/host/hooks/install.d/00-base.sh
-
7precise/host/hooks/install.d/05-shyaml.sh
-
51precise/host/hooks/install.d/10-gitconfig.sh
-
17precise/host/hooks/install.d/15-etckeeper.sh
-
23precise/host/hooks/install.d/20-kal-scripts.sh
-
52precise/host/hooks/install.d/30-customize.sh
-
28precise/host/hooks/install.d/35-git-access.sh
-
20precise/host/hooks/install.d/36-gitsub.sh
-
93precise/host/hooks/install.d/40-btrfs.sh
-
8precise/host/hooks/install.d/50-lxc.sh
-
69precise/host/hooks/install.d/70-0k.sh
-
111precise/host/hooks/install.d/80-dns-waterfall.sh
-
73precise/host/hooks/install.d/90-shorewall.sh
@ -1,440 +0,0 @@ |
|||
#!/bin/bash |
|||
|
|||
set -eux # -x for verbose logging to juju debug-log |
|||
|
|||
apt-get update |
|||
apt-get -y install bash-completion wget bzip2 git-core less language-pack-en python-software-properties tmux mosh sudo git |
|||
|
|||
## 0k git remote path |
|||
GIT_0K_BASE=${GIT_0K_BASE:-"git.0k.io:/var/git"} |
|||
|
|||
## 0k git remote options |
|||
GIT_0K_CLONE_OPTIONS=${GIT_0K_CLONE_OPTIONS:-""} |
|||
|
|||
|
|||
#BTRFS_DEVICE= |
|||
BTRFS_MOUNT_ROOT=${BTRFS_MOUNT_ROOT:-"/mnt/btrfs-root"} |
|||
if [ -z "$BTRFS_DEVICE" ]; then |
|||
echo "You must set a BTRFS_DEVICE environement variable prior to executing this hook." |
|||
exit 1 |
|||
fi |
|||
|
|||
MAIL_NAME=${MAIL_NAME:-localhost} |
|||
MAIL_DOMAINNAME=${MAIL_DOMAINNAME:-"localdomain"} |
|||
MAIL_SATTELITE_RELAYHOST=${MAIL_SATTELITE_RELAYHOST:-} |
|||
|
|||
|
|||
## |
|||
## etckeeper |
|||
## |
|||
|
|||
apt-get install etckeeper |
|||
|
|||
sed -i 's/#VCS="git"/VCS="git"/g' /etc/etckeeper/etckeeper.conf |
|||
sed -i 's/VCS="bzr"/#VCS="bzr"/g' /etc/etckeeper/etckeeper.conf |
|||
|
|||
etckeeper init |
|||
|
|||
|
|||
## |
|||
## Git utilities |
|||
## |
|||
|
|||
echo "[alias] |
|||
co = checkout |
|||
com = commit |
|||
st = status |
|||
ci = commit |
|||
|
|||
[color] |
|||
branch = auto |
|||
diff = auto |
|||
interactive = auto |
|||
status = auto |
|||
|
|||
" >> /etc/gitconfig |
|||
|
|||
|
|||
|
|||
## |
|||
## kal-scripts |
|||
## |
|||
|
|||
cat <<EOF >> /etc/apt/sources.list |
|||
|
|||
## vlab's shell libraries |
|||
deb http://deb.kalysto.org no-dist kal-alpha kal-beta kal-main |
|||
|
|||
EOF |
|||
apt-get update |
|||
|
|||
apt-get install -y --force-yes kal-scripts python-pip && |
|||
pip install shyaml |
|||
|
|||
## |
|||
## More shell configurations (prompt, functions) |
|||
## |
|||
|
|||
mkdir -p /etc/prompt |
|||
|
|||
cat <<EOF > /etc/prompt/prompt.1.rc |
|||
PROMPT_COMMAND="" |
|||
parse_git_branch() { |
|||
ref=\$(git symbolic-ref HEAD 2> /dev/null) || return |
|||
echo -en ' (\033[0;32m'\${ref#refs/heads/}'\033[0m)' |
|||
} |
|||
export PS1="\[\033[0;37m\][\[\033[1;30m\]\u\[\033[0;37m\]@\[\033[1;30m\]\h\[\033[0;37m\]]-[\[\033[1;34m\]\w\[\033[0;37m\]]\\\$(parse_git_branch)\n\[\033[1;37m\]\\$ \[\033[0;37m\]" |
|||
EOF |
|||
|
|||
cat <<EOF >> /root/.bashrc |
|||
|
|||
## History management |
|||
|
|||
export HISTCONTROL=ignoredups |
|||
export HISTSIZE=50000 |
|||
shopt -s histappend |
|||
PROMPT_COMMAND='history -a' |
|||
|
|||
|
|||
## Prompt easy management |
|||
|
|||
prompt() { |
|||
prompt_name="prompt.\$1.rc" |
|||
|
|||
for i in /etc/prompt ~/.prompt; do |
|||
[ -f "\$i/\$prompt_name" ] && |
|||
. "\$i/\$prompt_name" |
|||
done |
|||
} |
|||
|
|||
|
|||
## Git log command |
|||
|
|||
function glog() { |
|||
git log --graph --pretty=tformat:%C\(yellow\ normal\)%h%Creset\ %C\(blue\ normal\)%an%Creset\ %s\ %Cgreen%d%Creset -n 20 "\$@" |
|||
} |
|||
|
|||
|
|||
prompt 1 |
|||
|
|||
EOF |
|||
|
|||
## |
|||
## btrfs install |
|||
## |
|||
|
|||
apt-get install -y btrfs-tools |
|||
|
|||
echo "the following is dangerous code. Please execute yourself for now." |
|||
exit 1 |
|||
## Format the device and add entry in fstab |
|||
|
|||
mkfs.btrfs "$BTRFS_DEVICE" |
|||
|
|||
UUID="$(blkid -s UUID $BTRFS_DEVICE -o value)" |
|||
echo "UUID=$UUID $BTRFS_MOUNT_ROOT btrfs defaults,relatime,compress=lzo,auto 0 0" >> /etc/fstab |
|||
|
|||
## Mount point and mount device |
|||
|
|||
mkdir "$BTRFS_MOUNT_ROOT" -p |
|||
mount "$BTRFS_MOUNT_ROOT" |
|||
|
|||
## Build subvolume structure |
|||
|
|||
btrfs subvolume create $BTRFS_MOUNT_ROOT/var |
|||
mkdir $BTRFS_MOUNT_ROOT/var/{lib,cache,backups} -p |
|||
for d in $BTRFS_MOUNT_ROOT/var/{lib,cache,backups}; do |
|||
btrfs subvolume create $d/lxc |
|||
done |
|||
|
|||
for d in $BTRFS_MOUNT_ROOT/srv/{,lxc-datastore{,/config,/data}}; do |
|||
btrfs subvolume create $d |
|||
done |
|||
|
|||
## Add binds to /etc/fstab |
|||
|
|||
cat <<EOF >> /etc/fstab |
|||
|
|||
## binds |
|||
|
|||
/mnt/btrfs-root/var/lib/lxc /var/lib/lxc none bind,defaults,auto 0 0 |
|||
/mnt/btrfs-root/var/cache/lxc /var/cache/lxc none bind,defaults,auto 0 0 |
|||
/mnt/btrfs-root/var/backups/lxc /var/backups/lxc none bind,defaults,auto 0 0 |
|||
/mnt/btrfs-root/srv/lxc-datastore /srv/lxc-datastore none bind,defaults,auto 0 0 |
|||
|
|||
|
|||
EOF |
|||
|
|||
mkdir -p /var/backups/lxc /srv/lxc-datastore |
|||
|
|||
## |
|||
## lxc tools |
|||
## |
|||
|
|||
apt-get install lxc |
|||
|
|||
mount -a |
|||
|
|||
|
|||
mkdir -p /opt/apps |
|||
|
|||
## |
|||
## ssh config |
|||
## |
|||
|
|||
|
|||
cp src/etc/ssh/lxc_git_access_id_rsa /etc/ssh/lxc_git_access_id_rsa |
|||
chmod 0600 /etc/ssh/lxc_git_access_id_rsa |
|||
|
|||
cat <<EOF >> ~/.ssh/config |
|||
|
|||
Host git.0k.io |
|||
User lxc-user |
|||
IdentityFile /etc/ssh/lxc_git_access_id_rsa |
|||
UserKnownHostsFile /dev/null |
|||
StrictHostKeyChecking no |
|||
Port 10022 |
|||
|
|||
EOF |
|||
|
|||
|
|||
## |
|||
## Install 0k-manage |
|||
## |
|||
|
|||
( |
|||
if ! [ -d "/opt/apps/0k-manage" ]; then |
|||
cd /opt/apps && |
|||
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-manage.git" && |
|||
cd /opt/apps/0k-manage && |
|||
git checkout 0k/prod/master |
|||
fi |
|||
) |
|||
|
|||
## |
|||
## Install 0k-charms |
|||
## |
|||
|
|||
( |
|||
if ! [ -d "/opt/apps/0k-charms" ]; then |
|||
cd /opt/apps && |
|||
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-charms.git" && |
|||
cd /opt/apps/0k-charms && |
|||
git checkout master |
|||
fi |
|||
|
|||
if ! [ -d "/srv/charm-store" ]; then |
|||
mkdir -p /srv && |
|||
ln -sf /opt/apps/0k-charms/precise /srv/charm-store |
|||
fi |
|||
|
|||
|
|||
) |
|||
|
|||
|
|||
## |
|||
## Install lxc-scripts |
|||
## |
|||
|
|||
( |
|||
if ! [ -d "/opt/apps/lxc-scripts" ]; then |
|||
cd /opt/apps && |
|||
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/lxc-scripts.git" && |
|||
cd /opt/apps/0k-manage && |
|||
git checkout master && |
|||
ln -sf /opt/apps/lxc-scripts/bin/lxc-* /usr/local/sbin/ && |
|||
ln -sf /opt/apps/lxc-scripts/usr/lib/lxc/templates/lxc-0k-ubuntu-cloud /usr/lib/lxc/templates/ |
|||
fi |
|||
) |
|||
|
|||
## |
|||
## Patch some files |
|||
## |
|||
|
|||
stop lxc-net |
|||
|
|||
( |
|||
cp src/etc/default/lxc /etc/default/lxc && |
|||
cp src/etc/init/lxc{,-net}.conf /etc/init |
|||
) |
|||
|
|||
start lxc-net |
|||
|
|||
## |
|||
## Install dns waterfall |
|||
## |
|||
|
|||
apt-get install -y bind9 dnsmasq |
|||
|
|||
echo "Change /etc/default/lxc accordingly (use 172.48.#NB) as prefix" |
|||
echo "and add HOST_EXTERNAL_DEVICE=" |
|||
exit 1 |
|||
|
|||
# edit /etc/dnsmaq.conf |
|||
echo " |
|||
server=$(. /etc/default/lxc && echo "$LXC_ADDR") |
|||
interface=lo |
|||
no-negcache |
|||
log-queries |
|||
log-facility=/var/log/dnsmasq.log |
|||
" >> /etc/dnsmasq.conf |
|||
|
|||
( |
|||
cp "src/etc/bind/named.conf.options" "/etc/bind/named.conf.options" && |
|||
sed -ri "s/%%EXTERNAL_IP%%/$(. /etc/default/lxc && ifip "$HOST_EXTERNAL_DEVICE")/g" "/etc/bind/named.conf.options" |
|||
) |
|||
## XXXvlab: Maybe we could change this in the service start/stop of the named daemon |
|||
|
|||
mkdir /var/log/named -p && |
|||
chown bind:bind /var/log/named |
|||
|
|||
/etc/init.d/bind9 restart |
|||
/etc/init.d/dnsmasq restart |
|||
|
|||
## |
|||
## Logrotate for dnsmasq and named |
|||
## |
|||
|
|||
cat <<EOF > /etc/logrotate.d/dnsmasq |
|||
|
|||
/var/log/dnsmasq.log { |
|||
missingok |
|||
copytruncate |
|||
notifempty |
|||
compress |
|||
|
|||
postrotate |
|||
kill -s SIGUSR2 "\$(cat /var/run/dnsmasq/dnsmasq.pid)" |
|||
endscript |
|||
} |
|||
|
|||
EOF |
|||
|
|||
|
|||
cat <<EOF > /etc/logrotate.d/lxc-dnsmasq |
|||
|
|||
/var/log/lxc-dnsmasq.log { |
|||
missingok |
|||
copytruncate |
|||
notifempty |
|||
compress |
|||
|
|||
postrotate |
|||
kill -s SIGUSR2 "\$(cat /var/run/lxc/dnsmasq.pid)" |
|||
endscript |
|||
} |
|||
|
|||
EOF |
|||
|
|||
cat <<EOF > /etc/logrotate.d/named |
|||
/var/log/named/*.log { |
|||
missingok |
|||
copytruncate |
|||
notifempty |
|||
compress |
|||
} |
|||
EOF |
|||
|
|||
|
|||
## |
|||
## shorewall |
|||
## |
|||
|
|||
apt-get install -y shorewall |
|||
|
|||
cat <<EOF > /etc/shorewall/zones |
|||
fw firewall |
|||
net ipv4 |
|||
lan ipv4 |
|||
EOF |
|||
|
|||
cat <<EOF > /etc/shorewall/interfaces |
|||
#ZONE INTERFACE BROADCAST OPTIONS |
|||
net eth0 |
|||
## Uncomment to enable vpn setup |
|||
#vpn tun0 detect |
|||
lan lxcbr0 - routeback |
|||
EOF |
|||
|
|||
cat <<EOF > /etc/shorewall/policy |
|||
#SOURCE DEST RULE LOG |
|||
|
|||
fw all ACCEPT |
|||
lan all ACCEPT |
|||
net all DROP info |
|||
all all DROP info |
|||
EOF |
|||
|
|||
cat <<EOF > /etc/shorewall/rules |
|||
SSH/ACCEPT net fw |
|||
Ping/ACCEPT net fw |
|||
|
|||
|
|||
BEGIN SHELL |
|||
|
|||
host_ip="\$(/sbin/ifconfig eth0 2> /dev/null | sed "s/^.*inet ad\+r://g" | grep ^[0-9] | sed "s/ .*$//g")" |
|||
|
|||
for name in \$(lxc-ls-running); do |
|||
ip=\$(dig +short A "\$name") |
|||
[ -e "/var/lib/lxc/\$name/shorewall" ] && |
|||
cat /var/lib/lxc/\$name/shorewall | sed -r "s/%%HOST_INTERNET_IP%%/\$host_ip/g" \ |
|||
| sed -r "s/%%IP%%/\$ip/g" |
|||
|
|||
done |
|||
|
|||
true |
|||
|
|||
END SHELL |
|||
|
|||
EOF |
|||
|
|||
|
|||
cat <<EOF > /etc/shorewall/masq |
|||
eth0 lxcbr0 |
|||
EOF |
|||
|
|||
## |
|||
## Mail facilities |
|||
## |
|||
|
|||
( |
|||
debconf-set-selections <<< "postfix postfix/mailname string ${MAIL_NAME}.${MAIL_DOMAINNAME}" && |
|||
debconf-set-selections <<< "postfix postfix/main_mailer_type select 'Local only'" && |
|||
|
|||
apt-get install -y postfix mailutils && |
|||
|
|||
postconf inet_interfaces=loopback-only && |
|||
|
|||
[ -z "$MAIL_SATTELITE_RELAYHOST" ] && postconf relayhost="$MAIL_SATTELITE_RELAYHOST" |
|||
postfix reload |
|||
) |
|||
|
|||
## |
|||
## Warnings |
|||
## |
|||
|
|||
|
|||
ln -sf /opt/apps/0k-manage/src/etc/cron.hourly/* /etc/cron.hourly/ |
|||
ln -sf /opt/apps/lxc-scripts/etc/cron.hourly/* /etc/cron.hourly/ |
|||
|
|||
## |
|||
## Backup lxc |
|||
## |
|||
|
|||
( |
|||
if ! [ -d "/opt/apps/0k-manage" ]; then |
|||
cd /opt/apps && |
|||
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-manage.git" && |
|||
cd /opt/apps/0k-manage && |
|||
git checkout 0k/prod/master |
|||
fi |
|||
|
|||
## these are required by /etc/cron.hourly/lxc-backup |
|||
|
|||
pip install sact.epoch && |
|||
(cd /usr/local/lib/python2.7/dist-packages/; |
|||
mv zope zope-bad) && |
|||
pip install zope.interface --upgrade && |
|||
pip install zope.component --upgrade && |
|||
ln -sf /opt/apps/0k-manage/src/bin/* /usr/local/bin/ |
|||
) |
@ -0,0 +1,9 @@ |
|||
#!/bin/bash |
|||
|
|||
set +eux |
|||
|
|||
apt-get update |
|||
apt-get -y --force-yes install bash-completion wget bzip2 git-core \ |
|||
less language-pack-en python-software-properties tmux mosh \ |
|||
sudo git </dev/null |
|||
|
@ -0,0 +1,7 @@ |
|||
#!/bin/bash |
|||
|
|||
## For shyaml |
|||
|
|||
apt-get install -y --force-yes python-pip libyaml-dev python-dev </dev/null |
|||
|
|||
pip install shyaml |
@ -0,0 +1,51 @@ |
|||
#!/bin/bash |
|||
|
|||
## |
|||
## Git utilities |
|||
## |
|||
|
|||
cat <<EOF > /etc/gitconfig |
|||
[alias] |
|||
co = checkout |
|||
com = commit |
|||
st = status |
|||
ci = commit |
|||
|
|||
[color] |
|||
branch = auto |
|||
diff = auto |
|||
interactive = auto |
|||
status = auto |
|||
|
|||
[core] |
|||
whitespace = fix |
|||
excludesfile = /etc/gitignore |
|||
|
|||
EOF |
|||
|
|||
cat <<EOF > /etc/gitignore |
|||
docs/build/* |
|||
develop-eggs/* |
|||
*.pyc |
|||
*.o |
|||
.installed.cfg |
|||
eggs/* |
|||
*.egg-info/* |
|||
*.orig |
|||
dist/* |
|||
build/* |
|||
buildout.dev.cfg |
|||
*~ |
|||
*# |
|||
.#* |
|||
*.swp |
|||
*_flymake.* |
|||
.svn |
|||
|
|||
EOF |
|||
|
|||
|
|||
|
|||
git config --global user.email "default@$(hostname)" |
|||
git config --global user.name "default" |
|||
|
@ -0,0 +1,17 @@ |
|||
#!/bin/bash |
|||
|
|||
set +eux |
|||
|
|||
[ "$DOCKER" ] && exit 0 |
|||
|
|||
## |
|||
## etckeeper |
|||
## |
|||
|
|||
apt-get install -y etckeeper </dev/null |
|||
|
|||
sed -i 's/#VCS="git"/VCS="git"/g;s/VCS="bzr"/#VCS="bzr"/g' \ |
|||
/etc/etckeeper/etckeeper.conf |
|||
|
|||
etckeeper init |
|||
|
@ -0,0 +1,23 @@ |
|||
#!/bin/bash |
|||
|
|||
set -eux |
|||
|
|||
## |
|||
## kal-scripts |
|||
## |
|||
|
|||
|
|||
if ! [ -e /etc/apt/sources.list.d/kalysto.org.list ]; then |
|||
cat <<EOF > /etc/apt/sources.list.d/kalysto.org.list |
|||
|
|||
## vlab's shell libraries |
|||
deb http://deb.kalysto.org no-dist kal-alpha kal-beta kal-main |
|||
|
|||
EOF |
|||
|
|||
## Update only this repo: |
|||
apt-get update -o Dir::Etc::sourcelist="sources.list.d/kalysto.org.list" \ |
|||
-o Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="0" |
|||
fi |
|||
|
|||
apt-get install -y --force-yes kal-scripts |
@ -0,0 +1,52 @@ |
|||
#!/bin/bash |
|||
|
|||
## Requires kal-script |
|||
|
|||
|
|||
## |
|||
## More shell configurations (prompt, functions) |
|||
## |
|||
|
|||
mkdir -p /etc/prompt |
|||
|
|||
cat <<EOF > /etc/prompt/prompt.1.rc |
|||
PROMPT_COMMAND="" |
|||
parse_git_branch() { |
|||
ref=\$(git symbolic-ref HEAD 2> /dev/null) || return |
|||
echo -en ' (\033[0;32m'\${ref#refs/heads/}'\033[0m)' |
|||
} |
|||
export PS1="\[\033[0;37m\][\[\033[1;30m\]\u\[\033[0;37m\]@\[\033[1;30m\]\H\[\033[0;37m\]]-[\[\033[1;34m\]\w\[\033[0;37m\]]\\\$(parse_git_branch)\n\[\033[1;37m\]\\$ \[\033[0;37m\]" |
|||
EOF |
|||
|
|||
cat <<EOF >> /root/.bashrc |
|||
|
|||
## History management |
|||
|
|||
export HISTCONTROL=ignoredups |
|||
export HISTSIZE=50000 |
|||
shopt -s histappend |
|||
PROMPT_COMMAND='history -a' |
|||
|
|||
|
|||
## Prompt easy management |
|||
|
|||
prompt() { |
|||
prompt_name="prompt.\$1.rc" |
|||
|
|||
for i in /etc/prompt ~/.prompt; do |
|||
[ -f "\$i/\$prompt_name" ] && |
|||
. "\$i/\$prompt_name" |
|||
done |
|||
} |
|||
|
|||
|
|||
## Git log command |
|||
|
|||
function glog() { |
|||
git log --graph --pretty=tformat:%C\(yellow\ normal\)%h%Creset\ %C\(blue\ normal\)%an%Creset\ %s\ %Cgreen%d%Creset -n 20 "\$@" |
|||
} |
|||
|
|||
prompt 1 |
|||
|
|||
EOF |
|||
|
@ -0,0 +1,28 @@ |
|||
#!/bin/bash |
|||
|
|||
|
|||
## |
|||
## ssh config |
|||
## |
|||
|
|||
cp src/etc/ssh/lxc_git_access_id_rsa /etc/ssh/lxc_git_access_id_rsa |
|||
chmod 0600 /etc/ssh/lxc_git_access_id_rsa |
|||
|
|||
SSH_CONFIG_DIR=~/.ssh |
|||
|
|||
mkdir -p "$SSH_CONFIG_DIR" |
|||
|
|||
if ! grep '^Host 0k-ro' "$SSH_CONFIG_DIR"/config >/dev/null 2>&1; then |
|||
cat <<EOF >> "$SSH_CONFIG_DIR"/config |
|||
|
|||
Host 0k-ro |
|||
Hostname git.0k.io |
|||
Port 10022 |
|||
User lxc-user |
|||
IdentityFile /etc/ssh/lxc_git_access_id_rsa |
|||
UserKnownHostsFile /dev/null |
|||
StrictHostKeyChecking no |
|||
|
|||
EOF |
|||
|
|||
fi |
@ -0,0 +1,20 @@ |
|||
#!/bin/bash |
|||
|
|||
set -eux # -x for verbose logging to juju debug-log |
|||
|
|||
|
|||
## 0k git remote path |
|||
GIT_0K_BASE=${GIT_0K_BASE:-"0k-ro:/var/git"} |
|||
|
|||
## 0k git remote options |
|||
GIT_0K_CLONE_OPTIONS=${GIT_0K_CLONE_OPTIONS:-""} |
|||
|
|||
|
|||
## |
|||
## install git sub |
|||
## |
|||
|
|||
mkdir -p /opt/apps && |
|||
cd /opt/apps && |
|||
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE"/0k/git-sub && |
|||
ln -sf /opt/apps/git-sub/bin/git-sub /usr/lib/git-core/ |
@ -0,0 +1,93 @@ |
|||
#!/bin/bash |
|||
|
|||
## |
|||
## btrfs install |
|||
## |
|||
|
|||
#BTRFS_DEVICE= |
|||
BTRFS_MOUNT_ROOT=${BTRFS_MOUNT_ROOT:-"/mnt/btrfs-root"} |
|||
if [ -z "$BTRFS_DEVICE" ]; then |
|||
echo "You must set a BTRFS_DEVICE environment variable prior to executing this hook." |
|||
exit 1 |
|||
fi |
|||
|
|||
apt-get install -y btrfs-tools |
|||
|
|||
if [ "$FORCE" != "yes" ]; then |
|||
echo "the following is dangerous code. Please execute with FORCE=yes." |
|||
echo "it DELETES directory /var/lib/docker if you have one." |
|||
exit 1 |
|||
fi |
|||
|
|||
## "$BTRFS_DEVICE" device should not be mounted |
|||
if mount | egrep ^"$BTRFS_DEVICE\s+" >/dev/null 2>&1; then |
|||
umount "$BTRFS_DEVICE" || { |
|||
echo "Can't umount $BTRFS_DEVICE. Aborting script." |
|||
exit 1 |
|||
} |
|||
echo "Unmounted $BTRFS_DEVICE." |
|||
fi |
|||
|
|||
|
|||
if egrep ^"$BTRFS_DEVICE\s+" /etc/fstab >/dev/null 2>&1; then |
|||
sed -r -i "\%^$BTRFS_DEVICE\s+%d" /etc/fstab || { |
|||
echo "Couldn't remove device $BTRFS_DEVICE from fstab." |
|||
exit 1 |
|||
} |
|||
echo "Removed device $BTRFS_DEVICE from fstab." |
|||
fi |
|||
|
|||
|
|||
## Format the device and add entry in fstab |
|||
|
|||
mkfs.btrfs -f "$BTRFS_DEVICE" |
|||
|
|||
## No need of UID it seems: |
|||
# UUID="$(blkid -s UUID $BTRFS_DEVICE -o value)" |
|||
# echo "UUID=$UUID $BTRFS_MOUNT_ROOT btrfs defaults,relatime,compress=lzo,space_cache,auto 0 0" >> /etc/fstab |
|||
echo "$BTRFS_DEVICE $BTRFS_MOUNT_ROOT btrfs defaults,relatime,compress=lzo,space_cache,auto 0 0" >> /etc/fstab |
|||
|
|||
|
|||
## Mount point and mount device |
|||
|
|||
mkdir "$BTRFS_MOUNT_ROOT" -p |
|||
mount "$BTRFS_MOUNT_ROOT" |
|||
|
|||
|
|||
if [ -d /var/lib/docker ] ; then |
|||
RESTART_DOCKER=yes |
|||
service docker stop |
|||
## XXXvlab: moving doesn't work and is not desirable, as we want docker |
|||
## to setup and detect new underlying btrfs system. |
|||
# mv "/var/lib/docker/"* "$BTRFS_MOUNT_ROOT/var/lib/docker" |
|||
rm -rf /var/lib/docker/* |
|||
fi |
|||
|
|||
|
|||
## Build subvolume structure |
|||
|
|||
for d in /home /var{/{lib,cache,backups}/lxc,/lib/docker} \ |
|||
/var/backups/snapshot \ |
|||
/srv/{lxc,docker}-datastore{,/config,/data}; do |
|||
mkdir -p "$(dirname "$BTRFS_MOUNT_ROOT$d")" ## creates parent directory of subvolume |
|||
btrfs subvolume create "$BTRFS_MOUNT_ROOT$d" |
|||
mkdir -p "$d" |
|||
|
|||
binds=$(cat /etc/fstab | egrep '\s+none\s+' | grep bind | grep -v '^\s+#' | sed -r 's/^\s*([^ ]+).*$/\1/g') |
|||
for b in $binds; do |
|||
if [[ "$BTRFS_MOUNT_ROOT$d/" == "$b/"* ]]; then |
|||
echo "Directory '$d' is already available via bind '$b'." |
|||
continue 2 |
|||
fi |
|||
done |
|||
|
|||
## Add bind to /etc/fstab |
|||
echo "$BTRFS_MOUNT_ROOT$d $d none bind,defaults,auto 0 0" >> /etc/fstab |
|||
done |
|||
|
|||
|
|||
## Mount all binds |
|||
|
|||
mount -a |
|||
|
|||
[ -z "$RESTART_DOCKER" ] || service docker start |
@ -0,0 +1,8 @@ |
|||
#!/bin/bash |
|||
|
|||
apt-get install lxc -y --force-yes </dev/null |
|||
|
|||
## required to access the created lxc ! |
|||
if ! [ -e ~/.ssh/id_rsa ]; then |
|||
ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa -q |
|||
fi |
@ -0,0 +1,69 @@ |
|||
#!/bin/bash |
|||
|
|||
|
|||
|
|||
## 0k git remote path |
|||
GIT_0K_BASE=${GIT_0K_BASE:-"0k-ro:/var/git"} |
|||
|
|||
## 0k git remote options |
|||
GIT_0K_CLONE_OPTIONS=${GIT_0K_CLONE_OPTIONS:-""} |
|||
|
|||
|
|||
## |
|||
## Install 0k-manage |
|||
## |
|||
|
|||
mkdir -p /opt/apps |
|||
( |
|||
if ! [ -d "/opt/apps/0k-manage" ]; then |
|||
cd /opt/apps && |
|||
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-manage.git" && |
|||
cd /opt/apps/0k-manage && |
|||
git checkout 0k/prod/master |
|||
fi |
|||
) |
|||
|
|||
## |
|||
## Install 0k-charms |
|||
## |
|||
|
|||
( |
|||
if ! [ -d "/opt/apps/0k-charms" ]; then |
|||
cd /opt/apps && |
|||
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-charms.git" && |
|||
cd /opt/apps/0k-charms && |
|||
git checkout master |
|||
fi |
|||
|
|||
if ! [ -d "/srv/charm-store" ]; then |
|||
mkdir -p /srv/charm-store && |
|||
find /opt/apps/0k-charms -type d -exec /usr/bin/test -e {}/metadata.yml \ |
|||
-o -e {}/metadata.yaml \; -print | while read f; do |
|||
ln -sf "$f" /srv/charm-store/ |
|||
done |
|||
fi |
|||
|
|||
) |
|||
|
|||
|
|||
## |
|||
## Install lxc-scripts |
|||
## |
|||
|
|||
( |
|||
if ! [ -d "/opt/apps/lxc-scripts" ]; then |
|||
cd /opt/apps && |
|||
git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/lxc-scripts.git" && |
|||
cd /opt/apps/0k-manage && |
|||
git checkout master && |
|||
ln -sf /opt/apps/lxc-scripts/bin/lxc-* /usr/local/sbin/ && |
|||
[ -d /usr/lib/lxc/templates ] && { |
|||
ln -sf /opt/apps/lxc-scripts/usr/lib/lxc/templates/lxc-0k-ubuntu-cloud /usr/lib/lxc/templates/ |
|||
echo TEMPLATE_PATH=/usr/lib/lxc/templates >> /etc/default/lxc |
|||
} |
|||
[ -d /usr/share/lxc/templates ] && { |
|||
ln -sf /opt/apps/lxc-scripts/usr/lib/lxc/templates/lxc-0k-ubuntu-cloud /usr/share/lxc/templates |
|||
echo TEMPLATE_PATH=/usr/share/lxc/templates >> /etc/default/lxc |
|||
} |
|||
fi |
|||
) |
@ -0,0 +1,111 @@ |
|||
#!/bin/bash |
|||
|
|||
|
|||
[ "$LXC_NETWORK" ] || { |
|||
echo "You must set \$LXC_NETWORK (to something like 172.160.0 ) before using this script." |
|||
exit 1 |
|||
} |
|||
|
|||
HOST_EXTERNAL_DEVICE=${HOST_EXTERNAL_DEVICE:-eth0} |
|||
|
|||
apt-get install -y bind9 dnsmasq |
|||
|
|||
echo HOST_EXTERNAL_DEVICE="$HOST_EXTERNAL_DEVICE" >> /etc/default/lxc |
|||
sed -ri "s%10\.0\.3\.%$LXC_NETWORK.%g;s%^#LXC_DHCP_CONFILE=%LXC_DHCP_CONFILE=%g" /etc/default/lxc-net |
|||
|
|||
LXC_ADDR=$(. /etc/default/lxc && echo "$LXC_ADDR") |
|||
if [ -z "$LXC_ADDR" ]; then |
|||
LXC_ADDR=$(. <(cat /usr/lib/x86_64-linux-gnu/lxc/lxc-net | grep ^LXC_ADDR | head -n 1) && echo "$LXC_ADDR") |
|||
fi |
|||
|
|||
HOST_IP=$(. /etc/default/lxc && ifip "$HOST_EXTERNAL_DEVICE") |
|||
|
|||
echo " |
|||
server=$LXC_ADDR |
|||
interface=lo |
|||
no-negcache |
|||
log-queries |
|||
log-facility=/var/log/dnsmasq.log |
|||
" >> /etc/dnsmasq.conf |
|||
|
|||
echo " |
|||
server=${HOST_IP} |
|||
log-queries |
|||
no-negcache |
|||
log-facility=/var/log/lxc-dnsmasq.log |
|||
" >> /etc/lxc/dnsmasq.conf |
|||
|
|||
( |
|||
cp "src/etc/bind/named.conf.options" "/etc/bind/named.conf.options" && |
|||
sed -ri "s/%%EXTERNAL_IP%%/$HOST_IP/g" "/etc/bind/named.conf.options" |
|||
) |
|||
## XXXvlab: Maybe we could change this in the service start/stop of the named daemon |
|||
|
|||
mkdir /var/log/named -p && |
|||
chown bind:bind /var/log/named |
|||
|
|||
/etc/init.d/bind9 restart |
|||
/etc/init.d/dnsmasq restart |
|||
service lxc restart |
|||
service lxc-net restart ## had to 'brctl delbr lxcbr0' myself |
|||
|
|||
cp /etc/resolv.conf{,.orig} |
|||
cat <<EOF > /etc/resolv.conf |
|||
nameserver 127.0.0.1 |
|||
#domain . ## didn't work on 12.04 |
|||
search localdomain ## imperfect, we don't want to search www.localdomain |
|||
EOF |
|||
|
|||
## |
|||
## Logrotate for dnsmasq and named |
|||
## |
|||
|
|||
cat <<EOF > /etc/logrotate.d/dnsmasq |
|||
|
|||
/var/log/dnsmasq.log { |
|||
missingok |
|||
copytruncate |
|||
notifempty |
|||
compress |
|||
|
|||
postrotate |
|||
kill -s SIGUSR2 "\$(cat /var/run/dnsmasq/dnsmasq.pid)" |
|||
endscript |
|||
} |
|||
|
|||
EOF |
|||
|
|||
|
|||
cat <<EOF > /etc/logrotate.d/lxc-dnsmasq |
|||
|
|||
/var/log/lxc-dnsmasq.log { |
|||
missingok |
|||
copytruncate |
|||
notifempty |
|||
compress |
|||
|
|||
postrotate |
|||
kill -s SIGUSR2 "\$(cat /var/run/lxc/dnsmasq.pid)" |
|||
endscript |
|||
} |
|||
|
|||
EOF |
|||
|
|||
cat <<EOF > /etc/logrotate.d/named |
|||
/var/log/named/*.log { |
|||
missingok |
|||
copytruncate |
|||
notifempty |
|||
compress |
|||
} |
|||
EOF |
|||
|
|||
## |
|||
## Testing |
|||
## |
|||
|
|||
# lsof -i4tcp:53 -n |
|||
# netstat -ltnp | grep :53 |
|||
# ping HOST |
|||
# host HOST |
|||
# tcpdump |
@ -0,0 +1,73 @@ |
|||
#!/bin/bash |
|||
|
|||
## |
|||
## shorewall |
|||
## |
|||
|
|||
apt-get install -y shorewall |
|||
|
|||
cat <<EOF > /etc/shorewall/zones |
|||
fw firewall |
|||
net ipv4 |
|||
lan ipv4 |
|||
EOF |
|||
|
|||
cat <<EOF > /etc/shorewall/interfaces |
|||
#ZONE INTERFACE BROADCAST OPTIONS |
|||
net eth0 |
|||
## Uncomment to enable vpn setup |
|||
#vpn tun0 detect |
|||
lan lxcbr0 - routeback |
|||
EOF |
|||
|
|||
cat <<EOF > /etc/shorewall/policy |
|||
#SOURCE DEST RULE LOG |
|||
|
|||
fw all ACCEPT |
|||
lan all ACCEPT |
|||
net all DROP info |
|||
all all DROP info |
|||
EOF |
|||
|
|||
cat <<EOF > /etc/shorewall/rules |
|||
SSH/ACCEPT net fw |
|||
Ping/ACCEPT net fw |
|||
|
|||
|
|||
BEGIN SHELL |
|||
|
|||
host_ip="\$(/sbin/ifconfig eth0 2> /dev/null | sed "s/^.*inet ad\+r://g" | grep ^[0-9] | sed "s/ .*$//g")" |
|||
|
|||
for name in \$(lxc-ls-running); do |
|||
ip=\$(dig +short A "\$name") |
|||
[ -e "/var/lib/lxc/\$name/shorewall" ] && |
|||
cat /var/lib/lxc/\$name/shorewall | sed -r "s/%%HOST_INTERNET_IP%%/\$host_ip/g" \ |
|||
| sed -r "s/%%IP%%/\$ip/g" |
|||
|
|||
done |
|||
|
|||
true |
|||
|
|||
END SHELL |
|||
|
|||
EOF |
|||
|
|||
cat <<EOF > /etc/shorewall/masq |
|||
eth0 lxcbr0 |
|||
EOF |
|||
|
|||
cat <<EOF > /etc/shorewall/start |
|||
## correct a bug that prevent DHCP packet to be correctly sent between |
|||
## LXC, preventing them to receive an IP. |
|||
|
|||
. /etc/default/lxc |
|||
|
|||
if [ -d "/sys/class/net/\$LXC_BRIDGE" -a "\$(cat /sys/class/net/\$LXC_BRIDGE/operstate)" == "up" ]; then |
|||
source_file=/etc/init/lxc-net.conf |
|||
code=\$(egrep '^\s+iptables.*\s+-j\s+' /etc/init/lxc-net.conf | grep -v '\-D' | sed -r 's/^\s+[^-]+/run_iptables /g') |
|||
echo "Adding LXC rules:" |
|||
echo "\$code" |
|||
eval "\$code" |
|||
fi |
|||
|
|||
EOF |
Write
Preview
Loading…
Cancel
Save
Reference in new issue