#!/bin/bash set -eux # -x for verbose logging to juju debug-log apt-get update apt-get -y install bash-completion wget bzip2 git-core less language-pack-en python-software-properties tmux mosh sudo git ## 0k git remote path GIT_0K_BASE=${GIT_0K_BASE:-"git.0k.io:/var/git"} ## 0k git remote options GIT_0K_CLONE_OPTIONS=${GIT_0K_CLONE_OPTIONS:-""} #BTRFS_DEVICE= BTRFS_MOUNT_ROOT=${BTRFS_MOUNT_ROOT:-"/mnt/btrfs-root"} if [ -z "$BTRFS_DEVICE" ]; then echo "You must set a BTRFS_DEVICE environement variable prior to executing this hook." exit 1 fi MAIL_NAME=${MAIL_NAME:-localhost} MAIL_DOMAINNAME=${MAIL_DOMAINNAME:-"localdomain"} MAIL_SATTELITE_RELAYHOST=${MAIL_SATTELITE_RELAYHOST:-} ## ## etckeeper ## apt-get install etckeeper sed -i 's/#VCS="git"/VCS="git"/g' /etc/etckeeper/etckeeper.conf sed -i 's/VCS="bzr"/#VCS="bzr"/g' /etc/etckeeper/etckeeper.conf etckeeper init ## ## Git utilities ## echo "[alias] co = checkout com = commit st = status ci = commit [color] branch = auto diff = auto interactive = auto status = auto " >> /etc/gitconfig ## ## kal-scripts ## cat <> /etc/apt/sources.list ## vlab's shell libraries deb http://deb.kalysto.org no-dist kal-alpha kal-beta kal-main EOF apt-get update apt-get install -y --force-yes kal-scripts python-pip && pip install shyaml ## ## More shell configurations (prompt, functions) ## mkdir -p /etc/prompt cat < /etc/prompt/prompt.1.rc PROMPT_COMMAND="" parse_git_branch() { ref=\$(git symbolic-ref HEAD 2> /dev/null) || return echo -en ' (\033[0;32m'\${ref#refs/heads/}'\033[0m)' } export PS1="\[\033[0;37m\][\[\033[1;30m\]\u\[\033[0;37m\]@\[\033[1;30m\]\h\[\033[0;37m\]]-[\[\033[1;34m\]\w\[\033[0;37m\]]\\\$(parse_git_branch)\n\[\033[1;37m\]\\$ \[\033[0;37m\]" EOF cat <> /root/.bashrc ## History management export HISTCONTROL=ignoredups export HISTSIZE=50000 shopt -s histappend PROMPT_COMMAND='history -a' ## Prompt easy management prompt() { prompt_name="prompt.\$1.rc" for i in /etc/prompt ~/.prompt; do [ -f "\$i/\$prompt_name" ] && . "\$i/\$prompt_name" done } ## Git log command function glog() { git log --graph --pretty=tformat:%C\(yellow\ normal\)%h%Creset\ %C\(blue\ normal\)%an%Creset\ %s\ %Cgreen%d%Creset -n 20 "\$@" } prompt 1 EOF ## ## btrfs install ## apt-get install -y btrfs-tools echo "the following is dangerous code. Please execute yourself for now." exit 1 ## Format the device and add entry in fstab mkfs.btrfs "$BTRFS_DEVICE" UUID="$(blkid -s UUID $BTRFS_DEVICE -o value)" echo "UUID=$UUID $BTRFS_MOUNT_ROOT btrfs defaults,relatime,compress=lzo,auto 0 0" >> /etc/fstab ## Mount point and mount device mkdir "$BTRFS_MOUNT_ROOT" -p mount "$BTRFS_MOUNT_ROOT" ## Build subvolume structure btrfs subvolume create $BTRFS_MOUNT_ROOT/var mkdir $BTRFS_MOUNT_ROOT/var/{lib,cache,backups} -p for d in $BTRFS_MOUNT_ROOT/var/{lib,cache,backups}; do btrfs subvolume create $d/lxc done for d in $BTRFS_MOUNT_ROOT/srv/{,lxc-datastore{,/config,/data}}; do btrfs subvolume create $d done ## Add binds to /etc/fstab cat <> /etc/fstab ## binds /mnt/btrfs-root/var/lib/lxc /var/lib/lxc none bind,defaults,auto 0 0 /mnt/btrfs-root/var/cache/lxc /var/cache/lxc none bind,defaults,auto 0 0 /mnt/btrfs-root/var/backups/lxc /var/backups/lxc none bind,defaults,auto 0 0 /mnt/btrfs-root/srv/lxc-datastore /srv/lxc-datastore none bind,defaults,auto 0 0 EOF mkdir -p /var/backups/lxc /srv/lxc-datastore ## ## lxc tools ## apt-get install lxc mount -a all mkdir -p /opt/apps ## ## ssh config ## cp src/etc/ssh/lxc_git_access_id_rsa /etc/ssh/lxc_git_access_id_rsa chmod 0600 /etc/ssh/lxc_git_access_id_rsa cat <> ~/.ssh/config Host git.0k.io User lxc-user IdentityFile /etc/ssh/lxc_git_access_id_rsa UserKnownHostsFile /dev/null StrictHostKeyChecking no Port 10022 EOF ## ## Install 0k-manage ## ( if ! [ -d "/opt/apps/0k-manage" ]; then cd /opt/apps && git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-manage.git" && cd /opt/apps/0k-manage && git checkout 0k/prod/master fi ) ## ## Install 0k-charms ## ( if ! [ -d "/opt/apps/0k-charms" ]; then cd /opt/apps && git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-charms.git" && cd /opt/apps/0k-charms && git checkout master fi if ! [ -d "/srv/charm-store" ]; then mkdir -p /srv && ln -sf /opt/apps/0k-charms/precise /srv/charm-store fi ) ## ## Install lxc-scripts ## ( if ! [ -d "/opt/apps/lxc-scripts" ]; then cd /opt/apps && git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/lxc-scripts.git" && cd /opt/apps/0k-manage && git checkout master && ln -sf /opt/apps/lxc-scripts/bin/lxc-* /usr/local/sbin/ && ln -sf /opt/apps/lxc-scripts/usr/lib/lxc/templates/lxc-0k-ubuntu-cloud /usr/lib/lxc/templates/ fi ) ## ## Patch some files ## stop lxc-net ( cp src/etc/default/lxc /etc/default/lxc && cp src/etc/init/lxc{,-net}.conf /etc/init ) start lxc-net ## ## Install dns waterfall ## apt-get install -y bind9 dnsmasq echo "Change /etc/default/lxc accordingly (use 172.48.#NB) as prefix" echo "and add HOST_EXTERNAL_DEVICE=" exit 1 # edit /etc/dnsmaq.conf echo " server=$(. /etc/default/lxc && echo "$LXC_ADDR") interface=lo no-negcache log-queries log-facility=/var/log/dnsmasq.log " >> /etc/dnsmasq.conf ( cp "src/etc/bind/named.conf.options" "/etc/bind/named.conf.options" && sed -ri "s/%%EXTERNAL_IP%%/$(. /etc/default/lxc && ifip "$HOST_EXTERNAL_DEVICE")/g" "/etc/bind/named.conf.options" ) ## XXXvlab: Maybe we could change this in the service start/stop of the named daemon mkdir /var/log/named -p && chown bind:bind /var/log/named /etc/init.d/bind9 restart /etc/init.d/dnsmasq restart ## ## Logrotate for dnsmasq and named ## cat < /etc/logrotate.d/dnsmasq /var/log/dnsmasq.log { missingok copytruncate notifempty compress postrotate kill -s SIGUSR2 "\$(cat /var/run/dnsmasq/dnsmasq.pid)" endscript } EOF cat < /etc/logrotate.d/lxc-dnsmasq /var/log/lxc-dnsmasq.log { missingok copytruncate notifempty compress postrotate kill -s SIGUSR2 "\$(cat /var/run/lxc/dnsmasq.pid)" endscript } EOF cat < /etc/logrotate.d/named /var/log/named/*.log { missingok copytruncate notifempty compress } EOF ## ## shorewall ## apt-get install -y shorewall cat < /etc/shorewall/zones fw firewall net ipv4 lan ipv4 EOF cat < /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS net eth0 ## Uncomment to enable vpn setup #vpn tun0 detect lan lxcbr0 - routeback EOF cat < /etc/shorewall/policy #SOURCE DEST RULE LOG fw all ACCEPT lan all ACCEPT net all DROP info all all DROP info EOF cat < /etc/shorewall/rules SSH/ACCEPT net fw Ping/ACCEPT net fw BEGIN SHELL host_ip="\$(/sbin/ifconfig eth0 2> /dev/null | sed "s/^.*inet ad\+r://g" | grep ^[0-9] | sed "s/ .*$//g")" for name in \$(lxc-ls-running); do ip=\$(dig +short A "\$name") [ -e "/var/lib/lxc/\$name/shorewall" ] && cat /var/lib/lxc/\$name/shorewall | sed -r "s/%%HOST_INTERNET_IP%%/\$host_ip/g" \ | sed -r "s/%%IP%%/\$ip/g" done true END SHELL EOF cat < /etc/shorewall/masq eth0 lxcbr0 EOF ## ## Mail facilities ## ( debconf-set-selections <<< "postfix postfix/mailname string ${MAIL_NAME}.${MAIL_DOMAINNAME}" && debconf-set-selections <<< "postfix postfix/main_mailer_type select 'Local only'" && apt-get install -y postfix mailutils && postconf inet_interfaces=loopback-only && [ -z "$MAIL_SATTELITE_RELAYHOST" ] && postconf relayhost="$MAIL_SATTELITE_RELAYHOST" postfix reload ) ## ## Warnings ## ln -sf /opt/apps/0k-manage/src/etc/cron.hourly/* /etc/cron.hourly/ ln -sf /opt/apps/lxc-scripts/etc/cron.hourly/* /etc/cron.hourly/ ## ## Backup lxc ## ( if ! [ -d "/opt/apps/0k-manage" ]; then cd /opt/apps && git clone $GIT_0K_CLONE_OPTIONS "$GIT_0K_BASE/0k/0k-manage.git" && cd /opt/apps/0k-manage && git checkout 0k/prod/master fi ## these are required by /etc/cron.hourly/lxc-backup pip install sact.epoch && (cd /usr/local/lib/python2.7/dist-packages/; mv zope zope-bad) && pip install zope.interface --upgrade && pip install zope.component --upgrade && ln -sf /opt/apps/0k-manage/src/bin/* /usr/local/bin/ )