MirrorMirror
/
riju
mirror of https://github.com/radian-software/riju.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Misc Packer improvements

This commit is contained in:
Radon Rosborough 2021-07-04 04:24:47 +00:00
parent 2062bfecdb
commit be7403e367
5 changed files with 86 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
packer/config.json
View File

@ -1,44 +0,0 @@
{
"variables": {
"admin_password": "{{env `ADMIN_PASSWORD`}}"
},
"builders": [
{
"type": "amazon-ebs",
"source_ami_filter": {
"filters": {
"virtualization-type": "hvm",
"root-device-type": "ebs",
"name": "ubuntu/images/hvm-ssd/ubuntu-*-21.04-amd64-server-*"
},
"owners": ["099720109477"],
"most_recent": true
},
"instance_type": "t3.micro",
"ssh_username": "ubuntu",
"ami_name": "riju-{{timestamp}}"
}
],
"provisioners": [
{
"type": "file",
"source": "riju-init-volume",
"destination": "/tmp/riju-init-volume"
},
{
"type": "file",
"source": "../supervisor/out/riju-supervisor",
"destination": "/tmp/riju-supervisor"
},
{
"type": "file",
"source": "riju.service",
"destination": "/tmp/riju.service"
},
{
"type": "shell",
"script": "provision.bash",
"environment_vars": ["ADMIN_PASSWORD={{user `admin_password`}}"]
}
]
}

69
packer/config.pkr.hcl Normal file
View File

@ -0,0 +1,69 @@
variable "admin_password" {
type = string
default = "${env("ADMIN_PASSWORD")}"
}
variable "aws_region" {
type = string
default = "${env("AWS_REGION")}"
}
variable "s3_bucket" {
type = string
default = "${env("S3_BUCKET")}"
}
variable "supervisor_access_token" {
type = string
default = "${env("SUPERVISOR_ACCESS_TOKEN")}"
}
data "amazon-ami" "ubuntu" {
filters = {
name = "ubuntu/images/hvm-ssd/ubuntu-*-21.04-amd64-server-*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["099720109477"]
}
locals {
timestamp = regex_replace(timestamp(), "[- TZ:]", "")
}
source "amazon-ebs" "ubuntu" {
ami_name = "riju-${local.timestamp}"
instance_type = "t3.micro"
source_ami = "${data.amazon-ami.ubuntu.id}"
ssh_username = "ubuntu"
}
build {
sources = ["source.amazon-ebs.ubuntu"]
provisioner "file" {
destination = "/tmp/riju-init-volume"
source = "riju-init-volume"
}
provisioner "file" {
destination = "/tmp/riju-supervisor"
source = "../supervisor/out/riju-supervisor"
}
provisioner "file" {
destination = "/tmp/riju.service"
source = "riju.service"
}
provisioner "shell" {
environment_vars = [
"ADMIN_PASSWORD=${var.admin_password}",
"AWS_REGION=${var.aws_region}",
"S3_BUCKET=${var.s3_bucket}",
"SUPERVISOR_ACCESS_TOKEN=${var.supervisor_access_token}",
]
script = "provision.bash"
}
}

7
packer/provision.bash
View File

@ -3,6 +3,8 @@
set -euo pipefail set -euo pipefail
: ${ADMIN_PASSWORD} : ${ADMIN_PASSWORD}
: ${S3_BUCKET}
: ${SUPERVISOR_ACCESS_TOKEN}
mkdir /tmp/riju-work mkdir /tmp/riju-work
pushd /tmp/riju-work pushd /tmp/riju-work
@ -21,7 +23,7 @@ ubuntu_name="$(lsb_release -cs)"
sudo tee -a /etc/apt/sources.list.d/custom.list >/dev/null <<EOF sudo tee -a /etc/apt/sources.list.d/custom.list >/dev/null <<EOF
deb [arch=amd64] https://download.docker.com/linux/ubuntu ${ubuntu_name} stable deb [arch=amd64] https://download.docker.com/linux/ubuntu ${ubuntu_name} stable
EOF EOF
}
sudo -E apt-get update sudo -E apt-get update
sudo -E apt-get install -y certbot docker-ce docker-ce-cli containerd.io unzip whois sudo -E apt-get install -y certbot docker-ce docker-ce-cli containerd.io unzip whois
@ -36,6 +38,9 @@ sudo mv /tmp/riju.service /etc/systemd/system/
sudo sed -Ei 's/^#?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config sudo sed -Ei 's/^#?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -Ei 's/^#?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config sudo sed -Ei 's/^#?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo sed -Ei 's/^#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config sudo sed -Ei 's/^#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config
sudo sed -Ei "s/\$AWS_REGION/${AWS_REGION}/" /etc/systemd/system/riju.service
sudo sed -Ei "s/\$S3_BUCKET/${S3_BUCKET}/" /etc/systemd/system/riju.service
sudo sed -Ei "s/\$SUPERVISOR_ACCESS_TOKEN/${SUPERVISOR_ACCESS_TOKEN}/" /etc/systemd/system/riju.service
sudo passwd -l root sudo passwd -l root
sudo useradd admin -g admin -G sudo -s /usr/bin/bash -p "$(echo "${ADMIN_PASSWORD}" | mkpasswd -s)" -m sudo useradd admin -g admin -G sudo -s /usr/bin/bash -p "$(echo "${ADMIN_PASSWORD}" | mkpasswd -s)" -m

3
packer/riju.service
View File

@ -7,6 +7,9 @@ After=docker.service
Type=exec Type=exec
ExecStart=riju-supervisor ExecStart=riju-supervisor
Restart=always Restart=always
Environment=AWS_REGION=$AWS_REGION
Environment=S3_BUCKET=$S3_BUCKET
Environment=SUPERVISOR_ACCESS_TOKEN=$SUPERVISOR_ACCESS_TOKEN
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

9
tools/packer-build.bash
View File

@ -2,5 +2,12 @@
set -euo pipefail set -euo pipefail
export AWS_REGION="${AWS_REGION:-$(aws configure get region)}"
if [[ -n "${AWS_REGION}" ]]; then
echo >&2 "no default AWS region specified, and AWS_REGION unset"
exit 1
fi
cd packer cd packer
packer build config.json packer build config.pkr.hcl