Fixups for Packer AMI build
This commit is contained in:
Radon Rosborough
parent
2e6aafbcb3
commit
f521eda40e
|
|
@ -1,5 +1,6 @@
|
||||||
# This file is generated by 'make dockerignore', do not edit.
|
# This file is generated by 'make dockerignore', do not edit.
|
||||||
**/*.log
|
**/*.log
|
||||||
|
**/*.pem
|
||||||
**/.env
|
**/.env
|
||||||
**/.terraform
|
**/.terraform
|
||||||
**/build
|
**/build
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
*.log
|
*.log
|
||||||
|
*.pem
|
||||||
.env
|
.env
|
||||||
.terraform
|
.terraform
|
||||||
build
|
build
|
||||||
|
|
|
||||||
8
Makefile
8
Makefile
|
|
@ -66,7 +66,7 @@ endif
|
||||||
shell:
|
shell:
|
||||||
@: $${I}
|
@: $${I}
|
||||||
ifeq ($(I),admin)
|
ifeq ($(I),admin)
|
||||||
docker run -it --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.aws:/var/riju/.aws -v $(HOME)/.docker:/var/riju/.docker -v $(HOME)/.terraform.d:/var/riju/.terraform.d -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e VOLUME_MOUNT=$(VOLUME_MOUNT) $(SHELL_PORTS) --network host riju:$(I)
|
docker run -it --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.aws:/var/riju/.aws -v $(HOME)/.docker:/var/riju/.docker -v $(HOME)/.ssh:/var/riju/.ssh -v $(HOME)/.terraform.d:/var/riju/.terraform.d -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e VOLUME_MOUNT=$(VOLUME_MOUNT) $(SHELL_PORTS) --network host riju:$(I)
|
||||||
else ifeq ($(I),compile)
|
else ifeq ($(I),compile)
|
||||||
docker run -it --rm --hostname $(I) $(SHELL_PORTS) riju:$(I)
|
docker run -it --rm --hostname $(I) $(SHELL_PORTS) riju:$(I)
|
||||||
else
|
else
|
||||||
|
|
@ -137,8 +137,8 @@ push:
|
||||||
.PHONY: upload
|
.PHONY: upload
|
||||||
upload:
|
upload:
|
||||||
@: $${L} $${T} $${S3_BUCKET_BASE}
|
@: $${L} $${T} $${S3_BUCKET_BASE}
|
||||||
hash=$$(dpkg-deb -f $(BUILD)/$(DEB) Riju-Script-Hash); test $${hash}; aws s3 cp - $(S3_HASH)/$${hash} < /dev/null
|
|
||||||
aws s3 cp $(BUILD)/$(DEB) $(S3_DEB)
|
aws s3 cp $(BUILD)/$(DEB) $(S3_DEB)
|
||||||
|
hash=$$(dpkg-deb -f $(BUILD)/$(DEB) Riju-Script-Hash); test $${hash}; aws s3 cp - $(S3_HASH)/$${hash} < /dev/null
|
||||||
|
|
||||||
### Miscellaneous
|
### Miscellaneous
|
||||||
|
|
||||||
|
|
@ -146,3 +146,7 @@ upload:
|
||||||
dockerignore:
|
dockerignore:
|
||||||
echo "# This file is generated by 'make dockerignore', do not edit." > .dockerignore
|
echo "# This file is generated by 'make dockerignore', do not edit." > .dockerignore
|
||||||
cat .gitignore | sed 's#^#**/#' >> .dockerignore
|
cat .gitignore | sed 's#^#**/#' >> .dockerignore
|
||||||
|
|
||||||
|
.PHONY: env
|
||||||
|
env:
|
||||||
|
exec bash --rcfile <(cat ~/.bashrc - <<< 'PS1="[.env] $$PS1"')
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,7 @@ make
|
||||||
man
|
man
|
||||||
nodejs
|
nodejs
|
||||||
packer
|
packer
|
||||||
|
ssh
|
||||||
sudo
|
sudo
|
||||||
tmux
|
tmux
|
||||||
terraform
|
terraform
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ useradd -u "$(stat -c %u "$PWD")" -g "$(stat -c %g "$PWD")" -o -p '!' -m -N -l -
|
||||||
runuser -u riju -- touch /home/riju/.sudo_as_admin_successful
|
runuser -u riju -- touch /home/riju/.sudo_as_admin_successful
|
||||||
runuser -u riju -- ln -sT /var/riju/.aws /home/riju/.aws
|
runuser -u riju -- ln -sT /var/riju/.aws /home/riju/.aws
|
||||||
runuser -u riju -- ln -sT /var/riju/.docker /home/riju/.docker
|
runuser -u riju -- ln -sT /var/riju/.docker /home/riju/.docker
|
||||||
|
runuser -u riju -- ln -sT /var/riju/.ssh /home/riju/.ssh
|
||||||
runuser -u riju -- ln -sT /var/riju/.terraform.d /home/riju/.terraform.d
|
runuser -u riju -- ln -sT /var/riju/.terraform.d /home/riju/.terraform.d
|
||||||
runuser -u riju -- yarn install
|
runuser -u riju -- yarn install
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,23 +4,27 @@ set -euo pipefail
|
||||||
|
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
|
|
||||||
apt-get update
|
sudo -E apt-get update
|
||||||
apt-get dist-upgrade
|
sudo -E apt-get dist-upgrade -y
|
||||||
|
|
||||||
apt-get install -y curl gnupg lsb-release
|
sudo -E apt-get install -y curl gnupg lsb-release
|
||||||
|
|
||||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo -E apt-key add -
|
||||||
|
|
||||||
ubuntu_name="$(lsb_release -cs)"
|
ubuntu_name="$(lsb_release -cs)"
|
||||||
|
|
||||||
tee -a /etc/apt/sources.list.d/custom.list >/dev/null <<EOF
|
sudo tee -a /etc/apt/sources.list.d/custom.list >/dev/null <<EOF
|
||||||
deb [arch=amd64] https://download.docker.com/linux/ubuntu ${ubuntu_name} stable
|
deb [arch=amd64] https://download.docker.com/linux/ubuntu ${ubuntu_name} stable
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
apt-get update
|
sudo -E apt-get update
|
||||||
apt-get install docker-ce docker-ce-cli containerd.io
|
sudo -E apt-get install -y docker-ce docker-ce-cli containerd.io whois
|
||||||
|
|
||||||
sed -i "s#DOCKER_REPO_REPLACED_BY_PACKER#${DOCKER_REPO}#" /usr/local/bin/riju-deploy
|
sudo sed -i "s#DOCKER_REPO_BASE_REPLACED_BY_PACKER#${DOCKER_REPO_BASE}#" /tmp/riju-deploy
|
||||||
|
|
||||||
|
sudo chown root:root /tmp/riju /tmp/riju-deploy /tmp/riju.service
|
||||||
|
sudo mv /tmp/riju /tmp/riju-deploy /usr/local/bin/
|
||||||
|
sudo mv /tmp/riju.service /etc/systemd/system/
|
||||||
|
|
||||||
for user in admin deploy; do
|
for user in admin deploy; do
|
||||||
if ! grep -vq "PRIVATE KEY" "/tmp/id_${user}.pub"; then
|
if ! grep -vq "PRIVATE KEY" "/tmp/id_${user}.pub"; then
|
||||||
|
|
@ -32,23 +36,25 @@ for user in admin deploy; do
|
||||||
echo "${contents}" > "/tmp/id_${user}.pub"
|
echo "${contents}" > "/tmp/id_${user}.pub"
|
||||||
done
|
done
|
||||||
|
|
||||||
sed -Ei 's/^#?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
|
sudo sed -Ei 's/^#?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||||
sed -Ei 's/^#?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
|
sudo sed -Ei 's/^#?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
|
||||||
sed -Ei 's/^#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config
|
sudo sed -Ei 's/^#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config
|
||||||
|
|
||||||
passwd -l root
|
sudo passwd -l root
|
||||||
useradd admin -g admin -G sudo -s /usr/bin/bash -p "$(echo "${ADMIN_PASSWORD}" | mkpasswd -s)" -m
|
sudo useradd admin -g admin -G sudo -s /usr/bin/bash -p "$(echo "${ADMIN_PASSWORD}" | mkpasswd -s)" -m
|
||||||
useradd deploy -s /usr/bin/bash -p "!"
|
sudo useradd deploy -s /usr/bin/bash -p "!" -m
|
||||||
|
|
||||||
for user in admin deploy; do
|
for user in admin deploy; do
|
||||||
mkdir -p "/home/${user}/.ssh"
|
sudo runuser -u "${user}" -- mkdir -p "/home/${user}/.ssh"
|
||||||
mv "/tmp/id_${user}.pub" "/home/${user}/.ssh/authorized_keys"
|
sudo mv "/tmp/id_${user}.pub" "/home/${user}/.ssh/authorized_keys"
|
||||||
chown -R "${user}:${user}" "/home/${user}/.ssh"
|
sudo chown -R "${user}:${user}" "/home/${user}/.ssh"
|
||||||
chmod -R go-rwx "/home/${user}/.ssh"
|
sudo chmod -R go-rwx "/home/${user}/.ssh"
|
||||||
done
|
done
|
||||||
|
|
||||||
sed -i 's/^/command="sudo riju-deploy",restrict/' /home/deploy/.ssh/authorized_keys
|
sudo runuser -u deploy -- sed -i 's/^/command="sudo riju-deploy",restrict/' /home/deploy/.ssh/authorized_keys
|
||||||
|
|
||||||
cat <<"EOF" > /etc/sudoers.d/riju
|
sudo tee /etc/sudoers.d/riju >/dev/null <<"EOF"
|
||||||
deploy ALL=(root) NOPASSWD: /usr/local/bin/riju-deploy
|
deploy ALL=(root) NOPASSWD: /usr/local/bin/riju-deploy
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
sudo passwd -l ubuntu
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
DOCKER_REPO="${DOCKER_REPO:-DOCKER_REPO_REPLACED_BY_PACKER}"
|
DOCKER_REPO_BASE="${DOCKER_REPO_BASE:-DOCKER_REPO_BASE_REPLACED_BY_PACKER}"
|
||||||
|
|
||||||
if (( $# != 1 )); then
|
if (( $# != 1 )); then
|
||||||
echo "usage: ssh deploy@riju COMMIT-SHA" >&2
|
echo "usage: ssh deploy@riju COMMIT-SHA" >&2
|
||||||
|
|
@ -16,7 +16,7 @@ if [[ "$(echo -n "${commit}" | wc -c)" != 40 ]]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
image="${DOCKER_REPO}:app-${commit}"
|
image="${DOCKER_REPO_BASE}:app-${commit}"
|
||||||
|
|
||||||
echo "Pull image to be deployed..."
|
echo "Pull image to be deployed..."
|
||||||
docker pull "${image}"
|
docker pull "${image}"
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
{
|
{
|
||||||
"variables": {
|
"variables": {
|
||||||
"docker_repo": "{{env `DOCKER_REPO`}}",
|
"docker_repo_base": "{{env `DOCKER_REPO_BASE`}}",
|
||||||
"admin_password": "{{env `ADMIN_PASSWORD`}}",
|
"admin_password": "{{env `ADMIN_PASSWORD`}}",
|
||||||
"admin_ssh_public_key_file": "{{env `ADMIN_SSH_PUBLIC_KEY_FILE`}",
|
"admin_ssh_public_key_file": "{{env `ADMIN_SSH_PUBLIC_KEY_FILE`}}",
|
||||||
"deploy_ssh_public_key_file": "{{env `DEPLOY_SSH_PUBLIC_KEY_FILE`}"
|
"deploy_ssh_public_key_file": "{{env `DEPLOY_SSH_PUBLIC_KEY_FILE`}}"
|
||||||
},
|
},
|
||||||
"builders": [
|
"builders": [
|
||||||
{
|
{
|
||||||
|
|
@ -12,7 +12,7 @@
|
||||||
"filters": {
|
"filters": {
|
||||||
"virtualization-type": "hvm",
|
"virtualization-type": "hvm",
|
||||||
"root-device-type": "ebs",
|
"root-device-type": "ebs",
|
||||||
"name": "ubuntu/images/ubuntu-groovy-20.10-amd64-server-*"
|
"name": "ubuntu/images/hvm-ssd/ubuntu-groovy-20.10-amd64-server-*"
|
||||||
},
|
},
|
||||||
"owners": ["099720109477"],
|
"owners": ["099720109477"],
|
||||||
"most_recent": true
|
"most_recent": true
|
||||||
|
|
@ -27,7 +27,7 @@
|
||||||
"type": "shell",
|
"type": "shell",
|
||||||
"script": "validate.bash",
|
"script": "validate.bash",
|
||||||
"environment_vars": [
|
"environment_vars": [
|
||||||
"DOCKER_REPO={{user `docker_repo`}}",
|
"DOCKER_REPO_BASE={{user `docker_repo_base`}}",
|
||||||
"ADMIN_PASSWORD={{user `admin_password`}}",
|
"ADMIN_PASSWORD={{user `admin_password`}}",
|
||||||
"ADMIN_SSH_PUBLIC_KEY_FILE={{user `admin_ssh_public_key_file`}}",
|
"ADMIN_SSH_PUBLIC_KEY_FILE={{user `admin_ssh_public_key_file`}}",
|
||||||
"DEPLOY_SSH_PUBLIC_KEY_FILE={{user `deploy_ssh_public_key_file`}}"
|
"DEPLOY_SSH_PUBLIC_KEY_FILE={{user `deploy_ssh_public_key_file`}}"
|
||||||
|
|
@ -36,17 +36,17 @@
|
||||||
{
|
{
|
||||||
"type": "file",
|
"type": "file",
|
||||||
"source": "riju",
|
"source": "riju",
|
||||||
"destination": "/usr/local/bin/riju"
|
"destination": "/tmp/riju"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "file",
|
"type": "file",
|
||||||
"source": "riju-deploy",
|
"source": "riju-deploy",
|
||||||
"destination": "/usr/local/bin/riju-deploy"
|
"destination": "/tmp/riju-deploy"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "file",
|
"type": "file",
|
||||||
"source": "riju.service",
|
"source": "riju.service",
|
||||||
"destination": "/etc/systemd/system/riju.service"
|
"destination": "/tmp/riju.service"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "file",
|
"type": "file",
|
||||||
|
|
@ -62,7 +62,7 @@
|
||||||
"type": "shell",
|
"type": "shell",
|
||||||
"script": "provision.bash",
|
"script": "provision.bash",
|
||||||
"environment_vars": [
|
"environment_vars": [
|
||||||
"DOCKER_REPO={{user `docker_repo`}}",
|
"DOCKER_REPO_BASE={{user `docker_repo_base`}}",
|
||||||
"ADMIN_PASSWORD={{user `admin_password`}}"
|
"ADMIN_PASSWORD={{user `admin_password`}}"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
: ${DOCKER_REPO}
|
: ${DOCKER_REPO_BASE}
|
||||||
: ${ADMIN_PASSWORD}
|
: ${ADMIN_PASSWORD}
|
||||||
: ${ADMIN_SSH_PUBLIC_KEY_FILE}
|
: ${ADMIN_SSH_PUBLIC_KEY_FILE}
|
||||||
: ${DEPLOY_SSH_PUBLIC_KEY_FILE}
|
: ${DEPLOY_SSH_PUBLIC_KEY_FILE}
|
||||||
|
|
|
||||||
|
|
@ -47,3 +47,9 @@ resource "aws_ebs_volume" "data" {
|
||||||
size = 100
|
size = 100
|
||||||
tags = local.tags
|
tags = local.tags
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "aws_volume_attachment" "data" {
|
||||||
|
device_name = "/dev/sdh"
|
||||||
|
volume_id = aws_ebs_volume.data.id
|
||||||
|
instance_id = aws_instance.server.id
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue