Fixups for Packer AMI build
This commit is contained in:
Radon Rosborough
parent
2e6aafbcb3
commit
f521eda40e
|
|
@ -1,5 +1,6 @@
|
|||
# This file is generated by 'make dockerignore', do not edit.
|
||||
**/*.log
|
||||
**/*.pem
|
||||
**/.env
|
||||
**/.terraform
|
||||
**/build
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
*.log
|
||||
*.pem
|
||||
.env
|
||||
.terraform
|
||||
build
|
||||
|
|
|
|||
8
Makefile
8
Makefile
|
|
@ -66,7 +66,7 @@ endif
|
|||
shell:
|
||||
@: $${I}
|
||||
ifeq ($(I),admin)
|
||||
docker run -it --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.aws:/var/riju/.aws -v $(HOME)/.docker:/var/riju/.docker -v $(HOME)/.terraform.d:/var/riju/.terraform.d -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e VOLUME_MOUNT=$(VOLUME_MOUNT) $(SHELL_PORTS) --network host riju:$(I)
|
||||
docker run -it --rm --hostname $(I) -v $(VOLUME_MOUNT):/src -v /var/run/docker.sock:/var/run/docker.sock -v $(HOME)/.aws:/var/riju/.aws -v $(HOME)/.docker:/var/riju/.docker -v $(HOME)/.ssh:/var/riju/.ssh -v $(HOME)/.terraform.d:/var/riju/.terraform.d -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e VOLUME_MOUNT=$(VOLUME_MOUNT) $(SHELL_PORTS) --network host riju:$(I)
|
||||
else ifeq ($(I),compile)
|
||||
docker run -it --rm --hostname $(I) $(SHELL_PORTS) riju:$(I)
|
||||
else
|
||||
|
|
@ -137,8 +137,8 @@ push:
|
|||
.PHONY: upload
|
||||
upload:
|
||||
@: $${L} $${T} $${S3_BUCKET_BASE}
|
||||
hash=$$(dpkg-deb -f $(BUILD)/$(DEB) Riju-Script-Hash); test $${hash}; aws s3 cp - $(S3_HASH)/$${hash} < /dev/null
|
||||
aws s3 cp $(BUILD)/$(DEB) $(S3_DEB)
|
||||
hash=$$(dpkg-deb -f $(BUILD)/$(DEB) Riju-Script-Hash); test $${hash}; aws s3 cp - $(S3_HASH)/$${hash} < /dev/null
|
||||
|
||||
### Miscellaneous
|
||||
|
||||
|
|
@ -146,3 +146,7 @@ upload:
|
|||
dockerignore:
|
||||
echo "# This file is generated by 'make dockerignore', do not edit." > .dockerignore
|
||||
cat .gitignore | sed 's#^#**/#' >> .dockerignore
|
||||
|
||||
.PHONY: env
|
||||
env:
|
||||
exec bash --rcfile <(cat ~/.bashrc - <<< 'PS1="[.env] $$PS1"')
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ make
|
|||
man
|
||||
nodejs
|
||||
packer
|
||||
ssh
|
||||
sudo
|
||||
tmux
|
||||
terraform
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ useradd -u "$(stat -c %u "$PWD")" -g "$(stat -c %g "$PWD")" -o -p '!' -m -N -l -
|
|||
runuser -u riju -- touch /home/riju/.sudo_as_admin_successful
|
||||
runuser -u riju -- ln -sT /var/riju/.aws /home/riju/.aws
|
||||
runuser -u riju -- ln -sT /var/riju/.docker /home/riju/.docker
|
||||
runuser -u riju -- ln -sT /var/riju/.ssh /home/riju/.ssh
|
||||
runuser -u riju -- ln -sT /var/riju/.terraform.d /home/riju/.terraform.d
|
||||
runuser -u riju -- yarn install
|
||||
|
||||
|
|
|
|||
|
|
@ -4,23 +4,27 @@ set -euo pipefail
|
|||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
apt-get update
|
||||
apt-get dist-upgrade
|
||||
sudo -E apt-get update
|
||||
sudo -E apt-get dist-upgrade -y
|
||||
|
||||
apt-get install -y curl gnupg lsb-release
|
||||
sudo -E apt-get install -y curl gnupg lsb-release
|
||||
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo -E apt-key add -
|
||||
|
||||
ubuntu_name="$(lsb_release -cs)"
|
||||
|
||||
tee -a /etc/apt/sources.list.d/custom.list >/dev/null <<EOF
|
||||
sudo tee -a /etc/apt/sources.list.d/custom.list >/dev/null <<EOF
|
||||
deb [arch=amd64] https://download.docker.com/linux/ubuntu ${ubuntu_name} stable
|
||||
EOF
|
||||
|
||||
apt-get update
|
||||
apt-get install docker-ce docker-ce-cli containerd.io
|
||||
sudo -E apt-get update
|
||||
sudo -E apt-get install -y docker-ce docker-ce-cli containerd.io whois
|
||||
|
||||
sed -i "s#DOCKER_REPO_REPLACED_BY_PACKER#${DOCKER_REPO}#" /usr/local/bin/riju-deploy
|
||||
sudo sed -i "s#DOCKER_REPO_BASE_REPLACED_BY_PACKER#${DOCKER_REPO_BASE}#" /tmp/riju-deploy
|
||||
|
||||
sudo chown root:root /tmp/riju /tmp/riju-deploy /tmp/riju.service
|
||||
sudo mv /tmp/riju /tmp/riju-deploy /usr/local/bin/
|
||||
sudo mv /tmp/riju.service /etc/systemd/system/
|
||||
|
||||
for user in admin deploy; do
|
||||
if ! grep -vq "PRIVATE KEY" "/tmp/id_${user}.pub"; then
|
||||
|
|
@ -32,23 +36,25 @@ for user in admin deploy; do
|
|||
echo "${contents}" > "/tmp/id_${user}.pub"
|
||||
done
|
||||
|
||||
sed -Ei 's/^#?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||
sed -Ei 's/^#?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
|
||||
sed -Ei 's/^#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config
|
||||
sudo sed -Ei 's/^#?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||
sudo sed -Ei 's/^#?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
|
||||
sudo sed -Ei 's/^#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config
|
||||
|
||||
passwd -l root
|
||||
useradd admin -g admin -G sudo -s /usr/bin/bash -p "$(echo "${ADMIN_PASSWORD}" | mkpasswd -s)" -m
|
||||
useradd deploy -s /usr/bin/bash -p "!"
|
||||
sudo passwd -l root
|
||||
sudo useradd admin -g admin -G sudo -s /usr/bin/bash -p "$(echo "${ADMIN_PASSWORD}" | mkpasswd -s)" -m
|
||||
sudo useradd deploy -s /usr/bin/bash -p "!" -m
|
||||
|
||||
for user in admin deploy; do
|
||||
mkdir -p "/home/${user}/.ssh"
|
||||
mv "/tmp/id_${user}.pub" "/home/${user}/.ssh/authorized_keys"
|
||||
chown -R "${user}:${user}" "/home/${user}/.ssh"
|
||||
chmod -R go-rwx "/home/${user}/.ssh"
|
||||
sudo runuser -u "${user}" -- mkdir -p "/home/${user}/.ssh"
|
||||
sudo mv "/tmp/id_${user}.pub" "/home/${user}/.ssh/authorized_keys"
|
||||
sudo chown -R "${user}:${user}" "/home/${user}/.ssh"
|
||||
sudo chmod -R go-rwx "/home/${user}/.ssh"
|
||||
done
|
||||
|
||||
sed -i 's/^/command="sudo riju-deploy",restrict/' /home/deploy/.ssh/authorized_keys
|
||||
sudo runuser -u deploy -- sed -i 's/^/command="sudo riju-deploy",restrict/' /home/deploy/.ssh/authorized_keys
|
||||
|
||||
cat <<"EOF" > /etc/sudoers.d/riju
|
||||
sudo tee /etc/sudoers.d/riju >/dev/null <<"EOF"
|
||||
deploy ALL=(root) NOPASSWD: /usr/local/bin/riju-deploy
|
||||
EOF
|
||||
|
||||
sudo passwd -l ubuntu
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
set -euo pipefail
|
||||
|
||||
DOCKER_REPO="${DOCKER_REPO:-DOCKER_REPO_REPLACED_BY_PACKER}"
|
||||
DOCKER_REPO_BASE="${DOCKER_REPO_BASE:-DOCKER_REPO_BASE_REPLACED_BY_PACKER}"
|
||||
|
||||
if (( $# != 1 )); then
|
||||
echo "usage: ssh deploy@riju COMMIT-SHA" >&2
|
||||
|
|
@ -16,7 +16,7 @@ if [[ "$(echo -n "${commit}" | wc -c)" != 40 ]]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
image="${DOCKER_REPO}:app-${commit}"
|
||||
image="${DOCKER_REPO_BASE}:app-${commit}"
|
||||
|
||||
echo "Pull image to be deployed..."
|
||||
docker pull "${image}"
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"variables": {
|
||||
"docker_repo": "{{env `DOCKER_REPO`}}",
|
||||
"docker_repo_base": "{{env `DOCKER_REPO_BASE`}}",
|
||||
"admin_password": "{{env `ADMIN_PASSWORD`}}",
|
||||
"admin_ssh_public_key_file": "{{env `ADMIN_SSH_PUBLIC_KEY_FILE`}",
|
||||
"deploy_ssh_public_key_file": "{{env `DEPLOY_SSH_PUBLIC_KEY_FILE`}"
|
||||
"admin_ssh_public_key_file": "{{env `ADMIN_SSH_PUBLIC_KEY_FILE`}}",
|
||||
"deploy_ssh_public_key_file": "{{env `DEPLOY_SSH_PUBLIC_KEY_FILE`}}"
|
||||
},
|
||||
"builders": [
|
||||
{
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
"filters": {
|
||||
"virtualization-type": "hvm",
|
||||
"root-device-type": "ebs",
|
||||
"name": "ubuntu/images/ubuntu-groovy-20.10-amd64-server-*"
|
||||
"name": "ubuntu/images/hvm-ssd/ubuntu-groovy-20.10-amd64-server-*"
|
||||
},
|
||||
"owners": ["099720109477"],
|
||||
"most_recent": true
|
||||
|
|
@ -27,7 +27,7 @@
|
|||
"type": "shell",
|
||||
"script": "validate.bash",
|
||||
"environment_vars": [
|
||||
"DOCKER_REPO={{user `docker_repo`}}",
|
||||
"DOCKER_REPO_BASE={{user `docker_repo_base`}}",
|
||||
"ADMIN_PASSWORD={{user `admin_password`}}",
|
||||
"ADMIN_SSH_PUBLIC_KEY_FILE={{user `admin_ssh_public_key_file`}}",
|
||||
"DEPLOY_SSH_PUBLIC_KEY_FILE={{user `deploy_ssh_public_key_file`}}"
|
||||
|
|
@ -36,17 +36,17 @@
|
|||
{
|
||||
"type": "file",
|
||||
"source": "riju",
|
||||
"destination": "/usr/local/bin/riju"
|
||||
"destination": "/tmp/riju"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "riju-deploy",
|
||||
"destination": "/usr/local/bin/riju-deploy"
|
||||
"destination": "/tmp/riju-deploy"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
"source": "riju.service",
|
||||
"destination": "/etc/systemd/system/riju.service"
|
||||
"destination": "/tmp/riju.service"
|
||||
},
|
||||
{
|
||||
"type": "file",
|
||||
|
|
@ -62,7 +62,7 @@
|
|||
"type": "shell",
|
||||
"script": "provision.bash",
|
||||
"environment_vars": [
|
||||
"DOCKER_REPO={{user `docker_repo`}}",
|
||||
"DOCKER_REPO_BASE={{user `docker_repo_base`}}",
|
||||
"ADMIN_PASSWORD={{user `admin_password`}}"
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
set -euo pipefail
|
||||
|
||||
: ${DOCKER_REPO}
|
||||
: ${DOCKER_REPO_BASE}
|
||||
: ${ADMIN_PASSWORD}
|
||||
: ${ADMIN_SSH_PUBLIC_KEY_FILE}
|
||||
: ${DEPLOY_SSH_PUBLIC_KEY_FILE}
|
||||
|
|
|
|||
|
|
@ -47,3 +47,9 @@ resource "aws_ebs_volume" "data" {
|
|||
size = 100
|
||||
tags = local.tags
|
||||
}
|
||||
|
||||
resource "aws_volume_attachment" "data" {
|
||||
device_name = "/dev/sdh"
|
||||
volume_id = aws_ebs_volume.data.id
|
||||
instance_id = aws_instance.server.id
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue