forked from ss/sovereign-stack
Added 'projects' for deployment namespaces.
This commit is contained in:
parent
a1d3ff6465
commit
c95265817f
16
cluster.sh
16
cluster.sh
@ -38,12 +38,8 @@ if [ "$COMMAND" = create ]; then
|
|||||||
# Note: the path above ./ corresponds to your LXD Remote. If your remote is set to 'cluster1'
|
# Note: the path above ./ corresponds to your LXD Remote. If your remote is set to 'cluster1'
|
||||||
# Then $HOME/ss-clusters/cluster1 will be your cluster working path.
|
# Then $HOME/ss-clusters/cluster1 will be your cluster working path.
|
||||||
export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)"
|
export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)"
|
||||||
export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED- see www.sovereign-stack.org/reservations/"
|
|
||||||
|
|
||||||
# This is REQUIRED. A list of all sites in ~/ss-sites/ that will be deployed.
|
export PROJECT_NAME="[public|private1|private2]"
|
||||||
# e.g., 'domain1.tld,domain2.tld,domain3.tld' Add all your domains that will
|
|
||||||
# run within this SS deployment.
|
|
||||||
export SITE_LIST="domain1.tld"
|
|
||||||
|
|
||||||
# only relevant
|
# only relevant
|
||||||
export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000"
|
export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000"
|
||||||
@ -148,7 +144,7 @@ EOL
|
|||||||
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
|
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
|
||||||
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
|
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
|
||||||
|
|
||||||
# if the LXD_CLUSTER_PASSWORD wasnt set, we can generate a random one using gpg.
|
# error out if the cluster password is unset.
|
||||||
if [ -z "$LXD_CLUSTER_PASSWORD" ]; then
|
if [ -z "$LXD_CLUSTER_PASSWORD" ]; then
|
||||||
echo "ERROR: LXD_CLUSTER_PASSWORD must be set in your cluster_definition."
|
echo "ERROR: LXD_CLUSTER_PASSWORD must be set in your cluster_definition."
|
||||||
exit 1
|
exit 1
|
||||||
@ -189,7 +185,7 @@ fi
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# stub out the lxd init file for the remote SSH endpoint.
|
# stub out the lxd init file for the remote SSH endpoint.
|
||||||
CLUSTER_MASTER_LXD_INIT="$CLUSTER_PATH/$CLUSTER_NAME-lxd_profile.yml"
|
CLUSTER_MASTER_LXD_INIT="$CLUSTER_PATH/lxdinit_profile.yml"
|
||||||
cat >"$CLUSTER_MASTER_LXD_INIT" <<EOF
|
cat >"$CLUSTER_MASTER_LXD_INIT" <<EOF
|
||||||
config:
|
config:
|
||||||
core.https_address: ${MGMT_PLANE_IP}:8443
|
core.https_address: ${MGMT_PLANE_IP}:8443
|
||||||
@ -200,10 +196,12 @@ networks:
|
|||||||
- name: lxdbrSS
|
- name: lxdbrSS
|
||||||
type: bridge
|
type: bridge
|
||||||
config:
|
config:
|
||||||
|
ipv4.address: 10.139.144.1/24
|
||||||
ipv4.nat: "false"
|
ipv4.nat: "false"
|
||||||
|
ipv4.dhcp: "false"
|
||||||
ipv6.address: "none"
|
ipv6.address: "none"
|
||||||
dns.mode: "dynamic"
|
dns.mode: "none"
|
||||||
managed: true
|
#managed: true
|
||||||
description: ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-},${DISK_TO_USE:-}
|
description: ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-},${DISK_TO_USE:-}
|
||||||
# lxdbrSS is an isolated bridge; no Internet access.
|
# lxdbrSS is an isolated bridge; no Internet access.
|
||||||
|
|
||||||
|
@ -122,6 +122,7 @@ export WWW_MAC_ADDRESS=
|
|||||||
export BTCPAY_MAC_ADDRESS=
|
export BTCPAY_MAC_ADDRESS=
|
||||||
|
|
||||||
export CLUSTERS_DIR="$HOME/ss-clusters"
|
export CLUSTERS_DIR="$HOME/ss-clusters"
|
||||||
|
export PROJECTS_DIR="$HOME/ss-projects"
|
||||||
export SITES_PATH="$HOME/ss-sites"
|
export SITES_PATH="$HOME/ss-sites"
|
||||||
|
|
||||||
|
|
||||||
|
101
deploy.sh
101
deploy.sh
@ -491,16 +491,6 @@ export NEXTCLOUD_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
|||||||
export GITEA_MYSQL_PASSWORD="$(new_pass)"
|
export GITEA_MYSQL_PASSWORD="$(new_pass)"
|
||||||
export GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
export GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
||||||
|
|
||||||
## BTCPAY SERVER; if true, then a BTCPay server is deployed.
|
|
||||||
export DEPLOY_BTCPAY_SERVER=false
|
|
||||||
export BTCPAYSERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
|
|
||||||
|
|
||||||
# CHAIN to DEPLOY; valid are 'regtest', 'testnet', and 'mainnet'
|
|
||||||
export BTC_CHAIN=regtest
|
|
||||||
|
|
||||||
# set to false to disable nginx caching; helps when making website updates.
|
|
||||||
# export ENABLE_NGINX_CACHING=true
|
|
||||||
|
|
||||||
EOL
|
EOL
|
||||||
|
|
||||||
chmod 0744 "$SITE_DEFINITION_PATH"
|
chmod 0744 "$SITE_DEFINITION_PATH"
|
||||||
@ -512,18 +502,101 @@ EOL
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function stub_project_definition {
|
||||||
|
|
||||||
|
# check to see if the enf file exists. exist if not.
|
||||||
|
PROJECT_DEFINITION_PATH="$PROJECT_PATH/project_definition"
|
||||||
|
if [ ! -f "$PROJECT_DEFINITION_PATH" ]; then
|
||||||
|
|
||||||
|
# stub out a site_definition with new passwords.
|
||||||
|
cat >"$PROJECT_DEFINITION_PATH" <<EOL
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# for more info about this file and how to use it, see
|
||||||
|
# www.sovereign-stack.org/project-defintion
|
||||||
|
|
||||||
|
# Createa a DHCP reservation for the baseline image.
|
||||||
|
export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED"
|
||||||
|
|
||||||
|
# Create a DHCP reservation for the www/reverse proxy VM.
|
||||||
|
export DEPLOY_WWW_SERVER=true
|
||||||
|
export WWW_SERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
|
||||||
|
|
||||||
|
# Create a DHCP reservation for the btcpay server VM.
|
||||||
|
export DEPLOY_BTCPAY_SERVER=false
|
||||||
|
export BTCPAYSERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
|
||||||
|
|
||||||
|
# valid are 'regtest', 'testnet', and 'mainnet'
|
||||||
|
export BTC_CHAIN=regtest
|
||||||
|
|
||||||
|
# set to true to enable nginx caching; helps when making website updates.
|
||||||
|
# export ENABLE_NGINX_CACHING=true
|
||||||
|
|
||||||
|
# A list of all sites in ~/ss-sites/ that will be deployed under the project.
|
||||||
|
# e.g., 'domain1.tld,domain2.tld,domain3.tld'.
|
||||||
|
export SITE_LIST="domain1.tld"
|
||||||
|
|
||||||
|
EOL
|
||||||
|
|
||||||
|
chmod 0744 "$PROJECT_DEFINITION_PATH"
|
||||||
|
echo "INFO: we stubbed a new project_defition for you at '$PROJECT_DEFINITION_PATH'. Go update it yo!"
|
||||||
|
echo "INFO: Learn more at https://www.sovereign-stack.org/project-defition/"
|
||||||
|
exit 1
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# source project defition.
|
||||||
|
source "$PROJECT_DEFINITION_PATH"
|
||||||
|
}
|
||||||
|
|
||||||
# let's iterate over the user-supplied domain list and provision each domain.
|
# let's iterate over the user-supplied domain list and provision each domain.
|
||||||
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||||
# iterate through our site list as provided by operator from cluster_definition
|
|
||||||
for i in ${SITE_LIST//,/ }; do
|
|
||||||
export DOMAIN_NAME="$i"
|
|
||||||
export SITE_PATH=""
|
|
||||||
|
|
||||||
|
CURRENT_PROJECT="$(lxc info | grep "project:" | awk '{print $2}')"
|
||||||
|
PROJECT_PATH="$PROJECTS_DIR/$CURRENT_PROJECT"
|
||||||
|
mkdir -p "$PROJECT_PATH" "$CLUSTER_PATH/projects"
|
||||||
|
export PROJECT_PATH="$PROJECT_PATH"
|
||||||
|
|
||||||
|
# create a symlink from ./clusterpath/projects/project
|
||||||
|
if [ ! -d "$CLUSTER_PATH/projects/$CURRENT_PROJECT" ]; then
|
||||||
|
ln -s "$PROJECT_PATH" "$CLUSTER_PATH/projects/$CURRENT_PROJECT"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# check if we need to provision a new lxc project.
|
||||||
|
if [ "$PROJECT_NAME" != "$CURRENT_PROJECT" ]; then
|
||||||
|
if ! lxc project list | grep -q "$PROJECT_NAME"; then
|
||||||
|
echo "INFO: The lxd project specified in the cluster_definition did not exist. We'll create one!"
|
||||||
|
lxc project create "$PROJECT_NAME"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "INFO: switch to lxd project '$PROJECT_NAME'."
|
||||||
|
lxc project switch "$PROJECT_NAME"
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
stub_project_definition
|
||||||
|
|
||||||
|
# iterate through our site list as provided by operator from cluster_definition
|
||||||
|
iteration=0
|
||||||
|
for DOMAIN_NAME in ${SITE_LIST//,/ }; do
|
||||||
|
export DOMAIN_NAME="$DOMAIN_NAME"
|
||||||
|
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
|
||||||
|
|
||||||
|
# the vms are named accordignt to the first domain listed.
|
||||||
|
if [ $iteration = 0 ]; then
|
||||||
|
# bring the vms up
|
||||||
|
instantiate_vms
|
||||||
|
fi
|
||||||
|
|
||||||
|
# stub out the site_defition if it's doesn't exist.
|
||||||
stub_site_definition
|
stub_site_definition
|
||||||
|
|
||||||
# run the logic for a domain deployment.
|
# run the logic for a domain deployment.
|
||||||
run_domain
|
run_domain
|
||||||
|
|
||||||
|
iteration=$((iteration+1))
|
||||||
done
|
done
|
||||||
|
|
||||||
elif [ "$VPS_HOSTING_TARGET" = aws ]; then
|
elif [ "$VPS_HOSTING_TARGET" = aws ]; then
|
||||||
|
@ -11,8 +11,8 @@ ssh-add "$SSH_HOME/id_rsa"
|
|||||||
export SSH_AUTHORIZED_KEY="$SSH_AUTHORIZED_KEY"
|
export SSH_AUTHORIZED_KEY="$SSH_AUTHORIZED_KEY"
|
||||||
|
|
||||||
export FILENAME="$LXD_HOSTNAME.yml"
|
export FILENAME="$LXD_HOSTNAME.yml"
|
||||||
mkdir -p "$CLUSTER_PATH/cloud-init"
|
mkdir -p "$PROJECT_PATH/cloud-init"
|
||||||
YAML_PATH="$CLUSTER_PATH/cloud-init/$FILENAME"
|
YAML_PATH="$PROJECT_PATH/cloud-init/$FILENAME"
|
||||||
|
|
||||||
# If we are deploying the www, we attach the vm to the underlay via macvlan.
|
# If we are deploying the www, we attach the vm to the underlay via macvlan.
|
||||||
cat > "$YAML_PATH" <<EOF
|
cat > "$YAML_PATH" <<EOF
|
||||||
|
@ -11,9 +11,8 @@ if [ "$DEPLOY_ONION_SITE" = true ]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
# here's the NGINX config. We support ghost and nextcloud.
|
# here's the NGINX config. We support ghost and nextcloud.
|
||||||
NGINX_CONF_PATH="$SITE_PATH/nginx.conf"
|
NGINX_CONF_PATH="$PROJECT_PATH/nginx.conf"
|
||||||
echo "" > "$NGINX_CONF_PATH"
|
echo "" > "$NGINX_CONF_PATH"
|
||||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
events {
|
events {
|
||||||
@ -41,11 +40,11 @@ http {
|
|||||||
'' close;
|
'' close;
|
||||||
}
|
}
|
||||||
|
|
||||||
# this server block returns a 403 for all non-explicit host requests.
|
# return 403 for all non-explicit hostnames
|
||||||
#server {
|
server {
|
||||||
# listen 80 default_server;
|
listen 80 default_server;
|
||||||
# return 403;
|
return 403;
|
||||||
#}
|
}
|
||||||
|
|
||||||
EOL
|
EOL
|
||||||
|
|
||||||
|
@ -64,6 +64,11 @@ if ! < "$HOME/.bashrc" grep -q "ss-cluster"; then
|
|||||||
ADDED_COMMAND=true
|
ADDED_COMMAND=true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if ! < "$HOME/.bashrc" grep -q "ss-projects"; then
|
||||||
|
echo "alias ss-projects='/home/$USER/sovereign-stack/projects.sh \$@'" >> "$HOME/.bashrc"
|
||||||
|
ADDED_COMMAND=true
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$ADDED_COMMAND" = true ]; then
|
if [ "$ADDED_COMMAND" = true ]; then
|
||||||
echo "WARNING! You need to run 'source ~/.bashrc' before continuing."
|
echo "WARNING! You need to run 'source ~/.bashrc' before continuing."
|
||||||
fi
|
fi
|
Loading…
Reference in New Issue
Block a user