forked from ss/sovereign-stack
Added 'projects' for deployment namespaces.
This commit is contained in:
parent
a1d3ff6465
commit
c95265817f
16
cluster.sh
16
cluster.sh
@ -38,12 +38,8 @@ if [ "$COMMAND" = create ]; then
|
||||
# Note: the path above ./ corresponds to your LXD Remote. If your remote is set to 'cluster1'
|
||||
# Then $HOME/ss-clusters/cluster1 will be your cluster working path.
|
||||
export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)"
|
||||
export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED- see www.sovereign-stack.org/reservations/"
|
||||
|
||||
# This is REQUIRED. A list of all sites in ~/ss-sites/ that will be deployed.
|
||||
# e.g., 'domain1.tld,domain2.tld,domain3.tld' Add all your domains that will
|
||||
# run within this SS deployment.
|
||||
export SITE_LIST="domain1.tld"
|
||||
export PROJECT_NAME="[public|private1|private2]"
|
||||
|
||||
# only relevant
|
||||
export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000"
|
||||
@ -148,7 +144,7 @@ EOL
|
||||
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
|
||||
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
|
||||
|
||||
# if the LXD_CLUSTER_PASSWORD wasnt set, we can generate a random one using gpg.
|
||||
# error out if the cluster password is unset.
|
||||
if [ -z "$LXD_CLUSTER_PASSWORD" ]; then
|
||||
echo "ERROR: LXD_CLUSTER_PASSWORD must be set in your cluster_definition."
|
||||
exit 1
|
||||
@ -189,7 +185,7 @@ fi
|
||||
fi
|
||||
|
||||
# stub out the lxd init file for the remote SSH endpoint.
|
||||
CLUSTER_MASTER_LXD_INIT="$CLUSTER_PATH/$CLUSTER_NAME-lxd_profile.yml"
|
||||
CLUSTER_MASTER_LXD_INIT="$CLUSTER_PATH/lxdinit_profile.yml"
|
||||
cat >"$CLUSTER_MASTER_LXD_INIT" <<EOF
|
||||
config:
|
||||
core.https_address: ${MGMT_PLANE_IP}:8443
|
||||
@ -200,10 +196,12 @@ networks:
|
||||
- name: lxdbrSS
|
||||
type: bridge
|
||||
config:
|
||||
ipv4.address: 10.139.144.1/24
|
||||
ipv4.nat: "false"
|
||||
ipv4.dhcp: "false"
|
||||
ipv6.address: "none"
|
||||
dns.mode: "dynamic"
|
||||
managed: true
|
||||
dns.mode: "none"
|
||||
#managed: true
|
||||
description: ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-},${DISK_TO_USE:-}
|
||||
# lxdbrSS is an isolated bridge; no Internet access.
|
||||
|
||||
|
@ -122,6 +122,7 @@ export WWW_MAC_ADDRESS=
|
||||
export BTCPAY_MAC_ADDRESS=
|
||||
|
||||
export CLUSTERS_DIR="$HOME/ss-clusters"
|
||||
export PROJECTS_DIR="$HOME/ss-projects"
|
||||
export SITES_PATH="$HOME/ss-sites"
|
||||
|
||||
|
||||
|
101
deploy.sh
101
deploy.sh
@ -491,16 +491,6 @@ export NEXTCLOUD_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
||||
export GITEA_MYSQL_PASSWORD="$(new_pass)"
|
||||
export GITEA_MYSQL_ROOT_PASSWORD="$(new_pass)"
|
||||
|
||||
## BTCPAY SERVER; if true, then a BTCPay server is deployed.
|
||||
export DEPLOY_BTCPAY_SERVER=false
|
||||
export BTCPAYSERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
|
||||
|
||||
# CHAIN to DEPLOY; valid are 'regtest', 'testnet', and 'mainnet'
|
||||
export BTC_CHAIN=regtest
|
||||
|
||||
# set to false to disable nginx caching; helps when making website updates.
|
||||
# export ENABLE_NGINX_CACHING=true
|
||||
|
||||
EOL
|
||||
|
||||
chmod 0744 "$SITE_DEFINITION_PATH"
|
||||
@ -512,18 +502,101 @@ EOL
|
||||
|
||||
}
|
||||
|
||||
|
||||
function stub_project_definition {
|
||||
|
||||
# check to see if the enf file exists. exist if not.
|
||||
PROJECT_DEFINITION_PATH="$PROJECT_PATH/project_definition"
|
||||
if [ ! -f "$PROJECT_DEFINITION_PATH" ]; then
|
||||
|
||||
# stub out a site_definition with new passwords.
|
||||
cat >"$PROJECT_DEFINITION_PATH" <<EOL
|
||||
#!/bin/bash
|
||||
|
||||
# for more info about this file and how to use it, see
|
||||
# www.sovereign-stack.org/project-defintion
|
||||
|
||||
# Createa a DHCP reservation for the baseline image.
|
||||
export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED"
|
||||
|
||||
# Create a DHCP reservation for the www/reverse proxy VM.
|
||||
export DEPLOY_WWW_SERVER=true
|
||||
export WWW_SERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
|
||||
|
||||
# Create a DHCP reservation for the btcpay server VM.
|
||||
export DEPLOY_BTCPAY_SERVER=false
|
||||
export BTCPAYSERVER_MAC_ADDRESS="CHANGE_ME_REQUIRED"
|
||||
|
||||
# valid are 'regtest', 'testnet', and 'mainnet'
|
||||
export BTC_CHAIN=regtest
|
||||
|
||||
# set to true to enable nginx caching; helps when making website updates.
|
||||
# export ENABLE_NGINX_CACHING=true
|
||||
|
||||
# A list of all sites in ~/ss-sites/ that will be deployed under the project.
|
||||
# e.g., 'domain1.tld,domain2.tld,domain3.tld'.
|
||||
export SITE_LIST="domain1.tld"
|
||||
|
||||
EOL
|
||||
|
||||
chmod 0744 "$PROJECT_DEFINITION_PATH"
|
||||
echo "INFO: we stubbed a new project_defition for you at '$PROJECT_DEFINITION_PATH'. Go update it yo!"
|
||||
echo "INFO: Learn more at https://www.sovereign-stack.org/project-defition/"
|
||||
exit 1
|
||||
|
||||
fi
|
||||
|
||||
|
||||
# source project defition.
|
||||
source "$PROJECT_DEFINITION_PATH"
|
||||
}
|
||||
|
||||
# let's iterate over the user-supplied domain list and provision each domain.
|
||||
if [ "$VPS_HOSTING_TARGET" = lxd ]; then
|
||||
# iterate through our site list as provided by operator from cluster_definition
|
||||
for i in ${SITE_LIST//,/ }; do
|
||||
export DOMAIN_NAME="$i"
|
||||
export SITE_PATH=""
|
||||
|
||||
CURRENT_PROJECT="$(lxc info | grep "project:" | awk '{print $2}')"
|
||||
PROJECT_PATH="$PROJECTS_DIR/$CURRENT_PROJECT"
|
||||
mkdir -p "$PROJECT_PATH" "$CLUSTER_PATH/projects"
|
||||
export PROJECT_PATH="$PROJECT_PATH"
|
||||
|
||||
# create a symlink from ./clusterpath/projects/project
|
||||
if [ ! -d "$CLUSTER_PATH/projects/$CURRENT_PROJECT" ]; then
|
||||
ln -s "$PROJECT_PATH" "$CLUSTER_PATH/projects/$CURRENT_PROJECT"
|
||||
fi
|
||||
|
||||
# check if we need to provision a new lxc project.
|
||||
if [ "$PROJECT_NAME" != "$CURRENT_PROJECT" ]; then
|
||||
if ! lxc project list | grep -q "$PROJECT_NAME"; then
|
||||
echo "INFO: The lxd project specified in the cluster_definition did not exist. We'll create one!"
|
||||
lxc project create "$PROJECT_NAME"
|
||||
fi
|
||||
|
||||
echo "INFO: switch to lxd project '$PROJECT_NAME'."
|
||||
lxc project switch "$PROJECT_NAME"
|
||||
|
||||
fi
|
||||
|
||||
stub_project_definition
|
||||
|
||||
# iterate through our site list as provided by operator from cluster_definition
|
||||
iteration=0
|
||||
for DOMAIN_NAME in ${SITE_LIST//,/ }; do
|
||||
export DOMAIN_NAME="$DOMAIN_NAME"
|
||||
export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
|
||||
|
||||
# the vms are named accordignt to the first domain listed.
|
||||
if [ $iteration = 0 ]; then
|
||||
# bring the vms up
|
||||
instantiate_vms
|
||||
fi
|
||||
|
||||
# stub out the site_defition if it's doesn't exist.
|
||||
stub_site_definition
|
||||
|
||||
# run the logic for a domain deployment.
|
||||
run_domain
|
||||
|
||||
iteration=$((iteration+1))
|
||||
done
|
||||
|
||||
elif [ "$VPS_HOSTING_TARGET" = aws ]; then
|
||||
|
@ -11,8 +11,8 @@ ssh-add "$SSH_HOME/id_rsa"
|
||||
export SSH_AUTHORIZED_KEY="$SSH_AUTHORIZED_KEY"
|
||||
|
||||
export FILENAME="$LXD_HOSTNAME.yml"
|
||||
mkdir -p "$CLUSTER_PATH/cloud-init"
|
||||
YAML_PATH="$CLUSTER_PATH/cloud-init/$FILENAME"
|
||||
mkdir -p "$PROJECT_PATH/cloud-init"
|
||||
YAML_PATH="$PROJECT_PATH/cloud-init/$FILENAME"
|
||||
|
||||
# If we are deploying the www, we attach the vm to the underlay via macvlan.
|
||||
cat > "$YAML_PATH" <<EOF
|
||||
|
@ -11,9 +11,8 @@ if [ "$DEPLOY_ONION_SITE" = true ]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
# here's the NGINX config. We support ghost and nextcloud.
|
||||
NGINX_CONF_PATH="$SITE_PATH/nginx.conf"
|
||||
NGINX_CONF_PATH="$PROJECT_PATH/nginx.conf"
|
||||
echo "" > "$NGINX_CONF_PATH"
|
||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
events {
|
||||
@ -41,11 +40,11 @@ http {
|
||||
'' close;
|
||||
}
|
||||
|
||||
# this server block returns a 403 for all non-explicit host requests.
|
||||
#server {
|
||||
# listen 80 default_server;
|
||||
# return 403;
|
||||
#}
|
||||
# return 403 for all non-explicit hostnames
|
||||
server {
|
||||
listen 80 default_server;
|
||||
return 403;
|
||||
}
|
||||
|
||||
EOL
|
||||
|
||||
|
@ -64,6 +64,11 @@ if ! < "$HOME/.bashrc" grep -q "ss-cluster"; then
|
||||
ADDED_COMMAND=true
|
||||
fi
|
||||
|
||||
if ! < "$HOME/.bashrc" grep -q "ss-projects"; then
|
||||
echo "alias ss-projects='/home/$USER/sovereign-stack/projects.sh \$@'" >> "$HOME/.bashrc"
|
||||
ADDED_COMMAND=true
|
||||
fi
|
||||
|
||||
if [ "$ADDED_COMMAND" = true ]; then
|
||||
echo "WARNING! You need to run 'source ~/.bashrc' before continuing."
|
||||
fi
|
Loading…
Reference in New Issue
Block a user