2023-03-06 19:30:56 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
2023-03-13 17:38:14 +00:00
|
|
|
set -eu
|
2023-03-06 19:30:56 +00:00
|
|
|
cd "$(dirname "$0")"
|
|
|
|
|
2023-03-09 15:51:15 +00:00
|
|
|
VIRTUAL_MACHINE=base
|
2023-03-09 14:53:07 +00:00
|
|
|
LXD_HOSTNAME=
|
|
|
|
|
|
|
|
# grab any modifications from the command line.
|
|
|
|
for i in "$@"; do
|
|
|
|
case $i in
|
|
|
|
--lxd-hostname=*)
|
|
|
|
LXD_HOSTNAME="${i#*=}"
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
--vm=*)
|
|
|
|
VIRTUAL_MACHINE="${i#*=}"
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
echo "Unexpected option: $1"
|
|
|
|
exit 1
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
done
|
2023-03-06 19:30:56 +00:00
|
|
|
|
|
|
|
# generate the custom cloud-init file. Cloud init installs and configures sshd
|
|
|
|
SSH_AUTHORIZED_KEY=$(<"$SSH_PUBKEY_PATH")
|
|
|
|
eval "$(ssh-agent -s)"
|
|
|
|
ssh-add "$SSH_HOME/id_rsa"
|
|
|
|
export SSH_AUTHORIZED_KEY="$SSH_AUTHORIZED_KEY"
|
|
|
|
|
|
|
|
export FILENAME="$LXD_HOSTNAME.yml"
|
|
|
|
mkdir -p "$PROJECT_PATH/cloud-init"
|
|
|
|
YAML_PATH="$PROJECT_PATH/cloud-init/$FILENAME"
|
|
|
|
|
|
|
|
# If we are deploying the www, we attach the vm to the underlay via macvlan.
|
|
|
|
cat > "$YAML_PATH" <<EOF
|
|
|
|
config:
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
2023-03-16 19:48:28 +00:00
|
|
|
if [ "$VIRTUAL_MACHINE" = base ]; then
|
|
|
|
cat >> "$YAML_PATH" <<EOF
|
|
|
|
limits.cpu: 4
|
|
|
|
limits.memory: 4096MB
|
|
|
|
|
|
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
2023-03-06 19:30:56 +00:00
|
|
|
if [ "$VIRTUAL_MACHINE" = www ]; then
|
|
|
|
cat >> "$YAML_PATH" <<EOF
|
|
|
|
limits.cpu: "${WWW_SERVER_CPU_COUNT}"
|
|
|
|
limits.memory: "${WWW_SERVER_MEMORY_MB}MB"
|
|
|
|
|
|
|
|
EOF
|
2023-03-09 15:51:15 +00:00
|
|
|
fi
|
2023-03-06 19:30:56 +00:00
|
|
|
|
2023-03-09 15:51:15 +00:00
|
|
|
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
|
2023-03-06 19:30:56 +00:00
|
|
|
cat >> "$YAML_PATH" <<EOF
|
|
|
|
limits.cpu: "${BTCPAY_SERVER_CPU_COUNT}"
|
|
|
|
limits.memory: "${BTCPAY_SERVER_MEMORY_MB}MB"
|
|
|
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
2023-03-09 15:51:15 +00:00
|
|
|
# if VIRTUAL_MACHINE=base, then we doing the base image.
|
|
|
|
if [ "$VIRTUAL_MACHINE" = base ]; then
|
2023-03-06 19:30:56 +00:00
|
|
|
# this is for the base image only...
|
|
|
|
cat >> "$YAML_PATH" <<EOF
|
|
|
|
user.vendor-data: |
|
|
|
|
#cloud-config
|
|
|
|
package_update: true
|
|
|
|
package_upgrade: false
|
|
|
|
package_reboot_if_required: false
|
|
|
|
|
|
|
|
preserve_hostname: false
|
|
|
|
fqdn: ${BASE_IMAGE_VM_NAME}
|
|
|
|
|
|
|
|
packages:
|
|
|
|
- curl
|
|
|
|
- ssh-askpass
|
|
|
|
- apt-transport-https
|
|
|
|
- ca-certificates
|
|
|
|
- gnupg-agent
|
|
|
|
- software-properties-common
|
|
|
|
- lsb-release
|
|
|
|
- net-tools
|
|
|
|
- htop
|
|
|
|
- rsync
|
|
|
|
- duplicity
|
|
|
|
- sshfs
|
|
|
|
- fswatch
|
|
|
|
- jq
|
|
|
|
- git
|
|
|
|
- nano
|
|
|
|
- wait-for-it
|
|
|
|
- dnsutils
|
|
|
|
- wget
|
|
|
|
|
|
|
|
groups:
|
|
|
|
- docker
|
|
|
|
|
|
|
|
users:
|
|
|
|
- name: ubuntu
|
|
|
|
groups: docker
|
|
|
|
shell: /bin/bash
|
|
|
|
lock_passwd: false
|
|
|
|
sudo: ALL=(ALL) NOPASSWD:ALL
|
|
|
|
ssh_authorized_keys:
|
|
|
|
- ${SSH_AUTHORIZED_KEY}
|
|
|
|
|
2023-03-18 15:07:20 +00:00
|
|
|
EOF
|
|
|
|
|
|
|
|
if [ "$REGISTRY_URL" != "https://index.docker.io/v1" ]; then
|
|
|
|
cat >> "$YAML_PATH" <<EOF
|
|
|
|
write_files:
|
2023-03-06 19:30:56 +00:00
|
|
|
- path: /etc/docker/daemon.json
|
2023-03-18 15:07:20 +00:00
|
|
|
permissions: 0644
|
|
|
|
owner: root
|
2023-03-06 19:30:56 +00:00
|
|
|
content: |
|
2023-03-18 15:07:20 +00:00
|
|
|
{
|
|
|
|
"registry-mirrors": [
|
|
|
|
"${REGISTRY_URL}"
|
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
fi
|
2023-03-06 19:30:56 +00:00
|
|
|
|
2023-03-18 15:07:20 +00:00
|
|
|
|
|
|
|
cat >> "$YAML_PATH" <<EOF
|
2023-03-06 19:30:56 +00:00
|
|
|
runcmd:
|
|
|
|
- sudo mkdir -m 0755 -p /etc/apt/keyrings
|
|
|
|
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
|
|
|
- echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
|
|
|
|
- sudo apt-get update
|
|
|
|
- sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
2023-03-08 22:12:36 +00:00
|
|
|
- sudo DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server
|
2023-03-18 15:07:20 +00:00
|
|
|
- sudo chown -R ubuntu:ubuntu /home/ubuntu/
|
2023-03-06 19:30:56 +00:00
|
|
|
|
|
|
|
EOF
|
|
|
|
|
2023-03-08 22:12:36 +00:00
|
|
|
|
|
|
|
# write_files:
|
|
|
|
# - path: /etc/ssh/sshd_config
|
|
|
|
# content: |
|
|
|
|
# Port 22
|
|
|
|
# ListenAddress 0.0.0.0
|
|
|
|
# Protocol 2
|
|
|
|
# ChallengeResponseAuthentication no
|
|
|
|
# PasswordAuthentication no
|
|
|
|
# UsePAM no
|
|
|
|
# LogLevel INFO
|
|
|
|
|
|
|
|
|
2023-03-06 19:30:56 +00:00
|
|
|
# - path: /etc/docker/daemon.json
|
|
|
|
# content: |
|
|
|
|
# {
|
|
|
|
# "registry-mirrors": "${REGISTRY_URL}",
|
|
|
|
# "labels": "githead=${LATEST_GIT_COMMIT}"
|
|
|
|
# }
|
|
|
|
#"labels": [githead="${LATEST_GIT_COMMIT}"]
|
|
|
|
|
|
|
|
# apt:
|
|
|
|
# sources:
|
|
|
|
# docker.list:
|
|
|
|
# source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu ${LXD_UBUNTU_BASE_VERSION} stable"
|
|
|
|
# keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# - sudo apt-get update
|
|
|
|
#- sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
|
|
|
|
|
|
|
|
else
|
2023-03-09 14:53:07 +00:00
|
|
|
# all other machines that are not the base image
|
2023-03-06 19:30:56 +00:00
|
|
|
cat >> "$YAML_PATH" <<EOF
|
|
|
|
user.vendor-data: |
|
|
|
|
#cloud-config
|
|
|
|
apt_mirror: http://us.archive.ubuntu.com/ubuntu/
|
|
|
|
package_update: false
|
|
|
|
package_upgrade: false
|
|
|
|
package_reboot_if_required: false
|
|
|
|
|
|
|
|
preserve_hostname: true
|
|
|
|
fqdn: ${FQDN}
|
|
|
|
|
|
|
|
user.network-config: |
|
|
|
|
version: 2
|
|
|
|
ethernets:
|
|
|
|
enp5s0:
|
|
|
|
dhcp4: true
|
2023-03-08 22:12:36 +00:00
|
|
|
dhcp4-overrides:
|
|
|
|
route-metric: 50
|
2023-03-06 19:30:56 +00:00
|
|
|
match:
|
|
|
|
macaddress: ${MAC_ADDRESS_TO_PROVISION}
|
|
|
|
set-name: enp5s0
|
|
|
|
|
|
|
|
enp6s0:
|
2023-03-08 22:12:36 +00:00
|
|
|
dhcp4: true
|
2023-03-06 19:30:56 +00:00
|
|
|
|
|
|
|
|
|
|
|
EOF
|
2023-03-08 22:12:36 +00:00
|
|
|
|
2023-03-06 19:30:56 +00:00
|
|
|
fi
|
|
|
|
|
2023-03-09 14:53:07 +00:00
|
|
|
# All profiles get a root disk and cloud-init config.
|
2023-03-06 19:30:56 +00:00
|
|
|
cat >> "$YAML_PATH" <<EOF
|
|
|
|
description: Default LXD profile for ${FILENAME}
|
|
|
|
devices:
|
|
|
|
root:
|
|
|
|
path: /
|
|
|
|
pool: ss-base
|
|
|
|
type: disk
|
|
|
|
config:
|
|
|
|
source: cloud-init:config
|
|
|
|
type: disk
|
|
|
|
EOF
|
|
|
|
|
|
|
|
# Stub out the network piece for the base image.
|
2023-03-09 15:51:15 +00:00
|
|
|
if [ "$VIRTUAL_MACHINE" = base ]; then
|
2023-03-09 14:53:07 +00:00
|
|
|
cat >> "$YAML_PATH" <<EOF
|
2023-03-06 19:30:56 +00:00
|
|
|
enp6s0:
|
|
|
|
name: enp6s0
|
|
|
|
network: lxdbr0
|
|
|
|
type: nic
|
|
|
|
name: ${FILENAME}
|
|
|
|
EOF
|
|
|
|
|
|
|
|
else
|
|
|
|
# If we are deploying a VM that attaches to the network underlay.
|
2023-03-09 14:53:07 +00:00
|
|
|
cat >> "$YAML_PATH" <<EOF
|
2023-03-06 19:30:56 +00:00
|
|
|
enp5s0:
|
|
|
|
nictype: macvlan
|
|
|
|
parent: ${DATA_PLANE_MACVLAN_INTERFACE}
|
|
|
|
type: nic
|
|
|
|
enp6s0:
|
|
|
|
name: enp6s0
|
2023-03-08 22:12:36 +00:00
|
|
|
network: ss-ovn
|
2023-03-06 19:30:56 +00:00
|
|
|
type: nic
|
|
|
|
|
|
|
|
name: ${PRIMARY_DOMAIN}
|
|
|
|
EOF
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
# let's create a profile for the BCM TYPE-1 VMs. This is per VM.
|
|
|
|
if ! lxc profile list --format csv | grep -q "$LXD_HOSTNAME"; then
|
|
|
|
lxc profile create "$LXD_HOSTNAME"
|
|
|
|
fi
|
|
|
|
|
|
|
|
# configure the profile with our generated cloud-init.yml file.
|
|
|
|
cat "$YAML_PATH" | lxc profile edit "$LXD_HOSTNAME"
|