ss/project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Wire up storage volumes.

Browse Source
This commit is contained in:
Derek Smith 2023-04-04 10:52:09 -04:00
parent ea78a2b734
commit 68b786aaa2
Signed by: farscapian
GPG Key ID: B443E530A14E1C90
6 changed files with 93 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
btcpayserver/restore.sh
View File

@ -7,9 +7,9 @@ if [ -f "$BACKUP_BTCPAY_ARCHIVE_PATH" ]; then
# push the restoration archive to the remote server # push the restoration archive to the remote server
echo "INFO: Restoring BTCPAY Server: $BACKUP_BTCPAY_ARCHIVE_PATH" echo "INFO: Restoring BTCPAY Server: $BACKUP_BTCPAY_ARCHIVE_PATH"
REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/btcpayserver" BTCPAY_REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH/btcpayserver"
ssh "$FQDN" mkdir -p "$REMOTE_BACKUP_PATH" ssh "$FQDN" mkdir -p "$BTCPAY_REMOTE_BACKUP_PATH"
REMOTE_BTCPAY_ARCHIVE_PATH="$REMOTE_BACKUP_PATH/btcpay.tar.gz" REMOTE_BTCPAY_ARCHIVE_PATH="$BTCPAY_REMOTE_BACKUP_PATH/btcpay.tar.gz"
scp "$BACKUP_BTCPAY_ARCHIVE_PATH" "$FQDN:$REMOTE_BTCPAY_ARCHIVE_PATH" scp "$BACKUP_BTCPAY_ARCHIVE_PATH" "$FQDN:$REMOTE_BTCPAY_ARCHIVE_PATH"
# push the modified restore script to the remote directory, set permissions, and execute. # push the modified restore script to the remote directory, set permissions, and execute.

12
deploy.sh
View File

@ -252,6 +252,7 @@ PRIMARY_DOMAIN="domain0.tld"
# OTHER_SITES_LIST="domain1.tld,domain2.tld,domain3.tld" # OTHER_SITES_LIST="domain1.tld,domain2.tld,domain3.tld"
WWW_SERVER_MAC_ADDRESS= WWW_SERVER_MAC_ADDRESS=
# WWW_SSDATA_DISK_SIZE_GB=100
# WWW_SERVER_CPU_COUNT="6" # WWW_SERVER_CPU_COUNT="6"
# WWW_SERVER_MEMORY_MB="4096" # WWW_SERVER_MEMORY_MB="4096"
@ -374,31 +375,26 @@ for VIRTUAL_MACHINE in www btcpayserver; do
FQDN="$WWW_HOSTNAME.$DOMAIN_NAME" FQDN="$WWW_HOSTNAME.$DOMAIN_NAME"
VPS_HOSTNAME="$WWW_HOSTNAME" VPS_HOSTNAME="$WWW_HOSTNAME"
MAC_ADDRESS_TO_PROVISION="$WWW_SERVER_MAC_ADDRESS" MAC_ADDRESS_TO_PROVISION="$WWW_SERVER_MAC_ADDRESS"
ROOT_DISK_SIZE_GB="$((ROOT_DISK_SIZE_GB + NEXTCLOUD_SPACE_GB))"
elif [ "$VIRTUAL_MACHINE" = btcpayserver ] || [ "$SKIP_BTCPAY" = true ]; then elif [ "$VIRTUAL_MACHINE" = btcpayserver ] || [ "$SKIP_BTCPAY" = true ]; then
FQDN="$BTCPAY_HOSTNAME.$DOMAIN_NAME" FQDN="$BTCPAY_HOSTNAME.$DOMAIN_NAME"
VPS_HOSTNAME="$BTCPAY_HOSTNAME" VPS_HOSTNAME="$BTCPAY_HOSTNAME"
MAC_ADDRESS_TO_PROVISION="$BTCPAYSERVER_MAC_ADDRESS" MAC_ADDRESS_TO_PROVISION="$BTCPAYSERVER_MAC_ADDRESS"
if [ "$BITCOIN_CHAIN" = mainnet ]; then
ROOT_DISK_SIZE_GB=150
elif [ "$BITCOIN_CHAIN" = testnet ]; then
ROOT_DISK_SIZE_GB=70
fi
elif [ "$VIRTUAL_MACHINE" = "$BASE_IMAGE_VM_NAME" ]; then elif [ "$VIRTUAL_MACHINE" = "$BASE_IMAGE_VM_NAME" ]; then
export FQDN="$BASE_IMAGE_VM_NAME" export FQDN="$BASE_IMAGE_VM_NAME"
ROOT_DISK_SIZE_GB=8
else else
echo "ERROR: VIRTUAL_MACHINE not within allowable bounds." echo "ERROR: VIRTUAL_MACHINE not within allowable bounds."
exit exit
fi fi
export FQDN="$FQDN" export FQDN="$FQDN"
export LXD_VM_NAME="${FQDN//./-}" export LXD_VM_NAME="${FQDN//./-}"
export MAC_ADDRESS_TO_PROVISION="$MAC_ADDRESS_TO_PROVISION" export MAC_ADDRESS_TO_PROVISION="$MAC_ADDRESS_TO_PROVISION"
export PROJECT_PATH="$PROJECT_PATH" export PROJECT_PATH="$PROJECT_PATH"
export ROOT_DISK_SIZE_GB="$ROOT_DISK_SIZE_GB"
./deploy_vm.sh ./deploy_vm.sh

62
deploy_vm.sh
View File

@ -30,20 +30,51 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
exit 1 exit 1
fi fi
# create the docker volume # TODO ensure we are only GROWING the volume--never shrinking per zfs volume docs.
VM_ID=w VM_ID=
BACKUP_DISK_SIZE_GB=
SSDATA_DISK_SIZE_GB=
DOCKER_DISK_SIZE_GB=
if [ "$VIRTUAL_MACHINE" = www ]; then
VM_ID="w"
BACKUP_DISK_SIZE_GB="$WWW_BACKUP_DISK_SIZE_GB"
SSDATA_DISK_SIZE_GB="$WWW_SSDATA_DISK_SIZE_GB"
DOCKER_DISK_SIZE_GB="$WWW_DOCKER_DISK_SIZE_GB"
fi
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
VM_ID="b" VM_ID="b"
BACKUP_DISK_SIZE_GB="$BTCPAYSERVER_BACKUP_DISK_SIZE_GB"
SSDATA_DISK_SIZE_GB="$BTCPAYSERVER_SSDATA_DISK_SIZE_GB"
DOCKER_DISK_SIZE_GB="$BTCPAYSERVER_DOCKER_DISK_SIZE_GB"
fi fi
DOCKER_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""d" DOCKER_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""d"
export DOCKER_VOLUME_NAME="$DOCKER_VOLUME_NAME"
if ! lxc storage volume list ss-base | grep -q "$DOCKER_VOLUME_NAME"; then if ! lxc storage volume list ss-base | grep -q "$DOCKER_VOLUME_NAME"; then
lxc storage volume create ss-base "$DOCKER_VOLUME_NAME" --type=filesystem lxc storage volume create ss-base "$DOCKER_VOLUME_NAME" --type=block
lxc storage volume set ss-base "$DOCKER_VOLUME_NAME" size="${ROOT_DISK_SIZE_GB}GB"
fi fi
bash -c "./stub_lxc_profile.sh --vm=$VIRTUAL_MACHINE --lxd-hostname=$LXD_VM_NAME --docker-volume-name=$DOCKER_VOLUME_NAME" # TODO ensure we are only GROWING the volume--never shrinking
lxc storage volume set ss-base "$DOCKER_VOLUME_NAME" size="${DOCKER_DISK_SIZE_GB}GB"
SSDATA_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""s"
if ! lxc storage volume list ss-base | grep -q "$SSDATA_VOLUME_NAME"; then
lxc storage volume create ss-base "$SSDATA_VOLUME_NAME" --type=filesystem
fi
# TODO ensure we are only GROWING the volume--never shrinking per zfs volume docs.
lxc storage volume set ss-base "$SSDATA_VOLUME_NAME" size="${SSDATA_DISK_SIZE_GB}GB"
BACKUP_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""b"
if ! lxc storage volume list ss-base | grep -q "$BACKUP_VOLUME_NAME"; then
lxc storage volume create ss-base "$BACKUP_VOLUME_NAME" --type=filesystem
fi
lxc storage volume set ss-base "$BACKUP_VOLUME_NAME" size="${BACKUP_DISK_SIZE_GB}GB"
bash -c "./stub_lxc_profile.sh --vm=$VIRTUAL_MACHINE --lxd-hostname=$LXD_VM_NAME --ss-volume-name=$SSDATA_VOLUME_NAME --backup-volume-name=$BACKUP_VOLUME_NAME"
# now let's create a new VM to work with. # now let's create a new VM to work with.
#lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm #lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm
@ -52,17 +83,9 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
# let's PIN the HW address for now so we don't exhaust IP # let's PIN the HW address for now so we don't exhaust IP
# and so we can set DNS internally. # and so we can set DNS internally.
lxc config set "$LXD_VM_NAME" "volatile.enp5s0.hwaddr=$MAC_ADDRESS_TO_PROVISION" lxc config set "$LXD_VM_NAME" "volatile.enp5s0.hwaddr=$MAC_ADDRESS_TO_PROVISION"
#lxc config device override "$LXD_VM_NAME" root size="${ROOT_DISK_SIZE_GB}GB"
#lxc storage volume attach ss-base "$DOCKER_VOLUME_NAME" "$LXD_VM_NAME" # attack the docker block device.
lxc storage volume attach ss-base "$DOCKER_VOLUME_NAME" "$LXD_VM_NAME"
# HOME_VOLUME_NAME="$PRIMARY_DOMAIN_IDENTIFIER-$VM_ID""h"
# if ! lxc storage volume list ss-base | grep -q "$HOME_VOLUME_NAME"; then
# lxc storage volume create ss-base "$HOME_VOLUME_NAME" --type=block
# lxc storage volume set ss-base "$HOME_VOLUME_NAME" size="${ROOT_DISK_SIZE_GB}GB"
# fi
#lxc storage volume attach ss-base "$HOME_VOLUME_NAME" "$LXD_VM_NAME"
# if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then # if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
# # attach any volumes # # attach any volumes
@ -82,11 +105,8 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
# scan the remote machine and install it's identity in our SSH known_hosts file. # scan the remote machine and install it's identity in our SSH known_hosts file.
ssh-keyscan -H -t ecdsa "$FQDN" >> "$SSH_HOME/known_hosts" ssh-keyscan -H -t ecdsa "$FQDN" >> "$SSH_HOME/known_hosts"
ssh "$FQDN" "sudo chown ubuntu:ubuntu $REMOTE_DATA_PATH"
# create a directory to store backup archives. This is on all new vms. ssh "$FQDN" "sudo chown -R ubuntu:ubuntu $REMOTE_BACKUP_PATH"
ssh "$FQDN" "mkdir -p $REMOTE_HOME/backups"
ssh "$FQDN" "sudo chown -R ubuntu:ubuntu $REMOTE_DATA_PATH"
if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
# send an updated ~/.bashrc so we have quicker access to cli tools # send an updated ~/.bashrc so we have quicker access to cli tools

49
stub_lxc_profile.sh
View File

@ -5,7 +5,8 @@ cd "$(dirname "$0")"
VIRTUAL_MACHINE=base VIRTUAL_MACHINE=base
LXD_HOSTNAME= LXD_HOSTNAME=
DOCKER_VOLUME_NAME= SSDATA_VOLUME_NAME=
BACKUP_VOLUME_NAME=
# grab any modifications from the command line. # grab any modifications from the command line.
for i in "$@"; do for i in "$@"; do
@ -18,8 +19,12 @@ for i in "$@"; do
VIRTUAL_MACHINE="${i#*=}" VIRTUAL_MACHINE="${i#*=}"
shift shift
;; ;;
--docker-volume-name=*) --ss-volume-name=*)
DOCKER_VOLUME_NAME="${i#*=}" SSDATA_VOLUME_NAME="${i#*=}"
shift
;;
--backup-volume-name=*)
BACKUP_VOLUME_NAME="${i#*=}"
shift shift
;; ;;
*) *)
@ -136,7 +141,9 @@ EOF
fi fi
fi
if [ "$VIRTUAL_MACHINE" = base ]; then
cat >> "$YAML_PATH" <<EOF cat >> "$YAML_PATH" <<EOF
runcmd: runcmd:
- sudo mkdir -m 0755 -p /etc/apt/keyrings - sudo mkdir -m 0755 -p /etc/apt/keyrings
@ -146,11 +153,11 @@ EOF
- sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin - sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
- sudo DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server - sudo DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server
EOF EOF
fi
else if [ "$VIRTUAL_MACHINE" != base ]; then
# all other machines that are not the base image # all other machines that are not the base image
cat >> "$YAML_PATH" <<EOF cat >> "$YAML_PATH" <<EOF
user.vendor-data: | user.vendor-data: |
@ -163,6 +170,30 @@ else
preserve_hostname: true preserve_hostname: true
fqdn: ${FQDN} fqdn: ${FQDN}
resize_rootfs: false
disk_setup:
/dev/sdb:
table_type: 'gpt'
layout: true
overwrite: false
fs_setup:
- label: docker-data
filesystem: 'ext4'
device: '/dev/sdb1'
overwrite: false
mounts:
- [ sdb, /var/lib/docker ]
mount_default_fields: [ None, None, "auto", "defaults,nofail", "0", "2" ]
EOF
fi
if [ "$VIRTUAL_MACHINE" != base ]; then
cat >> "$YAML_PATH" <<EOF
user.network-config: | user.network-config: |
version: 2 version: 2
ethernets: ethernets:
@ -177,7 +208,6 @@ else
enp6s0: enp6s0:
dhcp4: true dhcp4: true
EOF EOF
fi fi
@ -200,7 +230,12 @@ if [ "$VIRTUAL_MACHINE" != base ]; then
ss-data: ss-data:
path: ${REMOTE_DATA_PATH} path: ${REMOTE_DATA_PATH}
pool: ss-base pool: ss-base
source: ${DOCKER_VOLUME_NAME} source: ${SSDATA_VOLUME_NAME}
type: disk
ss-backup:
path: ${REMOTE_BACKUP_PATH}
pool: ss-base
source: ${BACKUP_VOLUME_NAME}
type: disk type: disk
EOF EOF
fi fi

4
www/generate_certs.sh
View File

@ -18,7 +18,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
# with the lxd side, we are trying to expose ALL OUR services from one IP address, which terminates # with the lxd side, we are trying to expose ALL OUR services from one IP address, which terminates
# at a cachehing reverse proxy that runs nginx. # at a cachehing reverse proxy that runs nginx.
ssh "$PRIMARY_WWW_FQDN" sudo mkdir -p "$REMOTE_DATA_PATH/letsencrypt/$DOMAIN_NAME/_logs" ssh "$PRIMARY_WWW_FQDN" sudo mkdir -p "$REMOTE_DATA_PATH_LETSENCRYPT/$DOMAIN_NAME/_logs"
# this is minimum required; www and btcpay. # this is minimum required; www and btcpay.
DOMAIN_STRING="-d $DOMAIN_NAME -d $WWW_FQDN -d $BTCPAY_USER_FQDN" DOMAIN_STRING="-d $DOMAIN_NAME -d $WWW_FQDN -d $BTCPAY_USER_FQDN"
@ -38,7 +38,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
done done
fi fi
GENERATE_CERT_STRING="docker run -it --rm --name certbot -p 80:80 -p 443:443 -v $REMOTE_DATA_PATH/letsencrypt/$DOMAIN_NAME:/etc/letsencrypt -v /var/lib/letsencrypt:/var/lib/letsencrypt -v $REMOTE_DATA_PATH/letsencrypt/$DOMAIN_NAME/_logs:/var/log/letsencrypt certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand ${DOMAIN_STRING} --email $CERTIFICATE_EMAIL_ADDRESS" GENERATE_CERT_STRING="docker run -it --rm --name certbot -p 80:80 -p 443:443 -v $REMOTE_DATA_PATH_LETSENCRYPT/$DOMAIN_NAME:/etc/letsencrypt -v /var/lib/letsencrypt:/var/lib/letsencrypt -v $REMOTE_DATA_PATH_LETSENCRYPT/$DOMAIN_NAME/_logs:/var/log/letsencrypt certbot/certbot certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand ${DOMAIN_STRING} --email $CERTIFICATE_EMAIL_ADDRESS"
# execute the certbot command that we dynamically generated. # execute the certbot command that we dynamically generated.
eval "$GENERATE_CERT_STRING" eval "$GENERATE_CERT_STRING"

2
www/stop_docker_stacks.sh
View File

@ -26,7 +26,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
# these variable are used by both backup/restore scripts. # these variable are used by both backup/restore scripts.
export APP="$APP" export APP="$APP"
export REMOTE_BACKUP_PATH="$REMOTE_HOME/backups/www/$APP/$DOMAIN_IDENTIFIER-$LANGUAGE_CODE" export REMOTE_BACKUP_PATH="$REMOTE_BACKUP_PATH/www/$APP/$DOMAIN_IDENTIFIER-$LANGUAGE_CODE"
export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_DATA_PATH/$APP/$DOMAIN_NAME" export REMOTE_SOURCE_BACKUP_PATH="$REMOTE_DATA_PATH/$APP/$DOMAIN_NAME"
# ensure our local backup path exists so we can pull down the duplicity archive to the management machine. # ensure our local backup path exists so we can pull down the duplicity archive to the management machine.