From a6dcf6c2329cc3ff60411ddeffe98c47cec049f7 Mon Sep 17 00:00:00 2001
From: Derek Smith <derek@farscapian.com>
Date: Wed, 8 Mar 2023 17:12:36 -0500
Subject: [PATCH] Implement initial project support.

---
 create_lxc_base.sh  |  21 ++++----
 deploy.sh           | 113 +++++++++++++++++++++-----------------------
 deploy_vms.sh       |   6 +--
 stub_lxc_profile.sh |  50 ++++++++------------
 wait_for_lxc_ip.sh  |   1 -
 5 files changed, 88 insertions(+), 103 deletions(-)

diff --git a/create_lxc_base.sh b/create_lxc_base.sh
index 9cb4a7a..b76256e 100755
--- a/create_lxc_base.sh
+++ b/create_lxc_base.sh
@@ -10,17 +10,16 @@ if ! lxc image list --format csv --columns l | grep -q "$UBUNTU_BASE_IMAGE_NAME"
     # if the image doesn't exist, download it from Ubuntu's image server
     # TODO see if we can fetch this file from a more censorship-resistant source, e.g., ipfs
     # we don't really need to cache this locally since it gets continually updated upstream.
-    lxc image copy "images:$BASE_LXC_IMAGE" "$CLUSTER_NAME": --alias "$UBUNTU_BASE_IMAGE_NAME" --public --vm --auto-update
+    lxc image copy "images:$BASE_LXC_IMAGE" "$REMOTE_NAME": --alias "$UBUNTU_BASE_IMAGE_NAME" --public --vm --auto-update
 fi
 
 # If the lxc VM does exist, then we will delete it (so we can start fresh) 
-if lxc list -q --format csv | grep -q "$BASE_IMAGE_VM_NAME"; then
+if lxc list --format csv -q | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
     # if there's no snapshot, we dispense with the old image and try again.
-    if ! lxc info "$BASE_IMAGE_VM_NAME" | grep -q "ss-docker-$LXD_UBUNTU_BASE_VERSION"; then
+    if ! lxc info "$BASE_IMAGE_VM_NAME" | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
         lxc delete "$BASE_IMAGE_VM_NAME" --force
         ssh-keygen -f "$SSH_HOME/known_hosts" -R "$BASE_IMAGE_VM_NAME"
     fi
-
 else
     # the base image is ubuntu:22.04.
     lxc init --profile="$BASE_IMAGE_VM_NAME" "$UBUNTU_BASE_IMAGE_NAME" "$BASE_IMAGE_VM_NAME" --vm
@@ -30,15 +29,21 @@ else
 
     lxc start "$BASE_IMAGE_VM_NAME"
 
-    sleep 30
+    sleep 15
+    while lxc exec "$BASE_IMAGE_VM_NAME" -- [ ! -f /var/lib/cloud/instance/boot-finished ]; do
+        sleep 1
+    done
 
     # ensure the ssh service is listening at localhost
-    lxc exec "$BASE_IMAGE_VM_NAME" -- wait-for-it 127.0.0.1:22 -t 120
+    lxc exec "$BASE_IMAGE_VM_NAME" -- wait-for-it -t 100 127.0.0.1:22
 
+    sleep 3
 
     # stop the VM and get a snapshot.
     lxc stop "$BASE_IMAGE_VM_NAME"
-    lxc snapshot "$BASE_IMAGE_VM_NAME" "ss-docker-$LXD_UBUNTU_BASE_VERSION"
+    lxc snapshot "$BASE_IMAGE_VM_NAME" "$UBUNTU_BASE_IMAGE_NAME"
+
 fi
 
-echo "arbitrary change"
\ No newline at end of file
+lxc publish --public "$BASE_IMAGE_VM_NAME/$UBUNTU_BASE_IMAGE_NAME" --project=default --alias="$DOCKER_BASE_IMAGE_NAME"
+
diff --git a/deploy.sh b/deploy.sh
index 54bf2ee..f4da5e9 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -35,6 +35,11 @@ if lxc remote get-default | grep -q "production"; then
 
 fi
 
+# switch to the defult project. We will switch to something more specific later.
+if ! lxc info | grep "project:" | grep -q default; then
+    lxc project switch default
+fi
+
 DOMAIN_NAME=
 RUN_CERT_RENEWAL=true
 SKIP_WWW=false
@@ -47,7 +52,7 @@ RESTORE_BTCPAY=false
 SKIP_BTCPAY=false
 UPDATE_BTCPAY=false
 RECONFIGURE_BTCPAY_SERVER=false
-CLUSTER_NAME="$(lxc remote get-default)"
+REMOTE_NAME="$(lxc remote get-default)"
 STOP_SERVICES=false
 USER_SAYS_YES=false
 RESTART_FRONT_END=true
@@ -146,8 +151,8 @@ export BACKUP_APPS="$BACKUP_APPS"
 export RESTORE_BTCPAY="$RESTORE_BTCPAY"
 export BACKUP_BTCPAY="$BACKUP_BTCPAY"
 export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL"
-export CLUSTER_NAME="$CLUSTER_NAME"
-export CLUSTER_PATH="$CLUSTERS_DIR/$CLUSTER_NAME"
+export REMOTE_NAME="$REMOTE_NAME"
+export REMOTE_PATH="$REMOTES_DIR/$REMOTE_NAME"
 export USER_SAYS_YES="$USER_SAYS_YES"
 export BACKUP_BTCPAY_ARCHIVE_PATH="$BACKUP_BTCPAY_ARCHIVE_PATH"
 export RESTART_FRONT_END="$RESTART_FRONT_END"
@@ -160,19 +165,19 @@ if [ ! -f "$SSH_PUBKEY_PATH" ]; then
     ssh-keygen -f "$SSH_HOME/id_rsa" -t ecdsa -b 521 -N ""
 fi
 
-# ensure our cluster path is created.
-mkdir -p "$CLUSTER_PATH"
+# ensure our remote path is created.
+mkdir -p "$REMOTE_PATH"
 
-CLUSTER_DEFINITION="$CLUSTER_PATH/cluster_definition"
-export CLUSTER_DEFINITION="$CLUSTER_DEFINITION"
+REMOTE_DEFINITION="$REMOTE_PATH/remote_definition"
+export REMOTE_DEFINITION="$REMOTE_DEFINITION"
 
 #########################################
-if [ ! -f "$CLUSTER_DEFINITION" ]; then
-    echo "ERROR: The cluster definition could not be found. You may need to re-run 'ss-cluster'."
+if [ ! -f "$REMOTE_DEFINITION" ]; then
+    echo "ERROR: The remote definition could not be found. You may need to re-run 'ss-remote'."
     exit 1
 fi
 
-source "$CLUSTER_DEFINITION"
+source "$REMOTE_DEFINITION"
 
 # this is our password generation mechanism. Relying on GPG for secure password generation
 function new_pass {
@@ -183,7 +188,7 @@ function new_pass {
 function stub_site_definition {
     mkdir -p "$SITE_PATH" "$PROJECT_PATH/sites"
 
-    # create a symlink from the CLUSTERPATH/sites/DOMAIN_NAME to the ss-sites/domain name
+    # create a symlink from the PROJECT_PATH/sites/DOMAIN_NAME to the ss-sites/domain name
     if [ ! -d "$PROJECT_PATH/sites/$DOMAIN_NAME" ]; then
         ln -s "$SITE_PATH" "$PROJECT_PATH/sites/$DOMAIN_NAME"
     fi
@@ -226,28 +231,15 @@ EOL
 
 PROJECT_NAME="$PROJECT_PREFIX-$BITCOIN_CHAIN"
 PROJECT_PATH="$PROJECTS_DIR/$PROJECT_NAME"
-mkdir -p "$PROJECT_PATH" "$CLUSTER_PATH/projects"
+mkdir -p "$PROJECT_PATH" "$REMOTE_PATH/projects"
 export PROJECT_NAME="$PROJECT_NAME"
 export PROJECT_PATH="$PROJECT_PATH"
 
-# create a symlink from ./clusterpath/projects/project
-if [ ! -d "$CLUSTER_PATH/projects/$PROJECT_NAME" ]; then
-    ln -s "$PROJECT_PATH" "$CLUSTER_PATH/projects/$PROJECT_NAME"
+# create a symlink from ./remotepath/projects/project
+if [ ! -d "$REMOTE_PATH/projects/$PROJECT_NAME" ]; then
+    ln -s "$PROJECT_PATH" "$REMOTE_PATH/projects/$PROJECT_NAME"
 fi
 
-# create the lxc project as specified by PROJECT_NAME
-if ! lxc project list | grep -q "$PROJECT_NAME"; then
-    echo "INFO: The lxd project specified in the cluster_definition did not exist. We'll create one!"
-    lxc project create "$PROJECT_NAME"
-    lxc project set "$PROJECT_NAME" features.networks=true
-fi
-
-# # check if we need to provision a new lxc project.
-# if ! lxc info | grep "project:" | grep -q "$PROJECT_NAME"; then
-#     echo "INFO: switch to lxd project '$PROJECT_NAME'."
-#     lxc project switch "$PROJECT_NAME"
-# fi
-
 # check to see if the enf file exists. exist if not.
 PROJECT_DEFINITION_PATH="$PROJECT_PATH/project_definition"
 if [ ! -f "$PROJECT_DEFINITION_PATH" ]; then
@@ -321,6 +313,27 @@ export RECONFIGURE_BTCPAY_SERVER="$RECONFIGURE_BTCPAY_SERVER"
 # www
 VPS_HOSTNAME=
 
+
+# Goal is to get the macvlan interface.
+LXD_SS_CONFIG_LINE=
+if lxc network list --format csv | grep lxdbr0 | grep -q ss-config; then
+    LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbr0 | grep ss-config)"
+fi
+
+if [ -z "$LXD_SS_CONFIG_LINE" ]; then
+    echo "ERROR: the MACVLAN interface has not been specified. You may need to run ss-remote again."
+    exit 1
+fi
+
+CONFIG_ITEMS="$(echo "$LXD_SS_CONFIG_LINE" | awk -F'"' '{print $2}')"
+DATA_PLANE_MACVLAN_INTERFACE="$(echo "$CONFIG_ITEMS" | cut -d ',' -f2)"
+export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE"
+
+if ! lxc image list --format csv | grep -q "$DOCKER_BASE_IMAGE_NAME"; then
+    # create the lxd base image.
+    ./create_lxc_base.sh
+fi
+
 for VIRTUAL_MACHINE in www btcpayserver; do
     export VIRTUAL_MACHINE="$VIRTUAL_MACHINE"
     FQDN=
@@ -336,39 +349,23 @@ for VIRTUAL_MACHINE in www btcpayserver; do
         exit 1
     fi
 
-    # # switch to the default project
-    # if ! lxc project list --format csv | grep -a "default (current)"; then
-    #     lxc project switch default
-    # fi
-
-    # Goal is to get the macvlan interface.
-    LXD_SS_CONFIG_LINE=
-    if lxc network list --format csv | grep lxdbr0 | grep -q ss-config; then
-        LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbr0 | grep ss-config)"
+    # create the lxc project as specified by PROJECT_NAME
+    if ! lxc project list | grep -q "$PROJECT_NAME"; then
+        lxc project create "$PROJECT_NAME"
+        lxc project set "$PROJECT_NAME" features.networks=true features.images=false
     fi
 
-    if [ -z "$LXD_SS_CONFIG_LINE" ]; then
-        echo "ERROR: the MACVLAN interface has not been specified. You may need to run ss-cluster again."
-        exit 1
+    # Now let's switch to the new project to ensure new resources are created under the project scope.
+    if ! lxc info | grep "project:" | grep -q "$PROJECT_NAME"; then
+        echo "INFO: switch to lxd project '$PROJECT_NAME'."
+        lxc project switch "$PROJECT_NAME"
     fi
 
-    CONFIG_ITEMS="$(echo "$LXD_SS_CONFIG_LINE" | awk -F'"' '{print $2}')"
-    DATA_PLANE_MACVLAN_INTERFACE="$(echo "$CONFIG_ITEMS" | cut -d ',' -f2)"
-    export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE"
-
-
-    # # switch to the default project to ensure the base image is created.
-    # if ! lxc project list --format csv | grep -a "default (current)"; then
-    #     lxc project switch default
-    # fi
-
-    # create the lxd base image.
-    ./create_lxc_base.sh
-
-    # # now switch to the current chain project.
-    # if ! lxc project list --format csv | grep -a "$BITCOIN_CHAIN"; then
-    #     lxc project switch "$BITCOIN_CHAIN"
-    # fi
+    # check if the OVN network exists in this project.
+    if ! lxc network list | grep -q "ss-ovn"; then
+        lxc network create ss-ovn --type=ovn network=lxdbr1 ipv6.address=none
+        # ipv4.nat=false
+    fi
 
     export MAC_ADDRESS_TO_PROVISION=
     export VPS_HOSTNAME="$VPS_HOSTNAME"
@@ -449,5 +446,3 @@ if [ "$SKIP_BTCPAY" = false ]; then
 
     ssh ubuntu@"$BTCPAY_FQDN" "echo $LATEST_GIT_COMMIT > /home/ubuntu/.ss-githead"
 fi
-
-echo "arbitrary change"
diff --git a/deploy_vms.sh b/deploy_vms.sh
index 42d9244..40b2e32 100755
--- a/deploy_vms.sh
+++ b/deploy_vms.sh
@@ -3,7 +3,6 @@
 set -eu
 cd "$(dirname "$0")"
 
-
 ## This is a weird if clause since we need to LEFT-ALIGN the statement below.
 SSH_STRING="Host ${FQDN}"
 if ! grep -q "$SSH_STRING" "$SSH_HOME/config"; then
@@ -33,10 +32,9 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
 
     ./stub_lxc_profile.sh "$LXD_VM_NAME"
 
-    lxc copy --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME"/"ss-docker-$LXD_UBUNTU_BASE_VERSION" "$LXD_VM_NAME"
-
     # now let's create a new VM to work with.
-    #@lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm
+    #lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm
+    lxc init "$DOCKER_BASE_IMAGE_NAME" "$LXD_VM_NAME" --vm --profile="$LXD_VM_NAME"
 
     # let's PIN the HW address for now so we don't exhaust IP
     # and so we can set DNS internally.
diff --git a/stub_lxc_profile.sh b/stub_lxc_profile.sh
index 585244b..e8956c7 100755
--- a/stub_lxc_profile.sh
+++ b/stub_lxc_profile.sh
@@ -42,7 +42,6 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
     cat >> "$YAML_PATH" <<EOF
   user.vendor-data: |
     #cloud-config
-    apt_mirror: http://us.archive.ubuntu.com/ubuntu/
     package_update: true
     package_upgrade: false
     package_reboot_if_required: false
@@ -83,17 +82,6 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
         ssh_authorized_keys:
           - ${SSH_AUTHORIZED_KEY}
 
-    write_files:
-      - path: /etc/ssh/ssh_config
-        content: |
-              Port 22
-              ListenAddress 0.0.0.0
-              Protocol 2
-              ChallengeResponseAuthentication no
-              PasswordAuthentication no
-              UsePAM no
-              LogLevel INFO
-
       - path: /etc/docker/daemon.json
         content: |
               {
@@ -106,10 +94,23 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
       - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
       - sudo apt-get update
       - sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-      - sudo apt-get install -y openssh-server
+      - sudo DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server
 
 EOF
 
+
+    # write_files:
+    #   - path: /etc/ssh/sshd_config
+    #     content: |
+    #           Port 22
+    #           ListenAddress 0.0.0.0
+    #           Protocol 2
+    #           ChallengeResponseAuthentication no
+    #           PasswordAuthentication no
+    #           UsePAM no
+    #           LogLevel INFO
+
+
     #   - path: /etc/docker/daemon.json
     #     content: |
     #           {
@@ -148,31 +149,18 @@ else
     ethernets:
       enp5s0:
         dhcp4: true
+        dhcp4-overrides:
+          route-metric: 50
         match:
           macaddress: ${MAC_ADDRESS_TO_PROVISION}
         set-name: enp5s0
 
       enp6s0:
-        dhcp4: false
-EOF
+        dhcp4: true
 
-    if [[ "$LXD_HOSTNAME" = $WWW_HOSTNAME-* ]]; then
-        cat >> "$YAML_PATH" <<EOF
-        addresses: [10.139.144.5/24]
-        nameservers:
-          addresses: [10.139.144.1]
-          
-EOF
-    fi
-
-    if [[ "$LXD_HOSTNAME" = $BTCPAY_HOSTNAME-* ]]; then
-        cat >> "$YAML_PATH" <<EOF
-        addresses: [10.139.144.10/24]
-        nameservers:
-          addresses: [10.139.144.1]
 
 EOF
-    fi
+
 fi
 
 # If we are deploying the www, we attach the vm to the underlay via macvlan.
@@ -209,7 +197,7 @@ cat >> "$YAML_PATH" <<EOF
     type: nic
   enp6s0:
     name: enp6s0
-    network: lxdbr0
+    network: ss-ovn
     type: nic
 
 name: ${PRIMARY_DOMAIN}
diff --git a/wait_for_lxc_ip.sh b/wait_for_lxc_ip.sh
index 94b2285..4196f59 100755
--- a/wait_for_lxc_ip.sh
+++ b/wait_for_lxc_ip.sh
@@ -36,7 +36,6 @@ while true; do
     if [ -n "$IP_V4_ADDRESS" ]; then
         # give the machine extra time to spin up.
         wait-for-it -t 300 "$IP_V4_ADDRESS:22"
-        echo ""
         break
     else
         sleep 1