ss/project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement initial project support.

Browse Source
This commit is contained in:
Derek Smith 2023-03-08 17:12:36 -05:00
parent d3a1a36de0
commit a6dcf6c232
Signed by: farscapian
GPG Key ID: B443E530A14E1C90
5 changed files with 88 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
create_lxc_base.sh
View File

@ -10,17 +10,16 @@ if ! lxc image list --format csv --columns l | grep -q "$UBUNTU_BASE_IMAGE_NAME"
# if the image doesn't exist, download it from Ubuntu's image server # if the image doesn't exist, download it from Ubuntu's image server
# TODO see if we can fetch this file from a more censorship-resistant source, e.g., ipfs # TODO see if we can fetch this file from a more censorship-resistant source, e.g., ipfs
# we don't really need to cache this locally since it gets continually updated upstream. # we don't really need to cache this locally since it gets continually updated upstream.
lxc image copy "images:$BASE_LXC_IMAGE" "$CLUSTER_NAME": --alias "$UBUNTU_BASE_IMAGE_NAME" --public --vm --auto-update lxc image copy "images:$BASE_LXC_IMAGE" "$REMOTE_NAME": --alias "$UBUNTU_BASE_IMAGE_NAME" --public --vm --auto-update
fi fi
# If the lxc VM does exist, then we will delete it (so we can start fresh) # If the lxc VM does exist, then we will delete it (so we can start fresh)
if lxc list -q --format csv | grep -q "$BASE_IMAGE_VM_NAME"; then if lxc list --format csv -q | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
# if there's no snapshot, we dispense with the old image and try again. # if there's no snapshot, we dispense with the old image and try again.
if ! lxc info "$BASE_IMAGE_VM_NAME" | grep -q "ss-docker-$LXD_UBUNTU_BASE_VERSION"; then if ! lxc info "$BASE_IMAGE_VM_NAME" | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
lxc delete "$BASE_IMAGE_VM_NAME" --force lxc delete "$BASE_IMAGE_VM_NAME" --force
ssh-keygen -f "$SSH_HOME/known_hosts" -R "$BASE_IMAGE_VM_NAME" ssh-keygen -f "$SSH_HOME/known_hosts" -R "$BASE_IMAGE_VM_NAME"
fi fi
else else
# the base image is ubuntu:22.04. # the base image is ubuntu:22.04.
lxc init --profile="$BASE_IMAGE_VM_NAME" "$UBUNTU_BASE_IMAGE_NAME" "$BASE_IMAGE_VM_NAME" --vm lxc init --profile="$BASE_IMAGE_VM_NAME" "$UBUNTU_BASE_IMAGE_NAME" "$BASE_IMAGE_VM_NAME" --vm
@ -30,15 +29,21 @@ else
lxc start "$BASE_IMAGE_VM_NAME" lxc start "$BASE_IMAGE_VM_NAME"
sleep 30 sleep 15
while lxc exec "$BASE_IMAGE_VM_NAME" -- [ ! -f /var/lib/cloud/instance/boot-finished ]; do
sleep 1
done
# ensure the ssh service is listening at localhost # ensure the ssh service is listening at localhost
lxc exec "$BASE_IMAGE_VM_NAME" -- wait-for-it 127.0.0.1:22 -t 120 lxc exec "$BASE_IMAGE_VM_NAME" -- wait-for-it -t 100 127.0.0.1:22
sleep 3
# stop the VM and get a snapshot. # stop the VM and get a snapshot.
lxc stop "$BASE_IMAGE_VM_NAME" lxc stop "$BASE_IMAGE_VM_NAME"
lxc snapshot "$BASE_IMAGE_VM_NAME" "ss-docker-$LXD_UBUNTU_BASE_VERSION" lxc snapshot "$BASE_IMAGE_VM_NAME" "$UBUNTU_BASE_IMAGE_NAME"
fi fi
echo "arbitrary change" lxc publish --public "$BASE_IMAGE_VM_NAME/$UBUNTU_BASE_IMAGE_NAME" --project=default --alias="$DOCKER_BASE_IMAGE_NAME"

113
deploy.sh
View File

@ -35,6 +35,11 @@ if lxc remote get-default | grep -q "production"; then
fi fi
# switch to the defult project. We will switch to something more specific later.
if ! lxc info | grep "project:" | grep -q default; then
lxc project switch default
fi
DOMAIN_NAME= DOMAIN_NAME=
RUN_CERT_RENEWAL=true RUN_CERT_RENEWAL=true
SKIP_WWW=false SKIP_WWW=false
@ -47,7 +52,7 @@ RESTORE_BTCPAY=false
SKIP_BTCPAY=false SKIP_BTCPAY=false
UPDATE_BTCPAY=false UPDATE_BTCPAY=false
RECONFIGURE_BTCPAY_SERVER=false RECONFIGURE_BTCPAY_SERVER=false
CLUSTER_NAME="$(lxc remote get-default)" REMOTE_NAME="$(lxc remote get-default)"
STOP_SERVICES=false STOP_SERVICES=false
USER_SAYS_YES=false USER_SAYS_YES=false
RESTART_FRONT_END=true RESTART_FRONT_END=true
@ -146,8 +151,8 @@ export BACKUP_APPS="$BACKUP_APPS"
export RESTORE_BTCPAY="$RESTORE_BTCPAY" export RESTORE_BTCPAY="$RESTORE_BTCPAY"
export BACKUP_BTCPAY="$BACKUP_BTCPAY" export BACKUP_BTCPAY="$BACKUP_BTCPAY"
export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL" export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL"
export CLUSTER_NAME="$CLUSTER_NAME" export REMOTE_NAME="$REMOTE_NAME"
export CLUSTER_PATH="$CLUSTERS_DIR/$CLUSTER_NAME" export REMOTE_PATH="$REMOTES_DIR/$REMOTE_NAME"
export USER_SAYS_YES="$USER_SAYS_YES" export USER_SAYS_YES="$USER_SAYS_YES"
export BACKUP_BTCPAY_ARCHIVE_PATH="$BACKUP_BTCPAY_ARCHIVE_PATH" export BACKUP_BTCPAY_ARCHIVE_PATH="$BACKUP_BTCPAY_ARCHIVE_PATH"
export RESTART_FRONT_END="$RESTART_FRONT_END" export RESTART_FRONT_END="$RESTART_FRONT_END"
@ -160,19 +165,19 @@ if [ ! -f "$SSH_PUBKEY_PATH" ]; then
ssh-keygen -f "$SSH_HOME/id_rsa" -t ecdsa -b 521 -N "" ssh-keygen -f "$SSH_HOME/id_rsa" -t ecdsa -b 521 -N ""
fi fi
# ensure our cluster path is created. # ensure our remote path is created.
mkdir -p "$CLUSTER_PATH" mkdir -p "$REMOTE_PATH"
CLUSTER_DEFINITION="$CLUSTER_PATH/cluster_definition" REMOTE_DEFINITION="$REMOTE_PATH/remote_definition"
export CLUSTER_DEFINITION="$CLUSTER_DEFINITION" export REMOTE_DEFINITION="$REMOTE_DEFINITION"
######################################### #########################################
if [ ! -f "$CLUSTER_DEFINITION" ]; then if [ ! -f "$REMOTE_DEFINITION" ]; then
echo "ERROR: The cluster definition could not be found. You may need to re-run 'ss-cluster'." echo "ERROR: The remote definition could not be found. You may need to re-run 'ss-remote'."
exit 1 exit 1
fi fi
source "$CLUSTER_DEFINITION" source "$REMOTE_DEFINITION"
# this is our password generation mechanism. Relying on GPG for secure password generation # this is our password generation mechanism. Relying on GPG for secure password generation
function new_pass { function new_pass {
@ -183,7 +188,7 @@ function new_pass {
function stub_site_definition { function stub_site_definition {
mkdir -p "$SITE_PATH" "$PROJECT_PATH/sites" mkdir -p "$SITE_PATH" "$PROJECT_PATH/sites"
# create a symlink from the CLUSTERPATH/sites/DOMAIN_NAME to the ss-sites/domain name # create a symlink from the PROJECT_PATH/sites/DOMAIN_NAME to the ss-sites/domain name
if [ ! -d "$PROJECT_PATH/sites/$DOMAIN_NAME" ]; then if [ ! -d "$PROJECT_PATH/sites/$DOMAIN_NAME" ]; then
ln -s "$SITE_PATH" "$PROJECT_PATH/sites/$DOMAIN_NAME" ln -s "$SITE_PATH" "$PROJECT_PATH/sites/$DOMAIN_NAME"
fi fi
@ -226,28 +231,15 @@ EOL
PROJECT_NAME="$PROJECT_PREFIX-$BITCOIN_CHAIN" PROJECT_NAME="$PROJECT_PREFIX-$BITCOIN_CHAIN"
PROJECT_PATH="$PROJECTS_DIR/$PROJECT_NAME" PROJECT_PATH="$PROJECTS_DIR/$PROJECT_NAME"
mkdir -p "$PROJECT_PATH" "$CLUSTER_PATH/projects" mkdir -p "$PROJECT_PATH" "$REMOTE_PATH/projects"
export PROJECT_NAME="$PROJECT_NAME" export PROJECT_NAME="$PROJECT_NAME"
export PROJECT_PATH="$PROJECT_PATH" export PROJECT_PATH="$PROJECT_PATH"
# create a symlink from ./clusterpath/projects/project # create a symlink from ./remotepath/projects/project
if [ ! -d "$CLUSTER_PATH/projects/$PROJECT_NAME" ]; then if [ ! -d "$REMOTE_PATH/projects/$PROJECT_NAME" ]; then
ln -s "$PROJECT_PATH" "$CLUSTER_PATH/projects/$PROJECT_NAME" ln -s "$PROJECT_PATH" "$REMOTE_PATH/projects/$PROJECT_NAME"
fi fi
# create the lxc project as specified by PROJECT_NAME
if ! lxc project list | grep -q "$PROJECT_NAME"; then
echo "INFO: The lxd project specified in the cluster_definition did not exist. We'll create one!"
lxc project create "$PROJECT_NAME"
lxc project set "$PROJECT_NAME" features.networks=true
fi
# # check if we need to provision a new lxc project.
# if ! lxc info | grep "project:" | grep -q "$PROJECT_NAME"; then
# echo "INFO: switch to lxd project '$PROJECT_NAME'."
# lxc project switch "$PROJECT_NAME"
# fi
# check to see if the enf file exists. exist if not. # check to see if the enf file exists. exist if not.
PROJECT_DEFINITION_PATH="$PROJECT_PATH/project_definition" PROJECT_DEFINITION_PATH="$PROJECT_PATH/project_definition"
if [ ! -f "$PROJECT_DEFINITION_PATH" ]; then if [ ! -f "$PROJECT_DEFINITION_PATH" ]; then
@ -321,6 +313,27 @@ export RECONFIGURE_BTCPAY_SERVER="$RECONFIGURE_BTCPAY_SERVER"
# www # www
VPS_HOSTNAME= VPS_HOSTNAME=
# Goal is to get the macvlan interface.
LXD_SS_CONFIG_LINE=
if lxc network list --format csv | grep lxdbr0 | grep -q ss-config; then
LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbr0 | grep ss-config)"
fi
if [ -z "$LXD_SS_CONFIG_LINE" ]; then
echo "ERROR: the MACVLAN interface has not been specified. You may need to run ss-remote again."
exit 1
fi
CONFIG_ITEMS="$(echo "$LXD_SS_CONFIG_LINE" | awk -F'"' '{print $2}')"
DATA_PLANE_MACVLAN_INTERFACE="$(echo "$CONFIG_ITEMS" | cut -d ',' -f2)"
export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE"
if ! lxc image list --format csv | grep -q "$DOCKER_BASE_IMAGE_NAME"; then
# create the lxd base image.
./create_lxc_base.sh
fi
for VIRTUAL_MACHINE in www btcpayserver; do for VIRTUAL_MACHINE in www btcpayserver; do
export VIRTUAL_MACHINE="$VIRTUAL_MACHINE" export VIRTUAL_MACHINE="$VIRTUAL_MACHINE"
FQDN= FQDN=
@ -336,39 +349,23 @@ for VIRTUAL_MACHINE in www btcpayserver; do
exit 1 exit 1
fi fi
# # switch to the default project # create the lxc project as specified by PROJECT_NAME
# if ! lxc project list --format csv | grep -a "default (current)"; then if ! lxc project list | grep -q "$PROJECT_NAME"; then
# lxc project switch default lxc project create "$PROJECT_NAME"
# fi lxc project set "$PROJECT_NAME" features.networks=true features.images=false
# Goal is to get the macvlan interface.
LXD_SS_CONFIG_LINE=
if lxc network list --format csv | grep lxdbr0 | grep -q ss-config; then
LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbr0 | grep ss-config)"
fi fi
if [ -z "$LXD_SS_CONFIG_LINE" ]; then # Now let's switch to the new project to ensure new resources are created under the project scope.
echo "ERROR: the MACVLAN interface has not been specified. You may need to run ss-cluster again." if ! lxc info | grep "project:" | grep -q "$PROJECT_NAME"; then
exit 1 echo "INFO: switch to lxd project '$PROJECT_NAME'."
lxc project switch "$PROJECT_NAME"
fi fi
CONFIG_ITEMS="$(echo "$LXD_SS_CONFIG_LINE" | awk -F'"' '{print $2}')" # check if the OVN network exists in this project.
DATA_PLANE_MACVLAN_INTERFACE="$(echo "$CONFIG_ITEMS" | cut -d ',' -f2)" if ! lxc network list | grep -q "ss-ovn"; then
export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE" lxc network create ss-ovn --type=ovn network=lxdbr1 ipv6.address=none
# ipv4.nat=false
fi
# # switch to the default project to ensure the base image is created.
# if ! lxc project list --format csv | grep -a "default (current)"; then
# lxc project switch default
# fi
# create the lxd base image.
./create_lxc_base.sh
# # now switch to the current chain project.
# if ! lxc project list --format csv | grep -a "$BITCOIN_CHAIN"; then
# lxc project switch "$BITCOIN_CHAIN"
# fi
export MAC_ADDRESS_TO_PROVISION= export MAC_ADDRESS_TO_PROVISION=
export VPS_HOSTNAME="$VPS_HOSTNAME" export VPS_HOSTNAME="$VPS_HOSTNAME"
@ -449,5 +446,3 @@ if [ "$SKIP_BTCPAY" = false ]; then
ssh ubuntu@"$BTCPAY_FQDN" "echo $LATEST_GIT_COMMIT > /home/ubuntu/.ss-githead" ssh ubuntu@"$BTCPAY_FQDN" "echo $LATEST_GIT_COMMIT > /home/ubuntu/.ss-githead"
fi fi
echo "arbitrary change"

6
deploy_vms.sh
View File

@ -3,7 +3,6 @@
set -eu set -eu
cd "$(dirname "$0")" cd "$(dirname "$0")"
## This is a weird if clause since we need to LEFT-ALIGN the statement below. ## This is a weird if clause since we need to LEFT-ALIGN the statement below.
SSH_STRING="Host ${FQDN}" SSH_STRING="Host ${FQDN}"
if ! grep -q "$SSH_STRING" "$SSH_HOME/config"; then if ! grep -q "$SSH_STRING" "$SSH_HOME/config"; then
@ -33,10 +32,9 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
./stub_lxc_profile.sh "$LXD_VM_NAME" ./stub_lxc_profile.sh "$LXD_VM_NAME"
lxc copy --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME"/"ss-docker-$LXD_UBUNTU_BASE_VERSION" "$LXD_VM_NAME"
# now let's create a new VM to work with. # now let's create a new VM to work with.
#@lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm #lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm
lxc init "$DOCKER_BASE_IMAGE_NAME" "$LXD_VM_NAME" --vm --profile="$LXD_VM_NAME"
# let's PIN the HW address for now so we don't exhaust IP # let's PIN the HW address for now so we don't exhaust IP
# and so we can set DNS internally. # and so we can set DNS internally.

48
stub_lxc_profile.sh
View File

@ -42,7 +42,6 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
cat >> "$YAML_PATH" <<EOF cat >> "$YAML_PATH" <<EOF
user.vendor-data: | user.vendor-data: |
#cloud-config #cloud-config
apt_mirror: http://us.archive.ubuntu.com/ubuntu/
package_update: true package_update: true
package_upgrade: false package_upgrade: false
package_reboot_if_required: false package_reboot_if_required: false
@ -83,17 +82,6 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
ssh_authorized_keys: ssh_authorized_keys:
- ${SSH_AUTHORIZED_KEY} - ${SSH_AUTHORIZED_KEY}
write_files:
- path: /etc/ssh/ssh_config
content: |
Port 22
ListenAddress 0.0.0.0
Protocol 2
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
LogLevel INFO
- path: /etc/docker/daemon.json - path: /etc/docker/daemon.json
content: | content: |
{ {
@ -106,10 +94,23 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
- echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
- sudo apt-get update - sudo apt-get update
- sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin - sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
- sudo apt-get install -y openssh-server - sudo DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server
EOF EOF
# write_files:
# - path: /etc/ssh/sshd_config
# content: |
# Port 22
# ListenAddress 0.0.0.0
# Protocol 2
# ChallengeResponseAuthentication no
# PasswordAuthentication no
# UsePAM no
# LogLevel INFO
# - path: /etc/docker/daemon.json # - path: /etc/docker/daemon.json
# content: | # content: |
# { # {
@ -148,31 +149,18 @@ else
ethernets: ethernets:
enp5s0: enp5s0:
dhcp4: true dhcp4: true
dhcp4-overrides:
route-metric: 50
match: match:
macaddress: ${MAC_ADDRESS_TO_PROVISION} macaddress: ${MAC_ADDRESS_TO_PROVISION}
set-name: enp5s0 set-name: enp5s0
enp6s0: enp6s0:
dhcp4: false dhcp4: true
EOF
if [[ "$LXD_HOSTNAME" = $WWW_HOSTNAME-* ]]; then
cat >> "$YAML_PATH" <<EOF
addresses: [10.139.144.5/24]
nameservers:
addresses: [10.139.144.1]
EOF EOF
fi
if [[ "$LXD_HOSTNAME" = $BTCPAY_HOSTNAME-* ]]; then
cat >> "$YAML_PATH" <<EOF
addresses: [10.139.144.10/24]
nameservers:
addresses: [10.139.144.1]
EOF
fi
fi fi
# If we are deploying the www, we attach the vm to the underlay via macvlan. # If we are deploying the www, we attach the vm to the underlay via macvlan.
@ -209,7 +197,7 @@ cat >> "$YAML_PATH" <<EOF
type: nic type: nic
enp6s0: enp6s0:
name: enp6s0 name: enp6s0
network: lxdbr0 network: ss-ovn
type: nic type: nic
name: ${PRIMARY_DOMAIN} name: ${PRIMARY_DOMAIN}

1
wait_for_lxc_ip.sh
View File

@ -36,7 +36,6 @@ while true; do
if [ -n "$IP_V4_ADDRESS" ]; then if [ -n "$IP_V4_ADDRESS" ]; then
# give the machine extra time to spin up. # give the machine extra time to spin up.
wait-for-it -t 300 "$IP_V4_ADDRESS:22" wait-for-it -t 300 "$IP_V4_ADDRESS:22"
echo ""
break break
else else
sleep 1 sleep 1