Implement initial project support.

2023-03-08 17:12:36 -05:00 · 2023-03-08 17:12:36 -05:00 · a6dcf6c232
commit a6dcf6c232
parent d3a1a36de0
5 changed files with 88 additions and 103 deletions
--- a/create_lxc_base.sh
+++ b/create_lxc_base.sh
@ -10,17 +10,16 @@ if ! lxc image list --format csv --columns l | grep -q "$UBUNTU_BASE_IMAGE_NAME"
    # if the image doesn't exist, download it from Ubuntu's image server
    # TODO see if we can fetch this file from a more censorship-resistant source, e.g., ipfs
    # we don't really need to cache this locally since it gets continually updated upstream.
-    lxc image copy "images:$BASE_LXC_IMAGE" "$CLUSTER_NAME": --alias "$UBUNTU_BASE_IMAGE_NAME" --public --vm --auto-update
+    lxc image copy "images:$BASE_LXC_IMAGE" "$REMOTE_NAME": --alias "$UBUNTU_BASE_IMAGE_NAME" --public --vm --auto-update
 fi

 # If the lxc VM does exist, then we will delete it (so we can start fresh) 
-if lxc list -q --format csv | grep -q "$BASE_IMAGE_VM_NAME"; then
+if lxc list --format csv -q | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
    # if there's no snapshot, we dispense with the old image and try again.
-    if ! lxc info "$BASE_IMAGE_VM_NAME" | grep -q "ss-docker-$LXD_UBUNTU_BASE_VERSION"; then
+    if ! lxc info "$BASE_IMAGE_VM_NAME" | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
        lxc delete "$BASE_IMAGE_VM_NAME" --force
        ssh-keygen -f "$SSH_HOME/known_hosts" -R "$BASE_IMAGE_VM_NAME"
    fi
-
 else
    # the base image is ubuntu:22.04.
    lxc init --profile="$BASE_IMAGE_VM_NAME" "$UBUNTU_BASE_IMAGE_NAME" "$BASE_IMAGE_VM_NAME" --vm
@ -30,15 +29,21 @@ else

    lxc start "$BASE_IMAGE_VM_NAME"

-    sleep 30
+    sleep 15
+    while lxc exec "$BASE_IMAGE_VM_NAME" -- [ ! -f /var/lib/cloud/instance/boot-finished ]; do
+        sleep 1
+    done

    # ensure the ssh service is listening at localhost
-    lxc exec "$BASE_IMAGE_VM_NAME" -- wait-for-it 127.0.0.1:22 -t 120
+    lxc exec "$BASE_IMAGE_VM_NAME" -- wait-for-it -t 100 127.0.0.1:22

+    sleep 3

    # stop the VM and get a snapshot.
    lxc stop "$BASE_IMAGE_VM_NAME"
-    lxc snapshot "$BASE_IMAGE_VM_NAME" "ss-docker-$LXD_UBUNTU_BASE_VERSION"
+    lxc snapshot "$BASE_IMAGE_VM_NAME" "$UBUNTU_BASE_IMAGE_NAME"
+
 fi

-echo "arbitrary change"
+lxc publish --public "$BASE_IMAGE_VM_NAME/$UBUNTU_BASE_IMAGE_NAME" --project=default --alias="$DOCKER_BASE_IMAGE_NAME"
+
--- a/deploy.sh
+++ b/deploy.sh
@ -35,6 +35,11 @@ if lxc remote get-default | grep -q "production"; then

 fi

+# switch to the defult project. We will switch to something more specific later.
+if ! lxc info | grep "project:" | grep -q default; then
+    lxc project switch default
+fi
+
 DOMAIN_NAME=
 RUN_CERT_RENEWAL=true
 SKIP_WWW=false
@ -47,7 +52,7 @@ RESTORE_BTCPAY=false
 SKIP_BTCPAY=false
 UPDATE_BTCPAY=false
 RECONFIGURE_BTCPAY_SERVER=false
-CLUSTER_NAME="$(lxc remote get-default)"
+REMOTE_NAME="$(lxc remote get-default)"
 STOP_SERVICES=false
 USER_SAYS_YES=false
 RESTART_FRONT_END=true
@ -146,8 +151,8 @@ export BACKUP_APPS="$BACKUP_APPS"
 export RESTORE_BTCPAY="$RESTORE_BTCPAY"
 export BACKUP_BTCPAY="$BACKUP_BTCPAY"
 export RUN_CERT_RENEWAL="$RUN_CERT_RENEWAL"
-export CLUSTER_NAME="$CLUSTER_NAME"
-export CLUSTER_PATH="$CLUSTERS_DIR/$CLUSTER_NAME"
+export REMOTE_NAME="$REMOTE_NAME"
+export REMOTE_PATH="$REMOTES_DIR/$REMOTE_NAME"
 export USER_SAYS_YES="$USER_SAYS_YES"
 export BACKUP_BTCPAY_ARCHIVE_PATH="$BACKUP_BTCPAY_ARCHIVE_PATH"
 export RESTART_FRONT_END="$RESTART_FRONT_END"
@ -160,19 +165,19 @@ if [ ! -f "$SSH_PUBKEY_PATH" ]; then
    ssh-keygen -f "$SSH_HOME/id_rsa" -t ecdsa -b 521 -N ""
 fi

-# ensure our cluster path is created.
-mkdir -p "$CLUSTER_PATH"
+# ensure our remote path is created.
+mkdir -p "$REMOTE_PATH"

-CLUSTER_DEFINITION="$CLUSTER_PATH/cluster_definition"
-export CLUSTER_DEFINITION="$CLUSTER_DEFINITION"
+REMOTE_DEFINITION="$REMOTE_PATH/remote_definition"
+export REMOTE_DEFINITION="$REMOTE_DEFINITION"

 #########################################
-if [ ! -f "$CLUSTER_DEFINITION" ]; then
-    echo "ERROR: The cluster definition could not be found. You may need to re-run 'ss-cluster'."
+if [ ! -f "$REMOTE_DEFINITION" ]; then
+    echo "ERROR: The remote definition could not be found. You may need to re-run 'ss-remote'."
    exit 1
 fi

-source "$CLUSTER_DEFINITION"
+source "$REMOTE_DEFINITION"

 # this is our password generation mechanism. Relying on GPG for secure password generation
 function new_pass {
@ -183,7 +188,7 @@ function new_pass {
 function stub_site_definition {
    mkdir -p "$SITE_PATH" "$PROJECT_PATH/sites"

-    # create a symlink from the CLUSTERPATH/sites/DOMAIN_NAME to the ss-sites/domain name
+    # create a symlink from the PROJECT_PATH/sites/DOMAIN_NAME to the ss-sites/domain name
    if [ ! -d "$PROJECT_PATH/sites/$DOMAIN_NAME" ]; then
        ln -s "$SITE_PATH" "$PROJECT_PATH/sites/$DOMAIN_NAME"
    fi
@ -226,28 +231,15 @@ EOL

 PROJECT_NAME="$PROJECT_PREFIX-$BITCOIN_CHAIN"
 PROJECT_PATH="$PROJECTS_DIR/$PROJECT_NAME"
-mkdir -p "$PROJECT_PATH" "$CLUSTER_PATH/projects"
+mkdir -p "$PROJECT_PATH" "$REMOTE_PATH/projects"
 export PROJECT_NAME="$PROJECT_NAME"
 export PROJECT_PATH="$PROJECT_PATH"

-# create a symlink from ./clusterpath/projects/project
-if [ ! -d "$CLUSTER_PATH/projects/$PROJECT_NAME" ]; then
-    ln -s "$PROJECT_PATH" "$CLUSTER_PATH/projects/$PROJECT_NAME"
+# create a symlink from ./remotepath/projects/project
+if [ ! -d "$REMOTE_PATH/projects/$PROJECT_NAME" ]; then
+    ln -s "$PROJECT_PATH" "$REMOTE_PATH/projects/$PROJECT_NAME"
 fi

-# create the lxc project as specified by PROJECT_NAME
-if ! lxc project list | grep -q "$PROJECT_NAME"; then
-    echo "INFO: The lxd project specified in the cluster_definition did not exist. We'll create one!"
-    lxc project create "$PROJECT_NAME"
-    lxc project set "$PROJECT_NAME" features.networks=true
-fi
-
-# # check if we need to provision a new lxc project.
-# if ! lxc info | grep "project:" | grep -q "$PROJECT_NAME"; then
-#     echo "INFO: switch to lxd project '$PROJECT_NAME'."
-#     lxc project switch "$PROJECT_NAME"
-# fi
-
 # check to see if the enf file exists. exist if not.
 PROJECT_DEFINITION_PATH="$PROJECT_PATH/project_definition"
 if [ ! -f "$PROJECT_DEFINITION_PATH" ]; then
@ -321,6 +313,27 @@ export RECONFIGURE_BTCPAY_SERVER="$RECONFIGURE_BTCPAY_SERVER"
 # www
 VPS_HOSTNAME=

+
+# Goal is to get the macvlan interface.
+LXD_SS_CONFIG_LINE=
+if lxc network list --format csv | grep lxdbr0 | grep -q ss-config; then
+    LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbr0 | grep ss-config)"
+fi
+
+if [ -z "$LXD_SS_CONFIG_LINE" ]; then
+    echo "ERROR: the MACVLAN interface has not been specified. You may need to run ss-remote again."
+    exit 1
+fi
+
+CONFIG_ITEMS="$(echo "$LXD_SS_CONFIG_LINE" | awk -F'"' '{print $2}')"
+DATA_PLANE_MACVLAN_INTERFACE="$(echo "$CONFIG_ITEMS" | cut -d ',' -f2)"
+export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE"
+
+if ! lxc image list --format csv | grep -q "$DOCKER_BASE_IMAGE_NAME"; then
+    # create the lxd base image.
+    ./create_lxc_base.sh
+fi
+
 for VIRTUAL_MACHINE in www btcpayserver; do
    export VIRTUAL_MACHINE="$VIRTUAL_MACHINE"
    FQDN=
@ -336,39 +349,23 @@ for VIRTUAL_MACHINE in www btcpayserver; do
        exit 1
    fi

-    # # switch to the default project
-    # if ! lxc project list --format csv | grep -a "default (current)"; then
-    #     lxc project switch default
-    # fi
-
-    # Goal is to get the macvlan interface.
-    LXD_SS_CONFIG_LINE=
-    if lxc network list --format csv | grep lxdbr0 | grep -q ss-config; then
-        LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbr0 | grep ss-config)"
+    # create the lxc project as specified by PROJECT_NAME
+    if ! lxc project list | grep -q "$PROJECT_NAME"; then
+        lxc project create "$PROJECT_NAME"
+        lxc project set "$PROJECT_NAME" features.networks=true features.images=false
    fi

-    if [ -z "$LXD_SS_CONFIG_LINE" ]; then
-        echo "ERROR: the MACVLAN interface has not been specified. You may need to run ss-cluster again."
-        exit 1
+    # Now let's switch to the new project to ensure new resources are created under the project scope.
+    if ! lxc info | grep "project:" | grep -q "$PROJECT_NAME"; then
+        echo "INFO: switch to lxd project '$PROJECT_NAME'."
+        lxc project switch "$PROJECT_NAME"
    fi

-    CONFIG_ITEMS="$(echo "$LXD_SS_CONFIG_LINE" | awk -F'"' '{print $2}')"
-    DATA_PLANE_MACVLAN_INTERFACE="$(echo "$CONFIG_ITEMS" | cut -d ',' -f2)"
-    export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE"
-
-
-    # # switch to the default project to ensure the base image is created.
-    # if ! lxc project list --format csv | grep -a "default (current)"; then
-    #     lxc project switch default
-    # fi
-
-    # create the lxd base image.
-    ./create_lxc_base.sh
-
-    # # now switch to the current chain project.
-    # if ! lxc project list --format csv | grep -a "$BITCOIN_CHAIN"; then
-    #     lxc project switch "$BITCOIN_CHAIN"
-    # fi
+    # check if the OVN network exists in this project.
+    if ! lxc network list | grep -q "ss-ovn"; then
+        lxc network create ss-ovn --type=ovn network=lxdbr1 ipv6.address=none
+        # ipv4.nat=false
+    fi

    export MAC_ADDRESS_TO_PROVISION=
    export VPS_HOSTNAME="$VPS_HOSTNAME"
@ -449,5 +446,3 @@ if [ "$SKIP_BTCPAY" = false ]; then

    ssh ubuntu@"$BTCPAY_FQDN" "echo $LATEST_GIT_COMMIT > /home/ubuntu/.ss-githead"
 fi
-
-echo "arbitrary change"
--- a/deploy_vms.sh
+++ b/deploy_vms.sh
@ -3,7 +3,6 @@
 set -eu
 cd "$(dirname "$0")"

-
 ## This is a weird if clause since we need to LEFT-ALIGN the statement below.
 SSH_STRING="Host ${FQDN}"
 if ! grep -q "$SSH_STRING" "$SSH_HOME/config"; then
@ -33,10 +32,9 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then

    ./stub_lxc_profile.sh "$LXD_VM_NAME"

-    lxc copy --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME"/"ss-docker-$LXD_UBUNTU_BASE_VERSION" "$LXD_VM_NAME"
-
    # now let's create a new VM to work with.
-    #@lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm
+    #lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm
+    lxc init "$DOCKER_BASE_IMAGE_NAME" "$LXD_VM_NAME" --vm --profile="$LXD_VM_NAME"

    # let's PIN the HW address for now so we don't exhaust IP
    # and so we can set DNS internally.
--- a/stub_lxc_profile.sh
+++ b/stub_lxc_profile.sh
@ -42,7 +42,6 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
    cat >> "$YAML_PATH" <<EOF
  user.vendor-data: |
    #cloud-config
-    apt_mirror: http://us.archive.ubuntu.com/ubuntu/
    package_update: true
    package_upgrade: false
    package_reboot_if_required: false
@ -83,17 +82,6 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
        ssh_authorized_keys:
          - ${SSH_AUTHORIZED_KEY}

-    write_files:
-      - path: /etc/ssh/ssh_config
-        content: |
-              Port 22
-              ListenAddress 0.0.0.0
-              Protocol 2
-              ChallengeResponseAuthentication no
-              PasswordAuthentication no
-              UsePAM no
-              LogLevel INFO
-
      - path: /etc/docker/daemon.json
        content: |
              {
@ -106,10 +94,23 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
      - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
      - sudo apt-get update
      - sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-      - sudo apt-get install -y openssh-server
+      - sudo DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server

 EOF

+
+    # write_files:
+    #   - path: /etc/ssh/sshd_config
+    #     content: |
+    #           Port 22
+    #           ListenAddress 0.0.0.0
+    #           Protocol 2
+    #           ChallengeResponseAuthentication no
+    #           PasswordAuthentication no
+    #           UsePAM no
+    #           LogLevel INFO
+
+
    #   - path: /etc/docker/daemon.json
    #     content: |
    #           {
@ -148,31 +149,18 @@ else
    ethernets:
      enp5s0:
        dhcp4: true
+        dhcp4-overrides:
+          route-metric: 50
        match:
          macaddress: ${MAC_ADDRESS_TO_PROVISION}
        set-name: enp5s0

      enp6s0:
-        dhcp4: false
-EOF
+        dhcp4: true

-    if [[ "$LXD_HOSTNAME" = $WWW_HOSTNAME-* ]]; then
-        cat >> "$YAML_PATH" <<EOF
-        addresses: [10.139.144.5/24]
-        nameservers:
-          addresses: [10.139.144.1]

 EOF
-    fi

-    if [[ "$LXD_HOSTNAME" = $BTCPAY_HOSTNAME-* ]]; then
-        cat >> "$YAML_PATH" <<EOF
-        addresses: [10.139.144.10/24]
-        nameservers:
-          addresses: [10.139.144.1]
-
-EOF
-    fi
 fi

 # If we are deploying the www, we attach the vm to the underlay via macvlan.
@ -209,7 +197,7 @@ cat >> "$YAML_PATH" <<EOF
    type: nic
  enp6s0:
    name: enp6s0
-    network: lxdbr0
+    network: ss-ovn
    type: nic

 name: ${PRIMARY_DOMAIN}
--- a/wait_for_lxc_ip.sh
+++ b/wait_for_lxc_ip.sh
@ -36,7 +36,6 @@ while true; do
    if [ -n "$IP_V4_ADDRESS" ]; then
        # give the machine extra time to spin up.
        wait-for-it -t 300 "$IP_V4_ADDRESS:22"
-        echo ""
        break
    else
        sleep 1