1
1

Updates to migration restoration.

This commit is contained in:
Derek Smith 2022-10-09 20:35:02 -04:00
parent 897e75b016
commit b5a48ef23e
Signed by: farscapian
GPG Key ID: 8F1CD799CCA516CC
3 changed files with 141 additions and 151 deletions

View File

@ -7,30 +7,25 @@ cd "$(dirname "$0")"
# it reaches out to an SSH endpoint and provisions that machine # it reaches out to an SSH endpoint and provisions that machine
# to use LXD. # to use LXD.
COMMAND="${1:-}"
DATA_PLANE_MACVLAN_INTERFACE= DATA_PLANE_MACVLAN_INTERFACE=
DISK_TO_USE=loop DISK_TO_USE=loop
if [ "$COMMAND" = create ]; then # override the cluster name.
CLUSTER_NAME="${1:-}"
# override the cluster name. if [ -z "$CLUSTER_NAME" ]; then
CLUSTER_NAME="${2:-}"
if [ -z "$CLUSTER_NAME" ]; then
echo "ERROR: The cluster name was not provided." echo "ERROR: The cluster name was not provided."
exit 1 exit 1
fi fi
#shellcheck disable=SC1091 #shellcheck disable=SC1091
source ./defaults.sh source ./defaults.sh
export CLUSTER_PATH="$CLUSTERS_DIR/$CLUSTER_NAME" export CLUSTER_PATH="$CLUSTERS_DIR/$CLUSTER_NAME"
CLUSTER_DEFINITION="$CLUSTER_PATH/cluster_definition" CLUSTER_DEFINITION="$CLUSTER_PATH/cluster_definition"
export CLUSTER_DEFINITION="$CLUSTER_DEFINITION" export CLUSTER_DEFINITION="$CLUSTER_DEFINITION"
mkdir -p "$CLUSTER_PATH" mkdir -p "$CLUSTER_PATH"
if [ ! -f "$CLUSTER_DEFINITION" ]; then if [ ! -f "$CLUSTER_DEFINITION" ]; then
# stub out a cluster_definition. # stub out a cluster_definition.
cat >"$CLUSTER_DEFINITION" <<EOL cat >"$CLUSTER_DEFINITION" <<EOL
#!/bin/bash #!/bin/bash
@ -39,7 +34,7 @@ if [ "$COMMAND" = create ]; then
export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)" export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)"
export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED" export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED"
export PROJECT_NAME="$CLUSTER_NAME-public" export PROJECT_NAME="public"
export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000" export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000"
export REGISTRY_USERNAME="CHANGE_ME" export REGISTRY_USERNAME="CHANGE_ME"
export REGISTRY_PASSWORD="CHANGE_ME" export REGISTRY_PASSWORD="CHANGE_ME"
@ -51,12 +46,12 @@ EOL
echo "Use this file to customize your cluster deployment;" echo "Use this file to customize your cluster deployment;"
echo "Check out 'https://www.sovereign-stack.org/cluster-definition' for an example." echo "Check out 'https://www.sovereign-stack.org/cluster-definition' for an example."
exit 1 exit 1
fi fi
source "$CLUSTER_DEFINITION" source "$CLUSTER_DEFINITION"
if ! lxc remote list | grep -q "$CLUSTER_NAME"; then if ! lxc remote list | grep -q "$CLUSTER_NAME"; then
FQDN="${3:-}" FQDN="${2:-}"
shift shift
if [ -z "$FQDN" ]; then if [ -z "$FQDN" ]; then
@ -111,44 +106,44 @@ EOL
# fi # fi
else else
echo "ERROR: the cluster already exists! You need to go delete your lxd remote if you want to re-create your cluster." echo "ERROR: the cluster already exists! You need to go delete your lxd remote if you want to re-create your cluster."
echo " It's may also be helpful to reset/rename your cluster path." echo " It's may also be helpful to reset/rename your cluster path."
exit 1 exit 1
fi fi
# ensure we actually have that interface on the system. # ensure we actually have that interface on the system.
echo "DATA_PLANE_MACVLAN_INTERFACE: $DATA_PLANE_MACVLAN_INTERFACE" echo "DATA_PLANE_MACVLAN_INTERFACE: $DATA_PLANE_MACVLAN_INTERFACE"
if ! ssh "ubuntu@$FQDN" ip link | grep "$DATA_PLANE_MACVLAN_INTERFACE" | grep -q ",UP"; then if ! ssh "ubuntu@$FQDN" ip link | grep "$DATA_PLANE_MACVLAN_INTERFACE" | grep -q ",UP"; then
echo "ERROR: We could not find your interface in our list of available interfaces. Please run this command again." echo "ERROR: We could not find your interface in our list of available interfaces. Please run this command again."
echo "NOTE: You can always specify on the command line by adding the '--data-plane-interface=eth0', for example." echo "NOTE: You can always specify on the command line by adding the '--data-plane-interface=eth0', for example."
exit 1 exit 1
fi fi
# if the disk is loop-based, then we assume the / path exists. # if the disk is loop-based, then we assume the / path exists.
if [ "$DISK_TO_USE" != loop ]; then if [ "$DISK_TO_USE" != loop ]; then
# ensure we actually have that disk/partition on the system. # ensure we actually have that disk/partition on the system.
if ssh "ubuntu@$FQDN" lsblk | grep -q "$DISK_TO_USE"; then if ssh "ubuntu@$FQDN" lsblk | grep -q "$DISK_TO_USE"; then
echo "ERROR: We could not the disk you specified. Please run this command again and supply a different disk." echo "ERROR: We could not the disk you specified. Please run this command again and supply a different disk."
echo "NOTE: You can always specify on the command line by adding the '--disk=/dev/sdd', for example." echo "NOTE: You can always specify on the command line by adding the '--disk=/dev/sdd', for example."
exit 1 exit 1
fi fi
fi fi
# The MGMT Plane IP is the IP address that the LXD API binds to, which happens # The MGMT Plane IP is the IP address that the LXD API binds to, which happens
# to be the same as whichever SSH connection you're coming in on. # to be the same as whichever SSH connection you're coming in on.
MGMT_PLANE_IP="$(ssh ubuntu@"$FQDN" env | grep SSH_CONNECTION | cut -d " " -f 3)" MGMT_PLANE_IP="$(ssh ubuntu@"$FQDN" env | grep SSH_CONNECTION | cut -d " " -f 3)"
IP_OF_MGMT_MACHINE="$(ssh ubuntu@"$FQDN" env | grep SSH_CLIENT | cut -d " " -f 1 )" IP_OF_MGMT_MACHINE="$(ssh ubuntu@"$FQDN" env | grep SSH_CLIENT | cut -d " " -f 1 )"
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}" IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)" IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
# error out if the cluster password is unset. # error out if the cluster password is unset.
if [ -z "$LXD_CLUSTER_PASSWORD" ]; then if [ -z "$LXD_CLUSTER_PASSWORD" ]; then
echo "ERROR: LXD_CLUSTER_PASSWORD must be set in your cluster_definition." echo "ERROR: LXD_CLUSTER_PASSWORD must be set in your cluster_definition."
exit 1 exit 1
fi fi
if ! command -v lxc >/dev/null 2>&1; then if ! command -v lxc >/dev/null 2>&1; then
if lxc profile list --format csv | grep -q sovereign-stack; then if lxc profile list --format csv | grep -q sovereign-stack; then
lxc profile delete sovereign-stack lxc profile delete sovereign-stack
sleep 1 sleep 1
@ -158,9 +153,9 @@ EOL
lxc network delete lxdbrSS lxc network delete lxdbrSS
sleep 1 sleep 1
fi fi
fi fi
ssh -t "ubuntu@$FQDN" " ssh -t "ubuntu@$FQDN" "
# set host firewall policy. # set host firewall policy.
# allow LXD API from management network. # allow LXD API from management network.
# sudo ufw allow from ${IP_OF_MGMT_MACHINE}/32 proto tcp to $MGMT_PLANE_IP port 8443 # sudo ufw allow from ${IP_OF_MGMT_MACHINE}/32 proto tcp to $MGMT_PLANE_IP port 8443
@ -176,15 +171,15 @@ if ! snap list | grep -q lxd; then
sleep 4 sleep 4
fi fi
" "
# if the DATA_PLANE_MACVLAN_INTERFACE is not specified, then we 'll # if the DATA_PLANE_MACVLAN_INTERFACE is not specified, then we 'll
# just attach VMs to the network interface used for for the default route. # just attach VMs to the network interface used for for the default route.
if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
DATA_PLANE_MACVLAN_INTERFACE="$(ssh -t ubuntu@"$FQDN" ip route | grep default | cut -d " " -f 5)" DATA_PLANE_MACVLAN_INTERFACE="$(ssh -t ubuntu@"$FQDN" ip route | grep default | cut -d " " -f 5)"
fi fi
# stub out the lxd init file for the remote SSH endpoint. # stub out the lxd init file for the remote SSH endpoint.
CLUSTER_MASTER_LXD_INIT="$CLUSTER_PATH/lxdinit_profile.yml" CLUSTER_MASTER_LXD_INIT="$CLUSTER_PATH/lxdinit_profile.yml"
cat >"$CLUSTER_MASTER_LXD_INIT" <<EOF cat >"$CLUSTER_MASTER_LXD_INIT" <<EOF
config: config:
core.https_address: ${MGMT_PLANE_IP}:8443 core.https_address: ${MGMT_PLANE_IP}:8443
core.trust_password: ${LXD_CLUSTER_PASSWORD} core.trust_password: ${LXD_CLUSTER_PASSWORD}
@ -215,25 +210,20 @@ cluster:
cluster_token: "" cluster_token: ""
EOF EOF
# configure the LXD Daemon with our preseed.
cat "$CLUSTER_MASTER_LXD_INIT" | ssh "ubuntu@$FQDN" lxd init --preseed
# configure the LXD Daemon with our preseed. # ensure the lxd service is available over the network, then add a lxc remote, then switch the active remote to it.
cat "$CLUSTER_MASTER_LXD_INIT" | ssh "ubuntu@$FQDN" lxd init --preseed if wait-for-it -t 20 "$FQDN:8443"; then
# ensure the lxd service is available over the network, then add a lxc remote, then switch the active remote to it.
if wait-for-it -t 20 "$FQDN:8443"; then
# now create a remote on your local LXC client and switch to it. # now create a remote on your local LXC client and switch to it.
# the software will now target the new cluster. # the software will now target the new cluster.
lxc remote add "$CLUSTER_NAME" "$FQDN" --password="$LXD_CLUSTER_PASSWORD" --protocol=lxd --auth-type=tls --accept-certificate lxc remote add "$CLUSTER_NAME" "$FQDN" --password="$LXD_CLUSTER_PASSWORD" --protocol=lxd --auth-type=tls --accept-certificate
lxc remote switch "$CLUSTER_NAME" lxc remote switch "$CLUSTER_NAME"
echo "INFO: You have create a new cluster named '$CLUSTER_NAME'. Great! We switched your lxd remote to it." echo "INFO: You have create a new cluster named '$CLUSTER_NAME'. Great! We switched your lxd remote to it."
else else
echo "ERROR: Could not detect the LXD endpoint. Something went wrong." echo "ERROR: Could not detect the LXD endpoint. Something went wrong."
exit 1 exit 1
fi
echo "HINT: Now you can consider running 'ss-deploy'."
else
echo "ERROR: invalid command."
exit 1
fi fi
echo "HINT: Now you can consider running 'ss-deploy'."

View File

@ -39,7 +39,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
if [ "$RESTORE_WWW" = true ]; then if [ "$RESTORE_WWW" = true ]; then
./restore_path.sh ./restore_path.sh
ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP" #ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP"
elif [ "$BACKUP_APPS" = true ]; then elif [ "$BACKUP_APPS" = true ]; then
# if we're not restoring, then we may or may not back up. # if we're not restoring, then we may or may not back up.
./backup_path.sh ./backup_path.sh
@ -87,7 +87,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
sleep 5 sleep 5
echo "STARTING restore_path.sh for letsencrypt." echo "STARTING restore_path.sh for letsencrypt."
./restore_path.sh ./restore_path.sh
ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP" #ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP"
elif [ "$BACKUP_APPS" = true ]; then elif [ "$BACKUP_APPS" = true ]; then
# if we're not restoring, then we may or may not back up. # if we're not restoring, then we may or may not back up.
./backup_path.sh ./backup_path.sh

View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
set -ex set -eu
export DOMAIN_NAME= export DOMAIN_NAME=
export DUPLICITY_BACKUP_PASSPHRASE= export DUPLICITY_BACKUP_PASSPHRASE=