Updates to migration restoration.
This commit is contained in:
parent
897e75b016
commit
b5a48ef23e
112
cluster.sh
112
cluster.sh
@ -7,30 +7,25 @@ cd "$(dirname "$0")"
|
|||||||
# it reaches out to an SSH endpoint and provisions that machine
|
# it reaches out to an SSH endpoint and provisions that machine
|
||||||
# to use LXD.
|
# to use LXD.
|
||||||
|
|
||||||
COMMAND="${1:-}"
|
|
||||||
DATA_PLANE_MACVLAN_INTERFACE=
|
DATA_PLANE_MACVLAN_INTERFACE=
|
||||||
DISK_TO_USE=loop
|
DISK_TO_USE=loop
|
||||||
|
|
||||||
if [ "$COMMAND" = create ]; then
|
# override the cluster name.
|
||||||
|
CLUSTER_NAME="${1:-}"
|
||||||
# override the cluster name.
|
if [ -z "$CLUSTER_NAME" ]; then
|
||||||
CLUSTER_NAME="${2:-}"
|
|
||||||
|
|
||||||
|
|
||||||
if [ -z "$CLUSTER_NAME" ]; then
|
|
||||||
echo "ERROR: The cluster name was not provided."
|
echo "ERROR: The cluster name was not provided."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#shellcheck disable=SC1091
|
#shellcheck disable=SC1091
|
||||||
source ./defaults.sh
|
source ./defaults.sh
|
||||||
|
|
||||||
export CLUSTER_PATH="$CLUSTERS_DIR/$CLUSTER_NAME"
|
export CLUSTER_PATH="$CLUSTERS_DIR/$CLUSTER_NAME"
|
||||||
CLUSTER_DEFINITION="$CLUSTER_PATH/cluster_definition"
|
CLUSTER_DEFINITION="$CLUSTER_PATH/cluster_definition"
|
||||||
export CLUSTER_DEFINITION="$CLUSTER_DEFINITION"
|
export CLUSTER_DEFINITION="$CLUSTER_DEFINITION"
|
||||||
|
|
||||||
mkdir -p "$CLUSTER_PATH"
|
mkdir -p "$CLUSTER_PATH"
|
||||||
if [ ! -f "$CLUSTER_DEFINITION" ]; then
|
if [ ! -f "$CLUSTER_DEFINITION" ]; then
|
||||||
# stub out a cluster_definition.
|
# stub out a cluster_definition.
|
||||||
cat >"$CLUSTER_DEFINITION" <<EOL
|
cat >"$CLUSTER_DEFINITION" <<EOL
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
@ -39,7 +34,7 @@ if [ "$COMMAND" = create ]; then
|
|||||||
|
|
||||||
export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)"
|
export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)"
|
||||||
export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED"
|
export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED"
|
||||||
export PROJECT_NAME="$CLUSTER_NAME-public"
|
export PROJECT_NAME="public"
|
||||||
export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000"
|
export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000"
|
||||||
export REGISTRY_USERNAME="CHANGE_ME"
|
export REGISTRY_USERNAME="CHANGE_ME"
|
||||||
export REGISTRY_PASSWORD="CHANGE_ME"
|
export REGISTRY_PASSWORD="CHANGE_ME"
|
||||||
@ -51,12 +46,12 @@ EOL
|
|||||||
echo "Use this file to customize your cluster deployment;"
|
echo "Use this file to customize your cluster deployment;"
|
||||||
echo "Check out 'https://www.sovereign-stack.org/cluster-definition' for an example."
|
echo "Check out 'https://www.sovereign-stack.org/cluster-definition' for an example."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
source "$CLUSTER_DEFINITION"
|
source "$CLUSTER_DEFINITION"
|
||||||
|
|
||||||
if ! lxc remote list | grep -q "$CLUSTER_NAME"; then
|
if ! lxc remote list | grep -q "$CLUSTER_NAME"; then
|
||||||
FQDN="${3:-}"
|
FQDN="${2:-}"
|
||||||
shift
|
shift
|
||||||
|
|
||||||
if [ -z "$FQDN" ]; then
|
if [ -z "$FQDN" ]; then
|
||||||
@ -111,44 +106,44 @@ EOL
|
|||||||
|
|
||||||
# fi
|
# fi
|
||||||
|
|
||||||
else
|
else
|
||||||
echo "ERROR: the cluster already exists! You need to go delete your lxd remote if you want to re-create your cluster."
|
echo "ERROR: the cluster already exists! You need to go delete your lxd remote if you want to re-create your cluster."
|
||||||
echo " It's may also be helpful to reset/rename your cluster path."
|
echo " It's may also be helpful to reset/rename your cluster path."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ensure we actually have that interface on the system.
|
# ensure we actually have that interface on the system.
|
||||||
echo "DATA_PLANE_MACVLAN_INTERFACE: $DATA_PLANE_MACVLAN_INTERFACE"
|
echo "DATA_PLANE_MACVLAN_INTERFACE: $DATA_PLANE_MACVLAN_INTERFACE"
|
||||||
if ! ssh "ubuntu@$FQDN" ip link | grep "$DATA_PLANE_MACVLAN_INTERFACE" | grep -q ",UP"; then
|
if ! ssh "ubuntu@$FQDN" ip link | grep "$DATA_PLANE_MACVLAN_INTERFACE" | grep -q ",UP"; then
|
||||||
echo "ERROR: We could not find your interface in our list of available interfaces. Please run this command again."
|
echo "ERROR: We could not find your interface in our list of available interfaces. Please run this command again."
|
||||||
echo "NOTE: You can always specify on the command line by adding the '--data-plane-interface=eth0', for example."
|
echo "NOTE: You can always specify on the command line by adding the '--data-plane-interface=eth0', for example."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# if the disk is loop-based, then we assume the / path exists.
|
# if the disk is loop-based, then we assume the / path exists.
|
||||||
if [ "$DISK_TO_USE" != loop ]; then
|
if [ "$DISK_TO_USE" != loop ]; then
|
||||||
# ensure we actually have that disk/partition on the system.
|
# ensure we actually have that disk/partition on the system.
|
||||||
if ssh "ubuntu@$FQDN" lsblk | grep -q "$DISK_TO_USE"; then
|
if ssh "ubuntu@$FQDN" lsblk | grep -q "$DISK_TO_USE"; then
|
||||||
echo "ERROR: We could not the disk you specified. Please run this command again and supply a different disk."
|
echo "ERROR: We could not the disk you specified. Please run this command again and supply a different disk."
|
||||||
echo "NOTE: You can always specify on the command line by adding the '--disk=/dev/sdd', for example."
|
echo "NOTE: You can always specify on the command line by adding the '--disk=/dev/sdd', for example."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# The MGMT Plane IP is the IP address that the LXD API binds to, which happens
|
# The MGMT Plane IP is the IP address that the LXD API binds to, which happens
|
||||||
# to be the same as whichever SSH connection you're coming in on.
|
# to be the same as whichever SSH connection you're coming in on.
|
||||||
MGMT_PLANE_IP="$(ssh ubuntu@"$FQDN" env | grep SSH_CONNECTION | cut -d " " -f 3)"
|
MGMT_PLANE_IP="$(ssh ubuntu@"$FQDN" env | grep SSH_CONNECTION | cut -d " " -f 3)"
|
||||||
IP_OF_MGMT_MACHINE="$(ssh ubuntu@"$FQDN" env | grep SSH_CLIENT | cut -d " " -f 1 )"
|
IP_OF_MGMT_MACHINE="$(ssh ubuntu@"$FQDN" env | grep SSH_CLIENT | cut -d " " -f 1 )"
|
||||||
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
|
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
|
||||||
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
|
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
|
||||||
|
|
||||||
# error out if the cluster password is unset.
|
# error out if the cluster password is unset.
|
||||||
if [ -z "$LXD_CLUSTER_PASSWORD" ]; then
|
if [ -z "$LXD_CLUSTER_PASSWORD" ]; then
|
||||||
echo "ERROR: LXD_CLUSTER_PASSWORD must be set in your cluster_definition."
|
echo "ERROR: LXD_CLUSTER_PASSWORD must be set in your cluster_definition."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! command -v lxc >/dev/null 2>&1; then
|
if ! command -v lxc >/dev/null 2>&1; then
|
||||||
if lxc profile list --format csv | grep -q sovereign-stack; then
|
if lxc profile list --format csv | grep -q sovereign-stack; then
|
||||||
lxc profile delete sovereign-stack
|
lxc profile delete sovereign-stack
|
||||||
sleep 1
|
sleep 1
|
||||||
@ -158,9 +153,9 @@ EOL
|
|||||||
lxc network delete lxdbrSS
|
lxc network delete lxdbrSS
|
||||||
sleep 1
|
sleep 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ssh -t "ubuntu@$FQDN" "
|
ssh -t "ubuntu@$FQDN" "
|
||||||
# set host firewall policy.
|
# set host firewall policy.
|
||||||
# allow LXD API from management network.
|
# allow LXD API from management network.
|
||||||
# sudo ufw allow from ${IP_OF_MGMT_MACHINE}/32 proto tcp to $MGMT_PLANE_IP port 8443
|
# sudo ufw allow from ${IP_OF_MGMT_MACHINE}/32 proto tcp to $MGMT_PLANE_IP port 8443
|
||||||
@ -176,15 +171,15 @@ if ! snap list | grep -q lxd; then
|
|||||||
sleep 4
|
sleep 4
|
||||||
fi
|
fi
|
||||||
"
|
"
|
||||||
# if the DATA_PLANE_MACVLAN_INTERFACE is not specified, then we 'll
|
# if the DATA_PLANE_MACVLAN_INTERFACE is not specified, then we 'll
|
||||||
# just attach VMs to the network interface used for for the default route.
|
# just attach VMs to the network interface used for for the default route.
|
||||||
if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
|
if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
|
||||||
DATA_PLANE_MACVLAN_INTERFACE="$(ssh -t ubuntu@"$FQDN" ip route | grep default | cut -d " " -f 5)"
|
DATA_PLANE_MACVLAN_INTERFACE="$(ssh -t ubuntu@"$FQDN" ip route | grep default | cut -d " " -f 5)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# stub out the lxd init file for the remote SSH endpoint.
|
# stub out the lxd init file for the remote SSH endpoint.
|
||||||
CLUSTER_MASTER_LXD_INIT="$CLUSTER_PATH/lxdinit_profile.yml"
|
CLUSTER_MASTER_LXD_INIT="$CLUSTER_PATH/lxdinit_profile.yml"
|
||||||
cat >"$CLUSTER_MASTER_LXD_INIT" <<EOF
|
cat >"$CLUSTER_MASTER_LXD_INIT" <<EOF
|
||||||
config:
|
config:
|
||||||
core.https_address: ${MGMT_PLANE_IP}:8443
|
core.https_address: ${MGMT_PLANE_IP}:8443
|
||||||
core.trust_password: ${LXD_CLUSTER_PASSWORD}
|
core.trust_password: ${LXD_CLUSTER_PASSWORD}
|
||||||
@ -215,25 +210,20 @@ cluster:
|
|||||||
cluster_token: ""
|
cluster_token: ""
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
# configure the LXD Daemon with our preseed.
|
||||||
|
cat "$CLUSTER_MASTER_LXD_INIT" | ssh "ubuntu@$FQDN" lxd init --preseed
|
||||||
|
|
||||||
# configure the LXD Daemon with our preseed.
|
# ensure the lxd service is available over the network, then add a lxc remote, then switch the active remote to it.
|
||||||
cat "$CLUSTER_MASTER_LXD_INIT" | ssh "ubuntu@$FQDN" lxd init --preseed
|
if wait-for-it -t 20 "$FQDN:8443"; then
|
||||||
|
|
||||||
# ensure the lxd service is available over the network, then add a lxc remote, then switch the active remote to it.
|
|
||||||
if wait-for-it -t 20 "$FQDN:8443"; then
|
|
||||||
# now create a remote on your local LXC client and switch to it.
|
# now create a remote on your local LXC client and switch to it.
|
||||||
# the software will now target the new cluster.
|
# the software will now target the new cluster.
|
||||||
lxc remote add "$CLUSTER_NAME" "$FQDN" --password="$LXD_CLUSTER_PASSWORD" --protocol=lxd --auth-type=tls --accept-certificate
|
lxc remote add "$CLUSTER_NAME" "$FQDN" --password="$LXD_CLUSTER_PASSWORD" --protocol=lxd --auth-type=tls --accept-certificate
|
||||||
lxc remote switch "$CLUSTER_NAME"
|
lxc remote switch "$CLUSTER_NAME"
|
||||||
|
|
||||||
echo "INFO: You have create a new cluster named '$CLUSTER_NAME'. Great! We switched your lxd remote to it."
|
echo "INFO: You have create a new cluster named '$CLUSTER_NAME'. Great! We switched your lxd remote to it."
|
||||||
else
|
else
|
||||||
echo "ERROR: Could not detect the LXD endpoint. Something went wrong."
|
echo "ERROR: Could not detect the LXD endpoint. Something went wrong."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
|
||||||
|
|
||||||
echo "HINT: Now you can consider running 'ss-deploy'."
|
|
||||||
else
|
|
||||||
echo "ERROR: invalid command."
|
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
echo "HINT: Now you can consider running 'ss-deploy'."
|
||||||
|
@ -39,7 +39,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
|||||||
|
|
||||||
if [ "$RESTORE_WWW" = true ]; then
|
if [ "$RESTORE_WWW" = true ]; then
|
||||||
./restore_path.sh
|
./restore_path.sh
|
||||||
ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP"
|
#ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP"
|
||||||
elif [ "$BACKUP_APPS" = true ]; then
|
elif [ "$BACKUP_APPS" = true ]; then
|
||||||
# if we're not restoring, then we may or may not back up.
|
# if we're not restoring, then we may or may not back up.
|
||||||
./backup_path.sh
|
./backup_path.sh
|
||||||
@ -87,7 +87,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
|
|||||||
sleep 5
|
sleep 5
|
||||||
echo "STARTING restore_path.sh for letsencrypt."
|
echo "STARTING restore_path.sh for letsencrypt."
|
||||||
./restore_path.sh
|
./restore_path.sh
|
||||||
ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP"
|
#ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP"
|
||||||
elif [ "$BACKUP_APPS" = true ]; then
|
elif [ "$BACKUP_APPS" = true ]; then
|
||||||
# if we're not restoring, then we may or may not back up.
|
# if we're not restoring, then we may or may not back up.
|
||||||
./backup_path.sh
|
./backup_path.sh
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
set -ex
|
set -eu
|
||||||
|
|
||||||
export DOMAIN_NAME=
|
export DOMAIN_NAME=
|
||||||
export DUPLICITY_BACKUP_PASSPHRASE=
|
export DUPLICITY_BACKUP_PASSPHRASE=
|
||||||
|
Loading…
Reference in New Issue
Block a user