ss/sovereign-stack
ss/sovereign-stack
1
1
Fork 1
Code Releases Activity

Updates to migration restoration.

Browse Source
This commit is contained in:
Derek Smith 2022-10-09 20:35:02 -04:00
parent 897e75b016
commit b5a48ef23e
Signed by: farscapian
GPG Key ID: 8F1CD799CCA516CC
3 changed files with 141 additions and 151 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

286
cluster.sh
View File

@ -7,31 +7,26 @@ cd "$(dirname "$0")"
# it reaches out to an SSH endpoint and provisions that machine # it reaches out to an SSH endpoint and provisions that machine
# to use LXD. # to use LXD.
COMMAND="${1:-}"
DATA_PLANE_MACVLAN_INTERFACE= DATA_PLANE_MACVLAN_INTERFACE=
DISK_TO_USE=loop DISK_TO_USE=loop
if [ "$COMMAND" = create ]; then # override the cluster name.
CLUSTER_NAME="${1:-}"
if [ -z "$CLUSTER_NAME" ]; then
echo "ERROR: The cluster name was not provided."
exit 1
fi
# override the cluster name. #shellcheck disable=SC1091
CLUSTER_NAME="${2:-}" source ./defaults.sh
if [ -z "$CLUSTER_NAME" ]; then export CLUSTER_PATH="$CLUSTERS_DIR/$CLUSTER_NAME"
echo "ERROR: The cluster name was not provided." CLUSTER_DEFINITION="$CLUSTER_PATH/cluster_definition"
exit 1 export CLUSTER_DEFINITION="$CLUSTER_DEFINITION"
fi
#shellcheck disable=SC1091 mkdir -p "$CLUSTER_PATH"
source ./defaults.sh if [ ! -f "$CLUSTER_DEFINITION" ]; then
# stub out a cluster_definition.
export CLUSTER_PATH="$CLUSTERS_DIR/$CLUSTER_NAME"
CLUSTER_DEFINITION="$CLUSTER_PATH/cluster_definition"
export CLUSTER_DEFINITION="$CLUSTER_DEFINITION"
mkdir -p "$CLUSTER_PATH"
if [ ! -f "$CLUSTER_DEFINITION" ]; then
# stub out a cluster_definition.
cat >"$CLUSTER_DEFINITION" <<EOL cat >"$CLUSTER_DEFINITION" <<EOL
#!/bin/bash #!/bin/bash
@ -39,128 +34,128 @@ if [ "$COMMAND" = create ]; then
export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)" export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)"
export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED" export SOVEREIGN_STACK_MAC_ADDRESS="CHANGE_ME_REQUIRED"
export PROJECT_NAME="$CLUSTER_NAME-public" export PROJECT_NAME="public"
export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000" export REGISTRY_URL="http://$(hostname).$(resolvectl status | grep 'DNS Domain:' | awk '{ print $3 }'):5000"
export REGISTRY_USERNAME="CHANGE_ME" export REGISTRY_USERNAME="CHANGE_ME"
export REGISTRY_PASSWORD="CHANGE_ME" export REGISTRY_PASSWORD="CHANGE_ME"
EOL EOL
chmod 0744 "$CLUSTER_DEFINITION" chmod 0744 "$CLUSTER_DEFINITION"
echo "We stubbed out a '$CLUSTER_DEFINITION' file for you." echo "We stubbed out a '$CLUSTER_DEFINITION' file for you."
echo "Use this file to customize your cluster deployment;" echo "Use this file to customize your cluster deployment;"
echo "Check out 'https://www.sovereign-stack.org/cluster-definition' for an example." echo "Check out 'https://www.sovereign-stack.org/cluster-definition' for an example."
exit 1
fi
source "$CLUSTER_DEFINITION"
if ! lxc remote list | grep -q "$CLUSTER_NAME"; then
FQDN="${2:-}"
shift
if [ -z "$FQDN" ]; then
echo "ERROR: The Fully Qualified Domain Name of the new cluster member was not set."
exit 1 exit 1
fi fi
source "$CLUSTER_DEFINITION" # let's check to ensure we have SSH access to the specified host.
if ! wait-for-it -t 5 "$FQDN:22"; then
if ! lxc remote list | grep -q "$CLUSTER_NAME"; then echo "ERROR: We can't get an SSH connection to '$FQDN:22'. Ensure you have the host set up correctly."
FQDN="${3:-}"
shift
if [ -z "$FQDN" ]; then
echo "ERROR: The Fully Qualified Domain Name of the new cluster member was not set."
exit 1
fi
# let's check to ensure we have SSH access to the specified host.
if ! wait-for-it -t 5 "$FQDN:22"; then
echo "ERROR: We can't get an SSH connection to '$FQDN:22'. Ensure you have the host set up correctly."
exit 1
fi
# grab any modifications from the command line.
for i in "$@"; do
case $i in
--data-plane-interface=*)
DATA_PLANE_MACVLAN_INTERFACE="${i#*=}"
shift
;;
--disk=*)
DISK_TO_USE="${i#*=}"
shift
;;
*)
;;
esac
done
# if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
# echo "INFO: It looks like you didn't provide input on the command line for the data plane macvlan interface."
# echo " We need to know which interface that is! Enter it here now."
# echo ""
# ssh "ubuntu@$FQDN" ip link
# echo "Please enter the network interface that's dedicated to the Sovereign Stack data plane: "
# read -r DATA_PLANE_MACVLAN_INTERFACE
# fi
# if [ -z "$DISK_TO_USE" ]; then
# echo "INFO: It looks like the DISK_TO_USE has not been set. Enter it now."
# echo ""
# ssh "ubuntu@$FQDN" lsblk
# USER_DISK=
# echo "Please enter the disk or partition that Sovereign Stack will use to store data (default: loop): "
# read -r USER_DISK
# fi
else
echo "ERROR: the cluster already exists! You need to go delete your lxd remote if you want to re-create your cluster."
echo " It's may also be helpful to reset/rename your cluster path."
exit 1 exit 1
fi fi
# ensure we actually have that interface on the system. # grab any modifications from the command line.
echo "DATA_PLANE_MACVLAN_INTERFACE: $DATA_PLANE_MACVLAN_INTERFACE" for i in "$@"; do
if ! ssh "ubuntu@$FQDN" ip link | grep "$DATA_PLANE_MACVLAN_INTERFACE" | grep -q ",UP"; then case $i in
echo "ERROR: We could not find your interface in our list of available interfaces. Please run this command again." --data-plane-interface=*)
echo "NOTE: You can always specify on the command line by adding the '--data-plane-interface=eth0', for example." DATA_PLANE_MACVLAN_INTERFACE="${i#*=}"
shift
;;
--disk=*)
DISK_TO_USE="${i#*=}"
shift
;;
*)
;;
esac
done
# if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
# echo "INFO: It looks like you didn't provide input on the command line for the data plane macvlan interface."
# echo " We need to know which interface that is! Enter it here now."
# echo ""
# ssh "ubuntu@$FQDN" ip link
# echo "Please enter the network interface that's dedicated to the Sovereign Stack data plane: "
# read -r DATA_PLANE_MACVLAN_INTERFACE
# fi
# if [ -z "$DISK_TO_USE" ]; then
# echo "INFO: It looks like the DISK_TO_USE has not been set. Enter it now."
# echo ""
# ssh "ubuntu@$FQDN" lsblk
# USER_DISK=
# echo "Please enter the disk or partition that Sovereign Stack will use to store data (default: loop): "
# read -r USER_DISK
# fi
else
echo "ERROR: the cluster already exists! You need to go delete your lxd remote if you want to re-create your cluster."
echo " It's may also be helpful to reset/rename your cluster path."
exit 1
fi
# ensure we actually have that interface on the system.
echo "DATA_PLANE_MACVLAN_INTERFACE: $DATA_PLANE_MACVLAN_INTERFACE"
if ! ssh "ubuntu@$FQDN" ip link | grep "$DATA_PLANE_MACVLAN_INTERFACE" | grep -q ",UP"; then
echo "ERROR: We could not find your interface in our list of available interfaces. Please run this command again."
echo "NOTE: You can always specify on the command line by adding the '--data-plane-interface=eth0', for example."
exit 1
fi
# if the disk is loop-based, then we assume the / path exists.
if [ "$DISK_TO_USE" != loop ]; then
# ensure we actually have that disk/partition on the system.
if ssh "ubuntu@$FQDN" lsblk | grep -q "$DISK_TO_USE"; then
echo "ERROR: We could not the disk you specified. Please run this command again and supply a different disk."
echo "NOTE: You can always specify on the command line by adding the '--disk=/dev/sdd', for example."
exit 1 exit 1
fi fi
fi
# if the disk is loop-based, then we assume the / path exists. # The MGMT Plane IP is the IP address that the LXD API binds to, which happens
if [ "$DISK_TO_USE" != loop ]; then # to be the same as whichever SSH connection you're coming in on.
# ensure we actually have that disk/partition on the system. MGMT_PLANE_IP="$(ssh ubuntu@"$FQDN" env | grep SSH_CONNECTION | cut -d " " -f 3)"
if ssh "ubuntu@$FQDN" lsblk | grep -q "$DISK_TO_USE"; then IP_OF_MGMT_MACHINE="$(ssh ubuntu@"$FQDN" env | grep SSH_CLIENT | cut -d " " -f 1 )"
echo "ERROR: We could not the disk you specified. Please run this command again and supply a different disk." IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
echo "NOTE: You can always specify on the command line by adding the '--disk=/dev/sdd', for example." IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
exit 1
fi # error out if the cluster password is unset.
if [ -z "$LXD_CLUSTER_PASSWORD" ]; then
echo "ERROR: LXD_CLUSTER_PASSWORD must be set in your cluster_definition."
exit 1
fi
if ! command -v lxc >/dev/null 2>&1; then
if lxc profile list --format csv | grep -q sovereign-stack; then
lxc profile delete sovereign-stack
sleep 1
fi fi
# The MGMT Plane IP is the IP address that the LXD API binds to, which happens if lxc network list --format csv | grep -q lxdbrSS; then
# to be the same as whichever SSH connection you're coming in on. lxc network delete lxdbrSS
MGMT_PLANE_IP="$(ssh ubuntu@"$FQDN" env | grep SSH_CONNECTION | cut -d " " -f 3)" sleep 1
IP_OF_MGMT_MACHINE="$(ssh ubuntu@"$FQDN" env | grep SSH_CLIENT | cut -d " " -f 1 )"
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
# error out if the cluster password is unset.
if [ -z "$LXD_CLUSTER_PASSWORD" ]; then
echo "ERROR: LXD_CLUSTER_PASSWORD must be set in your cluster_definition."
exit 1
fi fi
fi
if ! command -v lxc >/dev/null 2>&1; then ssh -t "ubuntu@$FQDN" "
if lxc profile list --format csv | grep -q sovereign-stack; then
lxc profile delete sovereign-stack
sleep 1
fi
if lxc network list --format csv | grep -q lxdbrSS; then
lxc network delete lxdbrSS
sleep 1
fi
fi
ssh -t "ubuntu@$FQDN" "
# set host firewall policy. # set host firewall policy.
# allow LXD API from management network. # allow LXD API from management network.
# sudo ufw allow from ${IP_OF_MGMT_MACHINE}/32 proto tcp to $MGMT_PLANE_IP port 8443 # sudo ufw allow from ${IP_OF_MGMT_MACHINE}/32 proto tcp to $MGMT_PLANE_IP port 8443
@ -176,15 +171,15 @@ if ! snap list | grep -q lxd; then
sleep 4 sleep 4
fi fi
" "
# if the DATA_PLANE_MACVLAN_INTERFACE is not specified, then we 'll # if the DATA_PLANE_MACVLAN_INTERFACE is not specified, then we 'll
# just attach VMs to the network interface used for for the default route. # just attach VMs to the network interface used for for the default route.
if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
DATA_PLANE_MACVLAN_INTERFACE="$(ssh -t ubuntu@"$FQDN" ip route | grep default | cut -d " " -f 5)" DATA_PLANE_MACVLAN_INTERFACE="$(ssh -t ubuntu@"$FQDN" ip route | grep default | cut -d " " -f 5)"
fi fi
# stub out the lxd init file for the remote SSH endpoint. # stub out the lxd init file for the remote SSH endpoint.
CLUSTER_MASTER_LXD_INIT="$CLUSTER_PATH/lxdinit_profile.yml" CLUSTER_MASTER_LXD_INIT="$CLUSTER_PATH/lxdinit_profile.yml"
cat >"$CLUSTER_MASTER_LXD_INIT" <<EOF cat >"$CLUSTER_MASTER_LXD_INIT" <<EOF
config: config:
core.https_address: ${MGMT_PLANE_IP}:8443 core.https_address: ${MGMT_PLANE_IP}:8443
core.trust_password: ${LXD_CLUSTER_PASSWORD} core.trust_password: ${LXD_CLUSTER_PASSWORD}
@ -215,25 +210,20 @@ cluster:
cluster_token: "" cluster_token: ""
EOF EOF
# configure the LXD Daemon with our preseed.
cat "$CLUSTER_MASTER_LXD_INIT" | ssh "ubuntu@$FQDN" lxd init --preseed
# configure the LXD Daemon with our preseed. # ensure the lxd service is available over the network, then add a lxc remote, then switch the active remote to it.
cat "$CLUSTER_MASTER_LXD_INIT" | ssh "ubuntu@$FQDN" lxd init --preseed if wait-for-it -t 20 "$FQDN:8443"; then
# now create a remote on your local LXC client and switch to it.
# the software will now target the new cluster.
lxc remote add "$CLUSTER_NAME" "$FQDN" --password="$LXD_CLUSTER_PASSWORD" --protocol=lxd --auth-type=tls --accept-certificate
lxc remote switch "$CLUSTER_NAME"
# ensure the lxd service is available over the network, then add a lxc remote, then switch the active remote to it. echo "INFO: You have create a new cluster named '$CLUSTER_NAME'. Great! We switched your lxd remote to it."
if wait-for-it -t 20 "$FQDN:8443"; then
# now create a remote on your local LXC client and switch to it.
# the software will now target the new cluster.
lxc remote add "$CLUSTER_NAME" "$FQDN" --password="$LXD_CLUSTER_PASSWORD" --protocol=lxd --auth-type=tls --accept-certificate
lxc remote switch "$CLUSTER_NAME"
echo "INFO: You have create a new cluster named '$CLUSTER_NAME'. Great! We switched your lxd remote to it."
else
echo "ERROR: Could not detect the LXD endpoint. Something went wrong."
exit 1
fi
echo "HINT: Now you can consider running 'ss-deploy'."
else else
echo "ERROR: invalid command." echo "ERROR: Could not detect the LXD endpoint. Something went wrong."
exit 1 exit 1
fi fi
echo "HINT: Now you can consider running 'ss-deploy'."

4
deployment/www/stop_docker_stacks.sh
View File

@ -39,7 +39,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
if [ "$RESTORE_WWW" = true ]; then if [ "$RESTORE_WWW" = true ]; then
./restore_path.sh ./restore_path.sh
ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP" #ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP"
elif [ "$BACKUP_APPS" = true ]; then elif [ "$BACKUP_APPS" = true ]; then
# if we're not restoring, then we may or may not back up. # if we're not restoring, then we may or may not back up.
./backup_path.sh ./backup_path.sh
@ -87,7 +87,7 @@ for DOMAIN_NAME in ${DOMAIN_LIST//,/ }; do
sleep 5 sleep 5
echo "STARTING restore_path.sh for letsencrypt." echo "STARTING restore_path.sh for letsencrypt."
./restore_path.sh ./restore_path.sh
ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP" #ssh "$PRIMARY_WWW_FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/$APP"
elif [ "$BACKUP_APPS" = true ]; then elif [ "$BACKUP_APPS" = true ]; then
# if we're not restoring, then we may or may not back up. # if we're not restoring, then we may or may not back up.
./backup_path.sh ./backup_path.sh

2
reset_env.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
set -ex set -eu
export DOMAIN_NAME= export DOMAIN_NAME=
export DUPLICITY_BACKUP_PASSPHRASE= export DUPLICITY_BACKUP_PASSPHRASE=