Compare commits
6 Commits
03d669750c
...
f1abfd77af
Author | SHA1 | Date | |
---|---|---|---|
f1abfd77af | |||
de6f078774 | |||
18fb5a1fe0 | |||
731639bc4b | |||
a3ea78cfe2 | |||
8aef17fa00 |
15
defaults.sh
15
defaults.sh
@ -47,7 +47,7 @@ export DOCKER_IMAGE_CACHE_FQDN="registry-1.docker.io"
|
|||||||
|
|
||||||
export NEXTCLOUD_SPACE_GB=10
|
export NEXTCLOUD_SPACE_GB=10
|
||||||
|
|
||||||
DEFAULT_DB_IMAGE="mariadb:10.9.3-jammy"
|
DEFAULT_DB_IMAGE="mariadb:10.11.2-jammy"
|
||||||
|
|
||||||
|
|
||||||
# run the docker stack.
|
# run the docker stack.
|
||||||
@ -100,10 +100,19 @@ export REMOTE_CERT_BASE_DIR="$REMOTE_HOME/.certs"
|
|||||||
|
|
||||||
# this space is for OS, docker images, etc. DOES NOT INCLUDE USER DATA.
|
# this space is for OS, docker images, etc. DOES NOT INCLUDE USER DATA.
|
||||||
export ROOT_DISK_SIZE_GB=20
|
export ROOT_DISK_SIZE_GB=20
|
||||||
export REGISTRY_URL="https://index.docker.io/v1/"
|
export REGISTRY_URL="https://index.docker.io/v1"
|
||||||
export PRIMARY_DOMAIN=
|
export PRIMARY_DOMAIN=
|
||||||
|
|
||||||
# this is the git commit of the project/ sub git repo.
|
# this is the git commit of the project/ sub git repo.
|
||||||
# used in the migration script to switch into past for backup
|
# used in the migration script to switch into past for backup
|
||||||
# then back to present (TARGET_PROJECT_GIT_COMMIT) for restore.
|
# then back to present (TARGET_PROJECT_GIT_COMMIT) for restore.
|
||||||
export TARGET_PROJECT_GIT_COMMIT=c661ac0be91276593f718debe1266e8bab3a3c65
|
export TARGET_PROJECT_GIT_COMMIT=6a97c0d3f439d71be8242522d440affbe335e406
|
||||||
|
|
||||||
|
#
|
||||||
|
export TESTNET_BLOCK_HASH=00000000d8277ba1ca66b40b3e3476629e6f0f97c5b8cfaeabfe402e55db223a
|
||||||
|
export MAINNET_BLOCK_HASH=000000000000000000047941e3a6102e8896a4ae66b962599568eb25abd6b405
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
export SS_CACHE_PATH="$SS_ROOT_PATH/cache"
|
||||||
|
export SS_JAMMY_PATH="$SS_CACHE_PATH/$UBUNTU_BASE_IMAGE_NAME"
|
@ -87,25 +87,13 @@ if ! lxc remote list | grep -q "$REMOTE_NAME"; then
|
|||||||
# first let's copy our ssh pubkey to the remote server so we don't have to login constantly.
|
# first let's copy our ssh pubkey to the remote server so we don't have to login constantly.
|
||||||
ssh-copy-id -i "$HOME/.ssh/id_rsa.pub" "ubuntu@$FQDN"
|
ssh-copy-id -i "$HOME/.ssh/id_rsa.pub" "ubuntu@$FQDN"
|
||||||
|
|
||||||
if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
|
|
||||||
echo "INFO: It looks like you didn't provide input on the command line for the data plane macvlan interface."
|
|
||||||
echo " We need to know which interface that is! Enter it here now."
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
ssh "ubuntu@$FQDN" ip link
|
|
||||||
|
|
||||||
echo "Please enter the network interface that's dedicated to the Sovereign Stack data plane: "
|
|
||||||
read -r DATA_PLANE_MACVLAN_INTERFACE
|
|
||||||
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$DISK_TO_USE" ]; then
|
if [ -z "$DISK_TO_USE" ]; then
|
||||||
echo "INFO: It looks like the DISK_TO_USE has not been set. Enter it now."
|
echo "INFO: It looks like the DISK_TO_USE has not been set. Enter it now."
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
ssh "ubuntu@$FQDN" lsblk --paths
|
ssh "ubuntu@$FQDN" lsblk --paths
|
||||||
|
|
||||||
echo "Please enter the disk or partition that Sovereign Stack will use to store data (default: loop): "
|
echo "Please enter the disk or partition that Sovereign Stack will use to store data: "
|
||||||
read -r DISK_TO_USE
|
read -r DISK_TO_USE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -128,12 +116,6 @@ if [ "$DISK_TO_USE" != loop ]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# The MGMT Plane IP is the IP address that the LXD API binds to, which happens
|
|
||||||
# to be the same as whichever SSH connection you're coming in on.
|
|
||||||
MGMT_PLANE_IP="$(ssh ubuntu@"$FQDN" env | grep SSH_CONNECTION | cut -d " " -f 3)"
|
|
||||||
IP_OF_MGMT_MACHINE="$(ssh ubuntu@"$FQDN" env | grep SSH_CLIENT | cut -d " " -f 1 )"
|
|
||||||
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
|
|
||||||
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
|
|
||||||
|
|
||||||
# error out if the remote password is unset.
|
# error out if the remote password is unset.
|
||||||
if [ -z "$LXD_REMOTE_PASSWORD" ]; then
|
if [ -z "$LXD_REMOTE_PASSWORD" ]; then
|
||||||
@ -172,14 +154,18 @@ ssh -t "ubuntu@$FQDN" "sudo apt-get install -y ovn-host ovn-central"
|
|||||||
|
|
||||||
ssh -t "ubuntu@$FQDN" "sudo ovs-vsctl set open_vswitch . external_ids:ovn-remote=unix:/var/run/ovn/ovnsb_db.sock external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=127.0.0.1"
|
ssh -t "ubuntu@$FQDN" "sudo ovs-vsctl set open_vswitch . external_ids:ovn-remote=unix:/var/run/ovn/ovnsb_db.sock external_ids:ovn-encap-type=geneve external_ids:ovn-encap-ip=127.0.0.1"
|
||||||
|
|
||||||
# if the DATA_PLANE_MACVLAN_INTERFACE is not specified, then we 'll
|
# if the user did not specify the interface, we just use whatever is used for the default route.
|
||||||
# just attach VMs to the network interface used for for the default route.
|
|
||||||
if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
|
if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
|
||||||
DATA_PLANE_MACVLAN_INTERFACE="$(ssh -t ubuntu@"$FQDN" ip route | grep default | cut -d " " -f 5)"
|
DATA_PLANE_MACVLAN_INTERFACE="$(ssh ubuntu@"$FQDN" ip route | grep "default via" | awk '{print $5}')"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE"
|
export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE"
|
||||||
|
|
||||||
|
MGMT_PLANE_IP="$(ssh ubuntu@"$FQDN" env | grep SSH_CONNECTION | cut -d " " -f 3)"
|
||||||
|
IP_OF_MGMT_MACHINE="$(ssh ubuntu@"$FQDN" env | grep SSH_CLIENT | cut -d " " -f 1 )"
|
||||||
|
IP_OF_MGMT_MACHINE="${IP_OF_MGMT_MACHINE#*=}"
|
||||||
|
IP_OF_MGMT_MACHINE="$(echo "$IP_OF_MGMT_MACHINE" | cut -d: -f1)"
|
||||||
|
|
||||||
# run lxd init on the remote server.
|
# run lxd init on the remote server.
|
||||||
cat <<EOF | ssh ubuntu@"$FQDN" lxd init --preseed
|
cat <<EOF | ssh ubuntu@"$FQDN" lxd init --preseed
|
||||||
config:
|
config:
|
||||||
@ -235,7 +221,7 @@ if wait-for-it -t 20 "$FQDN:8443"; then
|
|||||||
lxc remote add "$REMOTE_NAME" "$FQDN" --password="$LXD_REMOTE_PASSWORD" --protocol=lxd --auth-type=tls --accept-certificate
|
lxc remote add "$REMOTE_NAME" "$FQDN" --password="$LXD_REMOTE_PASSWORD" --protocol=lxd --auth-type=tls --accept-certificate
|
||||||
lxc remote switch "$REMOTE_NAME"
|
lxc remote switch "$REMOTE_NAME"
|
||||||
|
|
||||||
echo "INFO: You have create a new remote named '$REMOTE_NAME'. Great! We switched your lxd remote to it."
|
echo "INFO: You have create a new remote named '$REMOTE_NAME'. Your lxc client is now target it."
|
||||||
else
|
else
|
||||||
echo "ERROR: Could not detect the LXD endpoint. Something went wrong."
|
echo "ERROR: Could not detect the LXD endpoint. Something went wrong."
|
||||||
exit 1
|
exit 1
|
||||||
|
@ -43,7 +43,6 @@ if lxc network list --format csv | grep -q lxdbr1; then
|
|||||||
lxc network delete lxdbr1
|
lxc network delete lxdbr1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
# create the testnet/mainnet blocks/chainstate subvolumes.
|
# create the testnet/mainnet blocks/chainstate subvolumes.
|
||||||
for CHAIN in mainnet testnet; do
|
for CHAIN in mainnet testnet; do
|
||||||
for DATA in blocks chainstate; do
|
for DATA in blocks chainstate; do
|
||||||
@ -53,16 +52,14 @@ for CHAIN in mainnet testnet; do
|
|||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
||||||
if lxc storage list --format csv | grep -q ss-base; then
|
if lxc storage list --format csv | grep -q ss-base; then
|
||||||
lxc storage delete ss-base
|
lxc storage delete ss-base
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
CURRENT_REMOTE="$(lxc remote get-default)"
|
CURRENT_REMOTE="$(lxc remote get-default)"
|
||||||
if ! lxc remote get-default | grep -q "local"; then
|
if ! lxc remote get-default | grep -q "local"; then
|
||||||
lxc remote switch local
|
lxc remote switch local
|
||||||
lxc remote remove "$CURRENT_REMOTE"
|
lxc remote remove "$CURRENT_REMOTE"
|
||||||
|
|
||||||
echo "INFO: The remote '$CURRENT_REMOTE' has been removed! You are currenly controlling your local instance."
|
echo "INFO: The remote '$CURRENT_REMOTE' has been removed! You are now controlling your local instance."
|
||||||
fi
|
fi
|
@ -5,6 +5,7 @@ echo "LXD REMOTE: $(lxc remote get-default)"
|
|||||||
lxc project list
|
lxc project list
|
||||||
|
|
||||||
lxc storage list
|
lxc storage list
|
||||||
|
lxc storage volume list ss-base
|
||||||
lxc image list
|
lxc image list
|
||||||
lxc project list
|
lxc project list
|
||||||
lxc network list
|
lxc network list
|
||||||
|
44
install.sh
44
install.sh
@ -71,14 +71,27 @@ EOF
|
|||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
SS_ROOT_PATH="$HOME/.ss"
|
|
||||||
|
|
||||||
# pull the image down if it's not there.
|
# we need to get the base image. IMport it if it's cached, else download it then cache it.
|
||||||
if ! lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
|
if ! lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
|
||||||
|
# if the image if cached locally, import it from disk, otherwise download it from ubuntu
|
||||||
|
if [ -d "$SS_JAMMY_PATH" ]; then
|
||||||
|
lxc image import "$SS_JAMMY_PATH/meta-bf1a2627bdddbfb0a9bf1f8ae146fa794800c6c91281d3db88c8d762f58bd057.tar.xz" \
|
||||||
|
"$SS_JAMMY_PATH/bf1a2627bdddbfb0a9bf1f8ae146fa794800c6c91281d3db88c8d762f58bd057.qcow2" \
|
||||||
|
--alias "$UBUNTU_BASE_IMAGE_NAME"
|
||||||
|
else
|
||||||
lxc image copy "images:$BASE_LXC_IMAGE" local: --alias "$UBUNTU_BASE_IMAGE_NAME" --vm --auto-update
|
lxc image copy "images:$BASE_LXC_IMAGE" local: --alias "$UBUNTU_BASE_IMAGE_NAME" --vm --auto-update
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# export the image if it's not cached.
|
||||||
|
if [ ! -d "$SS_JAMMY_PATH" ]; then
|
||||||
|
mkdir "$SS_JAMMY_PATH"
|
||||||
|
lxc image export "$UBUNTU_BASE_IMAGE_NAME" "$SS_JAMMY_PATH" --vm
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# if the ss-mgmt doesn't exist, create it.
|
# if the ss-mgmt doesn't exist, create it.
|
||||||
|
SSH_PUBKEY_PATH="$HOME/.ssh/id_rsa.pub"
|
||||||
if ! lxc list --format csv | grep -q ss-mgmt; then
|
if ! lxc list --format csv | grep -q ss-mgmt; then
|
||||||
lxc init "images:$BASE_LXC_IMAGE" ss-mgmt --vm -c limits.cpu=4 -c limits.memory=4GiB --profile=default
|
lxc init "images:$BASE_LXC_IMAGE" ss-mgmt --vm -c limits.cpu=4 -c limits.memory=4GiB --profile=default
|
||||||
|
|
||||||
@ -90,6 +103,23 @@ if ! lxc list --format csv | grep -q ss-mgmt; then
|
|||||||
if [ -d "$SS_ROOT_PATH" ]; then
|
if [ -d "$SS_ROOT_PATH" ]; then
|
||||||
lxc config device add ss-mgmt ssroot disk source="$SS_ROOT_PATH" path=/home/ubuntu/.ss
|
lxc config device add ss-mgmt ssroot disk source="$SS_ROOT_PATH" path=/home/ubuntu/.ss
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# if a ~/.bitcoin/testnet3/blocks direrectory exists, mount it in.
|
||||||
|
BITCOIN_TESTNET_BLOCKS_PATH="$HOME/.bitcoin/testnet3/blocks"
|
||||||
|
if [ -d "$BITCOIN_TESTNET_BLOCKS_PATH" ]; then
|
||||||
|
lxc config device add ss-mgmt ss-testnet-blocks disk source="$BITCOIN_TESTNET_BLOCKS_PATH" path=/home/ubuntu/.ss/cache/bitcoin/testnet/blocks
|
||||||
|
fi
|
||||||
|
|
||||||
|
# if a ~/.bitcoin/testnet3/blocks direrectory exists, mount it in.
|
||||||
|
BITCOIN_TESTNET_CHAINSTATE_PATH="$HOME/.bitcoin/testnet3/chainstate"
|
||||||
|
if [ -d "$BITCOIN_TESTNET_CHAINSTATE_PATH" ]; then
|
||||||
|
lxc config device add ss-mgmt ss-testnet-chainstate disk source="$BITCOIN_TESTNET_CHAINSTATE_PATH" path=/home/ubuntu/.ss/cache/bitcoin/testnet/chainstate
|
||||||
|
fi
|
||||||
|
|
||||||
|
# mount the ssh directory in there.
|
||||||
|
if [ -f "$SSH_PUBKEY_PATH" ]; then
|
||||||
|
lxc config device add ss-mgmt ss-ssh disk source="$HOME/.ssh" path=/home/ubuntu/.ssh
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# start the vm if it's not already running
|
# start the vm if it's not already running
|
||||||
@ -106,16 +136,6 @@ while lxc exec ss-mgmt -- [ ! -f /var/lib/cloud/instance/boot-finished ]; do
|
|||||||
sleep 1
|
sleep 1
|
||||||
done
|
done
|
||||||
|
|
||||||
SSH_PUBKEY_PATH="$HOME/.ssh/id_rsa.pub"
|
|
||||||
if [ ! -f "$SSH_PUBKEY_PATH" ]; then
|
|
||||||
ssh-keygen -f "$SSH_HOME/id_rsa" -t ecdsa -b 521 -N ""
|
|
||||||
fi
|
|
||||||
|
|
||||||
# place the bare metal mgmt machine ssh pubkey on the remote host in the authorzed_keys section
|
|
||||||
if [ -f "$SSH_PUBKEY_PATH" ]; then
|
|
||||||
lxc file push "$SSH_PUBKEY_PATH" ss-mgmt/home/ubuntu/.ssh/authorized_keys
|
|
||||||
fi
|
|
||||||
|
|
||||||
# do some other preparations for user experience
|
# do some other preparations for user experience
|
||||||
lxc file push ./management/bash_profile ss-mgmt/home/ubuntu/.bash_profile
|
lxc file push ./management/bash_profile ss-mgmt/home/ubuntu/.bash_profile
|
||||||
lxc file push ./management/bashrc ss-mgmt/home/ubuntu/.bashrc
|
lxc file push ./management/bashrc ss-mgmt/home/ubuntu/.bashrc
|
||||||
|
@ -38,6 +38,10 @@ if lxc list --format csv | grep -q "ss-mgmt"; then
|
|||||||
lxc config device remove ss-mgmt ssroot
|
lxc config device remove ss-mgmt ssroot
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -d "$HOME/.ssh" ]; then
|
||||||
|
lxc config device remove ss-mgmt ss-ssh
|
||||||
|
fi
|
||||||
|
|
||||||
lxc delete ss-mgmt
|
lxc delete ss-mgmt
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user