2012-09-20 20:00:02 +02:00
|
|
|
#!/bin/bash -xe
|
|
|
|
|
|
|
|
server=$1
|
|
|
|
type=$2
|
2012-11-01 20:18:09 +01:00
|
|
|
hostname=$3
|
|
|
|
if [ -z "$hostname" ]; then
|
|
|
|
echo "USAGE: $0 server type hostname"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
if ! $(echo "$hostname" | grep -q humbughq.com$); then
|
|
|
|
echo "USAGE: $0 server type hostname"
|
|
|
|
echo "Hostname must end with humbughq.com"
|
2012-09-20 20:00:02 +02:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2012-12-12 17:37:46 +01:00
|
|
|
amazon_key_file=~/humbug/humbug.pem
|
2012-12-13 17:12:49 +01:00
|
|
|
if ! [ -e "$amazon_key_file" ]; then
|
2012-12-12 17:37:46 +01:00
|
|
|
echo "You need humbug.pem at $amazon_key_file; ask tabbott for it"
|
2012-09-20 20:00:02 +02:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2012-12-12 17:37:46 +01:00
|
|
|
server_private_key_file=~/humbug/servers/puppet/files/id_rsa
|
2012-12-13 17:12:49 +01:00
|
|
|
if ! [ -e "$server_private_key_file" ]; then
|
2012-12-12 17:37:46 +01:00
|
|
|
echo "You need a server ssh key at $server_private_key_file"
|
2012-09-20 20:00:02 +02:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2012-12-12 17:50:22 +01:00
|
|
|
humbug_cert_file=~/humbug/certs/humbug-self-signed.key
|
2012-12-13 17:12:49 +01:00
|
|
|
if ! [ -e "$humbug_cert_file" ]; then
|
2012-12-12 17:50:22 +01:00
|
|
|
echo "You need humbug-self-signed.key at $humbug_cert_file"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2012-12-12 17:37:46 +01:00
|
|
|
ssh "$server" -t -i "$amazon_key_file" -lroot <<EOF
|
2012-09-20 20:00:02 +02:00
|
|
|
resize2fs /dev/xvda1
|
|
|
|
|
|
|
|
# First, install a sufficiently new version of puppet on the target
|
|
|
|
cat >>/etc/apt/sources.list.d/backports.list <<EOF2
|
|
|
|
deb http://backports.debian.org/debian-backports squeeze-backports main
|
|
|
|
deb-src http://backports.debian.org/debian-backports squeeze-backports main
|
|
|
|
EOF2
|
|
|
|
apt-get update
|
|
|
|
yes '' | apt-get upgrade
|
|
|
|
|
|
|
|
# need to get puppet from squeeze-backports before we can do anything with puppet
|
|
|
|
yes '' | apt-get install -t squeeze-backports puppet git
|
|
|
|
EOF
|
|
|
|
|
|
|
|
# Give new server git access
|
2012-11-01 20:14:31 +01:00
|
|
|
# TODO: Don't give servers push access to our git!
|
2012-12-12 17:37:46 +01:00
|
|
|
scp -i "$amazon_key_file" "$server_private_key_file" root@"$server":/root/.ssh/id_rsa
|
2012-09-20 20:00:02 +02:00
|
|
|
|
2012-12-12 17:37:46 +01:00
|
|
|
ssh "$server" -t -i "$amazon_key_file" -lroot <<EOF
|
2012-09-20 20:00:02 +02:00
|
|
|
chmod 600 /root/.ssh/id_rsa
|
|
|
|
# Setup initial known_hosts including git server
|
|
|
|
cat > /root/.ssh/known_hosts <<EOF2
|
|
|
|
|1|YmrT42zuHUt3kvg+MzhtF1IXakM=|Ps1MaxDiy5uTeFTjB2k8oQQyxg8= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jhFu8Y9kSe+HyWtCmH2GqTi38lwqZzhAkyaUaASwvcvCRJWGC6AMPGVCKyNxJMcWcIcmP+mB8i5z5AhsgqwEmV5F9TrbPYjbroALCoZEon/bnCBNd3Jh/8eKZI/VLCzWQpL2FTZ5p1RYnCJ4PKSjd8PbKbGd5eAyRlbuETeyavwC+komLlekKkV+wiAv4aGuGRZeGrVJIqSRydVplQrFVaoF/1ifFS/XcNx18jFH0nw8oPOahaTzB/EUTTS/q1Cq0XgrA7x6bsr5kg4Vtw0BcP7JLob6pl/1D9FjLYsDPZCPGIfJV2uF4WcRJWg/U6OtSKOrwTmVw02TcwaavARr
|
|
|
|
|1|ccgacGoQ9gPCsFVrAopK3oGvYfU=|YcNvWUziiANLr22lvHD05N2veas= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jhFu8Y9kSe+HyWtCmH2GqTi38lwqZzhAkyaUaASwvcvCRJWGC6AMPGVCKyNxJMcWcIcmP+mB8i5z5AhsgqwEmV5F9TrbPYjbroALCoZEon/bnCBNd3Jh/8eKZI/VLCzWQpL2FTZ5p1RYnCJ4PKSjd8PbKbGd5eAyRlbuETeyavwC+komLlekKkV+wiAv4aGuGRZeGrVJIqSRydVplQrFVaoF/1ifFS/XcNx18jFH0nw8oPOahaTzB/EUTTS/q1Cq0XgrA7x6bsr5kg4Vtw0BcP7JLob6pl/1D9FjLYsDPZCPGIfJV2uF4WcRJWg/U6OtSKOrwTmVw02TcwaavARr
|
|
|
|
EOF2
|
|
|
|
# clone humbug repository
|
|
|
|
cd /root
|
|
|
|
rm -rf /root/humbug
|
|
|
|
git clone humbug@git.humbughq.com:/srv/git/humbug.git
|
|
|
|
cd /root/humbug
|
|
|
|
git checkout origin/tabbott-puppet
|
|
|
|
EOF
|
|
|
|
|
|
|
|
# Stupid hack because humbug-self-signed.key isn't in git
|
2012-12-12 17:50:22 +01:00
|
|
|
scp -i "$amazon_key_file" "$humbug_cert_file" root@"$server":/root/humbug/certs/humbug-self-signed.key
|
2012-09-20 20:00:02 +02:00
|
|
|
|
2012-10-26 20:17:36 +02:00
|
|
|
# TODO: Copy the real certs into place for prod servers
|
|
|
|
|
2012-12-12 17:37:46 +01:00
|
|
|
ssh "$server" -t -i "$amazon_key_file" -lroot <<EOF
|
2012-09-20 20:00:02 +02:00
|
|
|
cp -a /root/humbug/servers/puppet/puppet.conf /etc/puppet/
|
2012-10-30 19:20:12 +01:00
|
|
|
# HACK: run puppet twice to workaround bug in puppet's dependency
|
|
|
|
# resolution (namely apache module 'ssl' being enabled _after_ the
|
|
|
|
# sites that use it )
|
2012-09-20 20:00:02 +02:00
|
|
|
puppet apply /root/humbug/servers/puppet/manifests/site.pp || true
|
|
|
|
puppet apply /root/humbug/servers/puppet/manifests/site.pp
|
2012-10-30 19:20:12 +01:00
|
|
|
# These server restarting bits should be moveable into puppet-land, ideally
|
2012-12-12 17:50:48 +01:00
|
|
|
yes '' | apt-get upgrade
|
2012-11-18 00:16:27 +01:00
|
|
|
service iptables-persistent start
|
2012-10-30 19:20:12 +01:00
|
|
|
service ssh restart
|
|
|
|
if [ -e "/etc/init.d/nginx" ]; then
|
|
|
|
service nginx restart
|
|
|
|
fi
|
|
|
|
if [ -e "/etc/init.d/apache2" ]; then
|
|
|
|
service apache2 restart
|
|
|
|
fi
|
2012-11-01 20:18:09 +01:00
|
|
|
|
|
|
|
echo "$hostname" > /etc/hostname
|
|
|
|
sed -i 's/localhost$/localhost $hostname/' /etc/hosts
|
|
|
|
/etc/init.d/hostname.sh start
|
2012-09-20 20:00:02 +02:00
|
|
|
EOF
|
|
|
|
|
2012-11-01 20:14:31 +01:00
|
|
|
# TODO: Don't give servers push access to our git!
|
2012-12-12 17:37:46 +01:00
|
|
|
scp -i "$amazon_key_file" "$server_private_key_file" humbug@"$server":/home/humbug/.ssh/id_rsa
|
|
|
|
ssh "$server" -t -i "$amazon_key_file" -lhumbug <<EOF
|
2012-11-01 20:14:31 +01:00
|
|
|
chmod 600 /home/humbug/.ssh/id_rsa
|
|
|
|
EOF
|
|
|
|
|
2012-09-20 20:00:02 +02:00
|
|
|
set +x
|
|
|
|
cat <<EOF
|
|
|
|
|
|
|
|
Done.
|
|
|
|
|
|
|
|
EOF
|