2012-09-20 20:00:02 +02:00
|
|
|
#!/bin/bash -xe
|
|
|
|
|
|
|
|
server=$1
|
|
|
|
type=$2
|
2012-11-01 20:18:09 +01:00
|
|
|
hostname=$3
|
|
|
|
if [ -z "$hostname" ]; then
|
|
|
|
echo "USAGE: $0 server type hostname"
|
|
|
|
exit 1
|
|
|
|
fi
|
2013-07-11 02:26:04 +02:00
|
|
|
if ! $(echo "$hostname" | grep -q zulip); then
|
2012-11-01 20:18:09 +01:00
|
|
|
echo "USAGE: $0 server type hostname"
|
2013-07-11 02:26:04 +02:00
|
|
|
echo "Hostname must have zulip in it."
|
2012-09-20 20:00:02 +02:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2013-10-04 21:56:12 +02:00
|
|
|
zulip_root=${ZULIP_ROOT:-$HOME/zulip}
|
2012-12-13 17:29:38 +01:00
|
|
|
|
2013-10-04 21:56:12 +02:00
|
|
|
amazon_key_file=$zulip_root/zulip.pem
|
2012-12-13 17:12:49 +01:00
|
|
|
if ! [ -e "$amazon_key_file" ]; then
|
2013-10-04 21:56:12 +02:00
|
|
|
echo "You need zulip.pem at $amazon_key_file; ask tabbott for it"
|
2012-09-20 20:00:02 +02:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2013-10-30 00:20:04 +01:00
|
|
|
server_private_key_file=$zulip_root/puppet/zulip-internal/files/id_rsa
|
2012-12-13 17:12:49 +01:00
|
|
|
if ! [ -e "$server_private_key_file" ]; then
|
2012-12-12 17:37:46 +01:00
|
|
|
echo "You need a server ssh key at $server_private_key_file"
|
2012-09-20 20:00:02 +02:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2013-07-11 02:32:24 +02:00
|
|
|
# Force RSA keys. We do this because the ECDSA key is not printed on syslog,
|
|
|
|
# and our puppet configuration does not use ECDSA. If we don't do this,
|
|
|
|
# we'll get key errors after puppet apply.
|
|
|
|
SSH_OPTS="-o HostKeyAlgorithms=ssh-rsa"
|
2012-12-12 17:50:22 +01:00
|
|
|
|
2013-07-23 18:12:52 +02:00
|
|
|
set +e
|
|
|
|
|
2013-07-11 02:32:24 +02:00
|
|
|
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -ladmin <<EOF
|
|
|
|
sudo sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config
|
|
|
|
sudo mkdir ~root/.ssh && sudo cp .ssh/authorized_keys ~root/.ssh/authorized_keys
|
|
|
|
sudo service ssh restart
|
|
|
|
|
|
|
|
EOF
|
2012-09-20 20:00:02 +02:00
|
|
|
|
2013-07-23 18:12:52 +02:00
|
|
|
set -e
|
|
|
|
|
2013-07-11 02:32:24 +02:00
|
|
|
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -lroot <<EOF
|
2013-09-30 16:44:19 +02:00
|
|
|
resize2fs /dev/xvda1
|
2013-07-11 02:32:24 +02:00
|
|
|
echo "$hostname" > /etc/hostname
|
|
|
|
sed -i 's/localhost$/localhost $hostname/' /etc/hosts
|
|
|
|
/etc/init.d/hostname.sh start
|
|
|
|
|
|
|
|
# First, install any updates from the apt repo that may be needed
|
2013-10-04 21:56:12 +02:00
|
|
|
cat >/etc/apt/sources.list.d/zulip.list <<EOF2
|
2013-09-25 20:39:25 +02:00
|
|
|
deb http://apt.zulip.com/ops wheezy main
|
2012-09-20 20:00:02 +02:00
|
|
|
EOF2
|
|
|
|
apt-get update
|
2012-12-13 17:14:54 +01:00
|
|
|
apt-get -y upgrade
|
2012-09-20 20:00:02 +02:00
|
|
|
|
2013-07-23 18:13:18 +02:00
|
|
|
# need to get puppet before we can do anything with puppet
|
2013-07-11 02:32:24 +02:00
|
|
|
apt-get install -y puppet git
|
2012-09-20 20:00:02 +02:00
|
|
|
EOF
|
|
|
|
|
|
|
|
# Give new server git access
|
2012-11-01 20:14:31 +01:00
|
|
|
# TODO: Don't give servers push access to our git!
|
2013-07-11 02:32:24 +02:00
|
|
|
scp $SSH_OPTS -i "$amazon_key_file" "$server_private_key_file" root@"$server":/root/.ssh/id_rsa
|
2012-09-20 20:00:02 +02:00
|
|
|
|
2013-07-11 02:32:24 +02:00
|
|
|
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -lroot <<EOF
|
2012-09-20 20:00:02 +02:00
|
|
|
chmod 600 /root/.ssh/id_rsa
|
|
|
|
# Setup initial known_hosts including git server
|
|
|
|
cat > /root/.ssh/known_hosts <<EOF2
|
2013-08-03 04:25:50 +02:00
|
|
|
git.zulip.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDjW3wKDRuah6XT5a7Xta+S2d5ew1ZPxWTbKKgp6Cun111zFw1bvLGSKS0W3HnbXOyXLbVVsAH/cSNFHMvH2nitM15zp7w2w3NV8YbLZCkdFXp5KeKHuBQ+DYL+nDCKjunlrDfxDXvD7jn/wMN995ZsnEJqnc7N8uzIgt+5lbmie5jz3Xbt/7gQdjG5E0xGL7DzzJPp8kBzfE6B1qr5pWLVKXMuGXLCcbMaco5kEjRuM8dPrtG3kGG2YsjOkoHIqwtRwztXEmjklt1FFI06JYsW43PjmdP586nOg7n28k1ibhlF968PmRRX7USI7jJ+awPd/XH4neCdNG2f8JL2kRD
|
2012-09-20 20:00:02 +02:00
|
|
|
EOF2
|
2013-10-04 19:14:13 +02:00
|
|
|
# clone zulip repository
|
2012-09-20 20:00:02 +02:00
|
|
|
cd /root
|
2013-10-04 19:14:13 +02:00
|
|
|
rm -rf /root/zulip
|
|
|
|
git clone git@git.zulip.net:eng/zulip.git
|
|
|
|
cd /root/zulip
|
2013-02-08 21:05:33 +01:00
|
|
|
git checkout master
|
2012-09-20 20:00:02 +02:00
|
|
|
EOF
|
|
|
|
|
2013-07-11 02:32:24 +02:00
|
|
|
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -lroot <<EOF
|
2013-10-30 00:20:04 +01:00
|
|
|
cp -a /root/zulip/puppet/zulip/files/puppet.conf /etc/puppet/
|
2013-07-11 02:32:24 +02:00
|
|
|
|
2013-05-23 23:34:54 +02:00
|
|
|
userdel admin
|
2013-07-24 22:17:09 +02:00
|
|
|
passwd -d root
|
2013-11-01 00:00:30 +01:00
|
|
|
mkdir /etc/zulip
|
|
|
|
echo -e "[machine]\npuppet_classes =" $type > /etc/zulip/zulip.conf
|
|
|
|
/root/zulip/scripts/zulip-puppet-apply -f
|
2013-10-04 19:19:57 +02:00
|
|
|
cp -a /root/zulip /home/zulip/zulip
|
2013-10-04 20:23:48 +02:00
|
|
|
chown -R zulip:zulip /home/zulip/zulip
|
2012-10-30 19:20:12 +01:00
|
|
|
# These server restarting bits should be moveable into puppet-land, ideally
|
2012-12-13 17:14:54 +01:00
|
|
|
apt-get -y upgrade
|
2012-10-30 19:20:12 +01:00
|
|
|
if [ -e "/etc/init.d/nginx" ]; then
|
|
|
|
service nginx restart
|
|
|
|
fi
|
|
|
|
if [ -e "/etc/init.d/apache2" ]; then
|
|
|
|
service apache2 restart
|
|
|
|
fi
|
2012-11-01 20:18:09 +01:00
|
|
|
|
2012-09-20 20:00:02 +02:00
|
|
|
EOF
|
|
|
|
|
2012-11-01 20:14:31 +01:00
|
|
|
# TODO: Don't give servers push access to our git!
|
2013-10-04 20:23:48 +02:00
|
|
|
scp $SSH_OPTS -i "$amazon_key_file" "$server_private_key_file" zulip@"$server":/home/zulip/.ssh/id_rsa
|
|
|
|
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -lzulip <<EOF
|
2013-10-04 19:19:57 +02:00
|
|
|
chmod 600 /home/zulip/.ssh/id_rsa
|
2012-11-01 20:14:31 +01:00
|
|
|
EOF
|
|
|
|
|
2012-09-20 20:00:02 +02:00
|
|
|
set +x
|
|
|
|
cat <<EOF
|
|
|
|
|
|
|
|
Done.
|
|
|
|
|
|
|
|
EOF
|