zulip/servers/install-server

109 lines
3.8 KiB
Plaintext
Raw Normal View History

#!/bin/bash -xe
server=$1
type=$2
hostname=$3
if [ -z "$hostname" ]; then
echo "USAGE: $0 server type hostname"
exit 1
fi
if ! $(echo "$hostname" | grep -q zulip); then
echo "USAGE: $0 server type hostname"
echo "Hostname must have zulip in it."
exit 1
fi
humbug_root=${HUMBUG_ROOT:-$HOME/humbug}
amazon_key_file=$humbug_root/humbug.pem
if ! [ -e "$amazon_key_file" ]; then
echo "You need humbug.pem at $amazon_key_file; ask tabbott for it"
exit 1
fi
server_private_key_file=$humbug_root/servers/puppet/modules/humbug/files/id_rsa
if ! [ -e "$server_private_key_file" ]; then
echo "You need a server ssh key at $server_private_key_file"
exit 1
fi
# Force RSA keys. We do this because the ECDSA key is not printed on syslog,
# and our puppet configuration does not use ECDSA. If we don't do this,
# we'll get key errors after puppet apply.
SSH_OPTS="-o HostKeyAlgorithms=ssh-rsa"
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -ladmin <<EOF
sudo sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config
sudo mkdir ~root/.ssh && sudo cp .ssh/authorized_keys ~root/.ssh/authorized_keys
sudo service ssh restart
EOF
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -lroot <<EOF
echo "$hostname" > /etc/hostname
sed -i 's/localhost$/localhost $hostname/' /etc/hosts
/etc/init.d/hostname.sh start
# First, install any updates from the apt repo that may be needed
cat >>/etc/apt/sources.list.d/humbug.list <<EOF2
deb http://apt.humbughq.com/ops wheezy main
EOF2
apt-get update
apt-get -y upgrade
# need to get puppet before we can do anything with puppeti
apt-get install -y puppet git
EOF
# Give new server git access
# TODO: Don't give servers push access to our git!
scp $SSH_OPTS -i "$amazon_key_file" "$server_private_key_file" root@"$server":/root/.ssh/id_rsa
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -lroot <<EOF
chmod 600 /root/.ssh/id_rsa
# Setup initial known_hosts including git server
cat > /root/.ssh/known_hosts <<EOF2
|1|YmrT42zuHUt3kvg+MzhtF1IXakM=|Ps1MaxDiy5uTeFTjB2k8oQQyxg8= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jhFu8Y9kSe+HyWtCmH2GqTi38lwqZzhAkyaUaASwvcvCRJWGC6AMPGVCKyNxJMcWcIcmP+mB8i5z5AhsgqwEmV5F9TrbPYjbroALCoZEon/bnCBNd3Jh/8eKZI/VLCzWQpL2FTZ5p1RYnCJ4PKSjd8PbKbGd5eAyRlbuETeyavwC+komLlekKkV+wiAv4aGuGRZeGrVJIqSRydVplQrFVaoF/1ifFS/XcNx18jFH0nw8oPOahaTzB/EUTTS/q1Cq0XgrA7x6bsr5kg4Vtw0BcP7JLob6pl/1D9FjLYsDPZCPGIfJV2uF4WcRJWg/U6OtSKOrwTmVw02TcwaavARr
|1|ccgacGoQ9gPCsFVrAopK3oGvYfU=|YcNvWUziiANLr22lvHD05N2veas= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jhFu8Y9kSe+HyWtCmH2GqTi38lwqZzhAkyaUaASwvcvCRJWGC6AMPGVCKyNxJMcWcIcmP+mB8i5z5AhsgqwEmV5F9TrbPYjbroALCoZEon/bnCBNd3Jh/8eKZI/VLCzWQpL2FTZ5p1RYnCJ4PKSjd8PbKbGd5eAyRlbuETeyavwC+komLlekKkV+wiAv4aGuGRZeGrVJIqSRydVplQrFVaoF/1ifFS/XcNx18jFH0nw8oPOahaTzB/EUTTS/q1Cq0XgrA7x6bsr5kg4Vtw0BcP7JLob6pl/1D9FjLYsDPZCPGIfJV2uF4WcRJWg/U6OtSKOrwTmVw02TcwaavARr
EOF2
# clone humbug repository
cd /root
rm -rf /root/humbug
git clone humbug@git.humbughq.com:/srv/git/humbug.git
cd /root/humbug
git checkout master
EOF
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -lroot <<EOF
cp -a /root/humbug/servers/puppet/modules/humbug/files/puppet.conf /etc/puppet/
userdel admin
puppet apply -e 'class {"humbug": machinetype => "$type"}'
cp -a /root/humbug /home/humbug/humbug
chown -R humbug:humbug /home/humbug/humbug
# These server restarting bits should be moveable into puppet-land, ideally
apt-get -y upgrade
if [ -e "/etc/init.d/nginx" ]; then
service nginx restart
fi
if [ -e "/etc/init.d/apache2" ]; then
service apache2 restart
fi
EOF
# TODO: Don't give servers push access to our git!
scp $SSH_OPTS -i "$amazon_key_file" "$server_private_key_file" humbug@"$server":/home/humbug/.ssh/id_rsa
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -lhumbug <<EOF
chmod 600 /home/humbug/.ssh/id_rsa
EOF
set +x
cat <<EOF
Done.
FIXME: Manually run servers/install-nodejs if necessary
EOF