Commit Graph

46 Commits

Author SHA1 Message Date
Alex Vandiver 64516ab9f4 install-aws-server: Output tsh ssh command, not ssh. 2024-08-20 10:04:40 -07:00
Alex Vandiver a5a898ba21 install-aws-server: Switch to 24.04. 2024-08-20 10:04:37 -07:00
Alex Vandiver 3adedc9545 install-aws-server: Set the name of the root EBS volume. 2024-08-20 10:03:59 -07:00
Alex Vandiver 92de254764 kandra: Default to installing "production", not "main". 2024-06-24 11:22:17 -07:00
Alex Vandiver b23d90ed62 puppet: Rename puppet/zulip_ops to puppet/kandra.
This makes for easier tab-completion, and also is a bit more explicit
about the expected consumer.
2024-02-06 17:56:27 -08:00
Alex Vandiver ff00c01538 bootstrap-aws-installer: Pull all keys from secretsmanager. 2024-01-31 16:41:04 -08:00
Alex Vandiver bd87f53c86 install-aws-server: Build a tool to smuggle scripts inline in the bootdata. 2024-01-31 16:41:04 -08:00
Alex Vandiver 333cc902fb install-aws-server: chdir to the repo root first. 2024-01-31 16:41:04 -08:00
Alex Vandiver 38bf1c5d22 install-aws-cli: Move into puppet files. 2024-01-31 16:41:04 -08:00
Alex Vandiver 21237f42ba install-aws-server: Enable instance metadata tags.
These are shown in the Teleport UI.
2024-01-31 16:41:04 -08:00
Alex Vandiver 1acfe59fe5 install-aws-server: Pull latest 22.04 AMI by default. 2024-01-31 16:41:04 -08:00
Anders Kaseorg 8a8e538af7 install-aws-server: Use correct fd and exit code for usage message.
On --help, write to stdout and exits with 0; on error, write to stderr
and exit with 1.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-04 14:01:34 -08:00
Alex Vandiver 1b5e058d3b install-aws-server: Add a --debug-key to allow logins during bootstrap. 2022-06-28 09:39:31 -04:00
Alex Vandiver 1a1061e77e install-aws-server: Switch to getopt. 2022-06-28 09:39:31 -04:00
Alex Vandiver 1be9ab2690 install-aws-server: Assume zulip_ops::profile:: prefix on all roles.
This will require that any profile-specific sections of
`$HOME/.zulip-install-server.conf` be renamed to their short form.
2022-06-28 09:39:31 -04:00
Alex Vandiver 9a3be2af64 install-aws-server: Fix default_branch config name. 2022-06-28 09:39:31 -04:00
Alex Vandiver 7b95f38854 install-aws-server: Link to run-instances documentation. 2022-01-12 15:52:19 -08:00
Alex Vandiver 44b8321721 install-aws-server: Shell hygene. 2022-01-12 15:52:19 -08:00
Alex Vandiver 1522eeaebf install-aws-server: Configurable disk size. 2022-01-12 15:52:19 -08:00
Alex Vandiver 0288964884 install-aws-server: Default to encrypted gp3 disks. 2022-01-12 15:52:19 -08:00
Alex Vandiver f52ee561ae install-aws-server: Configurable availability zone. 2022-01-12 15:52:19 -08:00
Alex Vandiver 8e89097dc1 install-aws-server: Intentionally space-split security groups.
This allows for multiple security groups to be specified,
space-separated, in the config.
2022-01-12 15:52:19 -08:00
Alex Vandiver c66fd6a01a install-aws-server: Configurable IAM profile for hosts. 2022-01-12 15:52:19 -08:00
Alex Vandiver d9d3368553 install-aws-server: Remove ASG logic. 2022-01-12 15:52:19 -08:00
Anders Kaseorg 646c04eff2 Rename default branch to ‘main’.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-06 12:56:35 -07:00
Anders Kaseorg 06033545eb bootstrap-awscli: Remove executable bit.
Even though this looks like an independently runnable script, it
should not be run independently: a SHA-256 mismatch will fail to stop
the script, unless it was sourced from another script that has ‘set
-e’.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-06-28 17:13:57 -04:00
Alex Vandiver 48a56f8b9a aws: Turn on detailed monitoring by default. 2021-05-23 13:29:23 -07:00
Alex Vandiver 6ef497f002 aws: Let us pull all defaults from an ASG and launch template. 2021-05-23 13:29:23 -07:00
Alex Vandiver 2198dbb8c1 aws: Allow per-role overrides of config. 2021-05-23 13:29:23 -07:00
Alex Vandiver 2a247391ab aws: Shorten the tag names. 2021-05-23 13:29:23 -07:00
Alex Vandiver 188af57296 puppet: Rename postgres_appdb to postgresql.
There is only one PostgreSQL database; the "appdb" is irrelevant.
Also use "postgresql," as it is the name of the software, whereas
"postgres" the name of the binary and colloquial name.  This is minor
cleanup, but enabled by the other renames in the previous commit.
2020-10-27 13:29:19 -07:00
Alex Vandiver c2185a81d6 puppet: Move top-level zulip deployments into "profile" directory.
This moves the puppet configuration closer to the "roles and profiles
method"[1] which is suggested for organizing puppet classes.  Notably,
here it makes clear which classes are meant to be able to stand alone
as deployments.

Shims are left behind at the previous names, for compatibility with
existing `zulip.conf` files when upgrading.

[1] https://puppet.com/docs/pe/2019.8/the_roles_and_profiles_method
2020-10-27 13:29:19 -07:00
Anders Kaseorg 72d6ff3c3b docs: Fix more capitalization issues.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 11:46:55 -07:00
Alex Vandiver 50e9e2ed20 puppet: Make zulip::base include zulip::apt_repository.
There was likely more dependency complexity prior to 97766102df, but
there is now no reason to require that consumers explicitly include
zulip::apt_repository.
2020-10-22 11:30:53 -07:00
Anders Kaseorg dfaea9df65 shfmt: Reformat shell scripts with shfmt.
https://github.com/mvdan/sh

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-15 15:16:00 -07:00
Alex Vandiver a2fc823c3f provisioning: Use AWS CLI to automate provisioning
The previous steps for standing up a new host were somewhat manual.
This further scripts the process, by using the AWS CLI to start the
instance, and pass it a "user data" script to provision itself upon
boot.  This results in a hands-off provisioning process which
completes in 5min.

Additional settings are required for `~/.zulip-install-server.conf`.
It is not suited for all roles, as it assumes one instance type and
security group value.  Additionally, not all of the post-provision
process is currently automated -- Nagios SSH key verification, for
instance, is still a manual step.  There are also additional steps for
database or frontend servers.  Regardless, this is a move toward
automated provisioning.
2020-07-24 12:40:14 -07:00
Tim Abbott 05e0e99b6e install-aws-server: Use our settings.py if available. 2019-06-13 14:39:25 -07:00
Tim Abbott 2d1c2d4802 install-aws-server: Stop using ssh -t without a real terminal.
More modern Linux versions like Bionic will block this, and what we
actually want to do is just run the code in our <<EOF block via bash,
so we should do that explicitly.
2019-06-13 14:39:25 -07:00
Anders Kaseorg fc24d2e147 install-aws-server: Fix shellcheck warnings.
In tools/setup/install-aws-server line 25:
zulip_root=${ZULIP_ROOT:-$HOME/zulip}
^-- SC2034: zulip_root appears unused. Verify use (or export if used externally).

In tools/setup/install-aws-server line 40:
if [ -n "$zulip_confdir" ]; then
         ^-- SC2154: zulip_confdir is referenced but not assigned.

In tools/setup/install-aws-server line 55:
VIRTUALENV_NEEDED=$(if $(echo "$type" | grep -q app_frontend); then echo -n yes; else echo -n no; fi)
                       ^-- SC2091: Remove surrounding $() to avoid executing output.

In tools/setup/install-aws-server line 60:
SSH_OPTS=(-o HostKeyAlgorithms=ssh-rsa)
             ^-- SC2191: The = here is literal. To assign by index, use ( [index]=value ) with no spaces. To keep as literal, quote it.

In tools/setup/install-aws-server line 69:
ssh "${SSH_OPTS[@]}" "$server" -t -i "$amazon_key_file" -lroot <<EOF
                                                                 ^-- SC2087: Quote 'EOF' to make here document expansions happen on the server side rather than on the client.

In tools/setup/install-aws-server line 86:
ssh "${SSH_OPTS[@]}" "$server" -t -i "$amazon_key_file" -lroot <<EOF
                                                                 ^-- SC2087: Quote 'EOF' to make here document expansions happen on the server side rather than on the client.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-10-17 17:51:41 -07:00
Tim Abbott 4b24b9f0e7 install-aws-server: Add code for transferring an SSH key.
For quick iteration, sometimes you want a server to have an SSH key
(e.g. a GitHub deploy key for your fork).
2017-10-05 21:59:36 -07:00
Tim Abbott d9c26c307c install-aws-server: Improve handling of various corner cases.
This script is pretty far from being polished, but it is useful, so we
might as well make it a bit more robust.
2017-10-05 21:57:18 -07:00
Greg Price 73cb361896 install-aws-server: Cut out use of /root/zulip .
Our previous dependencies on the `/root/zulip` path should all be
long gone at this point.  Use a fresh temporary directory instead;
that's cleaner.
2017-08-15 17:41:07 -07:00
Tim Abbott e228243723 install-aws-server: Add support for installing zulip.conf. 2017-01-06 21:58:16 -08:00
Tim Abbott c6bdc2130b install-aws-server: secrets enhancements. 2017-01-06 21:57:20 -08:00
Tim Abbott ed0da5f874 install-aws-server: Fix usage output. 2017-01-06 21:57:20 -08:00
Tim Abbott 78a0c7c557 tools: Rewrite install-server to not hardcode configuration.
Now install-aws-server is a reusable script for setting up a Zulip
role server in AWS, without any hardcoded configuration.
2016-07-19 20:12:43 -07:00