Last active
August 24, 2020 23:57
-
-
Save 44uk/874a8380cff0dd7dd1e41ed3d8ff6f2e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# curl -sL https://gist.githubusercontent.com/44uk/874a8380cff0dd7dd1e41ed3d8ff6f2e/raw/symbol-testnet-bootstrap-setup.sh | sudo bash | |
# | |
# for Ubuntu Server 18.04 | |
# AWS EC2 の ステップ3: インスタンスの詳細の設定 高度な詳細 > ユーザーデータ に貼り付けることで、 | |
# インスタンス起動時にsymbol-testnet-bootstrapのpeerノードのセットアップを行います。 | |
# | |
# 次の作業を行います。 | |
# * ノード動作用ユーザの作成 | |
# * ssh接続ポートの変更 | |
# * docker,docker-composeのインストール | |
# * symbol-testnet-bootstrapのdocker-composeをサービス化 | |
# * 任意のfriendly_nameを設定(変数に値を入れてください) | |
# * 任意のhostを設定(変数に値を入れてください) | |
# | |
# セキュリティグループでは次のポートを公開してください。 | |
# * 7900 peerノード間の通信用 | |
# * 7901 | |
# * 7902 ブローカーノード間の通信用(API起動時) | |
# * 3000 ゲートウェイの通信用(API起動時) | |
# * 50022 sshd (変数で任意に変更可) | |
BOOTSTRAP_TAG=0.9.6.4-beta1 | |
DOCKER_COMPOSE_VER=1.26.2 | |
ASSEMBLY=api-harvest # peer, api, api-harvest | |
FRIENDLY_NAME= | |
NODE_HOST= | |
USE_HTTPS= | |
FQDN= | |
AUDIT= | |
USER=symbol | |
PSWD=symbol # 変更を推奨 | |
SSHD_PORT=50022 | |
# ------------------------------------------------------------- | |
[ "$ASSEMBLY" = "peer" ] && ROLE=peer || ROLE=api | |
USER_HOME=/home/$USER | |
BOOTSTRAP_HOME=$USER_HOME/symbol-testnet-bootstrap | |
ASSEMBLY_HOME=$BOOTSTRAP_HOME/$ASSEMBLY-assembly | |
RESOURCES_HOME=$ROLE-node/userconfig/resources | |
# Create Swap 2GB | |
dd if=/dev/zero of=/swapfile bs=128M count=16 | |
chmod 600 /swapfile | |
mkswap /swapfile | |
swapon /swapfile | |
swapon -s | |
echo '/swapfile swap swap defaults 0 0' >> /etc/fstab | |
# 不必要なパッケージを削除 | |
apt-get remove --purge -y \ | |
byobu \ | |
nano \ | |
screen \ | |
telnet | |
# パッケージを最新へアップデート | |
apt-get update -y && apt-get upgrade -y | |
# Install packages | |
apt-get install -y git fail2ban | |
# Install docker | |
apt-get install -y apt-transport-https ca-certificates curl software-properties-common | |
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - | |
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | |
apt-get update -y && apt-get install -y docker-ce | |
# Install docker-compose | |
curl -L https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VER/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose | |
chmod +x /usr/local/bin/docker-compose | |
# sshdの接続ポート変更 | |
/bin/sed -i.bak -e "s/^#Port 22$/Port $SSHD_PORT/" /etc/ssh/sshd_config | |
systemctl restart sshd | |
# Configure firewall | |
ufw --force enable | |
ufw default DENY | |
ufw allow $SSHD_PORT | |
ufw reload | |
# ノード用ユーザ作成 | |
adduser --disabled-password --gecos "" "$USER" | |
echo "$USER:$PSWD" | chpasswd | |
# Configure docker | |
usermod -a -G docker "$USER" | |
## Set dockremap | |
echo '{"userns-remap":"default","log-driver":"json-file","log-opts":{"max-size":"100m","max-file":"3"}}' > /etc/docker/daemon.json | |
systemctl restart docker | |
sed -Ei.bak "/dockremap:/,/:/ s/[0-9]+/$(id -u $USER)/" /etc/subuid | |
sed -Ei.bak "/dockremap:/,/:/ s/[0-9]+/$(id -g $USER)/" /etc/subgid | |
systemctl restart docker | |
# Move to user home | |
cd $USER_HOME | |
# Clone symbol-testnet-bootstrap | |
git clone https://github.com/nemgrouplimited/symbol-testnet-bootstrap.git --depth 1 -b $BOOTSTRAP_TAG | |
chown -R $USER: symbol-testnet-bootstrap | |
cd $ASSEMBLY_HOME | |
# HACK: use 0.9.6.4 escape issue https://github.com/nemtech/catapult-server/issues/81 # Download symbol-testnet-bootstrap | |
sed -i.bak '/catapult-server:gcc/ s/0.9.6.3/0.9.6.4/g' ./docker-compose.yaml | |
if [ "$USE_HTTPS" = "on" ] && [ "$FDQN" ]; then | |
# Add https-portal container | |
cat << __EOD__ >> ./docker-compose.yaml | |
https-portal: | |
image: steveltn/https-portal:1 | |
ports: | |
- "80:80" | |
- "3001:443" | |
restart: always | |
environment: | |
WEBSOCKET: 'true' | |
DOMAINS: '$FDQN -> http://rest-gateway:3000' | |
STAGE: production | |
# DOMAINS: 'symbol.local -> http://rest-gateway:3000' | |
# STAGE: local | |
volumes: | |
- ./ssl-certs:/var/lib/https-portal:rw | |
depends_on: | |
- rest-gateway | |
__EOD__ | |
fi | |
# 設定ファイルを修正するために、起動前に生成 | |
sudo -u $USER docker-compose -f docker-compose.yaml up --build update_configs | |
if [ -n "$FRIENDLY_NAME" ]; then | |
sed -i.bak "/friendly_name:/ s/: [0-9a-z]\{8\}/: $FRIENDLY_NAME/" ../identity/config-input.yaml | |
fi | |
if [ -n "$NODE_HOST" ]; then | |
sed -i.bak "/^host/ s/$/$NODE_HOST/" $RESOURCES_HOME/config-node.properties.template | |
fi | |
if [ "$AUDIT" = "ON" ]; then | |
sed -i.bak "s/enableDispatcherInputAuditing = false/enableDispatcherInputAuditing = true/" $RESOURCES_HOME/config-node.properties.template | |
fi | |
# 設定ファイルの適用 | |
sudo -u $USER docker-compose -f docker-compose.yaml up --build update_configs | |
# symbol.service | |
cat << __EOD__ > /etc/systemd/system/symbol.service | |
[Unit] | |
Description=Symbol Bootstrap Service Daemon | |
After=docker.service | |
[Service] | |
Type=simple | |
User=$USER | |
WorkingDirectory=$ASSEMBLY_HOME | |
Environment=COMPOSE_FILE=$ASSEMBLY_HOME/docker-compose.yaml | |
ExecStartPre=/usr/local/bin/docker-compose -f \$COMPOSE_FILE rm -v -f | |
ExecStartPre=/usr/local/bin/docker-compose -f \$COMPOSE_FILE down | |
ExecStart=/usr/local/bin/docker-compose -f \$COMPOSE_FILE up --build | |
ExecStop=/usr/local/bin/docker-compose -f \$COMPOSE_FILE stop | |
ExecStopPost=/usr/local/bin/docker-compose -f \$COMPOSE_FILE rm -v -f | |
ExecStopPost=/usr/local/bin/docker-compose -f \$COMPOSE_FILE down | |
ExecReload=/usr/local/bin/docker-compose -f \$COMPOSE_FILE restart | |
Restart=always | |
RestartSec=60s | |
[Install] | |
WantedBy=multi-user.target | |
__EOD__ | |
# ブートストラップの常時起動設定とサービスの開始 | |
systemctl daemon-reload | |
systemctl enable symbol && systemctl start symbol | |
apt-get clean -y && apt-get autoremove -y | |
dpkg -l 'linux-image-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' | xargs sudo apt-get -y purge | |
update-grub |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment