cloud-init-nginx-appserver

#cloud-config

#####################################
# Nginx App Server Bootstrap script
#
# Includes network mount storage config
# Designed to be used in a cluster
#
# Created by Ben Yanke
#
#####################################


# Create users and add keys
users:
  - name: ubuntu
    groups: sudo
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAu1kW8KsjsKetkEteNGD30bzGrsWXsgQTxQe74Gq7lkMoUV0nmX+/tmn2zzzqL8RjFSfcbV2K05IknLHi/TzHd+YcKOWQiN4MwRwF9qnclupuDP/GCxI8/RCjGe+jdltBTsWO1SSX+WHAERKAES4QQJ8iWCa5JDN3+GGZOGbuHdXKsHRMXQlIErosKfnhBaKTp8fRpg2KO03UDsVhoUf8y3BryVv9uTmQBOylkUCr/QHOcIIIRs1mCgeA9PCXGYaN8nbdavPfc9KE6OkVt41zkbH+5XdZ3sBzCLamXHHPEQgzIIvNI8uNlx4fMVnuiG8yxn7SLFGfVvBYlDU7a+Pyow== ben@benyanke.com main key
      - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAteFNkftBDhXZIiNoEVIhEKUvfkSO4rNHbLiWj6J+E+RDr32yMyl0Bv5pLBntqxQPlQV0an86BimKpKAQj+ddEiCejXG/AWOcVrqfzcQ9ODjka8RQQwY4wP0TtnH/p5d5fyMZTZvUBr0X+ZYj69sGp9+SdzXamF8cz42g0N4uUXB0bf7VCTTeh7+vf3hb4dqI1dUhvbgy7moKjqJfxIaYfDtqzzNUT6hB7NiHvYJaf59oQOUDXikD30SS7+jck6gqad94UOQkYPKaj4JVIzsIaahl4ZkeAR0lxqgwPMi4w27Ay+CBw78uAxQMg+xKG13q3UhwlEv+otAAOuy7nh1amQ== ben@benyanke.com mobile key
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCXHLCk0jqd45BjM3e2oQ4y3yHWxF1KWFscxdU8F/rQsYGQU0zYNG5OOy1JeJ8YKJXBZpWskJee/QF2IQAE1jj3Zj2aav+31FNMp3+jLL6OvMjL7e8d0AInsKZGXg7ABC5fs+7h42WBBfFcK+nWNhXZm6d4wKPBmngMkizeGNjaKO0aGdUIfY/RpjNHy0MKxD/vZWk8ure5p6MRe31galTY1Cf4u5ll9nX9n39eYpqHxdJoU1pH6iJ2ARuEZ8qNM/MSTz1xDsZWeFn+r9v3URIMfhWEHuKHJ/bgj0IXgcmn0t318+kqpL5B/nHAF6HARmecjxzXQEKlQUSkB8psYXO2uEc5w/9w4y+xuYHN9peIf5Sat/vrOAl3k8uQVUFfedHw0uH5vsO+ZRLCRjGbdRJtRcyL63ySbx2ejIEAAqlIYDOskJXVgEIsu92NCjDep4ad2KNTUHLvbNukInla/HxZbdcHo/aYx3t6potooSMCO1O59G7h+exAdTCYGOA+5dg53TEZMOeiHeOnWKLo+CQtS0vWwrQQomjfC/GcEddkXw6Fech9vCRerstWrMNnh2OThWPAzQRE7jBHVNPL5A89XVv0hK3tuMoTXS08WBbkZkI1RjgOBNFVrKNPRMKKsRn6lq6KuUrAil8ua11vEdAmYgd0OABJbyfLpuU54VYCew== frh-vps-key.pub

  - name: benyanke
    groups: sudo
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAu1kW8KsjsKetkEteNGD30bzGrsWXsgQTxQe74Gq7lkMoUV0nmX+/tmn2zzzqL8RjFSfcbV2K05IknLHi/TzHd+YcKOWQiN4MwRwF9qnclupuDP/GCxI8/RCjGe+jdltBTsWO1SSX+WHAERKAES4QQJ8iWCa5JDN3+GGZOGbuHdXKsHRMXQlIErosKfnhBaKTp8fRpg2KO03UDsVhoUf8y3BryVv9uTmQBOylkUCr/QHOcIIIRs1mCgeA9PCXGYaN8nbdavPfc9KE6OkVt41zkbH+5XdZ3sBzCLamXHHPEQgzIIvNI8uNlx4fMVnuiG8yxn7SLFGfVvBYlDU7a+Pyow== ben@benyanke.com main key
      - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAteFNkftBDhXZIiNoEVIhEKUvfkSO4rNHbLiWj6J+E+RDr32yMyl0Bv5pLBntqxQPlQV0an86BimKpKAQj+ddEiCejXG/AWOcVrqfzcQ9ODjka8RQQwY4wP0TtnH/p5d5fyMZTZvUBr0X+ZYj69sGp9+SdzXamF8cz42g0N4uUXB0bf7VCTTeh7+vf3hb4dqI1dUhvbgy7moKjqJfxIaYfDtqzzNUT6hB7NiHvYJaf59oQOUDXikD30SS7+jck6gqad94UOQkYPKaj4JVIzsIaahl4ZkeAR0lxqgwPMi4w27Ay+CBw78uAxQMg+xKG13q3UhwlEv+otAAOuy7nh1amQ== ben@benyanke.com mobile key



# Modify the /etc/profile for all shell sessions
write_files:
  - content: |
      -----------------------------------------------------------------

      Webserver cluster instance

      -----------------------------------------------------------------
      BANNER INFO HERE
      
      -----------------------------------------------------------------
      BANNER INFO HERE
      
      -----------------------------------------------------------------

    path: /etc/motd.tail
    owner: root:root
    permissions: '0644'


# Install packages
packages:
 - apg
 - nano
 - htop
 - curl
 - wget
 - git
 - mariadb-client
 - mariadb-server
 - composer
 - phpunit
 - mcrypt
 - tree
 - php7.0
 - vim
 - screen
 - iotop
 - httpie
 - sqlite
 - sqlite3
 - swapspace
 - autofs
 - cifs-utils
 - nginx
 - php7.0-fpm
 - php7.0-cli
 - php7.0-curl
 - php7.0-json
 - php7.0-mysql
 - php7.0-ldap
 - php7.0-zip
 - php7.0-mbstring
 - php7.0-xml
 - php7.0-tidy
 - php7.0-soap
 - php7.0-dev

package_upgrade: true

# AutoFS Setup
# Based on:
# http://www.unixmen.com/how-to-mount-a-smbcifs-share-as-an-automount-on-centosfedorarhel/

runcmd:
  - rm -rf /mnt/remote;
  - mkdir -p /mnt/remote/appcluster;
  - echo "/mnt/remote /etc/auto.cifs    --timeout=300 --ghost" > /etc/auto.master
  - echo "appcluster -fstype=cifs,rw,noperm,credentials=/etc/auto.credentials.appcluster    //MOUNTSERVER/MOUNTPOINT" >  /etc/auto.cifs
  - echo "username=USERNAMEHERE" > /etc/auto.credentials.appcluster
  - echo "password=PASSWORDHERE" >> /etc/auto.credentials.appcluster
  # - echo "domain=DOMAINHERE" >> /etc/auto.credentials.appcluster
  - chown root:root /etc/auto.credentials.*
  - chmod 600 /etc/auto.credentials.*
  - service autofs restart


# Setting up Nginx Virtualhost config from network share
runcmd:
  - rm -rf /etc/nginx/sites-enabled
  - ln -s $basedir/config/nginx/sites-enabled /etc/nginx/sites-enabled

# Setting up nginx snippets
runcmd:
  - rm -rf /etc/nginx/snippets
  - ln -s $basedir/config/nginx/snippets /etc/nginx/snippets

# Modifying nginx config
runcmd:
  - cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.original
  - sed -i 's/include \/etc\/nginx\/sites-enabled\/\*;/include \/etc\/nginx\/sites-enabled\/\*.conf;/g' /etc/nginx/nginx.conf

# Linking to the network share
runcmd:
  - rm -rf /var/www
  - ln -s $basedir/www /var/www
# Restart nginx
  - sudo service nginx restart


# Configure PHP-FPM
runcmd:
  - cp /etc/php/7.0/fpm/php.ini /etc/php/7.0/fpm/php.ini.original
  - sed -i 's/;cgi\.fix_pathinfo=1/cgi\.fix_pathinfo=1/g' /etc/php/7.0/fpm/php.ini
  - service php7.0-fpm restart

# Setup UFW firewall

runcmd:
  - ufw default deny incoming
  - ufw default allow outgoing
  - ufw allow 22 # IN ETH1 (private)
  - ufw allow 80
  - ufw allow 443
  - ufw --force enable

# Remote apt packages
runcmd:
  - apt autoremove -y
  - apt autoremove -y
  - apt autoremove -y


power_state:
  timeout: 5
  message: Rebooting after provisioning server.
  mode: reboot