Last active
October 27, 2017 12:45
-
-
Save nopdotcom/fb88fc23028695d3fad531297b7d87d9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
# If you're on an existing Ubuntu 16.04 machine, you can skip down to the DEPENDENCIES | |
# section. Otherwise you can use this file as a cloud-init on various providers. | |
# | |
# It would be much simpler if it only worked on one provider. | |
# | |
# This script takes a while to run. The file "ready" is created when finished. | |
# If you're logged in early, you can watch progress on most systems with the command | |
# | |
# tail -f /var/log/cloud-init-output.log | |
# | |
# but the exact path may vary by provider. | |
# | |
# Bug: on Vultr, ssh keys are created in /, not /root. Just run ssh-keygen, press enter. | |
set -e | |
set -x | |
if [ "$(id -u)" != 0 ]; then | |
echo "This script must be run as root." | |
exit 1 | |
fi | |
quiet () { "$@" >/dev/null 2>&1 ; } | |
become () { sudo -i -u "$default_user" "$@" ; } | |
# We need the user that people will use to log into the | |
# instance. Sometimes that's root, sometimes it's ubuntu, and | |
# sometimes it's your favorite username (see Google Cloud Shell). | |
if [ "$SUDO_USER" ]; then | |
default_user="$SUDO_USER" | |
elif quiet id 1001; then | |
# We're probably on GCE. Look for a clue: | |
if quiet grep DataSourceGCE /var/lib/cloud/data; then | |
default_user="$(id -un 1001)" | |
else | |
echo "There's a user 1001, and we aren't on GCE. I am confused; exiting." | |
exit 1 | |
fi | |
elif quiet id 999; then | |
# This shows up in LiveCDs as the ubuntu/xubuntu/lubuntu user. | |
default_user="$(id -un 999)" | |
elif quiet id 1000; then | |
default_user="$(id -un 1000)" | |
elif quiet id ubuntu; then | |
default_user="$(id -un ubuntu)" | |
elif ! quiet id ubuntu; then | |
# Some systems don't have an ubuntu user; make an alias for root. | |
useradd --non-unique --uid 0 --gid 0 --home-dir /root -s /bin/bash ubuntu | |
default_user=ubuntu | |
become () { "$@" ; } | |
fi | |
cd "$(become pwd)" | |
# Let startup scripts settle. | |
sleep 10 | |
DEBIAN_FRONTEND=noninteractive | |
export DEBIAN_FRONTEND | |
waitforlock () { | |
echo "Waiting for lock on $1" | |
while quiet fuser "$1" ; do | |
sleep "$2" | |
printf "%s" "$3 "; date; | |
done | |
echo "Lock opened for $1" | |
} | |
### This is full of hacks. We need to avoid initial-boot contention for | |
### dpkg/apt; we do this by sleeping, and probing twice that we can touch it. | |
### The first probe really is necessary on some providers; the second isn't. | |
### In any case, blow up if we can't do the second apt-get update. | |
waitforlock /var/lib/apt/lists/lock "5" "Waiting for apt once" | |
waitforlock /var/lib/dpkg/lock "5" "Waiting for dpkg once" | |
apt-get update || true | |
# Go back, Jack, and do it again. | |
waitforlock /var/lib/apt/lists/lock "5" "Waiting for apt a second time" | |
waitforlock /var/lib/dpkg/lock "5" "Waiting for dpkg again" | |
apt-get update | |
apt-get --yes upgrade | |
# Whew. Now we have a working, upgraded Ubuntu system we can log into. | |
# If you already have root working, you can run the fragment below as a script. | |
### STREISAND RUNTIME DEPENDENCIES BEGIN HERE | |
apt-get --yes install python-pip git build-essential python-dev python-setuptools python-cffi libffi-dev libssl-dev python-nacl | |
# We only really wanted python-pip for its dependencies. | |
pip install --upgrade pip | |
# The pip we want should be in /usr/local now. Don't fail if it didn't install right. | |
hash -r | |
pip install boto boto3 "ansible[azure]" dopy==0.3.5 "apache-libcloud>=1.5.0" linode-python pyrax | |
pip install ansible | |
### STREISAND RUNTIME DEPENDENCIES END HERE | |
# Back up and git clone into $HOME/streisand | |
become mv -f streisand "streisand.$(date --iso-8601=seconds)" || true | |
[ -d streisand ] && become git clone https://github.com/StreisandEffect/streisand.git | |
# If you already have ssh set up, you don't need this. But a lot of people don't. | |
become mkdir -p .ssh | |
# If there's already a keypair there, don't blow up. | |
become bash -c "ssh-keygen -f .ssh/id_rsa -N ''" </dev/null || true | |
become touch ready | |
wall "Streisand is ready." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment