cloud-init-streisand.sh

#!/bin/sh
#
# If you're on an existing Ubuntu 16.04 machine, you can skip down to the DEPENDENCIES
# section. Otherwise you can use this file as a cloud-init on various providers.
#
# It would be much simpler if it only worked on one provider.
# 
# This script takes a while to run. The file "ready" is created when finished.
# If you're logged in early, you can watch progress on most systems with the command
#
#     tail -f /var/log/cloud-init-output.log
# 
# but the exact path may vary by provider.
#
# Bug: on Vultr, ssh keys are created in /, not /root. Just run ssh-keygen, press enter.

set -e
set -x
if [ "$(id -u)" != 0 ]; then
    echo "This script must be run as root."
    exit 1
fi
quiet () { "$@" >/dev/null 2>&1 ; }
become () { sudo -i -u "$default_user" "$@" ; }

# We need the user that people will use to log into the
# instance. Sometimes that's root, sometimes it's ubuntu, and
# sometimes it's your favorite username (see Google Cloud Shell).
if [ "$SUDO_USER" ]; then
    default_user="$SUDO_USER"
elif quiet id 1001; then
    # We're probably on GCE. Look for a clue:
    if quiet grep DataSourceGCE /var/lib/cloud/data; then
        default_user="$(id -un 1001)"
    else
        echo "There's a user 1001, and we aren't on GCE. I am confused; exiting."
        exit 1
    fi
elif quiet id 999; then
    # This shows up in LiveCDs as the ubuntu/xubuntu/lubuntu user.
    default_user="$(id -un 999)"
elif quiet id 1000; then
    default_user="$(id -un 1000)"
elif quiet id ubuntu; then
    default_user="$(id -un ubuntu)"
elif ! quiet id ubuntu; then
    # Some systems don't have an ubuntu user; make an alias for root.
    useradd --non-unique --uid 0 --gid 0 --home-dir /root -s /bin/bash ubuntu
    default_user=ubuntu
    become () { "$@" ; }
fi

cd "$(become pwd)"



# Let startup scripts settle.
sleep 10

DEBIAN_FRONTEND=noninteractive
export DEBIAN_FRONTEND

waitforlock () {
  echo "Waiting for lock on $1"
  while quiet fuser "$1" ; do
    sleep "$2"
    printf "%s" "$3 "; date;
  done
  echo "Lock opened for $1"
}

### This is full of hacks. We need to avoid initial-boot contention for
### dpkg/apt; we do this by sleeping, and probing twice that we can touch it.
### The first probe really is necessary on some providers; the second isn't.
### In any case, blow up if we can't do the second apt-get update.

waitforlock /var/lib/apt/lists/lock "5" "Waiting for apt once"
waitforlock /var/lib/dpkg/lock "5" "Waiting for dpkg once"
apt-get update || true

# Go back, Jack, and do it again.
waitforlock /var/lib/apt/lists/lock "5" "Waiting for apt a second time"
waitforlock /var/lib/dpkg/lock "5" "Waiting for dpkg again"
apt-get update

apt-get --yes upgrade

# Whew. Now we have a working, upgraded Ubuntu system we can log into.
# If you already have root working, you can run the fragment below as a script.

### STREISAND RUNTIME DEPENDENCIES BEGIN HERE

apt-get --yes install python-pip git build-essential python-dev python-setuptools python-cffi libffi-dev libssl-dev python-nacl
# We only really wanted python-pip for its dependencies.
pip install --upgrade pip
# The pip we want should be in /usr/local now. Don't fail if it didn't install right.
hash -r
pip install boto boto3 "ansible[azure]" dopy==0.3.5 "apache-libcloud>=1.5.0" linode-python pyrax 
pip install ansible

### STREISAND RUNTIME DEPENDENCIES END HERE

# Back up and git clone into $HOME/streisand
become mv -f streisand "streisand.$(date --iso-8601=seconds)" || true
[ -d streisand ] && become git clone https://github.com/StreisandEffect/streisand.git

# If you already have ssh set up, you don't need this. But a lot of people don't.
become mkdir -p .ssh
# If there's already a keypair there, don't blow up.
become bash -c "ssh-keygen -f .ssh/id_rsa -N ''" </dev/null || true
become touch ready
wall "Streisand is ready."