-
-
Save renoirb/5f7258437937da7d2911db7b243280a7 to your computer and use it in GitHub Desktop.
Install Salt Stack initialization script, and Vagrantfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
export HOSTNAME=`hostname` | |
## We are assuming that "noc" is a Salt Master. | |
if [[ "${HOSTNAME}" =~ "noc" ]]; then | |
export ENABLE_SALT_MASTER=1 | |
fi | |
if [ -f "/etc/lsb-release" ]; then | |
source /etc/lsb-release | |
if [[ "trusty" != "${DISTRIB_CODENAME}" ]]; then | |
echo "Unsupported Debian/Ubuntu distribution. This script is designed to work only on Ubuntu 14.04 LTS." | |
exit 1 | |
fi | |
else | |
echo "This script is designed to work only on Ubuntu 14.04 LTS." | |
exit 2 | |
fi | |
if [[ ${RUNAS} ]]; then | |
export run_as="$RUNAS" | |
else | |
read -p "Run salt-call as which user?: " run_as | |
fi | |
if [[ ${INIT_LEVEL} ]]; then | |
export level="$INIT_LEVEL" | |
else | |
while true; do | |
read -p "What is this deployment targeted level? [sandbox,test,staging,production,vagrant]: " level | |
case $level in | |
sandbox ) break;; | |
test ) break;; | |
staging ) break;; | |
production ) break;; | |
vagrant ) break;; | |
* ) echo "Only lowercase is accepted; one of [sandbox,test,staging,production,vagrant].";; | |
esac | |
done | |
fi | |
## What we know we'll need in our states for certain | |
## - timelib: Because we have states that generates timestamps | |
## - pygit2: Because we leverage GitFS with Salt post version 2005 | |
apt-get install -y git-core python-software-properties | |
if [[ ! -f /etc/apt/sources.list.d/ppa-rhansen-pygit2.list ]]; then | |
apt-key adv --keyserver keyserver.ubuntu.com --recv ACABB5F5 | |
echo 'deb http://ppa.launchpad.net/rhansen/pygit2/ubuntu trusty main' > /etc/apt/sources.list.d/ppa-rhansen-pygit2.list | |
## Above would be equivalent to below. We want this to exist even before salt is installed. | |
#deb http://ppa.launchpad.net/rhansen/pygit2/ubuntu trusty main: | |
# pkgrepo.managed: | |
# - keyserver: hkp://keyserver.ubuntu.com:80 | |
# - keyid: ACABB5F5 | |
# - refresh_db: True | |
## Thanks https://repo.saltstack.com/#ubuntu | |
wget -O - https://repo.saltstack.com/apt/ubuntu/14.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub | sudo apt-key add - | |
echo 'deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/2016.3 trusty main' > /etc/apt/sources.list.d/saltstack-salt-trusty.list | |
apt-get update | |
fi | |
apt-get install -y salt-minion python-pygit2 python-timelib | |
if [[ ${ENABLE_SALT_MASTER} ]]; then | |
salt-call --local hosts.set_host 127.0.1.1 "noc.${level}.alias.services noc" | |
fi | |
mkdir -p /etc/salt/minion.d | |
[[ ! -f "/etc/salt/minion.d/id.conf" ]] && printf "id: ${HOSTNAME}\n" > /etc/salt/minion.d/id.conf | |
[[ ! -f "/etc/salt/minion.d/master.conf" ]] && printf "master: noc.${level}.alias.services\n" > /etc/salt/minion.d/master.conf | |
(cat <<- __END_EMBEDDED_FILE__ | |
hash_type: sha256 | |
__END_EMBEDDED_FILE__ | |
) > /etc/salt/minion.d/common.conf | |
salt-call --local grains.set level ${level} | |
if [[ ${ENABLE_SALT_MASTER} ]]; then | |
service salt-minion restart | |
echo 'This will be a salt-master' | |
apt-get install -y salt-master | |
[[ ! -L "/etc/salt/master.d/common.conf" ]] && ln -s /etc/salt/minion.d/common.conf /etc/salt/master.d/common.conf | |
echo 'Auto-accepting this node' | |
COUNTER=0 | |
WAIT=5 | |
MAX=6 | |
until salt-key -y -A -q | |
do | |
let COUNTER+=1 | |
if [[ ${COUNTER} -ge ${MAX} ]]; then | |
echo "Reached ${MAX}. You may have to accept manually by issuing 'salt-key -y -a ${HOTNAME}' yourself" | |
break | |
fi | |
echo "Failed ${COUNTER} time(s), we will wait ${WAIT} seconds until ${MAX} attempts are made" | |
sleep ${WAIT} | |
done | |
#salt-call --local saltutil.wheel key.accept ${HOSTNAME} | |
else | |
echo 'This will be a minion' | |
service salt-minion restart | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Define VM memory usage through environment variables | |
MEMORY = ENV.fetch("VAGRANT_MEMORY", "512") | |
Vagrant.configure(2) do |config| | |
config.vm.hostname = "web-dev" | |
config.vm.box = 'trusty-cloud' | |
config.vm.box_url = 'https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box' | |
config.ssh.forward_agent = true | |
# ref: https://github.com/mitchellh/vagrant/issues/1673 | |
config.vm.provision "fix-no-tty", type: "shell" do |s| | |
s.privileged = false | |
s.inline = "sudo sed -i '/tty/!s/mesg n/tty -s \\&\\& mesg n/' /root/.profile" | |
end | |
config.vm.network "private_network", type: "dhcp" | |
if Vagrant.has_plugin?("vagrant-cachier") | |
# Configure cached packages to be shared between instances of the same base box. | |
# More info on http://fgrehm.viewdocs.io/vagrant-cachier/usage | |
config.cache.scope = :box | |
config.cache.enable :apt | |
end | |
config.vm.synced_folder "www", "/srv/www", create: true | |
config.vm.synced_folder "provision/certificates", "/srv/salt/files/openssl/certificates", create: true | |
config.vm.synced_folder "log_php", "/var/log/php", create: true | |
config.vm.provider "virtualbox" do |v| | |
v.customize ["modifyvm", :id, "--memory", MEMORY] | |
v.customize ["modifyvm", :id, "--description", "Vagrant Web Development workbench located in " + File.dirname(__FILE__) ] | |
v.customize ['modifyvm', :id, '--ostype', 'Ubuntu_64'] | |
v.customize ["modifyvm", :id, "--pae", "on"] | |
end | |
config.vm.provision "shell", run: "always", inline: <<-SHELL | |
#!/bin/bash | |
## | |
## Standalone and masterless Web Development Server | |
## | |
set -e | |
if [[ ! -f /vagrant/.ssh/id_rsa ]]; then | |
mkdir -p /vagrant/.ssh | |
ssh-keygen -q -N '' -f /vagrant/.ssh/id_rsa | |
fi | |
echo '--------------------------------------------------------------------' | |
echo 'IMPORTANT: Ensure you have the following in your Bitbucket SSH keys!' | |
cat /vagrant/.ssh/id_rsa.pub | |
echo '--------------------------------------------------------------------' | |
echo '... waiting 5 seconds' | |
sleep 5 | |
if [[ ! -f /etc/salt/minion.d/fileserver.conf ]]; then | |
export INIT_LEVEL="vagrant" | |
export RUNAS="vagrant" | |
curl -s -S -L "http://aliaswebservices.bitbucket.org/init.sh" | bash | |
salt-call --local ssh.set_known_host user=root hostname=github.com | |
salt-call --local ssh.set_known_host user=root hostname=bitbucket.org | |
## Want to use NOC workspace already cloned in your workstation | |
## Uncomment lines below. You may need to adjust add_host IP though. | |
#salt-call --local hosts.add_host 172.28.128.1 workstation | |
#salt-call --local ssh.set_known_host user=root hostname=workstation | |
fi | |
if [[ -f /etc/salt/minion.d/master.conf ]]; then | |
rm -rf /etc/salt/minion.d/master.conf | |
fi | |
(cat <<- __END_EMBEDDED_FILE__ | |
# Development TLS certificates | |
The files in this directory are managed via Vagrant. | |
Changing their contents, may lead you to having problems accessing development | |
sites over TLS (HTTPS). | |
Erasing them may require you having to remove self signed certificates | |
from your Web Browser. | |
__END_EMBEDDED_FILE__ | |
) > /srv/salt/files/openssl/certificates/README.md | |
## Make sure this matches | |
## https://bitbucket.org/AliasWebServices/noc/src | |
## what what's in ops/provision/cloud. | |
## Better document difference, one settled #TODO | |
(cat <<- __END_EMBEDDED_FILE__ | |
## Written at first boot time via Vagrantfile | |
fileserver_backend: | |
- roots | |
- git | |
gitfs_provider: pygit2 | |
gitfs_base: master | |
gitfs_env_whitelist: | |
- base | |
gitfs_privkey: /vagrant/.ssh/id_rsa | |
gitfs_pubkey: /vagrant/.ssh/id_rsa.pub | |
gitfs_remotes: | |
## Want to use NOC workspace already cloned in your workstation | |
## Adjust lines below; | |
#- renoirb@workstation:/Users/renoirb/workspaces/betastream/noc/ops/configuration/states | |
#- renoirb@workstation:/Users/renoirb/workspaces/betastream/noc/ops/configuration/formulas/basesystem | |
- git@bitbucket.org:AliasWebServices/salt-states.git | |
- https://github.com/renoirb/salt-basesystem | |
git_pillar_provider: pygit2 | |
ext_pillar: | |
- git: | |
## Want to use NOC workspace already cloned in your workstation | |
## Adjust and replace line below; | |
#- master renoirb@workstation:/Users/renoirb/workspaces/betastream/noc/ops/configuration/pillars: | |
- master git@bitbucket.org:AliasWebServices/pillars.git: | |
- privkey: /vagrant/.ssh/id_rsa | |
- pubkey: /vagrant/.ssh/id_rsa.pub | |
- cmd_yaml: cat /vagrant/provision/pillar.yml | |
__END_EMBEDDED_FILE__ | |
) > /etc/salt/minion.d/fileserver.conf | |
## What's between __END_EMBEDDED_FILE__ MUST be at column 0 | |
(cat <<- __END_EMBEDDED_FILE__ | |
## Written at first boot time via Vagrantfile | |
file_client: local | |
__END_EMBEDDED_FILE__ | |
) > /etc/salt/minion.d/standalone.conf | |
## What's between __END_EMBEDDED_FILE__ MUST be at column 0 | |
if [[ ! -f /vagrant/provision/pillar.yml ]]; then | |
echo 'Making sure we have a /vagrant/provision/pillar.yml' | |
mkdir -p /vagrant/provision | |
(cat <<- __END_EMBEDDED_FILE__ | |
## This file won't be commited to source-control. | |
## Sample #TODO | |
#projects: | |
# simplesamlphp: | |
# origin: https://github.com/simplesamlphp/simplesamlphp.git | |
# public_docroot: www | |
# dependencies: | |
# apt: | |
# - php5-mcrypt | |
__END_EMBEDDED_FILE__ | |
) > /vagrant/provision/pillar.yml | |
## What's between __END_EMBEDDED_FILE__ MUST be at column 0 | |
fi | |
## Set a way here to run package upgrade once a week #TODO | |
echo 'We will be upgrading packages' | |
apt-get update &&\ | |
apt-get -y upgrade &&\ | |
apt-get -y dist-upgrade | |
service salt-minion restart | |
echo 'Running highstate, this may take a while.' | |
salt-call state.highstate -l info | |
if [[ -f /usr/bin/salt-call ]]; then | |
salt-call --local --log-level=quiet --no-color grains.get ip4_interfaces:eth1 --output=json | python -c 'import sys,json; print json.load(sys.stdin)["local"][0]' > /vagrant/.ip | |
IP=`cat /vagrant/.ip` | |
echo "Here is the VM IP address: $IP" | |
echo "Point your browser at http://$IP/adminer to manage your local databases" | |
fi | |
SHELL | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment