Skip to content

Instantly share code, notes, and snippets.

@renoirb

renoirb/Vagrantfile Secret

Created July 1, 2016 20:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save renoirb/5f7258437937da7d2911db7b243280a7 to your computer and use it in GitHub Desktop.
Save renoirb/5f7258437937da7d2911db7b243280a7 to your computer and use it in GitHub Desktop.
Download ZIP
Install Salt Stack initialization script, and Vagrantfile
Raw
init.sh
#!/bin/bash
set -e
export HOSTNAME=`hostname`
## We are assuming that "noc" is a Salt Master.
if [[ "${HOSTNAME}" =~ "noc" ]]; then
export ENABLE_SALT_MASTER=1
fi
if [ -f "/etc/lsb-release" ]; then
source /etc/lsb-release
if [[ "trusty" != "${DISTRIB_CODENAME}" ]]; then
echo "Unsupported Debian/Ubuntu distribution. This script is designed to work only on Ubuntu 14.04 LTS."
exit 1
fi
else
echo "This script is designed to work only on Ubuntu 14.04 LTS."
exit 2
fi
if [[ ${RUNAS} ]]; then
export run_as="$RUNAS"
else
read -p "Run salt-call as which user?: " run_as
fi
if [[ ${INIT_LEVEL} ]]; then
export level="$INIT_LEVEL"
else
while true; do
read -p "What is this deployment targeted level? [sandbox,test,staging,production,vagrant]: " level
case $level in
sandbox ) break;;
test ) break;;
staging ) break;;
production ) break;;
vagrant ) break;;
* ) echo "Only lowercase is accepted; one of [sandbox,test,staging,production,vagrant].";;
esac
done
fi
## What we know we'll need in our states for certain
## - timelib: Because we have states that generates timestamps
## - pygit2: Because we leverage GitFS with Salt post version 2005
apt-get install -y git-core python-software-properties
if [[ ! -f /etc/apt/sources.list.d/ppa-rhansen-pygit2.list ]]; then
apt-key adv --keyserver keyserver.ubuntu.com --recv ACABB5F5
echo 'deb http://ppa.launchpad.net/rhansen/pygit2/ubuntu trusty main' > /etc/apt/sources.list.d/ppa-rhansen-pygit2.list
## Above would be equivalent to below. We want this to exist even before salt is installed.
#deb http://ppa.launchpad.net/rhansen/pygit2/ubuntu trusty main:
# pkgrepo.managed:
# - keyserver: hkp://keyserver.ubuntu.com:80
# - keyid: ACABB5F5
# - refresh_db: True
## Thanks https://repo.saltstack.com/#ubuntu
wget -O - https://repo.saltstack.com/apt/ubuntu/14.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
echo 'deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/2016.3 trusty main' > /etc/apt/sources.list.d/saltstack-salt-trusty.list
apt-get update
fi
apt-get install -y salt-minion python-pygit2 python-timelib
if [[ ${ENABLE_SALT_MASTER} ]]; then
salt-call --local hosts.set_host 127.0.1.1 "noc.${level}.alias.services noc"
fi
mkdir -p /etc/salt/minion.d
[[ ! -f "/etc/salt/minion.d/id.conf" ]] && printf "id: ${HOSTNAME}\n" > /etc/salt/minion.d/id.conf
[[ ! -f "/etc/salt/minion.d/master.conf" ]] && printf "master: noc.${level}.alias.services\n" > /etc/salt/minion.d/master.conf
(cat <<- __END_EMBEDDED_FILE__
hash_type: sha256
__END_EMBEDDED_FILE__
) > /etc/salt/minion.d/common.conf
salt-call --local grains.set level ${level}
if [[ ${ENABLE_SALT_MASTER} ]]; then
service salt-minion restart
echo 'This will be a salt-master'
apt-get install -y salt-master
[[ ! -L "/etc/salt/master.d/common.conf" ]] && ln -s /etc/salt/minion.d/common.conf /etc/salt/master.d/common.conf
echo 'Auto-accepting this node'
COUNTER=0
WAIT=5
MAX=6
until salt-key -y -A -q
do
let COUNTER+=1
if [[ ${COUNTER} -ge ${MAX} ]]; then
echo "Reached ${MAX}. You may have to accept manually by issuing 'salt-key -y -a ${HOTNAME}' yourself"
break
fi
echo "Failed ${COUNTER} time(s), we will wait ${WAIT} seconds until ${MAX} attempts are made"
sleep ${WAIT}
done
#salt-call --local saltutil.wheel key.accept ${HOSTNAME}
else
echo 'This will be a minion'
service salt-minion restart
fi
Raw
Vagrantfile
# Define VM memory usage through environment variables
MEMORY = ENV.fetch("VAGRANT_MEMORY", "512")
Vagrant.configure(2) do |config|
config.vm.hostname = "web-dev"
config.vm.box = 'trusty-cloud'
config.vm.box_url = 'https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box'
config.ssh.forward_agent = true
# ref: https://github.com/mitchellh/vagrant/issues/1673
config.vm.provision "fix-no-tty", type: "shell" do |s|
s.privileged = false
s.inline = "sudo sed -i '/tty/!s/mesg n/tty -s \\&\\& mesg n/' /root/.profile"
end
config.vm.network "private_network", type: "dhcp"
if Vagrant.has_plugin?("vagrant-cachier")
# Configure cached packages to be shared between instances of the same base box.
# More info on http://fgrehm.viewdocs.io/vagrant-cachier/usage
config.cache.scope = :box
config.cache.enable :apt
end
config.vm.synced_folder "www", "/srv/www", create: true
config.vm.synced_folder "provision/certificates", "/srv/salt/files/openssl/certificates", create: true
config.vm.synced_folder "log_php", "/var/log/php", create: true
config.vm.provider "virtualbox" do |v|
v.customize ["modifyvm", :id, "--memory", MEMORY]
v.customize ["modifyvm", :id, "--description", "Vagrant Web Development workbench located in " + File.dirname(__FILE__) ]
v.customize ['modifyvm', :id, '--ostype', 'Ubuntu_64']
v.customize ["modifyvm", :id, "--pae", "on"]
end
config.vm.provision "shell", run: "always", inline: <<-SHELL
#!/bin/bash
##
## Standalone and masterless Web Development Server
##
set -e
if [[ ! -f /vagrant/.ssh/id_rsa ]]; then
mkdir -p /vagrant/.ssh
ssh-keygen -q -N '' -f /vagrant/.ssh/id_rsa
fi
echo '--------------------------------------------------------------------'
echo 'IMPORTANT: Ensure you have the following in your Bitbucket SSH keys!'
cat /vagrant/.ssh/id_rsa.pub
echo '--------------------------------------------------------------------'
echo '... waiting 5 seconds'
sleep 5
if [[ ! -f /etc/salt/minion.d/fileserver.conf ]]; then
export INIT_LEVEL="vagrant"
export RUNAS="vagrant"
curl -s -S -L "http://aliaswebservices.bitbucket.org/init.sh" | bash
salt-call --local ssh.set_known_host user=root hostname=github.com
salt-call --local ssh.set_known_host user=root hostname=bitbucket.org
## Want to use NOC workspace already cloned in your workstation
## Uncomment lines below. You may need to adjust add_host IP though.
#salt-call --local hosts.add_host 172.28.128.1 workstation
#salt-call --local ssh.set_known_host user=root hostname=workstation
fi
if [[ -f /etc/salt/minion.d/master.conf ]]; then
rm -rf /etc/salt/minion.d/master.conf
fi
(cat <<- __END_EMBEDDED_FILE__
# Development TLS certificates
The files in this directory are managed via Vagrant.
Changing their contents, may lead you to having problems accessing development
sites over TLS (HTTPS).
Erasing them may require you having to remove self signed certificates
from your Web Browser.
__END_EMBEDDED_FILE__
) > /srv/salt/files/openssl/certificates/README.md
## Make sure this matches
## https://bitbucket.org/AliasWebServices/noc/src
## what what's in ops/provision/cloud.
## Better document difference, one settled #TODO
(cat <<- __END_EMBEDDED_FILE__
## Written at first boot time via Vagrantfile
fileserver_backend:
- roots
- git
gitfs_provider: pygit2
gitfs_base: master
gitfs_env_whitelist:
- base
gitfs_privkey: /vagrant/.ssh/id_rsa
gitfs_pubkey: /vagrant/.ssh/id_rsa.pub
gitfs_remotes:
## Want to use NOC workspace already cloned in your workstation
## Adjust lines below;
#- renoirb@workstation:/Users/renoirb/workspaces/betastream/noc/ops/configuration/states
#- renoirb@workstation:/Users/renoirb/workspaces/betastream/noc/ops/configuration/formulas/basesystem
- git@bitbucket.org:AliasWebServices/salt-states.git
- https://github.com/renoirb/salt-basesystem
git_pillar_provider: pygit2
ext_pillar:
- git:
## Want to use NOC workspace already cloned in your workstation
## Adjust and replace line below;
#- master renoirb@workstation:/Users/renoirb/workspaces/betastream/noc/ops/configuration/pillars:
- master git@bitbucket.org:AliasWebServices/pillars.git:
- privkey: /vagrant/.ssh/id_rsa
- pubkey: /vagrant/.ssh/id_rsa.pub
- cmd_yaml: cat /vagrant/provision/pillar.yml
__END_EMBEDDED_FILE__
) > /etc/salt/minion.d/fileserver.conf
## What's between __END_EMBEDDED_FILE__ MUST be at column 0
(cat <<- __END_EMBEDDED_FILE__
## Written at first boot time via Vagrantfile
file_client: local
__END_EMBEDDED_FILE__
) > /etc/salt/minion.d/standalone.conf
## What's between __END_EMBEDDED_FILE__ MUST be at column 0
if [[ ! -f /vagrant/provision/pillar.yml ]]; then
echo 'Making sure we have a /vagrant/provision/pillar.yml'
mkdir -p /vagrant/provision
(cat <<- __END_EMBEDDED_FILE__
## This file won't be commited to source-control.
## Sample #TODO
#projects:
# simplesamlphp:
# origin: https://github.com/simplesamlphp/simplesamlphp.git
# public_docroot: www
# dependencies:
# apt:
# - php5-mcrypt
__END_EMBEDDED_FILE__
) > /vagrant/provision/pillar.yml
## What's between __END_EMBEDDED_FILE__ MUST be at column 0
fi
## Set a way here to run package upgrade once a week #TODO
echo 'We will be upgrading packages'
apt-get update &&\
apt-get -y upgrade &&\
apt-get -y dist-upgrade
service salt-minion restart
echo 'Running highstate, this may take a while.'
salt-call state.highstate -l info
if [[ -f /usr/bin/salt-call ]]; then
salt-call --local --log-level=quiet --no-color grains.get ip4_interfaces:eth1 --output=json | python -c 'import sys,json; print json.load(sys.stdin)["local"][0]' > /vagrant/.ip
IP=`cat /vagrant/.ip`
echo "Here is the VM IP address: $IP"
echo "Point your browser at http://$IP/adminer to manage your local databases"
fi
SHELL
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment