summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Ipsum <richard.ipsum@codethink.co.uk>2013-12-16 14:27:40 +0000
committerRichard Ipsum <richard.ipsum@codethink.co.uk>2013-12-17 15:56:55 +0000
commita69f811ebbdcee047cad2d2bbcd4f5a1fbd1f078 (patch)
tree11a570b7b1ce6b60620e60a2bb23dbba41bd7ab5
parent2e8685ed6fc35bf62569b514929388f7df189055 (diff)
downloaddefinitions-a69f811ebbdcee047cad2d2bbcd4f5a1fbd1f078.tar.gz
Add trove
-rwxr-xr-xnfsboot-server.configure44
-rwxr-xr-xtrove-backup.configure55
-rw-r--r--trove-system-x86_64.morph32
-rwxr-xr-xtrove.configure168
-rw-r--r--trove.morph175
5 files changed, 474 insertions, 0 deletions
diff --git a/nfsboot-server.configure b/nfsboot-server.configure
new file mode 100755
index 00000000..9779c053
--- /dev/null
+++ b/nfsboot-server.configure
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# Copyright (C) 2013 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#
+# This is a "morph deploy" configuration extension to set up a server for
+# booting over nfs and tftp.
+set -e
+
+ROOT="$1"
+
+##########################################################################
+
+chroot "$ROOT" systemctl enable nfs-server.service
+
+mkdir -p "$ROOT/srv/nfsboot/tftp" "$ROOT/srv/nfsboot/nfs"
+
+cat >"$ROOT/usr/lib/systemd/system/nfsboot-tftp.service" <<EOF
+[Unit]
+Description=tftp service for booting kernels
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/udpsvd -E 0 69 /usr/sbin/tftpd /srv/nfsboot/tftp/
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+chroot "$ROOT" systemctl enable nfsboot-tftp.service
diff --git a/trove-backup.configure b/trove-backup.configure
new file mode 100755
index 00000000..59d90728
--- /dev/null
+++ b/trove-backup.configure
@@ -0,0 +1,55 @@
+#!/bin/sh
+#
+# Copyright (C) 2013 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#
+# This is a "morph deploy" configuration extension to set up the Trove with a
+# backup user that can be accessed with rsync.
+# It takes one environment variable:
+#
+# TROVE_BACKUP_KEYS - a space-separated list of paths to SSH keys.
+
+set -e
+
+ROOT="$1"
+BACKUP_HOME=/root/backup-user-home
+
+##########################################################################
+
+if [ -n "$TROVE_BACKUP_KEYS" ]; then
+ cat >"$1/etc/rsyncd.conf" <<EOF
+numeric ids = yes
+uid = 0
+gid = 0
+read only = yes
+
+[etc]
+path = /etc
+comment = System configuration
+
+[home]
+path = /home
+comment = Home directories
+EOF
+
+ echo "backup:x:0:0::$BACKUP_HOME:/bin/sh" >>"$1/etc/passwd"
+ mkdir -p "$1/$BACKUP_HOME/.ssh"
+
+ touch "$1/$BACKUP_HOME/.ssh/authorized_keys"
+ for key in $TROVE_BACKUP_KEYS; do
+ cat "$key" >> "$1/$BACKUP_HOME/.ssh/authorized_keys"
+ done
+fi
diff --git a/trove-system-x86_64.morph b/trove-system-x86_64.morph
new file mode 100644
index 00000000..664b21f2
--- /dev/null
+++ b/trove-system-x86_64.morph
@@ -0,0 +1,32 @@
+arch: x86_64
+configuration-extensions:
+- trove
+- nfsboot-server
+- trove-backup
+- fstab
+- simple-network
+description: Trove server
+kind: system
+name: trove-system-x86_64
+strata:
+- morph: build-essential
+ ref: master
+ repo: baserock:baserock/morphs
+- morph: bsp-x86_64-generic
+ ref: master
+ repo: baserock:baserock/morphs
+- morph: foundation
+ ref: master
+ repo: baserock:baserock/morphs
+- morph: core
+ ref: master
+ repo: baserock:baserock/morphs
+- morph: tools
+ ref: master
+ repo: baserock:baserock/morphs
+- morph: trove
+ ref: master
+ repo: baserock:baserock/morphs
+- morph: nfs
+ ref: master
+ repo: baserock:baserock/morphs
diff --git a/trove.configure b/trove.configure
new file mode 100755
index 00000000..b2f21ffb
--- /dev/null
+++ b/trove.configure
@@ -0,0 +1,168 @@
+#!/bin/sh
+#
+# Copyright (C) 2013 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# This is a "morph deploy" configuration extension to fully configure
+# a Trove instance at deployment time. It uses the following variables
+# from the environment (see MUSTARD for a description of them):
+#
+# * TROVE_ID
+# * TROVE_COMPANY
+# * LORRY_SSH_KEY
+# * UPSTREAM_TROVE
+# * UPSTREAM_TROVE_USER
+# * UPSTREAM_TROVE_EMAIL
+# * TROVE_ADMIN_USER
+# * TROVE_ADMIN_EMAIL
+# * TROVE_ADMIN_NAME
+# * TROVE_ADMIN_SSH_PUBKEY
+#
+# The configuration of a Trove is slightly tricky: part of it has to
+# be run on the configured system after it has booted. We accomplish
+# this by copying in all the relevant data to the target system
+# (in /var/lib/trove-setup), and creating a systemd unit file that
+# runs on the first boot. The first boot will be detected by the
+# existence of the /var/lib/trove-setup/needed file.
+
+set -e
+
+ROOT="$1"
+
+##########################################################################
+
+lua_escape()
+{
+ echo -n "$1" | perl -pe 's/([-+\(\).%*?^$\[\]])/%$1/g'
+}
+
+echo "Create /etc/trove-setup.sed for trove-early-setup"
+cat <<EOF > "$ROOT/etc/trove-setup.sed"
+s/##TROVE_HOSTNAME##/$TROVE_ID/
+s/##MASON_HOST##/$MASON_ID/
+s/##MASON_PORT##/18755/
+s/##TROVE_TITLE##/$TROVE_ID/
+s/##TROVE_COMPANY##/$TROVE_COMPANY/
+s/##TROVE_LOG_PREFIX##/$TROVE_ID/
+s/##ESC_PERSONAL_PREFIX##/people/
+s/##PREFIX##/$TROVE_ID/
+## The same prefix as above, only lua-pattern-escaped
+s/##ESC_PREFIX##/$(lua_escape "$TROVE_ID")/
+EOF
+
+##########################################################################
+
+echo "Set hostname to $TROVE_ID"
+echo "$TROVE_ID" > "$ROOT/etc/hostname"
+
+# trove-early-setup needs "localhost" to be defined, and there's no
+# guarantee it's going to be in DNS, or that external networking is
+# up when trove-early-setup runs. We work around this by creating
+# /etc/hosts with the right line.
+echo "Add localhost to /etc/hosts"
+cat <<EOF >> "$ROOT/etc/hosts"
+127.0.0.1 localhost
+EOF
+
+##########################################################################
+
+echo "Create /var/lib/trove-setup"
+install -d -o 0 -g 0 -m 0755 "$ROOT/var/lib/trove-setup"
+touch "$ROOT/var/lib/trove-setup/needed"
+chown 0:0 "$ROOT/var/lib/trove-setup/needed"
+chmod 0600 "$ROOT/var/lib/trove-setup/needed"
+
+##########################################################################
+
+# Put the lorry ssh keys onto the system. The trove-early-setup unit will
+# put them into the right place for the lorry user upon first boot.
+# We can't do that right now, because the lorry user won't exist until
+# trove-early-setup has run.
+echo "Copy Lorry ssh key to system"
+install -m 0600 "$LORRY_SSH_KEY" "$ROOT/var/lib/trove-setup/lorry.key"
+install -m 0644 "${LORRY_SSH_KEY}.pub" \
+ "$ROOT/var/lib/trove-setup/lorry.key.pub"
+
+##########################################################################
+
+echo "Copy admin's ssh public key to system"
+install -m 0644 "$TROVE_ADMIN_SSH_PUBKEY" \
+ "$ROOT/var/lib/trove-setup/admin.key.pub"
+
+##########################################################################
+
+echo "Copy worker's ssh public key to system"
+install -m 0644 "$WORKER_SSH_PUBKEY" \
+ "$ROOT/var/lib/trove-setup/worker.key.pub"
+
+##########################################################################
+
+echo "Copy mason's ssh public key to system"
+install -m 0644 "$MASON_SSH_PUBKEY" \
+ "$ROOT/var/lib/trove-setup/mason.key.pub"
+
+##########################################################################
+
+if [ "x$MASON_DEFAULT_CI_HOSTS_FILE" = x ]; then
+ echo "No default Mason hosts provided, using '[]'"
+ printf '[\n]\n' >"$ROOT/var/lib/trove-setup/hosts.json.txt"
+else
+ echo "Copy default Mason host configuration to the System"
+ install -m 0644 "$MASON_DEFAULT_CI_HOSTS_FILE" \
+ "$ROOT/var/lib/trove-setup/hosts.json.txt"
+fi
+
+if [ "x$MASON_DEFAULT_CI_SYSTEMS_FILE" = x ]; then
+ echo "No default Mason systems provided, using '[]'"
+ printf '[\n]\n' >"$ROOT/var/lib/trove-setup/systems.json.txt"
+else
+ echo "Copy default Mason system configuration to the System"
+ install -m 0644 "$MASON_DEFAULT_CI_SYSTEMS_FILE" \
+ "$ROOT/var/lib/trove-setup/systems.json.txt"
+fi
+
+##########################################################################
+
+echo "Create trove-early-setup unit file"
+cat <<EOF > "$ROOT/var/lib/trove-setup/trove-early-setup.service"
+[Unit]
+Description=Run trove-early-setup (once)
+Requires=network.target
+After=network.target
+Requires=opensshd.service
+After=opensshd.service
+ConditionPathExists=/var/lib/trove-setup/needed
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c 'ssh-keyscan localhost $UPSTREAM_TROVE> /etc/ssh/ssh_known_hosts'
+ExecStart=/usr/bin/trove-early-setup
+ExecStart=/usr/bin/install -m 0600 -o lorry -g lorry /var/lib/trove-setup/lorry.key /home/lorry/.ssh/id_rsa
+ExecStart=/usr/bin/install -m 0644 -o lorry -g lorry /var/lib/trove-setup/lorry.key.pub /home/lorry/.ssh/id_rsa.pub
+ExecStart=/bin/su git -c 'ssh git@localhost as lorry sshkey add configured < /var/lib/trove-setup/lorry.key.pub'
+ExecStart=/bin/su git -c 'ssh git@localhost user add $TROVE_ADMIN_USER $TROVE_ADMIN_EMAIL $TROVE_ADMIN_NAME'
+ExecStart=/bin/su git -c 'ssh git@localhost group adduser trove-admin $TROVE_ADMIN_USER'
+ExecStart=/bin/su git -c 'ssh git@localhost as $TROVE_ADMIN_USER sshkey add default < /var/lib/trove-setup/admin.key.pub'
+ExecStart=/bin/su git -c 'ssh git@localhost as distbuild sshkey add default < /var/lib/trove-setup/worker.key.pub'
+ExecStart=/bin/su git -c 'ssh git@localhost as mason sshkey add default < /var/lib/trove-setup/mason.key.pub'
+ExecStart=/bin/mkdir -p /var/run/lighttpd/
+ExecStart=/bin/chown cache:cache /var/run/lighttpd/
+ExecStart=/bin/rm /var/lib/trove-setup/needed
+ExecStart=/sbin/reboot
+Restart=no
+EOF
+
+ln -s "/var/lib/trove-setup/trove-early-setup.service" \
+ "$ROOT/etc/systemd/system/multi-user.target.wants/trove-early-setup.service"
diff --git a/trove.morph b/trove.morph
new file mode 100644
index 00000000..9304816b
--- /dev/null
+++ b/trove.morph
@@ -0,0 +1,175 @@
+name: trove
+description: Trove software
+kind: stratum
+build-depends:
+- repo: baserock:baserock/morphs
+ ref: master
+ morph: tools
+chunks:
+- name: bottle
+ repo: upstream:bottle
+ ref: baserock/morph
+ build-depends: []
+- name: morph-cache-server
+ repo: baserock:baserock/morph-cache-server
+ ref: master
+ build-depends: []
+- name: lua
+ repo: upstream:lua
+ ref: baserock/5.1-morph
+ build-depends: []
+- name: lace
+ repo: upstream:gitano/lace
+ ref: baserock/morph
+ build-depends:
+ - lua
+- name: luxio
+ repo: upstream:luxio
+ ref: baserock/morph
+ build-depends:
+ - lua
+- name: supple
+ repo: upstream:gitano/supple
+ ref: baserock/morph
+ build-depends:
+ - lua
+ - luxio
+- name: clod
+ repo: upstream:gitano/clod
+ ref: baserock/morph
+ build-depends:
+ - lua
+- name: gall
+ repo: upstream:gitano/gall
+ ref: baserock/morph
+ build-depends:
+ - lua
+ - luxio
+- name: pcre
+ repo: upstream:pcre
+ ref: baserock/morph
+ build-depends: []
+- name: lrexlib-pcre
+ repo: upstream:lrexlib
+ ref: baserock/morph
+ build-depends:
+ - pcre
+ - lua
+- name: gitano
+ repo: upstream:gitano/gitano
+ ref: baserock/morph
+ build-depends:
+ - lua
+- name: cgit
+ repo: upstream:cgit
+ ref: baserock/morph
+ build-depends: []
+- name: bzr-tarball
+ repo: upstream:bzr-tarball
+ ref: baserock/morph
+ build-depends: []
+- name: python-fastimport
+ repo: upstream:python-fastimport
+ ref: baserock/morph
+ build-depends: []
+- name: bzr-fastimport
+ repo: upstream:bzr-fastimport
+ ref: baserock/morph
+ build-depends:
+ - bzr-tarball
+ - python-fastimport
+- name: cvs-tarball
+ repo: upstream:cvs-tarball
+ ref: baserock/morph
+ build-depends: []
+- name: libapr-tarball
+ repo: upstream:libapr-tarball
+ ref: baserock/morph
+ build-depends: []
+- name: libapr-util-tarball
+ repo: upstream:libapr-util-tarball
+ ref: baserock/morph
+ build-depends:
+ - libapr-tarball
+- name: sqlite3
+ repo: upstream:sqlite3
+ ref: baserock/morph
+ build-depends: []
+- name: perl-dbi-tarball
+ repo: upstream:perl-dbi-tarball
+ ref: baserock/morph
+ build-depends: []
+- name: perl-dbd-sqlite-tarball
+ repo: upstream:perl-dbd-sqlite-tarball
+ ref: baserock/morph
+ build-depends:
+ - perl-dbi-tarball
+ - sqlite3
+- name: libserf-tarball
+ repo: upstream:libserf-tarball
+ ref: baserock/morph
+ build-depends:
+ - libapr-tarball
+ - libapr-util-tarball
+- name: swig-tarball
+ repo: upstream:swig-tarball
+ ref: baserock/morph
+ build-depends: []
+- name: neon
+ repo: upstream:neon
+ ref: baserock/morph
+ build-depends: []
+- name: subversion-tarball
+ repo: upstream:subversion-tarball
+ ref: baserock/morph
+ build-depends:
+ - swig-tarball
+ - libapr-tarball
+ - libapr-util-tarball
+ - libserf-tarball
+ - sqlite3
+ - neon
+- name: mercurial-tarball
+ repo: upstream:mercurial-tarball
+ ref: baserock/morph
+ build-depends: []
+- name: hg-fast-export
+ repo: upstream:hg-fast-export
+ ref: baserock/morph
+ build-depends:
+ - mercurial-tarball
+- name: cvsps
+ repo: upstream:cvsps
+ ref: baserock/morph
+ build-depends: []
+- name: lorry
+ repo: baserock:baserock/lorry
+ ref: master
+ build-depends:
+ - bzr-tarball
+ - python-fastimport
+ - bzr-fastimport
+ - perl-dbi-tarball
+ - perl-dbd-sqlite-tarball
+ - cvs-tarball
+ - cvsps
+ - subversion-tarball
+ - mercurial-tarball
+ - hg-fast-export
+- name: trove-setup
+ repo: baserock:baserock/trove-setup
+ ref: master
+ build-depends: []
+- name: lorry-controller
+ repo: baserock:baserock/lorry-controller
+ ref: master
+ build-depends: []
+- name: lighttpd
+ repo: upstream:lighttpd
+ ref: baserock/morph
+ build-depends:
+ - pcre
+- name: flup
+ repo: upstream:flup
+ ref: baserock/morph
+ build-depends: []