From a69f811ebbdcee047cad2d2bbcd4f5a1fbd1f078 Mon Sep 17 00:00:00 2001
From: Richard Ipsum <richard.ipsum@codethink.co.uk>
Date: Mon, 16 Dec 2013 14:27:40 +0000
Subject: Add trove

---
 nfsboot-server.configure  |  44 ++++++++++++
 trove-backup.configure    |  55 +++++++++++++++
 trove-system-x86_64.morph |  32 +++++++++
 trove.configure           | 168 ++++++++++++++++++++++++++++++++++++++++++++
 trove.morph               | 175 ++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 474 insertions(+)
 create mode 100755 nfsboot-server.configure
 create mode 100755 trove-backup.configure
 create mode 100644 trove-system-x86_64.morph
 create mode 100755 trove.configure
 create mode 100644 trove.morph

diff --git a/nfsboot-server.configure b/nfsboot-server.configure
new file mode 100755
index 00000000..9779c053
--- /dev/null
+++ b/nfsboot-server.configure
@@ -0,0 +1,44 @@
+#!/bin/sh
+#
+# Copyright (C) 2013  Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#
+# This is a "morph deploy" configuration extension to set up a server for
+# booting over nfs and tftp.
+set -e
+
+ROOT="$1"
+
+##########################################################################
+
+chroot "$ROOT" systemctl enable nfs-server.service
+
+mkdir -p "$ROOT/srv/nfsboot/tftp" "$ROOT/srv/nfsboot/nfs"
+
+cat >"$ROOT/usr/lib/systemd/system/nfsboot-tftp.service" <<EOF
+[Unit]
+Description=tftp service for booting kernels
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/udpsvd -E 0 69 /usr/sbin/tftpd /srv/nfsboot/tftp/
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+chroot "$ROOT" systemctl enable nfsboot-tftp.service
diff --git a/trove-backup.configure b/trove-backup.configure
new file mode 100755
index 00000000..59d90728
--- /dev/null
+++ b/trove-backup.configure
@@ -0,0 +1,55 @@
+#!/bin/sh
+#
+# Copyright (C) 2013  Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+#
+# This is a "morph deploy" configuration extension to set up the Trove with a
+# backup user that can be accessed with rsync.
+# It takes one environment variable:
+#
+# TROVE_BACKUP_KEYS - a space-separated list of paths to SSH keys.
+
+set -e
+
+ROOT="$1"
+BACKUP_HOME=/root/backup-user-home
+
+##########################################################################
+
+if [ -n "$TROVE_BACKUP_KEYS" ]; then
+	cat >"$1/etc/rsyncd.conf" <<EOF
+numeric ids = yes
+uid = 0
+gid = 0
+read only = yes
+
+[etc]
+path = /etc
+comment = System configuration
+
+[home]
+path = /home
+comment = Home directories
+EOF
+
+	echo "backup:x:0:0::$BACKUP_HOME:/bin/sh" >>"$1/etc/passwd"
+	mkdir -p "$1/$BACKUP_HOME/.ssh"
+
+	touch "$1/$BACKUP_HOME/.ssh/authorized_keys"
+	for key in $TROVE_BACKUP_KEYS; do
+		cat "$key" >> "$1/$BACKUP_HOME/.ssh/authorized_keys"
+	done
+fi
diff --git a/trove-system-x86_64.morph b/trove-system-x86_64.morph
new file mode 100644
index 00000000..664b21f2
--- /dev/null
+++ b/trove-system-x86_64.morph
@@ -0,0 +1,32 @@
+arch: x86_64
+configuration-extensions:
+- trove
+- nfsboot-server
+- trove-backup
+- fstab
+- simple-network
+description: Trove server
+kind: system
+name: trove-system-x86_64
+strata:
+- morph: build-essential
+  ref: master
+  repo: baserock:baserock/morphs
+- morph: bsp-x86_64-generic
+  ref: master
+  repo: baserock:baserock/morphs
+- morph: foundation
+  ref: master
+  repo: baserock:baserock/morphs
+- morph: core
+  ref: master
+  repo: baserock:baserock/morphs
+- morph: tools
+  ref: master
+  repo: baserock:baserock/morphs
+- morph: trove
+  ref: master
+  repo: baserock:baserock/morphs
+- morph: nfs
+  ref: master
+  repo: baserock:baserock/morphs
diff --git a/trove.configure b/trove.configure
new file mode 100755
index 00000000..b2f21ffb
--- /dev/null
+++ b/trove.configure
@@ -0,0 +1,168 @@
+#!/bin/sh
+#
+# Copyright (C) 2013  Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# This is a "morph deploy" configuration extension to fully configure
+# a Trove instance at deployment time. It uses the following variables
+# from the environment (see MUSTARD for a description of them):
+#
+#   * TROVE_ID
+#   * TROVE_COMPANY
+#   * LORRY_SSH_KEY
+#   * UPSTREAM_TROVE
+#   * UPSTREAM_TROVE_USER
+#   * UPSTREAM_TROVE_EMAIL
+#   * TROVE_ADMIN_USER
+#   * TROVE_ADMIN_EMAIL
+#   * TROVE_ADMIN_NAME
+#   * TROVE_ADMIN_SSH_PUBKEY
+#
+# The configuration of a Trove is slightly tricky: part of it has to
+# be run on the configured system after it has booted. We accomplish
+# this by copying in all the relevant data to the target system
+# (in /var/lib/trove-setup), and creating a systemd unit file that
+# runs on the first boot. The first boot will be detected by the
+# existence of the /var/lib/trove-setup/needed file.
+
+set -e
+
+ROOT="$1"
+
+##########################################################################
+
+lua_escape()
+{
+    echo -n "$1" | perl -pe 's/([-+\(\).%*?^$\[\]])/%$1/g'
+}
+
+echo "Create /etc/trove-setup.sed for trove-early-setup"
+cat <<EOF > "$ROOT/etc/trove-setup.sed"
+s/##TROVE_HOSTNAME##/$TROVE_ID/
+s/##MASON_HOST##/$MASON_ID/
+s/##MASON_PORT##/18755/
+s/##TROVE_TITLE##/$TROVE_ID/
+s/##TROVE_COMPANY##/$TROVE_COMPANY/
+s/##TROVE_LOG_PREFIX##/$TROVE_ID/
+s/##ESC_PERSONAL_PREFIX##/people/
+s/##PREFIX##/$TROVE_ID/
+## The same prefix as above, only lua-pattern-escaped
+s/##ESC_PREFIX##/$(lua_escape "$TROVE_ID")/
+EOF
+
+##########################################################################
+
+echo "Set hostname to $TROVE_ID"
+echo "$TROVE_ID" > "$ROOT/etc/hostname"
+
+# trove-early-setup needs "localhost" to be defined, and there's no
+# guarantee it's going to be in DNS, or that external networking is
+# up when trove-early-setup runs. We work around this by creating
+# /etc/hosts with the right line.
+echo "Add localhost to /etc/hosts"
+cat <<EOF >> "$ROOT/etc/hosts"
+127.0.0.1 localhost
+EOF
+
+##########################################################################
+
+echo "Create /var/lib/trove-setup"
+install -d -o 0 -g 0 -m 0755 "$ROOT/var/lib/trove-setup"
+touch "$ROOT/var/lib/trove-setup/needed"
+chown 0:0 "$ROOT/var/lib/trove-setup/needed"
+chmod 0600 "$ROOT/var/lib/trove-setup/needed"
+
+##########################################################################
+
+# Put the lorry ssh keys onto the system. The trove-early-setup unit will
+# put them into the right place for the lorry user upon first boot.
+# We can't do that right now, because the lorry user won't exist until
+# trove-early-setup has run.
+echo "Copy Lorry ssh key to system"
+install -m 0600 "$LORRY_SSH_KEY" "$ROOT/var/lib/trove-setup/lorry.key"
+install -m 0644 "${LORRY_SSH_KEY}.pub" \
+    "$ROOT/var/lib/trove-setup/lorry.key.pub"
+
+##########################################################################
+
+echo "Copy admin's ssh public key to system"
+install -m 0644 "$TROVE_ADMIN_SSH_PUBKEY" \
+    "$ROOT/var/lib/trove-setup/admin.key.pub"
+
+##########################################################################
+
+echo "Copy worker's ssh public key to system"
+install -m 0644 "$WORKER_SSH_PUBKEY" \
+    "$ROOT/var/lib/trove-setup/worker.key.pub"
+
+##########################################################################
+
+echo "Copy mason's ssh public key to system"
+install -m 0644 "$MASON_SSH_PUBKEY" \
+    "$ROOT/var/lib/trove-setup/mason.key.pub"
+
+##########################################################################
+
+if [ "x$MASON_DEFAULT_CI_HOSTS_FILE" = x ]; then
+    echo "No default Mason hosts provided, using '[]'"
+    printf '[\n]\n' >"$ROOT/var/lib/trove-setup/hosts.json.txt"
+else
+    echo "Copy default Mason host configuration to the System"
+    install -m 0644 "$MASON_DEFAULT_CI_HOSTS_FILE" \
+        "$ROOT/var/lib/trove-setup/hosts.json.txt"
+fi
+
+if [ "x$MASON_DEFAULT_CI_SYSTEMS_FILE" = x ]; then
+    echo "No default Mason systems provided, using '[]'"
+    printf '[\n]\n' >"$ROOT/var/lib/trove-setup/systems.json.txt"
+else
+    echo "Copy default Mason system configuration to the System"
+    install -m 0644 "$MASON_DEFAULT_CI_SYSTEMS_FILE" \
+        "$ROOT/var/lib/trove-setup/systems.json.txt"
+fi
+
+##########################################################################
+
+echo "Create trove-early-setup unit file"
+cat <<EOF > "$ROOT/var/lib/trove-setup/trove-early-setup.service"
+[Unit]
+Description=Run trove-early-setup (once)
+Requires=network.target
+After=network.target
+Requires=opensshd.service
+After=opensshd.service
+ConditionPathExists=/var/lib/trove-setup/needed
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c 'ssh-keyscan localhost $UPSTREAM_TROVE> /etc/ssh/ssh_known_hosts'
+ExecStart=/usr/bin/trove-early-setup
+ExecStart=/usr/bin/install -m 0600 -o lorry -g lorry /var/lib/trove-setup/lorry.key /home/lorry/.ssh/id_rsa
+ExecStart=/usr/bin/install -m 0644 -o lorry -g lorry /var/lib/trove-setup/lorry.key.pub /home/lorry/.ssh/id_rsa.pub
+ExecStart=/bin/su git -c 'ssh git@localhost as lorry sshkey add configured < /var/lib/trove-setup/lorry.key.pub'
+ExecStart=/bin/su git -c 'ssh git@localhost user add $TROVE_ADMIN_USER $TROVE_ADMIN_EMAIL $TROVE_ADMIN_NAME'
+ExecStart=/bin/su git -c 'ssh git@localhost group adduser trove-admin $TROVE_ADMIN_USER'
+ExecStart=/bin/su git -c 'ssh git@localhost as $TROVE_ADMIN_USER sshkey add default < /var/lib/trove-setup/admin.key.pub'
+ExecStart=/bin/su git -c 'ssh git@localhost as distbuild sshkey add default < /var/lib/trove-setup/worker.key.pub'
+ExecStart=/bin/su git -c 'ssh git@localhost as mason  sshkey add default < /var/lib/trove-setup/mason.key.pub'
+ExecStart=/bin/mkdir -p /var/run/lighttpd/
+ExecStart=/bin/chown cache:cache /var/run/lighttpd/
+ExecStart=/bin/rm /var/lib/trove-setup/needed
+ExecStart=/sbin/reboot
+Restart=no
+EOF
+
+ln -s "/var/lib/trove-setup/trove-early-setup.service" \
+  "$ROOT/etc/systemd/system/multi-user.target.wants/trove-early-setup.service"
diff --git a/trove.morph b/trove.morph
new file mode 100644
index 00000000..9304816b
--- /dev/null
+++ b/trove.morph
@@ -0,0 +1,175 @@
+name: trove
+description: Trove software
+kind: stratum
+build-depends:
+- repo: baserock:baserock/morphs
+  ref: master
+  morph: tools
+chunks:
+- name: bottle
+  repo: upstream:bottle
+  ref: baserock/morph
+  build-depends: []
+- name: morph-cache-server
+  repo: baserock:baserock/morph-cache-server
+  ref: master
+  build-depends: []
+- name: lua
+  repo: upstream:lua
+  ref: baserock/5.1-morph
+  build-depends: []
+- name: lace
+  repo: upstream:gitano/lace
+  ref: baserock/morph
+  build-depends:
+  - lua
+- name: luxio
+  repo: upstream:luxio
+  ref: baserock/morph
+  build-depends:
+  - lua
+- name: supple
+  repo: upstream:gitano/supple
+  ref: baserock/morph
+  build-depends:
+  - lua
+  - luxio
+- name: clod
+  repo: upstream:gitano/clod
+  ref: baserock/morph
+  build-depends:
+  - lua
+- name: gall
+  repo: upstream:gitano/gall
+  ref: baserock/morph
+  build-depends:
+  - lua
+  - luxio
+- name: pcre
+  repo: upstream:pcre
+  ref: baserock/morph
+  build-depends: []
+- name: lrexlib-pcre
+  repo: upstream:lrexlib
+  ref: baserock/morph
+  build-depends:
+  - pcre
+  - lua
+- name: gitano
+  repo: upstream:gitano/gitano
+  ref: baserock/morph
+  build-depends:
+  - lua
+- name: cgit
+  repo: upstream:cgit
+  ref: baserock/morph
+  build-depends: []
+- name: bzr-tarball
+  repo: upstream:bzr-tarball
+  ref: baserock/morph
+  build-depends: []
+- name: python-fastimport
+  repo: upstream:python-fastimport
+  ref: baserock/morph
+  build-depends: []
+- name: bzr-fastimport
+  repo: upstream:bzr-fastimport
+  ref: baserock/morph
+  build-depends:
+  - bzr-tarball
+  - python-fastimport
+- name: cvs-tarball
+  repo: upstream:cvs-tarball
+  ref: baserock/morph
+  build-depends: []
+- name: libapr-tarball
+  repo: upstream:libapr-tarball
+  ref: baserock/morph
+  build-depends: []
+- name: libapr-util-tarball
+  repo: upstream:libapr-util-tarball
+  ref: baserock/morph
+  build-depends:
+  - libapr-tarball
+- name: sqlite3
+  repo: upstream:sqlite3
+  ref: baserock/morph
+  build-depends: []
+- name: perl-dbi-tarball
+  repo: upstream:perl-dbi-tarball
+  ref: baserock/morph
+  build-depends: []
+- name: perl-dbd-sqlite-tarball
+  repo: upstream:perl-dbd-sqlite-tarball
+  ref: baserock/morph
+  build-depends:
+  - perl-dbi-tarball
+  - sqlite3
+- name: libserf-tarball
+  repo: upstream:libserf-tarball
+  ref: baserock/morph
+  build-depends:
+  - libapr-tarball
+  - libapr-util-tarball
+- name: swig-tarball
+  repo: upstream:swig-tarball
+  ref: baserock/morph
+  build-depends: []
+- name: neon
+  repo: upstream:neon
+  ref: baserock/morph
+  build-depends: []
+- name: subversion-tarball
+  repo: upstream:subversion-tarball
+  ref: baserock/morph
+  build-depends:
+  - swig-tarball
+  - libapr-tarball
+  - libapr-util-tarball
+  - libserf-tarball
+  - sqlite3
+  - neon
+- name: mercurial-tarball
+  repo: upstream:mercurial-tarball
+  ref: baserock/morph
+  build-depends: []
+- name: hg-fast-export
+  repo: upstream:hg-fast-export
+  ref: baserock/morph
+  build-depends:
+  - mercurial-tarball
+- name: cvsps
+  repo: upstream:cvsps
+  ref: baserock/morph
+  build-depends: []
+- name: lorry
+  repo: baserock:baserock/lorry
+  ref: master
+  build-depends:
+  - bzr-tarball
+  - python-fastimport
+  - bzr-fastimport
+  - perl-dbi-tarball
+  - perl-dbd-sqlite-tarball
+  - cvs-tarball
+  - cvsps
+  - subversion-tarball
+  - mercurial-tarball
+  - hg-fast-export
+- name: trove-setup
+  repo: baserock:baserock/trove-setup
+  ref: master
+  build-depends: []
+- name: lorry-controller
+  repo: baserock:baserock/lorry-controller
+  ref: master
+  build-depends: []
+- name: lighttpd
+  repo: upstream:lighttpd
+  ref: baserock/morph
+  build-depends:
+  - pcre
+- name: flup
+  repo: upstream:flup
+  ref: baserock/morph
+  build-depends: []
-- 
cgit v1.2.1