summaryrefslogtreecommitdiff
path: root/trove.configure
diff options
context:
space:
mode:
authorRichard Ipsum <richard.ipsum@codethink.co.uk>2013-12-17 16:19:55 +0000
committerRichard Ipsum <richard.ipsum@codethink.co.uk>2013-12-17 16:19:55 +0000
commit4ca0acbf07873bc12d840f8cc1b716a2b21e6ec4 (patch)
tree1649ddb11fe4bd6efdfdeb3b5a505d670dca0ef9 /trove.configure
parent0dc41c0704463bcce5a74ebf0483f87ba9a73657 (diff)
parenta69f811ebbdcee047cad2d2bbcd4f5a1fbd1f078 (diff)
downloadmorphs-4ca0acbf07873bc12d840f8cc1b716a2b21e6ec4.tar.gz
Merge branch 'richardipsum/trove'
Reviewed-by: Ben Brown Daniel Silverstone
Diffstat (limited to 'trove.configure')
-rwxr-xr-xtrove.configure168
1 files changed, 168 insertions, 0 deletions
diff --git a/trove.configure b/trove.configure
new file mode 100755
index 0000000..b2f21ff
--- /dev/null
+++ b/trove.configure
@@ -0,0 +1,168 @@
+#!/bin/sh
+#
+# Copyright (C) 2013 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# This is a "morph deploy" configuration extension to fully configure
+# a Trove instance at deployment time. It uses the following variables
+# from the environment (see MUSTARD for a description of them):
+#
+# * TROVE_ID
+# * TROVE_COMPANY
+# * LORRY_SSH_KEY
+# * UPSTREAM_TROVE
+# * UPSTREAM_TROVE_USER
+# * UPSTREAM_TROVE_EMAIL
+# * TROVE_ADMIN_USER
+# * TROVE_ADMIN_EMAIL
+# * TROVE_ADMIN_NAME
+# * TROVE_ADMIN_SSH_PUBKEY
+#
+# The configuration of a Trove is slightly tricky: part of it has to
+# be run on the configured system after it has booted. We accomplish
+# this by copying in all the relevant data to the target system
+# (in /var/lib/trove-setup), and creating a systemd unit file that
+# runs on the first boot. The first boot will be detected by the
+# existence of the /var/lib/trove-setup/needed file.
+
+set -e
+
+ROOT="$1"
+
+##########################################################################
+
+lua_escape()
+{
+ echo -n "$1" | perl -pe 's/([-+\(\).%*?^$\[\]])/%$1/g'
+}
+
+echo "Create /etc/trove-setup.sed for trove-early-setup"
+cat <<EOF > "$ROOT/etc/trove-setup.sed"
+s/##TROVE_HOSTNAME##/$TROVE_ID/
+s/##MASON_HOST##/$MASON_ID/
+s/##MASON_PORT##/18755/
+s/##TROVE_TITLE##/$TROVE_ID/
+s/##TROVE_COMPANY##/$TROVE_COMPANY/
+s/##TROVE_LOG_PREFIX##/$TROVE_ID/
+s/##ESC_PERSONAL_PREFIX##/people/
+s/##PREFIX##/$TROVE_ID/
+## The same prefix as above, only lua-pattern-escaped
+s/##ESC_PREFIX##/$(lua_escape "$TROVE_ID")/
+EOF
+
+##########################################################################
+
+echo "Set hostname to $TROVE_ID"
+echo "$TROVE_ID" > "$ROOT/etc/hostname"
+
+# trove-early-setup needs "localhost" to be defined, and there's no
+# guarantee it's going to be in DNS, or that external networking is
+# up when trove-early-setup runs. We work around this by creating
+# /etc/hosts with the right line.
+echo "Add localhost to /etc/hosts"
+cat <<EOF >> "$ROOT/etc/hosts"
+127.0.0.1 localhost
+EOF
+
+##########################################################################
+
+echo "Create /var/lib/trove-setup"
+install -d -o 0 -g 0 -m 0755 "$ROOT/var/lib/trove-setup"
+touch "$ROOT/var/lib/trove-setup/needed"
+chown 0:0 "$ROOT/var/lib/trove-setup/needed"
+chmod 0600 "$ROOT/var/lib/trove-setup/needed"
+
+##########################################################################
+
+# Put the lorry ssh keys onto the system. The trove-early-setup unit will
+# put them into the right place for the lorry user upon first boot.
+# We can't do that right now, because the lorry user won't exist until
+# trove-early-setup has run.
+echo "Copy Lorry ssh key to system"
+install -m 0600 "$LORRY_SSH_KEY" "$ROOT/var/lib/trove-setup/lorry.key"
+install -m 0644 "${LORRY_SSH_KEY}.pub" \
+ "$ROOT/var/lib/trove-setup/lorry.key.pub"
+
+##########################################################################
+
+echo "Copy admin's ssh public key to system"
+install -m 0644 "$TROVE_ADMIN_SSH_PUBKEY" \
+ "$ROOT/var/lib/trove-setup/admin.key.pub"
+
+##########################################################################
+
+echo "Copy worker's ssh public key to system"
+install -m 0644 "$WORKER_SSH_PUBKEY" \
+ "$ROOT/var/lib/trove-setup/worker.key.pub"
+
+##########################################################################
+
+echo "Copy mason's ssh public key to system"
+install -m 0644 "$MASON_SSH_PUBKEY" \
+ "$ROOT/var/lib/trove-setup/mason.key.pub"
+
+##########################################################################
+
+if [ "x$MASON_DEFAULT_CI_HOSTS_FILE" = x ]; then
+ echo "No default Mason hosts provided, using '[]'"
+ printf '[\n]\n' >"$ROOT/var/lib/trove-setup/hosts.json.txt"
+else
+ echo "Copy default Mason host configuration to the System"
+ install -m 0644 "$MASON_DEFAULT_CI_HOSTS_FILE" \
+ "$ROOT/var/lib/trove-setup/hosts.json.txt"
+fi
+
+if [ "x$MASON_DEFAULT_CI_SYSTEMS_FILE" = x ]; then
+ echo "No default Mason systems provided, using '[]'"
+ printf '[\n]\n' >"$ROOT/var/lib/trove-setup/systems.json.txt"
+else
+ echo "Copy default Mason system configuration to the System"
+ install -m 0644 "$MASON_DEFAULT_CI_SYSTEMS_FILE" \
+ "$ROOT/var/lib/trove-setup/systems.json.txt"
+fi
+
+##########################################################################
+
+echo "Create trove-early-setup unit file"
+cat <<EOF > "$ROOT/var/lib/trove-setup/trove-early-setup.service"
+[Unit]
+Description=Run trove-early-setup (once)
+Requires=network.target
+After=network.target
+Requires=opensshd.service
+After=opensshd.service
+ConditionPathExists=/var/lib/trove-setup/needed
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c 'ssh-keyscan localhost $UPSTREAM_TROVE> /etc/ssh/ssh_known_hosts'
+ExecStart=/usr/bin/trove-early-setup
+ExecStart=/usr/bin/install -m 0600 -o lorry -g lorry /var/lib/trove-setup/lorry.key /home/lorry/.ssh/id_rsa
+ExecStart=/usr/bin/install -m 0644 -o lorry -g lorry /var/lib/trove-setup/lorry.key.pub /home/lorry/.ssh/id_rsa.pub
+ExecStart=/bin/su git -c 'ssh git@localhost as lorry sshkey add configured < /var/lib/trove-setup/lorry.key.pub'
+ExecStart=/bin/su git -c 'ssh git@localhost user add $TROVE_ADMIN_USER $TROVE_ADMIN_EMAIL $TROVE_ADMIN_NAME'
+ExecStart=/bin/su git -c 'ssh git@localhost group adduser trove-admin $TROVE_ADMIN_USER'
+ExecStart=/bin/su git -c 'ssh git@localhost as $TROVE_ADMIN_USER sshkey add default < /var/lib/trove-setup/admin.key.pub'
+ExecStart=/bin/su git -c 'ssh git@localhost as distbuild sshkey add default < /var/lib/trove-setup/worker.key.pub'
+ExecStart=/bin/su git -c 'ssh git@localhost as mason sshkey add default < /var/lib/trove-setup/mason.key.pub'
+ExecStart=/bin/mkdir -p /var/run/lighttpd/
+ExecStart=/bin/chown cache:cache /var/run/lighttpd/
+ExecStart=/bin/rm /var/lib/trove-setup/needed
+ExecStart=/sbin/reboot
+Restart=no
+EOF
+
+ln -s "/var/lib/trove-setup/trove-early-setup.service" \
+ "$ROOT/etc/systemd/system/multi-user.target.wants/trove-early-setup.service"