forked from dennyzhang/devops_public
-
Notifications
You must be signed in to change notification settings - Fork 0
/
devops_provision_os.sh
executable file
·108 lines (95 loc) · 3.79 KB
/
devops_provision_os.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#!/bin/bash -e
##-------------------------------------------------------------------
## @copyright 2016 DennyZhang.com
## Licensed under MIT
## https://raw.githubusercontent.com/DennyZhang/devops_public/tag_v1/LICENSE
##
## File : devops_provision_os.sh
## Author : Denny <[email protected]>
## Description :
# curl -o /root/devops_provision_os.sh https://raw.githubusercontent.com/.../.../chef/devops_provision_os.sh
# bash -e /root/devops_provision_os.sh
## --
## Created : <2016-04-20>
## Updated: Time-stamp: <2017-04-12 15:11:51>
################################################################################################
. /etc/profile
[ -n "$DOWNLOAD_TAG_NAME" ] || export DOWNLOAD_TAG_NAME="tag_v5"
export DOWNLOAD_PREFIX="https://raw.githubusercontent.com/DennyZhang/devops_public/${DOWNLOAD_TAG_NAME}"
if [ ! -f /var/lib/devops/refresh_common_library.sh ]; then
[ -d /var/lib/devops/ ] || (sudo mkdir -p /var/lib/devops/ && sudo chmod 777 /var/lib/devops)
wget -O /var/lib/devops/refresh_common_library.sh "$DOWNLOAD_PREFIX/common_library/refresh_common_library.sh"
fi
bash /var/lib/devops/refresh_common_library.sh "2953601642" "/var/lib/devops/devops_common_library.sh" \
"${DOWNLOAD_PREFIX}/common_library/devops_common_library.sh"
. /var/lib/devops/devops_common_library.sh
################################################################################################
# TODO: better way to update this bash common library
ssh_port=${1:-"2702"}
chef_version="12.4.1"
ssh_email="[email protected]"
ssh_public_key_file="/root/ssh_id_rsa.pub"
git_deploy_key_file="/root/git_deploy_key"
if [ -f "$ssh_public_key_file" ]; then
export ssh_public_key
ssh_public_key=$(cat "$ssh_public_key_file")
fi
if [ -f "$git_deploy_key_file" ]; then
export git_deploy_key
git_deploy_key=$(cat "$git_deploy_key_file")
fi
################################################################################
function disable_ipv6() {
# TODO: persist the change
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
}
function change_vm_swappiness() {
sysctl vm.swappiness=0
}
log "disable ipv6, due to known issue with Linode Provider"
disable_ipv6
# TODO: remove this, once the same logic has been integrated to chef
log "Change vm.swappiness=0, only use swap when all RAM is used"
change_vm_swappiness
log "enable chef deployment"
install_package_list "wget,curl,git,tmux,zip"
install_chef $chef_version
download_facility "/root/git_update.sh" "${DOWNLOAD_PREFIX}/bash/git_update.sh"
download_facility "/root/manage_all_services.sh" "${DOWNLOAD_PREFIX}/bash/manage_all_services/manage_all_services.sh"
download_facility "/root/ufw_add_node_to_cluster.sh" "${DOWNLOAD_PREFIX}/bash/ufw/ufw_add_node_to_cluster.sh"
# inject ssh key for ssh with keyfile
if [ -n "$ssh_public_key" ]; then
inject_ssh_authorized_keys "$ssh_email" "$ssh_public_key"
fi
# support git clone for DevOps code
if [ -n "$git_deploy_key" ]; then
git_key_file="/root/.ssh/git_id_rsa"
cat > "$git_key_file" <<EOF
$git_deploy_key
EOF
chmod 400 "$git_key_file"
cat > "/root/.ssh/config" <<EOF
Host github.com
StrictHostKeyChecking no
User git
HostName github.com
IdentityFile $git_key_file
EOF
fi
if ! which tmux 2>/dev/null 1>&2; then
apt-get install -y tmux
fi
if [ "$ssh_port" != "22" ]; then
echo "Change sshd port to $ssh_port"
sed -i "s/Port 22/Port $ssh_port/g" /etc/ssh/sshd_config
echo "Restart sshd to take effect"
nohup service ssh restart &
fi
# TODO: enforce this in chef, instead of bash
echo "Create elasticsearch data path"
mkdir -p /usr/share/elasticsearch
chmod 777 /usr/share/elasticsearch
# TODO: make sure ruby and rubygems are properly installed
echo "Action Done. Note: sshd listen on $ssh_port."
## File : devops_provision_os.sh ends