-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathstart
More file actions
executable file
·250 lines (199 loc) · 7.35 KB
/
start
File metadata and controls
executable file
·250 lines (199 loc) · 7.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
#!/usr/bin/ruby
require 'rubygems'
require 'hiera'
require 'erb'
require 'json'
require 'pp'
require 'optparse'
# Set the defaults, get the arguments
$environment = 'staging'
$role = 'base'
$region = 'ireland'
OptionParser.new do |opt|
opt.on('-e', '--environment ENVIRONMENT') { |o| $environment = o }
opt.on('-r', '--role ROLE') { |o| $role = o }
opt.on('-p', '--region REGION') { |o| $region = o }
end.parse!
# Init hiera
HIERADB = Hiera.new(:config => 'hiera/hiera.yaml')
def hiera(key)
var = HIERADB.lookup(key, nil, { "::environment" => $environment, "::role" => $role, "::region" => $region} )
puts "Warning, hiera returning nil for key #{key}" if var.nil?
return var
end
# Set some global stuff, mostly reading from Hiera
$domain = hiera("domain")
$git_remote = "origin"
$git_repo = %x(git config --get remote.#{$git_remote}.url).chomp
$git_branch = %x(git rev-parse --abbrev-ref HEAD).chomp
$key = hiera("aws::key")
$owner = %x(id -u -n).chomp
$image_id = hiera("aws::image-id")
$instance_type = hiera("aws::instance-type")
$aws_region = hiera("aws::region")
$vpc_id = hiera("aws::vpc-id")
$public_subnet = hiera("aws::subnet::public")
$private_subnet = hiera("aws::subnet::private")
$user_data_file = "/tmp/userdata.#{Process.pid}"
# Get the arguments
$hostname = $role
$dns = "#{$hostname}.#{$domain}"
$iam_profile = hiera("aws::iam-profile")
$security_group_ids = %x(aws ec2 describe-security-groups --region #{$aws_region} --filters Name=vpc-id,Values=#{$vpc_id} --output json|jgrep "SecurityGroups/*/GroupName,GroupId"|grep -E "#{$environment}|#{$role}|default"|cut -d, -f2|paste -s -d" " -).chomp
$public_ip_option = "--associate-public-ip-address"
puts "Found Security groups :" + $security_group_ids
def get_template()
%{Content-Type: multipart/mixed; boundary=hCBmba2sC4RI8b9Te8pcDDezMumEN1aU
MIME-Version: 1.0
--hCBmba2sC4RI8b9Te8pcDDezMumEN1aU
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
# Upgrade installed packages
package_upgrade: true
# Install additional packages on first boot
packages:
- lvm2
- wget
- git
- puppet3
- awscli
# run commands
# runcmd contains a list of either lists or a string
# each item will be executed in order
runcmd:
- sh -c echo "Hello world"
# set the locale
locale: en_US.UTF-8
# timezone: set the timezone for this instance (ALWAYS user UTC!)
timezone: UTC
# Log all cloud-init process output (info & errors) to a logfile
output: {all: ">> /var/log/cloud-init-output.log"}
# final_message written to log when cloud-init processes are finished
final_message: "System boot complete, after $UPTIME seconds. Finished at $TIMESTAMP"
write_files:
- path: /usr/local/bin/puppet-apply
permissions: '0755'
content: |
#!/bin/bash
puppet apply --debug --verbose /etc/puppet/manifests/site.pp
- path: /usr/local/bin/puppet-pull
permissions: '0755'
content: |
#!/bin/bash
. /etc/git_settings.sh
cd /var/cache/bootstrap
git fetch && git reset origin/<%= $git_branch %> --hard
- path: /usr/local/bin/puppet-pull-apply
permissions: '0755'
content: |
#!/bin/bash
puppet-pull && puppet-apply
- path: /etc/puppet/puppet.conf
permissions: '0555'
content: |
[main]
environment = <%= $environment %>
certname = <%= $dns %>
- path: /etc/git_settings.sh
permissions: '0755'
content: |
#!/bin/bash
export GIT_REPO="<%= $git_repo %>"
export GIT_BRANCH="<%= $git_branch %>"
preserve_hostname: true
manage_etc_hosts: false
bootcmd:
- cloud-init-per instance my_set_hostname sh -xc "echo <%= $hostname %> > /etc/hostname; hostname -F /etc/hostname"
- cloud-init-per instance my_etc_hosts sh -xc "sed -i -e '/^127.0.0.1/d' /etc/hosts; echo 127.0.0.1 <%= $dns %> <%= $hostname %> localhost >> /etc/hosts"
--hCBmba2sC4RI8b9Te8pcDDezMumEN1aU
Content-Type: text/x-shellscript; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="user-script.txt"
#!/bin/bash
set -x
. /etc/git_settings.sh
# Get the github ssh key out of s3 (IAM providing access to S3)
# so we can clone from our private github repos
for attempt in {1..10} ; do
if (aws --region eu-west-1 s3 cp s3://<%= $domain %>/git-keys/id_rsa /root/.ssh/id_rsa) then
chmod 600 /root/.ssh/id_rsa
break
fi
echo "Could not copy github key from S3 (yet?), retrying in 2 seconds."
sleep 2
done
# Add github.com to known_hosts
ssh -T -oStrictHostKeyChecking=no git@github.com
# do not run the puppet agent, as we don't have a puppet master either
service puppet stop
chkconfig puppet off
REPO_DIR=/var/cache/bootstrap
# clone puppet manifest from github
# TODO fallback to backup server if connection to github fails
if [ -f ${REPO_DIR}/.git ]; then
# if /etc/puppet already is a git repository, just pull the latest changes
# (this means we're probably running from a snapshotted AMI)
cd ${REPO_DIR}
git fetch && git reset origin/${GIT_BRANCH} --hard
else
# Otherwise, clone a clean repo
rm -rf /etc/puppet/files /etc/puppet/manifests /etc/puppet/modules /etc/puppet/templates /etc/puppet/ssl \
/etc/puppet/etckeeper* /etc/puppet/*.dpkg-dist /etc/puppet/hiera.yaml /etc/puppet/environments
git clone --depth 20 -b ${GIT_BRANCH} ${GIT_REPO} ${REPO_DIR}
mv /etc/puppet/* ${REPO_DIR}/puppet
rm -rf /etc/puppet
ln -s ${REPO_DIR}/puppet /etc/puppet
ln -s ${REPO_DIR}/hiera /etc/hiera
fi
# Run puppet
/usr/local/bin/puppet-apply
--hCBmba2sC4RI8b9Te8pcDDezMumEN1aU--
}
end
# lets render the template
out = ERB.new(get_template())
# print out.result
File.open($user_data_file, "w+") do |f|
f.write(out.result)
end
puts "Starting instance ..."
out = JSON.parse( %x( aws ec2 run-instances \
--image-id #{$image_id} \
--region #{$aws_region} \
--key #{$key} \
--security-group-ids #{$security_group_ids} \
--user-data file:///#{$user_data_file} \
--instance-type #{$instance_type} \
--iam-instance-profile Name="#{$iam_profile}" \
--subnet #{$public_subnet} \
#{$public_ip_option} \
--output json ))
$instanceid = out["Instances"][0]["InstanceId"]
# Set some tags
puts "Setting tags ..."
%x( aws ec2 create-tags --region #{$aws_region} --resources #{$instanceid} --tags \
Key=Name,Value=#{$hostname} \
Key=Role,Value=#{$role} \
Key=Environment,Value=#{$environment} \
Key=Owner,Value=#{$owner} )
# Fetch the public ip-address
puts "Waiting for public ip address ..."
$public_ip = ""
30.downto(0) do
$public_ip = %x(aws ec2 describe-instances --region #{$aws_region} --instance-id #{$instanceid} --output json|jgrep "Reservations/0/Instances/0/PublicIpAddress")
break unless $public_ip.match("nil")
sleep 1
end
if $public_ip.match("nil")
puts "... giving up after 30 sec."
exit
end
# Set DNS - gratisDNS / R53 ??
# Cleanup
File.delete($user_data_file)
puts "--------------------------------------------------------------------------------------"
puts "Instance ready :"
puts %x(aws ec2 describe-instances --region #{$aws_region} --instance-id #{$instanceid} --output table)