vop-services 0.3.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/Rakefile +1 -0
- data/apache/apache.plugin +2 -0
- data/apache/commands/add_reverse_proxy.rb +32 -0
- data/apache/commands/add_static_vhost.rb +20 -0
- data/apache/commands/add_vhost.rb +38 -0
- data/apache/commands/parse_vhost_config.rb +43 -0
- data/apache/commands/tail_access_log.rb +7 -0
- data/apache/entities/available_vhost.rb +12 -0
- data/apache/entities/enabled_vhost.rb +14 -0
- data/apache/entities/vhost.rb +32 -0
- data/apache/files/apache_16px.png +0 -0
- data/apache/services/apache.rb +7 -0
- data/apache/services/reverse_proxy.rb +17 -0
- data/apache/templates/reverse.proxy.conf.erb +18 -0
- data/apache/templates/static.conf.erb +1 -0
- data/apache/templates/vhost.conf.erb +15 -0
- data/certbot/certbot.plugin +1 -0
- data/certbot/commands/letsencrypt.rb +21 -0
- data/certbot/files/letsencrypt_16px.png +0 -0
- data/certbot/services/certbot.rb +8 -0
- data/isoremix/commands/fetch_ubuntu_iso.rb +40 -0
- data/isoremix/commands/list_rebuilt_isos.rb +9 -0
- data/isoremix/commands/list_remix_configs.rb +9 -0
- data/isoremix/commands/list_source_isos.rb +9 -0
- data/isoremix/commands/new_vm_from_iso.rb +17 -0
- data/isoremix/commands/new_vm_from_latest.rb +22 -0
- data/isoremix/commands/new_vm_from_latest_ubuntu.rb +19 -0
- data/isoremix/commands/rebuild_debian_iso.rb +62 -0
- data/isoremix/files/rebuild-debian-iso +75 -0
- data/isoremix/helpers/isoremix_dir.rb +3 -0
- data/isoremix/isoremix.plugin +10 -0
- data/isoremix/services/isoremix.rb +29 -0
- data/isoremix/templates/authorized_keys.erb +1 -0
- data/isoremix/templates/post_install.sh.erb +20 -0
- data/isoremix/templates/preseed.cfg.erb +59 -0
- data/ubuntu/commands/inspect_package.rb +6 -0
- data/ubuntu/commands/install_package.rb +7 -0
- data/ubuntu/commands/install_repo.rb +7 -0
- data/ubuntu/commands/list_packages.rb +8 -0
- data/ubuntu/services/base_install.rb +10 -0
- data/ubuntu/services/host_install.rb +14 -0
- data/ubuntu/services/preferences.rb +1 -0
- data/ubuntu/ubuntu.plugin +1 -0
- data/vop/files/vop_16px.png +0 -0
- data/vop/services/vop.rb +6 -0
- data/vop/vop.plugin +0 -0
- data/vop-services.gemspec +22 -0
- metadata +133 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 9e268137477755f60ca26cdd3ca4575041b5b822
|
4
|
+
data.tar.gz: 916fe9fe6706e0670ed1c8071a979b3bc6bcfa90
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 6aff62d350acec63c8f38aab623e192bc3602e78ed937c8b66b7b095095e4b4b7da9052e883a108ae91d3e80ed586643d81601faf8e95b4f026f8538de9c7c76
|
7
|
+
data.tar.gz: d3d149e82dbbd20818205d73b2061690d468ec12e4905b0314fae499773edb556f173187857ec8cd757b03564d4042e6c80302c7b35129762018b2029f20c29c
|
data/Rakefile
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require "bundler/gem_tasks"
|
@@ -0,0 +1,32 @@
|
|
1
|
+
description "adds a name-based virtual host that acts as reverse proxy (forwarding incoming traffic to a remote backend)"
|
2
|
+
|
3
|
+
param! :machine
|
4
|
+
param! "server_name",
|
5
|
+
description: "the http domain served by this vhost",
|
6
|
+
default_param: true,
|
7
|
+
multi: true
|
8
|
+
param! "target_url",
|
9
|
+
description: "http url to the backend",
|
10
|
+
multi: true
|
11
|
+
param "port",
|
12
|
+
description: "the port number to serve on (80 or 443)",
|
13
|
+
default: 80
|
14
|
+
param "timeout",
|
15
|
+
description: "configuration for the ProxyTimeout directive - timeout in seconds to wait for a proxied response",
|
16
|
+
default: 60
|
17
|
+
|
18
|
+
run do |plugin, machine, server_name, target_url, port, params|
|
19
|
+
reverse_proxy_config = @op.read_template(
|
20
|
+
template: File.join(plugin.plugin_dir(:templates), "reverse.proxy.conf.erb"),
|
21
|
+
vars: {
|
22
|
+
"target_urls" => target_url,
|
23
|
+
"proxy_timeout" => params["timeout"]
|
24
|
+
}
|
25
|
+
)
|
26
|
+
|
27
|
+
machine.add_vhost(
|
28
|
+
server_name: server_name,
|
29
|
+
port: port,
|
30
|
+
vhost_config: reverse_proxy_config
|
31
|
+
)
|
32
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
param! :machine
|
2
|
+
param! "server_name",
|
3
|
+
description: "the http domain served by this vhost",
|
4
|
+
default_param: true,
|
5
|
+
multi: true
|
6
|
+
param! "web_root"
|
7
|
+
|
8
|
+
run do |machine, server_name, web_root, plugin|
|
9
|
+
static_vhost_config = @op.read_template(
|
10
|
+
template: File.join(plugin.plugin_dir(:templates), "static.conf.erb"),
|
11
|
+
vars: {
|
12
|
+
"document_root" => web_root
|
13
|
+
}
|
14
|
+
)
|
15
|
+
|
16
|
+
machine.add_vhost(
|
17
|
+
server_name: server_name,
|
18
|
+
vhost_config: static_vhost_config
|
19
|
+
)
|
20
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
param! :machine
|
2
|
+
param! "server_name", default_param: true, multi: true
|
3
|
+
param "vhost_config", default: ""
|
4
|
+
param "port", default: 80
|
5
|
+
|
6
|
+
run do |plugin, machine, server_name, vhost_config, port|
|
7
|
+
# write apache config
|
8
|
+
port_unless_80 = port != 80 ? "_#{port}" : ""
|
9
|
+
config_name = "#{server_name.first}#{port_unless_80}"
|
10
|
+
available_path = "/etc/apache2/sites-available/#{config_name}.conf"
|
11
|
+
|
12
|
+
vars = {
|
13
|
+
"server_names" => server_name,
|
14
|
+
"port" => port
|
15
|
+
}
|
16
|
+
machine.write_template(
|
17
|
+
template: File.join(plugin.plugin_dir(:templates), "vhost.conf.erb"),
|
18
|
+
to: available_path,
|
19
|
+
bind: OpenStruct.new(vars).instance_eval { binding }
|
20
|
+
)
|
21
|
+
|
22
|
+
# remove default template
|
23
|
+
if machine.file_exists "/etc/apache2/sites-enabled/000-default.conf"
|
24
|
+
machine.sudo "unlink /etc/apache2/sites-enabled/000-default.conf"
|
25
|
+
end
|
26
|
+
|
27
|
+
# enable vhost
|
28
|
+
unless machine.file_exists "/etc/apache2/sites-enabled/#{config_name}.conf"
|
29
|
+
machine.sudo "ln -s #{available_path} /etc/apache2/sites-enabled/"
|
30
|
+
end
|
31
|
+
|
32
|
+
# invalidate
|
33
|
+
machine.list_files! "/etc/apache2/sites-enabled"
|
34
|
+
machine.list_files! "/etc/apache2/sites-available"
|
35
|
+
machine.read_file! file: available_path
|
36
|
+
|
37
|
+
machine.sudo("service apache2 restart")
|
38
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
param! :machine
|
2
|
+
param! "file", default_param: true
|
3
|
+
param "raw", default: false
|
4
|
+
|
5
|
+
run do |machine, file, raw|
|
6
|
+
result = {}
|
7
|
+
machine.read_file("file" => file).lines.each do |line|
|
8
|
+
line.strip!
|
9
|
+
|
10
|
+
if /^\s*([^#]+?\S+)\s+(.+)/ =~ line
|
11
|
+
(key, value) = [$1, $2]
|
12
|
+
|
13
|
+
case key
|
14
|
+
when "ProxyPass"
|
15
|
+
(path, url) = value.split(" ")
|
16
|
+
|
17
|
+
result["proxy"] = {
|
18
|
+
"path" => path,
|
19
|
+
"url" => url
|
20
|
+
}
|
21
|
+
|
22
|
+
if /^http(s?)\:\/\/([^\/]+)\/$/.match(url)
|
23
|
+
result["proxy"]["host"] = $2
|
24
|
+
end
|
25
|
+
when "ServerName"
|
26
|
+
result["domain"] = value
|
27
|
+
when "DocumentRoot"
|
28
|
+
result["web_root"] = value
|
29
|
+
# <VirtualHost : *:443>
|
30
|
+
when "<VirtualHost"
|
31
|
+
if value =~ /\:443/
|
32
|
+
result["https"] = true
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
if raw
|
37
|
+
result[key] = value
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
result
|
43
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
key "name"
|
2
|
+
|
3
|
+
on :machine
|
4
|
+
|
5
|
+
entity do |machine|
|
6
|
+
@op.machines[machine].list_files("/etc/apache2/sites-enabled").map do |file|
|
7
|
+
(source, target) = file["name"].split("->").map(&:strip)
|
8
|
+
{
|
9
|
+
"name" => source,
|
10
|
+
"target" => target,
|
11
|
+
"enabled" => true
|
12
|
+
}
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
key "name"
|
2
|
+
|
3
|
+
on :machine
|
4
|
+
|
5
|
+
show columns: [ "name", "enabled" ]
|
6
|
+
|
7
|
+
entity do |machine|
|
8
|
+
machine = @op.machines[machine]
|
9
|
+
|
10
|
+
# result is made up of enabled_vhosts
|
11
|
+
result = machine.enabled_vhosts.map(&:data)
|
12
|
+
|
13
|
+
# + available_hosts that are not also enabled
|
14
|
+
enabled_names = result.map { |x| x["target"].split("/").last }
|
15
|
+
machine.available_vhosts.each do |vhost|
|
16
|
+
unless enabled_names.include? vhost["name"]
|
17
|
+
result << {
|
18
|
+
"name" => vhost["name"],
|
19
|
+
"enabled" => false
|
20
|
+
}
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
# read vhost config
|
25
|
+
result.each do |vhost|
|
26
|
+
vhost.merge! machine.parse_vhost_config(
|
27
|
+
"/etc/apache2/sites-available/#{vhost["name"]}"
|
28
|
+
)
|
29
|
+
end
|
30
|
+
|
31
|
+
result
|
32
|
+
end
|
Binary file
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# TODO inherit from: "apache.apache"
|
2
|
+
# (or: depend on: "apache.apache" ?)
|
3
|
+
|
4
|
+
# disabled because we don't want duplicate apache service markers in the map
|
5
|
+
#process_regex /httpd/
|
6
|
+
#process_regex /apache2/
|
7
|
+
|
8
|
+
port tcp: 80
|
9
|
+
#icon "apache_16px.png"
|
10
|
+
|
11
|
+
deploy package: ["apache2"]
|
12
|
+
|
13
|
+
# --- reverse proxy specific ---
|
14
|
+
|
15
|
+
deploy do |machine|
|
16
|
+
machine.sudo "a2enmod proxy proxy_balancer proxy_http"
|
17
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
<% if target_urls.size > 1 %>
|
2
|
+
<Proxy balancer://mycluster/>
|
3
|
+
<% target_urls.each do |target_url| %>
|
4
|
+
BalancerMember <%= target_url %>
|
5
|
+
<% end %>
|
6
|
+
</Proxy>
|
7
|
+
ProxyPass / balancer://mycluster/
|
8
|
+
<% else %>
|
9
|
+
<% target_url = target_urls.first %>
|
10
|
+
<% target_url += "/" unless target_url.end_with? "/" %>
|
11
|
+
ProxyPass / <%= target_url %>
|
12
|
+
ProxyPassReverse / <%= target_url %>
|
13
|
+
<% end %>
|
14
|
+
|
15
|
+
ProxyPreserveHost On
|
16
|
+
<% if proxy_timeout %>
|
17
|
+
ProxyTimeout <%= proxy_timeout %>
|
18
|
+
<% end %>
|
@@ -0,0 +1 @@
|
|
1
|
+
DocumentRoot <%= document_root %>
|
@@ -0,0 +1,15 @@
|
|
1
|
+
<VirtualHost *:<%= port %>>
|
2
|
+
ServerName <%= server_names.first %>
|
3
|
+
<% server_names[1..server_names.size-1].each do |name| %>
|
4
|
+
ServerAlias <%= name %>
|
5
|
+
<% end %>
|
6
|
+
|
7
|
+
ServerAdmin webmaster@localhost
|
8
|
+
|
9
|
+
<%= vhost_config %>
|
10
|
+
|
11
|
+
ErrorLog ${APACHE_LOG_DIR}/error.log
|
12
|
+
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
13
|
+
</VirtualHost>
|
14
|
+
|
15
|
+
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
@@ -0,0 +1 @@
|
|
1
|
+
config_param! "eff_email", "email address for registration with the EFF"
|
@@ -0,0 +1,21 @@
|
|
1
|
+
param! :machine
|
2
|
+
param! "domain", multi: true, default_param: true
|
3
|
+
|
4
|
+
run do |plugin, machine, domain|
|
5
|
+
certbot_email = plugin.config["eff_email"]
|
6
|
+
if certbot_email.nil?
|
7
|
+
raise "missing configuration key 'eff_email'"
|
8
|
+
end
|
9
|
+
|
10
|
+
certbot_bin = "certbot"
|
11
|
+
|
12
|
+
domain.each do |d|
|
13
|
+
certbot_cmd = "#{certbot_bin} --non-interactive -m #{certbot_email} --agree-tos --eff-email"
|
14
|
+
certbot_cmd += " --apache -d #{d}"
|
15
|
+
machine.sudo(certbot_cmd)
|
16
|
+
end
|
17
|
+
|
18
|
+
# invalidate
|
19
|
+
machine.list_files! "/etc/apache2/sites-enabled"
|
20
|
+
machine.list_files! "/etc/apache2/sites-available"
|
21
|
+
end
|
Binary file
|
@@ -0,0 +1,40 @@
|
|
1
|
+
param! :machine
|
2
|
+
|
3
|
+
param! "version", :default => "16.04"
|
4
|
+
|
5
|
+
run do |machine, version|
|
6
|
+
dir = isoremix_dir("clean")
|
7
|
+
|
8
|
+
upstream_url = "http://releases.ubuntu.com/#{version}"
|
9
|
+
|
10
|
+
input = machine.curl "#{upstream_url}/"
|
11
|
+
links = input.scan /<a href="(ubuntu-(#{version}[\.\d]+)-(.+?)-(.+?)\.([^>]+))">/
|
12
|
+
|
13
|
+
files = links.map do |link|
|
14
|
+
{
|
15
|
+
url: "#{upstream_url}/#{link[0]}",
|
16
|
+
version: link[1],
|
17
|
+
type: link[2],
|
18
|
+
arch: link[3],
|
19
|
+
extension: link[4]
|
20
|
+
}
|
21
|
+
end
|
22
|
+
|
23
|
+
isos = files.select do |file|
|
24
|
+
file[:extension] == "iso" &&
|
25
|
+
file[:arch] == "amd64" &&
|
26
|
+
file[:type] == "server"
|
27
|
+
end
|
28
|
+
|
29
|
+
iso = isos.first
|
30
|
+
raise "no ISO found" if iso.nil?
|
31
|
+
|
32
|
+
url = iso[:url]
|
33
|
+
$logger.info "found URL : #{url}"
|
34
|
+
|
35
|
+
file_name = url.split("/").last
|
36
|
+
machine.download_file(
|
37
|
+
url: url,
|
38
|
+
file: "#{dir}/#{file_name}"
|
39
|
+
)
|
40
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
param! :machine
|
2
|
+
|
3
|
+
param! "name"
|
4
|
+
|
5
|
+
param "memory", description: "in MB", default: 512
|
6
|
+
param "cpu_count", default: 1
|
7
|
+
param "disk_size", description: "in GB", default: 25
|
8
|
+
|
9
|
+
param! "iso", :lookup => lambda { |params| @op.list_rebuilt_isos("machine" => params["machine"]).map { |x| x["name"] } }
|
10
|
+
|
11
|
+
run do |params|
|
12
|
+
base_path = isoremix_dir("rebuilt")
|
13
|
+
iso = params.delete("iso")
|
14
|
+
iso_path = File.join(base_path, iso)
|
15
|
+
|
16
|
+
@op.new_vm(params.merge({"iso_path" => iso_path}))
|
17
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
param! :machine
|
2
|
+
|
3
|
+
param! "name"
|
4
|
+
|
5
|
+
param "memory", description: "in MB", default: 512
|
6
|
+
param "cpu_count", default: 1
|
7
|
+
param "disk_size", description: "in GB", default: 25
|
8
|
+
|
9
|
+
param! "iso_regex", "a regular expression to filter ISO names against"
|
10
|
+
|
11
|
+
run do |machine, params|
|
12
|
+
iso_regex = Regexp.new(params.delete("iso_regex"))
|
13
|
+
|
14
|
+
found = machine.list_rebuilt_isos.select do |iso|
|
15
|
+
iso["name"] =~ iso_regex
|
16
|
+
end
|
17
|
+
raise "no rebuilt ISO found matching name pattern #{iso_regex}" unless found && found.size > 0
|
18
|
+
iso_name = found.sort_by { |x| x["timestamp"] }.last["name"]
|
19
|
+
|
20
|
+
$logger.info "latest ISO found : #{iso_name}"
|
21
|
+
@op.new_vm_from_iso(params.merge({"iso" => iso_name}))
|
22
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
param! :machine
|
2
|
+
|
3
|
+
param! "name"
|
4
|
+
|
5
|
+
param "memory", description: "in MB", default: 512
|
6
|
+
param "cpu_count", default: 1
|
7
|
+
param "disk_size", description: "in GB", default: 25
|
8
|
+
|
9
|
+
run do |machine, name, params|
|
10
|
+
new_machine = @op.new_vm_from_latest(params.merge({"iso_regex" => "ubuntu"}))
|
11
|
+
|
12
|
+
@op.track_installation_status(
|
13
|
+
host_name: machine.name,
|
14
|
+
vm_name: name,
|
15
|
+
status: "base_installing"
|
16
|
+
)
|
17
|
+
|
18
|
+
new_machine.install_service("service" => "ubuntu.base_install")
|
19
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
param! :machine
|
2
|
+
param! "source_iso", lookup: lambda { |params|
|
3
|
+
@op.list_source_isos(params["machine"]).map { |x| x["name"] }
|
4
|
+
}
|
5
|
+
|
6
|
+
param "just_kidding", default: false
|
7
|
+
|
8
|
+
run do |machine, source_iso, just_kidding|
|
9
|
+
config_dir = isoremix_dir("config")
|
10
|
+
|
11
|
+
# prepare a directory to hold the config we've used
|
12
|
+
unless source_iso =~ /(.+)\.iso$/
|
13
|
+
raise "unexpected iso file extension"
|
14
|
+
end
|
15
|
+
base_name = $1
|
16
|
+
config_root = File.join(config_dir, "#{base_name}.config")
|
17
|
+
$logger.info "config base : #{config_root}"
|
18
|
+
|
19
|
+
last_config = machine.list_remix_configs.select do |config|
|
20
|
+
config["name"] =~ /^#{base_name}/
|
21
|
+
end.map { |x| x["name"] }.sort.last
|
22
|
+
|
23
|
+
idx = 1
|
24
|
+
if last_config =~ /config(\d+)$/
|
25
|
+
last_used_idx = $1.to_i
|
26
|
+
idx = last_used_idx + 1
|
27
|
+
end
|
28
|
+
|
29
|
+
config_name = "#{config_root}#{idx}"
|
30
|
+
$logger.info "storing config in #{config_name}"
|
31
|
+
# TODO make sure there does not exist a dir named config_name yet
|
32
|
+
machine.mkdirs(config_name)
|
33
|
+
|
34
|
+
# copy the config we've used
|
35
|
+
preseed_file = "/var/local/lib/isoremix/preseed.cfg"
|
36
|
+
machine.sudo("cp #{preseed_file} #{config_name}/")
|
37
|
+
preseed_file = "#{config_name}/preseed.cfg"
|
38
|
+
|
39
|
+
extra_dir = "/var/local/lib/isoremix/extra"
|
40
|
+
machine.sudo("cp -r #{extra_dir} #{config_name}/extra")
|
41
|
+
extra_dir = "#{config_name}/extra"
|
42
|
+
|
43
|
+
# figure out the name of the target ISO
|
44
|
+
source_path = "/var/local/lib/isoremix/clean/#{source_iso}"
|
45
|
+
target_path = "/var/local/lib/isoremix/rebuilt/#{base_name}.rebuild#{idx}.iso"
|
46
|
+
|
47
|
+
# and go
|
48
|
+
rebuild_cmd = "rebuild-debian-iso #{source_path} #{target_path} #{preseed_file} #{extra_dir}"
|
49
|
+
|
50
|
+
if just_kidding
|
51
|
+
puts "[noop] would run >>#{rebuild_cmd}<<"
|
52
|
+
else
|
53
|
+
output = machine.sudo(rebuild_cmd)
|
54
|
+
matched = /Output ISO generated:\s+(.+)/m.match(output)
|
55
|
+
iso_path = matched.captures.first.strip
|
56
|
+
|
57
|
+
machine.sudo "chown libvirt-qemu:kvm #{iso_path}"
|
58
|
+
|
59
|
+
machine.list_rebuilt_isos!
|
60
|
+
machine.list_remix_configs!
|
61
|
+
end
|
62
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
|
3
|
+
# from https://github.com/cdown/rebuild-debian-iso
|
4
|
+
|
5
|
+
shopt -s globstar
|
6
|
+
|
7
|
+
input_iso=$1
|
8
|
+
output_iso=$2
|
9
|
+
preseed=$3
|
10
|
+
input_file_dir=$4
|
11
|
+
|
12
|
+
msg() {
|
13
|
+
printf '>>> %s\n' "$@"
|
14
|
+
}
|
15
|
+
|
16
|
+
if ! [[ -r $input_iso && -r $preseed ]]; then
|
17
|
+
printf '%s\n' \
|
18
|
+
"Usage: ${0##*/} <input-iso> <output-iso> <preseed-file> [file-dir]" \
|
19
|
+
"" \
|
20
|
+
"input-iso: the debian iso to modify" \
|
21
|
+
"output-iso: where to store the modified iso" \
|
22
|
+
"preseed-file: the location of a preseed file to inject" \
|
23
|
+
"file-dir: an optional directory to be put at extra/ in the iso"
|
24
|
+
exit 1
|
25
|
+
fi
|
26
|
+
|
27
|
+
iso_dir=$(mktemp -d)
|
28
|
+
initrd_dir=$(mktemp -d)
|
29
|
+
|
30
|
+
msg "Extracting source image"
|
31
|
+
# TODO check that bsdtar is installed
|
32
|
+
bsdtar -C "$iso_dir" -xf "$input_iso"
|
33
|
+
|
34
|
+
ls $iso_dir/install
|
35
|
+
initrd=$iso_dir/install/initrd.gz
|
36
|
+
|
37
|
+
(
|
38
|
+
cd "$initrd_dir"
|
39
|
+
msg "Extracting initrd"
|
40
|
+
gzip -d < "$initrd" | cpio -i --no-absolute-filenames
|
41
|
+
)
|
42
|
+
|
43
|
+
msg "Injecting preseed"
|
44
|
+
cp "$preseed" "$initrd_dir/preseed.cfg"
|
45
|
+
|
46
|
+
(
|
47
|
+
msg "Rebuilding initrd"
|
48
|
+
cd "$initrd_dir"
|
49
|
+
find . -print0 | cpio -H newc -o -0 | gzip -9 > "$initrd"
|
50
|
+
)
|
51
|
+
|
52
|
+
msg "Setting up automatic booting to preseed"
|
53
|
+
sed -i 's/timeout 0/timeout 5/' "$iso_dir/isolinux/isolinux.cfg"
|
54
|
+
sed -i '/^\tappend/d' "$iso_dir/isolinux/txt.cfg"
|
55
|
+
printf '\tappend vga=788 initrd=/install.amd/initrd.gz auto text\n' >> "$iso_dir/isolinux/txt.cfg"
|
56
|
+
|
57
|
+
if [[ $input_file_dir ]]; then
|
58
|
+
msg "Adding custom files to 'extra' dir on image"
|
59
|
+
cp -a "$input_file_dir" "$iso_dir/extra"
|
60
|
+
fi
|
61
|
+
|
62
|
+
msg "Generating md5sums"
|
63
|
+
( cd "$iso_dir" && find . -type f -exec md5sum {} + > md5sum.txt )
|
64
|
+
|
65
|
+
msg "Generating output ISO image"
|
66
|
+
mkisofs -quiet \
|
67
|
+
-o "$output_iso" \
|
68
|
+
-r -J -no-emul-boot -boot-load-size 4 -boot-info-table \
|
69
|
+
-b isolinux/isolinux.bin -c isolinux/boot.cat \
|
70
|
+
"$iso_dir"
|
71
|
+
|
72
|
+
msg "Removing temporary directories"
|
73
|
+
rm -rf "$iso_dir" "$initrd_dir"
|
74
|
+
|
75
|
+
msg "Output ISO generated: $output_iso"
|
@@ -0,0 +1,10 @@
|
|
1
|
+
config_param "isoremix_root", default: "/var/local/lib/isoremix"
|
2
|
+
|
3
|
+
config_param! "root_password"
|
4
|
+
config_param "normal_user_name"
|
5
|
+
config_param "normal_user_full_name"
|
6
|
+
config_param "normal_user_password"
|
7
|
+
|
8
|
+
config_param "authorized_keys", multi: true, default: [
|
9
|
+
'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA21N2+aa0coKsw4nKlsQXOE0+ppSj5vMIbbNzzbp3Pw78DmYVUXuKiD+IZIwttK6MWMFyEt8Iv7SfeGWXMNTBHKTFi4ikbHIf2PnwGOBnF9/wiA18LlIsSAaYWdA9UOEGiJ8GkFs2TpP5yW25buXAD0mJtVi9PWrt1myeA0MWO0JLJ/1T7v8YFSU3iRxmN+cEto3eX4II2a7UkID/3Wy9qEoANDYHes6Nm008Z9jwg8zW1On6fTacaShIemWBv/ilTa41bYNywgqJqRtsMVp3fYdcWRff2hdqja8fIq1HAIGfMNOU+lqVUgXY7nXQc2nzzPtqaYEI/P4xOM3n2jYTNw== philipp@deepthinkpad'
|
10
|
+
]
|
@@ -0,0 +1,29 @@
|
|
1
|
+
isoremix_root = @plugin.config["isoremix_root"]
|
2
|
+
bin_path = "/usr/local/bin"
|
3
|
+
|
4
|
+
deploy create: {
|
5
|
+
in: isoremix_root,
|
6
|
+
dirs: ["config", "clean", "rebuilt", "extra"]
|
7
|
+
}
|
8
|
+
|
9
|
+
deploy files: "rebuild-debian-iso",
|
10
|
+
to: isoremix_root
|
11
|
+
|
12
|
+
deploy template: "preseed.cfg.erb",
|
13
|
+
to: "#{isoremix_root}/preseed.cfg"
|
14
|
+
|
15
|
+
deploy template: "post_install.sh.erb",
|
16
|
+
to: "#{isoremix_root}/extra/post_install.sh"
|
17
|
+
|
18
|
+
deploy template: "authorized_keys.erb",
|
19
|
+
to: "#{isoremix_root}/extra/authorized_keys"
|
20
|
+
|
21
|
+
deploy package: ["bsdtar", "genisoimage"]
|
22
|
+
|
23
|
+
deploy do |machine|
|
24
|
+
machine.chmod(file: "#{bin_path}/rebuild-debian-iso", permissions: "+x")
|
25
|
+
|
26
|
+
machine.list_source_isos!
|
27
|
+
machine.list_remix_configs!
|
28
|
+
machine.list_rebuilt_isos!
|
29
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
<%= service.plugin.config["authorized_keys"].join("\n") %>
|
@@ -0,0 +1,20 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
|
3
|
+
SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )
|
4
|
+
|
5
|
+
SSH_DIR=/home/marvin/.ssh
|
6
|
+
THE_USER=marvin
|
7
|
+
|
8
|
+
mkdir $SSH_DIR
|
9
|
+
chmod 0700 $SSH_DIR
|
10
|
+
chown $THE_USER $SSH_DIR
|
11
|
+
|
12
|
+
if [[ -f $SCRIPT_DIR/authorized_keys ]]; then
|
13
|
+
cp -v $SCRIPT_DIR/authorized_keys $SSH_DIR/authorized_keys
|
14
|
+
fi
|
15
|
+
chmod 0600 $SSH_DIR/authorized_keys
|
16
|
+
chown $THE_USER $SSH_DIR/authorized_keys
|
17
|
+
|
18
|
+
echo "$THE_USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$THE_USER
|
19
|
+
|
20
|
+
echo "post-install script completed at `date`; configured SSH access and sudo permissions for $THE_USER" > /var/log/post_install.log
|
@@ -0,0 +1,59 @@
|
|
1
|
+
# see https://help.ubuntu.com/lts/installation-guide/example-preseed.txt
|
2
|
+
d-i debian-installer/locale string en_US
|
3
|
+
d-i console-setup/ask_detect boolean false
|
4
|
+
d-i keyboard-configuration/xkb-keymap select us
|
5
|
+
d-i keyboard-configuration/layout select English (US)
|
6
|
+
d-i keyboard-configuration/variant select English (US)
|
7
|
+
d-i netcfg/choose_interface select eth0
|
8
|
+
d-i base-installer/kernel/override-image string linux-server
|
9
|
+
d-i clock-setup/utc-auto boolean true
|
10
|
+
d-i clock-setup/utc boolean true
|
11
|
+
d-i time/zone string Europe/Berlin
|
12
|
+
d-i clock-setup/ntp boolean true
|
13
|
+
d-i apt-setup/use_mirror boolean true
|
14
|
+
d-i mirror/country string DE
|
15
|
+
d-i mirror/http/proxy string
|
16
|
+
d-i mirror/http/mirror select debian.charite.de
|
17
|
+
d-i pkgsel/install-language-support boolean true
|
18
|
+
d-i pkgsel/update-policy select none
|
19
|
+
tasksel tasksel/first multiselect server
|
20
|
+
d-i pkgsel/include string openssh-server
|
21
|
+
d-i netcfg/get_hostname string unassigned-hostname
|
22
|
+
d-i netcfg/get_domain string unassigned-domain
|
23
|
+
d-i partman-auto/method string lvm
|
24
|
+
d-i partman-lvm/device_remove_lvm boolean true
|
25
|
+
d-i partman-md/device_remove_md boolean true
|
26
|
+
d-i partman-lvm/confirm boolean true
|
27
|
+
d-i partman-lvm/confirm_nooverwrite boolean true
|
28
|
+
d-i partman-auto-lvm/guided_size string max
|
29
|
+
d-i partman-auto/choose_recipe select atomic
|
30
|
+
d-i partman/default_filesystem string xfs
|
31
|
+
d-i partman-partitioning/confirm_write_new_label boolean true
|
32
|
+
d-i partman/choose_partition select finish
|
33
|
+
d-i partman/confirm boolean true
|
34
|
+
d-i partman/confirm_nooverwrite boolean true
|
35
|
+
d-i partman-md/confirm boolean true
|
36
|
+
d-i partman-partitioning/confirm_write_new_label boolean true
|
37
|
+
d-i partman/choose_partition select finish
|
38
|
+
d-i partman/confirm boolean true
|
39
|
+
d-i partman/confirm_nooverwrite boolean true
|
40
|
+
d-i partman/unmount_active boolean false
|
41
|
+
d-i passwd/make-user boolean true
|
42
|
+
d-i passwd/root-login boolean true
|
43
|
+
d-i passwd/root-password password <%= service.plugin.config["root_password"] %>
|
44
|
+
d-i passwd/root-password-again password <%= service.plugin.config["root_password"] %>
|
45
|
+
<% if service.plugin.config.has_key? "normal_user_name" %>
|
46
|
+
d-i passwd/user-fullname string <%= service.plugin.config["normal_user_full_name"] %>
|
47
|
+
d-i passwd/username string <%= service.plugin.config["normal_user_name"] %>
|
48
|
+
d-i passwd/user-password password <%= service.plugin.config["normal_user_password"] %>
|
49
|
+
d-i passwd/user-password-again password <%= service.plugin.config["normal_user_password"] %>
|
50
|
+
d-i user-setup/encrypt-home boolean false
|
51
|
+
<% end %>
|
52
|
+
d-i grub-installer/only_debian boolean true
|
53
|
+
d-i grub-installer/with_other_os boolean true
|
54
|
+
d-i finish-install/reboot_in_progress note
|
55
|
+
d-i preseed/late_command string \
|
56
|
+
cp /cdrom/extra/post_install.sh /target/root/; \
|
57
|
+
cp /cdrom/extra/authorized_keys /target/root/; \
|
58
|
+
in-target chmod +x /root/post_install.sh; \
|
59
|
+
in-target /root/post_install.sh
|
@@ -0,0 +1,10 @@
|
|
1
|
+
deploy do |machine|
|
2
|
+
machine.set_hostname machine.name.split(".").first
|
3
|
+
# TODO set the domain as well?
|
4
|
+
|
5
|
+
machine.sudo "apt-get update"
|
6
|
+
# thanks https://askubuntu.com/questions/146921/how-do-i-apt-get-y-dist-upgrade-without-a-grub-config-prompt#answer-147079
|
7
|
+
machine.sudo "DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' upgrade -y"
|
8
|
+
|
9
|
+
machine.install_package "apt-transport-https"
|
10
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
deploy do |machine|
|
2
|
+
machine.install_service(service: "libvirt.libvirt")
|
3
|
+
machine.list_vms!
|
4
|
+
|
5
|
+
# TODO persist iptables
|
6
|
+
iptables_script = machine.generate_iptables_script
|
7
|
+
machine.ssh(iptables_script)
|
8
|
+
iptables_script
|
9
|
+
|
10
|
+
machine.install_service(service: "isoremix.isoremix")
|
11
|
+
|
12
|
+
machine.fetch_ubuntu_iso(version: "17.10")
|
13
|
+
machine.rebuild_debian_iso(source_iso: "ubuntu-17.10.1-server-amd64.iso")
|
14
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
deploy package: %w|vim curl|
|
@@ -0,0 +1 @@
|
|
1
|
+
depends_on :ssh
|
Binary file
|
data/vop/services/vop.rb
ADDED
data/vop/vop.plugin
ADDED
File without changes
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
Gem::Specification.new do |spec|
|
4
|
+
spec.name = "vop-services"
|
5
|
+
spec.version = "0.3.5"
|
6
|
+
spec.authors = ["Philipp T."]
|
7
|
+
spec.email = ["philipp@virtualop.org"]
|
8
|
+
|
9
|
+
spec.summary = %q{Service descriptors for the virtualop (see gem "vop").}
|
10
|
+
spec.description = %q{Metadata for how to install and operate services.}
|
11
|
+
spec.licenses = ['WTFPL']
|
12
|
+
spec.homepage = "http://www.virtualop.org"
|
13
|
+
|
14
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
15
|
+
spec.bindir = "exe"
|
16
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
17
|
+
spec.require_paths = ["lib"]
|
18
|
+
|
19
|
+
spec.add_development_dependency "bundler", "~> 1.10"
|
20
|
+
spec.add_development_dependency "rake", "~> 0"
|
21
|
+
spec.add_development_dependency "rspec", "~> 0"
|
22
|
+
end
|
metadata
ADDED
@@ -0,0 +1,133 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: vop-services
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.3.5
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Philipp T.
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2018-04-03 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.10'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.10'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
description: Metadata for how to install and operate services.
|
56
|
+
email:
|
57
|
+
- philipp@virtualop.org
|
58
|
+
executables: []
|
59
|
+
extensions: []
|
60
|
+
extra_rdoc_files: []
|
61
|
+
files:
|
62
|
+
- Rakefile
|
63
|
+
- apache/apache.plugin
|
64
|
+
- apache/commands/add_reverse_proxy.rb
|
65
|
+
- apache/commands/add_static_vhost.rb
|
66
|
+
- apache/commands/add_vhost.rb
|
67
|
+
- apache/commands/parse_vhost_config.rb
|
68
|
+
- apache/commands/tail_access_log.rb
|
69
|
+
- apache/entities/available_vhost.rb
|
70
|
+
- apache/entities/enabled_vhost.rb
|
71
|
+
- apache/entities/vhost.rb
|
72
|
+
- apache/files/apache_16px.png
|
73
|
+
- apache/services/apache.rb
|
74
|
+
- apache/services/reverse_proxy.rb
|
75
|
+
- apache/templates/reverse.proxy.conf.erb
|
76
|
+
- apache/templates/static.conf.erb
|
77
|
+
- apache/templates/vhost.conf.erb
|
78
|
+
- certbot/certbot.plugin
|
79
|
+
- certbot/commands/letsencrypt.rb
|
80
|
+
- certbot/files/letsencrypt_16px.png
|
81
|
+
- certbot/services/certbot.rb
|
82
|
+
- isoremix/commands/fetch_ubuntu_iso.rb
|
83
|
+
- isoremix/commands/list_rebuilt_isos.rb
|
84
|
+
- isoremix/commands/list_remix_configs.rb
|
85
|
+
- isoremix/commands/list_source_isos.rb
|
86
|
+
- isoremix/commands/new_vm_from_iso.rb
|
87
|
+
- isoremix/commands/new_vm_from_latest.rb
|
88
|
+
- isoremix/commands/new_vm_from_latest_ubuntu.rb
|
89
|
+
- isoremix/commands/rebuild_debian_iso.rb
|
90
|
+
- isoremix/files/rebuild-debian-iso
|
91
|
+
- isoremix/helpers/isoremix_dir.rb
|
92
|
+
- isoremix/isoremix.plugin
|
93
|
+
- isoremix/services/isoremix.rb
|
94
|
+
- isoremix/templates/authorized_keys.erb
|
95
|
+
- isoremix/templates/post_install.sh.erb
|
96
|
+
- isoremix/templates/preseed.cfg.erb
|
97
|
+
- ubuntu/commands/inspect_package.rb
|
98
|
+
- ubuntu/commands/install_package.rb
|
99
|
+
- ubuntu/commands/install_repo.rb
|
100
|
+
- ubuntu/commands/list_packages.rb
|
101
|
+
- ubuntu/services/base_install.rb
|
102
|
+
- ubuntu/services/host_install.rb
|
103
|
+
- ubuntu/services/preferences.rb
|
104
|
+
- ubuntu/ubuntu.plugin
|
105
|
+
- vop-services.gemspec
|
106
|
+
- vop/files/vop_16px.png
|
107
|
+
- vop/services/vop.rb
|
108
|
+
- vop/vop.plugin
|
109
|
+
homepage: http://www.virtualop.org
|
110
|
+
licenses:
|
111
|
+
- WTFPL
|
112
|
+
metadata: {}
|
113
|
+
post_install_message:
|
114
|
+
rdoc_options: []
|
115
|
+
require_paths:
|
116
|
+
- lib
|
117
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
118
|
+
requirements:
|
119
|
+
- - ">="
|
120
|
+
- !ruby/object:Gem::Version
|
121
|
+
version: '0'
|
122
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
123
|
+
requirements:
|
124
|
+
- - ">="
|
125
|
+
- !ruby/object:Gem::Version
|
126
|
+
version: '0'
|
127
|
+
requirements: []
|
128
|
+
rubyforge_project:
|
129
|
+
rubygems_version: 2.5.2.1
|
130
|
+
signing_key:
|
131
|
+
specification_version: 4
|
132
|
+
summary: Service descriptors for the virtualop (see gem "vop").
|
133
|
+
test_files: []
|