Add bootstrap script

author: Mike Crute <mike@crute.us> 2017-12-27 21:06:55 +0000
committer: Mike Crute <mike@crute.us> 2017-12-27 21:06:55 +0000
commit: 6552b2f47c26a9a8d5b358b779f285bcb2880164 (patch)
tree: f14ebe4387902d5a034c683fd8b0a2097d3f99ba
parent: 2dee427611dfe732f8a1dba9233419b94630daa6 (diff)
download: server_bin-6552b2f47c26a9a8d5b358b779f285bcb2880164.tar.bz2
server_bin-6552b2f47c26a9a8d5b358b779f285bcb2880164.tar.xz
server_bin-6552b2f47c26a9a8d5b358b779f285bcb2880164.zip
1 files changed, 141 insertions, 0 deletions
diff --git a/bootstrap.sh b/bootstrap.sh
new file mode 100755
index 0000000..78efc68
--- /dev/null
+++ b/bootstrap.sh
@@ -0,0 +1,141 @@
+#!/bin/bash
+#if [[ "$(hostname -f)" =~ \.crute\.me$ ]]; then
+#    echo "This host appears to already be bootstrapped"
+#    exit 1
+#fi
+if [ ! -f "/etc/default/bootstrap" ]; then
+        cat > /etc/default/bootstrap <<EOF
+UNCONFIGURED="true"
+VM_HOST="false"
+SHORT_HOSTNAME=""
+AWS_ACCESS_KEY_ID=""
+AWS_SECRET_ACCESS_KEY=""
+REGION=""
+ROLE=""
+EOF
+        echo "Edit /etc/default/bootstrap and try again"
+        exit 1
+else
+        source /etc/default/bootstrap
+        if [ "$UNCONFIGURED" == "true" ]; then
+                echo "Edit /etc/default/boootstrap and try again"
+                exit 1
+        fi
+    if [ ! -z "$AWS_ACCESS_KEY_ID" ]; then
+        export AWS_ACCESS_KEY_ID
+    fi
+    if [ ! -z "$AWS_SECRET_ACCESS_KEY" ]; then
+        export AWS_SECRET_ACCESS_KEY
+    fi
+fi
+# Figure out the region if AWS or internal
+if [ -z "$REGION" ]; then
+    export REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | python3 -c "import json, sys; print(json.load(sys.stdin)['region'])")
+fi
+export DEBIAN_FRONTEND=noninteractive
+# Configure APT to use the local cache if there is one
+if [ "$REGION" = "sea1" ]; then
+    echo 'Acquire::http::Proxy "http://genesis.sea1.crute.me:3142";' >> /etc/apt/apt.conf
+fi
+# Get all the latest updates and remove junk
+apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y
+# Set hostname and network settings
+export HOSTNAME="${SHORT_HOSTNAME}.${REGION}.crute.me"
+if [[ "$(hostname -f)" != "$HOSTNAME" ]]; then
+    echo $SHORT_HOSTNAME > /etc/hostname
+    hostnamectl set-hostname $SHORT_HOSTNAME
+    systemctl restart systemd-logind.service
+fi
+# Setup /etc/hosts
+if ! grep "$HOSTNAME" /etc/hosts 2>&1 > /dev/null; then
+    sed -i "s/127.0.0.1 localhost/127.0.0.1 localhost\n127.0.1.1 ${HOSTNAME} ${SHORT_HOSTNAME}/" /etc/hosts
+fi
+# Setup /etc/resolv.conf
+if ! grep "search ${REGION}.crute.me" /etc/resolv.conf 2>&1 > /dev/null; then
+    sed -i "s/search .*/search ${REGION}.crute.me/" /etc/resolv.conf
+fi
+# Install standard packages
+apt-get install -y \
+    ssmtp \
+    iptables-persistent \
+    vim \
+    htop \
+    curl
+# If this is a KVM host setup KVM and bridge
+if [[ "$VM_HOST" == "true" ]]; then
+    apt-get install -y --no-install-recommends \
+        qemu-kvm \
+        libvirt-bin \
+        virtinst \
+        bridge-utils \
+        libosinfo-bin \
+        genisoimage \
+        qemu-utils \
+        unzip
+    MAIN_INTF=$(ip link | awk '/^2:/ { split($2, a, ":"); print a[1]; }')
+    sed -i -e "s/\(.*$MAIN_INTF.*\)/#\1/" /etc/network/interfaces
+    if ! grep 'auto br0' /etc/network/interfaces 2>&1>/dev/null; then
+    cat >> /etc/network/interfaces <<EOF
+auto br0
+iface br0 inet dhcp 
+    bridge_ports $MAIN_INTF
+    bridge_stp off
+    bridge_fd 0
+    bridge_maxwait 0
+EOF
+fi
+fi
+# Setup Automatic Updates
+sed -i 's/APT::Periodic::Download-Upgradeable-Packages "0";/APT::Periodic::Download-Upgradeable-Packages "1";/' /etc/apt/apt.conf.d/10periodic
+sed -i 's/APT::Periodic::AutocleanInterval "0";/APT::Periodic::AutocleanInterval "7";/' /etc/apt/apt.conf.d/10periodic 
+echo 'APT::Periodic::Unattended-Upgrade "1";' >> /etc/apt/apt.conf.d/10periodic
+sed -i 's#//Unattended-Upgrade::Mail "root";#Unattended-Upgrade::Mail "mike@crute.us";#' /etc/apt/apt.conf.d/50unattended-upgrades
+echo -e '\nUnattended-Upgrade::Sender "updates-no-reply@crute.me";' >> /etc/apt/apt.conf.d/50unattended-upgrades
+sed -i 's#//Unattended-Upgrade::MailOnlyOnError "true";#Unattended-Upgrade::MailOnlyOnError "false";#' /etc/apt/apt.conf.d/50unattended-upgrades
+# Setup mcrute user
+if ! id mcrute 2>&1>/dev/null; then
+    useradd -p '$6$qOlvVfUc$Ij86v15mQnvoPSv1KCStgEBCLvrbLLp6hszvvs857yTGfJ.tu4Qm1u1GONeJayfNAVEOF1CV9mClTlnuiR5KU.' -m -s /bin/bash -G sudo mcrute
+    mkdir ~mcrute/.ssh
+    cat > ~mcrute/.ssh/authorized_keys <<EOF
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/XsFRMvZVDrWEz3/Ssvh+yeTEhlEVRXSJIaOmMzoDAm+XZ17dOwjpj25MqGmYt/60n5rKRBj5GyoaURrPi/s4ml+VLeVY0OsR22Vv5zSB4fY5SZtPhHqti5sNA07SvbFI905BUF6kn6G6SVlQMruXqdi9ALJkxiCaz1gR7+cwk9CoFXtQRtlo6l99Y2TWfvt/BwUiZWbFmESIOXHmkpaFOuptnqpprDz0mLzmebQyscu6vqpDsu/dOC/VAmECyJZxAgMR2KX9B3ytCvIA7DMqNKFJSaRGhkX0Dh6giitxz711CcoGw0Qt0wA4koe3VH0Ozf9zYFY7UpxohpljzAJx mcrute@yubikey
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCT/+YbYVS1eJ+ah6BjVA1gU31kKZGhlmqXfi9CBeJNmgO9DC9q9zOZkkT4ULSe0w3xKMIOxPzLAkarA/ErmqaEcc4PMPb3BxX2l1VktqE9GLpjmGX9TFvqsXr4D5axYiaQveuNkaJDZS4O7Wl68zb9WAuCqrYgK7hm5SBkcRkGsbWbDMo6VH7u4vzUQuc7Cch4BI6Tpbv3B98sCpVXVNdz/pb/p0j21S4qpV2MELCtSBAGEVPBfnGa7tSmDfenIr0KfGiYIeX0KC5ZJSKrqqzJqF8BYmp2ooWwWivFYtk08hfDxiJ23AsiLLMuA2WJ11X5TJJYg4z4b51UMJ8SRXgR mcrute@yubikey2
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNw8DoEsevMj7UhtcAqaCmO9h+baMkbiE3KJsi5iZWVAlqRZIgYisBGfmOdrkt0N3yKG9Gqg/DEEw4PWWul+k/O+zkWd/jVvaqVNyQnoNOdPAa3oGr39agMd30bOrYtHP3Lzaajn3cwaT7E+F05lw0+IIXV1TwSa0GzxqAYq+2raSXQsQWkzVFsU+DuxgBE9F2ieqOw6rvxdT/cVjnBZD/zmj6WnwM7qgylPvt9AOtsvq6MYoMOwOK41ilG8M2Cay/NXAr+o1g2y+cBt4s5YVzkxQ6Lub9Gusj0QgolQ5wJj7W+GqfzY5kndDOIuaiLDk3mI9/kAB8Ws0PYOhXTP/ mcrute@Michaels-MacBook-Pro.local
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoJRoSmMAqsQYYcQLYpSUngcVNtBrYxmM45hN974LoStoDXzW+qw0hOIqTU2GH93XmTC1HSIgMWTen9zNWuIaqADdt5obVmBPrOdpkwaPJ1zayykA5MHN8+8lYVkZ86b7hjy0NwnhlrkAyPQ9C30nQDlzw/AqOYiURwCK/20+slgvCpd5LYwBZndbwILg5EoEqpEksUxjzgRQzM6t1q0vzzige4jyE5jNKgsFJ2fajZq7yShweLuz2D4vHClwlgN9dY3oF25C8EWjwT8sfC2AK1Qlc/vYCwq6NoxOSiifPlo8Wiltr7WAqIQSUwzzXdpBm3F8lV0aYPLxKJRWq0ntOJg/z73oRE+cRUvzyqWn96OzKMIQWwDcRlKxemiv/i57Sm+cYg1wxjKJfWjrUOchBWfOIspk7kmaJsuhN26WNkNWbWYl5/pY7yPiZhqm2Th9vgOH4Rk0HTy25zZyT7EZoljyYpRLtrBVOWpXK7LN33v2Qdm2m2ctWfQytsj5s8Y6uPOR9uwVahnCou8M6YQhz5n6bsIfLhLDBpUvQL+9ONM9FsFMFk9RuhbsA3jbxeeuwqPkMmY27it5hbkVGpKd0M9Zv+JSvKtA2/agl/6zVhm+/TplHNBhj3B2uGe/3LakdxeVP3cyde8QcfyAQMRr+CE7NSFzETYj6Yvg3z24FuQ== mcrute@iphone6
+EOF
+    chmod 644 ~mcrute/.ssh/authorized_keys
+    chown -R mcrute:mcrute ~mcrute/.ssh
+    chmod 700 ~mcrute/.ssh
+fi
+# Setup SSMTP
+curl -sO https://code.crute.me/mcrute/dotfiles/plain/bin/configure_ssmtp.sh
+chmod +x configure_ssmtp.sh
+./configure_ssmtp.sh
+rm configure_ssmtp.sh
+# Clean out default user
+rm /etc/sudoers.d/90-cloud-init-users
+userdel -rf ubuntu
+# Reboot to apply updates
+echo "Reboot in 10 seconds"
+sleep 10
+shutdown -r now
author	Mike Crute <mike@crute.us>	2017-12-27 21:06:55 +0000
committer	Mike Crute <mike@crute.us>	2017-12-27 21:06:55 +0000
commit	6552b2f47c26a9a8d5b358b779f285bcb2880164 (patch)
tree	f14ebe4387902d5a034c683fd8b0a2097d3f99ba
parent	2dee427611dfe732f8a1dba9233419b94630daa6 (diff)
download	server_bin-6552b2f47c26a9a8d5b358b779f285bcb2880164.tar.bz2 server_bin-6552b2f47c26a9a8d5b358b779f285bcb2880164.tar.xz server_bin-6552b2f47c26a9a8d5b358b779f285bcb2880164.zip

diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100755 index 0000000..78efc68 --- /dev/null +++ b/bootstrap.sh
@@ -0,0 +1,141 @@
	1	#!/bin/bash
	2
	3	#if [[ "$(hostname -f)" =~ \.crute\.me$ ]]; then
	4	# echo "This host appears to already be bootstrapped"
	5	# exit 1
	6	#fi
	7
	8	if [ ! -f "/etc/default/bootstrap" ]; then
	9	cat > /etc/default/bootstrap <<EOF
	10	UNCONFIGURED="true"
	11	VM_HOST="false"
	12	SHORT_HOSTNAME=""
	13	AWS_ACCESS_KEY_ID=""
	14	AWS_SECRET_ACCESS_KEY=""
	15	REGION=""
	16	ROLE=""
	17	EOF
	18	echo "Edit /etc/default/bootstrap and try again"
	19	exit 1
	20	else
	21	source /etc/default/bootstrap
	22	if [ "$UNCONFIGURED" == "true" ]; then
	23	echo "Edit /etc/default/boootstrap and try again"
	24	exit 1
	25	fi
	26
	27	if [ ! -z "$AWS_ACCESS_KEY_ID" ]; then
	28	export AWS_ACCESS_KEY_ID
	29	fi
	30	if [ ! -z "$AWS_SECRET_ACCESS_KEY" ]; then
	31	export AWS_SECRET_ACCESS_KEY
	32	fi
	33	fi
	34
	35	# Figure out the region if AWS or internal
	36	if [ -z "$REGION" ]; then
	37	export REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document \| python3 -c "import json, sys; print(json.load(sys.stdin)['region'])")
	38	fi
	39
	40	export DEBIAN_FRONTEND=noninteractive
	41
	42	# Configure APT to use the local cache if there is one
	43	if [ "$REGION" = "sea1" ]; then
	44	echo 'Acquire::http::Proxy "http://genesis.sea1.crute.me:3142";' >> /etc/apt/apt.conf
	45	fi
	46
	47	# Get all the latest updates and remove junk
	48	apt-get update && apt-get dist-upgrade -y && apt-get autoremove --purge -y
	49
	50	# Set hostname and network settings
	51	export HOSTNAME="${SHORT_HOSTNAME}.${REGION}.crute.me"
	52
	53	if [[ "$(hostname -f)" != "$HOSTNAME" ]]; then
	54	echo $SHORT_HOSTNAME > /etc/hostname
	55	hostnamectl set-hostname $SHORT_HOSTNAME
	56	systemctl restart systemd-logind.service
	57	fi
	58
	59	# Setup /etc/hosts
	60	if ! grep "$HOSTNAME" /etc/hosts 2>&1 > /dev/null; then
	61	sed -i "s/127.0.0.1 localhost/127.0.0.1 localhost\n127.0.1.1 ${HOSTNAME} ${SHORT_HOSTNAME}/" /etc/hosts
	62	fi
	63
	64	# Setup /etc/resolv.conf
	65	if ! grep "search ${REGION}.crute.me" /etc/resolv.conf 2>&1 > /dev/null; then
	66	sed -i "s/search .*/search ${REGION}.crute.me/" /etc/resolv.conf
	67	fi
	68
	69	# Install standard packages
	70	apt-get install -y \
	71	ssmtp \
	72	iptables-persistent \
	73	vim \
	74	htop \
	75	curl
	76
	77	# If this is a KVM host setup KVM and bridge
	78	if [[ "$VM_HOST" == "true" ]]; then
	79	apt-get install -y --no-install-recommends \
	80	qemu-kvm \
	81	libvirt-bin \
	82	virtinst \
	83	bridge-utils \
	84	libosinfo-bin \
	85	genisoimage \
	86	qemu-utils \
	87	unzip
	88
	89	MAIN_INTF=$(ip link \| awk '/^2:/ { split($2, a, ":"); print a[1]; }')
	90	sed -i -e "s/\(.$MAIN_INTF.\)/#\1/" /etc/network/interfaces
	91
	92	if ! grep 'auto br0' /etc/network/interfaces 2>&1>/dev/null; then
	93	cat >> /etc/network/interfaces <<EOF
	94
	95	auto br0
	96	iface br0 inet dhcp
	97	bridge_ports $MAIN_INTF
	98	bridge_stp off
	99	bridge_fd 0
	100	bridge_maxwait 0
	101	EOF
	102	fi
	103	fi
	104
	105	# Setup Automatic Updates
	106	sed -i 's/APT::Periodic::Download-Upgradeable-Packages "0";/APT::Periodic::Download-Upgradeable-Packages "1";/' /etc/apt/apt.conf.d/10periodic
	107	sed -i 's/APT::Periodic::AutocleanInterval "0";/APT::Periodic::AutocleanInterval "7";/' /etc/apt/apt.conf.d/10periodic
	108	echo 'APT::Periodic::Unattended-Upgrade "1";' >> /etc/apt/apt.conf.d/10periodic
	109	sed -i 's#//Unattended-Upgrade::Mail "root";#Unattended-Upgrade::Mail "mike@crute.us";#' /etc/apt/apt.conf.d/50unattended-upgrades
	110	echo -e '\nUnattended-Upgrade::Sender "updates-no-reply@crute.me";' >> /etc/apt/apt.conf.d/50unattended-upgrades
	111	sed -i 's#//Unattended-Upgrade::MailOnlyOnError "true";#Unattended-Upgrade::MailOnlyOnError "false";#' /etc/apt/apt.conf.d/50unattended-upgrades
	112
	113	# Setup mcrute user
	114	if ! id mcrute 2>&1>/dev/null; then
	115	useradd -p '$6$qOlvVfUc$Ij86v15mQnvoPSv1KCStgEBCLvrbLLp6hszvvs857yTGfJ.tu4Qm1u1GONeJayfNAVEOF1CV9mClTlnuiR5KU.' -m -s /bin/bash -G sudo mcrute
	116	mkdir ~mcrute/.ssh
	117	cat > ~mcrute/.ssh/authorized_keys <<EOF
	118	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/XsFRMvZVDrWEz3/Ssvh+yeTEhlEVRXSJIaOmMzoDAm+XZ17dOwjpj25MqGmYt/60n5rKRBj5GyoaURrPi/s4ml+VLeVY0OsR22Vv5zSB4fY5SZtPhHqti5sNA07SvbFI905BUF6kn6G6SVlQMruXqdi9ALJkxiCaz1gR7+cwk9CoFXtQRtlo6l99Y2TWfvt/BwUiZWbFmESIOXHmkpaFOuptnqpprDz0mLzmebQyscu6vqpDsu/dOC/VAmECyJZxAgMR2KX9B3ytCvIA7DMqNKFJSaRGhkX0Dh6giitxz711CcoGw0Qt0wA4koe3VH0Ozf9zYFY7UpxohpljzAJx mcrute@yubikey
	119	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCT/+YbYVS1eJ+ah6BjVA1gU31kKZGhlmqXfi9CBeJNmgO9DC9q9zOZkkT4ULSe0w3xKMIOxPzLAkarA/ErmqaEcc4PMPb3BxX2l1VktqE9GLpjmGX9TFvqsXr4D5axYiaQveuNkaJDZS4O7Wl68zb9WAuCqrYgK7hm5SBkcRkGsbWbDMo6VH7u4vzUQuc7Cch4BI6Tpbv3B98sCpVXVNdz/pb/p0j21S4qpV2MELCtSBAGEVPBfnGa7tSmDfenIr0KfGiYIeX0KC5ZJSKrqqzJqF8BYmp2ooWwWivFYtk08hfDxiJ23AsiLLMuA2WJ11X5TJJYg4z4b51UMJ8SRXgR mcrute@yubikey2
	120	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNw8DoEsevMj7UhtcAqaCmO9h+baMkbiE3KJsi5iZWVAlqRZIgYisBGfmOdrkt0N3yKG9Gqg/DEEw4PWWul+k/O+zkWd/jVvaqVNyQnoNOdPAa3oGr39agMd30bOrYtHP3Lzaajn3cwaT7E+F05lw0+IIXV1TwSa0GzxqAYq+2raSXQsQWkzVFsU+DuxgBE9F2ieqOw6rvxdT/cVjnBZD/zmj6WnwM7qgylPvt9AOtsvq6MYoMOwOK41ilG8M2Cay/NXAr+o1g2y+cBt4s5YVzkxQ6Lub9Gusj0QgolQ5wJj7W+GqfzY5kndDOIuaiLDk3mI9/kAB8Ws0PYOhXTP/ mcrute@Michaels-MacBook-Pro.local
	121	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoJRoSmMAqsQYYcQLYpSUngcVNtBrYxmM45hN974LoStoDXzW+qw0hOIqTU2GH93XmTC1HSIgMWTen9zNWuIaqADdt5obVmBPrOdpkwaPJ1zayykA5MHN8+8lYVkZ86b7hjy0NwnhlrkAyPQ9C30nQDlzw/AqOYiURwCK/20+slgvCpd5LYwBZndbwILg5EoEqpEksUxjzgRQzM6t1q0vzzige4jyE5jNKgsFJ2fajZq7yShweLuz2D4vHClwlgN9dY3oF25C8EWjwT8sfC2AK1Qlc/vYCwq6NoxOSiifPlo8Wiltr7WAqIQSUwzzXdpBm3F8lV0aYPLxKJRWq0ntOJg/z73oRE+cRUvzyqWn96OzKMIQWwDcRlKxemiv/i57Sm+cYg1wxjKJfWjrUOchBWfOIspk7kmaJsuhN26WNkNWbWYl5/pY7yPiZhqm2Th9vgOH4Rk0HTy25zZyT7EZoljyYpRLtrBVOWpXK7LN33v2Qdm2m2ctWfQytsj5s8Y6uPOR9uwVahnCou8M6YQhz5n6bsIfLhLDBpUvQL+9ONM9FsFMFk9RuhbsA3jbxeeuwqPkMmY27it5hbkVGpKd0M9Zv+JSvKtA2/agl/6zVhm+/TplHNBhj3B2uGe/3LakdxeVP3cyde8QcfyAQMRr+CE7NSFzETYj6Yvg3z24FuQ== mcrute@iphone6
	122	EOF
	123	chmod 644 ~mcrute/.ssh/authorized_keys
	124	chown -R mcrute:mcrute ~mcrute/.ssh
	125	chmod 700 ~mcrute/.ssh
	126	fi
	127
	128	# Setup SSMTP
	129	curl -sO https://code.crute.me/mcrute/dotfiles/plain/bin/configure_ssmtp.sh
	130	chmod +x configure_ssmtp.sh
	131	./configure_ssmtp.sh
	132	rm configure_ssmtp.sh
	133
	134	# Clean out default user
	135	rm /etc/sudoers.d/90-cloud-init-users
	136	userdel -rf ubuntu
	137
	138	# Reboot to apply updates
	139	echo "Reboot in 10 seconds"
	140	sleep 10
	141	shutdown -r now