tools: Rewrite install-server to not hardcode configuration.

Now install-aws-server is a reusable script for setting up a Zulip role server in AWS, without any hardcoded configuration.
2025-11-02 21:13:36 +00:00 · 2016-07-11 16:26:07 -07:00
parent 9c9b6176a9
commit 78a0c7c557
2 changed files with 99 additions and 119 deletions
--- a/tools/deprecated/install-server
+++ b/tools/deprecated/install-server
@@ -1,119 +0,0 @@
-#!/usr/bin/env bash
-set -xe
-
-server=$1
-type=$2
-hostname=$3
-branch=$4
-if [ -z "$hostname" ]; then
-    echo "USAGE: $0 server type hostname [branch]"
-    exit 1
-fi
-if ! echo "$hostname" | grep -q zulip; then
-    echo "USAGE: $0 server type hostname [branch]"
-    echo "Hostname must have zulip in it."
-    exit 1
-fi
-
-if [ -z "$branch" ]; then
-    branch=master
-fi
-
-zulip_root=${ZULIP_ROOT:-$HOME/zulip}
-
-amazon_key_file=$zulip_root/zulip.pem
-if ! [ -e "$amazon_key_file" ]; then
-    echo "You need zulip.pem at $amazon_key_file; ask tabbott for it"
-    exit 1
-fi
-
-server_private_key_file=$zulip_root/puppet/zulip_internal/files/id_rsa
-if ! [ -e "$server_private_key_file" ]; then
-    echo "You need a server ssh key at $server_private_key_file"
-    exit 1
-fi
-
-# Force RSA keys. We do this because the ECDSA key is not printed on syslog,
-# and our puppet configuration does not use ECDSA. If we don't do this,
-# we'll get key errors after puppet apply.
-SSH_OPTS=(-o HostKeyAlgorithms=ssh-rsa)
-
-set +e
-
-ssh "${SSH_OPTS[@]}" "$server" -t -i "$amazon_key_file" -ladmin -o "ControlMaster=no" <<EOF
-sudo sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config
-sudo mkdir -p ~root/.ssh && sudo cp .ssh/authorized_keys ~root/.ssh/authorized_keys
-sudo service ssh restart
-
-EOF
-
-set -e
-
-ssh "${SSH_OPTS[@]}" "$server" -t -i "$amazon_key_file" -lroot <<EOF
-resize2fs /dev/xvda1
-echo "$hostname" > /etc/hostname
-sed -i 's/localhost$/localhost $hostname/' /etc/hosts
-/etc/init.d/hostname.sh start
-
-# First, install any updates from the apt repo that may be needed
-wget -O /root/ops.asc https://zulip.com/dist/keys/ops.asc
-apt-key add /root/ops.asc
-cat >/etc/apt/sources.list.d/zulip.list <<EOF2
-deb http://apt.zulip.net/ops wheezy main
-EOF2
-apt-get update
-apt-get -y upgrade
-
-# need to get puppet before we can do anything with puppet
-apt-get install -y puppet git
-EOF
-
-# Give new server git access
-# TODO: Don't give servers push access to our git!
-scp "${SSH_OPTS[@]}" -i "$amazon_key_file" "$server_private_key_file" root@"$server":/root/.ssh/id_rsa
-
-ssh "${SSH_OPTS[@]}" "$server" -t -i "$amazon_key_file" -lroot <<EOF
-chmod 600 /root/.ssh/id_rsa
-# Setup initial known_hosts including git server
-cat > /root/.ssh/known_hosts <<EOF2
-git.zulip.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDjW3wKDRuah6XT5a7Xta+S2d5ew1ZPxWTbKKgp6Cun111zFw1bvLGSKS0W3HnbXOyXLbVVsAH/cSNFHMvH2nitM15zp7w2w3NV8YbLZCkdFXp5KeKHuBQ+DYL+nDCKjunlrDfxDXvD7jn/wMN995ZsnEJqnc7N8uzIgt+5lbmie5jz3Xbt/7gQdjG5E0xGL7DzzJPp8kBzfE6B1qr5pWLVKXMuGXLCcbMaco5kEjRuM8dPrtG3kGG2YsjOkoHIqwtRwztXEmjklt1FFI06JYsW43PjmdP586nOg7n28k1ibhlF968PmRRX7USI7jJ+awPd/XH4neCdNG2f8JL2kRD
-EOF2
-# clone zulip repository
-cd /root
-rm -rf /root/zulip
-git clone git@git.zulip.net:eng/zulip.git
-cd /root/zulip
-git checkout $branch
-EOF
-
-ssh "${SSH_OPTS[@]}" "$server" -t -i "$amazon_key_file" -lroot <<EOF
-userdel admin
-passwd -d root
-mkdir /etc/zulip
-echo -e "[machine]\npuppet_classes =" $type > /etc/zulip/zulip.conf
-/root/zulip/scripts/zulip-puppet-apply -f
-cp -a /root/zulip /home/zulip/zulip
-chown -R zulip:zulip /home/zulip/zulip
-# These server restarting bits should be moveable into puppet-land, ideally
-apt-get -y upgrade
-if [ -e "/etc/init.d/nginx" ]; then
-    service nginx restart
-fi
-if [ -e "/etc/init.d/apache2" ]; then
-    service apache2 restart
-fi
-
-EOF
-
-# TODO: Don't give servers push access to our git!
-scp "${SSH_OPTS[@]}" -i "$amazon_key_file" "$server_private_key_file" zulip@"$server":/home/zulip/.ssh/id_rsa
-ssh "${SSH_OPTS[@]}" "$server" -t -i "$amazon_key_file" -lzulip <<EOF
-chmod 600 /home/zulip/.ssh/id_rsa
-EOF
-
-set +x
-cat <<EOF
-
- Done.
-
-EOF
--- a/tools/setup/install-aws-server
+++ b/tools/setup/install-aws-server
@@ -0,0 +1,99 @@
+#!/usr/bin/env bash
+set -xe
+
+server=$1
+type=$2
+hostname=$3
+branch=$4
+if [ -z "$hostname" ]; then
+    echo "USAGE: $0 server type hostname [branch]"
+    echo "Installs an empty Ubuntu server in AWS with a Zulip server role."
+    echo "* hostname is the current hostname/IP of the server"
+    echo "* type is a list of puppet rules to be passed to scripts/lib/install"
+    echo "  E.g. 'zulip::base,zulip::apt_repository,zulip::postgres_common'"
+    echo "* hostname is to be the server's external hostname."
+    echo "* branch is used to override the default branch to install from."
+    echo "Reads configuration from $HOME/.zulip-install-server.conf."
+    exit 1
+fi
+if ! echo "$hostname" | grep -q zulip; then
+    echo "USAGE: $0 server type hostname [branch]"
+    echo "Hostname must have zulip in it."
+    exit 1
+fi
+
+zulip_root=${ZULIP_ROOT:-$HOME/zulip}
+
+zulip_ssh_config_file="$HOME/.zulip-install-server.conf"
+amazon_key_file=$(crudini --get "$zulip_ssh_config_file" ssh amazon_key_file)
+if ! [ -e "$amazon_key_file" ]; then
+    echo "You need the amazon ssh key at $amazon_key_file"
+    exit 1
+fi
+
+server_private_key_file=$(crudini --get "$zulip_ssh_config_file" ssh server_private_key_file)
+if ! [ -e "$server_private_key_file" ]; then
+    echo "You need a server ssh key at $server_private_key_file"
+    exit 1
+fi
+
+zulip_repo=$(crudini --get "$zulip_ssh_config_file" repo repo_url)
+
+if [ -z "$branch" ]; then
+    branch=$(crudini --get "$zulip_ssh_config_file" repo default_branch)
+fi
+
+VIRTUALENV_NEEDED=$(if $(echo "$type" | grep -q ::app); then echo -n yes; else echo -n no; fi)
+
+# Force RSA keys. We do this because the ECDSA key is not printed on syslog,
+# and our puppet configuration does not use ECDSA. If we don't do this,
+# we'll get key errors after puppet apply.
+SSH_OPTS=(-o HostKeyAlgorithms=ssh-rsa)
+
+set +e
+
+ssh "${SSH_OPTS[@]}" "$server" -t -i "$amazon_key_file" -lubuntu -o "ControlMaster=no" <<EOF
+sudo mkdir -p ~root/.ssh && sudo cp .ssh/authorized_keys /root/.ssh/authorized_keys
+sudo sed -i 's/disable_root: true/disable_root: false/' /etc/cloud/cloud.cfg
+EOF
+
+set -e
+
+# Give server its SSH keys
+scp "${SSH_OPTS[@]}" -i "$amazon_key_file" "$server_private_key_file" root@"$server":/root/.ssh/id_rsa
+scp "${SSH_OPTS[@]}" -i "$amazon_key_file" "$server_private_key_file".pub root@"$server":/root/.ssh/id_rsa.pub
+
+ssh "${SSH_OPTS[@]}" "$server" -t -i "$amazon_key_file" -lroot <<EOF
+# Finish setting up the SSH private key
+chmod 600 /root/.ssh/id_rsa
+# Delete the ubuntu user
+userdel ubuntu
+# Make sure root doesn't have a password
+passwd -d root
+
+# Set the hostname
+echo "$hostname" > /etc/hostname
+sed -i 's/localhost$/localhost $hostname/' /etc/hosts
+
+apt-get update
+apt-get -y upgrade
+
+cd /root
+if ! [ -e "zulip" ]; then
+    # need to install git to clone the repo
+    apt-get install -y git
+    git clone $zulip_repo
+fi
+cd zulip
+git fetch
+git checkout origin/$branch
+# The main Zulip production install script can take things from here!
+env VIRTUALENV_NEEDED=$VIRTUALENV_NEEDED PUPPET_CLASSES="$type" /root/zulip/scripts/setup/install
+EOF
+
+set +x
+cat <<EOF
+
+ Done.
+
+EOF