mirror of
				https://github.com/zulip/zulip.git
				synced 2025-10-25 00:53:56 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			137 lines
		
	
	
		
			4.6 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			137 lines
		
	
	
		
			4.6 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/usr/bin/env bash
 | |
| set -e
 | |
| 
 | |
| server=$1
 | |
| type=$2
 | |
| hostname=$3
 | |
| branch=$4
 | |
| if [ -z "$hostname" ]; then
 | |
|     echo "USAGE: $0 server type hostname [branch]"
 | |
|     echo "Installs an empty Ubuntu server in AWS with a Zulip server role."
 | |
|     echo "* hostname is the current hostname/IP of the server"
 | |
|     echo "* type is a list of puppet rules to be passed to scripts/lib/install"
 | |
|     echo "  E.g. 'zulip::base,zulip::apt_repository,zulip::postgres_common'"
 | |
|     echo "* hostname is to be the server's external hostname."
 | |
|     echo "* branch is used to override the default branch to install from."
 | |
|     echo "Reads configuration from $HOME/.zulip-install-server.conf."
 | |
|     exit 1
 | |
| fi
 | |
| if ! echo "$hostname" | grep -q zulip; then
 | |
|     echo "USAGE: $0 server type hostname [branch]"
 | |
|     echo "Hostname must have zulip in it."
 | |
|     exit 1
 | |
| fi
 | |
| set -x
 | |
| 
 | |
| zulip_ssh_config_file="$HOME/.zulip-install-server.conf"
 | |
| amazon_key_file=$(crudini --get "$zulip_ssh_config_file" ssh amazon_key_file)
 | |
| if ! [ -e "$amazon_key_file" ]; then
 | |
|     echo "You need the amazon ssh key at $amazon_key_file"
 | |
|     exit 1
 | |
| fi
 | |
| 
 | |
| server_private_key_file=$(crudini --get "$zulip_ssh_config_file" ssh server_private_key_file)
 | |
| if ! [ -e "$server_private_key_file" ]; then
 | |
|     echo "You need a server ssh key at $server_private_key_file"
 | |
|     exit 1
 | |
| fi
 | |
| 
 | |
| if [ -n "${zulip_confdir-}" ]; then
 | |
|     zulipconf_file="$zulip_confdir/zulip.conf"
 | |
|     secrets_file="$zulip_confdir/zulip-secrets.conf"
 | |
|     settings_file="$zulip_confdir/settings.py"
 | |
| fi
 | |
| if [ -z "$secrets_file" ]; then
 | |
|     echo "Specify secrets_file via environment."
 | |
|     exit 1
 | |
| fi
 | |
| 
 | |
| zulip_repo=$(crudini --get "$zulip_ssh_config_file" repo repo_url)
 | |
| 
 | |
| if [ -z "$branch" ]; then
 | |
|     branch=$(crudini --get "$zulip_ssh_config_file" repo default_branch)
 | |
| fi
 | |
| 
 | |
| VIRTUALENV_NEEDED=$(if echo "$type" | grep -q app_frontend; then echo -n yes; else echo -n no; fi)
 | |
| 
 | |
| # Force RSA keys. We do this because the ECDSA key is not printed on syslog,
 | |
| # and our puppet configuration does not use ECDSA. If we don't do this,
 | |
| # we'll get key errors after puppet apply.
 | |
| SSH_OPTS=(-o 'HostKeyAlgorithms=ssh-rsa')
 | |
| 
 | |
| set +e
 | |
| 
 | |
| ssh "${SSH_OPTS[@]}" "$server" -i "$amazon_key_file" -lubuntu -o "ControlMaster=no" /bin/bash <<EOF
 | |
| sudo mkdir -p ~root/.ssh && sudo cp .ssh/authorized_keys /root/.ssh/authorized_keys
 | |
| sudo sed -i 's/disable_root: true/disable_root: false/' /etc/cloud/cloud.cfg
 | |
| sudo mkdir -p /etc/zulip
 | |
| EOF
 | |
| # shellcheck disable=SC2029 disable=SC2087
 | |
| ssh "${SSH_OPTS[@]}" "$server" -i "$amazon_key_file" -lroot /bin/bash <<EOF
 | |
| # Set the hostname early
 | |
| echo "$hostname" > /etc/hostname
 | |
| hostname "$hostname"
 | |
| sed -i 's/localhost$/localhost $hostname/' /etc/hosts
 | |
| EOF
 | |
| 
 | |
| set -e
 | |
| 
 | |
| # Give server its SSH keys
 | |
| scp "${SSH_OPTS[@]}" -i "$amazon_key_file" "$server_private_key_file" root@"$server":/root/.ssh/id_rsa
 | |
| scp "${SSH_OPTS[@]}" -i "$amazon_key_file" "$server_private_key_file".pub root@"$server":/root/.ssh/id_rsa.pub
 | |
| scp "${SSH_OPTS[@]}" -i "$amazon_key_file" "$secrets_file" root@"$server":/etc/zulip/zulip-secrets.conf
 | |
| if [ -e "$zulipconf_file" ]; then
 | |
|     scp "${SSH_OPTS[@]}" -i "$amazon_key_file" "$zulipconf_file" root@"$server":/etc/zulip/zulip.conf
 | |
| fi
 | |
| if [ -e "$settings_file" ]; then
 | |
|     scp "${SSH_OPTS[@]}" -i "$amazon_key_file" "$settings_file" root@"$server":/etc/zulip/settings.py
 | |
| fi
 | |
| 
 | |
| # shellcheck disable=SC2029 disable=SC2087
 | |
| ssh "${SSH_OPTS[@]}" "$server" -i "$amazon_key_file" -lroot /bin/bash <<EOF
 | |
| set -x
 | |
| # Finish setting up the SSH private key
 | |
| chmod 600 /root/.ssh/id_rsa
 | |
| # Delete the ubuntu user
 | |
| if grep -q '^ubuntu:' /etc/passwd; then
 | |
|     userdel ubuntu
 | |
| fi
 | |
| # Make sure root doesn't have a password
 | |
| passwd -d root
 | |
| 
 | |
| apt-get update
 | |
| apt-get -y upgrade
 | |
| 
 | |
| cd "\$(mktemp -d)"
 | |
| 
 | |
| # Get GitHub known_hosts setup
 | |
| # TODO: Replace this with hardcoding the actual GitHub keys
 | |
| ssh -oStrictHostKeyChecking=no git@github.com </dev/null >/dev/null || true
 | |
| 
 | |
| if ! [ -e "zulip" ]; then
 | |
|     # need to install git to clone the repo
 | |
|     apt-get install -y git crudini
 | |
|     git clone "$zulip_repo" zulip
 | |
| fi
 | |
| cd zulip
 | |
| git fetch
 | |
| git checkout origin/$branch
 | |
| # The main Zulip production install script can take things from here!
 | |
| env VIRTUALENV_NEEDED=$VIRTUALENV_NEEDED PUPPET_CLASSES="$type" \
 | |
|   ./scripts/setup/install --self-signed-cert --no-init-db --no-overwrite-settings
 | |
| EOF
 | |
| 
 | |
| scp "${SSH_OPTS[@]}" -i "$amazon_key_file" "$server_private_key_file" root@"$server":/home/zulip/.ssh/id_rsa
 | |
| scp "${SSH_OPTS[@]}" -i "$amazon_key_file" "$server_private_key_file".pub root@"$server":/home/zulip/.ssh/id_rsa.pub
 | |
| # shellcheck disable=SC2029
 | |
| ssh "${SSH_OPTS[@]}" "$server" -i "$amazon_key_file" -lroot /bin/bash <<EOF
 | |
| chown zulip:zulip /home/zulip/.ssh/id_rsa*
 | |
| chmod 600 /home/zulip/.ssh/id_rsa*
 | |
| EOF
 | |
| set +x
 | |
| cat <<EOF
 | |
| 
 | |
|  Done.
 | |
| 
 | |
| EOF
 |