paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-15 03:11:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5b84b2db87cde835237e921c43a7060d95f47af7
zulip/servers/install-server
Luke Faraone f70e7fadea Miscellaneous updates to install-server for wheezy compatibility. 
We switch to always specifying HostKeyAlgorithms=ssh-rsa because of a ECDSA
key bug in the Debian images which results in the fingerprint not being
printed to the console. Our config later forces RSA after we do a puppet
apply, so we might as well start using RSA from the beginning.

We start out sshing in as "admin", and delete the user (moving keys over to
"root") at the beginning.

We switch to the ops repo instead of backports, and drop the installation
of puppet from backports.

We no longer install humbug-self-signed.key on our servers; instead real
certificates must be installed manually.

(imported from commit cbabe65a4e0ef37df1fece6eaec053a2368f6ef5)
2013-07-12 11:29:11 -04:00

109 lines
3.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash -xe
server=$1
type=$2
hostname=$3
if [ -z "$hostname" ]; then
echo "USAGE: $0 server type hostname"
exit 1
fi
if ! $(echo "$hostname" | grep -q zulip); then
echo "USAGE: $0 server type hostname"
echo "Hostname must have zulip in it."
exit 1
fi
humbug_root=${HUMBUG_ROOT:-$HOME/humbug}
amazon_key_file=$humbug_root/humbug.pem
if ! [ -e "$amazon_key_file" ]; then
echo "You need humbug.pem at $amazon_key_file; ask tabbott for it"
exit 1
fi
server_private_key_file=$humbug_root/servers/puppet/modules/humbug/files/id_rsa
if ! [ -e "$server_private_key_file" ]; then
echo "You need a server ssh key at $server_private_key_file"
exit 1
fi
# Force RSA keys. We do this because the ECDSA key is not printed on syslog,
# and our puppet configuration does not use ECDSA. If we don't do this,
# we'll get key errors after puppet apply.
SSH_OPTS="-o HostKeyAlgorithms=ssh-rsa"
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -ladmin <<EOF
sudo sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config
sudo mkdir ~root/.ssh && sudo cp .ssh/authorized_keys ~root/.ssh/authorized_keys
sudo service ssh restart
EOF
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -lroot <<EOF
echo "$hostname" > /etc/hostname
sed -i 's/localhost$/localhost $hostname/' /etc/hosts
/etc/init.d/hostname.sh start
# First, install any updates from the apt repo that may be needed
cat >>/etc/apt/sources.list.d/humbug.list <<EOF2
deb http://apt.humbughq.com/ops wheezy main
EOF2
apt-get update
apt-get -y upgrade
# need to get puppet before we can do anything with puppeti
apt-get install -y puppet git
EOF
# Give new server git access
# TODO: Don't give servers push access to our git!
scp $SSH_OPTS -i "$amazon_key_file" "$server_private_key_file" root@"$server":/root/.ssh/id_rsa
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -lroot <<EOF
chmod 600 /root/.ssh/id_rsa
# Setup initial known_hosts including git server
cat > /root/.ssh/known_hosts <<EOF2
|1|YmrT42zuHUt3kvg+MzhtF1IXakM=|Ps1MaxDiy5uTeFTjB2k8oQQyxg8= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jhFu8Y9kSe+HyWtCmH2GqTi38lwqZzhAkyaUaASwvcvCRJWGC6AMPGVCKyNxJMcWcIcmP+mB8i5z5AhsgqwEmV5F9TrbPYjbroALCoZEon/bnCBNd3Jh/8eKZI/VLCzWQpL2FTZ5p1RYnCJ4PKSjd8PbKbGd5eAyRlbuETeyavwC+komLlekKkV+wiAv4aGuGRZeGrVJIqSRydVplQrFVaoF/1ifFS/XcNx18jFH0nw8oPOahaTzB/EUTTS/q1Cq0XgrA7x6bsr5kg4Vtw0BcP7JLob6pl/1D9FjLYsDPZCPGIfJV2uF4WcRJWg/U6OtSKOrwTmVw02TcwaavARr
|1|ccgacGoQ9gPCsFVrAopK3oGvYfU=|YcNvWUziiANLr22lvHD05N2veas= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+jhFu8Y9kSe+HyWtCmH2GqTi38lwqZzhAkyaUaASwvcvCRJWGC6AMPGVCKyNxJMcWcIcmP+mB8i5z5AhsgqwEmV5F9TrbPYjbroALCoZEon/bnCBNd3Jh/8eKZI/VLCzWQpL2FTZ5p1RYnCJ4PKSjd8PbKbGd5eAyRlbuETeyavwC+komLlekKkV+wiAv4aGuGRZeGrVJIqSRydVplQrFVaoF/1ifFS/XcNx18jFH0nw8oPOahaTzB/EUTTS/q1Cq0XgrA7x6bsr5kg4Vtw0BcP7JLob6pl/1D9FjLYsDPZCPGIfJV2uF4WcRJWg/U6OtSKOrwTmVw02TcwaavARr
EOF2
# clone humbug repository
cd /root
rm -rf /root/humbug
git clone humbug@git.humbughq.com:/srv/git/humbug.git
cd /root/humbug
git checkout master
EOF
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -lroot <<EOF
cp -a /root/humbug/servers/puppet/modules/humbug/files/puppet.conf /etc/puppet/
userdel admin
puppet apply -e 'class {"humbug": machinetype => "$type"}'
cp -a /root/humbug /home/humbug/humbug
chown -R humbug:humbug /home/humbug/humbug
# These server restarting bits should be moveable into puppet-land, ideally
apt-get -y upgrade
if [ -e "/etc/init.d/nginx" ]; then
service nginx restart
fi
if [ -e "/etc/init.d/apache2" ]; then
service apache2 restart
fi
EOF
# TODO: Don't give servers push access to our git!
scp $SSH_OPTS -i "$amazon_key_file" "$server_private_key_file" humbug@"$server":/home/humbug/.ssh/id_rsa
ssh $SSH_OPTS "$server" -t -i "$amazon_key_file" -lhumbug <<EOF
chmod 600 /home/humbug/.ssh/id_rsa
EOF
set +x
cat <<EOF
Done.
FIXME: Manually run servers/install-nodejs if necessary
EOF
Reference in New Issue View Git Blame Copy Permalink