added ADAPT DO M24

parent 59e49e4a
The plan is to release the ADAPT Deployment Orchestrator component, developed by HPE, as open source software. HPE has to follow an internal process with reviews and decisions at corporate level to decide and approve the license under which to release the developed software. Unfortunately this process takes time and it’s not yet completed at the time of writing, therefore the licensing information for the released software is not yet available.
For more information please contact us through this website https://www.decide-h2020.eu/contact
\ No newline at end of file
FROM tiangolo/uwsgi-nginx-flask:python3.6 FROM tiangolo/uwsgi-nginx-flask:python3.6
RUN apt-get update && apt-get install unzip && wget https://releases.hashicorp.com/terraform/0.10.7/terraform_0.10.7_linux_amd64.zip?_ga=2.121414664.102068769.1507033863-2054770415.1501495729 -O temp.zip && unzip temp.zip -d /usr/local/bin && rm temp.zip && mkdir -p /app/repo && mkdir -p /home/ubuntu/terraform/certs && mkdir -p /home/ubuntu/terraform/scripts && mkdir /home/ubuntu/terraform/keypairs && pip install flask-restplus && pip install -U flask-cors && pip install pymongo==3.7 && wget http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.0.0_1.0.1t-1+deb8u9_amd64.deb && dpkg -i libssl1.0.0_1.0.1t-1+deb8u9_amd64.deb && wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-4.0.0.tgz && tar -zxvf mongodb-linux-*-4.0.0.tgz && mkdir -p /data/db && export PATH=mongodb-linux-x86_64-ubuntu1604-4.0.0/bin:$PATH && cp mongodb-linux-x86_64-ubuntu1604-4.0.0/bin/* /usr/local/bin RUN apt-get update && apt-get install unzip && apt-get install -y vim && wget https://releases.hashicorp.com/terraform/0.10.7/terraform_0.10.7_linux_amd64.zip?_ga=2.121414664.102068769.1507033863-2054770415.1501495729 -O temp.zip && unzip temp.zip -d /usr/local/bin && rm temp.zip && mkdir -p /app/repo && mkdir -p /home/ubuntu/terraform/certs && mkdir -p /home/ubuntu/terraform/scripts && mkdir /home/ubuntu/terraform/keypairs && pip install flask-restplus && pip install -U flask-cors && pip install pymongo==3.7 && pip install jsonschema==3.0.0a3 && wget http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.0.0_1.0.1t-1+deb8u9_amd64.deb && dpkg -i libssl1.0.0_1.0.1t-1+deb8u9_amd64.deb && wget https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu1604-4.0.0.tgz && tar -zxvf mongodb-linux-*-4.0.0.tgz && mkdir -p /data/db && export PATH=mongodb-linux-x86_64-ubuntu1604-4.0.0/bin:$PATH && cp mongodb-linux-x86_64-ubuntu1604-4.0.0/bin/* /usr/local/bin
COPY app/ /app/ COPY app/ /app/
COPY tfplugin/terraform-provider-cloudbroker /usr/local/bin COPY tfplugin/terraform-provider-cloudbroker /usr/local/bin
......
...@@ -27,6 +27,10 @@ variable "vm_region_id" { ...@@ -27,6 +27,10 @@ variable "vm_region_id" {
default = "4265ddb9-e862-4814-82a4-d6b92f25e8e5" default = "4265ddb9-e862-4814-82a4-d6b92f25e8e5"
} }
variable "vm_user" {
default = "ubuntu"
}
variable "instance_type_id" { variable "instance_type_id" {
default = "e3ca8e4c-0f91-4e83-9bd9-4cef88d054a8" default = "e3ca8e4c-0f91-4e83-9bd9-4cef88d054a8"
} }
...@@ -71,6 +75,7 @@ resource "cloudbroker_instance" "decide-vm" { ...@@ -71,6 +75,7 @@ resource "cloudbroker_instance" "decide-vm" {
resource_id = "${var.vm_resource_id}" resource_id = "${var.vm_resource_id}"
region_id = "${var.vm_region_id}" region_id = "${var.vm_region_id}"
instance_type_id = "${var.instance_type_id}" instance_type_id = "${var.instance_type_id}"
vm_user = "${var.vm_user}"
isolated = "false" isolated = "false"
key_pair_id = "${var.key_pair_id}" key_pair_id = "${var.key_pair_id}"
disable_autostop = "true" disable_autostop = "true"
...@@ -91,7 +96,7 @@ resource "cloudbroker_instance" "decide-vm" { ...@@ -91,7 +96,7 @@ resource "cloudbroker_instance" "decide-vm" {
connection { connection {
type = "ssh" type = "ssh"
user = "ubuntu" user = "${var.vm_user}"
private_key = "${file("/home/ubuntu/terraform/keypairs/${var.app_name}/private-key-openssh")}" private_key = "${file("/home/ubuntu/terraform/keypairs/${var.app_name}/private-key-openssh")}"
} }
} }
...@@ -105,7 +110,7 @@ resource "cloudbroker_instance" "decide-vm" { ...@@ -105,7 +110,7 @@ resource "cloudbroker_instance" "decide-vm" {
connection { connection {
type = "ssh" type = "ssh"
user = "ubuntu" user = "${var.vm_user}"
private_key = "${file("/home/ubuntu/terraform/keypairs/${var.app_name}/private-key-openssh")}" private_key = "${file("/home/ubuntu/terraform/keypairs/${var.app_name}/private-key-openssh")}"
} }
} }
...@@ -113,7 +118,10 @@ resource "cloudbroker_instance" "decide-vm" { ...@@ -113,7 +118,10 @@ resource "cloudbroker_instance" "decide-vm" {
provisioner "local-exec" { provisioner "local-exec" {
command = <<CMD command = <<CMD
mkdir -p /home/ubuntu/terraform/certs/${cloudbroker_instance.decide-vm.external_ip_address} \ mkdir -p /home/ubuntu/terraform/certs/${cloudbroker_instance.decide-vm.external_ip_address} \
&& scp -i /home/ubuntu/terraform/keypairs/${var.app_name}/private-key-openssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -r ubuntu@${cloudbroker_instance.decide-vm.external_ip_address}:~/.docker/client/keys/ /home/ubuntu/terraform/certs/${cloudbroker_instance.decide-vm.external_ip_address} && scp -i /home/ubuntu/terraform/keypairs/${var.app_name}/private-key-openssh -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -r ${var.vm_user}@${cloudbroker_instance.decide-vm.external_ip_address}:/tmp/scripts/tempkeys/ /home/ubuntu/terraform/certs/${cloudbroker_instance.decide-vm.external_ip_address} \
&& mv /home/ubuntu/terraform/certs/${cloudbroker_instance.decide-vm.external_ip_address}/tempkeys /home/ubuntu/terraform/certs/${cloudbroker_instance.decide-vm.external_ip_address}/keys \
&& chmod -v 0400 /home/ubuntu/terraform/certs/${cloudbroker_instance.decide-vm.external_ip_address}/keys/key.pem \
&& chmod -v 0444 /home/ubuntu/terraform/certs/${cloudbroker_instance.decide-vm.external_ip_address}/keys/cert.pem
CMD CMD
} }
......
...@@ -10,17 +10,17 @@ provider "docker" { ...@@ -10,17 +10,17 @@ provider "docker" {
resource "null_resource" "{{ imageName|replace("/", "-") }}-{{ containerName }}" { resource "null_resource" "{{ imageName|replace("/", "-") }}-{{ containerName }}" {
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"echo 'Performing login...' >> /home/ubuntu/log.txt", "echo 'Performing login...' >> $HOME/log.txt",
"docker -H ${trimspace(file("/app/{{ appName }}-{{ dockerHostNodeName }}-ip.txt"))}:8376 --tls=true --tlscert=/home/ubuntu/.docker/client/keys/cert.pem --tlscacert=/home/ubuntu/.docker/client/keys/ca.pem --tlskey=/home/ubuntu/.docker/client/keys/key.pem login {{ dockerPrivateRegistryIp }}:{{ dockerPrivateRegistryPort }} -u {{ dockerPrivateRegistryUser }} -p {{ dockerPrivateRegistryPassword }}", "docker -H ${trimspace(file("/app/{{ appName }}-{{ dockerHostNodeName }}-ip.txt"))}:8376 --tls=true --tlscert=/decide/.docker/client/keys/cert.pem --tlscacert=/decide/.docker/client/keys/ca.pem --tlskey=/decide/.docker/client/keys/key.pem login {{ dockerPrivateRegistryIp }}:{{ dockerPrivateRegistryPort }} -u {{ dockerPrivateRegistryUser }} -p {{ dockerPrivateRegistryPassword }}",
"echo '...login done' >> /home/ubuntu/log.txt", "echo '...login done' >> $HOME/log.txt",
"echo 'Pulling image...' >> /home/ubuntu/log.txt", "echo 'Pulling image...' >> $HOME/log.txt",
"docker -H ${trimspace(file("/app/{{ appName }}-{{ dockerHostNodeName }}-ip.txt"))}:8376 --tls=true --tlscert=/home/ubuntu/.docker/client/keys/cert.pem --tlscacert=/home/ubuntu/.docker/client/keys/ca.pem --tlskey=/home/ubuntu/.docker/client/keys/key.pem pull {{ dockerPrivateRegistryIp }}:{{ dockerPrivateRegistryPort }}/{{ imageName }}:{{ imageTag }}", "docker -H ${trimspace(file("/app/{{ appName }}-{{ dockerHostNodeName }}-ip.txt"))}:8376 --tls=true --tlscert=/decide/.docker/client/keys/cert.pem --tlscacert=/decide/.docker/client/keys/ca.pem --tlskey=/decide/.docker/client/keys/key.pem pull {{ dockerPrivateRegistryIp }}:{{ dockerPrivateRegistryPort }}/{{ imageName }}:{{ imageTag }}",
"echo '... pull done' >> /home/ubuntu/log.txt", "echo '... pull done' >> $HOME/log.txt",
] ]
connection { connection {
host = "${trimspace(file("/app/{{ appName }}-{{ dockerHostNodeName }}-ip.txt"))}" host = "${trimspace(file("/app/{{ appName }}-{{ dockerHostNodeName }}-ip.txt"))}"
type = "ssh" type = "ssh"
user = "ubuntu" user = "{{ vmUser }}"
private_key = "${file("/home/ubuntu/terraform/keypairs/{{ appName }}/private-key-openssh")}" private_key = "${file("/home/ubuntu/terraform/keypairs/{{ appName }}/private-key-openssh")}"
} }
} }
......
...@@ -9,17 +9,12 @@ ...@@ -9,17 +9,12 @@
resource "null_resource" "{{ imageName|replace("/", "-") }}-{{ containerName }}" { resource "null_resource" "{{ imageName|replace("/", "-") }}-{{ containerName }}" {
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"echo 'Performing login...' >> /home/ubuntu/log.txt", "/tmp/scripts//registry-login-and-pull.sh ${trimspace(file("/app/{{ appName }}-{{ dockerHostNodeName }}-ip.txt"))}:8376 {{ dockerPrivateRegistryUser }} {{ dockerPrivateRegistryPassword }} {{ dockerPrivateRegistryIp }} {{ dockerPrivateRegistryPort }} {{ imageName }} {{ imageTag }}",
"docker -H ${data.terraform_remote_state.{{ appName }}.{{ dockerHostNodeName }}.external_ip_address}:8376 --tls=true --tlscert=/home/ubuntu/.docker/client/keys/cert.pem --tlscacert=/home/ubuntu/.docker/client/keys/ca.pem --tlskey=/home/ubuntu/.docker/client/keys/key.pem login {{ dockerPrivateRegistryIp }}:{{ dockerPrivateRegistryPort }} -u {{ dockerPrivateRegistryUser }} -p {{ dockerPrivateRegistryPassword }}",
"echo '...login done' >> /home/ubuntu/log.txt",
"echo 'Pulling image...' >> /home/ubuntu/log.txt",
"docker -H ${data.terraform_remote_state.{{ appName }}.{{ dockerHostNodeName }}.external_ip_address}:8376 --tls=true --tlscert=/home/ubuntu/.docker/client/keys/cert.pem --tlscacert=/home/ubuntu/.docker/client/keys/ca.pem --tlskey=/home/ubuntu/.docker/client/keys/key.pem pull {{ dockerPrivateRegistryIp }}:{{ dockerPrivateRegistryPort }}/{{ imageName }}:{{ imageTag }}",
"echo '... pull done' >> /home/ubuntu/log.txt",
] ]
connection { connection {
host = "${data.terraform_remote_state.{{ appName }}.{{ dockerHostNodeName }}.external_ip_address}" host = "${data.terraform_remote_state.{{ appName }}.{{ dockerHostNodeName }}.external_ip_address}"
type = "ssh" type = "ssh"
user = "ubuntu" user = "{{ vmUser }}"
private_key = "${file("/home/ubuntu/terraform/keypairs/{{ appName }}/private-key-openssh")}" private_key = "${file("/home/ubuntu/terraform/keypairs/{{ appName }}/private-key-openssh")}"
} }
} }
......
terraform { terraform {
backend "consul" { backend "consul" {
address = "54.221.168.175:8500" address = "{{ consulJoinIp }}:8500"
path = "{{ appName }}/services/terraform_state" path = "{{ appName }}/services/terraform_state"
datacenter = "dc1-aws" datacenter = "dc1-aws"
} }
...@@ -19,7 +19,7 @@ provider "docker" { ...@@ -19,7 +19,7 @@ provider "docker" {
data "terraform_remote_state" "{{ appName }}" { data "terraform_remote_state" "{{ appName }}" {
backend = "consul" backend = "consul"
config { config {
address = "54.221.168.175:8500" address = "{{ consulJoinIp }}:8500"
path = "{{ appName }}/infrastructure/terraform_state" path = "{{ appName }}/infrastructure/terraform_state"
datacenter = "dc1-aws" datacenter = "dc1-aws"
} }
...@@ -28,7 +28,7 @@ data "terraform_remote_state" "{{ appName }}" { ...@@ -28,7 +28,7 @@ data "terraform_remote_state" "{{ appName }}" {
provider "consul" { provider "consul" {
version = "~> 1.0.0" version = "~> 1.0.0"
address = "54.221.168.175:8500" address = "{{ consulJoinIp }}:8500"
datacenter = "dc1-aws" datacenter = "dc1-aws"
} }
terraform { terraform {
backend "consul" { backend "consul" {
address = "54.221.168.175:8500" address = "{{ consulJoinIp }}:8500"
path = "{{ appName }}/infrastructure/terraform_state" path = "{{ appName }}/infrastructure/terraform_state"
datacenter = "dc1-aws" datacenter = "dc1-aws"
} }
...@@ -17,6 +17,7 @@ module "{{ appName }}-{{ dockerHostNodeName }}" { ...@@ -17,6 +17,7 @@ module "{{ appName }}-{{ dockerHostNodeName }}" {
vm_software_id = "{{ vmSoftwareId }}", vm_software_id = "{{ vmSoftwareId }}",
vm_resource_id = "{{ vmResourceId }}", vm_resource_id = "{{ vmResourceId }}",
vm_region_id = "{{ vmRegionId }}", vm_region_id = "{{ vmRegionId }}",
vm_user = "{{ vmUser }}",
instance_type_id = "{{ instanceTypeId }}", instance_type_id = "{{ instanceTypeId }}",
key_pair_id = "{{ keyPairId }}", key_pair_id = "{{ keyPairId }}",
app_name = "{{ appName }}", app_name = "{{ appName }}",
......
{
"name": "My-Example-App",
"cloudbrokerEndpoint": "https://decide-prototype.cloudbroker.com",
"cloudbrokerUsername": "TO_BE_FILLED",
"cloudbrokerPassword": "TO_BE_FILLED",
"virtualMachines": [
{
"vmSoftwareId": "21b7ebed-5076-43b6-8351-0e06cf16eedc",
"vmResourceId": "18d07329-07f6-4d59-b1c1-676f64d1663f",
"vmRegionId": "4265ddb9-e862-4814-82a4-d6b92f25e8e5",
"instanceTypeId": "e3ca8e4c-0f91-4e83-9bd9-4cef88d054a8",
"keyPairId": "TO_BE_FILLED",
"openedPort": "22,80,8000-9000,9411",
"consulJoinIp": "127.0.0.1",
"dockerPrivateRegistryIp": "54.172.38.173",
"dockerPrivateRegistryPort": "8200",
"dockerHostNodeName": "node-adapt"
}
],
"containers":[
{
"containerName":"adapt",
"imageName":"adapt",
"imageTag":"v0.1",
"dockerPrivateRegistryIp": "54.172.38.173",
"dockerPrivateRegistryPort": "8200",
"dockerPrivateRegistryUser": "decide-user",
"dockerPrivateRegistryPassword": "TO_BE_FILLED",
"hostname": "adapt",
"restart": "always",
"dockerHostNodeName": "node-adapt",
"consulKvProviderNodeName": "node-adapt",
"addConsulService": 1,
"consulServicePort": 80,
"addConsulTraefikRules": 0,
"portMapping": [
{
"hostPort": "8472",
"containerPort": "80"
}
]
}
]
}
{
"cloudbroker_username": "paolo.barone@hpe.com",
"cloudbroker_password": "xxxxxxxx"
}
{
"cloudbroker_endpoint":"https://decide-prototype.cloudbroker.com",
"cloudbroker_username":"[TO BE_FILLED_CB_USER]",
"cloudbroker_password":"[TO BE_FILLED_CB_PWD]",
"repository_user":"[TO BE_FILLED_GIT_USER]",
"repository_pwd":"[TO BE_FILLED_GIT_PWD]",
"repository_url": "[TO_BE_FILLED_GIT_REPO]",
"revision": "[TO_BE_FILLED_REV_NO]",
"filepath": "demo/app-descriptor.json"
}
{
"cloudbroker_endpoint":"https://decide-prototype.cloudbroker.com",
"cloudbroker_username":"[TO BE_FILLED_CB_USER]",
"cloudbroker_password":"[TO BE_FILLED_CB_PWD]",
"repository_user":"[TO BE_FILLED_GIT_USER]",
"repository_pwd":"[TO BE_FILLED_GIT_PWD]",
"repository_url": "[TO_BE_FILLED_GIT_REPO]",
"revision": "[TO_BE_FILLED_REV_NO]",
"filepath": "demo/app-descriptor.json"
}
# Copyright 2015 Container Solutions
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
default: build plan
deps:
go install github.com/hashicorp/terraform
build:
go build -o terraform-provider-awesome .
test:
go test -v .
plan:
@terraform plan
provider "cloudbroker" {
username = "me@mycompany.com"
password = "*********"
endpoint = "https://decide-prototype.cloudbroker.com"
timeout = 60
max_retries = 5
}
resource "cloudbroker_instance" "sample-server" {
name = "speedracer"
cpus = 4
ram = 16384
}
...@@ -13,20 +13,23 @@ openssl req -subj "/C=IT/ST=Italy/L=Italy/O=decide/OU=IT Department/CN=$1" -sha2 ...@@ -13,20 +13,23 @@ openssl req -subj "/C=IT/ST=Italy/L=Italy/O=decide/OU=IT Department/CN=$1" -sha2
echo subjectAltName = DNS:decide.org,IP:$1,IP:127.0.0.1 > extfile.cnf echo subjectAltName = DNS:decide.org,IP:$1,IP:127.0.0.1 > extfile.cnf
openssl x509 -req -days 365 -sha256 -passin pass:1234 -in server.csr -CA ca.pem -CAkey ca-key.pem \ openssl x509 -req -days 365 -sha256 -passin pass:1234 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-CAcreateserial -out server-cert.pem -extfile extfile.cnf -CAcreateserial -out server-cert.pem -extfile extfile.cnf
rm -v server.csr server.pass.key rm -v server.csr server.pass.key
sudo chmod -R 777 ~/.docker sudo chmod -R 777 /decide/.docker
rm -r ~/.docker sudo rm -r /decide/.docker
mkdir -pv ~/.docker/server/keys sudo mkdir -pv /decide/.docker/server/keys
mkdir -pv ~/.docker/client/keys sudo mkdir -pv /decide/.docker/client/keys
cp -v {ca,server-cert,server-key}.pem ~/.docker/server/keys sudo cp -v {ca,server-cert,server-key}.pem /decide/.docker/server/keys
sudo chmod -v 0400 ~/.docker/server/keys/*-key.pem sudo mkdir -pv /tmp/scripts/tempkeys
sudo chmod -v 0444 ~/.docker/server/keys/{ca,server-cert}.pem sudo cp -v {ca,server-cert,server-key}.pem /tmp/scripts/tempkeys
sudo chmod -v 0400 /decide/.docker/server/keys/*-key.pem
sudo chmod -v 0444 /decide/.docker/server/keys/{ca,server-cert}.pem
openssl genrsa -out key.pem 4096 openssl genrsa -out key.pem 4096
openssl req -subj '/CN=client' -new -key key.pem -out client.csr openssl req -subj '/CN=client' -new -key key.pem -out client.csr
...@@ -37,8 +40,12 @@ openssl x509 -req -days 365 -sha256 -passin pass:1234 -in client.csr -CA ca.pem ...@@ -37,8 +40,12 @@ openssl x509 -req -days 365 -sha256 -passin pass:1234 -in client.csr -CA ca.pem
rm -v client.csr ca.srl rm -v client.csr ca.srl
#Configure docker secure by default on port 8376 #Configure docker secure by default on port 8376
cp -v {ca,cert,key}.pem ~/.docker/client/keys sudo cp -v {ca,cert,key}.pem /decide/.docker/client/keys
sudo chmod -v 0400 ~/.docker/client/keys/key.pem sudo cp -v {ca,cert,key}.pem /tmp/scripts/tempkeys
sudo chmod -v 0444 ~/.docker/client/keys/cert.pem sudo chmod -v 0400 /decide/.docker/client/keys/key.pem
sudo chmod -v 0444 /decide/.docker/client/keys/cert.pem
rm -v *.pem rm -v *.pem
export DOCKER_HOST=tcp://localhost:8376 DOCKER_TLS_VERIFY=1 export DOCKER_HOST=tcp://$IP:8376 DOCKER_TLS_VERIFY=1
export DOCKER_CERT_PATH=/decide/.docker/client/keys
echo "export DOCKER_HOST=tcp://$IP:8376 DOCKER_TLS_VERIFY=1" >> $HOME/.bashrc
echo "export DOCKER_CERT_PATH=/decide/.docker/client/keys" >> $HOME/.bashrc
...@@ -3,14 +3,15 @@ Description=Docker Application Container Engine ...@@ -3,14 +3,15 @@ Description=Docker Application Container Engine
Documentation=https://docs.docker.com Documentation=https://docs.docker.com
After=network-online.target docker.socket firewalld.service After=network-online.target docker.socket firewalld.service
Wants=network-online.target Wants=network-online.target
Requires=docker.socket #Had to remove this for Arsys vms missing sime module!
#Requires=docker.socket
[Service] [Service]
Type=notify Type=notify
# the default is not to use systemd for cgroups because the delegate issues still # the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required # exists and systemd currently does not support the cgroup feature set required
# for containers run by docker # for containers run by docker
ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/home/ubuntu/.docker/server/keys/ca.pem --tlscert=/home/ubuntu/.docker/server/keys/server-cert.pem --tlskey=/home/ubuntu/.docker/server/keys/server-key.pem -H=0.0.0.0:8376 ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/decide/.docker/server/keys/ca.pem --tlscert=/decide/.docker/server/keys/server-cert.pem --tlskey=/decide/.docker/server/keys/server-key.pem -H=0.0.0.0:8376
ExecReload=/bin/kill -s HUP $MAINPID ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=1048576 LimitNOFILE=1048576
# Having non-zero Limit*s causes performance problems due to accounting overhead # Having non-zero Limit*s causes performance problems due to accounting overhead
......
...@@ -21,9 +21,9 @@ RETRIES=0 ...@@ -21,9 +21,9 @@ RETRIES=0
RESULT=0 RESULT=0
echo "About to curl for declaring that VM is up and running, and in a 'configuring' state" echo "About to curl for declaring that VM is up and running, and in a 'configuring' state"
curl -X POST $5/vm/vmlist/$2/configuring curl --max-time 4 -X POST $5/vm/vmlist/$2/configuring
echo "About to curl for step 1: cleanup" echo "About to curl for step 1: cleanup"
curl -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'", "status": "configuring", "step": 1, "steps": 9, "desc": "clean before update"}' $5/vm/$2/status || RESULT=$? curl --max-time 4 -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'", "status": "configuring", "step": 1, "steps": 9, "desc": "clean before update"}' $5/vm/$2/status || RESULT=$?
if [ $RESULT -ne 0 ] ; then if [ $RESULT -ne 0 ] ; then
...@@ -49,7 +49,7 @@ if [ $RETRIES -eq $MAX_RETRIES ]; then ...@@ -49,7 +49,7 @@ if [ $RETRIES -eq $MAX_RETRIES ]; then
fi fi
echo "About to curl for step 2: update" echo "About to curl for step 2: update"
curl -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 2, "steps": 9, "desc": "update packages"}' $5/vm/$2/status || RESULT=$? curl --max-time 4 -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 2, "steps": 9, "desc": "update packages"}' $5/vm/$2/status || RESULT=$?
if [ $RESULT -ne 0 ] ; then if [ $RESULT -ne 0 ] ; then
echo "Could not log step status" echo "Could not log step status"
...@@ -100,10 +100,12 @@ fi ...@@ -100,10 +100,12 @@ fi
chmod +x /tmp/scripts/install-docker-and-compose.sh chmod +x /tmp/scripts/install-docker-and-compose.sh
chmod +x /tmp/scripts/configure-sec.sh chmod +x /tmp/scripts/configure-sec.sh
chmod +x /tmp/scripts/install-and-run-consul.sh chmod +x /tmp/scripts/install-and-run-consul.sh
chmod +x /tmp/scripts/registry-login-and-pull.sh
echo "Configuring security..." >> /tmp/scripts/install.log echo "Configuring security..." >> /tmp/scripts/install.log
echo "About to curl for step 3: security" echo "About to curl for step 3: security"
curl -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 3, "steps": 9, "desc": "configuring security"}' $5/vm/$2/status || RESULT=$? curl --max-time 4 -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 3, "steps": 9, "desc": "configuring security"}' $5/vm/$2/status || RESULT=$?
if [ $RESULT -ne 0 ] ; then if [ $RESULT -ne 0 ] ; then
echo "Could not log step status" echo "Could not log step status"
...@@ -119,7 +121,7 @@ fi ...@@ -119,7 +121,7 @@ fi
echo "installing docker and docker-compose..." >> /tmp/scripts/install.log echo "installing docker and docker-compose..." >> /tmp/scripts/install.log
echo "About to curl for step 4: install docker and docker compose" echo "About to curl for step 4: install docker and docker compose"
curl -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 4, "steps": 9, "desc": "installing docker and docker compose"}' $5/vm/$2/status || RESULT=$? curl --max-time 4 -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 4, "steps": 9, "desc": "installing docker and docker compose"}' $5/vm/$2/status || RESULT=$?
if [ $RESULT -ne 0 ] ; then if [ $RESULT -ne 0 ] ; then
echo "Could not log step status" echo "Could not log step status"
...@@ -133,7 +135,7 @@ else ...@@ -133,7 +135,7 @@ else
fi fi
echo "About to curl for step 5: configure docker as service" echo "About to curl for step 5: configure docker as service"
curl -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 5, "steps": 9, "desc": "configuring docker as service"}' $5/vm/$2/status || RESULT=$? curl --max-time 4 -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 5, "steps": 9, "desc": "configuring docker as service"}' $5/vm/$2/status || RESULT=$?
if [ $RESULT -ne 0 ] ; then if [ $RESULT -ne 0 ] ; then
echo "Could not log step status" echo "Could not log step status"
...@@ -153,7 +155,7 @@ fi ...@@ -153,7 +155,7 @@ fi
echo "Installing and running consul..." >> /tmp/scripts/install.log echo "Installing and running consul..." >> /tmp/scripts/install.log
echo "About to curl for step 6: install consul" echo "About to curl for step 6: install consul"
curl -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 6, "steps": 9, "desc": "intalling consul"}' $5/vm/$2/status || RESULT=$? curl --max-time 4 -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 6, "steps": 9, "desc": "installing consul"}' $5/vm/$2/status || RESULT=$?
if [ $RESULT -ne 0 ] ; then if [ $RESULT -ne 0 ] ; then
echo "Could not log step status" echo "Could not log step status"
...@@ -167,7 +169,7 @@ else ...@@ -167,7 +169,7 @@ else
fi fi
echo "About to curl for step 7: joining cluster" echo "About to curl for step 7: joining cluster"
curl -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 7, "steps": 9, "desc": "joining consul wan cluster"}' $5/vm/$2/status || RESULT=$? curl --max-time 4 -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 7, "steps": 9, "desc": "joining consul wan cluster"}' $5/vm/$2/status || RESULT=$?
if [ $RESULT -ne 0 ] ; then if [ $RESULT -ne 0 ] ; then
echo "Could not log step status" echo "Could not log step status"
...@@ -184,7 +186,7 @@ fi ...@@ -184,7 +186,7 @@ fi
if [ $# -ge 7 ] if [ $# -ge 7 ]
then then
echo "About to curl for step 8: configuring access to private registry" echo "About to curl for step 8: configuring access to private registry"
curl -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 8, "steps": 9, "desc": "configuring access to private registry"}' $5/vm/$2/status || RESULT=$? curl --max-time 4 -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "configuring", "step": 8, "steps": 9, "desc": "configuring access to private registry"}' $5/vm/$2/status || RESULT=$?
if [ $RESULT -ne 0 ] ; then if [ $RESULT -ne 0 ] ; then
echo "Could not log step status" echo "Could not log step status"
...@@ -199,10 +201,14 @@ if [ $# -ge 7 ] ...@@ -199,10 +201,14 @@ if [ $# -ge 7 ]
fi fi
echo "About to curl for step 9: ready" echo "About to curl for step 9: ready"
curl -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "ready", "step": 9, "steps": 9, "desc": "ready for microservices installation"}' $5/vm/$2/status || RESULT=$? curl --max-time 4 -X POST -H 'Content-Type: application/json;charset=UTF-8' -d '{"vmName": "'$1'", "vmPublicIp": "'$2'","status": "ready", "step": 9, "steps": 9, "desc": "ready for microservices installation"}' $5/vm/$2/status || RESULT=$?
if [ $RESULT -ne 0 ] ; then if [ $RESULT -ne 0 ] ; then
echo "Could not log step status" echo "Could not log step status"
fi fi
echo "About to curl for declaring that VM is up and running, and in a 'ready' state" echo "About to curl for declaring that VM is up and running, and in a 'ready' state"
curl -X POST $5/vm/vmlist/$2/ready curl --max-time 4 -X POST $5/vm/vmlist/$2/ready
echo "init-vm.sh done"
...@@ -3,8 +3,8 @@ ...@@ -3,8 +3,8 @@
sudo apt-get install -y unzip sudo apt-get install -y unzip
sudo mkdir -p /usr/local/bin sudo mkdir -p /usr/local/bin
sudo unzip -o /tmp/scripts/consul.zip -d /usr/local/bin sudo unzip -o /tmp/scripts/consul.zip -d /usr/local/bin
mkdir -p /home/ubuntu/consul/config mkdir -p $HOME/consul/config
cat > /home/ubuntu/consul/config/config.json << EOF cat > $HOME/consul/config/config.json << EOF
{ {
"datacenter": "$1", "datacenter": "$1",
"encrypt": "s2aLWrsvz+h0w6HM/NkXRA==", "encrypt": "s2aLWrsvz+h0w6HM/NkXRA==",
...@@ -14,6 +14,6 @@ cat > /home/ubuntu/consul/config/config.json << EOF ...@@ -14,6 +14,6 @@ cat > /home/ubuntu/consul/config/config.json << EOF
} }
EOF EOF
nohup /usr/local/bin/consul agent -bootstrap-expect=1 -server -data-dir=/home/ubuntu/consul/data -config-file=/home/ubuntu/consul/config/config.json -advertise-wan=$2 -bind=$3 -ui