From fa60241c9c3230e44b6417a742682da9aafef003 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Thu, 21 Feb 2019 12:39:02 -0500 Subject: [PATCH] do marketplace fabric scripts --- util/DigitalOceanMarketplace/fabfile.py | 130 ++++++++++++++++++ .../files/etc/update-motd.d/99-one-click | 18 +++ .../files/opt/bitwarden/install-bitwarden.sh | 32 +++++ .../lib/cloud/scripts/per-instance/001_onboot | 17 +++ util/DigitalOceanMarketplace/packages.txt | 0 .../scripts/01-install-docker | 33 +++++ .../scripts/02-install-docker-compose | 18 +++ .../scripts/03-setup-first-run | 17 +++ 8 files changed, 265 insertions(+) create mode 100644 util/DigitalOceanMarketplace/fabfile.py create mode 100644 util/DigitalOceanMarketplace/files/etc/update-motd.d/99-one-click create mode 100644 util/DigitalOceanMarketplace/files/opt/bitwarden/install-bitwarden.sh create mode 100644 util/DigitalOceanMarketplace/files/var/lib/cloud/scripts/per-instance/001_onboot create mode 100644 util/DigitalOceanMarketplace/packages.txt create mode 100644 util/DigitalOceanMarketplace/scripts/01-install-docker create mode 100644 util/DigitalOceanMarketplace/scripts/02-install-docker-compose create mode 100644 util/DigitalOceanMarketplace/scripts/03-setup-first-run diff --git a/util/DigitalOceanMarketplace/fabfile.py b/util/DigitalOceanMarketplace/fabfile.py new file mode 100644 index 000000000..3a9631857 --- /dev/null +++ b/util/DigitalOceanMarketplace/fabfile.py @@ -0,0 +1,130 @@ + #!/usr/bin/python +# -*- coding: utf-8 -*- + +from fabric.api import * +import os + +f = open("./packages.txt","r") +APT_PACKAGES = f.read() + +env.user = "root" + + +def clean_up(): + """ + Clean up remote machine before taking snapshot. + """ + run("rm -rf /tmp/* /var/tmp/*") + run("history -c") + run("cat /dev/null > /root/.bash_history") + run("unset HISTFILE") + run("apt-get -y autoremove") + run("apt-get -y autoclean") + run("find /var/log -mtime -1 -type f -exec truncate -s 0 {} \;") + run("rm -rf /var/log/*.gz /var/log/*.[0-9] /var/log/*-????????") + run("rm -rf /var/lib/cloud/instances/*") + run("rm -rf /var/lib/cloud/instance") + puts("Removing keys...") + run("rm -f /root/.ssh/authorized_keys /etc/ssh/*key*") + run("dd if=/dev/zero of=/zerofile; sync; rm /zerofile; sync") + run("cat /dev/null > /var/log/lastlog; cat /dev/null > /var/log/wtmp") + run("cat /dev/null > /var/log/auth.log") + + + +def install_files(): + """ + Install files onto remote machine. + Walk through the files in the "files" directory and copy them to the build system. + File permissions will be inherited. If you need to change permissions on uploaded files + you can do so in a script placed in the "scripts" directory. + """ + print "--------------------------------------------------" + print "Copying files in ./files to remote server" + print "--------------------------------------------------" + rootDir = './files' + for dirName, subdirList, fileList in os.walk(rootDir): + #print('Found directory: %s' % dirName) + cDir = dirName.replace("./files","") + print("Entering Directory: %s" % cDir) + if cDir: + run("mkdir -p %s" % cDir) + for fname in fileList: + cwd = os.getcwd() + rpath = cDir + "/" + fname + lpath = cwd + "/files" + cDir + "/" + fname + print('Moving File: %s' % lpath) + put(lpath,rpath,mirror_local_mode=True) + + + + +def install_pkgs(): + """ + Install apt packages listed in APT_PACKAGES + """ + #Postfix won't install without a prompt without setting some things + #run("debconf-set-selections <<< \"postfix postfix/main_mailer_type string 'No Configuration'\"") + #run("debconf-set-selections <<< \"postfix postfix/mailname string localhost.local\"") + run("DEBIAN_FRONTEND=noninteractive") + print "--------------------------------------------------" + print "Installing apt packages in packages.txt" + print "--------------------------------------------------" + run("apt-get -qqy update") + run("apt-get -qqy -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade") + run("apt-get -qqy -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" install {}".format(APT_PACKAGES)) + + # example 3rd paty repo and install certbot + #run("apt-get -qqy install software-properties-common") + #run("add-apt-repository ppa:certbot/certbot -y") + #run("apt-get -qqy update") + #run("apt-get -qqy install python-certbot-apache") + +def run_scripts(): + """ + Run all scripts in the "scripts" directory on the build system + Scripts are run in alpha-numeric order. We recommend naming your scripts + with a name that starts with a two digit number 01-99 to ensure run order. + """ + print "--------------------------------------------------" + print "Running scripts in ./scripts" + print "--------------------------------------------------" + + cwd = os.getcwd() + directory = cwd + "/scripts" + + for f in os.listdir(directory): + + lfile = cwd + "/scripts/" + f + rfile = "/tmp/" + f + print("Processing script in %s" % lfile) + put(lfile,rfile) + run("chmod +x %s" % rfile) + run(rfile) + + +@task +def build_image(): + """ + Configure the build droplet, clean up and shut down for snapshotting + """ + #install_pkgs() + install_files() + run_scripts() + clean_up() + run("exit") + print "----------------------------------------------------------------" + print " Build Complete. Shut down your build droplet from the control" + print " panel before creating your snapshot." + print "----------------------------------------------------------------" + + +@task +def build_test(): + """ + Configure the build droplet, but do not clean up or shut down + """ + #install_pkgs() + install_files() + run_scripts() + print "Build complete. This droplet is NOT ready for use. Use build_image instead of build_test for your final build" diff --git a/util/DigitalOceanMarketplace/files/etc/update-motd.d/99-one-click b/util/DigitalOceanMarketplace/files/etc/update-motd.d/99-one-click new file mode 100644 index 000000000..32e916b31 --- /dev/null +++ b/util/DigitalOceanMarketplace/files/etc/update-motd.d/99-one-click @@ -0,0 +1,18 @@ +#!/bin/sh +# +# Configured as part of the DigitalOcean 1-Click Image build process + +myip=$(hostname -I | awk '{print$1}') +cat < /etc/cron.weekly/bitwarden-update.sh + +chmod +x /etc/cron.weekly/bitwarden-update.sh + +# +# Cleanup .bashrc +# + +cp -f /etc/skel/.bashrc /root/.bashrc diff --git a/util/DigitalOceanMarketplace/files/var/lib/cloud/scripts/per-instance/001_onboot b/util/DigitalOceanMarketplace/files/var/lib/cloud/scripts/per-instance/001_onboot new file mode 100644 index 000000000..e72d50a5c --- /dev/null +++ b/util/DigitalOceanMarketplace/files/var/lib/cloud/scripts/per-instance/001_onboot @@ -0,0 +1,17 @@ +#!/bin/bash + +# Scripts in this directory will be executed by cloud-init on the first boot of droplets +# created from your image. Things like generating passwords, configuration requiring IP address +# or other items that will be unique to each instance should be done in scripts here. + +# +# Setup Bitwarden Installer +# ref: https://help.bitwarden.com/article/install-on-premise/ +# + +docker pull bitwarden/setup + +curl -s -o /root/bitwarden.sh \ + https://raw.githubusercontent.com/bitwarden/server/master/scripts/bitwarden.sh + +chmod +x /root/bitwarden.sh diff --git a/util/DigitalOceanMarketplace/packages.txt b/util/DigitalOceanMarketplace/packages.txt new file mode 100644 index 000000000..e69de29bb diff --git a/util/DigitalOceanMarketplace/scripts/01-install-docker b/util/DigitalOceanMarketplace/scripts/01-install-docker new file mode 100644 index 000000000..e1bb7f689 --- /dev/null +++ b/util/DigitalOceanMarketplace/scripts/01-install-docker @@ -0,0 +1,33 @@ +#!/bin/bash +# +# Scripts in this directory are run during the build process. +# each script will be uploaded to /tmp on your build droplet, +# given execute permissions and run. The cleanup process will +# remove the scripts from your build system after they have run +# if you use the build_image task. +# + +# +# Install Docker CE +# ref: https://docs.docker.com/install/linux/docker-ce/ubuntu/ +# + +apt-get -y update + +apt-get -y install \ + apt-transport-https \ + ca-certificates \ + curl \ + gnupg-agent \ + software-properties-common + +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - + +add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) \ + stable" + +apt-get -y update + +apt-get -y install docker-ce docker-ce-cli containerd.io diff --git a/util/DigitalOceanMarketplace/scripts/02-install-docker-compose b/util/DigitalOceanMarketplace/scripts/02-install-docker-compose new file mode 100644 index 000000000..ed80f2bb8 --- /dev/null +++ b/util/DigitalOceanMarketplace/scripts/02-install-docker-compose @@ -0,0 +1,18 @@ +#!/bin/bash +# +# Scripts in this directory are run during the build process. +# each script will be uploaded to /tmp on your build droplet, +# given execute permissions and run. The cleanup process will +# remove the scripts from your build system after they have run +# if you use the build_image task. +# + +# +# Install Docker Compose +# ref: https://docs.docker.com/compose/install/ +# + +curl -L https://github.com/docker/compose/releases/download/1.23.2/docker-compose-`uname -s`-`uname -m` \ + -o /usr/local/bin/docker-compose + +chmod +x /usr/local/bin/docker-compose diff --git a/util/DigitalOceanMarketplace/scripts/03-setup-first-run b/util/DigitalOceanMarketplace/scripts/03-setup-first-run new file mode 100644 index 000000000..a1471cde4 --- /dev/null +++ b/util/DigitalOceanMarketplace/scripts/03-setup-first-run @@ -0,0 +1,17 @@ +#!/bin/bash +# +# Scripts in this directory are run during the build process. +# each script will be uploaded to /tmp on your build droplet, +# given execute permissions and run. The cleanup process will +# remove the scripts from your build system after they have run +# if you use the build_image task. +# + +# +# Setup First Run Script +# ref: https://github.com/digitalocean/marketplace-partners/blob/master/marketplace_docs/build-an-image-fabric.md#running-commands-on-first-login +# + +chmod +x /opt/bitwarden/install-bitwarden.sh + +echo '/opt/bitwarden/install-bitwarden.sh' >> /root/.bashrc