-
Notifications
You must be signed in to change notification settings - Fork 1
/
provisioner.sh
executable file
·562 lines (458 loc) · 12.1 KB
/
provisioner.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
#!/bin/bash
trap "rm -vf $0 >&2" EXIT
# placeholder=enviroment - DO NOT REMOVE THIS LINE
if [ "$PROVISION_DEBUG" == true ]; then
#exec 2>>/var/log/provision.log
set -x
fi
func=$1_$2
date >&2
echo "Starting [$0 $@: func=$func $(id)]" >&2
function _()
{
:
}
function _sudo()
{
if [ -n "$PROVISION_SSH_PASSWORD" ]; then
echo -n "$PROVISION_SSH_PASSWORD" | sudo -S -p '' "$@"
else
sudo "$@"
fi
}
## Join parameters $2... using separator $1
## $1: separator
## $2...: values to join
function join()
{
local IFS="$1"
shift
echo "$*"
}
##############################
## Setup ##
##############################
if [ -e /etc/os-release ]; then
source /etc/os-release
fi
if ! jq --version &>/dev/null; then
_sudo dnf install -y jq
fi
##############################
## Auth: ssh/sudo ##
##############################
SUDOERS_FILE="/etc/sudoers.d/${PROVISION_SSH_USER//./_}"
SUDOERS_FILE="${SUDOERS_FILE//\~/_}"
HOME_SSH_DIR="$HOME/.ssh"
AUTHORIZED_KEYS_FILE="$HOME_SSH_DIR/authorized_keys"
function load_ssh_key()
{
export SSH_PRIVATE_KEY_DATA=$(base64 -d <<<$PROVISION_SSH_PRIVATE_KEY_DATA)
export SSH_PUBLIC_KEY_DATA=$(ssh-keygen -yf /dev/stdin <<<$SSH_PRIVATE_KEY_DATA)
export SSH_PUBLIC_KEY_DATA_ONLY=$(awk '{print $1 $2}' <<<$SSH_PUBLIC_KEY_DATA)
}
function ensure_ssh_key()
{
if [ -z "$PROVISION_SSH_PRIVATE_KEY_DATA" ]; then
return
fi
load_ssh_key
if ! grep -q "$SSH_PUBLIC_KEY_DATA_ONLY" $AUTHORIZED_KEYS_FILE; then
mkdir -p $HOME_SSH_DIR || true
chmod 700 $HOME_SSH_DIR
echo "$SSH_PUBLIC_KEY_DATA" >> $AUTHORIZED_KEYS_FILE
chmod 600 $AUTHORIZED_KEYS_FILE
chown $PROVISION_SSH_USER $AUTHORIZED_KEYS_FILE
fi
}
function ensure_sudoers()
{
local sudoers_entry="$PROVISION_SSH_USER ALL=(ALL) NOPASSWD: ALL"
if ! _sudo grep -q "$sudoers_entry" $SUDOERS_FILE; then
_sudo bash -xc "echo '$sudoers_entry' >> $SUDOERS_FILE"
fi
}
function create_auth()
{
ensure_ssh_key
ensure_sudoers
read_auth
}
function read_auth()
{
local sudoers_id=$(_sudo md5sum $SUDOERS_FILE 2>/dev/null | awk '{print $1}') || true
local authorized_keys_id=$(md5sum $AUTHORIZED_KEYS_FILE 2>/dev/null | awk '{print $1}') || true
echo {
echo ' "sudoers_id":' "\"$sudoers_id\"",
echo ' "authorized_keys_id":' "\"$authorized_keys_id\""
echo }
}
function update_auth()
{
create_auth
}
function delete_auth()
{
# do nothing
echo {}
}
##############################
## /ETC/HOSTS ##
##############################
ETC_HOSTS_MARK="# Auto-generate by getupcloud/terraform-module-provisioner"
ETC_HOSTS_FILE=/etc/hosts
function create_etc_hosts()
{
local PROVISION_DATA_ETC_HOSTS_JSON=$(base64 -d <<<$PROVISION_DATA_ETC_HOSTS)
local ips=( $(jq '.|keys|.[]' -r <<<$PROVISION_DATA_ETC_HOSTS_JSON) )
if [ ${#ips[*]} -eq 0 ]; then
return
fi
for ip in $(sort -u <<<${ips[*]}); do
local hosts=(
$(jq -r ".\"$ip\"" <<<$PROVISION_DATA_ETC_HOSTS_JSON | sort -u)
)
local line="${ip} ${hosts[*]} ${ETC_HOSTS_MARK}"
if grep -q "^\s*${ip}.*${ETC_HOSTS_MARK}\s*\$" $ETC_HOSTS_FILE; then
sed -i -e "s|^\s*${ip//./\\.}.*${ETC_HOSTS_MARK}\s*\$|$line|" $ETC_HOSTS_FILE
else
echo >> $ETC_HOSTS_FILE
echo "$ip ${hosts[*]} $ETC_HOSTS_MARK" >>$ETC_HOSTS_FILE
fi
done
}
function read_etc_hosts()
{
local total=$(grep -v '^\s*#.*' $ETC_HOSTS_FILE | grep ".*${ETC_HOSTS_MARK}\$" | wc -l)
local i=1
echo {
grep -v '^\s*#.*' $ETC_HOSTS_FILE | grep ".*${ETC_HOSTS_MARK}\$" | sed -e 's/#.*//' | tr -s ' ' | while read line; do
ip=${line%% *}
hosts=${line#* }
echo -n "\"$ip\": \"$hosts\""
(( i < total )) && echo , || echo
let i=i+1
done
echo }
}
function update_etc_hosts()
{
create_etc_hosts
}
function delete_etc_hosts()
{
# do nothing
echo {}
}
##############################
## Packages ##
##############################
function _dnf_update()
{
dnf clean all -y
dnf update -y
}
function _uninstall_packages()
{
dnf remove -y "$@"
}
function _install_packages()
{
if [ "$ID" == centos ] && [ "$VERSION_ID" == 8 ]; then
dnf config-manager --set-enabled powertools
dnf install -y epel-release
dnf install -y "$@"
elif [ "$ID" == centos ] && [ "$VERSION_ID" == 9 ]; then
dnf config-manager --set-enabled crb
dnf install -y epel-release epel-next-release
dnf install -y "$@"
fi
}
function _read_packages()
{
local items=()
for package; do
if rpm -q $package &>/dev/null; then
items+=( "\"$package\":true" )
else
items+=( "\"$package\":false" )
fi
done
echo {
join , "${items[@]}"
echo }
}
function create_packages()
{
if ! which dnf &>/dev/null; then
echo {}
return
fi
{
# _dnf_update
_uninstall_packages ${PROVISION_DATA_UNINSTALL_PACKAGES}
_install_packages ${PROVISION_DATA_INSTALL_PACKAGES}
} >&2
_read_packages ${PROVISION_DATA_INSTALL_PACKAGES}
}
function read_packages()
{
if ! which dnf &>/dev/null; then
echo {}
return
fi
_read_packages ${PROVISION_DATA_INSTALL_PACKAGES}
}
function update_packages()
{
if ! which dnf &>/dev/null; then
echo {}
return
fi
create_packages
}
function delete_packages()
{
# do nothing
echo {}
}
##############################
## Systemctl ##
##############################
function _read_systemctl()
{
local items=()
for service in ${PROVISION_DATA_SYSTEMCTL_ENABLE} ${PROVISION_DATA_SYSTEMCTL_DISABLE}; do
local status=$(systemctl is-enabled $service)
if [ "$status" == "enabled" ]; then
items+=( "\"$service\":true" )
else
items+=( "\"$service\":false" )
fi
done
echo {
join , "${items[@]}"
echo }
}
function create_systemctl()
{
{
for service in ${PROVISION_DATA_SYSTEMCTL_ENABLE}; do
systemctl enable $service
systemctl start $service
done
for service in ${PROVISION_DATA_SYSTEMCTL_DISABLE}; do
systemctl disable $service
systemctl stop $service
done
} >&2
_read_systemctl
mkdir -p /var/log/journal
}
function read_systemctl()
{
_read_systemctl
}
function update_systemctl()
{
create_systemctl
}
function delete_systemctl()
{
# do nothing
echo {}
}
##############################
## Disks ##
##############################
function _resolve_device_name()
{
local device="$1"
if [ -b "$device" ]; then
echo $device
return
fi
if [[ $device =~ /^UUID=/ ]]; then
local uuid=${device#*=}
lsblk -pnlo UUID,NAME | awk "/^$uuid /{print \$2}"
return
elif [[ $device =~ /^PARTUUID=/ ]]; then
local uuid=${device#*=}
lsblk -pnlo PARTUUID,NAME | awk "/^$uuid /{print \$2}"
return
elif [[ $device =~ /^LABEL=/ ]]; then
local label=${#*=}
lsblk -pnlo LABEL,NAME | awk "/^$label /{print \$2}"
return
elif [[ $device =~ /^PARTLABEL=/ ]]; then
local label=${#*=}
lsblk -pnlo PARTLABEL,NAME | awk "/^$label /{print \$2}"
return
fi
echo Device not found: $device >&2
return 1
}
function _wait_device_uuid()
{
local device="$1"
for i in {1..10}; do
[ -z "$(lsblk -pno UUID $device)" ] || return
done
}
# print fstab line for device ($1)
function _fstab_get_line()
{
local device="$1"
if ! [ -b "$device" ]; then
echo "Invalid device: $device"
exit 1
fi
local label=$(lsblk -pno LABEL $device)
local uuid=$(lsblk -pno UUID $device)
local partuuid=$(lsblk -pno PARTUUID $device)
local partlabel=$(lsblk -pno PARTLABEL $device)
grep -m1 -E '^[[:space:]]*('$device'|UUID='$uuid'|LABEL='$label'|PARTUUID='$partuid'|PARTLABEL='$partlabel')[[:space]]' /etc/fstab
}
# check if device ($1) is in /etc/fstab
# return 0 if found
# return 1 if not found
function _fstab_has_device()
{
local device=$1
if ! [ -b "$device" ]; then
echo "Invalid device: $device"
exit 1
fi
local uuid=$(get_device_uuid $device)
_fstab_get_line $device &>/dev/null
}
function _add_to_fstab()
{
local device=$1
local mountpoint="$2"
local filesystem="$3"
local mount_opts="${4:-}"
local uuid=$(lsblk -pno UUID $device)
local fstab_entry="UUID=$uuid ${mountpoint} ${filesystem} defaults,nofail${mount_opts:+,$mount_opts} 0 0"
echo "$fstab_entry" >> /etc/fstab
}
function _remove_from_fstab()
{
local device=$1
local label=$(lsblk -pno LABEL $device)
local uuid=$(lsblk -pno UUID $device)
local partuuid=$(lsblk -pno PARTUUID $device)
local partlabel=$(lsblk -pno PARTLABEL $device)
sed -i -E 's;^\s*('$device'|UUID='$uuid'|LABEL='$label'|PARTUUID='$partuuid'|PARTLABEL='$partlabel')\s.*;#\0;g' /etc/fstab
}
function _read_disks()
{
export PROVISION_DATA_DISKS_JSON="$(base64 -d <<<$PROVISION_DATA_DISKS)"
if [ "$(jq length <<<$PROVISION_DATA_DISKS_JSON)" -eq 0 ]; then
echo {}
return
fi
local items=()
for disk_name in $(jq -r 'keys|.[]' <<<"$PROVISION_DATA_DISKS_JSON"); do
unset device mountpoint filesystem
local device mountpoint filesystem
eval $(jq ".${disk_name}"'|to_entries|map("\(.key)=\"\(.value|tostring)\"")|.[]' -r <<<$PROVISION_DATA_DISKS_JSON)
if ! device_name=$(_resolve_device_name $device); then
exit 1
fi
local current_mountpoint=$(lsblk -pno MOUNTPOINT "$device_name" || true)
local current_filesystem=$(lsblk -pno FSTYPE "$device_name" || true)
items+=(
'"'${disk_name}'":{"device":"'${device}'","mountpoint":"'${current_mountpoint}'","filesystem":"'${current_filesystem}'"}'
)
done
echo {
join , "${items[@]}"
echo }
}
function _create_disks()
{
if grep -qw swap /etc/fstab ; then
sed -i -E 's/^([^\s#]+.*\bswap\b.*)/#\0/g' /etc/fstab
fi
swapoff -a || true
export PROVISION_DATA_DISKS_JSON="$(base64 -d <<<$PROVISION_DATA_DISKS)"
if [ "$(jq length <<<$PROVISION_DATA_DISKS_JSON)" -eq 0 ]; then
return
fi
for disk_name in $(jq -r 'keys|.[]' <<<"$PROVISION_DATA_DISKS_JSON"); do
unset device mountpoint filesystem filesystem_options format
eval $(jq ".${disk_name}"'|to_entries|map("\(.key)=\"\(.value|tostring)\"")|.[]' -r <<<$PROVISION_DATA_DISKS_JSON)
if ! device_name=$(_resolve_device_name $device); then
exit 1
fi
local current_mountpoint=$(lsblk -pno MOUNTPOINT "$device_name" || true)
local current_filesystem=$(lsblk -pno FSTYPE "$device_name" || true)
if [ "$disk_name" == containers ]; then
systemctl stop docker containerd &>/dev/null || true
fi
if [ -d "$current_mountpoint" ] && [ "$current_mountpoint" != "$mountpoint" ]; then
umount "$current_mountpoint"
fi
if [ -d "$mountpoint" ]; then
umount $mountpoint 2>/dev/null || true
else
mkdir -p "$mountpoint"
fi
if [ "$disk_name" == containers ]; then
if ! [ -d "$mountpoint" ]; then
mkdir "$mountpoint"
fi
for i in docker containerd; do
umount /var/lib/$i 2>/dev/null || true
if [ -d /var/lib/$i ]; then
mv /var/lib/$i "$mountpoint"
fi
if ! [ -L /var/lib/$i ]; then
ln -s "$mountpoint/$i" /var/lib/$i
fi
done
fi
if [ "$format" == "true" ] && [ -n "$filesystem" ]; then
if [ -n "$current_filesystem" ]; then
echo "Already formated device: $device_name ($current_filesystem)" >&2
else
mkfs.$filesystem $filesystem_options $device_name
_wait_device_uuid $device_name
fi
fi
_remove_from_fstab $device_name
_add_to_fstab $device_name $mountpoint $filesystem
mount $mountpoint
done
systemctl daemon-reload
sync
mkdir -p /var/lib/containers/docker
}
function create_disks()
{
status=0
_create_disks
_read_disks
exit $status
}
function read_disks()
{
status=0
_read_disks
exit $status
}
function update_disks()
{
create_disks
exit $status
}
function delete_disks()
{
# do nothing
echo {}
}
##
## Main
##
eval $func