cgamesplay / infra Goto Github PK
View Code? Open in Web Editor NEWselfhosted infra scripts
selfhosted infra scripts
Hi! generate_installer.sh
linked in chapter 3 is no longer available :)
Ran into a few issues running this from Ubuntu, happy to submit a pull request but I would like to understand why they were necessary
diff --git a/bootstrap/prepare.sh b/bootstrap/prepare.sh
index 5bb6037..5ea969a 100755
--- a/bootstrap/prepare.sh
+++ b/bootstrap/prepare.sh
@@ -40,19 +40,18 @@ EOF
# }}}
# Consul initialization {{{
-
consul keygen > data/consul-gossip.key
-consul agent -datacenter=${DC} -node server-${DC}-bootstrap -config-file=consul.hcl &
+consul agent -datacenter=${DC} -node server-${DC}-bootstrap -config-file=bootstrap/consul.hcl &
consul_pid=$!
while [[ ! $(consul info 2>&1 >/dev/null) == *"Permission denied"* ]]; do sleep 1; done
consul acl bootstrap | tee data/consul-acl.txt > /dev/null
export CONSUL_HTTP_TOKEN=$(cat data/consul-acl.txt | grep 'SecretID' | cut -d: -f2 | xargs)
consul acl set-agent-token agent "$CONSUL_HTTP_TOKEN"
-consul acl policy create -name anonymous -rules @consul-policy-anonymous.hcl
+consul acl policy create -name anonymous -rules @bootstrap/consul-policy-anonymous.hcl
consul acl token create -description "Default (anonymous) token" -policy-name anonymous | tee data/anonymous-consul-token.txt > /dev/null
anonymous_consul_token=$(cat data/anonymous-consul-token.txt | grep 'SecretID' | cut -d: -f2 | xargs)
consul acl set-agent-token default "$anonymous_consul_token"
-consul acl policy create -name vault -rules @consul-policy-vault.hcl
+consul acl policy create -name vault -rules @bootstrap/consul-policy-vault.hcl
consul acl token create -description "Vault token" -policy-name vault | tee data/vault-consul-token.txt > /dev/null
# }}}
@@ -60,7 +59,7 @@ consul acl token create -description "Vault token" -policy-name vault | tee data
export VAULT_ADDR="http://127.0.0.1:8200"
vault_consul_token=$(cat data/vault-consul-token.txt | grep 'SecretID' | cut -d: -f2 | xargs)
-CONSUL_HTTP_TOKEN=$vault_consul_token vault server -config=vault.hcl &
+CONSUL_HTTP_TOKEN=$vault_consul_token vault server -config=bootstrap/vault.hcl &
vault_pid=$!
while [[ ! $(vault status) == *Sealed*true* ]]; do sleep 1; done
vault operator init -key-shares 1 -key-threshold 1 | tee data/vault-root-keys.txt > /dev/null
@@ -113,7 +112,7 @@ vault write pki/roles/server-${DC} \
generate_lease=true \
max_ttl=1440h
-vault policy write pki-issue vault-policy-pki-issue.hcl
+vault policy write pki-issue bootstrap/vault-policy-pki-issue.hcl
vault auth enable cert
cert_accessor=$(vault auth list -format=json | jq -r '.["cert/"].accessor')
(END)
When I run generate_script.sh I get the following:
13:42:42 [email protected] infra master ? ./bootstrap/generate_installer.sh | sudo bash
++ hostname
+ instance_id=coruscant.local
+ tee /usr/local/share/ca-certificates/global.vault.crt
+ update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Updating Mono key store
Mono Certificate Store Sync - version 6.8.0.105
Populate Mono certificate store from a concatenated list of certificates.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.
Importing into legacy system store:
I already trust 133, your new list has 129
Import process completed.
Importing into BTLS system store:
I already trust 133, your new list has 129
Import process completed.
Done
done.
+ tee /etc/wireguard/wg0.conf
++ ip -o -4 route show to default
++ awk '{print $5}'
++ head -n 1
+ sed -i s/IFACE_NAME/eno1/g /etc/wireguard/wg0.conf
+ sed -i 's/.*net\.ipv4\.ip_forward.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf
+ sysctl -p
net.ipv4.ip_forward = 1
vm.dirty_background_ratio = 5
vm.dirty_ratio = 10
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
fs.inotify.max_user_watches = 100000
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.igmp_max_memberships = 80
net.ipv4.neigh.default.gc_thresh1 = 8096
net.ipv4.neigh.default.gc_thresh2 = 12288
net.ipv4.neigh.default.gc_thresh3 = 16384
net.ipv4.neigh.default.gc_stale_time = 30
+ ufw allow 51820/udp
Skipping adding existing rule
+ systemctl enable --now wg-quick@wg0
+ wg set wg0 peer Lr/ONxhiViAzDNBlsch9JMPGNpMBc1lB1+ydRk/16VI= allowed-ips 172.30.15.1/32
+ chmod 750 /opt/consul /etc/consul.d
+ tee /opt/consul/agent.crt
+ tee /opt/consul/agent.key
+ echo node_name = '"server-coruscant.local"'
+ echo encrypt = NUJqmicTDl4a+ZjcSg5ih0kN5OEyqBwsym3KtO2ShRE=
encrypt = NUJqmicTDl4a+ZjcSg5ih0kN5OEyqBwsym3KtO2ShRE=
+ tee -a /etc/consul.d/consul.hcl
+ tee /etc/consul.d/server.hcl
+ tee /etc/consul.d/client.hcl
+ tee /etc/systemd/system/consul.service
+ tee -a /etc/systemd/resolved.conf
+ chmod 750 /opt/vault /etc/vault.d
+ rm -rf /opt/vault/agent.crt /opt/vault/agent.key
+ tee /opt/vault/agent.crt
+ tee /opt/vault/agent.key
+ tee /etc/vault.d/vault.hcl
+ tee /etc/systemd/system/vault.service
+ export VAULT_ADDR=https://127.0.0.1:8200
+ VAULT_ADDR=https://127.0.0.1:8200
+ export VAULT_CACERT=/usr/local/share/ca-certificates/global.vault.crt
+ VAULT_CACERT=/usr/local/share/ca-certificates/global.vault.crt
+ sed -i '/^VAULT_ADDR=/d' /etc/environment
+ echo VAULT_ADDR=https://127.0.0.1:8200
+ mkdir --parents /etc/vault-agent.d
+ chmod 750 /etc/vault-agent.d
+ tee /etc/vault-agent.d/agent.crt
+ tee /etc/vault-agent.d/agent.key
+ tee /usr/local/bin/cert-validity-secs
+ chmod +x /usr/local/bin/cert-validity-secs
+ tee /etc/vault-agent.d/rotate-certificates.hcl
bash: line 471: wireguard_ip: unbound variable
Clearly wireguard_ip is needed and I see it in generate_installer, but I am just unsure why its not working when folllowing your guide
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.