cgamesplay / infra Goto Github PK

selfhosted infra scripts

Shell 15.21% HCL 22.52% HTML 2.78% Python 49.72% Jinja 3.56% Dockerfile 0.41% Smarty 5.80%

infra's Issues

broken link

Hi! generate_installer.sh linked in chapter 3 is no longer available :)

Ran into a few issues w/ Ubuntu 20.04

Ran into a few issues running this from Ubuntu, happy to submit a pull request but I would like to understand why they were necessary

diff --git a/bootstrap/prepare.sh b/bootstrap/prepare.sh
index 5bb6037..5ea969a 100755
--- a/bootstrap/prepare.sh
+++ b/bootstrap/prepare.sh
@@ -40,19 +40,18 @@ EOF

 # }}}
 # Consul initialization {{{
-
 consul keygen > data/consul-gossip.key
-consul agent -datacenter=${DC} -node server-${DC}-bootstrap -config-file=consul.hcl &
+consul agent -datacenter=${DC} -node server-${DC}-bootstrap -config-file=bootstrap/consul.hcl &
 consul_pid=$!
 while [[ ! $(consul info 2>&1 >/dev/null) == *"Permission denied"* ]]; do sleep 1; done
 consul acl bootstrap | tee data/consul-acl.txt > /dev/null
 export CONSUL_HTTP_TOKEN=$(cat data/consul-acl.txt | grep 'SecretID' | cut -d: -f2 | xargs)
 consul acl set-agent-token agent "$CONSUL_HTTP_TOKEN"
-consul acl policy create -name anonymous -rules @consul-policy-anonymous.hcl
+consul acl policy create -name anonymous -rules @bootstrap/consul-policy-anonymous.hcl
 consul acl token create -description "Default (anonymous) token" -policy-name anonymous | tee data/anonymous-consul-token.txt > /dev/null
 anonymous_consul_token=$(cat data/anonymous-consul-token.txt | grep 'SecretID' | cut -d: -f2 | xargs)
 consul acl set-agent-token default "$anonymous_consul_token"
-consul acl policy create -name vault -rules @consul-policy-vault.hcl
+consul acl policy create -name vault -rules @bootstrap/consul-policy-vault.hcl
 consul acl token create -description "Vault token" -policy-name vault | tee data/vault-consul-token.txt > /dev/null

 # }}}
@@ -60,7 +59,7 @@ consul acl token create -description "Vault token" -policy-name vault | tee data

 export VAULT_ADDR="http://127.0.0.1:8200"
 vault_consul_token=$(cat data/vault-consul-token.txt | grep 'SecretID' | cut -d: -f2 | xargs)
-CONSUL_HTTP_TOKEN=$vault_consul_token vault server -config=vault.hcl &
+CONSUL_HTTP_TOKEN=$vault_consul_token vault server -config=bootstrap/vault.hcl &
 vault_pid=$!
 while [[ ! $(vault status) == *Sealed*true* ]]; do sleep 1; done
 vault operator init -key-shares 1 -key-threshold 1 | tee data/vault-root-keys.txt > /dev/null
@@ -113,7 +112,7 @@ vault write pki/roles/server-${DC} \
     generate_lease=true \
     max_ttl=1440h

-vault policy write pki-issue vault-policy-pki-issue.hcl
+vault policy write pki-issue bootstrap/vault-policy-pki-issue.hcl

 vault auth enable cert
 cert_accessor=$(vault auth list -format=json | jq -r '.["cert/"].accessor')
(END)

Unable to run the result of generate_installer.sh due to undefined variable

When I run generate_script.sh I get the following:

13:42:42 [email protected] infra master ? ./bootstrap/generate_installer.sh | sudo bash
++ hostname
+ instance_id=coruscant.local
+ tee /usr/local/share/ca-certificates/global.vault.crt
+ update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

done.
Updating Mono key store
Mono Certificate Store Sync - version 6.8.0.105
Populate Mono certificate store from a concatenated list of certificates.
Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.

Importing into legacy system store:
I already trust 133, your new list has 129
Import process completed.

Importing into BTLS system store:
I already trust 133, your new list has 129
Import process completed.
Done
done.
+ tee /etc/wireguard/wg0.conf
++ ip -o -4 route show to default
++ awk '{print $5}'
++ head -n 1
+ sed -i s/IFACE_NAME/eno1/g /etc/wireguard/wg0.conf
+ sed -i 's/.*net\.ipv4\.ip_forward.*/net.ipv4.ip_forward=1/' /etc/sysctl.conf
+ sysctl -p
net.ipv4.ip_forward = 1
vm.dirty_background_ratio = 5
vm.dirty_ratio = 10
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
fs.inotify.max_user_watches = 100000
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.igmp_max_memberships = 80
net.ipv4.neigh.default.gc_thresh1 = 8096
net.ipv4.neigh.default.gc_thresh2 = 12288
net.ipv4.neigh.default.gc_thresh3 = 16384
net.ipv4.neigh.default.gc_stale_time = 30
+ ufw allow 51820/udp
Skipping adding existing rule
+ systemctl enable --now wg-quick@wg0
+ wg set wg0 peer Lr/ONxhiViAzDNBlsch9JMPGNpMBc1lB1+ydRk/16VI= allowed-ips 172.30.15.1/32
+ chmod 750 /opt/consul /etc/consul.d
+ tee /opt/consul/agent.crt
+ tee /opt/consul/agent.key
+ echo node_name = '"server-coruscant.local"'
+ echo encrypt = NUJqmicTDl4a+ZjcSg5ih0kN5OEyqBwsym3KtO2ShRE=
encrypt = NUJqmicTDl4a+ZjcSg5ih0kN5OEyqBwsym3KtO2ShRE=
+ tee -a /etc/consul.d/consul.hcl
+ tee /etc/consul.d/server.hcl
+ tee /etc/consul.d/client.hcl
+ tee /etc/systemd/system/consul.service
+ tee -a /etc/systemd/resolved.conf
+ chmod 750 /opt/vault /etc/vault.d
+ rm -rf /opt/vault/agent.crt /opt/vault/agent.key
+ tee /opt/vault/agent.crt
+ tee /opt/vault/agent.key
+ tee /etc/vault.d/vault.hcl
+ tee /etc/systemd/system/vault.service
+ export VAULT_ADDR=https://127.0.0.1:8200
+ VAULT_ADDR=https://127.0.0.1:8200
+ export VAULT_CACERT=/usr/local/share/ca-certificates/global.vault.crt
+ VAULT_CACERT=/usr/local/share/ca-certificates/global.vault.crt
+ sed -i '/^VAULT_ADDR=/d' /etc/environment
+ echo VAULT_ADDR=https://127.0.0.1:8200
+ mkdir --parents /etc/vault-agent.d
+ chmod 750 /etc/vault-agent.d
+ tee /etc/vault-agent.d/agent.crt
+ tee /etc/vault-agent.d/agent.key
+ tee /usr/local/bin/cert-validity-secs
+ chmod +x /usr/local/bin/cert-validity-secs
+ tee /etc/vault-agent.d/rotate-certificates.hcl
bash: line 471: wireguard_ip: unbound variable

Clearly wireguard_ip is needed and I see it in generate_installer, but I am just unsure why its not working when folllowing your guide

Thanks

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.