forked from compiler-explorer/infra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup-common.sh
executable file
·186 lines (153 loc) · 4.88 KB
/
setup-common.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
#!/bin/bash
set -exuo pipefail
INSTALL_TYPE=${1:-non-ci}
# https://askubuntu.com/questions/132059/how-to-make-a-package-manager-wait-if-another-instance-of-apt-is-running
wait_for_apt() {
while fuser /var/lib/dpkg/lock >/dev/null 2>&1; do
echo "Waiting for other software managers to finish..."
sleep 5
done
}
# Sometimes it seems auto apt takes a while to kick in...
sleep 5
wait_for_apt
sleep 5
wait_for_apt
apt-get -y update
apt-get -y upgrade --force-yes
apt-get -y install \
jq \
libc6-arm64-cross \
libdatetime-perl \
libtinfo5 \
libwww-perl \
nfs-common \
python3-pip \
python3-venv \
qemu-user-static \
ssmtp \
unzip \
wget
apt-get -y autoremove
pip3 install --upgrade pip
hash -r pip
# This returns amd64 or arm64
ARCH=$(dpkg --print-architecture)
if [ "$INSTALL_TYPE" != 'ci' ]; then
mkdir /tmp/aws-install
pushd /tmp/aws-install
if [ "$ARCH" == 'amd64' ]; then
curl -sL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
else
curl -sL "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip"
fi
unzip awscliv2.zip
./aws/install
popd
rm -rf /tmp/aws-install
fi
mkdir -p /root/.aws /home/ubuntu/.aws
echo -e "[default]\nregion=us-east-1" | tee /root/.aws/config /home/ubuntu/.aws/config
chown -R ubuntu /home/ubuntu/.aws
get_conf() {
aws ssm get-parameter --name "$1" | jq -r .Parameter.Value
}
LOG_DEST_HOST=$(get_conf /compiler-explorer/logDestHost)
LOG_DEST_PORT=$(get_conf /compiler-explorer/logDestPort)
PTRAIL='/etc/rsyslog.d/99-papertrail.conf'
echo "*.* @${LOG_DEST_HOST}:${LOG_DEST_PORT}" >"${PTRAIL}"
service rsyslog restart
pushd /tmp
if [ "$ARCH" == 'amd64' ]; then
curl -sL 'https://github.com/papertrail/remote_syslog2/releases/download/v0.21/remote_syslog_linux_amd64.tar.gz' | tar zxf -
else
curl -sL 'https://github.com/papertrail/remote_syslog2/releases/download/v0.21/remote_syslog_linux_arm64.tar.gz' | tar zxf -
fi
cp remote_syslog/remote_syslog /usr/local/bin/
popd
cat >/etc/log_files.yml <<EOF
files:
- /var/log/nginx/*.err
destination:
host: ${LOG_DEST_HOST}
port: ${LOG_DEST_PORT}
protocol: tls
EOF
cat >/lib/systemd/system/remote-syslog.service <<EOF
[Unit]
Description=remote_syslog2
Documentation=https://github.com/papertrail/remote_syslog2
After=network-online.target
[Service]
ExecStartPre=/usr/bin/test -e /etc/log_files.yml
ExecStart=/usr/local/bin/remote_syslog -D
Restart=always
User=root
Group=root
[Install]
WantedBy=multi-user.target
EOF
systemctl enable remote-syslog
cp /infra/init/log-instance-id.service /lib/systemd/system/log-instance-id.service
systemctl enable log-instance-id
GRAFANA_CONFIG=/infra/grafana/agent.yaml
pushd /tmp
if [ "$ARCH" == 'amd64' ]; then
curl -sLo agent-linux.zip 'https://github.com/grafana/agent/releases/download/v0.6.1/agent-linux-amd64.zip'
unzip agent-linux.zip
cp agent-linux-amd64 /usr/local/bin/grafana-agent
else
curl -sLo agent-linux.zip 'https://github.com/grafana/agent/releases/download/v0.32.1/grafana-agent-linux-arm64.zip'
unzip agent-linux.zip
cp grafana-agent-linux-arm64 /usr/local/bin/grafana-agent
GRAFANA_CONFIG=/infra/grafana/agent-latest.yaml
fi
popd
PROM_PASSWORD=$(get_conf /compiler-explorer/promPassword)
LOKI_PASSWORD=$(get_conf /compiler-explorer/lokiPassword)
mkdir -p /etc/grafana
cp $GRAFANA_CONFIG /etc/grafana/agent.yaml.tpl
if [ "${INSTALL_TYPE}" = "ci" ]; then
cp /infra/grafana/make-config-ci.sh /etc/grafana/make-config.sh
else
cp /infra/grafana/make-config.sh /etc/grafana/make-config.sh
fi
cp /infra/grafana/grafana-agent.service /lib/systemd/system/grafana-agent.service
systemctl daemon-reload
systemctl enable grafana-agent
sed -i "s/@PROM_PASSWORD@/${PROM_PASSWORD}/g" /etc/grafana/agent.yaml.tpl
sed -i "s/@LOKI_PASSWORD@/${LOKI_PASSWORD}/g" /etc/grafana/agent.yaml.tpl
chmod 600 /etc/grafana/agent.yaml.tpl
mkdir -p /efs
if ! grep "/efs nfs" /etc/fstab; then
echo "fs-db4c8192.efs.us-east-1.amazonaws.com:/ /efs nfs nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport${EXTRA_NFS_ARGS} 0 0" >>/etc/fstab
fi
# Configure email
SMTP_PASS=$(aws ssm get-parameter --name /admin/smtp_pass | jq -r .Parameter.Value)
cat >/etc/ssmtp/ssmtp.conf <<EOF
root=postmaster
mailhub=email-smtp.us-east-1.amazonaws.com
hostname=compiler-explorer.com
FromLineOverride=NO
AuthUser=AKIAJZWPG4D3SSK45LJA
AuthPass=${SMTP_PASS}
UseTLS=YES
UseSTARTTLS=YES
EOF
cat >/etc/ssmtp/revaliases <<EOF
ubuntu:[email protected]:email-smtp.us-east-1.amazonaws.com
EOF
if [ "${INSTALL_TYPE}" = "ci" ]; then
chfn -f 'Compiler Explorer Admin' ubuntu
else
chfn -f 'Compiler Explorer Build Agent' ubuntu
fi
chmod 640 /etc/ssmtp/*
mount -a
cd /home/ubuntu/
mkdir -p /home/ubuntu/.ssh
mkdir -p /tmp/auth_keys
aws s3 sync s3://compiler-explorer/authorized_keys /tmp/auth_keys
cat /tmp/auth_keys/* >>/home/ubuntu/.ssh/authorized_keys
rm -rf /tmp/auth_keys
chown -R ubuntu /home/ubuntu/.ssh