landscape-scripts/provisioning/cloud-init.yaml at main · canonical/landscape-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
## template: jinja
#cloud-config

## DO NOT USE THIS FILE TO DEPLOY LANDSCAPE LXD CONTAINERS
## USE THE cloud-init-quickstart.yaml or cloud-init-quickstart-fips.yaml files instead

# SET OUR VARIABLES
# =================

# Choose which channel of self-hosted Landscape you wish to deploy: stable|beta|edge
{% set CHANNEL = 'stable' %}

# Ubuntu Pro token (leave blank for Ubuntu Pro instances on Azure, AWS, or Google Cloud)
{% set TOKEN = '' %}

# Assuming you use SSL from LetsEncrypt, follow these steps on your Ubuntu workstation
# replace landscape.example.com with the domain name you will use for Landscape

# sudo snap install certbot --classic
# sudo certbot -d landscape.example.com --manual --preferred-challenges dns certonly

# The value for SSL_CERT below is the output of:
# sudo base64 -w 0 /etc/letsencrypt/live/landscape.example.com/fullchain.pem
{% set SSL_CERT = 'SELFSIGNED' %}

# The value for SSL_KEY below is the output of:
# sudo base64 -w 0 /etc/letsencrypt/live/landscape.example.com/privkey.pem
{% set SSL_KEY = 'SELFSIGNED' %}

# SMTP credentials (Sendgrid customers should use the "apikey" as the username, and the actual API key as the password)
{% set SMTP_HOST = '' %}
{% set SMTP_PORT = '' %}
{% set SMTP_USERNAME = '' %}
{% set SMTP_PASSWORD = '' %}
# SMTP_USE_TLS is `yes` if TLS is needed
# Google (SMTP_HOST=smtp.google.com SMTP_PORT=587) and Sendgrid (SMTP_HOST=smtp.sendgrid.net SMTP_PORT=465) customers should use TLS
{% set SMTP_USE_TLS = 'yes' %}

# =========================
# END OF SETTING VARIABLES

packages:
  - snapd
  - ubuntu-advantage-tools
{% if SMTP_USE_TLS|lower == 'yes' %}
  - curl
{% endif %}
package_update: true
package_upgrade: true
package_reboot_if_required: true

snap:
 commands:
   - ['install', 'lxd', '--channel', 'latest/stable']
   - ['refresh', 'lxd', '--channel', 'latest/stable']
   - ['install', 'juju', '--channel', 'latest/stable']

runcmd:
 - su ubuntu -c 'mkdir -p /home/ubuntu/.local/share'
 - su ubuntu -c 'juju bootstrap localhost landscape-controller'
 - su ubuntu -c 'juju add-model landscape-model'
 - su ubuntu -c "juju set-model-constraints arch=$(dpkg --print-architecture)"
 - su ubuntu -c "juju deploy landscape-scalable --channel {{ CHANNEL }}"
{% if SSL_KEY != "SELFSIGNED" %}
 - su ubuntu -c "juju config haproxy ssl_cert='{{ SSL_CERT }}' ssl_key='{{ SSL_KEY }}'"
{% endif %}
{% if SMTP_HOST %}
 - |
   su ubuntu -c "juju deploy postfix-relay \
    --config smtp_auth_password='{{ SMTP_PASSWORD }}' \
    --config smtp_auth_username='{{ SMTP_USERNAME }}' \
{% if SMTP_USE_TLS|lower == 'yes' %}
    --config ssl_ca=$(curl -s https://www.thawte.com/roots/thawte_Primary_Root_CA.pem | base64 | tr -d '\n') \
{% endif %}
    --config relayhost='[{{ SMTP_HOST }}]:{{ SMTP_PORT }}'"
 - su ubuntu -c "juju add-relation postfix-relay landscape-server"
{% endif %}
 - /bin/bash /tmp/juju_containers_active_check.sh
 - /bin/bash /tmp/lxc_config.sh
 - echo "Cloud-init completed successfully"

write_files:
  - path: /tmp/lxc_config.sh
    owner: 'ubuntu:ubuntu'
    permissions: '0755'
    defer: true
    content: |
      #!/bin/bash
      echo "$(date +'%Y-%m-%d %H:%M:%S'): lxc_config.sh started - configuring port forwarding"
      read -r HAPROXY_INSTANCE_NUMBER < <(su - ubuntu -c "juju status --format=json | awk -F'haproxy/' '{print substr(\$2,1,1)}'")
      read -r HAPROXY_INSTANCE_ID < <(su - ubuntu -c 'juju status haproxy --format=json | sed -n "s/.*\"instance-id\":\"\\([^\"]*\\).*/\\1/p"')
      read -r HAPROXY_UNIT_IP < <(su ubuntu -c "juju exec --unit haproxy/$HAPROXY_INSTANCE_NUMBER 'network-get public --ingress-address=true'")
      for PORT in 443 80; do
        lxc config device add $HAPROXY_INSTANCE_ID tcp${PORT}proxyv4 proxy listen=tcp:0.0.0.0:${PORT} connect=tcp:${HAPROXY_UNIT_IP}:${PORT}
      done
      echo "$(date +'%Y-%m-%d %H:%M:%S'): lxc_config.sh started - completed"
  - path: /tmp/juju_containers_active_check.sh
    owner: 'ubuntu:ubuntu'
    permissions: '0755'
    defer: true
    content: |
      #!/bin/bash
      while true; do
        juju_status=$(su ubuntu -c "juju status --format json")
        countA=$(echo "$juju_status" | grep -o '\"application-status\":' | wc -l)
        countB=$(echo "$juju_status" | grep -o '\"application-status\":{\"current\":\"active\"' | wc -l)
        countError=$(echo "$juju_status" | grep -o '\"application-status\":{\"current\":\"error\"' | wc -l)
        if [ "$countError" -ge 1 ]; then
          echo "Errors present in `juju status` output"
          exit 1
        fi
        if [ $countA -eq $countB ]; then
          echo "$(date +'%Y-%m-%d %H:%M:%S'): All Juju containers are in an active state"
          break
        else
          echo "$(date +'%Y-%m-%d %H:%M:%S'): Waiting for all containers to be in an active state"
          sleep 10
          su ubuntu -c "juju status"
        fi
      done

{% if TOKEN %}
ubuntu_pro:
  enable: [livepatch, esm-apps, esm-infra]
  token: {{ TOKEN }}
{% endif %}