From aee7c1f53f70138c669dea808a10ab89166c91f0 Mon Sep 17 00:00:00 2001 From: Erin Moon Date: Tue, 30 Apr 2019 22:07:59 -0500 Subject: [PATCH] split into two stages and fix provisioner --- .gitignore | 4 ++- Makefile | 18 +++++++++++++ base.json | 66 ++++++++++++++++++++++++++++++++++++++++++++++ build.json | 65 ---------------------------------------------- http/answers | 2 +- provision.json | 42 ++++++++++++++++++++++++++++++ setup.yml | 69 +++++++++++++++++++++++++++++++++++++++++++++++++ templates/init.d/unifi | 16 ++++++++++++ templates/unifi/log/run | 5 ++++ templates/unifi/run | 19 ++++++++++++++ 10 files changed, 239 insertions(+), 67 deletions(-) create mode 100644 Makefile create mode 100644 base.json delete mode 100644 build.json create mode 100644 provision.json create mode 100644 setup.yml create mode 100644 templates/init.d/unifi create mode 100644 templates/unifi/log/run create mode 100644 templates/unifi/run diff --git a/.gitignore b/.gitignore index 98cc5dc..a9b266b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ -packer_cache/ \ No newline at end of file +packer_cache/ +output/ +*.retry \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..2ac67bf --- /dev/null +++ b/Makefile @@ -0,0 +1,18 @@ +ROOT_PASSWORD=uuunifi +OUTPUT_IMAGE=$(shell find output/base -type f -name '*.ova' | head -1) + +all: output/unifi/ + +output/base/: + packer build -var root_password=$(ROOT_PASSWORD) base.json + +output/unifi/: output/base/ + packer build -var root_password=$(ROOT_PASSWORD) \ + -var source_image=$(OUTPUT_IMAGE) provision.json + +clean: clean_base clean_provisioned +clean_base: + rm -r output/base +clean_provisioned: + rm -r output/unifi +.PHONY: all clean \ No newline at end of file diff --git a/base.json b/base.json new file mode 100644 index 0000000..69900fd --- /dev/null +++ b/base.json @@ -0,0 +1,66 @@ +{ + "variables": { + "iso_url": "http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/alpine-standard-3.9.3-x86_64.iso", + "iso_checksum": "6e28c5c902ccb6db24596dfb6a1c255c7989d0b9be4e92e87a8eff523201a459", + "iso_checksum_type": "sha256", + + "boot_wait": "10s", + + "root_password": null, + "ssh_timeout": "60m", + + "machine_hostname": "unifi", + + "http_directory": "http/", + "output_directory": "output/base/" + }, + "builders": [ + { + "type": "virtualbox-iso", + "guest_os_type": "Linux_64", + "format": "ova", + + "iso_url": "{{user `iso_url`}}", + "iso_checksum": "{{user `iso_checksum`}}", + "iso_checksum_type": "{{user `iso_checksum_type`}}", + + "http_directory": "{{user `http_directory`}}", + "output_directory": "{{user `output_directory`}}", + + "boot_wait": "{{user `boot_wait`}}", + "boot_command": [ + "root", + + "ifconfig eth0 up && ", + "udhcpc -i eth0", + "", + + "wget http://{{ .HTTPIP }}:{{ .HTTPPort }}/answers", + "sed -i ", + "-e \"s/:hostname:/{{user `machine_hostname`}}/g\" ", + "answers", + + "sed -i \"s/rc-service \\$svc start/#&/\" /sbin/setup-sshd", + + "setup-alpine -f answers && ", + "mount /dev/sda3 /mnt && ", + "echo 'PermitRootLogin yes' >> /mnt/etc/ssh/sshd_config && ", + "rc-update add acpid && ", + "umount /mnt && ", + "reboot", + "", + "", + + "{{user `root_password`}}", + "{{user `root_password`}}", + + "y" + ], + + "communicator": "ssh", + "ssh_username": "root", + "ssh_password": "{{user `root_password`}}", + "ssh_timeout": "{{user `ssh_timeout`}}" + } + ] +} \ No newline at end of file diff --git a/build.json b/build.json deleted file mode 100644 index 1dbe763..0000000 --- a/build.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "variables": { - "iso_url": "http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/alpine-standard-3.9.3-x86_64.iso", - "iso_checksum": "6e28c5c902ccb6db24596dfb6a1c255c7989d0b9be4e92e87a8eff523201a459", - "iso_checksum_type": "sha256", - - "boot_wait": "10s", - "boot_key_interval": "10ms", - - "root_password": "uuunifi", - "ssh_timeout": "60m", - - "machine_hostname": "unifi", - - "http_directory": "http/" - }, - "builders": [ - { - "type": "qemu", - "accelerator": "kvm", - "disk_interface": "virtio", - - "iso_url": "{{user `iso_url`}}", - "iso_checksum": "{{user `iso_checksum`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - - "http_directory": "{{user `http_directory`}}", - - "boot_wait": "{{user `boot_wait`}}", - "boot_key_interval": "{{user `boot_key_interval`}}", - "boot_command": [ - "root", - - "ifconfig eth0 up && ", - "udhcpc -i eth0", - "", - - "wget http://{{ .HTTPIP }}:{{ .HTTPPort }}/answers", - "sed -i ", - "-e \"s/:hostname:/{{user `machine_hostname`}}/g\" ", - "answers", - - "sed -i \"s/rc-service \\$svc start/#&/\" /sbin/setup-sshd", - - "setup-alpine -f answers && ", - "mount /dev/vda3 /mnt && ", - "echo 'PermitRootLogin yes' >> /mnt/etc/ssh/sshd_config && ", - "umount /mnt && ", - "reboot", - "", - "", - - "{{user `root_password`}}", - "{{user `root_password`}}", - - "y" - ], - - "communicator": "ssh", - "ssh_username": "root", - "ssh_password": "{{user `root_password`}}", - "ssh_timeout": "{{user `ssh_timeout`}}" - } - ] -} \ No newline at end of file diff --git a/http/answers b/http/answers index 7b9f9af..455136f 100644 --- a/http/answers +++ b/http/answers @@ -16,4 +16,4 @@ APKREPOSOPTS="-1" SSHDOPTS="-c openssh" NTPOPTS="-c chrony" -DISKOPTS="-m sys /dev/vda" \ No newline at end of file +DISKOPTS="-m sys /dev/sda" \ No newline at end of file diff --git a/provision.json b/provision.json new file mode 100644 index 0000000..9bb39a1 --- /dev/null +++ b/provision.json @@ -0,0 +1,42 @@ +{ + "variables": { + "source_image": null, + "root_password": null, + + "boot_wait": "10s", + "output_directory": "output/unifi/" + }, + "builders": [ + { + "type": "virtualbox-ovf", + "format": "ova", + + "source_path": "{{user `source_image`}}", + "checksum_type": "none", + + "output_directory": "{{user `output_directory`}}", + + "boot_wait": "{{user `boot_wait`}}", + "shutdown_command": "echo '{{user `root_password`}}' | sudo -S poweroff", + + "communicator": "ssh", + "ssh_username": "root", + "ssh_password": "{{user `root_password`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "apk update", + "apk add python sudo" + ] + }, + { + "type": "ansible", + "extra_arguments": [], + "user": "root", + "playbook_file": "./setup.yml" + } + ] +} \ No newline at end of file diff --git a/setup.yml b/setup.yml new file mode 100644 index 0000000..64c300e --- /dev/null +++ b/setup.yml @@ -0,0 +1,69 @@ +- hosts: default + debugger: on_failed + vars: + unifi_software_url: https://dl.ubnt.com/unifi/5.10.21/UniFi.unix.zip + tasks: + - replace: + path: /etc/apk/repositories + regexp: '^#(.*v\d+.\d+/community.*)$' + replace: '\1' + - apk: + name: openjdk8-jre + state: present + update_cache: yes + - apk: + name: '{{item}}' + state: present + loop: + - shadow + - mongodb + - s6 + - unzip + - user: + name: unifi + home: /srv/unifi + - get_url: + url: '{{unifi_software_url}}' + dest: /tmp/UniFi.unix.zip + - command: unzip /tmp/UniFi.unix.zip + args: + chdir: /tmp + warn: false + - shell: mv /tmp/UniFi/* /srv/unifi + - command: rm /srv/unifi/bin/mongod + - file: + path: /srv/unifi + owner: unifi + mode: o-rwx + recurse: yes + - file: + dest: /srv/unifi/bin/mongod + src: /usr/bin/mongod + state: link + - file: + path: /etc/unifi/log + state: directory + - template: + src: templates/unifi/run + dest: /etc/unifi/run + mode: 755 + - template: + src: templates/unifi/log/run + dest: /etc/unifi/log/run + mode: 755 + - user: + name: log + home: /var/log + - file: + path: /var/log/unifi + state: directory + owner: log + mode: 750 + - template: + src: templates/init.d/unifi + dest: /etc/init.d/unifi + mode: 755 + - service: + name: unifi + state: started + enabled: yes \ No newline at end of file diff --git a/templates/init.d/unifi b/templates/init.d/unifi new file mode 100644 index 0000000..666704a --- /dev/null +++ b/templates/init.d/unifi @@ -0,0 +1,16 @@ +#!/sbin/openrc-run + +name="unifi" +supervisor=s6 +s6_service_path="${RC_SVCDIR}/s6-scan/${name}" + +depend() { + need net s6-svscan + after firewall +} + +start_pre() { + if [ ! -L "${RC_SVCDIR}/s6-scan/${name}" ]; then + ln -s "/etc/${name}" "${RC_SVCDIR}/s6-scan/${name}" + fi +} \ No newline at end of file diff --git a/templates/unifi/log/run b/templates/unifi/log/run new file mode 100644 index 0000000..1eeee10 --- /dev/null +++ b/templates/unifi/log/run @@ -0,0 +1,5 @@ +#!/bin/ash + +log_user='log' + +exec s6-setuidgid $log_user s6-log -b n20 s1000000 t /var/log/unifi \ No newline at end of file diff --git a/templates/unifi/run b/templates/unifi/run new file mode 100644 index 0000000..e03f4e3 --- /dev/null +++ b/templates/unifi/run @@ -0,0 +1,19 @@ +#!/bin/ash + +user='unifi' +group='unifi' + +exec 2>&1 + +base='/srv/unifi' + +if [ -d $base ]; then + cd $base + chown -R $user:$group . + version=`head -1 webapps/ROOT/app-unifi/.version` + echo "Starting UniFi Controller $version" + exec s6-setuidgid $user java -jar lib/ace.jar start +else + echo "Missing $base ... aborting" + touch down +fi