From aedce51487aadb14db2839038525cb5304d18cb2 Mon Sep 17 00:00:00 2001 From: Erin Moon Date: Wed, 24 Apr 2019 20:39:27 -0500 Subject: [PATCH 1/3] alpine --- build.json | 63 ++++++++++++++++++++++++++++---------------------------- http/answers | 19 +++++++++++++++++ http/preseed.cfg | 62 ------------------------------------------------------- 3 files changed, 51 insertions(+), 93 deletions(-) create mode 100644 http/answers delete mode 100644 http/preseed.cfg diff --git a/build.json b/build.json index 9689eb1..1dbe763 100644 --- a/build.json +++ b/build.json @@ -1,33 +1,24 @@ { "variables": { - "memory": "4G", - "cpus": "2", + "iso_url": "http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/alpine-standard-3.9.3-x86_64.iso", + "iso_checksum": "6e28c5c902ccb6db24596dfb6a1c255c7989d0b9be4e92e87a8eff523201a459", + "iso_checksum_type": "sha256", - "iso_url": "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.8.0-amd64-netinst.iso", - "iso_checksum": "cc4a6bd50925c1c4af98049060e304494bc9da61eb5eb272c556d67608de14d4e6a4b8bc1c9412a0f810083912e228569f3771ffffa7174538f3e26f45a05245", - "iso_checksum_type": "sha512", - - "boot_wait": "3s", + "boot_wait": "10s", "boot_key_interval": "10ms", - "ssh_username": "unifi", - "ssh_password": "uuunifi", + "root_password": "uuunifi", "ssh_timeout": "60m", - "machine_hostname": "unifi-controller", - "machine_domain": "lab.uncomfortably.online", + "machine_hostname": "unifi", - "http_directory": "http/", - "preseed_file": "preseed.cfg" + "http_directory": "http/" }, "builders": [ { "type": "qemu", "accelerator": "kvm", - "qemuargs": [ - [ "-m", "{{ user `memory` }}" ], - [ "-smp", "cpus={{ user `cpus`}}"] - ], + "disk_interface": "virtio", "iso_url": "{{user `iso_url`}}", "iso_checksum": "{{user `iso_checksum`}}", @@ -38,26 +29,36 @@ "boot_wait": "{{user `boot_wait`}}", "boot_key_interval": "{{user `boot_key_interval`}}", "boot_command": [ - "", - "install ", - "auto=true ", - "url=http://{{.HTTPIP}}:{{.HTTPPort}}/{{user `preseed_file`}} ", + "root", + + "ifconfig eth0 up && ", + "udhcpc -i eth0", + "", + + "wget http://{{ .HTTPIP }}:{{ .HTTPPort }}/answers", + "sed -i ", + "-e \"s/:hostname:/{{user `machine_hostname`}}/g\" ", + "answers", + + "sed -i \"s/rc-service \\$svc start/#&/\" /sbin/setup-sshd", - "hostname={{user `machine_hostname`}} ", - "domain={{user `machine_domain`}} ", - "interface=auto ", + "setup-alpine -f answers && ", + "mount /dev/vda3 /mnt && ", + "echo 'PermitRootLogin yes' >> /mnt/etc/ssh/sshd_config && ", + "umount /mnt && ", + "reboot", + "", + "", - "passwd/user-fullname={{user `ssh_username`}} ", - "passwd/username={{user `ssh_username`}} ", - "passwd/user-password={{user `ssh_password`}} ", - "passwd/user-password-again={{user `ssh_password`}} ", + "{{user `root_password`}}", + "{{user `root_password`}}", - "" + "y" ], "communicator": "ssh", - "ssh_username": "{{user `ssh_username`}}", - "ssh_password": "{{user `ssh_password`}}", + "ssh_username": "root", + "ssh_password": "{{user `root_password`}}", "ssh_timeout": "{{user `ssh_timeout`}}" } ] diff --git a/http/answers b/http/answers new file mode 100644 index 0000000..7b9f9af --- /dev/null +++ b/http/answers @@ -0,0 +1,19 @@ +KEYMAPOPTS="us us" + +HOSTNAMEOPTS="-n :hostname:" +INTERFACESOPTS="auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet dhcp + hostname :hostname:" + +DNSOPTS="-d 8.8.8.8" +TIMEZONEOPTS="-z UTC" +PROXYOPTS="none" + +APKREPOSOPTS="-1" +SSHDOPTS="-c openssh" +NTPOPTS="-c chrony" + +DISKOPTS="-m sys /dev/vda" \ No newline at end of file diff --git a/http/preseed.cfg b/http/preseed.cfg deleted file mode 100644 index 7a1e306..0000000 --- a/http/preseed.cfg +++ /dev/null @@ -1,62 +0,0 @@ -### Localization -# Preseeding only locale sets language, country and locale. -d-i debian-installer/locale string en_US - -# Keyboard selection. -d-i keyboard-configuration/xkb-keymap select us - -### Network configuration -# netcfg will choose an interface that has link if possible. This makes it -# skip displaying a list if there is more than one interface. -d-i netcfg/choose_interface select auto - -# Disable that annoying WEP key dialog. -d-i netcfg/wireless_wep string - -### Mirror settings -d-i mirror/country string manual -d-i mirror/http/hostname string http.us.debian.org -d-i mirror/http/directory string /debian -d-i mirror/http/proxy string - -### Account setup -# Skip creation of a root account (normal user account will be able to -# use sudo). -d-i passwd/root-login boolean false - -## Package setup -d-i hw-detect/load_firmware boolean false -d-i hw-detect/load_media boolean false -apt-cdrom-setup apt-setup/cdrom/set-first boolean false -tasksel tasksel/first multiselect print-server, ssh-server, standard -d-i pkgsel/include string sudo, unattended-upgrades -popularity-contest popularity-contest/participate boolean false - -### Clock and time zone setup -d-i clock-setup/utc boolean true -d-i time/zone string UTC -d-i clock-setup/ntp boolean true - -### Partitioning -d-i partman-auto/method string lvm -d-i partman-lvm/device_remove_lvm boolean true -d-i partman-md/device_remove_md boolean true -d-i partman-lvm/confirm boolean true -d-i partman-lvm/confirm_nooverwrite boolean true -d-i partman-auto/choose_recipe select atomic -d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - -# This makes partman automatically partition without confirmation. -d-i partman-md/confirm boolean true -d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - -### Boot loader installation -d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean true -d-i finish-install/reboot_in_progress note From aee7c1f53f70138c669dea808a10ab89166c91f0 Mon Sep 17 00:00:00 2001 From: Erin Moon Date: Tue, 30 Apr 2019 22:07:59 -0500 Subject: [PATCH 2/3] split into two stages and fix provisioner --- .gitignore | 4 ++- Makefile | 18 +++++++++++++ base.json | 66 ++++++++++++++++++++++++++++++++++++++++++++++ build.json | 65 ---------------------------------------------- http/answers | 2 +- provision.json | 42 ++++++++++++++++++++++++++++++ setup.yml | 69 +++++++++++++++++++++++++++++++++++++++++++++++++ templates/init.d/unifi | 16 ++++++++++++ templates/unifi/log/run | 5 ++++ templates/unifi/run | 19 ++++++++++++++ 10 files changed, 239 insertions(+), 67 deletions(-) create mode 100644 Makefile create mode 100644 base.json delete mode 100644 build.json create mode 100644 provision.json create mode 100644 setup.yml create mode 100644 templates/init.d/unifi create mode 100644 templates/unifi/log/run create mode 100644 templates/unifi/run diff --git a/.gitignore b/.gitignore index 98cc5dc..a9b266b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ -packer_cache/ \ No newline at end of file +packer_cache/ +output/ +*.retry \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..2ac67bf --- /dev/null +++ b/Makefile @@ -0,0 +1,18 @@ +ROOT_PASSWORD=uuunifi +OUTPUT_IMAGE=$(shell find output/base -type f -name '*.ova' | head -1) + +all: output/unifi/ + +output/base/: + packer build -var root_password=$(ROOT_PASSWORD) base.json + +output/unifi/: output/base/ + packer build -var root_password=$(ROOT_PASSWORD) \ + -var source_image=$(OUTPUT_IMAGE) provision.json + +clean: clean_base clean_provisioned +clean_base: + rm -r output/base +clean_provisioned: + rm -r output/unifi +.PHONY: all clean \ No newline at end of file diff --git a/base.json b/base.json new file mode 100644 index 0000000..69900fd --- /dev/null +++ b/base.json @@ -0,0 +1,66 @@ +{ + "variables": { + "iso_url": "http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/alpine-standard-3.9.3-x86_64.iso", + "iso_checksum": "6e28c5c902ccb6db24596dfb6a1c255c7989d0b9be4e92e87a8eff523201a459", + "iso_checksum_type": "sha256", + + "boot_wait": "10s", + + "root_password": null, + "ssh_timeout": "60m", + + "machine_hostname": "unifi", + + "http_directory": "http/", + "output_directory": "output/base/" + }, + "builders": [ + { + "type": "virtualbox-iso", + "guest_os_type": "Linux_64", + "format": "ova", + + "iso_url": "{{user `iso_url`}}", + "iso_checksum": "{{user `iso_checksum`}}", + "iso_checksum_type": "{{user `iso_checksum_type`}}", + + "http_directory": "{{user `http_directory`}}", + "output_directory": "{{user `output_directory`}}", + + "boot_wait": "{{user `boot_wait`}}", + "boot_command": [ + "root", + + "ifconfig eth0 up && ", + "udhcpc -i eth0", + "", + + "wget http://{{ .HTTPIP }}:{{ .HTTPPort }}/answers", + "sed -i ", + "-e \"s/:hostname:/{{user `machine_hostname`}}/g\" ", + "answers", + + "sed -i \"s/rc-service \\$svc start/#&/\" /sbin/setup-sshd", + + "setup-alpine -f answers && ", + "mount /dev/sda3 /mnt && ", + "echo 'PermitRootLogin yes' >> /mnt/etc/ssh/sshd_config && ", + "rc-update add acpid && ", + "umount /mnt && ", + "reboot", + "", + "", + + "{{user `root_password`}}", + "{{user `root_password`}}", + + "y" + ], + + "communicator": "ssh", + "ssh_username": "root", + "ssh_password": "{{user `root_password`}}", + "ssh_timeout": "{{user `ssh_timeout`}}" + } + ] +} \ No newline at end of file diff --git a/build.json b/build.json deleted file mode 100644 index 1dbe763..0000000 --- a/build.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "variables": { - "iso_url": "http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/alpine-standard-3.9.3-x86_64.iso", - "iso_checksum": "6e28c5c902ccb6db24596dfb6a1c255c7989d0b9be4e92e87a8eff523201a459", - "iso_checksum_type": "sha256", - - "boot_wait": "10s", - "boot_key_interval": "10ms", - - "root_password": "uuunifi", - "ssh_timeout": "60m", - - "machine_hostname": "unifi", - - "http_directory": "http/" - }, - "builders": [ - { - "type": "qemu", - "accelerator": "kvm", - "disk_interface": "virtio", - - "iso_url": "{{user `iso_url`}}", - "iso_checksum": "{{user `iso_checksum`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - - "http_directory": "{{user `http_directory`}}", - - "boot_wait": "{{user `boot_wait`}}", - "boot_key_interval": "{{user `boot_key_interval`}}", - "boot_command": [ - "root", - - "ifconfig eth0 up && ", - "udhcpc -i eth0", - "", - - "wget http://{{ .HTTPIP }}:{{ .HTTPPort }}/answers", - "sed -i ", - "-e \"s/:hostname:/{{user `machine_hostname`}}/g\" ", - "answers", - - "sed -i \"s/rc-service \\$svc start/#&/\" /sbin/setup-sshd", - - "setup-alpine -f answers && ", - "mount /dev/vda3 /mnt && ", - "echo 'PermitRootLogin yes' >> /mnt/etc/ssh/sshd_config && ", - "umount /mnt && ", - "reboot", - "", - "", - - "{{user `root_password`}}", - "{{user `root_password`}}", - - "y" - ], - - "communicator": "ssh", - "ssh_username": "root", - "ssh_password": "{{user `root_password`}}", - "ssh_timeout": "{{user `ssh_timeout`}}" - } - ] -} \ No newline at end of file diff --git a/http/answers b/http/answers index 7b9f9af..455136f 100644 --- a/http/answers +++ b/http/answers @@ -16,4 +16,4 @@ APKREPOSOPTS="-1" SSHDOPTS="-c openssh" NTPOPTS="-c chrony" -DISKOPTS="-m sys /dev/vda" \ No newline at end of file +DISKOPTS="-m sys /dev/sda" \ No newline at end of file diff --git a/provision.json b/provision.json new file mode 100644 index 0000000..9bb39a1 --- /dev/null +++ b/provision.json @@ -0,0 +1,42 @@ +{ + "variables": { + "source_image": null, + "root_password": null, + + "boot_wait": "10s", + "output_directory": "output/unifi/" + }, + "builders": [ + { + "type": "virtualbox-ovf", + "format": "ova", + + "source_path": "{{user `source_image`}}", + "checksum_type": "none", + + "output_directory": "{{user `output_directory`}}", + + "boot_wait": "{{user `boot_wait`}}", + "shutdown_command": "echo '{{user `root_password`}}' | sudo -S poweroff", + + "communicator": "ssh", + "ssh_username": "root", + "ssh_password": "{{user `root_password`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "apk update", + "apk add python sudo" + ] + }, + { + "type": "ansible", + "extra_arguments": [], + "user": "root", + "playbook_file": "./setup.yml" + } + ] +} \ No newline at end of file diff --git a/setup.yml b/setup.yml new file mode 100644 index 0000000..64c300e --- /dev/null +++ b/setup.yml @@ -0,0 +1,69 @@ +- hosts: default + debugger: on_failed + vars: + unifi_software_url: https://dl.ubnt.com/unifi/5.10.21/UniFi.unix.zip + tasks: + - replace: + path: /etc/apk/repositories + regexp: '^#(.*v\d+.\d+/community.*)$' + replace: '\1' + - apk: + name: openjdk8-jre + state: present + update_cache: yes + - apk: + name: '{{item}}' + state: present + loop: + - shadow + - mongodb + - s6 + - unzip + - user: + name: unifi + home: /srv/unifi + - get_url: + url: '{{unifi_software_url}}' + dest: /tmp/UniFi.unix.zip + - command: unzip /tmp/UniFi.unix.zip + args: + chdir: /tmp + warn: false + - shell: mv /tmp/UniFi/* /srv/unifi + - command: rm /srv/unifi/bin/mongod + - file: + path: /srv/unifi + owner: unifi + mode: o-rwx + recurse: yes + - file: + dest: /srv/unifi/bin/mongod + src: /usr/bin/mongod + state: link + - file: + path: /etc/unifi/log + state: directory + - template: + src: templates/unifi/run + dest: /etc/unifi/run + mode: 755 + - template: + src: templates/unifi/log/run + dest: /etc/unifi/log/run + mode: 755 + - user: + name: log + home: /var/log + - file: + path: /var/log/unifi + state: directory + owner: log + mode: 750 + - template: + src: templates/init.d/unifi + dest: /etc/init.d/unifi + mode: 755 + - service: + name: unifi + state: started + enabled: yes \ No newline at end of file diff --git a/templates/init.d/unifi b/templates/init.d/unifi new file mode 100644 index 0000000..666704a --- /dev/null +++ b/templates/init.d/unifi @@ -0,0 +1,16 @@ +#!/sbin/openrc-run + +name="unifi" +supervisor=s6 +s6_service_path="${RC_SVCDIR}/s6-scan/${name}" + +depend() { + need net s6-svscan + after firewall +} + +start_pre() { + if [ ! -L "${RC_SVCDIR}/s6-scan/${name}" ]; then + ln -s "/etc/${name}" "${RC_SVCDIR}/s6-scan/${name}" + fi +} \ No newline at end of file diff --git a/templates/unifi/log/run b/templates/unifi/log/run new file mode 100644 index 0000000..1eeee10 --- /dev/null +++ b/templates/unifi/log/run @@ -0,0 +1,5 @@ +#!/bin/ash + +log_user='log' + +exec s6-setuidgid $log_user s6-log -b n20 s1000000 t /var/log/unifi \ No newline at end of file diff --git a/templates/unifi/run b/templates/unifi/run new file mode 100644 index 0000000..e03f4e3 --- /dev/null +++ b/templates/unifi/run @@ -0,0 +1,19 @@ +#!/bin/ash + +user='unifi' +group='unifi' + +exec 2>&1 + +base='/srv/unifi' + +if [ -d $base ]; then + cd $base + chown -R $user:$group . + version=`head -1 webapps/ROOT/app-unifi/.version` + echo "Starting UniFi Controller $version" + exec s6-setuidgid $user java -jar lib/ace.jar start +else + echo "Missing $base ... aborting" + touch down +fi From 205fe9ccdb12df5e98e9e09610845ea3cab3fda5 Mon Sep 17 00:00:00 2001 From: Erin Moon Date: Wed, 1 May 2019 00:18:05 -0500 Subject: [PATCH 3/3] split packer, ansible into separate directories --- Makefile | 4 +-- base.json | 66 ---------------------------------- packer/base.json | 66 ++++++++++++++++++++++++++++++++++ packer/provision.json | 42 ++++++++++++++++++++++ provision.json | 42 ---------------------- provisioning/setup.yml | 69 ++++++++++++++++++++++++++++++++++++ provisioning/templates/init.d/unifi | 16 +++++++++ provisioning/templates/unifi/log/run | 5 +++ provisioning/templates/unifi/run | 19 ++++++++++ setup.yml | 69 ------------------------------------ templates/init.d/unifi | 16 --------- templates/unifi/log/run | 5 --- templates/unifi/run | 19 ---------- 13 files changed, 219 insertions(+), 219 deletions(-) delete mode 100644 base.json create mode 100644 packer/base.json create mode 100644 packer/provision.json delete mode 100644 provision.json create mode 100644 provisioning/setup.yml create mode 100644 provisioning/templates/init.d/unifi create mode 100644 provisioning/templates/unifi/log/run create mode 100644 provisioning/templates/unifi/run delete mode 100644 setup.yml delete mode 100644 templates/init.d/unifi delete mode 100644 templates/unifi/log/run delete mode 100644 templates/unifi/run diff --git a/Makefile b/Makefile index 2ac67bf..ef79abd 100644 --- a/Makefile +++ b/Makefile @@ -4,11 +4,11 @@ OUTPUT_IMAGE=$(shell find output/base -type f -name '*.ova' | head -1) all: output/unifi/ output/base/: - packer build -var root_password=$(ROOT_PASSWORD) base.json + packer build -var root_password=$(ROOT_PASSWORD) packer/base.json output/unifi/: output/base/ packer build -var root_password=$(ROOT_PASSWORD) \ - -var source_image=$(OUTPUT_IMAGE) provision.json + -var source_image=$(OUTPUT_IMAGE) packer/provision.json clean: clean_base clean_provisioned clean_base: diff --git a/base.json b/base.json deleted file mode 100644 index 69900fd..0000000 --- a/base.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "variables": { - "iso_url": "http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/alpine-standard-3.9.3-x86_64.iso", - "iso_checksum": "6e28c5c902ccb6db24596dfb6a1c255c7989d0b9be4e92e87a8eff523201a459", - "iso_checksum_type": "sha256", - - "boot_wait": "10s", - - "root_password": null, - "ssh_timeout": "60m", - - "machine_hostname": "unifi", - - "http_directory": "http/", - "output_directory": "output/base/" - }, - "builders": [ - { - "type": "virtualbox-iso", - "guest_os_type": "Linux_64", - "format": "ova", - - "iso_url": "{{user `iso_url`}}", - "iso_checksum": "{{user `iso_checksum`}}", - "iso_checksum_type": "{{user `iso_checksum_type`}}", - - "http_directory": "{{user `http_directory`}}", - "output_directory": "{{user `output_directory`}}", - - "boot_wait": "{{user `boot_wait`}}", - "boot_command": [ - "root", - - "ifconfig eth0 up && ", - "udhcpc -i eth0", - "", - - "wget http://{{ .HTTPIP }}:{{ .HTTPPort }}/answers", - "sed -i ", - "-e \"s/:hostname:/{{user `machine_hostname`}}/g\" ", - "answers", - - "sed -i \"s/rc-service \\$svc start/#&/\" /sbin/setup-sshd", - - "setup-alpine -f answers && ", - "mount /dev/sda3 /mnt && ", - "echo 'PermitRootLogin yes' >> /mnt/etc/ssh/sshd_config && ", - "rc-update add acpid && ", - "umount /mnt && ", - "reboot", - "", - "", - - "{{user `root_password`}}", - "{{user `root_password`}}", - - "y" - ], - - "communicator": "ssh", - "ssh_username": "root", - "ssh_password": "{{user `root_password`}}", - "ssh_timeout": "{{user `ssh_timeout`}}" - } - ] -} \ No newline at end of file diff --git a/packer/base.json b/packer/base.json new file mode 100644 index 0000000..69900fd --- /dev/null +++ b/packer/base.json @@ -0,0 +1,66 @@ +{ + "variables": { + "iso_url": "http://dl-cdn.alpinelinux.org/alpine/v3.9/releases/x86_64/alpine-standard-3.9.3-x86_64.iso", + "iso_checksum": "6e28c5c902ccb6db24596dfb6a1c255c7989d0b9be4e92e87a8eff523201a459", + "iso_checksum_type": "sha256", + + "boot_wait": "10s", + + "root_password": null, + "ssh_timeout": "60m", + + "machine_hostname": "unifi", + + "http_directory": "http/", + "output_directory": "output/base/" + }, + "builders": [ + { + "type": "virtualbox-iso", + "guest_os_type": "Linux_64", + "format": "ova", + + "iso_url": "{{user `iso_url`}}", + "iso_checksum": "{{user `iso_checksum`}}", + "iso_checksum_type": "{{user `iso_checksum_type`}}", + + "http_directory": "{{user `http_directory`}}", + "output_directory": "{{user `output_directory`}}", + + "boot_wait": "{{user `boot_wait`}}", + "boot_command": [ + "root", + + "ifconfig eth0 up && ", + "udhcpc -i eth0", + "", + + "wget http://{{ .HTTPIP }}:{{ .HTTPPort }}/answers", + "sed -i ", + "-e \"s/:hostname:/{{user `machine_hostname`}}/g\" ", + "answers", + + "sed -i \"s/rc-service \\$svc start/#&/\" /sbin/setup-sshd", + + "setup-alpine -f answers && ", + "mount /dev/sda3 /mnt && ", + "echo 'PermitRootLogin yes' >> /mnt/etc/ssh/sshd_config && ", + "rc-update add acpid && ", + "umount /mnt && ", + "reboot", + "", + "", + + "{{user `root_password`}}", + "{{user `root_password`}}", + + "y" + ], + + "communicator": "ssh", + "ssh_username": "root", + "ssh_password": "{{user `root_password`}}", + "ssh_timeout": "{{user `ssh_timeout`}}" + } + ] +} \ No newline at end of file diff --git a/packer/provision.json b/packer/provision.json new file mode 100644 index 0000000..1cebeeb --- /dev/null +++ b/packer/provision.json @@ -0,0 +1,42 @@ +{ + "variables": { + "source_image": null, + "root_password": null, + + "boot_wait": "10s", + "output_directory": "output/unifi/" + }, + "builders": [ + { + "type": "virtualbox-ovf", + "format": "ova", + + "source_path": "{{user `source_image`}}", + "checksum_type": "none", + + "output_directory": "{{user `output_directory`}}", + + "boot_wait": "{{user `boot_wait`}}", + "shutdown_command": "echo '{{user `root_password`}}' | sudo -S poweroff", + + "communicator": "ssh", + "ssh_username": "root", + "ssh_password": "{{user `root_password`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "apk update", + "apk add python sudo" + ] + }, + { + "type": "ansible", + "extra_arguments": [], + "user": "root", + "playbook_file": "./provisioning/setup.yml" + } + ] +} \ No newline at end of file diff --git a/provision.json b/provision.json deleted file mode 100644 index 9bb39a1..0000000 --- a/provision.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "variables": { - "source_image": null, - "root_password": null, - - "boot_wait": "10s", - "output_directory": "output/unifi/" - }, - "builders": [ - { - "type": "virtualbox-ovf", - "format": "ova", - - "source_path": "{{user `source_image`}}", - "checksum_type": "none", - - "output_directory": "{{user `output_directory`}}", - - "boot_wait": "{{user `boot_wait`}}", - "shutdown_command": "echo '{{user `root_password`}}' | sudo -S poweroff", - - "communicator": "ssh", - "ssh_username": "root", - "ssh_password": "{{user `root_password`}}" - } - ], - "provisioners": [ - { - "type": "shell", - "inline": [ - "apk update", - "apk add python sudo" - ] - }, - { - "type": "ansible", - "extra_arguments": [], - "user": "root", - "playbook_file": "./setup.yml" - } - ] -} \ No newline at end of file diff --git a/provisioning/setup.yml b/provisioning/setup.yml new file mode 100644 index 0000000..64c300e --- /dev/null +++ b/provisioning/setup.yml @@ -0,0 +1,69 @@ +- hosts: default + debugger: on_failed + vars: + unifi_software_url: https://dl.ubnt.com/unifi/5.10.21/UniFi.unix.zip + tasks: + - replace: + path: /etc/apk/repositories + regexp: '^#(.*v\d+.\d+/community.*)$' + replace: '\1' + - apk: + name: openjdk8-jre + state: present + update_cache: yes + - apk: + name: '{{item}}' + state: present + loop: + - shadow + - mongodb + - s6 + - unzip + - user: + name: unifi + home: /srv/unifi + - get_url: + url: '{{unifi_software_url}}' + dest: /tmp/UniFi.unix.zip + - command: unzip /tmp/UniFi.unix.zip + args: + chdir: /tmp + warn: false + - shell: mv /tmp/UniFi/* /srv/unifi + - command: rm /srv/unifi/bin/mongod + - file: + path: /srv/unifi + owner: unifi + mode: o-rwx + recurse: yes + - file: + dest: /srv/unifi/bin/mongod + src: /usr/bin/mongod + state: link + - file: + path: /etc/unifi/log + state: directory + - template: + src: templates/unifi/run + dest: /etc/unifi/run + mode: 755 + - template: + src: templates/unifi/log/run + dest: /etc/unifi/log/run + mode: 755 + - user: + name: log + home: /var/log + - file: + path: /var/log/unifi + state: directory + owner: log + mode: 750 + - template: + src: templates/init.d/unifi + dest: /etc/init.d/unifi + mode: 755 + - service: + name: unifi + state: started + enabled: yes \ No newline at end of file diff --git a/provisioning/templates/init.d/unifi b/provisioning/templates/init.d/unifi new file mode 100644 index 0000000..666704a --- /dev/null +++ b/provisioning/templates/init.d/unifi @@ -0,0 +1,16 @@ +#!/sbin/openrc-run + +name="unifi" +supervisor=s6 +s6_service_path="${RC_SVCDIR}/s6-scan/${name}" + +depend() { + need net s6-svscan + after firewall +} + +start_pre() { + if [ ! -L "${RC_SVCDIR}/s6-scan/${name}" ]; then + ln -s "/etc/${name}" "${RC_SVCDIR}/s6-scan/${name}" + fi +} \ No newline at end of file diff --git a/provisioning/templates/unifi/log/run b/provisioning/templates/unifi/log/run new file mode 100644 index 0000000..1eeee10 --- /dev/null +++ b/provisioning/templates/unifi/log/run @@ -0,0 +1,5 @@ +#!/bin/ash + +log_user='log' + +exec s6-setuidgid $log_user s6-log -b n20 s1000000 t /var/log/unifi \ No newline at end of file diff --git a/provisioning/templates/unifi/run b/provisioning/templates/unifi/run new file mode 100644 index 0000000..e03f4e3 --- /dev/null +++ b/provisioning/templates/unifi/run @@ -0,0 +1,19 @@ +#!/bin/ash + +user='unifi' +group='unifi' + +exec 2>&1 + +base='/srv/unifi' + +if [ -d $base ]; then + cd $base + chown -R $user:$group . + version=`head -1 webapps/ROOT/app-unifi/.version` + echo "Starting UniFi Controller $version" + exec s6-setuidgid $user java -jar lib/ace.jar start +else + echo "Missing $base ... aborting" + touch down +fi diff --git a/setup.yml b/setup.yml deleted file mode 100644 index 64c300e..0000000 --- a/setup.yml +++ /dev/null @@ -1,69 +0,0 @@ -- hosts: default - debugger: on_failed - vars: - unifi_software_url: https://dl.ubnt.com/unifi/5.10.21/UniFi.unix.zip - tasks: - - replace: - path: /etc/apk/repositories - regexp: '^#(.*v\d+.\d+/community.*)$' - replace: '\1' - - apk: - name: openjdk8-jre - state: present - update_cache: yes - - apk: - name: '{{item}}' - state: present - loop: - - shadow - - mongodb - - s6 - - unzip - - user: - name: unifi - home: /srv/unifi - - get_url: - url: '{{unifi_software_url}}' - dest: /tmp/UniFi.unix.zip - - command: unzip /tmp/UniFi.unix.zip - args: - chdir: /tmp - warn: false - - shell: mv /tmp/UniFi/* /srv/unifi - - command: rm /srv/unifi/bin/mongod - - file: - path: /srv/unifi - owner: unifi - mode: o-rwx - recurse: yes - - file: - dest: /srv/unifi/bin/mongod - src: /usr/bin/mongod - state: link - - file: - path: /etc/unifi/log - state: directory - - template: - src: templates/unifi/run - dest: /etc/unifi/run - mode: 755 - - template: - src: templates/unifi/log/run - dest: /etc/unifi/log/run - mode: 755 - - user: - name: log - home: /var/log - - file: - path: /var/log/unifi - state: directory - owner: log - mode: 750 - - template: - src: templates/init.d/unifi - dest: /etc/init.d/unifi - mode: 755 - - service: - name: unifi - state: started - enabled: yes \ No newline at end of file diff --git a/templates/init.d/unifi b/templates/init.d/unifi deleted file mode 100644 index 666704a..0000000 --- a/templates/init.d/unifi +++ /dev/null @@ -1,16 +0,0 @@ -#!/sbin/openrc-run - -name="unifi" -supervisor=s6 -s6_service_path="${RC_SVCDIR}/s6-scan/${name}" - -depend() { - need net s6-svscan - after firewall -} - -start_pre() { - if [ ! -L "${RC_SVCDIR}/s6-scan/${name}" ]; then - ln -s "/etc/${name}" "${RC_SVCDIR}/s6-scan/${name}" - fi -} \ No newline at end of file diff --git a/templates/unifi/log/run b/templates/unifi/log/run deleted file mode 100644 index 1eeee10..0000000 --- a/templates/unifi/log/run +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/ash - -log_user='log' - -exec s6-setuidgid $log_user s6-log -b n20 s1000000 t /var/log/unifi \ No newline at end of file diff --git a/templates/unifi/run b/templates/unifi/run deleted file mode 100644 index e03f4e3..0000000 --- a/templates/unifi/run +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/ash - -user='unifi' -group='unifi' - -exec 2>&1 - -base='/srv/unifi' - -if [ -d $base ]; then - cd $base - chown -R $user:$group . - version=`head -1 webapps/ROOT/app-unifi/.version` - echo "Starting UniFi Controller $version" - exec s6-setuidgid $user java -jar lib/ace.jar start -else - echo "Missing $base ... aborting" - touch down -fi