Skip to content

Commit

Permalink
fix: rpm access rights
Browse files Browse the repository at this point in the history
  • Loading branch information
@DmitryTravyan
DmitryTravyan committed Jun 3, 2022
1 parent 0d93189 commit 25aedfb
Show file tree
Hide file tree
Showing 15 changed files with 3,139 additions and 14 deletions.
1 change: 1 addition & 0 deletions .github/workflows/Build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ jobs:
run: |
apt update ; apt install -y curl
mkdir -p genin-${{ env.VERSION }}.amd64/DEBIAN
chmod +x genin-${{ env.VERSION }}.amd64/usr/bin/genin
sed -ie "s/\${VERSION}/${{ env.VERSION }}/g" build/control
cp build/control genin-${{ env.VERSION }}.amd64/DEBIAN/ ; dpkg-deb --build --root-owner-group genin-${{ env.VERSION }}.amd64
curl -v -f -H "Authorization: Basic ${{ secrets.RAW_AUTH_RW }}" --upload-file genin-${{ env.VERSION }}.amd64.deb ${{ env.RAW_REGISTRY }}/genin/deb/genin-${{ env.VERSION }}.amd64.deb
Expand Down
5 changes: 5 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,8 @@ node_modules
!/test/resources/test-*
/test/resources/test-*-copy*:w
/.gitlab-ci.yml
/deploy/.terraform.lock.hcl
/deploy/.terraform/
/deploy/.terraform.tfstate.lock.info
/deploy/terraform.tfstate
/deploy/terraform.tfstate.backup
3 changes: 2 additions & 1 deletion build/el7/genin.x86_64.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@ rm -rf $RPM_BUILD_ROOT
%install
mkdir -p $RPM_BUILD_ROOT/bin ~/bin
mv $GITHUB_WORKSPACE/x86_64-unknown-linux-musl/genin $RPM_BUILD_ROOT/bin/genin
install -m 0755 $RPM_BUILD_ROOT/bin/%{name} /usr/local/bin/%{name}
install $RPM_BUILD_ROOT/bin/%{name} /usr/local/bin/%{name}
chmod +x /usr/local/bin/%{name}

%files
/bin/%{name}
3 changes: 2 additions & 1 deletion build/el8/genin.x86_64.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@ rm -rf $RPM_BUILD_ROOT
%install
mkdir -p $RPM_BUILD_ROOT/bin ~/bin
mv $GITHUB_WORKSPACE/x86_64-unknown-linux-musl/genin $RPM_BUILD_ROOT/bin/genin
install -m 0755 $RPM_BUILD_ROOT/bin/%{name} /usr/local/bin/%{name}
install $RPM_BUILD_ROOT/bin/%{name} /usr/local/bin/%{name}
chmod +x /usr/local/bin/%{name}

%files
/bin/%{name}
45 changes: 45 additions & 0 deletions cluster.genin.copy.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
instances:
- name: router
type: router
count: 1
replicas: 0
weight: 10
roles:
- router
- api
- failover-coordinator
- name: storage
type: storage
count: 2
replicas: 2
weight: 10
roles:
- storage
hosts:
- name: selectel
type: datacenter
ports:
http: 8081
binary: 3031
hosts:
- name: host-1
ip: 192.168.16.11
- name: host-2
ip: 192.168.16.12
failover:
mode: stateful
state_provider: etcd2
ectd2:
prefix: cartridge/myapp
lock_delay: 30
endpoints:
- "http://192.168.16.11:5699"
- "http://192.168.16.12:5699"
username: change_me
password: change_me
vars:
ansible_user: root
ansible_password: change_me
cartridge_app_name: myapp
cartridge_cluster_cookie: myapp-cookie
65 changes: 65 additions & 0 deletions deploy/cloud-init/cloud-init-bastion.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
#cloud-config
---
write_files:
- path: /home/picoadm/.ssh/id_rsa
content: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAQEAmLxSgQhMyvBexJ9FwIzvBGqmqOok4uyxQJ2VspChF/jRM89MMszw
siBEETxUzmRjqyPqiQltKCqP0b97xrzDh3Ywm5vIisWakIQRw97ZWgZjw6UEelHr+8NjW0
ixNyZn7RTt9sRFKcjzpEkEh+SXwjGtm76XR9IJLWbBlBMHKJxbonSyV1J/E+fswYibBUwW
tCKY7FGcADNlN8DjIEhEQGBytUxV39aEILvCqJnwQ+kEr5Qb+HNqd4PFei/pulD2ay40kW
lRfuSRNci5JPuz6jLPE0A6098JaykFhww+bLsiJehyc+pRYFw5r0j31rAZQxyNlpPGBoqM
BB0bRtXCNQAAA+DiQRq94kEavQAAAAdzc2gtcnNhAAABAQCYvFKBCEzK8F7En0XAjO8Eaq
ao6iTi7LFAnZWykKEX+NEzz0wyzPCyIEQRPFTOZGOrI+qJCW0oKo/Rv3vGvMOHdjCbm8iK
xZqQhBHD3tlaBmPDpQR6Uev7w2NbSLE3JmftFO32xEUpyPOkSQSH5JfCMa2bvpdH0gktZs
GUEwconFuidLJXUn8T5+zBiJsFTBa0IpjsUZwAM2U3wOMgSERAYHK1TFXf1oQgu8KomfBD
6QSvlBv4c2p3g8V6L+m6UPZrLjSRaVF+5JE1yLkk+7PqMs8TQDrT3wlrKQWHDD5suyIl6H
Jz6lFgXDmvSPfWsBlDHI2Wk8YGiowEHRtG1cI1AAAAAwEAAQAAAQAcRYe0ELg+PF4eYSkF
KlE37RHqZGTtiEiLIGBMTE81Y749q9p78MmA/036LsO37Icyb5SDRzZoX/B9L8eWkuxSj8
MRmrV1Unx40amEKyTqcBJZbZs1lSJsWM90XzFGdxp3nQ8rRUtUH7lRqJ5pFRwuOwnasV3J
UoyWVdXxNdB2aKmnmTUzo4XANF2NgnLVitJz8WgkKkzDIaJx1cL9Ob9ziDcWJkLR3oc6Hw
h8cdVUZkDeJsz1bUIAqcEfscY6m494+9fNYQwyrF+6O1YlqJvAejZ830tR1YNLnUWpi48d
+i2Jd0SiehdYY+KxT/xe+4ZX9qd7H6g3NisJMoLPS2KBAAAAgQCg2GimOSzwi95jn38NL4
eAK2hRpOVun5qDFb92HszFNZlrwc4ChxnT/zAe9nHNOSbC2ZIGiDHFmpbvSihPz5gcR8JT
dLy3rmQmohmC9Nuq+TEtrAaU5ROUsW4Y9RHcd5gAy6x8CTCs0fDrBeSkBsWxr1q29Npnc3
Udy240g2ys/QAAAIEAyqvWGMKNoU+26V6qkVZbnFH87y72EYzQujlPAPYpWCvwmeXNun35
NoIY3lmmS0vsDiEHuKsB5W6x/QOQaX5VYxTCPebYSjfz5upQWmt/+ivlEQ8nqMxS9CbfZj
YiIw+JMDBOe5DH9RDKnuTG9ihV/Kv1kuGbYgYgrOuQDo32G1UAAACBAMDsxHEWeT8DuuJM
pVkYD3p5BpOcmLLf+Q58BjLiNRu0C63hIRmzrF0IQEk2ccgUQPjpbLsrocXoGAoQIMzkry
j3mXdOI4NTgWF/d275Uy2YyIqF4j9TA9GLb05uqjxAksEyrXC4UnU+jg6/ZLOEMMOcLMCN
Rc9rH4VAvZYbRcthAAAAKWRtaXRyaWp0cmF2YW5ATWFjQm9vay1Qcm8tRG1pdHJpai0yLm
xvY2FsAQ==
-----END OPENSSH PRIVATE KEY-----
owner: picoadm:picoadm
permissions: "0600"

ssh_pwauth: no

package_update: true
package_reboot_if_required: true

packages:
- net-tools
- epel-release

runcmd:
- [ chown, -R, picoadm:picoadm, /home/picoadm/ ]
- [ runuser, -l, picoadm, -c, "restorecon -Rv ~/.ssh" ]
- [ sed, -i, 's/UsePAM yes/UsePam no/', /etc/ssh/sshd_config ]
- [ sed, -i, -e, '$aUseDNS no', /etc/ssh/sshd_config ]

users:
- name: picoadm
groups: [ sudo, docker ]
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']
passwd: '$6$w7J1BHYgFQw9iQco$Mr0BrJV9NMjGqb7pcYgwl4zK4.hlOdlySE19TRUC1ag3LJmN9Dceg6u3OaBAE9EnKsGfJXRKif3LSh12VwfUJ.'

debug:
verbose: true
output: /var/log/cloud-init-debug.log

power_state:
mode: reboot
timeot: 300
24 changes: 24 additions & 0 deletions deploy/cloud-init/cloud-init.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#cloud-config
---
timezone: "UTC"

runcmd:
- [ sed, -i, 's/#MaxSessions 10/MaxSessions 99/g', /etc/ssh/sshd_config ]
- [ sed, -i, -e, '$aUseDNS no', /etc/ssh/sshd_config ]
- [ sed, -i, 's/SELINUX=enforcing/SELINUX=disabled/g', /etc/selinux/config ]
- [ sed, -i, -e, '$a192.168.32.101 genin_01_host', /etc/hosts ]
- [ sed, -i, -e, '$a192.168.32.102 genin_02_host', /etc/hosts ]
- [ sed, -i, -e, '$a192.168.32.103 genin_02_host', /etc/hosts ]

users:
- name: picoadm
groups: [ sudo, docker ]
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']
passwd: '$6$w7J1BHYgFQw9iQco$Mr0BrJV9NMjGqb7pcYgwl4zK4.hlOdlySE19TRUC1ag3LJmN9Dceg6u3OaBAE9EnKsGfJXRKif3LSh12VwfUJ.'

ssh_pwauth: no

power_state:
mode: reboot
timeot: 300
42 changes: 32 additions & 10 deletions deploy/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,14 +79,13 @@ resource "openstack_compute_flavor_v2" "genin_bastion_flavor" {
is_public = "false"
}

resource "openstack_compute_instance_v2" "genin_host" {
count = var.genin_hosts_count
name = "genin_0${1+count.index}_host"
resource "openstack_compute_instance_v2" "genin_bastion_host" {
name = "genin_bastion_host"
flavor_id = openstack_compute_flavor_v2.genin_bastion_flavor.id
key_pair = openstack_compute_keypair_v2.dtravyan.id
availability_zone = var.server_zone
network {
fixed_ip_v4 = "192.168.16.${11+count.index}"
fixed_ip_v4 = "192.168.16.64"
uuid = openstack_networking_network_v2.genin_network.id
}

Expand All @@ -103,12 +102,35 @@ resource "openstack_compute_instance_v2" "genin_host" {
user_data = data.cloudinit_config.cloud_init_bastion.rendered
}

resource "openstack_networking_floatingip_v2" "genin_floating_it" {
pool = "external-network"
data "cloudinit_config" "cloud_init" {
gzip = false
base64_encode = false
part {
content_type = "text/cloud-config"
content = file("${path.module}/cloud-init/cloud-init.yml")
}
}

resource "openstack_compute_floatingip_associate_v2" "genin_floating_it" {
count = var.genin_hosts_count
floating_ip = openstack_networking_floatingip_v2.genin_floating_it.address
instance_id = "openstack_compute_instance_v2.genin_0${1+count.index}_trn_host.id"
resource "openstack_compute_instance_v2" "genin_host" {
count = var.genin_hosts_count
name = "genin_0${1+count.index}_host"
flavor_id = openstack_compute_flavor_v2.genin_bastion_flavor.id
key_pair = openstack_compute_keypair_v2.dtravyan.id
availability_zone = var.server_zone
network {
fixed_ip_v4 = "192.168.16.${101+count.index}"
uuid = openstack_networking_network_v2.genin_network.id
}

image_id = data.openstack_images_image_v2.centos_image.id

vendor_options {
ignore_resize_confirmation = true
}

lifecycle {
ignore_changes = [image_id]
}

user_data = data.cloudinit_config.cloud_init.rendered
}
4 changes: 2 additions & 2 deletions deploy/vars.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ variable "os_auth_url" {
}

variable "project_id" {
default = "26001df9c2144fdcad88f361cdc2f593"
type = string
}

variable "os_region" {
Expand All @@ -45,7 +45,7 @@ variable "subnet_cidr" {
}

variable "genin_hosts_count" {
default = 2
default = 3
}

variable "genin_hosts_vcpus" {
Expand Down
Loading

0 comments on commit 25aedfb

Please sign in to comment.