feat: add steps to publish ami image

ballerine-io · Jun 9, 2024 · 042fe4e · 042fe4e
1 parent c8fc02f
commit 042fe4e
Show file tree

Hide file tree

Showing 17 changed files with 170 additions and 26 deletions.
diff --git a/deploy/ansible/ballerine_playbook/README.md b/deploy/ansible/ballerine_playbook/README.md
@@ -99,7 +99,7 @@ You can run the ansible playbook with the following command
 
 ```bash
 cd ballerine/deploy/ansible/ballerine_playbook
-ansible-playbook -i inventory.txt ballerine-playbook.yml
+ansible-playbook -i inventory.txt ballerine-playbook.yml --skip-tags packer
 ```
 
 The command above will use the host information from the `inventory` file.
@@ -110,4 +110,4 @@ When it's all done, provided all went well and no parameters were changed, you s
 
 ## Make entries to the DNS server
 
-Make sure the appropriate entries for the url in DNS are created
+Make sure the appropriate entries for the url in DNS are created
diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/defaults/main.yml b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/defaults/main.yml
@@ -3,6 +3,10 @@
 docker_edition: 'ce'
 docker_package: 'docker-{{ docker_edition }}'
 docker_package_state: present
+default_user: ubuntu
+
+cloud_user: ballerine
+cloud_group: ballerine
 
 # Service options.
 docker_service_state: started

diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/cleanup-packer-build.yml b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/cleanup-packer-build.yml
@@ -0,0 +1,12 @@
+---
+- name: Remove sensitive credential (1)
+  shell: find / -name "authorized_keys" -exec rm -f {} \;
+  become: true
+
+- name: Remove sensitive credential (2)
+  shell: find /root/ /home/*/ -name .cvspass -exec rm -f {} \;
+  become: true
+
+- name: Restart rsyslog
+  shell: service rsyslog restart
+  become: true
diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/clone-ballerine.yml b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/clone-ballerine.yml
@@ -1,8 +1,9 @@
 ---
-- name: Clone a github repository
-  ansible.builtin.git:
+- name: Clone Ballerine
+  git:
     repo: https://github.com/ballerine-io/ballerine.git
     dest: "{{ install_dir }}"
-    key_file: ""
     version: dev
-  tags: packer
+    clone: yes
+    update: yes
+  ignore_errors: yes
diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/deploy-ballerine.yml b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/deploy-ballerine.yml
@@ -0,0 +1,11 @@
+- name: Deploy Ballerine with localhost
+  shell: sudo docker-compose -f docker-compose-build.yml up -d
+  args:
+    chdir: "{{ install_dir }}/deploy"
+  when: vite_api_url == ""
+
+- name: Deploy Ballerine with custom Domain
+  shell: sudo docker-compose -f docker-compose-build-https.yml up -d
+  args:
+    chdir: "{{ install_dir }}/deploy"
+  when: vite_api_url != ""
diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/install-docker.yml b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/install-docker.yml
@@ -24,15 +24,13 @@
       - libnss3-tools
     state: latest
   become: true
-  tags:
-    - always
+
 
 - name: Upgrade dist to apply security fixes
   ansible.builtin.apt:
     upgrade: dist
   become: true
-  tags:
-    - always
+
 
 - name: Ensure old versions of Docker are not installed
   package:

diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/main.yml b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/main.yml
@@ -3,10 +3,25 @@
   package_facts:
     manager: auto
 
-- include_tasks: install-docker.yml
+- import_tasks: install-docker.yml
 
 - import_tasks: start-docker.yml
 
 - import_tasks: clone-ballerine.yml
 
+- import_tasks: setup-init-config.yml
+  tags: packer
+
 - import_tasks: setup-ballerine.yml
+
+- import_tasks: setup-ballerine-runtime.yml
+  tags: packer
+
+- import_tasks: deploy-ballerine.yml
+  tags: deploy
+
+- import_tasks: setup-user-data.yml
+  tags: packer
+
+- import_tasks: cleanup-packer-build.yml
+  tags: packer
diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-ballerine-runtime.yml b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-ballerine-runtime.yml
@@ -0,0 +1,39 @@
+- name: create runtime path folder
+  file:
+    dest: "{{ install_dir }}/scripts"
+    mode: 0755
+    recurse: yes
+    owner: "{{ cloud_user }}"
+    group: "{{ cloud_group }}"
+    state: directory
+
+- name: create boot script
+  template:
+    src: templates/boot.sh
+    dest: "{{ install_dir }}/scripts/boot.sh"
+    mode: 0755
+
+- name: create reboot entry job
+  cron:
+    name: "ballerine job"
+    special_time: reboot
+    user: "{{ cloud_user }}"
+    job: "{{ install_dir }}/scripts/boot.sh"
+
+- name: setup ssh key for ballerine user
+  copy:
+    src: templates/init-ssh.sh
+    dest: /var/lib/cloud/scripts/per-instance
+    mode: 0755
+    owner: "{{ cloud_user }}"
+    group: "{{ cloud_group }}"
+  become: true
+
+- name: setup ssh key for {{ default_user }} user
+  copy:
+    src: templates/init-ssh.sh
+    dest: /var/lib/cloud/scripts/per-instance
+    mode: 0755
+    owner: "{{ default_user }}"
+    group: "{{ cloud_group }}"
+  become: true
diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-ballerine.yml b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-ballerine.yml
@@ -34,16 +34,4 @@
   ansible.builtin.template:
     src: templates/Caddyfile.j2
     dest: "{{ install_dir }}/deploy/caddy/Caddyfile"
-  when: vite_api_url != ""
-
-- name: Deploy Ballerine up locally
-  shell: docker-compose -f docker-compose-build.yml up -d
-  args:
-    chdir: "{{ install_dir }}/deploy"
-  when: vite_api_url == ""
-
-- name: Deploy Ballerine up remote
-  shell: docker-compose -f docker-compose-build-https.yml up -d
-  args:
-    chdir: "{{ install_dir }}/deploy"
-  when: vite_api_url != ""
+  when: vite_api_url != ""
diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-init-config.yml b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-init-config.yml
@@ -0,0 +1,25 @@
+---
+- name: deploy cloud init config file
+  template: src=templates/cloud-config.cfg dest=/etc/cloud/cloud.cfg.d/defaults.cfg
+  become: true
+
+- name: create group ballerine
+  group: name={{ cloud_user }} state=present
+  become: true
+
+- name: create user ballerine
+  user: name={{ cloud_user }} groups={{ cloud_group }}
+  become: true
+
+- name: create user {{ default_user }}
+  user: name={{ default_user }} groups={{ cloud_group }}
+  become: true
+
+- name: add sudoers group for user {{ cloud_user }}
+  copy:
+    content: 'ballerine ALL=(ALL) NOPASSWD: ALL'
+    dest: /etc/sudoers.d/ballerine
+    mode: 0440
+    owner: root
+    group: root
+  become: true
diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-user-data.yml b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/tasks/setup-user-data.yml
@@ -0,0 +1,9 @@
+---
+- name: setup runtime user data
+  copy:
+    src: ../templates/user-data.sh
+    dest: /var/lib/cloud/scripts/per-instance
+    mode: 0755
+    owner: "{{ cloud_user }}"
+    group: "{{ cloud_group }}"
+  become: true
diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/boot.sh b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/boot.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+cd /home/ballerine/ballerine
+
+git checkout dev ; git pull
+
+cd /home/ballerine/ballerine/deploy
+
+sudo docker-compose -f docker-compose-build.yml pull
+
+sudo docker-compose -f docker-compose-build.yml up -d
diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/cloud-config.cfg b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/cloud-config.cfg
@@ -0,0 +1,5 @@
+#cloud-config
+system_info:
+  default_user:
+    name: ballerine
+    lock_passwd: false
diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/init-ssh.sh b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/init-ssh.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+authorized_keys_path=/home/ballerine/.ssh/authorized_keys
+if [[ ! -e "$authorized_keys_path" ]]; then
+		echo "Setting SSH key"
+		sudo cp ~/.ssh/authorized_keys "$authorized_keys_path"
+		sudo chown ballerine:ballerine "$authorized_keys_path"
+fi
+
+authorized_keys_ubuntu_path=/home/ubuntu/.ssh/authorized_keys
+if [[ ! -e "$authorized_keys_ubuntu_path" ]]; then
+		echo "Setting SSH key for ubuntu user"
+		sudo mkdir -p /home/ubuntu/.ssh/
+		sudo chmod -R 700 /home/ubuntu/.ssh/
+		sudo cp ~/.ssh/authorized_keys "$authorized_keys_ubuntu_path"
+		sudo chown -R ubuntu:ballerine /home/ubuntu/.ssh/
+fi
diff --git a/deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/user-data.sh b/deploy/ansible/ballerine_playbook/roles/setup-ballerine/templates/user-data.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+default_user_name="admin@admin.com"
+default_user_password=admin
+
+echo "${default_user_name}:${default_user_password}" > /home/ballerine/ballerine/credential
+
+echo -e "\n***************************************************\n*     Default username : $default_user_name     *\n*     Default password : $default_user_password            *\n***************************************************\n" >/dev/console
diff --git a/deploy/aws_ami/defaults.cfg b/deploy/aws_ami/defaults.cfg
@@ -2,4 +2,4 @@
 system_info:
   default_user:
     name: ballerine
-    lock_passwd: false
+    lock_passwd: false
diff --git a/deploy/aws_ami/template.json.pkr.hcl b/deploy/aws_ami/template.json.pkr.hcl
@@ -7,7 +7,7 @@ variable "base_ami" {
 # Configuration - AWS provisioning instance type
 variable "instance_type" {
   type    = string
-  default = "t2.medium"
+  default = "t2.micro"
 }
 
 # Configuration - AWS subnet
@@ -57,5 +57,6 @@ build {
   provisioner "ansible" {
     user = "ballerine"
     playbook_file = "../ansible/ballerine_playbook/ballerine-playbook.yml"
+    extra_arguments = ["--skip-tags", "deploy"]
   }
 }