/
aws-nwo-lam2-Debian-x86-CloudInit.txt
345 lines (336 loc) · 13 KB
/
aws-nwo-lam2-Debian-x86-CloudInit.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
#cloud-config
# Tell cloud-init to log the output to a log file
output: {all: '| tee -a /var/log/cloud-init-output.log'}
# /var/www/aws/aws-nwo-lam2-Debian-x86-CloudInit.txt
# Initialize lam2.duckdns.org
#
# https://aws.lam1.us/a/Amazon_Web_Services_(AWS)
#
# This version clones from https://github.com/LAMurakami or the LAM EFS private
# repo copies and then sets the URL to git@github.com:LAMurakami/${REPO}.git
# or git@ak20:${REPO}.git as appropriate.
bootcmd:
- echo
- echo 'AWS LAM Report HOST information'
- uname -a
- echo
- echo 'AWS LAM Report Release version'
- head /etc/*release
- echo
- echo 'AWS LAM cloud-config YAML bootcmd complete'
- date
# Set hostname
hostname: lam2
# Set timezone
timezone: US/Alaska
# Upgrade apt database on first boot
package_update: true
# Upgrade the instance on first boot
package_upgrade: true
packages:
- rcs
- nfs-common
- awscli
- mailutils
- swish++
- libio-captureoutput-perl
- libcgi-pm-perl
- libdbi-perl
- libdbd-mysql-perl
- php
- php-gd
- texlive
- php-xml*
- lynx
- apache2-doc
- libapache2-mod-perl2
- libbsd-resource-perl
- libapache2-reload-perl
- apache2-suexec-custom
- mariadb-client
- mariadb-server
- php-mysql
- libapache2-mod-php
- x11-apps
- whois
- libgtk2.0-0
- php-mbstring
- php-intl
- php-apcu
- git
- xauth
- l3afpad
runcmd:
- keyName="lam2-Debian-x86"
- echo
- echo 'AWS LAM Allow any to read /var/log/cloud-init-output.log'
- chmod a+r /var/log/cloud-init-output.log
- echo
- echo 'AWS LAM Adding a swapfile'
- dd if=/dev/zero of=/swapfile bs=32M count=16
- chmod 600 /swapfile
- mkswap /swapfile
- swapon /swapfile
- echo "/swapfile swap swap defaults 0 0" >> /etc/fstab
- free -h
- cat /proc/swaps
- echo
- echo 'AWS LAM Get EFS for REGION'
- wget --quiet https://lamurakami.github.io/aws-efs/REGION.bash
- chmod a+x REGION.bash
- export REGION=$(./REGION.bash)
- rm REGION.bash
- EFS=$(curl -s https://lamurakami.github.io/aws-efs/${REGION})
- echo
- echo 'AWS LAM setup root to aws ssh config'
- wget --quiet https://lamurakami.github.io/aws-efs/root-ssh-config
- mv root-ssh-config /root/.ssh/config
- wget --quiet https://lamurakami.github.io/aws-efs/root-ssh-known_hosts
- mv root-ssh-known_hosts /root/.ssh/known_hosts
- echo
- echo 'AWS LAM Install glances after swap has been configured'
- apt-get install -y glances
- echo
- echo 'AWS LAM Check US Alaska local time for this system'
- ls -lF --time-style=long-iso /etc/localtime
- echo
- echo 'AWS LAM Report AWS EC2 user-data for this instance (CloudInit directives)'
# Allow for either gzip compressed user-data or plain text user-data
- (curl -s http://169.254.169.254/latest/user-data | gunzip) || curl -s http://169.254.169.254/latest/user-data
- echo
- echo 'AWS LAM Set git user name, email for system'
- git config --system user.name "LAMurakami"
- git config --system user.email GitHub@LAMurakami.com
- git config --system core.editor vi
- git config --system branch.autosetuprebase always
- git config --system init.defaultBranch master
- echo
- echo 'AWS LAM Install etckeeper to track configuration changes'
- apt-get install -y etckeeper
- echo
- echo 'AWS LAM Set vim as default editor for system'
- update-alternatives --set editor /usr/bin/vim.basic
- echo
- echo 'AWS LAM Set hostname and localhost alias in /etc/hosts'
- sed -i '1s/localhost/lam2.duckdns.org lam2 localhost/' /etc/hosts
- echo
- echo 'AWS LAM Installing aws.lam1.us web site'
- git clone https://github.com/LAMurakami/aws /var/www/aws
- sh -c "cd /var/www/aws;git remote set-url origin git@github.com:LAMurakami/aws"
- sh -c "cd /var/www/aws;git remote add ak20 git@ak20:aws"
- sh -c "cd /var/www/aws;git checkout -b $keyName"
- echo
- echo 'AWS LAM Cloud Guest motd'
- ln -s /var/www/aws/etc/update-motd.d/51-cloudguest /etc/update-motd.d
- echo
- echo 'AWS LAM enable aws site'
- ln -s /var/www/aws/aws_apache2.conf /etc/apache2/sites-available/000-aws.conf
- a2ensite 000-aws
- echo
- echo 'AWS LAM Install no-ssl web site'
- /var/www/aws/aws-lam-www-git-clone.bash no-ssl $keyName
- rm /etc/apache2/apache2.conf
- rm /etc/apache2/mods-available/alias.conf
- rm /etc/apache2/mods-available/autoindex.conf
- rm /etc/apache2/mods-available/dir.conf
- a2enmod rewrite
- /var/www/no-ssl/Implement_no-ssl_conf.bash
- echo
- echo 'AWS LAM Update from default to LAM AWS lam2 web configuration'
- sed -i "s|aws|lam2|" /var/www/no-ssl/apache2.conf
- sed -i 's|aws.ServerAdmin|lam2.ServerAdmin|' /etc/apache2/apache2.conf
- sed -i 's|aws.lam1.us|lam2.duckdns.org|' /etc/apache2/apache2.conf
- echo
- echo 'AWS LAM Configuring perl to include LAM perl modules'
- mkdir /usr/local/lib/site_perl
- ln -s /var/www/no-ssl/site_perl-LAM /usr/local/lib/site_perl/LAM
- echo
- echo 'AWS LAM Installing z.lam1.us web site'
- /var/www/aws/aws-lam-www-git-clone.bash z $keyName
- ln -s /var/www/z/z_apache2.conf /etc/apache2/sites-available/050_z.conf
- a2ensite 050_z
- echo
- echo 'AWS LAM Enable x11 forwarding over ssh for sudo'
- ln -s /var/www/no-ssl/xauthority.sh /etc/profile.d
- echo
- echo 'AWS LAM ***** Additional sites *****'
- echo
- echo 'AWS LAM Installing arsc.lam1.us web site'
- /var/www/aws/aws-lam-www-git-clone.bash arsc $keyName
- ln -s /var/www/arsc/arsc_apache2.conf /etc/apache2/sites-available/060_arsc.conf
- a2ensite 060_arsc
- echo
- echo 'AWS LAM Installing sites.lam1.us web site'
- /var/www/aws/aws-lam-www-git-clone.bash sites $keyName
- ln -s /var/www/sites/sites_apache2.conf /etc/apache2/sites-available/030_sites.conf
- a2ensite 030_sites
- echo
- echo 'AWS LAM Installing cabo.lam1.us web site'
- /var/www/aws/aws-lam-www-git-clone.bash cabo $keyName
- ln -s /var/www/cabo/cabo_apache2.conf /etc/apache2/sites-available/040_cabo.conf
- a2ensite 040_cabo
- echo
- echo 'AWS LAM Adding olnes www Content'
- /var/www/aws/aws-lam-www-git-clone.bash olnes $keyName
- ln -s /var/www/olnes/olnes_apache2.conf /etc/apache2/sites-available/052_olnes.conf
- a2ensite 052_olnes
- echo
- echo 'AWS LAM Adding larryforalaska www Content'
- /var/www/aws/aws-lam-www-git-clone.bash larryforalaska $keyName
- ln -s /var/www/larryforalaska/larryforalaska_apache2.conf /etc/apache2/sites-available/070_larryforalaska.conf
- a2ensite 070_larryforalaska
- echo
- echo 'AWS LAM Use l3afpad fork of leafpad'
- ln -s /usr/bin/l3afpad /usr/bin/leafpad
- echo
- echo 'AWS LAM ***** Use private LAM Alaska resources *****'
- echo
- echo 'AWS LAM Adding nfs4 mount to AWS NW-O VPC Elastic File System'
- mkdir /mnt/efs
- nfsOpt="_netdev,noresvport,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0"
- echo "${EFS}:/ /mnt/efs nfs4 ${nfsOpt}" >> /etc/fstab
- systemctl daemon-reload
- mount -a -t nfs4
- echo
- echo 'AWS LAM Installing ubuntu user bash resources for debian'
- tar -xzf /mnt/efs/aws-lam1-ubuntu/ubuntu.tgz --directory /home/admin
- echo
- echo 'AWS LAM Link to .aws resources for root'
- ln -s /home/admin/.aws /root/.aws
- echo
- echo 'AWS LAM Copy ssh key root'
- cp /home/admin/.ssh/git_ak20_id_rsa /root/.ssh
- echo
- echo 'AWS LAM Installing GNU which v2.21 compiled Debian 12 x86'
- aws s3 cp s3://lamurakami/Debian-12/which-Debian-12-x86.tgz - | tar -xzf - --directory /usr/local
- file /usr/local/bin/which
- echo
- echo 'AWS LAM Listen for ssh connections on alternate port 55520 and add ssh Banner'
- aws s3 cp s3://lamurakami/aws-lam1-ubuntu/sshd_config /etc/ssh/sshd_config
- ln -s /var/www/aws/etc/ssh/Banner.txt /etc/ssh
- systemctl restart sshd
- echo
- echo 'AWS LAM ***** Secure site *****'
- echo
- echo 'AWS LAM Installing Let-s Encrypt certificates for TLS encryption (HTTPS)'
- aws s3 cp s3://lamurakami/aws-lam1-ubuntu/letsencrypt.tgz - | tar -xzf - --directory /etc
- echo
- echo 'AWS LAM Updating apache2 configuration for lam2'
- a2enmod ssl
- a2enmod info
- a2enmod authz_groupfile.load
- a2enmod cgi
- echo
- echo 'AWS LAM Install lam web site'
# Extract lam from archive that includes MediWiki and git repo
- aws s3 cp s3://lamurakami/lam.tgz - | tar -xzf - --directory /var/www
- echo
- echo 'AWS LAM Tell git in /var/www/lam is O.K.'
- git config --system --add safe.directory /var/www/lam
# Use lam2-debian branch to serve secure site at https://lam2.duckdns.org
- sh -c "cd /var/www/lam;git stash"
- sh -c "cd /var/www/lam;git checkout lam2-debian"
- sh -c "cd /var/www/lam;git checkout -b $keyName"
- rm /etc/apache2/mods-available/info.conf
- rm /etc/apache2/mods-available/status.conf
- /var/www/lam/Implement_lam_conf.bash
- echo
- echo 'AWS LAM Create lam murakami staff credentials.'
- /var/www/lam/Create-lam-murakami-staff.bash
- echo
- echo 'AWS LAM Create Multicount directory'
- mkdir /var/www/Multicount
- chmod 775 /var/www/Multicount
- echo
- echo 'AWS LAM Creating {lam|Mediawiki} database and user'
- mysql --table < /var/www/lam/lam-user.sql
- echo
- echo 'AWS LAM ***** Private Additional sites *****'
- echo
- echo 'AWS LAM Installing {new|old}.interiordems.com web sites'
- /var/www/aws/aws-efs-www-git-clone.bash interiordems $keyName
- ln -s /var/www/interiordems/interiordems_apache2.conf /etc/apache2/sites-available/020_interiordems.conf
- a2ensite 020_interiordems
- /var/www/aws/aws-efs-www-git-clone.bash oldinteriordems $keyName
- ln -s /var/www/oldinteriordems/oldinteriordems_apache2.conf /etc/apache2/sites-available/010_oldinteriordems.conf
- a2ensite 010_oldinteriordems
- echo
- echo 'AWS LAM Adding mike@mike.lam1.us user, group and www Content'
- useradd --shell /bin/bash --create-home --groups users --uid 55501 mike
- usermod --groups users,mike mike
- aws s3 cp s3://lamurakami/aws-lam1-ubuntu/mike.tgz - | tar -xzf - --directory /home
- /var/www/aws/aws-efs-www-git-clone.bash mike $keyName
- ln -s /var/www/mike/mike_apache2.conf /etc/apache2/sites-available/081_mike.conf
- a2ensite 081_mike
- echo
- echo 'AWS LAM Adding blinkenshell www Content'
# Extract blinkenshell from archive that includes date time stamps
- aws s3 cp s3://lamurakami/aws-lam1-ubuntu/blinkenshell.tgz - | tar -xzf - --directory /var/www
- echo
- echo 'AWS LAM Tell git ownership of /var/www/blinkenshell/public_html is O.K.'
- git config --system --add safe.directory /var/www/blinkenshell/public_html
# Clone the blinkenshell repo and integrate it with blinkenshell archive
- /var/www/aws/aws-efs-www-git-clone.bash blinkenshell $keyName /tmp/
- mv /tmp/blinkenshell/.git /var/www/blinkenshell/public_html
- rm -rf /tmp/blinkenshell # Remove the blinkenshell repo fragment
- sh -c "cd /var/www/blinkenshell/public_html;git remote set-url origin git@github.com:LAMurakami/blinkenshell"
- sh -c "cd /var/www/blinkenshell/public_html;git remote add ak20 git@ak20:blinkenshell"
- sh -c "cd /var/www/blinkenshell/public_html;git stash"
- sh -c "cd /var/www/blinkenshell/public_html;git checkout master"
- sh -c "cd /var/www/blinkenshell/public_html;git checkout -b $keyName"
- ln -s /var/www/blinkenshell/public_html/blinkenshell_apache2.conf /etc/apache2/sites-available/051_blinkenshell.conf
- a2ensite 051_blinkenshell
- echo
- echo 'AWS LAM Adding alaskademocrat www Content'
- /var/www/aws/aws-efs-www-git-clone.bash alaskademocrat $keyName
- ln -s /var/www/alaskademocrat/alaskademocrat_apache2.conf /etc/apache2/sites-available/069_alaskademocrat.conf
- a2ensite 069_alaskademocrat
- echo
- echo 'AWS LAM ***** Final Initialization Steps *****'
- echo
- echo 'AWS LAM update aws site with current public local name ipv4 ipv6'
- /var/www/aws/cloud-init.pl
- /var/www/aws/AWS-LAM-git-commit.bash $keyName aws no-ssl
- echo
- echo 'AWS LAM Alaska Set lam as owner of /var/www'
- chown -R lam:staff /var/www
- chown www-data:www-data /var/www/Multicount
- chown lam:staff /mnt/efs
- echo
- echo 'AWS LAM Refreshing lam database'
- aws s3 cp s3://lamurakami/Bk-20-MySQL.lam.sql.gz - | gunzip -c | mysql --user=lam lam
- aws s3 cp s3://lamurakami/Bk-20-MySQL.wikidb.sql.gz - | gunzip -c | mysql --user=lam wikidb
- echo
- echo 'AWS LAM Install man2html after apache has been configured'
- apt-get install -y man2html
- echo
- echo 'AWS LAM Install plocate after swap has been configured'
- apt-get install -y plocate
- echo
- echo 'AWS LAM ***** Run cron daily plocate jobs *****'
- ln -s /var/www/no-ssl/local_scripts/plocate-mnt-efs.sh /etc/cron.daily/plocate-mnt-efs.sh
- /etc/cron.daily/plocate-mnt-efs.sh
- chmod a+r /mnt/efs/plocate.db
- updatedb
- echo
- echo 'AWS LAM Use Elastic File System plocate database'
- ln -s /var/www/no-ssl/plocate.sh /etc/profile.d/plocate.sh
- echo
- echo 'AWS LAM Install gitweb after apache has been configured'
- apt-get install -y gitweb
- a2disconf gitweb
- cp /var/www/aws/etc/gitweb.conf /etc/gitweb.conf
- systemctl restart apache2
- echo
- echo 'AWS LAM Alaska Final Cloud-init etckeeper commit'
- etckeeper commit -m 'QEMU LAM Alaska Final Cloud-init etckeeper commit'
- echo
- echo 'AWS LAM Updating lam2.duckdns.org IP address'
- ln -s /home/admin/.duckdns /root/.duckdns
- /var/www/aws/Update-DuckDNS.bash lam2
- echo
- echo 'AWS LAM Alaska List Installed Packages information'
- dpkg -l
- echo
- echo 'AWS LAM cloud-config YAML runcmd complete'
- date