Permalink
Cannot retrieve contributors at this time
45 lines (38 sloc)
1.63 KB
| #!/bin/bash -e | |
| CLIENT_BUCKET="CONFIG_BUCKET_NAME" | |
| HOST=$(openssl x509 -in /opt/registry/certs/server.cert -text -noout | grep "Subject: CN=" | cut -d"=" -f2) | |
| SERVER_IP="$(wget -q -O- curlmyip.org)" | |
| aws s3 --sse cp /opt/registry/certs/server.cert s3://$CLIENT_BUCKET/server.cert | |
| aws s3 --sse cp client.cert s3://$CLIENT_BUCKET/client.cert | |
| aws s3 --sse cp client.key s3://$CLIENT_BUCKET/client.key | |
| echo | |
| echo "AWS Instance 'User-Data' Script" | |
| echo "========================================================================" | |
| cat << __EOF__ | |
| #!/bin/bash | |
| apt-get update | |
| if [ ! -d /etc/docker/certs.d/$HOST:443 ]; then | |
| export PATH="\$PATH:/usr/local/bin" | |
| curl -sSL https://get.docker.com/ | sh | |
| usermod -aG docker ubuntu | |
| service docker start | |
| wget -q -O- https://bootstrap.pypa.io/get-pip.py | python | |
| pip install awscli | |
| mkdir -p /etc/docker/certs.d/$HOST:443 | |
| aws s3 cp s3://$CLIENT_BUCKET/server.cert /etc/docker/certs.d/$HOST:443/ca.crt | |
| aws s3 cp s3://$CLIENT_BUCKET/client.cert /etc/docker/certs.d/$HOST:443/client.cert | |
| aws s3 cp s3://$CLIENT_BUCKET/client.key /etc/docker/certs.d/$HOST:443/client.key | |
| cat /etc/ssl/certs/ca-certificates.crt >> /etc/docker/certs.d/$HOST:443/ca.crt | |
| echo "\$(cat /etc/hosts | grep -v '$HOST')" > /etc/hosts | |
| echo "$SERVER_IP $HOST" >> /etc/hosts | |
| # AWS default 'ulimit -n' is 1024 which can cause issues for some containers (like apache2) | |
| # may need to reboot for this to come into effect | |
| cat > /etc/security/limits.conf << _FILE_ | |
| root soft nofile 16384 | |
| root hard nofile 16384 | |
| * soft nofile 16384 | |
| * hard nofile 16384 | |
| _FILE_ | |
| fi | |
| __EOF__ | |
| echo "========================================================================" |