forked from basho/yokozuna
-
Notifications
You must be signed in to change notification settings - Fork 1
/
yokozuna-ami.sh
197 lines (159 loc) · 5.18 KB
/
yokozuna-ami.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
#!/bin/bash
#
# This script builds a Riak/Yokozuna AMI by running on an existing
# instance created by build-ami.sh. All actions should be idempotent
# in case of failure part way through.
#
# NOTE: This script assumes an Amazon Linux instance.
AMI_NAME=$1; shift
BUCKET=$1; shift
AWS_USER_ID=$1; shift
AWS_ACCESS_KEY_ID=$1; shift
AWS_SECRET_KEY=$1; shift
info() {
echo INFO: $1
}
error() {
echo ERROR: $1
exit 1
}
if_failed() {
if [ ! "0" == $(echo $?) ]; then
error "$1"
fi
}
cd ~/
sudo yum -y install git gcc gcc-c++ make ncurses ncurses-devel openssl openssl-devel java-1.6.0-openjdk-devel
maybe_get() {
dir=$1
url=$2
base=$(basename $url)
if [ ! -e $dir ]; then
rm -f $base
info "grabbing $url"
wget $url
tar zxf $base
info "$base extracted"
fi
}
# install Ant
maybe_get apache-ant-1.8.4 http://www.reverse.net/pub/apache//ant/binaries/apache-ant-1.8.4-bin.tar.gz
export PATH=~/apache-ant-1.8.4/bin:$PATH
# install Ivy
maybe_get apache-ivy-2.3.0-rc1 http://apache.cs.utah.edu//ant/ivy/2.3.0-rc1/apache-ivy-2.3.0-rc1-bin.tar.gz
cp apache-ivy-2.3.0-rc1/ivy-2.3.0-rc1.jar apache-ant-1.8.4/lib/
# install Erlang, build on ephemeral to avoid out-of-disk
sudo chown ec2-user /media/ephemeral0
sudo chgrp ec2-user /media/ephemeral0
pushd /media/ephemeral0
maybe_get otp_src_R15B02 http://www.erlang.org/download/otp_src_R15B02.tar.gz
if [ ! -d /usr/local/erlang* ]; then
pushd otp_src_R15B02
./configure --prefix=/usr/local/erlangR15B02
make
sudo make install
popd
fi
popd
export PATH=/usr/local/erlangR15B02/bin:$PATH
# build Riak/Yokozuna
if [ ! -d riak ]; then
git clone git://github.com/basho/riak.git
fi
pushd riak
if [ ! -d rel/riak ]; then
git checkout yz-merge-1.3.0
make
make stage
fi
# write data to ephemeral storage
#
# TODO: move yz data, currently it isn't easy to change yokozuna's
# working dir
DATA_DIR=/media/ephemeral0/data
sed -i.bak \
-e "s:\./data/bitcask:$DATA_DIR/bitcask:" \
-e "s:\./data/leveldb:$DATA_DIR/leveldb:" \
rel/riak/etc/app.config
popd
# set IO scheduler
GRUB=/etc/grub.conf
if grep 'elevator=' $GRUB; then
sudo su -c "sed -i.bak 's/elevator=.*/elevator=noop/' $GRUB" - root
else
sudo cp $GRUB $GRUB.bak
sudo su -c "echo 'elevator=noop' >> $GRUB" - root
fi
if ! grep 'elevator=' $GRUB; then
error "failed to set elevator"
fi
# set swappiness
SYSCTL=/etc/sysctl.conf
if grep 'vm.swappiness.*' $SYSCTL; then
sudo su -c "sed -i.bak 's/vm.swappiness.*/vm.swappiness = 0/' $SYSCTL" - root
else
sudo cp $SYSCTL $SYSCTL.bak
sudo su -c "echo 'vm.swappiness = 0' >> $SYSCTL" - root
fi
if ! grep 'vm.swappiness.*' $SYSCTL; then
error "failed to set swappiness"
fi
# set sshd root login
SSHCFG=/etc/ssh/sshd_config
if sudo grep 'PermitRootLogin.*' $SSHCFG; then
sudo su -c "sed -i.bak 's/PermitRootLogin.*/PermitRootLogin without-password/' $SSHCFG" - root
else
sudo cp $SSHCFG $SSHCFG.bak
sudo su -c "echo 'PermitRootLogin without-password' >> $SSHCFG" - root
fi
if ! sudo grep '^PermitRootLogin without-password$' $SSHCFG; then
error "failed to set PermitRootLogin"
fi
# add code to fetch users public key and add to authorized_keys
if ! grep 'fetch public key' /etc/rc.local; then
sudo cp /etc/rc.local /etc/rc.local.bak
sudo su -c "cat <<'EOF' > /etc/rc.local
if [ ! -d /root/.ssh ] ; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
fi
if [ ! -d /home/ec2-user/.ssh ] ; then
mkdir -p /home/ec2-user/.ssh
chmod 700 /home/ec2-user/.ssh
fi
# fetch public key using HTTP
curl http://169.254.169.254/latest//meta-data/public-keys/0/openssh-key > /tmp/my-key
if [ $? -eq 0 ] ; then
cat /tmp/my-key >> /root/.ssh/authorized_keys
cat /tmp/my-key >> /home/ec2-user/.ssh/authorized_keys
chmod 700 /root/.ssh/authorized_keys
chmod 700 /home/ec2-user/.ssh/authorized_keys
rm /tmp/my-key
fi
EOF" - root
fi
if ! grep 'fetch public key' /etc/rc.local; then
error "failed to modify rc.local"
fi
# up ulimit
LIMITS=/etc/security/limits.conf
if ! grep 'ec2-user.*nofile.*700000' $LIMITS; then
sudo su -c "echo 'ec2-user - nofile 700000' >> $LIMITS" - root
fi
if ! grep 'ec2-user.*nofile.*700000' $LIMITS; then
error "failed to raise ulimit"
fi
# clear any history
sudo find /root/.*history /home/*/.*history -exec rm -f {} \;
# build/publish the AMI
pushd /media/ephemeral0
BUNDLE_DIR=/media/ephemeral0/bundle
rm -vrf $BUNDLE_DIR
mkdir -v $BUNDLE_DIR
sudo su -c "cd /media/ephemeral0 && ec2-bundle-vol -k pk-* -c cert-* -r x86_64 -d $BUNDLE_DIR -e /home/ec2-user/.ssh/authorized_keys -e /etc/ssh/ssh_host_dsa_key -e /etc/ssh/ssh_host_dsa_key.pub -e /etc/ssh/ssh_host_key -e /etc/ssh/ssh_host_key.pub -e /etc/ssh/ssh_host_rsa_key -e /etc/ssh/ssh_host_rsa_key.pub -p $AMI_NAME -u $AWS_USER_ID" - root
if_failed "failure bundling volume"
sudo su -c "cd /media/ephemeral0 && ec2-upload-bundle -b $BUCKET -m $BUNDLE_DIR/${AMI_NAME}.manifest.xml -a $AWS_ACCESS_KEY_ID -s $AWS_SECRET_KEY" - root
if_failed "failure uploading volume"
ec2-register -K pk-* -C cert-* $BUCKET/${AMI_NAME}.manifest.xml -n $AMI_NAME
if_failed "failure registering ami"
popd