diff --git a/README.md b/README.md index a69e4c8..6d0e826 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,7 @@ First you have to bring up the development virtual machines: ```bash $ vagrant up +$ rake preconfig $ rake bootstrap_common ``` @@ -52,6 +53,17 @@ $ rake converge:$server # deploys only $server * TODO: document creation of `prod.yaml`. * TODO: document SSH configuration +The very first step is + +``` +$ rake preconfig SPB_ENV=production +``` + +This will perform some initial configuration to the system that is required +before doing the actual deployment. + +After that: + ```bash $ rake SPB_ENV=production # deploys all servers $ rake nodes SPB_ENV=production # lists all servers diff --git a/Rakefile b/Rakefile index 90fada4..32a7b70 100644 --- a/Rakefile +++ b/Rakefile @@ -35,7 +35,7 @@ task :test do end file 'ssh_config.erb' -file 'config/local/ssh_config' => ['nodes.yaml', 'config/local/ips.yaml', 'ssh_config.erb'] do |t| +file 'config/local/ssh_config' => ['nodes.yaml', 'config/local/ips.yaml', 'ssh_config.erb', 'Rakefile'] do |t| require 'erb' template = ERB.new(File.read('ssh_config.erb')) File.open(t.name, 'w') do |f| @@ -50,3 +50,22 @@ unless ENV['nodeps'] task 'converge:integration' => 'converge:database' task 'converge:social' => 'converge:database' end + +$ALT_SSH_PORT = config.fetch('alt_ssh_port', 2222) + +$nodes.find { |n| n.hostname == 'reverseproxy' }.data['ssh_port'] = $ALT_SSH_PORT +desc 'Makes configurations needed before the bootstrap phase' +task :preconfig => ssh_config_file do + preconfig_file = "tmp/preconfig.#{$SPB_ENV}.stamp" + if File.exist?(preconfig_file) + puts "I: preconfig already done." + puts "I: delete #{preconfig_file} to force running again" + else + sh 'scp', '-F', ssh_config_file, 'utils/reverseproxy_ssh_setup', 'reverseproxy.unconfigured:/tmp' + sh 'ssh', '-F', ssh_config_file, 'reverseproxy.unconfigured', 'sudo', '/tmp/reverseproxy_ssh_setup', $ALT_SSH_PORT.to_s + + File.open(preconfig_file, 'w') do |f| + f.puts($ALT_SSH_PORT) + end + end +end diff --git a/Vagrantfile b/Vagrantfile index aea9f54..76dd597 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -33,5 +33,9 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| end config.vm.define 'reverseproxy' do |reverseproxy| reverseproxy.vm.network 'private_network', ip: ips['reverseproxy'] + if File.exist?('tmp/preconfig.local.stamp') + reverseproxy.ssh.port = File.read('tmp/preconfig.local.stamp').strip.to_i + reverseproxy.ssh.host = ips['reverseproxy'] + end end end diff --git a/config/local/config.yaml b/config/local/config.yaml index 088fd61..1e2f02e 100644 --- a/config/local/config.yaml +++ b/config/local/config.yaml @@ -10,4 +10,4 @@ email_subject_prefix: '[spb]' lists_hostname: listas.softwarepublico.dev lists_admin: paulo@softwarelivre.org relay_hostname: relay.softwarepublico.dev - +alt_ssh_port: 5555 diff --git a/ssh_config.erb b/ssh_config.erb index edc7c69..c369e57 100644 --- a/ssh_config.erb +++ b/ssh_config.erb @@ -9,7 +9,13 @@ Host * <% $nodes.each do |node| %> Host <%= node.hostname %> Hostname <%= node.data['peers'][node.hostname] %> + Port <%= node.data.fetch('ssh_port', 22) %> IdentityFile <%= (Dir.glob(".vagrant/machines/#{node.hostname}/*/private_key") + [File.expand_path('~/.vagrant.d/insecure_private_key')]).find { |f| File.exists?(f) }.tap { |f| File.expand_path(f) } %> <% end %> +Host reverseproxy.unconfigured + Hostname <%= $nodes.first.data['peers']['reverseproxy'] %> + Port 22 + IdentityFile <%= (Dir.glob(".vagrant/machines/reverseproxy/*/private_key") + [File.expand_path('~/.vagrant.d/insecure_private_key')]).find { |f| File.exists?(f) }.tap { |f| File.expand_path(f) } %> + # vim: ft=sshconfig diff --git a/utils/reverseproxy_ssh_setup b/utils/reverseproxy_ssh_setup new file mode 100755 index 0000000..adb939a --- /dev/null +++ b/utils/reverseproxy_ssh_setup @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +port="$1" + +# switch SSH to port $port +sed -i -e 's/^#\?\s*Port\s*[0-9]\+\s*$/Port '$port'/g' /etc/ssh/sshd_config + +# Tell SELinux to allow the new port +semanage port -a -t ssh_port_t -p tcp "$port" + +# Restart SSH +systemctl restart sshd -- libgit2 0.21.2