Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
UNIX command line
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Ghislain Durif
UNIX command line
Commits
ee7f6c5c
Unverified
Commit
ee7f6c5c
authored
4 years ago
by
Laurent Modolo
Browse files
Options
Downloads
Patches
Plain Diff
first test with ansible
parent
37c4c9ad
No related branches found
Branches containing commit
No related tags found
No related merge requests found
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
deploy.sh
+59
-2
59 additions, 2 deletions
deploy.sh
install.sh
+24
-9
24 additions, 9 deletions
install.sh
profile_ifb.sh
+6
-0
6 additions, 0 deletions
profile_ifb.sh
ubuntu-shellinabox.yaml
+111
-0
111 additions, 0 deletions
ubuntu-shellinabox.yaml
with
200 additions
and
11 deletions
deploy.sh
+
59
−
2
View file @
ee7f6c5c
#!/bin/bash
# This script is executed on the virtual machine during the *Deployment* phase.
# It is used to apply parameters specific to the current deployment.
# It is executed secondly during a cloud deployement in IFB-Biosphere, after the *Installation* phase.
source
/etc/profile.d/ifb.sh
LOCUSER
=
${
LOCUSER
:-
ubuntu
}
LOCUSER_DIR
=
`
eval echo
"~
$LOCUSER
"
`
# Docker params
# APP_IMG="gitlab-registry.in2p3.fr/ifb-biosphere/apps/<...>"
# Configure default user
# IFB_DATADIR is set in profile ‘ifb.sh'
ln
-s
$IFB_DATADIR
$LOCUSER_DIR
/data
# Allow local user to run docker
usermod
-a
-G
docker
$LOCUSER
# Manage ephemeral disk
EPHEM_DIR
=
`
df
|
grep
vdb |
awk
'{print $6}'
`
if
[
-n
"
$EPHEM_DIR
"
]
;
then
chown
$LOCUSER
:
$LOCUSER
$EPHEM_DIR
ln
-s
$EPHEM_DIR
$IFB_DATADIR
/mydatalocal
# Move docker data dir to ephemeral disk
DOCKER_DJSON
=
/etc/docker/daemon.json
export
DOCKER_DATADIR
=
${
EPHEM_DIR
}
/docker-data
mkdir
$DOCKER_DATADIR
if
[
-e
$DOCKER_DJSON
]
then
curjson
=
"
$(
jq
'."data-root"=env.DOCKER_DATADIR'
$DOCKER_DJSON
)
"
echo
"
${
curjson
}
"
>
$DOCKER_DJSON
else
echo
-e
"{
\n
\"
data-root
\"
:
\"
$DOCKER_DATADIR
\"\n
}"
>
$DOCKER_DJSON
fi
systemctl restart docker
else
mkdir
$IFB_DATADIR
/mydatalocal
fi
# Mount IFB shared volumes
ifb_sharedvols
=
$(
ss-get
--timeout
=
5 ifb_share_endpoints
)
if
[
-n
"
$ifb_sharedvols
"
]
;
then
wget
-O
/root/config_partages.py https://raw.githubusercontent.com/IFB-ElixirFr/biosphere-commons/master/scripts/utils/config_partages.py
python3 /root/config_partages.py
$ifb_sharedvols
rm
/root/config_partages.py
fi
USER_LOGIN
=
etudiant
USER_PASSWORD
=
$(
openssl rand
-hex
12
)
USER_PASSWORD
=
$(
openssl rand
-hex
12
)
sudo
passwd etudiant
<<
EOF
useradd
-m
-s
/bin/bash
-g
users
-G
adm,dialout,cdrom,floppy,audio,dip,video,plugdev,netdev
${
USER_LOGIN
}
cp
/etc/skel/.
*
/home/
${
USER_LOGIN
}
/
passwd
${
USER_LOGIN
}
<<
EOF
${
USER_PASSWORD
}
${
USER_PASSWORD
}
${
USER_PASSWORD
}
${
USER_PASSWORD
}
EOF
EOF
HOST_NAME
=
$(
ss-get
--timeout
=
3
hostname
)
HTTP_ENDP
=
"https://
$HOST_NAME
"
HTTP_ENDP
=
"https://
$HOST_NAME
"
ss-set url.service
"
${
HTTP_ENDP
}
"
ss-set url.service
"
${
HTTP_ENDP
}
"
ss-set ss:url.service
"[HTTPS]
$HTTP_ENDP
,[LOGIN]
$
etudiant
,[PASSWORD]
$USER_PASSWORD
"
ss-set ss:url.service
"[HTTPS]
$HTTP_ENDP
,[LOGIN]
$
USER_LOGIN
,[PASSWORD]
$USER_PASSWORD
"
This diff is collapsed.
Click to expand it.
install.sh
+
24
−
9
View file @
ee7f6c5c
sudo
apt update
#!/bin/bash
sudo
apt
install
--yes
openssl shellinabox
sudo sed
-i
's|SHELLINABOX_PORT=4200|SHELLINABOX_PORT=443|'
/etc/default/shellinabox
# This script is executed on the virtual machine during the Installation phase (need to be ran as root!).
sudo
iptables
-t
filter
-A
INPUT
-p
tcp
--dport
443
-j
ACCEPT
# It is used to record a predefined VM-image of the appliance.
sudo
iptables
-t
filter
-A
OUTPUT
-p
tcp
--dport
443
-j
ACCEPT
# Otherwise executed first during a cloud deployement in IFB-Biosphere
sudo
iptables-save
sudo
systemctl restart shellinabox
# Install Ansible
sudo
useradd
-m
-s
/bin/bash
-g
users
-G
adm,dialout,cdrom,floppy,audio,dip,video,plugdev,netdev etudiant
export
DEBIAN_FRONTEND
=
noninteractive
sudo cp
/etc/skel/.
*
/home/etudiant/
APT_OPT
=
""
if
[
$(
lsb_release
-is
)
=
"Debian"
]
;
then
apt-get
install
-y
software-properties-common dirmngr
if
[
$(
lsb_release
-cs
)
=
"stretch"
]
;
then
apt-add-repository
"deb http://deb.debian.org/debian stretch-backports main"
;
fi
APT_OPT
=
"-t
$(
lsb_release
-cs
)
-backports --allow-unauthenticated"
apt-get
-y
--allow-unauthenticated
dist-upgrade
elif
[
$(
lsb_release
-cs
)
!=
"focal"
]
;
then
apt-add-repository
-y
ppa:ansible/ansible
fi
apt-get update
apt-get
install
$APT_OPT
-y
ansible
# Run app playbook
ansible-playbook
-c
local
-i
127.0.0.1,
-b
-e
'ansible_python_interpreter=/usr/bin/python3'
ubuntu-shellinabox.yaml
This diff is collapsed.
Click to expand it.
profile_ifb.sh
0 → 100644
+
6
−
0
View file @
ee7f6c5c
# IFB Bioinformatics environment
export
IFB_MAIN
=
/ifb
export
IFB_BIN
=
$IFB_MAIN
/bin
export
IFB_DATADIR
=
$IFB_MAIN
/data
export
PATH
=
$PATH
:
$IFB_BIN
This diff is collapsed.
Click to expand it.
ubuntu-shellinabox.yaml
0 → 100644
+
111
−
0
View file @
ee7f6c5c
-
hosts
:
all
tasks
:
-
name
:
Update the system
apt
:
upgrade
:
dist
-
name
:
Install requirements
apt
:
name
:
-
autofs
-
fail2ban
-
python3-pip
-
nfs-common
-
jq
-
openssl
-
shellinabox
state
:
latest
-
name
:
Remove old Docker version
apt
:
name
:
-
docker
-
docker-engine
-
docker.io
-
containerd
-
runc
state
:
absent
-
name
:
Install Docker deps
apt
:
name
:
-
apt-transport-https
-
ca-certificates
-
curl
-
gnupg-agent
-
software-properties-common
state
:
latest
-
name
:
Add Docker’s official GPG key
apt_key
:
url
:
https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
state
:
present
-
name
:
Add Docker's repository into sources list
apt_repository
:
repo
:
deb [arch=amd64] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
state
:
present
-
name
:
Install Docker engine community
apt
:
name
:
-
docker-ce
-
docker-ce-cli
-
containerd.io
state
:
latest
-
name
:
Configure shell in a box
shell
:
sed -i 's|SHELLINABOX_PORT=4200|SHELLINABOX_PORT=443|' /etc/default/shellinabox
-
name
:
Configure network
shell
:
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT && iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT && iptables-save
sudo systemctl restart shellinabox
- name
:
Enable services
systemd
:
name
:
"
{{
item
}}"
enabled
:
yes
state
:
started
loop
:
-
docker
-
fail2ban
-
name
:
Restart services
systemd
:
name
:
"
{{
item
}}"
enabled
:
yes
state
:
restarted
loop
:
-
shellinabox
-
name
:
Update pip
pip
:
name
:
-
pip
executable
:
pip3
state
:
latest
-
name
:
Install docker-compose
pip
:
name
:
-
docker-compose
executable
:
pip3
state
:
latest
-
name
:
Install Miniconda
script
:
miniconda-install.sh
-
name
:
Copy IFB profile
copy
:
src
:
profile_ifb.sh
dest
:
/etc/profile.d/ifb.sh
owner
:
root
mode
:
'
0644'
-
name
:
Create IFB root dir and bin
shell
:
. /etc/profile.d/ifb.sh && mkdir -p $IFB_BIN
-
name
:
Create IFB data dir
shell
:
. /etc/profile.d/ifb.sh && mkdir -p $IFB_DATADIR
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment