forked from thewca/worldcubeassociation.org
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request thewca#2038 from FatBoyXPC/issue-2029
Paired up with @jfly to finish fixing Issue 2029
- Loading branch information
Showing
1 changed file
with
47 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -11,33 +11,42 @@ AWS_REGION="us-west-2" | |
|
|
||
| CONFIGURATION_INSTRUCTIONS="https://docs.google.com/document/d/1cq-4R0ERnK-dGNlkoG8gwKKjr5WecuXSppbSHQ0FI9s/edit#heading=h.qsrd2h8spn50" | ||
|
|
||
| test_aws_cli() { | ||
| check_deps() { | ||
| if ! command -v jq &>/dev/null; then | ||
| echo "Unable to find the jq command line utility. Are you sure it's installed?" >> /dev/stderr | ||
| echo "Try following the installation instructions here: https://stedolan.github.io/jq/download/" >> /dev/stderr | ||
| exit 1 | ||
| fi | ||
|
|
||
| if ! command -v aws &>/dev/null; then | ||
| echo "" >> /dev/stderr | ||
| echo "Unable to find the aws command line client. Are you sure it's installed?" >> /dev/stderr | ||
| echo "Try following the installation instructions here: https://docs.aws.amazon.com/cli/latest/userguide/installing.html" >> /dev/stderr | ||
| exit 1 | ||
| fi | ||
|
|
||
| if ! command -v dig &>/dev/null; then | ||
| echo "Unable to find the dig command line utility. Are you sure it's installed?" >> /dev/stderr | ||
| exit 1 | ||
| fi | ||
| } | ||
|
|
||
| test_aws_cli() { | ||
| local configured_region=`aws configure get region` | ||
| if [ "${configured_region}" != "${AWS_REGION}" ]; then | ||
| echo "" >> /dev/stderr | ||
| echo "Found the aws command line client, but your region is configured to be '${configured_region}', when it should be '${AWS_REGION}'." >> /dev/stderr | ||
| echo "Try following the configuration instructions here: ${CONFIGURATION_INSTRUCTIONS}" >> /dev/stderr | ||
| exit 1 | ||
| fi | ||
|
|
||
| local configured_output=`aws configure get output` | ||
| if [ "${configured_output}" != "json" ]; then | ||
| echo "" >> /dev/stderr | ||
| echo "Found the aws command line client, but your default output format is configured to be '${configured_output}', when it should be 'json'." >> /dev/stderr | ||
| echo "Try following the configuration instructions here: ${CONFIGURATION_INSTRUCTIONS}" >> /dev/stderr | ||
| exit 1 | ||
| fi | ||
|
|
||
| local username=`aws iam get-user | jq --raw-output '.User.UserName'` | ||
| if [ "${username}" != "${AWS_USERNAME}" ]; then | ||
| echo "" >> /dev/stderr | ||
| echo "Found the aws command line client, but it does not appear to be configured correctly." >> /dev/stderr | ||
| echo "Try following the configuration instructions here: ${CONFIGURATION_INSTRUCTIONS}" >> /dev/stderr | ||
| echo "The command 'aws iam get-user' should show UserName '${AWS_USERNAME}', but it showed '${username}'." >> /dev/stderr | ||
|
|
@@ -59,6 +68,8 @@ test_ssh_to_production() { | |
| } | ||
|
|
||
| test_ssh_agent_forwarding() { | ||
| test_ssh_to_production | ||
|
|
||
| local ssh_command=$1 | ||
|
|
||
| local test_command="${ssh_command} echo Successfulness" | ||
|
|
@@ -125,6 +136,18 @@ get_pem_filename() { | |
| eval $__resultvar="'${__pem_filename}'" | ||
| } | ||
|
|
||
| rsync_secrets() { | ||
| local ssh_command=$1 | ||
|
|
||
| ${ssh_command} 'rsync -az -e "ssh -o StrictHostKeyChecking=no" --info=progress2 [email protected]:/home/cubing/worldcubeassociation.org/secrets/ /home/cubing/worldcubeassociation.org/secrets' | ||
| } | ||
|
|
||
| disable_old_cron() { | ||
| local ssh_command=$1 | ||
|
|
||
| ssh [email protected] 'crontab -l | sed -e "s/^/#/" -e "1i# Cronjobs disabled on `date` by servers.sh" | crontab' | ||
| } | ||
|
|
||
| new() { | ||
| print_command_usage_and_exit() { | ||
| echo "Usage: $0 new [keyname]" >> /dev/stderr | ||
|
|
@@ -147,8 +170,6 @@ new() { | |
|
|
||
| test_ssh_to_production | ||
|
|
||
| test_aws_cli | ||
|
|
||
| # Spin up a new EC2 instance. | ||
| json=`aws ec2 run-instances \ | ||
| --image-id ami-7c22b41c \ | ||
|
|
@@ -201,7 +222,7 @@ bootstrap() { | |
| # See http://ubuntu-smoser.blogspot.com/2010/07/verify-ssh-keys-on-ec2-instances.html or | ||
| # https://alestic.com/2012/04/ec2-ssh-host-key/ for better solutions than | ||
| # setting StrictHostKeyChecking=no. | ||
| ${ssh_command} -A 'sudo wget https://raw.githubusercontent.com/thewca/worldcubeassociation.org/master/scripts/wca-bootstrap.sh -O /tmp/wca-bootstrap.sh && sudo -E bash /tmp/wca-bootstrap.sh production' | ||
| ${ssh_command} 'sudo wget https://raw.githubusercontent.com/thewca/worldcubeassociation.org/master/scripts/wca-bootstrap.sh -O /tmp/wca-bootstrap.sh && sudo -E bash /tmp/wca-bootstrap.sh production' | ||
|
|
||
| # After bootstrapping the new server, it will have a new host key. To avoid future errors like | ||
| # | ||
|
|
@@ -284,20 +305,29 @@ wait_for_confirmation() { | |
|
|
||
| function passthetorch() { | ||
| print_command_usage_and_exit() { | ||
| echo "Usage: $0 passthetorch" >> /dev/stderr | ||
| echo "Usage: $0 passthetorch [keyname]" >> /dev/stderr | ||
| echo "For example: $0 passthetorch jfly-kaladin-arch" >> /dev/stderr | ||
| exit 1 | ||
| } | ||
| if [ $# -ne 0 ]; then | ||
| if [ $# -ne 1 ]; then | ||
| print_command_usage_and_exit | ||
| fi | ||
|
|
||
| keyname=$1 | ||
| shift | ||
|
|
||
| find_instance_by_name production_instance_id ${PRODUCTION_SERVER_NAME} | ||
| echo "Found instance '${PRODUCTION_SERVER_NAME}' with id ${production_instance_id}!" | ||
|
|
||
| find_instance_by_name new_server_id ${TEMP_NEW_SERVER_NAME} | ||
| echo "Found instance '${TEMP_NEW_SERVER_NAME}' with id ${new_server_id}!" | ||
|
|
||
| get_instance_domain_name domain_name ${new_server_id} | ||
| get_pem_filename pem_filename ${keyname} | ||
| ssh_command="ssh -i ${pem_filename} -o StrictHostKeyChecking=no -A ubuntu@${domain_name}" | ||
| ${ssh_command} 'sudo cp /home/ubuntu/.ssh/authorized_keys /home/cubing/.ssh/authorized_keys && sudo chown cubing:cubing /home/cubing/.ssh/authorized_keys' | ||
| ssh_command="ssh -i ${pem_filename} -o StrictHostKeyChecking=no -A cubing@${domain_name}" | ||
| test_ssh_agent_forwarding "${ssh_command}" | ||
|
|
||
| # Do a quick smoke test of the new server. | ||
| echo "Testing out new server at ${domain_name}" | ||
|
|
@@ -324,15 +354,11 @@ function passthetorch() { | |
| echo "The new server at ${domain_name} appears to be working." | ||
| echo "We're almost ready to assign it the elastic ip address ${ELASTIC_IP}" | ||
|
|
||
| addhostfile | ||
| echo "NOTE: This server is not live yet! I just added an entry to your hostsfile (www.worldcubeassociation.org should now resolve to ${ip_address}) so you can test it out manually before we switchover the elastic ip address." | ||
| echo "Try visiting https://www.worldcubeassociation.org/server-status in your web browser. At the bottom, you should see ip address ${expected_ip}." | ||
| echo "If you do not, then our attempt to edit /etc/hosts probably failed and you're still communicating with the current production server." | ||
| echo "If everything looks good, then run '$0 passthetorch' to switchover to the new server." | ||
|
|
||
| wait_for_confirmation "HOLD ONTO YOUR BUTTS" | ||
| # The contents of the secrets directory on the live production server may | ||
| # have changed since the user spun up this new server. | ||
| rsync_secrets "${ssh_command}" | ||
|
|
||
| removehostsfile | ||
| disable_old_cron | ||
|
|
||
| aws ec2 associate-address --public-ip ${ELASTIC_IP} --instance-id ${new_server_id} | ||
| echo "" | ||
|
|
@@ -415,6 +441,9 @@ if ! containsElement "$COMMAND" "${COMMANDS[@]}"; then | |
| print_usage_and_exit | ||
| fi | ||
|
|
||
| check_deps | ||
| test_aws_cli | ||
|
|
||
| if [ "$COMMAND" == "new" ]; then | ||
| new "$@" | ||
| elif [ "$COMMAND" == "passthetorch" ]; then | ||
|
|
||