separate controller/node ec2 ami prep

Author: Gabriel Monroy

contrib/ec2/prepare-controller-ami.sh

@@ -0,0 +1,74 @@
+#!/bin/bash -ex
+
+#
+# Prepare a Deis-optimized Controller AMI from a vanilla Ubuntu 12.04
+#
+# Instructions:
+#
+#   1. Launch a vanilla Ubuntu 12.04 instance (64-bit with an EBS root volume)
+#   2. SSH in and install the 3.8 kernel with:
+#      apt-get update && apt-get install -yq linux-image-generic-lts-raring linux-headers-generic-lts-raring && reboot
+#   3. After reboot is complete, SSH in and `uname -r` to confirm kernel is 3.8
+#   4. Run this script (as root!) to optimize the image for fast boot times
+#   5. Create a new AMI from the root volume
+#   6. Distribute the AMI to other regions using `ec2-copy-image`
+#   7. Update `provision-ec2-controller.sh` script with new AMIs
+#
+
+# Remove old kernel(s)
+dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' | xargs sudo apt-get -y purge
+
+# Add the Docker repository key to your local keychain
+# using apt-key finger you can check the fingerprint matches 36A1 D786 9245 C895 0F96 6E92 D857 6A8B A88D 21E9
+curl https://get.docker.io/gpg | apt-key add -
+
+# Add the Docker repository to your apt sources list.
+echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list
+
+# upgrade to latest packages
+apt-get update
+apt-get dist-upgrade -yq
+
+# install required packages
+apt-get install lxc-docker-0.7.6 fail2ban curl git inotify-tools make python-setuptools python-pip -yq
+
+# wait for docker to start
+while [ ! -e /var/run/docker.sock ] ; do
+  inotifywait -t 2 -e create $(dirname /var/run/docker.sock)
+done
+
+# pull docker images
+docker pull deis/etcd
+docker pull deis/postgres
+docker pull deis/redis
+docker pull deis/server
+docker pull deis/worker
+docker pull deis/registry
+docker pull deis/builder
+docker pull deis/rsyslog
+
+# install chef 11.x deps
+apt-get install -yq ruby1.9.1 ruby1.9.1-dev make
+update-alternatives --set ruby /usr/bin/ruby1.9.1
+update-alternatives --set gem /usr/bin/gem1.9.1
+
+# clean and remove old packages
+apt-get clean
+apt-get autoremove -yq
+
+# reset cloud-init
+rm -rf /var/lib/cloud
+
+# purge SSH authorized keys
+rm -f /home/ubuntu/.ssh/authorized_keys
+rm -f /root/.ssh/authorized_keys
+
+# remove /etc/chef so contents can't intefere with
+# node being converged (i.e. old keys)
+rm -f /etc/chef/*
+
+# purge /var/log
+find /var/log -type f | xargs rm
+
+# flush writes to block storage
+sync

contrib/ec2/prepare-ubuntu-ami.sh contrib/ec2/prepare-node-ami.shcontrib/ec2/prepare-ubuntu-ami.sh renamed to contrib/ec2/prepare-node-ami.sh

@@ -1,7 +1,7 @@
 #!/bin/bash -ex
 
 #
-# Prepare a Deis-optimized AMI from a vanilla Ubuntu 12.04
+# Prepare a Deis-optimized Node AMI from a vanilla Ubuntu 12.04
 #
 # Instructions:
 #
@@ -18,15 +18,6 @@
 # Remove old kernel(s)
 dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' | xargs sudo apt-get -y purge
 
-apt-get install fail2ban python-software-properties -y
-
-# Add the Nginx repository key to our local keychain
-# using apt-key finger you can check the fingerprint matches 573B FD6B 3D8F BC64 1079  A6AB ABF5 BD82 7BD9 BF62
-curl http://nginx.org/keys/nginx_signing.key | apt-key add -
-
-# Add the Nginx repository to our apt sources list
-echo deb http://nginx.org/packages/ubuntu precise nginx > /etc/apt/sources.list.d/nginx-ppa.list
-
 # Add the Docker repository key to your local keychain
 # using apt-key finger you can check the fingerprint matches 36A1 D786 9245 C895 0F96 6E92 D857 6A8B A88D 21E9
 curl https://get.docker.io/gpg | apt-key add -
@@ -39,15 +30,15 @@ apt-get update
 apt-get dist-upgrade -yq
 
 # install required packages
-apt-get install lxc-docker-0.7.6 curl git inotify-tools make python-setuptools python-pip -yq
+apt-get install lxc-docker-0.7.6 fail2ban curl git inotify-tools make python-setuptools python-pip -yq
 
 # wait for docker to start
 while [ ! -e /var/run/docker.sock ] ; do
   inotifywait -t 2 -e create $(dirname /var/run/docker.sock)
 done
 
-# pull progrium/cedarish docker image
-docker pull progrium/cedarish
+# pull docker images
+docker pull deis/slugrunner
 
 # install chef 11.x deps
 apt-get install -yq ruby1.9.1 ruby1.9.1-dev make

contrib/ec2/provision-ec2-controller.sh

@@ -34,9 +34,9 @@ fi
 #################
 # chef settings #
 #################
-node_name=deis-controller
+node_name=deis-controller-ec2
 run_list="recipe[deis::controller]"
-chef_version=11.6.2
+chef_version=11.8.2
 
 #######################
 # Amazon EC2 settings #
@@ -59,7 +59,7 @@ elif [ "$region" == "us-east-1" ]; then
 elif [ "$region" == "us-west-1" ]; then
   image=ami-62477527
 elif [ "$region" == "us-west-2" ]; then
-  image=ami-ea6001da
+  image=ami-ac690a9c
 else
   echo "Cannot find AMI for region: $region"
   exit 1
@@ -89,6 +89,7 @@ if ! ec2-describe-group | grep -q "$sg_name"; then
   ec2-authorize deis-controller -P tcp -p 80 -s $sg_src >/dev/null
   ec2-authorize deis-controller -P tcp -p 443 -s $sg_src >/dev/null
   ec2-authorize deis-controller -P tcp -p 514 -s $sg_src >/dev/null
+  ec2-authorize deis-controller -P tcp -p 2222 -s $sg_src >/dev/null
   set +x
 else
   echo_color "Security group $sg_name exists"
@@ -107,7 +108,6 @@ else
 fi
 
 # create data bags
-knife data bag create deis-users 2>/dev/null
 knife data bag create deis-formations 2>/dev/null
 knife data bag create deis-apps 2>/dev/null