-
Notifications
You must be signed in to change notification settings - Fork 40
/
cloud-init.yaml
88 lines (77 loc) · 2.3 KB
/
cloud-init.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#cloud-config
---
users:
- name: egi
gecos: EGI
primary_group: egi
groups: users
shell: /bin/bash
sudo: ALL=(ALL) NOPASSWD:ALL
ssh_import_id:
- gh:enolfc
- gh:gwarf
packages:
- git
- jq
- python3-openstackclient
- python3-pip
- python3-venv
- retry
snap:
commands:
0: snap install yq
write_files:
- content: |
#!/bin/sh
set -e
mkdir -p /var/tmp/egi
cd /var/tmp/egi || exit
systemctl start notify
# Valid GitHub token to access the repo
OAUTH_TOKEN="%TOKEN%"
SLACK_WEBHOOK_URL="%SLACK_WEBHOOK_URL%"
COMMIT_SHA="%REF%"
SHORT_COMMIT_SHA="%SHORT_REF%"
FEDCLOUD_LOCKER_TOKEN="%FEDCLOUD_LOCKER_TOKEN%"
TAGS="%TAGS%"
# get the repo code and untar at cwd
curl -L -H "Accept: application/vnd.github.v3+raw" \
"https://api.github.com/repos/EGI-Federation/fedcloud-catchall-operations/tarball/$COMMIT_SHA" | \
tar xz --strip=1
cd deploy
./deploy.sh "$OAUTH_TOKEN" "$COMMIT_SHA" "$FEDCLOUD_LOCKER_TOKEN" \
"$TAGS" "$SHORT_COMMIT_SHA" "$SLACK_WEBHOOK_URL"
path: /var/lib/cloud/scripts/per-boot/deploy.sh
permissions: "0755"
- content: |
#!/bin/sh
mkdir -p /var/tmp/egi
VM_ID="$(cloud-init query instance_id)"
cloud-init status --wait -l > "/var/tmp/egi/$VM_ID"
# try 10 times, otherwise just die
retry -t 10 -d 90 -- openstack --os-cloud backend object create \
--name "$VM_ID" fedcloud-catchall "/var/tmp/egi/$VM_ID"
path: /usr/local/bin/notify.sh
permissions: "0755"
- content: |
[Unit]
Description=Notify the github action
[Service]
ExecStart=/usr/local/bin/notify.sh
[Install]
WantedBy=multi-user.target
path: /etc/systemd/system/notify.service
- content: "%CLOUDS_YAML%"
encoding: base64
path: /etc/openstack/clouds.yaml
permissions: "0644"
- content: |
# Created by cloud-init
#
# 1. Access is restricted to members of the vo.cloud.egi.eu VO with the auditor role
# urn:mace:egi.eu:group:cloud.egi.eu:role=auditor#aai.egi.eu
#
# 2. Once logged in, they have unrestricted sudo power:
%egi-eu_cloud-egi-eu ALL=(ALL) NOPASSWD:ALL
path: /etc/sudoers.d/motley
permissions: "0644"