Skip to content

Instantly share code, notes, and snippets.

@pkolyvas

pkolyvas/cloud-init-userdata-tf.sh Secret

Created August 15, 2024 21:47
Show Gist options
  • Save pkolyvas/331ac52029801cd38190600ffecb05f2 to your computer and use it in GitHub Desktop.
Save pkolyvas/331ac52029801cd38190600ffecb05f2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cloud-init-userdata-tf.sh
# Initial update and upgrade
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
# Setup promtail sources
mkdir -p /etc/apt/keyrings/
wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor > /etc/apt/keyrings/grafana.gpg
echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee /etc/apt/sources.list.d/grafana.list
# Install necessary tools & services
DEBIAN_FRONTEND=noninteractive apt-get update
DEBIAN_FRONTEND=noninteractive apt-get -y install promtail postfix curl git plocate net-tools
# Configuring postgres logging permissions
sed -i 's/su root root/su root adm/g' /etc/logrotate.d/postgresql-common
logrotate /etc/logrotate.d/postgresql-common
# Configure Logging
usermod -aG systemd-journal promtail
usermod -aG adm promtail
rm /etc/promtail/config.yml
cat << EOF >> /etc/promtail/config.yml
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: http://${loki-endpoint}/loki/api/v1/push
scrape_configs:
- job_name: system
static_configs:
- targets:
- localhost
labels:
job: ${system_name}-varlogs
#NOTE: Need to be modified to scrape any additional logs of the system.
__path__: /var/log/**.log
- targets:
- localhost
labels:
job: ${system_name}-syslog
__path__: /var/log/syslog
- targets:
- localhost
labels:
job: ${system_name}-postgres
__path__: /var/log/postgresql/**.log
EOF
systemctl restart promtail.service
# Configure Mail Satellite
sudo sed -i '/^relayhost =/c\relayhost = ${postfix-satellite}' /etc/postfix/main.cf
systemctl restart postfix
# Configure PK Access
useradd -m -s /bin/bash ${user_account}
mkdir /home/${user_account}/.ssh
touch /home/${user_account}/.ssh/authorized_keys
echo ${authorized_keys} | tee -a /home/${user_account}/.ssh/authorized_keys
chown -R ${user_account}:${user_account} /home/${user_account}/.ssh
chmod -R go-rwx /home/${user_account}/.ssh
echo '${user_account} ALL=(ALL:ALL) NOPASSWD:ALL' | tee -a /etc/sudoers
# Setup swap without knowing which device will be assigned in which order
devices=$(ls /dev/nvme*n1)
for device in $devices; do
# Check if the device has any partitions
partitions=$(ls $device*p* 2> /dev/null)
# If no partitions, then setup swap
if [ -z $partitions ]; then
echo 'type=82' | sfdisk $device
partition="p1"
mkswap $device$partition
swapon $device$partition
PARTUUID=$(blkid -s UUID -o value $device$partition)
echo "UUID=$PARTUUID none swap sw 0 0" >> /etc/fstab
fi
done
# Purge snap
snap remove amazon-ssm-agent lxd
snap remove core20 core18
DEBIAN_FRONTEND=noninteractive apt -y purge snapd
# install tutor
apt install -y python3.12-venv ca-certificates curl python3-pip
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
usermod -aG docker ${user_account}
sudo -u ${user_account} python3 -m venv /home/${user_account}/tutor_env
sudo -u ${user_account} cat << EOF >> /home/${user_account}/tutor_install.sh
#! /bin/bash
echo "source /home/${user_account}/tutor_env/bin/activate" >> /home/${user_account}/.bashrc
source /home/${user_account}/tutor_env/bin/activate
pip install --upgrade setuptools
pip install "tutor[full]==${tutor_version}"
EOF
sudo -u ${user_account} /bin/bash /home/${user_account}/tutor_install.sh
# Setup Tutor configuration
sudo -u ${user_account} mkdir -p /home/${user_account}/.local/share/tutor
sudo -u ${user_account} cat << EOF >> /home/${user_account}/.local/share/tutor/config.yml
CMS_HOST: builder.${base_url}
CONTACT_EMAIL: ${contact_email}
ENABLE_HTTPS: true
LANGUAGE_CODE: en
LMS_HOST: ${base_url}
PLATFORM_NAME: The LCEEQ Online PD Platform
PLUGINS:
- forum
- indigo
- mfe
PLUGIN_INDEXES:
- https://overhang.io/tutor/main
- https://overhang.io/tutor/contrib
RUN_SMTP: false
SMTP_HOST: smtp.mailgun.org
SMTP_PASSWORD: ${mailgun_smtp_pass}
SMTP_PORT: 587
SMTP_USERNAME: ${mailgun_username}
SMTP_USE_SSL: false
SMTP_USE_TLS: true
EOF
chown ${user_account}:${user_account} /home/${user_account}/.local/share/tutor/config.yml
sudo -u ${user_account} ln -s /home/${user_account}/.local/share/tutor/config.yml /home/${user_account}/
sudo -u ${user_account} mkdir /home/${user_account}/.local/share/tutor-plugins
sudo -u ${user_account} ln -s /home/${user_account}/.local/share/tutor-plugins /home/${user_account}/
# Create Google Social Login
sudo -u ${user_account} cat << EOF >> /home/${user_account}/tutor-plugins/third-party-auth.yml
name: third-party-auth
version: 1.0.0
patches:
common-env-features: |
ENABLE_THIRD_PARTY_AUTH: true
openedx-auth: |
SOCIAL_AUTH_OAUTH_SECRETS: {"google-oauth2": "client-secret-from-google", "azuread-oauth2": "client-secret-from-microsoft"}
lms-env: |
THIRD_PARTY_AUTH_BACKENDS: ["social_core.backends.google.GoogleOAuth2", "social_core.backends.azuread.AzureADOAuth2"]
EOF
sudo chown ${user_account}:${user_account} /home/${user_account}/tutor-plugins/third-party-auth.yml
# Create tutor config script
# This script installs all the core plugins for EdX
sudo -u ${user_account} cat << EOF >> /home/${user_account}/tutor_config.sh
#! /bin/bash
echo "Updating plugins..."
tutor plugins update
echo "Installing Cairn plugin for Tutor..."
tutor plugins install cairn
echo "Enabling Cairn plugin for Tutor..."
tutor plugins enable cairn
echo "Installing Codejail plugin for Tutor..."
pip install git+https://github.com/edunext/tutor-contrib-codejail@${codejail_version}
echo "Enabling Codejail plugin for Tutor..."
tutor plugins enable codejail
echo "Saving Tutor configuration..."
tutor config save
tutor local do init --limit codejail
echo "Configuring auth plugins..."
echo "Please enter your Google Client Secret:"
read google_client_secret
google_placeholder="client-secret-from-google"
google_client_secret="\$google_client_secret"
auth_plugin="/home/${user_account}/tutor-plugins/third-party-auth.yml"
sed -i "s/\$google_placeholder/\$google_client_secret/g" "\$auth_plugin"
echo "Please enter your Azure AD Client Secret:"
read microsoft_client_secret
microsoft_placeholder="client-secret-from-microsoft"
microsoft_client_secret="\$microsoft_client_secret"
sed -i "s/\$microsoft_placeholder/\$microsoft_client_secret/g" "\$auth_plugin"
echo "Enabling auth plugins..."
tutor plugins enable third-party-auth
tutor config save
pip show tutor
EOF
chown ${user_account}:${user_account} /home/${user_account}/tutor_config.sh
chmod u+x /home/${user_account}/tutor_config.sh
# Create tutor init script on reboot
sudo -u ${user_account} cat << EOF >> /home/${user_account}/tutor_start.sh
#! /bin/bash
tutor local do init --limit codejail
tutor local launch
EOF
chown ${user_account}:${user_account} /home/${user_account}/tutor_start.sh
chmod u+x /home/${user_account}/tutor_start.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment