launch an instance with:
2 disks:
:a primary (root) disk of 15 GB
:a secondary disk of 10 GB which will be mounted on /var/lib/docker (maybe change to something bigger)
2 interfaces:
:ens5 on VPC subnet prod-1a|b|c-1
:ens6 on VPC subnet prod-1a|b|c-2
configure the following security groups:
for ens5:
:sg-09834c6cb90ec9144 (SSH-from-bitbucket-pipelines)
:sg-02c1ccd94356e299c (Allow_ALL_from_Trusted)
:sg-029f396ec80e88fdc (allow_all_vpc-04345)
for ens6:
:sg-05f87aad7c198835b (ALLOW_ALL)
allocate an elastic IP and associate it to ens5
create a third network interface on VPC subnet prod-1a|b|c-3 with security group sg-05f87aad7c198835b (ALLOW_ALL)
remove any existing network configuration
rm /etc/netplan/50-cloud-init.yaml
vi /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
network: {config: disabled}
vi /etc/netplan/50-mnemonica.yaml
network:
```
version: 2
ethernets:
ens5:
dhcp4: true
match:
macaddress: 06:e4:52:74:da:80
set-name: ens5
ens6:
dhcp4: true
dhcp4-overrides:
use-dns: false
use-routes: false
match:
macaddress: 06:a7:66:35:ca:68
set-name: ens6
routes:
- to: 192.168.22.0/24
via: 192.168.17.1
on-link: true
- to: 192.168.27.0/24
via: 192.168.17.1
on-link: true
- to: 172.31.45.114/32
via: 192.168.17.1
on-link: true
ens7:
dhcp4: true
dhcp4-overrides:
use-dns: false
use-routes: false
match:
macaddress: 06:52:95:26:ba:02
set-name: ens7
routes:
- to: 192.168.23.0/24
via: 192.168.18.1
on-link: true
- to: 192.168.28.0/24
via: 192.168.18.1
on-link: true
```
netplan apply
fdisk /dev/nvme1n1
[...]
Created a new partition 1 of type 'Linux' and of size 10 GiB.
mkfs.ext4 /dev/nvme1n1p1
mkdir /var/lib/docker
fallocate -l 2G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
mkdir /mnt/nfs
blkid
[...]
/dev/nvme1n1p1: UUID="3e752b4f-7ef1-429e-a3d9-45a7c101d7be" TYPE="ext4" PARTUUID="a18d06ed-01"
/etc/fstab adding the secondary disk mount in /var/lib/docker, the swap partition and the NFS mountLABEL=cloudimg-rootfs / ext4 defaults,discard 0 0 LABEL=UEFI /boot/efi vfat defaults 0 0 UUID="3e752b4f-7ef1-429e-a3d9-45a7c101d7be" /var/lib/docker ext4 defaults 0 0 /swapfile none swap sw 0 0 192.168.23.67:/mnt/nfs/prod /mnt/nfs nfs4 rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport 0 0
apt get install nfs-common
mount -a
vi /etc/login.defs
PASS_MAX_DAYS 180
#!/bin/bash
for name in jeremy vincenzo; do
```
echo -n "adding user $name..."
useradd -m -s /bin/bash -G sudo $name
echo "$name:change.me" | chpasswd
chage -d0 $name
if [ $name == "jeremy" ]; then
key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEYu5cXdS7ZFNQHeLOS7VMUJQSiPfHMe/G+KEsUjKb0OUf5UU3Csg3LSnKRL/zTQQwEw/rmjiHoEpr2k8gZb8EEvZlM1BQKgThe1hC7pj9ynxUU5J4LfeQmDBVuLtp+fLe1kLRzNVjQfqH8INe/46G18E5erSidRzjGXNo+JnGA077F19sQeI4mOqBhNKPBP2FnkM1pz+V5VuP2KQFJYX64KDgR66gF1OR5mnci2ceIagm206VghI80JCT/ZPdjulHNEYoAPIZVQR5r7Fr5395qyVREZXFjeQCDOhTygLhntIDgXHn0qrgVcq6Mqso2IE3tC6qWZJXKgMIzveNGMNB jeremy@revo"
elif [ $name == "vincenzo" ]; then
key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCz6sGvuffPMFxd/SkpBfJru2MI61OEw21Iw0MwHEsy7S/yKzaJwYgRK2Lm/SiZR4oyuTArlBQalO2ti/tQKtLcsHE5SkTGMklJORJ6xvRyMYKjmhTn+IHtM4t8foKZU/g6ikt6SOD9mF6eWPWdKWHXfnfjSQW1pKsbndAJ0E42DocLT+n9dhZBGkVfTp/zzxWkAjA212L2Oj99eMNh7fQeoeSdeCluYwemFFyhK2JEXL+WYYJMaYxmKb5kXIFEtAljxrlbIH6GqhXjMuFaNvhyt7C7F6g6JfGY+PH94z3tPD+huaq92HCpSG60UaEt/ko4Qunc4xb1m/NyRkn2xfMX negatron@katorz
ssh-rsa\n AAAAB3NzaC1yc2EAAAADAQABAAABAQDodfs5ymhFydA7C9iApvqO3JJuf6gFO19g5qzL9I6zciUkt3/pH7MQ+kGTHBsefTFWeAmZBKKQACZnbq3owpTm3k+eEiRcsCt5rmzU3pxZSsdfY9ButE+uh6o/tLQp9wEEZMpsqyqKI76GuTktmcF0+d/llsZEZAOAcHb9fq7mgqDRbr7XP8Veosp1mxldCyygHKec+i0G0tROLEa+3WccgOqGwY9n7hHXgR/krPff0h1TOkH6SMkydQxZpVZkC12YMndlXmCKcmp25ErhlLLZpRaqFg+HaspXTvJvR5r20OvObEGCcuU9xQk2zED251H2SQTJQhbsI6u6vOuSKm7B negatron@nanoman"
else
echo -n ""
fi
mkdir /home/$name/.ssh/
echo -e $key > /home/$name/.ssh/authorized_keys
echo " done."
```
done
change the password for user ubuntu (streamliners)
edit /home/ubuntu/.ssh/authorized_keys leaving only the AWS generated key
edit /etc/sudoers.d/90-cloud-init-users and comment out
#ubuntu ALL=(ALL) NOPASSWD:ALL
curl -s https://packagecloud.io/install/repositories/sensu/stable/script.deb.sh | bash
apt update
apt install sensu-go-agent
apt install nagios-plugins-basic
vi /etc/sensu/agent.yml
subscriptions:
- system
- nfs-prod
labels:
nfs_file: "/mnt/nfs/nfs_ctrl-20190807042841"
nfs_file_hash: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
backend-url:
- "ws://52.215.3.31:8081"
api-port: 3131
socket-port: 3130
systemctl enable sensu-agent.service
systemctl restart sensu-agent.service
apt update
apt install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository \
"deb [arch=arm64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
apt install docker-ce=5:18.09.7~3-0~ubuntu-bionic docker-ce-cli=5:18.09.7~3-0~ubuntu-bionic containerd.io
systemctl enable docker
0 */12 * * * root perl -e 'sleep int(rand(43200))' && docker system prune --all --force
/etc/docker/daemon.json for logging and monitoring{
```
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"metrics-addr" : "0.0.0.0:9323",
"experimental" : true
```
}
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-5wv870qe9lvx1syb8ms1n2z28jzfxmhx57fi83z36tyklwy9uc-0jn05mwv2kg94q9hwegs83mhw 192.168.17.10:2377
To add a manager to this swarm, run the following command:
docker swarm join --token SWMTKN-1-5wv870qe9lvx1syb8ms1n2z28jzfxmhx57fi83z36tyklwy9uc-6keyy79xgajamz341egyev2ze 192.168.17.10:2377
Add the node to AWS target groups
TBD*