stage1-fedora

by mj3romin
25 deployments · 23 still active · last rev. 10 days ago

This stackscript will download a private git repo and then execute a second stage script within the repo named "stage2-fedora.sh". It is assumed that subsequent changes will be delegated to configuration management (ie. ansible, puppet, chef, etc.) and that vaulted secrets can be decrypted using password in variable VAULT_PASSWORD.

Compatible with: Fedora 27, Fedora 28, Fedora 29
						#!/usr/bin/env bash
#
#<UDF name="GIT_REPO" label="The git repository where second stage scripts can be pulled via HTTPS / SSH." example="https://github.com/mjeromin/linode-provisioning.git" />
#<UDF name="GIT_BRANCH" label="The git repository branch where second stage scripts can be pulled." default="master" />
#<UDF name="GIT_ACCESS_KEY64" label="An unencrypted, base64 encoded RSA private access key to pull the git repo if using SSH." default="" />
#<UDF name="VAULT_PASSWORD" label="The password that can be used to decrypt vault files (ie. ansible-vault)." default="" />

touch /root/.stage1_started

# install git client
yum install -y git  | tee -a /root/.stage1_stdout
[[ $? -ne 0 ]] && echo "ERROR: yum install git" >> /root/.stage1_error

# install vault password
[[ -n "$VAULT_PASSWORD" ]] && \
	echo $VAULT_PASSWORD > /root/.vault_pass

# install ssh access key
if [[ -n "$GIT_ACCESS_KEY64" ]]; then
    echo "$GIT_ACCESS_KEY64" | base64 -d > /root/.ssh/id_rsa_git
    chmod 0600 /root/.ssh/id_rsa_git
    echo "Host *" > /root/.ssh/config
    echo "  IdentityFile /root/.ssh/id_rsa_git" >> /root/.ssh/config
fi

# install github's public hostkey
cat > /root/.ssh/known_hosts << EOF 
github.com,* ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
EOF

# clone the repo
git clone -b $GIT_BRANCH $GIT_REPO /root/git_repo | tee -a /root/.stage1_stdout
[[ $? -ne 0 ]] && \
    echo "ERROR: git clone -b $GIT_BRANCH $GIT_REPO /root/git_repo" >> /root/.stage1_error

# trigger second stage2  script
/root/git_repo/stage2-fedora.sh  id="${LINODE_ID}" \
                                 git_repo="${GIT_REPO}" \
                                 git_branch="${GIT_BRANCH}" | tee -a /root/.stage1_stdout
[[ $? -ne 0 ]] && \
    echo ERROR: /root/git_repo/stage2-fedora.sh id=${LINODE_ID} \
                                                git_repo=${GIT_REPO} \
                                                git_branch=${GIT_BRANCH} >> /root/.stage1_error

# cleanup
[[ ! -e /root/.stage1_error ]] && \
    rm -rf /root/git_repo

touch /root/.stage1_ended