-
-
Save mriddle/3683000 to your computer and use it in GitHub Desktop.
Ubuntu 12.04 Chef-Solo bootstrap (VPSBlocks)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -xe | |
| #THIS SCRIPT MUST BE RUN AS ROOT | |
| ADMIN_USER=admin | |
| ADMIN_GROUP=admin | |
| #add admin group | |
| (cat /etc/group | grep -E '\b$ADMIN_GROUP\b') || sudo groupadd $ADMIN_GROUP | |
| #add admin user | |
| (cat /etc/passwd | grep -E "\b$ADMIN_USER\b:x") || useradd -m -s /bin/bash $ADMIN_USER -g $ADMIN_GROUP | |
| #sudoless access for admin user | |
| (cat /etc/sudoers | grep -E "^$ADMIN_USER\b.*NOPASSWD") || echo "$ADMIN_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers | |
| #configure SSH | |
| SSH_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCXAYYXngvwMBAHwpW2dOT7Wl9kNmnGDegoc7ehIJju2kO8KYb3r6BTtHNOurMV3TJTNP8myoHmzl1UhPIQ5DGq6L2W+74Y4euAvHl16BI+rEzAQqf+pVYHc8iRYecqAIuPUeDTXWrj3VOD6n6pGitHlR5dS4nSm0Q+t6+CQcyXqE6nAbKjS2GTihQ+mTso7iPOYeHRDjmepsZY0Vva3lY1db28baCxP7omKuJydLXyUvaI+HrtPXt7WwYrXql+dnKp2Xh5+t0B4kCeVfmigy352XEUACy/M/vfjA79s3yYAcMznajTAT6tX6jPcN8S9FhF6J0HwL4U/KIJDGrgq8N [email protected]" | |
| SSH_DIR=/home/$ADMIN_USER/.ssh | |
| mkdir -p -m 700 $SSH_DIR | |
| echo $SSH_KEY > $SSH_DIR/authorized_keys | |
| chmod 600 $SSH_DIR/authorized_keys | |
| chown -R $ADMIN_USER:$ADMIN_GROUP $SSH_DIR | |
| #disable password access | |
| sed -E -i 's/.*PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config | |
| sed -E -i 's/.*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config | |
| restart ssh | |
| apt-get update | |
| apt-get upgrade -y --force-yes | |
| ntpdate ntp.ubuntu.com | |
| #install ruby | |
| RUBY_PATCH=p194 | |
| apt-get -y install build-essential zlib1g-dev libssl-dev libreadline-dev libyaml-dev libcurl4-openssl-dev | |
| cd /tmp | |
| wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-$RUBY_PATCH.tar.gz | |
| tar -xvzf ruby-1.9.3-$RUBY_PATCH.tar.gz | |
| cd ruby-1.9.3-$RUBY_PATCH/ | |
| ./configure --prefix=/usr/local | |
| make | |
| make install | |
| #install chef | |
| gem install chef ruby-shadow --no-ri --no-rdoc | |
| mkdir -p /var/chef | |
| chown $ADMIN_USER:$ADMIN_GROUP /var/chef/ | |
| #init git | |
| apt-get install -y git-core | |
| mkdir -p /var/www/shared/ | |
| mkdir -p /var/www/releases/ | |
| chown $ADMIN_USER:$ADMIN_GROUP -R /var/www | |
| #set firewall rules | |
| ufw default deny | |
| ufw allow ssh | |
| ufw allow 80/tcp | |
| echo y | ufw enable | |
| reboot now |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment