#cloud-config # Tell cloud-init to log the output to a log file output: {all: '| tee -a /var/log/cloud-init-output.log'} # /var/www/aws/aws-nwo-lam1-Ubuntu-CloudInit.txt - Initialize lam1.duckdns.org # # https://aws.lam1.us/a/Amazon_Web_Services_(AWS) # # This version uses the LAM EFS private repo copies and then sets the URL # to git@ak20:${REPO}.git or git@github.com:LAMurakami/${REPO}.git as # appropriate. bootcmd: - echo - echo Report kernel version - uname -a - echo - echo Report Release version - head /etc/*release - echo - echo Report AWS EC2 metadata for this instance - ec2metadata | grep -v '^user-data' - echo - echo List Installed Packages information - dpkg -l # Set hostname hostname: lam1 # Set timezone timezone: US/Alaska # Upgrade apt database on first boot apt_update: true # Upgrade the instance on first boot apt_upgrade: true # Install additional packages on first boot packages: - rcs - nfs-common - awscli - mailutils - swish++ - libio-captureoutput-perl - libcgi-pm-perl - libdbi-perl - libdbd-mysql-perl - php - php-gd - texlive - php-xml* - lynx - apache2-doc - libapache2-mod-perl2 - libbsd-resource-perl - libapache2-reload-perl - apache2-suexec-custom - mariadb-client - mariadb-server - php-mysql - libapache2-mod-php - x11-apps - whois - libgtk2.0-0 - mlocate - php-mbstring - glances ssh_import_is: [ubuntu] ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAYEAnNqVrt71AKSIMmSAIONBx4jIEK0IIZF5fSAaB9kI4oOK+t7aSTKAZwwgKHWJ536XFdR3Ql5Xi0r2CuUEf1GVEagAxLZTXRuim5UGmS63rfSxGwq9JQVg5WDbN5ilnGxSmqsD77SApvmffcO/T2zZWd+rrjMWWRi9zQwRdQRm60bc69ajJbjIJd8SCXIggUPzTkUz5Sca7dhdffcMpGR9bdexFln+YSli1ohtvs2zVBM4ncpufGS+Auax8+gQNr32QeSszlKuKsXYorZ9gl+Z8s62mX5yCXIrH2hWoHsCTUX38iVM8/wI6sPVosarkng7mPOOQLy5k50Y0cb9FRQGlrvmQqsc3fI7tC1fblhKL0HaY844kIZRHwFuOI04ik+b8Swdjed6+FH/RIKppuOY+qfdmv8gcX4ZhpbKg+JN+u5Xy5awpUFqhsbBdCz0MvLNPKEbDNCFokX8nL0HqGeABk2DOJ1+IOFz5pIiCL31LTVGTQ0AwXp3nkaHZykJNrcB Authentication from lam@laptop.lam1.us runcmd: - echo - echo 'Report AWS EC2 user-data for this instance (CloudInit directives)' # Allow for either gzip compressed user-data or plain text user-data - (curl -s http://169.254.169.254/latest/user-data | gunzip) || curl -s http://169.254.169.254/latest/user-data - echo - echo 'Set git user name, email for system' - git config --system user.name "LAMurakami" - git config --system user.email GitHub@LAMurakami.com - git config --system core.editor vi - git config --system branch.autosetuprebase always - echo - echo 'Install etckeeper to track configuration changes' - apt-get install etckeeper - echo - echo Adding nfs4 mount to AWS NW-O VPC Elastic File System - mkdir /mnt/efs - chown ubuntu:ubuntu /mnt/efs - nfsOpt="nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0" - echo "172.31.14.159:/ /mnt/efs nfs4 ${nfsOpt}" >> /etc/fstab - mount -a -t nfs4 - echo - echo 'Adding a swapfile' - dd if=/dev/zero of=/swapfile bs=32M count=8 - chmod 600 /swapfile - mkswap /swapfile - swapon /swapfile - echo "/swapfile swap swap defaults 0 0" >> /etc/fstab - echo - echo 'Set hostname and localhost alias in /etc/hosts' - sed -i '1s/localhost/lam1.lam1.us lam1 localhost/' /etc/hosts - echo - echo 'Installing leafpad compiled for Ubuntu Server 20.04' - tar -xzf /mnt/efs/aws-lam1-ubuntu/leafpad-Ubuntu-20-04.tgz --directory /usr/local - file /usr/local/bin/leafpad - echo - echo 'Installing GNU which v2.21 compiled for Ubuntu Server 20.04' - tar -xzf /mnt/efs/aws-lam1-ubuntu/which-Ubuntu-20-04.tgz --directory /usr/local - file /usr/local/bin/which - echo - echo 'Installing GNU tnef 1.4.18 compiled for Ubuntu Server 20.04' - tar -xzf /mnt/efs/aws-lam1-ubuntu/tnef-Ubuntu-20-04.tgz --directory /usr/local - file /usr/local/bin/tnef - echo - echo 'Listen for ssh connections on alternate port 55520 and add ssh Banner' - git clone /mnt/efs/git/etc.git /tmp/ubuntu-etc - cp /tmp/ubuntu-etc/ssh/sshd_config /etc/ssh - cp /tmp/ubuntu-etc/ssh/Banner.txt /etc/ssh - systemctl restart sshd - echo - echo Check US Alaska local time for this system - ls -lF --time-style=long-iso /etc/localtime - echo - echo Installing ubuntu user bash resources - tar -xzf /mnt/efs/aws-lam1-ubuntu/ubuntu.tgz --directory /home/ubuntu - echo - echo '***** Secure site *****' - echo - echo 'Installing Let-s Encrypt certificates for TLS encryption (HTTPS)' - tar -xzf /mnt/efs/aws-lam1-ubuntu/letsencrypt.tgz --directory /etc - echo - echo 'Updating apache2 configuration for lam1' - a2enmod ssl - a2enmod info - a2enmod authz_groupfile.load - a2enmod rewrite - a2enmod cgi - git clone /mnt/efs/git/no-ssl.git /var/www/no-ssl - sh -c "cd /var/www/no-ssl;git remote set-url origin git@github.com:LAMurakami/no-ssl" - sh -c "cd /var/www/no-ssl;git remote add ak20 git@ak20:no-ssl" - rm /etc/apache2/apache2.conf - rm /etc/apache2/mods-available/alias.conf - rm /etc/apache2/mods-available/autoindex.conf - rm /etc/apache2/mods-available/dir.conf - /var/www/no-ssl/Implement_no-ssl_conf.bash - /var/www/no-ssl/Implement_more_apache2_stuff.bash # Extract lam from archive that includes MediWiki but not git repo - tar -xzf /mnt/efs/aws-lam1-ubuntu/lam.tgz --directory /var/www # Clone the lam repo and integrate it with MediWiki included lam archive - git clone /mnt/efs/git/lam.git /tmp/lam - mv /tmp/lam/.git /tmp/lam/.gitignore /var/www/lam - rm -rf /tmp/lam # Remove the lam repo fragment - sh -c "cd /var/www/lam;git remote set-url origin git@ak20:lam" # Use lam1 branch to serve secure site at https://lam1.duckdns.org - sh -c "cd /var/www/lam;git checkout lam1" - rm /etc/apache2/mods-available/info.conf - rm /etc/apache2/mods-available/status.conf - /var/www/lam/Implement_lam_conf.bash - echo - echo 'Update from default to LAM AWS lam1 web configuration' - sed -i "s|aws|lam1|" /var/www/no-ssl/apache2.conf - mkdir /var/www/Multicount - chown www-data:www-data /var/www/Multicount - echo - echo 'Creating {lam|Mediawiki} database and user' - mysql --table < /var/www/lam/lam-user.sql - echo - echo '***** Additional sites *****' - echo - echo 'Adding jana@www.interiordems.org user and group' - groupadd -g 5001 interiordems - useradd -N -u 5001 -s /bin/bash -g interiordems -G mail,interiordems jana - tar -xzf /mnt/efs/aws-lam1-ubuntu/jana.tgz --directory /home - echo - echo 'Installing {new|old}.interiordems.com web sites' - git clone /mnt/efs/git/interiordems.git /var/www/interiordems - sh -c "cd /var/www/interiordems;git remote set-url origin git@ak20:interiordems" - ln -s /var/www/interiordems/interiordems_apache2.conf /etc/apache2/sites-available/020_interiordems.conf - a2ensite 020_interiordems - chown -R ubuntu:www-data /var/www/interiordems - git clone /mnt/efs/git/oldinteriordems.git /var/www/oldinteriordems - sh -c "cd /var/www/oldinteriordems;git remote set-url origin git@ak20:oldinteriordems" - ln -s /var/www/oldinteriordems/oldinteriordems_apache2.conf /etc/apache2/sites-available/010_oldinteriordems.conf - a2ensite 010_oldinteriordems - chown -R ubuntu:www-data /var/www/oldinteriordems - echo - echo 'Adding mike@mike.lam1.us user, group and www Content' - useradd --shell /bin/bash --create-home --groups users --uid 55501 mike - usermod --groups users,mike mike - tar -xzf /mnt/efs/aws-lam1-ubuntu/mike.tgz --directory /home - git clone /mnt/efs/git/mike.git /var/www/mike - sh -c "cd /var/www/mike;git remote set-url origin git@ak20:mike" - ln -s /var/www/mike/mike_apache2.conf /etc/apache2/sites-available/081_mike.conf - a2ensite 081_mike - chown -R ubuntu:www-data /var/www/mike - echo - echo 'Installing arsc.lam1.us web site' - git clone /mnt/efs/git/arsc /var/www/arsc - sh -c "cd /var/www/arsc;git remote set-url origin git@github.com:LAMurakami/arsc" - sh -c "cd /var/www/arsc;git remote add ak20 git@ak20:arsc" - ln -s /var/www/arsc/arsc_apache2.conf /etc/apache2/sites-available/060_arsc.conf - a2ensite 060_arsc - chown -R ubuntu:www-data /var/www/arsc - echo - echo 'Installing sites.lam1.us web site' - git clone /mnt/efs/git/sites.git /var/www/sites - sh -c "cd /var/www/sites;git remote set-url origin git@ak20:sites" - ln -s /var/www/sites/sites_apache2.conf /etc/apache2/sites-available/030_sites.conf - a2ensite 030_sites - chown -R ubuntu:www-data /var/www/sites - echo - echo 'Installing cabo.lam1.us web site' - git clone /mnt/efs/git/cabo.git /var/www/cabo - sh -c "cd /var/www/cabo;git remote set-url origin git@ak20:cabo" - ln -s /var/www/cabo/cabo_apache2.conf /etc/apache2/sites-available/040_cabo.conf - a2ensite 040_cabo - chown -R ubuntu:www-data /var/www/cabo - echo - echo 'Installing z.lam1.us web site' - git clone /mnt/efs/git/z.git /var/www/z - sh -c "cd /var/www/z;git remote set-url origin git@ak20:z" - ln -s /var/www/z/z_apache2.conf /etc/apache2/sites-available/050_z.conf - a2ensite 050_z - chown -R ubuntu:www-data /var/www/z - echo - echo 'Installing aws.lam1.us web site' - git clone /mnt/efs/git/aws /var/www/aws - sh -c "cd /var/www/aws;git remote set-url origin git@github.com:LAMurakami/aws" - sh -c "cd /var/www/aws;git remote add ak20 git@ak20:aws" - ln -s /var/www/aws/aws_apache2.conf /etc/apache2/sites-available/080_aws.conf - a2ensite 080_aws - /var/www/aws/cloud-init.pl - echo - echo Adding blinkenshell www Content # Extract blinkenshell from archive that includes date time stamps - tar -xzf /mnt/efs/aws-lam1-ubuntu/blinkenshell.tgz --directory /var/www # Clone the blinkenshell repo and integrate it with blinkenshell archive - git clone /mnt/efs/git/blinkenshell.git /tmp/blinkenshell - mv /tmp/blinkenshell/.git /var/www/blinkenshell/public_html - rm -rf /tmp/blinkenshell # Remove the blinkenshell repo fragment - ln -s /var/www/blinkenshell/public_html/blinkenshell_apache2.conf /etc/apache2/sites-available/051_blinkenshell.conf - a2ensite 051_blinkenshell - chown -R ubuntu:www-data /var/www/blinkenshell - echo - echo Adding olnes www Content - git clone /mnt/efs/git/olnes.git /var/www/olnes - sh -c "cd /var/www/olnes;git remote set-url origin git@ak20:olnes" - ln -s /var/www/olnes/olnes_apache2.conf /etc/apache2/sites-available/052_olnes.conf - a2ensite 052_olnes - chown -R ubuntu:www-data /var/www/olnes - echo - echo Adding alaskademocrat www Content - git clone /mnt/efs/git/alaskademocrat.git /var/www/alaskademocrat - sh -c "cd /var/www/alaskademocrat;git remote set-url origin git@ak20:alaskademocrat" - ln -s /var/www/alaskademocrat/alaskademocrat_apache2.conf /etc/apache2/sites-available/071_alaskademocrat.conf - a2ensite 071_alaskademocrat - chown -R ubuntu:www-data /var/www/alaskademocrat - echo - echo Adding larryforalaska www Content - git clone /mnt/efs/git/larryforalaska.git /var/www/larryforalaska - sh -c "cd /var/www/larryforalaska;git remote set-url origin git@ak20:larryforalaska" - ln -s /var/www/larryforalaska/larryforalaska_apache2.conf /etc/apache2/sites-available/070_larryforalaska.conf - a2ensite 070_larryforalaska - chown -R ubuntu:www-data /var/www/larryforalaska - echo - echo '***** Final Initialization Steps *****' - echo - echo 'Set ubuntu as owner of /var/www/{no-ssl,lam,aws}' - chown -R ubuntu:www-data /var/www/no-ssl /var/www/lam /var/www/aws - echo - echo Refreshing lam database - cp -r /home/ubuntu/.aws /root - aws s3 cp s3://lamurakami/Bk-20-MySQL.lam.sql.gz - | gunzip -c | mysql --user=lam lam - aws s3 cp s3://lamurakami/Bk-20-MySQL.wikidb.sql.gz - | gunzip -c | mysql --user=lam wikidb - systemctl restart apache2 - echo - sh -c "cd /etc;git add apache2/mods-available/alias.conf" - sh -c "cd /etc;git add apache2/mods-enabled/*" - sh -c "cd /etc;git add apache2/sites-available/*" - sh -c "cd /etc;git add apache2/sites-enabled/*" - sh -c "cd /etc;git add profile.d/mlocate.sh ssh/Banner.txt" - sh -c "cd /etc;git rm apache2/sites-enabled/000-default.conf" - sh -c "cd /etc ; git commit -a -m 'Changes from lam2-Ubuntu-CloudInit'" - sh -c "cd /etc;git add letsencrypt/*" - sh -c "cd /etc ; git commit -a -m 'Changes from lam2-Ubuntu-CloudInit'" - echo Updating lam1.duckdns.org IP address - echo url="https://www.duckdns.org/update?domains=lam1&token=$(cat ~ubuntu/.duckdns)&verbose=true&ip=" | curl -s -k -K - - echo " for lam1.duckdns.org IP address update" - echo - echo 'Install dovecot-imapd after /etc/hosts has been configured' - apt-get install --yes dovecot-imapd - echo - echo Add root alias so default AWS ubuntu user gets root mail - cp /tmp/ubuntu-etc/aliases /etc/aliases - cp /tmp/ubuntu-etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf - newaliases - echo - sh -c "cd /etc ; git commit -a -m 'Changes from lam2-Ubuntu-CloudInit'" - echo - echo Install gitweb after apache has been configured - apt-get install -y gitweb - a2disconf gitweb - cp /tmp/ubuntu-etc/gitweb.conf /etc/gitweb.conf - rm -rf /tmp/ubuntu-etc - echo - echo Install man2html after apache has been configured - apt-get install -y man2html - echo - echo List Installed Packages information - dpkg -l