#cloud-config # /var/www/aws/aws-nwo-lam1-Ubuntu-CloudInit.txt - Ubuntu 22.04 Jammy Jellyfish # aws-nwo-lam1-Ubuntu-CloudInit.txt - aws repo - master branch # https://gitlab.com/aws-lam/aws/-/blob/master/aws-nwo-lam1-Ubuntu-CloudInit.txt?ref_type=heads # # Initialize lam1.lam1.us # # https://aws.lam1.us/a/Amazon_Web_Services_(AWS) # # This version clones from https://github.com/LAMurakami or the LAM EFS private # repo copies and then sets the URL to git@github.com:LAMurakami/${REPO}.git # or git@aws:${REPO}.git as appropriate. # Tell cloud-init to log the output to a log file output: {all: '| tee -a /var/log/cloud-init-output.log'} bootcmd: - echo - echo 'AWS LAM Report HOST information' - uname -a - echo - echo 'AWS LAM Report Release version' - head /etc/*release - echo - echo 'AWS LAM Report AWS EC2 metadata for this instance' - ec2metadata | grep -v '^user-data' - echo - echo 'AWS LAM List Installed Packages information' - dpkg -l - echo 'AWS LAM cloud-config YAML bootcmd complete' - date # Set hostname hostname: lam1 # Set timezone timezone: US/Alaska runcmd: - keyName="lam1-Ubuntu-22-Jammy" - echo - echo 'AWS LAM Allow any to read /var/log/cloud-init-output.log' - chmod a+r /var/log/cloud-init-output.log - echo - echo 'AWS LAM Adding a swapfile' - dd if=/dev/zero of=/swapfile bs=32M count=24 - chmod 600 /swapfile - mkswap /swapfile - swapon /swapfile - echo "/swapfile swap swap defaults 0 0" >> /etc/fstab - free -h - cat /proc/swaps - echo - echo 'AWS LAM Create git user' - useradd -g staff -G staff -M -d /mnt/efs/git -u 4896 git - echo - echo 'AWS LAM Check US Alaska local time for this system' - ls -lF --time-style=long-iso /etc/localtime - echo - echo 'AWS LAM Update package repository and Upgrade packages' - apt update - apt upgrade --yes - echo - echo 'AWS LAM Install additional packages on first boot' - export DEBIAN_FRONTEND=noninteractive - apt-get -yqq install mailutils rcs nfs-common awscli swish++ libio-captureoutput-perl libcgi-pm-perl libdbi-perl libdbd-mysql-perl php php-gd texlive php-xml* lynx apache2-doc libapache2-mod-perl2 libbsd-resource-perl libapache2-reload-perl apache2-suexec-custom php-mysql libapache2-mod-php x11-apps whois libgtk2.0-0 php-mbstring php-intl php-apcu l3afpad - echo - echo 'AWS LAM Report AWS EC2 user-data for this instance (CloudInit directives)' # Allow for either gzip compressed user-data or plain text user-data - (curl -s http://169.254.169.254/latest/user-data | gunzip) || curl -s http://169.254.169.254/latest/user-data - echo - echo 'AWS LAM Set git user name, email for system' - git config --system user.name "LAMurakami" - git config --system user.email GitHub@LAMurakami.com - git config --system core.editor vi - git config --system branch.autosetuprebase always - git config --system init.defaultBranch master - echo - echo 'AWS LAM Installing aws.lam1.us web site' - git clone https://github.com/LAMurakami/aws.git /var/www/aws - sh -c "cd /var/www/aws;git remote set-url origin git@github.com:LAMurakami/aws" - sh -c "cd /var/www/aws;git remote rename origin github" - sh -c "cd /var/www/aws;git remote add gitlab git@gitlab.com:aws-lam/aws" - sh -c "cd /var/www/aws;git remote add aws git@aws:aws" - sh -c "cd /var/www/aws;git checkout -b $keyName" - sh -c "cd /var/www/aws;git tag -a -m 'AWS LAM Initialization' b0-$keyName" - echo - echo 'AWS LAM Get Availability_Zone from cloud-init values' - export Availability_Zone=$(cloud-init query availability-zone) - echo - echo 'AWS LAM Adding nfs4 mounts for AWS LAM VPC Elastic File Systems' - export REGION=$(cloud-init query region) - /var/www/aws/aws-efs-mount.bash - echo - echo 'AWS LAM setup root to aws ssh config' - cp /var/www/aws/root/ssh/config /root/.ssh/config - cp /var/www/aws/etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts - echo - echo 'AWS LAM Add localhost key to known_hosts' - ssh-keyscan -t ed25519 localhost >> /etc/ssh/ssh_known_hosts - echo - echo 'AWS LAM Install etckeeper to track configuration changes' - apt-get install etckeeper - echo - echo 'AWS LAM Set vim as default editor for system' - update-alternatives --set editor /usr/bin/vim.basic - echo - echo 'AWS LAM Set hostname and localhost alias in /etc/hosts' - sed -i '1s/localhost/lam1.lam1.us lam1 localhost/' /etc/hosts - echo - echo 'AWS LAM Create logs/ sybmolic link for Apache2 configuration use' - ln -s /var/log/apache2 /etc/apache2/logs - echo - echo 'AWS LAM Cloud Guest motd' - ln -s /var/www/aws/etc/update-motd.d/51-cloudguest /etc/update-motd.d - echo - echo 'AWS LAM Install no-ssl web site' - /var/www/aws/aws-lam-gitlab-clone.bash no-ssl $keyName - echo - echo 'AWS LAM Replace main apache2 configuration with no-ssl configuration' - a2enmod rewrite - rm /etc/apache2/apache2.conf - cp -p /var/www/no-ssl/apache2.conf /etc/apache2/apache2.conf - echo - echo 'AWS LAM Use updated dir, alias and autoindex modules' - rm /etc/apache2/mods-available/alias.conf - rm /etc/apache2/mods-available/autoindex.conf - rm /etc/apache2/mods-available/dir.conf - ln -s /var/www/no-ssl/no-ssl_alias.conf /etc/apache2/mods-available/alias.conf - ln -s /var/www/no-ssl/no-ssl_autoindex.conf /etc/apache2/mods-available/autoindex.conf - ln -s /var/www/no-ssl/no-ssl_dir.conf /etc/apache2/mods-available/dir.conf - echo - echo 'AWS LAM Update from default to LAM AWS lam1 web configuration' - sed -i "s|aws|lam1|" /var/www/no-ssl/apache2.conf - sed -i 's|aws.ServerAdmin|lam1.ServerAdmin|' /etc/apache2/apache2.conf - sed -i 's|aws.lam1.us|lam1.lam1.us|' /etc/apache2/apache2.conf - echo - echo 'AWS LAM Configuring perl to include LAM perl modules' - mkdir /usr/local/lib/site_perl - ln -s /var/www/no-ssl/site_perl-LAM /usr/local/lib/site_perl/LAM - echo - echo 'AWS LAM create Multicount directory' - mkdir /var/www/Multicount - echo - echo 'AWS LAM Installing z.lam1.us web site' - /var/www/aws/aws-lam-gitlab-clone.bash z $keyName - echo - echo 'AWS LAM Enable x11 forwarding over ssh for sudo' - ln -s /var/www/no-ssl/xauthority.sh /etc/profile.d - echo - echo 'AWS LAM Set color=auto alias for ip command' - ln -s /var/www/aws/etc/profile.d/ip-color.sh /etc/profile.d - echo - echo 'AWS LAM ***** Additional sites *****' - echo - echo 'AWS LAM Installing arsc.lam1.us web site' - /var/www/aws/aws-lam-gitlab-clone.bash arsc $keyName - echo - echo 'AWS LAM Installing sites.lam1.us web site' - /var/www/aws/aws-lam-gitlab-clone.bash sites $keyName - echo - echo 'AWS LAM Installing cabo.lam1.us web site' - /var/www/aws/aws-lam-gitlab-clone.bash cabo $keyName - echo - echo 'AWS LAM Adding olnes www Content' - /var/www/aws/aws-lam-gitlab-clone.bash olnes $keyName - echo - echo 'AWS LAM Adding larryforalaska www Content' - /var/www/aws/aws-lam-gitlab-clone.bash larryforalaska $keyName - echo - echo 'AWS LAM Adding cape_fairbanks www Content' - /var/www/aws/aws-lam-gitlab-clone.bash cape_fairbanks $keyName - echo - echo 'AWS LAM ***** Use private LAM Alaska resources *****' - echo - echo 'AWS LAM Installing ubuntu user bash resources' - tar -xzf /mnt/efs/aws-lam1-ubuntu/ubuntu.tgz --directory /home/ubuntu - chown -R ubuntu:ubuntu /home/ubuntu - echo - echo 'AWS LAM Link to .aws resources for root' - ln -s /home/ubuntu/.aws /root/.aws - echo - echo 'AWS LAM Copy ssh key root' - cp /home/ubuntu/.ssh/git_ak20_id_rsa /root/.ssh - echo - echo 'AWS LAM Installing extras compiled for Ubuntu Server 22.04' - /var/www/aws/aws-efs-install-x86-or-arm-extras.bash ubuntu - echo - echo "LAM AWS Use GNU which function for bash users" - cp /var/www/aws/etc/profile.d/which2.sh /etc/profile.d - echo - echo 'AWS LAM Listen for ssh connections on alternate port 55520 and add ssh Banner' - aws s3 cp s3://lamurakami/aws-lam1-ubuntu/sshd_config /etc/ssh/sshd_config - ln -s /var/www/aws/etc/ssh/Banner.txt /etc/ssh - echo - echo 'AWS LAM Omit hashing of new known host entries' - sed -i '/HashKnownHosts/d' /etc/ssh/ssh_config - systemctl restart sshd - echo - echo 'AWS LAM configure lam-ak-lan for Public IPv4 access' - cp /var/www/aws/etc/ssh/ssh_config.d/lam-ak-lan.conf /etc/ssh/ssh_config.d - echo - echo 'AWS LAM ***** Secure site *****' - echo - echo 'AWS LAM Installing Let-s Encrypt certificates for TLS encryption (HTTPS)' - aws s3 cp s3://lamurakami/aws-lam1-ubuntu/letsencrypt.tgz - | tar -xzf - --directory /etc - echo - echo 'AWS LAM Updating apache2 configuration for lam1' - a2enmod ssl - a2enmod info - a2enmod authz_groupfile.load - a2enmod cgi - echo - echo 'AWS LAM Install lam web site' - echo # Extract lam from archive that includes MediWiki and git repo - /var/www/aws/aws-efs-tar-extract.bash lam.tgz /var/www - echo - echo 'AWS LAM Tell git /var/www/lam is O.K.' - git config --system --add safe.directory /var/www/lam # Use lam1 branch to serve secure site at https://lam1.lam1.us - sh -c "cd /var/www/lam;git stash" - sh -c "cd /var/www/lam;git checkout lam1" - sh -c "cd /var/www/lam;git checkout -b $keyName" - sh -c "cd /var/www/lam;git tag -a -m 'AWS LAM Initialization' b0-$keyName" - echo - echo 'AWS LAM Use updated info and status modules' - rm /etc/apache2/mods-available/info.conf - rm /etc/apache2/mods-available/status.conf - ln -s /var/www/lam/lam_info.conf /etc/apache2/mods-available/info.conf - a2enmod info - ln -s /var/www/lam/lam_status.conf /etc/apache2/mods-available/status.conf - a2enmod status - echo - echo 'AWS LAM Create lam murakami staff credentials.' - /var/www/lam/Create-lam-murakami-staff.bash - echo - echo 'AWS LAM Install mariadb after swap has been configured' - apt-get install -y mariadb-client mariadb-server - echo - echo 'AWS LAM Creating {lam|Mediawiki} database and user' - mysql --table < /var/www/lam/lam-user.sql - echo - echo 'AWS LAM ***** Private Additional sites *****' - echo - echo 'AWS LAM Installing {new|old}.interiordems.com web sites' - /var/www/aws/aws-efs-www-git-clone.bash interiordems $keyName - /var/www/aws/aws-efs-www-git-clone.bash oldinteriordems $keyName - echo - echo 'AWS LAM Adding mike@mike.lam1.us user, group and www Content' - useradd --shell /bin/bash --create-home --groups users --uid 55501 mike - usermod --groups users,mike mike - aws s3 cp s3://lamurakami/aws-lam1-ubuntu/mike.tgz - | tar -xzf - --directory /home - /var/www/aws/aws-efs-www-git-clone.bash mike $keyName - echo - echo 'AWS LAM Adding blinkenshell www Content' # Extract blinkenshell from archive that includes date time stamps - aws s3 cp s3://lamurakami/aws-lam1-ubuntu/blinkenshell.tgz - | tar -xzf - --directory /var/www - echo - echo 'AWS LAM Tell git ownership of /var/www/blinkenshell/public_html is O.K.' - git config --system --add safe.directory /var/www/blinkenshell/public_html # Clone the blinkenshell repo and integrate it with blinkenshell archive - /var/www/aws/aws-efs-www-git-clone.bash blinkenshell $keyName /tmp/ - mv /tmp/blinkenshell/.git /var/www/blinkenshell/public_html - rm -rf /tmp/blinkenshell # Remove the blinkenshell repo fragment - sh -c "cd /var/www/blinkenshell/public_html;git stash" - echo - echo 'AWS LAM Adding alaskademocrat www Content' - /var/www/aws/aws-efs-www-git-clone.bash alaskademocrat $keyName - echo - echo 'AWS LAM ***** Final Initialization Steps *****' - echo - echo 'AWS LAM update aws site with current public local name ipv4 ipv6' - /var/www/aws/cloud-init.pl - /var/www/aws/AWS-LAM-git-commit.bash $keyName aws no-ssl - echo - echo 'AWS LAM Activate aws and additional sites' - /var/www/aws/aws-lam-apache2-sites-configuration-Debian-Ubuntu.bash - echo - echo 'AWS LAM Change ownership of /var/www' - sh -c "chown -R lam:www-data /var/www" - chown www-data:www-data /var/www/Multicount - echo - echo 'AWS LAM Refreshing lam database' - aws s3 cp s3://lamurakami/Bk-20-MySQL.lam.sql.gz - | gunzip -c | mysql --user=lam lam - aws s3 cp s3://lamurakami/Bk-20-MySQL.wikidb.sql.gz - | gunzip -c | mysql --user=lam wikidb - systemctl restart apache2 - echo - echo "AWS LAM Changes from $keyName-CloudInit etckeeper commit" - etckeeper commit -m "AWS LAM Changes from $keyName-CloudInit" - echo - echo 'AWS LAM Updating lam1.duckdns.org IP address' - ln -s /home/ubuntu/.duckdns /root/.duckdns - /var/www/aws/Update-DuckDNS.bash lam1 - echo - echo 'AWS LAM Updating lam1.freeddns.org IP address' - /var/www/aws/Update-Dynu-FreeDDNS.bash lam1 - echo - echo 'AWS LAM Install dovecot-imapd after /etc/hosts has been configured' - apt-get install --yes dovecot-imapd - echo - echo 'AWS LAM Add root alias so default AWS ubuntu user gets root mail' - cp /var/www/aws/etc/aliases /etc/aliases - cp /var/www/aws/etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf - newaliases - etckeeper commit -m "AWS LAM Changes from $keyName-CloudInit" - echo - echo 'AWS LAM Install gitweb after apache has been configured' - apt-get install -y gitweb - a2disconf gitweb - cp /var/www/aws/etc/gitweb.conf /etc/gitweb.conf - echo - echo 'AWS LAM Install man2html after apache has been configured' - apt-get install -y man2html - echo - echo 'AWS LAM Install plocate after swap has been configured' - apt-get install -y plocate - echo - echo 'AWS LAM Update Elastic File System plocate databases' - /var/www/no-ssl/Create-update-efs-plocate-db.bash - updatedb - echo - echo 'AWS LAM Final Cloud-init etckeeper commit' - etckeeper commit -m 'AWS LAM Final Cloud-init etckeeper commit' - echo - echo 'AWS LAM List Installed Packages information' - dpkg -l - echo - echo 'AWS LAM cloud-config YAML runcmd complete' - date