#cloud-config # Tell cloud-init to log the output to a log file output: {all: '| tee -a /var/log/cloud-init-output.log'} # /var/www/aws/aws-nwo-lam1-Ubuntu-CloudInit.txt - Initialize lam1.duckdns.org # # https://aws.lam1.us/a/Amazon_Web_Services_(AWS) # # This version clones from https://github.com/LAMurakami or the LAM EFS private # repo copies and then sets the URL to git@github.com:LAMurakami/${REPO}.git # or git@ak20:${REPO}.git as appropriate. bootcmd: - echo - echo 'AWS LAM Report HOST information' - uname -a - echo - echo 'AWS LAM Report Release version' - head /etc/*release - echo - echo 'AWS LAM Report AWS EC2 metadata for this instance' - ec2metadata | grep -v '^user-data' - echo - echo 'AWS LAM List Installed Packages information' - dpkg -l - echo 'AWS LAM cloud-config YAML bootcmd complete' - date # Set hostname hostname: lam1 # Set timezone timezone: US/Alaska runcmd: - keyName="lam1-Ubuntu-x86" - echo - echo 'AWS LAM Allow any to read /var/log/cloud-init-output.log' - chmod a+r /var/log/cloud-init-output.log - echo - echo 'AWS LAM Adding a swapfile' - dd if=/dev/zero of=/swapfile bs=32M count=24 - chmod 600 /swapfile - mkswap /swapfile - swapon /swapfile - echo "/swapfile swap swap defaults 0 0" >> /etc/fstab - free -h - cat /proc/swaps - echo - echo 'AWS LAM Get EFS for REGION' - wget --quiet https://lamurakami.github.io/aws-efs/REGION.bash - chmod a+x REGION.bash - export REGION=$(./REGION.bash) - rm REGION.bash - EFS=$(curl -s https://lamurakami.github.io/aws-efs/${REGION}) - echo - echo 'AWS LAM setup root to aws ssh config' - wget --quiet https://lamurakami.github.io/aws-efs/root-ssh-config - mv root-ssh-config /root/.ssh/config - wget --quiet https://lamurakami.github.io/aws-efs/root-ssh-known_hosts - mv root-ssh-known_hosts /root/.ssh/known_hosts - echo - echo 'AWS LAM Check US Alaska local time for this system' - ls -lF --time-style=long-iso /etc/localtime - echo - echo 'AWS LAM Update package repository and Upgrade packages' - apt update - apt upgrade --yes - echo - echo 'AWS LAM Install additional packages on first boot' - export DEBIAN_FRONTEND=noninteractive - apt-get -yqq install mailutils rcs nfs-common awscli swish++ libio-captureoutput-perl libcgi-pm-perl libdbi-perl libdbd-mysql-perl php php-gd texlive php-xml* lynx apache2-doc libapache2-mod-perl2 libbsd-resource-perl libapache2-reload-perl apache2-suexec-custom php-mysql libapache2-mod-php x11-apps whois libgtk2.0-0 php-mbstring php-intl php-apcu l3afpad - echo - echo 'AWS LAM Report AWS EC2 user-data for this instance (CloudInit directives)' # Allow for either gzip compressed user-data or plain text user-data - (curl -s http://169.254.169.254/latest/user-data | gunzip) || curl -s http://169.254.169.254/latest/user-data - echo - echo 'AWS LAM Set git user name, email for system' - git config --system user.name "LAMurakami" - git config --system user.email GitHub@LAMurakami.com - git config --system core.editor vi - git config --system branch.autosetuprebase always - git config --system init.defaultBranch master - echo - echo 'AWS LAM Install etckeeper to track configuration changes' - apt-get install etckeeper - echo - echo 'AWS LAM Set vim as default editor for system' - update-alternatives --set editor /usr/bin/vim.basic - echo - echo 'AWS LAM Set hostname and localhost alias in /etc/hosts' - sed -i '1s/localhost/lam1.lam1.us lam1 localhost/' /etc/hosts - echo - echo 'AWS LAM Installing aws.lam1.us web site' - git clone https://github.com/LAMurakami/aws /var/www/aws - sh -c "cd /var/www/aws;git remote set-url origin git@github.com:LAMurakami/aws" - sh -c "cd /var/www/aws;git remote add ak20 git@ak20:aws" - sh -c "cd /var/www/aws;git checkout -b $keyName" - echo - echo 'AWS LAM Cloud Guest motd' - ln -s /var/www/aws/etc/update-motd.d/51-cloudguest /etc/update-motd.d - echo - echo 'AWS LAM enable aws site' - ln -s /var/www/aws/aws_apache2.conf /etc/apache2/sites-available/000-aws.conf - a2ensite 000-aws - echo - echo 'AWS LAM Install no-ssl web site' - /var/www/aws/aws-lam-www-git-clone.bash no-ssl $keyName - rm /etc/apache2/apache2.conf - rm /etc/apache2/mods-available/alias.conf - rm /etc/apache2/mods-available/autoindex.conf - rm /etc/apache2/mods-available/dir.conf - a2enmod rewrite - /var/www/no-ssl/Implement_no-ssl_conf.bash - echo - echo 'AWS LAM Update from default to LAM AWS lam1 web configuration' - sed -i "s|aws|lam1|" /var/www/no-ssl/apache2.conf - sed -i 's|aws.ServerAdmin|lam1.ServerAdmin|' /etc/apache2/apache2.conf - sed -i 's|aws.lam1.us|lam1.duckdns.org|' /etc/apache2/apache2.conf - echo - echo 'AWS LAM Configuring perl to include LAM perl modules' - mkdir /usr/local/lib/site_perl - ln -s /var/www/no-ssl/site_perl-LAM /usr/local/lib/site_perl/LAM - echo - echo 'AWS LAM create Multicount directory' - mkdir /var/www/Multicount - echo - echo 'AWS LAM Installing z.lam1.us web site' - /var/www/aws/aws-lam-www-git-clone.bash z $keyName - ln -s /var/www/z/z_apache2.conf /etc/apache2/sites-available/050_z.conf - a2ensite 050_z - echo - echo 'AWS LAM Enable x11 forwarding over ssh for sudo' - ln -s /var/www/no-ssl/xauthority.sh /etc/profile.d - echo - echo 'AWS LAM ***** Additional sites *****' - echo - echo 'AWS LAM Installing arsc.lam1.us web site' - /var/www/aws/aws-lam-www-git-clone.bash arsc $keyName - ln -s /var/www/arsc/arsc_apache2.conf /etc/apache2/sites-available/060_arsc.conf - a2ensite 060_arsc - echo - echo 'AWS LAM Installing sites.lam1.us web site' - /var/www/aws/aws-lam-www-git-clone.bash sites $keyName - ln -s /var/www/sites/sites_apache2.conf /etc/apache2/sites-available/030_sites.conf - a2ensite 030_sites - echo - echo 'AWS LAM Installing cabo.lam1.us web site' - /var/www/aws/aws-lam-www-git-clone.bash cabo $keyName - ln -s /var/www/cabo/cabo_apache2.conf /etc/apache2/sites-available/040_cabo.conf - a2ensite 040_cabo - echo - echo 'AWS LAM Adding olnes www Content' - /var/www/aws/aws-lam-www-git-clone.bash olnes $keyName - ln -s /var/www/olnes/olnes_apache2.conf /etc/apache2/sites-available/052_olnes.conf - a2ensite 052_olnes - echo - echo 'AWS LAM Adding larryforalaska www Content' - /var/www/aws/aws-lam-www-git-clone.bash larryforalaska $keyName - ln -s /var/www/larryforalaska/larryforalaska_apache2.conf /etc/apache2/sites-available/070_larryforalaska.conf - a2ensite 070_larryforalaska - echo - echo 'AWS LAM ***** Use private LAM Alaska resources *****' - echo - echo 'AWS LAM Adding nfs4 mount to AWS NW-O VPC Elastic File System' - mkdir /mnt/efs - nfsOpt="_netdev,noresvport,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0" - echo "${EFS}:/ /mnt/efs nfs4 ${nfsOpt}" >> /etc/fstab - mount -a -t nfs4 - echo - echo 'AWS LAM Installing ubuntu user bash resources' - tar -xzf /mnt/efs/aws-lam1-ubuntu/ubuntu.tgz --directory /home/ubuntu - echo - echo 'AWS LAM Link to .aws resources for root' - ln -s /home/ubuntu/.aws /root/.aws - echo - echo 'AWS LAM Copy ssh key root' - cp /home/ubuntu/.ssh/git_ak20_id_rsa /root/.ssh - echo - echo 'AWS LAM Installing GNU which v2.21 compiled for Ubuntu Server 22.04' - aws s3 cp s3://lamurakami/aws-lam1-ubuntu/which-Ubuntu-22-04.tgz - | tar -xzf - --directory /usr/local - file /usr/local/bin/which - echo - echo 'AWS LAM Installing GNU tnef 1.4.18 compiled for Ubuntu Server 22.04' - aws s3 cp s3://lamurakami/aws-lam1-ubuntu/tnef-Ubuntu-22-04.tgz - | tar -xzf - --directory /usr/local - file /usr/local/bin/tnef - echo - echo 'AWS LAM Installing leafpad compiled for Ubuntu Server 22.04' - aws s3 cp s3://lamurakami/aws-lam1-ubuntu/leafpad-Ubuntu-22-04.tgz - | tar -xzf - --directory /usr/local - echo - echo 'AWS LAM Listen for ssh connections on alternate port 55520 and add ssh Banner' - aws s3 cp s3://lamurakami/aws-lam1-ubuntu/sshd_config /etc/ssh/sshd_config - ln -s /var/www/aws/etc/ssh/Banner.txt /etc/ssh - systemctl restart sshd - echo - echo 'AWS LAM ***** Secure site *****' - echo - echo 'AWS LAM Installing Let-s Encrypt certificates for TLS encryption (HTTPS)' - aws s3 cp s3://lamurakami/aws-lam1-ubuntu/letsencrypt.tgz - | tar -xzf - --directory /etc - echo - echo 'AWS LAM Updating apache2 configuration for lam1' - a2enmod ssl - a2enmod info - a2enmod authz_groupfile.load - a2enmod cgi - echo - echo 'AWS LAM Install lam web site' - echo # Extract lam from archive that includes MediWiki and git repo - aws s3 cp s3://lamurakami/lam.tgz - | tar -xzf - --directory /var/www - echo - echo 'AWS LAM Tell git /var/www/lam is O.K.' - git config --system --add safe.directory /var/www/lam # Use lam1 branch to serve secure site at https://lam1.duckdns.org - sh -c "cd /var/www/lam;git stash" - sh -c "cd /var/www/lam;git checkout lam1" - sh -c "cd /var/www/lam;git checkout -b $keyName" - rm /etc/apache2/mods-available/info.conf - rm /etc/apache2/mods-available/status.conf - /var/www/lam/Implement_lam_conf.bash - echo - echo 'AWS LAM Create lam murakami staff credentials.' - /var/www/lam/Create-lam-murakami-staff.bash - echo - echo 'AWS LAM Install mariadb after swap has been configured' - apt-get install -y mariadb-client mariadb-server - echo - echo 'AWS LAM Creating {lam|Mediawiki} database and user' - mysql --table < /var/www/lam/lam-user.sql - echo - echo 'AWS LAM ***** Private Additional sites *****' - echo - echo 'AWS LAM Installing {new|old}.interiordems.com web sites' - /var/www/aws/aws-efs-www-git-clone.bash interiordems $keyName - ln -s /var/www/interiordems/interiordems_apache2.conf /etc/apache2/sites-available/020_interiordems.conf - a2ensite 020_interiordems - /var/www/aws/aws-efs-www-git-clone.bash oldinteriordems $keyName - ln -s /var/www/oldinteriordems/oldinteriordems_apache2.conf /etc/apache2/sites-available/010_oldinteriordems.conf - a2ensite 010_oldinteriordems - echo - echo 'AWS LAM Adding mike@mike.lam1.us user, group and www Content' - useradd --shell /bin/bash --create-home --groups users --uid 55501 mike - usermod --groups users,mike mike - aws s3 cp s3://lamurakami/aws-lam1-ubuntu/mike.tgz - | tar -xzf - --directory /home - /var/www/aws/aws-efs-www-git-clone.bash mike $keyName - ln -s /var/www/mike/mike_apache2.conf /etc/apache2/sites-available/081_mike.conf - a2ensite 081_mike - echo - echo 'AWS LAM Adding blinkenshell www Content' # Extract blinkenshell from archive that includes date time stamps - aws s3 cp s3://lamurakami/aws-lam1-ubuntu/blinkenshell.tgz - | tar -xzf - --directory /var/www - echo - echo 'AWS LAM Tell git ownership of /var/www/blinkenshell/public_html is O.K.' - git config --system --add safe.directory /var/www/blinkenshell/public_html # Clone the blinkenshell repo and integrate it with blinkenshell archive - /var/www/aws/aws-efs-www-git-clone.bash blinkenshell $keyName /tmp/ - mv /tmp/blinkenshell/.git /var/www/blinkenshell/public_html - rm -rf /tmp/blinkenshell # Remove the blinkenshell repo fragment - sh -c "cd /var/www/blinkenshell/public_html;git remote set-url origin git@github.com:LAMurakami/blinkenshell" - sh -c "cd /var/www/blinkenshell/public_html;git remote add ak20 git@ak20:blinkenshell" - sh -c "cd /var/www/blinkenshell/public_html;git stash" - sh -c "cd /var/www/blinkenshell/public_html;git checkout master" - sh -c "cd /var/www/blinkenshell/public_html;git checkout -b $keyName" - ln -s /var/www/blinkenshell/public_html/blinkenshell_apache2.conf /etc/apache2/sites-available/051_blinkenshell.conf - a2ensite 051_blinkenshell - echo - echo 'AWS LAM Adding alaskademocrat www Content' - /var/www/aws/aws-efs-www-git-clone.bash alaskademocrat $keyName - ln -s /var/www/alaskademocrat/alaskademocrat_apache2.conf /etc/apache2/sites-available/069_alaskademocrat.conf - a2ensite 069_alaskademocrat - echo - echo 'AWS LAM ***** Final Initialization Steps *****' - echo - echo 'AWS LAM update aws site with current public local name ipv4 ipv6' - /var/www/aws/cloud-init.pl - /var/www/aws/AWS-LAM-git-commit.bash $keyName aws no-ssl - echo - echo 'AWS LAM Change ownership of /var/www /mnt/efs' - sh -c "chown -R lam:www-data /var/www" - chown www-data:www-data /var/www/Multicount - chown lam:staff /mnt/efs - echo - echo 'AWS LAM Refreshing lam database' - aws s3 cp s3://lamurakami/Bk-20-MySQL.lam.sql.gz - | gunzip -c | mysql --user=lam lam - aws s3 cp s3://lamurakami/Bk-20-MySQL.wikidb.sql.gz - | gunzip -c | mysql --user=lam wikidb - systemctl restart apache2 - echo - echo "AWS LAM Changes from $keyName-CloudInit etckeeper commit" - etckeeper commit -m "AWS LAM Changes from $keyName-CloudInit" - echo - echo 'AWS LAM Updating lam1.duckdns.org IP address' - ln -s /home/ubuntu/.duckdns /root/.duckdns - /var/www/aws/Update-DuckDNS.bash lam1 - echo - echo 'AWS LAM Install dovecot-imapd after /etc/hosts has been configured' - apt-get install --yes dovecot-imapd - echo - echo 'AWS LAM Add root alias so default AWS ubuntu user gets root mail' - cp /var/www/aws/etc/aliases /etc/aliases - cp /var/www/aws/etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf - etckeeper commit -m "AWS LAM Changes from $keyName-CloudInit" - echo - echo 'AWS LAM Install gitweb after apache has been configured' - apt-get install -y gitweb - a2disconf gitweb - cp /var/www/aws/etc/gitweb.conf /etc/gitweb.conf - echo - echo 'AWS LAM Install man2html after apache has been configured' - apt-get install -y man2html - echo - echo 'AWS LAM Install plocate after swap has been configured' - apt-get install -y plocate - echo - echo 'AWS LAM ***** Run cron daily plocate jobs *****' - ln -s /var/www/no-ssl/local_scripts/plocate-mnt-efs.sh /etc/cron.daily/plocate-mnt-efs.sh - /etc/cron.daily/plocate-mnt-efs.sh - chmod a+r /mnt/efs/plocate.db - updatedb - echo - echo 'AWS LAM Use Elastic File System plocate database' - ln -s /var/www/no-ssl/plocate.sh /etc/profile.d/plocate.sh - echo - echo 'AWS LAM Final Cloud-init etckeeper commit' - etckeeper commit -m 'AWS LAM Final Cloud-init etckeeper commit' - echo - echo 'AWS LAM List Installed Packages information' - dpkg -l - echo - echo 'AWS LAM cloud-config YAML runcmd complete' - date