-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathVagrantfile
141 lines (114 loc) · 6.25 KB
/
Vagrantfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# -*- mode: ruby -*-
# vi: set ft=ruby :
###############################################################################
# This Vagrantfile creates a VM and installs and configures all dependencies
# needed to run NERD.
# It's intended for development/debugging, so there are some differences from
# produciton dpeloyment:
# - Web interface doesn't use any authentication, full access is automatically
# granted.
# - Web interface is available only via plain HTTP.
# - NERDd must be started manually.
# - Warden data must be copied from somewhere (or warden_filer registered
# and started manually)
#
###############################################################################
##### Disable SELinux #####
# (Of course it would be better to configure everything correctly, but currently
# I don't have time to learn everything needed)
$selinux = <<EOF
echo "** Disabling SELinux **"
# Disable for now (until reboot)
setenforce 0
# Disable permanently
sed -i --follow-symlinks -e 's/^SELINUX=.*$/SELINUX=disabled/' /etc/sysconfig/selinux
EOF
##### Create testing users #####
$users = <<EOF
echo "=============== Create testing user accounts ==============="
cd / # to prevent "could not change directory to /home/vagrant"
sudo -u nerd psql nerd_users -c "
INSERT INTO users (id,groups,name,email) VALUES ('devel:devel_admin','{\"admin\",\"registered\"}','Mr. Developer','[email protected]') ON CONFLICT DO NOTHING;\
INSERT INTO users (id,groups,name,email) VALUES ('local:test','{\"registered\"}','Mr. Test','[email protected]') ON CONFLICT DO NOTHING;\
"
# Set password for local test user
htpasswd -bc /etc/nerd/htpasswd test test
chown apache:nerd /etc/nerd/htpasswd
chmod 660 /etc/nerd/htpasswd
EOF
##### Final notes #####
$notes = <<EOF
echo
echo "***************************************************************************"
echo " "
echo "The system is NOT FULLY PROVISIONED, yet."
echo "The following steps should be done manually now:"
echo " 1. See the logs above for potential error messages."
echo " 2. (optional, needed to receive data form Warden) Register Warden client, configure and run warden_filer (see above)."
echo " 3. Download geolocation database using /nerd/scripts/download_maxmind_geolite.sh (free registration at maxmind.com is needed)."
echo " 4. Run backend (NERDd):"
echo " sudo systemctl start nerd-supervisor"
echo " "
echo "Backend can be managed via supervisord interface ('nerdctl' or https://localhost:9100/)"
echo " "
echo "Frontend is running at https://<this_server>/nerd/"
echo "Two user accounts for testing are available:"
echo "* Administrator/developer - use 'Devel. autologin' option"
echo "* Unprivileged local account - username/password: test/test"
echo " "
echo "!!!!!!!!!! ^^^ READ THE TEXT ABOVE ^^^ !!!!!!!!!!"
EOF
##########
Vagrant.configure(2) do |config|
config.vm.box = "centos/7"
config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: '127.0.0.1' # Main web server (NERDweb)
config.vm.network "forwarded_port", guest: 15672, host: 15672, host_ip: '127.0.0.1' # RabbitMQ management web interface
config.vm.network "forwarded_port", guest: 9001, host: 9001, host_ip: '127.0.0.1' # Supervisor web interface
config.vm.provider "virtualbox" do |v|
v.memory = 2048
v.cpus = 2
end
config.vm.provider "hyperv" do |v|
v.memory = 2048
v.cpus = 2
end
# Mark that this is a development Vagrant VM machine (some scripts look for this file)
config.vm.provision "shell", inline: "touch /vagrant_provisioning"
# Disable SELinux
config.vm.provision "shell", inline: $selinux
# Copy installation files
config.vm.provision "file", source: "install", destination: "/tmp/nerd_install"
config.vm.provision "file", source: "common", destination: "/tmp/nerd_install/nerd/common"
config.vm.provision "file", source: "NERDd", destination: "/tmp/nerd_install/nerd/NERDd"
config.vm.provision "file", source: "NERDweb", destination: "/tmp/nerd_install/nerd/NERDweb"
config.vm.provision "file", source: "scripts", destination: "/tmp/nerd_install/nerd/scripts"
config.vm.provision "file", source: "etc", destination: "/tmp/nerd_install/etc"
# Convert line-endings in files copied from windows
config.vm.provision "shell", inline: "yum install -y -q dos2unix ; find /tmp/nerd_install/ -type f -exec dos2unix -q {} ';'"
config.vm.provision "shell", inline: "chmod +x /tmp/nerd_install/*.sh /tmp/nerd_install/nerd/scripts/*.sh"
# Prepare users, directories, etc.
config.vm.provision "shell", inline: "/tmp/nerd_install/prepare_environment.sh"
# Allow vagrant user to write into nerd directories (add it to "nerd" group)
config.vm.provision "shell", inline: "usermod -a -G nerd vagrant"
# Copy program files and configuration
config.vm.provision "shell", inline: "sudo -u nerd sh -c 'cp -R /tmp/nerd_install/nerd/* /nerd/ ; chmod -R g+w /nerd/'"
config.vm.provision "shell", inline: "sudo -u nerd sh -c 'cp -R /tmp/nerd_install/etc/* /etc/nerd/ ; chmod -R g+w /etc/nerd/'"
# Install necessary programs, libraries and services and run them
config.vm.provision "shell", inline: "/tmp/nerd_install/install_basic_dependencies.sh"
# Configure various services
config.vm.provision "shell", inline: "/tmp/nerd_install/configure_mongo.sh"
config.vm.provision "shell", inline: "/tmp/nerd_install/configure_postgres.sh --warden"
config.vm.provision "shell", inline: "/tmp/nerd_install/configure_rabbitmq.sh"
config.vm.provision "shell", inline: "/tmp/nerd_install/install_configure_bind.sh"
config.vm.provision "shell", inline: "/tmp/nerd_install/configure_apache.sh -d /nerd" # install to /nerd, enable debug/development mode
config.vm.provision "shell", inline: "/tmp/nerd_install/install_warden_filer.sh"
config.vm.provision "shell", inline: "/tmp/nerd_install/install_configure_munin.sh"
config.vm.provision "shell", inline: "/tmp/nerd_install/download_data_files.sh"
config.vm.provision "shell", inline: "/tmp/nerd_install/configure_cron.sh"
config.vm.provision "shell", inline: "/tmp/nerd_install/configure_supervisor.sh open" # open mgmt port on all interfaces so it's possible to connect from host
# Create testing users
config.vm.provision "shell", inline: $users
config.vm.provision "shell", inline: "rm /vagrant_provisioning"
# Print final notes
config.vm.provision "shell", inline: $notes
end