-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathuserdata.sh
More file actions
executable file
·86 lines (68 loc) · 3.09 KB
/
userdata.sh
File metadata and controls
executable file
·86 lines (68 loc) · 3.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/bin/bash
# required settings
NODE_NAME="$(curl --silent --show-error --retry 3 http://169.254.169.254/latest/meta-data/instance-id)" # this uses the EC2 instance ID as the node name
REGION="eu-central-1" # use one of us-east-1, us-west-2, eu-west-1
CHEF_SERVER_NAME="opsworks" # The name of your Chef Server
CHEF_SERVER_ENDPOINT="opsworks-c6zlxgopzmeufhf2.eu-central-1.opsworks-cm.io" # The FQDN of your Chef Server
# optional
CHEF_ORGANIZATION="default" # AWS OpsWorks for Chef Server always creates the organization "default"
NODE_ENVIRONMENT="" # E.g. development, staging, onebox ...
CHEF_CLIENT_VERSION="13.6.4" # latest if empty
# recommended: upload the chef-client cookbook from the chef supermarket https://supermarket.chef.io/cookbooks/chef-client
# Use this to apply sensible default settings for your chef-client config like logrotate and running as a service
# you can add more cookbooks in the run list, based on your needs
# Compliance runs require recipe[audit] to be added to the runlist.
RUN_LIST="role[webserver]" # e.g. "recipe[chef-client],recipe[apache2],recipe[audit]"
# ---------------------------
set -e -o pipefail
AWS_CLI_TMP_FOLDER=$(mktemp --directory "/tmp/awscli_XXXX")
CHEF_CA_PATH="/etc/chef/opsworks-cm-ca-2016-root.pem"
install_aws_cli() {
# see: http://docs.aws.amazon.com/cli/latest/userguide/installing.html#install-bundle-other-os
cd "$AWS_CLI_TMP_FOLDER"
curl --retry 3 -L -o "awscli-bundle.zip" "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip"
unzip "awscli-bundle.zip"
./awscli-bundle/install -i "$PWD"
}
aws_cli() {
"${AWS_CLI_TMP_FOLDER}/bin/aws" opsworks-cm --region "${REGION}" --output text "$@" --server-name "${CHEF_SERVER_NAME}"
}
associate_node() {
client_key="/etc/chef/client.pem"
mkdir /etc/chef
( umask 077; openssl genrsa -out "${client_key}" 2048 )
aws_cli associate-node \
--node-name "${NODE_NAME}" \
--engine-attributes \
"Name=CHEF_ORGANIZATION,Value=${CHEF_ORGANIZATION}" \
"Name=CHEF_NODE_PUBLIC_KEY,Value='$(openssl rsa -in "${client_key}" -pubout)'"
}
write_chef_config() {
(
echo "chef_server_url 'https://${CHEF_SERVER_ENDPOINT}/organizations/${CHEF_ORGANIZATION}'"
echo "node_name '${NODE_NAME}'"
echo "ssl_ca_file '${CHEF_CA_PATH}'"
) >> /etc/chef/client.rb
}
install_chef_client() {
# see: https://docs.chef.io/install_omnibus.html
curl --silent --show-error --retry 3 --location https://omnitruck.chef.io/install.sh | bash -s -- -v "${CHEF_CLIENT_VERSION}"
}
install_trusted_certs() {
curl --silent --show-error --retry 3 --location --output "${CHEF_CA_PATH}" \
"https://opsworks-cm-${REGION}-prod-default-assets.s3.amazonaws.com/misc/opsworks-cm-ca-2016-root.pem"
}
wait_node_associated() {
aws_cli wait node-associated --node-association-status-token "$1"
}
install_aws_cli
node_association_status_token="$(associate_node)"
install_chef_client
write_chef_config
install_trusted_certs
wait_node_associated "${node_association_status_token}"
if [ -z "${NODE_ENVIRONMENT}" ]; then
chef-client -r "${RUN_LIST}"
else
chef-client -r "${RUN_LIST}" -E "${NODE_ENVIRONMENT}"
fi