hashipi

Raspberry Pi Test Cluster for HashiCorp Vault, Nomad and Consul
git clone https://git.in0rdr.ch/hashipi.git
Log | Files | Refs | Pull requests |Archive | README

bootstrap.sh (2432B)

      1 #!/usr/bin/env bash
      2 #
      3 # Packer shell provisioner for Arch Linux on Raspberry Pi
      4 #
      5 # set -o errexit
      6 # set -o nounset
      7 set -o xtrace
      8 
      9 # Set hostname
     10 echo "${HOSTNAME}" > /etc/hostname
     11 
     12 # Resolve hostname
     13 cat << EOF > /etc/hosts
     14 127.0.0.1        localhost
     15 ::1              localhost ip6-localhost ip6-loopback
     16 ff02::1          ip6-allnodes
     17 ff02::2          ip6-allrouters
     18 
     19 127.0.1.1        $HOSTNAME
     20 EOF
     21 
     22 # Add HashiCorp repository
     23 wget -O- https://apt.releases.hashicorp.com/gpg \
     24  | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
     25 echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \
     26  | tee /etc/apt/sources.list.d/hashicorp.list
     27 
     28 # Install packages
     29 apt-get update
     30 DEBIAN_FRONTEND=noninteractive apt-get install -y jq podman cloud-init curl \
     31  "nomad=${NOMAD_VERSION}-1"
     32 
     33 curl -L -o openbao.deb "https://github.com/openbao/openbao/releases/download/v${BAO_VERSION}/bao_${BAO_VERSION}_linux_arm64.deb"
     34 apt install ./openbao.deb
     35 
     36 # Configure insecure local registry
     37 cat << EOF > /etc/containers/registries.conf
     38 unqualified-search-registries = ['127.0.0.1:5000', 'haproxy.lan:5000', 'docker.io']
     39 
     40 [[registry]]
     41 location = "127.0.0.1:5000"
     42 insecure = true
     43 [[registry]]
     44 location = "haproxy.lan:5000"
     45 insecure = true
     46 EOF
     47 
     48 # Set up no-password sudo
     49 rm /etc/sudoers.d/010_pi-nopasswd
     50 echo '%sudo ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/010_all-nopasswd
     51 
     52 # Enable ssh and disable password auth
     53 touch /boot/ssh
     54 sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
     55 
     56 # Delete default user pi
     57 userdel -r pi
     58 
     59 # Create user
     60 useradd -m "${USERNAME}"
     61 usermod -aG sudo "${USERNAME}"
     62 
     63 # Setup ssh keys
     64 mkdir "/home/${USERNAME}/.ssh"
     65 touch "/home/${USERNAME}/.ssh/authorized_keys"
     66 cat << EOF > "/home/${USERNAME}/.ssh/authorized_keys"
     67 $AUTHORIZED_KEYS
     68 EOF
     69 
     70 chown -R $USERNAME "/home/${USERNAME}/.ssh"
     71 chmod 700 "/home/${USERNAME}/.ssh"
     72 chmod 600 "/home/${USERNAME}/.ssh/authorized_keys"
     73 
     74 # Add cloud-init configuration for first boot
     75 # https://cloudinit.readthedocs.io/en/latest/reference/yaml_examples/disk_setup.html
     76 cat << EOF > /etc/cloud/cloud.cfg.d/99_hashipi_cloudinit.cfg
     77 #cloud-config
     78 
     79 # Growpart is enabled by default on the root partition
     80 #growpart:
     81 #  mode: auto
     82 #  devices: [\"/\"]
     83 #  ignore_growroot_disabled: false
     84 
     85 # Resize filesystem to use all available space on partition
     86 resize_rootfs: noblock
     87 EOF