feat(gb-infra): Update ALM CI and Drive scripts for improved configuration and service management
This commit is contained in:
Rodrigo Rodriguez (Pragmatismo)
parent
861513709d
commit
94abb1b02f
4 changed files with 83 additions and 34 deletions
14
gb-infra/README.md
Normal file
14
gb-infra/README.md
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
|
||||
# Backup
|
||||
|
||||
## Fastest way to tranfer files between servers over TCP/IP
|
||||
|
||||
rsync -avz --progress --bwlimit=0 -e "ssh -p 22 -T -c aes128-gcm@openssh.com -o Compression=no -o IPQoS=throughput" gbbackup@host.com.br:/opt/gbo/backup /home/user/Desktop
|
||||
|
||||
|
||||
# Security
|
||||
|
||||
apt update && apt install -y fail2ban iptables-persistent
|
||||
|
||||
systemctl enable fail2ban
|
||||
systemctl enable netfilter-persistent
|
||||
|
|
@ -1,24 +1,33 @@
|
|||
#!/bin/bash
|
||||
|
||||
ALM_CI_VERSION="v6.3.1"
|
||||
ALM_CI_NAME="CI"
|
||||
ALM_CI_LABELS="pragmatismo.com.br"
|
||||
ALM_CI_BIN_PATH="/opt/gbo/bin"
|
||||
ALM_CI_LABELS="gbo"
|
||||
|
||||
HOST_BASE="/opt/gbo/tenants/$PARAM_TENANT/alm-ci"
|
||||
HOST_DATA="$HOST_BASE/data"
|
||||
HOST_CONF="$HOST_BASE/conf"
|
||||
HOST_LOGS="$HOST_BASE/logs"
|
||||
BIN_PATH="/opt/gbo/bin"
|
||||
|
||||
mkdir -p "${ALM_CI_BIN_PATH}"
|
||||
chmod -R 750 "${ALM_CI_BIN_PATH}"
|
||||
chown -R 100999:100999 "${ALM_CI_BIN_PATH}"
|
||||
mkdir -p "$HOST_DATA" "$HOST_CONF" "$HOST_LOGS"
|
||||
chmod -R 750 "$HOST_BASE"
|
||||
|
||||
lxc launch images:debian/12 "${PARAM_TENANT}-alm-ci" -c security.privileged=true
|
||||
sleep 15
|
||||
|
||||
# Add directory mappings before installation
|
||||
lxc config device add "${PARAM_TENANT}-alm-ci" almdata disk source="$HOST_DATA" path=/opt/gbo/data
|
||||
lxc config device add "${PARAM_TENANT}-alm-ci" almconf disk source="$HOST_CONF" path=/opt/gbo/conf
|
||||
lxc config device add "${PARAM_TENANT}-alm-ci" almlogs disk source="$HOST_LOGS" path=/opt/gbo/logs
|
||||
|
||||
lxc exec "${PARAM_TENANT}-alm-ci" -- bash -c "
|
||||
apt-get update && apt-get install -y wget
|
||||
wget -O ${ALM_CI_BIN_PATH}/forgejo-runner https://code.forgejo.org/forgejo/runner/releases/download/${ALM_CI_VERSION}/forgejo-runner-${ALM_CI_VERSION}-linux-amd64
|
||||
chmod +x ${ALM_CI_BIN_PATH}/forgejo-runner
|
||||
|
||||
${ALM_CI_BIN_PATH}/forgejo-runner register --no-interactive \
|
||||
mkdir -p ${BIN_PATH} /opt/gbo/data /opt/gbo/conf /opt/gbo/logs
|
||||
wget -O ${BIN_PATH}/forgejo-runner https://code.forgejo.org/forgejo/runner/releases/download/v6.3.1/forgejo-runner-6.3.1-linux-amd64
|
||||
chmod +x ${BIN_PATH}/forgejo-runner
|
||||
|
||||
${BIN_PATH}/forgejo-runner register --no-interactive \
|
||||
--name \"${ALM_CI_NAME}\" \
|
||||
--instance \"${PARAM_ALM_CI_INSTANCE}\" \
|
||||
--token \"${PARAM_ALM_CI_TOKEN}\" \
|
||||
|
|
@ -33,8 +42,11 @@ After=network.target
|
|||
Type=simple
|
||||
User=root
|
||||
Group=root
|
||||
ExecStart=${ALM_CI_BIN_PATH}/forgejo-runner daemon
|
||||
WorkingDirectory=/opt/gbo/data
|
||||
ExecStart=${BIN_PATH}/forgejo-runner daemon
|
||||
Restart=always
|
||||
StandardOutput=append:/opt/gbo/logs/stdout.log
|
||||
StandardError=append:/opt/gbo/logs/stderr.log
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -43,4 +55,7 @@ EOF
|
|||
systemctl daemon-reload
|
||||
systemctl enable alm-ci
|
||||
systemctl start alm-ci
|
||||
"
|
||||
"
|
||||
|
||||
# Fix permissions on host
|
||||
chown -R 100000:100000 "$HOST_BASE" # Using default LXC mapping for root
|
||||
|
|
@ -1,52 +1,54 @@
|
|||
#!/bin/bash
|
||||
STORAGE_PATH="/opt/gbo/tenants/$PARAM_TENANT/drive/data"
|
||||
|
||||
DATA_PATH="/opt/gbo/tenants/$PARAM_TENANT/drive/data"
|
||||
LOGS_PATH="/opt/gbo/tenants/$PARAM_TENANT/drive/logs"
|
||||
|
||||
mkdir -p "${STORAGE_PATH}" "${LOGS_PATH}"
|
||||
chmod -R 770 "${STORAGE_PATH}" "${LOGS_PATH}"
|
||||
chown -R 100999:100999 "${STORAGE_PATH}" "${LOGS_PATH}"
|
||||
mkdir -p "${DATA_PATH}" "${LOGS_PATH}"
|
||||
chmod -R 770 "${DATA_PATH}" "${LOGS_PATH}"
|
||||
chown -R 100999:100999 "${DATA_PATH}" "${LOGS_PATH}"
|
||||
|
||||
lxc launch images:debian/12 "${PARAM_TENANT}-drive" -c security.privileged=true
|
||||
sleep 15
|
||||
|
||||
lxc config device add "${PARAM_TENANT}-drive" storage disk source="${STORAGE_PATH}" path=/data
|
||||
lxc config device add "${PARAM_TENANT}-drive" logs disk source="${LOGS_PATH}" path=/var/log/minio
|
||||
lxc config device add "${PARAM_TENANT}-drive" storage disk source="${DATA_PATH}" path=/opt/gbo/data
|
||||
lxc config device add "${PARAM_TENANT}-drive" logs disk source="${LOGS_PATH}" path=/opt/gbo/logs
|
||||
|
||||
lxc exec "${PARAM_TENANT}-drive" -- bash -c '
|
||||
|
||||
mkdir -p /opt/gbo/logs /opt/gbo/data /opt/gbo/bin
|
||||
useradd -r -s /bin/false gbuser || true
|
||||
chown -R gbuser:gbuser /opt/gbo/logs /opt/gbo/data
|
||||
|
||||
apt-get update && apt-get install -y wget
|
||||
wget https://dl.min.io/server/minio/release/linux-amd64/minio -O /usr/local/bin/minio
|
||||
chmod +x /usr/local/bin/minio
|
||||
wget https://dl.min.io/server/minio/release/linux-amd64/minio -O /opt/gbo/bin/minio
|
||||
chmod +x /opt/gbo/bin/minio
|
||||
|
||||
useradd -r -s /bin/false minio-user || true
|
||||
mkdir -p /var/log/minio /data
|
||||
chown -R minio-user:minio-user /var/log/minio /data
|
||||
|
||||
cat > /etc/systemd/system/minio.service <<EOF
|
||||
cat > /etc/systemd/system/drive.service <<EOF
|
||||
[Unit]
|
||||
Description=MinIO
|
||||
Description=drive
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=minio-user
|
||||
Group=minio-user
|
||||
User=gbuser
|
||||
Group=gbuser
|
||||
Environment="MINIO_ROOT_USER='"${PARAM_DRIVE_USER}"'"
|
||||
Environment="MINIO_ROOT_PASSWORD='"${PARAM_DRIVE_PASSWORD}"'"
|
||||
ExecStart=/usr/local/bin/minio server --console-address ":'"${PARAM_DRIVE_PORT}"'" /data
|
||||
StandardOutput=append:/var/log/minio/output.log
|
||||
StandardError=append:/var/log/minio/error.log
|
||||
ExecStart=/opt/gbo/bin/minio server --console-address ":'"${PARAM_DRIVE_PORT}"'" /opt/gbo/data
|
||||
StandardOutput=append:/opt/gbo/logs/output.log
|
||||
StandardError=append:/opt/gbo/logs/error.log
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable minio
|
||||
systemctl start minio
|
||||
systemctl enable drive
|
||||
systemctl start drive
|
||||
'
|
||||
|
||||
lxc config device remove "${PARAM_TENANT}-drive" minio-proxy 2>/dev/null || true
|
||||
lxc config device add "${PARAM_TENANT}-drive" minio-proxy proxy \
|
||||
lxc config device remove "${PARAM_TENANT}-drive" drive-proxy 2>/dev/null || true
|
||||
lxc config device add "${PARAM_TENANT}-drive" drive-proxy proxy \
|
||||
listen=tcp:0.0.0.0:"${PARAM_DRIVE_API_PORT}" \
|
||||
connect=tcp:127.0.0.1:"${PARAM_DRIVE_API_PORT}"
|
||||
|
||||
|
|
|
|||
18
gb-infra/src/scripts/limits.sh
Normal file
18
gb-infra/src/scripts/limits.sh
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
for container in $(lxc list -c n --format csv); do
|
||||
lxc config set "$container" limits.memory 2048MB
|
||||
lxc config set "$container" limits.cpu.allowance "20ms/100ms"
|
||||
lxc config set "$container" limits.cpu 1
|
||||
lxc config set "$container" limits.cpu.priority 1
|
||||
done
|
||||
|
||||
# Restart all containers (gracefully)
|
||||
for container in $(lxc list -c n --format csv); do
|
||||
echo "Restarting $container..."
|
||||
lxc restart "$container" # --force ensures a hard restart if needed
|
||||
done
|
||||
|
||||
# Check limits for all containers
|
||||
for container in $(lxc list -c n --format csv); do
|
||||
echo "--- $container ---"
|
||||
lxc config show "$container" | grep -E "memory|cpu"
|
||||
done
|
||||
Loading…
Add table
Reference in a new issue