func (pc *NodeController) getNodeAddAction(c *gin.Context) {
basicAuth := env.Get("BASIC_AUTH")
if auth := env.Get("BASIC_AUTH"); auth != "" {
basicAuth = "-u " + auth + " "
}
c.HTML(http.StatusOK, "node_add.html", map[string]interface{}{
"PublicHost": c.DefaultQuery("karhu_url", env.Get("PUBLIC_HOST")),
"SshUser": c.DefaultQuery("ssh_user", "root"),
"SshPort": c.DefaultQuery("ssh_port", "22"),
"Monit": c.DefaultQuery("monit", "1"),
"BasicAuth": basicAuth,
})
}
func (pc *NodeController) postNodeAddDOAction(c *gin.Context) {
var form models.DONodeCreateForm
if err := c.Bind(&form); err != nil {
c.AbortWithStatus(http.StatusBadRequest)
return
}
if err := form.Validate(); err != nil {
log.Println("invalid", err)
c.Redirect(http.StatusFound, c.Request.Referer())
return
}
a, err := models.AccessMapper.FetchOne("do")
if err != nil {
panic(err)
}
if a == nil {
c.Redirect(http.StatusFound, c.Request.Referer())
return
}
basicAuth := env.Get("BASIC_AUTH")
if auth := env.Get("BASIC_AUTH"); auth != "" {
basicAuth = "-u " + auth + " "
}
keyFingerprint, err := ssh.GetFingerprint()
if err != nil {
panic(err)
}
oauthClient := oauth2.NewClient(oauth2.NoContext, &DOTokenSource{
AccessToken: a.AccessKey,
})
client := godo.NewClient(oauthClient)
// Register key
key, _, err := client.Keys.GetByFingerprint(keyFingerprint)
if err != nil && !strings.Contains(err.Error(), "404 The resource you were accessing could not be found") {
panic(err)
}
if key == nil {
publicKey, err := ssh.GetPublicKey()
if err != nil {
panic(err)
}
key, _, err = client.Keys.Create(&godo.KeyCreateRequest{
Name: "karhu",
PublicKey: string(publicKey),
})
if err != nil && !strings.Contains(err.Error(), "SSH Key is already in use on your account") {
panic(err)
}
}
if _, _, err := client.Droplets.Create(&godo.DropletCreateRequest{
Name: form.Hostname,
Region: form.Region,
Size: form.InstanceType,
Image: godo.DropletCreateImage{Slug: "debian-8-x64"},
SSHKeys: []godo.DropletCreateSSHKey{{Fingerprint: keyFingerprint}},
Backups: form.Backups == "on",
IPv6: form.IpV6 == "on",
PrivateNetworking: form.PrivateNetwork == "on",
// UserData: fmt.Sprintf(`#!/bin/bash
// sudo apt-get update && \
// sudo apt-get install -y curl && \
// curl %s"%s/api/nodes/register.sh?monit=1&ssh_port=22" | bash`, basicAuth, env.Get("PUBLIC_HOST")),
UserData: fmt.Sprintf(`#cloud-config
repo_update: true
repo_upgrade: all
packages:
- curl
runcmd:
- curl %s"%s/api/nodes/register.sh?monit=1&ssh_port=22" | bash`, basicAuth, env.Get("PUBLIC_HOST")),
}); err != nil {
panic(err)
}
c.Redirect(http.StatusFound, "/nodes")
}
func GetCert() ([]byte, error) {
return ioutil.ReadFile(env.Get("LOGSTASH_TLS_CRT"))
}
func (pc *NodeController) postNodeAddEc2Action(c *gin.Context) {
var form models.EC2NodeCreateForm
if err := c.Bind(&form); err != nil {
c.AbortWithStatus(http.StatusBadRequest)
return
}
if err := form.Validate(); err != nil {
c.Redirect(http.StatusFound, c.Request.Referer())
return
}
a, err := models.AccessMapper.FetchOne("ec2")
if err != nil {
panic(err)
}
if a == nil {
c.Redirect(http.StatusFound, c.Request.Referer())
return
}
basicAuth := env.Get("BASIC_AUTH")
if auth := env.Get("BASIC_AUTH"); auth != "" {
basicAuth = "-u " + auth + " "
}
auth, err := aws.GetAuth(a.AccessKey, a.PrivateKey, "", time.Now().Add(time.Hour))
if err != nil {
panic(err)
}
awsec2 := ec2.New(auth, aws.Regions[form.AvailabilityZone])
// Create public key
// Waiting for merge pull request https://github.com/goamz/goamz/pull/111
// {
// key, err := ssh.GetPublicKey()
// if err != nil {
// panic(err)
// }
// if _, err := awsec2.ImportKeyPair(&ImportKeyPairOptions{
// KeyName: "karhu",
// PublicKeyMaterial: string(key),
// }); err != nil {
// panic(err)
// }
// }
if _, err := awsec2.RunInstances(&ec2.RunInstancesOptions{
ImageId: "ami-e31a6594",
MinCount: 1,
MaxCount: 0,
KeyName: "karhu",
InstanceType: form.InstanceType,
SecurityGroups: []ec2.SecurityGroup{{Id: form.SecurityGroup}},
// KernelId : string
// RamdiskId : string
UserData: []byte(fmt.Sprintf(`#!/bin/bash
sudo apt-get update && \
sudo apt-get install -y curl && \
curl %s"%s/api/nodes/register.sh?monit=1&ssh_port=22" | sudo -i -u admin bash`, basicAuth, env.Get("PUBLIC_HOST"))),
AvailabilityZone: "eu-west-1c", // Waiting for https://github.com/goamz/goamz/pull/112
// PlacementGroupName : string
Tenancy: "default",
Monitoring: form.Monitoring == "on",
SubnetId: "subnet-425a4f27", // Waiting for https://github.com/goamz/goamz/pull/112
// DisableAPITermination : bool
// ShutdownBehavior : string
// PrivateIPAddress : string
// IamInstanceProfile : IamInstanceProfile
// BlockDevices : []BlockDeviceMapping
// EbsOptimized : bool
// AssociatePublicIpAddress :bool
}); err != nil {
panic(err)
}
c.Redirect(http.StatusFound, "/nodes")
}
func (pc *NodeController) getRegisterSH(c *gin.Context) {
publicKey, err := ssh.GetPublicKey()
if err != nil {
panic(err)
}
karhuHost := env.GetDefault("PUBLIC_HOST", "http://127.0.0.1:8080")
logstashIP := env.GetDefault("LOGSTASH_IP", "127.0.0.1")
collectdUser, collectdPassword, err := logstash.ReadAuthfile()
if err != nil {
panic(err)
}
log.Println("URL:", c.Request.URL)
clientIP := c.ClientIP()
basicAuth := ""
if auth := env.Get("BASIC_AUTH"); auth != "" {
basicAuth = `"-u ` + auth + `"`
}
c.String(http.StatusOK, fmt.Sprintf(`
#!/bin/bash
echo "Registering host on Karhu..."; echo
KARHU_HOST=%s
LOGSTASH_IP=%s
PUBLIC_KEY='%s'
LOGSTASH_CRT_URL=$KARHU_HOST/api/nodes/config/logstash.crt
LOGSTASH_CRT_PATH=/etc/filebeat/certs/logstash.crt
FILEBEAT_CONFIG_URL=$KARHU_HOST/api/nodes/config/filebeat.yml
FILEBEAT_CONFIG_PATH=/etc/filebeat/filebeat.yml
AUTHORIZED_KEYS_DIR=%s
AUTHORIZED_KEYS_FILE=%s
CLIENT_IP=%s
SSH_PORT=%s
SSH_USER=$(whoami)
BASIC_AUTH=%s
SETUP_MONITORING=%s
INFLUXDB_COLLECTD_HOST=%s
INFLUXDB_COLLECTD_PORT=%s
COLLECTD_USERNAME=%s
COLLECTD_PASSWORD=%s
COLLECTD_CONFIG_PATH=/etc/collectd/collectd.conf.d/karhu.conf
NO_REGISTER=%s
SUDO=
if [ "$SSH_USER" != "root" ]; then
echo "Check sudo..."
sudo -n true
if [ "$?" != "0" ]; then
echo "You need root access or sudo without password..."
exit 1
fi
SUDO=sudo
fi
if [ "$NO_REGISTER" != "1" ]; then
if [ ! -d "$AUTHORIZED_KEYS_DIR" ]; then
mkdir -p $AUTHORIZED_KEYS_DIR || exit 1
fi
if [ ! -f "$AUTHORIZED_KEYS_FILE" ]; then
touch $AUTHORIZED_KEYS_FILE || exit 1
fi
echo "Setting up ssh keys..."
grep -q -F "$(echo $PUBLIC_KEY)" $AUTHORIZED_KEYS_FILE || echo $PUBLIC_KEY >> $AUTHORIZED_KEYS_FILE
echo "Registering node..."
curl --fail $BASIC_AUTH -X POST $KARHU_HOST/api/nodes -d hostname=$(hostname) -d ip=$CLIENT_IP -d ssh_port=$SSH_PORT -d ssh_user=$SSH_USER || exit 1
echo
fi
if [ "$SETUP_MONITORING" = "1" ]; then
echo "Setup logstash host"
$SUDO sed '/ karhu$/{h;s/.*/'$LOGSTASH_IP' karhu/};${x;/^$/{s//'$LOGSTASH_IP' karhu/;H};x}' -i /etc/hosts
echo "Setup monitoring..."
if [ ! -f "$(which collectd)" ]; then
$SUDO apt-get update || exit 1
$SUDO apt-get install -y --no-install-recommends collectd || exit 1
fi
echo "LoadPlugin network
<Plugin "network">
<Server \"karhu\" \"$INFLUXDB_COLLECTD_PORT\">
SecurityLevel "Encrypt"
Username "$COLLECTD_USERNAME"
Password "$COLLECTD_PASSWORD"
</Server>
</Plugin>" | $SUDO tee $COLLECTD_CONFIG_PATH || exit 1
echo "Restard collectd"
$SUDO service collectd restart || exit 1
# Setup filebeat
if [ ! -f "$(which filebeat)" ]; then
echo "deb https://packages.elastic.co/beats/apt stable main" | $SUDO tee /etc/apt/sources.list.d/beats.list || exit 1
curl -L https://packages.elastic.co/GPG-KEY-elasticsearch | $SUDO apt-key add - || exit 1
$SUDO apt-get update || exit 1
$SUDO apt-get install -y filebeat || exit 1
fi
if [ ! -d "$(dirname $LOGSTASH_CRT_PATH)" ]; then
$SUDO mkdir -p $(dirname $LOGSTASH_CRT_PATH) || exit 1
fi
# setup crt
$SUDO curl $BASIC_AUTH -o $LOGSTASH_CRT_PATH $LOGSTASH_CRT_URL || exit 1
# setup config
$SUDO curl $BASIC_AUTH -o $FILEBEAT_CONFIG_PATH $FILEBEAT_CONFIG_URL || exit 1
$SUDO service filebeat restart || exit 1
fi
# Alerts
$SUDO apt-get install -y nagios-plugins
echo "Done."`, karhuHost, logstashIP, publicKey, ssh.SSH_AUTHORIZED_KEYS_DIR, ssh.AuthorizedKeysPath(), clientIP, c.DefaultQuery("ssh_port", "22") /*, c.DefaultQuery("ssh_user", "root") */, basicAuth, c.DefaultQuery("monit", "1"), env.Get("INFLUXDB_COLLECTD_HOST"), env.Get("INFLUXDB_COLLECTD_PORT"), collectdUser, collectdPassword, c.DefaultQuery("noreg", "0")))
}