Changes in 1dc268f: bug6021: starting with mongo_instance

				configuration/environments_scripts/mongo_instance_setup/files/etc/mongod.conf
			
          @@ -29,7 +29,6 @@ processManagement:

           net:

             port: 27017

           #  bindIp: 127.0.0.1  # Listen to local interface only, comment to listen on all interfaces.

          -#  bindIp: 172.31.33.146

             bindIp: 0.0.0.0

           #security:

				configuration/environments_scripts/mongo_instance_setup/setup-mongo-instance.sh
			
          @@ -0,0 +1,61 @@

          +#!/bin/bash

          +# Usage: Launch an Amazon EC2 instance from an Amazon Linux 2 AMI with

          +# 8GB of root partition size and the "MongoDB Replica Set" security group

          +# using an SSH key for which you have a working private key available.

          +# Then, run this script on your local computer, using the external IP address

          +# of the instance you just launched in AWS as only argument. This will then

          +# turn the instance into a MongoDB replica set node.

          +# When the script is done you may log in to look around and check

          +# things. When done, shut down the instance (Stop, not Terminate) and create

          +# an image off of it, naming it, e.g., "MongoDB Live Replica Set NVMe 2.0" and

          +# also tagging its root volume snapshot as, e.g., "MongoDB Live Replica Set NVMe 2.0 (Root)".

          +# If you want to use the resulting image in production, also tag it with

          +# tag key "image-type" and tag value "mongodb-server".

          +if [ $# != 0 ]; then

          +  SERVER=$1

          +  scp "${0}" ec2-user@${SERVER}:

          +  ssh -A ec2-user@${SERVER} ./$( basename "${0}" )

          +else

          +  if ec2-metadata | grep -q instance-id; then

          +    echo "Running on an AWS EC2 instance as user ${USER} / $(whoami), starting setup..."

          +    # Install standard packages:

          +    sudo yum -y update

          +    sudo yum -y install nvme-cli chrony cronie cronie-anacron jq mailx

          +    # Copy imageupgrade_function.sh

          +    scp -o StrictHostKeyChecking=no -p root@sapsailing.com:/home/wiki/gitwiki/configuration/environments_scripts/repo/usr/local/bin/imageupgrade_functions.sh .

          +    sudo mv imageupgrade_functions.sh /usr/local/bin

          +    # build-crontab

          +    . imageupgrade_functions.sh

          +    build_crontab_and_setup_files mongo_instance_setup

          +    # obtain root SSH key from key vault:

          +    setup_keys "mongo_instance_setup"

          +    # Configure SSH daemon:

          +    sudo su - -c "cat << EOF >>/etc/ssh/sshd_config

          +MaxStartups 100

          +EOF

          +"

          +    # Install MongoDB 4.4 and configure as replica set "live"

          +    sudo su - -c "cat << EOF >/etc/yum.repos.d/mongodb-org.4.4.repo

          +[mongodb-org-4.4]

          +name=MongoDB Repository

          +baseurl=https://repo.mongodb.org/yum/amazon/2/mongodb-org/4.4/x86_64/

          +gpgcheck=1

          +enabled=1

          +gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc

          +EOF

          +"

          +    sudo yum -y update

          +    sudo yum -y install mongodb-org-server mongodb-org-shell mongodb-org-tools

          +    sudo sed -i -e 's/bindIp: *[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/bindIp: 0.0.0.0/' \

          +                -e 's|^processManagement:$|processManagement:\n  fork: true  # fork and run in background\n  pidFilePath: /var/run/mongodb/mongod.pid  # location of pidfile|' /etc/mongod.conf

          +    scp root@sapsailing.com:ssh-key-reader.token /tmp

          +    sudo mv /tmp/ssh-key-reader.token /root

          +    sudo chown root:root /root/ssh-key-reader.token

          +    sudo chmod 600 /root/ssh-key-reader.token

          +    setup_sshd_resilience

          +  else

          +    echo "Not running on an AWS instance; refusing to run setup!" >&2

          +    echo "To prepare an instance running in AWS, provide its external IP as argument to this script." >&2

          +    exit 2

          +  fi

          +fi

				configuration/environments_scripts/repo/usr/local/bin/imageupgrade_functions.sh
			
          @@ -124,7 +124,8 @@ build_crontab_and_setup_files() {

                   # user of the scp command (as seen in the second command below).

                   scp -o StrictHostKeyChecking=no -pr wiki@"$HOSTNAME":~/gitwiki/configuration/environments_scripts/* "${TEMP_ENVIRONMENTS_SCRIPTS}"

                   [[ "$?" -eq 0 ]] || scp -o StrictHostKeyChecking=no -pr root@"$HOSTNAME":/home/wiki/gitwiki/configuration/environments_scripts/* "${TEMP_ENVIRONMENTS_SCRIPTS}" # For initial setup as not all landscape managers have direct wiki access.

          -        sudo chown root:root "$TEMP_ENVIRONMENTS_SCRIPTS"

          +        sudo chown root:root "${TEMP_ENVIRONMENTS_SCRIPTS}"

          +        sudo chmod a+r "${TEMP_ENVIRONMENTS_SCRIPTS}"

                   cd "${TEMP_ENVIRONMENTS_SCRIPTS}"

                   # Add all args to array, otherwise, if PASS_OPTIONS is empty, and we also pass $@ then argument $1 is in fact null, which would cause errors.

                   for option in "$@"; do

				configuration/environments_scripts/sailing_server/setup-sailing-server.sh
			
          @@ -32,9 +32,6 @@ else

               sudo mv imageupgrade_functions.sh /usr/local/bin

               # build-crontab

               . imageupgrade_functions.sh

          -    # The 2nd argument references a user home to navigate to and the 3rd argument is the path to navigate to within that user to find a checked

          -    # out git workspace. This dependency will be removed in the future, when we no longer have any dependency on a checked out

          -    # workspace on a sailing server.

               build_crontab_and_setup_files sailing_server

               # Create an SSH key pair with empty passphrase for ec2-user, deploy it to trac@sapsailing.com

               # and then move it to the sailing user's .ssh directory

				wiki/info/landscape/creating-ec2-mongodb-image-from-scratch.md
			
          @@ -57,7 +57,6 @@ storage:

               enabled: true

             directoryPerDB: true

           #  engine:

          -#  mmapv1:

           #  wiredTiger:

           # how the process runs

          @@ -77,7 +76,7 @@ net:

           #operationProfiling:

           replication:

          -  replSetName: live

          +  replSetName: "live"

           #sharding:

...	...	@@ -29,7 +29,6 @@ processManagement:
29	29	net:
30	30	port: 27017
31	31	# bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces.
32		-# bindIp: 172.31.33.146
33	32	bindIp: 0.0.0.0
34	33
35	34	#security:

...	...	@@ -0,0 +1,61 @@
	1	+#!/bin/bash
	2	+# Usage: Launch an Amazon EC2 instance from an Amazon Linux 2 AMI with
	3	+# 8GB of root partition size and the "MongoDB Replica Set" security group
	4	+# using an SSH key for which you have a working private key available.
	5	+# Then, run this script on your local computer, using the external IP address
	6	+# of the instance you just launched in AWS as only argument. This will then
	7	+# turn the instance into a MongoDB replica set node.
	8	+# When the script is done you may log in to look around and check
	9	+# things. When done, shut down the instance (Stop, not Terminate) and create
	10	+# an image off of it, naming it, e.g., "MongoDB Live Replica Set NVMe 2.0" and
	11	+# also tagging its root volume snapshot as, e.g., "MongoDB Live Replica Set NVMe 2.0 (Root)".
	12	+# If you want to use the resulting image in production, also tag it with
	13	+# tag key "image-type" and tag value "mongodb-server".
	14	+if [ $# != 0 ]; then
	15	+ SERVER=$1
	16	+ scp "${0}" ec2-user@${SERVER}:
	17	+ ssh -A ec2-user@${SERVER} ./$( basename "${0}" )
	18	+else
	19	+ if ec2-metadata \| grep -q instance-id; then
	20	+ echo "Running on an AWS EC2 instance as user ${USER} / $(whoami), starting setup..."
	21	+ # Install standard packages:
	22	+ sudo yum -y update
	23	+ sudo yum -y install nvme-cli chrony cronie cronie-anacron jq mailx
	24	+ # Copy imageupgrade_function.sh
	25	+ scp -o StrictHostKeyChecking=no -p root@sapsailing.com:/home/wiki/gitwiki/configuration/environments_scripts/repo/usr/local/bin/imageupgrade_functions.sh .
	26	+ sudo mv imageupgrade_functions.sh /usr/local/bin
	27	+ # build-crontab
	28	+ . imageupgrade_functions.sh
	29	+ build_crontab_and_setup_files mongo_instance_setup
	30	+ # obtain root SSH key from key vault:
	31	+ setup_keys "mongo_instance_setup"
	32	+ # Configure SSH daemon:
	33	+ sudo su - -c "cat << EOF >>/etc/ssh/sshd_config
	34	+MaxStartups 100
	35	+EOF
	36	+"
	37	+ # Install MongoDB 4.4 and configure as replica set "live"
	38	+ sudo su - -c "cat << EOF >/etc/yum.repos.d/mongodb-org.4.4.repo
	39	+[mongodb-org-4.4]
	40	+name=MongoDB Repository
	41	+baseurl=https://repo.mongodb.org/yum/amazon/2/mongodb-org/4.4/x86_64/
	42	+gpgcheck=1
	43	+enabled=1
	44	+gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc
	45	+EOF
	46	+"
	47	+ sudo yum -y update
	48	+ sudo yum -y install mongodb-org-server mongodb-org-shell mongodb-org-tools
	49	+ sudo sed -i -e 's/bindIp: *[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/bindIp: 0.0.0.0/' \
	50	+ -e 's\|^processManagement:$\|processManagement:\n fork: true # fork and run in background\n pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile\|' /etc/mongod.conf
	51	+ scp root@sapsailing.com:ssh-key-reader.token /tmp
	52	+ sudo mv /tmp/ssh-key-reader.token /root
	53	+ sudo chown root:root /root/ssh-key-reader.token
	54	+ sudo chmod 600 /root/ssh-key-reader.token
	55	+ setup_sshd_resilience
	56	+ else
	57	+ echo "Not running on an AWS instance; refusing to run setup!" >&2
	58	+ echo "To prepare an instance running in AWS, provide its external IP as argument to this script." >&2
	59	+ exit 2
	60	+ fi
	61	+fi

...	...	@@ -124,7 +124,8 @@ build_crontab_and_setup_files() {
124	124	# user of the scp command (as seen in the second command below).
125	125	scp -o StrictHostKeyChecking=no -pr wiki@"$HOSTNAME":~/gitwiki/configuration/environments_scripts/* "${TEMP_ENVIRONMENTS_SCRIPTS}"
126	126	[[ "$?" -eq 0 ]] \|\| scp -o StrictHostKeyChecking=no -pr root@"$HOSTNAME":/home/wiki/gitwiki/configuration/environments_scripts/* "${TEMP_ENVIRONMENTS_SCRIPTS}" # For initial setup as not all landscape managers have direct wiki access.
127		- sudo chown root:root "$TEMP_ENVIRONMENTS_SCRIPTS"
	127	+ sudo chown root:root "${TEMP_ENVIRONMENTS_SCRIPTS}"
	128	+ sudo chmod a+r "${TEMP_ENVIRONMENTS_SCRIPTS}"
128	129	cd "${TEMP_ENVIRONMENTS_SCRIPTS}"
129	130	# Add all args to array, otherwise, if PASS_OPTIONS is empty, and we also pass $@ then argument $1 is in fact null, which would cause errors.
130	131	for option in "$@"; do

...	...	@@ -32,9 +32,6 @@ else
32	32	sudo mv imageupgrade_functions.sh /usr/local/bin
33	33	# build-crontab
34	34	. imageupgrade_functions.sh
35		- # The 2nd argument references a user home to navigate to and the 3rd argument is the path to navigate to within that user to find a checked
36		- # out git workspace. This dependency will be removed in the future, when we no longer have any dependency on a checked out
37		- # workspace on a sailing server.
38	35	build_crontab_and_setup_files sailing_server
39	36	# Create an SSH key pair with empty passphrase for ec2-user, deploy it to trac@sapsailing.com
40	37	# and then move it to the sailing user's .ssh directory

...	...	@@ -57,7 +57,6 @@ storage:
57	57	enabled: true
58	58	directoryPerDB: true
59	59	# engine:
60		-# mmapv1:
61	60	# wiredTiger:
62	61
63	62	# how the process runs
...	...	@@ -77,7 +76,7 @@ net:
77	76	#operationProfiling:
78	77
79	78	replication:
80		- replSetName: live
	79	+ replSetName: "live"
81	80
82	81	#sharding:
83	82

bug6021: starting with mongo_instance_setup script