major: initial rossy cluster and biggish refactor

rossby/bin/adduser.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+id=$1
+user=$2
+name="$3"
+
+grp="\    $user = { gid = "$id"; };"
+
+read -d '' usr << EOF
+\\\   $user = {\\\n\
+      description = "$name";\\\n\
+      home = "/home/$user";\\\n\
+      group = "$user";\\\n\
+      extraGroups = [\\\n\
+        "users"\\\n\
+        "docker"\\\n\
+      ];\\\n\
+      uid = $id;\\\n\
+      isNormalUser = true;\\\n\
+      createHome = true;\\\n\
+      openssh.authorizedKeys.keys = [];\\\n\
+    };\\\n\
+
+EOF
+
+sed -i "
+/# @grp@/i $grp
+/# @usr@/i $usr
+" stokes/users.nix

rossby/bin/copy-hardware-configuration.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+TOP="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )/.."
+
+if [ $# != 1 ]; then
+    echo "usage: copy-hardware-configuration.sh name"
+    exit 1
+fi
+
+node=$1
+
+[ -e $node.nix ] && mv $node.nix $node.nix.bak
+
+scp root@$node:/etc/nixos/hardware-configuration.nix $node.nix

rossby/bin/deploy.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
+
+if [ $# = 0 ]; then
+    echo "usage: deploy.sh name ..."
+    exit 1
+fi
+
+if [ ! -f $TOP/$1/default.nix ]; then
+    echo "error: $1 does not contain a deployment"
+    exit 1
+fi
+
+cd $TOP/$1
+
+nixops list | grep -q $1
+if [ $? = 0 ]; then
+    echo "--- Updating deployment"
+    nixops modify -d $1 .
+else
+    echo "--- Creating deployment"
+    nixops create -d $1 .
+fi
+
+echo "--- Deploying $1"
+nixops deploy -k -d $* --allow-reboot

rossby/bin/initca.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
+
+if [ "x$1" = "x" ]; then
+    echo "usage: initca.sh {cluster}"
+    exit 1
+fi
+
+ca=$TOP/modules/initca.nix
+
+cd $TOP/$1
+
+echo "--- Preparing CA certificate"
+nix-build -o ca $ca
+
+echo "--- Safeguarding CA certificate"
+nix-store --add-root $(pwd)/ca --indirect -r $(nix-instantiate --add-root $ca)

rossby/bin/reboot.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
+
+if [ $# = 0 ]; then
+    echo "usage: reboot.sh cluster "
+    exit 1
+fi
+
+d=$1
+shift
+nixops reboot -d $d $*

rossby/bin/ssh.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+TOP="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)/.."
+
+if [ $# = 0 ]; then
+    echo "usage: ssh.sh cluster ..."
+    exit 1
+fi
+
+d=$1; shift
+
+nixops ssh-for-each -d $d -- $@

rossby/bin/teardown.sh

@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+TOP="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )/.."
+
+reboot=no
+case $1 in
+    --reboot) reboot=yes; shift ;;
+esac
+
+if [ $# != 1 ]; then
+    echo "usage: teardown.sh [--reboot] name"
+    exit 1
+fi
+
+d=$1
+tmp=$TOP/.$d.$$
+
+teardown () {
+    mkdir -p $tmp
+    cp -r $TOP/$d/* $tmp
+    sed -i '/k8s *= *{/,+1 s/enable *= *true/enable = false/' $tmp/cluster.nix
+    nixops modify -d $d $tmp
+    nixops deploy -d $d
+    [ $reboot = yes ] && nixops reboot -d $d
+    nixops ssh-for-each -d $d \
+        "rm -rf /var/run/kubernetes /var/lib/kubernetes /var/lib/etcd /var/lib/kubelet /var/lib/cfssl"
+    rm -rf $tmp
+}
+cat << EOF
+
+************************************************************************
+***                                                                  ***
+*** WARNING: This will irrevokably destroy the running cluster!      ***
+***                                                                  ***
+************************************************************************
+
+EOF
+
+echo "Are you sure you want to tear down $d? (YES/no)"
+read a
+case $a in
+    YES) teardown ;;
+    *) echo "Bailing out." ;;
+esac
+