userdate_template port to Debian, apt, aws cli install
This commit is contained in:
parent
c1100f96e6
commit
50322cbf79
|
@ -18,8 +18,7 @@ set -e
|
||||||
# Note: dollar-sign curly braces are template values from Terraform.
|
# Note: dollar-sign curly braces are template values from Terraform.
|
||||||
# Non curly brace ones are normal bash variables...
|
# Non curly brace ones are normal bash variables...
|
||||||
|
|
||||||
yum update -y
|
sudo apt update -y && sudo apt install gpg wget -y
|
||||||
yum install -y jq
|
|
||||||
|
|
||||||
# Make the user
|
# Make the user
|
||||||
useradd --system --shell /sbin/nologin vault
|
useradd --system --shell /sbin/nologin vault
|
||||||
|
@ -37,21 +36,80 @@ chmod 755 /opt/vault/bin
|
||||||
# Change ownership to vault user
|
# Change ownership to vault user
|
||||||
chown -R vault:vault /opt/vault
|
chown -R vault:vault /opt/vault
|
||||||
|
|
||||||
# Get the HashiCorp PGP
|
# === Install Vault via apt ===
|
||||||
curl https://keybase.io/hashicorp/pgp_keys.asc | gpg --import
|
# Get the keyring
|
||||||
|
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
|
||||||
|
|
||||||
# Download vault and signatures
|
# Verify the keyring
|
||||||
curl -Os https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip
|
gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
|
||||||
curl -Os https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_SHA256SUMS
|
|
||||||
curl -Os https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_SHA256SUMS.sig
|
|
||||||
|
|
||||||
# Verify Signatres
|
# Check the exit status of the last command
|
||||||
gpg --verify vault_${VAULT_VERSION}_SHA256SUMS.sig vault_${VAULT_VERSION}_SHA256SUMS
|
if [ $? -eq 0 ]; then
|
||||||
cat vault_${VAULT_VERSION}_SHA256SUMS | grep vault_${VAULT_VERSION}_linux_amd64.zip | sha256sum -c
|
# If the exit status is 0 (which means the previous command was successful), add the repo
|
||||||
|
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
|
||||||
|
|
||||||
# unzip and move to /opt/vault/bin
|
# Install the vault
|
||||||
unzip vault_${VAULT_VERSION}_linux_amd64.zip
|
sudo apt update && sudo apt install vault -y
|
||||||
mv vault /opt/vault/bin
|
else
|
||||||
|
# If the exit status is not 0 (which means the previous command failed), print an error message and exit
|
||||||
|
echo "Keyring verification failed. Exiting."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# === Install AWS CLI ===
|
||||||
|
# Either x86_64 or aarm64
|
||||||
|
Architecture=$(uname -m)
|
||||||
|
|
||||||
|
printf '%s\n' "Installing / Updating AWS-Cli" "-----------------" "$Architecture"
|
||||||
|
|
||||||
|
echo "downloading..."
|
||||||
|
curl "https://awscli.amazonaws.com/awscli-exe-linux-$Architecture.zip" -o "awscliv2.zip"
|
||||||
|
sleep 1
|
||||||
|
|
||||||
|
# create public gpg key
|
||||||
|
cat <<EOF > aws-cli-public.gpg
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
mQINBF2Cr7UBEADJZHcgusOJl7ENSyumXh85z0TRV0xJorM2B/JL0kHOyigQluUG
|
||||||
|
ZMLhENaG0bYatdrKP+3H91lvK050pXwnO/R7fB/FSTouki4ciIx5OuLlnJZIxSzx
|
||||||
|
PqGl0mkxImLNbGWoi6Lto0LYxqHN2iQtzlwTVmq9733zd3XfcXrZ3+LblHAgEt5G
|
||||||
|
TfNxEKJ8soPLyWmwDH6HWCnjZ/aIQRBTIQ05uVeEoYxSh6wOai7ss/KveoSNBbYz
|
||||||
|
gbdzoqI2Y8cgH2nbfgp3DSasaLZEdCSsIsK1u05CinE7k2qZ7KgKAUIcT/cR/grk
|
||||||
|
C6VwsnDU0OUCideXcQ8WeHutqvgZH1JgKDbznoIzeQHJD238GEu+eKhRHcz8/jeG
|
||||||
|
94zkcgJOz3KbZGYMiTh277Fvj9zzvZsbMBCedV1BTg3TqgvdX4bdkhf5cH+7NtWO
|
||||||
|
lrFj6UwAsGukBTAOxC0l/dnSmZhJ7Z1KmEWilro/gOrjtOxqRQutlIqG22TaqoPG
|
||||||
|
fYVN+en3Zwbt97kcgZDwqbuykNt64oZWc4XKCa3mprEGC3IbJTBFqglXmZ7l9ywG
|
||||||
|
EEUJYOlb2XrSuPWml39beWdKM8kzr1OjnlOm6+lpTRCBfo0wa9F8YZRhHPAkwKkX
|
||||||
|
XDeOGpWRj4ohOx0d2GWkyV5xyN14p2tQOCdOODmz80yUTgRpPVQUtOEhXQARAQAB
|
||||||
|
tCFBV1MgQ0xJIFRlYW0gPGF3cy1jbGlAYW1hem9uLmNvbT6JAlQEEwEIAD4CGwMF
|
||||||
|
CwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQT7Xbd/1cEYuAURraimMQrMRnJHXAUC
|
||||||
|
ZMKcEgUJCSEf3QAKCRCmMQrMRnJHXCilD/4vior9J5tB+icri5WbDudS3ak/ve4q
|
||||||
|
XS6ZLm5S8l+CBxy5aLQUlyFhuaaEHDC11fG78OduxatzeHENASYVo3mmKNwrCBza
|
||||||
|
NJaeaWKLGQT0MKwBSP5aa3dva8P/4oUP9GsQn0uWoXwNDWfrMbNI8gn+jC/3MigW
|
||||||
|
vD3fu6zCOWWLITNv2SJoQlwILmb/uGfha68o4iTBOvcftVRuao6DyqF+CrHX/0j0
|
||||||
|
klEDQFMY9M4tsYT7X8NWfI8Vmc89nzpvL9fwda44WwpKIw1FBZP8S0sgDx2xDsxv
|
||||||
|
L8kM2GtOiH0cHqFO+V7xtTKZyloliDbJKhu80Kc+YC/TmozD8oeGU2rEFXfLegwS
|
||||||
|
zT9N+jB38+dqaP9pRDsi45iGqyA8yavVBabpL0IQ9jU6eIV+kmcjIjcun/Uo8SjJ
|
||||||
|
0xQAsm41rxPaKV6vJUn10wVNuhSkKk8mzNOlSZwu7Hua6rdcCaGeB8uJ44AP3QzW
|
||||||
|
BNnrjtoN6AlN0D2wFmfE/YL/rHPxU1XwPntubYB/t3rXFL7ENQOOQH0KVXgRCley
|
||||||
|
sHMglg46c+nQLRzVTshjDjmtzvh9rcV9RKRoPetEggzCoD89veDA9jPR2Kw6RYkS
|
||||||
|
XzYm2fEv16/HRNYt7hJzneFqRIjHW5qAgSs/bcaRWpAU/QQzzJPVKCQNr4y0weyg
|
||||||
|
B8HCtGjfod0p1A==
|
||||||
|
=gdMc
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
EOF
|
||||||
|
|
||||||
|
gpg --import aws-cli-public.gpg
|
||||||
|
|
||||||
|
curl -o awscliv2.sig https://awscli.amazonaws.com/awscli-exe-linux-$Architecture.zip.sig
|
||||||
|
|
||||||
|
gpg --verify awscliv2.sig awscliv2.zip
|
||||||
|
|
||||||
|
# -u for overwrite / update
|
||||||
|
unzip -u awscliv2.zip
|
||||||
|
|
||||||
|
sudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update
|
||||||
|
|
||||||
|
aws --version
|
||||||
|
|
||||||
# give ownership to the vault user
|
# give ownership to the vault user
|
||||||
chown vault:vault /opt/vault/bin/vault
|
chown vault:vault /opt/vault/bin/vault
|
||||||
|
@ -63,9 +121,9 @@ ln -s /opt/vault/bin/vault /usr/local/bin/vault
|
||||||
setcap cap_ipc_lock=+ep /opt/vault/bin/vault
|
setcap cap_ipc_lock=+ep /opt/vault/bin/vault
|
||||||
|
|
||||||
# cleanup files
|
# cleanup files
|
||||||
rm vault_${VAULT_VERSION}_linux_amd64.zip
|
rm awscliv2.zip
|
||||||
rm vault_${VAULT_VERSION}_SHA256SUMS
|
rm aws-cli-public.gpg
|
||||||
rm vault_${VAULT_VERSION}_SHA256SUMS.sig
|
rm awscliv2.sig
|
||||||
|
|
||||||
--==BOUNDARY==
|
--==BOUNDARY==
|
||||||
Content-Type: text/x-shellscript; charset="us-ascii"
|
Content-Type: text/x-shellscript; charset="us-ascii"
|
||||||
|
|
Loading…
Reference in New Issue