cloud-config.yml

#cloud-config
ssh_authorized_keys:
  - %(LOCAL_SSH_KEY)s
bootcmd:
- set -ex
- echo "Booting"
power_state:
  mode: reboot
output:
  all: '| tee -a /var/log/cloud-init-output.log'
runcmd:
- sudo -u ubuntu mv /home/ubuntu/.ssh/authorized_keys /home/ubuntu/.ssh/authorized_keys2
- sudo -u ubuntu aws s3 cp --region=us-west-2 %(S3_AUTH_KEYS)s /home/ubuntu/.ssh/authorized_keys
- sudo -u ubuntu mkdir /home/ubuntu/.aws
- sudo -u ubuntu aws s3 cp --region=us-west-2 s3://regulome-conf-prod/.aws-regulome/credentials ~ubuntu/.aws
- sudo -u ubuntu rm -r /home/ubuntu/.aws
- mkdir /srv/encoded
- chown encoded:encoded /srv/encoded
- cd /srv/encoded
- sudo -u encoded git clone --no-checkout %(GIT_REPO)s .
- sudo -u encoded git checkout %(COMMIT)s
- mkdir /opt/cloudwatchmon
- chown build:build /opt/cloudwatchmon
- sudo -u build virtualenv --python=python2.7 /opt/cloudwatchmon
- sudo -u build /opt/cloudwatchmon/bin/pip install -r cloudwatchmon-requirements.txt
- sudo pip3 install -U zc.buildout==2.13.8 setuptools==43
- sudo -u encoded buildout bootstrap
- sudo -u encoded LANG=en_US.UTF-8 bin/buildout -c %(ROLE)s.cfg
- sudo -u encoded aws s3 cp --recursive s3://regulome-conf-prod/.aws .aws --region us-west-2
- sudo -u encoded sh -c 'cat /dev/urandom | head -c 256 | base64 > session-secret.b64'
- sudo -u encoded cp /srv/encoded/etc/encoded-apache.conf /srv/encoded/etc/encoded-apache.conf.original
- ln -s /srv/encoded/etc/encoded-apache.conf /etc/apache2/sites-available/encoded.conf
- ln -s /srv/encoded/etc/logging-apache.conf /etc/apache2/conf-available/logging.conf
- a2enmod headers
- a2enmod proxy_http
- a2enmod rewrite
- a2enmod ssl
- a2ensite encoded.conf
- a2dissite 000-default
- a2enconf logging
- a2disconf charset
- a2disconf security
- a2disconf localized-error-pages
- a2disconf other-vhosts-access-log
- a2disconf serve-cgi-bin
users:
- default
- name: build
  gecos: Build user
  inactive: true
  system: true
- name: encoded
  gecos: ENCODE Metadata Database daemon user
  inactive: true
  system: true
  homedir: /srv/encoded
write_files:
- path: /etc/apt/apt.conf.d/20auto-upgrades
  content: |
    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::Unattended-Upgrade "1";
- path: /etc/apt/apt.conf.d/50unattended-upgrades
  content: |
    Unattended-Upgrade::Allowed-Origins {
        "${distro_id} ${distro_codename}-security";
    };
    Unattended-Upgrade::Automatic-Reboot "false";
- path: /etc/cron.d/cloudwatchmon
  content: |
    */5 * * * * nobody /opt/cloudwatchmon/bin/mon-put-instance-stats.py --mem-util --swap-util --disk-space-util --disk-path=/ --from-cron