Cloud init for CHT 4

I just created a cloud-init for CHT4 that applies the CHT documentation in case someone is interested

Please update the rsa key because for security reason we deactivate password connection

it worked on ubuntu 22.04 (I just made it more generic)

#cloud-config
hostname: projecttest
timezone: UTC
# ------------------------
groups: docker
system_info:
  default_user:
    groups: [ docker ]
users:
  - name: cht
    groups: sudo, docker
	shell: /bin/bashy
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh-authorized-keys:
      - ssh-rsa <<YOUR KEY HERE >>
locale: en_US.UTF-8
manage_etc_hosts: true
packages:
  - git
  - apt-transport-https
  - ca-certificates
  - curl
  - gnupg
  - lsb-release
  - unattended-upgrades
  - lsb-release
  - python3

package_update: true
package_upgrade: true
ssh_pwauth: no
disable_root: true
package_reboot_if_required: true
write_files:
  - path: /home/cht/cht-local-setup/upgrade/.env
    permissions: "0644"
    content: |
      DOCKER_CONFIG_PATH=/home/cht/cht-local-setup/core-couch/
      COUCHDB_DATA=/home/cht/cht-local-setup/data/couch-data 
      CHT_COMPOSE_PATH=/home/cht/cht-local-setup/core-couch/
      COUCHDB_USER=medic
      COUCHDB_PASSWORD=password
    owner: cht:cht
runcmd:
  - mkdir -p /etc/apt/keyrings
  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
  - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
  - curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
  - apt-get update
  - apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin nodejs npm docker-compose
  - systemctl enable docker
  - systemctl start docker
  - mkdir -p /home/cht/cht-local-setup/couch-data/ && mkdir -p /home/cht/cht-local-setup/core-couch/ && mkdir -p /home/cht/cht-local-setup/upgrade/
  - curl -s -o /home/cht/cht-local-setup/core-couch/cht-core.yml https://staging.dev.medicmobile.org/_couch/builds_4/medic:medic:4.0.1/docker-compose/cht-core.yml
  - curl -s -o /home/cht/cht-local-setup/core-couch/cht-couchdb.yml https://staging.dev.medicmobile.org/_couch/builds_4/medic:medic:4.0.1/docker-compose/cht-couchdb.yml 
  - curl -s -o /home/cht/cht-local-setup/upgrade/docker-compose.yml https://raw.githubusercontent.com/medic/cht-upgrade-service/main/docker-compose.yml
  - chown -R cht:docker /home/cht/cht-local-setup
  - npm install -g cht-conf
  - python3 -m pip install git+https://github.com/medic/pyxform.git@medic-conf-1.17#egg=pyxform-medic


3 Likes

Awesome! :star_struck: This is getting us pretty close to a one-click deployment for the whole CHT stack! Thank you for sharing!

cc @mrjones since you will love this!

I could do only only because the doc was precise and up-to-date, thanks to the maintainers :slight_smile:

I still have the add the FQDN/let’s encrypt conf

2 Likes

based on the code IU think this should work, of course one must update the env file content

#cloud-config
hostname: projecttest
write_files:
  - path: /home/cht/cht-local-setup/upgrade/.env
    permissions: "0644"
    content: |
      COUCHDB_USER=medic
      COUCHDB_PASSWORD=password
      EMAIL= myemail@fqdn.og
      COMMON_NAME=fqdn.org
      CERTIFICATE_MODE=AUTO_GENERATE
      DOCKER_CONFIG_PATH=/home/cht/cht-local-setup/core-couch/
      COUCHDB_DATA=/home/cht/cht-local-setup/data/couch-data 
      CHT_COMPOSE_PATH=/home/cht/cht-local-setup/core-couch/
    owner: cht:cht
timezone: UTC
# ------------------------
groups: docker
system_info:
  default_user:
    groups: [ docker ]
users:
  - name: cht
    groups: sudo, docker
	shell: /bin/bashy
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh-authorized-keys:
      - ssh-rsa <<YOUR KEY HERE >>
locale: en_US.UTF-8
manage_etc_hosts: true
packages:
  - git
  - apt-transport-https
  - ca-certificates
  - curl
  - gnupg
  - lsb-release
  - unattended-upgrades
  - lsb-release
  - python3

package_update: true
package_upgrade: true
ssh_pwauth: no
disable_root: true
package_reboot_if_required: true
runcmd:
  - mkdir -p /etc/apt/keyrings
  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
  - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
  - curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
  - apt-get update
  - apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin nodejs npm docker-compose
  - systemctl enable docker
  - systemctl start docker
  - mkdir -p /home/cht/cht-local-setup/couch-data/ && mkdir -p /home/cht/cht-local-setup/core-couch/ && mkdir -p /home/cht/cht-local-setup/upgrade/
  - curl -s -o /home/cht/cht-local-setup/core-couch/cht-core.yml https://staging.dev.medicmobile.org/_couch/builds_4/medic:medic:4.0.1/docker-compose/cht-core.yml
  - curl -s -o /home/cht/cht-local-setup/core-couch/cht-couchdb.yml https://staging.dev.medicmobile.org/_couch/builds_4/medic:medic:4.0.1/docker-compose/cht-couchdb.yml 
  - curl -s -o /home/cht/cht-local-setup/upgrade/docker-compose.yml https://raw.githubusercontent.com/medic/cht-upgrade-service/main/docker-compose.yml
  - chown -R cht:docker /home/cht/cht-local-setup
  - npm install -g cht-conf
  - python3 -m pip install git+https://github.com/medic/pyxform.git@medic-conf-1.17#egg=pyxform-medic
´´´

Indeed, very cool - thanks so much for sharing @delcroip !

What hosting environment are you using this in? I ask so that others will better understand your use of cloud init.

Hi,

We are using a cloud provider call Exoscale and I deployed the server with Ubuntu 22.04

br

@delcroip - great info - thanks for getting back to us with that! I dug up some docs about how Exoscale does this, but the beauty of Cloud Init is that any provider that supports Cloud Init should work with the YAML you’ve provided. Thanks again!

I will change it soon, I forgot to pull the helper script.

Also I access the server (I am new to CHT) with cht-conf from my machine and it complain about eslint missing, so I guess it will be similar on the server so I will add it too. (was really odd to setup this when not developing) I might create another post for that but I had to add package.json for the cht-conf githup to remove an error when using cht-conf remotley