# Install on clean SmartOS (latest, 20170119T014200Z)imgadm sources -a https:/

1. # Install on clean SmartOS (latest, 20170119T014200Z)
2. imgadm sources -a https://datasets.project-fifo.net
3. imgadm import 504ff128-d990-4fed-8349-dc8a4ba611ad
4. echo '{
5. "autoboot": true,
6. "brand": "joyent",
7. "image_uuid": "504ff128-d990-4fed-8349-dc8a4ba611ad",
8. "delegate_dataset": true,
9. "alias": "fifo",
10. "resolvers": [
11.  "8.8.8.8",
12.  "8.8.4.4"
13. ],
14. "nics": [
15.  {
16.   "interface": "net0",
17.   "nic_tag": "admin",
18.   "ip": "dhcp"
19.  }
20. ]
21. }' | vmadm create
22. sleep 60
23. zlogin <fifo>
24. # Setup based on documentation, incl. fifo_ca.sh gist for setting up Docker SSL
25. zfs set mountpoint=/data zones/$(sysinfo | json UUID)/data
26. pkgin -fy up
27. # Update to latest 0.9 packages for this test
28. pkgin -y ug
29. pkgin -y in 'fifo-kennel'
30.  
31. # Fix pre-data Kennel
32. ln -s /data/kennel/db /var/db/kennel
33.  
34. # Create basic config
35. fifo-config
36.  
37. # Setup CA and certificates
38. export CERTDIR="/data/fifo"
39. export DAYS=$((365 * 5))
40. export SUBJECT=$(echo -n "
41. C=NL
42. ST=Somewhere
43. O=Company
44. localityName=City
45. commonName=fifo
46. organizationalUnitName=Team
47. " | tr "\n" "/")
48. export SAN="subjectAltName=IP:$(ifconfig net0 | grep inet | awk '{print $2}')"
49. rm -f "$CERTDIR"/*
50. # Create a CA
51. openssl req -x509 -newkey rsa:4096 -nodes -sha256 -days $DAYS -subj "$SUBJECT" -config <(cat "$(openssl version -d | cut -d '"' -f2)/openssl.cnf" && echo -e "[v3_ca]\n$SAN") -keyout "$CERTDIR/ca-privatekey.pem" -out "$CERTDIR/ca-cert.pem"
52. # CSR for server certificates
53. openssl req -newkey rsa:4096 -nodes -sha256 -subj "$SUBJECT" -reqexts SAN -config <(cat "$(openssl version -d | cut -d '"' -f2)/openssl.cnf" && echo -e "[SAN]\n$SAN") -keyout "$CERTDIR/privatekey.pem" -out "$CERTDIR/cert.csr"
54. # Create signed cert from CSR
55. openssl x509 -req -sha256 -days $DAYS -extfile <(echo "$SAN") -CA "$CERTDIR/ca-cert.pem" -CAkey "$CERTDIR/ca-privatekey.pem" -CAcreateserial -in "$CERTDIR/cert.csr" -out "$CERTDIR/cert.pem"
56. # Delete no longer needed CSR file
57. rm -f  "$CERTDIR/cert.csr"
58.  
59. # Refer all config files to the correct certificates
60. sed -i '' "s,^[\t ]*\(ssl\.certfile[\t ]*=[\t ]*\).*\$,\\1$CERTDIR\/cert.pem," /data/*/etc/*.conf
61. sed -i '' "s,^[\t ]*\(ssl\.keyfile[\t ]*=[\t ]*\).*\$,\\1$CERTDIR\/privatekey.pem," /data/*/etc/*.conf
62. sed -i '' "s,^[\t ]*\(ssl\.ca_cert[\t ]*=[\t ]*\).*\$,\\1$CERTDIR\/ca-cert.pem," /data/*/etc/*.conf
63. sed -i '' "s,^[\t ]*\(ssl\.cacertfile[\t ]*=[\t ]*\).*\$,\\1$CERTDIR\/ca-cert.pem," /data/*/etc/*.conf
64. sed -i '' "s,^[\t ]*\(ssl\.ca_key[\t ]*=[\t ]*\).*\$,\\1$CERTDIR\/ca-privatekey.pem," /data/*/etc/*.conf
65.  
66. # Now since Kennel and Howl run on the same zone, we change the Kennel HTTPS port
67. sed -i '' "s,^[\t #]*\(https_port[\t ]*=[\t ]\).*,\\18443," /data/kennel/etc/kennel.conf
68.  
69. # Enable all services
70. svcadm enable epmd
71. sleep 10
72. svcadm enable snarl
73. sleep 10
74. svcadm enable howl
75. sleep 10
76. svcadm enable sniffle
77. sleep 10
78. svcadm enable kennel
79.  
80. # Give services time to finish starting before initializing
81. sleep 60
82. snarl-admin init default Company Team root qwerty
83. sleep 10
84. sniffle-admin config set storage.s3.host no_s3