From 9f5c86e60c14a6615f05f95cb7d9c0e504decaef Mon Sep 17 00:00:00 2001
From: Michael Vines <mvines@gmail.com>
Date: Sat, 8 Sep 2018 10:38:32 -0700
Subject: [PATCH] Install earlyoom at gce instance startup

---
 net/gce.sh                                  | 60 +++++++++++++++++----
 net/remote/remote-client.sh                 |  2 -
 net/remote/remote-node.sh                   |  2 -
 net/remote/remote-startup.sh                | 46 ----------------
 net/scripts/disable-background-upgrades.sh  | 21 ++++++++
 net/scripts/install-earlyoom.sh             | 38 +++++++------
 net/scripts/install-libssl-compatability.sh | 18 +++++++
 net/scripts/install-rsync.sh                | 19 +++++++
 8 files changed, 127 insertions(+), 79 deletions(-)
 delete mode 100644 net/remote/remote-startup.sh
 create mode 100755 net/scripts/disable-background-upgrades.sh
 create mode 100755 net/scripts/install-libssl-compatability.sh
 create mode 100755 net/scripts/install-rsync.sh

diff --git a/net/gce.sh b/net/gce.sh
index db6520e40..9fa161d9f 100755
--- a/net/gce.sh
+++ b/net/gce.sh
@@ -206,23 +206,65 @@ create)
 
   $metricsWriteDatapoint "testnet-deploy net-create-begin=1"
 
-  echo "Network composition:"
-  echo "Leader = $leaderMachineType (GPU=${leaderAccelerator:-none})"
-  echo "Validators = $validatorNodeCount x $validatorMachineType (GPU=${validatorAccelerator:-none})"
-  echo "Client(s) = $clientNodeCount x $clientMachineType (GPU=${clientAccelerator:-none})"
-  echo ==================================================================
-  echo
+  printNetworkInfo() {
+    cat <<EOF
+========================================================================================
+
+Network composition:
+  Leader = $leaderMachineType (GPU=${leaderAccelerator:-none})
+  Validators = $validatorNodeCount x $validatorMachineType (GPU=${validatorAccelerator:-none})
+  Client(s) = $clientNodeCount x $clientMachineType (GPU=${clientAccelerator:-none})
+
+========================================================================================
+
+EOF
+  }
+  printNetworkInfo
+
+  declare startupScript="$netConfigDir"/gce-startup-script.sh
+  cat > "$startupScript" <<EOF
+#!/bin/bash -ex
+# autogenerated at $(date)
+
+cat > /etc/motd <<EOM
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+  This instance has not been fully configured.
+  See "startup-script" log messages in /var/log/syslog for status:
+    $ sudo cat /var/log/syslog | grep startup-script
+
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+EOM
+
+USER=\$(id -un)
+
+$(
+  cd "$here"/scripts/
+  cat \
+    disable-background-upgrades.sh \
+    install-earlyoom.sh \
+    install-rsync.sh \
+    install-libssl-compatability.sh \
+)
+
+cat > /etc/motd <<EOM
+$(printNetworkInfo)
+EOM
+
+EOF
+
   gcloud_CreateInstances "$prefix-leader" 1 "$zone" \
     "$imageName" "$leaderMachineType" "$leaderBootDiskSize" "$leaderAccelerator" \
-    "$here/remote/remote-startup.sh" "$leaderAddress" \
+    "$startupScript" "$leaderAddress"
 
   gcloud_CreateInstances "$prefix-validator" "$validatorNodeCount" "$zone" \
     "$imageName" "$validatorMachineType" "$validatorBootDiskSize" "$validatorAccelerator" \
-    "$here/remote/remote-startup.sh" ""
+    "$startupScript" ""
+
   if [[ $clientNodeCount -gt 0 ]]; then
     gcloud_CreateInstances "$prefix-client" "$clientNodeCount" "$zone" \
       "$imageName" "$clientMachineType" "$clientBootDiskSize" "$clientAccelerator" \
-      "$here/remote/remote-startup.sh" ""
+      "$startupScript" ""
   fi
 
   $metricsWriteDatapoint "testnet-deploy net-create-complete=1"
diff --git a/net/remote/remote-client.sh b/net/remote/remote-client.sh
index f1f1ae9e5..5e703194f 100755
--- a/net/remote/remote-client.sh
+++ b/net/remote/remote-client.sh
@@ -25,8 +25,6 @@ if [[ $threadCount -gt 4 ]]; then
   threadCount=4
 fi
 
-net/scripts/install-earlyoom.sh
-
 case $deployMethod in
 snap)
   rsync -vPrc "$entrypointIp:~/solana/solana.snap" .
diff --git a/net/remote/remote-node.sh b/net/remote/remote-node.sh
index 7a0a4d9f3..1d08b3348 100755
--- a/net/remote/remote-node.sh
+++ b/net/remote/remote-node.sh
@@ -29,8 +29,6 @@ EOF
 source net/common.sh
 loadConfigFile
 
-time net/scripts/install-earlyoom.sh
-
 if [[ $publicNetwork = true ]]; then
   setupArgs="-p"
 else
diff --git a/net/remote/remote-startup.sh b/net/remote/remote-startup.sh
deleted file mode 100644
index 3e494e78d..000000000
--- a/net/remote/remote-startup.sh
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/bin/bash -x
-#
-# Runs at boot on each instance as root
-#
-# TODO: Make the following a requirement of the Instance image
-#       instead of a manual install?
-
-# Prevent background upgrades that block |apt-get|
-#
-# TODO: This approach is pretty uncompromising.  An alternative solution that
-#       doesn't involve deleting system files would be welcome.
-rm -rf /usr/lib/apt/apt.systemd.daily
-rm -rf /usr/bin/unattended-upgrade
-killall apt.systemd.daily
-killall unattended-upgrade
-
-while fuser /var/lib/dpkg/lock; do
-  echo Waiting for lock release...
-  sleep 1
-done
-
-
-# rsync setup for Snap builds
-apt-get --assume-yes install rsync
-cat > /etc/rsyncd.conf <<-EOF
-[config]
-path = /var/snap/solana/current/config
-hosts allow = *
-read only = true
-EOF
-
-systemctl enable rsync
-systemctl start rsync
-
-# Install libssl-dev to be compatible with binaries built on an Ubuntu machine...
-apt-get --assume-yes install libssl-dev
-
-# Install libssl1.1 to be compatible with binaries built in the
-# solanalabs/rust docker image
-#
-# cc: https://github.com/solana-labs/solana/issues/1090
-# cc: https://packages.ubuntu.com/bionic/amd64/libssl1.1/download
-wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4.1_amd64.deb
-dpkg -i libssl1.1_1.1.0g-2ubuntu4.1_amd64.deb
-rm libssl1.1_1.1.0g-2ubuntu4.1_amd64.deb
-
diff --git a/net/scripts/disable-background-upgrades.sh b/net/scripts/disable-background-upgrades.sh
new file mode 100755
index 000000000..f10086062
--- /dev/null
+++ b/net/scripts/disable-background-upgrades.sh
@@ -0,0 +1,21 @@
+#!/bin/bash -ex
+
+# Prevent background upgrades that block |apt-get|
+#
+# TODO: This approach is pretty uncompromising.  An alternative solution that
+#       doesn't involve deleting system files would be welcome.
+
+[[ $(uname) = Linux ]] || exit 1
+[[ $USER = root ]] || exit 1
+
+rm -rf /usr/lib/apt/apt.systemd.daily
+rm -rf /usr/bin/unattended-upgrade
+killall apt.systemd.daily || true
+killall unattended-upgrade || true
+
+while fuser /var/lib/dpkg/lock; do
+  echo Waiting for lock release...
+  sleep 1
+done
+
+
diff --git a/net/scripts/install-earlyoom.sh b/net/scripts/install-earlyoom.sh
index 01c27c754..1bb2f04d2 100755
--- a/net/scripts/install-earlyoom.sh
+++ b/net/scripts/install-earlyoom.sh
@@ -1,32 +1,30 @@
-#!/bin/bash -x
+#!/bin/bash -ex
 #
 # Install EarlyOOM
 #
 
 [[ $(uname) = Linux ]] || exit 1
+[[ $USER = root ]] || exit 1
 
 # 64 - enable signalling of processes (term, kill, oom-kill)
 # TODO: This setting will not persist across reboots
-sysrq=$(( $(cat /proc/sys/kernel/sysrq) | 64 ))
-sudo sysctl -w kernel.sysrq=$sysrq
+sysctl -w kernel.sysrq=$(( $(cat /proc/sys/kernel/sysrq) | 64 ))
 
 if command -v earlyoom; then
-  sudo systemctl status earlyoom
-  exit 0
+  systemctl status earlyoom
+else
+  wget http://ftp.us.debian.org/debian/pool/main/e/earlyoom/earlyoom_1.1-2_amd64.deb
+  apt install --quiet --yes ./earlyoom_1.1-2_amd64.deb
+
+  cat > earlyoom <<OOM
+  # use the kernel OOM killer, trigger at 20% available RAM,
+  EARLYOOM_ARGS="-k -m 20"
+OOM
+  cp earlyoom /etc/default/
+  rm earlyoom
+
+  systemctl stop earlyoom
+  systemctl enable earlyoom
+  systemctl start earlyoom
 fi
 
-wget http://ftp.us.debian.org/debian/pool/main/e/earlyoom/earlyoom_1.1-2_amd64.deb
-sudo apt install --quiet --yes ./earlyoom_1.1-2_amd64.deb
-
-cat > earlyoom <<OOM
-# use the kernel OOM killer, trigger at 20% available RAM,
-EARLYOOM_ARGS="-k -m 20"
-OOM
-sudo cp earlyoom /etc/default/
-rm earlyoom
-
-sudo systemctl stop earlyoom
-sudo systemctl enable earlyoom
-sudo systemctl start earlyoom
-
-exit 0
diff --git a/net/scripts/install-libssl-compatability.sh b/net/scripts/install-libssl-compatability.sh
new file mode 100755
index 000000000..ab848dacf
--- /dev/null
+++ b/net/scripts/install-libssl-compatability.sh
@@ -0,0 +1,18 @@
+#!/bin/bash -ex
+
+[[ $(uname) = Linux ]] || exit 1
+[[ $USER = root ]] || exit 1
+
+# Install libssl-dev to be compatible with binaries built on an Ubuntu machine...
+apt-get update
+apt-get --assume-yes install libssl-dev
+
+# Install libssl1.1 to be compatible with binaries built in the
+# solanalabs/rust docker image
+#
+# cc: https://github.com/solana-labs/solana/issues/1090
+# cc: https://packages.ubuntu.com/bionic/amd64/libssl1.1/download
+wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.0g-2ubuntu4.1_amd64.deb
+dpkg -i libssl1.1_1.1.0g-2ubuntu4.1_amd64.deb
+rm libssl1.1_1.1.0g-2ubuntu4.1_amd64.deb
+
diff --git a/net/scripts/install-rsync.sh b/net/scripts/install-rsync.sh
new file mode 100755
index 000000000..c97f71dbb
--- /dev/null
+++ b/net/scripts/install-rsync.sh
@@ -0,0 +1,19 @@
+#!/bin/bash -ex
+#
+# Rsync setup for Snap builds
+#
+
+[[ $(uname) = Linux ]] || exit 1
+[[ $USER = root ]] || exit 1
+
+apt-get --assume-yes install rsync
+cat > /etc/rsyncd.conf <<-EOF
+[config]
+path = /var/snap/solana/current/config
+hosts allow = *
+read only = true
+EOF
+
+systemctl enable rsync
+systemctl start rsync
+