2022-02-16 09:59:53 +01:00
#!/bin/bash
2022-05-09 15:13:38 +02:00
source lib/functions.sh
2022-10-28 10:17:14 +02:00
detectCompose
2022-05-09 15:13:38 +02:00
if ! id "bridgehead" & >/dev/null; then
2022-05-17 18:04:15 +02:00
log ERROR " User bridgehead does not exist. Please run bridgehead install $PROJECT "
2022-05-09 15:13:38 +02:00
exit 1
fi
2022-05-16 09:46:03 +02:00
2022-05-17 18:04:15 +02:00
checkOwner /srv/docker/bridgehead bridgehead || exit 1
2022-05-31 13:55:40 +02:00
checkOwner /etc/bridgehead bridgehead || exit 1
2021-12-21 13:48:28 +01:00
## Check if user is a su
2022-05-09 15:13:38 +02:00
log INFO "Checking if all prerequisites are met ..."
2023-09-21 18:23:22 +02:00
prerequisites = "git docker curl"
2022-02-16 09:59:53 +01:00
for prerequisite in $prerequisites ; do
$prerequisite --version 2>& 1
is_available = $?
if [ $is_available -gt 0 ] ; then
2022-10-06 10:45:50 +02:00
fail_and_report 79 " Prerequisite not fulfilled - $prerequisite is not available! "
2022-02-16 09:59:53 +01:00
fi
# TODO: Check for specific version
done
2022-09-30 15:25:09 +02:00
log INFO "Checking if sudo is installed ..."
if [ ! -d /etc/sudoers.d ] ; then
2022-10-06 10:45:50 +02:00
fail_and_report 1 "/etc/sudoers.d does not exist. Please install sudo package."
2022-09-30 15:25:09 +02:00
fi
2022-05-09 15:13:38 +02:00
log INFO "Checking configuration ..."
2022-05-03 09:16:19 +02:00
## Download submodule
2022-05-04 13:50:33 +02:00
if [ ! -d "/etc/bridgehead/" ] ; then
2022-10-06 10:45:50 +02:00
fail_and_report 1 "Please set up the config folder at /etc/bridgehead. Instruction are in the readme."
2022-05-03 09:16:19 +02:00
fi
2022-05-09 15:13:38 +02:00
# TODO: Check all required variables here in a generic loop
2021-12-21 13:48:28 +01:00
#check if project env is present
2022-05-17 09:37:20 +02:00
if [ -d " /etc/bridgehead/ ${ PROJECT } .conf " ] ; then
2022-10-06 10:45:50 +02:00
fail_and_report 1 " Project config not found. Please copy the template from ${ PROJECT } and put it under /etc/bridgehead-config/ ${ PROJECT } .conf. "
2021-12-21 13:48:28 +01:00
fi
2022-05-09 15:13:38 +02:00
# TODO: Make sure you're in the right directory, or, even better, be independent from the working directory.
2022-05-05 14:17:57 +02:00
2022-10-17 14:38:34 +02:00
log INFO "Checking ssl cert for accessing bridgehead via https"
2022-05-09 15:13:38 +02:00
2022-10-17 15:09:18 +02:00
if [ ! -d "/etc/bridgehead/traefik-tls" ] ; then
log WARN "TLS certs for accessing bridgehead via https missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...) and put into /etc/bridgehead/traefik-tls"
mkdir -p /etc/bridgehead/traefik-tls
2022-05-05 14:17:57 +02:00
fi
2022-10-17 15:30:43 +02:00
if [ ! -e "/etc/bridgehead/traefik-tls/fullchain.pem" ] ; then
openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/bridgehead/traefik-tls/privkey.pem -out /etc/bridgehead/traefik-tls/fullchain.pem -days 3650 -subj " /CN= $HOST "
2022-05-05 14:17:57 +02:00
fi
2022-05-13 14:11:14 +02:00
if [ -e /etc/bridgehead/vault.conf ] ; then
2022-10-17 15:09:18 +02:00
if [ " $( stat -c "%a %U" /etc/bridgehead/vault.conf) " != "600 bridgehead" ] ; then
2022-10-06 10:45:50 +02:00
fail_and_report 1 "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf."
2022-10-17 15:09:18 +02:00
fi
2022-05-13 14:11:14 +02:00
fi
2023-08-07 13:00:37 +02:00
log INFO " Checking network access ( $BROKER_URL_FOR_PREREQ ) ... "
2022-09-30 17:02:05 +02:00
source /etc/bridgehead/${ PROJECT } .conf
source ${ PROJECT } /vars
set +e
2023-10-10 10:43:22 +02:00
SERVERTIME = " $( https_proxy = $HTTPS_PROXY_FULL_URL curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>& 1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i' ) "
2022-09-30 17:42:53 +02:00
RET = $?
2022-09-30 17:02:05 +02:00
set -e
2022-09-30 17:42:53 +02:00
if [ $RET -ne 0 ] ; then
2023-08-07 13:00:37 +02:00
log WARN " Unable to connect to Samply.Beam broker at $BROKER_URL_FOR_PREREQ . Please check your proxy settings.\nThe currently configured proxy was \" $HTTPS_PROXY_URL \". This error is normal when using proxy authentication. "
2022-09-30 17:42:53 +02:00
log WARN "Unable to check clock skew due to previous error."
else
log INFO "Checking clock skew ..."
SERVERTIME_AS_TIMESTAMP = $( date --date= " $SERVERTIME " +%s)
MYTIME = $( date +%s)
SKEW = $(( $SERVERTIME_AS_TIMESTAMP - $MYTIME ))
SKEW = $( echo $SKEW | awk -F- '{print $NF}' )
SYNCTEXT = "For example, consider entering a correct NTP server (e.g. your institution's Active Directory Domain Controller in /etc/systemd/timesyncd.conf (option NTP=) and restart systemd-timesyncd."
if [ $SKEW -ge 300 ] ; then
2023-07-28 13:32:48 +02:00
report_error 5 " Your clock is not synchronized ( ${ SKEW } s off). This will cause Samply.Beam's certificate will fail. Please setup time synchronization. $SYNCTEXT "
2024-07-10 14:02:04 +02:00
log WARN "Server Time Error"
2022-09-30 17:42:53 +02:00
elif [ $SKEW -ge 60 ] ; then
log WARN " Your clock is more than a minute off ( ${ SKEW } s). Consider syncing to a time server. $SYNCTEXT "
fi
2022-09-28 17:37:11 +02:00
fi
2022-05-17 18:04:15 +02:00
checkPrivKey( ) {
if [ -e /etc/bridgehead/pki/${ SITE_ID } .priv.pem ] ; then
log INFO "Success - private key found."
else
log ERROR " Unable to find private key at /etc/bridgehead/pki/ ${ SITE_ID } .priv.pem. To fix, please run\n bridgehead enroll ${ PROJECT } \nand follow the instructions. "
return 1
fi
return 0
}
2022-10-17 14:38:34 +02:00
2022-05-17 18:04:15 +02:00
if [ [ " $@ " = ~ "noprivkey" ] ] ; then
log INFO "Skipping check for private key for now."
2022-10-17 14:38:34 +02:00
else
2022-05-17 18:04:15 +02:00
checkPrivKey || exit 1
2022-10-17 14:38:34 +02:00
fi
2022-05-09 15:13:38 +02:00
log INFO "Success - all prerequisites are met!"
2023-07-28 13:32:48 +02:00
hc_send log "Success - all prerequisites are met!"
2022-05-09 15:13:38 +02:00
exit 0