Merge branch 'main' into checkClockSync

lib/prerequisites.sh

@@ -2,67 +2,64 @@
 
 source lib/functions.sh
 
+detectCompose
+
 if ! id "bridgehead" &>/dev/null; then
-  log ERROR "User bridgehead does not exist. Please consult readme for installation."
+  log ERROR "User bridgehead does not exist. Please run bridgehead install $PROJECT"
   exit 1
 fi
 
-checkOwner . bridgehead || exit 1
+checkOwner /srv/docker/bridgehead bridgehead || exit 1
 checkOwner /etc/bridgehead bridgehead || exit 1
 
 ## Check if user is a su
 log INFO "Checking if all prerequisites are met ..."
-prerequisites="git docker docker-compose"
+prerequisites="git docker"
 for prerequisite in $prerequisites; do
   $prerequisite --version 2>&1
   is_available=$?
   if [ $is_available -gt 0 ]; then
-    log "ERROR" "Prerequisite not fulfilled - $prerequisite is not available!"
-    exit 79
+    fail_and_report 79 "Prerequisite not fulfilled - $prerequisite is not available!"
   fi
   # TODO: Check for specific version
 done
 
 log INFO "Checking if sudo is installed ..."
 if [ ! -d /etc/sudoers.d ]; then
-  log ERROR "/etc/sudoers.d does not exist. Please install sudo package."
-  exit 1
+  fail_and_report 1 "/etc/sudoers.d does not exist. Please install sudo package."
 fi
 
 log INFO "Checking configuration ..."
 
 ## Download submodule
 if [ ! -d "/etc/bridgehead/" ]; then
-  log ERROR "Please set up the config folder at /etc/bridgehead. Instruction are in the readme."
-  exit 1
+  fail_and_report 1 "Please set up the config folder at /etc/bridgehead. Instruction are in the readme."
 fi
 
 # TODO: Check all required variables here in a generic loop
 
 #check if project env is present
 if [ -d "/etc/bridgehead/${PROJECT}.conf" ]; then
-   log ERROR "Project config not found. Please copy the template from ${PROJECT} and put it under /etc/bridgehead-config/${PROJECT}.conf."
-   exit 1
+   fail_and_report 1 "Project config not found. Please copy the template from ${PROJECT} and put it under /etc/bridgehead-config/${PROJECT}.conf."
 fi
 
 # TODO: Make sure you're in the right directory, or, even better, be independent from the working directory.
 
-log INFO "Checking ssl cert"
+log INFO "Checking ssl cert for accessing bridgehead via https"
 
-if [ ! -d "certs" ]; then
-  log WARN "TLS cert missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...)"
-  mkdir -p certs
+if [ ! -d "/etc/bridgehead/traefik-tls" ]; then
+  log WARN "TLS certs for accessing bridgehead via https missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...) and put into /etc/bridgehead/traefik-tls"
+  mkdir -p /etc/bridgehead/traefik-tls
 fi
 
-if [ ! -e "certs/traefik.crt" ]; then
-  openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 3650 -subj "/CN=$HOST"
+if [ ! -e "/etc/bridgehead/traefik-tls/fullchain.pem" ]; then
+  openssl req -x509 -newkey rsa:4096 -nodes -keyout /etc/bridgehead/traefik-tls/privkey.pem -out /etc/bridgehead/traefik-tls/fullchain.pem -days 3650 -subj "/CN=$HOST"
 fi
 
 if [ -e /etc/bridgehead/vault.conf ]; then
-	if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then
-		log ERROR "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf."
-		exit 1
-	fi
+  if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then
+    fail_and_report 1 "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf."
+  fi
 fi
 
 log INFO "Checking network access ($BROKER_URL) ..."
@@ -94,6 +91,24 @@ else
 	fi
 fi
 
+checkPrivKey() {
+  if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
+    log INFO "Success - private key found."
+  else
+    log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run\n  bridgehead enroll ${PROJECT}\nand follow the instructions."
+    return 1
+  fi
+  log INFO "Success - all prerequisites are met!"
+  hc_send log "Success - all prerequisites are met!"
+  return 0
+}
+
+if [[ "$@" =~ "noprivkey" ]]; then
+  log INFO "Skipping check for private key for now."
+else
+  checkPrivKey || exit 1
+fi
+
 log INFO "Success - all prerequisites are met!"
 
 exit 0