Merge pull request #39 from samply/feature/fullyGuidedInstallation

Facilitate installation by scripting some installation steps
This commit is contained in:
Martin Lablans 2022-11-21 18:27:36 +01:00 committed by GitHub
commit 22d17f264f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 138 additions and 57 deletions

View File

@ -29,9 +29,6 @@ case "$PROJECT" in
ccp) ccp)
#nothing extra to do #nothing extra to do
;; ;;
nngm)
#nothing extra to do
;;
bbmri) bbmri)
#nothing extra to do #nothing extra to do
;; ;;
@ -41,28 +38,30 @@ case "$PROJECT" in
;; ;;
esac esac
# Load variables from /etc/bridgehead and /srv/docker/bridgehead loadVars() {
set -a # Load variables from /etc/bridgehead and /srv/docker/bridgehead
source /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "/etc/bridgehead/$PROJECT.conf not found" set -a
if [ -e /etc/bridgehead/$PROJECT.local.conf ]; then source /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "/etc/bridgehead/$PROJECT.conf not found"
log INFO "Applying /etc/bridgehead/$PROJECT.local.conf" if [ -e /etc/bridgehead/$PROJECT.local.conf ]; then
source /etc/bridgehead/$PROJECT.local.conf || fail_and_report 1 "Found /etc/bridgehead/$PROJECT.local.conf but failed to import" log INFO "Applying /etc/bridgehead/$PROJECT.local.conf"
fi source /etc/bridgehead/$PROJECT.local.conf || fail_and_report 1 "Found /etc/bridgehead/$PROJECT.local.conf but failed to import"
fetchVarsFromVaultByFile /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "Unable to fetchVarsFromVaultByFile" fi
[ -e ./$PROJECT/vars ] && source ./$PROJECT/vars fetchVarsFromVaultByFile /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "Unable to fetchVarsFromVaultByFile"
set +a [ -e ./$PROJECT/vars ] && source ./$PROJECT/vars
set +a
OVERRIDE=${OVERRIDE:=""} OVERRIDE=${OVERRIDE:=""}
if [ -f "$PROJECT/docker-compose.override.yml" ]; then if [ -f "$PROJECT/docker-compose.override.yml" ]; then
log INFO "Applying $PROJECT/docker-compose.override.yml" log INFO "Applying $PROJECT/docker-compose.override.yml"
OVERRIDE+=" -f ./$PROJECT/docker-compose.override.yml" OVERRIDE+=" -f ./$PROJECT/docker-compose.override.yml"
fi fi
detectCompose
detectCompose setHostname
setHostname }
case "$ACTION" in case "$ACTION" in
start) start)
loadVars
hc_send log "Bridgehead $PROJECT startup: Checking requirements ..." hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
checkRequirements checkRequirements
hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..." hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
@ -70,20 +69,25 @@ case "$ACTION" in
exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
;; ;;
stop) stop)
loadVars
exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE down exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE down
;; ;;
update) update)
loadVars
exec ./lib/update-bridgehead.sh $PROJECT exec ./lib/update-bridgehead.sh $PROJECT
;; ;;
install) install)
exec ./lib/setup-bridgehead-units.sh $PROJECT source ./lib/prepare-system.sh
loadVars
exec ./lib/install-bridgehead.sh $PROJECT
;; ;;
uninstall) uninstall)
exec ./lib/remove-bridgehead-units.sh $PROJECT exec ./lib/uninstall-bridgehead.sh $PROJECT
;; ;;
enroll) enroll)
loadVars
if [ -e $PRIVATEKEYFILENAME ]; then if [ -e $PRIVATEKEYFILENAME ]; then
echo "Private key already exists at $PRIVATEKEYFILENAME. Please delete first to proceed." log ERROR "Private key already exists at $PRIVATEKEYFILENAME. Please delete first to proceed."
exit 1 exit 1
fi fi
docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL

View File

@ -1,7 +1,5 @@
#!/bin/bash -e #!/bin/bash -e
source lib/log.sh
detectCompose() { detectCompose() {
if [[ "$(docker compose version 2>/dev/null)" == *"Docker Compose version"* ]]; then if [[ "$(docker compose version 2>/dev/null)" == *"Docker Compose version"* ]]; then
COMPOSE="docker compose" COMPOSE="docker compose"
@ -37,11 +35,11 @@ checkOwner(){
printUsage() { printUsage() {
echo "Usage: bridgehead start|stop|update|install|uninstall|enroll PROJECTNAME" echo "Usage: bridgehead start|stop|update|install|uninstall|enroll PROJECTNAME"
echo "PROJECTNAME should be one of ccp|nngm|bbmri" echo "PROJECTNAME should be one of ccp|bbmri"
} }
checkRequirements() { checkRequirements() {
if ! lib/prerequisites.sh; then if ! lib/prerequisites.sh $@; then
log "ERROR" "Validating Prerequisites failed, please fix the error(s) above this line." log "ERROR" "Validating Prerequisites failed, please fix the error(s) above this line."
fail_and_report 1 "Validating prerequisites failed." fail_and_report 1 "Validating prerequisites failed."
else else
@ -120,8 +118,10 @@ fixPermissions() {
source lib/monitoring.sh source lib/monitoring.sh
report_error() { report_error() {
log ERROR "$2" CODE=$1
hc_send $1 "$2" shift
log ERROR "$@"
hc_send $CODE "$@"
} }
fail_and_report() { fail_and_report() {

View File

@ -9,14 +9,9 @@ if [ $# -eq 0 ]; then
exit 1 exit 1
fi fi
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "bbmri" ]; then
log "ERROR" "Please provide a supported project like ccp, bbmri or nngm"
exit 1
fi
export PROJECT=$1 export PROJECT=$1
checkRequirements checkRequirements noprivkey
log "INFO" "Allowing the bridgehead user to start/stop the bridgehead." log "INFO" "Allowing the bridgehead user to start/stop the bridgehead."
@ -33,7 +28,7 @@ Cmnd_Alias BRIDGEHEAD${PROJECT^^} = \\
bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^} bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^}
EOF EOF
# TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour) # TODO: Determine whether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour)
if [ -z "$LDM_PASSWORD" ]; then if [ -z "$LDM_PASSWORD" ]; then
log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!" log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!"
generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)" generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
@ -42,7 +37,7 @@ if [ -z "$LDM_PASSWORD" ]; then
echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf; echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf;
fi fi
log "INFO" "Register system units for bridgehead and bridgehead-update" log "INFO" "Registering system units for bridgehead and bridgehead-update"
cp -v \ cp -v \
lib/systemd/bridgehead\@.service \ lib/systemd/bridgehead\@.service \
lib/systemd/bridgehead-update\@.service \ lib/systemd/bridgehead-update\@.service \
@ -61,4 +56,11 @@ systemctl enable bridgehead@"${PROJECT}".service
log "INFO" "Enabling auto-updates for bridgehead@${PROJECT}.service ..." log "INFO" "Enabling auto-updates for bridgehead@${PROJECT}.service ..."
systemctl enable --now bridgehead-update@"${PROJECT}".timer systemctl enable --now bridgehead-update@"${PROJECT}".timer
log "INFO" "\nSuccess - now start your bridgehead by running\n systemctl start bridgehead@${PROJECT}.service\n or by rebooting your machine." STR="\n\n systemctl start bridgehead@${PROJECT}.service\n\nor by rebooting your machine."
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
STR="Success. Next, start your bridgehead by running$STR"
else
STR="Success. Next, enroll into the $PROJECT broker by creating a cryptographic certificate. To do so, run\n\n /srv/docker/bridgehead/bridgehead enroll $PROJECT\n\nThen, you may start the bridgehead by running$STR"
fi
log "INFO" "$STR"

4
lib/log.sh Executable file → Normal file
View File

@ -1,5 +1,7 @@
#!/bin/bash #!/bin/bash
log() { log() {
echo -e "$(date +'%Y-%m-%d %T')" "$1:" "$2" SEVERITY="$1"
shift
echo -e "$(date +'%Y-%m-%d %T')" "$SEVERITY:" "$@"
} }

View File

@ -35,8 +35,13 @@ function hc_send(){
fi fi
if [ -z "$USER_AGENT" ]; then if [ -z "$USER_AGENT" ]; then
COMMIT_ETC=$(git -C /etc/bridgehead rev-parse HEAD | cut -c -8) if [ "$USER" != "root" ]; then
COMMIT_SRV=$(git -C /srv/docker/bridgehead rev-parse HEAD | cut -c -8) COMMIT_ETC=$(git -C /etc/bridgehead rev-parse HEAD | cut -c -8)
COMMIT_SRV=$(git -C /srv/docker/bridgehead rev-parse HEAD | cut -c -8)
else
COMMIT_ETC=$(su -c 'git -C /etc/bridgehead rev-parse HEAD' bridgehead | cut -c -8)
COMMIT_SRV=$(su -c 'git -C /srv/docker/bridgehead rev-parse HEAD' bridgehead | cut -c -8)
fi
USER_AGENT="srv:$COMMIT_SRV etc:$COMMIT_ETC" USER_AGENT="srv:$COMMIT_SRV etc:$COMMIT_ETC"
fi fi

67
lib/prepare-system.sh Executable file
View File

@ -0,0 +1,67 @@
#!/bin/bash -e
source lib/log.sh
source lib/functions.sh
log "INFO" "Preparing your system for bridgehead installation ..."
# Create the bridgehead user
if id bridgehead &>/dev/null; then
log "INFO" "Existing user with id $(id -u bridgehead) will be used by the bridgehead system units."
else
log "INFO" "Now creating a system user to own the bridgehead's files."
useradd -M -g docker -N bridgehead || fail_and_report ""
fi
# Clone the OpenSource repository of bridgehead
bridgehead_repository_url="https://github.com/samply/bridgehead.git"
if [ -d "/srv/docker/bridgehead" ]; then
current_owner=$(stat -c '%U' /srv/docker/bridgehead)
if [ "$(su -c 'git -C /srv/docker/bridgehead remote get-url origin' $current_owner)" == "$bridgehead_repository_url" ]; then
log "INFO" "Bridgehead's open-source repository has been found at /srv/docker/bridgehead"
else
log "ERROR" "The directory /srv/docker/bridgehead seems to exist, but doesn't contain a clone of $bridgehead_repository_url\nPlease delete the directory and try again."
exit 1
fi
else
log "INFO" "Cloning $bridgehead_repository_url to /srv/docker/bridgehead"
mkdir -p /srv/docker/
git clone bridgehead_repository_url /srv/docker/bridgehead -b feature/samplyBeam
fi
case "$PROJECT" in
ccp)
site_configuration_repository_middle="git.verbis.dkfz.de/bridgehead-configurations/bridgehead-config-"
;;
bbmri)
site_configuration_repository_middle="git.verbis.dkfz.de/bbmri-bridgehead-configs/"
;;
*)
log ERROR "Internal error, this should not happen."
exit 1
;;
esac
# Clone the site-configuration
if [ -d /etc/bridgehead ]; then
current_owner=$(stat -c '%U' /etc/bridgehead)
if [ "$(su -c 'git -C /etc/bridgehead remote get-url origin' $current_owner | grep $site_configuration_repository_middle)" ]; then
log "INFO" "Your site config repository in /etc/bridgehead seems to be installed correctly."
else
log "WARN" "Your site configuration repository in /etc/bridgehead seems to have another origin than git.verbis.dkfz.de. Please check if the repository is correctly cloned!"
fi
else
log "INFO" "Now cloning your site configuration repository for you."
read -p "Please enter your site: " site
read -s -p "Please enter the bridgehead's access token for your site configuration repository (will not be echoed): " access_token
site_configuration_repository_url="https://bytoken:${access_token}@${site_configuration_repository_middle}$(echo $site | tr '[:upper:]' '[:lower:]').git"
git clone $site_configuration_repository_url /etc/bridgehead
if [ $? -gt 0 ]; then
log "ERROR" "Unable to clone your configuration repository. Please obtain correct access data and try again."
fi
fi
chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead
log INFO "System preparation is completed and private key is present."

View File

@ -5,11 +5,11 @@ source lib/functions.sh
detectCompose detectCompose
if ! id "bridgehead" &>/dev/null; then if ! id "bridgehead" &>/dev/null; then
log ERROR "User bridgehead does not exist. Please consult readme for installation." log ERROR "User bridgehead does not exist. Please run bridgehead install $PROJECT"
exit 1 exit 1
fi fi
checkOwner . bridgehead || exit 1 checkOwner /srv/docker/bridgehead bridgehead || exit 1
checkOwner /etc/bridgehead bridgehead || exit 1 checkOwner /etc/bridgehead bridgehead || exit 1
## Check if user is a su ## Check if user is a su
@ -62,16 +62,22 @@ if [ -e /etc/bridgehead/vault.conf ]; then
fi fi
fi fi
log INFO "Checking your beam proxy private key" checkPrivKey() {
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
log INFO "Success - private key found."
else
log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run\n bridgehead enroll ${PROJECT}\nand follow the instructions."
return 1
fi
log INFO "Success - all prerequisites are met!"
hc_send log "Success - all prerequisites are met!"
return 0
}
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then if [[ "$@" =~ "noprivkey" ]]; then
log INFO "Success - private key found." log INFO "Skipping check for private key for now."
else else
log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run bridgehead enroll ${PROJECT} and follow the instructions". checkPrivKey || exit 1
exit 1
fi fi
log INFO "Success - all prerequisites are met!"
hc_send log "Success - all prerequisites are met!"
exit 0 exit 0

View File

@ -7,11 +7,6 @@ if [ $# -eq 0 ]; then
exit 1 exit 1
fi fi
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "bbmri" ]; then
log "ERROR" "Please provide a supported project like ccp, bbmri or nngm"
exit 1
fi
export PROJECT=$1 export PROJECT=$1
#checkRequirements // not needed when uninstalling #checkRequirements // not needed when uninstalling