Housekeeping and script hardening in /srv/docker/bridgehead. Existing installations need to run bridgehead uninstall, bridgehead install.

This commit is contained in:
Martin Lablans 2022-05-09 15:13:38 +02:00
parent 445add6d30
commit 334f82661b
13 changed files with 123 additions and 101 deletions

70
bridgehead Executable file
View File

@ -0,0 +1,70 @@
#!/bin/bash -e
baseDir() {
# see https://stackoverflow.com/questions/59895
SOURCE=${BASH_SOURCE[0]}
while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
DIR=$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )
SOURCE=$(readlink "$SOURCE")
[[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
DIR=$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )
echo $DIR
}
BASE=$(baseDir)
cd $BASE
source ./lib/functions.sh
action=$1
project=$2
if [[ -z $1 || -z $2 ]]; then
printUsage
exit 1
fi
case "$project" in
ccp)
#nothing extra to do
;;
nngm)
#nothing extra to do
;;
gbn)
#nothing extra to do
;;
*)
printUsage
exit 1
;;
esac
source /etc/bridgehead/site.conf
case "$action" in
start)
checkRequirements
./lib/generate-landingpage.sh
exec docker-compose -f ./$project/docker-compose.yml --env-file /etc/bridgehead/$project.env up
;;
stop)
exec docker-compose -f ./$project/docker-compose.yml --env-file /etc/bridgehead/$project.env down
;;
update)
exec ./lib/update-bridgehead.sh $project
;;
install)
exec ./lib/setup-bridgehead-units.sh $project
;;
uninstall)
exec ./lib/remove-bridgehead-units.sh $project
;;
*)
printUsage
exit 1
;;
esac
exit 0

View File

@ -41,7 +41,7 @@ services:
container_name: bridgehead-landingpage container_name: bridgehead-landingpage
image: nginx:stable image: nginx:stable
volumes: volumes:
- ../landing/:/usr/share/nginx/html - ../landing/:/usr/share/nginx/html:ro
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.landing.rule=PathPrefix(`/`)" - "traefik.http.routers.landing.rule=PathPrefix(`/`)"

View File

@ -1,3 +0,0 @@
#!/bin/bash
useradd --home-dir /srv/docker/bridgehead -g docker -N -u 317 -s /sbin/nologin

View File

@ -10,3 +10,16 @@ exitIfNotRoot() {
log() { log() {
echo "$(date +'%Y-%m-%d %T')" "$1:" "$2" echo "$(date +'%Y-%m-%d %T')" "$1:" "$2"
} }
printUsage() {
echo "Usage: bridgehead start|stop|update|install|uninstall PROJECTNAME"
}
checkRequirements() {
if ! lib/prerequisites.sh; then
log ERROR "Validating Prerequisites failed, please fix the error(s) above this line."
exit 1
else
return 0
fi
}

View File

@ -1,9 +1,20 @@
#!/bin/bash #!/bin/bash
source lib/functions.sh
## Check for file permissions
if ! id "bridgehead" &>/dev/null; then
log ERROR "User bridgehead does not exist. Please consult readme for installation."
exit 1
fi
COUNT=$(find . ! -user bridgehead |wc -l)
if [ $COUNT -gt 0 ]; then
log ERROR "$COUNT files in $(pwd) are not owned by user bridgehead. Run find $(pwd) ! -user bridgehead to see them, chown -R bridgehead $(pwd) to correct this issue."
exit 1
fi
## Check if user is a su ## Check if user is a su
echo "Welcome to the starting a bridgehead. We will get your instance up and running in no time" log INFO "Checking if all prerequisites are met ..."
echo "First we will check if all prerequisites are met ..."
prerequisites="git docker docker-compose" prerequisites="git docker docker-compose"
for prerequisite in $prerequisites; do for prerequisite in $prerequisites; do
$prerequisite --version 2>&1 $prerequisite --version 2>&1
@ -15,54 +26,49 @@ for prerequisite in $prerequisites; do
# TODO: Check for specific version # TODO: Check for specific version
done done
echo "Checking /etc/bridgehead/" log INFO "Checking configuration ..."
## Download submodule ## Download submodule
if [ ! -d "/etc/bridgehead/" ]; then if [ ! -d "/etc/bridgehead/" ]; then
echo "Please set up the config folder. Instruction are in the readme." log ERROR "Please set up the config folder at /etc/bridgehead. Instruction are in the readme."
exit 1 exit 1
else
echo "Done"
fi fi
echo "Checking /etc/bridgehead/site.conf"
#check if site.conf is created #check if site.conf is created
if [ ! -f /etc/bridgehead/site.conf ]; then if [ ! -f /etc/bridgehead/site.conf ]; then
echo "Please create your specific site.conf file from the site.dev.conf" log ERROR "Please create your specific site.conf file from the site.dev.conf"
exit 1 exit 1
else
echo "Done"
fi fi
#Load site specific variables #Load site specific variables
source /etc/bridgehead/site.conf source /etc/bridgehead/site.conf
# TODO: Check all required variables here in a generic loop
if [ -z "$site_name" ]; then if [ -z "$site_name" ]; then
echo "Please set site_name" log ERROR "Please set site_name."
exit 1 exit 1
fi fi
echo "Checking project config"
#check if project env is present #check if project env is present
if [ -d "/etc/bridgehead/${project}.env" ]; then if [ -d "/etc/bridgehead/${project}.env" ]; then
echo "Please copy the tempalte from ${project} and put it in the /etc/bridgehead-config/ folder" log ERROR "Project config not found. Please copy the template from ${project} and put it under /etc/bridgehead-config/${project}.env."
exit 1 exit 1
else
echo "Done"
fi fi
echo "Checking ssl cert" # TODO: Make sure you're in the right directory, or, even better, be independent from the working directory.
## Create SSL Cert log INFO "Checking ssl cert"
if [ ! -d "/certs" ]; then
echo "SSL cert missing, now we create one. Please consider getting a signed one" if [ ! -d "certs" ]; then
mkdir certs log WARN "TLS cert missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...)"
mkdir -p certs
fi fi
if [ -d "/etc/bridgehead/traefik.crt" ]; then if [ -e "/etc/bridgehead/traefik.crt" ]; then
openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 365 openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 365
fi fi
echo "All prerequisites are met!" log INFO "Success - all prerequisites are met!"
exit 0

View File

@ -14,10 +14,7 @@ fi
export project=$1 export project=$1
if ! ./lib/prerequisites.sh; then #checkRequirements // not needed when uninstalling
log "Prerequisites failed, exiting"
exit 1
fi
echo "Stopping systemd services and removing bridgehead ..." echo "Stopping systemd services and removing bridgehead ..."

View File

@ -16,10 +16,7 @@ fi
export project=$1 export project=$1
if ! ./lib/prerequisites.sh; then checkRequirements
log "Prerequisites failed, exiting"
exit 1
fi
echo -e "\nInstalling systemd units ..." echo -e "\nInstalling systemd units ..."
cp -v \ cp -v \

View File

@ -4,9 +4,7 @@ Description=Bridgehead (%i) Update Service
[Service] [Service]
Type=oneshot Type=oneshot
User=bridgehead User=bridgehead
WorkingDirectory=/srv/docker/bridgehead/ ExecStart=/srv/docker/bridgehead/bridgehead update %i
ExecStart=/srv/docker/bridgehead/update-bridgehead.sh %i
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -5,12 +5,8 @@ Description=Bridgehead (%i) Service
User=bridgehead User=bridgehead
Restart=always Restart=always
RestartSec=30 RestartSec=30
ExecStart=/srv/docker/bridgehead/bridgehead start %i
WorkingDirectory=/srv/docker/bridgehead/ ExecStop=/srv/docker/bridgehead/bridgehead stop %i
ExecStart=/srv/docker/bridgehead/start-bridgehead.sh %i
RemainAfterExit=true
ExecStop=/srv/docker/bridgehead/stop-bridgehead.sh %i
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -3,10 +3,7 @@ service="bridgehead"
source lib/functions.sh source lib/functions.sh
if ! lib/prerequisites.sh; then #checkRequirements // not required for mere update
log "Prerequisites failed, exiting"
exit
fi
log "INFO" "Checking for updates of $service" log "INFO" "Checking for updates of $service"
# check prerequisites # check prerequisites

View File

@ -1,31 +0,0 @@
#!/bin/bash
### Note: Currently not complete, needs some features before useable for production
if [ $# -eq 0 ]; then
echo "Please provide a Project as argument"
exit 1
fi
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then
echo "Please provide a supported project like ccp, gbn or nngm"
exit 1
fi
export project=$1
source lib/functions.sh
if ! lib/prerequisites.sh; then
log "Validating Prerequisites failed, please fix the occurring error"
exit 1
fi
source /etc/bridgehead/site.conf
./lib/generate.sh
log "Starting bridgehead"
docker-compose -f $1/docker-compose.yml --env-file /etc/bridgehead/$1.env up -d
log "The bridgehead should be in online in a few seconds"

View File

@ -1,18 +0,0 @@
#!/bin/bash -e
source lib/functions.sh
if [ $# -eq 0 ]; then
echo "Please provide a Project as argument"
exit 1
fi
if [ $1 != "ccp" ] && [$1 != "nngm"] && [ $1 != "gbn" ]; then
echo "Please provide a supported project like ccp, gbn or nngm"
exit 1
fi
log "Stopping bridgehead"
# TODO: Check $1 for proper values
docker-compose -f $1/docker-compose.yml --env-file /etc/bridgehead/$1.env down