mirror of https://github.com/samply/bridgehead.git
Merge pull request #6 from samply/martinsFixes
Housekeeping and script hardening in /srv/docker/bridgehead
This commit is contained in:
commit
95b2fdae08
|
@ -0,0 +1,70 @@
|
||||||
|
#!/bin/bash -e
|
||||||
|
|
||||||
|
baseDir() {
|
||||||
|
# see https://stackoverflow.com/questions/59895
|
||||||
|
SOURCE=${BASH_SOURCE[0]}
|
||||||
|
while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
|
||||||
|
DIR=$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )
|
||||||
|
SOURCE=$(readlink "$SOURCE")
|
||||||
|
[[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
|
||||||
|
done
|
||||||
|
DIR=$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )
|
||||||
|
echo $DIR
|
||||||
|
}
|
||||||
|
|
||||||
|
BASE=$(baseDir)
|
||||||
|
cd $BASE
|
||||||
|
|
||||||
|
source ./lib/functions.sh
|
||||||
|
|
||||||
|
action=$1
|
||||||
|
project=$2
|
||||||
|
|
||||||
|
if [[ -z $1 || -z $2 ]]; then
|
||||||
|
printUsage
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
case "$project" in
|
||||||
|
ccp)
|
||||||
|
#nothing extra to do
|
||||||
|
;;
|
||||||
|
nngm)
|
||||||
|
#nothing extra to do
|
||||||
|
;;
|
||||||
|
gbn)
|
||||||
|
#nothing extra to do
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
printUsage
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
source /etc/bridgehead/site.conf
|
||||||
|
|
||||||
|
case "$action" in
|
||||||
|
start)
|
||||||
|
checkRequirements
|
||||||
|
./lib/generate-landingpage.sh
|
||||||
|
exec docker-compose -f ./$project/docker-compose.yml --env-file /etc/bridgehead/$project.env up
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
exec docker-compose -f ./$project/docker-compose.yml --env-file /etc/bridgehead/$project.env down
|
||||||
|
;;
|
||||||
|
update)
|
||||||
|
exec ./lib/update-bridgehead.sh $project
|
||||||
|
;;
|
||||||
|
install)
|
||||||
|
exec ./lib/setup-bridgehead-units.sh $project
|
||||||
|
;;
|
||||||
|
uninstall)
|
||||||
|
exec ./lib/remove-bridgehead-units.sh $project
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
printUsage
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
exit 0
|
|
@ -41,7 +41,7 @@ services:
|
||||||
container_name: bridgehead-landingpage
|
container_name: bridgehead-landingpage
|
||||||
image: nginx:stable
|
image: nginx:stable
|
||||||
volumes:
|
volumes:
|
||||||
- ../landing/:/usr/share/nginx/html
|
- ../landing/:/usr/share/nginx/html:ro
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.landing.rule=PathPrefix(`/`)"
|
- "traefik.http.routers.landing.rule=PathPrefix(`/`)"
|
||||||
|
@ -68,7 +68,7 @@ services:
|
||||||
- "traefik.http.routers.blaze_ccp.tls=true"
|
- "traefik.http.routers.blaze_ccp.tls=true"
|
||||||
|
|
||||||
ccp-search-share:
|
ccp-search-share:
|
||||||
image: "ghcr.io/samply/dktk-fed-search-share:main"
|
image: "samply/dktk-fed-search-share"
|
||||||
container_name: bridgehead-ccp-share
|
container_name: bridgehead-ccp-share
|
||||||
environment:
|
environment:
|
||||||
APP_BASE_URL: "http://dktk-fed-search-share:8080"
|
APP_BASE_URL: "http://dktk-fed-search-share:8080"
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
useradd --home-dir /srv/docker/bridgehead -g docker -N -u 317 -s /sbin/nologin
|
|
|
@ -10,3 +10,16 @@ exitIfNotRoot() {
|
||||||
log() {
|
log() {
|
||||||
echo "$(date +'%Y-%m-%d %T')" "$1:" "$2"
|
echo "$(date +'%Y-%m-%d %T')" "$1:" "$2"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
printUsage() {
|
||||||
|
echo "Usage: bridgehead start|stop|update|install|uninstall PROJECTNAME"
|
||||||
|
}
|
||||||
|
|
||||||
|
checkRequirements() {
|
||||||
|
if ! lib/prerequisites.sh; then
|
||||||
|
log ERROR "Validating Prerequisites failed, please fix the error(s) above this line."
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
|
@ -2,9 +2,19 @@
|
||||||
|
|
||||||
source lib/functions.sh
|
source lib/functions.sh
|
||||||
|
|
||||||
|
## Check for file permissions
|
||||||
|
if ! id "bridgehead" &>/dev/null; then
|
||||||
|
log ERROR "User bridgehead does not exist. Please consult readme for installation."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
COUNT=$(find . ! -user bridgehead |wc -l)
|
||||||
|
if [ $COUNT -gt 0 ]; then
|
||||||
|
log ERROR "$COUNT files in $(pwd) are not owned by user bridgehead. Run find $(pwd) ! -user bridgehead to see them, chown -R bridgehead $(pwd) to correct this issue."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
## Check if user is a su
|
## Check if user is a su
|
||||||
log "Welcome to the starting a bridgehead. We will get your instance up and running in no time"
|
log INFO "Checking if all prerequisites are met ..."
|
||||||
log "First we will check if all prerequisites are met ..."
|
|
||||||
prerequisites="git docker docker-compose"
|
prerequisites="git docker docker-compose"
|
||||||
for prerequisite in $prerequisites; do
|
for prerequisite in $prerequisites; do
|
||||||
$prerequisite --version 2>&1
|
$prerequisite --version 2>&1
|
||||||
|
@ -16,54 +26,49 @@ for prerequisite in $prerequisites; do
|
||||||
# TODO: Check for specific version
|
# TODO: Check for specific version
|
||||||
done
|
done
|
||||||
|
|
||||||
log "Checking /etc/bridgehead/"
|
log INFO "Checking configuration ..."
|
||||||
|
|
||||||
## Download submodule
|
## Download submodule
|
||||||
if [ ! -d "/etc/bridgehead/" ]; then
|
if [ ! -d "/etc/bridgehead/" ]; then
|
||||||
log "Please set up the config folder. Instruction are in the readme."
|
log ERROR "Please set up the config folder at /etc/bridgehead. Instruction are in the readme."
|
||||||
exit 1
|
exit 1
|
||||||
else
|
|
||||||
log "Done"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log "Checking /etc/bridgehead/site.conf"
|
|
||||||
|
|
||||||
#check if site.conf is created
|
#check if site.conf is created
|
||||||
if [ ! -f /etc/bridgehead/site.conf ]; then
|
if [ ! -f /etc/bridgehead/site.conf ]; then
|
||||||
log "Please create your specific site.conf file from the site.dev.conf"
|
log ERROR "Please create your specific site.conf file from the site.dev.conf"
|
||||||
exit 1
|
exit 1
|
||||||
else
|
|
||||||
log "Done"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#Load site specific variables
|
#Load site specific variables
|
||||||
source /etc/bridgehead/site.conf
|
source /etc/bridgehead/site.conf
|
||||||
|
|
||||||
|
# TODO: Check all required variables here in a generic loop
|
||||||
|
|
||||||
if [ -z "$site_name" ]; then
|
if [ -z "$site_name" ]; then
|
||||||
log "Please set site_name"
|
log ERROR "Please set site_name."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log "Checking project config"
|
|
||||||
|
|
||||||
#check if project env is present
|
#check if project env is present
|
||||||
if [ -d "/etc/bridgehead/${project}.env" ]; then
|
if [ -d "/etc/bridgehead/${project}.env" ]; then
|
||||||
log "Please copy the tempalte from ${project} and put it in the /etc/bridgehead-config/ folder"
|
log ERROR "Project config not found. Please copy the template from ${project} and put it under /etc/bridgehead-config/${project}.env."
|
||||||
exit 1
|
exit 1
|
||||||
else
|
|
||||||
log "Done"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log "Checking ssl cert"
|
# TODO: Make sure you're in the right directory, or, even better, be independent from the working directory.
|
||||||
|
|
||||||
## Create SSL Cert
|
log INFO "Checking ssl cert"
|
||||||
if [ ! -d "/certs" ]; then
|
|
||||||
log "SSL cert missing, now we create one. Please consider getting a signed one"
|
if [ ! -d "certs" ]; then
|
||||||
mkdir certs
|
log WARN "TLS cert missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...)"
|
||||||
|
mkdir -p certs
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -d "certs/traefik.crt" ]; then
|
if [ -e "/etc/bridgehead/traefik.crt" ]; then
|
||||||
openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 365
|
openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 365
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log "All prerequisites are met!"
|
log INFO "Success - all prerequisites are met!"
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
|
@ -14,10 +14,7 @@ fi
|
||||||
|
|
||||||
export project=$1
|
export project=$1
|
||||||
|
|
||||||
if ! ./lib/prerequisites.sh; then
|
#checkRequirements // not needed when uninstalling
|
||||||
log "Prerequisites failed, exiting"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
log "Stopping systemd services and removing bridgehead ..."
|
log "Stopping systemd services and removing bridgehead ..."
|
||||||
|
|
||||||
|
|
|
@ -16,10 +16,7 @@ fi
|
||||||
|
|
||||||
export project=$1
|
export project=$1
|
||||||
|
|
||||||
if ! ./lib/prerequisites.sh; then
|
checkRequirements
|
||||||
log "Prerequisites failed, exiting"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo -e "\nInstalling systemd units ..."
|
echo -e "\nInstalling systemd units ..."
|
||||||
cp -v \
|
cp -v \
|
||||||
|
|
|
@ -4,9 +4,7 @@ Description=Bridgehead (%i) Update Service
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
User=bridgehead
|
User=bridgehead
|
||||||
WorkingDirectory=/srv/docker/bridgehead/
|
ExecStart=/srv/docker/bridgehead/bridgehead update %i
|
||||||
|
|
||||||
ExecStart=/srv/docker/bridgehead/update-bridgehead.sh %i
|
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -5,12 +5,8 @@ Description=Bridgehead (%i) Service
|
||||||
User=bridgehead
|
User=bridgehead
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
|
ExecStart=/srv/docker/bridgehead/bridgehead start %i
|
||||||
WorkingDirectory=/srv/docker/bridgehead/
|
ExecStop=/srv/docker/bridgehead/bridgehead stop %i
|
||||||
|
|
||||||
ExecStartPre=exec /srv/docker/bridgehead/stop-bridgehead.sh %i
|
|
||||||
ExecStart=exec /srv/docker/bridgehead/start-bridgehead.sh %i
|
|
||||||
ExecStop=exec /srv/docker/bridgehead/stop-bridgehead.sh %i
|
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -3,10 +3,7 @@ service="bridgehead"
|
||||||
|
|
||||||
source lib/functions.sh
|
source lib/functions.sh
|
||||||
|
|
||||||
if ! lib/prerequisites.sh; then
|
#checkRequirements // not required for mere update
|
||||||
log "Prerequisites failed, exiting"
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
|
|
||||||
log "INFO" "Checking for updates of $service"
|
log "INFO" "Checking for updates of $service"
|
||||||
# check prerequisites
|
# check prerequisites
|
|
@ -1,29 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
source lib/functions.sh
|
|
||||||
|
|
||||||
if [ $# -eq 0 ]; then
|
|
||||||
log "Please provide a Project as argument"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then
|
|
||||||
log "Please provide a supported project like ccp, gbn or nngm"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
export project=$1
|
|
||||||
|
|
||||||
if ! lib/prerequisites.sh; then
|
|
||||||
log "Validating Prerequisites failed, please fix the occurring error"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
source /etc/bridgehead/site.conf
|
|
||||||
|
|
||||||
####./lib/generate.sh
|
|
||||||
|
|
||||||
log "Starting bridgehead"
|
|
||||||
|
|
||||||
docker-compose -f $1/docker-compose.yml --env-file /etc/bridgehead/$1.env up -d
|
|
||||||
|
|
||||||
log "The bridgehead should be in online in a few seconds"
|
|
|
@ -1,18 +0,0 @@
|
||||||
#!/bin/bash -e
|
|
||||||
|
|
||||||
source lib/functions.sh
|
|
||||||
|
|
||||||
if [ $# -eq 0 ]; then
|
|
||||||
log "Please provide a Project as argument"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $1 != "ccp" ] && [$1 != "nngm"] && [ $1 != "gbn" ]; then
|
|
||||||
log "Please provide a supported project like ccp, gbn or nngm"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
log "Stopping bridgehead"
|
|
||||||
|
|
||||||
# TODO: Check $1 for proper values
|
|
||||||
docker-compose -f $1/docker-compose.yml --env-file /etc/bridgehead/$1.env down
|
|
Loading…
Reference in New Issue