bridgehead/lib/functions.sh

#!/bin/bash -e

source lib/log.sh

detectCompose() {
	if [[ "$(docker compose version 2>/dev/null)" == *"Docker Compose version"* ]]; then
		COMPOSE="docker compose"
	else
		COMPOSE="docker-compose"
		# This is intended to fail on startup in the next prereq check.
	fi
}

getLdmPassword() {
	if [ -n "$LDM_PASSWORD" ]; then
		docker run --rm httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r'
	else
		echo -n ""
	fi
}

exitIfNotRoot() {
  if [ "$EUID" -ne 0 ]; then
    log "ERROR" "Please run as root"
    fail_and_report 1 "Please run as root"
  fi
}

checkOwner(){
  COUNT=$(find $1 ! -user $2 |wc -l)
  if [ $COUNT -gt 0 ]; then
    log ERROR "$COUNT files in $1 are not owned by user $2. Run find $1 ! -user $2 to see them, chown -R $2 $1 to correct this issue."
    return 1
  fi
  return 0
}

printUsage() {
	echo "Usage: bridgehead start|stop|update|install|uninstall|enroll PROJECTNAME"
	echo "PROJECTNAME should be one of ccp|nngm|bbmri"
}

checkRequirements() {
	if ! lib/prerequisites.sh; then
		log "ERROR" "Validating Prerequisites failed, please fix the error(s) above this line."
		fail_and_report 1 "Validating prerequisites failed."
	else
		return 0
	fi
}

fetchVarsFromVault() {
	[ -e /etc/bridgehead/vault.conf ] && source /etc/bridgehead/vault.conf

	if [ -z "$BW_MASTERPASS" ] || [ -z "$BW_CLIENTID" ] || [ -z "$BW_CLIENTSECRET" ]; then
		log "ERROR" "Please supply correct credentials in /etc/bridgehead/vault.conf."
		return 1
	fi

	set +e

	PASS=$(BW_MASTERPASS="$BW_MASTERPASS" BW_CLIENTID="$BW_CLIENTID" BW_CLIENTSECRET="$BW_CLIENTSECRET" docker run --rm -e BW_MASTERPASS -e BW_CLIENTID -e BW_CLIENTSECRET -e http_proxy samply/bridgehead-vaultfetcher $@)
	RET=$?

	if [ $RET -ne 0 ]; then
		echo "Code: $RET"
		echo $PASS
		return $RET
	fi

	eval $(echo -e "$PASS" | sed 's/\r//g')

	set -e

	return 0
}

fetchVarsFromVaultByFile() {
	VARS_TO_FETCH=""

	for line in $(cat $@); do
		if [[ $line =~ .*=[\"]*\<VAULT\>[\"]*.* ]]; then
			VARS_TO_FETCH+="$(echo -n $line | sed 's/=.*//') "
		fi
	done

	if [ -z "$VARS_TO_FETCH" ]; then
		return 0
	fi

	log INFO "Fetching $(echo $VARS_TO_FETCH | wc -w) secrets from Vault ..."

	fetchVarsFromVault $VARS_TO_FETCH

	return 0
}

assertVarsNotEmpty() {
	MISSING_VARS=""

	for VAR in $@; do
	if [ -z "${!VAR}" ]; then
			MISSING_VARS+="$VAR "
		fi
	done

	if [ -n "$MISSING_VARS" ]; then
		log "ERROR" "Mandatory variables not defined: $MISSING_VARS"
		return 1
	fi

	return 0
}

fixPermissions() {
	CHOWN=$(which chown)
	sudo $CHOWN -R bridgehead /etc/bridgehead /srv/docker/bridgehead
}

source lib/monitoring.sh

report_error() {
	log ERROR "$2"
	hc_send $1 "$2"
}

fail_and_report() {
	report_error $@
	exit $1
}

##Setting Network properties
# currently not needed
#export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}');

export HOST=$(hostname -f)
dktk-fed 2022-02-16 09:59:53 +01:00			`#!/bin/bash -e`

Monitoring for bridgehead startup and update (#22) 2022-10-06 10:45:50 +02:00			`source lib/log.sh`

Move to functions.sh 2022-10-28 10:12:21 +02:00			`detectCompose() {`
			`if [[ "$(docker compose version 2>/dev/null)" == "Docker Compose version" ]]; then`
			`COMPOSE="docker compose"`
			`else`
			`COMPOSE="docker-compose"`
			`# This is intended to fail on startup in the next prereq check.`
			`fi`
			`}`

Fix getting LDM_LOGIN 2022-11-03 18:14:11 +01:00			`getLdmPassword() {`
Check for LDM_PASSWORD 2022-11-03 17:23:25 +01:00			`if [ -n "$LDM_PASSWORD" ]; then`
Fix getting LDM_LOGIN 2022-11-03 18:14:11 +01:00			`docker run --rm httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD \| tr -d '\n' \| tr -d '\r'`
			`else`
			`echo -n ""`
Make LDM password nicer 2022-11-03 17:19:15 +01:00			`fi`
			`}`

dktk-fed 2022-02-16 09:59:53 +01:00			`exitIfNotRoot() {`
			`if [ "$EUID" -ne 0 ]; then`
refactor: Ensured Usage of Log Function This should ensure a more consistent script output 2022-05-17 15:55:25 +02:00			`log "ERROR" "Please run as root"`
Monitoring for bridgehead startup and update (#22) 2022-10-06 10:45:50 +02:00			`fail_and_report 1 "Please run as root"`
dktk-fed 2022-02-16 09:59:53 +01:00			`fi`
			`}`

Move checkOwner() to functions.sh 2022-05-31 13:55:40 +02:00			`checkOwner(){`
			`COUNT=$(find $1 ! -user $2 \|wc -l)`
			`if [ $COUNT -gt 0 ]; then`
			`log ERROR "$COUNT files in $1 are not owned by user $2. Run find $1 ! -user $2 to see them, chown -R $2 $1 to correct this issue."`
			`return 1`
			`fi`
			`return 0`
			`}`

Housekeeping and script hardening in /srv/docker/bridgehead. Existing installations need to run bridgehead uninstall, bridgehead install. 2022-05-09 15:13:38 +02:00			`printUsage() {`
Certificate enrollment (#24) 2022-10-17 14:38:34 +02:00			`echo "Usage: bridgehead start\|stop\|update\|install\|uninstall\|enroll PROJECTNAME"`
Make this work for BBMRI-ERIC 2022-10-25 11:45:01 +02:00			`echo "PROJECTNAME should be one of ccp\|nngm\|bbmri"`
Housekeeping and script hardening in /srv/docker/bridgehead. Existing installations need to run bridgehead uninstall, bridgehead install. 2022-05-09 15:13:38 +02:00			`}`

			`checkRequirements() {`
			`if ! lib/prerequisites.sh; then`
refactor: Ensured Usage of Log Function This should ensure a more consistent script output 2022-05-17 15:55:25 +02:00			`log "ERROR" "Validating Prerequisites failed, please fix the error(s) above this line."`
Monitoring for bridgehead startup and update (#22) 2022-10-06 10:45:50 +02:00			`fail_and_report 1 "Validating prerequisites failed."`
Housekeeping and script hardening in /srv/docker/bridgehead. Existing installations need to run bridgehead uninstall, bridgehead install. 2022-05-09 15:13:38 +02:00			`else`
			`return 0`
			`fi`
			`}`
Whenever a variable has the value <VAULT>, auto-fetch value from vault. 2022-05-12 18:23:52 +02:00
			`fetchVarsFromVault() {`
Support retrieving credentials for vault from /etc/bridgehead/vault.conf 2022-05-13 14:11:14 +02:00			`[ -e /etc/bridgehead/vault.conf ] && source /etc/bridgehead/vault.conf`

			`if [ -z "$BW_MASTERPASS" ] \|\| [ -z "$BW_CLIENTID" ] \|\| [ -z "$BW_CLIENTSECRET" ]; then`
refactor: Ensured Usage of Log Function This should ensure a more consistent script output 2022-05-17 15:55:25 +02:00			`log "ERROR" "Please supply correct credentials in /etc/bridgehead/vault.conf."`
Support retrieving credentials for vault from /etc/bridgehead/vault.conf 2022-05-13 14:11:14 +02:00			`return 1`
			`fi`

			`set +e`

Refactor fetchVarsFromVault 2022-05-31 09:22:38 +02:00			`PASS=$(BW_MASTERPASS="$BW_MASTERPASS" BW_CLIENTID="$BW_CLIENTID" BW_CLIENTSECRET="$BW_CLIENTSECRET" docker run --rm -e BW_MASTERPASS -e BW_CLIENTID -e BW_CLIENTSECRET -e http_proxy samply/bridgehead-vaultfetcher $@)`
Support retrieving credentials for vault from /etc/bridgehead/vault.conf 2022-05-13 14:11:14 +02:00			`RET=$?`

			`if [ $RET -ne 0 ]; then`
			`echo "Code: $RET"`
			`echo $PASS`
			`return $RET`
			`fi`

			`eval $(echo -e "$PASS" \| sed 's/\r//g')`

			`set -e`
Whenever a variable has the value <VAULT>, auto-fetch value from vault. 2022-05-12 18:23:52 +02:00
			`return 0`
			`}`
Removed ref to site.conf 2022-05-16 09:21:42 +02:00
Refactor fetchVarsFromVault 2022-05-31 09:22:38 +02:00			`fetchVarsFromVaultByFile() {`
			`VARS_TO_FETCH=""`

			`for line in $(cat $@); do`
Bugfix in fetchVarsFromVaultByFile: Detect variables with values à la "<VAULT>" 2022-05-31 13:40:25 +02:00			`if [[ $line =~ .=[\"]\<VAULT\>[\"]. ]]; then`
Refactor fetchVarsFromVault 2022-05-31 09:22:38 +02:00			`VARS_TO_FETCH+="$(echo -n $line \| sed 's/=.*//') "`
			`fi`
			`done`

			`if [ -z "$VARS_TO_FETCH" ]; then`
			`return 0`
			`fi`

			`log INFO "Fetching $(echo $VARS_TO_FETCH \| wc -w) secrets from Vault ..."`

			`fetchVarsFromVault $VARS_TO_FETCH`

			`return 0`
			`}`

New function assertVarsNotEmpty() 2022-05-31 13:56:12 +02:00			`assertVarsNotEmpty() {`
			`MISSING_VARS=""`

			`for VAR in $@; do`
			`if [ -z "${!VAR}" ]; then`
			`MISSING_VARS+="$VAR "`
			`fi`
			`done`

			`if [ -n "$MISSING_VARS" ]; then`
			`log "ERROR" "Mandatory variables not defined: $MISSING_VARS"`
			`return 1`
			`fi`

			`return 0`
			`}`

Monitoring for bridgehead startup and update (#22) 2022-10-06 10:45:50 +02:00			`fixPermissions() {`
			`CHOWN=$(which chown)`
			`sudo $CHOWN -R bridgehead /etc/bridgehead /srv/docker/bridgehead`
			`}`

			`source lib/monitoring.sh`

Report git errors 2022-11-04 15:26:27 +01:00			`report_error() {`
Monitoring for bridgehead startup and update (#22) 2022-10-06 10:45:50 +02:00			`log ERROR "$2"`
			`hc_send $1 "$2"`
Report git errors 2022-11-04 15:26:27 +01:00			`}`

			`fail_and_report() {`
			`report_error $@`
Monitoring for bridgehead startup and update (#22) 2022-10-06 10:45:50 +02:00			`exit $1`
			`}`

Removed ref to site.conf 2022-05-16 09:21:42 +02:00			`##Setting Network properties`
Don't pull ubuntu image on every startup. Use server's full hostname. 2022-10-26 10:44:32 +02:00			`# currently not needed`
			`#export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts \| grep 'host.docker.internal' \| awk '{print $1}');`

			`export HOST=$(hostname -f)`