Merge pull request #39 from samply/feature/fullyGuidedInstallation
Facilitate installation by scripting some installation steps
This commit is contained in:
commit
22d17f264f
44
bridgehead
44
bridgehead
|
@ -29,9 +29,6 @@ case "$PROJECT" in
|
||||||
ccp)
|
ccp)
|
||||||
#nothing extra to do
|
#nothing extra to do
|
||||||
;;
|
;;
|
||||||
nngm)
|
|
||||||
#nothing extra to do
|
|
||||||
;;
|
|
||||||
bbmri)
|
bbmri)
|
||||||
#nothing extra to do
|
#nothing extra to do
|
||||||
;;
|
;;
|
||||||
|
@ -41,28 +38,30 @@ case "$PROJECT" in
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# Load variables from /etc/bridgehead and /srv/docker/bridgehead
|
loadVars() {
|
||||||
set -a
|
# Load variables from /etc/bridgehead and /srv/docker/bridgehead
|
||||||
source /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "/etc/bridgehead/$PROJECT.conf not found"
|
set -a
|
||||||
if [ -e /etc/bridgehead/$PROJECT.local.conf ]; then
|
source /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "/etc/bridgehead/$PROJECT.conf not found"
|
||||||
|
if [ -e /etc/bridgehead/$PROJECT.local.conf ]; then
|
||||||
log INFO "Applying /etc/bridgehead/$PROJECT.local.conf"
|
log INFO "Applying /etc/bridgehead/$PROJECT.local.conf"
|
||||||
source /etc/bridgehead/$PROJECT.local.conf || fail_and_report 1 "Found /etc/bridgehead/$PROJECT.local.conf but failed to import"
|
source /etc/bridgehead/$PROJECT.local.conf || fail_and_report 1 "Found /etc/bridgehead/$PROJECT.local.conf but failed to import"
|
||||||
fi
|
fi
|
||||||
fetchVarsFromVaultByFile /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "Unable to fetchVarsFromVaultByFile"
|
fetchVarsFromVaultByFile /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "Unable to fetchVarsFromVaultByFile"
|
||||||
[ -e ./$PROJECT/vars ] && source ./$PROJECT/vars
|
[ -e ./$PROJECT/vars ] && source ./$PROJECT/vars
|
||||||
set +a
|
set +a
|
||||||
|
|
||||||
OVERRIDE=${OVERRIDE:=""}
|
OVERRIDE=${OVERRIDE:=""}
|
||||||
if [ -f "$PROJECT/docker-compose.override.yml" ]; then
|
if [ -f "$PROJECT/docker-compose.override.yml" ]; then
|
||||||
log INFO "Applying $PROJECT/docker-compose.override.yml"
|
log INFO "Applying $PROJECT/docker-compose.override.yml"
|
||||||
OVERRIDE+=" -f ./$PROJECT/docker-compose.override.yml"
|
OVERRIDE+=" -f ./$PROJECT/docker-compose.override.yml"
|
||||||
fi
|
fi
|
||||||
|
detectCompose
|
||||||
detectCompose
|
setHostname
|
||||||
setHostname
|
}
|
||||||
|
|
||||||
case "$ACTION" in
|
case "$ACTION" in
|
||||||
start)
|
start)
|
||||||
|
loadVars
|
||||||
hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
|
hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
|
||||||
checkRequirements
|
checkRequirements
|
||||||
hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
|
hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
|
||||||
|
@ -70,20 +69,25 @@ case "$ACTION" in
|
||||||
exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
|
exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
|
||||||
;;
|
;;
|
||||||
stop)
|
stop)
|
||||||
|
loadVars
|
||||||
exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE down
|
exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE down
|
||||||
;;
|
;;
|
||||||
update)
|
update)
|
||||||
|
loadVars
|
||||||
exec ./lib/update-bridgehead.sh $PROJECT
|
exec ./lib/update-bridgehead.sh $PROJECT
|
||||||
;;
|
;;
|
||||||
install)
|
install)
|
||||||
exec ./lib/setup-bridgehead-units.sh $PROJECT
|
source ./lib/prepare-system.sh
|
||||||
|
loadVars
|
||||||
|
exec ./lib/install-bridgehead.sh $PROJECT
|
||||||
;;
|
;;
|
||||||
uninstall)
|
uninstall)
|
||||||
exec ./lib/remove-bridgehead-units.sh $PROJECT
|
exec ./lib/uninstall-bridgehead.sh $PROJECT
|
||||||
;;
|
;;
|
||||||
enroll)
|
enroll)
|
||||||
|
loadVars
|
||||||
if [ -e $PRIVATEKEYFILENAME ]; then
|
if [ -e $PRIVATEKEYFILENAME ]; then
|
||||||
echo "Private key already exists at $PRIVATEKEYFILENAME. Please delete first to proceed."
|
log ERROR "Private key already exists at $PRIVATEKEYFILENAME. Please delete first to proceed."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL
|
docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
#!/bin/bash -e
|
#!/bin/bash -e
|
||||||
|
|
||||||
source lib/log.sh
|
|
||||||
|
|
||||||
detectCompose() {
|
detectCompose() {
|
||||||
if [[ "$(docker compose version 2>/dev/null)" == *"Docker Compose version"* ]]; then
|
if [[ "$(docker compose version 2>/dev/null)" == *"Docker Compose version"* ]]; then
|
||||||
COMPOSE="docker compose"
|
COMPOSE="docker compose"
|
||||||
|
@ -37,11 +35,11 @@ checkOwner(){
|
||||||
|
|
||||||
printUsage() {
|
printUsage() {
|
||||||
echo "Usage: bridgehead start|stop|update|install|uninstall|enroll PROJECTNAME"
|
echo "Usage: bridgehead start|stop|update|install|uninstall|enroll PROJECTNAME"
|
||||||
echo "PROJECTNAME should be one of ccp|nngm|bbmri"
|
echo "PROJECTNAME should be one of ccp|bbmri"
|
||||||
}
|
}
|
||||||
|
|
||||||
checkRequirements() {
|
checkRequirements() {
|
||||||
if ! lib/prerequisites.sh; then
|
if ! lib/prerequisites.sh $@; then
|
||||||
log "ERROR" "Validating Prerequisites failed, please fix the error(s) above this line."
|
log "ERROR" "Validating Prerequisites failed, please fix the error(s) above this line."
|
||||||
fail_and_report 1 "Validating prerequisites failed."
|
fail_and_report 1 "Validating prerequisites failed."
|
||||||
else
|
else
|
||||||
|
@ -120,8 +118,10 @@ fixPermissions() {
|
||||||
source lib/monitoring.sh
|
source lib/monitoring.sh
|
||||||
|
|
||||||
report_error() {
|
report_error() {
|
||||||
log ERROR "$2"
|
CODE=$1
|
||||||
hc_send $1 "$2"
|
shift
|
||||||
|
log ERROR "$@"
|
||||||
|
hc_send $CODE "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
fail_and_report() {
|
fail_and_report() {
|
||||||
|
|
|
@ -9,14 +9,9 @@ if [ $# -eq 0 ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "bbmri" ]; then
|
|
||||||
log "ERROR" "Please provide a supported project like ccp, bbmri or nngm"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
export PROJECT=$1
|
export PROJECT=$1
|
||||||
|
|
||||||
checkRequirements
|
checkRequirements noprivkey
|
||||||
|
|
||||||
log "INFO" "Allowing the bridgehead user to start/stop the bridgehead."
|
log "INFO" "Allowing the bridgehead user to start/stop the bridgehead."
|
||||||
|
|
||||||
|
@ -33,7 +28,7 @@ Cmnd_Alias BRIDGEHEAD${PROJECT^^} = \\
|
||||||
bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^}
|
bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour)
|
# TODO: Determine whether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour)
|
||||||
if [ -z "$LDM_PASSWORD" ]; then
|
if [ -z "$LDM_PASSWORD" ]; then
|
||||||
log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!"
|
log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!"
|
||||||
generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
|
generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
|
||||||
|
@ -42,7 +37,7 @@ if [ -z "$LDM_PASSWORD" ]; then
|
||||||
echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf;
|
echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log "INFO" "Register system units for bridgehead and bridgehead-update"
|
log "INFO" "Registering system units for bridgehead and bridgehead-update"
|
||||||
cp -v \
|
cp -v \
|
||||||
lib/systemd/bridgehead\@.service \
|
lib/systemd/bridgehead\@.service \
|
||||||
lib/systemd/bridgehead-update\@.service \
|
lib/systemd/bridgehead-update\@.service \
|
||||||
|
@ -61,4 +56,11 @@ systemctl enable bridgehead@"${PROJECT}".service
|
||||||
log "INFO" "Enabling auto-updates for bridgehead@${PROJECT}.service ..."
|
log "INFO" "Enabling auto-updates for bridgehead@${PROJECT}.service ..."
|
||||||
systemctl enable --now bridgehead-update@"${PROJECT}".timer
|
systemctl enable --now bridgehead-update@"${PROJECT}".timer
|
||||||
|
|
||||||
log "INFO" "\nSuccess - now start your bridgehead by running\n systemctl start bridgehead@${PROJECT}.service\n or by rebooting your machine."
|
STR="\n\n systemctl start bridgehead@${PROJECT}.service\n\nor by rebooting your machine."
|
||||||
|
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
|
||||||
|
STR="Success. Next, start your bridgehead by running$STR"
|
||||||
|
else
|
||||||
|
STR="Success. Next, enroll into the $PROJECT broker by creating a cryptographic certificate. To do so, run\n\n /srv/docker/bridgehead/bridgehead enroll $PROJECT\n\nThen, you may start the bridgehead by running$STR"
|
||||||
|
fi
|
||||||
|
|
||||||
|
log "INFO" "$STR"
|
|
@ -1,5 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
log() {
|
log() {
|
||||||
echo -e "$(date +'%Y-%m-%d %T')" "$1:" "$2"
|
SEVERITY="$1"
|
||||||
|
shift
|
||||||
|
echo -e "$(date +'%Y-%m-%d %T')" "$SEVERITY:" "$@"
|
||||||
}
|
}
|
||||||
|
|
|
@ -35,8 +35,13 @@ function hc_send(){
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$USER_AGENT" ]; then
|
if [ -z "$USER_AGENT" ]; then
|
||||||
|
if [ "$USER" != "root" ]; then
|
||||||
COMMIT_ETC=$(git -C /etc/bridgehead rev-parse HEAD | cut -c -8)
|
COMMIT_ETC=$(git -C /etc/bridgehead rev-parse HEAD | cut -c -8)
|
||||||
COMMIT_SRV=$(git -C /srv/docker/bridgehead rev-parse HEAD | cut -c -8)
|
COMMIT_SRV=$(git -C /srv/docker/bridgehead rev-parse HEAD | cut -c -8)
|
||||||
|
else
|
||||||
|
COMMIT_ETC=$(su -c 'git -C /etc/bridgehead rev-parse HEAD' bridgehead | cut -c -8)
|
||||||
|
COMMIT_SRV=$(su -c 'git -C /srv/docker/bridgehead rev-parse HEAD' bridgehead | cut -c -8)
|
||||||
|
fi
|
||||||
USER_AGENT="srv:$COMMIT_SRV etc:$COMMIT_ETC"
|
USER_AGENT="srv:$COMMIT_SRV etc:$COMMIT_ETC"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,67 @@
|
||||||
|
#!/bin/bash -e
|
||||||
|
|
||||||
|
source lib/log.sh
|
||||||
|
source lib/functions.sh
|
||||||
|
|
||||||
|
log "INFO" "Preparing your system for bridgehead installation ..."
|
||||||
|
|
||||||
|
# Create the bridgehead user
|
||||||
|
if id bridgehead &>/dev/null; then
|
||||||
|
log "INFO" "Existing user with id $(id -u bridgehead) will be used by the bridgehead system units."
|
||||||
|
else
|
||||||
|
log "INFO" "Now creating a system user to own the bridgehead's files."
|
||||||
|
useradd -M -g docker -N bridgehead || fail_and_report ""
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Clone the OpenSource repository of bridgehead
|
||||||
|
bridgehead_repository_url="https://github.com/samply/bridgehead.git"
|
||||||
|
if [ -d "/srv/docker/bridgehead" ]; then
|
||||||
|
current_owner=$(stat -c '%U' /srv/docker/bridgehead)
|
||||||
|
if [ "$(su -c 'git -C /srv/docker/bridgehead remote get-url origin' $current_owner)" == "$bridgehead_repository_url" ]; then
|
||||||
|
log "INFO" "Bridgehead's open-source repository has been found at /srv/docker/bridgehead"
|
||||||
|
else
|
||||||
|
log "ERROR" "The directory /srv/docker/bridgehead seems to exist, but doesn't contain a clone of $bridgehead_repository_url\nPlease delete the directory and try again."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
log "INFO" "Cloning $bridgehead_repository_url to /srv/docker/bridgehead"
|
||||||
|
mkdir -p /srv/docker/
|
||||||
|
git clone bridgehead_repository_url /srv/docker/bridgehead -b feature/samplyBeam
|
||||||
|
fi
|
||||||
|
|
||||||
|
case "$PROJECT" in
|
||||||
|
ccp)
|
||||||
|
site_configuration_repository_middle="git.verbis.dkfz.de/bridgehead-configurations/bridgehead-config-"
|
||||||
|
;;
|
||||||
|
bbmri)
|
||||||
|
site_configuration_repository_middle="git.verbis.dkfz.de/bbmri-bridgehead-configs/"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
log ERROR "Internal error, this should not happen."
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# Clone the site-configuration
|
||||||
|
if [ -d /etc/bridgehead ]; then
|
||||||
|
current_owner=$(stat -c '%U' /etc/bridgehead)
|
||||||
|
if [ "$(su -c 'git -C /etc/bridgehead remote get-url origin' $current_owner | grep $site_configuration_repository_middle)" ]; then
|
||||||
|
log "INFO" "Your site config repository in /etc/bridgehead seems to be installed correctly."
|
||||||
|
else
|
||||||
|
log "WARN" "Your site configuration repository in /etc/bridgehead seems to have another origin than git.verbis.dkfz.de. Please check if the repository is correctly cloned!"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
log "INFO" "Now cloning your site configuration repository for you."
|
||||||
|
read -p "Please enter your site: " site
|
||||||
|
read -s -p "Please enter the bridgehead's access token for your site configuration repository (will not be echoed): " access_token
|
||||||
|
site_configuration_repository_url="https://bytoken:${access_token}@${site_configuration_repository_middle}$(echo $site | tr '[:upper:]' '[:lower:]').git"
|
||||||
|
git clone $site_configuration_repository_url /etc/bridgehead
|
||||||
|
if [ $? -gt 0 ]; then
|
||||||
|
log "ERROR" "Unable to clone your configuration repository. Please obtain correct access data and try again."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead
|
||||||
|
|
||||||
|
log INFO "System preparation is completed and private key is present."
|
||||||
|
|
|
@ -5,11 +5,11 @@ source lib/functions.sh
|
||||||
detectCompose
|
detectCompose
|
||||||
|
|
||||||
if ! id "bridgehead" &>/dev/null; then
|
if ! id "bridgehead" &>/dev/null; then
|
||||||
log ERROR "User bridgehead does not exist. Please consult readme for installation."
|
log ERROR "User bridgehead does not exist. Please run bridgehead install $PROJECT"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
checkOwner . bridgehead || exit 1
|
checkOwner /srv/docker/bridgehead bridgehead || exit 1
|
||||||
checkOwner /etc/bridgehead bridgehead || exit 1
|
checkOwner /etc/bridgehead bridgehead || exit 1
|
||||||
|
|
||||||
## Check if user is a su
|
## Check if user is a su
|
||||||
|
@ -62,16 +62,22 @@ if [ -e /etc/bridgehead/vault.conf ]; then
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log INFO "Checking your beam proxy private key"
|
checkPrivKey() {
|
||||||
|
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
|
||||||
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
|
|
||||||
log INFO "Success - private key found."
|
log INFO "Success - private key found."
|
||||||
|
else
|
||||||
|
log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run\n bridgehead enroll ${PROJECT}\nand follow the instructions."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
log INFO "Success - all prerequisites are met!"
|
||||||
|
hc_send log "Success - all prerequisites are met!"
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
if [[ "$@" =~ "noprivkey" ]]; then
|
||||||
|
log INFO "Skipping check for private key for now."
|
||||||
else
|
else
|
||||||
log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run bridgehead enroll ${PROJECT} and follow the instructions".
|
checkPrivKey || exit 1
|
||||||
exit 1
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log INFO "Success - all prerequisites are met!"
|
|
||||||
hc_send log "Success - all prerequisites are met!"
|
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -7,11 +7,6 @@ if [ $# -eq 0 ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "bbmri" ]; then
|
|
||||||
log "ERROR" "Please provide a supported project like ccp, bbmri or nngm"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
export PROJECT=$1
|
export PROJECT=$1
|
||||||
|
|
||||||
#checkRequirements // not needed when uninstalling
|
#checkRequirements // not needed when uninstalling
|
Loading…
Reference in New Issue