Merge pull request #39 from samply/feature/fullyGuidedInstallation

Facilitate installation by scripting some installation steps
This commit is contained in:
Martin Lablans 2022-11-21 18:27:36 +01:00 committed by GitHub
commit 22d17f264f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 138 additions and 57 deletions

View File

@ -29,9 +29,6 @@ case "$PROJECT" in
ccp)
#nothing extra to do
;;
nngm)
#nothing extra to do
;;
bbmri)
#nothing extra to do
;;
@ -41,28 +38,30 @@ case "$PROJECT" in
;;
esac
# Load variables from /etc/bridgehead and /srv/docker/bridgehead
set -a
source /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "/etc/bridgehead/$PROJECT.conf not found"
if [ -e /etc/bridgehead/$PROJECT.local.conf ]; then
loadVars() {
# Load variables from /etc/bridgehead and /srv/docker/bridgehead
set -a
source /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "/etc/bridgehead/$PROJECT.conf not found"
if [ -e /etc/bridgehead/$PROJECT.local.conf ]; then
log INFO "Applying /etc/bridgehead/$PROJECT.local.conf"
source /etc/bridgehead/$PROJECT.local.conf || fail_and_report 1 "Found /etc/bridgehead/$PROJECT.local.conf but failed to import"
fi
fetchVarsFromVaultByFile /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "Unable to fetchVarsFromVaultByFile"
[ -e ./$PROJECT/vars ] && source ./$PROJECT/vars
set +a
fi
fetchVarsFromVaultByFile /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "Unable to fetchVarsFromVaultByFile"
[ -e ./$PROJECT/vars ] && source ./$PROJECT/vars
set +a
OVERRIDE=${OVERRIDE:=""}
if [ -f "$PROJECT/docker-compose.override.yml" ]; then
OVERRIDE=${OVERRIDE:=""}
if [ -f "$PROJECT/docker-compose.override.yml" ]; then
log INFO "Applying $PROJECT/docker-compose.override.yml"
OVERRIDE+=" -f ./$PROJECT/docker-compose.override.yml"
fi
detectCompose
setHostname
fi
detectCompose
setHostname
}
case "$ACTION" in
start)
loadVars
hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
checkRequirements
hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
@ -70,20 +69,25 @@ case "$ACTION" in
exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
;;
stop)
loadVars
exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE down
;;
update)
loadVars
exec ./lib/update-bridgehead.sh $PROJECT
;;
install)
exec ./lib/setup-bridgehead-units.sh $PROJECT
source ./lib/prepare-system.sh
loadVars
exec ./lib/install-bridgehead.sh $PROJECT
;;
uninstall)
exec ./lib/remove-bridgehead-units.sh $PROJECT
exec ./lib/uninstall-bridgehead.sh $PROJECT
;;
enroll)
loadVars
if [ -e $PRIVATEKEYFILENAME ]; then
echo "Private key already exists at $PRIVATEKEYFILENAME. Please delete first to proceed."
log ERROR "Private key already exists at $PRIVATEKEYFILENAME. Please delete first to proceed."
exit 1
fi
docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL

View File

@ -1,7 +1,5 @@
#!/bin/bash -e
source lib/log.sh
detectCompose() {
if [[ "$(docker compose version 2>/dev/null)" == *"Docker Compose version"* ]]; then
COMPOSE="docker compose"
@ -37,11 +35,11 @@ checkOwner(){
printUsage() {
echo "Usage: bridgehead start|stop|update|install|uninstall|enroll PROJECTNAME"
echo "PROJECTNAME should be one of ccp|nngm|bbmri"
echo "PROJECTNAME should be one of ccp|bbmri"
}
checkRequirements() {
if ! lib/prerequisites.sh; then
if ! lib/prerequisites.sh $@; then
log "ERROR" "Validating Prerequisites failed, please fix the error(s) above this line."
fail_and_report 1 "Validating prerequisites failed."
else
@ -120,8 +118,10 @@ fixPermissions() {
source lib/monitoring.sh
report_error() {
log ERROR "$2"
hc_send $1 "$2"
CODE=$1
shift
log ERROR "$@"
hc_send $CODE "$@"
}
fail_and_report() {

View File

@ -9,14 +9,9 @@ if [ $# -eq 0 ]; then
exit 1
fi
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "bbmri" ]; then
log "ERROR" "Please provide a supported project like ccp, bbmri or nngm"
exit 1
fi
export PROJECT=$1
checkRequirements
checkRequirements noprivkey
log "INFO" "Allowing the bridgehead user to start/stop the bridgehead."
@ -33,7 +28,7 @@ Cmnd_Alias BRIDGEHEAD${PROJECT^^} = \\
bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^}
EOF
# TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour)
# TODO: Determine whether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour)
if [ -z "$LDM_PASSWORD" ]; then
log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!"
generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
@ -42,7 +37,7 @@ if [ -z "$LDM_PASSWORD" ]; then
echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf;
fi
log "INFO" "Register system units for bridgehead and bridgehead-update"
log "INFO" "Registering system units for bridgehead and bridgehead-update"
cp -v \
lib/systemd/bridgehead\@.service \
lib/systemd/bridgehead-update\@.service \
@ -61,4 +56,11 @@ systemctl enable bridgehead@"${PROJECT}".service
log "INFO" "Enabling auto-updates for bridgehead@${PROJECT}.service ..."
systemctl enable --now bridgehead-update@"${PROJECT}".timer
log "INFO" "\nSuccess - now start your bridgehead by running\n systemctl start bridgehead@${PROJECT}.service\n or by rebooting your machine."
STR="\n\n systemctl start bridgehead@${PROJECT}.service\n\nor by rebooting your machine."
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
STR="Success. Next, start your bridgehead by running$STR"
else
STR="Success. Next, enroll into the $PROJECT broker by creating a cryptographic certificate. To do so, run\n\n /srv/docker/bridgehead/bridgehead enroll $PROJECT\n\nThen, you may start the bridgehead by running$STR"
fi
log "INFO" "$STR"

4
lib/log.sh Executable file → Normal file
View File

@ -1,5 +1,7 @@
#!/bin/bash
log() {
echo -e "$(date +'%Y-%m-%d %T')" "$1:" "$2"
SEVERITY="$1"
shift
echo -e "$(date +'%Y-%m-%d %T')" "$SEVERITY:" "$@"
}

View File

@ -35,8 +35,13 @@ function hc_send(){
fi
if [ -z "$USER_AGENT" ]; then
if [ "$USER" != "root" ]; then
COMMIT_ETC=$(git -C /etc/bridgehead rev-parse HEAD | cut -c -8)
COMMIT_SRV=$(git -C /srv/docker/bridgehead rev-parse HEAD | cut -c -8)
else
COMMIT_ETC=$(su -c 'git -C /etc/bridgehead rev-parse HEAD' bridgehead | cut -c -8)
COMMIT_SRV=$(su -c 'git -C /srv/docker/bridgehead rev-parse HEAD' bridgehead | cut -c -8)
fi
USER_AGENT="srv:$COMMIT_SRV etc:$COMMIT_ETC"
fi

67
lib/prepare-system.sh Executable file
View File

@ -0,0 +1,67 @@
#!/bin/bash -e
source lib/log.sh
source lib/functions.sh
log "INFO" "Preparing your system for bridgehead installation ..."
# Create the bridgehead user
if id bridgehead &>/dev/null; then
log "INFO" "Existing user with id $(id -u bridgehead) will be used by the bridgehead system units."
else
log "INFO" "Now creating a system user to own the bridgehead's files."
useradd -M -g docker -N bridgehead || fail_and_report ""
fi
# Clone the OpenSource repository of bridgehead
bridgehead_repository_url="https://github.com/samply/bridgehead.git"
if [ -d "/srv/docker/bridgehead" ]; then
current_owner=$(stat -c '%U' /srv/docker/bridgehead)
if [ "$(su -c 'git -C /srv/docker/bridgehead remote get-url origin' $current_owner)" == "$bridgehead_repository_url" ]; then
log "INFO" "Bridgehead's open-source repository has been found at /srv/docker/bridgehead"
else
log "ERROR" "The directory /srv/docker/bridgehead seems to exist, but doesn't contain a clone of $bridgehead_repository_url\nPlease delete the directory and try again."
exit 1
fi
else
log "INFO" "Cloning $bridgehead_repository_url to /srv/docker/bridgehead"
mkdir -p /srv/docker/
git clone bridgehead_repository_url /srv/docker/bridgehead -b feature/samplyBeam
fi
case "$PROJECT" in
ccp)
site_configuration_repository_middle="git.verbis.dkfz.de/bridgehead-configurations/bridgehead-config-"
;;
bbmri)
site_configuration_repository_middle="git.verbis.dkfz.de/bbmri-bridgehead-configs/"
;;
*)
log ERROR "Internal error, this should not happen."
exit 1
;;
esac
# Clone the site-configuration
if [ -d /etc/bridgehead ]; then
current_owner=$(stat -c '%U' /etc/bridgehead)
if [ "$(su -c 'git -C /etc/bridgehead remote get-url origin' $current_owner | grep $site_configuration_repository_middle)" ]; then
log "INFO" "Your site config repository in /etc/bridgehead seems to be installed correctly."
else
log "WARN" "Your site configuration repository in /etc/bridgehead seems to have another origin than git.verbis.dkfz.de. Please check if the repository is correctly cloned!"
fi
else
log "INFO" "Now cloning your site configuration repository for you."
read -p "Please enter your site: " site
read -s -p "Please enter the bridgehead's access token for your site configuration repository (will not be echoed): " access_token
site_configuration_repository_url="https://bytoken:${access_token}@${site_configuration_repository_middle}$(echo $site | tr '[:upper:]' '[:lower:]').git"
git clone $site_configuration_repository_url /etc/bridgehead
if [ $? -gt 0 ]; then
log "ERROR" "Unable to clone your configuration repository. Please obtain correct access data and try again."
fi
fi
chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead
log INFO "System preparation is completed and private key is present."

View File

@ -5,11 +5,11 @@ source lib/functions.sh
detectCompose
if ! id "bridgehead" &>/dev/null; then
log ERROR "User bridgehead does not exist. Please consult readme for installation."
log ERROR "User bridgehead does not exist. Please run bridgehead install $PROJECT"
exit 1
fi
checkOwner . bridgehead || exit 1
checkOwner /srv/docker/bridgehead bridgehead || exit 1
checkOwner /etc/bridgehead bridgehead || exit 1
## Check if user is a su
@ -62,16 +62,22 @@ if [ -e /etc/bridgehead/vault.conf ]; then
fi
fi
log INFO "Checking your beam proxy private key"
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
checkPrivKey() {
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
log INFO "Success - private key found."
else
log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run\n bridgehead enroll ${PROJECT}\nand follow the instructions."
return 1
fi
log INFO "Success - all prerequisites are met!"
hc_send log "Success - all prerequisites are met!"
return 0
}
if [[ "$@" =~ "noprivkey" ]]; then
log INFO "Skipping check for private key for now."
else
log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run bridgehead enroll ${PROJECT} and follow the instructions".
exit 1
checkPrivKey || exit 1
fi
log INFO "Success - all prerequisites are met!"
hc_send log "Success - all prerequisites are met!"
exit 0

View File

@ -7,11 +7,6 @@ if [ $# -eq 0 ]; then
exit 1
fi
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "bbmri" ]; then
log "ERROR" "Please provide a supported project like ccp, bbmri or nngm"
exit 1
fi
export PROJECT=$1
#checkRequirements // not needed when uninstalling