From 26c9fc0cffd83d7e913c0974feeaeed7a0b9afc5 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 4 May 2022 09:14:32 +0200 Subject: [PATCH] Moved all systemd untis to user bridgehead --- README.md | 15 +++++++++++++++ lib/generate.sh | 5 ----- lib/prerequisites.sh | 2 +- lib/setup-bridgehead-units.sh | 4 +--- lib/systemd/bridgehead-update@.service | 4 +++- lib/systemd/bridgehead@.service | 1 - 6 files changed, 20 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 3464964..1cf4540 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,11 @@ sudo mkdir /srv/docker/; sudo git clone https://github.com/samply/bridgehead.git /srv/docker/bridgehead; ``` +adduser --no-create-home --disabled-login --ingroup docker --gecos "" bridgehead + useradd -M -g docker -N -s /sbin/nologin bridgehead +chown bridghead /srv/docker/bridgehead/ -R + + Next, you need to configure a set of variables, specific for your site with not so high security concerns. You can visit the configuration template at [GitHub](https://github.com/samply/bridgehead-config). You can download the repositories contents and add them to the "bridgehead-config" directory. ``` shell @@ -98,6 +103,16 @@ sudo ./lib/setup-bridgehead-units.sh Finally, you need to configure your sites secrets. These are places as configuration for each bridgeheads system unit. Refer to the section for your specific project: +### For Any Project you need to set the proxy in Update too + +``` conf +[Service] +Environment=http_proxy= +Environment=https_proxy= +``` + + + ### DKTK/C4 You can create the site specific configuration with: diff --git a/lib/generate.sh b/lib/generate.sh index 9673055..2d877d3 100755 --- a/lib/generate.sh +++ b/lib/generate.sh @@ -5,11 +5,6 @@ then mkdir landing fi -if [ ! -f ./landing/index.html ] -then - touch index.html -fi - CENTRAL_SERVICES=" CCP-IT Monitoring Service diff --git a/lib/prerequisites.sh b/lib/prerequisites.sh index 05a4c59..65ec9e6 100755 --- a/lib/prerequisites.sh +++ b/lib/prerequisites.sh @@ -4,7 +4,7 @@ ## Check if user is a su echo "Welcome to the starting a bridgehead. We will get your instance up and running in no time" echo "First we will check if all prerequisites are met ..." -prerequisites="git docker docker-compose cat" +prerequisites="git docker docker-compose" for prerequisite in $prerequisites; do $prerequisite --version 2>&1 is_available=$? diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index a29599f..9b784ea 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -3,7 +3,7 @@ source lib/functions.sh -if ! su bridgehead ./lib/prerequisites.sh; then +if ! ./lib/prerequisites.sh; then log "Prerequisites failed, exiting" exit 1 fi @@ -18,8 +18,6 @@ cp -v \ systemctl daemon-reload -su bridgehead source ./lib/generate.sh - echo if ! systemctl is-active --quiet bridgehead@"${project}"; then diff --git a/lib/systemd/bridgehead-update@.service b/lib/systemd/bridgehead-update@.service index b568076..2948557 100644 --- a/lib/systemd/bridgehead-update@.service +++ b/lib/systemd/bridgehead-update@.service @@ -3,8 +3,10 @@ Description=Bridgehead (%i) Update Service [Service] Type=oneshot +User=bridgehead WorkingDirectory=/srv/docker/bridgehead/ -ExecStart=/bin/bash -c "/srv/docker/bridgehead/update-bridgehead.sh %i" + +ExecStart=/srv/docker/bridgehead/update-bridgehead.sh %i [Install] WantedBy=multi-user.target diff --git a/lib/systemd/bridgehead@.service b/lib/systemd/bridgehead@.service index f1d9f6c..db14ecf 100644 --- a/lib/systemd/bridgehead@.service +++ b/lib/systemd/bridgehead@.service @@ -8,7 +8,6 @@ RestartSec=30 WorkingDirectory=/srv/docker/bridgehead/ -ExecStartPre=/srv/docker/bridgehead/stop-bridgehead.sh %i ExecStart=/srv/docker/bridgehead/start-bridgehead.sh %i RemainAfterExit=true ExecStop=/srv/docker/bridgehead/stop-bridgehead.sh %i