Housekeeping and script hardening in /srv/docker/bridgehead. Existing installations need to run bridgehead uninstall, bridgehead install.
This commit is contained in:
Martin Lablans
@ -10,3 +10,16 @@ exitIfNotRoot() {
|
||||
log() {
|
||||
echo "$(date +'%Y-%m-%d %T')" "$1:" "$2"
|
||||
}
|
||||
|
||||
printUsage() {
|
||||
echo "Usage: bridgehead start|stop|update|install|uninstall PROJECTNAME"
|
||||
}
|
||||
|
||||
checkRequirements() {
|
||||
if ! lib/prerequisites.sh; then
|
||||
log ERROR "Validating Prerequisites failed, please fix the error(s) above this line."
|
||||
exit 1
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
}
|
||||
|
||||
@ -1,9 +1,20 @@
|
||||
#!/bin/bash
|
||||
|
||||
source lib/functions.sh
|
||||
|
||||
## Check for file permissions
|
||||
if ! id "bridgehead" &>/dev/null; then
|
||||
log ERROR "User bridgehead does not exist. Please consult readme for installation."
|
||||
exit 1
|
||||
fi
|
||||
COUNT=$(find . ! -user bridgehead |wc -l)
|
||||
if [ $COUNT -gt 0 ]; then
|
||||
log ERROR "$COUNT files in $(pwd) are not owned by user bridgehead. Run find $(pwd) ! -user bridgehead to see them, chown -R bridgehead $(pwd) to correct this issue."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
## Check if user is a su
|
||||
echo "Welcome to the starting a bridgehead. We will get your instance up and running in no time"
|
||||
echo "First we will check if all prerequisites are met ..."
|
||||
log INFO "Checking if all prerequisites are met ..."
|
||||
prerequisites="git docker docker-compose"
|
||||
for prerequisite in $prerequisites; do
|
||||
$prerequisite --version 2>&1
|
||||
@ -15,54 +26,49 @@ for prerequisite in $prerequisites; do
|
||||
# TODO: Check for specific version
|
||||
done
|
||||
|
||||
echo "Checking /etc/bridgehead/"
|
||||
log INFO "Checking configuration ..."
|
||||
|
||||
## Download submodule
|
||||
if [ ! -d "/etc/bridgehead/" ]; then
|
||||
echo "Please set up the config folder. Instruction are in the readme."
|
||||
log ERROR "Please set up the config folder at /etc/bridgehead. Instruction are in the readme."
|
||||
exit 1
|
||||
else
|
||||
echo "Done"
|
||||
fi
|
||||
|
||||
echo "Checking /etc/bridgehead/site.conf"
|
||||
|
||||
#check if site.conf is created
|
||||
if [ ! -f /etc/bridgehead/site.conf ]; then
|
||||
echo "Please create your specific site.conf file from the site.dev.conf"
|
||||
log ERROR "Please create your specific site.conf file from the site.dev.conf"
|
||||
exit 1
|
||||
else
|
||||
echo "Done"
|
||||
fi
|
||||
|
||||
#Load site specific variables
|
||||
source /etc/bridgehead/site.conf
|
||||
|
||||
# TODO: Check all required variables here in a generic loop
|
||||
|
||||
if [ -z "$site_name" ]; then
|
||||
echo "Please set site_name"
|
||||
log ERROR "Please set site_name."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Checking project config"
|
||||
|
||||
#check if project env is present
|
||||
if [ -d "/etc/bridgehead/${project}.env" ]; then
|
||||
echo "Please copy the tempalte from ${project} and put it in the /etc/bridgehead-config/ folder"
|
||||
log ERROR "Project config not found. Please copy the template from ${project} and put it under /etc/bridgehead-config/${project}.env."
|
||||
exit 1
|
||||
else
|
||||
echo "Done"
|
||||
fi
|
||||
|
||||
echo "Checking ssl cert"
|
||||
# TODO: Make sure you're in the right directory, or, even better, be independent from the working directory.
|
||||
|
||||
## Create SSL Cert
|
||||
if [ ! -d "/certs" ]; then
|
||||
echo "SSL cert missing, now we create one. Please consider getting a signed one"
|
||||
mkdir certs
|
||||
log INFO "Checking ssl cert"
|
||||
|
||||
if [ ! -d "certs" ]; then
|
||||
log WARN "TLS cert missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...)"
|
||||
mkdir -p certs
|
||||
fi
|
||||
|
||||
if [ -d "/etc/bridgehead/traefik.crt" ]; then
|
||||
if [ -e "/etc/bridgehead/traefik.crt" ]; then
|
||||
openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 365
|
||||
fi
|
||||
|
||||
echo "All prerequisites are met!"
|
||||
log INFO "Success - all prerequisites are met!"
|
||||
|
||||
exit 0
|
||||
|
||||
@ -14,10 +14,7 @@ fi
|
||||
|
||||
export project=$1
|
||||
|
||||
if ! ./lib/prerequisites.sh; then
|
||||
log "Prerequisites failed, exiting"
|
||||
exit 1
|
||||
fi
|
||||
#checkRequirements // not needed when uninstalling
|
||||
|
||||
echo "Stopping systemd services and removing bridgehead ..."
|
||||
|
||||
|
||||
@ -16,10 +16,7 @@ fi
|
||||
|
||||
export project=$1
|
||||
|
||||
if ! ./lib/prerequisites.sh; then
|
||||
log "Prerequisites failed, exiting"
|
||||
exit 1
|
||||
fi
|
||||
checkRequirements
|
||||
|
||||
echo -e "\nInstalling systemd units ..."
|
||||
cp -v \
|
||||
|
||||
@ -4,9 +4,7 @@ Description=Bridgehead (%i) Update Service
|
||||
[Service]
|
||||
Type=oneshot
|
||||
User=bridgehead
|
||||
WorkingDirectory=/srv/docker/bridgehead/
|
||||
|
||||
ExecStart=/srv/docker/bridgehead/update-bridgehead.sh %i
|
||||
ExecStart=/srv/docker/bridgehead/bridgehead update %i
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
WantedBy=multi-user.target
|
||||
|
||||
@ -5,12 +5,8 @@ Description=Bridgehead (%i) Service
|
||||
User=bridgehead
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
|
||||
WorkingDirectory=/srv/docker/bridgehead/
|
||||
|
||||
ExecStart=/srv/docker/bridgehead/start-bridgehead.sh %i
|
||||
RemainAfterExit=true
|
||||
ExecStop=/srv/docker/bridgehead/stop-bridgehead.sh %i
|
||||
ExecStart=/srv/docker/bridgehead/bridgehead start %i
|
||||
ExecStop=/srv/docker/bridgehead/bridgehead stop %i
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
WantedBy=multi-user.target
|
||||
|
||||
34
lib/update-bridgehead.sh
Executable file
34
lib/update-bridgehead.sh
Executable file
@ -0,0 +1,34 @@
|
||||
#!/bin/bash
|
||||
service="bridgehead"
|
||||
|
||||
source lib/functions.sh
|
||||
|
||||
#checkRequirements // not required for mere update
|
||||
|
||||
log "INFO" "Checking for updates of $service"
|
||||
# check prerequisites
|
||||
|
||||
# check if updates are available
|
||||
old_git_hash="$(git rev-parse --verify HEAD)"
|
||||
git fetch 2>&1
|
||||
git pull 2>&1
|
||||
new_git_hash="$(git rev-parse --verify HEAD)"
|
||||
git_updated="false"
|
||||
if [ "$old_git_hash" != "$new_git_hash" ]; then
|
||||
log "INFO" "Pulled new changes from origin"
|
||||
git_updated="true"
|
||||
fi
|
||||
docker_updated="false"
|
||||
for image in $(docker ps --filter "name=$service" --format {{.Image}}); do
|
||||
log "INFO" "Checking for Updates of Image: $image"
|
||||
if docker pull $image | grep "Downloaded newer image"; then
|
||||
log "INFO" "$image updated."
|
||||
docker_updated="true"
|
||||
fi
|
||||
done
|
||||
if [ $git_updated = "true" ] || [ $docker_updated = "true" ]; then
|
||||
log "INFO" "Due to previous updates now restarting $service@$1"
|
||||
systemctl restart "$service@$1.service"
|
||||
fi
|
||||
log "INFO" "checking updates finished"
|
||||
exit 0
|
||||
Reference in New Issue
Block a user