Merge pull request #6 from samply/martinsFixes
Housekeeping and script hardening in /srv/docker/bridgehead
This commit is contained in:
patrickskowronekdkfz
GitHub
commit
95b2fdae08
|
|
@ -0,0 +1,70 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
baseDir() {
|
||||
# see https://stackoverflow.com/questions/59895
|
||||
SOURCE=${BASH_SOURCE[0]}
|
||||
while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
|
||||
DIR=$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )
|
||||
SOURCE=$(readlink "$SOURCE")
|
||||
[[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
|
||||
done
|
||||
DIR=$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )
|
||||
echo $DIR
|
||||
}
|
||||
|
||||
BASE=$(baseDir)
|
||||
cd $BASE
|
||||
|
||||
source ./lib/functions.sh
|
||||
|
||||
action=$1
|
||||
project=$2
|
||||
|
||||
if [[ -z $1 || -z $2 ]]; then
|
||||
printUsage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
case "$project" in
|
||||
ccp)
|
||||
#nothing extra to do
|
||||
;;
|
||||
nngm)
|
||||
#nothing extra to do
|
||||
;;
|
||||
gbn)
|
||||
#nothing extra to do
|
||||
;;
|
||||
*)
|
||||
printUsage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
source /etc/bridgehead/site.conf
|
||||
|
||||
case "$action" in
|
||||
start)
|
||||
checkRequirements
|
||||
./lib/generate-landingpage.sh
|
||||
exec docker-compose -f ./$project/docker-compose.yml --env-file /etc/bridgehead/$project.env up
|
||||
;;
|
||||
stop)
|
||||
exec docker-compose -f ./$project/docker-compose.yml --env-file /etc/bridgehead/$project.env down
|
||||
;;
|
||||
update)
|
||||
exec ./lib/update-bridgehead.sh $project
|
||||
;;
|
||||
install)
|
||||
exec ./lib/setup-bridgehead-units.sh $project
|
||||
;;
|
||||
uninstall)
|
||||
exec ./lib/remove-bridgehead-units.sh $project
|
||||
;;
|
||||
*)
|
||||
printUsage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
|
|
@ -41,7 +41,7 @@ services:
|
|||
container_name: bridgehead-landingpage
|
||||
image: nginx:stable
|
||||
volumes:
|
||||
- ../landing/:/usr/share/nginx/html
|
||||
- ../landing/:/usr/share/nginx/html:ro
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.landing.rule=PathPrefix(`/`)"
|
||||
|
|
@ -68,7 +68,7 @@ services:
|
|||
- "traefik.http.routers.blaze_ccp.tls=true"
|
||||
|
||||
ccp-search-share:
|
||||
image: "ghcr.io/samply/dktk-fed-search-share:main"
|
||||
image: "samply/dktk-fed-search-share"
|
||||
container_name: bridgehead-ccp-share
|
||||
environment:
|
||||
APP_BASE_URL: "http://dktk-fed-search-share:8080"
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
useradd --home-dir /srv/docker/bridgehead -g docker -N -u 317 -s /sbin/nologin
|
||||
|
|
@ -10,3 +10,16 @@ exitIfNotRoot() {
|
|||
log() {
|
||||
echo "$(date +'%Y-%m-%d %T')" "$1:" "$2"
|
||||
}
|
||||
|
||||
printUsage() {
|
||||
echo "Usage: bridgehead start|stop|update|install|uninstall PROJECTNAME"
|
||||
}
|
||||
|
||||
checkRequirements() {
|
||||
if ! lib/prerequisites.sh; then
|
||||
log ERROR "Validating Prerequisites failed, please fix the error(s) above this line."
|
||||
exit 1
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,9 +2,19 @@
|
|||
|
||||
source lib/functions.sh
|
||||
|
||||
## Check for file permissions
|
||||
if ! id "bridgehead" &>/dev/null; then
|
||||
log ERROR "User bridgehead does not exist. Please consult readme for installation."
|
||||
exit 1
|
||||
fi
|
||||
COUNT=$(find . ! -user bridgehead |wc -l)
|
||||
if [ $COUNT -gt 0 ]; then
|
||||
log ERROR "$COUNT files in $(pwd) are not owned by user bridgehead. Run find $(pwd) ! -user bridgehead to see them, chown -R bridgehead $(pwd) to correct this issue."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
## Check if user is a su
|
||||
log "Welcome to the starting a bridgehead. We will get your instance up and running in no time"
|
||||
log "First we will check if all prerequisites are met ..."
|
||||
log INFO "Checking if all prerequisites are met ..."
|
||||
prerequisites="git docker docker-compose"
|
||||
for prerequisite in $prerequisites; do
|
||||
$prerequisite --version 2>&1
|
||||
|
|
@ -16,54 +26,49 @@ for prerequisite in $prerequisites; do
|
|||
# TODO: Check for specific version
|
||||
done
|
||||
|
||||
log "Checking /etc/bridgehead/"
|
||||
log INFO "Checking configuration ..."
|
||||
|
||||
## Download submodule
|
||||
if [ ! -d "/etc/bridgehead/" ]; then
|
||||
log "Please set up the config folder. Instruction are in the readme."
|
||||
log ERROR "Please set up the config folder at /etc/bridgehead. Instruction are in the readme."
|
||||
exit 1
|
||||
else
|
||||
log "Done"
|
||||
fi
|
||||
|
||||
log "Checking /etc/bridgehead/site.conf"
|
||||
|
||||
#check if site.conf is created
|
||||
if [ ! -f /etc/bridgehead/site.conf ]; then
|
||||
log "Please create your specific site.conf file from the site.dev.conf"
|
||||
log ERROR "Please create your specific site.conf file from the site.dev.conf"
|
||||
exit 1
|
||||
else
|
||||
log "Done"
|
||||
fi
|
||||
|
||||
#Load site specific variables
|
||||
source /etc/bridgehead/site.conf
|
||||
|
||||
# TODO: Check all required variables here in a generic loop
|
||||
|
||||
if [ -z "$site_name" ]; then
|
||||
log "Please set site_name"
|
||||
log ERROR "Please set site_name."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
log "Checking project config"
|
||||
|
||||
#check if project env is present
|
||||
if [ -d "/etc/bridgehead/${project}.env" ]; then
|
||||
log "Please copy the tempalte from ${project} and put it in the /etc/bridgehead-config/ folder"
|
||||
log ERROR "Project config not found. Please copy the template from ${project} and put it under /etc/bridgehead-config/${project}.env."
|
||||
exit 1
|
||||
else
|
||||
log "Done"
|
||||
fi
|
||||
|
||||
log "Checking ssl cert"
|
||||
# TODO: Make sure you're in the right directory, or, even better, be independent from the working directory.
|
||||
|
||||
## Create SSL Cert
|
||||
if [ ! -d "/certs" ]; then
|
||||
log "SSL cert missing, now we create one. Please consider getting a signed one"
|
||||
mkdir certs
|
||||
log INFO "Checking ssl cert"
|
||||
|
||||
if [ ! -d "certs" ]; then
|
||||
log WARN "TLS cert missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...)"
|
||||
mkdir -p certs
|
||||
fi
|
||||
|
||||
if [ -d "certs/traefik.crt" ]; then
|
||||
if [ -e "/etc/bridgehead/traefik.crt" ]; then
|
||||
openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 365
|
||||
fi
|
||||
|
||||
log "All prerequisites are met!"
|
||||
log INFO "Success - all prerequisites are met!"
|
||||
|
||||
exit 0
|
||||
|
|
|
|||
|
|
@ -14,10 +14,7 @@ fi
|
|||
|
||||
export project=$1
|
||||
|
||||
if ! ./lib/prerequisites.sh; then
|
||||
log "Prerequisites failed, exiting"
|
||||
exit 1
|
||||
fi
|
||||
#checkRequirements // not needed when uninstalling
|
||||
|
||||
log "Stopping systemd services and removing bridgehead ..."
|
||||
|
||||
|
|
|
|||
|
|
@ -16,10 +16,7 @@ fi
|
|||
|
||||
export project=$1
|
||||
|
||||
if ! ./lib/prerequisites.sh; then
|
||||
log "Prerequisites failed, exiting"
|
||||
exit 1
|
||||
fi
|
||||
checkRequirements
|
||||
|
||||
echo -e "\nInstalling systemd units ..."
|
||||
cp -v \
|
||||
|
|
|
|||
|
|
@ -4,9 +4,7 @@ Description=Bridgehead (%i) Update Service
|
|||
[Service]
|
||||
Type=oneshot
|
||||
User=bridgehead
|
||||
WorkingDirectory=/srv/docker/bridgehead/
|
||||
|
||||
ExecStart=/srv/docker/bridgehead/update-bridgehead.sh %i
|
||||
ExecStart=/srv/docker/bridgehead/bridgehead update %i
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
|
|
@ -5,12 +5,8 @@ Description=Bridgehead (%i) Service
|
|||
User=bridgehead
|
||||
Restart=always
|
||||
RestartSec=30
|
||||
|
||||
WorkingDirectory=/srv/docker/bridgehead/
|
||||
|
||||
ExecStartPre=exec /srv/docker/bridgehead/stop-bridgehead.sh %i
|
||||
ExecStart=exec /srv/docker/bridgehead/start-bridgehead.sh %i
|
||||
ExecStop=exec /srv/docker/bridgehead/stop-bridgehead.sh %i
|
||||
ExecStart=/srv/docker/bridgehead/bridgehead start %i
|
||||
ExecStop=/srv/docker/bridgehead/bridgehead stop %i
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
|
|
@ -3,10 +3,7 @@ service="bridgehead"
|
|||
|
||||
source lib/functions.sh
|
||||
|
||||
if ! lib/prerequisites.sh; then
|
||||
log "Prerequisites failed, exiting"
|
||||
exit
|
||||
fi
|
||||
#checkRequirements // not required for mere update
|
||||
|
||||
log "INFO" "Checking for updates of $service"
|
||||
# check prerequisites
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
#!/bin/bash
|
||||
source lib/functions.sh
|
||||
|
||||
if [ $# -eq 0 ]; then
|
||||
log "Please provide a Project as argument"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "gbn" ]; then
|
||||
log "Please provide a supported project like ccp, gbn or nngm"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
export project=$1
|
||||
|
||||
if ! lib/prerequisites.sh; then
|
||||
log "Validating Prerequisites failed, please fix the occurring error"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
source /etc/bridgehead/site.conf
|
||||
|
||||
####./lib/generate.sh
|
||||
|
||||
log "Starting bridgehead"
|
||||
|
||||
docker-compose -f $1/docker-compose.yml --env-file /etc/bridgehead/$1.env up -d
|
||||
|
||||
log "The bridgehead should be in online in a few seconds"
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
#!/bin/bash -e
|
||||
|
||||
source lib/functions.sh
|
||||
|
||||
if [ $# -eq 0 ]; then
|
||||
log "Please provide a Project as argument"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ $1 != "ccp" ] && [$1 != "nngm"] && [ $1 != "gbn" ]; then
|
||||
log "Please provide a supported project like ccp, gbn or nngm"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
log "Stopping bridgehead"
|
||||
|
||||
# TODO: Check $1 for proper values
|
||||
docker-compose -f $1/docker-compose.yml --env-file /etc/bridgehead/$1.env down
|
||||
Loading…
Reference in New Issue