Shorten installation by including some installation steps into a shell script

bridgehead

@@ -29,9 +29,6 @@ case "$PROJECT" in
 	ccp)
 		#nothing extra to do
 		;;
-	nngm)
-		#nothing extra to do
-		;;
 	bbmri)
 		#nothing extra to do
 		;;
@@ -41,28 +38,30 @@ case "$PROJECT" in
 		;;
 esac
 
-# Load variables from /etc/bridgehead and /srv/docker/bridgehead
-set -a
-source /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "/etc/bridgehead/$PROJECT.conf not found"
-if [ -e /etc/bridgehead/$PROJECT.local.conf ]; then
-	log INFO "Applying /etc/bridgehead/$PROJECT.local.conf"
-	source /etc/bridgehead/$PROJECT.local.conf || fail_and_report 1 "Found /etc/bridgehead/$PROJECT.local.conf but failed to import"
-fi
-fetchVarsFromVaultByFile /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "Unable to fetchVarsFromVaultByFile"
-[ -e ./$PROJECT/vars ] && source ./$PROJECT/vars
-set +a
+loadVars() {
+	# Load variables from /etc/bridgehead and /srv/docker/bridgehead
+	set -a
+	source /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "/etc/bridgehead/$PROJECT.conf not found"
+	if [ -e /etc/bridgehead/$PROJECT.local.conf ]; then
+		log INFO "Applying /etc/bridgehead/$PROJECT.local.conf"
+		source /etc/bridgehead/$PROJECT.local.conf || fail_and_report 1 "Found /etc/bridgehead/$PROJECT.local.conf but failed to import"
+	fi
+	fetchVarsFromVaultByFile /etc/bridgehead/$PROJECT.conf || fail_and_report 1 "Unable to fetchVarsFromVaultByFile"
+	[ -e ./$PROJECT/vars ] && source ./$PROJECT/vars
+	set +a
 
-OVERRIDE=${OVERRIDE:=""}
-if [ -f "$PROJECT/docker-compose.override.yml" ]; then
-	log INFO "Applying $PROJECT/docker-compose.override.yml"
-	OVERRIDE+=" -f ./$PROJECT/docker-compose.override.yml"
-fi
-
-detectCompose
-setHostname
+	OVERRIDE=${OVERRIDE:=""}
+	if [ -f "$PROJECT/docker-compose.override.yml" ]; then
+		log INFO "Applying $PROJECT/docker-compose.override.yml"
+		OVERRIDE+=" -f ./$PROJECT/docker-compose.override.yml"
+	fi
+	detectCompose
+	setHostname
+}
 
 case "$ACTION" in
 	start)
+		loadVars
 		hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
 		checkRequirements
 		hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
@@ -70,20 +69,25 @@ case "$ACTION" in
 		exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
 		;;
 	stop)
+		loadVars
 		exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE down
 		;;
 	update)
+		loadVars
 		exec ./lib/update-bridgehead.sh $PROJECT
 		;;
 	install)
-		exec ./lib/setup-bridgehead-units.sh $PROJECT
+		source ./lib/prepare-system.sh
+		loadVars
+		exec ./lib/install-bridgehead.sh $PROJECT
 		;;
 	uninstall)
-		exec ./lib/remove-bridgehead-units.sh $PROJECT
+		exec ./lib/uninstall-bridgehead.sh $PROJECT
 		;;
 	enroll)
+		loadVars
 		if [ -e $PRIVATEKEYFILENAME ]; then
-			echo "Private key already exists at $PRIVATEKEYFILENAME. Please delete first to proceed."
+			log ERROR "Private key already exists at $PRIVATEKEYFILENAME. Please delete first to proceed."
 			exit 1
 		fi
 		docker run --rm -ti -v /etc/bridgehead/pki:/etc/bridgehead/pki samply/beam-enroll:latest --output-file $PRIVATEKEYFILENAME --proxy-id $PROXY_ID --admin-email $SUPPORT_EMAIL

lib/functions.sh

@@ -1,7 +1,5 @@
 #!/bin/bash -e
 
-source lib/log.sh
-
 detectCompose() {
 	if [[ "$(docker compose version 2>/dev/null)" == *"Docker Compose version"* ]]; then
 		COMPOSE="docker compose"
@@ -37,11 +35,11 @@ checkOwner(){
 
 printUsage() {
 	echo "Usage: bridgehead start|stop|update|install|uninstall|enroll PROJECTNAME"
-	echo "PROJECTNAME should be one of ccp|nngm|bbmri"
+	echo "PROJECTNAME should be one of ccp|bbmri"
 }
 
 checkRequirements() {
-	if ! lib/prerequisites.sh; then
+	if ! lib/prerequisites.sh $@; then
 		log "ERROR" "Validating Prerequisites failed, please fix the error(s) above this line."
 		fail_and_report 1 "Validating prerequisites failed."
 	else
@@ -120,8 +118,10 @@ fixPermissions() {
 source lib/monitoring.sh
 
 report_error() {
-	log ERROR "$2"
-	hc_send $1 "$2"
+	CODE=$1
+	shift
+	log ERROR "$@"
+	hc_send $CODE "$@"
 }
 
 fail_and_report() {

lib/install-bridgehead.sh

@@ -9,14 +9,9 @@ if [ $# -eq 0 ]; then
     exit 1
 fi
 
-if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "bbmri" ]; then
-    log "ERROR" "Please provide a supported project like ccp, bbmri or nngm"
-    exit 1
-fi
-
 export PROJECT=$1
 
-checkRequirements
+checkRequirements noprivkey
 
 log "INFO" "Allowing the bridgehead user to start/stop the bridgehead."
 
@@ -33,7 +28,7 @@ Cmnd_Alias BRIDGEHEAD${PROJECT^^} = \\
 bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^}
 EOF
 
-# TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour)
+# TODO: Determine whether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour)
 if [ -z "$LDM_PASSWORD" ]; then
   log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!"
   generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
@@ -42,7 +37,7 @@ if [ -z "$LDM_PASSWORD" ]; then
   echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf;
 fi
 
-log "INFO" "Register system units for bridgehead and bridgehead-update"
+log "INFO" "Registering system units for bridgehead and bridgehead-update"
 cp -v \
     lib/systemd/bridgehead\@.service \
     lib/systemd/bridgehead-update\@.service \
@@ -61,4 +56,11 @@ systemctl enable bridgehead@"${PROJECT}".service
 log "INFO" "Enabling auto-updates for bridgehead@${PROJECT}.service ..."
 systemctl enable --now bridgehead-update@"${PROJECT}".timer
 
-log "INFO" "\nSuccess - now start your bridgehead by running\n            systemctl start bridgehead@${PROJECT}.service\n          or by rebooting your machine."
+STR="\n\n            systemctl start bridgehead@${PROJECT}.service\n\nor by rebooting your machine."
+if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
+  STR="Success. Next, start your bridgehead by running$STR"
+else
+  STR="Success. Next, enroll into the $PROJECT broker by creating a cryptographic certificate. To do so, run\n\n            /srv/docker/bridgehead/bridgehead enroll $PROJECT\n\nThen, you may start the bridgehead by running$STR"
+fi
+
+log "INFO" "$STR"

lib/log.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
 log() {
-  echo -e "$(date +'%Y-%m-%d %T')" "$1:" "$2"
+  SEVERITY="$1"
+  shift
+  echo -e "$(date +'%Y-%m-%d %T')" "$SEVERITY:" "$@"
 }

lib/monitoring.sh

@@ -34,8 +34,13 @@ function hc_send(){
     fi
 
     if [ -z "$USER_AGENT" ]; then
-        COMMIT_ETC=$(git -C /etc/bridgehead rev-parse HEAD | cut -c -8)
-        COMMIT_SRV=$(git -C /srv/docker/bridgehead rev-parse HEAD | cut -c -8)
+        if [ "$USER" != "root" ]; then
+            COMMIT_ETC=$(git -C /etc/bridgehead rev-parse HEAD | cut -c -8)
+            COMMIT_SRV=$(git -C /srv/docker/bridgehead rev-parse HEAD | cut -c -8)
+        else
+            COMMIT_ETC=$(su -c 'git -C /etc/bridgehead rev-parse HEAD' bridgehead | cut -c -8)
+            COMMIT_SRV=$(su -c 'git -C /srv/docker/bridgehead rev-parse HEAD' bridgehead | cut -c -8)
+        fi
         USER_AGENT="srv:$COMMIT_SRV etc:$COMMIT_ETC"
     fi
 

lib/prepare-system.sh

@@ -0,0 +1,67 @@
+#!/bin/bash -e
+
+source lib/log.sh
+source lib/functions.sh
+
+log "INFO" "Preparing your system for bridgehead installation ..."
+
+# Create the bridgehead user
+if id bridgehead &>/dev/null; then
+    log "INFO" "Existing user with id $(id -u bridgehead) will be used by the bridgehead system units."
+else
+    log "INFO" "Now creating a system user to own the bridgehead's files."
+    useradd -M -g docker -N bridgehead || fail_and_report ""
+fi
+
+# Clone the OpenSource repository of bridgehead
+bridgehead_repository_url="https://github.com/samply/bridgehead.git"
+if [ -d "/srv/docker/bridgehead" ]; then
+    current_owner=$(stat -c '%U' /srv/docker/bridgehead)
+    if [ "$(su -c 'git -C /srv/docker/bridgehead remote get-url origin' $current_owner)" == "$bridgehead_repository_url" ]; then
+        log "INFO" "Bridgehead's open-source repository has been found at /srv/docker/bridgehead"
+    else
+        log "ERROR" "The directory /srv/docker/bridgehead seems to exist, but doesn't contain a clone of $bridgehead_repository_url\nPlease delete the directory and try again."
+        exit 1
+    fi
+else
+    log "INFO" "Cloning $bridgehead_repository_url to /srv/docker/bridgehead"
+    mkdir -p /srv/docker/
+    git clone bridgehead_repository_url /srv/docker/bridgehead -b feature/samplyBeam
+fi
+
+case "$PROJECT" in
+	ccp)
+		site_configuration_repository_middle="git.verbis.dkfz.de/bridgehead-configurations/bridgehead-config-"
+		;;
+	bbmri)
+		site_configuration_repository_middle="git.verbis.dkfz.de/bbmri-bridgehead-configs/"
+		;;
+	*)
+		log ERROR "Internal error, this should not happen."
+        exit 1
+		;;
+esac
+
+# Clone the site-configuration
+if [ -d /etc/bridgehead ]; then
+    current_owner=$(stat -c '%U' /etc/bridgehead)
+    if [ "$(su -c 'git -C /etc/bridgehead remote get-url origin' $current_owner | grep $site_configuration_repository_middle)" ]; then
+        log "INFO" "Your site config repository in /etc/bridgehead seems to be installed correctly."
+    else
+        log "WARN" "Your site configuration repository in /etc/bridgehead seems to have another origin than git.verbis.dkfz.de. Please check if the repository is correctly cloned!"
+    fi
+else
+    log "INFO" "Now cloning your site configuration repository for you."
+    read -p "Please enter your site: " site
+    read -s -p "Please enter the bridgehead's access token for your site configuration repository (will not be echoed): " access_token
+    site_configuration_repository_url="https://bytoken:${access_token}@${site_configuration_repository_middle}$(echo $site | tr '[:upper:]' '[:lower:]').git"
+    git clone $site_configuration_repository_url /etc/bridgehead
+    if [ $? -gt 0 ]; then
+        log "ERROR" "Unable to clone your configuration repository. Please obtain correct access data and try again."
+    fi
+fi
+
+chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead
+
+log INFO "System preparation is completed and private key is present."
+

lib/prerequisites.sh

@@ -5,11 +5,11 @@ source lib/functions.sh
 detectCompose
 
 if ! id "bridgehead" &>/dev/null; then
-  log ERROR "User bridgehead does not exist. Please consult readme for installation."
+  log ERROR "User bridgehead does not exist. Please run bridgehead install $PROJECT"
   exit 1
 fi
 
-checkOwner . bridgehead || exit 1
+checkOwner /srv/docker/bridgehead bridgehead || exit 1
 checkOwner /etc/bridgehead bridgehead || exit 1
 
 ## Check if user is a su
@@ -62,16 +62,22 @@ if [ -e /etc/bridgehead/vault.conf ]; then
   fi
 fi
 
-log INFO "Checking your beam proxy private key"
+checkPrivKey() {
+  if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
+    log INFO "Success - private key found."
+  else
+    log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run\n  bridgehead enroll ${PROJECT}\nand follow the instructions."
+    return 1
+  fi
+  log INFO "Success - all prerequisites are met!"
+  hc_send log "Success - all prerequisites are met!"
+  return 0
+}
 
-if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
-  log INFO "Success - private key found."
+if [[ "$@" =~ "noprivkey" ]]; then
+  log INFO "Skipping check for private key for now."
 else
-  log ERROR "Unable to find private key at /etc/bridgehead/pki/${SITE_ID}.priv.pem. To fix, please run bridgehead enroll ${PROJECT} and follow the instructions".
-  exit 1
+  checkPrivKey || exit 1
 fi
 
-log INFO "Success - all prerequisites are met!"
-hc_send log "Success - all prerequisites are met!"
-
 exit 0

lib/uninstall-bridgehead.sh

@@ -7,11 +7,6 @@ if [ $# -eq 0 ]; then
     exit 1
 fi
 
-if [ $1 != "ccp" ] && [ $1 != "nngm" ] && [ $1 != "bbmri" ]; then
-    log "ERROR" "Please provide a supported project like ccp, bbmri or nngm"
-    exit 1
-fi
-
 export PROJECT=$1
 
 #checkRequirements // not needed when uninstalling