#!/bin/bash source lib/functions.sh if ! id "bridgehead" &>/dev/null; then log ERROR "User bridgehead does not exist. Please consult readme for installation." exit 1 fi checkOwner . bridgehead || exit 1 checkOwner /etc/bridgehead bridgehead || exit 1 ## Check if user is a su log INFO "Checking if all prerequisites are met ..." prerequisites="git docker docker-compose" for prerequisite in $prerequisites; do $prerequisite --version 2>&1 is_available=$? if [ $is_available -gt 0 ]; then log "ERROR" "Prerequisite not fulfilled - $prerequisite is not available!" exit 79 fi # TODO: Check for specific version done log INFO "Checking if sudo is installed ..." if [ ! -d /etc/sudoers.d ]; then log ERROR "/etc/sudoers.d does not exist. Please install sudo package." exit 1 fi log INFO "Checking configuration ..." ## Download submodule if [ ! -d "/etc/bridgehead/" ]; then log ERROR "Please set up the config folder at /etc/bridgehead. Instruction are in the readme." exit 1 fi # TODO: Check all required variables here in a generic loop #check if project env is present if [ -d "/etc/bridgehead/${PROJECT}.conf" ]; then log ERROR "Project config not found. Please copy the template from ${PROJECT} and put it under /etc/bridgehead-config/${PROJECT}.conf." exit 1 fi # TODO: Make sure you're in the right directory, or, even better, be independent from the working directory. log INFO "Checking ssl cert" if [ ! -d "certs" ]; then log WARN "TLS cert missing, we'll now create a self-signed one. Please consider getting an officially signed one (e.g. via Let's Encrypt ...)" mkdir -p certs fi if [ ! -e "certs/traefik.crt" ]; then openssl req -x509 -newkey rsa:4096 -nodes -keyout certs/traefik.key -out certs/traefik.crt -days 3650 -subj "/CN=$HOST" fi if [ -e /etc/bridgehead/vault.conf ]; then if [ "$(stat -c "%a %U" /etc/bridgehead/vault.conf)" != "600 bridgehead" ]; then log ERROR "/etc/bridgehead/vault.conf has wrong owner/permissions. To correct this issue, run chmod 600 /etc/bridgehead/vault.conf && chown bridgehead /etc/bridgehead/vault.conf." exit 1 fi fi log INFO "Checking network access ($BROKER_URL) ..." source /etc/bridgehead/${PROJECT}.conf source ${PROJECT}/vars set +e SERVERTIME="$(https_proxy=$HTTPS_PROXY_URL curl -m 5 -s -v $BROKER_URL 2>&1)" RET=$? set -e if [ $RET -ne 0 ]; then log WARN "Unable to connect to Samply.Beam broker at $BROKER_URL. Please check your proxy settings.\nThe currently configured proxy was \"$HTTPS_PROXY_URL\". This error is normal when using proxy authentication." log WARN "Unable to check clock skew due to previous error." else log INFO "Checking clock skew ..." SERVERTIME=$(echo -e "$SERVERTIME" | grep Date | sed -e 's/< Date: //') SERVERTIME_AS_TIMESTAMP=$(date --date="$SERVERTIME" +%s) MYTIME=$(date +%s) SKEW=$(($SERVERTIME_AS_TIMESTAMP - $MYTIME)) SKEW=$(echo $SKEW | awk -F- '{print $NF}') SYNCTEXT="For example, consider entering a correct NTP server (e.g. your institution's Active Directory Domain Controller in /etc/systemd/timesyncd.conf (option NTP=) and restart systemd-timesyncd." if [ $SKEW -ge 300 ]; then log ERROR "Your clock is not synchronized (${SKEW}s off). This will cause Samply.Beam's certificate will fail. Please setup time synchronization. $SYNCTEXT" exit 1 elif [ $SKEW -ge 60 ]; then log WARN "Your clock is more than a minute off (${SKEW}s). Consider syncing to a time server. $SYNCTEXT" fi fi log INFO "Success - all prerequisites are met!" exit 0