myc-manage/bin/myc-install

#!/bin/bash

## Installing base docker-host
wget http://docker.0k.io/get/ -qO - | bash || exit 1

## shlib is now available
. /etc/shlib || {
    echo "shlib is not available. Bailing out." >&2
    exit 1
}


clone_or_update() {
    local pkg="$1" branch=${2:-master} \
          DEPLOY_PATH="/opt/apps" \
          GIT_BASE="https://git.myceliandre.fr/Myceliandre" \
          current_branch
    if [ -d "$DEPLOY_PATH/$pkg" ]; then
        cd "$DEPLOY_PATH/$pkg"
        current_branch=$(git rev-parse --abbrev-ref HEAD)
        if [ "$current_branch" != "$branch" ]; then
            echo "Fatal: $DEPLOY_PATH/$pkg git repos has unexpected branch checkouted."
            echo "  To avoid changing thing, we prefer to bailout."
            return 1
        fi
        git pull -r || return 1
    else
        mkdir -p "$DEPLOY_PATH" && cd "$DEPLOY_PATH"
        git clone "$GIT_BASE/${pkg}" -b "$branch" --depth=1
    fi
}

install_bin() {
    local path="$1" DEST_PATH=/usr/local/bin
    ln -sfnv "$path"/* "$DEST_PATH" || return 1
    find -L "$DEST_PATH" -maxdepth 1 -type l -ilname "$path"/\* -exec rm -v {} \; || return 1
}

set -e

clone_or_update myc-manage || exit 1
install_bin /opt/apps/myc-manage/bin

clone_or_update myc-deploy || exit 1


#[ -e /etc/compose.conf ] || ln -sfv /opt/apps/myc-deploy/etc/compose.conf /etc/compose.conf

## XXXvlab: should get rid of this file in some future
cd /opt/apps/myc-deploy
if ! grep "^DEFAULT_COMPOSE_FILE=$PWD/compose.yml$" /etc/compose/local.conf >/dev/null 2>&1; then
    echo "Adding CWD=$PWD to docker-compose."
    cat <<EOF >> /etc/compose/local.conf
DEFAULT_COMPOSE_FILE=$PWD/compose.yml
EOF
fi

type -t docker-clean || ln -sfv /opt/apps/0k-docker/src/bin/docker-clean /usr/local/bin

if [ -z "$WITHOUT_DOCKER_CLEAN" ]; then
    ln -sfn /opt/apps/0k-docker/src/bin/docker-clean /etc/cron.daily/docker-clean
fi

cd /opt/apps/myc-deploy

cat <<EOF > /root/.pgm.rc
prefix_pg_local_command=" "  ## otherwise, will default to sudo -u postgres

pgpass="/srv/datastore/data/postgres/var/lib/postgresql/data/pgpass"
[ -f "\$pgpass" ] || {
  echo "No '\$pgpass' found. Postgres database doesn't seem to be setup." >&2
  exit 1
}
cp "\$pgpass" /root/.pgpass

PGUSER=\${PGUSER:-postgres}

if [ -z "\$PGHOST" ]; then
  PGHOST=\$(docker-ip | grep postgres | xargs echo | cut -f 3 -d " ") || {
    echo "No local running postgres docker found." >&2
    exit 1
  }
fi
export PGHOST PGUSER
EOF

# if ! [ -s /etc/ssh/vm_git_myceliandre_access_id_rsa ]; then
#     curl -L --fail https://docker.0k.io/get/vm_git_myceliandre_access_id_rsa > /etc/ssh/vm_git_myceliandre_access_id_rsa || {
#         echo "Fatal: Could not retrieve http://docker.0k.io/get/vm_git_myceliandre_access_id_rsa ..." >&2
#         rm -f /etc/ssh/vm_git_myceliandre_access_id_rsa
#         exit 1
#     }
#     ## Not so usefull as it is public !
#     chmod 0600 /etc/ssh/vm_git_myceliandre_access_id_rsa
# fi

mkdir -p /root/.ssh

cat <<EOF >> /root/.ssh/config

Host git.myceliandre.fr
    User git
    IdentityFile /etc/ssh/vm_git_myceliandre_access_id_rsa
    UserKnownHostsFile /dev/null
    StrictHostKeyChecking no
    Port 5022

EOF


##
## We could need some docker-compose for some quick hacks
##
version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }

if type -p python3 >/dev/null 2>&1 &&
        ! version_gt $(python3 --version | cut -f 2 -d " ") 3.9 ; then
    if ! type -p docker-compose >/dev/null; then
        # seems to require a C compiler
        apt-get install -y build-essential libffi-dev </dev/null &&
            pip install wheel==0.33.6 &&
            pip install pip==19.3.1 cffi==1.12.3 subprocess32==3.5.4 texttable==1.6.2 \
                pyrsistent==0.15.7 \
                git+https://github.com/0k/compose@run_ignore_orphans || exit 1
        ## Bug after updating pip
        hash -d pip || exit 1
    fi
fi

if [ "$DOMAIN" ]; then
    sed -ri "s/^(\s+domain:\s+).*$/\1$DOMAIN/g" compose.yml
fi

if [ "$MAIN_PASSWORD" ]; then
    sed -ri "s/^(\s+admin-password:\s+).*$/\1$MAIN_PASSWORD/g" compose.yml
fi


pip install ovh ||
    pip install ovh --break-system-packages || exit 1

#compose --debug up odoo apache

## Temporary work around for old images that don't want to build
docker pull docker.0k.io/php:7.4-myc && docker tag docker.0k.io/php:7.4-myc myc_frontend &&
docker pull docker.0k.io/cron:jessie && docker tag docker.0k.io/cron:jessie myc_cron &&

## Creation of an account to send notification to ntfy server 
echo "-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAQEApGXqKYEJbv0xu/wKl1mXtiz90kZbqq7FALTZYyYqWZfsp4RtiHXi
NC7WKFiabQ1j1s8WuE0I2xJNSpzjHuWouduLQ5WtTl0PIWausMYaHam5T1I3KLVBg1QNi8
0wL5LVMD3mMoxVstQmlvYOuODZSaCS6j6ND33IS5IG11M9xwR6IcUKLKnfF5h5OQbTSiQ0
ANgw5KmYdGBQ8PUIQO0ELz0rhjJVZLADZspXLoWikNURmlYozfcSFcfOVA7AkqeMKMZd64
72WDGTd9NrAOq+hmLMKDfJXuHlKrNuqmK1jVGs/5YcSArrFyuvKOabT8AJfjBDEVtbsSeu
mN44MoH1bwAAA8hI4f+cSOH/nAAAAAdzc2gtcnNhAAABAQCkZeopgQlu/TG7/AqXWZe2LP
3SRluqrsUAtNljJipZl+ynhG2IdeI0LtYoWJptDWPWzxa4TQjbEk1KnOMe5ai524tDla1O
XQ8hZq6wxhodqblPUjcotUGDVA2LzTAvktUwPeYyjFWy1CaW9g644NlJoJLqPo0PfchLkg
bXUz3HBHohxQosqd8XmHk5BtNKJDQA2DDkqZh0YFDw9QhA7QQvPSuGMlVksANmylcuhaKQ
1RGaVijN9xIVx85UDsCSp4woxl3rjvZYMZN302sA6r6GYswoN8le4eUqs26qYrWNUaz/lh
xICusXK68o5ptPwAl+MEMRW1uxJ66Y3jgygfVvAAAAAwEAAQAAAQEAnzpm1tQ4QtvRc/Xm
fDk2jCh/n06uMl8cSFbhxvqMQkK34HiPboBfG5PRsTpAOCej78acht12Gllbq0zRXneqOH
nAJTGvrhrMMNm3kVgOq3RcG8vRyQfl8EFU7XdLmIhrHFKXx5XM22xIBCdGkyKU0o9IPMFg
9wQpH6jMH3psd3j9M7x9QwPZKujv5XMF7DrMdtwAsU/XPTHrOedxdmnVpy9hwTpygTP6Xs
TRL9CgdoIo1arZAu8M5/h8xS37IKEe4lUNr/j5tJe3d0HQ+aXCtVrD1WDyZnslPnrDr0MQ
XCbx957Kh6VJ11t8el7x21Yr0iuF+S/RSKxsiyqC3J4EAQAAAIAQabySOpcNGk/kR3A7KH
Szz3uft+c9qmt9+b5Sth+GmRKEoOO51hi3K+WrzArMJ3AyO8QGodjBAStcbFMDW5DkWxFH
0BuuXL2JTNJdn/2iBQH2bjLI68zTCrqHapI4l3kwTFUDybZP9hcdN9QrsY10rh+WiUILt7
gIB69cxQKeuAAAAIEAz7W5MrUL50A5wi7EMalR9+dIVDTvpyub7Ip6dczRyXt9Xz35mv4S
pBaK0mabJPgNP23fGoDhsXhZoDxJpGaBMCciLujVt/wJCX+vXbXwBXwMi0DC9AF/W6FGYb
GAusBeJzziXuEmQlirbKFTwkBMVOpMWvsX/DQgDjsTVKjm9u8AAACBAMqeZ17+r7602t9P
8Gie1YXde/T1vMeQAHNCOCBoiuERdM/xDyQE3EXk9Pj2LOvhEu9CskQUCkuZS4JcMO+GQz
zfqty7nmi/sAQTwPe+Gl9dnvS+dixeDmS3g+rP+hEAYhVPQgQhm0zzMvzlYk437WB+9BYk
JUr3Zp+T2t4WoOmBAAAAEm50ZnlAY29yZS0wMS4way5pbw==
-----END OPENSSH PRIVATE KEY-----" > /root/.ssh/ntfy-key
echo "|1|e3yYRMYJg0EpbOeTplTgtI+KbY4=|PotgCF8Rwt2OZFKr1CGYWpJ6FRA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH8axkuXlI2zowRvL3Vyg/qgkKK57cqX7+9WRaLm9ECWkLvaVPGunR1zVJUZdTO3gjlSkqtblTcI00BBLt+zQvE=" \
>> /root/.ssh/known_hosts
chmod 600 /root/.ssh/ntfy-key

## Request token to ntfy server and add to config file 
cred=$(ssh -i /root/.ssh/ntfy-key ntfy@core-01.0k.io request-token) || >&2 echo "Error while requesting token to ntfy server"
login_ntfy=$(printf "%s" "${cred%$'\n'*}")
password_ntfy=$(printf "%s" "${cred#$'\n'*}")

## if the config file exist and LOGIN PASSWORD ARE already in we do nothing
if [ -z "$login_ntfy"] || [[ "$login_ntfy" == *$'\n'*]]; then 
    echo "Error: couldn’t infer credential from ntfy server" >&2;
    printf "%s" "$cred" | sed -r 's/^ |/g' >&2; 
    exit
fi

config_file="/etc/ntfy/ntfy.conf"
mkdir -p "${config_file%/*}"
if [ -f "$config_file" ] || touch $config_file || {
    echo "Error: couldn’t create config file $config_file" >&2;
    exit 1
}; then
    if grep -qE '^LOGIN=' "$config_file"; then
        sed -i "s/^LOGIN=.*/LOGIN='$login'/" "$config_file"
    else
        echo "LOGIN='$login'" >> "$config_file"
    fi
    if grep -qE '^PASSWORD=' "$config_file"; then
        sed -i "s/^PASSWORD=.*/PASSWORD='$password'/" "$config_file"
    else
        echo "PASSWORD='$password'" >> "$config_file"
    fi
fi

## Marker to probe if this script finished it's job
echo "done" > /var/run/myc-installer.0k.io.state