You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

202 lines
6.4 KiB

  1. #!/bin/bash
  2. ## Installing base docker-host
  3. wget http://docker.0k.io/get/ -qO - | bash || exit 1
  4. ## shlib is now available
  5. . /etc/shlib || {
  6. echo "shlib is not available. Bailing out." >&2
  7. exit 1
  8. }
  9. clone_or_update() {
  10. local pkg="$1" branch=${2:-master} \
  11. DEPLOY_PATH="/opt/apps" \
  12. GIT_BASE="https://git.myceliandre.fr/Myceliandre" \
  13. current_branch
  14. if [ -d "$DEPLOY_PATH/$pkg" ]; then
  15. cd "$DEPLOY_PATH/$pkg"
  16. current_branch=$(git rev-parse --abbrev-ref HEAD)
  17. if [ "$current_branch" != "$branch" ]; then
  18. echo "Fatal: $DEPLOY_PATH/$pkg git repos has unexpected branch checkouted."
  19. echo " To avoid changing thing, we prefer to bailout."
  20. return 1
  21. fi
  22. git pull -r || return 1
  23. else
  24. mkdir -p "$DEPLOY_PATH" && cd "$DEPLOY_PATH"
  25. git clone "$GIT_BASE/${pkg}" -b "$branch" --depth=1
  26. fi
  27. }
  28. install_bin() {
  29. local path="$1" DEST_PATH=/usr/local/bin
  30. ln -sfnv "$path"/* "$DEST_PATH" || return 1
  31. find -L "$DEST_PATH" -maxdepth 1 -type l -ilname "$path"/\* -exec rm -v {} \; || return 1
  32. }
  33. set -e
  34. clone_or_update myc-manage || exit 1
  35. install_bin /opt/apps/myc-manage/bin
  36. clone_or_update myc-deploy || exit 1
  37. #[ -e /etc/compose.conf ] || ln -sfv /opt/apps/myc-deploy/etc/compose.conf /etc/compose.conf
  38. ## XXXvlab: should get rid of this file in some future
  39. cd /opt/apps/myc-deploy
  40. if ! grep "^DEFAULT_COMPOSE_FILE=$PWD/compose.yml$" /etc/compose/local.conf >/dev/null 2>&1; then
  41. echo "Adding CWD=$PWD to docker-compose."
  42. cat <<EOF >> /etc/compose/local.conf
  43. DEFAULT_COMPOSE_FILE=$PWD/compose.yml
  44. EOF
  45. fi
  46. type -t docker-clean || ln -sfv /opt/apps/0k-docker/src/bin/docker-clean /usr/local/bin
  47. if [ -z "$WITHOUT_DOCKER_CLEAN" ]; then
  48. ln -sfn /opt/apps/0k-docker/src/bin/docker-clean /etc/cron.daily/docker-clean
  49. fi
  50. cd /opt/apps/myc-deploy
  51. cat <<EOF > /root/.pgm.rc
  52. prefix_pg_local_command=" " ## otherwise, will default to sudo -u postgres
  53. pgpass="/srv/datastore/data/postgres/var/lib/postgresql/data/pgpass"
  54. [ -f "\$pgpass" ] || {
  55. echo "No '\$pgpass' found. Postgres database doesn't seem to be setup." >&2
  56. exit 1
  57. }
  58. cp "\$pgpass" /root/.pgpass
  59. PGUSER=\${PGUSER:-postgres}
  60. if [ -z "\$PGHOST" ]; then
  61. PGHOST=\$(docker-ip | grep postgres | xargs echo | cut -f 3 -d " ") || {
  62. echo "No local running postgres docker found." >&2
  63. exit 1
  64. }
  65. fi
  66. export PGHOST PGUSER
  67. EOF
  68. # if ! [ -s /etc/ssh/vm_git_myceliandre_access_id_rsa ]; then
  69. # curl -L --fail https://docker.0k.io/get/vm_git_myceliandre_access_id_rsa > /etc/ssh/vm_git_myceliandre_access_id_rsa || {
  70. # echo "Fatal: Could not retrieve http://docker.0k.io/get/vm_git_myceliandre_access_id_rsa ..." >&2
  71. # rm -f /etc/ssh/vm_git_myceliandre_access_id_rsa
  72. # exit 1
  73. # }
  74. # ## Not so usefull as it is public !
  75. # chmod 0600 /etc/ssh/vm_git_myceliandre_access_id_rsa
  76. # fi
  77. mkdir -p /root/.ssh
  78. cat <<EOF >> /root/.ssh/config
  79. Host git.myceliandre.fr
  80. User git
  81. IdentityFile /etc/ssh/vm_git_myceliandre_access_id_rsa
  82. UserKnownHostsFile /dev/null
  83. StrictHostKeyChecking no
  84. Port 5022
  85. EOF
  86. ##
  87. ## We could need some docker-compose for some quick hacks
  88. ##
  89. version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
  90. if type -p python3 >/dev/null 2>&1 &&
  91. ! version_gt $(python3 --version | cut -f 2 -d " ") 3.9 ; then
  92. if ! type -p docker-compose >/dev/null; then
  93. # seems to require a C compiler
  94. apt-get install -y build-essential libffi-dev </dev/null &&
  95. pip install wheel==0.33.6 &&
  96. pip install pip==19.3.1 cffi==1.12.3 subprocess32==3.5.4 texttable==1.6.2 \
  97. pyrsistent==0.15.7 \
  98. git+https://github.com/0k/compose@run_ignore_orphans || exit 1
  99. ## Bug after updating pip
  100. hash -d pip || exit 1
  101. fi
  102. fi
  103. if [ "$DOMAIN" ]; then
  104. sed -ri "s/^(\s+domain:\s+).*$/\1$DOMAIN/g" compose.yml
  105. fi
  106. if [ "$MAIN_PASSWORD" ]; then
  107. sed -ri "s/^(\s+admin-password:\s+).*$/\1$MAIN_PASSWORD/g" compose.yml
  108. fi
  109. pip install ovh ||
  110. pip install ovh --break-system-packages || exit 1
  111. #compose --debug up odoo apache
  112. ## Temporary work around for old images that don't want to build
  113. docker pull docker.0k.io/php:7.4-myc && docker tag docker.0k.io/php:7.4-myc myc_frontend &&
  114. docker pull docker.0k.io/cron:jessie && docker tag docker.0k.io/cron:jessie myc_cron &&
  115. ## Copy Ntfy key to root/.ssh/
  116. umask 066
  117. ntfy_key="/opt/apps/myc-manage/etc/ssh/ntfy-key"
  118. if [ ! -f "$ntfy_key" ]; then
  119. echo "Error: ntfy key not found" >&2
  120. exit 1
  121. fi
  122. if [ ! -f "/root/.ssh/ntfy-key" ]; then
  123. cat $ntfy_key | gpg -d --batch --yes --passphrase 'uniquepass' > /root/.ssh/ntfy-key || >&2 echo "Error while copying ntfy key to root"
  124. fi
  125. ## Request token to ntfy server and add to config file
  126. ntfy_host="core-01.0k.io"
  127. if ! ssh-keygen -F $ntfy_host -f /root/.ssh/known_hosts >/dev/null; then
  128. ssh-keyscan -H $ntfy_host >> /root/.ssh/known_hosts || >&2 echo "Error while adding ntfy server to known_hosts"
  129. fi
  130. ## if the config file doesn’t exist and LOGIN PASSWORD ARE not in we request them
  131. config_file="/etc/ntfy/ntfy.conf"
  132. mkdir -p "${config_file%/*}"
  133. if [ -f "$config_file" ] || touch $config_file || {
  134. echo "Error: couldn’t create config file $config_file" >&2;
  135. exit 1
  136. }; then
  137. ## if the config file is not complete we request new credentials
  138. if ! grep -qE '^LOGIN=' "$config_file" || ! grep -qE '^PASSWORD=' "$config_file"; then
  139. cred=$(ssh -i /root/.ssh/ntfy-key ntfy@core-01.0k.io request-token) || >&2 echo "Error while requesting token to ntfy server"
  140. login_ntfy=$(printf "%s" "${cred%$'\n'*}")
  141. password_ntfy=$(printf "%s" "${cred#$'\n'*}")
  142. if [ -z "$login_ntfy" ] || [[ "$login_ntfy" == *$'\n'* ]]; then
  143. echo "Error: couldn’t infer credential from ntfy server" >&2;
  144. printf "%s" "$cred" | sed -r 's/^ |/g' >&2;
  145. exit 1
  146. fi
  147. if grep -qE '^LOGIN=' "$config_file"; then
  148. sed -i "s/^LOGIN=.*/LOGIN='$login'/" "$config_file"
  149. else
  150. echo "LOGIN='$login'" >> "$config_file"
  151. fi
  152. if grep -qE '^PASSWORD=' "$config_file"; then
  153. sed -i "s/^PASSWORD=.*/PASSWORD='$password'/" "$config_file"
  154. else
  155. echo "PASSWORD='$password'" >> "$config_file"
  156. fi
  157. else
  158. echo "NTFY Config file is already complete" >&2;
  159. fi
  160. fi
  161. ## Marker to probe if this script finished it's job
  162. echo "done" > /var/run/myc-installer.0k.io.state