-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathuserdata.tftpl
90 lines (78 loc) · 3.23 KB
/
userdata.tftpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#!/bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
software-properties-common \
gnupg \
git \
python3 \
jq
# Very dirty calculation for setting CFSSL expiry after machine expiry
export EXPIRES_IN_HOURS=$(python3 -c 'import datetime; exp = datetime.datetime.strptime("${EXPIRES}", "%Y-%m-%d"); now = datetime.datetime.now(); diff = exp-now; print(f"{(diff.days+2)*24}h")')
# Add Docker's official GPG key:
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
# Install docker
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# Make sure the github host keys are known
mkdir -p -m 0700 ~/.ssh && ssh-keyscan gitlab.com github.com | sort >> ~/.ssh/known_hosts
# Clone the coposition
git clone --depth 1 --branch ${COMP_REPO_TAG} ${COMP_REPO_URI} comprepo
cd comprepo
# Switch ssh repos to https because our user does not have valid github key
sed -i.ssh 's|[email protected]:|https://github.com/|g' .gitmodules
# Check out the submodules
git submodule update --init --depth 1
echo "** ENV file"
echo "COMPOSE_PROJECT_NAME=rmvm" >>.env
echo "CFSSL_CA_NAME=${DEPLOYMENT_NAME}" >>.env
echo "SERVER_DOMAIN=${DEPLOYMENT_DNS}" >>.env
echo "MW_LE_EMAIL=${CERTBOT_EMAIL}" >>.env
echo "VITE_ASSET_SET=${VITE_ASSET_SET}" >>.env
echo "MW_LE_TEST=false" >>.env
echo "POSTGRES_PASSWORD=${POSTGRES_PASSWORD}" >>.env
echo "RM_DATABASE_PASSWORD=${RM_DATABASE_PASSWORD}" >>.env
echo "KEYCLOAK_DATABASE_PASSWORD=${KEYCLOAK_DATABASE_PASSWORD}" >>.env
echo "LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}" >>.env
echo "KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}" >>.env
echo "KEYCLOAK_HTTPS_KEY_STORE_PASSWORD=${KEYCLOAK_HTTPS_KEY_STORE_PASSWORD}" >>.env
echo "KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD=${KEYCLOAK_HTTPS_TRUST_STORE_PASSWORD}" >>.env
echo "TAK_DATABASE_PASSWORD=${TAK_DATABASE_PASSWORD}" >>.env
echo "TAKSERVER_CERT_PASS=${TAKSERVER_CERT_PASS}" >>.env
echo "TAK_CA_PASS=${TAK_CA_PASS}" >>.env
echo "CFSSL_CA_EXPIRY=$EXPIRES_IN_HOURS" >>.env
echo "CFSSL_SIGN_DEFAULT_EXPIRY=$EXPIRES_IN_HOURS" >>.env
echo "KEYCLOAK_PROFILEROOT_UUID=$(uuidgen -r)" >>.env
if [ ! -z "${DOCKER_TAG_EXTRA}" ]
then
echo "DOCKER_TAG_EXTRA=${DOCKER_TAG_EXTRA}" >>.env
fi
source .env
export DOCKER_BUILDKIT=1
# docker compose is not the same as docker-compose, which is legacy and does not support all things the version without dash does
echo "** docker compose pull"
docker compose pull --include-deps --ignore-pull-failures
echo "** docker compose up"
set +e
# Use function to bring the composition up
dcup() {
docker compose down
docker compose up -d
return $?
}
# Try 3 times via the function
dcup || dcup || dcup
echo "** Check API health"
curl -s https://${DEPLOYMENT_DNS}/api/v1/healthcheck/services | jq
echo "DONE"