Commit c7696cd8 authored by jackie / Andrea Ida Malkah Klaura's avatar jackie / Andrea Ida Malkah Klaura
Browse files

~ refactor run.sh to module based scripts

parent a4dca2e1
#!/bin/bash
# get_config_steering $1
# outputs the value of a key, if set
get_config_steering () {
grep "^$1" steering/.env | cut -d'=' -f2
}
# set_config_steering $1 $2
# checks the steering/.env file and updates the key $1 to value $2
# keys are only considered if the are found on the beginning of a line
# if the key does not exist, a new line will be added, otherwise
# the existing line will be overwritten
set_config_steering () {
if [ -z "$(get_config_steering "$1")" ]; then
echo "$1=$2" >> steering/.env
else
sed -i "s/^$1=.*$/$1=$2/" steering/.env
fi
}
# get_config_dashboard $1 [$2]
# outputs the value of a key, if set in .env.production
# if the parameter $2 is used and set to "dev" the .env.development file will be used
get_config_dashboard () {
if [ "$2" = "dev" ]; then
DASHBOARD_ENV="development"
else
DASHBOARD_ENV="production"
fi
grep -oP "^$1 = ?\K.*$" dashboard/.env.$DASHBOARD_ENV
}
# set_config_dashboard $1 $2 [$3]
# checks the dashboard/.env.production file and updates the key $1 to value $2
# keys are only considered if the are found on the beginning of a line
# if the key does not exist, a new line will be added, otherwise
# the existing line will be overwritten
# if the optional parameter $3 is used and set to "dev" the operations will be
# performed on the dashboard/.env.development file
set_config_dashboard () {
if [ "$3" = "dev" ]; then
DASHBOARD_ENV="development"
else
DASHBOARD_ENV="production"
fi
SETTING_FOUND="false"
grep -q "$1" dashboard/.env.$DASHBOARD_ENV
if [ $? -eq 0 ]; then SETTING_FOUND="true"; fi
if [ -z "$(get_config_dashboard "$1" "$3")" -a $SETTING_FOUND = "false" ]; then
echo "$1 = $2" >> dashboard/.env.$DASHBOARD_ENV
else
VALUE="$2"
sed -i "s/^$1 =.*$/$1 = ${VALUE//\//\\/}/" dashboard/.env.$DASHBOARD_ENV
fi
}
# init_common
# sources .env variables and initialises variables from aura-config.yaml
# and also write the global .env file for docker-compose
init_common () {
echo "Reading required variables from aura-config.yaml"
MODE="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.mode' aura-config.yaml)"
# by default https should be used except for local dev mode
# TODO: create getopts options to override this setting for testing purposes
if [ "$MODE" = "dev" ]; then
HTTP_SCHEMA="http"
else
HTTP_SCHEMA="https"
fi
AURA_DOMAIN="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.domain' aura-config.yaml)"
USERNAME="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.admin.username' aura-config.yaml)"
USERMAIL="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.admin.email' aura-config.yaml)"
DEBUG="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.debug' aura-config.yaml)"
echo "Reading steering database config from aura-config.yaml"
STEERING_DB_PASS="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.steering.db_pass' aura-config.yaml)"
STEERING_DB_USER="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.steering.db_user' aura-config.yaml)"
STEERING_DB_NAME="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.steering.db_name' aura-config.yaml)"
echo "Reading tank database config from aura-config.yaml"
TANK_DB_PASS="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.tank.db_pass' aura-config.yaml)"
TANK_DB_USER="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.tank.db_user' aura-config.yaml)"
TANK_DB_NAME="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.tank.db_name' aura-config.yaml)"
echo "Reading dashboard config from aura-config.yaml"
VUE_APP_API_STEERING_OIDC_EXPIRE_NOTIFICATION="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.dashboard.VUE_APP_API_STEERING_OIDC_EXPIRE_NOTIFICATION' aura-config.yaml)"
VUE_APP_TIMESLOT_FILTER_DEFAULT_NUMSLOTS="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.dashboard.VUE_APP_TIMESLOT_FILTER_DEFAULT_NUMSLOTS' aura-config.yaml)"
VUE_APP_SHOW_THRESHOLD="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.dashboard.VUE_APP_SHOW_THRESHOLD' aura-config.yaml)"
VUE_APP_TIMESLOT_FILTER_DEFAULT_DAYS="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.dashboard.VUE_APP_TIMESLOT_FILTER_DEFAULT_DAYS' aura-config.yaml)"
echo "Writing global .env for docker-compose"
echo "
STEERING_DB_PASS=$STEERING_DB_PASS
STEERING_DB_USER=$STEERING_DB_USER
STEERING_DB_NAME=$STEERING_DB_NAME
TANK_DB_PASS=$TANK_DB_PASS
TANK_DB_USER=$TANK_DB_USER
TANK_DB_NAME=$TANK_DB_NAME
" > .env
}
# init_steering
# sets all needed steering/.env values and starts steering
# then initializes the steering database, creates a superuser and
# creates the OpenID Connect clients needed for the tank and dashboard config
init_steering () {
echo "Generating settings for steering/.env"
if [ ! -f steering/.env ]; then touch steering/.env; fi
# we only want to generate a new secret key, if there isn't already one there
if [ -z "$(get_config_steering SECRET_KEY)" ]; then
set_config_steering SECRET_KEY "$(tr -dc A-Z-a-z-0-9 < /dev/urandom | head -c32)"
fi
set_config_steering DBPASS $STEERING_DB_PASS
set_config_steering RUN_IN_DOCKER True
if [ "$DEBUG" = "true" ]; then
set_config_steering DEBUG True
fi
# django has to accept our configured domain as well as steering (due to proxying)
# TODO: localhost only makes sense if the container ports are mapped (usually in a dev setup)
set_config_steering ALLOWED_HOSTS "127.0.0.1,localhost,steering,$AURA_DOMAIN"
echo "Building steering image"
docker-compose build steering
echo "Starting steering container"
docker-compose up -d steering
echo "Running migrations"
docker exec steering python manage.py migrate
echo "Loading fixtures"
docker exec steering sh -c 'python manage.py loaddata fixtures/*/*.json'
# TODO: only create user if not already set (or if explicitly demanded)
echo "Creating steering superuser account for $USERNAME <$USERMAIL>."
echo "Please provide a (strong) password."
docker exec -it steering python manage.py createsuperuser --username "$USERNAME" --email "$USERMAIL"
echo "Creating RSA key for OpenID Connect"
docker exec steering python manage.py creatersakey
echo "Creating OIDC client for dashboard"
DASHBOARD_CLIENT_ID="$(docker exec steering python manage.py create_oidc_client -r "id_token token" --no-require-consent -i -u "$HTTP_SCHEMA://$AURA_DOMAIN/oidc_callback.html" -u "$HTTP_SCHEMA://$AURA_DOMAIN/oidc_callback_silentRenew.html" -p "$HTTP_SCHEMA://$AURA_DOMAIN" dashboard public)"
echo "Creating OIDC client for tank"
TANK_OIDC_DETAILS="$(docker exec steering python manage.py create_oidc_client -r "code" -i -u "$HTTP_SCHEMA://$AURA_DOMAIN/tank/auth/oidc/callback" -p "$HTTP_SCHEMA://$AURA_DOMAIN" tank confidential)"
TANK_CLIENT_ID="$(echo $TANK_OIDC_DETAILS | cut -d ' ' -f 1)"
TANK_CLIENT_SECRET="$(echo $TANK_OIDC_DETAILS | cut -d ' ' -f 2)"
echo "Stopping steering"
docker-compose down
}
init_tank () {
echo "Create new tank.yaml from sample file"
cp container-config/tank.sample.yaml container-config/tank.yaml
echo "Write OIDC info to tank.yaml"
docker run --rm -v "${PWD}"/container-config/tank.yaml:/workdir/tank.yaml -u $UID mikefarah/yq eval ".auth.oidc.client-id = \"$TANK_CLIENT_ID\"" -i tank.yaml
docker run --rm -v "${PWD}"/container-config/tank.yaml:/workdir/tank.yaml -u $UID mikefarah/yq eval ".auth.oidc.client-secret = \"$TANK_CLIENT_SECRET\"" -i tank.yaml
docker run --rm -v "${PWD}"/container-config/tank.yaml:/workdir/tank.yaml -u $UID mikefarah/yq eval ".auth.oidc.callback-url = \"$HTTP_SCHEMA://$AURA_DOMAIN/tank/auth/oidc/callback\"" -i tank.yaml
}
init_dashboard () {
cp dashboard/sample.env.production dashboard/.env.production
# TODO: set .env.production variables according to aura config and oidc client"
echo "Setting dashboard config values"
set_config_dashboard VUE_APP_BASEURI_STEERING "$HTTP_SCHEMA://$AURA_DOMAIN"
set_config_dashboard VUE_APP_BASEURI_MEDIA "$HTTP_SCHEMA://$AURA_DOMAIN/steering/site_media"
set_config_dashboard VUE_APP_API_STEERING "$HTTP_SCHEMA://$AURA_DOMAIN/steering/api/v1/"
set_config_dashboard VUE_APP_API_STEERING_SHOWS "$HTTP_SCHEMA://$AURA_DOMAIN/steering/api/v1/shows/"
set_config_dashboard VUE_APP_API_TANK "$HTTP_SCHEMA://$AURA_DOMAIN/tank/api/v1/"
set_config_dashboard VUE_APP_TANK "$HTTP_SCHEMA://$AURA_DOMAIN/tank/"
set_config_dashboard VUE_APP_OIDC_CLIENT_ID "$DASHBOARD_CLIENT_ID"
set_config_dashboard VUE_APP_API_STEERING_OIDC_URI "$HTTP_SCHEMA://$AURA_DOMAIN/openid"
set_config_dashboard VUE_APP_API_STEERING_OIDC_EXPIRE_NOTIFICATION "$VUE_APP_API_STEERING_OIDC_EXPIRE_NOTIFICATION"
set_config_dashboard VUE_APP_API_STEERING_OIDC_REDIRECT_URI "$HTTP_SCHEMA://$AURA_DOMAIN/oidc_callback.html"
set_config_dashboard VUE_APP_API_STEERING_OIDC_REDIRECT_URI_SILENT "$HTTP_SCHEMA://$AURA_DOMAIN/oidc_callback_silentRenew.html"
set_config_dashboard VUE_APP_API_STEERING_OIDC_REDIRECT_URI_POSTLOGOUT "$HTTP_SCHEMA://$AURA_DOMAIN"
set_config_dashboard VUE_APP_TIMESLOT_FILTER_DEFAULT_NUMSLOTS "$VUE_APP_TIMESLOT_FILTER_DEFAULT_NUMSLOTS"
set_config_dashboard VUE_APP_SHOW_THRESHOLD "$VUE_APP_SHOW_THRESHOLD"
set_config_dashboard VUE_APP_TIMESLOT_FILTER_DEFAULT_DAYS "$VUE_APP_TIMESLOT_FILTER_DEFAULT_DAYS"
}
init_webserver () {
echo "Starting initial web container to obtain Let's Encrypt cert"
cp container-config/nginx.initial-sample.conf container-config/nginx.conf
sed -i "s/sample\\.example\\.com/$AURA_DOMAIN/" container-config/nginx.conf
docker-compose up -d aura-web
# TODO: check whether we already have a valid cert
docker exec aura-web certbot certonly --webroot -w /usr/share/nginx/html -d "$AURA_DOMAIN" -m "$USERMAIL" --agree-tos --non-interactive
docker-compose stop aura-web
echo "Creating final TLS enabled nginx conf"
cp container-config/nginx.full-sample.conf container-config/nginx.conf
sed -i "s/sample\\.example\\.com/$AURA_DOMAIN/" container-config/nginx.conf
}
start_database_containers () {
echo "Starting database containers"
docker-compose up -d steering-postgres tank-postgres
}
start_containers () {
echo "Starting steering and tank containers, building dashboard production build"
docker-compose up -d steering tank dashboard
}
start_webserver () {
echo "Start nginx container as web proxy"
docker-compose up -d aura-web
}
source src/common.sh
source src/steering.sh
source src/tank.sh
source src/dashboard.sh
source src/webserver.sh
# TODO: create getopts interface with options to init, run and stop services
......
# init_common
# sources .env variables and initialises variables from aura-config.yaml
# and also write the global .env file for docker-compose
init_common () {
echo "Reading required variables from aura-config.yaml"
MODE="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.mode' aura-config.yaml)"
# by default https should be used except for local dev mode
# TODO: create getopts options to override this setting for testing purposes
if [ "$MODE" = "dev" ]; then
HTTP_SCHEMA="http"
else
HTTP_SCHEMA="https"
fi
AURA_DOMAIN="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.domain' aura-config.yaml)"
USERNAME="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.admin.username' aura-config.yaml)"
USERMAIL="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.admin.email' aura-config.yaml)"
DEBUG="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.debug' aura-config.yaml)"
echo "Reading steering database config from aura-config.yaml"
STEERING_DB_PASS="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.steering.db_pass' aura-config.yaml)"
STEERING_DB_USER="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.steering.db_user' aura-config.yaml)"
STEERING_DB_NAME="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.steering.db_name' aura-config.yaml)"
echo "Reading tank database config from aura-config.yaml"
TANK_DB_PASS="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.tank.db_pass' aura-config.yaml)"
TANK_DB_USER="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.tank.db_user' aura-config.yaml)"
TANK_DB_NAME="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.tank.db_name' aura-config.yaml)"
echo "Reading dashboard config from aura-config.yaml"
VUE_APP_API_STEERING_OIDC_EXPIRE_NOTIFICATION="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.dashboard.VUE_APP_API_STEERING_OIDC_EXPIRE_NOTIFICATION' aura-config.yaml)"
VUE_APP_TIMESLOT_FILTER_DEFAULT_NUMSLOTS="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.dashboard.VUE_APP_TIMESLOT_FILTER_DEFAULT_NUMSLOTS' aura-config.yaml)"
VUE_APP_SHOW_THRESHOLD="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.dashboard.VUE_APP_SHOW_THRESHOLD' aura-config.yaml)"
VUE_APP_TIMESLOT_FILTER_DEFAULT_DAYS="$(docker run --rm -v "${PWD}"/aura-config.yaml:/workdir/aura-config.yaml mikefarah/yq eval '.aura.dashboard.VUE_APP_TIMESLOT_FILTER_DEFAULT_DAYS' aura-config.yaml)"
echo "Writing global .env for docker-compose"
echo "
STEERING_DB_PASS=$STEERING_DB_PASS
STEERING_DB_USER=$STEERING_DB_USER
STEERING_DB_NAME=$STEERING_DB_NAME
TANK_DB_PASS=$TANK_DB_PASS
TANK_DB_USER=$TANK_DB_USER
TANK_DB_NAME=$TANK_DB_NAME
" > .env
}
start_database_containers () {
echo "Starting database containers"
docker-compose up -d steering-postgres tank-postgres
}
start_containers () {
echo "Starting steering and tank containers, building dashboard production build"
docker-compose up -d steering tank dashboard
}
# get_config_dashboard $1 [$2]
# outputs the value of a key, if set in .env.production
# if the parameter $2 is used and set to "dev" the .env.development file will be used
get_config_dashboard () {
if [ "$2" = "dev" ]; then
DASHBOARD_ENV="development"
else
DASHBOARD_ENV="production"
fi
grep -oP "^$1 = ?\K.*$" dashboard/.env.$DASHBOARD_ENV
}
# set_config_dashboard $1 $2 [$3]
# checks the dashboard/.env.production file and updates the key $1 to value $2
# keys are only considered if the are found on the beginning of a line
# if the key does not exist, a new line will be added, otherwise
# the existing line will be overwritten
# if the optional parameter $3 is used and set to "dev" the operations will be
# performed on the dashboard/.env.development file
set_config_dashboard () {
if [ "$3" = "dev" ]; then
DASHBOARD_ENV="development"
else
DASHBOARD_ENV="production"
fi
SETTING_FOUND="false"
grep -q "$1" dashboard/.env.$DASHBOARD_ENV
if [ $? -eq 0 ]; then SETTING_FOUND="true"; fi
if [ -z "$(get_config_dashboard "$1" "$3")" -a $SETTING_FOUND = "false" ]; then
echo "$1 = $2" >> dashboard/.env.$DASHBOARD_ENV
else
VALUE="$2"
sed -i "s/^$1 =.*$/$1 = ${VALUE//\//\\/}/" dashboard/.env.$DASHBOARD_ENV
fi
}
init_dashboard () {
cp dashboard/sample.env.production dashboard/.env.production
# TODO: set .env.production variables according to aura config and oidc client"
echo "Setting dashboard config values"
set_config_dashboard VUE_APP_BASEURI_STEERING "$HTTP_SCHEMA://$AURA_DOMAIN"
set_config_dashboard VUE_APP_BASEURI_MEDIA "$HTTP_SCHEMA://$AURA_DOMAIN/steering/site_media"
set_config_dashboard VUE_APP_API_STEERING "$HTTP_SCHEMA://$AURA_DOMAIN/steering/api/v1/"
set_config_dashboard VUE_APP_API_STEERING_SHOWS "$HTTP_SCHEMA://$AURA_DOMAIN/steering/api/v1/shows/"
set_config_dashboard VUE_APP_API_TANK "$HTTP_SCHEMA://$AURA_DOMAIN/tank/api/v1/"
set_config_dashboard VUE_APP_TANK "$HTTP_SCHEMA://$AURA_DOMAIN/tank/"
set_config_dashboard VUE_APP_OIDC_CLIENT_ID "$DASHBOARD_CLIENT_ID"
set_config_dashboard VUE_APP_API_STEERING_OIDC_URI "$HTTP_SCHEMA://$AURA_DOMAIN/openid"
set_config_dashboard VUE_APP_API_STEERING_OIDC_EXPIRE_NOTIFICATION "$VUE_APP_API_STEERING_OIDC_EXPIRE_NOTIFICATION"
set_config_dashboard VUE_APP_API_STEERING_OIDC_REDIRECT_URI "$HTTP_SCHEMA://$AURA_DOMAIN/oidc_callback.html"
set_config_dashboard VUE_APP_API_STEERING_OIDC_REDIRECT_URI_SILENT "$HTTP_SCHEMA://$AURA_DOMAIN/oidc_callback_silentRenew.html"
set_config_dashboard VUE_APP_API_STEERING_OIDC_REDIRECT_URI_POSTLOGOUT "$HTTP_SCHEMA://$AURA_DOMAIN"
set_config_dashboard VUE_APP_TIMESLOT_FILTER_DEFAULT_NUMSLOTS "$VUE_APP_TIMESLOT_FILTER_DEFAULT_NUMSLOTS"
set_config_dashboard VUE_APP_SHOW_THRESHOLD "$VUE_APP_SHOW_THRESHOLD"
set_config_dashboard VUE_APP_TIMESLOT_FILTER_DEFAULT_DAYS "$VUE_APP_TIMESLOT_FILTER_DEFAULT_DAYS"
}
# get_config_steering $1
# outputs the value of a key, if set
get_config_steering () {
grep "^$1" steering/.env | cut -d'=' -f2
}
# set_config_steering $1 $2
# checks the steering/.env file and updates the key $1 to value $2
# keys are only considered if the are found on the beginning of a line
# if the key does not exist, a new line will be added, otherwise
# the existing line will be overwritten
set_config_steering () {
if [ -z "$(get_config_steering "$1")" ]; then
echo "$1=$2" >> steering/.env
else
sed -i "s/^$1=.*$/$1=$2/" steering/.env
fi
}
# init_steering
# sets all needed steering/.env values and starts steering
# then initializes the steering database, creates a superuser and
# creates the OpenID Connect clients needed for the tank and dashboard config
init_steering () {
echo "Generating settings for steering/.env"
if [ ! -f steering/.env ]; then touch steering/.env; fi
# we only want to generate a new secret key, if there isn't already one there
if [ -z "$(get_config_steering SECRET_KEY)" ]; then
set_config_steering SECRET_KEY "$(tr -dc A-Z-a-z-0-9 < /dev/urandom | head -c32)"
fi
set_config_steering DBPASS $STEERING_DB_PASS
set_config_steering RUN_IN_DOCKER True
if [ "$DEBUG" = "true" ]; then
set_config_steering DEBUG True
fi
# django has to accept our configured domain as well as steering (due to proxying)
# TODO: localhost only makes sense if the container ports are mapped (usually in a dev setup)
set_config_steering ALLOWED_HOSTS "127.0.0.1,localhost,steering,$AURA_DOMAIN"
echo "Building steering image"
docker-compose build steering
echo "Starting steering container"
docker-compose up -d steering
echo "Running migrations"
docker exec steering python manage.py migrate
echo "Loading fixtures"
docker exec steering sh -c 'python manage.py loaddata fixtures/*/*.json'
# TODO: only create user if not already set (or if explicitly demanded)
echo "Creating steering superuser account for $USERNAME <$USERMAIL>."
echo "Please provide a (strong) password."
docker exec -it steering python manage.py createsuperuser --username "$USERNAME" --email "$USERMAIL"
echo "Creating RSA key for OpenID Connect"
docker exec steering python manage.py creatersakey
echo "Creating OIDC client for dashboard"
DASHBOARD_CLIENT_ID="$(docker exec steering python manage.py create_oidc_client -r "id_token token" --no-require-consent -i -u "$HTTP_SCHEMA://$AURA_DOMAIN/oidc_callback.html" -u "$HTTP_SCHEMA://$AURA_DOMAIN/oidc_callback_silentRenew.html" -p "$HTTP_SCHEMA://$AURA_DOMAIN" dashboard public)"
echo "Creating OIDC client for tank"
TANK_OIDC_DETAILS="$(docker exec steering python manage.py create_oidc_client -r "code" -i -u "$HTTP_SCHEMA://$AURA_DOMAIN/tank/auth/oidc/callback" -p "$HTTP_SCHEMA://$AURA_DOMAIN" tank confidential)"
TANK_CLIENT_ID="$(echo $TANK_OIDC_DETAILS | cut -d ' ' -f 1)"
TANK_CLIENT_SECRET="$(echo $TANK_OIDC_DETAILS | cut -d ' ' -f 2)"
echo "Stopping steering"
docker-compose down
}
init_tank () {
echo "Create new tank.yaml from sample file"
cp container-config/tank.sample.yaml container-config/tank.yaml
echo "Write OIDC info to tank.yaml"
docker run --rm -v "${PWD}"/container-config/tank.yaml:/workdir/tank.yaml -u $UID mikefarah/yq eval ".auth.oidc.client-id = \"$TANK_CLIENT_ID\"" -i tank.yaml
docker run --rm -v "${PWD}"/container-config/tank.yaml:/workdir/tank.yaml -u $UID mikefarah/yq eval ".auth.oidc.client-secret = \"$TANK_CLIENT_SECRET\"" -i tank.yaml
docker run --rm -v "${PWD}"/container-config/tank.yaml:/workdir/tank.yaml -u $UID mikefarah/yq eval ".auth.oidc.callback-url = \"$HTTP_SCHEMA://$AURA_DOMAIN/tank/auth/oidc/callback\"" -i tank.yaml
}
init_webserver () {
echo "Starting initial web container to obtain Let's Encrypt cert"
cp container-config/nginx.initial-sample.conf container-config/nginx.conf
sed -i "s/sample\\.example\\.com/$AURA_DOMAIN/" container-config/nginx.conf
docker-compose up -d aura-web
# TODO: check whether we already have a valid cert
docker exec aura-web certbot certonly --webroot -w /usr/share/nginx/html -d "$AURA_DOMAIN" -m "$USERMAIL" --agree-tos --non-interactive
docker-compose stop aura-web
echo "Creating final TLS enabled nginx conf"
cp container-config/nginx.full-sample.conf container-config/nginx.conf
sed -i "s/sample\\.example\\.com/$AURA_DOMAIN/" container-config/nginx.conf
}
start_webserver () {
echo "Start nginx container as web proxy"
docker-compose up -d aura-web
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment