From 8a6514607141e9e1e5602c8c3d7827eb4c5e160d Mon Sep 17 00:00:00 2001 From: pvincent Date: Thu, 10 Oct 2024 01:18:16 +0400 Subject: [PATCH] credential.redis --- lib/install.sh | 9 ++++- recipes/discourse/crud.sh | 11 +++++- recipes/redis/install.sh | 55 +++++++++++++++++++++++++++ templates/apps/discourse/forum.yml.j2 | 4 +- templates/etc/defaults.yaml.j2 | 3 +- 5 files changed, 76 insertions(+), 6 deletions(-) create mode 100755 recipes/redis/install.sh diff --git a/lib/install.sh b/lib/install.sh index 009a086..f31b429 100755 --- a/lib/install.sh +++ b/lib/install.sh @@ -279,7 +279,8 @@ function check_credential { check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.username' && check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.shadow' && - check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.email' + check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.email' && + check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.redis' } function check_target() { @@ -313,7 +314,11 @@ function miaou_configfiles() { if [[ ! -f /etc/miaou/defaults.yaml ]]; then echo -n "building /etc/miaou/defaults.yaml for the first time..." shadow_passwd=$(sudo grep "$CURRENT_USER" /etc/shadow | cut -d ':' -f2) - env current_user="$CURRENT_USER" shadow_passwd="$shadow_passwd" valid_email="$valid_email" tera -e --env-key env --env-only -t "$MIAOU_BASEDIR/templates/etc/defaults.yaml.j2" -o /etc/miaou/defaults.yaml >/dev/null + redis=$( + SIZE=12 + tr -cd '[:alnum:]' /dev/null yq ".target=\"$TARGET\"" /etc/miaou/defaults.yaml -i PREFIX="" echoinfo DONE fi diff --git a/recipes/discourse/crud.sh b/recipes/discourse/crud.sh index cc2b904..bc5b804 100755 --- a/recipes/discourse/crud.sh +++ b/recipes/discourse/crud.sh @@ -17,8 +17,13 @@ function _create() { echo "creating discourse instance for <$shortname> ... " echo "initialize discourse $shortname $longname ... OK" + admin_username=$(load_yaml_from_expanded services[\""$domain"\"][\""$subdomain"\"].data.discourse.admin.username) + admin_email=$(load_yaml_from_expanded services[\""$domain"\"][\""$subdomain"\"].data.discourse.admin.email) + admin_password=$(load_yaml_from_expanded services[\""$domain"\"][\""$subdomain"\"].data.discourse.admin.password) + redis_password=$(load_yaml_from_expanded credential.redis) + mkdir -p "$MIAOU_CONFIGDIR/apps/discourse" - APP_DOMAIN=$domain APP_SUBDOMAIN=$subdomain APP_FQDN=$fqdn APP_PORT=$port APP_NAME=$longname tera -e --env-key env -t "$MIAOU_BASEDIR/templates/apps/discourse/forum.yml.j2" -o "$MIAOU_CONFIGDIR/apps/discourse/$longname.yml" "$MIAOU_CONFIGDIR/miaou.expanded.yaml" + APP_REDIS_PASSWORD=$redis_password APP_DOMAIN=$domain APP_SUBDOMAIN=$subdomain APP_FQDN=$fqdn APP_PORT=$port APP_NAME=$longname tera -e --env-key env -t "$MIAOU_BASEDIR/templates/apps/discourse/forum.yml.j2" -o "$MIAOU_CONFIGDIR/apps/discourse/$longname.yml" "$MIAOU_CONFIGDIR/miaou.expanded.yaml" echo "creating templates ... OK" echo "copying files to container <$container> ... " @@ -28,6 +33,8 @@ function _create() { if ! (db-psql list | grep -q "$longname"); then echo "create empty database <$longname> ... " db-psql create "$longname" + db-psql use "$longname" "CREATE EXTENSION IF NOT EXISTS hstore" + db-psql use "$longname" "CREATE EXTENSION IF NOT EXISTS pg_trgm" echo "create empty database <$longname> ... OK" else echo "database already exists!" @@ -38,6 +45,8 @@ function _create() { set -Eeuo pipefail cd /var/discourse ./launcher rebuild $longname + command='u=User.create_with(email: "$admin_email", password: "$admin_password").find_or_initialize_by(username: "$admin_username"); u.save; u.activate' + ./launcher run $longname "rails runner '\$command'" EOF echo "initialize discourse $longname ... OK" } diff --git a/recipes/redis/install.sh b/recipes/redis/install.sh new file mode 100755 index 0000000..04fb11c --- /dev/null +++ b/recipes/redis/install.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +function check() { + PREFIX="recipe:redis:check" + + container_running "$CONTAINER" || return 10 + echo "checking redis regarding access to its ip address <$REDIS_IP>..." + + lxc exec "$CONTAINER" -- bash </dev/null + ss -tlnp | grep redis | grep -q $REDIS_IP:6379 + test -f /etc/redis/redis.conf + grep -Eq "^protected-mode no" /etc/redis/redis.conf +EOF + status="$?" + [[ $status -eq 0 ]] && echo "container <$CONTAINER> approved!" + return $status +} + +function install() { + PREFIX="recipe:redis:install" + : "$PREFIX" + + credential_redis=$(load_yaml_from_expanded credential.redis) + echowarn "initializing redis regarding access to its IP address <$REDIS_IP>..." + + launch_container "$CONTAINER" + lxc exec "$CONTAINER" -- bash <=2 {print $NF;}' diff --git a/templates/etc/defaults.yaml.j2 b/templates/etc/defaults.yaml.j2 index dfac725..180290c 100644 --- a/templates/etc/defaults.yaml.j2 +++ b/templates/etc/defaults.yaml.j2 @@ -1,8 +1,9 @@ --- containers: dmz: [dmz] - ct1: [mariadb, postgresql] + ct1: [mariadb, postgresql, redis] credential: username: {{env.current_user}} shadow: {{env.shadow_passwd}} email: {{env.valid_email}} + redis: {{env.redis}}