Browse Source

credential.redis

main
pvincent 2 months ago
parent
commit
8a65146071
  1. 9
      lib/install.sh
  2. 11
      recipes/discourse/crud.sh
  3. 55
      recipes/redis/install.sh
  4. 4
      templates/apps/discourse/forum.yml.j2
  5. 3
      templates/etc/defaults.yaml.j2

9
lib/install.sh

@ -279,7 +279,8 @@ function check_credential {
check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.username' && check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.username' &&
check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.shadow' && check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.shadow' &&
check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.email'
check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.email' &&
check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.redis'
} }
function check_target() { function check_target() {
@ -313,7 +314,11 @@ function miaou_configfiles() {
if [[ ! -f /etc/miaou/defaults.yaml ]]; then if [[ ! -f /etc/miaou/defaults.yaml ]]; then
echo -n "building /etc/miaou/defaults.yaml for the first time..." echo -n "building /etc/miaou/defaults.yaml for the first time..."
shadow_passwd=$(sudo grep "$CURRENT_USER" /etc/shadow | cut -d ':' -f2) shadow_passwd=$(sudo grep "$CURRENT_USER" /etc/shadow | cut -d ':' -f2)
env current_user="$CURRENT_USER" shadow_passwd="$shadow_passwd" valid_email="$valid_email" tera -e --env-key env --env-only -t "$MIAOU_BASEDIR/templates/etc/defaults.yaml.j2" -o /etc/miaou/defaults.yaml >/dev/null
redis=$(
SIZE=12
tr -cd '[:alnum:]' </dev/urandom | fold -w $SIZE | head -n1
)
env current_user="$CURRENT_USER" shadow_passwd="$shadow_passwd" valid_email="$valid_email" redis="$redis" tera -e --env-key env --env-only -t "$MIAOU_BASEDIR/templates/etc/defaults.yaml.j2" -o /etc/miaou/defaults.yaml >/dev/null
yq ".target=\"$TARGET\"" /etc/miaou/defaults.yaml -i yq ".target=\"$TARGET\"" /etc/miaou/defaults.yaml -i
PREFIX="" echoinfo DONE PREFIX="" echoinfo DONE
fi fi

11
recipes/discourse/crud.sh

@ -17,8 +17,13 @@ function _create() {
echo "creating discourse instance for <$shortname> ... " echo "creating discourse instance for <$shortname> ... "
echo "initialize discourse $shortname $longname ... OK" echo "initialize discourse $shortname $longname ... OK"
admin_username=$(load_yaml_from_expanded services[\""$domain"\"][\""$subdomain"\"].data.discourse.admin.username)
admin_email=$(load_yaml_from_expanded services[\""$domain"\"][\""$subdomain"\"].data.discourse.admin.email)
admin_password=$(load_yaml_from_expanded services[\""$domain"\"][\""$subdomain"\"].data.discourse.admin.password)
redis_password=$(load_yaml_from_expanded credential.redis)
mkdir -p "$MIAOU_CONFIGDIR/apps/discourse" mkdir -p "$MIAOU_CONFIGDIR/apps/discourse"
APP_DOMAIN=$domain APP_SUBDOMAIN=$subdomain APP_FQDN=$fqdn APP_PORT=$port APP_NAME=$longname tera -e --env-key env -t "$MIAOU_BASEDIR/templates/apps/discourse/forum.yml.j2" -o "$MIAOU_CONFIGDIR/apps/discourse/$longname.yml" "$MIAOU_CONFIGDIR/miaou.expanded.yaml"
APP_REDIS_PASSWORD=$redis_password APP_DOMAIN=$domain APP_SUBDOMAIN=$subdomain APP_FQDN=$fqdn APP_PORT=$port APP_NAME=$longname tera -e --env-key env -t "$MIAOU_BASEDIR/templates/apps/discourse/forum.yml.j2" -o "$MIAOU_CONFIGDIR/apps/discourse/$longname.yml" "$MIAOU_CONFIGDIR/miaou.expanded.yaml"
echo "creating templates ... OK" echo "creating templates ... OK"
echo "copying files to container <$container> ... " echo "copying files to container <$container> ... "
@ -28,6 +33,8 @@ function _create() {
if ! (db-psql list | grep -q "$longname"); then if ! (db-psql list | grep -q "$longname"); then
echo "create empty database <$longname> ... " echo "create empty database <$longname> ... "
db-psql create "$longname" db-psql create "$longname"
db-psql use "$longname" "CREATE EXTENSION IF NOT EXISTS hstore"
db-psql use "$longname" "CREATE EXTENSION IF NOT EXISTS pg_trgm"
echo "create empty database <$longname> ... OK" echo "create empty database <$longname> ... OK"
else else
echo "database already exists!" echo "database already exists!"
@ -38,6 +45,8 @@ function _create() {
set -Eeuo pipefail set -Eeuo pipefail
cd /var/discourse cd /var/discourse
./launcher rebuild $longname ./launcher rebuild $longname
command='u=User.create_with(email: "$admin_email", password: "$admin_password").find_or_initialize_by(username: "$admin_username"); u.save; u.activate'
./launcher run $longname "rails runner '\$command'"
EOF EOF
echo "initialize discourse $longname ... OK" echo "initialize discourse $longname ... OK"
} }

55
recipes/redis/install.sh

@ -0,0 +1,55 @@
#!/bin/bash
function check() {
PREFIX="recipe:redis:check"
container_running "$CONTAINER" || return 10
echo "checking redis regarding access to its ip address <$REDIS_IP>..."
lxc exec "$CONTAINER" -- bash <<EOF
set -Eeuo pipefail
systemctl is-active redis.service &>/dev/null
ss -tlnp | grep redis | grep -q $REDIS_IP:6379
test -f /etc/redis/redis.conf
grep -Eq "^protected-mode no" /etc/redis/redis.conf
EOF
status="$?"
[[ $status -eq 0 ]] && echo "container <$CONTAINER> approved!"
return $status
}
function install() {
PREFIX="recipe:redis:install"
: "$PREFIX"
credential_redis=$(load_yaml_from_expanded credential.redis)
echowarn "initializing redis regarding access to its IP address <$REDIS_IP>..."
launch_container "$CONTAINER"
lxc exec "$CONTAINER" -- bash <<EOF
set -Eeuo pipefail
. /opt/miaou-bash/lib/functions.sh
/opt/miaou-bash/tools/idem_apt_install redis
/opt/miaou-bash/tools/append_or_replace "^bind .*$" "bind $REDIS_IP" /etc/redis/redis.conf
/opt/miaou-bash/tools/append_or_replace "^protected-mode .*$" "protected-mode no" /etc/redis/redis.conf
/opt/miaou-bash/tools/append_or_replace "^requirepass .*$" "requirepass $credential_redis" /etc/redis/redis.conf
systemctl restart redis.service
EOF
PREFIX="" echo OK
}
# MAIN
. "$MIAOU_BASEDIR/lib/init.sh"
arg1_required "$@"
CONTAINER="$1"
REDIS_IP=$(lxc list "$CONTAINER" -c 4 -f csv | cut -d ' ' -f1)
readonly CONTAINER REDIS_IP
check || (
install
check
)

4
templates/apps/discourse/forum.yml.j2

@ -27,7 +27,7 @@ env:
DISCOURSE_SMTP_USER_NAME: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.smtp.username }} DISCOURSE_SMTP_USER_NAME: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.smtp.username }}
DISCOURSE_SMTP_PASSWORD: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.smtp.password }} DISCOURSE_SMTP_PASSWORD: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.smtp.password }}
DISCOURSE_DEVELOPER_EMAILS: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.admin }}
DISCOURSE_DEVELOPER_EMAILS: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.admin.email }}
DISCOURSE_NOTIFICATION_EMAIL: noreply@{{ env.APP_DOMAIN }} DISCOURSE_NOTIFICATION_EMAIL: noreply@{{ env.APP_DOMAIN }}
DISCOURSE_DB_NAME: {{ env.APP_NAME }} DISCOURSE_DB_NAME: {{ env.APP_NAME }}
@ -36,6 +36,7 @@ env:
DISCOURSE_DB_HOST: ct1.lxd DISCOURSE_DB_HOST: ct1.lxd
DISCOURSE_REDIS_HOST: ct1.lxd DISCOURSE_REDIS_HOST: ct1.lxd
DISCOURSE_REDIS_PASSWORD: {{ env.APP_REDIS_PASSWORD }}
volumes: volumes:
- volume: - volume:
@ -63,4 +64,3 @@ hooks:
run: run:
- exec: echo "Beginning of custom commands" - exec: echo "Beginning of custom commands"
- exec: echo "End of custom commands" - exec: echo "End of custom commands"
- exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}'

3
templates/etc/defaults.yaml.j2

@ -1,8 +1,9 @@
--- ---
containers: containers:
dmz: [dmz] dmz: [dmz]
ct1: [mariadb, postgresql]
ct1: [mariadb, postgresql, redis]
credential: credential:
username: {{env.current_user}} username: {{env.current_user}}
shadow: {{env.shadow_passwd}} shadow: {{env.shadow_passwd}}
email: {{env.valid_email}} email: {{env.valid_email}}
redis: {{env.redis}}
Loading…
Cancel
Save