credential.redis

1 month ago · 8a65146071
5 changed files with 76 additions and 6 deletions
--- a/lib/install.sh
+++ b/lib/install.sh
@ -279,7 +279,8 @@ function check_credential {

    check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.username' &&
        check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.shadow' &&
-        check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.email'
+        check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.email' &&
+        check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.redis'
 }

 function check_target() {
@ -313,7 +314,11 @@ function miaou_configfiles() {
    if [[ ! -f /etc/miaou/defaults.yaml ]]; then
        echo -n "building /etc/miaou/defaults.yaml for the first time..."
        shadow_passwd=$(sudo grep "$CURRENT_USER" /etc/shadow | cut -d ':' -f2)
-        env current_user="$CURRENT_USER" shadow_passwd="$shadow_passwd" valid_email="$valid_email" tera -e --env-key env --env-only -t "$MIAOU_BASEDIR/templates/etc/defaults.yaml.j2" -o /etc/miaou/defaults.yaml >/dev/null
+        redis=$(
+            SIZE=12
+            tr -cd '[:alnum:]' </dev/urandom | fold -w $SIZE | head -n1
+        )
+        env current_user="$CURRENT_USER" shadow_passwd="$shadow_passwd" valid_email="$valid_email" redis="$redis" tera -e --env-key env --env-only -t "$MIAOU_BASEDIR/templates/etc/defaults.yaml.j2" -o /etc/miaou/defaults.yaml >/dev/null
        yq ".target=\"$TARGET\"" /etc/miaou/defaults.yaml -i
        PREFIX="" echoinfo DONE
    fi
--- a/recipes/discourse/crud.sh
+++ b/recipes/discourse/crud.sh
@ -17,8 +17,13 @@ function _create() {
    echo "creating discourse instance for <$shortname> ... "
    echo "initialize discourse $shortname $longname ... OK"

+    admin_username=$(load_yaml_from_expanded services[\""$domain"\"][\""$subdomain"\"].data.discourse.admin.username)
+    admin_email=$(load_yaml_from_expanded services[\""$domain"\"][\""$subdomain"\"].data.discourse.admin.email)
+    admin_password=$(load_yaml_from_expanded services[\""$domain"\"][\""$subdomain"\"].data.discourse.admin.password)
+    redis_password=$(load_yaml_from_expanded credential.redis)
+
    mkdir -p "$MIAOU_CONFIGDIR/apps/discourse"
-    APP_DOMAIN=$domain APP_SUBDOMAIN=$subdomain APP_FQDN=$fqdn APP_PORT=$port APP_NAME=$longname tera -e --env-key env -t "$MIAOU_BASEDIR/templates/apps/discourse/forum.yml.j2" -o "$MIAOU_CONFIGDIR/apps/discourse/$longname.yml" "$MIAOU_CONFIGDIR/miaou.expanded.yaml"
+    APP_REDIS_PASSWORD=$redis_password APP_DOMAIN=$domain APP_SUBDOMAIN=$subdomain APP_FQDN=$fqdn APP_PORT=$port APP_NAME=$longname tera -e --env-key env -t "$MIAOU_BASEDIR/templates/apps/discourse/forum.yml.j2" -o "$MIAOU_CONFIGDIR/apps/discourse/$longname.yml" "$MIAOU_CONFIGDIR/miaou.expanded.yaml"
    echo "creating templates ... OK"

    echo "copying files to container <$container> ... "
@ -28,6 +33,8 @@ function _create() {
    if ! (db-psql list | grep -q "$longname"); then
        echo "create empty database <$longname> ... "
        db-psql create "$longname"
+        db-psql use "$longname" "CREATE EXTENSION IF NOT EXISTS hstore"
+        db-psql use "$longname" "CREATE EXTENSION IF NOT EXISTS pg_trgm"
        echo "create empty database <$longname> ... OK"
    else
        echo "database already exists!"
@ -38,6 +45,8 @@ function _create() {
        set -Eeuo pipefail
        cd /var/discourse
        ./launcher rebuild $longname
+        command='u=User.create_with(email: "$admin_email", password: "$admin_password").find_or_initialize_by(username: "$admin_username"); u.save; u.activate'
+        ./launcher run $longname "rails runner '\$command'"
 EOF
    echo "initialize discourse $longname ... OK"
 }
--- a/recipes/redis/install.sh
+++ b/recipes/redis/install.sh
@ -0,0 +1,55 @@
+#!/bin/bash
+
+function check() {
+    PREFIX="recipe:redis:check"
+
+    container_running "$CONTAINER" || return 10
+    echo "checking redis regarding access to its ip address <$REDIS_IP>..."
+
+    lxc exec "$CONTAINER" -- bash <<EOF
+        set -Eeuo pipefail
+        systemctl is-active redis.service &>/dev/null
+        ss -tlnp | grep redis | grep -q $REDIS_IP:6379
+        test -f /etc/redis/redis.conf
+        grep -Eq "^protected-mode no" /etc/redis/redis.conf
+EOF
+    status="$?"
+    [[ $status -eq 0 ]] && echo "container <$CONTAINER> approved!"
+    return $status
+}
+
+function install() {
+    PREFIX="recipe:redis:install"
+    : "$PREFIX"
+
+    credential_redis=$(load_yaml_from_expanded credential.redis)
+    echowarn "initializing redis regarding access to its IP address <$REDIS_IP>..."
+
+    launch_container "$CONTAINER"
+    lxc exec "$CONTAINER" -- bash <<EOF
+        set -Eeuo pipefail
+
+        . /opt/miaou-bash/lib/functions.sh
+        /opt/miaou-bash/tools/idem_apt_install redis
+        /opt/miaou-bash/tools/append_or_replace "^bind .*$" "bind $REDIS_IP" /etc/redis/redis.conf
+        /opt/miaou-bash/tools/append_or_replace "^protected-mode .*$" "protected-mode no" /etc/redis/redis.conf
+        /opt/miaou-bash/tools/append_or_replace "^requirepass .*$" "requirepass $credential_redis" /etc/redis/redis.conf
+        systemctl restart redis.service
+EOF
+    PREFIX="" echo OK
+
+}
+
+# MAIN
+. "$MIAOU_BASEDIR/lib/init.sh"
+
+arg1_required "$@"
+
+CONTAINER="$1"
+REDIS_IP=$(lxc list "$CONTAINER" -c 4 -f csv | cut -d ' ' -f1)
+readonly CONTAINER REDIS_IP
+
+check || (
+    install
+    check
+)
--- a/templates/apps/discourse/forum.yml.j2
+++ b/templates/apps/discourse/forum.yml.j2
@ -27,7 +27,7 @@ env:
  DISCOURSE_SMTP_USER_NAME: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.smtp.username }}
  DISCOURSE_SMTP_PASSWORD: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.smtp.password }}

-  DISCOURSE_DEVELOPER_EMAILS: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.admin }}
+  DISCOURSE_DEVELOPER_EMAILS: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.admin.email }}
  DISCOURSE_NOTIFICATION_EMAIL: noreply@{{ env.APP_DOMAIN }}
 
  DISCOURSE_DB_NAME: {{ env.APP_NAME }}
@ -36,6 +36,7 @@ env:
  DISCOURSE_DB_HOST: ct1.lxd

  DISCOURSE_REDIS_HOST: ct1.lxd
+  DISCOURSE_REDIS_PASSWORD: {{ env.APP_REDIS_PASSWORD }}

 volumes:
  - volume:
@ -63,4 +64,3 @@ hooks:
 run:
  - exec: echo "Beginning of custom commands"
  - exec: echo "End of custom commands"
-  - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}'
--- a/templates/etc/defaults.yaml.j2
+++ b/templates/etc/defaults.yaml.j2
@ -1,8 +1,9 @@
 ---
 containers:
  dmz: [dmz]
-  ct1: [mariadb, postgresql]
+  ct1: [mariadb, postgresql, redis]
 credential:
  username: {{env.current_user}}
  shadow: {{env.shadow_passwd}}
  email: {{env.valid_email}}
+  redis: {{env.redis}}