Build Code
This commit is contained in:
parent
9de267de43
commit
85f2dd9acd
25
build.sh
Normal file
25
build.sh
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ ! "$BASH_VERSION" ] ; then
|
||||||
|
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
echo ""
|
||||||
|
echo "=============================="
|
||||||
|
echo -n "$wiBold"
|
||||||
|
echo " Warén Group "
|
||||||
|
echo " Init.sh "
|
||||||
|
echo -n "$wiNormal"
|
||||||
|
echo "=============================="
|
||||||
|
echo " >> Build << "
|
||||||
|
echo "------------------------------"
|
||||||
|
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
|
||||||
|
chmod +x init.sh &> /dev/null
|
||||||
|
echo "=============================="
|
||||||
|
echo " "
|
||||||
|
echo " "
|
||||||
|
echo " "
|
||||||
|
exit 1
|
28
generator.php
Normal file
28
generator.php
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
$base = file_get_contents(__DIR__."/src/base.sh");
|
||||||
|
|
||||||
|
|
||||||
|
$dirs = [
|
||||||
|
__DIR__.'/src/functions/*.sh'
|
||||||
|
];
|
||||||
|
|
||||||
|
$codes = [];
|
||||||
|
|
||||||
|
foreach($dirs as $dir){
|
||||||
|
foreach(glob($dir) as $file){
|
||||||
|
$codes[$file] = file_get_contents($file);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$code = str_replace("{{ CODES }}", implode("\n", $codes), $base);
|
||||||
|
|
||||||
|
try {
|
||||||
|
$file = __DIR__.'/init.sh';
|
||||||
|
$file = fopen($file, "w");
|
||||||
|
fwrite($file, $code);
|
||||||
|
fclose($file);
|
||||||
|
} catch (\Error $e) {
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
346
init.sh
346
init.sh
@ -1,162 +1,236 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ ! "$BASH_VERSION" ] ; then
|
if [ ! "$BASH_VERSION" ] ; then
|
||||||
|
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "
|
wiRed=$(tput setaf 196)
|
||||||
==============================
|
wiGreen=$(tput setaf 46)
|
||||||
|
wiYellow=$(tput setaf 226)
|
||||||
|
wiBlue=$(tput setaf 21)
|
||||||
|
wiPurple=$(tput setaf 165)
|
||||||
|
wiTurquoise=$(tput setaf 14)
|
||||||
|
wiPink=$(tput setaf 198)
|
||||||
|
wiOrange=$(tput setaf 202)
|
||||||
|
wiUnderline=$(tput smul)
|
||||||
|
wiBold=$(tput bold)
|
||||||
|
wiNormal=$(tput sgr0)
|
||||||
|
|
||||||
Warén Group
|
wi-init(){
|
||||||
Init Script
|
wi-login $1 $2
|
||||||
|
|
||||||
------------------------------
|
echo " >> Init << "
|
||||||
"
|
echo "------------------------------"
|
||||||
|
|
||||||
stop () {
|
mkdir -p ~/.ssh &> /dev/null
|
||||||
unset HVT
|
|
||||||
|
|
||||||
echo "
|
apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
|
||||||
==============================
|
python3 -m venv /opt/ansible &> /dev/null
|
||||||
"
|
/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null
|
||||||
|
|
||||||
exit 1
|
curl \
|
||||||
|
-H "X-Vault-Token: $VAULT_TOKEN" \
|
||||||
|
-X GET \
|
||||||
|
https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/init
|
||||||
|
|
||||||
|
chmod 700 ~/.ssh/init
|
||||||
|
|
||||||
|
mkdir -p ~/.ansible > /dev/null
|
||||||
|
|
||||||
|
if [ ! -f ~/.ansible/vars.yml ]
|
||||||
|
then
|
||||||
|
openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml
|
||||||
|
|
||||||
|
ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml)
|
||||||
|
|
||||||
|
echo "---" > ~/.ansible/vars.yml
|
||||||
|
echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
|
||||||
|
echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml
|
||||||
|
echo "vault:" >> ~/.ansible/vars.yml
|
||||||
|
echo " ansible:" >> ~/.ansible/vars.yml
|
||||||
|
echo " secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml
|
||||||
|
echo " hashicorp:" >> ~/.ansible/vars.yml
|
||||||
|
echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
|
||||||
|
|
||||||
|
/opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
ssh-keyscan -p $GIT_PORT $GIT_DOMAIN &> ~/.ssh/known_hosts
|
||||||
|
|
||||||
|
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init
|
||||||
|
|
||||||
|
|
||||||
|
unset HVT
|
||||||
}
|
}
|
||||||
|
|
||||||
mkdir -p ~/.ssh &> /dev/null
|
wi-login(){
|
||||||
|
echo -n "$wiItalic"
|
||||||
|
echo " >> Login << "
|
||||||
|
echo -n "$wiNormal";
|
||||||
|
echo "------------------------------"
|
||||||
|
|
||||||
apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
|
ORG=$1
|
||||||
python3 -m venv /opt/ansible &> /dev/null
|
|
||||||
/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null
|
|
||||||
|
|
||||||
ORG=$1
|
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
|
||||||
case $ORG in
|
then
|
||||||
warengroup)
|
wi-stop
|
||||||
DOMAIN="waren.io"
|
fi
|
||||||
FOLDER="warengroup"
|
|
||||||
;;
|
|
||||||
cwinfo)
|
|
||||||
DOMAIN="cwinfo.net"
|
|
||||||
FOLDER="cwinfo"
|
|
||||||
;;
|
|
||||||
cwchristerw)
|
|
||||||
DOMAIN="christerwaren.fi"
|
|
||||||
FOLDER="cwchristerw"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Organization is required."
|
|
||||||
stop
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
HOSTNAME=$2
|
if [[ $(hostname -d) == "devices.waren.io" ]]
|
||||||
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]; then
|
then
|
||||||
stop
|
ORG=warengroup
|
||||||
fi
|
elif [[ $(hostname -d) == "devices.cwinfo.net" || $(hostname -d) == "fr1.servers.devices.cwinfo.net" ]]
|
||||||
|
then
|
||||||
|
ORG=cwinfo
|
||||||
|
elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
|
||||||
|
then
|
||||||
|
ORG=cwchristerw
|
||||||
|
elif [[ -z $ORG ]]
|
||||||
|
then
|
||||||
|
echo -n "Status: Organization Required"
|
||||||
|
|
||||||
if [[ -z $USER || $USER == "root" ]]; then
|
wi-stop
|
||||||
if [[ -z $SUDO_USER ]]; then
|
fi
|
||||||
if [[ -z LOGNAME ]]; then
|
|
||||||
echo -n ""
|
if [[ $ORG == "warengroup" ]]
|
||||||
|
then
|
||||||
|
DOMAIN=waren.io
|
||||||
|
elif [[ $ORG == "cwinfo" ]]
|
||||||
|
then
|
||||||
|
DOMAIN=cwinfo.net
|
||||||
|
elif [[ $ORG == "cwchristerw" ]]
|
||||||
|
then
|
||||||
|
DOMAIN=christerwaren.fi
|
||||||
|
else
|
||||||
|
echo -n "Status: Organization Unsupported"
|
||||||
|
|
||||||
|
wi-stop
|
||||||
|
fi
|
||||||
|
|
||||||
|
FOLDER=$ORG
|
||||||
|
DEVICE_DOMAIN="devices.$DOMAIN"
|
||||||
|
IDM_DOMAIN="idm.cwinfo.net"
|
||||||
|
VAULT_DOMAIN="vault.cwinfo.net"
|
||||||
|
GIT_DOMAIN="git.cwinfo.net"
|
||||||
|
GIT_PORT=2222
|
||||||
|
GIT_REPOSITORY="warengroup-private/infra-plus"
|
||||||
|
|
||||||
|
if [[ $(hostname -d) ]]
|
||||||
|
then
|
||||||
|
HOSTNAME=$(hostname --fqdn)
|
||||||
|
elif [[ -z $(hostname -d) ]] && [[ ! -z $2 ]]
|
||||||
|
then
|
||||||
|
HOSTNAME="$2.$DEVICE_DOMAIN"
|
||||||
|
else
|
||||||
|
echo -n "Status: Hostname Required"
|
||||||
|
wi-stop
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
|
||||||
|
then
|
||||||
|
if [[ -z $SUDO_USER ]]
|
||||||
|
then
|
||||||
|
if [[ -z LOGNAME ]]
|
||||||
|
then
|
||||||
|
echo -n "Status: Username Required"
|
||||||
|
wi-stop
|
||||||
|
else
|
||||||
|
USER=$LOGNAME
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
USER=$LOGNAME
|
USER=$SUDO_USER
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
|
||||||
|
if [[ $VAULT_STATUS -eq 200 ]]
|
||||||
|
then
|
||||||
|
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
|
||||||
|
if [[ $IDM_STATUS -eq 301 ]]
|
||||||
|
then
|
||||||
|
echo $wiBold$ORG$wiNormal
|
||||||
|
|
||||||
|
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
|
||||||
|
then
|
||||||
|
echo -n "Username: "
|
||||||
|
read USERNAME
|
||||||
|
else
|
||||||
|
echo "Username: $USER"
|
||||||
|
USERNAME=$USER
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -n "Password: "
|
||||||
|
read -s PASSWORD
|
||||||
|
echo "****************"
|
||||||
|
|
||||||
|
if [[ -z $USERNAME || -z $PASSWORD ]]
|
||||||
|
then
|
||||||
|
echo -n "Status: Username & Password Required"
|
||||||
|
wi-stop
|
||||||
|
else
|
||||||
|
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
|
||||||
|
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
||||||
|
then
|
||||||
|
echo -n "Status: Login Failed"
|
||||||
|
wi-stop
|
||||||
|
fi
|
||||||
|
|
||||||
|
HVT=$VAULT_LOGIN
|
||||||
|
wi-start
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo $wiBold$ORG$wiNormal
|
||||||
|
|
||||||
|
echo -n "Token: "
|
||||||
|
read -s TOKEN
|
||||||
|
echo "****************"
|
||||||
|
|
||||||
|
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
|
||||||
|
then
|
||||||
|
echo -n "Status: Vault Token Required"
|
||||||
|
wi-stop
|
||||||
|
fi
|
||||||
|
|
||||||
|
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
||||||
|
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
||||||
|
then
|
||||||
|
echo -n "Status: Login Failed"
|
||||||
|
wi-stop
|
||||||
|
fi
|
||||||
|
|
||||||
|
HVT=$VAULT_LOGIN
|
||||||
|
wi-start
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
USER=$SUDO_USER
|
echo $wiBold$ORG$wiNormal
|
||||||
|
|
||||||
|
echo -n "Status: Vault Offline"
|
||||||
|
wi-stop
|
||||||
fi
|
fi
|
||||||
fi
|
}
|
||||||
|
|
||||||
DEVICE_DOMAIN="devices.$DOMAIN"
|
wi-start(){
|
||||||
IDM_DOMAIN="idm.$DOMAIN"
|
echo ""
|
||||||
VAULT_DOMAIN="vault.cwinfo.net"
|
echo ""
|
||||||
GIT_DOMAIN="git.cwinfo.net"
|
echo ""
|
||||||
GIT_PORT=2222
|
echo "=============================="
|
||||||
GIT_REPOSITORY="warengroup-private/infra-plus"
|
echo -n "$wiBold"
|
||||||
|
echo " Warén Group "
|
||||||
|
echo " Init.sh "
|
||||||
|
echo -n "$wiNormal"
|
||||||
|
echo "=============================="
|
||||||
|
}
|
||||||
|
|
||||||
HOSTNAME="$HOSTNAME.$DEVICE_DOMAIN"
|
wi-stop (){
|
||||||
|
echo "=============================="
|
||||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
|
echo " "
|
||||||
if [[ $VAULT_STATUS -eq 200 ]]; then
|
echo " "
|
||||||
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
|
echo " "
|
||||||
if [[ $IDM_STATUS -eq 301 ]]; then
|
exit 1
|
||||||
echo "$VAULT_DOMAIN - Login"
|
}
|
||||||
echo "Method: LDAP"
|
|
||||||
|
|
||||||
if [[ -z $USER || $USER == "root" || $USER == "local" ]]; then
|
|
||||||
echo -n "Username: "
|
|
||||||
read USERNAME
|
|
||||||
else
|
|
||||||
echo "Username: $USER"
|
|
||||||
USERNAME=$USER
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo -n "Password: "
|
|
||||||
read -s PASSWORD
|
|
||||||
echo "****************"
|
|
||||||
echo ""
|
|
||||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
|
|
||||||
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]; then
|
|
||||||
stop
|
|
||||||
fi
|
|
||||||
|
|
||||||
VAULT_TOKEN=$VAULT_LOGIN
|
|
||||||
export HVT="$VAULT_TOKEN"
|
|
||||||
echo -e "\n"
|
|
||||||
else
|
|
||||||
echo "$VAULT_DOMAIN - Login"
|
|
||||||
echo -n "Token: "
|
|
||||||
read -s VAULT_TOKEN
|
|
||||||
echo "***********************************************************************************************"
|
|
||||||
echo ""
|
|
||||||
if [[ -z $VAULT_TOKEN || ${#VAULT_TOKEN} -lt 95 || ${#VAULT_TOKEN} -gt 95 ]]; then
|
|
||||||
stop
|
|
||||||
fi
|
|
||||||
|
|
||||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET -H "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.id')
|
|
||||||
if [[ -z $VAULT_LOGIN ]]; then
|
|
||||||
stop
|
|
||||||
fi
|
|
||||||
VAULT_TOKEN=$VAULT_LOGIN
|
|
||||||
export HVT="$VAULT_TOKEN"
|
|
||||||
echo -e "\n"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
curl \
|
|
||||||
-H "X-Vault-Token: $VAULT_TOKEN" \
|
|
||||||
-X GET \
|
|
||||||
https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/init
|
|
||||||
|
|
||||||
chmod 700 ~/.ssh/init
|
|
||||||
|
|
||||||
mkdir -p ~/.ansible > /dev/null
|
|
||||||
|
|
||||||
if [ ! -f ~/.ansible/vars.yml ]; then
|
|
||||||
|
|
||||||
openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml
|
|
||||||
|
|
||||||
ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml)
|
|
||||||
|
|
||||||
echo "---" > ~/.ansible/vars.yml
|
|
||||||
echo "hostname: $HOSTNAME" >> ~/.ansible/vars.yml
|
|
||||||
echo "folder: /$FOLDER/" >> ~/.ansible/vars.yml
|
|
||||||
echo "vault:" >> ~/.ansible/vars.yml
|
|
||||||
echo " ansible:" >> ~/.ansible/vars.yml
|
|
||||||
echo " secret: $ANSIBLE_VAULT_SECRET" >> ~/.ansible/vars.yml
|
|
||||||
echo " hashicorp:" >> ~/.ansible/vars.yml
|
|
||||||
echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
|
|
||||||
|
|
||||||
/opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null
|
|
||||||
fi
|
|
||||||
|
|
||||||
ssh-keyscan -p $GIT_PORT $GIT_DOMAIN &> ~/.ssh/known_hosts
|
|
||||||
|
|
||||||
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init
|
|
||||||
|
|
||||||
|
|
||||||
unset HVT
|
wi-start
|
||||||
|
wi-init $1 $2
|
||||||
echo "
|
wi-stop
|
||||||
==============================
|
|
||||||
"
|
|
||||||
|
Loading…
Reference in New Issue
Block a user