Build Code
This commit is contained in:
parent
9de267de43
commit
85f2dd9acd
25
build.sh
Normal file
25
build.sh
Normal file
@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ ! "$BASH_VERSION" ] ; then
|
||||
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo ""
|
||||
echo ""
|
||||
echo "=============================="
|
||||
echo -n "$wiBold"
|
||||
echo " Warén Group "
|
||||
echo " Init.sh "
|
||||
echo -n "$wiNormal"
|
||||
echo "=============================="
|
||||
echo " >> Build << "
|
||||
echo "------------------------------"
|
||||
podman run -it --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp docker.io/library/php:8-cli php generator.php &> /dev/null
|
||||
chmod +x init.sh &> /dev/null
|
||||
echo "=============================="
|
||||
echo " "
|
||||
echo " "
|
||||
echo " "
|
||||
exit 1
|
28
generator.php
Normal file
28
generator.php
Normal file
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
$base = file_get_contents(__DIR__."/src/base.sh");
|
||||
|
||||
|
||||
$dirs = [
|
||||
__DIR__.'/src/functions/*.sh'
|
||||
];
|
||||
|
||||
$codes = [];
|
||||
|
||||
foreach($dirs as $dir){
|
||||
foreach(glob($dir) as $file){
|
||||
$codes[$file] = file_get_contents($file);
|
||||
}
|
||||
}
|
||||
|
||||
$code = str_replace("{{ CODES }}", implode("\n", $codes), $base);
|
||||
|
||||
try {
|
||||
$file = __DIR__.'/init.sh';
|
||||
$file = fopen($file, "w");
|
||||
fwrite($file, $code);
|
||||
fclose($file);
|
||||
} catch (\Error $e) {
|
||||
}
|
||||
|
||||
?>
|
326
init.sh
326
init.sh
@ -1,139 +1,45 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ ! "$BASH_VERSION" ] ; then
|
||||
bash $0 $1 $2 $3 $4 $5 $6 $7 $8 $9
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "
|
||||
==============================
|
||||
wiRed=$(tput setaf 196)
|
||||
wiGreen=$(tput setaf 46)
|
||||
wiYellow=$(tput setaf 226)
|
||||
wiBlue=$(tput setaf 21)
|
||||
wiPurple=$(tput setaf 165)
|
||||
wiTurquoise=$(tput setaf 14)
|
||||
wiPink=$(tput setaf 198)
|
||||
wiOrange=$(tput setaf 202)
|
||||
wiUnderline=$(tput smul)
|
||||
wiBold=$(tput bold)
|
||||
wiNormal=$(tput sgr0)
|
||||
|
||||
Warén Group
|
||||
Init Script
|
||||
wi-init(){
|
||||
wi-login $1 $2
|
||||
|
||||
------------------------------
|
||||
"
|
||||
echo " >> Init << "
|
||||
echo "------------------------------"
|
||||
|
||||
stop () {
|
||||
unset HVT
|
||||
mkdir -p ~/.ssh &> /dev/null
|
||||
|
||||
echo "
|
||||
==============================
|
||||
"
|
||||
apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
|
||||
python3 -m venv /opt/ansible &> /dev/null
|
||||
/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null
|
||||
|
||||
exit 1
|
||||
|
||||
}
|
||||
|
||||
mkdir -p ~/.ssh &> /dev/null
|
||||
|
||||
apt-get install -y python3-pip python3-venv jq git curl &> /dev/null
|
||||
python3 -m venv /opt/ansible &> /dev/null
|
||||
/opt/ansible/bin/pip3 install ansible hvac netaddr jmespath pexpect &> /dev/null
|
||||
|
||||
ORG=$1
|
||||
case $ORG in
|
||||
warengroup)
|
||||
DOMAIN="waren.io"
|
||||
FOLDER="warengroup"
|
||||
;;
|
||||
cwinfo)
|
||||
DOMAIN="cwinfo.net"
|
||||
FOLDER="cwinfo"
|
||||
;;
|
||||
cwchristerw)
|
||||
DOMAIN="christerwaren.fi"
|
||||
FOLDER="cwchristerw"
|
||||
;;
|
||||
*)
|
||||
echo "Organization is required."
|
||||
stop
|
||||
;;
|
||||
esac
|
||||
|
||||
HOSTNAME=$2
|
||||
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]; then
|
||||
stop
|
||||
fi
|
||||
|
||||
if [[ -z $USER || $USER == "root" ]]; then
|
||||
if [[ -z $SUDO_USER ]]; then
|
||||
if [[ -z LOGNAME ]]; then
|
||||
echo -n ""
|
||||
else
|
||||
USER=$LOGNAME
|
||||
fi
|
||||
else
|
||||
USER=$SUDO_USER
|
||||
fi
|
||||
fi
|
||||
|
||||
DEVICE_DOMAIN="devices.$DOMAIN"
|
||||
IDM_DOMAIN="idm.$DOMAIN"
|
||||
VAULT_DOMAIN="vault.cwinfo.net"
|
||||
GIT_DOMAIN="git.cwinfo.net"
|
||||
GIT_PORT=2222
|
||||
GIT_REPOSITORY="warengroup-private/infra-plus"
|
||||
|
||||
HOSTNAME="$HOSTNAME.$DEVICE_DOMAIN"
|
||||
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
|
||||
if [[ $VAULT_STATUS -eq 200 ]]; then
|
||||
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
|
||||
if [[ $IDM_STATUS -eq 301 ]]; then
|
||||
echo "$VAULT_DOMAIN - Login"
|
||||
echo "Method: LDAP"
|
||||
|
||||
if [[ -z $USER || $USER == "root" || $USER == "local" ]]; then
|
||||
echo -n "Username: "
|
||||
read USERNAME
|
||||
else
|
||||
echo "Username: $USER"
|
||||
USERNAME=$USER
|
||||
fi
|
||||
|
||||
echo -n "Password: "
|
||||
read -s PASSWORD
|
||||
echo "****************"
|
||||
echo ""
|
||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
|
||||
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]; then
|
||||
stop
|
||||
fi
|
||||
|
||||
VAULT_TOKEN=$VAULT_LOGIN
|
||||
export HVT="$VAULT_TOKEN"
|
||||
echo -e "\n"
|
||||
else
|
||||
echo "$VAULT_DOMAIN - Login"
|
||||
echo -n "Token: "
|
||||
read -s VAULT_TOKEN
|
||||
echo "***********************************************************************************************"
|
||||
echo ""
|
||||
if [[ -z $VAULT_TOKEN || ${#VAULT_TOKEN} -lt 95 || ${#VAULT_TOKEN} -gt 95 ]]; then
|
||||
stop
|
||||
fi
|
||||
|
||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/lookup-self -X GET -H "X-Vault-Token: $VAULT_TOKEN" -s | jq -r '.data.id')
|
||||
if [[ -z $VAULT_LOGIN ]]; then
|
||||
stop
|
||||
fi
|
||||
VAULT_TOKEN=$VAULT_LOGIN
|
||||
export HVT="$VAULT_TOKEN"
|
||||
echo -e "\n"
|
||||
fi
|
||||
fi
|
||||
|
||||
curl \
|
||||
curl \
|
||||
-H "X-Vault-Token: $VAULT_TOKEN" \
|
||||
-X GET \
|
||||
https://$VAULT_DOMAIN/v1/init.sh/data/ssh -s | jq -r '.data.data.privkey' > ~/.ssh/init
|
||||
|
||||
chmod 700 ~/.ssh/init
|
||||
chmod 700 ~/.ssh/init
|
||||
|
||||
mkdir -p ~/.ansible > /dev/null
|
||||
|
||||
if [ ! -f ~/.ansible/vars.yml ]; then
|
||||
mkdir -p ~/.ansible > /dev/null
|
||||
|
||||
if [ ! -f ~/.ansible/vars.yml ]
|
||||
then
|
||||
openssl rand -base64 64 | tr -d '\n' | head -c 64 > ~/.ansible/vault.yml
|
||||
|
||||
ANSIBLE_VAULT_SECRET=$(<~/.ansible/vault.yml)
|
||||
@ -148,15 +54,183 @@ if [ ! -f ~/.ansible/vars.yml ]; then
|
||||
echo " domain: $VAULT_DOMAIN" >> ~/.ansible/vars.yml
|
||||
|
||||
/opt/ansible/bin/ansible-vault encrypt --vault-password-file ~/.ansible/vault.yml ~/.ansible/vars.yml > /dev/null
|
||||
fi
|
||||
fi
|
||||
|
||||
ssh-keyscan -p $GIT_PORT $GIT_DOMAIN &> ~/.ssh/known_hosts
|
||||
ssh-keyscan -p $GIT_PORT $GIT_DOMAIN &> ~/.ssh/known_hosts
|
||||
|
||||
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init
|
||||
/opt/ansible/bin/ansible-pull -U ssh://git@$GIT_DOMAIN:$GIT_PORT/$GIT_REPOSITORY --vault-password-file ~/.ansible/vault.yml --private-key ~/.ssh/init playbooks/init.yml -t init
|
||||
|
||||
|
||||
unset HVT
|
||||
unset HVT
|
||||
}
|
||||
|
||||
echo "
|
||||
==============================
|
||||
"
|
||||
wi-login(){
|
||||
echo -n "$wiItalic"
|
||||
echo " >> Login << "
|
||||
echo -n "$wiNormal";
|
||||
echo "------------------------------"
|
||||
|
||||
ORG=$1
|
||||
|
||||
if [[ -z "$HOSTNAME" || ${#HOSTNAME} -lt 5 ]]
|
||||
then
|
||||
wi-stop
|
||||
fi
|
||||
|
||||
if [[ $(hostname -d) == "devices.waren.io" ]]
|
||||
then
|
||||
ORG=warengroup
|
||||
elif [[ $(hostname -d) == "devices.cwinfo.net" || $(hostname -d) == "fr1.servers.devices.cwinfo.net" ]]
|
||||
then
|
||||
ORG=cwinfo
|
||||
elif [[ $(hostname -d) == "devices.christerwaren.fi" ]]
|
||||
then
|
||||
ORG=cwchristerw
|
||||
elif [[ -z $ORG ]]
|
||||
then
|
||||
echo -n "Status: Organization Required"
|
||||
|
||||
wi-stop
|
||||
fi
|
||||
|
||||
if [[ $ORG == "warengroup" ]]
|
||||
then
|
||||
DOMAIN=waren.io
|
||||
elif [[ $ORG == "cwinfo" ]]
|
||||
then
|
||||
DOMAIN=cwinfo.net
|
||||
elif [[ $ORG == "cwchristerw" ]]
|
||||
then
|
||||
DOMAIN=christerwaren.fi
|
||||
else
|
||||
echo -n "Status: Organization Unsupported"
|
||||
|
||||
wi-stop
|
||||
fi
|
||||
|
||||
FOLDER=$ORG
|
||||
DEVICE_DOMAIN="devices.$DOMAIN"
|
||||
IDM_DOMAIN="idm.cwinfo.net"
|
||||
VAULT_DOMAIN="vault.cwinfo.net"
|
||||
GIT_DOMAIN="git.cwinfo.net"
|
||||
GIT_PORT=2222
|
||||
GIT_REPOSITORY="warengroup-private/infra-plus"
|
||||
|
||||
if [[ $(hostname -d) ]]
|
||||
then
|
||||
HOSTNAME=$(hostname --fqdn)
|
||||
elif [[ -z $(hostname -d) ]] && [[ ! -z $2 ]]
|
||||
then
|
||||
HOSTNAME="$2.$DEVICE_DOMAIN"
|
||||
else
|
||||
echo -n "Status: Hostname Required"
|
||||
wi-stop
|
||||
fi
|
||||
|
||||
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
|
||||
then
|
||||
if [[ -z $SUDO_USER ]]
|
||||
then
|
||||
if [[ -z LOGNAME ]]
|
||||
then
|
||||
echo -n "Status: Username Required"
|
||||
wi-stop
|
||||
else
|
||||
USER=$LOGNAME
|
||||
fi
|
||||
else
|
||||
USER=$SUDO_USER
|
||||
fi
|
||||
fi
|
||||
|
||||
VAULT_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$VAULT_DOMAIN/v1/sys/health)
|
||||
if [[ $VAULT_STATUS -eq 200 ]]
|
||||
then
|
||||
IDM_STATUS=$(curl -s -o /dev/null -w "%{http_code}" https://$IDM_DOMAIN)
|
||||
if [[ $IDM_STATUS -eq 301 ]]
|
||||
then
|
||||
echo $wiBold$ORG$wiNormal
|
||||
|
||||
if [[ -z $USER || $USER == "root" || $USER == "local" ]]
|
||||
then
|
||||
echo -n "Username: "
|
||||
read USERNAME
|
||||
else
|
||||
echo "Username: $USER"
|
||||
USERNAME=$USER
|
||||
fi
|
||||
|
||||
echo -n "Password: "
|
||||
read -s PASSWORD
|
||||
echo "****************"
|
||||
|
||||
if [[ -z $USERNAME || -z $PASSWORD ]]
|
||||
then
|
||||
echo -n "Status: Username & Password Required"
|
||||
wi-stop
|
||||
else
|
||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/ldap/login/$USERNAME -X POST -d '{ "password": "'$PASSWORD'" }' -s | jq -r '.auth.client_token')
|
||||
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
||||
then
|
||||
echo -n "Status: Login Failed"
|
||||
wi-stop
|
||||
fi
|
||||
|
||||
HVT=$VAULT_LOGIN
|
||||
wi-start
|
||||
fi
|
||||
else
|
||||
echo $wiBold$ORG$wiNormal
|
||||
|
||||
echo -n "Token: "
|
||||
read -s TOKEN
|
||||
echo "****************"
|
||||
|
||||
if [[ -z $TOKEN || ${#TOKEN} -lt 95 || ${#TOKEN} -gt 95 ]]
|
||||
then
|
||||
echo -n "Status: Vault Token Required"
|
||||
wi-stop
|
||||
fi
|
||||
|
||||
VAULT_LOGIN=$(curl https://$VAULT_DOMAIN/v1/auth/token/renew -X POST --header "X-Vault-Token: $TOKEN" -d '{ "token": "'$TOKEN'" }' -s | jq -r '.auth.client_token')
|
||||
if [[ -z $VAULT_LOGIN || ${#VAULT_LOGIN} -lt 95 || ${#VAULT_LOGIN} -gt 95 ]]
|
||||
then
|
||||
echo -n "Status: Login Failed"
|
||||
wi-stop
|
||||
fi
|
||||
|
||||
HVT=$VAULT_LOGIN
|
||||
wi-start
|
||||
fi
|
||||
else
|
||||
echo $wiBold$ORG$wiNormal
|
||||
|
||||
echo -n "Status: Vault Offline"
|
||||
wi-stop
|
||||
fi
|
||||
}
|
||||
|
||||
wi-start(){
|
||||
echo ""
|
||||
echo ""
|
||||
echo ""
|
||||
echo "=============================="
|
||||
echo -n "$wiBold"
|
||||
echo " Warén Group "
|
||||
echo " Init.sh "
|
||||
echo -n "$wiNormal"
|
||||
echo "=============================="
|
||||
}
|
||||
|
||||
wi-stop (){
|
||||
echo "=============================="
|
||||
echo " "
|
||||
echo " "
|
||||
echo " "
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
||||
wi-start
|
||||
wi-init $1 $2
|
||||
wi-stop
|
||||
|
Loading…
Reference in New Issue
Block a user