From 4e3b228f3b50a3b3a702e155b3edb58c30ea71c7 Mon Sep 17 00:00:00 2001 From: Piotr Perzanowski Date: Tue, 18 Dec 2018 15:51:39 +0100 Subject: Sharing script for deploying nexus. Adding script deploy_nexus.sh Change-Id: I4a874560ba5ecf200148911887ad74eeef0c3ecf Issue-ID: OOM-1551 Signed-off-by: Piotr Perzanowski --- bash/tools/create_si_cacert_pkg.sh | 24 ++++++ bash/tools/deploy_nexus.sh | 149 +++++++++++++++++++++++++++++++++++++ 2 files changed, 173 insertions(+) create mode 100644 bash/tools/create_si_cacert_pkg.sh create mode 100644 bash/tools/deploy_nexus.sh (limited to 'bash/tools') diff --git a/bash/tools/create_si_cacert_pkg.sh b/bash/tools/create_si_cacert_pkg.sh new file mode 100644 index 00000000..eac728be --- /dev/null +++ b/bash/tools/create_si_cacert_pkg.sh @@ -0,0 +1,24 @@ +#! /bin/bash +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE +self="$0" +tools_dir=$(dirname "$self") +TARGET_FILE="./install_cacert.sh" +cat "$tools_dir/certificates/self_extract_cacert.sh" "$tools_dir/../../live/certs/rootCAcert.crt" > $TARGET_FILE +chmod a+x $TARGET_FILE +echo "Created self installation file: $TARGET_FILE" diff --git a/bash/tools/deploy_nexus.sh b/bash/tools/deploy_nexus.sh new file mode 100644 index 00000000..ab1c80b2 --- /dev/null +++ b/bash/tools/deploy_nexus.sh @@ -0,0 +1,149 @@ +#! /usr/bin/env bash +# COPYRIGHT NOTICE STARTS HERE +# +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# COPYRIGHT NOTICE ENDS HERE +# fail fast +set -e +# OS check +. /etc/os-release +OS_ID="${ID}" +case "$OS_ID" in + centos) + ;; + rhel) + ;; + ubuntu) + ;; + *) + echo This OS is not supported: $OS_ID + exit 1 + ;; +esac +# boilerplate +RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh' +if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then + SCRIPT_DIR=$(dirname "${0}") + LOCAL_PATH=$(readlink -f "$SCRIPT_DIR") + . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh +fi +# +# local functions +# +start_nexus() { + echo "** Starting nexus **" + if [[ -z "$NEXUS_DATA" ]]; then + echo "Nexus data env is not set" + exit -3 + fi + # valid for case of fresh nexus deployment + # data are inserted in later phases + mkdir -p $NEXUS_DATA + # hardening + chmod a+wrX $NEXUS_DATA + chown -R 200:200 $NEXUS_DATA + docker rm -f nexus 1> /dev/null 2>&1 || true + docker run -d --name nexus\ + --restart unless-stopped \ + -v $NEXUS_DATA:/nexus-data:rw \ + sonatype/nexus3 + echo "** Creating docker network **" + docker network create nexus_network + docker network connect nexus_network nexus +} +start_nginx() { + echo "** Starting reverse proxy - nginx **" + docker rm -f nginx 1> /dev/null 2>&1 || true + mkdir -p $NGINX_HTTP_DIR/repo.install-server + mkdir -p "$NGINX_HTTP_DIR/repo.install-server" + docker run -d -p 80:80 -p 443:443 -p 10001:443 \ + --name nginx \ + --network nexus_network \ + -v $GEN_CFG_PATH/nginx.conf:/etc/nginx/nginx.conf:ro \ + -v $CERTS_TARGET_PATH:/etc/nginx/certs:ro \ + -v $GIT_REPOS:/srv/git:rw \ + -v $NGINX_LOG_DIR:/var/log/nginx:rw \ + -v $NGINX_HTTP_DIR:/srv/http:ro \ + -v $RHEL_REPO:/srv/http/repo.install-server:ro \ + --restart unless-stopped \ + own_nginx +} +patch_cert() { + file=$1 + cp "$APROJECT_DIR/cfg/$file" "$GEN_CFG_PATH/$file" +} +patch_conf_files() { + # patch nexus and root cert + patch_cert nexus_cert.cnf + patch_cert cacert.cnf + # patch nexus v3 ext cert + sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/v3.ext" > $GEN_CFG_PATH/v3.ext + #patch nginx.conf + sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/nginx.conf" > $GEN_CFG_PATH/nginx.conf +} +# +# body +# +message info "Nexus will be installed into this directory: $(pwd)" +if ! [ -f ./local_repo.conf ]; then + printf "[?] > Do you want continue? (if no, hit CTRL+C): " + read x +fi +message info "Reading configuration" +get_configuration +mkdir -p "$CERTS_TARGET_PATH" +mkdir -p "$NGINX_LOG_DIR" +mkdir -p "$GEN_CFG_PATH" +if [ "$IS_SELF_EXTRACT" = YES ] ; then + message info "Now I will untar the resources" + message info "This may take a long time..." + sleep 3s + may_self_extract +fi +# +echo "Cleanup docker (if installed)" +docker rm -f nginx 1> /dev/null 2>&1 || true +docker rm -f nexus 1> /dev/null 2>&1 || true +install_files +install_packages "$OS_ID" +setup_vnc_server +update_hosts +# TODO +#check_dependencies +echo "Restarting dnsmasq" +systemctl enable dnsmasq +systemctl restart dnsmasq +echo "** Generating config files to $GEN_CFG_PATH **" +echo "Configure ssl certificates" +patch_conf_files +create_root_CA +# create selfinstall CA cert +$BASH_SCRIPTS_DIR/tools/create_si_cacert_pkg.sh +# run generated file +./install_cacert.sh +create_cert "nexus" +echo "** Certificates finished **" +update_docker_cfg +echo "Restarting docker" +systemctl enable docker +systemctl restart docker +update_firewall +set +e +echo "** Loading images **" +docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/sonatype_nexus3_latest.tar +docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/own_nginx_latest.tar +start_nexus +start_nginx -- cgit 1.2.3-korg