installer.sh.ejs

#!/bin/bash

set -eu -o pipefail

echo ""
echo "======== Cloudron Installer ========"
echo ""

if [ $# -lt 4 ]; then
    echo "Usage: ./installer.sh <fqdn> <aws key id> <aws key secret> <bucket> <provider> <revision>"
    exit 1
fi

# commandline arguments
readonly fqdn="${1}"
readonly aws_access_key_id="${2}"
readonly aws_access_key_secret="${3}"
readonly aws_backup_bucket="${4}"
readonly provider="${5}"
readonly revision="${6}"

# environment specific urls
<% if (env === 'prod') { %>
readonly api_server_origin="https://api.cloudron.io"
readonly web_server_origin="https://cloudron.io"
<% } else { %>
readonly api_server_origin="https://api.<%= env %>.cloudron.io"
readonly web_server_origin="https://<%= env %>.cloudron.io"
<% } %>
readonly release_bucket_url="https://s3.amazonaws.com/<%= env %>-cloudron-releases"
readonly versions_url="https://s3.amazonaws.com/<%= env %>-cloudron-releases/versions.json"
readonly installer_code_url="${release_bucket_url}/box-${revision}.tar.gz"

# runtime consts
readonly installer_code_file="/tmp/box.tar.gz"
readonly installer_tmp_dir="/tmp/box"
readonly cert_folder="/tmp/certificates"

# check for fqdn in /ets/hosts
echo "[INFO] checking for hostname entry"
readonly hostentry_found=$(grep "${fqdn}" /etc/hosts || true)
if [[ -z $hostentry_found ]]; then
    echo "[WARNING] No entry for ${fqdn} found in /etc/hosts"
    echo "Adding an entry ..."

    cat >> /etc/hosts <<EOF

# The following line was added by the Cloudron installer script
127.0.1.1 ${fqdn} ${fqdn}
EOF
else
    echo "Valid hostname entry found in /etc/hosts"
fi
echo ""

echo "[INFO] ensure minimal dependencies ..."
apt-get update
apt-get install -y curl
echo ""

echo "[INFO] Generating certificates ..."
rm -rf "${cert_folder}"
mkdir -p "${cert_folder}"

cat > "${cert_folder}/CONFIG" <<EOF
[ req ]
default_bits           = 1024
default_keyfile        = keyfile.pem
distinguished_name     = req_distinguished_name
prompt                 = no
req_extensions         = v3_req

[ req_distinguished_name ]
C                      = DE
ST                     = Berlin
L                      = Berlin
O                      = Cloudron UG
OU                     = Cloudron
CN                     = ${fqdn}
emailAddress           = cert@cloudron.io

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = ${fqdn}
DNS.2 = *.${fqdn}
EOF

# generate cert files
openssl genrsa 2048 > "${cert_folder}/host.key"
openssl req -new -out "${cert_folder}/host.csr" -key "${cert_folder}/host.key" -config "${cert_folder}/CONFIG"
openssl x509 -req -days 3650 -in "${cert_folder}/host.csr" -signkey "${cert_folder}/host.key" -out "${cert_folder}/host.cert" -extensions v3_req -extfile "${cert_folder}/CONFIG"

# make them json compatible, by collapsing to one line
tls_cert=$(sed ':a;N;$!ba;s/\n/\\n/g' "${cert_folder}/host.cert")
tls_key=$(sed ':a;N;$!ba;s/\n/\\n/g' "${cert_folder}/host.key")
echo ""

echo "[INFO] Fetching installer code ..."
curl "${installer_code_url}" -o "${installer_code_file}"
echo ""

echo "[INFO] Extracting installer code to ${installer_tmp_dir} ..."
rm -rf "${installer_tmp_dir}" && mkdir -p "${installer_tmp_dir}"
tar xvf "${installer_code_file}" -C "${installer_tmp_dir}"
echo ""

echo "Creating initial provisioning config ..."
cat > /root/provision.json <<EOF
{
    "sourceTarballUrl": "",
    "data": {
        "apiServerOrigin": "${api_server_origin}",
        "webServerOrigin": "${web_server_origin}",
        "fqdn": "${fqdn}",
        "token": "",
        "isCustomDomain": true,
        "boxVersionsUrl": "${versions_url}",
        "version": "",
        "tlsCert": "${tls_cert}",
        "tlsKey": "${tls_key}",
        "provider": "${provider}",
        "backupConfig": {
            "provider": "s3",
            "accessKeyId": "${aws_access_key_id}",
            "secretAccessKey": "${aws_access_key_secret}",
            "bucket": "${aws_backup_bucket}",
            "prefix": "backups"
        },
        "dnsConfig": {
            "provider": "route53",
            "accessKeyId": "${aws_access_key_id}",
            "secretAccessKey": "${aws_access_key_secret}"
        },
        "tlsConfig": {
            "provider": "letsencrypt-<%= env %>"
        }
    }
}
EOF

echo "[INFO] Running Ubuntu initializing script ..."
/bin/bash "${installer_tmp_dir}/baseimage/initializeBaseUbuntuImage.sh" "${revision}" selfhosting
echo ""

echo "[INFO] Reloading systemd daemon ..."
systemctl daemon-reload
echo ""

echo "[INFO] Restart docker ..."
systemctl restart docker
echo ""

echo "[FINISHED] Now starting Cloudron init jobs ..."
systemctl start box-setup

# TODO this is only for convenience we should probably just let the user do a restart
sleep 5 && sync
systemctl start cloudron-installer
journalctl -u cloudron-installer.service -f
Add installer.sh 2015-12-19 18:49:29 +01:00			`#!/bin/bash`

Prepare provisioning data for installer 2015-12-20 11:12:59 +01:00			`set -eu -o pipefail`
Add installer.sh 2015-12-19 18:49:29 +01:00
			`echo ""`
			`echo "======== Cloudron Installer ========"`
			`echo ""`

region is not required 2016-01-05 13:58:01 -08:00			`if [ $# -lt 4 ]; then`
Support box and installer in one tarball 2016-01-11 14:25:04 +01:00			`echo "Usage: ./installer.sh <fqdn> <aws key id> <aws key secret> <bucket> <provider> <revision>"`
Generate self signed certs for now 2015-12-21 20:44:37 +01:00			`exit 1`
Prepare provisioning data for installer 2015-12-20 11:12:59 +01:00			`fi`

Cleanup the installer script 2016-01-02 16:37:28 +01:00			`# commandline arguments`
Prepare provisioning data for installer 2015-12-20 11:12:59 +01:00			`readonly fqdn="${1}"`
Support s3 and route53 configs 2015-12-30 18:45:19 +01:00			`readonly aws_access_key_id="${2}"`
			`readonly aws_access_key_secret="${3}"`
			`readonly aws_backup_bucket="${4}"`
Add provider argument 2016-01-05 15:03:23 +01:00			`readonly provider="${5}"`
Support box and installer in one tarball 2016-01-11 14:25:04 +01:00			`readonly revision="${6}"`
Prepare provisioning data for installer 2015-12-20 11:12:59 +01:00
Cleanup the installer script 2016-01-02 16:37:28 +01:00			`# environment specific urls`
Set the correct environment for the installer.sh 2016-01-28 16:31:14 +01:00			`<% if (env === 'prod') { %>`
			`readonly api_server_origin="https://api.cloudron.io"`
			`readonly web_server_origin="https://cloudron.io"`
			`<% } else { %>`
			`readonly api_server_origin="https://api.<%= env %>.cloudron.io"`
			`readonly web_server_origin="https://<%= env %>.cloudron.io"`
			`<% } %>`
			`readonly release_bucket_url="https://s3.amazonaws.com/<%= env %>-cloudron-releases"`
			`readonly versions_url="https://s3.amazonaws.com/<%= env %>-cloudron-releases/versions.json"`
Support box and installer in one tarball 2016-01-11 14:25:04 +01:00			`readonly installer_code_url="${release_bucket_url}/box-${revision}.tar.gz"`
Prepare provisioning data for installer 2015-12-20 11:12:59 +01:00
Cleanup the installer script 2016-01-02 16:37:28 +01:00			`# runtime consts`
Use the unified tarball instead of separate installer 2016-01-11 14:49:49 +01:00			`readonly installer_code_file="/tmp/box.tar.gz"`
Support box and installer in one tarball 2016-01-11 14:25:04 +01:00			`readonly installer_tmp_dir="/tmp/box"`
Generate certs inline 2015-12-24 10:00:45 +01:00			`readonly cert_folder="/tmp/certificates"`
Generate self signed certs for now 2015-12-21 20:44:37 +01:00
Add a valid hostname entry in /etc/hosts if not found Using 127.0.1.1 as per http://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_hostname_resolution 2016-01-06 16:51:58 +01:00			`# check for fqdn in /ets/hosts`
			`echo "[INFO] checking for hostname entry"`
			`readonly hostentry_found=$(grep "${fqdn}" /etc/hosts \|\| true)`
			`if [[ -z $hostentry_found ]]; then`
			`echo "[WARNING] No entry for ${fqdn} found in /etc/hosts"`
			`echo "Adding an entry ..."`

			`cat >> /etc/hosts <<EOF`

			`# The following line was added by the Cloudron installer script`
			`127.0.1.1 ${fqdn} ${fqdn}`
			`EOF`
			`else`
			`echo "Valid hostname entry found in /etc/hosts"`
			`fi`
			`echo ""`

Prepare provisioning data for installer 2015-12-20 11:12:59 +01:00			`echo "[INFO] ensure minimal dependencies ..."`
			`apt-get update`
			`apt-get install -y curl`
			`echo ""`

Generate self signed certs for now 2015-12-21 20:44:37 +01:00			`echo "[INFO] Generating certificates ..."`
Generate certs inline 2015-12-24 10:00:45 +01:00			`rm -rf "${cert_folder}"`
			`mkdir -p "${cert_folder}"`

			`cat > "${cert_folder}/CONFIG" <<EOF`
			`[ req ]`
			`default_bits = 1024`
			`default_keyfile = keyfile.pem`
			`distinguished_name = req_distinguished_name`
			`prompt = no`
			`req_extensions = v3_req`

			`[ req_distinguished_name ]`
			`C = DE`
			`ST = Berlin`
			`L = Berlin`
			`O = Cloudron UG`
			`OU = Cloudron`
			`CN = ${fqdn}`
			`emailAddress = cert@cloudron.io`

			`[ v3_req ]`
			`# Extensions to add to a certificate request`
			`basicConstraints = CA:FALSE`
			`keyUsage = nonRepudiation, digitalSignature, keyEncipherment`
			`subjectAltName = @alt_names`

			`[alt_names]`
			`DNS.1 = ${fqdn}`
			`DNS.2 = *.${fqdn}`
			`EOF`

			`# generate cert files`
			`openssl genrsa 2048 > "${cert_folder}/host.key"`
			`openssl req -new -out "${cert_folder}/host.csr" -key "${cert_folder}/host.key" -config "${cert_folder}/CONFIG"`
			`openssl x509 -req -days 3650 -in "${cert_folder}/host.csr" -signkey "${cert_folder}/host.key" -out "${cert_folder}/host.cert" -extensions v3_req -extfile "${cert_folder}/CONFIG"`

			`# make them json compatible, by collapsing to one line`
			`tls_cert=$(sed ':a;N;$!ba;s/\n/\\n/g' "${cert_folder}/host.cert")`
			`tls_key=$(sed ':a;N;$!ba;s/\n/\\n/g' "${cert_folder}/host.key")`
Generate self signed certs for now 2015-12-21 20:44:37 +01:00			`echo ""`

Cleanup the installer script 2016-01-02 16:37:28 +01:00			`echo "[INFO] Fetching installer code ..."`
			`curl "${installer_code_url}" -o "${installer_code_file}"`
Use image init script from within the installer tar ball 2015-12-31 09:44:30 +01:00			`echo ""`

Cleanup the installer script 2016-01-02 16:37:28 +01:00			`echo "[INFO] Extracting installer code to ${installer_tmp_dir} ..."`
			`rm -rf "${installer_tmp_dir}" && mkdir -p "${installer_tmp_dir}"`
Support box and installer in one tarball 2016-01-11 14:25:04 +01:00			`tar xvf "${installer_code_file}" -C "${installer_tmp_dir}"`
Add installer.sh 2015-12-19 18:49:29 +01:00			`echo ""`

Prepare provisioning data for installer 2015-12-20 11:12:59 +01:00			`echo "Creating initial provisioning config ..."`
			`cat > /root/provision.json <<EOF`
			`{`
Cleanup the installer script 2016-01-02 16:37:28 +01:00			`"sourceTarballUrl": "",`
Prepare provisioning data for installer 2015-12-20 11:12:59 +01:00			`"data": {`
Cleanup the installer script 2016-01-02 16:37:28 +01:00			`"apiServerOrigin": "${api_server_origin}",`
			`"webServerOrigin": "${web_server_origin}",`
Prepare provisioning data for installer 2015-12-20 11:12:59 +01:00			`"fqdn": "${fqdn}",`
'null' does not survive the shell script hopping well 2015-12-29 18:51:49 +01:00			`"token": "",`
Prepare provisioning data for installer 2015-12-20 11:12:59 +01:00			`"isCustomDomain": true,`
Cleanup the installer script 2016-01-02 16:37:28 +01:00			`"boxVersionsUrl": "${versions_url}",`
			`"version": "",`
Generate self signed certs for now 2015-12-21 20:44:37 +01:00			`"tlsCert": "${tls_cert}",`
Provide provider in cloudron.conf 2015-12-29 11:30:03 +01:00			`"tlsKey": "${tls_key}",`
Add provider argument 2016-01-05 15:03:23 +01:00			`"provider": "${provider}",`
Support s3 and route53 configs 2015-12-30 18:45:19 +01:00			`"backupConfig": {`
			`"provider": "s3",`
			`"accessKeyId": "${aws_access_key_id}",`
			`"secretAccessKey": "${aws_access_key_secret}",`
			`"bucket": "${aws_backup_bucket}",`
			`"prefix": "backups"`
			`},`
			`"dnsConfig": {`
			`"provider": "route53",`
			`"accessKeyId": "${aws_access_key_id}",`
region is not required 2016-01-05 13:58:01 -08:00			`"secretAccessKey": "${aws_access_key_secret}"`
Set letsencrypt as tls config 2015-12-31 09:31:50 +01:00			`},`
			`"tlsConfig": {`
Set the correct environment for the installer.sh 2016-01-28 16:31:14 +01:00			`"provider": "letsencrypt-<%= env %>"`
Support s3 and route53 configs 2015-12-30 18:45:19 +01:00			`}`
Remove comma 2015-12-20 14:57:58 +01:00			`}`
Prepare provisioning data for installer 2015-12-20 11:12:59 +01:00			`}`
			`EOF`

Cleanup the installer script 2016-01-02 16:37:28 +01:00			`echo "[INFO] Running Ubuntu initializing script ..."`
Move baseimage relevant scripts to baseimage/ 2016-01-13 10:30:01 +01:00			`/bin/bash "${installer_tmp_dir}/baseimage/initializeBaseUbuntuImage.sh" "${revision}" selfhosting`
Cleanup the installer script 2016-01-02 16:37:28 +01:00			`echo ""`

do not rely on INFRA_VERSION to be present 2015-12-22 06:25:13 +01:00			`echo "[INFO] Reloading systemd daemon ..."`
			`systemctl daemon-reload`
			`echo ""`

Provide provider in cloudron.conf 2015-12-29 11:30:03 +01:00			`echo "[INFO] Restart docker ..."`
Ensure docker is running correctly 2015-12-23 13:54:49 +01:00			`systemctl restart docker`
			`echo ""`

do not rely on INFRA_VERSION to be present 2015-12-22 06:25:13 +01:00			`echo "[FINISHED] Now starting Cloudron init jobs ..."`
Ensure docker is running correctly 2015-12-23 13:54:49 +01:00			`systemctl start box-setup`
Cleanup the installer script 2016-01-02 16:37:28 +01:00
			`# TODO this is only for convenience we should probably just let the user do a restart`
Provide provider in cloudron.conf 2015-12-29 11:30:03 +01:00			`sleep 5 && sync`
Ensure docker is running correctly 2015-12-23 13:54:49 +01:00			`systemctl start cloudron-installer`
do not rely on INFRA_VERSION to be present 2015-12-22 06:25:13 +01:00			`journalctl -u cloudron-installer.service -f`