-
Notifications
You must be signed in to change notification settings - Fork 0
/
deploy
executable file
·129 lines (107 loc) · 3.55 KB
/
deploy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
#!/bin/bash
# PROGNAME=$(basename $0)
# RELEASE="Revision 1.0.6"
# AUTHOR="Paul Bargewell <paul.bargewell@opusvl.com>"
# COPYTRIGHT="Copyright 2021, Opus Vision Limited T/A OpusVL"
# LICENSE="SPDX-License-Identifier: AGPL-3.0-or-later"
source ./configure
DOCKER_COMPOSE=$(which docker-compose)
CURL=$(which curl)
if [[ -z "${DOCKER_COMPOSE}" ]] || [[ -z "${CURL}" ]]; then
echo "Missing prerequisite 'docker-compose' or 'curl'"
exit 1
fi
# This will bring up keycloak, slapd and db
${DOCKER_COMPOSE} up -d keycloak
# Use the Keycloak API to create the realm and LDAP component
echo "Configuring KEYCLOAK"
# Wait until the keycloak instance is responding
n=0 # 6 retries every 10s
until [ "$n" -ge 6 ]; do
ARGS=(--fail
--silent
-o /dev/null
"http://127.0.0.1:${PORTBASE}80/auth/realms/master/.well-known/openid-configuration"
)
${CURL} "${ARGS[@]}" && break
if [[ $? -ne 0 ]]; then
echo "KEYCLOAK: Retrying in 10 seconds."
n=$((n+1))
sleep 10
else
break
fi
done
ARGS=(--request POST
--url "http://127.0.0.1:${PORTBASE}80/auth/realms/master/protocol/openid-connect/token"
--header "content-type: application/x-www-form-urlencoded"
--data grant_type=password
--data client_id=admin-cli
--data username=admin
--data password="${KEYCLOAK_PASSWORD}"
--silent --fail
)
TOKEN=$(${CURL} "${ARGS[@]}" | jq -r ".access_token")
if [[ -z "${TOKEN}" ]]; then
echo "KEYCLOAK: Authentication failure or invalid token returned."
exit 1
fi
echo "KEYCLOAK: Authentication Success."
ARGS=(--request POST
--url "http://127.0.0.1:${PORTBASE}80/auth/admin/realms"
--header "authorization: bearer ${TOKEN}"
--header "content-type: application/json"
--silent --fail
--data @rest/create_realm.json
)
if [[ $(${CURL} "${ARGS[@]}") -ne 0 ]]; then
echo "KEYCLOAK: Unable to create REALM (Does it already exist?)."
exit 1
else
echo "KEYCLOAK: REALM ${HOST} created."
fi
ARGS=(--request POST
--url "http://127.0.0.1:${PORTBASE}80/auth/admin/realms/${HOST}/components"
--header "authorization: bearer ${TOKEN}"
--header "content-type: application/json"
--silent --fail
--data @rest/create_ldap.json
)
if [[ $(${CURL} "${ARGS[@]}") ]]; then
echo "KEYCLOAK: Unable to create LDAP component."
exit 1
else
echo "KEYCLOAK: LDAP component created."
fi
# To get this far implies keycloak is running which means the database is ready.
sudo mkdir -p "${CONTAINER_VOLUME}/${SERIAL}/{prosody,logs}"
sudo chmod g+rw,o+rw "${CONTAINER_VOLUME}/${SERIAL}/{prosody,logs}" -R
sudo chown 1000 "${CONTAINER_VOLUME}/${SERIAL}/{prosody,logs}" -R
sudo chgrp 1000 "${CONTAINER_VOLUME}/${SERIAL}/{prosody,logs}" -R
# Start all the other containers
echo "Starting All Containers."
${DOCKER_COMPOSE} up -d
# Resolve the Movim permission error by starting movim again
echo "Taking a breath... back in 10s"
sleep 10
${DOCKER_COMPOSE} up -d movim
echo "Configuring MOVIM"
# Wait until the keycloak instance is responding
n=0 # 6 retries every 10s
until [ "$n" -ge 6 ]; do
ARGS=(--fail
--silent
-o /dev/null
"http://127.0.0.1:${PORTBASE}81/?login"
)
${CURL} "${ARGS[@]}" && break
if [[ $? -ne 0 ]]; then
echo "MOVIM: Retrying in 10 seconds."
${DOCKER_COMPOSE} up -d movim
n=$((n+1))
sleep 10
fi
done
echo "update configuration set xmppdomain='${HOST}.${DOMAIN}', xmppdescription='${LDAP_ORGANISATION}', chatonly=true where username='admin';" | \
${DOCKER_COMPOSE} exec -T db psql -U movim -d movim
echo "Done."