cerc-io/webapp-deployment-status-api
16
0
Fork 1
Code Issues 9 Pull Requests 1 Packages Projects Releases 1 Wiki Activity
3372ce29f3
webapp-deployment-status-api/run.sh
Thomas E Lackey 3372ce29f3 Support uploading config files. (#14) 
This adds a new `/upload/config` endpoint to the API for uploading encrypted configuration files for later use by the deployer.

The payload takes the form:

```
authorized:
  - accounta
  - accountb
config:
  env:
    FOO: bar
    BAR: baz
```

The request is the encrypted using the deployer's public key (discoverable from its `WebappDeployer` record).  This is handled automatically by `laconic-so` but can also be handled manually using standard CLI tools like `gpg` and `curl`.

For example:

```
# Get the key
$ laconic -c ~/.laconic/testnet-a-cercio.yml registry name resolve lrn://laconic/deployers/webapp-deployer-api.dev.vaasl.io | jq -r '.[0].attributes.publicKey' | base64 -d > webapp-deployer-api.dev.vaasl.io.pgp.pub

# Import it
$ gpg --import webapp-deployer-api.dev.vaasl.io.pgp.pub

# Encrypt your config file.
$ gpg --yes --encrypt --recipient webapp-deployer-api.dev.vaasl.io --trust-model always config.yaml

# Post it
$ curl -s -X POST -d '@config.yaml.gpg' https://webapp-deployer-api.dev.vaasl.io/upload/config | jq
{
  "id": "B56C65AB96B741B7B219520A3ABFCD10"
}
```

Reviewed-on: #14
Co-authored-by: Thomas E Lackey <telackey@bozemanpass.com>
Co-committed-by: Thomas E Lackey <telackey@bozemanpass.com>
2024-08-27 19:44:52 +00:00

180 lines
4.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
function is_privileged {
ip link add dummy0 type dummy >/dev/null
if [[ $? -eq 0 ]]; then
echo "true"
ip link delete dummy0 >/dev/null
else
echo "false"
fi
}
if [ -z "$DEPLOYMENT_DNS_SUFFIX" ]; then
echo "DEPLOYMENT_DNS_SUFFIX is required."
exit 2
fi
if [ -z "$DEPLOYMENT_RECORD_NAMESPACE" ]; then
echo "DEPLOYMENT_RECORD_NAMESPACE is required."
exit 2
fi
if [ -z "$IMAGE_REGISTRY" ]; then
echo "IMAGE_REGISTRY is required."
exit 2
fi
if [ ! -f "/etc/config/laconic.yml" ]; then
echo "/etc/config/laconic.yml is required."
exit 2
fi
if [ ! -f "/etc/config/kube.yml" ]; then
echo "/etc/config/kube.yml is required."
exit 2
fi
STORAGE_ROOT="${STORAGE_ROOT:-/srv}"
DEPLOYMENTS_DIR="${DEPLOYMENTS_DIR:-$STORAGE_ROOT/deployments}"
LOG_DIR="${LOG_DIR:-$STORAGE_ROOT/logs}"
CONTAINERS_DIR="${CONTAINER_DIR:-$STORAGE_ROOT/containers}"
if [[ ! -d "${DEPLOYMENTS_DIR}" ]]; then
mkdir -p "${DEPLOYMENTS_DIR}"
fi
LOG_OPTS=""
if [[ -n "${LOG_DIR}" ]]; then
if [[ ! -d "${LOG_DIR}" ]]; then
mkdir -p "${LOG_DIR}"
fi
LOG_OPTS="--log-dir $LOG_DIR"
fi
if [[ ! -d "${CONTAINERS_DIR}" ]]; then
mkdir -p "${CONTAINERS_DIR}"
fi
if [[ "$CLEAN_DEPLOYMENTS" == "true" ]]; then
echo "Cleaning deployments directory..."
rm -rf ${DEPLOYMENTS_DIR}/*
fi
if [[ "$CLEAN_CONTAINERS" == "true" ]]; then
echo "Cleaning containers directory..."
rm -rf ${CONTAINERS_DIR}/*
fi
if [[ "$CLEAN_LOGS" == "true" ]] && [[ -n "$LOG_DIR" ]]; then
echo "Cleaning logs directory..."
rm -rf ${LOG_DIR}/*
fi
if [[ ! -d "${UPLOAD_DIRECTORY}" ]]; then
mkdir -p "${UPLOAD_DIRECTORY}"
fi
STORAGE_DRIVER="${STORAGE_DRIVER}"
if [[ -z "${STORAGE_DRIVER}" ]]; then
if [[ "true" == "`is_privileged`" ]]; then
STORAGE_DRIVER="overlay"
else
STORAGE_DRIVER="vfs"
fi
fi
echo "Using '$STORAGE_DRIVER' storage driver."
cat > /etc/containers/storage.conf <<EOF
[storage]
driver = "${STORAGE_DRIVER}"
runroot = "${CONTAINERS_DIR}/podman/run"
graphroot = "${CONTAINERS_DIR}/podman/storage"
[storage.options.overlay]
mount_program = "/usr/bin/fuse-overlayfs"
EOF
if [[ -n "$IMAGE_REGISTRY_CREDS" ]]; then
docker login --password "$IMAGE_REGISTRY_CREDS" --username ${IMAGE_REGISTRY_USER:-ANY} $IMAGE_REGISTRY
fi
cd /app/
while true; do
UPDATE_OPTS=""
if [[ "true" == "${ONLY_NEW_REQUESTS:-true}" ]] && [[ ! -f "${DEPLOYMENTS_DIR}/autodeploy.state" ]]; then
UPDATE_OPTS="--only-update-state"
fi
echo "=============================================================="
ps -ef | grep node | grep 'yarn start' >/dev/null
if [ $? -ne 0 ]; then
echo "########### STARTING API ############"
echo "Starting API"
yarn start &
fi
echo "########### UNDEPLOY ############"
laconic-so undeploy-webapp-from-registry \
--laconic-config /etc/config/laconic.yml \
--deployment-parent-dir "${DEPLOYMENTS_DIR}" \
--delete-names \
--delete-volumes \
--state-file "${DEPLOYMENTS_DIR}/autoremove.state" \
--include-tags "$INCLUDE_TAGS" \
--exclude-tags "$EXCLUDE_TAGS" \
--lrn "$LRN" \
--min-required-payment ${MIN_REQUIRED_PAYMENT:-0} \
$EXTRA_UNDEPLOY_OPTS \
$UPDATE_OPTS \
--discover
rc=$?
if [ $rc -eq 0 ]; then
echo "############ UNDEPLOY SUCCESS #############"
else
echo "############ UNDEPLOY FAILURE STATUS $rc #############"
fi
echo "############ DEPLOY #############"
laconic-so deploy-webapp-from-registry \
--kube-config /etc/config/kube.yml \
--laconic-config /etc/config/laconic.yml \
--image-registry ${IMAGE_REGISTRY} \
--deployment-parent-dir "${DEPLOYMENTS_DIR}" \
--dns-suffix ${DEPLOYMENT_DNS_SUFFIX} \
--record-namespace-dns lrn://${DEPLOYMENT_RECORD_NAMESPACE}/dns \
--record-namespace-deployments lrn://${DEPLOYMENT_RECORD_NAMESPACE}/deployments \
--state-file "${DEPLOYMENTS_DIR}/autodeploy.state" \
--include-tags "$INCLUDE_TAGS" \
--exclude-tags "$EXCLUDE_TAGS" \
--fqdn-policy "${FQDN_POLICY:-prohibit}" \
--lrn "$LRN" \
--min-required-payment ${MIN_REQUIRED_PAYMENT:-0} \
--config-upload-dir "$UPLOAD_DIRECTORY" \
--private-key-file "$OPENPGP_PRIVATE_KEY_FILE"
--private-key-passphrase "$OPENPGP_PASSPHRASE"
$LOG_OPTS \
$EXTRA_DEPLOY_OPTS \
$UPDATE_OPTS \
--discover
rc=$?
if [ $rc -eq 0 ]; then
echo "############ DEPLOY SUCCESS #############"
else
echo "############ DEPLOY FAILURE STATUS $rc #############"
fi
# Cleanup any build leftovers
if [[ "${SYSTEM_PRUNE:-false}" == "true" ]]; then
docker system prune --all --force
fi
if [[ "${WEBAPP_IMAGE_PRUNE:-true}" == "true" ]]; then
APP_IMAGES="$(docker image ls --quiet --filter 'reference=laconic-webapp')"
DANGLING_IMAGES="$(docker image ls --quiet --filter 'dangling=true')"
if [[ -n "$APP_IMAGES" ]] || [[ -n "$DANGLING_IMAGES" ]]; then
echo "Pruning images: $APP_IMAGES $DANGLING_IMAGES"
docker image rm -f $APP_IMAGES $DANGLING_IMAGES
fi
fi
sleep ${CHECK_INTERVAL:-15}
done
Reference in New Issue View Git Blame Copy Permalink