-
Notifications
You must be signed in to change notification settings - Fork 40
/
Copy pathvault
executable file
·255 lines (221 loc) · 8.9 KB
/
vault
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
#!/usr/bin/env bash
set -e
Green='\033[0;32m'
Red='\033[0;31m'
Yellow='\033[0;33m'
BYellow='\033[1;33m'
NC='\033[0m'
function outputLogo {
echo "
███████ ████████ ██████ █████ ████████ ██████ ██ ██ █████ ██ ██ ██ ████████
██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
███████ ██ ██████ ███████ ██ ██ ██ ██ ██ ███████ ██ ██ ██ ██
██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
███████ ██ ██ ██ ██ ██ ██ ██████ ████ ██ ██ ██████ ███████ ██
"
}
function help {
outputLogo
echo -e "${BYellow}STRATO run script${NC}
Kickstart the STRATO node.
${Yellow}Optional flags:${NC}
The entrypoints are mutually exclusive.
--help|-h - this help.
--set-password - set or re-enter the STRATO Vault's in-memory password; use PASSWORD env var to skip interactive input.
--stop - stop STRATO containers (keeps containers and volumes.)
--start - start the existing STRATO containers after they were stopped (the opposite to --stop.)
--down - remove strato containers and leave all volumes intact.
--wipe - stop and remove STRATO containers and wipe out volumes.
--compose - fetch the latest stable docker-compose.vault.yml.
--pull - pull images used in docker-compose.vault.yml.
${Yellow}Environment variables:${NC}
PASSWORD - STRATO Vault's in-memory password. To be requested interactively if skipped.
HTTP_PORT - (default: 8090) Port for HTTP traffic listener.
HTTPS_PORT - (default: 8093) Port for HTTPS traffic listener; only used with ssl=true.
ssl - (default: false) [true|false] to run the node with SSL/TLS.
sslCertFileType - (default: pem) [pem|crt] the SSL certificate type and file extension (should be accessible at ./ssl/certs/server.<sslCertFileType> at deploy time.)
INITIAL_OAUTH_DISCOVERY_URL - (required) OpenID Connect discovery URL for initial OAuth2 provider. Additional ones can be added at run time.
INITIAL_OAUTH_ISSUER - (required) Issuer value for initial OAuth2 provider.
INITIAL_OAUTH_JWT_USERNAME_CLAIM - (default: sub) The claim (payload property) of JWT token to use as unique user id within STRATO Vault."
}
function wipe {
echo -e "${Yellow}Removing Vault containers and wiping out volumes${NC}"
${docker_compose} down -vt 0 --remove-orphans
}
function down {
echo -e "${Yellow}Removing Vault containers${NC}"
${docker_compose} down --remove-orphans
}
function stop {
echo -e "${Yellow}Gently stopping Vault containers${NC}"
${docker_compose} stop
}
function start {
echo -e "${Yellow}Starting the earlier stopped Vault containers${NC}"
${docker_compose} start
}
function getCompose {
echo -e "${Yellow}Downloading the latest stable version of docker-compose.vault.yml...${NC}"
curl -fLo docker-compose.vault.yml https://github.com/blockapps/strato-getting-started/releases/download/$(curl -s -L https://github.com/blockapps/strato-getting-started/releases/latest | grep -om1 '"/blockapps/strato-getting-started/releases/tag/[^"]*' | grep -oE "[^/]+$")/docker-compose.vault.yml
echo -e "${Yellow}docker-compose.vault.yml downloaded successfully.${NC}"
}
function pullImages {
${docker_compose} pull
}
function setPassword {
while [ -z $PASSWORD ]; do
echo
echo -n Please enter a password:
read -s PASSWORDA || (printf "\nerror: unable to read password, stdin might be closed\n" &&
printf "Set the PASSWORD environment variable in automated environments\n" &&
exit 18)
echo
echo -n Please re-enter the password:
read -s PASSWORDB
if [ "${PASSWORDA}" == "${PASSWORDB}" ]; then
echo
PASSWORD=${PASSWORDA}
else
echo
echo -n Passwords did not match. Please try again.
fi
done
PASSWORD_SET_RESPONSE=$(docker exec -i vault${CNAME_SEP}vault-wrapper${CNAME_SEP}1 curl -s -H "Content-Type: application/json" -d @- localhost:8000/strato/v2.3/password <<< \"$PASSWORD\")
case ${PASSWORD_SET_RESPONSE} in
"\"Could not validate password\"" )
echo -e "${Red}Wrong password provided, please try again.${NC}"
exit 15
;;
"[]" )
echo -e "${Green}The password has been set.${NC}"
;;
"\"Password is already set\"" )
echo -e "${Yellow}The password has been set earlier and the Vault is currently active. No need to re-enter the password.${NC}"
;;
esac
}
if [ ! -f $(pwd)/strato ]; then
echo -e "${Red}Should be run from within the strato-getting-started directory. Exit.${NC}"
exit 4
fi
if ! docker ps &> /dev/null
then
echo -e "${Red}Error: docker is required: https://www.docker.com/ . If you have it installed - you may need to execute as super user${NC}"
exit 1
fi
if ! docker compose version &> /dev/null && ! docker-compose -v &> /dev/null
then
echo -e "${Red}Error: Docker Compose is required: https://docs.docker.com/compose/install/"
exit 2
else
if ! docker compose version &> /dev/null
then
docker_compose="docker-compose -p vault -f docker-compose.vault.yml --log-level ERROR"
CNAME_SEP="_"
else
docker_compose="docker -l error compose -p vault -f docker-compose.vault.yml"
CNAME_SEP="-"
fi
fi
STRATOGS_REQUIRED_VERSION=$(grep strato-getting-started-min-version docker-compose.vault.yml | awk -F":" '{print $NF}')
if [ ${STRATOGS_REQUIRED_VERSION} ]; then
STRATOGS_CURRENT_VERSION=$(< VERSION)
if ! awk -v VER=${STRATOGS_CURRENT_VERSION//.} -v REQ_VER=${STRATOGS_REQUIRED_VERSION//.} 'BEGIN {exit (VER < REQ_VER)}'
then
echo -e "${Red}The STRATO version from docker-compose.vault.yml is incompatible with this strato-getting-started. Please update to v${STRATOGS_REQUIRED_VERSION}."
exit 12
fi
fi
while [ ${#} -gt 0 ]; do
case "${1}" in
--help|-h)
help
exit 0
;;
--stop)
stop
exit 0
;;
--start)
start
exit 0
;;
--down)
down
exit 0
;;
--wipe)
wipe
exit 0
;;
--compose)
getCompose
exit 0
;;
--pull)
pullImages
exit 0
;;
--set-password)
echo -e "${BYellow}Set or re-enter STRATO Vault password.${NC}"
setPassword
exit 0
;;
*)
echo -e "${Red}Unknown flag ${1} provided, please check --help. Exit.${NC}"
exit 5
;;
esac
shift 1
done
outputLogo
if [ "$ssl" = true ] ; then
http_protocol=https
main_port=${HTTPS_PORT}
else
http_protocol=http
main_port=${HTTP_PORT}
fi
export sslCertFileType=${sslCertFileType:-pem}
if [[ -z ${INITIAL_OAUTH_DISCOVERY_URL} || -z ${INITIAL_OAUTH_ISSUER} ]] ; then
echo -e "${Red}INITIAL_OAUTH_DISCOVERY_URL, INITIAL_OAUTH_ISSUER are required to start STRATO Vault.\nFor additional help see './strato --help'${NC}"
exit 13
fi
echo "" && echo "*** Common Config ***"
echo "HTTP_PORT: $HTTP_PORT"
echo "HTTPS_PORT: $HTTPS_PORT"
echo "ssl: $ssl"
echo "sslCertFileType: $sslCertFileType"
echo "INITIAL_OAUTH_DISCOVERY_URL: ${INITIAL_OAUTH_DISCOVERY_URL}"
echo "INITIAL_OAUTH_ISSUER: ${INITIAL_OAUTH_ISSUER}"
echo "INITIAL_OAUTH_JWT_USERNAME_CLAIM: ${INITIAL_OAUTH_ISSUER:-'using default'}"
echo "PASSWORD: $(if [ -z ${PASSWORD} ]; then echo "not provided (to be set in stdin)"; else echo "provided in env var"; fi)"
if [[ ${HTTP_PORT} == ${HTTPS_PORT} ]]; then
echo -e "${Red}Can not bind HTTP and HTTPS listeners to same port (${HTTP_PORT})${NC}"
exit 7
fi
if [ ! -f docker-compose.vault.yml ]
then
getCompose
else
echo -e "${BYellow}Using the existing docker-compose.vault.yml (to download the most recent stable version - remove the file and restart the script)${NC}"
fi
# COMPOSE FILE PRE-PROCESSING
function cleanup {
rm docker-compose-vault-temp.yml
}
trap cleanup EXIT
if [ "$ssl" != true ]; then
sed -n '/#TAG_REMOVE_WHEN_NO_SSL/!p' docker-compose.vault.yml > docker-compose-vault-temp.yml
else
if [ ${HTTPS_PORT} != "8093" ]; then
sed -n '/#TAG_REMOVE_WHEN_SSL_CUSTOM_HTTPS_PORT/!p' docker-compose.vault.yml > docker-compose-vault-temp.yml
else
cp docker-compose.vault.yml docker-compose-vault-temp.yml
fi
fi
# END OF COMPOSE FILE PRE-PROCESSING
${docker_compose} -f docker-compose-vault-temp.yml up -d --remove-orphans
until curl --silent --output /dev/null --fail --insecure --location "${http_protocol}://localhost:${main_port}/_ping" ; do sleep 0.5; done
setPassword
echo -e "\n${Green}Vault has awoken. Check ${http_protocol}://your.hostname:${main_port}${NC}"