Commit dd03d624 authored by Carlos Torres's avatar Carlos Torres
Browse files

Adding create_deploy_type_cdn role.

parent 1b913c8c
......@@ -12,6 +12,8 @@ domains:
- www.domain1.com
- domain2.com
origin_cdn_host: example.com # if deploy is to serve as CDN
api_access_token: <your_authentication_token>
deployment_tags: "<a comma separated string e.g demo-example,domain2>"
haproxy_auth_pass: "<your haproxy pass>"
......
## Defaults for the create_cdn_deploy role
origin_cdn_host: example.com
#!/bin/bash
set -e
DOMAINS=$1
INSTALLDIRS=$2
HTTPPORTS=$3
HTTPSPORTS=$4
HUMANITYVALIDATORPORTS=$5
APIACCESSSTOKEN=$6
INVENTORYDIR="/srv/inventory"
SERVERINVENTORY="inventory.txt"
if [ -e "$INVENTORYDIR/$SERVERINVENTORY" ]; then
for HTTPPORT in $HTTPPORTS
do
if grep -q "$HTTPPORT" "$INVENTORYDIR/$SERVERINVENTORY"; then
echo "FAILED: Checking variables. http_port: $HTTPPORT is in use. Please change group_vars/edges.yml"
exit 0
fi
done
for HTTPSPORT in $HTTPSPORTS
do
if grep -q "$HTTPSPORT" "$INVENTORYDIR/$SERVERINVENTORY"; then
echo "FAILED: Checking variables. https_port: $HTTPSPORT is in use. Please change group_vars/edges.yml"
exit 0
fi
done
for HUMANITYVALIDATORPORT in $HUMANITYVALIDATORPORTS
do
if grep -q "$HUMANITYVALIDATORPORT" "$INVENTORYDIR/$SERVERINVENTORY"; then
echo "FAILED: Checking variables. humanity_validator_port: $HUMANITYVALIDATORPORT is in use. Please change group_vars/edges.yml"
exit 0
fi
done
for INSTALLDIR in $INSTALLDIRS
do
if grep -q "$INSTALLDIR" "$INVENTORYDIR/$SERVERINVENTORY"; then
echo "FAILED: Checking variables. install_dir: $INSTALLDIR is in use. Please change group_vars/edges.yml"
exit 0
fi
done
fi
echo "SUCCESS: Checking variables"
exit 0
#!/bin/bash
set -e
HOSTIP=$1
DOMAINS=$2
api_access_token=$3
if ! [[ $HOSTIP =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "FAILED: Checking variables. ansible_host (ip): $HOSTIP is incorrectly."
exit 0
fi
for DOMAIN in $DOMAINS
do
if [ $DOMAIN == "domain2.com" ] || [ $DOMAIN == "www.domain1.com" ]
then
echo "FAILED: Checking variables. domains: $DOMAIN is in use. Please change variable domains in group_vars/edges.yml"
exit 0
fi
done
DOMAIN_REGEX="^([a-zA-Z0-9](([a-zA-Z0-9-]){0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$"
for DOMAIN in $DOMAINS
do
if ! [[ $DOMAIN =~ $DOMAIN_REGEX ]]
then
echo "FAILED: Checking variables. domains: $DOMAIN is not valid. Please change variable domains in group_vars/edges.yml"
exit 0
fi
done
if [ $api_access_token == "<your_authentication_token>" ]
then
echo "FAILED: Checking variables. api_access_token: $api_access_token is incorrectly. Please change variable api_access_token in group_vars/edges.yml"
exit 0
fi
echo "Success"
exit 0
#!/bin/bash
# checks that the deployment_name only contains letters, numbers and underscore.
set -e
DEPLOYMENTSNAME=$1
regexpDeploymentsNames="^[[:alnum:]_]*$"
if ! [[ $DEPLOYMENTSNAME =~ $regexpDeploymentsNames ]]; then
echo "FAILED: Checking variables, deployment_name: $DEPLOYMENTSNAME is incorrectly. Only letters, numbers and underscore are allowed. Example: deployment_A."
exit 0
fi
echo "Success"
exit 0
#!/bin/bash
# checks that the path deployments-install_dir only contains slash, letters, numbers and underscore.
# It should be an absolute path.
set -e
INSTALLDIR=$1
regexpINSTALLDIRS="^\/[[:alnum:]_\/]*$"
echo "data: $INSTALLDIR"
if ! [[ $INSTALLDIR =~ $regexpINSTALLDIRS ]]; then
echo "FAILED: Checking variables, install_dir: $INSTALLDIR is incorrectly. Should provide an absolute path, slash, letters, numbers and underscore are allowed. Example /srv/deployment_A."
exit 0
fi
echo "Success"
exit 0
#!/bin/bash
set -e
echo "Creating deploy"
DEPLOY=$1
INSTALLERS_DIR=$2
INSTALL_DIR=$3
HTTPPORT=$4
HTTPSPORT=$5
HUMANITYVALIDATORPORT=$6
APIACCESSSTOKEN=$7
DEPLOYMENTSITELONGNAME=$8
DEPLOYMENTSITELONGNAMESECRET=$9
SERVICE_NAME=$1
SC_PACK_CONFIG="/srv/inventory/$DEPLOY"
chown shimmercat:shimmercat /srv
# TODO all inside try catch, error -> echo "FAILED: error.." and exit 0
sc_pack create -f $SC_PACK_CONFIG"/sc_pack.conf.yaml"
systemctl link $INSTALL_DIR"/.sc_pack-rkt/sc-"$SERVICE_NAME".service"
systemctl enable "sc-"$SERVICE_NAME".service"
#
systemctl daemon-reload
systemctl restart "sc-"$SERVICE_NAME".service"
sleep 2
while [ ! -f "$INSTALL_DIR/shimmercat-scratch-folder/tweaks.yaml" ]
do
sleep 2 # or less like 0.2
done
yq -yi .hapsSettings.enabled="true" "$INSTALL_DIR/shimmercat-scratch-folder/tweaks.yaml"
yq -yi .hapsSettings.webpOverTheFold="true" "$INSTALL_DIR/shimmercat-scratch-folder/tweaks.yaml"
yq -yi .security.enableLARSI="true" "$INSTALL_DIR/shimmercat-scratch-folder/tweaks.yaml"
sleep 2
cd $INSTALL_DIR
sc_pack update --latest
systemctl daemon-reload
systemctl restart "sc-"$SERVICE_NAME".service"
systemctl restart haproxy.service
# create inventory
INVENTORYDIR="/srv/inventory"
SERVERINVENTORY="inventory.txt"
if [ -e "$INVENTORYDIR/$SERVERINVENTORY" ]; then
echo "File exists"
else
echo "File does not exist"
touch "$INVENTORYDIR/$SERVERINVENTORY"
chmod 777 -R "$INVENTORYDIR/$SERVERINVENTORY"
fi
DATE=`date '+%Y-%m-%d %H:%M:%S'`
echo "## ENTRY TO DEPLOY: $DEPLOY DATE: $DATE" >> $INVENTORYDIR/$SERVERINVENTORY
echo "DEPLOY: $DEPLOY" >> $INVENTORYDIR/$SERVERINVENTORY
echo "Install dir: $INSTALL_DIR" >> $INVENTORYDIR/$SERVERINVENTORY
echo "Http port: $HTTPPORT" >> $INVENTORYDIR/$SERVERINVENTORY
echo "Https port: $HTTPSPORT" >> $INVENTORYDIR/$SERVERINVENTORY
echo "Humanity validator port: $HUMANITYVALIDATORPORT" >> $INVENTORYDIR/$SERVERINVENTORY
echo $'\n' >> $INVENTORYDIR/$SERVERINVENTORY
echo "Success"
exit 0
#!/bin/bash
echo "Updating haproxy.cfg"
set -e
INSTALLERS_DIR=$1
DOMAIN=$2
HTTPPORTS=$3
HTTPSPORTS=$4
File='/srv/haproxy/data/haproxy.cfg'
HTTPPORTSARRAY=($HTTPPORTS)
if ! grep -q 'default_backend' "$File"; then
sed -i -e '/#https-def-back/r '$INSTALLERS_DIR'/data/https-default_backend.txt' $File
sed -i -e '/#https-redirect-def-back/r '$INSTALLERS_DIR'/data/https-redirect-default_backend.txt' $File
fi
FIRSTPART="${DOMAIN:0:3}"
if [ "$FIRSTPART" = "www" ]; then
HAPROXYACLDOMAIN=${DOMAIN:4}
else
HAPROXYACLDOMAIN=${DOMAIN}
fi
HAPROXYACL=${HAPROXYACLDOMAIN//./_}
RANDOMT=$(pwgen 10 1)
if ! grep -F "$DOMAIN" "$File"; then
sed -i -e '/#https-entry/r '$INSTALLERS_DIR'/data/https-entry.txt' $File
sed -i -e '/#https-backend-bare-entry/r '$INSTALLERS_DIR'/data/https-backend-bare-entry.txt' $File
sed -i -e '/#https-redirect-entry/r '$INSTALLERS_DIR'/data/https-redirect-entry.txt' $File
sed -i -e '/#https-redirect-backend-bare-entry/r '$INSTALLERS_DIR'/data/https-redirect-backend-bare-entry.txt' $File
else
for HTTPPORT in $HTTPPORTS
do
if ! grep -F "$HAPROXYACL$HTTPPORT" "$File"; then
sed -i -e '/HTTP_1_'$HAPROXYACL'/a \ \server HTTP_N_'$HAPROXYACL$HTTPPORT'_R'$RANDOMT' 127.0.0.1:'$HTTPPORT' send-proxy-v2' $File
fi
done
i=0
for HTTSPPORT in $HTTPSPORTS
do
if ! grep -F "$HAPROXYACL$HTTSPPORT" "$File"; then
sed -i -e '/HTTPS_1_'$HAPROXYACL'/a \ \server HTTPS_N_'$HAPROXYACL$HTTSPPORT'_G'$RANDOMT' 127.0.0.1:'$HTTSPPORT' check port '${HTTPPORTSARRAY[$i]}' send-proxy-v2' $File
#sed -i -e '/HTTPS_R_1_'$HAPROXYACL'/a \ \server HTTPS_R_N_'$HAPROXYACL$HTTSPPORT'_G'$RANDOMT' '$DOMAIN':443 check port '$DOMAIN':443 ssl verify none sni str("'$DOMAIN'")' $File
fi
i=$(($i+1))
done
fi
<!--
shimmercat:
content-disposition: use-json
use-consultant: bots
-->
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>
<meta http-equiv="content-type" content="text/html" charset="utf-8" />
<title>Humanity validator</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="" >
<link rel="stylesheet" href="https://f93483.shimmercat.com/custom/stylesheet.css">
<script src="https://f93483.shimmercat.com/script.js" type="text/javascript"></script>
</head>
<body class="content">
<!--
shimmercat:
insert: |
<div id="content-container" data-target-url="$.target_url"></div>
-->
<div class="main-content">
<br><br>
<div class="title">
<h3 class="rowwidth">YOU HAVE ENTERED A PARALLELL UNIVERSE MADE FOR WEIRD BOTS</h3>
</div>
<div class="row">
<img style="width: 75%;" src="https://f93483.shimmercat.com/skins/bot_image.svg">
<h3 class="rowwidth">Confirm that you are human to get out of here</h3>
</div>
<div class="status-message" id="status-message">
<!--
shimmercat:
insert: $.message
-->
</div>
<div class="row">
<div class="recaptcha-container text-center">
<div class="recaptcha">
<!--
shimmercat:
insert: |
<div id="recaptcha-container" data-recaptcha-key="$.site_key"></div>
-->
</div>
</div>
</div>
<div class="text-right copyright">
<span class="char">%C2%A9 </span> ShimmerCat
</div>
<br>
<br>
</div>
<script>var specialChars = document.querySelectorAll("span.char"); for(var c=0; c<specialChars.length; c++){ specialChars[c].innerHTML = decodeURIComponent(specialChars[c].innerHTML); }</script>
<script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit" async defer></script>
</body>
</html>
<!--
shimmercat:
change-url:
- /target/+common//+/ -> /
content-disposition: replace
-->
<!--
shimmercat:
change-url:
- /target/+common/ -> /
content-disposition: replace
-->
<!--
shimmercat:
content-disposition: replace
change-url:
- /target/+common/no-slash//+/ -> /<+>
-->
<!--
shimmercat:
content-disposition: replace
change-url:
- /target/+common/slash//+/ -> /<+>
-->
---
# This task checks that the deployment_name only contains letters, numbers and underscore.
# If not, the whole process is stopped.
- name: checking_deployments_names
script: "{{ role_path }}/files/checking_deployments_names.sh '{{ item }}'"
register: check_deployment_names
- debug: var=check_deployment_names.stdout
- fail:
msg: "{{ check_deployment_names.stdout }}"
when: "'FAILED' in check_deployment_names.stdout"
---
# This task checks that the path deployments-install_dir only contains slash, letters, numbers and underscore.
# It should be an absolute path.
# If not, the whole process is stopped.
- name: checking_install_dirs
script: "{{ role_path }}/files/checking_install_dirs.sh '{{ item }}'"
register: check_install_dirs
- debug: var=check_install_dirs.stdout
- fail:
msg: "{{ check_install_dirs.stdout }}"
when: "'FAILED' in check_install_dirs.stdout"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment