Adding create_deploy_type_cdn role.

group_vars/edges.yml

@@ -12,6 +12,8 @@ domains:
   - www.domain1.com
   - domain2.com
 
+origin_cdn_host: example.com # if deploy is to serve as CDN
+
 api_access_token: <your_authentication_token>
 deployment_tags: "<a comma separated string e.g demo-example,domain2>"
 haproxy_auth_pass: "<your haproxy pass>"

roles/create_deploy_type_cdn/defaults/main.yml

+## Defaults for the create_cdn_deploy role
+
+origin_cdn_host: example.com

roles/create_deploy_type_cdn/files/check_variables.sh

+#!/bin/bash
+
+set -e
+
+DOMAINS=$1
+INSTALLDIRS=$2
+HTTPPORTS=$3
+HTTPSPORTS=$4
+HUMANITYVALIDATORPORTS=$5
+APIACCESSSTOKEN=$6
+
+INVENTORYDIR="/srv/inventory"
+SERVERINVENTORY="inventory.txt"
+
+if [ -e "$INVENTORYDIR/$SERVERINVENTORY" ]; then
+    for HTTPPORT in $HTTPPORTS
+    do
+        if grep -q "$HTTPPORT" "$INVENTORYDIR/$SERVERINVENTORY"; then
+            echo "FAILED: Checking variables. http_port: $HTTPPORT is in use. Please change group_vars/edges.yml"
+            exit 0
+	    fi
+    done
+
+    for HTTPSPORT in $HTTPSPORTS
+    do
+        if grep -q "$HTTPSPORT" "$INVENTORYDIR/$SERVERINVENTORY"; then
+            echo "FAILED: Checking variables. https_port: $HTTPSPORT is in use. Please change group_vars/edges.yml"
+            exit 0
+        fi
+    done
+
+    for HUMANITYVALIDATORPORT in $HUMANITYVALIDATORPORTS
+    do
+        if grep -q "$HUMANITYVALIDATORPORT" "$INVENTORYDIR/$SERVERINVENTORY"; then
+            echo "FAILED: Checking variables. humanity_validator_port: $HUMANITYVALIDATORPORT is in use. Please change group_vars/edges.yml"
+            exit 0
+        fi
+    done
+
+    for INSTALLDIR in $INSTALLDIRS
+    do
+        if grep -q "$INSTALLDIR" "$INVENTORYDIR/$SERVERINVENTORY"; then
+            echo "FAILED: Checking variables. install_dir: $INSTALLDIR is in use. Please change group_vars/edges.yml"
+            exit 0
+        fi
+    done
+
+fi
+
+echo "SUCCESS: Checking variables"
+exit 0

roles/create_deploy_type_cdn/files/checking.sh

+#!/bin/bash
+
+set -e
+
+HOSTIP=$1
+DOMAINS=$2
+api_access_token=$3
+
+if ! [[ $HOSTIP =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+  echo "FAILED: Checking variables. ansible_host (ip): $HOSTIP is incorrectly."
+  exit 0
+fi
+
+for DOMAIN in $DOMAINS
+do
+  if [ $DOMAIN == "domain2.com" ] || [ $DOMAIN == "www.domain1.com" ]
+  then
+    echo "FAILED: Checking variables. domains: $DOMAIN is in use. Please change variable domains in group_vars/edges.yml"
+    exit 0
+  fi
+done
+
+DOMAIN_REGEX="^([a-zA-Z0-9](([a-zA-Z0-9-]){0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$"
+for DOMAIN in $DOMAINS
+do
+  if ! [[ $DOMAIN =~ $DOMAIN_REGEX ]]
+  then
+    echo "FAILED: Checking variables. domains: $DOMAIN is not valid. Please change variable domains in group_vars/edges.yml"
+    exit 0
+  fi
+done
+
+if [ $api_access_token == "<your_authentication_token>" ]
+then
+  echo "FAILED: Checking variables. api_access_token: $api_access_token is incorrectly. Please change variable api_access_token in group_vars/edges.yml"
+  exit 0
+fi
+
+echo "Success"
+exit 0

roles/create_deploy_type_cdn/files/checking_deployments_names.sh

+#!/bin/bash
+
+# checks that the deployment_name only contains letters, numbers and underscore.
+
+set -e
+
+DEPLOYMENTSNAME=$1
+regexpDeploymentsNames="^[[:alnum:]_]*$"
+if ! [[ $DEPLOYMENTSNAME =~ $regexpDeploymentsNames ]]; then
+  echo "FAILED: Checking variables, deployment_name: $DEPLOYMENTSNAME is incorrectly. Only letters, numbers and underscore are allowed. Example: deployment_A."
+  exit 0
+fi
+echo "Success"
+exit 0

roles/create_deploy_type_cdn/files/checking_install_dirs.sh

+#!/bin/bash
+
+# checks that the path deployments-install_dir only contains slash, letters, numbers and underscore.
+# It should be an absolute path.
+
+set -e
+
+INSTALLDIR=$1
+
+regexpINSTALLDIRS="^\/[[:alnum:]_\/]*$"
+echo "data: $INSTALLDIR"
+if ! [[ $INSTALLDIR =~ $regexpINSTALLDIRS ]]; then
+  echo "FAILED: Checking variables, install_dir: $INSTALLDIR is incorrectly. Should provide an absolute path, slash, letters, numbers and underscore are allowed. Example /srv/deployment_A."
+  exit 0
+fi
+
+echo "Success"
+exit 0

roles/create_deploy_type_cdn/files/create_deploy.sh

+#!/bin/bash
+
+set -e
+
+echo "Creating deploy"
+
+DEPLOY=$1
+INSTALLERS_DIR=$2
+INSTALL_DIR=$3
+HTTPPORT=$4
+HTTPSPORT=$5
+HUMANITYVALIDATORPORT=$6
+APIACCESSSTOKEN=$7
+DEPLOYMENTSITELONGNAME=$8
+DEPLOYMENTSITELONGNAMESECRET=$9
+
+SERVICE_NAME=$1
+SC_PACK_CONFIG="/srv/inventory/$DEPLOY"
+
+chown shimmercat:shimmercat /srv
+
+# TODO all inside try catch, error -> echo "FAILED: error.." and exit 0
+
+sc_pack create -f $SC_PACK_CONFIG"/sc_pack.conf.yaml"
+
+systemctl link $INSTALL_DIR"/.sc_pack-rkt/sc-"$SERVICE_NAME".service"
+systemctl enable "sc-"$SERVICE_NAME".service"
+#
+systemctl daemon-reload
+systemctl restart "sc-"$SERVICE_NAME".service"
+
+sleep 2
+while [ ! -f "$INSTALL_DIR/shimmercat-scratch-folder/tweaks.yaml" ]
+do
+  sleep 2 # or less like 0.2
+done
+
+yq -yi .hapsSettings.enabled="true" "$INSTALL_DIR/shimmercat-scratch-folder/tweaks.yaml"
+yq -yi .hapsSettings.webpOverTheFold="true" "$INSTALL_DIR/shimmercat-scratch-folder/tweaks.yaml"
+yq -yi .security.enableLARSI="true" "$INSTALL_DIR/shimmercat-scratch-folder/tweaks.yaml"
+
+sleep 2
+cd $INSTALL_DIR
+sc_pack update --latest
+
+systemctl daemon-reload
+systemctl restart "sc-"$SERVICE_NAME".service"
+
+systemctl restart haproxy.service
+
+# create inventory
+INVENTORYDIR="/srv/inventory"
+SERVERINVENTORY="inventory.txt"
+
+if [ -e "$INVENTORYDIR/$SERVERINVENTORY" ]; then
+    echo "File exists"
+else
+    echo "File does not exist"
+    touch "$INVENTORYDIR/$SERVERINVENTORY"
+    chmod 777 -R "$INVENTORYDIR/$SERVERINVENTORY"
+fi
+
+DATE=`date '+%Y-%m-%d %H:%M:%S'`
+
+echo "## ENTRY TO DEPLOY: $DEPLOY  DATE: $DATE" >> $INVENTORYDIR/$SERVERINVENTORY
+echo "DEPLOY: $DEPLOY" >> $INVENTORYDIR/$SERVERINVENTORY
+echo "Install dir: $INSTALL_DIR" >> $INVENTORYDIR/$SERVERINVENTORY
+echo "Http port: $HTTPPORT" >> $INVENTORYDIR/$SERVERINVENTORY
+echo "Https port: $HTTPSPORT" >> $INVENTORYDIR/$SERVERINVENTORY
+echo "Humanity validator port: $HUMANITYVALIDATORPORT" >> $INVENTORYDIR/$SERVERINVENTORY
+
+echo $'\n' >> $INVENTORYDIR/$SERVERINVENTORY
+
+echo "Success"
+exit 0

roles/create_deploy_type_cdn/files/update-haproxy/update-haproxy.sh

+#!/bin/bash
+
+echo "Updating haproxy.cfg"
+set -e
+
+INSTALLERS_DIR=$1
+DOMAIN=$2
+HTTPPORTS=$3
+HTTPSPORTS=$4
+File='/srv/haproxy/data/haproxy.cfg'
+
+HTTPPORTSARRAY=($HTTPPORTS)
+
+if ! grep -q 'default_backend' "$File"; then
+	sed -i -e '/#https-def-back/r '$INSTALLERS_DIR'/data/https-default_backend.txt' $File
+	sed -i -e '/#https-redirect-def-back/r '$INSTALLERS_DIR'/data/https-redirect-default_backend.txt' $File
+fi
+
+FIRSTPART="${DOMAIN:0:3}"
+if [ "$FIRSTPART" = "www" ]; then
+  HAPROXYACLDOMAIN=${DOMAIN:4}
+else
+  HAPROXYACLDOMAIN=${DOMAIN}
+fi
+HAPROXYACL=${HAPROXYACLDOMAIN//./_}
+RANDOMT=$(pwgen 10 1)
+if ! grep -F "$DOMAIN" "$File"; then
+	sed -i -e '/#https-entry/r '$INSTALLERS_DIR'/data/https-entry.txt' $File
+	sed -i -e '/#https-backend-bare-entry/r '$INSTALLERS_DIR'/data/https-backend-bare-entry.txt' $File
+	sed -i -e '/#https-redirect-entry/r '$INSTALLERS_DIR'/data/https-redirect-entry.txt' $File
+	sed -i -e '/#https-redirect-backend-bare-entry/r '$INSTALLERS_DIR'/data/https-redirect-backend-bare-entry.txt' $File
+else
+  for HTTPPORT in $HTTPPORTS
+  do
+  	if ! grep -F "$HAPROXYACL$HTTPPORT" "$File"; then
+  		sed -i -e '/HTTP_1_'$HAPROXYACL'/a \  \server HTTP_N_'$HAPROXYACL$HTTPPORT'_R'$RANDOMT' 127.0.0.1:'$HTTPPORT' send-proxy-v2' $File
+  	fi
+  done
+	i=0
+	for HTTSPPORT in $HTTPSPORTS
+  do
+  	if ! grep -F "$HAPROXYACL$HTTSPPORT" "$File"; then
+			sed -i -e '/HTTPS_1_'$HAPROXYACL'/a \  \server HTTPS_N_'$HAPROXYACL$HTTSPPORT'_G'$RANDOMT' 127.0.0.1:'$HTTSPPORT' check port '${HTTPPORTSARRAY[$i]}' send-proxy-v2' $File
+			#sed -i -e '/HTTPS_R_1_'$HAPROXYACL'/a \  \server HTTPS_R_N_'$HAPROXYACL$HTTSPPORT'_G'$RANDOMT' '$DOMAIN':443 check port '$DOMAIN':443 ssl verify none sni str("'$DOMAIN'")' $File
+  	fi
+		i=$(($i+1))
+  done
+fi

roles/create_deploy_type_cdn/files/views-dir/.well-known/shimmercat/bot-blocking/index.html

+<!--
+shimmercat:
+   content-disposition: use-json
+   use-consultant: bots
+-->
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
+    <head>
+        <meta http-equiv="content-type" content="text/html" charset="utf-8" />
+        <title>Humanity validator</title>
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <meta name="description" content="" >
+        <link rel="stylesheet" href="https://f93483.shimmercat.com/custom/stylesheet.css">
+        <script src="https://f93483.shimmercat.com/script.js" type="text/javascript"></script>
+    </head>
+
+    <body class="content">
+    <!--
+    shimmercat:
+       insert: |
+         <div id="content-container" data-target-url="$.target_url"></div>
+    -->
+
+        <div class="main-content">
+            <br><br>
+            <div class="title">
+                <h3 class="rowwidth">YOU HAVE ENTERED A PARALLELL UNIVERSE MADE FOR WEIRD BOTS</h3>
+            </div>
+            <div class="row">
+                <img style="width: 75%;" src="https://f93483.shimmercat.com/skins/bot_image.svg">
+                <h3 class="rowwidth">Confirm that you are human to get out of here</h3>
+            </div>
+
+
+            <div class="status-message" id="status-message">
+<!--
+shimmercat:
+insert: $.message
+-->
+            </div>
+            <div class="row">
+                <div class="recaptcha-container text-center">
+                    <div class="recaptcha">
+<!--
+shimmercat:
+    insert: |
+       <div id="recaptcha-container" data-recaptcha-key="$.site_key"></div>
+-->
+                    </div>
+                </div>
+            </div>
+            <div class="text-right copyright">
+                <span class="char">%C2%A9 </span> ShimmerCat
+            </div>
+            <br>
+            <br>
+
+        </div>
+
+    <script>var specialChars = document.querySelectorAll("span.char"); for(var c=0; c<specialChars.length; c++){ specialChars[c].innerHTML = decodeURIComponent(specialChars[c].innerHTML); }</script>
+    <script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit" async defer></script>
+
+    </body>
+
+</html>

roles/create_deploy_type_cdn/files/views-dir/target/+common/__index.html

+<!--
+shimmercat:
+    change-url:
+       - /target/+common//+/ -> /
+    content-disposition: replace
+-->

roles/create_deploy_type_cdn/files/views-dir/target/+common/__index.html.push-list

+calm-map: []
+hints: []
+schema: push-list-v1

roles/create_deploy_type_cdn/files/views-dir/target/+common/index.html

+<!--
+shimmercat:
+    change-url:
+       - /target/+common/ -> /
+    content-disposition: replace
+-->

roles/create_deploy_type_cdn/files/views-dir/target/+common/index.html.push-list

+calm-map: []
+hints: []
+schema: push-list-v1

roles/create_deploy_type_cdn/files/views-dir/target/+common/no-slash/__index.html

+<!--
+shimmercat:
+  content-disposition: replace
+  change-url:
+     - /target/+common/no-slash//+/ -> /<+>
+-->

roles/create_deploy_type_cdn/files/views-dir/target/+common/no-slash/__index.html.push-list

+calm-map: []
+hints: []
+schema: push-list-v1

roles/create_deploy_type_cdn/files/views-dir/target/+common/slash/__index.html

+<!--
+shimmercat:
+  content-disposition: replace
+  change-url:
+     - /target/+common/slash//+/ -> /<+>
+-->

roles/create_deploy_type_cdn/files/views-dir/target/+common/slash/__index.html.push-list

+calm-map: []
+hints: []
+schema: push-list-v1

roles/create_deploy_type_cdn/handlers/main.yml

+---

roles/create_deploy_type_cdn/tasks/checking_deployments_names.yml

+---
+# This task checks that the deployment_name only contains letters, numbers and underscore.
+# If not, the whole process is stopped.
+
+- name: checking_deployments_names
+  script: "{{ role_path }}/files/checking_deployments_names.sh  '{{ item }}'"
+  register: check_deployment_names
+
+- debug: var=check_deployment_names.stdout
+
+- fail:
+    msg: "{{ check_deployment_names.stdout }}"
+  when: "'FAILED' in check_deployment_names.stdout"

roles/create_deploy_type_cdn/tasks/checking_install_dirs.yml

+---
+# This task checks that the path deployments-install_dir only contains slash, letters, numbers and underscore.
+# It should be an absolute path.
+# If not, the whole process is stopped.
+
+- name: checking_install_dirs
+  script: "{{ role_path }}/files/checking_install_dirs.sh  '{{ item }}'"
+  register: check_install_dirs
+
+- debug: var=check_install_dirs.stdout
+
+- fail:
+    msg: "{{ check_install_dirs.stdout }}"
+  when: "'FAILED' in check_install_dirs.stdout"