diff --git a/.bumpversion.cfg b/.bumpversion.cfg index 2ae3a0b..f824b5c 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 0.6.11 +current_version = 0.7.14 commit = True tag = True diff --git a/docs/airgapped.md b/docs/airgapped.md index 608d537..b9b6404 100644 --- a/docs/airgapped.md +++ b/docs/airgapped.md @@ -20,9 +20,9 @@ docker pull plextrac/plextracnginx: # The plextracdb shouldn't ever get updated so this will be a one time pull and can be omited from process / automation docker pull plextrac/plextracdb:7.2.0 docker pull redis:6.2-alpine -docker pull postgres:14-alpine +docker pull plextrac/plextracpostgres:stable # Save the images into a TAR(s) -docker save -o plextrac_images.tar plextrac/plextracapi: plextrac/plextracnginx: plextrac/plextracdb:7.2.0 redis:6.2-alpine postgres:14-alpine +docker save -o plextrac_images.tar plextrac/plextracapi: plextrac/plextracnginx: plextrac/plextracdb:7.2.0 redis:6.2-alpine plextrac/plextracpostgres:stable ``` > Note you'll want to specify the image's platform if there are differences between where you're pulling the image (e.g., linux/arm64) and the VM (linux/x86_64) diff --git a/docs/podman.md b/docs/podman.md index b052245..69f186d 100644 --- a/docs/podman.md +++ b/docs/podman.md @@ -1,6 +1,24 @@ +# Podman + +This is a very basic guide to using Podman and explaining how it works a bit + +## How To's + +### Using Custom SSL Certificates and Custom Logos + +The Custom SSL Certificates and Custom Logos are mounted at the following locations: + +```shell +"${PLEXTRAC_HOME:-.}/volumes/nginx_ssl_certs" +"${PLEXTRAC_HOME:-.}/volumes/nginx_logos" +``` + +To use a Custom SSL Certificate or Logo, simply navigate to this location on the HOST OS, replace the files present there with the appropriate replacements, and then restart the NGINX container `podman restart plextracnginx` + ## Additional Package Requirements podman | >=v4.6 (RHEL 8/9 only) +`jq`, `bc`, `bash v5+`, and `wget` ## Podman support @@ -9,12 +27,12 @@ We've expanded the capabilities to support podman in specific circumstances. *OS:* RHEL 8/9+ *Podman Compose:* No (currently) -> Note: the module for podman was written with RHEL 9 specifically in mind. It is not officially supported at this time to use the container runtime set to Podman on Debian, Ubuntu, or CentOS. - -> Note: All testing has been done on BASE images without hardening with a security profile or SELinux or anything -- its just a stock operating system +> Note: the module for podman was written with RHEL 8/9 specifically in mind. It is not officially supported at this time to use the container runtime set to Podman on Debian, Ubuntu, or CentOS. +> Note: All testing has been done on BASE images without hardening with a security profile or SELinux or anything -- its just a stock operating system. --- + ### Podman Troubleshooting Depending on your configuration, you may need to solve the following issues: @@ -56,7 +74,7 @@ The following will need to be done before running any PlexTrac specific commands ```bash vim /etc/default/grub - # Add the following line and then save + # Add the following line to the `GRUB_CMDLINE_LINUX` key and then save systemd.unified_cgroup_hierarchy=1 # From CLI, run: diff --git a/mac.Vagrantfile b/mac.Vagrantfile new file mode 100644 index 0000000..833aa0e --- /dev/null +++ b/mac.Vagrantfile @@ -0,0 +1,173 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +supportedBoxes = [ + { + :name => "amzn", + :box => "bento/amazonlinux-2", + :default => false, + }, + { + :name => "debian11", + :box => "bento/debian-11", + :default => false, + }, + { + :name => "debian12", + :box => "bento/debian-12", + :default => false, + }, + { + :name => "centos7", + :box => "bento/centos-7", + :default => true, + }, + { + :name => "centos8", + :box => "bento/centos-stream-8", + :default => false, + }, + { + :name => "centos9", + :box => "bento/centos-stream-9", + :default => false, + }, + { + :name => "rockylinux8", + :box => "bento/rockylinux-8", + :default => false, + }, + { + :name => "rockylinux9", + :box => "bento/rockylinux-9-x86_64", + :default => false, + }, + { + :name => "ubuntu", + :box => "bento/ubuntu-20.04", + :default => false, + }, + { + :name => "ubuntu2204", + :box => "bento/ubuntu-22.04", + :default => false, + }, + { + :name => "ubuntu2304-ARM", + :box => "bento/ubuntu-23.04-arm64", + :default => false, + }, +] + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure("2") do |config| + if Vagrant.has_plugin?("vagrant-hostmanager") + # Manage hosts file entries + # Do `vagrant plugin install vagrant-hostmanager` if you want this + config.hostmanager.enabled = true + config.hostmanager.manage_host = true + config.hostmanager.ignore_private_ip = false + config.hostmanager.ip_resolver = proc do |vm, resolving_vm| + if hostname = (vm.ssh_info && vm.ssh_info[:host]) + `vagrant ssh -c "hostname -I"`.split()[1] + end + end + end + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://vagrantcloud.com/search. + supportedBoxes.each do |boxConfig| + hostname = "test-instance-#{boxConfig[:name]}.plextrac.local" + isDefault = boxConfig[:default] ? true : false + config.vm.define hostname, primary: isDefault, autostart: isDefault do |host| + host.vm.box = boxConfig[:box] + host.vm.box_check_update = true # disable this to skip box updates, but remember to run `vagrant box outdated` + end + end + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # NOTE: This will enable public access to the opened port + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine and only allow access + # via 127.0.0.1 to disable public access + # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + config.vm.network "private_network", type: "dhcp" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + config.vm.synced_folder ".", "/vagrant", type: "rsync" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider "qemu" do |qe| + # Customize the amount of memory on the VM: + #vb.memory = "3072" + #vb.cpus = 2 + #vb.customize ["modifyvm", :id, "--cpuexecutioncap", "50"] + qe.arch = "x86_64" + qe.machine = "q35" + qe.cpu = "max" + qe.memory = "16G" + qe.smp = "cpus=8,sockets=1,cores=8,threads=1" + qe.net_device = "virtio-net-pci" + end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Enable provisioning with a shell script. Additional provisioners such as + # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the + # documentation for more information about their specific syntax and use. + # U291bmR0cmFjayBmb3IgdGVzdGluZzogaHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj1FbDkwT0JJTEZCdwo= + + config.vm.provision "shell", inline: <<-SHELL + echo "Generating plextrac CLI dist" + /vagrant/src/plextrac dist > plextrac && chmod +x plextrac + + echo "" + echo "# Example customized deployment directory and domain name:" + echo "# PLEXTRAC_HOME=/var/apps/plextrac-demo CLIENT_DOMAIN_NAME=192.168.56.37 ./plextrac initialize" + echo "" + + echo "Initializing PlexTrac at default location..." + echo "" + ./plextrac initialize -v 2>&1 + + echo "You need to provide a valid DOCKER_HUB_KEY to configure PlexTrac" + echo "On Linux, this can be retrieved using the following command:" + echo "" + echo -n 'RE9DS0VSX0hVQl9LRVk9JChqcSAnLmF1dGhzLiJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iLmF1dGgnIH4vLmRvY2tlci9jb25maWcuanNvbiAtciB8IGJhc2U2NCAtZCB8IGN1dCAtZCc6JyAtZjIpOwo=' | base64 -d + echo "" + echo "On MacOS, this can be retrieved using the following command (enter login passphrase in the prompt(s):" + echo "" + echo -n 'RE9DS0VSX0hVQl9LRVk9JChzZWN1cml0eSBmaW5kLWludGVybmV0LXBhc3N3b3JkIC1hIHBsZXh0cmFjdXNlcnMgLXMgaW5kZXguZG9ja2VyLmlvIC13KTsK' | base64 -d + echo "" + echo "If on Windows, please figure out where that is stored and issue a PR to add support here :)" + echo "" + echo "One-liner configuration for Linux users:" + echo "" + echo -n 'RE9DS0VSX0hVQl9LRVk9JChqcSAnLmF1dGhzLiJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iLmF1dGgnIH4vLmRvY2tlci9jb25maWcuanNvbiAtciB8IGJhc2U2NCAtZCB8IGN1dCAtZCc6JyAtZjIpOyB2YWdyYW50IHNzaCAtYyAic3VkbyAtaSAtdSBwbGV4dHJhYyBET0NLRVJfSFVCX0tFWT0ke0RPQ0tFUl9IVUJfS0VZfSBwbGV4dHJhYyBjb25maWd1cmU7IHN1ZG8gLWkgLXUgcGxleHRyYWMgcGxleHRyYWMgdXBkYXRlOyBzdWRvIC1pIC11IHBsZXh0cmFjIHBsZXh0cmFjIHN0YXJ0OyBzdWRvIC1pIC11IHBsZXh0cmFjIGRvY2tlciBsb2dzIC1mIHBsZXh0cmFjYXBpIgo=' | base64 -d + SHELL +end diff --git a/src/_backup.sh b/src/_backup.sh index bd8766e..3cc596e 100644 --- a/src/_backup.sh +++ b/src/_backup.sh @@ -34,7 +34,7 @@ function backup_fullUploadsBackup() { podman exec --workdir="/usr/src/plextrac-api/uploads" plextracapi rm $current_date.tar.gz debug "Cleaned Archive from container" else - debug "`compose_client run --user $(id -u) -v ${uploadsBackupDir}:/backups \ + debug "`compose_client run --user $(id -u) --no-deps -v ${uploadsBackupDir}:/backups \ --workdir /usr/src/plextrac-api --rm --entrypoint='' -T $coreBackendComposeService \ tar -czf /backups/$(date -u "+%Y-%m-%dT%H%M%Sz").tar.gz uploads`" fi @@ -43,7 +43,7 @@ function backup_fullUploadsBackup() { function backup_fullCouchbaseBackup() { info "$couchbaseComposeService: Performing backup of couchbase database" - local user_id=$(id -u plextrac) + local user_id=$(id -u ${PLEXTRAC_USER_NAME:-plextrac}) local cmd="compose_client exec -T" if [ "$CONTAINER_RUNTIME" == "podman" ]; then cmd='podman exec' @@ -67,7 +67,7 @@ function backup_fullCouchbaseBackup() { function backup_fullPostgresBackup() { info "$postgresComposeService: Performing backup of postgres database" - local user_id=$(id -u plextrac) + local user_id=$(id -u ${PLEXTRAC_USER_NAME:-plextrac}) local cmd="compose_client exec -T --user $user_id" if [ "$CONTAINER_RUNTIME" == "podman" ]; then cmd='podman exec' diff --git a/src/_check.sh b/src/_check.sh index 05fb3b2..b414c85 100644 --- a/src/_check.sh +++ b/src/_check.sh @@ -22,6 +22,7 @@ function mod_check() { fi fi mod_etl_fix + mod_uploads_vol_fix VALIDATION_ONLY=1 configure_couchbase_users postgres_metrics_validation check_for_maintenance_mode @@ -44,24 +45,41 @@ function mod_etl_fix() { local dir=`compose_client exec plextracapi find -type d -name etl-logs` if [ -n "$dir" ]; then local owner=`compose_client exec plextracapi stat -c '%U' uploads/etl-logs` - info "Checking volume permissions" - if [ "$owner" != "plextrac" ] + info "Checking ETL log destination permissions" + if [ "$owner" != "${PLEXTRAC_USER_NAME:-plextrac}" ] then - local user_id=$(id -u plextrac) - info "Volume permissions are wrong; initiating fix" + local user_id=$(id -u ${PLEXTRAC_USER_NAME:-plextrac}) + info "ETL log destination permissions are wrong; initiating fix" compose_client exec -u 0 plextracapi chown -R $user_id:$user_id uploads/etl-logs else - info "Volume permissions are correct" + info "ETL log destination permissions are correct" fi else info "Fixing ETL Folder creation" compose_client exec plextracapi mkdir uploads/etl-logs - local user_id=$(id -u plextrac) + local user_id=$(id -u ${PLEXTRAC_USER_NAME:-plextrac}) compose_client exec plextracapi chown -R $user_id:$user_id uploads/etl-logs fi fi } +function mod_uploads_vol_fix() { + if [ "$CONTAINER_RUNTIME" == "podman" ]; then + error "Uploads volume ownership checks are not supported with Podman. Skipping" + return + else + info "Checking uploads volume ownership" + local user=`compose_client exec plextracapi whoami` + local dotfile_exist=`compose_client exec plextracapi find uploads -type f -name .vol-chown-pt` + if [ "$user" != "root" ] && [ "$dotfile_exist" = "" ]; then + # this uid:gid is hardcoded in the base image and expected by the backend, do NOT change this chown + info "Ensuring upload volume ownership is 1337:1337, this may take awhile..." + compose_client exec -u 0 plextracapi chown -R 1337:1337 uploads/ + compose_client exec plextracapi touch uploads/.vol-chown-pt + fi + fi +} + # Check for an existing installation function _check_no_existing_installation() { if [ ${IGNORE_EXISTING_INSTALLATION:-0} -eq 1 ]; then diff --git a/src/_clean.sh b/src/_clean.sh index e17ae19..5d83270 100644 --- a/src/_clean.sh +++ b/src/_clean.sh @@ -54,7 +54,7 @@ function clean_compressCouchbaseBackups() { -exec tar --remove-files -czvf /backups/{}.tar.gz {} \; 2>&1`" debug "Fixing permissions on backups" - local user_id=$(id -u plextrac) + local user_id=$(id -u ${PLEXTRAC_USER_NAME:-plextrac}) debug "`$cmd --entrypoint= --workdir /backups $image \ find . -maxdepth 1 -type f -name '*.tar.gz' \ -exec chown $user_id:$user_id {} \; diff --git a/src/_cli_common_utilities.sh b/src/_cli_common_utilities.sh index 95c93ff..d25da93 100644 --- a/src/_cli_common_utilities.sh +++ b/src/_cli_common_utilities.sh @@ -31,8 +31,8 @@ function requires_user_root() { } function requires_user_plextrac { - if [ "$EUID" -ne $(id -u plextrac) ]; then - die "${RED}Please run as plextrac user${RESET}" + if [ "$EUID" -ne $(id -u ${PLEXTRAC_USER_NAME:-plextrac}) ]; then + die "${RED}Please run as ${PLEXTRAC_USER_NAME:-plextrac} user${RESET}" fi } diff --git a/src/_configure_plextrac.sh b/src/_configure_plextrac.sh index 883ca57..04581ab 100644 --- a/src/_configure_plextrac.sh +++ b/src/_configure_plextrac.sh @@ -25,10 +25,15 @@ function generate_default_config() { source <(echo "${existingCfg}") set +o allexport + # NOTE: we need to leave API_INTEGRATION_AUTH_CONFIG_NOTIFICATION_SERVICE until all cloud-hosted environments are no + # longer running code that relies on this variable. It has been replaced by INTERNAL_API_KEY_SHARED for newer versions. # Generate base env, using imported vars from above where applicable generatedEnv=" API_INTEGRATION_AUTH_CONFIG_NOTIFICATION_SERVICE=${API_INTEGRATION_AUTH_CONFIG_NOTIFICATION_SERVICE:-`generateSecret`} +INTERNAL_API_KEY_SHARED=${INTERNAL_API_KEY_SHARED:-`generateSecret`} +CORE_API_BASE_URL=http://plextracapi:4350 +CTEM_API_BASE_URL=http://ctem-api:3332 JWT_KEY=${JWT_KEY:-`generateSecret`} MFA_KEY=${MFA_KEY:-`generateSecret`} COOKIE_KEY=${COOKIE_KEY:-`generateSecret`} @@ -40,8 +45,6 @@ DOCKER_HUB_KEY=${DOCKER_HUB_KEY:-} ADMIN_EMAIL=${ADMIN_EMAIL:-} LETS_ENCRYPT_EMAIL=${LETS_ENCRYPT_EMAIL:-} USE_CUSTOM_CERT=${USE_CUSTOM_CERT:-false} -USE_CUSTOM_MAILER_CERT=${USE_CUSTOM_MAILER_CERT:-false} -USE_MAILER_SSL=${USE_MAILER_SSL:-false} COUCHBASE_URL=${couchbaseComposeService} REDIS_PASSWORD=${REDIS_PASSWORD:-`generateSecret`} REDIS_CONNECTION_STRING=redis @@ -54,6 +57,10 @@ CKEDITOR_SERVER_CONFIG=${CKEDITOR_SERVER_CONFIG:-} CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-"docker"} LOCK_UPDATES=${LOCK_UPDATES:-"false"} LOCK_VERSION=${LOCK_VERSION:-} +MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-`generateSecret`} +MINIO_LOCAL_PASSWORD=${MINIO_LOCAL_PASSWORD:-`generateSecret`} +CLOUD_STORAGE_ACCESS_KEY=${CLOUD_STORAGE_ACCESS_KEY:-`generateSecret 20`} +CLOUD_STORAGE_SECRET_KEY=${CLOUD_STORAGE_SECRET_KEY:-`generateSecret`} `generate_default_couchbase_env | setDefaultSecrets` @@ -92,7 +99,7 @@ LOCK_VERSION=${LOCK_VERSION:-} function generateSecret() { # replace any non-alphanumeric characters so postgres doesn't choke - echo `head -c 64 /dev/urandom | base64 | tr -cd '[:alnum:]._-' | head -c 32` + echo `head -c 64 /dev/urandom | base64 | tr -cd '[:alnum:]._-' | head -c ${1:-32}` } function setDefaultSecrets() { @@ -138,6 +145,25 @@ function login_dockerhub() { fi log "${BLUE}$IMAGE_REGISTRY${RESET}: SUCCESS" fi + + if [ -n "${CKE_REGISTRY:-}" ]; then + debug "Custom CKE Image Registry Found... Attempting login" + if [ -z "${CKE_REGISTRY_USER:-}" ]; then + debug "${CKE_REGISTRY:-} username not found, continuing..." + local cke_user="" + else + local cke_user="-u ${CKE_REGISTRY_USER:-}" + fi + + if [ -z "${CKE_REGISTRY_PASS:-}" ]; then + debug "${CKE_REGISTRY:-} password not found, continuing..." + local cke_pass="" + container_client login ${CKE_REGISTRY} $cke_user || die "Failed to login to ${CKE_REGISTRY}" + else + container_client login ${CKE_REGISTRY} $cke_user --password-stdin 2>&1 <<< "${CKE_REGISTRY_PASS}" || die "Failed to login to ${CKE_REGISTRY}" + fi + log "${ORANGE}$CKE_REGISTRY${RESET}: SUCCESS" + fi log "Done." } @@ -221,7 +247,7 @@ function getCKEditorRTCConfig() { debug "---" debug "Running CKEditor migration" if [ "$CONTAINER_RUNTIME" == "podman" ]; then - CKEDITOR_MIGRATE_OUTPUT=$(podman run --rm -it --name ckeditor-migration --network=plextrac --env-file ${PLEXTRAC_HOME}/.env "${serviceValues[api-image]}" npm run ckeditor:environment:migration --if-present | grep '^{' || debug "ERROR: Unable to run ckeditor:environment:migration") + CKEDITOR_MIGRATE_OUTPUT=$(podman run --rm -it --name ckeditor-migration --network=plextrac --replace --env-file ${PLEXTRAC_HOME}/.env "${serviceValues[api-image]}" npm run ckeditor:environment:migration --no-update-notifier --if-present || debug "ERROR: Unable to run ckeditor:environment:migration") podman rm -f ckeditor-migration &>/dev/null else # parses output and saves the result of the json meta data @@ -232,12 +258,13 @@ function getCKEditorRTCConfig() { ## Split the output so we can send logs out, but keep the key separate CKEDITOR_JSON=$(echo "$CKEDITOR_MIGRATE_OUTPUT" | grep '^{' || debug "INFO: no JSON found in response") - CKEDITOR_LOGS_OUTPUT=$(echo "$CKEDITOR_MIGRATE_OUTPUT" | grep -v '^{' || debug "ERROR: Invalid response from ckeditor-migration") + CKEDITOR_LOGS_OUTPUT=$(echo "$CKEDITOR_MIGRATE_OUTPUT" | grep -v '^{' || debug "ERROR: Invalid response from ckeditor-migration; no logs recorded") # for each line in the variable $CKEDITOR_LOGS_OUTPUT send to logs with logger while read -r line; do logger -t ckeditor-migration $line done <<< "$CKEDITOR_LOGS_OUTPUT" - echo "$CKEDITOR_LOGS_OUTPUT" > ${PLEXTRAC_HOME}/ckeditor-migration.log + + echo "$CKEDITOR_LOGS_OUTPUT" > "${PLEXTRAC_HOME}/ckeditor-migration.log" # check the result to confirm it contains the expected element in the JSON, then base64 encode if it does if [ "$(echo "$CKEDITOR_JSON" | jq -e ".[] | any(\".api_secret\")")" ]; then @@ -258,8 +285,18 @@ function getCKEditorRTCConfig() { # This will ensure that the two services for CKE are stood up and functional before we run the Environment or the RTC migrations function ckeditorNginxConf() { + info "Ensuring CKEditor Backend and NGINX Proxy are running" debug "Enabling proxy for CKEditor Backend and NGINX Proxy settings" - compose_client up -d ckeditor-backend - compose_client up -d plextracnginx --force-recreate - sleep 20 + if [ "$CONTAINER_RUNTIME" == "podman" ]; then + podman rm -f plextracnginx &>/dev/null + podman rm -f ckeditor-backend &>/dev/null + mod_start # This will recreate NGINX and standup the ckeditor-backend services + debug "Waiting 40 seconds for services to start" + sleep 40 + else + compose_client up -d ckeditor-backend + compose_client up -d plextracnginx --force-recreate + debug "Waiting 40 seconds for services to start" + sleep 40 + fi } diff --git a/src/_docker_manager.sh b/src/_docker_manager.sh index 317133a..2310a2b 100644 --- a/src/_docker_manager.sh +++ b/src/_docker_manager.sh @@ -41,7 +41,7 @@ function image_version_check() { # Get list of expected services from the `docker compose config` if [ "$CONTAINER_RUNTIME" == "podman" ]; then expected_services="docker.io/plextrac/plextracdb:7.2.0 -docker.io/postgres:14-alpine +docker.io/plextrac/plextracpostgres:stable docker.io/plextrac/plextracapi:${UPGRADE_STRATEGY:-stable} docker.io/redis:6.2-alpine docker.io/plextrac/plextracnginx:${UPGRADE_STRATEGY:-stable}" diff --git a/src/_info.sh b/src/_info.sh index a28be67..f1508d5 100644 --- a/src/_info.sh +++ b/src/_info.sh @@ -126,7 +126,7 @@ function _getServiceContainerVersion() { if [ "$CONTAINER_RUNTIME" == "podman" ]; then version=$(podman image inspect $imageId --format '{{ index .Annotations "org.opencontainers.image.version" }}' 2>/dev/null || echo '') else - version=$(docker image inspect postgres:14-alpine --format '{{range $index, $value := .Config.Env}}{{$value}}{{"\n"}}{{end}}' | grep PG_VERSION | cut -d '=' -f2 || echo '') + version=$(docker image inspect $imageId --format '{{range $index, $value := .Config.Env}}{{$value}}{{"\n"}}{{end}}' | grep PG_VERSION | cut -d '=' -f2 || echo '') fi ;; "redis") diff --git a/src/_initialize_user.sh b/src/_initialize_user.sh index db296e4..2d4d4fb 100644 --- a/src/_initialize_user.sh +++ b/src/_initialize_user.sh @@ -1,5 +1,5 @@ function create_user() { - if ! id -u "plextrac" >/dev/null 2>&1 + if ! id -u "${PLEXTRAC_USER_NAME:-plextrac}" >/dev/null 2>&1 then info "Adding plextrac user..." local user_id="-u 1337" @@ -9,18 +9,18 @@ function create_user() { if [ "$CONTAINER_RUNTIME" == "podman" ]; then useradd --shell /bin/bash $user_id \ --create-home --home "${PLEXTRAC_HOME}" \ - plextrac + ${PLEXTRAC_USER_NAME:-plextrac} else useradd $user_id --groups docker \ --shell /bin/bash \ --create-home --home "${PLEXTRAC_HOME}" \ - plextrac + ${PLEXTRAC_USER_NAME:-plextrac} fi if ! id -g "plextrac" >/dev/null 2>&1 then - groupadd -g $(id -u plextrac) plextrac + groupadd -g $(id -u ${PLEXTRAC_USER_NAME:-plextrac}) ${PLEXTRAC_USER_NAME:-plextrac} -f fi - usermod -g plextrac plextrac + usermod -g ${PLEXTRAC_USER_NAME:-plextrac} ${PLEXTRAC_USER_NAME:-plextrac} log "Done." fi } @@ -53,6 +53,7 @@ function copy_scripts() { function fix_file_ownership() { info "Fixing file ownership in ${PLEXTRAC_HOME} for plextrac" - chown -R plextrac:plextrac "${PLEXTRAC_HOME}" + local user=$(id -u ${PLEXTRAC_USER_NAME:-plextrac}) + chown -R $user:$user "${PLEXTRAC_HOME}" log "Done." -} +} diff --git a/src/_manage_postgres.sh b/src/_manage_postgres.sh index 03e1ea7..6ec2d74 100644 --- a/src/_manage_postgres.sh +++ b/src/_manage_postgres.sh @@ -148,16 +148,24 @@ function mod_check_etl_status() { local migration_exited="running" title "Checking Data Migration Status" info "Checking Migration Status" + secs=300 + endTime=$(( $(date +%s) + secs )) + if [[ $(container_client ps -a | grep migrations 2>/dev/null | awk '{print $1}') != "" ]]; then + migration_exited="running" + else + migration_exited="exited" + debug "Migration container not found" + fi while [ "$migration_exited" == "running" ]; do # Check if the migration container has exited, e.g., migrations have completed or failed - if [ "$CONTAINER_RUNTIME" == "podman" ]; then - local migration_exited=$(podman container inspect --format '{{.State.Status}}' "migrations") - else - local migration_exited=$(docker inspect --format '{{.State.Status}}' "plextrac-couchbase-migrations-1") + local migration_exited=$(container_client inspect --format '{{.State.Status}}' `container_client ps -a | grep migrations 2>/dev/null | awk '{print $1}'` || migration_exited="exited") + if [ $(date +%s) -gt $endTime ]; then + error "Migration container has been running for over 5 minutes or is still running. Please ensure they complete or fail before taking further action with the PlexTrac Manager Utility. You can check on the logs by running 'docker compose logs -f couchbase-migrations'" + die "Exiting PlexTrac Manager Utility." fi - for s in / - \\ \|; do printf "\r$s $(docker inspect --format '{{.State.Status}}' plextrac-couchbase-migrations-1) -- $(docker logs plextrac-couchbase-migrations-1 2> /dev/null | tail -n 1 -q)"; sleep .1; done + for s in / - \\ \|; do printf "\r\033[K$s $(container_client inspect --format '{{.State.Status}}' `container_client ps -a | grep migrations 2>/dev/null | awk '{print $1}'`) -- $(container_client logs `container_client ps -a | grep migrations 2>/dev/null | awk '{print $1}'` 2> /dev/null | tail -n 1 -q)"; sleep .1; done done - printf "\r" + printf "\r\033[K" info "Migrations complete" if [ "${IGNORE_ETL_STATUS:-false}" == "false" ]; then diff --git a/src/_podman.sh b/src/_podman.sh index 83ec2ce..05f796d 100644 --- a/src/_podman.sh +++ b/src/_podman.sh @@ -23,21 +23,13 @@ function podman_setup() { container_client volume create "$volume" --driver=local --opt device="${pt_volumes[$volume]}" --opt type=none --opt o="bind" 1>/dev/null fi done - - ##### - # Placeholder for right now. These ENVs may need to be set in the .env file if we are using podman. - ##### - # POSTGRES_HOST_AUTH_METHOD=scram-sha-256 - # POSTGRES_INITDB_ARGS="--auth-local=scram-sha-256 --auth-host=scram-sha-256" - # PG_MIGRATE_PATH=/usr/src/plextrac-api - # PGDATA=/var/lib/postgresql/data/pgdata } function plextrac_install_podman() { var=$(declare -p "$1") eval "declare -A serviceValues="${var#*=} PODMAN_CB_IMAGE="${PODMAN_CB_IMAGE:-docker.io/plextrac/plextracdb:7.2.0}" - PODMAN_PG_IMAGE="${PODMAN_PG_IMAGE:-docker.io/postgres:14-alpine}" + PODMAN_PG_IMAGE="${PODMAN_PG_IMAGE:-docker.io/plextrac/plextracpostgres:stable}" PODMAN_REDIS_IMAGE="${PODMAN_REDIS_IMAGE:-docker.io/redis:6.2-alpine}" PODMAN_API_IMAGE="${PODMAN_API_IMAGE:-docker.io/plextrac/plextracapi:${UPGRADE_STRATEGY:-stable}}" PODMAN_NGINX_IMAGE="${PODMAN_NGINX_IMAGE:-docker.io/plextrac/plextracnginx:${UPGRADE_STRATEGY:-stable}}" @@ -59,8 +51,8 @@ function plextrac_install_podman() { else serviceValues[plextracnginx-ports]="-p 0.0.0.0:443:443" fi - serviceValues[migrations-env_vars]="-e COUCHBASE_URL=${COUCHBASE_URL:-http://plextracdb} -e CB_API_PASS=${CB_API_PASS} -e CB_API_USER=${CB_API_USER} -e REDIS_CONNECTION_STRING=${REDIS_CONNECTION_STRING:-redis} -e REDIS_PASSWORD=${REDIS_PASSWORD:?err} -e PG_HOST=${PG_HOST:-postgres} -e PG_MIGRATE_PATH=/usr/src/plextrac-api -e PG_SUPER_USER=${POSTGRES_USER:?err} -e PG_SUPER_PASSWORD=${POSTGRES_PASSWORD:?err} -e PG_CORE_ADMIN_PASSWORD=${PG_CORE_ADMIN_PASSWORD:?err} -e PG_CORE_ADMIN_USER=${PG_CORE_ADMIN_USER:?err} -e PG_CORE_DB=${PG_CORE_DB:?err} -e PG_RUNBOOKS_ADMIN_PASSWORD=${PG_RUNBOOKS_ADMIN_PASSWORD:?err} -e PG_RUNBOOKS_ADMIN_USER=${PG_RUNBOOKS_ADMIN_USER:?err} -e PG_RUNBOOKS_RW_PASSWORD=${PG_RUNBOOKS_RW_PASSWORD:?err} -e PG_RUNBOOKS_RW_USER=${PG_RUNBOOKS_RW_USER:?err} -e PG_RUNBOOKS_DB=${PG_RUNBOOKS_DB:?err} -e PG_CKEDITOR_ADMIN_PASSWORD=${PG_CKEDITOR_ADMIN_PASSWORD:?err} -e PG_CKEDITOR_ADMIN_USER=${PG_CKEDITOR_ADMIN_USER:?err} -e PG_CKEDITOR_DB=${PG_CKEDITOR_DB:?err} -e PG_CKEDITOR_RO_PASSWORD=${PG_CKEDITOR_RO_PASSWORD:?err} -e PG_CKEDITOR_RO_USER=${PG_CKEDITOR_RO_USER:?err} -e PG_CKEDITOR_RW_PASSWORD=${PG_CKEDITOR_RW_PASSWORD:?err} -e PG_CKEDITOR_RW_USER=${PG_CKEDITOR_RW_USER:?err} -e PG_TENANTS_WRITE_MODE=${PG_TENANTS_WRITE_MODE:-couchbase_only} -e PG_TENANTS_READ_MODE=${PG_TENANTS_READ_MODE:-couchbase_only} -e PG_CORE_RO_PASSWORD=${PG_CORE_RO_PASSWORD:?err} -e PG_CORE_RO_USER=${PG_CORE_RO_USER:?err} -e PG_CORE_RW_PASSWORD=${PG_CORE_RW_PASSWORD:?err} -e PG_CORE_RW_USER=${PG_CORE_RW_USER:?err}" - serviceValues[ckeditor-backend-env_vars]="-e DATABASE_Driver=postgres -e DATABASE_HOST=postgres -e DATABASE_PORT=5432 -e DATABASE_SCHEMA=public -e REDIS_HOST=redis -e REDIS_CONNECTION_STRING=redis://redis:6379 -e DATABASE_POOL_CONNECTION_LIMIT=10 -e ENVIRONMENTS_MANAGEMENT_SECRET_KEY=${CKEDITOR_ENVIRONMENT_SECRET_KEY:-} -e LICENSE_KEY=${CKEDITOR_SERVER_LICENSE_KEY:-} -e ENABLE_METRIC_LOGS=${CKEDITOR_ENABLE_METRIC_LOGS:-false}" + serviceValues[migrations-env_vars]="-e COUCHBASE_URL=${COUCHBASE_URL:-http://plextracdb} -e CB_API_PASS=${CB_API_PASS} -e CB_API_USER=${CB_API_USER} -e REDIS_CONNECTION_STRING=${REDIS_CONNECTION_STRING:-redis} -e REDIS_PASSWORD=${REDIS_PASSWORD:?err} -e PG_HOST=${PG_HOST:-postgres} -e PG_MIGRATE_PATH=/usr/src/plextrac-api -e PG_SUPER_USER=${POSTGRES_USER:?err} -e PG_SUPER_PASSWORD=${POSTGRES_PASSWORD:?err} -e PG_CORE_ADMIN_PASSWORD=${PG_CORE_ADMIN_PASSWORD:?err} -e PG_CORE_ADMIN_USER=${PG_CORE_ADMIN_USER:?err} -e PG_CORE_DB=${PG_CORE_DB:?err} -e PG_RUNBOOKS_ADMIN_PASSWORD=${PG_RUNBOOKS_ADMIN_PASSWORD:?err} -e PG_RUNBOOKS_ADMIN_USER=${PG_RUNBOOKS_ADMIN_USER:?err} -e PG_RUNBOOKS_RW_PASSWORD=${PG_RUNBOOKS_RW_PASSWORD:?err} -e PG_RUNBOOKS_RW_USER=${PG_RUNBOOKS_RW_USER:?err} -e PG_RUNBOOKS_DB=${PG_RUNBOOKS_DB:?err} -e PG_CKEDITOR_ADMIN_PASSWORD=${PG_CKEDITOR_ADMIN_PASSWORD:?err} -e PG_CKEDITOR_ADMIN_USER=${PG_CKEDITOR_ADMIN_USER:?err} -e PG_CKEDITOR_DB=${PG_CKEDITOR_DB:?err} -e PG_CKEDITOR_RO_PASSWORD=${PG_CKEDITOR_RO_PASSWORD:?err} -e PG_CKEDITOR_RO_USER=${PG_CKEDITOR_RO_USER:?err} -e PG_CKEDITOR_RW_PASSWORD=${PG_CKEDITOR_RW_PASSWORD:?err} -e PG_CKEDITOR_RW_USER=${PG_CKEDITOR_RW_USER:?err} -e PG_TENANTS_WRITE_MODE=${PG_TENANTS_WRITE_MODE:-couchbase_only} -e PG_TENANTS_READ_MODE=${PG_TENANTS_READ_MODE:-couchbase_only} -e PG_CORE_RO_PASSWORD=${PG_CORE_RO_PASSWORD:?err} -e PG_CORE_RO_USER=${PG_CORE_RO_USER:?err} -e PG_CORE_RW_PASSWORD=${PG_CORE_RW_PASSWORD:?err} -e PG_CORE_RW_USER=${PG_CORE_RW_USER:?err} -e CKEDITOR_MIGRATE=${CKEDITOR_MIGRATE:-} -e CKEDITOR_SERVER_CONFIG=${CKEDITOR_SERVER_CONFIG:-}" + serviceValues[ckeditor-backend-env_vars]="-e DATABASE_DATABASE=${PG_CKEDITOR_DB:?err} -e DATABASE_DRIVER=postgres -e DATABASE_HOST=postgres -e DATABASE_PASSWORD=${PG_CKEDITOR_ADMIN_PASSWORD:?err} -e DATABASE_POOL_CONNECTION_LIMIT=10 -e DATABASE_PORT=5432 -e DATABASE_SCHEMA=public -e DATABASE_USER=${PG_CKEDITOR_ADMIN_USER:?err} -e ENABLE_METRIC_LOGS=${CKEDITOR_ENABLE_METRIC_LOGS:-false} -e ENVIRONMENTS_MANAGEMENT_SECRET_KEY=${CKEDITOR_ENVIRONMENT_SECRET_KEY:-} -e LICENSE_KEY=${CKEDITOR_SERVER_LICENSE_KEY:-} -e LOG_LEVEL=${CKEDITOR_LOG_LEVEL:-60} -e REDIS_CONNECTION_STRING=redis://redis:6379 -e REDIS_HOST=redis -e REDIS_PASSWORD=${REDIS_PASSWORD:?err}" title "Installing PlexTrac Instance" requires_user_plextrac @@ -138,10 +130,16 @@ function plextrac_install_podman() { fi fi - mod_start "${INSTALL_WAIT_TIMEOUT:-600}" # allow up to 10 or specified minutes for startup on install, due to migrations - podman rm -f plextracapi - mod_start - + mod_start # allow up to 10 or specified minutes for startup on install, due to migrations + run_cb_migrations 600 + if [ "${CKEDITOR_MIGRATE:-false}" == "true" ]; then + ckeditorNginxConf + getCKEditorRTCConfig + podman rm -f plextracapi + mod_start # this doesn't re-run migrations + run_cb_migrations + fi + mod_info info "Post installation note:" log "If you wish to have access to historical logs, you can configure docker to send logs to journald." @@ -155,7 +153,7 @@ function plextrac_start_podman() { serviceValues[redis-entrypoint]=$(printf '%s' "--entrypoint=" "[" "\"redis-server\"" "," "\"--requirepass\"" "," "\"${REDIS_PASSWORD}\"" "]") serviceValues[cb-healthcheck]='--health-cmd=["wget","--user='$CB_ADMIN_USER'","--password='$CB_ADMIN_PASS'","-qO-","http://plextracdb:8091/pools/default/buckets/reportMe"]' PODMAN_CB_IMAGE="${PODMAN_CB_IMAGE:-docker.io/plextrac/plextracdb:7.2.0}" - PODMAN_PG_IMAGE="${PODMAN_PG_IMAGE:-docker.io/postgres:14-alpine}" + PODMAN_PG_IMAGE="${PODMAN_PG_IMAGE:-docker.io/plextrac/plextracpostgres:stable}" PODMAN_REDIS_IMAGE="${PODMAN_REDIS_IMAGE:-docker.io/redis:6.2-alpine}" PODMAN_API_IMAGE="${PODMAN_API_IMAGE:-docker.io/plextrac/plextracapi:${UPGRADE_STRATEGY:-stable}}" PODMAN_NGINX_IMAGE="${PODMAN_NGINX_IMAGE:-docker.io/plextrac/plextracnginx:${UPGRADE_STRATEGY:-stable}}" @@ -173,18 +171,24 @@ function plextrac_start_podman() { else serviceValues[plextracnginx-ports]="-p 0.0.0.0:443:443" fi - serviceValues[migrations-env_vars]="-e COUCHBASE_URL=${COUCHBASE_URL:-http://plextracdb} -e CB_API_PASS=${CB_API_PASS} -e CB_API_USER=${CB_API_USER} -e REDIS_CONNECTION_STRING=${REDIS_CONNECTION_STRING:-redis} -e REDIS_PASSWORD=${REDIS_PASSWORD:?err} -e PG_HOST=${PG_HOST:-postgres} -e PG_MIGRATE_PATH=/usr/src/plextrac-api -e PG_SUPER_USER=${POSTGRES_USER:?err} -e PG_SUPER_PASSWORD=${POSTGRES_PASSWORD:?err} -e PG_CORE_ADMIN_PASSWORD=${PG_CORE_ADMIN_PASSWORD:?err} -e PG_CORE_ADMIN_USER=${PG_CORE_ADMIN_USER:?err} -e PG_CORE_DB=${PG_CORE_DB:?err} -e PG_RUNBOOKS_ADMIN_PASSWORD=${PG_RUNBOOKS_ADMIN_PASSWORD:?err} -e PG_RUNBOOKS_ADMIN_USER=${PG_RUNBOOKS_ADMIN_USER:?err} -e PG_RUNBOOKS_RW_PASSWORD=${PG_RUNBOOKS_RW_PASSWORD:?err} -e PG_RUNBOOKS_RW_USER=${PG_RUNBOOKS_RW_USER:?err} -e PG_RUNBOOKS_DB=${PG_RUNBOOKS_DB:?err} -e PG_CKEDITOR_ADMIN_PASSWORD=${PG_CKEDITOR_ADMIN_PASSWORD:?err} -e PG_CKEDITOR_ADMIN_USER=${PG_CKEDITOR_ADMIN_USER:?err} -e PG_CKEDITOR_DB=${PG_CKEDITOR_DB:?err} -e PG_CKEDITOR_RO_PASSWORD=${PG_CKEDITOR_RO_PASSWORD:?err} -e PG_CKEDITOR_RO_USER=${PG_CKEDITOR_RO_USER:?err} -e PG_CKEDITOR_RW_PASSWORD=${PG_CKEDITOR_RW_PASSWORD:?err} -e PG_CKEDITOR_RW_USER=${PG_CKEDITOR_RW_USER:?err} -e PG_TENANTS_WRITE_MODE=${PG_TENANTS_WRITE_MODE:-couchbase_only} -e PG_TENANTS_READ_MODE=${PG_TENANTS_READ_MODE:-couchbase_only} -e PG_CORE_RO_PASSWORD=${PG_CORE_RO_PASSWORD:?err} -e PG_CORE_RO_USER=${PG_CORE_RO_USER:?err} -e PG_CORE_RW_PASSWORD=${PG_CORE_RW_PASSWORD:?err} -e PG_CORE_RW_USER=${PG_CORE_RW_USER:?err}" - serviceValues[ckeditor-backend-env_vars]="-e DATABASE_Driver=postgres -e DATABASE_HOST=postgres -e DATABASE_PORT=5432 -e DATABASE_SCHEMA=public -e REDIS_HOST=redis -e REDIS_CONNECTION_STRING=redis://redis:6379 -e DATABASE_POOL_CONNECTION_LIMIT=10 -e ENVIRONMENTS_MANAGEMENT_SECRET_KEY=${CKEDITOR_ENVIRONMENT_SECRET_KEY:-} -e LICENSE_KEY=${CKEDITOR_SERVER_LICENSE_KEY:-} -e ENABLE_METRIC_LOGS=${CKEDITOR_ENABLE_METRIC_LOGS:-false}" + serviceValues[migrations-env_vars]="-e COUCHBASE_URL=${COUCHBASE_URL:-http://plextracdb} -e CB_API_PASS=${CB_API_PASS} -e CB_API_USER=${CB_API_USER} -e REDIS_CONNECTION_STRING=${REDIS_CONNECTION_STRING:-redis} -e REDIS_PASSWORD=${REDIS_PASSWORD:?err} -e PG_HOST=${PG_HOST:-postgres} -e PG_MIGRATE_PATH=/usr/src/plextrac-api -e PG_SUPER_USER=${POSTGRES_USER:?err} -e PG_SUPER_PASSWORD=${POSTGRES_PASSWORD:?err} -e PG_CORE_ADMIN_PASSWORD=${PG_CORE_ADMIN_PASSWORD:?err} -e PG_CORE_ADMIN_USER=${PG_CORE_ADMIN_USER:?err} -e PG_CORE_DB=${PG_CORE_DB:?err} -e PG_RUNBOOKS_ADMIN_PASSWORD=${PG_RUNBOOKS_ADMIN_PASSWORD:?err} -e PG_RUNBOOKS_ADMIN_USER=${PG_RUNBOOKS_ADMIN_USER:?err} -e PG_RUNBOOKS_RW_PASSWORD=${PG_RUNBOOKS_RW_PASSWORD:?err} -e PG_RUNBOOKS_RW_USER=${PG_RUNBOOKS_RW_USER:?err} -e PG_RUNBOOKS_DB=${PG_RUNBOOKS_DB:?err} -e PG_CKEDITOR_ADMIN_PASSWORD=${PG_CKEDITOR_ADMIN_PASSWORD:?err} -e PG_CKEDITOR_ADMIN_USER=${PG_CKEDITOR_ADMIN_USER:?err} -e PG_CKEDITOR_DB=${PG_CKEDITOR_DB:?err} -e PG_CKEDITOR_RO_PASSWORD=${PG_CKEDITOR_RO_PASSWORD:?err} -e PG_CKEDITOR_RO_USER=${PG_CKEDITOR_RO_USER:?err} -e PG_CKEDITOR_RW_PASSWORD=${PG_CKEDITOR_RW_PASSWORD:?err} -e PG_CKEDITOR_RW_USER=${PG_CKEDITOR_RW_USER:?err} -e PG_TENANTS_WRITE_MODE=${PG_TENANTS_WRITE_MODE:-couchbase_only} -e PG_TENANTS_READ_MODE=${PG_TENANTS_READ_MODE:-couchbase_only} -e PG_CORE_RO_PASSWORD=${PG_CORE_RO_PASSWORD:?err} -e PG_CORE_RO_USER=${PG_CORE_RO_USER:?err} -e PG_CORE_RW_PASSWORD=${PG_CORE_RW_PASSWORD:?err} -e PG_CORE_RW_USER=${PG_CORE_RW_USER:?err} -e CKEDITOR_MIGRATE=${CKEDITOR_MIGRATE:-} -e CKEDITOR_SERVER_CONFIG=${CKEDITOR_SERVER_CONFIG:-}" + serviceValues[ckeditor-backend-env_vars]="-e DATABASE_DATABASE=${PG_CKEDITOR_DB:?err} -e DATABASE_DRIVER=postgres -e DATABASE_HOST=postgres -e DATABASE_PASSWORD=${PG_CKEDITOR_ADMIN_PASSWORD:?err} -e DATABASE_POOL_CONNECTION_LIMIT=10 -e DATABASE_PORT=5432 -e DATABASE_SCHEMA=public -e DATABASE_USER=${PG_CKEDITOR_ADMIN_USER:?err} -e ENABLE_METRIC_LOGS=${CKEDITOR_ENABLE_METRIC_LOGS:-false} -e ENVIRONMENTS_MANAGEMENT_SECRET_KEY=${CKEDITOR_ENVIRONMENT_SECRET_KEY:-} -e LICENSE_KEY=${CKEDITOR_SERVER_LICENSE_KEY:-} -e LOG_LEVEL=${CKEDITOR_LOG_LEVEL:-} -e REDIS_CONNECTION_STRING=redis://redis:6379 -e REDIS_HOST=redis -e REDIS_PASSWORD=${REDIS_PASSWORD:?err}" + if [ "${CKEDITOR_MIGRATE:-false}" == "true" ]; then serviceNames=("plextracdb" "postgres" "redis" "ckeditor-backend" "plextracapi" "notification-engine" "notification-sender" "contextual-scoring-service" "migrations" "plextracnginx") fi - serviceValues[notification-env_vars]="-e API_INTEGRATION_AUTH_CONFIG_NOTIFICATION_SERVICE: ${API_INTEGRATION_AUTH_CONFIG_NOTIFICATION_SERVICE:?err}" + serviceValues[notification-env_vars]="-e API_INTEGRATION_AUTH_CONFIG_NOTIFICATION_SERVICE=${API_INTEGRATION_AUTH_CONFIG_NOTIFICATION_SERVICE:?err}" + serviceValues[notification-env_vars]="-e INTERNAL_API_KEY_SHARED=${INTERNAL_API_KEY_SHARED:?err}" title "Starting PlexTrac..." requires_user_plextrac for service in "${serviceNames[@]}"; do - debug "Checking $service" + if [ "$service" == "migrations" ]; then + # Skip the migration service, as it will be started separately + continue + fi + debug "Checking $service" local volumes="" local ports="" local healthcheck="" @@ -252,49 +256,33 @@ function plextrac_start_podman() { fi info "Creating $service" # This specific if loop is because Bash escaping and the specific need for the podman flag --entrypoint were being a massive pain in figuring out. After hours of effort, simply making an if statement here and calling podman directly fixes the escaping issues - if [ "$service" == "migrations" ]; then - debug "Running migrations" - podman run ${serviceValues[env-file]} $env_vars --entrypoint='["/bin/sh","-c","npm run maintenance:enable && npm run pg:migrate && npm run db:migrate && npm run pg:etl up all && npm run maintenance:disable"]' --restart=no $healthcheck \ - $volumes:z --name=${service} $deploy ${serviceValues[network]} $ports -d $image 1>/dev/null - continue - fi container_client run ${serviceValues[env-file]} $env_vars $init $alias $entrypoint $restart_policy $healthcheck \ $volumes --name=${service} $deploy ${serviceValues[network]} $ports -d $image 1>/dev/null fi done - waitTimeout=${2:-90} - info "Waiting up to ${waitTimeout}s for application startup" - local progressBar - # todo: extract this to function waitForCondition - # it should take an optional param which is a function - # that should return 0 when ready - ( - while true; do - progressBar=$(printf ".%s" "${progressBar:-}") - msg "\r%b" "${GREEN}[+]${RESET} ${NOCURSOR}${progressBar}" - sleep 2 - done & - progressBarPid=$! - debug "Waiting for migrations to run and complete if needed" - timeout --preserve-status $waitTimeout podman wait migrations >/dev/null || { error "Migrations exceeded timeout"; kill $progressBarPid; exit 1; } & - - timeoutPid=$! - trap "kill $progressBarPid $timeoutPid >/dev/null 2>&1 || true" SIGINT SIGTERM - - wait $timeoutPid +} - kill $progressBarPid >/dev/null 2>&1 || true - >&2 echo -n "${RESET}" +function podman_run_cb_migrations() { + var=$(declare -p "$1") + eval "declare -A serviceValues="${var#*=} + serviceValues[env-file]="--env-file ${PLEXTRAC_HOME:-}/.env" + serviceValues[migrations-env_vars]="-e COUCHBASE_URL=${COUCHBASE_URL:-http://plextracdb} -e CB_API_PASS=${CB_API_PASS} -e CB_API_USER=${CB_API_USER} -e REDIS_CONNECTION_STRING=${REDIS_CONNECTION_STRING:-redis} -e REDIS_PASSWORD=${REDIS_PASSWORD:?err} -e PG_HOST=${PG_HOST:-postgres} -e PG_MIGRATE_PATH=/usr/src/plextrac-api -e PG_SUPER_USER=${POSTGRES_USER:?err} -e PG_SUPER_PASSWORD=${POSTGRES_PASSWORD:?err} -e PG_CORE_ADMIN_PASSWORD=${PG_CORE_ADMIN_PASSWORD:?err} -e PG_CORE_ADMIN_USER=${PG_CORE_ADMIN_USER:?err} -e PG_CORE_DB=${PG_CORE_DB:?err} -e PG_RUNBOOKS_ADMIN_PASSWORD=${PG_RUNBOOKS_ADMIN_PASSWORD:?err} -e PG_RUNBOOKS_ADMIN_USER=${PG_RUNBOOKS_ADMIN_USER:?err} -e PG_RUNBOOKS_RW_PASSWORD=${PG_RUNBOOKS_RW_PASSWORD:?err} -e PG_RUNBOOKS_RW_USER=${PG_RUNBOOKS_RW_USER:?err} -e PG_RUNBOOKS_DB=${PG_RUNBOOKS_DB:?err} -e PG_CKEDITOR_ADMIN_PASSWORD=${PG_CKEDITOR_ADMIN_PASSWORD:?err} -e PG_CKEDITOR_ADMIN_USER=${PG_CKEDITOR_ADMIN_USER:?err} -e PG_CKEDITOR_DB=${PG_CKEDITOR_DB:?err} -e PG_CKEDITOR_RO_PASSWORD=${PG_CKEDITOR_RO_PASSWORD:?err} -e PG_CKEDITOR_RO_USER=${PG_CKEDITOR_RO_USER:?err} -e PG_CKEDITOR_RW_PASSWORD=${PG_CKEDITOR_RW_PASSWORD:?err} -e PG_CKEDITOR_RW_USER=${PG_CKEDITOR_RW_USER:?err} -e PG_TENANTS_WRITE_MODE=${PG_TENANTS_WRITE_MODE:-couchbase_only} -e PG_TENANTS_READ_MODE=${PG_TENANTS_READ_MODE:-couchbase_only} -e PG_CORE_RO_PASSWORD=${PG_CORE_RO_PASSWORD:?err} -e PG_CORE_RO_USER=${PG_CORE_RO_USER:?err} -e PG_CORE_RW_PASSWORD=${PG_CORE_RW_PASSWORD:?err} -e PG_CORE_RW_USER=${PG_CORE_RW_USER:?err} -e CKEDITOR_MIGRATE=${CKEDITOR_MIGRATE:-} -e CKEDITOR_SERVER_CONFIG=${CKEDITOR_SERVER_CONFIG:-}" + PODMAN_API_IMAGE="${PODMAN_API_IMAGE:-docker.io/plextrac/plextracapi:${UPGRADE_STRATEGY:-stable}}" + serviceValues[api-image]="${PODMAN_API_IMAGE}" + local env_vars="${serviceValues[migrations-env_vars]}" + local volumes="${serviceValues[migrations-volumes]}" + local image="${serviceValues[api-image]}" - msg " Done" - ) + debug "Running migrations" + podman run ${serviceValues[env-file]} $env_vars --entrypoint='["/bin/sh","-c","npm run maintenance:enable && npm run pg:superuser:bootstrap --if-present && npm run pg:migrate && npm run db:migrate && npm run pg:etl up all && npm run maintenance:disable"]' --restart=no \ + $volumes:z --replace --name="migrations" ${serviceValues[network]} -d $image 1>/dev/null } function podman_pull_images() { declare -A service_images PODMAN_CB_IMAGE="${PODMAN_CB_IMAGE:-docker.io/plextrac/plextracdb:7.2.0}" - PODMAN_PG_IMAGE="${PODMAN_PG_IMAGE:-docker.io/postgres:14-alpine}" + PODMAN_PG_IMAGE="${PODMAN_PG_IMAGE:-docker.io/plextrac/plextracpostgres:stable}" PODMAN_REDIS_IMAGE="${PODMAN_REDIS_IMAGE:-docker.io/redis:6.2-alpine}" PODMAN_API_IMAGE="${PODMAN_API_IMAGE:-docker.io/plextrac/plextracapi:${UPGRADE_STRATEGY:-stable}}" PODMAN_NGINX_IMAGE="${PODMAN_NGINX_IMAGE:-docker.io/plextrac/plextracnginx:${UPGRADE_STRATEGY:-stable}}" diff --git a/src/_restore.sh b/src/_restore.sh index d0afbbc..2fc5889 100644 --- a/src/_restore.sh +++ b/src/_restore.sh @@ -37,7 +37,7 @@ function restore_doUploadsRestore() { function restore_doCouchbaseRestore() { title "Restoring Couchbase from backup" debug "Fixing permissions" - local user_id=$(id -u plextrac) + local user_id=$(id -u ${PLEXTRAC_USER_NAME:-plextrac}) if [ "$CONTAINER_RUNTIME" == "docker" ]; then debug "`compose_client exec -T $couchbaseComposeService \ chown -R $user_id:$user_id /backups 2>&1`" @@ -55,7 +55,7 @@ function restore_doCouchbaseRestore() { if [ "$CONTAINER_RUNTIME" == "podman" ]; then podman exec --workdir /backups $couchbaseComposeService tar -xzvf /backups/$backupFile else - debug "`compose_client exec -T --user $(id -u plextrac) --workdir /backups $couchbaseComposeService \ + debug "`compose_client exec -T --user $(id -u ${PLEXTRAC_USER_NAME:-plextrac}) --workdir /backups $couchbaseComposeService \ tar -xzvf /backups/$backupFile 2>&1`" fi @@ -75,7 +75,7 @@ function restore_doCouchbaseRestore() { if [ "$CONTAINER_RUNTIME" == "podman" ]; then podman exec --workdir /backups $couchbaseComposeService rm -rf /backups/$dirName else - debug "`compose_client exec -T --user $(id -u plextrac) --workdir /backups $couchbaseComposeService \ + debug "`compose_client exec -T --user $(id -u ${PLEXTRAC_USER_NAME:-plextrac}) --workdir /backups $couchbaseComposeService \ rm -rf /backups/$dirName 2>&1`" fi log "Done" @@ -95,7 +95,7 @@ function restore_doPostgresRestore() { databaseBackups=$(basename -s .psql `tar -tf $latestBackup | awk '/.psql/{print $1}'`) log "Restoring from $backupFile" log "Databases to restore:\n$databaseBackups" - local cmd="compose_client exec -T --user $(id -u plextrac)" + local cmd="compose_client exec -T --user $(id -u ${PLEXTRAC_USER_NAME:-plextrac})" if [ "$CONTAINER_RUNTIME" == "podman" ]; then local cmd='podman exec' fi diff --git a/src/_stop.sh b/src/_stop.sh index 7e9934f..63ba004 100644 --- a/src/_stop.sh +++ b/src/_stop.sh @@ -6,6 +6,29 @@ function mod_stop() { title "Attempting to gracefully stop PlexTrac..." debug "Stopping API Services..." + + # Before stopping, check if stable is being used and the current image tag for stable is correct + if [[ "$UPGRADE_STRATEGY" == "stable" ]]; then + debug "Running stable, validating the expected version against current running version" + running_backend_version="$(for i in $(compose_client ps plextracapi -q); do docker container inspect "$i" --format json | jq -r '(.[].Config.Labels | ."org.opencontainers.image.version")'; done | sort -u)" + running_frontend_version="$(for i in $(compose_client ps plextracnginx -q); do docker container inspect "$i" --format json | jq -r '(.[].Config.Labels | ."org.opencontainers.image.version")'; done | sort -u)" + expected_backend_tag="$(compose_client config | grep image | grep plextracapi | head -n 1 | awk '{print $2}')" + expected_frontend_tag="$(compose_client config | grep image | grep plextracnginx | head -n 1 | awk '{print $2}')" + expected_backend_version="$(docker image inspect $expected_backend_tag --format json | jq -r '(.[].Config.Labels | ."org.opencontainers.image.version")')" + expected_frontend_version="$(docker image inspect $expected_frontend_tag --format json | jq -r '(.[].Config.Labels | ."org.opencontainers.image.version")')" + + if [[ "$running_backend_version" != "$expected_backend_version" ]]; then + error "The running backend version ${running_backend_version} does not match the expected version (${expected_backend_version})" + error "During a system reboot or shutdown, the docker engine normally handles this gracefully and automatically, so using 'plextrac stop' may be unnecessary" + die "Since 'plextrac stop' runs a docker compose down, we cannot guarantee a 'plextrac start' will bring up the correct version. Please change UPGRADE_STRATEGY to the current running version ${running_backend_version} or run an update first" + fi + if [[ "$running_frontend_version" != "$expected_frontend_version" ]]; then + error "The running frontend version (${running_frontend_version}) does not match the expected version (${expected_frontend_version})" + error "During a system reboot or shutdown, the docker engine normally handles this gracefully and automatically, so using 'plextrac stop' may be unnecessary" + die "Since 'plextrac stop' runs a docker compose down, we cannot guarantee a 'plextrac start' will bring up the correct version. Please change UPGRADE_STRATEGY to the current running version ${running_frontend_version} or run an update first" + fi + fi + for service in $(container_client ps --format '{{.Names}}' | grep -Eo 'plextracapi|plextracnginx|notification-engine|notification-sender|contextual-scoring-service'); do if [ "$CONTAINER_RUNTIME" == "podman" ]; then container_client stop $service @@ -31,5 +54,5 @@ function mod_stop() { compose_client stop fi info "-----" - info "PlexTrac stopped. It's now safe to update and restart" + info "PlexTrac stopped. It's now safe to update the OS and restart" } diff --git a/src/_update.sh b/src/_update.sh index fdfc896..6047792 100644 --- a/src/_update.sh +++ b/src/_update.sh @@ -7,17 +7,27 @@ function mod_update() { if [ "${LOCK_UPDATES:-false}" == "true" ]; then die "Updates are locked due to a failed data migration. Continuing to attempt to update may result in data loss!!! Please contact PlexTrac Support" fi + + # if [ "${UPGRADE_STRATEGY}" == "stable" ] && [ -z "${PLEXTRAC_MANAGED:-}" ]; then + # sed -i 's/UPGRADE_STRATEGY=stable/UPGRADE_STRATEGY=2.10/g' .env + # info "Set Upgrade Startegy to 2.10 for stable release cycle. Please do not remove this version pin unless instructed to do so by PlexTrac Support." + # else + # info "Cloud hosted customer - no modification of UPGRADE_STRATEGY necessary" + # fi + title "Updating PlexTrac" # I'm comparing an int :shrug: # shellcheck disable=SC2086 if [ "${AIRGAPPED:-false}" == "false" ]; then if [ ${SKIP_SELF_UPGRADE:-0} -eq 0 ]; then - info "Checking for updates to the PlexTrac Management Utility" - if selfupdate_checkForNewRelease; then - event__log_activity "update:upgrade-utility" "${releaseInfo}" - selfupdate_doUpgrade - die "Failed to upgrade PlexTrac Management Util! Please reach out to support if problem persists" - exit 1 # just in case, previous line should already exit + if [ ${UTIL_UPDATED:-0} -eq 0 ]; then + info "Checking for updates to the PlexTrac Management Utility" + if selfupdate_checkForNewRelease; then + event__log_activity "update:upgrade-utility" "${releaseInfo}" + selfupdate_doUpgrade + die "Failed to upgrade PlexTrac Management Util! Please reach out to support if problem persists" + exit 1 # just in case, previous line should already exit + fi fi else info "Skipping self upgrade" @@ -47,6 +57,7 @@ function mod_update() { for i in ${upgrade_path[@]} do if [ "$i" != "$running_ver" ]; then + info "Starting Update..." debug "Upgrading to $i" getCKEditorRTCConfig mod_configure @@ -63,8 +74,9 @@ function mod_update() { title "Pulling latest container images" pull_docker_images fi - + mod_start || sleep 20 + run_cb_migrations if [ "$CONTAINER_RUNTIME" == "podman" ]; then unhealthy_services=$(for service in $(podman ps -a --format json | jq -r .[].Names | grep '"' | cut -d '"' -f2); do podman inspect $service --format json | jq -r '.[] | select(.State.Health.Status == "unhealthy" or (.State.Status != "running" and .State.ExitCode != 0) or .State.Status == "created") | .Name' | xargs -r printf "%s;"; done) else @@ -82,6 +94,7 @@ function mod_update() { mod_check_etl_status "${ETL_OUTPUT-}" title "Update complete" else + info "Starting Update..." debug "Proceeding with normal update" getCKEditorRTCConfig mod_configure @@ -99,14 +112,15 @@ function mod_update() { fi else info "AIRGAPPED mode enabled, skipping image pull" + # podman needs to remove containers before attempting to start with updated containers + if [ "$CONTAINER_RUNTIME" == "podman" ]; then + title "Removing old podman containers" + podman_remove + fi fi - if [ "$CONTAINER_RUNTIME" == "podman" ]; then - title "Pulling latest container images" - podman_remove - podman_pull_images - fi mod_start || sleep 20 + run_cb_migrations if [ "$CONTAINER_RUNTIME" == "podman" ]; then unhealthy_services=$(for service in $(podman ps -a --format json | jq -r .[].Names | grep '"' | cut -d '"' -f2); do podman inspect $service --format json | jq -r '.[] | select(.State.Health.Status == "unhealthy" or (.State.Status != "running" and .State.ExitCode != 0) or .State.Status == "created") | .Name' | xargs -r printf "%s;"; done) else @@ -207,7 +221,7 @@ function selfupdate_doUpgrade() { if [ "${SKIP_APP_UPDATE:-false}" == "true" ]; then exit 0 fi - eval "SKIP_SELF_UPGRADE=1 $ProgName $_INITIAL_CMD_ARGS" + eval "UTIL_UPDATED=1 $ProgName $_INITIAL_CMD_ARGS" exit $? } diff --git a/src/_version_check.sh b/src/_version_check.sh index 35ef436..8497df6 100644 --- a/src/_version_check.sh +++ b/src/_version_check.sh @@ -79,11 +79,12 @@ function version_check() { ## LOGIC: LATEST_STABLE # IF LATEST_STABLE <= 2.0 - if (( $(echo "$latest_ver <= $breaking_ver" | bc -l) )) - then + #if (( $(echo "$latest_ver <= $breaking_ver" | bc -l) )) + if [ $(printf "%03d%03d%03d%03d" $(echo "${latest_ver}" | tr '.' ' ')) -le $(printf "%03d%03d%03d%03d" $(echo "${breaking_ver}" | tr '.' ' ')) ] + then debug "Updating normally to $latest_ver without warning" contiguous_update=false - + # IF LATEST_STABLE > 2.0 else debug "Stable version is greater than $breaking_ver. Running contiguous update" @@ -122,7 +123,8 @@ function version_check() { # Remove the running version from the Upgrade path for i in "${!upstream_tags[@]}" do - if (( $(echo "${upstream_tags[i]} <= $running_ver" | bc -l) )) + #if (( $(echo "${upstream_tags[i]} <= $running_ver" | bc -l) )) + if [ $(printf "%03d%03d%03d%03d" $(echo "${upstream_tags[i]}" | tr '.' ' ')) -le $(printf "%03d%03d%03d%03d" $(echo "${running_ver}" | tr '.' ' ')) ] then debug "correcting upstream_tags to remove running version and versions prior" unset 'upstream_tags[i]' @@ -141,7 +143,9 @@ function version_check() { # This grabs the first element in the version sorted list which should always be the highest version available on DockerHub; this should match stable's version" if [[ -n "${upstream_tags[*]}" ]]; then debug "Setting latest upstream version var to array first index" - latest_ver="${upstream_tags[0]}" + # Sorting the tags to ensure we grab the latest and remove empty objects from the previous unset commands + sorted_upstream_tags=($(sort -V <<<"${upstream_tags[*]}")) + latest_ver="${sorted_upstream_tags[0]}" else debug "Setting latest to running version" latest_ver=$running_ver diff --git a/src/plextrac b/src/plextrac index 35cf5de..7431a29 100755 --- a/src/plextrac +++ b/src/plextrac @@ -1,7 +1,7 @@ #!/bin/bash set -Eeuo pipefail -VERSION=0.6.11 +VERSION=0.7.14 ## Podman Global Declaration Variable declare -A svcValues @@ -126,8 +126,8 @@ function mod_help() { log "migrate ${DIM}migrate current instance from legacy management scripts${RESET}" log "reload-cert ${DIM}reload PlexTrac SSL certificates${RESET}" log "restore ${DIM}restore instance from backups${RESET}" - log "start ${DIM}start a PlexTrac instance${RESET}" - log "stop ${DIM}stop PlexTrac${RESET}" + log "start ${DIM}manually start a PlexTrac instance if normal processes did not succeed${RESET}" + log "stop ${DIM}manually stops the PlexTrac instance. Not a part of normal maintenance${RESET}" log "update ${DIM}updates the management utility & applies any configuration or application updates${RESET}" log "" info "Available flags to modify command behavior:" @@ -135,7 +135,7 @@ function mod_help() { log " -d | --debug ${DIM}enables debug output VERY NOISY${RESET}" log " -v | --verbose ${DIM}enables verbose output, helpful for troubleshooting errors${RESET}" log " -y | --assume-yes ${DIM}assumes yes to all questions in script${RESET}" - log " --uid | --user-id ${DIM}during initialization, assign a specific user ID on 'plextrac' user creation${RESET}" + log " -uid | --user-id ${DIM}during initialization, assign a specific user ID on 'plextrac' user creation${RESET}" log " --install-dir | --plextrac-home ${DIM}path to non-standard install directory. The default is /opt/plextrac${RESET}" log " --install-timeout NUM ${DIM}seconds to wait for install migrations to complete. The default is 600 (10 mins)${RESET}" } @@ -227,6 +227,11 @@ function main() { shift shift ;; + "-uname" | "--user-name") + PLEXTRAC_USER_NAME=${2:-} + shift + shift + ;; "-cke" | "--cke-migration") IGNORE_ETL_STATUS="true" MIGRATE_CKE="true" @@ -371,13 +376,15 @@ function mod_install() { else info "Air-gapped environment detected, skipping Image pull." fi - mod_start "${INSTALL_WAIT_TIMEOUT:-600}" # allow up to 10 or specified minutes for startup on install, due to migrations + mod_start + run_cb_migrations 600 # allow up to 10 or specified minutes for startup on install, due to migrations # Configure the CKEditor RTC service as part of the install, which also requires a recreate of the backend - if [ "${MIGRATE_CKE:-false}" == "true" ]; then + if [ "${CKEDITOR_MIGRATE:-false}" == "true" ]; then ckeditorNginxConf + getCKEditorRTCConfig + compose_client up -d "$coreBackendComposeService" --force-recreate + run_cb_migrations fi - getCKEditorRTCConfig - compose_client up -d "$coreBackendComposeService" --force-recreate mod_info info "Post installation note:" @@ -421,35 +428,40 @@ function mod_start() { title "Starting PlexTrac..." requires_user_plextrac # Enable database migrations on startup - compose_client --profile=database-migrations up -d --remove-orphans + compose_client up -d --remove-orphans + fi +} - waitTimeout=${1:-90} - info "Waiting up to ${waitTimeout}s for application startup" - local progressBar - # todo: extract this to function waitForCondition - # it should take an optional param which is a function - # that should return 0 when ready - ( - while true; do - progressBar=$(printf ".%s" "${progressBar:-}") - msg "\r%b" "${GREEN}[+]${RESET} ${NOCURSOR}${progressBar}" - sleep 2 - done & - progressBarPid=$! - timeout --preserve-status $waitTimeout docker wait \ - "$(compose_client ps couchbase-migrations -q)" >/dev/null \ - || { error "Migrations exceeded timeout"; kill $progressBarPid; exit 1; } & - - timeoutPid=$! - trap "kill $progressBarPid $timeoutPid >/dev/null 2>&1 || true" SIGINT SIGTERM - - wait $timeoutPid - - kill $progressBarPid >/dev/null 2>&1 || true - >&2 echo -n "${RESET}" - - msg " Done" - ) +function run_cb_migrations() { + info "Running Database Migrations" + secs=${1:-300} + endTime=$(( $(date +%s) + secs )) + # Run the cb migration container + if [ "$CONTAINER_RUNTIME" == "podman" ]; then + podman_run_cb_migrations "svcValues" + else + compose_client --profile=database-migrations up -d couchbase-migrations --remove-orphans + fi + # While the duraction of 5 minutes is running, check if the migration container has exited + while [ $(date +%s) -lt $endTime ]; do + local migration_exited=$(container_client inspect --format '{{.State.Status}}' `docker ps -a | grep migrations 2>/dev/null | awk '{print $1}'`) + if [ "$migration_exited" == "exited" ]; then + printf "\r\033[K" + info "Migrations completed" + break + fi + for s in / - \\ \|; do + local log="" + local container="" + container="$(container_client ps -a | grep migrations 2>/dev/null | awk '{print $1}')" + log="$(container_client logs $container 2> /dev/null | tail -n 1 -q || true)" + printf "\r\033[K%s %s -- %s" "$s" "$container" "$log" + sleep .1 + done + sleep 1 + done + if [ $(date +%s) -ge $endTime ]; then + error "Migration container timed out and may still be running. Please check the logs for more information" fi } diff --git a/static/docker-compose.yml b/static/docker-compose.yml index 683d6a7..886e8a5 100644 --- a/static/docker-compose.yml +++ b/static/docker-compose.yml @@ -10,6 +10,8 @@ services: - postgres environment: STARTUP_MODE: API_ONLY + CLOUD_STORAGE_ENDPOINT: ${CLOUD_STORAGE_ENDPOINT:-minio} + CLOUD_STORAGE_SSL: ${CLOUD_STORAGE_SSL:-false} env_file: - .env image: "plextrac/plextracapi:${UPGRADE_STRATEGY:-stable}" @@ -42,6 +44,7 @@ services: command: | sh -c "npm run maintenance:enable && + npm run pg:superuser:bootstrap --if-present && npm run pg:migrate && npm run db:migrate && npm run pg:etl up all && @@ -122,6 +125,10 @@ services: USE_CUSTOM_CERT: "${USE_CUSTOM_CERT-}" CKEDITOR_MIGRATE: "${CKEDITOR_MIGRATE:-}" WAF_ENABLED: "${WAF_ENABLED:-true}" + UPSTREAM_CLOUD_BUCKET: ${UPSTREAM_CLOUD_BUCKET:-cloud} + UPSTREAM_CLOUD_PREFIX: ${UPSTREAM_CLOUD_PREFIX:-uploads} + MINIO_ENABLED : ${MINIO_ENABLED:-true} + UPSTREAM_CLOUD_HOST: ${UPSTREAM_CLOUD_HOST:-minio} ports: - 0.0.0.0:80:80/tcp - 0.0.0.0:443:443/tcp @@ -158,6 +165,9 @@ services: REDIS_CONNECTION_STRING: "${REDIS_CONNECTION_STRING:-redis}" REDIS_PASSWORD: "${REDIS_PASSWORD:?err}" API_INTEGRATION_AUTH_CONFIG_NOTIFICATION_SERVICE: "${API_INTEGRATION_AUTH_CONFIG_NOTIFICATION_SERVICE:?err}" + INTERNAL_API_KEY_SHARED: "${INTERNAL_API_KEY_SHARED:?err}" + CORE_API_BASE_URL: "${CORE_API_BASE_URL:?err}" + CTEM_API_BASE_URL: "${CTEM_API_BASE_URL:?err}" healthcheck: test: - "CMD" @@ -196,6 +206,9 @@ services: REDIS_PASSWORD: "${REDIS_PASSWORD:?err}" serviceConfig: ${serviceConfig:-} API_INTEGRATION_AUTH_CONFIG_NOTIFICATION_SERVICE: "${API_INTEGRATION_AUTH_CONFIG_NOTIFICATION_SERVICE:?err}" + INTERNAL_API_KEY_SHARED: "${INTERNAL_API_KEY_SHARED:?err}" + CORE_API_BASE_URL: "${CORE_API_BASE_URL:?err}" + CTEM_API_BASE_URL: "${CTEM_API_BASE_URL:?err}" healthcheck: test: - "CMD" @@ -263,7 +276,7 @@ services: timeout: 30s postgres: - image: postgres:14-alpine + image: plextrac/plextracpostgres:stable environment: PGDATA: /var/lib/postgresql/data/pgdata PG_CORE_ADMIN_PASSWORD: ${PG_CORE_ADMIN_PASSWORD:?err} @@ -334,12 +347,48 @@ services: - "--no-update-notifier" entrypoint: npm run command: "start:contextual-scoring-service" + + minio: + ports: + - 127.0.0.1:9000:9000 + - 127.0.0.1:9001:9001 + image: chainguard/minio@sha256:92b5ea1641d52262d6f65c95cffff4668663e00d6b2033875774ba1c2212cfa7 + restart: always + volumes: + - minio-data:/data + entrypoint: minio + command: server /data --console-address ':9001' --address '0.0.0.0:9000' + environment: + MINIO_ROOT_USER: ${MINIO_ROOT_USER:-admin} + MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:?err} + MINIO_LOCAL_USER: ${MINIO_LOCAL_USER:-localadmin} + MINIO_LOCAL_PASSWORD: ${MINIO_LOCAL_PASSWORD:?err} + CLOUD_STORAGE_ENDPOINT: ${CLOUD_STORAGE_ENDPOINT:-127.0.0.1} + CLOUD_STORAGE_PORT: ${CLOUD_STORAGE_PORT:-9000} + CLOUD_STORAGE_SSL: ${CLOUD_STORAGE_SSL:-false} + CLOUD_STORAGE_ACCESS_KEY: ${CLOUD_STORAGE_ACCESS_KEY:?err} + CLOUD_STORAGE_SECRET_KEY: ${CLOUD_STORAGE_SECRET_KEY:?err} + minio-bootstrap: + image: plextrac/plextrac-minio-bootstrap:stable + depends_on: + - minio + environment: + MINIO_ROOT_USER: ${MINIO_ROOT_USER:-admin} + MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:?err} + MINIO_LOCAL_USER: ${MINIO_LOCAL_USER:-localadmin} + MINIO_LOCAL_PASSWORD: ${MINIO_LOCAL_PASSWORD:?err} + CLOUD_STORAGE_ACCESS_KEY: ${CLOUD_STORAGE_ACCESS_KEY:?err} + CLOUD_STORAGE_SECRET_KEY: ${CLOUD_STORAGE_SECRET_KEY:?err} + MINIO_ENABLED : ${MINIO_ENABLED:-true} + UPSTREAM_CLOUD_BUCKET: ${UPSTREAM_CLOUD_BUCKET:-cloud} + volumes: dbdata: {} uploads: {} letsencrypt: {} localesOverride: {} + minio-data: {} postgres-data: {} postgres-initdb: driver: local