chessh/buildscripts/build/build.sh

181 lines
4.4 KiB
Bash
Raw Normal View History

2023-01-31 17:59:33 -05:00
#!/usr/bin/bash
frontend_port=3000
server_port=8080
ssh_port=34355
frontend_node_ids=(2)
server_node_ids=(4 5 6)
2023-01-31 19:02:32 -05:00
build_dir="${HOME}/src/chessh/buildscripts/build"
2023-01-31 17:59:33 -05:00
server_name="chessh.linux.usu.edu"
2023-01-31 21:05:01 -05:00
erlang_hosts_file="${build_dir}/.hosts.erlang"
2023-01-31 17:59:33 -05:00
load_balancer_nginx_site_file="/etc/nginx/sites-enabled/${server_name}.conf"
2023-01-31 21:05:01 -05:00
ha_proxy_cfg_file="/etc/haproxy/haproxy.cfg"
2023-01-31 17:59:33 -05:00
ssl_cert_path="/etc/letsencrypt/live/${server_name}"
certbot_webroot_path="/var/www/html/${server_name}"
load_balancer_nginx_site="
upstream frontend {
$(printf "server 192.168.100.%s:${frontend_port};\n" ${frontend_node_ids[@]})
}
upstream api {
$(printf "server 192.168.100.%s:${server_port};\n" ${server_node_ids[@]})
}
server {
default_type application/octet-stream;
server_name ${server_name};
listen 443 ssl;
ssl_certificate ${ssl_cert_path}/fullchain.pem;
ssl_certificate_key ${ssl_cert_path}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location ~ /.well-known {
allow all;
default_type "text/plain";
alias ${certbot_webroot_path};
}
location /api/ {
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_pass http://api/;
}
location / {
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_pass http://frontend/;
}
}
server {
if (\$host = ${server_name}) {
return 301 https://\$host\$request_uri;
}
server_name ${server_name};
listen 80;
return 404;
}
"
2023-01-31 21:05:01 -05:00
2023-01-31 17:59:33 -05:00
ha_proxy_cfg="
2023-01-31 21:05:01 -05:00
global
log /dev/log local0
log /dev/log local1 notice
maxconn 2500
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
timeout connect 10s
timeout client 36h
timeout server 36h
option dontlognull
listen ssh
bind 0.0.0.0:${ssh_port}
balance leastconn
mode tcp
2023-01-31 21:17:08 -05:00
$(echo "${server_node_ids[@]}" | python3 -c "print(\"\\n\".join([f\"\\tserver pi{i} 192.168.100.{i}:${ssh_port} check inter 30s fall 5 rise 1 \" for i in input().split()]))")
2023-01-31 17:59:33 -05:00
"
ssh_opts="-oStrictHostKeyChecking=no"
function make_pi_node_conn_str() {
echo "pi$(printf "%04d" $1)@192.168.100.${1}"
}
function copy_ssh_keys() {
if [ ! -d "${build_dir}/keys" ]
then
mkdir "${build_dir}/keys"
chmod 700 "${build_dir}/keys"
cd "${build_dir}/keys"
ssh-keygen -N "" -b 256 -t ecdsa -f ssh_host_ecdsa_key
ssh-keygen -N "" -b 1024 -t dsa -f ssh_host_dsa_key
ssh-keygen -N "" -b 2048 -t rsa -f ssh_host_rsa_key
fi
for node_id in "${server_node_ids[@]}"
do
node_conn=$(make_pi_node_conn_str $node_id)
scp -r $ssh_opts "${build_dir}/keys" $node_conn:~
done
}
2023-01-31 21:05:01 -05:00
function reload_loadbalancer_conf() {
dead_files=("/etc/nginx/sites-enabled/default" "/etc/nginx/nginx.conf" "$load_balancer_nginx_site_file" "$ha_proxy_cfg_file")
2023-01-31 17:59:33 -05:00
for file in "${dead_files[@]}"
do
[ -e $file ] && sudo rm $file
done
sudo cp "${build_dir}/nginx.conf" /etc/nginx/nginx.conf
echo $load_balancer_nginx_site | sudo tee $load_balancer_nginx_site_file
sudo systemctl restart nginx
2023-01-31 21:05:01 -05:00
2023-01-31 21:17:08 -05:00
printf "$ha_proxy_cfg" | sudo tee $ha_proxy_cfg_file
2023-01-31 21:05:01 -05:00
sudo systemctl restart haproxy
2023-01-31 17:59:33 -05:00
}
function build_frontend() {
node_id=$1
node_conn=$(make_pi_node_conn_str $node_id)
scp $ssh_opts "${build_dir}/.env" $node_conn:~
scp $ssh_opts "${build_dir}/build_front.sh" $node_conn:~/
ssh $ssh_opts $node_conn "~/build_front.sh"
}
function build_frontend_nodes() {
for node_id in "${frontend_node_ids[@]}"
do
build_frontend $node_id
done
}
function build_server() {
node_id=$1
2023-01-31 21:17:08 -05:00
node_conn=$(make_pi_node_conn_str $node_id)
2023-01-31 17:59:33 -05:00
temp_file=$(mktemp)
cp "${build_dir}/.env" $temp_file
2023-01-31 21:29:36 -05:00
printf "\nNODE_ID=$node_conn\nRELEASE_NODE=chessh@192.168.100.${node_id}\nRELEASE_DISTRIBUTION=name\n" >> $temp_file
2023-01-31 17:59:33 -05:00
scp $ssh_opts $temp_file $node_conn:~/.env
cp "${build_dir}/chessh.service" $temp_file
sed -i "s/\$BUILD_ENV/\/home\/pi$(printf "%04d" $1)\/.env/" $temp_file
scp -r $ssh_opts $temp_file $node_conn:~/chessh.service
scp $ssh_opts "${build_dir}/build_server.sh" $node_conn:~/
2023-01-31 21:05:01 -05:00
scp $ssh_opts $erlang_hosts_file $node_conn:~/
2023-01-31 17:59:33 -05:00
ssh $ssh_opts $node_conn "~/build_server.sh"
}
function build_server_nodes() {
copy_ssh_keys
2023-01-31 21:17:08 -05:00
printf "'192.168.100.%s'\n" ${server_node_ids[@]} > $erlang_hosts_file
2023-01-31 17:59:33 -05:00
for node_id in "${server_node_ids[@]}"
do
build_server $node_id
done
}
2023-01-31 21:05:01 -05:00
reload_loadbalancer_conf
2023-01-31 17:59:33 -05:00
build_server_nodes
2023-01-31 21:29:36 -05:00
build_frontend_nodes