Newer
Older
function create_bucket() {
export AWS_SECRET_ACCESS_KEY=`openssl rand -base64 32`
mc admin user add ${STORAGE_CLASS} ${AWS_ACCESS_KEY_ID} ${AWS_SECRET_ACCESS_KEY}
kubectl -n ${NS} create secret generic ${SECRET_NAME} --from-literal=AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} --from-literal=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
mc mb ${STORAGE_CLASS}/${AWS_ACCESS_KEY_ID}
mc admin policy set ${STORAGE_CLASS} username-rw user=${AWS_ACCESS_KEY_ID}
}
function create_bucket_for_live() {
export AWS_SECRET_ACCESS_KEY=`openssl rand -base64 32`
mc admin user add ${STORAGE_CLASS} ${AWS_ACCESS_KEY_ID} ${AWS_SECRET_ACCESS_KEY}
kubectl -n ${NS} create secret generic ${SECRET_NAME} --from-literal=AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} --from-literal=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
mc mb ${STORAGE_CLASS}/${AWS_ACCESS_KEY_ID}
mc admin policy set ${STORAGE_CLASS} username-rw user=${AWS_ACCESS_KEY_ID}
mc policy set download ${STORAGE_CLASS}/${AWS_ACCESS_KEY_ID}
}
function create_bucket_for_forum() {
create_bucket
mc policy set download ${STORAGE_CLASS}/${AWS_ACCESS_KEY_ID}
}
function create_buckets_for_gitlab() {
export AWS_SECRET_ACCESS_KEY=`openssl rand -base64 32`
mc admin user add ${STORAGE_CLASS} ${FQDN} ${AWS_SECRET_ACCESS_KEY}
mc admin policy set ${STORAGE_CLASS} username-rw-gitlab user=${FQDN}
mc mb ${STORAGE_CLASS}/${FQDN}-artifacts
mc mb ${STORAGE_CLASS}/${FQDN}-lfs
mc mb ${STORAGE_CLASS}/${FQDN}-packages
mc mb ${STORAGE_CLASS}/${FQDN}-uploads
}
function create_ns() {
mkdir -p /root/domains/${NS}
kubectl create ns ${NS} || true
kubectl label ns $NS libre.sh/scope=user
kubectl label ns/$NS name=$NS
cat "/root/domains/common/networkpolicies.yml" | envsubst '$NS' | kubectl -n ${NS} apply -f -
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
function pg_zero_lag() {
cat /tmp/patronictl_list |tail -n2| cut -d$'\t' -f 7 | grep -q 0
}
function pg_two_running() {
cat /tmp/patronictl_list |tail -n2| cut -d$'\t' -f 5 | grep running | wc -l | grep -q 2
}
function pg_consistent_tl() {
TL_ONE=`cat /tmp/patronictl_list |tail -n2 | head -n1 | cut -d$'\t' -f 6`
TL_TWO=`cat /tmp/patronictl_list |tail -n1 | cut -d$'\t' -f 6`
test "$TL_ONE" = "$TL_TWO"
}
function pg_current_tl() {
if pg_consistent_tl; then
export PG_CURRENT_TL=`cat /tmp/patronictl_list |tail -n1 | cut -d$'\t' -f 6`
fi
}
function pg_different_tl() {
if pg_consistent_tl; then
pg_current_tl
test "$PG_CURRENT_TL" != "$PG_PREVIOUS_TL"
fi
}
function pg_one_leader() {
cat /tmp/patronictl_list |tail -n2| cut -d$'\t' -f 4 | grep -q Leader
}
function pg_save_patronictl_list_to_temp_file() {
set -o pipefail
until kubectl -n ${NS} exec -it ${PG_CLUSTER}-0 -- patronictl list -f tsv 1> /tmp/patronictl_list 2> /dev/null
do
echo -n "."
sleep 2
done
}
function pg_healthy() {
test pg_zero_lag && pg_two_running && pg_consistent_tl && pg_one_leader
}
function pg_ensure_rolling_update_is_done() {
echo -n "Waiting pg to roll"
pg_save_patronictl_list_to_temp_file
pg_current_tl
export PG_PREVIOUS_TL=$PG_CURRENT_TL
until pg_healthy && pg_different_tl
do
pg_save_patronictl_list_to_temp_file
echo -n "."
sleep 2
done
echo "Rolling is done and successful!"
kubectl -n ${NS} exec -it ${PG_CLUSTER}-0 -- patronictl list
kubectl -n ${NS} logs ${PG_CLUSTER}-0 --tail=2
kubectl -n ${NS} logs ${PG_CLUSTER}-1 --tail=2
}
function pg_set_archive_mode_and_wait() {
pg_save_patronictl_list_to_temp_file
until pg_healthy
do
echo -n "Waiting PG to be healthy"
pg_save_patronictl_list_to_temp_file
echo -n "."
sleep 2
done
if kubectl -n ${NS} patch --type merge pg ${PG_CLUSTER} --patch '{"spec":{"postgresql":{"parameters":{"archive_mode":"'${ARCHIVE_MODE}'"}}}}' | grep -q "no change"
then
echo "PG not patched, going to next step."
else
pg_ensure_rolling_update_is_done
fi
}
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
function create_emails() {
noreply_email_password=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 18 | head -n 1)
noreply_email="${NS}@liiib.re"
forum_email_password=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 18 | head -n 1)
forum_email="forum-${NS}@liiib.re"
chat_email_password=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 18 | head -n 1)
chat_email="${CHAT_SUBDOMAIN}-${NS}@liiib.re"
source /etc/env
mail_username=contact@indie.host
mail_hostname=mail.indie.host
noreply_local_part=`echo $noreply_email | cut -d@ -f1`
forum_local_part=`echo $forum_email | cut -d@ -f1`
chat_local_part=`echo $chat_email | cut -d@ -f1`
email_domain=`echo $noreply_email | cut -d@ -f2`
curl --data "username=${mail_username}&password=${mail_password}&login=Log+In&rememberme=0" -c /tmp/cookie.txt https://${mail_hostname}/auth/login
domain_id=`curl -b /tmp/cookie.txt https://${mail_hostname}/domain | grep $email_domain | grep purge-domain | grep -o 'purge-domain-[0-9]*' | grep -o '[0-9]*'`
curl --data "local_part=${noreply_local_part}&domain=${domain_id}&password=${noreply_email_password}" -b /tmp/cookie.txt https://${mail_hostname}/mailbox/add
curl --data "local_part=${forum_local_part}&domain=${domain_id}&password=${forum_email_password}" -b /tmp/cookie.txt https://${mail_hostname}/mailbox/add
curl --data "local_part=${chat_local_part}&domain=${domain_id}&password=${chat_email_password}" -b /tmp/cookie.txt https://${mail_hostname}/mailbox/add
rm /tmp/cookie.txt
kubectl -n ${NS} create secret generic ${NS}-smtp --from-literal=host=mail.indie.host --from-literal=port=587 --from-literal=from_email=${noreply_email} --from-literal=username=${noreply_email} --from-literal=password=${noreply_email_password} --from-literal=mail_from_address=${noreply_local_part}
kubectl -n ${NS} create secret generic forum-${NS}-smtp --from-literal=host=mail.indie.host --from-literal=port=587 --from-literal=from_email=${forum_email} --from-literal=username=${forum_email} --from-literal=password=${forum_email_password} --from-literal=mail_from_address=${forum_local_part}
kubectl -n ${NS} create secret generic ${CHAT_SUBDOMAIN}-${NS}-smtp --from-literal=host=mail.indie.host --from-literal=port=587 --from-literal=from_email=${chat_email} --from-literal=username=${chat_email} --from-literal=password=${chat_email_password} --from-literal=mail_from_address=${chat_local_part}
}