forked from 0chain/zcnwebappscripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathblimp.sh
255 lines (218 loc) · 6.58 KB
/
blimp.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
#!/bin/bash
if [ "$(id -u)" -ne 0 ]; then
echo "This script requires sudo privileges. Please enter your password:"
exec sudo "$0" "$@" # This re-executes the script with sudo
fi
CONFIG_DIR=$HOME/.zcn
CONFIG_DIR_BLIMP=${CONFIG_DIR}/blimp # to store wallet.json, config.json, allocation.json
MIGRATION_ROOT=$HOME/.s3migration
MINIO_USERNAME=0chainminiousername
MINIO_PASSWORD=0chainminiopassword
ALLOCATION=0chainallocationid
BLOCK_WORKER_URL=0chainblockworker
MINIO_TOKEN=0chainminiotoken
BLIMP_DOMAIN=blimpdomain
WALLET_ID=0chainwalletid
WALLET_PUBLIC_KEY=0chainwalletpublickey
WALLET_PRIVATE_KEY=0chainwalletprivatekey
WALLET_MNEMONICS=0chainmnemonics
DOCKER_IMAGE=v1.17.1
IS_ENTERPRISE=isenterprise
EDOCKER_IMAGE=v1.17.1
sudo apt update
sudo apt install -y unzip curl containerd docker.io jq net-tools
check_port_443() {
PORT=443
command -v netstat >/dev/null 2>&1 || {
echo >&2 "netstat command not found. Exiting."
exit 1
}
if netstat -tulpn | grep ":$PORT" >/dev/null; then
echo "Port $PORT is in use."
echo "Please stop the process running on port $PORT and run the script again"
exit 1
else
echo "Port $PORT is not in use."
fi
}
echo "download docker-compose"
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
curl -L https://github.com/0chain/zboxcli/releases/download/v1.4.4/zbox-linux.tar.gz -o /tmp/zbox-linux.tar.gz
sudo tar -xvf /tmp/zbox-linux.tar.gz -C /usr/local/bin
# create config dir
mkdir -p ${CONFIG_DIR}
mkdir -p ${CONFIG_DIR_BLIMP}
cat <<EOF >${CONFIG_DIR_BLIMP}/wallet.json
{
"client_id": "${WALLET_ID}",
"client_key": "${WALLET_PUBLIC_KEY}",
"keys": [
{
"public_key": "${WALLET_PUBLIC_KEY}",
"private_key": "${WALLET_PRIVATE_KEY}"
}
],
"mnemonics": "${WALLET_MNEMONICS}",
"version": "1.0"
}
EOF
# create config.yaml
cat <<EOF >${CONFIG_DIR_BLIMP}/config.yaml
block_worker: ${BLOCK_WORKER_URL}
signature_scheme: bls0chain
min_submit: 50
min_confirmation: 50
confirmation_chain_length: 3
max_txn_query: 5
query_sleep_time: 5
EOF
# conform if the wallet belongs to an allocationID
curl -L https://github.com/0chain/zboxcli/releases/download/v1.4.4/zbox-linux.tar.gz -o /tmp/zbox-linux.tar.gz
sudo tar -xvf /tmp/zbox-linux.tar.gz -C /usr/local/bin
_contains() { # Check if space-separated list $1 contains line $2
echo "$1" | tr ' ' '\n' | grep -F -x -q "$2"
}
allocations=$(/usr/local/bin/zbox listallocations --configDir ${CONFIG_DIR_BLIMP} --silent --json | jq -r ' .[] | .id')
if ! _contains "${allocations}" "${ALLOCATION}"; then
echo "given allocation does not belong to the wallet"
exit 1
fi
# todo: verify if updating the allocation ID causes issues to the existing deployment
cat <<EOF >${CONFIG_DIR_BLIMP}/allocation.txt
$ALLOCATION
EOF
# adding zs3server.json
cat <<EOF >${CONFIG_DIR_BLIMP}/zs3server.json
{
"encrypt": false,
"compress": false,
"max_batch_size": 100,
"batch_wait_time": 500,
"batch_workers": 5
}
EOF
# create a seperate folder to store caddy files
mkdir -p ${CONFIG_DIR}/caddyfiles
cat <<EOF >${CONFIG_DIR}/caddyfiles/Caddyfile
{
acme_ca https://acme.ssl.com/sslcom-dv-ecc
acme_eab {
key_id 7262ffd58bd9
mac_key LTjZs0DOMkspvR7Tsp8ke5ns5yNo9fgiLNWKA65sHPQ
}
email [email protected]
}
import /etc/caddy/*.caddy
EOF
cat <<EOF >${CONFIG_DIR}/caddyfiles/blimp.caddy
${BLIMP_DOMAIN} {
log {
output file /var/log/access.log {
roll_size 1gb
roll_keep 5
roll_keep_for 720h
}
}
route /minioclient/* {
uri strip_prefix /minioclient
reverse_proxy minioclient:3001
}
route /logsearch/* {
uri strip_prefix /logsearch
reverse_proxy api:8080
}
route {
reverse_proxy minioserver:9000
}
}
EOF
if [[ -f ${CONFIG_DIR}/docker-compose.yml ]]; then
sudo docker-compose -f ${CONFIG_DIR}/docker-compose.yml down
fi
echo "checking if ports are available..."
check_port_443
# create docker-compose
cat <<EOF >${CONFIG_DIR}/docker-compose.yml
version: '3.8'
services:
caddy:
image: caddy:2.6.4
ports:
- 80:80
- 443:443
volumes:
- ${CONFIG_DIR}/caddyfiles:/etc/caddy
- ${CONFIG_DIR}/caddy/site:/srv
- ${CONFIG_DIR}/caddy/caddy_data:/data
- ${CONFIG_DIR}/caddy/caddy_config:/config
- ${CONFIG_DIR}/caddy/caddy_logs:/var/log/
restart: "always"
db:
image: postgres:13-alpine
container_name: postgres-db
restart: always
command: -c "log_statement=all"
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
volumes:
- db:/var/lib/postgresql/data
api:
image: 0chaindev/blimp-logsearchapi:${DOCKER_IMAGE}
depends_on:
- db
environment:
LOGSEARCH_PG_CONN_STR: "postgres://postgres:postgres@postgres-db/postgres?sslmode=disable"
LOGSEARCH_AUDIT_AUTH_TOKEN: 12345
MINIO_LOG_QUERY_AUTH_TOKEN: 12345
LOGSEARCH_DISK_CAPACITY_GB: 5
links:
- db
minioserver:
image: 0chaindev/blimp-minioserver:${DOCKER_IMAGE}
container_name: minioserver
command: ["minio", "gateway", "zcn"]
environment:
MINIO_AUDIT_WEBHOOK_ENDPOINT: http://api:8080/api/ingest?token=${MINIO_TOKEN}
MINIO_AUDIT_WEBHOOK_AUTH_TOKEN: 12345
MINIO_AUDIT_WEBHOOK_ENABLE: "on"
MINIO_ROOT_USER: ${MINIO_USERNAME}
MINIO_ROOT_PASSWORD: ${MINIO_PASSWORD}
MINIO_BROWSER: "OFF"
links:
- api:api
volumes:
- ${CONFIG_DIR_BLIMP}:/root/.zcn
expose:
- "9000"
minioclient:
image: 0chaindev/blimp-clientapi:${DOCKER_IMAGE}
container_name: minioclient
depends_on:
- minioserver
environment:
MINIO_SERVER: "minioserver:9000"
s3mgrt:
image: 0chaindev/s3mgrt:staging
restart: always
volumes:
- ${MIGRATION_ROOT}:/migrate
volumes:
db:
driver: local
EOF
if [ "$IS_ENTERPRISE" = true ]; then
sed -i "s/blimp-logsearchapi:${DOCKER_IMAGE}/blimp-logsearchapi:${EDOCKER_IMAGE}/g" ${CONFIG_DIR}/docker-compose.yml
sed -i "s/blimp-minioserver:${DOCKER_IMAGE}/blimp-minioserver:${EDOCKER_IMAGE}/g" ${CONFIG_DIR}/docker-compose.yml
sed -i "s/blimp-clientapi:${DOCKER_IMAGE}/blimp-clientapi:${EDOCKER_IMAGE}/g" ${CONFIG_DIR}/docker-compose.yml
fi
sudo docker-compose -f ${CONFIG_DIR}/docker-compose.yml pull
sudo docker-compose -f ${CONFIG_DIR}/docker-compose.yml up -d
CERTIFICATES_DIR=caddy/caddy_data/caddy/certificates/acme.ssl.com-sslcom-dv-ecc
while [ ! -d ${CONFIG_DIR}/${CERTIFICATES_DIR}/${BLIMP_DOMAIN} ]; do
echo "waiting for certificates to be provisioned"
sleep 2
done
echo "S3 Server deployment completed."