From 69a751f405db3b5c768c84dddb20d25c1e4afc84 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 16 Dec 2023 12:01:08 +0100 Subject: [PATCH 001/176] v1.6 --- basis/src/app/app.j2.yaml | 77 +++++++++++++++++++ basis/src/app/app.yaml | 45 ----------- option/oke/oke_deploy.sh | 7 +- .../java_helidon/{app.yaml => app.yaml.orig} | 0 .../java_helidon4/{app.yaml => app.yaml.orig} | 0 option/src/app/java_micronaut/app.yaml.orig | 54 +++++++++++++ .../{app.yaml => app.yaml.orig} | 0 option/src/app/java_tomcat/app.yaml | 45 ----------- .../app.yaml => java_tomcat/app.yaml.orig} | 0 option/terraform/oke.tf | 25 +++++- py_oci_starter.py | 17 ++-- 11 files changed, 169 insertions(+), 101 deletions(-) create mode 100644 basis/src/app/app.j2.yaml delete mode 100644 basis/src/app/app.yaml rename option/src/app/java_helidon/{app.yaml => app.yaml.orig} (100%) rename option/src/app/java_helidon4/{app.yaml => app.yaml.orig} (100%) create mode 100644 option/src/app/java_micronaut/app.yaml.orig rename option/src/app/java_springboot/{app.yaml => app.yaml.orig} (100%) delete mode 100644 option/src/app/java_tomcat/app.yaml rename option/src/app/{java_micronaut/app.yaml => java_tomcat/app.yaml.orig} (100%) diff --git a/basis/src/app/app.j2.yaml b/basis/src/app/app.j2.yaml new file mode 100644 index 00000000..6b60cb03 --- /dev/null +++ b/basis/src/app/app.j2.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ##PREFIX##-dep + labels: + app: ##PREFIX##-app +spec: + replicas: 1 + selector: + matchLabels: + app: ##PREFIX##-app + template: + metadata: + labels: + app: ##PREFIX##-app + spec: + containers: + - name: app + image: ##DOCKER_PREFIX##/##PREFIX##-app + ports: + - containerPort: 8080 + name: app-port + env: +{%- if language == "java" %} +{%- if java_framework == "helidon" or java_framework == "helidon4" %} + - name: JAVAX_SQL_DATASOURCE_DS1_DATASOURCE_URL + valueFrom: + secretKeyRef: + name: ##PREFIX##-db-secret + key: jdbc_url +{%- else %} +{%- if java_framework == "springboot" %} + - name: SPRING_APPLICATION_JSON + valueFrom: + secretKeyRef: + name: ##PREFIX##-db-secret + key: spring_application_json +{%- endif %} + - name: JDBC_URL + valueFrom: + secretKeyRef: + name: ##PREFIX##-db-secret + key: jdbc_url +{%- endif %} +{%- else %} + - name: DB_URL + valueFrom: + secretKeyRef: + name: ##PREFIX##-db-secret + key: db_url +{%- endif %} + - name: DB_USER + valueFrom: + secretKeyRef: + name: ##PREFIX##-db-secret + key: db_user + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: ##PREFIX##-db-secret + key: db_password + imagePullSecrets: + - name: ocirsecret +--- +apiVersion: v1 +kind: Service +metadata: + name: ##PREFIX##-app-service +spec: + selector: + app: ##PREFIX##-app + ports: + - name: http-service-port + protocol: TCP + port: 80 + targetPort: app-port +--- \ No newline at end of file diff --git a/basis/src/app/app.yaml b/basis/src/app/app.yaml deleted file mode 100644 index bb91c36c..00000000 --- a/basis/src/app/app.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: ##PREFIX##-app - labels: - app: ##PREFIX##-app -spec: - containers: - - name: app - image: ##DOCKER_PREFIX##/##PREFIX##-app - ports: - - containerPort: 8080 - name: app-port - env: - - name: DB_URL - valueFrom: - secretKeyRef: - name: ##PREFIX##-db-secret - key: db_url - - name: DB_USER - valueFrom: - secretKeyRef: - name: ##PREFIX##-db-secret - key: db_user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: ##PREFIX##-db-secret - key: db_password - imagePullSecrets: - - name: ocirsecret ---- -apiVersion: v1 -kind: Service -metadata: - name: ##PREFIX##-app-service -spec: - selector: - app: ##PREFIX##-app - ports: - - name: http-service-port - protocol: TCP - port: 80 - targetPort: app-port ---- \ No newline at end of file diff --git a/option/oke/oke_deploy.sh b/option/oke/oke_deploy.sh index f3cfff38..a488e64c 100755 --- a/option/oke/oke_deploy.sh +++ b/option/oke/oke_deploy.sh @@ -48,9 +48,10 @@ sed -i "s&##ORDS_HOST##&$ORDS_HOST&" $TARGET_DIR/app.yaml sed "s&##ORDS_HOST##&$ORDS_HOST&" src/oke/ingress-app.yaml > $TARGET_DIR/ingress-app.yaml # delete the old pod, just to be sure a new image is pulled -kubectl delete pod ${TF_VAR_prefix}-app ${TF_VAR_prefix}-ui -# Wait to be sure that the pod is deleted before to recreate -kubectl wait --for=delete pod/${TF_VAR_prefix}-app --timeout=30s +kubectl delete pod ${TF_VAR_prefix}-ui +kubectl delete deployment ${TF_VAR_prefix}-dep +# Wait to be sure that the deployment is deleted before to recreate +kubectl wait --for=delete deployment/${TF_VAR_prefix}-dep --timeout=30s # Create objects in Kubernetes kubectl apply -f $TARGET_DIR/app.yaml diff --git a/option/src/app/java_helidon/app.yaml b/option/src/app/java_helidon/app.yaml.orig similarity index 100% rename from option/src/app/java_helidon/app.yaml rename to option/src/app/java_helidon/app.yaml.orig diff --git a/option/src/app/java_helidon4/app.yaml b/option/src/app/java_helidon4/app.yaml.orig similarity index 100% rename from option/src/app/java_helidon4/app.yaml rename to option/src/app/java_helidon4/app.yaml.orig diff --git a/option/src/app/java_micronaut/app.yaml.orig b/option/src/app/java_micronaut/app.yaml.orig new file mode 100644 index 00000000..7dc925e2 --- /dev/null +++ b/option/src/app/java_micronaut/app.yaml.orig @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ##PREFIX##-dep + labels: + app: ##PREFIX##-app +spec: + replicas: 2 + selector: + matchLabels: + app: ##PREFIX##-app + template: + metadata: + labels: + app: ##PREFIX##-app + spec: + containers: + - name: ##PREFIX##-app + image: ##DOCKER_PREFIX##/##PREFIX##-app + ports: + - containerPort: 8080 + name: app-port + env: + - name: JDBC_URL + valueFrom: + secretKeyRef: + name: ##PREFIX##-db-secret + key: jdbc_url + - name: DB_USER + valueFrom: + secretKeyRef: + name: ##PREFIX##-db-secret + key: db_user + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: ##PREFIX##-db-secret + key: db_password + imagePullSecrets: + - name: ocirsecret +--- +apiVersion: v1 +kind: Service +metadata: + name: ##PREFIX##-app-service +spec: + selector: + app: ##PREFIX##-app + ports: + - name: http-service-port + protocol: TCP + port: 80 + targetPort: app-port +--- \ No newline at end of file diff --git a/option/src/app/java_springboot/app.yaml b/option/src/app/java_springboot/app.yaml.orig similarity index 100% rename from option/src/app/java_springboot/app.yaml rename to option/src/app/java_springboot/app.yaml.orig diff --git a/option/src/app/java_tomcat/app.yaml b/option/src/app/java_tomcat/app.yaml deleted file mode 100644 index 2350d3c3..00000000 --- a/option/src/app/java_tomcat/app.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: ##PREFIX##-app - labels: - app: ##PREFIX##-app -spec: - containers: - - name: ##PREFIX##-app - image: ##DOCKER_PREFIX##/##PREFIX##-app - ports: - - containerPort: 8080 - name: app-port - env: - - name: JDBC_URL - valueFrom: - secretKeyRef: - name: ##PREFIX##-db-secret - key: jdbc_url - - name: DB_USER - valueFrom: - secretKeyRef: - name: ##PREFIX##-db-secret - key: db_user - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: ##PREFIX##-db-secret - key: db_password - imagePullSecrets: - - name: ocirsecret ---- -apiVersion: v1 -kind: Service -metadata: - name: ##PREFIX##-app-service -spec: - selector: - app: ##PREFIX##-app - ports: - - name: http-service-port - protocol: TCP - port: 80 - targetPort: app-port ---- \ No newline at end of file diff --git a/option/src/app/java_micronaut/app.yaml b/option/src/app/java_tomcat/app.yaml.orig similarity index 100% rename from option/src/app/java_micronaut/app.yaml rename to option/src/app/java_tomcat/app.yaml.orig diff --git a/option/terraform/oke.tf b/option/terraform/oke.tf index 8b55d83b..6656415b 100644 --- a/option/terraform/oke.tf +++ b/option/terraform/oke.tf @@ -314,6 +314,21 @@ resource "oci_core_subnet" "starter_api_subnet" { freeform_tags = local.freeform_tags } +resource "oci_core_subnet" "starter_pod_subnet" { + #Required + cidr_block = "10.0.40.0/24" + compartment_id = local.lz_network_cmp_ocid + vcn_id = oci_core_vcn.starter_vcn.id + + # Provider code tries to maintain compatibility with old versions. + security_list_ids = [oci_core_vcn.starter_vcn.default_security_list_id, oci_core_security_list.starter_security_list.id] + display_name = "${var.prefix}-oke-pod-subnet" + route_table_id = oci_core_vcn.starter_vcn.default_route_table_id + freeform_tags = local.freeform_tags +} + + + #---------------------------------------------------------------------------- resource "oci_containerengine_cluster" "starter_oke" { @@ -332,7 +347,6 @@ resource "oci_containerengine_cluster" "starter_oke" { options { service_lb_subnet_ids = [oci_core_subnet.starter_lb_subnet.id] - #Optional add_ons { #Optional @@ -350,6 +364,10 @@ resource "oci_containerengine_cluster" "starter_oke" { pods_cidr = "10.1.0.0/16" services_cidr = "10.2.0.0/16" } + + # cluster_pod_network_options { + # cni_type = "OCI_VCN_IP_NATIVE" + # } } freeform_tags = local.freeform_tags @@ -379,6 +397,11 @@ resource "oci_containerengine_node_pool" "starter_node_pool" { fault_domains = ["FAULT-DOMAIN-1", "FAULT-DOMAIN-3"] } size = var.node_pool_node_config_details_size + + # node_pool_pod_network_option_details { + # cni_type = "OCI_VCN_IP_NATIVE" + # pod_subnet_ids = [ oci_core_subnet.starter_nodepool_subnet.id ] + # } } ssh_public_key = var.ssh_public_key diff --git a/py_oci_starter.py b/py_oci_starter.py index 6186dfe6..bef2b928 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -1021,14 +1021,17 @@ def jinja2_replace_template(): for subdir, dirs, files in os.walk(output_dir): for filename in files: if filename.find('.j2.')>0 or filename.endswith('.j2'): - environment = Environment(loader=FileSystemLoader(subdir)) - template = environment.get_template(filename) - db_param = jinja2_db_params.get( params.get('db_family') ) - content = template.render( template_param ) output_file_path = os.path.join(subdir, filename.replace(".j2", "")) - with open(output_file_path, mode="w", encoding="utf-8") as output_file: - output_file.write(content) - print(f"Wrote {output_file}") + if os.path.isfile(output_file_path): + print(f"J2 - Skipping - destination file already exists: {output_file_path}") + else: + environment = Environment(loader=FileSystemLoader(subdir)) + template = environment.get_template(filename) + db_param = jinja2_db_params.get( params.get('db_family') ) + content = template.render( template_param ) + with open(output_file_path, mode="w", encoding="utf-8") as output_file: + output_file.write(content) + print(f"J2 - Wrote {output_file}") os.remove(os.path.join(subdir, filename)) if filename.endswith('_refresh.sh'): os.remove(os.path.join(subdir, filename)) From 2607b780f04deb850a7856c099ddc10f1dacc0af Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 16 Dec 2023 12:04:35 +0100 Subject: [PATCH 002/176] v1.6 --- py_oci_starter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index bef2b928..bea35549 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -1031,7 +1031,7 @@ def jinja2_replace_template(): content = template.render( template_param ) with open(output_file_path, mode="w", encoding="utf-8") as output_file: output_file.write(content) - print(f"J2 - Wrote {output_file}") + print(f"J2 - Wrote {output_file_path}") os.remove(os.path.join(subdir, filename)) if filename.endswith('_refresh.sh'): os.remove(os.path.join(subdir, filename)) From f5960504ff2cb959aca034caf4750677c0928371 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 16 Dec 2023 12:07:31 +0100 Subject: [PATCH 003/176] v1.6 --- basis/src/app/app.j2.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/basis/src/app/app.j2.yaml b/basis/src/app/app.j2.yaml index 6b60cb03..cc067c72 100644 --- a/basis/src/app/app.j2.yaml +++ b/basis/src/app/app.j2.yaml @@ -30,11 +30,11 @@ spec: key: jdbc_url {%- else %} {%- if java_framework == "springboot" %} - - name: SPRING_APPLICATION_JSON - valueFrom: - secretKeyRef: - name: ##PREFIX##-db-secret - key: spring_application_json + - name: SPRING_APPLICATION_JSON + valueFrom: + secretKeyRef: + name: ##PREFIX##-db-secret + key: spring_application_json {%- endif %} - name: JDBC_URL valueFrom: From f6a11298c868e9810a2fb04d55385070a01524ae Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 16 Dec 2023 12:50:15 +0100 Subject: [PATCH 004/176] v1.6 --- basis/src/app/app.j2.yaml | 26 +++++++++---------- .../app/{ords/app.yaml => apex/app.j2.yaml} | 2 +- .../app/{apex/app.yaml => ords/app.j2.yaml} | 0 3 files changed, 14 insertions(+), 14 deletions(-) rename option/src/app/{ords/app.yaml => apex/app.j2.yaml} (68%) rename option/src/app/{apex/app.yaml => ords/app.j2.yaml} (100%) diff --git a/basis/src/app/app.j2.yaml b/basis/src/app/app.j2.yaml index cc067c72..18cb47b6 100644 --- a/basis/src/app/app.j2.yaml +++ b/basis/src/app/app.j2.yaml @@ -1,22 +1,22 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: ##PREFIX##-dep + name: {{ prefix }}-dep labels: - app: ##PREFIX##-app + app: {{ prefix }}-app spec: replicas: 1 selector: matchLabels: - app: ##PREFIX##-app + app: {{ prefix }}-app template: metadata: labels: - app: ##PREFIX##-app + app: {{ prefix }}-app spec: containers: - name: app - image: ##DOCKER_PREFIX##/##PREFIX##-app + image: ##DOCKER_PREFIX##/{{ prefix }}-app ports: - containerPort: 8080 name: app-port @@ -26,38 +26,38 @@ spec: - name: JAVAX_SQL_DATASOURCE_DS1_DATASOURCE_URL valueFrom: secretKeyRef: - name: ##PREFIX##-db-secret + name: {{ prefix }}-db-secret key: jdbc_url {%- else %} {%- if java_framework == "springboot" %} - name: SPRING_APPLICATION_JSON valueFrom: secretKeyRef: - name: ##PREFIX##-db-secret + name: {{ prefix }}-db-secret key: spring_application_json {%- endif %} - name: JDBC_URL valueFrom: secretKeyRef: - name: ##PREFIX##-db-secret + name: {{ prefix }}-db-secret key: jdbc_url {%- endif %} {%- else %} - name: DB_URL valueFrom: secretKeyRef: - name: ##PREFIX##-db-secret + name: {{ prefix }}-db-secret key: db_url {%- endif %} - name: DB_USER valueFrom: secretKeyRef: - name: ##PREFIX##-db-secret + name: {{ prefix }}-db-secret key: db_user - name: DB_PASSWORD valueFrom: secretKeyRef: - name: ##PREFIX##-db-secret + name: {{ prefix }}-db-secret key: db_password imagePullSecrets: - name: ocirsecret @@ -65,10 +65,10 @@ spec: apiVersion: v1 kind: Service metadata: - name: ##PREFIX##-app-service + name: {{ prefix }}-app-service spec: selector: - app: ##PREFIX##-app + app: {{ prefix }}-app ports: - name: http-service-port protocol: TCP diff --git a/option/src/app/ords/app.yaml b/option/src/app/apex/app.j2.yaml similarity index 68% rename from option/src/app/ords/app.yaml rename to option/src/app/apex/app.j2.yaml index b8850a27..67127216 100644 --- a/option/src/app/ords/app.yaml +++ b/option/src/app/apex/app.j2.yaml @@ -1,7 +1,7 @@ kind: Service apiVersion: v1 metadata: - name: ##PREFIX##-app-service + name: {{ prefix }}-app-service spec: type: ExternalName externalName: ##ORDS_HOST## diff --git a/option/src/app/apex/app.yaml b/option/src/app/ords/app.j2.yaml similarity index 100% rename from option/src/app/apex/app.yaml rename to option/src/app/ords/app.j2.yaml From b5b801f8afa3b3ee2e4f22ee7328030b1539d8af Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 10:33:11 +0100 Subject: [PATCH 005/176] v1.6 --- basis/bin/deploy_ssl.sh | 63 +++++++++++++++++++ basis/bin/shared_bash_function.sh | 10 ++- basis/bin/ssl/ssl_init.sh | 24 +++++++ basis/src/app/app.j2.yaml | 4 ++ option/oke/ingress-app.yaml | 2 + option/src/app/java_micronaut/app.yaml.orig | 2 +- .../java/com/example/demo/DemoController.java | 14 ++--- option/src/app/ords/app.j2.yaml | 2 +- option/terraform/certificate.tf | 24 +++++++ option/terraform/compute_append.tf | 6 +- option/terraform/instance_pool.tf | 8 ++- option/terraform/oke.tf | 6 +- 12 files changed, 147 insertions(+), 18 deletions(-) create mode 100644 basis/bin/deploy_ssl.sh create mode 100644 basis/bin/ssl/ssl_init.sh create mode 100644 option/terraform/certificate.tf diff --git a/basis/bin/deploy_ssl.sh b/basis/bin/deploy_ssl.sh new file mode 100644 index 00000000..339ae1ae --- /dev/null +++ b/basis/bin/deploy_ssl.sh @@ -0,0 +1,63 @@ +#!/bin/bash +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +cd $SCRIPT_DIR/.. +. env.sh -silent + +# Associate the IP with the DNS +if [-n "$DNS_ZONE_NAME" ]; then + # ocid1.dns-zone.oc1..cc94d47db85349df89083034b50e45e6 + # Compute and Instance Pool are created during the 1rst terraform build. + # - Not possible to OKE + # - To do for Functions / Container Instance + if [ "$TF_VAR_deploy_strategy" == "compute" ]; then + echo "Deployment compute" + else + get_ui_url + DNS_IP + fi +fi + +# Generate the certificate with Let'Encrypt ? +if [-n "$CERTIFICATE_GENERATE_DNS" ]; then + if [ "$TF_VAR_deploy_strategy" == "compute" ]; then + # Generate the certificate with Let'Encrypt on the COMPUTE + SSL_IP=$COMPUTE_IP + else + # Generate the certificate with Let'Encrypt on the BASTION + SSL_IP=$BASTION_IP + fi + scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path bin/ssl opc@$SSL_IP:/home/opc/. + ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$SSL_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_GENERATE_DNS=\"$CERTIFICATE_GENERATE_EMAIL\"; bash ssl/ssl_init.sh 2>&1 | tee -a ssl/ssl_init.log" + scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$SSL_IP:ssl/certificate target/. + export CERTIFICATE_PATH=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name +fi + +# Create or get the CERTIFICATE OCID +if [ -n "$CERTIFICATE_OCID" ]; then + echo "Using existing OCI Certificate" +elif [ -n "$CERTIFICATE_PATH" ]; then + CERT_CERT=$(cat $CERTIFICATE_PATH/cert1.pem) + CERT_CHAIN=$(cat $CERTIFICATE_PATH/chain1.pem) + CERT_PRIVKEY=$(cat $CERTIFICATE_PATH/privkey1.pem) + oci certs-mgmt certificate create-by-importing-config --compartment-id=$TF_VAR_compartment_ocid --name=${TF_VAR_prefix}-certificate --cert-chain-pem="$CERT_CHAIN" --certificate-pem="$CERT_CERT" --private-key-pem="$CERT_PRIVKEY" --wait-for-state ACTIVE --wait-for-state FAILED + exit_on_error +else + echo "ERROR: CERTIFICATE_OCID or CERTIFICATE_PATH should be defined" + exit +fi + +if [ "$TF_VAR_deploy_strategy" == "compute" ]; then + echo "Deployment compute" +elif [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then + # Modify the LB in front of the instacnce with the certificate +elif [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then + # Modify the LB in front of the instacnce with the certificate + export LB_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + export LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$LB_IP'") | .id'` + +elif [ "$TF_VAR_deploy_strategy" == "function" ] || [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then + # Modify the LB in front of the instacnce with the certificate + export UI_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} +fi + + diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index f6706bcf..461ba27f 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -235,11 +235,15 @@ get_user_details() { # Get the user interface URL get_ui_url() { if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - get_output_from_tfstate UI_URL ui_url + get_output_from_tfstate DNS_IP dns_ip + get_output_from_tfstate UI_URL ui_url elif [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then - get_output_from_tfstate UI_URL pool_lb_url + get_output_from_tfstate DNS_IP dns_ip + get_output_from_tfstate UI_URL ui_url elif [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then - export UI_URL=http://`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"`/${TF_VAR_prefix} + export DNS_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + export LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$DNS_IP'") | .id'` + export UI_URL=http://${LB_IP}/${TF_VAR_prefix} elif [ "$TF_VAR_deploy_strategy" == "function" ] || [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then export UI_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} fi diff --git a/basis/bin/ssl/ssl_init.sh b/basis/bin/ssl/ssl_init.sh new file mode 100644 index 00000000..6d706a69 --- /dev/null +++ b/basis/bin/ssl/ssl_init.sh @@ -0,0 +1,24 @@ +#!/bin/bash +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +cd $SCRIPT_DIR + +# Install certbot +sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y +sudo dnf install snapd nginx -y +sudo systemctl enable --now snapd.socket +sudo ln -s /var/lib/snapd/snap /snap +sudo snap install core; sudo snap refresh core +sudo snap install --classic certbot +sudo ln -s /snap/bin/certbot /usr/bin/certbot + +# Install nginx +sudo systemctl enable nginx +sudo systemctl restart nginx +sudo firewall-cmd --zone=public --add-port=80/tcp --permanent +sudo firewall-cmd --reload +sudo certbot --agree-tos --nginx --email $CERTIFICATE_GENERATE_EMAIL -d $TF_VAR_dns_name + +# Place the certificate in an OPC directory so that it can be copied via SSH. +mkdir certificate +sudo cp -r /etc/letsencrypt/archive/$TF_VAR_dns_name /home/opc/ssl/certificate +sudo chown -R opc certificate \ No newline at end of file diff --git a/basis/src/app/app.j2.yaml b/basis/src/app/app.j2.yaml index 18cb47b6..8b84f6ad 100644 --- a/basis/src/app/app.j2.yaml +++ b/basis/src/app/app.j2.yaml @@ -59,6 +59,10 @@ spec: secretKeyRef: name: {{ prefix }}-db-secret key: db_password + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP imagePullSecrets: - name: ocirsecret --- diff --git a/option/oke/ingress-app.yaml b/option/oke/ingress-app.yaml index 32154d37..ba5a85ac 100644 --- a/option/oke/ingress-app.yaml +++ b/option/oke/ingress-app.yaml @@ -6,6 +6,8 @@ metadata: annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /$2 + # nginx.ingress.kubernetes.io/affinity: "cookie" + # nginx.ingress.kubernetes.io/session-cookie-path: "/" spec: rules: - http: diff --git a/option/src/app/java_micronaut/app.yaml.orig b/option/src/app/java_micronaut/app.yaml.orig index 7dc925e2..55353f4e 100644 --- a/option/src/app/java_micronaut/app.yaml.orig +++ b/option/src/app/java_micronaut/app.yaml.orig @@ -5,7 +5,7 @@ metadata: labels: app: ##PREFIX##-app spec: - replicas: 2 + replicas: 1 selector: matchLabels: app: ##PREFIX##-app diff --git a/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java index 92bc5aa4..853808d9 100644 --- a/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java @@ -2,10 +2,10 @@ import org.springframework.web.bind.annotation.*; import org.springframework.beans.factory.annotation.Autowired; -import java.sql.*; -import java.util.ArrayList; -import java.util.List; +import java.net.Inet4Address; +import java.sql.*; +import java.util.*; import oracle.ucp.jdbc.PoolDataSourceFactory; import oracle.ucp.jdbc.PoolDataSource; @@ -13,7 +13,6 @@ public class DemoController { static PoolDataSource pds = PoolDataSourceFactory.getPoolDataSource(); - public record Dept( int deptno, String dname, String loc ) {}; @Autowired @@ -58,7 +57,8 @@ public List query() { } @RequestMapping(value = "/info", method = RequestMethod.GET, produces = { "text/plain" }) - public String info() { - return "Java - SpringBoot"; + public String info() throws Exception { + String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():" - "+ System.getenv("POD_IP"); + return "Java - SpringBoot - " + IP; } -} \ No newline at end of file +} diff --git a/option/src/app/ords/app.j2.yaml b/option/src/app/ords/app.j2.yaml index b8850a27..67127216 100644 --- a/option/src/app/ords/app.j2.yaml +++ b/option/src/app/ords/app.j2.yaml @@ -1,7 +1,7 @@ kind: Service apiVersion: v1 metadata: - name: ##PREFIX##-app-service + name: {{ prefix }}-app-service spec: type: ExternalName externalName: ##ORDS_HOST## diff --git a/option/terraform/certificate.tf b/option/terraform/certificate.tf new file mode 100644 index 00000000..96b381e4 --- /dev/null +++ b/option/terraform/certificate.tf @@ -0,0 +1,24 @@ +variable "dns_zone_name" { default="" } +variable "dns_name" { default="" } +variable "dns_ip" { default="" } + +locals { + dns_ip2 = var.dns_ip=="" ? local.dns_ip : var.dns_ip +} + +resource "oci_dns_rrset" "starter_rrset" { + count = (var.dns_zone_name=="" || local.dns_ip2=="") ? 0 : 1 + + #Required + zone_name_or_id = var.dns_zone_name + domain = var.dns_name + rtype = "A" + compartment_id = local.lz_appdev_cmp_ocid + items { + #Required + domain = var.dns_name + rdata = local.dns_ip2 + rtype = "A" + ttl = 3600 + } +} \ No newline at end of file diff --git a/option/terraform/compute_append.tf b/option/terraform/compute_append.tf index c80770ce..aba864fc 100644 --- a/option/terraform/compute_append.tf +++ b/option/terraform/compute_append.tf @@ -3,6 +3,10 @@ output "compute_ip" { value = local.compute_public_ip } +locals { + dns_ip = local.compute_public_ip +} + output "ui_url" { - value = format("http://%s", local.compute_public_ip) + value = format("http://%s", local.compute_public_ip) } diff --git a/option/terraform/instance_pool.tf b/option/terraform/instance_pool.tf index 5ff500ef..d5f13010 100644 --- a/option/terraform/instance_pool.tf +++ b/option/terraform/instance_pool.tf @@ -153,6 +153,10 @@ output "pooled_instances_hostname_labels" { value = [data.oci_core_instance.starter_instance_pool_instance_singular_datasource.*.hostname_label] } -output "pool_lb_url" { - value = format("http://%s", oci_load_balancer.starter_pool_lb.ip_address_details[0].ip_address) +locals { + dns_ip = local.compute_public_ip +} + +output "ui_url" { + value = format("http://%s", local.dns_ip) } \ No newline at end of file diff --git a/option/terraform/oke.tf b/option/terraform/oke.tf index 6656415b..df035c6d 100644 --- a/option/terraform/oke.tf +++ b/option/terraform/oke.tf @@ -314,6 +314,7 @@ resource "oci_core_subnet" "starter_api_subnet" { freeform_tags = local.freeform_tags } +/* resource "oci_core_subnet" "starter_pod_subnet" { #Required cidr_block = "10.0.40.0/24" @@ -326,8 +327,7 @@ resource "oci_core_subnet" "starter_pod_subnet" { route_table_id = oci_core_vcn.starter_vcn.default_route_table_id freeform_tags = local.freeform_tags } - - +*/ #---------------------------------------------------------------------------- @@ -400,7 +400,7 @@ resource "oci_containerengine_node_pool" "starter_node_pool" { # node_pool_pod_network_option_details { # cni_type = "OCI_VCN_IP_NATIVE" - # pod_subnet_ids = [ oci_core_subnet.starter_nodepool_subnet.id ] + # pod_subnet_ids = [ oci_core_subnet.starter_pod_subnet.id ] # } } ssh_public_key = var.ssh_public_key From 9a659e66afa82900c041c435679e56962855551d Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 16:54:40 +0100 Subject: [PATCH 006/176] v1.6 --- basis/bin/auto_env.sh | 6 ++ basis/bin/build_all.sh | 5 ++ basis/bin/deploy_ssl.sh | 63 --------------- basis/bin/shared_bash_function.sh | 24 ++++++ basis/src/terraform/variable.tf | 3 + option/compute/compute_bootstrap.sh | 8 ++ option/terraform/{apigw.tf => apigw.j2.tf} | 13 +++- option/terraform/apigw_ci_append.tf | 6 +- option/terraform/apigw_fn_append.tf | 5 +- option/terraform/{certificate.tf => tls.tf} | 0 option/tls/compute_existing/nginx_tls.conf | 46 +++++++++++ option/tls/new/deploy_tls.sh | 78 +++++++++++++++++++ .../ssl_init.sh => option/tls/new/tls_init.sh | 3 +- py_oci_starter.py | 33 ++++++-- 14 files changed, 218 insertions(+), 75 deletions(-) delete mode 100644 basis/bin/deploy_ssl.sh rename option/terraform/{apigw.tf => apigw.j2.tf} (72%) rename option/terraform/{certificate.tf => tls.tf} (100%) create mode 100644 option/tls/compute_existing/nginx_tls.conf create mode 100644 option/tls/new/deploy_tls.sh rename basis/bin/ssl/ssl_init.sh => option/tls/new/tls_init.sh (82%) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index e1638d2e..98223723 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -142,6 +142,11 @@ else export TF_VAR_bastion_ad=$TF_VAR_ad fi + # TLS + if [ -n $TF_VAR_dns_name ]; then + TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` + fi + # GIT if [ `git rev-parse --is-inside-work-tree 2>/dev/null` ]; then export GIT_BRANCH=`git rev-parse --abbrev-ref HEAD` @@ -220,6 +225,7 @@ if [ -f $STATE_FILE ]; then get_output_from_tfstate "JDBC_URL" "jdbc_url" get_output_from_tfstate "DB_URL" "db_url" + if [ "$TF_VAR_db_strategy" == "autonomous" ]; then get_output_from_tfstate "ORDS_URL" "ords_url" fi diff --git a/basis/bin/build_all.sh b/basis/bin/build_all.sh index 018493fe..222a6fe0 100755 --- a/basis/bin/build_all.sh +++ b/basis/bin/build_all.sh @@ -14,6 +14,11 @@ title "OCI Starter - Build" if [ "$TF_VAR_ssh_private_path" == "" ]; then . $BIN_DIR/sshkey_generate.sh fi + +if [ -n "$CERTIFICATE_PATH" ]; then + certificate_path_before_terraform +fi + . env.sh title "Terraform Apply" src/terraform/apply.sh --auto-approve -no-color diff --git a/basis/bin/deploy_ssl.sh b/basis/bin/deploy_ssl.sh deleted file mode 100644 index 339ae1ae..00000000 --- a/basis/bin/deploy_ssl.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -cd $SCRIPT_DIR/.. -. env.sh -silent - -# Associate the IP with the DNS -if [-n "$DNS_ZONE_NAME" ]; then - # ocid1.dns-zone.oc1..cc94d47db85349df89083034b50e45e6 - # Compute and Instance Pool are created during the 1rst terraform build. - # - Not possible to OKE - # - To do for Functions / Container Instance - if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - echo "Deployment compute" - else - get_ui_url - DNS_IP - fi -fi - -# Generate the certificate with Let'Encrypt ? -if [-n "$CERTIFICATE_GENERATE_DNS" ]; then - if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - # Generate the certificate with Let'Encrypt on the COMPUTE - SSL_IP=$COMPUTE_IP - else - # Generate the certificate with Let'Encrypt on the BASTION - SSL_IP=$BASTION_IP - fi - scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path bin/ssl opc@$SSL_IP:/home/opc/. - ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$SSL_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_GENERATE_DNS=\"$CERTIFICATE_GENERATE_EMAIL\"; bash ssl/ssl_init.sh 2>&1 | tee -a ssl/ssl_init.log" - scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$SSL_IP:ssl/certificate target/. - export CERTIFICATE_PATH=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name -fi - -# Create or get the CERTIFICATE OCID -if [ -n "$CERTIFICATE_OCID" ]; then - echo "Using existing OCI Certificate" -elif [ -n "$CERTIFICATE_PATH" ]; then - CERT_CERT=$(cat $CERTIFICATE_PATH/cert1.pem) - CERT_CHAIN=$(cat $CERTIFICATE_PATH/chain1.pem) - CERT_PRIVKEY=$(cat $CERTIFICATE_PATH/privkey1.pem) - oci certs-mgmt certificate create-by-importing-config --compartment-id=$TF_VAR_compartment_ocid --name=${TF_VAR_prefix}-certificate --cert-chain-pem="$CERT_CHAIN" --certificate-pem="$CERT_CERT" --private-key-pem="$CERT_PRIVKEY" --wait-for-state ACTIVE --wait-for-state FAILED - exit_on_error -else - echo "ERROR: CERTIFICATE_OCID or CERTIFICATE_PATH should be defined" - exit -fi - -if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - echo "Deployment compute" -elif [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then - # Modify the LB in front of the instacnce with the certificate -elif [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then - # Modify the LB in front of the instacnce with the certificate - export LB_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - export LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$LB_IP'") | .id'` - -elif [ "$TF_VAR_deploy_strategy" == "function" ] || [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then - # Modify the LB in front of the instacnce with the certificate - export UI_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} -fi - - diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 461ba27f..d6f23cfa 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -419,3 +419,27 @@ java_find_version() { fi } +certificate_create() { + echo "Creating certificate $TF_VAR_dns_name" + CERT_CERT=$(cat $CERTIFICATE_PATH/cert.pem) + CERT_CHAIN=$(cat $CERTIFICATE_PATH/chain.pem) + CERT_PRIVKEY=$(cat $CERTIFICATE_PATH/privkey.pem) + oci certs-mgmt certificate create-by-importing-config --compartment-id=$TF_VAR_compartment_ocid --name=$TF_VAR_dns_name --cert-chain-pem="$CERT_CHAIN" --certificate-pem="$CERT_CERT" --private-key-pem="$CERT_PRIVKEY" --wait-for-state ACTIVE --wait-for-state FAILED + exit_on_error + TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` +} + +certificate_path_before_terraform() { + if [ "$TF_VAR_deploy_strategy" == "compute" ]; then + if [ -d target/compute/certificate ]; then + echo "Certificate Directory exists already" + else + mkdir -p target/compute/certificate + cp $CERTIFICATE_PATH/* target/compute/certificate/. + cp src/tls/nginx_tls.conf target/compute/. + sed -i "s/##DNS_NAME##/$TF_VAR_dns_name/" target/compute/nginx_tls.conf + fi + else + certificate_create + fi +} diff --git a/basis/src/terraform/variable.tf b/basis/src/terraform/variable.tf index b33fdb0b..5f27ed96 100644 --- a/basis/src/terraform/variable.tf +++ b/basis/src/terraform/variable.tf @@ -43,6 +43,9 @@ variable group_name { default="" } # Log Group variable log_group_ocid { default="" } +# Certificate +variable "certificate_ocid" { default = "" } + locals { group_name = var.group_name == "" ? "none" : var.group_name diff --git a/option/compute/compute_bootstrap.sh b/option/compute/compute_bootstrap.sh index 06e6948c..0e9cc453 100755 --- a/option/compute/compute_bootstrap.sh +++ b/option/compute/compute_bootstrap.sh @@ -122,6 +122,13 @@ else sudo awk -i inplace '/404.html/ && !x {print " include conf.d/nginx_app.locations;"; x=1} 1' /etc/nginx/nginx.conf fi +# TLS +if [ -d certificate ]; then + echo "Adding nginx_tls.conf" + sudo cp nginx_tls.conf /etc/nginx/conf.d/. + sudo awk -i inplace '/# HTTPS server/ && !x {print " include conf.d/nginx_tls.conf;"; x=1} 1' /etc/nginx/nginx.conf +fi + # SE Linux (for proxy_pass) sudo setsebool -P httpd_can_network_connect 1 @@ -136,6 +143,7 @@ fi # Firewalld sudo firewall-cmd --zone=public --add-port=80/tcp --permanent +sudo firewall-cmd --zone=public --add-port=443/tcp --permanent sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent sudo firewall-cmd --reload diff --git a/option/terraform/apigw.tf b/option/terraform/apigw.j2.tf similarity index 72% rename from option/terraform/apigw.tf rename to option/terraform/apigw.j2.tf index bb1b5a1d..8d01f870 100644 --- a/option/terraform/apigw.tf +++ b/option/terraform/apigw.j2.tf @@ -8,15 +8,26 @@ resource oci_apigateway_gateway starter_apigw { endpoint_type = "PUBLIC" subnet_id = data.oci_core_subnet.starter_public_subnet.id freeform_tags = local.freeform_tags + +{%- if tls != "none" %} + count = var.certificate_ocid == "" ? 0 : 1 + certificate_id = certificate_ocid +{%- endif %} } resource "oci_apigateway_api" "starter_api" { compartment_id = local.lz_appdev_cmp_ocid content = var.openapi_spec display_name = "${var.prefix}-api" - freeform_tags = local.freeform_tags + freeform_tags = local.freeform_tags + +{%- if tls != "none" %} + count = var.certificate_ocid == "" ? 0 : 1 +{%- endif %} } locals { apigw_ocid = oci_apigateway_gateway.starter_apigw.id } + +certificate_id = \ No newline at end of file diff --git a/option/terraform/apigw_ci_append.tf b/option/terraform/apigw_ci_append.tf index 792058e8..6dc97f51 100644 --- a/option/terraform/apigw_ci_append.tf +++ b/option/terraform/apigw_ci_append.tf @@ -3,7 +3,11 @@ locals { } resource "oci_apigateway_deployment" "starter_apigw_deployment" { - count = var.docker_image_ui == "" ? 0 : 1 +{%- if tls != "none" %} + count = (var.docker_image_ui == "" || var.certificate_ocid == "") && ? 0 : 1 +{%- else %} + count = var.docker_image_ui == "" ? 0 : 1 +{%- endif %} compartment_id = local.lz_appdev_cmp_ocid display_name = "${var.prefix}-apigw-deployment" gateway_id = local.apigw_ocid diff --git a/option/terraform/apigw_fn_append.tf b/option/terraform/apigw_fn_append.tf index 8d1db553..c566c9f7 100644 --- a/option/terraform/apigw_fn_append.tf +++ b/option/terraform/apigw_fn_append.tf @@ -1,6 +1,9 @@ resource "oci_apigateway_deployment" "starter_apigw_deployment" { +{%- if tls != "none" %} + count = (var.fn_image == "" || var.certificate_ocid == "") && ? 0 : 1 +{%- else %} count = var.fn_image == "" ? 0 : 1 - compartment_id = local.lz_appdev_cmp_ocid +{%- endif %} display_name = "${var.prefix}-apigw-deployment" gateway_id = local.apigw_ocid path_prefix = "/${var.prefix}" diff --git a/option/terraform/certificate.tf b/option/terraform/tls.tf similarity index 100% rename from option/terraform/certificate.tf rename to option/terraform/tls.tf diff --git a/option/tls/compute_existing/nginx_tls.conf b/option/tls/compute_existing/nginx_tls.conf new file mode 100644 index 00000000..7aae8e34 --- /dev/null +++ b/option/tls/compute_existing/nginx_tls.conf @@ -0,0 +1,46 @@ +server { + server_name ##DNS_NAME##; + root /usr/share/nginx/html; + + # Load configuration files for the default server block. + include /etc/nginx/default.d/*.conf; + location / { + } + + include conf.d/nginx_app.locations; + error_page 404 /404.html; + location = /40x.html { + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + } + listen [::]:443 ssl ipv6only=on; + listen 443 ssl; + ssl_certificate /home/opc/certificate/fullchain.pem; + ssl_certificate_key /home/opc/certificate/privkey.pem; + + ssl_session_cache shared:le_nginx_SSL:10m; + ssl_session_timeout 1440m; + ssl_session_tickets off; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers off; + + ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; + + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + +} + +server { + if ($host = ##DNS_NAME##) { + return 301 https://$host$request_uri; + } + + + listen 80 ; + listen [::]:80 ; + server_name ##DNS_NAME##; + return 404; +} diff --git a/option/tls/new/deploy_tls.sh b/option/tls/new/deploy_tls.sh new file mode 100644 index 00000000..0f83723f --- /dev/null +++ b/option/tls/new/deploy_tls.sh @@ -0,0 +1,78 @@ +#!/bin/bash +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +cd $SCRIPT_DIR/.. +. env.sh -silent + +# Generate a certificate on compute or bastion +generate_certificate() +{ + if [ -z "$CERTIFICATE_GENERATE_EMAIL" ]; then + echo "Error: CERTIFICATE_GENERATE_EMAIL is not defined." + exit 1 + fi + if [ "$TF_VAR_deploy_strategy" == "compute" ]; then + # Generate the certificate with Let'Encrypt on the COMPUTE + TLS_IP=$COMPUTE_IP + else + # Generate the certificate with Let'Encrypt on the BASTION + TLS_IP=$BASTION_IP + fi + scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path bin/tls opc@$TLS_IP:/home/opc/. + ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_GENERATE_DNS=\"$CERTIFICATE_GENERATE_EMAIL\"; bash tls/tls_init.sh 2>&1 | tee -a tls/tls_init.log" + scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP:tls/certificate target/. + export CERTIFICATE_PATH=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name +} + +if [ -z $TF_VAR_dns_name ]; then + echo "Error: TF_VAR_dns_name is not defined." + exit 1 +fi + +# Associate the IP with the DNS +# Done in Terraform + +# For compute, it is simpler. Generate a new certificate on the compute. Done. +if [ "$TF_VAR_deploy_strategy" == "compute" ]; then + generate_certificate + exit +fi + +# XXXXX +# Maybe check +# - if the validaty is more than 15 days then do nothing +# - else refresh the certificate +# XXXXX + +if [ "$TF_VAR_certificate_ocid" != "" ]; then + CERT_DATE_VALIDITY=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r '.data.items[0]["current-version-summary"].validity["time-of-validity-not-after"]'` + CERT_VALIDITY_DAY=`echo $((($(date -d $CERT_VALIDITY +%s) - $(date +%s))/86400))` + echo "OCI Certificate for $TF_VAR_dns_name exists already. OCID: $TF_VAR_certificate_ocid" + echo "Certificate valid until: $CERT_DATE_VALIDITY" + echo "Days left: $CERT_VALIDITY_DAY" + echo "Done" + exit +else + if [ -z "$CERTIFICATE_PATH" ]; then + # Generate the certificate with Let'Encrypt ? + generate_certificate + fi + certificate_create +fi + +# Use the certificate in the compute/APIGW/or LB based on the type of deployment +if [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then + echo "Attach the certificate to the LB" + # Attach the certificate to the LB + # terraform apply ? +else + echo "Attach the certificate to APIGW" + if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then + # Modify the APIGW in front of the instacnce with the certificate + export INGRESS_LB_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$LB_IP'") | .id'` + fi + # Modify the APIGW in front with the certificate + # terraform apply +fi + + diff --git a/basis/bin/ssl/ssl_init.sh b/option/tls/new/tls_init.sh similarity index 82% rename from basis/bin/ssl/ssl_init.sh rename to option/tls/new/tls_init.sh index 6d706a69..d089b9d5 100644 --- a/basis/bin/ssl/ssl_init.sh +++ b/option/tls/new/tls_init.sh @@ -15,10 +15,11 @@ sudo ln -s /snap/bin/certbot /usr/bin/certbot sudo systemctl enable nginx sudo systemctl restart nginx sudo firewall-cmd --zone=public --add-port=80/tcp --permanent +sudo firewall-cmd --zone=public --add-port=443/tcp --permanent sudo firewall-cmd --reload sudo certbot --agree-tos --nginx --email $CERTIFICATE_GENERATE_EMAIL -d $TF_VAR_dns_name # Place the certificate in an OPC directory so that it can be copied via SSH. mkdir certificate -sudo cp -r /etc/letsencrypt/archive/$TF_VAR_dns_name /home/opc/ssl/certificate +sudo cp -r /etc/letsencrypt/live/$TF_VAR_dns_name /home/opc/tls/certificate sudo chown -R opc certificate \ No newline at end of file diff --git a/py_oci_starter.py b/py_oci_starter.py index bea35549..0c4fb29c 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -75,12 +75,13 @@ def mandatory_options(mode): '-license': 'included', '-mode': CLI, '-infra_as_code': 'terraform_local', - '-output_dir' : 'output' + '-output_dir' : 'output', + '-tls': 'none' } no_default_options = ['-compartment_ocid', '-oke_ocid', '-vcn_ocid', '-atp_ocid', '-db_ocid', '-db_compartment_ocid', '-pdb_ocid', '-mysql_ocid', '-psql_ocid', - '-db_user', '-fnapp_ocid', '-apigw_ocid', '-bastion_ocid', '-auth_token', + '-db_user', '-fnapp_ocid', '-apigw_ocid', '-bastion_ocid', '-auth_token', '-tls', '-subnet_ocid','-public_subnet_ocid','-private_subnet_ocid','-shape','-db_install'] # hidden_options - allowed but not advertised @@ -105,7 +106,8 @@ def allowed_options(): '-infra_as_code': {'terraform_local', 'terraform_object_storage', 'resource_manager'}, '-mode': {CLI, GIT, ZIP}, '-shape': {'amd','freetier_amd','ampere'}, - '-db_install': {'default', 'shared_compute', 'kubernetes'} + '-db_install': {'default', 'shared_compute', 'kubernetes'}, + '-tls': {'none', 'new', 'existing'} } def check_values(): @@ -250,6 +252,14 @@ def shape_rules(): params['instance_shape_config_memory_in_gbs'] = 8 +def tls_rules(): + if params.get('tls')!='none': + params['dns_zone_name'] = TO_FILL + params['dns_name'] = TO_FILL + if params.get('tls')=='existing': + params['certificate_path'] = TO_FILL + + def apply_rules(): zip_rules() group_common_rules() @@ -262,6 +272,7 @@ def apply_rules(): compartment_rules() license_rules() shape_rules() + tls_rules() def error(msg): @@ -654,8 +665,8 @@ def cp_terraform_apigw(append_tf): cp_terraform("apigw_existing.tf", "apigw_tags.tf", append_tf) output_replace('##APP_URL##', app_url,"src/terraform/apigw_existing.tf") else: - cp_terraform("apigw.tf", "apigw_tags.tf", append_tf) - output_replace('##APP_URL##', app_url, "src/terraform/apigw.tf") + cp_terraform("apigw.j2.tf", "apigw_tags.tf", append_tf) + output_replace('##APP_URL##', app_url, "src/terraform/apigw.j2.tf") #---------------------------------------------------------------------------- # Create Directory (shared for group_common and output) @@ -805,7 +816,7 @@ def create_output_dir(): if 'apigw_ocid' in params: cp_terraform("apigw_existing.tf", "apigw_tags.tf", apigw_append) else: - cp_terraform("apigw.tf", "apigw_tags.tf", apigw_append) + cp_terraform("apigw.j2.tf", "apigw_tags.tf", apigw_append) elif params.get('deploy') in [ 'compute', 'instance_pool' ]: if 'compute_ocid' in params: @@ -818,6 +829,8 @@ def create_output_dir(): output_copy_tree("option/compute", "src/compute") if params.get('deploy') == 'instance_pool': cp_terraform("instance_pool.tf") + elif params.get('tls') == 'existing': + output_copy_tree("option/tls/compute_existing", "src/tls") elif params.get('deploy') == "container_instance": if 'group_common' not in params: @@ -831,6 +844,9 @@ def create_output_dir(): output_copy_tree("option/container_instance", "bin") cp_terraform_apigw("apigw_ci_append.tf") + if params.get('tls') == 'new': + output_copy_tree("option/tls/new", "src/tls") + if os.path.exists(output_dir + "/src/app/openapi_spec_append.yaml"): append_file( output_dir + "/src/app/openapi_spec.yaml", output_dir + "/src/app/openapi_spec_append.yaml") os.remove( output_dir + "/src/app/openapi_spec_append.yaml" ) @@ -896,7 +912,8 @@ def create_output_dir(): src_path = os.path.join("src/app/db", f) dst_path = os.path.join("src/db", f) output_move(src_path, dst_path) - os.rmdir(output_dir + "/src/app/db") + os.rmdir(output_dir + "/src/app/db") + #---------------------------------------------------------------------------- # Create group_common Directory @@ -959,7 +976,7 @@ def create_group_common_dir(): if 'apigw_ocid' in params: cp_terraform("apigw_existing.tf", "apigw_tags.tf") else: - cp_terraform("apigw.tf", "apigw_tags.tf") + cp_terraform("apigw.j2.tf", "apigw_tags.tf") cp_terraform("log_group.tf") if 'jms' in a_group_common: From 549c63e6763088ab2c0b6145e11fbee6487a57cf Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 17:08:58 +0100 Subject: [PATCH 007/176] v1.6 --- option/terraform/apigw.j2.tf | 4 ++-- option/terraform/apigw_ci_append.tf | 2 +- option/terraform/apigw_compute_append.tf | 3 +++ option/terraform/apigw_fn_append.tf | 2 +- py_oci_starter.py | 8 ++++---- 5 files changed, 11 insertions(+), 8 deletions(-) diff --git a/option/terraform/apigw.j2.tf b/option/terraform/apigw.j2.tf index 8d01f870..f0a1fdb2 100644 --- a/option/terraform/apigw.j2.tf +++ b/option/terraform/apigw.j2.tf @@ -9,7 +9,7 @@ resource oci_apigateway_gateway starter_apigw { subnet_id = data.oci_core_subnet.starter_public_subnet.id freeform_tags = local.freeform_tags -{%- if tls != "none" %} +{%- if tls is defined %} count = var.certificate_ocid == "" ? 0 : 1 certificate_id = certificate_ocid {%- endif %} @@ -21,7 +21,7 @@ resource "oci_apigateway_api" "starter_api" { display_name = "${var.prefix}-api" freeform_tags = local.freeform_tags -{%- if tls != "none" %} +{%- if tls is defined %} count = var.certificate_ocid == "" ? 0 : 1 {%- endif %} } diff --git a/option/terraform/apigw_ci_append.tf b/option/terraform/apigw_ci_append.tf index 6dc97f51..066491a3 100644 --- a/option/terraform/apigw_ci_append.tf +++ b/option/terraform/apigw_ci_append.tf @@ -3,7 +3,7 @@ locals { } resource "oci_apigateway_deployment" "starter_apigw_deployment" { -{%- if tls != "none" %} +{%- if tls is defined %} count = (var.docker_image_ui == "" || var.certificate_ocid == "") && ? 0 : 1 {%- else %} count = var.docker_image_ui == "" ? 0 : 1 diff --git a/option/terraform/apigw_compute_append.tf b/option/terraform/apigw_compute_append.tf index 60bf610f..9e05e911 100644 --- a/option/terraform/apigw_compute_append.tf +++ b/option/terraform/apigw_compute_append.tf @@ -3,6 +3,9 @@ locals { } resource "oci_apigateway_deployment" "starter_apigw_deployment" { +{%- if tls is defined %} + count = var.certificate_ocid == "" ? 0 : 1 +{%- endif %} compartment_id = local.lz_appdev_cmp_ocid display_name = "${var.prefix}-apigw-deployment" gateway_id = local.apigw_ocid diff --git a/option/terraform/apigw_fn_append.tf b/option/terraform/apigw_fn_append.tf index c566c9f7..4b802047 100644 --- a/option/terraform/apigw_fn_append.tf +++ b/option/terraform/apigw_fn_append.tf @@ -1,5 +1,5 @@ resource "oci_apigateway_deployment" "starter_apigw_deployment" { -{%- if tls != "none" %} +{%- if tls is defined %} count = (var.fn_image == "" || var.certificate_ocid == "") && ? 0 : 1 {%- else %} count = var.fn_image == "" ? 0 : 1 diff --git a/py_oci_starter.py b/py_oci_starter.py index 0c4fb29c..20461564 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -75,13 +75,12 @@ def mandatory_options(mode): '-license': 'included', '-mode': CLI, '-infra_as_code': 'terraform_local', - '-output_dir' : 'output', - '-tls': 'none' + '-output_dir' : 'output' } no_default_options = ['-compartment_ocid', '-oke_ocid', '-vcn_ocid', '-atp_ocid', '-db_ocid', '-db_compartment_ocid', '-pdb_ocid', '-mysql_ocid', '-psql_ocid', - '-db_user', '-fnapp_ocid', '-apigw_ocid', '-bastion_ocid', '-auth_token', '-tls', + '-db_user', '-fnapp_ocid', '-apigw_ocid', '-bastion_ocid', '-auth_token', 'tls', '-subnet_ocid','-public_subnet_ocid','-private_subnet_ocid','-shape','-db_install'] # hidden_options - allowed but not advertised @@ -125,7 +124,8 @@ def get_tf_var(param): 'database': 'TF_VAR_db_strategy', 'deploy': 'TF_VAR_deploy_strategy', 'license': 'TF_VAR_license_model', - 'ui': 'TF_VAR_ui_strategy' + 'ui': 'TF_VAR_ui_strategy', + 'certificate_path': 'CERTIFICATE_PATH' }.get(param) if special_case is not None: return special_case From 5d5ec28070b1889f3bd1961fcfb3a027b87b347e Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 17:10:40 +0100 Subject: [PATCH 008/176] v1.6 --- py_oci_starter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 20461564..46b2cd91 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -80,7 +80,7 @@ def mandatory_options(mode): no_default_options = ['-compartment_ocid', '-oke_ocid', '-vcn_ocid', '-atp_ocid', '-db_ocid', '-db_compartment_ocid', '-pdb_ocid', '-mysql_ocid', '-psql_ocid', - '-db_user', '-fnapp_ocid', '-apigw_ocid', '-bastion_ocid', '-auth_token', 'tls', + '-db_user', '-fnapp_ocid', '-apigw_ocid', '-bastion_ocid', '-auth_token', '-tls', '-subnet_ocid','-public_subnet_ocid','-private_subnet_ocid','-shape','-db_install'] # hidden_options - allowed but not advertised From 43ce2ab7388d2341015e0dbbf28da2055f98688c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 17:37:47 +0100 Subject: [PATCH 009/176] v1.6 --- basis/bin/shared_bash_function.sh | 4 ++++ option/tls/compute_existing/nginx_tls.conf | 3 --- py_oci_starter.py | 6 ++++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index d6f23cfa..93a660c7 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -430,6 +430,10 @@ certificate_create() { } certificate_path_before_terraform() { + if [ -z $TF_VAR_dns_name ]; then + echo "ERROR: certificate_path_before_terraform: TF_VAR_dns_name not defined" + exit 1 + fi if [ "$TF_VAR_deploy_strategy" == "compute" ]; then if [ -d target/compute/certificate ]; then echo "Certificate Directory exists already" diff --git a/option/tls/compute_existing/nginx_tls.conf b/option/tls/compute_existing/nginx_tls.conf index 7aae8e34..fa7fd9d4 100644 --- a/option/tls/compute_existing/nginx_tls.conf +++ b/option/tls/compute_existing/nginx_tls.conf @@ -28,9 +28,6 @@ server { ssl_prefer_server_ciphers off; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; - - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; - } server { diff --git a/py_oci_starter.py b/py_oci_starter.py index 46b2cd91..80fb05af 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -844,8 +844,10 @@ def create_output_dir(): output_copy_tree("option/container_instance", "bin") cp_terraform_apigw("apigw_ci_append.tf") - if params.get('tls') == 'new': - output_copy_tree("option/tls/new", "src/tls") + if params.get('tls'): + cp_terraform("tls.tf") + if params.get('tls') == 'new': + output_copy_tree("option/tls/new", "src/tls") if os.path.exists(output_dir + "/src/app/openapi_spec_append.yaml"): append_file( output_dir + "/src/app/openapi_spec.yaml", output_dir + "/src/app/openapi_spec_append.yaml") From 5fda6ebc6598575843344d329aaa9950a98c40f0 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 21:23:12 +0100 Subject: [PATCH 010/176] v1.6 --- option/terraform/tls.tf | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/option/terraform/tls.tf b/option/terraform/tls.tf index 96b381e4..cc3ba4d8 100644 --- a/option/terraform/tls.tf +++ b/option/terraform/tls.tf @@ -2,12 +2,8 @@ variable "dns_zone_name" { default="" } variable "dns_name" { default="" } variable "dns_ip" { default="" } -locals { - dns_ip2 = var.dns_ip=="" ? local.dns_ip : var.dns_ip -} - resource "oci_dns_rrset" "starter_rrset" { - count = (var.dns_zone_name=="" || local.dns_ip2=="") ? 0 : 1 + count = var.dns_zone_name=="" ? 0 : 1 #Required zone_name_or_id = var.dns_zone_name @@ -17,7 +13,7 @@ resource "oci_dns_rrset" "starter_rrset" { items { #Required domain = var.dns_name - rdata = local.dns_ip2 + rdata = var.dns_ip=="" ? local.dns_ip : var.dns_ip rtype = "A" ttl = 3600 } From 4aa766dc6557f802288a1912e56737d0089829d5 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 22:27:59 +0100 Subject: [PATCH 011/176] v1.6 --- basis/bin/shared_bash_function.sh | 4 +--- option/terraform/instance_pool.tf | 6 +++--- option/terraform/{tls.tf => tls.j2.tf} | 12 +++++++++++- py_oci_starter.py | 2 +- 4 files changed, 16 insertions(+), 8 deletions(-) rename option/terraform/{tls.tf => tls.j2.tf} (68%) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 93a660c7..8ed9efa4 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -235,11 +235,9 @@ get_user_details() { # Get the user interface URL get_ui_url() { if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - get_output_from_tfstate DNS_IP dns_ip get_output_from_tfstate UI_URL ui_url elif [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then - get_output_from_tfstate DNS_IP dns_ip - get_output_from_tfstate UI_URL ui_url + get_output_from_tfstate UI_URL pool_lb_url elif [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then export DNS_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` export LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$DNS_IP'") | .id'` diff --git a/option/terraform/instance_pool.tf b/option/terraform/instance_pool.tf index d5f13010..8e2c03ad 100644 --- a/option/terraform/instance_pool.tf +++ b/option/terraform/instance_pool.tf @@ -154,9 +154,9 @@ output "pooled_instances_hostname_labels" { } locals { - dns_ip = local.compute_public_ip + instance_pool_ip = oci_load_balancer.starter_pool_lb.ip_address_details[0].ip_address } -output "ui_url" { - value = format("http://%s", local.dns_ip) +output "pool_lb_url" { + value = format("http://%s", instance_pool_ip) } \ No newline at end of file diff --git a/option/terraform/tls.tf b/option/terraform/tls.j2.tf similarity index 68% rename from option/terraform/tls.tf rename to option/terraform/tls.j2.tf index cc3ba4d8..b57e94e7 100644 --- a/option/terraform/tls.tf +++ b/option/terraform/tls.j2.tf @@ -2,6 +2,16 @@ variable "dns_zone_name" { default="" } variable "dns_name" { default="" } variable "dns_ip" { default="" } +variable { +{%- if deploy == "compute" %} + dns_ip = local.compute_ip +{%- elif deploy == "instance_pool" %} + dns_ip = local.instance_pool_ip +{%- else %} + dns_ip = local.apigw_ip +{%- endif %} +} + resource "oci_dns_rrset" "starter_rrset" { count = var.dns_zone_name=="" ? 0 : 1 @@ -15,6 +25,6 @@ resource "oci_dns_rrset" "starter_rrset" { domain = var.dns_name rdata = var.dns_ip=="" ? local.dns_ip : var.dns_ip rtype = "A" - ttl = 3600 + ttl = 300 } } \ No newline at end of file diff --git a/py_oci_starter.py b/py_oci_starter.py index 80fb05af..0ac31e33 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -845,7 +845,7 @@ def create_output_dir(): cp_terraform_apigw("apigw_ci_append.tf") if params.get('tls'): - cp_terraform("tls.tf") + cp_terraform("tls.j2.tf") if params.get('tls') == 'new': output_copy_tree("option/tls/new", "src/tls") From bb26a1b5d5922820f79cff7ebdedf656f7916f50 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 22:38:31 +0100 Subject: [PATCH 012/176] v1.6 --- basis/bin/shared_bash_function.sh | 11 ++++++++++- option/tls/new/deploy_tls.sh | 5 +---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 8ed9efa4..eb2fcf6c 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -417,6 +417,13 @@ java_find_version() { fi } +certificate_validity() { + CERT_DATE_VALIDITY=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r '.data.items[0]["current-version-summary"].validity["time-of-validity-not-after"]'` + CERT_VALIDITY_DAY=`echo $((($(date -d $CERT_VALIDITY +%s) - $(date +%s))/86400))` + echo "Certificate valid until: $CERT_DATE_VALIDITY" + echo "Days left: $CERT_VALIDITY_DAY" +} + certificate_create() { echo "Creating certificate $TF_VAR_dns_name" CERT_CERT=$(cat $CERTIFICATE_PATH/cert.pem) @@ -441,7 +448,9 @@ certificate_path_before_terraform() { cp src/tls/nginx_tls.conf target/compute/. sed -i "s/##DNS_NAME##/$TF_VAR_dns_name/" target/compute/nginx_tls.conf fi - else + elif [ "$TF_VAR_certificate_ocid" == "" ]; then certificate_create + else + certificate_validity fi } diff --git a/option/tls/new/deploy_tls.sh b/option/tls/new/deploy_tls.sh index 0f83723f..f0973058 100644 --- a/option/tls/new/deploy_tls.sh +++ b/option/tls/new/deploy_tls.sh @@ -44,11 +44,8 @@ fi # XXXXX if [ "$TF_VAR_certificate_ocid" != "" ]; then - CERT_DATE_VALIDITY=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r '.data.items[0]["current-version-summary"].validity["time-of-validity-not-after"]'` - CERT_VALIDITY_DAY=`echo $((($(date -d $CERT_VALIDITY +%s) - $(date +%s))/86400))` echo "OCI Certificate for $TF_VAR_dns_name exists already. OCID: $TF_VAR_certificate_ocid" - echo "Certificate valid until: $CERT_DATE_VALIDITY" - echo "Days left: $CERT_VALIDITY_DAY" + certificate_validity echo "Done" exit else From f1115a3c08eec9f485547205d3b5dcb549419d3f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 22:41:52 +0100 Subject: [PATCH 013/176] v1.6 --- basis/bin/auto_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 98223723..82fd599d 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -144,7 +144,7 @@ else # TLS if [ -n $TF_VAR_dns_name ]; then - TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` + export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` fi # GIT From 24d4d12129c80921d60c1f0b97f9dfeda6a49184 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 22:50:41 +0100 Subject: [PATCH 014/176] v1.6 --- basis/bin/auto_env.sh | 2 +- basis/bin/shared_bash_function.sh | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 82fd599d..fba787e8 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -143,7 +143,7 @@ else fi # TLS - if [ -n $TF_VAR_dns_name ]; then + if [ -n $TF_VAR_dns_name ] && [-z TF_VAR_certificate_ocid ]; then export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` fi diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index eb2fcf6c..33cdf7fc 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -439,6 +439,9 @@ certificate_path_before_terraform() { echo "ERROR: certificate_path_before_terraform: TF_VAR_dns_name not defined" exit 1 fi + if [ -z $TF_VAR_certificate_ocid ]; then + export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` + fi if [ "$TF_VAR_deploy_strategy" == "compute" ]; then if [ -d target/compute/certificate ]; then echo "Certificate Directory exists already" From 16c9b6d54f10095449a012a2f93a6b5db6dcb85c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 22:52:02 +0100 Subject: [PATCH 015/176] v1.6 --- option/terraform/tls.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index b57e94e7..ff51866e 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -2,7 +2,7 @@ variable "dns_zone_name" { default="" } variable "dns_name" { default="" } variable "dns_ip" { default="" } -variable { +locals { {%- if deploy == "compute" %} dns_ip = local.compute_ip {%- elif deploy == "instance_pool" %} From f5cccaad73c4678032296e61cd0f6eafa01b55b8 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 22:52:39 +0100 Subject: [PATCH 016/176] v1.6 --- option/terraform/compute_append.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/option/terraform/compute_append.tf b/option/terraform/compute_append.tf index aba864fc..4e1fbdac 100644 --- a/option/terraform/compute_append.tf +++ b/option/terraform/compute_append.tf @@ -3,10 +3,6 @@ output "compute_ip" { value = local.compute_public_ip } -locals { - dns_ip = local.compute_public_ip -} - output "ui_url" { value = format("http://%s", local.compute_public_ip) } From 7e824a192d9fc1e5fcdb4afa48f6c95bc8aa6d0a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 19 Dec 2023 22:53:21 +0100 Subject: [PATCH 017/176] v1.6 --- option/terraform/instance_pool.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/instance_pool.tf b/option/terraform/instance_pool.tf index 8e2c03ad..01a865e3 100644 --- a/option/terraform/instance_pool.tf +++ b/option/terraform/instance_pool.tf @@ -158,5 +158,5 @@ locals { } output "pool_lb_url" { - value = format("http://%s", instance_pool_ip) + value = format("http://%s", local.instance_pool_ip) } \ No newline at end of file From 5794657daf37147ca8b6b8ca4383395fa3a2fdb9 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 10:01:07 +0100 Subject: [PATCH 018/176] v1.6 --- option/terraform/instance_pool.tf | 4 ++-- option/terraform/tls.j2.tf | 28 +++++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/option/terraform/instance_pool.tf b/option/terraform/instance_pool.tf index 01a865e3..2108125a 100644 --- a/option/terraform/instance_pool.tf +++ b/option/terraform/instance_pool.tf @@ -41,10 +41,10 @@ resource "oci_load_balancer_backend_set" "starter_pool_backend_set" { resource "oci_load_balancer_listener" "starter_pool_lb_listener" { load_balancer_id = oci_load_balancer.starter_pool_lb.id - name = "http" + name = "TCP-80" default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name port = 80 - protocol = "HTTP" + protocol = "TCP" } resource "oci_core_instance_configuration" "starter_instance_configuration" { diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index ff51866e..1fd96103 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -1,6 +1,7 @@ variable "dns_zone_name" { default="" } variable "dns_name" { default="" } variable "dns_ip" { default="" } +variable "certificate_ocid" { default="" } locals { {%- if deploy == "compute" %} @@ -27,4 +28,29 @@ resource "oci_dns_rrset" "starter_rrset" { rtype = "A" ttl = 300 } -} \ No newline at end of file +} + +{%- if deploy == "instance_pool" %} +resource "oci_load_balancer_listener" "test_listener" { + #Required + count = var.certificate_ocid=="" ? 0 : 1 + load_balancer_id = oci_load_balancer.starter_pool_lb.id + name = "TCP-443" + default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name + port = 443 + protocol = "TCP" + + ssl_configuration { + certificate_ids = [ var.certificate_ocid ] + cipher_suite_name = "oci-wider-compatible-ssl-cipher-suite-v1" + protocols = [ + "TLSv1", + "TLSv1.1", + "TLSv1.2" + ] + server_order_preference = "ENABLED" + verify_depth = 1 + verify_peer_certificate = false + } +} +{%- endif %} \ No newline at end of file From d142a101cf629fbaf1d8bb4c97bd9cb48f141ec7 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 10:40:53 +0100 Subject: [PATCH 019/176] v1.6 --- option/terraform/tls.j2.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index 1fd96103..50870249 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -1,7 +1,6 @@ variable "dns_zone_name" { default="" } variable "dns_name" { default="" } variable "dns_ip" { default="" } -variable "certificate_ocid" { default="" } locals { {%- if deploy == "compute" %} From de0cae2c5dde66beabdbccef8d2589b02551ebbf Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 11:12:32 +0100 Subject: [PATCH 020/176] v1.6 --- basis/bin/auto_env.sh | 2 +- basis/bin/shared_bash_function.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index fba787e8..062b6a5e 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -143,7 +143,7 @@ else fi # TLS - if [ -n $TF_VAR_dns_name ] && [-z TF_VAR_certificate_ocid ]; then + if [ -n $TF_VAR_dns_name ] && [ -z TF_VAR_certificate_ocid ]; then export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` fi diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 33cdf7fc..35bb6603 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -418,7 +418,7 @@ java_find_version() { } certificate_validity() { - CERT_DATE_VALIDITY=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r '.data.items[0]["current-version-summary"].validity["time-of-validity-not-after"]'` + CERT_DATE_VALIDITY=`oci certs-mgmt certificate get --certificate-id $TF_VAR_certificate_ocid | jq -r '.data["current-version"].validity["time-of-validity-not-after"]'` CERT_VALIDITY_DAY=`echo $((($(date -d $CERT_VALIDITY +%s) - $(date +%s))/86400))` echo "Certificate valid until: $CERT_DATE_VALIDITY" echo "Days left: $CERT_VALIDITY_DAY" From ff9cbe923ceb1d1fccf882bc1b8fc14b8e772873 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 12:11:50 +0100 Subject: [PATCH 021/176] v1.6 --- option/terraform/apigw.j2.tf | 7 +++---- option/terraform/apigw_fn_append.tf | 3 ++- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/option/terraform/apigw.j2.tf b/option/terraform/apigw.j2.tf index f0a1fdb2..d260c1ad 100644 --- a/option/terraform/apigw.j2.tf +++ b/option/terraform/apigw.j2.tf @@ -11,7 +11,7 @@ resource oci_apigateway_gateway starter_apigw { {%- if tls is defined %} count = var.certificate_ocid == "" ? 0 : 1 - certificate_id = certificate_ocid + certificate_id = var.certificate_ocid {%- endif %} } @@ -27,7 +27,6 @@ resource "oci_apigateway_api" "starter_api" { } locals { - apigw_ocid = oci_apigateway_gateway.starter_apigw.id + apigw_ocid = oci_apigateway_gateway.starter_apigw[0].id + apigw_ip = oci_apigateway_gateway.starter_apigw[0].ip_addresses[0].ip_address } - -certificate_id = \ No newline at end of file diff --git a/option/terraform/apigw_fn_append.tf b/option/terraform/apigw_fn_append.tf index 4b802047..40f862be 100644 --- a/option/terraform/apigw_fn_append.tf +++ b/option/terraform/apigw_fn_append.tf @@ -1,9 +1,10 @@ resource "oci_apigateway_deployment" "starter_apigw_deployment" { {%- if tls is defined %} - count = (var.fn_image == "" || var.certificate_ocid == "") && ? 0 : 1 + count = (var.fn_image == "" || var.certificate_ocid == "") ? 0 : 1 {%- else %} count = var.fn_image == "" ? 0 : 1 {%- endif %} + compartment_id = local.lz_appdev_cmp_ocid display_name = "${var.prefix}-apigw-deployment" gateway_id = local.apigw_ocid path_prefix = "/${var.prefix}" From 55d31f5fadeab27b472a4aa88269794416457b8f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 12:22:04 +0100 Subject: [PATCH 022/176] v1.6 --- basis/bin/shared_bash_function.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 35bb6603..0588b10b 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -243,7 +243,11 @@ get_ui_url() { export LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$DNS_IP'") | .id'` export UI_URL=http://${LB_IP}/${TF_VAR_prefix} elif [ "$TF_VAR_deploy_strategy" == "function" ] || [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then - export UI_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} + if [ "$TF_VAR_dns_name" == "" ]; then + export UI_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} + else + export UI_URL=https://${TF_VAR_dns_name}/${TF_VAR_prefix} + fi fi } From f27e885f71dc72b1ba9dd8b71b9c5b475174243f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 17:55:21 +0100 Subject: [PATCH 023/176] v1.6 --- option/terraform/apigw.j2.tf | 4 ++-- option/terraform/apigw_ci_append.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/option/terraform/apigw.j2.tf b/option/terraform/apigw.j2.tf index d260c1ad..6e9cffa5 100644 --- a/option/terraform/apigw.j2.tf +++ b/option/terraform/apigw.j2.tf @@ -27,6 +27,6 @@ resource "oci_apigateway_api" "starter_api" { } locals { - apigw_ocid = oci_apigateway_gateway.starter_apigw[0].id - apigw_ip = oci_apigateway_gateway.starter_apigw[0].ip_addresses[0].ip_address + apigw_ocid = try(oci_apigateway_gateway.starter_apigw[0].id, "") + apigw_ip = try(oci_apigateway_gateway.starter_apigw[0].ip_addresses[0].ip_address,"") } diff --git a/option/terraform/apigw_ci_append.tf b/option/terraform/apigw_ci_append.tf index 066491a3..464222d4 100644 --- a/option/terraform/apigw_ci_append.tf +++ b/option/terraform/apigw_ci_append.tf @@ -4,7 +4,7 @@ locals { resource "oci_apigateway_deployment" "starter_apigw_deployment" { {%- if tls is defined %} - count = (var.docker_image_ui == "" || var.certificate_ocid == "") && ? 0 : 1 + count = (var.docker_image_ui == "" || var.certificate_ocid == "") ? 0 : 1 {%- else %} count = var.docker_image_ui == "" ? 0 : 1 {%- endif %} From a5b485644e43ba350f73f53bd3c38d9551cf42e3 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 18:00:11 +0100 Subject: [PATCH 024/176] v1.6 --- basis/bin/shared_bash_function.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 0588b10b..52e286d0 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -423,7 +423,7 @@ java_find_version() { certificate_validity() { CERT_DATE_VALIDITY=`oci certs-mgmt certificate get --certificate-id $TF_VAR_certificate_ocid | jq -r '.data["current-version"].validity["time-of-validity-not-after"]'` - CERT_VALIDITY_DAY=`echo $((($(date -d $CERT_VALIDITY +%s) - $(date +%s))/86400))` + CERT_VALIDITY_DAY=`echo $((($(date -d $CERT_DATE_VALIDITY +%s) - $(date +%s))/86400))` echo "Certificate valid until: $CERT_DATE_VALIDITY" echo "Days left: $CERT_VALIDITY_DAY" } From 5efb93ecc345cc4fa3cec908f4ea68c052d3aac9 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 18:32:50 +0100 Subject: [PATCH 025/176] v1.6 --- basis/bin/shared_bash_function.sh | 2 +- .../terraform/apigw_kubernetes_tls_append.tf | 64 +++++++++++++++++++ py_oci_starter.py | 2 + 3 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 option/terraform/apigw_kubernetes_tls_append.tf diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 52e286d0..0238dc1a 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -243,7 +243,7 @@ get_ui_url() { export LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$DNS_IP'") | .id'` export UI_URL=http://${LB_IP}/${TF_VAR_prefix} elif [ "$TF_VAR_deploy_strategy" == "function" ] || [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then - if [ "$TF_VAR_dns_name" == "" ]; then + if [ "$TF_VAR_certificate_ocid" == "" ]; then export UI_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} else export UI_URL=https://${TF_VAR_dns_name}/${TF_VAR_prefix} diff --git a/option/terraform/apigw_kubernetes_tls_append.tf b/option/terraform/apigw_kubernetes_tls_append.tf new file mode 100644 index 00000000..9e05e911 --- /dev/null +++ b/option/terraform/apigw_kubernetes_tls_append.tf @@ -0,0 +1,64 @@ +locals { + apigw_dest_private_ip = local.compute_private_ip +} + +resource "oci_apigateway_deployment" "starter_apigw_deployment" { +{%- if tls is defined %} + count = var.certificate_ocid == "" ? 0 : 1 +{%- endif %} + compartment_id = local.lz_appdev_cmp_ocid + display_name = "${var.prefix}-apigw-deployment" + gateway_id = local.apigw_ocid + path_prefix = "/${var.prefix}" + specification { + routes { + path = "/app/{pathname*}" + methods = [ "ANY" ] + backend { + type = "HTTP_BACKEND" + url = "##APP_URL##" + } + } + } + freeform_tags = local.api_tags +} + +/* +resource oci_logging_log starter_apigw_deployment_execution { + count = var.log_group_ocid == "" ? 0 : 1 + log_group_id = var.log_group_ocid + configuration { + compartment_id = local.lz_appdev_cmp_ocid + source { + category = "execution" + resource = oci_apigateway_deployment.starter_apigw_deployment.id + service = "apigateway" + source_type = "OCISERVICE" + } + } + display_name = "${var.prefix}-apigw-deployment-execution" + freeform_tags = local.freeform_tags + is_enabled = "true" + log_type = "SERVICE" + retention_duration = "30" +} + +resource oci_logging_log starter_apigw_deployment_access { + count = var.log_group_ocid == "" ? 0 : 1 + log_group_id = var.log_group_ocid + configuration { + compartment_id = local.lz_appdev_cmp_ocid + source { + category = "access" + resource = oci_apigateway_deployment.starter_apigw_deployment.id + service = "apigateway" + source_type = "OCISERVICE" + } + } + display_name = "${var.prefix}-apigw-deployment-access" + freeform_tags = local.freeform_tags + is_enabled = "true" + log_type = "SERVICE" + retention_duration = "30" +} +*/ \ No newline at end of file diff --git a/py_oci_starter.py b/py_oci_starter.py index 0ac31e33..6e079787 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -846,6 +846,8 @@ def create_output_dir(): if params.get('tls'): cp_terraform("tls.j2.tf") + if params.get('deploy') == 'kubernetes': + cp_terraform_apigw("apigw_kubernetes_tls_append.tf") if params.get('tls') == 'new': output_copy_tree("option/tls/new", "src/tls") From 3d2006d61a170fb5757a2adc12b8282416cef839 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 18:41:34 +0100 Subject: [PATCH 026/176] v1.6 --- basis/bin/shared_bash_function.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 0238dc1a..419a9ed1 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -239,9 +239,9 @@ get_ui_url() { elif [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then get_output_from_tfstate UI_URL pool_lb_url elif [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then - export DNS_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - export LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$DNS_IP'") | .id'` - export UI_URL=http://${LB_IP}/${TF_VAR_prefix} + # export INGRESS_LB_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + # export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$INGRESS_LB_IP'") | .id'` + export UI_URL=http://${INGRESS_LB_OCID}/${TF_VAR_prefix} elif [ "$TF_VAR_deploy_strategy" == "function" ] || [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then if [ "$TF_VAR_certificate_ocid" == "" ]; then export UI_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} From e014b2dcccf1ce7e98743bcc32b0be1d95b24862 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 19:00:46 +0100 Subject: [PATCH 027/176] v1.6 --- .../terraform/apigw_kubernetes_tls_append.tf | 54 ++----------------- 1 file changed, 5 insertions(+), 49 deletions(-) diff --git a/option/terraform/apigw_kubernetes_tls_append.tf b/option/terraform/apigw_kubernetes_tls_append.tf index 9e05e911..07264fc8 100644 --- a/option/terraform/apigw_kubernetes_tls_append.tf +++ b/option/terraform/apigw_kubernetes_tls_append.tf @@ -1,64 +1,20 @@ -locals { - apigw_dest_private_ip = local.compute_private_ip -} +variable ingress_ip { default="" } resource "oci_apigateway_deployment" "starter_apigw_deployment" { -{%- if tls is defined %} - count = var.certificate_ocid == "" ? 0 : 1 -{%- endif %} + count = var.ingress_ip == "" ? 0 : 1 compartment_id = local.lz_appdev_cmp_ocid display_name = "${var.prefix}-apigw-deployment" gateway_id = local.apigw_ocid path_prefix = "/${var.prefix}" specification { routes { - path = "/app/{pathname*}" + path = "/{pathname*}" methods = [ "ANY" ] backend { type = "HTTP_BACKEND" - url = "##APP_URL##" + url = "http://${var.ingress_ip}" } } } freeform_tags = local.api_tags -} - -/* -resource oci_logging_log starter_apigw_deployment_execution { - count = var.log_group_ocid == "" ? 0 : 1 - log_group_id = var.log_group_ocid - configuration { - compartment_id = local.lz_appdev_cmp_ocid - source { - category = "execution" - resource = oci_apigateway_deployment.starter_apigw_deployment.id - service = "apigateway" - source_type = "OCISERVICE" - } - } - display_name = "${var.prefix}-apigw-deployment-execution" - freeform_tags = local.freeform_tags - is_enabled = "true" - log_type = "SERVICE" - retention_duration = "30" -} - -resource oci_logging_log starter_apigw_deployment_access { - count = var.log_group_ocid == "" ? 0 : 1 - log_group_id = var.log_group_ocid - configuration { - compartment_id = local.lz_appdev_cmp_ocid - source { - category = "access" - resource = oci_apigateway_deployment.starter_apigw_deployment.id - service = "apigateway" - source_type = "OCISERVICE" - } - } - display_name = "${var.prefix}-apigw-deployment-access" - freeform_tags = local.freeform_tags - is_enabled = "true" - log_type = "SERVICE" - retention_duration = "30" -} -*/ \ No newline at end of file +} \ No newline at end of file From 00c130d919f547f555026e840f77cabc7bcdd05f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 20:31:52 +0100 Subject: [PATCH 028/176] v1.6 --- basis/bin/auto_env.sh | 4 +++- basis/bin/build_all.sh | 2 ++ basis/bin/shared_bash_function.sh | 8 ++++++++ option/oke/oke_deploy.sh | 16 ++++++++-------- option/terraform/apigw_kubernetes_tls_append.tf | 2 +- 5 files changed, 22 insertions(+), 10 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 062b6a5e..cff4ebee 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -143,7 +143,7 @@ else fi # TLS - if [ -n $TF_VAR_dns_name ] && [ -z TF_VAR_certificate_ocid ]; then + if [ -n $TF_VAR_dns_name ] && [ -z $TF_VAR_certificate_ocid ]; then export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` fi @@ -239,6 +239,8 @@ if [ -f $STATE_FILE ]; then if [ "$TF_VAR_deploy_strategy" == "kubernetes" ] || [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then # OKE get_output_from_tfstate "OKE_OCID" "oke_ocid" + export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$TF_VAR_ingress_ip'") | .id'` fi # JMS diff --git a/basis/bin/build_all.sh b/basis/bin/build_all.sh index 222a6fe0..006d2aed 100755 --- a/basis/bin/build_all.sh +++ b/basis/bin/build_all.sh @@ -75,6 +75,8 @@ elif [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then exit_on_error fi +certificate_post_ingress + $BIN_DIR/add_api_portal.sh title "Done" diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 419a9ed1..e42d9b13 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -461,3 +461,11 @@ certificate_path_before_terraform() { certificate_validity fi } + +certificate_post_ingress() { + if [ -z $TF_VAR_certificate_ocid ]; then + if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then + infra_as_code_apply + fi + fi +} diff --git a/option/oke/oke_deploy.sh b/option/oke/oke_deploy.sh index a488e64c..1389319b 100755 --- a/option/oke/oke_deploy.sh +++ b/option/oke/oke_deploy.sh @@ -17,11 +17,11 @@ if [ ! -f $KUBECONFIG ]; then kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=240s kubectl wait --namespace ingress-nginx --for=condition=Complete job/ingress-nginx-admission-patch # Wait for the ingress external IP - external_ip="" - while [ -z $external_ip ]; do + INGRESS_LB_IP="" + while [ -z $INGRESS_LB_IP ]; do echo "Waiting for external IP..." - external_ip=$(kubectl get svc -n ingress-nginx ingress-nginx-controller --template="{{range .status.loadBalancer.ingress}}{{.ip}}{{end}}") - if [ -z "$external_ip" ]; then + INGRESS_LB_IP=$(kubectl get svc -n ingress-nginx ingress-nginx-controller --template="{{range .status.loadBalancer.ingress}}{{.ip}}{{end}}") + if [ -z "$INGRESS_LB_IP" ]; then sleep 10 fi done @@ -29,12 +29,12 @@ if [ ! -f $KUBECONFIG ]; then date kubectl get all -n ingress-nginx sleep 5 - echo "Ingress ready: $external_ip" + echo "Ingress ready: $INGRESS_LB_IP" # Create secrets kubectl create secret docker-registry ocirsecret --docker-server=$TF_VAR_ocir --docker-username="$TF_VAR_namespace/$TF_VAR_username" --docker-password="$TF_VAR_auth_token" --docker-email="$TF_VAR_email" # XXXX - This should be by date - kubectl delete secret ${TF_VAR_prefix}-db-secret + kubectl delete secret ${TF_VAR_prefix}-db-secret --ignore-not-found=true kubectl create secret generic ${TF_VAR_prefix}-db-secret --from-literal=db_user=$TF_VAR_db_user --from-literal=db_password=$TF_VAR_db_password --from-literal=db_url=$DB_URL --from-literal=jdbc_url=$JDBC_URL --from-literal=spring_application_json='{ "db.info": "Java - SpringBoot" }' fi @@ -48,8 +48,8 @@ sed -i "s&##ORDS_HOST##&$ORDS_HOST&" $TARGET_DIR/app.yaml sed "s&##ORDS_HOST##&$ORDS_HOST&" src/oke/ingress-app.yaml > $TARGET_DIR/ingress-app.yaml # delete the old pod, just to be sure a new image is pulled -kubectl delete pod ${TF_VAR_prefix}-ui -kubectl delete deployment ${TF_VAR_prefix}-dep +kubectl delete pod ${TF_VAR_prefix}-ui --ignore-not-found=true +kubectl delete deployment ${TF_VAR_prefix}-dep --ignore-not-found=true # Wait to be sure that the deployment is deleted before to recreate kubectl wait --for=delete deployment/${TF_VAR_prefix}-dep --timeout=30s diff --git a/option/terraform/apigw_kubernetes_tls_append.tf b/option/terraform/apigw_kubernetes_tls_append.tf index 07264fc8..4f075807 100644 --- a/option/terraform/apigw_kubernetes_tls_append.tf +++ b/option/terraform/apigw_kubernetes_tls_append.tf @@ -12,7 +12,7 @@ resource "oci_apigateway_deployment" "starter_apigw_deployment" { methods = [ "ANY" ] backend { type = "HTTP_BACKEND" - url = "http://${var.ingress_ip}" + url = "http://${var.ingress_ip}/${var.prefix}/${request.path[pathname]}" } } } From 44711b0805f6a80e8ffedb4bdf8c28e3229a8f19 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 20:32:29 +0100 Subject: [PATCH 029/176] v1.6 --- basis/bin/shared_bash_function.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index e42d9b13..558069a5 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -463,7 +463,7 @@ certificate_path_before_terraform() { } certificate_post_ingress() { - if [ -z $TF_VAR_certificate_ocid ]; then + if [ -n $TF_VAR_certificate_ocid ]; then if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then infra_as_code_apply fi From a1d22ed3e27b56a2e5976bad4b3f8f92c90f6fdf Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 20 Dec 2023 22:23:23 +0100 Subject: [PATCH 030/176] v1.6 --- basis/bin/done.sh | 3 +++ basis/bin/shared_bash_function.sh | 10 ++++++---- option/terraform/apigw_kubernetes_tls_append.tf | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/basis/bin/done.sh b/basis/bin/done.sh index de0f115a..7eb52e05 100755 --- a/basis/bin/done.sh +++ b/basis/bin/done.sh @@ -56,6 +56,9 @@ if [ ! -z "$UI_URL" ]; then if [ "$TF_VAR_ui_strategy" != "api" ]; then echo - User Interface: $UI_URL/ fi + if [ "$UI_HTTPS" != "" ]; then + echo - HTTPS : $UI_HTTPS/ + fi for APP_DIR in `app_dir_list`; do if [ -f $PROJECT_DIR/src/$APP_DIR/openapi_spec.yaml ]; then python3 $BIN_DIR/openapi_list.py $PROJECT_DIR/src/$APP_DIR/openapi_spec.yaml $UI_URL diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 558069a5..9d3fb8de 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -239,9 +239,10 @@ get_ui_url() { elif [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then get_output_from_tfstate UI_URL pool_lb_url elif [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then - # export INGRESS_LB_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - # export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$INGRESS_LB_IP'") | .id'` - export UI_URL=http://${INGRESS_LB_OCID}/${TF_VAR_prefix} + export UI_URL=http://${TF_VAR_ingress_ip}/${TF_VAR_prefix} + if [ "$TF_VAR_certificate_ocid" != "" ]; then + export UI_HTTPS=https://${TF_VAR_dns_name}/${TF_VAR_prefix} + fi elif [ "$TF_VAR_deploy_strategy" == "function" ] || [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then if [ "$TF_VAR_certificate_ocid" == "" ]; then export UI_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} @@ -465,7 +466,8 @@ certificate_path_before_terraform() { certificate_post_ingress() { if [ -n $TF_VAR_certificate_ocid ]; then if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then - infra_as_code_apply + src/terraform/apply.sh --auto-approve -no-color + exit_on_error fi fi } diff --git a/option/terraform/apigw_kubernetes_tls_append.tf b/option/terraform/apigw_kubernetes_tls_append.tf index 4f075807..c3b7873f 100644 --- a/option/terraform/apigw_kubernetes_tls_append.tf +++ b/option/terraform/apigw_kubernetes_tls_append.tf @@ -12,7 +12,7 @@ resource "oci_apigateway_deployment" "starter_apigw_deployment" { methods = [ "ANY" ] backend { type = "HTTP_BACKEND" - url = "http://${var.ingress_ip}/${var.prefix}/${request.path[pathname]}" + url = "http://${var.ingress_ip}/${var.prefix}/$${request.path[pathname]}" } } } From 405a9f5e5c86b90fd84bc76dd8c71119fcb5f1f3 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 08:58:29 +0100 Subject: [PATCH 031/176] v1.6 --- basis/bin/done.sh | 4 ++-- basis/bin/shared_bash_function.sh | 24 +++++++++++++------ option/oke/ingress-app.yaml | 2 +- option/oke/ingress-ui.yaml | 2 +- option/src/app/apex/ingress-app.yaml | 2 +- option/src/app/java_tomcat/ingress-app.yaml | 2 +- option/src/app/ords/ingress-app.yaml | 2 +- .../terraform/apigw_kubernetes_tls_append.tf | 4 ++-- option/terraform/compute_append.tf | 4 ---- option/terraform/instance_pool.tf | 6 ++--- option/terraform/tls.j2.tf | 2 +- 11 files changed, 30 insertions(+), 24 deletions(-) diff --git a/basis/bin/done.sh b/basis/bin/done.sh index 7eb52e05..1637d622 100755 --- a/basis/bin/done.sh +++ b/basis/bin/done.sh @@ -56,8 +56,8 @@ if [ ! -z "$UI_URL" ]; then if [ "$TF_VAR_ui_strategy" != "api" ]; then echo - User Interface: $UI_URL/ fi - if [ "$UI_HTTPS" != "" ]; then - echo - HTTPS : $UI_HTTPS/ + if [ "$UI_HTTP" != "" ]; then + echo - HTTP : $UI_HTTP/ fi for APP_DIR in `app_dir_list`; do if [ -f $PROJECT_DIR/src/$APP_DIR/openapi_spec.yaml ]; then diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 9d3fb8de..e8b1c41a 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -235,19 +235,29 @@ get_user_details() { # Get the user interface URL get_ui_url() { if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - get_output_from_tfstate UI_URL ui_url + export UI_URL=http://${COMPUTE_IP} + if [ "$TF_VAR_certificate_ocid" != "" ]; then + export UI_HTTP=$UI_URL + export UI_URL=https://${TF_VAR_dns_name} + fi elif [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then - get_output_from_tfstate UI_URL pool_lb_url + get_output_from_tfstate INSTANCE_POOL_LB_IP instance_pool_lb_ip + export UI_URL=http://${INSTANCE_POOL_LB_IP} + if [ "$TF_VAR_certificate_ocid" != "" ]; then + export UI_HTTP=$UI_URL + export UI_URL=https://${TF_VAR_dns_name} + fi elif [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then export UI_URL=http://${TF_VAR_ingress_ip}/${TF_VAR_prefix} if [ "$TF_VAR_certificate_ocid" != "" ]; then - export UI_HTTPS=https://${TF_VAR_dns_name}/${TF_VAR_prefix} + export UI_HTTP=$UI_URL + export UI_URL=https://${TF_VAR_dns_name}/${TF_VAR_prefix} fi elif [ "$TF_VAR_deploy_strategy" == "function" ] || [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then - if [ "$TF_VAR_certificate_ocid" == "" ]; then - export UI_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} - else - export UI_URL=https://${TF_VAR_dns_name}/${TF_VAR_prefix} + export UI_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} + if [ "$TF_VAR_certificate_ocid" != "" ]; then + export UI_HTTP=$UI_URL + export UI_URL=https://${TF_VAR_dns_name}/${TF_VAR_prefix} fi fi } diff --git a/option/oke/ingress-app.yaml b/option/oke/ingress-app.yaml index ba5a85ac..bbedf31a 100644 --- a/option/oke/ingress-app.yaml +++ b/option/oke/ingress-app.yaml @@ -4,7 +4,7 @@ kind: Ingress metadata: name: ##PREFIX##-app-ingress annotations: - kubernetes.io/ingress.class: "nginx" + spec.ingressClassName: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /$2 # nginx.ingress.kubernetes.io/affinity: "cookie" # nginx.ingress.kubernetes.io/session-cookie-path: "/" diff --git a/option/oke/ingress-ui.yaml b/option/oke/ingress-ui.yaml index 0cfc7181..2a5659d5 100644 --- a/option/oke/ingress-ui.yaml +++ b/option/oke/ingress-ui.yaml @@ -3,7 +3,7 @@ kind: Ingress metadata: name: ##PREFIX##-ui-ingress annotations: - kubernetes.io/ingress.class: "nginx" + spec.ingressClassName: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/rewrite-target: /$2 spec: diff --git a/option/src/app/apex/ingress-app.yaml b/option/src/app/apex/ingress-app.yaml index a6e84364..e1990851 100644 --- a/option/src/app/apex/ingress-app.yaml +++ b/option/src/app/apex/ingress-app.yaml @@ -3,7 +3,7 @@ kind: Ingress metadata: name: ##PREFIX##-app-ingress annotations: - kubernetes.io/ingress.class: "nginx" + spec.ingressClassName: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /ords/r/apex_app/apex_app/$2 nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/upstream-vhost: "##ORDS_HOST##" diff --git a/option/src/app/java_tomcat/ingress-app.yaml b/option/src/app/java_tomcat/ingress-app.yaml index 3158112b..6b14db26 100644 --- a/option/src/app/java_tomcat/ingress-app.yaml +++ b/option/src/app/java_tomcat/ingress-app.yaml @@ -4,7 +4,7 @@ kind: Ingress metadata: name: ##PREFIX##-app-ingress annotations: - kubernetes.io/ingress.class: "nginx" + spec.ingressClassName: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /starter-1.0/$2 spec: rules: diff --git a/option/src/app/ords/ingress-app.yaml b/option/src/app/ords/ingress-app.yaml index 4cabfd68..77cd5833 100644 --- a/option/src/app/ords/ingress-app.yaml +++ b/option/src/app/ords/ingress-app.yaml @@ -3,7 +3,7 @@ kind: Ingress metadata: name: ##PREFIX##-app-ingress annotations: - kubernetes.io/ingress.class: "nginx" + spec.ingressClassName: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /ords/starter/module/$2 nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/upstream-vhost: "##ORDS_HOST##" diff --git a/option/terraform/apigw_kubernetes_tls_append.tf b/option/terraform/apigw_kubernetes_tls_append.tf index c3b7873f..a7748a35 100644 --- a/option/terraform/apigw_kubernetes_tls_append.tf +++ b/option/terraform/apigw_kubernetes_tls_append.tf @@ -5,14 +5,14 @@ resource "oci_apigateway_deployment" "starter_apigw_deployment" { compartment_id = local.lz_appdev_cmp_ocid display_name = "${var.prefix}-apigw-deployment" gateway_id = local.apigw_ocid - path_prefix = "/${var.prefix}" + path_prefix = "/" specification { routes { path = "/{pathname*}" methods = [ "ANY" ] backend { type = "HTTP_BACKEND" - url = "http://${var.ingress_ip}/${var.prefix}/$${request.path[pathname]}" + url = "http://${var.ingress_ip}/$${request.path[pathname]}" } } } diff --git a/option/terraform/compute_append.tf b/option/terraform/compute_append.tf index 4e1fbdac..3c30e49b 100644 --- a/option/terraform/compute_append.tf +++ b/option/terraform/compute_append.tf @@ -2,7 +2,3 @@ output "compute_ip" { value = local.compute_public_ip } - -output "ui_url" { - value = format("http://%s", local.compute_public_ip) -} diff --git a/option/terraform/instance_pool.tf b/option/terraform/instance_pool.tf index 2108125a..6a5251ba 100644 --- a/option/terraform/instance_pool.tf +++ b/option/terraform/instance_pool.tf @@ -154,9 +154,9 @@ output "pooled_instances_hostname_labels" { } locals { - instance_pool_ip = oci_load_balancer.starter_pool_lb.ip_address_details[0].ip_address + instance_pool_lb_ip = oci_load_balancer.starter_pool_lb.ip_address_details[0].ip_address } -output "pool_lb_url" { - value = format("http://%s", local.instance_pool_ip) +output "instance_pool_lb_ip" { + value = local.instance_pool_lb_ip } \ No newline at end of file diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index 50870249..bb8f2e60 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -6,7 +6,7 @@ locals { {%- if deploy == "compute" %} dns_ip = local.compute_ip {%- elif deploy == "instance_pool" %} - dns_ip = local.instance_pool_ip + dns_ip = local.instance_pool_lb_ip {%- else %} dns_ip = local.apigw_ip {%- endif %} From e416ce933ef8ac86154963d6b769832f9e1a8b77 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 09:30:09 +0100 Subject: [PATCH 032/176] v1.6 --- basis/bin/build_all.sh | 2 +- basis/bin/shared_bash_function.sh | 43 ++++++++++- .../tls/new/{tls_init.sh => certbot_init.sh} | 0 option/tls/new/deploy_tls.sh | 75 ------------------- py_oci_starter.py | 1 - 5 files changed, 40 insertions(+), 81 deletions(-) rename option/tls/new/{tls_init.sh => certbot_init.sh} (100%) delete mode 100644 option/tls/new/deploy_tls.sh diff --git a/basis/bin/build_all.sh b/basis/bin/build_all.sh index 006d2aed..022d229f 100755 --- a/basis/bin/build_all.sh +++ b/basis/bin/build_all.sh @@ -75,7 +75,7 @@ elif [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then exit_on_error fi -certificate_post_ingress +certificate_post_deploy $BIN_DIR/add_api_portal.sh diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index e8b1c41a..fe82db78 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -450,7 +450,7 @@ certificate_create() { } certificate_path_before_terraform() { - if [ -z $TF_VAR_dns_name ]; then + if [ $"TF_VAR_dns_name" == "" ]; then echo "ERROR: certificate_path_before_terraform: TF_VAR_dns_name not defined" exit 1 fi @@ -466,18 +466,53 @@ certificate_path_before_terraform() { cp src/tls/nginx_tls.conf target/compute/. sed -i "s/##DNS_NAME##/$TF_VAR_dns_name/" target/compute/nginx_tls.conf fi - elif [ "$TF_VAR_certificate_ocid" == "" ]; then + elif [ "$TF_VAR_certificate_ocid" == "" ] && [ "$CERTIFICATE_PATH" != "" ] ; then certificate_create - else + elif [ "$TF_VAR_certificate_ocid" != "" ] certificate_validity + else + echo "Certificate will be created after the deployment." fi } -certificate_post_ingress() { +# Certificate - Post Deploy +certificate_post_deploy() { if [ -n $TF_VAR_certificate_ocid ]; then if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then src/terraform/apply.sh --auto-approve -no-color exit_on_error fi + else + if [ "$TF_VAR_deploy_strategy" == "compute" ]; then + certificate_run_certbot + else + ### XXXX ### Everything except compute ### + if [ "$CERTIFICATE_PATH" == "" ]; then + certificate_run_certbot + fi + certificate_create + src/terraform/apply.sh --auto-approve -no-color + exit_on_error + fi fi } + +# Generate a certificate on compute or bastion +certificate_run_certbot() +{ + if [ -z "$CERTIFICATE_GENERATE_EMAIL" ]; then + echo "Error: CERTIFICATE_GENERATE_EMAIL is not defined." + exit 1 + fi + if [ "$TF_VAR_deploy_strategy" == "compute" ]; then + # Generate the certificate with Let'Encrypt on the COMPUTE + TLS_IP=$COMPUTE_IP + else + # Generate the certificate with Let'Encrypt on the BASTION + TLS_IP=$BASTION_IP + fi + scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path bin/tls opc@$TLS_IP:/home/opc/. + ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_GENERATE_DNS=\"$CERTIFICATE_GENERATE_EMAIL\"; bash tls/certbot_init.sh 2>&1 | tee -a tls/certbot_init.log" + scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP:tls/certificate target/. + export CERTIFICATE_PATH=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name +} diff --git a/option/tls/new/tls_init.sh b/option/tls/new/certbot_init.sh similarity index 100% rename from option/tls/new/tls_init.sh rename to option/tls/new/certbot_init.sh diff --git a/option/tls/new/deploy_tls.sh b/option/tls/new/deploy_tls.sh deleted file mode 100644 index f0973058..00000000 --- a/option/tls/new/deploy_tls.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/bash -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -cd $SCRIPT_DIR/.. -. env.sh -silent - -# Generate a certificate on compute or bastion -generate_certificate() -{ - if [ -z "$CERTIFICATE_GENERATE_EMAIL" ]; then - echo "Error: CERTIFICATE_GENERATE_EMAIL is not defined." - exit 1 - fi - if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - # Generate the certificate with Let'Encrypt on the COMPUTE - TLS_IP=$COMPUTE_IP - else - # Generate the certificate with Let'Encrypt on the BASTION - TLS_IP=$BASTION_IP - fi - scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path bin/tls opc@$TLS_IP:/home/opc/. - ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_GENERATE_DNS=\"$CERTIFICATE_GENERATE_EMAIL\"; bash tls/tls_init.sh 2>&1 | tee -a tls/tls_init.log" - scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP:tls/certificate target/. - export CERTIFICATE_PATH=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name -} - -if [ -z $TF_VAR_dns_name ]; then - echo "Error: TF_VAR_dns_name is not defined." - exit 1 -fi - -# Associate the IP with the DNS -# Done in Terraform - -# For compute, it is simpler. Generate a new certificate on the compute. Done. -if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - generate_certificate - exit -fi - -# XXXXX -# Maybe check -# - if the validaty is more than 15 days then do nothing -# - else refresh the certificate -# XXXXX - -if [ "$TF_VAR_certificate_ocid" != "" ]; then - echo "OCI Certificate for $TF_VAR_dns_name exists already. OCID: $TF_VAR_certificate_ocid" - certificate_validity - echo "Done" - exit -else - if [ -z "$CERTIFICATE_PATH" ]; then - # Generate the certificate with Let'Encrypt ? - generate_certificate - fi - certificate_create -fi - -# Use the certificate in the compute/APIGW/or LB based on the type of deployment -if [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then - echo "Attach the certificate to the LB" - # Attach the certificate to the LB - # terraform apply ? -else - echo "Attach the certificate to APIGW" - if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then - # Modify the APIGW in front of the instacnce with the certificate - export INGRESS_LB_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$LB_IP'") | .id'` - fi - # Modify the APIGW in front with the certificate - # terraform apply -fi - - diff --git a/py_oci_starter.py b/py_oci_starter.py index 6e079787..aff63a67 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -612,7 +612,6 @@ def cp_terraform(file1, file2=None, file3=None): if file3 is not None: append_file( output_dir + "/src/terraform/"+file1, "option/terraform/"+file3 ) - def output_copy_tree(src, target): copy_tree(src, output_dir + os.sep + target) From d91a84997217754b276770f0708eeb1f2c0e2a22 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 10:31:08 +0100 Subject: [PATCH 033/176] v1.6 --- basis/bin/shared_bash_function.sh | 2 +- option/oke/oke_deploy.sh | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index fe82db78..6209d8e1 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -468,7 +468,7 @@ certificate_path_before_terraform() { fi elif [ "$TF_VAR_certificate_ocid" == "" ] && [ "$CERTIFICATE_PATH" != "" ] ; then certificate_create - elif [ "$TF_VAR_certificate_ocid" != "" ] + elif [ "$TF_VAR_certificate_ocid" != "" ]; then certificate_validity else echo "Certificate will be created after the deployment." diff --git a/option/oke/oke_deploy.sh b/option/oke/oke_deploy.sh index 1389319b..95b7a519 100755 --- a/option/oke/oke_deploy.sh +++ b/option/oke/oke_deploy.sh @@ -43,9 +43,11 @@ sed "s&##DOCKER_PREFIX##&${DOCKER_PREFIX}&" src/app/app.yaml > $TARGET_DIR/app.y sed "s&##DOCKER_PREFIX##&${DOCKER_PREFIX}&" src/ui/ui.yaml > $TARGET_DIR/ui.yaml # If present, replace the ORDS URL -ORDS_HOST=`basename $(dirname $ORDS_URL)` -sed -i "s&##ORDS_HOST##&$ORDS_HOST&" $TARGET_DIR/app.yaml -sed "s&##ORDS_HOST##&$ORDS_HOST&" src/oke/ingress-app.yaml > $TARGET_DIR/ingress-app.yaml +if [ "$ORDS_URL" != "" ]; then + ORDS_HOST=`basename $(dirname $ORDS_URL)` + sed -i "s&##ORDS_HOST##&$ORDS_HOST&" $TARGET_DIR/app.yaml + sed "s&##ORDS_HOST##&$ORDS_HOST&" src/oke/ingress-app.yaml > $TARGET_DIR/ingress-app.yaml +fi # delete the old pod, just to be sure a new image is pulled kubectl delete pod ${TF_VAR_prefix}-ui --ignore-not-found=true From f149cc5bd70fd7891d5bbbce710ad77ae537982b Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 11:23:20 +0100 Subject: [PATCH 034/176] v1.6 --- basis/bin/build_all.sh | 6 +++++- basis/bin/shared_bash_function.sh | 1 + option/oke/ingress-app.yaml | 2 +- option/oke/ingress-ui.yaml | 2 +- option/src/app/apex/ingress-app.yaml | 2 +- option/src/app/java_tomcat/ingress-app.yaml | 2 +- option/src/app/ords/ingress-app.yaml | 2 +- 7 files changed, 11 insertions(+), 6 deletions(-) diff --git a/basis/bin/build_all.sh b/basis/bin/build_all.sh index 022d229f..3aaec490 100755 --- a/basis/bin/build_all.sh +++ b/basis/bin/build_all.sh @@ -16,6 +16,7 @@ if [ "$TF_VAR_ssh_private_path" == "" ]; then fi if [ -n "$CERTIFICATE_PATH" ]; then + title "Certificate" certificate_path_before_terraform fi @@ -75,7 +76,10 @@ elif [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then exit_on_error fi -certificate_post_deploy +if [ -n "$TF_VAR_dns_name" ]; then + title "Certificate - Post Deploy" + certificate_post_deploy +fi $BIN_DIR/add_api_portal.sh diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 6209d8e1..39d0ecb0 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -248,6 +248,7 @@ get_ui_url() { export UI_URL=https://${TF_VAR_dns_name} fi elif [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then + export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` export UI_URL=http://${TF_VAR_ingress_ip}/${TF_VAR_prefix} if [ "$TF_VAR_certificate_ocid" != "" ]; then export UI_HTTP=$UI_URL diff --git a/option/oke/ingress-app.yaml b/option/oke/ingress-app.yaml index bbedf31a..ba5a85ac 100644 --- a/option/oke/ingress-app.yaml +++ b/option/oke/ingress-app.yaml @@ -4,7 +4,7 @@ kind: Ingress metadata: name: ##PREFIX##-app-ingress annotations: - spec.ingressClassName: "nginx" + kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /$2 # nginx.ingress.kubernetes.io/affinity: "cookie" # nginx.ingress.kubernetes.io/session-cookie-path: "/" diff --git a/option/oke/ingress-ui.yaml b/option/oke/ingress-ui.yaml index 2a5659d5..0cfc7181 100644 --- a/option/oke/ingress-ui.yaml +++ b/option/oke/ingress-ui.yaml @@ -3,7 +3,7 @@ kind: Ingress metadata: name: ##PREFIX##-ui-ingress annotations: - spec.ingressClassName: "nginx" + kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/rewrite-target: /$2 spec: diff --git a/option/src/app/apex/ingress-app.yaml b/option/src/app/apex/ingress-app.yaml index e1990851..a6e84364 100644 --- a/option/src/app/apex/ingress-app.yaml +++ b/option/src/app/apex/ingress-app.yaml @@ -3,7 +3,7 @@ kind: Ingress metadata: name: ##PREFIX##-app-ingress annotations: - spec.ingressClassName: "nginx" + kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /ords/r/apex_app/apex_app/$2 nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/upstream-vhost: "##ORDS_HOST##" diff --git a/option/src/app/java_tomcat/ingress-app.yaml b/option/src/app/java_tomcat/ingress-app.yaml index 6b14db26..3158112b 100644 --- a/option/src/app/java_tomcat/ingress-app.yaml +++ b/option/src/app/java_tomcat/ingress-app.yaml @@ -4,7 +4,7 @@ kind: Ingress metadata: name: ##PREFIX##-app-ingress annotations: - spec.ingressClassName: "nginx" + kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /starter-1.0/$2 spec: rules: diff --git a/option/src/app/ords/ingress-app.yaml b/option/src/app/ords/ingress-app.yaml index 77cd5833..4cabfd68 100644 --- a/option/src/app/ords/ingress-app.yaml +++ b/option/src/app/ords/ingress-app.yaml @@ -3,7 +3,7 @@ kind: Ingress metadata: name: ##PREFIX##-app-ingress annotations: - spec.ingressClassName: "nginx" + kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /ords/starter/module/$2 nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/upstream-vhost: "##ORDS_HOST##" From f0a074182d0b7041c8a6296692818c9299e46469 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 11:26:58 +0100 Subject: [PATCH 035/176] v1.6 --- option/oke/ingress-app.yaml | 2 +- option/oke/ingress-ui.yaml | 3 +-- option/src/app/apex/ingress-app.yaml | 2 +- option/src/app/java_tomcat/ingress-app.yaml | 2 +- option/src/app/ords/ingress-app.yaml | 2 +- 5 files changed, 5 insertions(+), 6 deletions(-) diff --git a/option/oke/ingress-app.yaml b/option/oke/ingress-app.yaml index ba5a85ac..f007be85 100644 --- a/option/oke/ingress-app.yaml +++ b/option/oke/ingress-app.yaml @@ -4,11 +4,11 @@ kind: Ingress metadata: name: ##PREFIX##-app-ingress annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /$2 # nginx.ingress.kubernetes.io/affinity: "cookie" # nginx.ingress.kubernetes.io/session-cookie-path: "/" spec: + ingressClassName: nginx rules: - http: paths: diff --git a/option/oke/ingress-ui.yaml b/option/oke/ingress-ui.yaml index 0cfc7181..d71baeea 100644 --- a/option/oke/ingress-ui.yaml +++ b/option/oke/ingress-ui.yaml @@ -3,10 +3,9 @@ kind: Ingress metadata: name: ##PREFIX##-ui-ingress annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/rewrite-target: /$2 spec: + ingressClassName: nginx rules: - http: paths: diff --git a/option/src/app/apex/ingress-app.yaml b/option/src/app/apex/ingress-app.yaml index a6e84364..e7cb2b75 100644 --- a/option/src/app/apex/ingress-app.yaml +++ b/option/src/app/apex/ingress-app.yaml @@ -3,11 +3,11 @@ kind: Ingress metadata: name: ##PREFIX##-app-ingress annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /ords/r/apex_app/apex_app/$2 nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/upstream-vhost: "##ORDS_HOST##" spec: + ingressClassName: nginx rules: - http: paths: diff --git a/option/src/app/java_tomcat/ingress-app.yaml b/option/src/app/java_tomcat/ingress-app.yaml index 3158112b..a6541a0b 100644 --- a/option/src/app/java_tomcat/ingress-app.yaml +++ b/option/src/app/java_tomcat/ingress-app.yaml @@ -4,9 +4,9 @@ kind: Ingress metadata: name: ##PREFIX##-app-ingress annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /starter-1.0/$2 spec: + ingressClassName: nginx rules: - http: paths: diff --git a/option/src/app/ords/ingress-app.yaml b/option/src/app/ords/ingress-app.yaml index 4cabfd68..fe08461a 100644 --- a/option/src/app/ords/ingress-app.yaml +++ b/option/src/app/ords/ingress-app.yaml @@ -3,11 +3,11 @@ kind: Ingress metadata: name: ##PREFIX##-app-ingress annotations: - kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: /ords/starter/module/$2 nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/upstream-vhost: "##ORDS_HOST##" spec: + ingressClassName: nginx rules: - http: paths: From 603cb0c55efd844cdef1e6dace8e6e5658fc75a9 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 12:39:26 +0100 Subject: [PATCH 036/176] v1.6 --- option/oke/oke_deploy.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/option/oke/oke_deploy.sh b/option/oke/oke_deploy.sh index 95b7a519..47f51b51 100755 --- a/option/oke/oke_deploy.sh +++ b/option/oke/oke_deploy.sh @@ -41,12 +41,13 @@ fi # Using & as separator sed "s&##DOCKER_PREFIX##&${DOCKER_PREFIX}&" src/app/app.yaml > $TARGET_DIR/app.yaml sed "s&##DOCKER_PREFIX##&${DOCKER_PREFIX}&" src/ui/ui.yaml > $TARGET_DIR/ui.yaml +cp src/oke/ingress-app.yaml $TARGET_DIR/ingress-app.yaml # If present, replace the ORDS URL if [ "$ORDS_URL" != "" ]; then ORDS_HOST=`basename $(dirname $ORDS_URL)` sed -i "s&##ORDS_HOST##&$ORDS_HOST&" $TARGET_DIR/app.yaml - sed "s&##ORDS_HOST##&$ORDS_HOST&" src/oke/ingress-app.yaml > $TARGET_DIR/ingress-app.yaml + sed -i "s&##ORDS_HOST##&$ORDS_HOST&" $TARGET_DIR/ingress-app.yaml fi # delete the old pod, just to be sure a new image is pulled From 78901dafb27de50b8cee45bf1c2d39bf2b87a872 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 13:35:50 +0100 Subject: [PATCH 037/176] v1.6 --- option/test_suite_group_all.sh | 27 ++++++++++++++++++++++++--- option/test_suite_shared.sh | 13 +++++++++---- py_oci_starter.py | 7 +++++-- 3 files changed, 38 insertions(+), 9 deletions(-) diff --git a/option/test_suite_group_all.sh b/option/test_suite_group_all.sh index 79f8f5e5..2c5ab91d 100755 --- a/option/test_suite_group_all.sh +++ b/option/test_suite_group_all.sh @@ -83,8 +83,6 @@ loop_java_framework () { } loop_lang () { - mkdir_deploy - OPTION_LANG=java OPTION_JAVA_VM=jdk if [ "$OPTION_DEPLOY" == "function" ]; then @@ -126,7 +124,6 @@ loop_shared_compute() { OPTION_DB_INSTALL=shared_compute OPTION_UI=html OPTION_DB=db_free - mkdir_deploy build_option OPTION_DB=mysql build_option @@ -138,6 +135,28 @@ loop_shared_compute() { build_option } +loop_tls() { + # TLS + OPTION_GROUP_NAME=none + OPTION_LANG=java + OPTION_JAVA_VM=jdk + OPTION_JAVA_FRAMEWORK=springboot + OPTION_UI=html + OPTION_DB=none + OPTION_DEPLOY=compute + OPTION_TLS=existing + build_option + OPTION_DEPLOY=kubernetes + build_option + OPTION_DEPLOY=instance_pool + build_option + OPTION_DEPLOY=container_instance + build_option + OPTION_DEPLOY=function + build_option + OPTION_GROUP_NAME=dummy +} + loop_deploy() { OPTION_DEPLOY=compute loop_shared_compute @@ -150,6 +169,8 @@ loop_deploy() { loop_lang OPTION_DEPLOY=function loop_lang + + loop_tls } generate_only() { diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index e6dbf714..a5211448 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -6,6 +6,8 @@ export BUILD_COUNT=1 export COLOR_RED='\033[0;31m' export COLOR_GREEN='\033[0;32m' export COLOR_NONE='\033[0m' +export OPTION_TLS='none' +export OPTION_GROUP_NAME='dummy' # No color for terraforms logs export nocolorarg=1 @@ -113,6 +115,7 @@ build_test_destroy () { } build_option() { + mkdir_deploy if [ "$OPTION_DB_INSTALL" == "shared_compute" ]; then NAME=shared-compute-${OPTION_DB} elif [ "$OPTION_LANG" == "java" ] && [ "$OPTION_DEPLOY" != "function" ]; then @@ -136,7 +139,7 @@ build_option() { -database $OPTION_DB \ -db_password $TEST_DB_PASSWORD \ -db_install $OPTION_DB_INSTALL \ - -group_common dummy \ + -group_common $OPTION_GROUP_NAME \ -shape $OPTION_SHAPE \ -compartment_ocid $EX_COMPARTMENT_OCID \ -vcn_ocid $TF_VAR_vcn_ocid \ @@ -169,9 +172,11 @@ build_option() { # Create the $OPTION_DEPLOY directory mkdir_deploy() { - mkdir $TEST_HOME/$OPTION_DEPLOY - echo '. $PROJECT_DIR/../../group_common_env.sh' > $TEST_HOME/$OPTION_DEPLOY/group_common_env.sh - chmod +x $TEST_HOME/$OPTION_DEPLOY/group_common_env.sh + if [ ! -d $TEST_HOME/$OPTION_DEPLOY ]; then + mkdir $TEST_HOME/$OPTION_DEPLOY + echo '. $PROJECT_DIR/../../group_common_env.sh' > $TEST_HOME/$OPTION_DEPLOY/group_common_env.sh + chmod +x $TEST_HOME/$OPTION_DEPLOY/group_common_env.sh + fi } diff --git a/py_oci_starter.py b/py_oci_starter.py index aff63a67..3574fad3 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -238,8 +238,11 @@ def zip_rules(): def group_common_rules(): if params.get('group_common'): - global a_group_common - a_group_common=params.get('group_common').split(',') + if params.get('group_common')=='none': + params.pop('group_common') + else: + global a_group_common + a_group_common=params.get('group_common').split(',') def shape_rules(): From a2b832ba46db29bed132dba28b24502d991be810 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 13:50:30 +0100 Subject: [PATCH 038/176] v1.6 --- option/test_suite_shared.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index a5211448..cfa6597f 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -118,6 +118,8 @@ build_option() { mkdir_deploy if [ "$OPTION_DB_INSTALL" == "shared_compute" ]; then NAME=shared-compute-${OPTION_DB} + elif [ "$OPTION_TLS" == "existing" ]; then + NAME=tls-existing-${OPTION_DEPLOY} elif [ "$OPTION_LANG" == "java" ] && [ "$OPTION_DEPLOY" != "function" ]; then NAME=${OPTION_LANG}-${OPTION_JAVA_FRAMEWORK}-${OPTION_JAVA_VM}-${OPTION_DB}-${OPTION_UI} else From 79dd929e9906e773a93b5980ef340e4a77e78a68 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 13:51:36 +0100 Subject: [PATCH 039/176] v1.6 --- option/test_suite_shared.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index cfa6597f..c0913273 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -118,8 +118,8 @@ build_option() { mkdir_deploy if [ "$OPTION_DB_INSTALL" == "shared_compute" ]; then NAME=shared-compute-${OPTION_DB} - elif [ "$OPTION_TLS" == "existing" ]; then - NAME=tls-existing-${OPTION_DEPLOY} + elif [ "$OPTION_TLS" != "none" ]; then + NAME=tls-${OPTION_TLS}-${OPTION_DEPLOY} elif [ "$OPTION_LANG" == "java" ] && [ "$OPTION_DEPLOY" != "function" ]; then NAME=${OPTION_LANG}-${OPTION_JAVA_FRAMEWORK}-${OPTION_JAVA_VM}-${OPTION_DB}-${OPTION_UI} else @@ -143,6 +143,7 @@ build_option() { -db_install $OPTION_DB_INSTALL \ -group_common $OPTION_GROUP_NAME \ -shape $OPTION_SHAPE \ + -tls $OPTION_TLS \ -compartment_ocid $EX_COMPARTMENT_OCID \ -vcn_ocid $TF_VAR_vcn_ocid \ -public_subnet_ocid $TF_VAR_public_subnet_ocid \ From c9fa42507581ab4a9199ee467d86c2840a4b6351 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 14:06:14 +0100 Subject: [PATCH 040/176] v1.6 --- option/terraform/tls.j2.tf | 2 +- option/test_suite_group_all.sh | 1 - option/test_suite_shared.sh | 8 ++++++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index bb8f2e60..186ddaff 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -4,7 +4,7 @@ variable "dns_ip" { default="" } locals { {%- if deploy == "compute" %} - dns_ip = local.compute_ip + dns_ip = local.compute_public_ip {%- elif deploy == "instance_pool" %} dns_ip = local.instance_pool_lb_ip {%- else %} diff --git a/option/test_suite_group_all.sh b/option/test_suite_group_all.sh index 2c5ab91d..52cee32f 100755 --- a/option/test_suite_group_all.sh +++ b/option/test_suite_group_all.sh @@ -45,7 +45,6 @@ loop_shape() { } loop_db() { - OPTION_DB_INSTALL=default if [ "$OPTION_DEPLOY" != "instance_pool" ] ; then # OPTION_DB=database # loop_ui diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index c0913273..8683b6a6 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -6,8 +6,12 @@ export BUILD_COUNT=1 export COLOR_RED='\033[0;31m' export COLOR_GREEN='\033[0;32m' export COLOR_NONE='\033[0m' -export OPTION_TLS='none' -export OPTION_GROUP_NAME='dummy' + +# Default +OPTION_TLS=none +OPTION_GROUP_NAME=dummy +OPTION_DB_INSTALL=default +OPTION_SHAPE=amd # No color for terraforms logs export nocolorarg=1 From f1cc94a2caa829b516353a64c79d155b54aa9dc2 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 14:48:25 +0100 Subject: [PATCH 041/176] v1.6 --- basis/bin/build_all.sh | 2 +- option/test_suite_shared.sh | 27 ++++++++++++++++++++++++--- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/basis/bin/build_all.sh b/basis/bin/build_all.sh index 3aaec490..467e6198 100755 --- a/basis/bin/build_all.sh +++ b/basis/bin/build_all.sh @@ -15,12 +15,12 @@ if [ "$TF_VAR_ssh_private_path" == "" ]; then . $BIN_DIR/sshkey_generate.sh fi +. env.sh if [ -n "$CERTIFICATE_PATH" ]; then title "Certificate" certificate_path_before_terraform fi -. env.sh title "Terraform Apply" src/terraform/apply.sh --auto-approve -no-color exit_on_error diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index 8683b6a6..638a8bd5 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -18,7 +18,12 @@ export nocolorarg=1 start_test() { export TEST_NAME=$1 - export TEST_DIR=$TEST_HOME/$OPTION_DEPLOY/$TEST_NAME + if[ "$OPTION_GROUP_NAME" != "none" ] + export TEST_DIR=$TEST_HOME/$OPTION_DEPLOY/$TEST_NAME + else + export TEST_DIR=$TEST_HOME/no_group/$OPTION_DEPLOY/$TEST_NAME + mkdir -p $TEST_DIR + fi echo "-- TEST: $OPTION_DEPLOY - $TEST_NAME ---------------------------------------" } @@ -135,7 +140,8 @@ build_option() { NAME=${NAME/_/-} start_test $NAME cd $TEST_HOME/oci-starter - ./oci_starter.sh \ + if [ "$OPTION_GROUP_NAME" == "dummy" ]; then + ./oci_starter.sh \ -prefix $NAME \ -deploy $OPTION_DEPLOY \ -ui $OPTION_UI \ @@ -161,7 +167,22 @@ build_option() { -apigw_ocid $TF_VAR_apigw_ocid \ -bastion_ocid $TF_VAR_bastion_ocid \ -fnapp_ocid $TF_VAR_fnapp_ocid > ${TEST_DIR}.log 2>&1 - + else + ./oci_starter.sh \ + -prefix tsone \ + -deploy $OPTION_DEPLOY \ + -ui $OPTION_UI \ + -language $OPTION_LANG \ + -java_framework $OPTION_JAVA_FRAMEWORK \ + -java_vm $OPTION_JAVA_VM \ + -database $OPTION_DB \ + -db_password $TEST_DB_PASSWORD \ + -db_install $OPTION_DB_INSTALL \ + -group_common $OPTION_GROUP_NAME \ + -shape $OPTION_SHAPE \ + -tls $OPTION_TLS \ + -compartment_ocid $EX_COMPARTMENT_OCID > ${TEST_DIR}.log 2>&1 + fi # -db_compartment_ocid $EX_COMPARTMENT_OCID \ if [ -d output ]; then From 0db84a5fae4237dab7682b789ed4aeb4c5a8b175 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 16:40:23 +0100 Subject: [PATCH 042/176] v1.6 --- option/test_suite_group_all.sh | 24 +++++++++++++++--------- option/test_suite_shared.sh | 3 ++- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/option/test_suite_group_all.sh b/option/test_suite_group_all.sh index 52cee32f..775f2430 100755 --- a/option/test_suite_group_all.sh +++ b/option/test_suite_group_all.sh @@ -134,16 +134,8 @@ loop_shared_compute() { build_option } -loop_tls() { - # TLS - OPTION_GROUP_NAME=none - OPTION_LANG=java - OPTION_JAVA_VM=jdk - OPTION_JAVA_FRAMEWORK=springboot - OPTION_UI=html - OPTION_DB=none +loop_tls_deploy() { OPTION_DEPLOY=compute - OPTION_TLS=existing build_option OPTION_DEPLOY=kubernetes build_option @@ -153,6 +145,20 @@ loop_tls() { build_option OPTION_DEPLOY=function build_option +} + +loop_tls() { + # TLS + OPTION_GROUP_NAME=none + OPTION_LANG=java + OPTION_JAVA_VM=jdk + OPTION_JAVA_FRAMEWORK=springboot + OPTION_UI=html + OPTION_DB=none + OPTION_TLS=existing + loop_tls_deploy + OPTION_TLS=new + loop_tls_deploy OPTION_GROUP_NAME=dummy } diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index 638a8bd5..ad206d83 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -18,7 +18,7 @@ export nocolorarg=1 start_test() { export TEST_NAME=$1 - if[ "$OPTION_GROUP_NAME" != "none" ] + if [ "$OPTION_GROUP_NAME" != "none" ]; then export TEST_DIR=$TEST_HOME/$OPTION_DEPLOY/$TEST_NAME else export TEST_DIR=$TEST_HOME/no_group/$OPTION_DEPLOY/$TEST_NAME @@ -105,6 +105,7 @@ build_test_destroy () { echo "stop_token file dectected" echo "Exiting before destroy.sh" echo "Last directory: $TEST_DIR" + rm $TEST_HOME/stop_token exit fi ./destroy.sh --auto-approve > destroy.log 2>&1 From 524841968f2eaa0d0646be77727bd67402180c76 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 19:08:17 +0100 Subject: [PATCH 043/176] v1.6 --- basis/bin/build_all.sh | 4 +-- basis/bin/shared_bash_function.sh | 44 ++++++++++++++++++------------- 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/basis/bin/build_all.sh b/basis/bin/build_all.sh index 467e6198..883d54c8 100755 --- a/basis/bin/build_all.sh +++ b/basis/bin/build_all.sh @@ -16,7 +16,7 @@ if [ "$TF_VAR_ssh_private_path" == "" ]; then fi . env.sh -if [ -n "$CERTIFICATE_PATH" ]; then +if [ -n "$TF_VAR_tls" ]; then title "Certificate" certificate_path_before_terraform fi @@ -76,7 +76,7 @@ elif [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then exit_on_error fi -if [ -n "$TF_VAR_dns_name" ]; then +if [ -n "$TF_VAR_tls" ]; then title "Certificate - Post Deploy" certificate_post_deploy fi diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 39d0ecb0..cec560f0 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -459,38 +459,46 @@ certificate_path_before_terraform() { export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` fi if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - if [ -d target/compute/certificate ]; then - echo "Certificate Directory exists already" - else - mkdir -p target/compute/certificate - cp $CERTIFICATE_PATH/* target/compute/certificate/. - cp src/tls/nginx_tls.conf target/compute/. - sed -i "s/##DNS_NAME##/$TF_VAR_dns_name/" target/compute/nginx_tls.conf + if [ "$TF_VAR_tls" == "existing" ]; then + if [ -d target/compute/certificate ]; then + echo "Certificate Directory exists already" + elif [ -n $TF_VAR_CERTIFICATE_PATH ]; then + mkdir -p target/compute/certificate + cp $CERTIFICATE_PATH/* target/compute/certificate/. + cp src/tls/nginx_tls.conf target/compute/. + sed -i "s/##DNS_NAME##/$TF_VAR_dns_name/" target/compute/nginx_tls.conf + else + echo "ERROR: certificate_path_before_terraform: TF_VAR_CERTIFICATE_PATH not defined" + exit 1 + fi fi - elif [ "$TF_VAR_certificate_ocid" == "" ] && [ "$CERTIFICATE_PATH" != "" ] ; then - certificate_create - elif [ "$TF_VAR_certificate_ocid" != "" ]; then - certificate_validity - else - echo "Certificate will be created after the deployment." + elif [ "$TF_VAR_tls" == "existing" ]; then + if [ "$TF_VAR_certificate_ocid" == "" ] && [ "$CERTIFICATE_PATH" != "" ] ; then + certificate_create + elif [ "$TF_VAR_certificate_ocid" != "" ]; then + certificate_validity + else + echo "ERROR: certificate_path_before_terraform: missing variables TF_VAR_certificate_ocid or CERTIFICATE_PATH" + exit 1 + fi + elif [ "$TF_VAR_tls" == "new" ]; then + echo "New Certificate will be created after the deployment." fi } # Certificate - Post Deploy certificate_post_deploy() { - if [ -n $TF_VAR_certificate_ocid ]; then + if [ "$TF_VAR_tls" == "existing" ]; then if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then src/terraform/apply.sh --auto-approve -no-color exit_on_error fi - else + elif [ "$TF_VAR_tls" == "new" ]; then if [ "$TF_VAR_deploy_strategy" == "compute" ]; then certificate_run_certbot else ### XXXX ### Everything except compute ### - if [ "$CERTIFICATE_PATH" == "" ]; then - certificate_run_certbot - fi + certificate_run_certbot certificate_create src/terraform/apply.sh --auto-approve -no-color exit_on_error From 300359f24284eba413ccb02140057e6b23947f1f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 19:20:20 +0100 Subject: [PATCH 044/176] v1.6 --- basis/bin/shared_bash_function.sh | 6 +++--- option/tls/new/certbot_init.sh | 2 +- py_oci_starter.py | 6 +++++- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index cec560f0..0f2b3a53 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -509,8 +509,8 @@ certificate_post_deploy() { # Generate a certificate on compute or bastion certificate_run_certbot() { - if [ -z "$CERTIFICATE_GENERATE_EMAIL" ]; then - echo "Error: CERTIFICATE_GENERATE_EMAIL is not defined." + if [ -z "$CERTIFICATE_EMAIL" ]; then + echo "Error: CERTIFICATE_EMAIL is not defined." exit 1 fi if [ "$TF_VAR_deploy_strategy" == "compute" ]; then @@ -521,7 +521,7 @@ certificate_run_certbot() TLS_IP=$BASTION_IP fi scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path bin/tls opc@$TLS_IP:/home/opc/. - ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_GENERATE_DNS=\"$CERTIFICATE_GENERATE_EMAIL\"; bash tls/certbot_init.sh 2>&1 | tee -a tls/certbot_init.log" + ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_EMAIL=\"$CERTIFICATE_EMAIL\"; bash tls/certbot_init.sh 2>&1 | tee -a tls/certbot_init.log" scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP:tls/certificate target/. export CERTIFICATE_PATH=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name } diff --git a/option/tls/new/certbot_init.sh b/option/tls/new/certbot_init.sh index d089b9d5..5fee9c2e 100644 --- a/option/tls/new/certbot_init.sh +++ b/option/tls/new/certbot_init.sh @@ -17,7 +17,7 @@ sudo systemctl restart nginx sudo firewall-cmd --zone=public --add-port=80/tcp --permanent sudo firewall-cmd --zone=public --add-port=443/tcp --permanent sudo firewall-cmd --reload -sudo certbot --agree-tos --nginx --email $CERTIFICATE_GENERATE_EMAIL -d $TF_VAR_dns_name +sudo certbot --agree-tos --nginx --email $CERTIFICATE_EMAIL -d $TF_VAR_dns_name # Place the certificate in an OPC directory so that it can be copied via SSH. mkdir certificate diff --git a/py_oci_starter.py b/py_oci_starter.py index 3574fad3..06ff14f1 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -125,7 +125,8 @@ def get_tf_var(param): 'deploy': 'TF_VAR_deploy_strategy', 'license': 'TF_VAR_license_model', 'ui': 'TF_VAR_ui_strategy', - 'certificate_path': 'CERTIFICATE_PATH' + 'certificate_path': 'CERTIFICATE_PATH', + 'certificate_email': 'CERTIFICATE_EMAIL' }.get(param) if special_case is not None: return special_case @@ -260,7 +261,10 @@ def tls_rules(): params['dns_zone_name'] = TO_FILL params['dns_name'] = TO_FILL if params.get('tls')=='existing': + params['certificate_ocid'] = TO_FILL params['certificate_path'] = TO_FILL + elif params.get('tls')=='new': + params['certificate_email'] = TO_FILL def apply_rules(): From 01d80c8619acd7f46e9889fa28a9b61a1a6804e0 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 19:27:33 +0100 Subject: [PATCH 045/176] v1.6 --- basis/bin/shared_bash_function.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 0f2b3a53..5c72b004 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -520,7 +520,7 @@ certificate_run_certbot() # Generate the certificate with Let'Encrypt on the BASTION TLS_IP=$BASTION_IP fi - scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path bin/tls opc@$TLS_IP:/home/opc/. + scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path src/tls opc@$TLS_IP:/home/opc/. ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_EMAIL=\"$CERTIFICATE_EMAIL\"; bash tls/certbot_init.sh 2>&1 | tee -a tls/certbot_init.log" scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP:tls/certificate target/. export CERTIFICATE_PATH=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name From c262577d016bd3c6c87c4bb639b2b7b133cf61f0 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 19:36:29 +0100 Subject: [PATCH 046/176] v1.6 --- option/tls/new/certbot_init.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/tls/new/certbot_init.sh b/option/tls/new/certbot_init.sh index 5fee9c2e..7363db83 100644 --- a/option/tls/new/certbot_init.sh +++ b/option/tls/new/certbot_init.sh @@ -21,5 +21,5 @@ sudo certbot --agree-tos --nginx --email $CERTIFICATE_EMAIL -d $TF_VAR_dns_name # Place the certificate in an OPC directory so that it can be copied via SSH. mkdir certificate -sudo cp -r /etc/letsencrypt/live/$TF_VAR_dns_name /home/opc/tls/certificate +sudo cp -Lr /etc/letsencrypt/live/$TF_VAR_dns_name /home/opc/tls/certificate sudo chown -R opc certificate \ No newline at end of file From 48f3dd8320fa66b9e1a700354028a6298d20bcc3 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 21 Dec 2023 20:37:25 +0100 Subject: [PATCH 047/176] v1.6 --- py_oci_starter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 06ff14f1..e215b6da 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -707,7 +707,7 @@ def create_dir_shared(): cp_terraform("bastion_shared_compute.tf") elif 'bastion_ocid' in params: cp_terraform("bastion_existing.tf") - elif params.get('database')!='none': + elif params.get('database')!='none' or 'tls' in params: cp_terraform("bastion.tf") #---------------------------------------------------------------------------- From ddc14b49d532cc912dec20007055d4af5cd89128 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 22 Dec 2023 14:06:30 +0100 Subject: [PATCH 048/176] v1.6 --- basis/bin/shared_bash_function.sh | 8 ++++-- option/terraform/instance_pool.tf | 5 ++-- option/terraform/tls.j2.tf | 46 ++++++++++++++++++++++++++++--- option/tls/new/certbot_init.sh | 11 ++++++++ 4 files changed, 62 insertions(+), 8 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 5c72b004..0f1272df 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -441,11 +441,15 @@ certificate_validity() { } certificate_create() { - echo "Creating certificate $TF_VAR_dns_name" + echo "Creating or Updating certificate $TF_VAR_dns_name" CERT_CERT=$(cat $CERTIFICATE_PATH/cert.pem) CERT_CHAIN=$(cat $CERTIFICATE_PATH/chain.pem) CERT_PRIVKEY=$(cat $CERTIFICATE_PATH/privkey.pem) - oci certs-mgmt certificate create-by-importing-config --compartment-id=$TF_VAR_compartment_ocid --name=$TF_VAR_dns_name --cert-chain-pem="$CERT_CHAIN" --certificate-pem="$CERT_CERT" --private-key-pem="$CERT_PRIVKEY" --wait-for-state ACTIVE --wait-for-state FAILED + if [ -z $TF_VAR_certificate_ocid ]; then + oci certs-mgmt certificate create-by-importing-config --compartment-id=$TF_VAR_compartment_ocid --name=$TF_VAR_dns_name --cert-chain-pem="$CERT_CHAIN" --certificate-pem="$CERT_CERT" --private-key-pem="$CERT_PRIVKEY" --wait-for-state ACTIVE --wait-for-state FAILED + else + oci certs-mgmt certificate update-certificate-by-importing-config-details --certificate-id=$TF_VAR_certificate_ocid --cert-chain-pem="$CERT_CHAIN" --certificate-pem="$CERT_CERT" --private-key-pem="$CERT_PRIVKEY" --wait-for-state ACTIVE --wait-for-state FAILED + fi exit_on_error TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` } diff --git a/option/terraform/instance_pool.tf b/option/terraform/instance_pool.tf index 6a5251ba..3b4846af 100644 --- a/option/terraform/instance_pool.tf +++ b/option/terraform/instance_pool.tf @@ -40,11 +40,12 @@ resource "oci_load_balancer_backend_set" "starter_pool_backend_set" { } resource "oci_load_balancer_listener" "starter_pool_lb_listener" { + count = var.certificate_ocid == "" ? 1 : 0 load_balancer_id = oci_load_balancer.starter_pool_lb.id - name = "TCP-80" + name = "HTTP-80" default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name port = 80 - protocol = "TCP" + protocol = "HTTP" } resource "oci_core_instance_configuration" "starter_instance_configuration" { diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index 186ddaff..46ebc58d 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -30,14 +30,14 @@ resource "oci_dns_rrset" "starter_rrset" { } {%- if deploy == "instance_pool" %} -resource "oci_load_balancer_listener" "test_listener" { +resource "oci_load_balancer_listener" "starter-lb-https-listener" { #Required count = var.certificate_ocid=="" ? 0 : 1 load_balancer_id = oci_load_balancer.starter_pool_lb.id - name = "TCP-443" + name = "HTTP-443" default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name port = 443 - protocol = "TCP" + protocol = "HTTP" ssl_configuration { certificate_ids = [ var.certificate_ocid ] @@ -52,4 +52,42 @@ resource "oci_load_balancer_listener" "test_listener" { verify_peer_certificate = false } } -{%- endif %} \ No newline at end of file + +{%- if tls == "new" %} +resource oci_load_balancer_backend_set starter-bastion-bes { + health_checker { + protocol = "HTTP" + url_path = "/" + } + load_balancer_id = oci_load_balancer.starter_pool_lb.id + name = "${prefix}-bastion-bes" + policy = "ROUND_ROBIN" +} + +resource oci_load_balancer_path_route_set starter-bastion-routeset { + load_balancer_id = oci_load_balancer_load_balancer.export_tsone-pool-lb.id + name = "${prefix}-bastion-routeset" + path_routes { + backend_set_name = oci_load_balancer_backend_set starter-bastion-bes"tsone-bastion-bes" + path = "/.well-known/acme-challenge" + path_match_type { + match_type = "PREFIX_MATCH" + } + } +} + +resource oci_load_balancer_listener starter-lb-http-listener { + load_balancer_id = oci_load_balancer_load_balancer.export_tsone-pool-lb.id + default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name + name = "HTTP-80" + path_route_set_name = "${prefix}-bastion-routeset" + port = "80" + protocol = "HTTP" +} + +{%- endif %} + +{%- endif %} + + + diff --git a/option/tls/new/certbot_init.sh b/option/tls/new/certbot_init.sh index 7363db83..9a68ea9d 100644 --- a/option/tls/new/certbot_init.sh +++ b/option/tls/new/certbot_init.sh @@ -2,6 +2,16 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) cd $SCRIPT_DIR +exit_on_error() { + RESULT=$? + if [ $RESULT -eq 0 ]; then + echo "Success" + else + echo "Failed (RESULT=$RESULT)" + exit $RESULT + fi +} + # Install certbot sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y sudo dnf install snapd nginx -y @@ -18,6 +28,7 @@ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent sudo firewall-cmd --zone=public --add-port=443/tcp --permanent sudo firewall-cmd --reload sudo certbot --agree-tos --nginx --email $CERTIFICATE_EMAIL -d $TF_VAR_dns_name +exit_on_error # Place the certificate in an OPC directory so that it can be copied via SSH. mkdir certificate From 577cf9d1aecc9c18433ba5803361ecf5b6e6d408 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 22 Dec 2023 17:49:18 +0100 Subject: [PATCH 049/176] v1.6 --- basis/bin/auto_env.sh | 9 +++++++++ option/terraform/tls.j2.tf | 20 ++++++++++++++------ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index cff4ebee..1b5e07c4 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -182,6 +182,15 @@ if [ -f $STATE_FILE ]; then get_attribute_from_tfstate "APIGW_DEPLOYMENT_OCID" "starter_apigw_deployment" "id" fi + if [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then + # XXX Does not work with Resource Manager XXX + # Check in the terraform state is the compute is already created. + COMPUTE_TYPE=`cat $STATE_FILE | jq -r '.resources[] | select(.name=="starter_instance") | .type'` + if [ "$COMPUTE_TYPE" != "" ]; then + export TF_VAR_compute_ready="true" + fi + fi + # Functions if [ "$TF_VAR_deploy_strategy" == "function" ]; then # OBJECT Storage URL diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index 46ebc58d..f6ccc3c4 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -60,15 +60,23 @@ resource oci_load_balancer_backend_set starter-bastion-bes { url_path = "/" } load_balancer_id = oci_load_balancer.starter_pool_lb.id - name = "${prefix}-bastion-bes" + name = "${var.prefix}-bastion-bes" policy = "ROUND_ROBIN" } +resource oci_load_balancer_backend starter-bastion-be { + load_balancer_id = oci_load_balancer.starter_pool_lb.id + backendset_name = oci_load_balancer_backend_set.starter-bastion-bes.name + ip_address = oci_core_instance.starter_bastion.private_ip + port = "80" + weight = "1" +} + resource oci_load_balancer_path_route_set starter-bastion-routeset { - load_balancer_id = oci_load_balancer_load_balancer.export_tsone-pool-lb.id - name = "${prefix}-bastion-routeset" + load_balancer_id = oci_load_balancer.starter_pool_lb.id + name = "${var.prefix}-bastion-routeset" path_routes { - backend_set_name = oci_load_balancer_backend_set starter-bastion-bes"tsone-bastion-bes" + backend_set_name = oci_load_balancer_backend_set.starter-bastion-bes.name path = "/.well-known/acme-challenge" path_match_type { match_type = "PREFIX_MATCH" @@ -77,10 +85,10 @@ resource oci_load_balancer_path_route_set starter-bastion-routeset { } resource oci_load_balancer_listener starter-lb-http-listener { - load_balancer_id = oci_load_balancer_load_balancer.export_tsone-pool-lb.id + load_balancer_id = oci_load_balancer.starter_pool_lb.id default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name name = "HTTP-80" - path_route_set_name = "${prefix}-bastion-routeset" + path_route_set_name = oci_load_balancer_path_route_set.starter-bastion-routeset.name port = "80" protocol = "HTTP" } From 93216735affad48a32c012feb09cda195a398108 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 22 Dec 2023 22:58:33 +0100 Subject: [PATCH 050/176] v1.6 --- basis/bin/auto_env.sh | 1 + option/terraform/instance_pool.tf | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 1b5e07c4..b1435dad 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -182,6 +182,7 @@ if [ -f $STATE_FILE ]; then get_attribute_from_tfstate "APIGW_DEPLOYMENT_OCID" "starter_apigw_deployment" "id" fi + # Instance Pool if [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then # XXX Does not work with Resource Manager XXX # Check in the terraform state is the compute is already created. diff --git a/option/terraform/instance_pool.tf b/option/terraform/instance_pool.tf index 3b4846af..dd4bc6b0 100644 --- a/option/terraform/instance_pool.tf +++ b/option/terraform/instance_pool.tf @@ -40,7 +40,6 @@ resource "oci_load_balancer_backend_set" "starter_pool_backend_set" { } resource "oci_load_balancer_listener" "starter_pool_lb_listener" { - count = var.certificate_ocid == "" ? 1 : 0 load_balancer_id = oci_load_balancer.starter_pool_lb.id name = "HTTP-80" default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name From 903b09ab7374829a0eba1aaf5eed2194b712c373 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 22 Dec 2023 23:04:20 +0100 Subject: [PATCH 051/176] v1.6 --- option/terraform/{instance_pool.tf => instance_pool.j2.tf} | 1 + py_oci_starter.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) rename option/terraform/{instance_pool.tf => instance_pool.j2.tf} (98%) diff --git a/option/terraform/instance_pool.tf b/option/terraform/instance_pool.j2.tf similarity index 98% rename from option/terraform/instance_pool.tf rename to option/terraform/instance_pool.j2.tf index dd4bc6b0..3b4846af 100644 --- a/option/terraform/instance_pool.tf +++ b/option/terraform/instance_pool.j2.tf @@ -40,6 +40,7 @@ resource "oci_load_balancer_backend_set" "starter_pool_backend_set" { } resource "oci_load_balancer_listener" "starter_pool_lb_listener" { + count = var.certificate_ocid == "" ? 1 : 0 load_balancer_id = oci_load_balancer.starter_pool_lb.id name = "HTTP-80" default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name diff --git a/py_oci_starter.py b/py_oci_starter.py index e215b6da..0ec566c5 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -834,7 +834,7 @@ def create_output_dir(): output_mkdir("src/compute") output_copy_tree("option/compute", "src/compute") if params.get('deploy') == 'instance_pool': - cp_terraform("instance_pool.tf") + cp_terraform("instance_pool.j2.tf") elif params.get('tls') == 'existing': output_copy_tree("option/tls/compute_existing", "src/tls") From 32b0dfbbe23f6b924de869122d02a38372e9a41e Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 22 Dec 2023 23:05:45 +0100 Subject: [PATCH 052/176] v1.6 --- option/terraform/instance_pool.j2.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/option/terraform/instance_pool.j2.tf b/option/terraform/instance_pool.j2.tf index 3b4846af..a49c1f06 100644 --- a/option/terraform/instance_pool.j2.tf +++ b/option/terraform/instance_pool.j2.tf @@ -39,14 +39,16 @@ resource "oci_load_balancer_backend_set" "starter_pool_backend_set" { } } +{%- if tls == "new" %} resource "oci_load_balancer_listener" "starter_pool_lb_listener" { - count = var.certificate_ocid == "" ? 1 : 0 load_balancer_id = oci_load_balancer.starter_pool_lb.id name = "HTTP-80" default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name port = 80 protocol = "HTTP" } +{%- endif %} + resource "oci_core_instance_configuration" "starter_instance_configuration" { count = var.compute_ready == "" ? 0 : 1 From 7c4a30181406339f58aec2becd16c484115ec912 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 23 Dec 2023 01:15:42 +0100 Subject: [PATCH 053/176] v1.6 --- option/terraform/instance_pool.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/instance_pool.j2.tf b/option/terraform/instance_pool.j2.tf index a49c1f06..d454a898 100644 --- a/option/terraform/instance_pool.j2.tf +++ b/option/terraform/instance_pool.j2.tf @@ -39,7 +39,7 @@ resource "oci_load_balancer_backend_set" "starter_pool_backend_set" { } } -{%- if tls == "new" %} +{%- if tls != "new" %} resource "oci_load_balancer_listener" "starter_pool_lb_listener" { load_balancer_id = oci_load_balancer.starter_pool_lb.id name = "HTTP-80" From 469bc2701b838a199e2bd0d62b4b73b3ed730c1f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 23 Dec 2023 07:31:42 +0100 Subject: [PATCH 054/176] v1.6 --- option/terraform/instance_pool.j2.tf | 5 +++-- option/terraform/tls.j2.tf | 10 ---------- 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/option/terraform/instance_pool.j2.tf b/option/terraform/instance_pool.j2.tf index d454a898..5014d2df 100644 --- a/option/terraform/instance_pool.j2.tf +++ b/option/terraform/instance_pool.j2.tf @@ -39,15 +39,16 @@ resource "oci_load_balancer_backend_set" "starter_pool_backend_set" { } } -{%- if tls != "new" %} resource "oci_load_balancer_listener" "starter_pool_lb_listener" { load_balancer_id = oci_load_balancer.starter_pool_lb.id name = "HTTP-80" default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name port = 80 protocol = "HTTP" -} +{%- if tls == "new" %} + path_route_set_name = oci_load_balancer_path_route_set.starter-bastion-routeset.name {%- endif %} +} resource "oci_core_instance_configuration" "starter_instance_configuration" { diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index f6ccc3c4..113f8dcb 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -83,16 +83,6 @@ resource oci_load_balancer_path_route_set starter-bastion-routeset { } } } - -resource oci_load_balancer_listener starter-lb-http-listener { - load_balancer_id = oci_load_balancer.starter_pool_lb.id - default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name - name = "HTTP-80" - path_route_set_name = oci_load_balancer_path_route_set.starter-bastion-routeset.name - port = "80" - protocol = "HTTP" -} - {%- endif %} {%- endif %} From 5f6a84ce56dd863b51ed7d418c776253f91594bd Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 23 Dec 2023 13:09:07 +0100 Subject: [PATCH 055/176] v1.6 --- basis/bin/auto_env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index b1435dad..7a11f85e 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -144,7 +144,7 @@ else # TLS if [ -n $TF_VAR_dns_name ] && [ -z $TF_VAR_certificate_ocid ]; then - export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` + export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[].id` fi # GIT From c34eab914b2223810146d262fbcbc0156246f5ad Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 23 Dec 2023 13:17:08 +0100 Subject: [PATCH 056/176] v1.6 --- basis/bin/auto_env.sh | 2 +- basis/bin/shared_bash_function.sh | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 7a11f85e..f2176a35 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -143,7 +143,7 @@ else fi # TLS - if [ -n $TF_VAR_dns_name ] && [ -z $TF_VAR_certificate_ocid ]; then + if [ -n $TF_VAR_dns_name ] && [ "$TF_VAR_certificate_ocid" == "" ]; then export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[].id` fi diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 0f1272df..8e03b222 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -445,7 +445,7 @@ certificate_create() { CERT_CERT=$(cat $CERTIFICATE_PATH/cert.pem) CERT_CHAIN=$(cat $CERTIFICATE_PATH/chain.pem) CERT_PRIVKEY=$(cat $CERTIFICATE_PATH/privkey.pem) - if [ -z $TF_VAR_certificate_ocid ]; then + if [ "$TF_VAR_certificate_ocid" == "" ]; then oci certs-mgmt certificate create-by-importing-config --compartment-id=$TF_VAR_compartment_ocid --name=$TF_VAR_dns_name --cert-chain-pem="$CERT_CHAIN" --certificate-pem="$CERT_CERT" --private-key-pem="$CERT_PRIVKEY" --wait-for-state ACTIVE --wait-for-state FAILED else oci certs-mgmt certificate update-certificate-by-importing-config-details --certificate-id=$TF_VAR_certificate_ocid --cert-chain-pem="$CERT_CHAIN" --certificate-pem="$CERT_CERT" --private-key-pem="$CERT_PRIVKEY" --wait-for-state ACTIVE --wait-for-state FAILED @@ -459,9 +459,6 @@ certificate_path_before_terraform() { echo "ERROR: certificate_path_before_terraform: TF_VAR_dns_name not defined" exit 1 fi - if [ -z $TF_VAR_certificate_ocid ]; then - export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` - fi if [ "$TF_VAR_deploy_strategy" == "compute" ]; then if [ "$TF_VAR_tls" == "existing" ]; then if [ -d target/compute/certificate ]; then From 7b60783c1c232669cb5dc628395fd58a94675302 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 23 Dec 2023 13:18:10 +0100 Subject: [PATCH 057/176] v1.6 --- basis/bin/auto_env.sh | 2 +- basis/bin/shared_bash_function.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index f2176a35..255d65c6 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -143,7 +143,7 @@ else fi # TLS - if [ -n $TF_VAR_dns_name ] && [ "$TF_VAR_certificate_ocid" == "" ]; then + if [ "$TF_VAR_dns_name" != "" ] && [ "$TF_VAR_certificate_ocid" == "" ]; then export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[].id` fi diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 8e03b222..f0946dff 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -463,7 +463,7 @@ certificate_path_before_terraform() { if [ "$TF_VAR_tls" == "existing" ]; then if [ -d target/compute/certificate ]; then echo "Certificate Directory exists already" - elif [ -n $TF_VAR_CERTIFICATE_PATH ]; then + elif [ "$TF_VAR_CERTIFICATE_PATH" != "" ]; then mkdir -p target/compute/certificate cp $CERTIFICATE_PATH/* target/compute/certificate/. cp src/tls/nginx_tls.conf target/compute/. From 76d2d93f49c963f4602f5405be872840a2d2f74e Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 23 Dec 2023 18:52:47 +0100 Subject: [PATCH 058/176] v1.6 --- basis/bin/shared_bash_function.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index f0946dff..2d30c4ab 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -522,7 +522,9 @@ certificate_run_certbot() TLS_IP=$BASTION_IP fi scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path src/tls opc@$TLS_IP:/home/opc/. + exit_on_error ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_EMAIL=\"$CERTIFICATE_EMAIL\"; bash tls/certbot_init.sh 2>&1 | tee -a tls/certbot_init.log" scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP:tls/certificate target/. + exit_on_error export CERTIFICATE_PATH=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name } From 65c3560e62abd735efdc9e6175b62c25309b7cbb Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 23 Dec 2023 22:26:00 +0100 Subject: [PATCH 059/176] v1.6 --- .../java/com/example/demo/DemoController.java | 5 ++++- .../java/com/example/demo/DemoController.java | 4 +++- option/tls/new/certbot_init.sh | 21 +++++++++++++++++-- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java index 3f789d8f..3e852a07 100644 --- a/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java @@ -2,6 +2,8 @@ import org.springframework.web.bind.annotation.*; import org.springframework.beans.factory.annotation.Autowired; + +import java.net.Inet4Address; import java.sql.*; import java.util.ArrayList; @@ -46,6 +48,7 @@ public List query() { @RequestMapping(value = "/info", method = RequestMethod.GET, produces ={ "text/plain" }) public String info() { - return "Java - SpringBoot"; + String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():" - "+ System.getenv("POD_IP"); + return "Java - SpringBoot - " + IP; } } diff --git a/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java index 498085cc..00afc641 100644 --- a/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java @@ -3,6 +3,7 @@ import org.springframework.web.bind.annotation.*; import org.springframework.beans.factory.annotation.Autowired; import java.sql.*; +import java.net.Inet4Address; import java.util.ArrayList; import java.util.List; @@ -34,6 +35,7 @@ public List query() { @RequestMapping(value = "/info", method = RequestMethod.GET, produces ={ "text/plain" }) public String info() { - return "Java - SpringBoot / No Database"; + String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():" - "+ System.getenv("POD_IP"); + return "Java - SpringBoot / No Database - " + IP; } } diff --git a/option/tls/new/certbot_init.sh b/option/tls/new/certbot_init.sh index 9a68ea9d..1478805b 100644 --- a/option/tls/new/certbot_init.sh +++ b/option/tls/new/certbot_init.sh @@ -27,8 +27,25 @@ sudo systemctl restart nginx sudo firewall-cmd --zone=public --add-port=80/tcp --permanent sudo firewall-cmd --zone=public --add-port=443/tcp --permanent sudo firewall-cmd --reload -sudo certbot --agree-tos --nginx --email $CERTIFICATE_EMAIL -d $TF_VAR_dns_name -exit_on_error + +x=10 +while [ $x -gt 0 ] +do + sudo certbot --agree-tos --nginx --email $CERTIFICATE_EMAIL -d $TF_VAR_dns_name + RESULT=$? + if [ $RESULT -eq 0 ]; then + echo "Success - certbot" + x=0 + else + echo "Cerbot failed - Retrying $x - Waiting 60 secs for the DNS" + sleep 60 + x=$(( $x - 1 )) + if [ x -eq 0 ]; then + echo "ERROR" + exit 1 + fi + fi +done # Place the certificate in an OPC directory so that it can be copied via SSH. mkdir certificate From 89398047b31bb7c5aee6fa5b20e4511dbad6a83b Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 23 Dec 2023 22:35:04 +0100 Subject: [PATCH 060/176] v1.6 --- option/terraform/tls.j2.tf | 2 +- option/tls/new/certbot_init.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index 113f8dcb..6cc41b2b 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -50,7 +50,7 @@ resource "oci_load_balancer_listener" "starter-lb-https-listener" { server_order_preference = "ENABLED" verify_depth = 1 verify_peer_certificate = false - } + } } {%- if tls == "new" %} diff --git a/option/tls/new/certbot_init.sh b/option/tls/new/certbot_init.sh index 1478805b..9f4393f0 100644 --- a/option/tls/new/certbot_init.sh +++ b/option/tls/new/certbot_init.sh @@ -38,6 +38,7 @@ do x=0 else echo "Cerbot failed - Retrying $x - Waiting 60 secs for the DNS" + nslookup $TF_VAR_dns_name sleep 60 x=$(( $x - 1 )) if [ x -eq 0 ]; then From b15ebda8105249c40ad0eacefdd3daced65bee3f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 24 Dec 2023 00:32:44 +0100 Subject: [PATCH 061/176] v1.6 --- .../src/main/java/com/example/demo/DemoController.java | 2 +- .../src/main/java/com/example/demo/DemoController.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java index 3e852a07..55ac7177 100644 --- a/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java @@ -47,7 +47,7 @@ public List query() { } @RequestMapping(value = "/info", method = RequestMethod.GET, produces ={ "text/plain" }) - public String info() { + public String info() throws Exception { String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():" - "+ System.getenv("POD_IP"); return "Java - SpringBoot - " + IP; } diff --git a/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java index 00afc641..db7b2a3d 100644 --- a/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java @@ -34,7 +34,7 @@ public List query() { } @RequestMapping(value = "/info", method = RequestMethod.GET, produces ={ "text/plain" }) - public String info() { + public String info() throws Exception { String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():" - "+ System.getenv("POD_IP"); return "Java - SpringBoot / No Database - " + IP; } From 88722047eecbd5a36f27f773c15c7cd64de2ddcb Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 24 Dec 2023 03:56:03 +0100 Subject: [PATCH 062/176] v1.6 --- option/tls/new/certbot_init.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/option/tls/new/certbot_init.sh b/option/tls/new/certbot_init.sh index 9f4393f0..57c776b1 100644 --- a/option/tls/new/certbot_init.sh +++ b/option/tls/new/certbot_init.sh @@ -31,6 +31,7 @@ sudo firewall-cmd --reload x=10 while [ $x -gt 0 ] do + nslookup $TF_VAR_dns_name sudo certbot --agree-tos --nginx --email $CERTIFICATE_EMAIL -d $TF_VAR_dns_name RESULT=$? if [ $RESULT -eq 0 ]; then @@ -38,10 +39,9 @@ do x=0 else echo "Cerbot failed - Retrying $x - Waiting 60 secs for the DNS" - nslookup $TF_VAR_dns_name sleep 60 x=$(( $x - 1 )) - if [ x -eq 0 ]; then + if [ $x -eq 0 ]; then echo "ERROR" exit 1 fi From 2c8db33bed7dc15053655fed6de06f6740cc09ea Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 24 Dec 2023 10:01:50 +0100 Subject: [PATCH 063/176] v1.6 --- option/tls/new/certbot_init.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/option/tls/new/certbot_init.sh b/option/tls/new/certbot_init.sh index 57c776b1..cf139319 100644 --- a/option/tls/new/certbot_init.sh +++ b/option/tls/new/certbot_init.sh @@ -28,7 +28,8 @@ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent sudo firewall-cmd --zone=public --add-port=443/tcp --permanent sudo firewall-cmd --reload -x=10 +x_max=10 +x=$x_max while [ $x -gt 0 ] do nslookup $TF_VAR_dns_name @@ -38,7 +39,9 @@ do echo "Success - certbot" x=0 else - echo "Cerbot failed - Retrying $x - Waiting 60 secs for the DNS" + echo + echo "WARNING" + echo "Cerbot failed - Retrying $x/${x_max} - Waiting 60 secs for the DNS entry to propagate to the verification servers" sleep 60 x=$(( $x - 1 )) if [ $x -eq 0 ]; then From 910ed48a65a9130fb63bbe869d3df2e4f2bb20d4 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 24 Dec 2023 17:59:48 +0100 Subject: [PATCH 064/176] v1.6 --- .../src/main/java/com/example/demo/DemoController.java | 4 ++-- .../src/main/java/com/example/demo/DemoController.java | 4 ++-- .../src/main/java/com/example/demo/DemoController.java | 2 +- option/tls/new/certbot_init.sh | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java index 853808d9..7e74bb9d 100644 --- a/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java @@ -58,7 +58,7 @@ public List query() { @RequestMapping(value = "/info", method = RequestMethod.GET, produces = { "text/plain" }) public String info() throws Exception { - String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():" - "+ System.getenv("POD_IP"); - return "Java - SpringBoot - " + IP; + String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress()+ System.getenv("POD_IP"); + return "Java - SpringBoot - " + IP; } } diff --git a/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java index 55ac7177..f04702d1 100644 --- a/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java @@ -48,7 +48,7 @@ public List query() { @RequestMapping(value = "/info", method = RequestMethod.GET, produces ={ "text/plain" }) public String info() throws Exception { - String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():" - "+ System.getenv("POD_IP"); - return "Java - SpringBoot - " + IP; + String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress()+ System.getenv("POD_IP"); + return "Java - SpringBoot - " + IP; } } diff --git a/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java index db7b2a3d..f0ea84be 100644 --- a/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java @@ -35,7 +35,7 @@ public List query() { @RequestMapping(value = "/info", method = RequestMethod.GET, produces ={ "text/plain" }) public String info() throws Exception { - String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():" - "+ System.getenv("POD_IP"); + String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress()+ System.getenv("POD_IP"); return "Java - SpringBoot / No Database - " + IP; } } diff --git a/option/tls/new/certbot_init.sh b/option/tls/new/certbot_init.sh index cf139319..6066d8a4 100644 --- a/option/tls/new/certbot_init.sh +++ b/option/tls/new/certbot_init.sh @@ -28,7 +28,7 @@ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent sudo firewall-cmd --zone=public --add-port=443/tcp --permanent sudo firewall-cmd --reload -x_max=10 +x_max=5 x=$x_max while [ $x -gt 0 ] do @@ -41,8 +41,8 @@ do else echo echo "WARNING" - echo "Cerbot failed - Retrying $x/${x_max} - Waiting 60 secs for the DNS entry to propagate to the verification servers" - sleep 60 + echo "Cerbot failed - Retrying $x/${x_max} - Waiting 120 secs for the DNS entry to propagate to the verification servers" + sleep 120 x=$(( $x - 1 )) if [ $x -eq 0 ]; then echo "ERROR" From 2abd6c0fdac2eefb8cf26985660e8000ffb08059 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 09:42:38 +0100 Subject: [PATCH 065/176] v1.6 --- basis/bin/auto_env.sh | 4 +- basis/bin/tls_dns/dns_challenge.sh | 24 ++++++++++ basis/bin/tls_dns/dns_challenge_clean.sh | 3 ++ basis/bin/tls_dns/docker_certbot.sh | 17 +++++++ basis/bin/tls_dns/tls_dns_create.sh | 57 ++++++++++++++++++++++++ option/oke/oke_destroy.sh | 7 +++ 6 files changed, 110 insertions(+), 2 deletions(-) create mode 100644 basis/bin/tls_dns/dns_challenge.sh create mode 100644 basis/bin/tls_dns/dns_challenge_clean.sh create mode 100644 basis/bin/tls_dns/docker_certbot.sh create mode 100644 basis/bin/tls_dns/tls_dns_create.sh diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 255d65c6..7ab510bd 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -186,8 +186,8 @@ if [ -f $STATE_FILE ]; then if [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then # XXX Does not work with Resource Manager XXX # Check in the terraform state is the compute is already created. - COMPUTE_TYPE=`cat $STATE_FILE | jq -r '.resources[] | select(.name=="starter_instance") | .type'` - if [ "$COMPUTE_TYPE" != "" ]; then + get_id_from_tfstate "COMPUTE_OCID" "starter_instance" + if [ "$COMPUTE_OCID" != "" ]; then export TF_VAR_compute_ready="true" fi fi diff --git a/basis/bin/tls_dns/dns_challenge.sh b/basis/bin/tls_dns/dns_challenge.sh new file mode 100644 index 00000000..6dfe2fa6 --- /dev/null +++ b/basis/bin/tls_dns/dns_challenge.sh @@ -0,0 +1,24 @@ +echo "-- dns_challenge.sh" +echo $CERTBOT_DOMAIN > /certbot_shared/CERTBOT_DOMAIN +echo $CERTBOT_VALIDATION > /certbot_shared/CERTBOT_VALIDATION +env > /certbot_shared/dns_challenge_env.log + +wait_file { + echo "Waiting File $1" + x=12 + until [ -f $1 ] + do + x=$(( $x - 1 )) + if [ $x -eq 0 ]; then + echo "ERROR: $1 not found" + exit 1 + fi + echo "Waiting 5 secs" + sleep 5 + done + echo "File found" +} + +wait_file /certbot_shared/DNS_CREATED + + diff --git a/basis/bin/tls_dns/dns_challenge_clean.sh b/basis/bin/tls_dns/dns_challenge_clean.sh new file mode 100644 index 00000000..4a84e3ea --- /dev/null +++ b/basis/bin/tls_dns/dns_challenge_clean.sh @@ -0,0 +1,3 @@ +#!/bin/bash +echo "-- dns_challenge_clean.sh" +echo clean > /certbot_shared/CERTBOT_DOMAIN_CLEAN diff --git a/basis/bin/tls_dns/docker_certbot.sh b/basis/bin/tls_dns/docker_certbot.sh new file mode 100644 index 00000000..d4d69b32 --- /dev/null +++ b/basis/bin/tls_dns/docker_certbot.sh @@ -0,0 +1,17 @@ +if [ "$TF_VAR_dns_name" == "" ]; then + echo "ERROR: TF_VAR_dns_name not defined" + exit 1 +fi + +mkdir -p $TARGET_DIR/letsencrypt +mkdir -p $TARGET_DIR/certbot_shared + +cp $BIN_DIR/tls/dns* $TARGET_DIR/certbot_shared/. + +docker run -it --rm --name certbot \ + -v "$TARGET_DIR/letsencrypt:/etc/letsencrypt" \ + -v "$TARGET_DIR/certbot_shared:/certbot_shared" \ + certbot/certbot -d $TF_VAR_dns_name --agree-tos --register-unsafely-without-email --manual --preferred-challenges dns --manual-auth-hook /certbot_shared/dns_ + challenge.sh --manual-cleanup-hook /certbot_shared/dns_challenge_clean.sh --disable-hook-validation --force-renewal certonly + + diff --git a/basis/bin/tls_dns/tls_dns_create.sh b/basis/bin/tls_dns/tls_dns_create.sh new file mode 100644 index 00000000..2f2dcd26 --- /dev/null +++ b/basis/bin/tls_dns/tls_dns_create.sh @@ -0,0 +1,57 @@ +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +cd $SCRIPT_DIR/.. +. env.sh -silent + +wait_file { + echo "Waiting File $1" + x=12 + until [ -f $1 ] + do + x=$(( $x - 1 )) + if [ $x -eq 0 ]; then + echo "ERROR: $1 not found" + exit 1 + fi + echo "Waiting 5 secs" + sleep 5 + done + echo "File found" +} + +# Start Certbot in Backgroud (since it has not OCI CLI access) +$BIN_DIR/tls/docker_certbot.sh > $TARGET_DIR/docker_certbot.log 2>&1 & + +# Wait that Certbot create the validation token +wait_file $TARGET_DIR/certbot_shared/CERBOT_DOMAIN ] + +export CERBOT_DOMAIN=`cat $TARGET_DIR/certbot_shared/CERBOT_DOMAIN` +export CERTBOT_VALIDATION=`cat $TARGET_DIR/certbot_shared/CERTBOT_VALIDATION` +export TF_VAR_dns_acme_challenge=_acme-challenge.${CERBOT_DOMAIN} +export TF_VAR_dns_data=$CERTBOT_VALIDATION +oci dns record rrset update --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' --items '[{"domain":"'$TF_VAR_dns_acme_challenge'", "rdata":"'$TF_VAR_dns_data'", "rtype":"TXT","ttl":300}]' --wait-for-state ACTIVE --wait-for-state FAILED + +# Wait that Certbot create the validation token +wait_file $TARGET_DIR/certbot_shared/CERTBOT_DOMAIN_CLEAN ] +oci dns record rrset delete --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' --wait-for-state ACTIVE --wait-for-state FAILED + + +x_max=5 +x=$x_max +while [ $x -gt 0 ] +do + nslookup $TF_VAR_dns_name + sudo certbot --agree-tos --nginx --email $CERTIFICATE_EMAIL -d $TF_VAR_dns_name + RESULT=$? + if [ $RESULT -eq 0 ]; then + echo "Success - certbot" + x=0 + else + echo + echo "WARNING" + echo "Cerbot failed - Retrying $x/${x_max} - Waiting 120 secs for the DNS entry to propagate to the verification servers" + sleep 120 + x=$(( $x - 1 )) + if [ $x -eq 0 ]; then + echo "ERROR" + exit 1 + fi \ No newline at end of file diff --git a/option/oke/oke_destroy.sh b/option/oke/oke_destroy.sh index cf7a7815..c125c003 100755 --- a/option/oke/oke_destroy.sh +++ b/option/oke/oke_destroy.sh @@ -21,6 +21,13 @@ if [ ! -f $KUBECONFIG ]; then create_kubeconfig fi +# Check if OKE is still in the terraform state file +get_id_from_tfstate "OKE_OCID" "starter_oke" +if [ "$OKE_OCID" == "" ]; then + echo "OKE_DESTROY skipped. OKE not detected in $STATE_FILE" + exit +fi + # The goal is to destroy all LoadBalancers created by OKE in OCI before to delete OKE. # # Delete all ingress, services From 2dbba8b3bebb669edf869cd542e8ed563de36108 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 09:45:25 +0100 Subject: [PATCH 066/176] v1.6 --- basis/bin/tls_dns/dns_challenge.sh | 0 basis/bin/tls_dns/dns_challenge_clean.sh | 0 basis/bin/tls_dns/docker_certbot.sh | 0 basis/bin/tls_dns/tls_dns_create.sh | 0 option/tls/new/certbot_init.sh | 0 5 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 basis/bin/tls_dns/dns_challenge.sh mode change 100644 => 100755 basis/bin/tls_dns/dns_challenge_clean.sh mode change 100644 => 100755 basis/bin/tls_dns/docker_certbot.sh mode change 100644 => 100755 basis/bin/tls_dns/tls_dns_create.sh mode change 100644 => 100755 option/tls/new/certbot_init.sh diff --git a/basis/bin/tls_dns/dns_challenge.sh b/basis/bin/tls_dns/dns_challenge.sh old mode 100644 new mode 100755 diff --git a/basis/bin/tls_dns/dns_challenge_clean.sh b/basis/bin/tls_dns/dns_challenge_clean.sh old mode 100644 new mode 100755 diff --git a/basis/bin/tls_dns/docker_certbot.sh b/basis/bin/tls_dns/docker_certbot.sh old mode 100644 new mode 100755 diff --git a/basis/bin/tls_dns/tls_dns_create.sh b/basis/bin/tls_dns/tls_dns_create.sh old mode 100644 new mode 100755 diff --git a/option/tls/new/certbot_init.sh b/option/tls/new/certbot_init.sh old mode 100644 new mode 100755 From e022dc7acec80f19ee604bcc1b0543f15991c9aa Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 09:48:21 +0100 Subject: [PATCH 067/176] v1.6 --- basis/bin/{tls_dns => }/tls_dns_create.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename basis/bin/{tls_dns => }/tls_dns_create.sh (100%) diff --git a/basis/bin/tls_dns/tls_dns_create.sh b/basis/bin/tls_dns_create.sh similarity index 100% rename from basis/bin/tls_dns/tls_dns_create.sh rename to basis/bin/tls_dns_create.sh From 826ce3319cfc33f85da73acf579da3c8e5c7363e Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 09:52:44 +0100 Subject: [PATCH 068/176] v1.6 --- basis/bin/tls_dns/dns_challenge.sh | 16 +--------- basis/bin/tls_dns/dns_shared_funtion.sh | 15 ++++++++++ basis/bin/tls_dns_create.sh | 39 +------------------------ 3 files changed, 17 insertions(+), 53 deletions(-) create mode 100755 basis/bin/tls_dns/dns_shared_funtion.sh diff --git a/basis/bin/tls_dns/dns_challenge.sh b/basis/bin/tls_dns/dns_challenge.sh index 6dfe2fa6..44452d28 100755 --- a/basis/bin/tls_dns/dns_challenge.sh +++ b/basis/bin/tls_dns/dns_challenge.sh @@ -3,21 +3,7 @@ echo $CERTBOT_DOMAIN > /certbot_shared/CERTBOT_DOMAIN echo $CERTBOT_VALIDATION > /certbot_shared/CERTBOT_VALIDATION env > /certbot_shared/dns_challenge_env.log -wait_file { - echo "Waiting File $1" - x=12 - until [ -f $1 ] - do - x=$(( $x - 1 )) - if [ $x -eq 0 ]; then - echo "ERROR: $1 not found" - exit 1 - fi - echo "Waiting 5 secs" - sleep 5 - done - echo "File found" -} +. /certbot_shared/dns_shared_function.sh wait_file /certbot_shared/DNS_CREATED diff --git a/basis/bin/tls_dns/dns_shared_funtion.sh b/basis/bin/tls_dns/dns_shared_funtion.sh new file mode 100755 index 00000000..ddaf1610 --- /dev/null +++ b/basis/bin/tls_dns/dns_shared_funtion.sh @@ -0,0 +1,15 @@ +wait_file() { + echo "Waiting File $1" + x=12 + until [ -f $1 ] + do + x=$(( $x - 1 )) + if [ $x -eq 0 ]; then + echo "ERROR: $1 not found" + exit 1 + fi + echo "Waiting 5 secs" + sleep 5 + done + echo "File found" +} \ No newline at end of file diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index 2f2dcd26..471bcba3 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -1,22 +1,7 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) cd $SCRIPT_DIR/.. . env.sh -silent - -wait_file { - echo "Waiting File $1" - x=12 - until [ -f $1 ] - do - x=$(( $x - 1 )) - if [ $x -eq 0 ]; then - echo "ERROR: $1 not found" - exit 1 - fi - echo "Waiting 5 secs" - sleep 5 - done - echo "File found" -} +. $BIN_DIR/tls_dns/dns_shared_function.sh # Start Certbot in Backgroud (since it has not OCI CLI access) $BIN_DIR/tls/docker_certbot.sh > $TARGET_DIR/docker_certbot.log 2>&1 & @@ -33,25 +18,3 @@ oci dns record rrset update --force --zone-name-or-id $TF_VAR_dns_zone_name --do # Wait that Certbot create the validation token wait_file $TARGET_DIR/certbot_shared/CERTBOT_DOMAIN_CLEAN ] oci dns record rrset delete --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' --wait-for-state ACTIVE --wait-for-state FAILED - - -x_max=5 -x=$x_max -while [ $x -gt 0 ] -do - nslookup $TF_VAR_dns_name - sudo certbot --agree-tos --nginx --email $CERTIFICATE_EMAIL -d $TF_VAR_dns_name - RESULT=$? - if [ $RESULT -eq 0 ]; then - echo "Success - certbot" - x=0 - else - echo - echo "WARNING" - echo "Cerbot failed - Retrying $x/${x_max} - Waiting 120 secs for the DNS entry to propagate to the verification servers" - sleep 120 - x=$(( $x - 1 )) - if [ $x -eq 0 ]; then - echo "ERROR" - exit 1 - fi \ No newline at end of file From 7aca0345394f7ffef1109ee097ec1eaa99003ba8 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 09:56:07 +0100 Subject: [PATCH 069/176] v1.6 --- .../tls_dns/{dns_shared_funtion.sh => dns_shared_function.sh} | 0 basis/bin/tls_dns_create.sh | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename basis/bin/tls_dns/{dns_shared_funtion.sh => dns_shared_function.sh} (100%) diff --git a/basis/bin/tls_dns/dns_shared_funtion.sh b/basis/bin/tls_dns/dns_shared_function.sh similarity index 100% rename from basis/bin/tls_dns/dns_shared_funtion.sh rename to basis/bin/tls_dns/dns_shared_function.sh diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index 471bcba3..9f4d61b7 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -4,7 +4,7 @@ cd $SCRIPT_DIR/.. . $BIN_DIR/tls_dns/dns_shared_function.sh # Start Certbot in Backgroud (since it has not OCI CLI access) -$BIN_DIR/tls/docker_certbot.sh > $TARGET_DIR/docker_certbot.log 2>&1 & +$BIN_DIR/tls_dns/docker_certbot.sh > $TARGET_DIR/docker_certbot.log 2>&1 & # Wait that Certbot create the validation token wait_file $TARGET_DIR/certbot_shared/CERBOT_DOMAIN ] From 3ec900df17386662240d7948102419e7788fded8 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 09:59:18 +0100 Subject: [PATCH 070/176] v1.6 --- basis/bin/{tls_dns => tls}/dns_challenge.sh | 0 basis/bin/{tls_dns => tls}/dns_challenge_clean.sh | 0 basis/bin/{tls_dns => tls}/dns_shared_function.sh | 0 basis/bin/{tls_dns => tls}/docker_certbot.sh | 0 basis/bin/tls_dns_create.sh | 4 ++-- 5 files changed, 2 insertions(+), 2 deletions(-) rename basis/bin/{tls_dns => tls}/dns_challenge.sh (100%) rename basis/bin/{tls_dns => tls}/dns_challenge_clean.sh (100%) rename basis/bin/{tls_dns => tls}/dns_shared_function.sh (100%) rename basis/bin/{tls_dns => tls}/docker_certbot.sh (100%) diff --git a/basis/bin/tls_dns/dns_challenge.sh b/basis/bin/tls/dns_challenge.sh similarity index 100% rename from basis/bin/tls_dns/dns_challenge.sh rename to basis/bin/tls/dns_challenge.sh diff --git a/basis/bin/tls_dns/dns_challenge_clean.sh b/basis/bin/tls/dns_challenge_clean.sh similarity index 100% rename from basis/bin/tls_dns/dns_challenge_clean.sh rename to basis/bin/tls/dns_challenge_clean.sh diff --git a/basis/bin/tls_dns/dns_shared_function.sh b/basis/bin/tls/dns_shared_function.sh similarity index 100% rename from basis/bin/tls_dns/dns_shared_function.sh rename to basis/bin/tls/dns_shared_function.sh diff --git a/basis/bin/tls_dns/docker_certbot.sh b/basis/bin/tls/docker_certbot.sh similarity index 100% rename from basis/bin/tls_dns/docker_certbot.sh rename to basis/bin/tls/docker_certbot.sh diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index 9f4d61b7..1bb9c4bc 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -1,10 +1,10 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) cd $SCRIPT_DIR/.. . env.sh -silent -. $BIN_DIR/tls_dns/dns_shared_function.sh +. $BIN_DIR/tls/dns_shared_function.sh # Start Certbot in Backgroud (since it has not OCI CLI access) -$BIN_DIR/tls_dns/docker_certbot.sh > $TARGET_DIR/docker_certbot.log 2>&1 & +$BIN_DIR/tls/docker_certbot.sh > $TARGET_DIR/docker_certbot.log 2>&1 & # Wait that Certbot create the validation token wait_file $TARGET_DIR/certbot_shared/CERBOT_DOMAIN ] From faf8cb34973272498f2992fcd3c6b8353bd7e2ef Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 10:00:21 +0100 Subject: [PATCH 071/176] v1.6 --- basis/bin/tls/{docker_certbot.sh => dns_certbot_docker.sh} | 0 basis/bin/tls_dns_create.sh | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename basis/bin/tls/{docker_certbot.sh => dns_certbot_docker.sh} (100%) diff --git a/basis/bin/tls/docker_certbot.sh b/basis/bin/tls/dns_certbot_docker.sh similarity index 100% rename from basis/bin/tls/docker_certbot.sh rename to basis/bin/tls/dns_certbot_docker.sh diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index 1bb9c4bc..6df73f5b 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -4,7 +4,7 @@ cd $SCRIPT_DIR/.. . $BIN_DIR/tls/dns_shared_function.sh # Start Certbot in Backgroud (since it has not OCI CLI access) -$BIN_DIR/tls/docker_certbot.sh > $TARGET_DIR/docker_certbot.log 2>&1 & +$BIN_DIR/tls/dns_certbot_docker.sh > $TARGET_DIR/dns_certbot_docker.log 2>&1 & # Wait that Certbot create the validation token wait_file $TARGET_DIR/certbot_shared/CERBOT_DOMAIN ] From 50568feecfe9e652733de657b4134744b7d036f5 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 10:01:02 +0100 Subject: [PATCH 072/176] v1.6 --- basis/bin/tls/dns_shared_function.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/tls/dns_shared_function.sh b/basis/bin/tls/dns_shared_function.sh index ddaf1610..59657b71 100755 --- a/basis/bin/tls/dns_shared_function.sh +++ b/basis/bin/tls/dns_shared_function.sh @@ -8,7 +8,7 @@ wait_file() { echo "ERROR: $1 not found" exit 1 fi - echo "Waiting 5 secs" + echo "- waiting 5 secs" sleep 5 done echo "File found" From e8e01603b54a50dfce0f5867dfbb0b4947df3947 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 10:03:21 +0100 Subject: [PATCH 073/176] v1.6 --- basis/bin/tls/dns_certbot_docker.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/basis/bin/tls/dns_certbot_docker.sh b/basis/bin/tls/dns_certbot_docker.sh index d4d69b32..e0d8f5d4 100755 --- a/basis/bin/tls/dns_certbot_docker.sh +++ b/basis/bin/tls/dns_certbot_docker.sh @@ -11,7 +11,8 @@ cp $BIN_DIR/tls/dns* $TARGET_DIR/certbot_shared/. docker run -it --rm --name certbot \ -v "$TARGET_DIR/letsencrypt:/etc/letsencrypt" \ -v "$TARGET_DIR/certbot_shared:/certbot_shared" \ - certbot/certbot -d $TF_VAR_dns_name --agree-tos --register-unsafely-without-email --manual --preferred-challenges dns --manual-auth-hook /certbot_shared/dns_ - challenge.sh --manual-cleanup-hook /certbot_shared/dns_challenge_clean.sh --disable-hook-validation --force-renewal certonly + certbot/certbot -d $TF_VAR_dns_name --agree-tos --register-unsafely-without-email --manual --preferred-challenges dns \ + --manual-auth-hook /certbot_shared/dns_challenge.sh --manual-cleanup-hook /certbot_shared/dns_challenge_clean.sh \ + --disable-hook-validation --force-renewal certonly From a01473eab6813f9957e9dd909c1aad087d4ecfdc Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 10:07:25 +0100 Subject: [PATCH 074/176] v1.6 --- basis/bin/tls_dns_create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index 6df73f5b..411a057c 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -4,7 +4,7 @@ cd $SCRIPT_DIR/.. . $BIN_DIR/tls/dns_shared_function.sh # Start Certbot in Backgroud (since it has not OCI CLI access) -$BIN_DIR/tls/dns_certbot_docker.sh > $TARGET_DIR/dns_certbot_docker.log 2>&1 & +$BIN_DIR/tls/dns_certbot_docker.sh & # Wait that Certbot create the validation token wait_file $TARGET_DIR/certbot_shared/CERBOT_DOMAIN ] From ff451bf9e07ab38a236bb2ebc97143f275499fee Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 10:12:21 +0100 Subject: [PATCH 075/176] v1.6 --- basis/bin/tls/dns_oci_background.sh | 12 ++++++++++++ basis/bin/tls_dns_create.sh | 26 +++++++++++++++----------- 2 files changed, 27 insertions(+), 11 deletions(-) create mode 100644 basis/bin/tls/dns_oci_background.sh diff --git a/basis/bin/tls/dns_oci_background.sh b/basis/bin/tls/dns_oci_background.sh new file mode 100644 index 00000000..99040574 --- /dev/null +++ b/basis/bin/tls/dns_oci_background.sh @@ -0,0 +1,12 @@ +# Wait that Certbot create the validation token +wait_file $TARGET_DIR/certbot_shared/CERBOT_DOMAIN ] + +export CERBOT_DOMAIN=`cat $TARGET_DIR/certbot_shared/CERBOT_DOMAIN` +export CERTBOT_VALIDATION=`cat $TARGET_DIR/certbot_shared/CERTBOT_VALIDATION` +export TF_VAR_dns_acme_challenge=_acme-challenge.${CERBOT_DOMAIN} +export TF_VAR_dns_data=$CERTBOT_VALIDATION +oci dns record rrset update --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' --items '[{"domain":"'$TF_VAR_dns_acme_challenge'", "rdata":"'$TF_VAR_dns_data'", "rtype":"TXT","ttl":300}]' --wait-for-state ACTIVE --wait-for-state FAILED + +# Wait that Certbot create the validation token +wait_file $TARGET_DIR/certbot_shared/CERTBOT_DOMAIN_CLEAN ] +oci dns record rrset delete --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' --wait-for-state ACTIVE --wait-for-state FAILED diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index 411a057c..d0c1f0f6 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -4,17 +4,21 @@ cd $SCRIPT_DIR/.. . $BIN_DIR/tls/dns_shared_function.sh # Start Certbot in Backgroud (since it has not OCI CLI access) -$BIN_DIR/tls/dns_certbot_docker.sh & +$BIN_DIR/tls/dns_oci_background.sh & -# Wait that Certbot create the validation token -wait_file $TARGET_DIR/certbot_shared/CERBOT_DOMAIN ] +if [ "$TF_VAR_dns_name" == "" ]; then + echo "ERROR: TF_VAR_dns_name not defined" + exit 1 +fi -export CERBOT_DOMAIN=`cat $TARGET_DIR/certbot_shared/CERBOT_DOMAIN` -export CERTBOT_VALIDATION=`cat $TARGET_DIR/certbot_shared/CERTBOT_VALIDATION` -export TF_VAR_dns_acme_challenge=_acme-challenge.${CERBOT_DOMAIN} -export TF_VAR_dns_data=$CERTBOT_VALIDATION -oci dns record rrset update --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' --items '[{"domain":"'$TF_VAR_dns_acme_challenge'", "rdata":"'$TF_VAR_dns_data'", "rtype":"TXT","ttl":300}]' --wait-for-state ACTIVE --wait-for-state FAILED +mkdir -p $TARGET_DIR/letsencrypt +mkdir -p $TARGET_DIR/certbot_shared -# Wait that Certbot create the validation token -wait_file $TARGET_DIR/certbot_shared/CERTBOT_DOMAIN_CLEAN ] -oci dns record rrset delete --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' --wait-for-state ACTIVE --wait-for-state FAILED +cp $BIN_DIR/tls/dns* $TARGET_DIR/certbot_shared/. + +docker run -it --rm --name certbot \ + -v "$TARGET_DIR/letsencrypt:/etc/letsencrypt" \ + -v "$TARGET_DIR/certbot_shared:/certbot_shared" \ + certbot/certbot -d $TF_VAR_dns_name --agree-tos --register-unsafely-without-email --manual --preferred-challenges dns \ + --manual-auth-hook /certbot_shared/dns_challenge.sh --manual-cleanup-hook /certbot_shared/dns_challenge_clean.sh \ + --disable-hook-validation --force-renewal certonly From 44f48edcc7b2f3da70b7dc8fb14a3de269d0845a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 10:14:57 +0100 Subject: [PATCH 076/176] v1.6 --- basis/bin/tls/dns_oci_background.sh | 0 basis/bin/tls_dns_create.sh | 5 +++-- 2 files changed, 3 insertions(+), 2 deletions(-) mode change 100644 => 100755 basis/bin/tls/dns_oci_background.sh diff --git a/basis/bin/tls/dns_oci_background.sh b/basis/bin/tls/dns_oci_background.sh old mode 100644 new mode 100755 diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index d0c1f0f6..b91536ef 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -3,8 +3,9 @@ cd $SCRIPT_DIR/.. . env.sh -silent . $BIN_DIR/tls/dns_shared_function.sh -# Start Certbot in Backgroud (since it has not OCI CLI access) -$BIN_DIR/tls/dns_oci_background.sh & +# Start OCI Commands in Backgroud waiting from files coming from certbot +# (Since Certbot Docker has not OCI CLI access) +$BIN_DIR/tls/dns_oci_background.sh > $TARGET_DIR/dns_oci_background.log 2>&1 & if [ "$TF_VAR_dns_name" == "" ]; then echo "ERROR: TF_VAR_dns_name not defined" From 4cf05438bd0bec25bea4053e41c7ab2de58ffed3 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 10:18:49 +0100 Subject: [PATCH 077/176] v1.6 --- basis/bin/tls/dns_oci_background.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/basis/bin/tls/dns_oci_background.sh b/basis/bin/tls/dns_oci_background.sh index 99040574..cec7ab54 100755 --- a/basis/bin/tls/dns_oci_background.sh +++ b/basis/bin/tls/dns_oci_background.sh @@ -6,6 +6,8 @@ export CERTBOT_VALIDATION=`cat $TARGET_DIR/certbot_shared/CERTBOT_VALIDATION` export TF_VAR_dns_acme_challenge=_acme-challenge.${CERBOT_DOMAIN} export TF_VAR_dns_data=$CERTBOT_VALIDATION oci dns record rrset update --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' --items '[{"domain":"'$TF_VAR_dns_acme_challenge'", "rdata":"'$TF_VAR_dns_data'", "rtype":"TXT","ttl":300}]' --wait-for-state ACTIVE --wait-for-state FAILED +# XXX Check that DNS is really propagated ? +echo "done" > $TARGET_DIR/certbot_shared/DNS_CREATED # Wait that Certbot create the validation token wait_file $TARGET_DIR/certbot_shared/CERTBOT_DOMAIN_CLEAN ] From d9e14b4d3e81cfd6f99a12351c333b99d8e28e0f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 10:23:28 +0100 Subject: [PATCH 078/176] v1.6 --- basis/bin/tls/dns_oci_background.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/basis/bin/tls/dns_oci_background.sh b/basis/bin/tls/dns_oci_background.sh index cec7ab54..80d1cdde 100755 --- a/basis/bin/tls/dns_oci_background.sh +++ b/basis/bin/tls/dns_oci_background.sh @@ -1,14 +1,16 @@ # Wait that Certbot create the validation token +. $BIN_DIR/tls/dns_shared_function.sh + wait_file $TARGET_DIR/certbot_shared/CERBOT_DOMAIN ] export CERBOT_DOMAIN=`cat $TARGET_DIR/certbot_shared/CERBOT_DOMAIN` export CERTBOT_VALIDATION=`cat $TARGET_DIR/certbot_shared/CERTBOT_VALIDATION` export TF_VAR_dns_acme_challenge=_acme-challenge.${CERBOT_DOMAIN} export TF_VAR_dns_data=$CERTBOT_VALIDATION -oci dns record rrset update --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' --items '[{"domain":"'$TF_VAR_dns_acme_challenge'", "rdata":"'$TF_VAR_dns_data'", "rtype":"TXT","ttl":300}]' --wait-for-state ACTIVE --wait-for-state FAILED +oci dns record rrset update --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' --items '[{"domain":"'$TF_VAR_dns_acme_challenge'", "rdata":"'$TF_VAR_dns_data'", "rtype":"TXT","ttl":300}]' # XXX Check that DNS is really propagated ? echo "done" > $TARGET_DIR/certbot_shared/DNS_CREATED # Wait that Certbot create the validation token wait_file $TARGET_DIR/certbot_shared/CERTBOT_DOMAIN_CLEAN ] -oci dns record rrset delete --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' --wait-for-state ACTIVE --wait-for-state FAILED +oci dns record rrset delete --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' From 623442169972a917d641294eefe0aba2590a3164 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 10:38:43 +0100 Subject: [PATCH 079/176] v1.6 --- basis/bin/tls/dns_oci_background.sh | 4 ++-- basis/bin/tls/dns_shared_function.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/basis/bin/tls/dns_oci_background.sh b/basis/bin/tls/dns_oci_background.sh index 80d1cdde..7be5bff1 100755 --- a/basis/bin/tls/dns_oci_background.sh +++ b/basis/bin/tls/dns_oci_background.sh @@ -1,9 +1,9 @@ # Wait that Certbot create the validation token . $BIN_DIR/tls/dns_shared_function.sh -wait_file $TARGET_DIR/certbot_shared/CERBOT_DOMAIN ] +wait_file $TARGET_DIR/certbot_shared/CERTBOT_DOMAIN ] -export CERBOT_DOMAIN=`cat $TARGET_DIR/certbot_shared/CERBOT_DOMAIN` +export CERBOT_DOMAIN=`cat $TARGET_DIR/certbot_shared/CERTBOT_DOMAIN` export CERTBOT_VALIDATION=`cat $TARGET_DIR/certbot_shared/CERTBOT_VALIDATION` export TF_VAR_dns_acme_challenge=_acme-challenge.${CERBOT_DOMAIN} export TF_VAR_dns_data=$CERTBOT_VALIDATION diff --git a/basis/bin/tls/dns_shared_function.sh b/basis/bin/tls/dns_shared_function.sh index 59657b71..63a51f80 100755 --- a/basis/bin/tls/dns_shared_function.sh +++ b/basis/bin/tls/dns_shared_function.sh @@ -1,6 +1,6 @@ wait_file() { echo "Waiting File $1" - x=12 + x=60 until [ -f $1 ] do x=$(( $x - 1 )) From 121600fa77dd358d239664e2306f5cfb20deabad Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 11:00:42 +0100 Subject: [PATCH 080/176] v1.6 --- basis/bin/tls/dns_certbot_docker.sh | 2 ++ basis/bin/tls/dns_challenge_clean.sh | 6 +++++- basis/bin/tls/dns_oci_background.sh | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/basis/bin/tls/dns_certbot_docker.sh b/basis/bin/tls/dns_certbot_docker.sh index e0d8f5d4..6ebaaa6b 100755 --- a/basis/bin/tls/dns_certbot_docker.sh +++ b/basis/bin/tls/dns_certbot_docker.sh @@ -8,6 +8,7 @@ mkdir -p $TARGET_DIR/certbot_shared cp $BIN_DIR/tls/dns* $TARGET_DIR/certbot_shared/. +# docker run -it --rm --name certbot --entrypoint bash certbot/certbot docker run -it --rm --name certbot \ -v "$TARGET_DIR/letsencrypt:/etc/letsencrypt" \ -v "$TARGET_DIR/certbot_shared:/certbot_shared" \ @@ -15,4 +16,5 @@ docker run -it --rm --name certbot \ --manual-auth-hook /certbot_shared/dns_challenge.sh --manual-cleanup-hook /certbot_shared/dns_challenge_clean.sh \ --disable-hook-validation --force-renewal certonly +docker run -it --rm --name certbot certbot/certbot --entrypoint bash diff --git a/basis/bin/tls/dns_challenge_clean.sh b/basis/bin/tls/dns_challenge_clean.sh index 4a84e3ea..f212cb9e 100755 --- a/basis/bin/tls/dns_challenge_clean.sh +++ b/basis/bin/tls/dns_challenge_clean.sh @@ -1,3 +1,7 @@ -#!/bin/bash echo "-- dns_challenge_clean.sh" + +ls -lR /etc/letsencrypt > /certbot_shared/etc_letsencrypt.log +cp -Lr /etc/letsencrypt/live/$CERTBOT_DOMAIN /certbot_shared/. +chmod 777 /certbot_shared/$CERTBOT_DOMAIN + echo clean > /certbot_shared/CERTBOT_DOMAIN_CLEAN diff --git a/basis/bin/tls/dns_oci_background.sh b/basis/bin/tls/dns_oci_background.sh index 7be5bff1..f5421601 100755 --- a/basis/bin/tls/dns_oci_background.sh +++ b/basis/bin/tls/dns_oci_background.sh @@ -9,6 +9,7 @@ export TF_VAR_dns_acme_challenge=_acme-challenge.${CERBOT_DOMAIN} export TF_VAR_dns_data=$CERTBOT_VALIDATION oci dns record rrset update --force --zone-name-or-id $TF_VAR_dns_zone_name --domain $TF_VAR_dns_acme_challenge --rtype 'TXT' --items '[{"domain":"'$TF_VAR_dns_acme_challenge'", "rdata":"'$TF_VAR_dns_data'", "rtype":"TXT","ttl":300}]' # XXX Check that DNS is really propagated ? +sleep 10 echo "done" > $TARGET_DIR/certbot_shared/DNS_CREATED # Wait that Certbot create the validation token From d6f77aefb888873243ca1f09b4602b97005de0a3 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 11:01:37 +0100 Subject: [PATCH 081/176] v1.6 --- basis/bin/tls/dns_certbot_docker.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/basis/bin/tls/dns_certbot_docker.sh b/basis/bin/tls/dns_certbot_docker.sh index 6ebaaa6b..b0dfae6f 100755 --- a/basis/bin/tls/dns_certbot_docker.sh +++ b/basis/bin/tls/dns_certbot_docker.sh @@ -10,7 +10,6 @@ cp $BIN_DIR/tls/dns* $TARGET_DIR/certbot_shared/. # docker run -it --rm --name certbot --entrypoint bash certbot/certbot docker run -it --rm --name certbot \ - -v "$TARGET_DIR/letsencrypt:/etc/letsencrypt" \ -v "$TARGET_DIR/certbot_shared:/certbot_shared" \ certbot/certbot -d $TF_VAR_dns_name --agree-tos --register-unsafely-without-email --manual --preferred-challenges dns \ --manual-auth-hook /certbot_shared/dns_challenge.sh --manual-cleanup-hook /certbot_shared/dns_challenge_clean.sh \ From d501a92526b8edae1494a740064ef8872179ce2c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 11:13:40 +0100 Subject: [PATCH 082/176] v1.6 --- basis/bin/tls/dns_certbot_entrypoint.sh | 14 ++++++++++++++ basis/bin/tls_dns_create.sh | 10 ++-------- 2 files changed, 16 insertions(+), 8 deletions(-) create mode 100755 basis/bin/tls/dns_certbot_entrypoint.sh diff --git a/basis/bin/tls/dns_certbot_entrypoint.sh b/basis/bin/tls/dns_certbot_entrypoint.sh new file mode 100755 index 00000000..f263ffa7 --- /dev/null +++ b/basis/bin/tls/dns_certbot_entrypoint.sh @@ -0,0 +1,14 @@ +export TF_VAR_dns_name=$1 +echo TF_VAR_dns_name=$TF_VAR_dns_name +certbot -d $TF_VAR_dns_name --agree-tos --register-unsafely-without-email --manual --preferred-challenges dns \ + --manual-auth-hook /certbot_shared/dns_challenge.sh \ + --disable-hook-validation --force-renewal certonly + +ls -lR /etc/letsencrypt > /certbot_shared/etc_letsencrypt.log + +# Copy the certificate to the shared directory +cp -Lr /etc/letsencrypt/live/$TF_VAR_dns_name /certbot_shared/. +chmod 777 /certbot_shared/$TF_VAR_dns_name + +# Request OCI to clean the OCI DNS entry +echo clean > /certbot_shared/CERTBOT_DOMAIN_CLEAN \ No newline at end of file diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index b91536ef..25a9b6a6 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -12,14 +12,8 @@ if [ "$TF_VAR_dns_name" == "" ]; then exit 1 fi -mkdir -p $TARGET_DIR/letsencrypt mkdir -p $TARGET_DIR/certbot_shared - cp $BIN_DIR/tls/dns* $TARGET_DIR/certbot_shared/. -docker run -it --rm --name certbot \ - -v "$TARGET_DIR/letsencrypt:/etc/letsencrypt" \ - -v "$TARGET_DIR/certbot_shared:/certbot_shared" \ - certbot/certbot -d $TF_VAR_dns_name --agree-tos --register-unsafely-without-email --manual --preferred-challenges dns \ - --manual-auth-hook /certbot_shared/dns_challenge.sh --manual-cleanup-hook /certbot_shared/dns_challenge_clean.sh \ - --disable-hook-validation --force-renewal certonly +# docker run -it --rm --name certbot --entrypoint /bin/sh certbot/certbot +docker run -it --rm --name certbot -v "$TARGET_DIR/certbot_shared:/certbot_shared" --entrypoint /certbot_shared/dns_certbot_entrypoint.sh certbot/certbot $TF_VAR_dns_name From 1c2c04beb065f261f390772ac60f622531af7933 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 11:24:53 +0100 Subject: [PATCH 083/176] v1.6 --- basis/bin/tls_dns_create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index 25a9b6a6..1d95dfb8 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -16,4 +16,4 @@ mkdir -p $TARGET_DIR/certbot_shared cp $BIN_DIR/tls/dns* $TARGET_DIR/certbot_shared/. # docker run -it --rm --name certbot --entrypoint /bin/sh certbot/certbot -docker run -it --rm --name certbot -v "$TARGET_DIR/certbot_shared:/certbot_shared" --entrypoint /certbot_shared/dns_certbot_entrypoint.sh certbot/certbot $TF_VAR_dns_name +docker run -it --rm --name certbot -v "$TARGET_DIR/certbot_shared:/certbot_shared" --entrypoint /bin/sh certbot/certbot /certbot_shared/dns_certbot_entrypoint.sh $TF_VAR_dns_name From 8149d1f3feb30e9b6a60a5167700338857a8976a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 11:46:12 +0100 Subject: [PATCH 084/176] v1.6 --- basis/bin/tls/dns_certbot_docker.sh | 19 ------------------- basis/bin/tls/dns_certbot_entrypoint.sh | 2 +- basis/bin/tls_dns_create.sh | 9 +++++++++ 3 files changed, 10 insertions(+), 20 deletions(-) delete mode 100755 basis/bin/tls/dns_certbot_docker.sh diff --git a/basis/bin/tls/dns_certbot_docker.sh b/basis/bin/tls/dns_certbot_docker.sh deleted file mode 100755 index b0dfae6f..00000000 --- a/basis/bin/tls/dns_certbot_docker.sh +++ /dev/null @@ -1,19 +0,0 @@ -if [ "$TF_VAR_dns_name" == "" ]; then - echo "ERROR: TF_VAR_dns_name not defined" - exit 1 -fi - -mkdir -p $TARGET_DIR/letsencrypt -mkdir -p $TARGET_DIR/certbot_shared - -cp $BIN_DIR/tls/dns* $TARGET_DIR/certbot_shared/. - -# docker run -it --rm --name certbot --entrypoint bash certbot/certbot -docker run -it --rm --name certbot \ - -v "$TARGET_DIR/certbot_shared:/certbot_shared" \ - certbot/certbot -d $TF_VAR_dns_name --agree-tos --register-unsafely-without-email --manual --preferred-challenges dns \ - --manual-auth-hook /certbot_shared/dns_challenge.sh --manual-cleanup-hook /certbot_shared/dns_challenge_clean.sh \ - --disable-hook-validation --force-renewal certonly - -docker run -it --rm --name certbot certbot/certbot --entrypoint bash - diff --git a/basis/bin/tls/dns_certbot_entrypoint.sh b/basis/bin/tls/dns_certbot_entrypoint.sh index f263ffa7..8cb0f609 100755 --- a/basis/bin/tls/dns_certbot_entrypoint.sh +++ b/basis/bin/tls/dns_certbot_entrypoint.sh @@ -8,7 +8,7 @@ ls -lR /etc/letsencrypt > /certbot_shared/etc_letsencrypt.log # Copy the certificate to the shared directory cp -Lr /etc/letsencrypt/live/$TF_VAR_dns_name /certbot_shared/. -chmod 777 /certbot_shared/$TF_VAR_dns_name +chmod -R 777 /certbot_shared/$TF_VAR_dns_name # Request OCI to clean the OCI DNS entry echo clean > /certbot_shared/CERTBOT_DOMAIN_CLEAN \ No newline at end of file diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index 1d95dfb8..974901ce 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -17,3 +17,12 @@ cp $BIN_DIR/tls/dns* $TARGET_DIR/certbot_shared/. # docker run -it --rm --name certbot --entrypoint /bin/sh certbot/certbot docker run -it --rm --name certbot -v "$TARGET_DIR/certbot_shared:/certbot_shared" --entrypoint /bin/sh certbot/certbot /certbot_shared/dns_certbot_entrypoint.sh $TF_VAR_dns_name + +if [ -f $TARGET_DIR/certbot_shared/$TF_VAR_dns_name ]; + mkdir -p $PROJECT_DIR/src/tls + cp -R $TARGET_DIR/certbot_shared/$TF_VAR_dns_name $PROJECT_DIR/src/tls/. + rm -R $TARGET_DIR/certbot_shared/$TF_VAR_dns_name +else + echo "ERROR: certificate not found. Check Errors before" + exit 1 +fi \ No newline at end of file From 2ca80802245c9191cf6a8189b7c380d6e9b2d102 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 12:04:43 +0100 Subject: [PATCH 085/176] v1.6 --- basis/bin/shared_bash_function.sh | 14 +++++++++----- .../tls/new/{certbot_init.sh => certbot_http.sh} | 0 2 files changed, 9 insertions(+), 5 deletions(-) rename option/tls/new/{certbot_init.sh => certbot_http.sh} (100%) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 2d30c4ab..a20609bc 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -455,21 +455,25 @@ certificate_create() { } certificate_path_before_terraform() { - if [ $"TF_VAR_dns_name" == "" ]; then + if [ "$TF_VAR_dns_name" == "" ]; then echo "ERROR: certificate_path_before_terraform: TF_VAR_dns_name not defined" exit 1 - fi + fi + if [ -f $PROJECT_DIR/src/tls/$TF_VAR_dns_name ] && [ "$CERTIFICATE_PATH" == "" ]; then + # TLS new: the certificate is in $PROJECT_DIR/src/tls/$TF_VAR_dns_name + export CERTIFICATE_PATH=$PROJECT_DIR/src/tls/$TF_VAR_dns_name + fi if [ "$TF_VAR_deploy_strategy" == "compute" ]; then if [ "$TF_VAR_tls" == "existing" ]; then if [ -d target/compute/certificate ]; then echo "Certificate Directory exists already" - elif [ "$TF_VAR_CERTIFICATE_PATH" != "" ]; then + elif [ "$CERTIFICATE_PATH" != "" ]; then mkdir -p target/compute/certificate cp $CERTIFICATE_PATH/* target/compute/certificate/. cp src/tls/nginx_tls.conf target/compute/. sed -i "s/##DNS_NAME##/$TF_VAR_dns_name/" target/compute/nginx_tls.conf else - echo "ERROR: certificate_path_before_terraform: TF_VAR_CERTIFICATE_PATH not defined" + echo "ERROR: certificate_path_before_terraform: CERTIFICATE_PATH not defined" exit 1 fi fi @@ -523,7 +527,7 @@ certificate_run_certbot() fi scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path src/tls opc@$TLS_IP:/home/opc/. exit_on_error - ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_EMAIL=\"$CERTIFICATE_EMAIL\"; bash tls/certbot_init.sh 2>&1 | tee -a tls/certbot_init.log" + ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_EMAIL=\"$CERTIFICATE_EMAIL\"; bash tls/certbot_http.sh 2>&1 | tee -a tls/certbot_http.log" scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP:tls/certificate target/. exit_on_error export CERTIFICATE_PATH=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name diff --git a/option/tls/new/certbot_init.sh b/option/tls/new/certbot_http.sh similarity index 100% rename from option/tls/new/certbot_init.sh rename to option/tls/new/certbot_http.sh From 2192e088255e4e6e2a3aafa07e423c38e16f6233 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 12:19:37 +0100 Subject: [PATCH 086/176] v1.6 --- basis/bin/shared_bash_function.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index a20609bc..9200fbbd 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -459,10 +459,16 @@ certificate_path_before_terraform() { echo "ERROR: certificate_path_before_terraform: TF_VAR_dns_name not defined" exit 1 fi - if [ -f $PROJECT_DIR/src/tls/$TF_VAR_dns_name ] && [ "$CERTIFICATE_PATH" == "" ]; then - # TLS new: the certificate is in $PROJECT_DIR/src/tls/$TF_VAR_dns_name + if [ -f $PROJECT_DIR/src/tls/$TF_VAR_dns_name ]; then + export CERTIFICATE_PATH=$PROJECT_DIR/src/tls/$TF_VAR_dns_name + echo Using existing CERTIFICATE_PATH=$CERTIFICATE_PATH + elif [ "$TF_VAR_tls" == "new" ]; then + # Create a new certificate via DNS-01 + $BIN_DIR/tls_dns_create.sh + exit_on_error export CERTIFICATE_PATH=$PROJECT_DIR/src/tls/$TF_VAR_dns_name fi + if [ "$TF_VAR_deploy_strategy" == "compute" ]; then if [ "$TF_VAR_tls" == "existing" ]; then if [ -d target/compute/certificate ]; then From b4bc3cb8c7ea305a0c762bdb7e4d3ad3b81e65c5 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 12:21:15 +0100 Subject: [PATCH 087/176] v1.6 --- basis/bin/tls_dns_create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index 974901ce..eb5f7eb5 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -18,7 +18,7 @@ cp $BIN_DIR/tls/dns* $TARGET_DIR/certbot_shared/. # docker run -it --rm --name certbot --entrypoint /bin/sh certbot/certbot docker run -it --rm --name certbot -v "$TARGET_DIR/certbot_shared:/certbot_shared" --entrypoint /bin/sh certbot/certbot /certbot_shared/dns_certbot_entrypoint.sh $TF_VAR_dns_name -if [ -f $TARGET_DIR/certbot_shared/$TF_VAR_dns_name ]; +if [ -f $TARGET_DIR/certbot_shared/$TF_VAR_dns_name ]; then mkdir -p $PROJECT_DIR/src/tls cp -R $TARGET_DIR/certbot_shared/$TF_VAR_dns_name $PROJECT_DIR/src/tls/. rm -R $TARGET_DIR/certbot_shared/$TF_VAR_dns_name From 8248f266148e21726b804d7930f9ef1f036cd99a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 13:49:38 +0100 Subject: [PATCH 088/176] v1.6 --- basis/bin/tls_dns_create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index eb5f7eb5..9d42d951 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -18,7 +18,7 @@ cp $BIN_DIR/tls/dns* $TARGET_DIR/certbot_shared/. # docker run -it --rm --name certbot --entrypoint /bin/sh certbot/certbot docker run -it --rm --name certbot -v "$TARGET_DIR/certbot_shared:/certbot_shared" --entrypoint /bin/sh certbot/certbot /certbot_shared/dns_certbot_entrypoint.sh $TF_VAR_dns_name -if [ -f $TARGET_DIR/certbot_shared/$TF_VAR_dns_name ]; then +if [ -d $TARGET_DIR/certbot_shared/$TF_VAR_dns_name ]; then mkdir -p $PROJECT_DIR/src/tls cp -R $TARGET_DIR/certbot_shared/$TF_VAR_dns_name $PROJECT_DIR/src/tls/. rm -R $TARGET_DIR/certbot_shared/$TF_VAR_dns_name From 8509e823af68a37257def26dfbdab107bf81b112 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 13:52:52 +0100 Subject: [PATCH 089/176] v1.6 --- basis/bin/tls_dns_create.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/basis/bin/tls_dns_create.sh b/basis/bin/tls_dns_create.sh index 9d42d951..2fca1d62 100755 --- a/basis/bin/tls_dns_create.sh +++ b/basis/bin/tls_dns_create.sh @@ -12,17 +12,22 @@ if [ "$TF_VAR_dns_name" == "" ]; then exit 1 fi +# Delete the directory in case of a previous run +if [ -d $TARGET_DIR/certbot_shared ]; then + rm -Rf $TARGET_DIR/certbot_shared +fi mkdir -p $TARGET_DIR/certbot_shared cp $BIN_DIR/tls/dns* $TARGET_DIR/certbot_shared/. # docker run -it --rm --name certbot --entrypoint /bin/sh certbot/certbot docker run -it --rm --name certbot -v "$TARGET_DIR/certbot_shared:/certbot_shared" --entrypoint /bin/sh certbot/certbot /certbot_shared/dns_certbot_entrypoint.sh $TF_VAR_dns_name +# Copy the certificate directory to src/tls if [ -d $TARGET_DIR/certbot_shared/$TF_VAR_dns_name ]; then mkdir -p $PROJECT_DIR/src/tls cp -R $TARGET_DIR/certbot_shared/$TF_VAR_dns_name $PROJECT_DIR/src/tls/. rm -R $TARGET_DIR/certbot_shared/$TF_VAR_dns_name else - echo "ERROR: certificate not found. Check Errors before" + echo "ERROR: certificate not found. Check for errors before." exit 1 fi \ No newline at end of file From 0e54239abbe777c4aac9b258ed820e6c61361784 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 14:26:52 +0100 Subject: [PATCH 090/176] v1.6 --- basis/bin/shared_bash_function.sh | 54 +++++++++++++------------------ option/terraform/tls.j2.tf | 4 +++ 2 files changed, 26 insertions(+), 32 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 9200fbbd..6e0f54fb 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -459,7 +459,7 @@ certificate_path_before_terraform() { echo "ERROR: certificate_path_before_terraform: TF_VAR_dns_name not defined" exit 1 fi - if [ -f $PROJECT_DIR/src/tls/$TF_VAR_dns_name ]; then + if [ -d $PROJECT_DIR/src/tls/$TF_VAR_dns_name ]; then export CERTIFICATE_PATH=$PROJECT_DIR/src/tls/$TF_VAR_dns_name echo Using existing CERTIFICATE_PATH=$CERTIFICATE_PATH elif [ "$TF_VAR_tls" == "new" ]; then @@ -470,49 +470,39 @@ certificate_path_before_terraform() { fi if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - if [ "$TF_VAR_tls" == "existing" ]; then - if [ -d target/compute/certificate ]; then - echo "Certificate Directory exists already" - elif [ "$CERTIFICATE_PATH" != "" ]; then - mkdir -p target/compute/certificate - cp $CERTIFICATE_PATH/* target/compute/certificate/. - cp src/tls/nginx_tls.conf target/compute/. - sed -i "s/##DNS_NAME##/$TF_VAR_dns_name/" target/compute/nginx_tls.conf - else - echo "ERROR: certificate_path_before_terraform: CERTIFICATE_PATH not defined" - exit 1 - fi - fi - elif [ "$TF_VAR_tls" == "existing" ]; then - if [ "$TF_VAR_certificate_ocid" == "" ] && [ "$CERTIFICATE_PATH" != "" ] ; then - certificate_create - elif [ "$TF_VAR_certificate_ocid" != "" ]; then - certificate_validity + if [ -d target/compute/certificate ]; then + echo "Certificate Directory exists already" + elif [ "$CERTIFICATE_PATH" != "" ]; then + mkdir -p target/compute/certificate + cp $CERTIFICATE_PATH/* target/compute/certificate/. + cp src/tls/nginx_tls.conf target/compute/. + sed -i "s/##DNS_NAME##/$TF_VAR_dns_name/" target/compute/nginx_tls.conf + elif [ "$TF_VAR_tls" == "new" ]; then + echo "New Certificate will be created after the deployment." else - echo "ERROR: certificate_path_before_terraform: missing variables TF_VAR_certificate_ocid or CERTIFICATE_PATH" + echo "ERROR: compute: certificate_path_before_terraform: missing variables CERTIFICATE_PATH" exit 1 - fi + fi + elif [ "$TF_VAR_certificate_ocid" == "" ] && [ "$CERTIFICATE_PATH" != "" ] ; then + certificate_create + elif [ "$TF_VAR_certificate_ocid" != "" ]; then + certificate_validity elif [ "$TF_VAR_tls" == "new" ]; then echo "New Certificate will be created after the deployment." + else + echo "ERROR: certificate_path_before_terraform: missing variables TF_VAR_certificate_ocid or CERTIFICATE_PATH" + exit 1 fi } # Certificate - Post Deploy certificate_post_deploy() { - if [ "$TF_VAR_tls" == "existing" ]; then - if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then - src/terraform/apply.sh --auto-approve -no-color - exit_on_error - fi + if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then + src/terraform/apply.sh --auto-approve -no-color + exit_on_error elif [ "$TF_VAR_tls" == "new" ]; then if [ "$TF_VAR_deploy_strategy" == "compute" ]; then certificate_run_certbot - else - ### XXXX ### Everything except compute ### - certificate_run_certbot - certificate_create - src/terraform/apply.sh --auto-approve -no-color - exit_on_error fi fi } diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index 6cc41b2b..81c40632 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -13,7 +13,11 @@ locals { } resource "oci_dns_rrset" "starter_rrset" { +{%- if deploy == "kubernetes" %} + count = var.dns_ip=="" ? 0 : 1 +{%- else %} count = var.dns_zone_name=="" ? 0 : 1 +{%- endif %} #Required zone_name_or_id = var.dns_zone_name From cd6efda3b95b69134531dfa8ebc0f7c88942277d Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 20:03:03 +0100 Subject: [PATCH 091/176] v1.6 --- .../src/main/java/com/example/demo/DemoController.java | 2 +- .../src/main/java/com/example/demo/DemoController.java | 6 ++---- .../src/main/java/com/example/demo/DemoController.java | 6 ++---- .../src/main/java/com/example/demo/DemoController.java | 4 +--- 4 files changed, 6 insertions(+), 12 deletions(-) diff --git a/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java index 7e74bb9d..9f41c778 100644 --- a/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java @@ -58,7 +58,7 @@ public List query() { @RequestMapping(value = "/info", method = RequestMethod.GET, produces = { "text/plain" }) public String info() throws Exception { - String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress()+ System.getenv("POD_IP"); + String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():System.getenv("POD_IP"); return "Java - SpringBoot - " + IP; } } diff --git a/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java index f04702d1..906ae5b5 100644 --- a/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java @@ -5,9 +5,7 @@ import java.net.Inet4Address; import java.sql.*; - -import java.util.ArrayList; -import java.util.List; +import java.util.*; @RestController @@ -48,7 +46,7 @@ public List query() { @RequestMapping(value = "/info", method = RequestMethod.GET, produces ={ "text/plain" }) public String info() throws Exception { - String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress()+ System.getenv("POD_IP"); + String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():System.getenv("POD_IP"); return "Java - SpringBoot - " + IP; } } diff --git a/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java index f0ea84be..130e62da 100644 --- a/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java @@ -3,11 +3,9 @@ import org.springframework.web.bind.annotation.*; import org.springframework.beans.factory.annotation.Autowired; import java.sql.*; +import java.util.*; import java.net.Inet4Address; -import java.util.ArrayList; -import java.util.List; - @RestController public class DemoController { @@ -35,7 +33,7 @@ public List query() { @RequestMapping(value = "/info", method = RequestMethod.GET, produces ={ "text/plain" }) public String info() throws Exception { - String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress()+ System.getenv("POD_IP"); + String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():System.getenv("POD_IP"); return "Java - SpringBoot / No Database - " + IP; } } diff --git a/option/src/app/java_springboot_psql/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_psql/src/main/java/com/example/demo/DemoController.java index 3f789d8f..2ffa20ae 100644 --- a/option/src/app/java_springboot_psql/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_psql/src/main/java/com/example/demo/DemoController.java @@ -3,9 +3,7 @@ import org.springframework.web.bind.annotation.*; import org.springframework.beans.factory.annotation.Autowired; import java.sql.*; - -import java.util.ArrayList; -import java.util.List; +import java.util.*; @RestController From 0c6a3bef9415b0e2347723ecf417f0264d7af00d Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 20:15:09 +0100 Subject: [PATCH 092/176] v1.6 --- option/terraform/tls.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index 81c40632..1f73f3a4 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -14,7 +14,7 @@ locals { resource "oci_dns_rrset" "starter_rrset" { {%- if deploy == "kubernetes" %} - count = var.dns_ip=="" ? 0 : 1 + count = var.local_ip=="" ? 0 : 1 {%- else %} count = var.dns_zone_name=="" ? 0 : 1 {%- endif %} From 417bb224eb52dd21855cc22ce00568bf724f1e75 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 20:15:51 +0100 Subject: [PATCH 093/176] v1.6 --- option/terraform/tls.j2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index 1f73f3a4..81763c3f 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -14,7 +14,7 @@ locals { resource "oci_dns_rrset" "starter_rrset" { {%- if deploy == "kubernetes" %} - count = var.local_ip=="" ? 0 : 1 + count = local.dns_ip=="" ? 0 : 1 {%- else %} count = var.dns_zone_name=="" ? 0 : 1 {%- endif %} From 9787595d8415f2aa5f7331faecf5b52b4dfda7f0 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 21:30:04 +0100 Subject: [PATCH 094/176] v1.6 --- basis/bin/auto_env.sh | 5 +++-- basis/bin/shared_bash_function.sh | 4 ++-- option/terraform/tls.j2.tf | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 7ab510bd..cb9e230d 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -145,6 +145,7 @@ else # TLS if [ "$TF_VAR_dns_name" != "" ] && [ "$TF_VAR_certificate_ocid" == "" ]; then export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[].id` + TF_VAR_dns_ip fi # GIT @@ -249,8 +250,8 @@ if [ -f $STATE_FILE ]; then if [ "$TF_VAR_deploy_strategy" == "kubernetes" ] || [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then # OKE get_output_from_tfstate "OKE_OCID" "oke_ocid" - export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$TF_VAR_ingress_ip'") | .id'` + export TF_VAR_dns_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$TF_VAR_dns_ip'") | .id'` fi # JMS diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 6e0f54fb..334a61ae 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -248,8 +248,8 @@ get_ui_url() { export UI_URL=https://${TF_VAR_dns_name} fi elif [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then - export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - export UI_URL=http://${TF_VAR_ingress_ip}/${TF_VAR_prefix} + export TF_VAR_dns_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + export UI_URL=http://${TF_VAR_dns_ip}/${TF_VAR_prefix} if [ "$TF_VAR_certificate_ocid" != "" ]; then export UI_HTTP=$UI_URL export UI_URL=https://${TF_VAR_dns_name}/${TF_VAR_prefix} diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index 81763c3f..81c40632 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -14,7 +14,7 @@ locals { resource "oci_dns_rrset" "starter_rrset" { {%- if deploy == "kubernetes" %} - count = local.dns_ip=="" ? 0 : 1 + count = var.dns_ip=="" ? 0 : 1 {%- else %} count = var.dns_zone_name=="" ? 0 : 1 {%- endif %} From 0948f0b448a892f24668340dc58cdfa6f452022f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 22:00:23 +0100 Subject: [PATCH 095/176] v1.6 --- basis/bin/auto_env.sh | 1 - basis/bin/shared_bash_function.sh | 2 ++ option/oke/oke_deploy.sh | 10 +++++----- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index cb9e230d..96d2349d 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -145,7 +145,6 @@ else # TLS if [ "$TF_VAR_dns_name" != "" ] && [ "$TF_VAR_certificate_ocid" == "" ]; then export TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[].id` - TF_VAR_dns_ip fi # GIT diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 334a61ae..62462508 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -498,6 +498,8 @@ certificate_path_before_terraform() { # Certificate - Post Deploy certificate_post_deploy() { if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then + # Set the TF_VAR_dns_ip + get_ui_url src/terraform/apply.sh --auto-approve -no-color exit_on_error elif [ "$TF_VAR_tls" == "new" ]; then diff --git a/option/oke/oke_deploy.sh b/option/oke/oke_deploy.sh index 47f51b51..3914a769 100755 --- a/option/oke/oke_deploy.sh +++ b/option/oke/oke_deploy.sh @@ -17,11 +17,11 @@ if [ ! -f $KUBECONFIG ]; then kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=240s kubectl wait --namespace ingress-nginx --for=condition=Complete job/ingress-nginx-admission-patch # Wait for the ingress external IP - INGRESS_LB_IP="" - while [ -z $INGRESS_LB_IP ]; do + TF_VAR_dns_ip="" + while [ -z $TF_VAR_dns_ip ]; do echo "Waiting for external IP..." - INGRESS_LB_IP=$(kubectl get svc -n ingress-nginx ingress-nginx-controller --template="{{range .status.loadBalancer.ingress}}{{.ip}}{{end}}") - if [ -z "$INGRESS_LB_IP" ]; then + export TF_VAR_dns_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + if [ -z "$TF_VAR_dns_ip" ]; then sleep 10 fi done @@ -29,7 +29,7 @@ if [ ! -f $KUBECONFIG ]; then date kubectl get all -n ingress-nginx sleep 5 - echo "Ingress ready: $INGRESS_LB_IP" + echo "Ingress ready: $TF_VAR_dns_ip" # Create secrets kubectl create secret docker-registry ocirsecret --docker-server=$TF_VAR_ocir --docker-username="$TF_VAR_namespace/$TF_VAR_username" --docker-password="$TF_VAR_auth_token" --docker-email="$TF_VAR_email" From 8c4d70fc0e06c293543a346acac4b5a8b8aae5cd Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 22:17:01 +0100 Subject: [PATCH 096/176] v1.6 --- basis/bin/auto_env.sh | 4 ++-- basis/bin/shared_bash_function.sh | 4 ++-- option/oke/oke_deploy.sh | 10 +++++----- option/terraform/tls.j2.tf | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 96d2349d..59bb0ae8 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -249,8 +249,8 @@ if [ -f $STATE_FILE ]; then if [ "$TF_VAR_deploy_strategy" == "kubernetes" ] || [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then # OKE get_output_from_tfstate "OKE_OCID" "oke_ocid" - export TF_VAR_dns_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$TF_VAR_dns_ip'") | .id'` + export INGRESS_LB_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$INGRESS_LB_IP'") | .id'` fi # JMS diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 62462508..38bbe659 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -248,8 +248,8 @@ get_ui_url() { export UI_URL=https://${TF_VAR_dns_name} fi elif [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then - export TF_VAR_dns_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - export UI_URL=http://${TF_VAR_dns_ip}/${TF_VAR_prefix} + export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + export UI_URL=http://${TF_VAR_ingress_ip}/${TF_VAR_prefix} if [ "$TF_VAR_certificate_ocid" != "" ]; then export UI_HTTP=$UI_URL export UI_URL=https://${TF_VAR_dns_name}/${TF_VAR_prefix} diff --git a/option/oke/oke_deploy.sh b/option/oke/oke_deploy.sh index 3914a769..7264267c 100755 --- a/option/oke/oke_deploy.sh +++ b/option/oke/oke_deploy.sh @@ -17,11 +17,11 @@ if [ ! -f $KUBECONFIG ]; then kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=240s kubectl wait --namespace ingress-nginx --for=condition=Complete job/ingress-nginx-admission-patch # Wait for the ingress external IP - TF_VAR_dns_ip="" - while [ -z $TF_VAR_dns_ip ]; do + TF_VAR_ingress_ip="" + while [ -z $TF_VAR_ingress_ip ]; do echo "Waiting for external IP..." - export TF_VAR_dns_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - if [ -z "$TF_VAR_dns_ip" ]; then + TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + if [ -z "$TF_VAR_ingress_ip" ]; then sleep 10 fi done @@ -29,7 +29,7 @@ if [ ! -f $KUBECONFIG ]; then date kubectl get all -n ingress-nginx sleep 5 - echo "Ingress ready: $TF_VAR_dns_ip" + echo "Ingress ready: $TF_VAR_ingress_ip" # Create secrets kubectl create secret docker-registry ocirsecret --docker-server=$TF_VAR_ocir --docker-username="$TF_VAR_namespace/$TF_VAR_username" --docker-password="$TF_VAR_auth_token" --docker-email="$TF_VAR_email" diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index 81c40632..c0fea1d1 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -14,7 +14,7 @@ locals { resource "oci_dns_rrset" "starter_rrset" { {%- if deploy == "kubernetes" %} - count = var.dns_ip=="" ? 0 : 1 + count = var.ingress_ip=="" ? 0 : 1 {%- else %} count = var.dns_zone_name=="" ? 0 : 1 {%- endif %} From 397e8665fa0c78202a36926cba8b53d4f2d8a63d Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 28 Dec 2023 22:29:23 +0100 Subject: [PATCH 097/176] v1.6 --- basis/bin/auto_env.sh | 4 ++-- basis/bin/shared_bash_function.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 59bb0ae8..7ab510bd 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -249,8 +249,8 @@ if [ -f $STATE_FILE ]; then if [ "$TF_VAR_deploy_strategy" == "kubernetes" ] || [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then # OKE get_output_from_tfstate "OKE_OCID" "oke_ocid" - export INGRESS_LB_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` - export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$INGRESS_LB_IP'") | .id'` + export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` + export INGRESS_LB_OCID=`oci lb load-balancer list --compartment-id $TF_VAR_compartment_ocid | jq -r '.data[] | select(.["ip-addresses"][0]["ip-address"]=="'$TF_VAR_ingress_ip'") | .id'` fi # JMS diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 38bbe659..8a3bf115 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -498,7 +498,7 @@ certificate_path_before_terraform() { # Certificate - Post Deploy certificate_post_deploy() { if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then - # Set the TF_VAR_dns_ip + # Set the TF_VAR_ingress_ip get_ui_url src/terraform/apply.sh --auto-approve -no-color exit_on_error From 5eb80532320a98c4cdbe10dc7ecb97214991c793 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 29 Dec 2023 09:53:55 +0100 Subject: [PATCH 098/176] v1.6 --- basis/bin/shared_bash_function.sh | 2 ++ .../src/main/java/com/example/demo/DemoController.java | 2 +- .../src/main/java/com/example/demo/DemoController.java | 2 +- .../src/main/java/com/example/demo/DemoController.java | 2 +- .../src/main/java/com/example/demo/DemoController.java | 5 +++-- 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 8a3bf115..d4788cc1 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -462,6 +462,8 @@ certificate_path_before_terraform() { if [ -d $PROJECT_DIR/src/tls/$TF_VAR_dns_name ]; then export CERTIFICATE_PATH=$PROJECT_DIR/src/tls/$TF_VAR_dns_name echo Using existing CERTIFICATE_PATH=$CERTIFICATE_PATH + elif [ -d $CERTIFICATE_PATH ]; then + echo Using existing CERTIFICATE_PATH=$CERTIFICATE_PATH elif [ "$TF_VAR_tls" == "new" ]; then # Create a new certificate via DNS-01 $BIN_DIR/tls_dns_create.sh diff --git a/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java index 9f41c778..409ae9cd 100644 --- a/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot/src/main/java/com/example/demo/DemoController.java @@ -59,6 +59,6 @@ public List query() { @RequestMapping(value = "/info", method = RequestMethod.GET, produces = { "text/plain" }) public String info() throws Exception { String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():System.getenv("POD_IP"); - return "Java - SpringBoot - " + IP; + return "Java - SpringBoot - IP " + IP; } } diff --git a/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java index 906ae5b5..695e355b 100644 --- a/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java @@ -47,6 +47,6 @@ public List query() { @RequestMapping(value = "/info", method = RequestMethod.GET, produces ={ "text/plain" }) public String info() throws Exception { String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():System.getenv("POD_IP"); - return "Java - SpringBoot - " + IP; + return "Java - SpringBoot - IP " + IP; } } diff --git a/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java index 130e62da..2b4122f0 100644 --- a/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_none/src/main/java/com/example/demo/DemoController.java @@ -34,6 +34,6 @@ public List query() { @RequestMapping(value = "/info", method = RequestMethod.GET, produces ={ "text/plain" }) public String info() throws Exception { String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():System.getenv("POD_IP"); - return "Java - SpringBoot / No Database - " + IP; + return "Java - SpringBoot / No Database - IP " + IP; } } diff --git a/option/src/app/java_springboot_psql/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_psql/src/main/java/com/example/demo/DemoController.java index 2ffa20ae..0586ac71 100644 --- a/option/src/app/java_springboot_psql/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_psql/src/main/java/com/example/demo/DemoController.java @@ -43,7 +43,8 @@ public List query() { } @RequestMapping(value = "/info", method = RequestMethod.GET, produces ={ "text/plain" }) - public String info() { - return "Java - SpringBoot"; + public String info() throws Exception { + String IP = (System.getenv("POD_IP")==null)?Inet4Address.getLocalHost().getHostAddress():System.getenv("POD_IP"); + return "Java - SpringBoot - IP " + IP; } } From 806f0a60300ab5f42dce48c02b707f384242e305 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 29 Dec 2023 12:32:41 +0100 Subject: [PATCH 099/176] v1.6 --- py_oci_starter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 0ec566c5..9ec1ecaf 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -932,7 +932,7 @@ def create_group_common_dir(): # -- APP ---------------------------------------------------------------- output_copy_tree("option/src/app/group_common", "src/app") - os.remove(output_dir + "/src/app/app.yaml") + os.remove(output_dir + "/src/app/app.j2.yaml") # -- User Interface ----------------------------------------------------- output_rm_tree("src/ui") From 5d9a7652992fc8d2a70331006b78a125c1a0a677 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 29 Dec 2023 12:43:28 +0100 Subject: [PATCH 100/176] v1.6 --- oci_starter.sh | 1 + option/test_suite_shared.sh | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/oci_starter.sh b/oci_starter.sh index 5e10f482..0c41b940 100755 --- a/oci_starter.sh +++ b/oci_starter.sh @@ -10,3 +10,4 @@ cd $SCRIPT_DIR rm -rf ./output python3 py_oci_starter.py "$@" +exit $RESULT \ No newline at end of file diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index ad206d83..cb45313f 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -16,6 +16,16 @@ OPTION_SHAPE=amd # No color for terraforms logs export nocolorarg=1 +exit_on_error() { + RESULT=$? + if [ $RESULT -eq 0 ]; then + echo "Success" + else + echo "Failed (RESULT=$RESULT)" + exit $RESULT + fi +} + start_test() { export TEST_NAME=$1 if [ "$OPTION_GROUP_NAME" != "none" ]; then @@ -224,6 +234,7 @@ pre_test_suite() { cd $TEST_HOME/oci-starter ./oci_starter.sh -group_name tsall -group_common atp,mysql,psql,database,fnapp,apigw,oke,db_free -compartment_ocid $EX_COMPARTMENT_OCID -db_password $TEST_DB_PASSWORD -auth_token $OCI_TOKEN + exit_on_error mv output/group_common ../group_common cd $TEST_HOME/group_common ./build.sh From 3980702c22595fbe935e5226cd396031565b0167 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 29 Dec 2023 12:48:23 +0100 Subject: [PATCH 101/176] v1.6 --- py_oci_starter.py | 1 + 1 file changed, 1 insertion(+) diff --git a/py_oci_starter.py b/py_oci_starter.py index 9ec1ecaf..2c7a4cf0 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -1114,6 +1114,7 @@ def jinja2_replace_template(): # Create a group if 'group_name' in params: create_group_common_dir() + jinja2_replace_template() # Add parameters to the creation if the project is to be used with a group if 'group_common' in params: From b3a55314cf50b51a65fb2e050bcf6eb3b1643d6f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 29 Dec 2023 12:50:38 +0100 Subject: [PATCH 102/176] v1.6 --- option/test_suite_group_all.sh | 4 ++-- option/test_suite_shared.sh | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/option/test_suite_group_all.sh b/option/test_suite_group_all.sh index 775f2430..8d7d6484 100755 --- a/option/test_suite_group_all.sh +++ b/option/test_suite_group_all.sh @@ -157,8 +157,8 @@ loop_tls() { OPTION_DB=none OPTION_TLS=existing loop_tls_deploy - OPTION_TLS=new - loop_tls_deploy + # OPTION_TLS=new + # loop_tls_deploy OPTION_GROUP_NAME=dummy } diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index cb45313f..4b5d3754 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -238,6 +238,7 @@ pre_test_suite() { mv output/group_common ../group_common cd $TEST_HOME/group_common ./build.sh + exit_on_error date echo "CSV_DATE,OPTION_DEPLOY,OPTION_LANG,OPTION_JAVA_FRAMEWORK,OPTION_JAVA_VM,OPTION_DB,OPTION_DB_INSTALL,OPTION_UI,OPTION_SHAPE,CSV_NAME,CSV_HTML_OK,CSV_JSON_OK,CSV_BUILD_SECOND,CSV_DESTROY_SECOND,CSV_RUN100_OK,CSV_RUN100_SECOND" > $TEST_HOME/result.csv } From bf6aed730a40ad4204739acf83a9fbb1c1c27c42 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 29 Dec 2023 12:53:56 +0100 Subject: [PATCH 103/176] v1.6 --- py_oci_starter.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 2c7a4cf0..9534b396 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -1043,7 +1043,10 @@ def create_group_common_dir(): def jinja2_replace_template(): db_param = jinja2_db_params.get( params.get('db_family') ) - template_param = {**params, **db_param} + if db_param is None: + template_param = params + else: + template_param = {**params, **db_param} for subdir, dirs, files in os.walk(output_dir): for filename in files: From 7ae7cda1a0b8969cb73dabe76007064b0d06f879 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 29 Dec 2023 12:58:14 +0100 Subject: [PATCH 104/176] v1.6 --- option/terraform/apigw.j2.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/option/terraform/apigw.j2.tf b/option/terraform/apigw.j2.tf index 6e9cffa5..29533512 100644 --- a/option/terraform/apigw.j2.tf +++ b/option/terraform/apigw.j2.tf @@ -12,6 +12,8 @@ resource oci_apigateway_gateway starter_apigw { {%- if tls is defined %} count = var.certificate_ocid == "" ? 0 : 1 certificate_id = var.certificate_ocid +{%- else %} + count = 1 {%- endif %} } From 2c6c28ecdc5976639041aa4bf7a2bcba4911a063 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 29 Dec 2023 15:11:12 +0100 Subject: [PATCH 105/176] v1.6 --- py_oci_starter.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/py_oci_starter.py b/py_oci_starter.py index 9534b396..751e7773 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -265,6 +265,8 @@ def tls_rules(): params['certificate_path'] = TO_FILL elif params.get('tls')=='new': params['certificate_email'] = TO_FILL + else: + params.pop('tls') def apply_rules(): From cbbf2aa1d092eaa1d682f96145584e1b02f81c63 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 29 Dec 2023 15:11:56 +0100 Subject: [PATCH 106/176] v1.6 --- py_oci_starter.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 751e7773..f46cca5c 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -257,7 +257,9 @@ def shape_rules(): def tls_rules(): - if params.get('tls')!='none': + if params.get('tls')=='none': + params.pop('tls') + else: params['dns_zone_name'] = TO_FILL params['dns_name'] = TO_FILL if params.get('tls')=='existing': @@ -265,8 +267,6 @@ def tls_rules(): params['certificate_path'] = TO_FILL elif params.get('tls')=='new': params['certificate_email'] = TO_FILL - else: - params.pop('tls') def apply_rules(): From 8045907e157218714a685b18e2032225b1053552 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 29 Dec 2023 23:06:28 +0100 Subject: [PATCH 107/176] v1.6 --- .../src/main/java/com/example/demo/DemoController.java | 1 - .../src/main/java/com/example/demo/DemoController.java | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java index 695e355b..a9f1a1bb 100644 --- a/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_mysql/src/main/java/com/example/demo/DemoController.java @@ -2,7 +2,6 @@ import org.springframework.web.bind.annotation.*; import org.springframework.beans.factory.annotation.Autowired; - import java.net.Inet4Address; import java.sql.*; import java.util.*; diff --git a/option/src/app/java_springboot_psql/src/main/java/com/example/demo/DemoController.java b/option/src/app/java_springboot_psql/src/main/java/com/example/demo/DemoController.java index 0586ac71..d9e8f1ee 100644 --- a/option/src/app/java_springboot_psql/src/main/java/com/example/demo/DemoController.java +++ b/option/src/app/java_springboot_psql/src/main/java/com/example/demo/DemoController.java @@ -2,6 +2,7 @@ import org.springframework.web.bind.annotation.*; import org.springframework.beans.factory.annotation.Autowired; +import java.net.Inet4Address; import java.sql.*; import java.util.*; From 64dde4721fefa7589516b85c2172fb017654665c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 29 Dec 2023 23:36:37 +0100 Subject: [PATCH 108/176] v1.6 --- basis/bin/add_api_portal.sh | 2 +- .../terraform/{apigw_existing.tf => apigw_existing.j2.tf} | 0 option/test_suite_group_all.sh | 5 ++++- py_oci_starter.py | 8 ++++---- 4 files changed, 9 insertions(+), 6 deletions(-) rename option/terraform/{apigw_existing.tf => apigw_existing.j2.tf} (100%) diff --git a/basis/bin/add_api_portal.sh b/basis/bin/add_api_portal.sh index bab213e8..ecb918c3 100755 --- a/basis/bin/add_api_portal.sh +++ b/basis/bin/add_api_portal.sh @@ -20,7 +20,7 @@ if [ "$APIM_HOST" != "" ]; then APIGW_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} for APP_DIR in `app_dir_list`; do if [ -f src/${APP_DIR}/openapi_spec.yaml ]; then - add_api_portal "endpoint_url=${APIGW_URL}/${APP_DIR}/dept&endpoint_git_path=src/terraform/apigw_existing.tf&spec_git_path=src/${APP_DIR}/openapi_spec.yaml" + add_api_portal "endpoint_url=${APIGW_URL}/${APP_DIR}/dept&endpoint_git_path=src/terraform/apigw_existing.j2.tf&spec_git_path=src/${APP_DIR}/openapi_spec.yaml" fi done else diff --git a/option/terraform/apigw_existing.tf b/option/terraform/apigw_existing.j2.tf similarity index 100% rename from option/terraform/apigw_existing.tf rename to option/terraform/apigw_existing.j2.tf diff --git a/option/test_suite_group_all.sh b/option/test_suite_group_all.sh index 8d7d6484..8416b2d9 100755 --- a/option/test_suite_group_all.sh +++ b/option/test_suite_group_all.sh @@ -169,7 +169,10 @@ loop_deploy() { OPTION_DEPLOY=kubernetes loop_lang OPTION_DEPLOY=instance_pool - loop_lang + OPTION_LANG=java + OPTION_JAVA_FRAMEWORK=springboot + OPTION_DB=atp + loop_shape OPTION_DEPLOY=container_instance loop_lang OPTION_DEPLOY=function diff --git a/py_oci_starter.py b/py_oci_starter.py index f46cca5c..30ab37a3 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -670,8 +670,8 @@ def cp_terraform_apigw(append_tf): app_url = "http://${local.apigw_dest_private_ip}:8080/$${request.path[pathname]}" if 'apigw_ocid' in params: - cp_terraform("apigw_existing.tf", "apigw_tags.tf", append_tf) - output_replace('##APP_URL##', app_url,"src/terraform/apigw_existing.tf") + cp_terraform("apigw_existing.j2.tf", "apigw_tags.tf", append_tf) + output_replace('##APP_URL##', app_url,"src/terraform/apigw_existing.j2.tf") else: cp_terraform("apigw.j2.tf", "apigw_tags.tf", append_tf) output_replace('##APP_URL##', app_url, "src/terraform/apigw.j2.tf") @@ -822,7 +822,7 @@ def create_output_dir(): else: apigw_append = "apigw_fn_append.tf" if 'apigw_ocid' in params: - cp_terraform("apigw_existing.tf", "apigw_tags.tf", apigw_append) + cp_terraform("apigw_existing.j2.tf", "apigw_tags.tf", apigw_append) else: cp_terraform("apigw.j2.tf", "apigw_tags.tf", apigw_append) @@ -986,7 +986,7 @@ def create_group_common_dir(): if 'apigw' in a_group_common: if 'apigw_ocid' in params: - cp_terraform("apigw_existing.tf", "apigw_tags.tf") + cp_terraform("apigw_existing.j2.tf", "apigw_tags.tf") else: cp_terraform("apigw.j2.tf", "apigw_tags.tf") cp_terraform("log_group.tf") From 01fca944bfbac68dca0c11adfc0a3ab0cde09756 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 29 Dec 2023 23:38:01 +0100 Subject: [PATCH 109/176] v1.6 --- basis/bin/add_api_portal.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basis/bin/add_api_portal.sh b/basis/bin/add_api_portal.sh index ecb918c3..bab213e8 100755 --- a/basis/bin/add_api_portal.sh +++ b/basis/bin/add_api_portal.sh @@ -20,7 +20,7 @@ if [ "$APIM_HOST" != "" ]; then APIGW_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} for APP_DIR in `app_dir_list`; do if [ -f src/${APP_DIR}/openapi_spec.yaml ]; then - add_api_portal "endpoint_url=${APIGW_URL}/${APP_DIR}/dept&endpoint_git_path=src/terraform/apigw_existing.j2.tf&spec_git_path=src/${APP_DIR}/openapi_spec.yaml" + add_api_portal "endpoint_url=${APIGW_URL}/${APP_DIR}/dept&endpoint_git_path=src/terraform/apigw_existing.tf&spec_git_path=src/${APP_DIR}/openapi_spec.yaml" fi done else From e6d2ae5569abae8a567fc7a2e1b134c260938562 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 1 Jan 2024 20:37:22 +0100 Subject: [PATCH 110/176] v1.6 --- option/terraform/apigw_existing.j2.tf | 1 + option/terraform/oke.tf | 36 +++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/option/terraform/apigw_existing.j2.tf b/option/terraform/apigw_existing.j2.tf index fd9e38f0..0e41bf81 100644 --- a/option/terraform/apigw_existing.j2.tf +++ b/option/terraform/apigw_existing.j2.tf @@ -7,5 +7,6 @@ data "oci_apigateway_gateway" "starter_apigw" { locals { apigw_ocid = var.apigw_ocid + apigw_ip = try(data.oci_apigateway_gateway.starter_apigw.ip_addresses[0].ip_address,"") } diff --git a/option/terraform/oke.tf b/option/terraform/oke.tf index df035c6d..2b53eb7b 100644 --- a/option/terraform/oke.tf +++ b/option/terraform/oke.tf @@ -1,3 +1,6 @@ +#---------------------------------------------------------------------------- +# VARIABLES + variable "oke_shape" { default = "VM.Standard2.1" } @@ -11,6 +14,7 @@ variable "cluster_options_persistent_volume_config_defined_tags_value" { } #---------------------------------------------------------------------------- +# DATA data "oci_containerengine_cluster_option" "starter_cluster_option" { cluster_option_id = "all" @@ -45,6 +49,7 @@ locals { } #---------------------------------------------------------------------------- +# SECURITY LISTS resource "oci_core_security_list" "starter_seclist_lb" { compartment_id = local.lz_network_cmp_ocid @@ -268,6 +273,7 @@ resource oci_core_security_list starter_seclist_api { } #---------------------------------------------------------------------------- +# SUBNETS resource "oci_core_subnet" "starter_nodepool_subnet" { #Required @@ -330,6 +336,7 @@ resource "oci_core_subnet" "starter_pod_subnet" { */ #---------------------------------------------------------------------------- +# CLUSTER resource "oci_containerengine_cluster" "starter_oke" { #Required @@ -373,6 +380,9 @@ resource "oci_containerengine_cluster" "starter_oke" { freeform_tags = local.freeform_tags } +#---------------------------------------------------------------------------- +# NODE POOL + resource "oci_containerengine_node_pool" "starter_node_pool" { #Required cluster_id = oci_containerengine_cluster.starter_oke.id @@ -409,6 +419,31 @@ resource "oci_containerengine_node_pool" "starter_node_pool" { } #---------------------------------------------------------------------------- +# ADDONS + +# Database Operator +resource oci_containerengine_addon starter_oke_addon_dboperator { + addon_name = "OracleDatabaseOperator" + cluster_id = oci_containerengine_cluster.starter_oke.id + remove_addon_resources_on_delete = "true" +} + +# WebLogic Operator +resource oci_containerengine_addon starter_oke_addon_wlsoperator { + addon_name = "WeblogicKubernetesOperator" + cluster_id = oci_containerengine_cluster.starter_oke.id + remove_addon_resources_on_delete = "true" +} + +# CertManager +resource oci_containerengine_addon starter_oke_addon_certmanager { + addon_name = "CertManager" + cluster_id = oci_containerengine_cluster.starter_oke.id + remove_addon_resources_on_delete = "true" +} + +#---------------------------------------------------------------------------- +# OUTPUTS output "node_pool" { value = { @@ -420,6 +455,7 @@ output "node_pool" { } #---------------------------------------------------------------------------- +# LOCALS locals { oke_ocid = oci_containerengine_cluster.starter_oke.id From 9c8cc6e664ece34a90c249b422135e0ba8843ea8 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 1 Jan 2024 20:46:56 +0100 Subject: [PATCH 111/176] v1.6 --- option/terraform/oke_append.tf | 8 -------- 1 file changed, 8 deletions(-) diff --git a/option/terraform/oke_append.tf b/option/terraform/oke_append.tf index 4b773da3..3b4a82bb 100644 --- a/option/terraform/oke_append.tf +++ b/option/terraform/oke_append.tf @@ -1,11 +1,3 @@ -variable "cluster_kube_config_expiration" { - default = 2592000 -} - -variable "cluster_kube_config_token_version" { - default = "2.0.0" -} - output "oke_ocid" { value = local.oke_ocid } From 792913418ef6037e781aa409835b248c9bd18964 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 1 Jan 2024 21:10:03 +0100 Subject: [PATCH 112/176] v1.6 --- basis/bin/auto_env.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 7ab510bd..4d3835cf 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -154,20 +154,25 @@ else export TF_VAR_git_url=`git config --get remote.origin.url` if [[ "$TF_VAR_git_url" == *"github.com"* ]]; then S1=${TF_VAR_git_url/git@github.com:/https:\/\/github.com\/} - export TF_VAR_git_url=${S1/.git/\/blob\/}${GIT_BRANCH} + if [[ "$TF_VAR_git_url" == *".git"* ]]; then + export TF_VAR_git_url=${S1/.git/\/blob\/}${GIT_BRANCH} + else + export TF_VAR_git_url=${S1}/blob/${GIT_BRANCH} + fi elif [[ "$TF_VAR_git_url" == *"gitlab.com"* ]]; then S1=${TF_VAR_git_url/git@gitlab.com:/https:\/\/gitlab.com\/} export TF_VAR_git_url=${S1/.git/\/-\/blob\/}${GIT_BRANCH} fi cd $PROJECT_DIR export GIT_RELATIVE_PATH=`git rev-parse --show-prefix` - cd - + cd - > /dev/null export TF_VAR_git_url=${TF_VAR_git_url}/${GIT_RELATIVE_PATH} - echo $TF_VAR_git_url + auto_echo TF_VAR_git_url=$TF_VAR_git_url fi fi fi + #-- POST terraform ---------------------------------------------------------- export STATE_FILE=$TARGET_DIR/terraform.tfstate if [ -f $STATE_FILE ]; then From 475a29724c0e9bfa7f6c9e4eaad79948d19a490a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 1 Jan 2024 22:37:16 +0100 Subject: [PATCH 113/176] v1.6 --- option/oke/oke_deploy.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/option/oke/oke_deploy.sh b/option/oke/oke_deploy.sh index 7264267c..8b8ad7ef 100755 --- a/option/oke/oke_deploy.sh +++ b/option/oke/oke_deploy.sh @@ -13,8 +13,13 @@ if [ ! -f $KUBECONFIG ]; then # Deploy ingress-nginx kubectl create clusterrolebinding starter_clst_adm --clusterrole=cluster-admin --user=$TF_VAR_user_ocid - kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.4.0/deploy/static/provider/cloud/deploy.yaml - kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=240s + # https://api.github.com/repos/kubernetes/ingress-nginx/releases/latest + LATEST_INGRESS_CONTROLLER=`curl --silent "https://api.github.com/repos/kubernetes/ingress-nginx/releases/latest" | jq -r .name` + echo LATEST_INGRESS_CONTROLLER=$LATEST_INGRESS_CONTROLLER + kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/$LATEST_INGRESS_CONTROLLER/deploy/static/provider/cloud/deploy.yaml + # kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.5/deploy/static/provider/cloud/deploy.yaml + echo "Waiting for Ingress Controller..." + kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=600s kubectl wait --namespace ingress-nginx --for=condition=Complete job/ingress-nginx-admission-patch # Wait for the ingress external IP TF_VAR_ingress_ip="" From 9635282e0619cb6039b371c02972545d8855aa76 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 1 Jan 2024 22:38:19 +0100 Subject: [PATCH 114/176] v1.6 --- option/oke/oke_deploy.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/option/oke/oke_deploy.sh b/option/oke/oke_deploy.sh index 8b8ad7ef..3bfdd4a3 100755 --- a/option/oke/oke_deploy.sh +++ b/option/oke/oke_deploy.sh @@ -11,16 +11,17 @@ ocir_docker_push if [ ! -f $KUBECONFIG ]; then create_kubeconfig - # Deploy ingress-nginx + # Deploy Latest ingress-nginx kubectl create clusterrolebinding starter_clst_adm --clusterrole=cluster-admin --user=$TF_VAR_user_ocid - # https://api.github.com/repos/kubernetes/ingress-nginx/releases/latest LATEST_INGRESS_CONTROLLER=`curl --silent "https://api.github.com/repos/kubernetes/ingress-nginx/releases/latest" | jq -r .name` echo LATEST_INGRESS_CONTROLLER=$LATEST_INGRESS_CONTROLLER kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/$LATEST_INGRESS_CONTROLLER/deploy/static/provider/cloud/deploy.yaml - # kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.5/deploy/static/provider/cloud/deploy.yaml + + # Wait for the deployment echo "Waiting for Ingress Controller..." kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=600s kubectl wait --namespace ingress-nginx --for=condition=Complete job/ingress-nginx-admission-patch + # Wait for the ingress external IP TF_VAR_ingress_ip="" while [ -z $TF_VAR_ingress_ip ]; do From 718321a489bf7a5e3094401d0af6f0b77117b99b Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 1 Jan 2024 22:39:20 +0100 Subject: [PATCH 115/176] v1.6 --- option/oke/oke_deploy.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/option/oke/oke_deploy.sh b/option/oke/oke_deploy.sh index 3bfdd4a3..d2653497 100755 --- a/option/oke/oke_deploy.sh +++ b/option/oke/oke_deploy.sh @@ -18,14 +18,14 @@ if [ ! -f $KUBECONFIG ]; then kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/$LATEST_INGRESS_CONTROLLER/deploy/static/provider/cloud/deploy.yaml # Wait for the deployment - echo "Waiting for Ingress Controller..." + echo "Waiting for Ingress Controller Pods..." kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=600s kubectl wait --namespace ingress-nginx --for=condition=Complete job/ingress-nginx-admission-patch # Wait for the ingress external IP TF_VAR_ingress_ip="" while [ -z $TF_VAR_ingress_ip ]; do - echo "Waiting for external IP..." + echo "Waiting for Ingress IP..." TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` if [ -z "$TF_VAR_ingress_ip" ]; then sleep 10 From 48530039c7739abafb39ac0ecd982f8ba5a29e0a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 1 Jan 2024 23:03:03 +0100 Subject: [PATCH 116/176] v1.6 --- option/terraform/tls.j2.tf | 43 +------------------------------------- 1 file changed, 1 insertion(+), 42 deletions(-) diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index c0fea1d1..7c67ee70 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -13,12 +13,6 @@ locals { } resource "oci_dns_rrset" "starter_rrset" { -{%- if deploy == "kubernetes" %} - count = var.ingress_ip=="" ? 0 : 1 -{%- else %} - count = var.dns_zone_name=="" ? 0 : 1 -{%- endif %} - #Required zone_name_or_id = var.dns_zone_name domain = var.dns_name @@ -34,9 +28,7 @@ resource "oci_dns_rrset" "starter_rrset" { } {%- if deploy == "instance_pool" %} -resource "oci_load_balancer_listener" "starter-lb-https-listener" { - #Required - count = var.certificate_ocid=="" ? 0 : 1 +resource "oci_load_balancer_listener" "starter_lb_https_listener" { load_balancer_id = oci_load_balancer.starter_pool_lb.id name = "HTTP-443" default_backend_set_name = oci_load_balancer_backend_set.starter_pool_backend_set.name @@ -56,39 +48,6 @@ resource "oci_load_balancer_listener" "starter-lb-https-listener" { verify_peer_certificate = false } } - -{%- if tls == "new" %} -resource oci_load_balancer_backend_set starter-bastion-bes { - health_checker { - protocol = "HTTP" - url_path = "/" - } - load_balancer_id = oci_load_balancer.starter_pool_lb.id - name = "${var.prefix}-bastion-bes" - policy = "ROUND_ROBIN" -} - -resource oci_load_balancer_backend starter-bastion-be { - load_balancer_id = oci_load_balancer.starter_pool_lb.id - backendset_name = oci_load_balancer_backend_set.starter-bastion-bes.name - ip_address = oci_core_instance.starter_bastion.private_ip - port = "80" - weight = "1" -} - -resource oci_load_balancer_path_route_set starter-bastion-routeset { - load_balancer_id = oci_load_balancer.starter_pool_lb.id - name = "${var.prefix}-bastion-routeset" - path_routes { - backend_set_name = oci_load_balancer_backend_set.starter-bastion-bes.name - path = "/.well-known/acme-challenge" - path_match_type { - match_type = "PREFIX_MATCH" - } - } -} -{%- endif %} - {%- endif %} From b75e1d46beb04e0a07ae636ab8ed93f2f09c19a4 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 2 Jan 2024 00:25:12 +0100 Subject: [PATCH 117/176] v1.6 --- option/oke/ingress-app.yaml | 2 +- option/oke/ingress-ui.yaml | 2 +- option/src/app/apex/ingress-app.yaml | 2 +- option/src/app/java_tomcat/ingress-app.yaml | 2 +- option/src/app/ords/ingress-app.yaml | 2 +- py_oci_starter.py | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/option/oke/ingress-app.yaml b/option/oke/ingress-app.yaml index f007be85..02442f97 100644 --- a/option/oke/ingress-app.yaml +++ b/option/oke/ingress-app.yaml @@ -13,7 +13,7 @@ spec: - http: paths: - path: /##PREFIX##/app(/|$)(.*) - pathType: Prefix + pathType: ImplementationSpecific backend: service: name: ##PREFIX##-app-service diff --git a/option/oke/ingress-ui.yaml b/option/oke/ingress-ui.yaml index d71baeea..27240ea9 100644 --- a/option/oke/ingress-ui.yaml +++ b/option/oke/ingress-ui.yaml @@ -10,7 +10,7 @@ spec: - http: paths: - path: /##PREFIX##(/|$)(.*) - pathType: Prefix + pathType: ImplementationSpecific backend: service: name: ##PREFIX##-ui-service diff --git a/option/src/app/apex/ingress-app.yaml b/option/src/app/apex/ingress-app.yaml index e7cb2b75..7bc85339 100644 --- a/option/src/app/apex/ingress-app.yaml +++ b/option/src/app/apex/ingress-app.yaml @@ -12,7 +12,7 @@ spec: - http: paths: - path: /##PREFIX##/app(/|$)(.*) - pathType: Prefix + pathType: ImplementationSpecific backend: service: name: ##PREFIX##-app-service diff --git a/option/src/app/java_tomcat/ingress-app.yaml b/option/src/app/java_tomcat/ingress-app.yaml index a6541a0b..1b7e2e54 100644 --- a/option/src/app/java_tomcat/ingress-app.yaml +++ b/option/src/app/java_tomcat/ingress-app.yaml @@ -11,7 +11,7 @@ spec: - http: paths: - path: /##PREFIX##/app(/|$)(.*) - pathType: Prefix + pathType: ImplementationSpecific backend: service: name: ##PREFIX##-app-service diff --git a/option/src/app/ords/ingress-app.yaml b/option/src/app/ords/ingress-app.yaml index fe08461a..10ca683c 100644 --- a/option/src/app/ords/ingress-app.yaml +++ b/option/src/app/ords/ingress-app.yaml @@ -12,7 +12,7 @@ spec: - http: paths: - path: /##PREFIX##/app(/|$)(.*) - pathType: Prefix + pathType: ImplementationSpecific backend: service: name: ##PREFIX##-app-service diff --git a/py_oci_starter.py b/py_oci_starter.py index 30ab37a3..31878df4 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -709,7 +709,7 @@ def create_dir_shared(): cp_terraform("bastion_shared_compute.tf") elif 'bastion_ocid' in params: cp_terraform("bastion_existing.tf") - elif params.get('database')!='none' or 'tls' in params: + elif params.get('database')!='none': cp_terraform("bastion.tf") #---------------------------------------------------------------------------- From 0df6e4e4366f91efc14c1c2c186c59ba407dea38 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 2 Jan 2024 08:44:53 +0100 Subject: [PATCH 118/176] v1.6 --- basis/bin/build_all.sh | 2 +- basis/bin/shared_bash_function.sh | 32 +++++++++++++++---------------- option/terraform/tls.j2.tf | 3 +++ py_oci_starter.py | 4 ++-- 4 files changed, 22 insertions(+), 19 deletions(-) diff --git a/basis/bin/build_all.sh b/basis/bin/build_all.sh index 883d54c8..01537864 100755 --- a/basis/bin/build_all.sh +++ b/basis/bin/build_all.sh @@ -18,7 +18,7 @@ fi . env.sh if [ -n "$TF_VAR_tls" ]; then title "Certificate" - certificate_path_before_terraform + certificate_dir_before_terraform fi title "Terraform Apply" diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index d4788cc1..3147db98 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -442,9 +442,9 @@ certificate_validity() { certificate_create() { echo "Creating or Updating certificate $TF_VAR_dns_name" - CERT_CERT=$(cat $CERTIFICATE_PATH/cert.pem) - CERT_CHAIN=$(cat $CERTIFICATE_PATH/chain.pem) - CERT_PRIVKEY=$(cat $CERTIFICATE_PATH/privkey.pem) + CERT_CERT=$(cat $CERTIFICATE_DIR/cert.pem) + CERT_CHAIN=$(cat $CERTIFICATE_DIR/chain.pem) + CERT_PRIVKEY=$(cat $CERTIFICATE_DIR/privkey.pem) if [ "$TF_VAR_certificate_ocid" == "" ]; then oci certs-mgmt certificate create-by-importing-config --compartment-id=$TF_VAR_compartment_ocid --name=$TF_VAR_dns_name --cert-chain-pem="$CERT_CHAIN" --certificate-pem="$CERT_CERT" --private-key-pem="$CERT_PRIVKEY" --wait-for-state ACTIVE --wait-for-state FAILED else @@ -454,45 +454,45 @@ certificate_create() { TF_VAR_certificate_ocid=`oci certs-mgmt certificate list --all --compartment-id $TF_VAR_compartment_ocid --name $TF_VAR_dns_name | jq -r .data.items[0].id` } -certificate_path_before_terraform() { +certificate_dir_before_terraform() { if [ "$TF_VAR_dns_name" == "" ]; then - echo "ERROR: certificate_path_before_terraform: TF_VAR_dns_name not defined" + echo "ERROR: certificate_dir_before_terraform: TF_VAR_dns_name not defined" exit 1 fi if [ -d $PROJECT_DIR/src/tls/$TF_VAR_dns_name ]; then - export CERTIFICATE_PATH=$PROJECT_DIR/src/tls/$TF_VAR_dns_name - echo Using existing CERTIFICATE_PATH=$CERTIFICATE_PATH - elif [ -d $CERTIFICATE_PATH ]; then - echo Using existing CERTIFICATE_PATH=$CERTIFICATE_PATH + export CERTIFICATE_DIR=$PROJECT_DIR/src/tls/$TF_VAR_dns_name + echo Using existing CERTIFICATE_DIR=$CERTIFICATE_DIR + elif [ -d $CERTIFICATE_DIR ]; then + echo Using existing CERTIFICATE_DIR=$CERTIFICATE_DIR elif [ "$TF_VAR_tls" == "new" ]; then # Create a new certificate via DNS-01 $BIN_DIR/tls_dns_create.sh exit_on_error - export CERTIFICATE_PATH=$PROJECT_DIR/src/tls/$TF_VAR_dns_name + export CERTIFICATE_DIR=$PROJECT_DIR/src/tls/$TF_VAR_dns_name fi if [ "$TF_VAR_deploy_strategy" == "compute" ]; then if [ -d target/compute/certificate ]; then echo "Certificate Directory exists already" - elif [ "$CERTIFICATE_PATH" != "" ]; then + elif [ "$CERTIFICATE_DIR" != "" ]; then mkdir -p target/compute/certificate - cp $CERTIFICATE_PATH/* target/compute/certificate/. + cp $CERTIFICATE_DIR/* target/compute/certificate/. cp src/tls/nginx_tls.conf target/compute/. sed -i "s/##DNS_NAME##/$TF_VAR_dns_name/" target/compute/nginx_tls.conf elif [ "$TF_VAR_tls" == "new" ]; then echo "New Certificate will be created after the deployment." else - echo "ERROR: compute: certificate_path_before_terraform: missing variables CERTIFICATE_PATH" + echo "ERROR: compute: certificate_dir_before_terraform: missing variables CERTIFICATE_DIR" exit 1 fi - elif [ "$TF_VAR_certificate_ocid" == "" ] && [ "$CERTIFICATE_PATH" != "" ] ; then + elif [ "$TF_VAR_certificate_ocid" == "" ] && [ "$CERTIFICATE_DIR" != "" ] ; then certificate_create elif [ "$TF_VAR_certificate_ocid" != "" ]; then certificate_validity elif [ "$TF_VAR_tls" == "new" ]; then echo "New Certificate will be created after the deployment." else - echo "ERROR: certificate_path_before_terraform: missing variables TF_VAR_certificate_ocid or CERTIFICATE_PATH" + echo "ERROR: certificate_dir_before_terraform: missing variables TF_VAR_certificate_ocid or CERTIFICATE_DIR" exit 1 fi } @@ -530,5 +530,5 @@ certificate_run_certbot() ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_EMAIL=\"$CERTIFICATE_EMAIL\"; bash tls/certbot_http.sh 2>&1 | tee -a tls/certbot_http.log" scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP:tls/certificate target/. exit_on_error - export CERTIFICATE_PATH=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name + export CERTIFICATE_DIR=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name } diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index 7c67ee70..dbffd485 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -13,6 +13,9 @@ locals { } resource "oci_dns_rrset" "starter_rrset" { + # XXXX Advanced case with DNS not in OCI XXXX ? + count = var.dns_zone_name=="" ? 0 : 1 + #Required zone_name_or_id = var.dns_zone_name domain = var.dns_name diff --git a/py_oci_starter.py b/py_oci_starter.py index 31878df4..a3b02806 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -125,7 +125,7 @@ def get_tf_var(param): 'deploy': 'TF_VAR_deploy_strategy', 'license': 'TF_VAR_license_model', 'ui': 'TF_VAR_ui_strategy', - 'certificate_path': 'CERTIFICATE_PATH', + 'certificate_dir': 'CERTIFICATE_DIR', 'certificate_email': 'CERTIFICATE_EMAIL' }.get(param) if special_case is not None: @@ -264,7 +264,7 @@ def tls_rules(): params['dns_name'] = TO_FILL if params.get('tls')=='existing': params['certificate_ocid'] = TO_FILL - params['certificate_path'] = TO_FILL + params['certificate_dir'] = TO_FILL elif params.get('tls')=='new': params['certificate_email'] = TO_FILL From b704a197bf51b113e6c0a61d65b5567f92359737 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 2 Jan 2024 11:09:47 +0100 Subject: [PATCH 119/176] v1.6 --- basis/bin/auto_env.sh | 6 ++---- basis/bin/shared_bash_function.sh | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 4d3835cf..b8747664 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -53,13 +53,11 @@ if declare -p | grep -q "__TO_FILL__"; then echo echo "Edit the file env.sh. Some variables needs to be filled:" cat env.sh | grep __TO_FILL__ - exit 1 + error_exit "Missing environment variables." fi if ! command -v jq &> /dev/null; then - echo "Command jq could not be found. Please install it" - echo "Ex on linux: sudo yum install jq -y" - exit 1 + error_exit "Unix command jq not found. Please install it." fi #-- PRE terraform ---------------------------------------------------------- diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 3147db98..0d7ee8e7 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -113,6 +113,21 @@ exit_on_error() { fi } +error_exit() { + echo "Stack" + echo "-----" + for (( INDEX=0; INDEX<$LEN; INDEX++ )) + do + echo "$(basename ${BASH_SOURCE[${INDEX}]}) line ${BASH_LINENO[${INDEX}]}: function ${FUNCNAME[${INDEX}]}" + done + + if [ "$1" != "" ]; then + echo "ERROR: $1" + echo $1 + fi + exit 1 +} + auto_echo () { if [ -z "$SILENT_MODE" ]; then echo "$1" From 8fabd5cef7523d1c7200ecdda7b562735c7ccb9e Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 2 Jan 2024 11:29:24 +0100 Subject: [PATCH 120/176] v1.6 --- basis/bin/auto_env.sh | 3 +-- basis/bin/build_common.sh | 4 ++-- basis/bin/shared_bash_function.sh | 28 ++++++++++++++-------------- option/oke/oke_destroy.sh | 5 ++--- option/test_suite.sh | 2 +- option/test_suite_all.sh | 2 +- option/test_suite_shared.sh | 2 +- 7 files changed, 22 insertions(+), 24 deletions(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index b8747664..fddda7c3 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -3,8 +3,7 @@ if [[ -z "${BIN_DIR}" ]]; then export BIN_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) fi if [[ -z "${PROJECT_DIR}" ]]; then - echo "Error: PROJECT_DIR not set" - exit + error_exit "PROJECT_DIR not set" fi # Target DIR diff --git a/basis/bin/build_common.sh b/basis/bin/build_common.sh index 256833a1..b9030e88 100755 --- a/basis/bin/build_common.sh +++ b/basis/bin/build_common.sh @@ -2,11 +2,11 @@ #!/bin/bash if [[ -z "${BIN_DIR}" ]]; then echo "Error: BIN_DIR not set" - exit + exit 1 fi if [[ -z "${PROJECT_DIR}" ]]; then echo "Error: PROJECT_DIR not set" - exit + exit 1 fi APP_DIR=`echo ${SCRIPT_DIR} |sed -E "s#(.*)/(.*)#\2#"` diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 0d7ee8e7..9a3d040f 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -103,31 +103,31 @@ replace_db_user_password_in_file() { sed -i "s/##DB_PASSWORD##/$TF_VAR_db_password/" $CONFIG_FILE } -exit_on_error() { - RESULT=$? - if [ $RESULT -eq 0 ]; then - echo "Success" - else - echo "Failed (RESULT=$RESULT)" - exit $RESULT - fi -} - error_exit() { - echo "Stack" - echo "-----" + echo + LEN=${#BASH_LINENO[@]} + printf "%-30s %-10s %-20s\n" "STACK TRACE" "LINE" "FUNCTION" for (( INDEX=0; INDEX<$LEN; INDEX++ )) do - echo "$(basename ${BASH_SOURCE[${INDEX}]}) line ${BASH_LINENO[${INDEX}]}: function ${FUNCNAME[${INDEX}]}" + printf " %-28s %-10s %-20s\n" $(basename ${BASH_SOURCE[${INDEX}]}) ${BASH_LINENO[${INDEX}]} ${FUNCNAME[${INDEX}]} done if [ "$1" != "" ]; then + echo echo "ERROR: $1" - echo $1 fi exit 1 } +exit_on_error() { + RESULT=$? + if [ $RESULT -eq 0 ]; then + echo "Success" + else + error_exit "Failed (RESULT=$RESULT)" + fi +} + auto_echo () { if [ -z "$SILENT_MODE" ]; then echo "$1" diff --git a/option/oke/oke_destroy.sh b/option/oke/oke_destroy.sh index c125c003..a419148e 100755 --- a/option/oke/oke_destroy.sh +++ b/option/oke/oke_destroy.sh @@ -13,8 +13,7 @@ fi echo "OKE DESTROY" if [ "$1" != "--auto-approve" ]; then - echo "Error: Please call this script via destroy.sh" - exit + error_exit "Please call this script via destroy.sh" fi if [ ! -f $KUBECONFIG ]; then @@ -25,7 +24,7 @@ fi get_id_from_tfstate "OKE_OCID" "starter_oke" if [ "$OKE_OCID" == "" ]; then echo "OKE_DESTROY skipped. OKE not detected in $STATE_FILE" - exit + exit 0 fi # The goal is to destroy all LoadBalancers created by OKE in OCI before to delete OKE. diff --git a/option/test_suite.sh b/option/test_suite.sh index a101f238..38dea53d 100755 --- a/option/test_suite.sh +++ b/option/test_suite.sh @@ -62,7 +62,7 @@ build_test_destroy () { echo "destroy_secs=$SECONDS" >> ${TEST_DIR}_time.txt cat ${TEST_DIR}_time.txt else - echo "Error: no output directory" + echo "ERROR: no output directory" fi } diff --git a/option/test_suite_all.sh b/option/test_suite_all.sh index 53aa8699..3f2bb868 100755 --- a/option/test_suite_all.sh +++ b/option/test_suite_all.sh @@ -88,7 +88,7 @@ build_option() { mv output $TEST_DIR build_test_destroy else - echo "Error: no output directory" + echo "ERROR: no output directory" fi } diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index 4b5d3754..3a4bcf83 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -205,7 +205,7 @@ build_option() { build_test_destroy fi else - echo "Error: no output directory" + echo "ERROR: no output directory" fi } From 2aa1132f7eaf2741ce8f1bd9fcab0de0bd0007b8 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 2 Jan 2024 11:30:13 +0100 Subject: [PATCH 121/176] v1.6 --- basis/bin/auto_env.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index fddda7c3..edbe2489 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -47,7 +47,8 @@ livelabs_green_button # XXX -> It would be safer to check also for TF_VAR_xxx containing __TO_FILL__ too if declare -p | grep -q "__TO_FILL__"; then - echo "Error: missing environment variables." + echo "ERROR: missing environment variables" + echo declare -p | grep __TO_FILL__ echo echo "Edit the file env.sh. Some variables needs to be filled:" From b7d5e2645efc013852cd8eea5ed4fee99c007f90 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Tue, 2 Jan 2024 11:30:43 +0100 Subject: [PATCH 122/176] v1.6 --- basis/bin/auto_env.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index edbe2489..7d06be02 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -47,6 +47,7 @@ livelabs_green_button # XXX -> It would be safer to check also for TF_VAR_xxx containing __TO_FILL__ too if declare -p | grep -q "__TO_FILL__"; then + echo echo "ERROR: missing environment variables" echo declare -p | grep __TO_FILL__ From c62b5d1b5c8c79939d7037b998164eeb1794f111 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 3 Jan 2024 16:02:14 +0100 Subject: [PATCH 123/176] v1.6 --- basis/bin/build_all.sh | 4 ++-- basis/bin/shared_bash_function.sh | 36 ++++++++++++------------------- py_oci_starter.py | 18 +++++++++++----- 3 files changed, 29 insertions(+), 29 deletions(-) diff --git a/basis/bin/build_all.sh b/basis/bin/build_all.sh index 01537864..da079f6c 100755 --- a/basis/bin/build_all.sh +++ b/basis/bin/build_all.sh @@ -16,7 +16,7 @@ if [ "$TF_VAR_ssh_private_path" == "" ]; then fi . env.sh -if [ -n "$TF_VAR_tls" ]; then +if [ "$TF_VAR_tls" != "" ]; then title "Certificate" certificate_dir_before_terraform fi @@ -76,7 +76,7 @@ elif [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then exit_on_error fi -if [ -n "$TF_VAR_tls" ]; then +if [ "$TF_VAR_tls" != "" ]; then title "Certificate - Post Deploy" certificate_post_deploy fi diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 9a3d040f..cfbf09db 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -479,7 +479,7 @@ certificate_dir_before_terraform() { echo Using existing CERTIFICATE_DIR=$CERTIFICATE_DIR elif [ -d $CERTIFICATE_DIR ]; then echo Using existing CERTIFICATE_DIR=$CERTIFICATE_DIR - elif [ "$TF_VAR_tls" == "new" ]; then + elif [ "$TF_VAR_tls" == "new_dns_01" ]; then # Create a new certificate via DNS-01 $BIN_DIR/tls_dns_create.sh exit_on_error @@ -494,7 +494,7 @@ certificate_dir_before_terraform() { cp $CERTIFICATE_DIR/* target/compute/certificate/. cp src/tls/nginx_tls.conf target/compute/. sed -i "s/##DNS_NAME##/$TF_VAR_dns_name/" target/compute/nginx_tls.conf - elif [ "$TF_VAR_tls" == "new" ]; then + elif [ "$TF_VAR_tls" == "new_http_01" ]; then echo "New Certificate will be created after the deployment." else echo "ERROR: compute: certificate_dir_before_terraform: missing variables CERTIFICATE_DIR" @@ -504,11 +504,8 @@ certificate_dir_before_terraform() { certificate_create elif [ "$TF_VAR_certificate_ocid" != "" ]; then certificate_validity - elif [ "$TF_VAR_tls" == "new" ]; then - echo "New Certificate will be created after the deployment." else - echo "ERROR: certificate_dir_before_terraform: missing variables TF_VAR_certificate_ocid or CERTIFICATE_DIR" - exit 1 + exit_error "certificate_dir_before_terraform: missing variables TF_VAR_certificate_ocid or CERTIFICATE_DIR" fi } @@ -519,31 +516,26 @@ certificate_post_deploy() { get_ui_url src/terraform/apply.sh --auto-approve -no-color exit_on_error - elif [ "$TF_VAR_tls" == "new" ]; then + elif [ "$TF_VAR_tls" == "new_http_01" ]; then if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - certificate_run_certbot + certificate_run_certbot_http_01 fi fi } -# Generate a certificate on compute or bastion -certificate_run_certbot() +# Generate a certificate on compute +certificate_run_certbot_http_01() { if [ -z "$CERTIFICATE_EMAIL" ]; then - echo "Error: CERTIFICATE_EMAIL is not defined." - exit 1 + exit_error "CERTIFICATE_EMAIL is not defined." fi - if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - # Generate the certificate with Let'Encrypt on the COMPUTE - TLS_IP=$COMPUTE_IP - else - # Generate the certificate with Let'Encrypt on the BASTION - TLS_IP=$BASTION_IP - fi - scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path src/tls opc@$TLS_IP:/home/opc/. + + # Generate the certificate with Let'Encrypt on the COMPUTE + TLS_IP=$COMPUTE_IP + scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path src/tls opc@$COMPUTE_IP:/home/opc/. exit_on_error - ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_EMAIL=\"$CERTIFICATE_EMAIL\"; bash tls/certbot_http.sh 2>&1 | tee -a tls/certbot_http.log" - scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$TLS_IP:tls/certificate target/. + ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$COMPUTE_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_EMAIL=\"$CERTIFICATE_EMAIL\"; bash tls/certbot_http.sh 2>&1 | tee -a tls/certbot_http.log" + scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$COMPUTE_IP:tls/certificate target/. exit_on_error export CERTIFICATE_DIR=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name } diff --git a/py_oci_starter.py b/py_oci_starter.py index a3b02806..be682715 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -106,7 +106,7 @@ def allowed_options(): '-mode': {CLI, GIT, ZIP}, '-shape': {'amd','freetier_amd','ampere'}, '-db_install': {'default', 'shared_compute', 'kubernetes'}, - '-tls': {'none', 'new', 'existing'} + '-tls': {'none', 'new_http_01', 'new_dns_01', 'existing_ocid', 'existing_path'} } def check_values(): @@ -260,13 +260,18 @@ def tls_rules(): if params.get('tls')=='none': params.pop('tls') else: - params['dns_zone_name'] = TO_FILL params['dns_name'] = TO_FILL - if params.get('tls')=='existing': + if params.get('tls')=='new_http_01': + params['certificate_email'] = TO_FILL + elif params.get('tls')=='new_dns_01': + params['certificate_email'] = TO_FILL + params['dns_zone_name'] = TO_FILL + elif params.get('tls')=='existing_ocid': + params['dns_zone_name'] = TO_FILL params['certificate_ocid'] = TO_FILL + elif params.get('tls')=='existing_ocid': + params['dns_zone_name'] = TO_FILL params['certificate_dir'] = TO_FILL - elif params.get('tls')=='new': - params['certificate_email'] = TO_FILL def apply_rules(): @@ -856,6 +861,9 @@ def create_output_dir(): cp_terraform("tls.j2.tf") if params.get('deploy') == 'kubernetes': cp_terraform_apigw("apigw_kubernetes_tls_append.tf") + elif params.get('deploy') == 'compute': + if params.get('tls') == 'existing_ocid': + cp_terraform_apigw("apigw_compute_append.tf") if params.get('tls') == 'new': output_copy_tree("option/tls/new", "src/tls") From 1501392fc864623b711f6c7c1af5b6a4272c44e2 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 3 Jan 2024 16:16:30 +0100 Subject: [PATCH 124/176] v1.6 --- basis/bin/shared_bash_function.sh | 1 - option/terraform/apigw_compute_append.tf | 3 --- 2 files changed, 4 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index cfbf09db..02d9ac27 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -531,7 +531,6 @@ certificate_run_certbot_http_01() fi # Generate the certificate with Let'Encrypt on the COMPUTE - TLS_IP=$COMPUTE_IP scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path src/tls opc@$COMPUTE_IP:/home/opc/. exit_on_error ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$COMPUTE_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_EMAIL=\"$CERTIFICATE_EMAIL\"; bash tls/certbot_http.sh 2>&1 | tee -a tls/certbot_http.log" diff --git a/option/terraform/apigw_compute_append.tf b/option/terraform/apigw_compute_append.tf index 9e05e911..60bf610f 100644 --- a/option/terraform/apigw_compute_append.tf +++ b/option/terraform/apigw_compute_append.tf @@ -3,9 +3,6 @@ locals { } resource "oci_apigateway_deployment" "starter_apigw_deployment" { -{%- if tls is defined %} - count = var.certificate_ocid == "" ? 0 : 1 -{%- endif %} compartment_id = local.lz_appdev_cmp_ocid display_name = "${var.prefix}-apigw-deployment" gateway_id = local.apigw_ocid From 19283c44bcced42fa4931018aeda4e4c80062cd4 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 3 Jan 2024 16:35:25 +0100 Subject: [PATCH 125/176] v1.6 --- option/terraform/apigw.j2.tf | 11 ++--------- option/terraform/tls.j2.tf | 2 +- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/option/terraform/apigw.j2.tf b/option/terraform/apigw.j2.tf index 29533512..3ec639c7 100644 --- a/option/terraform/apigw.j2.tf +++ b/option/terraform/apigw.j2.tf @@ -10,10 +10,7 @@ resource oci_apigateway_gateway starter_apigw { freeform_tags = local.freeform_tags {%- if tls is defined %} - count = var.certificate_ocid == "" ? 0 : 1 certificate_id = var.certificate_ocid -{%- else %} - count = 1 {%- endif %} } @@ -22,13 +19,9 @@ resource "oci_apigateway_api" "starter_api" { content = var.openapi_spec display_name = "${var.prefix}-api" freeform_tags = local.freeform_tags - -{%- if tls is defined %} - count = var.certificate_ocid == "" ? 0 : 1 -{%- endif %} } locals { - apigw_ocid = try(oci_apigateway_gateway.starter_apigw[0].id, "") - apigw_ip = try(oci_apigateway_gateway.starter_apigw[0].ip_addresses[0].ip_address,"") + apigw_ocid = try(oci_apigateway_gateway.starter_apigw.id, "") + apigw_ip = try(oci_apigateway_gateway.starter_apigw.ip_addresses[0].ip_address,"") } diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index dbffd485..74d2f3bb 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -3,7 +3,7 @@ variable "dns_name" { default="" } variable "dns_ip" { default="" } locals { -{%- if deploy == "compute" %} +{%- if deploy == "compute" and tls != "existing_ocid" %} dns_ip = local.compute_public_ip {%- elif deploy == "instance_pool" %} dns_ip = local.instance_pool_lb_ip From 3207656f056b64e9f51cd660b86f8d747274080b Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 3 Jan 2024 16:41:30 +0100 Subject: [PATCH 126/176] v1.6 --- option/terraform/apigw_compute_append.tf | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/option/terraform/apigw_compute_append.tf b/option/terraform/apigw_compute_append.tf index 60bf610f..b58e0d63 100644 --- a/option/terraform/apigw_compute_append.tf +++ b/option/terraform/apigw_compute_append.tf @@ -15,7 +15,15 @@ resource "oci_apigateway_deployment" "starter_apigw_deployment" { type = "HTTP_BACKEND" url = "##APP_URL##" } - } + } + routes { + path = "/{pathname*}" + methods = [ "ANY" ] + backend { + type = "HTTP_BACKEND" + url = "http://${local.apigw_dest_private_ip}/$${request.path[pathname]}" + } + } } freeform_tags = local.api_tags } From aae974e5fb1b630d780fa260fb6f5daacc88d0c3 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 3 Jan 2024 17:33:23 +0100 Subject: [PATCH 127/176] v1.6 --- basis/bin/shared_bash_function.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 02d9ac27..ce3c9177 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -250,11 +250,15 @@ get_user_details() { # Get the user interface URL get_ui_url() { if [ "$TF_VAR_deploy_strategy" == "compute" ]; then - export UI_URL=http://${COMPUTE_IP} - if [ "$TF_VAR_certificate_ocid" != "" ]; then - export UI_HTTP=$UI_URL - export UI_URL=https://${TF_VAR_dns_name} - fi + if [ "$TF_VAR_tls" == "existing_ocid" ]; then + export UI_HTTP=http://${COMPUTE_IP}/${TF_VAR_prefix} + export UI_URL=https://${TF_VAR_dns_name}/${TF_VAR_prefix} + else + export UI_URL=http://${COMPUTE_IP} + if [ "$TF_VAR_certificate_ocid" != "" ]; then + export UI_HTTP=$UI_URL + export UI_URL=https://${TF_VAR_dns_name} + fi elif [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then get_output_from_tfstate INSTANCE_POOL_LB_IP instance_pool_lb_ip export UI_URL=http://${INSTANCE_POOL_LB_IP} From 5528304870d45200852b311316530240284f32b5 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 3 Jan 2024 17:33:47 +0100 Subject: [PATCH 128/176] v1.6 --- basis/bin/shared_bash_function.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index ce3c9177..9975fde1 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -259,6 +259,7 @@ get_ui_url() { export UI_HTTP=$UI_URL export UI_URL=https://${TF_VAR_dns_name} fi + fi elif [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then get_output_from_tfstate INSTANCE_POOL_LB_IP instance_pool_lb_ip export UI_URL=http://${INSTANCE_POOL_LB_IP} From 3fb5bb74b7f40b36e61d52c1f7dc56d7f9599976 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 3 Jan 2024 18:07:20 +0100 Subject: [PATCH 129/176] v1.6 --- basis/bin/shared_bash_function.sh | 1 - option/test_suite_group_all.sh | 14 +++++++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 9975fde1..b0208a70 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -251,7 +251,6 @@ get_user_details() { get_ui_url() { if [ "$TF_VAR_deploy_strategy" == "compute" ]; then if [ "$TF_VAR_tls" == "existing_ocid" ]; then - export UI_HTTP=http://${COMPUTE_IP}/${TF_VAR_prefix} export UI_URL=https://${TF_VAR_dns_name}/${TF_VAR_prefix} else export UI_URL=http://${COMPUTE_IP} diff --git a/option/test_suite_group_all.sh b/option/test_suite_group_all.sh index 8416b2d9..f5007c46 100755 --- a/option/test_suite_group_all.sh +++ b/option/test_suite_group_all.sh @@ -155,10 +155,18 @@ loop_tls() { OPTION_JAVA_FRAMEWORK=springboot OPTION_UI=html OPTION_DB=none - OPTION_TLS=existing + OPTION_TLS=existing_dir loop_tls_deploy - # OPTION_TLS=new - # loop_tls_deploy + # existing_ocid is part of existing_dir + + OPTION_TLS=new_http_01 + OPTION_DEPLOY=compute + build_option + + OPTION_TLS=new_dns_01 + OPTION_DEPLOY=container_instance + build_option + OPTION_GROUP_NAME=dummy } From fc897621b88022a429a3035f4af6b50c5e544ef1 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 4 Jan 2024 11:41:12 +0100 Subject: [PATCH 130/176] v1.6 --- py_oci_starter.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index be682715..301e9e01 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -106,7 +106,7 @@ def allowed_options(): '-mode': {CLI, GIT, ZIP}, '-shape': {'amd','freetier_amd','ampere'}, '-db_install': {'default', 'shared_compute', 'kubernetes'}, - '-tls': {'none', 'new_http_01', 'new_dns_01', 'existing_ocid', 'existing_path'} + '-tls': {'none', 'new_http_01', 'new_dns_01', 'existing_ocid', 'existing_dir'} } def check_values(): @@ -842,8 +842,10 @@ def create_output_dir(): output_copy_tree("option/compute", "src/compute") if params.get('deploy') == 'instance_pool': cp_terraform("instance_pool.j2.tf") - elif params.get('tls') == 'existing': + elif params.get('tls')=='existing_dir': output_copy_tree("option/tls/compute_existing", "src/tls") + elif params.get('tls') == 'existing_ocid': + cp_terraform_apigw("apigw_compute_append.tf") elif params.get('deploy') == "container_instance": if 'group_common' not in params: @@ -861,9 +863,6 @@ def create_output_dir(): cp_terraform("tls.j2.tf") if params.get('deploy') == 'kubernetes': cp_terraform_apigw("apigw_kubernetes_tls_append.tf") - elif params.get('deploy') == 'compute': - if params.get('tls') == 'existing_ocid': - cp_terraform_apigw("apigw_compute_append.tf") if params.get('tls') == 'new': output_copy_tree("option/tls/new", "src/tls") From 960294b475bff77ece4f338bb5b3d727826f6609 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 4 Jan 2024 11:41:52 +0100 Subject: [PATCH 131/176] v1.6 --- py_oci_starter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 301e9e01..ef3276e6 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -842,7 +842,7 @@ def create_output_dir(): output_copy_tree("option/compute", "src/compute") if params.get('deploy') == 'instance_pool': cp_terraform("instance_pool.j2.tf") - elif params.get('tls')=='existing_dir': + elif params.get('tls') == 'existing_dir': output_copy_tree("option/tls/compute_existing", "src/tls") elif params.get('tls') == 'existing_ocid': cp_terraform_apigw("apigw_compute_append.tf") From b4d146be1bf3ba71c753d4a80cbdd2cc19094fef Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 4 Jan 2024 11:45:51 +0100 Subject: [PATCH 132/176] v1.6 --- option/test_suite_shared.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index 3a4bcf83..df3e8811 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -103,6 +103,11 @@ build_test () { fi } +echo_errors_csv() { + echo "$CSV_DATE,$OPTION_DEPLOY,$OPTION_LANG,$OPTION_JAVA_FRAMEWORK,$OPTION_JAVA_VM,$OPTION_DB,$OPTION_DB_INSTALL,$OPTION_UI,$OPTION_SHAPE,$CSV_NAME,$CSV_HTML_OK,$CSV_JSON_OK,$CSV_BUILD_SECOND,$CSV_DESTROY_SECOND,$CSV_RUN100_OK,$CSV_RUN100_SECOND" >> $TEST_HOME/errors.csv + echo "./test_rerun.sh $TEST_DIR" >> $TEST_HOME/error_rerun.sh +} + build_test_destroy () { BUILD_ID=1 build_test @@ -129,8 +134,7 @@ build_test_destroy () { echo "$CSV_DATE,$OPTION_DEPLOY,$OPTION_LANG,-,-,$OPTION_DB,$OPTION_DB_INSTALL,$OPTION_UI,$OPTION_SHAPE,$CSV_NAME,$CSV_HTML_OK,$CSV_JSON_OK,$CSV_BUILD_SECOND,$CSV_DESTROY_SECOND,$CSV_RUN100_OK,$CSV_RUN100_SECOND" >> $TEST_HOME/result.csv fi if [ "$CSV_JSON_OK" != "1" ] || [ "$CSV_HTML_OK" != "1" ]; then - echo "$CSV_DATE,$OPTION_DEPLOY,$OPTION_LANG,$OPTION_JAVA_FRAMEWORK,$OPTION_JAVA_VM,$OPTION_DB,$OPTION_DB_INSTALL,$OPTION_UI,$OPTION_SHAPE,$CSV_NAME,$CSV_HTML_OK,$CSV_JSON_OK,$CSV_BUILD_SECOND,$CSV_DESTROY_SECOND,$CSV_RUN100_OK,$CSV_RUN100_SECOND" >> $TEST_HOME/errors.csv - echo "./test_rerun.sh $TEST_DIR" >> $TEST_HOME/error_rerun.sh + echo_errors_csv fi } @@ -206,6 +210,7 @@ build_option() { fi else echo "ERROR: no output directory" + echo_errors_csv fi } From bcc27bc72a954df087cc62bc45189e33e23ff6bd Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 5 Jan 2024 00:01:33 +0100 Subject: [PATCH 133/176] v1.6 --- py_oci_starter.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index ef3276e6..51557d94 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -844,6 +844,8 @@ def create_output_dir(): cp_terraform("instance_pool.j2.tf") elif params.get('tls') == 'existing_dir': output_copy_tree("option/tls/compute_existing", "src/tls") + elif params.get('tls') == 'new_http_01': + output_copy_tree("option/tls/new", "src/tls") elif params.get('tls') == 'existing_ocid': cp_terraform_apigw("apigw_compute_append.tf") @@ -863,8 +865,6 @@ def create_output_dir(): cp_terraform("tls.j2.tf") if params.get('deploy') == 'kubernetes': cp_terraform_apigw("apigw_kubernetes_tls_append.tf") - if params.get('tls') == 'new': - output_copy_tree("option/tls/new", "src/tls") if os.path.exists(output_dir + "/src/app/openapi_spec_append.yaml"): append_file( output_dir + "/src/app/openapi_spec.yaml", output_dir + "/src/app/openapi_spec_append.yaml") From 8252ca2a9761467da43fc888f3fd34ccfe79b7ff Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 5 Jan 2024 00:02:13 +0100 Subject: [PATCH 134/176] v1.6 --- option/tls/{new => new_http_01}/certbot_http.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename option/tls/{new => new_http_01}/certbot_http.sh (100%) diff --git a/option/tls/new/certbot_http.sh b/option/tls/new_http_01/certbot_http.sh similarity index 100% rename from option/tls/new/certbot_http.sh rename to option/tls/new_http_01/certbot_http.sh From 064dd6cb0d3edbbf4b9e43f090beb6f13a237dbc Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 5 Jan 2024 00:02:24 +0100 Subject: [PATCH 135/176] v1.6 --- py_oci_starter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 51557d94..f32893c6 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -845,7 +845,7 @@ def create_output_dir(): elif params.get('tls') == 'existing_dir': output_copy_tree("option/tls/compute_existing", "src/tls") elif params.get('tls') == 'new_http_01': - output_copy_tree("option/tls/new", "src/tls") + output_copy_tree("option/tls/new_http_01", "src/tls") elif params.get('tls') == 'existing_ocid': cp_terraform_apigw("apigw_compute_append.tf") From 96bd6e70c6bb3b730d5b01e2664e9c75d8feaa78 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 5 Jan 2024 00:03:06 +0100 Subject: [PATCH 136/176] v1.6 --- .../{compute_existing => compute_existing_dir}/nginx_tls.conf | 0 py_oci_starter.py | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename option/tls/{compute_existing => compute_existing_dir}/nginx_tls.conf (100%) diff --git a/option/tls/compute_existing/nginx_tls.conf b/option/tls/compute_existing_dir/nginx_tls.conf similarity index 100% rename from option/tls/compute_existing/nginx_tls.conf rename to option/tls/compute_existing_dir/nginx_tls.conf diff --git a/py_oci_starter.py b/py_oci_starter.py index f32893c6..0813ad66 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -843,7 +843,7 @@ def create_output_dir(): if params.get('deploy') == 'instance_pool': cp_terraform("instance_pool.j2.tf") elif params.get('tls') == 'existing_dir': - output_copy_tree("option/tls/compute_existing", "src/tls") + output_copy_tree("option/tls/compute_existing_dir", "src/tls") elif params.get('tls') == 'new_http_01': output_copy_tree("option/tls/new_http_01", "src/tls") elif params.get('tls') == 'existing_ocid': From 73dd682b3e7fb3d1635ca633f2b2525a41796c29 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 5 Jan 2024 09:28:16 +0100 Subject: [PATCH 137/176] v1.6 --- option/test_suite_shared.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index df3e8811..1eeae416 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -204,6 +204,9 @@ build_option() { mkdir output/target cp $TEST_HOME/group_common/target/ssh* output/target/. rm -Rf $TEST_DIR + if [ -f ${TEST_DIR}_time.txt ]; then + rm ${TEST_DIR}_time.txt + fi mv output $TEST_DIR if [ -z $GENERATE_ONLY ]; then build_test_destroy From 9d45e167654a952b38e2717324a7e54de9c88f51 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 5 Jan 2024 09:31:01 +0100 Subject: [PATCH 138/176] v1.6 --- option/test_suite_shared.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index 1eeae416..ed9aeb91 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -205,7 +205,7 @@ build_option() { cp $TEST_HOME/group_common/target/ssh* output/target/. rm -Rf $TEST_DIR if [ -f ${TEST_DIR}_time.txt ]; then - rm ${TEST_DIR}_time.txt + rm ${TEST_DIR}_* fi mv output $TEST_DIR if [ -z $GENERATE_ONLY ]; then From dfe7d7f8ae9d6c47e5f8c280512636d8fcb91d85 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Fri, 5 Jan 2024 16:46:53 +0100 Subject: [PATCH 139/176] v1.6 --- basis/bin/shared_bash_function.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index b0208a70..9e3dbc19 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -106,10 +106,10 @@ replace_db_user_password_in_file() { error_exit() { echo LEN=${#BASH_LINENO[@]} - printf "%-30s %-10s %-20s\n" "STACK TRACE" "LINE" "FUNCTION" + printf "%-40s %-10s %-20s\n" "STACK TRACE" "LINE" "FUNCTION" for (( INDEX=0; INDEX<$LEN; INDEX++ )) do - printf " %-28s %-10s %-20s\n" $(basename ${BASH_SOURCE[${INDEX}]}) ${BASH_LINENO[${INDEX}]} ${FUNCNAME[${INDEX}]} + printf " %-37s %-10s %-20s\n" ${BASH_SOURCE[${INDEX}]#$PROJECT_DIR/} ${BASH_LINENO[$(($INDEX-1))]} ${FUNCNAME[${INDEX}]} done if [ "$1" != "" ]; then @@ -124,7 +124,10 @@ exit_on_error() { if [ $RESULT -eq 0 ]; then echo "Success" else - error_exit "Failed (RESULT=$RESULT)" + echo + echo "EXIT ON ERROR - HISTORY" + history 2 + error_exit "Command Failed (RESULT=$RESULT)" fi } From 2d46a20cce2f2efd6dc27cd7b773131f9fe22791 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sat, 6 Jan 2024 10:26:45 +0100 Subject: [PATCH 140/176] v1.6 --- basis/bin/auto_env.sh | 4 ++++ option/test_suite_group_all.sh | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 7d06be02..4b1bbd65 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -1,4 +1,8 @@ #!/bin/bash + +# Enable BASH history for Stack Trace +set -o history -o histexpand + if [[ -z "${BIN_DIR}" ]]; then export BIN_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) fi diff --git a/option/test_suite_group_all.sh b/option/test_suite_group_all.sh index f5007c46..8726a71e 100755 --- a/option/test_suite_group_all.sh +++ b/option/test_suite_group_all.sh @@ -129,7 +129,7 @@ loop_shared_compute() { # Helidon 4 OPTION_DB_INSTALL=default - OPTION_DB=ATP + OPTION_DB=atp OPTION_JAVA_FRAMEWORK=helidon4 build_option } From 733cc96b108712b817ff9e89e348f1b712ddfc8a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 7 Jan 2024 14:13:51 +0100 Subject: [PATCH 141/176] v1.6 --- option/tls/new_http_01/certbot_http.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/option/tls/new_http_01/certbot_http.sh b/option/tls/new_http_01/certbot_http.sh index 6066d8a4..8ee30f90 100755 --- a/option/tls/new_http_01/certbot_http.sh +++ b/option/tls/new_http_01/certbot_http.sh @@ -54,4 +54,7 @@ done # Place the certificate in an OPC directory so that it can be copied via SSH. mkdir certificate sudo cp -Lr /etc/letsencrypt/live/$TF_VAR_dns_name /home/opc/tls/certificate -sudo chown -R opc certificate \ No newline at end of file +sudo chown -R opc certificate + +# Cron job for Let's Encrypt (Certbot) renewal (each day at 1AM) +sudo echo '0 1 * * * certbot renew --post-hook "systemctl reload nginx"' >> /etc/crontab From 3c28a8506726c0d986d00c10674dfa1b2d26d1ba Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 7 Jan 2024 14:15:41 +0100 Subject: [PATCH 142/176] v1.6 --- basis/bin/shared_bash_function.sh | 2 +- option/tls/new_http_01/{certbot_http.sh => certbot_http_01.sh} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename option/tls/new_http_01/{certbot_http.sh => certbot_http_01.sh} (100%) diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index 9e3dbc19..f9ca32d9 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -540,7 +540,7 @@ certificate_run_certbot_http_01() # Generate the certificate with Let'Encrypt on the COMPUTE scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path src/tls opc@$COMPUTE_IP:/home/opc/. exit_on_error - ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$COMPUTE_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_EMAIL=\"$CERTIFICATE_EMAIL\"; bash tls/certbot_http.sh 2>&1 | tee -a tls/certbot_http.log" + ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$COMPUTE_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_EMAIL=\"$CERTIFICATE_EMAIL\"; bash tls/certbot_http_01.sh 2>&1 | tee -a tls/certbot_http_01.log" scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$COMPUTE_IP:tls/certificate target/. exit_on_error export CERTIFICATE_DIR=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name diff --git a/option/tls/new_http_01/certbot_http.sh b/option/tls/new_http_01/certbot_http_01.sh similarity index 100% rename from option/tls/new_http_01/certbot_http.sh rename to option/tls/new_http_01/certbot_http_01.sh From bda378868caae12b16f73b6a0f68423d089bbf70 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 7 Jan 2024 14:25:15 +0100 Subject: [PATCH 143/176] v1.6 --- option/compute/compute_bootstrap.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/compute/compute_bootstrap.sh b/option/compute/compute_bootstrap.sh index 0e9cc453..c41ea489 100755 --- a/option/compute/compute_bootstrap.sh +++ b/option/compute/compute_bootstrap.sh @@ -123,7 +123,7 @@ else fi # TLS -if [ -d certificate ]; then +if [ -f nginx_tls.conf ]; then echo "Adding nginx_tls.conf" sudo cp nginx_tls.conf /etc/nginx/conf.d/. sudo awk -i inplace '/# HTTPS server/ && !x {print " include conf.d/nginx_tls.conf;"; x=1} 1' /etc/nginx/nginx.conf From 428c4eb9dbf3571162531f007256cdcacd13e7b4 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 7 Jan 2024 18:10:31 +0100 Subject: [PATCH 144/176] v1.6 --- option/tls/new_http_01/certbot_http_01.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/tls/new_http_01/certbot_http_01.sh b/option/tls/new_http_01/certbot_http_01.sh index 8ee30f90..ed714e72 100755 --- a/option/tls/new_http_01/certbot_http_01.sh +++ b/option/tls/new_http_01/certbot_http_01.sh @@ -57,4 +57,4 @@ sudo cp -Lr /etc/letsencrypt/live/$TF_VAR_dns_name /home/opc/tls/certificate sudo chown -R opc certificate # Cron job for Let's Encrypt (Certbot) renewal (each day at 1AM) -sudo echo '0 1 * * * certbot renew --post-hook "systemctl reload nginx"' >> /etc/crontab +echo '0 1 * * * certbot renew --post-hook "systemctl reload nginx"' | sudo bash -c "tee >> /etc/crontab" From 16d49357098aeee24f86a233fcda1bc1cbcf284b Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 7 Jan 2024 19:55:04 +0100 Subject: [PATCH 145/176] v1.6 --- py_oci_starter.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 0813ad66..8d0a85ee 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -234,8 +234,11 @@ def zip_rules(): else: zip_dir = params['prefix'] output_dir = "zip" + os.sep + params['zip'] + os.sep + zip_dir - file_output('zip' + os.sep + params['zip'] + '.param', [json.dumps(params)]) - + file_params = params.copy() + file_params.pop("zip") + file_params.pop("output_dir") + file_output('zip' + os.sep + params['zip'] + '.param', [json.dumps(file_params)]) + file_output(output_dir + os.sep + 'params.json', [json.dumps(file_params)]) def group_common_rules(): if params.get('group_common'): From a5bf109163f521e6b9f04b0224a872493bbd8e8c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 7 Jan 2024 22:55:51 +0100 Subject: [PATCH 146/176] v1.6 --- py_oci_starter.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 8d0a85ee..9e4ecf54 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -228,17 +228,17 @@ def license_rules(): def zip_rules(): global output_dir, zip_dir output_dir = params['output_dir'] + file_params = params.copy() + file_params.pop("zip") + file_params.pop("output_dir") if 'zip' in params: if 'group_name' in params: zip_dir = params['group_name'] else: zip_dir = params['prefix'] output_dir = "zip" + os.sep + params['zip'] + os.sep + zip_dir - file_params = params.copy() - file_params.pop("zip") - file_params.pop("output_dir") file_output('zip' + os.sep + params['zip'] + '.param', [json.dumps(file_params)]) - file_output(output_dir + os.sep + 'params.json', [json.dumps(file_params)]) + file_output(output_dir + os.sep + '.oci_starter_params.json', [json.dumps(file_params)]) def group_common_rules(): if params.get('group_common'): From dd3fa70a35cd4d4c8cb845780171e648bcbd928b Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 7 Jan 2024 23:00:47 +0100 Subject: [PATCH 147/176] v1.6 --- py_oci_starter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 9e4ecf54..78c12d34 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -229,9 +229,9 @@ def zip_rules(): global output_dir, zip_dir output_dir = params['output_dir'] file_params = params.copy() - file_params.pop("zip") file_params.pop("output_dir") if 'zip' in params: + file_params.pop("zip") if 'group_name' in params: zip_dir = params['group_name'] else: From ff4e05ae502f6fc168b1c854ff2335d7bbb3028a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 7 Jan 2024 23:03:59 +0100 Subject: [PATCH 148/176] v1.6 --- py_oci_starter.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/py_oci_starter.py b/py_oci_starter.py index 78c12d34..3bc11469 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -238,6 +238,8 @@ def zip_rules(): zip_dir = params['prefix'] output_dir = "zip" + os.sep + params['zip'] + os.sep + zip_dir file_output('zip' + os.sep + params['zip'] + '.param', [json.dumps(file_params)]) + # Store the params in a file to be able to regenerate the sample with newer versions + os.mkdir(output_dir) file_output(output_dir + os.sep + '.oci_starter_params.json', [json.dumps(file_params)]) def group_common_rules(): From 2012333c708de78b0b7e423176d5305b1d1dc2bf Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 7 Jan 2024 23:06:05 +0100 Subject: [PATCH 149/176] v1.6 --- py_oci_starter.py | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 3bc11469..3ba52e76 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -1103,20 +1103,15 @@ def jinja2_replace_template(): errors = [] if mode == CLI: - apply_rules() - if len(errors) > 0: - mode = ABORT - elif os.path.isdir(output_dir): + if os.path.isdir(output_dir): print("Output dir exists already.") mode = ABORT else: - print_warnings() - -if mode == GIT: - print("GIT mode currently not implemented.") - # git clone $GIT_URL - # cp ../mode/git/* $REPOSITORY_NAME/. - exit() + apply_rules() + if len(errors) > 0: + mode = ABORT + else: + print_warnings() if mode == ABORT: print(help()) From 44d1869eb323bb9ccbf543d3ce69eae24a248b97 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 7 Jan 2024 23:09:29 +0100 Subject: [PATCH 150/176] v1.6 --- py_oci_starter.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 3ba52e76..13bd4929 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -239,8 +239,8 @@ def zip_rules(): output_dir = "zip" + os.sep + params['zip'] + os.sep + zip_dir file_output('zip' + os.sep + params['zip'] + '.param', [json.dumps(file_params)]) # Store the params in a file to be able to regenerate the sample with newer versions - os.mkdir(output_dir) - file_output(output_dir + os.sep + '.oci_starter_params.json', [json.dumps(file_params)]) + os.mkdir(output_dir+os.sep+"src") + file_output(output_dir + os.sep + "src" + os.sep + 'params.json', [json.dumps(file_params)]) def group_common_rules(): if params.get('group_common'): From ceda26a89047cb32f8dc7571ed19b51409da541c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Sun, 7 Jan 2024 23:10:25 +0100 Subject: [PATCH 151/176] v1.6 --- py_oci_starter.py | 1 + 1 file changed, 1 insertion(+) diff --git a/py_oci_starter.py b/py_oci_starter.py index 13bd4929..54a6168c 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -239,6 +239,7 @@ def zip_rules(): output_dir = "zip" + os.sep + params['zip'] + os.sep + zip_dir file_output('zip' + os.sep + params['zip'] + '.param', [json.dumps(file_params)]) # Store the params in a file to be able to regenerate the sample with newer versions + os.mkdir(output_dir) os.mkdir(output_dir+os.sep+"src") file_output(output_dir + os.sep + "src" + os.sep + 'params.json', [json.dumps(file_params)]) From 4ac85df744f8de7f32e6d0e0878a7d542f0fd365 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 8 Jan 2024 13:06:43 +0100 Subject: [PATCH 152/176] v1.6 --- py_oci_starter.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 54a6168c..2f489681 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -224,24 +224,27 @@ def license_rules(): params['license'] = longhand( 'license', {'included': 'LICENSE_INCLUDED', 'byol': 'BRING_YOUR_OWN_LICENSE'}) +def save_params(): + file_params = params.copy() + file_params.pop("output_dir") + file_params.pop("db_password") + file_params.pop("auth_token") + file_params.pop("zip") + # Store the params in a file to be able to regenerate the sample with newer versions + os.makedirs(output_dir + os.sep + "src") + file_output(output_dir + os.sep + "src" + os.sep + '_params.json', [json.dumps(file_params)]) + def zip_rules(): global output_dir, zip_dir output_dir = params['output_dir'] - file_params = params.copy() - file_params.pop("output_dir") if 'zip' in params: - file_params.pop("zip") if 'group_name' in params: zip_dir = params['group_name'] else: zip_dir = params['prefix'] output_dir = "zip" + os.sep + params['zip'] + os.sep + zip_dir - file_output('zip' + os.sep + params['zip'] + '.param', [json.dumps(file_params)]) - # Store the params in a file to be able to regenerate the sample with newer versions - os.mkdir(output_dir) - os.mkdir(output_dir+os.sep+"src") - file_output(output_dir + os.sep + "src" + os.sep + 'params.json', [json.dumps(file_params)]) + file_output('zip' + os.sep + params['zip'] + '.param', [json.dumps(params)]) def group_common_rules(): if params.get('group_common'): @@ -282,6 +285,7 @@ def tls_rules(): def apply_rules(): zip_rules() + save_params() group_common_rules() language_rules() kubernetes_rules() From e4cceaab04ee8757368651e1df926ee1d2b0bcc4 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 8 Jan 2024 13:12:32 +0100 Subject: [PATCH 153/176] v1.6 --- py_oci_starter.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 2f489681..dc6b25da 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -224,12 +224,18 @@ def license_rules(): params['license'] = longhand( 'license', {'included': 'LICENSE_INCLUDED', 'byol': 'BRING_YOUR_OWN_LICENSE'}) + +def pop_param(dict,param): + if param in dict: + dict.pop(param) + + def save_params(): file_params = params.copy() - file_params.pop("output_dir") - file_params.pop("db_password") - file_params.pop("auth_token") - file_params.pop("zip") + pop_param(file_param,"output_dir") + pop_param(file_param,"db_password") + pop_param(file_param,"auth_token") + pop_param(file_param,"zip") # Store the params in a file to be able to regenerate the sample with newer versions os.makedirs(output_dir + os.sep + "src") file_output(output_dir + os.sep + "src" + os.sep + '_params.json', [json.dumps(file_params)]) From 60902f2fe3b210864679b8e37af16001a949bfd1 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 8 Jan 2024 13:13:13 +0100 Subject: [PATCH 154/176] v1.6 --- py_oci_starter.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index dc6b25da..4ae7cbdf 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -232,10 +232,10 @@ def pop_param(dict,param): def save_params(): file_params = params.copy() - pop_param(file_param,"output_dir") - pop_param(file_param,"db_password") - pop_param(file_param,"auth_token") - pop_param(file_param,"zip") + pop_param(file_params,"output_dir") + pop_param(file_params,"db_password") + pop_param(file_params,"auth_token") + pop_param(file_params,"zip") # Store the params in a file to be able to regenerate the sample with newer versions os.makedirs(output_dir + os.sep + "src") file_output(output_dir + os.sep + "src" + os.sep + '_params.json', [json.dumps(file_params)]) From 73e465dde38733e7308dc961e1011d16b6df829a Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 8 Jan 2024 13:22:50 +0100 Subject: [PATCH 155/176] v1.6 --- py_oci_starter.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 4ae7cbdf..5d0c5fb1 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -231,14 +231,13 @@ def pop_param(dict,param): def save_params(): + params['params'] = list(mydict.keys()) file_params = params.copy() pop_param(file_params,"output_dir") pop_param(file_params,"db_password") pop_param(file_params,"auth_token") pop_param(file_params,"zip") - # Store the params in a file to be able to regenerate the sample with newer versions - os.makedirs(output_dir + os.sep + "src") - file_output(output_dir + os.sep + "src" + os.sep + '_params.json', [json.dumps(file_params)]) + params['params'] = list(file_params.keys()) def zip_rules(): From cfba9730d42da910e87b12b828374f829bed5f0c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 8 Jan 2024 13:23:50 +0100 Subject: [PATCH 156/176] v1.6 --- py_oci_starter.py | 1 - 1 file changed, 1 deletion(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 5d0c5fb1..eceb9241 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -231,7 +231,6 @@ def pop_param(dict,param): def save_params(): - params['params'] = list(mydict.keys()) file_params = params.copy() pop_param(file_params,"output_dir") pop_param(file_params,"db_password") From 9cac0d083612c7c8e1a078cd663b8366ebc6c498 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 8 Jan 2024 13:39:25 +0100 Subject: [PATCH 157/176] v1.6 --- py_oci_starter.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index eceb9241..eb6968c1 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -233,8 +233,6 @@ def pop_param(dict,param): def save_params(): file_params = params.copy() pop_param(file_params,"output_dir") - pop_param(file_params,"db_password") - pop_param(file_params,"auth_token") pop_param(file_params,"zip") params['params'] = list(file_params.keys()) @@ -289,7 +287,6 @@ def tls_rules(): def apply_rules(): zip_rules() - save_params() group_common_rules() language_rules() kubernetes_rules() @@ -489,7 +486,7 @@ def readme_contents(): def env_param_list(): env_params = list(params.keys()) - exclude = ['mode', 'zip', 'prefix', 'shape'] + exclude = ['mode', 'zip', 'prefix', 'shape', 'params'] if params.get('language') != 'java' or 'group_name' in params: exclude.extend(['java_vm', 'java_framework', 'java_version']) if 'group_name' in params: @@ -512,6 +509,7 @@ def env_sh_contents(): contents.append(f'export BIN_DIR=$PROJECT_DIR/bin') contents.append(f'export OCI_STARTER_CREATION_DATE={timestamp}') contents.append(f'export OCI_STARTER_VERSION=1.5') + contents.append(f'export PARAMS="{params["params"]}"') contents.append('') contents.append('# Env Variables') if 'group_name' in params: @@ -1116,6 +1114,7 @@ def jinja2_replace_template(): print("Output dir exists already.") mode = ABORT else: + save_params() apply_rules() if len(errors) > 0: mode = ABORT From f1c607f1e2345adcd4cf035dda038a8669d9bd52 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 8 Jan 2024 18:09:33 +0100 Subject: [PATCH 158/176] v1.6 --- py_oci_starter.py | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index eb6968c1..a6deb5d8 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -57,8 +57,8 @@ def prog_arg_dict(): MANDATORY_OPTIONS = { - CLI: ['-language', '-deploy', '-db_password'], - GROUP: ['-group_name','-group_common','-db_password'] + CLI: ['-language', '-deploy'], + GROUP: ['-group_name','-group_common'] } def mandatory_options(mode): @@ -75,7 +75,8 @@ def mandatory_options(mode): '-license': 'included', '-mode': CLI, '-infra_as_code': 'terraform_local', - '-output_dir' : 'output' + '-output_dir' : 'output', + '-db_password' : TO_FILL } no_default_options = ['-compartment_ocid', '-oke_ocid', '-vcn_ocid', @@ -484,15 +485,21 @@ def readme_contents(): contents.append(" ./build.sh") return contents +def is_param_default_value(name): + return params.get(name) == default_options.get('-'+name) + def env_param_list(): env_params = list(params.keys()) - exclude = ['mode', 'zip', 'prefix', 'shape', 'params'] + exclude = ['mode', 'zip', 'prefix', 'shape', 'params', 'output_dir'] if params.get('language') != 'java' or 'group_name' in params: exclude.extend(['java_vm', 'java_framework', 'java_version']) if 'group_name' in params: exclude.extend(['ui', 'database', 'language', 'deploy', 'db_user', 'group_name']) else: exclude.append('group_common') + if is_param_default_value('infra_as_code'): + exclude.append('infra_as_code') + print(exclude) for x in exclude: if x in env_params: @@ -1098,6 +1105,8 @@ def jinja2_replace_template(): mode = get_mode() unknown_params = missing_parameters(allowed_options(), prog_arg_dict().keys()) illegal_params = check_values() +print( params ) +print( params ) if 'group_name' in params: missing_params = missing_parameters(prog_arg_dict().keys(), mandatory_options(GROUP)) else: @@ -1105,6 +1114,7 @@ def jinja2_replace_template(): if len(unknown_params) > 0 or len(illegal_params) > 0 or len(missing_params) > 0: mode = ABORT +print( params ) warnings = [] errors = [] From 72f2ea01462c7699718de410bec6ab048a7019ca Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 8 Jan 2024 18:10:21 +0100 Subject: [PATCH 159/176] v1.6 --- py_oci_starter.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index a6deb5d8..5c7b997c 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -499,7 +499,7 @@ def env_param_list(): exclude.append('group_common') if is_param_default_value('infra_as_code'): exclude.append('infra_as_code') - + print(exclude) for x in exclude: if x in env_params: @@ -1105,8 +1105,6 @@ def jinja2_replace_template(): mode = get_mode() unknown_params = missing_parameters(allowed_options(), prog_arg_dict().keys()) illegal_params = check_values() -print( params ) -print( params ) if 'group_name' in params: missing_params = missing_parameters(prog_arg_dict().keys(), mandatory_options(GROUP)) else: @@ -1114,7 +1112,6 @@ def jinja2_replace_template(): if len(unknown_params) > 0 or len(illegal_params) > 0 or len(missing_params) > 0: mode = ABORT -print( params ) warnings = [] errors = [] From 796f79b714a017b9dc7b4ff390b2bd07cfa98b8d Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 8 Jan 2024 18:29:39 +0100 Subject: [PATCH 160/176] v1.6 --- basis/bin/upgrade.sh | 21 +++++++++++++++++++++ py_oci_starter.py | 29 +++++++++++++++++------------ 2 files changed, 38 insertions(+), 12 deletions(-) create mode 100644 basis/bin/upgrade.sh diff --git a/basis/bin/upgrade.sh b/basis/bin/upgrade.sh new file mode 100644 index 00000000..d2d9bd5e --- /dev/null +++ b/basis/bin/upgrade.sh @@ -0,0 +1,21 @@ +#!/bin/bash +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +cd $SCRIPT_DIR/.. +. env.sh + +## declare an array variable +declare -a arr=("element1" "element2" "element3") + +PARAM_LIST="" +## now loop through the above array +for i in "${PARAMS[@]}" +do + echo "$i" + PARAM_LIST=" ${PARAM_LIST} -${i} ${!i}" +done +echo "./oci_starter.sh$PARAM_LIST" + + +echo +echo "original command" +echo "./oci_starter.sh -deploy compute -compartment_ocid $EX_COMPARTMENT_OCID -database atp -ui html -language apex -db_password $TEST_DB_PASSWORD -tls existing_ocid" diff --git a/py_oci_starter.py b/py_oci_starter.py index 5c7b997c..1d02be4c 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -143,6 +143,23 @@ def longhand(key, abbreviations): return current +def pop_param(dict,param): + if param in dict: + dict.pop(param) + + +def save_params(): + p = params.copy() + pop_param(p,"output_dir") + pop_param(p,"zip") + # Print in Bash Array format + s = "( " + for key, value in p.items(): + s += '"' + str(key) + '" ' + s += ")" + params['params'] = s + + def db_rules(): if params.get('database') == 'rac': params['db_node_count'] = "2" @@ -226,18 +243,6 @@ def license_rules(): 'license', {'included': 'LICENSE_INCLUDED', 'byol': 'BRING_YOUR_OWN_LICENSE'}) -def pop_param(dict,param): - if param in dict: - dict.pop(param) - - -def save_params(): - file_params = params.copy() - pop_param(file_params,"output_dir") - pop_param(file_params,"zip") - params['params'] = list(file_params.keys()) - - def zip_rules(): global output_dir, zip_dir output_dir = params['output_dir'] From d87442349974ad1d6d3aceff68921de84444d62c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Mon, 8 Jan 2024 18:30:07 +0100 Subject: [PATCH 161/176] v1.6 --- basis/bin/upgrade.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 basis/bin/upgrade.sh diff --git a/basis/bin/upgrade.sh b/basis/bin/upgrade.sh old mode 100644 new mode 100755 From 478a5f42ea8b011fe7b6abdc9f4543f11b9ba341 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 10 Jan 2024 11:14:55 +0100 Subject: [PATCH 162/176] v1.6 --- basis/bin/add_api_portal.sh | 2 +- basis/bin/auto_env.sh | 23 ++-- basis/bin/build_all.sh | 10 +- basis/bin/build_common.sh | 2 +- basis/bin/destroy_all.sh | 2 +- basis/bin/done.sh | 12 +- basis/bin/shared_bash_function.sh | 52 +++---- basis/bin/upgrade.sh | 6 +- coderepo.tf | 10 +- option/container_instance/ci_deploy.sh | 2 +- option/tls/new_http_01/certbot_http_01.sh | 2 +- py_oci_starter.py | 159 +++++++++++----------- schema.yaml | 36 ++--- variables.tf | 6 +- 14 files changed, 161 insertions(+), 163 deletions(-) diff --git a/basis/bin/add_api_portal.sh b/basis/bin/add_api_portal.sh index bab213e8..ddf06232 100755 --- a/basis/bin/add_api_portal.sh +++ b/basis/bin/add_api_portal.sh @@ -16,7 +16,7 @@ add_api_portal() { if [ "$APIM_HOST" != "" ]; then FIRST_LETTER_UPPERCASE=`echo $TF_VAR_prefix | sed -e "s/\b\(.\)/\u\1/g"` - if [ "$TF_VAR_ui_strategy" == "api" ]; then + if [ "$TF_VAR_ui_type" == "api" ]; then APIGW_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} for APP_DIR in `app_dir_list`; do if [ -f src/${APP_DIR}/openapi_spec.yaml ]; then diff --git a/basis/bin/auto_env.sh b/basis/bin/auto_env.sh index 4b1bbd65..c063c5e0 100755 --- a/basis/bin/auto_env.sh +++ b/basis/bin/auto_env.sh @@ -1,7 +1,8 @@ #!/bin/bash -# Enable BASH history for Stack Trace +# Enable BASH history for Stack Trace. But do not store it. set -o history -o histexpand +unset HISTFILE if [[ -z "${BIN_DIR}" ]]; then export BIN_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) @@ -119,7 +120,7 @@ else auto_echo TF_VAR_region=$TF_VAR_region # Kubernetes and OCIR - if [ "$TF_VAR_deploy_strategy" == "kubernetes" ] || [ "$TF_VAR_deploy_strategy" == "function" ] || [ "$TF_VAR_deploy_strategy" == "container_instance" ] || [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then + if [ "$TF_VAR_deploy_type" == "kubernetes" ] || [ "$TF_VAR_deploy_type" == "function" ] || [ "$TF_VAR_deploy_type" == "container_instance" ] || [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then export TF_VAR_namespace=`oci os ns get | jq -r .data` auto_echo TF_VAR_namespace=$TF_VAR_namespace export TF_VAR_email=mail@domain.com @@ -137,7 +138,7 @@ else export TF_VAR_openapi_spec=$(cat $PROJECT_DIR/src/app/openapi_spec.yaml) fi - if [ "$TF_VAR_deploy_strategy" == "hpc" ]; then + if [ "$TF_VAR_deploy_type" == "hpc" ]; then # Create synonyms for variables with another name in the oci-hpc stack export TF_VAR_ssh_key=$TF_VAR_ssh_public_key export TF_VAR_targetCompartment=$TF_VAR_compartment_ocid @@ -183,7 +184,7 @@ if [ -f $STATE_FILE ]; then export OBJECT_STORAGE_URL=https://objectstorage.${TF_VAR_region}.oraclecloud.com # API GW - if [ "$TF_VAR_deploy_strategy" == "function" ] || [ "$TF_VAR_deploy_strategy" == "container_instance" ] || [ "$TF_VAR_ui_strategy" == "api" ]; then + if [ "$TF_VAR_deploy_type" == "function" ] || [ "$TF_VAR_deploy_type" == "container_instance" ] || [ "$TF_VAR_ui_type" == "api" ]; then # APIGW URL get_attribute_from_tfstate "APIGW_HOSTNAME" "starter_apigw" "hostname" # APIGW Deployment id @@ -191,7 +192,7 @@ if [ -f $STATE_FILE ]; then fi # Instance Pool - if [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then + if [ "$TF_VAR_deploy_type" == "instance_pool" ]; then # XXX Does not work with Resource Manager XXX # Check in the terraform state is the compute is already created. get_id_from_tfstate "COMPUTE_OCID" "starter_instance" @@ -201,7 +202,7 @@ if [ -f $STATE_FILE ]; then fi # Functions - if [ "$TF_VAR_deploy_strategy" == "function" ]; then + if [ "$TF_VAR_deploy_type" == "function" ]; then # OBJECT Storage URL export BUCKET_URL="https://objectstorage.${TF_VAR_region}.oraclecloud.com/n/${TF_VAR_namespace}/b/${TF_VAR_prefix}-public-bucket/o" @@ -218,7 +219,7 @@ if [ -f $STATE_FILE ]; then fi # Container Instance - if [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then + if [ "$TF_VAR_deploy_type" == "container_instance" ]; then if [ -f $TARGET_DIR/docker_image_ui.txt ] || [ -f $TARGET_DIR/docker_image_app.txt ] ; then if [ -f $TARGET_DIR/docker_image_ui.txt ]; then export TF_VAR_docker_image_ui=`cat $TARGET_DIR/docker_image_ui.txt` @@ -244,17 +245,17 @@ if [ -f $STATE_FILE ]; then get_output_from_tfstate "DB_URL" "db_url" - if [ "$TF_VAR_db_strategy" == "autonomous" ]; then + if [ "$TF_VAR_db_type" == "autonomous" ]; then get_output_from_tfstate "ORDS_URL" "ords_url" fi - if [ "$TF_VAR_db_strategy" == "database" ]; then + if [ "$TF_VAR_db_type" == "database" ]; then get_attribute_from_tfstate "DB_NODE_IP" "starter_node_vnic" "private_ip_address" - elif [ "$TF_VAR_db_strategy" == "db_free" ]; then + elif [ "$TF_VAR_db_type" == "db_free" ]; then get_output_from_tfstate "DB_NODE_IP" "db_free_ip" fi - if [ "$TF_VAR_deploy_strategy" == "kubernetes" ] || [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then + if [ "$TF_VAR_deploy_type" == "kubernetes" ] || [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then # OKE get_output_from_tfstate "OKE_OCID" "oke_ocid" export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` diff --git a/basis/bin/build_all.sh b/basis/bin/build_all.sh index da079f6c..96a09ff6 100755 --- a/basis/bin/build_all.sh +++ b/basis/bin/build_all.sh @@ -58,20 +58,20 @@ if [ -f src/ui/build_ui.sh ]; then fi # Deploy -title "Deploy $TF_VAR_deploy_strategy" -if [ "$TF_VAR_deploy_strategy" == "compute" ]; then +title "Deploy $TF_VAR_deploy_type" +if [ "$TF_VAR_deploy_type" == "compute" ]; then $BIN_DIR/deploy_compute.sh exit_on_error -elif [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then +elif [ "$TF_VAR_deploy_type" == "instance_pool" ]; then $BIN_DIR/deploy_compute.sh exit_on_error export TF_VAR_compute_ready="true" src/terraform/apply.sh --auto-approve -no-color exit_on_error -elif [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then +elif [ "$TF_VAR_deploy_type" == "kubernetes" ]; then $BIN_DIR/oke_deploy.sh exit_on_error -elif [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then +elif [ "$TF_VAR_deploy_type" == "container_instance" ]; then $BIN_DIR/ci_deploy.sh exit_on_error fi diff --git a/basis/bin/build_common.sh b/basis/bin/build_common.sh index b9030e88..90e8e090 100755 --- a/basis/bin/build_common.sh +++ b/basis/bin/build_common.sh @@ -12,7 +12,7 @@ fi APP_DIR=`echo ${SCRIPT_DIR} |sed -E "s#(.*)/(.*)#\2#"` cd $SCRIPT_DIR -if [ -z "$TF_VAR_deploy_strategy" ]; then +if [ -z "$TF_VAR_deploy_type" ]; then . $PROJECT_DIR/env.sh else . $BIN_DIR/shared_bash_function.sh diff --git a/basis/bin/destroy_all.sh b/basis/bin/destroy_all.sh index 6d4dc370..cfca2367 100755 --- a/basis/bin/destroy_all.sh +++ b/basis/bin/destroy_all.sh @@ -29,7 +29,7 @@ fi if [ -f $PROJECT_DIR/src/terraform/oke.tf ]; then title "OKE Destroy" bin/oke_destroy.sh --auto-approve -elif [ "$TF_VAR_deploy_strategy" == "function" ]; then +elif [ "$TF_VAR_deploy_type" == "function" ]; then title "Delete Object Storage files" oci os object bulk-delete -bn ${TF_VAR_prefix}-public-bucket --force fi diff --git a/basis/bin/done.sh b/basis/bin/done.sh index 1637d622..2c5cfe6d 100755 --- a/basis/bin/done.sh +++ b/basis/bin/done.sh @@ -2,7 +2,7 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) cd $SCRIPT_DIR/.. -if [ -z "$TF_VAR_deploy_strategy" ]; then +if [ -z "$TF_VAR_deploy_type" ]; then . ./env.sh -silent else . bin/shared_bash_function.sh @@ -18,7 +18,7 @@ if [ ! -z "$UI_URL" ]; then if [ ! -z "$TEST_NAME" ]; then echo $UI_URL > /tmp/ui_url.txt - if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then + if [ "$TF_VAR_deploy_type" == "kubernetes" ]; then kubectl wait --for=condition=ready pod ${TF_VAR_prefix}-app kubectl wait --for=condition=ready pod ${TF_VAR_prefix}-ui kubectl get all @@ -40,7 +40,7 @@ if [ ! -z "$UI_URL" ]; then sleep 5 x=$(( $x + 1 )) done - if [ "$TF_VAR_ui_strategy" != "api" ]; then + if [ "$TF_VAR_ui_type" != "api" ]; then if [ -f "/tmp/cookie.txt" ]; then rm /tmp/cookie.txt fi @@ -53,7 +53,7 @@ if [ ! -z "$UI_URL" ]; then fi curl $UI_URL/app/info -b /tmp/cookie.txt -c /tmp/cookie.txt -L --retry 5 --retry-max-time 20 -D /tmp/result_info.log > /tmp/result.info fi - if [ "$TF_VAR_ui_strategy" != "api" ]; then + if [ "$TF_VAR_ui_type" != "api" ]; then echo - User Interface: $UI_URL/ fi if [ "$UI_HTTP" != "" ]; then @@ -66,11 +66,11 @@ if [ ! -z "$UI_URL" ]; then # echo - Rest DB API : $UI_URL/$APP_DIR/dept # echo - Rest Info API : $UI_URL/$APP_DIR/info done - if [ "$TF_VAR_deploy_strategy" == "compute" ] && [ "$TF_VAR_ui_strategy" == "api" ]; then + if [ "$TF_VAR_deploy_type" == "compute" ] && [ "$TF_VAR_ui_type" == "api" ]; then export APIGW_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} echo - API Gateway URL : $APIGW_URL/app/dept fi - if [ "$TF_VAR_language" == "java" ] && [ "$TF_VAR_java_framework" == "springboot" ] && [ "$TF_VAR_ui_strategy" == "html" ] && [ "$TF_VAR_db_node_count" == "2" ]; then + if [ "$TF_VAR_language" == "java" ] && [ "$TF_VAR_java_framework" == "springboot" ] && [ "$TF_VAR_ui_type" == "html" ] && [ "$TF_VAR_db_node_count" == "2" ]; then echo - RAC Page : $UI_URL/rac.html fi fi diff --git a/basis/bin/shared_bash_function.sh b/basis/bin/shared_bash_function.sh index f9ca32d9..aae62344 100755 --- a/basis/bin/shared_bash_function.sh +++ b/basis/bin/shared_bash_function.sh @@ -35,7 +35,7 @@ build_ui() { if is_deploy_compute; then mkdir -p ../../target/compute/ui cp -r ui/* ../../target/compute/ui/. - elif [ "$TF_VAR_deploy_strategy" == "function" ]; then + elif [ "$TF_VAR_deploy_type" == "function" ]; then oci os object bulk-upload -ns $TF_VAR_namespace -bn ${TF_VAR_prefix}-public-bucket --src-dir ui --overwrite --content-type auto else # Kubernetes and Container Instances @@ -252,7 +252,7 @@ get_user_details() { # Get the user interface URL get_ui_url() { - if [ "$TF_VAR_deploy_strategy" == "compute" ]; then + if [ "$TF_VAR_deploy_type" == "compute" ]; then if [ "$TF_VAR_tls" == "existing_ocid" ]; then export UI_URL=https://${TF_VAR_dns_name}/${TF_VAR_prefix} else @@ -262,21 +262,21 @@ get_ui_url() { export UI_URL=https://${TF_VAR_dns_name} fi fi - elif [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then + elif [ "$TF_VAR_deploy_type" == "instance_pool" ]; then get_output_from_tfstate INSTANCE_POOL_LB_IP instance_pool_lb_ip export UI_URL=http://${INSTANCE_POOL_LB_IP} if [ "$TF_VAR_certificate_ocid" != "" ]; then export UI_HTTP=$UI_URL export UI_URL=https://${TF_VAR_dns_name} fi - elif [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then + elif [ "$TF_VAR_deploy_type" == "kubernetes" ]; then export TF_VAR_ingress_ip=`kubectl get service -n ingress-nginx ingress-nginx-controller -o jsonpath="{.status.loadBalancer.ingress[0].ip}"` export UI_URL=http://${TF_VAR_ingress_ip}/${TF_VAR_prefix} if [ "$TF_VAR_certificate_ocid" != "" ]; then export UI_HTTP=$UI_URL export UI_URL=https://${TF_VAR_dns_name}/${TF_VAR_prefix} fi - elif [ "$TF_VAR_deploy_strategy" == "function" ] || [ "$TF_VAR_deploy_strategy" == "container_instance" ]; then + elif [ "$TF_VAR_deploy_type" == "function" ] || [ "$TF_VAR_deploy_type" == "container_instance" ]; then export UI_URL=https://${APIGW_HOSTNAME}/${TF_VAR_prefix} if [ "$TF_VAR_certificate_ocid" != "" ]; then export UI_HTTP=$UI_URL @@ -286,7 +286,7 @@ get_ui_url() { } is_deploy_compute() { - if [ "$TF_VAR_deploy_strategy" == "compute" ] || [ "$TF_VAR_deploy_strategy" == "instance_pool" ]; then + if [ "$TF_VAR_deploy_type" == "compute" ] || [ "$TF_VAR_deploy_type" == "instance_pool" ]; then return 0 else return 1 @@ -464,9 +464,9 @@ certificate_validity() { certificate_create() { echo "Creating or Updating certificate $TF_VAR_dns_name" - CERT_CERT=$(cat $CERTIFICATE_DIR/cert.pem) - CERT_CHAIN=$(cat $CERTIFICATE_DIR/chain.pem) - CERT_PRIVKEY=$(cat $CERTIFICATE_DIR/privkey.pem) + CERT_CERT=$(cat $TF_VAR_certificate_dir/cert.pem) + CERT_CHAIN=$(cat $TF_VAR_certificate_dir/chain.pem) + CERT_PRIVKEY=$(cat $TF_VAR_certificate_dir/privkey.pem) if [ "$TF_VAR_certificate_ocid" == "" ]; then oci certs-mgmt certificate create-by-importing-config --compartment-id=$TF_VAR_compartment_ocid --name=$TF_VAR_dns_name --cert-chain-pem="$CERT_CHAIN" --certificate-pem="$CERT_CERT" --private-key-pem="$CERT_PRIVKEY" --wait-for-state ACTIVE --wait-for-state FAILED else @@ -482,49 +482,49 @@ certificate_dir_before_terraform() { exit 1 fi if [ -d $PROJECT_DIR/src/tls/$TF_VAR_dns_name ]; then - export CERTIFICATE_DIR=$PROJECT_DIR/src/tls/$TF_VAR_dns_name - echo Using existing CERTIFICATE_DIR=$CERTIFICATE_DIR - elif [ -d $CERTIFICATE_DIR ]; then - echo Using existing CERTIFICATE_DIR=$CERTIFICATE_DIR + export TF_VAR_certificate_dir=$PROJECT_DIR/src/tls/$TF_VAR_dns_name + echo Using existing TF_VAR_certificate_dir=$TF_VAR_certificate_dir + elif [ -d $TF_VAR_certificate_dir ]; then + echo Using existing TF_VAR_certificate_dir=$TF_VAR_certificate_dir elif [ "$TF_VAR_tls" == "new_dns_01" ]; then # Create a new certificate via DNS-01 $BIN_DIR/tls_dns_create.sh exit_on_error - export CERTIFICATE_DIR=$PROJECT_DIR/src/tls/$TF_VAR_dns_name + export TF_VAR_certificate_dir=$PROJECT_DIR/src/tls/$TF_VAR_dns_name fi - if [ "$TF_VAR_deploy_strategy" == "compute" ]; then + if [ "$TF_VAR_deploy_type" == "compute" ]; then if [ -d target/compute/certificate ]; then echo "Certificate Directory exists already" - elif [ "$CERTIFICATE_DIR" != "" ]; then + elif [ "$TF_VAR_certificate_dir" != "" ]; then mkdir -p target/compute/certificate - cp $CERTIFICATE_DIR/* target/compute/certificate/. + cp $TF_VAR_certificate_dir/* target/compute/certificate/. cp src/tls/nginx_tls.conf target/compute/. sed -i "s/##DNS_NAME##/$TF_VAR_dns_name/" target/compute/nginx_tls.conf elif [ "$TF_VAR_tls" == "new_http_01" ]; then echo "New Certificate will be created after the deployment." else - echo "ERROR: compute: certificate_dir_before_terraform: missing variables CERTIFICATE_DIR" + echo "ERROR: compute: certificate_dir_before_terraform: missing variables TF_VAR_certificate_dir" exit 1 fi - elif [ "$TF_VAR_certificate_ocid" == "" ] && [ "$CERTIFICATE_DIR" != "" ] ; then + elif [ "$TF_VAR_certificate_ocid" == "" ] && [ "$TF_VAR_certificate_dir" != "" ] ; then certificate_create elif [ "$TF_VAR_certificate_ocid" != "" ]; then certificate_validity else - exit_error "certificate_dir_before_terraform: missing variables TF_VAR_certificate_ocid or CERTIFICATE_DIR" + exit_error "certificate_dir_before_terraform: missing variables TF_VAR_certificate_ocid or TF_VAR_certificate_dir" fi } # Certificate - Post Deploy certificate_post_deploy() { - if [ "$TF_VAR_deploy_strategy" == "kubernetes" ]; then + if [ "$TF_VAR_deploy_type" == "kubernetes" ]; then # Set the TF_VAR_ingress_ip get_ui_url src/terraform/apply.sh --auto-approve -no-color exit_on_error elif [ "$TF_VAR_tls" == "new_http_01" ]; then - if [ "$TF_VAR_deploy_strategy" == "compute" ]; then + if [ "$TF_VAR_deploy_type" == "compute" ]; then certificate_run_certbot_http_01 fi fi @@ -533,15 +533,15 @@ certificate_post_deploy() { # Generate a certificate on compute certificate_run_certbot_http_01() { - if [ -z "$CERTIFICATE_EMAIL" ]; then - exit_error "CERTIFICATE_EMAIL is not defined." + if [ -z "$TF_VAR_certificate_email" ]; then + exit_error "TF_VAR_certificate_email is not defined." fi # Generate the certificate with Let'Encrypt on the COMPUTE scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path src/tls opc@$COMPUTE_IP:/home/opc/. exit_on_error - ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$COMPUTE_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export CERTIFICATE_EMAIL=\"$CERTIFICATE_EMAIL\"; bash tls/certbot_http_01.sh 2>&1 | tee -a tls/certbot_http_01.log" + ssh -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$COMPUTE_IP "export TF_VAR_dns_name=\"$TF_VAR_dns_name\";export TF_VAR_certificate_email=\"$TF_VAR_certificate_email\"; bash tls/certbot_http_01.sh 2>&1 | tee -a tls/certbot_http_01.log" scp -r -o StrictHostKeyChecking=no -i $TF_VAR_ssh_private_path opc@$COMPUTE_IP:tls/certificate target/. exit_on_error - export CERTIFICATE_DIR=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name + export TF_VAR_certificate_dir=$PROJECT_DIR/target/certificate/$TF_VAR_dns_name } diff --git a/basis/bin/upgrade.sh b/basis/bin/upgrade.sh index d2d9bd5e..4704c865 100755 --- a/basis/bin/upgrade.sh +++ b/basis/bin/upgrade.sh @@ -3,8 +3,10 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) cd $SCRIPT_DIR/.. . env.sh -## declare an array variable -declare -a arr=("element1" "element2" "element3") +## Remove variable that should not be exposed +export `env | grep _ocid | sed 's/=.*/=__TO_FILL__/'` +export DB_PASSWORD=__TO_FILL__ +export TF_VAR_auth_token=__TO_FILL__ PARAM_LIST="" ## now loop through the above array diff --git a/coderepo.tf b/coderepo.tf index 19903212..c94efedf 100644 --- a/coderepo.tf +++ b/coderepo.tf @@ -32,12 +32,12 @@ resource "null_resource" "clonerepo" { export TF_VAR_vcn_strategy="${local.vcn_strategy}" export TF_VAR_vcn_ocid="${var.vcn_ocid}" export TF_VAR_subnet_ocid="${var.subnet_ocid}" - export TF_VAR_ui_strategy="${var.ui_strategy}" - export TF_VAR_deploy_strategy="${local.deploy_strategy}" + export TF_VAR_ui_type="${var.ui_type}" + export TF_VAR_deploy_type="${local.deploy_type}" export TF_VAR_kubernetes_strategy="${var.kubernetes_strategy}" export TF_VAR_oke_strategy="${local.oke_strategy}" export TF_VAR_oke_ocid="${var.oke_ocid}" - export TF_VAR_db_strategy="${local.db_strategy}" + export TF_VAR_db_type="${local.db_type}" export TF_VAR_db_existing_strategy="${local.db_existing_strategy}" export TF_VAR_atp_ocid="${var.atp_ocid}" export TF_VAR_db_ocid="${var.db_ocid}" @@ -68,10 +68,10 @@ locals { git_url = "https://${local.encode_user}:${local.encode_token}@devops.scmservice.${var.region}.oci.oraclecloud.com/namespaces/${local.ocir_namespace}/projects/${oci_devops_project.test_project.name}/repositories/${oci_devops_repository.test_repository.name}" # Simplify the parameter values - deploy_strategy = lookup({"Virtual Machine": "compute", "Kubernetes": "kubernetes", "Function": "function"}, var.deploy_strategy, "error" ) + deploy_type = lookup({"Virtual Machine": "compute", "Kubernetes": "kubernetes", "Function": "function"}, var.deploy_type, "error" ) java_framework = lower(var.java_framework) language = lower(var.language) - db_strategy = lookup({"Autonomous Transaction Processing Database": "autonomous", "Database System": "database", "MySQL": "mysql"}, var.db_strategy, "error" ) + db_type = lookup({"Autonomous Transaction Processing Database": "autonomous", "Database System": "database", "MySQL": "mysql"}, var.db_type, "error" ) java_vm = lookup({"JDK": "jdk", "GraalVM": "graalvm"}, var.java_vm, "error" ) db_existing_strategy = lookup({"Create New DB": "new", "Use Existing DB": "existing"}, var.db_existing_strategy, "error" ) vcn_strategy = lookup({"Create New VCN": "new", "Use Existing VCN": "existing"}, var.vcn_strategy, "error" ) diff --git a/option/container_instance/ci_deploy.sh b/option/container_instance/ci_deploy.sh index 191042ad..4ba335fc 100755 --- a/option/container_instance/ci_deploy.sh +++ b/option/container_instance/ci_deploy.sh @@ -6,7 +6,7 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) # Call build_common to push the ${TF_VAR_prefix}-app:latest and ui:latest to OCIR Docker registry ocir_docker_push -if [ "$TF_VAR_ui_strategy" != "api" ]; then +if [ "$TF_VAR_ui_type" != "api" ]; then echo "${DOCKER_PREFIX}/${TF_VAR_prefix}-ui:latest" > $TARGET_DIR/docker_image_ui.txt fi if [ "$TF_VAR_language" != "ords" ]; then diff --git a/option/tls/new_http_01/certbot_http_01.sh b/option/tls/new_http_01/certbot_http_01.sh index ed714e72..4cbc5e43 100755 --- a/option/tls/new_http_01/certbot_http_01.sh +++ b/option/tls/new_http_01/certbot_http_01.sh @@ -33,7 +33,7 @@ x=$x_max while [ $x -gt 0 ] do nslookup $TF_VAR_dns_name - sudo certbot --agree-tos --nginx --email $CERTIFICATE_EMAIL -d $TF_VAR_dns_name + sudo certbot --agree-tos --nginx --email $TF_VAR_certificate_email -d $TF_VAR_dns_name RESULT=$? if [ $RESULT -eq 0 ]; then echo "Success - certbot" diff --git a/py_oci_starter.py b/py_oci_starter.py index 1d02be4c..cfe0df94 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -87,6 +87,12 @@ def mandatory_options(mode): # hidden_options - allowed but not advertised hidden_options = ['-zip', '-group_common','-group_name'] +rename_params = { + 'database': 'db_type', + 'deploy' : 'deploy_type', + 'ui' : 'ui_type', + 'license' : 'license_model' +} def allowed_options(): return list(default_options.keys()) + hidden_options \ @@ -95,14 +101,14 @@ def allowed_options(): allowed_values = { '-language': {'java', 'node', 'python', 'dotnet', 'go', 'php', 'ords', 'apex', 'forms', 'none'}, - '-deploy': {'compute', 'instance_pool', 'kubernetes', 'function', 'container_instance', 'hpc', 'datascience'}, + '-deploy_type': {'compute', 'instance_pool', 'kubernetes', 'function', 'container_instance', 'hpc', 'datascience'}, '-java_framework': {'springboot', 'helidon', 'helidon4', 'tomcat', 'micronaut'}, '-java_vm': {'jdk', 'graalvm', 'graalvm-native'}, '-java_version': {'8', '11', '17', '21'}, '-kubernetes': {'oke', 'docker'}, - '-ui': {'html', 'jet', 'angular', 'reactjs', 'jsp', 'php', 'api', 'apex', 'none'}, - '-database': {'atp', 'database', 'dbsystem', 'rac', 'db_free', 'pluggable', 'mysql', 'psql', 'none'}, - '-license': {'included', 'LICENSE_INCLUDED', 'byol', 'BRING_YOUR_OWN_LICENSE'}, + '-ui_type': {'html', 'jet', 'angular', 'reactjs', 'jsp', 'php', 'api', 'apex', 'none'}, + '-db_type': {'atp', 'database', 'dbsystem', 'rac', 'db_free', 'pluggable', 'mysql', 'psql', 'none'}, + '-license_model': {'included', 'LICENSE_INCLUDED', 'byol', 'BRING_YOUR_OWN_LICENSE'}, '-infra_as_code': {'terraform_local', 'terraform_object_storage', 'resource_manager'}, '-mode': {CLI, GIT, ZIP}, '-shape': {'amd','freetier_amd','ampere'}, @@ -121,18 +127,7 @@ def check_values(): def get_tf_var(param): - special_case = { - 'database': 'TF_VAR_db_strategy', - 'deploy': 'TF_VAR_deploy_strategy', - 'license': 'TF_VAR_license_model', - 'ui': 'TF_VAR_ui_strategy', - 'certificate_dir': 'CERTIFICATE_DIR', - 'certificate_email': 'CERTIFICATE_EMAIL' - }.get(param) - if special_case is not None: - return special_case - else: - return 'TF_VAR_' + param + return 'TF_VAR_' + param def longhand(key, abbreviations): @@ -161,29 +156,29 @@ def save_params(): def db_rules(): - if params.get('database') == 'rac': + if params.get('db_type') == 'rac': params['db_node_count'] = "2" - params['database'] = longhand( - 'database', {'atp': 'autonomous', 'dbsystem': 'database', 'rac': 'database'}) + params['db_type'] = longhand( + 'db_type', {'atp': 'autonomous', 'dbsystem': 'database', 'rac': 'database'}) - if params.get('database') != 'autonomous': + if params.get('db_type') != 'autonomous': if params.get('language') == 'ords': error(f'OCI starter supports ORDS only on ATP (Autonomous)') if params.get('language') == 'apex': error(f'OCI starter supports APEX only on ATP (Autonomous)') - if params.get('database') == 'pluggable': + if params.get('db_type') == 'pluggable': if (params.get('db_ocid') is None and params.get('pdb_ocid') is None): error(f'Pluggable Database needs an existing DB_OCID or PDB_OCID') if params.get('db_user') == None: default_users = {'autonomous': 'admin', 'database': 'system', 'db_free': 'system', 'pluggable': 'system', 'mysql': 'root', 'psql': 'postgres', 'none': ''} - params['db_user'] = default_users[params['database']] - if params.get('database')=='none': + params['db_user'] = default_users[params['db_type']] + if params.get('db_type')=='none': params.pop('db_password') # shared_compute is valid only in compute deployment if params.get('db_install') == "shared_compute": - if params.get('deploy')!='compute': + if params.get('deploy_type')!='compute': params.pop('db_install') @@ -198,8 +193,8 @@ def language_rules(): def kubernetes_rules(): - if 'deploy' in params: - params['deploy'] = longhand('deploy', {'oke': 'kubernetes', 'ci': 'container_instance'}) + if 'deploy_type' in params: + params['deploy_type'] = longhand('deploy_type', {'oke': 'kubernetes', 'ci': 'container_instance'}) def vcn_rules(): @@ -214,17 +209,17 @@ def vcn_rules(): def ui_rules(): - params['ui'] = longhand('ui', {'reactjs': 'ReactJS'}) - if params.get('ui') == 'jsp': + params['ui_type'] = longhand('ui_type', {'reactjs': 'ReactJS'}) + if params.get('ui_type') == 'jsp': params['language'] = 'java' params['java_framework'] = 'tomcat' - elif params.get('ui') == 'php': + elif params.get('ui_type') == 'php': params['language'] = 'php' - elif params.get('ui') == 'ruby': + elif params.get('ui_type') == 'ruby': params['language'] = 'ruby' def auth_token_rules(): - if params.get('deploy') in [ 'kubernetes', 'container_instance', 'function' ] and params.get('auth_token') is None: + if params.get('deploy_type') in [ 'kubernetes', 'container_instance', 'function' ] and params.get('auth_token') is None: warning('-auth_token is not set. Will need to be set in env.sh') params['auth_token'] = TO_FILL @@ -238,9 +233,9 @@ def compartment_rules(): def license_rules(): license_model = os.getenv('LICENSE_MODEL') if license_model is not None: - params['license'] = license_model - params['license'] = longhand( - 'license', {'included': 'LICENSE_INCLUDED', 'byol': 'BRING_YOUR_OWN_LICENSE'}) + params['license_model'] = license_model + params['license_model'] = longhand( + 'license_model', {'included': 'LICENSE_INCLUDED', 'byol': 'BRING_YOUR_OWN_LICENSE'}) def zip_rules(): @@ -404,7 +399,12 @@ def missing_parameters(supplied_params, expected_params): def get_params(): - return deprefix_keys({**default_options, **prog_arg_dict()}) + params = deprefix_keys({**default_options, **prog_arg_dict()}) + for key, value in rename_params.items(): + if params.get(key): + params[value] = params[key] + params.pop(key) + return params def git_params(): @@ -459,10 +459,10 @@ def readme_contents(): - db : SQL files of the database - terraform : Terraform scripts (Command: plan.sh / apply.sh)''' ] - if params['deploy'] in [ 'compute', 'instance_pool' ]: + if params['deploy_type'] in [ 'compute', 'instance_pool' ]: contents.append( " - compute : Contains the deployment files to Compute") - elif params['deploy'] == 'kubernetes': + elif params['deploy_type'] == 'kubernetes': contents.append( " - oke : Contains the deployment files to Kubernetes") @@ -665,9 +665,9 @@ def output_remove(src): def output_rm_tree(src): shutil.rmtree(output_dir + os.sep + src) -def cp_dir_src_db(db_type): - print("cp_dir_src_db "+db_type) - output_copy_tree("option/src/db/"+db_type, "src/db") +def cp_dir_src_db(db_family): + print("cp_dir_src_db "+db_family) + output_copy_tree("option/src/db/"+db_family, "src/db") def output_replace_db_node_count(): if params.get('db_node_count')!="2": @@ -684,7 +684,7 @@ def output_replace_db_node_count(): output_move("src/db/deploy_db_node.sh", "bin/deploy_db_node.sh") if params['language'] == "java" and params['java_framework'] == "springboot": output_copy_tree("option/src/app/java_springboot_rac", "src/app") - if params['ui'] == "html": + if params['ui_type'] == "html": output_copy_tree("option/src/ui/html_rac", "src/ui" ) # Copy the terraform for APIGW @@ -738,7 +738,7 @@ def create_dir_shared(): cp_terraform("bastion_shared_compute.tf") elif 'bastion_ocid' in params: cp_terraform("bastion_existing.tf") - elif params.get('database')!='none': + elif params.get('db_type')!='none': cp_terraform("bastion.tf") #---------------------------------------------------------------------------- @@ -750,36 +750,36 @@ def create_output_dir(): if params['language'] == "none": output_rm_tree("src/app") else: - if params.get('deploy') == "function": + if params.get('deploy_type') == "function": app = "fn/fn_"+params['language'] else: app = params['language'] - if params['database'] == "autonomous" or params['database'] == "database" or params['database'] == "pluggable" or params['database'] == "db_free": - app_db = "oracle" - elif params['database'] == "mysql": - app_db = "mysql" - elif params['database'] == "psql": - app_db = "psql" - elif params['database'] == "none": - app_db = "none" - params['db_family'] = app_db + if params['db_type'] == "autonomous" or params['db_type'] == "database" or params['db_type'] == "pluggable" or params['db_type'] == "db_free": + db_family = "oracle" + elif params['db_type'] == "mysql": + db_family = "mysql" + elif params['db_type'] == "psql": + db_family = "psql" + elif params['db_type'] == "none": + db_family = "none" + params['db_family'] = db_family # Function Common - if params.get('deploy') == "function": + if params.get('deploy_type') == "function": output_copy_tree("option/src/app/fn/fn_common", "src/app") # Generic version for Oracle DB if os.path.exists("option/src/app/"+app): output_copy_tree("option/src/app/"+app, "src/app") - if params.get('deploy') != "function" and params['language'] == "java": + if params.get('deploy_type') != "function" and params['language'] == "java": # Java Framework app = "java_" + params['java_framework'] output_copy_tree("option/src/app/"+app, "src/app") # Overwrite the generic version (ex for mysql) - app_dir = app+"_"+app_db + app_dir = app+"_"+db_family print("app_dir="+app_dir) if os.path.exists("option/src/app/"+app_dir): output_copy_tree("option/src/app/"+app_dir, "src/app") @@ -795,20 +795,20 @@ def create_output_dir(): output_replace('##DOCKER_IMAGE##', 'openjdk:21-jdk-slim', "src/app/Dockerfile") # -- User Interface ----------------------------------------------------- - if params.get('ui') == "none": + if params.get('ui_type') == "none": print("No UI") output_rm_tree("src/ui") - elif params.get('ui') == "api": + elif params.get('ui_type') == "api": print("API Only") output_rm_tree("src/ui") - if params.get('deploy') in [ 'compute', 'instance_pool' ]: + if params.get('deploy_type') in [ 'compute', 'instance_pool' ]: cp_terraform_apigw("apigw_compute_append.tf") else: - ui_lower = params.get('ui').lower() + ui_lower = params.get('ui_type').lower() output_copy_tree("option/src/ui/"+ui_lower, "src/ui") # -- Deployment --------------------------------------------------------- - if params.get('deploy') == "hpc": + if params.get('deploy_type') == "hpc": # remove normal shared terraform file output_terraform_dir = output_dir + os.sep + "src/terraform" for fname in os.listdir(output_terraform_dir): @@ -819,10 +819,10 @@ def create_output_dir(): output_remove( "src/terraform/variables.tf" ) # replace with a prefilled one cp_terraform("hpc_variables.tf") - elif params.get('deploy') == "datascience": + elif params.get('deploy_type') == "datascience": cp_terraform("datascience.tf") elif params['language'] != "none": - if params.get('deploy') == "kubernetes": + if params.get('deploy_type') == "kubernetes": if 'oke_ocid' in params: cp_terraform("oke_existing.tf", "oke_append.tf") else: @@ -840,7 +840,7 @@ def create_output_dir(): output_replace('##PREFIX##', params["prefix"], "src/oke/ingress-app.yaml") output_replace('##PREFIX##', params["prefix"], "src/oke/ingress-ui.yaml") - elif params.get('deploy') == "function": + elif params.get('deploy_type') == "function": if 'fnapp_ocid' in params: cp_terraform("function_existing.tf", "function_append.tf") else: @@ -855,7 +855,7 @@ def create_output_dir(): else: cp_terraform("apigw.j2.tf", "apigw_tags.tf", apigw_append) - elif params.get('deploy') in [ 'compute', 'instance_pool' ]: + elif params.get('deploy_type') in [ 'compute', 'instance_pool' ]: if 'compute_ocid' in params: cp_terraform("compute_existing.tf", "compute_append.tf") elif params.get("language") == 'forms': @@ -864,7 +864,7 @@ def create_output_dir(): cp_terraform("compute.tf", "compute_append.tf") output_mkdir("src/compute") output_copy_tree("option/compute", "src/compute") - if params.get('deploy') == 'instance_pool': + if params.get('deploy_type') == 'instance_pool': cp_terraform("instance_pool.j2.tf") elif params.get('tls') == 'existing_dir': output_copy_tree("option/tls/compute_existing_dir", "src/tls") @@ -873,10 +873,10 @@ def create_output_dir(): elif params.get('tls') == 'existing_ocid': cp_terraform_apigw("apigw_compute_append.tf") - elif params.get('deploy') == "container_instance": + elif params.get('deploy_type') == "container_instance": if 'group_common' not in params: cp_terraform("container_instance_policy.tf") - if params.get('database') == "none": + if params.get('db_type') == "none": cp_terraform("container_instance_nodb.tf") else: cp_terraform("container_instance.tf") @@ -887,7 +887,7 @@ def create_output_dir(): if params.get('tls'): cp_terraform("tls.j2.tf") - if params.get('deploy') == 'kubernetes': + if params.get('deploy_type') == 'kubernetes': cp_terraform_apigw("apigw_kubernetes_tls_append.tf") if os.path.exists(output_dir + "/src/app/openapi_spec_append.yaml"): @@ -895,34 +895,31 @@ def create_output_dir(): os.remove( output_dir + "/src/app/openapi_spec_append.yaml" ) # -- Database ---------------------------------------------------------------- - if params.get('database') != "none": + if params.get('db_type') != "none": cp_terraform("output.tf") output_mkdir("src/db") - if params.get('database') == "autonomous": - cp_dir_src_db("oracle") + cp_dir_src_db(db_family) + if params.get('db_type') == "autonomous": if 'atp_ocid' in params: cp_terraform("atp_existing.tf", "atp_append.tf") else: cp_terraform("atp.tf", "atp_append.tf") - if params.get('database') == "database": - cp_dir_src_db("oracle") + if params.get('db_type') == "database": if 'db_ocid' in params: cp_terraform("dbsystem_existing.tf", "dbsystem_append.tf") else: cp_terraform("dbsystem.tf", "dbsystem_append.tf") output_replace_db_node_count() - if params.get('database') == "pluggable": - cp_dir_src_db("oracle") + if params.get('db_type') == "pluggable": if 'pdb_ocid' in params: cp_terraform("dbsystem_pluggable_existing.tf") else: cp_terraform("dbsystem_existing.tf", "dbsystem_pluggable.tf") - if params.get('database') == "db_free": - cp_dir_src_db("oracle") + if params.get('db_type') == "db_free": if params.get('db_install') == "shared_compute": cp_terraform("db_free_shared_compute.tf") else: @@ -930,8 +927,7 @@ def create_output_dir(): output_copy_tree("option/src/db/db_free", "src/db") output_move("src/db/deploy_db_node.sh", "bin/deploy_db_node.sh") - if params.get('database') == "mysql": - cp_dir_src_db("mysql") + if params.get('db_type') == "mysql": if params.get('db_install') == "shared_compute": cp_terraform("mysql_shared_compute.tf") output_copy_tree("option/src/db/mysql_shared_compute", "src/db") @@ -941,8 +937,7 @@ def create_output_dir(): else: cp_terraform("mysql.tf", "mysql_append.tf") - if params.get('database') == "psql": - cp_dir_src_db("psql") + if params.get('db_type') == "psql": if 'psql_ocid' in params: cp_terraform("psql_existing.tf", "psql_append.tf") else: @@ -1160,7 +1155,7 @@ def jinja2_replace_template(): params['public_subnet_ocid'] = TO_FILL params['private_subnet_ocid'] = TO_FILL # Use a bastion only for the database - if params.get('database')!='none': + if params.get('db_type')!='none': params['bastion_ocid'] = TO_FILL to_ocid = { "atp": "atp_ocid", "database": "db_ocid", "mysql": "mysql_ocid", "psql": "psql_ocid", "oke": "oke_ocid", "fnapp": "fnapp_ocid", "apigw": "apigw_ocid", "jms": "jms_ocid", "compute": "compute_ocid"} for x in a_group_common: diff --git a/schema.yaml b/schema.yaml index d5853529..f12fd7d4 100644 --- a/schema.yaml +++ b/schema.yaml @@ -27,7 +27,7 @@ variableGroups: visible: true variables: - language - - deploy_strategy + - deploy_type - java_framework - java_vm - java_version @@ -35,7 +35,7 @@ variableGroups: - title: User Interface visible: true variables: - - ui_strategy + - ui_type - title: Deployment visible: true @@ -54,7 +54,7 @@ variableGroups: - title: "Database" visible: true variables: - - db_strategy + - db_type - db_existing_strategy - atp_ocid - db_ocid @@ -111,7 +111,7 @@ variables: default: "Java" required: true - deploy_strategy: + deploy_type: visible: true type: enum title: Deployment @@ -131,10 +131,10 @@ variables: - "Java" - or: - eq: - - ${deploy_strategy} + - ${deploy_type} - "Kubernetes" - eq: - - ${deploy_strategy} + - ${deploy_type} - "Virtual Machine" type: enum title: Java Framework @@ -154,10 +154,10 @@ variables: - "Java" - or: - eq: - - ${deploy_strategy} + - ${deploy_type} - "Kubernetes" - eq: - - ${deploy_strategy} + - ${deploy_type} - "Virtual Machine" type: enum title: Java Framework @@ -181,10 +181,10 @@ variables: - "Helidon" - or: - eq: - - ${deploy_strategy} + - ${deploy_type} - "Kubernetes" - eq: - - ${deploy_strategy} + - ${deploy_type} - "Virtual Machine" type: enum title: Java Framework @@ -241,7 +241,7 @@ variables: kubernetes_strategy: visible: eq: - - ${deploy_strategy} + - ${deploy_type} - "Kubernetes" type: enum enum: @@ -255,7 +255,7 @@ variables: visible: and: - eq: - - ${deploy_strategy} + - ${deploy_type} - "Kubernetes" - eq: - ${kubernetes_strategy} @@ -273,7 +273,7 @@ variables: visible: and: - eq: - - ${deploy_strategy} + - ${deploy_type} - "Kubernetes" - eq: - ${kubernetes_strategy} @@ -292,7 +292,7 @@ variables: ###################### Database - db_strategy: + db_type: visible: true type: enum title: Database Type @@ -319,7 +319,7 @@ variables: visible: and: - eq: - - ${db_strategy} + - ${db_type} - "Autonomous Transaction Processing Database" - eq: - ${db_existing_strategy} @@ -335,7 +335,7 @@ variables: visible: and: - eq: - - ${db_strategy} + - ${db_type} - "Database System" - eq: - ${db_existing_strategy} @@ -351,7 +351,7 @@ variables: visible: and: - eq: - - ${db_strategy} + - ${db_type} - "MySQL" - eq: - ${db_existing_strategy} @@ -383,7 +383,7 @@ variables: ###################### User Interface - ui_strategy: + ui_type: visible: true type: enum title: User Interface diff --git a/variables.tf b/variables.tf index 270c21df..cd016340 100644 --- a/variables.tf +++ b/variables.tf @@ -33,12 +33,12 @@ variable "java_version" {} variable "vcn_strategy" {} variable "vcn_ocid" {default=""} variable "subnet_ocid" {default=""} -variable "ui_strategy" {} -variable "deploy_strategy" {} +variable "ui_type" {} +variable "deploy_type" {} variable "kubernetes_strategy" {default=""} variable "oke_strategy" {default=""} variable "oke_ocid" {default=""} -variable "db_strategy" {} +variable "db_type" {} variable "db_existing_strategy" {} variable "atp_ocid" {default=""} variable "db_ocid" {default=""} From 5132cde50e3c8bb6d650c3523a2cc3b01ded2480 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 10 Jan 2024 11:45:17 +0100 Subject: [PATCH 163/176] v1.6 --- py_oci_starter.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index cfe0df94..65ed0e25 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -499,7 +499,7 @@ def env_param_list(): if params.get('language') != 'java' or 'group_name' in params: exclude.extend(['java_vm', 'java_framework', 'java_version']) if 'group_name' in params: - exclude.extend(['ui', 'database', 'language', 'deploy', 'db_user', 'group_name']) + exclude.extend(['ui_type', 'db_type', 'language', 'deploy_type', 'db_user', 'group_name']) else: exclude.append('group_common') if is_param_default_value('infra_as_code'): @@ -1163,7 +1163,7 @@ def jinja2_replace_template(): ocid = to_ocid[x] params[ocid] = TO_FILL -if 'deploy' in params: +if 'deploy_type' in params: create_output_dir() jinja2_replace_template() From 9c20b40f6575c5f003dfb2b529901413a3230d72 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 10 Jan 2024 12:45:22 +0100 Subject: [PATCH 164/176] v1.6 --- py_oci_starter.py | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 65ed0e25..f3dd95a5 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -147,12 +147,7 @@ def save_params(): p = params.copy() pop_param(p,"output_dir") pop_param(p,"zip") - # Print in Bash Array format - s = "( " - for key, value in p.items(): - s += '"' + str(key) + '" ' - s += ")" - params['params'] = s + params['params'] = ",".join(p.keys()) def db_rules(): From dcf0e0a354ec5ccf09244a958259607f12ccf552 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 10 Jan 2024 13:01:55 +0100 Subject: [PATCH 165/176] v1.6 --- py_oci_starter.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index f3dd95a5..bfacf590 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -514,9 +514,6 @@ def env_sh_contents(): contents.append( 'PROJECT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )') contents.append(f'export BIN_DIR=$PROJECT_DIR/bin') - contents.append(f'export OCI_STARTER_CREATION_DATE={timestamp}') - contents.append(f'export OCI_STARTER_VERSION=1.5') - contents.append(f'export PARAMS="{params["params"]}"') contents.append('') contents.append('# Env Variables') if 'group_name' in params: @@ -566,7 +563,11 @@ def env_sh_contents(): contents.append(' # export TF_VAR_lz_security_cmp_ocid=$TF_VAR_compartment_ocid') contents.append("fi") - + contents.append('') + contents.append('# Creation Details') + contents.append(f'export OCI_STARTER_CREATION_DATE={timestamp}') + contents.append(f'export OCI_STARTER_VERSION=2.0') + contents.append(f'export PARAMS="{params["params"]}"') contents.append('') contents.append( '# Get other env variables automatically (-silent flag can be passed)') From e7e9f67752b2d1eb7c9a6b56a32833c99e04f47c Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 10 Jan 2024 13:04:39 +0100 Subject: [PATCH 166/176] v1.6 --- py_oci_starter.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index bfacf590..cd7cc47e 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -556,11 +556,11 @@ def env_sh_contents(): contents.append(' # export TF_VAR_instance_shape=VM.Standard.E4.Flex') contents.append('') - contents.append(' # Landing Zone') - contents.append(' # export TF_VAR_lz_appdev_cmp_ocid=$TF_VAR_compartment_ocid') - contents.append(' # export TF_VAR_lz_database_cmp_ocid=$TF_VAR_compartment_ocid') - contents.append(' # export TF_VAR_lz_network_cmp_ocid=$TF_VAR_compartment_ocid') - contents.append(' # export TF_VAR_lz_security_cmp_ocid=$TF_VAR_compartment_ocid') + # contents.append(' # Landing Zone') + # contents.append(' # export TF_VAR_lz_appdev_cmp_ocid=$TF_VAR_compartment_ocid') + # contents.append(' # export TF_VAR_lz_database_cmp_ocid=$TF_VAR_compartment_ocid') + # contents.append(' # export TF_VAR_lz_network_cmp_ocid=$TF_VAR_compartment_ocid') + # contents.append(' # export TF_VAR_lz_security_cmp_ocid=$TF_VAR_compartment_ocid') contents.append("fi") contents.append('') From 059f8b0c4fddde7d016204b18675cbeb9ad68096 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 10 Jan 2024 13:45:18 +0100 Subject: [PATCH 167/176] v1.6 --- py_oci_starter.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index cd7cc47e..7b081962 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -532,6 +532,10 @@ def env_sh_contents(): else: tf_var_comment(contents, param) contents.append(f'export {get_tf_var(param)}="{params[param]}"') + + for s in group_common_contents: + contents.append(s) + contents.append('') contents.append("if [ -f $PROJECT_DIR/../group_common_env.sh ]; then") contents.append(" . $PROJECT_DIR/../group_common_env.sh") @@ -543,13 +547,13 @@ def env_sh_contents(): if params.get('compartment_ocid') == None: contents.append(' # export TF_VAR_compartment_ocid=ocid1.compartment.xxxxx') - for x in group_common_contents: - contents.append(" " + x) + # for x in group_common_contents: + # contents.append(" " + x) - contents.append('') - contents.append(' # API Management') - contents.append(' # export APIM_HOST=xxxx-xxx.adb.region.oraclecloudapps.com') - contents.append('') + # contents.append('') + # contents.append(' # API Management') + # contents.append(' # export APIM_HOST=xxxx-xxx.adb.region.oraclecloudapps.com') + # contents.append('') if params.get('instance_shape') == None: contents.append(' # Compute Shape') @@ -567,7 +571,7 @@ def env_sh_contents(): contents.append('# Creation Details') contents.append(f'export OCI_STARTER_CREATION_DATE={timestamp}') contents.append(f'export OCI_STARTER_VERSION=2.0') - contents.append(f'export PARAMS="{params["params"]}"') + contents.append(f'export OCI_STARTER_PARAMS="{params["params"]}"') contents.append('') contents.append( '# Get other env variables automatically (-silent flag can be passed)') @@ -578,7 +582,7 @@ def env_sh_contents(): def tf_var_comment(contents, param): comments = { 'auth_token': ['See doc: https://docs.oracle.com/en-us/iaas/Content/Registry/Tasks/registrygettingauthtoken.htm'], - 'db_password': ['Requires at least 12 characters, 2 letters in lowercase, 2 in uppercase, 2 numbers, 2 special characters. Ex: LiveLab__12345', 'If not filled, it will be generated randomly during the first build.'], + 'db_password': ['Min length 12 characters, 2 lowercase, 2 uppercase, 2 numbers, 2 special characters. Ex: LiveLab__12345', 'If not filled, it will be generated randomly during the first build.'], 'license': ['BRING_YOUR_OWN_LICENSE or LICENSE_INCLUDED'] }.get(param) if comments is not None: From 86e35c97cb47117db09620855bb8993b9e1a60fa Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 10 Jan 2024 13:48:37 +0100 Subject: [PATCH 168/176] v1.6 --- py_oci_starter.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 7b081962..8af59aa7 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -532,7 +532,7 @@ def env_sh_contents(): else: tf_var_comment(contents, param) contents.append(f'export {get_tf_var(param)}="{params[param]}"') - + contents.append('') for s in group_common_contents: contents.append(s) @@ -586,8 +586,14 @@ def tf_var_comment(contents, param): 'license': ['BRING_YOUR_OWN_LICENSE or LICENSE_INCLUDED'] }.get(param) if comments is not None: + b = true for comment in comments: - contents.append(f'# {get_tf_var(param)} : {comment}') + if b: + b = false + contents.append(f'# {get_tf_var(param)} : {comment}') + else: + contents.append(f'# {comment}') + def write_env_sh(): From f2ae6669988be9924327f6950fcbe18580f0b75f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 10 Jan 2024 13:50:05 +0100 Subject: [PATCH 169/176] v1.6 --- py_oci_starter.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 8af59aa7..c9959a5c 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -586,10 +586,10 @@ def tf_var_comment(contents, param): 'license': ['BRING_YOUR_OWN_LICENSE or LICENSE_INCLUDED'] }.get(param) if comments is not None: - b = true + b=True for comment in comments: if b: - b = false + b=False contents.append(f'# {get_tf_var(param)} : {comment}') else: contents.append(f'# {comment}') From 702baaed4909a6df433f8c88e8f07f470c283e12 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 10 Jan 2024 13:55:52 +0100 Subject: [PATCH 170/176] v1.6 --- py_oci_starter.py | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index c9959a5c..a6b0fc67 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -533,6 +533,8 @@ def env_sh_contents(): tf_var_comment(contents, param) contents.append(f'export {get_tf_var(param)}="{params[param]}"') contents.append('') + if params.get('compartment_ocid') == None: + contents.append('# export TF_VAR_compartment_ocid=ocid1.compartment.xxxxx') for s in group_common_contents: contents.append(s) @@ -543,29 +545,20 @@ def env_sh_contents(): contents.append(" . $PROJECT_DIR/../../group_common_env.sh") contents.append("elif [ -f $HOME/.oci_starter_profile ]; then") contents.append(" . $HOME/.oci_starter_profile") - contents.append("else") - if params.get('compartment_ocid') == None: - contents.append(' # export TF_VAR_compartment_ocid=ocid1.compartment.xxxxx') - - # for x in group_common_contents: - # contents.append(" " + x) - + # contents.append("else") # contents.append('') # contents.append(' # API Management') # contents.append(' # export APIM_HOST=xxxx-xxx.adb.region.oraclecloudapps.com') # contents.append('') - - if params.get('instance_shape') == None: - contents.append(' # Compute Shape') - contents.append(' # export TF_VAR_instance_shape=VM.Standard.E4.Flex') - contents.append('') - + # if params.get('instance_shape') == None: + # contents.append(' # Compute Shape') + # contents.append(' # export TF_VAR_instance_shape=VM.Standard.E4.Flex') + # contents.append('') # contents.append(' # Landing Zone') # contents.append(' # export TF_VAR_lz_appdev_cmp_ocid=$TF_VAR_compartment_ocid') # contents.append(' # export TF_VAR_lz_database_cmp_ocid=$TF_VAR_compartment_ocid') # contents.append(' # export TF_VAR_lz_network_cmp_ocid=$TF_VAR_compartment_ocid') # contents.append(' # export TF_VAR_lz_security_cmp_ocid=$TF_VAR_compartment_ocid') - contents.append("fi") contents.append('') contents.append('# Creation Details') From 4d1f6688ed1ac4e4cbb9679b830f9f41c838148b Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 10 Jan 2024 18:28:07 +0100 Subject: [PATCH 171/176] v1.6 --- basis/bin/upgrade.sh | 42 ++++++++++++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 10 deletions(-) diff --git a/basis/bin/upgrade.sh b/basis/bin/upgrade.sh index 4704c865..99b795af 100755 --- a/basis/bin/upgrade.sh +++ b/basis/bin/upgrade.sh @@ -4,20 +4,42 @@ cd $SCRIPT_DIR/.. . env.sh ## Remove variable that should not be exposed -export `env | grep _ocid | sed 's/=.*/=__TO_FILL__/'` -export DB_PASSWORD=__TO_FILL__ +export `compgen -A variable | grep _ocid | grep _ocid | sed 's/$/=__TO_FILL__/'` +export TF_VAR_db_password=__TO_FILL__ export TF_VAR_auth_token=__TO_FILL__ PARAM_LIST="" -## now loop through the above array -for i in "${PARAMS[@]}" -do - echo "$i" - PARAM_LIST=" ${PARAM_LIST} -${i} ${!i}" + +IFS=',' +read -ra ARR <<<"$OCI_STARTER_PARAMS" +for p in "${ARR[@]}"; +do + VAR_NAME="TF_VAR_${p}" + VAR_VALUE=${!VAR_NAME} + echo "$p - $VAR_NAME - $VAR_VALUE" + if [ "$VAR_VALUE" != "" ]; then + PARAM_LIST="${PARAM_LIST}${p}=${!VAR_NAME}&" + fi done -echo "./oci_starter.sh$PARAM_LIST" +PARAM_LIST=`echo $PARAM_LIST|sed 's/&$//'` + +echo "curl -k https://www.ocistarter.com/app/zip?$PARAM_LIST" + +UPGRADE_DIR="upgrade$(date +%Y%m%d%H%M%S)" +cd $PROJECT_DIR +mkdir $UPGRADE_DIR +cd $UPGRADE_DIR +curl -k "https://www.ocistarter.com/app/zip?$PARAM_LIST" --output upgrade.zip +unzip upgrade.zip +rm upgrade.zip +mv $TF_VAR_prefix/* $TF_VAR_prefix/.* . +rmdir $TF_VAR_prefix +mkdir orig +mv src orig +mv env.sh orig +cp -r ../src . +cp ../env.sh . echo -echo "original command" -echo "./oci_starter.sh -deploy compute -compartment_ocid $EX_COMPARTMENT_OCID -database atp -ui html -language apex -db_password $TEST_DB_PASSWORD -tls existing_ocid" +echo "Upgrade directory created: $UPGRADE_DIR" From 5db2865c12b84b249a90807a6c31d25b7682a728 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 10 Jan 2024 18:31:24 +0100 Subject: [PATCH 172/176] v1.6 --- option/test_suite_shared.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index ed9aeb91..bf7e8e37 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -241,7 +241,7 @@ pre_test_suite() { git clone https://github.com/mgueury/oci-starter cd $TEST_HOME/oci-starter - ./oci_starter.sh -group_name tsall -group_common atp,mysql,psql,database,fnapp,apigw,oke,db_free -compartment_ocid $EX_COMPARTMENT_OCID -db_password $TEST_DB_PASSWORD -auth_token $OCI_TOKEN + ./oci_starter.sh -group_name tsall -group_common atp,mysql,psql,database,fnapp,apigw,oke -compartment_ocid $EX_COMPARTMENT_OCID -db_password $TEST_DB_PASSWORD -auth_token $OCI_TOKEN exit_on_error mv output/group_common ../group_common cd $TEST_HOME/group_common From 0b5497a5497b18d07fd42bca68898a4e1227126f Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Wed, 10 Jan 2024 19:30:55 +0100 Subject: [PATCH 173/176] v1.6 --- py_oci_starter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index a6b0fc67..5c5ce1c7 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -266,7 +266,7 @@ def shape_rules(): def tls_rules(): if params.get('tls')=='none': params.pop('tls') - else: + elif params.get('tls'): params['dns_name'] = TO_FILL if params.get('tls')=='new_http_01': params['certificate_email'] = TO_FILL From b07f2b9e76c5c76c85239db34941aaef94548213 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 11 Jan 2024 17:01:30 +0100 Subject: [PATCH 174/176] v1.6 --- py_oci_starter.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/py_oci_starter.py b/py_oci_starter.py index 5c5ce1c7..db89948c 100755 --- a/py_oci_starter.py +++ b/py_oci_starter.py @@ -276,7 +276,7 @@ def tls_rules(): elif params.get('tls')=='existing_ocid': params['dns_zone_name'] = TO_FILL params['certificate_ocid'] = TO_FILL - elif params.get('tls')=='existing_ocid': + elif params.get('tls')=='existing_dir': params['dns_zone_name'] = TO_FILL params['certificate_dir'] = TO_FILL From c11ca613b0361aace53ddd2e9b346ed31b982e1b Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 11 Jan 2024 17:15:44 +0100 Subject: [PATCH 175/176] v1.6 --- option/terraform/tls.j2.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/option/terraform/tls.j2.tf b/option/terraform/tls.j2.tf index 74d2f3bb..b4ead54e 100644 --- a/option/terraform/tls.j2.tf +++ b/option/terraform/tls.j2.tf @@ -3,9 +3,9 @@ variable "dns_name" { default="" } variable "dns_ip" { default="" } locals { -{%- if deploy == "compute" and tls != "existing_ocid" %} +{%- if deploy_type == "compute" and tls != "existing_ocid" %} dns_ip = local.compute_public_ip -{%- elif deploy == "instance_pool" %} +{%- elif deploy_type == "instance_pool" %} dns_ip = local.instance_pool_lb_ip {%- else %} dns_ip = local.apigw_ip @@ -30,7 +30,7 @@ resource "oci_dns_rrset" "starter_rrset" { } } -{%- if deploy == "instance_pool" %} +{%- if deploy_type == "instance_pool" %} resource "oci_load_balancer_listener" "starter_lb_https_listener" { load_balancer_id = oci_load_balancer.starter_pool_lb.id name = "HTTP-443" From 7ca6a12e6e24af89755ce5b1ef708058a3058354 Mon Sep 17 00:00:00 2001 From: Marc Gueury Date: Thu, 11 Jan 2024 17:35:01 +0100 Subject: [PATCH 176/176] v1.6 --- option/test_suite_group_all.sh | 1 + option/test_suite_shared.sh | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/option/test_suite_group_all.sh b/option/test_suite_group_all.sh index 8726a71e..b1c77fc0 100755 --- a/option/test_suite_group_all.sh +++ b/option/test_suite_group_all.sh @@ -205,5 +205,6 @@ pre_test_suite # generate_only cd $TEST_HOME . ./group_common_env.sh +# export TEST_ERROR_ONLY=TRUE loop_deploy post_test_suite diff --git a/option/test_suite_shared.sh b/option/test_suite_shared.sh index bf7e8e37..5ef91b2e 100755 --- a/option/test_suite_shared.sh +++ b/option/test_suite_shared.sh @@ -154,6 +154,16 @@ build_option() { fi NAME=${NAME/_/-} start_test $NAME + if [ "$TEST_ERROR_ONLY" != "" ]; then + if grep -Fxq "$TEST_DIR" $TEST_HOME/error_rerun.sh + then + echo "OK - error_rerun.sh contains - $TEST_DIR" + else + echo "SKIP - error_rerun.sh does not contains - $TEST_DIR" + return + fi + fi + cd $TEST_HOME/oci-starter if [ "$OPTION_GROUP_NAME" == "dummy" ]; then ./oci_starter.sh \