diff --git a/deploy_stack.sh b/deploy_stack.sh index 28861c3a9..ca7c585e6 100755 --- a/deploy_stack.sh +++ b/deploy_stack.sh @@ -1,67 +1,129 @@ #!/usr/bin/env bash set -e -if ! [ -x "$(command -v docker)" ]; then - echo 'Unable to find docker command, please install Docker (https://www.docker.com/) and retry' >&2 - exit 1 -fi +CHECK_MARK="\033[0;32m\xE2\x9C\x94\033[0m" +PARTY_POPPER="\xF0\x9F\x8E\x89" +DEBUG_LOG=${DEBUG_LOG:=0} +function debug() { + if [[ ${DEBUG_LOG} = "1" ]]; then + echo -e "$*"; + fi +} -export BASIC_AUTH="true" +check_required_software() { + echo -en " Required software check" -sha_cmd="shasum -a 256" -if ! command -v shasum >/dev/null; then - sha_cmd="sha256sum" -fi + if ! [[ -x "$(command -v docker)" ]]; then + echo 'Unable to find docker command, please install Docker (https://www.docker.com/) and retry' >&2 + exit 1 + fi -while [ ! $# -eq 0 ] + echo -e "\r${CHECK_MARK} Required software check" +} + +setup_http_signature() { + echo -en " Http encryption settings" + + rm signing.key > /dev/null 2>&1 || true && rm signing.key.pub > /dev/null 2>&1 || true + docker secret rm http-signing-private-key > /dev/null 2>&1 || true + docker secret rm http-signing-public-key > /dev/null 2>&1 || true + + ssh-keygen -t rsa -b 2048 -N "" -m PEM -f signing.key > /dev/null 2>&1 + openssl rsa -in ./signing.key -pubout -outform PEM -out signing.key.pub > /dev/null 2>&1 + # openssl rsa -inform PEM -pubin -in ./signing.key.pub -text + + cat signing.key | docker secret create http-signing-private-key - > /dev/null 2>&1 || true + cat signing.key.pub | docker secret create http-signing-public-key - > /dev/null 2>&1 || true + + rm signing.key || true && rm signing.key.pub || true + echo -e "\r${CHECK_MARK} Http encryption settings" +} + +setup_basic_auth() { + export BASIC_AUTH="true" + sha_cmd="shasum -a 256" + if ! command -v shasum >/dev/null; then + sha_cmd="sha256sum" + fi + + # Secrets should be created even if basic-auth is disabled. + if (echo "admin" | docker secret create basic-auth-user - > /dev/null 2>&1) + then + debug "[Credentials]\n\tusername: admin created" + fi + + secret=$(head -c 16 /dev/urandom| $sha_cmd | cut -d " " -f 1) + if (echo "$secret" | docker secret create basic-auth-password - > /dev/null 2>&1) + then + echo "[Credentials]\n\tusername: admin \n\tpassword: ${secret}\n\techo -n \"${secret}\" | faas-cli login --username=admin --password-stdin" + else + debug "[Credentials]\n\talready exist, not creating" + fi + + if [[ ${BASIC_AUTH} = "true" ]]; + then + debug "\tenabling basic authentication for gateway.." + debug "" + else + debug "\tdisabling basic authentication for gateway.." + debug "" + fi + + echo -e "\r${CHECK_MARK} Basic authentication settings" +} + +deploy_docker_stack() { + arch=$(uname -m) + case "$arch" in + + "armv7l") echo -en " Deploying OpenFaaS core services for ARM" + composefile="docker-compose.armhf.yml" + ;; + "aarch64") echo -en " Deploying OpenFaaS core services for ARM64" + composefile="docker-compose.arm64.yml" + ;; + *) echo -en " Deploying OpenFaaS core services" + composefile="docker-compose.yml" + ;; + esac + + docker stack deploy func --compose-file ${composefile} > /dev/null + echo -e "\r${CHECK_MARK} Deploying OpenFaaS core services" +} + +main() { + check_required_software + setup_basic_auth + setup_http_signature + deploy_docker_stack + echo -e ${PARTY_POPPER} OpenFaaS docker swarm setup complete +} + +POSITIONAL=() +while [[ $# -gt 0 ]] do - case "$1" in - --no-auth | -n) - export BASIC_AUTH="false" - ;; - --help | -h) - echo "Usage: \n [default]\tdeploy the OpenFaaS core services\n --no-auth [-n]\tdisable basic authentication.\n --help\tdisplays this screen" - exit - ;; - esac - shift -done +key="$1" -# Secrets should be created even if basic-auth is disabled. -echo "Attempting to create credentials for gateway.." -echo "admin" | docker secret create basic-auth-user - -secret=$(head -c 16 /dev/urandom| $sha_cmd | cut -d " " -f 1) -echo "$secret" | docker secret create basic-auth-password - -if [ $? = 0 ]; -then - echo "[Credentials]\n username: admin \n password: $secret\n echo -n "$secret" | faas-cli login --username=admin --password-stdin" -else - echo "[Credentials]\n already exist, not creating" -fi - -if [ $BASIC_AUTH = "true" ]; -then - echo "" - echo "Enabling basic authentication for gateway.." - echo "" -else - echo "" - echo "Disabling basic authentication for gateway.." - echo "" -fi - -arch=$(uname -m) -case "$arch" in - -"armv7l") echo "Deploying OpenFaaS core services for ARM" - composefile="docker-compose.armhf.yml" - ;; -"aarch64") echo "Deploying OpenFaaS core services for ARM64" - composefile="docker-compose.arm64.yml" - ;; -*) echo "Deploying OpenFaaS core services" - composefile="docker-compose.yml" - ;; +case $key in + --no-auth | -n) + export BASIC_AUTH="false" + shift + ;; + --debug | -d) + echo hi + DEBUG_LOG="1" + shift + ;; + --help | -h) + echo -e "Usage: +[default] deploy the OpenFaaS core services +--no-auth [-n] disable basic authentication. +--help displays this screen +--debug [-d] enable debug logging" + exit + ;; esac +done +set -- "${POSITIONAL[@]}" # restore positional parameters -docker stack deploy func --compose-file $composefile +main \ No newline at end of file