-
Notifications
You must be signed in to change notification settings - Fork 14
Expand file tree
/
Copy pathdeploy.sh
More file actions
301 lines (254 loc) · 9.92 KB
/
deploy.sh
File metadata and controls
301 lines (254 loc) · 9.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
#!/bin/bash
set -e
# ============================================================
# BitDive Infrastructure — automatic deployment
# Usage: bash deploy.sh [TARGET_FOLDER]
# Default clones to ./bitdive-infrastructure
# ============================================================
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color
log() { echo -e "${GREEN}[✔]${NC} $1"; }
warn() { echo -e "${YELLOW}[!]${NC} $1"; }
err() { echo -e "${RED}[✖]${NC} $1"; exit 1; }
info() { echo -e "${CYAN}[→]${NC} $1"; }
# ---------- Password generation ----------
generate_password() {
local length=${1:-24}
# Use openssl if available, otherwise /dev/urandom, otherwise $RANDOM
if command -v openssl &>/dev/null; then
openssl rand -base64 "$length" | tr -dc 'A-Za-z0-9' | head -c "$length"
elif [ -e /dev/urandom ]; then
cat /dev/urandom | tr -dc 'A-Za-z0-9' | head -c "$length"
else
# Fallback for Windows without openssl
local pw=""
local chars='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
for i in $(seq 1 "$length"); do
pw+="${chars:RANDOM%${#chars}:1}"
done
echo "$pw"
fi
}
generate_token_secret() {
if command -v openssl &>/dev/null; then
openssl rand -base64 32
else
generate_password 32 | base64 2>/dev/null || generate_password 44
fi
}
# ---------- Dependency check ----------
info "Checking dependencies..."
if ! command -v git &>/dev/null; then
err "git not found. Install git: https://git-scm.com/"
fi
if ! command -v docker &>/dev/null; then
err "docker not found. Install Docker: https://docs.docker.com/get-docker/"
fi
if command -v docker-compose &>/dev/null; then
DC="docker-compose"
elif docker compose version &>/dev/null 2>&1; then
DC="docker compose"
else
err "docker-compose not found. Install Docker Compose: https://docs.docker.com/compose/install/"
fi
log "Dependencies OK (git, docker, $DC)"
# ============================================================
# STEP 1: Clone repository
# ============================================================
TARGET_DIR="${1:-bitdive-infrastructure}"
REPO_URL="https://github.com/bitDive/infrastructure.git"
echo ""
info "Step 1/6 — Cloning $REPO_URL → $TARGET_DIR"
if [ -d "$TARGET_DIR" ]; then
warn "Folder $TARGET_DIR already exists. Updating (git pull)..."
cd "$TARGET_DIR"
git pull || warn "git pull failed, continuing with current version"
else
git clone "$REPO_URL" "$TARGET_DIR"
cd "$TARGET_DIR"
fi
log "Repository ready: $(pwd)"
# ============================================================
# STEP 2: Navigate to docker-compose
# ============================================================
echo ""
info "Step 2/6 — Navigating to docker-compose folder"
cd docker-compose || err "docker-compose folder not found!"
log "Working directory: $(pwd)"
# ============================================================
# STEP 3: Generate .env with random passwords
# ============================================================
echo ""
info "Step 3/6 — Generating .env with new passwords"
# Generate unique passwords
PASS_POSTGRES=$(generate_password 20)
PASS_CLICKHOUSE=$(generate_password 20)
PASS_CLICKHOUSE_PG=$(generate_password 20)
USER_MINIO=$(generate_password 16)
PASS_MINIO=$(generate_password 20)
USER_KEYCLOAK="admin"
PASS_KEYCLOAK=$(generate_password 20)
PASS_KC_KEYSTORE=$(generate_password 20)
PASS_KC_TRUSTSTORE=$(generate_password 20)
PASS_JAVA_KEYSTORE=$(generate_password 20)
PASS_JAVA_TRUSTSTORE=$(generate_password 20)
USER_VAULT="vault_admin"
PASS_VAULT=$(generate_password 20)
SECRET_TOKEN=$(generate_token_secret)
# Backup if .env already exists
if [ -f .env ]; then
cp .env ".env.backup.$(date +%Y%m%d_%H%M%S)"
warn "Old .env saved as backup"
fi
cat > .env << ENVEOF
SERVER_IP=127.0.0.1
SERVER_NAME=localhost
URL_FRONT_SYSTEM=https://\${SERVER_NAME}
# Vault Configuration
VAULT_ADDR=https://127.0.0.1:8200
VAULT_ADDR_CONTAINER=https://vault-server:8200
# PostgreSQL Configuration
POSTGRES_USER=citizix_user
POSTGRES_PASSWORD=${PASS_POSTGRES}
POSTGRES_DB=data-bitdive
POSTGRES_HOST=postgres-bitdive
POSTGRES_PORT=5432
# ClickHouse Configuration
CLICKHOUSE_USER=user_ch
CLICKHOUSE_PASSWORD=${PASS_CLICKHOUSE}
CLICKHOUSE_HOST=clickhouse-bitdive
CLICKHOUSE_DB=bitdive
CLICKHOUSE_PORT=8445
CLICKHOUSE_PG_USER_PASSWORD=${PASS_CLICKHOUSE_PG}
# MinIO Configuration
MINIO_ROOT_USER=${USER_MINIO}
MINIO_ROOT_PASSWORD=${PASS_MINIO}
MINIO_DOMAIN=http://\${SERVER_NAME}/minio
MINIO_CONSOLE_ADDRESS=:9001
MINIO_ENDPOINT=http://minio:9000
# Keycloak Configuration
KEYCLOAK_DB_USERNAME=\${POSTGRES_USER}
KEYCLOAK_DB_PASSWORD=\${POSTGRES_PASSWORD}
KEYCLOAK_ADMIN=${USER_KEYCLOAK}
KEYCLOAK_ADMIN_PASSWORD=${PASS_KEYCLOAK}
KEYCLOAK_HTTP_ENABLED=false
KEYCLOAK_HTTP_SSL_PORT=8443
KEYCLOAK_KEY_STORE_PASSWORD=${PASS_KC_KEYSTORE}
KEYCLOAK_TRUST_STORE_PASSWORD=${PASS_KC_TRUSTSTORE}
JAVA_KEYSTORE_PASSWORD=${PASS_JAVA_KEYSTORE}
JAVA_TRUSTSTORE_PASSWORD=${PASS_JAVA_TRUSTSTORE}
KEYCLOAK_DB_URL=jdbc:postgresql://\${POSTGRES_HOST}:\${POSTGRES_PORT}/keycloak?ssl=true&sslmode=verify-full&&sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory
TOKEN_SECRET=${SECRET_TOKEN}
# Vault User Credentials
VAULT_LOGIN=${USER_VAULT}
VAULT_PASSWORD=${PASS_VAULT}
# Vault Certificates Configuration
VAULT_CERT_DB_COMMON_NAME=\${POSTGRES_USER}
VAULT_CERT_DB_ALT_NAME=\${POSTGRES_HOST}
VAULT_CERT_DB_TTL=24h
VAULT_CERT_DB_CH_COMMON_NAME=clickhouse
VAULT_CERT_DB_CH_ALT_NAME=\${CLICKHOUSE_HOST}
VAULT_CERTIFICATION_DB_CH_TTL=24h
VAULT_CERT_SERVICE_COMMON_NAME=file-acceptor.bitdive
VAULT_CERT_SERVICE_COMMON_NAME_FILE_ACCEPTOR=file-acceptor.\${SERVER_NAME}
VAULT_CERT_SERVICE_ALT_NAMES_FILE_ACCEPTOR=file-acceptor.\${SERVER_NAME}
VAULT_CERT_SERVICE_ALT_NAMES=\${SERVER_IP}
VAULT_CERT_SERVICE_TTL=24h
KEYCLOAK_FRONTEND_URL_NOT_SSL=https://\${SERVER_IP}:8999
KEYCLOAK_FRONTEND_URL=https://\${SERVER_NAME}:8999
VAULT_CERT_KEYCLOAK_COMMON_NAME=\${SERVER_IP}
VAULT_CERT_KEYCLOAK_ALT_NAME=\${SERVER_IP}
VAULT_CERT_KEYCLOAK_TTL=24h
KEYCLOAK_CONTAINER=https://keycloak:\${KEYCLOAK_HTTP_SSL_PORT}/keyCloak
# Keycloak Realm URL
KEYCLOAK_REALM_URL=\${KEYCLOAK_CONTAINER}/realms/bitdive/protocol/openid-connect/certs
KEYCLOAK_REALM_URL_NOT_SSL=http://keycloak:8080/realms/bitdive/protocol/openid-connect/certs
# Frontend Configuration
REACT_APP_API_URL=https://\${SERVER_NAME}/monitoring-api
REACT_APP_KEYCLOAK_URL=https://\${SERVER_NAME}/keyCloak/
REACT_APP_KEYCLOAK_REALM=bitdive
REACT_APP_KEYCLOAK_CLIENT_ID=react-client
GENERATE_SOURCEMAP=false
REACT_APP_BASE_URL=https://\${SERVER_NAME}/
APP_EMAIL_SMTP_HOST=smtp.zoho.eu
APP_EMAIL_SMTP_PORT=587
APP_EMAIL_SMTP_ALERT_USER=
APP_EMAIL_SMTP_ALERT_PASSWORD=
APP_EMAIL_SMTP_ALERT_EMAIL=
APP_EMAIL_SMTP_INFORMATION_USER=
APP_EMAIL_SMTP_INFORMATION_PASSWORD=
APP_EMAIL_SMTP_INFORMATION_EMAIL=
TOTAL_PROCESS_MEMORY=4g
ENVEOF
log ".env created with new passwords"
echo ""
echo " ┌──────────────────────────────────────────────────────┐"
echo " │ Generated credentials (save these!): │"
echo " ├──────────────────────────────────────────────────────┤"
echo " │ PostgreSQL password : ${PASS_POSTGRES}"
echo " │ ClickHouse password : ${PASS_CLICKHOUSE}"
echo " │ ClickHouse PG pass : ${PASS_CLICKHOUSE_PG}"
echo " │ MinIO user : ${USER_MINIO}"
echo " │ MinIO password : ${PASS_MINIO}"
echo " │ Keycloak admin : ${USER_KEYCLOAK}"
echo " │ Keycloak password : ${PASS_KEYCLOAK}"
echo " │ Vault login : ${USER_VAULT}"
echo " │ Vault password : ${PASS_VAULT}"
echo " │ Token secret : ${SECRET_TOKEN}"
echo " └──────────────────────────────────────────────────────┘"
echo ""
# ============================================================
# STEP 4: Start Vault
# ============================================================
info "Step 4/6 — Starting Vault"
$DC up -d vault
log "Vault started. Waiting 30 seconds for initialization..."
for i in $(seq 30 -1 1); do
printf "\r ⏳ %2d seconds remaining..." "$i"
sleep 1
done
echo ""
log "Vault ready"
# ============================================================
# STEP 5: Initialize SSL for databases
# ============================================================
echo ""
info "Step 5/6 — Starting init-db-ssl (SSL certificate setup)"
$DC up -d init-db-ssl
log "init-db-ssl started. Waiting 40 seconds..."
for i in $(seq 40 -1 1); do
printf "\r ⏳ %2d seconds remaining..." "$i"
sleep 1
done
echo ""
log "init-db-ssl completed"
# ============================================================
# STEP 6: Start all remaining services
# ============================================================
echo ""
info "Step 6/6 — Starting all services (init-container-ssl)"
$DC up -d init-container-ssl
log "All services started!"
# ============================================================
# Summary
# ============================================================
echo ""
echo "=========================================================="
echo -e "${GREEN} ✅ BitDive successfully deployed!${NC}"
echo "=========================================================="
echo ""
echo " Service access:"
echo " Frontend : https://localhost"
echo " Keycloak : https://localhost/keyCloak"
echo " MinIO Console : https://localhost/minio"
echo " Flink Load : https://localhost/flink-load"
echo " PostgreSQL : localhost:5432"
echo ""
echo " Keycloak login : ${USER_KEYCLOAK} / ${PASS_KEYCLOAK}"
echo " MinIO login : ${USER_MINIO} / ${PASS_MINIO}"
echo ""
echo " Full .env: $(pwd)/.env"
echo "=========================================================="