infrastructure/docker/traffic_vault/run.sh - trafficcontrol - Git at Google

 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.

 # Script for running the Dockerfile for Traffic Vault.
 # The Dockerfile sets up a Docker image which can be used for any new container;
 # This script, which should be run when the container is run (it's the ENTRYPOINT), will configure the container.
 #
 # The following environment variables must be set (ordinarily by `docker run -e` arguments):
 # ADMIN_PASS
 # USER_PASS
 # CERT_COUNTRY
 # CERT_STATE
 # CERT_CITY
 # CERT_COMPANY
 # TRAFFIC_OPS_URI
 # TRAFFIC_OPS_USER
 # TRAFFIC_OPS_PASS
 # DOMAIN
 # IP
 # GATEWAY
 # CREATE_TO_DB_ENTRY (If set to yes, create the TO db entry for this server if set to no, assume it it already there)

 start() {
 	/etc/init.d/riak restart
 	exec tail -f /var/log/riak/console.log
 }

 init() {
 	TMP_TO_COOKIE="$(curl -v -s -k -X POST --data '{ "u":"'"$TRAFFIC_OPS_USER"'", "p":"'"$TRAFFIC_OPS_PASS"'" }' $TRAFFIC_OPS_URI/api/4.0/user/login 2>&1 | grep 'Set-Cookie' | sed -e 's/.*mojolicious=\(.*\); expires.*/\1/')"
 	echo "Got Cookie: $TMP_TO_COOKIE"
 #	curl -v -k -X POST -H "Cookie: mojolicious=$TMP_TO_COOKIE" -F "filename=profile.traffic_vault.traffic_ops" -F "profile_to_import=@/profile.traffic_vault.traffic_ops" $TRAFFIC_OPS_URI/profile/doImport

 	# \todo figure out a better way to get the IP, domain (Docker network name), gateway
 	TMP_IP=$IP
 	TMP_DOMAIN=$DOMAIN
 	TMP_GATEWAY=$GATEWAY

 	echo "Got IP: $TMP_IP"
 	echo "Got Domain: $TMP_DOMAIN"
 	echo "Got Gateway: $TMP_GATEWAY"

 	if [ "$CREATE_TO_DB_ENTRY" = "YES" ] ; then
 		TMP_CACHEGROUP_ID="$(curl -s -k -X GET -H "Cookie: mojolicious=$TMP_TO_COOKIE" $TRAFFIC_OPS_URI/api/4.0/cachegroups.json | python -c 'import json,sys;obj=json.load(sys.stdin);match=[x["id"] for x in obj["response"] if x["name"]=="mid-east"]; print match[0]')"
 		echo "Got cachegroup ID: $TMP_CACHEGROUP_ID"

 		TMP_SERVER_TYPE_ID="$(curl -s -k -X GET -H "Cookie: mojolicious=$TMP_TO_COOKIE" $TRAFFIC_OPS_URI/api/4.0/types.json | python -c 'import json,sys;obj=json.load(sys.stdin);match=[x["id"] for x in obj["response"] if x["name"]=="RIAK"]; print match[0]')"
 		echo "Got server type ID: $TMP_SERVER_TYPE_ID"

 		TMP_SERVER_PROFILE_ID="$(curl -s -k -X GET -H "Cookie: mojolicious=$TMP_TO_COOKIE" $TRAFFIC_OPS_URI/api/4.0/profiles.json | python -c 'import json,sys;obj=json.load(sys.stdin);match=[x["id"] for x in obj["response"] if x["name"]=="RIAK_ALL"]; print match[0]')"
 		echo "Got server profile ID: $TMP_SERVER_PROFILE_ID"

 		TMP_PHYS_LOCATION_ID="$(curl -s -k -X GET -H "Cookie: mojolicious=$TMP_TO_COOKIE" $TRAFFIC_OPS_URI/api/4.0/phys_locations.json | python -c 'import json,sys;obj=json.load(sys.stdin);match=[x["id"] for x in obj["response"] if x["name"]=="plocation-nyc-1"]; print match[0]')"
 		echo "Got phys location ID: $TMP_PHYS_LOCATION_ID"

 		TMP_CDN_ID="$(curl -s -k -X GET -H "Cookie: mojolicious=$TMP_TO_COOKIE" $TRAFFIC_OPS_URI/api/4.0/cdns.json | python -c 'import json,sys;obj=json.load(sys.stdin);match=[x["id"] for x in obj["response"] if x["name"]=="cdn"]; print match[0]')"
 		echo "Got cdn ID: $TMP_CDN_ID"

 		curl -v -k -X POST -H "Cookie: mojolicious=$TMP_TO_COOKIE" --data-urlencode "host_name=$HOSTNAME" --data-urlencode "domain_name=$TMP_DOMAIN" --data-urlencode "interface_name=eth0" --data-urlencode "ip_address=$TMP_IP" --data-urlencode "ip_netmask=255.255.0.0" --data-urlencode "ip_gateway=$TMP_GATEWAY" --data-urlencode "interface_mtu=9000" --data-urlencode "cdn=$TMP_CDN_ID" --data-urlencode "cachegroup=$TMP_CACHEGROUP_ID" --data-urlencode "phys_location=$TMP_PHYS_LOCATION_ID" --data-urlencode "type=$TMP_SERVER_TYPE_ID" --data-urlencode "profile=$TMP_SERVER_PROFILE_ID" --data-urlencode "tcp_port=8088" $TRAFFIC_OPS_URI/server/create

 	fi

 	TMP_SERVER_ID="$(curl -s -k -X GET -H "Cookie: mojolicious=$TMP_TO_COOKIE" $TRAFFIC_OPS_URI/api/4.0/servers.json | python -c 'import json,sys;obj=json.load(sys.stdin);match=[x["id"] for x in obj["response"] if x["hostName"]=="'"$HOSTNAME"'"]; print match[0]')"
 	echo "Got server ID: $TMP_SERVER_ID"

 	curl -v -k -H "Content-Type: application/x-www-form-urlencoded" -H "Cookie: mojolicious=$TMP_TO_COOKIE" -X POST --data-urlencode "id=$TMP_SERVER_ID" --data-urlencode "status=ONLINE" $TRAFFIC_OPS_URI/server/updatestatus

 	openssl req -newkey rsa:2048 -nodes -keyout /etc/riak/certs/server.key -x509 -days 365 -out /etc/riak/certs/server.crt -subj "/C=$CERT_COUNTRY/ST=$CERT_STATE/L=$CERT_CITY/O=$CERT_COMPANY"
 	cp /etc/riak/certs/server.crt /etc/riak/certs/ca-bundle.crt

 	/etc/init.d/riak restart
 	riak-admin security enable
 	riak-admin security add-group admins
 	riak-admin security add-group keysusers
 	riak-admin security add-user admin password=$ADMIN_PASS groups=admins
 	riak-admin security add-user riakuser password=$USER_PASS groups=keysusers
 	riak-admin security add-source riakuser 0.0.0.0/0 password
 	riak-admin security add-source admin 0.0.0.0/0 password
 	riak-admin security grant riak_kv.list_buckets,riak_kv.list_keys,riak_kv.get,riak_kv.put,riak_kv.delete on any to admins
 	riak-admin security grant riak_kv.get,riak_kv.put,riak_kv.delete on default ssl to keysusers
 	riak-admin security grant riak_kv.get,riak_kv.put,riak_kv.delete on default dnssec to keysusers
 	riak-admin security grant riak_kv.get,riak_kv.put,riak_kv.delete on default url_sig_keys to keysusers

 	echo "INITIALIZED=1" >> /etc/environment
 }

 source /etc/environment
 if [ -z "$INITIALIZED" ]; then init; fi
 start
	#!/bin/bash
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	# Script for running the Dockerfile for Traffic Vault.
	# The Dockerfile sets up a Docker image which can be used for any new container;
	# This script, which should be run when the container is run (it's the ENTRYPOINT), will configure the container.
	#
	# The following environment variables must be set (ordinarily by `docker run -e` arguments):
	# ADMIN_PASS
	# USER_PASS
	# CERT_COUNTRY
	# CERT_STATE
	# CERT_CITY
	# CERT_COMPANY
	# TRAFFIC_OPS_URI
	# TRAFFIC_OPS_USER
	# TRAFFIC_OPS_PASS
	# DOMAIN
	# IP
	# GATEWAY
	# CREATE_TO_DB_ENTRY (If set to yes, create the TO db entry for this server if set to no, assume it it already there)

	start() {
	/etc/init.d/riak restart
	exec tail -f /var/log/riak/console.log
	}

	init() {
	TMP_TO_COOKIE="$(curl -v -s -k -X POST --data '{ "u":"'"$TRAFFIC_OPS_USER"'", "p":"'"$TRAFFIC_OPS_PASS"'" }' $TRAFFIC_OPS_URI/api/4.0/user/login 2>&1 \| grep 'Set-Cookie' \| sed -e 's/.mojolicious=\(.\); expires.*/\1/')"
	echo "Got Cookie: $TMP_TO_COOKIE"
	# curl -v -k -X POST -H "Cookie: mojolicious=$TMP_TO_COOKIE" -F "filename=profile.traffic_vault.traffic_ops" -F "profile_to_import=@/profile.traffic_vault.traffic_ops" $TRAFFIC_OPS_URI/profile/doImport

	# \todo figure out a better way to get the IP, domain (Docker network name), gateway
	TMP_IP=$IP
	TMP_DOMAIN=$DOMAIN
	TMP_GATEWAY=$GATEWAY

	echo "Got IP: $TMP_IP"
	echo "Got Domain: $TMP_DOMAIN"
	echo "Got Gateway: $TMP_GATEWAY"

	if [ "$CREATE_TO_DB_ENTRY" = "YES" ] ; then
	TMP_CACHEGROUP_ID="$(curl -s -k -X GET -H "Cookie: mojolicious=$TMP_TO_COOKIE" $TRAFFIC_OPS_URI/api/4.0/cachegroups.json \| python -c 'import json,sys;obj=json.load(sys.stdin);match=[x["id"] for x in obj["response"] if x["name"]=="mid-east"]; print match[0]')"
	echo "Got cachegroup ID: $TMP_CACHEGROUP_ID"

	TMP_SERVER_TYPE_ID="$(curl -s -k -X GET -H "Cookie: mojolicious=$TMP_TO_COOKIE" $TRAFFIC_OPS_URI/api/4.0/types.json \| python -c 'import json,sys;obj=json.load(sys.stdin);match=[x["id"] for x in obj["response"] if x["name"]=="RIAK"]; print match[0]')"
	echo "Got server type ID: $TMP_SERVER_TYPE_ID"

	TMP_SERVER_PROFILE_ID="$(curl -s -k -X GET -H "Cookie: mojolicious=$TMP_TO_COOKIE" $TRAFFIC_OPS_URI/api/4.0/profiles.json \| python -c 'import json,sys;obj=json.load(sys.stdin);match=[x["id"] for x in obj["response"] if x["name"]=="RIAK_ALL"]; print match[0]')"
	echo "Got server profile ID: $TMP_SERVER_PROFILE_ID"

	TMP_PHYS_LOCATION_ID="$(curl -s -k -X GET -H "Cookie: mojolicious=$TMP_TO_COOKIE" $TRAFFIC_OPS_URI/api/4.0/phys_locations.json \| python -c 'import json,sys;obj=json.load(sys.stdin);match=[x["id"] for x in obj["response"] if x["name"]=="plocation-nyc-1"]; print match[0]')"
	echo "Got phys location ID: $TMP_PHYS_LOCATION_ID"

	TMP_CDN_ID="$(curl -s -k -X GET -H "Cookie: mojolicious=$TMP_TO_COOKIE" $TRAFFIC_OPS_URI/api/4.0/cdns.json \| python -c 'import json,sys;obj=json.load(sys.stdin);match=[x["id"] for x in obj["response"] if x["name"]=="cdn"]; print match[0]')"
	echo "Got cdn ID: $TMP_CDN_ID"

	curl -v -k -X POST -H "Cookie: mojolicious=$TMP_TO_COOKIE" --data-urlencode "host_name=$HOSTNAME" --data-urlencode "domain_name=$TMP_DOMAIN" --data-urlencode "interface_name=eth0" --data-urlencode "ip_address=$TMP_IP" --data-urlencode "ip_netmask=255.255.0.0" --data-urlencode "ip_gateway=$TMP_GATEWAY" --data-urlencode "interface_mtu=9000" --data-urlencode "cdn=$TMP_CDN_ID" --data-urlencode "cachegroup=$TMP_CACHEGROUP_ID" --data-urlencode "phys_location=$TMP_PHYS_LOCATION_ID" --data-urlencode "type=$TMP_SERVER_TYPE_ID" --data-urlencode "profile=$TMP_SERVER_PROFILE_ID" --data-urlencode "tcp_port=8088" $TRAFFIC_OPS_URI/server/create

	fi

	TMP_SERVER_ID="$(curl -s -k -X GET -H "Cookie: mojolicious=$TMP_TO_COOKIE" $TRAFFIC_OPS_URI/api/4.0/servers.json \| python -c 'import json,sys;obj=json.load(sys.stdin);match=[x["id"] for x in obj["response"] if x["hostName"]=="'"$HOSTNAME"'"]; print match[0]')"
	echo "Got server ID: $TMP_SERVER_ID"

	curl -v -k -H "Content-Type: application/x-www-form-urlencoded" -H "Cookie: mojolicious=$TMP_TO_COOKIE" -X POST --data-urlencode "id=$TMP_SERVER_ID" --data-urlencode "status=ONLINE" $TRAFFIC_OPS_URI/server/updatestatus

	openssl req -newkey rsa:2048 -nodes -keyout /etc/riak/certs/server.key -x509 -days 365 -out /etc/riak/certs/server.crt -subj "/C=$CERT_COUNTRY/ST=$CERT_STATE/L=$CERT_CITY/O=$CERT_COMPANY"
	cp /etc/riak/certs/server.crt /etc/riak/certs/ca-bundle.crt

	/etc/init.d/riak restart
	riak-admin security enable
	riak-admin security add-group admins
	riak-admin security add-group keysusers
	riak-admin security add-user admin password=$ADMIN_PASS groups=admins
	riak-admin security add-user riakuser password=$USER_PASS groups=keysusers
	riak-admin security add-source riakuser 0.0.0.0/0 password
	riak-admin security add-source admin 0.0.0.0/0 password
	riak-admin security grant riak_kv.list_buckets,riak_kv.list_keys,riak_kv.get,riak_kv.put,riak_kv.delete on any to admins
	riak-admin security grant riak_kv.get,riak_kv.put,riak_kv.delete on default ssl to keysusers
	riak-admin security grant riak_kv.get,riak_kv.put,riak_kv.delete on default dnssec to keysusers
	riak-admin security grant riak_kv.get,riak_kv.put,riak_kv.delete on default url_sig_keys to keysusers

	echo "INITIALIZED=1" >> /etc/environment
	}

	source /etc/environment
	if [ -z "$INITIALIZED" ]; then init; fi
	start