-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathdev.sh
More file actions
executable file
·108 lines (100 loc) · 3.79 KB
/
dev.sh
File metadata and controls
executable file
·108 lines (100 loc) · 3.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#!/bin/bash
# This script manages a Podman pod for the NethSecurity project.
# It can start or stop a pod with multiple containers (VPN, API, UI, Proxy, and TimescaleDB).
# Optionally, it mounts a local directory as the UI's document root if provided: this option is useful for development purposes.
POD="nethsecurity-pod"
branch_name=$(git -C "$(dirname "$0")" rev-parse --abbrev-ref HEAD 2>/dev/null || echo "latest")
image_tag=${IMAGE_TAG:-$branch_name}
start_pod() {
# Check if network device tunsec exists, if not fail
if ! ip link show dev tunsec > /dev/null 2>&1; then
echo "Network device tunsec does not exist, create it using root privileges:"
echo
echo " ip tuntap add dev tunsec mod tun"
echo " ip addr add 172.21.0.1/16 dev tunsec"
echo " ip link set dev tunsec up"
exit 1
fi
# Stop the pod if it is already running
if podman pod exists $POD; then
echo "Pod $POD already exists"
exit 0
fi
echo "Starting pod $POD with image tag $image_tag"
podman pod create --replace --name $POD
# Helper function to determine image pull policy
get_image() {
local image_name="$1"
# Check if image exists locally
if podman image exists "$image_name"; then
echo "$image_name"
else
# If not local, podman run will try to pull it
echo "$image_name"
fi
}
# The --pull option, sets pull policy to never if image exists locally to avoid registry lookup errors (required for GitHub CI)
podman run --rm --detach --pull="missing" --network=host --privileged --cap-add=NET_ADMIN --device /dev/net/tun -v ovpn-data:/etc/openvpn/:z --pod $POD --name $POD-vpn $(get_image ghcr.io/nethserver/nethsecurity-vpn:$image_tag)
podman run --rm --detach --pull="missing" --network=host --name $POD-db --pod $POD -e POSTGRES_PASSWORD=password -e POSTGRES_USER=report docker.io/timescale/timescaledb:latest-pg16
# Wait for Postgres to be ready
echo -n "Waiting for Postgres to start..."
for i in {1..30}; do
if podman exec $POD-db pg_isready -U report > /dev/null 2>&1; then
break
fi
sleep 1
done
# wait for db, pg_isready is not enough
sleep 5
echo "OK"
cat > api.env <<EOF
LISTEN_ADDRESS=0.0.0.0:5000
ADMIN_USERNAME=admin
ADMIN_PASSWORD=admin
SECRET_JWT=secret
PROMTAIL_ADDRESS=127.0.0.1
PROMTAIL_PORT=6565
PROMETHEUS_PATH=/prometheus
WEBSSH_PATH=$(uuidgen)
GRAFANA_PATH=/grafana
REGISTRATION_TOKEN=1234
DATA_DIR=data
OVPN_DIR=/etc/openvpn
REPORT_DB_URI=postgres://report:password@127.0.0.1:5432/report
GRAFANA_POSTGRES_PASSWORD=password
ISSUER_2FA=test
ENCRYPTION_KEY=12345678901234567890123456789012
GIN_MODE=debug
FQDN=localhost
VALID_SUBSCRIPTION=true
SECRETS_DIR=secrets
PLATFORM_INFO={"vpn_port": "20011", "vpn_network": "172.28.222.0/24", "controller_version": "${IMAGE_TAG}", "metrics_retention_days": 15, "logs_retention_days": 180}
EOF
podman run --rm --detach --pull=$PULL_POLICY --network=host --volumes-from=$POD-vpn --pod $POD --name $POD-api --env-file=api.env $(get_image ghcr.io/nethserver/nethsecurity-api:$image_tag)
podman run --rm --detach --pull=$PULL_POLICY --network=host --pod $POD --name $POD-ui $(get_image ghcr.io/nethserver/nethsecurity-ui:$image_tag)
sleep 2
podman run --rm --detach --pull=$PULL_POLICY --network=host --volumes-from=$POD-vpn --pod $POD --name $POD-proxy $(get_image ghcr.io/nethserver/nethsecurity-proxy:$image_tag)
}
stop_pod() {
if ! podman pod exists $POD; then
return
fi
podman pod stop $POD
podman pod rm $POD
}
case "$1" in
start)
start_pod
;;
stop)
stop_pod
;;
restart)
stop_pod
start_pod
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
;;
esac