blob: 2ea2f178443b6121f86e24592306529d24a21bdd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
#!/bin/sh
# Exit on failure
set -e
# shellcheck disable=SC1091
. /vagrant/vagrant/vagrant.config
echo '==============================================='
echo "Configuring LEAP in ${PROVIDERDIR}"
echo '==============================================='
# purge $PROVIDERDIR so this script can be run multiple times
[ -e "$PROVIDERDIR" ] && rm -rf "$PROVIDERDIR"
mkdir -p "$PROVIDERDIR"
chown "${USER}:${USER}" "${PROVIDERDIR}"
cd "$PROVIDERDIR" || exit
$LEAP new --contacts "${contacts:?}" --domain "${provider_domain:?}" --name "${provider_name:?}" --platform="$PLATFORMDIR" .
printf '\n@log = "./deploy.log"' >> Leapfile
if [ ! -e "/home/${USER}/.ssh/id_rsa" ]; then
$SUDO ssh-keygen -f "/home/${USER}/.ssh/id_rsa" -P ''
[ -d /root/.ssh ] || mkdir /root/.ssh
cat "/home/${USER}/.ssh/id_rsa.pub" >> /root/.ssh/authorized_keys
fi
$SUDO mkdir -p "${PROVIDERDIR}/files/nodes/${NODE}"
sh -c "cat /etc/ssh/ssh_host_rsa_key.pub | cut -d' ' -f1,2 >> $PROVIDERDIR/files/nodes/$NODE/${NODE}_ssh.pub"
chown "${USER}:${USER}" "${PROVIDERDIR}/files/nodes/${NODE}/${NODE}_ssh.pub"
$LEAP add-user --self
$LEAP cert ca
$LEAP cert csr
$LEAP node add "$NODE" ip_address:"$(facter ipaddress)" couch.mode:plain services:"${services:?}" tags:production
echo '{ "webapp": { "admins": ["testadmin"] } }' > services/webapp.json
$LEAP compile
$LEAP node init "$NODE"
if [ $? -eq 1 ]; then
echo 'node init failed'
exit 1
fi
# couchrest gem does currently not install on jessie
# https://leap.se/code/issues/7754
# workaround is to install rake as gem
gem install rake
$LEAP -v 2 deploy
# Vagrant: leap_mx fails to start on jessie
# https://leap.se/code/issues/7755
# Workaround: we stop and start leap-mx after deploy and
# before testing
service leap-mx stop
service leap-mx start
echo '==============================================='
echo 'testing the platform'
echo '==============================================='
$LEAP -v 2 test --continue
echo '==============================================='
echo 'setting node to demo-mode'
echo '==============================================='
postconf -e default_transport='error: in demo mode'
# add users: testadmin and testuser with passwords "hallo123"
curl -s -k https://localhost/1/users.json -d "user%5Blogin%5D=testuser&user%5Bpassword_salt%5D=7d4880237a038e0e&user%5Bpassword_verifier%5D=b98dc393afcd16e5a40fb57ce9cddfa6a978b84be326196627c111d426cada898cdaf3a6427e98b27daf4b0ed61d278bc856515aeceb2312e50c8f816659fcaa4460d839a1e2d7ffb867d32ac869962061368141c7571a53443d58dc84ca1fca34776894414c1090a93e296db6cef12c2cc3f7a991b05d49728ed358fd868286"
curl -s -k https://localhost/1/users.json -d "user%5Blogin%5D=testadmin&user%5Bpassword_salt%5D=ece1c457014d8282&user%5Bpassword_verifier%5D=9654d93ab409edf4ff1543d07e08f321107c3fd00de05c646c637866a94f28b3eb263ea9129dacebb7291b3374cc6f0bf88eb3d231eb3a76eed330a0e8fd2a5c477ed2693694efc1cc23ae83c2ae351a21139701983dd595b6c3225a1bebd2a4e6122f83df87606f1a41152d9890e5a11ac3749b3bfcf4407fc83ef60b4ced68"
printf '\n===========================================================================================================\n\n'
printf 'You are now ready to use your local LEAP provider.\n'
echo 'If you want to use the *Bitmask client* with your provider, please update your /etc/hosts with following dns overrides:'
$LEAP list --print ip_address,domain.full,dns.aliases | sed 's/^.* //' | sed 's/, null//g' | tr -d '\]\[",'
echo 'Please see https://leap.se/en/docs/platform/tutorials/vagrant#use-the-bitmask-client-to-do-an-initial-soledad-sync for more details how to use and test your LEAP provider.'
printf "\nIf you don't want to use the Bitmask client, please ignore the above instructions.\n"
printf 'The LEAP webapp is now available at https://localhost:4443\n'
printf 'Please add an exception in your browser dialog to allow the self-signed certificate.\n'
|