bash/tools/deploy_nexus.sh

#! /usr/bin/env bash

#   COPYRIGHT NOTICE STARTS HERE
#
#   Copyright 2018 © Samsung Electronics Co., Ltd.
#
#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.
#
#   COPYRIGHT NOTICE ENDS HERE


# fail fast
set -e

# OS check
. /etc/os-release
OS_ID="${ID}"

case "$OS_ID" in
    centos)
        ;;
    rhel)
        ;;
    ubuntu)
        ;;
    *)
        echo This OS is not supported: $OS_ID
        exit 1
        ;;
esac

# boilerplate
RELATIVE_PATH=./ # relative path from this script to 'common-functions.sh'
if [ "$IS_COMMON_FUNCTIONS_SOURCED" != YES ] ; then
    SCRIPT_DIR=$(dirname "${0}")
    LOCAL_PATH=$(readlink -f "$SCRIPT_DIR")
    . "${LOCAL_PATH}"/"${RELATIVE_PATH}"/common-functions.sh
fi

#
# local functions
#

start_nexus() {
    echo "** Starting nexus **"
    if [[ -z "$NEXUS_DATA" ]]; then
        echo "Nexus data env is not set"
        exit -3
    fi

    # valid for case of fresh nexus deployment
    # data are inserted in later phases
    mkdir -p $NEXUS_DATA
    # hardening
    chmod a+wrX $NEXUS_DATA
    chown -R 200:200 $NEXUS_DATA

    docker rm -f nexus 1> /dev/null 2>&1 || true

    docker run -d --name nexus\
        --restart unless-stopped \
        -v $NEXUS_DATA:/nexus-data:rw \
        sonatype/nexus3

    echo "** Creating docker network **"
    docker network create nexus_network
    docker network connect nexus_network nexus
}

start_nginx() {
    echo "** Starting reverse proxy - nginx **"

    docker rm -f nginx 1> /dev/null 2>&1 || true
    mkdir -p $NGINX_HTTP_DIR/repo.install-server

    mkdir -p "$NGINX_HTTP_DIR/repo.install-server"

    docker run -d -p 80:80 -p 443:443 -p 10001:443 \
        --name nginx \
        --network nexus_network \
        -v $GEN_CFG_PATH/nginx.conf:/etc/nginx/nginx.conf:ro \
        -v $CERTS_TARGET_PATH:/etc/nginx/certs:ro \
        -v $GIT_REPOS:/srv/git:rw \
        -v $NGINX_LOG_DIR:/var/log/nginx:rw \
        -v $NGINX_HTTP_DIR:/srv/http:ro \
        -v $RHEL_REPO:/srv/http/repo.install-server:ro \
        --restart unless-stopped \
        own_nginx
}

patch_cert() {
    file=$1
    cp "$APROJECT_DIR/cfg/$file" "$GEN_CFG_PATH/$file"
#    sed "s#countryName =.*#countryName = $CERT_COUNTRY#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file
#    sed "s#localityName =.*#localityName = $CERT_LOCALITY#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file
#    sed "s#organizationName =.*#organizationName = $CERT_ORGANIZATION#" "$APROJECT_DIR/cfg/$file" > $GEN_CFG_PATH/$file
}

patch_conf_files() {
    # patch nexus and root cert
    patch_cert nexus_cert.cnf
    patch_cert cacert.cnf

    # patch nexus v3 ext cert
    sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/v3.ext" > $GEN_CFG_PATH/v3.ext

    #patch nginx.conf
    sed "s#nexus.student12#$NEXUS_FQDN#" "$APROJECT_DIR/cfg/nginx.conf" > $GEN_CFG_PATH/nginx.conf
}

#
# body
#

message info "Nexus will be installed into this directory: $(pwd)"

if ! [ -f ./local_repo.conf ]; then
    printf "[?] > Do you want continue? (if no, hit CTRL+C): "
    read x
fi

message info "Reading configuration"
get_configuration

mkdir -p "$CERTS_TARGET_PATH"
mkdir -p "$NGINX_LOG_DIR"
mkdir -p "$GEN_CFG_PATH"
if [ "$IS_SELF_EXTRACT" = YES ] ; then
    message info "Now I will untar the resources"
    message info "This may take a long time..."
    sleep 3s
    may_self_extract
fi

#
echo "Cleanup docker (if installed)"
docker rm -f nginx 1> /dev/null 2>&1 || true
docker rm -f nexus 1> /dev/null 2>&1 || true

install_files
install_packages "$OS_ID"
setup_vnc_server

update_hosts

# TODO
#check_dependencies

echo "Restarting dnsmasq"
# TODO dnsmasq config?
systemctl enable dnsmasq
systemctl restart dnsmasq

echo "** Generating config files to $GEN_CFG_PATH **"
echo "Configure ssl certificates"

patch_conf_files
create_root_CA

# create selfinstall CA cert
$BASH_SCRIPTS_DIR/tools/create_si_cacert_pkg.sh
# run generated file
./install_cacert.sh

create_cert "nexus"

echo "** Certificates finished **"

update_docker_cfg

echo "Restarting docker"
systemctl enable docker
systemctl restart docker

update_firewall

set +e

echo "** Loading images **"
docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/sonatype_nexus3_latest.tar
docker load -i $RESOURCES_DIR/offline_data/docker_images_infra/own_nginx_latest.tar

start_nexus
start_nginx