gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2024-09-20 15:26:04 +08:00
Code Issues Packages Projects Releases Wiki Activity
netmaker/scripts/nm-upgrade.sh
afeiszli f2b63ae2d0 added script
2023-01-04 16:15:12 -05:00

380 lines
13 KiB
Bash
Raw Blame History

#!/bin/bash
cat << "EOF"
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
__ __ ______ ______ __ __ ______ __ __ ______ ______
/\ "-.\ \ /\ ___\ /\__ _\ /\ "-./ \ /\ __ \ /\ \/ / /\ ___\ /\ == \
\ \ \-. \ \ \ __\ \/_/\ \/ \ \ \-./\ \ \ \ __ \ \ \ _"-. \ \ __\ \ \ __<
\ \_\\"\_\ \ \_____\ \ \_\ \ \_\ \ \_\ \ \_\ \_\ \ \_\ \_\ \ \_____\ \ \_\ \_\
\/_/ \/_/ \/_____/ \/_/ \/_/ \/_/ \/_/\/_/ \/_/\/_/ \/_____/ \/_/ /_/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EOF
if [ $(id -u) -ne 0 ]; then
echo "This script must be run as root"
exit 1
fi
wait_seconds() {(
for ((a=1; a <= $1; a++))
do
echo ". . ."
sleep 1
done
)}
confirm() {(
while true; do
read -p 'Does everything look right? [y/n]: ' yn
case $yn in
[Yy]* ) override="true"; break;;
[Nn]* ) echo "exiting..."; exit 1;;
* ) echo "Please answer yes or no.";;
esac
done
)}
echo "checking dependencies..."
OS=$(uname)
if [ -f /etc/debian_version ]; then
dependencies="yq jq"
update_cmd='apt update'
install_cmd='apt-get install -y'
elif [ -f /etc/centos-release ]; then
dependencies="wireguard jq docker.io docker-compose netclient"
update_cmd='yum update'
install_cmd='yum install -y'
elif [ -f /etc/fedora-release ]; then
dependencies="wireguard jq docker.io docker-compose netclient"
update_cmd='dnf update'
install_cmd='dnf install -y'
elif [ -f /etc/redhat-release ]; then
dependencies="wireguard jq docker.io docker-compose netclient"
update_cmd='yum update'
install_cmd='yum install -y'
elif [ -f /etc/arch-release ]; then
dependecies="wireguard-tools jq docker.io docker-compose netclient"
update_cmd='pacman -Sy'
install_cmd='pacman -S --noconfirm'
else
echo "OS not supported for automatic install"
exit 1
fi
set -- $dependencies
${update_cmd}
while [ -n "$1" ]; do
is_installed=$(dpkg-query -W --showformat='${Status}\n' $1 | grep "install ok installed")
if [ "${is_installed}" != "" ]; then
echo " " $1 is installed
else
echo " " $1 is not installed. Attempting install.
${install_cmd} $1
sleep 5
if [ "${OS}" = "OpenWRT" ] || [ "${OS}" = "TurrisOS" ]; then
is_installed=$(opkg list-installed $1 | grep $1)
else
is_installed=$(dpkg-query -W --showformat='${Status}\n' $1 | grep "install ok installed")
fi
if [ "${is_installed}" != "" ]; then
echo " " $1 is installed
elif [ -x "$(command -v $1)" ]; then
echo " " $1 is installed
else
echo " " FAILED TO INSTALL $1
echo " " This may break functionality.
fi
fi
shift
done
echo "-----------------------------------------------------"
echo "dependency check complete"
echo "-----------------------------------------------------"
wait_seconds 3
set -e
unset MASTER_KEY
MASTER_KEY=$(yq -r .services.netmaker.environment.MASTER_KEY docker-compose.yml)
echo "-----------------------------------------------------"
echo "Is $MASTER_KEY the correct master key for your Netmaker installation?"
echo "-----------------------------------------------------"
select mkey_option in "yes" "no (enter manually)"; do
case $REPLY in
1)
echo "using $MASTER_KEY for master key"
break
;;
2)
read -p "Enter Master Key: " mkey
MASTER_KEY=$mkey
echo "using $MASTER_KEY"
break
;;
*) echo "invalid option $REPLY";;
esac
done
unset SERVER_HTTP_HOST
SERVER_HTTP_HOST=$(yq -r .services.netmaker.environment.SERVER_HTTP_HOST docker-compose.yml)
echo "-----------------------------------------------------"
echo "Is $SERVER_HTTP_HOST the correct endpoint for your Netmaker installation?"
echo "-----------------------------------------------------"
select endpoint_option in "yes" "no (enter manually)"; do
case $REPLY in
1)
echo "using $SERVER_HTTP_HOST for endpoint"
break
;;
2)
read -p "Enter Endpoint: " endpoint
SERVER_HTTP_HOST=$endpoint
echo "using $SERVER_HTTP_HOST"
break
;;
*) echo "invalid option $REPLY";;
esac
done
CURRENT_VERSION=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://$SERVER_HTTP_HOST/api/server/getserverinfo | jq ' .Version')
if [[ $CURRENT_VERSION == '"v0.17.1"' ]]; then
echo "version is $CURRENT_VERSION"
else
echo "error, current version is $CURRENT_VERSION"
echo "please upgrade to v0.17.1 in order to use the upgrade script"
exit 1
fi
curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://$SERVER_HTTP_HOST/api/nodes | jq -c '[ .[] | select(.isserver=="yes") ]' > nodejson
NODE_LEN=$(jq length nodejson.tmp)
HAS_INGRESS="no"
echo $NODE_LEN
if [ "$NODE_LEN" -gt 0 ]; then
echo "===SERVER NODES==="
for i in $(seq 1 $NODE_LEN); do
NUM=$(($i-1))
echo " SERVER NODE $NUM:"
echo " network: $(jq ".[$NUM].network" ./nodejson.tmp)"
echo " name: $(jq ".[$NUM].name" ./nodejson.tmp)"
echo " private ipv4: $(jq ".[$NUM].address" ./nodejson.tmp)"
echo " private ipv6: $(jq ".[$NUM].address6" ./nodejson.tmp)"
echo " is egress: $(jq ".[$NUM].isegressgateway" ./nodejson.tmp)"
if [[ $(jq ".[$NUM].isegressgateway" ./nodejson.tmp) == "yes" ]]; then
echo " egress range: $(jq ".[$NUM].egressgatewayranges" ./nodejson.tmp)"
fi
echo " is ingress: $(jq ".[$NUM].isingressgateway" ./nodejson.tmp)"
if [[ $(jq ".[$NUM].isingressgateway" ./nodejson.tmp) == "yes" ]]; then
HAS_INGRESS="yes"
fi
echo " is relay: $(jq ".[$NUM].isrelay" ./nodejson.tmp)"
echo " is failover: $(jq ".[$NUM].failover" ./nodejson.tmp)"
echo " ------------"
done
echo "=================="
else
echo "no nodes to parse"
fi
echo "Please confirm that the above output matches the server nodes in your Netmaker server."
confirm
if [[ $HAS_INGRESS == "yes" ]]; then
echo "WARNING: Your server contains an Ingress Gateway. After upgrading, existing Ext Clients will be lost and must be recreated. Please confirm that you would like to continue."
confirm
fi
echo "Setting docker-compose and Caddyfile..."
sed -i "s/v0.17.1/v0.18.0/g" /root/docker-compose.yml
echo "Starting containers..."
docker-compose -f /root/docker-compose.yml up -d
sleep 2
test_connection() {
echo "Testing Caddy setup (please be patient, this may take 1-2 minutes)"
for i in 1 2 3 4 5 6 7 8
do
curlresponse=$(curl -vIs https://api.${NETMAKER_BASE_DOMAIN} 2>&1)
if [[ "$i" == 8 ]]; then
echo " Caddy is having an issue setting up certificates, please investigate (docker logs caddy)"
echo " Exiting..."
exit 1
elif [[ "$curlresponse" == *"failed to verify the legitimacy of the server"* ]]; then
echo " Certificates not yet configured, retrying..."
elif [[ "$curlresponse" == *"left intact"* ]]; then
echo " Certificates ok"
break
else
secs=$(($i*5+10))
echo " Issue establishing connection...retrying in $secs seconds..."
fi
sleep $secs
done
}
setup_netclient() {( set -e
if [ -f /etc/debian_version ]; then
curl -sL 'https://apt.netmaker.org/gpg.key' | sudo tee /etc/apt/trusted.gpg.d/netclient.asc
curl -sL 'https://apt.netmaker.org/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/netclient.list
sudo apt update
sudo apt install netclient
elif [ -f /etc/centos-release ]; then
curl -sL 'https://rpm.netmaker.org/gpg.key' | sudo tee /tmp/gpg.key
curl -sL 'https://rpm.netmaker.org/netclient-repo' | sudo tee /etc/yum.repos.d/netclient.repo
sudo rpm --import /tmp/gpg.key
sudo dnf check-update
sudo dnf install netclient
elif [ -f /etc/fedora-release ]; then
curl -sL 'https://rpm.netmaker.org/gpg.key' | sudo tee /tmp/gpg.key
curl -sL 'https://rpm.netmaker.org/netclient-repo' | sudo tee /etc/yum.repos.d/netclient.repo
sudo rpm --import /tmp/gpg.key
sudo dnf check-update
sudo dnf install netclient
elif [ -f /etc/redhat-release ]; then
curl -sL 'https://rpm.netmaker.org/gpg.key' | sudo tee /tmp/gpg.key
curl -sL 'https://rpm.netmaker.org/netclient-repo' | sudo tee /etc/yum.repos.d/netclient.repo
sudo rpm --import /tmp/gpg.key
sudo dnf check-update(
sudo dnf install netclient
elif [ -f /etc/arch-release ]; then
yay -S netclient
else
echo "OS not supported for automatic install"
exit 1
fi
register_
if [ -z "${install_cmd}" ]; then
echo "OS unsupported for automatic dependency install"
exit 1
fi
)}
setup_nmctl() {(
wget https://github.com/gravitl/netmaker/releases/download/v0.17.1/nmctl
chmod +x nmctl
./nmctl context set default --endpoint="https://$SERVER_HTTP_HOST" --master_key="$MASTER_KEY"
./nmctl context use default
RESP=$(./nmctl network list)
if [[ $RESP == *"unauthorized"* ]]; then
echo "Unable to properly configure NMCTL, exiting..."
exit 1
fi
)}
join_networks() {(
NODE_LEN=$(jq length nodejson.tmp)
HAS_INGRESS="no"
echo $NODE_LEN
if [ "$NODE_LEN" -gt 0 ]; then
for i in $(seq 1 $NODE_LEN); do
NUM=$(($i-1))
echo " joining network $(jq ".[$NUM].network" ./nodejson.tmp):"
KEY_JSON=./nmctl keys create $(jq ".[$NUM].network" ./nodejson.tmp) 1
KEY=$(echo $KEY_JSON | jq -r .accessstring)
NAME=$(jq ".[$NUM].name" ./nodejson.tmp)
netclient join -t $KEY --name=""
echo " network: $(jq ".[$NUM].network" ./nodejson.tmp)"
echo " name: $(jq ".[$NUM].name" ./nodejson.tmp)"
echo " private ipv4: $(jq ".[$NUM].address" ./nodejson.tmp)"
echo " private ipv6: $(jq ".[$NUM].address6" ./nodejson.tmp)"
echo " is egress: $(jq ".[$NUM].isegressgateway" ./nodejson.tmp)"
if [[ $(jq ".[$NUM].isegressgateway" ./nodejson.tmp) == "yes" ]]; then
echo " egress range: $(jq ".[$NUM].egressgatewayranges" ./nodejson.tmp)"
fi
HOST_ID=$(yq e .host.id /etc/netclient/netclient.yml)
# set as a default host
# create an egress if necessary
# create an ingress if necessary
echo " is ingress: $(jq ".[$NUM].isingressgateway" ./nodejson.tmp)"
if [[ $(jq ".[$NUM].isingressgateway" ./nodejson.tmp) == "yes" ]]; then
HAS_INGRESS="yes"
fi
echo " is relay: $(jq ".[$NUM].isrelay" ./nodejson.tmp)"
echo " is failover: $(jq ".[$NUM].failover" ./nodejson.tmp)"
echo " ------------"
done
echo "=================="
else
echo "no networks to join"
fi
)}
setup_netmaker() {( set -e
for i in 1 2 3 4 5 6
do
echo " waiting for server node to become available"
wait_seconds 10
curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker)
SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse})
echo " Server ID: $SERVER_ID"
if [ $SERVER_ID == "null" ]; then
SERVER_ID=""
fi
if [[ "$i" -ge "6" && -z "$SERVER_ID" ]]; then
echo " Netmaker is having issues configuring itself, please investigate (docker logs netmaker)"
echo " Exiting..."
exit 1
elif [ -z "$SERVER_ID" ]; then
echo " server node not yet configured, retrying..."
elif [[ ! -z "$SERVER_ID" ]]; then
echo " server node is now availble, continuing"
break
fi
done
if [[ ! -z "$SERVER_ID" ]]; then
curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker/$SERVER_ID/createingress
fi
)}
set +e
# setup_netmaker
# wait_seconds 2
test_connection
wait_seconds 2
setup_netclient
wait_seconds 2
join_networks
echo "-----------------------------------------------------------------"
echo "-----------------------------------------------------------------"
echo "Netmaker setup is now complete. You are ready to begin using Netmaker."
echo "Visit dashboard.$NETMAKER_BASE_DOMAIN to log in"
echo "-----------------------------------------------------------------"
echo "-----------------------------------------------------------------"
# cp -f /etc/skel/.bashrc /root/.bashrc
Reference in a new issue View git blame Copy permalink