#!/usr/bin/env bash set -e # Environment variable defaults CONFIG_MAX_HEAP=${CONFIG_MAX_HEAP:-512} MESSAGING_MAX_HEAP=${MESSAGING_MAX_HEAP:-2048} API_MAX_HEAP=${API_MAX_HEAP:-1024} PLUGIN_MANAGER_MAX_HEAP=${PLUGIN_MANAGER_MAX_HEAP:-512} POSTGRES_DB=${POSTGRES_DB:-cot} POSTGRES_USER=${POSTGRES_USER:-martiuser} POSTGRES_URL=${POSTGRES_URL:-jdbc:postgresql://takdb:5432/cot} TR=/opt/tak CR=${TR}/certs CONFIG=${TR}/data/CoreConfig.xml TAKIGNITECONFIG=${TR}/data/TAKIgniteConfig.xml CONFIG_PID=null MESSAGING_PID=null API_PID=null PM_PID=null check_env_var() { if [[ "${!1}" == "" ]]; then echo "ERROR: Environment variable '${1}' must be set for ${2}!" exit 1 fi } cleanup() { echo "Shutting down TAK Server..." if [ $CONFIG_PID != null ]; then kill $CONFIG_PID 2>/dev/null || true fi if [ $MESSAGING_PID != null ]; then kill $MESSAGING_PID 2>/dev/null || true fi if [ $API_PID != null ]; then kill $API_PID 2>/dev/null || true fi if [ $PM_PID != null ]; then kill $PM_PID 2>/dev/null || true fi } trap cleanup SIGINT SIGTERM # Extract TAK Server if not already done if [[ ! -d "${TR}" ]] || [[ ! -f "${TR}/takserver.war" ]]; then echo "Extracting TAK Server..." # Find the release zip file RELEASE_FILE=$(find /takserver-release -name "takserver-docker-*.zip" | head -1) if [[ -z "$RELEASE_FILE" ]]; then echo "ERROR: No TAK Server release file found in /takserver-release" exit 1 fi echo "Found release file: $RELEASE_FILE" # Extract the release file unzip -q "$RELEASE_FILE" -d /tmp/takserver_extract # Find the extracted directory EXTRACTED_DIR=$(find /tmp/takserver_extract -name "takserver-docker-*" -type d | head -1) if [[ -z "$EXTRACTED_DIR" ]]; then echo "ERROR: Could not find extracted TAK Server directory" exit 1 fi echo "Copying TAK Server files..." # Create base directory mkdir -p "${TR}" # Copy all files from the extracted directory to tak directory cp -r "${EXTRACTED_DIR}/tak"/* "${TR}/" # Make scripts executable find "${TR}" -name "*.sh" -exec chmod +x {} \; # Copy our custom files cp /opt/scripts/coreConfigEnvHelper.py "${TR}/coreConfigEnvHelper.py" # Clean up rm -rf /tmp/takserver_extract echo "TAK Server extraction complete!" fi # Validate required environment variables check_env_var POSTGRES_PASSWORD "database connection" check_env_var CA_NAME "Certificate Authority Name" check_env_var CA_PASS "Certificate Authority Password" check_env_var STATE "Certificate Authority generation" check_env_var CITY "Certificate Authority generation" check_env_var ORGANIZATION "Certificate Authority generation" check_env_var ORGANIZATIONAL_UNIT "Certificate Authority generation" check_env_var ADMIN_CERT_NAME "TAK Server management certificate" check_env_var ADMIN_CERT_PASS "TAK Server management certificate password" check_env_var TAKSERVER_CERT_PASS "TAK Server instance certificate password" # Initialize data directories mkdir -p "${TR}/data/logs" "${TR}/data/certs" # Seed initial certificate data if necessary if [[ ! -d "${TR}/data/certs" ]] || [[ -z "$(ls -A "${TR}/data/certs")" ]]; then echo "Copying initial certificate configuration..." cp -R ${TR}/certs/* ${TR}/data/certs/ else echo "Using existing certificates." fi # Move original certificate data and symlink to certificate data in data dir if [[ -d "${TR}/certs" ]] && [[ ! -L "${TR}/certs" ]]; then mv ${TR}/certs ${TR}/certs.orig ln -s "${TR}/data/certs" "${TR}/certs" fi # Seed initial CoreConfig.xml if necessary if [[ ! -f "${CONFIG}" ]]; then echo "Copying initial CoreConfig.xml..." if [[ -f "${TR}/CoreConfig.xml" ]]; then cp ${TR}/CoreConfig.xml ${CONFIG} mv ${TR}/CoreConfig.xml ${TR}/CoreConfig.xml.orig else cp ${TR}/CoreConfig.example.xml ${CONFIG} fi else echo "Using existing CoreConfig.xml." fi # Seed initial TAKIgniteConfig.xml if necessary if [[ ! -f "${TAKIGNITECONFIG}" ]]; then echo "Copying initial TAKIgniteConfig.xml..." if [[ -f "${TR}/TAKIgniteConfig.xml" ]]; then cp ${TR}/TAKIgniteConfig.xml ${TAKIGNITECONFIG} mv ${TR}/TAKIgniteConfig.xml ${TR}/TAKIgniteConfig.xml.orig else cp ${TR}/TAKIgniteConfig.example.xml ${TAKIGNITECONFIG} fi else echo "Using existing TAKIgniteConfig.xml." fi # Symlink the log directory if [[ ! -L "${TR}/logs" ]]; then ln -sf "${TR}/data/logs" "${TR}/logs" fi cd ${CR} # Generate certificates if needed if [[ ! -f "${CR}/files/root-ca.pem" ]]; then echo "Generating root CA certificate..." CAPASS=${CA_PASS} bash /opt/tak/certs/makeRootCa.sh --ca-name "${CA_NAME}" else echo "Using existing root CA." fi if [[ ! -f "${CR}/files/intermediate-signing.jks" ]]; then echo "Making new signing certificate..." export CAPASS=${CA_PASS} yes | /opt/tak/certs/makeCert.sh ca intermediate else echo "Using existing intermediate CA certificate." fi if [[ ! -f "${CR}/files/takserver.pem" ]]; then echo "Generating TAK Server certificate..." CAPASS=${CA_PASS} PASS="${TAKSERVER_CERT_PASS}" bash /opt/tak/certs/makeCert.sh server takserver else echo "Using existing takserver certificate." fi if [[ ! -f "${CR}/files/${ADMIN_CERT_NAME}.pem" ]]; then echo "Generating admin certificate..." CAPASS=${CA_PASS} PASS="${ADMIN_CERT_PASS}" bash /opt/tak/certs/makeCert.sh client "${ADMIN_CERT_NAME}" else echo "Using existing ${ADMIN_CERT_NAME} certificate." fi # Set permissions chmod -R 755 ${TR}/data/ # Configure CoreConfig.xml with environment variables echo "Configuring CoreConfig.xml..." python3 ${TR}/coreConfigEnvHelper.py "${CONFIG}" "${CONFIG}" # Wait for database to be ready echo "Waiting for database to be ready..." until nc -z $(echo $POSTGRES_URL | sed 's/.*:\/\/\([^:]*\):.*/\1/') $(echo $POSTGRES_URL | sed 's/.*:\([0-9]*\)\/.*/\1/'); do echo "Waiting for database connection..." sleep 5 done # Initialize database schema echo "Initializing database schema..." java -jar ${TR}/db-utils/SchemaManager.jar -url ${POSTGRES_URL} -user ${POSTGRES_USER} -password ${POSTGRES_PASSWORD} upgrade cd ${TR} # Source environment . ./setenv.sh echo "Starting TAK Server services..." # Start services in background echo "Starting Config service..." java -jar -Xmx${CONFIG_MAX_HEAP}m -Dspring.profiles.active=config takserver.war & CONFIG_PID=$! echo "Starting Messaging service..." java -jar -Xmx${MESSAGING_MAX_HEAP}m -Dspring.profiles.active=messaging takserver.war & MESSAGING_PID=$! echo "Starting API service..." java -jar -Xmx${API_MAX_HEAP}m -Dspring.profiles.active=api -Dkeystore.pkcs12.legacy takserver.war & API_PID=$! echo "Starting Plugin Manager service..." java -jar -Xmx${PLUGIN_MANAGER_MAX_HEAP}m -Dloader.path=WEB-INF/lib-provided,WEB-INF/lib,WEB-INF/classes,file:lib/ takserver-pm.jar & PM_PID=$! # Wait for services to start echo "Waiting for services to start..." sleep 60 # Add admin user echo "Adding admin user..." TAKCL_CORECONFIG_PATH="${CONFIG}" TAKCL_TAKIGNITECONFIG_PATH="${TAKIGNITECONFIG}" java -jar /opt/tak/utils/UserManager.jar certmod -A "/opt/tak/certs/files/${ADMIN_CERT_NAME}.pem" echo "TAK Server is ready!" echo "Admin user '${ADMIN_CERT_NAME}' has been added." # Wait for plugin manager to complete (this keeps the container running) wait $PM_PID