generated from oci/template
241 lines
7.3 KiB
Bash
241 lines
7.3 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
set -e
|
|
|
|
# Environment variable defaults
|
|
CONFIG_MAX_HEAP=${CONFIG_MAX_HEAP:-512}
|
|
MESSAGING_MAX_HEAP=${MESSAGING_MAX_HEAP:-2048}
|
|
API_MAX_HEAP=${API_MAX_HEAP:-1024}
|
|
PLUGIN_MANAGER_MAX_HEAP=${PLUGIN_MANAGER_MAX_HEAP:-512}
|
|
POSTGRES_DB=${POSTGRES_DB:-cot}
|
|
POSTGRES_USER=${POSTGRES_USER:-martiuser}
|
|
POSTGRES_URL=${POSTGRES_URL:-jdbc:postgresql://takdb:5432/cot}
|
|
|
|
TR=/opt/tak
|
|
CR=${TR}/certs
|
|
CONFIG=${TR}/data/CoreConfig.xml
|
|
TAKIGNITECONFIG=${TR}/data/TAKIgniteConfig.xml
|
|
CONFIG_PID=null
|
|
MESSAGING_PID=null
|
|
API_PID=null
|
|
PM_PID=null
|
|
|
|
check_env_var() {
|
|
if [[ "${!1}" == "" ]]; then
|
|
echo "ERROR: Environment variable '${1}' must be set for ${2}!"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
cleanup() {
|
|
echo "Shutting down TAK Server..."
|
|
if [ $CONFIG_PID != null ]; then
|
|
kill $CONFIG_PID 2>/dev/null || true
|
|
fi
|
|
if [ $MESSAGING_PID != null ]; then
|
|
kill $MESSAGING_PID 2>/dev/null || true
|
|
fi
|
|
if [ $API_PID != null ]; then
|
|
kill $API_PID 2>/dev/null || true
|
|
fi
|
|
if [ $PM_PID != null ]; then
|
|
kill $PM_PID 2>/dev/null || true
|
|
fi
|
|
}
|
|
|
|
trap cleanup SIGINT SIGTERM
|
|
|
|
# Extract TAK Server if not already done
|
|
if [[ ! -d "${TR}" ]] || [[ ! -f "${TR}/takserver.war" ]]; then
|
|
echo "Extracting TAK Server..."
|
|
|
|
# Find the release zip file
|
|
RELEASE_FILE=$(find /takserver-release -name "takserver-docker-*.zip" | head -1)
|
|
|
|
if [[ -z "$RELEASE_FILE" ]]; then
|
|
echo "ERROR: No TAK Server release file found in /takserver-release"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Found release file: $RELEASE_FILE"
|
|
|
|
# Extract the release file
|
|
unzip -q "$RELEASE_FILE" -d /tmp/takserver_extract
|
|
|
|
# Find the extracted directory
|
|
EXTRACTED_DIR=$(find /tmp/takserver_extract -name "takserver-docker-*" -type d | head -1)
|
|
|
|
if [[ -z "$EXTRACTED_DIR" ]]; then
|
|
echo "ERROR: Could not find extracted TAK Server directory"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Copying TAK Server files..."
|
|
|
|
# Create base directory
|
|
mkdir -p "${TR}"
|
|
|
|
# Copy all files from the extracted directory to tak directory
|
|
cp -r "${EXTRACTED_DIR}/tak"/* "${TR}/"
|
|
|
|
# Make scripts executable
|
|
find "${TR}" -name "*.sh" -exec chmod +x {} \;
|
|
|
|
# Copy our custom files
|
|
cp /opt/scripts/coreConfigEnvHelper.py "${TR}/coreConfigEnvHelper.py"
|
|
|
|
# Clean up
|
|
rm -rf /tmp/takserver_extract
|
|
|
|
echo "TAK Server extraction complete!"
|
|
fi
|
|
|
|
# Validate required environment variables
|
|
check_env_var POSTGRES_PASSWORD "database connection"
|
|
check_env_var CA_NAME "Certificate Authority Name"
|
|
check_env_var CA_PASS "Certificate Authority Password"
|
|
check_env_var STATE "Certificate Authority generation"
|
|
check_env_var CITY "Certificate Authority generation"
|
|
check_env_var ORGANIZATION "Certificate Authority generation"
|
|
check_env_var ORGANIZATIONAL_UNIT "Certificate Authority generation"
|
|
check_env_var ADMIN_CERT_NAME "TAK Server management certificate"
|
|
check_env_var ADMIN_CERT_PASS "TAK Server management certificate password"
|
|
check_env_var TAKSERVER_CERT_PASS "TAK Server instance certificate password"
|
|
|
|
# Initialize data directories
|
|
mkdir -p "${TR}/data/logs" "${TR}/data/certs"
|
|
|
|
# Seed initial certificate data if necessary
|
|
if [[ ! -d "${TR}/data/certs" ]] || [[ -z "$(ls -A "${TR}/data/certs")" ]]; then
|
|
echo "Copying initial certificate configuration..."
|
|
cp -R ${TR}/certs/* ${TR}/data/certs/
|
|
else
|
|
echo "Using existing certificates."
|
|
fi
|
|
|
|
# Move original certificate data and symlink to certificate data in data dir
|
|
if [[ -d "${TR}/certs" ]] && [[ ! -L "${TR}/certs" ]]; then
|
|
mv ${TR}/certs ${TR}/certs.orig
|
|
ln -s "${TR}/data/certs" "${TR}/certs"
|
|
fi
|
|
|
|
# Seed initial CoreConfig.xml if necessary
|
|
if [[ ! -f "${CONFIG}" ]]; then
|
|
echo "Copying initial CoreConfig.xml..."
|
|
if [[ -f "${TR}/CoreConfig.xml" ]]; then
|
|
cp ${TR}/CoreConfig.xml ${CONFIG}
|
|
mv ${TR}/CoreConfig.xml ${TR}/CoreConfig.xml.orig
|
|
else
|
|
cp ${TR}/CoreConfig.example.xml ${CONFIG}
|
|
fi
|
|
else
|
|
echo "Using existing CoreConfig.xml."
|
|
fi
|
|
|
|
# Seed initial TAKIgniteConfig.xml if necessary
|
|
if [[ ! -f "${TAKIGNITECONFIG}" ]]; then
|
|
echo "Copying initial TAKIgniteConfig.xml..."
|
|
if [[ -f "${TR}/TAKIgniteConfig.xml" ]]; then
|
|
cp ${TR}/TAKIgniteConfig.xml ${TAKIGNITECONFIG}
|
|
mv ${TR}/TAKIgniteConfig.xml ${TR}/TAKIgniteConfig.xml.orig
|
|
else
|
|
cp ${TR}/TAKIgniteConfig.example.xml ${TAKIGNITECONFIG}
|
|
fi
|
|
else
|
|
echo "Using existing TAKIgniteConfig.xml."
|
|
fi
|
|
|
|
# Symlink the log directory
|
|
if [[ ! -L "${TR}/logs" ]]; then
|
|
ln -sf "${TR}/data/logs" "${TR}/logs"
|
|
fi
|
|
|
|
cd ${CR}
|
|
|
|
# Generate certificates if needed
|
|
if [[ ! -f "${CR}/files/root-ca.pem" ]]; then
|
|
echo "Generating root CA certificate..."
|
|
CAPASS=${CA_PASS} bash /opt/tak/certs/makeRootCa.sh --ca-name "${CA_NAME}"
|
|
else
|
|
echo "Using existing root CA."
|
|
fi
|
|
|
|
if [[ ! -f "${CR}/files/intermediate-signing.jks" ]]; then
|
|
echo "Making new signing certificate..."
|
|
export CAPASS=${CA_PASS}
|
|
yes | /opt/tak/certs/makeCert.sh ca intermediate
|
|
else
|
|
echo "Using existing intermediate CA certificate."
|
|
fi
|
|
|
|
if [[ ! -f "${CR}/files/takserver.pem" ]]; then
|
|
echo "Generating TAK Server certificate..."
|
|
CAPASS=${CA_PASS} PASS="${TAKSERVER_CERT_PASS}" bash /opt/tak/certs/makeCert.sh server takserver
|
|
else
|
|
echo "Using existing takserver certificate."
|
|
fi
|
|
|
|
if [[ ! -f "${CR}/files/${ADMIN_CERT_NAME}.pem" ]]; then
|
|
echo "Generating admin certificate..."
|
|
CAPASS=${CA_PASS} PASS="${ADMIN_CERT_PASS}" bash /opt/tak/certs/makeCert.sh client "${ADMIN_CERT_NAME}"
|
|
else
|
|
echo "Using existing ${ADMIN_CERT_NAME} certificate."
|
|
fi
|
|
|
|
# Set permissions
|
|
chmod -R 755 ${TR}/data/
|
|
|
|
# Configure CoreConfig.xml with environment variables
|
|
echo "Configuring CoreConfig.xml..."
|
|
python3 ${TR}/coreConfigEnvHelper.py "${CONFIG}" "${CONFIG}"
|
|
|
|
# Wait for database to be ready
|
|
echo "Waiting for database to be ready..."
|
|
until nc -z $(echo $POSTGRES_URL | sed 's/.*:\/\/\([^:]*\):.*/\1/') $(echo $POSTGRES_URL | sed 's/.*:\([0-9]*\)\/.*/\1/'); do
|
|
echo "Waiting for database connection..."
|
|
sleep 5
|
|
done
|
|
|
|
# Initialize database schema
|
|
echo "Initializing database schema..."
|
|
java -jar ${TR}/db-utils/SchemaManager.jar -url ${POSTGRES_URL} -user ${POSTGRES_USER} -password ${POSTGRES_PASSWORD} upgrade
|
|
|
|
cd ${TR}
|
|
|
|
# Source environment
|
|
. ./setenv.sh
|
|
|
|
echo "Starting TAK Server services..."
|
|
|
|
# Start services in background
|
|
echo "Starting Config service..."
|
|
java -jar -Xmx${CONFIG_MAX_HEAP}m -Dspring.profiles.active=config takserver.war &
|
|
CONFIG_PID=$!
|
|
|
|
echo "Starting Messaging service..."
|
|
java -jar -Xmx${MESSAGING_MAX_HEAP}m -Dspring.profiles.active=messaging takserver.war &
|
|
MESSAGING_PID=$!
|
|
|
|
echo "Starting API service..."
|
|
java -jar -Xmx${API_MAX_HEAP}m -Dspring.profiles.active=api -Dkeystore.pkcs12.legacy takserver.war &
|
|
API_PID=$!
|
|
|
|
echo "Starting Plugin Manager service..."
|
|
java -jar -Xmx${PLUGIN_MANAGER_MAX_HEAP}m -Dloader.path=WEB-INF/lib-provided,WEB-INF/lib,WEB-INF/classes,file:lib/ takserver-pm.jar &
|
|
PM_PID=$!
|
|
|
|
# Wait for services to start
|
|
echo "Waiting for services to start..."
|
|
sleep 60
|
|
|
|
# Add admin user
|
|
echo "Adding admin user..."
|
|
TAKCL_CORECONFIG_PATH="${CONFIG}"
|
|
TAKCL_TAKIGNITECONFIG_PATH="${TAKIGNITECONFIG}"
|
|
java -jar /opt/tak/utils/UserManager.jar certmod -A "/opt/tak/certs/files/${ADMIN_CERT_NAME}.pem"
|
|
|
|
echo "TAK Server is ready!"
|
|
echo "Admin user '${ADMIN_CERT_NAME}' has been added."
|
|
|
|
# Wait for plugin manager to complete (this keeps the container running)
|
|
wait $PM_PID
|