takserver/scripts/docker_entrypoint.sh

241 lines
7.3 KiB
Bash

#!/usr/bin/env bash
set -e
# Environment variable defaults
CONFIG_MAX_HEAP=${CONFIG_MAX_HEAP:-512}
MESSAGING_MAX_HEAP=${MESSAGING_MAX_HEAP:-2048}
API_MAX_HEAP=${API_MAX_HEAP:-1024}
PLUGIN_MANAGER_MAX_HEAP=${PLUGIN_MANAGER_MAX_HEAP:-512}
POSTGRES_DB=${POSTGRES_DB:-cot}
POSTGRES_USER=${POSTGRES_USER:-martiuser}
POSTGRES_URL=${POSTGRES_URL:-jdbc:postgresql://takdb:5432/cot}
TR=/opt/tak
CR=${TR}/certs
CONFIG=${TR}/data/CoreConfig.xml
TAKIGNITECONFIG=${TR}/data/TAKIgniteConfig.xml
CONFIG_PID=null
MESSAGING_PID=null
API_PID=null
PM_PID=null
check_env_var() {
if [[ "${!1}" == "" ]]; then
echo "ERROR: Environment variable '${1}' must be set for ${2}!"
exit 1
fi
}
cleanup() {
echo "Shutting down TAK Server..."
if [ $CONFIG_PID != null ]; then
kill $CONFIG_PID 2>/dev/null || true
fi
if [ $MESSAGING_PID != null ]; then
kill $MESSAGING_PID 2>/dev/null || true
fi
if [ $API_PID != null ]; then
kill $API_PID 2>/dev/null || true
fi
if [ $PM_PID != null ]; then
kill $PM_PID 2>/dev/null || true
fi
}
trap cleanup SIGINT SIGTERM
# Extract TAK Server if not already done
if [[ ! -d "${TR}" ]] || [[ ! -f "${TR}/takserver.war" ]]; then
echo "Extracting TAK Server..."
# Find the release zip file
RELEASE_FILE=$(find /takserver-release -name "takserver-docker-*.zip" | head -1)
if [[ -z "$RELEASE_FILE" ]]; then
echo "ERROR: No TAK Server release file found in /takserver-release"
exit 1
fi
echo "Found release file: $RELEASE_FILE"
# Extract the release file
unzip -q "$RELEASE_FILE" -d /tmp/takserver_extract
# Find the extracted directory
EXTRACTED_DIR=$(find /tmp/takserver_extract -name "takserver-docker-*" -type d | head -1)
if [[ -z "$EXTRACTED_DIR" ]]; then
echo "ERROR: Could not find extracted TAK Server directory"
exit 1
fi
echo "Copying TAK Server files..."
# Create base directory
mkdir -p "${TR}"
# Copy all files from the extracted directory to tak directory
cp -r "${EXTRACTED_DIR}/tak"/* "${TR}/"
# Make scripts executable
find "${TR}" -name "*.sh" -exec chmod +x {} \;
# Copy our custom files
cp /opt/scripts/coreConfigEnvHelper.py "${TR}/coreConfigEnvHelper.py"
# Clean up
rm -rf /tmp/takserver_extract
echo "TAK Server extraction complete!"
fi
# Validate required environment variables
check_env_var POSTGRES_PASSWORD "database connection"
check_env_var CA_NAME "Certificate Authority Name"
check_env_var CA_PASS "Certificate Authority Password"
check_env_var STATE "Certificate Authority generation"
check_env_var CITY "Certificate Authority generation"
check_env_var ORGANIZATION "Certificate Authority generation"
check_env_var ORGANIZATIONAL_UNIT "Certificate Authority generation"
check_env_var ADMIN_CERT_NAME "TAK Server management certificate"
check_env_var ADMIN_CERT_PASS "TAK Server management certificate password"
check_env_var TAKSERVER_CERT_PASS "TAK Server instance certificate password"
# Initialize data directories
mkdir -p "${TR}/data/logs" "${TR}/data/certs"
# Seed initial certificate data if necessary
if [[ ! -d "${TR}/data/certs" ]] || [[ -z "$(ls -A "${TR}/data/certs")" ]]; then
echo "Copying initial certificate configuration..."
cp -R ${TR}/certs/* ${TR}/data/certs/
else
echo "Using existing certificates."
fi
# Move original certificate data and symlink to certificate data in data dir
if [[ -d "${TR}/certs" ]] && [[ ! -L "${TR}/certs" ]]; then
mv ${TR}/certs ${TR}/certs.orig
ln -s "${TR}/data/certs" "${TR}/certs"
fi
# Seed initial CoreConfig.xml if necessary
if [[ ! -f "${CONFIG}" ]]; then
echo "Copying initial CoreConfig.xml..."
if [[ -f "${TR}/CoreConfig.xml" ]]; then
cp ${TR}/CoreConfig.xml ${CONFIG}
mv ${TR}/CoreConfig.xml ${TR}/CoreConfig.xml.orig
else
cp ${TR}/CoreConfig.example.xml ${CONFIG}
fi
else
echo "Using existing CoreConfig.xml."
fi
# Seed initial TAKIgniteConfig.xml if necessary
if [[ ! -f "${TAKIGNITECONFIG}" ]]; then
echo "Copying initial TAKIgniteConfig.xml..."
if [[ -f "${TR}/TAKIgniteConfig.xml" ]]; then
cp ${TR}/TAKIgniteConfig.xml ${TAKIGNITECONFIG}
mv ${TR}/TAKIgniteConfig.xml ${TR}/TAKIgniteConfig.xml.orig
else
cp ${TR}/TAKIgniteConfig.example.xml ${TAKIGNITECONFIG}
fi
else
echo "Using existing TAKIgniteConfig.xml."
fi
# Symlink the log directory
if [[ ! -L "${TR}/logs" ]]; then
ln -sf "${TR}/data/logs" "${TR}/logs"
fi
cd ${CR}
# Generate certificates if needed
if [[ ! -f "${CR}/files/root-ca.pem" ]]; then
echo "Generating root CA certificate..."
CAPASS=${CA_PASS} bash /opt/tak/certs/makeRootCa.sh --ca-name "${CA_NAME}"
else
echo "Using existing root CA."
fi
if [[ ! -f "${CR}/files/intermediate-signing.jks" ]]; then
echo "Making new signing certificate..."
export CAPASS=${CA_PASS}
yes | /opt/tak/certs/makeCert.sh ca intermediate
else
echo "Using existing intermediate CA certificate."
fi
if [[ ! -f "${CR}/files/takserver.pem" ]]; then
echo "Generating TAK Server certificate..."
CAPASS=${CA_PASS} PASS="${TAKSERVER_CERT_PASS}" bash /opt/tak/certs/makeCert.sh server takserver
else
echo "Using existing takserver certificate."
fi
if [[ ! -f "${CR}/files/${ADMIN_CERT_NAME}.pem" ]]; then
echo "Generating admin certificate..."
CAPASS=${CA_PASS} PASS="${ADMIN_CERT_PASS}" bash /opt/tak/certs/makeCert.sh client "${ADMIN_CERT_NAME}"
else
echo "Using existing ${ADMIN_CERT_NAME} certificate."
fi
# Set permissions
chmod -R 755 ${TR}/data/
# Configure CoreConfig.xml with environment variables
echo "Configuring CoreConfig.xml..."
python3 ${TR}/coreConfigEnvHelper.py "${CONFIG}" "${CONFIG}"
# Wait for database to be ready
echo "Waiting for database to be ready..."
until nc -z $(echo $POSTGRES_URL | sed 's/.*:\/\/\([^:]*\):.*/\1/') $(echo $POSTGRES_URL | sed 's/.*:\([0-9]*\)\/.*/\1/'); do
echo "Waiting for database connection..."
sleep 5
done
# Initialize database schema
echo "Initializing database schema..."
java -jar ${TR}/db-utils/SchemaManager.jar -url ${POSTGRES_URL} -user ${POSTGRES_USER} -password ${POSTGRES_PASSWORD} upgrade
cd ${TR}
# Source environment
. ./setenv.sh
echo "Starting TAK Server services..."
# Start services in background
echo "Starting Config service..."
java -jar -Xmx${CONFIG_MAX_HEAP}m -Dspring.profiles.active=config takserver.war &
CONFIG_PID=$!
echo "Starting Messaging service..."
java -jar -Xmx${MESSAGING_MAX_HEAP}m -Dspring.profiles.active=messaging takserver.war &
MESSAGING_PID=$!
echo "Starting API service..."
java -jar -Xmx${API_MAX_HEAP}m -Dspring.profiles.active=api -Dkeystore.pkcs12.legacy takserver.war &
API_PID=$!
echo "Starting Plugin Manager service..."
java -jar -Xmx${PLUGIN_MANAGER_MAX_HEAP}m -Dloader.path=WEB-INF/lib-provided,WEB-INF/lib,WEB-INF/classes,file:lib/ takserver-pm.jar &
PM_PID=$!
# Wait for services to start
echo "Waiting for services to start..."
sleep 60
# Add admin user
echo "Adding admin user..."
TAKCL_CORECONFIG_PATH="${CONFIG}"
TAKCL_TAKIGNITECONFIG_PATH="${TAKIGNITECONFIG}"
java -jar /opt/tak/utils/UserManager.jar certmod -A "/opt/tak/certs/files/${ADMIN_CERT_NAME}.pem"
echo "TAK Server is ready!"
echo "Admin user '${ADMIN_CERT_NAME}' has been added."
# Wait for plugin manager to complete (this keeps the container running)
wait $PM_PID