forked from jeepapichet/ppdemo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstart-demo.sh
executable file
·97 lines (72 loc) · 2.62 KB
/
start-demo.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#!/bin/bash -e
main() {
THISDOMAIN="cyberark.local"
PROJECTNAME="ppdemo" #change this if project folder is not ppdemo
echo "-----"
echo "Bring down all running services"
docker-compose down
echo "-----"
echo "Bring up Conjur and Puppet Master"
docker-compose up -d conjur
docker-compose up -d puppet
docker-compose up -d cli
PUPPET_CONT_ID=$(docker-compose ps -q puppet)
CONJUR_CONT_ID=$(docker-compose ps -q conjur)
CLI_CONT_ID=$(docker-compose ps -q cli)
echo "-----"
echo "Initializing Conjur"
runInConjur /src/conjur-init.sh
echo "-----"
echo "Get certificate from Conjur"
rm -f /tmp/conjur.pem
docker cp -L $CONJUR_CONT_ID:/opt/conjur/etc/ssl/conjur.pem /tmp
echo "-----"
echo "Copy Conjur config and certificate to CLI"
docker cp -L ./conjur.conf $CLI_CONT_ID:/etc/conjur.conf
docker cp -L /tmp/conjur.pem $CLI_CONT_ID:/etc/conjur.pem
echo "-----"
echo "Load demo policy and sample secret value"
runIncli conjur authn login -u admin -p Cyberark1
runIncli conjur bootstrap -q
runIncli conjur policy load --as-group=security_admin /src/puppetdemo-policy.yml
runIncli conjur variable values add puppetdemo/dbpassword 'white rabbit'
runIncli conjur variable values add puppetdemo/secretkey 'Se(re1Fr0mConjur'
echo "-----"
echo "Copy Conjur certificate to Puppet"
docker cp -L /tmp/conjur.pem $PUPPET_CONT_ID:/etc/conjur.pem
echo "-----"
echo "Start demo webapp nodes"
docker-compose up -d dev-webapp
docker-compose up -d prod-webapp
echo "-----"
echo "Update dev-webapp and prod-webapp container IP to local hosts file"
updatehostsfile $(docker-compose ps -q dev-webapp)
updatehostsfile $(docker-compose ps -q prod-webapp)
}
runInConjur() {
docker-compose exec -T conjur "$@"
}
runIncli() {
docker-compose exec -T cli "$@"
}
runInPuppet() {
docker-compose exec -T puppet "$@"
}
wait_for_conjur() {
docker-compose exec -T conjur bash -c 'while ! curl -sI localhost > /dev/null; do sleep 1; done'
}
updatehostsfile() {
local containername="$1"
local processfile=/etc/hosts
local tmpfile=/tmp/${1}.tmp
local knownhostsfile=~/.ssh/known_hosts
conthostname=`docker inspect --format '{{ .Config.Hostname }}' $containername`
contipaddress=`docker inspect --format '{{ .NetworkSettings.Networks.'"$PROJECTNAME"'_default.IPAddress }}' $containername`
echo "---- Update hosts file for $conthostname"
grep -v $conthostname $processfile > $tmpfile
echo -e $contipaddress '\t' $conthostname '\t' $conthostname'.'$THISDOMAIN >> $tmpfile
mv $tmpfile $processfile
echo "---- Remove host from ssh knownhosts"
ssh-keygen -R $conthostname || true
}
main "$@"