vasceannie/code-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9701a6ed896b9c8d2ffbcb8ee64ceb6ab42b8e40
code-tools/cert-mgmt/scripts/deploy_to_containers.sh
Travis Vasceannie 9701a6ed89 stuff
2025-09-29 14:14:30 +00:00

206 lines
6.8 KiB
Bash
Raw Blame History

#!/bin/zsh
# TLS Certificate deployment to Docker containers
set -e
CERT_FILE="certificates/git.lab.crt"
KEY_FILE="certificates/git.lab.key"
DOMAIN="git.lab"
function log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1"
}
function is_coolify_managed() {
local container_name="$1"
local container_id="$2"
# Check if container name contains Coolify patterns
if [[ "$container_name" =~ "vsgoso0skoo8ss08kg0ogcgo" ]] || [[ "$container_name" =~ "coolify" ]]; then
return 0 # true - is Coolify managed
fi
# Check if container has volumes mounted from /data/coolify/
local mounts=$(docker inspect "$container_id" --format '{{range .Mounts}}{{.Source}}:{{.Destination}} {{end}}' 2>/dev/null || echo "")
if [[ "$mounts" =~ "/data/coolify/" ]]; then
return 0 # true - is Coolify managed
fi
return 1 # false - not Coolify managed
}
function deploy_to_container() {
local container_name="$1"
local container_id="$2"
local container_shell="$3"
log "Deploying certificate to container: $container_name ($container_id)"
# Skip Coolify-managed containers
if is_coolify_managed "$container_name" "$container_id"; then
log "SKIPPED: $container_name is Coolify-managed"
return 0
fi
# Test if container is running
if ! docker exec "$container_id" echo "Container test successful" >/dev/null 2>&1; then
log "ERROR: Cannot execute commands in container $container_name"
return 1
fi
# Copy certificate file to container
log "Copying certificate to container $container_name"
if ! docker cp "$CERT_FILE" "$container_id:/tmp/git.lab.crt"; then
log "ERROR: Failed to copy certificate to $container_name"
return 1
fi
# Install certificate inside container
docker exec "$container_id" $container_shell -c '
# Check if we have the necessary tools
if ! command -v update-ca-certificates >/dev/null 2>&1; then
echo "Installing ca-certificates..."
# Try different package managers
if command -v apt-get >/dev/null 2>&1; then
apt-get update -qq && apt-get install -y ca-certificates
elif command -v apk >/dev/null 2>&1; then
apk add --no-cache ca-certificates
elif command -v yum >/dev/null 2>&1; then
yum install -y ca-certificates
else
echo "Cannot install ca-certificates - unsupported package manager"
exit 1
fi
fi
# Create certificates directory and install certificate
mkdir -p /usr/local/share/ca-certificates/
cp /tmp/git.lab.crt /usr/local/share/ca-certificates/git.lab.crt
chmod 644 /usr/local/share/ca-certificates/git.lab.crt
# Update certificate store
update-ca-certificates
# Clean up
rm -f /tmp/git.lab.crt
echo "Certificate installed in container successfully"
' 2>&1
if [[ $? -eq 0 ]]; then
log "SUCCESS: Certificate deployed to container $container_name"
# Try to find and restart application processes (optional)
log "Checking for application processes to restart in $container_name"
docker exec "$container_id" $container_shell -c '
# Look for common application processes that might need restarting
# This is optional and failure here should not fail the deployment
for proc in node python java nginx apache2 httpd; do
if pgrep "$proc" >/dev/null 2>&1; then
echo "Found $proc processes - consider restarting application if needed"
fi
done
' 2>/dev/null || true
return 0
else
log "ERROR: Failed to deploy certificate to container $container_name"
return 1
fi
}
function main() {
if [[ ! -f "$CERT_FILE" ]]; then
log "ERROR: Certificate file not found. Run generate_certificate.sh first."
exit 1
fi
# Read inventory file for containers
if [[ ! -f "inventory/network_inventory.yaml" ]]; then
log "ERROR: Network inventory file not found. Run create_inventory.sh first."
exit 1
fi
log "Starting certificate deployment to Docker containers..."
# Extract container info from inventory
local containers_section=false
local containers=()
local container_ids=()
local container_shells=()
while IFS= read -r line; do
if [[ "$line" =~ "^containers:" ]]; then
containers_section=true
continue
elif [[ "$line" =~ "^[a-zA-Z].*:" ]] && [[ "$containers_section" == true ]]; then
# End of containers section
break
fi
if [[ "$containers_section" == true ]]; then
if [[ "$line" =~ "- name:" ]]; then
local name=$(echo "$line" | sed 's/.*name: "\([^"]*\)".*/\1/')
containers+=("$name")
elif [[ "$line" =~ "id:" ]]; then
local id=$(echo "$line" | sed 's/.*id: "\([^"]*\)".*/\1/')
container_ids+=("$id")
elif [[ "$line" =~ "shell:" ]]; then
local shell=$(echo "$line" | sed 's/.*shell: "\([^"]*\)".*/\1/')
container_shells+=("$shell")
fi
fi
done < inventory/network_inventory.yaml
if [[ ${#containers[@]} -eq 0 ]]; then
log "No containers found in inventory file"
exit 0
fi
log "Found ${#containers[@]} containers to deploy to"
local success_count=0
local failed_containers=()
local skipped_count=0
# Deploy to each container
for i in {1..${#containers[@]}}; do
local name="${containers[$i]}"
local id="${container_ids[$i]}"
local shell="${container_shells[$i]}"
# Verify container is still running
if ! docker ps --format "{{.Names}}" | grep -q "^${name}$"; then
log "WARNING: Container $name is no longer running, skipping"
((skipped_count++))
continue
fi
if deploy_to_container "$name" "$id" "$shell"; then
((success_count++))
else
failed_containers+=("$name")
fi
done
log "Deployment summary:"
log " Successful: $success_count"
log " Failed: ${#failed_containers[@]}"
log " Skipped: $skipped_count"
if [[ ${#failed_containers[@]} -gt 0 ]]; then
log "Failed containers:"
for container in "${failed_containers[@]}"; do
log " - $container"
done
exit 1
fi
log "All containers processed successfully!"
}
# Check if running directly or being sourced
if [[ "${BASH_SOURCE[0]}" == "${0}" ]] || [[ "${(%):-%N}" == "${0:t}" ]]; then
main "$@"
fi
Reference in New Issue View Git Blame Copy Permalink