kindred/silo
1
1
Fork 0
Code Issues 30 Pull Requests Actions Packages Projects Releases Wiki Activity

update deployment

Browse Source
This commit is contained in:
Forbes
2026-01-26 21:32:57 -06:00
parent f37052c2f0
commit 5201b35d83
5 changed files with 585 additions and 930 deletions
Download Patch File Download Diff File Expand all files Collapse all files

238
scripts/setup-host.sh
View File

@@ -1,16 +1,18 @@
#!/usr/bin/env bash
#
# Silo Host Setup Script
# Run this on silo.kindred.internal to prepare for deployment
# Run this once on silo.kindred.internal to prepare for deployment
#
# Usage:
# sudo ./scripts/setup-host.sh
# sudo ./setup-host.sh
#
# This script:
# 1. Creates the silo system user
# 2. Creates required directories
# 3. Sets up the environment file template
# 4. Configures sudoers for deploy user
# 1. Installs required packages (git, go)
# 2. Creates the silo system user
# 3. Creates required directories
# 4. Sets up the environment file template
# 5. Clones the repository
# 6. Runs initial deployment
set -euo pipefail
@@ -18,65 +20,147 @@ set -euo pipefail
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() { echo -e "${GREEN}[INFO]${NC} $*"; }
# Configuration
REPO_URL="${SILO_REPO_URL:-https://gitea.kindred.internal/kindred/silo-0062.git}"
REPO_BRANCH="${SILO_BRANCH:-main}"
INSTALL_DIR="/opt/silo"
CONFIG_DIR="/etc/silo"
GO_VERSION="1.23.0"
log_info() { echo -e "${BLUE}[INFO]${NC} $*"; }
log_success() { echo -e "${GREEN}[OK]${NC} $*"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
log_error() { echo -e "${RED}[ERROR]${NC} $*" >&2; }
die() { log_error "$*"; exit 1; }
# Check root
if [[ $EUID -ne 0 ]]; then
log_error "This script must be run as root (use sudo)"
exit 1
die "This script must be run as root (use sudo)"
fi
log_info "Setting up Silo host..."
log_info "============================================"
log_info "Silo Host Setup"
log_info "============================================"
echo ""
# Create silo system user (for running the service)
# Detect package manager
if command -v apt-get >/dev/null 2>&1; then
PKG_MANAGER="apt"
elif command -v dnf >/dev/null 2>&1; then
PKG_MANAGER="dnf"
elif command -v yum >/dev/null 2>&1; then
PKG_MANAGER="yum"
else
die "Unsupported package manager. Install git and go manually."
fi
log_info "Detected package manager: ${PKG_MANAGER}"
# Install dependencies
log_info "Installing dependencies..."
case ${PKG_MANAGER} in
apt)
apt-get update -qq
apt-get install -y -qq git curl ca-certificates
;;
dnf|yum)
${PKG_MANAGER} install -y -q git curl ca-certificates
;;
esac
log_success "System packages installed"
# Install Go if not present or wrong version
install_go() {
log_info "Installing Go ${GO_VERSION}..."
local arch
case $(uname -m) in
x86_64) arch="amd64" ;;
aarch64) arch="arm64" ;;
*) die "Unsupported architecture: $(uname -m)" ;;
esac
local go_tar="go${GO_VERSION}.linux-${arch}.tar.gz"
local go_url="https://go.dev/dl/${go_tar}"
# Remove existing Go installation
rm -rf /usr/local/go
# Download and install
curl -fsSL "${go_url}" -o "/tmp/${go_tar}"
tar -C /usr/local -xzf "/tmp/${go_tar}"
rm -f "/tmp/${go_tar}"
# Add to PATH for all users
cat > /etc/profile.d/go.sh << 'EOF'
export PATH=$PATH:/usr/local/go/bin
export GOPATH=/opt/go
export PATH=$PATH:$GOPATH/bin
EOF
# Source for current session
export PATH=$PATH:/usr/local/go/bin
log_success "Go ${GO_VERSION} installed"
}
if command -v go >/dev/null 2>&1; then
current_go=$(go version | grep -oP '\d+\.\d+' | head -1)
required_go="1.23"
if [[ "$(printf '%s\n' "$required_go" "$current_go" | sort -V | head -n1)" != "$required_go" ]]; then
log_warn "Go ${current_go} found, but ${required_go}+ required"
install_go
else
log_success "Go ${current_go} already installed"
fi
else
install_go
fi
# Ensure Go is in PATH
export PATH=$PATH:/usr/local/go/bin
# Create silo system user
if ! id -u silo >/dev/null 2>&1; then
log_info "Creating silo user..."
useradd -r -m -d /opt/silo -s /sbin/nologin -c "Silo Service" silo
log_info "Created user: silo"
useradd -r -m -d "${INSTALL_DIR}" -s /sbin/nologin -c "Silo Service" silo
log_success "Created user: silo"
else
log_info "User silo already exists"
fi
# Create deploy user (for CI/CD deployments)
DEPLOY_USER="deploy"
if ! id -u "${DEPLOY_USER}" >/dev/null 2>&1; then
log_info "Creating deploy user..."
useradd -m -s /bin/bash -c "Deployment User" "${DEPLOY_USER}"
log_info "Created user: ${DEPLOY_USER}"
log_warn "Remember to add SSH public key to /home/${DEPLOY_USER}/.ssh/authorized_keys"
else
log_info "User ${DEPLOY_USER} already exists"
fi
# Create directories
log_info "Creating directories..."
mkdir -p /opt/silo/bin
mkdir -p /etc/silo/schemas
mkdir -p "${INSTALL_DIR}/bin"
mkdir -p "${INSTALL_DIR}/src"
mkdir -p "${CONFIG_DIR}/schemas"
mkdir -p /var/log/silo
# Set ownership
chown -R silo:silo /opt/silo
chown root:silo /etc/silo
chmod 750 /etc/silo
chown -R silo:silo "${INSTALL_DIR}"
chown root:silo "${CONFIG_DIR}"
chmod 750 "${CONFIG_DIR}"
chown silo:silo /var/log/silo
chmod 750 /var/log/silo
log_info "Directories created"
log_success "Directories created"
# Create environment file if it doesn't exist
ENV_FILE="/etc/silo/silod.env"
ENV_FILE="${CONFIG_DIR}/silod.env"
if [[ ! -f "${ENV_FILE}" ]]; then
log_info "Creating environment file template..."
log_info "Creating environment file..."
cat > "${ENV_FILE}" << 'EOF'
# Silo daemon environment variables
# Fill in the values below
# Database credentials (psql.kindred.internal)
# Database: silo, User: silo
SILO_DB_PASSWORD=
# MinIO credentials (minio.kindred.internal)
@@ -89,62 +173,30 @@ SILO_MINIO_SECRET_KEY=
EOF
chmod 600 "${ENV_FILE}"
chown root:silo "${ENV_FILE}"
log_warn "Edit ${ENV_FILE} and fill in credentials!"
log_warn "Created ${ENV_FILE} - YOU MUST EDIT THIS FILE!"
else
log_info "Environment file already exists: ${ENV_FILE}"
log_info "Environment file already exists"
fi
# Configure sudoers for deploy user
SUDOERS_FILE="/etc/sudoers.d/silo-deploy"
log_info "Configuring sudoers for deploy user..."
cat > "${SUDOERS_FILE}" << EOF
# Allow deploy user to manage silo service without password
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl start silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl stop silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl restart silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl status silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl enable silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl disable silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl is-active silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl daemon-reload
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/journalctl -u silod *
# Clone repository
log_info "Cloning repository..."
# Allow deploy user to manage silo files
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/mv /tmp/silod.new /opt/silo/bin/silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/mv /tmp/silod /opt/silo/bin/silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/mv /tmp/config.yaml /etc/silo/config.yaml
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/mv /tmp/silod.service /etc/systemd/system/silod.service
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/mv /tmp/silo-schemas/* /etc/silo/schemas/
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chmod * /opt/silo/bin/silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chmod * /etc/silo/config.yaml
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chmod * /etc/systemd/system/silod.service
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chmod -R * /etc/silo/schemas/*
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chown * /opt/silo/bin/silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chown * /etc/silo/config.yaml
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chown -R * /etc/silo/schemas
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/rm -rf /etc/silo/schemas/*
EOF
chmod 440 "${SUDOERS_FILE}"
# Validate sudoers
if visudo -cf "${SUDOERS_FILE}"; then
log_info "Sudoers configuration valid"
if [[ -d "${INSTALL_DIR}/src/.git" ]]; then
log_info "Repository already cloned, pulling latest..."
cd "${INSTALL_DIR}/src"
git fetch origin
git checkout "${REPO_BRANCH}"
git reset --hard "origin/${REPO_BRANCH}"
else
log_error "Sudoers configuration invalid!"
rm -f "${SUDOERS_FILE}"
exit 1
rm -rf "${INSTALL_DIR}/src"
git clone --branch "${REPO_BRANCH}" "${REPO_URL}" "${INSTALL_DIR}/src"
fi
# Create SSH directory for deploy user
DEPLOY_SSH_DIR="/home/${DEPLOY_USER}/.ssh"
if [[ ! -d "${DEPLOY_SSH_DIR}" ]]; then
mkdir -p "${DEPLOY_SSH_DIR}"
touch "${DEPLOY_SSH_DIR}/authorized_keys"
chmod 700 "${DEPLOY_SSH_DIR}"
chmod 600 "${DEPLOY_SSH_DIR}/authorized_keys"
chown -R "${DEPLOY_USER}:${DEPLOY_USER}" "${DEPLOY_SSH_DIR}"
log_info "Created SSH directory for deploy user"
fi
cd "${INSTALL_DIR}/src"
log_success "Repository ready at $(git rev-parse --short HEAD)"
# Set ownership of source
chown -R silo:silo "${INSTALL_DIR}/src"
# Summary
echo ""
@@ -154,18 +206,20 @@ log_info "============================================"
echo ""
echo "Next steps:"
echo ""
echo "1. Edit /etc/silo/silod.env and fill in credentials:"
echo " sudo nano /etc/silo/silod.env"
echo "1. Edit ${ENV_FILE} and fill in credentials:"
echo " sudo nano ${ENV_FILE}"
echo ""
echo "2. Add the CI/CD SSH public key to deploy user:"
echo " echo 'ssh-ed25519 AAAA...' >> /home/${DEPLOY_USER}/.ssh/authorized_keys"
echo ""
echo "3. Verify connectivity from CI/CD server:"
echo " ssh ${DEPLOY_USER}@silo.kindred.internal 'echo OK'"
echo ""
echo "4. Test database connectivity:"
echo "2. Verify database connectivity:"
echo " psql -h psql.kindred.internal -U silo -d silo -c 'SELECT 1'"
echo ""
echo "5. Test MinIO connectivity:"
echo " curl -I https://minio.kindred.internal:9000/minio/health/live"
echo "3. Verify MinIO connectivity:"
echo " curl -I http://minio.kindred.internal:9000/minio/health/live"
echo ""
echo "4. Run the deployment:"
echo " sudo ${INSTALL_DIR}/src/scripts/deploy.sh"
echo ""
echo "After deployment, manage the service with:"
echo " sudo systemctl status silod"
echo " sudo systemctl restart silod"
echo " sudo journalctl -u silod -f"
echo ""