kindred/silo
1
1
Fork 0
Code Issues 30 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f37052c2f013f89e00d6e8a10fe45ac7d0358da1
silo/scripts/setup-host.sh
Forbes f37052c2f0 update deployment instructions
2026-01-26 21:31:49 -06:00

172 lines
5.6 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
#
# Silo Host Setup Script
# Run this on silo.kindred.internal to prepare for deployment
#
# Usage:
# sudo ./scripts/setup-host.sh
#
# This script:
# 1. Creates the silo system user
# 2. Creates required directories
# 3. Sets up the environment file template
# 4. Configures sudoers for deploy user
set -euo pipefail
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
log_info() { echo -e "${GREEN}[INFO]${NC} $*"; }
log_warn() { echo -e "${YELLOW}[WARN]${NC} $*"; }
log_error() { echo -e "${RED}[ERROR]${NC} $*" >&2; }
# Check root
if [[ $EUID -ne 0 ]]; then
log_error "This script must be run as root (use sudo)"
exit 1
fi
log_info "Setting up Silo host..."
# Create silo system user (for running the service)
if ! id -u silo >/dev/null 2>&1; then
log_info "Creating silo user..."
useradd -r -m -d /opt/silo -s /sbin/nologin -c "Silo Service" silo
log_info "Created user: silo"
else
log_info "User silo already exists"
fi
# Create deploy user (for CI/CD deployments)
DEPLOY_USER="deploy"
if ! id -u "${DEPLOY_USER}" >/dev/null 2>&1; then
log_info "Creating deploy user..."
useradd -m -s /bin/bash -c "Deployment User" "${DEPLOY_USER}"
log_info "Created user: ${DEPLOY_USER}"
log_warn "Remember to add SSH public key to /home/${DEPLOY_USER}/.ssh/authorized_keys"
else
log_info "User ${DEPLOY_USER} already exists"
fi
# Create directories
log_info "Creating directories..."
mkdir -p /opt/silo/bin
mkdir -p /etc/silo/schemas
mkdir -p /var/log/silo
# Set ownership
chown -R silo:silo /opt/silo
chown root:silo /etc/silo
chmod 750 /etc/silo
chown silo:silo /var/log/silo
chmod 750 /var/log/silo
log_info "Directories created"
# Create environment file if it doesn't exist
ENV_FILE="/etc/silo/silod.env"
if [[ ! -f "${ENV_FILE}" ]]; then
log_info "Creating environment file template..."
cat > "${ENV_FILE}" << 'EOF'
# Silo daemon environment variables
# Fill in the values below
# Database credentials (psql.kindred.internal)
SILO_DB_PASSWORD=
# MinIO credentials (minio.kindred.internal)
# User: silouser
SILO_MINIO_ACCESS_KEY=silouser
SILO_MINIO_SECRET_KEY=
# Optional overrides
# SILO_SERVER_BASE_URL=http://silo.kindred.internal:8080
EOF
chmod 600 "${ENV_FILE}"
chown root:silo "${ENV_FILE}"
log_warn "Edit ${ENV_FILE} and fill in credentials!"
else
log_info "Environment file already exists: ${ENV_FILE}"
fi
# Configure sudoers for deploy user
SUDOERS_FILE="/etc/sudoers.d/silo-deploy"
log_info "Configuring sudoers for deploy user..."
cat > "${SUDOERS_FILE}" << EOF
# Allow deploy user to manage silo service without password
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl start silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl stop silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl restart silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl status silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl enable silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl disable silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl is-active silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/systemctl daemon-reload
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/journalctl -u silod *
# Allow deploy user to manage silo files
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/mv /tmp/silod.new /opt/silo/bin/silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/mv /tmp/silod /opt/silo/bin/silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/mv /tmp/config.yaml /etc/silo/config.yaml
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/mv /tmp/silod.service /etc/systemd/system/silod.service
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/mv /tmp/silo-schemas/* /etc/silo/schemas/
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chmod * /opt/silo/bin/silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chmod * /etc/silo/config.yaml
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chmod * /etc/systemd/system/silod.service
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chmod -R * /etc/silo/schemas/*
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chown * /opt/silo/bin/silod
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chown * /etc/silo/config.yaml
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/chown -R * /etc/silo/schemas
${DEPLOY_USER} ALL=(ALL) NOPASSWD: /bin/rm -rf /etc/silo/schemas/*
EOF
chmod 440 "${SUDOERS_FILE}"
# Validate sudoers
if visudo -cf "${SUDOERS_FILE}"; then
log_info "Sudoers configuration valid"
else
log_error "Sudoers configuration invalid!"
rm -f "${SUDOERS_FILE}"
exit 1
fi
# Create SSH directory for deploy user
DEPLOY_SSH_DIR="/home/${DEPLOY_USER}/.ssh"
if [[ ! -d "${DEPLOY_SSH_DIR}" ]]; then
mkdir -p "${DEPLOY_SSH_DIR}"
touch "${DEPLOY_SSH_DIR}/authorized_keys"
chmod 700 "${DEPLOY_SSH_DIR}"
chmod 600 "${DEPLOY_SSH_DIR}/authorized_keys"
chown -R "${DEPLOY_USER}:${DEPLOY_USER}" "${DEPLOY_SSH_DIR}"
log_info "Created SSH directory for deploy user"
fi
# Summary
echo ""
log_info "============================================"
log_info "Host setup complete!"
log_info "============================================"
echo ""
echo "Next steps:"
echo ""
echo "1. Edit /etc/silo/silod.env and fill in credentials:"
echo " sudo nano /etc/silo/silod.env"
echo ""
echo "2. Add the CI/CD SSH public key to deploy user:"
echo " echo 'ssh-ed25519 AAAA...' >> /home/${DEPLOY_USER}/.ssh/authorized_keys"
echo ""
echo "3. Verify connectivity from CI/CD server:"
echo " ssh ${DEPLOY_USER}@silo.kindred.internal 'echo OK'"
echo ""
echo "4. Test database connectivity:"
echo " psql -h psql.kindred.internal -U silo -d silo -c 'SELECT 1'"
echo ""
echo "5. Test MinIO connectivity:"
echo " curl -I https://minio.kindred.internal:9000/minio/health/live"
echo ""
Reference in New Issue View Git Blame Copy Permalink