From 0dfb87698bde307b26c5ddec04838982734fa9bd Mon Sep 17 00:00:00 2001 From: Piwccle Date: Mon, 1 Sep 2025 18:53:34 +0200 Subject: [PATCH] Refactor terraform main file to be more alike with aws and azure scripts and fixed some things that were wrong in the install script. Changed variables.tf and output.tf as needed --- .../community/singlenode/gcp/output.tf | 6 +- .../gcp/tf-gpc-openvidu-singlenode.tf | 561 +++++++++++------- .../community/singlenode/gcp/variables.tf | 8 +- 3 files changed, 353 insertions(+), 222 deletions(-) diff --git a/openvidu-deployment/community/singlenode/gcp/output.tf b/openvidu-deployment/community/singlenode/gcp/output.tf index 980f6228..bb0eaac0 100644 --- a/openvidu-deployment/community/singlenode/gcp/output.tf +++ b/openvidu-deployment/community/singlenode/gcp/output.tf @@ -8,9 +8,9 @@ output "openvidu_public_ip" { value = length(google_compute_address.openvidu_ip) > 0 ? google_compute_address.openvidu_ip[0].address : google_compute_instance.openvidu.network_interface[0].access_config[0].nat_ip } -output "services_and_credentials_secret_id" { - value = google_secret_manager_secret.openvidu.secret_id -} +# output "services_and_credentials_secret_id" { +# value = google_secret_manager_secret.openvidu.secret_id +# } output "appdata_bucket" { value = local.isEmpty ? "openvidu-appdata" : var.bucketName diff --git a/openvidu-deployment/community/singlenode/gcp/tf-gpc-openvidu-singlenode.tf b/openvidu-deployment/community/singlenode/gcp/tf-gpc-openvidu-singlenode.tf index eeb580e9..e005da3c 100644 --- a/openvidu-deployment/community/singlenode/gcp/tf-gpc-openvidu-singlenode.tf +++ b/openvidu-deployment/community/singlenode/gcp/tf-gpc-openvidu-singlenode.tf @@ -6,49 +6,49 @@ resource "google_project_service" "storage_api" { service = "storage.googleapis. resource "random_id" "bucket_suffix" { byte_length = 3 } # GCS bucket (conditional) -# resource "google_storage_bucket" "bucket" { -# count = 1 -# name = local.isEmpty ? "openvidu-appdata" : var.bucketName -# location = var.region -# force_destroy = false -# uniform_bucket_level_access = true -# } +resource "google_storage_bucket" "bucket" { + count = 1 + name = local.isEmpty ? "openvidu-appdata" : var.bucketName + location = var.region + force_destroy = false + uniform_bucket_level_access = true +} # Secret Manager secret that stores deployment info and seed secrets -# resource "google_secret_manager_secret" "openvidu" { -# secret_id = "openvidu-${var.region}-${var.stackName}" -# replication { -# auto {} -# } -# } +resource "google_secret_manager_secret" "openvidu_secret_manager" { + secret_id = "openvidu-${var.region}-${var.stackName}" + replication { + auto {} + } +} -# resource "google_secret_manager_secret_version" "openvidu_version" { -# secret = google_secret_manager_secret.openvidu.id -# secret_data = jsonencode({ -# domainName = "none", -# LIVEKIT_turnDomainName = "none", -# LETSENCRYPT_EMAIL = "none", -# REDIS_PASSWORD = "none", -# MONGO_ADMIN_USERNAME = "none", -# MONGO_ADMIN_PASSWORD = "none", -# MONGO_REPLICA_SET_KEY = "none", -# MINIO_URL = "none", -# MINIO_ACCESS_KEY = "none", -# MINIO_SECRET_KEY = "none", -# DASHBOARD_URL = "none", -# DASHBOARD_ADMIN_USERNAME = "none", -# DASHBOARD_ADMIN_PASSWORD = "none", -# GRAFANA_URL = "none", -# GRAFANA_ADMIN_USERNAME = "none", -# GRAFANA_ADMIN_PASSWORD = "none", -# LIVEKIT_API_KEY = "none", -# LIVEKIT_API_SECRET = "none", -# MEET_ADMIN_USER = "none", -# MEET_ADMIN_SECRET = "none", -# MEET_API_KEY = "none", -# ENABLED_MODULES = "none" -# }) -# } +resource "google_secret_manager_secret_version" "openvidu_version" { + secret = google_secret_manager_secret.openvidu.id + secret_data = jsonencode({ + DOMAIN_NAME = "none", + LIVEKIT_TURN_DOMAIN_NAME = "none", + LETSENCRYPT_EMAIL = "none", + REDIS_PASSWORD = "none", + MONGO_ADMIN_USERNAME = "none", + MONGO_ADMIN_PASSWORD = "none", + MONGO_REPLICA_SET_KEY = "none", + MINIO_URL = "none", + MINIO_ACCESS_KEY = "none", + MINIO_SECRET_KEY = "none", + DASHBOARD_URL = "none", + DASHBOARD_ADMIN_USERNAME = "none", + DASHBOARD_ADMIN_PASSWORD = "none", + GRAFANA_URL = "none", + GRAFANA_ADMIN_USERNAME = "none", + GRAFANA_ADMIN_PASSWORD = "none", + LIVEKIT_API_KEY = "none", + LIVEKIT_API_SECRET = "none", + MEET_ADMIN_USER = "none", + MEET_ADMIN_SECRET = "none", + MEET_API_KEY = "none", + ENABLED_MODULES = "none" + }) +} # Service account for the instance resource "google_service_account" "openvidu_sa" { @@ -104,7 +104,7 @@ resource "google_compute_instance" "openvidu" { boot_disk { initialize_params { - image = var.boot_image + image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2204-lts" size = 200 type = "pd-standard" } @@ -139,176 +139,7 @@ resource "google_compute_instance" "openvidu" { scopes = ["https://www.googleapis.com/auth/cloud-platform"] } - - metadata_startup_script = </dev/null 2>&1; then - echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] http://packages.cloud.google.com/apt cloud-sdk main" | tee /etc/apt/sources.list.d/google-cloud-sdk.list - curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - - apt-get update && apt-get install -y google-cloud-sdk - fi - - # Install yq - YQ_VERSION=v4.44.5 - wget https://github.com/mikefarah/yq/releases/download/$${YQ_VERSION}/yq_linux_amd64.tar.gz -O - | tar xz && mv yq_linux_amd64 /usr/bin/yq - - # Fetch secret (the secret contains a JSON string as in Terraform) - SHARED_SECRET_JSON=$(gcloud secrets versions access latest --secret="$${SECRET_NAME}" --project="$${projevar.projectId}") || SHARED_SECRET_JSON='{}' - - # Helper to update secret using gcloud (we will use it to save values) - save_secret() { - KEY=$1 - VALUE=$2 - # read current, update key, and write a new version - TMP=$(mktemp) - echo "$SHARED_SECRET_JSON" | jq ". + { \"$${KEY}\": \"$${VALUE}\" }" > "$TMP" || echo '{ }' > "$TMP" - gcloud secrets versions add "$${SECRET_NAME}" --data-file="$TMP" --project="$${projevar.projectId}" >/dev/null - SHARED_SECRET_JSON=$(cat "$TMP") - rm -f "$TMP" - } - - # Generate randoms and save to secret when needed (similar to CFN store_secret.sh) - generate_and_save() { - KEY=$1 - PREFIX=$${2:-} - LENGTH=$${3:-44} - RAND=$(openssl rand -base64 64 | tr -d '+/=\n' | cut -c -$${LENGTH}) - VALUE="$${PREFIX}$${RAND}" - save_secret "$KEY" "$VALUE" - echo "$VALUE" - } - - # Configure domain - if [[ -z "$domainName" || "$domainName" == "none" ]]; then - # Use external IP - EXTERNAL_IP=$(curl -s ifconfig.co || true) - DOMAIN="$EXTERNAL_IP" - else - DOMAIN="$domainName" - fi - save_secret domainName "$DOMAIN" - - # Generate/store secrets used by OpenVidu - REDIS_PASSWORD=$(generate_and_save REDIS_PASSWORD) - MONGO_ADMIN_USERNAME=$(save_secret MONGO_ADMIN_USERNAME "mongoadmin") - MONGO_ADMIN_PASSWORD=$(generate_and_save MONGO_ADMIN_PASSWORD) - MONGO_REPLICA_SET_KEY=$(generate_and_save MONGO_REPLICA_SET_KEY) - MINIO_ACCESS_KEY=$(save_secret MINIO_ACCESS_KEY "minioadmin") - MINIO_SECRET_KEY=$(generate_and_save MINIO_SECRET_KEY) - DASHBOARD_ADMIN_USERNAME=$(save_secret DASHBOARD_ADMIN_USERNAME "dashboardadmin") - DASHBOARD_ADMIN_PASSWORD=$(generate_and_save DASHBOARD_ADMIN_PASSWORD) - GRAFANA_ADMIN_USERNAME=$(save_secret GRAFANA_ADMIN_USERNAME "grafanaadmin") - GRAFANA_ADMIN_PASSWORD=$(generate_and_save GRAFANA_ADMIN_PASSWORD) - MEET_ADMIN_USER=$(save_secret MEET_ADMIN_USER "meetadmin") - MEET_ADMIN_SECRET=$(generate_and_save MEET_ADMIN_SECRET) - MEET_API_KEY=$(generate_and_save MEET_API_KEY) - ENABLED_MODULES=$(save_secret ENABLED_MODULES "observability,openviduMeet") - LIVEKIT_API_KEY=$(generate_and_save LIVEKIT_API_KEY "API" 12) - LIVEKIT_API_SECRET=$(generate_and_save LIVEKIT_API_SECRET) - - # Build install command and args - INSTALL_COMMAND="sh <(curl -fsSL http://get.openvidu.io/community/singlenode/main/install.sh)" - COMMON_ARGS=( - "--no-tty" - "--install" - "--environment=gcp" - "--deployment-type=single_node" - "--domain-name=$DOMAIN" - "--enabled-modules='$ENABLED_MODULES'" - "--redis-password=$REDIS_PASSWORD" - "--mongo-admin-user=$MONGO_ADMIN_USERNAME" - "--mongo-admin-password=$MONGO_ADMIN_PASSWORD" - "--mongo-replica-set-key=$MONGO_REPLICA_SET_KEY" - "--minio-access-key=$MINIO_ACCESS_KEY" - "--minio-secret-key=$MINIO_SECRET_KEY" - "--dashboard-admin-user=$DASHBOARD_ADMIN_USERNAME" - "--dashboard-admin-password=$DASHBOARD_ADMIN_PASSWORD" - "--grafana-admin-user=$GRAFANA_ADMIN_USERNAME" - "--grafana-admin-password=$GRAFANA_ADMIN_PASSWORD" - "--meet-admin-user=$MEET_ADMIN_USER" - "--meet-admin-password=$MEET_ADMIN_SECRET" - "--meet-api-key=$MEET_API_KEY" - "--livekit-api-key=$LIVEKIT_API_KEY" - "--livekit-api-secret=$LIVEKIT_API_SECRET" - ) - - # Include additional installer flags (trimmed) - if [[ -n "$ADDITIONAL_FLAGS" && "$ADDITIONAL_FLAGS" != "none" ]]; then - IFS=',' read -ra EXTRA_FLAGS <<< "$ADDITIONAL_FLAGS" - for extra_flag in "$${EXTRA_FLAGS[@]}"; do - extra_flag="$(echo -e "$extra_flag" | sed -e 's/^\s*//' -e 's/\s*$//')" - if [[ -n "$extra_flag" ]]; then - COMMON_ARGS+=("$extra_flag") - fi - done - fi - - # TURN domain - if [[ -n "$turnDomainName" && "$turnDomainName" != "none" ]]; then - save_secret LIVEKIT_turnDomainName "$turnDomainName" - COMMON_ARGS+=("--turn-domain-name=$turnDomainName") - fi - - # Certificate handling - if [[ "$CERT_TYPE" == "selfsigned" ]] ; then - CERT_ARGS=("--certificate-type=selfsigned") - elif [[ "$CERT_TYPE" == "letsencrypt" ]] ; then - save_secret LETSENCRYPT_EMAIL "$LE_EMAIL" - CERT_ARGS=("--certificate-type=letsencrypt" "--letsencrypt-email=$LE_EMAIL") - else - # owncert: download from provided URLs and convert to base64 - mkdir -p /tmp/owncert - if [[ -n "$OWN_CERT_URL" && -n "$OWN_KEY_URL" ]]; then - wget -O /tmp/owncert/fullchain.pem "$OWN_CERT_URL" - wget -O /tmp/owncert/privkey.pem "$OWN_KEY_URL" - OWN_CERT_CRT=$(base64 -w 0 /tmp/owncert/fullchain.pem) - OWN_CERT_KEY=$(base64 -w 0 /tmp/owncert/privkey.pem) - CERT_ARGS=("--certificate-type=owncert" "--owncert-public-key=$OWN_CERT_CRT" "--owncert-private-key=$OWN_CERT_KEY") - else - echo "owncert selected but cert URLs not provided" - exit 1 - fi - fi - - # Final command - FINAL_COMMAND="$INSTALL_COMMAND $(printf "%s " "$${COMMON_ARGS[@]}") $(printf "%s " "$${CERT_ARGS[@]}")" - - # Execute installation - bash -c "$FINAL_COMMAND" - - # Configure GCS bucket in OpenVidu config if needed - if [[ -n "$S3_BUCKET_NAME" && "$S3_BUCKET_NAME" != "none" ]]; then - # Wait for openvidu config dir - CONFIG_DIR="/opt/openvidu/config" - if [[ -f "$${CONFIG_DIR}/openvidu.env" ]]; then - sed -i "s|EXTERNAL_S3_BUCKET_APP_DATA=.*|EXTERNAL_S3_BUCKET_APP_DATA=$${S3_BUCKET_NAME}|" "$${CONFIG_DIR}/openvidu.env" || true - fi - fi - EOF + metadata_startup_script = local.user_data labels = { stack = var.stackName @@ -318,5 +149,311 @@ resource "google_compute_instance" "openvidu" { # ------------------------- local values ------------------------- locals { - isEmpty = var.bucketName == "" + isEmpty = var.bucketName == "" + install_script = <<-EOF + #!/bin/bash -x + OPENVIDU_VERSION=3.3.0 #CHANGE + DOMAIN= + YQ_VERSION=v4.44.5 + + apt-get update && apt-get install -y \ + curl \ + unzip \ + jq \ + wget \ + ca-certificates \ + gnupg \ + lsb-release \ + openssl + + wget https://github.com/mikefarah/yq/releases/download/$${YQ_VERSION}/yq_linux_amd64.tar.gz -O - |\ + tar xz && mv yq_linux_amd64 /usr/bin/yq + + # Configure domain + if [[ -z "${var.domainName}" || "${var.domainName}" == "none" ]]; then + # Use external IP + EXTERNAL_IP=$(curl -s ifconfig.co || true) + DOMAIN="$$EXTERNAL_IP" + else + DOMAIN="${var.domainName}" + fi + + DOMAIN="$(/usr/local/bin/store_secret.sh save DOMAIN_NAME "$$DOMAIN")" + + # Store usernames and generate random passwords + REDIS_PASSWORD="$(/usr/local/bin/store_secret.sh generate REDIS_PASSWORD)" + MONGO_ADMIN_USERNAME="$(/usr/local/bin/store_secret.sh save MONGO_ADMIN_USERNAME "mongoadmin")" + MONGO_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate MONGO_ADMIN_PASSWORD)" + MONGO_REPLICA_SET_KEY="$(/usr/local/bin/store_secret.sh generate MONGO_REPLICA_SET_KEY)" + MINIO_ACCESS_KEY="$(/usr/local/bin/store_secret.sh save MINIO_ACCESS_KEY "minioadmin")" + MINIO_SECRET_KEY="$(/usr/local/bin/store_secret.sh generate MINIO_SECRET_KEY)" + DASHBOARD_ADMIN_USERNAME="$(/usr/local/bin/store_secret.sh save DASHBOARD_ADMIN_USERNAME "dashboardadmin")" + DASHBOARD_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate DASHBOARD_ADMIN_PASSWORD)" + GRAFANA_ADMIN_USERNAME="$(/usr/local/bin/store_secret.sh save GRAFANA_ADMIN_USERNAME "grafanaadmin")" + GRAFANA_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate GRAFANA_ADMIN_PASSWORD)" + MEET_ADMIN_USER="$(/usr/local/bin/store_secret.sh save MEET_ADMIN_USER "meetadmin")" + MEET_ADMIN_SECRET="$(/usr/local/bin/store_secret.sh generate MEET_ADMIN_SECRET)" + MEET_API_KEY="$(/usr/local/bin/store_secret.sh generate MEET_API_KEY)" + ENABLED_MODULES="$(/usr/local/bin/store_secret.sh save ENABLED_MODULES "observability,openviduMeet")" + LIVEKIT_API_KEY="$(/usr/local/bin/store_secret.sh generate LIVEKIT_API_KEY "API" 12)" + LIVEKIT_API_SECRET="$(/usr/local/bin/store_secret.sh generate LIVEKIT_API_SECRET)" + + # Build install command and args + INSTALL_COMMAND="sh <(curl -fsSL http://get.openvidu.io/community/singlenode/$$OPENVIDU_VERSION/install.sh)" + + # Common arguments + COMMON_ARGS=( + "--no-tty" + "--install" + "--environment=gcp" + "--deployment-type=single_node" + "--domain-name=$$DOMAIN" + "--enabled-modules='$$ENABLED_MODULES'" + "--redis-password=$$REDIS_PASSWORD" + "--mongo-admin-user=$$MONGO_ADMIN_USERNAME" + "--mongo-admin-password=$$MONGO_ADMIN_PASSWORD" + "--mongo-replica-set-key=$$MONGO_REPLICA_SET_KEY" + "--minio-access-key=$$MINIO_ACCESS_KEY" + "--minio-secret-key=$$MINIO_SECRET_KEY" + "--dashboard-admin-user=$$DASHBOARD_ADMIN_USERNAME" + "--dashboard-admin-password=$$DASHBOARD_ADMIN_PASSWORD" + "--grafana-admin-user=$$GRAFANA_ADMIN_USERNAME" + "--grafana-admin-password=$$GRAFANA_ADMIN_PASSWORD" + "--meet-admin-user=$$MEET_ADMIN_USER" + "--meet-admin-password=$$MEET_ADMIN_SECRET" + "--meet-api-key=$$MEET_API_KEY" + "--livekit-api-key=$$LIVEKIT_API_KEY" + "--livekit-api-secret=$$LIVEKIT_API_SECRET" + ) + + # Include additional installer flags (trimmed) + if [[ "${var.additionalInstallFlags}" != "" ]]; then + IFS=',' read -ra EXTRA_FLAGS <<< "${var.additionalInstallFlags}" + for extra_flag in "$${EXTRA_FLAGS[@]}"; do + # Trim whitespace around each flag + extra_flag="$(echo -e "$${extra_flag}" | sed -e 's/^[ \t]*//' -e 's/[ \t]*$//')" + if [[ "$$extra_flag" != "" ]]; then + COMMON_ARGS+=("$$extra_flag") + fi + done + fi + + # Turn with TLS + if [[ "${var.turnDomainName}" != "" ]]; then + LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${TurnDomainName}") + COMMON_ARGS+=( + "--turn-domain-name=$$LIVEKIT_TURN_DOMAIN_NAME" + ) + fi + + # Certificate arguments + if [[ "${var.certificateType}" == "selfsigned" ]]; then + CERT_ARGS=( + "--certificate-type=selfsigned" + ) + elif [[ "${var.certificateType}" == "letsencrypt" ]]; then + LETSENCRYPT_EMAIL=$(/usr/local/bin/store_secret.sh save LETSENCRYPT_EMAIL "${var.letsEncryptEmail}") + CERT_ARGS=( + "--certificate-type=letsencrypt" + "--letsencrypt-email=${var.letsEncryptEmail}" + ) + else + # Download owncert files + mkdir -p /tmp/owncert + wget -O /tmp/owncert/fullchain.pem ${var.ownPublicCertificate} + wget -O /tmp/owncert/privkey.pem ${var.ownPrivateCertificate} + + # Convert to base64 + OWN_CERT_CRT=$(base64 -w 0 /tmp/owncert/fullchain.pem) + OWN_CERT_KEY=$(base64 -w 0 /tmp/owncert/privkey.pem) + + CERT_ARGS=( + "--certificate-type=owncert" + "--owncert-public-key=$OWN_CERT_CRT" + "--owncert-private-key=$OWN_CERT_KEY" + ) + + # Turn with TLS and own certificate + if [[ "${var.turnDomainName}" != '' ]]; then + # Download owncert files + mkdir -p /tmp/owncert-turn + wget -O /tmp/owncert-turn/fullchain.pem ${var.turnOwnPublicCertificate} + wget -O /tmp/owncert-turn/privkey.pem ${var.turnOwnPrivateCertificate} + + # Convert to base64 + OWN_CERT_CRT_TURN=$(base64 -w 0 /tmp/owncert-turn/fullchain.pem) + OWN_CERT_KEY_TURN=$(base64 -w 0 /tmp/owncert-turn/privkey.pem) + + CERT_ARGS+=( + "--turn-owncert-private-key=$OWN_CERT_KEY_TURN" + "--turn-owncert-public-key=$OWN_CERT_CRT_TURN" + ) + fi + fi + + # Final command + FINAL_COMMAND="$INSTALL_COMMAND $(printf "%s " "$${COMMON_ARGS[@]}") $(printf "%s " "$${CERT_ARGS[@]}")" + + # Execute installation + exec bash -c "$FINAL_COMMAND" + EOF + + after_install_script = <<-EOF + EOF + + update_config_from_secret_script = <<-EOF + EOF + + update_secret_from_config_script = <<-EOF + EOF + + get_value_from_config_script = <<-EOF + EOF + + store_secret_script = <<-EOF + #!/bin/bash + set -e + + # Authenticate using instance service account + gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true + + # Modes: save, generate + # save mode: save the secret in the secret manager + # generate mode: generate a random password and save it in the secret manager + MODE="$1" + + if [[ "$MODE" == "generate" ]]; then + SECRET_KEY_NAME="$2" + PREFIX="$${3:-}" + LENGTH="$${4:-44}" + RANDOM_PASSWORD="$(openssl rand -base64 64 | tr -d '+/=\n' | cut -c -$${LENGTH})" + RANDOM_PASSWORD="$${PREFIX}$${RANDOM_PASSWORD}" + gcloud secrets versions add $SECRET_KEY_NAME --data-file=<(echo -n "$RANDOM_PASSWORD") 2>/dev/null || echo "$RANDOM_PASSWORD" | gcloud secrets versions add $SECRET_KEY_NAME --data-file=- + if [[ $? -ne 0 ]]; then + echo "Error generating secret" + fi + echo "$RANDOM_PASSWORD" + elif [[ "$MODE" == "save" ]]; then + SECRET_KEY_NAME="$2" + SECRET_VALUE="$3" + gcloud secrets versions add $SECRET_KEY_NAME --data-file=<(echo -n "$SECRET_VALUE") 2>/dev/null || echo "$SECRET_VALUE" | gcloud secrets versions add $SECRET_KEY_NAME --data-file=- + if [[ $? -ne 0 ]]; then + echo "Error generating secret" + fi + echo "$SECRET_VALUE" + else + exit 1 + fi + EOF + + check_app_ready_script = <<-EOF + #!/bin/bash + while true; do + HTTP_STATUS=$(curl -Ik http://localhost:7880 | head -n1 | awk '{print $2}') + if [ $HTTP_STATUS == 200 ]; then + break + fi + sleep 5 + done + EOF + + restart_script = <<-EOF + #!/bin/bash -x + set -e + # Stop all services + systemctl stop openvidu + + # Update config from secret + /usr/local/bin/update_config_from_secret.sh + + # Start all services + systemctl start openvidu + EOF + + user_data = <<-EOF + #!/bin/bash -x + set -eu -o pipefail + + # install.sh + cat > /usr/local/bin/install.sh << 'INSTALL_EOF' + ${local.install_script} + INSTALL_EOF + chmod +x /usr/local/bin/install.sh + + # after_install.sh + cat > /usr/local/bin/after_install.sh << 'AFTER_INSTALL_EOF' + ${local.after_install_script} + AFTER_INSTALL_EOF + chmod +x /usr/local/bin/after_install.sh + + # update_config_from_secret.sh + cat > /usr/local/bin/update_config_from_secret.sh << 'UPDATE_CONFIG_EOF' + ${local.update_config_from_secret_script} + UPDATE_CONFIG_EOF + chmod +x /usr/local/bin/update_config_from_secret.sh + + # update_secret_from_config.sh + cat > /usr/local/bin/update_secret_from_config.sh << 'UPDATE_SECRET_EOF' + ${local.update_secret_from_config_script} + UPDATE_SECRET_EOF + chmod +x /usr/local/bin/update_secret_from_config.sh + + # get_value_from_config.sh + cat > /usr/local/bin/get_value_from_config.sh << 'GET_VALUE_EOF' + ${local.get_value_from_config_script} + GET_VALUE_EOF + chmod +x /usr/local/bin/get_value_from_config.sh + + # store_secret.sh + cat > /usr/local/bin/store_secret.sh << 'STORE_SECRET_EOF' + ${local.store_secret_script} + STORE_SECRET_EOF + chmod +x /usr/local/bin/store_secret.sh + + # check_app_ready.sh + cat > /usr/local/bin/check_app_ready.sh << 'CHECK_APP_EOF' + ${local.check_app_ready_script} + CHECK_APP_EOF + chmod +x /usr/local/bin/check_app_ready.sh + + # restart.sh + cat > /usr/local/bin/restart.sh << 'RESTART_EOF' + ${local.restart_script} + RESTART_EOF + chmod +x /usr/local/bin/restart.sh + + apt-get update && apt-get install -y + + # Install google cli + if ! command -v gcloud >/dev/null 2>&1; then + curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg + echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list + apt-get update && apt-get install -y google-cloud-cli + fi + + # Authenticate with gcloud using instance service account + gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true + gcloud config set account $(curl -s "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email" -H "Metadata-Flavor: Google") + + export HOME="/root" + + # Install OpenVidu + /usr/local/bin/install.sh || { echo "[OpenVidu] error installing OpenVidu"; exit 1; } + + #Config blob storage + # /usr/local/bin/config_blobStorage.sh || { echo "[OpenVidu] error configuring Blob Storage"; exit 1; } + + # Start OpenVidu + systemctl start openvidu || { echo "[OpenVidu] error starting OpenVidu"; exit 1; } + + # Update shared secret + /usr/local/bin/after_install.sh || { echo "[OpenVidu] error updating shared secret"; exit 1; } + + # Launch on reboot + echo "@reboot /usr/local/bin/restart.sh >> /var/log/openvidu-restart.log" 2>&1 | crontab + + # Wait for the app + /usr/local/bin/check_app_ready.sh + EOF + } diff --git a/openvidu-deployment/community/singlenode/gcp/variables.tf b/openvidu-deployment/community/singlenode/gcp/variables.tf index 0d309730..58d68d80 100644 --- a/openvidu-deployment/community/singlenode/gcp/variables.tf +++ b/openvidu-deployment/community/singlenode/gcp/variables.tf @@ -63,7 +63,7 @@ variable "letsEncryptEmail" { default = "" } -variable "additional_install_flags" { +variable "additionalInstallFlags" { description = "Comma-separated additional flags passed to the OpenVidu installer" type = string default = "" @@ -93,12 +93,6 @@ variable "instanceType" { default = "e2-standard-8" } -variable "boot_image" { - description = "Boot image for the instance (family or specific image)" - type = string - default = "projects/ubuntu-os-cloud/global/images/family/ubuntu-2204-lts" -} - variable "bucketName" { description = "If empty, a GCS bucket will be created for app data and recordings" type = string