mirror of https://github.com/OpenVidu/openvidu.git
Implement code changes to enhance functionality and improve performance
Piwccle
parent
61cf2caa94
commit
7f87a759c0
|
|
@ -0,0 +1,5 @@
|
||||||
|
.terraform
|
||||||
|
.terraform.lock.hcl
|
||||||
|
*.tfstate
|
||||||
|
*.tfstate.backup
|
||||||
|
*.tfstate.lock.info
|
||||||
|
|
@ -9,5 +9,5 @@ output "openvidu_public_ip" {
|
||||||
}
|
}
|
||||||
|
|
||||||
output "appdata_bucket" {
|
output "appdata_bucket" {
|
||||||
value = local.isEmpty ? "openvidu-appdata" : var.bucketName
|
value = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -103,7 +103,7 @@ resource "google_compute_instance" "openvidu_server" {
|
||||||
turnDomainName = var.turnDomainName
|
turnDomainName = var.turnDomainName
|
||||||
turnOwnPublicCertificate = var.turnOwnPublicCertificate
|
turnOwnPublicCertificate = var.turnOwnPublicCertificate
|
||||||
turnOwnPrivateCertificate = var.turnOwnPrivateCertificate
|
turnOwnPrivateCertificate = var.turnOwnPrivateCertificate
|
||||||
bucketName = google_storage_bucket.bucket[0].name
|
bucketName = local.isEmpty ? google_storage_bucket.bucket[0].name : var.bucketName
|
||||||
}
|
}
|
||||||
|
|
||||||
service_account {
|
service_account {
|
||||||
|
|
@ -123,12 +123,13 @@ resource "google_compute_instance" "openvidu_server" {
|
||||||
locals {
|
locals {
|
||||||
isEmpty = var.bucketName == ""
|
isEmpty = var.bucketName == ""
|
||||||
install_script = <<-EOF
|
install_script = <<-EOF
|
||||||
#!/bin/bash -x
|
#!/bin/bash -x
|
||||||
OPENVIDU_VERSION=main
|
set -e
|
||||||
DOMAIN=
|
|
||||||
YQ_VERSION=v4.44.5
|
|
||||||
|
|
||||||
apt-get update && apt-get install -y \
|
OPENVIDU_VERSION=main
|
||||||
|
DOMAIN=
|
||||||
|
YQ_VERSION=v4.44.5
|
||||||
|
apt-get update && apt-get install -y \
|
||||||
curl \
|
curl \
|
||||||
unzip \
|
unzip \
|
||||||
jq \
|
jq \
|
||||||
|
|
@ -138,89 +139,86 @@ locals {
|
||||||
lsb-release \
|
lsb-release \
|
||||||
openssl
|
openssl
|
||||||
|
|
||||||
wget https://github.com/mikefarah/yq/releases/download/$${YQ_VERSION}/yq_linux_amd64.tar.gz -O - |\
|
wget https://github.com/mikefarah/yq/releases/download/$${YQ_VERSION}/yq_linux_amd64.tar.gz -O - |\
|
||||||
tar xz && mv yq_linux_amd64 /usr/bin/yq
|
tar xz && mv yq_linux_amd64 /usr/bin/yq
|
||||||
|
|
||||||
# Configure gcloud with instance service account
|
# Configure gcloud with instance service account
|
||||||
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
||||||
|
METADATA_URL="http://metadata.google.internal/computeMetadata/v1"
|
||||||
|
get_meta() { curl -s -H "Metadata-Flavor: Google" "$${METADATA_URL}/$1"; }
|
||||||
|
|
||||||
METADATA_URL="http://metadata.google.internal/computeMetadata/v1"
|
# Create counter file for tracking script executions
|
||||||
get_meta() { curl -s -H "Metadata-Flavor: Google" "$${METADATA_URL}/$1"; }
|
echo 1 > /usr/local/bin/openvidu_install_counter.txt
|
||||||
|
|
||||||
# Create counter file for tracking script executions
|
# Create all the secrets
|
||||||
echo "1" > /tmp/openvidu_install_counter.txt
|
gcloud secrets create OPENVIDU_URL --replication-policy=automatic || true
|
||||||
|
gcloud secrets create MEET_INITIAL_ADMIN_USER --replication-policy=automatic || true
|
||||||
|
gcloud secrets create MEET_INITIAL_ADMIN_PASSWORD --replication-policy=automatic || true
|
||||||
|
gcloud secrets create MEET_INITIAL_API_KEY --replication-policy=automatic || true
|
||||||
|
gcloud secrets create LIVEKIT_URL --replication-policy=automatic || true
|
||||||
|
gcloud secrets create LIVEKIT_API_KEY --replication-policy=automatic || true
|
||||||
|
gcloud secrets create LIVEKIT_API_SECRET --replication-policy=automatic || true
|
||||||
|
gcloud secrets create DASHBOARD_URL --replication-policy=automatic || true
|
||||||
|
gcloud secrets create GRAFANA_URL --replication-policy=automatic || true
|
||||||
|
gcloud secrets create MINIO_URL --replication-policy=automatic || true
|
||||||
|
gcloud secrets create DOMAIN_NAME --replication-policy=automatic || true
|
||||||
|
gcloud secrets create LIVEKIT_TURN_DOMAIN_NAME --replication-policy=automatic || true
|
||||||
|
gcloud secrets create REDIS_PASSWORD --replication-policy=automatic || true
|
||||||
|
gcloud secrets create MONGO_ADMIN_USERNAME --replication-policy=automatic || true
|
||||||
|
gcloud secrets create MONGO_ADMIN_PASSWORD --replication-policy=automatic || true
|
||||||
|
gcloud secrets create MONGO_REPLICA_SET_KEY --replication-policy=automatic || true
|
||||||
|
gcloud secrets create MINIO_ACCESS_KEY --replication-policy=automatic || true
|
||||||
|
gcloud secrets create MINIO_SECRET_KEY --replication-policy=automatic || true
|
||||||
|
gcloud secrets create DASHBOARD_ADMIN_USERNAME --replication-policy=automatic || true
|
||||||
|
gcloud secrets create DASHBOARD_ADMIN_PASSWORD --replication-policy=automatic || true
|
||||||
|
gcloud secrets create GRAFANA_ADMIN_USERNAME --replication-policy=automatic || true
|
||||||
|
gcloud secrets create GRAFANA_ADMIN_PASSWORD --replication-policy=automatic || true
|
||||||
|
gcloud secrets create ENABLED_MODULES --replication-policy=automatic || true
|
||||||
|
|
||||||
|
# Configure domain
|
||||||
# Create all the secrets
|
if [[ "${var.domainName}" == "" ]]; then
|
||||||
gcloud secrets create OPENVIDU_URL --replication-policy=automatic || true
|
|
||||||
gcloud secrets create MEET_INITIAL_ADMIN_USER --replication-policy=automatic || true
|
|
||||||
gcloud secrets create MEET_INITIAL_ADMIN_PASSWORD --replication-policy=automatic || true
|
|
||||||
gcloud secrets create MEET_INITIAL_API_KEY --replication-policy=automatic || true
|
|
||||||
gcloud secrets create LIVEKIT_URL --replication-policy=automatic || true
|
|
||||||
gcloud secrets create LIVEKIT_API_KEY --replication-policy=automatic || true
|
|
||||||
gcloud secrets create LIVEKIT_API_SECRET --replication-policy=automatic || true
|
|
||||||
gcloud secrets create DASHBOARD_URL --replication-policy=automatic || true
|
|
||||||
gcloud secrets create GRAFANA_URL --replication-policy=automatic || true
|
|
||||||
gcloud secrets create MINIO_URL --replication-policy=automatic || true
|
|
||||||
gcloud secrets create DOMAIN_NAME --replication-policy=automatic || true
|
|
||||||
gcloud secrets create LIVEKIT_TURN_DOMAIN_NAME --replication-policy=automatic || true
|
|
||||||
gcloud secrets create REDIS_PASSWORD --replication-policy=automatic || true
|
|
||||||
gcloud secrets create MONGO_ADMIN_USERNAME --replication-policy=automatic || true
|
|
||||||
gcloud secrets create MONGO_ADMIN_PASSWORD --replication-policy=automatic || true
|
|
||||||
gcloud secrets create MONGO_REPLICA_SET_KEY --replication-policy=automatic || true
|
|
||||||
gcloud secrets create MINIO_ACCESS_KEY --replication-policy=automatic || true
|
|
||||||
gcloud secrets create MINIO_SECRET_KEY --replication-policy=automatic || true
|
|
||||||
gcloud secrets create DASHBOARD_ADMIN_USERNAME --replication-policy=automatic || true
|
|
||||||
gcloud secrets create DASHBOARD_ADMIN_PASSWORD --replication-policy=automatic || true
|
|
||||||
gcloud secrets create GRAFANA_ADMIN_USERNAME --replication-policy=automatic || true
|
|
||||||
gcloud secrets create GRAFANA_ADMIN_PASSWORD --replication-policy=automatic || true
|
|
||||||
gcloud secrets create ENABLED_MODULES --replication-policy=automatic || true
|
|
||||||
|
|
||||||
# Configure domain
|
|
||||||
if [[ "${var.domainName}" == "" ]]; then
|
|
||||||
[ ! -d "/usr/share/openvidu" ] && mkdir -p /usr/share/openvidu
|
[ ! -d "/usr/share/openvidu" ] && mkdir -p /usr/share/openvidu
|
||||||
EXTERNAL_IP=$(get_meta "instance/network-interfaces/0/access-configs/0/external-ip")
|
EXTERNAL_IP=$(get_meta "instance/network-interfaces/0/access-configs/0/external-ip")
|
||||||
RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8)
|
RANDOM_DOMAIN_STRING=$(tr -dc 'a-z' < /dev/urandom | head -c 8)
|
||||||
DOMAIN=openvidu-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io
|
DOMAIN=openvidu-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io
|
||||||
TURN_DOMAIN_NAME_SSLIP_IO=turn-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io
|
TURN_DOMAIN_NAME_SSLIP_IO=turn-$RANDOM_DOMAIN_STRING-$(echo $EXTERNAL_IP | tr '.' '-').sslip.io
|
||||||
else
|
else
|
||||||
DOMAIN="${var.domainName}"
|
DOMAIN="${var.domainName}"
|
||||||
fi
|
fi
|
||||||
DOMAIN="$(/usr/local/bin/store_secret.sh save DOMAIN_NAME "$DOMAIN")"
|
DOMAIN="$(/usr/local/bin/store_secret.sh save DOMAIN_NAME "$DOMAIN")"
|
||||||
|
|
||||||
# Meet initial admin user and password
|
# Meet initial admin user and password
|
||||||
MEET_INITIAL_ADMIN_USER="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_ADMIN_USER "admin")"
|
MEET_INITIAL_ADMIN_USER="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_ADMIN_USER "admin")"
|
||||||
if [[ "${var.initialMeetAdminPassword}" != '' ]]; then
|
if [[ "${var.initialMeetAdminPassword}" != '' ]]; then
|
||||||
MEET_INITIAL_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_ADMIN_PASSWORD "${var.initialMeetAdminPassword}")"
|
MEET_INITIAL_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_ADMIN_PASSWORD "${var.initialMeetAdminPassword}")"
|
||||||
else
|
else
|
||||||
MEET_INITIAL_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate MEET_INITIAL_ADMIN_PASSWORD)"
|
MEET_INITIAL_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate MEET_INITIAL_ADMIN_PASSWORD)"
|
||||||
fi
|
fi
|
||||||
if [[ "${var.initialMeetApiKey}" != '' ]]; then
|
|
||||||
|
if [[ "${var.initialMeetApiKey}" != '' ]]; then
|
||||||
MEET_INITIAL_API_KEY="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_API_KEY "${var.initialMeetApiKey}")"
|
MEET_INITIAL_API_KEY="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_API_KEY "${var.initialMeetApiKey}")"
|
||||||
else
|
fi
|
||||||
MEET_INITIAL_API_KEY="$(/usr/local/bin/store_secret.sh save MEET_INITIAL_API_KEY "")"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Store usernames and generate random passwords
|
# Store usernames and generate random passwords
|
||||||
REDIS_PASSWORD="$(/usr/local/bin/store_secret.sh generate REDIS_PASSWORD)"
|
REDIS_PASSWORD="$(/usr/local/bin/store_secret.sh generate REDIS_PASSWORD)"
|
||||||
MONGO_ADMIN_USERNAME="$(/usr/local/bin/store_secret.sh save MONGO_ADMIN_USERNAME "mongoadmin")"
|
MONGO_ADMIN_USERNAME="$(/usr/local/bin/store_secret.sh save MONGO_ADMIN_USERNAME "mongoadmin")"
|
||||||
MONGO_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate MONGO_ADMIN_PASSWORD)"
|
MONGO_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate MONGO_ADMIN_PASSWORD)"
|
||||||
MONGO_REPLICA_SET_KEY="$(/usr/local/bin/store_secret.sh generate MONGO_REPLICA_SET_KEY)"
|
MONGO_REPLICA_SET_KEY="$(/usr/local/bin/store_secret.sh generate MONGO_REPLICA_SET_KEY)"
|
||||||
MINIO_ACCESS_KEY="$(/usr/local/bin/store_secret.sh save MINIO_ACCESS_KEY "minioadmin")"
|
MINIO_ACCESS_KEY="$(/usr/local/bin/store_secret.sh save MINIO_ACCESS_KEY "minioadmin")"
|
||||||
MINIO_SECRET_KEY="$(/usr/local/bin/store_secret.sh generate MINIO_SECRET_KEY)"
|
MINIO_SECRET_KEY="$(/usr/local/bin/store_secret.sh generate MINIO_SECRET_KEY)"
|
||||||
DASHBOARD_ADMIN_USERNAME="$(/usr/local/bin/store_secret.sh save DASHBOARD_ADMIN_USERNAME "dashboardadmin")"
|
DASHBOARD_ADMIN_USERNAME="$(/usr/local/bin/store_secret.sh save DASHBOARD_ADMIN_USERNAME "dashboardadmin")"
|
||||||
DASHBOARD_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate DASHBOARD_ADMIN_PASSWORD)"
|
DASHBOARD_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate DASHBOARD_ADMIN_PASSWORD)"
|
||||||
GRAFANA_ADMIN_USERNAME="$(/usr/local/bin/store_secret.sh save GRAFANA_ADMIN_USERNAME "grafanaadmin")"
|
GRAFANA_ADMIN_USERNAME="$(/usr/local/bin/store_secret.sh save GRAFANA_ADMIN_USERNAME "grafanaadmin")"
|
||||||
GRAFANA_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate GRAFANA_ADMIN_PASSWORD)"
|
GRAFANA_ADMIN_PASSWORD="$(/usr/local/bin/store_secret.sh generate GRAFANA_ADMIN_PASSWORD)"
|
||||||
ENABLED_MODULES="$(/usr/local/bin/store_secret.sh save ENABLED_MODULES "observability,openviduMeet")"
|
ENABLED_MODULES="$(/usr/local/bin/store_secret.sh save ENABLED_MODULES "observability,openviduMeet")"
|
||||||
LIVEKIT_API_KEY="$(/usr/local/bin/store_secret.sh generate LIVEKIT_API_KEY "API" 12)"
|
LIVEKIT_API_KEY="$(/usr/local/bin/store_secret.sh generate LIVEKIT_API_KEY "API" 12)"
|
||||||
LIVEKIT_API_SECRET="$(/usr/local/bin/store_secret.sh generate LIVEKIT_API_SECRET)"
|
LIVEKIT_API_SECRET="$(/usr/local/bin/store_secret.sh generate LIVEKIT_API_SECRET)"
|
||||||
|
|
||||||
# Build install command and args
|
# Build install command and args
|
||||||
INSTALL_COMMAND="sh <(curl -fsSL http://get.openvidu.io/community/singlenode/$OPENVIDU_VERSION/install.sh)"
|
INSTALL_COMMAND="sh <(curl -fsSL http://get.openvidu.io/community/singlenode/$OPENVIDU_VERSION/install.sh)"
|
||||||
|
|
||||||
# Common arguments
|
# Common arguments
|
||||||
COMMON_ARGS=(
|
COMMON_ARGS=(
|
||||||
"--no-tty"
|
"--no-tty"
|
||||||
"--install"
|
"--install"
|
||||||
"--environment=gcp"
|
"--environment=gcp"
|
||||||
|
|
@ -241,10 +239,10 @@ locals {
|
||||||
"--meet-initial-api-key=$MEET_INITIAL_API_KEY"
|
"--meet-initial-api-key=$MEET_INITIAL_API_KEY"
|
||||||
"--livekit-api-key=$LIVEKIT_API_KEY"
|
"--livekit-api-key=$LIVEKIT_API_KEY"
|
||||||
"--livekit-api-secret=$LIVEKIT_API_SECRET"
|
"--livekit-api-secret=$LIVEKIT_API_SECRET"
|
||||||
)
|
)
|
||||||
|
|
||||||
# Include additional installer flags provided by the user
|
# Include additional installer flags provided by the user
|
||||||
if [[ "${var.additionalInstallFlags}" != "" ]]; then
|
if [[ "${var.additionalInstallFlags}" != "" ]]; then
|
||||||
IFS=',' read -ra EXTRA_FLAGS <<< "${var.additionalInstallFlags}"
|
IFS=',' read -ra EXTRA_FLAGS <<< "${var.additionalInstallFlags}"
|
||||||
for extra_flag in "$${EXTRA_FLAGS[@]}"; do
|
for extra_flag in "$${EXTRA_FLAGS[@]}"; do
|
||||||
# Trim whitespace around each flag
|
# Trim whitespace around each flag
|
||||||
|
|
@ -253,31 +251,31 @@ locals {
|
||||||
COMMON_ARGS+=("$extra_flag")
|
COMMON_ARGS+=("$extra_flag")
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Turn with TLS
|
# Turn with TLS
|
||||||
if [[ "$TURN_DOMAIN_NAME_SSLIP_IO" != "" ]]; then
|
if [[ "$TURN_DOMAIN_NAME_SSLIP_IO" != "" ]]; then
|
||||||
LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "$TURN_DOMAIN_NAME_SSLIP_IO")
|
LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "$TURN_DOMAIN_NAME_SSLIP_IO")
|
||||||
COMMON_ARGS+=(
|
COMMON_ARGS+=(
|
||||||
"--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME"
|
"--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME"
|
||||||
)
|
)
|
||||||
elif [[ "${var.turnDomainName}" != '' ]]; then
|
elif [[ "${var.turnDomainName}" != '' ]]; then
|
||||||
LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${var.turnDomainName}")
|
LIVEKIT_TURN_DOMAIN_NAME=$(/usr/local/bin/store_secret.sh save LIVEKIT_TURN_DOMAIN_NAME "${var.turnDomainName}")
|
||||||
COMMON_ARGS+=(
|
COMMON_ARGS+=(
|
||||||
"--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME"
|
"--turn-domain-name=$LIVEKIT_TURN_DOMAIN_NAME"
|
||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Certificate arguments
|
# Certificate arguments
|
||||||
if [[ "${var.certificateType}" == "selfsigned" ]]; then
|
if [[ "${var.certificateType}" == "selfsigned" ]]; then
|
||||||
CERT_ARGS=(
|
CERT_ARGS=(
|
||||||
"--certificate-type=selfsigned"
|
"--certificate-type=selfsigned"
|
||||||
)
|
)
|
||||||
elif [[ "${var.certificateType}" == "letsencrypt" ]]; then
|
elif [[ "${var.certificateType}" == "letsencrypt" ]]; then
|
||||||
CERT_ARGS=(
|
CERT_ARGS=(
|
||||||
"--certificate-type=letsencrypt"
|
"--certificate-type=letsencrypt"
|
||||||
)
|
)
|
||||||
else
|
else
|
||||||
# Download owncert files
|
# Download owncert files
|
||||||
mkdir -p /tmp/owncert
|
mkdir -p /tmp/owncert
|
||||||
wget -O /tmp/owncert/fullchain.pem ${var.ownPublicCertificate}
|
wget -O /tmp/owncert/fullchain.pem ${var.ownPublicCertificate}
|
||||||
|
|
@ -286,7 +284,6 @@ locals {
|
||||||
# Convert to base64
|
# Convert to base64
|
||||||
OWN_CERT_CRT=$(base64 -w 0 /tmp/owncert/fullchain.pem)
|
OWN_CERT_CRT=$(base64 -w 0 /tmp/owncert/fullchain.pem)
|
||||||
OWN_CERT_KEY=$(base64 -w 0 /tmp/owncert/privkey.pem)
|
OWN_CERT_KEY=$(base64 -w 0 /tmp/owncert/privkey.pem)
|
||||||
|
|
||||||
CERT_ARGS=(
|
CERT_ARGS=(
|
||||||
"--certificate-type=owncert"
|
"--certificate-type=owncert"
|
||||||
"--owncert-public-key=$OWN_CERT_CRT"
|
"--owncert-public-key=$OWN_CERT_CRT"
|
||||||
|
|
@ -299,287 +296,275 @@ locals {
|
||||||
mkdir -p /tmp/owncert-turn
|
mkdir -p /tmp/owncert-turn
|
||||||
wget -O /tmp/owncert-turn/fullchain.pem ${var.turnOwnPublicCertificate}
|
wget -O /tmp/owncert-turn/fullchain.pem ${var.turnOwnPublicCertificate}
|
||||||
wget -O /tmp/owncert-turn/privkey.pem ${var.turnOwnPrivateCertificate}
|
wget -O /tmp/owncert-turn/privkey.pem ${var.turnOwnPrivateCertificate}
|
||||||
|
|
||||||
# Convert to base64
|
# Convert to base64
|
||||||
OWN_CERT_CRT_TURN=$(base64 -w 0 /tmp/owncert-turn/fullchain.pem)
|
OWN_CERT_CRT_TURN=$(base64 -w 0 /tmp/owncert-turn/fullchain.pem)
|
||||||
OWN_CERT_KEY_TURN=$(base64 -w 0 /tmp/owncert-turn/privkey.pem)
|
OWN_CERT_KEY_TURN=$(base64 -w 0 /tmp/owncert-turn/privkey.pem)
|
||||||
|
|
||||||
CERT_ARGS+=(
|
CERT_ARGS+=(
|
||||||
"--turn-owncert-private-key=$OWN_CERT_KEY_TURN"
|
"--turn-owncert-private-key=$OWN_CERT_KEY_TURN"
|
||||||
"--turn-owncert-public-key=$OWN_CERT_CRT_TURN"
|
"--turn-owncert-public-key=$OWN_CERT_CRT_TURN"
|
||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Final command
|
# Final command
|
||||||
FINAL_COMMAND="$INSTALL_COMMAND $(printf "%s " "$${COMMON_ARGS[@]}") $(printf "%s " "$${CERT_ARGS[@]}")"
|
FINAL_COMMAND="$INSTALL_COMMAND $(printf "%s " "$${COMMON_ARGS[@]}") $(printf "%s " "$${CERT_ARGS[@]}")"
|
||||||
|
|
||||||
# Execute installation
|
# Execute installation
|
||||||
exec bash -c "$FINAL_COMMAND"
|
exec bash -c "$FINAL_COMMAND"
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
config_s3_script = <<-EOF
|
config_s3_script = <<-EOF
|
||||||
#!/bin/bash -x
|
#!/bin/bash -x
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# Configure gcloud with instance service account
|
# Configure gcloud with instance service account
|
||||||
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
||||||
|
|
||||||
# Install dir and config dir
|
# Install dir and config dir
|
||||||
INSTALL_DIR="/opt/openvidu"
|
INSTALL_DIR="/opt/openvidu"
|
||||||
CONFIG_DIR="$${INSTALL_DIR}/config"
|
CONFIG_DIR="$${INSTALL_DIR}/config"
|
||||||
|
|
||||||
METADATA_URL="http://metadata.google.internal/computeMetadata/v1"
|
METADATA_URL="http://metadata.google.internal/computeMetadata/v1"
|
||||||
get_meta() { curl -s -H "Metadata-Flavor: Google" "$${METADATA_URL}/$1"; }
|
get_meta() { curl -s -H "Metadata-Flavor: Google" "$${METADATA_URL}/$1"; }
|
||||||
|
SERVICE_ACCOUNT_EMAIL=$(get_meta "instance/service-accounts/default/email")
|
||||||
|
|
||||||
SERVICE_ACCOUNT_EMAIL=$(get_meta "instance/service-accounts/default/email")
|
# Create key for service account
|
||||||
# Create key for service account
|
gcloud iam service-accounts keys create credentials.json --iam-account=$SERVICE_ACCOUNT_EMAIL
|
||||||
gcloud iam service-accounts keys create credentials.json --iam-account=$SERVICE_ACCOUNT_EMAIL
|
|
||||||
|
|
||||||
# Get credentials
|
# Create HMAC key and parse output
|
||||||
# Create HMAC key and parse output
|
HMAC_OUTPUT=$(gcloud storage hmac create $SERVICE_ACCOUNT_EMAIL --format="json")
|
||||||
HMAC_OUTPUT=$(gcloud storage hmac create $SERVICE_ACCOUNT_EMAIL --format="json")
|
EXTERNAL_S3_ACCESS_KEY=$(echo "$HMAC_OUTPUT" | jq -r '.metadata.accessId')
|
||||||
EXTERNAL_S3_ACCESS_KEY=$(echo "$HMAC_OUTPUT" | jq -r '.metadata.accessId')
|
EXTERNAL_S3_SECRET_KEY=$(echo "$HMAC_OUTPUT" | jq -r '.secret')
|
||||||
EXTERNAL_S3_SECRET_KEY=$(echo "$HMAC_OUTPUT" | jq -r '.secret')
|
|
||||||
|
|
||||||
# Config S3 bucket
|
# Config S3 bucket
|
||||||
EXTERNAL_S3_ENDPOINT="https://storage.googleapis.com"
|
EXTERNAL_S3_ENDPOINT="https://storage.googleapis.com"
|
||||||
EXTERNAL_S3_REGION="${var.region}"
|
EXTERNAL_S3_REGION="${var.region}"
|
||||||
EXTERNAL_S3_PATH_STYLE_ACCESS="true"
|
EXTERNAL_S3_PATH_STYLE_ACCESS="true"
|
||||||
EXTERNAL_S3_BUCKET_APP_DATA=${google_storage_bucket.bucket[0].name}
|
EXTERNAL_S3_BUCKET_APP_DATA=${google_storage_bucket.bucket[0].name}
|
||||||
|
|
||||||
# Update egress.yaml to use hardcoded credentials instead of env variable
|
# Update egress.yaml to use hardcoded credentials instead of env variable
|
||||||
if [ -f "$${CONFIG_DIR}/egress.yaml" ]; then
|
if [ -f "$${CONFIG_DIR}/egress.yaml" ]; then
|
||||||
yq eval --inplace '.storage.gcp.credentials_json = (load("/credentials.json") | tostring) | .storage.gcp.credentials_json style="single"' /opt/openvidu/config/egress.yaml
|
yq eval --inplace '.storage.gcp.credentials_json = (load("/credentials.json") | tostring) | .storage.gcp.credentials_json style="single"' /opt/openvidu/config/egress.yaml
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sed -i "s|EXTERNAL_S3_ENDPOINT=.*|EXTERNAL_S3_ENDPOINT=$EXTERNAL_S3_ENDPOINT|" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s|EXTERNAL_S3_ENDPOINT=.*|EXTERNAL_S3_ENDPOINT=$EXTERNAL_S3_ENDPOINT|" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s|EXTERNAL_S3_REGION=.*|EXTERNAL_S3_REGION=$EXTERNAL_S3_REGION|" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s|EXTERNAL_S3_REGION=.*|EXTERNAL_S3_REGION=$EXTERNAL_S3_REGION|" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s|EXTERNAL_S3_PATH_STYLE_ACCESS=.*|EXTERNAL_S3_PATH_STYLE_ACCESS=$EXTERNAL_S3_PATH_STYLE_ACCESS|" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s|EXTERNAL_S3_PATH_STYLE_ACCESS=.*|EXTERNAL_S3_PATH_STYLE_ACCESS=$EXTERNAL_S3_PATH_STYLE_ACCESS|" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s|EXTERNAL_S3_BUCKET_APP_DATA=.*|EXTERNAL_S3_BUCKET_APP_DATA=$EXTERNAL_S3_BUCKET_APP_DATA|" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s|EXTERNAL_S3_BUCKET_APP_DATA=.*|EXTERNAL_S3_BUCKET_APP_DATA=$EXTERNAL_S3_BUCKET_APP_DATA|" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s|EXTERNAL_S3_ACCESS_KEY=.*|EXTERNAL_S3_ACCESS_KEY=$EXTERNAL_S3_ACCESS_KEY|" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s|EXTERNAL_S3_ACCESS_KEY=.*|EXTERNAL_S3_ACCESS_KEY=$EXTERNAL_S3_ACCESS_KEY|" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s|EXTERNAL_S3_SECRET_KEY=.*|EXTERNAL_S3_SECRET_KEY=$EXTERNAL_S3_SECRET_KEY|" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s|EXTERNAL_S3_SECRET_KEY=.*|EXTERNAL_S3_SECRET_KEY=$EXTERNAL_S3_SECRET_KEY|" "$${CONFIG_DIR}/openvidu.env"
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
after_install_script = <<-EOF
|
after_install_script = <<-EOF
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# Configure gcloud with instance service account
|
# Configure gcloud with instance service account
|
||||||
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
||||||
|
|
||||||
|
# Generate URLs
|
||||||
|
DOMAIN=$(gcloud secrets versions access latest --secret=DOMAIN_NAME)
|
||||||
|
OPENVIDU_URL="https://$${DOMAIN}/"
|
||||||
|
LIVEKIT_URL="wss://$${DOMAIN}/"
|
||||||
|
DASHBOARD_URL="https://$${DOMAIN}/dashboard/"
|
||||||
|
GRAFANA_URL="https://$${DOMAIN}/grafana/"
|
||||||
|
MINIO_URL="https://$${DOMAIN}/minio-console/"
|
||||||
|
|
||||||
# Generate URLs
|
# Update shared secret
|
||||||
DOMAIN=$(gcloud secrets versions access latest --secret=DOMAIN_NAME)
|
echo -n "$DOMAIN" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
||||||
OPENVIDU_URL="https://$${DOMAIN}/"
|
echo -n "$OPENVIDU_URL" | gcloud secrets versions add OPENVIDU_URL --data-file=-
|
||||||
LIVEKIT_URL="wss://$${DOMAIN}/"
|
echo -n "$LIVEKIT_URL" | gcloud secrets versions add LIVEKIT_URL --data-file=-
|
||||||
DASHBOARD_URL="https://$${DOMAIN}/dashboard/"
|
echo -n "$DASHBOARD_URL" | gcloud secrets versions add DASHBOARD_URL --data-file=-
|
||||||
GRAFANA_URL="https://$${DOMAIN}/grafana/"
|
echo -n "$GRAFANA_URL" | gcloud secrets versions add GRAFANA_URL --data-file=-
|
||||||
MINIO_URL="https://$${DOMAIN}/minio-console/"
|
echo -n "$MINIO_URL" | gcloud secrets versions add MINIO_URL --data-file=-
|
||||||
|
gcloud secrets versions access latest --secret=MINIO_URL
|
||||||
# Update shared secret
|
if [[ $? -ne 0 ]]; then
|
||||||
echo -n "$DOMAIN" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
|
||||||
echo -n "$OPENVIDU_URL" | gcloud secrets versions add OPENVIDU_URL --data-file=-
|
|
||||||
echo -n "$LIVEKIT_URL" | gcloud secrets versions add LIVEKIT_URL --data-file=-
|
|
||||||
echo -n "$DASHBOARD_URL" | gcloud secrets versions add DASHBOARD_URL --data-file=-
|
|
||||||
echo -n "$GRAFANA_URL" | gcloud secrets versions add GRAFANA_URL --data-file=-
|
|
||||||
echo -n "$MINIO_URL" | gcloud secrets versions add MINIO_URL --data-file=-
|
|
||||||
|
|
||||||
gcloud secrets versions access latest --secret=MINIO_URL
|
|
||||||
|
|
||||||
if [[ $? -ne 0 ]]; then
|
|
||||||
echo "Error updating secret_manager"
|
echo "Error updating secret_manager"
|
||||||
fi
|
fi
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
update_config_from_secret_script = <<-EOF
|
update_config_from_secret_script = <<-EOF
|
||||||
#!/bin/bash -x
|
#!/bin/bash -x
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# Configure gcloud with instance service account
|
# Configure gcloud with instance service account
|
||||||
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
||||||
|
|
||||||
# Installation directory
|
# Installation directory
|
||||||
INSTALL_DIR="/opt/openvidu"
|
INSTALL_DIR="/opt/openvidu"
|
||||||
CONFIG_DIR="$${INSTALL_DIR}/config"
|
CONFIG_DIR="$${INSTALL_DIR}/config"
|
||||||
|
|
||||||
# Replace DOMAIN_NAME
|
# Replace DOMAIN_NAME
|
||||||
export DOMAIN=$(gcloud secrets versions access latest --secret=DOMAIN_NAME)
|
export DOMAIN=$(gcloud secrets versions access latest --secret=DOMAIN_NAME)
|
||||||
if [[ -n "$DOMAIN" ]]; then
|
if [[ -n "$DOMAIN" ]]; then
|
||||||
sed -i "s/DOMAIN_NAME=.*/DOMAIN_NAME=$DOMAIN/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/DOMAIN_NAME=.*/DOMAIN_NAME=$DOMAIN/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
else
|
else
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Replace LIVEKIT_TURN_DOMAIN_NAME
|
# Replace LIVEKIT_TURN_DOMAIN_NAME
|
||||||
export LIVEKIT_TURN_DOMAIN_NAME=$(gcloud secrets versions access latest --secret=LIVEKIT_TURN_DOMAIN_NAME)
|
export LIVEKIT_TURN_DOMAIN_NAME=$(gcloud secrets versions access latest --secret=LIVEKIT_TURN_DOMAIN_NAME)
|
||||||
if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then
|
if [[ -n "$LIVEKIT_TURN_DOMAIN_NAME" ]]; then
|
||||||
sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/LIVEKIT_TURN_DOMAIN_NAME=.*/LIVEKIT_TURN_DOMAIN_NAME=$LIVEKIT_TURN_DOMAIN_NAME/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Get the rest of the values
|
# Get the rest of the values
|
||||||
export REDIS_PASSWORD=$(gcloud secrets versions access latest --secret=REDIS_PASSWORD)
|
export REDIS_PASSWORD=$(gcloud secrets versions access latest --secret=REDIS_PASSWORD)
|
||||||
export MONGO_ADMIN_USERNAME=$(gcloud secrets versions access latest --secret=MONGO_ADMIN_USERNAME)
|
export MONGO_ADMIN_USERNAME=$(gcloud secrets versions access latest --secret=MONGO_ADMIN_USERNAME)
|
||||||
export MONGO_ADMIN_PASSWORD=$(gcloud secrets versions access latest --secret=MONGO_ADMIN_PASSWORD)
|
export MONGO_ADMIN_PASSWORD=$(gcloud secrets versions access latest --secret=MONGO_ADMIN_PASSWORD)
|
||||||
export MONGO_REPLICA_SET_KEY=$(gcloud secrets versions access latest --secret=MONGO_REPLICA_SET_KEY)
|
export MONGO_REPLICA_SET_KEY=$(gcloud secrets versions access latest --secret=MONGO_REPLICA_SET_KEY)
|
||||||
export DASHBOARD_ADMIN_USERNAME=$(gcloud secrets versions access latest --secret=DASHBOARD_ADMIN_USERNAME)
|
export DASHBOARD_ADMIN_USERNAME=$(gcloud secrets versions access latest --secret=DASHBOARD_ADMIN_USERNAME)
|
||||||
export DASHBOARD_ADMIN_PASSWORD=$(gcloud secrets versions access latest --secret=DASHBOARD_ADMIN_PASSWORD)
|
export DASHBOARD_ADMIN_PASSWORD=$(gcloud secrets versions access latest --secret=DASHBOARD_ADMIN_PASSWORD)
|
||||||
export MINIO_ACCESS_KEY=$(gcloud secrets versions access latest --secret=MINIO_ACCESS_KEY)
|
export MINIO_ACCESS_KEY=$(gcloud secrets versions access latest --secret=MINIO_ACCESS_KEY)
|
||||||
export MINIO_SECRET_KEY=$(gcloud secrets versions access latest --secret=MINIO_SECRET_KEY)
|
export MINIO_SECRET_KEY=$(gcloud secrets versions access latest --secret=MINIO_SECRET_KEY)
|
||||||
export GRAFANA_ADMIN_USERNAME=$(gcloud secrets versions access latest --secret=GRAFANA_ADMIN_USERNAME)
|
export GRAFANA_ADMIN_USERNAME=$(gcloud secrets versions access latest --secret=GRAFANA_ADMIN_USERNAME)
|
||||||
export GRAFANA_ADMIN_PASSWORD=$(gcloud secrets versions access latest --secret=GRAFANA_ADMIN_PASSWORD)
|
export GRAFANA_ADMIN_PASSWORD=$(gcloud secrets versions access latest --secret=GRAFANA_ADMIN_PASSWORD)
|
||||||
export LIVEKIT_API_KEY=$(gcloud secrets versions access latest --secret=LIVEKIT_API_KEY)
|
export LIVEKIT_API_KEY=$(gcloud secrets versions access latest --secret=LIVEKIT_API_KEY)
|
||||||
export LIVEKIT_API_SECRET=$(gcloud secrets versions access latest --secret=LIVEKIT_API_SECRET)
|
export LIVEKIT_API_SECRET=$(gcloud secrets versions access latest --secret=LIVEKIT_API_SECRET)
|
||||||
export MEET_INITIAL_ADMIN_USER=$(gcloud secrets versions access latest --secret=MEET_INITIAL_ADMIN_USER)
|
export MEET_INITIAL_ADMIN_USER=$(gcloud secrets versions access latest --secret=MEET_INITIAL_ADMIN_USER)
|
||||||
export MEET_INITIAL_ADMIN_PASSWORD=$(gcloud secrets versions access latest --secret=MEET_INITIAL_ADMIN_PASSWORD)
|
export MEET_INITIAL_ADMIN_PASSWORD=$(gcloud secrets versions access latest --secret=MEET_INITIAL_ADMIN_PASSWORD)
|
||||||
if [[ "${var.initialMeetApiKey}" != '' ]]; then
|
if [[ "${var.initialMeetApiKey}" != '' ]]; then
|
||||||
export MEET_INITIAL_API_KEY=$(gcloud secrets versions access latest --secret=MEET_INITIAL_API_KEY)
|
export MEET_INITIAL_API_KEY=$(gcloud secrets versions access latest --secret=MEET_INITIAL_API_KEY)
|
||||||
fi
|
fi
|
||||||
export ENABLED_MODULES=$(gcloud secrets versions access latest --secret=ENABLED_MODULES)
|
export ENABLED_MODULES=$(gcloud secrets versions access latest --secret=ENABLED_MODULES)
|
||||||
|
|
||||||
|
# Replace rest of the values
|
||||||
# Replace rest of the values
|
sed -i "s/REDIS_PASSWORD=.*/REDIS_PASSWORD=$REDIS_PASSWORD/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/REDIS_PASSWORD=.*/REDIS_PASSWORD=$REDIS_PASSWORD/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/MONGO_ADMIN_USERNAME=.*/MONGO_ADMIN_USERNAME=$MONGO_ADMIN_USERNAME/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/MONGO_ADMIN_USERNAME=.*/MONGO_ADMIN_USERNAME=$MONGO_ADMIN_USERNAME/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/MONGO_ADMIN_PASSWORD=.*/MONGO_ADMIN_PASSWORD=$MONGO_ADMIN_PASSWORD/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/MONGO_ADMIN_PASSWORD=.*/MONGO_ADMIN_PASSWORD=$MONGO_ADMIN_PASSWORD/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/MONGO_REPLICA_SET_KEY=.*/MONGO_REPLICA_SET_KEY=$MONGO_REPLICA_SET_KEY/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/MONGO_REPLICA_SET_KEY=.*/MONGO_REPLICA_SET_KEY=$MONGO_REPLICA_SET_KEY/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/DASHBOARD_ADMIN_USERNAME=.*/DASHBOARD_ADMIN_USERNAME=$DASHBOARD_ADMIN_USERNAME/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/DASHBOARD_ADMIN_USERNAME=.*/DASHBOARD_ADMIN_USERNAME=$DASHBOARD_ADMIN_USERNAME/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/DASHBOARD_ADMIN_PASSWORD=.*/DASHBOARD_ADMIN_PASSWORD=$DASHBOARD_ADMIN_PASSWORD/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/DASHBOARD_ADMIN_PASSWORD=.*/DASHBOARD_ADMIN_PASSWORD=$DASHBOARD_ADMIN_PASSWORD/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/MINIO_ACCESS_KEY=.*/MINIO_ACCESS_KEY=$MINIO_ACCESS_KEY/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/MINIO_ACCESS_KEY=.*/MINIO_ACCESS_KEY=$MINIO_ACCESS_KEY/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/MINIO_SECRET_KEY=.*/MINIO_SECRET_KEY=$MINIO_SECRET_KEY/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/MINIO_SECRET_KEY=.*/MINIO_SECRET_KEY=$MINIO_SECRET_KEY/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/GRAFANA_ADMIN_USERNAME=.*/GRAFANA_ADMIN_USERNAME=$GRAFANA_ADMIN_USERNAME/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/GRAFANA_ADMIN_USERNAME=.*/GRAFANA_ADMIN_USERNAME=$GRAFANA_ADMIN_USERNAME/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/GRAFANA_ADMIN_PASSWORD=.*/GRAFANA_ADMIN_PASSWORD=$GRAFANA_ADMIN_PASSWORD/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/GRAFANA_ADMIN_PASSWORD=.*/GRAFANA_ADMIN_PASSWORD=$GRAFANA_ADMIN_PASSWORD/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/LIVEKIT_API_KEY=.*/LIVEKIT_API_KEY=$LIVEKIT_API_KEY/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/LIVEKIT_API_KEY=.*/LIVEKIT_API_KEY=$LIVEKIT_API_KEY/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/LIVEKIT_API_SECRET=.*/LIVEKIT_API_SECRET=$LIVEKIT_API_SECRET/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
sed -i "s/LIVEKIT_API_SECRET=.*/LIVEKIT_API_SECRET=$LIVEKIT_API_SECRET/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/MEET_INITIAL_ADMIN_USER=.*/MEET_INITIAL_ADMIN_USER=$MEET_INITIAL_ADMIN_USER/" "$${CONFIG_DIR}/meet.env"
|
||||||
sed -i "s/MEET_INITIAL_ADMIN_USER=.*/MEET_INITIAL_ADMIN_USER=$MEET_INITIAL_ADMIN_USER/" "$${CONFIG_DIR}/meet.env"
|
sed -i "s/MEET_INITIAL_ADMIN_PASSWORD=.*/MEET_INITIAL_ADMIN_PASSWORD=$MEET_INITIAL_ADMIN_PASSWORD/" "$${CONFIG_DIR}/meet.env"
|
||||||
sed -i "s/MEET_INITIAL_ADMIN_PASSWORD=.*/MEET_INITIAL_ADMIN_PASSWORD=$MEET_INITIAL_ADMIN_PASSWORD/" "$${CONFIG_DIR}/meet.env"
|
if [[ "${var.initialMeetApiKey}" != '' ]]; then
|
||||||
if [[ "${var.initialMeetApiKey}" != '' ]]; then
|
|
||||||
sed -i "s/MEET_INITIAL_API_KEY=.*/MEET_INITIAL_API_KEY=$MEET_INITIAL_API_KEY/" "$${CONFIG_DIR}/meet.env"
|
sed -i "s/MEET_INITIAL_API_KEY=.*/MEET_INITIAL_API_KEY=$MEET_INITIAL_API_KEY/" "$${CONFIG_DIR}/meet.env"
|
||||||
fi
|
fi
|
||||||
sed -i "s/ENABLED_MODULES=.*/ENABLED_MODULES=$ENABLED_MODULES/" "$${CONFIG_DIR}/openvidu.env"
|
sed -i "s/ENABLED_MODULES=.*/ENABLED_MODULES=$ENABLED_MODULES/" "$${CONFIG_DIR}/openvidu.env"
|
||||||
|
|
||||||
|
# Update URLs in secret
|
||||||
|
OPENVIDU_URL="https://$${DOMAIN}/"
|
||||||
|
LIVEKIT_URL="wss://$${DOMAIN}/"
|
||||||
|
DASHBOARD_URL="https://$${DOMAIN}/dashboard/"
|
||||||
|
GRAFANA_URL="https://$${DOMAIN}/grafana/"
|
||||||
|
MINIO_URL="https://$${DOMAIN}/minio-console/"
|
||||||
|
|
||||||
# Update URLs in secret
|
# Update shared secret
|
||||||
OPENVIDU_URL="https://$${DOMAIN}/"
|
echo -n "$DOMAIN" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
||||||
LIVEKIT_URL="wss://$${DOMAIN}/"
|
echo -n "$OPENVIDU_URL" | gcloud secrets versions add OPENVIDU_URL --data-file=-
|
||||||
DASHBOARD_URL="https://$${DOMAIN}/dashboard/"
|
echo -n "$LIVEKIT_URL" | gcloud secrets versions add LIVEKIT_URL --data-file=-
|
||||||
GRAFANA_URL="https://$${DOMAIN}/grafana/"
|
echo -n "$DASHBOARD_URL" | gcloud secrets versions add DASHBOARD_URL --data-file=-
|
||||||
MINIO_URL="https://$${DOMAIN}/minio-console/"
|
echo -n "$GRAFANA_URL" | gcloud secrets versions add GRAFANA_URL --data-file=-
|
||||||
|
echo -n "$MINIO_URL" | gcloud secrets versions add MINIO_URL --data-file=-
|
||||||
# Update shared secret
|
EOF
|
||||||
echo -n "$DOMAIN" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
|
||||||
echo -n "$OPENVIDU_URL" | gcloud secrets versions add OPENVIDU_URL --data-file=-
|
|
||||||
echo -n "$LIVEKIT_URL" | gcloud secrets versions add LIVEKIT_URL --
|
|
||||||
echo -n "$DASHBOARD_URL" | gcloud secrets versions add DASHBOARD_URL --data-file=-
|
|
||||||
echo -n "$GRAFANA_URL" | gcloud secrets versions add GRAFANA_URL --data-file=-
|
|
||||||
echo -n "$MINIO_URL" | gcloud secrets versions add MINIO_URL --data-file=-
|
|
||||||
EOF
|
|
||||||
|
|
||||||
update_secret_from_config_script = <<-EOF
|
update_secret_from_config_script = <<-EOF
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# Configure gcloud with instance service account
|
# Configure gcloud with instance service account
|
||||||
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
||||||
|
|
||||||
# Installation directory
|
# Installation directory
|
||||||
INSTALL_DIR="/opt/openvidu"
|
INSTALL_DIR="/opt/openvidu"
|
||||||
CONFIG_DIR="$${INSTALL_DIR}/config"
|
CONFIG_DIR="$${INSTALL_DIR}/config"
|
||||||
|
|
||||||
# Get current values of the config
|
# Get current values of the config
|
||||||
REDIS_PASSWORD="$(/usr/local/bin/get_value_from_config.sh REDIS_PASSWORD "$${CONFIG_DIR}/openvidu.env")"
|
REDIS_PASSWORD="$(/usr/local/bin/get_value_from_config.sh REDIS_PASSWORD "$${CONFIG_DIR}/openvidu.env")"
|
||||||
DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh DOMAIN_NAME "$${CONFIG_DIR}/openvidu.env")"
|
DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh DOMAIN_NAME "$${CONFIG_DIR}/openvidu.env")"
|
||||||
LIVEKIT_TURN_DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_TURN_DOMAIN_NAME "$${CONFIG_DIR}/openvidu.env")"
|
LIVEKIT_TURN_DOMAIN_NAME="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_TURN_DOMAIN_NAME "$${CONFIG_DIR}/openvidu.env")"
|
||||||
MONGO_ADMIN_USERNAME="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_USERNAME "$${CONFIG_DIR}/openvidu.env")"
|
MONGO_ADMIN_USERNAME="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_USERNAME "$${CONFIG_DIR}/openvidu.env")"
|
||||||
MONGO_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_PASSWORD "$${CONFIG_DIR}/openvidu.env")"
|
MONGO_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh MONGO_ADMIN_PASSWORD "$${CONFIG_DIR}/openvidu.env")"
|
||||||
MONGO_REPLICA_SET_KEY="$(/usr/local/bin/get_value_from_config.sh MONGO_REPLICA_SET_KEY "$${CONFIG_DIR}/openvidu.env")"
|
MONGO_REPLICA_SET_KEY="$(/usr/local/bin/get_value_from_config.sh MONGO_REPLICA_SET_KEY "$${CONFIG_DIR}/openvidu.env")"
|
||||||
MINIO_ACCESS_KEY="$(/usr/local/bin/get_value_from_config.sh MINIO_ACCESS_KEY "$${CONFIG_DIR}/openvidu.env")"
|
MINIO_ACCESS_KEY="$(/usr/local/bin/get_value_from_config.sh MINIO_ACCESS_KEY "$${CONFIG_DIR}/openvidu.env")"
|
||||||
MINIO_SECRET_KEY="$(/usr/local/bin/get_value_from_config.sh MINIO_SECRET_KEY "$${CONFIG_DIR}/openvidu.env")"
|
MINIO_SECRET_KEY="$(/usr/local/bin/get_value_from_config.sh MINIO_SECRET_KEY "$${CONFIG_DIR}/openvidu.env")"
|
||||||
DASHBOARD_ADMIN_USERNAME="$(/usr/local/bin/get_value_from_config.sh DASHBOARD_ADMIN_USERNAME "$${CONFIG_DIR}/openvidu.env")"
|
DASHBOARD_ADMIN_USERNAME="$(/usr/local/bin/get_value_from_config.sh DASHBOARD_ADMIN_USERNAME "$${CONFIG_DIR}/openvidu.env")"
|
||||||
DASHBOARD_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh DASHBOARD_ADMIN_PASSWORD "$${CONFIG_DIR}/openvidu.env")"
|
DASHBOARD_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh DASHBOARD_ADMIN_PASSWORD "$${CONFIG_DIR}/openvidu.env")"
|
||||||
GRAFANA_ADMIN_USERNAME="$(/usr/local/bin/get_value_from_config.sh GRAFANA_ADMIN_USERNAME "$${CONFIG_DIR}/openvidu.env")"
|
GRAFANA_ADMIN_USERNAME="$(/usr/local/bin/get_value_from_config.sh GRAFANA_ADMIN_USERNAME "$${CONFIG_DIR}/openvidu.env")"
|
||||||
GRAFANA_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh GRAFANA_ADMIN_PASSWORD "$${CONFIG_DIR}/openvidu.env")"
|
GRAFANA_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh GRAFANA_ADMIN_PASSWORD "$${CONFIG_DIR}/openvidu.env")"
|
||||||
LIVEKIT_API_KEY="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_API_KEY "$${CONFIG_DIR}/openvidu.env")"
|
LIVEKIT_API_KEY="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_API_KEY "$${CONFIG_DIR}/openvidu.env")"
|
||||||
LIVEKIT_API_SECRET="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_API_SECRET "$${CONFIG_DIR}/openvidu.env")"
|
LIVEKIT_API_SECRET="$(/usr/local/bin/get_value_from_config.sh LIVEKIT_API_SECRET "$${CONFIG_DIR}/openvidu.env")"
|
||||||
MEET_INITIAL_ADMIN_USER="$(/usr/local/bin/get_value_from_config.sh MEET_INITIAL_ADMIN_USER "$${CONFIG_DIR}/meet.env")"
|
MEET_INITIAL_ADMIN_USER="$(/usr/local/bin/get_value_from_config.sh MEET_INITIAL_ADMIN_USER "$${CONFIG_DIR}/meet.env")"
|
||||||
MEET_INITIAL_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh MEET_INITIAL_ADMIN_PASSWORD "$${CONFIG_DIR}/meet.env")"
|
MEET_INITIAL_ADMIN_PASSWORD="$(/usr/local/bin/get_value_from_config.sh MEET_INITIAL_ADMIN_PASSWORD "$${CONFIG_DIR}/meet.env")"
|
||||||
if [[ "${var.initialMeetApiKey}" != '' ]]; then
|
if [[ "${var.initialMeetApiKey}" != '' ]]; then
|
||||||
MEET_INITIAL_API_KEY="$(/usr/local/bin/get_value_from_config.sh MEET_INITIAL_API_KEY "$${CONFIG_DIR}/meet.env")"
|
MEET_INITIAL_API_KEY="$(/usr/local/bin/get_value_from_config.sh MEET_INITIAL_API_KEY "$${CONFIG_DIR}/meet.env")"
|
||||||
fi
|
fi
|
||||||
ENABLED_MODULES="$(/usr/local/bin/get_value_from_config.sh ENABLED_MODULES "$${CONFIG_DIR}/openvidu.env")"
|
ENABLED_MODULES="$(/usr/local/bin/get_value_from_config.sh ENABLED_MODULES "$${CONFIG_DIR}/openvidu.env")"
|
||||||
|
|
||||||
|
# Update shared secret
|
||||||
# Update shared secret
|
echo -n "$REDIS_PASSWORD" | gcloud secrets versions add REDIS_PASSWORD --data-file=-
|
||||||
echo -n "$REDIS_PASSWORD" | gcloud secrets versions add REDIS_PASSWORD --data-file=-
|
echo -n "$DOMAIN_NAME" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
||||||
echo -n "$DOMAIN_NAME" | gcloud secrets versions add DOMAIN_NAME --data-file=-
|
echo -n "$LIVEKIT_TURN_DOMAIN_NAME" | gcloud secrets versions add LIVEKIT_TURN_DOMAIN_NAME --data-file=-
|
||||||
echo -n "$LIVEKIT_TURN_DOMAIN_NAME" | gcloud secrets versions add LIVEKIT_TURN_DOMAIN_NAME --data-file=-
|
echo -n "$MONGO_ADMIN_USERNAME" | gcloud secrets versions add MONGO_ADMIN_USERNAME --data-file=-
|
||||||
echo -n "$MONGO_ADMIN_USERNAME" | gcloud secrets versions add MONGO_ADMIN_USERNAME --data-file=-
|
echo -n "$MONGO_ADMIN_PASSWORD" | gcloud secrets versions add MONGO_ADMIN_PASSWORD --data-file=-
|
||||||
echo -n "$MONGO_ADMIN_PASSWORD" | gcloud secrets versions add MONGO_ADMIN_PASSWORD --data-file=-
|
echo -n "$MONGO_REPLICA_SET_KEY" | gcloud secrets versions add MONGO_REPLICA_SET_KEY --data-file=-
|
||||||
echo -n "$MONGO_REPLICA_SET_KEY" | gcloud secrets versions add MONGO_REPLICA_SET_KEY --data-file=-
|
echo -n "$MINIO_ACCESS_KEY" | gcloud secrets versions add MINIO_ACCESS_KEY --data-file=-
|
||||||
echo -n "$MINIO_ACCESS_KEY" | gcloud secrets versions add MINIO_ACCESS_KEY --data-file=-
|
echo -n "$MINIO_SECRET_KEY" | gcloud secrets versions add MINIO_SECRET_KEY --data-file=-
|
||||||
echo -n "$MINIO_SECRET_KEY" | gcloud secrets versions add MINIO_SECRET_KEY --data-file=-
|
echo -n "$DASHBOARD_ADMIN_USERNAME" | gcloud secrets versions add DASHBOARD_ADMIN_USERNAME --data-file=-
|
||||||
echo -n "$DASHBOARD_ADMIN_USERNAME" | gcloud secrets versions add DASHBOARD_ADMIN_USERNAME --data-file=-
|
echo -n "$DASHBOARD_ADMIN_PASSWORD" | gcloud secrets versions add DASHBOARD_ADMIN_PASSWORD --data-file=-
|
||||||
echo -n "$DASHBOARD_ADMIN_PASSWORD" | gcloud secrets versions add DASHBOARD_ADMIN_PASSWORD --data-file=-
|
echo -n "$GRAFANA_ADMIN_USERNAME" | gcloud secrets versions add GRAFANA_ADMIN_USERNAME --data-file=-
|
||||||
echo -n "$GRAFANA_ADMIN_USERNAME" | gcloud secrets versions add GRAFANA_ADMIN_USERNAME --data-file=-
|
echo -n "$GRAFANA_ADMIN_PASSWORD" | gcloud secrets versions add GRAFANA_ADMIN_PASSWORD --data-file=-
|
||||||
echo -n "$GRAFANA_ADMIN_PASSWORD" | gcloud secrets versions add GRAFANA_ADMIN_PASSWORD --data-file=-
|
echo -n "$LIVEKIT_API_KEY" | gcloud secrets versions add LIVEKIT_API_KEY --data-file=-
|
||||||
echo -n "$LIVEKIT_API_KEY" | gcloud secrets versions add LIVEKIT_API_KEY --data-file=-
|
echo -n "$LIVEKIT_API_SECRET" | gcloud secrets versions add LIVEKIT_API_SECRET --data-file=-
|
||||||
echo -n "$LIVEKIT_API_SECRET" | gcloud secrets versions add LIVEKIT_API_SECRET --data-file=-
|
echo -n "$MEET_INITIAL_ADMIN_USER" | gcloud secrets versions add MEET_INITIAL_ADMIN_USER --data-file=-
|
||||||
echo -n "$MEET_INITIAL_ADMIN_USER" | gcloud secrets versions add MEET_INITIAL_ADMIN_USER --data-file=-
|
echo -n "$MEET_INITIAL_ADMIN_PASSWORD" | gcloud secrets versions add MEET_INITIAL_ADMIN_PASSWORD --data-file=-
|
||||||
echo -n "$MEET_INITIAL_ADMIN_PASSWORD" | gcloud secrets versions add MEET_INITIAL_ADMIN_PASSWORD --data-file=-
|
if [[ "${var.initialMeetApiKey}" != '' ]]; then
|
||||||
if [[ "${var.initialMeetApiKey}" != '' ]]; then
|
|
||||||
echo -n "$MEET_INITIAL_API_KEY" | gcloud secrets versions add MEET_INITIAL_API_KEY --data-file=-
|
echo -n "$MEET_INITIAL_API_KEY" | gcloud secrets versions add MEET_INITIAL_API_KEY --data-file=-
|
||||||
fi
|
fi
|
||||||
echo -n "$ENABLED_MODULES" | gcloud secrets versions add ENABLED_MODULES --data-file=-
|
echo -n "$ENABLED_MODULES" | gcloud secrets versions add ENABLED_MODULES --data-file=-
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
get_value_from_config_script = <<-EOF
|
get_value_from_config_script = <<-EOF
|
||||||
#!/bin/bash -x
|
#!/bin/bash -x
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# Function to get the value of a given key from the environment file
|
# Function to get the value of a given key from the environment file
|
||||||
get_value() {
|
get_value() {
|
||||||
local key="$1"
|
local key="$1"
|
||||||
local file_path="$2"
|
local file_path="$2"
|
||||||
|
|
||||||
# Use grep to find the line with the key, ignoring lines starting with #
|
# Use grep to find the line with the key, ignoring lines starting with #
|
||||||
# Use awk to split on '=' and print the second field, which is the value
|
# Use awk to split on '=' and print the second field, which is the value
|
||||||
local value=$(grep -E "^\s*$key\s*=" "$file_path" | awk -F= '{print $2}' | sed 's/#.*//; s/^\s*//; s/\s*$//')
|
local value=$(grep -E "^\s*$key\s*=" "$file_path" | awk -F= '{print $2}' | sed 's/#.*//; s/^\s*//; s/\s*$//')
|
||||||
|
|
||||||
# If the value is empty, return "none"
|
# If the value is empty, return "none"
|
||||||
if [ -z "$value" ]; then
|
if [ -z "$value" ]; then
|
||||||
echo "none"
|
echo "none"
|
||||||
else
|
else
|
||||||
echo "$value"
|
echo "$value"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check if the correct number of arguments are supplied
|
# Check if the correct number of arguments are supplied
|
||||||
if [ "$#" -ne 2 ]; then
|
if [ "$#" -ne 2 ]; then
|
||||||
echo "Usage: $0 <key> <file_path>"
|
echo "Usage: $0 <key> <file_path>"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Get the key and file path from the arguments
|
# Get the key and file path from the arguments
|
||||||
key="$1"
|
key="$1"
|
||||||
file_path="$2"
|
file_path="$2"
|
||||||
|
|
||||||
# Get and print the value
|
# Get and print the value
|
||||||
get_value "$key" "$file_path"
|
get_value "$key" "$file_path"
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
store_secret_script = <<-EOF
|
store_secret_script = <<-EOF
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
# Authenticate using instance service account
|
# Authenticate using instance service account
|
||||||
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
gcloud auth activate-service-account --key-file=/dev/null 2>/dev/null || true
|
||||||
|
|
||||||
# Modes: save, generate
|
# Modes: save, generate
|
||||||
# save mode: save the secret in the secret manager
|
# save mode: save the secret in the secret manager
|
||||||
# generate mode: generate a random password and save it in the secret manager
|
# generate mode: generate a random password and save it in the secret manager
|
||||||
MODE="$1"
|
MODE="$1"
|
||||||
|
if [[ "$MODE" == "generate" ]]; then
|
||||||
if [[ "$MODE" == "generate" ]]; then
|
|
||||||
SECRET_KEY_NAME="$2"
|
SECRET_KEY_NAME="$2"
|
||||||
PREFIX="$${3:-}"
|
PREFIX="$${3:-}"
|
||||||
LENGTH="$${4:-44}"
|
LENGTH="$${4:-44}"
|
||||||
|
|
@ -590,7 +575,7 @@ locals {
|
||||||
echo "Error generating secret"
|
echo "Error generating secret"
|
||||||
fi
|
fi
|
||||||
echo "$RANDOM_PASSWORD"
|
echo "$RANDOM_PASSWORD"
|
||||||
elif [[ "$MODE" == "save" ]]; then
|
elif [[ "$MODE" == "save" ]]; then
|
||||||
SECRET_KEY_NAME="$2"
|
SECRET_KEY_NAME="$2"
|
||||||
SECRET_VALUE="$3"
|
SECRET_VALUE="$3"
|
||||||
echo -n "$SECRET_VALUE" | gcloud secrets versions add $SECRET_KEY_NAME --data-file=-
|
echo -n "$SECRET_VALUE" | gcloud secrets versions add $SECRET_KEY_NAME --data-file=-
|
||||||
|
|
@ -598,97 +583,100 @@ locals {
|
||||||
echo "Error generating secret"
|
echo "Error generating secret"
|
||||||
fi
|
fi
|
||||||
echo "$SECRET_VALUE"
|
echo "$SECRET_VALUE"
|
||||||
else
|
else
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
check_app_ready_script = <<-EOF
|
check_app_ready_script = <<-EOF
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
while true; do
|
while true; do
|
||||||
HTTP_STATUS=$(curl -Ik http://localhost:7880 | head -n1 | awk '{print $2}')
|
HTTP_STATUS=$(curl -Ik http://localhost:7880 | head -n1 | awk '{print $2}')
|
||||||
if [ $HTTP_STATUS == 200 ]; then
|
if [ $HTTP_STATUS == 200 ]; then
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
restart_script = <<-EOF
|
restart_script = <<-EOF
|
||||||
#!/bin/bash -x
|
#!/bin/bash -x
|
||||||
set -e
|
set -e
|
||||||
# Stop all services
|
|
||||||
systemctl stop openvidu
|
|
||||||
|
|
||||||
# Update config from secret
|
# Stop all services
|
||||||
/usr/local/bin/update_config_from_secret.sh
|
systemctl stop openvidu
|
||||||
|
|
||||||
# Start all services
|
# Update config from secret
|
||||||
systemctl start openvidu
|
/usr/local/bin/update_config_from_secret.sh
|
||||||
EOF
|
|
||||||
|
# Start all services
|
||||||
|
systemctl start openvidu
|
||||||
|
EOF
|
||||||
|
|
||||||
user_data = <<-EOF
|
user_data = <<-EOF
|
||||||
#!/bin/bash -x
|
#!/bin/bash -x
|
||||||
set -eu -o pipefail
|
set -eu -o pipefail
|
||||||
|
|
||||||
# Check if installation already completed
|
# restart.sh
|
||||||
if cat /tmp/openvidu_install_counter.txt > /dev/null 2>&1; then
|
cat > /usr/local/bin/restart.sh << 'RESTART_EOF'
|
||||||
# restart.sh
|
${local.restart_script}
|
||||||
cat > /usr/local/bin/restart.sh << 'RESTART_EOF'
|
RESTART_EOF
|
||||||
${local.restart_script}
|
chmod +x /usr/local/bin/restart.sh
|
||||||
RESTART_EOF
|
|
||||||
chmod +x /usr/local/bin/restart.sh
|
# Check if installation already completed
|
||||||
|
if [ -f /usr/local/bin/openvidu_install_counter.txt ]; then
|
||||||
# Launch on reboot
|
# Launch on reboot
|
||||||
/usr/local/bin/restart.sh || { echo "[OpenVidu] error restarting OpenVidu"; exit 1; }
|
/usr/local/bin/restart.sh || { echo "[OpenVidu] error restarting OpenVidu"; exit 1; }
|
||||||
else
|
else
|
||||||
# install.sh
|
# install.sh
|
||||||
cat > /usr/local/bin/install.sh << 'INSTALL_EOF'
|
cat > /usr/local/bin/install.sh << 'INSTALL_EOF'
|
||||||
${local.install_script}
|
${local.install_script}
|
||||||
INSTALL_EOF
|
INSTALL_EOF
|
||||||
chmod +x /usr/local/bin/install.sh
|
chmod +x /usr/local/bin/install.sh
|
||||||
|
|
||||||
# after_install.sh
|
# after_install.sh
|
||||||
cat > /usr/local/bin/after_install.sh << 'AFTER_INSTALL_EOF'
|
cat > /usr/local/bin/after_install.sh << 'AFTER_INSTALL_EOF'
|
||||||
${local.after_install_script}
|
${local.after_install_script}
|
||||||
AFTER_INSTALL_EOF
|
AFTER_INSTALL_EOF
|
||||||
chmod +x /usr/local/bin/after_install.sh
|
chmod +x /usr/local/bin/after_install.sh
|
||||||
|
|
||||||
# update_config_from_secret.sh
|
# update_config_from_secret.sh
|
||||||
cat > /usr/local/bin/update_config_from_secret.sh << 'UPDATE_CONFIG_EOF'
|
cat > /usr/local/bin/update_config_from_secret.sh << 'UPDATE_CONFIG_EOF'
|
||||||
${local.update_config_from_secret_script}
|
${local.update_config_from_secret_script}
|
||||||
UPDATE_CONFIG_EOF
|
UPDATE_CONFIG_EOF
|
||||||
chmod +x /usr/local/bin/update_config_from_secret.sh
|
chmod +x /usr/local/bin/update_config_from_secret.sh
|
||||||
|
|
||||||
# update_secret_from_config.sh
|
# update_secret_from_config.sh
|
||||||
cat > /usr/local/bin/update_secret_from_config.sh << 'UPDATE_SECRET_EOF'
|
cat > /usr/local/bin/update_secret_from_config.sh << 'UPDATE_SECRET_EOF'
|
||||||
${local.update_secret_from_config_script}
|
${local.update_secret_from_config_script}
|
||||||
UPDATE_SECRET_EOF
|
UPDATE_SECRET_EOF
|
||||||
chmod +x /usr/local/bin/update_secret_from_config.sh
|
chmod +x /usr/local/bin/update_secret_from_config.sh
|
||||||
|
|
||||||
# get_value_from_config.sh
|
# get_value_from_config.sh
|
||||||
cat > /usr/local/bin/get_value_from_config.sh << 'GET_VALUE_EOF'
|
cat > /usr/local/bin/get_value_from_config.sh << 'GET_VALUE_EOF'
|
||||||
${local.get_value_from_config_script}
|
${local.get_value_from_config_script}
|
||||||
GET_VALUE_EOF
|
GET_VALUE_EOF
|
||||||
chmod +x /usr/local/bin/get_value_from_config.sh
|
chmod +x /usr/local/bin/get_value_from_config.sh
|
||||||
|
|
||||||
# store_secret.sh
|
# store_secret.sh
|
||||||
cat > /usr/local/bin/store_secret.sh << 'STORE_SECRET_EOF'
|
cat > /usr/local/bin/store_secret.sh << 'STORE_SECRET_EOF'
|
||||||
${local.store_secret_script}
|
${local.store_secret_script}
|
||||||
STORE_SECRET_EOF
|
STORE_SECRET_EOF
|
||||||
chmod +x /usr/local/bin/store_secret.sh
|
chmod +x /usr/local/bin/store_secret.sh
|
||||||
|
|
||||||
# check_app_ready.sh
|
# check_app_ready.sh
|
||||||
cat > /usr/local/bin/check_app_ready.sh << 'CHECK_APP_EOF'
|
cat > /usr/local/bin/check_app_ready.sh << 'CHECK_APP_EOF'
|
||||||
${local.check_app_ready_script}
|
${local.check_app_ready_script}
|
||||||
CHECK_APP_EOF
|
CHECK_APP_EOF
|
||||||
chmod +x /usr/local/bin/check_app_ready.sh
|
chmod +x /usr/local/bin/check_app_ready.sh
|
||||||
|
|
||||||
# config_s3.sh
|
# config_s3.sh
|
||||||
cat > /usr/local/bin/config_s3.sh << 'CONFIG_S3_EOF'
|
cat > /usr/local/bin/config_s3.sh << 'CONFIG_S3_EOF'
|
||||||
${local.config_s3_script}
|
${local.config_s3_script}
|
||||||
CONFIG_S3_EOF
|
CONFIG_S3_EOF
|
||||||
chmod +x /usr/local/bin/config_s3.sh
|
chmod +x /usr/local/bin/config_s3.sh
|
||||||
|
|
||||||
|
|
||||||
apt-get update && apt-get install -y
|
apt-get update && apt-get install -y
|
||||||
|
|
||||||
# Install google cli
|
# Install google cli
|
||||||
|
|
@ -717,12 +705,15 @@ locals {
|
||||||
# Update shared secret
|
# Update shared secret
|
||||||
/usr/local/bin/after_install.sh || { echo "[OpenVidu] error updating shared secret"; exit 1; }
|
/usr/local/bin/after_install.sh || { echo "[OpenVidu] error updating shared secret"; exit 1; }
|
||||||
|
|
||||||
# Mark installation as complete
|
# restart.sh
|
||||||
echo "installation_complete" > /tmp/openvidu_install_counter.txt
|
echo "@reboot /usr/local/bin/restart.sh >> /var/log/openvidu-restart.log" 2>&1 | crontab
|
||||||
fi
|
|
||||||
|
|
||||||
# Wait for the app
|
# Mark installation as complete
|
||||||
/usr/local/bin/check_app_ready.sh
|
echo "installation_complete" > /usr/local/bin/openvidu_install_counter.txt
|
||||||
EOF
|
fi
|
||||||
|
|
||||||
|
# Wait for the app
|
||||||
|
/usr/local/bin/check_app_ready.sh
|
||||||
|
EOF
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue