pdcastro · July 26, 2021 01:51
diff --git a/provision_local_machine.sh b/provision_local_machine.sh
 #!/usr/bin/env bash

 # Provision an Ubuntu or similar system as an openBalena "local machine"
 # Tested with Ubuntu 20.04 LTS

 set -eo pipefail # quit this script on errors

 CERT_PATH="/usr/local/share/ca-certificates/openbalena.crt"
 INSTALL_DIR="/opt"
 CLI_BIN_PATH="/usr/local/bin/balena"
 CLI_DIR="${INSTALL_DIR}/balena-cli"
 CLI_CONFIG=~/.balenarc.yml

 if [ `whoami` != root ]; then
  echo "This script must be executed as the root user (e.g. using 'sudo'). Aborting."
  exit 1
 fi

 if [ -z "${OB_DOMAIN}" ]; then
   echo 'OB_DOMAIN not set. Aborting.'
   exit 1
 fi

 if [[ "${OB_DOMAIN}" = *.local ]]; then
  cat <<EOF
 Using a '.local' domain name (${OB_DOMAIN}) for openBalena is known to cause
 name resolution problems on some systems. Also, some balena CLI commands treat
 '.local' hostnames as an indicator of a local device. For these reasons, this
 script will insist that a different domain name is used. For testing purposes,
 it may not have to be a real domain name though. You could try a dummy domain
 name like 'open.balena'.
 Aborting.
 EOF
  exit 1
 fi

 if [ -z "${OB_SERVER_IP}" ]; then
  cat <<EOF
 OB_SERVER_IP environment variable must be set. If you have setup proper CNAME
 records, please set this variable to 'skip'. Otherwise, set it to the IP address
 of the openBalena server, and this script will update '/etc/hosts' for local name
 resolution on this machine.
 EOF
  exit 1
 fi

 if [ ! -r "${CERT_PATH}" ]; then
  cat <<EOF
 '${CERT_PATH}' file not found or not readable. Aborting.
 Please copy and rename the openBalena server's 'ca.crt' file to that location.
 Hint: on the openBalena server, the file is typically found at:
 '/home/balena/open-balena/config/certs/root/ca.crt'
 EOF
   exit 1
 fi

 echo
 echo "Installing dependencies..."
 apt-get update && apt-get install -qy curl unzip docker.io

 echo
 if [ -z "${SUDO_USER}" ]; then
  echo "SUDO_USER env var not set: skipping adding user to docker group"
 else
  echo "Adding current user '${SUDO_USER}' to 'docker' and 'sudo' groups..."
  usermod -aG sudo "${SUDO_USER}"
  usermod -aG docker "${SUDO_USER}"
 fi

 echo
 echo "Installing the balena CLI to ${CLI_DIR}..."
 mkdir -p "${INSTALL_DIR}"
 cd "${INSTALL_DIR}"

 CLI_VERSION=$(curl -sSL https://github.com/balena-io/balena-cli/releases/latest | sed -En 's/.*balena-cli-(v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})-linux-x64-standalone\.zip.*/\1/p' | head -1)
 CLI_ZIP_FILE="balena-cli-${CLI_VERSION}-linux-x64-standalone.zip"

 echo
 echo "Downloading CLI version ${CLI_VERSION}..."

 if [ ! -e "${CLI_ZIP_FILE}" ]; then
  curl -LO "https://github.com/balena-io/balena-cli/releases/download/${CLI_VERSION}/${CLI_ZIP_FILE}"
 fi
 unzip -o "${CLI_ZIP_FILE}"

 rm -f "${CLI_BIN_PATH}"
 cat >"${CLI_BIN_PATH}" <<EOF
 #!/usr/bin/env sh
 export NODE_EXTRA_CA_CERTS=\${NODE_EXTRA_CA_CERTS:-"${CERT_PATH}"}
 "${CLI_DIR}"/balena "\$@"
 EOF
 chmod +x "${CLI_BIN_PATH}"

 echo
 if [ -e "${CLI_CONFIG}" ]; then
  echo "'${CLI_CONFIG}' exists - leaving it alone"
 else
  echo "Setting balenaUrl to '${OB_DOMAIN}' in '${CLI_CONFIG}'"
  echo "balenaUrl: '${OB_DOMAIN}'" > "${CLI_CONFIG}"
 fi

 echo
 echo "Updating certificates..."
 echo "Using '${CERT_PATH}' as the openBalena CA certificate"
 chmod +r "${CERT_PATH}"
 update-ca-certificates

 echo
 echo "Restarting Docker to take new certificates into account..."
 systemctl restart docker

 if [ -n "${OB_SERVER_IP}" -a "${OB_SERVER_IP}" != "skip" ]; then
  echo
  echo "Updating /etc/hosts..."
  cat <<EOF
 Please note that this script is not yet smart enough to update existing
 entries in '/etc/hosts', and will simply append new entries at the bottom.
 You may need to tidy it up manually - sorry!
 EOF
  cat >>/etc/hosts <<EOF
 ${OB_SERVER_IP}  api.open.balena
 ${OB_SERVER_IP}  registry.open.balena
 ${OB_SERVER_IP}  s3.open.balena
 ${OB_SERVER_IP}  tunnel.open.balena
 ${OB_SERVER_IP}  vpn.open.balena
 EOF
 fi

 echo
 echo "All done!"
diff --git a/provision_server.sh b/provision_server.sh
 #!/usr/bin/env bash

 # Provision an Ubuntu or similar system as an openBalena server
 # Tested with Ubuntu 20.04 LTS

 set -eo pipefail # quit this script on errors

 DOCKER_COMPOSE="/usr/local/bin/docker-compose"

 if [[ -z "${OB_EMAIL}" || -z "${OB_PASSWORD}" || -z "${OB_DOMAIN}" ]]; then
   echo 'OB_EMAIL, OB_PASSWORD or OB_DOMAIN env vars not set. Aborting.'
   exit 1
 fi

 if [[ "${OB_DOMAIN}" = *.local ]]; then
  cat <<EOF
 Using a '.local' domain name (${OB_DOMAIN}) for openBalena is known to cause
 name resolution problems on some systems. Also, some balena CLI commands treat
 '.local' hostnames as an indicator of a local device. For these reasons, this
 script will insist that a different domain name is used. For testing purposes,
 it may not have to be a real domain name though. You could try a dummy domain
 name like 'open.balena'.
 Aborting.
 EOF
  exit 1
 fi

 if [ `whoami` != root ]; then
  echo "This script must be executed as the root user (e.g. using 'sudo'). Aborting."
  exit 1
 fi

 echo
 echo "Installing dependencies..."
 apt-get update && apt-get install -qy build-essential git docker.io libssl-dev nodejs

 if [[ ! -e "${DOCKER_COMPOSE}" ]]; then
  curl -L https://github.com/docker/compose/releases/download/1.27.4/docker-compose-Linux-x86_64 -o "${DOCKER_COMPOSE}"
  chmod +x "${DOCKER_COMPOSE}"
 fi

 echo
 echo "Starting Docker..."
 systemctl start docker

 echo
 echo "Creating 'balena' user account..."
 adduser --disabled-password --gecos "" balena || true
 usermod -aG sudo balena
 usermod -aG docker balena

 echo
 echo "Installing openBalena..."
 cd /home/balena
 sudo -u balena git clone https://github.com/balena-io/open-balena.git
 cd /home/balena/open-balena
 sudo -u balena /home/balena/open-balena/scripts/quickstart -U "${OB_EMAIL}" -P "${OB_PASSWORD}" -d "${OB_DOMAIN}"

 echo 'All done. To start openBalena, run:'
 echo 'sudo su - balena'
 echo '/home/balena/open-balena/scripts/compose up -d'
	#!/usr/bin/env bash

	# Provision an Ubuntu or similar system as an openBalena "local machine"
	# Tested with Ubuntu 20.04 LTS

	set -eo pipefail # quit this script on errors

	CERT_PATH="/usr/local/share/ca-certificates/openbalena.crt"
	INSTALL_DIR="/opt"
	CLI_BIN_PATH="/usr/local/bin/balena"
	CLI_DIR="${INSTALL_DIR}/balena-cli"
	CLI_CONFIG=~/.balenarc.yml

	if [ `whoami` != root ]; then
	echo "This script must be executed as the root user (e.g. using 'sudo'). Aborting."
	exit 1
	fi

	if [ -z "${OB_DOMAIN}" ]; then
	echo 'OB_DOMAIN not set. Aborting.'
	exit 1
	fi

	if [[ "${OB_DOMAIN}" = *.local ]]; then
	cat <<EOF
	Using a '.local' domain name (${OB_DOMAIN}) for openBalena is known to cause
	name resolution problems on some systems. Also, some balena CLI commands treat
	'.local' hostnames as an indicator of a local device. For these reasons, this
	script will insist that a different domain name is used. For testing purposes,
	it may not have to be a real domain name though. You could try a dummy domain
	name like 'open.balena'.
	Aborting.
	EOF
	exit 1
	fi

	if [ -z "${OB_SERVER_IP}" ]; then
	cat <<EOF
	OB_SERVER_IP environment variable must be set. If you have setup proper CNAME
	records, please set this variable to 'skip'. Otherwise, set it to the IP address
	of the openBalena server, and this script will update '/etc/hosts' for local name
	resolution on this machine.
	EOF
	exit 1
	fi

	if [ ! -r "${CERT_PATH}" ]; then
	cat <<EOF
	'${CERT_PATH}' file not found or not readable. Aborting.
	Please copy and rename the openBalena server's 'ca.crt' file to that location.
	Hint: on the openBalena server, the file is typically found at:
	'/home/balena/open-balena/config/certs/root/ca.crt'
	EOF
	exit 1
	fi

	echo
	echo "Installing dependencies..."
	apt-get update && apt-get install -qy curl unzip docker.io

	echo
	if [ -z "${SUDO_USER}" ]; then
	echo "SUDO_USER env var not set: skipping adding user to docker group"
	else
	echo "Adding current user '${SUDO_USER}' to 'docker' and 'sudo' groups..."
	usermod -aG sudo "${SUDO_USER}"
	usermod -aG docker "${SUDO_USER}"
	fi

	echo
	echo "Installing the balena CLI to ${CLI_DIR}..."
	mkdir -p "${INSTALL_DIR}"
	cd "${INSTALL_DIR}"

	CLI_VERSION=$(curl -sSL https://github.com/balena-io/balena-cli/releases/latest \| sed -En 's/.balena-cli-(v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})-linux-x64-standalone\.zip./\1/p' \| head -1)
	CLI_ZIP_FILE="balena-cli-${CLI_VERSION}-linux-x64-standalone.zip"

	echo
	echo "Downloading CLI version ${CLI_VERSION}..."

	if [ ! -e "${CLI_ZIP_FILE}" ]; then
	curl -LO "https://github.com/balena-io/balena-cli/releases/download/${CLI_VERSION}/${CLI_ZIP_FILE}"
	fi
	unzip -o "${CLI_ZIP_FILE}"

	rm -f "${CLI_BIN_PATH}"
	cat >"${CLI_BIN_PATH}" <<EOF
	#!/usr/bin/env sh
	export NODE_EXTRA_CA_CERTS=\${NODE_EXTRA_CA_CERTS:-"${CERT_PATH}"}
	"${CLI_DIR}"/balena "\$@"
	EOF
	chmod +x "${CLI_BIN_PATH}"

	echo
	if [ -e "${CLI_CONFIG}" ]; then
	echo "'${CLI_CONFIG}' exists - leaving it alone"
	else
	echo "Setting balenaUrl to '${OB_DOMAIN}' in '${CLI_CONFIG}'"
	echo "balenaUrl: '${OB_DOMAIN}'" > "${CLI_CONFIG}"
	fi

	echo
	echo "Updating certificates..."
	echo "Using '${CERT_PATH}' as the openBalena CA certificate"
	chmod +r "${CERT_PATH}"
	update-ca-certificates

	echo
	echo "Restarting Docker to take new certificates into account..."
	systemctl restart docker

	if [ -n "${OB_SERVER_IP}" -a "${OB_SERVER_IP}" != "skip" ]; then
	echo
	echo "Updating /etc/hosts..."
	cat <<EOF
	Please note that this script is not yet smart enough to update existing
	entries in '/etc/hosts', and will simply append new entries at the bottom.
	You may need to tidy it up manually - sorry!
	EOF
	cat >>/etc/hosts <<EOF
	${OB_SERVER_IP} api.open.balena
	${OB_SERVER_IP} registry.open.balena
	${OB_SERVER_IP} s3.open.balena
	${OB_SERVER_IP} tunnel.open.balena
	${OB_SERVER_IP} vpn.open.balena
	EOF
	fi

	echo
	echo "All done!"