Build docker image in build workflow; Update automatic install to use Docker (#983)

* Test docker prod build in CI * Need uses * Set build-args * Split builds * Fix build-args format * wtf * hmmm * Jeebus * build version based on drafted release * Build multi-platform images * Only build for supported platforms * Use newer OTP fingers crossed * Use OTP 24 for arm64 * Finalize test build of Docker image * Update comment * Bump to OTP 25.1 * Use proper ver * D'oh proper sha * Use OTP 24 and install python for node build * Use new Docker base * Use python3 * Use newly-built base images with other platform support * Don't build for ppc64le and s390x * Build only for amd64/arm64 * Don't rebuild on publish; simply copy * See where the image is being pushed * Remove echo * Add docker updates * Match platforms from base image * Use docker-compose over docker compose * Use our own base * we need python3 * use consistent service name * trim trailing slash from external_url * Build for latest tag in staging
2026-01-27 18:18:55 +00:00 · 2022-09-29 08:20:32 -05:00
parent 9602a145f4
commit dd67baf629
19 changed files with 413 additions and 153 deletions
--- a/scripts/dev_start.sh
+++ b/scripts/dev_start.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh

 ip link add dev wg-firezone type wireguard
 ip address replace dev wg-firezone 10.3.2.1/24
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -9,6 +9,13 @@ osCheck () {
  fi
 }

+dockerCheck () {
+  if ! type docker > /dev/null; then
+    echo 'docker not found. Please install docker and try again.'
+    exit
+  fi
+}
+
 curlCheck () {
  if ! type curl > /dev/null; then
    echo 'curl not found. Please install curl to use this script.'
@@ -35,9 +42,25 @@ capture () {
    fi
  fi
 }
+
+promptInstallDir() {
+  read -p "$1" installDir
+  if [ -z "$installDir" ]; then
+    installDir=$defaultInstallDir
+  fi
+}
+
+promptExternalUrl() {
+  read -p "$1" externalUrl
+  # Remove trailing slash if present
+  externalUrl=$(echo $externalUrl | sed 's:/*$::')
+  if [ -z "$externalUrl" ]; then
+    externalUrl=$defaultExternalUrl
+  fi
+}
+
 promptEmail() {
-  echo $1
-  read adminEmail
+  read -p "$1" adminEmail
  case $adminEmail in
    *@*) adminUser=$adminEmail;;
    *) promptEmail "Please provide a valid email: "
@@ -45,8 +68,7 @@ promptEmail() {
 }

 promptContact() {
-  echo "Could we email you to ask for product feedback? Firezone depends heavily on input from users like you to steer development. (Y/n): "
-  read contact
+  read -p 'Could we email you to ask for product feedback? Firezone depends heavily on input from users like you to steer development. (Y/n): ' contact
  case $contact in
    n|N);;
    *) capture "contactOk" $adminUser
@@ -78,87 +100,93 @@ kernelCheck() {
  fi
 }

-# determines distro and sets up and installs from cloudsmith repo
-# aborts if it can't detect or is not supported
-setupCloudsmithRepoAndInstall() {
-  hostinfo=`hostnamectl | egrep -i 'opera'`
-  if [[ "$hostinfo" =~ .*"Debian GNU/Linux 10".* || \
-        "$hostinfo" =~ .*"Debian GNU/Linux 11".* || \
-        "$hostinfo" =~ .*"Ubuntu 18.04".*        || \
-        "$hostinfo" =~ .*"Ubuntu 2"(0|1|2)".04".*
-     ]]
-  then
-    if [ ! -f /etc/apt/sources.list.d/firezone-firezone.list ]; then
-      apt-get -qqy update
-      apt-get -qqy install apt-transport-https gnupg
-      setupCloudsmithRepo "deb"
-    else
-      apt-get -qqy update
-    fi
-
-    apt-get install -y firezone
-  elif [[ "$hostinfo" =~ .*"Amazon Linux 2".*                   || \
-          "$hostinfo" =~ .*"Fedora 33".*                        || \
-          "$hostinfo" =~ .*"Fedora 34".*                        || \
-          "$hostinfo" =~ .*"Fedora Linux 3"(5|6).*              || \
-          "$hostinfo" =~ .*"CentOS Linux 7".*                   || \
-          "$hostinfo" =~ .*"CentOS Stream 8".*                  || \
-          "$hostinfo" =~ .*"CentOS Linux 8".*                   || \
-          "$hostinfo" =~ .*"CentOS Stream 9".*                  || \
-          "$hostinfo" =~ .*"Oracle Linux Server "(7|8|9).*      || \
-          "$hostinfo" =~ .*"Red Hat Enterprise Linux "(7|8|9).* || \
-          "$hostinfo" =~ .*"Rocky Linux 8".*                    || \
-          "$hostinfo" =~ .*"AlmaLinux 8".*                      || \
-          "$hostinfo" =~ .*"VzLinux 8".*
-       ]]
-  then
-    if [ ! -f /etc/yum.repos.d/firezone-firezone.repo ]; then
-      setupCloudsmithRepo "rpm"
-    fi
-
-    yum install -y firezone
-  elif [[ "$hostinfo" =~ .*"openSUSE Leap 15".* ]]
-  then
-    if ! zypper lr | grep firezone-firezone; then
-      setupCloudsmithRepo "rpm"
-    else
-      zypper --non-interactive --quiet ref firezone-firezone
-    fi
-
-    zypper --non-interactive install -y firezone
-  else
-    echo "Did not detect a supported Linux distribution. Try using the manual installation method using a release package from a similar distribution. Aborting."
-    exit
-  fi
-}
-
-setupCloudsmithRepo() {
-  curl -1sLf \
-    "https://dl.cloudsmith.io/public/firezone/firezone/setup.$1.sh" \
-    | bash
-}
-
 firezoneSetup() {
-  conf="/opt/firezone/embedded/cookbooks/firezone/attributes/default.rb"
-  sed -i "s/firezone@localhost/$1/" $conf
-  sed -i "s/default\['firezone']\['external_url'].*/default['firezone']['external_url'] = 'https:\/\/$public_ip'/" $conf
-  firezone-ctl reconfigure
-  firezone-ctl create-or-reset-admin
+  cd $installDir
+  curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.prod.yml -o docker-compose.yml
+  docker run --rm firezone/firezone bin/gen-env > .env
+  sed -i "s/ADMIN_EMAIL=_CHANGE_ME_/ADMIN_EMAIL=$1/" .env
+  sed -i "s~EXTERNAL_URL=_CHANGE_ME_~EXTERNAL_URL=$2~" .env
+  sed -i "s/TELEMETRY_ID=.*/TELEMETRY_ID=$telemetry_id/" .env
+  docker-compose up -d
+  docker-compose exec firezone bin/create-or-reset-admin
+
+  displayLogo
+
+cat << EOF
+Installation complete!
+
+You should now be able to log into the Web UI at $externalUrl with the
+following credentials:
+
+`grep ADMIN_EMAIL .env`
+`grep DEFAULT_ADMIN_PASSWORD .env`
+
+EOF
+
+  cd -
 }

+displayLogo() {
+cat << EOF
+
+
+
+
+
+
+                                             ::
+                                              !!:
+                                              .??^
+                                               ~J?^
+                                               :???.
+                                               .??J^
+                                               .??J!
+                                               .??J!
+                                               ^J?J~
+                                               !???:
+                                              .???? ::
+                                              ^J?J! :~:
+                                              7???: :~~
+                                             .???7  ~~~.
+                                             :??J^ :~~^
+                                             :???..~~~:
+           .............                     .?J7 ^~~~        ....
+        ..        ......::....                ~J!.~~~^       ::..
+                         ...:::....            !7^~~~^     .^: .
+                             ...:::....         ~~~~~~:. .:~^ .
+                                ....:::....      .~~~~~~~~~:..
+                                    ...::::....   .::^^^^:...
+                                       .....:::.............
+                                           .......:::.....
+
+
+
+
+
+
+
+
+EOF
+}
+
+
 main() {
+  defaultInstallDir=`pwd`
+  defaultExternalUrl="https://$public_ip"
  adminUser=''
+  externalUrl=''
  kernelCheck
  wireguardCheck
-  promptEmail "Enter the administrator email you'd like to use for logging into this Firezone instance:"
+  promptEmail "Enter the administrator email you'd like to use for logging into this Firezone instance: "
+  promptInstallDir "Enter the desired installation directory ($defaultInstallDir): "
+  promptExternalUrl "Enter the external URL that will be used to access this instance ($defaultExternalUrl): "
  promptContact
-  echo "Press <ENTER> to install or Ctrl-C to abort."
-  read
-  setupCloudsmithRepoAndInstall
-  firezoneSetup $adminUser
+  read -p "Press <ENTER> to install or Ctrl-C to abort."
+  firezoneSetup $adminUser $externalUrl
 }

 osCheck
+dockerCheck
 curlCheck

 telemetry_id=`od -vN "8" -An -tx1 /dev/urandom | tr -d " \n" ; echo`
--- a/scripts/omnibus_install.sh
+++ b/scripts/omnibus_install.sh
@@ -0,0 +1,169 @@
+#!/bin/bash
+set -e
+
+osCheck () {
+  os=`uname -s`
+  if [ ! $os = "Linux" ]; then
+    echo "Please ensure you're running this script on Linux and try again."
+    exit
+  fi
+}
+
+curlCheck () {
+  if ! type curl > /dev/null; then
+    echo 'curl not found. Please install curl to use this script.'
+    exit
+  fi
+}
+
+capture () {
+  if type curl > /dev/null; then
+    if [ ! -z "$telemetry_id" ]; then
+      curl -s -XPOST \
+        -m 5 \
+        -H 'Content-Type: application/json' \
+        -d "{
+          \"api_key\": \"phc_ubuPhiqqjMdedpmbWpG2Ak3axqv5eMVhFDNBaXl9UZK\",
+          \"event\": \"$1\",
+          \"properties\": {
+            \"distinct_id\": \"$telemetry_id\",
+            \"email\": \"$2\"
+          }
+        }" \
+        https://telemetry.firez.one/capture/ > /dev/null \
+        || true
+    fi
+  fi
+}
+promptEmail() {
+  echo $1
+  read adminEmail
+  case $adminEmail in
+    *@*) adminUser=$adminEmail;;
+    *) promptEmail "Please provide a valid email: "
+  esac
+}
+
+promptContact() {
+  echo "Could we email you to ask for product feedback? Firezone depends heavily on input from users like you to steer development. (Y/n): "
+  read contact
+  case $contact in
+    n|N);;
+    *) capture "contactOk" $adminUser
+  esac
+}
+
+wireguardCheck() {
+  if ! test -f /sys/module/wireguard/version; then
+    if test -d /lib/modules/$(uname -r) && test -f `find /lib/modules/$(uname -r) -type f -name 'wireguard.ko'`; then
+      echo "WireGuard kernel module found, but not loaded. Load it now? (Y/n): "
+      read load_wgmod
+      case $load_wgmod in
+        n|N) echo "Load it with 'sudo modprobe wireguard' and run this install script again"; exit;;
+        *) modprobe wireguard
+      esac
+    else
+      echo "Error! WireGuard not detected. Please upgrade your kernel to at least 5.6 or install the WireGuard kernel module."
+      echo "See more at https://www.wireguard.com/install/"
+      exit
+    fi
+  fi
+}
+
+kernelCheck() {
+  major=`uname -r | cut -d'.' -f1`
+  if [ "$major" -lt "5" ]; then
+    echo "Kernel version `uname -r ` is not supported. Please upgrade to 5.0 or higher."
+    exit
+  fi
+}
+
+# determines distro and sets up and installs from cloudsmith repo
+# aborts if it can't detect or is not supported
+setupCloudsmithRepoAndInstall() {
+  hostinfo=`hostnamectl | egrep -i 'opera'`
+  if [[ "$hostinfo" =~ .*"Debian GNU/Linux 10".* || \
+        "$hostinfo" =~ .*"Debian GNU/Linux 11".* || \
+        "$hostinfo" =~ .*"Ubuntu 18.04".*        || \
+        "$hostinfo" =~ .*"Ubuntu 2"(0|1|2)".04".*
+     ]]
+  then
+    if [ ! -f /etc/apt/sources.list.d/firezone-firezone.list ]; then
+      apt-get -qqy update
+      apt-get -qqy install apt-transport-https gnupg
+      setupCloudsmithRepo "deb"
+    else
+      apt-get -qqy update
+    fi
+
+    apt-get install -y firezone
+  elif [[ "$hostinfo" =~ .*"Amazon Linux 2".*                   || \
+          "$hostinfo" =~ .*"Fedora 33".*                        || \
+          "$hostinfo" =~ .*"Fedora 34".*                        || \
+          "$hostinfo" =~ .*"Fedora Linux 3"(5|6).*              || \
+          "$hostinfo" =~ .*"CentOS Linux 7".*                   || \
+          "$hostinfo" =~ .*"CentOS Stream 8".*                  || \
+          "$hostinfo" =~ .*"CentOS Linux 8".*                   || \
+          "$hostinfo" =~ .*"CentOS Stream 9".*                  || \
+          "$hostinfo" =~ .*"Oracle Linux Server "(7|8|9).*      || \
+          "$hostinfo" =~ .*"Red Hat Enterprise Linux "(7|8|9).* || \
+          "$hostinfo" =~ .*"Rocky Linux 8".*                    || \
+          "$hostinfo" =~ .*"AlmaLinux 8".*                      || \
+          "$hostinfo" =~ .*"VzLinux 8".*
+       ]]
+  then
+    if [ ! -f /etc/yum.repos.d/firezone-firezone.repo ]; then
+      setupCloudsmithRepo "rpm"
+    fi
+
+    yum install -y firezone
+  elif [[ "$hostinfo" =~ .*"openSUSE Leap 15".* ]]
+  then
+    if ! zypper lr | grep firezone-firezone; then
+      setupCloudsmithRepo "rpm"
+    else
+      zypper --non-interactive --quiet ref firezone-firezone
+    fi
+
+    zypper --non-interactive install -y firezone
+  else
+    echo "Did not detect a supported Linux distribution. Try using the manual installation method using a release package from a similar distribution. Aborting."
+    exit
+  fi
+}
+
+setupCloudsmithRepo() {
+  curl -1sLf \
+    "https://dl.cloudsmith.io/public/firezone/firezone/setup.$1.sh" \
+    | bash
+}
+
+firezoneSetup() {
+  conf="/opt/firezone/embedded/cookbooks/firezone/attributes/default.rb"
+  sed -i "s/firezone@localhost/$1/" $conf
+  sed -i "s/default\['firezone']\['external_url'].*/default['firezone']['external_url'] = 'https:\/\/$public_ip'/" $conf
+  firezone-ctl reconfigure
+  firezone-ctl create-or-reset-admin
+}
+
+main() {
+  adminUser=''
+  kernelCheck
+  wireguardCheck
+  promptEmail "Enter the administrator email you'd like to use for logging into this Firezone instance:"
+  promptContact
+  echo "Press <ENTER> to install or Ctrl-C to abort."
+  read
+  setupCloudsmithRepoAndInstall
+  firezoneSetup $adminUser
+}
+
+osCheck
+curlCheck
+
+telemetry_id=`od -vN "8" -An -tx1 /dev/urandom | tr -d " \n" ; echo`
+public_ip=`curl -m 5 --silent ifconfig.me`
+
+capture "install" "email-not-collected@dummy.domain"
+
+main