-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: simplified node installation & docs
- Loading branch information
Showing
19 changed files
with
99 additions
and
250 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
133 changes: 7 additions & 126 deletions
133
web/backend/assets/install-script/install-docker.sh.hbr
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,126 +1,7 @@ | ||
#!/bin/sh | ||
|
||
set -eu | ||
|
||
case $(uname) in | ||
Linux*) | ||
ROOTLESS="${ROOTLESS:-false}" | ||
;; | ||
*) | ||
ROOTLESS="${ROOTLESS:-true}" | ||
;; | ||
esac | ||
|
||
if [ "$ROOTLESS" = "false" ]; then | ||
if [ "$(id -u)" -ne 0 ]; then | ||
echo "Installation process needs root privileges" 1>&2 | ||
# This will quit the non-root script & restart the script as root | ||
exec sudo -s "$0" | ||
fi | ||
fi | ||
|
||
case $(uname) in | ||
Darwin*) | ||
PLATFORM="OSX" | ||
;; | ||
Linux*) | ||
PLATFORM="LINUX" | ||
;; | ||
MINGW*) | ||
PLATFORM="WINDOWS" | ||
if [ -n "${MSYS_NO_PATHCONV+x}" ]; then | ||
ORIGINAL_PATHCONV_CONFIG=$MSYS_NO_PATHCONV | ||
fi | ||
|
||
export MSYS_NO_PATHCONV=1 | ||
HOST_DOCKER_SOCK_PATH="${HOST_DOCKER_SOCK_PATH:-//var/run/docker.sock}" | ||
;; | ||
*) | ||
echo "Not Supported OS" | ||
exit 1 | ||
;; | ||
esac | ||
|
||
set_environment() { | ||
if [ -z "${CRI_EXECUTABLE:-}" ]; then | ||
if ! command -v docker >/dev/null 2>&1; then | ||
if ! command -v podman >/dev/null 2>&1; then | ||
echo "Docker is required, make sure it is installed and available in PATH!" | ||
exit 1 | ||
else | ||
CRI_EXECUTABLE="podman" | ||
fi | ||
else | ||
CRI_EXECUTABLE="docker" | ||
fi | ||
fi | ||
|
||
if [ -z "${HOST_DOCKER_SOCK_PATH:-}" ]; then | ||
if [ -z "${DOCKER_HOST:-}" ]; then | ||
HOST_DOCKER_SOCK_PATH="/var/run/docker.sock" | ||
else | ||
if [ $(echo "$DOCKER_HOST" | cut -b -7) = "unix://" ]; then | ||
HOST_DOCKER_SOCK_PATH=$(echo "$DOCKER_HOST" | cut -b 7-) | ||
else | ||
echo "Invalid DOCKER_HOST variable please set HOST_DOCKER_SOCK_PATH if your socket is in a custom location otherwise unset DOCKER_HOST!" | ||
exit 1 | ||
fi | ||
fi | ||
fi | ||
} | ||
|
||
agent_clean() { | ||
if [ -n "$($CRI_EXECUTABLE container list --filter name=^{{name}}$ --filter=status=running --filter=status=restarting --filter=status=paused --format '\{{ .Names }}' 2>/dev/null)" ]; then | ||
set +e | ||
echo "Stopping existing dyrector.io agent ({{name}})..." | ||
$CRI_EXECUTABLE stop '{{name}}' | ||
if ! $CRI_EXECUTABLE stop '{{name}}'; then | ||
set -e | ||
$CRI_EXECUTABLE kill '{{name}}' | ||
fi | ||
set -e | ||
fi | ||
|
||
if [ -n "$($CRI_EXECUTABLE container list --filter name=^{{name}}$ --filter=status=exited --filter=status=created --filter=status=dead --format '\{{ .Names }}' 2>/dev/null)" ]; then | ||
set +e | ||
echo "Removing existing dyrector.io agent ({{name}})..." | ||
$CRI_EXECUTABLE rm '{{name}}' | ||
if $CRI_EXECUTABLE rm '{{name}}'; then | ||
set -e | ||
$CRI_EXECUTABLE rm -f '{{name}}' | ||
fi | ||
set -e | ||
fi | ||
} | ||
|
||
agent_install() { | ||
echo "Installing Darklens Agent ({{name}})..." | ||
|
||
if ! {{disableForcePull}}; then | ||
$CRI_EXECUTABLE pull ghcr.io/dyrector-io/darklens/agent:{{agentImageTag}} | ||
fi | ||
|
||
$CRI_EXECUTABLE run \ | ||
--restart on-failure \ | ||
{{#if network}} | ||
--network {{networkName}} \ | ||
{{/if}} | ||
-e GRPC_TOKEN='{{token}}' \ | ||
-e HOST_DOCKER_SOCK_PATH="$HOST_DOCKER_SOCK_PATH" \ | ||
--add-host=host.docker.internal:host-gateway \ | ||
--name '{{name}}' \ | ||
-v "$HOST_DOCKER_SOCK_PATH":/var/run/docker.sock \ | ||
-d ghcr.io/dyrector-io/darklens/agent:{{agentImageTag}} | ||
|
||
if [ -z "${ORIGINAL_PATHCONV_CONFIG+x}" ]; then | ||
unset MSYS_NO_PATHCONV | ||
else | ||
export MSYS_NO_PATHCONV="$ORIGINAL_PATHCONV_CONFIG" | ||
fi | ||
} | ||
|
||
set_environment | ||
|
||
agent_clean | ||
|
||
agent_install | ||
docker run \ | ||
--restart on-failure \ | ||
-e GRPC_TOKEN='{{token}}' \ | ||
--add-host=host.docker.internal:host-gateway \ | ||
--name '{{name}}' \ | ||
-v /var/run/docker.sock:/var/run/docker.sock \ | ||
-d ghcr.io/dyrector-io/darklens/agent:{{agentImageTag}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# Please do not edit this file manually | ||
# It should be added in your version-control system (i.e. Git) | ||
provider = "sqlite" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,35 @@ | ||
import { Metadata } from '@grpc/grpc-js' | ||
import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common' | ||
import { JwtService } from '@nestjs/jwt' | ||
import PrismaService from 'src/services/prisma.service' | ||
import GrpcNodeConnection, { NodeGrpcCall } from 'src/shared/grpc-node-connection' | ||
|
||
@Injectable() | ||
export default class AgentAuthGuard implements CanActivate { | ||
constructor(private jwt: JwtService) {} | ||
constructor( | ||
private jwt: JwtService, | ||
private prisma: PrismaService, | ||
) {} | ||
|
||
canActivate(context: ExecutionContext): boolean { | ||
async canActivate(context: ExecutionContext): Promise<boolean> { | ||
const metadata = context.getArgByIndex<Metadata>(1) | ||
const call = context.getArgByIndex<NodeGrpcCall>(2) | ||
|
||
const connection = new GrpcNodeConnection(metadata, call) | ||
return connection.verify(this.jwt) | ||
if (!connection.verify(this.jwt)) { | ||
return false | ||
} | ||
|
||
const node = await this.prisma.node.findFirst({ | ||
where: { | ||
id: connection.nodeId, | ||
tokenNonce: connection.tokenNonce, | ||
}, | ||
}) | ||
if (!node) { | ||
return false | ||
} | ||
|
||
return true | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.