mirror of
https://github.com/jambonz/jambonz-infrastructure.git
synced 2026-07-04 22:11:48 +00:00
add support for building on gcp
This commit is contained in:
@@ -0,0 +1,6 @@
|
|||||||
|
imports:
|
||||||
|
- path: gcp-jambonz-mini.jinja
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- name: jambonz-mini
|
||||||
|
type: gcp-jambonz-mini.jinja
|
||||||
@@ -0,0 +1,180 @@
|
|||||||
|
{% set image = "packer-1680730500" %}
|
||||||
|
{% set region = "us-central1" %}
|
||||||
|
{% set zone = "us-central1-b" %}
|
||||||
|
{% set instanceType = "e2-medium" %}
|
||||||
|
{% set dnsName = "jambonz.me" %}
|
||||||
|
{% set jaegerUsername = "admin" %}
|
||||||
|
{% set jaegerPassword = "JambonzR0ck$" %}
|
||||||
|
{% set projectName = env["project"] %}
|
||||||
|
{% set uuid = env["current_time"] %}
|
||||||
|
|
||||||
|
resources:
|
||||||
|
- name: jambonz-static-ip-{{ uuid }}
|
||||||
|
type: gcp-types/compute-v1:addresses
|
||||||
|
properties:
|
||||||
|
region: {{ region }}
|
||||||
|
name: jambonz-mini-static-ip
|
||||||
|
|
||||||
|
- name: jambonz-mini-firewall-rule-{{ uuid }}
|
||||||
|
type: compute.v1.firewall
|
||||||
|
properties:
|
||||||
|
targetTags:
|
||||||
|
- jambonz-mini-{{ uuid }}
|
||||||
|
network: https://www.googleapis.com/compute/v1/projects/{{ projectName }}/global/networks/default
|
||||||
|
sourceRanges:
|
||||||
|
- 0.0.0.0/0
|
||||||
|
allowed:
|
||||||
|
- IPProtocol: tcp
|
||||||
|
ports:
|
||||||
|
- "22"
|
||||||
|
- "80"
|
||||||
|
- "443"
|
||||||
|
- "3020"
|
||||||
|
- "5060"
|
||||||
|
- "5061"
|
||||||
|
- "8443"
|
||||||
|
- IPProtocol: udp
|
||||||
|
ports:
|
||||||
|
- "5060"
|
||||||
|
|
||||||
|
- name: jambonz-mini-{{ uuid }}
|
||||||
|
type: compute.v1.instance
|
||||||
|
properties:
|
||||||
|
tags:
|
||||||
|
items:
|
||||||
|
- jambonz-mini-{{ uuid }}
|
||||||
|
zone: {{ zone }}
|
||||||
|
machineType: https://www.googleapis.com/compute/v1/projects/{{ projectName }}/zones/{{ zone }}/machineTypes/{{ instanceType }}
|
||||||
|
disks:
|
||||||
|
- deviceName: boot
|
||||||
|
type: PERSISTENT
|
||||||
|
boot: true
|
||||||
|
autodelete: true
|
||||||
|
initializeParams:
|
||||||
|
sourceImage: https://www.googleapis.com/compute/v1/projects/{{ projectName }}/global/images/{{ image }}
|
||||||
|
networkInterfaces:
|
||||||
|
- network: https://www.googleapis.com/compute/v1/projects/{{ projectName }}/global/networks/default
|
||||||
|
accessConfigs:
|
||||||
|
- name: External NAT
|
||||||
|
type: ONE_TO_ONE_NAT
|
||||||
|
natIP: $(ref.jambonz-static-ip-{{ uuid }}.address)
|
||||||
|
metadata:
|
||||||
|
items:
|
||||||
|
- key: startup-script
|
||||||
|
value: |
|
||||||
|
#!/bin/bash -xe
|
||||||
|
|
||||||
|
DNS_NAME={{ dnsName }}
|
||||||
|
JAEGER_USERNAME={{ jaegerUsername }}
|
||||||
|
JAEGER_PASSWORD={{ jaegerPassword }}
|
||||||
|
|
||||||
|
{% raw %}
|
||||||
|
# get instance metadata
|
||||||
|
PRIVATE_IPV4="$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip)"
|
||||||
|
PUBLIC_IPV4="$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip)"
|
||||||
|
INSTANCE_ID="$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/name)"
|
||||||
|
|
||||||
|
# replace ip addresses in the ecosystem.config.js file
|
||||||
|
sudo sed -i -e "s/\(.*\)PRIVATE_IP\(.*\)/\1$PRIVATE_IPV4\2/g" /home/admin/apps/ecosystem.config.js
|
||||||
|
sudo sed -i -e "s/\(.*\)--JAMBONES_API_BASE_URL--\(.*\)/\1http:\/\/$PUBLIC_IPV4\/v1\2/g" /home/admin/apps/ecosystem.config.js
|
||||||
|
|
||||||
|
# set initial admin password to admin
|
||||||
|
JAMBONES_MYSQL_USER=admin JAMBONES_MYSQL_PASSWORD=JambonzR0ck$ JAMBONES_MYSQL_DATABASE=jambones JAMBONES_MYSQL_HOST=127.0.0.1 /home/admin/apps/jambonz-api-server/db/reset_admin_password.js
|
||||||
|
|
||||||
|
# replace JWT_SECRET
|
||||||
|
uuid=$(uuidgen)
|
||||||
|
sudo sed -i -e "s/\(.*\)JWT-SECRET-GOES_HERE\(.*\)/\1$uuid\2/g" /home/admin/apps/ecosystem.config.js
|
||||||
|
|
||||||
|
#Add BasicAuth password for Jaeger
|
||||||
|
sudo htpasswd -b -c /etc/nginx/.htpasswd $JAEGER_USERNAME "$JAEGER_PASSWORD"
|
||||||
|
|
||||||
|
# configure webapp
|
||||||
|
if [[ -z $DNS_NAME ]]; then
|
||||||
|
# portals will be accessed by IP address of server
|
||||||
|
echo "VITE_API_BASE_URL=http://$PUBLIC_IPV4/api/v1" > /home/admin/apps/jambonz-webapp/.env
|
||||||
|
API_BASE_URL=http://$PUBLIC_IPV4/api/v1 TAG="<script>window.JAMBONZ = { API_BASE_URL: '$API_BASE_URL'};</script>"
|
||||||
|
sed -i -e "\@</head>@i\ $TAG" /home/admin/apps/jambonz-webapp/dist/index.html
|
||||||
|
else
|
||||||
|
# portals will be accessed by DNS name
|
||||||
|
echo "VITE_API_BASE_URL=http://$DNS_NAME/api/v1" > /home/admin/apps/jambonz-webapp/.env
|
||||||
|
API_BASE_URL=http://$DNS_NAME/api/v1 TAG="<script>window.JAMBONZ = { API_BASE_URL: '$API_BASE_URL'};</script>"
|
||||||
|
sed -i -e "\@</head>@i\ $TAG" /home/admin/apps/jambonz-webapp/dist/index.html
|
||||||
|
|
||||||
|
sudo cat << EOF > /etc/nginx/sites-available/default
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name $DNS_NAME;
|
||||||
|
location /api/ {
|
||||||
|
rewrite ^/api/(.*)$ /\$1 break;
|
||||||
|
proxy_pass http://localhost:3002;
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
}
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:3001;
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name api.$DNS_NAME;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:3002;
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name grafana.$DNS_NAME;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:3010;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade \$http_upgrade;
|
||||||
|
proxy_set_header Connection 'upgrade';
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
proxy_cache_bypass \$http_upgrade;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name homer.$DNS_NAME;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:9080;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade \$http_upgrade;
|
||||||
|
proxy_set_header Connection 'upgrade';
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
proxy_cache_bypass \$http_upgrade;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name jaeger.$DNS_NAME;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:16686;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade \$http_upgrade;
|
||||||
|
proxy_set_header Connection 'upgrade';
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
proxy_cache_bypass \$http_upgrade;
|
||||||
|
auth_basic "Secured Endpoint";
|
||||||
|
auth_basic_user_file /etc/nginx/.htpasswd;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
sudo systemctl restart nginx
|
||||||
|
fi
|
||||||
|
|
||||||
|
# restart heplify-server
|
||||||
|
sudo systemctl restart heplify-server
|
||||||
|
|
||||||
|
sudo -u admin bash -c "pm2 restart /home/admin/apps/ecosystem.config.js"
|
||||||
|
sudo -u admin bash -c "pm2 save"
|
||||||
|
sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u admin --hp /home/admin
|
||||||
|
|
||||||
|
# get an apiban key
|
||||||
|
APIBANKEY=$(curl -X POST -u jambonz:1a074994242182a9e0b67eae93978826 -d "{\"client\": \"$uuid\"}" -s https://apiban.org/sponsor/newkey | jq -r '.ApiKey')
|
||||||
|
sudo sed -i -e "s/API-KEY-HERE/$APIBANKEY/g" /usr/local/bin/apiban/config.json
|
||||||
|
sudo /usr/local/bin/apiban/apiban-iptables-client FULL
|
||||||
|
|
||||||
|
{% endraw %}
|
||||||
@@ -0,0 +1,48 @@
|
|||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=rtpengine
|
||||||
|
After=syslog.target network.target local-fs.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
; service
|
||||||
|
Type=forking
|
||||||
|
Environment="LD_LIBRARY_PATH=/usr/local/lib/"
|
||||||
|
ExecStartPre=/bin/sh -c 'systemctl set-environment LOCAL_IP=`curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip`'
|
||||||
|
ExecStartPre=/bin/sh -c 'systemctl set-environment PUBLIC_IP=`curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip`'
|
||||||
|
ExecStartPre=echo 'del 42' > /proc/rtpengine/control
|
||||||
|
ExecStart=/usr/local/bin/rtpengine \
|
||||||
|
--interface private/${LOCAL_IP} \
|
||||||
|
--interface public/${LOCAL_IP}!${PUBLIC_IP} \
|
||||||
|
--listen-ng=22222 \
|
||||||
|
--listen-http=8080 \
|
||||||
|
--listen-udp=12222 \
|
||||||
|
--dtmf-log-dest=127.0.0.1:22223 \
|
||||||
|
--listen-cli=127.0.0.1:9900 \
|
||||||
|
--table=42 \
|
||||||
|
--pidfile /run/rtpengine.pid \
|
||||||
|
--port-min 40000 \
|
||||||
|
--port-max 60000 \
|
||||||
|
--recording-dir /var/spool/recording \
|
||||||
|
--recording-method proc \
|
||||||
|
--log-level 5 \
|
||||||
|
--delete-delay 0
|
||||||
|
PIDFile=/run/rtpengine.pid
|
||||||
|
TimeoutSec=15s
|
||||||
|
Restart=always
|
||||||
|
; exec
|
||||||
|
User=root
|
||||||
|
Group=daemon
|
||||||
|
LimitCORE=infinity
|
||||||
|
LimitNOFILE=100000
|
||||||
|
LimitNPROC=60000
|
||||||
|
;LimitSTACK=240
|
||||||
|
LimitRTPRIO=infinity
|
||||||
|
LimitRTTIME=7000000
|
||||||
|
IOSchedulingClass=realtime
|
||||||
|
IOSchedulingPriority=2
|
||||||
|
CPUSchedulingPolicy=rr
|
||||||
|
CPUSchedulingPriority=89
|
||||||
|
UMask=0007
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
@@ -1,8 +1,9 @@
|
|||||||
{
|
{
|
||||||
"variables": {
|
"variables": {
|
||||||
|
"cloud_provider": "gcp",
|
||||||
"region": "us-east-1",
|
"region": "us-east-1",
|
||||||
"ssh_username": "admin",
|
"ssh_username": "admin",
|
||||||
"ami_description": "jambonz all-in-one AMI",
|
"ami_description": "jambonz-mini (all-in-one server)",
|
||||||
"instance_type": "c2-standard-4",
|
"instance_type": "c2-standard-4",
|
||||||
"drachtio_version": "v0.8.21",
|
"drachtio_version": "v0.8.21",
|
||||||
"jambonz_version": "v0.8.2",
|
"jambonz_version": "v0.8.2",
|
||||||
@@ -23,18 +24,21 @@
|
|||||||
"mediaserver_name" : "jambonz",
|
"mediaserver_name" : "jambonz",
|
||||||
"preferred_codec_list" : "PCMU,PCMA,OPUS,G722",
|
"preferred_codec_list" : "PCMU,PCMA,OPUS,G722",
|
||||||
"project_id": "drachtio-cpaas",
|
"project_id": "drachtio-cpaas",
|
||||||
"image_family": "debian-11-bullseye-v20230306",
|
"source_image_family": "debian-11",
|
||||||
"image_zone": "us-east1-b"
|
"source_image_project_id": "debian-cloud",
|
||||||
|
"image_zone": "us-central1-c"
|
||||||
},
|
},
|
||||||
"builders": [
|
"builders": [
|
||||||
{
|
{
|
||||||
"type": "googlecompute",
|
"type": "googlecompute",
|
||||||
"project_id": "{{user `project_id`}}",
|
"project_id": "{{user `project_id`}}",
|
||||||
"source_image": "{{user `image_family`}}",
|
"source_image_family": "{{user `source_image_family`}}",
|
||||||
|
"source_image_project_id": "{{user `source_image_project_id`}}",
|
||||||
"ssh_username": "{{user `ssh_username`}}",
|
"ssh_username": "{{user `ssh_username`}}",
|
||||||
"zone": "{{user `image_zone`}}",
|
"zone": "{{user `image_zone`}}",
|
||||||
"machine_type": "{{user `instance_type`}}",
|
"machine_type": "{{user `instance_type`}}",
|
||||||
"disk_size": "60"
|
"image_description": "{{user `ami_description`}}",
|
||||||
|
"disk_size": "80"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"provisioners": [
|
"provisioners": [
|
||||||
@@ -79,7 +83,12 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"type": "shell",
|
"type": "shell",
|
||||||
"execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `drachtio_version`}} GCP",
|
"execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `rtp_engine_version`}} {{user `cloud_provider`}}",
|
||||||
|
"script": "scripts/install_rtpengine.sh"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "shell",
|
||||||
|
"execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `drachtio_version`}} {{user `cloud_provider`}}",
|
||||||
"script": "scripts/install_drachtio.sh"
|
"script": "scripts/install_drachtio.sh"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@@ -91,11 +100,6 @@
|
|||||||
],
|
],
|
||||||
"script": "scripts/install_freeswitch.sh"
|
"script": "scripts/install_freeswitch.sh"
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"type": "shell",
|
|
||||||
"execute_command": "chmod +x {{ .Path }}; sudo '{{ .Path }}' {{user `rtp_engine_version`}}",
|
|
||||||
"script": "scripts/install_rtpengine.sh"
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"type": "shell",
|
"type": "shell",
|
||||||
"script": "scripts/install_nodejs.sh"
|
"script": "scripts/install_nodejs.sh"
|
||||||
|
|||||||
@@ -10,10 +10,12 @@ cd drachtio-server
|
|||||||
git submodule update --init --recursive
|
git submodule update --init --recursive
|
||||||
./autogen.sh && mkdir -p build && cd $_ && ../configure --enable-tcmalloc=yes CPPFLAGS='-DNDEBUG -g -O2' && make -j 4 && sudo make install
|
./autogen.sh && mkdir -p build && cd $_ && ../configure --enable-tcmalloc=yes CPPFLAGS='-DNDEBUG -g -O2' && make -j 4 && sudo make install
|
||||||
|
|
||||||
if [ "$2" = "GCP" ]; then
|
if [ "$2" = "gcp" ]; then
|
||||||
sudo mv /tmp/gcp-drachtio.service /etc/systemd/system/drachtio.service
|
echo "installing drachtio for gcp"
|
||||||
sudo mv /tmp/gcp-drachtio-5070.service /etc/systemd/system/drachtio-5070.service
|
sudo mv /tmp/drachtio.gcp.service /etc/systemd/system/drachtio.service
|
||||||
|
sudo mv /tmp/drachtio-5070.gcp.service /etc/systemd/system/drachtio-5070.service
|
||||||
else
|
else
|
||||||
|
echo "installing drachtio for aws"
|
||||||
sudo mv /tmp/drachtio.service /etc/systemd/system
|
sudo mv /tmp/drachtio.service /etc/systemd/system
|
||||||
sudo mv /tmp/drachtio-5070.service /etc/systemd/system
|
sudo mv /tmp/drachtio-5070.service /etc/systemd/system
|
||||||
fi
|
fi
|
||||||
@@ -24,7 +26,6 @@ sudo chmod 644 /etc/systemd/system/drachtio.service
|
|||||||
sudo systemctl enable drachtio
|
sudo systemctl enable drachtio
|
||||||
sudo systemctl restart drachtio
|
sudo systemctl restart drachtio
|
||||||
sudo systemctl status drachtio.service
|
sudo systemctl status drachtio.service
|
||||||
sudo journalctl -xe
|
|
||||||
|
|
||||||
sudo mv /tmp/drachtio-5070.conf.xml /etc
|
sudo mv /tmp/drachtio-5070.conf.xml /etc
|
||||||
sudo chmod 644 /etc/drachtio-5070.conf.xml
|
sudo chmod 644 /etc/drachtio-5070.conf.xml
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
VERSION=$1
|
VERSION=$1
|
||||||
|
|
||||||
echo "rtpengine version to install is ${VERSION}"
|
echo "rtpengine version to install is ${VERSION}, cloud provider is $2"
|
||||||
|
|
||||||
cd /usr/local/src
|
cd /usr/local/src
|
||||||
git clone https://github.com/BelledonneCommunications/bcg729.git
|
git clone https://github.com/BelledonneCommunications/bcg729.git
|
||||||
@@ -33,9 +33,16 @@ EOF
|
|||||||
echo 'add 42' > /proc/rtpengine/control
|
echo 'add 42' > /proc/rtpengine/control
|
||||||
iptables -I INPUT -p udp --dport 40000:60000 -j RTPENGINE --id 42
|
iptables -I INPUT -p udp --dport 40000:60000 -j RTPENGINE --id 42
|
||||||
|
|
||||||
|
if [ "$2" = "gcp" ]; then
|
||||||
|
echo "installing rtpengine for gcp"
|
||||||
|
sudo mv /tmp/rtpengine.gcp.service /etc/systemd/system/rtpengine.service
|
||||||
|
else
|
||||||
|
echo "installing rtpengine for aws"
|
||||||
|
sudo mv /tmp/rtpengine.service /etc/systemd/system/rtpengine.service
|
||||||
|
fi
|
||||||
|
|
||||||
cp /usr/local/src/rtpengine/daemon/rtpengine /usr/local/bin
|
cp /usr/local/src/rtpengine/daemon/rtpengine /usr/local/bin
|
||||||
cp /usr/local/src/rtpengine/recording-daemon/rtpengine-recording /usr/local/bin/
|
cp /usr/local/src/rtpengine/recording-daemon/rtpengine-recording /usr/local/bin/
|
||||||
sudo mv /tmp/rtpengine.service /etc/systemd/system
|
|
||||||
sudo mv /tmp/rtpengine-recording.service /etc/systemd/system
|
sudo mv /tmp/rtpengine-recording.service /etc/systemd/system
|
||||||
sudo mv /tmp/rtpengine-recording.ini /etc/rtpengine-recording.ini
|
sudo mv /tmp/rtpengine-recording.ini /etc/rtpengine-recording.ini
|
||||||
sudo chmod 644 /etc/systemd/system/rtpengine.service
|
sudo chmod 644 /etc/systemd/system/rtpengine.service
|
||||||
|
|||||||
@@ -0,0 +1,179 @@
|
|||||||
|
provider "google" {
|
||||||
|
project = var.project
|
||||||
|
region = var.region
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "random_string" "uuid" {
|
||||||
|
length = 6
|
||||||
|
special = false
|
||||||
|
upper = false
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_address" "jambonz_static_ip" {
|
||||||
|
name = "jambonz-static-ip-${random_string.uuid.result}"
|
||||||
|
region = var.region
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_firewall" "jambonz_mini_firewall_rule" {
|
||||||
|
name = "jambonz-firewall-rule-${random_string.uuid.result}"
|
||||||
|
|
||||||
|
source_ranges = [
|
||||||
|
"0.0.0.0/0"
|
||||||
|
]
|
||||||
|
target_tags = [
|
||||||
|
"jambonz-mini-${random_string.uuid.result}"
|
||||||
|
]
|
||||||
|
network = "https://www.googleapis.com/compute/v1/projects/${var.project}/global/networks/default"
|
||||||
|
allow {
|
||||||
|
protocol = "tcp"
|
||||||
|
ports = ["22", "80", "443", "3020", "5060", "5061", "8443"]
|
||||||
|
}
|
||||||
|
allow {
|
||||||
|
protocol = "udp"
|
||||||
|
ports = ["5060"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "google_compute_instance" "jambonz_mini" {
|
||||||
|
name = "jambonz-mini-${random_string.uuid.result}"
|
||||||
|
zone = var.zone
|
||||||
|
machine_type = var.instance_type
|
||||||
|
tags = [
|
||||||
|
"jambonz-mini-${random_string.uuid.result}"
|
||||||
|
]
|
||||||
|
boot_disk {
|
||||||
|
device_name = "boot"
|
||||||
|
initialize_params {
|
||||||
|
image = "https://www.googleapis.com/compute/v1/projects/${var.project}/global/images/${var.image}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
network_interface {
|
||||||
|
network = "https://www.googleapis.com/compute/v1/projects/${var.project}/global/networks/default"
|
||||||
|
access_config {
|
||||||
|
nat_ip = google_compute_address.jambonz_static_ip.address
|
||||||
|
}
|
||||||
|
}
|
||||||
|
metadata = {
|
||||||
|
startup-script = <<-EOT
|
||||||
|
#!/bin/bash -xe
|
||||||
|
|
||||||
|
DNS_NAME="${var.dns_name}"
|
||||||
|
JAEGER_USERNAME="${var.jaeger_username}"
|
||||||
|
JAEGER_PASSWORD="${var.jaeger_password}"
|
||||||
|
|
||||||
|
|
||||||
|
# get instance metadata
|
||||||
|
PRIVATE_IPV4="$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip)"
|
||||||
|
PUBLIC_IPV4="$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip)"
|
||||||
|
INSTANCE_ID="$(curl -s -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/name)"
|
||||||
|
|
||||||
|
# replace ip addresses in the ecosystem.config.js file
|
||||||
|
sudo sed -i -e "s/\(.*\)PRIVATE_IP\(.*\)/\1$PRIVATE_IPV4\2/g" /home/admin/apps/ecosystem.config.js
|
||||||
|
sudo sed -i -e "s/\(.*\)--JAMBONES_API_BASE_URL--\(.*\)/\1http:\/\/$PUBLIC_IPV4\/v1\2/g" /home/admin/apps/ecosystem.config.js
|
||||||
|
|
||||||
|
# set initial admin password to admin
|
||||||
|
JAMBONES_MYSQL_USER=admin JAMBONES_MYSQL_PASSWORD=JambonzR0ck$ JAMBONES_MYSQL_DATABASE=jambones JAMBONES_MYSQL_HOST=127.0.0.1 /home/admin/apps/jambonz-api-server/db/reset_admin_password.js
|
||||||
|
|
||||||
|
# replace JWT_SECRET
|
||||||
|
uuid=$(uuidgen)
|
||||||
|
sudo sed -i -e "s/\(.*\)JWT-SECRET-GOES_HERE\(.*\)/\1$uuid\2/g" /home/admin/apps/ecosystem.config.js
|
||||||
|
|
||||||
|
#Add BasicAuth password for Jaeger
|
||||||
|
sudo htpasswd -b -c /etc/nginx/.htpasswd $JAEGER_USERNAME "$JAEGER_PASSWORD"
|
||||||
|
|
||||||
|
# configure webapp
|
||||||
|
if [[ -z $DNS_NAME ]]; then
|
||||||
|
# portals will be accessed by IP address of server
|
||||||
|
echo "VITE_API_BASE_URL=http://$PUBLIC_IPV4/api/v1" > /home/admin/apps/jambonz-webapp/.env
|
||||||
|
API_BASE_URL=http://$PUBLIC_IPV4/api/v1 TAG="<script>window.JAMBONZ = { API_BASE_URL: '$API_BASE_URL'};</script>"
|
||||||
|
sed -i -e "\@</head>@i\ $TAG" /home/admin/apps/jambonz-webapp/dist/index.html
|
||||||
|
else
|
||||||
|
# portals will be accessed by DNS name
|
||||||
|
echo "VITE_API_BASE_URL=http://$DNS_NAME/api/v1" > /home/admin/apps/jambonz-webapp/.env
|
||||||
|
API_BASE_URL=http://$DNS_NAME/api/v1 TAG="<script>window.JAMBONZ = { API_BASE_URL: '$API_BASE_URL'};</script>"
|
||||||
|
sed -i -e "\@</head>@i\ $TAG" /home/admin/apps/jambonz-webapp/dist/index.html
|
||||||
|
|
||||||
|
sudo cat << EOF > /etc/nginx/sites-available/default
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name $DNS_NAME;
|
||||||
|
location /api/ {
|
||||||
|
rewrite ^/api/(.*)$ /\$1 break;
|
||||||
|
proxy_pass http://localhost:3002;
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
}
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:3001;
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name api.$DNS_NAME;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:3002;
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name grafana.$DNS_NAME;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:3010;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade \$http_upgrade;
|
||||||
|
proxy_set_header Connection 'upgrade';
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
proxy_cache_bypass \$http_upgrade;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name homer.$DNS_NAME;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:9080;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade \$http_upgrade;
|
||||||
|
proxy_set_header Connection 'upgrade';
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
proxy_cache_bypass \$http_upgrade;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name jaeger.$DNS_NAME;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:16686;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade \$http_upgrade;
|
||||||
|
proxy_set_header Connection 'upgrade';
|
||||||
|
proxy_set_header Host \$host;
|
||||||
|
proxy_cache_bypass \$http_upgrade;
|
||||||
|
auth_basic "Secured Endpoint";
|
||||||
|
auth_basic_user_file /etc/nginx/.htpasswd;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
|
||||||
|
sudo systemctl restart nginx
|
||||||
|
fi
|
||||||
|
|
||||||
|
# restart heplify-server
|
||||||
|
sudo systemctl restart heplify-server
|
||||||
|
|
||||||
|
sudo -u admin bash -c "pm2 restart /home/admin/apps/ecosystem.config.js"
|
||||||
|
sudo -u admin bash -c "pm2 save"
|
||||||
|
sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u admin --hp /home/admin
|
||||||
|
|
||||||
|
# get an apiban key
|
||||||
|
APIBANKEY=$(curl -X POST -u jambonz:1a074994242182a9e0b67eae93978826 -d "{\"client\": \"$uuid\"}" -s https://apiban.org/sponsor/newkey | jq -r '.ApiKey')
|
||||||
|
sudo sed -i -e "s/API-KEY-HERE/$APIBANKEY/g" /usr/local/bin/apiban/config.json
|
||||||
|
sudo /usr/local/bin/apiban/apiban-iptables-client FULL
|
||||||
|
|
||||||
|
EOT
|
||||||
|
}
|
||||||
|
|
||||||
|
depends_on = [
|
||||||
|
google_compute_address.jambonz_static_ip
|
||||||
|
]
|
||||||
|
}
|
||||||
@@ -0,0 +1,8 @@
|
|||||||
|
image = "packer-1680730500"
|
||||||
|
region = "us-central1"
|
||||||
|
zone = "us-central1-b"
|
||||||
|
project = "drachtio-cpaas"
|
||||||
|
dns_name = "jambonz.me"
|
||||||
|
instance_type = "e2-medium"
|
||||||
|
jaeger_username = "admin"
|
||||||
|
jaeger_password = "JambonzR0ck$"
|
||||||
@@ -0,0 +1,24 @@
|
|||||||
|
variable "image" {
|
||||||
|
description = "the image to use for the boot disk"
|
||||||
|
}
|
||||||
|
variable "region" {
|
||||||
|
description = "the GCP region"
|
||||||
|
}
|
||||||
|
variable "zone" {
|
||||||
|
description = "the GCP zone"
|
||||||
|
}
|
||||||
|
variable "project" {
|
||||||
|
description = "the GCP project name"
|
||||||
|
}
|
||||||
|
variable "dns_name" {
|
||||||
|
description = "the domain you want to use for the portal"
|
||||||
|
}
|
||||||
|
variable "instance_type" {
|
||||||
|
description = "the VM instance type"
|
||||||
|
}
|
||||||
|
variable "jaeger_username" {
|
||||||
|
description = "the jaeager user"
|
||||||
|
}
|
||||||
|
variable "jaeger_password" {
|
||||||
|
description = "the jaeager password"
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user