testing

adskyiproger · adskyiproger · commit 6b334eea97bd · 2025-10-10T11:37:02.000+03:00
diff --git a/github-runner/node-runner.sh b/github-runner/node-runner.sh
@@ -2,8 +2,8 @@
 
 printf """
 -----------------------------------
-Welcome to Bootstrap script!
-Please answer few questions
+▶️ Running Node runner setup script
+-----------------------------------
 
 """
 
@@ -49,6 +49,8 @@ while [[ $# -gt 0 ]]; do
     --labels) LABELS="$2"; shift 2 ;;
     --dir) RUNNER_DIR="$2"; shift 2 ;;
     --env) ENV="$2"; shift 2 ;;
+    --runas-user) RUNAS_USER="$2"; shift 2 ;;
+    --runas-group) RUNAS_GROUP="$2"; shift 2 ;;
     -h|--help) usage ;;
     *) echo "Unknown option: $1"; usage ;;
   esac
@@ -65,6 +67,10 @@ done
 # --- Add runner labels ---
 LABELS="self-hosted,linux,node,${ENV}"
 
+# --- DETERMINE USER/GROUP TO RUN AS ---
+RUNAS_USER="${RUNAS_USER:-provision}"
+RUNAS_GROUP="${RUNAS_GROUP:-application}"
+
 # --- DETERMINE REGISTRATION URL ---
 if [[ "$SCOPE" == "org" ]]; then
   REG_URL="https://api.github.com/orgs/${GITHUB_OWNER}/actions/runners/registration-token"
@@ -84,7 +90,7 @@ sudo apt-get install -y curl jq tar ansible
 
 # --- CREATE RUNNER DIR ---
 sudo mkdir -p "${RUNNER_DIR}"
-sudo chown $(id -u):$(id -g) "${RUNNER_DIR}"
+sudo chown $RUNAS_USER:$RUNAS_GROUP "${RUNNER_DIR}"
 cd "${RUNNER_DIR}"
 
 # --- DOWNLOAD RUNNER ---
@@ -119,7 +125,7 @@ REG_TOKEN=$(curl -s -X POST \
 
 # --- CONFIGURE RUNNER ---
 echo "[+] Configuring runner..."
-./config.sh \
+sudo -u $RUNAS_USER ./config.sh \
   --unattended \
   --url "${RUNNER_SCOPE}" \
   --token "${REG_TOKEN}" \
diff --git a/opencrvs-bootstrap.sh b/opencrvs-bootstrap.sh
diff --git a/scripts/bootstrap/create-provision-user.sh b/scripts/bootstrap/create-provision-user.sh
@@ -0,0 +1,110 @@
+#!/bin/bash
+printf """
+-----------------------------------
+▶️ Running User/Group setup script
+-----------------------------------
+
+"""
+
+# --- USAGE ---
+usage() {
+  echo "Usage: $0 [OPTIONS]"
+  echo ""
+  echo "Options:"
+  echo "  --ssh-public-key     ssh public key to add to the user"
+  echo "  -h, --help           Show this help message"
+  echo ""
+  exit 1
+}
+
+set -e
+
+GROUP_ID=1000
+GROUP_NAME="application"
+USER_ID=1000
+USER_NAME="provision"
+
+log() {
+    echo -e "\n$1\n"
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --ssh-public-key) SSH_PUBLIC_KEY="$2"; shift 2 ;;
+    -h|--help) usage ;;
+    *) echo "Unknown option: $1"; usage ;;
+  esac
+done
+
+# --- Group checks and creation ---
+group_info=$(getent group "$GROUP_ID")
+group_by_name=$(getent group "$GROUP_NAME")
+
+if [[ -n "$group_info" ]]; then
+    actual_group=$(echo "$group_info" | cut -d: -f1)
+    if [[ "$actual_group" == "$GROUP_NAME" ]]; then
+        log "✅ Group with GID $GROUP_ID and name $GROUP_NAME exists."
+    else
+        log "❌ FAIL: GID $GROUP_ID exists as group '$actual_group', not '$GROUP_NAME'."
+        exit 1
+    fi
+elif [[ -n "$group_by_name" ]]; then
+    log "❌ FAIL: Group name '$GROUP_NAME' exists, but with different GID."
+    exit 1
+else
+    log "🚀 Creating group: $GROUP_NAME with GID: $GROUP_ID"
+    sudo groupadd -g $GROUP_ID $GROUP_NAME
+fi
+
+# --- User checks and creation ---
+user_info=$(getent passwd "$USER_ID")
+user_by_name=$(getent passwd "$USER_NAME")
+
+if [[ -n "$user_info" ]]; then
+    actual_user=$(echo "$user_info" | cut -d: -f1)
+    if [[ "$actual_user" == "$USER_NAME" ]]; then
+        log "✅ User with UID $USER_ID and name $USER_NAME exists."
+    else
+        log "❌ FAIL: UID $USER_ID exists as user '$actual_user', not '$USER_NAME'."
+        exit 1
+    fi
+elif [[ -n "$user_by_name" ]]; then
+    log "❌ FAIL: User name '$USER_NAME' exists, but with different UID."
+    exit 1
+else
+    log "🚀 Creating user: $USER_NAME with UID: $USER_ID and group: $GROUP_NAME"
+    sudo useradd -u $USER_ID -g $GROUP_NAME $USER_NAME
+fi
+
+# --- Sudo access checks and grant ---
+# Check in /etc/sudoers and /etc/sudoers.d/
+sudo_access=$(sudo grep -E '^provision\s+ALL=\(ALL(:ALL)?\)\s+ALL' /etc/sudoers 2>/dev/null || true)
+if [[ -z "$sudo_access" ]]; then
+    sudo_access=$(sudo grep -E '^provision\s+ALL=\(ALL(:ALL)?\)\s+ALL' /etc/sudoers.d/* 2>/dev/null || true)
+fi
+
+if [[ -n "$sudo_access" ]]; then
+    log "✅ User '$USER_NAME' already has full sudo access."
+else
+    log "🚀 Granting full sudo access to user '$USER_NAME'..."
+    log "${USER_NAME} ALL=(ALL:ALL) ALL" | sudo tee /etc/sudoers.d/$USER_NAME > /dev/null
+    sudo chmod 0440 /etc/sudoers.d/$USER_NAME
+fi
+
+if [[ -f /home/$USER_NAME/.ssh/id_ed25519 ]]; then
+    log "✅ SSH key pair for user '$USER_NAME' already exists."
+else
+    sudo -u $USER_NAME mkdir -p /home/$USER_NAME/.ssh
+    sudo chmod 700 /home/$USER_NAME/.ssh
+    if [[ -n "$SSH_PUBLIC_KEY" ]]; then
+        log "🚀 Adding provided SSH public key to user '$USER_NAME'..."
+        echo "$SSH_PUBLIC_KEY" | sudo -u $USER_NAME tee -a /home/$USER_NAME/.ssh/authorized_keys > /dev/null
+        sudo chmod 600 /home/$USER_NAME/.ssh/authorized_keys
+    else
+        log "🚀 Generating SSH key pair for user '$USER_NAME'..."
+        sudo -u $USER_NAME mkdir -p /home/$USER_NAME/.ssh
+        sudo -u $USER_NAME ssh-keygen -t ed25519 -f /home/$USER_NAME/.ssh/id_ed25519 -N "" -C "${USER_NAME}@$(hostname)"
+    fi
+fi
+log "⚙️  $USER_NAME SSH key pair public key (add on worker nodes if needed):"
+sudo cat /home/$USER_NAME/.ssh/id_ed25519.pub
diff --git a/scripts/bootstrap/opencrvs-bootstrap.sh b/scripts/bootstrap/opencrvs-bootstrap.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+set -e
+
+# Configurable params
+PROVISION_UID=1000
+PROVISION_GID=1000
+PROVISION_USER="provision"
+PROVISION_GROUP="application"
+MIN_UBUNTU_VERSION="24.04"
+
+# --- Helper Functions --- #
+abort() { echo "ERROR: $1"; exit 1; }
+
+check_ubuntu_version() {
+    echo "Checking Ubuntu version..."
+    UBUNTU_VERSION=$(lsb_release -rs)
+    if [ "$UBUNTU_VERSION" != "$MIN_UBUNTU_VERSION" ]; then
+      abort "Ubuntu $MIN_UBUNTU_VERSION is required, found $UBUNTU_VERSION"
+    fi
+    echo "Ubuntu version OK."
+}
+
+
+check_internet() {
+    echo "Testing internet connectivity (ping google.com)..."
+    if ! ping -c 2 google.com >/dev/null 2>&1; then
+      abort "Internet connectivity failed (cannot reach google.com)"
+    fi
+    echo "Internet connectivity OK."
+}
+
+# ---- MAIN ---- #
+
+echo ""
+echo "Initial OpenCRVS Node Bootstrap"
+echo ""
+echo "Select node type:"
+PS3="Enter the number of the node type: "
+NODE_TYPES=("single-node k8s cluster (dev/qa/staging)" "multi-node k8s cluster master" "multi-node k8s cluster worker" "backup server")
+select NODE_TYPE in "${NODE_TYPES[@]}"; do
+    case $REPLY in
+        1)
+            echo "Selected: single-node k8s cluster"
+            NODE_KIND="single"
+            break
+            ;;
+        2)
+            echo "Selected: multi-node k8s cluster master"
+            NODE_KIND="master"
+            break
+            ;;
+        3)
+            echo "Selected: multi-node k8s cluster worker"
+            NODE_KIND="worker"
+            break
+            ;;
+        4)
+            echo "Selected: backup server"
+            NODE_KIND="backup"
+            break
+            ;;
+        *)
+            echo "Invalid selection."
+            ;;
+    esac
+done
+
+echo "Running basic checks..."
+check_ubuntu_version
+check_disk_space
+check_internet
+
+if [ "$NODE_KIND" = "single" ] || [ "$NODE_KIND" = "master" ]; then
+    echo "Provision user setup complete. Save the private key above for GitHub Actions."
+elif [ "$NODE_KIND" = "worker" ] || [ "$NODE_KIND" = "backup" ]; then
+    echo "Worker provision user ready."
+fi
+
+echo ""
+echo "Node bootstrap complete for $NODE_TYPE."
