196 lines
6.6 KiB
Bash
Executable File
196 lines
6.6 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Install Tier-1 Phoenix API hub (nginx :8080) on an existing LXC.
|
|
# /graphql* → SANKOFA_API_HUB_UPSTREAM_PHOENIX (default 127.0.0.1:4000)
|
|
# /api*, /api-docs → SANKOFA_API_HUB_UPSTREAM_DBIS (default IP_DBIS_API:3000)
|
|
#
|
|
# Usage:
|
|
# ./scripts/deployment/install-sankofa-api-hub-nginx-on-pve.sh --dry-run --vmid 7800
|
|
# PROXMOX_OPS_APPLY=1 PROXMOX_OPS_ALLOWED_VMIDS=7800 ./scripts/deployment/install-sankofa-api-hub-nginx-on-pve.sh --apply --vmid 7800
|
|
#
|
|
# Requires: SSH root@PROXMOX_HOST; pct; Debian/Ubuntu CT (apt-get). Does not change NPM.
|
|
# Upstream Phoenix should be 127.0.0.1:4000 when Apollo binds loopback (see ensure-sankofa-phoenix-apollo-bind-loopback-7800.sh).
|
|
# PROXMOX_HOST must be the PVE node that hosts this CT (where `pct exec` works), not the CT IP.
|
|
#
|
|
set -euo pipefail
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
|
# shellcheck source=/dev/null
|
|
source "${PROJECT_ROOT}/scripts/lib/load-project-env.sh"
|
|
# shellcheck source=/dev/null
|
|
source "${PROJECT_ROOT}/scripts/lib/proxmox-production-guard.sh"
|
|
|
|
PROXMOX_HOST="${PROXMOX_HOST:-${PROXMOX_HOST_R630_01:-192.168.11.11}}"
|
|
SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"
|
|
APPLY=false
|
|
VMID=""
|
|
DRY_RUN=false
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
case "$1" in
|
|
--apply) APPLY=true ;;
|
|
--dry-run) DRY_RUN=true ;;
|
|
--vmid) VMID="${2:?}"; shift ;;
|
|
*) echo "Unknown arg: $1" >&2; exit 2 ;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
[[ -n "$VMID" ]] || { echo "ERROR: --vmid <n> required (e.g. 7800)." >&2; exit 2; }
|
|
|
|
PH_UP="${SANKOFA_API_HUB_UPSTREAM_PHOENIX:-127.0.0.1:4000}"
|
|
DB_UP="${SANKOFA_API_HUB_UPSTREAM_DBIS:-${IP_DBIS_API:-192.168.11.155}:3000}"
|
|
|
|
echo "=== install-sankofa-api-hub-nginx-on-pve ==="
|
|
echo "PVE: root@${PROXMOX_HOST} VMID=${VMID}"
|
|
echo "Upstream Phoenix: ${PH_UP} dbis_core: ${DB_UP}"
|
|
if command -v get_host_for_vmid >/dev/null 2>&1; then
|
|
echo "get_host_for_vmid ${VMID}: $(get_host_for_vmid "${VMID}")"
|
|
fi
|
|
echo ""
|
|
|
|
if $DRY_RUN || ! $APPLY; then
|
|
echo "[DRY-RUN] Would: ssh → pct push → pct exec (apt nginx, conf under /etc/sankofa-phoenix-api-hub/, systemd sankofa-phoenix-api-hub)."
|
|
$APPLY || true
|
|
echo "For live install: --apply + PROXMOX_OPS_APPLY=1 + PROXMOX_OPS_ALLOWED_VMIDS=${VMID}"
|
|
exit 0
|
|
fi
|
|
|
|
if ! pguard_require_apply_flag true; then
|
|
echo "Refused: set PROXMOX_OPS_APPLY=1" >&2
|
|
exit 3
|
|
fi
|
|
if ! pguard_vmid_allowed "$VMID"; then
|
|
exit 3
|
|
fi
|
|
|
|
WORKDIR="${TMPDIR:-/tmp}/sankofa-hub-pkg-$$"
|
|
mkdir -p "$WORKDIR"
|
|
cleanup() { rm -rf "$WORKDIR"; }
|
|
trap cleanup EXIT
|
|
|
|
GEN="${WORKDIR}/site.conf"
|
|
MAIN="${WORKDIR}/nginx.conf"
|
|
UNIT="${WORKDIR}/sankofa-phoenix-api-hub.service"
|
|
|
|
cat >"$GEN" <<EOF
|
|
upstream sankofa_phoenix_graphql {
|
|
server ${PH_UP};
|
|
keepalive 32;
|
|
}
|
|
upstream dbis_core_rest {
|
|
server ${DB_UP};
|
|
keepalive 32;
|
|
}
|
|
server {
|
|
listen 8080;
|
|
server_name _;
|
|
location = /health {
|
|
default_type application/json;
|
|
return 200 '{"status":"hub-up","vmid":"${VMID}"}';
|
|
}
|
|
location /graphql {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
proxy_read_timeout 300s;
|
|
proxy_pass http://sankofa_phoenix_graphql;
|
|
}
|
|
location /graphql-ws {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade \$http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Accept-Encoding "";
|
|
proxy_buffering off;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
proxy_read_timeout 3600s;
|
|
proxy_pass http://sankofa_phoenix_graphql;
|
|
}
|
|
location /api/ {
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
proxy_pass http://dbis_core_rest;
|
|
}
|
|
location /api-docs {
|
|
proxy_pass http://dbis_core_rest;
|
|
}
|
|
}
|
|
EOF
|
|
|
|
cat >"$MAIN" <<'MAINEOF'
|
|
user www-data;
|
|
worker_processes auto;
|
|
error_log /var/log/nginx/sankofa-api-hub-error.log warn;
|
|
pid /tmp/sankofa-api-hub-nginx.pid;
|
|
events { worker_connections 1024; }
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
sendfile on;
|
|
keepalive_timeout 65;
|
|
include /etc/sankofa-phoenix-api-hub/conf.d/*.conf;
|
|
}
|
|
MAINEOF
|
|
|
|
cat >"$UNIT" <<'UNITEOF'
|
|
[Unit]
|
|
Description=Sankofa Phoenix API hub (nginx :8080)
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
ExecStartPre=/usr/sbin/nginx -t -c /etc/sankofa-phoenix-api-hub/nginx.conf
|
|
ExecStart=/usr/sbin/nginx -g "daemon off;" -c /etc/sankofa-phoenix-api-hub/nginx.conf
|
|
ExecReload=/usr/sbin/nginx -s reload -c /etc/sankofa-phoenix-api-hub/nginx.conf
|
|
Restart=on-failure
|
|
RestartSec=5
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
UNITEOF
|
|
|
|
REMOTE="/tmp/sankofa-hub-ssh-$$"
|
|
ssh $SSH_OPTS "root@${PROXMOX_HOST}" "mkdir -p ${REMOTE}"
|
|
scp $SSH_OPTS "$GEN" "$MAIN" "$UNIT" "root@${PROXMOX_HOST}:${REMOTE}/"
|
|
|
|
ssh $SSH_OPTS "root@${PROXMOX_HOST}" bash -s -- "$VMID" "$REMOTE" <<'REMOTE'
|
|
set -euo pipefail
|
|
VMID="$1"
|
|
REMOTE="$2"
|
|
pct push "${VMID}" "${REMOTE}/site.conf" /tmp/sankofa-hub-site.conf
|
|
pct push "${VMID}" "${REMOTE}/nginx.conf" /tmp/sankofa-hub-nginx-main.conf
|
|
pct push "${VMID}" "${REMOTE}/sankofa-phoenix-api-hub.service" /tmp/sankofa-phoenix-api-hub.service
|
|
rm -rf "${REMOTE}"
|
|
pct exec "${VMID}" -- bash -lc '
|
|
set -euo pipefail
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update -qq
|
|
apt-get install -y -qq nginx
|
|
rm -f /etc/nginx/sites-enabled/default
|
|
mkdir -p /etc/sankofa-phoenix-api-hub/conf.d
|
|
install -m 0644 /tmp/sankofa-hub-site.conf /etc/sankofa-phoenix-api-hub/conf.d/site.conf
|
|
install -m 0644 /tmp/sankofa-hub-nginx-main.conf /etc/sankofa-phoenix-api-hub/nginx.conf
|
|
install -m 0644 /tmp/sankofa-phoenix-api-hub.service /etc/systemd/system/sankofa-phoenix-api-hub.service
|
|
rm -f /tmp/sankofa-hub-site.conf /tmp/sankofa-hub-nginx-main.conf /tmp/sankofa-phoenix-api-hub.service
|
|
nginx -t -c /etc/sankofa-phoenix-api-hub/nginx.conf
|
|
systemctl stop nginx 2>/dev/null || true
|
|
systemctl disable nginx 2>/dev/null || true
|
|
systemctl daemon-reload
|
|
systemctl enable sankofa-phoenix-api-hub
|
|
systemctl restart sankofa-phoenix-api-hub
|
|
systemctl is-active sankofa-phoenix-api-hub
|
|
'
|
|
REMOTE
|
|
|
|
echo ""
|
|
echo "Smoke (Phoenix CT LAN IP, port 8080):"
|
|
echo " curl -sS http://${IP_SANKOFA_PHOENIX_API}:8080/health"
|
|
echo "Next: NPM maintenance — point phoenix.sankofa.nexus upstream to :8080 if desired."
|