-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall.sh
More file actions
executable file
·277 lines (226 loc) · 10.7 KB
/
install.sh
File metadata and controls
executable file
·277 lines (226 loc) · 10.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
#!/bin/bash
set -e
# ============================================================================
# OasisPythonUI Installation Script
# ============================================================================
# Supports authentication types: simple, keycloak, authentik
# Auto-detects auth type from .env file and includes appropriate services.
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# ============================================================================
# Uninstall mode
# ============================================================================
if [[ "$1" == "--uninstall" || "$1" == "-u" ]]; then
echo "Uninstalling Oasis platform (docker compose down only)..."
set +e
docker compose -f "$SCRIPT_DIR/docker-compose.yml" \
-f "$SCRIPT_DIR/docker-compose.ui.yml" \
-f "$SCRIPT_DIR/docker-compose.keycloak.yml" \
-f "$SCRIPT_DIR/docker-compose.authentik.yml" \
down --remove-orphans -v 2>/dev/null
# Also try old files in case of migration
docker compose -f "$SCRIPT_DIR/oasis-platform.yml" \
-f "$SCRIPT_DIR/oasis-ui.yml" \
down --remove-orphans -v 2>/dev/null
set -e
echo "Uninstall complete."
exit 0
fi
# ============================================================================
# Load configuration from .env
# ============================================================================
if [ ! -f "$SCRIPT_DIR/.env" ]; then
echo "ERROR: .env file not found!"
echo ""
echo "Create one from the examples:"
echo " cp .env.simple .env # Simple JWT authentication"
echo " cp .env.keycloak .env # Keycloak OIDC"
echo " cp .env.authentik .env # Authentik OIDC"
exit 1
fi
set -a
source "$SCRIPT_DIR/.env"
set +a
# ============================================================================
# Auto-detect Docker socket if not set
# ============================================================================
if [ -z "$DOCKER_SOCK" ]; then
# Default to /var/run/docker.sock - Docker Desktop provides this path
# transparently to containers even if the host socket is elsewhere.
export DOCKER_SOCK=/var/run/docker.sock
elif [ ! -S "$DOCKER_SOCK" ]; then
echo "WARNING: DOCKER_SOCK=$DOCKER_SOCK does not exist or is not a socket"
echo " Falling back to /var/run/docker.sock"
export DOCKER_SOCK=/var/run/docker.sock
fi
echo "========================================"
echo " OasisPythonUI Installer"
echo "========================================"
echo ""
echo " Auth type: $API_AUTH_TYPE"
echo " Hostname: $OASIS_UI_HOSTNAME"
echo " Protocol: $OASIS_PROTOCOL"
echo " Docker socket: $DOCKER_SOCK"
echo ""
# ============================================================================
# Validate configuration
# ============================================================================
echo "--- Validating configuration ---"
bash "$SCRIPT_DIR/scripts/validate-config.sh"
echo ""
# ============================================================================
# Set service account credentials based on auth type
# ============================================================================
echo "--- Configuring service credentials ---"
if [ "$API_AUTH_TYPE" = "simple" ]; then
export OASIS_SERVICE_USERNAME_OR_ID="$OASIS_ADMIN_USER"
export OASIS_SERVICE_PASSWORD_OR_SECRET="$OASIS_ADMIN_PASS"
export OASIS_USE_OIDC=""
echo " -> Simple auth: using admin credentials for service account"
elif [ "$API_AUTH_TYPE" = "keycloak" ]; then
export OASIS_SERVER_OIDC_SERVICE_CLIENT_NAME="$OASIS_SERVICE_CLIENT_NAME"
export OASIS_SERVER_OIDC_SERVICE_CLIENT_SECRET="$OASIS_SERVICE_CLIENT_SECRET"
export OASIS_SERVER_OIDC_CLIENT_NAME="$OIDC_KEYCLOAK_CLIENT_NAME"
export OASIS_SERVER_OIDC_CLIENT_SECRET="$OIDC_KEYCLOAK_CLIENT_SECRET"
export OASIS_SERVER_OIDC_ENDPOINT="${OASIS_PROTOCOL}://${OASIS_UI_HOSTNAME}/auth/realms/oasis/protocol/openid-connect/"
export OASIS_SERVICE_USERNAME_OR_ID="$OASIS_SERVICE_CLIENT_NAME"
export OASIS_SERVICE_PASSWORD_OR_SECRET="$OASIS_SERVICE_CLIENT_SECRET"
export OASIS_USE_OIDC="true"
echo " -> Keycloak auth: using OIDC client credentials"
echo " -> OIDC endpoint: $OASIS_SERVER_OIDC_ENDPOINT"
elif [ "$API_AUTH_TYPE" = "authentik" ]; then
export OASIS_SERVER_OIDC_SERVICE_CLIENT_NAME="$OASIS_SERVICE_CLIENT_NAME"
export OASIS_SERVER_OIDC_SERVICE_CLIENT_SECRET="$OASIS_SERVICE_CLIENT_SECRET"
export OASIS_SERVER_OIDC_CLIENT_NAME="$OIDC_AUTHENTIK_CLIENT_NAME"
export OASIS_SERVER_OIDC_CLIENT_SECRET="$OIDC_AUTHENTIK_CLIENT_SECRET"
export OASIS_SERVER_OIDC_ENDPOINT="${OASIS_PROTOCOL}://${OASIS_UI_HOSTNAME}/authentik/application/o/"
export OASIS_SERVICE_USERNAME_OR_ID="$OASIS_SERVICE_CLIENT_NAME"
export OASIS_SERVICE_PASSWORD_OR_SECRET="$OASIS_SERVICE_CLIENT_SECRET"
export OASIS_USE_OIDC="true"
echo " -> Authentik auth: using OIDC client credentials"
echo " -> OIDC endpoint: $OASIS_SERVER_OIDC_ENDPOINT"
fi
echo ""
# ============================================================================
# Process OIDC templates (if applicable)
# ============================================================================
if [ "$API_AUTH_TYPE" = "keycloak" ]; then
echo "--- Processing Keycloak templates ---"
bash "$SCRIPT_DIR/oidc/keycloak/process-keycloak-templates.sh"
echo ""
elif [ "$API_AUTH_TYPE" = "authentik" ]; then
echo "--- Processing Authentik templates ---"
bash "$SCRIPT_DIR/oidc/authentik/process-authentik-templates.sh"
echo ""
fi
# ============================================================================
# Build compose file list
# ============================================================================
COMPOSE_FILES="-f $SCRIPT_DIR/docker-compose.yml -f $SCRIPT_DIR/docker-compose.ui.yml"
if [ "$API_AUTH_TYPE" = "keycloak" ]; then
COMPOSE_FILES="$COMPOSE_FILES -f $SCRIPT_DIR/docker-compose.keycloak.yml"
echo " -> Including Keycloak services"
elif [ "$API_AUTH_TYPE" = "authentik" ]; then
COMPOSE_FILES="$COMPOSE_FILES -f $SCRIPT_DIR/docker-compose.authentik.yml"
echo " -> Including Authentik services"
fi
echo " -> Compose files: $COMPOSE_FILES"
echo ""
# ============================================================================
# Clone PiWind model (if not present)
# ============================================================================
GIT_PIWIND=OasisPiWind
if [ ! -d "$SCRIPT_DIR/$GIT_PIWIND/.git" ]; then
echo "--- Cloning PiWind model ---"
mkdir -p "$SCRIPT_DIR/$GIT_PIWIND"
cd "$SCRIPT_DIR/$GIT_PIWIND"
git clone --depth 1 --branch "${VERS_PIWIND}" "https://github.com/OasisLMF/$GIT_PIWIND.git" .
cd "$SCRIPT_DIR"
echo ""
else
echo " -> PiWind model already cloned"
echo ""
fi
# ============================================================================
# Check for previous install
# ============================================================================
EXISTING_CONTAINERS=$(docker compose $COMPOSE_FILES ps -q 2>/dev/null | wc -l)
if [ "$EXISTING_CONTAINERS" -gt 0 ]; then
MSG="Previous installation detected. Redeploy? (existing data will be preserved)"
while true; do
read -r -n 1 -p "${MSG} [y/n]: " REPLY
case $REPLY in
[yY]) echo ; break ;;
[nN]) echo ; echo "-- Aborted --"; exit 1 ;;
*) printf " \033[31m %s \n\033[0m" "invalid input" ;;
esac
done
fi
# ============================================================================
# Pull images
# ============================================================================
echo "--- Pulling images ---"
set +e
docker pull "${SERVER_IMG:-coreoasis/api_server}:${VERS_API:-latest}"
docker pull "${WORKER_IMG:-coreoasis/model_worker}:${VERS_WORKER:-latest}"
docker pull "${PYTHONUI_IMG:-coreoasis/oasispythonui_app}:${VERS_UI:-latest}"
set -e
echo ""
# ============================================================================
# Deploy services
# ============================================================================
echo "--- Deploying services ---"
# Build UI
docker compose $COMPOSE_FILES build --no-cache pythonui
# Start all services
docker compose $COMPOSE_FILES up -d
echo ""
# ============================================================================
# Wait for health checks
# ============================================================================
echo "--- Waiting for services to be healthy ---"
# Wait for core services
echo " -> Waiting for server..."
docker compose $COMPOSE_FILES exec -T server sh -c 'for i in $(seq 1 60); do curl -sf http://localhost:8000/healthcheck/ > /dev/null 2>&1 && exit 0; sleep 5; done; exit 1' || {
echo " WARNING: Server health check timed out. Check logs with: docker compose $COMPOSE_FILES logs server"
}
if [ "$API_AUTH_TYPE" = "keycloak" ]; then
echo " -> Waiting for Keycloak (this may take 2-3 minutes on first start)..."
timeout 180 bash -c "while ! docker compose $COMPOSE_FILES ps keycloak 2>/dev/null | grep -q 'healthy'; do sleep 10; done" 2>/dev/null || {
echo " WARNING: Keycloak health check timed out. Check logs with: docker compose $COMPOSE_FILES logs keycloak"
}
elif [ "$API_AUTH_TYPE" = "authentik" ]; then
echo " -> Waiting for Authentik..."
timeout 180 bash -c "while ! docker compose $COMPOSE_FILES ps authentik-server 2>/dev/null | grep -q 'healthy'; do sleep 10; done" 2>/dev/null || {
echo " WARNING: Authentik health check timed out. Check logs with: docker compose $COMPOSE_FILES logs authentik-server"
}
fi
echo ""
# ============================================================================
# Summary
# ============================================================================
echo "========================================"
echo " Deployment Complete!"
echo "========================================"
echo ""
echo " Auth type: $API_AUTH_TYPE"
echo " Hostname: $OASIS_UI_HOSTNAME"
echo ""
echo " Access Points (via Traefik on port 80):"
echo " UI: http://${OASIS_UI_HOSTNAME}/"
echo " API: http://${OASIS_UI_HOSTNAME}/api/"
echo " API Docs: http://${OASIS_UI_HOSTNAME}/api/swagger/"
if [ "$API_AUTH_TYPE" = "keycloak" ]; then
echo " Keycloak: http://${OASIS_UI_HOSTNAME}/auth/admin/"
echo " (${KEYCLOAK_ADMIN_USER} / ${KEYCLOAK_ADMIN_PASSWORD})"
elif [ "$API_AUTH_TYPE" = "authentik" ]; then
echo " Authentik: http://${OASIS_UI_HOSTNAME}/authentik/"
echo " (akadmin / ${AUTHENTIK_BOOTSTRAP_PASSWORD})"
fi
if [ "$API_AUTH_TYPE" = "simple" ]; then
echo ""
echo " Login: ${OASIS_ADMIN_USER} / ${OASIS_ADMIN_PASS}"
fi
echo ""
echo " Logs: docker compose $COMPOSE_FILES logs -f"
echo " Stop: docker compose $COMPOSE_FILES down"
echo ""