Files
zroc/zroc-ova/overlays/usr/local/bin/zroc-setup
T
Justin 35e79f1abf ova: fix setup wizard color escapes, add vCenter credentials prompt
- Use $'...' syntax for ANSI color variables so they work in all
  echo/printf contexts (fixes garbled characters around IP address)
- Prompt for vCenter username and password when hostname is provided
- Write VCENTER_USER and VCENTER_PASSWORD to .env

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-13 10:05:06 -04:00

142 lines
4.7 KiB
Bash

#!/usr/bin/env bash
# /usr/local/bin/zroc-setup
# Interactive first-boot configuration wizard for the zROC appliance.
set -euo pipefail
INSTALL_DIR=/opt/zroc
ENV_FILE="$INSTALL_DIR/.env"
CERTS_DIR="$INSTALL_DIR/certs"
CYAN=$'\033[0;36m'; GREEN=$'\033[0;32m'; YELLOW=$'\033[1;33m'
RED=$'\033[0;31m'; BOLD=$'\033[1m'; RESET=$'\033[0m'
header() { echo -e "\n${CYAN}${BOLD}$*${RESET}"; }
ok() { echo -e "${GREEN}$*${RESET}"; }
warn() { echo -e "${YELLOW}$*${RESET}"; }
err() { echo -e "${RED}$*${RESET}"; }
step() { echo -e "\n${BOLD}Step $*${RESET}"; echo "$(printf '─%.0s' {1..55})"; }
clear
echo -e "${CYAN}"
cat << 'BANNER'
███████╗██████╗ ██████╗ ██████╗
╚══███╔╝██╔══██╗██╔═══██╗██╔════╝
███╔╝ ██████╔╝██║ ██║██║
███╔╝ ██╔══██╗██║ ██║██║
███████╗██║ ██║╚██████╔╝╚██████╗
╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝
Setup Wizard — Zerto Resiliency Observation Console
BANNER
echo -e "${RESET}"
# Step 0: Change default zroc password
step "1/7 Change Appliance Password"
echo "The default 'zroc' user password must be changed."
while true; do
read -rsp "New password for 'zroc' (min 8 chars): " NEW_PW; echo
read -rsp "Confirm password: " NEW_PW2; echo
if [[ "$NEW_PW" != "$NEW_PW2" ]]; then err "Passwords do not match.";
elif [[ ${#NEW_PW} -lt 8 ]]; then err "Password must be at least 8 characters.";
else
echo "zroc:$NEW_PW" | chpasswd
ok "Appliance password changed"
break
fi
done
# Step 2: Network
step "2/7 Network Configuration"
CURRENT_IP=$(hostname -I | awk '{print $1}')
echo "Current IP: ${BOLD}$CURRENT_IP${RESET} (DHCP)"
read -rp "Keep DHCP? [Y/n]: " NET_CHOICE
NET_CHOICE="${NET_CHOICE:-Y}"
PUBLIC_URL="https://$CURRENT_IP"
ok "Using $CURRENT_IP"
# Step 2: TLS
step "3/7 HTTPS / TLS Certificate"
echo "Using self-signed certificate (default)"
TLS_MODE="internal"
ok "Self-signed certificate will be generated by Caddy"
# Step 3: Admin password
step "4/7 zROC Admin Account"
while true; do
read -rsp "Admin password (min 12 chars): " ADMIN_PASS; echo
read -rsp "Confirm password: " ADMIN_PASS2; echo
if [[ "$ADMIN_PASS" != "$ADMIN_PASS2" ]]; then err "Passwords do not match.";
elif [[ ${#ADMIN_PASS} -lt 12 ]]; then err "Password must be at least 12 characters.";
else ok "Admin password set"; break; fi
done
# Step 4: ZVM Site 1
step "5/7 Zerto ZVM Configuration — Site 1"
read -rp "ZVM Hostname or IP: " ZVM_HOST
read -rp "ZVM Username [admin]: " ZVM_USER; ZVM_USER="${ZVM_USER:-admin}"
read -rsp "ZVM Password: " ZVM_PASS; echo
read -rp "vCenter Hostname (optional, press Enter to skip): " VCENTER_HOST
if [[ -n "$VCENTER_HOST" ]]; then
read -rp "vCenter Username [administrator@vsphere.local]: " VCENTER_USER
VCENTER_USER="${VCENTER_USER:-administrator@vsphere.local}"
read -rsp "vCenter Password: " VCENTER_PASS; echo
ok "vCenter configured: $VCENTER_HOST"
else
VCENTER_USER=""
VCENTER_PASS=""
fi
# Step 5: Second site
step "6/7 Second ZVM Site (optional)"
read -rp "Monitor a second site? [y/N]: " SITE2; SITE2="${SITE2:-N}"
# Step 6: Enterprise IdP
step "7/7 Enterprise Identity Provider (optional)"
echo "Using local Authentik accounts (default)"
# Generate secrets
SESSION_SECRET=$(openssl rand -hex 32)
AUTHENTIK_PG_PASS=$(openssl rand -hex 24)
AUTHENTIK_SECRET_KEY=$(openssl rand -hex 48)
OIDC_CLIENT_ID="zroc-dashboard"
OIDC_CLIENT_SECRET=$(openssl rand -hex 32)
# Write .env
cat > "$ENV_FILE" << EOF
PUBLIC_URL=$PUBLIC_URL
ZVM_HOST=$ZVM_HOST
ZVM_USERNAME=$ZVM_USER
ZVM_PASSWORD=$ZVM_PASS
VCENTER_HOST=${VCENTER_HOST:-}
VCENTER_USER=${VCENTER_USER:-}
VCENTER_PASSWORD=${VCENTER_PASS:-}
SESSION_SECRET=$SESSION_SECRET
AUTHENTIK_PG_PASS=$AUTHENTIK_PG_PASS
AUTHENTIK_SECRET_KEY=$AUTHENTIK_SECRET_KEY
AUTHENTIK_CLIENT_ID=$OIDC_CLIENT_ID
AUTHENTIK_CLIENT_SECRET=$OIDC_CLIENT_SECRET
ZROC_OIDC_CLIENT_ID=$OIDC_CLIENT_ID
ZROC_OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
ZROC_PUBLIC_URL=$PUBLIC_URL
AUTHENTIK_ADMIN_TOKEN=PENDING_FIRST_START
GRAFANA_PASSWORD=$ADMIN_PASS
PROMETHEUS_URL=http://prometheus:9090
EOF
chmod 600 "$ENV_FILE"
ok ".env written to $ENV_FILE"
# Start services
echo "Starting zROC services..."
cd "$INSTALL_DIR"
docker compose up -d 2>&1 | tail -20
# Remove the getty override so normal login resumes after reboot
rm -f /etc/systemd/system/getty@tty1.service.d/zroc-firstboot.conf
systemctl daemon-reload
echo -e "${GREEN}${BOLD}"
echo " ✅ zROC is ready!"
echo " Dashboard: $PUBLIC_URL"
echo -e "${RESET}"