mirror of
https://github.com/recklessop/zroc.git
synced 2026-07-04 21:43:13 -04:00
79c025430e
- Replace direct storage layout with explicit partitioning (no swap) - Setup wizard now auto-launches on TTY1 via getty override instead of a separate systemd service that competed with console output - Add step 1/7: prompt user to change default zroc password on first boot - Update Makefile for QEMU-based build (was referencing old ovftool flow) - Add backend package-lock.json for Docker build Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
131 lines
4.3 KiB
Bash
131 lines
4.3 KiB
Bash
#!/usr/bin/env bash
|
|
# /usr/local/bin/zroc-setup
|
|
# Interactive first-boot configuration wizard for the zROC appliance.
|
|
set -euo pipefail
|
|
|
|
INSTALL_DIR=/opt/zroc
|
|
ENV_FILE="$INSTALL_DIR/.env"
|
|
CERTS_DIR="$INSTALL_DIR/certs"
|
|
|
|
CYAN='\033[0;36m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'
|
|
RED='\033[0;31m'; BOLD='\033[1m'; RESET='\033[0m'
|
|
|
|
header() { echo -e "\n${CYAN}${BOLD}$*${RESET}"; }
|
|
ok() { echo -e "${GREEN}✓ $*${RESET}"; }
|
|
warn() { echo -e "${YELLOW}⚠ $*${RESET}"; }
|
|
err() { echo -e "${RED}✗ $*${RESET}"; }
|
|
step() { echo -e "\n${BOLD}Step $*${RESET}"; echo "$(printf '─%.0s' {1..55})"; }
|
|
|
|
clear
|
|
echo -e "${CYAN}"
|
|
cat << 'BANNER'
|
|
███████╗██████╗ ██████╗ ██████╗
|
|
╚══███╔╝██╔══██╗██╔═══██╗██╔════╝
|
|
███╔╝ ██████╔╝██║ ██║██║
|
|
███╔╝ ██╔══██╗██║ ██║██║
|
|
███████╗██║ ██║╚██████╔╝╚██████╗
|
|
╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝
|
|
|
|
Setup Wizard — Zerto Resiliency Observation Console
|
|
BANNER
|
|
echo -e "${RESET}"
|
|
|
|
# Step 0: Change default zroc password
|
|
step "1/7 Change Appliance Password"
|
|
echo "The default 'zroc' user password must be changed."
|
|
while true; do
|
|
read -rsp "New password for 'zroc' (min 8 chars): " NEW_PW; echo
|
|
read -rsp "Confirm password: " NEW_PW2; echo
|
|
if [[ "$NEW_PW" != "$NEW_PW2" ]]; then err "Passwords do not match.";
|
|
elif [[ ${#NEW_PW} -lt 8 ]]; then err "Password must be at least 8 characters.";
|
|
else
|
|
echo "zroc:$NEW_PW" | chpasswd
|
|
ok "Appliance password changed"
|
|
break
|
|
fi
|
|
done
|
|
|
|
# Step 2: Network
|
|
step "2/7 Network Configuration"
|
|
CURRENT_IP=$(hostname -I | awk '{print $1}')
|
|
echo "Current IP: ${BOLD}$CURRENT_IP${RESET} (DHCP)"
|
|
read -rp "Keep DHCP? [Y/n]: " NET_CHOICE
|
|
NET_CHOICE="${NET_CHOICE:-Y}"
|
|
PUBLIC_URL="https://$CURRENT_IP"
|
|
ok "Using $CURRENT_IP"
|
|
|
|
# Step 2: TLS
|
|
step "3/7 HTTPS / TLS Certificate"
|
|
echo "Using self-signed certificate (default)"
|
|
TLS_MODE="internal"
|
|
ok "Self-signed certificate will be generated by Caddy"
|
|
|
|
# Step 3: Admin password
|
|
step "4/7 zROC Admin Account"
|
|
while true; do
|
|
read -rsp "Admin password (min 12 chars): " ADMIN_PASS; echo
|
|
read -rsp "Confirm password: " ADMIN_PASS2; echo
|
|
if [[ "$ADMIN_PASS" != "$ADMIN_PASS2" ]]; then err "Passwords do not match.";
|
|
elif [[ ${#ADMIN_PASS} -lt 12 ]]; then err "Password must be at least 12 characters.";
|
|
else ok "Admin password set"; break; fi
|
|
done
|
|
|
|
# Step 4: ZVM Site 1
|
|
step "5/7 Zerto ZVM Configuration — Site 1"
|
|
read -rp "ZVM Hostname or IP: " ZVM_HOST
|
|
read -rp "ZVM Username [admin]: " ZVM_USER; ZVM_USER="${ZVM_USER:-admin}"
|
|
read -rsp "ZVM Password: " ZVM_PASS; echo
|
|
read -rp "vCenter Hostname (optional): " VCENTER_HOST
|
|
|
|
# Step 5: Second site
|
|
step "6/7 Second ZVM Site (optional)"
|
|
read -rp "Monitor a second site? [y/N]: " SITE2; SITE2="${SITE2:-N}"
|
|
|
|
# Step 6: Enterprise IdP
|
|
step "7/7 Enterprise Identity Provider (optional)"
|
|
echo "Using local Authentik accounts (default)"
|
|
|
|
# Generate secrets
|
|
SESSION_SECRET=$(openssl rand -hex 32)
|
|
AUTHENTIK_PG_PASS=$(openssl rand -hex 24)
|
|
AUTHENTIK_SECRET_KEY=$(openssl rand -hex 48)
|
|
OIDC_CLIENT_ID="zroc-dashboard"
|
|
OIDC_CLIENT_SECRET=$(openssl rand -hex 32)
|
|
|
|
# Write .env
|
|
cat > "$ENV_FILE" << EOF
|
|
PUBLIC_URL=$PUBLIC_URL
|
|
ZVM_HOST=$ZVM_HOST
|
|
ZVM_USERNAME=$ZVM_USER
|
|
ZVM_PASSWORD=$ZVM_PASS
|
|
VCENTER_HOST=${VCENTER_HOST:-}
|
|
SESSION_SECRET=$SESSION_SECRET
|
|
AUTHENTIK_PG_PASS=$AUTHENTIK_PG_PASS
|
|
AUTHENTIK_SECRET_KEY=$AUTHENTIK_SECRET_KEY
|
|
AUTHENTIK_CLIENT_ID=$OIDC_CLIENT_ID
|
|
AUTHENTIK_CLIENT_SECRET=$OIDC_CLIENT_SECRET
|
|
ZROC_OIDC_CLIENT_ID=$OIDC_CLIENT_ID
|
|
ZROC_OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
|
|
ZROC_PUBLIC_URL=$PUBLIC_URL
|
|
AUTHENTIK_ADMIN_TOKEN=PENDING_FIRST_START
|
|
GRAFANA_PASSWORD=$ADMIN_PASS
|
|
PROMETHEUS_URL=http://prometheus:9090
|
|
EOF
|
|
|
|
chmod 600 "$ENV_FILE"
|
|
ok ".env written to $ENV_FILE"
|
|
|
|
# Start services
|
|
echo "Starting zROC services..."
|
|
cd "$INSTALL_DIR"
|
|
docker compose up -d 2>&1 | tail -20
|
|
|
|
# Remove the getty override so normal login resumes after reboot
|
|
rm -f /etc/systemd/system/getty@tty1.service.d/zroc-firstboot.conf
|
|
systemctl daemon-reload
|
|
|
|
echo -e "${GREEN}${BOLD}"
|
|
echo " ✅ zROC is ready!"
|
|
echo " Dashboard: $PUBLIC_URL"
|
|
echo -e "${RESET}"
|