InstallScripts/installauthorization-swarm.sh at master · HealthCatalyst/InstallScripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/bash

set -e

authority=$1
authcert=$2
authkey=$3
couchproxy=$4
ldapHost=$5
ldapUser=$6
ldapPassword=$7
groupFetcherPassword=$8
appInsightsInstrumentationKey=$9

echo "creating authnet network"
docker network create --driver overlay authnet
docker network create --driver overlay idnet

echo "creating secrets"
cat > ldap.pwd << EOF
$ldapPassword
EOF

cat > group-fetcher.pwd << EOF
$groupFetcherPassword
EOF

docker secret create group-fetcher.pwd group-fetcher.pwd
docker secret create ldap.pwd ldap.pwd
docker secret create auth.cert $authcert
docker secret create auth.key $authkey

rm ldap.pwd
rm group-fetcher.pwd

echo "creating authorization service"
docker service create --name authorization \
	--env IdentityServerConfidentialClientSettings__Authority=$authority \
	--env CouchDbSettings__Server=$couchproxy \
	--env LDAP_HOST=$ldapHost \
	--env BINDING_DN=$ldapUser \
	--env FABRIC_IDENTITY_URL=$authority \
	--env FABRIC_AUTH_URL=https://authorizationproxy \
	--env ApplicationInsights__Enabled=true \
	--env ApplicationInsights__InstrumentationKey=$appInsightsInstrumentationKey \
	--secret="CouchDbSettings__Username" \
	--secret="CouchDbSettings__Password" \
	--replicas 1 \
	--network authnet \
	--network idnet \
	--network dbnet \
	healthcatalyst/fabric.authorization

echo "creating authorization nginx proxy"
docker service create --name authorizationproxy \
	--env HOST=authorization \
	--env REMOTEPORT=5004 \
	--env CERTIFICATE="auth.cert" \
	--env CERTIFICATE_KEY="auth.key" \
	--secret="auth.cert" \
	--secret="auth.key" \
	-p 80:80 -p 443:443 \
	--network authnet \
	healthcatalyst/fabric.docker.nginx