Its purpose is to install all necessary components to deploy osctrl in an Ubuntu 18.04 system, although it could be easily adapted to work in CentOS 7.
./deploy/provision.sh [-h|--help] to show the usage of the script:
$ ./deploy/provision.sh -h Usage: ./deploy/provision.sh [-h|--help] [PARAMETER [ARGUMENT]] [PARAMETER [ARGUMENT]] ... Parameters: -h, --help Shows this help message and exit. -m MODE, --mode MODE Mode of operation. Default value is dev -t TYPE, --type TYPE Type of certificate to use. Default value is self -p PART, --part PART Part of the service. Default is all Arguments for MODE: dev Provision will run in development mode. Certificate will be self-signed. prod Provision will run in production mode. Arguments for TYPE: self Provision will use a self-signed TLS certificate that will be generated. own Provision will use the TLS certificate provided by the user. certbot Provision will generate a TLS certificate using letsencrypt/certbot. More info here: https://certbot.eff.org/ Arguments for PART: admin Provision will deploy only the admin interface. tls Provision will deploy only the TLS endpoint. all Provision will deploy both the admin and the TLS endpoint. Optional Parameters: --public-tls-port PORT Port for the TLS endpoint service. Default is 443 --public-admin-port PORT Port for the admin service. Default is 8443 --public-api-port PORT Port for the API service. Default is 8444 --private-tls-port PORT Port for the TLS endpoint service. Default is 9000 --private-admin-port PORT Port for the admin service. Default is 9001 --private-api-port PORT Port for the API service. Default is 9002 --all-hostname HOSTNAME Hostname for all the services. Default is 127.0.0.1 --tls-hostname HOSTNAME Hostname for the TLS endpoint service. Default is 127.0.0.1 --admin-hostname HOSTNAME Hostname for the admin service. Default is 127.0.0.1 --api-hostname HOSTNAME Hostname for the API service. Default is 127.0.0.1 -X PASS --password Force the admin password for the admin interface. Default is random -c PATH --certfile PATH Path to supplied TLS server PEM certificate(s) bundle -d DOMAIN --domain DOMAIN Domain for the TLS certificate to be generated using letsencrypt -e EMAIL --email EMAIL Domain for the TLS certificate to be generated using letsencrypt -s PATH --source PATH Path to code. Default is /vagrant -S PATH --dest PATH Path to binaries. Default is /opt/osctrl -n --nginx Install and configure nginx as TLS termination -P --postgres Install and configure PostgreSQL as backend -M --metrics Install and configure all services for metrics (InfluxDB + Telegraf + Grafana) -E --enroll Enroll the serve into itself using osquery. Default is disabled -N NAME --env NAME Initial environment name to be created. Default is the mode (dev or prod) -U --upgrade Keep osctrl upgraded with the latest code from Github Examples: Provision service in development mode, code is in /vagrant and all components (admin, tls, api): ./deploy/provision.sh -m dev -s /vagrant -p all Provision service in production mode using my own certificate and only with TLS endpoint: ./deploy/provision.sh -m prod -t own -k /etc/certs/my.key -c /etc/certs/cert.crt -p tls Upgrade service with the latest code from Github. Does not create services nor certificates: ./deploy/provision.sh -U -s /code/osctrl -S /srv/osctrl