> Usage > provision.sh
provision.sh

provision.sh is the provisioning script for osctrl in Ubuntu 20.04. It uses several functions from lib.sh.
Its purpose is to install all necessary components to deploy osctrl in an Ubuntu 20.04 system, although it could be easily adapted to work in CentOS 7.
Execute ./deploy/provision.sh [-h|--help] to show the usage of the script:
$ ./deploy/provision.sh -h

Usage: ./deploy/provision.sh [-h|--help] [PARAMETER [ARGUMENT]] [PARAMETER [ARGUMENT]] ...

Parameters:
  -h, --help   Shows this help message and exit.
  -m MODE, --mode MODE  Mode of operation. Default value is dev
  -t TYPE, --type TYPE  Type of certificate to use. Default value is self
  -p PART, --part PART  Part of the service. Default is all

Arguments for MODE:
  dev   Provision will run in development mode. Certificate will be self-signed.
  prod   Provision will run in production mode.

Arguments for TYPE:
  self   Provision will use a self-signed TLS certificate that will be generated.
  own   Provision will use the TLS certificate provided by the user.
  certbot  Provision will generate a TLS certificate using letsencrypt/certbot. More info here: https://certbot.eff.org/

Arguments for PART:
  admin  Provision will deploy only the admin interface.
  tls   Provision will deploy only the TLS endpoint.
  api   Provision will deploy only the API endpoint.
  all   Provision will deploy both the admin and the TLS endpoint.

Optional Parameters:
  --public-tls-port PORT  Port for the TLS endpoint service. Default is 443
  --public-admin-port PORT  Port for the admin service. Default is 8443
  --public-api-port PORT  Port for the API service. Default is 8444
  --private-tls-port PORT  Port for the TLS endpoint service. Default is 9000
  --private-admin-port PORT  Port for the admin service. Default is 9001
  --private-api-port PORT  Port for the API service. Default is 9002
  --all-hostname HOSTNAME  Hostname for all the services. Default is 127.0.0.1
  --tls-hostname HOSTNAME  Hostname for the TLS endpoint service. Default is 127.0.0.1
  --admin-hostname HOSTNAME  Hostname for the admin service. Default is 127.0.0.1
  --api-hostname HOSTNAME  Hostname for the API service. Default is 127.0.0.1
  -X PASS     --password  Force the admin password for the admin interface. Default is random
  -c PATH     --certfile PATH  Path to supplied TLS server PEM certificate(s) bundle
  -d DOMAIN   --domain DOMAIN  Domain for the TLS certificate to be generated using letsencrypt
  -e EMAIL    --email EMAIL  Domain for the TLS certificate to be generated using letsencrypt
  -s PATH     --source PATH  Path to code. Default is /vagrant
  -S PATH     --dest PATH  Path to binaries. Default is /opt/osctrl
  -n          --nginx   Install and configure nginx as TLS termination
  -P          --postgres  Install and configure PostgreSQL as backend
  -M          --metrics  Install and configure all services for metrics (InfluxDB + Telegraf + Grafana)
  -R          --redis   Install and configure Redis as cache
  -E          --enroll   Enroll the serve into itself using osquery. Default is disabled
  -N NAME     --env NAME  Initial environment name to be created. Default is the mode (dev or prod)
  -U          --upgrade  Keep osctrl upgraded with the latest code from Github

Examples:
  Provision service in development mode, code is in /vagrant and all components (admin, tls, api):
 ./deploy/provision.sh -m dev -s /vagrant -p all
  Provision service in production mode using my own certificate and only with TLS endpoint:
 ./deploy/provision.sh -m prod -t own -k /etc/certs/my.key -c /etc/certs/cert.crt -p tls
  Upgrade service with the latest code from Github. Does not create services nor certificates:
 ./deploy/provision.sh -U -s /code/osctrl -S /srv/osctrl