Schritt7-3
This commit is contained in:
124
install.sh
124
install.sh
@@ -183,60 +183,88 @@ fi
|
||||
|
||||
info "Step 6 OK: Docker + Compose Plugin installiert, Locales gesetzt, Basis-Verzeichnisse erstellt"
|
||||
info "Next: Schritt 7 (finales docker-compose + Secrets + n8n/supabase up + Healthchecks)"
|
||||
# ===== Step 7: Compose + Secrets + Start =====
|
||||
step "7" "Deploy docker-compose + generate secrets + start stack"
|
||||
|
||||
# Annahmen:
|
||||
# - CTID ist in $CTID
|
||||
# - Hostname ist in $CT_HOSTNAME (z.B. supabase$(date +%s))
|
||||
# - Domain: zq0.de -> ergibt FQDN
|
||||
N8N_FQDN="${CT_HOSTNAME}.zq0.de"
|
||||
|
||||
POSTGRES_PASSWORD="$(rand_alnum 32)"
|
||||
DASHBOARD_USERNAME="$(rand_alnum 12)"
|
||||
DASHBOARD_PASSWORD="$(rand_alnum 24)"
|
||||
N8N_ENCRYPTION_KEY="$(rand_hex 64)"
|
||||
# ---------------------------
|
||||
# Step 7: Finalize stack + secrets + up + checks
|
||||
# ---------------------------
|
||||
info "Step 7: Stack finalisieren + Secrets + Up + Checks"
|
||||
|
||||
# Dateien in den CT kopieren
|
||||
pct push "$CTID" "${SCRIPT_DIR}/templates/docker-compose.yml" "/opt/customer-stack/docker-compose.yml" --perms 0644
|
||||
pct push "$CTID" "${SCRIPT_DIR}/sql/init_pgvector.sql" "/opt/customer-stack/sql/init_pgvector.sql" --perms 0644
|
||||
# ---- Host/IP für URL bauen
|
||||
# Wenn du später Reverse Proxy nutzt, werden diese Werte angepasst.
|
||||
STACK_DIR="/opt/customer-stack"
|
||||
|
||||
# .env im CT erstellen
|
||||
pct exec "$CTID" -- bash -lc "cat > /opt/customer-stack/.env <<'EOF'
|
||||
TZ=Europe/Berlin
|
||||
N8N_HOST=${N8N_FQDN}
|
||||
N8N_EDITOR_BASE_URL=https://${N8N_FQDN}/
|
||||
WEBHOOK_URL=https://${N8N_FQDN}/
|
||||
N8N_PORT="5678"
|
||||
N8N_PROTOCOL="http"
|
||||
N8N_HOST="${CT_IP}"
|
||||
N8N_EDITOR_BASE_URL="${N8N_PROTOCOL}://${N8N_HOST}:${N8N_PORT}/"
|
||||
WEBHOOK_URL="${N8N_EDITOR_BASE_URL}"
|
||||
|
||||
DASHBOARD_USERNAME=${DASHBOARD_USERNAME}
|
||||
DASHBOARD_PASSWORD=${DASHBOARD_PASSWORD}
|
||||
|
||||
N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
|
||||
|
||||
POSTGRES_USER=postgres
|
||||
POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||
POSTGRES_DB=postgres
|
||||
# ---- Secrets generieren (einmalig pro CT)
|
||||
# Wichtig: nicht jedes Mal neu erzeugen, sonst ist n8n "kaputt" (encryption key ändert sich)
|
||||
pct_exec "${CTID}" "test -f ${STACK_DIR}/.env || ( \
|
||||
umask 077; \
|
||||
PG_DB='n8n'; \
|
||||
PG_USER='n8n'; \
|
||||
PG_PASSWORD=\"\$(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 32)\"; \
|
||||
N8N_ENCRYPTION_KEY=\"\$(tr -dc 'A-Za-z0-9' </dev/urandom | head -c 32)\"; \
|
||||
N8N_SECURE_COOKIE='false'; \
|
||||
N8N_PORT='${N8N_PORT}'; \
|
||||
N8N_PROTOCOL='${N8N_PROTOCOL}'; \
|
||||
N8N_HOST='${N8N_HOST}'; \
|
||||
N8N_EDITOR_BASE_URL='${N8N_EDITOR_BASE_URL}'; \
|
||||
WEBHOOK_URL='${WEBHOOK_URL}'; \
|
||||
cat > ${STACK_DIR}/.env <<EOF
|
||||
PG_DB=\${PG_DB}
|
||||
PG_USER=\${PG_USER}
|
||||
PG_PASSWORD=\${PG_PASSWORD}
|
||||
N8N_ENCRYPTION_KEY=\${N8N_ENCRYPTION_KEY}
|
||||
N8N_SECURE_COOKIE=\${N8N_SECURE_COOKIE}
|
||||
N8N_PORT=\${N8N_PORT}
|
||||
N8N_PROTOCOL=\${N8N_PROTOCOL}
|
||||
N8N_HOST=\${N8N_HOST}
|
||||
N8N_EDITOR_BASE_URL=\${N8N_EDITOR_BASE_URL}
|
||||
WEBHOOK_URL=\${WEBHOOK_URL}
|
||||
EOF
|
||||
chmod 600 /opt/customer-stack/.env"
|
||||
)"
|
||||
|
||||
# Stack hochfahren
|
||||
pct exec "$CTID" -- bash -lc "cd /opt/customer-stack && docker compose up -d"
|
||||
# ---- Dateien rüberkopieren (compose + sql)
|
||||
# docker-compose.yml
|
||||
if [[ -f "${SCRIPT_DIR}/templates/docker-compose.yml" ]]; then
|
||||
COMPOSE_CONTENT="$(cat "${SCRIPT_DIR}/templates/docker-compose.yml")"
|
||||
pct exec "${CTID}" -- bash -lc "cat > ${STACK_DIR}/docker-compose.yml <<'YML'
|
||||
${COMPOSE_CONTENT}
|
||||
YML"
|
||||
else
|
||||
die "Missing template: ${SCRIPT_DIR}/templates/docker-compose.yml"
|
||||
fi
|
||||
|
||||
# Warten bis n8n antwortet
|
||||
pct exec "$CTID" -- bash -lc '
|
||||
set -e
|
||||
for i in $(seq 1 60); do
|
||||
if curl -fsS http://127.0.0.1:5678/ >/dev/null; then
|
||||
echo "[INFO] n8n is up"
|
||||
exit 0
|
||||
fi
|
||||
sleep 2
|
||||
done
|
||||
echo "[ERROR] n8n did not become ready in time" >&2
|
||||
exit 1
|
||||
'
|
||||
# sql init
|
||||
pct_exec "${CTID}" "mkdir -p ${STACK_DIR}/sql"
|
||||
if [[ -f "${SCRIPT_DIR}/sql/init_pgvector.sql" ]]; then
|
||||
SQL_CONTENT="$(cat "${SCRIPT_DIR}/sql/init_pgvector.sql")"
|
||||
pct exec "${CTID}" -- bash -lc "cat > ${STACK_DIR}/sql/init_pgvector.sql <<'SQL'
|
||||
${SQL_CONTENT}
|
||||
SQL"
|
||||
else
|
||||
die "Missing sql file: ${SCRIPT_DIR}/sql/init_pgvector.sql"
|
||||
fi
|
||||
|
||||
log_info "Step 7 OK: Stack running"
|
||||
log_info "URL: https://${N8N_FQDN}"
|
||||
log_info "BasicAuth user: ${DASHBOARD_USERNAME}"
|
||||
log_info "BasicAuth pass: ${DASHBOARD_PASSWORD}"
|
||||
# ---- Volumes + Rechte (wichtig!)
|
||||
pct_exec "${CTID}" "mkdir -p ${STACK_DIR}/volumes/n8n-data ${STACK_DIR}/volumes/postgres/data"
|
||||
# n8n läuft als node (uid 1000), postgres i.d.R. uid 999
|
||||
pct_exec "${CTID}" "chown -R 1000:1000 ${STACK_DIR}/volumes/n8n-data"
|
||||
pct_exec "${CTID}" "chown -R 999:999 ${STACK_DIR}/volumes/postgres/data"
|
||||
|
||||
# ---- Start stack
|
||||
pct_exec "${CTID}" "cd ${STACK_DIR} && docker compose pull"
|
||||
pct_exec "${CTID}" "cd ${STACK_DIR} && docker compose up -d"
|
||||
|
||||
# ---- Minimal Checks
|
||||
pct_exec "${CTID}" "cd ${STACK_DIR} && docker compose ps"
|
||||
pct_exec "${CTID}" "cd ${STACK_DIR} && docker logs --tail=30 customer-postgres || true"
|
||||
pct_exec "${CTID}" "cd ${STACK_DIR} && docker logs --tail=30 n8n || true"
|
||||
|
||||
info "Step 7 OK: Stack deployed"
|
||||
info "n8n: ${N8N_EDITOR_BASE_URL}"
|
||||
info "Hinweis: Ohne Reverse-Proxy/TLS ist N8N_SECURE_COOKIE=false gesetzt. Später bei HTTPS wieder true."
|
||||
|
||||
Reference in New Issue
Block a user