d-bis/Sankofa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0a7b4f320bcceb7ed77e4021f185cb04cdce4de6
Sankofa/scripts/setup-proxmox-agents.sh
defiQUG 6f28146ac3 Initial Phoenix Sankofa Cloud setup 
- Complete project structure with Next.js frontend
- GraphQL API backend with Apollo Server
- Portal application with NextAuth
- Crossplane Proxmox provider
- GitOps configurations
- CI/CD pipelines
- Testing infrastructure (Vitest, Jest, Go tests)
- Error handling and monitoring
- Security hardening
- UI component library
- Documentation
2025-11-28 12:54:33 -08:00

200 lines
5.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -euo pipefail
# Proxmox Agent Setup Script
SITE="${SITE:-}"
NODE="${NODE:-}"
CLOUDFLARE_TUNNEL_TOKEN="${CLOUDFLARE_TUNNEL_TOKEN:-}"
PROMETHEUS_ENABLED="${PROMETHEUS_ENABLED:-true}"
log() {
echo "[$(date +'%Y-%m-%d %H:%M:%S')] $*" >&2
}
error() {
log "ERROR: $*"
exit 1
}
check_prerequisites() {
if [ -z "${SITE}" ]; then
error "SITE environment variable is required"
fi
if [ -z "${NODE}" ]; then
error "NODE environment variable is required"
fi
if ! command -v pvesh &> /dev/null; then
error "This script must be run on a Proxmox node"
fi
}
install_cloudflared() {
log "Installing cloudflared..."
if command -v cloudflared &> /dev/null; then
log "cloudflared is already installed"
return
fi
# Download and install cloudflared
ARCH=$(uname -m)
case "${ARCH}" in
x86_64)
ARCH="amd64"
;;
aarch64)
ARCH="arm64"
;;
*)
error "Unsupported architecture: ${ARCH}"
;;
esac
CLOUDFLARED_VERSION="2023.10.0"
wget -q "https://github.com/cloudflare/cloudflared/releases/download/${CLOUDFLARED_VERSION}/cloudflared-linux-${ARCH}" -O /usr/local/bin/cloudflared
chmod +x /usr/local/bin/cloudflared
log "cloudflared installed successfully"
}
configure_cloudflared_tunnel() {
log "Configuring Cloudflare tunnel..."
if [ -z "${CLOUDFLARE_TUNNEL_TOKEN}" ]; then
log "Warning: CLOUDFLARE_TUNNEL_TOKEN not set, skipping tunnel configuration"
return
fi
# Create tunnel config directory
mkdir -p /etc/cloudflared
# Create tunnel credentials
cat > /etc/cloudflared/${SITE}-tunnel.json <<EOF
{"AccountTag":"","TunnelSecret":"","TunnelID":"","TunnelName":"${SITE}-tunnel"}
EOF
# Create systemd service
cat > /etc/systemd/system/cloudflared-tunnel.service <<EOF
[Unit]
Description=Cloudflare Tunnel
After=network.target
[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/cloudflared tunnel --config /etc/cloudflared/tunnel-configs/${SITE}.yaml run
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
EOF
# Copy tunnel config (should be provided separately)
mkdir -p /etc/cloudflared/tunnel-configs
if [ -f "../cloudflare/tunnel-configs/proxmox-${SITE}.yaml" ]; then
cp "../cloudflare/tunnel-configs/proxmox-${SITE}.yaml" "/etc/cloudflared/tunnel-configs/${SITE}.yaml"
else
log "Warning: Tunnel config file not found, creating basic config..."
cat > "/etc/cloudflared/tunnel-configs/${SITE}.yaml" <<EOF
tunnel: ${SITE}-tunnel
credentials-file: /etc/cloudflared/${SITE}-tunnel.json
ingress:
- hostname: ${NODE}.yourdomain.com
service: https://localhost:8006
originRequest:
tls:
skipVerify: true
- service: http_status:404
EOF
fi
systemctl daemon-reload
systemctl enable cloudflared-tunnel.service
systemctl start cloudflared-tunnel.service
log "Cloudflare tunnel configured and started"
}
install_prometheus_exporter() {
if [ "${PROMETHEUS_ENABLED}" != "true" ]; then
log "Prometheus exporter disabled, skipping..."
return
fi
log "Installing Prometheus exporter (pve_exporter)..."
# Check if pve_exporter is already installed
if command -v pve_exporter &> /dev/null; then
log "pve_exporter is already installed"
return
fi
# Install pve_exporter via pip or download binary
if command -v pip3 &> /dev/null; then
pip3 install pve_exporter
else
log "Warning: pip3 not found, please install pve_exporter manually"
return
fi
# Create systemd service
cat > /etc/systemd/system/pve-exporter.service <<EOF
[Unit]
Description=Proxmox VE Prometheus Exporter
After=network.target
[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/pve_exporter --web.listen-address=0.0.0.0:9221
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable pve-exporter.service
systemctl start pve-exporter.service
log "Prometheus exporter installed and started"
}
configure_proxmox_api() {
log "Configuring Proxmox API access..."
# Create API token for Crossplane provider
# This should be done manually or via Proxmox API
log "Note: Create an API token in Proxmox web UI:"
log " Datacenter -> Permissions -> API Tokens"
log " Token ID: crossplane-${SITE}"
log " User: root@pam or dedicated service account"
log " Permissions: Administrator or specific VM permissions"
}
main() {
log "Starting Proxmox agent setup for site ${SITE}, node ${NODE}..."
check_prerequisites
install_cloudflared
configure_cloudflared_tunnel
install_prometheus_exporter
configure_proxmox_api
log "Proxmox agent setup completed!"
log ""
log "Next steps:"
log "1. Verify Cloudflare tunnel: systemctl status cloudflared-tunnel"
log "2. Verify Prometheus exporter: curl http://localhost:9221/metrics"
log "3. Create API token in Proxmox web UI for Crossplane provider"
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink