Add global deploy script

Add maven daemon on webservice
Add backup script (+ cron)
Add connection to backup server
Add decryption script

Author: Hidde Lycklama

run_imovies.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+cd /home/imovies-admin/imovies
+mvn spring-boot:run

virtual-machines/backup/Vagrantfile

@@ -22,7 +22,7 @@ Vagrant.configure("2") do |config|
   # Create a forwarded port mapping which allows access to a specific port
   # within the machine from a port on the host machine. In the example below,
   # accessing "localhost:8080" will access port 80 on the guest machine.
-  config.vm.network "forwarded_port", guest: 22, host: 22222
+  #config.vm.network "forwarded_port", guest: 22, host: 22222
 
   # Create a private network, which allows host-only access to the machine
   # using a specific IP.
@@ -70,11 +70,13 @@ Vagrant.configure("2") do |config|
   config.vm.provision "shell", inline: <<-SHELL
     apt-get update
     apt-get install -y iptables
+    apt-get install -y unzip
   SHELL
 
   config.vm.provision "shell", path: "hardening.sh"
+  config.vm.provision "file", source: "decrypt.sh", destination: "/home/vagrant/decrypt.sh"
 
-  id_rsa_key_pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDASQZtt7Oi+3u6T28lUw15NjoiW+MHZXeheDqBlEO2JN7p8Oi9crRpuVAHA0TbO53l4elhnixbrfwHfGuME4//FniI/t64SMhVlIqBTCXQVzhG6HEri+BwtrCHSHj6/BRukiXD3qGA1vnaLyzoFjPf1PBukxU5q7pyl4vjDEa7NakU0jt0zK7GUvuHXxRw1ICHBIXof8TZ1+n7NZZsyA3K2jogT9SkZY/6jhj6kPkN74omk22Z1hcuLXZt8c6vE33q8j1gmsOfIBwzTuDwO+3h2CEtJRLK6c0uDQ5mLMROrYoseSiAVLzfsvEKQ+46bBsToG6FXqueYdxl7EmVAxdpp6zwiZvlWUiB0MIkTNO/uZuFtibmMcJVxeDAyJwbHryKFCFOW/LtzNbAUkZfXVIoJQihEVsWilECPCqdjILaoMnCaVFmjstxtOoI0vXxFHZpfq6yAqjOHiV/lViqDxsQnU4401S602+IjQ5KUZtGHFfjtiGA4lfiYB7+U28P8PA/ok9eRGla4nmjfv1p8rzOQKaflqsZNsKgtMPfERCShvfgOvk8B96lkvEO7FrOQzM9EkRh4FRMXpUFjbvQYXNRTJqm9E3Meoj1Hze1yhgfCJMTUvfGW02O1XiyvupQkUTu0cO3Xmkk+WuG9T6P4wubG9QjtB2qtHx3oW5FIdceiw== imovies-admin@ubuntu"
+  id_rsa_key_pub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyVTafuR1rnt4wmqVdjzc7x3LYhubxpW9Ew0YXAvde5FpplDnoMXhWY/9q8CRLeGgOEo1HY0ceWBL9IS5OKpfqnPYAtjAE5xMmTd0TfMVrtD0xplLOpXjpaiCwyMGoucWY58V3JNucAfixe9sU6SGl+xGy1La6syN/HIL18yrXKuLIgQ/RuCgw6TXxiNEa8/xXa1o3+Q9/hxDb9ONky5G00kxPUcxJPOgMGdBz2ev/d0IrkeQvs0wXEjQOmiotPJzimpjMkAm6/WL2SmyAmG3HxXc9NqNUBD0ft5pMFz2bH2ivE/Ga20nAksjRSpd7Ife4PBtp5PycuInCqFZGfve8oDE16g6a6nHU1mkkrfDlBh8OuqnuC1gYvcwtEnYbkdNAFjQx2GCfMA7E7SqT5fIG3ZSk5D6Ua50owMq7gIo1RNUto3ldYwczotYIynRZ5t6Il5bnIDc3V9Mxo9fVx/njsXRjdaSKZLz/BARyngSKo/6Yq0ixUnYvQtjsFRwm1DsIz0BJTOfGjc6GcBoMwT7fPXDiqu0W8RslsSNFePqJ+8z0ziMDXxvQVflHRFIOVMRd9F9s+S00htgYYzOUIqOlamlXLxTCKgfGuzzdFWl8ydytIYU3tooRlp5WW7Ln3g7Xd9UU9EWfFdq1ZHUCA5uGOcVQUCCy8J/PifPUuC5UOQ== backup@imovies.com"
 
   config.vm.provision :shell,
           :inline => "echo 'appending SSH Pub Key to ~vagrant/.ssh/authorized_keys' && echo '#{id_rsa_key_pub }' >> /home/vagrant/.ssh/authorized_keys && chmod 600 /home/vagrant/.ssh/authorized_keys"

virtual-machines/deploy.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+# RUN ON LOCAL MACHINE
+
+(cd backup && vagrant destroy -f)
+(cd database && vagrant destroy -f)
+(cd webservice && vagrant destroy -f)
+
+(cd backup && vagrant up)
+(cd database && vagrant up)
+(cd webservice && vagrant up)

virtual-machines/webservice/Vagrantfile

@@ -72,6 +72,7 @@ Vagrant.configure("2") do |config|
     apt-get update
     apt-get upgrade -y
     apt-get install -y git
+    apt-get install -y zip
     apt-get install -y maven
     apt-get install -y iptables
     apt-get install -y vim
@@ -80,9 +81,12 @@ Vagrant.configure("2") do |config|
     SHELL
 
   config.vm.provision "shell", path: "add_new_user.sh"
+  config.vm.provision "file", source: "./scripts/backup.sh", destination: "/home/imovies-backup/scripts/backup.sh"
   config.vm.provision "file", source: "./keys/id_rsa", destination: "/home/imovies-admin/.ssh/id_rsa"
   config.vm.provision "file", source: "./keys/id_rsa.pub", destination: "/home/imovies-admin/.ssh/id_rsa.pub"
-  config.vm.provision "file", source: "./keys/bak_rsa.pub.pem", destination: "/home/vagrant/.ssh/bak_rsa.pub.pem"
+  config.vm.provision "file", source: "./keys/bu_rsa", destination: "/home/imovies-backup/.ssh/id_rsa"
+  config.vm.provision "file", source: "./keys/bu_rsa.pub", destination: "/home/imovies-backup/.ssh/id_rsa.pub"
+  config.vm.provision "file", source: "./keys/bak_rsa.pub.pem", destination: "/home/imovies-backup/.ssh/bak_rsa.pub.pem"
   config.vm.provision "file", source: "./for_db", destination: "/home/imovies-admin/.ssh/for_db"
   config.vm.provision "file", source: "./for_db.pub", destination: "/home/imovies-admin/.ssh/for_db.pub"
   config.vm.provision "shell", inline: <<-SHELL
@@ -91,11 +95,17 @@ Vagrant.configure("2") do |config|
     ssh-add /home/imovies-admin/.ssh/for_db
     echo -e "Host 192.168.1.5\n\tStrictHostKeyChecking no\n" >> /home/vagrant/.ssh/config
     echo -e "Host 192.168.1.5\n\tStrictHostKeyChecking no\n" >> /home/imovies-admin/.ssh/config
+    echo -e "Host 192.168.1.6\n\tStrictHostKeyChecking no\n" >> /home/imovies-backup/.ssh/config
     chown imovies-admin:imovies-admin /home/imovies-admin/.ssh/for*
+    chown imovies-admin:imovies-admin /home/imovies-admin/run_imovies.sh
+    chown imovies-backup:imovies-backup /home/imovies-backup/.ssh/*
+    chown imovies-backup:imovies-backup /home/imovies-backup/scripts
+    chown imovies-backup:imovies-backup /home/imovies-backup/scripts/backup.sh
   SHELL
   config.vm.provision "shell", path: "build_tunnel.sh"
   config.vm.provision "shell", path: "download_imovies.sh"
   config.vm.provision "shell", path: "hardening.sh"
+  config.vm.provision "shell", path: "cron.sh"
 
   @keys = Dir.entries('../ssh_public_keys/')
   for key in @keys

virtual-machines/webservice/add_new_user.sh

@@ -9,4 +9,20 @@ password
 sudo rm -rf /home/imovies-admin/.ssh
 sudo mkdir /home/imovies-admin/.ssh
 
-chmod o+w /home/imovies-admin/.ssh
+chmod o+w /home/imovies-admin/.ssh
+
+
+# add backup user
+sudo adduser imovies-backup <<!
+password
+password
+!
+
+sudo rm -rf /home/imovies-backup/.ssh
+sudo mkdir /home/imovies-backup/.ssh
+
+sudo rm -rf /home/imovies-backup/scripts
+sudo mkdir /home/imovies-backup/scripts
+
+chown vagrant:vagrant /home/imovies-backup/scripts
+chmod o+w /home/imovies-backup/.ssh

virtual-machines/webservice/cron.sh

@@ -1,8 +1,10 @@
 #!/bin/sh
 
 # Switch to vagrant user for crontab config
-su vagrant
+su imovies-backup
+
+chmod 700 /home/imovies-backup/scripts/backup.sh
 
 # daily backup at 00:00
 # Update crontab
-(crontab -l ; echo "0 0 * * * bash ~/scripts/backup.sh")| crontab -
+(crontab -l ; echo "0 0 * * * bash /home/imovies-backup/scripts/backup.sh")| crontab -

virtual-machines/webservice/download_imovies.sh

@@ -24,4 +24,8 @@ find . -type d -exec chmod 700 {} +
 chmod 700 ./mvnw
 
 cp ./src/main/resources/application.properties.example ./src/main/resources/application.properties
-chown imovies-admin:imovies-admin /home/imovies-admin/imovies/src/main/resources/application.properties
+chown imovies-admin:imovies-admin /home/imovies-admin/imovies/src/main/resources/application.properties
+
+# run imovies in daemon
+#daemon --name="imovies-webservice" --output=webservice.txt sh /home/imovies-admin/imovies/run_imovies.sh
+(cd /home/imovies-admin/imovies && (./run_imovies.sh & ))

virtual-machines/webservice/scripts/backup.sh

@@ -5,7 +5,7 @@ echo "=== BACKING UP LOGS ===";
 
 BACKUP_DIR=/tmp/backup
 
-BACKUP_PKEY=/home/vagrant/.ssh/bak_rsa.pub.pem
+BACKUP_PKEY=/home/imovies-backup/.ssh/bak_rsa.pub.pem
 #BACKUP_PKEY=/Users/hidde/IdeaProjects/iMovies/virtual-machines/webservice/keys/bak_rsa.pub.pem # local, to test
 
 rm -rf $BACKUP_DIR
@@ -14,8 +14,8 @@ mkdir $BACKUP_DIR/original
 cd $BACKUP_DIR/original
 
 # all files to be backed up
-cp /var/log/syslog $BACKUP_DIR/original
-#echo "HELLO BACKUP" > $BACKUP_DIR/original/log.txt # test log
+#cp /var/log/syslog $BACKUP_DIR/original
+echo "HELLO BACKUP" > $BACKUP_DIR/original/log.txt # test log
 
 zip -r $BACKUP_DIR/original.zip $BACKUP_DIR/original
 
@@ -33,8 +33,8 @@ rm -f $BACKUP_DIR/key.pem
 echo "=== ENCRYPTED ===";
 echo "=== UPLOADING TO SERVER ===";
 
-#scp -P 22222 $BACKUP_DIR/key.bin.enc vagrant@localhost:/
-#scp -P 22222 $BACKUP_DIR/digest.zip.enc vagrant@localhost:/
+scp -P 22 $BACKUP_DIR/key.bin.enc vagrant@192.168.1.6:~/
+scp -P 22 $BACKUP_DIR/digest.zip.enc vagrant@192.168.1.6:~/
 
 # Local, to test
 #cp $BACKUP_DIR/key.bin.enc ~/Desktop/key.bin.enc