cb-tumblebug/Makefile at main · cloud-barista/cb-tumblebug · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
default: ## Build the application ('make' without arguments)
	cd src/ && $(MAKE)

run: ## Run the built application
	cd src/ && $(MAKE) run

clean: ## Clean build artifacts
	cd src/ && $(MAKE) clean

swag swagger: ## Generate Swagger documentation
	cd src/ && $(MAKE) swag

# ===== Initialization =====
SHELL := /bin/bash

init: ## Run initialization sequence (credential registration for OpenBao and Tumblebug)
	@chmod +x ./init/multi-init.sh 2>/dev/null || true
	@./init/multi-init.sh

init-profile: ## Maintainer-only: run make init with elapsed/memory profiling outputs under tmp/init-profile/
	@chmod +x ./scripts/misc/init-profile.sh 2>/dev/null || true
	@./scripts/misc/init-profile.sh

# ===== Docker Compose Commands =====
# docker-compose.yaml includes all services + OpenBao.
#
# Usage scenarios:
#   1) Fresh start:       make up → make init
#   2) Restart:           make up
#   3) Reset DB only:     make clean-db → make up → make init
#   4) Full reset:        make clean-all → make up → make init
prepare-volumes: ## Create bind-mount directories with correct ownership
	@echo "Preparing container-volume directories..."
	@mkdir -p \
		container-volume/cb-tumblebug-container/meta_db \
		container-volume/cb-tumblebug-container/log \
		container-volume/cb-spider-container/meta_db \
		container-volume/cb-spider-container/log \
		container-volume/etcd/data \
		container-volume/openbao-data \
		container-volume/mc-terrarium-container/.terrarium \
		2>/dev/null || \
	sudo mkdir -p \
		container-volume/cb-tumblebug-container/meta_db \
		container-volume/cb-tumblebug-container/log \
		container-volume/cb-spider-container/meta_db \
		container-volume/cb-spider-container/log \
		container-volume/etcd/data \
		container-volume/openbao-data \
		container-volume/mc-terrarium-container/.terrarium
	@# Fix ownership for mc-terrarium volume (container runs as appuser, uid 1000)
	@if [ "$$(stat -c '%u' container-volume/mc-terrarium-container/.terrarium 2>/dev/null)" != "$$(id -u)" ]; then \
		echo "Fixing ownership of mc-terrarium volume..."; \
		sudo chown -R $$(id -u):$$(id -g) container-volume/mc-terrarium-container/.terrarium; \
	fi
	@# Fix root-owned runtime artifacts in assets/spider/ (created by cb-spider container).
	@# These block Docker build context transfer if not readable by the current user.
	@if find assets/spider/ -mindepth 1 -uid 0 -a -not -readable -print -quit 2>/dev/null | grep -q .; then \
		echo "Fixing permissions on cb-spider runtime artifacts in assets/spider/..."; \
		sudo find assets/spider/ -mindepth 1 -uid 0 -exec chown $$(id -u):$$(id -g) {} +; \
	fi
	@echo "Prepared!"
# Note: OpenBao data dir ownership is fixed by entrypoint chown in docker-compose.yaml.

compose: prepare-volumes ## Start Docker Compose services (auto init/unseal OpenBao)
	@echo "Starting OpenBao..."
	@DOCKER_BUILDKIT=1 docker compose up -d openbao
	@if [ ! -f .env ] || ! grep -q '^VAULT_TOKEN=.\+' .env 2>/dev/null; then \
		echo "VAULT_TOKEN not found — running first-time OpenBao initialization..."; \
		bash init/openbao/openbao-init.sh; \
	fi
	@$(MAKE) unseal
	@echo "Starting all services..."
	@DOCKER_BUILDKIT=1 docker compose up --build

logs: ## Follow Docker Compose logs (docker compose logs -f)
	docker compose logs -f

compose-down: ## Stop Docker Compose services (docker compose down)
	@echo "Stopping Docker Compose services..."
	docker compose down

status: ## Show status of Docker Compose services (docker compose ps)
	@docker compose ps --format "table {{.Name}}\t{{.Image}}\t{{.Status}}\t{{.Ports}}"

ps: ## Show status of services (alias for status)
	@$(MAKE) status

# ===== Database Cleanup Commands =====
clean-db: compose-down ## Clean all database metadata (./init/cleanDB.sh)
	@echo "Running cleanDB script..."
	@chmod +x ./init/cleanDB.sh 2>/dev/null || true
	@./init/cleanDB.sh

clean-all: compose-down clean-db ## Full reset including OpenBao (requires re-init)
	@echo "Cleaning OpenBao data..."
	@sudo rm -rf container-volume/openbao-data
	@rm -f init/openbao/secrets/openbao-init.json
	@sed -i 's/^VAULT_TOKEN=.*/VAULT_TOKEN=/' .env 2>/dev/null || true
	@echo "Cleaned! Run 'make up' then 'make init' to re-initialize."

# ===== Database Backup & Restore =====
backup-assets: ## Backup PostgreSQL database to assets directory for version control
	@chmod +x ./scripts/backup-assets.sh 2>/dev/null || true
	@./scripts/backup-assets.sh

restore-assets: ## Restore PostgreSQL database from assets backup (or FILE=<path>)
	@chmod +x ./scripts/restore-assets.sh 2>/dev/null || true
	@if [ -z "$(FILE)" ]; then \
		./scripts/restore-assets.sh; \
	else \
		./scripts/restore-assets.sh $(FILE); \
	fi

# ===== Utility Aliases =====
up: ## Start all services (alias for compose)
	@$(MAKE) compose

down: ## Quick stop (alias for compose-down)
	@$(MAKE) compose-down

# ===== OpenBao Commands =====
init-openbao: ## Initialize OpenBao (one-time setup: generate unseal key + root token)
	@echo "Initializing OpenBao..."
	@chmod +x ./init/openbao/openbao-init.sh 2>/dev/null || true
	@./init/openbao/openbao-init.sh

unseal: ## Unseal OpenBao (needed after every container restart)
	@echo "Trying to unseal OpenBao (if not already unsealed)..."
	@chmod +x ./init/openbao/openbao-unseal.sh 2>/dev/null || true
	@./init/openbao/openbao-unseal.sh || true

gen-cred: ## Generate credentials.yaml from template (./init/genCredential.sh)
	@echo "Generating credentials.yaml from template..."
	@chmod +x ./init/genCredential.sh 2>/dev/null || true
	@./init/genCredential.sh

enc-cred: ## Encrypt credentials.yaml to credentials.yaml.enc (./init/encCredential.sh)
	@echo "Encrypting credentials.yaml..."
	@chmod +x ./init/encCredential.sh 2>/dev/null || true
	@./init/encCredential.sh

dec-cred: ## Decrypt credentials.yaml.enc to credentials.yaml (./init/decCredential.sh)
	@echo "Decrypting credentials.yaml.enc..."
	@chmod +x ./init/decCredential.sh 2>/dev/null || true
	@./init/decCredential.sh

bcrypt: ## Generate bcrypt hash for given password (`make bcrypt PASSWORD=mypassword`)
	@if [ -z "$(PASSWORD)" ]; then \
		echo "Please provide a password: make bcrypt PASSWORD=mypassword"; \
		exit 1; \
	fi
	@mkdir -p cmd/bcrypt
	@if [ ! -f "cmd/bcrypt/bcrypt" ]; then \
		echo "bcrypt binary not found, building it..."; \
		go build -o cmd/bcrypt/bcrypt cmd/bcrypt/main.go; \
		chmod +x cmd/bcrypt/bcrypt; \
	fi
	@echo "$(PASSWORD)" | ./cmd/bcrypt/bcrypt

certs: ## Generate self-signed certs (`make certs` / `make certs DOMAIN=mydomain.com IP=x.x.x.x CERT_DIR=~/.cloud-barista/certs`)
	@echo "Generating self-signed certificates..."
	@echo "DOMAIN=$(DOMAIN), IP=$(IP), CERT_DIR=$(CERT_DIR)"
	chmod +x scripts/certs/generate-certs.sh; \
	scripts/certs/generate-certs.sh DOMAIN=$(DOMAIN) IP=$(IP) CERT_DIR=$(CERT_DIR)

help: ## Display this help screen
	@echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
	@echo "CB-Tumblebug Makefile Commands"
	@echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
	@echo ""
	@echo "🐳 Container Build & Run:"
	@echo "  \033[36mup (compose-up)\033[0m        Start services with --build (docker compose up --build) and auto init/unseal OpenBao"
	@echo "  \033[36mdown (compose-down)\033[0m    Stop services (docker compose down)"
	@echo "  \033[36mps (status)\033[0m            Show status of services (docker compose ps)"
	@echo "  \033[36mlogs\033[0m                   Follow service logs (docker compose logs -f)"
	@echo ""
	@echo "⚙️  Initialization:"
	@grep -E '^(init|init-profile|gen-cred|enc-cred|dec-cred):.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "  \033[36m%-22s\033[0m %s\n", $$1, $$2}'
	@echo ""
	@echo "🔐 OpenBao (Secrets Management):"
	@echo "  \033[36minit-openbao\033[0m           Initialize OpenBao (one-time setup)"
	@echo "  \033[36munseal\033[0m                 Unseal OpenBao (after container restart)"
	@echo ""
	@echo "🧹 Cleanup:"
	@echo "  \033[36mclean-db\033[0m               Clean database metadata (./init/cleanDB.sh)"
	@echo "  \033[36mclean-all\033[0m              Clean build + containers + databases + OpenBao (requires re-init)"
	@echo ""
	@echo "💾 Database Backup & Restore:"
	@grep -E '^(backup-assets|restore-assets):.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "  \033[36m%-22s\033[0m %s\n", $$1, $$2}'
	@echo ""
	@echo "🔧 Utilities:"
	@grep -E '^(swag|bcrypt|certs):.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "  \033[36m%-22s\033[0m %s\n", $$1, $$2}'
	@echo ""
	@echo "📦 Binary Build & Run & Cleanup:"
	@grep -E '^(default|run|clean):.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "  \033[36m%-22s\033[0m %s\n", $$1, $$2}'
	@echo ""
	@echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
	@echo "💡 Quick Start Workflow:"
	@echo "   make up ▶ make gen-cred ▶ (edit credentials) ▶ make enc-cred ▶ make init"
	@echo ""
	@echo "   💡 During 'make init', you'll be asked if you want to use the pre-built"
	@echo "      database backup (1 min) or fetch fresh data from CSPs (20 min)."
	@echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"

# ===== PHONY targets (not actual files) =====
.PHONY: default run clean clean-all swag swagger init init-profile compose compose-down logs status ps clean-db backup-assets restore-assets up down gen-cred enc-cred dec-cred bcrypt certs help