-
Notifications
You must be signed in to change notification settings - Fork 9
/
prepare_project.bash
executable file
·141 lines (116 loc) · 5.26 KB
/
prepare_project.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#!/bin/bash
# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
GREEN="\e[32m"
RED="\e[31m"
RESET="\e[0m"
PROJECT=${PROJECT}
print_usage() {
echo -e ${RED?}'Usage: prepare_project [-h] [-p project_id]'${RESET?}
echo -e ${RED?}' -h \t show this help usage'${RESET?}
echo -e ${RED?}' -p \t GCP project_id to deploy to'${RESET?}
}
while getopts ':hp:' flag; do
case "${flag}" in
h) print_usage
exit 1 ;;
p) PROJECT="${OPTARG}" ;;
*) echo -e ${RED?}'Unknown flag: -'${flag}${RESET?}
print_usage
exit 1 ;;
esac
done
if [[ "${PROJECT}" == "" ]]; then
echo -e ${RED?}'Must provide a project via $PROJECT or -p project'${RESET?}
print_usage
exit 1
fi
PROJECT_NUMBER=$(gcloud projects list --filter="${PROJECT?}" --format="value(PROJECT_NUMBER)")
if [[ "$?" != 0 ]]; then
exit 1
fi
echo -e ${GREEN?}'Preparing the GCP project '${PROJECT?}' for deployment.'${RESET?}
# Enbable the required APIs.
echo -e ${GREEN?}'Enabling the required APIs.'${RESET?}
gcloud services enable --project=${PROJECT?}\
appengine.googleapis.com \
appengineflex.googleapis.com \
appenginestandard.googleapis.com \
sql-component.googleapis.com \
sqladmin.googleapis.com \
datastore.googleapis.com \
iam.googleapis.com \
cloudbuild.googleapis.com \
bigquery.googleapis.com \
storage-component.googleapis.com \
cloudkms.googleapis.com
# Create a GAE app.
gcloud app create --project=${PROJECT?} --region=us-central
# Grant the required permissions.
echo -e ${GREEN?}'Granting the required permissions.'${RESET?}
gcloud projects add-iam-policy-binding -q ${PROJECT?} \
--member serviceAccount:${PROJECT?}@appspot.gserviceaccount.com --role roles/cloudkms.cryptoKeyEncrypterDecrypter
gcloud projects add-iam-policy-binding -q ${PROJECT?} \
--member serviceAccount:${PROJECT?}@appspot.gserviceaccount.com --role roles/cloudkms.signerVerifier
gcloud projects add-iam-policy-binding -q ${PROJECT?} \
--member serviceAccount:${PROJECT?}@appspot.gserviceaccount.com --role roles/iam.serviceAccountTokenCreator
gcloud projects add-iam-policy-binding -q ${PROJECT?} \
--member serviceAccount:${PROJECT?}@appspot.gserviceaccount.com --role roles/logging.viewer
gcloud projects add-iam-policy-binding -q ${PROJECT?} \
--member serviceAccount:${PROJECT?}@appspot.gserviceaccount.com --role roles/logging.logWriter
gcloud projects add-iam-policy-binding -q ${PROJECT?} \
--member serviceAccount:service-${PROJECT_NUMBER?}@gae-api-prod.google.com.iam.gserviceaccount.com --role roles/cloudsql.client
gcloud projects add-iam-policy-binding -q ${PROJECT?} \
--member serviceAccount:service-${PROJECT_NUMBER?}@gae-api-prod.google.com.iam.gserviceaccount.com --role roles/editor
gcloud projects add-iam-policy-binding -q ${PROJECT?} \
--member serviceAccount:service-${PROJECT_NUMBER?}@gae-api-prod.google.com.iam.gserviceaccount.com --role roles/resourcemanager.projectIamAdmin
# TODO: make region configurable.
# Create a datastore index to power related queries.
gcloud datastore indexes create deploy/index.yaml --project=${PROJECT?} --quiet
# Setup Cloud SQL
# Create a CloudSQL db-f1-micro (memory=128M, disk=250G) postgres 11 instance in us-central-1.
echo -e ${GREEN?}'Creating Cloud SQL database for Hydra.'${RESET?}
gcloud sql instances create hydra --project=${PROJECT?} --database-version=POSTGRES_11 \
--tier=db-f1-micro --region=us-central1 --require-ssl
# Create user: name="${NAME}", password="${PASSWORD}"
gcloud sql users create hydra --project=${PROJECT?} --instance=hydra --password=hydra
# Create database ic
gcloud sql databases create ic --project=${PROJECT?} --instance=hydra
# Create database dam
gcloud sql databases create dam --project=${PROJECT?} --instance=hydra
echo -e ${GREEN?}'Creating a GCS bucket with an example file.'${RESET?}
gsutil mb -p ${PROJECT?} gs://${PROJECT?}-test-dataset
tempdir=`mktemp -d`
pushd $tempdir
echo "This is an example" > example.txt
gsutil cp -p=${PROJECT?} example.txt gs://${PROJECT?}-test-dataset
gsutil uniformbucketlevelaccess set on gs://${PROJECT?}-test-dataset
popd
rm -rf $tempdir
# Deploy a simple defaut app to GAE default service.
echo -e ${GREEN?}'Deploy a helloworld to GAE default service.'${RESET?}
tempdir=`mktemp -d`
pushd $tempdir
git clone https://github.com/GoogleCloudPlatform/golang-samples.git
pushd golang-samples/appengine/go11x/helloworld
gcloud app deploy --project=${PROJECT?} --version=master -q .
popd
popd
rm -rf $tempdir
echo -e ${GREEN?}'Building Base Hydra Docker Image.'${RESET?}
mkdir -p ./deploy/build/hydra
cp -R ./deploy/build-templates/hydra/* ./deploy/build/hydra/
sed -i 's/${YOUR_PROJECT_ID}/'${PROJECT?}'/g' ./deploy/build/hydra/Dockerfile
gcloud builds submit --project=${PROJECT?} --config=deploy/build/hydra/cloudbuild.yaml .
echo -e ${GREEN?}'Project preparation complete.'${RESET?}