-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate_siteinfo_api.sh
executable file
·160 lines (149 loc) · 5.49 KB
/
create_siteinfo_api.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
#!/bin/bash
#
# create_siteinfo_api.sh creates all GCP resources needed to serve the siteinfo
# API from a GCS bucket.
set -euxo pipefail
PROJECT=${1:?Please provide project}
# Create siteinfo and empty GCS buckets.
siteinfo_bucket="siteinfo-${PROJECT}"
if ! gsutil acl get "gs://${siteinfo_bucket}" &> /dev/null ; then
gsutil mb -p ${PROJECT} -c multi_regional "gs://${siteinfo_bucket}"
gsutil defacl set public-read "gs://${siteinfo_bucket}"
fi
empty_bucket="empty-${PROJECT}"
if ! gsutil acl get "gs://${empty_bucket}" &> /dev/null ; then
gsutil mb -p ${PROJECT} "gs://${empty_bucket}"
gsutil defacl set public-read "gs://${empty_bucket}"
fi
# Apply CORS settings to the siteinfo bucket.
gsutil cors set cors-settings.json gs://${siteinfo_bucket}
# Lookup or create loadbalancer IP.
lb_ip=$(
gcloud --project ${PROJECT} compute addresses describe \
siteinfo-lb-ip-1 --global --format="value(address)" || :
)
if [[ -z "${lb_ip}" ]] ; then
lb_ip=$(
gcloud --project ${PROJECT} compute addresses create \
siteinfo-lb-ip-1 --ip-version=IPV4 --global --format="value(address)"
)
fi
# Lookup or create the backend bucket for the siteinfo data bucket.
siteinfo_backend_name=$(
gcloud --project ${PROJECT} compute backend-buckets describe \
siteinfo-backend-bucket --format='value(name)' || :
)
if [[ -z "${siteinfo_backend_name}" ]] ; then
siteinfo_backend_name=$(
gcloud --project ${PROJECT} compute backend-buckets create \
siteinfo-backend-bucket \
--gcs-bucket-name ${siteinfo_bucket} --format='value(name)'
)
fi
empty_backend_name=$(
gcloud --project ${PROJECT} compute backend-buckets describe \
empty-backend-bucket --format='value(name)' || :
)
if [[ -z "${empty_backend_name}" ]] ; then
empty_backend_name=$(
gcloud --project ${PROJECT} compute backend-buckets create \
empty-backend-bucket \
--gcs-bucket-name ${empty_bucket} --format='value(name)'
)
fi
# Create url-map with default to empty-bucket.
urlmap_name=$(
gcloud --project ${PROJECT} compute url-maps describe \
siteinfo-url-map --format='value(name)' || :
)
if [[ -z "${urlmap_name}" ]] ; then
urlmap_name=$(
gcloud --project ${PROJECT} compute url-maps create \
siteinfo-url-map \
--default-backend-bucket=${empty_backend_name} \
--format='value(name)'
)
fi
# Allow requests to /v1/* and /v2/* to the siteinfo backend bucket.
#
# TODO(kinkade): this block makes the rather dumb assumption that if a backend
# path rule for /v1/* doesn't exist then neither will /v2/*. It also assumes
# that the path rule for '/v1/*' will always be at index 0. This could be made
# more robust.
found=$(
gcloud --project ${PROJECT} compute url-maps describe \
${urlmap_name} --format="value(pathMatchers[pathRules][0][paths][0])" || :
)
if [[ "${found}" != "/v1/*" ]] ; then
gcloud --project ${PROJECT} compute url-maps add-path-matcher \
${urlmap_name} \
--path-matcher-name siteinfo-url-map-matcher \
--default-backend-bucket=${empty_backend_name} \
--backend-bucket-path-rules="/v1/*=${siteinfo_backend_name},/v2/*=${siteinfo_backend_name}" \
--new-hosts siteinfo.${PROJECT}.measurementlab.net
fi
# Setup DNS for siteinfo hostname.
current_ip=$(
gcloud dns record-sets list --zone "${PROJECT}-measurementlab-net" \
--name "siteinfo.${PROJECT}.measurementlab.net." \
--format "value(rrdatas[0])" --project ${PROJECT} || : )
if [[ "${current_ip}" != "${lb_ip}" ]] ; then
# Add the record, deleting the existing one first.
gcloud dns record-sets transaction start \
--zone "${PROJECT}-measurementlab-net" \
--project ${PROJECT}
# Allow remove to fail when CURRENT_IP is empty.
gcloud dns record-sets transaction remove \
--zone "${PROJECT}-measurementlab-net" \
--name "siteinfo.${PROJECT}.measurementlab.net." \
--type A \
--ttl 300 \
"${current_ip}" --project ${PROJECT} || :
gcloud dns record-sets transaction add \
--zone "${PROJECT}-measurementlab-net" \
--name "siteinfo.${PROJECT}.measurementlab.net." \
--type A \
--ttl 300 \
"${lb_ip}" \
--project ${PROJECT}
gcloud dns record-sets transaction execute \
--zone "${PROJECT}-measurementlab-net" \
--project ${PROJECT}
fi
# Create managed let's encrypt TLS certificates.
certificate_name=$(
gcloud --project ${PROJECT} beta compute ssl-certificates describe \
siteinfo-certificate --format='value(name)' || :
)
if [[ -z "${certificate_name}" ]] ; then
certificate_name=$(
gcloud --project ${PROJECT} beta compute ssl-certificates create \
siteinfo-certificate \
--domains siteinfo.${PROJECT}.measurementlab.net --format='value(name)'
)
fi
# Create the HTTPS target proxy connecting the url-map and managed certificate.
proxy_name=$(
gcloud --project ${PROJECT} compute target-https-proxies describe \
siteinfo-lb-proxy --format='value(name)' || :
)
if [[ -z "${proxy_name}" ]] ; then
proxy_name=$(
gcloud --project ${PROJECT} compute target-https-proxies create \
siteinfo-lb-proxy \
--url-map ${urlmap_name} --ssl-certificates ${certificate_name} \
--format='value(name)'
)
fi
# Create the forwarding rule connecting our loadbalancer IP to the target proxy.
forwarder_name=$(
gcloud --project ${PROJECT} compute forwarding-rules describe \
siteinfo-forwarder --global --format='value(name)' || :
)
if [[ -z "${forwarder_name}" ]] ; then
gcloud --project ${PROJECT} compute forwarding-rules create \
siteinfo-forwarder \
--address ${lb_ip} --global \
--target-https-proxy ${proxy_name} \
--ports 443
fi