Fix: Add missing AP_ENCRYPTION_KEY to Activepieces

2025-12-02 11:21:01 +00:00 · 2025-12-02 11:21:01 +00:00 · 2e6cde0a30
parent 7b727bb95a
commit 2e6cde0a30
4 changed files with 168 additions and 0 deletions
--- a/fix_active.sh
+++ b/fix_active.sh
@ -0,0 +1,81 @@
+#!/bin/bash
+
+# Script para arreglar Activepieces en Alicante Core V3.2
+# Se ejecuta en DCC (10.10.10.101) dentro de /sc/alicante-infra
+
+# Colores
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+RED='\033[0;31m'
+NC='\033[0m'
+
+REPO_DIR="/sc/alicante-infra"
+GROUP_VARS="$REPO_DIR/group_vars/all.yml"
+# IMPORTANTE: Ajusta si tu template real tiene otro nombre (ej. apps-business-compose.j2)
+TEMPLATE_FILE="$REPO_DIR/roles/core/templates/business-compose.j2"
+
+# 0. Verificaciones
+if [ ! -f "$GROUP_VARS" ]; then
+    echo -e "${RED}ERROR: No encuentro $GROUP_VARS. ¿Estás en el DCC?${NC}"
+    exit 1
+fi
+
+# Verificar nombre real del template (Ansible usa src: "{{ item }}-compose.j2" normalmente)
+if [ ! -f "$TEMPLATE_FILE" ]; then
+    # Intentamos buscar si existe con prefijo apps-
+    if [ -f "$REPO_DIR/roles/core/templates/apps-business-compose.j2" ]; then
+        TEMPLATE_FILE="$REPO_DIR/roles/core/templates/apps-business-compose.j2"
+        echo -e "${YELLOW}Aviso: Usando template alternativo: $TEMPLATE_FILE${NC}"
+    else
+        echo -e "${RED}ERROR: No encuentro el template business-compose.j2${NC}"
+        exit 1
+    fi
+fi
+
+echo -e "${GREEN}=== FIX ACTIVEPIECES SECRETS ===${NC}"
+
+# 1. Generar Claves
+echo -e "${YELLOW}[1/3] Generando claves criptográficas...${NC}"
+AP_KEY=$(openssl rand -hex 16)
+AP_JWT=$(openssl rand -base64 32)
+echo "   Encryption Key: $AP_KEY"
+echo "   JWT Secret:     (generado)"
+
+# 2. Inyectar en group_vars/all.yml
+echo -e "${YELLOW}[2/3] Actualizando group_vars/all.yml...${NC}"
+
+if grep -q "ap_encryption_key" "$GROUP_VARS"; then
+    echo -e "   ⚠️ Variables ya existen en group_vars. Saltando inyección."
+else
+    cat <<EOT >> "$GROUP_VARS"
+
+# Activepieces Configuration
+ap_encryption_key: "$AP_KEY"
+ap_jwt_secret: "$AP_JWT"
+EOT
+    echo -e "   ✅ Variables añadidas al final del archivo."
+fi
+
+# 3. Parchear el Template (business-compose.j2)
+echo -e "${YELLOW}[3/3] Parcheando template Docker Compose...${NC}"
+
+# Hacemos backup
+cp "$TEMPLATE_FILE" "${TEMPLATE_FILE}.bak_ap"
+
+# Estrategia: Buscar la línea AP_FRONTEND_URL e insertar debajo las nuevas variables
+# Usamos perl para inserción multilínea segura
+perl -i -pe 's|(AP_FRONTEND_URL:.*)|$1\n      AP_ENCRYPTION_KEY: "{{ ap_encryption_key }}"\n      AP_JWT_SECRET: "{{ ap_jwt_secret }}"|g' "$TEMPLATE_FILE"
+
+if grep -q "AP_ENCRYPTION_KEY" "$TEMPLATE_FILE"; then
+    echo -e "   ✅ Template parcheado correctamente."
+else
+    echo -e "${RED}ERROR: Falló el parcheo del template. Revisa manualmente.${NC}"
+    # Restaurar backup si falló
+    cp "${TEMPLATE_FILE}.bak_ap" "$TEMPLATE_FILE"
+fi
+
+echo -e "${GREEN}=== LISTO ===${NC}"
+echo -e "Ahora ejecuta:"
+echo -e "1. git diff"
+echo -e "2. git add . && git commit -m 'Fix Activepieces secrets' && git push"
+echo -e "3. Desplegar en Semaphore"
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -18,3 +18,7 @@ pg_version: "16"
 # Carbone (Stack Docs)
 core_ip: "10.10.10.104"
 a412b12 (Fix: V3.2 upgrade paths)
+
+# Activepieces Configuration
+ap_encryption_key: "ff7d959b67bc4b31752d51c3db3bbb5b"
+ap_jwt_secret: "eW4o2aZs0yNT3Z9kSS6IYDLtMtJ/Uh1acV0HIYOfrtI="
--- a/roles/core/templates/business-compose.j2
+++ b/roles/core/templates/business-compose.j2
@ -74,6 +74,8 @@ services:
      AP_REDIS_PORT: 6379
      AP_REDIS_PASSWORD: {{ global_redis_pass }}
      AP_FRONTEND_URL: "http://{{ ansible_host }}:8081"
+      AP_ENCRYPTION_KEY: "{{ ap_encryption_key }}"
+      AP_JWT_SECRET: "{{ ap_jwt_secret }}"
    ports:
      - "8081:80"

--- a/roles/core/templates/business-compose.j2.bak_ap
+++ b/roles/core/templates/business-compose.j2.bak_ap
@ -0,0 +1,81 @@
+services:
+  # DB Interna del Stack
+  db:
+    image: postgres:16-alpine
+    restart: always
+    environment:
+      POSTGRES_PASSWORD: {{ global_db_pass }}
+      POSTGRES_USER: postgres
+      POSTGRES_DB: postgres
+    volumes:
+      - pg_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  redis:
+    image: redis:alpine
+    restart: always
+    command: redis-server --requirepass {{ global_redis_pass }}
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 5s
+      timeout: 3s
+      retries: 5
+
+  # APPS
+  dolibarr:
+    image: upshift/dolibarr:latest
+    depends_on:
+      db:
+        condition: service_healthy
+    environment:
+      DOLI_DB_HOST: db
+      DOLI_DB_PORT: 5432
+      DOLI_DB_TYPE: pgsql
+      DOLI_DB_USER: postgres
+      DOLI_DB_PASSWORD: {{ global_db_pass }}
+      DOLI_ADMIN_LOGIN: admin
+      DOLI_ADMIN_PASSWORD: admin
+    ports:
+      - "8080:80"
+
+  teable:
+    image: teableio/teable:latest
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    environment:
+      PRISMA_DATABASE_URL: "postgresql://postgres:{{ global_db_pass }}@db:5432/teable"
+      REDIS_URL: "redis://:{{ global_redis_pass }}@redis:6379/0"
+      PUBLIC_ORIGIN: "http://{{ ansible_host }}:3000"
+      SECRET_KEY: "TeableSecretKey123"
+    ports:
+      - "3000:3000"
+
+  activepieces:
+    image: activepieces/activepieces:latest
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    environment:
+      AP_POSTGRES_HOST: db
+      AP_POSTGRES_PORT: 5432
+      AP_POSTGRES_DATABASE: activepieces
+      AP_POSTGRES_USERNAME: postgres
+      AP_POSTGRES_PASSWORD: {{ global_db_pass }}
+      AP_REDIS_HOST: redis
+      AP_REDIS_PORT: 6379
+      AP_REDIS_PASSWORD: {{ global_redis_pass }}
+      AP_FRONTEND_URL: "http://{{ ansible_host }}:8081"
+    ports:
+      - "8081:80"
+
+volumes:
+  pg_data: