diff --git a/fix_active.sh b/fix_active.sh new file mode 100755 index 0000000..5604368 --- /dev/null +++ b/fix_active.sh @@ -0,0 +1,81 @@ +#!/bin/bash + +# Script para arreglar Activepieces en Alicante Core V3.2 +# Se ejecuta en DCC (10.10.10.101) dentro de /sc/alicante-infra + +# Colores +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +RED='\033[0;31m' +NC='\033[0m' + +REPO_DIR="/sc/alicante-infra" +GROUP_VARS="$REPO_DIR/group_vars/all.yml" +# IMPORTANTE: Ajusta si tu template real tiene otro nombre (ej. apps-business-compose.j2) +TEMPLATE_FILE="$REPO_DIR/roles/core/templates/business-compose.j2" + +# 0. Verificaciones +if [ ! -f "$GROUP_VARS" ]; then + echo -e "${RED}ERROR: No encuentro $GROUP_VARS. ¿Estás en el DCC?${NC}" + exit 1 +fi + +# Verificar nombre real del template (Ansible usa src: "{{ item }}-compose.j2" normalmente) +if [ ! -f "$TEMPLATE_FILE" ]; then + # Intentamos buscar si existe con prefijo apps- + if [ -f "$REPO_DIR/roles/core/templates/apps-business-compose.j2" ]; then + TEMPLATE_FILE="$REPO_DIR/roles/core/templates/apps-business-compose.j2" + echo -e "${YELLOW}Aviso: Usando template alternativo: $TEMPLATE_FILE${NC}" + else + echo -e "${RED}ERROR: No encuentro el template business-compose.j2${NC}" + exit 1 + fi +fi + +echo -e "${GREEN}=== FIX ACTIVEPIECES SECRETS ===${NC}" + +# 1. Generar Claves +echo -e "${YELLOW}[1/3] Generando claves criptográficas...${NC}" +AP_KEY=$(openssl rand -hex 16) +AP_JWT=$(openssl rand -base64 32) +echo " Encryption Key: $AP_KEY" +echo " JWT Secret: (generado)" + +# 2. Inyectar en group_vars/all.yml +echo -e "${YELLOW}[2/3] Actualizando group_vars/all.yml...${NC}" + +if grep -q "ap_encryption_key" "$GROUP_VARS"; then + echo -e " ⚠️ Variables ya existen en group_vars. Saltando inyección." +else + cat <> "$GROUP_VARS" + +# Activepieces Configuration +ap_encryption_key: "$AP_KEY" +ap_jwt_secret: "$AP_JWT" +EOT + echo -e " ✅ Variables añadidas al final del archivo." +fi + +# 3. Parchear el Template (business-compose.j2) +echo -e "${YELLOW}[3/3] Parcheando template Docker Compose...${NC}" + +# Hacemos backup +cp "$TEMPLATE_FILE" "${TEMPLATE_FILE}.bak_ap" + +# Estrategia: Buscar la línea AP_FRONTEND_URL e insertar debajo las nuevas variables +# Usamos perl para inserción multilínea segura +perl -i -pe 's|(AP_FRONTEND_URL:.*)|$1\n AP_ENCRYPTION_KEY: "{{ ap_encryption_key }}"\n AP_JWT_SECRET: "{{ ap_jwt_secret }}"|g' "$TEMPLATE_FILE" + +if grep -q "AP_ENCRYPTION_KEY" "$TEMPLATE_FILE"; then + echo -e " ✅ Template parcheado correctamente." +else + echo -e "${RED}ERROR: Falló el parcheo del template. Revisa manualmente.${NC}" + # Restaurar backup si falló + cp "${TEMPLATE_FILE}.bak_ap" "$TEMPLATE_FILE" +fi + +echo -e "${GREEN}=== LISTO ===${NC}" +echo -e "Ahora ejecuta:" +echo -e "1. git diff" +echo -e "2. git add . && git commit -m 'Fix Activepieces secrets' && git push" +echo -e "3. Desplegar en Semaphore" diff --git a/group_vars/all.yml b/group_vars/all.yml index 0e0ad57..20215a5 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -18,3 +18,7 @@ pg_version: "16" # Carbone (Stack Docs) core_ip: "10.10.10.104" a412b12 (Fix: V3.2 upgrade paths) + +# Activepieces Configuration +ap_encryption_key: "ff7d959b67bc4b31752d51c3db3bbb5b" +ap_jwt_secret: "eW4o2aZs0yNT3Z9kSS6IYDLtMtJ/Uh1acV0HIYOfrtI=" diff --git a/roles/core/templates/business-compose.j2 b/roles/core/templates/business-compose.j2 index ae4b7e9..8bc43fc 100644 --- a/roles/core/templates/business-compose.j2 +++ b/roles/core/templates/business-compose.j2 @@ -74,6 +74,8 @@ services: AP_REDIS_PORT: 6379 AP_REDIS_PASSWORD: {{ global_redis_pass }} AP_FRONTEND_URL: "http://{{ ansible_host }}:8081" + AP_ENCRYPTION_KEY: "{{ ap_encryption_key }}" + AP_JWT_SECRET: "{{ ap_jwt_secret }}" ports: - "8081:80" diff --git a/roles/core/templates/business-compose.j2.bak_ap b/roles/core/templates/business-compose.j2.bak_ap new file mode 100644 index 0000000..ae4b7e9 --- /dev/null +++ b/roles/core/templates/business-compose.j2.bak_ap @@ -0,0 +1,81 @@ +services: + # DB Interna del Stack + db: + image: postgres:16-alpine + restart: always + environment: + POSTGRES_PASSWORD: {{ global_db_pass }} + POSTGRES_USER: postgres + POSTGRES_DB: postgres + volumes: + - pg_data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + + redis: + image: redis:alpine + restart: always + command: redis-server --requirepass {{ global_redis_pass }} + healthcheck: + test: ["CMD", "redis-cli", "ping"] + interval: 5s + timeout: 3s + retries: 5 + + # APPS + dolibarr: + image: upshift/dolibarr:latest + depends_on: + db: + condition: service_healthy + environment: + DOLI_DB_HOST: db + DOLI_DB_PORT: 5432 + DOLI_DB_TYPE: pgsql + DOLI_DB_USER: postgres + DOLI_DB_PASSWORD: {{ global_db_pass }} + DOLI_ADMIN_LOGIN: admin + DOLI_ADMIN_PASSWORD: admin + ports: + - "8080:80" + + teable: + image: teableio/teable:latest + depends_on: + db: + condition: service_healthy + redis: + condition: service_healthy + environment: + PRISMA_DATABASE_URL: "postgresql://postgres:{{ global_db_pass }}@db:5432/teable" + REDIS_URL: "redis://:{{ global_redis_pass }}@redis:6379/0" + PUBLIC_ORIGIN: "http://{{ ansible_host }}:3000" + SECRET_KEY: "TeableSecretKey123" + ports: + - "3000:3000" + + activepieces: + image: activepieces/activepieces:latest + depends_on: + db: + condition: service_healthy + redis: + condition: service_healthy + environment: + AP_POSTGRES_HOST: db + AP_POSTGRES_PORT: 5432 + AP_POSTGRES_DATABASE: activepieces + AP_POSTGRES_USERNAME: postgres + AP_POSTGRES_PASSWORD: {{ global_db_pass }} + AP_REDIS_HOST: redis + AP_REDIS_PORT: 6379 + AP_REDIS_PASSWORD: {{ global_redis_pass }} + AP_FRONTEND_URL: "http://{{ ansible_host }}:8081" + ports: + - "8081:80" + +volumes: + pg_data: