setup-grafana.sh

#!/bin/bash

set -e

stty sane # dont show backspace char during prompts

script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )

## Get Project Name
project=$1
if [ -z "$project" ];
then
  read -rp "Enter the name for the google cloud project (Ex. switchboard-oracle-cluster): " project
fi
project=$(echo "${project// /-}" | awk '{print tolower($0)}') # Replace spaces with dashes and make lower case
echo -e "project name: $project"

## Create TLS Certificate
mkdir -p secrets
tls_privkey_file=$(realpath "secrets/${project}-letsencrypt.private.key")
tls_pubkey_file=$(realpath "secrets/${project}-tls.public.pub")
csr_privkey_file=$(realpath "secrets/${project}-csr.private.key")
csr_file=$(realpath "secrets/${project}-csr.pem")
chain_file=$(realpath "secrets/${project}-tls-chain.pem")
crt_file=$(realpath "secrets/${project}-crt.pem")

## Exit if we have the files we need
if [ -s "$csr_privkey_file" ] && [ -s "$crt_file" ]
then
    grafana_tls_key=$(base64 "$csr_privkey_file")
    printf "\nGRAFANA_TLS_KEY=\"%s\"\n" "$grafana_tls_key"
    "$script_dir"/scripts/save-env-value.sh "$project" "GRAFANA_TLS_KEY" "$grafana_tls_key" > /dev/null
    grafana_tls_crt=$(base64 "$crt_file")
    printf "\nGRAFANA_TLS_CRT=\"%s\"\n" "$grafana_tls_crt"
    "$script_dir"/scripts/save-env-value.sh "$project" "GRAFANA_TLS_CRT" "$grafana_tls_key" > /dev/null
    exit 0
fi

if [ ! -s "$tls_privkey_file" ]; then
    openssl genrsa 4096 > "$tls_privkey_file"
fi
tls_pubkey=$(openssl rsa -in "$tls_privkey_file" -pubout)
echo "$tls_pubkey" > "$tls_pubkey_file"
printf '\nStep #1: Account Public Key:\n%s\n\n' "$tls_pubkey"

if [ ! -s "$csr_privkey_file" ]; then
    openssl genrsa 4096 > "$csr_privkey_file"
fi
if [[  -s "$csr_privkey_file" ]]; then
    grafana_tls_key=$(base64 "$csr_privkey_file")
    # printf "\nGRAFANA_TLS_KEY=\"%s\"\n" "$grafana_tls_key"
    "$script_dir"/scripts/save-env-value.sh "$project" "GRAFANA_TLS_KEY" "$grafana_tls_key" > /dev/null
fi

if [ ! -s "$csr_file" ]; then
    domain=$2
    read -rp "is this domain correct (${domain})? (y/n)? " answer
    case ${answer:0:1} in
        y|Y )
        ;;
        * )
            read -rp "Enter your registered domain name where you will view grafana metrics (Ex. grafana.switchboard.com): " domain
        ;;
    esac
    email=$3
    read -rp "is this email correct (${email})? (y/n)? " answer
    case ${answer:0:1} in
        y|Y )
        ;;
        * )
            read -rp "Enter an email for your TLS CRT: " email
        ;;
    esac
    "$script_dir"/scripts/save-env-value.sh "$project" "GRAFANA_HOSTNAME" "$domain"
    openssl req -new -nodes -key "$csr_privkey_file" -out "$csr_file" -subj "/CN=${domain}/emailAddress=${email}"
fi
tls_csr=$(<"$csr_file")
printf '\nStep#2: Certificate Signing Request:\n%s\n' "$tls_csr"


if [ -s "$chain_file" ]
then
    if [[ ! -f "$crt_file" || ! -s "$crt_file" ]]; then
         openssl x509 -in "$chain_file" -out "$crt_file"
    fi
    grafana_tls_crt=$(base64 "$crt_file")
    printf "\nGRAFANA_TLS_CRT=\"%s\"\n" "$grafana_tls_crt"
    "$script_dir"/scripts/save-env-value.sh "$project" "GRAFANA_TLS_KEY" "$grafana_tls_key" > /dev/null
    exit 0
else
    printf '\nPrivate Key File: %s' "$tls_privkey_file"
    printf '\nPublic Key File: %s' "$tls_pubkey_file"
    printf '\nCert Signing Request File: %s' "$csr_file"

    printf "\n\nComplete the steps at https://gethttpsforfree.com and save the entire TLS certificate chain to:\n\t%s\n" "$chain_file"

    echo -e "\n\texport PRIV_KEY=\"$tls_privkey_file\""
    exit 0
fi

exit 0