/
run_ockam.sh
executable file
·45 lines (39 loc) · 1.47 KB
/
run_ockam.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/bash
set -ex
# Change into ec2-user's home directory and use sudo to run the commands as ec2-user
cd /home/ec2-user
sudo -u ec2-user bash << 'EOS'
set -ex
# Install Ockam Command
curl --proto '=https' --tlsv1.2 -sSfL https://install.command.ockam.io | bash
source "$HOME/.ockam/env"
# Run `ockam project enroll ...`
#
# The `project enroll` command creates a new vault and generates a cryptographic identity with
# private keys stored in that vault.
#
# The enrollment ticket includes routes and identifiers for the project membership authority
# and the project’s node that offers the relay service.
#
# The enrollment ticket also includes an enrollment token. The project enroll command
# creates a secure channel with the project membership authority and presents this enrollment token.
# The authority enrolls presented identity and returns a project membership credential.
#
# The command, stores this credential for later use and exits.
ockam project enroll "$ENROLLMENT_TICKET"
# Create an ockam node.
#
# Create an access control policy that only allows project members that possesses a credential with
# attribute postgres-outlet="true" to connect to TCP Portal Inlets on this node.
#
# Create a TCP Portal Inlet to postgres.
# This makes the remote postgres available on all localhost IPs at - 0.0.0.0:15432
cat << EOF > inlet.yaml
tcp-inlet:
from: 0.0.0.0:15432
via: postgres
allow: '(= subject.postgres-outlet "true")'
EOF
ockam node create inlet.yaml
rm inlet.yaml
EOS