Skip to content

Bootstrap

Bring a fresh Get2Dial deployment to a usable state: apply schema, create the first platform admin, and provision the first tenant.

Bootstrap is a one-shot flow run once per new environment, handled by the cmd/bootstrap CLI. It never runs automatically — operators invoke it explicitly, passing credentials via environment variables so they stay out of image layers and shell history. It is idempotent (ON CONFLICT DO NOTHING), and bootstrap state is tracked in the single-row platform_bootstrap table.

Order of operations:

  1. Run migrations (the one-shot migrate service; idempotent).
  2. Create the first platform admin (bootstrap platform-admin).
  3. Create the first tenant + its admin (bootstrap tenant).
Terminal window
DATABASE_URL=postgres://USER:PASSWORD@HOST:5432/get2dial?sslmode=require
AUTH_BCRYPT_COST=12

Subcommand environment variables:

Terminal window
# bootstrap platform-admin (password min 12 chars)
BOOTSTRAP_PLATFORM_ADMIN_EMAIL=...
BOOTSTRAP_PLATFORM_ADMIN_PASSWORD=...
BOOTSTRAP_PLATFORM_ADMIN_NAME=...
# bootstrap tenant
BOOTSTRAP_TENANT_NAME=... BOOTSTRAP_TENANT_DOMAIN=...
BOOTSTRAP_TENANT_SIP_DOMAIN=... BOOTSTRAP_TENANT_SIP_WSS_URI=...
BOOTSTRAP_TENANT_ADMIN_EMAIL=... BOOTSTRAP_TENANT_ADMIN_PASSWORD=...
BOOTSTRAP_TENANT_ADMIN_NAME=... BOOTSTRAP_TENANT_ADMIN_SIP_EXT=...
Terminal window
# 1. Apply schema (one-shot; safe to re-run)
docker compose run --rm migrate
# 2. Create the first platform admin
docker compose --profile bootstrap run --rm \
-e BOOTSTRAP_PLATFORM_ADMIN_EMAIL=admin@example.com \
-e BOOTSTRAP_PLATFORM_ADMIN_PASSWORD='at-least-12-chars' \
bootstrap platform-admin
# 3. Inspect bootstrap state
docker compose --profile bootstrap run --rm bootstrap status
  • Migrations are idempotent — re-running skips already-applied versions.
  • An alternative one-shot HTTP path (POST /api/v1/auth/bootstrap) exists but is disabled unless AUTH_BOOTSTRAP_TOKEN is set.
  • GET /api/v1/auth/bootstrap-status reports whether the platform is initialized (used to render a “bootstrap required” banner).
  • Store the admin password in a vault; rotate after first login.