Bootstrap
Purpose
Section titled “Purpose”Bring a fresh Get2Dial deployment to a usable state: apply schema, create the first platform admin, and provision the first tenant.
Overview
Section titled “Overview”Bootstrap is a one-shot flow run once per new environment, handled by the
cmd/bootstrap CLI. It never runs automatically — operators invoke it
explicitly, passing credentials via environment variables so they stay out of
image layers and shell history. It is idempotent (ON CONFLICT DO NOTHING), and
bootstrap state is tracked in the single-row platform_bootstrap table.
Order of operations:
- Run migrations (the one-shot
migrateservice; idempotent). - Create the first platform admin (
bootstrap platform-admin). - Create the first tenant + its admin (
bootstrap tenant).
Configuration
Section titled “Configuration”DATABASE_URL=postgres://USER:PASSWORD@HOST:5432/get2dial?sslmode=requireAUTH_BCRYPT_COST=12Subcommand environment variables:
# bootstrap platform-admin (password min 12 chars)BOOTSTRAP_PLATFORM_ADMIN_EMAIL=...BOOTSTRAP_PLATFORM_ADMIN_PASSWORD=...BOOTSTRAP_PLATFORM_ADMIN_NAME=...
# bootstrap tenantBOOTSTRAP_TENANT_NAME=... BOOTSTRAP_TENANT_DOMAIN=...BOOTSTRAP_TENANT_SIP_DOMAIN=... BOOTSTRAP_TENANT_SIP_WSS_URI=...BOOTSTRAP_TENANT_ADMIN_EMAIL=... BOOTSTRAP_TENANT_ADMIN_PASSWORD=...BOOTSTRAP_TENANT_ADMIN_NAME=... BOOTSTRAP_TENANT_ADMIN_SIP_EXT=...Examples
Section titled “Examples”# 1. Apply schema (one-shot; safe to re-run)docker compose run --rm migrate
# 2. Create the first platform admindocker compose --profile bootstrap run --rm \ -e BOOTSTRAP_PLATFORM_ADMIN_EMAIL=admin@example.com \ -e BOOTSTRAP_PLATFORM_ADMIN_PASSWORD='at-least-12-chars' \ bootstrap platform-admin
# 3. Inspect bootstrap statedocker compose --profile bootstrap run --rm bootstrap status- Migrations are idempotent — re-running skips already-applied versions.
- An alternative one-shot HTTP path (
POST /api/v1/auth/bootstrap) exists but is disabled unlessAUTH_BOOTSTRAP_TOKENis set. GET /api/v1/auth/bootstrap-statusreports whether the platform is initialized (used to render a “bootstrap required” banner).- Store the admin password in a vault; rotate after first login.