Last active
May 2, 2019 19:28
-
-
Save M0ses/14592c5448bc1dcbda015881d970f4a9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:443> | |
ServerAdmin foo@bar.org | |
DocumentRoot /srv/www/libretime/airtime_mvc/public | |
SSLEngine on | |
# SSLUseStapling on | |
SSLCertificateFile /etc/apache2/ssl.crt/libretime.crt | |
SSLCertificateKeyFile /etc/apache2/ssl.key/libretime.key | |
CustomLog /var/log/apache2/ssl_request_log ssl_combined | |
php_admin_value upload_tmp_dir /tmp | |
php_value post_max_size 500M | |
php_value upload_max_filesize 500M | |
php_value request_order "GPC" | |
php_value session.gc_probability 0 | |
php_value session.auto_start 0 | |
AddOutputFilterByType DEFLATE text/plain | |
AddOutputFilterByType DEFLATE text/html | |
AddOutputFilterByType DEFLATE text/xml | |
AddOutputFilterByType DEFLATE text/css | |
AddOutputFilterByType DEFLATE application/xml | |
AddOutputFilterByType DEFLATE application/xhtml+xml | |
AddOutputFilterByType DEFLATE application/rss+xml | |
AddOutputFilterByType DEFLATE application/javascript | |
AddOutputFilterByType DEFLATE application/x-javascript | |
AddOutputFilterByType DEFLATE application/json | |
<Directory /srv/www/libretime> | |
Options +FollowSymLinks | |
RewriteEngine On | |
RewriteCond %{REQUEST_FILENAME} -s [OR] | |
RewriteCond %{REQUEST_FILENAME} -l [OR] | |
RewriteCond %{REQUEST_FILENAME} -d | |
RewriteRule ^.*$ - [NC,L] | |
RewriteRule ^.*$ index.php [NC,L] | |
DirectoryIndex index.php | |
AllowOverride all | |
Require all granted | |
</Directory> | |
</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kanku destroy | |
kanku up | |
kanku ssh -u root | |
mcedit KankuFile | |
zypper -n in <package> # paket installieren | |
zypper se <pattern> # nach package suchen | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
IP=`ip a show dev eth0 |grep -w inet|perl -p -e 's/inet\s+(.*)\/.*/$1/'` | |
PROPOSED_DNS_NAMES="localhost `hostname` `hostname -f` $IP" | |
cert_outdir=$backenddir/certs | |
SSLCRT=/etc/apache2/ssl.crt/libretime.crt | |
SSLKEY=/etc/apache2/ssl.key/libretime.key | |
openssl genrsa -out $SSLKEY 1024 2>/dev/null | |
COUNTER=0 | |
DNS_NAMES="" | |
for name in $PROPOSED_DNS_NAMES;do | |
DNS_NAMES="$DNS_NAMES | |
DNS.$COUNTER = $name" | |
COUNTER=$(($COUNTER + 1 )) | |
done | |
OPENSSL_CONFIG="prompt = no | |
distinguished_name = req_distinguished_name | |
[req_distinguished_name] | |
countryName = CC | |
stateOrProvinceName = libretime Autogen State or Province | |
localityName = libretime Autogen Locality | |
organizationName = libretime Autogen Organisation | |
organizationalUnitName = libretime Autogen Organizational Unit | |
commonName = libretime | |
emailAddress = test@email.address | |
[req] | |
req_extensions = v3_req | |
distinguished_name = req_distinguished_name | |
attributes = req_attributes | |
x509_extensions = v3_ca | |
[req_attributes] | |
[ v3_req ] | |
basicConstraints = CA:FALSE | |
keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
[ v3_ca ] | |
subjectKeyIdentifier=hash | |
authorityKeyIdentifier=keyid:always,issuer | |
basicConstraints = CA:true | |
[ v3_req ] | |
# Extensions to add to a certificate request | |
basicConstraints = critical,CA:FALSE | |
keyUsage = digitalSignature, keyEncipherment | |
subjectAltName = @alt_names | |
[alt_names] | |
$DNS_NAMES | |
[ v3_ca ] | |
basicConstraints = CA:TRUE | |
subjectAltName = @alt_names | |
" | |
echo "$OPENSSL_CONFIG" | openssl req -new -nodes -config /dev/stdin \ | |
-x509 -days 365 -batch \ | |
-key $SSLKEY \ | |
-out $SSLCRT | |
cp $SSLCRT \ | |
/usr/share/pki/trust/anchors/libretime.pem | |
update-ca-certificates |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 2019-05-02 16:16:20 for i in airtime-playout airtime-liquidsoap airtime_analyzer airtime-celery;do systemctl start $i;done | |
38 2019-05-02 16:16:30 for i in airtime-playout airtime-liquidsoap airtime_analyzer airtime-celery;do systemctl enable $i;done | |
56 2019-05-02 16:21:17 ip a show dev eth0 |grep -w inet|perl -p -e 's/inet\s*(\w*)\/.*/$1/' | |
64 2019-05-02 16:24:55 for i in airtime-playout airtime-liquidsoap airtime_analyzer airtime-celery;do systemctl restart $i;done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash -e | |
#-e Causes bash script to exit if any of the installers | |
#return with a non-zero return value. | |
if [[ $EUID -ne 0 ]]; then | |
echo "Please run as root user." | |
exit 1 | |
fi | |
SCRIPT_DIR="$( cd "$( dirname "$0" )" && pwd )" | |
AIRTIMEROOT=${SCRIPT_DIR} | |
showhelp () { | |
echo "Usage: sudo bash install [options] | |
-h, --help, -? | |
Display usage information | |
-V, --version | |
Display version information | |
-v, --verbose | |
More output | |
-q, --quiet, --silent | |
No output except errors | |
-f, --force | |
Turn off interactive prompts | |
--distribution=DISTRIBUTION | |
Linux distribution the installation is being run on | |
--release=RELEASE | |
Distribution release | |
-d, --ignore-dependencies | |
Don't install binary dependencies | |
-w, --web-user=WEB_USER | |
Set the apache web user. Defaults to www-data. Only change | |
this setting if you've changed the default apache web user | |
-r, --web-root=WEB_ROOT | |
Set the web root for Airtime files | |
This will copy the Airtime application files, but you will need | |
to give your web user access to the given directory if it is | |
not accessible | |
--web-port=WEB_PORT | |
Set what port the LibreTime interface should run on. | |
-I, --in-place | |
Set the current Airtime directory as the web root | |
Note that you will need to give your web user permission to | |
access this directory if it is not accessible | |
-p, --postgres | |
Create a default postgres user named 'airtime' with password | |
'airtime' | |
-a, --apache | |
Install apache and deploy a basic configuration for Airtime | |
-i, --icecast | |
Install Icecast 2 and deploy a basic configuration for Airtime | |
--selinux | |
Run restorecon on directories and files that need tagging to | |
allow the WEB_USER access | |
--no-postgres | |
Skips all postgres related install tasks (Useful if you configure | |
postgresql as part of another script / docker builds) | |
--no-rabbitmq | |
Skips all rabbitmq related install tasks. | |
" | |
exit 0 | |
} | |
showversion () { | |
if [ ! -f "$SCRIPT_DIR/VERSION" ]; then | |
echo "Please initialize LibreTime by running ./build.sh" | |
exit 1 | |
fi | |
version=$(cat "$SCRIPT_DIR/VERSION") | |
echo "LibreTime Version ${version}" | |
exit 0 | |
} | |
web_user="" | |
web_root="" | |
web_port="80" | |
in_place="f" | |
postgres="f" | |
apache="f" | |
icecast="f" | |
ignore_dependencies="f" | |
selinux="f" | |
# Interactive | |
_i=1 | |
# Verbose | |
_v=0 | |
# Quiet | |
_q=0 | |
upgrade="f" | |
dist="" | |
code="" | |
apache_bin="" | |
skip_postgres=0 | |
skip_rabbitmq=0 | |
default_value="Y" | |
function verbose() { | |
if [[ ${_v} -eq 1 ]]; then | |
echo -e "$@" | |
fi | |
} | |
function loud() { | |
if [[ ${_q} -eq 0 ]]; then | |
echo -e "$@" | |
fi | |
} | |
# Evaluate commands silently if quiet. | |
# If not quiet, output command if verbose. | |
function loudCmd() { | |
if [[ ${_q} -eq 0 ]]; then | |
verbose "$@" | |
eval $@ | |
else | |
eval $@ > /dev/null | |
fi | |
} | |
function checkCommandExists() { | |
set +e | |
command=$@ | |
eval hash ${command} 2>/dev/null | |
commandFound=$? | |
if [[ ! ${commandFound} -eq 0 ]]; then | |
echo -e "Error: ${command} not found. Please ensure you have the corresponding dependency installed." | |
exit | |
fi | |
set -e | |
} | |
# Function to determine if systemd, Upstart or System V Init is the active | |
# init system. All the newer supported distros use systemd out-of-the-box but | |
# a sysadmin could have installed an alternative init compatibility package. | |
# As a result, making assumptions based on the distribution and release is | |
# not a good idea. The detection works as follows: | |
# 1. Get the process name where PID=1 and follow any symlinks. | |
# 2. Look up that path in the appropriate package manager to get the name | |
# of the package that process is part of. | |
# See https://unix.stackexchange.com/questions/196166/how-to-find-out-if-a-system-uses-sysv-upstart-or-systemd-initsystem | |
has_systemd_init=false | |
has_upstart_init=false | |
has_systemv_init=false | |
function systemInitDetect() { | |
verbose "\nDetecting init system type ..." | |
# Get the path of the command where pid=1 following any symlinks | |
pid_1_path=$(readlink --canonicalize -n /proc/1/exe) | |
# returns '/sbin/init' (Debian Wheezy & Ubuntu Trusty) | |
# returns '(/usr)?/lib/systemd/systemd' (Debian Stretch, Debian Jessie, Debian Buster, Ubuntu Xenial, CentOS 7) | |
verbose "Detected path to PID=1 process: $pid_1_path" | |
# Get package of PID=1 path as it identifies the init system. | |
# Allow this to fail, at least then the init system can be guessed from the | |
# PID 1 executable alone | |
pid_1_package=$(dpkg -S $pid_1_path 2>/dev/null || | |
rpm --qf '%{name}\n' -qf $pid_1_path 2>/dev/null || | |
echo "unknown") | |
verbose "Detected package name for PID=1 process: $pid_1_package" | |
case "${pid_1_package}:${pid_1_path}" in | |
*systemd*) has_systemd_init=true; verbose "Detected init system type: systemd" ;; | |
*upstart*) has_upstart_init=true; verbose "Detected init system type: Upstart" ;; | |
*sysvinit*) has_systemv_init=true; verbose "Detected init system type: System V" ;; | |
*) echo "ERROR: Unable to detect init system using package or path of PID=1 process!" >&2 | |
exit 1 | |
;; | |
esac | |
return 0 | |
} | |
# Function to wrap installation of services for systemd, Upstart and System V | |
# depending on which one was detected by the systemInitDetect() function. | |
# Service file is copied from a known location and installed into the system. | |
# In the process, filtering is performed for the userid if appropriate. | |
# If required, the service is enabled; then it is started. | |
# Usage: | |
# systemInitInstall service-name [user] | |
function systemInitInstall() { | |
local service_name="$1" | |
local user="$2" | |
local source_base_path="" | |
local source_path="" | |
local target_path="" | |
local source_config_path="" | |
local target_config_path="" | |
local python_source_path="${SCRIPT_DIR-$PWD}/python_apps" | |
verbose "\n * Installing service $service_name ..." | |
if $has_systemd_init; then | |
# TODO: move .service files under python_apps/.../install/systemd | |
source_path="${SCRIPT_DIR-$PWD}/installer/systemd/${service_name}.service" | |
target_path="/etc/systemd/system/${service_name}.service" | |
if [[ ! -e $source_path ]]; then | |
echo "$0:${FUNCNAME}(): ERROR: service \"$service_name\" with source path \"$source_path\" does not exist!" >&2 | |
exit 1 | |
fi | |
# Stop and disable the service if it already exists | |
if [[ -e $target_path ]]; then | |
verbose "Service $service_name already exists - stopping and disabling." | |
loudCmd "systemctl disable ${service_name}.service" | |
loudCmd "systemctl stop ${service_name}.service" | |
fi | |
# If no user defined, then just copy, otherwise filter | |
if [[ -z $user ]]; then | |
loudCmd "cp $source_path $target_path" | |
else | |
sed -e "s/User=.*/User=${user}/" \ | |
-e "s/Group=.*/Group=${user}/" $source_path > $target_path | |
fi | |
chmod 0644 $target_path | |
chown root:root $target_path | |
verbose "Service ${service_name} installed into ${target_path}" | |
# Enable and start the service | |
loudCmd "systemctl enable ${service_name}.service" | |
verbose "Service ${service_name} enabled and started" | |
elif $has_upstart_init; then | |
case "$service_name" in | |
airtime_analyzer) | |
source_path="${python_source_path}/${service_name}/install/upstart/${service_name}.conf" | |
target_path="/etc/init/${service_name}.conf" | |
user=${user:-$web_user} | |
;; | |
airtime-celery) | |
source_path="${python_source_path}/${service_name}/install/upstart/${service_name}.conf" | |
target_path="/etc/init/${service_name}.conf" | |
user="" | |
;; | |
airtime-liquidsoap|airtime-playout) | |
source_path="${python_source_path}/pypo/install/upstart/${service_name}.conf.template" | |
target_path="/etc/init/${service_name}.conf" | |
user=${user:-$web_user} | |
;; | |
esac | |
if [[ ! -e $source_path ]]; then | |
echo "$0:${FUNCNAME}(): ERROR: service \"$service_name\" with source path \"$source_path\" does not exist!" >&2 | |
exit 1 | |
fi | |
# Stop the service if it already exists | |
if [[ -e $target_path ]]; then | |
verbose "Service $service_name already exists - stopping." | |
loudCmd "service ${service_name} stop" | |
fi | |
# If no user defined, then just copy, otherwise filter | |
if [[ -z $user ]]; then | |
loudCmd "cp $source_path $target_path" | |
else | |
sed -e "s/WEB_USER/${user}/g" \ | |
-e "/^set[gu]id/{s/www-data/${user}/}" $source_path > $target_path | |
fi | |
chmod 0644 $target_path | |
chown root:root $target_path | |
verbose "Service ${service_name} installed into ${target_path}" | |
loudCmd "initctl check-config $service_name" | |
elif $has_systemv_init; then | |
case "$service_name" in | |
airtime_analyzer) | |
source_path="${python_source_path}/${service_name}/install/sysvinit/${service_name}" | |
target_path="/etc/init.d/${service_name}" | |
user=${user:-$web_user} | |
;; | |
airtime-celery) | |
source_path="${python_source_path}/${service_name}/install/initd/${service_name}" | |
target_path="/etc/init.d/${service_name}" | |
source_config_path="${python_source_path}/${service_name}/install/conf/${service_name}" | |
target_config_path="/etc/default/${service_name}" | |
user="" | |
;; | |
airtime-liquidsoap|airtime-playout) | |
source_path="${python_source_path}/pypo/install/sysvinit/${service_name}" | |
target_path="/etc/init.d/${service_name}" | |
user=${user:-$web_user} | |
;; | |
esac | |
if [[ ! -e $source_path ]]; then | |
echo "$0:${FUNCNAME}(): ERROR: service \"$service_name\" with source path \"$source_path\" does not exist!" >&2 | |
exit 1 | |
fi | |
# Stop the service if it already exists | |
if [[ -e $target_path ]]; then | |
verbose "Service $service_name already exists - stopping." | |
loudCmd "invoke-rc.d $service_name stop" | |
fi | |
# If no user defined, then just copy, otherwise filter | |
if [[ -z $user ]]; then | |
loudCmd "cp $source_path $target_path" | |
[[ -n $source_config_path ]] && | |
loudCmd "cp $source_config_path $target_config_path" | |
else | |
sed -e "/^USERID/{s/www-data/${user}/}" \ | |
-e "/^GROUPID/{s/www-data/${user}/}" $source_path > $target_path | |
fi | |
chmod 0644 $target_path | |
chown root:root $target_path | |
if [[ -n $target_config_path ]]; then | |
chmod 0644 $target_config_path | |
chown root:root $target_config_path | |
fi | |
verbose "Service ${service_name} installed into ${target_path}" | |
# Create symlinks for the appropriate runlevels | |
loudCmd "update-rc.d $service_name defaults" | |
verbose "Service ${service_name} enabled" | |
fi | |
return 0 | |
} | |
# Function to wrap different systemd vs. Upstart init commands depending | |
# on which init system has been detected. Syntax is similar to systemctl. | |
# Usage: | |
# systemInitCommand _command_ [service-name ...] | |
# Where _command_ is one of: start, stop, status, reload, restart | |
# enable, disable and either daemon-reload or reload-configuration. | |
function systemInitCommand() { | |
local command=$1; shift | |
case "$command" in | |
start|stop|status|reload|restart) | |
if $has_systemd_init; then | |
loudCmd "systemctl $command $@" | |
elif $has_upstart_init; then | |
for svc_name in $@; do | |
loudCmd "service $svc_name $command" | |
done | |
elif $has_systemv_init; then | |
for svc_name in $@; do | |
loudCmd "invoke-rc.d $svc_name $command" | |
done | |
fi | |
;; | |
enable|disable) # TODO: REMOVE | |
$has_systemd_init && | |
loudCmd "systemctl $command $1.service" | |
if $has_systemv_init; then | |
if [[ "$command" = "enable" ]] | |
then loudCmd "update-rc.d $1 defaults" | |
else loudCmd "update-rc.d $1 enable" | |
fi | |
fi | |
;; | |
daemon-reload|reload-configuration) | |
$has_systemd_init && | |
loudCmd "systemctl daemon-reload" | |
$has_upstart_init && | |
loudCmd "initctl reload-configuration" | |
;; | |
*) echo -e "$0:${FUNCNAME}(): ERROR: command \"$command\" is not supported!" >&2 | |
exit 1 | |
;; | |
esac | |
return 0 | |
} | |
while :; do | |
case "$1" in | |
--help) | |
showhelp | |
;; | |
--version) | |
showversion | |
;; | |
--verbose) | |
_v=1 | |
;; | |
--quiet|--silent) | |
_q=1 | |
;; | |
--force) | |
_i=0 | |
;; | |
--distribution) | |
if [ "$2" ]; then | |
dist=$2 | |
shift 2 | |
continue | |
else | |
echo 'ERROR: Must specify a non-empty "--distribution DISTRIBUTION" argument.' >&2 | |
exit 1 | |
fi | |
;; | |
--distribution=?*) | |
dist=${1#*=} # Delete everything up to "=" and assign the remainder. | |
;; | |
--distribution=) | |
echo 'ERROR: Must specify a non-empty "--distribution DISTRIBUTION" argument.' >&2 | |
exit 1 | |
;; | |
--release) | |
if [ "$2" ]; then | |
code=$2 | |
shift 2 | |
continue | |
else | |
echo 'ERROR: Must specify a non-empty "--release RELEASE" argument.' >&2 | |
exit 1 | |
fi | |
;; | |
--release=?*) | |
code=${1#*=} # Delete everything up to "=" and assign the remainder. | |
;; | |
--release=) | |
echo 'ERROR: Must specify a non-empty "--release RELEASE" argument.' >&2 | |
exit 1 | |
;; | |
--ignore-dependencies) | |
ignore_dependencies="t" | |
;; | |
--apache) | |
apache="t" | |
;; | |
--icecast) | |
icecast="t" | |
;; | |
--postgres) | |
postgres="t" | |
;; | |
--in-place) | |
in_place="t" | |
;; | |
--web-user) | |
if [ "$2" ]; then | |
web_user=$2 | |
shift 2 | |
continue | |
else | |
echo 'ERROR: Must specify a non-empty "--web-user WEB_USER" argument.' >&2 | |
exit 1 | |
fi | |
;; | |
--web-user=?*) | |
web_user=${1#*=} # Delete everything up to "=" and assign the remainder. | |
;; | |
--web-user=) | |
echo 'ERROR: Must specify a non-empty "--web-user=WEB_USER" argument.' >&2 | |
exit 1 | |
;; | |
--web-root) | |
if [ "$2" ]; then | |
web_root=$(readlink -f $2) | |
shift 2 | |
continue | |
else | |
echo 'ERROR: Must specify a non-empty "--web-root WEB_ROOT" argument.' >&2 | |
exit 1 | |
fi | |
;; | |
--web-root=?*) | |
web_root=${1#*=} # Delete everything up to "=" and assign the remainder. | |
;; | |
--web-root=) | |
echo 'ERROR: Must specify a non-empty "--web-root=WEB_ROOT" argument.' >&2 | |
exit 1 | |
;; | |
--web-port) | |
echo 'ERROR: Please specify a port number.' >&2 | |
exit 1 | |
;; | |
--web-port=) | |
echo 'ERROR: Please specify a port number.' >&2 | |
exit 1 | |
;; | |
--web-port=?*) | |
web_port=${1#*=} | |
;; | |
--selinux) | |
selinux="t" | |
;; | |
--no-postgres) | |
skip_postgres=1 | |
;; | |
--no-rabbitmq) | |
skip_rabbitmq=1 | |
;; | |
--) | |
shift | |
break | |
;; | |
-?*) | |
for ((i = 1; i < ${#1}; i++)); do | |
case "${1:$i:1}" in | |
h|\?) | |
showhelp | |
;; | |
V) | |
showversion | |
;; | |
v) | |
_v=1 | |
;; | |
q) | |
_q=1 | |
;; | |
f) | |
_i=0 | |
;; | |
d) | |
ignore_dependencies="t" | |
;; | |
a) | |
apache="t" | |
;; | |
i) | |
icecast="t" | |
;; | |
p) | |
postgres="t" | |
;; | |
I) | |
in_place="t" | |
;; | |
w) | |
if [ "$2" ]; then | |
web_user=$2 | |
continue | |
else | |
echo 'ERROR: Must specify a non-empty "-w WEB_USER" argument.' >&2 | |
exit 1 | |
fi | |
;; | |
r) | |
if [ "$2" ]; then | |
web_root=$(readlink -f $2) | |
continue | |
else | |
echo 'ERROR: Must specify a non-empty "-d WEB_ROOT" argument.' >&2 | |
exit 1 | |
fi | |
;; | |
*) | |
echo "$0: error - unrecognized option '${1:$i:1}'" >&2; | |
echo "Try 'install --help' for more information." | |
exit 1 | |
esac | |
done | |
;; | |
*) | |
break | |
esac | |
shift | |
done | |
if [ -z web_root -a ! -d web_root ]; then | |
echo "$web_root doesn't exist!" | |
exit 1 | |
fi | |
echo -e "\n.____ ._____. ___________.__ " | |
echo "| | |__\_ |_________ ___\__ ___/|__| _____ ____ " | |
echo "| | | || __ \_ __ \_/ __ \| | | |/ \_/ __ \ " | |
echo "| |___| || \_\ \ | \/\ ___/| | | | Y Y \ ___/ " | |
echo "|_______ \__||___ /__| \___ >____| |__|__|_| /\___ >" | |
echo -e " \/ \/ \/ \/ \/\n" | |
echo -e "Detecting distribution and release ..." | |
if [ -e /etc/os-release ]; then | |
# Access $ID, $VERSION_ID and $PRETTY_NAME | |
source /etc/os-release | |
echo "Detected distribution id: $ID" | |
echo "Detected distribution release id: $VERSION_ID" | |
echo "Detected distribution description: $PRETTY_NAME" | |
else | |
ID=unknown | |
VERSION_ID=unknown | |
PRETTY_NAME="Unknown distribution and release" | |
echo "WARNING: /etc/os-release configuration not found. Unable to detect distribution." >&2 | |
if [ -z "$dist" -o -z "$code" ]; then | |
echo "ERROR: One or both of --distribution and --release options were not specified." >&2 | |
echo "This is an unsupported distribution and/or version!" >&2 | |
exit 1 | |
fi | |
fi | |
# Validate --distribution parameter has a sane value for this OS. | |
if [ -n "$dist" ]; then | |
dist=${dist,,} | |
verbose "Checking --distribution \"$dist\" to ensure it has a sane value." | |
# If $ID detected above does not match parameter, then do some checking | |
if [ "$dist" != "$ID" ]; then | |
verbose "Detected distribution \"$ID\" does not match specified one of \"$dist\". Checking ..." | |
case "$dist" in | |
centos|rhel) pkg_installer=/usr/bin/yum; verbose "Detected yum package installer" ;; | |
debian|ubuntu) pkg_installer=/usr/bin/apt-get; verbose "Detected apt-get package installer" ;; | |
*) echo "ERROR: the value \"$dist\" specified for --distribution is unsupported." >&2 | |
exit 1 | |
;; | |
esac | |
if [ ! -x "$pkg_installer" ]; then | |
echo "ERROR: The value \"$dist\" specified for --distribution does not appear compatible!" >&2 | |
exit 1 | |
fi | |
fi | |
fi | |
# Validate the distribution and release is a supported one; set boolean flags. | |
is_debian_dist=false | |
is_debian_buster=false | |
is_debian_stretch=false | |
is_debian_jessie=false | |
is_ubuntu_dist=false | |
is_ubuntu_bionic=false | |
is_ubuntu_xenial=false | |
is_ubuntu_trusty=false | |
is_centos_dist=false | |
is_centos_7=false | |
# Use specified distribution and release or detected otherwise. | |
dist="${dist:-$ID}" | |
code="${code:-$VERSION_ID}" | |
code="${code,,}" | |
verbose "Validating dist-code: ${dist}-${code}" | |
case "${dist}-${code}" in | |
ubuntu-18.04) | |
code="bionic" | |
is_ubuntu_dist=true | |
is_ubuntu_bionic=true | |
;; | |
ubuntu-16.04|ubuntu-xenial|ubuntu-xenial_docker_minimal) | |
code="xenial" | |
is_ubuntu_dist=true | |
is_ubuntu_xenial=true | |
;; | |
ubuntu-14.04|ubuntu-trusty) | |
code="trusty" | |
is_ubuntu_dist=true | |
is_ubuntu_trusty=true | |
echo -e "WARNING: Ubuntu Trusty will be EOL by April 2019 and LibreTime will no longer support it at that point." >&2 | |
echo -e "Please upgrade to a non-EOL distro ASAP!" >&2 | |
sleep 6 | |
;; | |
debian-9|debian-stretch) | |
code="stretch" | |
is_debian_dist=true | |
is_debian_stretch=true | |
;; | |
debian-10|debian-buster) | |
code="buster" | |
is_debian_dist=true | |
is_debian_buster=true | |
;; | |
#Fix for Raspbian 9 (stretch) | |
raspbian-9|9) | |
code="stretch" | |
dist="debian" | |
is_debian_dist=true | |
is_debian_stretch=true | |
;; | |
#End of fix | |
debian-8|debian-jessie) | |
code="jessie" | |
is_debian_dist=true | |
echo -e "ERROR: Debian Jessie is archived and does not receive any security or other updates since 2018-05-17." >&2 | |
echo -e "The LibreTime installer will drop support for installing LibreTime on Jessie in 3.0.0-alpha.8." >&2 | |
sleep 6 | |
is_debian_jessie=true | |
;; | |
debian-7|debian-wheezy) | |
echo -e "ERROR: Debian Wheezy is archived and does not receive any security or other updates since 2018-05-31." >&2 | |
echo -e "The LibreTime installer dropped support for installing LibreTime on Wheezy in 3.0.0-alpha.6." >&2 | |
exit 1 | |
;; | |
centos-7) | |
is_centos_dist=true | |
is_centos_7=true | |
;; | |
*) | |
echo -e "ERROR: Distribution \"$PRETTY_NAME\" is not supported with \"${dist}-${code}\"!" >&2 | |
exit 1 | |
;; | |
esac | |
verbose "Using distribution id \"$dist\", release code \"$code\"" | |
# Detect init system type | |
systemInitDetect | |
if $is_centos_dist; then | |
apache_bin="httpd" | |
apache_service="httpd" | |
web_user="${web_user:-apache}" | |
else | |
apache_bin="apache2ctl" | |
apache_service="apache2" | |
web_user="${web_user:-www-data}" | |
fi | |
if [ "$ignore_dependencies" = "f" ]; then | |
set +e | |
loud "\n-----------------------------------------------------" | |
loud " * Installing External Dependencies * " | |
loud "-----------------------------------------------------" | |
if [ -x /usr/bin/apt-get ]; then | |
verbose "\n * Reading requirements-${dist}-${code}.apt..." | |
loudCmd "apt-get update" | |
package_list_file="${SCRIPT_DIR}/installer/lib/requirements-${dist}-${code}.apt" | |
if [ ! -f "$package_list_file" ]; then | |
echo "ERROR: package file does not exist: $package_list_file" >&2 | |
exit 1 | |
fi | |
# For apt-get version 1.1 or higher, --force-yes is deprecated so use new options. | |
apt_force_options="--allow-downgrades --allow-remove-essential --allow-change-held-packages" | |
# Get apt-get version by returning the 2nd parameter from the 1st line of output | |
apt_version=$(apt-get --version |awk 'NR == 1 { print $2 }') | |
# returns 1.8.0~alpha3 (Debian Buster) | |
# returns: 1.4.7 (Debian Stretch) | |
# returns: 0.9.7.9 (Debian Wheezy) | |
# returns: 1.0.1ubuntu2 (Ubuntu Trusty) | |
# returns: 1.0.9.8.4 (Debian Jessie) | |
# returns: 1.2.9 (Ubuntu Xenial) | |
verbose "Detected apt-get version as: $apt_version" | |
apt_version_formatted=$(awk 'BEGIN {FS = "."} {printf "%03d.%03d\n", $1,$2}' <<< $apt_version) | |
[[ "$apt_version_formatted" < "001.001" ]] && apt_force_options="--force-yes" | |
verbose "Using apt-get force options: $apt_force_options" | |
loudCmd "DEBIAN_FRONTEND=noninteractive apt-get -y -m ${apt_force_options} install $(grep -vE '^\s*#' $package_list_file | tr '\n' ' ')" | |
if [ "$in_place" = "t" ]; then | |
loudCmd "DEBIAN_FRONTEND=noninteractive apt-get -y -m install git" | |
fi | |
else | |
echo "WARNING: installing dependencies is not supported for this distribution" >&2 | |
fi | |
set -e | |
else | |
checkCommandExists "${apache_bin}" | |
checkCommandExists "rabbitmqctl" | |
checkCommandExists "psql" | |
if [ "$in_place" = "t" ]; then | |
checkCommandExists "git" | |
fi | |
fi | |
# Check if composer exists and install if it doesn't | |
set +e | |
eval hash "composer" 2>/dev/null | |
commandFound=$? | |
set -e | |
if [[ ! ${commandFound} -eq 0 ]]; then | |
curl -sS https://getcomposer.org/installer > get-composer.php | |
php ./get-composer.php --install-dir=/usr/local/bin --filename=composer | |
rm get-composer.php | |
PATH="${PATH}:/usr/local/bin" | |
fi | |
# Run composer (install PHP dependencies) and create a VERSION file | |
loudCmd "./build.sh" | |
if [ -f /etc/airtime/airtime.conf ]; then | |
# TODO use VERSION or some other way to check for updates and handle | |
# media-monitor case on it's own | |
OLD_CONF=$(grep "[media-monitor]" /etc/airtime/airtime.conf) | |
if [ -n "${OLD_CONF}" ]; then | |
upgrade="t" | |
set +e | |
verbose "Stopping airtime services..." | |
systemInitCommand stop airtime_analyzer airtime-celery airtime-playout airtime-liquidsoap airtime-media-monitor | |
verbose "...Done" | |
verbose "Disabling obsolete services..." | |
systemInitCommand disable airtime-media-monitor | |
verbose "...Done" | |
echo "Looks like you have an old version of Airtime. Your current /etc/airtime/airtime.conf \ | |
will be moved to /etc/airtime/airtime.conf.tmp" | |
# If we don't remove the existing python files in /usr/lib and the | |
# /etc/init.d startup scripts, services won't work properly | |
if [ -d /usr/lib/airtime/ ]; then | |
rm -rf /usr/lib/airtime/ | |
fi | |
rm -f /etc/init.d/airtime* | |
rm -f /etc/init/airtime* | |
rm -f /etc/default/airtime-celery | |
rm -f /etc/systemd/system/airtime* | |
if [ "$apache" = "t" ]; then | |
# If the user selects an "in-place" install or passes in a web root, | |
# we need to replace the old apache airtime.conf | |
rm /etc/apache2/sites-available/airtime.conf /etc/apache2/sites-enabled/airtime.conf | |
fi | |
if [ -d /usr/share/airtime -a web_root = /usr/share/airtime ]; then | |
rm -rf /usr/share/airtime | |
fi | |
mv /etc/airtime/airtime.conf /etc/airtime/airtime.conf.tmp | |
set -e | |
fi | |
fi | |
if [ "$apache" = "f" -a ${_i} -eq 1 ]; then | |
echo -e "Install default Airtime apache configuration? (Y/n): \c" | |
read IN | |
IN=${IN:-$default_value} | |
if [ "$IN" = "y" -o "$IN" = "Y" ]; then | |
apache="t" | |
fi | |
fi | |
if [ "$in_place" = "t" ]; then | |
verbose "\n * Setting current Airtime directory as web root..." | |
web_root=${AIRTIMEROOT}/airtime_mvc/public | |
elif [ -n "$web_root" ]; then | |
verbose "\n * Creating Apache web root directory..." | |
cp -R ${AIRTIMEROOT}/airtime_mvc ${web_root} | |
cp -R ${AIRTIMEROOT}/vendor ${web_root} | |
cp ${AIRTIMEROOT}/VERSION ${web_root} | |
web_root=${web_root}/airtime_mvc/public/ | |
else | |
verbose "\n * Creating default Apache web root directory /usr/share/airtime/php..." | |
web_root="/usr/share/airtime/php" | |
mkdir -p ${web_root} | |
cp -R ${AIRTIMEROOT}/airtime_mvc ${web_root} | |
cp -R ${AIRTIMEROOT}/vendor ${web_root} | |
cp ${AIRTIMEROOT}/VERSION ${web_root} | |
web_root=${web_root}/airtime_mvc/public/ | |
fi | |
verbose "...Done" | |
if [ "$apache" = "t" ]; then | |
loud "\n-----------------------------------------------------" | |
loud " * Configuring Apache * " | |
loud "-----------------------------------------------------" | |
# Detect Apache root folder, e.g. /etc/apache2 or /etc/httpd | |
eval $($apache_bin -V |awk '/HTTPD_ROOT|SERVER_CONFIG_FILE/ { print $2 }') | |
apache_conf="${HTTPD_ROOT}/${SERVER_CONFIG_FILE}" | |
verbose "Detected Apache root folder is: ${HTTPD_ROOT}" | |
if [[ ! -e $apache_conf ]]; then | |
echo -e "ERROR: Apache binary \"$apache_bin\" points to a non-existent file \"$apache_conf\"" | |
exit 1 | |
fi | |
verbose "Detected Apache primary .conf file is: ${apache_conf}" | |
if [[ -d ${HTTPD_ROOT}/sites-available ]]; then # debian & ubuntu | |
apache_sitedir="${HTTPD_ROOT}/sites-available/" | |
elif [[ -d ${HTTPD_ROOT}/conf.d ]]; then # centos | |
apache_sitedir="${HTTPD_ROOT}/conf.d/" | |
else | |
echo -e "ERROR: unknown location of Apache sites-available or virtual host directory!" >&2 | |
exit 1 | |
fi | |
verbose "Detected Apache sites configuration folder: ${apache_sitedir}" | |
set +e | |
# Parse: Server version: Apache/2.2.22 (Ubuntu) -> 2 | |
apache_major_version=$($apache_bin -v |awk -F'[ /.]+' 'NR == 1 { print $4 }') | |
set -e | |
if [[ "$apache_major_version" -ge 2 ]]; then | |
airtimeconfigfile="airtime.conf" | |
oldconfigfile="airtime-vhost.conf" | |
else | |
airtimeconfigfile="airtime" | |
oldconfigfile="airtime-vhost" | |
fi | |
# If we're upgrading (installing over an existing Airtime install) and we've been told to | |
# install apache, we should overwrite any existing configuration. If we don't do this, doing | |
# an in-place installation over an old Airtime install (which installs to /usr/share by default) | |
# will fail | |
if [ "$upgrade" = "t" -o ! -f ${apache_sitedir}${airtimeconfigfile} ]; then | |
verbose "\n * Creating Apache config for Airtime..." | |
listen_port="" | |
if [ "$web_port" != "80" ]; then | |
listen_port="Listen ${web_port}" | |
fi | |
apache_template_file=${SCRIPT_DIR}/installer/apache/airtime-vhost-2.4 | |
if [[ "$apache_major_version" -eq 1 ]]; then | |
# fall back to apache 1 config | |
apache_template_file=${SCRIPT_DIR}/installer/apache/airtime-vhost | |
fi | |
sed \ | |
-e "s@WEB_PORT_LISTEN@${listen_port}@g" \ | |
-e "s@WEB_PORT@${web_port}@g" \ | |
-e "s@WEB_ROOT@${web_root}@g" \ | |
${apache_template_file} > ${apache_sitedir}${airtimeconfigfile} | |
# The a2ensite/a2dissite utilities are not available on CentOS | |
if [[ -x /usr/sbin/a2ensite ]]; then | |
loudCmd "a2dissite 000-default" | |
# If Airtime was previously installed with apt, the vhost file name is different, | |
# so we need to specifically disable it. | |
if [ -f "/etc/apache2/sites-available/${oldconfigfile}" ]; then | |
loudCmd "a2dissite airtime-vhost" | |
fi | |
loudCmd "a2ensite airtime" | |
fi | |
else | |
verbose "\nApache config for Airtime already exists, skipping" | |
fi | |
fi | |
if [ "$icecast" = "f" -a ${_i} -eq 1 ]; then | |
echo -e "Install default Airtime Icecast configuration? (Y/n): \c" | |
read IN | |
IN=${IN:-$default_value} | |
if [ "$IN" = "y" -o "$IN" = "Y" ]; then | |
icecast="t" | |
fi | |
fi | |
if [ "$icecast" = "t" ]; then | |
loud "\n-----------------------------------------------------" | |
loud " * Configuring Icecast * " | |
loud "-----------------------------------------------------" | |
verbose "\n * Enabling Icecast 2..." | |
icecast_unit_name="icecast2" | |
if [ "$dist" != "centos" ]; then | |
sed -i 's/ENABLE=false/ENABLE=true/g' /etc/default/icecast2 | |
else | |
icecast_unit_name="icecast" | |
fi | |
# restart in case icecast was already started (like is the case on debian) | |
systemInitCommand restart ${icecast_unit_name} | |
verbose "...Done" | |
fi | |
loud "\n-----------------------------------------------------" | |
loud " * Installing Airtime Services * " | |
loud "-----------------------------------------------------" | |
verbose "\n * Installing necessary python services..." | |
loudCmd "pip install setuptools --upgrade" | |
verbose "...Done" | |
# Ubuntu Trusty and Debian Wheezy needs a workaround for python version SSL downloads | |
# This affects all python installs where python < 2.7.9 | |
python_version=$(python --version 2>&1 | awk '{ print $2 }') | |
verbose "Detected Python version: $python_version" | |
# Convert version so each segment is zero padded for easy comparison | |
python_version_formatted=$(awk 'BEGIN {FS = "."} {printf "%03d.%03d.%03d\n", $1,$2,$3}' <<< $python_version) | |
if [[ "$python_version_formatted" < "002.007.009" ]]; then | |
verbose "\n * Installing pyOpenSSL and ca db for SNI support..." | |
loudCmd "pip install pyOpenSSL cryptography idna certifi --upgrade" | |
verbose "...Done" | |
fi | |
verbose "\n * Creating /run/airtime..." | |
mkdir -p /run/airtime | |
chmod 755 /run/airtime | |
chown -R ${web_user}:${web_user} /run/airtime | |
verbose "...Done" | |
if [ ! -d /var/log/airtime ]; then | |
loud "\n-----------------------------------------------------" | |
loud " * Installing Log Files * " | |
loud "-----------------------------------------------------" | |
verbose "\n * Creating /var/log/airtime" | |
loudCmd "mkdir -p /var/log/airtime" | |
verbose "\n * Copying logrotate files..." | |
loudCmd "cp ${AIRTIMEROOT}/airtime_mvc/build/airtime-php.logrotate /etc/logrotate.d/airtime-php" | |
loudCmd "cp ${AIRTIMEROOT}/python_apps/pypo/liquidsoap/airtime-liquidsoap.logrotate /etc/logrotate.d/airtime-liquidsoap" | |
fi | |
verbose "\n * Installing API client..." | |
loudCmd "python ${AIRTIMEROOT}/python_apps/api_clients/setup.py install --install-scripts=/usr/bin" | |
verbose "...Done" | |
verbose "\n * Installing pypo and liquidsoap..." | |
loudCmd "python ${AIRTIMEROOT}/python_apps/pypo/setup.py install --install-scripts=/usr/bin --no-init-script" | |
loudCmd "mkdir -p /var/log/airtime/{pypo,pypo-liquidsoap} /var/tmp/airtime/pypo/{cache,files,tmp} /var/tmp/airtime/show-recorder/" | |
loudCmd "chown -R ${web_user}:${web_user} /var/log/airtime/{pypo,pypo-liquidsoap} /var/tmp/airtime/pypo/{cache,files,tmp} /var/tmp/airtime/show-recorder/" | |
systemInitInstall airtime-liquidsoap $web_user | |
systemInitInstall airtime-playout $web_user | |
verbose "...Done" | |
verbose "\n * Installing airtime-celery..." | |
loudCmd "python ${AIRTIMEROOT}/python_apps/airtime-celery/setup.py install --no-init-script" | |
# Create the Celery user | |
if $is_centos_dist; then | |
loudCmd "id celery 2>/dev/null || adduser --no-create-home -c 'LibreTime Celery' -r celery || true" | |
else | |
loudCmd "id celery 2>/dev/null || adduser --no-create-home --gecos 'LibreTime Celery' --disabled-login --firstuid 1 --lastuid 999 celery" | |
fi | |
# Add celery to the www-data group | |
loudCmd "usermod -G ${web_user} -a celery" | |
# CentOS installs celery in /usr/bin which differs from other distros. Make | |
# available in /usr/local/bin as systemd requires an absolute path. | |
[[ ! -e /usr/local/bin/celery ]] && ln -s /usr/bin/celery /usr/local/bin/celery | |
systemInitInstall airtime-celery | |
verbose "...Done" | |
verbose "\n * Installing airtime_analyzer..." | |
loudCmd "python ${AIRTIMEROOT}/python_apps/airtime_analyzer/setup.py install --install-scripts=/usr/bin --no-init-script" | |
systemInitInstall airtime_analyzer $web_user | |
verbose "...Done" | |
verbose "\n * Setting permissions on /var/log/airtime..." | |
# Make the airtime log directory group-writable | |
loudCmd "chmod -R 775 /var/log/airtime" | |
loudCmd "chown -R ${web_user}:${web_user} /var/log/airtime/" | |
verbose "\n * Setting permissions on /var/tmp/airtime..." | |
loudCmd "chmod -R a+x /var/tmp/airtime" | |
loudCmd "chown -R ${web_user}:${web_user} /var/tmp/airtime/" | |
loud "\n-----------------------------------------------------" | |
loud " * Configuring PHP in Apache * " | |
loud "-----------------------------------------------------" | |
# Test common locations for php conf directory | |
php_conf_dirs=( | |
"/etc/php/7.3/apache2/conf.d" # Debian Buster | |
"/etc/php/7.2/apache2/conf.d" # Ubuntu Bionic | |
"/etc/php/7.0/apache2/conf.d" # Ubuntu Xenial | |
"/etc/php5/apache2/conf.d" # Debian Stretch, Debian Jessie, Ubuntu Trusty | |
"/etc/php.d" # CentOS 7 | |
) | |
for php_conf in ${php_conf_dirs[@]}; do | |
[[ -d $php_conf ]] && break | |
done | |
if [[ -d $php_conf ]]; then | |
libretime_phpini="${php_conf}/airtime.ini" | |
else | |
echo -e "ERROR: PHP Apache configuration folder does not exist or is in an unknown location!" >&2 | |
exit 1 | |
fi | |
verbose "Detected php conf directory at: $php_conf" | |
if [ ! -f "${libretime_phpini}" ]; then | |
verbose "\n * Creating LibreTime PHP config for Apache..." | |
cp ${SCRIPT_DIR}/installer/php/airtime.ini ${libretime_phpini} | |
else | |
verbose "\nAirtime PHP config for Apache already exists, skipping" | |
fi | |
# Enable Apache modules | |
if $is_debian_buster; then | |
loudCmd "a2enmod rewrite php7.3" | |
elif $is_ubuntu_bionic; then | |
loudCmd "a2enmod rewrite php7.2" | |
elif $is_ubuntu_xenial || $is_debian_stretch; then | |
loudCmd "a2enmod rewrite php7.0" | |
elif $is_centos_dist; then | |
verbose "TODO: enable Apache modules mod_rewrite and mod_php manually" | |
else | |
loudCmd "a2enmod rewrite php5" | |
fi | |
if [ $skip_postgres -eq 0 ]; then | |
loud "\n-----------------------------------------------------" | |
loud " * Configuring PostgreSQL * " | |
loud "-----------------------------------------------------" | |
# Ensure postgres is running - It isn't after you install the postgres package on Ubuntu 15.04 | |
systemInitCommand start postgresql | |
setupAirtimePostgresUser() { | |
# here-doc to execute this block as postgres user | |
su postgres <<'EOF' | |
set +e | |
count=$(psql -d postgres -tAc "SELECT count(*) FROM pg_roles WHERE rolname='airtime';") | |
if [[ $count -eq 0 ]]; then | |
psql -d postgres -tAc "CREATE USER airtime WITH ENCRYPTED PASSWORD 'airtime'; ALTER USER airtime CREATEDB;" | |
[[ $? -eq 0 ]] && | |
echo "Created airtime user in PostgreSQL" || | |
echo "$0:${FUNCNAME}(): ERROR: Can't create airtime user in PostgreSQL!" | |
else | |
echo "airtime user already exists in PostgreSQL" | |
fi | |
set -e | |
# don't indent this! | |
EOF | |
} | |
if [ "$postgres" = "t" ]; then | |
setupAirtimePostgresUser | |
elif [ ${_i} -eq 1 ]; then | |
echo -e "Create default airtime postgres user? (Y/n): \c" | |
read IN | |
IN=${IN:-$default_value} | |
if [ "$IN" = "y" -o "$IN" = "Y" ]; then | |
setupAirtimePostgresUser | |
fi | |
fi | |
fi | |
if [ $skip_rabbitmq -eq 0 ]; then | |
loud "\n-----------------------------------------------------" | |
loud " * Configuring RabbitMQ * " | |
loud "-----------------------------------------------------" | |
RABBITMQ_VHOST=/airtime | |
RABBITMQ_USER=airtime | |
RABBITMQ_PASSWORD=airtime | |
EXCHANGES="airtime-pypo|pypo-fetch|airtime-analyzer|media-monitor" | |
# Ignore errors in this check to avoid dying when vhost isn't found | |
set +e | |
rabbitmqctl list_vhosts | grep -w "^${RABBITMQ_VHOST}$" > /dev/null | |
RESULT="$?" | |
set -e | |
# Only run these if the vhost doesn't exist | |
if [ "$RESULT" != "0" ]; then | |
verbose "\n * Creating RabbitMQ user ${RABBITMQ_USER}..." | |
rabbitmqctl add_vhost ${RABBITMQ_VHOST} | |
rabbitmqctl add_user ${RABBITMQ_USER} ${RABBITMQ_PASSWORD} | |
else | |
verbose "\nRabbitMQ user already exists, skipping creation" | |
fi | |
verbose "\n * Setting RabbitMQ user permissions..." | |
#loudCmd "rabbitmqctl set_permissions -p ${RABBITMQ_VHOST} ${RABBITMQ_USER} \"$EXCHANGES\" \"$EXCHANGES\" \"$EXCHANGES\"" | |
loudCmd "rabbitmqctl set_permissions -p ${RABBITMQ_VHOST} ${RABBITMQ_USER} .\* .\* .\*" | |
fi | |
if [ ! -d "/etc/airtime" ]; then | |
loud "\n-----------------------------------------------------" | |
loud " * Installing Airtime * " | |
loud "-----------------------------------------------------" | |
verbose "\n * Creating /etc/airtime/ directory..." | |
mkdir /etc/airtime | |
fi | |
chown -R ${web_user}:${web_user} /etc/airtime | |
if [ ! -d "/srv/airtime" ]; then | |
mkdir -p /srv/airtime | |
fi | |
chown -R ${web_user}:${web_user} /srv/airtime | |
# We only generate the locales for Airtime if you're allowing us | |
# to install our dependencies, so that we won't automatically do this | |
# when this install script runs from our DEB package. | |
if [ "$ignore_dependencies" = "f" ]; then | |
loud "\n-----------------------------------------------------" | |
loud " * Installing Locales * " | |
loud "-----------------------------------------------------" | |
if $is_centos_dist; then | |
loud "\n not required on $dist" | |
else | |
set +e | |
verbose "\n * Generating locales" | |
for i in `ls ${web_root}/../locale | grep ".._.."`; do | |
if [ "$dist" = "debian" ]; then | |
grep -qi "^$i" /etc/locale.gen | |
if [ $? -ne 0 ]; then | |
verbose "$i.UTF-8 UTF-8" >> /etc/locale.gen | |
fi | |
else | |
loudCmd "locale-gen \"$i.utf8\"" | |
fi | |
done | |
set -e | |
fi | |
if [ "$dist" = "debian" ]; then | |
loudCmd "/usr/sbin/locale-gen" | |
fi | |
fi | |
# If the user requested it we run restorecon on files that need | |
# tagging for selinux. | |
if [ "$selinux" = "t" ]; then | |
loud "\n-----------------------------------------------------" | |
loud " * Restoring SELinux Tags * " | |
loud "-----------------------------------------------------" | |
verbose "\n * Running restorecon..." | |
loudCmd "restorecon -Rv /etc/airtime /srv/airtime > /dev/null 2>&1" | |
verbose "...Done" | |
fi | |
verbose "\n * Reloading apache..." | |
systemInitCommand restart ${apache_service} | |
# NOTE: ip command works on all supported platforms | |
if $is_centos_dist; then | |
IP=$(ip -o -4 address show dev eth0 | grep -Po 'inet \K[\d.]+') | |
else | |
# not on centos | |
ip_device="eth0" | |
$is_ubuntu_xenial && ip_device="enp0s8" | |
IP=$(ifconfig ${ip_device} 2>/dev/null |awk -F'[ :]+' '/inet addr:/ {print $4}') | |
fi | |
verbose "...Done" | |
echo -e "\n-----------------------------------------------------" | |
echo " * Basic Setup DONE! * " | |
echo " " | |
echo " To get started with Airtime, visit ${IP} " | |
echo " or, if you've set up your own web configuration, " | |
echo " the Airtime webroot on your webserver " | |
echo "-----------------------------------------------------" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# as root | |
wget https://github.com/savonet/liquidsoap/releases/download/1.3.7/liquidsoap-1.3.7-full.tar.gz | |
tar xvf liquidsoap-1.3.7-full.tar.gz | |
apt-get -y install ocaml-findlib libcamomile-ocaml-dev libmad0-dev libshout3-dev libvorbis-dev libid3tag0-dev libasound2-dev autoconf automake software-properties-common camlp4-extra autotools-dev automake opam ibasound2-dev libfdk-aac-dev libmad0-dev libmp3lame-dev libopus-dev libpcre3-dev libtag1-dev libasound2-dev libfdk-aac-dev libmad0-dev libmp3lame-dev libopus-dev libpcre3-dev libtag1-dev libasound2-dev libfdk-aac-dev libmad0-dev libmp3lame-dev | |
cd liquidsoap-1.3.7-full ; ./bootstrap | |
cd liquidsoap-1.3.7-full ; ./configure | |
cd liquidsoap-1.3.7-full ; cp PACKAGES.default PACKAGES | |
cd liquidsoap-1.3.7-full ; make | |
add-apt-repository -y ppa:avsm/ppa | |
mkdir /usr/local/opam | |
mkdir -p /usr/share/liquidsoap/.ssh | |
cp ~/.ssh/authorized_keys /usr/share/liquidsoap/.ssh/ | |
groupadd liquidsoap | |
useradd -d /usr/share/liquidsoap/ -g liquidsoap -s /bin/bash liquidsoap | |
chown -R liquidsoap:liquidsoap /usr/local/opam /usr/share/liquidsoap/ | |
# pre-install.sh | |
#### as liquidsoap | |
opam init -y --root=/usr/local/opam | |
eval `opam config env --root=/usr/local/opam` | |
opam install -y depext | |
opam depext -y alsa cry fdkaac lame liquidsoap mad opus taglib vorbis | |
opam install -y alsa cry fdkaac lame liquidsoap mad opus taglib vorbis | |
# as root | |
echo "eval \`opam config env --root=/usr/local/opam\`" > /etc/profile.d/liquidsoap-opam.sh | |
ln -s /usr/local/opam/system/bin/liquidsoap /usr/bin/liquidsoap | |
#### as liquidsoap | |
git clone https://github.com/savonet/liquidsoap.git | |
cd liquidsoap | |
git submodule init | |
git submodule update | |
opam pin add liquidsoap . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
psql -d postgres -tAc "CREATE USER airtime WITH ENCRYPTED PASSWORD 'airtime'; ALTER USER airtime CREATEDB;" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
Kanku::Util::IPTables: | |
start_port: 49001 | |
domain_name: libretime | |
default_job: kanku-job | |
login_user: root | |
login_pass: kankudai | |
qemu: | |
user: | |
jobs: | |
kanku-job: | |
- | |
use_module: Kanku::Handler::SetJobContext | |
options: | |
host_interface: eth0 | |
- | |
use_module: Kanku::Handler::OBSCheck | |
options: | |
api_url: https://api.opensuse.org/public | |
# Please have a look at | |
# https://build.opensuse.org/project/show/devel:kanku:images | |
# to find more official Images | |
project: devel:kanku:images | |
repository: images_tumbleweed | |
package: openSUSE-Tumbleweed-JeOS:ext4 | |
use_oscrc: 0 | |
- | |
use_module: Kanku::Handler::ImageDownload | |
options: | |
use_cache: 1 | |
- | |
use_module: Kanku::Handler::CreateDomain | |
options: | |
memory: 2G | |
vcpu: 2 | |
use_9p: 1 | |
#forward_port_list: tcp:22,tcp:443 | |
template_file: /home/frank/prj/libretime.tt2 | |
- | |
use_module: Kanku::Handler::PrepareSSH | |
- | |
use_module: Kanku::Handler::ExecuteCommandViaSSH | |
options: | |
commands: | |
- zypper -n ar https://download.opensuse.org/repositories/home:/M0ses:/branches:/home:/radiorabe:/airtime/openSUSE_Factory/home:M0ses:branches:home:radiorabe:airtime.repo | |
- zypper -n --gpg-auto-import-keys ref -s | |
- zypper -n in libretime-utils libretime-api_clients libretime-celery libretime-icecast libretime-web libretime-analyzer libretime postgresql11 postgresql11-server rabbitmq-server mc alsa-utils | |
# The followin packages must be required by libretime-(web?) package | |
- zypper -n in apache2-mod_php7 php7-json php7-APCu | |
- systemctl enable postgresql.service | |
- systemctl start postgresql.service | |
- su -c "psql -d postgres -tAc \"CREATE USER airtime WITH ENCRYPTED PASSWORD 'airtime';\"" postgres | |
- su -c "psql -d postgres -tAc \"ALTER USER airtime CREATEDB;\"" postgres | |
- su -c "psql -d postgres -tAc \"CREATE DATABASE airtime OWNER airtime;\"" postgres | |
# TODO: in /var/lib/pgsql/data/pg_hba.conf: -'peer' -'ident' -> +'md5' | |
- cp /tmp/kanku/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf | |
- systemctl restart postgresql.service | |
- systemctl enable rabbitmq-server | |
- systemctl start rabbitmq-server | |
- rabbitmqctl add_vhost /airtime | |
- rabbitmqctl add_user airtime airtime | |
- rabbitmqctl set_permissions -p /airtime airtime ".*" ".*" ".*" | |
- cp /tmp/kanku/apache2.libretime.conf /etc/apache2/vhosts.d/libretime.conf | |
- /tmp/kanku/create-cert.sh | |
- a2enmod php7 | |
- a2enmod filter | |
- a2enmod deflate | |
- a2enmod rewrite | |
- a2enflag SSL | |
- systemctl enable apache2 | |
- systemctl start apache2 | |
- chown wwwrun:www /etc/airtime | |
- mkdir /srv/airtime | |
- chown wwwrun:www /srv/airtime | |
# TODO: /srv/www/libretime/airtime_mvc/public/.htaccess im airtime-webroot erzeugen: | |
# RewriteEngine On | |
# RewriteCond %{HTTPS} !=on | |
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
Kanku::Util::IPTables: | |
start_port: 49001 | |
domain_name: ubuntu-devel | |
default_job: kanku-job | |
login_user: root | |
login_pass: kankudai | |
jobs: | |
kanku-job: | |
- | |
use_module: Kanku::Handler::SetJobContext | |
options: | |
host_interface: eth0 | |
- | |
use_module: Kanku::Handler::OBSCheck | |
options: | |
api_url: https://api.opensuse.org/public | |
# Please have a look at | |
# https://build.opensuse.org/project/show/devel:kanku:images | |
# to find more official Images | |
project: devel:kanku:images | |
repository: images_ubuntu | |
package: ubuntu-JeOS | |
#project: Virtualization:Appliances:Images:Testing_x86 | |
#repository: images | |
#package: test-image-ubuntu:Virtual | |
skip_all_checks: 1 | |
use_oscrc: 0 | |
- | |
use_module: Kanku::Handler::ImageDownload | |
options: | |
use_cache: 1 | |
- | |
use_module: Kanku::Handler::CreateDomain | |
options: | |
memory: 2G | |
vcpu: 2 | |
use_9p: 1 | |
#forward_port_list: tcp:22,tcp:443 | |
#root_disk_size: 4294967296 | |
- | |
use_module: Kanku::Handler::ExecuteCommandViaConsole | |
options: | |
commands: | |
- echo "deb http://archive.ubuntu.com/ubuntu bionic main universe multiverse" > /etc/apt/sources.list | |
- apt-get update | |
- apt-get install -y parted openssh-server | |
- | |
use_module: Kanku::Handler::PrepareSSH | |
- | |
use_module: Kanku::Handler::ExecuteCommandViaSSH | |
options: | |
commands: | |
- apt-get -y install software-properties-common | |
- add-apt-repository -y ppa:avsm/ppa | |
- apt-get update | |
- apt-get install -y build-essential vim vim-common fakeroot dh-make less git-buildpackage | |
- apt-get install -y autoconf automake autotools-dev camlp4-extra libasound2-dev libcamomile-ocaml-dev libfdk-aac-dev libid3tag0-dev libmad0-dev libmp3lame-dev libopus-dev libpcre3-dev libshout3-dev libtag1-dev libvorbis-dev ocaml-findlib opam software-properties-common | |
- wget http://caml.inria.fr/pub/distrib/ocaml-4.07/ocaml-4.07.1.tar.gz | |
- tar xvf ocaml-4.07.1.tar.gz | |
- cd ocaml-4.07.1 ; ./configure | |
- cd ocaml-4.07.1 ; make world.opt | |
- cd ocaml-4.07.1 ; make install | |
- wget https://github.com/savonet/liquidsoap/releases/download/1.3.7/liquidsoap-1.3.7-full.tar.gz | |
- tar xvf liquidsoap-1.3.7-full.tar.gz | |
- cd liquidsoap-1.3.7-full ; ./bootstrap | |
- cd liquidsoap-1.3.7-full ; cp PACKAGES.default PACKAGES | |
- cd liquidsoap-1.3.7-full ; ./configure | |
- cd liquidsoap-1.3.7-full ; make | |
- add-apt-repository -y ppa:avsm/ppa | |
- mkdir /usr/local/opam | |
- mkdir -p /usr/share/liquidsoap/.ssh | |
- cp ~/.ssh/authorized_keys /usr/share/liquidsoap/.ssh/ | |
- groupadd liquidsoap | |
- useradd -d /usr/share/liquidsoap/ -g liquidsoap -s /bin/bash liquidsoap | |
- chown -R liquidsoap:liquidsoap /usr/local/opam /usr/share/liquidsoap/ | |
- | |
use_module: Kanku::Handler::ExecuteCommandViaSSH | |
options: | |
username: liquidsoap | |
commands: | |
- opam init -y --root=/usr/local/opam | |
- eval `opam config env --root=/usr/local/opam` | |
- opam install -y depext | |
- opam depext -y alsa cry fdkaac lame liquidsoap mad opus taglib vorbis | |
- opam install -y alsa cry fdkaac lame liquidsoap mad opus taglib vorbis | |
- | |
use_module: Kanku::Handler::ExecuteCommandViaSSH | |
options: | |
commands: | |
- echo "eval \`opam config env --root=/usr/local/opam\`" > /etc/profile.d/liquidsoap-opam.sh | |
- ln -s /usr/local/opam/system/bin/liquidsoap /usr/bin/liquidsoap | |
- | |
use_module: Kanku::Handler::ExecuteCommandViaSSH | |
options: | |
username: liquidsoap | |
commands: | |
- git clone https://github.com/savonet/liquidsoap.git | |
- cd liquidsoap ; git submodule init | |
- cd liquidsoap ; git submodule update | |
- cd liquidsoap ; opam pin add liquidsoap . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<domain type='kvm'> | |
<name>[% domain.domain_name %]</name> | |
<memory unit='KiB'>[% domain.memory %]</memory> | |
<currentMemory unit='KiB'>[% domain.memory %]</currentMemory> | |
<vcpu placement='static'>[% domain.vcpu %]</vcpu> | |
<cpu mode='host-passthrough' check='none'> | |
<cache mode='passthrough'/> | |
<feature policy='require' name='[% host_feature %]'/> | |
</cpu> | |
<os> | |
<type arch='x86_64' machine='pc-i440fx-2.3'>hvm</type> | |
</os> | |
<features> | |
<acpi/> | |
<apic/> | |
<pae/> | |
</features> | |
<clock offset='utc'/> | |
<on_poweroff>destroy</on_poweroff> | |
<on_reboot>restart</on_reboot> | |
<on_crash>destroy</on_crash> | |
<devices> | |
<emulator>/usr/bin/qemu-kvm</emulator> | |
[% domain.disk_xml %] | |
<controller type='pci' index='0' model='pci-root'> | |
<alias name='pci.0'/> | |
</controller> | |
<controller type='sata' index='0'> | |
<alias name='sata0'/> | |
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> | |
</controller> | |
<interface type='network'> | |
<source network='[% domain.network_name %]' bridge='[% domain.network_bridge %]'/> | |
<model type='virtio'/> | |
<alias name='net0'/> | |
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> | |
</interface> | |
<serial type='pty'> | |
<source path='/dev/pts/8'/> | |
<target port='0'/> | |
<alias name='serial0'/> | |
</serial> | |
<console type='pty'> | |
<target type='serial' port='0'/> | |
<alias name='serial0'/> | |
</console> | |
<sound model='ac97'> | |
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> | |
</sound> | |
<memballoon model='virtio'> | |
<alias name='balloon0'/> | |
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> | |
</memballoon> | |
[% domain.hostshare %] | |
</devices> | |
</domain> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<domain type='kvm'> | |
<name>libretime</name> | |
<uuid>44cbbbdb-4cbb-4d80-815c-73444f9cf30d</uuid> | |
<memory unit='KiB'>2097152</memory> | |
<currentMemory unit='KiB'>2097152</currentMemory> | |
<vcpu placement='static'>2</vcpu> | |
<os> | |
<type arch='x86_64' machine='pc-i440fx-2.3'>hvm</type> | |
</os> | |
<features> | |
<acpi/> | |
<apic/> | |
<pae/> | |
</features> | |
<cpu mode='host-passthrough' check='none'> | |
<cache mode='passthrough'/> | |
<feature policy='require' name='vmx'/> | |
</cpu> | |
<clock offset='utc'/> | |
<on_poweroff>destroy</on_poweroff> | |
<on_reboot>restart</on_reboot> | |
<on_crash>destroy</on_crash> | |
<devices> | |
<emulator>/usr/bin/qemu-kvm</emulator> | |
<disk type='file' device='disk'> | |
<driver name='qemu' type='qcow2'/> | |
<source file='/var/lib/libvirt/images/libretime.qcow2'/> | |
<target dev='hda' bus='ide'/> | |
<boot order='1'/> | |
<address type='drive' controller='0' bus='0' target='0' unit='0'/> | |
</disk> | |
<controller type='pci' index='0' model='pci-root'/> | |
<controller type='sata' index='0'> | |
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> | |
</controller> | |
<controller type='usb' index='0' model='piix3-uhci'> | |
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> | |
</controller> | |
<controller type='ide' index='0'> | |
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> | |
</controller> | |
<filesystem type='mount' accessmode='passthrough'> | |
<source dir='/home/frank/prj/libretime'/> | |
<target dir='kankushare'/> | |
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> | |
</filesystem> | |
<interface type='network'> | |
<mac address='52:54:00:6a:0c:c0'/> | |
<source network='default'/> | |
<model type='virtio'/> | |
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> | |
</interface> | |
<serial type='pty'> | |
<target type='isa-serial' port='0'> | |
<model name='isa-serial'/> | |
</target> | |
</serial> | |
<console type='pty'> | |
<target type='serial' port='0'/> | |
</console> | |
<input type='mouse' bus='ps2'/> | |
<input type='keyboard' bus='ps2'/> | |
<sound model='ac97'> | |
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> | |
</sound> | |
<memballoon model='virtio'> | |
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> | |
</memballoon> | |
</devices> | |
</domain> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PostgreSQL Client Authentication Configuration File | |
# =================================================== | |
# | |
# Refer to the "Client Authentication" section in the PostgreSQL | |
# documentation for a complete description of this file. A short | |
# synopsis follows. | |
# | |
# This file controls: which hosts are allowed to connect, how clients | |
# are authenticated, which PostgreSQL user names they can use, which | |
# databases they can access. Records take one of these forms: | |
# | |
# local DATABASE USER METHOD [OPTIONS] | |
# host DATABASE USER ADDRESS METHOD [OPTIONS] | |
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] | |
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] | |
# | |
# (The uppercase items must be replaced by actual values.) | |
# | |
# The first field is the connection type: "local" is a Unix-domain | |
# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, | |
# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a | |
# plain TCP/IP socket. | |
# | |
# DATABASE can be "all", "sameuser", "samerole", "replication", a | |
# database name, or a comma-separated list thereof. The "all" | |
# keyword does not match "replication". Access to replication | |
# must be enabled in a separate record (see example below). | |
# | |
# USER can be "all", a user name, a group name prefixed with "+", or a | |
# comma-separated list thereof. In both the DATABASE and USER fields | |
# you can also write a file name prefixed with "@" to include names | |
# from a separate file. | |
# | |
# ADDRESS specifies the set of hosts the record matches. It can be a | |
# host name, or it is made up of an IP address and a CIDR mask that is | |
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that | |
# specifies the number of significant bits in the mask. A host name | |
# that starts with a dot (.) matches a suffix of the actual host name. | |
# Alternatively, you can write an IP address and netmask in separate | |
# columns to specify the set of hosts. Instead of a CIDR-address, you | |
# can write "samehost" to match any of the server's own IP addresses, | |
# or "samenet" to match any address in any subnet that the server is | |
# directly connected to. | |
# | |
# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", | |
# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". | |
# Note that "password" sends passwords in clear text; "md5" or | |
# "scram-sha-256" are preferred since they send encrypted passwords. | |
# | |
# OPTIONS are a set of options for the authentication in the format | |
# NAME=VALUE. The available options depend on the different | |
# authentication methods -- refer to the "Client Authentication" | |
# section in the documentation for a list of which options are | |
# available for which authentication methods. | |
# | |
# Database and user names containing spaces, commas, quotes and other | |
# special characters must be quoted. Quoting one of the keywords | |
# "all", "sameuser", "samerole" or "replication" makes the name lose | |
# its special character, and just match a database or username with | |
# that name. | |
# | |
# This file is read on server startup and when the server receives a | |
# SIGHUP signal. If you edit the file on a running system, you have to | |
# SIGHUP the server for the changes to take effect, run "pg_ctl reload", | |
# or execute "SELECT pg_reload_conf()". | |
# | |
# Put your actual configuration here | |
# ---------------------------------- | |
# | |
# If you want to allow non-local connections, you need to add more | |
# "host" records. In that case you will also need to make PostgreSQL | |
# listen on a non-local interface via the listen_addresses | |
# configuration parameter, or via the -i or -h command line switches. | |
# TYPE DATABASE USER ADDRESS METHOD | |
# "local" is for Unix domain socket connections only | |
local all all md5 | |
# IPv4 local connections: | |
host all all 127.0.0.1/32 md5 | |
# IPv6 local connections: | |
host all all ::1/128 md5 | |
# Allow replication connections from localhost, by a user with the | |
# replication privilege. | |
local replication all md5 | |
host replication all 127.0.0.1/32 md5 | |
host replication all ::1/128 md5 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
############################################################################### | |
# | |
# DEFINITION OF FUNCTIIONS | |
# | |
############################################################################### | |
function execute_silently { | |
$@ > /dev/null 2>&1 | |
return $? | |
} | |
############################################################################### | |
function logline { | |
[[ $BOOTSTRAP_TEST_MODE == 1 ]] && return | |
echo $@ | |
} | |
############################################################################### | |
function check_unit { | |
srv=$1 | |
service_critical=$2 | |
[[ $SETUP_ONLY == 1 ]] && return | |
echo "Checking unit $srv ..." | |
logline "Enabling $srv" | |
execute_silently systemctl enable $srv | |
if [[ $? -gt 0 ]];then | |
logline "WARNING: Enabling $srv daemon failed." | |
fi | |
STATUS=`systemctl is-active $srv 2>/dev/null` | |
if [[ "$STATUS" == "inactive" ]];then | |
echo "$srv daemon not started. Trying to start" | |
execute_silently systemctl start $srv | |
if [[ $? -gt 0 ]];then | |
echo -n "Starting $srv daemon failed." | |
if [[ $service_critical == 1 ]];then | |
echo " Exiting ..." | |
exit 1 | |
fi | |
fi | |
fi | |
} | |
############################################################################### | |
function check_server_cert { | |
# Create directory if not exists | |
# Usefull on testing systems where no obs-server rpm is installed | |
[ -d $backenddir/certs/ ] || mkdir -p $backenddir/certs/ | |
if [[ ! -e $backenddir/certs/server.${FQHOSTNAME}.created || ! -e $backenddir/certs/server.${FQHOSTNAME}.crt ]]; then | |
# setup ssl certificates (NOT protected with a passphrase) | |
logline "Creating a default SSL certificate for the server" | |
logline "Please replace it with your version in $backenddir/certs directory..." | |
DETECTED_CERT_CHANGE=1 | |
# hostname specific certs - survive intermediate hostname changes | |
if [ ! -e $backenddir/certs/server.${FQHOSTNAME}.crt ] ; then | |
# This is just a dummy SSL certificate, but it has a valid hostname. | |
# Admin can replace it with his version. | |
create_selfsigned_certificate | |
echo "$OPENSSL_CONFIG" | openssl req -new -nodes -config /dev/stdin \ | |
-x509 -days 365 -batch \ | |
-key $backenddir/certs/server.key \ | |
-out $backenddir/certs/server.${FQHOSTNAME}.crt | |
if [[ $? == 0 ]];then | |
echo "Do not remove this file or new SSL CAs will get created." > $backenddir/certs/server.${FQHOSTNAME}.created | |
fi | |
else | |
echo "ERROR: SSL CAs in $backenddir/certs exists, but were not created for your hostname" | |
exit 1 | |
fi | |
fi | |
} | |
############################################################################### | |
function create_selfsigned_certificate() { | |
cert_outdir=$backenddir/certs | |
COUNTER=0 | |
DNS_NAMES="" | |
for name in $PROPOSED_DNS_NAMES;do | |
DNS_NAMES="$DNS_NAMES | |
DNS.$COUNTER = $name" | |
COUNTER=$(($COUNTER + 1 )) | |
done | |
logline "Creating crt/key in $cert_outdir" | |
OPENSSL_CONFIG="prompt = no | |
distinguished_name = req_distinguished_name | |
[req_distinguished_name] | |
countryName = CC | |
stateOrProvinceName = OBS Autogen State or Province | |
localityName = OBS Autogen Locality | |
organizationName = OBS Autogen Organisation | |
organizationalUnitName = OBS Autogen Organizational Unit | |
commonName = $FQHOSTNAME | |
emailAddress = test@email.address | |
[req] | |
req_extensions = v3_req | |
distinguished_name = req_distinguished_name | |
attributes = req_attributes | |
x509_extensions = v3_ca | |
[req_attributes] | |
[ v3_req ] | |
basicConstraints = CA:FALSE | |
keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
[ v3_ca ] | |
subjectKeyIdentifier=hash | |
authorityKeyIdentifier=keyid:always,issuer | |
basicConstraints = CA:true | |
[ v3_req ] | |
# Extensions to add to a certificate request | |
basicConstraints = critical,CA:FALSE | |
keyUsage = digitalSignature, keyEncipherment | |
subjectAltName = @alt_names | |
[alt_names] | |
$DNS_NAMES | |
[ v3_ca ] | |
basicConstraints = CA:TRUE | |
subjectAltName = @alt_names | |
" | |
} | |
############################################################################### | |
function get_hostname { | |
if [[ $1 && $BOOTSTRAP_TEST_MODE == 1 ]];then | |
FQHOSTNAME=$1 | |
else | |
TIMEOUT=600 | |
while [ -z "$FQHOSTNAME" ];do | |
FQHOSTNAME=`hostname -f 2>/dev/null` | |
TIMEOUT=$(($TIMEOUT-1)) | |
[ "$TIMEOUT" -le 0 ] && break | |
echo "Waiting for FQHOSTNAME ($TIMEOUT)" | |
sleep 1 | |
done | |
fi | |
if type -p ec2-public-hostname; then | |
FQHOSTNAME=`ec2-public-hostname` | |
fi | |
if [ "$FQHOSTNAME" = "" ]; then | |
ask "Please enter the full qualified hostname!" | |
FQHOSTNAME=$rv | |
fi | |
# fallback in non-interative mode | |
if [ "$FQHOSTNAME" = "" ]; then | |
# Prefer interface with default route if exists | |
DEFAULT_ROUTE_INTERFACE=`LANG=C ip route show|perl -e '$_=<>; ( m/^default via.*dev\s+([\w]+)\s.*/ ) && print $1'` | |
# Fallback to IP of the VM/host | |
FQHOSTNAME=`LANG=C ip addr show $DEFAULT_ROUTE_INTERFACE| perl -lne '( m#^\s+inet\s+([0-9\.]+)(/\d+)?\s+.*# ) && print $1' | grep -v ^127. | head -n 1` | |
if [ "$?" != "0" -o "$FQHOSTNAME" = "" ]; then | |
echo " Can't determine hostname or IP - Network setup failed!" | |
echo " Check if networking is up and dhcp is working!" | |
echo " Using 'localhost' as FQHOSTNAME." | |
FQHOSTNAME="localhost" | |
fi | |
USEIP=$FQHOSTNAME | |
fi | |
if [[ -z $USEIP ]];then | |
DOMAINNAME="" | |
if [[ $FQHOSTNAME =~ '.' ]];then | |
DOMAINNAME=$(echo $FQHOSTNAME | perl -pe 's/^[\w\-_]*\.(.*)/$1/') | |
SHORTHOSTNAME=$(echo $FQHOSTNAME | perl -pe 's/^([\w\-_]*)\..*/$1/') | |
else | |
SHORTHOSTNAME=$FQHOSTNAME | |
fi | |
fi | |
} | |
############################################################################### | |
function generate_proposed_dnsnames { | |
if [[ ! $FQHOSTNAME ]];then | |
get_hostname | |
fi | |
if [[ $FQHOSTNAME != 'localhost' ]];then | |
LOCAL_HOST="localhost" | |
fi | |
if [[ $FQHOSTNAME == $SHORTHOSTNAME ]];then | |
DNSNAMES="$SHORTHOSTNAME $LOCAL_HOST" | |
else | |
DNSNAMES="$SHORTHOSTNAME $FQHOSTNAME $LOCAL_HOST" | |
fi | |
ask "Proposed DNS names: " "$DNSNAMES" | |
PROPOSED_DNS_NAMES=$rv | |
} | |
############################################################################### | |
function adjust_api_config { | |
echo "Adjust configuration for this hostname" | |
# use local host to avoid SSL verification between webui and api | |
api_options_yml=$apidir/config/options.yml | |
sed -i 's,^frontend_host: .*,frontend_host: "localhost",' $api_options_yml | |
sed -i 's,^frontend_port: .*,frontend_port: 443,' $api_options_yml | |
sed -i 's,^frontend_protocol: .*,frontend_protocol: "'"https"'",' $api_options_yml | |
sed -i 's,^external_frontend_host: .*,frontend_host: "'"$FQHOSTNAME"'",' $api_options_yml | |
sed -i 's,^external_frontend_port: .*,frontend_port: 443,' $api_options_yml | |
sed -i 's,^external_frontend_protocol: .*,frontend_protocol: "'"https"'",' $api_options_yml | |
} | |
############################################################################### | |
function adapt_worker_jobs { | |
#changed IP means also that leftover jobs are invalid - cope with that | |
echo "Adapting present worker jobs" | |
sed -i "s,server=\"http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:5352,server=\"http://$FQHOSTNAME:5352,g" \ | |
$backenddir/jobs/*/* 2> /dev/null | |
sed -i "s,server=\"http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:5252,server=\"http://$FQHOSTNAME:5252,g" \ | |
$backenddir/jobs/*/* 2> /dev/null | |
#remove old workers status and idling/building markers | |
rm -f $backenddir/jobs/*/*status 2> /dev/null | |
rm -f $backenddir/workers/*/* 2> /dev/null | |
# create repo directory or apache fails when nothing got published | |
mkdir -p $backenddir/repos | |
chown obsrun.obsrun $backenddir/repos | |
} | |
############################################################################### | |
function prepare_database_setup { | |
cd /srv/www/obs/api | |
RAILS_ENV=production bin/rails db:migrate:status > /dev/null | |
if [[ $? > 0 ]];then | |
echo "Initialize MySQL databases (first time only)" | |
echo " - reconfiguring /etc/my.cnf" | |
perl -p -i -e 's#.*datadir\s*=\s*/var/lib/mysql$#datadir= /srv/obs/MySQL#' /etc/my.cnf | |
echo " - installing to new datadir" | |
mysql_install_db | |
echo " - changing ownership for new datadir" | |
chown mysql:mysql -R /srv/obs/MySQL | |
echo " - restarting mysql" | |
systemctl restart mysql | |
echo " - setting new password for user root in mysql" | |
mysqladmin -u root password "opensuse" | |
if [[ $? > 0 ]];then | |
echo "ERROR: Your mysql setup doesn't fit your rails setup" | |
echo "Please check your database settings for mysql and rails" | |
exit 1 | |
fi | |
RUN_INITIAL_SETUP="true" | |
fi | |
RAKE_COMMANDS="" | |
if [ -n "$RUN_INITIAL_SETUP" ]; then | |
logline "Initialize OBS api database (first time only)" | |
cd $apidir | |
RAKE_COMMANDS="db:create db:setup writeconfiguration" | |
else | |
logline "Migrate OBS api database" | |
cd $apidir | |
RAKE_COMMANDS="db:migrate:with_data" | |
echo | |
fi | |
logline "Setting ownership of '$backenddir' obsrun" | |
chown obsrun.obsrun $backenddir | |
logline "Setting up rails environment" | |
for cmd in $RAKE_COMMANDS | |
do | |
logline " - Doing 'rails $cmd'" | |
RAILS_ENV=production bin/rails $cmd >> $apidir/log/db_migrate.log | |
if [[ $? > 0 ]];then | |
(>&2 echo "Command $cmd FAILED") | |
exit 1 | |
fi | |
done | |
if [ -n "$RUN_INITIAL_SETUP" ]; then | |
if [[ ! "$SETUP_ONLY" ]];then | |
`systemctl restart obsscheduler.service` | |
fi | |
fi | |
} | |
############################################################################### | |
function add_login_info_to_issue { | |
cat >> /etc/issue <<EOF | |
Connect to the web interface via: https://$FQHOSTNAME | |
Connect to the api interface via: https://$FQHOSTNAME | |
Browse the build packages via: http://$FQHOSTNAME:82 | |
* "Admin"/"root" user password is "opensuse" by default. | |
* Connect to the web interface now to finish the OBS setup. | |
More informations about this appliance are available here: | |
http://en.opensuse.org/Build_Service/OBS-Appliance | |
Greetings from the Open Build Service Team | |
http://www.open-build-service.org | |
EOF | |
} | |
############################################################################### | |
function network_failure_warning { | |
echo "OBS appliance could not get setup, no network found" > /srv/www/obs/overview/index.html | |
cat <<EOF > /etc/issue | |
******************************************************************************* | |
** NETWORK SETUP FAILED ** | |
** ** | |
** OBS is not usable. A working DNS resolution for your host is required! ** | |
** You can check this with 'hostname -f'. ** | |
** This often happens in virtualization environments like e.g. VirtualBox. ** | |
** ** | |
** You also could run ** | |
** ** | |
** /usr/lib/obs/server/setup-appliance.sh ** | |
** ** | |
** for interactive configuration ** | |
** ** | |
******************************************************************************* | |
EOF | |
} | |
############################################################################### | |
function check_server_key { | |
# reuse signing key even if hostname changed | |
if [ ! -e $backenddir/certs/server.key ]; then | |
install -d -m 0700 $backenddir/certs | |
openssl genrsa -out $backenddir/certs/server.key 1024 2>/dev/null | |
fi | |
} | |
############################################################################### | |
function import_ca_cert { | |
# apache has to trust the api ssl certificate | |
if [ ! -e /etc/ssl/certs/server.${FQHOSTNAME}.crt ]; then | |
cp $backenddir/certs/server.${FQHOSTNAME}.crt \ | |
/usr/share/pki/trust/anchors/server.${FQHOSTNAME}.pem | |
update-ca-certificates | |
fi | |
} | |
############################################################################### | |
function relink_server_cert { | |
if [[ $DETECTED_CERT_CHANGE == 1 ]];then | |
CERT_LINK_FILE=$backenddir/certs/server.crt | |
# check if CERT_LINK_FILE not exists or is symbolic link because we don't | |
# want to remove real files | |
if [ ! -e $CERT_LINK_FILE -o -L $CERT_LINK_FILE ];then | |
# change links for certs according to hostnames | |
cd $backenddir/certs | |
rm -f server.crt | |
ln -sf server.${FQHOSTNAME}.crt server.crt | |
cd - >/dev/null | |
fi | |
fi | |
} | |
############################################################################### | |
function fix_permissions { | |
cd $apidir | |
chown -R wwwrun.www $apidir/log | |
} | |
############################################################################### | |
function create_issue_file { | |
echo "Recreating /etc/issue" | |
# create base version of /etc/issues | |
cat > /etc/issue <<EOF | |
Welcome to Open Build Service(OBS) Appliance $OBSVERSION | |
based on $OS | |
EOF | |
# check if signing packages is enabled, otherwise add warning to /etc/issue | |
if ! grep -q "^our \$sign =" /usr/lib/obs/server/BSConfig.pm ; then | |
echo "Adding signing hint to /etc/issue" | |
cat >> /etc/issue <<EOF | |
WARNING: **** Package signing is disabled, maybe due to lack of hardware number generator **** | |
EOF | |
fi | |
} | |
############################################################################### | |
function create_overview_html { | |
echo "Creating overview.html" | |
sed -e "s,___API_URL___,https://$FQHOSTNAME,g" \ | |
-e "s,___REPO_URL___,http://$FQHOSTNAME:82,g" \ | |
/srv/www/obs/overview/overview.html.TEMPLATE > /srv/www/obs/overview/index.html | |
} | |
############################################################################### | |
function ask { | |
logline $1 | |
if [[ $NON_INTERACTIVE == 1 ]];then | |
rv=$2 | |
logline "Using default value '$rv' in non-interactive mode" | |
return | |
fi | |
echo "Default: $2" | |
read rv | |
if [[ ! $rv ]];then | |
rv=$2 | |
fi | |
} | |
############################################################################### | |
function check_required_backend_services { | |
[[ $SETUP_ONLY == 1 ]] && return | |
REQUIRED_SERVICES="obsrepserver obssrcserver obsscheduler obsdispatcher obspublisher" | |
for srv in $REQUIRED_SERVICES ;do | |
ENABLED=`systemctl is-enabled $srv` | |
ACTIVE=`systemctl is-active $srv` | |
[[ "$ENABLED" == "enabled" ]] || systemctl enable $srv | |
[[ "$ACTIVE" == "active" ]] || systemctl start $srv | |
done | |
} | |
############################################################################### | |
function check_recommended_backend_services { | |
[[ $SETUP_ONLY == 1 ]] && return | |
RECOMMENDED_SERVICES="obsdodup obsdeltastore obssigner obssignd obsservicedispatch" | |
for srv in $RECOMMENDED_SERVICES;do | |
STATE=$(chkconfig $srv|awk '{print $2}') | |
if [[ $STATE != on ]];then | |
ask "Service $srv is not enabled. Would you like to enable it? [Yn]" "y" | |
case $rv in | |
y|yes|Y|YES) | |
systemctl enable $srv | |
systemctl start $srv | |
;; | |
esac | |
fi | |
done | |
} | |
############################################################################### | |
function check_optional_backend_services { | |
DEFAULT_ANSWER="n" | |
if [[ $ENABLE_OPTIONAL_SERVICES ]];then | |
DEFAULT_ANSWER="y" | |
fi | |
[[ $SETUP_ONLY == 1 ]] && return | |
OPTIONAL_SERVICES="obswarden obsapisetup obsstoragesetup obsworker obsservice" | |
for srv in $OPTIONAL_SERVICES;do | |
STATE=$(chkconfig $srv|awk '{print $2}') | |
if [[ $STATE != on ]];then | |
ask "Service $srv is not enabled. Would you like to enable it? [yN]" $DEFAULT_ANSWER | |
case $rv in | |
y|yes|Y|YES) | |
systemctl enable $srv | |
systemctl start $srv | |
;; | |
esac | |
fi | |
done | |
} | |
############################################################################### | |
function prepare_apache2 { | |
[[ $SETUP_ONLY == 1 ]] && return | |
PACKAGES="apache2 apache2-mod_xforward rubygem-passenger-apache2 memcached" | |
PKG2INST="" | |
for pkg in $PACKAGES;do | |
rpm -q $pkg >/dev/null || PKG2INST="$PKG2INST $pkg" | |
done | |
if [[ -n $PKG2INST ]];then | |
zypper --non-interactive install $PKG2INST >/dev/null | |
fi | |
MODULES="passenger rewrite proxy proxy_http xforward headers socache_shmcb" | |
for mod in $MODULES;do | |
a2enmod -q $mod || a2enmod $mod | |
done | |
FLAGS=SSL | |
for flag in $FLAGS;do | |
a2enflag $flag >/dev/null | |
done | |
} | |
############################################################################### | |
function prepare_passenger { | |
perl -p -i -e \ | |
's#^(\s*)PassengerRuby "/usr/bin/ruby"#$1\PassengerRuby "/usr/bin/ruby.ruby2.5"#' \ | |
/etc/apache2/conf.d/mod_passenger.conf | |
} | |
############################################################################### | |
function prepare_obssigner { | |
# Only used if there is a local BSConfig | |
if [ -e /usr/lib/obs/server/BSConfig.pm ]; then | |
# signing setup | |
perl -p -i -e 's,^\s*#\s*our \$gpg_standard_key.*,our \$gpg_standard_key = "/srv/obs/obs-default-gpg.asc";,' /usr/lib/obs/server/BSConfig.pm | |
perl -p -i -e 's,^\s*#\s*our \$keyfile.*,our \$keyfile = "/srv/obs/obs-default-gpg.asc";,' /usr/lib/obs/server/BSConfig.pm | |
perl -p -i -e 's,^\s*#\s*our \$sign = .*,our \$sign = "/usr/bin/sign";,' /usr/lib/obs/server/BSConfig.pm | |
perl -p -i -e 's,^\s*#\s*our \$forceprojectkeys.*,our \$forceprojectkeys = 1;,' /usr/lib/obs/server/BSConfig.pm | |
chmod 4755 /usr/bin/sign | |
# create default gpg key if not existing | |
if [ ! -e "$backenddir"/obs-default-gpg.asc ] && grep -q "^our \$keyfile.*/obs-default-gpg.asc.;$" /usr/lib/obs/server/BSConfig.pm; then | |
GPG_KEY_CREATED=1 | |
echo -n Generating OBS default GPG key .... | |
mkdir -p "$backenddir"/gnupg/phrases | |
chmod -R 0700 "$backenddir"/gnupg | |
cat >/tmp/obs-gpg.$$ <<EOF | |
%echo Generating a default OBS instance key | |
Key-Type: RSA | |
Key-Length: 2048 | |
Subkey-Type: ELG-E | |
Subkey-Length: 2048 | |
Name-Real: private OBS | |
Name-Comment: key without passphrase | |
Name-Email: defaultkey@localobs | |
Expire-Date: 0 | |
%no-protection | |
%commit | |
%echo done | |
EOF | |
gpg2 --homedir $backenddir/gnupg --batch --gen-key /tmp/obs-gpg.$$ | |
gpg2 --homedir $backenddir/gnupg --export -a > "$backenddir"/obs-default-gpg.asc | |
# empty file just for accepting the key | |
touch "$backenddir/gnupg/phrases/defaultkey@localobs" | |
fi | |
# to update sign.conf also after an appliance update | |
if [ -e "$backenddir"/obs-default-gpg.asc ] && ! grep -q "^user" /etc/sign.conf; then | |
# extend signd config | |
echo "user: defaultkey@localobs" >> /etc/sign.conf | |
echo "server: 127.0.0.1" >> /etc/sign.conf | |
echo "allowuser: obsrun" >> /etc/sign.conf | |
echo "allow: 127.0.0.1" >> /etc/sign.conf | |
echo "phrases: $backenddir/gnupg/phrases" >> /etc/sign.conf | |
echo done | |
rm /tmp/obs-gpg.$$ | |
sed -i 's,^# \(our $sign =.*\),\1,' /usr/lib/obs/server/BSConfig.pm | |
sed -i 's,^# \(our $forceprojectkeys =.*\),\1,' /usr/lib/obs/server/BSConfig.pm | |
fi | |
if [ ! -e "$backenddir"/obs-default-gpg.asc ] ; then | |
sed -i 's,^\(our $sign =.*\),# \1,' /usr/lib/obs/server/BSConfig.pm | |
sed -i 's,^\(our $forceprojectkeys =.*\),# \1,' /usr/lib/obs/server/BSConfig.pm | |
fi | |
fi | |
} | |
############################################################################### | |
# | |
# MAIN | |
# | |
############################################################################### | |
export LC_ALL=C | |
ENABLE_OPTIONAL_SERVICES=0 | |
# package or appliance defaults | |
if [ -e /etc/sysconfig/obs-server ]; then | |
source /etc/sysconfig/obs-server | |
fi | |
# Set default directories | |
apidir=/srv/www/obs/api | |
backenddir=/srv/obs | |
# Overwrite directory defaults with settings in | |
# config file /etc/sysconfig/obs-server | |
if [ -n "$OBS_BASE_DIR" ]; then | |
backenddir="$OBS_BASE_DIR" | |
fi | |
if [[ ! $BOOTSTRAP_TEST_MODE == 1 && $0 != "-bash" ]];then | |
NON_INTERACTIVE=0 | |
while [[ $1 ]];do | |
case $1 in | |
--non-interactive) NON_INTERACTIVE=1;; | |
--setup-only) SETUP_ONLY=1;; | |
--enable-optional-services) ENABLE_OPTIONAL_SERVICES=1;; | |
--force) OBS_API_AUTOSETUP="yes";; | |
esac | |
shift | |
done | |
if [ "$OBS_API_AUTOSETUP" != "yes" ]; then | |
echo "OBS API Autosetup is not enabled in sysconfig, skipping!" | |
exit 0 | |
fi | |
[[ $HOME == '' ]] && export HOME=/root | |
# prepare configuration for obssigner before any other backend service | |
# is started, because obssigner configuration might affect other services | |
# too | |
GPG_KEY_CREATED=0 | |
prepare_obssigner | |
if [[ $GPG_KEY_CREATED == 1 ]];then | |
pushd . | |
# avoid systemctl | |
cd /etc/init.d | |
./obssrcserver reload | |
./obsrepserver reload | |
popd | |
fi | |
check_required_backend_services | |
check_recommended_backend_services | |
check_optional_backend_services | |
check_unit mysql.service 1 | |
get_hostname | |
### In case of the appliance, we never know where we boot up ! | |
OLDFQHOSTNAME="NOTHING" | |
if [ -e $backenddir/.oldfqhostname ]; then | |
OLDFQHOSTNAME=`cat $backenddir/.oldfqhostname` | |
fi | |
DETECTED_HOSTNAME_CHANGE=0 | |
if [ "$FQHOSTNAME" != "$OLDFQHOSTNAME" ]; then | |
echo "Appliance hostname changed from $OLDFQHOSTNAME to $FQHOSTNAME !" | |
DETECTED_HOSTNAME_CHANGE=1 | |
fi | |
if [[ $DETECTED_HOSTNAME_CHANGE == 1 ]];then | |
adapt_worker_jobs | |
adjust_api_config | |
fi | |
echo "$FQHOSTNAME" > $backenddir/.oldfqhostname | |
OBSVERSION=`rpm -q --qf '%{VERSION}' obs-server` | |
if [ -e /etc/os-release ];then | |
# execute in subshell to preserve the values of the variables | |
# $NAME and $VERSION as these are very generic | |
OS_NAME=`. /etc/os-release;echo $NAME` | |
OS_VERSION=`. /etc/os-release;echo $VERSION` | |
OS="$OS_NAME $OS_VERSION" | |
else | |
OS="UNKNOWN" | |
fi | |
RUN_INITIAL_SETUP="" | |
prepare_database_setup | |
check_server_key | |
generate_proposed_dnsnames | |
DNS_NAMES="$rv" | |
DETECTED_CERT_CHANGE=0 | |
check_server_cert | |
import_ca_cert | |
relink_server_cert | |
fix_permissions | |
prepare_apache2 | |
prepare_passenger | |
check_unit apache2.service | |
check_unit memcached.service | |
# make sure that apache gets restarted after cert change | |
if [[ $DETECTED_CERT_CHANGE && ! $SETUP_ONLY ]];then | |
systemctl reload apache2 | |
fi | |
check_unit obs-api-support.target | |
create_issue_file | |
if [ -n "$FQHOSTNAME" ]; then | |
create_overview_html | |
add_login_info_to_issue | |
else | |
network_failure_warning | |
fi | |
exit 0 | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment