Skip to content

Instantly share code, notes, and snippets.

@M0ses

M0ses/KankuFile

Last active May 2, 2019 19:28
Show Gist options
  • Save M0ses/14592c5448bc1dcbda015881d970f4a9 to your computer and use it in GitHub Desktop.
Save M0ses/14592c5448bc1dcbda015881d970f4a9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
apache2.libretime.conf
<VirtualHost *:443>
ServerAdmin foo@bar.org
DocumentRoot /srv/www/libretime/airtime_mvc/public
SSLEngine on
# SSLUseStapling on
SSLCertificateFile /etc/apache2/ssl.crt/libretime.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/libretime.key
CustomLog /var/log/apache2/ssl_request_log ssl_combined
php_admin_value upload_tmp_dir /tmp
php_value post_max_size 500M
php_value upload_max_filesize 500M
php_value request_order "GPC"
php_value session.gc_probability 0
php_value session.auto_start 0
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/json
<Directory /srv/www/libretime>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
DirectoryIndex index.php
AllowOverride all
Require all granted
</Directory>
</VirtualHost>
Raw
bernd
kanku destroy
kanku up
kanku ssh -u root
mcedit KankuFile
zypper -n in <package> # paket installieren
zypper se <pattern> # nach package suchen
Raw
create-cert.sh
#!/bin/bash
IP=`ip a show dev eth0 |grep -w inet|perl -p -e 's/inet\s+(.*)\/.*/$1/'`
PROPOSED_DNS_NAMES="localhost `hostname` `hostname -f` $IP"
cert_outdir=$backenddir/certs
SSLCRT=/etc/apache2/ssl.crt/libretime.crt
SSLKEY=/etc/apache2/ssl.key/libretime.key
openssl genrsa -out $SSLKEY 1024 2>/dev/null
COUNTER=0
DNS_NAMES=""
for name in $PROPOSED_DNS_NAMES;do
DNS_NAMES="$DNS_NAMES
DNS.$COUNTER = $name"
COUNTER=$(($COUNTER + 1 ))
done
OPENSSL_CONFIG="prompt = no
distinguished_name = req_distinguished_name
[req_distinguished_name]
countryName = CC
stateOrProvinceName = libretime Autogen State or Province
localityName = libretime Autogen Locality
organizationName = libretime Autogen Organisation
organizationalUnitName = libretime Autogen Organizational Unit
commonName = libretime
emailAddress = test@email.address
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
[req_attributes]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = critical,CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
$DNS_NAMES
[ v3_ca ]
basicConstraints = CA:TRUE
subjectAltName = @alt_names
"
echo "$OPENSSL_CONFIG" | openssl req -new -nodes -config /dev/stdin \
-x509 -days 365 -batch \
-key $SSLKEY \
-out $SSLCRT
cp $SSLCRT \
/usr/share/pki/trust/anchors/libretime.pem
update-ca-certificates
Raw
hist
37 2019-05-02 16:16:20 for i in airtime-playout airtime-liquidsoap airtime_analyzer airtime-celery;do systemctl start $i;done
38 2019-05-02 16:16:30 for i in airtime-playout airtime-liquidsoap airtime_analyzer airtime-celery;do systemctl enable $i;done
56 2019-05-02 16:21:17 ip a show dev eth0 |grep -w inet|perl -p -e 's/inet\s*(\w*)\/.*/$1/'
64 2019-05-02 16:24:55 for i in airtime-playout airtime-liquidsoap airtime_analyzer airtime-celery;do systemctl restart $i;done
Raw
install
#!/bin/bash -e
#-e Causes bash script to exit if any of the installers
#return with a non-zero return value.
if [[ $EUID -ne 0 ]]; then
echo "Please run as root user."
exit 1
fi
SCRIPT_DIR="$( cd "$( dirname "$0" )" && pwd )"
AIRTIMEROOT=${SCRIPT_DIR}
showhelp () {
echo "Usage: sudo bash install [options]
-h, --help, -?
Display usage information
-V, --version
Display version information
-v, --verbose
More output
-q, --quiet, --silent
No output except errors
-f, --force
Turn off interactive prompts
--distribution=DISTRIBUTION
Linux distribution the installation is being run on
--release=RELEASE
Distribution release
-d, --ignore-dependencies
Don't install binary dependencies
-w, --web-user=WEB_USER
Set the apache web user. Defaults to www-data. Only change
this setting if you've changed the default apache web user
-r, --web-root=WEB_ROOT
Set the web root for Airtime files
This will copy the Airtime application files, but you will need
to give your web user access to the given directory if it is
not accessible
--web-port=WEB_PORT
Set what port the LibreTime interface should run on.
-I, --in-place
Set the current Airtime directory as the web root
Note that you will need to give your web user permission to
access this directory if it is not accessible
-p, --postgres
Create a default postgres user named 'airtime' with password
'airtime'
-a, --apache
Install apache and deploy a basic configuration for Airtime
-i, --icecast
Install Icecast 2 and deploy a basic configuration for Airtime
--selinux
Run restorecon on directories and files that need tagging to
allow the WEB_USER access
--no-postgres
Skips all postgres related install tasks (Useful if you configure
postgresql as part of another script / docker builds)
--no-rabbitmq
Skips all rabbitmq related install tasks.
"
exit 0
}
showversion () {
if [ ! -f "$SCRIPT_DIR/VERSION" ]; then
echo "Please initialize LibreTime by running ./build.sh"
exit 1
fi
version=$(cat "$SCRIPT_DIR/VERSION")
echo "LibreTime Version ${version}"
exit 0
}
web_user=""
web_root=""
web_port="80"
in_place="f"
postgres="f"
apache="f"
icecast="f"
ignore_dependencies="f"
selinux="f"
# Interactive
_i=1
# Verbose
_v=0
# Quiet
_q=0
upgrade="f"
dist=""
code=""
apache_bin=""
skip_postgres=0
skip_rabbitmq=0
default_value="Y"
function verbose() {
if [[ ${_v} -eq 1 ]]; then
echo -e "$@"
fi
}
function loud() {
if [[ ${_q} -eq 0 ]]; then
echo -e "$@"
fi
}
# Evaluate commands silently if quiet.
# If not quiet, output command if verbose.
function loudCmd() {
if [[ ${_q} -eq 0 ]]; then
verbose "$@"
eval $@
else
eval $@ > /dev/null
fi
}
function checkCommandExists() {
set +e
command=$@
eval hash ${command} 2>/dev/null
commandFound=$?
if [[ ! ${commandFound} -eq 0 ]]; then
echo -e "Error: ${command} not found. Please ensure you have the corresponding dependency installed."
exit
fi
set -e
}
# Function to determine if systemd, Upstart or System V Init is the active
# init system. All the newer supported distros use systemd out-of-the-box but
# a sysadmin could have installed an alternative init compatibility package.
# As a result, making assumptions based on the distribution and release is
# not a good idea. The detection works as follows:
# 1. Get the process name where PID=1 and follow any symlinks.
# 2. Look up that path in the appropriate package manager to get the name
# of the package that process is part of.
# See https://unix.stackexchange.com/questions/196166/how-to-find-out-if-a-system-uses-sysv-upstart-or-systemd-initsystem
has_systemd_init=false
has_upstart_init=false
has_systemv_init=false
function systemInitDetect() {
verbose "\nDetecting init system type ..."
# Get the path of the command where pid=1 following any symlinks
pid_1_path=$(readlink --canonicalize -n /proc/1/exe)
# returns '/sbin/init' (Debian Wheezy & Ubuntu Trusty)
# returns '(/usr)?/lib/systemd/systemd' (Debian Stretch, Debian Jessie, Debian Buster, Ubuntu Xenial, CentOS 7)
verbose "Detected path to PID=1 process: $pid_1_path"
# Get package of PID=1 path as it identifies the init system.
# Allow this to fail, at least then the init system can be guessed from the
# PID 1 executable alone
pid_1_package=$(dpkg -S $pid_1_path 2>/dev/null ||
rpm --qf '%{name}\n' -qf $pid_1_path 2>/dev/null ||
echo "unknown")
verbose "Detected package name for PID=1 process: $pid_1_package"
case "${pid_1_package}:${pid_1_path}" in
*systemd*) has_systemd_init=true; verbose "Detected init system type: systemd" ;;
*upstart*) has_upstart_init=true; verbose "Detected init system type: Upstart" ;;
*sysvinit*) has_systemv_init=true; verbose "Detected init system type: System V" ;;
*) echo "ERROR: Unable to detect init system using package or path of PID=1 process!" >&2
exit 1
;;
esac
return 0
}
# Function to wrap installation of services for systemd, Upstart and System V
# depending on which one was detected by the systemInitDetect() function.
# Service file is copied from a known location and installed into the system.
# In the process, filtering is performed for the userid if appropriate.
# If required, the service is enabled; then it is started.
# Usage:
# systemInitInstall service-name [user]
function systemInitInstall() {
local service_name="$1"
local user="$2"
local source_base_path=""
local source_path=""
local target_path=""
local source_config_path=""
local target_config_path=""
local python_source_path="${SCRIPT_DIR-$PWD}/python_apps"
verbose "\n * Installing service $service_name ..."
if $has_systemd_init; then
# TODO: move .service files under python_apps/.../install/systemd
source_path="${SCRIPT_DIR-$PWD}/installer/systemd/${service_name}.service"
target_path="/etc/systemd/system/${service_name}.service"
if [[ ! -e $source_path ]]; then
echo "$0:${FUNCNAME}(): ERROR: service \"$service_name\" with source path \"$source_path\" does not exist!" >&2
exit 1
fi
# Stop and disable the service if it already exists
if [[ -e $target_path ]]; then
verbose "Service $service_name already exists - stopping and disabling."
loudCmd "systemctl disable ${service_name}.service"
loudCmd "systemctl stop ${service_name}.service"
fi
# If no user defined, then just copy, otherwise filter
if [[ -z $user ]]; then
loudCmd "cp $source_path $target_path"
else
sed -e "s/User=.*/User=${user}/" \
-e "s/Group=.*/Group=${user}/" $source_path > $target_path
fi
chmod 0644 $target_path
chown root:root $target_path
verbose "Service ${service_name} installed into ${target_path}"
# Enable and start the service
loudCmd "systemctl enable ${service_name}.service"
verbose "Service ${service_name} enabled and started"
elif $has_upstart_init; then
case "$service_name" in
airtime_analyzer)
source_path="${python_source_path}/${service_name}/install/upstart/${service_name}.conf"
target_path="/etc/init/${service_name}.conf"
user=${user:-$web_user}
;;
airtime-celery)
source_path="${python_source_path}/${service_name}/install/upstart/${service_name}.conf"
target_path="/etc/init/${service_name}.conf"
user=""
;;
airtime-liquidsoap|airtime-playout)
source_path="${python_source_path}/pypo/install/upstart/${service_name}.conf.template"
target_path="/etc/init/${service_name}.conf"
user=${user:-$web_user}
;;
esac
if [[ ! -e $source_path ]]; then
echo "$0:${FUNCNAME}(): ERROR: service \"$service_name\" with source path \"$source_path\" does not exist!" >&2
exit 1
fi
# Stop the service if it already exists
if [[ -e $target_path ]]; then
verbose "Service $service_name already exists - stopping."
loudCmd "service ${service_name} stop"
fi
# If no user defined, then just copy, otherwise filter
if [[ -z $user ]]; then
loudCmd "cp $source_path $target_path"
else
sed -e "s/WEB_USER/${user}/g" \
-e "/^set[gu]id/{s/www-data/${user}/}" $source_path > $target_path
fi
chmod 0644 $target_path
chown root:root $target_path
verbose "Service ${service_name} installed into ${target_path}"
loudCmd "initctl check-config $service_name"
elif $has_systemv_init; then
case "$service_name" in
airtime_analyzer)
source_path="${python_source_path}/${service_name}/install/sysvinit/${service_name}"
target_path="/etc/init.d/${service_name}"
user=${user:-$web_user}
;;
airtime-celery)
source_path="${python_source_path}/${service_name}/install/initd/${service_name}"
target_path="/etc/init.d/${service_name}"
source_config_path="${python_source_path}/${service_name}/install/conf/${service_name}"
target_config_path="/etc/default/${service_name}"
user=""
;;
airtime-liquidsoap|airtime-playout)
source_path="${python_source_path}/pypo/install/sysvinit/${service_name}"
target_path="/etc/init.d/${service_name}"
user=${user:-$web_user}
;;
esac
if [[ ! -e $source_path ]]; then
echo "$0:${FUNCNAME}(): ERROR: service \"$service_name\" with source path \"$source_path\" does not exist!" >&2
exit 1
fi
# Stop the service if it already exists
if [[ -e $target_path ]]; then
verbose "Service $service_name already exists - stopping."
loudCmd "invoke-rc.d $service_name stop"
fi
# If no user defined, then just copy, otherwise filter
if [[ -z $user ]]; then
loudCmd "cp $source_path $target_path"
[[ -n $source_config_path ]] &&
loudCmd "cp $source_config_path $target_config_path"
else
sed -e "/^USERID/{s/www-data/${user}/}" \
-e "/^GROUPID/{s/www-data/${user}/}" $source_path > $target_path
fi
chmod 0644 $target_path
chown root:root $target_path
if [[ -n $target_config_path ]]; then
chmod 0644 $target_config_path
chown root:root $target_config_path
fi
verbose "Service ${service_name} installed into ${target_path}"
# Create symlinks for the appropriate runlevels
loudCmd "update-rc.d $service_name defaults"
verbose "Service ${service_name} enabled"
fi
return 0
}
# Function to wrap different systemd vs. Upstart init commands depending
# on which init system has been detected. Syntax is similar to systemctl.
# Usage:
# systemInitCommand _command_ [service-name ...]
# Where _command_ is one of: start, stop, status, reload, restart
# enable, disable and either daemon-reload or reload-configuration.
function systemInitCommand() {
local command=$1; shift
case "$command" in
start|stop|status|reload|restart)
if $has_systemd_init; then
loudCmd "systemctl $command $@"
elif $has_upstart_init; then
for svc_name in $@; do
loudCmd "service $svc_name $command"
done
elif $has_systemv_init; then
for svc_name in $@; do
loudCmd "invoke-rc.d $svc_name $command"
done
fi
;;
enable|disable) # TODO: REMOVE
$has_systemd_init &&
loudCmd "systemctl $command $1.service"
if $has_systemv_init; then
if [[ "$command" = "enable" ]]
then loudCmd "update-rc.d $1 defaults"
else loudCmd "update-rc.d $1 enable"
fi
fi
;;
daemon-reload|reload-configuration)
$has_systemd_init &&
loudCmd "systemctl daemon-reload"
$has_upstart_init &&
loudCmd "initctl reload-configuration"
;;
*) echo -e "$0:${FUNCNAME}(): ERROR: command \"$command\" is not supported!" >&2
exit 1
;;
esac
return 0
}
while :; do
case "$1" in
--help)
showhelp
;;
--version)
showversion
;;
--verbose)
_v=1
;;
--quiet|--silent)
_q=1
;;
--force)
_i=0
;;
--distribution)
if [ "$2" ]; then
dist=$2
shift 2
continue
else
echo 'ERROR: Must specify a non-empty "--distribution DISTRIBUTION" argument.' >&2
exit 1
fi
;;
--distribution=?*)
dist=${1#*=} # Delete everything up to "=" and assign the remainder.
;;
--distribution=)
echo 'ERROR: Must specify a non-empty "--distribution DISTRIBUTION" argument.' >&2
exit 1
;;
--release)
if [ "$2" ]; then
code=$2
shift 2
continue
else
echo 'ERROR: Must specify a non-empty "--release RELEASE" argument.' >&2
exit 1
fi
;;
--release=?*)
code=${1#*=} # Delete everything up to "=" and assign the remainder.
;;
--release=)
echo 'ERROR: Must specify a non-empty "--release RELEASE" argument.' >&2
exit 1
;;
--ignore-dependencies)
ignore_dependencies="t"
;;
--apache)
apache="t"
;;
--icecast)
icecast="t"
;;
--postgres)
postgres="t"
;;
--in-place)
in_place="t"
;;
--web-user)
if [ "$2" ]; then
web_user=$2
shift 2
continue
else
echo 'ERROR: Must specify a non-empty "--web-user WEB_USER" argument.' >&2
exit 1
fi
;;
--web-user=?*)
web_user=${1#*=} # Delete everything up to "=" and assign the remainder.
;;
--web-user=)
echo 'ERROR: Must specify a non-empty "--web-user=WEB_USER" argument.' >&2
exit 1
;;
--web-root)
if [ "$2" ]; then
web_root=$(readlink -f $2)
shift 2
continue
else
echo 'ERROR: Must specify a non-empty "--web-root WEB_ROOT" argument.' >&2
exit 1
fi
;;
--web-root=?*)
web_root=${1#*=} # Delete everything up to "=" and assign the remainder.
;;
--web-root=)
echo 'ERROR: Must specify a non-empty "--web-root=WEB_ROOT" argument.' >&2
exit 1
;;
--web-port)
echo 'ERROR: Please specify a port number.' >&2
exit 1
;;
--web-port=)
echo 'ERROR: Please specify a port number.' >&2
exit 1
;;
--web-port=?*)
web_port=${1#*=}
;;
--selinux)
selinux="t"
;;
--no-postgres)
skip_postgres=1
;;
--no-rabbitmq)
skip_rabbitmq=1
;;
--)
shift
break
;;
-?*)
for ((i = 1; i < ${#1}; i++)); do
case "${1:$i:1}" in
h|\?)
showhelp
;;
V)
showversion
;;
v)
_v=1
;;
q)
_q=1
;;
f)
_i=0
;;
d)
ignore_dependencies="t"
;;
a)
apache="t"
;;
i)
icecast="t"
;;
p)
postgres="t"
;;
I)
in_place="t"
;;
w)
if [ "$2" ]; then
web_user=$2
continue
else
echo 'ERROR: Must specify a non-empty "-w WEB_USER" argument.' >&2
exit 1
fi
;;
r)
if [ "$2" ]; then
web_root=$(readlink -f $2)
continue
else
echo 'ERROR: Must specify a non-empty "-d WEB_ROOT" argument.' >&2
exit 1
fi
;;
*)
echo "$0: error - unrecognized option '${1:$i:1}'" >&2;
echo "Try 'install --help' for more information."
exit 1
esac
done
;;
*)
break
esac
shift
done
if [ -z web_root -a ! -d web_root ]; then
echo "$web_root doesn't exist!"
exit 1
fi
echo -e "\n.____ ._____. ___________.__ "
echo "| | |__\_ |_________ ___\__ ___/|__| _____ ____ "
echo "| | | || __ \_ __ \_/ __ \| | | |/ \_/ __ \ "
echo "| |___| || \_\ \ | \/\ ___/| | | | Y Y \ ___/ "
echo "|_______ \__||___ /__| \___ >____| |__|__|_| /\___ >"
echo -e " \/ \/ \/ \/ \/\n"
echo -e "Detecting distribution and release ..."
if [ -e /etc/os-release ]; then
# Access $ID, $VERSION_ID and $PRETTY_NAME
source /etc/os-release
echo "Detected distribution id: $ID"
echo "Detected distribution release id: $VERSION_ID"
echo "Detected distribution description: $PRETTY_NAME"
else
ID=unknown
VERSION_ID=unknown
PRETTY_NAME="Unknown distribution and release"
echo "WARNING: /etc/os-release configuration not found. Unable to detect distribution." >&2
if [ -z "$dist" -o -z "$code" ]; then
echo "ERROR: One or both of --distribution and --release options were not specified." >&2
echo "This is an unsupported distribution and/or version!" >&2
exit 1
fi
fi
# Validate --distribution parameter has a sane value for this OS.
if [ -n "$dist" ]; then
dist=${dist,,}
verbose "Checking --distribution \"$dist\" to ensure it has a sane value."
# If $ID detected above does not match parameter, then do some checking
if [ "$dist" != "$ID" ]; then
verbose "Detected distribution \"$ID\" does not match specified one of \"$dist\". Checking ..."
case "$dist" in
centos|rhel) pkg_installer=/usr/bin/yum; verbose "Detected yum package installer" ;;
debian|ubuntu) pkg_installer=/usr/bin/apt-get; verbose "Detected apt-get package installer" ;;
*) echo "ERROR: the value \"$dist\" specified for --distribution is unsupported." >&2
exit 1
;;
esac
if [ ! -x "$pkg_installer" ]; then
echo "ERROR: The value \"$dist\" specified for --distribution does not appear compatible!" >&2
exit 1
fi
fi
fi
# Validate the distribution and release is a supported one; set boolean flags.
is_debian_dist=false
is_debian_buster=false
is_debian_stretch=false
is_debian_jessie=false
is_ubuntu_dist=false
is_ubuntu_bionic=false
is_ubuntu_xenial=false
is_ubuntu_trusty=false
is_centos_dist=false
is_centos_7=false
# Use specified distribution and release or detected otherwise.
dist="${dist:-$ID}"
code="${code:-$VERSION_ID}"
code="${code,,}"
verbose "Validating dist-code: ${dist}-${code}"
case "${dist}-${code}" in
ubuntu-18.04)
code="bionic"
is_ubuntu_dist=true
is_ubuntu_bionic=true
;;
ubuntu-16.04|ubuntu-xenial|ubuntu-xenial_docker_minimal)
code="xenial"
is_ubuntu_dist=true
is_ubuntu_xenial=true
;;
ubuntu-14.04|ubuntu-trusty)
code="trusty"
is_ubuntu_dist=true
is_ubuntu_trusty=true
echo -e "WARNING: Ubuntu Trusty will be EOL by April 2019 and LibreTime will no longer support it at that point." >&2
echo -e "Please upgrade to a non-EOL distro ASAP!" >&2
sleep 6
;;
debian-9|debian-stretch)
code="stretch"
is_debian_dist=true
is_debian_stretch=true
;;
debian-10|debian-buster)
code="buster"
is_debian_dist=true
is_debian_buster=true
;;
#Fix for Raspbian 9 (stretch)
raspbian-9|9)
code="stretch"
dist="debian"
is_debian_dist=true
is_debian_stretch=true
;;
#End of fix
debian-8|debian-jessie)
code="jessie"
is_debian_dist=true
echo -e "ERROR: Debian Jessie is archived and does not receive any security or other updates since 2018-05-17." >&2
echo -e "The LibreTime installer will drop support for installing LibreTime on Jessie in 3.0.0-alpha.8." >&2
sleep 6
is_debian_jessie=true
;;
debian-7|debian-wheezy)
echo -e "ERROR: Debian Wheezy is archived and does not receive any security or other updates since 2018-05-31." >&2
echo -e "The LibreTime installer dropped support for installing LibreTime on Wheezy in 3.0.0-alpha.6." >&2
exit 1
;;
centos-7)
is_centos_dist=true
is_centos_7=true
;;
*)
echo -e "ERROR: Distribution \"$PRETTY_NAME\" is not supported with \"${dist}-${code}\"!" >&2
exit 1
;;
esac
verbose "Using distribution id \"$dist\", release code \"$code\""
# Detect init system type
systemInitDetect
if $is_centos_dist; then
apache_bin="httpd"
apache_service="httpd"
web_user="${web_user:-apache}"
else
apache_bin="apache2ctl"
apache_service="apache2"
web_user="${web_user:-www-data}"
fi
if [ "$ignore_dependencies" = "f" ]; then
set +e
loud "\n-----------------------------------------------------"
loud " * Installing External Dependencies * "
loud "-----------------------------------------------------"
if [ -x /usr/bin/apt-get ]; then
verbose "\n * Reading requirements-${dist}-${code}.apt..."
loudCmd "apt-get update"
package_list_file="${SCRIPT_DIR}/installer/lib/requirements-${dist}-${code}.apt"
if [ ! -f "$package_list_file" ]; then
echo "ERROR: package file does not exist: $package_list_file" >&2
exit 1
fi
# For apt-get version 1.1 or higher, --force-yes is deprecated so use new options.
apt_force_options="--allow-downgrades --allow-remove-essential --allow-change-held-packages"
# Get apt-get version by returning the 2nd parameter from the 1st line of output
apt_version=$(apt-get --version |awk 'NR == 1 { print $2 }')
# returns 1.8.0~alpha3 (Debian Buster)
# returns: 1.4.7 (Debian Stretch)
# returns: 0.9.7.9 (Debian Wheezy)
# returns: 1.0.1ubuntu2 (Ubuntu Trusty)
# returns: 1.0.9.8.4 (Debian Jessie)
# returns: 1.2.9 (Ubuntu Xenial)
verbose "Detected apt-get version as: $apt_version"
apt_version_formatted=$(awk 'BEGIN {FS = "."} {printf "%03d.%03d\n", $1,$2}' <<< $apt_version)
[[ "$apt_version_formatted" < "001.001" ]] && apt_force_options="--force-yes"
verbose "Using apt-get force options: $apt_force_options"
loudCmd "DEBIAN_FRONTEND=noninteractive apt-get -y -m ${apt_force_options} install $(grep -vE '^\s*#' $package_list_file | tr '\n' ' ')"
if [ "$in_place" = "t" ]; then
loudCmd "DEBIAN_FRONTEND=noninteractive apt-get -y -m install git"
fi
else
echo "WARNING: installing dependencies is not supported for this distribution" >&2
fi
set -e
else
checkCommandExists "${apache_bin}"
checkCommandExists "rabbitmqctl"
checkCommandExists "psql"
if [ "$in_place" = "t" ]; then
checkCommandExists "git"
fi
fi
# Check if composer exists and install if it doesn't
set +e
eval hash "composer" 2>/dev/null
commandFound=$?
set -e
if [[ ! ${commandFound} -eq 0 ]]; then
curl -sS https://getcomposer.org/installer > get-composer.php
php ./get-composer.php --install-dir=/usr/local/bin --filename=composer
rm get-composer.php
PATH="${PATH}:/usr/local/bin"
fi
# Run composer (install PHP dependencies) and create a VERSION file
loudCmd "./build.sh"
if [ -f /etc/airtime/airtime.conf ]; then
# TODO use VERSION or some other way to check for updates and handle
# media-monitor case on it's own
OLD_CONF=$(grep "[media-monitor]" /etc/airtime/airtime.conf)
if [ -n "${OLD_CONF}" ]; then
upgrade="t"
set +e
verbose "Stopping airtime services..."
systemInitCommand stop airtime_analyzer airtime-celery airtime-playout airtime-liquidsoap airtime-media-monitor
verbose "...Done"
verbose "Disabling obsolete services..."
systemInitCommand disable airtime-media-monitor
verbose "...Done"
echo "Looks like you have an old version of Airtime. Your current /etc/airtime/airtime.conf \
will be moved to /etc/airtime/airtime.conf.tmp"
# If we don't remove the existing python files in /usr/lib and the
# /etc/init.d startup scripts, services won't work properly
if [ -d /usr/lib/airtime/ ]; then
rm -rf /usr/lib/airtime/
fi
rm -f /etc/init.d/airtime*
rm -f /etc/init/airtime*
rm -f /etc/default/airtime-celery
rm -f /etc/systemd/system/airtime*
if [ "$apache" = "t" ]; then
# If the user selects an "in-place" install or passes in a web root,
# we need to replace the old apache airtime.conf
rm /etc/apache2/sites-available/airtime.conf /etc/apache2/sites-enabled/airtime.conf
fi
if [ -d /usr/share/airtime -a web_root = /usr/share/airtime ]; then
rm -rf /usr/share/airtime
fi
mv /etc/airtime/airtime.conf /etc/airtime/airtime.conf.tmp
set -e
fi
fi
if [ "$apache" = "f" -a ${_i} -eq 1 ]; then
echo -e "Install default Airtime apache configuration? (Y/n): \c"
read IN
IN=${IN:-$default_value}
if [ "$IN" = "y" -o "$IN" = "Y" ]; then
apache="t"
fi
fi
if [ "$in_place" = "t" ]; then
verbose "\n * Setting current Airtime directory as web root..."
web_root=${AIRTIMEROOT}/airtime_mvc/public
elif [ -n "$web_root" ]; then
verbose "\n * Creating Apache web root directory..."
cp -R ${AIRTIMEROOT}/airtime_mvc ${web_root}
cp -R ${AIRTIMEROOT}/vendor ${web_root}
cp ${AIRTIMEROOT}/VERSION ${web_root}
web_root=${web_root}/airtime_mvc/public/
else
verbose "\n * Creating default Apache web root directory /usr/share/airtime/php..."
web_root="/usr/share/airtime/php"
mkdir -p ${web_root}
cp -R ${AIRTIMEROOT}/airtime_mvc ${web_root}
cp -R ${AIRTIMEROOT}/vendor ${web_root}
cp ${AIRTIMEROOT}/VERSION ${web_root}
web_root=${web_root}/airtime_mvc/public/
fi
verbose "...Done"
if [ "$apache" = "t" ]; then
loud "\n-----------------------------------------------------"
loud " * Configuring Apache * "
loud "-----------------------------------------------------"
# Detect Apache root folder, e.g. /etc/apache2 or /etc/httpd
eval $($apache_bin -V |awk '/HTTPD_ROOT|SERVER_CONFIG_FILE/ { print $2 }')
apache_conf="${HTTPD_ROOT}/${SERVER_CONFIG_FILE}"
verbose "Detected Apache root folder is: ${HTTPD_ROOT}"
if [[ ! -e $apache_conf ]]; then
echo -e "ERROR: Apache binary \"$apache_bin\" points to a non-existent file \"$apache_conf\""
exit 1
fi
verbose "Detected Apache primary .conf file is: ${apache_conf}"
if [[ -d ${HTTPD_ROOT}/sites-available ]]; then # debian & ubuntu
apache_sitedir="${HTTPD_ROOT}/sites-available/"
elif [[ -d ${HTTPD_ROOT}/conf.d ]]; then # centos
apache_sitedir="${HTTPD_ROOT}/conf.d/"
else
echo -e "ERROR: unknown location of Apache sites-available or virtual host directory!" >&2
exit 1
fi
verbose "Detected Apache sites configuration folder: ${apache_sitedir}"
set +e
# Parse: Server version: Apache/2.2.22 (Ubuntu) -> 2
apache_major_version=$($apache_bin -v |awk -F'[ /.]+' 'NR == 1 { print $4 }')
set -e
if [[ "$apache_major_version" -ge 2 ]]; then
airtimeconfigfile="airtime.conf"
oldconfigfile="airtime-vhost.conf"
else
airtimeconfigfile="airtime"
oldconfigfile="airtime-vhost"
fi
# If we're upgrading (installing over an existing Airtime install) and we've been told to
# install apache, we should overwrite any existing configuration. If we don't do this, doing
# an in-place installation over an old Airtime install (which installs to /usr/share by default)
# will fail
if [ "$upgrade" = "t" -o ! -f ${apache_sitedir}${airtimeconfigfile} ]; then
verbose "\n * Creating Apache config for Airtime..."
listen_port=""
if [ "$web_port" != "80" ]; then
listen_port="Listen ${web_port}"
fi
apache_template_file=${SCRIPT_DIR}/installer/apache/airtime-vhost-2.4
if [[ "$apache_major_version" -eq 1 ]]; then
# fall back to apache 1 config
apache_template_file=${SCRIPT_DIR}/installer/apache/airtime-vhost
fi
sed \
-e "s@WEB_PORT_LISTEN@${listen_port}@g" \
-e "s@WEB_PORT@${web_port}@g" \
-e "s@WEB_ROOT@${web_root}@g" \
${apache_template_file} > ${apache_sitedir}${airtimeconfigfile}
# The a2ensite/a2dissite utilities are not available on CentOS
if [[ -x /usr/sbin/a2ensite ]]; then
loudCmd "a2dissite 000-default"
# If Airtime was previously installed with apt, the vhost file name is different,
# so we need to specifically disable it.
if [ -f "/etc/apache2/sites-available/${oldconfigfile}" ]; then
loudCmd "a2dissite airtime-vhost"
fi
loudCmd "a2ensite airtime"
fi
else
verbose "\nApache config for Airtime already exists, skipping"
fi
fi
if [ "$icecast" = "f" -a ${_i} -eq 1 ]; then
echo -e "Install default Airtime Icecast configuration? (Y/n): \c"
read IN
IN=${IN:-$default_value}
if [ "$IN" = "y" -o "$IN" = "Y" ]; then
icecast="t"
fi
fi
if [ "$icecast" = "t" ]; then
loud "\n-----------------------------------------------------"
loud " * Configuring Icecast * "
loud "-----------------------------------------------------"
verbose "\n * Enabling Icecast 2..."
icecast_unit_name="icecast2"
if [ "$dist" != "centos" ]; then
sed -i 's/ENABLE=false/ENABLE=true/g' /etc/default/icecast2
else
icecast_unit_name="icecast"
fi
# restart in case icecast was already started (like is the case on debian)
systemInitCommand restart ${icecast_unit_name}
verbose "...Done"
fi
loud "\n-----------------------------------------------------"
loud " * Installing Airtime Services * "
loud "-----------------------------------------------------"
verbose "\n * Installing necessary python services..."
loudCmd "pip install setuptools --upgrade"
verbose "...Done"
# Ubuntu Trusty and Debian Wheezy needs a workaround for python version SSL downloads
# This affects all python installs where python < 2.7.9
python_version=$(python --version 2>&1 | awk '{ print $2 }')
verbose "Detected Python version: $python_version"
# Convert version so each segment is zero padded for easy comparison
python_version_formatted=$(awk 'BEGIN {FS = "."} {printf "%03d.%03d.%03d\n", $1,$2,$3}' <<< $python_version)
if [[ "$python_version_formatted" < "002.007.009" ]]; then
verbose "\n * Installing pyOpenSSL and ca db for SNI support..."
loudCmd "pip install pyOpenSSL cryptography idna certifi --upgrade"
verbose "...Done"
fi
verbose "\n * Creating /run/airtime..."
mkdir -p /run/airtime
chmod 755 /run/airtime
chown -R ${web_user}:${web_user} /run/airtime
verbose "...Done"
if [ ! -d /var/log/airtime ]; then
loud "\n-----------------------------------------------------"
loud " * Installing Log Files * "
loud "-----------------------------------------------------"
verbose "\n * Creating /var/log/airtime"
loudCmd "mkdir -p /var/log/airtime"
verbose "\n * Copying logrotate files..."
loudCmd "cp ${AIRTIMEROOT}/airtime_mvc/build/airtime-php.logrotate /etc/logrotate.d/airtime-php"
loudCmd "cp ${AIRTIMEROOT}/python_apps/pypo/liquidsoap/airtime-liquidsoap.logrotate /etc/logrotate.d/airtime-liquidsoap"
fi
verbose "\n * Installing API client..."
loudCmd "python ${AIRTIMEROOT}/python_apps/api_clients/setup.py install --install-scripts=/usr/bin"
verbose "...Done"
verbose "\n * Installing pypo and liquidsoap..."
loudCmd "python ${AIRTIMEROOT}/python_apps/pypo/setup.py install --install-scripts=/usr/bin --no-init-script"
loudCmd "mkdir -p /var/log/airtime/{pypo,pypo-liquidsoap} /var/tmp/airtime/pypo/{cache,files,tmp} /var/tmp/airtime/show-recorder/"
loudCmd "chown -R ${web_user}:${web_user} /var/log/airtime/{pypo,pypo-liquidsoap} /var/tmp/airtime/pypo/{cache,files,tmp} /var/tmp/airtime/show-recorder/"
systemInitInstall airtime-liquidsoap $web_user
systemInitInstall airtime-playout $web_user
verbose "...Done"
verbose "\n * Installing airtime-celery..."
loudCmd "python ${AIRTIMEROOT}/python_apps/airtime-celery/setup.py install --no-init-script"
# Create the Celery user
if $is_centos_dist; then
loudCmd "id celery 2>/dev/null || adduser --no-create-home -c 'LibreTime Celery' -r celery || true"
else
loudCmd "id celery 2>/dev/null || adduser --no-create-home --gecos 'LibreTime Celery' --disabled-login --firstuid 1 --lastuid 999 celery"
fi
# Add celery to the www-data group
loudCmd "usermod -G ${web_user} -a celery"
# CentOS installs celery in /usr/bin which differs from other distros. Make
# available in /usr/local/bin as systemd requires an absolute path.
[[ ! -e /usr/local/bin/celery ]] && ln -s /usr/bin/celery /usr/local/bin/celery
systemInitInstall airtime-celery
verbose "...Done"
verbose "\n * Installing airtime_analyzer..."
loudCmd "python ${AIRTIMEROOT}/python_apps/airtime_analyzer/setup.py install --install-scripts=/usr/bin --no-init-script"
systemInitInstall airtime_analyzer $web_user
verbose "...Done"
verbose "\n * Setting permissions on /var/log/airtime..."
# Make the airtime log directory group-writable
loudCmd "chmod -R 775 /var/log/airtime"
loudCmd "chown -R ${web_user}:${web_user} /var/log/airtime/"
verbose "\n * Setting permissions on /var/tmp/airtime..."
loudCmd "chmod -R a+x /var/tmp/airtime"
loudCmd "chown -R ${web_user}:${web_user} /var/tmp/airtime/"
loud "\n-----------------------------------------------------"
loud " * Configuring PHP in Apache * "
loud "-----------------------------------------------------"
# Test common locations for php conf directory
php_conf_dirs=(
"/etc/php/7.3/apache2/conf.d" # Debian Buster
"/etc/php/7.2/apache2/conf.d" # Ubuntu Bionic
"/etc/php/7.0/apache2/conf.d" # Ubuntu Xenial
"/etc/php5/apache2/conf.d" # Debian Stretch, Debian Jessie, Ubuntu Trusty
"/etc/php.d" # CentOS 7
)
for php_conf in ${php_conf_dirs[@]}; do
[[ -d $php_conf ]] && break
done
if [[ -d $php_conf ]]; then
libretime_phpini="${php_conf}/airtime.ini"
else
echo -e "ERROR: PHP Apache configuration folder does not exist or is in an unknown location!" >&2
exit 1
fi
verbose "Detected php conf directory at: $php_conf"
if [ ! -f "${libretime_phpini}" ]; then
verbose "\n * Creating LibreTime PHP config for Apache..."
cp ${SCRIPT_DIR}/installer/php/airtime.ini ${libretime_phpini}
else
verbose "\nAirtime PHP config for Apache already exists, skipping"
fi
# Enable Apache modules
if $is_debian_buster; then
loudCmd "a2enmod rewrite php7.3"
elif $is_ubuntu_bionic; then
loudCmd "a2enmod rewrite php7.2"
elif $is_ubuntu_xenial || $is_debian_stretch; then
loudCmd "a2enmod rewrite php7.0"
elif $is_centos_dist; then
verbose "TODO: enable Apache modules mod_rewrite and mod_php manually"
else
loudCmd "a2enmod rewrite php5"
fi
if [ $skip_postgres -eq 0 ]; then
loud "\n-----------------------------------------------------"
loud " * Configuring PostgreSQL * "
loud "-----------------------------------------------------"
# Ensure postgres is running - It isn't after you install the postgres package on Ubuntu 15.04
systemInitCommand start postgresql
setupAirtimePostgresUser() {
# here-doc to execute this block as postgres user
su postgres <<'EOF'
set +e
count=$(psql -d postgres -tAc "SELECT count(*) FROM pg_roles WHERE rolname='airtime';")
if [[ $count -eq 0 ]]; then
psql -d postgres -tAc "CREATE USER airtime WITH ENCRYPTED PASSWORD 'airtime'; ALTER USER airtime CREATEDB;"
[[ $? -eq 0 ]] &&
echo "Created airtime user in PostgreSQL" ||
echo "$0:${FUNCNAME}(): ERROR: Can't create airtime user in PostgreSQL!"
else
echo "airtime user already exists in PostgreSQL"
fi
set -e
# don't indent this!
EOF
}
if [ "$postgres" = "t" ]; then
setupAirtimePostgresUser
elif [ ${_i} -eq 1 ]; then
echo -e "Create default airtime postgres user? (Y/n): \c"
read IN
IN=${IN:-$default_value}
if [ "$IN" = "y" -o "$IN" = "Y" ]; then
setupAirtimePostgresUser
fi
fi
fi
if [ $skip_rabbitmq -eq 0 ]; then
loud "\n-----------------------------------------------------"
loud " * Configuring RabbitMQ * "
loud "-----------------------------------------------------"
RABBITMQ_VHOST=/airtime
RABBITMQ_USER=airtime
RABBITMQ_PASSWORD=airtime
EXCHANGES="airtime-pypo|pypo-fetch|airtime-analyzer|media-monitor"
# Ignore errors in this check to avoid dying when vhost isn't found
set +e
rabbitmqctl list_vhosts | grep -w "^${RABBITMQ_VHOST}$" > /dev/null
RESULT="$?"
set -e
# Only run these if the vhost doesn't exist
if [ "$RESULT" != "0" ]; then
verbose "\n * Creating RabbitMQ user ${RABBITMQ_USER}..."
rabbitmqctl add_vhost ${RABBITMQ_VHOST}
rabbitmqctl add_user ${RABBITMQ_USER} ${RABBITMQ_PASSWORD}
else
verbose "\nRabbitMQ user already exists, skipping creation"
fi
verbose "\n * Setting RabbitMQ user permissions..."
#loudCmd "rabbitmqctl set_permissions -p ${RABBITMQ_VHOST} ${RABBITMQ_USER} \"$EXCHANGES\" \"$EXCHANGES\" \"$EXCHANGES\""
loudCmd "rabbitmqctl set_permissions -p ${RABBITMQ_VHOST} ${RABBITMQ_USER} .\* .\* .\*"
fi
if [ ! -d "/etc/airtime" ]; then
loud "\n-----------------------------------------------------"
loud " * Installing Airtime * "
loud "-----------------------------------------------------"
verbose "\n * Creating /etc/airtime/ directory..."
mkdir /etc/airtime
fi
chown -R ${web_user}:${web_user} /etc/airtime
if [ ! -d "/srv/airtime" ]; then
mkdir -p /srv/airtime
fi
chown -R ${web_user}:${web_user} /srv/airtime
# We only generate the locales for Airtime if you're allowing us
# to install our dependencies, so that we won't automatically do this
# when this install script runs from our DEB package.
if [ "$ignore_dependencies" = "f" ]; then
loud "\n-----------------------------------------------------"
loud " * Installing Locales * "
loud "-----------------------------------------------------"
if $is_centos_dist; then
loud "\n not required on $dist"
else
set +e
verbose "\n * Generating locales"
for i in `ls ${web_root}/../locale | grep ".._.."`; do
if [ "$dist" = "debian" ]; then
grep -qi "^$i" /etc/locale.gen
if [ $? -ne 0 ]; then
verbose "$i.UTF-8 UTF-8" >> /etc/locale.gen
fi
else
loudCmd "locale-gen \"$i.utf8\""
fi
done
set -e
fi
if [ "$dist" = "debian" ]; then
loudCmd "/usr/sbin/locale-gen"
fi
fi
# If the user requested it we run restorecon on files that need
# tagging for selinux.
if [ "$selinux" = "t" ]; then
loud "\n-----------------------------------------------------"
loud " * Restoring SELinux Tags * "
loud "-----------------------------------------------------"
verbose "\n * Running restorecon..."
loudCmd "restorecon -Rv /etc/airtime /srv/airtime > /dev/null 2>&1"
verbose "...Done"
fi
verbose "\n * Reloading apache..."
systemInitCommand restart ${apache_service}
# NOTE: ip command works on all supported platforms
if $is_centos_dist; then
IP=$(ip -o -4 address show dev eth0 | grep -Po 'inet \K[\d.]+')
else
# not on centos
ip_device="eth0"
$is_ubuntu_xenial && ip_device="enp0s8"
IP=$(ifconfig ${ip_device} 2>/dev/null |awk -F'[ :]+' '/inet addr:/ {print $4}')
fi
verbose "...Done"
echo -e "\n-----------------------------------------------------"
echo " * Basic Setup DONE! * "
echo " "
echo " To get started with Airtime, visit ${IP} "
echo " or, if you've set up your own web configuration, "
echo " the Airtime webroot on your webserver "
echo "-----------------------------------------------------"
Raw
install-liquidsoap.sh
#!/bin/bash
# as root
wget https://github.com/savonet/liquidsoap/releases/download/1.3.7/liquidsoap-1.3.7-full.tar.gz
tar xvf liquidsoap-1.3.7-full.tar.gz
apt-get -y install ocaml-findlib libcamomile-ocaml-dev libmad0-dev libshout3-dev libvorbis-dev libid3tag0-dev libasound2-dev autoconf automake software-properties-common camlp4-extra autotools-dev automake opam ibasound2-dev libfdk-aac-dev libmad0-dev libmp3lame-dev libopus-dev libpcre3-dev libtag1-dev libasound2-dev libfdk-aac-dev libmad0-dev libmp3lame-dev libopus-dev libpcre3-dev libtag1-dev libasound2-dev libfdk-aac-dev libmad0-dev libmp3lame-dev
cd liquidsoap-1.3.7-full ; ./bootstrap
cd liquidsoap-1.3.7-full ; ./configure
cd liquidsoap-1.3.7-full ; cp PACKAGES.default PACKAGES
cd liquidsoap-1.3.7-full ; make
add-apt-repository -y ppa:avsm/ppa
mkdir /usr/local/opam
mkdir -p /usr/share/liquidsoap/.ssh
cp ~/.ssh/authorized_keys /usr/share/liquidsoap/.ssh/
groupadd liquidsoap
useradd -d /usr/share/liquidsoap/ -g liquidsoap -s /bin/bash liquidsoap
chown -R liquidsoap:liquidsoap /usr/local/opam /usr/share/liquidsoap/
# pre-install.sh
#### as liquidsoap
opam init -y --root=/usr/local/opam
eval `opam config env --root=/usr/local/opam`
opam install -y depext
opam depext -y alsa cry fdkaac lame liquidsoap mad opus taglib vorbis
opam install -y alsa cry fdkaac lame liquidsoap mad opus taglib vorbis
# as root
echo "eval \`opam config env --root=/usr/local/opam\`" > /etc/profile.d/liquidsoap-opam.sh
ln -s /usr/local/opam/system/bin/liquidsoap /usr/bin/liquidsoap
#### as liquidsoap
git clone https://github.com/savonet/liquidsoap.git
cd liquidsoap
git submodule init
git submodule update
opam pin add liquidsoap .
Raw
install_db.sh
psql -d postgres -tAc "CREATE USER airtime WITH ENCRYPTED PASSWORD 'airtime'; ALTER USER airtime CREATEDB;"
Raw
KankuFile
#
Kanku::Util::IPTables:
start_port: 49001
domain_name: libretime
default_job: kanku-job
login_user: root
login_pass: kankudai
qemu:
user:
jobs:
kanku-job:
-
use_module: Kanku::Handler::SetJobContext
options:
host_interface: eth0
-
use_module: Kanku::Handler::OBSCheck
options:
api_url: https://api.opensuse.org/public
# Please have a look at
# https://build.opensuse.org/project/show/devel:kanku:images
# to find more official Images
project: devel:kanku:images
repository: images_tumbleweed
package: openSUSE-Tumbleweed-JeOS:ext4
use_oscrc: 0
-
use_module: Kanku::Handler::ImageDownload
options:
use_cache: 1
-
use_module: Kanku::Handler::CreateDomain
options:
memory: 2G
vcpu: 2
use_9p: 1
#forward_port_list: tcp:22,tcp:443
template_file: /home/frank/prj/libretime.tt2
-
use_module: Kanku::Handler::PrepareSSH
-
use_module: Kanku::Handler::ExecuteCommandViaSSH
options:
commands:
- zypper -n ar https://download.opensuse.org/repositories/home:/M0ses:/branches:/home:/radiorabe:/airtime/openSUSE_Factory/home:M0ses:branches:home:radiorabe:airtime.repo
- zypper -n --gpg-auto-import-keys ref -s
- zypper -n in libretime-utils libretime-api_clients libretime-celery libretime-icecast libretime-web libretime-analyzer libretime postgresql11 postgresql11-server rabbitmq-server mc alsa-utils
# The followin packages must be required by libretime-(web?) package
- zypper -n in apache2-mod_php7 php7-json php7-APCu
- systemctl enable postgresql.service
- systemctl start postgresql.service
- su -c "psql -d postgres -tAc \"CREATE USER airtime WITH ENCRYPTED PASSWORD 'airtime';\"" postgres
- su -c "psql -d postgres -tAc \"ALTER USER airtime CREATEDB;\"" postgres
- su -c "psql -d postgres -tAc \"CREATE DATABASE airtime OWNER airtime;\"" postgres
# TODO: in /var/lib/pgsql/data/pg_hba.conf: -'peer' -'ident' -> +'md5'
- cp /tmp/kanku/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf
- systemctl restart postgresql.service
- systemctl enable rabbitmq-server
- systemctl start rabbitmq-server
- rabbitmqctl add_vhost /airtime
- rabbitmqctl add_user airtime airtime
- rabbitmqctl set_permissions -p /airtime airtime ".*" ".*" ".*"
- cp /tmp/kanku/apache2.libretime.conf /etc/apache2/vhosts.d/libretime.conf
- /tmp/kanku/create-cert.sh
- a2enmod php7
- a2enmod filter
- a2enmod deflate
- a2enmod rewrite
- a2enflag SSL
- systemctl enable apache2
- systemctl start apache2
- chown wwwrun:www /etc/airtime
- mkdir /srv/airtime
- chown wwwrun:www /srv/airtime
# TODO: /srv/www/libretime/airtime_mvc/public/.htaccess im airtime-webroot erzeugen:
# RewriteEngine On
# RewriteCond %{HTTPS} !=on
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Raw
KankuFile.ubuntu
#
Kanku::Util::IPTables:
start_port: 49001
domain_name: ubuntu-devel
default_job: kanku-job
login_user: root
login_pass: kankudai
jobs:
kanku-job:
-
use_module: Kanku::Handler::SetJobContext
options:
host_interface: eth0
-
use_module: Kanku::Handler::OBSCheck
options:
api_url: https://api.opensuse.org/public
# Please have a look at
# https://build.opensuse.org/project/show/devel:kanku:images
# to find more official Images
project: devel:kanku:images
repository: images_ubuntu
package: ubuntu-JeOS
#project: Virtualization:Appliances:Images:Testing_x86
#repository: images
#package: test-image-ubuntu:Virtual
skip_all_checks: 1
use_oscrc: 0
-
use_module: Kanku::Handler::ImageDownload
options:
use_cache: 1
-
use_module: Kanku::Handler::CreateDomain
options:
memory: 2G
vcpu: 2
use_9p: 1
#forward_port_list: tcp:22,tcp:443
#root_disk_size: 4294967296
-
use_module: Kanku::Handler::ExecuteCommandViaConsole
options:
commands:
- echo "deb http://archive.ubuntu.com/ubuntu bionic main universe multiverse" > /etc/apt/sources.list
- apt-get update
- apt-get install -y parted openssh-server
-
use_module: Kanku::Handler::PrepareSSH
-
use_module: Kanku::Handler::ExecuteCommandViaSSH
options:
commands:
- apt-get -y install software-properties-common
- add-apt-repository -y ppa:avsm/ppa
- apt-get update
- apt-get install -y build-essential vim vim-common fakeroot dh-make less git-buildpackage
- apt-get install -y autoconf automake autotools-dev camlp4-extra libasound2-dev libcamomile-ocaml-dev libfdk-aac-dev libid3tag0-dev libmad0-dev libmp3lame-dev libopus-dev libpcre3-dev libshout3-dev libtag1-dev libvorbis-dev ocaml-findlib opam software-properties-common
- wget http://caml.inria.fr/pub/distrib/ocaml-4.07/ocaml-4.07.1.tar.gz
- tar xvf ocaml-4.07.1.tar.gz
- cd ocaml-4.07.1 ; ./configure
- cd ocaml-4.07.1 ; make world.opt
- cd ocaml-4.07.1 ; make install
- wget https://github.com/savonet/liquidsoap/releases/download/1.3.7/liquidsoap-1.3.7-full.tar.gz
- tar xvf liquidsoap-1.3.7-full.tar.gz
- cd liquidsoap-1.3.7-full ; ./bootstrap
- cd liquidsoap-1.3.7-full ; cp PACKAGES.default PACKAGES
- cd liquidsoap-1.3.7-full ; ./configure
- cd liquidsoap-1.3.7-full ; make
- add-apt-repository -y ppa:avsm/ppa
- mkdir /usr/local/opam
- mkdir -p /usr/share/liquidsoap/.ssh
- cp ~/.ssh/authorized_keys /usr/share/liquidsoap/.ssh/
- groupadd liquidsoap
- useradd -d /usr/share/liquidsoap/ -g liquidsoap -s /bin/bash liquidsoap
- chown -R liquidsoap:liquidsoap /usr/local/opam /usr/share/liquidsoap/
-
use_module: Kanku::Handler::ExecuteCommandViaSSH
options:
username: liquidsoap
commands:
- opam init -y --root=/usr/local/opam
- eval `opam config env --root=/usr/local/opam`
- opam install -y depext
- opam depext -y alsa cry fdkaac lame liquidsoap mad opus taglib vorbis
- opam install -y alsa cry fdkaac lame liquidsoap mad opus taglib vorbis
-
use_module: Kanku::Handler::ExecuteCommandViaSSH
options:
commands:
- echo "eval \`opam config env --root=/usr/local/opam\`" > /etc/profile.d/liquidsoap-opam.sh
- ln -s /usr/local/opam/system/bin/liquidsoap /usr/bin/liquidsoap
-
use_module: Kanku::Handler::ExecuteCommandViaSSH
options:
username: liquidsoap
commands:
- git clone https://github.com/savonet/liquidsoap.git
- cd liquidsoap ; git submodule init
- cd liquidsoap ; git submodule update
- cd liquidsoap ; opam pin add liquidsoap .
Raw
libretime.tt2
<domain type='kvm'>
<name>[% domain.domain_name %]</name>
<memory unit='KiB'>[% domain.memory %]</memory>
<currentMemory unit='KiB'>[% domain.memory %]</currentMemory>
<vcpu placement='static'>[% domain.vcpu %]</vcpu>
<cpu mode='host-passthrough' check='none'>
<cache mode='passthrough'/>
<feature policy='require' name='[% host_feature %]'/>
</cpu>
<os>
<type arch='x86_64' machine='pc-i440fx-2.3'>hvm</type>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-kvm</emulator>
[% domain.disk_xml %]
<controller type='pci' index='0' model='pci-root'>
<alias name='pci.0'/>
</controller>
<controller type='sata' index='0'>
<alias name='sata0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</controller>
<interface type='network'>
<source network='[% domain.network_name %]' bridge='[% domain.network_bridge %]'/>
<model type='virtio'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</interface>
<serial type='pty'>
<source path='/dev/pts/8'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
<alias name='serial0'/>
</console>
<sound model='ac97'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</sound>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</memballoon>
[% domain.hostshare %]
</devices>
</domain>
Raw
libretime.xml
<domain type='kvm'>
<name>libretime</name>
<uuid>44cbbbdb-4cbb-4d80-815c-73444f9cf30d</uuid>
<memory unit='KiB'>2097152</memory>
<currentMemory unit='KiB'>2097152</currentMemory>
<vcpu placement='static'>2</vcpu>
<os>
<type arch='x86_64' machine='pc-i440fx-2.3'>hvm</type>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<cpu mode='host-passthrough' check='none'>
<cache mode='passthrough'/>
<feature policy='require' name='vmx'/>
</cpu>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/qemu-kvm</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/libretime.qcow2'/>
<target dev='hda' bus='ide'/>
<boot order='1'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<controller type='pci' index='0' model='pci-root'/>
<controller type='sata' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</controller>
<controller type='usb' index='0' model='piix3-uhci'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/home/frank/prj/libretime'/>
<target dir='kankushare'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</filesystem>
<interface type='network'>
<mac address='52:54:00:6a:0c:c0'/>
<source network='default'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<sound model='ac97'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</sound>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</memballoon>
</devices>
</domain>
Raw
pg_hba.conf
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file. A short
# synopsis follows.
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of these forms:
#
# local DATABASE USER METHOD [OPTIONS]
# host DATABASE USER ADDRESS METHOD [OPTIONS]
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type: "local" is a Unix-domain
# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
# plain TCP/IP socket.
#
# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, or a comma-separated list thereof. The "all"
# keyword does not match "replication". Access to replication
# must be enabled in a separate record (see example below).
#
# USER can be "all", a user name, a group name prefixed with "+", or a
# comma-separated list thereof. In both the DATABASE and USER fields
# you can also write a file name prefixed with "@" to include names
# from a separate file.
#
# ADDRESS specifies the set of hosts the record matches. It can be a
# host name, or it is made up of an IP address and a CIDR mask that is
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
# specifies the number of significant bits in the mask. A host name
# that starts with a dot (.) matches a suffix of the actual host name.
# Alternatively, you can write an IP address and netmask in separate
# columns to specify the set of hosts. Instead of a CIDR-address, you
# can write "samehost" to match any of the server's own IP addresses,
# or "samenet" to match any address in any subnet that the server is
# directly connected to.
#
# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
# Note that "password" sends passwords in clear text; "md5" or
# "scram-sha-256" are preferred since they send encrypted passwords.
#
# OPTIONS are a set of options for the authentication in the format
# NAME=VALUE. The available options depend on the different
# authentication methods -- refer to the "Client Authentication"
# section in the documentation for a list of which options are
# available for which authentication methods.
#
# Database and user names containing spaces, commas, quotes and other
# special characters must be quoted. Quoting one of the keywords
# "all", "sameuser", "samerole" or "replication" makes the name lose
# its special character, and just match a database or username with
# that name.
#
# This file is read on server startup and when the server receives a
# SIGHUP signal. If you edit the file on a running system, you have to
# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
# or execute "SELECT pg_reload_conf()".
#
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all md5
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
Raw
setup-appliance.sh
#!/bin/bash
###############################################################################
#
# DEFINITION OF FUNCTIIONS
#
###############################################################################
function execute_silently {
$@ > /dev/null 2>&1
return $?
}
###############################################################################
function logline {
[[ $BOOTSTRAP_TEST_MODE == 1 ]] && return
echo $@
}
###############################################################################
function check_unit {
srv=$1
service_critical=$2
[[ $SETUP_ONLY == 1 ]] && return
echo "Checking unit $srv ..."
logline "Enabling $srv"
execute_silently systemctl enable $srv
if [[ $? -gt 0 ]];then
logline "WARNING: Enabling $srv daemon failed."
fi
STATUS=`systemctl is-active $srv 2>/dev/null`
if [[ "$STATUS" == "inactive" ]];then
echo "$srv daemon not started. Trying to start"
execute_silently systemctl start $srv
if [[ $? -gt 0 ]];then
echo -n "Starting $srv daemon failed."
if [[ $service_critical == 1 ]];then
echo " Exiting ..."
exit 1
fi
fi
fi
}
###############################################################################
function check_server_cert {
# Create directory if not exists
# Usefull on testing systems where no obs-server rpm is installed
[ -d $backenddir/certs/ ] || mkdir -p $backenddir/certs/
if [[ ! -e $backenddir/certs/server.${FQHOSTNAME}.created || ! -e $backenddir/certs/server.${FQHOSTNAME}.crt ]]; then
# setup ssl certificates (NOT protected with a passphrase)
logline "Creating a default SSL certificate for the server"
logline "Please replace it with your version in $backenddir/certs directory..."
DETECTED_CERT_CHANGE=1
# hostname specific certs - survive intermediate hostname changes
if [ ! -e $backenddir/certs/server.${FQHOSTNAME}.crt ] ; then
# This is just a dummy SSL certificate, but it has a valid hostname.
# Admin can replace it with his version.
create_selfsigned_certificate
echo "$OPENSSL_CONFIG" | openssl req -new -nodes -config /dev/stdin \
-x509 -days 365 -batch \
-key $backenddir/certs/server.key \
-out $backenddir/certs/server.${FQHOSTNAME}.crt
if [[ $? == 0 ]];then
echo "Do not remove this file or new SSL CAs will get created." > $backenddir/certs/server.${FQHOSTNAME}.created
fi
else
echo "ERROR: SSL CAs in $backenddir/certs exists, but were not created for your hostname"
exit 1
fi
fi
}
###############################################################################
function create_selfsigned_certificate() {
cert_outdir=$backenddir/certs
COUNTER=0
DNS_NAMES=""
for name in $PROPOSED_DNS_NAMES;do
DNS_NAMES="$DNS_NAMES
DNS.$COUNTER = $name"
COUNTER=$(($COUNTER + 1 ))
done
logline "Creating crt/key in $cert_outdir"
OPENSSL_CONFIG="prompt = no
distinguished_name = req_distinguished_name
[req_distinguished_name]
countryName = CC
stateOrProvinceName = OBS Autogen State or Province
localityName = OBS Autogen Locality
organizationName = OBS Autogen Organisation
organizationalUnitName = OBS Autogen Organizational Unit
commonName = $FQHOSTNAME
emailAddress = test@email.address
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
[req_attributes]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = critical,CA:FALSE
keyUsage = digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
$DNS_NAMES
[ v3_ca ]
basicConstraints = CA:TRUE
subjectAltName = @alt_names
"
}
###############################################################################
function get_hostname {
if [[ $1 && $BOOTSTRAP_TEST_MODE == 1 ]];then
FQHOSTNAME=$1
else
TIMEOUT=600
while [ -z "$FQHOSTNAME" ];do
FQHOSTNAME=`hostname -f 2>/dev/null`
TIMEOUT=$(($TIMEOUT-1))
[ "$TIMEOUT" -le 0 ] && break
echo "Waiting for FQHOSTNAME ($TIMEOUT)"
sleep 1
done
fi
if type -p ec2-public-hostname; then
FQHOSTNAME=`ec2-public-hostname`
fi
if [ "$FQHOSTNAME" = "" ]; then
ask "Please enter the full qualified hostname!"
FQHOSTNAME=$rv
fi
# fallback in non-interative mode
if [ "$FQHOSTNAME" = "" ]; then
# Prefer interface with default route if exists
DEFAULT_ROUTE_INTERFACE=`LANG=C ip route show|perl -e '$_=<>; ( m/^default via.*dev\s+([\w]+)\s.*/ ) && print $1'`
# Fallback to IP of the VM/host
FQHOSTNAME=`LANG=C ip addr show $DEFAULT_ROUTE_INTERFACE| perl -lne '( m#^\s+inet\s+([0-9\.]+)(/\d+)?\s+.*# ) && print $1' | grep -v ^127. | head -n 1`
if [ "$?" != "0" -o "$FQHOSTNAME" = "" ]; then
echo " Can't determine hostname or IP - Network setup failed!"
echo " Check if networking is up and dhcp is working!"
echo " Using 'localhost' as FQHOSTNAME."
FQHOSTNAME="localhost"
fi
USEIP=$FQHOSTNAME
fi
if [[ -z $USEIP ]];then
DOMAINNAME=""
if [[ $FQHOSTNAME =~ '.' ]];then
DOMAINNAME=$(echo $FQHOSTNAME | perl -pe 's/^[\w\-_]*\.(.*)/$1/')
SHORTHOSTNAME=$(echo $FQHOSTNAME | perl -pe 's/^([\w\-_]*)\..*/$1/')
else
SHORTHOSTNAME=$FQHOSTNAME
fi
fi
}
###############################################################################
function generate_proposed_dnsnames {
if [[ ! $FQHOSTNAME ]];then
get_hostname
fi
if [[ $FQHOSTNAME != 'localhost' ]];then
LOCAL_HOST="localhost"
fi
if [[ $FQHOSTNAME == $SHORTHOSTNAME ]];then
DNSNAMES="$SHORTHOSTNAME $LOCAL_HOST"
else
DNSNAMES="$SHORTHOSTNAME $FQHOSTNAME $LOCAL_HOST"
fi
ask "Proposed DNS names: " "$DNSNAMES"
PROPOSED_DNS_NAMES=$rv
}
###############################################################################
function adjust_api_config {
echo "Adjust configuration for this hostname"
# use local host to avoid SSL verification between webui and api
api_options_yml=$apidir/config/options.yml
sed -i 's,^frontend_host: .*,frontend_host: "localhost",' $api_options_yml
sed -i 's,^frontend_port: .*,frontend_port: 443,' $api_options_yml
sed -i 's,^frontend_protocol: .*,frontend_protocol: "'"https"'",' $api_options_yml
sed -i 's,^external_frontend_host: .*,frontend_host: "'"$FQHOSTNAME"'",' $api_options_yml
sed -i 's,^external_frontend_port: .*,frontend_port: 443,' $api_options_yml
sed -i 's,^external_frontend_protocol: .*,frontend_protocol: "'"https"'",' $api_options_yml
}
###############################################################################
function adapt_worker_jobs {
#changed IP means also that leftover jobs are invalid - cope with that
echo "Adapting present worker jobs"
sed -i "s,server=\"http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:5352,server=\"http://$FQHOSTNAME:5352,g" \
$backenddir/jobs/*/* 2> /dev/null
sed -i "s,server=\"http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:5252,server=\"http://$FQHOSTNAME:5252,g" \
$backenddir/jobs/*/* 2> /dev/null
#remove old workers status and idling/building markers
rm -f $backenddir/jobs/*/*status 2> /dev/null
rm -f $backenddir/workers/*/* 2> /dev/null
# create repo directory or apache fails when nothing got published
mkdir -p $backenddir/repos
chown obsrun.obsrun $backenddir/repos
}
###############################################################################
function prepare_database_setup {
cd /srv/www/obs/api
RAILS_ENV=production bin/rails db:migrate:status > /dev/null
if [[ $? > 0 ]];then
echo "Initialize MySQL databases (first time only)"
echo " - reconfiguring /etc/my.cnf"
perl -p -i -e 's#.*datadir\s*=\s*/var/lib/mysql$#datadir= /srv/obs/MySQL#' /etc/my.cnf
echo " - installing to new datadir"
mysql_install_db
echo " - changing ownership for new datadir"
chown mysql:mysql -R /srv/obs/MySQL
echo " - restarting mysql"
systemctl restart mysql
echo " - setting new password for user root in mysql"
mysqladmin -u root password "opensuse"
if [[ $? > 0 ]];then
echo "ERROR: Your mysql setup doesn't fit your rails setup"
echo "Please check your database settings for mysql and rails"
exit 1
fi
RUN_INITIAL_SETUP="true"
fi
RAKE_COMMANDS=""
if [ -n "$RUN_INITIAL_SETUP" ]; then
logline "Initialize OBS api database (first time only)"
cd $apidir
RAKE_COMMANDS="db:create db:setup writeconfiguration"
else
logline "Migrate OBS api database"
cd $apidir
RAKE_COMMANDS="db:migrate:with_data"
echo
fi
logline "Setting ownership of '$backenddir' obsrun"
chown obsrun.obsrun $backenddir
logline "Setting up rails environment"
for cmd in $RAKE_COMMANDS
do
logline " - Doing 'rails $cmd'"
RAILS_ENV=production bin/rails $cmd >> $apidir/log/db_migrate.log
if [[ $? > 0 ]];then
(>&2 echo "Command $cmd FAILED")
exit 1
fi
done
if [ -n "$RUN_INITIAL_SETUP" ]; then
if [[ ! "$SETUP_ONLY" ]];then
`systemctl restart obsscheduler.service`
fi
fi
}
###############################################################################
function add_login_info_to_issue {
cat >> /etc/issue <<EOF
Connect to the web interface via: https://$FQHOSTNAME
Connect to the api interface via: https://$FQHOSTNAME
Browse the build packages via: http://$FQHOSTNAME:82
* "Admin"/"root" user password is "opensuse" by default.
* Connect to the web interface now to finish the OBS setup.
More informations about this appliance are available here:
http://en.opensuse.org/Build_Service/OBS-Appliance
Greetings from the Open Build Service Team
http://www.open-build-service.org
EOF
}
###############################################################################
function network_failure_warning {
echo "OBS appliance could not get setup, no network found" > /srv/www/obs/overview/index.html
cat <<EOF > /etc/issue
*******************************************************************************
** NETWORK SETUP FAILED **
** **
** OBS is not usable. A working DNS resolution for your host is required! **
** You can check this with 'hostname -f'. **
** This often happens in virtualization environments like e.g. VirtualBox. **
** **
** You also could run **
** **
** /usr/lib/obs/server/setup-appliance.sh **
** **
** for interactive configuration **
** **
*******************************************************************************
EOF
}
###############################################################################
function check_server_key {
# reuse signing key even if hostname changed
if [ ! -e $backenddir/certs/server.key ]; then
install -d -m 0700 $backenddir/certs
openssl genrsa -out $backenddir/certs/server.key 1024 2>/dev/null
fi
}
###############################################################################
function import_ca_cert {
# apache has to trust the api ssl certificate
if [ ! -e /etc/ssl/certs/server.${FQHOSTNAME}.crt ]; then
cp $backenddir/certs/server.${FQHOSTNAME}.crt \
/usr/share/pki/trust/anchors/server.${FQHOSTNAME}.pem
update-ca-certificates
fi
}
###############################################################################
function relink_server_cert {
if [[ $DETECTED_CERT_CHANGE == 1 ]];then
CERT_LINK_FILE=$backenddir/certs/server.crt
# check if CERT_LINK_FILE not exists or is symbolic link because we don't
# want to remove real files
if [ ! -e $CERT_LINK_FILE -o -L $CERT_LINK_FILE ];then
# change links for certs according to hostnames
cd $backenddir/certs
rm -f server.crt
ln -sf server.${FQHOSTNAME}.crt server.crt
cd - >/dev/null
fi
fi
}
###############################################################################
function fix_permissions {
cd $apidir
chown -R wwwrun.www $apidir/log
}
###############################################################################
function create_issue_file {
echo "Recreating /etc/issue"
# create base version of /etc/issues
cat > /etc/issue <<EOF
Welcome to Open Build Service(OBS) Appliance $OBSVERSION
based on $OS
EOF
# check if signing packages is enabled, otherwise add warning to /etc/issue
if ! grep -q "^our \$sign =" /usr/lib/obs/server/BSConfig.pm ; then
echo "Adding signing hint to /etc/issue"
cat >> /etc/issue <<EOF
WARNING: **** Package signing is disabled, maybe due to lack of hardware number generator ****
EOF
fi
}
###############################################################################
function create_overview_html {
echo "Creating overview.html"
sed -e "s,___API_URL___,https://$FQHOSTNAME,g" \
-e "s,___REPO_URL___,http://$FQHOSTNAME:82,g" \
/srv/www/obs/overview/overview.html.TEMPLATE > /srv/www/obs/overview/index.html
}
###############################################################################
function ask {
logline $1
if [[ $NON_INTERACTIVE == 1 ]];then
rv=$2
logline "Using default value '$rv' in non-interactive mode"
return
fi
echo "Default: $2"
read rv
if [[ ! $rv ]];then
rv=$2
fi
}
###############################################################################
function check_required_backend_services {
[[ $SETUP_ONLY == 1 ]] && return
REQUIRED_SERVICES="obsrepserver obssrcserver obsscheduler obsdispatcher obspublisher"
for srv in $REQUIRED_SERVICES ;do
ENABLED=`systemctl is-enabled $srv`
ACTIVE=`systemctl is-active $srv`
[[ "$ENABLED" == "enabled" ]] || systemctl enable $srv
[[ "$ACTIVE" == "active" ]] || systemctl start $srv
done
}
###############################################################################
function check_recommended_backend_services {
[[ $SETUP_ONLY == 1 ]] && return
RECOMMENDED_SERVICES="obsdodup obsdeltastore obssigner obssignd obsservicedispatch"
for srv in $RECOMMENDED_SERVICES;do
STATE=$(chkconfig $srv|awk '{print $2}')
if [[ $STATE != on ]];then
ask "Service $srv is not enabled. Would you like to enable it? [Yn]" "y"
case $rv in
y|yes|Y|YES)
systemctl enable $srv
systemctl start $srv
;;
esac
fi
done
}
###############################################################################
function check_optional_backend_services {
DEFAULT_ANSWER="n"
if [[ $ENABLE_OPTIONAL_SERVICES ]];then
DEFAULT_ANSWER="y"
fi
[[ $SETUP_ONLY == 1 ]] && return
OPTIONAL_SERVICES="obswarden obsapisetup obsstoragesetup obsworker obsservice"
for srv in $OPTIONAL_SERVICES;do
STATE=$(chkconfig $srv|awk '{print $2}')
if [[ $STATE != on ]];then
ask "Service $srv is not enabled. Would you like to enable it? [yN]" $DEFAULT_ANSWER
case $rv in
y|yes|Y|YES)
systemctl enable $srv
systemctl start $srv
;;
esac
fi
done
}
###############################################################################
function prepare_apache2 {
[[ $SETUP_ONLY == 1 ]] && return
PACKAGES="apache2 apache2-mod_xforward rubygem-passenger-apache2 memcached"
PKG2INST=""
for pkg in $PACKAGES;do
rpm -q $pkg >/dev/null || PKG2INST="$PKG2INST $pkg"
done
if [[ -n $PKG2INST ]];then
zypper --non-interactive install $PKG2INST >/dev/null
fi
MODULES="passenger rewrite proxy proxy_http xforward headers socache_shmcb"
for mod in $MODULES;do
a2enmod -q $mod || a2enmod $mod
done
FLAGS=SSL
for flag in $FLAGS;do
a2enflag $flag >/dev/null
done
}
###############################################################################
function prepare_passenger {
perl -p -i -e \
's#^(\s*)PassengerRuby "/usr/bin/ruby"#$1\PassengerRuby "/usr/bin/ruby.ruby2.5"#' \
/etc/apache2/conf.d/mod_passenger.conf
}
###############################################################################
function prepare_obssigner {
# Only used if there is a local BSConfig
if [ -e /usr/lib/obs/server/BSConfig.pm ]; then
# signing setup
perl -p -i -e 's,^\s*#\s*our \$gpg_standard_key.*,our \$gpg_standard_key = "/srv/obs/obs-default-gpg.asc";,' /usr/lib/obs/server/BSConfig.pm
perl -p -i -e 's,^\s*#\s*our \$keyfile.*,our \$keyfile = "/srv/obs/obs-default-gpg.asc";,' /usr/lib/obs/server/BSConfig.pm
perl -p -i -e 's,^\s*#\s*our \$sign = .*,our \$sign = "/usr/bin/sign";,' /usr/lib/obs/server/BSConfig.pm
perl -p -i -e 's,^\s*#\s*our \$forceprojectkeys.*,our \$forceprojectkeys = 1;,' /usr/lib/obs/server/BSConfig.pm
chmod 4755 /usr/bin/sign
# create default gpg key if not existing
if [ ! -e "$backenddir"/obs-default-gpg.asc ] && grep -q "^our \$keyfile.*/obs-default-gpg.asc.;$" /usr/lib/obs/server/BSConfig.pm; then
GPG_KEY_CREATED=1
echo -n Generating OBS default GPG key ....
mkdir -p "$backenddir"/gnupg/phrases
chmod -R 0700 "$backenddir"/gnupg
cat >/tmp/obs-gpg.$$ <<EOF
%echo Generating a default OBS instance key
Key-Type: RSA
Key-Length: 2048
Subkey-Type: ELG-E
Subkey-Length: 2048
Name-Real: private OBS
Name-Comment: key without passphrase
Name-Email: defaultkey@localobs
Expire-Date: 0
%no-protection
%commit
%echo done
EOF
gpg2 --homedir $backenddir/gnupg --batch --gen-key /tmp/obs-gpg.$$
gpg2 --homedir $backenddir/gnupg --export -a > "$backenddir"/obs-default-gpg.asc
# empty file just for accepting the key
touch "$backenddir/gnupg/phrases/defaultkey@localobs"
fi
# to update sign.conf also after an appliance update
if [ -e "$backenddir"/obs-default-gpg.asc ] && ! grep -q "^user" /etc/sign.conf; then
# extend signd config
echo "user: defaultkey@localobs" >> /etc/sign.conf
echo "server: 127.0.0.1" >> /etc/sign.conf
echo "allowuser: obsrun" >> /etc/sign.conf
echo "allow: 127.0.0.1" >> /etc/sign.conf
echo "phrases: $backenddir/gnupg/phrases" >> /etc/sign.conf
echo done
rm /tmp/obs-gpg.$$
sed -i 's,^# \(our $sign =.*\),\1,' /usr/lib/obs/server/BSConfig.pm
sed -i 's,^# \(our $forceprojectkeys =.*\),\1,' /usr/lib/obs/server/BSConfig.pm
fi
if [ ! -e "$backenddir"/obs-default-gpg.asc ] ; then
sed -i 's,^\(our $sign =.*\),# \1,' /usr/lib/obs/server/BSConfig.pm
sed -i 's,^\(our $forceprojectkeys =.*\),# \1,' /usr/lib/obs/server/BSConfig.pm
fi
fi
}
###############################################################################
#
# MAIN
#
###############################################################################
export LC_ALL=C
ENABLE_OPTIONAL_SERVICES=0
# package or appliance defaults
if [ -e /etc/sysconfig/obs-server ]; then
source /etc/sysconfig/obs-server
fi
# Set default directories
apidir=/srv/www/obs/api
backenddir=/srv/obs
# Overwrite directory defaults with settings in
# config file /etc/sysconfig/obs-server
if [ -n "$OBS_BASE_DIR" ]; then
backenddir="$OBS_BASE_DIR"
fi
if [[ ! $BOOTSTRAP_TEST_MODE == 1 && $0 != "-bash" ]];then
NON_INTERACTIVE=0
while [[ $1 ]];do
case $1 in
--non-interactive) NON_INTERACTIVE=1;;
--setup-only) SETUP_ONLY=1;;
--enable-optional-services) ENABLE_OPTIONAL_SERVICES=1;;
--force) OBS_API_AUTOSETUP="yes";;
esac
shift
done
if [ "$OBS_API_AUTOSETUP" != "yes" ]; then
echo "OBS API Autosetup is not enabled in sysconfig, skipping!"
exit 0
fi
[[ $HOME == '' ]] && export HOME=/root
# prepare configuration for obssigner before any other backend service
# is started, because obssigner configuration might affect other services
# too
GPG_KEY_CREATED=0
prepare_obssigner
if [[ $GPG_KEY_CREATED == 1 ]];then
pushd .
# avoid systemctl
cd /etc/init.d
./obssrcserver reload
./obsrepserver reload
popd
fi
check_required_backend_services
check_recommended_backend_services
check_optional_backend_services
check_unit mysql.service 1
get_hostname
### In case of the appliance, we never know where we boot up !
OLDFQHOSTNAME="NOTHING"
if [ -e $backenddir/.oldfqhostname ]; then
OLDFQHOSTNAME=`cat $backenddir/.oldfqhostname`
fi
DETECTED_HOSTNAME_CHANGE=0
if [ "$FQHOSTNAME" != "$OLDFQHOSTNAME" ]; then
echo "Appliance hostname changed from $OLDFQHOSTNAME to $FQHOSTNAME !"
DETECTED_HOSTNAME_CHANGE=1
fi
if [[ $DETECTED_HOSTNAME_CHANGE == 1 ]];then
adapt_worker_jobs
adjust_api_config
fi
echo "$FQHOSTNAME" > $backenddir/.oldfqhostname
OBSVERSION=`rpm -q --qf '%{VERSION}' obs-server`
if [ -e /etc/os-release ];then
# execute in subshell to preserve the values of the variables
# $NAME and $VERSION as these are very generic
OS_NAME=`. /etc/os-release;echo $NAME`
OS_VERSION=`. /etc/os-release;echo $VERSION`
OS="$OS_NAME $OS_VERSION"
else
OS="UNKNOWN"
fi
RUN_INITIAL_SETUP=""
prepare_database_setup
check_server_key
generate_proposed_dnsnames
DNS_NAMES="$rv"
DETECTED_CERT_CHANGE=0
check_server_cert
import_ca_cert
relink_server_cert
fix_permissions
prepare_apache2
prepare_passenger
check_unit apache2.service
check_unit memcached.service
# make sure that apache gets restarted after cert change
if [[ $DETECTED_CERT_CHANGE && ! $SETUP_ONLY ]];then
systemctl reload apache2
fi
check_unit obs-api-support.target
create_issue_file
if [ -n "$FQHOSTNAME" ]; then
create_overview_html
add_login_info_to_issue
else
network_failure_warning
fi
exit 0
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment