Last active
April 16, 2019 22:42
-
-
Save adborden/a9a8949b87594f8cfa50d170c9d31cc9 to your computer and use it in GitHub Desktop.
Provisions Ubuntu 18.04 server to automatically build the disclosure database
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -o errexit | |
set -o pipefail | |
set -o nounset | |
set -x | |
# Initialize EBS volume if it is uninitialized | |
if [ grep -q '^/dev/xvdb: data$' ]; then | |
sudo mkfs.ext4 /dev/xvdb | |
echo '/dev/xvdb /var/lib/postgresql ext4 defaults,discard 0 1' >> /etc/fstab | |
mkdir /var/lib/postgresql | |
mount /var/lib/postgresql | |
fi | |
sudo apt-get update && sudo apt-get dist-upgrade | |
# install dev dependencies | |
sudo apt-get install -y \ | |
autoconf \ | |
bison \ | |
build-essential \ | |
curl \ | |
git \ | |
libbz2-dev \ | |
libffi-dev \ | |
libgdbm-dev \ | |
liblzma-dev \ | |
libncurses-dev \ | |
libpq-dev \ | |
libreadline-dev \ | |
libsqlite3-dev \ | |
libssl-dev \ | |
libyaml-dev \ | |
llvm \ | |
postgresql-10 \ | |
python3-pip \ | |
python-openssl \ | |
tk-dev \ | |
unzip \ | |
wget \ | |
xz-utils \ | |
zlib1g-dev | |
# clone pyenv to manage python versions | |
git clone https://github.com/pyenv/pyenv.git ~/.pyenv | |
# clone rbenv to manage ruby versions | |
git clone https://github.com/rbenv/rbenv.git ~/.rbenv | |
mkdir -p ~/.rbenv/plugins | |
git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build | |
# install pipenv to manage virtualenv | |
pip3 install --user pipenv | |
# configure bashrc for pyenv, rbenv, and pipenv | |
cat <<EOF >> ~/.bashrc | |
export EDITOR=/usr/bin/vim | |
export PATH="\$HOME/.local/bin:\$PATH" | |
export PATH="\$HOME/.pyenv/bin:\$PATH" | |
eval "\$(pyenv init -)" | |
export PATH="\$HOME/.rbenv/bin:\$PATH" | |
eval "\$(rbenv init -)" | |
EOF | |
source ~/.bashrc | |
# install new ruby version | |
rbenv install 2.6.2 | |
rbenv shell 2.6.2 | |
gem install pg bundler | |
# install python version | |
pyenv install 3.6.8 | |
# clone disclosure-backend-static and install dependencies | |
git clone https://github.com/caciviclab/disclosure-backend-static.git | |
cd disclosure-backend-static | |
pipenv install -r requirements | |
bundle install | |
# create the build script | |
cat <<EOF > ~/build-disclosure.sh | |
#!/bin/bash | |
set -o errexit | |
set -o pipefail | |
set -o nounset | |
cd disclosure-backend-static | |
# activate the environment and build | |
rbenv shell 2.6.2 | |
pipenv run make clean download import | |
# re-create permissions for read-only user since we drop/create the database on every build | |
psql --set ON_ERROR_STOP=1 disclosure-backend <<SQL | |
GRANT CONNECT ON DATABASE "disclosure-backend" TO disclosure; | |
GRANT SELECT ON ALL TABLES IN SCHEMA public to disclosure; | |
SQL | |
EOF | |
chmod +x ~/build-disclosure.sh | |
# add build script to cron for scheduled builds | |
crontab <<EOF | |
0 10 * * 1 ~/build-disclosure.sh | |
EOF | |
# setup postgresql users, ubuntu for local privileged access. disclosure as read-only user. | |
sudo -u postgres createuser --createdb ubuntu | |
sudo -u postgres createuser --pwprompt disclosure | |
# configure remote access for read-only disclosure user | |
echo 'host disclosure-backend disclosure 0.0.0.0/0 md5' | sudo tee -a /etc/postgresql/10/main/pg_hba.conf | |
echo "listen_addresses = '0.0.0.0'" | sudo tee -a /etc/postgresql/10/main/postgresql.conf | |
sudo systemctl restart postgresql | |
echo ok, you probably want to reboot now |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment