403 lines
12 KiB
Bash
403 lines
12 KiB
Bash
#! /usr/bin/env bash
|
|
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
NC='\033[0m' # No Color
|
|
|
|
PATH_TO_MONARC='/home/vagrant/monarc'
|
|
|
|
APPENV='local'
|
|
ENVIRONMENT='development'
|
|
|
|
# MariaDB database
|
|
DBHOST='localhost'
|
|
DBNAME_COMMON='monarc_common'
|
|
DBNAME_CLI='monarc_cli'
|
|
DBUSER_ADMIN='root'
|
|
DBPASSWORD_ADMIN="root"
|
|
DBUSER_MONARC='sqlmonarcuser'
|
|
DBPASSWORD_MONARC="sqlmonarcuser"
|
|
|
|
# PHP configuration
|
|
upload_max_filesize=200M
|
|
post_max_size=50M
|
|
max_execution_time=100
|
|
max_input_time=223
|
|
memory_limit=512M
|
|
|
|
PHP_INI=/etc/php/8.1/apache2/php.ini
|
|
XDEBUG_CFG=/etc/php/8.1/apache2/conf.d/20-xdebug.ini
|
|
MARIA_DB_CFG=/etc/mysql/mariadb.conf.d/50-server.cnf
|
|
|
|
# Stats service
|
|
STATS_PATH='/home/vagrant/stats-service'
|
|
STATS_HOST='0.0.0.0'
|
|
STATS_PORT='5005'
|
|
STATS_DB_NAME='statsservice'
|
|
STATS_DB_USER='sqlmonarcuser'
|
|
STATS_DB_PASSWORD="sqlmonarcuser"
|
|
STATS_SECRET_KEY="$(openssl rand -hex 32)"
|
|
|
|
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
export LANGUAGE=en_US.UTF-8
|
|
export LANG=en_US.UTF-8
|
|
export LC_ALL=en_US.UTF-8
|
|
sudo -E locale-gen en_US.UTF-8
|
|
sudo -E dpkg-reconfigure locales
|
|
|
|
|
|
echo -e "\n--- Installing now… ---\n"
|
|
|
|
echo -e "\n--- Updating packages list… ---\n"
|
|
sudo apt-get update && sudo apt-get upgrade -y
|
|
|
|
echo -e "\n--- Install base packages… ---\n"
|
|
sudo apt-get -y install vim zip unzip git gettext curl gsfonts > /dev/null
|
|
|
|
echo -e "\n--- Install MariaDB specific packages and settings… ---\n"
|
|
sudo apt -y install mariadb-server mariadb-client
|
|
|
|
# Secure the MariaDB installation (especially by setting a strong root password)
|
|
sudo systemctl restart mariadb.service > /dev/null
|
|
sleep 5
|
|
sudo apt-get -y install expect > /dev/null
|
|
## do we need to spawn mysql_secure_install with sudo in future?
|
|
expect -f - <<-EOF
|
|
set timeout 10
|
|
spawn sudo mysql_secure_installation
|
|
expect "Enter current password for root (enter for none):"
|
|
send -- "\r"
|
|
expect "Set root password?"
|
|
send -- "y\r"
|
|
expect "New password:"
|
|
send -- "${DBPASSWORD_ADMIN}\r"
|
|
expect "Re-enter new password:"
|
|
send -- "${DBPASSWORD_ADMIN}\r"
|
|
expect "Remove anonymous users?"
|
|
send -- "y\r"
|
|
expect "Disallow root login remotely?"
|
|
send -- "y\r"
|
|
expect "Remove test database and access to it?"
|
|
send -- "y\r"
|
|
expect "Reload privilege tables now?"
|
|
send -- "y\r"
|
|
expect eof
|
|
EOF
|
|
sudo apt-get purge -y expect > /dev/null 2>&1
|
|
|
|
echo -e "\n--- Configuring… ---\n"
|
|
sudo sed -i "s/skip-external-locking/#skip-external-locking/g" $MARIA_DB_CFG
|
|
sudo sed -i "s/.*bind-address.*/bind-address = 0.0.0.0/" $MARIA_DB_CFG
|
|
sudo sed -i "s/.*character-set-server.*/character-set-server = utf8mb4/" $MARIA_DB_CFG
|
|
sudo sed -i "s/.*collation-server.*/collation-server = utf8mb4_general_ci/" $MARIA_DB_CFG
|
|
|
|
|
|
echo -e "\n--- Setting up our MariaDB user for MONARC… ---\n"
|
|
sudo mysql -u root -p$DBPASSWORD_ADMIN -e "CREATE USER '$DBUSER_MONARC'@'%' IDENTIFIED BY '$DBPASSWORD_MONARC';"
|
|
sudo mysql -u root -p$DBPASSWORD_ADMIN -e "GRANT ALL PRIVILEGES ON * . * TO '$DBUSER_MONARC'@'%';"
|
|
sudo mysql -u root -p$DBPASSWORD_ADMIN -e "FLUSH PRIVILEGES;"
|
|
sudo systemctl restart mariadb.service > /dev/null
|
|
|
|
echo -e "\n--- Installing Apache… ---\n"
|
|
sudo apt install apache2 -y
|
|
|
|
echo -e "\n--- Installing PHP-specific packages… ---\n"
|
|
sudo apt-get install -y php8.1 php8.1-cli php8.1-common php8.1-mysql php8.1-zip php8.1-gd php8.1-mbstring php8.1-curl php8.1-xml php8.1-bcmath php8.1-intl php8.1-imagic php8.1-xdebug > /dev/null
|
|
|
|
echo -e "\n--- Configuring PHP… ---\n"
|
|
for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
|
|
do
|
|
sudo sed -i "s/^\($key\).*/\1 = $(eval echo \${$key})/" $PHP_INI
|
|
done
|
|
# session expires in 1 week:
|
|
sudo sed -i "s/^\(session\.gc_maxlifetime\).*/\1 = $(eval echo 604800)/" $PHP_INI
|
|
sudo sed -i "s/^\(session\.gc_probability\).*/\1 = $(eval echo 1)/" $PHP_INI
|
|
sudo sed -i "s/^\(session\.gc_divisor\).*/\1 = $(eval echo 1000)/" $PHP_INI
|
|
|
|
echo -e "\n--- Configuring Xdebug for development ---\n"
|
|
sudo bash -c "cat << EOF > $XDEBUG_CFG
|
|
zend_extension=xdebug.so
|
|
xdebug.mode=debug
|
|
xdebug.discover_client_host=1
|
|
xdebug.idekey=IDEKEY
|
|
EOF"
|
|
|
|
echo -e "\n--- Enabling mod-rewrite and ssl… ---\n"
|
|
sudo a2enmod rewrite > /dev/null 2>&1
|
|
sudo a2enmod ssl > /dev/null 2>&1
|
|
sudo a2enmod headers > /dev/null 2>&1
|
|
|
|
echo -e "\n--- Allowing Apache override to all ---\n"
|
|
sudo sed -i "s/AllowOverride None/AllowOverride All/g" /etc/apache2/apache2.conf
|
|
|
|
|
|
echo -e "\n--- Installing composer… ---\n"
|
|
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer > /dev/null 2>&1
|
|
if [ $? -ne 0 ]; then
|
|
echo "\nERROR: unable to install composer\n"
|
|
exit 1;
|
|
fi
|
|
sudo composer self-update
|
|
|
|
echo -e "\n--- Installing MONARC… ---\n"
|
|
cd $PATH_TO_MONARC
|
|
git config core.fileMode false
|
|
|
|
echo -e "\n--- Installing the dependencies… ---\n"
|
|
composer ins
|
|
|
|
|
|
# Make modules symlinks.
|
|
mkdir -p module/Monarc
|
|
cd module/Monarc
|
|
ln -sfn ./../../vendor/monarc/core Core
|
|
ln -sfn ./../../vendor/monarc/frontoffice FrontOffice
|
|
cd $PATH_TO_MONARC
|
|
|
|
|
|
|
|
# Front-end
|
|
echo -e "\n--- Installation of Node, NPM… ---\n"
|
|
curl -sL https://deb.nodesource.com/setup_15.x | sudo bash -
|
|
sudo apt-get install -y nodejs npm
|
|
|
|
mkdir -p node_modules
|
|
cd node_modules
|
|
if [ ! -d "ng_client" ]; then
|
|
git clone --config core.fileMode=false https://github.com/monarc-project/ng-client.git ng_client > /dev/null 2>&1
|
|
fi
|
|
if [ $? -ne 0 ]; then
|
|
echo "\nERROR: unable to clone the ng-client repository\n"
|
|
exit 1;
|
|
fi
|
|
if [ ! -d "ng_anr" ]; then
|
|
git clone --config core.fileMode=false https://github.com/monarc-project/ng-anr.git ng_anr > /dev/null 2>&1
|
|
fi
|
|
if [ $? -ne 0 ]; then
|
|
echo "\nERROR: unable to clone the ng-anr repository\n"
|
|
exit 1;
|
|
fi
|
|
cd ..
|
|
|
|
|
|
|
|
echo -e "\n--- Add a VirtualHost for MONARC ---\n"
|
|
sudo bash -c "cat << EOF > /etc/apache2/sites-enabled/000-default.conf
|
|
<VirtualHost *:80>
|
|
ServerName localhost
|
|
DocumentRoot $PATH_TO_MONARC/public
|
|
|
|
<Directory $PATH_TO_MONARC/public>
|
|
DirectoryIndex index.php
|
|
AllowOverride All
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<IfModule mod_headers.c>
|
|
Header always set X-Content-Type-Options nosniff
|
|
Header always set X-XSS-Protection '1; mode=block'
|
|
Header always set X-Robots-Tag none
|
|
Header always set X-Frame-Options SAMEORIGIN
|
|
</IfModule>
|
|
|
|
SetEnv APP_ENV $ENVIRONMENT
|
|
SetEnv APP_DIR $PATH_TO_MONARC
|
|
</VirtualHost>
|
|
EOF"
|
|
echo -e "\n--- Restarting Apache… ---\n"
|
|
sudo systemctl restart apache2.service > /dev/null
|
|
|
|
|
|
|
|
echo -e "\n--- Installing the stats service… ---\n"
|
|
sudo apt-get -y install postgresql python3 python3-pip python3-venv
|
|
sudo -u postgres psql -c "CREATE USER $STATS_DB_USER WITH PASSWORD '$STATS_DB_PASSWORD';"
|
|
sudo -u postgres psql -c "ALTER USER $STATS_DB_USER WITH SUPERUSER;"
|
|
|
|
cd ~
|
|
curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python
|
|
echo 'export PATH="$PATH:$HOME/.poetry/bin"' >> ~/.bashrc
|
|
echo 'export FLASK_APP=runserver.py' >> ~/.bashrc
|
|
echo 'export STATS_CONFIG=production.py' >> ~/.bashrc
|
|
source ~/.bashrc
|
|
source $HOME/.poetry/env
|
|
|
|
git clone https://github.com/monarc-project/stats-service $STATS_PATH
|
|
cd $STATS_PATH
|
|
npm ci
|
|
poetry install --no-dev
|
|
|
|
bash -c "cat << EOF > $STATS_PATH/instance/production.py
|
|
HOST = '$STATS_HOST'
|
|
PORT = $STATS_PORT
|
|
DEBUG = False
|
|
TESTING = False
|
|
INSTANCE_URL = 'http://127.0.0.1:$STATS_PORT'
|
|
|
|
ADMIN_EMAIL = 'info@cases.lu'
|
|
ADMIN_URL = 'https://www.cases.lu'
|
|
|
|
REMOTE_STATS_SERVER = 'https://dashboard.monarc.lu'
|
|
|
|
DB_CONFIG_DICT = {
|
|
'user': '$STATS_DB_USER',
|
|
'password': '$STATS_DB_PASSWORD',
|
|
'host': 'localhost',
|
|
'port': 5432,
|
|
}
|
|
DATABASE_NAME = '$STATS_DB_NAME'
|
|
SQLALCHEMY_DATABASE_URI = 'postgresql://{user}:{password}@{host}:{port}/{name}'.format(
|
|
name=DATABASE_NAME, **DB_CONFIG_DICT
|
|
)
|
|
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
|
|
|
SECRET_KEY = '$STATS_SECRET_KEY'
|
|
|
|
LOG_PATH = './var/stats.log'
|
|
|
|
MOSP_URL = 'https://objects.monarc.lu'
|
|
EOF"
|
|
|
|
export FLASK_APP=runserver.py
|
|
export STATS_CONFIG=production.py
|
|
|
|
FLASK_APP=runserver.py poetry run flask db_create
|
|
FLASK_APP=runserver.py poetry run flask db_init
|
|
FLASK_APP=runserver.py poetry run flask client_create --name ADMIN --role admin
|
|
|
|
|
|
sudo bash -c "cat << EOF > /etc/systemd/system/statsservice.service
|
|
[Unit]
|
|
Description=MONARC Stats service
|
|
After=network.target
|
|
|
|
[Service]
|
|
User=vagrant
|
|
Environment=LANG=en_US.UTF-8
|
|
Environment=LC_ALL=en_US.UTF-8
|
|
Environment=FLASK_APP=runserver.py
|
|
Environment=FLASK_ENV=production
|
|
Environment=STATS_CONFIG=production.py
|
|
Environment=FLASK_RUN_HOST=$STATS_HOST
|
|
Environment=FLASK_RUN_PORT=$STATS_PORT
|
|
WorkingDirectory=$STATS_PATH
|
|
ExecStart=/home/vagrant/.poetry/bin/poetry run flask run
|
|
Restart=always
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF"
|
|
|
|
sudo systemctl daemon-reload > /dev/null
|
|
sleep 1
|
|
sudo systemctl enable statsservice.service > /dev/null
|
|
sleep 3
|
|
sudo systemctl restart statsservice > /dev/null
|
|
#systemctl status statsservice.service
|
|
|
|
# Create a new client and set the apiKey.
|
|
cd $STATS_PATH ; apiKey=$(poetry run flask client_create --name admin_localhost | sed -nr 's/Token: (.*)$/\1/p')
|
|
cd $PATH_TO_MONARC
|
|
|
|
|
|
echo -e "\n--- Configuration of MONARC database connection ---\n"
|
|
cat > config/autoload/local.php <<EOF
|
|
<?php
|
|
\$appdir = getenv('APP_DIR') ? getenv('APP_DIR') : '$PATH_TO_MONARC';
|
|
\$string = file_get_contents(\$appdir.'/package.json');
|
|
if(\$string === FALSE) {
|
|
\$string = file_get_contents('./package.json');
|
|
}
|
|
\$package_json = json_decode(\$string, true);
|
|
|
|
return [
|
|
'doctrine' => [
|
|
'connection' => [
|
|
'orm_default' => [
|
|
'params' => [
|
|
'host' => '$DBHOST',
|
|
'user' => '$DBUSER_MONARC',
|
|
'password' => '$DBPASSWORD_MONARC',
|
|
'dbname' => '$DBNAME_COMMON',
|
|
],
|
|
],
|
|
'orm_cli' => [
|
|
'params' => [
|
|
'host' => '$DBHOST',
|
|
'user' => '$DBUSER_MONARC',
|
|
'password' => '$DBPASSWORD_MONARC',
|
|
'dbname' => '$DBNAME_CLI',
|
|
],
|
|
],
|
|
],
|
|
],
|
|
|
|
'activeLanguages' => array('fr','en','de','nl','es','ro','it','ja','pl','pt','ru','zh'),
|
|
|
|
'appVersion' => \$package_json['version'],
|
|
|
|
'checkVersion' => false,
|
|
'appCheckingURL' => 'https://version.monarc.lu/check/MONARC',
|
|
|
|
'email' => [
|
|
'name' => 'MONARC',
|
|
'from' => 'info@monarc.lu',
|
|
],
|
|
|
|
'mospApiUrl' => 'https://objects.monarc.lu/api/',
|
|
|
|
'monarc' => [
|
|
'ttl' => 60, // timeout
|
|
'salt' => '', // private salt for password encryption
|
|
],
|
|
|
|
'statsApi' => [
|
|
'baseUrl' => 'http://127.0.0.1:$STATS_PORT',
|
|
'apiKey' => '$apiKey',
|
|
],
|
|
|
|
'import' => [
|
|
'uploadFolder' => '$appdir/data/import/files',
|
|
'isBackgroundProcessActive' => false,
|
|
],
|
|
];
|
|
EOF
|
|
|
|
|
|
echo -e "\n--- Creation of the data bases… ---\n"
|
|
mysql -u $DBUSER_MONARC -p$DBPASSWORD_MONARC -e "CREATE DATABASE monarc_cli DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" > /dev/null
|
|
mysql -u $DBUSER_MONARC -p$DBPASSWORD_MONARC -e "CREATE DATABASE monarc_common DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" > /dev/null
|
|
echo -e "\n--- Populating MONARC DB… ---\n"
|
|
mysql -u $DBUSER_MONARC -p$DBPASSWORD_MONARC monarc_common < db-bootstrap/monarc_structure.sql > /dev/null
|
|
mysql -u $DBUSER_MONARC -p$DBPASSWORD_MONARC monarc_common < db-bootstrap/monarc_data.sql > /dev/null
|
|
|
|
|
|
echo -e "\n--- Creating cache folders for backend… ---\n"
|
|
mkdir -p $PATH_TO_MONARC/data/cache
|
|
mkdir -p $PATH_TO_MONARC/data/LazyServices/Proxy
|
|
mkdir -p $PATH_TO_MONARC/data/DoctrineORMModule/Proxy
|
|
|
|
|
|
echo -e "\n--- Adjusting user mod… ---\n"
|
|
sudo usermod -aG www-data vagrant
|
|
sudo usermod -aG vagrant www-data
|
|
|
|
|
|
echo -e "\n--- Update the project… ---\n"
|
|
sudo chown -R $USER:$(id -gn $USER) /home/vagrant/.config
|
|
sudo npm install -g grunt-cli
|
|
./scripts/update-all.sh -d
|
|
|
|
|
|
echo -e "\n--- Create initial user and client ---\n"
|
|
php ./bin/phinx seed:run -c ./module/Monarc/FrontOffice/migrations/phinx.php
|
|
|
|
|
|
echo -e "\n--- Restarting Apache… ---\n"
|
|
sudo systemctl restart apache2.service > /dev/null
|
|
|
|
|
|
echo -e "MONARC is ready and available at http://127.0.0.1:5001"
|
|
echo -e "Stats service is ready and available at http://127.0.0.1:$STATS_PORT"
|