Select Git revision
install-centos.sh
install-centos.sh 32.68 KiB
#!/bin/bash
#!/bin/sh
#
# This script installs all dependencies for Firewall-on-Demand running in Python3
# with Celery, Redis, and sqlite.
#
SCRIPT_NAME="install-centos.sh"
#############################################################################
#############################################################################
# allow for easy clean-slate installation
if [ "$1" = "--git-checkout" ]; then
shift 1
gitrepo="$1"
shift 1
git_branch="$1"
shift 1
git_checkout_dir="$1"
shift 1
[ -n "$gitrepo" ] || gitrepo="https://github.com/GEANT/FOD"
[ -n "$git_branch" ] || git_branch="python3"
echo "$0: git-checkout: gitrepo=$gitrepo git_branch="$git_branch" git_checkout_dir=$git_checkout_dir" 1>&2
##
set -e
set -x
git_checkout_dir_parentdir="$(dirname "$git_checkout_dir")"
mkdir -p "$git_checkout_dir_parentdir"
git clone "$gitrepo" "$git_checkout_dir"
cd "$git_checkout_dir"
git checkout "refs/remotes/origin/$git_branch"
git checkout -b "$git_branch"
exec "./$SCRIPT_NAME" "$@"
fi
#############################################################################
#############################################################################
fod_dir="/srv/flowspy"
venv_dir="/srv/venv"
FOD_SYSUSER="fod"
FOD_SYSGROUP="fod"
inside_docker=0
install_default_used=1
#install_basesw_os=1
install_basesw_os=0
#install_basesw_python=1
install_basesw_python=0
#install_basesw_python=1
install_fodproper=0
install_with_supervisord=0
install_systemd_services=0
install_systemd_services__onlyinstall=0
ensure_installed_pythonenv_wrapper=1
try_install_docu=0 # mkdocs not available
# workaround for old Django with old OS sqlite3 (CENTOS7 only):
try_fixup_for_old_os_sqlite=1
use_old_django_version__autodetect=1
#
use__database_schema_migrate__fake_initial=0
#
#
setup_adminuser=0
setup_adminuser__username="admin"
setup_adminuser__pwd="admin"
#setup_adminuser__email="admin@localhost"
setup_adminuser__peer_name="testpeer"
setup_adminuser__peer_ip_prefix1="0.0.0.0/0"
#
setup_testrule=0
setup_testrule_appliername="$setup_adminuser__username"
setup_testrule_name_prefix="testrule1"
setup_testrule_source_prefix="0.0.0.0/0"
setup_testrule_destination_prefix="127.0.0.1/32"
setup_testrule_IPprotocolId=1 # ICMP
#
setup_netconf=0
setup_netconf__device=
setup_netconf__port=830
setup_netconf__user="netconf"
setup_netconf__pass="netconf"
#
setup_exabgp=0
setup_exabgp_full=0
setup_exabgp__nodeid=1.1.1.1
setup_exabgp__ip_addr=127.0.0.1
setup_exabgp__asnr=1234
setup_exabgp__peer_nodeid=2.2.2.2
setup_exabgp__peer_ip_addr=127.0.0.2
setup_exabgp__peer_asnr=2345
#
ifc_setup__name=""
ifc_setup__ip_addr_and_subnetmask=""
ifc_setup__wait_for_ifc__in_runfod=0
#
findfix_file_permissions=1
##############################################################################
##############################################################################
function debug_python_deps()
{
venv_file="$1"
exit_code="$2"
echo "debug_python_deps(): venv_file=$venv_file exit_code=$exit_code" 1>&2
[ -z "$venv_file" ] || . "$venv_file"
export 1>&2
echo 1>&2
echo "# Python version: " 1>&2
python --version
ls -l log/ 1>&2
echo 1>&2
echo "# Python dependencies: " 1>&2
pip list
echo "# End of Python dependencies" 1>&2
[ -z "$exit_code" ] || exit "$exit_code"
}
function fix_permission_in_dir()
{
user="$1" # user for test accessing
shift 1
group="$1" # used in fixing with chgrp + chmod +rx for dirs +r for other files
shift 1
dir="$1"
shift 1
echo "fix_permission_in_dir on dir '$dir'" 1>&2
set --
(set +e
export MYUSER2="$user"
export MYGROUP2="$group"
find "$dir" -print0 | xargs -0 sh -c 'sudo -u "$MYUSER2" find "$@" -maxdepth 0 \( -type d -not -readable -not -executable \) -print0' -- | xargs -0 sh -c '[ $# -gt 0 ] || exit; chgrp -v "$MYGROUP2" "$@"; chmod -v g+rx "$@";' --
#find "$dir" -print0 | xargs -0 sh -c 'sudo -u "$MYUSER2" find "$@" -maxdepth 0 -not -readable -print0' -- | xargs -0 sh -c '[ $# -gt 0 ] || exit; chgrp -v "$MYGROUP2" "$@"; chmod -v g+r "$@";' --
find "$dir" -print0 | xargs -0 sh -c 'sudo -u "$MYUSER2" find "$@" -maxdepth 0 -type f -not -readable -print0' -- | xargs -0 sh -c '[ $# -gt 0 ] || exit; chgrp -v "$MYGROUP2" "$@"; chmod -v g+r "$@";' --
true
)
}
##
##############################################################################
##############################################################################
if [ -e "/.dockerenv" ]; then
echo "running inside docker assummed" 1>&2
inside_docker=1
fi
if grep -q -E '^systemd$' /proc/1/comm; then
echo "system is running systemd as init process, setting default install_systemd_services=1" 1>&2
install_systemd_services=1
install_systemd_services__onlyinstall=0
elif [ "$inside_docker" = 1 ]; then
echo "inside_docker=$inside_docker, so setting default install_systemd_services=0" 1>&2
install_systemd_services=0
install_systemd_services__onlyinstall=1
#install_with_supervisord=1
fi
##############################################################################
##############################################################################
while [ $# -gt 0 ]; do
if [ $# -ge 1 -a "$1" = "--here" ]; then
shift 1
fod_dir="$PWD"
venv_dir="$PWD/venv"
elif [ $# -ge 1 -a "$1" = "--here__with_venv_relative" ]; then
shift 1
fod_dir="$PWD"
venv_dir="$PWD/../venv"
elif [ $# -ge 1 -a "$1" = "--base_dir" ]; then
shift 1
base_dir="$1"
shift 1
fod_dir="$base_dir/flowspy"
venv_dir="$base_dir/venv"
elif [ $# -ge 1 -a "$1" = "--fod_dir" ]; then
shift 1
fod_dir="$1"
shift 1
elif [ $# -ge 1 -a "$1" = "--venv_dir" ]; then
shift 1
venv_dir="$1"
shift 1
elif [ $# -ge 1 -a "$1" = "--both" ]; then
shift 1
install_default_used=0
install_basesw_os=1
install_basesw_python=1
install_fodproper=1
elif [ $# -ge 1 -a "$1" = "--basesw" ]; then
shift 1
install_default_used=0
install_basesw_os=1
install_basesw_python=1
#install_fodproper=0
elif [ $# -ge 1 -a "$1" = "--basesw_os" ]; then
shift 1
install_default_used=0
install_basesw_os=1
#install_basesw_python=0
#install_fodproper=0
elif [ $# -ge 1 -a "$1" = "--basesw_python" ]; then
shift 1
install_default_used=0
#install_basesw_os=0
install_basesw_python=1
#install_fodproper=0
elif [ $# -ge 1 -a "$1" = "--fodproper" ]; then
shift 1
install_default_used=0
#install_basesw_os=0
install_basesw_python=1
install_fodproper=1
elif [ $# -ge 1 -a "$1" = "--fodproper1" ]; then
shift 1
install_default_used=0
#install_basesw_os=0
#install_basesw_python=0
install_fodproper=1
elif [ $# -ge 1 -a \( "$1" = "--supervisor" -o "$1" = "--supervisord" \) ]; then
shift 1
install_with_supervisord=1
install_systemd_services=0
elif [ $# -ge 1 -a \( "$1" = "--no_supervisor" -o "$1" = "--no_supervisord" \) ]; then
shift 1
install_with_supervisord=0
elif [ $# -ge 1 -a "$1" = "--systemd" ]; then
shift 1
install_systemd_services=1
elif [ $# -ge 1 -a "$1" = "--systemd_only_install" ]; then
shift 1
install_systemd_services__onlyinstall=1
elif [ $# -ge 1 -a "$1" = "--systemd_check_start" ]; then
shift 1
install_systemd_services__onlyinstall=0
elif [ $# -ge 1 -a "$1" = "--no_systemd" ]; then
shift 1
install_systemd_services=0
elif [ $# -ge 1 -a "$1" = "--fix_permissions" ]; then
shift 1
findfix_file_permissions=1
elif [ $# -ge 1 -a "$1" = "--db_schema_migrate__fake_initial" ]; then
shift 1
db_schema_migrate__fake_initial=1
elif [ $# -ge 1 -a "$1" = "--setup_admin_user" ]; then
shift 1
setup_adminuser=1
elif [ $# -ge 1 -a "$1" = "--setup_admin_user5" ]; then
shift 1
setup_adminuser=1
setup_adminuser__username="$1"
shift 1
setup_adminuser__pwd="$1"
shift 1
setup_adminuser__email="$1"
shift 1
setup_adminuser__peer_name="$1"
shift 1
setup_adminuser__peer_ip_prefix1="$1"
shift 1
elif [ $# -ge 1 -a "$1" = "--setup_test_rule" ]; then
shift 1
setup_testrule=1
elif [ $# -ge 1 -a "$1" = "--setup_test_rule5" ]; then
shift 1
setup_testrule=1
setup_testrule_name_prefix="$1"
shift 1
setup_testrule_source_prefix="$1"
shift 1
setup_testrule_destination_prefix="$1"
shift 1
setup_testrule_IPprotocolId="$1"
shift 1
setup_testrule_appliername="$1"
shift 1
elif [ $# -ge 1 -a "$1" = "--netconf" ]; then
shift 1
setup_netconf=1
setup_netconf__device="$1"
shift 1
setup_netconf__port="$1"
shift 1
setup_netconf__user="$1"
shift 1
setup_netconf__pass="$1"
shift 1
elif [ $# -ge 1 -a "$1" = "--exabgp0" ]; then
shift 1
setup_exabgp=1
shift 1
setup_exabgp_full=0
elif [ $# -ge 1 -a "$1" = "--exabgp" ]; then # currently 6 params follow
shift 1
setup_exabgp=1
setup_exabgp_full=1
setup_exabgp__nodeid="$1"
shift 1
setup_exabgp__ip_addr="$1"
shift 1
setup_exabgp__asnr="$1"
shift 1
setup_exabgp__peer_nodeid="$1"
shift 1
setup_exabgp__peer_ip_addr="$1"
shift 1
setup_exabgp__peer_asnr="$1"
shift 1
elif [ $# -ge 1 -a "$1" = "--ip-addr-set" ]; then # for easy support for of extra veth-pair end point init in containers for containerlab
shift 1
ifc_setup__name="$1"
shift 1
ifc_setup__ip_addr_and_subnetmask="$1"
shift 1
ifc_setup__wait_for_ifc__in_runfod="$1"
shift 1
echo "$0: init of interface $ifc_setup__name with ip_addr_and_subnetmask=$ifc_setup__ip_addr_and_subnetmask" 1>&2
ifconfig "$ifc_setup__name" "$ifc_setup__ip_addr_and_subnetmask"
ifconfig "$ifc_setup__name" 1>&2
else
break
fi
done
if [ $# -gt 0 ]; then
echo "remaining unprocessed arguments: $*, aborting" 1>&2
exit 2
fi
##
#set -x
##
if [ "$install_default_used" = 1 ]; then
install_basesw_os=1
install_basesw_python=1
install_fodproper=1
fi
echo "$0: install_default_used=$install_default_used ; install_basesw_os=$install_basesw_os install_basesw_python=$install_basesw_python install_fodproper=$install_fodproper" 1>&2
[ -n "$setup_adminuser__email" ] || setup_adminuser__email="$setup_adminuser__username@localhost"
##
venv_dir_base="$(dirname "$venv_dir")"
echo "$0: venv_dir=$venv_dir => venv_dir_base=$venv_dir_base" 1>&2
ls -dla "$venv_dir" "$venv_dir_base" 1>&2
##
static_dir="$fod_dir/static"
inst_dir="$(dirname "$0")"
mkdir -p "$fod_dir" || exit
if [ "$(stat -Lc "%i" "$inst_dir/" "$fod_dir/" | sort -n -k 1 -u | wc -l)" = "1" ]; then
inst_dir_is_fod_dir=1
else
inst_dir_is_fod_dir=0
fi
echo "$0: inst_dir=$inst_dir fod_dir=$fod_dir => inst_dir_is_fod_dir=$inst_dir_is_fod_dir venv_dir=$venv_dir static_dir=$static_dir" 1>&2
#exit
#############################################################################
#############################################################################
if [ "$install_basesw_os" = 1 ]; then
# requires ./install-centos-fixcentos-sqlite.sh in case of CENTOS7
echo "$0: step 1: installing base software dependencies (OS packages)" 1>&2
set -e
echo "Installing epel repo"
rpm -Uh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
echo "Installing remi repo"
yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
echo "Installing base dependencies"
yum -y install python36 python3-setuptools python36-virtualenv vim git gcc libevent-devel libxml2-devel libxslt-devel mariadb-server mysql-devel patch yum-utils sudo
echo "Installing redis"
# Installation of redis from remi RPM repository
yum-config-manager --enable remi
yum -q -y install redis
##
if [ "$try_fixup_for_old_os_sqlite" = 1 -a "$inside_docker" = 1 ]; then # only do try this fix inside docker env
if ! type -p sqlite3; then
echo "$0: sqlite3 not found, installing it" 1>&2
yum install -y sqlite3
fi
if [ "$try_fixup_for_old_os_sqlite" = 1 -a "$inside_docker" = 1 ]; then # only do try this fix inside docker env
. "./install-centos-fixcentos-sqlite.sh" "$fod_dir"
fi
fi
set +e
echo "$0: step 1 done" 1>&2
fi
##
if [ "$install_systemd_services" = 0 -a "$install_with_supervisord" = 1 ]; then
echo "trying to install supervisord" 1>&2
yum install -y supervisor
fi
##
echo "$0: step 1a: handling sqlite3 too old fixup post actions" 1>&2 # only needed for CENTOS
assume__sqlite_version__to_old=1
if [ "$use_old_django_version__autodetect" = 1 ]; then
sqlite_version="$(sqlite3 -version)"
if [ "$sqlite_version" != "${sqlite_version#3.7.}" ]; then
echo "$0: sqlite_version=$sqlite_version is too old, will use old Django version" 1>&2
assume__sqlite_version__to_old=1
else
echo "$0: sqlite_version=$sqlite_version is recent enough to use newer Django and dependencies" 1>&2
assume__sqlite_version__to_old=0
fi
fi
##
python_version="$(python3 --version | cut -d ' ' -f 2,2)"
if [ "$assume__sqlite_version__to_old" = 1 ]; then
echo "$0: assume__sqlite_version__to_old=$assume__sqlite_version__to_old => using requirements-centos.txt" 1>&2
cp "$fod_dir/requirements-centos.txt" "$fod_dir/requirements.txt"
elif [ -e "$fod_dir/requirements.txt.python$python_version" ]; then
echo "$0: using python version specific $fod_dir/requirements.txt.python$python_version" 1>&2
cp "$fod_dir/requirements.txt.python$python_version" "$fod_dir/requirements.txt"
else
echo "$0: using $fod_dir/requirements.txt" 1>&2
fi
echo "$0: step 1b: preparing database system" 1>&2
#############################################################################
#############################################################################
# grep -B 100000 '#step2' install-centos.sh > install-centos-step1.sh
#step2
if [ "$install_fodproper" = 0 -a "$install_basesw_python" = 1 ]; then
echo "$0: step 2a: installing Python dependencies only" 1>&2
set -e
echo "Setup partial python environment for FoD"
[ ! -f "fodenv.sh" ] || source "./fodenv.sh"
if [ "$findfix_file_permissions" = 0 ]; then
echo "preparing venv_dir $venv_dir permissions for user $FOD_SYSUSER" 1>&2
id "$FOD_SYSUSER" &>/dev/null || useradd -m "$FOD_SYSUSER"
mkdir -p "$venv_dir"
#find "$venv_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true
#find "$venv_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$venv_dir" || true
fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$venv_dir/"
chown "$FOD_SYSUSER:$FOD_SYSGROUP" "$venv_dir"
chmod og+rxs "$venv_dir"
fi
(ls -dla "$venv_dir" 1>&2 || true)
if [ -x pyvenv ]; then
#pyvenv /srv/venv
pyvenv "$venv_dir"
else
#virtualenv-3 /srv/venv
virtualenv-3 "$venv_dir"
fi
ln -sf "$venv_dir" "$fod_dir/venv"
ls -dla "$venv_dir" "$fod_dir/venv" 1>&2
#source /srv/venv/bin/activate
source "$venv_dir/bin/activate"
export 1>&2
##
# fix for broken anyjson and cl
# TODO: fix this more cleanly
pip install 'setuptools<58'
# if [ "$assume__sqlite_version__to_old" = 1 ]; then
#
# # fix for broken anyjson and cl
# # TODO: fix this more cleanly
# #pip install 'setuptools<58'
#
# echo "$0: assume__sqlite_version__to_old=$assume__sqlite_version__to_old => using requirements-centos.txt" 1>&2
#
# cp "$fod_dir/requirements-centos.txt" "$fod_dir/requirements.txt"
# else
#
# python_version="$(python3 --version | cut -d ' ' -f 1,1)"
# if [ -e "$fod_dir/requirements.txt.$python_version" ]; then
# echo "$0: using python version specific $fod_dir/requirements.txt.$python_version" 1>&2
# cp "$fod_dir/requirements.txt.$python_version" "$fod_dir/requirements.txt"
# fi
#
# fi
(cd "$fod_dir" && pip install -r requirements.txt)
echo "$0: step 2a done" 1>&2
fi
# grep -B 100000 '#step3' install-centos.sh > install-centos-step2.sh
#step3
if [ "$install_fodproper" = 1 ]; then
echo "$0: step 2: installing FoD in installation dir + ensuring Python dependencies are installed + setting-up FoD settings, database preparations, and FoD run-time environment" 1>&2
set -e
echo "$0: step 2.0" 1>&2
id "$FOD_SYSUSER" &>/dev/null || useradd -m "$FOD_SYSUSER"
mkdir -p /var/log/fod "$venv_dir_base"
##
echo "Setup python environment for FoD"
(ls -dla "$venv_dir" "$fod_dir/venv" "$venv_dir_base" 1>&2 || false)
if [ "$findfix_file_permissions" = 0 ]; then
echo "preparing venv_dir $venv_dir permissions for user $FOD_SYSUSER" 1>&2
mkdir -p "$venv_dir"
#find "$venv_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true
#find "$venv_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$venv_dir"
fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$venv_dir/"
chown "$FOD_SYSUSER:$FOD_SYSUSER" "$venv_dir"
chmod og+rxs "$venv_dir"
fi
[ ! -f "fodenv.sh" ] || source "./fodenv.sh"
if [ -x pyvenv ]; then
echo "using pyvenv" 1>&2
pyvenv "$venv_dir"
else
echo "using virtualenv-3" 1>&2
virtualenv-3 "$venv_dir"
fi
ln -sf "$venv_dir" "$fod_dir/venv"
ls -dla "$venv_dir" "$fod_dir/venv" 1>&2
(
set +e
source "$venv_dir/bin/activate"
export 1>&2
##
#mkdir -p /srv/flowspy/log/
mkdir -p "$fod_dir/log/"
if true; then
echo "$0: step 2.1: coyping from source dir to installation dir $fod_dir" 1>&2
MYSELF="$(basename "$0")"
DIRNAME="$(dirname "$0")"
# Select source dir and copy FoD into /srv/flowspy/
if [ "$MYSELF" = "$SCRIPT_NAME" ]; then # if started as main script, e.g., in Docker or on OS-installation
# this script is in the source directory
#cp -f -r "`dirname $0`"/* /srv/flowspy/
#cp -f -r "$DIRNAME"/* "$fod_dir"
cp -f -r "$inst_dir"/* "$fod_dir"
elif [ -e /vagrant ]; then # running in vagrant with /vagrant available
# vagrant's copy in /vagrant/
#cp -f -r /vagrant/* /srv/flowspy/
cp -f -r /vagrant/* "$fod_dir"
elif [ -e "$SCRIPT_NAME" ]; then # running in vagrant with script current dir == install dir
# current directory is with the sourcecode
#cp -f -r ./* /srv/flowspy/
cp -f -r ./* "$fod_dir"
else
echo "Could not find FoD src directory tried $DIRNAME, /vagrant/, ./"
exit 1
fi
fi
if [ "$findfix_file_permissions" = 1 ]; then
echo "$0: step 2.1a: fixing permissions" 1>&2
#find "$fod_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true
fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$fod_dir/"
fi
###
set -e
echo "$0: step 2.2: setting-up FoD settings" 1>&2
#cd /srv/flowspy/
cd "$fod_dir"
(
cd flowspy # jump into settings subdir flowspy
if [ "$inside_docker" = 1 -a -e settings.py.centos.docker ]; then # user has own centos-specific settings prepared yet ?
cp -f settings.py.centos.docker settings.py
elif [ -e settings.py.centos ]; then # user has own centos-specific settings prepared yet ?
cp -f settings.py.centos settings.py
elif [ "$inside_docker" = 1 -a -e settings.py.docker ]; then # user has own settings prepared yet ?
cp -f settings.py.docker settings.py
elif [ -e settings.py ]; then # user has prepared a generic settings yet ?
: # nothing todo
else # prepare a settings.py from git repo's settings.py.dist/settings.py.centos.dist + settings.py.patch
if [ "$assume__sqlite_version__to_old" = 1 ]; then
echo "$0: assume__sqlite_version__to_old=$assume__sqlite_version__to_old using settings.py.centos.dist" 1>&2
cp -f settings.py.centos.dist settings.py
else
cp -f settings.py.dist settings.py
fi
patch settings.py < settings.py.patch
sed -i "s#/srv/flowspy#$fod_dir#" "settings.py"
fi
)
if [ ! -e "flowspy/settings_local.py" ]; then
touch flowspy/settings_local.py
fi
if [ "$install_basesw_python" = 1 ]; then
echo "$0: step 2.3: ensuring Python dependencies are installed" 1>&2
if [ "$install_basesw_python" = 1 ]; then #are we running in --both mode, i.e. for the venv init is run for the first time, i.e. the problematic package having issues with to new setuptools is not yet installed?
# fix for broken anyjson and cl
# TODO: fix this more cleanly
pip install 'setuptools<58'
fi
# actual proper installation of python requirements
pip install -r requirements.txt
fi
##
echo "$0: step 2.3.1: preparing log sub dirs" 1>&2
mkdir -p "$fod_dir/log" "$fod_dir/logs"
touch "$fod_dir/debug.log"
chown -R "$FOD_SYSUSER:" "$fod_dir/log" "$fod_dir/logs" "$fod_dir/debug.log"
##
#if [ "$try_install_docu" = 1 ]; then
# echo "$0: step 2.3.2: compiling internal docu" 1>&2
# echo "trying to install mkdocs-based documentation" 1>&2
# (
# set -e
# which mkdocs 2>/dev/null >/dev/null || yum install -y mkdocs
# cd "$fod_dir" && mkdocs build # ./mkdocs.yml
# #find "$fod_dir/static/site" -not -user "$FOD_SYSUSER" -exec chown "$FOD_SYSUSER:" {} \; # is depending on ./mkdocs.yml var site_dir
# find "$fod_dir/static/site" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" {} \; # is depending on ./mkdocs.yml var site_dir
# true # in case of failure override failure status, as the documentation is non-essential
# )
#fi
##
echo "$0: step 2.4: preparing FoD static files and database" 1>&2
echo "$0: step 2.4.1: preparing FoD static files" 1>&2
#mkdir -p /srv/flowspy/static/
mkdir -p "$static_dir"
(
set -e
[ ! -f "fodenv.sh" ] || source "./fodenv.sh"
cd "$fod_dir"
if false && type -p sudo 2>/dev/null; then
sudo --preserve-env=LD_LIBRARY_PATH,PATH -E -u "$FOD_SYSUSER" ./manage.py collectstatic -c --noinput || debug_python_deps "$venv_dir/bin/activate" 1
else
./manage.py collectstatic -c --noinput || debug_python_deps "$venv_dir/bin/activate" 1
fi
#find "$fod_dir/staticfiles" -not -user "$FOD_SYSUSER" -exec chown "$FOD_SYSUSER:" {} \; || true # TODO is depending on flowspy/settings*.py var STATIC_ROOT
#find "$fod_dir/staticfiles" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" "$fod_dir/staticfiles" # is depending on ./mkdocs.yml var site_dir
fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$fod_dir/staticfiles"
)
##
echo "$0: step 2.4.2.0: preparing DB and DB access" 1>&2
echo "$0: step 2.4.2.0: preparing FoD DB schema and basic data" 1>&2
echo "deploying/updating database schema" 1>&2
(
set -e
[ ! -f "fodenv.sh" ] || source "./fodenv.sh"
cd "$fod_dir"
#./manage.py syncdb --noinput
#which sqlite3
#sqlite3 -version
#source "$venv_dir/bin/activate"
add1=()
if [ "$db_schema_migrate__fake_initial" = 1 ]; then
echo "using --fake-initial" 1>&2
add1=("--fake-initial")
fi
./manage.py migrate "${add1[@]}"
./manage.py loaddata initial_data
)
echo 1>&2
##
if [ "$setup_adminuser" = 1 ]; then
echo "$0: step 2.4.2.1: setup admin start user" 1>&2
# ./inst/helpers/init_setup_params.sh
(
[ ! -f "fodenv.sh" ] || source "./fodenv.sh"
cd "$fod_dir"
set +e # for now ignore potential errors, especially in case user already exists
#source "$venv_dir/bin/activate"
echo "from flowspec.init_setup import init_admin_user; init_admin_user('$setup_adminuser__username', '$setup_adminuser__pwd', '$setup_adminuser__email', '$setup_adminuser__peer_name', '$setup_adminuser__peer_ip_prefix1')" | DJANGO_SETTINGS_MODULE="flowspy.settings" ./manage.py shell
true
)
fi
echo "setup_testrule=$setup_testrule" 1>&2
if [ "$setup_testrule" = 1 ]; then
echo "$0: step 2.4.2.1: setup test rule" 1>&2
(
set +e # for now ignore potential errors, especially in case user already exists
source "$venv_dir/bin/activate"
[ ! -f "fodenv.sh" ] || source "./fodenv.sh"
{ cat /dev/fd/5 | ./manage.py shell; } 5<<EOF
from flowspec.models import *
from django.contrib.auth.models import User;
applier1 = User.objects.get(username__exact='$setup_testrule_appliername');
from django.db.models import Q
query = Q()
query |= Q(source='$setup_testrule_source_prefix', destination='$setup_testrule_destination_prefix', protocol__in=[$setup_testrule_IPprotocolId])
matching_routes = Route.objects.filter(query)
if len(matching_routes)!=0:
print("test rule $setup_testrule_name_prefix already exists")
print("matching_routes="+str(matching_routes))
else:
a = Route(name='$setup_testrule_name_prefix', source='$setup_testrule_source_prefix', destination='$setup_testrule_destination_prefix', status='INACTIVE', applier=applier1)
a.save();
a.protocol.set([$setup_testrule_IPprotocolId])
a.save();
EOF
)
fi
##
# ./manage.py above may have created debug.log with root permissions:
chown -R "$FOD_SYSUSER:" "$fod_dir/log" "$fod_dir/logs" "$fod_dir/debug.log"
[ ! -d "/var/log/fod" ] || chown -R "$FOD_SYSUSER:" "/var/log/fod"
#
echo "$0: step 2.5: preparing FoD run-time environment" 1>&2
echo "$0: step 2.5.1: preparing necessary dirs" 1>&2
mkdir -p /var/run/fod
chown "$FOD_SYSUSER:" /var/run/fod
##
echo "$0: step 2.5.2: preparing FoD python wrapper" 1>&2
if [ "$ensure_installed_pythonenv_wrapper" = 1 -a \( "$inside_docker" = 1 -o ! -e "$fod_dir/pythonenv" \) ]; then
echo "adding pythonev wrapper" 1>&2
cat > "$fod_dir/pythonenv" <<EOF
#!/bin/bash
. "$venv_dir/bin/activate"
[ ! -e "$fod_dir/fodenv.sh" ] || . "$fod_dir/fodenv.sh"
exec "\$@"
EOF
chmod +x "$fod_dir/pythonenv"
echo 1>&2
fi
##
if [ "$setup_netconf" = 1 ]; then
echo "$0: setting up NETCONF fod conf" 1>&2
(
echo -e '\n#added by install-*.sh:'
echo "PROXY_CLASS=\"proxy_netconf_junos\""
echo "NETCONF_DEVICE=\"$setup_netconf__device\""
echo "NETCONF_PORT=\"$setup_netconf__port\""
echo "NETCONF_USER=\"$setup_netconf__user\""
echo "NETCONF_PASS=\"$setup_netconf__pass\""
) >> flowspy/settings_local.py
fi
##
if [ "$setup_exabgp" = 1 ]; then
echo "$0: setting up exabgp fod conf" 1>&2
echo -e '\n#added by install-*.sh:\nPROXY_CLASS="proxy_exabgp"' >> flowspy/settings_local.py
fi
##
echo "$0: step 2.5.5: preparing systemd/supervisord files" 1>&2
echo "$0: step 2.5.5.1: preparing supervisord.conf templates" 1>&2
if [ "$assume__sqlite_version__to_old" = 1 -a -e "$fod_dir/supervisord-centos.conf" ]; then
echo "$0: assume__sqlite_version__to_old=$assume__sqlite_version__to_old => using supervisord-centos.conf for old celery start syntax" 1>&2
cp -f "$fod_dir/supervisord-centos.conf" "$fod_dir/supervisord.conf"
elif [ -e "$fod_dir/supervisord.conf.dist" ]; then
echo "providing supervisord config" 1>&2
cp -f "$fod_dir/supervisord.conf.dist" "$fod_dir/supervisord.conf"
fi
sed -i "s#/srv/flowspy#$fod_dir#" "$fod_dir/supervisord.conf"
echo 1>&2
##
echo "$0: step 2.5.5.2: installing systemd/supervisord files" 1>&2
fod_systemd_dir="$fod_dir/systemd"
cp -f "$fod_systemd_dir/fod-gunicorn.service.dist" "$fod_systemd_dir/fod-gunicorn.service"
sed -i "s#/srv/flowspy#$fod_dir#g" "$fod_systemd_dir/fod-gunicorn.service"
cp -f "$fod_systemd_dir/fod-celeryd.service.dist" "$fod_systemd_dir/fod-celeryd.service"
sed -i "s#/srv/flowspy#$fod_dir#g" "$fod_systemd_dir/fod-celeryd.service"
cp -f "$fod_systemd_dir/fod-status-email-user@.service.dist" "$fod_systemd_dir/fod-status-email-user@.service"
sed -i "s#/srv/flowspy#$fod_dir#g" "$fod_systemd_dir/fod-status-email-user@.service"
if [ "$install_systemd_services" = 1 ]; then
echo 1>&2
echo "$0: installing systemd services" 1>&2
echo 1>&2
#cp -f "$fod_systemd_dir/fod-gunicorn.service" "$fod_systemd_dir/fod-celeryd.service" "/etc/systemd/system/"
cp -v -f "$fod_systemd_dir/fod-gunicorn.service" "$fod_systemd_dir/fod-celeryd.service" "$fod_systemd_dir/fod-status-email-user@.service" "/etc/systemd/system/" 1>&2
if [ "$install_systemd_services__onlyinstall" = 1 ]; then
#systemctl enable --machine --no-reload fod-gunicorn
#systemctl enable --machine --no-reload fod-celeryd
ln -s -f -v "/usr/lib/systemd/system/fod-gunicorn.service" /etc/systemd/system/multi-user.target.wants/
ln -s -f -v "/usr/lib/systemd/system/fod-celeryd.service" /etc/systemd/system/multi-user.target.wants/
else
systemctl daemon-reload
systemctl enable fod-gunicorn
systemctl enable fod-celeryd
systemctl restart fod-gunicorn
systemctl restart fod-celeryd
sleep 5
SYSTEMD_COLORS=1 systemctl status fod-gunicorn | cat
echo
SYSTEMD_COLORS=1 systemctl status fod-celeryd | cat
echo
fi
FOD_RUNMODE="via_systemd"
elif [ "$install_with_supervisord" = 1 ]; then
echo 1>&2
echo "$0: installing supervisord conf" 1>&2
echo 1>&2
# supervisord.conf
if [ -f supervisord.conf.prep ]; then
echo "$0: using supervisord.conf.prep" 1>&2
cp -f supervisord.conf.prep /etc/supervisord.conf
else
echo "$0: using supervisord.conf" 1>&2
cp -f supervisord.conf /etc/supervisord.conf
fi
touch /etc/.supervisord.conf.fodready
FOD_RUNMODE="via_supervisord"
else
FOD_RUNMODE="fg"
fi
if [ "$assume__sqlite_version__to_old" = 1 ]; then
echo "$0: assume__sqlite_version__to_old=$assume__sqlite_version__to_old => using runfod.centos.sh for old celery start syntax" 1>&2
#cp -f runfod.centos.sh runfod.sh
cp -f runfod-fg.centos.sh runfod-fg.sh
fi
echo "$0: step 2.5.6: writing ./runfod.conf" 1>&2
(
echo "FOD_RUNMODE=\"$FOD_RUNMODE\""
echo "USE_EXABGP=\"$setup_exabgp\""
if [ -n "$ifc_setup__name" ]; then
echo "ifc_setup__name=\"$ifc_setup__name\""
echo "ifc_setup__ip_addr_and_subnetmask=\"$ifc_setup__ip_addr_and_subnetmask\""
echo "ifc_setup__wait_for_ifc__in_runfod=\"$ifc_setup__wait_for_ifc__in_runfod\""
fi
) > "./runfod.conf"
##
if [ "$setup_exabgp" = 1 ]; then
echo "$0: step 2.5.7: preparing systemd/supervisord files" 1>&2
echo "$0: setting up exabgp" 1>&2
add1=()
if [ "$install_systemd_services" = 1 ]; then
if [ "$install_systemd_services__onlyinstall" = 1 -a "$setup_exabgp_full" = 1 ]; then
add1=("--systemd" "--enable.min")
elif [ "$install_systemd_services__onlyinstall" = 0 -a "$setup_exabgp_full" = 1 ]; then
add1=("--systemd" "--enable")
else
add1=("--systemd")
fi
elif [ "$install_with_supervisord" = 1 ]; then
if [ "$setup_exabgp_full" = 1 ]; then
add1=("--supervisord")
else
add1=("--supervisord" "--no-autostart")
fi
fi
exabgp_systemd_servicename="exabgpForFod" # statically defined in ./exabgp/run-exabgp-generic
# ./exabgp/run-exabgp-generic
FOD_SYSUSER="$FOD_SYSUSER" "$fod_dir/exabgp/run-exabgp-generic" --init-conf \
"$setup_exabgp__nodeid" "$setup_exabgp__ip_addr" "$setup_exabgp__asnr" \
"$setup_exabgp__peer_nodeid" "$setup_exabgp__peer_ip_addr" "$setup_exabgp__peer_asnr" \
-- "${add1[@]}"
# ./flowspy/settings.py
#echo -e '\n#added by install-*.sh:\nPROXY_CLASS="proxy_exabgp"' >> flowspy/settings_local.py
if [ "$install_systemd_services" = 1 ]; then # TODO support supervisord as well
#echo "$0: installing systemd service file for exabgpForFod" 1>&2
#if [ "$setup_exabgp_full" = 0 ]; then
# :
#elif [ "$install_systemd_services__onlyinstall" = 1 ]; then
# #systemctl enable --no-reload "$exabgp_systemd_servicename"
# #systemctl --machine enable --no-reload "$exabgp_systemd_servicename"
# ln -s -f -v "/usr/lib/systemd/system/$exabgp_systemd_servicename.service" /etc/systemd/system/multi-user.target.wants/
#else
# systemctl daemon-reload
# systemctl enable "$exabgp_systemd_servicename"
# systemctl restart "$exabgp_systemd_servicename"
# sleep 5
# SYSTEMD_COLORS=1 systemctl status "$exabgp_systemd_servicename" | cat
# echo
#fi
:
elif [ "$install_with_supervisord" = 1 ]; then
#echo "$0: adding supervisord config for exabgpForFod" 1>&2
:
fi
fi
)
if [ "$inst_dir_is_fod_dir" = 1 ]; then
if true || [ "$findfix_file_permissions" = 1 ]; then
echo "$0: step 2.9: finally fixing permissions as inst_dir_is_fod_dir=$inst_dir_is_fod_dir" 1>&2
##find "$fod_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$fod_dir" || true
##find "$fod_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$fod_dir" || true
#find "$fod_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true
fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$fod_dir/"
fi
fi
echo "$0: step 2 done" 1>&2
set +e
fi
#############################################################################
#############################################################################