#!/bin/bash #!/bin/sh # # This script installs all dependencies for Firewall-on-Demand running in Python3 # with Celery, Redis, and sqlite. # SCRIPT_NAME="install-centos.sh" ############################################################################# ############################################################################# # allow for easy clean-slate installation if [ "$1" = "--git-checkout" ]; then shift 1 gitrepo="$1" shift 1 git_branch="$1" shift 1 git_checkout_dir="$1" shift 1 [ -n "$gitrepo" ] || gitrepo="https://github.com/GEANT/FOD" [ -n "$git_branch" ] || git_branch="python3" echo "$0: git-checkout: gitrepo=$gitrepo git_branch="$git_branch" git_checkout_dir=$git_checkout_dir" 1>&2 ## set -e set -x git_checkout_dir_parentdir="$(dirname "$git_checkout_dir")" mkdir -p "$git_checkout_dir_parentdir" git clone "$gitrepo" "$git_checkout_dir" cd "$git_checkout_dir" git checkout "refs/remotes/origin/$git_branch" git checkout -b "$git_branch" exec "./$SCRIPT_NAME" "$@" fi ############################################################################# ############################################################################# fod_dir="/srv/flowspy" venv_dir="/srv/venv" FOD_SYSUSER="fod" FOD_SYSGROUP="fod" inside_docker=0 install_default_used=1 #install_basesw_os=1 install_basesw_os=0 #install_basesw_python=1 install_basesw_python=0 #install_basesw_python=1 install_fodproper=0 install_with_supervisord=0 install_systemd_services=0 install_systemd_services__onlyinstall=0 ensure_installed_pythonenv_wrapper=1 try_install_docu=0 # mkdocs not available # workaround for old Django with old OS sqlite3 (CENTOS7 only): try_fixup_for_old_os_sqlite=1 use_old_django_version__autodetect=1 # use__database_schema_migrate__fake_initial=0 # # setup_adminuser=0 setup_adminuser__username="admin" setup_adminuser__pwd="admin" #setup_adminuser__email="admin@localhost" setup_adminuser__peer_name="testpeer" setup_adminuser__peer_ip_prefix1="0.0.0.0/0" # setup_testrule=0 setup_testrule_appliername="$setup_adminuser__username" setup_testrule_name_prefix="testrule1" setup_testrule_source_prefix="0.0.0.0/0" setup_testrule_destination_prefix="127.0.0.1/32" setup_testrule_IPprotocolId=1 # ICMP # setup_netconf=0 setup_netconf__device= setup_netconf__port=830 setup_netconf__user="netconf" setup_netconf__pass="netconf" # setup_exabgp=0 setup_exabgp_full=0 setup_exabgp__nodeid=1.1.1.1 setup_exabgp__ip_addr=127.0.0.1 setup_exabgp__asnr=1234 setup_exabgp__peer_nodeid=2.2.2.2 setup_exabgp__peer_ip_addr=127.0.0.2 setup_exabgp__peer_asnr=2345 # ifc_setup__name="" ifc_setup__ip_addr_and_subnetmask="" ifc_setup__wait_for_ifc__in_runfod=0 # findfix_file_permissions=1 ############################################################################## ############################################################################## function debug_python_deps() { venv_file="$1" exit_code="$2" echo "debug_python_deps(): venv_file=$venv_file exit_code=$exit_code" 1>&2 [ -z "$venv_file" ] || . "$venv_file" export 1>&2 echo 1>&2 echo "# Python version: " 1>&2 python --version ls -l log/ 1>&2 echo 1>&2 echo "# Python dependencies: " 1>&2 pip list echo "# End of Python dependencies" 1>&2 [ -z "$exit_code" ] || exit "$exit_code" } function fix_permission_in_dir() { user="$1" # user for test accessing shift 1 group="$1" # used in fixing with chgrp + chmod +rx for dirs +r for other files shift 1 dir="$1" shift 1 echo "fix_permission_in_dir on dir '$dir'" 1>&2 set -- (set +e export MYUSER2="$user" export MYGROUP2="$group" find "$dir" -print0 | xargs -0 sh -c 'sudo -u "$MYUSER2" find "$@" -maxdepth 0 \( -type d -not -readable -not -executable \) -print0' -- | xargs -0 sh -c '[ $# -gt 0 ] || exit; chgrp -v "$MYGROUP2" "$@"; chmod -v g+rx "$@";' -- #find "$dir" -print0 | xargs -0 sh -c 'sudo -u "$MYUSER2" find "$@" -maxdepth 0 -not -readable -print0' -- | xargs -0 sh -c '[ $# -gt 0 ] || exit; chgrp -v "$MYGROUP2" "$@"; chmod -v g+r "$@";' -- find "$dir" -print0 | xargs -0 sh -c 'sudo -u "$MYUSER2" find "$@" -maxdepth 0 -type f -not -readable -print0' -- | xargs -0 sh -c '[ $# -gt 0 ] || exit; chgrp -v "$MYGROUP2" "$@"; chmod -v g+r "$@";' -- true ) } ## ############################################################################## ############################################################################## if [ -e "/.dockerenv" ]; then echo "running inside docker assummed" 1>&2 inside_docker=1 fi if grep -q -E '^systemd$' /proc/1/comm; then echo "system is running systemd as init process, setting default install_systemd_services=1" 1>&2 install_systemd_services=1 install_systemd_services__onlyinstall=0 elif [ "$inside_docker" = 1 ]; then echo "inside_docker=$inside_docker, so setting default install_systemd_services=0" 1>&2 install_systemd_services=0 install_systemd_services__onlyinstall=1 #install_with_supervisord=1 fi ############################################################################## ############################################################################## while [ $# -gt 0 ]; do if [ $# -ge 1 -a "$1" = "--here" ]; then shift 1 fod_dir="$PWD" venv_dir="$PWD/venv" elif [ $# -ge 1 -a "$1" = "--here__with_venv_relative" ]; then shift 1 fod_dir="$PWD" venv_dir="$PWD/../venv" elif [ $# -ge 1 -a "$1" = "--base_dir" ]; then shift 1 base_dir="$1" shift 1 fod_dir="$base_dir/flowspy" venv_dir="$base_dir/venv" elif [ $# -ge 1 -a "$1" = "--fod_dir" ]; then shift 1 fod_dir="$1" shift 1 elif [ $# -ge 1 -a "$1" = "--venv_dir" ]; then shift 1 venv_dir="$1" shift 1 elif [ $# -ge 1 -a "$1" = "--both" ]; then shift 1 install_default_used=0 install_basesw_os=1 install_basesw_python=1 install_fodproper=1 elif [ $# -ge 1 -a "$1" = "--basesw" ]; then shift 1 install_default_used=0 install_basesw_os=1 install_basesw_python=1 #install_fodproper=0 elif [ $# -ge 1 -a "$1" = "--basesw_os" ]; then shift 1 install_default_used=0 install_basesw_os=1 #install_basesw_python=0 #install_fodproper=0 elif [ $# -ge 1 -a "$1" = "--basesw_python" ]; then shift 1 install_default_used=0 #install_basesw_os=0 install_basesw_python=1 #install_fodproper=0 elif [ $# -ge 1 -a "$1" = "--fodproper" ]; then shift 1 install_default_used=0 #install_basesw_os=0 install_basesw_python=1 install_fodproper=1 elif [ $# -ge 1 -a "$1" = "--fodproper1" ]; then shift 1 install_default_used=0 #install_basesw_os=0 #install_basesw_python=0 install_fodproper=1 elif [ $# -ge 1 -a \( "$1" = "--supervisor" -o "$1" = "--supervisord" \) ]; then shift 1 install_with_supervisord=1 install_systemd_services=0 elif [ $# -ge 1 -a \( "$1" = "--no_supervisor" -o "$1" = "--no_supervisord" \) ]; then shift 1 install_with_supervisord=0 elif [ $# -ge 1 -a "$1" = "--systemd" ]; then shift 1 install_systemd_services=1 elif [ $# -ge 1 -a "$1" = "--systemd_only_install" ]; then shift 1 install_systemd_services__onlyinstall=1 elif [ $# -ge 1 -a "$1" = "--systemd_check_start" ]; then shift 1 install_systemd_services__onlyinstall=0 elif [ $# -ge 1 -a "$1" = "--no_systemd" ]; then shift 1 install_systemd_services=0 elif [ $# -ge 1 -a "$1" = "--fix_permissions" ]; then shift 1 findfix_file_permissions=1 elif [ $# -ge 1 -a "$1" = "--db_schema_migrate__fake_initial" ]; then shift 1 db_schema_migrate__fake_initial=1 elif [ $# -ge 1 -a "$1" = "--setup_admin_user" ]; then shift 1 setup_adminuser=1 elif [ $# -ge 1 -a "$1" = "--setup_admin_user5" ]; then shift 1 setup_adminuser=1 setup_adminuser__username="$1" shift 1 setup_adminuser__pwd="$1" shift 1 setup_adminuser__email="$1" shift 1 setup_adminuser__peer_name="$1" shift 1 setup_adminuser__peer_ip_prefix1="$1" shift 1 elif [ $# -ge 1 -a "$1" = "--setup_test_rule" ]; then shift 1 setup_testrule=1 elif [ $# -ge 1 -a "$1" = "--setup_test_rule5" ]; then shift 1 setup_testrule=1 setup_testrule_name_prefix="$1" shift 1 setup_testrule_source_prefix="$1" shift 1 setup_testrule_destination_prefix="$1" shift 1 setup_testrule_IPprotocolId="$1" shift 1 setup_testrule_appliername="$1" shift 1 elif [ $# -ge 1 -a "$1" = "--netconf" ]; then shift 1 setup_netconf=1 setup_netconf__device="$1" shift 1 setup_netconf__port="$1" shift 1 setup_netconf__user="$1" shift 1 setup_netconf__pass="$1" shift 1 elif [ $# -ge 1 -a "$1" = "--exabgp0" ]; then shift 1 setup_exabgp=1 shift 1 setup_exabgp_full=0 elif [ $# -ge 1 -a "$1" = "--exabgp" ]; then # currently 6 params follow shift 1 setup_exabgp=1 setup_exabgp_full=1 setup_exabgp__nodeid="$1" shift 1 setup_exabgp__ip_addr="$1" shift 1 setup_exabgp__asnr="$1" shift 1 setup_exabgp__peer_nodeid="$1" shift 1 setup_exabgp__peer_ip_addr="$1" shift 1 setup_exabgp__peer_asnr="$1" shift 1 elif [ $# -ge 1 -a "$1" = "--ip-addr-set" ]; then # for easy support for of extra veth-pair end point init in containers for containerlab shift 1 ifc_setup__name="$1" shift 1 ifc_setup__ip_addr_and_subnetmask="$1" shift 1 ifc_setup__wait_for_ifc__in_runfod="$1" shift 1 echo "$0: init of interface $ifc_setup__name with ip_addr_and_subnetmask=$ifc_setup__ip_addr_and_subnetmask" 1>&2 ifconfig "$ifc_setup__name" "$ifc_setup__ip_addr_and_subnetmask" ifconfig "$ifc_setup__name" 1>&2 else break fi done if [ $# -gt 0 ]; then echo "remaining unprocessed arguments: $*, aborting" 1>&2 exit 2 fi ## #set -x ## if [ "$install_default_used" = 1 ]; then install_basesw_os=1 install_basesw_python=1 install_fodproper=1 fi echo "$0: install_default_used=$install_default_used ; install_basesw_os=$install_basesw_os install_basesw_python=$install_basesw_python install_fodproper=$install_fodproper" 1>&2 [ -n "$setup_adminuser__email" ] || setup_adminuser__email="$setup_adminuser__username@localhost" ## venv_dir_base="$(dirname "$venv_dir")" echo "$0: venv_dir=$venv_dir => venv_dir_base=$venv_dir_base" 1>&2 ls -dla "$venv_dir" "$venv_dir_base" 1>&2 ## static_dir="$fod_dir/static" inst_dir="$(dirname "$0")" mkdir -p "$fod_dir" || exit if [ "$(stat -Lc "%i" "$inst_dir/" "$fod_dir/" | sort -n -k 1 -u | wc -l)" = "1" ]; then inst_dir_is_fod_dir=1 else inst_dir_is_fod_dir=0 fi echo "$0: inst_dir=$inst_dir fod_dir=$fod_dir => inst_dir_is_fod_dir=$inst_dir_is_fod_dir venv_dir=$venv_dir static_dir=$static_dir" 1>&2 #exit ############################################################################# ############################################################################# if [ "$install_basesw_os" = 1 ]; then # requires ./install-centos-fixcentos-sqlite.sh in case of CENTOS7 echo "$0: step 1: installing base software dependencies (OS packages)" 1>&2 set -e echo "Installing epel repo" rpm -Uh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm echo "Installing remi repo" yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm echo "Installing base dependencies" yum -y install python36 python3-setuptools python36-virtualenv vim git gcc libevent-devel libxml2-devel libxslt-devel mariadb-server mysql-devel patch yum-utils sudo echo "Installing redis" # Installation of redis from remi RPM repository yum-config-manager --enable remi yum -q -y install redis ## if [ "$try_fixup_for_old_os_sqlite" = 1 -a "$inside_docker" = 1 ]; then # only do try this fix inside docker env if ! type -p sqlite3; then echo "$0: sqlite3 not found, installing it" 1>&2 yum install -y sqlite3 fi if [ "$try_fixup_for_old_os_sqlite" = 1 -a "$inside_docker" = 1 ]; then # only do try this fix inside docker env . "./install-centos-fixcentos-sqlite.sh" "$fod_dir" fi fi set +e echo "$0: step 1 done" 1>&2 fi ## if [ "$install_systemd_services" = 0 -a "$install_with_supervisord" = 1 ]; then echo "trying to install supervisord" 1>&2 yum install -y supervisor fi ## echo "$0: step 1a: handling sqlite3 too old fixup post actions" 1>&2 # only needed for CENTOS assume__sqlite_version__to_old=1 if [ "$use_old_django_version__autodetect" = 1 ]; then sqlite_version="$(sqlite3 -version)" if [ "$sqlite_version" != "${sqlite_version#3.7.}" ]; then echo "$0: sqlite_version=$sqlite_version is too old, will use old Django version" 1>&2 assume__sqlite_version__to_old=1 else echo "$0: sqlite_version=$sqlite_version is recent enough to use newer Django and dependencies" 1>&2 assume__sqlite_version__to_old=0 fi fi ## python_version="$(python3 --version | cut -d ' ' -f 2,2)" if [ "$assume__sqlite_version__to_old" = 1 ]; then echo "$0: assume__sqlite_version__to_old=$assume__sqlite_version__to_old => using requirements-centos.txt" 1>&2 cp "$fod_dir/requirements-centos.txt" "$fod_dir/requirements.txt" elif [ -e "$fod_dir/requirements.txt.python$python_version" ]; then echo "$0: using python version specific $fod_dir/requirements.txt.python$python_version" 1>&2 cp "$fod_dir/requirements.txt.python$python_version" "$fod_dir/requirements.txt" else echo "$0: using $fod_dir/requirements.txt" 1>&2 fi echo "$0: step 1b: preparing database system" 1>&2 ############################################################################# ############################################################################# # grep -B 100000 '#step2' install-centos.sh > install-centos-step1.sh #step2 if [ "$install_fodproper" = 0 -a "$install_basesw_python" = 1 ]; then echo "$0: step 2a: installing Python dependencies only" 1>&2 set -e echo "Setup partial python environment for FoD" [ ! -f "fodenv.sh" ] || source "./fodenv.sh" if [ "$findfix_file_permissions" = 0 ]; then echo "preparing venv_dir $venv_dir permissions for user $FOD_SYSUSER" 1>&2 id "$FOD_SYSUSER" &>/dev/null || useradd -m "$FOD_SYSUSER" mkdir -p "$venv_dir" #find "$venv_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true #find "$venv_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$venv_dir" || true fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$venv_dir/" chown "$FOD_SYSUSER:$FOD_SYSGROUP" "$venv_dir" chmod og+rxs "$venv_dir" fi (ls -dla "$venv_dir" 1>&2 || true) if [ -x pyvenv ]; then #pyvenv /srv/venv pyvenv "$venv_dir" else #virtualenv-3 /srv/venv virtualenv-3 "$venv_dir" fi ln -sf "$venv_dir" "$fod_dir/venv" ls -dla "$venv_dir" "$fod_dir/venv" 1>&2 #source /srv/venv/bin/activate source "$venv_dir/bin/activate" export 1>&2 ## # fix for broken anyjson and cl # TODO: fix this more cleanly pip install 'setuptools<58' # if [ "$assume__sqlite_version__to_old" = 1 ]; then # # # fix for broken anyjson and cl # # TODO: fix this more cleanly # #pip install 'setuptools<58' # # echo "$0: assume__sqlite_version__to_old=$assume__sqlite_version__to_old => using requirements-centos.txt" 1>&2 # # cp "$fod_dir/requirements-centos.txt" "$fod_dir/requirements.txt" # else # # python_version="$(python3 --version | cut -d ' ' -f 1,1)" # if [ -e "$fod_dir/requirements.txt.$python_version" ]; then # echo "$0: using python version specific $fod_dir/requirements.txt.$python_version" 1>&2 # cp "$fod_dir/requirements.txt.$python_version" "$fod_dir/requirements.txt" # fi # # fi (cd "$fod_dir" && pip install -r requirements.txt) echo "$0: step 2a done" 1>&2 fi # grep -B 100000 '#step3' install-centos.sh > install-centos-step2.sh #step3 if [ "$install_fodproper" = 1 ]; then echo "$0: step 2: installing FoD in installation dir + ensuring Python dependencies are installed + setting-up FoD settings, database preparations, and FoD run-time environment" 1>&2 set -e echo "$0: step 2.0" 1>&2 id "$FOD_SYSUSER" &>/dev/null || useradd -m "$FOD_SYSUSER" mkdir -p /var/log/fod "$venv_dir_base" ## echo "Setup python environment for FoD" (ls -dla "$venv_dir" "$fod_dir/venv" "$venv_dir_base" 1>&2 || false) if [ "$findfix_file_permissions" = 0 ]; then echo "preparing venv_dir $venv_dir permissions for user $FOD_SYSUSER" 1>&2 mkdir -p "$venv_dir" #find "$venv_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true #find "$venv_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$venv_dir" fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$venv_dir/" chown "$FOD_SYSUSER:$FOD_SYSUSER" "$venv_dir" chmod og+rxs "$venv_dir" fi [ ! -f "fodenv.sh" ] || source "./fodenv.sh" if [ -x pyvenv ]; then echo "using pyvenv" 1>&2 pyvenv "$venv_dir" else echo "using virtualenv-3" 1>&2 virtualenv-3 "$venv_dir" fi ln -sf "$venv_dir" "$fod_dir/venv" ls -dla "$venv_dir" "$fod_dir/venv" 1>&2 ( set +e source "$venv_dir/bin/activate" export 1>&2 ## #mkdir -p /srv/flowspy/log/ mkdir -p "$fod_dir/log/" if true; then echo "$0: step 2.1: coyping from source dir to installation dir $fod_dir" 1>&2 MYSELF="$(basename "$0")" DIRNAME="$(dirname "$0")" # Select source dir and copy FoD into /srv/flowspy/ if [ "$MYSELF" = "$SCRIPT_NAME" ]; then # if started as main script, e.g., in Docker or on OS-installation # this script is in the source directory #cp -f -r "`dirname $0`"/* /srv/flowspy/ #cp -f -r "$DIRNAME"/* "$fod_dir" cp -f -r "$inst_dir"/* "$fod_dir" elif [ -e /vagrant ]; then # running in vagrant with /vagrant available # vagrant's copy in /vagrant/ #cp -f -r /vagrant/* /srv/flowspy/ cp -f -r /vagrant/* "$fod_dir" elif [ -e "$SCRIPT_NAME" ]; then # running in vagrant with script current dir == install dir # current directory is with the sourcecode #cp -f -r ./* /srv/flowspy/ cp -f -r ./* "$fod_dir" else echo "Could not find FoD src directory tried $DIRNAME, /vagrant/, ./" exit 1 fi fi if [ "$findfix_file_permissions" = 1 ]; then echo "$0: step 2.1a: fixing permissions" 1>&2 #find "$fod_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$fod_dir/" fi ### set -e echo "$0: step 2.2: setting-up FoD settings" 1>&2 #cd /srv/flowspy/ cd "$fod_dir" ( cd flowspy # jump into settings subdir flowspy if [ "$inside_docker" = 1 -a -e settings.py.centos.docker ]; then # user has own centos-specific settings prepared yet ? cp -f settings.py.centos.docker settings.py elif [ -e settings.py.centos ]; then # user has own centos-specific settings prepared yet ? cp -f settings.py.centos settings.py elif [ "$inside_docker" = 1 -a -e settings.py.docker ]; then # user has own settings prepared yet ? cp -f settings.py.docker settings.py elif [ -e settings.py ]; then # user has prepared a generic settings yet ? : # nothing todo else # prepare a settings.py from git repo's settings.py.dist/settings.py.centos.dist + settings.py.patch if [ "$assume__sqlite_version__to_old" = 1 ]; then echo "$0: assume__sqlite_version__to_old=$assume__sqlite_version__to_old using settings.py.centos.dist" 1>&2 cp -f settings.py.centos.dist settings.py else cp -f settings.py.dist settings.py fi patch settings.py < settings.py.patch sed -i "s#/srv/flowspy#$fod_dir#" "settings.py" fi ) if [ ! -e "flowspy/settings_local.py" ]; then touch flowspy/settings_local.py fi if [ "$install_basesw_python" = 1 ]; then echo "$0: step 2.3: ensuring Python dependencies are installed" 1>&2 if [ "$install_basesw_python" = 1 ]; then #are we running in --both mode, i.e. for the venv init is run for the first time, i.e. the problematic package having issues with to new setuptools is not yet installed? # fix for broken anyjson and cl # TODO: fix this more cleanly pip install 'setuptools<58' fi # actual proper installation of python requirements pip install -r requirements.txt fi ## echo "$0: step 2.3.1: preparing log sub dirs" 1>&2 mkdir -p "$fod_dir/log" "$fod_dir/logs" touch "$fod_dir/debug.log" chown -R "$FOD_SYSUSER:" "$fod_dir/log" "$fod_dir/logs" "$fod_dir/debug.log" ## #if [ "$try_install_docu" = 1 ]; then # echo "$0: step 2.3.2: compiling internal docu" 1>&2 # echo "trying to install mkdocs-based documentation" 1>&2 # ( # set -e # which mkdocs 2>/dev/null >/dev/null || yum install -y mkdocs # cd "$fod_dir" && mkdocs build # ./mkdocs.yml # #find "$fod_dir/static/site" -not -user "$FOD_SYSUSER" -exec chown "$FOD_SYSUSER:" {} \; # is depending on ./mkdocs.yml var site_dir # find "$fod_dir/static/site" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" {} \; # is depending on ./mkdocs.yml var site_dir # true # in case of failure override failure status, as the documentation is non-essential # ) #fi ## echo "$0: step 2.4: preparing FoD static files and database" 1>&2 echo "$0: step 2.4.1: preparing FoD static files" 1>&2 #mkdir -p /srv/flowspy/static/ mkdir -p "$static_dir" ( set -e [ ! -f "fodenv.sh" ] || source "./fodenv.sh" cd "$fod_dir" if false && type -p sudo 2>/dev/null; then sudo --preserve-env=LD_LIBRARY_PATH,PATH -E -u "$FOD_SYSUSER" ./manage.py collectstatic -c --noinput || debug_python_deps "$venv_dir/bin/activate" 1 else ./manage.py collectstatic -c --noinput || debug_python_deps "$venv_dir/bin/activate" 1 fi #find "$fod_dir/staticfiles" -not -user "$FOD_SYSUSER" -exec chown "$FOD_SYSUSER:" {} \; || true # TODO is depending on flowspy/settings*.py var STATIC_ROOT #find "$fod_dir/staticfiles" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" "$fod_dir/staticfiles" # is depending on ./mkdocs.yml var site_dir fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$fod_dir/staticfiles" ) ## echo "$0: step 2.4.2.0: preparing DB and DB access" 1>&2 echo "$0: step 2.4.2.0: preparing FoD DB schema and basic data" 1>&2 echo "deploying/updating database schema" 1>&2 ( set -e [ ! -f "fodenv.sh" ] || source "./fodenv.sh" cd "$fod_dir" #./manage.py syncdb --noinput #which sqlite3 #sqlite3 -version #source "$venv_dir/bin/activate" add1=() if [ "$db_schema_migrate__fake_initial" = 1 ]; then echo "using --fake-initial" 1>&2 add1=("--fake-initial") fi ./manage.py migrate "${add1[@]}" ./manage.py loaddata initial_data ) echo 1>&2 ## if [ "$setup_adminuser" = 1 ]; then echo "$0: step 2.4.2.1: setup admin start user" 1>&2 # ./inst/helpers/init_setup_params.sh ( [ ! -f "fodenv.sh" ] || source "./fodenv.sh" cd "$fod_dir" set +e # for now ignore potential errors, especially in case user already exists #source "$venv_dir/bin/activate" echo "from flowspec.init_setup import init_admin_user; init_admin_user('$setup_adminuser__username', '$setup_adminuser__pwd', '$setup_adminuser__email', '$setup_adminuser__peer_name', '$setup_adminuser__peer_ip_prefix1')" | DJANGO_SETTINGS_MODULE="flowspy.settings" ./manage.py shell true ) fi echo "setup_testrule=$setup_testrule" 1>&2 if [ "$setup_testrule" = 1 ]; then echo "$0: step 2.4.2.1: setup test rule" 1>&2 ( set +e # for now ignore potential errors, especially in case user already exists source "$venv_dir/bin/activate" [ ! -f "fodenv.sh" ] || source "./fodenv.sh" { cat /dev/fd/5 | ./manage.py shell; } 5<<EOF from flowspec.models import * from django.contrib.auth.models import User; applier1 = User.objects.get(username__exact='$setup_testrule_appliername'); from django.db.models import Q query = Q() query |= Q(source='$setup_testrule_source_prefix', destination='$setup_testrule_destination_prefix', protocol__in=[$setup_testrule_IPprotocolId]) matching_routes = Route.objects.filter(query) if len(matching_routes)!=0: print("test rule $setup_testrule_name_prefix already exists") print("matching_routes="+str(matching_routes)) else: a = Route(name='$setup_testrule_name_prefix', source='$setup_testrule_source_prefix', destination='$setup_testrule_destination_prefix', status='INACTIVE', applier=applier1) a.save(); a.protocol.set([$setup_testrule_IPprotocolId]) a.save(); EOF ) fi ## # ./manage.py above may have created debug.log with root permissions: chown -R "$FOD_SYSUSER:" "$fod_dir/log" "$fod_dir/logs" "$fod_dir/debug.log" [ ! -d "/var/log/fod" ] || chown -R "$FOD_SYSUSER:" "/var/log/fod" # echo "$0: step 2.5: preparing FoD run-time environment" 1>&2 echo "$0: step 2.5.1: preparing necessary dirs" 1>&2 mkdir -p /var/run/fod chown "$FOD_SYSUSER:" /var/run/fod ## echo "$0: step 2.5.2: preparing FoD python wrapper" 1>&2 if [ "$ensure_installed_pythonenv_wrapper" = 1 -a \( "$inside_docker" = 1 -o ! -e "$fod_dir/pythonenv" \) ]; then echo "adding pythonev wrapper" 1>&2 cat > "$fod_dir/pythonenv" <<EOF #!/bin/bash . "$venv_dir/bin/activate" [ ! -e "$fod_dir/fodenv.sh" ] || . "$fod_dir/fodenv.sh" exec "\$@" EOF chmod +x "$fod_dir/pythonenv" echo 1>&2 fi ## if [ "$setup_netconf" = 1 ]; then echo "$0: setting up NETCONF fod conf" 1>&2 ( echo -e '\n#added by install-*.sh:' echo "PROXY_CLASS=\"proxy_netconf_junos\"" echo "NETCONF_DEVICE=\"$setup_netconf__device\"" echo "NETCONF_PORT=\"$setup_netconf__port\"" echo "NETCONF_USER=\"$setup_netconf__user\"" echo "NETCONF_PASS=\"$setup_netconf__pass\"" ) >> flowspy/settings_local.py fi ## if [ "$setup_exabgp" = 1 ]; then echo "$0: setting up exabgp fod conf" 1>&2 echo -e '\n#added by install-*.sh:\nPROXY_CLASS="proxy_exabgp"' >> flowspy/settings_local.py fi ## echo "$0: step 2.5.5: preparing systemd/supervisord files" 1>&2 echo "$0: step 2.5.5.1: preparing supervisord.conf templates" 1>&2 if [ "$assume__sqlite_version__to_old" = 1 -a -e "$fod_dir/supervisord-centos.conf" ]; then echo "$0: assume__sqlite_version__to_old=$assume__sqlite_version__to_old => using supervisord-centos.conf for old celery start syntax" 1>&2 cp -f "$fod_dir/supervisord-centos.conf" "$fod_dir/supervisord.conf" elif [ -e "$fod_dir/supervisord.conf.dist" ]; then echo "providing supervisord config" 1>&2 cp -f "$fod_dir/supervisord.conf.dist" "$fod_dir/supervisord.conf" fi sed -i "s#/srv/flowspy#$fod_dir#" "$fod_dir/supervisord.conf" echo 1>&2 ## echo "$0: step 2.5.5.2: installing systemd/supervisord files" 1>&2 fod_systemd_dir="$fod_dir/systemd" cp -f "$fod_systemd_dir/fod-gunicorn.service.dist" "$fod_systemd_dir/fod-gunicorn.service" sed -i "s#/srv/flowspy#$fod_dir#g" "$fod_systemd_dir/fod-gunicorn.service" cp -f "$fod_systemd_dir/fod-celeryd.service.dist" "$fod_systemd_dir/fod-celeryd.service" sed -i "s#/srv/flowspy#$fod_dir#g" "$fod_systemd_dir/fod-celeryd.service" cp -f "$fod_systemd_dir/fod-status-email-user@.service.dist" "$fod_systemd_dir/fod-status-email-user@.service" sed -i "s#/srv/flowspy#$fod_dir#g" "$fod_systemd_dir/fod-status-email-user@.service" if [ "$install_systemd_services" = 1 ]; then echo 1>&2 echo "$0: installing systemd services" 1>&2 echo 1>&2 #cp -f "$fod_systemd_dir/fod-gunicorn.service" "$fod_systemd_dir/fod-celeryd.service" "/etc/systemd/system/" cp -v -f "$fod_systemd_dir/fod-gunicorn.service" "$fod_systemd_dir/fod-celeryd.service" "$fod_systemd_dir/fod-status-email-user@.service" "/etc/systemd/system/" 1>&2 if [ "$install_systemd_services__onlyinstall" = 1 ]; then #systemctl enable --machine --no-reload fod-gunicorn #systemctl enable --machine --no-reload fod-celeryd ln -s -f -v "/usr/lib/systemd/system/fod-gunicorn.service" /etc/systemd/system/multi-user.target.wants/ ln -s -f -v "/usr/lib/systemd/system/fod-celeryd.service" /etc/systemd/system/multi-user.target.wants/ else systemctl daemon-reload systemctl enable fod-gunicorn systemctl enable fod-celeryd systemctl restart fod-gunicorn systemctl restart fod-celeryd sleep 5 SYSTEMD_COLORS=1 systemctl status fod-gunicorn | cat echo SYSTEMD_COLORS=1 systemctl status fod-celeryd | cat echo fi FOD_RUNMODE="via_systemd" elif [ "$install_with_supervisord" = 1 ]; then echo 1>&2 echo "$0: installing supervisord conf" 1>&2 echo 1>&2 # supervisord.conf if [ -f supervisord.conf.prep ]; then echo "$0: using supervisord.conf.prep" 1>&2 cp -f supervisord.conf.prep /etc/supervisord.conf else echo "$0: using supervisord.conf" 1>&2 cp -f supervisord.conf /etc/supervisord.conf fi touch /etc/.supervisord.conf.fodready FOD_RUNMODE="via_supervisord" else FOD_RUNMODE="fg" fi if [ "$assume__sqlite_version__to_old" = 1 ]; then echo "$0: assume__sqlite_version__to_old=$assume__sqlite_version__to_old => using runfod.centos.sh for old celery start syntax" 1>&2 #cp -f runfod.centos.sh runfod.sh cp -f runfod-fg.centos.sh runfod-fg.sh fi echo "$0: step 2.5.6: writing ./runfod.conf" 1>&2 ( echo "FOD_RUNMODE=\"$FOD_RUNMODE\"" echo "USE_EXABGP=\"$setup_exabgp\"" if [ -n "$ifc_setup__name" ]; then echo "ifc_setup__name=\"$ifc_setup__name\"" echo "ifc_setup__ip_addr_and_subnetmask=\"$ifc_setup__ip_addr_and_subnetmask\"" echo "ifc_setup__wait_for_ifc__in_runfod=\"$ifc_setup__wait_for_ifc__in_runfod\"" fi ) > "./runfod.conf" ## if [ "$setup_exabgp" = 1 ]; then echo "$0: step 2.5.7: preparing systemd/supervisord files" 1>&2 echo "$0: setting up exabgp" 1>&2 add1=() if [ "$install_systemd_services" = 1 ]; then if [ "$install_systemd_services__onlyinstall" = 1 -a "$setup_exabgp_full" = 1 ]; then add1=("--systemd" "--enable.min") elif [ "$install_systemd_services__onlyinstall" = 0 -a "$setup_exabgp_full" = 1 ]; then add1=("--systemd" "--enable") else add1=("--systemd") fi elif [ "$install_with_supervisord" = 1 ]; then if [ "$setup_exabgp_full" = 1 ]; then add1=("--supervisord") else add1=("--supervisord" "--no-autostart") fi fi exabgp_systemd_servicename="exabgpForFod" # statically defined in ./exabgp/run-exabgp-generic # ./exabgp/run-exabgp-generic FOD_SYSUSER="$FOD_SYSUSER" "$fod_dir/exabgp/run-exabgp-generic" --init-conf \ "$setup_exabgp__nodeid" "$setup_exabgp__ip_addr" "$setup_exabgp__asnr" \ "$setup_exabgp__peer_nodeid" "$setup_exabgp__peer_ip_addr" "$setup_exabgp__peer_asnr" \ -- "${add1[@]}" # ./flowspy/settings.py #echo -e '\n#added by install-*.sh:\nPROXY_CLASS="proxy_exabgp"' >> flowspy/settings_local.py if [ "$install_systemd_services" = 1 ]; then # TODO support supervisord as well #echo "$0: installing systemd service file for exabgpForFod" 1>&2 #if [ "$setup_exabgp_full" = 0 ]; then # : #elif [ "$install_systemd_services__onlyinstall" = 1 ]; then # #systemctl enable --no-reload "$exabgp_systemd_servicename" # #systemctl --machine enable --no-reload "$exabgp_systemd_servicename" # ln -s -f -v "/usr/lib/systemd/system/$exabgp_systemd_servicename.service" /etc/systemd/system/multi-user.target.wants/ #else # systemctl daemon-reload # systemctl enable "$exabgp_systemd_servicename" # systemctl restart "$exabgp_systemd_servicename" # sleep 5 # SYSTEMD_COLORS=1 systemctl status "$exabgp_systemd_servicename" | cat # echo #fi : elif [ "$install_with_supervisord" = 1 ]; then #echo "$0: adding supervisord config for exabgpForFod" 1>&2 : fi fi ) if [ "$inst_dir_is_fod_dir" = 1 ]; then if true || [ "$findfix_file_permissions" = 1 ]; then echo "$0: step 2.9: finally fixing permissions as inst_dir_is_fod_dir=$inst_dir_is_fod_dir" 1>&2 ##find "$fod_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$fod_dir" || true ##find "$fod_dir/" -not -group "$FOD_SYSUSER" -print0 | xargs -0 chgrp -v "$FOD_SYSUSER" "$fod_dir" || true #find "$fod_dir/" -not -user "$FOD_SYSUSER" -print0 | xargs -0 chown -v "$FOD_SYSUSER:" || true fix_permission_in_dir "$FOD_SYSUSER" "$FOD_SYSGROUP" "$fod_dir/" fi fi echo "$0: step 2 done" 1>&2 set +e fi ############################################################################# #############################################################################