#!/bin/bash set -e PRODUCT="docspace" ENVIRONMENT="production" PACKAGE_SYSNAME="onlyoffice" APP_DIR="/etc/${PACKAGE_SYSNAME}/${PRODUCT}" PRODUCT_DIR="/var/www/${PRODUCT}" LOG_DIR="/var/log/${PACKAGE_SYSNAME}/${PRODUCT}" USER_CONF="$APP_DIR/appsettings.$ENVIRONMENT.json" OPENRESTY_CONF="/usr/local/openresty/nginx/conf/nginx.conf" OPENRESTY_DIR="/etc/openresty" DB_HOST="localhost" DB_PORT="3306" DB_NAME="${PACKAGE_SYSNAME}" DB_USER="root" DB_PWD="" APP_HOST="localhost" APP_PORT="80" ELK_SHEME="http" ELK_HOST="localhost" ELK_PORT="9200" RABBITMQ_HOST="localhost" RABBITMQ_USER="guest" RABBITMQ_PASSWORD="guest" RABBITMQ_PORT="5672" REDIS_HOST="127.0.0.1" REDIS_PORT="6379" JSON="json -I -f" [ $(id -u) -ne 0 ] && { echo "Root privileges required"; exit 1; } check_localhost() { [ "$1" = "localhost" ] || [ "$1" = "127.0.0.1" ] && return 1 || return 0; } while [ "$1" != "" ]; do case $1 in -ash | --appshost ) if [ "$2" != "" ]; then APP_HOST=$2 shift fi ;; -asp | --appsport ) if [ "$2" != "" ]; then APP_PORT=$2 shift fi ;; -ess | --elasticsheme ) if [ "$2" != "" ]; then ELK_SHEME=$2 shift fi ;; -esh | --elastichost ) if [ "$2" != "" ]; then ELK_HOST=$2 check_localhost "$ELK_HOST" && EXTERNAL_ELK_FLAG="true" shift fi ;; -esp | --elasticport ) if [ "$2" != "" ]; then ELK_PORT=$2 shift fi ;; -e | --environment ) if [ "$2" != "" ]; then ENVIRONMENT=$2 shift fi ;; -mysqlh | --mysqlhost ) if [ "$2" != "" ]; then DB_HOST=$2 shift fi ;; -mysqld | --mysqldatabase ) if [ "$2" != "" ]; then DB_NAME=$2 shift fi ;; -mysqlu | --mysqluser ) if [ "$2" != "" ]; then DB_USER=$2 shift fi ;; -mysqlp | --mysqlpassword ) if [ "$2" != "" ]; then DB_PWD=$2 shift fi ;; -rdh | --redishost ) if [ "$2" != "" ]; then REDIS_HOST=$2 check_localhost "$REDIS_HOST" && EXTERNAL_REDIS_FLAG="true" shift fi ;; -rdp | --redisport ) if [ "$2" != "" ]; then REDIS_PORT=$2 shift fi ;; -rbh | --rabbitmqhost ) if [ "$2" != "" ]; then RABBITMQ_HOST=$2 check_localhost "$REDIS_HOST" && EXTERNAL_RABBITMQ_FLAG="true" shift fi ;; -rbu | --rabbitmquser ) if [ "$2" != "" ]; then RABBITMQ_USER=$2 shift fi ;; -rbpw | --rabbitmqpassword ) if [ "$2" != "" ]; then RABBITMQ_PASSWORD=$2 shift fi ;; -rbp | --rabbitmqport ) if [ "$2" != "" ]; then RABBITMQ_PORT=$2 shift fi ;; -mk | --machinekey ) if [ "$2" != "" ]; then CORE_MACHINEKEY=$2 shift fi ;; -js | --jwtsecret ) if [ "$2" != "" ]; then DOCUMENT_SERVER_JWT_SECRET=$2 shift fi ;; -jh | --jwtheader ) if [ "$2" != "" ]; then DOCUMENT_SERVER_JWT_HEADER=$2 shift fi ;; -docsurl | --docsurl ) if [ "$2" != "" ]; then DOCUMENT_SERVER_URL_EXTERNAL=$2 shift fi ;; -? | -h | --help ) echo " Usage: bash ${PRODUCT}-configuration [PARAMETER] [[PARAMETER], ...]" echo echo " Parameters:" echo " -ash, --appshost ${PRODUCT} ip" echo " -asp, --appsport ${PRODUCT} port (default 80)" echo " -docsurl, --docsurl $PACKAGE_SYSNAME docs server address (example http://$PACKAGE_SYSNAME-docs-address:8083)" echo " -esh, --elastichost elasticsearch ip" echo " -esp, --elasticport elasticsearch port (default 9200)" echo " -rdh, --redishost redis ip" echo " -rdp, --redisport redis port (default 6379)" echo " -rbh, --rabbitmqhost rabbitmq ip" echo " -rbp, --rabbitmqport rabbitmq port" echo " -rbu, --rabbitmquser rabbitmq user" echo " -rbpw, --rabbitmqpassword rabbitmq password" echo " -mysqlh, --mysqlhost mysql server host" echo " -mysqld, --mysqldatabase ${PRODUCT} database name" echo " -mysqlu, --mysqluser ${PRODUCT} database user" echo " -mysqlp, --mysqlpassword ${PRODUCT} database password" echo " -js, --jwtsecret defines the secret key to validate the JWT in the request" echo " -jh. --jwtheader defines the http header that will be used to send the JWT" echo " -mk, --machinekey setting for core.machinekey" echo " -e, --environment environment (default 'production')" echo " -?, -h, --help this help" echo exit 0 ;; * ) echo "Unknown parameter $1" 1>&2 exit 1 ;; esac shift done set_core_machinekey () { if [[ -f $APP_DIR/.private/machinekey ]] || [[ -n $CORE_MACHINEKEY ]]; then CORE_MACHINEKEY=${CORE_MACHINEKEY:-$(cat $APP_DIR/.private/machinekey)}; else CORE_MACHINEKEY=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12); if [ "$DIST" = "RedHat" ]; then echo $CORE_MACHINEKEY > $APP_DIR/.private/machinekey chmod o-rwx $APP_DIR/.private/machinekey fi fi save_undefined_param "${USER_CONF}" "core.machinekey" "${CORE_MACHINEKEY}" save_undefined_param "${USER_CONF}" "core['base-domain']" "${APP_HOST}" save_undefined_param "${APP_DIR}/apisystem.${ENVIRONMENT}.json" "core.machinekey" "${CORE_MACHINEKEY}" save_undefined_param "${APP_DIR}/apisystem.${ENVIRONMENT}.json" "core['base-domain']" "${CORE_MACHINEKEY}" sed "s^\(machine_key\)\s*=.*^\1 = ${CORE_MACHINEKEY}^g" -i $APP_DIR/radicale.config } install_json() { if ! command -v json; then echo -n "Install json package... " curl -L https://github.com/trentm/json/raw/master/lib/json.js > /usr/bin/json chmod 755 /usr/bin/json echo "OK" fi } save_undefined_param() { local JSON_FILE="$1" local FIELD_PATH="$2" local FIELD_VALUE="$3" [ "$4" != "rewrite" ] && local CONDITION="if(this.${FIELD_PATH}===undefined)" IFS='.' read -ra PATH_ELEMENTS <<< "${FIELD_PATH}" for ELEMENT in "${PATH_ELEMENTS[@]::${#PATH_ELEMENTS[@]}-1}"; do local CURRENT_PATH+=".$ELEMENT" ${JSON} ${JSON_FILE} -e "if(this${CURRENT_PATH}===undefined)this${CURRENT_PATH}={};" >/dev/null 2>&1 done ${JSON} ${JSON_FILE} -e "${CONDITION}this.${FIELD_PATH}=\"${FIELD_VALUE}\"" >/dev/null 2>&1 } restart_services() { chown -R ${PACKAGE_SYSNAME}:${PACKAGE_SYSNAME} $APP_DIR $PRODUCT_DIR $LOG_DIR /var/www/$PACKAGE_SYSNAME/Data sed "s_\(ENVIRONMENT=\).*_\1${ENVIRONMENT}_i" -i ${SYSTEMD_DIR}/${PRODUCT}*.service >/dev/null 2>&1 systemctl daemon-reload echo -n "Updating database... " systemctl start ${PRODUCT}-migration-runner >/dev/null 2>&1 || true while systemctl is-active ${PRODUCT}-migration-runner &>/dev/null; do sleep 5 done echo "OK" echo -n "Restarting services... " for SVC in login api socket studio-notify notify \ people-server files files-services studio backup \ clear-events backup-background ssoauth doceditor healthchecks do systemctl enable ${PRODUCT}-$SVC >/dev/null 2>&1 systemctl restart ${PRODUCT}-$SVC done echo "OK" } input_db_params(){ local CONNECTION_STRING=$(json -f $USER_CONF ConnectionStrings.default.connectionString) local def_DB_HOST=$(grep -oP 'Server=\K[^;]*' <<< "$CONNECTION_STRING") local def_DB_NAME=$(grep -oP 'Database=\K[^;]*' <<< "$CONNECTION_STRING") local def_DB_USER=$(grep -oP 'User ID=\K[^;]*' <<< "$CONNECTION_STRING") if [ -z $def_DB_HOST ] && [ -z $DB_HOST ]; then read -e -p "Database host: " -i "$DB_HOST" DB_HOST; else DB_HOST=${DB_HOST:-$def_DB_HOST} fi if [ -z $def_DB_NAME ] && [ -z $DB_NAME ]; then read -e -p "Database name: " -i "$DB_NAME" DB_NAME; else DB_NAME=${DB_NAME:-$def_DB_NAME} fi if [ -z $def_DB_USER ] && [ -z $DB_USER ]; then read -e -p "Database user: " -i "$DB_USER" DB_USER; else DB_USER=${DB_USER:-$def_DB_USER} fi if [ -z $DB_PWD ]; then read -e -p "Database password: " -i "$DB_PWD" -s DB_PWD; fi } establish_mysql_conn(){ echo -n "Trying to establish MySQL connection... " command -v mysql >/dev/null 2>&1 || { echo "MySQL client not found"; exit 1; } MYSQL="mysql -P$DB_PORT -h$DB_HOST -u$DB_USER" if [ -n "$DB_PWD" ]; then MYSQL="$MYSQL -p$DB_PWD" fi $MYSQL -e ";" >/dev/null 2>&1 ERRCODE=$? if [ $ERRCODE -ne 0 ]; then systemctl ${MYSQL_PACKAGE} start >/dev/null 2>&1 $MYSQL -e ";" >/dev/null 2>&1 || { echo "FAILURE"; exit 1; } fi if $PACKAGE_MANAGER mysql-server >/dev/null 2>&1 || $PACKAGE_MANAGER mysql-community-server >/dev/null 2>&1; then change_mysql_config fi #Save db settings in .json CONNECTION_STRING="Server=$DB_HOST;Port=$DB_PORT;Database=$DB_NAME;User ID=$DB_USER;Password=$DB_PWD;Pooling=true; \ Character Set=utf8; AutoEnlist=false; SSL Mode=none;AllowPublicKeyRetrieval=true;Connection Timeout=30;Maximum Pool Size=300" save_undefined_param "${USER_CONF}" "ConnectionStrings.default.connectionString" "${CONNECTION_STRING}" save_undefined_param "${APP_DIR}/apisystem.${ENVIRONMENT}.json" "ConnectionStrings.default.connectionString" "${CONNECTION_STRING}" sed "s&\(\"ConnectionString\":\).*&\1 \"$(printf "%q" "${CONNECTION_STRING}")\"&" -i $PRODUCT_DIR/services/ASC.Migration.Runner/appsettings.runner.json #Enable database migration save_undefined_param "${USER_CONF}" "migration.enabled" "true" echo "OK" } change_mysql_config(){ if [ "$DIST" = "RedHat" ]; then local CNF_PATH="/etc/my.cnf"; local CNF_SERVICE_PATH="/usr/lib/systemd/system/mysqld.service"; if ! grep -q "\[mysqld\]" ${CNF_PATH}; then CNF_PATH="/etc/my.cnf.d/server.cnf"; if ! grep -q "\[mysqld\]" ${CNF_PATH}; then exit 1; fi fi if ! grep -q "\[Unit\]" ${CNF_SERVICE_PATH}; then CNF_SERVICE_PATH="/lib/systemd/system/mysqld.service"; if ! grep -q "\[Unit\]" ${CNF_SERVICE_PATH}; then CNF_SERVICE_PATH="/lib/systemd/system/mariadb.service"; if ! grep -q "\[Unit\]" ${CNF_SERVICE_PATH}; then exit 1; fi fi fi elif [ "$DIST" = "Debian" ]; then sed "s/#max_connections.*/max_connections = 1000/" -i /etc/mysql/my.cnf || true # ignore errors CNF_PATH="/etc/mysql/mysql.conf.d/mysqld.cnf"; CNF_SERVICE_PATH="/lib/systemd/system/mysql.service"; if mysql -V | grep -q "MariaDB"; then CNF_PATH="/etc/mysql/mariadb.conf.d/50-server.cnf"; CNF_SERVICE_PATH="/lib/systemd/system/mariadb.service"; fi fi sed '/skip-networking/d' -i ${CNF_PATH} || true # ignore errors if ! grep -q "^sql_mode" ${CNF_PATH}; then sed "/\[mysqld\]/a sql_mode = 'NO_ENGINE_SUBSTITUTION'" -i ${CNF_PATH} # disable new STRICT mode in mysql 5.7 else sed "s/sql_mode.*/sql_mode = 'NO_ENGINE_SUBSTITUTION'/" -i ${CNF_PATH} || true # ignore errors fi if ! grep -q "^max_connections" ${CNF_PATH}; then sed '/\[mysqld\]/a max_connections = 1000' -i ${CNF_PATH} else sed "s/max_connections.*/max_connections = 1000/" -i ${CNF_PATH} || true # ignore errors fi if ! grep -q "^group_concat_max_len" ${CNF_PATH}; then sed '/\[mysqld\]/a group_concat_max_len = 2048' -i ${CNF_PATH} else sed "s/group_concat_max_len.*/group_concat_max_len = 2048/" -i ${CNF_PATH} || true # ignore errors fi if ! grep -q "^max_allowed_packet" ${CNF_PATH}; then sed '/\[mysqld\]/a max_allowed_packet = 1048576000' -i ${CNF_PATH} else sed "s/max_allowed_packet.*/max_allowed_packet = 1048576000/" -i ${CNF_PATH} || true # ignore errors fi if ! grep -q "^character_set_server" ${CNF_PATH}; then sed '/\[mysqld\]/a character_set_server = utf8' -i ${CNF_PATH} else sed "s/character_set_server.*/character_set_server = utf8/" -i ${CNF_PATH} || true # ignore errors fi if ! grep -q "^collation_server" ${CNF_PATH}; then sed '/\[mysqld\]/a collation_server = utf8_general_ci' -i ${CNF_PATH} else sed "s/collation_server.*/collation_server = utf8_general_ci/" -i ${CNF_PATH} || true # ignore errors fi MYSQL_AUTHENTICATION_PLUGIN=$($MYSQL -e "SHOW VARIABLES LIKE 'default_authentication_plugin';" -s | awk '{print $2}' >/dev/null 2>&1) MYSQL_AUTHENTICATION_PLUGIN=${MYSQL_AUTHENTICATION_PLUGIN:-caching_sha2_password} if ! grep -q "^default-authentication-plugin" ${CNF_PATH}; then sed "/\[mysqld\]/a default-authentication-plugin = ${MYSQL_AUTHENTICATION_PLUGIN}" -i ${CNF_PATH} else sed "s/default-authentication-plugin.*/default-authentication-plugin = ${MYSQL_AUTHENTICATION_PLUGIN}/" -i ${CNF_PATH} || true # ignore errors fi if [ -e ${CNF_SERVICE_PATH} ]; then if ! grep -q "^LimitNOFILE" ${CNF_SERVICE_PATH}; then sed '/\[Service\]/a LimitNOFILE = infinity' -i ${CNF_SERVICE_PATH} else sed "s/LimitNOFILE.*/LimitNOFILE = infinity/" -i ${CNF_SERVICE_PATH} || true # ignore errors fi if ! grep -q "^LimitMEMLOCK" ${CNF_SERVICE_PATH}; then sed '/\[Service\]/a LimitMEMLOCK = infinity' -i ${CNF_SERVICE_PATH} else sed "s/LimitMEMLOCK.*/LimitMEMLOCK = infinity/" -i ${CNF_SERVICE_PATH} || true # ignore errors fi fi systemctl daemon-reload >/dev/null 2>&1 systemctl enable ${MYSQL_PACKAGE} >/dev/null 2>&1 systemctl restart ${MYSQL_PACKAGE} } setup_openresty(){ echo -n "Configuring openresty... " cp -rf ${APP_DIR}/openresty/nginx.conf.template ${OPENRESTY_CONF} [ ! -f "${OPENRESTY_DIR}/mime.types" ] && cp -rf "$(dirname ${OPENRESTY_CONF})/mime.types" ${OPENRESTY_DIR} sed 's/\(listen .*:\)\([0-9]\{2,5\}\b\)\( default_server\)\?\(;\)/\1'${APP_PORT}'\3\4/' -i ${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}-proxy.conf sed "s!\(^worker_processes\).*;!\1 ${NGINX_WORKER_PROCESSES:-$(grep processor /proc/cpuinfo | wc -l)};!" -i "${OPENRESTY_CONF}" sed "s!\(worker_connections\).*;!\1 ${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)};!" -i "${OPENRESTY_CONF}" # Check for old configuration files if [ -f "${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}-proxy.conf.dpkg-old" ]; then PROXY_CONF="${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}-proxy.conf.dpkg-old" elif [ -f "${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}-proxy.conf.rpmsave" ]; then PROXY_CONF="${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}-proxy.conf.rpmsave" fi # If the configuration file is found, extract the paths to the certificate and key if [ ! -z "${PROXY_CONF}" ]; then DOMAIN=$(json -f ${USER_CONF} files.docservice.url.portal | awk -F[/:] '{if ($1 == "https") print $4; else print ""}') CERTIFICATE_PATH=$(grep -oP 'ssl_certificate\s+\K\S+' "${PROXY_CONF}" | tr -d ';') CERTIFICATE_KEY_PATH=$(grep -oP 'ssl_certificate_key\s+\K\S+' "${PROXY_CONF}" | tr -d ';') # If both values are found, start SSL configuration if [ ! -z "${DOMAIN}" ] && [ ! -z "${CERTIFICATE_PATH}" ] && [ ! -z "${CERTIFICATE_KEY_PATH}" ]; then /usr/bin/${PRODUCT}-ssl-setup -f "${DOMAIN}" "${CERTIFICATE_PATH}" "${CERTIFICATE_KEY_PATH}" fi fi if [ "$DIST" = "RedHat" ]; then # Remove default nginx settings [error] port 80 is already in use if [ -f /etc/nginx/nginx.conf ]; if grep -q "server {" /etc/nginx/nginx.conf ; then sed -e '$a}' -e '/server {/,$d' -i /etc/nginx/nginx.conf fi fi shopt -s nocasematch PORTS=() if command -v getenforce &> /dev/null; then case $(getenforce) in enforcing|permissive) PORTS+=('5000') #ASC.Web.Api PORTS+=('5001') #client PORTS+=('5003') #ASC.Web.Studio PORTS+=('5004') #ASC.People PORTS+=('5005') #ASC.Notify PORTS+=('5006') #ASC.Studio.Notify PORTS+=('5007') #ASC.Files/server PORTS+=('5009') #ASC.Files/service PORTS+=('5010') #ASC.ApiSystem PORTS+=('5011') #ASC.Login PORTS+=('5012') #ASC.Data.Backup PORTS+=('5013') #ASC.Files/editor PORTS+=('5027') #ASC.ClearEvents PORTS+=('5032') #ASC.Data.Backup.BackgroundTasks PORTS+=('5033') #ASC.Web.HealthChecks PORTS+=('5100') #ASC.ApiCache PORTS+=('8081') #Storybook PORTS+=('9834') #ASC.SsoAuth PORTS+=('9899') #ASC.Socket.IO setsebool -P httpd_can_network_connect on ;; disabled) : ;; esac for PORT in ${PORTS[@]}; do semanage port -a -t http_port_t -p tcp $PORT >/dev/null 2>&1 || \ semanage port -m -t http_port_t -p tcp $PORT >/dev/null 2>&1 || \ true done fi if rpm -q "firewalld"; then firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https systemctl restart firewalld.service fi elif [ "$DIST" = "Debian" ]; then if ! id "nginx" &>/dev/null; then rm -dfr /var/log/nginx/* rm -dfr /var/cache/nginx/* useradd -s /bin/false nginx fi fi chown nginx:nginx ${OPENRESTY_DIR}* -R systemctl enable openresty >/dev/null 2>&1 systemctl restart openresty echo "OK" } # Function gets Document server host and port using regular expression, we need it to check connection parse_external_docs_url () { if [[ $DOCUMENT_SERVER_URL_EXTERNAL =~ ^(https?://)?([^:/]+)(:([0-9]+))?(/.*)?$ ]]; then DOCUMENT_SERVER_PORT="${BASH_REMATCH[4]:-80}" DOCUMENT_SERVER_HOST="${BASH_REMATCH[2]}" [[ -n ${BASH_REMATCH[1]} ]] || DOCUMENT_SERVER_URL_EXTERNAL="http://$DOCUMENT_SERVER_HOST:$DOCUMENT_SERVER_PORT" fi } setup_docs() { echo -n "Configuring docs... " if [ $1 == "LOCAL_DOCS_SERVER" ]; then local DS_CONF_DIR="/etc/${PACKAGE_SYSNAME}/documentserver" local DOCUMENT_SERVER_PORT=$(grep -oP '(?<=:)\d+(?=\s)' ${DS_CONF_DIR}/nginx/ds.conf) local DOCUMENT_SERVER_JWT_SECRET=${DOCUMENT_SERVER_JWT_SECRET:-$(json -f ${DS_CONF_DIR}/local.json services.CoAuthoring.secret.inbox.string)} local DOCUMENT_SERVER_JWT_HEADER=${DOCUMENT_SERVER_JWT_HEADER:-$(json -f ${DS_CONF_DIR}/local.json services.CoAuthoring.token.inbox.header)} $JSON ${DS_CONF_DIR}/local.json -e "this.rabbitmq = { 'url': 'amqp://${RABBITMQ_USER}:${RABBITMQ_PASSWORD}@${RABBITMQ_HOST}:${RABBITMQ_PORT}' }" >/dev/null 2>&1 $JSON ${DS_CONF_DIR}/local.json -e "this.services.CoAuthoring.redis = { 'host': '$REDIS_HOST' }" >/dev/null 2>&1 sed 's/\(listen .*:\)\([0-9]\{2,5\}\b\)\( default_server\)\?\(;\)/\1'${DOCUMENT_SERVER_PORT}'\3\4/' -i ${DS_CONF_DIR}/nginx/ds.conf chown ds:ds ${DS_CONF_DIR}/local.json elif [ $1 == "EXTERNAL_DOCS_SERVER" ]; then local APP_HOST=$(curl -s ifconfig.me) local EXTERNAL_DOCS_FLAG="rewrite" fi #Changing the Docs port in nginx conf sed "0,/proxy_pass .*;/{s#proxy_pass .*;#proxy_pass ${DOCUMENT_SERVER_URL_EXTERNAL:-http://$APP_HOST:$DOCUMENT_SERVER_PORT};#}" -i ${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}.conf #Save Docs address and JWT in .json save_undefined_param "${USER_CONF}" "files.docservice.secret.value" "${DOCUMENT_SERVER_JWT_SECRET}" "rewrite" save_undefined_param "${USER_CONF}" "files.docservice.secret.header" "${DOCUMENT_SERVER_JWT_HEADER:-"AuthorizationJwt"}" "rewrite" save_undefined_param "${USER_CONF}" "files.docservice.url.public" "${DOCUMENT_SERVER_URL_EXTERNAL:-"/ds-vpath/"}" "$EXTERNAL_DOCS_FLAG" save_undefined_param "${USER_CONF}" "files.docservice.url.internal" "${DOCUMENT_SERVER_URL_EXTERNAL:-"http://$APP_HOST:$DOCUMENT_SERVER_PORT"}" "$EXTERNAL_DOCS_FLAG" save_undefined_param "${USER_CONF}" "files.docservice.url.portal" "http://${APP_HOST}:${APP_PORT}" "$EXTERNAL_DOCS_FLAG" echo "OK" } setup_enterprise() { if $PACKAGE_MANAGER ${PACKAGE_SYSNAME}-documentserver-ee >/dev/null 2>&1; then LICENCE_PATH="/var/www/$PACKAGE_SYSNAME/Data/license.lic" fi save_undefined_param "${USER_CONF}" "license.file.path" "${LICENCE_PATH}" "rewrite" } change_elasticsearch_config(){ systemctl stop elasticsearch local ELASTIC_SEARCH_CONF_PATH="/etc/elasticsearch/elasticsearch.yml" local ELASTIC_SEARCH_JAVA_CONF_PATH="/etc/elasticsearch/jvm.options"; if /usr/share/elasticsearch/bin/elasticsearch-plugin list | grep -q "ingest-attachment"; then /usr/share/elasticsearch/bin/elasticsearch-plugin remove -s ingest-attachment fi /usr/share/elasticsearch/bin/elasticsearch-plugin install -s -b ingest-attachment if [ -f ${ELASTIC_SEARCH_CONF_PATH}.rpmnew ]; then cp -rf ${ELASTIC_SEARCH_CONF_PATH}.rpmnew ${ELASTIC_SEARCH_CONF_PATH}; fi if [ -f ${ELASTIC_SEARCH_JAVA_CONF_PATH}.rpmnew ]; then cp -rf ${ELASTIC_SEARCH_JAVA_CONF_PATH}.rpmnew ${ELASTIC_SEARCH_JAVA_CONF_PATH}; fi if ! grep -q "indices.fielddata.cache.size" ${ELASTIC_SEARCH_CONF_PATH}; then echo "indices.fielddata.cache.size: 30%" >> ${ELASTIC_SEARCH_CONF_PATH} else sed -i "s/indices.fielddata.cache.size.*/indices.fielddata.cache.size: 30%/" ${ELASTIC_SEARCH_CONF_PATH} fi if ! grep -q "indices.memory.index_buffer_size" ${ELASTIC_SEARCH_CONF_PATH}; then echo "indices.memory.index_buffer_size: 30%" >> ${ELASTIC_SEARCH_CONF_PATH} else sed -i "s/indices.memory.index_buffer_size.*/indices.memory.index_buffer_size: 30%/" ${ELASTIC_SEARCH_CONF_PATH} fi if grep -q "HeapDumpOnOutOfMemoryError" ${ELASTIC_SEARCH_JAVA_CONF_PATH}; then sed "/-XX:+HeapDumpOnOutOfMemoryError/d" -i ${ELASTIC_SEARCH_JAVA_CONF_PATH} fi if ! grep -q "Dlog4j2.formatMsgNoLookups" ${ELASTIC_SEARCH_JAVA_CONF_PATH}; then echo "-Dlog4j2.formatMsgNoLookups=true" >> ${ELASTIC_SEARCH_JAVA_CONF_PATH} else sed -i "s/Dlog4j2.formatMsgNoLookups.*/Dlog4j2.formatMsgNoLookups=true/" ${ELASTIC_SEARCH_JAVA_CONF_PATH} fi if ! grep -q "ingest.geoip.downloader.enabled" ${ELASTIC_SEARCH_CONF_PATH}; then echo "ingest.geoip.downloader.enabled: false" >> ${ELASTIC_SEARCH_CONF_PATH} else sed -i "s/ingest.geoip.downloader.enabled.*/ingest.geoip.downloader.enabled: false/" ${ELASTIC_SEARCH_CONF_PATH} fi local TOTAL_MEMORY=$(free --mega | grep -oP '\d+' | head -n 1); local MEMORY_REQUIREMENTS=12000; #RAM ~12Gb if [ ${TOTAL_MEMORY} -gt ${MEMORY_REQUIREMENTS} ]; then ELASTICSEATCH_MEMORY="4g" else ELASTICSEATCH_MEMORY="1g" fi if grep -qE "^[^#]*-Xms[0-9]g" "${ELASTIC_SEARCH_JAVA_CONF_PATH}"; then sed -i "s/-Xms[0-9]g/-Xms${ELASTICSEATCH_MEMORY}/" "${ELASTIC_SEARCH_JAVA_CONF_PATH}" else echo "-Xms${ELASTICSEATCH_MEMORY}" >> "${ELASTIC_SEARCH_JAVA_CONF_PATH}" fi if grep -qE "^[^#]*-Xmx[0-9]g" "${ELASTIC_SEARCH_JAVA_CONF_PATH}"; then sed -i "s/-Xmx[0-9]g/-Xmx${ELASTICSEATCH_MEMORY}/" "${ELASTIC_SEARCH_JAVA_CONF_PATH}" else echo "-Xmx${ELASTICSEATCH_MEMORY}" >> "${ELASTIC_SEARCH_JAVA_CONF_PATH}" fi if [ -d /etc/elasticsearch/ ]; then chmod g+ws /etc/elasticsearch/ fi } setup_elasticsearch() { echo -n "Configuring elasticsearch... " #Save elasticsearch parameters in .json [[ $1 == "EXTERNAL_ELASTIC_SERVER" ]] && local EXTERNAL_ELASTIC_FLAG="rewrite" save_undefined_param "${APP_DIR}/elastic.${ENVIRONMENT}.json" "elastic.Scheme" "${ELK_SHEME}" "$EXTERNAL_ELASTIC_FLAG" save_undefined_param "${APP_DIR}/elastic.${ENVIRONMENT}.json" "elastic.Host" "${ELK_HOST}" "$EXTERNAL_ELASTIC_FLAG" save_undefined_param "${APP_DIR}/elastic.${ENVIRONMENT}.json" "elastic.Port" "${ELK_PORT}" "$EXTERNAL_ELASTIC_FLAG" save_undefined_param "${APP_DIR}/elastic.${ENVIRONMENT}.json" "elastic.Threads" "1" "$EXTERNAL_ELASTIC_FLAG" if [ $1 == "LOCAL_ELASTIC_SERVER" ]; then change_elasticsearch_config systemctl enable elasticsearch >/dev/null 2>&1 systemctl restart elasticsearch fi echo "OK" } setup_redis() { echo -n "Configuring redis... " $JSON $APP_DIR/redis.$ENVIRONMENT.json -e "this.Redis={'Hosts': [ { Host: \"${REDIS_HOST}\", Port: \"${REDIS_PORT}\" } ] }" >/dev/null 2>&1 sed -i "s~\(redis_host =\).*~\1 \"$REDIS_HOST\"~" "${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}.conf" sed -i "s~\(redis_port =\).*~\1 $REDIS_PORT~" "${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}.conf" if [ $1 == "LOCAL_REDIS_SERVER" ]; then if [ -f "/etc/redis/redis.conf" ]; then REDIS_CONF="/etc/redis/redis.conf" elif [ -f "/etc/redis.conf" ]; then REDIS_CONF="/etc/redis.conf" fi sed "s_\(^bind\).*_\1 ${REDIS_HOST}_" -i ${REDIS_CONF} sed -r "/^save\s[0-9]+/d" -i ${REDIS_CONF} systemctl enable $REDIS_PACKAGE >/dev/null 2>&1 systemctl restart $REDIS_PACKAGE fi echo "OK" } setup_rabbitmq() { echo -n "Configuring rabbitmq... " [[ $1 == "EXTERNAL_RABBITMQ_SERVER" ]] && local EXTERNAL_RABBITMQ_FLAG="rewrite" save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.Hostname" "${RABBITMQ_HOST}" "$EXTERNAL_RABBITMQ_FLAG" save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.UserName" "${RABBITMQ_USER}" "$EXTERNAL_RABBITMQ_FLAG" save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.Password" "${RABBITMQ_PASSWORD}" "$EXTERNAL_RABBITMQ_FLAG" save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.Port" "${RABBITMQ_PORT}" "$EXTERNAL_RABBITMQ_FLAG" save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.VirtualHost" "/" if [ $1 == "LOCAL_RABBITMQ_SERVER" ]; then systemctl enable rabbitmq-server >/dev/null 2>&1 systemctl restart rabbitmq-server fi echo "OK" } product_configuration(){ echo -n "Configuring ${PRODUCT}... " #Creating environment configuration files enviromentFiles=("appsettings.$ENVIRONMENT.json" "apisystem.$ENVIRONMENT.json" "elastic.$ENVIRONMENT.json" "rabbitmq.$ENVIRONMENT.json" "redis.$ENVIRONMENT.json") for i in "${!enviromentFiles[@]}"; do if [ ! -e "$APP_DIR/${enviromentFiles[$i]}" ]; then echo "{}" > "$APP_DIR/${enviromentFiles[$i]}" chmod o-rwx "$APP_DIR/${enviromentFiles[$i]}" fi done set_core_machinekey echo "OK" } # Function below checks if there is a connection to the external service. 0 - OK, connection established check_connection_external_services() { exec {FD}<> /dev/tcp/$1/$2 && exec {FD}>&- HOST_RESPONCE=$? if [[ $HOST_RESPONCE -ne 0 ]]; then echo -e "$3 external server is not responding: $1:$2" return $HOST_RESPONCE fi return $HOST_RESPONCE } if command -v yum >/dev/null 2>&1; then DIST="RedHat" PACKAGE_MANAGER="rpm -q" MYSQL_PACKAGE="mysqld" REDIS_PACKAGE="redis" SYSTEMD_DIR="/usr/lib/systemd/system" elif command -v apt >/dev/null 2>&1; then DIST="Debian" PACKAGE_MANAGER="dpkg -s" MYSQL_PACKAGE="mysql" REDIS_PACKAGE="redis-server" SYSTEMD_DIR="$(dirname $(dpkg-query -L ${PRODUCT}-api | grep systemd/system/))" fi install_json product_configuration if $PACKAGE_MANAGER mysql-client >/dev/null 2>&1 || $PACKAGE_MANAGER mysql-community-client >/dev/null 2>&1; then input_db_params establish_mysql_conn || exit $? fi if [[ ! -z $DOCUMENT_SERVER_URL_EXTERNAL ]]; then parse_external_docs_url "$DOCUMENT_SERVER_URL_EXTERNAL" check_connection_external_services "$DOCUMENT_SERVER_HOST" "$DOCUMENT_SERVER_PORT" "${PACKAGE_SYSNAME^^} Docs" setup_docs "EXTERNAL_DOCS_SERVER" elif $PACKAGE_MANAGER ${PACKAGE_SYSNAME}-documentserver >/dev/null 2>&1 || $PACKAGE_MANAGER ${PACKAGE_SYSNAME}-documentserver-de >/dev/null 2>&1 || $PACKAGE_MANAGER ${PACKAGE_SYSNAME}-documentserver-ee >/dev/null 2>&1; then setup_docs "LOCAL_DOCS_SERVER" setup_enterprise fi if $PACKAGE_MANAGER openresty >/dev/null 2>&1; then setup_openresty fi if [[ ! -z $EXTERNAL_ELK_FLAG ]]; then check_connection_external_services "$ELK_HOST" "$ELK_PORT" "Elasticsearch" setup_elasticsearch "EXTERNAL_ELASTIC_SERVER" elif $PACKAGE_MANAGER elasticsearch >/dev/null 2>&1; then setup_elasticsearch "LOCAL_ELASTIC_SERVER" fi if [[ ! -z $EXTERNAL_REDIS_FLAG ]]; then check_connection_external_services "$REDIS_HOST" "$REDIS_PORT" "Redis" setup_redis "EXTERNAL_REDIS_SERVER" elif $PACKAGE_MANAGER $REDIS_PACKAGE >/dev/null 2>&1; then setup_redis "LOCAL_REDIS_SERVER" fi if [[ ! -z $EXTERNAL_RABBITMQ_FLAG ]]; then check_connection_external_services "$RABBITMQ_HOST" "$RABBITMQ_PORT" "RabbitMQ" setup_rabbitmq "EXTERNAL_RABBITMQ_SERVER" elif $PACKAGE_MANAGER rabbitmq-server >/dev/null 2>&1; then setup_rabbitmq "LOCAL_RABBITMQ_SERVER" fi restart_services