912 lines
30 KiB
Bash
912 lines
30 KiB
Bash
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
PRODUCT="docspace"
|
|
ENVIRONMENT="production"
|
|
PACKAGE_SYSNAME="onlyoffice"
|
|
|
|
APP_DIR="/etc/${PACKAGE_SYSNAME}/${PRODUCT}"
|
|
PRODUCT_DIR="/var/www/${PRODUCT}"
|
|
LOG_DIR="/var/log/${PACKAGE_SYSNAME}/${PRODUCT}"
|
|
USER_CONF="$APP_DIR/appsettings.$ENVIRONMENT.json"
|
|
|
|
OPENRESTY_CONF="/usr/local/openresty/nginx/conf/nginx.conf"
|
|
OPENRESTY_DIR="/etc/openresty"
|
|
|
|
DB_HOST="localhost"
|
|
DB_PORT="3306"
|
|
DB_NAME="${PACKAGE_SYSNAME}"
|
|
DB_USER="root"
|
|
DB_PWD=""
|
|
|
|
APP_HOST="localhost"
|
|
APP_PORT="80"
|
|
|
|
ELK_SHEME="http"
|
|
ELK_HOST="localhost"
|
|
ELK_PORT="9200"
|
|
OPENSEARCH_INDEX="${PACKAGE_SYSNAME}-fluent-bit"
|
|
|
|
RABBITMQ_HOST="localhost"
|
|
RABBITMQ_USER="guest"
|
|
RABBITMQ_PASSWORD="guest"
|
|
RABBITMQ_PORT="5672"
|
|
|
|
REDIS_HOST="127.0.0.1"
|
|
REDIS_PORT="6379"
|
|
|
|
JSON="json -I -f"
|
|
|
|
[ $(id -u) -ne 0 ] && { echo "Root privileges required"; exit 1; }
|
|
check_localhost() { [ "$1" = "localhost" ] || [ "$1" = "127.0.0.1" ] && return 1 || return 0; }
|
|
|
|
while [ "$1" != "" ]; do
|
|
case $1 in
|
|
|
|
-ash | --appshost )
|
|
if [ "$2" != "" ]; then
|
|
APP_HOST=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-asp | --appsport )
|
|
if [ "$2" != "" ]; then
|
|
APP_PORT=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-ess | --elasticsheme )
|
|
if [ "$2" != "" ]; then
|
|
ELK_SHEME=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-esh | --elastichost )
|
|
if [ "$2" != "" ]; then
|
|
ELK_HOST=$2
|
|
check_localhost "$ELK_HOST" && EXTERNAL_ELK_FLAG="true"
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-esp | --elasticport )
|
|
if [ "$2" != "" ]; then
|
|
ELK_PORT=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-e | --environment )
|
|
if [ "$2" != "" ]; then
|
|
ENVIRONMENT=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-mysqlh | --mysqlhost )
|
|
if [ "$2" != "" ]; then
|
|
DB_HOST=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-mysqld | --mysqldatabase )
|
|
if [ "$2" != "" ]; then
|
|
DB_NAME=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-mysqlu | --mysqluser )
|
|
if [ "$2" != "" ]; then
|
|
DB_USER=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-mysqlp | --mysqlpassword )
|
|
if [ "$2" != "" ]; then
|
|
DB_PWD=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-rdh | --redishost )
|
|
if [ "$2" != "" ]; then
|
|
REDIS_HOST=$2
|
|
check_localhost "$REDIS_HOST" && EXTERNAL_REDIS_FLAG="true"
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-rdp | --redisport )
|
|
if [ "$2" != "" ]; then
|
|
REDIS_PORT=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-rbh | --rabbitmqhost )
|
|
if [ "$2" != "" ]; then
|
|
RABBITMQ_HOST=$2
|
|
check_localhost "$REDIS_HOST" && EXTERNAL_RABBITMQ_FLAG="true"
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-rbu | --rabbitmquser )
|
|
if [ "$2" != "" ]; then
|
|
RABBITMQ_USER=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-rbpw | --rabbitmqpassword )
|
|
if [ "$2" != "" ]; then
|
|
RABBITMQ_PASSWORD=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-rbp | --rabbitmqport )
|
|
if [ "$2" != "" ]; then
|
|
RABBITMQ_PORT=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-mk | --machinekey )
|
|
if [ "$2" != "" ]; then
|
|
CORE_MACHINEKEY=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-js | --jwtsecret )
|
|
if [ "$2" != "" ]; then
|
|
DOCUMENT_SERVER_JWT_SECRET=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-jh | --jwtheader )
|
|
if [ "$2" != "" ]; then
|
|
DOCUMENT_SERVER_JWT_HEADER=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-du | --dashboadrsusername )
|
|
if [ "$2" != "" ]; then
|
|
DASHBOARDS_USERNAME=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-dp | --dashboadrspassword )
|
|
if [ "$2" != "" ]; then
|
|
DASHBOARDS_PASSWORD=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-docsurl | --docsurl )
|
|
if [ "$2" != "" ]; then
|
|
DOCUMENT_SERVER_URL_EXTERNAL=$2
|
|
shift
|
|
fi
|
|
;;
|
|
|
|
-? | -h | --help )
|
|
echo " Usage: bash ${PRODUCT}-configuration [PARAMETER] [[PARAMETER], ...]"
|
|
echo
|
|
echo " Parameters:"
|
|
echo " -ash, --appshost ${PRODUCT} ip"
|
|
echo " -asp, --appsport ${PRODUCT} port (default 80)"
|
|
echo " -docsurl, --docsurl $PACKAGE_SYSNAME docs server address (example http://$PACKAGE_SYSNAME-docs-address:8083)"
|
|
echo " -esh, --elastichost elasticsearch ip"
|
|
echo " -esp, --elasticport elasticsearch port (default 9200)"
|
|
echo " -rdh, --redishost redis ip"
|
|
echo " -rdp, --redisport redis port (default 6379)"
|
|
echo " -rbh, --rabbitmqhost rabbitmq ip"
|
|
echo " -rbp, --rabbitmqport rabbitmq port"
|
|
echo " -rbu, --rabbitmquser rabbitmq user"
|
|
echo " -rbpw, --rabbitmqpassword rabbitmq password"
|
|
echo " -mysqlh, --mysqlhost mysql server host"
|
|
echo " -mysqld, --mysqldatabase ${PRODUCT} database name"
|
|
echo " -mysqlu, --mysqluser ${PRODUCT} database user"
|
|
echo " -mysqlp, --mysqlpassword ${PRODUCT} database password"
|
|
echo " -js, --jwtsecret defines the secret key to validate the JWT in the request"
|
|
echo " -jh. --jwtheader defines the http header that will be used to send the JWT"
|
|
echo " -mk, --machinekey setting for core.machinekey"
|
|
echo " -e, --environment environment (default 'production')"
|
|
echo " -?, -h, --help this help"
|
|
echo
|
|
exit 0
|
|
;;
|
|
|
|
* )
|
|
echo "Unknown parameter $1" 1>&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
set_core_machinekey () {
|
|
if [[ -f $APP_DIR/.private/machinekey ]] || [[ -n $CORE_MACHINEKEY ]]; then
|
|
CORE_MACHINEKEY=${CORE_MACHINEKEY:-$(cat $APP_DIR/.private/machinekey)};
|
|
else
|
|
CORE_MACHINEKEY=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12);
|
|
if [ "$DIST" = "RedHat" ]; then
|
|
echo $CORE_MACHINEKEY > $APP_DIR/.private/machinekey
|
|
chmod o-rwx $APP_DIR/.private/machinekey
|
|
fi
|
|
fi
|
|
|
|
save_undefined_param "${USER_CONF}" "core.machinekey" "${CORE_MACHINEKEY}"
|
|
save_undefined_param "${USER_CONF}" "core['base-domain']" "${APP_HOST}" "rewrite"
|
|
save_undefined_param "${APP_DIR}/apisystem.${ENVIRONMENT}.json" "core.machinekey" "${CORE_MACHINEKEY}"
|
|
save_undefined_param "${APP_DIR}/apisystem.${ENVIRONMENT}.json" "core['base-domain']" "${APP_HOST}" "rewrite"
|
|
|
|
sed "s^\(machine_key\)\s*=.*^\1 = ${CORE_MACHINEKEY}^g" -i $APP_DIR/radicale.config
|
|
}
|
|
|
|
install_json() {
|
|
if ! command -v json; then
|
|
echo -n "Install json package... "
|
|
curl -L https://github.com/trentm/json/raw/master/lib/json.js > /usr/bin/json
|
|
chmod 755 /usr/bin/json
|
|
echo "OK"
|
|
fi
|
|
}
|
|
|
|
save_undefined_param() {
|
|
local JSON_FILE="$1"
|
|
local FIELD_PATH="$2"
|
|
local FIELD_VALUE="$3"
|
|
[ "$4" != "rewrite" ] && local CONDITION="if(this.${FIELD_PATH}===undefined)"
|
|
|
|
IFS='.' read -ra PATH_ELEMENTS <<< "${FIELD_PATH}"
|
|
for ELEMENT in "${PATH_ELEMENTS[@]::${#PATH_ELEMENTS[@]}-1}"; do
|
|
local CURRENT_PATH+=".$ELEMENT"
|
|
${JSON} ${JSON_FILE} -e "if(this${CURRENT_PATH}===undefined)this${CURRENT_PATH}={};" >/dev/null 2>&1
|
|
done
|
|
|
|
${JSON} ${JSON_FILE} -e "${CONDITION}this.${FIELD_PATH}=\"${FIELD_VALUE}\"" >/dev/null 2>&1
|
|
}
|
|
|
|
restart_services() {
|
|
chown -R ${PACKAGE_SYSNAME}:${PACKAGE_SYSNAME} $APP_DIR $PRODUCT_DIR $LOG_DIR /var/www/$PACKAGE_SYSNAME/Data
|
|
|
|
sed "s_\(ENVIRONMENT=\).*_\1${ENVIRONMENT}_i" -i ${SYSTEMD_DIR}/${PRODUCT}*.service >/dev/null 2>&1
|
|
systemctl daemon-reload
|
|
|
|
echo -n "Updating database... "
|
|
systemctl start ${PRODUCT}-migration-runner >/dev/null 2>&1 || true
|
|
while systemctl is-active ${PRODUCT}-migration-runner &>/dev/null; do
|
|
sleep 5
|
|
done
|
|
echo "OK"
|
|
|
|
echo -n "Restarting services... "
|
|
for SVC in login api socket studio-notify notify \
|
|
people-server files files-services studio backup api-system \
|
|
clear-events backup-background ssoauth doceditor healthchecks
|
|
do
|
|
systemctl enable ${PRODUCT}-$SVC >/dev/null 2>&1
|
|
systemctl restart ${PRODUCT}-$SVC
|
|
done
|
|
echo "OK"
|
|
}
|
|
|
|
input_db_params(){
|
|
local CONNECTION_STRING=$(json -f $USER_CONF ConnectionStrings.default.connectionString)
|
|
local def_DB_HOST=$(grep -oP 'Server=\K[^;]*' <<< "$CONNECTION_STRING")
|
|
local def_DB_NAME=$(grep -oP 'Database=\K[^;]*' <<< "$CONNECTION_STRING")
|
|
local def_DB_USER=$(grep -oP 'User ID=\K[^;]*' <<< "$CONNECTION_STRING")
|
|
|
|
if [ -z $def_DB_HOST ] && [ -z $DB_HOST ]; then
|
|
read -e -p "Database host: " -i "$DB_HOST" DB_HOST;
|
|
else
|
|
DB_HOST=${DB_HOST:-$def_DB_HOST}
|
|
fi
|
|
|
|
if [ -z $def_DB_NAME ] && [ -z $DB_NAME ]; then
|
|
read -e -p "Database name: " -i "$DB_NAME" DB_NAME;
|
|
else
|
|
DB_NAME=${DB_NAME:-$def_DB_NAME}
|
|
fi
|
|
|
|
if [ -z $def_DB_USER ] && [ -z $DB_USER ]; then
|
|
read -e -p "Database user: " -i "$DB_USER" DB_USER;
|
|
else
|
|
DB_USER=${DB_USER:-$def_DB_USER}
|
|
fi
|
|
|
|
if [ -z $DB_PWD ]; then
|
|
read -e -p "Database password: " -i "$DB_PWD" -s DB_PWD;
|
|
fi
|
|
}
|
|
|
|
establish_mysql_conn(){
|
|
echo -n "Trying to establish MySQL connection... "
|
|
|
|
command -v mysql >/dev/null 2>&1 || { echo "MySQL client not found"; exit 1; }
|
|
|
|
MYSQL="mysql -P$DB_PORT -h$DB_HOST -u$DB_USER"
|
|
if [ -n "$DB_PWD" ]; then
|
|
MYSQL="$MYSQL -p$DB_PWD"
|
|
fi
|
|
|
|
$MYSQL -e ";" >/dev/null 2>&1
|
|
ERRCODE=$?
|
|
if [ $ERRCODE -ne 0 ]; then
|
|
systemctl start ${MYSQL_PACKAGE} >/dev/null 2>&1
|
|
$MYSQL -e ";" >/dev/null 2>&1 || { echo "FAILURE"; exit 1; }
|
|
fi
|
|
|
|
if $PACKAGE_MANAGER mysql-server >/dev/null 2>&1 || $PACKAGE_MANAGER mysql-community-server >/dev/null 2>&1; then
|
|
change_mysql_config
|
|
fi
|
|
|
|
#Save db settings in .json
|
|
CONNECTION_STRING="Server=$DB_HOST;Port=$DB_PORT;Database=$DB_NAME;User ID=$DB_USER;Password=$DB_PWD;Pooling=true; \
|
|
Character Set=utf8; AutoEnlist=false; SSL Mode=none;AllowPublicKeyRetrieval=true;Connection Timeout=30;Maximum Pool Size=300"
|
|
|
|
save_undefined_param "${USER_CONF}" "ConnectionStrings.default.connectionString" "${CONNECTION_STRING}"
|
|
save_undefined_param "${APP_DIR}/apisystem.${ENVIRONMENT}.json" "ConnectionStrings.default.connectionString" "${CONNECTION_STRING}"
|
|
|
|
sed "s&\(\"ConnectionString\":\).*&\1 \"$(printf "%q" "${CONNECTION_STRING}")\"&" -i $PRODUCT_DIR/services/ASC.Migration.Runner/appsettings.runner.json
|
|
|
|
#Enable database migration
|
|
save_undefined_param "${USER_CONF}" "migration.enabled" "true"
|
|
|
|
echo "OK"
|
|
}
|
|
|
|
change_mysql_config(){
|
|
if [ "$DIST" = "RedHat" ]; then
|
|
|
|
local CNF_PATH="/etc/my.cnf";
|
|
local CNF_SERVICE_PATH="/usr/lib/systemd/system/mysqld.service";
|
|
|
|
if ! grep -q "\[mysqld\]" ${CNF_PATH}; then
|
|
CNF_PATH="/etc/my.cnf.d/server.cnf";
|
|
|
|
if ! grep -q "\[mysqld\]" ${CNF_PATH}; then
|
|
exit 1;
|
|
fi
|
|
fi
|
|
|
|
if ! grep -q "\[Unit\]" ${CNF_SERVICE_PATH}; then
|
|
CNF_SERVICE_PATH="/lib/systemd/system/mysqld.service";
|
|
|
|
if ! grep -q "\[Unit\]" ${CNF_SERVICE_PATH}; then
|
|
CNF_SERVICE_PATH="/lib/systemd/system/mariadb.service";
|
|
|
|
if ! grep -q "\[Unit\]" ${CNF_SERVICE_PATH}; then
|
|
exit 1;
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
elif [ "$DIST" = "Debian" ]; then
|
|
|
|
sed "s/#max_connections.*/max_connections = 1000/" -i /etc/mysql/my.cnf || true # ignore errors
|
|
|
|
CNF_PATH="/etc/mysql/mysql.conf.d/mysqld.cnf";
|
|
CNF_SERVICE_PATH="/lib/systemd/system/mysql.service";
|
|
|
|
if mysql -V | grep -q "MariaDB"; then
|
|
CNF_PATH="/etc/mysql/mariadb.conf.d/50-server.cnf";
|
|
CNF_SERVICE_PATH="/lib/systemd/system/mariadb.service";
|
|
fi
|
|
|
|
fi
|
|
|
|
sed '/skip-networking/d' -i ${CNF_PATH} || true # ignore errors
|
|
|
|
if ! grep -q "^sql_mode" ${CNF_PATH}; then
|
|
sed "/\[mysqld\]/a sql_mode = 'NO_ENGINE_SUBSTITUTION'" -i ${CNF_PATH} # disable new STRICT mode in mysql 5.7
|
|
else
|
|
sed "s/sql_mode.*/sql_mode = 'NO_ENGINE_SUBSTITUTION'/" -i ${CNF_PATH} || true # ignore errors
|
|
fi
|
|
|
|
if ! grep -q "^max_connections" ${CNF_PATH}; then
|
|
sed '/\[mysqld\]/a max_connections = 1000' -i ${CNF_PATH}
|
|
else
|
|
sed "s/max_connections.*/max_connections = 1000/" -i ${CNF_PATH} || true # ignore errors
|
|
fi
|
|
|
|
if ! grep -q "^group_concat_max_len" ${CNF_PATH}; then
|
|
sed '/\[mysqld\]/a group_concat_max_len = 2048' -i ${CNF_PATH}
|
|
else
|
|
sed "s/group_concat_max_len.*/group_concat_max_len = 2048/" -i ${CNF_PATH} || true # ignore errors
|
|
fi
|
|
|
|
if ! grep -q "^max_allowed_packet" ${CNF_PATH}; then
|
|
sed '/\[mysqld\]/a max_allowed_packet = 1048576000' -i ${CNF_PATH}
|
|
else
|
|
sed "s/max_allowed_packet.*/max_allowed_packet = 1048576000/" -i ${CNF_PATH} || true # ignore errors
|
|
fi
|
|
|
|
if ! grep -q "^character_set_server" ${CNF_PATH}; then
|
|
sed '/\[mysqld\]/a character_set_server = utf8' -i ${CNF_PATH}
|
|
else
|
|
sed "s/character_set_server.*/character_set_server = utf8/" -i ${CNF_PATH} || true # ignore errors
|
|
fi
|
|
|
|
if ! grep -q "^collation_server" ${CNF_PATH}; then
|
|
sed '/\[mysqld\]/a collation_server = utf8_general_ci' -i ${CNF_PATH}
|
|
else
|
|
sed "s/collation_server.*/collation_server = utf8_general_ci/" -i ${CNF_PATH} || true # ignore errors
|
|
fi
|
|
|
|
if grep -q "^default-authentication-plugin" ${CNF_PATH}; then
|
|
sed "/^default-authentication-plugin/d" -i "${CNF_PATH}" || true # ignore errors
|
|
fi
|
|
|
|
if [ -e ${CNF_SERVICE_PATH} ]; then
|
|
|
|
if ! grep -q "^LimitNOFILE" ${CNF_SERVICE_PATH}; then
|
|
sed '/\[Service\]/a LimitNOFILE = infinity' -i ${CNF_SERVICE_PATH}
|
|
else
|
|
sed "s/LimitNOFILE.*/LimitNOFILE = infinity/" -i ${CNF_SERVICE_PATH} || true # ignore errors
|
|
fi
|
|
|
|
if ! grep -q "^LimitMEMLOCK" ${CNF_SERVICE_PATH}; then
|
|
sed '/\[Service\]/a LimitMEMLOCK = infinity' -i ${CNF_SERVICE_PATH}
|
|
else
|
|
sed "s/LimitMEMLOCK.*/LimitMEMLOCK = infinity/" -i ${CNF_SERVICE_PATH} || true # ignore errors
|
|
fi
|
|
|
|
fi
|
|
|
|
systemctl daemon-reload >/dev/null 2>&1
|
|
systemctl enable ${MYSQL_PACKAGE} >/dev/null 2>&1
|
|
systemctl restart ${MYSQL_PACKAGE}
|
|
}
|
|
|
|
setup_openresty(){
|
|
echo -n "Configuring openresty... "
|
|
|
|
cp -rf ${APP_DIR}/openresty/nginx.conf.template ${OPENRESTY_CONF}
|
|
[ ! -f "${OPENRESTY_DIR}/mime.types" ] && cp -rf "$(dirname ${OPENRESTY_CONF})/mime.types" ${OPENRESTY_DIR}
|
|
|
|
sed 's/\(listen .*:\)\([0-9]\{2,5\}\b\)\( default_server\)\?\(;\)/\1'${APP_PORT}'\3\4/' -i ${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}-proxy.conf
|
|
sed "s!\(^worker_processes\).*;!\1 ${NGINX_WORKER_PROCESSES:-$(grep processor /proc/cpuinfo | wc -l)};!" -i "${OPENRESTY_CONF}"
|
|
sed "s!\(worker_connections\).*;!\1 ${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)};!" -i "${OPENRESTY_CONF}"
|
|
|
|
# Check for old configuration files
|
|
if [ -f "${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}-proxy.conf.dpkg-old" ]; then
|
|
PROXY_CONF="${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}-proxy.conf.dpkg-old"
|
|
elif [ -f "${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}-proxy.conf.rpmsave" ]; then
|
|
PROXY_CONF="${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}-proxy.conf.rpmsave"
|
|
fi
|
|
|
|
# If the configuration file is found, extract the paths to the certificate and key
|
|
if [ ! -z "${PROXY_CONF}" ]; then
|
|
DOMAIN=$(json -f ${USER_CONF} files.docservice.url.portal | awk -F[/:] '{if ($1 == "https") print $4; else print ""}')
|
|
CERTIFICATE_PATH=$(grep -oP 'ssl_certificate\s+\K\S+' "${PROXY_CONF}" | tr -d ';')
|
|
CERTIFICATE_KEY_PATH=$(grep -oP 'ssl_certificate_key\s+\K\S+' "${PROXY_CONF}" | tr -d ';')
|
|
|
|
# If both values are found, start SSL configuration
|
|
if [ ! -z "${DOMAIN}" ] && [ ! -z "${CERTIFICATE_PATH}" ] && [ ! -z "${CERTIFICATE_KEY_PATH}" ]; then
|
|
/usr/bin/${PRODUCT}-ssl-setup -f "${DOMAIN}" "${CERTIFICATE_PATH}" "${CERTIFICATE_KEY_PATH}"
|
|
fi
|
|
fi
|
|
|
|
if [ "$DIST" = "RedHat" ]; then
|
|
# Remove default nginx settings [error] port 80 is already in use
|
|
if [ -f /etc/nginx/nginx.conf ]; then
|
|
if grep -q "server {" /etc/nginx/nginx.conf ; then
|
|
sed -e '$a}' -e '/server {/,$d' -i /etc/nginx/nginx.conf
|
|
systemctl reload nginx
|
|
fi
|
|
fi
|
|
|
|
shopt -s nocasematch
|
|
PORTS=()
|
|
if command -v getenforce &> /dev/null; then
|
|
case $(getenforce) in
|
|
enforcing|permissive)
|
|
PORTS+=('5000') #ASC.Web.Api
|
|
PORTS+=('5001') #client
|
|
PORTS+=('5003') #ASC.Web.Studio
|
|
PORTS+=('5004') #ASC.People
|
|
PORTS+=('5005') #ASC.Notify
|
|
PORTS+=('5006') #ASC.Studio.Notify
|
|
PORTS+=('5007') #ASC.Files/server
|
|
PORTS+=('5009') #ASC.Files/service
|
|
PORTS+=('5010') #ASC.ApiSystem
|
|
PORTS+=('5011') #ASC.Login
|
|
PORTS+=('5012') #ASC.Data.Backup
|
|
PORTS+=('5013') #ASC.Files/editor
|
|
PORTS+=('5027') #ASC.ClearEvents
|
|
PORTS+=('5032') #ASC.Data.Backup.BackgroundTasks
|
|
PORTS+=('5033') #ASC.Web.HealthChecks
|
|
PORTS+=('5100') #ASC.ApiCache
|
|
PORTS+=('8081') #Storybook
|
|
PORTS+=('9834') #ASC.SsoAuth
|
|
PORTS+=('9899') #ASC.Socket.IO
|
|
setsebool -P httpd_can_network_connect on
|
|
;;
|
|
disabled)
|
|
:
|
|
;;
|
|
esac
|
|
|
|
for PORT in ${PORTS[@]}; do
|
|
semanage port -a -t http_port_t -p tcp $PORT >/dev/null 2>&1 || \
|
|
semanage port -m -t http_port_t -p tcp $PORT >/dev/null 2>&1 || \
|
|
true
|
|
done
|
|
fi
|
|
|
|
if $PACKAGE_MANAGER firewalld >/dev/null 2>&1; then
|
|
if [ $(systemctl is-active firewalld.service) == active ]; then
|
|
firewall-cmd --permanent --zone=public --add-service=http
|
|
firewall-cmd --permanent --zone=public --add-service=https
|
|
systemctl restart firewalld.service
|
|
fi
|
|
fi
|
|
elif [ "$DIST" = "Debian" ]; then
|
|
if ! id "nginx" &>/dev/null; then
|
|
rm -dfr /var/log/nginx/*
|
|
rm -dfr /var/cache/nginx/*
|
|
useradd -s /bin/false nginx
|
|
fi
|
|
fi
|
|
|
|
chown nginx:nginx ${OPENRESTY_DIR}* -R
|
|
systemctl enable openresty >/dev/null 2>&1
|
|
systemctl restart openresty
|
|
echo "OK"
|
|
}
|
|
|
|
# Function gets Document server host and port using regular expression, we need it to check connection
|
|
parse_external_docs_url () {
|
|
if [[ $DOCUMENT_SERVER_URL_EXTERNAL =~ ^(https?://)?([^:/]+)(:([0-9]+))?(/.*)?$ ]]; then
|
|
DOCUMENT_SERVER_PORT="${BASH_REMATCH[4]:-80}"
|
|
DOCUMENT_SERVER_HOST="${BASH_REMATCH[2]}"
|
|
|
|
[[ -n ${BASH_REMATCH[1]} ]] || DOCUMENT_SERVER_URL_EXTERNAL="http://$DOCUMENT_SERVER_HOST:$DOCUMENT_SERVER_PORT"
|
|
fi
|
|
}
|
|
|
|
setup_docs() {
|
|
echo -n "Configuring docs... "
|
|
|
|
if [ $1 == "LOCAL_DOCS_SERVER" ]; then
|
|
local DS_CONF_DIR="/etc/${PACKAGE_SYSNAME}/documentserver"
|
|
local DOCUMENT_SERVER_PORT=$(grep -oP '(?<=:)\d+(?=\s)' ${DS_CONF_DIR}/nginx/ds.conf)
|
|
local DOCUMENT_SERVER_JWT_SECRET=${DOCUMENT_SERVER_JWT_SECRET:-$(json -f ${DS_CONF_DIR}/local.json services.CoAuthoring.secret.inbox.string)}
|
|
local DOCUMENT_SERVER_JWT_HEADER=${DOCUMENT_SERVER_JWT_HEADER:-$(json -f ${DS_CONF_DIR}/local.json services.CoAuthoring.token.inbox.header)}
|
|
|
|
$JSON ${DS_CONF_DIR}/local.json -e "this.rabbitmq = { 'url': 'amqp://${RABBITMQ_USER}:${RABBITMQ_PASSWORD}@${RABBITMQ_HOST}:${RABBITMQ_PORT}' }" >/dev/null 2>&1
|
|
$JSON ${DS_CONF_DIR}/local.json -e "this.services.CoAuthoring.redis = { 'host': '$REDIS_HOST' }" >/dev/null 2>&1
|
|
sed 's/\(listen .*:\)\([0-9]\{2,5\}\b\)\( default_server\)\?\(;\)/\1'${DOCUMENT_SERVER_PORT}'\3\4/' -i ${DS_CONF_DIR}/nginx/ds.conf
|
|
|
|
chown ds:ds ${DS_CONF_DIR}/local.json
|
|
elif [ $1 == "EXTERNAL_DOCS_SERVER" ]; then
|
|
local APP_HOST=$(curl -s ifconfig.me)
|
|
local EXTERNAL_DOCS_FLAG="rewrite"
|
|
fi
|
|
|
|
#Changing the Docs port in nginx conf
|
|
sed "0,/proxy_pass .*;/{s#proxy_pass .*;#proxy_pass ${DOCUMENT_SERVER_URL_EXTERNAL:-http://$APP_HOST:$DOCUMENT_SERVER_PORT};#}" -i ${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}.conf
|
|
|
|
#Save Docs address and JWT in .json
|
|
save_undefined_param "${USER_CONF}" "files.docservice.secret.value" "${DOCUMENT_SERVER_JWT_SECRET}" "rewrite"
|
|
save_undefined_param "${USER_CONF}" "files.docservice.secret.header" "${DOCUMENT_SERVER_JWT_HEADER:-"AuthorizationJwt"}" "rewrite"
|
|
save_undefined_param "${USER_CONF}" "files.docservice.url.public" "${DOCUMENT_SERVER_URL_EXTERNAL:-"/ds-vpath/"}" "$EXTERNAL_DOCS_FLAG"
|
|
save_undefined_param "${USER_CONF}" "files.docservice.url.internal" "${DOCUMENT_SERVER_URL_EXTERNAL:-"http://$APP_HOST:$DOCUMENT_SERVER_PORT"}" "$EXTERNAL_DOCS_FLAG"
|
|
save_undefined_param "${USER_CONF}" "files.docservice.url.portal" "http://${APP_HOST}:${APP_PORT}" "$EXTERNAL_DOCS_FLAG"
|
|
|
|
echo "OK"
|
|
}
|
|
|
|
setup_enterprise() {
|
|
if $PACKAGE_MANAGER ${PACKAGE_SYSNAME}-documentserver-ee >/dev/null 2>&1; then
|
|
LICENCE_PATH="/var/www/$PACKAGE_SYSNAME/Data/license.lic"
|
|
fi
|
|
|
|
save_undefined_param "${USER_CONF}" "license.file.path" "${LICENCE_PATH}" "rewrite"
|
|
}
|
|
|
|
change_elasticsearch_config(){
|
|
|
|
systemctl stop opensearch
|
|
if $PACKAGE_MANAGER elasticsearch >/dev/null 2>&1; then
|
|
systemctl disable elasticsearch >/dev/null 2>&1
|
|
systemctl stop elasticsearch >/dev/null 2>&1
|
|
fi
|
|
|
|
sed -i '/^plugins\.security/d' /etc/opensearch/opensearch.yml
|
|
sed -i '/CN=kirk,OU=client,O=client,L=test, C=de/d' /etc/opensearch/opensearch.yml
|
|
if /usr/share/opensearch/bin/opensearch-plugin list | grep -x "opensearch-security" > /dev/null 2>&1 ; then
|
|
/usr/share/opensearch/bin/opensearch-plugin remove opensearch-security > /dev/null 2>&1
|
|
fi
|
|
|
|
local ELASTIC_SEARCH_CONF_PATH="/etc/opensearch/opensearch.yml"
|
|
local ELASTIC_SEARCH_JAVA_CONF_PATH="/etc/opensearch/jvm.options";
|
|
|
|
if /usr/share/opensearch/bin/opensearch-plugin list | grep -q "ingest-attachment"; then
|
|
/usr/share/opensearch/bin/opensearch-plugin remove -s ingest-attachment
|
|
fi
|
|
/usr/share/opensearch/bin/opensearch-plugin install -s -b ingest-attachment
|
|
|
|
if [ -f ${ELASTIC_SEARCH_CONF_PATH}.rpmnew ]; then
|
|
cp -rf ${ELASTIC_SEARCH_CONF_PATH}.rpmnew ${ELASTIC_SEARCH_CONF_PATH};
|
|
fi
|
|
|
|
if [ -f ${ELASTIC_SEARCH_JAVA_CONF_PATH}.rpmnew ]; then
|
|
cp -rf ${ELASTIC_SEARCH_JAVA_CONF_PATH}.rpmnew ${ELASTIC_SEARCH_JAVA_CONF_PATH};
|
|
fi
|
|
|
|
if ! grep -q "indices.fielddata.cache.size" ${ELASTIC_SEARCH_CONF_PATH}; then
|
|
echo "indices.fielddata.cache.size: 30%" >> ${ELASTIC_SEARCH_CONF_PATH}
|
|
else
|
|
sed -i "s/indices.fielddata.cache.size.*/indices.fielddata.cache.size: 30%/" ${ELASTIC_SEARCH_CONF_PATH}
|
|
fi
|
|
|
|
if ! grep -q "indices.memory.index_buffer_size" ${ELASTIC_SEARCH_CONF_PATH}; then
|
|
echo "indices.memory.index_buffer_size: 30%" >> ${ELASTIC_SEARCH_CONF_PATH}
|
|
else
|
|
sed -i "s/indices.memory.index_buffer_size.*/indices.memory.index_buffer_size: 30%/" ${ELASTIC_SEARCH_CONF_PATH}
|
|
fi
|
|
|
|
if grep -q "HeapDumpOnOutOfMemoryError" ${ELASTIC_SEARCH_JAVA_CONF_PATH}; then
|
|
sed "/-XX:+HeapDumpOnOutOfMemoryError/d" -i ${ELASTIC_SEARCH_JAVA_CONF_PATH}
|
|
fi
|
|
|
|
if ! grep -q "Dlog4j2.formatMsgNoLookups" ${ELASTIC_SEARCH_JAVA_CONF_PATH}; then
|
|
echo "-Dlog4j2.formatMsgNoLookups=true" >> ${ELASTIC_SEARCH_JAVA_CONF_PATH}
|
|
else
|
|
sed -i "s/Dlog4j2.formatMsgNoLookups.*/Dlog4j2.formatMsgNoLookups=true/" ${ELASTIC_SEARCH_JAVA_CONF_PATH}
|
|
fi
|
|
|
|
local TOTAL_MEMORY=$(free --mega | grep -oP '\d+' | head -n 1);
|
|
local MEMORY_REQUIREMENTS=12000; #RAM ~12Gb
|
|
|
|
if [ ${TOTAL_MEMORY} -gt ${MEMORY_REQUIREMENTS} ]; then
|
|
ELASTICSEATCH_MEMORY="4g"
|
|
else
|
|
ELASTICSEATCH_MEMORY="1g"
|
|
fi
|
|
|
|
if grep -qE "^[^#]*-Xms[0-9]g" "${ELASTIC_SEARCH_JAVA_CONF_PATH}"; then
|
|
sed -i "s/-Xms[0-9]g/-Xms${ELASTICSEATCH_MEMORY}/" "${ELASTIC_SEARCH_JAVA_CONF_PATH}"
|
|
else
|
|
echo "-Xms${ELASTICSEATCH_MEMORY}" >> "${ELASTIC_SEARCH_JAVA_CONF_PATH}"
|
|
fi
|
|
|
|
if grep -qE "^[^#]*-Xmx[0-9]g" "${ELASTIC_SEARCH_JAVA_CONF_PATH}"; then
|
|
sed -i "s/-Xmx[0-9]g/-Xmx${ELASTICSEATCH_MEMORY}/" "${ELASTIC_SEARCH_JAVA_CONF_PATH}"
|
|
else
|
|
echo "-Xmx${ELASTICSEATCH_MEMORY}" >> "${ELASTIC_SEARCH_JAVA_CONF_PATH}"
|
|
fi
|
|
|
|
if [ -d /etc/opensearch/ ]; then
|
|
chmod g+ws /etc/opensearch/
|
|
fi
|
|
}
|
|
|
|
setup_elasticsearch() {
|
|
echo -n "Configuring opensearch... "
|
|
|
|
#Save elasticsearch parameters in .json
|
|
[[ $1 == "EXTERNAL_ELASTIC_SERVER" ]] && local EXTERNAL_ELASTIC_FLAG="rewrite"
|
|
save_undefined_param "${APP_DIR}/elastic.${ENVIRONMENT}.json" "elastic.Scheme" "${ELK_SHEME}" "$EXTERNAL_ELASTIC_FLAG"
|
|
save_undefined_param "${APP_DIR}/elastic.${ENVIRONMENT}.json" "elastic.Host" "${ELK_HOST}" "$EXTERNAL_ELASTIC_FLAG"
|
|
save_undefined_param "${APP_DIR}/elastic.${ENVIRONMENT}.json" "elastic.Port" "${ELK_PORT}" "$EXTERNAL_ELASTIC_FLAG"
|
|
save_undefined_param "${APP_DIR}/elastic.${ENVIRONMENT}.json" "elastic.Threads" "1" "$EXTERNAL_ELASTIC_FLAG"
|
|
|
|
if [ $1 == "LOCAL_ELASTIC_SERVER" ]; then
|
|
change_elasticsearch_config
|
|
|
|
systemctl enable opensearch >/dev/null 2>&1
|
|
systemctl restart opensearch
|
|
fi
|
|
echo "OK"
|
|
}
|
|
|
|
setup_dashboards() {
|
|
echo -n "Configuring dashboards... "
|
|
|
|
DASHBOARDS_CONF_PATH="/etc/opensearch-dashboards/opensearch_dashboards.yml"
|
|
|
|
if [[ -n ${DASHBOARDS_PASSWORD} ]]; then
|
|
echo "${DASHBOARDS_PASSWORD}" > ${APP_DIR}/.private/dashboards-password
|
|
elif [[ -f ${APP_DIR}/.private/dashboards-password ]]; then
|
|
DASHBOARDS_PASSWORD=$(cat ${APP_DIR}/.private/dashboards-password);
|
|
else
|
|
DASHBOARDS_PASSWORD=$(echo "$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20)" | tee ${APP_DIR}/.private/dashboards-password)
|
|
fi
|
|
|
|
chmod o-rwx $APP_DIR/.private/dashboards-password
|
|
|
|
# configure login&pass for Dashboards, used by Nginx HTTP Basic Authentication
|
|
echo "${DASHBOARDS_USERNAME:-"onlyoffice"}:$(openssl passwd -6 -stdin <<< "${DASHBOARDS_PASSWORD}")" > /etc/openresty/.htpasswd_dashboards
|
|
chown nginx:nginx /etc/openresty/.htpasswd_dashboards
|
|
|
|
# enable connection with opensearch
|
|
sed -i 's~\(opensearch\.hosts:\).*~\1 \[http://localhost:9200\]~' ${DASHBOARDS_CONF_PATH}
|
|
sed -i '/^opensearch\_security/d' ${DASHBOARDS_CONF_PATH}
|
|
if /usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin list --allow-root | grep "securityDashboards*" > /dev/null 2>&1 ; then
|
|
/usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin remove securityDashboards --allow-root > /dev/null 2>&1
|
|
fi
|
|
|
|
# set basePath variable to get access to Dashboards from a remote host
|
|
sed 's_.*\(server.basePath:\).*_\1 "/dashboards"_' -i ${DASHBOARDS_CONF_PATH}
|
|
|
|
systemctl enable opensearch-dashboards
|
|
systemctl restart opensearch-dashboards
|
|
echo "OK"
|
|
}
|
|
|
|
setup_fluentbit() {
|
|
echo -n "Configuring fluent-bit... "
|
|
|
|
# Replace variables in fluent-bit config file template, force copy to conf directory
|
|
sed -i "s/OPENSEARCH_HOST/$ELK_HOST/g; s/OPENSEARCH_PORT/$ELK_PORT/g; s/OPENSEARCH_INDEX/$OPENSEARCH_INDEX/g; s/OPENSEARCH_SCHEME/$ELK_SHEME/g" ${APP_DIR}/fluent-bit.conf
|
|
cp -f ${APP_DIR}/fluent-bit.conf /etc/fluent-bit/fluent-bit.conf
|
|
|
|
systemctl enable fluent-bit
|
|
systemctl restart fluent-bit
|
|
echo "OK"
|
|
}
|
|
|
|
setup_redis() {
|
|
echo -n "Configuring redis... "
|
|
|
|
$JSON $APP_DIR/redis.$ENVIRONMENT.json -e "this.Redis={'Hosts': [ { Host: \"${REDIS_HOST}\", Port: \"${REDIS_PORT}\" } ] }" >/dev/null 2>&1
|
|
|
|
sed -i "s~\(redis_host =\).*~\1 \"$REDIS_HOST\"~" "${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}.conf"
|
|
sed -i "s~\(redis_port =\).*~\1 $REDIS_PORT~" "${OPENRESTY_DIR}/conf.d/${PACKAGE_SYSNAME}.conf"
|
|
|
|
if [ $1 == "LOCAL_REDIS_SERVER" ]; then
|
|
if [ -f "/etc/redis/redis.conf" ]; then
|
|
REDIS_CONF="/etc/redis/redis.conf"
|
|
elif [ -f "/etc/redis.conf" ]; then
|
|
REDIS_CONF="/etc/redis.conf"
|
|
fi
|
|
|
|
sed "s_\(^bind\).*_\1 ${REDIS_HOST}_" -i ${REDIS_CONF}
|
|
sed -r "/^save\s[0-9]+/d" -i ${REDIS_CONF}
|
|
|
|
systemctl enable $REDIS_PACKAGE >/dev/null 2>&1
|
|
systemctl restart $REDIS_PACKAGE
|
|
fi
|
|
|
|
echo "OK"
|
|
}
|
|
|
|
setup_rabbitmq() {
|
|
echo -n "Configuring rabbitmq... "
|
|
|
|
[[ $1 == "EXTERNAL_RABBITMQ_SERVER" ]] && local EXTERNAL_RABBITMQ_FLAG="rewrite"
|
|
save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.Hostname" "${RABBITMQ_HOST}" "$EXTERNAL_RABBITMQ_FLAG"
|
|
save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.UserName" "${RABBITMQ_USER}" "$EXTERNAL_RABBITMQ_FLAG"
|
|
save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.Password" "${RABBITMQ_PASSWORD}" "$EXTERNAL_RABBITMQ_FLAG"
|
|
save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.Port" "${RABBITMQ_PORT}" "$EXTERNAL_RABBITMQ_FLAG"
|
|
save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.VirtualHost" "/"
|
|
|
|
if [ $1 == "LOCAL_RABBITMQ_SERVER" ]; then
|
|
systemctl enable rabbitmq-server >/dev/null 2>&1
|
|
systemctl restart rabbitmq-server
|
|
fi
|
|
|
|
echo "OK"
|
|
}
|
|
|
|
product_configuration(){
|
|
echo -n "Configuring ${PRODUCT}... "
|
|
|
|
#Creating environment configuration files
|
|
enviromentFiles=("appsettings.$ENVIRONMENT.json" "apisystem.$ENVIRONMENT.json" "elastic.$ENVIRONMENT.json" "rabbitmq.$ENVIRONMENT.json" "redis.$ENVIRONMENT.json")
|
|
|
|
for i in "${!enviromentFiles[@]}"; do
|
|
if [ ! -e "$APP_DIR/${enviromentFiles[$i]}" ]; then
|
|
echo "{}" > "$APP_DIR/${enviromentFiles[$i]}"
|
|
chmod o-rwx "$APP_DIR/${enviromentFiles[$i]}"
|
|
fi
|
|
done
|
|
|
|
set_core_machinekey
|
|
|
|
echo "OK"
|
|
}
|
|
|
|
# Function below checks if there is a connection to the external service. 0 - OK, connection established
|
|
check_connection_external_services() {
|
|
exec {FD}<> /dev/tcp/$1/$2 && exec {FD}>&-
|
|
HOST_RESPONCE=$?
|
|
|
|
if [[ $HOST_RESPONCE -ne 0 ]]; then
|
|
echo -e "$3 external server is not responding: $1:$2"
|
|
return $HOST_RESPONCE
|
|
fi
|
|
|
|
return $HOST_RESPONCE
|
|
}
|
|
|
|
if command -v yum >/dev/null 2>&1; then
|
|
DIST="RedHat"
|
|
PACKAGE_MANAGER="rpm -q"
|
|
MYSQL_PACKAGE="mysqld"
|
|
REDIS_PACKAGE="redis"
|
|
SYSTEMD_DIR="/usr/lib/systemd/system"
|
|
elif command -v apt >/dev/null 2>&1; then
|
|
DIST="Debian"
|
|
PACKAGE_MANAGER="dpkg -s"
|
|
MYSQL_PACKAGE="mysql"
|
|
REDIS_PACKAGE="redis-server"
|
|
SYSTEMD_DIR="$(dirname $(dpkg-query -L ${PRODUCT}-api | grep systemd/system/))"
|
|
fi
|
|
|
|
install_json
|
|
product_configuration
|
|
|
|
if $PACKAGE_MANAGER mysql-client >/dev/null 2>&1 || $PACKAGE_MANAGER mysql-community-client >/dev/null 2>&1; then
|
|
input_db_params
|
|
establish_mysql_conn || exit $?
|
|
fi
|
|
|
|
if [[ ! -z $DOCUMENT_SERVER_URL_EXTERNAL ]]; then
|
|
parse_external_docs_url "$DOCUMENT_SERVER_URL_EXTERNAL"
|
|
check_connection_external_services "$DOCUMENT_SERVER_HOST" "$DOCUMENT_SERVER_PORT" "${PACKAGE_SYSNAME^^} Docs"
|
|
setup_docs "EXTERNAL_DOCS_SERVER"
|
|
elif $PACKAGE_MANAGER ${PACKAGE_SYSNAME}-documentserver >/dev/null 2>&1 || $PACKAGE_MANAGER ${PACKAGE_SYSNAME}-documentserver-de >/dev/null 2>&1 || $PACKAGE_MANAGER ${PACKAGE_SYSNAME}-documentserver-ee >/dev/null 2>&1; then
|
|
setup_docs "LOCAL_DOCS_SERVER"
|
|
setup_enterprise
|
|
fi
|
|
|
|
if $PACKAGE_MANAGER openresty >/dev/null 2>&1; then
|
|
setup_openresty
|
|
fi
|
|
|
|
if [[ ! -z $EXTERNAL_ELK_FLAG ]]; then
|
|
check_connection_external_services "$ELK_HOST" "$ELK_PORT" "Elasticsearch"
|
|
setup_elasticsearch "EXTERNAL_ELASTIC_SERVER"
|
|
elif $PACKAGE_MANAGER opensearch >/dev/null 2>&1; then
|
|
setup_elasticsearch "LOCAL_ELASTIC_SERVER"
|
|
fi
|
|
|
|
if $PACKAGE_MANAGER opensearch-dashboards >/dev/null 2>&1; then
|
|
setup_dashboards
|
|
fi
|
|
|
|
if $PACKAGE_MANAGER fluent-bit >/dev/null 2>&1; then
|
|
setup_fluentbit
|
|
fi
|
|
|
|
if [[ ! -z $EXTERNAL_REDIS_FLAG ]]; then
|
|
check_connection_external_services "$REDIS_HOST" "$REDIS_PORT" "Redis"
|
|
setup_redis "EXTERNAL_REDIS_SERVER"
|
|
elif $PACKAGE_MANAGER $REDIS_PACKAGE >/dev/null 2>&1; then
|
|
setup_redis "LOCAL_REDIS_SERVER"
|
|
fi
|
|
|
|
if [[ ! -z $EXTERNAL_RABBITMQ_FLAG ]]; then
|
|
check_connection_external_services "$RABBITMQ_HOST" "$RABBITMQ_PORT" "RabbitMQ"
|
|
setup_rabbitmq "EXTERNAL_RABBITMQ_SERVER"
|
|
elif $PACKAGE_MANAGER rabbitmq-server >/dev/null 2>&1; then
|
|
setup_rabbitmq "LOCAL_RABBITMQ_SERVER"
|
|
fi
|
|
|
|
restart_services
|
|
|
|
# Truncate MySQL DB to make opensearch work with updated app. Strictly after restart_services ()
|
|
if $PACKAGE_MANAGER opensearch >/dev/null 2>&1; then
|
|
ELASTIC_VERSION=$(awk '/build:/{f=1} f&&/version:/{gsub(/"/,"",$2);print $2; exit}' /usr/share/opensearch/manifest.yml 2>/dev/null || echo "2.11.1")
|
|
[[ ! -f "$APP_DIR/.private/opensearch-version" || $(cat "$APP_DIR/.private/opensearch-version") != *"$ELASTIC_VERSION"* ]] && $MYSQL "$DB_NAME" -e "TRUNCATE webstudio_index";
|
|
echo "$ELASTIC_VERSION" > $APP_DIR/.private/opensearch-version
|
|
chmod o-rwx $APP_DIR/.private/opensearch-version
|
|
fi
|