-
Notifications
You must be signed in to change notification settings - Fork 2
/
setup-obs.sh
executable file
·361 lines (293 loc) · 9.89 KB
/
setup-obs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
#!/bin/bash
# This script sets up various OBS servers
add_repos() {
# Use Devel *aswell*
for repo in $ZYPPER_REPOS; do
zypper --no-gpg-checks ar $repo
done
zypper --no-gpg-checks ref
}
install_be() {
zypper --no-gpg-checks --non-interactive install obs-server
}
enable_be() {
chkconfig --add obsrepserver
chkconfig --add obssrcserver
chkconfig --add obsscheduler obsdispatcher obspublisher obswarden
}
configure_be() {
sed -i -e 's,^my.*frontend\s*=.*,my \$frontend = "'"${OBSFE_INT}"'";,' \
-e 's,^our.*obsname\s*=.*,my \$obsname = "'"${OBSBE_REPO}"'"; # Use the repo name as there can be only one,' \
/usr/lib/obs/server/BSConfig.pm
sed -i -e 's,^OBS_SCHEDULER_ARCHITECTURES=.*,OBS_SCHEDULER_ARCHITECTURES="i586 x86_64 armv7el armv8el",' \
/etc/sysconfig/obs-server
}
start_be() {
rcobssrcserver start
rcobsrepserver start
rcobsdispatcher start
rcobspublisher start
rcobswarden start
rcobsscheduler start
}
### worker
install_worker() {
zypper --no-gpg-checks --non-interactive install obs-worker qemu
}
enable_worker() {
chkconfig --add obsworker
}
configure_worker() {
cat <<EOF > /etc/sysconfig/obs-worker
OBS_REPO_SERVERS="${OBSBE_REPO}:5252"
OBS_SRC_SERVER="${OBSBE_SRC}:5352"
EOF
}
wait_for_srcserver() {
while ! (echo GET / > /dev/tcp/${OBSBE_SRC}/5252) 2>/dev/null; do
echo "Waiting for bs_srcserver on ${OBSBE_SRC}:5252"
sleep 4
done
sleep 5
echo "bs_srcserver on ${OBSBE_SRC}:5252 is ready"
}
start_worker() {
rcobsworker start
}
### obssign
install_sign() {
zypper --no-gpg-checks --non-interactive install --no-recommends obs-server
}
enable_sign() {
chkconfig --add obssigner
}
start_sign() {
rcobssigner start
}
### obsfe
install_fe() {
zypper --no-gpg-checks --non-interactive install obs-api mysql memcached apache2 apache2-mod_xforward rubygem-passenger-apache2
}
enable_fe() {
# Fix the bug in mysql rc.d script
sed -i -e's/^# Default-Start: 2 3 5$/# Default-Start: 3 5/' /etc/init.d/mysql
chkconfig --add memcached obsapidelayed apache2 mysql
}
configure_fe() {
################ MySQL
## Webui
sed -i -e 's,^FRONTEND_HOST = .*,FRONTEND_HOST = "'"${API_FQDN}"'",' \
-e 's,^FRONTEND_PORT = .*,FRONTEND_PORT = 444,' \
-e 's,^FRONTEND_PROTOCOL = .*,FRONTEND_PROTOCOL = "'"https"'",' \
-e 's,^DOWNLOAD_URL = .*,DOWNLOAD_URL = \"http://'"${API_FQDN}:82"'\",' \
/srv/www/obs/webui/config/environments/production.rb
## API
sed -i -e /webui_url:/d -e /webui_host:/d -e /allow_anonymous:/d \
/srv/www/obs/api/config/options.yml
echo "allow_anonymous: true" >> /srv/www/obs/api/config/options.yml
echo "webui_url: https://${API_FQDN}:443" >> /srv/www/obs/api/config/options.yml
echo "webui_host: `ip addr | sed -n 's,.*inet \(.*\)/.* brd.*,\1,p' | grep -v ^127. | head -n 1`" \
>> /srv/www/obs/api/config/options.yml
sed -i "s,^SOURCE_HOST = .*,SOURCE_HOST = '${OBSBE_SRC}'," \
/srv/www/obs/api/config/environments/production.rb
## Apache
sed -i -e 's,^\(APACHE_MODULES=".*\)",\1 passenger xforward headers",' \
-e 's,^\(APACHE_SERVER_FLAGS=".*\)",\1 SSL",' \
/etc/sysconfig/apache2
}
createcert_fe() {
mkdir -p /srv/obs/certs/
openssl genrsa -out /srv/obs/certs/server.key 2048
cat << EOF | openssl req -new -x509 -key /srv/obs/certs/server.key -out /srv/obs/certs/server.crt -days 3650
EU
My State or Province
My Locality
My Organization Name
My Organizational Unit Name
${API_FQDN}
test@example.com
EOF
}
setperms_fe() {
chown -R wwwrun:www /srv/www/obs/webui/log/
chown -R wwwrun:www /srv/www/obs/api/log/
mkdir -p /srv/obs/repos
chown -R wwwrun:www /srv/obs/repos
}
configwww_fe() {
sed -i -e "s,ServerName api,ServerName ${API_FQDN}," \
-e "s,ServerName webui,ServerName ${API_FQDN}," \
/etc/apache2/vhosts.d/obs.conf
sed -e "s,___WEBUI_URL___,https://${API_FQDN},g" \
-e "s,___API_URL___,https://${API_FQDN}:444,g" \
-e "s,___REPO_URL___,http://${API_FQDN}:82,g" \
/srv/www/obs/overview/overview.html.TEMPLATE \
> /srv/www/obs/overview/index.html
}
setupmysql_fe() {
## MySQL
rcmysql start
(umask 077; dd if=/dev/urandom bs=256 count=1 2>/dev/null |sha256sum| cut -f1 -d" " > /etc/mysql_root.pw)
(umask 077; dd if=/dev/urandom bs=256 count=1 2>/dev/null |sha256sum| cut -f1 -d" " > /etc/mysql_obs.pw)
DBROOTPASSWORD=$(cat /etc/mysql_root.pw)
DBOBSPASSWORD=$(cat /etc/mysql_obs.pw)
mysqladmin -u root password "$DBROOTPASSWORD"
# The following SQL was taken from /usr/bin/mysql_secure_installation
# remove_anonymous_users, remove_remote_root, remove_test_database
cat << EOF | mysql -u root -p$DBROOTPASSWORD
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host!='localhost';
DROP DATABASE test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
create database api_production;
create database webui_production;
GRANT all privileges
ON api_production.*
TO 'obs'@'%', 'obs'@'localhost' IDENTIFIED BY '$DBOBSPASSWORD';
GRANT all privileges
ON webui_production.*
TO 'obs'@'%', 'obs'@'localhost' IDENTIFIED BY '$DBOBSPASSWORD';
FLUSH PRIVILEGES;
EOF
}
rake_fe() {
cat << EOF > /srv/www/obs/api/config/database.yml
production:
adapter: mysql
database: api_production
username: obs
password: $DBOBSPASSWORD
EOF
cat << EOF > /srv/www/obs/webui/config/database.yml
production:
adapter: mysql
database: webui_production
username: obs
password: $DBOBSPASSWORD
EOF
cd /srv/www/obs/api/
RAILS_ENV="production" rake db:setup
cd /srv/www/obs/webui/
RAILS_ENV="production" rake db:setup
}
start_fe() {
rcmemcached start
rcobsapidelayed start
rcapache2 start
}
# We need a local config file
if [[ -f setup-obs.conf ]]; then
. setup-obs.conf
else
cat <<EOF > setup-obs.conf
# Remove these lines when you edit the file
echo "Please edit setup-obs.conf before running setup-obs.sh or it won't work"
exit 1
# This is the internal name of the machine providing the api
OBSFE_INT="obsfe.example.com"
# This is the internal name of the machine providing the bs_srcserver
OBSBE_SRC="obsbe.example.com"
## Options below here are typically only required if you need to use
## development or testing code.
# These are the repos that should be used for the OBS installation.
#
ZYPPER_REPOS="http://repo.pub.meego.com/releases/Mer-OBS/latest.repo"
# Developers may want to use:
# ZYPPER_REPOS="http://repo.pub.meego.com/Mer:/OBS:/Testing:/Devel/openSUSE_11.4/Mer:OBS:Testing:Devel.repo http://repo.pub.meego.com//Mer:/OBS:/Testing/openSUSE_11.4/Mer:OBS:Testing.repo"
EOF
echo "You had no setup-obs.conf - one has been created, please edit it"
exit 1
fi
role=$1
case $role in
be )
# This is the internal name of the machine providing the api
if [[ ${OBSFE_INT} = "" ]] ; then
echo "OBSFE_INT must be set for a 'be' role"
exit 1
fi
echo ________________________________________ $role: add_repos
add_repos
echo ________________________________________ $role: install_be
install_be
echo ________________________________________ $role: enable_be
enable_be
echo ________________________________________ $role: configure_be
configure_be
echo ________________________________________ $role: start_be
start_be
;;
worker )
# This is the internal name of the machine providing the bs_srcserver
if [[ ${OBSBE_SRC} = "" ]] ; then
echo "OBSBE_SRC must be set for a 'be' role"
exit 1
fi
OBSBE_REPO=${OBSBE_REPO:-${OBSBE_SRC}} # Use OBSBE_SRC unless set
echo ________________________________________ $role: add_repos
add_repos
echo ________________________________________ $role: install_worker
install_worker
echo ________________________________________ $role: enable_worker
enable_worker
echo ________________________________________ $role: configure_worker
configure_worker
echo ________________________________________ $role: wait_for_srcserver
wait_for_srcserver
echo ________________________________________ $role: start_worker
start_worker
;;
fe )
# This is the internal name of the machine providing the bs_srcserver
if [[ ${OBSBE_SRC} = "" ]] ; then
echo "OBSBE_SRC must be set for a 'be' role"
exit 1
fi
OBSBE_REPO=${OBSBE_REPO:-${OBSBE_SRC}} # Use OBSBE_SRC unless set
# This is the visible name of the API (and webui) - note that complex
# setups with reverse proxies etc may need to play with settings
# hinted at in
# /srv/www/obs/webui/config/environments/development_base.rb
API_FQDN=${API_FQDN:-${OBSFE_INT}} # Use OBSBE_SRC unless set
if [[ ${API_FQDN} = "" ]] ; then
echo "API_FQDN or OBSFE_INT must be set for a 'be' role"
exit 1
fi
echo ________________________________________ $role: add_repos
add_repos
echo ________________________________________ $role: install_fe
install_fe
echo ________________________________________ $role: enable_fe
enable_fe
echo ________________________________________ $role: configure_fe
configure_fe
echo ________________________________________ $role: createcert_fe
createcert_fe
echo ________________________________________ $role: setperms_fe
setperms_fe
echo ________________________________________ $role: configwww_fe
configwww_fe
echo ________________________________________ $role: setupmysql_fe
setupmysql_fe
echo ________________________________________ $role: rake_fe
rake_fe
echo ________________________________________ $role: start_fe
start_fe
;;
signer )
echo ________________________________________ $role: add_repos
add_repos
echo ________________________________________ $role: install_sign
install_sign
echo ________________________________________ $role: enable_sign
enable_sign
echo ________________________________________ $role: start_sign
start_sign
;;
* )
echo "Unknown role: $role"
echo "Use : fe, be, signer, worker"
exit 1
;;
esac
echo ________________________________________ $role: setup done ________________________________________