-
Notifications
You must be signed in to change notification settings - Fork 4
/
postinst
executable file
·97 lines (82 loc) · 3.59 KB
/
postinst
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/bin/sh
set -e
setperm() {
local user="$1"
shift
local group="$1"
shift
local mode="$1"
shift
local file="$@"
# Only do something when no setting exists - if it was set, then it's already
# been unpacked using the appropriate ownership and permissions.
if ! dpkg-statoverride --list "$file" >/dev/null 2>&1; then
chown "$user":"$group" "$file"
chmod "$mode" "$file"
fi
}
# If the package has default file it could be sourced, so that
# the local admin can overwrite the defaults
[ -f "/etc/default/rundeck" ] && . /etc/default/rundeck
# Sane defaults:
[ -z "$SERVER_HOME" ] && SERVER_HOME=/var/lib/rundeck
[ -z "$SERVER_USER" ] && SERVER_USER=rundeck
[ -z "$SERVER_NAME" ] && SERVER_NAME="Rundeck user account"
[ -z "$SERVER_GROUP" ] && SERVER_GROUP=rundeck
# create user to avoid running server as root
# 1. create group if not existing
if ! getent group | grep -q "^$SERVER_GROUP:" ; then
echo -n "Adding group $SERVER_GROUP.."
addgroup --quiet --system $SERVER_GROUP 2>/dev/null ||true
echo "..done"
fi
# 2. create homedir if not existing
test -d $SERVER_HOME || mkdir $SERVER_HOME
# 3. create user if not existing
if ! getent passwd | grep -q "^$SERVER_USER:"; then
echo -n "Adding system user $SERVER_USER.."
adduser --quiet \
--system \
--ingroup $SERVER_GROUP \
--no-create-home \
--disabled-password \
$SERVER_USER 2>/dev/null || true
echo "..done"
fi
# 4. adjust passwd entry
usermod -c "$SERVER_NAME" \
-d $SERVER_HOME \
-g $SERVER_GROUP \
$SERVER_USER
# 5. adjust file and directory permissions
setperm rundeck rundeck 0750 /var/lib/rundeck
setperm rundeck rundeck 0750 /var/lib/rundeck/work
setperm rundeck rundeck 0750 /var/lib/rundeck/data
setperm rundeck adm 2751 /var/lib/rundeck/logs
setperm rundeck rundeck 0750 /var/lib/rundeck/var
setperm rundeck rundeck 0750 /var/lib/rundeck/var/tmp
setperm rundeck rundeck 0750 /var/lib/rundeck/var/tmp/pluginJars
setperm rundeck rundeck 0700 /var/lib/rundeck/.ssh
setperm rundeck adm 2751 /var/log/rundeck
setperm rundeck rundeck 0750 /var/lib/rundeck/bootstrap
setperm rundeck rundeck 0750 /var/lib/rundeck/libext
setperm rundeck rundeck 0750 /etc/rundeck
setperm rundeck rundeck 0750 /etc/rundeck/ssl
find /etc/rundeck/ -maxdepth 2 -type f -print0 | xargs -0 chown rundeck:rundeck
find /etc/rundeck/ -maxdepth 2 -type f -print0 | xargs -0 chmod 0640
# 6. set correct owner/permissions for service.log if it already exists
[ -f /var/log/rundeck/service.log ] && setperm rundeck adm 0664 /var/log/rundeck/service.log
DIR=/etc/rundeck
if ! grep -E '^\s*rundeck.server.uuid\s*=\s*.{8}-.{4}-.{4}-.{4}-.{12}\s*$' $DIR/framework.properties ; then
uuid=$(uuidgen)
echo "\n# ----------------------------------------------------------------" >> $DIR/framework.properties
echo "# Auto generated server UUID: $uuid" >> $DIR/framework.properties
echo "# ----------------------------------------------------------------" >> $DIR/framework.properties
echo "rundeck.server.uuid = $uuid" >> $DIR/framework.properties
fi
#setting a random password for encryption
if [ -f "$DIR/rundeck-config.properties" ] ; then
STORAGE_PASS=$(openssl rand -hex 8)
sed -i -E 's/^rundeck\.storage\.converter\.([0-9]+)\.config\.password=default\.encryption\.password$/rundeck.storage.converter.\1.config.password='"$STORAGE_PASS"'/' "$DIR/rundeck-config.properties"
sed -i -E 's/^rundeck\.config\.storage\.converter\.([0-9]+)\.config\.password=default\.encryption\.password$/rundeck.config.storage.converter.\1.config.password='"$STORAGE_PASS"'/' "$DIR/rundeck-config.properties"
fi