forked from microsoft/oxa-tools
/
onebox.sh
executable file
·491 lines (419 loc) · 12.9 KB
/
onebox.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
#!/bin/bash
# Copyright (c) Microsoft Corporation. All Rights Reserved.
# Licensed under the MIT license. See LICENSE file on the project webpage for details.
# Export all bash variable assignments (for use by sub-processes)
# Immmediately exit on error
set -ae
# static strings
readonly MSFT="microsoft"
readonly EDX="edx"
readonly CONF="configuration"
readonly E_CONF="${EDX}-${CONF}"
readonly USE_MSFT="useMsftRepo"
readonly TAGS="tags/"
readonly FICUS="${TAGS}open-release/ficus.1"
readonly GINKGO="${TAGS}open-release/ginkgo.2"
readonly FS="fullstack"
readonly DS="devstack"
##########################
# Script Defaults that can be overriden via
# - parameter arguments OR
# - assignment here
##########################
TEMPLATE_TYPE=$FS # fullstack or devstack
BRANCH_VERSIONS=edge # edge or release or stable or edx
DEFAULT_PASSWORD=
MSFT_AUTH=
##########################
# Settings
##########################
readonly MONGO_USER=oxamongoadmin
MONGO_PASSWORD=
readonly MYSQL_USER=oxamysql
MYSQL_PASSWORD=
readonly EDXAPP_SU_USERNAME=edx_admin
EDXAPP_SU_PASSWORD=
readonly BASE_URL=$HOSTNAME
readonly LMS_URL=$BASE_URL # vanity
readonly CMS_URL=$BASE_URL
readonly PREVIEW_URL=$BASE_URL
readonly PLATFORM_NAME="$MSFT Learning on $HOSTNAME"
readonly EDXAPP_IMPORT_KITCHENSINK_COURSE=true
readonly NGINX_ENABLE_SSL=false
readonly CREATE_SUPER_USER=true
readonly EDXAPP_SU_EMAIL="${EDXAPP_SU_USERNAME}@${MSFT}.com"
readonly PLATFORM_EMAIL="$EDXAPP_SU_EMAIL"
readonly EDXAPP_COMPREHENSIVE_THEME_DIRS='[ "/edx/app/edxapp/themes" ]'
readonly EDXAPP_DEFAULT_SITE_THEME=comprehensive
readonly ENABLE_LTI_PROVIDER=false
readonly ENABLE_AZURE_MEDIA_SERVICES_XBLOCK=false
# Security
readonly EDXAPP_ENABLE_CONNECTION_LIMITING=false
readonly EDXAPP_ENABLE_RATE_LIMITING=false
##########################
# Dynamic settings. Assigned later on based on onebox.sh param arguments.
##########################
MYSQL_ADMIN_USER=
MYSQL_ADMIN_PASSWORD=
EDXAPP_ENABLE_COMPREHENSIVE_THEMING=
COMBINED_LOGIN_REGISTRATION=
NGINX_SITES=
EDXAPP_ENABLE_THIRD_PARTY_AUTH=
# The upstream tag in common with our forks
# is ficus1 (edx-platform and configuration)
EDX_BRANCH=$FICUS
##########################
# Script Parameter Arguments
##########################
parse_args()
{
while [[ "$#" -gt 0 ]] ; do
arg_value="${2}"
shift_once=0
if [[ "${arg_value}" =~ "--" ]] ; then
arg_value=""
shift_once=1
fi
# Log input parameters to facilitate troubleshooting
echo "Option '${1}' set with value '"${arg_value}"'"
# convert to lowercase
case "${1,,}" in
-r|--role|-s|--stack)
# convert to lowercase
TEMPLATE_TYPE=`parse_template "${arg_value,,}"`
;;
-b|--branches|--branch)
# convert to lowercase
BRANCH_VERSIONS=`parse_branch "${arg_value,,}"`
;;
-d|--default-password)
DEFAULT_PASSWORD="${arg_value}"
;;
--msft-oauth|--msft-auth)
# convert to lowercase
MSFT_AUTH="${arg_value,,}"
;;
*)
# Unknown option encountered
echo "Option '${BOLD}$1${NORM} ${arg_value}' not allowed."
exit 1
;;
esac
shift # past argument or value
if [[ $shift_once -eq 0 ]] ; then
shift # past argument or value
fi
done
}
parse_template()
{
userInput="$1"
case "$userInput" in
full|fs|f)
echo "$FS"
;;
dev|ds|d)
echo "$DS"
;;
*)
echo "$userInput"
;;
esac
}
parse_branch()
{
userInput="$1"
case "$userInput" in
production|prod|master)
echo "stable"
;;
pre|beta|int)
echo "release"
;;
development|dev|bvt)
echo "edge"
;;
ficus|up|ed|f|edx_ficus|edx|upstream)
echo "edx_f"
;;
ginkgo|up_g|ed_g|g|edx_ginkgo)
echo "edx_g"
;;
*)
# no additional mappings for edx_master (at this time)
echo "$userInput"
;;
esac
}
set_dynamic_vars()
{
# Harden credentials if none were provided.
set +x
MONGO_PASSWORD=`harden $MONGO_PASSWORD`
MYSQL_PASSWORD=`harden $MYSQL_PASSWORD`
EDXAPP_SU_PASSWORD=`harden $EDXAPP_SU_PASSWORD`
VAGRANT_USER_PASSWORD=$EDXAPP_SU_PASSWORD
case "$BRANCH_VERSIONS" in
edx_f|edx_g|edx_master)
EDXAPP_ENABLE_COMPREHENSIVE_THEMING=false
COMBINED_LOGIN_REGISTRATION=true
NGINX_SITES='[certs, cms, lms, forum, xqueue]'
if [[ $BRANCH_VERSIONS == edx_g ]] ; then
EDX_BRANCH=$GINKGO
elif [[ $BRANCH_VERSIONS == edx_master ]] ; then
EDX_BRANCH=master
fi
# The upstream doesn't have the relevant
# changes to leverage MYSQL_ADMIN_PASSWORD
# For details, see msft/edx-configuration commit:
# 65e2668672bda0112a64aabb86cf532ad228c4fa
MYSQL_ADMIN_USER=root
MYSQL_ADMIN_PASSWORD=
;;
*)
EDXAPP_ENABLE_COMPREHENSIVE_THEMING=true
COMBINED_LOGIN_REGISTRATION=false
# Microsoft repositories support the lms-preview subdomain.
NGINX_SITES='[certs, cms, lms, lms-preview, forum, xqueue]'
MYSQL_ADMIN_USER=lexoxamysqladmin
MYSQL_ADMIN_PASSWORD=`harden $MYSQL_ADMIN_PASSWORD`
;;
esac
case "$MSFT_AUTH" in
prod|int)
EDXAPP_ENABLE_THIRD_PARTY_AUTH=true
;;
*)
EDXAPP_ENABLE_THIRD_PARTY_AUTH=false
;;
esac
}
test_args()
{
if [[ $TEMPLATE_TYPE != $FS ]] && [[ $TEMPLATE_TYPE != $DS ]] ; then
set +x
echo -e "\033[1;36m"
echo -e "\n TEMPLATE_TYPE is set to $TEMPLATE_TYPE"
echo -e " but should be $FS or $DS."
echo -e " Use the -r param argument.\n"
echo -e '\033[0m'
exit 1
fi
echo -e "\n BRANCH_VERSIONS is set to $BRANCH_VERSIONS"
case "$BRANCH_VERSIONS" in
stable|release|edge|edx_f|edx_g|edx_master)
echo ""
;;
*)
set +x
echo -e "\033[1;36m"
echo -e " but should be stable OR release OR edge OR edx .\n"
echo -e " Use the -b param argument.\n"
echo -e '\033[0m'
exit 1
;;
esac
}
##########################
# Helpers
##########################
get_branch()
{
override=$1
if [[ $BRANCH_VERSIONS == stable ]] ; then
echo "oxa/master.fic"
elif [[ $BRANCH_VERSIONS == release ]] ; then
echo "oxa/release.fic"
elif [[ $BRANCH_VERSIONS == edge ]] || [[ $override == $USE_MSFT ]] ; then
echo "oxa/dev.fic"
else
echo "$EDX_BRANCH"
fi
}
get_current_org()
{
organization=$MSFT
if git status > /dev/null ; then
remoteUrl="$(git config --get remote.origin.url)"
if echo $repoInfo | grep "@.*:.*/" > /dev/null 2>&1 ; then
#ssh
organization=$(echo $remoteUrl | tr : "\n" | tr / "\n" | head -2 | tail -1)
else
#http or https
organization=$(echo $remoteUrl | tr / "\n" | tail -2 | head -1)
fi
fi
echo $organization
}
get_current_branch()
{
prefix='* '
# Current branch is prefixed with an asterisk. Remove it.
branchInfo=`git branch | grep "$prefix" | sed "s/$prefix//g"`
# Ensure branch information is useful.
if [[ -z "$branchInfo" ]] || [[ $branchInfo == *"no branch"* ]] || [[ $branchInfo == *"detached"* ]] ; then
branchInfo=`get_branch $USE_MSFT`
fi
echo "$branchInfo"
}
harden()
{
originalString=$1
# Is the current password insecure?
if [[ -z $originalString ]] ; then
if [[ -n $DEFAULT_PASSWORD ]] ; then
# A default was provided. Use it.
echo $DEFAULT_PASSWORD
else
# No default was provided.
# Generate a random one (persisted to oxa.yml)
pwgen -s 33 1
fi
else
# Don't overwrite existing password
echo $originalString
fi
}
get_org()
{
case "$BRANCH_VERSIONS" in
edx_f|edx_g|edx_master)
echo "$EDX"
;;
*)
echo "$MSFT"
;;
esac
}
get_conf_project_name()
{
case "$BRANCH_VERSIONS" in
edx_f|edx_g|edx_master)
echo "$CONF"
;;
*)
echo "$E_CONF"
;;
esac
}
wget_wrapper()
{
local expectedPath="$1"
local org="$2"
local project="$3"
local branch="$4"
# Check if the file exists. If not, download from the public repository
if [[ -f "$expectedPath" ]] ; then
echo "$expectedPath"
else
local fileName=`basename $expectedPath`
if [[ ! -f "$fileName" ]] ; then
wget -q https://raw.githubusercontent.com/${org}/${project}/${branch}/$expectedPath -O $fileName
fi
echo "$fileName"
fi
}
##########################
# Core Installation Operation
##########################
install-with-oxa()
{
bootstrap=`wget_wrapper "scripts/bootstrap.sh" "$(get_current_org)" "oxa-tools" "$(get_current_branch)"`
bash $bootstrap \
--role \
$TEMPLATE_TYPE \
--retry-count \
8 \
--environment \
"dev" \
--msft-oauth \
$MSFT_AUTH \
--oxatools-public-github-accountname \
`get_current_org` \
--oxatools-public-github-projectbranch \
`get_current_branch` \
--edxconfiguration-public-github-accountname \
`get_org` \
--edxconfiguration-public-github-projectname \
`get_conf_project_name` \
--edxconfiguration-public-github-projectbranch \
`get_branch` \
--edxplatform-public-github-accountname \
`get_org` \
--edxplatform-public-github-projectbranch \
`get_branch` \
--edxtheme-public-github-projectbranch \
`get_branch $USE_MSFT` \
--edxversion \
$EDX_BRANCH \
--forumversion \
`get_branch` \
--azure-media-version \
`get_branch $USE_MSFT` \
--kitchen-sink-course-version \
`get_branch $USE_MSFT`
}
devstack_preconditions()
{
sandbox_path=$1
if [[ $TEMPLATE_TYPE == $DS ]]; then
# Use devstack playbook
chmod 777 $sandbox_path
sed -i "s|edx_sandbox|vagrant-devstack|g" $sandbox_path
# Create required vagrant user account to avoid fatal error
if ! id -u vagrant > /dev/null 2>&1 ; then
adduser --disabled-password --gecos "" vagrant
fi
# Set the vagrant password
if [[ -n $VAGRANT_USER_PASSWORD ]] ; then
usermod --password $(echo $VAGRANT_USER_PASSWORD | openssl passwd -1 -stdin) vagrant
fi
# Devstack installs specific versions of chrome and firefox
remove_browsers
fi
}
install-with-edx-native()
{
# from https://openedx.atlassian.net/wiki/spaces/OpenOPS/pages/146440579/Native+Open+edX+Ubuntu+16.04+64+bit+Installation
# 1. Set the OPENEDX_RELEASE variable:
OPENEDX_RELEASE=${EDX_BRANCH#$TAGS}
# Enable retry
local utilities=`wget_wrapper "templates/stamp/utilities.sh" "$(get_current_org)" "oxa-tools" "$(get_current_branch)"`
source $utilities
# 2. Bootstrap the Ansible installation:
local ans_bootstrap=`wget_wrapper "util/install/ansible-bootstrap.sh" "${MSFT}" "$E_CONF" "ginkgo1tweaks"`
set +e
retry-command "bash $ans_bootstrap" 3 "$ans_bootstrap"
exit_on_error "Execution of edX ansible bootstrap failed"
set -e
# 3. (Optional) If this is a new installation, randomize the passwords:
# todo: reconcile this w/ -d and /oxa/oxa.yml
local gen_pass=`wget_wrapper "util/install/generate-passwords.sh" "${EDX}" "$(get_conf_project_name)" "$OPENEDX_RELEASE"`
bash $gen_pass
# 4. Install Open edX:
local sandbox=`wget_wrapper "util/install/sandbox.sh" "${MSFT}" "$E_CONF" "ginkgo1tweaks"`
devstack_preconditions $sandbox
set +e
retry-command "bash $sandbox --skip-tags=edxapp-sandbox" 8 "$sandbox" "fixPackages"
exit_on_error "Execution of edX sandbox playbook failed"
set -e
# get status of edx services
/edx/bin/supervisorctl status || true
}
##########################
# Execution Starts
##########################
echo "installing pwgen, wget, ssh..."
apt update -qq
apt install -y -qq pwgen wget ssh
parse_args "$@"
test_args
set_dynamic_vars
# We currently use sandbox.sh for ginkgo+. Therefore, it doesn't have our customizations.
# - (fullstack) This is because vagrant-fullstack.yml was removed in March 2017 and
# - (devstack) Something about our customizations result in an "elastic search" error
if [[ $BRANCH_VERSIONS == edx_g ]] || [[ $BRANCH_VERSIONS == edx_master ]] ; then
install-with-edx-native
else
install-with-oxa
fi