2016-01-12 13:08:43 +01:00
|
|
|
#!/usr/bin/env bash
|
2017-10-02 01:48:25 +02:00
|
|
|
set -e
|
|
|
|
|
|
|
|
usage() {
|
2017-11-15 21:09:53 +01:00
|
|
|
cat <<EOF
|
|
|
|
Usage:
|
|
|
|
install [--certbot] [--hostname=zulip.example.com] [--email=admin@example.com]
|
|
|
|
install --help
|
|
|
|
|
|
|
|
If --certbot is used, --hostname and --email are required.
|
|
|
|
EOF
|
2017-10-02 01:48:25 +02:00
|
|
|
exit 0
|
|
|
|
};
|
|
|
|
|
|
|
|
# Shell option parsing. Over time, we'll want to move some of the
|
|
|
|
# environment variables below into this self-documenting system.
|
2017-10-02 01:43:15 +02:00
|
|
|
args="$(getopt -o '' --long help,certbot,hostname:,email: -n "$0" -- "$@")"
|
2017-10-02 01:48:25 +02:00
|
|
|
eval "set -- $args"
|
|
|
|
while true; do
|
|
|
|
case "$1" in
|
2017-10-02 01:43:15 +02:00
|
|
|
--certbot)
|
|
|
|
USE_CERTBOT=1
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
--help)
|
|
|
|
show_help=1
|
|
|
|
shift
|
|
|
|
;;
|
2017-10-02 01:48:25 +02:00
|
|
|
--hostname)
|
|
|
|
EXTERNAL_HOST="$2"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
--email)
|
|
|
|
ZULIP_ADMINISTRATOR="$2"
|
|
|
|
shift
|
|
|
|
shift
|
|
|
|
;;
|
|
|
|
--)
|
|
|
|
break
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
|
|
|
|
if [ -n "$show_help" ]; then
|
|
|
|
usage
|
|
|
|
fi
|
2013-11-14 06:32:49 +01:00
|
|
|
|
2017-11-15 21:09:53 +01:00
|
|
|
if [ -n "$USE_CERTBOT" ] \
|
|
|
|
&& { [ -z "$EXTERNAL_HOST" ] || [ -z "$ZULIP_ADMINISTRATOR" ]; }; then
|
|
|
|
usage
|
|
|
|
fi
|
|
|
|
|
2017-10-02 01:48:25 +02:00
|
|
|
# Do set -x after option parsing is complete
|
|
|
|
set -x
|
2013-11-14 06:32:49 +01:00
|
|
|
|
2017-11-23 03:03:44 +01:00
|
|
|
# Force a known locale. Some packages on PyPI fail to install in some locales.
|
|
|
|
export LC_ALL="en_US.UTF-8"
|
|
|
|
|
2016-04-27 00:04:32 +02:00
|
|
|
# Specify options for apt.
|
2016-04-27 00:02:28 +02:00
|
|
|
APT_OPTIONS="${APT_OPTIONS:-}"
|
2016-04-27 00:04:32 +02:00
|
|
|
# Install additional packages using apt.
|
2016-04-27 00:02:28 +02:00
|
|
|
ADDITIONAL_PACKAGES=${ADDITIONAL_PACKAGES:-}
|
2016-04-27 00:04:32 +02:00
|
|
|
# Deployment type is almost always voyager.
|
|
|
|
DEPLOYMENT_TYPE="${DEPLOYMENT_TYPE:-voyager}"
|
2016-04-27 00:06:37 +02:00
|
|
|
# Comma-separated list of puppet manifests to install. default is
|
|
|
|
# zulip::voyager for an all-in-one system or zulip::dockervoyager for
|
|
|
|
# Docker. Use e.g. zulip::app_frontend for a Zulip frontend server.
|
|
|
|
PUPPET_CLASSES="${PUPPET_CLASSES:-zulip::voyager}"
|
2016-07-12 20:46:49 +02:00
|
|
|
VIRTUALENV_NEEDED="${VIRTUALENV_NEEDED:-yes}"
|
2016-04-27 00:02:28 +02:00
|
|
|
|
2016-12-01 00:29:14 +01:00
|
|
|
# Check for at least ~1.9GB of RAM before starting installation;
|
|
|
|
# otherwise users will find out about insufficient RAM via weird
|
|
|
|
# errors like a segfault running `pip install`.
|
|
|
|
mem_kb=$(cat /proc/meminfo | head -n1 | awk '{print $2}')
|
|
|
|
if [ "$mem_kb" -lt 1900000 ]; then
|
|
|
|
echo "Insufficient RAM. Zulip requires at least 2GB of RAM."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2016-09-15 19:29:56 +02:00
|
|
|
if ! [ -e /usr/bin/realpath ]; then
|
|
|
|
# realpath is in coreutils on Xenial, but not in Trusty
|
|
|
|
apt-get install -y realpath
|
|
|
|
fi
|
2017-10-02 01:48:25 +02:00
|
|
|
|
2016-09-15 19:29:56 +02:00
|
|
|
ZULIP_PATH="$(realpath $(dirname $0)/../..)"
|
|
|
|
|
2016-10-16 09:56:58 +02:00
|
|
|
# setup-apt-repo does an `apt-get update`
|
2016-09-15 19:29:56 +02:00
|
|
|
"$ZULIP_PATH"/scripts/lib/setup-apt-repo
|
2016-08-05 22:27:03 +02:00
|
|
|
|
2016-11-23 15:49:15 +01:00
|
|
|
# Handle issues around upstart on Ubuntu Xenial
|
|
|
|
"$ZULIP_PATH"/scripts/lib/check-upstart
|
|
|
|
|
2017-10-02 01:43:15 +02:00
|
|
|
if [ -n "$USE_CERTBOT" ]; then
|
2017-11-16 00:19:54 +01:00
|
|
|
"$ZULIP_PATH"/scripts/setup/setup-certbot \
|
|
|
|
--no-zulip-conf --method=standalone \
|
2017-11-15 00:48:22 +01:00
|
|
|
--hostname "$EXTERNAL_HOST" --email "$ZULIP_ADMINISTRATOR"
|
2017-10-02 01:43:15 +02:00
|
|
|
fi
|
|
|
|
|
2017-10-24 22:44:41 +02:00
|
|
|
# Check for missing SSL certificates early as well
|
2017-10-24 23:29:36 +02:00
|
|
|
if [ "$PUPPET_CLASSES" = "zulip::voyager" ] && { ! [ -e "/etc/ssl/private/zulip.key" ] || ! [ -e "/etc/ssl/certs/zulip.combined-chain.crt" ]; }; then
|
2017-10-24 22:30:27 +02:00
|
|
|
set +x
|
|
|
|
echo
|
|
|
|
echo "Could not find SSL certificates!"
|
|
|
|
for f in "/etc/ssl/private/zulip.key" "/etc/ssl/certs/zulip.combined-chain.crt"; do
|
2017-10-24 23:29:36 +02:00
|
|
|
[ -e "$f" ] || echo " - $f is missing!"
|
2017-10-24 22:30:27 +02:00
|
|
|
done
|
2017-11-16 19:51:44 +01:00
|
|
|
echo "See https://zulip.readthedocs.io/en/latest/production/ssl-certificates.html for help."
|
2017-10-24 22:30:27 +02:00
|
|
|
echo
|
|
|
|
echo "Once fixed, just rerun scripts/setup/install; it'll pick up from here!"
|
|
|
|
echo
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2017-08-23 23:54:59 +02:00
|
|
|
apt-get -y dist-upgrade $APT_OPTIONS
|
|
|
|
apt-get install -y puppet git python python3 python-six python3-six crudini $ADDITIONAL_PACKAGES
|
|
|
|
|
2016-06-22 21:00:50 +02:00
|
|
|
# Create and activate a virtualenv
|
2016-07-12 20:46:49 +02:00
|
|
|
if [ "$VIRTUALENV_NEEDED" = "yes" ]; then
|
2016-11-20 05:45:53 +01:00
|
|
|
"$ZULIP_PATH"/scripts/lib/create-production-venv "$ZULIP_PATH"
|
2016-07-12 20:46:49 +02:00
|
|
|
fi
|
2016-06-22 21:00:50 +02:00
|
|
|
|
2017-01-07 00:57:42 +01:00
|
|
|
"$ZULIP_PATH"/scripts/lib/install-node
|
|
|
|
|
2016-06-22 21:00:50 +02:00
|
|
|
# puppet apply
|
2013-11-14 06:32:49 +01:00
|
|
|
mkdir -p /etc/zulip
|
travis: Remove rabbitmq nodename dependency on hostname.
Because rabbitmq doesn't support changing the nodename of a running
rabbitmq node, Zulip installations suffered a plague of issues where
e.g. a Zulip server would reboot, the hostname would change, and
suddenly the local rabbitmq instance being used by Zulip would stop
working.
We address this problem by using, by default, a fixed rabbitmq
nodename, but providing server administrators the option to set the
rabbitmq nodename used by Zulip however they choose.
To upgrade an existing server to use this new configuration, one will
need to add something like the following to /etc/zulip/zulip.conf:
[rabbitmq]
nodename = zulip@localhost
However, I don't believe we have the puppet code in place to make this
work correctly at initial installation without rabbitmq-server being
already installed (but off), as we can easily setup in Travis CI but I
haven't been willing to do for the installer. So for now, this just
fixes our Travis CI problems.
Fixes: #1579.
2016-08-10 03:40:07 +02:00
|
|
|
(
|
|
|
|
echo -e "[machine]\npuppet_classes = $PUPPET_CLASSES\ndeploy_type = $DEPLOYMENT_TYPE";
|
2016-11-20 06:36:04 +01:00
|
|
|
|
|
|
|
# Note: there are four dpkg-query outputs to consider:
|
|
|
|
#
|
|
|
|
# root@host# dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null
|
|
|
|
# root@host# apt install rabbitmq-server
|
|
|
|
# root@host# dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null
|
|
|
|
# install ok installed
|
|
|
|
# root@host# apt remove rabbitmq-server
|
|
|
|
# root@host# dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null
|
|
|
|
# deinstall ok config-files
|
|
|
|
# root@host# apt purge rabbitmq-server
|
|
|
|
# root@host# dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null
|
|
|
|
# unknown ok not-installed
|
|
|
|
#
|
|
|
|
# (There are more possibilities in the case of dpkg errors.) Here
|
|
|
|
# we are checking for either empty or not-installed.
|
|
|
|
if [ -n "$TRAVIS" ] || ! dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null | grep -vq ' not-installed$'; then
|
travis: Remove rabbitmq nodename dependency on hostname.
Because rabbitmq doesn't support changing the nodename of a running
rabbitmq node, Zulip installations suffered a plague of issues where
e.g. a Zulip server would reboot, the hostname would change, and
suddenly the local rabbitmq instance being used by Zulip would stop
working.
We address this problem by using, by default, a fixed rabbitmq
nodename, but providing server administrators the option to set the
rabbitmq nodename used by Zulip however they choose.
To upgrade an existing server to use this new configuration, one will
need to add something like the following to /etc/zulip/zulip.conf:
[rabbitmq]
nodename = zulip@localhost
However, I don't believe we have the puppet code in place to make this
work correctly at initial installation without rabbitmq-server being
already installed (but off), as we can easily setup in Travis CI but I
haven't been willing to do for the installer. So for now, this just
fixes our Travis CI problems.
Fixes: #1579.
2016-08-10 03:40:07 +02:00
|
|
|
echo -e "\n[rabbitmq]\nnodename = zulip@localhost"
|
|
|
|
fi
|
2017-11-15 00:48:22 +01:00
|
|
|
|
|
|
|
if [ -n "$USE_CERTBOT" ]; then
|
|
|
|
echo -e "\n[certbot]\nauto_renew = yes"
|
|
|
|
fi
|
travis: Remove rabbitmq nodename dependency on hostname.
Because rabbitmq doesn't support changing the nodename of a running
rabbitmq node, Zulip installations suffered a plague of issues where
e.g. a Zulip server would reboot, the hostname would change, and
suddenly the local rabbitmq instance being used by Zulip would stop
working.
We address this problem by using, by default, a fixed rabbitmq
nodename, but providing server administrators the option to set the
rabbitmq nodename used by Zulip however they choose.
To upgrade an existing server to use this new configuration, one will
need to add something like the following to /etc/zulip/zulip.conf:
[rabbitmq]
nodename = zulip@localhost
However, I don't believe we have the puppet code in place to make this
work correctly at initial installation without rabbitmq-server being
already installed (but off), as we can easily setup in Travis CI but I
haven't been willing to do for the installer. So for now, this just
fixes our Travis CI problems.
Fixes: #1579.
2016-08-10 03:40:07 +02:00
|
|
|
) > /etc/zulip/zulip.conf
|
2016-09-15 19:29:56 +02:00
|
|
|
"$ZULIP_PATH"/scripts/zulip-puppet-apply -f
|
2013-11-14 06:32:49 +01:00
|
|
|
|
2016-07-12 05:35:14 +02:00
|
|
|
# Detect which features were selected for the below
|
2016-07-20 04:05:02 +02:00
|
|
|
set +e
|
2016-07-12 05:35:14 +02:00
|
|
|
[ -e "/etc/init.d/camo" ]; has_camo=$?
|
|
|
|
[ -e "/etc/init.d/nginx" ]; has_nginx=$?
|
|
|
|
[ -e "/etc/supervisor/conf.d/zulip.conf" ]; has_appserver=$?
|
|
|
|
[ -e "/etc/cron.d/rabbitmq-numconsumers" ]; has_rabbit=$?
|
|
|
|
[ -e "/etc/init.d/postgresql" ]; has_postgres=$?
|
2016-07-20 04:05:02 +02:00
|
|
|
set -e
|
2016-07-12 05:35:14 +02:00
|
|
|
|
2016-07-20 11:55:45 +02:00
|
|
|
# Docker service setup is done in the docker config, not here
|
|
|
|
if [ "$DEPLOYMENT_TYPE" = "dockervoyager" ]; then
|
|
|
|
has_camo=1
|
|
|
|
has_nginx=1
|
|
|
|
has_appserver=1
|
|
|
|
has_rabbit=1
|
|
|
|
has_postgres=1
|
|
|
|
fi
|
|
|
|
|
2013-11-14 06:32:49 +01:00
|
|
|
# These server restarting bits should be moveable into puppet-land, ideally
|
|
|
|
apt-get -y upgrade
|
2016-07-12 05:35:14 +02:00
|
|
|
|
|
|
|
if [ "$has_nginx" = 0 ]; then
|
2015-10-21 08:23:24 +02:00
|
|
|
# Check nginx was configured properly now that we've installed it.
|
|
|
|
# Most common failure mode is certs not having been installed.
|
2017-10-24 22:30:27 +02:00
|
|
|
nginx -t || (
|
|
|
|
set +x
|
|
|
|
echo
|
|
|
|
echo "Verifying the Zulip nginx configuration failed!"
|
|
|
|
echo
|
|
|
|
echo "This is almost always a problem with your SSL certificates."
|
2017-11-16 19:51:44 +01:00
|
|
|
echo "See https://zulip.readthedocs.io/en/latest/production/ssl-certificates.html for help"
|
2017-10-24 22:30:27 +02:00
|
|
|
echo
|
|
|
|
echo "Once fixed, just rerun scripts/setup/install; it'll pick up from here!"
|
|
|
|
echo
|
|
|
|
exit 1
|
|
|
|
)
|
2013-11-14 06:32:49 +01:00
|
|
|
service nginx restart
|
|
|
|
fi
|
|
|
|
|
2016-07-12 05:35:14 +02:00
|
|
|
if [ "$has_appserver" = 0 ]; then
|
2016-09-15 19:29:56 +02:00
|
|
|
"$ZULIP_PATH"/scripts/setup/generate_secrets.py --production
|
|
|
|
cp -a "$ZULIP_PATH"/zproject/prod_settings_template.py /etc/zulip/settings.py
|
2017-10-02 01:48:25 +02:00
|
|
|
if [ -n "$EXTERNAL_HOST" ]; then
|
|
|
|
sed -i "s/^EXTERNAL_HOST =.*/EXTERNAL_HOST = '$EXTERNAL_HOST'/" /etc/zulip/settings.py
|
|
|
|
fi
|
|
|
|
if [ -n "ZULIP_ADMINISTRATOR" ]; then
|
|
|
|
sed -i "s/^ZULIP_ADMINISTRATOR =.*/ZULIP_ADMINISTRATOR = '$ZULIP_ADMINISTRATOR'/" /etc/zulip/settings.py
|
|
|
|
fi
|
2016-09-15 19:29:56 +02:00
|
|
|
ln -nsf /etc/zulip/settings.py "$ZULIP_PATH"/zproject/prod_settings.py
|
2016-07-12 05:35:14 +02:00
|
|
|
fi
|
2013-11-14 06:32:49 +01:00
|
|
|
|
2016-04-28 07:32:27 +02:00
|
|
|
# Restart camo since generate_secrets.py likely replaced its secret key
|
2016-07-12 05:35:14 +02:00
|
|
|
if [ "$has_camo" = 0 ] && [ -z "$TRAVIS" ]; then
|
2016-04-28 07:32:27 +02:00
|
|
|
# We don't run this in Travis CI due to a weird hang bug
|
|
|
|
service camo restart
|
|
|
|
fi
|
|
|
|
|
2016-07-12 05:35:14 +02:00
|
|
|
if [ "$has_rabbit" = 0 ]; then
|
|
|
|
if ! rabbitmqctl status >/dev/null; then
|
|
|
|
set +x
|
|
|
|
echo; echo "RabbitMQ seems to not have started properly after the installation process."
|
|
|
|
echo "Often, this can be caused by misconfigured /etc/hosts in virtualized environments"
|
|
|
|
echo "See https://github.com/zulip/zulip/issues/53#issuecomment-143805121"
|
|
|
|
echo "for more information"
|
|
|
|
echo
|
|
|
|
set -x
|
|
|
|
exit 1
|
|
|
|
fi
|
2016-09-15 19:29:56 +02:00
|
|
|
"$ZULIP_PATH"/scripts/setup/configure-rabbitmq
|
2015-09-30 03:41:31 +02:00
|
|
|
fi
|
|
|
|
|
2016-07-12 05:35:14 +02:00
|
|
|
if [ "$has_postgres" = 0 ]; then
|
2016-09-15 19:29:56 +02:00
|
|
|
"$ZULIP_PATH"/scripts/setup/postgres-init-db
|
2016-07-12 05:35:14 +02:00
|
|
|
fi
|
2013-11-14 06:32:49 +01:00
|
|
|
|
2016-07-12 05:35:14 +02:00
|
|
|
if [ "$has_appserver" = 0 ]; then
|
2016-09-15 19:29:56 +02:00
|
|
|
deploy_path=$("$ZULIP_PATH"/scripts/lib/zulip_tools.py make_deploy_path)
|
|
|
|
mv "$ZULIP_PATH" "$deploy_path"
|
|
|
|
ln -nsf /home/zulip/deployments/next "$ZULIP_PATH"
|
2016-07-12 05:35:14 +02:00
|
|
|
ln -nsf "$deploy_path" /home/zulip/deployments/next
|
|
|
|
ln -nsf "$deploy_path" /home/zulip/deployments/current
|
2016-07-20 05:42:43 +02:00
|
|
|
ln -nsf /etc/zulip/settings.py "$deploy_path"/zproject/prod_settings.py
|
2016-07-12 05:35:14 +02:00
|
|
|
mkdir -p "$deploy_path"/prod-static/serve
|
|
|
|
cp -rT "$deploy_path"/prod-static/serve /home/zulip/prod-static
|
|
|
|
chown -R zulip:zulip /home/zulip /var/log/zulip /etc/zulip/settings.py
|
2017-09-23 00:40:35 +02:00
|
|
|
|
2017-09-23 04:52:33 +02:00
|
|
|
if ! [ -e "/home/zulip/prod-static/generated" ]; then
|
2017-09-23 00:40:35 +02:00
|
|
|
# If we're installing from a git checkout, we need to run
|
|
|
|
# `tools/update-prod-static` in order to build the static
|
|
|
|
# assets.
|
|
|
|
su zulip -c "/home/zulip/deployments/current/tools/update-prod-static --authors-not-required"
|
|
|
|
fi
|
2016-07-12 05:35:14 +02:00
|
|
|
fi
|
2013-11-14 06:32:49 +01:00
|
|
|
|
2016-04-27 00:20:06 +02:00
|
|
|
if [ -e "/var/run/supervisor.sock" ]; then
|
|
|
|
# If supervisor isn't running, no need to chown its socket
|
|
|
|
chown zulip:zulip /var/run/supervisor.sock
|
|
|
|
fi
|
2013-11-14 06:32:49 +01:00
|
|
|
|
|
|
|
set +x
|
|
|
|
cat <<EOF
|
|
|
|
|
|
|
|
Installation complete!
|
|
|
|
|
|
|
|
Now edit /etc/zulip/settings.py and fill in the mandatory values.
|
|
|
|
|
|
|
|
Once you've done that, please run:
|
|
|
|
|
|
|
|
su zulip -c /home/zulip/deployments/current/scripts/setup/initialize-database
|
|
|
|
|
2015-09-30 07:23:25 +02:00
|
|
|
To configure the initial database.
|
2013-11-14 06:32:49 +01:00
|
|
|
EOF
|