Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/scripts/lib/install

307 lines
9.7 KiB
Plaintext
Raw Normal View History

Add support for running OpenBSD in development environment.
2016-01-12 13:08:43 +01:00
#!/usr/bin/env bash
scripts/lib/install: Add flag to specify key settings. This should make it easier to script the installation process, and also conveniently are the options one would want for the --certbot option. Significantly modified by tabbott to have a sane right interface, include --help, and avoid printing all the `set -x` garbage before the usage notices.
2017-10-02 01:48:25 +02:00
set -e
usage() {
install: Enforce a constraint on the options, and expand usage message.
2017-11-15 21:09:53 +01:00
cat <<EOF
Usage:
install: Add --snakeoil-cert option. This provides a major simplification for non-production installs, including our own testing (it's already in both the test-install harness script and the "production" test suite) as well as potential admins evaluating Zulip. Ultimately this should probably be the default behavior, with perhaps something shown to admins on the web as a reminder and link to help on installing a better certificate. For now, pending working through that, just get the behavior in and leave it opt-in.
2018-01-23 00:12:00 +01:00
install [--hostname=zulip.example.com] [--email=admin@example.com] [options...]
install: Enforce a constraint on the options, and expand usage message.
2017-11-15 21:09:53 +01:00
install --help
install: Add --snakeoil-cert option. This provides a major simplification for non-production installs, including our own testing (it's already in both the test-install harness script and the "production" test suite) as well as potential admins evaluating Zulip. Ultimately this should probably be the default behavior, with perhaps something shown to admins on the web as a reminder and link to help on installing a better certificate. For now, pending working through that, just get the behavior in and leave it opt-in.
2018-01-23 00:12:00 +01:00
Other options:
install --self-signed-cert: Generate our own, rather than use system's. This gives us just one way of adopting a self-signed cert, rather than one script which would generate a new one and an option to another which would symlink to the system's snakeoil cert. Now those two codepaths converge, and do the same thing. The small advantage of generating our own over the alternative is that it lets us set the name in the cert to EXTERNAL_HOST, rather than the system's hostname as embedded in the system snakeoil certs. Not a big deal, but might make things go slightly smoother if some browsers are lenient (in a way that they probably shouldn't be.)
2018-01-24 02:13:09 +01:00
--certbot (requires --hostname and --email)
install: Say --self-signed-cert instead of --snakeoil-cert. Less evocative, but requires less explanation to document because it's a well-known term on the Internet.
2018-01-24 02:03:18 +01:00
--self-signed-cert
install: Enforce a constraint on the options, and expand usage message.
2017-11-15 21:09:53 +01:00
EOF
scripts/lib/install: Add flag to specify key settings. This should make it easier to script the installation process, and also conveniently are the options one would want for the --certbot option. Significantly modified by tabbott to have a sane right interface, include --help, and avoid printing all the `set -x` garbage before the usage notices.
2017-10-02 01:48:25 +02:00
exit 0
};
# Shell option parsing. Over time, we'll want to move some of the
# environment variables below into this self-documenting system.
install: Add experimental option to go straight through more install steps. We'll make this the normal behavior soon, once we're satisfied with our arrangements for sending the admin straight to realm creation and using the app without configuring email. The instructions in the docs will also have to change accordingly, of course.
2018-01-24 22:29:24 +01:00
args="$(getopt -o '' --long help,self-signed-cert,certbot,hostname:,email:,express -n "$0" -- "$@")"
scripts/lib/install: Add flag to specify key settings. This should make it easier to script the installation process, and also conveniently are the options one would want for the --certbot option. Significantly modified by tabbott to have a sane right interface, include --help, and avoid printing all the `set -x` garbage before the usage notices.
2017-10-02 01:48:25 +02:00
eval "set -- $args"
while true; do
case "$1" in
install: Add option to get certs via certbot. While this doesn't quite complete our plans for certbot support (it's not documented, etc.), this is a great stride forward.
2017-10-02 01:43:15 +02:00
--help)
show_help=1
shift
;;
install: Say --self-signed-cert instead of --snakeoil-cert. Less evocative, but requires less explanation to document because it's a well-known term on the Internet.
2018-01-24 02:03:18 +01:00
--self-signed-cert)
SELF_SIGNED_CERT=1
install: Add --snakeoil-cert option. This provides a major simplification for non-production installs, including our own testing (it's already in both the test-install harness script and the "production" test suite) as well as potential admins evaluating Zulip. Ultimately this should probably be the default behavior, with perhaps something shown to admins on the web as a reminder and link to help on installing a better certificate. For now, pending working through that, just get the behavior in and leave it opt-in.
2018-01-23 00:12:00 +01:00
shift
;;
--certbot)
USE_CERTBOT=1
shift
;;
scripts/lib/install: Add flag to specify key settings. This should make it easier to script the installation process, and also conveniently are the options one would want for the --certbot option. Significantly modified by tabbott to have a sane right interface, include --help, and avoid printing all the `set -x` garbage before the usage notices.
2017-10-02 01:48:25 +02:00
--hostname)
EXTERNAL_HOST="$2"
shift
shift
;;
--email)
ZULIP_ADMINISTRATOR="$2"
shift
shift
;;
install: Add experimental option to go straight through more install steps. We'll make this the normal behavior soon, once we're satisfied with our arrangements for sending the admin straight to realm creation and using the app without configuring email. The instructions in the docs will also have to change accordingly, of course.
2018-01-24 22:29:24 +01:00
--express) # experimental, not documented
EXPRESS_SETUP=1
shift
;;
scripts/lib/install: Add flag to specify key settings. This should make it easier to script the installation process, and also conveniently are the options one would want for the --certbot option. Significantly modified by tabbott to have a sane right interface, include --help, and avoid printing all the `set -x` garbage before the usage notices.
2017-10-02 01:48:25 +02:00
--)
install: Slightly tighten up CLI parsing. This causes us to give an error if you pass the installer any positional arguments, e.g. with `--`. There's no reason you'd want to do this, but I accidentally did it by passing an extra `--` to the `test-install/install` wrapper and spent a few minutes on confused debugging.
2018-01-24 22:23:47 +01:00
shift
scripts/lib/install: Add flag to specify key settings. This should make it easier to script the installation process, and also conveniently are the options one would want for the --certbot option. Significantly modified by tabbott to have a sane right interface, include --help, and avoid printing all the `set -x` garbage before the usage notices.
2017-10-02 01:48:25 +02:00
break
;;
esac
done
install: Slightly tighten up CLI parsing. This causes us to give an error if you pass the installer any positional arguments, e.g. with `--`. There's no reason you'd want to do this, but I accidentally did it by passing an extra `--` to the `test-install/install` wrapper and spent a few minutes on confused debugging.
2018-01-24 22:23:47 +01:00
if [ "$#" -gt 0 ]; then
usage
fi
scripts/lib/install: Add flag to specify key settings. This should make it easier to script the installation process, and also conveniently are the options one would want for the --certbot option. Significantly modified by tabbott to have a sane right interface, include --help, and avoid printing all the `set -x` garbage before the usage notices.
2017-10-02 01:48:25 +02:00
if [ -n "$show_help" ]; then
usage
fi
enterprise: Log the output of upgrade-zulip and install scripts We may eventually want to rotate the log files, but this seems good enough for now. (imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 06:32:49 +01:00
install --self-signed-cert: Generate our own, rather than use system's. This gives us just one way of adopting a self-signed cert, rather than one script which would generate a new one and an option to another which would symlink to the system's snakeoil cert. Now those two codepaths converge, and do the same thing. The small advantage of generating our own over the alternative is that it lets us set the name in the cert to EXTERNAL_HOST, rather than the system's hostname as embedded in the system snakeoil certs. Not a big deal, but might make things go slightly smoother if some browsers are lenient (in a way that they probably shouldn't be.)
2018-01-24 02:13:09 +01:00
if [ -n "$SELF_SIGNED_CERT" ] && [ -n "$USE_CERTBOT" ]; then
echo "error: --self-signed-cert and --certbot are incompatible" >&2
echo >&2
usage
fi
install: Enforce a constraint on the options, and expand usage message.
2017-11-15 21:09:53 +01:00
if [ -n "$USE_CERTBOT" ] \
&& { [ -z "$EXTERNAL_HOST" ] || [ -z "$ZULIP_ADMINISTRATOR" ]; }; then
usage
fi
scripts/lib/install: Add flag to specify key settings. This should make it easier to script the installation process, and also conveniently are the options one would want for the --certbot option. Significantly modified by tabbott to have a sane right interface, include --help, and avoid printing all the `set -x` garbage before the usage notices.
2017-10-02 01:48:25 +02:00
# Do set -x after option parsing is complete
set -x
enterprise: Log the output of upgrade-zulip and install scripts We may eventually want to rotate the log files, but this seems good enough for now. (imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 06:32:49 +01:00
install: Clarify how we set locale during install, and why. This updates commit 11ab545f3 "install: Set the locale ..." to be somewhat cleaner, and to explain more in the commit message. In some environments, either pip itself fails or some packages fail to install, and setting the locale to en_US.UTF-8 resolves the issue. We heard reports of this kind of behavior with at least two different sets of symptoms, with 1.7.0 or its release candidates: https://chat.zulip.org/#narrow/stream/general/subject/Trusty.201.2E7.20Upgrade/near/302214 https://chat.zulip.org/#narrow/stream/production.20help/subject/1.2E6.20to.201.2E7/near/306250 In all reported cases, commit 11ab545f3 or equivalent fixed the issue. Setting LC_CTYPE is redundant when also setting LC_ALL, because LC_ALL overrides all `LC_*` environment variables; so skip that. Also move the line in `install` to a more appropriate spot, and adjust the comments.
2017-11-23 03:03:44 +01:00
# Force a known locale. Some packages on PyPI fail to install in some locales.
export LC_ALL="en_US.UTF-8"
install: Add DEPLOYMENT_TYPE variable.
2016-04-27 00:04:32 +02:00
# Specify options for apt.
install: Add ADDITIONAL_PACKAGES option.
2016-04-27 00:02:28 +02:00
APT_OPTIONS="${APT_OPTIONS:-}"
install: Add DEPLOYMENT_TYPE variable.
2016-04-27 00:04:32 +02:00
# Install additional packages using apt.
install: Add ADDITIONAL_PACKAGES option.
2016-04-27 00:02:28 +02:00
ADDITIONAL_PACKAGES=${ADDITIONAL_PACKAGES:-}
install: Add DEPLOYMENT_TYPE variable.
2016-04-27 00:04:32 +02:00
# Deployment type is almost always voyager.
DEPLOYMENT_TYPE="${DEPLOYMENT_TYPE:-voyager}"
install: Add PUPPET_CLASSES variable.
2016-04-27 00:06:37 +02:00
# Comma-separated list of puppet manifests to install. default is
# zulip::voyager for an all-in-one system or zulip::dockervoyager for
# Docker. Use e.g. zulip::app_frontend for a Zulip frontend server.
PUPPET_CLASSES="${PUPPET_CLASSES:-zulip::voyager}"
Add option to not create a virtualenv.
2016-07-12 20:46:49 +02:00
VIRTUALENV_NEEDED="${VIRTUALENV_NEEDED:-yes}"
install: Add ADDITIONAL_PACKAGES option.
2016-04-27 00:02:28 +02:00
install: Check whether the system has at least 2GB RAM. This should eliminate a common class of user error installing Zulip. Fixes #2290, fixes #2320.
2016-12-01 00:29:14 +01:00
# Check for at least ~1.9GB of RAM before starting installation;
# otherwise users will find out about insufficient RAM via weird
# errors like a segfault running `pip install`.
mem_kb=$(cat /proc/meminfo | head -n1 | awk '{print $2}')
if [ "$mem_kb" -lt 1900000 ]; then
echo "Insufficient RAM. Zulip requires at least 2GB of RAM."
exit 1
fi
install: Support being run not directly from /root/zulip. This adds a dependency on the realpath package on trusty; we could try to remove it if needed, but given that realpath is included in coreutils on Xenial (and presumably anything else modern), I think it's reasonable to add it. Fixes #1797.
2016-09-15 19:29:56 +02:00
if ! [ -e /usr/bin/realpath ]; then
# realpath is in coreutils on Xenial, but not in Trusty
apt-get install -y realpath
fi
scripts/lib/install: Add flag to specify key settings. This should make it easier to script the installation process, and also conveniently are the options one would want for the --certbot option. Significantly modified by tabbott to have a sane right interface, include --help, and avoid printing all the `set -x` garbage before the usage notices.
2017-10-02 01:48:25 +02:00
install: Support being run not directly from /root/zulip. This adds a dependency on the realpath package on trusty; we could try to remove it if needed, but given that realpath is included in coreutils on Xenial (and presumably anything else modern), I think it's reasonable to add it. Fixes #1797.
2016-09-15 19:29:56 +02:00
ZULIP_PATH="$(realpath $(dirname $0)/../..)"
install: Move apt-get update into setup-apt-repo.
2016-10-16 09:56:58 +02:00
# setup-apt-repo does an `apt-get update`
install: Support being run not directly from /root/zulip. This adds a dependency on the realpath package on trusty; we could try to remove it if needed, but given that realpath is included in coreutils on Xenial (and presumably anything else modern), I think it's reasonable to add it. Fixes #1797.
2016-09-15 19:29:56 +02:00
"$ZULIP_PATH"/scripts/lib/setup-apt-repo
Revert "Use apt-add-repository to setup Zulip PPA." This reverts commit 3f95e567c1cae40206c900659a723337673a4907. Apparently `apt-add-repository` fails periodically in CI. I suspect this is some sort of silly networking problem, but given that all we're saving is a few lines of code, the old version was better if this fails basically ever.
2016-08-05 22:27:03 +02:00
install: Add clear error message if upstart is installed on Xenial. Fixes #2199.
2016-11-23 15:49:15 +01:00
# Handle issues around upstart on Ubuntu Xenial
"$ZULIP_PATH"/scripts/lib/check-upstart
install: Add --snakeoil-cert option. This provides a major simplification for non-production installs, including our own testing (it's already in both the test-install harness script and the "production" test suite) as well as potential admins evaluating Zulip. Ultimately this should probably be the default behavior, with perhaps something shown to admins on the web as a reminder and link to help on installing a better certificate. For now, pending working through that, just get the behavior in and leave it opt-in.
2018-01-23 00:12:00 +01:00
# Check early for missing SSL certificates
install: Say --self-signed-cert instead of --snakeoil-cert. Less evocative, but requires less explanation to document because it's a well-known term on the Internet.
2018-01-24 02:03:18 +01:00
if [ "$PUPPET_CLASSES" = "zulip::voyager" ] && [ -z "$USE_CERTBOT""$SELF_SIGNED_CERT" ] && { ! [ -e "/etc/ssl/private/zulip.key" ] || ! [ -e "/etc/ssl/certs/zulip.combined-chain.crt" ]; }; then
install: Provide a nicer error message for bad nginx configuration. This also covers missing SSL configuration errors nicely.
2017-10-24 22:30:27 +02:00
set +x
echo
echo "Could not find SSL certificates!"
for f in "/etc/ssl/private/zulip.key" "/etc/ssl/certs/zulip.combined-chain.crt"; do
nginx: Fix bugs in new nginx configuration checks.
2017-10-24 23:29:36 +02:00
[ -e "$f" ] || echo " - $f is missing!"
install: Provide a nicer error message for bad nginx configuration. This also covers missing SSL configuration errors nicely.
2017-10-24 22:30:27 +02:00
done
docs: Update links from codebase to point to ReadTheDocs.
2017-11-16 19:51:44 +01:00
echo "See https://zulip.readthedocs.io/en/latest/production/ssl-certificates.html for help."
install: Tighten an SSL-cert help message. The option's name now explains for itself some of what we'd had in prose.
2018-01-24 02:05:09 +01:00
echo "For non-production testing, try the --self-signed-cert option."
install: Provide a nicer error message for bad nginx configuration. This also covers missing SSL configuration errors nicely.
2017-10-24 22:30:27 +02:00
echo
echo "Once fixed, just rerun scripts/setup/install; it'll pick up from here!"
echo
exit 1
fi
install: Move upstart checks a bit earlier. This should make it much more likely that users see this before waiting a long time for other things to happen, since the `apt-get dist-upgrade` step is really slow. We can't move further to the top, since this requires `lsb_release` to be installed.
2017-08-23 23:54:59 +02:00
apt-get -y dist-upgrade $APT_OPTIONS
install: Install curl. The third-party `install-yarn.sh` script uses `curl`, and we invoke it in `install-node`. So we need to install it as a dependency. We've mostly gotten away with this because it's common for `curl` to already be installed; but it isn't always.
2018-01-22 23:34:29 +01:00
apt-get install -y \
puppet git curl \
python python3 python-six python3-six crudini \
$ADDITIONAL_PACKAGES
install: Move upstart checks a bit earlier. This should make it much more likely that users see this before waiting a long time for other things to happen, since the `apt-get dist-upgrade` step is really slow. We can't move further to the top, since this requires `lsb_release` to be installed.
2017-08-23 23:54:59 +02:00
install: Add --snakeoil-cert option. This provides a major simplification for non-production installs, including our own testing (it's already in both the test-install harness script and the "production" test suite) as well as potential admins evaluating Zulip. Ultimately this should probably be the default behavior, with perhaps something shown to admins on the web as a reminder and link to help on installing a better certificate. For now, pending working through that, just get the behavior in and leave it opt-in.
2018-01-23 00:12:00 +01:00
if [ -n "$USE_CERTBOT" ]; then
"$ZULIP_PATH"/scripts/setup/setup-certbot \
--no-zulip-conf --method=standalone \
--hostname "$EXTERNAL_HOST" --email "$ZULIP_ADMINISTRATOR"
fi
Create a virtualenv when installing/upgrading production instances.
2016-06-22 21:00:50 +02:00
# Create and activate a virtualenv
Add option to not create a virtualenv.
2016-07-12 20:46:49 +02:00
if [ "$VIRTUALENV_NEEDED" = "yes" ]; then
Use zulip-py3-venv when running on Python 3 Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2016-11-20 05:45:53 +01:00
"$ZULIP_PATH"/scripts/lib/create-production-venv "$ZULIP_PATH"
Add option to not create a virtualenv.
2016-07-12 20:46:49 +02:00
fi
Create a virtualenv when installing/upgrading production instances.
2016-06-22 21:00:50 +02:00
prod: Ensure the Zulip version of node is installed.
2017-01-07 00:57:42 +01:00
"$ZULIP_PATH"/scripts/lib/install-node
Create a virtualenv when installing/upgrading production instances.
2016-06-22 21:00:50 +02:00
# puppet apply
enterprise: Log the output of upgrade-zulip and install scripts We may eventually want to rotate the log files, but this seems good enough for now. (imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 06:32:49 +01:00
mkdir -p /etc/zulip
travis: Remove rabbitmq nodename dependency on hostname. Because rabbitmq doesn't support changing the nodename of a running rabbitmq node, Zulip installations suffered a plague of issues where e.g. a Zulip server would reboot, the hostname would change, and suddenly the local rabbitmq instance being used by Zulip would stop working. We address this problem by using, by default, a fixed rabbitmq nodename, but providing server administrators the option to set the rabbitmq nodename used by Zulip however they choose. To upgrade an existing server to use this new configuration, one will need to add something like the following to /etc/zulip/zulip.conf: [rabbitmq] nodename = zulip@localhost However, I don't believe we have the puppet code in place to make this work correctly at initial installation without rabbitmq-server being already installed (but off), as we can easily setup in Travis CI but I haven't been willing to do for the installer. So for now, this just fixes our Travis CI problems. Fixes: #1579.
2016-08-10 03:40:07 +02:00
(
echo -e "[machine]\npuppet_classes = $PUPPET_CLASSES\ndeploy_type = $DEPLOYMENT_TYPE";
install: Fix RabbitMQ node name if RabbitMQ is not installed. This indirectly causes the RabbitMQ node name for new Zulip installations to default to zulip@localhost, which would eliminate the persistent problems we have had Fixes #194, #465, #1375, #1751. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2016-11-20 06:36:04 +01:00
# Note: there are four dpkg-query outputs to consider:
#
# root@host# dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null
# root@host# apt install rabbitmq-server
# root@host# dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null
# install ok installed
# root@host# apt remove rabbitmq-server
# root@host# dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null
# deinstall ok config-files
# root@host# apt purge rabbitmq-server
# root@host# dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null
# unknown ok not-installed
#
# (There are more possibilities in the case of dpkg errors.) Here
# we are checking for either empty or not-installed.
if [ -n "$TRAVIS" ] || ! dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null | grep -vq ' not-installed$'; then
travis: Remove rabbitmq nodename dependency on hostname. Because rabbitmq doesn't support changing the nodename of a running rabbitmq node, Zulip installations suffered a plague of issues where e.g. a Zulip server would reboot, the hostname would change, and suddenly the local rabbitmq instance being used by Zulip would stop working. We address this problem by using, by default, a fixed rabbitmq nodename, but providing server administrators the option to set the rabbitmq nodename used by Zulip however they choose. To upgrade an existing server to use this new configuration, one will need to add something like the following to /etc/zulip/zulip.conf: [rabbitmq] nodename = zulip@localhost However, I don't believe we have the puppet code in place to make this work correctly at initial installation without rabbitmq-server being already installed (but off), as we can easily setup in Travis CI but I haven't been willing to do for the installer. So for now, this just fixes our Travis CI problems. Fixes: #1579.
2016-08-10 03:40:07 +02:00
echo -e "\n[rabbitmq]\nnodename = zulip@localhost"
fi
certbot: Control auto-renew with a zulip.conf setting. This causes the cron job to run only when a Zulip-managed certbot install is actually set up. Inside `install`, zulip.conf doesn't yet exist when we run setup-certbot, so we write the setting later. But we also give setup-certbot the ability to write the setting itself, so that we can recommend it in instructions for adopting certbot in an existing Zulip installation.
2017-11-15 00:48:22 +01:00
if [ -n "$USE_CERTBOT" ]; then
echo -e "\n[certbot]\nauto_renew = yes"
fi
travis: Remove rabbitmq nodename dependency on hostname. Because rabbitmq doesn't support changing the nodename of a running rabbitmq node, Zulip installations suffered a plague of issues where e.g. a Zulip server would reboot, the hostname would change, and suddenly the local rabbitmq instance being used by Zulip would stop working. We address this problem by using, by default, a fixed rabbitmq nodename, but providing server administrators the option to set the rabbitmq nodename used by Zulip however they choose. To upgrade an existing server to use this new configuration, one will need to add something like the following to /etc/zulip/zulip.conf: [rabbitmq] nodename = zulip@localhost However, I don't believe we have the puppet code in place to make this work correctly at initial installation without rabbitmq-server being already installed (but off), as we can easily setup in Travis CI but I haven't been willing to do for the installer. So for now, this just fixes our Travis CI problems. Fixes: #1579.
2016-08-10 03:40:07 +02:00
) > /etc/zulip/zulip.conf
install: Support being run not directly from /root/zulip. This adds a dependency on the realpath package on trusty; we could try to remove it if needed, but given that realpath is included in coreutils on Xenial (and presumably anything else modern), I think it's reasonable to add it. Fixes #1797.
2016-09-15 19:29:56 +02:00
"$ZULIP_PATH"/scripts/zulip-puppet-apply -f
enterprise: Log the output of upgrade-zulip and install scripts We may eventually want to rotate the log files, but this seems good enough for now. (imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 06:32:49 +01:00
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
# Detect which features were selected for the below
install: Fix feature detection/set -e incompatibility. Previously, the whole script would stop when a feature wasn't available.
2016-07-20 04:05:02 +02:00
set +e
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
[ -e "/etc/init.d/camo" ]; has_camo=$?
[ -e "/etc/init.d/nginx" ]; has_nginx=$?
[ -e "/etc/supervisor/conf.d/zulip.conf" ]; has_appserver=$?
[ -e "/etc/cron.d/rabbitmq-numconsumers" ]; has_rabbit=$?
[ -e "/etc/init.d/postgresql" ]; has_postgres=$?
install: Fix feature detection/set -e incompatibility. Previously, the whole script would stop when a feature wasn't available.
2016-07-20 04:05:02 +02:00
set -e
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
Disable auto-service-restart for docker installations.
2016-07-20 11:55:45 +02:00
# Docker service setup is done in the docker config, not here
if [ "$DEPLOYMENT_TYPE" = "dockervoyager" ]; then
has_camo=1
has_nginx=1
has_appserver=1
has_rabbit=1
has_postgres=1
fi
enterprise: Log the output of upgrade-zulip and install scripts We may eventually want to rotate the log files, but this seems good enough for now. (imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 06:32:49 +01:00
# These server restarting bits should be moveable into puppet-land, ideally
apt-get -y upgrade
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
if [ "$has_nginx" = 0 ]; then
install --self-signed-cert: Generate our own, rather than use system's. This gives us just one way of adopting a self-signed cert, rather than one script which would generate a new one and an option to another which would symlink to the system's snakeoil cert. Now those two codepaths converge, and do the same thing. The small advantage of generating our own over the alternative is that it lets us set the name in the cert to EXTERNAL_HOST, rather than the system's hostname as embedded in the system snakeoil certs. Not a big deal, but might make things go slightly smoother if some browsers are lenient (in a way that they probably shouldn't be.)
2018-01-24 02:13:09 +01:00
if [ -n "$SELF_SIGNED_CERT" ]; then
"$ZULIP_PATH"/scripts/setup/generate-self-signed-cert --exists-ok "${EXTERNAL_HOST:-$(hostname)}"
install: Add --snakeoil-cert option. This provides a major simplification for non-production installs, including our own testing (it's already in both the test-install harness script and the "production" test suite) as well as potential admins evaluating Zulip. Ultimately this should probably be the default behavior, with perhaps something shown to admins on the web as a reminder and link to help on installing a better certificate. For now, pending working through that, just get the behavior in and leave it opt-in.
2018-01-23 00:12:00 +01:00
fi
install: Check nginx configuration is valid. It's better to fail here and have the user correct the issue than fail later.
2015-10-21 08:23:24 +02:00
# Check nginx was configured properly now that we've installed it.
# Most common failure mode is certs not having been installed.
install: Provide a nicer error message for bad nginx configuration. This also covers missing SSL configuration errors nicely.
2017-10-24 22:30:27 +02:00
nginx -t || (
set +x
echo
echo "Verifying the Zulip nginx configuration failed!"
echo
echo "This is almost always a problem with your SSL certificates."
docs: Update links from codebase to point to ReadTheDocs.
2017-11-16 19:51:44 +01:00
echo "See https://zulip.readthedocs.io/en/latest/production/ssl-certificates.html for help"
install: Provide a nicer error message for bad nginx configuration. This also covers missing SSL configuration errors nicely.
2017-10-24 22:30:27 +02:00
echo
echo "Once fixed, just rerun scripts/setup/install; it'll pick up from here!"
echo
exit 1
)
enterprise: Log the output of upgrade-zulip and install scripts We may eventually want to rotate the log files, but this seems good enough for now. (imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 06:32:49 +01:00
service nginx restart
fi
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
if [ "$has_appserver" = 0 ]; then
install: Support being run not directly from /root/zulip. This adds a dependency on the realpath package on trusty; we could try to remove it if needed, but given that realpath is included in coreutils on Xenial (and presumably anything else modern), I think it's reasonable to add it. Fixes #1797.
2016-09-15 19:29:56 +02:00
"$ZULIP_PATH"/scripts/setup/generate_secrets.py --production
cp -a "$ZULIP_PATH"/zproject/prod_settings_template.py /etc/zulip/settings.py
scripts/lib/install: Add flag to specify key settings. This should make it easier to script the installation process, and also conveniently are the options one would want for the --certbot option. Significantly modified by tabbott to have a sane right interface, include --help, and avoid printing all the `set -x` garbage before the usage notices.
2017-10-02 01:48:25 +02:00
if [ -n "$EXTERNAL_HOST" ]; then
sed -i "s/^EXTERNAL_HOST =.*/EXTERNAL_HOST = '$EXTERNAL_HOST'/" /etc/zulip/settings.py
fi
if [ -n "ZULIP_ADMINISTRATOR" ]; then
sed -i "s/^ZULIP_ADMINISTRATOR =.*/ZULIP_ADMINISTRATOR = '$ZULIP_ADMINISTRATOR'/" /etc/zulip/settings.py
fi
install: Support being run not directly from /root/zulip. This adds a dependency on the realpath package on trusty; we could try to remove it if needed, but given that realpath is included in coreutils on Xenial (and presumably anything else modern), I think it's reasonable to add it. Fixes #1797.
2016-09-15 19:29:56 +02:00
ln -nsf /etc/zulip/settings.py "$ZULIP_PATH"/zproject/prod_settings.py
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
fi
enterprise: Log the output of upgrade-zulip and install scripts We may eventually want to rotate the log files, but this seems good enough for now. (imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 06:32:49 +01:00
Run a local camo server in voyager production environments. Camo is a caching image proxy, used in Zulip to avoid mixed-content warnings by proxying HTTP image content over HTTPS. We've been using it in zulip.com production for years; this change makes it available in standalone Zulip deployments.
2016-04-28 07:32:27 +02:00
# Restart camo since generate_secrets.py likely replaced its secret key
install: Work around a bug in the (our) Debian package for camo. Before this fix, the installer has an extremely annoying bug where when run inside a container with `lxc-attach`, when the installer finishes, the `lxc-attach` just hangs and doesn't respond even to C-c or C-z. The only way to get the terminal back is to root around from some other terminal to find the PID and kill it; then run something like `stty sane` to fix the messed-up terminal settings left behind. After bisecting pieces of the install script to locate which step was causing the issue, it comes down to the `service camo restart`. The comment here indicates that we knew about an annoying bug here years ago, and just swept it under the rug by skipping this step when in Travis. >_< The issue can be reproduced by running simply `service camo restart` under `lxc-attach` instead of the installer; or `service camo start`, following a `service camo stop`. If `lxc-attach` is used to get an interactive shell, these commands appear to work fine; but then when that shell exits, the same hang appears. So, when we start camo we're evidently leaving some kind of mess that entangles the daemon with our shell. Looking at the camo initscript where it starts the daemon, there's not much code, and one flag jumps out as suspicious: start-stop-daemon --start --quiet --pidfile $PIDFILE -bm \ --exec $DAEMON --no-close -c nobody --test > /dev/null 2>&1 \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE -bm \ --no-close -c nobody --exec $DAEMON -- \ $DAEMON_ARGS >> /var/log/camo/camo.log 2>&1 \ || return 2 What does `--no-close` do? -C, --no-close Do not close any file descriptor when forcing the daemon into the background (since version 1.16.5). Used for debugging purposes to see the process output, or to redirect file descriptors to log the process output. And in fact, looking in /proc/PID/fd while a hang is happening finds that fd 0 on the camo daemon process, aka stdin, is connected to our terminal. So, stop that by denying the initscript our stdin in the first place. This fixes the problem. The Debian maintainer turns out to be "Zulip Debian Packaging Team", at debian@zulip.com; so this package and its bugs are basically ours.
2018-01-23 02:27:35 +01:00
if [ "$has_camo" = 0 ]; then
# Cut off stdin because a bug in the Debian packaging for camo
# causes our stdin to leak to the daemon, which can cause tools
# invoking the installer to hang.
# TODO: fix in Debian too.
service camo restart </dev/null
Run a local camo server in voyager production environments. Camo is a caching image proxy, used in Zulip to avoid mixed-content warnings by proxying HTTP image content over HTTPS. We've been using it in zulip.com production for years; this change makes it available in standalone Zulip deployments.
2016-04-28 07:32:27 +02:00
fi
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
if [ "$has_rabbit" = 0 ]; then
if ! rabbitmqctl status >/dev/null; then
set +x
echo; echo "RabbitMQ seems to not have started properly after the installation process."
echo "Often, this can be caused by misconfigured /etc/hosts in virtualized environments"
echo "See https://github.com/zulip/zulip/issues/53#issuecomment-143805121"
echo "for more information"
echo
set -x
exit 1
fi
install: Support being run not directly from /root/zulip. This adds a dependency on the realpath package on trusty; we could try to remove it if needed, but given that realpath is included in coreutils on Xenial (and presumably anything else modern), I think it's reasonable to add it. Fixes #1797.
2016-09-15 19:29:56 +02:00
"$ZULIP_PATH"/scripts/setup/configure-rabbitmq
install: Add nice error message for RabbitMQ not having started.
2015-09-30 03:41:31 +02:00
fi
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
if [ "$has_postgres" = 0 ]; then
install: Support being run not directly from /root/zulip. This adds a dependency on the realpath package on trusty; we could try to remove it if needed, but given that realpath is included in coreutils on Xenial (and presumably anything else modern), I think it's reasonable to add it. Fixes #1797.
2016-09-15 19:29:56 +02:00
"$ZULIP_PATH"/scripts/setup/postgres-init-db
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
fi
enterprise: Log the output of upgrade-zulip and install scripts We may eventually want to rotate the log files, but this seems good enough for now. (imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 06:32:49 +01:00
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
if [ "$has_appserver" = 0 ]; then
install: Support being run not directly from /root/zulip. This adds a dependency on the realpath package on trusty; we could try to remove it if needed, but given that realpath is included in coreutils on Xenial (and presumably anything else modern), I think it's reasonable to add it. Fixes #1797.
2016-09-15 19:29:56 +02:00
deploy_path=$("$ZULIP_PATH"/scripts/lib/zulip_tools.py make_deploy_path)
mv "$ZULIP_PATH" "$deploy_path"
ln -nsf /home/zulip/deployments/next "$ZULIP_PATH"
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
ln -nsf "$deploy_path" /home/zulip/deployments/next
ln -nsf "$deploy_path" /home/zulip/deployments/current
Rename local_settings.py symlink to prod_settings.py.
2016-07-20 05:42:43 +02:00
ln -nsf /etc/zulip/settings.py "$deploy_path"/zproject/prod_settings.py
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
mkdir -p "$deploy_path"/prod-static/serve
cp -rT "$deploy_path"/prod-static/serve /home/zulip/prod-static
chown -R zulip:zulip /home/zulip /var/log/zulip /etc/zulip/settings.py
install: Support installing a Zulip server from a Git checkout. Historically, one has needed to build a release tarball in order to use/test the Zulip installer, but you could upgrade a Zulip server from Git. However, the only reason for that requirement was that we didn't run `tools/update-prod-static` as part of the install script if it's required. A good test for that case is whether we're in a Git repository, but a better one is to check whether the prod-static content exists in the tarball paths. Fixes #3704.
2017-09-23 00:40:35 +02:00
install: Fix check for whether update-prod-static is needed. The previous version seems to be created without update-prod-static.
2017-09-23 04:52:33 +02:00
if ! [ -e "/home/zulip/prod-static/generated" ]; then
install: Support installing a Zulip server from a Git checkout. Historically, one has needed to build a release tarball in order to use/test the Zulip installer, but you could upgrade a Zulip server from Git. However, the only reason for that requirement was that we didn't run `tools/update-prod-static` as part of the install script if it's required. A good test for that case is whether we're in a Git repository, but a better one is to check whether the prod-static content exists in the tarball paths. Fixes #3704.
2017-09-23 00:40:35 +02:00
# If we're installing from a git checkout, we need to run
# `tools/update-prod-static` in order to build the static
# assets.
su zulip -c "/home/zulip/deployments/current/tools/update-prod-static --authors-not-required"
fi
install: Improve support for non-default puppet rules. Previously, the install script would fail if you passed various non-default puppet rules, since the code to configure and restart services that runs later on in the install script largely ran unconditionally, regardless of whether the relevant service was actually installed on the target system. This should make the main install script reusable for installing e.g. a dedicated Postgres server for use with Zulip.
2016-07-12 05:35:14 +02:00
fi
enterprise: Log the output of upgrade-zulip and install scripts We may eventually want to rotate the log files, but this seems good enough for now. (imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 06:32:49 +01:00
Don't chown supervisor socket if it doesn't exist.
2016-04-27 00:20:06 +02:00
if [ -e "/var/run/supervisor.sock" ]; then
# If supervisor isn't running, no need to chown its socket
chown zulip:zulip /var/run/supervisor.sock
fi
enterprise: Log the output of upgrade-zulip and install scripts We may eventually want to rotate the log files, but this seems good enough for now. (imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 06:32:49 +01:00
install: Add experimental option to go straight through more install steps. We'll make this the normal behavior soon, once we're satisfied with our arrangements for sending the admin straight to realm creation and using the app without configuring email. The instructions in the docs will also have to change accordingly, of course.
2018-01-24 22:29:24 +01:00
if [ -z "$EXPRESS_SETUP" ]; then
set +x
cat <<EOF
enterprise: Log the output of upgrade-zulip and install scripts We may eventually want to rotate the log files, but this seems good enough for now. (imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 06:32:49 +01:00
Installation complete!
Now edit /etc/zulip/settings.py and fill in the mandatory values.
Once you've done that, please run:
su zulip -c /home/zulip/deployments/current/scripts/setup/initialize-database
Dramatically extend post-install documentation for production Zulip.
2015-09-30 07:23:25 +02:00
To configure the initial database.
enterprise: Log the output of upgrade-zulip and install scripts We may eventually want to rotate the log files, but this seems good enough for now. (imported from commit 9a54fa6b40bc62f68e52ef552c1a676856b21829)
2013-11-14 06:32:49 +01:00
EOF
install: Add experimental option to go straight through more install steps. We'll make this the normal behavior soon, once we're satisfied with our arrangements for sending the admin straight to realm creation and using the app without configuring email. The instructions in the docs will also have to change accordingly, of course.
2018-01-24 22:29:24 +01:00
exit 0
fi
# TODO suppress instructions on success
sudo -u zulip /home/zulip/deployments/current/scripts/setup/initialize-database
sudo -u zulip /home/zulip/deployments/current/manage.py generate_realm_creation_link