2016-01-12 13:08:43 +01:00
|
|
|
|
#!/usr/bin/env bash
|
2017-10-02 01:48:25 +02:00
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
|
|
usage() {
|
2020-06-18 00:18:34 +02:00
|
|
|
|
# A subset of this documentation also appears in docs/production/install.md
|
|
|
|
|
|
cat <<'EOF'
|
2017-11-15 21:09:53 +01:00
|
|
|
|
Usage:
|
2019-02-01 02:23:37 +01:00
|
|
|
|
install --hostname=zulip.example.com --email=zulip-admin@example.com [options...]
|
2017-11-15 21:09:53 +01:00
|
|
|
|
install --help
|
|
|
|
|
|
|
2020-06-18 00:18:34 +02:00
|
|
|
|
Options:
|
|
|
|
|
|
--hostname=zulip.example.com
|
|
|
|
|
|
The user-accessible domain name for this Zulip server, i.e., what users will type
|
|
|
|
|
|
in their web browser. Required, unless --no-init-db is set and --certbot is not.
|
|
|
|
|
|
--email=zulip-admin@example.com
|
|
|
|
|
|
The email address of the person or team who should get support and error emails
|
|
|
|
|
|
from this Zulip server. Required, unless --no-init-db is set and --certbot is
|
|
|
|
|
|
not.
|
|
|
|
|
|
|
2018-03-03 01:10:51 +01:00
|
|
|
|
--certbot
|
2020-06-18 00:18:34 +02:00
|
|
|
|
Obtains a free SSL certificate for the server using Certbot,
|
|
|
|
|
|
https://certbot.eff.org/ Recommended. Conflicts with --self-signed-cert.
|
2018-01-24 02:03:18 +01:00
|
|
|
|
--self-signed-cert
|
2020-06-18 00:18:34 +02:00
|
|
|
|
Generate a self-signed SSL certificate for the server. This isn’t suitable for
|
|
|
|
|
|
production use, but may be convenient for testing. Conflicts with --certbot.
|
|
|
|
|
|
--cacert=/path/to/ca.pem
|
|
|
|
|
|
Set the CA which used to establish TLS to all public internet sites during the
|
|
|
|
|
|
install process; used when this command is run once in a highly-controlled
|
|
|
|
|
|
environment to produce an image which is used elsewhere. Uncommon.
|
2020-06-17 23:26:53 +02:00
|
|
|
|
|
2020-06-24 00:44:49 +02:00
|
|
|
|
--postgres-version=12
|
|
|
|
|
|
Sets the version of Postgres that will be installed.
|
2019-12-12 10:50:04 +01:00
|
|
|
|
--postgres-missing-dictionaries
|
2020-06-18 00:18:34 +02:00
|
|
|
|
Set postgresql.missing_dictionaries, which alters the initial database. Use with
|
|
|
|
|
|
cloud managed databases like RDS. Conflicts with --no-overwrite-settings.
|
2020-06-17 23:26:53 +02:00
|
|
|
|
--no-init-db
|
2020-06-18 00:18:34 +02:00
|
|
|
|
Does not do any database initialization; use when you already have a Zulip
|
|
|
|
|
|
database.
|
2020-06-17 23:26:53 +02:00
|
|
|
|
|
|
|
|
|
|
--no-overwrite-settings
|
2020-06-18 00:18:34 +02:00
|
|
|
|
Preserve existing `/etc/zulip` configuration files.
|
2020-06-17 23:26:53 +02:00
|
|
|
|
--no-dist-upgrade
|
2020-06-18 00:18:34 +02:00
|
|
|
|
Skip the initial `apt-get dist-upgrade`.
|
2018-03-03 01:10:51 +01:00
|
|
|
|
|
2017-11-15 21:09:53 +01:00
|
|
|
|
EOF
|
2017-10-02 01:48:25 +02:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
# Shell option parsing. Over time, we'll want to move some of the
|
|
|
|
|
|
# environment variables below into this self-documenting system.
|
2020-06-24 00:44:49 +02:00
|
|
|
|
args="$(getopt -o '' --long help,hostname:,email:,certbot,self-signed-cert,cacert:,postgres-version:,postgres-missing-dictionaries,no-init-db,no-overwrite-settings,no-dist-upgrade -n "$0" -- "$@")"
|
2017-10-02 01:48:25 +02:00
|
|
|
|
eval "set -- $args"
|
|
|
|
|
|
while true; do
|
|
|
|
|
|
case "$1" in
|
2019-02-01 02:23:37 +01:00
|
|
|
|
--help) usage; exit 0;;
|
2020-06-17 23:26:53 +02:00
|
|
|
|
|
2018-02-09 02:05:13 +01:00
|
|
|
|
--hostname) EXTERNAL_HOST="$2"; shift; shift;;
|
|
|
|
|
|
--email) ZULIP_ADMINISTRATOR="$2"; shift; shift;;
|
2020-06-17 23:26:53 +02:00
|
|
|
|
|
|
|
|
|
|
--certbot) USE_CERTBOT=1; shift;;
|
|
|
|
|
|
--cacert) export CUSTOM_CA_CERTIFICATES="$2"; shift; shift;;
|
|
|
|
|
|
--self-signed-cert) SELF_SIGNED_CERT=1; shift;;
|
|
|
|
|
|
|
2020-06-24 00:44:49 +02:00
|
|
|
|
--postgres-version) POSTGRES_VERSION="$2"; shift; shift;;
|
2019-12-12 10:50:04 +01:00
|
|
|
|
--postgres-missing-dictionaries) POSTGRES_MISSING_DICTIONARIES=1; shift;;
|
2020-06-17 23:26:53 +02:00
|
|
|
|
--no-init-db) NO_INIT_DB=1; shift;;
|
|
|
|
|
|
|
|
|
|
|
|
--no-overwrite-settings) NO_OVERWRITE_SETTINGS=1; shift;;
|
|
|
|
|
|
--no-dist-upgrade) NO_DIST_UPGRADE=1; shift;;
|
2018-02-09 02:05:13 +01:00
|
|
|
|
--) shift; break;;
|
2017-10-02 01:48:25 +02:00
|
|
|
|
esac
|
|
|
|
|
|
done
|
|
|
|
|
|
|
2018-01-24 22:23:47 +01:00
|
|
|
|
if [ "$#" -gt 0 ]; then
|
2019-02-01 02:23:37 +01:00
|
|
|
|
usage >&2
|
|
|
|
|
|
exit 1
|
2018-01-24 22:23:47 +01:00
|
|
|
|
fi
|
|
|
|
|
|
|
2018-02-09 02:12:36 +01:00
|
|
|
|
## Options from environment variables.
|
|
|
|
|
|
#
|
|
|
|
|
|
# Specify options for apt.
|
2018-08-03 02:14:47 +02:00
|
|
|
|
read -r -a APT_OPTIONS <<< "${APT_OPTIONS:-}"
|
2019-12-15 18:15:17 +01:00
|
|
|
|
# Install additional packages.
|
2018-08-03 02:14:47 +02:00
|
|
|
|
read -r -a ADDITIONAL_PACKAGES <<< "${ADDITIONAL_PACKAGES:-}"
|
2018-02-09 02:12:36 +01:00
|
|
|
|
# Comma-separated list of puppet manifests to install. default is
|
|
|
|
|
|
# zulip::voyager for an all-in-one system or zulip::dockervoyager for
|
|
|
|
|
|
# Docker. Use e.g. zulip::app_frontend for a Zulip frontend server.
|
|
|
|
|
|
PUPPET_CLASSES="${PUPPET_CLASSES:-zulip::voyager}"
|
|
|
|
|
|
VIRTUALENV_NEEDED="${VIRTUALENV_NEEDED:-yes}"
|
2020-06-24 00:44:49 +02:00
|
|
|
|
POSTGRES_VERSION="${POSTGRES_VERSION:-12}"
|
2013-11-14 06:32:49 +01:00
|
|
|
|
|
2018-01-24 02:13:09 +01:00
|
|
|
|
if [ -n "$SELF_SIGNED_CERT" ] && [ -n "$USE_CERTBOT" ]; then
|
2018-11-12 19:52:44 +01:00
|
|
|
|
set +x
|
2018-01-24 02:13:09 +01:00
|
|
|
|
echo "error: --self-signed-cert and --certbot are incompatible" >&2
|
|
|
|
|
|
echo >&2
|
2019-02-01 02:23:37 +01:00
|
|
|
|
usage >&2
|
|
|
|
|
|
exit 1
|
2018-01-24 02:13:09 +01:00
|
|
|
|
fi
|
|
|
|
|
|
|
2020-06-17 23:47:33 +02:00
|
|
|
|
if [ -n "$POSTGRES_MISSING_DICTIONARIES" ] && [ -n "$NO_OVERWRITE_SETTINGS" ]; then
|
|
|
|
|
|
set +x
|
|
|
|
|
|
echo "error: --postgres-missing-dictionaries and --no-overwrite-settings are incompatible" >&2
|
|
|
|
|
|
echo >&2
|
|
|
|
|
|
usage >&2
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2018-03-03 01:10:51 +01:00
|
|
|
|
if [ -z "$EXTERNAL_HOST" ] || [ -z "$ZULIP_ADMINISTRATOR" ]; then
|
|
|
|
|
|
if [ -n "$USE_CERTBOT" ] || [ -z "$NO_INIT_DB" ]; then
|
2019-02-01 02:23:37 +01:00
|
|
|
|
usage >&2
|
|
|
|
|
|
exit 1
|
2018-03-03 01:10:51 +01:00
|
|
|
|
fi
|
2018-02-09 01:33:53 +01:00
|
|
|
|
fi
|
|
|
|
|
|
|
2019-02-01 02:23:37 +01:00
|
|
|
|
if [ "$EXTERNAL_HOST" = zulip.example.com ] ||
|
|
|
|
|
|
[ "$ZULIP_ADMINISTRATOR" = zulip-admin@example.com ]; then
|
|
|
|
|
|
# These example values are specifically checked for and would fail
|
|
|
|
|
|
# later; see check_config in zerver/lib/management.py.
|
|
|
|
|
|
echo 'error: The example hostname and email must be replaced with real values.' >&2
|
|
|
|
|
|
echo >&2
|
|
|
|
|
|
usage >&2
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2017-10-02 01:48:25 +02:00
|
|
|
|
# Do set -x after option parsing is complete
|
|
|
|
|
|
set -x
|
2013-11-14 06:32:49 +01:00
|
|
|
|
|
2018-08-03 02:14:47 +02:00
|
|
|
|
ZULIP_PATH="$(readlink -f "$(dirname "$0")"/../..)"
|
2018-02-09 02:19:40 +01:00
|
|
|
|
|
2017-11-23 03:03:44 +01:00
|
|
|
|
# Force a known locale. Some packages on PyPI fail to install in some locales.
|
2018-10-11 23:40:58 +02:00
|
|
|
|
localedef -i en_US -f UTF-8 en_US.UTF-8
|
2017-11-23 03:03:44 +01:00
|
|
|
|
export LC_ALL="en_US.UTF-8"
|
2018-07-24 07:59:19 +02:00
|
|
|
|
export LANG="en_US.UTF-8"
|
|
|
|
|
|
export LANGUAGE="en_US.UTF-8"
|
2017-11-23 03:03:44 +01:00
|
|
|
|
|
2018-03-07 04:26:02 +01:00
|
|
|
|
# Check for a supported OS release.
|
2019-12-20 22:40:23 +01:00
|
|
|
|
if [ -f /etc/os-release ]; then
|
2019-12-21 01:54:51 +01:00
|
|
|
|
os_info="$(. /etc/os-release; printf '%s\n' "$ID" "$ID_LIKE" "$VERSION_ID" "$VERSION_CODENAME")"
|
2020-01-09 15:59:16 +01:00
|
|
|
|
{ read -r os_id; read -r os_id_like; read -r os_version_id; read -r os_version_codename || true; } <<< "$os_info"
|
2020-06-23 23:22:54 +02:00
|
|
|
|
case " $os_id $os_id_like " in
|
|
|
|
|
|
*' debian '*)
|
|
|
|
|
|
package_system="apt"
|
|
|
|
|
|
;;
|
|
|
|
|
|
*' rhel '*)
|
|
|
|
|
|
package_system="yum"
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
2019-12-15 17:41:35 +01:00
|
|
|
|
fi
|
2018-11-29 01:27:41 +01:00
|
|
|
|
|
2019-12-20 22:40:23 +01:00
|
|
|
|
case "$os_id$os_version_id" in
|
2020-06-23 23:19:37 +02:00
|
|
|
|
debian10|ubuntu18.04|ubuntu20.04) ;;
|
2018-03-07 04:26:02 +01:00
|
|
|
|
*)
|
|
|
|
|
|
set +x
|
|
|
|
|
|
cat <<EOF
|
|
|
|
|
|
|
2019-12-20 22:40:23 +01:00
|
|
|
|
Unsupported OS release: $os_id $os_version_id
|
2018-03-07 04:26:02 +01:00
|
|
|
|
|
|
|
|
|
|
Zulip in production is supported only on:
|
2019-08-13 15:11:58 +02:00
|
|
|
|
- Debian 10 "buster"
|
2018-05-24 19:44:29 +02:00
|
|
|
|
- Ubuntu 18.04 LTS "bionic"
|
2020-06-23 23:19:37 +02:00
|
|
|
|
- Ubuntu 20.04 LTS "focal"
|
2018-03-07 04:26:02 +01:00
|
|
|
|
|
|
|
|
|
|
For more information, see:
|
|
|
|
|
|
https://zulip.readthedocs.io/en/latest/production/requirements.html
|
|
|
|
|
|
EOF
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
esac
|
|
|
|
|
|
|
2019-12-20 22:40:23 +01:00
|
|
|
|
if [ "$os_id" = ubuntu ] && ! apt-cache policy |
|
|
|
|
|
|
grep -q "^ release v=$os_version_id,o=Ubuntu,a=$os_version_codename,n=$os_version_codename,l=Ubuntu,c=universe"; then
|
2018-11-29 01:27:41 +01:00
|
|
|
|
set +x
|
|
|
|
|
|
cat <<'EOF'
|
|
|
|
|
|
|
|
|
|
|
|
You must enable the Ubuntu Universe repository before installing
|
2019-01-26 21:27:10 +01:00
|
|
|
|
Zulip. You can do this with:
|
|
|
|
|
|
|
|
|
|
|
|
sudo add-apt-repository universe
|
|
|
|
|
|
sudo apt update
|
2018-11-29 01:27:41 +01:00
|
|
|
|
|
|
|
|
|
|
For more information, see:
|
|
|
|
|
|
https://zulip.readthedocs.io/en/latest/production/requirements.html
|
|
|
|
|
|
EOF
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2020-06-23 08:57:14 +02:00
|
|
|
|
case ",$PUPPET_CLASSES," in
|
|
|
|
|
|
*,zulip::voyager,* | *,zulip::postgres_appdb_tuned,*)
|
|
|
|
|
|
if [ "$package_system" = apt ]; then
|
|
|
|
|
|
# We're going to install Postgres from the postgres apt
|
|
|
|
|
|
# repository; this may conflict with the existing postgres.
|
|
|
|
|
|
OTHER_PG="$(dpkg --get-selections |
|
2020-06-27 05:05:21 +02:00
|
|
|
|
grep -E '^postgresql-[0-9]+\s+install$' |
|
2020-06-23 08:57:14 +02:00
|
|
|
|
grep -v "^postgresql-$POSTGRES_VERSION\b" |
|
|
|
|
|
|
cut -f 1)" || true
|
|
|
|
|
|
if [ -n "$OTHER_PG" ]; then
|
|
|
|
|
|
INDENTED="${OTHER_PG//$'\n'/$'\n' }"
|
|
|
|
|
|
SPACED="${OTHER_PG//$'\n'/ }"
|
|
|
|
|
|
cat <<EOF
|
|
|
|
|
|
|
|
|
|
|
|
The following PostgreSQL servers were found to already be installed:
|
|
|
|
|
|
|
|
|
|
|
|
$INDENTED
|
|
|
|
|
|
|
|
|
|
|
|
Zulip needs to install PostgreSQL $POSTGRES_VERSION, but does not wish
|
|
|
|
|
|
to uninstall existing databases in order to do so. Remove all other
|
|
|
|
|
|
PostgreSQL servers manually before running the installer:
|
|
|
|
|
|
|
|
|
|
|
|
sudo apt-get remove $SPACED
|
|
|
|
|
|
|
|
|
|
|
|
EOF
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
|
|
;;
|
|
|
|
|
|
esac
|
|
|
|
|
|
|
2020-01-24 21:22:18 +01:00
|
|
|
|
# Check for at least ~1.86GB of RAM before starting installation;
|
2016-12-01 00:29:14 +01:00
|
|
|
|
# otherwise users will find out about insufficient RAM via weird
|
|
|
|
|
|
# errors like a segfault running `pip install`.
|
2020-01-24 21:22:18 +01:00
|
|
|
|
# Additionally, some AWS images that are advertised to be 2 GB
|
|
|
|
|
|
# are actually 1880000B in size.
|
2018-08-03 02:14:47 +02:00
|
|
|
|
mem_kb=$(head -n1 /proc/meminfo | awk '{print $2}')
|
2020-01-24 21:22:18 +01:00
|
|
|
|
if [ "$mem_kb" -lt 1860000 ]; then
|
2018-11-12 19:52:44 +01:00
|
|
|
|
set +x
|
|
|
|
|
|
echo -e '\033[0;31m' >&2
|
|
|
|
|
|
echo "Insufficient RAM. Zulip requires at least 2GB of RAM." >&2
|
|
|
|
|
|
echo >&2
|
|
|
|
|
|
echo -e '\033[0m' >&2
|
2016-12-01 00:29:14 +01:00
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2019-12-15 18:15:17 +01:00
|
|
|
|
# Do package update, e.g. do `apt-get update` on Debian
|
2020-06-23 23:22:54 +02:00
|
|
|
|
if [ "$package_system" = apt ]; then
|
|
|
|
|
|
# setup-apt-repo does an `apt-get update`
|
|
|
|
|
|
"$ZULIP_PATH"/scripts/lib/setup-apt-repo
|
|
|
|
|
|
elif [ "$package_system" = yum ]; then
|
|
|
|
|
|
"$ZULIP_PATH"/scripts/lib/setup-yum-repo
|
|
|
|
|
|
fi
|
2016-08-05 22:27:03 +02:00
|
|
|
|
|
2018-01-23 00:12:00 +01:00
|
|
|
|
# Check early for missing SSL certificates
|
2018-01-24 02:03:18 +01:00
|
|
|
|
if [ "$PUPPET_CLASSES" = "zulip::voyager" ] && [ -z "$USE_CERTBOT""$SELF_SIGNED_CERT" ] && { ! [ -e "/etc/ssl/private/zulip.key" ] || ! [ -e "/etc/ssl/certs/zulip.combined-chain.crt" ]; }; then
|
2018-02-09 02:05:13 +01:00
|
|
|
|
set +x
|
|
|
|
|
|
cat <<EOF
|
|
|
|
|
|
|
2018-04-19 20:00:37 +02:00
|
|
|
|
No SSL certificate found. One or both required files is missing:
|
|
|
|
|
|
/etc/ssl/private/zulip.key
|
|
|
|
|
|
/etc/ssl/certs/zulip.combined-chain.crt
|
|
|
|
|
|
|
|
|
|
|
|
Suggested solutions:
|
|
|
|
|
|
* For most sites, the --certbot option is recommended.
|
|
|
|
|
|
* If you have your own key and cert, see docs linked below
|
|
|
|
|
|
for how to install them.
|
|
|
|
|
|
* For non-production testing, try the --self-signed-cert option.
|
|
|
|
|
|
|
|
|
|
|
|
For help and more details, see our SSL documentation:
|
|
|
|
|
|
https://zulip.readthedocs.io/en/latest/production/ssl-certificates.html
|
2018-02-09 02:05:13 +01:00
|
|
|
|
|
|
|
|
|
|
Once fixed, just rerun scripts/setup/install; it'll pick up from here!
|
|
|
|
|
|
|
|
|
|
|
|
EOF
|
2020-06-17 23:45:20 +02:00
|
|
|
|
exit 1
|
2017-10-24 22:30:27 +02:00
|
|
|
|
fi
|
|
|
|
|
|
|
2019-06-05 14:18:52 +02:00
|
|
|
|
# don't run dist-upgrade in one click apps to make the
|
|
|
|
|
|
# installation process more seamless.
|
|
|
|
|
|
if [ -z "$NO_DIST_UPGRADE" ]; then
|
2020-06-23 23:22:54 +02:00
|
|
|
|
if [ "$package_system" = apt ]; then
|
|
|
|
|
|
apt-get -y dist-upgrade "${APT_OPTIONS[@]}"
|
|
|
|
|
|
elif [ "$package_system" = yum ]; then
|
2019-12-16 14:57:01 +01:00
|
|
|
|
# On CentOS, there is no need to do `yum -y upgrade` because `yum -y
|
|
|
|
|
|
# update` already does the same thing.
|
2020-06-23 23:22:54 +02:00
|
|
|
|
:
|
|
|
|
|
|
fi
|
2019-06-05 14:18:52 +02:00
|
|
|
|
fi
|
|
|
|
|
|
|
2020-06-23 23:22:54 +02:00
|
|
|
|
if [ "$package_system" = apt ]; then
|
|
|
|
|
|
if ! apt-get install -y \
|
|
|
|
|
|
puppet git curl wget jq \
|
2020-03-21 04:31:01 +01:00
|
|
|
|
python3 python3-six crudini \
|
2020-06-23 23:22:54 +02:00
|
|
|
|
"${ADDITIONAL_PACKAGES[@]}"; then
|
|
|
|
|
|
set +x
|
|
|
|
|
|
echo -e '\033[0;31m' >&2
|
|
|
|
|
|
echo "Installing packages failed; is network working and (on Ubuntu) the universe repository enabled?" >&2
|
|
|
|
|
|
echo >&2
|
|
|
|
|
|
echo -e '\033[0m' >&2
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
elif [ "$package_system" = yum ]; then
|
|
|
|
|
|
if ! yum install -y \
|
|
|
|
|
|
puppet git curl wget jq \
|
2020-03-21 04:31:01 +01:00
|
|
|
|
python3 python3-six crudini \
|
2020-06-23 23:22:54 +02:00
|
|
|
|
"${ADDITIONAL_PACKAGES[@]}"; then
|
|
|
|
|
|
set +x
|
|
|
|
|
|
echo -e '\033[0;31m' >&2
|
|
|
|
|
|
echo "Installing packages failed; is network working?" >&2
|
|
|
|
|
|
echo >&2
|
|
|
|
|
|
echo -e '\033[0m' >&2
|
|
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
|
|
|
|
|
fi
|
2017-08-23 23:54:59 +02:00
|
|
|
|
|
2018-01-23 00:12:00 +01:00
|
|
|
|
if [ -n "$USE_CERTBOT" ]; then
|
|
|
|
|
|
"$ZULIP_PATH"/scripts/setup/setup-certbot \
|
|
|
|
|
|
--no-zulip-conf --method=standalone \
|
2018-10-20 10:11:46 +02:00
|
|
|
|
"$EXTERNAL_HOST" --email "$ZULIP_ADMINISTRATOR"
|
2018-02-09 01:27:13 +01:00
|
|
|
|
elif [ -n "$SELF_SIGNED_CERT" ]; then
|
|
|
|
|
|
"$ZULIP_PATH"/scripts/setup/generate-self-signed-cert \
|
|
|
|
|
|
--exists-ok "${EXTERNAL_HOST:-$(hostname)}"
|
2018-01-23 00:12:00 +01:00
|
|
|
|
fi
|
|
|
|
|
|
|
2016-06-22 21:00:50 +02:00
|
|
|
|
# Create and activate a virtualenv
|
2016-07-12 20:46:49 +02:00
|
|
|
|
if [ "$VIRTUALENV_NEEDED" = "yes" ]; then
|
2016-11-20 05:45:53 +01:00
|
|
|
|
"$ZULIP_PATH"/scripts/lib/create-production-venv "$ZULIP_PATH"
|
2017-05-24 02:46:52 +02:00
|
|
|
|
"$ZULIP_PATH"/scripts/lib/create-thumbor-venv "$ZULIP_PATH"
|
2016-07-12 20:46:49 +02:00
|
|
|
|
fi
|
2016-06-22 21:00:50 +02:00
|
|
|
|
|
2017-01-07 00:57:42 +01:00
|
|
|
|
"$ZULIP_PATH"/scripts/lib/install-node
|
|
|
|
|
|
|
2018-02-09 02:14:28 +01:00
|
|
|
|
# Generate /etc/zulip/zulip.conf .
|
2013-11-14 06:32:49 +01:00
|
|
|
|
mkdir -p /etc/zulip
|
installer: Use `puppet --write-catalog-summary` to determine classes.
Using checks of `,$PUPPET_CLASSES,` is repetitive and error-prone; it
does not properly deal with `zulip_ops::` classes, for instance, which
include the `zulip::` classes.
As alluded to in ca9d27175b, this can be fixed by inspecting the
classes that would be applied, using `puppet --write-catalog-summary`.
We work around the chicken-and-egg problem alluded to therein by
writing out as complete `zulip.conf` as would be necessary, before
running puppet and removing the sections we then know to not be
needed.
Unfortunately, there are two checks for `$PUPPET_CLASSES` which cannot
be switched to this technique, as they concern errors that we wish to
catch quite early, and thus before we have puppet installed. Since we
expect failures of those to only concern warnings, and only be
mistakenly omitted for internal `zulip_ops::` classes, this seems a
reasonable risk to admit in exchange for catching common errors early.
2020-06-25 22:13:36 +02:00
|
|
|
|
has_class() {
|
|
|
|
|
|
grep -qx "$1" /var/lib/puppet/classes.txt
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# puppet apply --noop fails unless the user that it _would_ chown
|
|
|
|
|
|
# files to exists; https://tickets.puppetlabs.com/browse/PUP-3907
|
|
|
|
|
|
#
|
|
|
|
|
|
# The home directory here should match what's declared in base.pp.
|
2020-07-02 14:20:34 +02:00
|
|
|
|
id -u zulip &>/dev/null || useradd -m zulip --home-dir /home/zulip
|
installer: Use `puppet --write-catalog-summary` to determine classes.
Using checks of `,$PUPPET_CLASSES,` is repetitive and error-prone; it
does not properly deal with `zulip_ops::` classes, for instance, which
include the `zulip::` classes.
As alluded to in ca9d27175b, this can be fixed by inspecting the
classes that would be applied, using `puppet --write-catalog-summary`.
We work around the chicken-and-egg problem alluded to therein by
writing out as complete `zulip.conf` as would be necessary, before
running puppet and removing the sections we then know to not be
needed.
Unfortunately, there are two checks for `$PUPPET_CLASSES` which cannot
be switched to this technique, as they concern errors that we wish to
catch quite early, and thus before we have puppet installed. Since we
expect failures of those to only concern warnings, and only be
mistakenly omitted for internal `zulip_ops::` classes, this seems a
reasonable risk to admit in exchange for catching common errors early.
2020-06-25 22:13:36 +02:00
|
|
|
|
if [ -n "$NO_OVERWRITE_SETTINGS" ] && [ -e "/etc/zulip/zulip.conf" ]; then
|
|
|
|
|
|
"$ZULIP_PATH"/scripts/zulip-puppet-apply --force --noop \
|
|
|
|
|
|
--write-catalog-summary \
|
|
|
|
|
|
--classfile=/var/lib/puppet/classes.txt \
|
|
|
|
|
|
>/dev/null
|
|
|
|
|
|
else
|
|
|
|
|
|
# Write out more than we need, and remove sections that are not
|
|
|
|
|
|
# applicable to the classes that are actually necessary.
|
|
|
|
|
|
cat <<EOF > /etc/zulip/zulip.conf
|
2018-02-09 02:05:13 +01:00
|
|
|
|
[machine]
|
|
|
|
|
|
puppet_classes = $PUPPET_CLASSES
|
2020-06-26 00:11:02 +02:00
|
|
|
|
deploy_type = production
|
2018-02-09 02:05:13 +01:00
|
|
|
|
|
installer: Use `puppet --write-catalog-summary` to determine classes.
Using checks of `,$PUPPET_CLASSES,` is repetitive and error-prone; it
does not properly deal with `zulip_ops::` classes, for instance, which
include the `zulip::` classes.
As alluded to in ca9d27175b, this can be fixed by inspecting the
classes that would be applied, using `puppet --write-catalog-summary`.
We work around the chicken-and-egg problem alluded to therein by
writing out as complete `zulip.conf` as would be necessary, before
running puppet and removing the sections we then know to not be
needed.
Unfortunately, there are two checks for `$PUPPET_CLASSES` which cannot
be switched to this technique, as they concern errors that we wish to
catch quite early, and thus before we have puppet installed. Since we
expect failures of those to only concern warnings, and only be
mistakenly omitted for internal `zulip_ops::` classes, this seems a
reasonable risk to admit in exchange for catching common errors early.
2020-06-25 22:13:36 +02:00
|
|
|
|
[postgresql]
|
|
|
|
|
|
version = $POSTGRES_VERSION
|
2018-02-09 02:05:13 +01:00
|
|
|
|
EOF
|
2017-11-15 00:48:22 +01:00
|
|
|
|
|
installer: Use `puppet --write-catalog-summary` to determine classes.
Using checks of `,$PUPPET_CLASSES,` is repetitive and error-prone; it
does not properly deal with `zulip_ops::` classes, for instance, which
include the `zulip::` classes.
As alluded to in ca9d27175b, this can be fixed by inspecting the
classes that would be applied, using `puppet --write-catalog-summary`.
We work around the chicken-and-egg problem alluded to therein by
writing out as complete `zulip.conf` as would be necessary, before
running puppet and removing the sections we then know to not be
needed.
Unfortunately, there are two checks for `$PUPPET_CLASSES` which cannot
be switched to this technique, as they concern errors that we wish to
catch quite early, and thus before we have puppet installed. Since we
expect failures of those to only concern warnings, and only be
mistakenly omitted for internal `zulip_ops::` classes, this seems a
reasonable risk to admit in exchange for catching common errors early.
2020-06-25 22:13:36 +02:00
|
|
|
|
if [ -n "$USE_CERTBOT" ]; then
|
|
|
|
|
|
crudini --set /etc/zulip/zulip.conf certbot auto_renew yes
|
|
|
|
|
|
fi
|
2018-02-09 02:05:13 +01:00
|
|
|
|
|
2020-06-26 00:38:48 +02:00
|
|
|
|
if [ -n "$POSTGRES_MISSING_DICTIONARIES" ]; then
|
|
|
|
|
|
crudini --set /etc/zulip/zulip.conf postgresql missing_dictionaries true
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
installer: Use `puppet --write-catalog-summary` to determine classes.
Using checks of `,$PUPPET_CLASSES,` is repetitive and error-prone; it
does not properly deal with `zulip_ops::` classes, for instance, which
include the `zulip::` classes.
As alluded to in ca9d27175b, this can be fixed by inspecting the
classes that would be applied, using `puppet --write-catalog-summary`.
We work around the chicken-and-egg problem alluded to therein by
writing out as complete `zulip.conf` as would be necessary, before
running puppet and removing the sections we then know to not be
needed.
Unfortunately, there are two checks for `$PUPPET_CLASSES` which cannot
be switched to this technique, as they concern errors that we wish to
catch quite early, and thus before we have puppet installed. Since we
expect failures of those to only concern warnings, and only be
mistakenly omitted for internal `zulip_ops::` classes, this seems a
reasonable risk to admit in exchange for catching common errors early.
2020-06-25 22:13:36 +02:00
|
|
|
|
"$ZULIP_PATH"/scripts/zulip-puppet-apply --force --noop \
|
|
|
|
|
|
--write-catalog-summary \
|
|
|
|
|
|
--classfile=/var/lib/puppet/classes.txt \
|
|
|
|
|
|
>/dev/null
|
2020-06-16 07:29:17 +02:00
|
|
|
|
|
2020-07-02 00:13:00 +02:00
|
|
|
|
# We only need the postgres version setting on database hosts; but
|
|
|
|
|
|
# we don't know if this is a database host until we have the catalog summary.
|
installer: Use `puppet --write-catalog-summary` to determine classes.
Using checks of `,$PUPPET_CLASSES,` is repetitive and error-prone; it
does not properly deal with `zulip_ops::` classes, for instance, which
include the `zulip::` classes.
As alluded to in ca9d27175b, this can be fixed by inspecting the
classes that would be applied, using `puppet --write-catalog-summary`.
We work around the chicken-and-egg problem alluded to therein by
writing out as complete `zulip.conf` as would be necessary, before
running puppet and removing the sections we then know to not be
needed.
Unfortunately, there are two checks for `$PUPPET_CLASSES` which cannot
be switched to this technique, as they concern errors that we wish to
catch quite early, and thus before we have puppet installed. Since we
expect failures of those to only concern warnings, and only be
mistakenly omitted for internal `zulip_ops::` classes, this seems a
reasonable risk to admit in exchange for catching common errors early.
2020-06-25 22:13:36 +02:00
|
|
|
|
if ! has_class "zulip::postgres_common" || [ "$package_system" != apt ]; then
|
|
|
|
|
|
crudini --del /etc/zulip/zulip.conf postgresql
|
|
|
|
|
|
fi
|
2020-06-16 07:29:17 +02:00
|
|
|
|
|
installer: Use `puppet --write-catalog-summary` to determine classes.
Using checks of `,$PUPPET_CLASSES,` is repetitive and error-prone; it
does not properly deal with `zulip_ops::` classes, for instance, which
include the `zulip::` classes.
As alluded to in ca9d27175b, this can be fixed by inspecting the
classes that would be applied, using `puppet --write-catalog-summary`.
We work around the chicken-and-egg problem alluded to therein by
writing out as complete `zulip.conf` as would be necessary, before
running puppet and removing the sections we then know to not be
needed.
Unfortunately, there are two checks for `$PUPPET_CLASSES` which cannot
be switched to this technique, as they concern errors that we wish to
catch quite early, and thus before we have puppet installed. Since we
expect failures of those to only concern warnings, and only be
mistakenly omitted for internal `zulip_ops::` classes, this seems a
reasonable risk to admit in exchange for catching common errors early.
2020-06-25 22:13:36 +02:00
|
|
|
|
# Note: there are four dpkg-query outputs to consider:
|
|
|
|
|
|
#
|
|
|
|
|
|
# root@host# dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null
|
|
|
|
|
|
# root@host# apt install rabbitmq-server
|
|
|
|
|
|
# root@host# dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null
|
|
|
|
|
|
# install ok installed
|
|
|
|
|
|
# root@host# apt remove rabbitmq-server
|
|
|
|
|
|
# root@host# dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null
|
|
|
|
|
|
# deinstall ok config-files
|
|
|
|
|
|
# root@host# apt purge rabbitmq-server
|
|
|
|
|
|
# root@host# dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null
|
|
|
|
|
|
# unknown ok not-installed
|
|
|
|
|
|
#
|
|
|
|
|
|
# (There are more possibilities in the case of dpkg errors.) Here
|
|
|
|
|
|
# we are checking for either empty or not-installed.
|
|
|
|
|
|
if ! dpkg-query --showformat '${Status}\n' -W rabbitmq-server 2>/dev/null | grep -vq ' not-installed$'; then
|
|
|
|
|
|
cat <<EOF >>/etc/zulip/zulip.conf
|
|
|
|
|
|
|
|
|
|
|
|
[rabbitmq]
|
|
|
|
|
|
nodename = zulip@localhost
|
2020-06-16 07:29:17 +02:00
|
|
|
|
EOF
|
installer: Use `puppet --write-catalog-summary` to determine classes.
Using checks of `,$PUPPET_CLASSES,` is repetitive and error-prone; it
does not properly deal with `zulip_ops::` classes, for instance, which
include the `zulip::` classes.
As alluded to in ca9d27175b, this can be fixed by inspecting the
classes that would be applied, using `puppet --write-catalog-summary`.
We work around the chicken-and-egg problem alluded to therein by
writing out as complete `zulip.conf` as would be necessary, before
running puppet and removing the sections we then know to not be
needed.
Unfortunately, there are two checks for `$PUPPET_CLASSES` which cannot
be switched to this technique, as they concern errors that we wish to
catch quite early, and thus before we have puppet installed. Since we
expect failures of those to only concern warnings, and only be
mistakenly omitted for internal `zulip_ops::` classes, this seems a
reasonable risk to admit in exchange for catching common errors early.
2020-06-25 22:13:36 +02:00
|
|
|
|
fi
|
2020-06-17 23:46:05 +02:00
|
|
|
|
fi
|
2018-02-09 02:14:28 +01:00
|
|
|
|
|
2020-06-25 22:32:47 +02:00
|
|
|
|
if has_class "zulip::app_frontend_base"; then
|
|
|
|
|
|
if [ -z "$NO_OVERWRITE_SETTINGS" ] || ! [ -e "/etc/zulip/settings.py" ]; then
|
|
|
|
|
|
cp -a "$ZULIP_PATH"/zproject/prod_settings_template.py /etc/zulip/settings.py
|
|
|
|
|
|
if [ -n "$EXTERNAL_HOST" ]; then
|
|
|
|
|
|
sed -i "s/^EXTERNAL_HOST =.*/EXTERNAL_HOST = '$EXTERNAL_HOST'/" /etc/zulip/settings.py
|
2020-01-03 01:30:40 +01:00
|
|
|
|
fi
|
2020-06-25 22:32:47 +02:00
|
|
|
|
if [ -n "$ZULIP_ADMINISTRATOR" ]; then
|
|
|
|
|
|
sed -i "s/^ZULIP_ADMINISTRATOR =.*/ZULIP_ADMINISTRATOR = '$ZULIP_ADMINISTRATOR'/" /etc/zulip/settings.py
|
|
|
|
|
|
fi
|
|
|
|
|
|
fi
|
|
|
|
|
|
ln -nsf /etc/zulip/settings.py "$ZULIP_PATH"/zproject/prod_settings.py
|
|
|
|
|
|
"$ZULIP_PATH"/scripts/setup/generate_secrets.py --production
|
|
|
|
|
|
fi
|
2020-01-04 03:14:36 +01:00
|
|
|
|
|
2016-09-15 19:29:56 +02:00
|
|
|
|
"$ZULIP_PATH"/scripts/zulip-puppet-apply -f
|
2013-11-14 06:32:49 +01:00
|
|
|
|
|
2020-06-23 23:22:54 +02:00
|
|
|
|
if [ "$package_system" = apt ]; then
|
|
|
|
|
|
apt-get -y upgrade
|
|
|
|
|
|
elif [ "$package_system" = yum ]; then
|
|
|
|
|
|
# No action is required because `yum update` already does upgrade.
|
|
|
|
|
|
:
|
|
|
|
|
|
fi
|
2016-07-12 05:35:14 +02:00
|
|
|
|
|
2020-06-26 00:09:33 +02:00
|
|
|
|
if has_class "zulip::nginx" && ! has_class "zulip::dockervoyager"; then
|
2015-10-21 08:23:24 +02:00
|
|
|
|
# Check nginx was configured properly now that we've installed it.
|
|
|
|
|
|
# Most common failure mode is certs not having been installed.
|
2020-06-25 22:33:22 +02:00
|
|
|
|
if ! nginx -t; then
|
|
|
|
|
|
(
|
|
|
|
|
|
set +x
|
|
|
|
|
|
cat <<EOF
|
2018-02-09 02:05:13 +01:00
|
|
|
|
|
|
|
|
|
|
Verifying the Zulip nginx configuration failed!
|
|
|
|
|
|
|
|
|
|
|
|
This is almost always a problem with your SSL certificates. See:
|
|
|
|
|
|
https://zulip.readthedocs.io/en/latest/production/ssl-certificates.html
|
|
|
|
|
|
|
|
|
|
|
|
Once fixed, just rerun scripts/setup/install; it'll pick up from here!
|
|
|
|
|
|
|
|
|
|
|
|
EOF
|
2020-06-25 22:33:22 +02:00
|
|
|
|
exit 1
|
|
|
|
|
|
)
|
|
|
|
|
|
fi
|
2013-11-14 06:32:49 +01:00
|
|
|
|
fi
|
|
|
|
|
|
|
2020-06-25 22:33:22 +02:00
|
|
|
|
if has_class "zulip::rabbit"; then
|
2016-07-12 05:35:14 +02:00
|
|
|
|
if ! rabbitmqctl status >/dev/null; then
|
|
|
|
|
|
set +x
|
2018-02-09 02:05:13 +01:00
|
|
|
|
cat <<EOF
|
|
|
|
|
|
|
|
|
|
|
|
RabbitMQ seems to not have started properly after the installation process.
|
|
|
|
|
|
Often this is caused by misconfigured /etc/hosts in virtualized environments.
|
|
|
|
|
|
For more information, see:
|
|
|
|
|
|
https://github.com/zulip/zulip/issues/53#issuecomment-143805121
|
|
|
|
|
|
|
|
|
|
|
|
EOF
|
2016-07-12 05:35:14 +02:00
|
|
|
|
exit 1
|
|
|
|
|
|
fi
|
2016-09-15 19:29:56 +02:00
|
|
|
|
"$ZULIP_PATH"/scripts/setup/configure-rabbitmq
|
2015-09-30 03:41:31 +02:00
|
|
|
|
fi
|
|
|
|
|
|
|
2020-06-25 22:33:22 +02:00
|
|
|
|
if has_class "zulip::postgres_common" && [ -z "$NO_INIT_DB" ]; then
|
2016-09-15 19:29:56 +02:00
|
|
|
|
"$ZULIP_PATH"/scripts/setup/postgres-init-db
|
2016-07-12 05:35:14 +02:00
|
|
|
|
fi
|
2013-11-14 06:32:49 +01:00
|
|
|
|
|
2020-06-25 22:33:22 +02:00
|
|
|
|
if has_class "zulip::app_frontend_base"; then
|
2016-09-15 19:29:56 +02:00
|
|
|
|
deploy_path=$("$ZULIP_PATH"/scripts/lib/zulip_tools.py make_deploy_path)
|
|
|
|
|
|
mv "$ZULIP_PATH" "$deploy_path"
|
|
|
|
|
|
ln -nsf /home/zulip/deployments/next "$ZULIP_PATH"
|
2016-07-12 05:35:14 +02:00
|
|
|
|
ln -nsf "$deploy_path" /home/zulip/deployments/next
|
|
|
|
|
|
ln -nsf "$deploy_path" /home/zulip/deployments/current
|
2016-07-20 05:42:43 +02:00
|
|
|
|
ln -nsf /etc/zulip/settings.py "$deploy_path"/zproject/prod_settings.py
|
2016-07-12 05:35:14 +02:00
|
|
|
|
mkdir -p "$deploy_path"/prod-static/serve
|
|
|
|
|
|
cp -rT "$deploy_path"/prod-static/serve /home/zulip/prod-static
|
|
|
|
|
|
chown -R zulip:zulip /home/zulip /var/log/zulip /etc/zulip/settings.py
|
2017-09-23 00:40:35 +02:00
|
|
|
|
|
2017-09-23 04:52:33 +02:00
|
|
|
|
if ! [ -e "/home/zulip/prod-static/generated" ]; then
|
2017-09-23 00:40:35 +02:00
|
|
|
|
# If we're installing from a git checkout, we need to run
|
|
|
|
|
|
# `tools/update-prod-static` in order to build the static
|
|
|
|
|
|
# assets.
|
2020-04-24 22:26:32 +02:00
|
|
|
|
su zulip -c '/home/zulip/deployments/current/tools/update-prod-static'
|
2017-09-23 00:40:35 +02:00
|
|
|
|
fi
|
2016-07-12 05:35:14 +02:00
|
|
|
|
fi
|
2013-11-14 06:32:49 +01:00
|
|
|
|
|
2020-06-17 23:55:11 +02:00
|
|
|
|
if [ -n "$NO_INIT_DB" ]; then
|
2018-01-24 22:29:24 +01:00
|
|
|
|
set +x
|
|
|
|
|
|
cat <<EOF
|
2013-11-14 06:32:49 +01:00
|
|
|
|
|
2018-03-03 01:13:49 +01:00
|
|
|
|
Success!
|
2013-11-14 06:32:49 +01:00
|
|
|
|
|
2020-06-17 23:55:11 +02:00
|
|
|
|
Stopping because --no-init-db was passed.
|
2019-12-12 10:50:04 +01:00
|
|
|
|
To complete the installation, configure postgres and then run:
|
2013-11-14 06:32:49 +01:00
|
|
|
|
|
2018-11-30 21:08:25 +01:00
|
|
|
|
su zulip -c '/home/zulip/deployments/current/scripts/setup/initialize-database'
|
2019-12-12 10:50:04 +01:00
|
|
|
|
su zulip -c '/home/zulip/deployments/current/manage.py generate_realm_creation_link'
|
2013-11-14 06:32:49 +01:00
|
|
|
|
EOF
|
2018-01-24 22:29:24 +01:00
|
|
|
|
exit 0
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
2018-03-03 01:17:52 +01:00
|
|
|
|
su zulip -c '/home/zulip/deployments/current/scripts/setup/initialize-database --quiet'
|
2018-01-24 22:29:24 +01:00
|
|
|
|
|
2018-03-03 01:17:52 +01:00
|
|
|
|
su zulip -c '/home/zulip/deployments/current/manage.py generate_realm_creation_link'
|
