#!/bin/bash # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see https://www.debian.org/doc/debian-policy/ or # the debian-policy package set -e # fail on any error PROJECT=armaconsole # USERS CONFIG PROJECT_USER="${PROJECT}" PROJECT_GROUP="www-data" PROJECT_CHOWNER="${PROJECT_USER}:${PROJECT_GROUP}" SUDOERS_FILE_PATH="/etc/sudoers.d/${PROJECT}" # SYSTEMCTL CONFIG SYSCTL_AMC_SERVICES="amcgunicorn amccelery amccelerybeat amccorrelator amclicense amcchecker amcvector" SYSCTL_ALL_SERVICES="${SYSCTL_AMC_SERVICES} postgresql nginx elasticsearch redis-server" # AMC DIRS AMC_ETC="/etc/${PROJECT}" AMC_HOME="/usr/local/${PROJECT}" AMC_WWW="/var/www/${PROJECT}" AMC_PUBLIC="${AMC_WWW}/public" # CERTS PATHES CORE_CERT_PATH="${AMC_PUBLIC}/media/certificate.crt" CORE_PRIV_KEY_PATH="${AMC_PUBLIC}/media/certificate.key" NGINX_SSL_PATH="/etc/nginx/ssl/${PROJECT}" NGINX_CERT_PATH="${NGINX_SSL_PATH}/nginx-selfsigned.crt" NGINX_PRIV_KEY_PATH="${NGINX_SSL_PATH}/nginx-selfsigned.key" NGINX_DHPARAM_PATH="${NGINX_SSL_PATH}/dhparam.pem" NGINX_CERT_SUBJ="/C=RU/ST=Moscow/L=Moscow/O=ARMA/CN=iwarma.ru" # ======[ Trap Errors ]======# set -E # let shell functions inherit ERR trap trap err_handler 1 2 3 15 ERR # Trap non-normal exit signals: 1/HUP, 2/INT, 3/QUIT, 15/TERM, ERR # shellcheck disable=SC2128 function err_handler() { local exit_status=${1:-$?} logger -s -p "syslog.err" -t "${PROJECT}.deb" \ "${PROJECT}.deb script '$0' error code $exit_status (line $BASH_LINENO: '$BASH_COMMAND')" exit "$exit_status" } . /usr/share/debconf/confmodule # shellcheck disable=SC2034 # shellcheck disable=SC1090 if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then . /usr/share/dbconfig-common/dpkg/postinst.pgsql . "${AMC_ETC}/env.prod" dbc_generate_include_owner="${PROJECT_CHOWNER}" dbc_generate_include_perms="0640" dbc_generate_include="sh:${DEBCONF_DBCONF_FPATH}" dbc_pgsql_createdb_encoding="UTF8" dbc_go "${PROJECT}" "$@" fi DEBUG_INSTALL="${DEBUG_INSTALL:-0}" [ "$DEBUG_INSTALL" == "1" ] && set -x [ "$DEBUG_INSTALL" == "1" ] && echo "Calling postinst $*" function backup_config() { fpath="$1" if [ -f "${fpath}" ] && [ ! -f "${fpath}.AMCBK" ]; then mv "${fpath}" "${fpath}.AMCBK" fi } function backup_and_copy_config() { fpath="$1" if [ -f "${fpath}" ] && [ ! -f "${fpath}.AMCBK" ]; then cp -f "${fpath}" "${fpath}.AMCBK" fi } function restore_config() { fpath="$1" if [ -f "${fpath}.AMCBK" ]; then rm -f "${fpath}" mv "${fpath}.AMCBK" "${fpath}" fi } function backup_and_link_config() { path_from="$1" path_to="$2" restore_config "${path_to}" backup_config "${path_to}" rm -f "${path_to}" ln -sf "${path_from}" "${path_to}" } set -u # treat unset variables as errors case "$1" in configure | abort-remove) # Logstash # backup_and_link_config "${AMC_ETC}/logstash.yml" "/etc/logstash/logstash.yml" # ln -sf "/etc/logstash/conf.d/" "${AMC_PUBLIC}/logstash" # chmod 777 "${AMC_PUBLIC}/logstash" # TODO change folder and owner instead 777 # Vector # backup_and_link_config "${AMC_ETC}/vector.yml" "/etc/vector/vector.yml" # ln -sf "/etc/vector/conf.d/" "${AMC_PUBLIC}/vector" mkdir -p "${AMC_PUBLIC}/vector" mkdir -p "${AMC_WWW}/vector" # Elasticsearch backup_and_link_config "${AMC_ETC}/elasticsearch.yml" "/etc/elasticsearch/elasticsearch.yml" mkdir -p "/usr/share/elasticsearch/data" chmod 777 "/usr/share/elasticsearch/data" &>/dev/null if [ -f /.dockerenv ]; then backup_and_copy_config "/etc/elasticsearch/jvm.options" sed -i 's|^#\?-Djava.io.tmpdir=.*|-Djava.io.tmpdir=/var/log/elasticsearch|' /etc/elasticsearch/jvm.options sed -i 's|^[# ]*-Xms[0-9]\+g *$|-Xms2g|' /etc/elasticsearch/jvm.options sed -i 's|^[# ]*-Xmx[0-9]\+g *$|-Xmx2g|' /etc/elasticsearch/jvm.options # backup_and_copy_config "/etc/logstash/jvm.options" # sed -i 's|^#\?-Djava.io.tmpdir=.*|-Djava.io.tmpdir=/var/log/logstash|' /etc/logstash/jvm.options # sed -i 's|^[# ]*-Xms[0-9]\+g *$|-Xms2g|' /etc/logstash/jvm.options # sed -i 's|^[# ]*-Xmx[0-9]\+g *$|-Xmx2g|' /etc/logstash/jvm.options fi # Nginx rm -f "/etc/nginx/sites-enabled/default" cp -f "${AMC_HOME}/nginx/${PROJECT}_http.nginx" "${AMC_HOME}/nginx/${PROJECT}.nginx" ln -sf "${AMC_HOME}/nginx/${PROJECT}.nginx" "/etc/nginx/sites-enabled/${PROJECT}.nginx" # TODO: Generate cer, key, pem from core python module [ -f "${NGINX_DHPARAM_PATH}" ] || openssl dhparam -out "${NGINX_DHPARAM_PATH}" 2048 &>/dev/null openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout "${CORE_PRIV_KEY_PATH}" \ -out "${CORE_CERT_PATH}" \ -subj "${NGINX_CERT_SUBJ}" &>/dev/null cp -f "${CORE_CERT_PATH}" "${NGINX_CERT_PATH}" cp -f "${CORE_PRIV_KEY_PATH}" "${NGINX_PRIV_KEY_PATH}" # Dirs chown -R "${PROJECT_CHOWNER}" "${AMC_HOME}" chown -R "${PROJECT_CHOWNER}" "${AMC_ETC}" chown -R "${PROJECT_CHOWNER}" "${AMC_WWW}" chown -R "${PROJECT_CHOWNER}" "${NGINX_SSL_PATH}" if [ -f /lib/systemd/system/vector.service ] || [ -f /usr/lib/systemd/system/vector.service ] then #stop default vector.service systemctl stop vector.service #disable default vector.service systemctl disable vector.service #remove default vector.service files rm -f /lib/systemd/system/vector.service /usr/lib/systemd/system/vector.service fi # Services systemctl daemon-reload # shellcheck disable=SC2086 systemctl enable ${SYSCTL_ALL_SERVICES} # shellcheck disable=SC2086 systemctl restart ${SYSCTL_ALL_SERVICES} || true ;; abort-upgrade | abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac exit 0