[appliance] enforce correct ownership of MySQL database files after 12.1 upgrade
[opensuse:build-service.git] / dist / obsapisetup
1 #! /bin/sh
2 # Copyright (c) 2010, Novell Inc.
3 #
4 # Author: adrian@suse.de
5 #
6 # /etc/init.d/obsapisetup
7 #   and its symbolic  link
8 # /usr/sbin/rcobsapisetup
9 #
10 ### BEGIN INIT INFO
11 # Provides:          obsapisetup
12 # Start-Before:      apache2
13 # Should-Start:      obsstoragesetup
14 # Should-Stop:       $none
15 # Required-Start:    mysql
16 # Required-Stop:     $null
17 # Default-Start:     3 5
18 # Default-Stop:      0 1 2 4 6
19 # Description:       Initialize and update api database, only used in OBS Appliance
20 ### END INIT INFO
21
22 . /etc/rc.status
23
24 # Determine the base and follow a runlevel link name.
25 base=${0##*/}
26 link=${base#*[SK][0-9][0-9]}
27
28 apidir=/srv/www/obs/api
29 webuidir=/srv/www/obs/webui
30
31
32
33 # make parsed output predictable 
34 export LC_ALL=C
35
36 . /etc/sysconfig/obs-server
37
38 if [ "$OBS_API_AUTOSETUP" != "yes" ]; then
39    echo "OBS API Autosetup is not enabled in sysconfig, skipping!"
40    exit 0
41 fi
42
43 if [ -z "$OBS_BASE_DIR" ]; then
44 backenddir=/srv/obs
45 else
46 backenddir="$OBS_BASE_DIR"
47 fi
48
49
50 FQHOSTNAME=`hostname -f `
51
52 if [ "$?" != "0" ]; then
53   # Fallback to IP of the VM/host
54   FQHOSTNAME=`ip addr | sed -n 's,.*inet \(.*\)/.* brd.*,\1,p' | grep -v ^127. | head -n 1`
55   if [ "$?" != "0" -o "$FQHOSTNAME" = "" ]; then
56     echo "    Can't determine hostname or IP - Network setup failed!"
57     echo "    Check if networking is up and dhcp is working!"
58     echo "    Using 'localhost' as FQHOSTNAME."
59     FQHOSTNAME="localhost"
60   fi
61   USEIP=$FQHOSTNAME
62 fi
63
64 rc_reset
65 case "$1" in
66         start)
67                 if [ ! -d /obs/MySQL ]; then
68                         mkdir -p /obs/MySQL
69                 else
70                    # a distro update may mess up the mysql id
71                    chown -R mysql.mysql /obs/MySQL
72                 fi
73
74                 # If we've proper hostname resolution all is fine. But if
75                 # there's no proper hostname resolution, adapt BSConfig.pm et al.
76                 ### In case of the appliance, we never know where we boot up !
77                 OLDFQHOSTNAME="NOTHING"
78                 if [ -e /obs/.oldfqhostname ]; then
79                         OLDFQHOSTNAME=`cat /obs/.oldfqhostname`
80                 fi
81                 if [ "$FQHOSTNAME" != "$OLDFQHOSTNAME" ]; then
82                         echo "Appliance hostname changed from $OLDFQHOSTNAME to $FQHOSTNAME !"
83                         echo "Adapting hostname in BSConfig.pm"
84                         sed -i 's,^my.*hostname.*=.*,my \$hostname = "'"$FQHOSTNAME"'";,' \
85                                 /usr/lib/obs/server/BSConfig.pm
86                         #changed IP means also that leftover jobs are invalid - cope with that
87                         echo "Adapting present worker jobs"
88                         sed -i "s,server=\"http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:5352,server=\"http://$FQHOSTNAME:5352,g" \
89                                 /$backenddir/jobs/*/* 2> /dev/null
90                         sed -i "s,server=\"http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*:5252,server=\"http://$FQHOSTNAME:5252,g" \
91                                 /$backenddir/jobs/*/* 2> /dev/null
92                         #remove old workers status and idling/building markers
93                         rm -f /$backenddir/jobs/*/*status 2> /dev/null
94                         rm -f /$backenddir/workers/*/* 2> /dev/null
95                         # create repo directory or apache fails when nothing got published
96                         mkdir -p /$backenddir/repos
97                         chown obsrun.obsrun /$backenddir/repos
98                 fi
99                 echo "$FQHOSTNAME" > /obs/.oldfqhostname
100
101                 echo -n "Adjust webui configuration for api"
102                 # it would be better to solve this in lighttpd.conf to accept also localhost:444,
103                 # but no idea how to solve this
104                 sed -i 's,^FRONTEND_HOST = .*,FRONTEND_HOST = "'"$FQHOSTNAME"'",' \
105                     /srv/www/obs/webui/config/environments/production.rb
106                 sed -i 's,^FRONTEND_PORT = .*,FRONTEND_PORT = 444,' \
107                     /srv/www/obs/webui/config/environments/production.rb
108                 sed -i 's,^FRONTEND_PROTOCOL = .*,FRONTEND_PROTOCOL = "'"https"'",' \
109                     /srv/www/obs/webui/config/environments/production.rb
110                 sed -i 's,^DOWNLOAD_URL = .*,DOWNLOAD_URL = \"http://'"$FQHOSTNAME:82"'\",' \
111                     /srv/www/obs/webui/config/environments/production.rb
112                 sed -i -e /webui_url:/d -e /webui_host:/d -e /allow_anonymous:/d \
113                     /srv/www/obs/api/config/options.yml
114                 echo "# the following lines are always written by obsapisetup!" >> /srv/www/obs/api/config/options.yml
115                 echo "allow_anonymous: true" >> /srv/www/obs/api/config/options.yml
116                 if [ "$FQHOSTNAME" == "localhost" ] ; then
117                         echo "webui_host: localhost" >> /srv/www/obs/api/config/options.yml
118                 else
119                         echo "webui_host: `ip addr | sed -n 's,.*inet \(.*\)/.* brd.*,\1,p' | grep -v ^127. | head -n 1`" >> /srv/www/obs/api/config/options.yml
120                 fi
121                 echo "webui_url: https://$FQHOSTNAME:443" >> /srv/www/obs/api/config/options.yml
122                 echo
123                 OBSVERSION=`rpm -q --qf '%{VERSION}' obs-server`
124                 OS=`head -n 1 /etc/SuSE-release`
125                 if [ ! -e /obs/MySQL/api_production ]; then
126                         echo -n "Initialize OBS api database (first time only)"
127                         mysqladmin -u root create api_production
128                         mysqladmin -u root password "opensuse"
129                         cd $apidir
130                         RAILS_ENV=production rake db:setup >> $apidir/log/db_migrate.log
131                         ( umask 0077; dd if=/dev/urandom bs=256 count=1 2>/dev/null |sha256sum| cut -d\  -f 1 >config/secret.key )
132                         chmod 0640 config/secret.key
133                         chown root.www config/secret.key
134                 else
135                         echo
136                         echo -n "Migrate OBS api database"
137                         cd $apidir
138                         RAILS_ENV=production rake db:migrate >> $apidir/log/db_migrate.log
139                         echo
140                 fi
141                 if [ ! -e /obs/MySQL/webui_production ]; then
142                         echo -n "Initialize OBS webui database (first time only)"
143                         mysqladmin -u root create webui_production
144                         cd $webuidir
145                         RAILS_ENV=production rake db:setup >> $webuidir/log/db_migrate.log
146                         ( umask 0077; dd if=/dev/urandom bs=256 count=1 2>/dev/null |sha256sum| cut -d\  -f 1 >config/secret.key)
147                         chmod 0640 config/secret.key
148                         chown root.www config/secret.key
149                 else
150                         echo
151                         echo -n "Migrate OBS webui database"
152                         cd $webuidir
153                         RAILS_ENV=production rake db:migrate >> $webuidir/log/db_migrate.log
154                         echo
155                 fi
156
157                 # reuse signing key even if hostname changed
158                 if [ ! -e /srv/obs/certs/server.key ]; then
159                     install -d -m 0700 /srv/obs/certs
160                     openssl genrsa -out /srv/obs/certs/server.key 1024
161                 fi
162
163                 if [ ! -e /srv/obs/certs/server.${FQHOSTNAME}.created ]; then
164                        # setup ssl certificates (NOT protected with a passphrase)
165                        echo "Creating a default SSL certificate for the server, please replace it with your version in /obs/certs directory..."
166                        # hostname specific certs - survive intermediate hostname changes
167                        if [ ! -e /srv/obs/certs/server.${FQHOSTNAME}.pem ] ; then
168                            # This is just a dummy SSL certificate, but it has a valid hostname. Admin can replace it with his version.
169                            echo "CC
170 Test State or Province
171 Test Locality
172 Organization Name
173 Organizational Unit Name
174 $FQHOSTNAME
175 test@email.address
176
177
178 "                        | openssl req -new -key /srv/obs/certs/server.key -out /srv/obs/certs/server.${FQHOSTNAME}.csr >& /dev/null
179                            openssl x509 -req -days 365 -in /srv/obs/certs/server.${FQHOSTNAME}.csr -signkey /srv/obs/certs/server.key -out /srv/obs/certs/server.${FQHOSTNAME}.crt
180                            cat /srv/obs/certs/server.key /srv/obs/certs/server.${FQHOSTNAME}.crt > /srv/obs/certs/server.${FQHOSTNAME}.pem
181                            echo "Do not remove this file or new SSL CAs will get created." > /srv/obs/certs/server.${FQHOSTNAME}.created
182                        else
183                          echo "ERROR: SSL CAs in /srv/obs/certs exists, but were not created for your hostname"
184                          exit 1
185                        fi
186                 fi
187                 # change links for certs according to hostnames
188                 rm /srv/obs/certs/server.crt /srv/obs/certs/server.pem
189                 ln -sf /srv/obs/certs/server.${FQHOSTNAME}.crt /srv/obs/certs/server.crt
190                 ln -sf /srv/obs/certs/server.${FQHOSTNAME}.pem /srv/obs/certs/server.pem
191
192                 cd $webuidir
193                 chown -R wwwrun.www $webuidir/log
194                 cd $apidir
195                 chown -R wwwrun.www $apidir/log
196
197                 cat > /etc/issue <<EOF
198 Welcome to Open Build Service(OBS) Appliance $OBSVERSION
199 based on $OS
200
201 EOF
202                 if ! grep -q "^our \$sign =" /usr/lib/obs/server/BSConfig.pm ; then
203                         cat >> /etc/issue <<EOF
204
205   WARNING: **** Package signing is disabled, maybe due to lack of hardware number generator ****
206
207 EOF
208                 fi
209
210                 if [ -n "$FQHOSTNAME" ]; then
211                         sed -e "s,___WEBUI_URL___,https://$FQHOSTNAME,g" \
212                             -e "s,___API_URL___,https://$FQHOSTNAME:444,g" \
213                             -e "s,___REPO_URL___,http://$FQHOSTNAME:82,g" \
214                             /srv/www/obs/overview/overview.html.TEMPLATE > /srv/www/obs/overview/index.html
215
216                         cat >> /etc/issue <<EOF
217
218   Connect to the web interface via:     https://$FQHOSTNAME
219   Connect to the api interface via:     https://$FQHOSTNAME:444
220   Browse the build packages via:        http://$FQHOSTNAME:82
221
222  * "Admin"/"root" user password is "opensuse" by default.
223  * Connect to the web interface now to finish the OBS setup.
224
225 More informations about this appliance are available here:
226
227  http://en.opensuse.org/Build_Service/OBS-Appliance
228
229                                   Greetings from the Open Build Service Team
230                                   http://www.open-build-service.org
231
232 EOF
233                 else
234                         echo "OBS appliance could not get setup, no network found" > /srv/www/obs/overview/index.html
235                         echo '**********************************************' >> /etc/issue
236                         echo '**           NETWORK SETUP FAILED           **' >> /etc/issue
237                         echo '**                                          **' >> /etc/issue
238                         echo '** OBS is not usable                        **' >> /etc/issue
239                         echo '** A working DHCP and DNS server in network **' >> /etc/issue
240                         echo '** is required!                             **' >> /etc/issue
241                         echo '**********************************************' >> /etc/issue
242                 fi
243                 rc_status -v
244         ;;
245         stop)
246                 # nothing to do
247                 rc_status -v
248         ;;
249         restart)
250                 # nothing to do
251                 rc_status
252         ;;
253         try-restart)
254                 # nothing to do
255                 rc_status
256         ;;
257         reload)
258                 # nothing to do
259                 rc_status
260         ;;
261         status)
262                 # nothing to do
263                 rc_status -v
264         ;;
265         *)
266                 echo "Usage: $0 {start|stop|status|try-restart|restart|reload}"
267                 exit 1
268         ;;
269 esac
270 rc_exit