DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Installer fine tuning (#2993)

Browse source 
* used shellcheck to lint snipeit.sh

* do not depend on lsb-release command

* add lsb codename

* really use perms()

* more fixes

* quiet apt

* silent logging using log()

* start mysql if not running

* added curl to ubuntu

* added logfile to log function

* update apt index after adding mariadb repo

* fixed typo

* review fixes
This commit is contained in:
morph027 2017-01-11 08:07:06 +01:00 committed by snipe
parent f371c5fd62
commit 734e87f85f
1 changed files with 155 additions and 142 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

297
snipeit.sh
View file

@ -22,7 +22,6 @@ fi
clear
name="snipeit"
si="Snipe-IT"
hostname="$(hostname)"
fqdn="$(hostname --fqdn)"
ans=default
@ -36,16 +35,16 @@ spin[1]="\\"
spin[2]="|"
spin[3]="/"
rm -rf $tmp/
rm -rf ${tmp:?}
mkdir $tmp
# Debian/Ubuntu friendly f(x)s
progress () {
while kill -0 $pid > /dev/null 2>&1
while kill -0 "$pid" > /dev/null 2>&1
do
for i in "${spin[@]}"
do
if [ -e /proc/$pid ]; then
if [ -e /proc/"$pid" ]; then
echo -ne "\b$i"
sleep .1
else
@ -56,24 +55,26 @@ progress () {
}
vhenvfile () {
sudo ls -al /etc/apache2/mods-enabled/rewrite.load >> /var/log/snipeit-install.log 2>&1
find /etc/apache2/mods-enabled -maxdepth 1 -name 'rewrite.load' >/dev/null 2>&1
apachefile=/etc/apache2/sites-available/$name.conf
echo "* Create Virtual host for apache."
echo >> $apachefile "<VirtualHost *:80>"
echo >> $apachefile "ServerAdmin webmaster@localhost"
echo >> $apachefile " <Directory $webdir/$name/public>"
echo >> $apachefile " Require all granted"
echo >> $apachefile " AllowOverride All"
echo >> $apachefile " </Directory>"
echo >> $apachefile " DocumentRoot $webdir/$name/public"
echo >> $apachefile " ServerName $fqdn"
echo >> $apachefile " ErrorLog /var/log/apache2/snipeIT.error.log"
echo >> $apachefile " CustomLog /var/log/apache2/access.log combined"
echo >> $apachefile "</VirtualHost>"
{
echo "<VirtualHost *:80>"
echo "ServerAdmin webmaster@localhost"
echo "<Directory $webdir/$name/public>"
echo " Require all granted"
echo " AllowOverride All"
echo " </Directory>"
echo " DocumentRoot $webdir/$name/public"
echo " ServerName $fqdn"
echo " ErrorLog /var/log/apache2/snipeIT.error.log"
echo " CustomLog /var/log/apache2/access.log combined"
echo "</VirtualHost>"
} >> $apachefile
echo >> $hosts "127.0.0.1 $hostname $fqdn"
a2ensite $name.conf >> /var/log/snipeit-install.log 2>&1
log "a2ensite $name.conf"
cat > $webdir/$name/.env <<-EOF
cat > "$webdir/$name/.env" <<-EOF
#Created By Snipe-it Installer
APP_TIMEZONE=$(cat /etc/timezone)
DB_HOST=localhost
@ -86,44 +87,45 @@ vhenvfile () {
}
perms () {
if [ $distro == "debian" ]; then
#Change permissions on directories
chmod -R 755 $webdir/$name/storage
chmod -R 755 $webdir/$name/storage/private_uploads
chmod -R 755 $webdir/$name/public/uploads
chown -R www-data:www-data /var/www/$name
# echo "* Finished permission changes."
else
sudo chmod -R 755 $webdir/$name/storage
sudo chmod -R 755 $webdir/$name/storage/private_uploads
sudo chmod -R 755 $webdir/$name/public/uploads
sudo chown -R www-data:www-data /var/www/$name
fi
chmod_dirs=( "$webdir/$name/storage" )
chmod_dirs+=( "$webdir/$name/storage/private_uploads" )
chmod_dirs+=( "$webdir/$name/public/uploads" )
#Change permissions on directories
for chmod_dir in "${chmod_dirs[@]}"
do
chmod -R 755 "$chmod_dir"
done
}
log () {
eval "$@" |& tee -a /var/log/snipeit-install.log >/dev/null 2>&1
}
#CentOS Friendly f(x)s
function isinstalled {
if yum list installed "$@" >/dev/null 2>&1; then
true
else
false
fi
if yum list installed "$@" >/dev/null 2>&1; then
true
else
false
fi
}
if [ -f /etc/lsb-release ]; then
distro="$(lsb_release -s -i )"
version="$(lsb_release -s -r)"
. /etc/lsb-release
distro="${DISTRIB_ID,,}"
version="$DISTRIB_RELEASE"
codename="$DISTRIB_CODENAME"
elif [ -f /etc/os-release ]; then
distro="$(. /etc/os-release && echo $ID)"
version="$(. /etc/os-release && echo $VERSION_ID)"
#Order is important here. If /etc/os-release and /etc/centos-release exist, we're on centos 7.
#If only /etc/centos-release exist, we're on centos6(or earlier). Centos-release is less parsable,
#so lets assume that it's version 6 (Plus, who would be doing a new install of anything on centos5 at this point..)
distro="$(. /etc/os-release && echo $ID)"
version="$(. /etc/os-release && echo $VERSION_ID)"
#Order is important here. If /etc/os-release and /etc/centos-release exist, we're on centos 7.
#If only /etc/centos-release exist, we're on centos6(or earlier). Centos-release is less parsable,
#so lets assume that it's version 6 (Plus, who would be doing a new install of anything on centos5 at this point..)
elif [ -f /etc/centos-release ]; then
distro="Centos"
version="6"
else
distro="unsupported"
distro="unsupported"
fi
@ -177,7 +179,7 @@ read setpw
case $setpw in
[yY] | [yY][Ee][Ss] )
mysqluserpw="$(echo `< /dev/urandom tr -dc _A-Za-z-0-9 | head -c16`)"
mysqluserpw="$(< /dev/urandom tr -dc _A-Za-z-0-9 2>&1 | head -c16)"
ans="yes"
;;
[nN] | [n|N][O|o] )
@ -192,17 +194,19 @@ esac
done
#Snipe says we need a new 32bit key, so let's create one randomly and inject it into the file
random32="$(echo `< /dev/urandom tr -dc _A-Za-z-0-9 | head -c32`)"
random32="$(< /dev/urandom tr -dc _A-Za-z-0-9 2>&1 | head -c32)"
#db_setup.sql will be injected to the database during install.
#Again, this file should be removed, which will be a prompt at the end of the script.
dbsetup=$tmp/db_setup.sql
echo >> $dbsetup "CREATE DATABASE snipeit;"
echo >> $dbsetup "GRANT ALL PRIVILEGES ON snipeit.* TO snipeit@localhost IDENTIFIED BY '$mysqluserpw';"
dbsetup="$tmp/db_setup.sql"
{
echo "CREATE DATABASE snipeit;"
echo "GRANT ALL PRIVILEGES ON snipeit.* TO snipeit@localhost IDENTIFIED BY '$mysqluserpw';"
} >> "$dbsetup"
#Let us make it so only root can read the file. Again, this isn't best practice, so please remove these after the install.
chown root:root $dbsetup
chmod 700 $dbsetup
chown root:root "$dbsetup"
chmod 700 "$dbsetup"
## TODO: Progress tracker on each step
@ -216,27 +220,28 @@ case $distro in
webdir=/var/www
echo -e "\n* Updating Debian packages in the background... ${spin[0]}\n"
apt-get update >> /var/log/snipeit-install.log & pid=$! 2>&1
log "apt-get update" & pid=$!
wait
apt-get upgrade >> /var/log/snipeit-install.log & pid=$! 2>&1
log "apt-get upgrade" & pid=$!
wait
echo -e "\n* Installing packages... ${spin[0]}\n"
echo -e "\n* Going to suppress more messages that you don't need to worry about. Please wait... ${spin[0]}"
DEBIAN_FRONTEND=noninteractive apt-get -y install mariadb-server mariadb-client apache2 git unzip php5 php5-mcrypt php5-curl php5-mysql php5-gd php5-ldap libapache2-mod-php5 curl >> /var/log/snipeit-install.log & pid=$! 2>&1
log "DEBIAN_FRONTEND=noninteractive apt-get -y install mariadb-server mariadb-client apache2 git unzip php5 php5-mcrypt php5-curl php5-mysql php5-gd php5-ldap libapache2-mod-php5 curl" & pid=$!
progress
wait
echo -e "\n* Cloning Snipeit, extracting to $webdir/$name..."
git clone https://github.com/snipe/snipe-it $webdir/$name >> /var/log/snipeit-install.log & pid=$! 2>&1
log "git clone https://github.com/snipe/snipe-it $webdir/$name" & pid=$!
progress
php5enmod mcrypt >> /var/log/snipeit-install.log 2>&1
a2enmod rewrite >> /var/log/snipeit-install.log 2>&1
log "php5enmod mcrypt"
log "a2enmod rewrite"
vhenvfile
wait
echo >> $hosts "127.0.0.1 $hostname $fqdn"
a2ensite $name.conf
log "a2ensite $name.conf"
echo -e "* Modify the Snipe-It files necessary for a production environment.\n* Securing Mysql"
# Have user set own root password when securing install
# and just set the snipeit database user at the beginning
service mysql status >/dev/null || service mysql start
/usr/bin/mysql_secure_installation
echo -e "* Creating Mysql Database and User.\n## Please Input your MySQL/MariaDB root password: "
mysql -u root -p < $dbsetup
@ -244,6 +249,7 @@ case $distro in
curl -sS https://getcomposer.org/installer | php
php composer.phar install --no-dev --prefer-source
perms
chown -R www-data:www-data "/var/www/$name"
service apache2 restart
;;
ubuntu)
@ -253,33 +259,37 @@ case $distro in
#composer install, set permissions, restart apache.
webdir=/var/www
echo -ne "\n* Adding MariaDB repo in the background... ${spin[0]}"
(echo "deb [arch=amd64,i386] http://ftp.hosteurope.de/mirror/mariadb.org/repo/10.1/ubuntu $codename main" | tee /etc/apt/sources.list.d/mariadb.list >/dev/null 2>&1)
log "apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8"
echo -ne "\n* Updating with apt-get update in the background... ${spin[0]}"
sudo apt-get update >> /var/log/snipeit-install.log & pid=$! 2>&1
rm /var/lib/dpkg/lock
log "apt-get update" & pid=$!
[ -f /var/lib/dpkg/lock ] && rm -f /var/lib/dpkg/lock
progress
echo -ne "\n* Upgrading packages with apt-get upgrade in the background... ${spin[0]}"
sudo apt-get -y upgrade >> /var/log/snipeit-install.log & pid=$! 2>&1
log "apt-get -y upgrade" & pid=$!
progress
echo -ne "\n* Setting up LAMP in the background... ${spin[0]}\n"
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y lamp-server^ >> /var/log/snipeit-install.log & pid=$! 2>&1
log "DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server mariadb-client apache2 libapache2-mod-php curl" & pid=$!
progress
if [ "$version" == "16.04" ]; then
sudo apt-get install -y git unzip php php-mcrypt php-curl php-mysql php-gd php-ldap php-zip php-mbstring php-xml >> /var/log/snipeit-install.log & pid=$! 2>&1
log "apt-get install -y git unzip php php-mcrypt php-curl php-mysql php-gd php-ldap php-zip php-mbstring php-xml" & pid=$!
progress
sudo phpenmod mcrypt >> /var/log/snipeit-install.log 2>&1
sudo phpenmod mbstring >> /var/log/snipeit-install 2>&1
sudo a2enmod rewrite >> /var/log/snipeit-install.log 2>&1
log "phpenmod mcrypt"
log "phpenmod mbstring"
log "a2enmod rewrite"
else
sudo apt-get install -y git unzip php5 php5-mcrypt php5-curl php5-mysql php5-gd php5-ldap >> /var/log/snipeit-install.log & pid=$! 2>&1
log "apt-get install -y git unzip php5 php5-mcrypt php5-curl php5-mysql php5-gd php5-ldap" & pid=$!
progress
sudo php5enmod mcrypt >> /var/log/snipeit-install.log 2>&1
sudo a2enmod rewrite >> /var/log/snipeit-install.log 2>&1
log "php5enmod mcrypt"
log "a2enmod rewrite"
fi
echo -ne "\n* Cloning Snipeit, extracting to $webdir/$name... ${spin[0]}"
git clone https://github.com/snipe/snipe-it $webdir/$name >> /var/log/snipeit-install.log & pid=$! 2>&1
log "git clone https://github.com/snipe/snipe-it $webdir/$name" & pid=$!
progress
vhenvfile
echo -e "* MySQL Phase next.\n"
service mysql status >/dev/null || service mysql start
/usr/bin/mysql_secure_installation
echo -e "* Creating MySQL Database and user.\n* Please Input your MySQL/MariaDB root password created in the previous step.: "
mysql -u root -p < $dbsetup
@ -288,9 +298,10 @@ case $distro in
curl -sS https://getcomposer.org/installer | php
php composer.phar install --no-dev --prefer-source
perms
chown -R www-data:www-data "/var/www/$name"
service apache2 restart
;;
centos )
centos)
if [ "$version" == "6" ]; then
##################################### Install for Centos/Redhat 6 ##############################################
@ -299,35 +310,37 @@ case $distro in
echo ""
echo "## Adding IUS, epel-release and mariaDB repos.";
mariadbRepo=/etc/yum.repos.d/MariaDB.repo
touch $mariadbRepo
echo >> $mariadbRepo "[mariadb]"
echo >> $mariadbRepo "name = MariaDB"
echo >> $mariadbRepo "baseurl = http://yum.mariadb.org/10.0/centos6-amd64"
echo >> $mariadbRepo "gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB"
echo >> $mariadbRepo "gpgcheck=1"
echo >> $mariadbRepo "enable=1"
touch "$mariadbRepo"
{
echo "[mariadb]"
echo "name = MariaDB"
echo "baseurl = http://yum.mariadb.org/10.0/centos6-amd64"
echo "gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB"
echo "gpgcheck=1"
echo "enable=1"
} >> "$mariadbRepo"
yum -y install wget epel-release >> /var/log/snipeit-install.log 2>&1
wget -P $tmp/ https://centos6.iuscommunity.org/ius-release.rpm >> /var/log/snipeit-install.log 2>&1
rpm -Uvh $tmp/ius-release*.rpm >> /var/log/snipeit-install.log 2>&1
log "yum -y install wget epel-release"
log "wget -P "$tmp/" https://centos6.iuscommunity.org/ius-release.rpm"
log "rpm -Uvh "$tmp/ius-release*.rpm""
#Install PHP and other needed stuff.
echo "## Installing PHP and other needed stuff";
PACKAGES="httpd MariaDB-server git unzip php56u php56u-mysqlnd php56u-bcmath php56u-cli php56u-common php56u-embedded php56u-gd php56u-mbstring php56u-mcrypt php56u-ldap"
for p in $PACKAGES;do
if isinstalled $p;then
echo " ##" $p "Installed"
if isinstalled "$p"; then
echo " ## $p already installed"
else
echo -n " ##" $p "Installing... "
yum -y install $p >> /var/log/snipeit-install.log 2>&1
echo -n " ## installing $p ... "
log "yum -y install $p"
echo "";
fi
done;
echo -e "\n## Downloading Snipe-IT from github and putting it in the web directory.";
wget -P $tmp/ https://github.com/snipe/snipe-it/archive/$file >> /var/log/snipeit-install.log 2>&1
log "wget -P $tmp/ https://github.com/snipe/snipe-it/archive/$file"
unzip -qo $tmp/$file -d $tmp/
cp -R $tmp/$fileName $webdir/$name
@ -347,21 +360,23 @@ case $distro in
echo "## Creating the new virtual host in Apache.";
apachefile=/etc/httpd/conf.d/$name.conf
echo >> $apachefile ""
echo >> $apachefile ""
echo >> $apachefile ""
echo >> $apachefile "<VirtualHost *:80>"
echo >> $apachefile "ServerAdmin webmaster@localhost"
echo >> $apachefile " <Directory $webdir/$name/public>"
echo >> $apachefile " Allow From All"
echo >> $apachefile " AllowOverride All"
echo >> $apachefile " Options +Indexes"
echo >> $apachefile " </Directory>"
echo >> $apachefile " DocumentRoot $webdir/$name/public"
echo >> $apachefile " ServerName $fqdn"
echo >> $apachefile " ErrorLog /var/log/httpd/snipeIT.error.log"
echo >> $apachefile " CustomLog /var/log/access.log combined"
echo >> $apachefile "</VirtualHost>"
{
echo ""
echo ""
echo ""
echo "<VirtualHost *:80>"
echo "ServerAdmin webmaster@localhost"
echo " <Directory $webdir/$name/public>"
echo " Allow From All"
echo " AllowOverride All"
echo " Options +Indexes"
echo " </Directory>"
echo " DocumentRoot $webdir/$name/public"
echo " ServerName $fqdn"
echo " ErrorLog /var/log/httpd/snipeIT.error.log"
echo " CustomLog /var/log/access.log combined"
echo "</VirtualHost>"
} >> "$apachefile"
echo "## Setting up hosts file.";
echo >> $hosts "127.0.0.1 $hostname $fqdn"
@ -391,10 +406,8 @@ case $distro in
curl -sS https://getcomposer.org/installer | php
php composer.phar install --no-dev --prefer-source
# Change permissions on directories
sudo chmod -R 755 $webdir/$name/storage
sudo chmod -R 755 $webdir/$name/public/uploads
sudo chown -R apache:apache $webdir/$name
perms
chown -R apache:apache $webdir/$name
/sbin/service iptables status >/dev/null 2>&1
if [ $? = 0 ]; then
@ -415,29 +428,29 @@ case $distro in
#Allow us to get the mysql engine
echo -e "\n## Add IUS, epel-release and mariaDB repos.";
yum -y install wget epel-release >> /var/log/snipeit-install.log 2>&1
wget -P $tmp/ https://centos7.iuscommunity.org/ius-release.rpm >> /var/log/snipeit-install.log 2>&1
rpm -Uvh $tmp/ius-release*.rpm >> /var/log/snipeit-install.log 2>&1
log "yum -y install wget epel-release"
log "wget -P $tmp/ https://centos7.iuscommunity.org/ius-release.rpm"
log "rpm -Uvh $tmp/ius-release*.rpm"
#Install PHP and other needed stuff.
echo "## Installing PHP and other needed stuff";
PACKAGES="httpd mariadb-server git unzip php56u php56u-mysqlnd php56u-bcmath php56u-cli php56u-common php56u-embedded php56u-gd php56u-mbstring php56u-mcrypt php56u-ldap"
for p in $PACKAGES;do
if isinstalled $p;then
echo " ##" $p "Installed"
if isinstalled "$p"; then
echo " ## $p already installed"
else
echo -n " ##" $p "Installing... "
yum -y install $p >> /var/log/snipeit-install.log 2>&1
echo -n " ## installing $p ... "
log "yum -y install $p"
echo "";
fi
done;
echo -e "\n## Downloading Snipe-IT from github and put it in the web directory.";
wget -P $tmp/ https://github.com/snipe/snipe-it/archive/$file >> /var/log/snipeit-install.log 2>&1
unzip -qo $tmp/$file -d $tmp/
cp -R $tmp/$fileName $webdir/$name
log "wget -P $tmp/ https://github.com/snipe/snipe-it/archive/$file"
log "unzip -qo $tmp/$file -d $tmp/"
log "cp -R $tmp/$fileName $webdir/$name"
# Make mariaDB start on boot and restart the daemon
echo "## Starting the mariaDB server.";
@ -451,30 +464,32 @@ case $distro in
echo "## Creating MySQL Database/User."
echo "## Please Input your MySQL/MariaDB root password "
mysql -u root -p < $dbsetup
mysql -u root -p < "$dbsetup"
##TODO make sure the apachefile doesnt exist isnt already in there
#Create the new virtual host in Apache and enable rewrite
apachefile=/etc/httpd/conf.d/$name.conf
apachefile="/etc/httpd/conf.d/$name.conf"
echo "## Creating the new virtual host in Apache.";
echo >> $apachefile ""
echo >> $apachefile ""
echo >> $apachefile "LoadModule rewrite_module modules/mod_rewrite.so"
echo >> $apachefile ""
echo >> $apachefile "<VirtualHost *:80>"
echo >> $apachefile "ServerAdmin webmaster@localhost"
echo >> $apachefile " <Directory $webdir/$name/public>"
echo >> $apachefile " Allow From All"
echo >> $apachefile " AllowOverride All"
echo >> $apachefile " Options +Indexes"
echo >> $apachefile " </Directory>"
echo >> $apachefile " DocumentRoot $webdir/$name/public"
echo >> $apachefile " ServerName $fqdn"
echo >> $apachefile " ErrorLog /var/log/httpd/snipeIT.error.log"
echo >> $apachefile " CustomLog /var/log/access.log combined"
echo >> $apachefile "</VirtualHost>"
{
echo "## Creating the new virtual host in Apache.";
echo ""
echo ""
echo "LoadModule rewrite_module modules/mod_rewrite.so"
echo ""
echo "<VirtualHost *:80>"
echo "ServerAdmin webmaster@localhost"
echo " <Directory $webdir/$name/public>"
echo " Allow From All"
echo " AllowOverride All"
echo " Options +Indexes"
echo " </Directory>"
echo " DocumentRoot $webdir/$name/public"
echo " ServerName $fqdn"
echo " ErrorLog /var/log/httpd/snipeIT.error.log"
echo " CustomLog /var/log/access.log combined"
echo "</VirtualHost>"
} >> "$apachefile"
##TODO make sure this isnt already in there
echo "## Setting up hosts file.";
@ -509,20 +524,18 @@ case $distro in
curl -sS https://getcomposer.org/installer | php
php composer.phar install --no-dev --prefer-source
sudo chmod -R 755 $webdir/$name/storage
sudo chmod -R 755 $webdir/$name/storage/private_uploads
sudo chmod -R 755 $webdir/$name/public/uploads
sudo chown -R apache:apache $webdir/$name
perms
chown -R apache:apache $webdir/$name
# Make SeLinux happy
sudo chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/
chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/
#Check if SELinux is enforcing
if [ $(getenforce) == "Enforcing" ]; then
if [ "$(getenforce)" == "Enforcing" ]; then
#Add SELinux and firewall exception/rules.
#Required for ldap integration
setsebool -P httpd_can_connect_ldap on
#Sets SELinux context type so that scripts running in the web server process are allowed read/write access
sudo chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/
chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/
fi
systemctl restart httpd.service
@ -542,6 +555,6 @@ echo ""
echo "* Cleaning up..."
rm -f snipeit.sh
rm -f install.sh
rm -rf $tmp/
rm -rf ${tmp:?}
echo "* Finished!"
sleep 1