From c6338d6a8b50f534c4ea1d2b0de2e26f18bfa22e Mon Sep 17 00:00:00 2001 From: Michael T Date: Thu, 29 Sep 2016 22:37:05 -0700 Subject: [PATCH] Apologies. Still learning Git, and CentOS isn't a big strength for me. (#2701) This should properly include #2674 Cleaned up the script itself, added progress bars so end users don't think the script is stuck --- snipeit.sh | 339 ++++++++++++++++++----------------------------------- 1 file changed, 117 insertions(+), 222 deletions(-) diff --git a/snipeit.sh b/snipeit.sh index 33d3af5163..4632d9a4fb 100755 --- a/snipeit.sh +++ b/snipeit.sh @@ -39,7 +39,7 @@ spin[3]="/" rm -rf $tmp/ mkdir $tmp -# Debian/Ubuntu friendly f(x) +# Debian/Ubuntu friendly f(x)s progress () { while kill -0 $pid > /dev/null 2>&1 do @@ -49,13 +49,59 @@ progress () { echo -ne "\b$i" sleep .1 else - echo -ne "\n\n" + echo -ne "\n\b\n" fi done done } +vhenvfile () { + sudo ls -al /etc/apache2/mods-enabled/rewrite.load >> /var/log/snipeit-install.log 2>&1 + apachefile=/etc/apache2/sites-available/$name.conf + echo "* Create Virtual host for apache." + echo >> $apachefile "" + echo >> $apachefile "ServerAdmin webmaster@localhost" + echo >> $apachefile " " + echo >> $apachefile " Require all granted" + echo >> $apachefile " AllowOverride All" + echo >> $apachefile " " + echo >> $apachefile " DocumentRoot $webdir/$name/public" + echo >> $apachefile " ServerName $fqdn" + echo >> $apachefile " ErrorLog /var/log/apache2/snipeIT.error.log" + echo >> $apachefile " CustomLog /var/log/apache2/access.log combined" + echo >> $apachefile "" + echo >> $hosts "127.0.0.1 $hostname $fqdn" + a2ensite $name.conf >> /var/log/snipeit-install.log 2>&1 + cat > $webdir/$name/.env <<-EOF + #Created By Snipe-it Installer + APP_TIMEZONE=$(cat /etc/timezone) + DB_HOST=localhost + DB_DATABASE=snipeit + DB_USERNAME=snipeit + DB_PASSWORD=$mysqluserpw + APP_URL=http://$fqdn + APP_KEY=$random32 + EOF +} + +perms () { + if [ $distro == "debian" ]; then + #Change permissions on directories + chmod -R 755 $webdir/$name/storage + chmod -R 755 $webdir/$name/storage/private_uploads + chmod -R 755 $webdir/$name/public/uploads + chown -R www-data:www-data /var/www/$name + # echo "* Finished permission changes." + else + sudo chmod -R 755 $webdir/$name/storage + sudo chmod -R 755 $webdir/$name/storage/private_uploads + sudo chmod -R 755 $webdir/$name/public/uploads + sudo chown -R www-data:www-data /var/www/$name + fi +} + +#CentOS Friendly f(x)s function isinstalled { if yum list installed "$@" >/dev/null 2>&1; then true @@ -92,7 +138,7 @@ echo " echo "" echo "" -echo " Welcome to Snipe-IT Inventory Installer for Centos and Debian!" +echo " Welcome to Snipe-IT Inventory Installer for Centos, Debian and Ubuntu!" echo "" shopt -s nocasematch case $distro in @@ -163,218 +209,85 @@ chmod 700 $dbsetup case $distro in debian) ##################################### Install for Debian ############################################## + #Update/upgrade Debian/Ubuntu repositories, get the latest version of git. + #Git clone snipeit, create vhost, edit hosts file, create .env file, mysql install + #composer install, set permissions, restart apache. + #BTW, Debian, I swear, you're such a pain. webdir=/var/www - - #Update/upgrade Debian repositories. - echo "" - echo "## Updating Debian packages in the background. Please be patient." - echo "" - apachefile=/etc/apache2/sites-available/$name.conf - sudo apt-get update >> /var/log/snipeit-install.log & pid=$! 2>&1 + echo -e "\n* Updating Debian packages in the background... ${spin[0]}\n" + apt-get update >> /var/log/snipeit-install.log & pid=$! 2>&1 + wait + apt-get upgrade >> /var/log/snipeit-install.log & pid=$! 2>&1 + wait + echo -e "\n* Installing packages... ${spin[0]}\n" + echo -e "\n* Going to suppress more messages that you don't need to worry about. Please wait... ${spin[0]}" + DEBIAN_FRONTEND=noninteractive apt-get -y install mariadb-server mariadb-client apache2 git unzip php5 php5-mcrypt php5-curl php5-mysql php5-gd php5-ldap libapache2-mod-php5 curl >> /var/log/snipeit-install.log & pid=$! 2>&1 progress - sudo apt-get -y upgrade >> /var/log/snipeit-install.log & pid=$! 2>&1 + wait + echo -e "\n* Cloning Snipeit, extracting to $webdir/$name..." + git clone https://github.com/snipe/snipe-it $webdir/$name >> /var/log/snipeit-install.log & pid=$! 2>&1 progress - echo "## Installing packages." - sudo apt-get -y install mariadb-server mariadb-client - echo "## Going to suppress more messages that you don't need to worry about. Please wait." - sudo apt-get -y install apache2 >> /var/log/snipeit-install.log & pid=$! 2>&1 - progress - sudo apt-get install -y git unzip php5 php5-mcrypt php5-curl php5-mysql php5-gd php5-ldap libapache2-mod-php5 curl >> /var/log/snipeit-install.log & pid=$! 2>&1 - progress - - # Get files and extract to web dir - echo "" - echo "## Downloading snipeit and extract to web directory." - wget -P $tmp/ https://github.com/snipe/snipe-it/archive/$file - unzip -qo $tmp/$file -d $tmp/ - cp -R $tmp/$fileName $webdir/$name - - ## TODO make sure apache is set to start on boot and go ahead and start it - - #Enable mcrypt and rewrite - echo "## Enabling mcrypt and rewrite" - - sudo php5enmod mcrypt - sudo a2enmod rewrite - - #Create a new virtual host for Apache. - echo "## Create Virtual host for apache." - echo >> $apachefile "" - echo >> $apachefile "" - echo >> $apachefile "" - echo >> $apachefile "ServerAdmin webmaster@localhost" - echo >> $apachefile " " - echo >> $apachefile " Require all granted" - echo >> $apachefile " AllowOverride All" - echo >> $apachefile " " - echo >> $apachefile " DocumentRoot $webdir/$name/public" - echo >> $apachefile " ServerName $fqdn" - echo >> $apachefile " ErrorLog /var/log/apache2/snipeIT.error.log" - echo >> $apachefile " CustomLog /var/log/apache2/access.log combined" - echo >> $apachefile "" - - - echo "## Configuring .env file." - cat > $webdir/$name/.env <<-EOF - #Created By Snipe-it Installer - APP_TIMEZONE=$(cat /etc/timezone) - DB_HOST=localhost - DB_DATABASE=snipeit - DB_USERNAME=snipeit - DB_PASSWORD=$mysqluserpw - APP_URL=http://$fqdn - APP_KEY=$random32 - DB_DUMP_PATH='/usr/bin' - EOF - - echo "## Setting up hosts file." + php5enmod mcrypt >> /var/log/snipeit-install.log 2>&1 + a2enmod rewrite >> /var/log/snipeit-install.log 2>&1 + vhenvfile + wait echo >> $hosts "127.0.0.1 $hostname $fqdn" a2ensite $name.conf - - #Modify the Snipe-It files necessary for a production environment. - echo "## Modify the Snipe-It files necessary for a production environment." - echo "## Securing Mysql" + echo -e "* Modify the Snipe-It files necessary for a production environment.\n* Securing Mysql" # Have user set own root password when securing install # and just set the snipeit database user at the beginning /usr/bin/mysql_secure_installation - - ## TODO make sure mysql is set to start on boot and go ahead and start it - - echo "Creating Mysql Database and User." - echo "## Please Input your MySQL/MariaDB root password: " - echo "" + echo -e "* Creating Mysql Database and User.\n## Please Input your MySQL/MariaDB root password: " mysql -u root -p < $dbsetup - echo "" - - #Install / configure composer - echo "## Installing and configuring composer" cd $webdir/$name/ curl -sS https://getcomposer.org/installer | php php composer.phar install --no-dev --prefer-source - - #Change permissions on directories - echo "## Seting permissions on web directory." - sudo chmod -R 755 $webdir/$name/storage - sudo chmod -R 755 $webdir/$name/storage/private_uploads - sudo chmod -R 755 $webdir/$name/public/uploads - sudo chown -R www-data:www-data /var/www/ - # echo "## Finished permission changes." - - echo "## Restarting apache." + perms service apache2 restart ;; - ubuntu) ##################################### Install for Ubuntu ############################################## + #Update/upgrade Debian/Ubuntu repositories, get the latest version of git. + #Git clone snipeit, create vhost, .env file, mysql install + #composer install, set permissions, restart apache. webdir=/var/www - - #Update/upgrade Debian/Ubuntu repositories, get the latest version of git. - echo "" - echo "## Updating ubuntu in the background. Please be patient." - echo "" - echo -n "Updating with apt-get update... ${spin[0]}" + echo -ne "\n* Updating with apt-get update in the background... ${spin[0]}" sudo apt-get update >> /var/log/snipeit-install.log & pid=$! 2>&1 + rm /var/lib/dpkg/lock progress - echo -n "Upgrading packages with apt-get upgrade... ${spin[0]}" + echo -ne "\n* Upgrading packages with apt-get upgrade in the background... ${spin[0]}" sudo apt-get -y upgrade >> /var/log/snipeit-install.log & pid=$! 2>&1 progress - apachefile=/etc/apache2/sites-available/$name.conf - echo "## Installing packages." - - #We already established MySQL root & user PWs, so we dont need to be prompted. Let's go ahead and install Apache, PHP and MySQL. - echo "## Setting up LAMP." - sudo DEBIAN_FRONTEND=noninteractive apt-get install -y lamp-server^ >> /var/log/snipeit-install.log & pid=$! 2>&1 - echo "" + echo -ne "\n* Setting up LAMP in the background... ${spin[0]}\n" + sudo DEBIAN_FRONTEND=noninteractive apt-get install -y lamp-server^ >> /var/log/snipeit-install.log & pid=$! 2>&1 progress if [ "$version" == "16.04" ]; then - sudo apt-get install -y git unzip php php-mcrypt php-curl php-mysql php-gd php-ldap php-zip php-mbstring php-xml >> /var/log/snipeit-install.log 2>&1 - sudo apt-get install -y git unzip php php-mcrypt php-curl php-mysql php-gd php-ldap php-xml php-zip php-mbstring >> /var/log/snipeit-install.log 2>&1 - #Enable mcrypt and rewrite - echo "## Enabling mcrypt and rewrite" + sudo apt-get install -y git unzip php php-mcrypt php-curl php-mysql php-gd php-ldap php-zip php-mbstring php-xml >> /var/log/snipeit-install.log & pid=$! 2>&1 + progress sudo phpenmod mcrypt >> /var/log/snipeit-install.log 2>&1 sudo phpenmod mbstring >> /var/log/snipeit-install 2>&1 sudo a2enmod rewrite >> /var/log/snipeit-install.log 2>&1 else - sudo apt-get install -y git unzip php5 php5-mcrypt php5-curl php5-mysql php5-gd php5-ldap >> /var/log/snipeit-install.log 2>&1 - #Enable mcrypt and rewrite - echo "## Enabling mcrypt and rewrite" + sudo apt-get install -y git unzip php5 php5-mcrypt php5-curl php5-mysql php5-gd php5-ldap >> /var/log/snipeit-install.log & pid=$! 2>&1 + progress sudo php5enmod mcrypt >> /var/log/snipeit-install.log 2>&1 sudo a2enmod rewrite >> /var/log/snipeit-install.log 2>&1 fi - # Get files and extract to web dir - echo "" - echo "## Downloading snipeit and extract to web directory." - wget -P $tmp/ https://github.com/snipe/snipe-it/archive/$file >> /var/log/snipeit-install.log 2>&1 - unzip -qo $tmp/$file -d $tmp/ - cp -R $tmp/$fileName $webdir/$name - - ## TODO make sure apache is set to start on boot and go ahead and start it - - sudo ls -al /etc/apache2/mods-enabled/rewrite.load >> /var/log/snipeit-install.log 2>&1 - - #Create a new virtual host for Apache. - echo "## Create Virtual host for apache." - echo >> $apachefile "" - echo >> $apachefile "" - echo >> $apachefile "" - echo >> $apachefile "ServerAdmin webmaster@localhost" - echo >> $apachefile " " - echo >> $apachefile " Require all granted" - echo >> $apachefile " AllowOverride All" - echo >> $apachefile " " - echo >> $apachefile " DocumentRoot $webdir/$name/public" - echo >> $apachefile " ServerName $fqdn" - echo >> $apachefile " ErrorLog /var/log/apache2/snipeIT.error.log" - echo >> $apachefile " CustomLog /var/log/apache2/access.log combined" - echo >> $apachefile "" - - echo "## Setting up hosts file." - echo >> $hosts "127.0.0.1 $hostname $fqdn" - - a2ensite $name.conf >> /var/log/snipeit-install.log - - cat > $webdir/$name/.env <<-EOF - #Created By Snipe-it Installer - APP_TIMEZONE=$(cat /etc/timezone) - DB_HOST=localhost - DB_DATABASE=snipeit - DB_USERNAME=snipeit - DB_PASSWORD=$mysqluserpw - APP_URL=http://$fqdn - APP_KEY=$random32 - DB_DUMP_PATH='/usr/bin' - EOF - - ## TODO make sure mysql is set to start on boot and go ahead and start it - echo "## MySQL Phase next." - # Setup Mysql, then run the command. + echo -ne "\n* Cloning Snipeit, extracting to $webdir/$name... ${spin[0]}" + git clone https://github.com/snipe/snipe-it $webdir/$name >> /var/log/snipeit-install.log & pid=$! 2>&1 + progress + vhenvfile + echo -e "* MySQL Phase next.\n" /usr/bin/mysql_secure_installation - echo "## Creating MySQL Database and user. " - echo "## Please Input your MySQL/MariaDB root password: " + echo -e "* Creating MySQL Database and user.\n* Please Input your MySQL/MariaDB root password created in the previous step.: " mysql -u root -p < $dbsetup - - echo "## Securing Mysql" - - # Have user set own root password when securing install - # and just set the snipeit database user at the beginning - - #Install / configure composer - echo "## Installing and configuring composer" + echo -e "\n* Securing Mysql\n* Installing and configuring composer" cd $webdir/$name/ curl -sS https://getcomposer.org/installer | php php composer.phar install --no-dev --prefer-source - - #Change permissions on directories - echo "## Seting permissions on web directory." - sudo chmod -R 755 $webdir/$name/storage - sudo chmod -R 755 $webdir/$name/storage/private_uploads - sudo chmod -R 755 $webdir/$name/public/uploads - sudo chown -R www-data:www-data /var/www/$name - # echo "## Finished permission changes." - - echo "## Restarting apache." + perms service apache2 restart ;; centos ) @@ -382,9 +295,6 @@ case $distro in ##################################### Install for Centos/Redhat 6 ############################################## webdir=/var/www/html - -##TODO make sure the repo doesnt exhist isnt already in there - #Allow us to get the mysql engine echo "" echo "## Adding IUS, epel-release and mariaDB repos."; @@ -401,7 +311,6 @@ case $distro in wget -P $tmp/ https://centos6.iuscommunity.org/ius-release.rpm >> /var/log/snipeit-install.log 2>&1 rpm -Uvh $tmp/ius-release*.rpm >> /var/log/snipeit-install.log 2>&1 - #Install PHP and other needed stuff. echo "## Installing PHP and other needed stuff"; PACKAGES="httpd MariaDB-server git unzip php56u php56u-mysqlnd php56u-bcmath php56u-cli php56u-common php56u-embedded php56u-gd php56u-mbstring php56u-mcrypt php56u-ldap" @@ -416,8 +325,7 @@ case $distro in fi done; - echo "" - echo "## Downloading Snipe-IT from github and putting it in the web directory."; + echo -e "\n## Downloading Snipe-IT from github and putting it in the web directory."; wget -P $tmp/ https://github.com/snipe/snipe-it/archive/$file >> /var/log/snipeit-install.log 2>&1 unzip -qo $tmp/$file -d $tmp/ @@ -435,7 +343,6 @@ case $distro in echo "## Please Input your MySQL/MariaDB root password: " mysql -u root -p < $dbsetup -##TODO make sure the apachefile doesnt exhist isnt already in there #Create the new virtual host in Apache and enable rewrite echo "## Creating the new virtual host in Apache."; apachefile=/etc/httpd/conf.d/$name.conf @@ -456,7 +363,6 @@ case $distro in echo >> $apachefile " CustomLog /var/log/access.log combined" echo >> $apachefile "" -##TODO make sure hosts file doesnt already contain this info echo "## Setting up hosts file."; echo >> $hosts "127.0.0.1 $hostname $fqdn" @@ -480,8 +386,6 @@ case $distro in DB_DUMP_PATH='/usr/bin' EOF - - #Install / configure composer echo "## Configure composer" cd $webdir/$name curl -sS https://getcomposer.org/installer | php @@ -492,20 +396,17 @@ case $distro in sudo chmod -R 755 $webdir/$name/public/uploads sudo chown -R apache:apache $webdir/$name -#TODO detect if SELinux is enabled to decide what to do. - # chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/ + /sbin/service iptables status >/dev/null 2>&1 + if [ $? = 0 ]; then + #Open http/https port + iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT + iptables -I INPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT + #Save iptables + service iptables save + fi - #Check if iptables is running - /sbin/service iptables status >/dev/null 2>&1 - if [ $? = 0 ]; then - #Open http/https port - iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT - iptables -I INPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT - #Save iptables - service iptables save - fi - service httpd restart + service httpd restart elif [ "$version" == "7" ]; then ##################################### Install for Centos/Redhat 7 ############################################## @@ -513,8 +414,7 @@ case $distro in webdir=/var/www/html #Allow us to get the mysql engine - echo "" - echo "## Add IUS, epel-release and mariaDB repos."; + echo -e "\n## Add IUS, epel-release and mariaDB repos."; yum -y install wget epel-release >> /var/log/snipeit-install.log 2>&1 wget -P $tmp/ https://centos7.iuscommunity.org/ius-release.rpm >> /var/log/snipeit-install.log 2>&1 rpm -Uvh $tmp/ius-release*.rpm >> /var/log/snipeit-install.log 2>&1 @@ -533,8 +433,7 @@ case $distro in fi done; - echo "" - echo "## Downloading Snipe-IT from github and put it in the web directory."; + echo -e "\n## Downloading Snipe-IT from github and put it in the web directory."; wget -P $tmp/ https://github.com/snipe/snipe-it/archive/$file >> /var/log/snipeit-install.log 2>&1 unzip -qo $tmp/$file -d $tmp/ @@ -554,7 +453,8 @@ case $distro in echo "## Please Input your MySQL/MariaDB root password " mysql -u root -p < $dbsetup -##TODO make sure the apachefile doesnt exhist isnt already in there + ##TODO make sure the apachefile doesnt exist isnt already in there + #Create the new virtual host in Apache and enable rewrite apachefile=/etc/httpd/conf.d/$name.conf @@ -580,13 +480,11 @@ case $distro in echo "## Setting up hosts file."; echo >> $hosts "127.0.0.1 $hostname $fqdn" - echo "## Starting the apache server."; # Make apache start on boot and restart the daemon systemctl enable httpd.service systemctl restart httpd.service - tzone=$(timedatectl | gawk -F'[: ]' ' $9 ~ /zone/ {print $11}'); echo "## Configuring .env file." @@ -615,20 +513,17 @@ case $distro in sudo chmod -R 755 $webdir/$name/storage/private_uploads sudo chmod -R 755 $webdir/$name/public/uploads sudo chown -R apache:apache $webdir/$name + # Make SeLinux happy + sudo chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/ - #Check if SELinux is enforcing - if [ $(getenforce) == "Enforcing" ]; then - #Required for ldap integration - setsebool -P httpd_can_connect_ldap on - #Sets SELinux context type so that scripts running in the web server process are allowed read/write access - sudo chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/ - fi - -#TODO detect if firewall is enabled to decide what to do - #Add firewall exception/rules. Youll have to allow 443 if you want ssl connectivity. - # chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/ - # firewall-cmd --zone=public --add-port=80/tcp --permanent - # firewall-cmd --reload + #Check if SELinux is enforcing + if [ $(getenforce) == "Enforcing" ]; then + #Add SELinux and firewall exception/rules. + #Required for ldap integration + setsebool -P httpd_can_connect_ldap on + #Sets SELinux context type so that scripts running in the web server process are allowed read/write access + sudo chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/ + fi systemctl restart httpd.service @@ -644,9 +539,9 @@ echo "" echo " ***Open http://$fqdn to login to Snipe-IT.***" echo "" echo "" -echo "## Cleaning up..." +echo "* Cleaning up..." rm -f snipeit.sh rm -f install.sh rm -rf $tmp/ -echo "## Done!" +echo "* Finished!" sleep 1