invenio-setup-prerequisites

#!/bin/sh
#
# A helper devscript to install and configure Invenio prerequisites.
# (Apache, MySQL, Python packages, etc.)  For more information, see
# <https://github.com/tiborsimko/invenio-devscripts>.
#
# Tibor Simko <tibor.simko@cern.ch>
#
# Copyright (C) 2013, 2014, 2015 CERN.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.

# sanity check: CLI confirmation
if [ "$1" != "--yes-i-know" ]; then
    echo "[ERROR] You did not use --yes-i-know.  Not going to setup Invenio prerequisites."
    exit 1
fi

# sanity check: environment variables
if [ -z "$CFG_INVENIO_SRCDIR" ]; then
    echo "[ERROR] CFG_INVENIO_SRCDIR not set up.  Maybe you want to run invenio-kickstart?  Exiting."
    exit 1
fi
if [ -z "$CFG_INVENIO_PORT_HTTP" ]; then
    echo "[ERROR] CFG_INVENIO_PORT_HTTP not set up.  Maybe you want to run invenio-kickstart?  Exiting."
    exit 1
fi
if [ -z "$CFG_INVENIO_PORT_HTTPS" ]; then
    echo "[ERROR] CFG_INVENIO_PORT_HTTPS not set up.  Maybe you want to run invenio-kickstart?  Exiting."
    exit 1
fi

# config section:
CFG_INVENIO_DATABASE_NAME=${CFG_INVENIO_DATABASE_NAME:=invenio}
CFG_INVENIO_DATABASE_USER=${CFG_INVENIO_DATABASE_USER:=invenio}
CFG_INVENIO_DATABASE_PASS=${CFG_INVENIO_DATABASE_PASS:=my123p\$ss}
VIRTUAL_ENV=${VIRTUAL_ENV:=}

# quit on errors and potentially unbound symbols:
set -o errexit
set -o nounset

## show command execution:
#set -o xtrace

redhat_unknown () {
    echo "[ERROR] Seems you are running unsupported RHEL based OS."
    echo "[ERROR] Please contact authors.  Exiting."
    exit 1
}

os_unknown () {
    echo "[ERROR] Cannot detect OS version."
    echo "[ERROR] Please contact authors.  Exiting."
    exit 1
}

redhat_enable_epel () {
    if ! grep -q CentOS /etc/redhat-release; then
        set +o errexit # let us continue if yum-conf-epel does not exist, e.g. on SLC
        sudo yum install -y yum-conf-epel
        set -o errexit
    fi
}

redhat5_install_packages () {
    # RHEL5/SL5/CentOS5
    sudo yum install -y MySQL-python PyXML alsa-lib apr apr-devel apr-util \
        apr-util-devel cyrus-sasl-devel db4-devel distcache epydoc \
        expat-devel freetype-devel gettext-devel gpm httpd libXtst \
        libart_lgpl libgcj libgcrypt-devel libgpg-error-devel \
        libxslt libxslt-devel libxslt-python lynx mod_ssl \
        mod_wsgi mx mysql mysql-devel mysql-server numpy openldap-devel \
        perl-DBD-MySQL postgresql-libs python-devel python-setuptools \
        python-wsgiref screen vim-enhanced w3m git pylint ipython \
        python-dateutil python-simplejson python-reportlab pyPdf \
        python-mechanize python-hashlib python-feedparser \
        openoffice.org-calc openoffice.org-impress \
        openoffice.org-graphicfilter openoffice.org-javafilter \
        openoffice.org-math openoffice.org-writer openoffice.org-draw \
        openoffice.org-pyuno openoffice.org-ure openoffice.org-core \
        openoffice.org-base openoffice.org-headless \
        openoffice.org-xsltfilter automake
    #sudo rpm -Uvh \
    #    http://swrep.cern.ch/swrep/x86_64_slc5/pdftk-1.41-1.el5.rf.x86_64.rpm \
    #    http://swrep.cern.ch/swrep/x86_64_slc5/rdflib-2.4.1-1.slc5.x86_64.rpm \
    #    http://swrep.cern.ch/swrep/x86_64_slc5/pyRXP-1.13-1.20090612.slc5.x86_64.rpm \
    #    http://swrep.cern.ch/swrep/x86_64_slc5/gnuplot-py-1.8-1.slc5.noarch.rpm \
    #    http://swrep.cern.ch/swrep/x86_64_slc5/PyStemmer-1.0.1-1.slc5.x86_64.rpm
}

redhat6_install_packages () {
    # install some system packages:
    sudo yum install -y git python-devel mod_wsgi mod_ssl mysql-server \
        mysql-devel redis libxslt-devel automake gettext gettext-devel w3m \
        hdf5-devel texlive
    # get rid of some system Python packages, if installed, because we'll use pip later
    sudo yum erase -y python-nose numpy python-matplotlib seekwatcher python-setuptools python-pip
    # install pip
    curl http://python-distribute.org/distribute_setup.py | sudo python
    sudo easy_install pip==1.3.1
    # install Python dependencies
    olddir=`pwd`
    cd $CFG_INVENIO_SRCDIR
    for reqfile in requirements.txt requirements-extras.txt \
        requirements-flask.txt requirements-flask-ext.txt; do
        if [ -e $reqfile ]; then
            if [ "$reqfile" = "requirements-extras.txt" ]; then
                set +o errexit # let us continue if extra requirements (e.g. ipython) cannot be installed
            fi
            sudo pip install -r $reqfile
            if [ "$reqfile" = "requirements-extras.txt" ]; then
                set -o errexit
            fi
        fi
    done
    cd $olddir
}

debian_install_packages () {
    # install system packages
    sudo DEBIAN_FRONTEND=noninteractive apt-get install -y \
        git python-dev apache2-mpm-worker \
        mysql-server mysql-client gnuplot poppler-utils \
        clisp gettext libapache2-mod-wsgi unzip \
        pdftk html2text giflib-tools pstotext netpbm \
        sbcl libapache2-mod-xsendfile redis-server \
        automake libmysqlclient-dev libxml2-dev libxslt-dev \
        make postfix texlive python-libxml2 python-libxslt1
    # OpenOffice.org has be removed from recent releases
    if sudo apt-get install -y -s openoffice.org; then
        sudo apt-get install -y openoffice.org
    else
        sudo apt-get install -y libreoffice
    fi
    # python-uno does not always exist, so be gentle:
    if sudo apt-get install -y -s python-uno; then
        sudo apt-get install -y python-uno
    fi
    # restart Redis explicitly; useful for Travis-CI VMs
    sudo /usr/sbin/service redis-server restart
    # installing libhdf5-dev is OS version dependent:
    if sudo apt-get install -y -s libhdf5-dev; then
        sudo apt-get install -y libhdf5-dev
    else
        sudo apt-get install -y libhdf5-serial-dev
    fi
    if ! type pip > /dev/null 2>&1; then
        sudo apt-get install -y python-pip
    fi
    olddir=`pwd`
    allow="--allow-all-external --allow-unverified gnuplot-py --allow-unverified h5py"
    cd $CFG_INVENIO_SRCDIR
    for reqfile in requirements.txt requirements-extras.txt \
        requirements-flask.txt requirements-flask-ext.txt; do
        if [ -e $reqfile ]; then
            if [ "$reqfile" = "requirements-extras.txt" ]; then
                set +o errexit # let us continue if extra requirements (e.g. ipython) cannot be installed
            fi
            if [ "$VIRTUAL_ENV" != "" ]; then
                pip install -r $reqfile $allow
            else
                sudo pip install -r $reqfile $allow
            fi
            if [ "$reqfile" = "requirements-extras.txt" ]; then
                set -o errexit
            fi
        fi
    done
    cd $olddir
}

freebsd_install_packages () {
    # install system packages
    sudo BATCH=yes pkg_add -rF git python w3m wget mysql55-server \
        ap22-mod_wsgi ap22-mod_xsendfile libxml2 libxslt hdf5 \
        redis
    # install distribute and pip
    curl http://python-distribute.org/distribute_setup.py | sudo python
    sudo easy_install pip==1.3.1
    # install Python dependencies via pip
    olddir=`pwd`
    cd $CFG_INVENIO_SRCDIR
    for reqfile in requirements.txt requirements-extras.txt \
        requirements-flask.txt requirements-flask-ext.txt; do
        if [ -e $reqfile ]; then
            if [ "$reqfile" = "requirements-extras.txt" ]; then
                set +o errexit # let us continue if extra requirements (e.g. ipython) cannot be installed
            fi
            sudo pip install -r $reqfile
            if [ "$reqfile" = "requirements-extras.txt" ]; then
                set -o errexit
            fi
        fi
    done
    cd $olddir
}

redhat_configure_mysql () {
    sudo /sbin/service mysqld start
    sudo /sbin/chkconfig mysqld on
    mysqladmin -u root password ''
    echo "DROP DATABASE IF EXISTS $CFG_INVENIO_DATABASE_NAME;" | mysql -u root -B
    echo "CREATE DATABASE $CFG_INVENIO_DATABASE_NAME DEFAULT CHARACTER SET utf8;" | mysql -u root -B
    echo "GRANT ALL PRIVILEGES ON $CFG_INVENIO_DATABASE_NAME.* TO $CFG_INVENIO_DATABASE_USER@localhost IDENTIFIED BY '$CFG_INVENIO_DATABASE_PASS'" | mysql -u root -B
}

debian_configure_mysql () {
    sudo /etc/init.d/mysql start
    mysqladmin -u root password ''
    echo "DROP DATABASE IF EXISTS $CFG_INVENIO_DATABASE_NAME;" | mysql -u root -B
    echo "CREATE DATABASE $CFG_INVENIO_DATABASE_NAME DEFAULT CHARACTER SET utf8;" | mysql -u root -B
    echo "GRANT ALL PRIVILEGES ON $CFG_INVENIO_DATABASE_NAME.* TO $CFG_INVENIO_DATABASE_USER@localhost IDENTIFIED BY '$CFG_INVENIO_DATABASE_PASS'" | mysql -u root -B
}

freebsd_configure_mysql () {
    echo "mysql_enable=\"YES\"" | sudo tee -a /etc/rc.conf
    sudo $CFG_INVENIO_MYSQLCTL restart
    mysqladmin -u root password ''
    echo "DROP DATABASE IF EXISTS $CFG_INVENIO_DATABASE_NAME;" | mysql -u root -B
    echo "CREATE DATABASE $CFG_INVENIO_DATABASE_NAME DEFAULT CHARACTER SET utf8;" | mysql -u root -B
    echo "GRANT ALL PRIVILEGES ON $CFG_INVENIO_DATABASE_NAME.* TO $CFG_INVENIO_DATABASE_USER@localhost IDENTIFIED BY '$CFG_INVENIO_DATABASE_PASS'" | mysql -u root -B
}

redhat_configure_apache () {
    sudo /sbin/service httpd start
    sudo /sbin/chkconfig httpd on
    sudo perl -pi -e 's,#LoadModule wsgi_module,LoadModule wsgi_module,g' /etc/httpd/conf.d/wsgi.conf
    if ! grep -q "Include /opt/invenio/etc/apache/invenio-apache-vhost.conf" /etc/httpd/conf/httpd.conf; then
        echo "Include /opt/invenio/etc/apache/invenio-apache-vhost.conf" | sudo tee -a /etc/httpd/conf/httpd.conf
    fi
    if ! grep -q "Include /opt/invenio/etc/apache/invenio-apache-vhost-ssl.conf" /etc/httpd/conf/httpd.conf; then
        echo "Include /opt/invenio/etc/apache/invenio-apache-vhost-ssl.conf" | sudo tee -a /etc/httpd/conf/httpd.conf
    fi
    if ! grep -q "TraceEnable off" /etc/httpd/conf/httpd.conf; then
        echo "TraceEnable off" | sudo tee -a /etc/httpd/conf/httpd.conf
    fi
    if ! grep -q "SSLProtocol all -SSLv2" /etc/httpd/conf/httpd.conf; then
        echo "SSLProtocol all -SSLv2" | sudo tee -a /etc/httpd/conf/httpd.conf
    fi
    sudo perl -pi -e 's,^Alias /error/,#Alias /error/,g' /etc/httpd/conf/httpd.conf
}

debian_configure_apache () {
    sudo DEBIAN_FRONTEND=noninteractive apt-get install -y ssl-cert
    sudo mkdir -p /etc/apache2/ssl
    if [ ! -e /etc/apache2/ssl/apache.pem ]; then
        sudo DEBIAN_FRONTEND=noninteractive /usr/sbin/make-ssl-cert \
            /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
    fi
    if [ ! -L /etc/apache2/sites-available/invenio.conf ]; then
        sudo ln -fs /opt/invenio/etc/apache/invenio-apache-vhost.conf \
            /etc/apache2/sites-available/invenio.conf
    fi
    if [ ! -e /opt/invenio/etc/apache/invenio-apache-vhost.conf ]; then
        # create them empty for the time being so that apache would start
        sudo mkdir -p /opt/invenio/etc/apache/
        sudo touch /opt/invenio/etc/apache/invenio-apache-vhost.conf
        sudo chown -R www-data.www-data /opt/invenio
    fi
    if [ ! -L /etc/apache2/sites-available/invenio-ssl.conf ]; then
        sudo ln -fs /opt/invenio/etc/apache/invenio-apache-vhost-ssl.conf \
            /etc/apache2/sites-available/invenio-ssl.conf
    fi
    if [ ! -e /opt/invenio/etc/apache/invenio-apache-vhost-ssl.conf ]; then
        # create them empty for the time being so that apache would start
        sudo mkdir -p /opt/invenio/etc/apache/
        sudo touch /opt/invenio/etc/apache/invenio-apache-vhost-ssl.conf
        sudo chown -R www-data.www-data /opt/invenio
    fi
    sudo /usr/sbin/a2dissite "*default*"
    sudo /usr/sbin/a2ensite "invenio*"
    sudo /usr/sbin/a2enmod ssl
    sudo /usr/sbin/a2enmod version || echo "[WARNING] Ignoring 'a2enmod version' command; hoping IfVersion is built-in."
    sudo /usr/sbin/a2enmod xsendfile
    sudo /etc/init.d/apache2 restart
}

freebsd_configure_apache () {
    # enable apache right after restarts:
    echo "apache22_enable=\"YES\"" | sudo tee -a /etc/rc.conf
    # set up accf_http module:
    if ! grep -q 'accf_http_load="YES"' /boot/loader.conf; then
        echo 'accf_http_load="YES"' | sudo tee -a /boot/loader.conf
    fi
    if ! $(kldstat | grep -q accf_http); then
        sudo kldload accf_http
    fi
    # set up accf_data module:
    if ! grep -q 'accf_http_data="YES"' /boot/loader.conf; then
        echo 'accf_http_data="YES"' | sudo tee -a /boot/loader.conf
    fi
    if ! $(kldstat | grep -q accf_data); then
        sudo kldload accf_data
    fi
    # set up vhost link:
    if [ ! -L /usr/local/etc/apache22/Includes/invenio-apache-vhost.conf ]; then
        sudo ln -s /opt/invenio/etc/apache/invenio-apache-vhost.conf /usr/local/etc/apache22/Includes/
    fi
    # make sure an empty vhost config file exists:
    if [ ! -e /opt/invenio/etc/apache/invenio-apache-vhost.conf ]; then
        # create it empty for the time being so that apache would start
        sudo mkdir -p /opt/invenio/etc/apache/
        sudo touch /opt/invenio/etc/apache/invenio-apache-vhost.conf
        sudo chown -R www:www /opt/invenio
    fi
    # FIXME set up SSL certificate
    # alter default config so that Apache would start:
    sudo perl -pi -e 's,^#ServerName www.example.com:80,ServerName localhost.localdomain:80,s' /usr/local/etc/apache22/httpd.conf
    # start apache:
    sudo $CFG_INVENIO_APACHECTL restart
}

redhat_configure_selinux () {
    if grep -q ^SELINUX=enforcing /etc/selinux/config; then
        sudo /usr/sbin/setenforce Permissive
        sudo perl -pi -e 's,^SELINUX=enforcing,SELINUX=permissive,g' /etc/selinux/config
    fi
}

redhat_configure_iptables () {
    if [ -e /sbin/iptables ]; then
        thisinputchain="INPUT"
        if sudo /sbin/iptables -nL | grep -q 'Chain RH-Firewall-1-INPUT'; then
            thisinputchain="RH-Firewall-1-INPUT"
        fi
        if ! sudo /sbin/iptables -nL | grep -q dpt:$CFG_INVENIO_PORT_HTTP; then
            sudo /sbin/iptables -I $thisinputchain -p tcp -m tcp --dport $CFG_INVENIO_PORT_HTTP -j ACCEPT
            sudo /sbin/iptables -I OUTPUT -p tcp -m tcp --dport $CFG_INVENIO_PORT_HTTP -j ACCEPT
        fi
        if ! sudo /sbin/iptables -nL | grep -q dpt:$CFG_INVENIO_PORT_HTTPS; then
            sudo /sbin/iptables -I $thisinputchain -p tcp -m tcp --dport $CFG_INVENIO_PORT_HTTPS -j ACCEPT
            sudo /sbin/iptables -I OUTPUT -p tcp -m tcp --dport $CFG_INVENIO_PORT_HTTPS -j ACCEPT
        fi
    fi
}

main () {
    if [ -e /etc/redhat-release ]; then
        redhat_enable_epel
        if grep -q ' 5.' /etc/redhat-release; then
            redhat5_install_packages
        elif grep -q ' 6.' /etc/redhat-release; then
            redhat6_install_packages
        else
            redhat_unknown
        fi
        # now that apache user exists, fix rights:
        sudo chown -R apache.apache /opt/invenio
        redhat_configure_mysql
        redhat_configure_apache
        redhat_configure_selinux
        redhat_configure_iptables
    elif [ -e /etc/debian_version ]; then
        debian_install_packages
        debian_configure_mysql
        debian_configure_apache
    elif [ $(uname -s) = "FreeBSD" ]; then
        freebsd_install_packages
        freebsd_configure_mysql
        freebsd_configure_apache
    else
        os_unknown

    fi
}

echo "[INFO] $0 started."
main
echo "[INFO] $0 finished."

# end of file