samjaninf
6/14/2017 - 7:22 PM
ofn installer debian ?.sh
#!/bin/bash
set -ex
echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d
echo 'Acquire::ForceIPv4 "true";' > /etc/apt/apt.conf.d/99force-ipv4
rm -rf /var/lib/apt/lists/* preseed.txt
echo "postfix postfix/main_mailer_type string Internet site" > preseed.txt
debconf-set-selections preseed.txt
# Install right version of ruby
mkdir -p /usr/local/etc \
&& { \
echo 'install: --no-document'; \
echo 'update: --no-document'; \
} >> /usr/local/etc/gemrc
buildDeps=' bison dpkg-dev libgdbm-dev ruby autoconf '
apt-get update -y && apt-get install -y --no-install-recommends locales ca-certificates memcached apt-transport-https libterm-readline-perl-perl locales mc net-tools nginx postfix build-essential chrpath libssl-dev libxft-dev libfreetype6 libfreetype6-dev libfontconfig1 libfontconfig1-dev git $buildDeps
localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
export LANG=en_US.utf8
update-ca-certificates -f
# Clean apt lists
rm -rf /var/lib/apt/lists/*
# Install ruby 2.1.5
if ! command -v ruby >/dev/null 2>&1; then
cd /tmp
wget -O ruby.tar.xz "https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.5.tar.xz"
mkdir -p /usr/src/ruby
tar -xJf ruby.tar.xz -C /usr/src/ruby --strip-components=1
rm ruby.tar.xz
cd /usr/src/ruby
# hack in "ENABLE_PATH_CHECK" disabling to suppress:
# warning: Insecure world writable dir
{ \
echo '#define ENABLE_PATH_CHECK 0'; \
echo; \
cat file.c; \
} > file.c.new
mv file.c.new file.c
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"
./configure --build="$gnuArch" --disable-install-doc --enable-shared
make -j "$(nproc)"
make install
apt-get purge -y --auto-remove $buildDeps
cd /
rm -r /usr/src/ruby
gem update --system "2.6.12"
export GEM_HOME=/usr/local/bundle
export BUNDLE_PATH="$GEM_HOME"
export BUNDLE_BIN="$GEM_HOME/bin"
export BUNDLE_SILENCE_ROOT_WARNING=1
export BUNDLE_APP_CONFIG="$GEM_HOME"
export PATH=$BUNDLE_BIN:$PATH
mkdir -p "$GEM_HOME" "$BUNDLE_BIN" && chmod 777 "$GEM_HOME" "$BUNDLE_BIN"
# Install right postgresql
key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \
export GNUPGHOME="$(mktemp -d)"; \
gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
gpg --export "$key" > /etc/apt/trusted.gpg.d/postgres.gpg; \
rm -r "$GNUPGHOME"; \
apt-key list
fi
export PG_MAJOR=9.4
export PG_VERSION=9.4.12-1.pgdg80+1
echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' $PG_MAJOR > /etc/apt/sources.list.d/pgdg.list
apt-get update \
&& apt-get install -y postgresql-common \
&& sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf \
&& apt-get install -y \
postgresql-$PG_MAJOR=$PG_VERSION \
postgresql-contrib-$PG_MAJOR=$PG_VERSION \
&& rm -rf /var/lib/apt/lists/*
mv -v /usr/share/postgresql/$PG_MAJOR/postgresql.conf.sample /usr/share/postgresql/ \
&& ln -sv ../postgresql.conf.sample /usr/share/postgresql/$PG_MAJOR/ \
&& sed -ri "s!^#?(listen_addresses)\s*=\s*\S+.*!\1 = '*'!" /usr/share/postgresql/postgresql.conf.sample
mkdir -p /var/run/postgresql && chown -R postgres:postgres /var/run/postgresql && chmod 2777 /var/run/postgresql
export PATH=/usr/lib/postgresql/$PG_MAJOR/bin:$PATH
export PGDATA=/var/lib/postgresql/data
mkdir -p "$PGDATA" && chown -R postgres:postgres "$PGDATA" && chmod 777 "$PGDATA"
export OFN_DB=ofn_prod
export OFN_DB_USER=ofn
export OFN_DB_PASS=Temple_46
export POSTGRES_DB=${OFN_DB}
export POSTGRES_USER=${OFN_DB_USER}
export POSTGRES_PASSWORD=${OFN_DB_PASS}
export PGPASSWORD=${OFN_DB_PASS}
if [ "$POSTGRES_PASSWORD" ]; then
pass="PASSWORD '$POSTGRES_PASSWORD'"
authMethod=md5
else
# The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-'EOWARN'
****************************************************
WARNING: No password has been set for the database.
This will allow anyone with access to the
Postgres port to access your database. In
Docker's default configuration, this is
effectively any other container on the same
system.
Use "-e POSTGRES_PASSWORD=password" to set
it in "docker run".
****************************************************
EOWARN
pass=
authMethod=trust
fi
{
echo
echo "host all all all $authMethod"
} > "$PGDATA/pg_hba.conf"
PGUSER="${PGUSER:-postgres}"
pg_ctl -D "$PGDATA" -o "-c listen_addresses='localhost'" -w start
export psql=( psql -v ON_ERROR_STOP=1 )
if [ "$POSTGRES_DB" != 'postgres' ]; then
"${psql[@]}" --username postgres <<-EOSQL
CREATE DATABASE "$POSTGRES_DB" ;
EOSQL
echo
fi
if [ "$POSTGRES_USER" = 'postgres' ]; then
op='ALTER'
else
op='CREATE'
fi
"${psql[@]}" --username postgres <<-EOSQL
$op USER "$POSTGRES_USER" WITH SUPERUSER $pass ;
EOSQL
psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
PGUSER="${PGUSER:-postgres}" \
pg_ctl -D "$PGDATA" -m fast -w stop
# Install Openfoodnetwork
gem install bundler
bundle config git.allow_insecure true
git clone https://github.com/samjaninf/ofn-one /opt/ofn-one
mkdir /opt/ofn && mv /opt/ofn-one/openfoodnetwork/* /opt/ofn
# cp openfoodnetwork/. /opt/ofn
cd /opt/ofn
bundle install --without test development mysql
# RUN service postfix start && service nginx start
#useradd -M -d /opt/ofn -s /bin/bash ofn
sed -i -e "s#.*tcp_nodelay on.*# tcp_nodelay off;#" -e "s#.*\# gzip_vary on.*# gzip_vary on;#" -e "s#.*\# gzip_proxied.*# gzip_proxied any;#" -e "s#.*\# gzip_http_version.*# gzip_http_version 1.1;#" -e "s#.*\# gzip_types text/plain text/css application/json application/javascriptt text/xml application/xml application/xml+rss text/javascript;.*# gzip_types text/plain text/xml text/css text/comma-separated-values text/javascript application/x-javascript application/atom+xml;#" /etc/nginx/nginx.conf
# install phantomjs
wget -q https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 -O phantomjs-2.1.1.tar.bz2
tar xvjf phantomjs-2.1.1.tar.bz2
mv phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/bin/phantomjs
export rakeSecret=$(rake secret)
echo "===> Configuring Openfoodnetwork for production please wait..."
export OFN_DIR=/opt/ofn
sed -e "s#production:#${RAILS_ENV}:#" -e "s#.*adapter:.*# adapter: postgresql#" -e "s#.*username:.*# username: ${OFN_DB_USER}#" -e "s#.*password:.*# password: ${OFN_DB_PASS}#" -e "s#.*database:.*# database: ${OFN_DB}\n host: ${OFN_DB_HOST}#" < ${OFN_DIR}/config/database.yml.pkgr > ${OFN_DIR}/config/database.yml
bundle exec rake db:drop
bundle exec rake db:create
bundle exec rake db:schema:load
bundle exec rake db:migrate
bundle exec rake db:seed
echo "===> Running assets precompile"
bundle exec rake assets:precompile
sed -e "s#.*server_name.*# server_name ${OFN_URL};#" < /opt/ofn-one/scripts/ofn.conf > /etc/nginx/sites-enabled/ofn.conf
service nginx start; service postfix start; service memcached start
# write unicorn.rb file
cat << EOF > /opt/ofn/config/unicorn.rb
app_path = File.expand_path(File.dirname(__FILE__) + '/..')
# amount of unicorn workers to spin up
worker_processes (ENV['RAILS_ENV'] == 'production' ? 2 : 1)
# restarts workers that hang for 30 seconds
timeout 120
listen app_path + '/tmp/unicorn.sock', backlog: 64
listen(3000, backlog: 64) if ENV['RAILS_ENV'] == 'development'
# Set the working directory of this unicorn instance.
working_directory app_path
pid app_path + '/tmp/unicorn.pid'
preload_app true
# Garbage collection settings.
GC.respond_to?(:copy_on_write_friendly=) &&
GC.copy_on_write_friendly = true
# If using ActiveRecord, disconnect (from the database) before forking.
before_fork do |server, worker|
defined?(ActiveRecord::Base) &&
ActiveRecord::Base.connection.disconnect!
end
# After forking, restore your ActiveRecord connection.
after_fork do |server, worker|
defined?(ActiveRecord::Base) &&
ActiveRecord::Base.establish_connection
end
EOF
sed -i -e "s#.*config.force_ssl.*# config.force_ssl = false#" /opt/ofn/config/environments/production.rb
sed -i -e "s#.*config.log_level.*# config.log_level = :info#" /opt/ofn/config/environments/production.rb
bundle exec unicorn -p 3000 -c config/unicorn.rb -E ${RAILS_ENV} &>> ${OFN_DIR}/log/ofn.log &