96 lines
4.7 KiB
Bash
96 lines
4.7 KiB
Bash
#!/bin/bash
|
|
##Script build for debian (10), ubuntu (18.04,20.04) and centos (8)
|
|
|
|
##Build of a release tag
|
|
#RelVer=stable
|
|
##Build of a master branch, but config is vaidated
|
|
RelVer=latest_Tested
|
|
##Build of a master branch
|
|
#RelVer=latest
|
|
|
|
#Use 3.6 (only avalible on ubuntu 18.04, centos 8 or debian 9) for current 'stable' release (v0.4.2),
|
|
#4.4 works on current 'latest' and ' latest_Tested'
|
|
MongoVer=4.4
|
|
|
|
#Go to script directory
|
|
cd "$(dirname "$0")"
|
|
#Setting up services needed for ShellHub
|
|
##PreReqs
|
|
mkdir -p /opt/ShellHub/{ui,keys,tools}
|
|
|
|
|
|
if [ "$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")" = "debian" ] || [ "$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")" = "ubuntu" ]; then
|
|
PKGM=apt
|
|
$PKGM -y install --no-install-recommends wget gnupg ca-certificates openssl uuid-runtime
|
|
###debian/ubuntu prep
|
|
####addding mongoDB and openresty Repos
|
|
wget -O - https://openresty.org/package/pubkey.gpg | apt-key add -
|
|
wget -qO - https://www.mongodb.org/static/pgp/server-$MongoVer.asc | apt-key add -
|
|
if [ "$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")" = "debian" ]; then
|
|
echo "deb http://openresty.org/package/debian $(grep -oP '(?<=^VERSION_CODENAME=).+' /etc/os-release | tr -d '"') openresty" > /etc/apt/sources.list.d/openresty.list
|
|
echo "deb http://repo.mongodb.org/apt/debian $(grep -oP '(?<=^VERSION_CODENAME=).+' /etc/os-release | tr -d '"')/mongodb-org/$MongoVer main" > /etc/apt/sources.list.d/mongodb-org-$MongoVer.list
|
|
elif [ "$(grep --color=never -Po "^ID=\K.*" "/etc/os-release")" = "ubuntu" ]; then
|
|
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu $(grep -oP '(?<=^VERSION_CODENAME=).+' /etc/os-release | tr -d '"')/mongodb-org/$MongoVer multiverse" > /etc/apt/sources.list.d/mongodb-org-$MongoVer.list
|
|
echo "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main" > /etc/apt/sources.list.d/openresty.list
|
|
fi
|
|
apt update
|
|
elif [ "$(grep -oP '(?<=^PLATFORM_ID=).+' /etc/os-release | tr -d '"')" = "platform:el8" ]; then
|
|
###el8 prep
|
|
PKGM=dnf
|
|
####addding mongoDB and openresty Repos
|
|
$PKGM install -y wget gnupg ca-certificates openssl uuid checkpolicy
|
|
wget https://openresty.org/package/centos/openresty.repo -O /etc/yum.repos.d/openresty.repo
|
|
rpm --import https://openresty.org/package/pubkey.gpg
|
|
sed -i 's/MOGOVER/'$MongoVer'/g' config/EL8/mongodb.repo
|
|
mv config/EL8/mongodb.repo /etc/yum.repos.d/mongodb-org-$MongoVer.repo
|
|
rpm --import https://www.mongodb.org/static/pgp/server-$MongoVer.asc
|
|
$PKGM check-update --refresh
|
|
useradd -r -U -s /usr/sbin/nologin -d /var/www www-data
|
|
###adding selinux module
|
|
checkmodule -M -m -o /tmp/mongodb_cgroup_memory.mod config/EL8/mongodb.te
|
|
semodule_package -o /tmp/mongodb_cgroup_memory.pp -m /tmp/mongodb_cgroup_memory.mod
|
|
semodule -i /tmp/mongodb_cgroup_memory.pp
|
|
fi
|
|
|
|
##Installing packages
|
|
$PKGM install -y openresty openresty-opm mongodb-org
|
|
##Configuring external services
|
|
opm get bungle/lua-resty-template
|
|
systemctl stop openresty mongod
|
|
systemctl enable openresty mongod
|
|
# config openresty(nginx)
|
|
rm /etc/openresty/nginx.conf
|
|
wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/nginx.env -O /opt/ShellHub/nginx.env
|
|
mv config/openresty.conf /usr/local/openresty/nginx/conf/nginx.conf
|
|
mkdir /var/run/openresty
|
|
echo "d /var/run/openresty 0755 root root - -" > /usr/lib/tmpfiles.d/openresty-custom.conf
|
|
echo " 127.0.0.1 ui api ssh mongo" > /etc/hosts
|
|
systemctl start openresty mongod
|
|
|
|
##Setup Binaries
|
|
wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/.env -O /opt/ShellHub/shellhub.env
|
|
wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinServices/ShellHubSSH-amd64 -O /opt/ShellHub/ShellHubSSH
|
|
wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinServices/ShellHubAPI-amd64 -O /opt/ShellHub/ShellHubAPI
|
|
wget https://git.bprieshof.nl/ci/Releases/ShellHub/"$RelVer"/BinServices/webui.tar.gz -O /tmp/webui.tar.gz
|
|
chmod +x /opt/ShellHub/ShellHubAPI
|
|
chmod +x /opt/ShellHub/ShellHubSSH
|
|
tar -zxf /tmp/webui.tar.gz -C /opt/ShellHub/ui
|
|
mv Tools/* /opt/ShellHub/tools/
|
|
|
|
##Generating keys
|
|
openssl genrsa -out /opt/ShellHub/keys/api_private_key 2048
|
|
openssl rsa -in /opt/ShellHub/keys/api_private_key -out /opt/ShellHub/keys/api_public_key -pubout
|
|
openssl genrsa -out /opt/ShellHub/keys/ssh_private_key 2048
|
|
|
|
##Setup services
|
|
mv config/ServiceTemplates/ShellHubAPI.service /etc/systemd/system/ShellHubAPI.service
|
|
mv config/ServiceTemplates/ShellHubSSH.service /etc/systemd/system/ShellHubSSH.service
|
|
if [ "$(grep -oP '(?<=^PLATFORM_ID=).+' /etc/os-release | tr -d '"')" = "platform:el8" ]; then
|
|
##Resetting reseting service permissions
|
|
restorecon -Rv /etc/systemd/system
|
|
fi
|
|
systemctl daemon-reload
|
|
systemctl enable --now ShellHubAPI ShellHubSSH
|
|
|
|
|