#!/bin/sh
#
# Script used for deploying DM DS web service
# Deployment configuration can be set in etc/$DM_DB_NAME.deploy.conf file
#
# Usage:
#
# $0 [DM_DB_NAME]
#
MY_DIR=`dirname $0` && cd $MY_DIR && MY_DIR=`pwd`
if [ -z "${DM_ROOT_DIR}" ]; then
DM_ROOT_DIR=$MY_DIR/..
fi
DM_ENV_FILE=${DM_ROOT_DIR}/setup.sh
if [ ! -f ${DM_ENV_FILE} ]; then
echo "Environment file ${DM_ENV_FILE} does not exist."
exit 2
fi
. ${DM_ENV_FILE} > /dev/null
# Use first argument as db name, if provided
DM_DB_NAME=${DM_DB_NAME:=dm}
if [ ! -z "$1" ]; then
DM_DB_NAME=$1
fi
echo "Using DB name: $DM_DB_NAME"
# Look for deployment file in etc directory, and use it to override
# default entries
deployConfigFile=$DM_ROOT_DIR/etc/${DM_DB_NAME}.deploy.conf
if [ -f $deployConfigFile ]; then
echo "Using deployment config file: $deployConfigFile"
. $deployConfigFile
else
echo "Deployment config file $deployConfigFile not found, using defaults"
fi
DM_HOST_ARCH=`uname | tr [A-Z] [a-z]`-`uname -m`
DM_DATE=`date +%Y.%m.%d`
DM_HOSTNAME=`hostname -f`
DM_SYSTEM_UNIX_ACCOUNT=`whoami`
DM_CONTEXT_ROOT=${DM_CONTEXT_ROOT:=dm}
DM_INSTALL_DIR=${DM_INSTALL_DIR:=$DM_ROOT_DIR/..}
DM_ETC_DIR=${DM_INSTALL_DIR}/etc
DM_SSL_DIR=${DM_ETC_DIR}/ssl
DM_LOG_DIR=${DM_INSTALL_DIR}/var/log
DM_CA_DIR=${DM_ETC_DIR}/CA
DM_CA_CERT_FILE=${DM_SSL_DIR}/dm-ca-cert.pem
DM_WEB_SERVICE_DAEMON=ds-web-service
DM_WEB_SERVICE_CERT_FILE=${DM_SSL_DIR}/$DM_DB_NAME.$DM_WEB_SERVICE_DAEMON.crt
DM_WEB_SERVICE_KEY_FILE=${DM_SSL_DIR}/$DM_DB_NAME.$DM_WEB_SERVICE_DAEMON.key
DM_WEB_SERVICE_CONFIG_FILE=${DM_ETC_DIR}/$DM_DB_NAME.$DM_WEB_SERVICE_DAEMON.conf
DM_WEB_SERVICE_LOG_FILE=${DM_LOG_DIR}/$DM_DB_NAME.$DM_WEB_SERVICE_DAEMON.log
DM_WEB_SERVICE_INIT_CMD=${DM_ROOT_DIR}/etc/init.d/dm-$DM_WEB_SERVICE_DAEMON
DM_DB_PASSWORD_FILE=${DM_ETC_DIR}/${DM_DB_NAME}.db.passwd
DM_SYSTEM_PASSWORD_FILE=${DM_INSTALL_DIR}/etc/${DM_SYSTEM_USER}.system.passwd
DM_SYSTEM_UNIX_PASSWORD_FILE=${DM_INSTALL_DIR}/etc/${DM_SYSTEM_UNIX_ACCOUNT}.ldap.passwd
DM_USER_SETUP_FILE=${DM_ETC_DIR}/${DM_DB_NAME}.setup.sh
cmd="echo $DM_DS_WEB_SERVICE_HOST | sed 's?DM_HOSTNAME?$DM_HOSTNAME?'"
DM_WEB_SERVICE_HOST=`eval $cmd`
DM_WEB_SERVICE_PORT=$DM_DS_WEB_SERVICE_PORT
echo "DM web service host: $DM_WEB_SERVICE_HOST"
echo "DM install directory: $DM_INSTALL_DIR"
mkdir -p $DM_ETC_DIR
mkdir -p $DM_SSL_DIR
mkdir -p $DM_LOG_DIR
chmod 700 $DM_SSL_DIR
echo "Stopping web service for $DM_DB_NAME"
$DM_WEB_SERVICE_INIT_CMD stop $DM_DB_NAME
if [ ! -f $DM_ETC_DIR/$DM_DB_NAME.db.passwd ]; then
echo "DB passsword file not found"
exit 1
fi
echo "Checking CA certificate"
if [ ! -f $DM_CA_CERT_FILE ]; then
echo "Creating DM CA"
$MY_DIR/dm_create_ca.sh || exit 1
rsync -ar $DM_CA_DIR/cacert.pem $DM_CA_CERT_FILE
else
echo "DM CA certificate exists"
fi
echo "Checking service certificates"
if [ ! -f $DM_WEB_SERVICE_CERT_FILE -o ! -f $DM_WEB_SERVICE_KEY_FILE ]; then
echo "Creating DM $DM_WEB_SERVICE_DAEMON certificate"
if [ ! -f $DM_CA_DIR/certs/$DM_WEB_SERVICE_HOST.crt ]; then
$MY_DIR/dm_create_server_cert.sh $DM_WEB_SERVICE_HOST $DM_WEB_SERVICE_HOST dm@aps.anl.gov || exit 1
fi
rsync -ar $DM_CA_DIR/certs/$DM_WEB_SERVICE_HOST.crt $DM_WEB_SERVICE_CERT_FILE
rsync -ar $DM_CA_DIR/certs/$DM_WEB_SERVICE_HOST.key $DM_WEB_SERVICE_KEY_FILE
else
echo "DM service certificate exists"
fi
if [ -z "$DM_STORAGE_DIR" ]; then
read -p "Enter full path to DM storage directory: " DM_STORAGE_DIR
fi
if [ -z "DM_STORAGE_DIR" ]; then
echo "DM storage directory directory cannot be empty."
exit 1
fi
echo "Verifying DM storage directory $DM_STORAGE_DIR"
mkdir -p $DM_STORAGE_DIR || exit 1
# Prepare setup file
echo "Checking service configuration file"
if [ ! -f $DM_WEB_SERVICE_CONFIG_FILE ]; then
echo "Generating service config file"
cmd="cat $DM_ROOT_DIR/etc/$DM_WEB_SERVICE_DAEMON.conf.template \
| sed 's?servicePort=.*?servicePort=$DM_WEB_SERVICE_PORT?g' \
| sed 's?sslCaCertFile=.*?sslCaCertFile=$DM_CA_CERT_FILE?g' \
| sed 's?sslCertFile=.*?sslCertFile=$DM_WEB_SERVICE_CERT_FILE?g' \
| sed 's?sslKeyFile=.*?sslKeyFile=$DM_WEB_SERVICE_KEY_FILE?g' \
| sed 's?handler=TimedRotatingFileLoggingHandler.*?handler=TimedRotatingFileLoggingHandler(\"$DM_WEB_SERVICE_LOG_FILE\")?g' \
| sed 's?DM_STORAGE_DIR?$DM_STORAGE_DIR?g' \
| sed 's?DM_INSTALL_DIR?$DM_INSTALL_DIR?g' \
| sed 's?DM_HOSTNAME?$DM_HOSTNAME?g' \
| sed 's?DM_DB_NAME?$DM_DB_NAME?g' \
| sed 's?DM_SYSTEM_UNIX_ACCOUNT?$DM_SYSTEM_UNIX_ACCOUNT?g' \
> $DM_WEB_SERVICE_CONFIG_FILE"
eval $cmd || exit 1
else
echo "Service config file exists"
fi
# Get system account password
if [ ! -f "$DM_SYSTEM_PASSWORD_FILE" ]; then
sttyOrig=`stty -g`
stty -echo
read -p "Enter system (database) password for the $DM_SYSTEM_USER user: " DM_SYSTEM_PASSWORD
echo
stty $sttyOrig
echo $DM_SYSTEM_PASSWORD > $DM_SYSTEM_PASSWORD_FILE
chmod 600 $DM_SYSTEM_PASSWORD_FILE
# Add dm system user to the DB
echo "Adding $DM_SYSTEM_USER system user to the database"
dm-add-user --username=$DM_SYSTEM_USER --first-name=System --last-name=Account --password-file=$DM_SYSTEM_PASSWORD_FILE || exit 1
dm-add-user-system-role --username=$DM_SYSTEM_USER --role-name=Administrator || exit 1
fi
# Get unix account password
if [ ! -f "$DM_SYSTEM_UNIX_PASSWORD_FILE" ]; then
sttyOrig=`stty -g`
stty -echo
read -p "Enter UNIX (LDAP) password for the $DM_SYSTEM_UNIX_ACCOUNT user: " DM_SYSTEM_UNIX_PASSWORD
echo
stty $sttyOrig
echo $DM_SYSTEM_UNIX_PASSWORD > $DM_SYSTEM_UNIX_PASSWORD_FILE
chmod 600 $DM_SYSTEM_UNIX_PASSWORD_FILE
fi
# Modify version
echo "Modifying python module version"
versionFile=$DM_ROOT_DIR/src/python/dm/__init__.py
cmd="cat $versionFile | sed 's?__version__ =.*?__version__ = \"${DM_SOFTWARE_VERSION}\"?g' | sed 's?DM_DATE?$DM_DATE?g' > $versionFile.2
&& mv $versionFile.2 $versionFile"
eval $cmd
echo "Preparing setup file"
cmd="cat $DM_ROOT_DIR/etc/setup.sh.template \
| sed 's?DM_ROOT_DIR=.*?DM_ROOT_DIR=$DM_ROOT_DIR?g' \
| sed 's?DM_WEB_SERVICE_PROTOCOL=.*?DM_WEB_SERVICE_PROTOCOL=$DM_WEB_SERVICE_PROTOCOL?g' \
| sed 's?DM_DS_WEB_SERVICE_HOST=.*?DM_DS_WEB_SERVICE_HOST=$DM_DS_WEB_SERVICE_HOST?g' \
| sed 's?DM_DS_WEB_SERVICE_PORT=.*?DM_DS_WEB_SERVICE_PORT=$DM_DS_WEB_SERVICE_PORT?g' \
| sed 's?DM_DAQ_WEB_SERVICE_HOST=.*?DM_DAQ_WEB_SERVICE_HOST=$DM_DAQ_WEB_SERVICE_HOST?g' \
| sed 's?DM_DAQ_WEB_SERVICE_PORT=.*?DM_DAQ_WEB_SERVICE_PORT=$DM_DAQ_WEB_SERVICE_PORT?g' \
| sed 's?DM_CAT_WEB_SERVICE_HOST=.*?DM_CAT_WEB_SERVICE_HOST=$DM_CAT_WEB_SERVICE_HOST?g' \
| sed 's?DM_CAT_WEB_SERVICE_PORT=.*?DM_CAT_WEB_SERVICE_PORT=$DM_CAT_WEB_SERVICE_PORT?g' \
| sed 's?DM_HOSTNAME?$DM_HOSTNAME?g' \
> $DM_USER_SETUP_FILE"
eval $cmd || exit 1
# Prepare sudo rules
configureSudo="N"
read -p "Would you like to configure sudo rules (requires root password) in order to allow the $DM_SYSTEM_UNIX_ACCOUNT user to manage user groups and file system permissions? [y|N] " configureSudo
if [ "$configureSudo" = "y" -o "$configureSudo" = "Y" ]; then
sudoersFile=/etc/sudoers.d/$DM_SYSTEM_UNIX_ACCOUNT
echo "Preparing DM sudo rules file $sudoersFile"
cmd="su -c \"cat $DM_ROOT_DIR/etc/${DM_DB_NAME}.sudo-rules.template \
| sed 's?DM_STORAGE_DIR?$DM_STORAGE_DIR?g' \
| sed 's?DM_SYSTEM_UNIX_ACCOUNT?$DM_SYSTEM_UNIX_ACCOUNT?g' \
| sed 's?DM_HOSTNAME?$DM_HOSTNAME?g' \
> $sudoersFile\""
eval $cmd || exit 1
else
echo "Will not configure sudo access for $DM_SYSTEM_UNIX_ACCOUNT."
fi
echo "Starting ds web service for $DM_DB_NAME"
$DM_WEB_SERVICE_INIT_CMD start $DM_DB_NAME
echo "Done deploying $DM_WEB_SERVICE_DAEMON for $DM_DB_NAME"