install/mattermost
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

install-mattermost.sh: add support for postgreSQL.

Browse Source
This commit is contained in:
Christoph 2024-09-23 15:30:09 +02:00
parent ef78057ee0
commit ea7d6ba2a6
1 changed files with 518 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

484
install-mattermost.sh
View File

@ -205,6 +205,8 @@ DEFAULT_MATTERMOST_USER="mattermost"
DEFAULT_DB_NAME="mattermost"
DEFAULT_DB_USER="mattermost"
DEFAUTL_DB_TYPE="psql"
# generate random password
regexp_digit="([23456789].*){2}"
regexp_special_char="([-_%+].*){2}"
@ -242,6 +244,22 @@ fi
[[ -n "$FQHN_HOSTNAME" ]] && DEFAULT_FQHN_HOSTNAME="$FQHN_HOSTNAME"
if [[ -n "$DB_TYPE" ]] ; then
if [[ "${DB_TYPE,,}" = "postgres" ]] || [[ "${DB_TYPE,,}" = "postgresql" ]] || [[ "${DB_TYPE,,}" = "pgsql" ]] || [[ "${DB_TYPE,,}" = "psql" ]] ; then
DEFAULT_DB_TYPE=pgsql
elif [[ "${DB_TYPE,,}" = "mysql" ]] ; then
DEFAULT_DB_TYPE=mysql
else
fatal "Wrong or empty Database Type (DB_TYPE) - must be 'mysql' or 'pgsql'."
fi
else
DEFAULT_DB_TYPE=pgsql
fi
[[ -n "$DB_NAME" ]] && DEFAULT_DB_NAME="$DB_NAME"
[[ -n "$DB_USER" ]] && DEFAULT_DB_NAME="$DB_USER"
[[ -n "$DB_PASS" ]] && DEFAULT_DB_PASS="$DB_PASS"
@ -344,6 +362,45 @@ do
done
DB_TYPE=""
echo ""
echo -e "\033[32m--\033[m"
echo ""
echo "Choose Database Type"
echo ""
if [[ "$DEFAULT_DB_TYPE" = "mysql" ]]; then
echo -e "\033[3G\033[37m\033[1m[1] MySQL\033[m"
else
echo -e "\033[3G[1] MySQL"
fi
if [[ "$DEFAULT_DB_TYPE" = "pgsql" ]] ; then
echo -e "\033[3G[2] \033[37m\033[1mPostgeSQL\033[m"
else
echo -e "\033[3G[2] PostgeSQL"
fi
echo ""
echo "Type a number or press <RETURN> to choose highlighted value"
echo ""
echononl "Eingabe: "
while [ "$DB_TYPE" != "mysql" -a "$DB_TYPE" != "pgsql" ]; do
read OPTION
case $OPTION in
1)
DB_TYPE="mysql"
;;
2)
DB_TYPE="pgsql"
;;
'') DB_TYPE=$DEFAULT_DB_TYPE
;;
*)
echo ""
echo -e "\033[3GFalsche Eingabe ! [ 1 = MySQL ; 2 = PostgreSQL ] or type <RETURN>"
echo ""
echononl "Eingabe: "
;;
esac
done
DB_NAME=
@ -418,13 +475,13 @@ else
done
fi
if [[ -n "$MYSQL_CREDENTIAL_ARGS" ]] ; then
if [[ "$DB_TYPE" = "mysql" ]] ; then
if [[ -n "$MYSQL_CREDENTIAL_ARGS" ]] ; then
if ! $(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e 'quit' > /dev/null 2>&1) ; then
fatal "Parameter MYSQL_CREDENTIAL_ARGS is given, but a connection to MySQL Service failed.!"
fi
USE_MYSQL_CREDENTIAL_ARGS=true
else
else
USE_MYSQL_CREDENTIAL_ARGS=false
_MYSQL_ROOT_PW=""
@ -452,10 +509,10 @@ else
fatal "MySQL seems not be running. Start MySQL Service and try installing mattermost again."
fi
done
fi
fi
echo ""
echo ""
echo -e "\t\033[32mStart install script for Mattermost Server with the following parameters\033[m"
@ -469,12 +526,20 @@ echo -e "\tMattermost user..........: $MATTERMOST_USER"
echo -e "\tMattermost group.........: $MATTERMOST_GROUP"
echo ""
echo ""
if $USE_MYSQL_CREDENTIAL_ARGS ; then
echo -e "\tMYSQL_CREDENTIAL_ARGS....: $MYSQL_CREDENTIAL_ARGS"
if [[ "${DB_TYPE}" = "pgsql" ]] ; then
echo -e "\tDatabase Type............: PostgreSQL"
else
echo -e "\tRoot password MySQL......: **"
echo -e "\tDatabase Type............: MySQL"
fi
echo ""
if [[ "${DB_TYPE}" = "mysql" ]]; then
if $USE_MYSQL_CREDENTIAL_ARGS ; then
echo -e "\tMYSQL_CREDENTIAL_ARGS....: $MYSQL_CREDENTIAL_ARGS"
else
echo -e "\tRoot password MySQL......: **"
fi
echo ""
fi
echo -e "\tDatabase Name............: $DB_NAME"
echo -e "\tDatabase User............: $DB_USER"
echo -e "\tDatabase Password........: $DB_PASS"
@ -519,19 +584,60 @@ if $nginx_installed ; then
echo -e "\033[85G[ \033[32mYES\033[m ]"
else
echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi
_failed=false
echononl "Check if MySQL Database Service is installed.."
if $(dpkg -s mysql-server > "$log_file" 2>&1) ; then
if [[ "${DB_TYPE}" = "mysql" ]]; then
echononl "Check if MySQL Database Service is installed.."
if $(dpkg -s mysql-server > "$log_file" 2>&1) ; then
mysql_server_installed=true
else
else
mysql_server_installed=false
fi
if $mysql_server_installed ; then
fi
if $mysql_server_installed ; then
echo -e "\033[85G[ \033[32mYES\033[m ]"
else
else
echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi
else
echononl "Check if PostgreSQL Database Service is installed.."
if $(dpkg -s postgresql > "$log_file" 2>&1) ; then
postgresql_server_installed=true
else
postgresql_server_installed=false
fi
if $postgresql_server_installed ; then
echo -e "\033[85G[ \033[32mYES\033[m ]"
else
echo -e "\033[85G[ \033[1;31mNOT installed\033[m ]"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
fi
fi
@ -603,11 +709,13 @@ fi
blank_line
echononl "Create Database User '${DB_USER}' with Password '${DB_PASS}'.."
if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
if [[ "${DB_TYPE}" = "mysql" ]] ; then
echononl "Create MySQL Database User '${DB_USER}' with Password '${DB_PASS}'.."
if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '$DB_USER')" 2>/dev/null)" = 1 ]]; then
echo_skipped
else
else
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '${DB_PASS}'" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
@ -616,14 +724,14 @@ else
else
echo_ok
fi
fi
fi
echononl "Create Database '${DB_NAME}'.."
if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
echononl "Create MySQL Database '${DB_NAME}'.."
if [[ "$(mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"SHOW DATABASES LIKE '${DB_NAME}'" 2>/dev/null)" = "${DB_NAME}" ]]; then
echo_skipped
else
else
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e "CREATE DATABASE ${DB_NAME}" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
@ -631,26 +739,169 @@ else
else
echo_ok
fi
fi
fi
echononl "Grant access privileges to the user '${DB_USER}'."
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
echononl "Grant access privileges to the user '${DB_USER}'."
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"GRANT ALL PRIVILEGES ON ${DB_NAME}.* to '${DB_USER}'@'localhost';" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
else
echo_ok
fi
fi
echononl "FLUSH PRIVILEGES to dadabase engine .."
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
echononl "FLUSH PRIVILEGES to dadabase engine .."
mysql $MYSQL_CREDENTIAL_ARGS -N -s -e \
"FLUSH PRIVILEGES" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
else
echo_ok
fi
else
# Check if PostgreSQL database '$DB_NAME' exists ..
#
count=$(su - postgres -c "psql -q -A -t -l" | grep -c -e "^$DB_NAME")
if [[ $count -eq 0 ]];then
database_exists=false
else
database_exists=true
fi
# sudo -u postgres psql -c "CREATE DATABASE ${DB_NAME};" > $log_file 2>&1
# sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASS}';" > $log_file 2>&1
# sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} to ${DB_USER};" > $log_file 2>&1
# sudo -u postgres psql -c "ALTER DATABASE ${DB_NAME} OWNER TO ${DB_USER};" > $log_file 2>&1
# sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO ${DB_USER};" > $log_file 2>&1
echononl "Create PostgreSQL database '${DB_NAME}'.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "CREATE DATABASE ${DB_NAME};" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
echononl "Create PostgreSQL database user ${DB_USER}.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH PASSWORD '${DB_PASS}';" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
echononl "Grant the user access to the Mattermost database.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE ${DB_NAME} to ${DB_USER};" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
echononl "Change the owner of database '${DB_NAME}' to '${DB_USER}'.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "ALTER DATABASE ${DB_NAME} OWNER TO ${DB_USER};" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
echononl "Grant access to objects contained in the specified schema.."
if $database_exists ; then
echo_skipped
else
sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO ${DB_USER};" > $log_file 2>&1
if [[ $? -ne 0 ]] ; then
echo_failed
error "$(cat "$log_file")"
echo ""
echononl "\033[1mcontinue anyway\033[m [yes/no]: "
read OK
while [[ "${OK,,}" != "yes" ]] && [[ "${OK,,}" != "no" ]] ; do
echononl "Wrong entry! - repeat [yes/nno]: "
read OK
done
[[ $OK = "yes" ]] || fatal "Abbruch durch User"
else
echo_ok
fi
fi
fi
@ -756,7 +1007,8 @@ echo -e "\033[37m\033[1mConfigure Mattermost - file '/opt/mattermost/config/conf
echo
echononl "Set up 'SqlSettings'.."
if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then
if [[ "${DB_TYPE}" = "mysql" ]] ; then
if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then
_found=false
:> ${LOCK_DIR}/config.json
@ -796,12 +1048,59 @@ EOF
echo_ok
fi
else
else
echo_skipped
fi
else
if ! $(grep -q -E "^\s*\"DriverName\":\s+postgres" /opt/mattermost/config/config.json 2> "$log_file") ; then
_found=false
:> ${LOCK_DIR}/config.json
:> $log_file
while IFS='' read -r _line || [[ -n $_line ]] ; do
if $_found && echo "$_line" | grep -iq -E "^\s*\"DriverName\":" 2> /dev/null ; then
cat <<EOF >> ${LOCK_DIR}/config.json 2> "$log_file"
"DriverName": "postgres",
EOF
elif $_found && echo "$_line" | grep -iq -E "^\s*\"DataSource\":" 2> /dev/null ; then
cat <<EOF >> ${LOCK_DIR}/config.json 2> "$log_file"
"DataSource": "postgres://${DB_USER}:${DB_PASS}@localhost:5432/${DB_NAME}?sslmode=disable\\u0026connect_timeout=100s",
EOF
else
echo "$_line" >> ${LOCK_DIR}/config.json 2> "$log_file"
fi
if ! $_found && echo "$_line" | grep -iq -E "^\s*\"SqlSettings\"" 2> /dev/null ; then
_found=true
fi
if $_found && echo "$_line" | grep -iq -E "^\s*\}," 2> /dev/null ; then
_found=false
fi
done < "/opt/mattermost/config/config.json"
cp -a "${LOCK_DIR}/config.json" /opt/mattermost/config/config.json >> "$log_file" 2>&1
if [[ -s "$log_file" ]] ; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
echo_skipped
fi
:
fi
echononl "Set up 'ServiceSettings'.."
if ! $(grep -q -E "^\s*\"DriverName\":\s+mysql" /opt/mattermost/config/config.json 2> "$log_file") ; then
if ! $(grep -q -E "^\s*\"SiteURL\":\s+\"https://${FQHN_HOSTNAME}\"" /opt/mattermost/config/config.json 2> "$log_file") ; then
_found=false
:> ${LOCK_DIR}/config.json
@ -861,7 +1160,8 @@ echo -e "\033[37m\033[1mSetup Mattermost to use systemd for starting and stoppin
echo
echononl "Create a systemd unit file.."
cat <<EOF > /etc/systemd/system//mattermost.service 2>"$log_file"
if [[ "${DB_TYPE}" = "mysql" ]] ; then
cat <<EOF > /etc/systemd/system//mattermost.service 2>"$log_file"
[Unit]
Description=Mattermost
After=network.target
@ -872,6 +1172,7 @@ Requires=mysql.service
Type=notify
ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600
KillMode=mixed
Restart=always
RestartSec=10
WorkingDirectory=/opt/mattermost
@ -882,11 +1183,40 @@ LimitNOFILE=524288
[Install]
WantedBy=multi-user.target
EOF
if [[ -s "$log_file" ]] ; then
if [[ -s "$log_file" ]] ; then
echo_failed
error "$(cat "$log_file")"
else
else
echo_ok
fi
else
cat <<EOF > /etc/systemd/system//mattermost.service 2>"$log_file"
[Unit]
Description=Mattermost
After=network.target
[Service]
Type=notify
ExecStart=/opt/mattermost/bin/mattermost
TimeoutStartSec=3600
KillMode=mixed
Restart=always
RestartSec=10
WorkingDirectory=/opt/mattermost
User=mattermost
Group=mattermost
LimitNOFILE=49152
[Install]
WantedBy=multi-user.target
EOF
if [[ -s "$log_file" ]] ; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi
@ -964,6 +1294,8 @@ server {
server_name ${FQHN_HOSTNAME};
http2_push_preload on; # Enable HTTP/2 Server Push
# Include location directive for Let's Encrypt ACME Challenge
#
# Needed for (automated) updating certificate
@ -983,22 +1315,26 @@ server {
#
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Eable session resumption to improve https performance
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;
ssl_session_tickets off;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # omit SSLv3 because of POODLE
# omit SSLv3 because of POODLE
# omit TLSv1 TLSv1.1
# Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC).
ssl_protocols TLSv1.2 TLSv1.3;
# Enable TLSv1.3's 0-RTT. Use \$ssl_early_data when reverse proxying to
# prevent replay attacks.
#
# @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
ssl_early_data on;
# ECDHE better than DHE (faster) ECDHE & DHE GCM better than CBC (attacks on AES)
# Everything better than SHA1 (deprecated)
#
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# Eable session resumption to improve https performance
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 10m;
ssl_session_tickets off;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#
add_header Strict-Transport-Security max-age=15768000;
@ -1008,11 +1344,13 @@ server {
ssl_stapling on;
ssl_stapling_verify on;
location ~ /api/v[0-9]+/(users/)?websocket$ {
add_header X-Early-Data \$tls1_3_early_data;
location ~ /api/v[0-9]+/(users/)?websocket\$ {
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host \$http_host;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
@ -1020,18 +1358,19 @@ server {
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
send_timeout 300s;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_connect_timeout 90s;
proxy_send_timeout 300s;
proxy_read_timeout 90s;
proxy_http_version 1.1;
proxy_pass http://mm_backend;
}
location / {
client_max_body_size 50M;
client_max_body_size 100M;
proxy_set_header Connection "";
proxy_set_header Host \$http_host;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
@ -1049,6 +1388,14 @@ server {
}
}
# This block is useful for debugging TLS v1.3. Please feel free to remove this
# and use the '\$ssl_early_data' variable exposed by NGINX directly should you
# wish to do so.
map \$ssl_early_data \$tls1_3_early_data {
"~." \$ssl_early_data;
default "";
}
EOF
if [[ $? -ne 0 ]]; then
echo_failed
@ -1203,6 +1550,41 @@ EOF
fi
_key="DB_TYPE"
_val="$DB_TYPE"
echononl "Update Parameter '$_key'.."
if $(grep -q -E "^\s*$_key=\"?$_val\"?\s*$" "$conf_file" 2> /dev/null) ; then
echo_skipped
elif $(grep -q -E "^\s*$_key=" "$conf_file" 2> /dev/null) ; then
perl -i -n -p -e "s/^\s*$_key=.*/${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
elif $(grep -q -E "^\s*#\s*${_key}" "$conf_file" 2> /dev/null) ; then
perl -i -n -p -e "s/^(\s*\#\s*$_key=.*)/\1\n${_key}=\"${_val}\"/" "$conf_file" > "$log_file" 2>&1
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
else
cat <<EOF >> "$conf_file" 2> "$log_file"
${_key}=${_val}
EOF
if [[ $? -ne 0 ]]; then
echo_failed
error "$(cat "$log_file")"
else
echo_ok
fi
fi
_key="DB_NAME"
_val="$DB_NAME"
echononl "Update Parameter '$_key'.."