1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/discourse_ynh.git synced 2024-09-03 18:26:18 +02:00
discourse_ynh/scripts/upgrade
2021-04-15 02:35:10 +02:00

420 lines
16 KiB
Bash
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
unicorn_workers=$(ynh_app_setting_get --app=$app --key=unicorn_workers)
# Check memory requirements
check_memory_requirements_upgrade
#=================================================
# CHECK VERSION
#=================================================
ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
# If unicorn_workers doesn't exist, create it
if [ -z "$unicorn_workers" ]
then
# We assume for the moment that ARM devices are only dual core, so
# we restrict the number of workers to 2 (the default is 3)
if [ -n "$(uname -m | grep arm)" ]
then
unicorn_workers=2
else
unicorn_workers=3
fi
ynh_app_setting_set --app=$app --key=unicorn_workers --value=$unicorn_workers
fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# ENABLE MAINTENANCE MODE
#=================================================
ynh_script_progression --message="Enabling maintenance mode..."
ynh_maintenance_mode_ON
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action="stop" --log_path="$final_path/log/unicorn.stderr.log"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..."
# Specific actions on ARM architecture
if [ -n "$(uname -m | grep arm)" ] ; then
# Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM
# compatibility by pointing to a recent libv8 version
# This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261)
# that prevents it from being compiled on ARM hence no binary gem is available yet
cp ../sources/patches_arm/* ../sources/patches
fi
# Backup files to keep
tmpdir=$(mktemp -d)
cp -Rp $final_path/plugins $final_path/config/discourse.conf $tmpdir
if [ -d $final_path/public/uploads ] ; then
cp -Rp $final_path/public/uploads $tmpdir
fi
if [ -d $final_path/public/backups ] ; then
cp -Rp $final_path/public/backups $tmpdir
fi
if [ -d $final_path/log ] ; then
cp -Rp $final_path/log $tmpdir
fi
# Remove destination directory
ynh_secure_remove --file=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
# Restore previous files
if [ -d $tmpdir/uploads ] ; then
cp -Rp $tmpdir/uploads $final_path/public
fi
if [ -d $tmpdir/backups ] ; then
cp -Rp $tmpdir/backups $final_path/public
fi
if [ -d $tmpdir/log ] ; then
cp -Rp $tmpdir/log $final_path
fi
(
cd $tmpdir/plugins/
for discourse_plugin_dir in */
do
# Only copy plugins not included in Discourse archive
if [ ! -d "$final_path/plugins/$discourse_plugin_dir" ]
then
cp -a "$discourse_plugin_dir" "$final_path/plugins/$discourse_plugin_dir"
fi
done
)
cp -Rp $tmpdir/log $final_path
cp -p $tmpdir/discourse.conf $final_path/config
# Install LDAP plugin
ynh_secure_remove --file="$final_path/plugins/discourse-ldap-auth"
mkdir -p "$final_path/plugins/discourse-ldap-auth"
ynh_setup_source --dest_dir="$final_path/plugins/discourse-ldap-auth" --source_id=ldap-auth
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated NGINX config
ynh_add_nginx_config
# Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191
if [ "$path_url" != "/" ] ; then
ynh_replace_string --match_string='$proxy_add_x_forwarded_for' --replace_string='$http_your_original_ip_header' --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..."
ynh_install_app_dependencies $pkg_dependencies
ynh_install_ruby --ruby_version=$RUBY_VERSION
ynh_use_ruby
#=================================================
# SPECIFIC UPGRADE
#=================================================
# CONFIGURE DISCOURSE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Configuring Discourse..."
# Configure Discourse
discourse_config_file="$final_path/config/discourse.conf"
# Make a backup of the original config file if modified
ynh_backup_if_checksum_is_different --file="$discourse_config_file"
cp $final_path/config/discourse_defaults.conf $discourse_config_file
ynh_replace_string --match_string="db_name = discourse" --replace_string="db_name = $db_name" --target_file="$discourse_config_file"
ynh_replace_string --match_string="db_username = discourse" --replace_string="db_username = $db_name" --target_file="$discourse_config_file"
ynh_replace_string --match_string="db_password =" --replace_string="db_password = $db_pwd" --target_file="$discourse_config_file"
# Configure hostname
ynh_replace_string --match_string="hostname = \"www.example.com\"" --replace_string="hostname = \"$domain\"" --target_file="$discourse_config_file"
ynh_replace_string --match_string="relative_url_root =" --replace_string="relative_url_root = ${path_url%/}" --target_file="$discourse_config_file"
# Serve static assets (i.e. images, js, etc.)
ynh_replace_string --match_string="serve_static_assets = false" --replace_string="serve_static_assets = true" --target_file="$discourse_config_file"
# Don't show miniprofiler
ynh_replace_string --match_string="load_mini_profiler = true" --replace_string="load_mini_profiler = false" --target_file="$discourse_config_file"
# Configure e-mail server
admin_mail=$(ynh_user_get_info "$admin" mail)
ynh_replace_string --match_string="developer_emails =" --replace_string="developer_emails = $admin_mail" --target_file="$discourse_config_file"
ynh_replace_string --match_string="smtp_address =" --replace_string="smtp_address = localhost" --target_file="$discourse_config_file"
ynh_replace_string --match_string="smtp_domain =" --replace_string="smtp_domain = $domain" --target_file="$discourse_config_file"
ynh_replace_string --match_string="smtp_enable_start_tls = true" --replace_string="smtp_enable_start_tls = false" --target_file="$discourse_config_file"
# Configure redis
ynh_replace_string --match_string="redis_db = 0" --replace_string="redis_db = $redis_db" --target_file="$discourse_config_file"
# Don't notify on new versions (handled by the YunoHost package)
ynh_replace_string --match_string="new_version_emails = true" --replace_string="new_version_emails = false" --target_file="$discourse_config_file"
# Calculate and store the config file checksum
ynh_store_file_checksum --file="$discourse_config_file"
# Configure LDAP plugin
ldap_config_file="$final_path/plugins/discourse-ldap-auth/config/settings.yml"
# Make a backup of the original config file if modified
ynh_backup_if_checksum_is_different "$ldap_config_file"
ynh_replace_string --match_string="adfs.example.com" --replace_string="localhost" --target_file="$ldap_config_file"
ynh_replace_string --match_string="dc=example,dc=com" --replace_string="ou=users,dc=yunohost,dc=org" --target_file="$ldap_config_file"
ynh_replace_string --match_string="sAMAccountName" --replace_string="uid" --target_file="$ldap_config_file"
# Calculate and store the config file checksum
ynh_store_file_checksum --file="$ldap_config_file"
# Disable svgo worker
echo "svgo: false" > $final_path/.image_optim.yml
fi
#=================================================
# SETUP UNICORN, A RUBY SERVER
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Setting up Unicorn..."
unicorn_config_file="$final_path/config/unicorn.conf.rb"
# Make a backup of the original config file if modified
ynh_backup_if_checksum_is_different "$unicorn_config_file"
# Calculate and store the config file checksum
ynh_store_file_checksum --file="$unicorn_config_file"
secret="$(ynh_string_random)"
ynh_add_config --template="../conf/secrets.yml" --destination="$final_path/config/secrets.yml"
# Set permissions to app files
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
pushd "$final_path"
# Install bundler, a gems installer
ynh_gem install bundler
# Install without documentation
exec_as $app echo "gem: --no-ri --no-rdoc" >> "$final_path/.gemrc"
popd
# Specific actions on ARM architecture
if [ -n "$(uname -m | grep arm)" ] ; then
# Define the platform specifically to retrieve binaries
# for libv8 because it currently doesn't compile on ARM devices
exec_login_as $app bin/bundle config specific_platform arm-linux
fi
# Install dependencies
exec_login_as $app bin/bundle config set path 'vendor/bundle'
exec_login_as $app bin/bundle config set with 'development'
exec_login_as $app MAKEFLAGS=-j2 bin/bundle install --jobs 2
# On ARM architecture, replace bundled libpsl by system native libpsl
# because the provided binary isn't compatible
if [ -n "$(uname -m | grep arm)" ] ; then
(
cd $final_path/vendor/bundle/ruby/*/gems/mini_suffix-*/vendor
rm libpsl.so
ln -s $(ldconfig -p | grep libpsl | awk 'END {print $NF}') libpsl.so
)
fi
fi
#=================================================
# PREPARE THE DATABASE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Preparing the database..."
rake_exec="exec_login_as $app RAILS_ENV=production bin/rake"
ynh_exec_warn_less $rake_exec db:migrate
ynh_exec_warn_less $rake_exec assets:precompile
fi
#=================================================
# CONFIGURE PLUGINS
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Configuring plugins..."
# Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder
# (Can only do that now because we are patching dependencies which have just been downloaded)
# Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16
(
cd $final_path/plugins/discourse-ldap-auth/gems/${RUBY_VERSION}/gems/omniauth-ldap*/
patch -p1 < $YNH_CWD/../conf/ldap-auth-fix-subfolder.patch
)
fi
#=================================================
# SETUP SYSTEMD
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Configuring a systemd service..."
ynh_replace_string --match_string="__RBENV_ROOT__" --replace_string="$RBENV_ROOT" --target_file="../conf/systemd.service"
additional_env="UNICORN_WORKERS=$unicorn_workers"
ynh_replace_string --match_string="__ADDITIONAL_ENV__" --replace_string="$additional_env" --target_file="../conf/systemd.service"
ynh_replace_string --match_string="__LIBJEMALLOC__" --replace_string="$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')" --target_file="../conf/systemd.service"
ynh_add_systemd_config
fi
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
ynh_script_progression --message="Securing files and directories..."
# Add a pids and socket directory for the systemd script.
mkdir -p "$final_path/tmp/pids"
mkdir -p "$final_path/tmp/sockets"
# Create specific folders and links for subfolder compatibilityn
# (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507)
(
cd $final_path
mkdir -p "public/forum"
cd public/forum
if [ ! -L ./uploads ]; then
ln -s ../uploads
fi
if [ ! -L ./backups ]; then
ln -s ../backups
fi
)
# Set permissions to app files
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..."
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --logfile="$final_path/log/unicorn.stderr.log"
ynh_use_logrotate --logfile="$final_path/log/unicorn.stdout.log"
ynh_use_logrotate --logfile="$final_path/log/production.log"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --log "$final_path/log/unicorn.stderr.log" "$final_path/log/unicorn.stdout.log" "$final_path/log/production.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready"
#=================================================
# DISABLE MAINTENANCE MODE
#=================================================
ynh_script_progression --message="Disabling maintenance mode..."
ynh_maintenance_mode_OFF
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed"