1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
synapse_ynh/scripts/upgrade
2018-07-28 23:57:36 +02:00

299 lines
11 KiB
Bash

#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
# Stop script if errors
ynh_abort_if_errors
# Import common cmd
source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_old_version=$(ynh_app_setting_get $app synapse_version)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
cli_port=$(ynh_app_setting_get $app cli_port)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
# Following the discussion here https://github.com/YunoHost-Apps/synapse_ynh/pull/51 we decided to remove definitely the support of the old package migration.
if [[ -z $synapse_old_version ]]
then
ynh_die "Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
fi
#=================================================
# BACKUP BEFORE UPGRADE
#=================================================
# We stop the service before to set ynh_clean_setup
systemctl stop matrix-$app.service
# Backup the current version of the app
if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]]
then
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_restore_upgradebackup
}
fi
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Install/upgrade synapse in virtualenv
# WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source $final_path/ "armv7_$(lsb_release --codename --short)"
else
# Install virtualenv if it don't exist
test -e $final_path/bin || virtualenv -p python2.7 $final_path
# Install synapse in virtualenv
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
# We set all necessary environement variable to create a python virtualenvironnement.
source $final_path/bin/activate
pip install --upgrade setuptools
pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
# Download and check the checksum for the synapse source
src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
wget -nv -O synapse_source.tar.gz "$src_url"
echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \
|| ynh_die "Corrupt source"
pip install --upgrade synapse_source.tar.gz
# Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
pip uninstall -y msgpack-python msgpack; \
pip install msgpack-python)
# This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate"
deactivate
fi
#=================================================
# UPDATE SYNAPSE CONFIG
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
cp ../conf/homeserver.yaml "$homeserver_config_path"
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __APP__ $app "$homeserver_config_path"
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path"
ynh_replace_string __PORT__ $port "$homeserver_config_path"
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path"
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path"
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml"
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path"
else
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path"
fi
ynh_store_file_checksum "$homeserver_config_path"
ynh_store_file_checksum "/etc/matrix-$app/log.yaml"
#=================================================
# MIGRATION 1 : MULTINSTANCE SUPPORT
#=================================================
if [[ ! -e /etc/matrix-$app/coturn.conf ]]
then
#=================================================
# CREATE AN INDEPENDANT SERVICE FOR COTURN
#=================================================
# Disable default config for turnserver and create a new service
systemctl stop coturn.service
# Set by default the system config for coturn
echo "" > /etc/turnserver.conf
ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn
# Set a port for each service in turnserver
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
#=================================================
# MAKE A CLEAN LOGROTATE CONFIG
#=================================================
ynh_use_logrotate /var/log/matrix-$app --non-append
fi
#=================================================
# MIGRATION 2 : USE STANDARD ACCESS FOR CERTIFCATE
# AND USE INDEPENDANT DH FILE
#=================================================
# Fix issue about certificates access
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]]
then
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
fi
# In the old synapse instance we stored the dh.pem in /etc/yunohost/certs/DOMAIN.TLD/ but it was problematics with lets'encrypt witch made a link to the key. While the letsencrypt key was changed the dh.pem file was lost. So we decided to move to /etc/matrix-synapse/ witch is a directory witch is not managed by any other component.
# Here we check if the dh.pem file is already moved. If not we try to copy the file from the old place. If the file in the old place was already removed (by letsencrypt) we create a new one.
test -e /etc/matrix-$app/dh.pem || \
cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \
openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_add_nginx_config
#=================================================
# UPDATE COTURN CONFIG
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
coturn_config_path="/etc/matrix-$app/coturn.conf"
cp ../conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
then
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
else
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
fi
if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6"
then
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
else
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
fi
ynh_store_file_checksum "$coturn_config_path"
#=================================================
# ADD SCRIPT FOR COTURN CRON
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
cp ../sources/Coturn_config_rotate.sh $final_path/
ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh"
#=================================================
# UPDATE SYSTEMD
#=================================================
# Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
ynh_add_systemd_config matrix-$app matrix-synapse.service
cp ../conf/default_coturn /etc/default/coturn-$app
ynh_add_systemd_config coturn-$app coturn-synapse.service
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE
# For any update do it in all files
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# UPDATE VERSION SETTINGS
#=================================================
ynh_app_setting_set $app synapse_version $upstream_version
#=================================================
# RELOAD SERVICES
#=================================================
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"