Skip to content

Instantly share code, notes, and snippets.

@kehh

kehh/install-ca.sh

Forked from anonymous/install-ca.sh
Last active May 14, 2018 19:48
Show Gist options
  • Save kehh/ebf950dfc8b2a9a7181562d438a7a405 to your computer and use it in GitHub Desktop.
Save kehh/ebf950dfc8b2a9a7181562d438a7a405 to your computer and use it in GitHub Desktop.
Download ZIP
Install CollectiveAccess
Raw
install-ca.sh
#!/bin/bash
REGION="ap-southeast-2"
EFS="fs-a75dbd9e.efs.$REGION.amazonaws.com"
CMIS_ENV=cmis-uat
# Adapted from https://github.com/collectiveaccess/providence/blob/develop/Vagrantfile
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
exit
fi
set -e
set -u
apt update
apt dist-upgrade -q -y -o Dpkg::Options::=--force-confold
apt -q -y -o Dpkg::Options::=--force-confold install apache2
apt -q -y -o Dpkg::Options::=--force-confold install php php-fpm php-cli libapache2-mod-fastcgi
apt -q -y -o Dpkg::Options::=--force-confold install mysql-client
apt -q -y -o Dpkg::Options::=--force-confold install php-curl php-mysqlnd php-json php-gd php-imap php-mcrypt php-redis php-ldap php-intl php-zip
apt -q -y -o Dpkg::Options::=--force-confold install htop screen vim apachetop vnstat git
apt -q -y -o Dpkg::Options::=--force-confold install ffmpeg graphicsmagick python-pdfminer
apt -q -y -o Dpkg::Options::=--force-confold install ghostscript dcraw xpdf mediainfo exiftool phantomjs
apt -q -y -o Dpkg::Options::=--force-confold install php-dev php-pear libgraphicsmagick1-dev libreoffice abiword
apt -q -y -o Dpkg::Options::=--force-confold install nfs-common
apt -q -y -o Dpkg::Options::=--force-confold install awscli
apt -q -y -o Dpkg::Options::=--force-confold install mydumper
apt -q -y autoremove
yes |pecl -D with-gmagick=autodetect install -s channel://pecl.php.net/gmagick-2.0.4RC1 || echo "gmagick already installed"
cat << EOF > /etc/php/7.0/mods-available/gmagick.ini
extension=gmagick.so
EOF
ln -sf /etc/php/7.0/mods-available/gmagick.ini /etc/php/7.0/fpm/conf.d/20-gmagick.ini
ln -sf /etc/php/7.0/mods-available/gmagick.ini /etc/php/7.0/cli/conf.d/20-gmagick.ini
mkdir -p /data
if grep xvdb /etc/fstab;then
echo "mountpoint exists"
else
mkfs -t ext4 /dev/xvdb
echo "/dev/xvdb /data ext4 defaults,nofail 0 2" >> /etc/fstab
mount -a
fi
groupadd -f deploy
useradd --base-dir /data --groups www-data,deploy --create-home --skel /etc/skel --system --shell /bin/bash cmis || echo "User already exists"
INSTANCE_ID=`curl http://instance-data.$REGION.compute.internal/latest/meta-data/instance-id`
mkdir -p /data/cmis/collectiveaccess/media
chown cmis:cmis /data/cmis/collectiveaccess/media
if grep colletiveaccess /etc/fstab;then
echo "media mountpoint exists"
else
echo "${EFS}:/ /data/cmis/collectiveaccess/media nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0" >> /etc/fstab
mount -a
fi
aws s3 sync s3://$CMIS_ENV.museum.wa.gov.au/sites-available/ /etc/apache2/sites-available/
aws s3 cp s3://${CMIS_ENV}.museum.wa.gov.au/ssl/intermediate.crt /etc/ssl/certs/intermediate.crt
aws s3 cp s3://${CMIS_ENV}.museum.wa.gov.au/ssl/public.crt /etc/ssl/certs/public.crt
aws s3 cp s3://${CMIS_ENV}.museum.wa.gov.au/ssl/privatekey.key /etc/ssl/private/privatekey.key
chmod 400 /etc/ssl/private/privatekey.key
a2enconf php7.0-fpm
service apache2 reload
systemctl enable apache2.service
systemctl enable php7.0-fpm.service
sed -i "s@user = www-data@user = cmis@g" /etc/php/7.0/fpm/pool.d/www.conf
sed -i "s@group = www-data@group = cmis@g" /etc/php/7.0/fpm/pool.d/www.conf
sed -i "s/upload_max_filesize = .*/upload_max_filesize = 512M/" /etc/php/7.0/fpm/php.ini
sed -i "s/post_max_size = .*/post_max_size = 512M/" /etc/php/7.0/fpm/php.ini
a2enmod ssl actions fastcgi alias proxy proxy_fcgi headers rewrite
pushd ~cmis
mkdir -p ~cmis/.ssh
chmod 700 ~cmis/.ssh
chmod 600 ~cmis/.ssh/*
sudo -i -u cmis aws s3 sync s3://$CMIS_ENV.museum.wa.gov.au/.ssh ~cmis/.ssh
chmod -R -g-o ~cmis/.ssh
mkdir -p /data/github
chown cmis:cmis /data/github
sudo -i -u cmis git clone [email protected]:wamuseum/cmis-tools.git
pushd cmis-tools
if [ -f /data/github/inited ]; then
echo 'CMIS INIT already run'
else
sudo -i -u cmis bin/init-wamcmis
touch /data/github/inited
fi
# clean out temporary clone
rm -rf ~cmis/cmis-tools
if grep COLLECTIVEACCESS_HOME ~cmis/.bashrc;then
echo "PATH and COLLECTIVEACCESS_HOME defined"
else
echo 'export COLLECTIVEACCESS_HOME=$HOME/collectiveaccess/providence/current' >> ~cmis/.bashrc
echo 'export PATH="/data/github/cmis-tools/bin:$COLLECTIVEACCESS_HOME/support/bin:$PATH"' >> ~cmis/.bashrc
fi
if grep deploy /etc/sudoers;then
echo "deploy user can restart services"
else
echo '%deploy ALL = NOPASSWD: /usr/sbin/service' >> /etc/sudoers
fi
popd
popd
sudo -i -u cmis git config --global user.email "[email protected]"
sudo -i -u cmis git config --global user.name "CMIS UAT"
sudo -i -u cmis /data/github/cmis-tools/bin/deploy-wamcmis
sudo -i -u cmis aws s3 cp s3://$CMIS_ENV.museum.wa.gov.au/setup.php ~cmis/collectiveaccess/providence/current/
a2ensite cmis
systemctl restart apache2.service
systemctl restart php7.0-fpm.service
sudo -i -u cmis aws s3 cp s3://$CMIS_ENV.museum.wa.gov.au/loadData.sh ~cmis/
#sed -i "s@define(\"__CA_DB_HOST__\", 'localhost');@define(\"__CA_DB_HOST__\", \'$DB_HOST\');@g" /srv/cmis/properties/env.php
#sed -i "s@define(\"__CA_DB_USER__\", 'my_database_user');@define(\"__CA_DB_USER__\", \'$DB_USERNAME\');@g" /srv/cmis/properties/env.php
#sed -i "s@define(\"__CA_DB_PASSWORD__\", 'my_database_password');@define(\"__CA_DB_PASSWORD__\", \'$DB_PASSWORD\');@g" /srv/cmis/properties/env.php
#sed -i "s@define(\"__CA_DB_DATABASE__\", 'name_of_my_database');@define(\"__CA_DB_DATABASE__\", \'$DB_NAME\');@g" /srv/cmis/properties/env.php
#sed -i "s@define(\"__CA_APP_DISPLAY_NAME__\", \"CSIRO Collections Management Service (ENVIRONMENT)\");@define(\"__CA_APP_DISPLAY_NAME__\", \"CSIRO Collections Management Service$SERVER_ENV_NAME\");@g" /srv/cmis/properties/env.php
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment