Scripts for "sft.addo.io" migration

00_prepare.sh

## ON THE OLD SERVER:
# DB dump (PostgreSQL should be running):
sudo -u postgres pg_dump securetrans | bzip2 >securetrans.sql.bz2
# application and apache configuration backup
tar -C / -cjf ~/archive.tar.bz2 ./opt/sft_web ./etc/apache2 ~/
## archive static content:
tar -C /var -cjf ~/www.tar.bz2 ./www
## Keys:
sudo tar cjf ssh_keys.tar.bz2 /etc/ssl/certs/server.crt  /etc/ssl/private/server.key

### copy files the new server
## scp ... ...

01_install.sh

### Package installation:

# ** Installed OS Packages **************

sudo apt-get install -y postfix  ## (SMTP relay server for notifications)
sudo apt-get install -y apache2
sudo apt-get install -y libapache2-mod-wsgi ## (Apache WSGI server interface for cherrypy)
sudo apt-get install -y python-mako  ## (Python Template engine)
sudo apt-get install -y python-pip  ## Python package manager
sudo apt-get install -y python-dev  ## Necessarty for copiling some Python packages
sudo apt-get install -y libffi-dev
### sudo apt-get install -y libssl-devel
sudo apt-get install -y libssl-dev
sudo apt-get install -y zip         ## (used to zip downloads)
sudo apt-get install -y pwgen       ## (used to generate passwords)
sudo apt-get install -y python-cracklib    ## (used to check password strength)
sudo apt-get install -y python-psycopg2    ## (Python PostgreSQL client lib)
sudo apt-get install -y python-pycryptopp  ## (Python Crypto lib used by Paramiko SSH)
sudo apt-get install -y postgresql         ## (SQL database used by all transports for authentication and virtual users)
### sudo apt-get install -y postgresql-plperl-9.3   ## (plperl stored proc languge)
### sudo apt-get install -y postgresql-plpython-9.3 ## (plpython stored proc language)
######sudo apt-get install -y php
sudo apt-get install -y php5
sudo apt-get install -y python-magic  ## (used for magic byte checking of incoming files)
sudo apt-get install -y sysv-rc-conf  ## (interface for setting up daemon run levels)
sudo apt-get install -y proftpd
sudo apt-get install -y proftpd-mod-pgsql  ## (used to interface FTPS to the database to provide cross transport authentication and logging).

# *** Python libs installed via PIP ****************
sudo pip install -U 'requests[security]'
sudo pip install -U filemagic
sudo pip install -U cherrypy==3.2.6  ## (MUST BE VERSION 3.2.6)
sudo pip install -U paramiko         ## (Python SSH/SFTP server lib)
sudo pip install pyamf  ## (Remote procedure protocol used for optional popup notification server)

02_setup.sh

#######################################################################################
# ON THE TARGET (NEW SERVER):

sudo addgroup sft_admin www-data
sudo addgroup postgres www-data
sudo addgroup sft_user www-data


## install the app (from the archive):
sudo tar -C / -xf archive.tar.bz2 ./opt
# recover static content:
sudo tar -C /var -xf www.tar.bz2

## restored DB:
bzip2 -d -c securetrans.sql.bz2 | sudo -u postgres psql
sudo -u postgres psql -c "ALTER ROLE postgres PASSWORD 'phie6Phe';"


## Set-up Apache2 configuration:

## Activate Apache2 SSL module
sudo a2enmod ssl
sudo a2ensite default-ssl 

### Edit the site configuration file:
SITE=/etc/apache2/sites-enabled/default-ssl.conf
sudo sed -i 's/ssl-cert-snakeoil.pem/server.crt/g' $SITE
sudo sed -i 's/ssl-cert-snakeoil.key/server.key/g' $SITE

## Add alias if it hasn't beed added yet
grep -q sft2 $SITE || sudo ed $SITE << 'EOF'
g/VirtualHost/
-
a
                WSGIScriptAlias /sft2 /opt/sft_web/sft.py
                <Directory /opt/sft_web>
                        WSGIApplicationGroup %{GLOBAL}
                        <Files wsgi.py>
                                Require all granted
                        </Files>                                                                
                </Directory>
.
w
EOF

grep -q 'DocumentRoot /var/www/html' $SITE && sudo ed $SITE << 'EOF'
/DocumentRoot/d
a
                        DocumentRoot /var/www
                        <Directory />
                                        Options FollowSymLinks
                                        AllowOverride None
                        </Directory>
                        <Directory /var/www/>
                                        Options FollowSymLinks MultiViews
                                        AllowOverride all
                                        Order allow,deny
                                        allow from all
                        </Directory>

                        <Directory /usr/share/apache2/icons/>
                                        deny from all
                        </Directory>

                        ScriptAlias /cgi-bin/ /var/www/cgi-bin/
                        <Directory "/var/www/cgi-bin">
                                        AllowOverride None
                                        Options None
                                        Order allow,deny
                                        Allow from all
                        </Directory>
.
w
EOF


## Set up keys:
sudo mkdir -p /etc/apache2/ssl
#### Self-signed:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
        -keyout /etc/ssl/private/server.key \
        -subj "/C=US/ST=Indianapolis/OU=Domain Control Validated/O=Dis/CN=sft.addo.io" \
        -out  /etc/ssl/certs/server.crt

#### OR Migrated from the production: 
# copy server.crt to /etc/ssl/certs/ and server.key to /etc/ssl/private/ from keys.tar.bz2

## Verify the certificat:
openssl x509 -in /etc/apache2/ssl/server.crt  -text

## Restart Apache2 to enable the configuration:
sudo service apache2 restart