fix formatting
This commit is contained in:
wh1te909
parent
c53657d693
commit
47d9e1b966
102
backup.sh
102
backup.sh
|
|
@ -11,18 +11,18 @@ NC='\033[0m'
|
|||
THIS_SCRIPT=$(readlink -f "$0")
|
||||
|
||||
TMP_FILE=$(mktemp -p "" "rmmbackup_XXXXXXXXXX")
|
||||
curl -s -L "${SCRIPT_URL}" > ${TMP_FILE}
|
||||
curl -s -L "${SCRIPT_URL}" >${TMP_FILE}
|
||||
NEW_VER=$(grep "^SCRIPT_VERSION" "$TMP_FILE" | awk -F'[="]' '{print $3}')
|
||||
|
||||
if [ "${SCRIPT_VERSION}" -ne "${NEW_VER}" ]; then
|
||||
printf >&2 "${YELLOW}Old backup script detected, downloading and replacing with the latest version...${NC}\n"
|
||||
wget -q "${SCRIPT_URL}" -O /tmp/backup.sh
|
||||
if grep -q SCRIPT_VERSION "/tmp/backup.sh"; then
|
||||
mv /tmp/backup.sh $THIS_SCRIPT
|
||||
mv /tmp/backup.sh $THIS_SCRIPT
|
||||
else
|
||||
printf >&2 "${RED} File Seems to be Corrupt, Please Run this script again.${NC}\n"
|
||||
rm /tmp/backup.sh
|
||||
exit
|
||||
printf >&2 "${RED} File Seems to be Corrupt, Please Run this script again.${NC}\n"
|
||||
rm /tmp/backup.sh
|
||||
exit
|
||||
fi
|
||||
exec ${THIS_SCRIPT}
|
||||
fi
|
||||
|
|
@ -30,14 +30,17 @@ fi
|
|||
rm -f $TMP_FILE
|
||||
|
||||
if [[ $* == *--schedule* ]]; then
|
||||
(crontab -l 2>/dev/null; echo "0 0 * * * /rmm/backup.sh --auto") | crontab -
|
||||
printf >&2 "${GREEN}Backups setup to run at midnight and rotate.${NC}\n"
|
||||
exit
|
||||
(
|
||||
crontab -l 2>/dev/null
|
||||
echo "0 0 * * * /rmm/backup.sh --auto"
|
||||
) | crontab -
|
||||
printf >&2 "${GREEN}Backups setup to run at midnight and rotate.${NC}\n"
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ $EUID -eq 0 ]; then
|
||||
echo -ne "\033[0;31mDo NOT run this script as root. Exiting.\e[0m\n"
|
||||
exit 1
|
||||
echo -ne "\033[0;31mDo NOT run this script as root. Exiting.\e[0m\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -d /rmmbackups ]; then
|
||||
|
|
@ -68,20 +71,19 @@ mkdir ${tmp_dir}/confd
|
|||
POSTGRES_USER=$(/rmm/api/env/bin/python /rmm/api/tacticalrmm/manage.py get_config dbuser)
|
||||
POSTGRES_PW=$(/rmm/api/env/bin/python /rmm/api/tacticalrmm/manage.py get_config dbpw)
|
||||
|
||||
pg_dump --dbname=postgresql://"${POSTGRES_USER}":"${POSTGRES_PW}"@127.0.0.1:5432/tacticalrmm | gzip -9 > ${tmp_dir}/postgres/db-${dt_now}.psql.gz
|
||||
pg_dump --dbname=postgresql://"${POSTGRES_USER}":"${POSTGRES_PW}"@127.0.0.1:5432/tacticalrmm | gzip -9 >${tmp_dir}/postgres/db-${dt_now}.psql.gz
|
||||
|
||||
tar -czvf ${tmp_dir}/meshcentral/mesh.tar.gz --exclude=/meshcentral/node_modules /meshcentral
|
||||
|
||||
if grep -q postgres "/meshcentral/meshcentral-data/config.json"; then
|
||||
if ! which jq >/dev/null
|
||||
then
|
||||
sudo apt-get install -y jq > null
|
||||
fi
|
||||
MESH_POSTGRES_USER=$(jq '.settings.postgres.user' /meshcentral/meshcentral-data/config.json -r)
|
||||
MESH_POSTGRES_PW=$(jq '.settings.postgres.password' /meshcentral/meshcentral-data/config.json -r)
|
||||
pg_dump --dbname=postgresql://"${MESH_POSTGRES_USER}":"${MESH_POSTGRES_PW}"@127.0.0.1:5432/meshcentral | gzip -9 > ${tmp_dir}/postgres/mesh-db-${dt_now}.psql.gz
|
||||
if ! which jq >/dev/null; then
|
||||
sudo apt-get install -y jq >null
|
||||
fi
|
||||
MESH_POSTGRES_USER=$(jq '.settings.postgres.user' /meshcentral/meshcentral-data/config.json -r)
|
||||
MESH_POSTGRES_PW=$(jq '.settings.postgres.password' /meshcentral/meshcentral-data/config.json -r)
|
||||
pg_dump --dbname=postgresql://"${MESH_POSTGRES_USER}":"${MESH_POSTGRES_PW}"@127.0.0.1:5432/meshcentral | gzip -9 >${tmp_dir}/postgres/mesh-db-${dt_now}.psql.gz
|
||||
else
|
||||
mongodump --gzip --out=${tmp_dir}/meshcentral/mongo
|
||||
mongodump --gzip --out=${tmp_dir}/meshcentral/mongo
|
||||
fi
|
||||
|
||||
sudo tar -czvf ${tmp_dir}/certs/etc-letsencrypt.tar.gz -C /etc/letsencrypt .
|
||||
|
|
@ -94,49 +96,49 @@ sudo tar -czvf ${tmp_dir}/confd/etc-confd.tar.gz -C /etc/conf.d .
|
|||
|
||||
sudo cp ${sysd}/rmm.service ${sysd}/celery.service ${sysd}/celerybeat.service ${sysd}/meshcentral.service ${sysd}/nats.service ${sysd}/daphne.service ${sysd}/nats-api.service ${tmp_dir}/systemd/
|
||||
|
||||
cat /rmm/api/tacticalrmm/tacticalrmm/private/log/django_debug.log | gzip -9 > ${tmp_dir}/rmm/debug.log.gz
|
||||
cat /rmm/api/tacticalrmm/tacticalrmm/private/log/django_debug.log | gzip -9 >${tmp_dir}/rmm/debug.log.gz
|
||||
cp /rmm/api/tacticalrmm/tacticalrmm/local_settings.py ${tmp_dir}/rmm/
|
||||
|
||||
if [[ $* == *--auto* ]]; then
|
||||
|
||||
if [ ! -d /rmmbackups/daily ]; then
|
||||
sudo mkdir /rmmbackups/daily
|
||||
sudo chown ${USER}:${USER} /rmmbackups/daily
|
||||
fi
|
||||
if [ ! -d /rmmbackups/daily ]; then
|
||||
sudo mkdir /rmmbackups/daily
|
||||
sudo chown ${USER}:${USER} /rmmbackups/daily
|
||||
fi
|
||||
|
||||
if [ ! -d /rmmbackups/weekly ]; then
|
||||
sudo mkdir /rmmbackups/weekly
|
||||
sudo chown ${USER}:${USER} /rmmbackups/weekly
|
||||
fi
|
||||
if [ ! -d /rmmbackups/weekly ]; then
|
||||
sudo mkdir /rmmbackups/weekly
|
||||
sudo chown ${USER}:${USER} /rmmbackups/weekly
|
||||
fi
|
||||
|
||||
if [ ! -d /rmmbackups/monthly ]; then
|
||||
sudo mkdir /rmmbackups/monthly
|
||||
sudo chown ${USER}:${USER} /rmmbackups/monthly
|
||||
fi
|
||||
if [ ! -d /rmmbackups/monthly ]; then
|
||||
sudo mkdir /rmmbackups/monthly
|
||||
sudo chown ${USER}:${USER} /rmmbackups/monthly
|
||||
fi
|
||||
|
||||
month_day=`date +"%d"`
|
||||
week_day=`date +"%u"`
|
||||
month_day=$(date +"%d")
|
||||
week_day=$(date +"%u")
|
||||
|
||||
if [ "$month_day" -eq 10 ] ; then
|
||||
tar -cf /rmmbackups/monthly/rmm-backup-${dt_now}.tar -C ${tmp_dir} .
|
||||
else
|
||||
if [ "$week_day" -eq 5 ] ; then
|
||||
tar -cf /rmmbackups/weekly/rmm-backup-${dt_now}.tar -C ${tmp_dir} .
|
||||
else
|
||||
tar -cf /rmmbackups/daily/rmm-backup-${dt_now}.tar -C ${tmp_dir} .
|
||||
fi
|
||||
fi
|
||||
if [ "$month_day" -eq 10 ]; then
|
||||
tar -cf /rmmbackups/monthly/rmm-backup-${dt_now}.tar -C ${tmp_dir} .
|
||||
else
|
||||
if [ "$week_day" -eq 5 ]; then
|
||||
tar -cf /rmmbackups/weekly/rmm-backup-${dt_now}.tar -C ${tmp_dir} .
|
||||
else
|
||||
tar -cf /rmmbackups/daily/rmm-backup-${dt_now}.tar -C ${tmp_dir} .
|
||||
fi
|
||||
fi
|
||||
|
||||
rm -rf ${tmp_dir}
|
||||
rm -rf ${tmp_dir}
|
||||
|
||||
find /rmmbackups/daily/ -maxdepth 1 -mtime +14 -type d -exec rm -rv {} \;
|
||||
find /rmmbackups/weekly/ -maxdepth 1 -mtime +60 -type d -exec rm -rv {} \;
|
||||
find /rmmbackups/monthly/ -maxdepth 1 -mtime +380 -type d -exec rm -rv {} \;
|
||||
echo -ne "${GREEN}Backup Completed${NC}\n"
|
||||
exit
|
||||
find /rmmbackups/daily/ -maxdepth 1 -mtime +14 -type d -exec rm -rv {} \;
|
||||
find /rmmbackups/weekly/ -maxdepth 1 -mtime +60 -type d -exec rm -rv {} \;
|
||||
find /rmmbackups/monthly/ -maxdepth 1 -mtime +380 -type d -exec rm -rv {} \;
|
||||
echo -ne "${GREEN}Backup Completed${NC}\n"
|
||||
exit
|
||||
|
||||
else
|
||||
tar -cf /rmmbackups/rmm-backup-${dt_now}.tar -C ${tmp_dir} .
|
||||
|
||||
echo -ne "${GREEN}Backup saved to /rmmbackups/rmm-backup-${dt_now}.tar${NC}\n"
|
||||
echo -ne "${GREEN}Backup saved to /rmmbackups/rmm-backup-${dt_now}.tar${NC}\n"
|
||||
fi
|
||||
|
|
|
|||
181
install.sh
181
install.sh
|
|
@ -16,15 +16,15 @@ PYTHON_VER='3.11.2'
|
|||
SETTINGS_FILE='/rmm/api/tacticalrmm/tacticalrmm/settings.py'
|
||||
|
||||
TMP_FILE=$(mktemp -p "" "rmminstall_XXXXXXXXXX")
|
||||
curl -s -L "${SCRIPT_URL}" > ${TMP_FILE}
|
||||
curl -s -L "${SCRIPT_URL}" >${TMP_FILE}
|
||||
NEW_VER=$(grep "^SCRIPT_VERSION" "$TMP_FILE" | awk -F'[="]' '{print $3}')
|
||||
|
||||
if [ "${SCRIPT_VERSION}" -ne "${NEW_VER}" ]; then
|
||||
printf >&2 "${YELLOW}Old install script detected, downloading and replacing with the latest version...${NC}\n"
|
||||
wget -q "${SCRIPT_URL}" -O install.sh
|
||||
printf >&2 "${YELLOW}Script updated! Please re-run ./install.sh${NC}\n"
|
||||
rm -f $TMP_FILE
|
||||
exit 1
|
||||
printf >&2 "${YELLOW}Old install script detected, downloading and replacing with the latest version...${NC}\n"
|
||||
wget -q "${SCRIPT_URL}" -O install.sh
|
||||
printf >&2 "${YELLOW}Script updated! Please re-run ./install.sh${NC}\n"
|
||||
rm -f $TMP_FILE
|
||||
exit 1
|
||||
fi
|
||||
|
||||
rm -f $TMP_FILE
|
||||
|
|
@ -37,12 +37,13 @@ fi
|
|||
|
||||
memTotal=$(grep -i memtotal /proc/meminfo | awk '{print $2}')
|
||||
if [[ $memTotal -lt 3627528 ]]; then
|
||||
echo -ne "${RED}ERROR: A minimum of 4GB of RAM is required.${NC}\n"
|
||||
exit 1
|
||||
echo -ne "${RED}ERROR: A minimum of 4GB of RAM is required.${NC}\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
osname=$(lsb_release -si); osname=${osname^}
|
||||
osname=$(echo "$osname" | tr '[A-Z]' '[a-z]')
|
||||
osname=$(lsb_release -si)
|
||||
osname=${osname^}
|
||||
osname=$(echo "$osname" | tr '[A-Z]' '[a-z]')
|
||||
fullrel=$(lsb_release -sd)
|
||||
codename=$(lsb_release -sc)
|
||||
relno=$(lsb_release -sr | cut -d. -f1)
|
||||
|
|
@ -54,15 +55,14 @@ if [ ! "$osname" = "ubuntu" ] && [ ! "$osname" = "debian" ]; then
|
|||
osname=${osname^}
|
||||
fi
|
||||
|
||||
|
||||
# determine system
|
||||
if ([ "$osname" = "ubuntu" ] && [ "$fullrelno" = "20.04" ]) || ([ "$osname" = "debian" ] && [ $relno -ge 10 ]); then
|
||||
echo $fullrel
|
||||
else
|
||||
echo $fullrel
|
||||
echo -ne "${RED}Supported versions: Ubuntu 20.04, Debian 10 and 11\n"
|
||||
echo -ne "Your system does not appear to be supported${NC}\n"
|
||||
exit 1
|
||||
echo $fullrel
|
||||
echo -ne "${RED}Supported versions: Ubuntu 20.04, Debian 10 and 11\n"
|
||||
echo -ne "Your system does not appear to be supported${NC}\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ $EUID -eq 0 ]; then
|
||||
|
|
@ -89,7 +89,6 @@ fi
|
|||
|
||||
postgresql_repo="deb [arch=amd64] https://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main"
|
||||
|
||||
|
||||
# prevents logging issues with some VPS providers like Vultr if this is a freshly provisioned instance that hasn't been rebooted yet
|
||||
sudo systemctl restart systemd-journald.service
|
||||
|
||||
|
|
@ -114,31 +113,27 @@ print_green() {
|
|||
|
||||
cls
|
||||
|
||||
while [[ $rmmdomain != *[.]*[.]* ]]
|
||||
do
|
||||
echo -ne "${YELLOW}Enter the subdomain for the backend (e.g. api.example.com)${NC}: "
|
||||
read rmmdomain
|
||||
while [[ $rmmdomain != *[.]*[.]* ]]; do
|
||||
echo -ne "${YELLOW}Enter the subdomain for the backend (e.g. api.example.com)${NC}: "
|
||||
read rmmdomain
|
||||
done
|
||||
|
||||
while [[ $frontenddomain != *[.]*[.]* ]]
|
||||
do
|
||||
echo -ne "${YELLOW}Enter the subdomain for the frontend (e.g. rmm.example.com)${NC}: "
|
||||
read frontenddomain
|
||||
while [[ $frontenddomain != *[.]*[.]* ]]; do
|
||||
echo -ne "${YELLOW}Enter the subdomain for the frontend (e.g. rmm.example.com)${NC}: "
|
||||
read frontenddomain
|
||||
done
|
||||
|
||||
while [[ $meshdomain != *[.]*[.]* ]]
|
||||
do
|
||||
echo -ne "${YELLOW}Enter the subdomain for meshcentral (e.g. mesh.example.com)${NC}: "
|
||||
read meshdomain
|
||||
while [[ $meshdomain != *[.]*[.]* ]]; do
|
||||
echo -ne "${YELLOW}Enter the subdomain for meshcentral (e.g. mesh.example.com)${NC}: "
|
||||
read meshdomain
|
||||
done
|
||||
|
||||
echo -ne "${YELLOW}Enter the root domain (e.g. example.com or example.co.uk)${NC}: "
|
||||
read rootdomain
|
||||
|
||||
while [[ $letsemail != *[@]*[.]* ]]
|
||||
do
|
||||
echo -ne "${YELLOW}Enter a valid email address for django and meshcentral${NC}: "
|
||||
read letsemail
|
||||
while [[ $letsemail != *[@]*[.]* ]]; do
|
||||
echo -ne "${YELLOW}Enter a valid email address for django and meshcentral${NC}: "
|
||||
read letsemail
|
||||
done
|
||||
|
||||
# if server is behind NAT we need to add the 3 subdomains to the host file
|
||||
|
|
@ -154,14 +149,14 @@ if ! [[ $CHECK_HOSTS ]]; then
|
|||
if [[ $HAS_11 ]]; then
|
||||
sudo sed -i "/127.0.1.1/s/$/ ${rmmdomain} ${frontenddomain} ${meshdomain}/" /etc/hosts
|
||||
else
|
||||
echo "127.0.1.1 ${rmmdomain} ${frontenddomain} ${meshdomain}" | sudo tee --append /etc/hosts > /dev/null
|
||||
echo "127.0.1.1 ${rmmdomain} ${frontenddomain} ${meshdomain}" | sudo tee --append /etc/hosts >/dev/null
|
||||
fi
|
||||
fi
|
||||
|
||||
BEHIND_NAT=false
|
||||
IPV4=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | head -1)
|
||||
if echo "$IPV4" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then
|
||||
BEHIND_NAT=true
|
||||
BEHIND_NAT=true
|
||||
fi
|
||||
|
||||
sudo apt install -y software-properties-common
|
||||
|
|
@ -171,9 +166,8 @@ sudo apt install -y certbot openssl
|
|||
print_green 'Getting wildcard cert'
|
||||
|
||||
sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --preferred-challenges dns -m ${letsemail} --no-eff-email
|
||||
while [[ $? -ne 0 ]]
|
||||
do
|
||||
sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --preferred-challenges dns -m ${letsemail} --no-eff-email
|
||||
while [[ $? -ne 0 ]]; do
|
||||
sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --preferred-challenges dns -m ${letsemail} --no-eff-email
|
||||
done
|
||||
|
||||
CERT_PRIV_KEY=/etc/letsencrypt/live/${rootdomain}/privkey.pem
|
||||
|
|
@ -185,12 +179,13 @@ print_green 'Installing Nginx'
|
|||
|
||||
wget -qO - https://nginx.org/packages/keys/nginx_signing.key | sudo apt-key add -
|
||||
|
||||
nginxrepo="$(cat << EOF
|
||||
nginxrepo="$(
|
||||
cat <<EOF
|
||||
deb https://nginx.org/packages/$osname/ $codename nginx
|
||||
deb-src https://nginx.org/packages/$osname/ $codename nginx
|
||||
EOF
|
||||
)"
|
||||
echo "${nginxrepo}" | sudo tee /etc/apt/sources.list.d/nginx.list > /dev/null
|
||||
echo "${nginxrepo}" | sudo tee /etc/apt/sources.list.d/nginx.list >/dev/null
|
||||
|
||||
sudo apt update
|
||||
sudo apt install -y nginx
|
||||
|
|
@ -198,7 +193,8 @@ sudo systemctl stop nginx
|
|||
|
||||
nginxdefaultconf='/etc/nginx/nginx.conf'
|
||||
|
||||
nginxconf="$(cat << EOF
|
||||
nginxconf="$(
|
||||
cat <<EOF
|
||||
worker_rlimit_nofile 1000000;
|
||||
user www-data;
|
||||
worker_processes auto;
|
||||
|
|
@ -226,11 +222,10 @@ http {
|
|||
}
|
||||
EOF
|
||||
)"
|
||||
echo "${nginxconf}" | sudo tee $nginxdefaultconf > /dev/null
|
||||
echo "${nginxconf}" | sudo tee $nginxdefaultconf >/dev/null
|
||||
|
||||
for i in sites-available sites-enabled
|
||||
do
|
||||
sudo mkdir -p /etc/nginx/$i
|
||||
for i in sites-available sites-enabled; do
|
||||
sudo mkdir -p /etc/nginx/$i
|
||||
done
|
||||
|
||||
print_green 'Installing NodeJS'
|
||||
|
|
@ -264,7 +259,6 @@ sudo make altinstall
|
|||
cd ~
|
||||
sudo rm -rf Python-${PYTHON_VER} Python-${PYTHON_VER}.tgz
|
||||
|
||||
|
||||
print_green 'Installing redis and git'
|
||||
sudo apt install -y ca-certificates redis git
|
||||
|
||||
|
|
@ -278,10 +272,10 @@ sudo apt install -y postgresql-14
|
|||
sleep 2
|
||||
sudo systemctl enable --now postgresql
|
||||
|
||||
until pg_isready > /dev/null; do
|
||||
until pg_isready >/dev/null; do
|
||||
echo -ne "${GREEN}Waiting for PostgreSQL to be ready${NC}\n"
|
||||
sleep 3
|
||||
done
|
||||
done
|
||||
|
||||
print_green 'Creating database for the rmm'
|
||||
|
||||
|
|
@ -333,7 +327,8 @@ cd /meshcentral
|
|||
npm install meshcentral@${MESH_VER}
|
||||
sudo chown ${USER}:${USER} -R /meshcentral
|
||||
|
||||
meshcfg="$(cat << EOF
|
||||
meshcfg="$(
|
||||
cat <<EOF
|
||||
{
|
||||
"settings": {
|
||||
"cert": "${meshdomain}",
|
||||
|
|
@ -370,9 +365,10 @@ meshcfg="$(cat << EOF
|
|||
}
|
||||
EOF
|
||||
)"
|
||||
echo "${meshcfg}" > /meshcentral/meshcentral-data/config.json
|
||||
echo "${meshcfg}" >/meshcentral/meshcentral-data/config.json
|
||||
|
||||
localvars="$(cat << EOF
|
||||
localvars="$(
|
||||
cat <<EOF
|
||||
SECRET_KEY = "${DJANGO_SEKRET}"
|
||||
|
||||
DEBUG = False
|
||||
|
|
@ -402,7 +398,7 @@ REDIS_HOST = "localhost"
|
|||
ADMIN_ENABLED = True
|
||||
EOF
|
||||
)"
|
||||
echo "${localvars}" > /rmm/api/tacticalrmm/tacticalrmm/local_settings.py
|
||||
echo "${localvars}" >/rmm/api/tacticalrmm/tacticalrmm/local_settings.py
|
||||
|
||||
sudo cp /rmm/natsapi/bin/nats-api /usr/local/bin
|
||||
sudo chown ${USER}:${USER} /usr/local/bin/nats-api
|
||||
|
|
@ -442,7 +438,8 @@ python manage.py generate_barcode ${RANDBASE} ${djangousername} ${frontenddomain
|
|||
deactivate
|
||||
read -n 1 -s -r -p "Press any key to continue..."
|
||||
|
||||
rmmservice="$(cat << EOF
|
||||
rmmservice="$(
|
||||
cat <<EOF
|
||||
[Unit]
|
||||
Description=tacticalrmm uwsgi daemon
|
||||
After=network.target postgresql.service
|
||||
|
|
@ -460,9 +457,10 @@ RestartSec=10s
|
|||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${rmmservice}" | sudo tee /etc/systemd/system/rmm.service > /dev/null
|
||||
echo "${rmmservice}" | sudo tee /etc/systemd/system/rmm.service >/dev/null
|
||||
|
||||
daphneservice="$(cat << EOF
|
||||
daphneservice="$(
|
||||
cat <<EOF
|
||||
[Unit]
|
||||
Description=django channels daemon v2
|
||||
After=network.target
|
||||
|
|
@ -482,9 +480,10 @@ RestartSec=3s
|
|||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${daphneservice}" | sudo tee /etc/systemd/system/daphne.service > /dev/null
|
||||
echo "${daphneservice}" | sudo tee /etc/systemd/system/daphne.service >/dev/null
|
||||
|
||||
natsservice="$(cat << EOF
|
||||
natsservice="$(
|
||||
cat <<EOF
|
||||
[Unit]
|
||||
Description=NATS Server
|
||||
After=network.target
|
||||
|
|
@ -505,9 +504,10 @@ LimitNOFILE=1000000
|
|||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${natsservice}" | sudo tee /etc/systemd/system/nats.service > /dev/null
|
||||
echo "${natsservice}" | sudo tee /etc/systemd/system/nats.service >/dev/null
|
||||
|
||||
natsapi="$(cat << EOF
|
||||
natsapi="$(
|
||||
cat <<EOF
|
||||
[Unit]
|
||||
Description=TacticalRMM Nats Api v1
|
||||
After=nats.service
|
||||
|
|
@ -524,9 +524,10 @@ RestartSec=5s
|
|||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${natsapi}" | sudo tee /etc/systemd/system/nats-api.service > /dev/null
|
||||
echo "${natsapi}" | sudo tee /etc/systemd/system/nats-api.service >/dev/null
|
||||
|
||||
nginxrmm="$(cat << EOF
|
||||
nginxrmm="$(
|
||||
cat <<EOF
|
||||
server_tokens off;
|
||||
|
||||
upstream tacticalrmm {
|
||||
|
|
@ -609,10 +610,10 @@ server {
|
|||
}
|
||||
EOF
|
||||
)"
|
||||
echo "${nginxrmm}" | sudo tee /etc/nginx/sites-available/rmm.conf > /dev/null
|
||||
echo "${nginxrmm}" | sudo tee /etc/nginx/sites-available/rmm.conf >/dev/null
|
||||
|
||||
|
||||
nginxmesh="$(cat << EOF
|
||||
nginxmesh="$(
|
||||
cat <<EOF
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
|
@ -654,14 +655,15 @@ server {
|
|||
}
|
||||
EOF
|
||||
)"
|
||||
echo "${nginxmesh}" | sudo tee /etc/nginx/sites-available/meshcentral.conf > /dev/null
|
||||
echo "${nginxmesh}" | sudo tee /etc/nginx/sites-available/meshcentral.conf >/dev/null
|
||||
|
||||
sudo ln -s /etc/nginx/sites-available/rmm.conf /etc/nginx/sites-enabled/rmm.conf
|
||||
sudo ln -s /etc/nginx/sites-available/meshcentral.conf /etc/nginx/sites-enabled/meshcentral.conf
|
||||
|
||||
sudo mkdir /etc/conf.d
|
||||
|
||||
celeryservice="$(cat << EOF
|
||||
celeryservice="$(
|
||||
cat <<EOF
|
||||
[Unit]
|
||||
Description=Celery Service V2
|
||||
After=network.target redis-server.service postgresql.service
|
||||
|
|
@ -682,9 +684,10 @@ RestartSec=10s
|
|||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${celeryservice}" | sudo tee /etc/systemd/system/celery.service > /dev/null
|
||||
echo "${celeryservice}" | sudo tee /etc/systemd/system/celery.service >/dev/null
|
||||
|
||||
celeryconf="$(cat << EOF
|
||||
celeryconf="$(
|
||||
cat <<EOF
|
||||
CELERYD_NODES="w1"
|
||||
|
||||
CELERY_BIN="/rmm/api/env/bin/celery"
|
||||
|
|
@ -703,10 +706,10 @@ CELERYBEAT_PID_FILE="/rmm/api/tacticalrmm/beat.pid"
|
|||
CELERYBEAT_LOG_FILE="/var/log/celery/beat.log"
|
||||
EOF
|
||||
)"
|
||||
echo "${celeryconf}" | sudo tee /etc/conf.d/celery.conf > /dev/null
|
||||
echo "${celeryconf}" | sudo tee /etc/conf.d/celery.conf >/dev/null
|
||||
|
||||
|
||||
celerybeatservice="$(cat << EOF
|
||||
celerybeatservice="$(
|
||||
cat <<EOF
|
||||
[Unit]
|
||||
Description=Celery Beat Service V2
|
||||
After=network.target redis-server.service postgresql.service
|
||||
|
|
@ -725,11 +728,12 @@ RestartSec=10s
|
|||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${celerybeatservice}" | sudo tee /etc/systemd/system/celerybeat.service > /dev/null
|
||||
echo "${celerybeatservice}" | sudo tee /etc/systemd/system/celerybeat.service >/dev/null
|
||||
|
||||
sudo chown ${USER}:${USER} -R /etc/conf.d/
|
||||
|
||||
meshservice="$(cat << EOF
|
||||
meshservice="$(
|
||||
cat <<EOF
|
||||
[Unit]
|
||||
Description=MeshCentral Server
|
||||
After=network.target mongod.service nginx.service
|
||||
|
|
@ -748,7 +752,7 @@ RestartSec=10s
|
|||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${meshservice}" | sudo tee /etc/systemd/system/meshcentral.service > /dev/null
|
||||
echo "${meshservice}" | sudo tee /etc/systemd/system/meshcentral.service >/dev/null
|
||||
|
||||
sudo systemctl daemon-reload
|
||||
|
||||
|
|
@ -766,11 +770,12 @@ webtar="trmm-web-v${WEB_VERSION}.tar.gz"
|
|||
wget -q https://github.com/amidaware/tacticalrmm-web/releases/download/v${WEB_VERSION}/${webtar} -O /tmp/${webtar}
|
||||
sudo mkdir -p /var/www/rmm
|
||||
sudo tar -xzf /tmp/${webtar} -C /var/www/rmm
|
||||
echo "window._env_ = {PROD_URL: \"https://${rmmdomain}\"}" | sudo tee /var/www/rmm/dist/env-config.js > /dev/null
|
||||
echo "window._env_ = {PROD_URL: \"https://${rmmdomain}\"}" | sudo tee /var/www/rmm/dist/env-config.js >/dev/null
|
||||
sudo chown www-data:www-data -R /var/www/rmm/dist
|
||||
rm -f /tmp/${webtar}
|
||||
|
||||
nginxfrontend="$(cat << EOF
|
||||
nginxfrontend="$(
|
||||
cat <<EOF
|
||||
server {
|
||||
server_name ${frontenddomain};
|
||||
charset utf-8;
|
||||
|
|
@ -809,15 +814,13 @@ server {
|
|||
}
|
||||
EOF
|
||||
)"
|
||||
echo "${nginxfrontend}" | sudo tee /etc/nginx/sites-available/frontend.conf > /dev/null
|
||||
echo "${nginxfrontend}" | sudo tee /etc/nginx/sites-available/frontend.conf >/dev/null
|
||||
|
||||
sudo ln -s /etc/nginx/sites-available/frontend.conf /etc/nginx/sites-enabled/frontend.conf
|
||||
|
||||
|
||||
print_green 'Enabling Services'
|
||||
|
||||
for i in rmm.service daphne.service celery.service celerybeat.service nginx
|
||||
do
|
||||
for i in rmm.service daphne.service celery.service celerybeat.service nginx; do
|
||||
sudo systemctl enable ${i}
|
||||
sudo systemctl stop ${i}
|
||||
sudo systemctl start ${i}
|
||||
|
|
@ -844,12 +847,12 @@ print_green 'Generating meshcentral login token key'
|
|||
|
||||
MESHTOKENKEY=$(node /meshcentral/node_modules/meshcentral --logintokenkey)
|
||||
|
||||
meshtoken="$(cat << EOF
|
||||
meshtoken="$(
|
||||
cat <<EOF
|
||||
MESH_TOKEN_KEY = "${MESHTOKENKEY}"
|
||||
EOF
|
||||
)"
|
||||
echo "${meshtoken}" | tee --append /rmm/api/tacticalrmm/tacticalrmm/local_settings.py > /dev/null
|
||||
|
||||
echo "${meshtoken}" | tee --append /rmm/api/tacticalrmm/tacticalrmm/local_settings.py >/dev/null
|
||||
|
||||
print_green 'Creating meshcentral account and group'
|
||||
|
||||
|
|
@ -889,8 +892,7 @@ sudo systemctl start nats-api.service
|
|||
sed -i 's/ADMIN_ENABLED = True/ADMIN_ENABLED = False/g' /rmm/api/tacticalrmm/tacticalrmm/local_settings.py
|
||||
|
||||
print_green 'Restarting services'
|
||||
for i in rmm.service daphne.service celery.service celerybeat.service
|
||||
do
|
||||
for i in rmm.service daphne.service celery.service celerybeat.service; do
|
||||
sudo systemctl stop ${i}
|
||||
sudo systemctl start ${i}
|
||||
done
|
||||
|
|
@ -904,13 +906,12 @@ printf >&2 "${YELLOW}MeshCentral username: ${GREEN}${meshusername}${NC}\n"
|
|||
printf >&2 "${YELLOW}MeshCentral password: ${GREEN}${MESHPASSWD}${NC}\n\n"
|
||||
|
||||
if [ "$BEHIND_NAT" = true ]; then
|
||||
echo -ne "${YELLOW}Read below if your router does NOT support Hairpin NAT${NC}\n\n"
|
||||
echo -ne "${GREEN}If you will be accessing the web interface of the RMM from the same LAN as this server,${NC}\n"
|
||||
echo -ne "${GREEN}you'll need to make sure your 3 subdomains resolve to ${IPV4}${NC}\n"
|
||||
echo -ne "${GREEN}This also applies to any agents that will be on the same local network as the rmm.${NC}\n"
|
||||
echo -ne "${GREEN}You'll also need to setup port forwarding in your router on port 443${NC}\n\n"
|
||||
echo -ne "${YELLOW}Read below if your router does NOT support Hairpin NAT${NC}\n\n"
|
||||
echo -ne "${GREEN}If you will be accessing the web interface of the RMM from the same LAN as this server,${NC}\n"
|
||||
echo -ne "${GREEN}you'll need to make sure your 3 subdomains resolve to ${IPV4}${NC}\n"
|
||||
echo -ne "${GREEN}This also applies to any agents that will be on the same local network as the rmm.${NC}\n"
|
||||
echo -ne "${GREEN}You'll also need to setup port forwarding in your router on port 443${NC}\n\n"
|
||||
fi
|
||||
|
||||
printf >&2 "${YELLOW}Please refer to the github README for next steps${NC}\n\n"
|
||||
printf >&2 "${YELLOW}%0.s*${NC}" {1..80}
|
||||
printf >&2 "\n"
|
||||
|
|
|
|||
102
restore.sh
102
restore.sh
|
|
@ -17,14 +17,14 @@ PYTHON_VER='3.11.2'
|
|||
SETTINGS_FILE='/rmm/api/tacticalrmm/tacticalrmm/settings.py'
|
||||
|
||||
TMP_FILE=$(mktemp -p "" "rmmrestore_XXXXXXXXXX")
|
||||
curl -s -L "${SCRIPT_URL}" > ${TMP_FILE}
|
||||
curl -s -L "${SCRIPT_URL}" >${TMP_FILE}
|
||||
NEW_VER=$(grep "^SCRIPT_VERSION" "$TMP_FILE" | awk -F'[="]' '{print $3}')
|
||||
|
||||
if [ "${SCRIPT_VERSION}" -ne "${NEW_VER}" ]; then
|
||||
printf >&2 "${YELLOW}A newer version of this restore script is available.${NC}\n"
|
||||
printf >&2 "${YELLOW}Please download the latest version from ${GREEN}${SCRIPT_URL}${YELLOW} and re-run.${NC}\n"
|
||||
rm -f $TMP_FILE
|
||||
exit 1
|
||||
printf >&2 "${YELLOW}A newer version of this restore script is available.${NC}\n"
|
||||
printf >&2 "${YELLOW}Please download the latest version from ${GREEN}${SCRIPT_URL}${YELLOW} and re-run.${NC}\n"
|
||||
rm -f $TMP_FILE
|
||||
exit 1
|
||||
fi
|
||||
|
||||
rm -f $TMP_FILE
|
||||
|
|
@ -37,12 +37,13 @@ fi
|
|||
|
||||
memTotal=$(grep -i memtotal /proc/meminfo | awk '{print $2}')
|
||||
if [[ $memTotal -lt 3627528 ]]; then
|
||||
echo -ne "${RED}ERROR: A minimum of 4GB of RAM is required.${NC}\n"
|
||||
exit 1
|
||||
echo -ne "${RED}ERROR: A minimum of 4GB of RAM is required.${NC}\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
osname=$(lsb_release -si); osname=${osname^}
|
||||
osname=$(echo "$osname" | tr '[A-Z]' '[a-z]')
|
||||
osname=$(lsb_release -si)
|
||||
osname=${osname^}
|
||||
osname=$(echo "$osname" | tr '[A-Z]' '[a-z]')
|
||||
fullrel=$(lsb_release -sd)
|
||||
codename=$(lsb_release -sc)
|
||||
relno=$(lsb_release -sr | cut -d. -f1)
|
||||
|
|
@ -58,10 +59,10 @@ fi
|
|||
if ([ "$osname" = "ubuntu" ] && [ "$fullrelno" = "20.04" ]) || ([ "$osname" = "debian" ] && [ $relno -ge 10 ]); then
|
||||
echo $fullrel
|
||||
else
|
||||
echo $fullrel
|
||||
echo -ne "${RED}Supported versions: Ubuntu 20.04, Debian 10 and 11\n"
|
||||
echo -ne "Your system does not appear to be supported${NC}\n"
|
||||
exit 1
|
||||
echo $fullrel
|
||||
echo -ne "${RED}Supported versions: Ubuntu 20.04, Debian 10 and 11\n"
|
||||
echo -ne "Your system does not appear to be supported${NC}\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ([ "$osname" = "ubuntu" ]); then
|
||||
|
|
@ -93,7 +94,6 @@ if [ ! -f "${1}" ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
print_green() {
|
||||
printf >&2 "${GREEN}%0.s-${NC}" {1..80}
|
||||
printf >&2 "\n"
|
||||
|
|
@ -102,7 +102,6 @@ print_green() {
|
|||
printf >&2 "\n"
|
||||
}
|
||||
|
||||
|
||||
print_green 'Unpacking backup'
|
||||
tmp_dir=$(mktemp -d -t tacticalrmm-XXXXXXXXXXXXXXXXXXXXX)
|
||||
|
||||
|
|
@ -111,7 +110,6 @@ tar -xf ${1} -C $tmp_dir
|
|||
strip="User="
|
||||
ORIGUSER=$(grep ${strip} $tmp_dir/systemd/rmm.service | sed -e "s/^${strip}//")
|
||||
|
||||
|
||||
if [ "$ORIGUSER" != "$USER" ]; then
|
||||
printf >&2 "${RED}ERROR: You must run this restore script from the same user account used on your old server: ${GREEN}${ORIGUSER}${NC}\n"
|
||||
rm -rf $tmp_dir
|
||||
|
|
@ -135,12 +133,13 @@ print_green 'Restoring Nginx'
|
|||
|
||||
wget -qO - https://nginx.org/packages/keys/nginx_signing.key | sudo apt-key add -
|
||||
|
||||
nginxrepo="$(cat << EOF
|
||||
nginxrepo="$(
|
||||
cat <<EOF
|
||||
deb https://nginx.org/packages/$osname/ $codename nginx
|
||||
deb-src https://nginx.org/packages/$osname/ $codename nginx
|
||||
EOF
|
||||
)"
|
||||
echo "${nginxrepo}" | sudo tee /etc/apt/sources.list.d/nginx.list > /dev/null
|
||||
echo "${nginxrepo}" | sudo tee /etc/apt/sources.list.d/nginx.list >/dev/null
|
||||
|
||||
sudo apt update
|
||||
sudo apt install -y nginx
|
||||
|
|
@ -148,7 +147,8 @@ sudo systemctl stop nginx
|
|||
|
||||
nginxdefaultconf='/etc/nginx/nginx.conf'
|
||||
|
||||
nginxconf="$(cat << EOF
|
||||
nginxconf="$(
|
||||
cat <<EOF
|
||||
worker_rlimit_nofile 1000000;
|
||||
user www-data;
|
||||
worker_processes auto;
|
||||
|
|
@ -176,15 +176,15 @@ http {
|
|||
}
|
||||
EOF
|
||||
)"
|
||||
echo "${nginxconf}" | sudo tee $nginxdefaultconf > /dev/null
|
||||
echo "${nginxconf}" | sudo tee $nginxdefaultconf >/dev/null
|
||||
|
||||
for i in sites-available sites-enabled; do
|
||||
sudo mkdir -p /etc/nginx/$i
|
||||
done
|
||||
|
||||
for i in rmm frontend meshcentral; do
|
||||
sudo cp ${tmp_dir}/nginx/${i}.conf /etc/nginx/sites-available/
|
||||
sudo ln -s /etc/nginx/sites-available/${i}.conf /etc/nginx/sites-enabled/${i}.conf
|
||||
sudo cp ${tmp_dir}/nginx/${i}.conf /etc/nginx/sites-available/
|
||||
sudo ln -s /etc/nginx/sites-available/${i}.conf /etc/nginx/sites-enabled/${i}.conf
|
||||
done
|
||||
|
||||
print_green 'Restoring certbot'
|
||||
|
|
@ -224,7 +224,6 @@ sudo make altinstall
|
|||
cd ~
|
||||
sudo rm -rf Python-${PYTHON_VER} Python-${PYTHON_VER}.tgz
|
||||
|
||||
|
||||
print_green 'Installing redis and git'
|
||||
sudo apt install -y ca-certificates redis git
|
||||
|
||||
|
|
@ -237,10 +236,10 @@ sudo apt install -y postgresql-14
|
|||
sleep 2
|
||||
sudo systemctl enable --now postgresql
|
||||
|
||||
until pg_isready > /dev/null; do
|
||||
until pg_isready >/dev/null; do
|
||||
echo -ne "${GREEN}Waiting for PostgreSQL to be ready${NC}\n"
|
||||
sleep 3
|
||||
done
|
||||
done
|
||||
|
||||
sudo mkdir /rmm
|
||||
sudo chown ${USER}:${USER} /rmm
|
||||
|
|
@ -282,30 +281,29 @@ npm install meshcentral@${MESH_VER}
|
|||
print_green 'Restoring MeshCentral DB'
|
||||
|
||||
if grep -q postgres "/meshcentral/meshcentral-data/config.json"; then
|
||||
if ! which jq > /dev/null
|
||||
then
|
||||
sudo apt-get install -y jq > null
|
||||
fi
|
||||
MESH_POSTGRES_USER=$(jq '.settings.postgres.user' /meshcentral/meshcentral-data/config.json -r)
|
||||
MESH_POSTGRES_PW=$(jq '.settings.postgres.password' /meshcentral/meshcentral-data/config.json -r)
|
||||
sudo -u postgres psql -c "DROP DATABASE IF EXISTS meshcentral"
|
||||
sudo -u postgres psql -c "CREATE DATABASE meshcentral"
|
||||
sudo -u postgres psql -c "CREATE USER ${MESH_POSTGRES_USER} WITH PASSWORD '${MESH_POSTGRES_PW}'"
|
||||
sudo -u postgres psql -c "ALTER ROLE ${MESH_POSTGRES_USER} SET client_encoding TO 'utf8'"
|
||||
sudo -u postgres psql -c "ALTER ROLE ${MESH_POSTGRES_USER} SET default_transaction_isolation TO 'read committed'"
|
||||
sudo -u postgres psql -c "ALTER ROLE ${MESH_POSTGRES_USER} SET timezone TO 'UTC'"
|
||||
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE meshcentral TO ${MESH_POSTGRES_USER}"
|
||||
gzip -d $tmp_dir/postgres/mesh-db*.psql.gz
|
||||
PGPASSWORD=${MESH_POSTGRES_PW} psql -h localhost -U ${MESH_POSTGRES_USER} -d meshcentral -f $tmp_dir/postgres/mesh-db*.psql
|
||||
if ! which jq >/dev/null; then
|
||||
sudo apt-get install -y jq >null
|
||||
fi
|
||||
MESH_POSTGRES_USER=$(jq '.settings.postgres.user' /meshcentral/meshcentral-data/config.json -r)
|
||||
MESH_POSTGRES_PW=$(jq '.settings.postgres.password' /meshcentral/meshcentral-data/config.json -r)
|
||||
sudo -u postgres psql -c "DROP DATABASE IF EXISTS meshcentral"
|
||||
sudo -u postgres psql -c "CREATE DATABASE meshcentral"
|
||||
sudo -u postgres psql -c "CREATE USER ${MESH_POSTGRES_USER} WITH PASSWORD '${MESH_POSTGRES_PW}'"
|
||||
sudo -u postgres psql -c "ALTER ROLE ${MESH_POSTGRES_USER} SET client_encoding TO 'utf8'"
|
||||
sudo -u postgres psql -c "ALTER ROLE ${MESH_POSTGRES_USER} SET default_transaction_isolation TO 'read committed'"
|
||||
sudo -u postgres psql -c "ALTER ROLE ${MESH_POSTGRES_USER} SET timezone TO 'UTC'"
|
||||
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE meshcentral TO ${MESH_POSTGRES_USER}"
|
||||
gzip -d $tmp_dir/postgres/mesh-db*.psql.gz
|
||||
PGPASSWORD=${MESH_POSTGRES_PW} psql -h localhost -U ${MESH_POSTGRES_USER} -d meshcentral -f $tmp_dir/postgres/mesh-db*.psql
|
||||
else
|
||||
print_green 'Installing MongoDB'
|
||||
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
|
||||
echo "$mongodb_repo" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
|
||||
sudo apt update
|
||||
sudo apt install -y mongodb-org
|
||||
sudo systemctl enable --now mongod
|
||||
sleep 5
|
||||
mongorestore --gzip $tmp_dir/meshcentral/mongo
|
||||
print_green 'Installing MongoDB'
|
||||
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
|
||||
echo "$mongodb_repo" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
|
||||
sudo apt update
|
||||
sudo apt install -y mongodb-org
|
||||
sudo systemctl enable --now mongod
|
||||
sleep 5
|
||||
mongorestore --gzip $tmp_dir/meshcentral/mongo
|
||||
fi
|
||||
|
||||
print_green 'Restoring the backend'
|
||||
|
|
@ -362,7 +360,7 @@ HAS_11=$(grep 127.0.1.1 /etc/hosts)
|
|||
if [[ $HAS_11 ]]; then
|
||||
sudo sed -i "/127.0.1.1/s/$/ ${API} ${webdomain} ${meshdomain}/" /etc/hosts
|
||||
else
|
||||
echo "127.0.1.1 ${API} ${webdomain} ${meshdomain}" | sudo tee --append /etc/hosts > /dev/null
|
||||
echo "127.0.1.1 ${API} ${webdomain} ${meshdomain}" | sudo tee --append /etc/hosts >/dev/null
|
||||
fi
|
||||
|
||||
sudo systemctl enable nats.service
|
||||
|
|
@ -374,11 +372,10 @@ webtar="trmm-web-v${WEB_VERSION}.tar.gz"
|
|||
wget -q https://github.com/amidaware/tacticalrmm-web/releases/download/v${WEB_VERSION}/${webtar} -O /tmp/${webtar}
|
||||
sudo mkdir -p /var/www/rmm
|
||||
sudo tar -xzf /tmp/${webtar} -C /var/www/rmm
|
||||
echo "window._env_ = {PROD_URL: \"https://${API}\"}" | sudo tee /var/www/rmm/dist/env-config.js > /dev/null
|
||||
echo "window._env_ = {PROD_URL: \"https://${API}\"}" | sudo tee /var/www/rmm/dist/env-config.js >/dev/null
|
||||
sudo chown www-data:www-data -R /var/www/rmm/dist
|
||||
rm -f /tmp/${webtar}
|
||||
|
||||
|
||||
# reset perms
|
||||
sudo chown ${USER}:${USER} -R /rmm
|
||||
sudo chown ${USER}:${USER} /var/log/celery
|
||||
|
|
@ -390,8 +387,7 @@ sudo chown -R $USER:$GROUP /home/${USER}/.cache
|
|||
print_green 'Enabling Services'
|
||||
sudo systemctl daemon-reload
|
||||
|
||||
for i in celery.service celerybeat.service rmm.service daphne.service nats-api.service nginx
|
||||
do
|
||||
for i in celery.service celerybeat.service rmm.service daphne.service nats-api.service nginx; do
|
||||
sudo systemctl enable ${i}
|
||||
sudo systemctl stop ${i}
|
||||
sudo systemctl start ${i}
|
||||
|
|
|
|||
101
update.sh
101
update.sh
|
|
@ -14,20 +14,20 @@ PYTHON_VER='3.11.2'
|
|||
SETTINGS_FILE='/rmm/api/tacticalrmm/tacticalrmm/settings.py'
|
||||
|
||||
TMP_FILE=$(mktemp -p "" "rmmupdate_XXXXXXXXXX")
|
||||
curl -s -L "${SCRIPT_URL}" > ${TMP_FILE}
|
||||
curl -s -L "${SCRIPT_URL}" >${TMP_FILE}
|
||||
NEW_VER=$(grep "^SCRIPT_VERSION" "$TMP_FILE" | awk -F'[="]' '{print $3}')
|
||||
|
||||
if [ "${SCRIPT_VERSION}" -ne "${NEW_VER}" ]; then
|
||||
printf >&2 "${YELLOW}Old update script detected, downloading and replacing with the latest version...${NC}\n"
|
||||
wget -q "${SCRIPT_URL}" -O update.sh
|
||||
exec ${THIS_SCRIPT}
|
||||
printf >&2 "${YELLOW}Old update script detected, downloading and replacing with the latest version...${NC}\n"
|
||||
wget -q "${SCRIPT_URL}" -O update.sh
|
||||
exec ${THIS_SCRIPT}
|
||||
fi
|
||||
|
||||
rm -f $TMP_FILE
|
||||
|
||||
force=false
|
||||
if [[ $* == *--force* ]]; then
|
||||
force=true
|
||||
force=true
|
||||
fi
|
||||
|
||||
if [ $EUID -eq 0 ]; then
|
||||
|
|
@ -46,7 +46,7 @@ if [ "$ORIGUSER" != "$USER" ]; then
|
|||
fi
|
||||
|
||||
TMP_SETTINGS=$(mktemp -p "" "rmmsettings_XXXXXXXXXX")
|
||||
curl -s -L "${LATEST_SETTINGS_URL}" > ${TMP_SETTINGS}
|
||||
curl -s -L "${LATEST_SETTINGS_URL}" >${TMP_SETTINGS}
|
||||
|
||||
LATEST_TRMM_VER=$(grep "^TRMM_VERSION" "$TMP_SETTINGS" | awk -F'[= "]' '{print $5}')
|
||||
CURRENT_TRMM_VER=$(grep "^TRMM_VERSION" "$SETTINGS_FILE" | awk -F'[= "]' '{print $5}')
|
||||
|
|
@ -67,13 +67,13 @@ cls() {
|
|||
printf "\033c"
|
||||
}
|
||||
|
||||
|
||||
CHECK_NATS_LIMITNOFILE=$(grep LimitNOFILE /etc/systemd/system/nats.service)
|
||||
if ! [[ $CHECK_NATS_LIMITNOFILE ]]; then
|
||||
|
||||
sudo rm -f /etc/systemd/system/nats.service
|
||||
sudo rm -f /etc/systemd/system/nats.service
|
||||
|
||||
natsservice="$(cat << EOF
|
||||
natsservice="$(
|
||||
cat <<EOF
|
||||
[Unit]
|
||||
Description=NATS Server
|
||||
After=network.target
|
||||
|
|
@ -93,9 +93,9 @@ LimitNOFILE=1000000
|
|||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${natsservice}" | sudo tee /etc/systemd/system/nats.service > /dev/null
|
||||
sudo systemctl daemon-reload
|
||||
)"
|
||||
echo "${natsservice}" | sudo tee /etc/systemd/system/nats.service >/dev/null
|
||||
sudo systemctl daemon-reload
|
||||
fi
|
||||
|
||||
rmmconf='/etc/nginx/sites-available/rmm.conf'
|
||||
|
|
@ -117,28 +117,26 @@ if ! [[ $CHECK_NATS_WEBSOCKET ]]; then
|
|||
print "\n"
|
||||
}
|
||||
{ print }
|
||||
' $rmmconf)" | sudo tee $rmmconf > /dev/null
|
||||
' $rmmconf)" | sudo tee $rmmconf >/dev/null
|
||||
fi
|
||||
|
||||
|
||||
printf >&2 "${GREEN}Stopping celery and celerybeat services (this might take a while)...${NC}\n"
|
||||
for i in celerybeat celery
|
||||
do
|
||||
sudo systemctl stop ${i}
|
||||
for i in celerybeat celery; do
|
||||
sudo systemctl stop ${i}
|
||||
done
|
||||
|
||||
for i in nginx nats-api nats rmm daphne
|
||||
do
|
||||
printf >&2 "${GREEN}Stopping ${i} service...${NC}\n"
|
||||
sudo systemctl stop ${i}
|
||||
for i in nginx nats-api nats rmm daphne; do
|
||||
printf >&2 "${GREEN}Stopping ${i} service...${NC}\n"
|
||||
sudo systemctl stop ${i}
|
||||
done
|
||||
|
||||
CHECK_DAPHNE=$(grep v2 /etc/systemd/system/daphne.service)
|
||||
if ! [[ $CHECK_DAPHNE ]]; then
|
||||
|
||||
sudo rm -f /etc/systemd/system/daphne.service
|
||||
sudo rm -f /etc/systemd/system/daphne.service
|
||||
|
||||
daphneservice="$(cat << EOF
|
||||
daphneservice="$(
|
||||
cat <<EOF
|
||||
[Unit]
|
||||
Description=django channels daemon v2
|
||||
After=network.target
|
||||
|
|
@ -157,24 +155,26 @@ RestartSec=3s
|
|||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${daphneservice}" | sudo tee /etc/systemd/system/daphne.service > /dev/null
|
||||
sudo systemctl daemon-reload
|
||||
)"
|
||||
echo "${daphneservice}" | sudo tee /etc/systemd/system/daphne.service >/dev/null
|
||||
sudo systemctl daemon-reload
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/apt/sources.list.d/nginx.list ]; then
|
||||
osname=$(lsb_release -si); osname=${osname^}
|
||||
osname=$(echo "$osname" | tr '[A-Z]' '[a-z]')
|
||||
codename=$(lsb_release -sc)
|
||||
nginxrepo="$(cat << EOF
|
||||
osname=$(lsb_release -si)
|
||||
osname=${osname^}
|
||||
osname=$(echo "$osname" | tr '[A-Z]' '[a-z]')
|
||||
codename=$(lsb_release -sc)
|
||||
nginxrepo="$(
|
||||
cat <<EOF
|
||||
deb https://nginx.org/packages/$osname/ $codename nginx
|
||||
deb-src https://nginx.org/packages/$osname/ $codename nginx
|
||||
EOF
|
||||
)"
|
||||
echo "${nginxrepo}" | sudo tee /etc/apt/sources.list.d/nginx.list > /dev/null
|
||||
wget -qO - https://nginx.org/packages/keys/nginx_signing.key | sudo apt-key add -
|
||||
sudo apt update
|
||||
sudo apt install -y nginx
|
||||
)"
|
||||
echo "${nginxrepo}" | sudo tee /etc/apt/sources.list.d/nginx.list >/dev/null
|
||||
wget -qO - https://nginx.org/packages/keys/nginx_signing.key | sudo apt-key add -
|
||||
sudo apt update
|
||||
sudo apt install -y nginx
|
||||
fi
|
||||
|
||||
nginxdefaultconf='/etc/nginx/nginx.conf'
|
||||
|
|
@ -186,22 +186,22 @@ fi
|
|||
|
||||
CHECK_NGINX_NOLIMIT=$(grep "worker_rlimit_nofile 1000000" $nginxdefaultconf)
|
||||
if ! [[ $CHECK_NGINX_NOLIMIT ]]; then
|
||||
sudo sed -i '/worker_rlimit_nofile.*/d' $nginxdefaultconf
|
||||
printf >&2 "${GREEN}Increasing nginx open file limit${NC}\n"
|
||||
sudo sed -i '1s/^/worker_rlimit_nofile 1000000;\
|
||||
sudo sed -i '/worker_rlimit_nofile.*/d' $nginxdefaultconf
|
||||
printf >&2 "${GREEN}Increasing nginx open file limit${NC}\n"
|
||||
sudo sed -i '1s/^/worker_rlimit_nofile 1000000;\
|
||||
/' $nginxdefaultconf
|
||||
fi
|
||||
|
||||
backend_conf='/etc/nginx/sites-available/rmm.conf'
|
||||
CHECK_NGINX_REUSEPORT=$(grep reuseport $backend_conf)
|
||||
if ! [[ $CHECK_NGINX_REUSEPORT ]]; then
|
||||
printf >&2 "${GREEN}Setting nginx reuseport${NC}\n"
|
||||
sudo sed -i 's/listen 443 ssl;/listen 443 ssl reuseport;/g' $backend_conf
|
||||
printf >&2 "${GREEN}Setting nginx reuseport${NC}\n"
|
||||
sudo sed -i 's/listen 443 ssl;/listen 443 ssl reuseport;/g' $backend_conf
|
||||
fi
|
||||
|
||||
sudo sed -i 's/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/g' $nginxdefaultconf
|
||||
|
||||
if ! sudo nginx -t > /dev/null 2>&1; then
|
||||
if ! sudo nginx -t >/dev/null 2>&1; then
|
||||
sudo nginx -t
|
||||
echo -ne "\n"
|
||||
echo -ne "${RED}You have syntax errors in your nginx configs. See errors above. Please fix them and re-run this script.${NC}\n"
|
||||
|
|
@ -302,7 +302,6 @@ fi
|
|||
SETUPTOOLS_VER=$(grep "^SETUPTOOLS_VER" "$SETTINGS_FILE" | awk -F'[= "]' '{print $5}')
|
||||
WHEEL_VER=$(grep "^WHEEL_VER" "$SETTINGS_FILE" | awk -F'[= "]' '{print $5}')
|
||||
|
||||
|
||||
sudo chown ${USER}:${USER} -R /rmm
|
||||
sudo chown ${USER}:${USER} -R ${SCRIPTS_DIR}
|
||||
sudo chown ${USER}:${USER} /var/log/celery
|
||||
|
|
@ -316,11 +315,12 @@ fi
|
|||
|
||||
CHECK_ADMIN_ENABLED=$(grep ADMIN_ENABLED /rmm/api/tacticalrmm/tacticalrmm/local_settings.py)
|
||||
if ! [[ $CHECK_ADMIN_ENABLED ]]; then
|
||||
adminenabled="$(cat << EOF
|
||||
adminenabled="$(
|
||||
cat <<EOF
|
||||
ADMIN_ENABLED = False
|
||||
EOF
|
||||
)"
|
||||
echo "${adminenabled}" | tee --append /rmm/api/tacticalrmm/tacticalrmm/local_settings.py > /dev/null
|
||||
)"
|
||||
echo "${adminenabled}" | tee --append /rmm/api/tacticalrmm/tacticalrmm/local_settings.py >/dev/null
|
||||
fi
|
||||
|
||||
sudo cp /rmm/natsapi/bin/nats-api /usr/local/bin
|
||||
|
|
@ -370,14 +370,13 @@ webtar="trmm-web-v${WEB_VERSION}.tar.gz"
|
|||
wget -q https://github.com/amidaware/tacticalrmm-web/releases/download/v${WEB_VERSION}/${webtar} -O /tmp/${webtar}
|
||||
sudo rm -rf /var/www/rmm/dist
|
||||
sudo tar -xzf /tmp/${webtar} -C /var/www/rmm
|
||||
echo "window._env_ = {PROD_URL: \"https://${API}\"}" | sudo tee /var/www/rmm/dist/env-config.js > /dev/null
|
||||
echo "window._env_ = {PROD_URL: \"https://${API}\"}" | sudo tee /var/www/rmm/dist/env-config.js >/dev/null
|
||||
sudo chown www-data:www-data -R /var/www/rmm/dist
|
||||
rm -f /tmp/${webtar}
|
||||
|
||||
for i in nats nats-api rmm daphne celery celerybeat nginx
|
||||
do
|
||||
printf >&2 "${GREEN}Starting ${i} service${NC}\n"
|
||||
sudo systemctl start ${i}
|
||||
for i in nats nats-api rmm daphne celery celerybeat nginx; do
|
||||
printf >&2 "${GREEN}Starting ${i} service${NC}\n"
|
||||
sudo systemctl start ${i}
|
||||
done
|
||||
|
||||
sleep 1
|
||||
|
|
@ -395,4 +394,4 @@ if [[ "${CURRENT_MESH_VER}" != "${LATEST_MESH_VER}" ]] || [[ "$force" = true ]];
|
|||
fi
|
||||
|
||||
rm -f $TMP_SETTINGS
|
||||
printf >&2 "${GREEN}Update finished!${NC}\n"
|
||||
printf >&2 "${GREEN}Update finished!${NC}\n"
|
||||
|
|
|
|||
Loading…
Reference in New Issue