From 47d9e1b9667cd1f0d672ed9ea8ecb91bff48fc5d Mon Sep 17 00:00:00 2001 From: wh1te909 Date: Tue, 21 Mar 2023 05:57:24 +0000 Subject: [PATCH] fix formatting --- backup.sh | 102 +++++++++++++++--------------- install.sh | 181 +++++++++++++++++++++++++++-------------------------- restore.sh | 102 +++++++++++++++--------------- update.sh | 101 +++++++++++++++--------------- 4 files changed, 242 insertions(+), 244 deletions(-) diff --git a/backup.sh b/backup.sh index df6934e4..badb82a0 100755 --- a/backup.sh +++ b/backup.sh @@ -11,18 +11,18 @@ NC='\033[0m' THIS_SCRIPT=$(readlink -f "$0") TMP_FILE=$(mktemp -p "" "rmmbackup_XXXXXXXXXX") -curl -s -L "${SCRIPT_URL}" > ${TMP_FILE} +curl -s -L "${SCRIPT_URL}" >${TMP_FILE} NEW_VER=$(grep "^SCRIPT_VERSION" "$TMP_FILE" | awk -F'[="]' '{print $3}') if [ "${SCRIPT_VERSION}" -ne "${NEW_VER}" ]; then printf >&2 "${YELLOW}Old backup script detected, downloading and replacing with the latest version...${NC}\n" wget -q "${SCRIPT_URL}" -O /tmp/backup.sh if grep -q SCRIPT_VERSION "/tmp/backup.sh"; then - mv /tmp/backup.sh $THIS_SCRIPT + mv /tmp/backup.sh $THIS_SCRIPT else - printf >&2 "${RED} File Seems to be Corrupt, Please Run this script again.${NC}\n" - rm /tmp/backup.sh - exit + printf >&2 "${RED} File Seems to be Corrupt, Please Run this script again.${NC}\n" + rm /tmp/backup.sh + exit fi exec ${THIS_SCRIPT} fi @@ -30,14 +30,17 @@ fi rm -f $TMP_FILE if [[ $* == *--schedule* ]]; then -(crontab -l 2>/dev/null; echo "0 0 * * * /rmm/backup.sh --auto") | crontab - -printf >&2 "${GREEN}Backups setup to run at midnight and rotate.${NC}\n" -exit + ( + crontab -l 2>/dev/null + echo "0 0 * * * /rmm/backup.sh --auto" + ) | crontab - + printf >&2 "${GREEN}Backups setup to run at midnight and rotate.${NC}\n" + exit fi if [ $EUID -eq 0 ]; then - echo -ne "\033[0;31mDo NOT run this script as root. Exiting.\e[0m\n" - exit 1 + echo -ne "\033[0;31mDo NOT run this script as root. Exiting.\e[0m\n" + exit 1 fi if [ ! -d /rmmbackups ]; then @@ -68,20 +71,19 @@ mkdir ${tmp_dir}/confd POSTGRES_USER=$(/rmm/api/env/bin/python /rmm/api/tacticalrmm/manage.py get_config dbuser) POSTGRES_PW=$(/rmm/api/env/bin/python /rmm/api/tacticalrmm/manage.py get_config dbpw) -pg_dump --dbname=postgresql://"${POSTGRES_USER}":"${POSTGRES_PW}"@127.0.0.1:5432/tacticalrmm | gzip -9 > ${tmp_dir}/postgres/db-${dt_now}.psql.gz +pg_dump --dbname=postgresql://"${POSTGRES_USER}":"${POSTGRES_PW}"@127.0.0.1:5432/tacticalrmm | gzip -9 >${tmp_dir}/postgres/db-${dt_now}.psql.gz tar -czvf ${tmp_dir}/meshcentral/mesh.tar.gz --exclude=/meshcentral/node_modules /meshcentral if grep -q postgres "/meshcentral/meshcentral-data/config.json"; then -if ! which jq >/dev/null -then -sudo apt-get install -y jq > null -fi -MESH_POSTGRES_USER=$(jq '.settings.postgres.user' /meshcentral/meshcentral-data/config.json -r) -MESH_POSTGRES_PW=$(jq '.settings.postgres.password' /meshcentral/meshcentral-data/config.json -r) -pg_dump --dbname=postgresql://"${MESH_POSTGRES_USER}":"${MESH_POSTGRES_PW}"@127.0.0.1:5432/meshcentral | gzip -9 > ${tmp_dir}/postgres/mesh-db-${dt_now}.psql.gz + if ! which jq >/dev/null; then + sudo apt-get install -y jq >null + fi + MESH_POSTGRES_USER=$(jq '.settings.postgres.user' /meshcentral/meshcentral-data/config.json -r) + MESH_POSTGRES_PW=$(jq '.settings.postgres.password' /meshcentral/meshcentral-data/config.json -r) + pg_dump --dbname=postgresql://"${MESH_POSTGRES_USER}":"${MESH_POSTGRES_PW}"@127.0.0.1:5432/meshcentral | gzip -9 >${tmp_dir}/postgres/mesh-db-${dt_now}.psql.gz else -mongodump --gzip --out=${tmp_dir}/meshcentral/mongo + mongodump --gzip --out=${tmp_dir}/meshcentral/mongo fi sudo tar -czvf ${tmp_dir}/certs/etc-letsencrypt.tar.gz -C /etc/letsencrypt . @@ -94,49 +96,49 @@ sudo tar -czvf ${tmp_dir}/confd/etc-confd.tar.gz -C /etc/conf.d . sudo cp ${sysd}/rmm.service ${sysd}/celery.service ${sysd}/celerybeat.service ${sysd}/meshcentral.service ${sysd}/nats.service ${sysd}/daphne.service ${sysd}/nats-api.service ${tmp_dir}/systemd/ -cat /rmm/api/tacticalrmm/tacticalrmm/private/log/django_debug.log | gzip -9 > ${tmp_dir}/rmm/debug.log.gz +cat /rmm/api/tacticalrmm/tacticalrmm/private/log/django_debug.log | gzip -9 >${tmp_dir}/rmm/debug.log.gz cp /rmm/api/tacticalrmm/tacticalrmm/local_settings.py ${tmp_dir}/rmm/ if [[ $* == *--auto* ]]; then -if [ ! -d /rmmbackups/daily ]; then - sudo mkdir /rmmbackups/daily - sudo chown ${USER}:${USER} /rmmbackups/daily -fi + if [ ! -d /rmmbackups/daily ]; then + sudo mkdir /rmmbackups/daily + sudo chown ${USER}:${USER} /rmmbackups/daily + fi -if [ ! -d /rmmbackups/weekly ]; then - sudo mkdir /rmmbackups/weekly - sudo chown ${USER}:${USER} /rmmbackups/weekly -fi + if [ ! -d /rmmbackups/weekly ]; then + sudo mkdir /rmmbackups/weekly + sudo chown ${USER}:${USER} /rmmbackups/weekly + fi -if [ ! -d /rmmbackups/monthly ]; then - sudo mkdir /rmmbackups/monthly - sudo chown ${USER}:${USER} /rmmbackups/monthly -fi + if [ ! -d /rmmbackups/monthly ]; then + sudo mkdir /rmmbackups/monthly + sudo chown ${USER}:${USER} /rmmbackups/monthly + fi -month_day=`date +"%d"` -week_day=`date +"%u"` + month_day=$(date +"%d") + week_day=$(date +"%u") -if [ "$month_day" -eq 10 ] ; then - tar -cf /rmmbackups/monthly/rmm-backup-${dt_now}.tar -C ${tmp_dir} . - else - if [ "$week_day" -eq 5 ] ; then - tar -cf /rmmbackups/weekly/rmm-backup-${dt_now}.tar -C ${tmp_dir} . - else - tar -cf /rmmbackups/daily/rmm-backup-${dt_now}.tar -C ${tmp_dir} . - fi -fi + if [ "$month_day" -eq 10 ]; then + tar -cf /rmmbackups/monthly/rmm-backup-${dt_now}.tar -C ${tmp_dir} . + else + if [ "$week_day" -eq 5 ]; then + tar -cf /rmmbackups/weekly/rmm-backup-${dt_now}.tar -C ${tmp_dir} . + else + tar -cf /rmmbackups/daily/rmm-backup-${dt_now}.tar -C ${tmp_dir} . + fi + fi -rm -rf ${tmp_dir} + rm -rf ${tmp_dir} -find /rmmbackups/daily/ -maxdepth 1 -mtime +14 -type d -exec rm -rv {} \; -find /rmmbackups/weekly/ -maxdepth 1 -mtime +60 -type d -exec rm -rv {} \; -find /rmmbackups/monthly/ -maxdepth 1 -mtime +380 -type d -exec rm -rv {} \; -echo -ne "${GREEN}Backup Completed${NC}\n" -exit + find /rmmbackups/daily/ -maxdepth 1 -mtime +14 -type d -exec rm -rv {} \; + find /rmmbackups/weekly/ -maxdepth 1 -mtime +60 -type d -exec rm -rv {} \; + find /rmmbackups/monthly/ -maxdepth 1 -mtime +380 -type d -exec rm -rv {} \; + echo -ne "${GREEN}Backup Completed${NC}\n" + exit else tar -cf /rmmbackups/rmm-backup-${dt_now}.tar -C ${tmp_dir} . -echo -ne "${GREEN}Backup saved to /rmmbackups/rmm-backup-${dt_now}.tar${NC}\n" + echo -ne "${GREEN}Backup saved to /rmmbackups/rmm-backup-${dt_now}.tar${NC}\n" fi diff --git a/install.sh b/install.sh index 0119703e..1fbd9c80 100644 --- a/install.sh +++ b/install.sh @@ -16,15 +16,15 @@ PYTHON_VER='3.11.2' SETTINGS_FILE='/rmm/api/tacticalrmm/tacticalrmm/settings.py' TMP_FILE=$(mktemp -p "" "rmminstall_XXXXXXXXXX") -curl -s -L "${SCRIPT_URL}" > ${TMP_FILE} +curl -s -L "${SCRIPT_URL}" >${TMP_FILE} NEW_VER=$(grep "^SCRIPT_VERSION" "$TMP_FILE" | awk -F'[="]' '{print $3}') if [ "${SCRIPT_VERSION}" -ne "${NEW_VER}" ]; then - printf >&2 "${YELLOW}Old install script detected, downloading and replacing with the latest version...${NC}\n" - wget -q "${SCRIPT_URL}" -O install.sh - printf >&2 "${YELLOW}Script updated! Please re-run ./install.sh${NC}\n" - rm -f $TMP_FILE - exit 1 + printf >&2 "${YELLOW}Old install script detected, downloading and replacing with the latest version...${NC}\n" + wget -q "${SCRIPT_URL}" -O install.sh + printf >&2 "${YELLOW}Script updated! Please re-run ./install.sh${NC}\n" + rm -f $TMP_FILE + exit 1 fi rm -f $TMP_FILE @@ -37,12 +37,13 @@ fi memTotal=$(grep -i memtotal /proc/meminfo | awk '{print $2}') if [[ $memTotal -lt 3627528 ]]; then - echo -ne "${RED}ERROR: A minimum of 4GB of RAM is required.${NC}\n" - exit 1 + echo -ne "${RED}ERROR: A minimum of 4GB of RAM is required.${NC}\n" + exit 1 fi -osname=$(lsb_release -si); osname=${osname^} -osname=$(echo "$osname" | tr '[A-Z]' '[a-z]') +osname=$(lsb_release -si) +osname=${osname^} +osname=$(echo "$osname" | tr '[A-Z]' '[a-z]') fullrel=$(lsb_release -sd) codename=$(lsb_release -sc) relno=$(lsb_release -sr | cut -d. -f1) @@ -54,15 +55,14 @@ if [ ! "$osname" = "ubuntu" ] && [ ! "$osname" = "debian" ]; then osname=${osname^} fi - # determine system if ([ "$osname" = "ubuntu" ] && [ "$fullrelno" = "20.04" ]) || ([ "$osname" = "debian" ] && [ $relno -ge 10 ]); then echo $fullrel else - echo $fullrel - echo -ne "${RED}Supported versions: Ubuntu 20.04, Debian 10 and 11\n" - echo -ne "Your system does not appear to be supported${NC}\n" - exit 1 + echo $fullrel + echo -ne "${RED}Supported versions: Ubuntu 20.04, Debian 10 and 11\n" + echo -ne "Your system does not appear to be supported${NC}\n" + exit 1 fi if [ $EUID -eq 0 ]; then @@ -89,7 +89,6 @@ fi postgresql_repo="deb [arch=amd64] https://apt.postgresql.org/pub/repos/apt/ $codename-pgdg main" - # prevents logging issues with some VPS providers like Vultr if this is a freshly provisioned instance that hasn't been rebooted yet sudo systemctl restart systemd-journald.service @@ -114,31 +113,27 @@ print_green() { cls -while [[ $rmmdomain != *[.]*[.]* ]] -do -echo -ne "${YELLOW}Enter the subdomain for the backend (e.g. api.example.com)${NC}: " -read rmmdomain +while [[ $rmmdomain != *[.]*[.]* ]]; do + echo -ne "${YELLOW}Enter the subdomain for the backend (e.g. api.example.com)${NC}: " + read rmmdomain done -while [[ $frontenddomain != *[.]*[.]* ]] -do -echo -ne "${YELLOW}Enter the subdomain for the frontend (e.g. rmm.example.com)${NC}: " -read frontenddomain +while [[ $frontenddomain != *[.]*[.]* ]]; do + echo -ne "${YELLOW}Enter the subdomain for the frontend (e.g. rmm.example.com)${NC}: " + read frontenddomain done -while [[ $meshdomain != *[.]*[.]* ]] -do -echo -ne "${YELLOW}Enter the subdomain for meshcentral (e.g. mesh.example.com)${NC}: " -read meshdomain +while [[ $meshdomain != *[.]*[.]* ]]; do + echo -ne "${YELLOW}Enter the subdomain for meshcentral (e.g. mesh.example.com)${NC}: " + read meshdomain done echo -ne "${YELLOW}Enter the root domain (e.g. example.com or example.co.uk)${NC}: " read rootdomain -while [[ $letsemail != *[@]*[.]* ]] -do -echo -ne "${YELLOW}Enter a valid email address for django and meshcentral${NC}: " -read letsemail +while [[ $letsemail != *[@]*[.]* ]]; do + echo -ne "${YELLOW}Enter a valid email address for django and meshcentral${NC}: " + read letsemail done # if server is behind NAT we need to add the 3 subdomains to the host file @@ -154,14 +149,14 @@ if ! [[ $CHECK_HOSTS ]]; then if [[ $HAS_11 ]]; then sudo sed -i "/127.0.1.1/s/$/ ${rmmdomain} ${frontenddomain} ${meshdomain}/" /etc/hosts else - echo "127.0.1.1 ${rmmdomain} ${frontenddomain} ${meshdomain}" | sudo tee --append /etc/hosts > /dev/null + echo "127.0.1.1 ${rmmdomain} ${frontenddomain} ${meshdomain}" | sudo tee --append /etc/hosts >/dev/null fi fi BEHIND_NAT=false IPV4=$(ip -4 addr | sed -ne 's|^.* inet \([^/]*\)/.* scope global.*$|\1|p' | head -1) if echo "$IPV4" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then - BEHIND_NAT=true + BEHIND_NAT=true fi sudo apt install -y software-properties-common @@ -171,9 +166,8 @@ sudo apt install -y certbot openssl print_green 'Getting wildcard cert' sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --preferred-challenges dns -m ${letsemail} --no-eff-email -while [[ $? -ne 0 ]] -do -sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --preferred-challenges dns -m ${letsemail} --no-eff-email +while [[ $? -ne 0 ]]; do + sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --preferred-challenges dns -m ${letsemail} --no-eff-email done CERT_PRIV_KEY=/etc/letsencrypt/live/${rootdomain}/privkey.pem @@ -185,12 +179,13 @@ print_green 'Installing Nginx' wget -qO - https://nginx.org/packages/keys/nginx_signing.key | sudo apt-key add - -nginxrepo="$(cat << EOF +nginxrepo="$( + cat < /dev/null +echo "${nginxrepo}" | sudo tee /etc/apt/sources.list.d/nginx.list >/dev/null sudo apt update sudo apt install -y nginx @@ -198,7 +193,8 @@ sudo systemctl stop nginx nginxdefaultconf='/etc/nginx/nginx.conf' -nginxconf="$(cat << EOF +nginxconf="$( + cat < /dev/null +echo "${nginxconf}" | sudo tee $nginxdefaultconf >/dev/null -for i in sites-available sites-enabled -do -sudo mkdir -p /etc/nginx/$i +for i in sites-available sites-enabled; do + sudo mkdir -p /etc/nginx/$i done print_green 'Installing NodeJS' @@ -264,7 +259,6 @@ sudo make altinstall cd ~ sudo rm -rf Python-${PYTHON_VER} Python-${PYTHON_VER}.tgz - print_green 'Installing redis and git' sudo apt install -y ca-certificates redis git @@ -278,10 +272,10 @@ sudo apt install -y postgresql-14 sleep 2 sudo systemctl enable --now postgresql -until pg_isready > /dev/null; do +until pg_isready >/dev/null; do echo -ne "${GREEN}Waiting for PostgreSQL to be ready${NC}\n" sleep 3 - done +done print_green 'Creating database for the rmm' @@ -333,7 +327,8 @@ cd /meshcentral npm install meshcentral@${MESH_VER} sudo chown ${USER}:${USER} -R /meshcentral -meshcfg="$(cat << EOF +meshcfg="$( + cat < /meshcentral/meshcentral-data/config.json +echo "${meshcfg}" >/meshcentral/meshcentral-data/config.json -localvars="$(cat << EOF +localvars="$( + cat < /rmm/api/tacticalrmm/tacticalrmm/local_settings.py +echo "${localvars}" >/rmm/api/tacticalrmm/tacticalrmm/local_settings.py sudo cp /rmm/natsapi/bin/nats-api /usr/local/bin sudo chown ${USER}:${USER} /usr/local/bin/nats-api @@ -442,7 +438,8 @@ python manage.py generate_barcode ${RANDBASE} ${djangousername} ${frontenddomain deactivate read -n 1 -s -r -p "Press any key to continue..." -rmmservice="$(cat << EOF +rmmservice="$( + cat < /dev/null +echo "${rmmservice}" | sudo tee /etc/systemd/system/rmm.service >/dev/null -daphneservice="$(cat << EOF +daphneservice="$( + cat < /dev/null +echo "${daphneservice}" | sudo tee /etc/systemd/system/daphne.service >/dev/null -natsservice="$(cat << EOF +natsservice="$( + cat < /dev/null +echo "${natsservice}" | sudo tee /etc/systemd/system/nats.service >/dev/null -natsapi="$(cat << EOF +natsapi="$( + cat < /dev/null +echo "${natsapi}" | sudo tee /etc/systemd/system/nats-api.service >/dev/null -nginxrmm="$(cat << EOF +nginxrmm="$( + cat < /dev/null +echo "${nginxrmm}" | sudo tee /etc/nginx/sites-available/rmm.conf >/dev/null - -nginxmesh="$(cat << EOF +nginxmesh="$( + cat < /dev/null +echo "${nginxmesh}" | sudo tee /etc/nginx/sites-available/meshcentral.conf >/dev/null sudo ln -s /etc/nginx/sites-available/rmm.conf /etc/nginx/sites-enabled/rmm.conf sudo ln -s /etc/nginx/sites-available/meshcentral.conf /etc/nginx/sites-enabled/meshcentral.conf sudo mkdir /etc/conf.d -celeryservice="$(cat << EOF +celeryservice="$( + cat < /dev/null +echo "${celeryservice}" | sudo tee /etc/systemd/system/celery.service >/dev/null -celeryconf="$(cat << EOF +celeryconf="$( + cat < /dev/null +echo "${celeryconf}" | sudo tee /etc/conf.d/celery.conf >/dev/null - -celerybeatservice="$(cat << EOF +celerybeatservice="$( + cat < /dev/null +echo "${celerybeatservice}" | sudo tee /etc/systemd/system/celerybeat.service >/dev/null sudo chown ${USER}:${USER} -R /etc/conf.d/ -meshservice="$(cat << EOF +meshservice="$( + cat < /dev/null +echo "${meshservice}" | sudo tee /etc/systemd/system/meshcentral.service >/dev/null sudo systemctl daemon-reload @@ -766,11 +770,12 @@ webtar="trmm-web-v${WEB_VERSION}.tar.gz" wget -q https://github.com/amidaware/tacticalrmm-web/releases/download/v${WEB_VERSION}/${webtar} -O /tmp/${webtar} sudo mkdir -p /var/www/rmm sudo tar -xzf /tmp/${webtar} -C /var/www/rmm -echo "window._env_ = {PROD_URL: \"https://${rmmdomain}\"}" | sudo tee /var/www/rmm/dist/env-config.js > /dev/null +echo "window._env_ = {PROD_URL: \"https://${rmmdomain}\"}" | sudo tee /var/www/rmm/dist/env-config.js >/dev/null sudo chown www-data:www-data -R /var/www/rmm/dist rm -f /tmp/${webtar} -nginxfrontend="$(cat << EOF +nginxfrontend="$( + cat < /dev/null +echo "${nginxfrontend}" | sudo tee /etc/nginx/sites-available/frontend.conf >/dev/null sudo ln -s /etc/nginx/sites-available/frontend.conf /etc/nginx/sites-enabled/frontend.conf - print_green 'Enabling Services' -for i in rmm.service daphne.service celery.service celerybeat.service nginx -do +for i in rmm.service daphne.service celery.service celerybeat.service nginx; do sudo systemctl enable ${i} sudo systemctl stop ${i} sudo systemctl start ${i} @@ -844,12 +847,12 @@ print_green 'Generating meshcentral login token key' MESHTOKENKEY=$(node /meshcentral/node_modules/meshcentral --logintokenkey) -meshtoken="$(cat << EOF +meshtoken="$( + cat < /dev/null - +echo "${meshtoken}" | tee --append /rmm/api/tacticalrmm/tacticalrmm/local_settings.py >/dev/null print_green 'Creating meshcentral account and group' @@ -889,8 +892,7 @@ sudo systemctl start nats-api.service sed -i 's/ADMIN_ENABLED = True/ADMIN_ENABLED = False/g' /rmm/api/tacticalrmm/tacticalrmm/local_settings.py print_green 'Restarting services' -for i in rmm.service daphne.service celery.service celerybeat.service -do +for i in rmm.service daphne.service celery.service celerybeat.service; do sudo systemctl stop ${i} sudo systemctl start ${i} done @@ -904,13 +906,12 @@ printf >&2 "${YELLOW}MeshCentral username: ${GREEN}${meshusername}${NC}\n" printf >&2 "${YELLOW}MeshCentral password: ${GREEN}${MESHPASSWD}${NC}\n\n" if [ "$BEHIND_NAT" = true ]; then - echo -ne "${YELLOW}Read below if your router does NOT support Hairpin NAT${NC}\n\n" - echo -ne "${GREEN}If you will be accessing the web interface of the RMM from the same LAN as this server,${NC}\n" - echo -ne "${GREEN}you'll need to make sure your 3 subdomains resolve to ${IPV4}${NC}\n" - echo -ne "${GREEN}This also applies to any agents that will be on the same local network as the rmm.${NC}\n" - echo -ne "${GREEN}You'll also need to setup port forwarding in your router on port 443${NC}\n\n" + echo -ne "${YELLOW}Read below if your router does NOT support Hairpin NAT${NC}\n\n" + echo -ne "${GREEN}If you will be accessing the web interface of the RMM from the same LAN as this server,${NC}\n" + echo -ne "${GREEN}you'll need to make sure your 3 subdomains resolve to ${IPV4}${NC}\n" + echo -ne "${GREEN}This also applies to any agents that will be on the same local network as the rmm.${NC}\n" + echo -ne "${GREEN}You'll also need to setup port forwarding in your router on port 443${NC}\n\n" fi -printf >&2 "${YELLOW}Please refer to the github README for next steps${NC}\n\n" printf >&2 "${YELLOW}%0.s*${NC}" {1..80} printf >&2 "\n" diff --git a/restore.sh b/restore.sh index 2cc74e3a..06d8bc13 100755 --- a/restore.sh +++ b/restore.sh @@ -17,14 +17,14 @@ PYTHON_VER='3.11.2' SETTINGS_FILE='/rmm/api/tacticalrmm/tacticalrmm/settings.py' TMP_FILE=$(mktemp -p "" "rmmrestore_XXXXXXXXXX") -curl -s -L "${SCRIPT_URL}" > ${TMP_FILE} +curl -s -L "${SCRIPT_URL}" >${TMP_FILE} NEW_VER=$(grep "^SCRIPT_VERSION" "$TMP_FILE" | awk -F'[="]' '{print $3}') if [ "${SCRIPT_VERSION}" -ne "${NEW_VER}" ]; then - printf >&2 "${YELLOW}A newer version of this restore script is available.${NC}\n" - printf >&2 "${YELLOW}Please download the latest version from ${GREEN}${SCRIPT_URL}${YELLOW} and re-run.${NC}\n" - rm -f $TMP_FILE - exit 1 + printf >&2 "${YELLOW}A newer version of this restore script is available.${NC}\n" + printf >&2 "${YELLOW}Please download the latest version from ${GREEN}${SCRIPT_URL}${YELLOW} and re-run.${NC}\n" + rm -f $TMP_FILE + exit 1 fi rm -f $TMP_FILE @@ -37,12 +37,13 @@ fi memTotal=$(grep -i memtotal /proc/meminfo | awk '{print $2}') if [[ $memTotal -lt 3627528 ]]; then - echo -ne "${RED}ERROR: A minimum of 4GB of RAM is required.${NC}\n" - exit 1 + echo -ne "${RED}ERROR: A minimum of 4GB of RAM is required.${NC}\n" + exit 1 fi -osname=$(lsb_release -si); osname=${osname^} -osname=$(echo "$osname" | tr '[A-Z]' '[a-z]') +osname=$(lsb_release -si) +osname=${osname^} +osname=$(echo "$osname" | tr '[A-Z]' '[a-z]') fullrel=$(lsb_release -sd) codename=$(lsb_release -sc) relno=$(lsb_release -sr | cut -d. -f1) @@ -58,10 +59,10 @@ fi if ([ "$osname" = "ubuntu" ] && [ "$fullrelno" = "20.04" ]) || ([ "$osname" = "debian" ] && [ $relno -ge 10 ]); then echo $fullrel else - echo $fullrel - echo -ne "${RED}Supported versions: Ubuntu 20.04, Debian 10 and 11\n" - echo -ne "Your system does not appear to be supported${NC}\n" - exit 1 + echo $fullrel + echo -ne "${RED}Supported versions: Ubuntu 20.04, Debian 10 and 11\n" + echo -ne "Your system does not appear to be supported${NC}\n" + exit 1 fi if ([ "$osname" = "ubuntu" ]); then @@ -93,7 +94,6 @@ if [ ! -f "${1}" ]; then exit 1 fi - print_green() { printf >&2 "${GREEN}%0.s-${NC}" {1..80} printf >&2 "\n" @@ -102,7 +102,6 @@ print_green() { printf >&2 "\n" } - print_green 'Unpacking backup' tmp_dir=$(mktemp -d -t tacticalrmm-XXXXXXXXXXXXXXXXXXXXX) @@ -111,7 +110,6 @@ tar -xf ${1} -C $tmp_dir strip="User=" ORIGUSER=$(grep ${strip} $tmp_dir/systemd/rmm.service | sed -e "s/^${strip}//") - if [ "$ORIGUSER" != "$USER" ]; then printf >&2 "${RED}ERROR: You must run this restore script from the same user account used on your old server: ${GREEN}${ORIGUSER}${NC}\n" rm -rf $tmp_dir @@ -135,12 +133,13 @@ print_green 'Restoring Nginx' wget -qO - https://nginx.org/packages/keys/nginx_signing.key | sudo apt-key add - -nginxrepo="$(cat << EOF +nginxrepo="$( + cat < /dev/null +echo "${nginxrepo}" | sudo tee /etc/apt/sources.list.d/nginx.list >/dev/null sudo apt update sudo apt install -y nginx @@ -148,7 +147,8 @@ sudo systemctl stop nginx nginxdefaultconf='/etc/nginx/nginx.conf' -nginxconf="$(cat << EOF +nginxconf="$( + cat < /dev/null +echo "${nginxconf}" | sudo tee $nginxdefaultconf >/dev/null for i in sites-available sites-enabled; do sudo mkdir -p /etc/nginx/$i done for i in rmm frontend meshcentral; do - sudo cp ${tmp_dir}/nginx/${i}.conf /etc/nginx/sites-available/ - sudo ln -s /etc/nginx/sites-available/${i}.conf /etc/nginx/sites-enabled/${i}.conf + sudo cp ${tmp_dir}/nginx/${i}.conf /etc/nginx/sites-available/ + sudo ln -s /etc/nginx/sites-available/${i}.conf /etc/nginx/sites-enabled/${i}.conf done print_green 'Restoring certbot' @@ -224,7 +224,6 @@ sudo make altinstall cd ~ sudo rm -rf Python-${PYTHON_VER} Python-${PYTHON_VER}.tgz - print_green 'Installing redis and git' sudo apt install -y ca-certificates redis git @@ -237,10 +236,10 @@ sudo apt install -y postgresql-14 sleep 2 sudo systemctl enable --now postgresql -until pg_isready > /dev/null; do +until pg_isready >/dev/null; do echo -ne "${GREEN}Waiting for PostgreSQL to be ready${NC}\n" sleep 3 - done +done sudo mkdir /rmm sudo chown ${USER}:${USER} /rmm @@ -282,30 +281,29 @@ npm install meshcentral@${MESH_VER} print_green 'Restoring MeshCentral DB' if grep -q postgres "/meshcentral/meshcentral-data/config.json"; then -if ! which jq > /dev/null -then -sudo apt-get install -y jq > null -fi -MESH_POSTGRES_USER=$(jq '.settings.postgres.user' /meshcentral/meshcentral-data/config.json -r) -MESH_POSTGRES_PW=$(jq '.settings.postgres.password' /meshcentral/meshcentral-data/config.json -r) -sudo -u postgres psql -c "DROP DATABASE IF EXISTS meshcentral" -sudo -u postgres psql -c "CREATE DATABASE meshcentral" -sudo -u postgres psql -c "CREATE USER ${MESH_POSTGRES_USER} WITH PASSWORD '${MESH_POSTGRES_PW}'" -sudo -u postgres psql -c "ALTER ROLE ${MESH_POSTGRES_USER} SET client_encoding TO 'utf8'" -sudo -u postgres psql -c "ALTER ROLE ${MESH_POSTGRES_USER} SET default_transaction_isolation TO 'read committed'" -sudo -u postgres psql -c "ALTER ROLE ${MESH_POSTGRES_USER} SET timezone TO 'UTC'" -sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE meshcentral TO ${MESH_POSTGRES_USER}" -gzip -d $tmp_dir/postgres/mesh-db*.psql.gz -PGPASSWORD=${MESH_POSTGRES_PW} psql -h localhost -U ${MESH_POSTGRES_USER} -d meshcentral -f $tmp_dir/postgres/mesh-db*.psql + if ! which jq >/dev/null; then + sudo apt-get install -y jq >null + fi + MESH_POSTGRES_USER=$(jq '.settings.postgres.user' /meshcentral/meshcentral-data/config.json -r) + MESH_POSTGRES_PW=$(jq '.settings.postgres.password' /meshcentral/meshcentral-data/config.json -r) + sudo -u postgres psql -c "DROP DATABASE IF EXISTS meshcentral" + sudo -u postgres psql -c "CREATE DATABASE meshcentral" + sudo -u postgres psql -c "CREATE USER ${MESH_POSTGRES_USER} WITH PASSWORD '${MESH_POSTGRES_PW}'" + sudo -u postgres psql -c "ALTER ROLE ${MESH_POSTGRES_USER} SET client_encoding TO 'utf8'" + sudo -u postgres psql -c "ALTER ROLE ${MESH_POSTGRES_USER} SET default_transaction_isolation TO 'read committed'" + sudo -u postgres psql -c "ALTER ROLE ${MESH_POSTGRES_USER} SET timezone TO 'UTC'" + sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE meshcentral TO ${MESH_POSTGRES_USER}" + gzip -d $tmp_dir/postgres/mesh-db*.psql.gz + PGPASSWORD=${MESH_POSTGRES_PW} psql -h localhost -U ${MESH_POSTGRES_USER} -d meshcentral -f $tmp_dir/postgres/mesh-db*.psql else -print_green 'Installing MongoDB' -wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add - -echo "$mongodb_repo" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list -sudo apt update -sudo apt install -y mongodb-org -sudo systemctl enable --now mongod -sleep 5 -mongorestore --gzip $tmp_dir/meshcentral/mongo + print_green 'Installing MongoDB' + wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add - + echo "$mongodb_repo" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list + sudo apt update + sudo apt install -y mongodb-org + sudo systemctl enable --now mongod + sleep 5 + mongorestore --gzip $tmp_dir/meshcentral/mongo fi print_green 'Restoring the backend' @@ -362,7 +360,7 @@ HAS_11=$(grep 127.0.1.1 /etc/hosts) if [[ $HAS_11 ]]; then sudo sed -i "/127.0.1.1/s/$/ ${API} ${webdomain} ${meshdomain}/" /etc/hosts else - echo "127.0.1.1 ${API} ${webdomain} ${meshdomain}" | sudo tee --append /etc/hosts > /dev/null + echo "127.0.1.1 ${API} ${webdomain} ${meshdomain}" | sudo tee --append /etc/hosts >/dev/null fi sudo systemctl enable nats.service @@ -374,11 +372,10 @@ webtar="trmm-web-v${WEB_VERSION}.tar.gz" wget -q https://github.com/amidaware/tacticalrmm-web/releases/download/v${WEB_VERSION}/${webtar} -O /tmp/${webtar} sudo mkdir -p /var/www/rmm sudo tar -xzf /tmp/${webtar} -C /var/www/rmm -echo "window._env_ = {PROD_URL: \"https://${API}\"}" | sudo tee /var/www/rmm/dist/env-config.js > /dev/null +echo "window._env_ = {PROD_URL: \"https://${API}\"}" | sudo tee /var/www/rmm/dist/env-config.js >/dev/null sudo chown www-data:www-data -R /var/www/rmm/dist rm -f /tmp/${webtar} - # reset perms sudo chown ${USER}:${USER} -R /rmm sudo chown ${USER}:${USER} /var/log/celery @@ -390,8 +387,7 @@ sudo chown -R $USER:$GROUP /home/${USER}/.cache print_green 'Enabling Services' sudo systemctl daemon-reload -for i in celery.service celerybeat.service rmm.service daphne.service nats-api.service nginx -do +for i in celery.service celerybeat.service rmm.service daphne.service nats-api.service nginx; do sudo systemctl enable ${i} sudo systemctl stop ${i} sudo systemctl start ${i} diff --git a/update.sh b/update.sh index 290805cf..68bd2bc9 100644 --- a/update.sh +++ b/update.sh @@ -14,20 +14,20 @@ PYTHON_VER='3.11.2' SETTINGS_FILE='/rmm/api/tacticalrmm/tacticalrmm/settings.py' TMP_FILE=$(mktemp -p "" "rmmupdate_XXXXXXXXXX") -curl -s -L "${SCRIPT_URL}" > ${TMP_FILE} +curl -s -L "${SCRIPT_URL}" >${TMP_FILE} NEW_VER=$(grep "^SCRIPT_VERSION" "$TMP_FILE" | awk -F'[="]' '{print $3}') if [ "${SCRIPT_VERSION}" -ne "${NEW_VER}" ]; then - printf >&2 "${YELLOW}Old update script detected, downloading and replacing with the latest version...${NC}\n" - wget -q "${SCRIPT_URL}" -O update.sh - exec ${THIS_SCRIPT} + printf >&2 "${YELLOW}Old update script detected, downloading and replacing with the latest version...${NC}\n" + wget -q "${SCRIPT_URL}" -O update.sh + exec ${THIS_SCRIPT} fi rm -f $TMP_FILE force=false if [[ $* == *--force* ]]; then - force=true + force=true fi if [ $EUID -eq 0 ]; then @@ -46,7 +46,7 @@ if [ "$ORIGUSER" != "$USER" ]; then fi TMP_SETTINGS=$(mktemp -p "" "rmmsettings_XXXXXXXXXX") -curl -s -L "${LATEST_SETTINGS_URL}" > ${TMP_SETTINGS} +curl -s -L "${LATEST_SETTINGS_URL}" >${TMP_SETTINGS} LATEST_TRMM_VER=$(grep "^TRMM_VERSION" "$TMP_SETTINGS" | awk -F'[= "]' '{print $5}') CURRENT_TRMM_VER=$(grep "^TRMM_VERSION" "$SETTINGS_FILE" | awk -F'[= "]' '{print $5}') @@ -67,13 +67,13 @@ cls() { printf "\033c" } - CHECK_NATS_LIMITNOFILE=$(grep LimitNOFILE /etc/systemd/system/nats.service) if ! [[ $CHECK_NATS_LIMITNOFILE ]]; then -sudo rm -f /etc/systemd/system/nats.service + sudo rm -f /etc/systemd/system/nats.service -natsservice="$(cat << EOF + natsservice="$( + cat < /dev/null -sudo systemctl daemon-reload + )" + echo "${natsservice}" | sudo tee /etc/systemd/system/nats.service >/dev/null + sudo systemctl daemon-reload fi rmmconf='/etc/nginx/sites-available/rmm.conf' @@ -117,28 +117,26 @@ if ! [[ $CHECK_NATS_WEBSOCKET ]]; then print "\n" } { print } - ' $rmmconf)" | sudo tee $rmmconf > /dev/null + ' $rmmconf)" | sudo tee $rmmconf >/dev/null fi - printf >&2 "${GREEN}Stopping celery and celerybeat services (this might take a while)...${NC}\n" -for i in celerybeat celery -do -sudo systemctl stop ${i} +for i in celerybeat celery; do + sudo systemctl stop ${i} done -for i in nginx nats-api nats rmm daphne -do -printf >&2 "${GREEN}Stopping ${i} service...${NC}\n" -sudo systemctl stop ${i} +for i in nginx nats-api nats rmm daphne; do + printf >&2 "${GREEN}Stopping ${i} service...${NC}\n" + sudo systemctl stop ${i} done CHECK_DAPHNE=$(grep v2 /etc/systemd/system/daphne.service) if ! [[ $CHECK_DAPHNE ]]; then -sudo rm -f /etc/systemd/system/daphne.service + sudo rm -f /etc/systemd/system/daphne.service -daphneservice="$(cat << EOF + daphneservice="$( + cat < /dev/null -sudo systemctl daemon-reload + )" + echo "${daphneservice}" | sudo tee /etc/systemd/system/daphne.service >/dev/null + sudo systemctl daemon-reload fi if [ ! -f /etc/apt/sources.list.d/nginx.list ]; then -osname=$(lsb_release -si); osname=${osname^} -osname=$(echo "$osname" | tr '[A-Z]' '[a-z]') -codename=$(lsb_release -sc) -nginxrepo="$(cat << EOF + osname=$(lsb_release -si) + osname=${osname^} + osname=$(echo "$osname" | tr '[A-Z]' '[a-z]') + codename=$(lsb_release -sc) + nginxrepo="$( + cat < /dev/null -wget -qO - https://nginx.org/packages/keys/nginx_signing.key | sudo apt-key add - -sudo apt update -sudo apt install -y nginx + )" + echo "${nginxrepo}" | sudo tee /etc/apt/sources.list.d/nginx.list >/dev/null + wget -qO - https://nginx.org/packages/keys/nginx_signing.key | sudo apt-key add - + sudo apt update + sudo apt install -y nginx fi nginxdefaultconf='/etc/nginx/nginx.conf' @@ -186,22 +186,22 @@ fi CHECK_NGINX_NOLIMIT=$(grep "worker_rlimit_nofile 1000000" $nginxdefaultconf) if ! [[ $CHECK_NGINX_NOLIMIT ]]; then -sudo sed -i '/worker_rlimit_nofile.*/d' $nginxdefaultconf -printf >&2 "${GREEN}Increasing nginx open file limit${NC}\n" -sudo sed -i '1s/^/worker_rlimit_nofile 1000000;\ + sudo sed -i '/worker_rlimit_nofile.*/d' $nginxdefaultconf + printf >&2 "${GREEN}Increasing nginx open file limit${NC}\n" + sudo sed -i '1s/^/worker_rlimit_nofile 1000000;\ /' $nginxdefaultconf fi backend_conf='/etc/nginx/sites-available/rmm.conf' CHECK_NGINX_REUSEPORT=$(grep reuseport $backend_conf) if ! [[ $CHECK_NGINX_REUSEPORT ]]; then -printf >&2 "${GREEN}Setting nginx reuseport${NC}\n" -sudo sed -i 's/listen 443 ssl;/listen 443 ssl reuseport;/g' $backend_conf + printf >&2 "${GREEN}Setting nginx reuseport${NC}\n" + sudo sed -i 's/listen 443 ssl;/listen 443 ssl reuseport;/g' $backend_conf fi sudo sed -i 's/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/g' $nginxdefaultconf -if ! sudo nginx -t > /dev/null 2>&1; then +if ! sudo nginx -t >/dev/null 2>&1; then sudo nginx -t echo -ne "\n" echo -ne "${RED}You have syntax errors in your nginx configs. See errors above. Please fix them and re-run this script.${NC}\n" @@ -302,7 +302,6 @@ fi SETUPTOOLS_VER=$(grep "^SETUPTOOLS_VER" "$SETTINGS_FILE" | awk -F'[= "]' '{print $5}') WHEEL_VER=$(grep "^WHEEL_VER" "$SETTINGS_FILE" | awk -F'[= "]' '{print $5}') - sudo chown ${USER}:${USER} -R /rmm sudo chown ${USER}:${USER} -R ${SCRIPTS_DIR} sudo chown ${USER}:${USER} /var/log/celery @@ -316,11 +315,12 @@ fi CHECK_ADMIN_ENABLED=$(grep ADMIN_ENABLED /rmm/api/tacticalrmm/tacticalrmm/local_settings.py) if ! [[ $CHECK_ADMIN_ENABLED ]]; then -adminenabled="$(cat << EOF + adminenabled="$( + cat < /dev/null + )" + echo "${adminenabled}" | tee --append /rmm/api/tacticalrmm/tacticalrmm/local_settings.py >/dev/null fi sudo cp /rmm/natsapi/bin/nats-api /usr/local/bin @@ -370,14 +370,13 @@ webtar="trmm-web-v${WEB_VERSION}.tar.gz" wget -q https://github.com/amidaware/tacticalrmm-web/releases/download/v${WEB_VERSION}/${webtar} -O /tmp/${webtar} sudo rm -rf /var/www/rmm/dist sudo tar -xzf /tmp/${webtar} -C /var/www/rmm -echo "window._env_ = {PROD_URL: \"https://${API}\"}" | sudo tee /var/www/rmm/dist/env-config.js > /dev/null +echo "window._env_ = {PROD_URL: \"https://${API}\"}" | sudo tee /var/www/rmm/dist/env-config.js >/dev/null sudo chown www-data:www-data -R /var/www/rmm/dist rm -f /tmp/${webtar} -for i in nats nats-api rmm daphne celery celerybeat nginx -do -printf >&2 "${GREEN}Starting ${i} service${NC}\n" -sudo systemctl start ${i} +for i in nats nats-api rmm daphne celery celerybeat nginx; do + printf >&2 "${GREEN}Starting ${i} service${NC}\n" + sudo systemctl start ${i} done sleep 1 @@ -395,4 +394,4 @@ if [[ "${CURRENT_MESH_VER}" != "${LATEST_MESH_VER}" ]] || [[ "$force" = true ]]; fi rm -f $TMP_SETTINGS -printf >&2 "${GREEN}Update finished!${NC}\n" \ No newline at end of file +printf >&2 "${GREEN}Update finished!${NC}\n"