From 52740271d95c089e33b0416cefc997b27ea25644 Mon Sep 17 00:00:00 2001 From: wh1te909 Date: Thu, 26 Oct 2023 01:08:52 +0000 Subject: [PATCH] nginx updates and python 3.11.6 --- .github/workflows/ci-tests.yml | 2 +- ansible/roles/trmm_dev/defaults/main.yml | 4 +- install.sh | 6 +- restore.sh | 124 ++++++++++++++++-- update.sh | 158 ++++++++++++++++------- 5 files changed, 233 insertions(+), 61 deletions(-) diff --git a/.github/workflows/ci-tests.yml b/.github/workflows/ci-tests.yml index 4acfc488..2b2ca209 100644 --- a/.github/workflows/ci-tests.yml +++ b/.github/workflows/ci-tests.yml @@ -14,7 +14,7 @@ jobs: name: Tests strategy: matrix: - python-version: ["3.11.4"] + python-version: ["3.11.6"] steps: - uses: actions/checkout@v3 diff --git a/ansible/roles/trmm_dev/defaults/main.yml b/ansible/roles/trmm_dev/defaults/main.yml index 4c20167f..e5b4a15f 100644 --- a/ansible/roles/trmm_dev/defaults/main.yml +++ b/ansible/roles/trmm_dev/defaults/main.yml @@ -1,7 +1,7 @@ --- user: "tactical" -python_ver: "3.11.4" -go_ver: "1.20.4" +python_ver: "3.11.6" +go_ver: "1.20.7" backend_repo: "https://github.com/amidaware/tacticalrmm.git" frontend_repo: "https://github.com/amidaware/tacticalrmm-web.git" scripts_repo: "https://github.com/amidaware/community-scripts.git" diff --git a/install.sh b/install.sh index 49a61a0d..5dce5be9 100644 --- a/install.sh +++ b/install.sh @@ -29,7 +29,7 @@ RED='\033[0;31m' NC='\033[0m' SCRIPTS_DIR='/opt/trmm-community-scripts' -PYTHON_VER='3.11.4' +PYTHON_VER='3.11.6' SETTINGS_FILE='/rmm/api/tacticalrmm/tacticalrmm/settings.py' local_settings='/rmm/api/tacticalrmm/tacticalrmm/local_settings.py' @@ -292,8 +292,8 @@ sudo make altinstall cd ~ sudo rm -rf Python-${PYTHON_VER} Python-${PYTHON_VER}.tgz -print_green 'Installing redis and git' -sudo apt install -y ca-certificates redis git weasyprint +print_green 'Installing redis git and weasyprint' +sudo apt install -y redis git weasyprint print_green 'Installing postgresql' diff --git a/restore.sh b/restore.sh index 09f973ff..90734319 100755 --- a/restore.sh +++ b/restore.sh @@ -13,7 +13,7 @@ RED='\033[0;31m' NC='\033[0m' SCRIPTS_DIR='/opt/trmm-community-scripts' -PYTHON_VER='3.11.4' +PYTHON_VER='3.11.6' SETTINGS_FILE='/rmm/api/tacticalrmm/tacticalrmm/settings.py' TMP_FILE=$(mktemp -p "" "rmmrestore_XXXXXXXXXX") @@ -183,11 +183,6 @@ for i in sites-available sites-enabled; do sudo mkdir -p /etc/nginx/$i done -for i in rmm frontend meshcentral; do - sudo cp ${tmp_dir}/nginx/${i}.conf /etc/nginx/sites-available/ - sudo ln -s /etc/nginx/sites-available/${i}.conf /etc/nginx/sites-enabled/${i}.conf -done - print_green 'Restoring certbot' sudo apt install -y software-properties-common @@ -256,8 +251,8 @@ sudo make altinstall cd ~ sudo rm -rf Python-${PYTHON_VER} Python-${PYTHON_VER}.tgz -print_green 'Installing redis and git' -sudo apt install -y redis git +print_green 'Installing redis, git and weasyprint' +sudo apt install -y redis git weasyprint print_green 'Installing postgresql' @@ -430,6 +425,7 @@ pip install --no-cache-dir --upgrade pip pip install --no-cache-dir setuptools==${SETUPTOOLS_VER} wheel==${WHEEL_VER} pip install --no-cache-dir -r /rmm/api/tacticalrmm/requirements.txt python manage.py migrate +python manage.py generate_json_schemas python manage.py collectstatic --no-input python manage.py create_natsapi_conf python manage.py create_uwsgi_conf @@ -437,9 +433,12 @@ python manage.py reload_nats python manage.py post_update_tasks API=$(python manage.py get_config api) WEB_VERSION=$(python manage.py get_config webversion) +FRONTEND=$(python manage.py get_config webdomain) webdomain=$(python manage.py get_config webdomain) meshdomain=$(python manage.py get_config meshdomain) WEBTAR_URL=$(python manage.py get_webtar_url) +CERT_PUB_KEY=$(python manage.py get_config certfile) +CERT_PRIV_KEY=$(python manage.py get_config keyfile) deactivate print_green 'Restoring hosts file' @@ -450,6 +449,115 @@ if grep -q manage_etc_hosts /etc/hosts; then sudo systemctl restart cloud-init >/dev/null fi +print_green 'Restoring nginx configs' + +for i in frontend meshcentral; do + sudo cp ${tmp_dir}/nginx/${i}.conf /etc/nginx/sites-available/ + sudo ln -s /etc/nginx/sites-available/${i}.conf /etc/nginx/sites-enabled/${i}.conf +done + +if ! grep -q "location /assets/" $tmp_dir/nginx/rmm.conf; then + if [ -d "${tmp_dir}/certs/selfsigned" ]; then + CERT_PUB_KEY="${certdir}/cert.pem" + CERT_PRIV_KEY="${certdir}/key.pem" + fi + nginxrmm="$( + cat </dev/null +else + sudo cp ${tmp_dir}/nginx/rmm.conf /etc/nginx/sites-available/ +fi +sudo ln -s /etc/nginx/sites-available/rmm.conf /etc/nginx/sites-enabled/rmm.conf + HAS_11=$(grep 127.0.1.1 /etc/hosts) if [[ $HAS_11 ]]; then sudo sed -i "/127.0.1.1/s/$/ ${API} ${webdomain} ${meshdomain}/" /etc/hosts diff --git a/update.sh b/update.sh index a43cad12..65d2a6ac 100644 --- a/update.sh +++ b/update.sh @@ -10,7 +10,7 @@ NC='\033[0m' THIS_SCRIPT=$(readlink -f "$0") SCRIPTS_DIR='/opt/trmm-community-scripts' -PYTHON_VER='3.11.4' +PYTHON_VER='3.11.6' SETTINGS_FILE='/rmm/api/tacticalrmm/tacticalrmm/settings.py' TMP_FILE=$(mktemp -p "" "rmmupdate_XXXXXXXXXX") @@ -102,45 +102,6 @@ EOF sudo systemctl daemon-reload fi -rmmconf='/etc/nginx/sites-available/rmm.conf' -CHECK_NATS_WEBSOCKET=$(grep natsws $rmmconf) -if ! [[ $CHECK_NATS_WEBSOCKET ]]; then - echo "Adding nats websocket to nginx config" - echo "$(awk ' - /location \/ {/ { - print " location ~ ^/natsws {" - print " proxy_pass http://127.0.0.1:9235;" - print " proxy_http_version 1.1;" - print " proxy_set_header Host $host;" - print " proxy_set_header Upgrade $http_upgrade;" - print " proxy_set_header Connection \"upgrade\";" - print " proxy_set_header X-Forwarded-Host $host:$server_port;" - print " proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" - print " proxy_set_header X-Forwarded-Proto $scheme;" - print " }" - print "\n" - } - { print } - ' $rmmconf)" | sudo tee $rmmconf >/dev/null -fi - -front_end=$(/rmm/api/env/bin/python /rmm/api/tacticalrmm/manage.py get_config webdomain) -CHECK_ASSETS_NGINX=$(grep assets $rmmconf) -if ! [[ $CHECK_ASSETS_NGINX ]]; then - echo "Adding assets to nginx config" - echo "$(awk ' - /location \/ {/ { - print " location /assets/ {" - print " internal;" - print " add_header 'Access-Control-Allow-Origin' 'https://${front_end}';" - print " alias /opt/tactical/reporting/assets/;" - print " }" - print "\n" - } - { print } - ' $rmmconf)" | sudo tee $rmmconf >/dev/null -fi - printf >&2 "${GREEN}Stopping celery and celerybeat services (this might take a while)...${NC}\n" for i in celerybeat celery; do sudo systemctl stop ${i} @@ -212,13 +173,6 @@ if ! [[ $CHECK_NGINX_NOLIMIT ]]; then /' $nginxdefaultconf fi -backend_conf='/etc/nginx/sites-available/rmm.conf' -CHECK_NGINX_REUSEPORT=$(grep reuseport $backend_conf) -if ! [[ $CHECK_NGINX_REUSEPORT ]]; then - printf >&2 "${GREEN}Setting nginx reuseport${NC}\n" - sudo sed -i 's/listen 443 ssl;/listen 443 ssl reuseport;/g' $backend_conf -fi - sudo sed -i 's/# server_names_hash_bucket_size.*/server_names_hash_bucket_size 64;/g' $nginxdefaultconf if ! sudo nginx -t >/dev/null 2>&1; then @@ -245,6 +199,11 @@ if ! [[ $HAS_PY311 ]]; then sudo rm -rf Python-${PYTHON_VER} Python-${PYTHON_VER}.tgz fi +HAS_WEASYPRINT=$(dpkg -l | grep weasyprint) +if ! [[ $HAS_WEASYPRINT ]]; then + sudo apt install -y weasyprint +fi + arch=$(uname -m) nats_server='/usr/local/bin/nats-server' @@ -391,6 +350,8 @@ WEB_VERSION=$(python manage.py get_config webversion) FRONTEND=$(python manage.py get_config webdomain) MESHDOMAIN=$(python manage.py get_config meshdomain) WEBTAR_URL=$(python manage.py get_webtar_url) +CERT_PUB_KEY=$(python manage.py get_config certfile) +CERT_PRIV_KEY=$(python manage.py get_config keyfile) deactivate if grep -q manage_etc_hosts /etc/hosts; then @@ -401,6 +362,109 @@ if grep -q manage_etc_hosts /etc/hosts; then fi fi +rmmconf='/etc/nginx/sites-available/rmm.conf' +if ! grep -q "location /assets/" $rmmconf; then + printf >&2 "${YELLOW}WARNING!!!!\n\n" + printf >&2 "${rmmconf} will now be replaced due to changes needed for this update.\n\n" + printf >&2 "A backup of the existing config will be created in your home directory at ~/rmm.conf.nginx.bak\n\n" + printf >&2 "If you have made any custom or unsupported changes to this file please add them back in after this update.\n\n" + read -n 1 -s -r -p "Press any key to confirm you have read the above and continue..." + printf >&2 "\n${NC}\n" + cp $rmmconf ~/rmm.conf.nginx.bak + nginxrmm="$( + cat </dev/null +fi + CHECK_HOSTS=$(grep 127.0.1.1 /etc/hosts | grep "$API" | grep "$FRONTEND" | grep "$MESHDOMAIN") HAS_11=$(grep 127.0.1.1 /etc/hosts)