update configs/scripts and add migration docs for 0.3.0
This commit is contained in:
wh1te909
parent
816d32edad
commit
f8bd5b5b4e
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
SCRIPT_VERSION="5"
|
||||
SCRIPT_VERSION="6"
|
||||
SCRIPT_URL='https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/backup.sh'
|
||||
|
||||
GREEN='\033[0;32m'
|
||||
|
|
@ -83,7 +83,7 @@ sudo tar -czvf ${tmp_dir}/nginx/etc-nginx.tar.gz -C /etc/nginx .
|
|||
|
||||
sudo tar -czvf ${tmp_dir}/confd/etc-confd.tar.gz -C /etc/conf.d .
|
||||
|
||||
sudo cp ${sysd}/rmm.service ${sysd}/celery.service ${sysd}/celerybeat.service ${sysd}/celery-winupdate.service ${sysd}/meshcentral.service ${sysd}/nats.service ${tmp_dir}/systemd/
|
||||
sudo cp ${sysd}/rmm.service ${sysd}/celery.service ${sysd}/celerybeat.service ${sysd}/celery-winupdate.service ${sysd}/meshcentral.service ${sysd}/nats.service ${sysd}/natsapi.service ${tmp_dir}/systemd/
|
||||
|
||||
cat /rmm/api/tacticalrmm/tacticalrmm/private/log/debug.log | gzip -9 > ${tmp_dir}/rmm/debug.log.gz
|
||||
cp /rmm/api/tacticalrmm/tacticalrmm/local_settings.py /rmm/api/tacticalrmm/app.ini ${tmp_dir}/rmm/
|
||||
|
|
|
|||
|
|
@ -0,0 +1,254 @@
|
|||
### Upgrading to Tactical RMM 0.3.0
|
||||
- Some of these steps may not apply to you depending on when you installed but please go through all of them just to make sure you have all.
|
||||
|
||||
1. stop all services
|
||||
```bash
|
||||
for i in salt-master salt-api rmm celery celerybeat celery-winupdate meshcentral nginx; do sudo systemctl stop $i; done
|
||||
```
|
||||
|
||||
2. Edit `/etc/nginx/sites-available/rmm.conf` and add the following location block. You can add it right after the `location /builtin/ {...}` block. This file needs to be opened with sudo
|
||||
```bash
|
||||
location ~ ^/(natsapi) {
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
uwsgi_pass tacticalrmm;
|
||||
include /etc/nginx/uwsgi_params;
|
||||
uwsgi_read_timeout 500s;
|
||||
uwsgi_ignore_client_abort on;
|
||||
}
|
||||
```
|
||||
|
||||
Add the following to the top of the file right under the `upstream tacticalrmm {...}` block
|
||||
```bash
|
||||
map $http_user_agent $ignore_ua {
|
||||
"~python-requests.*" 0;
|
||||
"~go-resty.*" 0;
|
||||
default 1;
|
||||
}
|
||||
```
|
||||
|
||||
Look for this line
|
||||
```bash
|
||||
access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log;
|
||||
```
|
||||
and change to
|
||||
```bash
|
||||
access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log combined if=$ignore_ua;
|
||||
```
|
||||
|
||||
Example of what entire file should look like:
|
||||
```bash
|
||||
server_tokens off;
|
||||
|
||||
upstream tacticalrmm {
|
||||
server unix:////rmm/api/tacticalrmm/tacticalrmm.sock;
|
||||
}
|
||||
|
||||
map $http_user_agent $ignore_ua {
|
||||
"~python-requests.*" 0;
|
||||
"~go-resty.*" 0;
|
||||
default 1;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name api.EXAMPLE.com;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name api.yourdomain.com;
|
||||
client_max_body_size 300M;
|
||||
access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log combined if=$ignore_ua;
|
||||
error_log /rmm/api/tacticalrmm/tacticalrmm/private/log/error.log;
|
||||
ssl_certificate /etc/letsencrypt/live/EXAMPLE.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.com/privkey.pem;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
|
||||
|
||||
location /static/ {
|
||||
root /rmm/api/tacticalrmm;
|
||||
}
|
||||
|
||||
location /private/ {
|
||||
internal;
|
||||
add_header "Access-Control-Allow-Origin" "https://rmm.EXAMPLE.com";
|
||||
alias /rmm/api/tacticalrmm/tacticalrmm/private/;
|
||||
}
|
||||
|
||||
location /saltscripts/ {
|
||||
internal;
|
||||
add_header "Access-Control-Allow-Origin" "https://rmm.EXAMPLE.com";
|
||||
alias /srv/salt/scripts/userdefined/;
|
||||
}
|
||||
|
||||
location /builtin/ {
|
||||
internal;
|
||||
add_header "Access-Control-Allow-Origin" "https://rmm.EXAMPLE.com";
|
||||
alias /srv/salt/scripts/;
|
||||
}
|
||||
|
||||
location ~ ^/(natsapi) {
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
uwsgi_pass tacticalrmm;
|
||||
include /etc/nginx/uwsgi_params;
|
||||
uwsgi_read_timeout 9999s;
|
||||
uwsgi_ignore_client_abort on;
|
||||
}
|
||||
|
||||
location / {
|
||||
uwsgi_pass tacticalrmm;
|
||||
include /etc/nginx/uwsgi_params;
|
||||
uwsgi_read_timeout 9999s;
|
||||
uwsgi_ignore_client_abort on;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
3. Edit `/etc/nginx/sites-available/meshcentral.conf` and change to match the example below. Don't forget to replace `mesh.EXAMPLE.COM` with your mesh domain. This file needs to be opened with sudo
|
||||
```bash
|
||||
server {
|
||||
listen 80;
|
||||
server_name mesh.EXAMPLE.com;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
proxy_send_timeout 330s;
|
||||
proxy_read_timeout 330s;
|
||||
server_name mesh.tacticaltechs.com;
|
||||
ssl_certificate /etc/letsencrypt/live/EXAMPLE.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/EXAMPLE.com/privkey.pem;
|
||||
ssl_session_cache shared:WEBSSL:10m;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:4430/;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_set_header Host $host; ## this line is new
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
4. Edit `/meshcentral/meshcentral-data/config.json` and change to match the example below. Replace `mesh.example.com` with your mesh domain.
|
||||
```
|
||||
{
|
||||
"settings": {
|
||||
"Cert": "mesh.example.com",
|
||||
"MongoDb": "mongodb://127.0.0.1:27017",
|
||||
"MongoDbName": "meshcentral",
|
||||
"WANonly": true,
|
||||
"Minify": 1,
|
||||
"Port": 4430,
|
||||
"AliasPort": 443,
|
||||
"RedirPort": 800,
|
||||
"AllowLoginToken": true,
|
||||
"AllowFraming": true,
|
||||
"_AgentPing": 60,
|
||||
"AgentPong": 200,
|
||||
"AllowHighQualityDesktop": true,
|
||||
"TlsOffload": "127.0.0.1",
|
||||
"agentCoreDump": false,
|
||||
"Compression": true,
|
||||
"WsCompression": true,
|
||||
"AgentWsCompression": true,
|
||||
"MaxInvalidLogin": { "time": 5, "count": 5, "coolofftime": 30 }
|
||||
},
|
||||
"domains": {
|
||||
"": {
|
||||
"Title": "Tactical RMM",
|
||||
"Title2": "Tactical RMM",
|
||||
"NewAccounts": false,
|
||||
"CertUrl": "https://mesh.example.com:443/",
|
||||
"GeoLocation": true,
|
||||
"CookieIpCheck": false,
|
||||
"mstsc": true
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
5. Replace `/rmm/api/tacticalrmm/app.ini` with the following:
|
||||
```bash
|
||||
[uwsgi]
|
||||
|
||||
chdir = /rmm/api/tacticalrmm
|
||||
module = tacticalrmm.wsgi
|
||||
home = /rmm/api/env
|
||||
master = true
|
||||
processes = 6
|
||||
threads = 6
|
||||
enable-threads = True
|
||||
socket = /rmm/api/tacticalrmm/tacticalrmm.sock
|
||||
harakiri = 300
|
||||
chmod-socket = 666
|
||||
# clear environment on exit
|
||||
vacuum = true
|
||||
die-on-term = true
|
||||
max-requests = 500
|
||||
max-requests-delta = 1000
|
||||
```
|
||||
|
||||
6. Replace `/etc/salt/master.d/rmm-salt.conf` with the following. This file needs to be opened with sudo
|
||||
```
|
||||
timeout: 20
|
||||
gather_job_timeout: 25
|
||||
max_event_size: 30485760
|
||||
external_auth:
|
||||
pam:
|
||||
saltapi:
|
||||
- .*
|
||||
- '@runner'
|
||||
- '@wheel'
|
||||
- '@jobs'
|
||||
|
||||
rest_cherrypy:
|
||||
port: 8123
|
||||
disable_ssl: True
|
||||
max_request_body_size: 30485760
|
||||
```
|
||||
|
||||
7. Edit `/etc/conf.d/celery.conf` and `/etc/conf.d/celery-winupdate.conf` and change
|
||||
```
|
||||
CELERYD_LOG_LEVEL="INFO"
|
||||
```
|
||||
to
|
||||
```
|
||||
CELERYD_LOG_LEVEL="ERROR"
|
||||
```
|
||||
|
||||
8. Clear log files
|
||||
```bash
|
||||
baselog="/rmm/api/tacticalrmm/tacticalrmm/private/log"
|
||||
for i in ${baselog}/access.log ${baselog}/error.log ${baselog}/debug.log ${baselog}/uwsgi.log; do sudo rm -f $i; done
|
||||
sudo rm -f /var/log/celery/*
|
||||
```
|
||||
|
||||
9. Verify nginx syntax is correct. If any errors check steps above and fix nginx configs
|
||||
```
|
||||
sudo nginx -t
|
||||
```
|
||||
|
||||
10. Start services
|
||||
```bash
|
||||
for i in rmm celery celerybeat celery-winupdate salt-master salt-api nginx meshcentral; do sudo systemctl start $i; done
|
||||
```
|
||||
|
||||
11. Delete whatever `update.sh` script you currently have and download the latest one and run it
|
||||
```bash
|
||||
wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh
|
||||
chmod +x update.sh
|
||||
./update.sh
|
||||
```
|
||||
|
||||
|
||||
|
||||
76
install.sh
76
install.sh
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
SCRIPT_VERSION="32"
|
||||
SCRIPT_VERSION="33"
|
||||
SCRIPT_URL='https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/install.sh'
|
||||
|
||||
sudo apt install -y curl wget
|
||||
|
|
@ -193,9 +193,9 @@ print_green 'Installing golang'
|
|||
|
||||
sudo mkdir -p /usr/local/rmmgo
|
||||
go_tmp=$(mktemp -d -t rmmgo-XXXXXXXXXX)
|
||||
wget https://golang.org/dl/go1.15.5.linux-amd64.tar.gz -P ${go_tmp}
|
||||
wget https://golang.org/dl/go1.15.6.linux-amd64.tar.gz -P ${go_tmp}
|
||||
|
||||
tar -xzf ${go_tmp}/go1.15.5.linux-amd64.tar.gz -C ${go_tmp}
|
||||
tar -xzf ${go_tmp}/go1.15.6.linux-amd64.tar.gz -C ${go_tmp}
|
||||
|
||||
sudo mv ${go_tmp}/go /usr/local/rmmgo/
|
||||
rm -rf ${go_tmp}
|
||||
|
|
@ -216,6 +216,7 @@ print_green 'Installing Nginx'
|
|||
|
||||
sudo apt install -y nginx
|
||||
sudo systemctl stop nginx
|
||||
sudo sed -i 's/worker_connections.*/worker_connections 2048;/g' /etc/nginx/nginx.conf
|
||||
|
||||
print_green 'Installing NodeJS'
|
||||
|
||||
|
|
@ -294,6 +295,10 @@ meshcfg="$(cat << EOF
|
|||
"AgentPong": 300,
|
||||
"AllowHighQualityDesktop": true,
|
||||
"TlsOffload": "127.0.0.1",
|
||||
"agentCoreDump": false,
|
||||
"Compression": true,
|
||||
"WsCompression": true,
|
||||
"AgentWsCompression": true,
|
||||
"MaxInvalidLogin": { "time": 5, "count": 5, "coolofftime": 30 }
|
||||
},
|
||||
"domains": {
|
||||
|
|
@ -369,6 +374,10 @@ sudo cp /rmm/api/tacticalrmm/core/goinstaller/bin/goversioninfo /usr/local/bin/
|
|||
sudo chown ${USER}:${USER} /usr/local/bin/goversioninfo
|
||||
sudo chmod +x /usr/local/bin/goversioninfo
|
||||
|
||||
sudo cp /rmm/natsapi/bin/nats-api /usr/local/bin
|
||||
sudo chown ${USER}:${USER} /usr/local/bin/nats-api
|
||||
sudo chmod +x /usr/local/bin/nats-api
|
||||
|
||||
print_green 'Installing the backend'
|
||||
|
||||
cd /rmm/api
|
||||
|
|
@ -376,7 +385,7 @@ python3 -m venv env
|
|||
source /rmm/api/env/bin/activate
|
||||
cd /rmm/api/tacticalrmm
|
||||
pip install --no-cache-dir --upgrade pip
|
||||
pip install --no-cache-dir setuptools==50.3.2 wheel==0.36.1
|
||||
pip install --no-cache-dir setuptools==51.1.2 wheel==0.36.2
|
||||
pip install --no-cache-dir -r /rmm/api/tacticalrmm/requirements.txt
|
||||
python manage.py migrate
|
||||
python manage.py collectstatic --no-input
|
||||
|
|
@ -463,6 +472,25 @@ EOF
|
|||
)"
|
||||
echo "${natsservice}" | sudo tee /etc/systemd/system/nats.service > /dev/null
|
||||
|
||||
natsapi="$(cat << EOF
|
||||
[Unit]
|
||||
Description=Tactical NATS API
|
||||
After=network.target rmm.service nginx.service nats.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/local/bin/nats-api
|
||||
User=${USER}
|
||||
Group=${USER}
|
||||
Restart=always
|
||||
RestartSec=5s
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${natsapi}" | sudo tee /etc/systemd/system/natsapi.service > /dev/null
|
||||
|
||||
|
||||
nginxrmm="$(cat << EOF
|
||||
server_tokens off;
|
||||
|
|
@ -520,7 +548,7 @@ server {
|
|||
deny all;
|
||||
uwsgi_pass tacticalrmm;
|
||||
include /etc/nginx/uwsgi_params;
|
||||
uwsgi_read_timeout 9999s;
|
||||
uwsgi_read_timeout 500s;
|
||||
uwsgi_ignore_client_abort on;
|
||||
}
|
||||
|
||||
|
|
@ -581,8 +609,8 @@ echo 'deb http://repo.saltstack.com/py3/'$osname'/'$fullrelno'/amd64/latest '$co
|
|||
sudo apt update
|
||||
sudo apt install -y salt-master
|
||||
|
||||
print_green 'Waiting 30 seconds for salt to start'
|
||||
sleep 30
|
||||
print_green 'Waiting 10 seconds for salt to start'
|
||||
sleep 10
|
||||
|
||||
saltvars="$(cat << EOF
|
||||
timeout: 20
|
||||
|
|
@ -618,7 +646,7 @@ sudo mkdir /etc/conf.d
|
|||
|
||||
celeryservice="$(cat << EOF
|
||||
[Unit]
|
||||
Description=Celery Service
|
||||
Description=Celery Service V2
|
||||
After=network.target redis-server.service postgresql.service
|
||||
|
||||
[Service]
|
||||
|
|
@ -627,9 +655,9 @@ User=${USER}
|
|||
Group=${USER}
|
||||
EnvironmentFile=/etc/conf.d/celery.conf
|
||||
WorkingDirectory=/rmm/api/tacticalrmm
|
||||
ExecStart=/bin/sh -c '\${CELERY_BIN} multi start \${CELERYD_NODES} -A \${CELERY_APP} --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL} \${CELERYD_OPTS}'
|
||||
ExecStop=/bin/sh -c '\${CELERY_BIN} multi stopwait \${CELERYD_NODES} --pidfile=\${CELERYD_PID_FILE}'
|
||||
ExecReload=/bin/sh -c '\${CELERY_BIN} multi restart \${CELERYD_NODES} -A \${CELERY_APP} --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL} \${CELERYD_OPTS}'
|
||||
ExecStart=/bin/sh -c '\${CELERY_BIN} -A \$CELERY_APP multi start \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel="\${CELERYD_LOG_LEVEL}" \$CELERYD_OPTS'
|
||||
ExecStop=/bin/sh -c '\${CELERY_BIN} multi stopwait \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --loglevel="\${CELERYD_LOG_LEVEL}"'
|
||||
ExecReload=/bin/sh -c '\${CELERY_BIN} -A \$CELERY_APP multi restart \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel="\${CELERYD_LOG_LEVEL}" \$CELERYD_OPTS'
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
|
||||
|
|
@ -662,7 +690,7 @@ echo "${celeryconf}" | sudo tee /etc/conf.d/celery.conf > /dev/null
|
|||
|
||||
celerywinupdatesvc="$(cat << EOF
|
||||
[Unit]
|
||||
Description=Celery WinUpdate Service
|
||||
Description=Celery WinUpdate Service V2
|
||||
After=network.target redis-server.service postgresql.service
|
||||
|
||||
[Service]
|
||||
|
|
@ -671,9 +699,9 @@ User=${USER}
|
|||
Group=${USER}
|
||||
EnvironmentFile=/etc/conf.d/celery-winupdate.conf
|
||||
WorkingDirectory=/rmm/api/tacticalrmm
|
||||
ExecStart=/bin/sh -c '\${CELERY_BIN} multi start \${CELERYD_NODES} -A \${CELERY_APP} --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL} -Q wupdate \${CELERYD_OPTS}'
|
||||
ExecStop=/bin/sh -c '\${CELERY_BIN} multi stopwait \${CELERYD_NODES} --pidfile=\${CELERYD_PID_FILE}'
|
||||
ExecReload=/bin/sh -c '\${CELERY_BIN} multi restart \${CELERYD_NODES} -A \${CELERY_APP} --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL} -Q wupdate \${CELERYD_OPTS}'
|
||||
ExecStart=/bin/sh -c '\${CELERY_BIN} -A \$CELERY_APP multi start \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel="\${CELERYD_LOG_LEVEL}" -Q wupdate \$CELERYD_OPTS'
|
||||
ExecStop=/bin/sh -c '\${CELERY_BIN} multi stopwait \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --loglevel="\${CELERYD_LOG_LEVEL}"'
|
||||
ExecReload=/bin/sh -c '\${CELERY_BIN} -A \$CELERY_APP multi restart \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel="\${CELERYD_LOG_LEVEL}" -Q wupdate \$CELERYD_OPTS'
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
|
||||
|
|
@ -701,7 +729,7 @@ echo "${celerywinupdate}" | sudo tee /etc/conf.d/celery-winupdate.conf > /dev/nu
|
|||
|
||||
celerybeatservice="$(cat << EOF
|
||||
[Unit]
|
||||
Description=Celery Beat Service
|
||||
Description=Celery Beat Service V2
|
||||
After=network.target redis-server.service postgresql.service
|
||||
|
||||
[Service]
|
||||
|
|
@ -710,7 +738,7 @@ User=${USER}
|
|||
Group=${USER}
|
||||
EnvironmentFile=/etc/conf.d/celery.conf
|
||||
WorkingDirectory=/rmm/api/tacticalrmm
|
||||
ExecStart=/bin/sh -c '\${CELERY_BIN} beat -A \${CELERY_APP} --pidfile=\${CELERYBEAT_PID_FILE} --logfile=\${CELERYBEAT_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL}'
|
||||
ExecStart=/bin/sh -c '\${CELERY_BIN} -A \${CELERY_APP} beat --pidfile=\${CELERYBEAT_PID_FILE} --logfile=\${CELERYBEAT_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL}'
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
|
||||
|
|
@ -816,10 +844,11 @@ sudo ln -s /etc/nginx/sites-available/frontend.conf /etc/nginx/sites-enabled/fro
|
|||
|
||||
print_green 'Enabling Services'
|
||||
|
||||
for i in nginx celery.service celerybeat.service celery-winupdate.service rmm.service
|
||||
for i in rmm.service celery.service celerybeat.service celery-winupdate.service nginx
|
||||
do
|
||||
sudo systemctl enable ${i}
|
||||
sudo systemctl restart ${i}
|
||||
sudo systemctl stop ${i}
|
||||
sudo systemctl start ${i}
|
||||
done
|
||||
sleep 5
|
||||
sudo systemctl enable meshcentral
|
||||
|
|
@ -883,14 +912,15 @@ sudo systemctl start nats.service
|
|||
|
||||
|
||||
print_green 'Restarting services'
|
||||
for i in celery.service celerybeat.service celery-winupdate.service rmm.service
|
||||
for i in rmm.service celery.service celerybeat.service celery-winupdate.service natsapi.service
|
||||
do
|
||||
sudo systemctl restart ${i}
|
||||
sudo systemctl stop ${i}
|
||||
sudo systemctl start ${i}
|
||||
done
|
||||
|
||||
print_green 'Restarting salt-master and waiting 30 seconds'
|
||||
print_green 'Restarting salt-master and waiting 10 seconds'
|
||||
sudo systemctl restart salt-master
|
||||
sleep 30
|
||||
sleep 10
|
||||
sudo systemctl restart salt-api
|
||||
|
||||
printf >&2 "${YELLOW}%0.s*${NC}" {1..80}
|
||||
|
|
|
|||
25
restore.sh
25
restore.sh
|
|
@ -7,7 +7,7 @@ pgpw="hunter2"
|
|||
|
||||
#####################################################
|
||||
|
||||
SCRIPT_VERSION="11"
|
||||
SCRIPT_VERSION="12"
|
||||
SCRIPT_URL='https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/restore.sh'
|
||||
|
||||
sudo apt install -y curl wget
|
||||
|
|
@ -127,6 +127,7 @@ sudo systemctl stop nginx
|
|||
sudo rm -rf /etc/nginx
|
||||
sudo mkdir /etc/nginx
|
||||
sudo tar -xzf $tmp_dir/nginx/etc-nginx.tar.gz -C /etc/nginx
|
||||
sudo sed -i 's/worker_connections.*/worker_connections 2048;/g' /etc/nginx/nginx.conf
|
||||
rmmdomain=$(grep server_name /etc/nginx/sites-available/rmm.conf | grep -v 301 | head -1 | tr -d " \t" | sed 's/.*server_name//' | tr -d ';')
|
||||
frontenddomain=$(grep server_name /etc/nginx/sites-available/frontend.conf | grep -v 301 | head -1 | tr -d " \t" | sed 's/.*server_name//' | tr -d ';')
|
||||
meshdomain=$(grep server_name /etc/nginx/sites-available/meshcentral.conf | grep -v 301 | head -1 | tr -d " \t" | sed 's/.*server_name//' | tr -d ';')
|
||||
|
|
@ -242,12 +243,16 @@ sudo cp /rmm/api/tacticalrmm/core/goinstaller/bin/goversioninfo /usr/local/bin/
|
|||
sudo chown ${USER}:${USER} /usr/local/bin/goversioninfo
|
||||
sudo chmod +x /usr/local/bin/goversioninfo
|
||||
|
||||
sudo cp /rmm/natsapi/bin/nats-api /usr/local/bin
|
||||
sudo chown ${USER}:${USER} /usr/local/bin/nats-api
|
||||
sudo chmod +x /usr/local/bin/nats-api
|
||||
|
||||
cd /rmm/api
|
||||
python3 -m venv env
|
||||
source /rmm/api/env/bin/activate
|
||||
cd /rmm/api/tacticalrmm
|
||||
pip install --no-cache-dir --upgrade pip
|
||||
pip install --no-cache-dir setuptools==50.3.2 wheel==0.36.1
|
||||
pip install --no-cache-dir setuptools==51.1.2 wheel==0.36.2
|
||||
pip install --no-cache-dir -r /rmm/api/tacticalrmm/requirements.txt
|
||||
python manage.py collectstatic --no-input
|
||||
python manage.py reload_nats
|
||||
|
|
@ -256,7 +261,6 @@ deactivate
|
|||
sudo systemctl enable nats.service
|
||||
sudo systemctl start nats.service
|
||||
|
||||
|
||||
print_green 'Installing Salt Master'
|
||||
|
||||
wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
|
||||
|
|
@ -265,8 +269,8 @@ echo 'deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main' |
|
|||
sudo apt update
|
||||
sudo apt install -y salt-master
|
||||
|
||||
print_green 'Waiting 30 seconds for salt to start'
|
||||
sleep 30
|
||||
print_green 'Waiting 10 seconds for salt to start'
|
||||
sleep 10
|
||||
|
||||
print_green 'Installing Salt API'
|
||||
sudo apt install -y salt-api
|
||||
|
|
@ -320,7 +324,8 @@ sudo systemctl daemon-reload
|
|||
for i in celery.service celerybeat.service celery-winupdate.service rmm.service nginx
|
||||
do
|
||||
sudo systemctl enable ${i}
|
||||
sudo systemctl restart ${i}
|
||||
sudo systemctl stop ${i}
|
||||
sudo systemctl start ${i}
|
||||
done
|
||||
sleep 5
|
||||
|
||||
|
|
@ -328,9 +333,13 @@ print_green 'Starting meshcentral'
|
|||
sudo systemctl enable meshcentral
|
||||
sudo systemctl start meshcentral
|
||||
|
||||
print_green 'Restarting salt and waiting 30 seconds'
|
||||
print_green 'Starting natsapi'
|
||||
sudo systemctl enable natsapi.service
|
||||
sudo systemctl start natsapi.service
|
||||
|
||||
print_green 'Restarting salt and waiting 10 seconds'
|
||||
sudo systemctl restart salt-master
|
||||
sleep 30
|
||||
sleep 10
|
||||
sudo systemctl restart salt-api
|
||||
|
||||
printf >&2 "${YELLOW}%0.s*${NC}" {1..80}
|
||||
|
|
|
|||
192
update.sh
192
update.sh
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
SCRIPT_VERSION="101"
|
||||
SCRIPT_VERSION="102"
|
||||
SCRIPT_URL='https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh'
|
||||
LATEST_SETTINGS_URL='https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/api/tacticalrmm/tacticalrmm/settings.py'
|
||||
YELLOW='\033[1;33m'
|
||||
|
|
@ -35,6 +35,113 @@ if [ "$ORIGUSER" != "$USER" ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
CHECK_030_MIGRATION=$(grep natsapi /etc/nginx/sites-available/rmm.conf)
|
||||
if ! [[ $CHECK_030_MIGRATION ]]; then
|
||||
printf >&2 "${RED}Manual configuration changes required before continuing.${NC}\n"
|
||||
printf >&2 "${RED}Please follow the steps here and then re-run this update script.${NC}\n"
|
||||
printf >&2 "${GREEN}https://github.com/wh1te909/tacticalrmm/blob/develop/docs/migration-0.3.0.md${NC}\n"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
CHECK_CELERY_V2=$(grep V2 /etc/systemd/system/celery.service)
|
||||
if ! [[ $CHECK_CELERY_V2 ]]; then
|
||||
printf >&2 "${GREEN}Updating celery.service${NC}\n"
|
||||
sudo systemctl stop celery.service
|
||||
sudo rm -f /etc/systemd/system/celery.service
|
||||
|
||||
celeryservice="$(cat << EOF
|
||||
[Unit]
|
||||
Description=Celery Service V2
|
||||
After=network.target redis-server.service postgresql.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
User=${USER}
|
||||
Group=${USER}
|
||||
EnvironmentFile=/etc/conf.d/celery.conf
|
||||
WorkingDirectory=/rmm/api/tacticalrmm
|
||||
ExecStart=/bin/sh -c '\${CELERY_BIN} -A \$CELERY_APP multi start \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel="\${CELERYD_LOG_LEVEL}" \$CELERYD_OPTS'
|
||||
ExecStop=/bin/sh -c '\${CELERY_BIN} multi stopwait \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --loglevel="\${CELERYD_LOG_LEVEL}"'
|
||||
ExecReload=/bin/sh -c '\${CELERY_BIN} -A \$CELERY_APP multi restart \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel="\${CELERYD_LOG_LEVEL}" \$CELERYD_OPTS'
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${celeryservice}" | sudo tee /etc/systemd/system/celery.service > /dev/null
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable celery.service
|
||||
fi
|
||||
|
||||
CHECK_CELERYBEAT_V2=$(grep V2 /etc/systemd/system/celerybeat.service)
|
||||
if ! [[ $CHECK_CELERYBEAT_V2 ]]; then
|
||||
printf >&2 "${GREEN}Updating celerybeat.service${NC}\n"
|
||||
sudo systemctl stop celerybeat.service
|
||||
sudo rm -f /etc/systemd/system/celerybeat.service
|
||||
|
||||
celerybeatservice="$(cat << EOF
|
||||
[Unit]
|
||||
Description=Celery Beat Service V2
|
||||
After=network.target redis-server.service postgresql.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=${USER}
|
||||
Group=${USER}
|
||||
EnvironmentFile=/etc/conf.d/celery.conf
|
||||
WorkingDirectory=/rmm/api/tacticalrmm
|
||||
ExecStart=/bin/sh -c '\${CELERY_BIN} -A \${CELERY_APP} beat --pidfile=\${CELERYBEAT_PID_FILE} --logfile=\${CELERYBEAT_LOG_FILE} --loglevel=\${CELERYD_LOG_LEVEL}'
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${celerybeatservice}" | sudo tee /etc/systemd/system/celerybeat.service > /dev/null
|
||||
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable celerybeat.service
|
||||
|
||||
fi
|
||||
|
||||
CHECK_CELERYWINUPDATE_V2=$(grep V2 /etc/systemd/system/celery-winupdate.service)
|
||||
if ! [[ $CHECK_CELERYWINUPDATE_V2 ]]; then
|
||||
printf >&2 "${GREEN}Updating celery-winupdate.service${NC}\n"
|
||||
sudo systemctl stop celery-winupdate.service
|
||||
sudo rm -f /etc/systemd/system/celery-winupdate.service
|
||||
|
||||
celerywinupdatesvc="$(cat << EOF
|
||||
[Unit]
|
||||
Description=Celery WinUpdate Service V2
|
||||
After=network.target redis-server.service postgresql.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
User=${USER}
|
||||
Group=${USER}
|
||||
EnvironmentFile=/etc/conf.d/celery-winupdate.conf
|
||||
WorkingDirectory=/rmm/api/tacticalrmm
|
||||
ExecStart=/bin/sh -c '\${CELERY_BIN} -A \$CELERY_APP multi start \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel="\${CELERYD_LOG_LEVEL}" -Q wupdate \$CELERYD_OPTS'
|
||||
ExecStop=/bin/sh -c '\${CELERY_BIN} multi stopwait \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --loglevel="\${CELERYD_LOG_LEVEL}"'
|
||||
ExecReload=/bin/sh -c '\${CELERY_BIN} -A \$CELERY_APP multi restart \$CELERYD_NODES --pidfile=\${CELERYD_PID_FILE} --logfile=\${CELERYD_LOG_FILE} --loglevel="\${CELERYD_LOG_LEVEL}" -Q wupdate \$CELERYD_OPTS'
|
||||
Restart=always
|
||||
RestartSec=10s
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${celerywinupdatesvc}" | sudo tee /etc/systemd/system/celery-winupdate.service > /dev/null
|
||||
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable celery-winupdate.service
|
||||
|
||||
fi
|
||||
|
||||
|
||||
TMP_SETTINGS=$(mktemp -p "" "rmmsettings_XXXXXXXXXX")
|
||||
curl -s -L "${LATEST_SETTINGS_URL}" > ${TMP_SETTINGS}
|
||||
SETTINGS_FILE="/rmm/api/tacticalrmm/tacticalrmm/settings.py"
|
||||
|
|
@ -56,60 +163,18 @@ LATEST_SALT_VER=$(grep "^SALT_MASTER_VER" "$TMP_SETTINGS" | awk -F'[= "]' '{prin
|
|||
CURRENT_PIP_VER=$(grep "^PIP_VER" "$SETTINGS_FILE" | awk -F'[= "]' '{print $5}')
|
||||
CURRENT_NPM_VER=$(grep "^NPM_VER" "$SETTINGS_FILE" | awk -F'[= "]' '{print $5}')
|
||||
|
||||
NEEDS_NATS=false
|
||||
if [ ! -f /etc/systemd/system/nats.service ]; then
|
||||
if [ ! -d /etc/letsencrypt ]; then
|
||||
printf >&2 "${RED}ERROR: no letsencrypt cert detected. The RMM now requires a valid TLS certificate${NC}\n"
|
||||
printf >&2 "${RED}Please send us a message in our discord for instructions on how to proceed, or open a github ticket.${NC}\n"
|
||||
exit 1
|
||||
fi
|
||||
NEEDS_NATS=true
|
||||
fi
|
||||
|
||||
if [ "$NEEDS_NATS" = true ]; then
|
||||
printf "\033c"
|
||||
printf >&2 "\n\n"
|
||||
printf >&2 "${YELLOW}WARNING: BREAKING CHANGES AHEAD${NC}\n\n"
|
||||
printf >&2 "${YELLOW}In order to continue with this update, please open up port 4222 TCP in ufw${NC}\n\n"
|
||||
printf >&2 "${YELLOW}If you are running behind NAT, make sure to also setup the necessary port forwards in your router${NC}\n\n"
|
||||
printf >&2 "${YELLOW}Run the following command to open the port in ufw firewall:\n\n${GREEN}sudo ufw allow proto tcp from any to any port 4222 && sudo ufw reload${NC}\n\n\n"
|
||||
printf >&2 "${YELLOW}Many of your agent functions will stop working until your agents are updated to at least version 1.1.0${NC}\n"
|
||||
printf >&2 "${YELLOW}This will happen shortly after this update completes, as long as you have auto agent updated enabled in Global Settings${NC}\n"
|
||||
printf >&2 "${YELLOW}A background job also runs every hour to auto update agents.\nIf you do not want to wait, you may manually trigger an agent update from the Agents > Update Agents menu in the web ui.${NC}\n\n\n"
|
||||
until [[ "$CONFIRM_NATS" == "yes" ]]; do
|
||||
echo -ne "${RED}If you have not opened port 4222 yet, please Ctrl+C to cancel this script, open the port and then re-run${NC}"
|
||||
printf >&2 "\n\n"
|
||||
echo -ne "${YELLOW}Confirm you have port 4222 TCP open? [type 'yes' to confirm]${NC}: "
|
||||
read CONFIRM_NATS
|
||||
done
|
||||
printf >&2 "\n"
|
||||
fi
|
||||
|
||||
if [ "$NEEDS_NATS" = true ]; then
|
||||
printf >&2 "${Green}Downloading nats${NC}\n\n"
|
||||
nats_tmp=$(mktemp -d -t nats-XXXXXXXXXX)
|
||||
wget https://github.com/nats-io/nats-server/releases/download/v2.1.9/nats-server-v2.1.9-linux-amd64.tar.gz -P ${nats_tmp}
|
||||
|
||||
tar -xzf ${nats_tmp}/nats-server-v2.1.9-linux-amd64.tar.gz -C ${nats_tmp}
|
||||
|
||||
sudo mv ${nats_tmp}/nats-server-v2.1.9-linux-amd64/nats-server /usr/local/bin/
|
||||
sudo chmod +x /usr/local/bin/nats-server
|
||||
sudo chown ${USER}:${USER} /usr/local/bin/nats-server
|
||||
rm -rf ${nats_tmp}
|
||||
|
||||
natsservice="$(cat << EOF
|
||||
if [ ! -f /etc/systemd/system/natsapi.service ]; then
|
||||
natsapi="$(cat << EOF
|
||||
[Unit]
|
||||
Description=NATS Server
|
||||
After=network.target ntp.service
|
||||
Description=Tactical NATS API
|
||||
After=network.target rmm.service nginx.service nats.service
|
||||
|
||||
[Service]
|
||||
PrivateTmp=true
|
||||
Type=simple
|
||||
ExecStart=/usr/local/bin/nats-server -c /rmm/api/tacticalrmm/nats-rmm.conf
|
||||
ExecReload=/usr/bin/kill -s HUP \$MAINPID
|
||||
ExecStop=/usr/bin/kill -s SIGINT \$MAINPID
|
||||
ExecStart=/usr/local/bin/nats-api
|
||||
User=${USER}
|
||||
Group=www-data
|
||||
Group=${USER}
|
||||
Restart=always
|
||||
RestartSec=5s
|
||||
|
||||
|
|
@ -117,20 +182,23 @@ RestartSec=5s
|
|||
WantedBy=multi-user.target
|
||||
EOF
|
||||
)"
|
||||
echo "${natsservice}" | sudo tee /etc/systemd/system/nats.service > /dev/null
|
||||
|
||||
echo "${natsapi}" | sudo tee /etc/systemd/system/natsapi.service > /dev/null
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable nats.service
|
||||
|
||||
sudo systemctl enable natsapi.service
|
||||
fi
|
||||
|
||||
|
||||
for i in nginx rmm celery celerybeat celery-winupdate nats
|
||||
for i in salt-master salt-api nginx nats natsapi rmm celery celerybeat celery-winupdate
|
||||
do
|
||||
printf >&2 "${GREEN}Stopping ${i} service...${NC}\n"
|
||||
sudo systemctl stop ${i}
|
||||
done
|
||||
|
||||
CHECK_NGINX_WORKER_CONN=$(grep "worker_connections 2048" /etc/nginx/nginx.conf)
|
||||
if ! [[ $CHECK_NGINX_WORKER_CONN ]]; then
|
||||
printf >&2 "${GREEN}Changing nginx worker connections to 2048${NC}\n"
|
||||
sudo sed -i 's/worker_connections.*/worker_connections 2048;/g' /etc/nginx/nginx.conf
|
||||
fi
|
||||
|
||||
cd /rmm
|
||||
git config user.email "admin@example.com"
|
||||
git config user.name "Bob"
|
||||
|
|
@ -177,6 +245,10 @@ sudo cp /rmm/api/tacticalrmm/core/goinstaller/bin/goversioninfo /usr/local/bin/
|
|||
sudo chown ${USER}:${USER} /usr/local/bin/goversioninfo
|
||||
sudo chmod +x /usr/local/bin/goversioninfo
|
||||
|
||||
sudo cp /rmm/natsapi/bin/nats-api /usr/local/bin
|
||||
sudo chown ${USER}:${USER} /usr/local/bin/nats-api
|
||||
sudo chmod +x /usr/local/bin/nats-api
|
||||
|
||||
printf >&2 "${GREEN}Running postgres vacuum${NC}\n"
|
||||
sudo -u postgres psql -d tacticalrmm -c "vacuum full logs_auditlog"
|
||||
sudo -u postgres psql -d tacticalrmm -c "vacuum full logs_pendingaction"
|
||||
|
|
@ -189,7 +261,7 @@ if [[ "${CURRENT_PIP_VER}" != "${LATEST_PIP_VER}" ]]; then
|
|||
source /rmm/api/env/bin/activate
|
||||
cd /rmm/api/tacticalrmm
|
||||
pip install --no-cache-dir --upgrade pip
|
||||
pip install --no-cache-dir setuptools==50.3.2 wheel==0.36.1
|
||||
pip install --no-cache-dir setuptools==51.1.2 wheel==0.36.2
|
||||
pip install --no-cache-dir -r requirements.txt
|
||||
else
|
||||
source /rmm/api/env/bin/activate
|
||||
|
|
@ -219,7 +291,13 @@ sudo rm -rf /var/www/rmm/dist
|
|||
sudo cp -pr /rmm/web/dist /var/www/rmm/
|
||||
sudo chown www-data:www-data -R /var/www/rmm/dist
|
||||
|
||||
for i in celery celerybeat celery-winupdate rmm nginx nats
|
||||
printf >&2 "${GREEN}Starting salt-master service${NC}\n"
|
||||
sudo systemctl start salt-master
|
||||
sleep 7
|
||||
printf >&2 "${GREEN}Starting salt-api service${NC}\n"
|
||||
sudo systemctl start salt-api
|
||||
|
||||
for i in rmm celery celerybeat celery-winupdate nginx nats natsapi
|
||||
do
|
||||
printf >&2 "${GREEN}Starting ${i} service${NC}\n"
|
||||
sudo systemctl start ${i}
|
||||
|
|
|
|||
Loading…
Reference in New Issue