2016-11-11 04:54:47 +00:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
#coding: UTF-8
|
|
|
|
|
|
|
|
|
|
"""
|
2016-11-29 09:13:06 +00:00
|
|
|
Bootstraping seafile server, letsencrypt (verification & cron job).
|
2016-11-11 04:54:47 +00:00
|
|
|
"""
|
|
|
|
|
|
2016-11-16 01:46:08 +00:00
|
|
|
import argparse
|
2016-11-11 04:54:47 +00:00
|
|
|
import os
|
|
|
|
|
from os.path import abspath, basename, exists, dirname, join, isdir
|
|
|
|
|
import shutil
|
|
|
|
|
import sys
|
2016-11-14 06:47:40 +00:00
|
|
|
import uuid
|
2016-11-16 07:41:08 +00:00
|
|
|
import time
|
2016-11-11 04:54:47 +00:00
|
|
|
|
2016-11-17 04:40:35 +00:00
|
|
|
from utils import (
|
2016-11-29 07:26:33 +00:00
|
|
|
call, get_conf, get_install_dir, loginfo,
|
2016-11-25 07:45:47 +00:00
|
|
|
get_script, render_template, get_seafile_version, eprint,
|
2016-11-29 07:09:16 +00:00
|
|
|
cert_has_valid_days, get_version_stamp_file, update_version_stamp,
|
|
|
|
|
wait_for_mysql, wait_for_nginx
|
2016-11-17 04:40:35 +00:00
|
|
|
)
|
2016-11-11 04:54:47 +00:00
|
|
|
|
2016-11-15 08:59:02 +00:00
|
|
|
seafile_version = get_seafile_version()
|
2016-11-11 04:54:47 +00:00
|
|
|
installdir = get_install_dir()
|
|
|
|
|
topdir = dirname(installdir)
|
2016-11-12 06:03:52 +00:00
|
|
|
shared_seafiledir = '/shared/seafile'
|
2016-11-15 04:11:58 +00:00
|
|
|
ssl_dir = '/shared/ssl'
|
2016-11-15 08:59:02 +00:00
|
|
|
generated_dir = '/bootstrap/generated'
|
2016-11-15 04:11:58 +00:00
|
|
|
|
2016-11-15 08:59:02 +00:00
|
|
|
def init_letsencrypt():
|
2016-11-29 07:26:33 +00:00
|
|
|
loginfo('Preparing for letsencrypt ...')
|
|
|
|
|
wait_for_nginx()
|
|
|
|
|
|
2016-11-15 04:11:58 +00:00
|
|
|
if not exists(ssl_dir):
|
|
|
|
|
os.mkdir(ssl_dir)
|
|
|
|
|
|
|
|
|
|
domain = get_conf('server.hostname')
|
|
|
|
|
context = {
|
2016-11-25 07:45:47 +00:00
|
|
|
'ssl_dir': ssl_dir,
|
2016-11-15 04:11:58 +00:00
|
|
|
'domain': domain,
|
|
|
|
|
}
|
2016-11-25 07:45:47 +00:00
|
|
|
render_template(
|
|
|
|
|
'/templates/letsencrypt.cron.template',
|
|
|
|
|
join(generated_dir, 'letsencrypt.cron'),
|
|
|
|
|
context
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
ssl_crt = '/shared/ssl/{}.crt'.format(domain)
|
|
|
|
|
if exists(ssl_crt):
|
2016-11-29 07:26:33 +00:00
|
|
|
loginfo('Found existing cert file {}'.format(ssl_crt))
|
2016-11-25 07:45:47 +00:00
|
|
|
if cert_has_valid_days(ssl_crt, 30):
|
2016-11-29 07:26:33 +00:00
|
|
|
loginfo('Skip letsencrypt verification since we have a valid certificate')
|
2016-11-25 07:45:47 +00:00
|
|
|
return
|
2016-11-15 08:59:02 +00:00
|
|
|
|
2016-11-29 07:26:33 +00:00
|
|
|
loginfo('Starting letsencrypt verification')
|
2016-11-15 08:59:02 +00:00
|
|
|
# Create a temporary nginx conf to start a server, which would accessed by letsencrypt
|
2016-11-25 07:45:47 +00:00
|
|
|
context = {
|
|
|
|
|
'https': False,
|
|
|
|
|
'domain': domain,
|
|
|
|
|
}
|
2016-11-15 08:59:02 +00:00
|
|
|
render_template('/templates/seafile.nginx.conf.template',
|
|
|
|
|
'/etc/nginx/sites-enabled/seafile.nginx.conf', context)
|
2016-11-25 06:23:42 +00:00
|
|
|
|
2016-11-15 04:11:58 +00:00
|
|
|
call('nginx -s reload')
|
2016-11-29 07:26:33 +00:00
|
|
|
time.sleep(2)
|
2016-11-25 06:23:42 +00:00
|
|
|
|
2016-11-15 04:11:58 +00:00
|
|
|
call('/scripts/ssl.sh {0} {1}'.format(ssl_dir, domain))
|
2016-11-17 04:40:35 +00:00
|
|
|
# if call('/scripts/ssl.sh {0} {1}'.format(ssl_dir, domain), check_call=False) != 0:
|
|
|
|
|
# eprint('Now waiting 1000s for postmortem')
|
|
|
|
|
# time.sleep(1000)
|
|
|
|
|
# sys.exit(1)
|
2016-11-11 04:54:47 +00:00
|
|
|
|
2016-11-16 07:41:08 +00:00
|
|
|
|
2016-11-25 06:14:30 +00:00
|
|
|
def generate_local_nginx_conf():
|
|
|
|
|
# Now create the final nginx configuratin
|
|
|
|
|
domain = get_conf('server.hostname')
|
2016-11-16 07:41:08 +00:00
|
|
|
context = {
|
2016-11-25 06:14:30 +00:00
|
|
|
'https': is_https(),
|
2016-11-16 07:41:08 +00:00
|
|
|
'domain': domain,
|
|
|
|
|
}
|
|
|
|
|
render_template(
|
2016-11-25 06:14:30 +00:00
|
|
|
'/templates/seafile.nginx.conf.template',
|
|
|
|
|
join(generated_dir, 'seafile.nginx.conf'),
|
2016-11-16 07:41:08 +00:00
|
|
|
context
|
|
|
|
|
)
|
2016-11-15 08:59:02 +00:00
|
|
|
|
2016-11-25 06:14:30 +00:00
|
|
|
|
2016-11-15 08:59:02 +00:00
|
|
|
def is_https():
|
2016-11-21 03:25:56 +00:00
|
|
|
return get_conf('server.letsencrypt', '').lower() == 'true'
|
2016-11-15 08:59:02 +00:00
|
|
|
|
|
|
|
|
def generate_local_dockerfile():
|
2016-11-29 07:26:33 +00:00
|
|
|
loginfo('Generating local Dockerfile ...')
|
2016-11-15 08:59:02 +00:00
|
|
|
context = {
|
|
|
|
|
'seafile_version': seafile_version,
|
|
|
|
|
'https': is_https(),
|
|
|
|
|
'domain': get_conf('server.domain'),
|
|
|
|
|
}
|
|
|
|
|
render_template('/templates/Dockerfile.template', join(generated_dir, 'Dockerfile'), context)
|
|
|
|
|
|
2016-11-16 01:46:08 +00:00
|
|
|
def parse_args():
|
|
|
|
|
ap = argparse.ArgumentParser()
|
|
|
|
|
ap.add_argument('--parse-ports', action='store_true')
|
|
|
|
|
|
|
|
|
|
return ap.parse_args()
|
|
|
|
|
|
|
|
|
|
def do_parse_ports():
|
|
|
|
|
"""
|
|
|
|
|
Parse the server.port_mappings option and print docker command line port
|
|
|
|
|
mapping flags like "-p 80:80 -p 443:443"
|
|
|
|
|
"""
|
|
|
|
|
# conf is like '80:80,443:443'
|
|
|
|
|
conf = get_conf('server.port_mappings', '').strip()
|
|
|
|
|
if conf:
|
|
|
|
|
sys.stdout.write(' '.join(['-p {}'.format(part.strip()) for part in conf.split(',')]))
|
|
|
|
|
sys.stdout.flush()
|
|
|
|
|
|
2016-11-16 07:41:08 +00:00
|
|
|
def init_seafile_server():
|
2016-11-28 09:06:28 +00:00
|
|
|
version_stamp_file = get_version_stamp_file()
|
2016-11-16 07:41:08 +00:00
|
|
|
if exists(join(shared_seafiledir, 'seafile-data')):
|
2016-11-28 09:06:28 +00:00
|
|
|
if not exists(version_stamp_file):
|
2016-11-30 07:22:56 +00:00
|
|
|
update_version_stamp(os.environ['SEAFILE_VERSION'])
|
2016-11-29 07:26:33 +00:00
|
|
|
loginfo('Skip running setup-seafile-mysql.py because there is existing seafile-data folder.')
|
2016-11-16 07:41:08 +00:00
|
|
|
return
|
|
|
|
|
|
2016-11-29 07:26:33 +00:00
|
|
|
loginfo('Now running setup-seafile-mysql.py in auto mode.')
|
2016-11-11 04:54:47 +00:00
|
|
|
env = {
|
|
|
|
|
'SERVER_NAME': 'seafile',
|
2016-11-14 06:47:40 +00:00
|
|
|
'SERVER_IP': get_conf('server.hostname'),
|
2016-11-14 12:21:05 +00:00
|
|
|
'MYSQL_USER': 'seafile',
|
|
|
|
|
'MYSQL_USER_PASSWD': str(uuid.uuid4()),
|
|
|
|
|
'MYSQL_USER_HOST': '127.0.0.1',
|
|
|
|
|
# Default MariaDB root user has empty password and can only connect from localhost.
|
|
|
|
|
'MYSQL_ROOT_PASSWD': '',
|
2016-11-11 04:54:47 +00:00
|
|
|
}
|
2016-11-14 06:47:40 +00:00
|
|
|
|
2016-11-14 12:21:05 +00:00
|
|
|
# Change the script to allow mysql root password to be empty
|
|
|
|
|
call('''sed -i -e 's/if not mysql_root_passwd/if not mysql_root_passwd and "MYSQL_ROOT_PASSWD" not in os.environ/g' {}'''
|
2016-11-15 04:11:58 +00:00
|
|
|
.format(get_script('setup-seafile-mysql.py')))
|
2016-11-14 06:47:40 +00:00
|
|
|
|
2016-11-14 12:21:05 +00:00
|
|
|
setup_script = get_script('setup-seafile-mysql.sh')
|
2016-11-14 06:47:40 +00:00
|
|
|
call('{} auto -n seafile'.format(setup_script), env=env)
|
|
|
|
|
|
2016-11-25 08:10:29 +00:00
|
|
|
domain = get_conf('server.hostname')
|
|
|
|
|
proto = 'https' if is_https() else 'http'
|
|
|
|
|
with open(join(topdir, 'conf', 'seahub_settings.py'), 'a+') as fp:
|
|
|
|
|
fp.write('\n')
|
|
|
|
|
fp.write('FILE_SERVER_ROOT = "{proto}://{domain}/seafhttp"'.format(proto=proto, domain=domain))
|
|
|
|
|
fp.write('\n')
|
|
|
|
|
|
2016-12-07 16:04:23 +00:00
|
|
|
# By default ccnet-server binds to the unix socket file
|
2016-12-07 07:39:52 +00:00
|
|
|
# "/opt/seafile/ccnet/ccnet.sock", but /opt/seafile/ccnet/ is a mounted
|
|
|
|
|
# volume from the docker host, and on windows and some linux environment
|
|
|
|
|
# it's not possible to create unix sockets in an external-mounted
|
|
|
|
|
# directories. So we change the unix socket file path to
|
|
|
|
|
# "/opt/seafile/ccnet.sock" to avoid this problem.
|
|
|
|
|
with open(join(topdir, 'conf', 'ccnet.conf'), 'a+') as fp:
|
|
|
|
|
fp.write('\n')
|
|
|
|
|
fp.write('[Client]\n')
|
|
|
|
|
fp.write('UNIX_SOCKET = /opt/seafile/ccnet.sock\n')
|
|
|
|
|
fp.write('\n')
|
|
|
|
|
|
2016-11-14 06:47:40 +00:00
|
|
|
files_to_copy = ['conf', 'ccnet', 'seafile-data', 'seahub-data',]
|
|
|
|
|
for fn in files_to_copy:
|
2016-11-11 04:54:47 +00:00
|
|
|
src = join(topdir, fn)
|
2016-11-12 06:03:52 +00:00
|
|
|
dst = join(shared_seafiledir, fn)
|
|
|
|
|
if not exists(dst) and exists(src):
|
|
|
|
|
shutil.move(src, shared_seafiledir)
|
2016-11-11 04:54:47 +00:00
|
|
|
|
2016-11-29 07:26:33 +00:00
|
|
|
loginfo('Updating version stamp')
|
|
|
|
|
update_version_stamp(os.environ['SEAFILE_VERSION'])
|
2016-11-28 09:06:28 +00:00
|
|
|
|
2016-11-17 04:40:35 +00:00
|
|
|
def main():
|
|
|
|
|
args = parse_args()
|
|
|
|
|
if args.parse_ports:
|
|
|
|
|
do_parse_ports()
|
|
|
|
|
return
|
|
|
|
|
if not exists(shared_seafiledir):
|
|
|
|
|
os.mkdir(shared_seafiledir)
|
|
|
|
|
if not exists(generated_dir):
|
|
|
|
|
os.mkdir(generated_dir)
|
|
|
|
|
|
|
|
|
|
generate_local_dockerfile()
|
|
|
|
|
|
|
|
|
|
if is_https():
|
|
|
|
|
init_letsencrypt()
|
2016-11-25 06:14:30 +00:00
|
|
|
generate_local_nginx_conf()
|
2016-11-17 04:40:35 +00:00
|
|
|
|
2016-11-29 07:09:16 +00:00
|
|
|
wait_for_mysql()
|
2016-11-17 04:40:35 +00:00
|
|
|
init_seafile_server()
|
|
|
|
|
|
2016-11-29 07:26:33 +00:00
|
|
|
loginfo('Generated local config.')
|
2016-11-17 04:40:35 +00:00
|
|
|
|
|
|
|
|
|
2016-11-11 04:54:47 +00:00
|
|
|
if __name__ == '__main__':
|
2016-11-16 01:46:08 +00:00
|
|
|
# TODO: validate the content of bootstrap.conf is valid
|
2016-11-11 04:54:47 +00:00
|
|
|
main()
|
