-
Notifications
You must be signed in to change notification settings - Fork 3
/
setup.sh
346 lines (299 loc) · 10.9 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
#!/bin/bash
set -e
# chacking for flags
x=$1
y=$2
full=false
local=false
nginx=true
if [ "$y" = "--nogninx"]; then
nginx=false
fi
if [ "$x" = "--full" ]; then
full=true
elif [ "$x" = "--raspberry" ]; then
local=true
else
echo "No option set!"
echo "<<<----- IoTree42 Help --->>>"
echo " "
echo "sudo bash setup.sh [1. argument] [2. argument]"
echo " "
echo "[1. argument]:"
echo " --full full installation including https support and nginx"
echo " --raspberry for a local installation e.g. on a Raspberry no SSL"
echo " and other security settings are enabled, nginx is included."
echo "[2. argument]:"
echo " --nonginx Nginx Webeserver and the Python WSGI HTTP Server"
echo " gunicorn are NOT installed (not recommended)."
exit
fi
# inputs
echo "******************************************"
echo "* _____ _______ _ _ ___ *"
echo "* |_ _| |__ __| | || |__ \ *"
echo "* | | ___ | |_ __ ___ ___| || |_ ) | *"
echo "* | | / _ \| | '__/ _ \/ _ \__ _/ / *"
echo "* _| || (_) | | | | __/ __/ | |/ /_ *"
echo "* |_____\___/|_|_| \___|\___| |_|____| *"
echo "* *"
echo "******************************************"
echo "<<<----- SETUP OF IoTree42 --->>>"
echo "<<<----- Version v0.4.1 --->>>"
echo "ENTER LINUX USERNAME FOR BUIDING PATHS"
read myvariable
echo "SET DJANGO ADMIN PASSWORD !HIDDEN INPUT!"
read -s djangopass
#echo "<<<-- SETUP DJANGO -->>>"
#echo "ENTER AN EMAIL, for sending the password reset url. You can leave it empty"
#read sendingmail
#echo "ENTER PASSWORD FOR THIS EMAIL, for sending the password reset url. !HIDDEN INPUT! You can leave it empty"
#read -s sendingpass
#echo "ENTER ADMINMAIL, for resiving notivications form server. You can leave it empty"
#read adminmail
#echo "ENTER ip, empty will try to read from system"
#read enteredip
if [ "$full" = true ]; then
echo "ENTER domain name for using TLS"
read domain
fi
# istalling all nessery programms
apt-get update
# sudo apt-get -y upgrade
apt-get install -y python3-pip
apt-get install -y curl
python3 -m pip install --user virtualenv
apt install -y virtualenv python3-virtualenv python3-appdirs python3-distlib python3-filelock
apt install -y mosquitto mosquitto-clients
if [ "$nginx" = true ]; then
apt install -y nginx
fi
apt-get install -y inotify-tools
apt-get install -y libopenjp2-7
apt install -y libtiff5
apt-get install -y zip
# installing grafana #
sudo apt-get install -y adduser libfontconfig1
arch=$(uname -m)
arch2=${arch:0:3}
echo $arch
if [ "$arch2" = "arm" ]; then
echo "architecture: $arch"
wget https://dl.grafana.com/oss/release/grafana_8.0.6_armhf.deb
PATH=$PATH:/sbin
dpkg -i grafana_8.0.6_armhf.deb
wget -qO- https://repos.influxdata.com/influxdb.key | sudo apt-key add -
echo "deb https://repos.influxdata.com/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
apt update
apt install influxdb
systemctl unmask influxdb
systemctl enable influxdb
systemctl start influxdb
#wget https://dl.influxdata.com/influxdb/releases/influxdb-1.8.9_linux_armhf.tar.gz
#tar xvfz influxdb-1.8.9_linux_armhf.tar.gz
elif [ "$arch2" = "amd" ]; then
echo "architecture: $arch"
wget https://dl.influxdata.com/influxdb/releases/influxdb_1.8.9_amd64.deb
sudo dpkg -i influxdb_1.8.9_amd64.deb
wget https://dl.grafana.com/oss/release/grafana_8.0.6_amd64.deb
PATH=$PATH:/sbin
dpkg -i grafana_8.0.6_amd64.deb
elif [ "$arch2" = "x86" ]; then
echo "architecture: $arch"
wget https://dl.influxdata.com/influxdb/releases/influxdb_1.8.9_amd64.deb
sudo dpkg -i influxdb_1.8.9_amd64.deb
wget https://dl.grafana.com/oss/release/grafana_8.0.6_amd64.deb
PATH=$PATH:/sbin
dpkg -i grafana_8.0.6_amd64.deb
else
echo "ERROR: invalid architecture '$arch' for Grafana or influxdb"
echo "Exit setup.sh please delete folder:"
echo "'/etc/iotree"
exit 1
fi
systemctl start influxdb
systemctl start grafana-server
# get linux username make password for mqtt, get host IP ....
mqttpass=$(</dev/urandom tr -dc '0123456789ABZDEFGHIJKLMOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' | head -c12)
serverip="$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')"
hostname=$(hostname)
echo $hostname
if [ -z "$myvariable" ]
then
myvariable=$(who am i | awk '{print $1}')
fi
if [ -z "$djangopass" ]
then
djangopass="iotree42passchange"
fi
if [ -z "$sendingmail" ]
then
sendingmail="none"
fi
if [ -z "$sendingpass" ]
then
sendingpass="none"
fi
if [ -z "$adminmail" ]
then
adminmail="none@none"
fi
if [ -z "$domain" ]
then
domain=$hostname
fi
if [ -n "$enteredip" ]
then
serverip=$enteredip
fi
#generate pw for influx: admin, fluxcondj, mqttodb,
fluxadmin=$(</dev/urandom tr -dc '0123456789ABZDEFGHIJKLMOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' | head -c32)
fluxcondj=$(</dev/urandom tr -dc '0123456789ABZDEFGHIJKLMOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' | head -c32)
fluxmqttodb=$(</dev/urandom tr -dc '0123456789ABZDEFGHIJKLMOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' | head -c32)
#generate pw for grafana admin
grafadmin=$(</dev/urandom tr -dc '0123456789ABZDEFGHIJKLMOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' | head -c20)
#generate django key
djangokey=$(</dev/urandom tr -dc '0123456789!@#$%^&*()_=+abcdefghijklmnopqrstuvwxyz' | head -c50)
mkdir ./tmp
# build mosquitto.conf file
if [ "$full" = true ]; then
./lib/tmp.mosquitto.conf.ssl.sh $domain > ./tmp/mosquitto.conf
else
./lib/tmp.mosquitto.conf.nossl.sh > ./tmp/mosquitto.conf
fi
chmod -R 644 ./tmp/mosquitto.conf
if [ "$nginx" = true ]; then
# building nginx config file
./lib/tmp.nginx-ssl.sh $myvariable $domain > ./tmp/nginx-ssl.conf
./lib/tmp.nginx-nossl.sh $myvariable $serverip > ./tmp/nginx-nossl.conf
# building gunicorn config file: service and sockets
./lib/tmp.gunicorn.service.sh $myvariable > ./tmp/gunicorn.service
./lib/tmp.gunicorn.socket.sh > ./tmp/gunicorn.socket
fi
# building grafana config file
./lib/tmp.grafana.ini.sh > ./tmp/grafana.ini
# building indluxdb config file
./lib/tmp.influxdb.conf.sh > ./tmp/influxdb.conf
#build iotree config.json file
grafaaddress="/grafana/"
if [ "$full" = true ]; then
./lib/tmp.config.json.sh $myvariable $serverip $adminmail $sendingmail $sendingpass $djangokey $serverip $fluxadmin $fluxmqttodb $fluxcondj $grafadmin $grafaaddress $domain $mqttpass > ./tmp/config.json
else
./lib/tmp.config.json.sh $myvariable $serverip $adminmail $sendingmail $sendingpass $djangokey $serverip $fluxadmin $fluxmqttodb $fluxcondj $grafadmin $grafaaddress $hostname $mqttpass > ./tmp/config.json
fi
# build reload3.sh file
./lib/tmp.reload3.sh > ./tmp/reload3.sh
# building gateway zip file
if [ "$full" = true ]; then
cp /etc/ssl/certs/DST_Root_CA_X3.pem ./IoTree_Gateway
fi
zip -r IoTree_Gateway_V_2.0.zip ./IoTree_Gateway
mkdir ./home_user/dj_iot/media/downloadfiles
mv ./IoTree_Gateway_V_2.0.zip ./home_user/dj_iot/media/downloadfiles/
# move all files and folders to destination
mkdir /etc/iotree
cp -r ./home_user/* /home/$myvariable/
cp /etc/mosquitto/mosquitto.conf /etc/mosquitto/mosquitto.conf.iotree_save
cp -r ./tmp/mosquitto.conf /etc/mosquitto/mosquitto.conf
cp /etc/influxdb/influxdb.conf /etc/influxdb/influxdb.conf.iotree_save
cp -r ./tmp/influxdb.conf /etc/influxdb/influxdb.conf
cp -r ./tmp/config.json /etc/iotree
cp -r ./tmp/reload3.sh /etc/iotree
if [ "$nginx" = true ]; then
cp -r ./tmp/gunicorn.service /etc/systemd/system
cp -r ./tmp/gunicorn.socket /etc/systemd/system
cp -r ./tmp/nginx-ssl.conf /etc/nginx/sites-available/nginx-ssl-iotree.conf
cp -r ./tmp/nginx-nossl.conf /etc/nginx/sites-available/nginx-nossl-iotree.conf
cp /etc/grafana/grafana.ini /etc/grafana/grafana.ini.iotree_save
cp -r ./tmp/grafana.ini /etc/grafana/grafana.ini
else
cp -r ./tmp/grafana.ini /etc/grafana/grafana.ini.iotree
fi
# building files acl, passwd
touch /etc/iotree/.acl
touch /etc/iotree/.passwd
echo 'user mqttodb' >>/etc/iotree/.acl
echo 'topic read gateways/#' >>/etc/iotree/.acl
# setup mosquitto broker user
mosquitto_passwd -b /etc/iotree/.passwd mqttodb $mqttpass
# restart influxdb after config.file changed
systemctl restart influxdb
# making influxdb user: fluxcondj, mqttodb, admin (all privileged),
systemctl start influxdb
sleep 5
# making influxdb user: fluxcondj, mqttodb, admin (all privileged),
curl "http://localhost:8086/query" --data-urlencode "q=CREATE USER admin WITH PASSWORD '$fluxadmin' WITH ALL PRIVILEGES"
curl "http://localhost:8086/query?u=admin&p=$fluxadmin" --data-urlencode "q=CREATE USER fluxcondj WITH PASSWORD '$fluxcondj'"
curl "http://localhost:8086/query?u=admin&p=$fluxadmin" --data-urlencode "q=CREATE USER mqttodb WITH PASSWORD '$fluxmqttodb'"
# start services:
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable grafana-server
sudo /bin/systemctl restart grafana-server
systemctl restart influxdb
if [ "$nginx" = true ]; then
systemctl start gunicorn
systemctl enable gunicorn
systemctl reload nginx
fi
if [ "$nginx" = true ]; then
if [ "$full" = true ]; then
ln -s /etc/nginx/sites-available/nginx-ssl-iotree.conf /etc/nginx/sites-enabled/
else
ln -s /etc/nginx/sites-available/nginx-nossl-iotree.conf /etc/nginx/sites-enabled/
fi
rm -r /etc/nginx/sites-enabled/default
systemctl restart nginx
fi
# premisisons and so on.
chmod -R 744 /etc/iotree/config.json
chmod -R 766 /etc/iotree/.acl
chmod -R 766 /etc/iotree/.passwd
chown -R $myvariable:$myvariable /home/$myvariable/dj_iot
chown -R $myvariable:$myvariable /home/$myvariable/iot42
chmod -R 765 /home/$myvariable/dj_iot
chmod 766 /home/$myvariable/dj_iot/db.sqlite3
sed -i "1s/.*/user $myvariable;/" /etc/nginx/nginx.conf
# making grafana user: admin
sleep 10
grafana-cli admin reset-admin-password $grafadmin
## make django and storing script
runuser -u $myvariable -- virtualenv -p python3 /home/$myvariable/iot42/venv1
source /home/$myvariable/iot42/venv1/bin/activate
pip3 install -r /home/$myvariable/iot42/requirements.txt
deactivate
runuser -u $myvariable -- virtualenv -p python3 /home/$myvariable/dj_iot/venv2
source /home/$myvariable/dj_iot/venv2/bin/activate
pip3 install -r /home/$myvariable/dj_iot/requirements.txt
echo "from django.contrib.auth.models import User; User.objects.create_superuser('admin', '$adminmail', '$djangopass')" | python /home/$myvariable/dj_iot/manage.py shell
python3 /home/$myvariable/dj_iot/manage.py makemigrations
python3 /home/$myvariable/dj_iot/manage.py migrate
python3 /home/$myvariable/dj_iot/manage.py collectstatic
deactivate
#bugfix for django-revproxy plugin
bash ./bugfix_revproxy.sh $myvariable
if [ "$nginx" = true ]; then
systemctl restart nginx
systemctl restart gunicorn
fi
echo "-Endpoints- -port-"
echo "grafana: 3000"
echo "influxdb: 8086"
echo "django default: 8080"
if [ "$full" = true ]; then
echo "mosquitto 8883"
else
echo "mosquitto 1883"
fi
echo " "
echo "--> Setup complete <--"
echo "--> You might want to check the config.json:"
echo "--> nano /etc/iotree/config.json"
echo "--> You can delete the folder IoTree42"
echo " "
if [ "$full" = true ]; then
echo "--> The server can be reached at: https://$domain/"
else
echo "--> The server can be reached at: http://$serverip/"
fi
cd ..
exit