-
Notifications
You must be signed in to change notification settings - Fork 1
/
start.sh
executable file
·300 lines (255 loc) · 12.1 KB
/
start.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
#!/bin/bash
set -e
g_prog_name=$(basename $0)
# if START_DEBUG=1, debug traces will be displayed.
export DEBUG=${DEBUG:-0}
if [ ${DEBUG} -eq 1 ] ; then
set -x
fi
export START_DEBUG=${START_DEBUG:-0}
# if LS_DEBUG=1, log4 debug traces will be displayed.
export LS_DEBUG=${LS_DEBUG:-0}
# Description: This method will check and display a list of env variables.
# The value of every env variables with names containing SECRET or
# PASSWORD will be troncated (only the first 4 characters).
# First parameter is `mode`:
# * mode=0 : just display env vars
# * mode=1 : the script will abort if some env var is missing.
# Second parameter is `legend`:
# * legend=0 : do not display the legend
# * legend=1 : display the legend
# Next parameters : ENV variables to test
# ex: check_env_variables 1 1 VAR1 VAR2 VAR4
function check_env_variables ()
{
local l_mode=${1}
local l_legend=${2}
shift
shift
local l_error=0
local l_key=
local l_vars_list=$@
if [ ${l_legend} -eq 1 ] ; then
if [ ${l_mode} -eq 1 ] ; then
echo "INFO:${g_prog_name}: Checking all required env variables..."
else
echo "INFO:${g_prog_name}: Checking all optional env variables..."
fi
fi
for l_key in ${l_vars_list}
do
if [[ ${l_key} =~ PASSWORD || ${l_key} =~ SECRET ]] ; then
if [ ${START_DEBUG} -eq 1 ] ; then
echo "${l_key} : ${!l_key}"
else
echo "${l_key} : ${!l_key:0:4}..."
fi
else
echo "${l_key} : ${!l_key}"
fi
if [ ${l_mode} -eq 1 ] ; then
if [ -z ${!l_key} ] ; then
l_error=1
fi
fi
done
if [ ${l_error} -eq 1 ] ; then
echo "ERROR: Missing some input variables"
echo
exit 1
fi
[ ${l_legend} -eq 1 ] && echo -e "INFO:${g_prog_name}: All env variables checked\n"
return ${l_error}
}
function check_deprecated_env_variables ()
{
local l_key=$1
local l_new_key=$2
if [ ! -z ${!l_key} ] ; then
echo "ERROR: ${l_key} is not supported anymore. See ${l_new_key}"
echo
exit 1
fi
}
g_vars_list="
POSTGRES_HOST
SMTP_HOST
MONGODB_DATA_REPLICA_SET
MONGODB_SMALLFILES_REPLICA_SET
"
g_vars_list_opts="
POSTGRES_PORT
POSTGRES_DATABASE
POSTGRES_USER
POSTGRES_PASSWORD
SMTP_PORT
CLAMAV_HOST
CLAMAV_PORT
SMTP_AUTH_ENABLE
SMTP_USER
SMTP_PASSWORD
STORAGE_MODE
STORAGE_BUCKET
STORAGE_FILESYSTEM_DIR
JWT_EXPIRATION
JWT_TOKEN_MAX_LIFETIME
SSO_IP_LIST_ENABLE
SSO_IP_LIST
MONGODB_BIGFILES_REPLICA_SET
MONGODB_USER
MONGODB_PASSWORD
MONGODB_AUTH_DATABASE
OS_TENANT_NAME
"
# MAIN
[ -z "$SMTP_USER" ] || SMTP_AUTH_ENABLE="true"
[ -z "$SMTP_PASSWORD" ] || SMTP_AUTH_ENABLE="true"
check_env_variables 1 1 ${g_vars_list}
check_env_variables 0 1 ${g_vars_list_opts}
check_deprecated_env_variables MONGODB_URI MONGODB_DATA_REPLICA_SET
check_deprecated_env_variables MONGODB_URI_SMALLFILES MONGODB_SMALLFILES_REPLICA_SET
check_deprecated_env_variables MONGODB_URI_BIGFILES MONGODB_BIGFILES_REPLICA_SET
check_deprecated_env_variables MONGODB_HOST MONGODB_DATA_REPLICA_SET
check_deprecated_env_variables MONGODB_PORT MONGODB_DATA_REPLICA_SET
if [ "${STORAGE_MODE}" != "filesystem" ] ; then
echo
echo "INFO: STORAGE_MODE is different than filesystem: ${STORAGE_MODE}"
echo "INFO: Checking object storage configuration ..."
if [ "${STORAGE_MODE}" == "s3" ] ; then
check_env_variables 1 0 AWS_AUTH_URL AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
else
check_env_variables 1 0 OS_AUTH_URL OS_USERNAME OS_PASSWORD OS_REGION_NAME
if [ "${OS_IDENTITY_API_VERSION}" == "3" ] ; then
check_env_variables 1 0 OS_USER_DOMAIN_NAME OS_PROJECT_NAME
fi
fi
echo "INFO: Object storage configuration checked"
echo
fi
# LINSHARE OPTIONS (WARNING : modifying these settings is at your own risks)
src_dir=webapps/linshare/WEB-INF/classes
conf_dir=/etc/linshare
data_dir=/var/lib/linshare
# Allow to tweak JVM settings
[ -z "$JDK_JAVA_OPTIONS" ] || java_opts="$JDK_JAVA_OPTIONS"
export JDK_JAVA_OPTIONS="-Djava.awt.headless=true -Xms${JAVA_XMS} -Xmx${JAVA_XMX}
-Dlinshare.config.path=file:${conf_dir}/
-Dlog4j2.configurationFile=file:${conf_dir}/log4j2.properties
${java_opts}"
# Extracting .war's files
unzip -o -qq webapps/linshare.war -d webapps/linshare
echo ">-------- Content of version.properties -----------"
cat ${src_dir}/version.properties
echo "--------- Content of version.properties ----------<"
# Making /etc/linshare if doesn't exists
[ -d /etc/linshare ] || mkdir /etc/linshare
custom_linshare=0
custom_log4j=0
# Copying configuration files for later customization
[ -f "${conf_dir}/linshare.properties" ] && custom_linshare=1
[ -f "${conf_dir}/log4j2.properties" ] && custom_log4j=1
if [ $custom_linshare -eq 1 ]; then
echo -e "Custom linshare.properties found at ${conf_dir}"
echo -e "Skipping configuration"
else
echo -e "Configuring LinShare settings"
cp ${src_dir}/linshare.properties.sample ${conf_dir}/linshare.properties
target="${conf_dir}/linshare.properties"
sed -i '[email protected].*@mail.smtp.host=${SMTP_HOST}@' $target
sed -i '[email protected].*@mail.smtp.port=${SMTP_PORT}@' $target
sed -i '[email protected].*@mail.smtp.auth.needed=${SMTP_AUTH_ENABLE}@' $target
sed -i '[email protected].*@mail.smtp.user=${SMTP_USER}@' $target
sed -i '[email protected].*@mail.smtp.password=${SMTP_PASSWORD}@' $target
sed -i '[email protected].*@mail.smtp.starttls.enable=${SMTP_START_TLS_ENABLE}@' $target
sed -i '[email protected].*@mail.smtp.ssl.enable=${SMTP_SSL_ENABLE}@' $target
sed -i '[email protected]=jdbc:postgresql.*@linshare.db.url=jdbc:postgresql://${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DATABASE}@' $target
sed -i '[email protected].*@linshare.db.username=${POSTGRES_USER}@' $target
sed -i '[email protected].*@linshare.db.password=${POSTGRES_PASSWORD}@' $target
sed -i 's@.*virusscanner.clamav.host.*@virusscanner.clamav.host=${CLAMAV_HOST}@' $target
sed -i 's@.*virusscanner.clamav.port.*@virusscanner.clamav.port=${CLAMAV_PORT}@' $target
sed -i -r 's/(linshare.mongo.data.replicaset=).*/\1${MONGODB_DATA_REPLICA_SET}/g' $target
sed -i -r 's/(linshare.mongo.data.database=).*/\1${MONGODB_DATA_DATABASE}/g' $target
sed -i -r 's/(linshare.mongo.smallfiles.replicaset=).*/\1${MONGODB_SMALLFILES_REPLICA_SET}/g' $target
sed -i -r 's/(linshare.mongo.smallfiles.database=).*/\1${MONGODB_SMALLFILES_DATABASE}/g' $target
sed -i -r 's/(linshare.mongo.bigfiles.replicaset=).*/\1${MONGODB_BIGFILES_REPLICA_SET}/g' $target
sed -i -r 's/(linshare.mongo.bigfiles.database=).*/\1${MONGODB_BIGFILES_DATABASE}/g' $target
if [ ! -z "${MONGODB_PASSWORD}" ] ; then
sed -i -r 's/(linshare.mongo.data.credentials=).*/\1${MONGODB_USER}:${MONGODB_PASSWORD}@${MONGODB_AUTH_DATABASE}/g' $target
sed -i -r 's/(linshare.mongo.smallfiles.credentials=).*/\1${MONGODB_USER}:${MONGODB_PASSWORD}@${MONGODB_AUTH_DATABASE}/g' $target
sed -i -r 's/(linshare.mongo.bigfiles.credentials=).*/\1${MONGODB_USER}:${MONGODB_PASSWORD}@${MONGODB_AUTH_DATABASE}/g' $target
fi
sed -i '[email protected]=.*@linshare.mongo.write.concern=${MONGODB_WRITE_CONCERN}@' $target
sed -i '[email protected]=.*@sso.header.allowfrom=${SSO_IP_LIST}@' $target
sed -i '[email protected]=.*@sso.header.allowfrom.enable=${SSO_IP_LIST_ENABLE}@' $target
sed -i '[email protected]=.*@linshare.documents.storage.mode=${STORAGE_MODE}@' $target
sed -i '[email protected]=.*@linshare.documents.storage.bucket=${STORAGE_BUCKET}@' $target
sed -i '[email protected]=.*@linshare.documents.storage.multipartupload=${STORAGE_MULTIPART_UPLOAD}@' $target
sed -i '[email protected]=.*@linshare.documents.storage.filesystem.directory=${STORAGE_FILESYSTEM_DIR}@' $target
if [ "${STORAGE_MODE}" != "filesystem" ] ; then
if [ "${STORAGE_MODE}" == "s3" ] ; then
sed -i '[email protected]=.*@linshare.documents.storage.identity=${AWS_ACCESS_KEY_ID}@' $target
sed -i '[email protected]=.*@linshare.documents.storage.credential=${AWS_SECRET_ACCESS_KEY}@' $target
sed -i '[email protected]=.*@linshare.documents.storage.endpoint=${AWS_AUTH_URL}@' $target
else
sed -i '[email protected]=.*@linshare.documents.storage.keystone.version=${OS_IDENTITY_API_VERSION}@' $target
if [ ! -z ${OS_TENANT_NAME} ] ; then
sed -i '[email protected]=.*@linshare.documents.storage.identity=${OS_TENANT_NAME}:${OS_USERNAME}@' $target
fi
sed -i '[email protected]=.*@linshare.documents.storage.project.name=${OS_PROJECT_NAME}@' $target
sed -i '[email protected]=.*@linshare.documents.storage.user.domain=${OS_USER_DOMAIN_NAME}@' $target
sed -i '[email protected]=.*@linshare.documents.storage.user.name=${OS_USERNAME}@' $target
sed -i '[email protected]=.*@linshare.documents.storage.credential=${OS_PASSWORD}@' $target
sed -i '[email protected]=.*@linshare.documents.storage.endpoint=${OS_AUTH_URL}@' $target
sed -i '[email protected]=.*@linshare.documents.storage.regionId=${OS_REGION_NAME}@' $target
fi
fi
sed -i '[email protected]=.*@linshare.documents.thumbnail.enable=${THUMBNAIL_ENABLE}@' $target
sed -i '[email protected]=.*@linshare.documents.thumbnail.pdf.enable=${THUMBNAIL_ENABLE_PDF}@' $target
sed -i '[email protected]=.*@linshare.linthumbnail.remote.mode=true@' $target
sed -i '[email protected]=.*@linshare.linthumbnail.dropwizard.server=http://${THUMBNAIL_HOST}:${THUMBNAIL_PORT}/linthumbnail?mimeType=%1$s@' $target
sed -i 's@# jwt.expiration=.*@jwt.expiration=${JWT_EXPIRATION}@' $target
sed -i 's@# jwt.token.max.lifetime=.*@jwt.expiration=${JWT_TOKEN_MAX_LIFETIME}@' $target
echo -e "\n" >> $target
echo -e "linshare.display.licenceTerm=${LICENSE:-true}\n" >> $target
fi
if [ $custom_log4j -eq 1 ]; then
echo -e "Custom log4j2.properties found at ${conf_dir}"
echo -e "Skipping configuration"
else
echo -e "Configuring Log4j settings"
cp ${src_dir}/log4j2.properties ${conf_dir}/log4j2.properties
if [ ${LS_DEBUG} -eq 1 ] ; then
sed -i "[email protected] =.*@logger.linshare = DEBUG, CONSOLE@" ${conf_dir}/log4j2.properties
fi
fi
if [ -f "${conf_dir}/linshare.extra.properties" ] ; then
if [ ! -f "${conf_dir}/linshare.extra.properties.added" ] ; then
echo "Adding extra properties ..."
cat ${conf_dir}/linshare.extra.properties
echo ...
cat ${conf_dir}/linshare.extra.properties >> ${target}
touch ${conf_dir}/linshare.extra.properties.added
fi
else
echo "There is no extra properties to set. Skipping."
fi
l_input_dir=/new-ca
if [ -d ${l_input_dir} ] ; then
echo "INFO: Folder ${l_input_dir} exists, adding all files as new CA ..."
l_output_dir=/usr/share/ca-certificates/linshare/
mkdir -p ${l_output_dir}
for l_file in $(ls ${l_input_dir}/)
do
cp -v ${l_input_dir}/${l_file} ${l_output_dir}
echo "linshare/${l_file}" >> /etc/ca-certificates.conf
done
else
echo "INFO: no extra ca found in folder ${l_input_dir}."
fi
echo "linagora/GandiStandardSSLCA2.pem" >> /etc/ca-certificates.conf
update-ca-certificates
if [ "${LINSHARE_PRODUCTION_MODE}" == "TRUE" ] ; then
sed -i -e '/<session-config>/ a\ <tracking-mode>COOKIE</tracking-mode>' /usr/local/tomcat/conf/web.xml
sed -i -e '/<\/Host>/ i\ <Valve className="org.apache.catalina.valves.ErrorReportValve" showServerInfo="false" showReport="false" />' /usr/local/tomcat/conf/server.xml
fi
exec /usr/local/tomcat/bin/catalina.sh run