8014: Improve conffile handling in arvados-sso postinst.

[arvados.git] / jenkins / arvados-sso-server-extras / arvados-sso-server.postinst

#!/bin/bash

set -e

INSTALL_PATH=/var/www/arvados-sso
RELEASE_PATH=$INSTALL_PATH/current
RELEASE_CONFIG_PATH=$RELEASE_PATH/config
SHARED_PATH=$INSTALL_PATH/shared
CONFIG_PATH=/etc/arvados/sso
PACKAGE_NAME=arvados-sso-server
DOC_URL="http://doc.arvados.org/install/install-sso.html#configure"

DATABASE_READY=1
APPLICATION_READY=1

if [ -s "$HOME/.rvm/scripts/rvm" ] || [ -s "/usr/local/rvm/scripts/rvm" ]; then
    COMMAND_PREFIX="/usr/local/rvm/bin/rvm-exec default"
else
    COMMAND_PREFIX=
fi

report_not_ready() {
    local ready_flag=$1; shift
    local config_file=$1; shift
    if [ "1" != "$ready_flag" ]; then cat >&2 <<EOF

PLEASE NOTE:

The $PACKAGE_NAME package was not configured completely because
$config_file needs some tweaking.
Please refer to the documentation at
<$DOC_URL> for more details.

When $(basename "$config_file") has been modified,
reconfigure or reinstall this package.

EOF
    fi
}

report_web_service_warning() {
    local warning=$1; shift
    cat >&2 <<EOF

WARNING: $warning.

To override, set the WEB_SERVICE environment variable to the name of the service
hosting the Rails server.

For Debian-based systems, then reconfigure this package with dpkg-reconfigure.

For RPM-based systems, then reinstall this package.

EOF
}

setup_conffile() {
    # Usage: setup_conffile CONFFILE_PATH [SOURCE_PATH]
    # Both paths are relative to RELEASE_CONFIG_PATH.
    # This function will try to safely ensure that a symbolic link for
    # the configuration file points from RELEASE_CONFIG_PATH to CONFIG_PATH.
    # If SOURCE_PATH is given, this function will try to install that file as
    # the configuration file in CONFIG_PATH, and return 1 if the file in
    # CONFIG_PATH is unmodified from the source.
    local conffile_relpath=$1; shift
    local conffile_source=$1; shift
    local release_conffile=$RELEASE_CONFIG_PATH/$conffile_relpath
    local etc_conffile=$CONFIG_PATH/$(basename "$conffile_relpath")

    # Note that -h can return true and -e will return false simultaneously
    # when the target is a dangling symlink.  We're okay with that outcome,
    # so check -h first.
    if [ ! -h "$release_conffile" ]; then
        if [ ! -e "$release_conffile" ]; then
            ln -s "$etc_conffile" "$release_conffile"
        # If there's a config file in /var/www identical to the one in /etc,
        # overwrite it with a symlink.
        elif cmp --quiet "$release_conffile" "$etc_conffile"; then
            ln --force -s "$etc_conffile" "$release_conffile"
        fi
    fi

    if [ -n "$conffile_source" ]; then
        cp --no-clobber "$RELEASE_CONFIG_PATH/$conffile_source" "$etc_conffile"
        # Even if $etc_conffile already existed, it might be unmodified from
        # the source.  This is especially likely when a user installs, updates
        # database.yml, then reconfigures before they update application.yml.
        # Use cmp to be sure whether $etc_conffile is modified.
        if cmp --quiet "$RELEASE_CONFIG_PATH/$conffile_source" "$etc_conffile"; then
            return 1
        fi
    fi
}

configure_version() {
  WEB_SERVICE=${WEB_SERVICE:-$(service --status-all 2>/dev/null \
      | grep -Eo '\bnginx|httpd[^[:space:]]*' || true)}
  if [ -z "$WEB_SERVICE" ]; then
    report_web_service_warning "Web service (Nginx or Apache) not found"
  elif [ "$WEB_SERVICE" != "$(echo "$WEB_SERVICE" | head -n 1)" ]; then
    WEB_SERVICE=$(echo "$WEB_SERVICE" | head -n 1)
    report_web_service_warning \
        "Multiple web services found.  Choosing the first one ($WEB_SERVICE)"
  fi

  if [ -e /etc/redhat-release ]; then
      # Recognize any service that starts with "nginx"; e.g., nginx16.
      if [ "$WEB_SERVICE" != "${WEB_SERVICE#nginx}" ]; then
        WWW_OWNER=nginx:nginx
      else
        WWW_OWNER=apache:apache
      fi
  else
      # Assume we're on a Debian-based system for now.
      # Both Apache and Nginx run as www-data by default.
      WWW_OWNER=www-data:www-data
  fi

  echo
  echo "Assumption: $WEB_SERVICE is configured to serve your SSO server URL from"
  echo "            $RELEASE_PATH"
  echo "Assumption: configuration files are in $CONFIG_PATH"
  echo "Assumption: $WEB_SERVICE and passenger run as $WWW_OWNER"
  echo

  echo -n "Symlinking files from $CONFIG_PATH ..."
  mkdir -p $CONFIG_PATH
  setup_conffile database.yml database.yml.example || DATABASE_READY=0
  setup_conffile environments/production.rb environments/production.rb.example \
      || true
  setup_conffile application.yml application.yml.example || APPLICATION_READY=0
  echo "... done."

  # Before we do anything else, make sure some directories and files are in place
  if [ ! -e $SHARED_PATH/log ]; then mkdir -p $SHARED_PATH/log; fi
  if [ ! -e $RELEASE_PATH/tmp ]; then mkdir -p $RELEASE_PATH/tmp; fi
  if [ ! -e $RELEASE_PATH/log ]; then ln -s $SHARED_PATH/log $RELEASE_PATH/log; fi
  if [ ! -e $SHARED_PATH/log/production.log ]; then touch $SHARED_PATH/log/production.log; fi

  cd "$RELEASE_PATH"
  export RAILS_ENV=production

  echo "Making sure bundle is installed ..."
  set +e
  which bundle > /dev/null
  if [[ "$?" != "0" ]]; then
    $COMMAND_PREFIX gem install bundle
  fi
  set -e
  echo "... done."

  echo -n "Running bundle install ..."
  $COMMAND_PREFIX bundle install --path $SHARED_PATH/vendor_bundle --quiet || exit $?
  echo "... done."

  echo -n "Ensuring directory and file permissions ..."
  # Ensure correct ownership of a few files
  chown "$WWW_OWNER" $RELEASE_PATH/config/environment.rb
  chown "$WWW_OWNER" $RELEASE_PATH/config.ru
  chown "$WWW_OWNER" $RELEASE_PATH/config/database.yml
  chown "$WWW_OWNER" $RELEASE_PATH/Gemfile.lock
  chown -R "$WWW_OWNER" $RELEASE_PATH/tmp
  chown -R "$WWW_OWNER" $SHARED_PATH/log
  chown "$WWW_OWNER" $RELEASE_PATH/db/schema.rb
  chmod 644 $SHARED_PATH/log/*
  echo "... done."

  set +e
  DB_MIGRATE_STATUS=`$COMMAND_PREFIX bundle exec rake db:migrate:status 2>&1`
  DB_MIGRATE_STATUS_CODE=$?
  set -e

  if echo $DB_MIGRATE_STATUS | grep 'Schema migrations table does not exist yet.' >/dev/null; then
    # The database exists, but the migrations table doesn't.
    echo -n "Setting up database ..."
    $COMMAND_PREFIX bundle exec rake db:schema:load db:seed || exit $?
    echo "... done."
  elif echo $DB_MIGRATE_STATUS | grep '^database: ' >/dev/null; then
    echo -n "Running db:migrate ..."
    $COMMAND_PREFIX bundle exec rake db:migrate || exit $?
    echo "... done."
  elif echo $DB_MIGRATE_STATUS | grep 'database .* does not exist' >/dev/null; then
    echo -n "Running db:setup ..."
    set +e
    $COMMAND_PREFIX bundle exec rake db:setup 2>/dev/null
    if [ "$?" = "0" ]; then
      echo "... done."
    else
      echo "... failed."
      echo "Warning: unable to set up database." >&2
      DATABASE_READY=0
    fi
    set -e
  else
    echo "Warning: Database is not ready to set up. Skipping database setup." >&2
    DATABASE_READY=0
  fi

  echo -n "Precompiling assets ..."
  # precompile assets; thankfully this does not take long
  if [ "$APPLICATION_READY" = "1" ]; then
    set +e
    $COMMAND_PREFIX bundle exec rake assets:precompile -q -s 2>/dev/null
    if [ "$?" = "0" ]; then
      echo "... done."
    else
      echo "... failed."
      APPLICATION_READY=0
    fi
    set -e
  else
    echo "... skipped."
  fi
  chown -R "$WWW_OWNER" $RELEASE_PATH/tmp

  if [ ! -z "$WEB_SERVICE" ]; then
    echo -n "Restarting $WEB_SERVICE ..."
    service "$WEB_SERVICE" restart >/dev/null || exit $?
    echo "... done."
  fi
}

if [ "$1" = configure ]; then
  # This is a debian-based system
  configure_version
elif [ "$1" = "0" ] || [ "$1" = "1" ] || [ "$1" = "2" ]; then
  # This is an rpm-based system
  configure_version
fi

report_not_ready "$DATABASE_READY" "$CONFIG_PATH/database.yml"
report_not_ready "$APPLICATION_READY" "$CONFIG_PATH/application.yml"