From b44c2dbfcf931634a94b45b8bc24f5d4098a07e6 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Wed, 23 Jan 2019 12:59:42 +0100 Subject: [PATCH] Add update check script (fixes #20) --- init-repo.sh | 17 +++++----- postinstall.sh | 7 ++++ scripts/check-update.sh | 29 ++++++++++++++++ .../autorenew => scripts}/ssl-renew.sh | 2 +- scripts/update.sh | 33 +++++++++++++++++++ templates/mail/update-notification.txt | 5 +++ 6 files changed, 83 insertions(+), 10 deletions(-) create mode 100755 scripts/check-update.sh rename {letsencrypt/autorenew => scripts}/ssl-renew.sh (97%) mode change 100644 => 100755 create mode 100755 scripts/update.sh create mode 100644 templates/mail/update-notification.txt diff --git a/init-repo.sh b/init-repo.sh index d25c118..3c803dd 100755 --- a/init-repo.sh +++ b/init-repo.sh @@ -59,6 +59,7 @@ echo "VIRTUAL_HOST=$VIRTUAL_HOST" >> "$ENVFILE" # finished .env file generation +mkdir letsencrypt/autorenew/ rm -f letsencrypt/autorenew/ssl-domains.dat # fille autorenew config echo "$VIRTUAL_HOST,dba.$DOMAIN,drive.$DOMAIN,mail.$DOMAIN,spam.$DOMAIN,webmail.$DOMAIN,welcome.$DOMAIN$OFFICE_DOMAIN" | tr "," "\n" | while read CURDOMAIN; do @@ -139,14 +140,18 @@ ssh-keygen -f /mnt/docker/accounts/id_rsa_postfixadmincontainer -N "" chown "33:33" /mnt/docker/accounts/id_rsa_postfixadmincontainer chown "1000:1000" /mnt/docker/accounts/id_rsa_postfixadmincontainer.pub - # needed to store created accounts, and needs to be writable by welcome touch /mnt/docker/accounts/auth.file.done chown "33:33" /mnt/docker/accounts/auth.file.done -# Run LE cert request -sh letsencrypt/autorenew/ssl-renew.sh +# Login to /e/ registry | not necessary when going public +docker login registry.gitlab.e.foundation:5000 + +cd /mnt/docker/ +docker-compose up -d +# Run LE cert request +sh scripts/ssl-renew.sh # verify LE status CTR_LE=$(find letsencrypt/certstore/live/dba.$DOMAIN/privkey.pem letsencrypt/certstore/live/drive.$DOMAIN/privkey.pem letsencrypt/certstore/live/mail.$DOMAIN/privkey.pem letsencrypt/certstore/live/spam.$DOMAIN/privkey.pem letsencrypt/certstore/live/webmail.$DOMAIN/privkey.pem letsencrypt/certstore/live/welcome.$DOMAIN/privkey.pem $OFFICE_LETSENCRYPT_KEY 2>/dev/null| wc -l) @@ -163,10 +168,4 @@ else exit 1 fi -# Login to /e/ registry | not necessary when going public -docker login registry.gitlab.e.foundation:5000 - -cd /mnt/docker/ -docker-compose up -d - bash /mnt/repo-base/postinstall.sh diff --git a/postinstall.sh b/postinstall.sh index 947460d..1822fc5 100755 --- a/postinstall.sh +++ b/postinstall.sh @@ -19,7 +19,14 @@ PFDB_DB=$(grep ^PFDB_DB= "$ENVFILE" | awk -F= '{ print $NF }') PFDB_USR=$(grep ^PFDB_USR= "$ENVFILE" | awk -F= '{ print $NF }') PFDB_DBPASS=$(grep ^DBPASS= "$ENVFILE" | awk -F= '{ print $NF }') +# We need to wait until both the config exists and occ works. If we only do one of these, it might +# still not work. printf "Waiting for Nextcloud to be started" +while [ ! -f /mnt/docker/nextcloud/config/config.php ] +do + printf "." + sleep 0.1 +done while docker-compose exec --user www-data nextcloud php occ | grep "Nextcloud is not installed" > /dev/null; do printf "." diff --git a/scripts/check-update.sh b/scripts/check-update.sh new file mode 100755 index 0000000..17a899e --- /dev/null +++ b/scripts/check-update.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -e + +ENVFILE="/mnt/docker/.env" +DOMAIN=$(grep ^DOMAIN= "$ENVFILE" | awk -F= '{ print $NF }') +ALT_EMAIL=$(grep ^ALT_EMAIL= "$ENVFILE" | awk -F= '{ print $NF }') +KNOWN_VERSION_FILE="/mnt/repo-base/config/latest-known-version" +# TODO: delete this once config folder is included in the repo +mkdir /mnt/repo-base/config/ || true +touch $KNOWN_VERSION_FILE + +CURRENT_VERSION_DATE=$(git show -s --format=%ci HEAD) +git fetch --tags +LATEST_TAG=$(git tag --sort=creatordate | tail -n 1) +LATEST_VERSION_DATE=$(git show -s --format=%ci "$LATEST_TAG") + +if [[ "$LATEST_VERSION_DATE" > "$CURRENT_VERSION_DATE" ]] +then + echo "New version $LATEST_TAG is available!" + if [ "$LATEST_TAG" != "$(cat $KNOWN_VERSION_FILE)" ] + then + echo "$LATEST_TAG" > "$KNOWN_VERSION_FILE" + cat "templates/mail/update-notification.txt" | \ + sed "s/@@@DOMAIN@@@/$DOMAIN/g" | \ + docker-compose exec -T eelomailserver sendmail -f "drive@$DOMAIN" -t "$ALT_EMAIL" + fi +else + echo "No update available" +fi diff --git a/letsencrypt/autorenew/ssl-renew.sh b/scripts/ssl-renew.sh old mode 100644 new mode 100755 similarity index 97% rename from letsencrypt/autorenew/ssl-renew.sh rename to scripts/ssl-renew.sh index 7f6ba92..39e2f52 --- a/letsencrypt/autorenew/ssl-renew.sh +++ b/scripts/ssl-renew.sh @@ -30,7 +30,7 @@ cat "$CONFIG" | while read TYPE DOMAIN; do echo "Certificate for $DOMAIN renewed and is valid until: $NVALIDTHRU (was: $VALIDTHRU)" if [ "$DOMAIN" = "$MAILHOST" ] then - cd /mnt/docker/compose + cd /mnt/repo-base/ docker-compose restart eelomailserver fi :;done diff --git a/scripts/update.sh b/scripts/update.sh new file mode 100755 index 0000000..4aaece5 --- /dev/null +++ b/scripts/update.sh @@ -0,0 +1,33 @@ +#!/bin/bash +set -e + +CURRENT_VERSION_DATE=$(git show -s --format=%ci HEAD) +git fetch --tags +LATEST_TAG=$(git tag --sort=creatordate | tail -n 1) +LATEST_VERSION_DATE=$(git show -s --format=%ci "$LATEST_TAG") + +if [[ ! "$CURRENT_VERSION_DATE" < "$LATEST_VERSION_DATE" ]] +then + echo "No update available" + exit +fi + +echo "New version is $LATEST_TAG +Changelog: https://gitlab.e.foundation/e/priv/infra/compose/tags/$LATEST_TAG +Do you want to upgrade? [y/N]" +read answer + +# https://stackoverflow.com/a/27875395 +if [ "$answer" == "${answer#[Yy]}" ] ;then + echo "aborted" + exit +fi + +echo -e "\n\nUpdating git repository to latest version" +git checkout "$LATEST_TAG" + +echo -e "\n\nUpdating Docker images" +docker-compose pull +docker-compose up -d + +echo -e "\n\nUpdate complete. Consider running 'docker image prune --all' to reclaim space from old images" diff --git a/templates/mail/update-notification.txt b/templates/mail/update-notification.txt new file mode 100644 index 0000000..04d42f8 --- /dev/null +++ b/templates/mail/update-notification.txt @@ -0,0 +1,5 @@ +Subject:Update available for @@@DOMAIN@@@ +A new update is available. Please login via ssh and run the following +command: + +bash /mnt/repo-base/scripts/update.sh -- GitLab