From bc4c073b43b8cce6f7404cbf75124c4f19ac1bdf Mon Sep 17 00:00:00 2001 From: Disassembler Date: Wed, 12 Sep 2018 11:44:30 +0200 Subject: [PATCH] CKAN setup --- ckan/lxcfile | 4 ++++ ckan/setup.sh | 27 ++++++++++++++------------- 2 files changed, 18 insertions(+), 13 deletions(-) diff --git a/ckan/lxcfile b/ckan/lxcfile index ddc2578..d9fd162 100644 --- a/ckan/lxcfile +++ b/ckan/lxcfile @@ -36,6 +36,10 @@ SCRIPT pip install -r /srv/ckan/src/ckanext-spatial/pip-requirements.txt pip install -r /srv/ckan/src/ckanext-dgvat-xls/requirements.txt + # Create mountpoints + mkdir /etc/ckan + mkdir /srv/ckan/storage + # Create OS user addgroup -S -g 8003 ckan adduser -S -u 8003 -h /srv/ckan -s /bin/false -g ckan -G ckan ckan diff --git a/ckan/setup.sh b/ckan/setup.sh index c82eca3..fd9263e 100755 --- a/ckan/setup.sh +++ b/ckan/setup.sh @@ -4,17 +4,18 @@ set -e SOURCE_DIR=$(realpath $(dirname "${0}"))/setup # Check prerequisites -service postgres start -service redis start -service solr start +# TODO: Have setup prereqs in a manifest file +for SERVICE in postgres redis solr; do + [ ! -e /run/openrc/started/${SERVICE} ] && service ${SERVICE} start && STOP_SERVICES="${STOP_SERVICES} ${SERVICE}" +done # Create database export CKAN_PWD=$(head -c 18 /dev/urandom | base64) export CKAN_DS_PWD=$(head -c 18 /dev/urandom | base64) -envsubst <${SOURCE_DIR}/createdb.sql | lxc-attach postgres -- /bin/s6-setuidgid 5432:5432 psql +envsubst <${SOURCE_DIR}/createdb.sql | lxc-attach -u 5432 -g 5432 postgres -- psql # Configure CKAN Solr core -# TODO lxc-execute solr -- solr create -p 8983 -c ckan +lxc-attach -u 8983 -g 8983 solr -- /usr/bin/solr create -p 8983 -c ckan cp ${SOURCE_DIR}/srv/solr/data/ckan/conf/schema.xml /srv/solr/data/ckan/conf/schema.xml cp ${SOURCE_DIR}/srv/solr/data/ckan/conf/solrconfig.xml /srv/solr/data/ckan/conf/solrconfig.xml chown 8983:8983 /srv/solr/data/ckan/conf/schema.xml @@ -26,6 +27,7 @@ export CKAN_SECRET=$(head -c 18 /dev/urandom | base64) export CKAN_UUID=$(cat /proc/sys/kernel/random/uuid) envsubst <${SOURCE_DIR}/srv/ckan/conf/ckan.ini >/srv/ckan/conf/ckan.ini cp ${SOURCE_DIR}/srv/ckan/conf/who.ini /srv/ckan/conf/who.ini +chown -R 8003:8003 /srv/ckan/data # Set "production values" (increases performance) only if the DEBUG environment variable is not set if [ ${DEBUG:-0} -eq 0 ]; then @@ -35,17 +37,16 @@ fi # Populate database lxc-execute ckan -- /usr/bin/paster --plugin=ckan db init -c /etc/ckan/ckan.ini lxc-execute ckan -- /usr/bin/paster --plugin=ckanext-spatial spatial initdb -c /etc/ckan/ckan.ini -lxc-execute ckan -- /usr/bin/paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach postgres -- /bin/s6-setuidgid 5432:5432 psql -chown -R 8003:8003 /srv/ckan/data # TODO: re)move as uid is now correct ? +lxc-execute ckan -- /usr/bin/paster --plugin=ckan datastore set-permissions -c /etc/ckan/ckan.ini | lxc-attach -u 5432 -g 5432 postgres -- /usr/bin/psql # Create admin account export CKAN_ADMIN_USER="admin" export CKAN_ADMIN_UUID=$(cat /proc/sys/kernel/random/uuid) export CKAN_ADMIN_APIKEY=$(cat /proc/sys/kernel/random/uuid) export CKAN_ADMIN_PWD=$(head -c 12 /dev/urandom | base64) -export CKAN_ADMIN_HASH=$(docker run --rm ckan python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')") +export CKAN_ADMIN_HASH=$(lxc-execute ckan -- /usr/bin/python -c "from passlib.hash import pbkdf2_sha512;print pbkdf2_sha512.encrypt('${CKAN_ADMIN_PWD}')") export CKAN_ADMIN_EMAIL="admin@example.com" -envsubst <${SOURCE_DIR}/adminpwd.sql | docker exec -i postgres psql ckan +envsubst <${SOURCE_DIR}/adminpwd.sql | lxc-attach -u 5432 -g 5432 postgres -- /usr/bin/psql ckan vmmgr update-login ckan "${CKAN_ADMIN_USER}" "${CKAN_ADMIN_PWD}" # Install cron job @@ -55,7 +56,7 @@ cp ${SOURCE_DIR}/etc/periodic/hourly/ckan /etc/periodic/hourly/ckan cp ${SOURCE_DIR}/etc/init.d/ckan /etc/init.d/ckan rc-update -u -# Stop services required for build -service solr stop -service redis stop -service postgres stop +# Stop services required for setup +for SERVICE in ${STOP_SERVICES}; do + service ${SERVICE} stop +done