====== Voraussetzungen ======
* MariaDB installiert,Datenbank "datareporter" mit Benutzerzugriff eingerichtet
* wget installiert
* java installiert (Oracle oder OpenJDK)
* Benutzer "datareporter" am System angelegt ("useradd datareporter")
* in /etc/hosts datareporter.internal auf Datenbank - IP umleiten (127.0.0.1)
* Wichtig für ELK Logging: Timezone muss auf Europe/Vienna gestellt sein
Firewalld muss konfiguriert werden (danach Neustart):
firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=8080
====== Verzeichnis /opt/webserver ======
insgesamt 134684
drwxr-xr-x. 3 datareporter datareporter 94 14. Mär 06:50 .
drwxr-xr-x. 3 root root 23 13. Mär 12:03 ..
-rw-r--r--. 1 datareporter datareporter 1184 13. Mär 19:01 application.properties
-rw-r--r--. 1 datareporter datareporter 137908613 14. Mär 06:50 datareporter-server-1.0-SNAPSHOT.jar
drwxr-xr-x. 2 root root 46 14. Mär 08:17 update
./update:
insgesamt 8
drwxr-xr-x. 2 root root 46 14. Mär 08:17 .
drwxr-xr-x. 3 datareporter datareporter 94 14. Mär 06:50 ..
-rw-------. 1 root root 1704 13. Mär 15:14 update_priv.pem
-rwx------. 1 root root 3231 14. Mär 06:50 update.sh
===== Systemd Eintrag (/etc/systemd/system/datareporter.service) =====
[Unit]
Description=datareporter
After=mariadb.service
[Service]
User=datareporter
WorkingDirectory=/opt/webserver
ExecStart=/usr/bin/java -Xmx512m -Djdk.tls.ephemeralDHKeySize=2048 -jar /opt/webserver/datareporter-server-1.0-SNAPSHOT.jar
SuccessExitStatus=143
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=datareporter
[Install]
WantedBy=multi-user.target
==== Bedienung: ====
systemctl enable datareporter # Installieren des Services
systemctl start datareporter # Starten des Services
systemctl stop datareporter # Stoppen des Services
systemctl restart datareporter # Service neu starten
systemctl is-active datereporter # Service abfragen, ob er aktiv ist
# Logging wird ins syslog geschrieben:
journalctl -f -u datareporter # aktuelles Log anzeigen und live anzeigen (wie tail -f)
journalctl -u datareporter # gesamtes Log anzeigen
===== application.properties =====
logging.level.org.springframework.web: ERROR
logging.level.org.thymeleaf: ERROR
logging.level.org.hibernate: ERROR
logging.level.org.reflections: ERROR
spring.http.multipart.max-file-size=10Mb
spring.http.multipart.max-request-size=10Mb
# Debug tomcat settings
server.port=8080
application.skipredirect=true
# absolute URL of own application (without trailing /, including protocol)
application.url=http://...
# Debug mode activated (no login needed...)
application.debug=false
# Disable sending mail if true
application.disableMailQueue=false
# Should localization be read from the database? (else from i18n file inside application)
application.localizationDatabase=false
# Should the index_screenshot be used for UI? (only active when debug=true)
application.screenshotMode=false
# Email send configuration
spring.mail.host=email-smtp.eu-west-1.amazonaws.com
spring.mail.username=AKIAIQDQ6E4BDQIZ3Y4Q
spring.mail.password=Aijxuor2/BMPdFRDNBuwJ6Bhx/XsB5YI56aXdIoY6nn9
spring.mail.protocol=smtps
spring.mail.smtps.auth=true
spring.mail.smtp.ssl.enable=true
# Default sender address when no email is given
application.defaultEmailSender=office@datareporter.eu
===== update.sh =====
#/bin/bash
CHANNEL=$1
UPDATE_SERVER=https://doku.datareporter.eu/update/$CHANNEL
UPDATE_DIR=/opt/webserver/update
JAR_FILE=datareporter-server-1.0-SNAPSHOT.jar
PRODUCTIVE_DIR=/opt/webserver
if [[ $# -eq 0 ]] ; then
echo "Usage: $0 [reboot]"
echo "For Example: "
echo "$0 00 reboot"
exit 0
fi
if [ -f $UPDATE_DIR/$JAR_FILE ]; then
echo "Update was downloaded and is available. "
else
# Checking against update server
echo "Getting Version SHA256 from $UPDATE_SERVER"
wget -q $UPDATE_SERVER/version.sha256 -O $UPDATE_DIR/version.sha256
echo "Checking if version is newer..."
comp_value=1
if [ -f $UPDATE_DIR/current.sha256 ]; then
if [ -f $UPDATE_DIR/version.sha256 ]; then
# check for content of current version and downloaded version sha
diff $UPDATE_DIR/current.sha256 $UPDATE_DIR/version.sha256 >/dev/null
comp_value=$?
else
echo "version.sha256 does not exist - but it should. Exiting."
exit 1
fi
else
echo "current.sha256 not existing - assuming available update is newer."
fi
# new version available?
if [ $comp_value -eq 1 ]; then
echo "New version available - downloading now"
# download new version from update server
wget -q $UPDATE_SERVER/$JAR_FILE.enc -O $UPDATE_DIR/$JAR_FILE.enc
echo "Decrypting JAR file..."
# decrypt the jar with the private key
openssl smime -decrypt -in $UPDATE_DIR/$JAR_FILE.enc -binary -inform DEM -inkey $UPDATE_DIR/update_priv.pem -out $UPDATE_DIR/$JAR_FILE
#remove the encrypted file
rm $UPDATE_DIR/$JAR_FILE.enc
echo "Checking SHA256 for downloaded file against downloaded SHA for update sanity..."
if [ -f $UPDATE_DIR/$JAR_FILE ]; then
# get checksum of encrypted file and check against downloaded sha - if equal both are verified
cat $UPDATE_DIR/$JAR_FILE | sha256sum >$UPDATE_DIR/downloaded.sha256
diff $UPDATE_DIR/downloaded.sha256 $UPDATE_DIR/version.sha256 >/dev/null
comp_value=$?
if [ $comp_value -eq 0 ]; then
echo "Update downloaded and checked, everything OK!"
else
rm $UPDATE_DIR/$JAR_FILE
rm $UPDATE_DIR/downloaded.sha256
echo "Downloaded and unencrypted file does not match hash."
fi
fi
else
echo "Current version is up to date - no need to do anything"
fi
rm $UPDATE_DIR/version.sha256
fi
# if downloaded.sha256 and jar file are available, install it
if [ -f $UPDATE_DIR/$JAR_FILE ]; then
if [ -f $UPDATE_DIR/downloaded.sha256 ]; then
echo "Update verified and ready to install..."
echo "Stopping service and waiting 10 seconds to update"
systemctl stop datareporter
sleep 10
systemctl is-active --quiet datareporter
isRunning=$?
if [ ! $isRunning -eq 0 ]; then
# do update
echo "Applying update"
rm $PRODUCTIVE_DIR/$JAR_FILE
mv $UPDATE_DIR/$JAR_FILE $PRODUCTIVE_DIR/$JAR_FILE
mv $UPDATE_DIR/downloaded.sha256 $UPDATE_DIR/current.sha256
chown datareporter:datareporter $PRODUCTIVE_DIR/$JAR_FILE
systemctl daemon-reload
fi
if [ "$2" == "reboot" ]; then
/sbin/init 6
else
echo "Service start"
# start service
systemctl start datareporter
fi
fi
fi
echo "Ready."