Voraussetzungen

  • MariaDB installiert,Datenbank „datareporter“ mit Benutzerzugriff eingerichtet
  • wget installiert
  • java installiert (Oracle oder OpenJDK)
  • Benutzer „datareporter“ am System angelegt („useradd datareporter“)
  • in /etc/hosts datareporter.internal auf Datenbank - IP umleiten (127.0.0.1)
  • Wichtig für ELK Logging: Timezone muss auf Europe/Vienna gestellt sein

Firewalld muss konfiguriert werden (danach Neustart):

firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=8080

Verzeichnis /opt/webserver

insgesamt 134684
drwxr-xr-x. 3 datareporter datareporter        94 14. Mär 06:50 .
drwxr-xr-x. 3 root         root                23 13. Mär 12:03 ..
-rw-r--r--. 1 datareporter datareporter      1184 13. Mär 19:01 application.properties
-rw-r--r--. 1 datareporter datareporter 137908613 14. Mär 06:50 datareporter-server-1.0-SNAPSHOT.jar
drwxr-xr-x. 2 root         root                46 14. Mär 08:17 update

./update:
insgesamt 8
drwxr-xr-x. 2 root         root           46 14. Mär 08:17 .
drwxr-xr-x. 3 datareporter datareporter   94 14. Mär 06:50 ..
-rw-------. 1 root         root         1704 13. Mär 15:14 update_priv.pem
-rwx------. 1 root         root         3231 14. Mär 06:50 update.sh
[Unit]
Description=datareporter
After=mariadb.service

[Service]
User=datareporter
WorkingDirectory=/opt/webserver
ExecStart=/usr/bin/java -Xmx512m -Djdk.tls.ephemeralDHKeySize=2048 -jar /opt/webserver/datareporter-server-1.0-SNAPSHOT.jar
SuccessExitStatus=143
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=datareporter

[Install]
WantedBy=multi-user.target

Bedienung:

systemctl enable datareporter     # Installieren des Services
systemctl start datareporter      # Starten des Services
systemctl stop datareporter       # Stoppen des Services
systemctl restart datareporter    # Service neu starten
systemctl is-active datereporter  # Service abfragen, ob er aktiv ist

# Logging wird ins syslog geschrieben:

journalctl -f -u datareporter     # aktuelles Log anzeigen und live anzeigen (wie tail -f)
journalctl -u datareporter     # gesamtes Log anzeigen
logging.level.org.springframework.web: ERROR
logging.level.org.thymeleaf: ERROR
logging.level.org.hibernate: ERROR
logging.level.org.reflections: ERROR

spring.http.multipart.max-file-size=10Mb
spring.http.multipart.max-request-size=10Mb


# Debug tomcat settings
server.port=8080
application.skipredirect=true


# absolute URL of own application (without trailing /, including protocol)
application.url=http://...

# Debug mode activated (no login needed...)
application.debug=false

# Disable sending mail if true
application.disableMailQueue=false

# Should localization be read from the database? (else from i18n file inside application)
application.localizationDatabase=false

# Should the index_screenshot be used for UI? (only active when debug=true)
application.screenshotMode=false

# Email send configuration
spring.mail.host=email-smtp.eu-west-1.amazonaws.com
spring.mail.username=AKIAIQDQ6E4BDQIZ3Y4Q
spring.mail.password=Aijxuor2/BMPdFRDNBuwJ6Bhx/XsB5YI56aXdIoY6nn9
spring.mail.protocol=smtps
spring.mail.smtps.auth=true
spring.mail.smtp.ssl.enable=true


# Default sender address when no email is given
application.defaultEmailSender=office@datareporter.eu
#/bin/bash

CHANNEL=$1
UPDATE_SERVER=https://doku.datareporter.eu/update/$CHANNEL
UPDATE_DIR=/opt/webserver/update
JAR_FILE=datareporter-server-1.0-SNAPSHOT.jar

PRODUCTIVE_DIR=/opt/webserver

if [[ $# -eq 0 ]] ; then
    echo "Usage: $0 <Channel> [reboot]"
    echo "For Example: "
    echo "$0 00 reboot"
    exit 0
fi

if [ -f $UPDATE_DIR/$JAR_FILE ]; then
  echo "Update was downloaded and is available. "
else


# Checking against update server
echo "Getting Version SHA256 from $UPDATE_SERVER"
wget -q $UPDATE_SERVER/version.sha256 -O $UPDATE_DIR/version.sha256

echo "Checking if version is newer..."
comp_value=1
if [ -f $UPDATE_DIR/current.sha256 ]; then
  if [ -f $UPDATE_DIR/version.sha256 ]; then
    # check for content of current version and downloaded version sha
    diff $UPDATE_DIR/current.sha256 $UPDATE_DIR/version.sha256  >/dev/null
    comp_value=$?
  else
    echo "version.sha256 does not exist - but it should. Exiting."
    exit 1
  fi
else
  echo "current.sha256 not existing - assuming available update is newer."
fi

# new version available?
if [ $comp_value -eq 1 ]; then

    echo "New version available - downloading now"

    # download new version from update server
    wget -q $UPDATE_SERVER/$JAR_FILE.enc -O $UPDATE_DIR/$JAR_FILE.enc
    echo "Decrypting JAR file..."
    # decrypt the jar with the private key
    openssl smime -decrypt -in $UPDATE_DIR/$JAR_FILE.enc -binary -inform DEM -inkey $UPDATE_DIR/update_priv.pem -out $UPDATE_DIR/$JAR_FILE

    #remove the encrypted file
    rm $UPDATE_DIR/$JAR_FILE.enc

    echo "Checking SHA256 for downloaded file against downloaded SHA for update sanity..."
    if [ -f $UPDATE_DIR/$JAR_FILE ]; then

      # get checksum of encrypted file and check against downloaded sha - if equal both are verified
      cat $UPDATE_DIR/$JAR_FILE | sha256sum >$UPDATE_DIR/downloaded.sha256
      diff $UPDATE_DIR/downloaded.sha256 $UPDATE_DIR/version.sha256  >/dev/null
      comp_value=$?
      if [ $comp_value -eq 0 ]; then
   echo "Update downloaded and checked, everything OK!"
      else
         rm $UPDATE_DIR/$JAR_FILE
         rm $UPDATE_DIR/downloaded.sha256
         echo "Downloaded and unencrypted file does not match hash."
      fi
    fi


else
    echo "Current version is up to date - no need to do anything"
fi

rm $UPDATE_DIR/version.sha256

fi

# if downloaded.sha256 and jar file are available, install it
if [ -f $UPDATE_DIR/$JAR_FILE ]; then
  if [ -f $UPDATE_DIR/downloaded.sha256 ]; then
    echo "Update verified and ready to install..."

    echo "Stopping service and waiting 10 seconds to update"
    systemctl stop datareporter
    sleep 10

    systemctl is-active --quiet datareporter
    isRunning=$?

    if [ ! $isRunning -eq 0 ]; then

      # do update
      echo "Applying update"
      rm $PRODUCTIVE_DIR/$JAR_FILE
      mv $UPDATE_DIR/$JAR_FILE $PRODUCTIVE_DIR/$JAR_FILE
      mv $UPDATE_DIR/downloaded.sha256 $UPDATE_DIR/current.sha256
      chown datareporter:datareporter $PRODUCTIVE_DIR/$JAR_FILE
      systemctl daemon-reload

    fi

    if [ "$2" == "reboot" ]; then
      /sbin/init 6
    else
      echo "Service start"
      # start service
      systemctl start datareporter
    fi
  fi
fi

echo "Ready."