Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
| Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
|
systemd_install_update [2018/03/14 07:19] mike angelegt |
systemd_install_update [2020/12/17 05:48] (aktuell) mike |
||
|---|---|---|---|
| Zeile 1: | Zeile 1: | ||
| + | ====== Voraussetzungen ====== | ||
| + | |||
| + | * MariaDB installiert,Datenbank "datareporter" mit Benutzerzugriff eingerichtet | ||
| + | * wget installiert | ||
| + | * java installiert (Oracle oder OpenJDK) | ||
| + | * Benutzer "datareporter" am System angelegt ("useradd datareporter") | ||
| + | * in /etc/hosts datareporter.internal auf Datenbank - IP umleiten (127.0.0.1) | ||
| + | * Wichtig für ELK Logging: Timezone muss auf Europe/Vienna gestellt sein | ||
| + | |||
| + | Firewalld muss konfiguriert werden (danach Neustart): | ||
| + | |||
| + | <code> | ||
| + | firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=8080 | ||
| + | </code> | ||
| + | |||
| + | |||
| ====== Verzeichnis /opt/webserver ====== | ====== Verzeichnis /opt/webserver ====== | ||
| Zeile 7: | Zeile 23: | ||
| drwxr-xr-x. 3 root root 23 13. Mär 12:03 .. | drwxr-xr-x. 3 root root 23 13. Mär 12:03 .. | ||
| -rw-r--r--. 1 datareporter datareporter 1184 13. Mär 19:01 application.properties | -rw-r--r--. 1 datareporter datareporter 1184 13. Mär 19:01 application.properties | ||
| - | -rw-r--r--. 1 root root 137908613 14. Mär 06:50 datareporter-server-1.0-SNAPSHOT.jar | + | -rw-r--r--. 1 datareporter datareporter 137908613 14. Mär 06:50 datareporter-server-1.0-SNAPSHOT.jar |
| drwxr-xr-x. 2 root root 46 14. Mär 08:17 update | drwxr-xr-x. 2 root root 46 14. Mär 08:17 update | ||
| Zeile 20: | Zeile 36: | ||
| ===== Systemd Eintrag (/etc/systemd/system/datareporter.service) ===== | ===== Systemd Eintrag (/etc/systemd/system/datareporter.service) ===== | ||
| + | |||
| + | |||
| + | |||
| <code> | <code> | ||
| + | |||
| [Unit] | [Unit] | ||
| Description=datareporter | Description=datareporter | ||
| - | After=syslog.target | + | After=mariadb.service |
| [Service] | [Service] | ||
| Zeile 31: | Zeile 51: | ||
| ExecStart=/usr/bin/java -Xmx512m -Djdk.tls.ephemeralDHKeySize=2048 -jar /opt/webserver/datareporter-server-1.0-SNAPSHOT.jar | ExecStart=/usr/bin/java -Xmx512m -Djdk.tls.ephemeralDHKeySize=2048 -jar /opt/webserver/datareporter-server-1.0-SNAPSHOT.jar | ||
| SuccessExitStatus=143 | SuccessExitStatus=143 | ||
| + | Restart=always | ||
| + | StandardOutput=syslog | ||
| + | StandardError=syslog | ||
| + | SyslogIdentifier=datareporter | ||
| [Install] | [Install] | ||
| WantedBy=multi-user.target | WantedBy=multi-user.target | ||
| + | |||
| + | </code> | ||
| + | |||
| + | |||
| + | ==== Bedienung: ==== | ||
| + | |||
| + | <code> | ||
| + | |||
| + | systemctl enable datareporter # Installieren des Services | ||
| + | systemctl start datareporter # Starten des Services | ||
| + | systemctl stop datareporter # Stoppen des Services | ||
| + | systemctl restart datareporter # Service neu starten | ||
| + | systemctl is-active datereporter # Service abfragen, ob er aktiv ist | ||
| + | |||
| + | # Logging wird ins syslog geschrieben: | ||
| + | |||
| + | journalctl -f -u datareporter # aktuelles Log anzeigen und live anzeigen (wie tail -f) | ||
| + | journalctl -u datareporter # gesamtes Log anzeigen | ||
| + | |||
| </code> | </code> | ||
| Zeile 55: | Zeile 98: | ||
| # absolute URL of own application (without trailing /, including protocol) | # absolute URL of own application (without trailing /, including protocol) | ||
| - | application.url=http://10.211.55.4:8080 | + | application.url=http://... |
| # Debug mode activated (no login needed...) | # Debug mode activated (no login needed...) | ||
| Zeile 82: | Zeile 125: | ||
| </code> | </code> | ||
| + | ===== update.sh ===== | ||
| + | <code> | ||
| + | |||
| + | #/bin/bash | ||
| + | |||
| + | CHANNEL=$1 | ||
| + | UPDATE_SERVER=https://doku.datareporter.eu/update/$CHANNEL | ||
| + | UPDATE_DIR=/opt/webserver/update | ||
| + | JAR_FILE=datareporter-server-1.0-SNAPSHOT.jar | ||
| + | |||
| + | PRODUCTIVE_DIR=/opt/webserver | ||
| + | |||
| + | if [[ $# -eq 0 ]] ; then | ||
| + | echo "Usage: $0 <Channel> [reboot]" | ||
| + | echo "For Example: " | ||
| + | echo "$0 00 reboot" | ||
| + | exit 0 | ||
| + | fi | ||
| + | |||
| + | if [ -f $UPDATE_DIR/$JAR_FILE ]; then | ||
| + | echo "Update was downloaded and is available. " | ||
| + | else | ||
| + | |||
| + | |||
| + | # Checking against update server | ||
| + | echo "Getting Version SHA256 from $UPDATE_SERVER" | ||
| + | wget -q $UPDATE_SERVER/version.sha256 -O $UPDATE_DIR/version.sha256 | ||
| + | |||
| + | echo "Checking if version is newer..." | ||
| + | comp_value=1 | ||
| + | if [ -f $UPDATE_DIR/current.sha256 ]; then | ||
| + | if [ -f $UPDATE_DIR/version.sha256 ]; then | ||
| + | # check for content of current version and downloaded version sha | ||
| + | diff $UPDATE_DIR/current.sha256 $UPDATE_DIR/version.sha256 >/dev/null | ||
| + | comp_value=$? | ||
| + | else | ||
| + | echo "version.sha256 does not exist - but it should. Exiting." | ||
| + | exit 1 | ||
| + | fi | ||
| + | else | ||
| + | echo "current.sha256 not existing - assuming available update is newer." | ||
| + | fi | ||
| + | |||
| + | # new version available? | ||
| + | if [ $comp_value -eq 1 ]; then | ||
| + | |||
| + | echo "New version available - downloading now" | ||
| + | |||
| + | # download new version from update server | ||
| + | wget -q $UPDATE_SERVER/$JAR_FILE.enc -O $UPDATE_DIR/$JAR_FILE.enc | ||
| + | echo "Decrypting JAR file..." | ||
| + | # decrypt the jar with the private key | ||
| + | openssl smime -decrypt -in $UPDATE_DIR/$JAR_FILE.enc -binary -inform DEM -inkey $UPDATE_DIR/update_priv.pem -out $UPDATE_DIR/$JAR_FILE | ||
| + | |||
| + | #remove the encrypted file | ||
| + | rm $UPDATE_DIR/$JAR_FILE.enc | ||
| + | |||
| + | echo "Checking SHA256 for downloaded file against downloaded SHA for update sanity..." | ||
| + | if [ -f $UPDATE_DIR/$JAR_FILE ]; then | ||
| + | |||
| + | # get checksum of encrypted file and check against downloaded sha - if equal both are verified | ||
| + | cat $UPDATE_DIR/$JAR_FILE | sha256sum >$UPDATE_DIR/downloaded.sha256 | ||
| + | diff $UPDATE_DIR/downloaded.sha256 $UPDATE_DIR/version.sha256 >/dev/null | ||
| + | comp_value=$? | ||
| + | if [ $comp_value -eq 0 ]; then | ||
| + | echo "Update downloaded and checked, everything OK!" | ||
| + | else | ||
| + | rm $UPDATE_DIR/$JAR_FILE | ||
| + | rm $UPDATE_DIR/downloaded.sha256 | ||
| + | echo "Downloaded and unencrypted file does not match hash." | ||
| + | fi | ||
| + | fi | ||
| + | |||
| + | |||
| + | else | ||
| + | echo "Current version is up to date - no need to do anything" | ||
| + | fi | ||
| + | |||
| + | rm $UPDATE_DIR/version.sha256 | ||
| + | |||
| + | fi | ||
| + | |||
| + | # if downloaded.sha256 and jar file are available, install it | ||
| + | if [ -f $UPDATE_DIR/$JAR_FILE ]; then | ||
| + | if [ -f $UPDATE_DIR/downloaded.sha256 ]; then | ||
| + | echo "Update verified and ready to install..." | ||
| + | |||
| + | echo "Stopping service and waiting 10 seconds to update" | ||
| + | systemctl stop datareporter | ||
| + | sleep 10 | ||
| + | |||
| + | systemctl is-active --quiet datareporter | ||
| + | isRunning=$? | ||
| + | |||
| + | if [ ! $isRunning -eq 0 ]; then | ||
| + | |||
| + | # do update | ||
| + | echo "Applying update" | ||
| + | rm $PRODUCTIVE_DIR/$JAR_FILE | ||
| + | mv $UPDATE_DIR/$JAR_FILE $PRODUCTIVE_DIR/$JAR_FILE | ||
| + | mv $UPDATE_DIR/downloaded.sha256 $UPDATE_DIR/current.sha256 | ||
| + | chown datareporter:datareporter $PRODUCTIVE_DIR/$JAR_FILE | ||
| + | systemctl daemon-reload | ||
| + | |||
| + | fi | ||
| + | |||
| + | if [ "$2" == "reboot" ]; then | ||
| + | /sbin/init 6 | ||
| + | else | ||
| + | echo "Service start" | ||
| + | # start service | ||
| + | systemctl start datareporter | ||
| + | fi | ||
| + | fi | ||
| + | fi | ||
| + | |||
| + | echo "Ready." | ||
| + | |||
| + | </code> | ||
