Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
systemd_install_update [2018/03/14 07:19] mike angelegt |
systemd_install_update [2020/12/17 05:48] (aktuell) mike |
||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
+ | ====== Voraussetzungen ====== | ||
+ | |||
+ | * MariaDB installiert,Datenbank "datareporter" mit Benutzerzugriff eingerichtet | ||
+ | * wget installiert | ||
+ | * java installiert (Oracle oder OpenJDK) | ||
+ | * Benutzer "datareporter" am System angelegt ("useradd datareporter") | ||
+ | * in /etc/hosts datareporter.internal auf Datenbank - IP umleiten (127.0.0.1) | ||
+ | * Wichtig für ELK Logging: Timezone muss auf Europe/Vienna gestellt sein | ||
+ | |||
+ | Firewalld muss konfiguriert werden (danach Neustart): | ||
+ | |||
+ | <code> | ||
+ | firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=8080 | ||
+ | </code> | ||
+ | |||
+ | |||
====== Verzeichnis /opt/webserver ====== | ====== Verzeichnis /opt/webserver ====== | ||
Zeile 7: | Zeile 23: | ||
drwxr-xr-x. 3 root root 23 13. Mär 12:03 .. | drwxr-xr-x. 3 root root 23 13. Mär 12:03 .. | ||
-rw-r--r--. 1 datareporter datareporter 1184 13. Mär 19:01 application.properties | -rw-r--r--. 1 datareporter datareporter 1184 13. Mär 19:01 application.properties | ||
- | -rw-r--r--. 1 root root 137908613 14. Mär 06:50 datareporter-server-1.0-SNAPSHOT.jar | + | -rw-r--r--. 1 datareporter datareporter 137908613 14. Mär 06:50 datareporter-server-1.0-SNAPSHOT.jar |
drwxr-xr-x. 2 root root 46 14. Mär 08:17 update | drwxr-xr-x. 2 root root 46 14. Mär 08:17 update | ||
Zeile 20: | Zeile 36: | ||
===== Systemd Eintrag (/etc/systemd/system/datareporter.service) ===== | ===== Systemd Eintrag (/etc/systemd/system/datareporter.service) ===== | ||
+ | |||
+ | |||
+ | |||
<code> | <code> | ||
+ | |||
[Unit] | [Unit] | ||
Description=datareporter | Description=datareporter | ||
- | After=syslog.target | + | After=mariadb.service |
[Service] | [Service] | ||
Zeile 31: | Zeile 51: | ||
ExecStart=/usr/bin/java -Xmx512m -Djdk.tls.ephemeralDHKeySize=2048 -jar /opt/webserver/datareporter-server-1.0-SNAPSHOT.jar | ExecStart=/usr/bin/java -Xmx512m -Djdk.tls.ephemeralDHKeySize=2048 -jar /opt/webserver/datareporter-server-1.0-SNAPSHOT.jar | ||
SuccessExitStatus=143 | SuccessExitStatus=143 | ||
+ | Restart=always | ||
+ | StandardOutput=syslog | ||
+ | StandardError=syslog | ||
+ | SyslogIdentifier=datareporter | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
+ | |||
+ | </code> | ||
+ | |||
+ | |||
+ | ==== Bedienung: ==== | ||
+ | |||
+ | <code> | ||
+ | |||
+ | systemctl enable datareporter # Installieren des Services | ||
+ | systemctl start datareporter # Starten des Services | ||
+ | systemctl stop datareporter # Stoppen des Services | ||
+ | systemctl restart datareporter # Service neu starten | ||
+ | systemctl is-active datereporter # Service abfragen, ob er aktiv ist | ||
+ | |||
+ | # Logging wird ins syslog geschrieben: | ||
+ | |||
+ | journalctl -f -u datareporter # aktuelles Log anzeigen und live anzeigen (wie tail -f) | ||
+ | journalctl -u datareporter # gesamtes Log anzeigen | ||
+ | |||
</code> | </code> | ||
Zeile 55: | Zeile 98: | ||
# absolute URL of own application (without trailing /, including protocol) | # absolute URL of own application (without trailing /, including protocol) | ||
- | application.url=http://10.211.55.4:8080 | + | application.url=http://... |
# Debug mode activated (no login needed...) | # Debug mode activated (no login needed...) | ||
Zeile 82: | Zeile 125: | ||
</code> | </code> | ||
+ | ===== update.sh ===== | ||
+ | <code> | ||
+ | |||
+ | #/bin/bash | ||
+ | |||
+ | CHANNEL=$1 | ||
+ | UPDATE_SERVER=https://doku.datareporter.eu/update/$CHANNEL | ||
+ | UPDATE_DIR=/opt/webserver/update | ||
+ | JAR_FILE=datareporter-server-1.0-SNAPSHOT.jar | ||
+ | |||
+ | PRODUCTIVE_DIR=/opt/webserver | ||
+ | |||
+ | if [[ $# -eq 0 ]] ; then | ||
+ | echo "Usage: $0 <Channel> [reboot]" | ||
+ | echo "For Example: " | ||
+ | echo "$0 00 reboot" | ||
+ | exit 0 | ||
+ | fi | ||
+ | |||
+ | if [ -f $UPDATE_DIR/$JAR_FILE ]; then | ||
+ | echo "Update was downloaded and is available. " | ||
+ | else | ||
+ | |||
+ | |||
+ | # Checking against update server | ||
+ | echo "Getting Version SHA256 from $UPDATE_SERVER" | ||
+ | wget -q $UPDATE_SERVER/version.sha256 -O $UPDATE_DIR/version.sha256 | ||
+ | |||
+ | echo "Checking if version is newer..." | ||
+ | comp_value=1 | ||
+ | if [ -f $UPDATE_DIR/current.sha256 ]; then | ||
+ | if [ -f $UPDATE_DIR/version.sha256 ]; then | ||
+ | # check for content of current version and downloaded version sha | ||
+ | diff $UPDATE_DIR/current.sha256 $UPDATE_DIR/version.sha256 >/dev/null | ||
+ | comp_value=$? | ||
+ | else | ||
+ | echo "version.sha256 does not exist - but it should. Exiting." | ||
+ | exit 1 | ||
+ | fi | ||
+ | else | ||
+ | echo "current.sha256 not existing - assuming available update is newer." | ||
+ | fi | ||
+ | |||
+ | # new version available? | ||
+ | if [ $comp_value -eq 1 ]; then | ||
+ | |||
+ | echo "New version available - downloading now" | ||
+ | |||
+ | # download new version from update server | ||
+ | wget -q $UPDATE_SERVER/$JAR_FILE.enc -O $UPDATE_DIR/$JAR_FILE.enc | ||
+ | echo "Decrypting JAR file..." | ||
+ | # decrypt the jar with the private key | ||
+ | openssl smime -decrypt -in $UPDATE_DIR/$JAR_FILE.enc -binary -inform DEM -inkey $UPDATE_DIR/update_priv.pem -out $UPDATE_DIR/$JAR_FILE | ||
+ | |||
+ | #remove the encrypted file | ||
+ | rm $UPDATE_DIR/$JAR_FILE.enc | ||
+ | |||
+ | echo "Checking SHA256 for downloaded file against downloaded SHA for update sanity..." | ||
+ | if [ -f $UPDATE_DIR/$JAR_FILE ]; then | ||
+ | |||
+ | # get checksum of encrypted file and check against downloaded sha - if equal both are verified | ||
+ | cat $UPDATE_DIR/$JAR_FILE | sha256sum >$UPDATE_DIR/downloaded.sha256 | ||
+ | diff $UPDATE_DIR/downloaded.sha256 $UPDATE_DIR/version.sha256 >/dev/null | ||
+ | comp_value=$? | ||
+ | if [ $comp_value -eq 0 ]; then | ||
+ | echo "Update downloaded and checked, everything OK!" | ||
+ | else | ||
+ | rm $UPDATE_DIR/$JAR_FILE | ||
+ | rm $UPDATE_DIR/downloaded.sha256 | ||
+ | echo "Downloaded and unencrypted file does not match hash." | ||
+ | fi | ||
+ | fi | ||
+ | |||
+ | |||
+ | else | ||
+ | echo "Current version is up to date - no need to do anything" | ||
+ | fi | ||
+ | |||
+ | rm $UPDATE_DIR/version.sha256 | ||
+ | |||
+ | fi | ||
+ | |||
+ | # if downloaded.sha256 and jar file are available, install it | ||
+ | if [ -f $UPDATE_DIR/$JAR_FILE ]; then | ||
+ | if [ -f $UPDATE_DIR/downloaded.sha256 ]; then | ||
+ | echo "Update verified and ready to install..." | ||
+ | |||
+ | echo "Stopping service and waiting 10 seconds to update" | ||
+ | systemctl stop datareporter | ||
+ | sleep 10 | ||
+ | |||
+ | systemctl is-active --quiet datareporter | ||
+ | isRunning=$? | ||
+ | |||
+ | if [ ! $isRunning -eq 0 ]; then | ||
+ | |||
+ | # do update | ||
+ | echo "Applying update" | ||
+ | rm $PRODUCTIVE_DIR/$JAR_FILE | ||
+ | mv $UPDATE_DIR/$JAR_FILE $PRODUCTIVE_DIR/$JAR_FILE | ||
+ | mv $UPDATE_DIR/downloaded.sha256 $UPDATE_DIR/current.sha256 | ||
+ | chown datareporter:datareporter $PRODUCTIVE_DIR/$JAR_FILE | ||
+ | systemctl daemon-reload | ||
+ | |||
+ | fi | ||
+ | |||
+ | if [ "$2" == "reboot" ]; then | ||
+ | /sbin/init 6 | ||
+ | else | ||
+ | echo "Service start" | ||
+ | # start service | ||
+ | systemctl start datareporter | ||
+ | fi | ||
+ | fi | ||
+ | fi | ||
+ | |||
+ | echo "Ready." | ||
+ | |||
+ | </code> |