Add an install script for FixMyStreet for new servers

This has been tested on Debian squeeze and Ubuntu precise.
Since this makes signficant changes to the server setup,
(adding users, databases, changing the Apache configuration,
etc.) it should only be run on new installations, or a new
EC2 instance.

3 files changed, 396 insertions, 0 deletions

diff --git a/bin/install-as-user b/bin/install-as-user
new file mode 100755
index 000000000..ecd2d99b6
--- /dev/null
+++ b/bin/install-as-user
@@ -0,0 +1,126 @@
+#!/bin/sh
+
+set -e
+
+if [ $# -ne 2 ]
+then
+    echo "Usage: $0 <UNIX-USER> <HOST>"
+    exit 1
+fi
+
+UNIX_USER="$1"
+HOST="$2"
+DB_NAME="fixmystreet"
+
+# Check that the arguments we've been passed are sensible:
+
+IP_ADDRESS_FOR_HOST="$(dig +short $HOST)"
+
+if [ x = x"$IP_ADDRESS_FOR_HOST" ]
+then
+    echo "The hostname $HOST didn't resolve to an IP address"
+    exit 1
+fi
+
+if ! id "$UNIX_USER" 2> /dev/null > /dev/null
+then
+    echo "The user '$UNIX_USER' didn't exist."
+    echo "(You should have run \"sudo pre-install-as-root '$UNIX_USER' '$HOST'\" before this.)"
+    exit 1
+fi
+
+if [ "$(whoami)" != "$UNIX_USER" ]
+then
+    echo "This script should be run by the user '$UNIX_USER'."
+    exit 1
+fi
+
+FMS_DIRECTORY="/var/www/$HOST"
+FMS_REPOSITORY="$FMS_DIRECTORY/fixmystreet"
+FMS_LINK_DESTINATION="$HOME/fixmystreet"
+
+ln -sfn "$FMS_REPOSITORY" $FMS_LINK_DESTINATION
+cd "$FMS_REPOSITORY"
+
+# Add regularly scheduled tasks to cron:
+
+TEMPORARY_CRONTAB=$(mktemp)
+
+echo crontab file is $TEMPORARY_CRONTAB
+
+cat > $TEMPORARY_CRONTAB <<EOF
+# Timed tasks for FixMyStreet.
+#
+# Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved.
+# Email: matthew@mysociety.org. WWW: http://www.mysociety.org/
+
+PATH=/usr/local/bin:/usr/bin:/bin
+
+5,10,15,20,25,30,35,40,45,50,55 * * * * "$FMS_REPOSITORY/commonlib/bin/run-with-lockfile.sh" -n "$FMS_REPOSITORY/send-reports.lock" "$FMS_REPOSITORY/bin/cron-wrapper send-reports" || echo "stalled?"
+0 0-8,10,11,13,14,16,17,19-23 * * * "$FMS_REPOSITORY/commonlib/bin/run-with-lockfile.sh" -n "$FMS_DIRECTORY/send-reports.lock" "$FMS_REPOSITORY/bin/cron-wrapper send-reports" || echo "stalled?"
+0 9,12,15,18 * * * "$FMS_REPOSITORY/commonlib/bin/run-with-lockfile.sh" -n "$FMS_DIRECTORY/send-reports.lock" "$FMS_REPOSITORY/bin/cron-wrapper send-reports --verbose" || echo "stalled?"
+2 * * * * "$FMS_REPOSITORY/commonlib/bin/run-with-lockfile.sh" -n "$FMS_DIRECTORY/send-alerts.lock" "$FMS_REPOSITORY/bin/cron-wrapper send-alerts" || echo "stalled?"
+0,30 * * * * "$FMS_REPOSITORY/commonlib/bin/run-with-lockfile.sh" -n "$FMS_DIRECTORY/send-questionnaires.lock" "$FMS_REPOSITORY/bin/cron-wrapper send-questionnaires" || echo "stalled?"
+5,10,15,20,25,30,35,40,45,50,55 * * * * "$FMS_REPOSITORY/commonlib/bin/run-with-lockfile.sh" -n "$FMS_DIRECTORY/send-comments.lock" "$FMS_REPOSITORY/bin/cron-wrapper send-comments" || echo "stalled?"
+5,10,15,20,25,30,35,40,45,50,55 * * * * "$FMS_REPOSITORY/commonlib/bin/run-with-lockfile.sh" -n "$FMS_DIRECTORY/fetch-comments.lock" "$FMS_REPOSITORY/bin/cron-wrapper fetch-comments" || echo "stalled?"
+0,30 * * * * "$FMS_REPOSITORY/commonlib/bin/run-with-lockfile.sh" -n "$FMS_DIRECTORY/open311-populate-service-list.lock" "$FMS_REPOSITORY/bin/cron-wrapper open311-populate-service-list" || echo "stalled?"
+
+# Once an hour, update the all reports stats
+13 * * * * "$FMS_REPOSITORY/bin/cron-wrapper" update-all-reports
+
+# Once a day on all servers
+39 2 * * * "$FMS_REPOSITORY/bin/problems-filed-graph"
+43 2 * * * "$FMS_REPOSITORY/bin/problem-creation-graph"
+00 8 * * * "$FMS_REPOSITORY/bin/check-for-zombies" $UNIX_USER
+
+EOF
+
+crontab $TEMPORARY_CRONTAB
+
+# Install the compass gem locally - it's required for generating the
+# CSS:
+
+export GEM_HOME="$FMS_DIRECTORY/gems"
+mkdir -p "$GEM_HOME"
+export GEM_PATH=
+export PATH="$GEM_HOME/bin:$PATH"
+
+gem install --no-ri --no-rdoc compass
+
+# Use compass to generate the CSS, if it doesn't seem to already
+# exist:
+
+if [ ! -f web/cobrands/default/base.css ]
+then
+    bin/make_css
+fi
+
+# Write sensible values into the config file:
+
+sed -r \
+    -e "s,^( *FMS_DB_HOST:).*,\\1 ''," \
+    -e "s,^( *FMS_DB_NAME:).*,\\1 '$DB_NAME'," \
+    -e "s,^( *FMS_DB_USER:).*,\\1 '$UNIX_USER'," \
+    -e "s,^( *BASE_URL:).*,\\1 'http://$HOST'," \
+    -e "s,^( *EMAIL_DOMAIN:).*,\\1 '$HOST'," \
+    -e "s,^( *CONTACT_EMAIL:).*,\\1 'help@$HOST'," \
+    conf/general.yml-example > conf/general.yml
+
+# Install the required Perl modules - this may take a very long time:
+
+cd "$FMS_REPOSITORY"
+bin/install_perl_modules
+
+# Generate po and mo files (these invocations taken from Kagee's script):
+
+./bin/cron-wrapper ./bin/make_emptyhomes_po
+./bin/cron-wrapper ./bin/make_emptyhomes_welsh_po
+
+commonlib/bin/gettext-makemo FixMyStreet
+
+# Tell the user what to do next:
+
+echo Installation complete - you should now be able to view the site at:
+echo   http://$HOST/
+echo Or you can run the tests by switching to the "'$UNIX_USER'" user and
+echo running: $FMS_REPOSITORY/bin/cron-wrapper prove -r t
diff --git a/bin/pre-install-as-root b/bin/pre-install-as-root
new file mode 100755
index 000000000..0810ea6ae
--- /dev/null
+++ b/bin/pre-install-as-root
@@ -0,0 +1,270 @@
+#!/bin/sh
+
+# On a clean Debian squeeze or Ubuntu precise installation you should
+# be able to install FixMyStreet with:
+#
+#     curl https://raw.github.com/mysociety/fixmystreet/install-script/bin/pre-install-as-root | \
+#         sh -s fms whatever.compute.amazonaws.com
+#
+# ... where the first argument is the Unix user who will own the code
+# and the application will run as, and the second argument is the
+# public hostname for the server, which will be used for creating the
+# named virtualhost.
+
+set -e
+
+if [ $# -ne 2 ]
+then
+    echo "Usage: $0 <UNIX-USER> <HOST>"
+    exit 1
+fi
+
+UNIX_USER="$1"
+HOST="$2"
+
+FMS_DIRECTORY="/var/www/$HOST"
+FMS_REPOSITORY="$FMS_DIRECTORY/fixmystreet"
+
+REPOSITORY_URL=git://github.com/mysociety/fixmystreet.git
+BRANCH=install-script
+
+IP_ADDRESS_FOR_HOST="$(dig +short $HOST)"
+
+if [ x = x"$IP_ADDRESS_FOR_HOST" ]
+then
+    echo "The hostname $HOST didn't resolve to an IP address"
+    exit 1
+fi
+
+generate_locales() {
+    # If language-pack-en is present, install that:
+    apt-get install -y language-pack-en || true
+
+    # We get lots of locale errors if the en_GB.UTF-8 locale isn't
+    # present.  (This is from Kagee's script.)
+    if [ "$(locale -a | egrep -i '^en_GB.utf-?8$' | wc -l)" = "1" ]
+    then
+        echo "en_GB.utf8 activated and generated"
+    else
+        echo "en_GB.utf8 not generated"
+        if [ x"$(grep -c '^en_GB.UTF-8 UTF-8' /etc/locale.gen)" = x1 ]
+        then
+            echo "'en_GB.UTF-8 UTF-8' already in /etc/locale.gen we will only generate"
+        else
+            echo "Appending 'en_GB.UTF-8 UTF-8' and 'cy_GB.UTF-8 UTF-8'"
+            echo "to /etc/locale.gen for generation"
+            echo "\nen_GB.UTF-8 UTF-8\ncy_GB.UTF-8 UTF-8" >> /etc/locale.gen
+        fi
+        echo "Generating new locales"
+        locale-gen
+    fi
+}
+
+set_locale() {
+    echo 'LANG="en_GB.UTF-8"' > /etc/default/locale
+    export LANG="en_GB.UTF-8"
+}
+
+move_default_virtualhosts() {
+    # If there are any occurences of /var/www or /var/www/ in
+    # /etc/apache2/sites-available/(default|default-ssl) change them
+    # to /var/www/default and /var/www/default/ respectively:
+    for name in default default-ssl
+    do
+        ORIGINAL=/etc/apache2/sites-available/$name
+        sed -i -r \
+            -e 's,(/var/www/)([^A-Za-z0-9]|$),\1default/\2,g' \
+            -e 's,(/var/www)([^/A-Za-z0-9]|$),\1/default\2,g' \
+            $ORIGINAL
+    done
+    mkdir -p /var/www/default
+    cp /var/www/index.html /var/www/default
+}
+
+add_unix_user() {
+    # Create the required user if it doesn't already exist:
+    if id "$1" 2> /dev/null > /dev/null
+    then
+        echo "The user $1 already exists."
+    else
+        adduser --disabled-password --gecos 'The FixMyStreet User' "$1"
+    fi
+}
+
+add_postgresql_user() {
+    su -c "createuser --createdb --no-createrole --no-superuser '$1'" postgres || true
+}
+
+update_apt_sources() {
+    DISTRIBUTION="$(lsb_release -i -s)"
+    VERSION="$(lsb_release -c -s)"
+    if [ x"$DISTRIBUTION" = x"Ubuntu" ] && [ x"$VERSION" = x"precise" ]
+    then
+        cat > /etc/apt/sources.list.d/mysociety-extra.list <<EOF
+deb http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ precise multiverse
+deb-src http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ precise multiverse
+deb http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ precise-updates multiverse
+deb-src http://eu-west-1.ec2.archive.ubuntu.com/ubuntu/ precise-updates multiverse
+EOF
+    elif [ x"$DISTRIBUTION" = x"Debian" ] && [ x"$VERSION" = x"squeeze" ]
+    then
+        # Install the basic packages we require:
+        cat > /etc/apt/sources.list.d/mysociety-extra.list <<EOF
+# Debian mirror to use, including contrib and non-free:
+deb http://the.earth.li/debian/ squeeze main contrib non-free
+deb-src http://the.earth.li/debian/ squeeze main contrib non-free
+
+# Security Updates:
+deb http://security.debian.org/ squeeze/updates main non-free
+deb-src http://security.debian.org/ squeeze/updates main non-free
+
+# Debian Backports
+deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free
+deb-src http://backports.debian.org/debian-backports squeeze-backports main contrib non-free
+
+# mySociety repository
+deb http://debian.mysociety.org squeeze main
+EOF
+    else
+        echo Unsupport distribution and version combination $DISTRIBUTION $VERSION
+        exit 1
+    fi
+    apt-get update
+}
+
+clone_or_update_repository() {
+    # Clone the repository into place if the directory isn't already
+    # present:
+    if [ -d $FMS_REPOSITORY ]
+    then
+        echo the directory $FMS_REPOSITORY already exists
+        cd $FMS_REPOSITORY
+        git remote set-url origin "$REPOSITORY_URL"
+        git fetch origin
+        # Check that there are no uncommitted changes before doing a
+        # git reset --hard:
+        git diff --quiet || { echo "There were changes in the working tree in $FMS_REPOSITORY; exiting."; exit 1; }
+        git diff --cached --quiet || { echo "There were staged but uncommitted changes in $FMS_REPOSITORY; exiting."; exit 1; }
+        # If that was fine, carry on:
+        git reset --hard origin/"$BRANCH"
+        git submodule sync
+        git submodule update --recursive
+    else
+        PARENT="$(dirname $FMS_REPOSITORY)"
+        echo creating $PARENT
+        mkdir -p $PARENT
+        git clone --recursive --branch "$BRANCH" "$REPOSITORY_URL" "$FMS_REPOSITORY"
+    fi
+}
+
+install_apache() {
+    # Make sure that Apache is installed:
+    apt-get install -y apache2-mpm-worker libapache2-mod-fastcgi apache2-suexec
+
+    # Actually enable the suexec wrapper:
+    sed -i -r 's/^( *)#( *FastCgiWrapper.*)/\1\2/' /etc/apache2/mods-available/fastcgi.conf
+
+    # Since this may be run on an EC2 instance with very low memory,
+    # limit the number of FastCGI processes to 2:
+    if ! egrep '^ *FastCgiConfig -maxClassProcesses' /etc/apache2/mods-available/fastcgi.conf
+    then
+    sed '/<\/IfModule>/i\
+  FastCgiConfig -maxClassProcesses 2
+
+' /etc/apache2/mods-available/fastcgi.conf
+    fi
+
+    /etc/init.d/apache2 restart
+}
+
+install_website_packages() {
+    PACKAGES_FILE="$1/conf/packages.debian-squeeze"
+    xargs -a "$PACKAGES_FILE" apt-get -y install
+}
+
+add_website_to_apache() {
+    UNIX_USER="$1"
+    HOST="$2"
+    REPOSITORY="$3"
+
+    LOG_DIRECTORY="$(readlink -f $REPOSITORY/../logs)"
+    mkdir -p "$LOG_DIRECTORY"
+    chown -R "$UNIX_USER"."$UNIX_USER" "$LOG_DIRECTORY"
+
+    APACHE_CONFIG_FILE=$REPOSITORY/conf/httpd.conf
+
+    cp $APACHE_CONFIG_FILE-example $APACHE_CONFIG_FILE
+
+    cat > /etc/apache2/sites-available/"$HOST" <<EOF
+<VirtualHost *:80>
+    ServerName $HOST
+    DocumentRoot $REPOSITORY/web/
+
+    # Pull in the specific config
+    Include $APACHE_CONFIG_FILE
+
+    SuexecUserGroup $UNIX_USER $UNIX_USER
+
+    <Directory $REPOSITORY/web>
+        # You also need to enable cgi files to run as CGI scripts.  For example:
+        # on production servers these are run under fastcgi
+        Options +ExecCGI
+        AddHandler fastcgi-script .cgi
+        AllowOverride None
+    </Directory>
+
+    <Location /admin>
+        #
+        #  WARNING - enable auth here on production machine
+        #
+        Options +ExecCGI
+        AddHandler cgi-script .cgi
+    </Location>
+
+    Alias /admin/ $REPOSITORY/web-admin/
+
+    Alias /jslib/ $REPOSITORY/commonlib/jslib/"
+
+    LogLevel info
+    ErrorLog $LOG_DIRECTORY/error.log
+    CustomLog $LOG_DIRECTORY/access.log combined
+
+</VirtualHost>
+EOF
+
+    move_default_virtualhosts
+
+    a2ensite $HOST
+
+    a2enmod rewrite
+    a2enmod proxy_http
+    a2enmod expires
+    a2enmod headers
+    a2enmod suexec
+    a2enmod fastcgi
+
+    /etc/init.d/apache2 restart
+}
+
+generate_locales
+set_locale
+
+add_unix_user "$UNIX_USER"
+
+update_apt_sources
+
+# Install some packages that we will definitely need:
+apt-get install -y git-core lockfile-progs rubygems
+
+clone_or_update_repository $FMS_REPOSITORY
+
+chown -R "$UNIX_USER"."$UNIX_USER" "$FMS_DIRECTORY"
+
+install_apache
+install_website_packages "$FMS_REPOSITORY"
+
+add_postgresql_user "$UNIX_USER"
+
+add_website_to_apache "$UNIX_USER" "$HOST" "$FMS_REPOSITORY"
+
+su -l -c "$FMS_REPOSITORY/bin/install-as-user '$UNIX_USER' '$HOST'" "$UNIX_USER"
diff --git a/commonlib b/commonlib
-Subproject f81ec03692fac90792fc102f88f0afbf3d2f73b
+Subproject cfa9543e2fd50b08d27f6543ae5ef64600bff90