Add install scripts for Alaveteli

site-specific-install.sh will be called by our generic site
install script in commonlib/bin/install-site.sh

These scripts assume that you have a new installation of
Debian squeeze or Ubuntu precise and then will set up:

 - Alaveteli running in development mode with the Thin web
   server behing nginx

 - The cron jobs that are required for the site to work.

 - A basic Postfix configuration for sending and receiving
   mail.

We also will use this script for generating new AMIs
(Amazon Machin Images) for Alaveteli.

The general.yml configuration file will be created if it
doesn't exist, but if there is an existing copy it won't be
overwritten, so it should be safe to customize that file and
then re-run the install script.

2 files changed, 319 insertions, 0 deletions

diff --git a/script/install-as-user b/script/install-as-user
new file mode 100755
index 000000000..bee448b9d
--- /dev/null
+++ b/script/install-as-user
@@ -0,0 +1,158 @@
+#!/bin/bash
+
+set -e
+set -x
+
+if [ $# -ne 3 ]
+then
+    cat >&2 <<EOUSAGE
+Usage: $0 <UNIX-USER> <HOST> <INSTALLATION-DIRECTORY>
+EOUSAGE
+    exit 1
+fi
+
+UNIX_USER="$1"
+HOST="$2"
+DIRECTORY="$3"
+DB_NAME="alaveteli"
+
+# Check that the arguments we've been passed are sensible:
+
+IP_ADDRESS_FOR_HOST="$(dig +short $HOST)"
+
+if [ x = x"$IP_ADDRESS_FOR_HOST" ]
+then
+    echo "The hostname $HOST didn't resolve to an IP address"
+    exit 1
+fi
+
+if ! id "$UNIX_USER" 2> /dev/null > /dev/null
+then
+    echo "The user '$UNIX_USER' didn't exist."
+    exit 1
+fi
+
+if [ "$(whoami)" != "$UNIX_USER" ]
+then
+    echo "This script should be run by the user '$UNIX_USER'."
+    exit 1
+fi
+
+REPOSITORY="$DIRECTORY/alaveteli"
+LINK_DESTINATION="$HOME/alaveteli"
+
+ln -sfn "$REPOSITORY" $LINK_DESTINATION
+cd "$REPOSITORY"
+
+BASHRC="$HOME/.bashrc"
+
+BASHRC_GEM_COMMENT="Set up local gem directory for Alaveteli"
+BASHRC_START="# START $BASHRC_GEM_COMMENT"
+BASHRC_END="# END $BASHRC_GEM_COMMENT"
+
+# Remove the old lines we added:
+sed -ibackup "/$BASHRC_START/,/$BASHRC_END/d" "$BASHRC"
+
+# Create a temporary file, so we can prepend the lines we need.  They
+# need to be prepended since the Ubuntu skeleton .bashrc begins with
+# '[ -z "$PS1" ] && return', skipping the rest of the .bashrc for
+# non-interactive use, but we need the gem settings when invoking
+# commands in the shell non-interactively.
+TMP_BASHRC="$(mktemp "$BASHRC.XXXXXXX")"
+
+cat >>$TMP_BASHRC <<EOBRC
+$BASHRC_START
+export GEM_HOME="$HOME/gems"
+mkdir -p "\$GEM_HOME"
+export GEM_PATH=
+export PATH="\$GEM_HOME/bin:\$PATH"
+$BASHRC_END
+EOBRC
+
+cat "$BASHRC" >> "$TMP_BASHRC"
+mv "$TMP_BASHRC" "$BASHRC"
+
+source "$BASHRC"
+
+# Speed up the installation of gems:
+echo 'gem: --no-ri --no-rdoc' > "$HOME/.gemrc"
+
+# Write sensible values into the config file:
+
+function random_alphanumerics() {
+    < /dev/urandom tr -dc A-Za-z0-9 | head -c$1
+}
+
+RANDOM_EMAIL_SECRET=$(random_alphanumerics 32)
+RANDOM_EMERGENCY_PASSWORD=$(random_alphanumerics 10)
+RANDOM_COOKIE_SECRET=$(random_alphanumerics 100)
+
+if ! [ -f config/general.yml ]
+then
+    sed -r \
+        -e "s,^( *DOMAIN:).*,\\1 '$HOST'," \
+        -e "s,^( *FORCE_SSL:).*,\\1 false," \
+        -e "s,^( *TIME_ZONE:).*,\\1 'Europe/London'," \
+        -e "s,^( *BLOG_FEED:).*,\\1 null," \
+        -e "s,^( *TWITTER_USERNAME:).*,\\1 null," \
+        -e "s,^( *INCLUDE_DEFAULT_LOCALE_IN_URLS:).*,\\1 false," \
+        -e "s,^( *INCOMING_EMAIL_DOMAIN:).*,\\1 '$HOST'," \
+        -e "s,^( *INCOMING_EMAIL_PREFIX:).*,\\1 'foi+'," \
+        -e "s,^( *INCOMING_EMAIL_SECRET:).*,\\1 '$RANDOM_EMAIL_SECRET'," \
+        -e "s,^( *ADMIN_USERNAME:).*,\\1 'emergency'," \
+        -e "s,^( *ADMIN_PASSWORD:).*,\\1 '$RANDOM_EMERGENCY_PASSWORD'," \
+        -e "s,^( *CONTACT_EMAIL:).*,\\1 'postmaster@$HOST'," \
+        -e "s,^( *TRACK_SENDER_EMAIL:).*,\\1 'postmaster@$HOST'," \
+        -e "s,^( *COOKIE_STORE_SESSION_SECRET:).*,\\1 '$RANDOM_COOKIE_SECRET'," \
+        -e "s,^( *FORWARD_NONBOUNCE_RESPONSES_TO:).*,\\1 'user-support@$HOST'," \
+        -e "s,^( *HTML_TO_PDF_COMMAND:).*,\\1 '/usr/bin/wkhtmltopdf-static'," \
+        -e "s,^( *EXCEPTION_NOTIFICATIONS_FROM:).*,\\1 'do-not-reply-to-this-address@$HOST'," \
+        -e "/EXCEPTION_NOTIFICATIONS_TO:/,/^$/c EXCEPTION_NOTIFICATIONS_TO:\n - team@$HOST\n" \
+        -e "s,^( *VARNISH_HOST:).*,\\1 null," \
+        -e "s,^( *MTA_LOG_PATH:).*,\\1 '/var/log/mail/mail.log-*'," \
+        -e "s,^( *MTA_LOG_TYPE:).*,\\1 'postfix'," \
+        -e "s,^( *DONATION_URL:).*,\\1 null," \
+        -e "s,^( *THEME_BRANCH:).*,\\1 'develop'," \
+        -e "s,^( *USE_MAILCATCHER_IN_DEVELOPMENT:).*,\\1 false," \
+        config/general.yml-example > config/general.yml
+fi
+
+# add database.yml
+sed -r \
+    -e "s,^( *database: *)foi_(.*),\\1${DB_NAME}_\\2," \
+    -e "s,^( *username: *).*,\\1${UNIX_USER}," \
+    -e "s,^( *password: *).*,\\1null," \
+    -e "s,^( *host: *).*,\\1/var/run/postgresql/," \
+    config/database.yml-example > config/database.yml
+
+for SUFFIX in production test development
+do
+    REAL_DB_NAME="${DB_NAME}_$SUFFIX"
+    echo Creating the database $REAL_DB_NAME
+    # Create each database if it doesn't exist:
+    if ! psql -l | egrep "^ *$REAL_DB_NAME *\|" > /dev/null
+    then
+        createdb -T template0 --owner "$UNIX_USER" "$REAL_DB_NAME"
+    fi
+done
+
+# Bundler isn't packaged on Debian squeeze, so we have to install it
+# as a gem:
+
+which bundle || gem install bundler
+
+echo Running rails-post-deploy
+script/rails-post-deploy
+
+LOADED_INDICATOR="$HOME/.alaveteli-sample-data-loaded"
+
+if [ ! -f "$LOADED_INDICATOR" ]
+then
+    echo Running load-sample-data
+    bundle exec script/load-sample-data
+
+    echo Running rebuild-xapian-index
+    script/rebuild-xapian-index
+
+    touch "$LOADED_INDICATOR"
+fi
diff --git a/script/site-specific-install.sh b/script/site-specific-install.sh
new file mode 100755
index 000000000..c7ec1e59e
--- /dev/null
+++ b/script/site-specific-install.sh
@@ -0,0 +1,161 @@
+#!/bin/sh
+
+# Set IDEAL_VERSION to the commitish we want to check out; typically
+# this is the version tag.  Since this may not exist before release,
+# fall back to the master branch:
+IDEAL_VERSION=0.15
+FALLBACK_VERSION=origin/master
+
+PARENT_SCRIPT_URL=https://github.com/mysociety/commonlib/blob/master/bin/install-site.sh
+
+misuse() {
+  echo The variable $1 was not defined, and it should be.
+  echo This script should not be run directly - instead, please run:
+  echo   $PARENT_SCRIPT_URL
+  exit 1
+}
+
+# Strictly speaking we don't need to check all of these, but it might
+# catch some errors made when changing install-site.sh
+
+[ -z "$DIRECTORY" ] && misuse DIRECTORY
+[ -z "$UNIX_USER" ] && misuse UNIX_USER
+[ -z "$REPOSITORY" ] && misuse REPOSITORY
+[ -z "$REPOSITORY_URL" ] && misuse REPOSITORY_URL
+[ -z "$BRANCH" ] && misuse BRANCH
+[ -z "$SITE" ] && misuse SITE
+[ -z "$DEFAULT_SERVER" ] && misuse DEFAULT_SERVER
+[ -z "$HOST" ] && misuse HOST
+[ -z "$DISTRIBUTION" ] && misuse DISTRIBUTION
+[ -z "$IDEAL_VERSION" ] && misuse VERSION
+[ -z "$FALLBACK_VERSION" ] && misuse FALLBACK_VERSION
+[ -z "$DEVELOPMENT_INSTALL" ] && misuse DEVELOPMENT_INSTALL
+[ -z "$BIN_DIRECTORY" ] && misuse BIN_DIRECTORY
+
+update_mysociety_apt_sources
+
+if [ ! "$DEVELOPMENT_INSTALL" = true ]; then
+    install_nginx
+    add_website_to_nginx
+    # Check out the requested version:
+    su -l -c "cd '$REPOSITORY' && (git checkout '$IDEAL_VERSION' ||
+                                   git checkout '$FALLBACK_VERSION')" \
+        "$UNIX_USER"
+fi
+
+install_postfix
+
+# Now there's quite a bit of Postfix configuration that we need to
+# make sure is present:
+
+ensure_line_present \
+    "^ *alaveteli *unix *" \
+    "alaveteli unix  -       n       n       -       50      pipe flags=R user=$UNIX_USER argv=$REPOSITORY/script/mailin" \
+    /etc/postfix/master.cf 644
+
+ensure_line_present \
+    "^ *transport_maps *= *regexp:/etc/postfix/regexp" \
+    "transport_maps = regexp:/etc/postfix/regexp" \
+    /etc/postfix/main.cf 644
+
+ensure_line_present \
+    "^ *local_recipient_maps *=" \
+    "local_recipient_maps = " \
+    /etc/postfix/main.cf 644
+
+ensure_line_present \
+    "^ *mydestination *=" \
+    "mydestination = $HOST, $(hostname --fqdn), localhost.localdomain, localhost" \
+    /etc/postfix/main.cf 644
+
+ensure_line_present \
+    "^.*alaveteli" \
+    "/^foi.*/	alaveteli" \
+    /etc/postfix/regexp 644
+
+ensure_line_present \
+    "^do-not-reply" \
+    "do-not-reply-to-this-address:        :blackhole:" \
+    /etc/aliases 644
+
+ensure_line_present \
+    "^mail" \
+    "mail.*                          -/var/log/mail/mail.log" \
+    /etc/rsyslog.d/50-default.conf 644
+
+if ! egrep '^ */var/log/mail/mail.log *{' /etc/logrotate.d/rsyslog
+then
+    cat >> /etc/logrotate.d/rsyslog <<EOF
+/var/log/mail/mail.log {
+          rotate 30
+          daily
+          dateext
+          missingok
+          notifempty
+          compress
+          delaycompress
+          sharedscripts
+          postrotate
+                  reload rsyslog >/dev/null 2>&1 || true
+          endscript
+}
+EOF
+fi
+
+/etc/init.d/rsyslog restart
+
+newaliases
+postmap /etc/postfix/regexp
+postfix reload
+
+# (end of the Postfix configuration)
+
+install_website_packages
+
+# Make the PostgreSQL user a superuser to avoid the irritating error:
+#   PG::Error: ERROR:  permission denied: "RI_ConstraintTrigger_16564" is a system trigger
+add_postgresql_user --superuser
+
+export DEVELOPMENT_INSTALL
+su -c "$BIN_DIRECTORY/install-as-user '$UNIX_USER' '$HOST' '$DIRECTORY'" "$UNIX_USER"
+
+if [ ! "$DEVELOPMENT_INSTALL" = true ]; then
+    install_sysvinit_script
+fi
+
+# Set up root's crontab:
+
+cd "$REPOSITORY"
+
+sed -r \
+    -e "s,^(MAILTO=).*,\1root@$HOST," \
+    -e "s,\!\!\(\*= .user \*\)\!\!,$UNIX_USER,g" \
+    -e "s,/data/vhost/\!\!\(\*= .vhost \*\)\!\!/\!\!\(\*= .vcspath \*\)\!\!,$REPOSITORY,g" \
+    -e "s,/data/vhost/\!\!\(\*= .vhost \*\)\!\!,$DIRECTORY,g" \
+    -e "s,run-with-lockfile,$REPOSITORY/commonlib/bin/run-with-lockfile.sh,g" \
+    config/crontab-example > /etc/cron.d/alaveteli
+
+sed -r \
+    -e "s,\!\!\(\*= .user \*\)\!\!,$UNIX_USER,g" \
+    -e "s,\!\!\(\*= .daemon_name \*\)\!\!,foi-alert-tracks,g" \
+    -e "s,\!\!\(\*= .vhost_dir \*\)\!\!,$DIRECTORY,g" \
+    config/alert-tracks-debian.ugly > /etc/init.d/foi-alert-tracks
+
+sed -r \
+    -e "s,\!\!\(\*= .user \*\)\!\!,$UNIX_USER,g" \
+    -e "s,\!\!\(\*= .daemon_name \*\)\!\!,foi-alert-tracks,g" \
+    -e "s,\!\!\(\*= .vhost_dir \*\)\!\!,$DIRECTORY,g" \
+    config/purge-varnish-debian.ugly > /etc/init.d/foi-purge-varnish
+
+chmod a+rx /etc/init.d/foi-alert-tracks
+chmod a+rx /etc/init.d/foi-purge-varnish
+
+if [ $DEFAULT_SERVER = true ] && [ x != x$EC2_HOSTNAME ]
+then
+    # If we're setting up as the default on an EC2 instance, make sure
+    # that the /etc/rc.local is set up to run the install script again
+    # to update the hostname:
+    overwrite_rc_local
+fi
+
+done_msg "Installation complete"; echo