Add install scripts for Alaveteli

site-specific-install.sh will be called by our generic site
install script in commonlib/bin/install-site.sh

These scripts assume that you have a new installation of
Debian squeeze or Ubuntu precise and then will set up:

 - Alaveteli running in development mode with the Thin web
   server behing nginx

 - The cron jobs that are required for the site to work.

 - A basic Postfix configuration for sending and receiving
   mail.

We also will use this script for generating new AMIs
(Amazon Machin Images) for Alaveteli.

The general.yml configuration file will be created if it
doesn't exist, but if there is an existing copy it won't be
overwritten, so it should be safe to customize that file and
then re-run the install script.

1 files changed, 161 insertions, 0 deletions

diff --git a/script/site-specific-install.sh b/script/site-specific-install.sh
new file mode 100755
index 000000000..c7ec1e59e
--- /dev/null
+++ b/script/site-specific-install.sh
@@ -0,0 +1,161 @@
+#!/bin/sh
+
+# Set IDEAL_VERSION to the commitish we want to check out; typically
+# this is the version tag.  Since this may not exist before release,
+# fall back to the master branch:
+IDEAL_VERSION=0.15
+FALLBACK_VERSION=origin/master
+
+PARENT_SCRIPT_URL=https://github.com/mysociety/commonlib/blob/master/bin/install-site.sh
+
+misuse() {
+  echo The variable $1 was not defined, and it should be.
+  echo This script should not be run directly - instead, please run:
+  echo   $PARENT_SCRIPT_URL
+  exit 1
+}
+
+# Strictly speaking we don't need to check all of these, but it might
+# catch some errors made when changing install-site.sh
+
+[ -z "$DIRECTORY" ] && misuse DIRECTORY
+[ -z "$UNIX_USER" ] && misuse UNIX_USER
+[ -z "$REPOSITORY" ] && misuse REPOSITORY
+[ -z "$REPOSITORY_URL" ] && misuse REPOSITORY_URL
+[ -z "$BRANCH" ] && misuse BRANCH
+[ -z "$SITE" ] && misuse SITE
+[ -z "$DEFAULT_SERVER" ] && misuse DEFAULT_SERVER
+[ -z "$HOST" ] && misuse HOST
+[ -z "$DISTRIBUTION" ] && misuse DISTRIBUTION
+[ -z "$IDEAL_VERSION" ] && misuse VERSION
+[ -z "$FALLBACK_VERSION" ] && misuse FALLBACK_VERSION
+[ -z "$DEVELOPMENT_INSTALL" ] && misuse DEVELOPMENT_INSTALL
+[ -z "$BIN_DIRECTORY" ] && misuse BIN_DIRECTORY
+
+update_mysociety_apt_sources
+
+if [ ! "$DEVELOPMENT_INSTALL" = true ]; then
+    install_nginx
+    add_website_to_nginx
+    # Check out the requested version:
+    su -l -c "cd '$REPOSITORY' && (git checkout '$IDEAL_VERSION' ||
+                                   git checkout '$FALLBACK_VERSION')" \
+        "$UNIX_USER"
+fi
+
+install_postfix
+
+# Now there's quite a bit of Postfix configuration that we need to
+# make sure is present:
+
+ensure_line_present \
+    "^ *alaveteli *unix *" \
+    "alaveteli unix  -       n       n       -       50      pipe flags=R user=$UNIX_USER argv=$REPOSITORY/script/mailin" \
+    /etc/postfix/master.cf 644
+
+ensure_line_present \
+    "^ *transport_maps *= *regexp:/etc/postfix/regexp" \
+    "transport_maps = regexp:/etc/postfix/regexp" \
+    /etc/postfix/main.cf 644
+
+ensure_line_present \
+    "^ *local_recipient_maps *=" \
+    "local_recipient_maps = " \
+    /etc/postfix/main.cf 644
+
+ensure_line_present \
+    "^ *mydestination *=" \
+    "mydestination = $HOST, $(hostname --fqdn), localhost.localdomain, localhost" \
+    /etc/postfix/main.cf 644
+
+ensure_line_present \
+    "^.*alaveteli" \
+    "/^foi.*/	alaveteli" \
+    /etc/postfix/regexp 644
+
+ensure_line_present \
+    "^do-not-reply" \
+    "do-not-reply-to-this-address:        :blackhole:" \
+    /etc/aliases 644
+
+ensure_line_present \
+    "^mail" \
+    "mail.*                          -/var/log/mail/mail.log" \
+    /etc/rsyslog.d/50-default.conf 644
+
+if ! egrep '^ */var/log/mail/mail.log *{' /etc/logrotate.d/rsyslog
+then
+    cat >> /etc/logrotate.d/rsyslog <<EOF
+/var/log/mail/mail.log {
+          rotate 30
+          daily
+          dateext
+          missingok
+          notifempty
+          compress
+          delaycompress
+          sharedscripts
+          postrotate
+                  reload rsyslog >/dev/null 2>&1 || true
+          endscript
+}
+EOF
+fi
+
+/etc/init.d/rsyslog restart
+
+newaliases
+postmap /etc/postfix/regexp
+postfix reload
+
+# (end of the Postfix configuration)
+
+install_website_packages
+
+# Make the PostgreSQL user a superuser to avoid the irritating error:
+#   PG::Error: ERROR:  permission denied: "RI_ConstraintTrigger_16564" is a system trigger
+add_postgresql_user --superuser
+
+export DEVELOPMENT_INSTALL
+su -c "$BIN_DIRECTORY/install-as-user '$UNIX_USER' '$HOST' '$DIRECTORY'" "$UNIX_USER"
+
+if [ ! "$DEVELOPMENT_INSTALL" = true ]; then
+    install_sysvinit_script
+fi
+
+# Set up root's crontab:
+
+cd "$REPOSITORY"
+
+sed -r \
+    -e "s,^(MAILTO=).*,\1root@$HOST," \
+    -e "s,\!\!\(\*= .user \*\)\!\!,$UNIX_USER,g" \
+    -e "s,/data/vhost/\!\!\(\*= .vhost \*\)\!\!/\!\!\(\*= .vcspath \*\)\!\!,$REPOSITORY,g" \
+    -e "s,/data/vhost/\!\!\(\*= .vhost \*\)\!\!,$DIRECTORY,g" \
+    -e "s,run-with-lockfile,$REPOSITORY/commonlib/bin/run-with-lockfile.sh,g" \
+    config/crontab-example > /etc/cron.d/alaveteli
+
+sed -r \
+    -e "s,\!\!\(\*= .user \*\)\!\!,$UNIX_USER,g" \
+    -e "s,\!\!\(\*= .daemon_name \*\)\!\!,foi-alert-tracks,g" \
+    -e "s,\!\!\(\*= .vhost_dir \*\)\!\!,$DIRECTORY,g" \
+    config/alert-tracks-debian.ugly > /etc/init.d/foi-alert-tracks
+
+sed -r \
+    -e "s,\!\!\(\*= .user \*\)\!\!,$UNIX_USER,g" \
+    -e "s,\!\!\(\*= .daemon_name \*\)\!\!,foi-alert-tracks,g" \
+    -e "s,\!\!\(\*= .vhost_dir \*\)\!\!,$DIRECTORY,g" \
+    config/purge-varnish-debian.ugly > /etc/init.d/foi-purge-varnish
+
+chmod a+rx /etc/init.d/foi-alert-tracks
+chmod a+rx /etc/init.d/foi-purge-varnish
+
+if [ $DEFAULT_SERVER = true ] && [ x != x$EC2_HOSTNAME ]
+then
+    # If we're setting up as the default on an EC2 instance, make sure
+    # that the /etc/rc.local is set up to run the install script again
+    # to update the hostname:
+    overwrite_rc_local
+fi
+
+done_msg "Installation complete"; echo