Moved SSL cert setup in nginx setup. Added conf download (refs #19020).

201.deprecated - FTP/0_setup.py

@@ -9,10 +9,10 @@ def setup(interactive=True):
     dir_path = utils.get_dir(__file__)
     pwd_path = '/etc/pure-ftpd/pureftpd.passwd'
     # Get passwords
-    ftpincoming = utils.get_conf('ftp_ftpincoming')
-    ftpmsuploader = utils.get_conf('ftp_ftpmsuploader')
-    ftpstorage = utils.get_conf('ftp_ftpstorage')
-    ftpadmin = utils.get_conf('ftp_ftpadmin')
+    ftpincoming = utils.get_conf('FTP_INCOMING_PWD')
+    ftpmsuploader = utils.get_conf('FTP_MSUPLOADER_PWD')
+    ftpstorage = utils.get_conf('FTP_STORAGE_PWD')
+    ftpadmin = utils.get_conf('FTP_ADMIN_PWD')
     if not ftpincoming or not ftpmsuploader or not ftpstorage or not ftpadmin:
         raise Exception('Some passwords for FTP accounts are missing.\nPlease add them in the configuration file for EnvSetup script.')
     # Run commands

22.Initialize_configuration_file/0_setup.sh → 21.Initialize_configuration_file/0_setup.sh

 #!/bin/bash
 source /root/envsetup/conf.sh
 
+# Download config file from skyreach
+conf_url="https://$SKYREACH_HOST/erp/credentials/$SKYREACH_API_KEY/conf.sh"
+if ( curl -I "$conf_url" >/dev/null ); then
+	wget -q "$conf_url" -O /root/envsetup/conf.sh
+	source /root/envsetup/conf.sh
+else
+	echo "Failed to download configuration using url '$conf_url'."
+fi
+
 # Autogenerate missing values
 if [ "${MS_ID}" = "" ]; then
 	MS_ID=$(echo "$(hostname)_msuser")

22.Initialize_environment/0_setup.sh

+#!/bin/bash
+source /root/envsetup/conf.sh
+
+# hostname
+echo "127.0.0.1 ${ETC_HOSTNAME}" >> /etc/hosts
+echo ${ETC_HOSTNAME} > /etc/hostname
+
+# DNS
+cat > /etc/resolv.conf << EOF
+search ubicast.net
+nameserver 192.168.40.3
+nameserver 192.168.40.2
+nameserver 192.168.40.6
+EOF
+
+# set ubicast account pwd
+if ( ! test -z ${SHELL_UBICAST_PWD} ); then
+	echo -e "${SHELL_UBICAST_PWD}\n${SHELL_UBICAST_PWD}" | passwd -q ubicast
+fi
+
+# create admin account
+useradd -m admin --shell /bin/bash
+usermod -aG sudo admin
+if ( ! test -z ${SHELL_ADMIN_PWD} ); then
+	echo -e "${SHELL_ADMIN_PWD}\n${SHELL_ADMIN_PWD}" | passwd -q admin
+fi

23.Deploy_ssl_certificate/0_setup.sh

-#!/bin/bash
-source /root/envsetup/conf.sh
-
-# deploy ssl certificate
-if ( test ${SSL_CERTIFICATE} )
-then
-sed -i "s@/etc/ssl/certs/ssl-cert-snakeoil.pem@${SSL_CERTIFICATE}@" /etc/nginx/conf.d/ssl.conf
-fi
-
-if ( test ${SSL_CERTIFICATE_KEY} )
-then
-sed -i "s@/etc/ssl/private/ssl-cert-snakeoil.key@${SSL_CERTIFICATE_KEY}@" /etc/nginx/conf.d/ssl.conf
-fi

21.Initialize_environment/0_setup.sh → 23.Initialize_APT/0_setup.sh

 #!/bin/bash
 source /root/envsetup/conf.sh
 
-# hostname
-echo "127.0.0.1       ${ETC_HOSTNAME}" >> /etc/hosts
-echo ${ETC_HOSTNAME} > /etc/hostname
-
-# DNS
-cat > /etc/resolv.conf << EOF
-search ubicast.net
-nameserver 192.168.40.3
-nameserver 192.168.40.2
-nameserver 192.168.40.6
-EOF
-
-# set ubicast account pwd
-if ( ! test -z ${SHELL_UBICAST_PWD} ); then
-	echo -e "${SHELL_UBICAST_PWD}\n${SHELL_UBICAST_PWD}" | passwd -q ubicast
-fi
-
-# create admin account
-useradd -m admin --shell /bin/bash
-usermod -aG sudo admin
-if ( ! test -z ${SHELL_ADMIN_PWD} ); then
-	echo -e "${SHELL_ADMIN_PWD}\n${SHELL_ADMIN_PWD}" | passwd -q admin
-fi
-
 # migrate to Ubuntu 16.04 / apply sources.list
 if ( cat /etc/lsb-release | grep '14.04' ); then
 	# upgrade to Ubuntu 16.04
@@ -34,6 +10,7 @@ if ( cat /etc/lsb-release | grep '14.04' ); then
 	apt-get update
 	DEBIAN_FRONTEND=noninteractive /usr/bin/apt-get dist-upgrade -o Dpkg::Options::="--force-confold" --force-yes -y
 	apt-get install -f -y
+	apt-get dist-upgrade -y
 else
 	# Ubuntu 16.04
 	cp sources16.list /etc/apt/sources.list
@@ -41,9 +18,8 @@ fi
 
 # update
 apt-get update
-apt-get install -y aptitude
-aptitude upgrade -y
-aptitude install -y apt-transport-https pwgen ntpdate
+apt-get install -y aptitude apt-transport-https
+apt-get dist-upgrade -y
 
 # modify sources.list to use ubicast cache
 grep ${APT_CACHE_HOST} /etc/apt/sources.list
@@ -52,17 +28,17 @@ if [ $? = 1 ]; then
 fi
 
 # APT panel
-wget -q https://${SKYREACH_HOST}/media/public.gpg -O- | sudo apt-key add -
+wget -q "https://${SKYREACH_HOST}/media/public.gpg" -O- | sudo apt-key add -
 echo "deb https://${SKYREACH_HOST} packaging/apt/${SKYREACH_API_KEY}/" > /etc/apt/sources.list.d/skyreach.list
-aptitude update
+apt-get update
 
 # unattended-upgrades
-aptitude install -y unattended-upgrades
+apt-get install -y unattended-upgrades
 sed -i 's@//Unattended-Upgrade::Mail "root";@Unattended-Upgrade::Mail "root";@' /etc/apt/apt.conf.d/50unattended-upgrades
 sed -i 's@//*.*"vim";@"mysql-server";@' /etc/apt/apt.conf.d/50unattended-upgrades
 sed -i 's@//*.*"libc6";@"mysql-client";@' /etc/apt/apt.conf.d/50unattended-upgrades
 # configure frequence
-cat >  /etc/apt/apt.conf.d/10periodic << EOF
+cat > /etc/apt/apt.conf.d/10periodic << EOF
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Download-Upgradeable-Packages "1";
 APT::Periodic::AutocleanInterval "7";

5.Wowza/0_setup.py

 #!/usr/bin/python3
 # -*- coding: utf-8 -*-
 import os
+
 import utils
-from shutil import copyfile
 
 
 def setup(interactive=True):
@@ -29,10 +29,11 @@ def setup(interactive=True):
         dict(line='write', template='%s/live-application.xml' % dir_path, target='/usr/local/WowzaStreamingEngine/conf/live/Application.xml', backup=True, params=(
             ('{{ live_pwd }}', utils.get_conf('WOWZA_LIVE_PWD')),
         )),
+        'cp "%s/Tune.xml" /usr/local/WowzaStreamingEngine/conf/Tune.xml' % dir_path,
         '/etc/init.d/WowzaStreamingEngine restart',
         '/etc/init.d/WowzaStreamingEngineManager restart',
     ]
-    if utils.get_conf('wowza_server_name'):
+    if utils.get_conf('WOWZA_SERVER_NAME'):
         cmds.append('mkdir -p /var/www/streaming')
     if os.path.exists('/home/ftp/storage/www'):
         cmds.extend([
@@ -40,6 +41,5 @@ def setup(interactive=True):
             'ln -sfn /home/ftp/storage/www /usr/local/WowzaStreamingEngine/content',
         ])
     utils.run_commands(cmds)
-    copyfile('%s/Tune.xml' % dir_path, '/usr/local/WowzaStreamingEngine/conf/Tune.xml')
     utils.log('Edit /usr/local/WowzaStreamingEngine/conf/admin.password to change web manager access password.')
     utils.log('Edit /usr/local/WowzaStreamingEngine/conf/Server.license to change license key.')

6.HCA/0_setup.py

@@ -7,27 +7,27 @@ def setup(interactive=True):
     dir_path = utils.get_dir(__file__)
     cmds = []
     # http.ini
-    ftpmsuploader = utils.get_conf('ftp_ftpmsuploader')
-    ftpstorage = utils.get_conf('ftp_ftpstorage')
-    ftpadmin = utils.get_conf('ftp_ftpadmin')
+    ftpmsuploader = utils.get_conf('FTP_MSUPLOADER_PWD')
+    ftpstorage = utils.get_conf('FTP_STORAGE_PWD')
+    ftpadmin = utils.get_conf('FTP_ADMIN_PWD')
     if ftpmsuploader and ftpstorage and ftpadmin:
         cmds.append('mkdir -p /etc/hca')
         cmds.append(dict(line='write', template='%s/http.ini' % dir_path, target='/etc/hca/http.ini', params=(
             ('{{ MS_SERVER_NAME }}', utils.get_conf('MS_SERVER_NAME', 'mediaserver')),
-            ('{{ ftp_server_name }}', utils.get_conf('ftp_server_name', 'videos')),
-            ('{{ ftp_storage_pwd }}', ftpstorage),
-            ('{{ ftp_msuploader_pwd }}', ftpmsuploader),
-            ('{{ ftp_admin_pwd }}', ftpadmin),
+            ('{{ FTP_SERVER_NAME }}', utils.get_conf('FTP_SERVER_NAME', 'videos')),
+            ('{{ FTP_STORAGE_PWD }}', ftpstorage),
+            ('{{ FTP_MSUPLOADER_PWD }}', ftpmsuploader),
+            ('{{ FTP_ADMIN_PWD }}', ftpadmin),
         )))
     else:
         print('Configuration of HCA http.ini file skipped (no FTP passwords in config).')
     # rtmp.ini
-    streaming_pwd = utils.get_conf('WOWZA_LIVE_PWD')
-    if streaming_pwd:
+    live_pwd = utils.get_conf('WOWZA_LIVE_PWD')
+    if live_pwd:
         cmds.append('mkdir -p /etc/hca')
         cmds.append(dict(line='write', template='%s/rtmp.ini' % dir_path, target='/etc/hca/rtmp.ini', params=(
             ('{{ MS_SERVER_NAME }}', utils.get_conf('MS_SERVER_NAME', 'mediaserver')),
-            ('{{ streaming_pwd }}', streaming_pwd),
+            ('{{ WOWZA_LIVE_PWD }}', live_pwd),
         )))
     else:
         print('Configuration of HCA rtmp.ini file skipped (no live password in config).')

6.HCA/http.ini

 [http]
-base_url = "https://{{ ftp_server_name }}"
+base_url = "https://{{ FTP_SERVER_NAME }}"
 pattern = "%(video_path)s"
 
 [storage]
 type = "ftp"
-host = "{{ ftp_server_name }}"
+host = "{{ FTP_SERVER_NAME }}"
 user = "ftpstorage"
-password = "{{ ftp_storage_pwd }}"
+password = "{{ FTP_STORAGE_PWD }}"
 
 #[rtmp]
 #server = "rtmp://{{ MS_SERVER_NAME }}/vod"
@@ -19,9 +19,9 @@ password = "{{ ftp_storage_pwd }}"
 
 [mediaserver]
 username = "ftpmsuploader"
-password = "{{ ftp_msuploader_pwd }}"
+password = "{{ FTP_MSUPLOADER_PWD }}"
 admin_username = "ftpadmin"
-admin_password = "{{ ftp_admin_pwd }}"
+admin_password = "{{ FTP_ADMIN_PWD }}"
 base_dir = "/home/ftp/storage/"
 www_dir_name = "www"
 uploads_dir_name = "msuploads"

6.HCA/rtmp.ini

 port=1935
 server="{{ MS_SERVER_NAME }}"
-app="live/_definst_?doPublish={{ streaming_pwd }}"
+app="live/_definst_?doPublish={{ WOWZA_LIVE_PWD }}"
 enable_hls="yes"
 hls_uri_template="https://{{ MS_SERVER_NAME }}/streaming/%(stream_id)s/Playlist.m3u8"

7.Nginx/0_setup.py

 #!/usr/bin/python3
 # -*- coding: utf-8 -*-
 import os
+import re
 
 import utils
 
@@ -31,13 +32,13 @@ def setup(interactive=True):
     # FTP: videos vhost
     if os.path.exists('/var/www/videos'):
         cmds.append('cp %s/crossdomain.xml /var/www/videos/crossdomain.xml' % dir_path)
-        server_name = utils.get_conf('ftp_server_name') or 'videos'
+        server_name = utils.get_conf('FTP_SERVER_NAME') or 'videos'
         cmds.extend(vhost_write_cmds(dir_path, 'videos', server_name))
         hosts.append(server_name)
     # Wowza: streaming vhost
     if os.path.exists('/var/www/streaming'):
         cmds.append('cp %s/crossdomain.xml /var/www/streaming/crossdomain.xml' % dir_path)
-        server_name = utils.get_conf('wowza_server_name') or 'streaming'
+        server_name = utils.get_conf('WOWZA_SERVER_NAME') or 'streaming'
         cmds.extend(vhost_write_cmds(dir_path, 'streaming', server_name))
         hosts.append(server_name)
     # MediaServer: mediaserver-msuser vhost
@@ -81,3 +82,23 @@ def setup(interactive=True):
         with open('/etc/hosts', 'w') as fo:
             fo.write(new_content)
         utils.log('/etc/hosts updated.')
+    else:
+        utils.log('/etc/hosts is already up to date.')
+    # Update certificate in ssl.conf
+    ssl_conf = '/etc/nginx/conf.d/ssl.conf'
+    if not os.path.exists(ssl_conf):
+        utils.log('The SSL configuration file "%s" does not exist, SSL certificate not updated.' % ssl_conf)
+    else:
+        ssl_cert = utils.get_conf('SSL_CERTIFICATE') or '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+        ssl_key = utils.get_conf('SSL_CERTIFICATE_KEY') or '/etc/ssl/private/ssl-cert-snakeoil.key'
+        with open(ssl_conf, 'r') as fo:
+            content = fo.read()
+        new_content = content
+        new_content = re.sub(r'ssl_certificate\s+([\w/\-\_\.]+);', 'ssl_certificate %s;' % ssl_cert, new_content)
+        new_content = re.sub(r'ssl_certificate_key\s+([\w/\-\_\.]+);', 'ssl_certificate_key %s;' % ssl_key, new_content)
+        if new_content != content:
+            with open(ssl_conf, 'w') as fo:
+                fo.write(new_content)
+            utils.log('SSL configuration file %s updated.' % ssl_conf)
+        else:
+            utils.log('SSL configuration file %s already up to date.' % ssl_conf)

launcher.sh

@@ -24,6 +24,7 @@ init() {
     python3 /root/envsetup/envsetup.py 2
     python3 /root/envsetup/envsetup.py 21
     python3 /root/envsetup/envsetup.py 22
+    python3 /root/envsetup/envsetup.py 23
     python3 /root/envsetup/envsetup.py 4
 }
 
@@ -41,7 +42,6 @@ mediaserver() {
     python3 /root/envsetup/envsetup.py 8
     python3 /root/envsetup/envsetup.py 61
     python3 /root/envsetup/envsetup.py 7
-    python3 /root/envsetup/envsetup.py 23
     python3 /root/envsetup/envsetup.py 41
     python3 /root/envsetup/envsetup.py 42
     python3 /root/envsetup/envsetup.py 7
@@ -54,7 +54,6 @@ worker() {
 campusmanager() {
     python3 /root/envsetup/envsetup.py 3
     python3 /root/envsetup/envsetup.py 7
-    python3 /root/envsetup/envsetup.py 23
     python3 /root/envsetup/envsetup.py 51
     python3 /root/envsetup/envsetup.py 7
 }