#!/bin/bash HOSTNAME=`hostname -f` PILER_HOST_IP="127.0.0.1" SMARTHOST="" PILERUSER="piler" MYSQL_HOSTNAME="localhost" MYSQL_DATABASE="piler" MYSQL_USERNAME="piler" MYSQL_PASSWORD="verystrongpassword" MYSQL_ROOT_PASSWORD="piler123" KEYFILE="/usr/local/etc/piler.key" KEYTMPFILE="key.tmp" DOCROOT="/var/www/piler" WWWGROUP="www-data" SSL_CERT_DATA="/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" SPHINX_PILER_CONFIG="/usr/local/etc/sphinx.conf" CRON_TMP=aaaa.11 isFQDN() { # we need min. 2 dots if [ x"$1" = "xdogfood" ]; then echo 1 return fi if [ x"$1" = "x" ]; then echo 0 return fi NF=`echo $1 | awk -F. '{print NF}'` if [ $NF -ge 2 ]; then echo 1 else echo 0 fi } ask() { PROMPT=$1 DEFAULT=$2 echo "" echo -n "$PROMPT [$DEFAULT] " read response if [ -z $response ]; then response=$DEFAULT fi } askNonBlankNoEcho() { PROMPT=$1 DEFAULT=$2 while [ 1 ]; do stty -echo ask "$PROMPT" "$DEFAULT" stty echo echo "" if [ ! -z $response ]; then break fi echo "A non-blank answer is required" done } askNoEcho() { PROMPT=$1 DEFAULT=$2 stty -echo ask "$PROMPT" "$DEFAULT" stty echo echo "" } askNonBlank() { PROMPT=$1 DEFAULT=$2 while [ 1 ]; do ask "$PROMPT" "$DEFAULT" if [ ! -z $response ]; then break fi echo "A non-blank answer is required" done } askYN() { PROMPT=$1 DEFAULT=$2 if [ "x$DEFAULT" = "xyes" -o "x$DEFAULT" = "xYes" -o "x$DEFAULT" = "xy" -o "x$DEFAULT" = "xY" ]; then DEFAULT="Y" else DEFAULT="N" fi while [ 1 ]; do ask "$PROMPT" "$DEFAULT" response=$(perl -e "print lc(\"$response\");") if [ -z $response ]; then : else if [ $response = "yes" -o $response = "y" ]; then response="yes" break else if [ $response = "no" -o $response = "n" ]; then response="no" break fi fi fi echo "A Yes/No answer is required" done } check_user() { user=$1 if [ x`whoami` != x$user ]; then echo "ERROR: the installer must be run as $user user"; exit 1; fi } get_mysql_root_pwd() { askNoEcho "Please enter mysql root password" "" MYSQL_ROOT_PASSWORD=$response s=`echo "use information_schema; select TABLE_NAME from TABLES where TABLE_SCHEMA='$MYSQL_DATABASE'" | mysql -h $MYSQL_HOSTNAME -u root --password=$MYSQL_ROOT_PASSWORD` if [ $? -eq 0 ]; then echo "mysql connection successful"; echo; if [ `echo $s | grep -c metadata` -eq 1 ]; then echo "ERROR: Detected metadata table in $MYSQL_DATABASE. Aborting"; exit 0; fi else echo "ERROR: failed to connect to mysql"; get_mysql_root_pwd fi } collect_data() { askNonBlank "Please enter FQDN of this host" "$HOSTNAME" HOSTNAME=$response ask "Please enter the FQDN / IP-address of the smarthost" "$SMARTHOST" SMARTHOST=$response askNonBlank "Please enter the group of the webserver" "$WWWGROUP" WWWGROUP=$response askNonBlank "Please enter SSL certificate data for the piler deamon" "$SSL_CERT_DATA" SSL_CERT_DATA=$response askNonBlankNoEcho "Please enter mysql password for $MYSQL_USERNAME" "" MYSQL_PASSWORD=$response get_mysql_root_pwd show_install_parameters askYN "Accept and continue? [Y/n]: " "Y" YN=$response if test "$YN" = "no"; then collect_data; fi hostname $HOSTNAME } show_install_parameters() { echo echo "Configuration details:" echo "----------------------" echo echo "Hostname: $HOSTNAME" echo "IP-address: $PILER_HOST_IP" echo "Smarthost: $SMARTHOST" echo "Documentroot: $DOCROOT" echo "Webserver user: $WWWGROUP" echo "Piler SSL cert data: $SSL_CERT_DATA" } show_licence() { echo echo "This is the piler first time postinstall for docker script." echo "DO NOT run the postinstall if you have done it before!" echo echo "Enter Y to accept the licence and continue." echo askYN "Accept licence? [y/N]: " "N" YN=$response if test "$YN" != "yes"; then echo "Aborted."; exit 1; fi } configure_piler() { cat < /usr/local/etc/piler.conf archive_emails_not_having_message_id=0 archive_only_mydomains=0 backlog=20 cipher_list=HIGH:MEDIUM clamd_socket=/tmp/clamd debug=0 default_retention_days=2557 enable_cjk=0 encrypt_messages=1 extra_to_field=X-Envelope-To: hostid=$HOSTNAME iv= listen_addr=0.0.0.0 listen_port=25 locale= max_requests_per_child=1000 memcached_servers=127.0.0.1 memcached_to_db_interval=900 memcached_ttl=86400 min_word_len=1 mysqlhost= mysqlport=0 mysqlsocket=/var/run/mysqld/mysqld.sock mysqluser=$MYSQL_USERNAME mysqlpwd=$MYSQL_PASSWORD mysqldb=$MYSQL_DATABASE mysql_connect_timeout=2 number_of_worker_processes=10 pemfile=/usr/local/etc/piler.pem pidfile=/var/run/piler/piler.pid piler_header_field=X-piler: piler already archived this email queuedir=/var/piler/store server_id=0 session_timeout=420 syslog_recipients=1 spam_header_line= tls_enable=1 username=piler verbosity=1 workdir=/var/piler/tmp PILERCONF } writing_piler_crontab() { cat < $CRON_TMP ### PILERSTART 5,35 * * * * /usr/local/libexec/piler/indexer.delta.sh 30 2 * * * /usr/local/libexec/piler/indexer.main.sh */15 * * * * /usr/local/bin/indexer --quiet tag1 --rotate */15 * * * * /usr/local/bin/indexer --quiet note1 --rotate 30 6 * * * /usr/bin/php /usr/local/libexec/piler/generate_stats.php --webui /var/www/piler > /dev/null */5 * * * * /usr/bin/find /var/www/piler/tmp -type f -name i.\* -exec rm -f {} \; ### PILEREND CRONTAB crontab -u $PILERUSER $CRON_TMP rm -f $CRON_TMP } piler_postinstall() { cd /tmp mkdir -p /var/piler/tmp /var/piler/stat /var/piler/imap /var/piler/store/00 /var/piler/import /var/piler/export /var/piler/sphinx chown -R piler:piler /var/piler/tmp /var/piler/stat /var/piler/imap /var/piler/store /var/piler/import /var/piler/export /var/piler/sphinx echo -n "Creating mysql database... "; sed -e "s%MYSQL_HOSTNAME%$MYSQL_HOSTNAMEg%" -e "s%MYSQL_DATABASE%$MYSQL_DATABASE%g" -e "s%MYSQL_USERNAME%$MYSQL_USERNAME%g" -e "s%MYSQL_PASSWORD%$MYSQL_PASSWORD%g" /usr/local/share/piler/db-mysql-root.sql.in | mysql -h $MYSQL_HOSTNAME -u root --password=$MYSQL_ROOT_PASSWORD mysql -h $MYSQL_HOSTNAME -u $MYSQL_USERNAME --password=$MYSQL_PASSWORD $MYSQL_DATABASE < /usr/local/share/piler/db-mysql.sql echo "Done." echo -n "Overwriting sphinx configuration... "; sed -e "s%MYSQL_HOSTNAME%$MYSQL_HOSTNAME%" -e "s%MYSQL_DATABASE%$MYSQL_DATABASE%" -e "s%MYSQL_USERNAME%$MYSQL_USERNAME%" -e "s%MYSQL_PASSWORD%$MYSQL_PASSWORD%" jsuto-piler-*/etc/sphinx.conf.in > /usr/local/etc/sphinx.conf echo "Done." echo -n "Initializing sphinx indices... "; su $PILERUSER -c "indexer --all" echo "Done." echo -n "Generating openssh keys ... "; /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N '' echo "Done." echo -n "Making an ssl certificate ... " openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "$SSL_CERT_DATA" -keyout /usr/local/etc/piler.pem -out 1.cert cat 1.cert >> /usr/local/etc/piler.pem chmod 600 /usr/local/etc/piler.pem rm 1.cert echo -n "installing keyfile ($KEYTMPFILE) to $KEYFILE... " dd if=/dev/urandom bs=56 count=1 of=$KEYTMPFILE cp $KEYTMPFILE $KEYFILE chgrp $PILERUSER $KEYFILE chmod 640 $KEYFILE rm -f $KEYTMPFILE echo "Done." cat < /usr/local/etc/nginx-piler.conf server { server_name $HOSTNAME; root /var/www/piler; access_log /var/log/nginx/$HOSTNAME-access.log; error_log /var/log/nginx/$HOSTNAME-error.log; gzip on; gzip_types text/plain application/xml text/css; gzip_vary on; location / { index index.php index.html; } #error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f \$document_root\$fastcgi_script_name) { return 404; } fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; } location ~* \.(ico|css|js|gif|jpe?g|png)$ { expires 2w; } rewrite /search.php /index.php?route=search/search&type=simple; rewrite /advanced.php /index.php?route=search/search&type=advanced; rewrite /expert.php /index.php?route=search/search&type=expert; rewrite /search-helper.php /index.php?route=search/helper; rewrite /audit-helper.php /index.php?route=audit/helper; rewrite /message.php /index.php?route=message/view; rewrite /bulkrestore.php /index.php?route=message/bulkrestore; rewrite /bulkpdf.php /index.php?route=message/bulkpdf; rewrite /folders.php /index.php?route=folder/list&; rewrite /settings.php /index.php?route=user/settings; rewrite /login.php /index.php?route=login/login; rewrite /logout.php /index.php?route=login/logout; rewrite /google.php /index.php?route=login/google; rewrite /domain.php /index.php?route=domain/domain; rewrite /ldap.php /index.php?route=ldap/list; rewrite /customer.php /index.php?route=customer/list; rewrite /retention.php /index.php?route=policy/retention; rewrite /archiving.php /index.php?route=policy/archiving; rewrite /view/javascript/piler.js /js.php; } NGINXCONFIG cat < /usr/local/etc/config-site.php CONFIGSITE } check_user root show_licence collect_data ###write_nginx_vhost configure_piler piler_postinstall writing_piler_crontab echo "changing root password:" passwd root