Advertisement
Guest User

Untitled

a guest
Oct 10th, 2018
1,824
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 7.90 KB | None | 0 0
  1. #!/usr/bin/env bash
  2. set -e
  3.  
  4. export LOG_FILE=/tmp/install.log
  5.  
  6. CERT_DIR=/etc/ssl/certs
  7. KEY_DIR=/etc/ssl/private
  8. CONFIG_DIR=/etc/lamassu
  9. MIGRATE_STATE_PATH=$CONFIG_DIR/.migrate
  10. LAMASSU_CA_PATH=$CERT_DIR/Lamassu_CA.pem
  11. CA_KEY_PATH=$KEY_DIR/Lamassu_OP_Root_CA.key
  12. CA_PATH=$CERT_DIR/Lamassu_OP_Root_CA.pem
  13. SERVER_KEY_PATH=$KEY_DIR/Lamassu_OP.key
  14. SERVER_CERT_PATH=$CERT_DIR/Lamassu_OP.pem
  15. SEEDS_DIR=$HOME/seeds
  16. SEED_FILE=$SEEDS_DIR/seed.txt
  17. BACKUP_DIR=/var/backups/postgresql
  18. BLOCKCHAIN_DIR=/mnt/blockchains
  19. OFAC_DATA_DIR=/var/lamassu/ofac
  20.  
  21. # Look into http://unix.stackexchange.com/questions/140734/configure-localtime-dpkg-reconfigure-tzdata
  22.  
  23. decho () {
  24.   echo `date +"%H:%M:%S"` $1
  25.   echo `date +"%H:%M:%S"` $1 >> $LOG_FILE
  26. }
  27.  
  28. retry() {
  29.   local -r -i max_attempts="$1"; shift
  30.   local -r cmd="$@"
  31.   local -i attempt_num=1
  32.  
  33.   until $cmd
  34.   do
  35.     if (( attempt_num == max_attempts ))
  36.     then
  37.         echo
  38.         echo "****************************************************************"
  39.         echo "Attempt $attempt_num failed and there are no more attempts left! ($cmd)"
  40.         return 1
  41.     else
  42.         echo
  43.         echo "****************************************************************"
  44.         echo "Attempt $attempt_num failed! Trying again in $attempt_num seconds..."
  45.         sleep $(( attempt_num++ ))
  46.     fi
  47.   done
  48. }
  49.  
  50. rm -f $LOG_FILE
  51.  
  52. cat <<'FIG'
  53.  _
  54. | | __ _ _ __ ___   __ _ ___ ___ _   _       ___  ___ _ ____   _____ _ __
  55. | |/ _` | '_ ` _ \ / _` / __/ __| | | |_____/ __|/ _ \ '__\ \ / / _ \ '__|
  56. | | (_| | | | | | | (_| \__ \__ \ |_| |_____\__ \  __/ |   \ V /  __/ |
  57. |_|\__,_|_| |_| |_|\__,_|___/___/\__,_|     |___/\___|_|    \_/ \___|_|
  58. FIG
  59.  
  60. echo -e "\nStarting \033[1mlamassu-server\033[0m install. This will take a few minutes...\n"
  61.  
  62. if [ "$(whoami)" != "root" ]; then
  63.   echo -e "This script has to be run as \033[1mroot\033[0m user"
  64.   exit 3
  65. fi
  66.  
  67. release=$(lsb_release -rs)
  68. processor=$(uname -i)
  69. if [ "$release" != "16.04" ] || [ "$processor" != "x86_64" ]; then
  70.     echo "You're attempting to install on an unsupported Linux distribution or release."
  71.     uname -a
  72.     echo "Please return to DigitalOcean and create a droplet running Ubuntu 16.04 x64 instead."
  73.     exit 1
  74. fi
  75.  
  76. # So we don't run out of memory
  77. decho "Enabling swap file for install only..."
  78. fallocate -l 1G /swapfile >> $LOG_FILE 2>&1
  79. chmod 600 /swapfile >> $LOG_FILE 2>&1
  80. mkswap /swapfile >> $LOG_FILE 2>&1
  81. swapon /swapfile >> $LOG_FILE 2>&1
  82.  
  83. IP=$(ifconfig eth0 | grep "inet" | grep -v "inet6" | awk -F: '{print $2}' | awk '{print $1}')
  84.  
  85. decho "Updating system..."
  86. sleep 10
  87. curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - >> $LOG_FILE 2>&1
  88. apt update >> $LOG_FILE 2>&1
  89.  
  90. decho "Installing necessary packages..."
  91. apt install nodejs python-minimal build-essential supervisor postgresql libpq-dev -y -q >> $LOG_FILE 2>&1
  92.  
  93. decho "Generating seed..."
  94. mkdir -p $SEEDS_DIR >> $LOG_FILE 2>&1
  95. SEED=$(openssl rand -hex 32)
  96. echo $SEED > $SEED_FILE
  97.  
  98. decho "Installing latest npm package manager for node..."
  99. retry 3 npm -g --unsafe-perm install npm@5  >> $LOG_FILE 2>&1
  100. NODE_MODULES=$(npm -g root)
  101. NPM_BIN=$(npm -g bin)
  102.  
  103. decho "Installing lamassu-server..."
  104. retry 3 npm -g --unsafe-perm install lamassu/lamassu-server#master >> $LOG_FILE 2>&1
  105.  
  106. decho "updating node"
  107. npm install n -g >> ${LOG_FILE} 2>&1
  108. n lts >> ${LOG_FILE} 2>&1
  109. decho "version installed $(node -v)"
  110. export NPM_BIN=$(npm -g bin)
  111.  
  112. decho "updating lamassu-server"
  113. npm -g install lamassu/lamassu-server#master --unsafe-perm >> ${LOG_FILE} 2>&1
  114.  
  115. decho "rebuilding npm deps"
  116. cd $(npm root -g)/lamassu-server/ >> ${LOG_FILE} 2>&1
  117. npm rebuild >> ${LOG_FILE} 2>&1
  118.  
  119. decho "Creating postgres user..."
  120. POSTGRES_PW=$(hkdf postgres-pw $SEED)
  121. su -l postgres >> $LOG_FILE 2>&1 <<EOF
  122.   psql -c "CREATE ROLE lamassu_pg WITH LOGIN SUPERUSER PASSWORD '$POSTGRES_PW';"
  123.   createdb lamassu
  124. EOF
  125.  
  126. mkdir -p $CERT_DIR >> $LOG_FILE 2>&1
  127. mkdir -p $CONFIG_DIR >> $LOG_FILE 2>&1
  128.  
  129. decho "Generating SSL certificates..."
  130.  
  131. openssl genrsa \
  132.   -out $CA_KEY_PATH \
  133.   4096 >> $LOG_FILE 2>&1
  134.  
  135. openssl req \
  136.   -x509 \
  137.   -sha256 \
  138.   -new \
  139.   -nodes \
  140.   -key $CA_KEY_PATH \
  141.   -days 3560 \
  142.   -out $CA_PATH \
  143.   -subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator CA/CN=lamassu-operator.is" \
  144.   >> $LOG_FILE 2>&1
  145.  
  146. openssl genrsa \
  147.   -out $SERVER_KEY_PATH \
  148.   4096 >> $LOG_FILE 2>&1
  149.  
  150. openssl req -new \
  151.   -key $SERVER_KEY_PATH \
  152.   -out /tmp/Lamassu_OP.csr.pem \
  153.   -subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator/CN=$IP" \
  154.   -reqexts SAN \
  155.   -sha256 \
  156.   -config <(cat /etc/ssl/openssl.cnf \
  157.       <(printf "[SAN]\nsubjectAltName=IP.1:$IP")) \
  158.   >> $LOG_FILE 2>&1
  159.  
  160. openssl x509 \
  161.   -req -in /tmp/Lamassu_OP.csr.pem \
  162.   -CA $CA_PATH \
  163.   -CAkey $CA_KEY_PATH \
  164.   -CAcreateserial \
  165.   -out $SERVER_CERT_PATH \
  166.   -extfile <(cat /etc/ssl/openssl.cnf \
  167.       <(printf "[SAN]\nsubjectAltName=IP.1:$IP")) \
  168.   -extensions SAN \
  169.   -days 3650 >> $LOG_FILE 2>&1
  170.  
  171. rm /tmp/Lamassu_OP.csr.pem
  172.  
  173. decho "Copying Lamassu certificate authority..."
  174. LAMASSU_CA_FILE=$NODE_MODULES/lamassu-server/Lamassu_CA.pem
  175. cp $LAMASSU_CA_FILE $LAMASSU_CA_PATH
  176.  
  177. mkdir -p $OFAC_DATA_DIR
  178.  
  179. cat <<EOF > $CONFIG_DIR/lamassu.json
  180. {
  181.   "postgresql": "postgres://lamassu_pg:$POSTGRES_PW@localhost/lamassu",
  182.   "seedPath": "$SEED_FILE",
  183.   "lamassuCaPath": "$LAMASSU_CA_PATH",
  184.   "caPath": "$CA_PATH",
  185.   "certPath": "$SERVER_CERT_PATH",
  186.   "keyPath": "$SERVER_KEY_PATH",
  187.   "hostname": "$IP",
  188.   "logLevel": "info",
  189.   "migrateStatePath": "$MIGRATE_STATE_PATH",
  190.   "blockchainDir": "$BLOCKCHAIN_DIR",
  191.   "ofacDataDir": "$OFAC_DATA_DIR",
  192.   "strike": {
  193.     "baseUrl": "https://api.strike.acinq.co/api/"
  194.   },
  195.   "coinAtmRadar": {
  196.     "url": "https://coinatmradar.info/api/lamassu/"
  197.   }
  198. }
  199. EOF
  200.  
  201. decho "Setting up database tables..."
  202. lamassu-migrate >> $LOG_FILE 2>&1
  203.  
  204. decho "Setting up lamassu-admin..."
  205. ADMIN_REGISTRATION_URL=`lamassu-register admin 2>> $LOG_FILE`
  206. lamassu-apply-defaults >> $LOG_FILE 2>&1
  207.  
  208. decho "Setting up backups..."
  209. BIN=$(npm -g bin)
  210. BACKUP_CMD=$BIN/lamassu-backup-pg
  211. mkdir -p $BACKUP_DIR
  212. BACKUP_CRON="@daily $BACKUP_CMD > /dev/null"
  213. (crontab -l 2>/dev/null || echo -n ""; echo "$BACKUP_CRON") | crontab - >> $LOG_FILE 2>&1
  214. $BACKUP_CMD >> $LOG_FILE 2>&1
  215.  
  216. decho "Setting up firewall..."
  217. ufw allow ssh >> $LOG_FILE 2>&1
  218. ufw allow 443/tcp >> $LOG_FILE 2>&1   # Admin
  219. ufw allow 3000/tcp >> $LOG_FILE 2>&1  # Server
  220. ufw allow 8071/tcp >> $LOG_FILE 2>&1  # Lamassu support
  221. ufw -f enable >> $LOG_FILE 2>&1
  222.  
  223. decho "Setting up supervisor..."
  224. cat <<EOF > /etc/supervisor/conf.d/lamassu-server.conf
  225. [program:lamassu-server]
  226. command=${NPM_BIN}/lamassu-server
  227. autostart=true
  228. autorestart=true
  229. stderr_logfile=/var/log/supervisor/lamassu-server.err.log
  230. stdout_logfile=/var/log/supervisor/lamassu-server.out.log
  231. environment=HOME="/root"
  232. EOF
  233.  
  234. cat <<EOF > /etc/supervisor/conf.d/lamassu-admin-server.conf
  235. [program:lamassu-admin-server]
  236. command=${NPM_BIN}/lamassu-admin-server
  237. autostart=true
  238. autorestart=true
  239. stderr_logfile=/var/log/supervisor/lamassu-admin-server.err.log
  240. stdout_logfile=/var/log/supervisor/lamassu-admin-server.out.log
  241. environment=HOME="/root"
  242. EOF
  243.  
  244. service supervisor restart >> $LOG_FILE 2>&1
  245.  
  246. decho "Disabling swap file..."
  247. swapoff /swapfile >> $LOG_FILE 2>&1
  248.  
  249. # disable exitting on error in case DO changes motd scripts
  250. set +e
  251. chmod -x /etc/update-motd.d/*-release-upgrade
  252. chmod -x /etc/update-motd.d/*-updates-available
  253. chmod -x /etc/update-motd.d/*-reboot-required
  254. chmod -x /etc/update-motd.d/*-help-text
  255. chmod -x /etc/update-motd.d/*-cloudguest
  256. set -e
  257.  
  258. echo
  259. decho "Done! Now it's time to configure Lamassu stack."
  260. echo
  261. echo -e "\n*** IMPORTANT ***"
  262. echo "In a private space, run lamassu-mnemonic, write down the words"
  263. echo "and keep them in a safe place."
  264. echo
  265. echo "This secret will allow you to retrieve system passwords, including "
  266. echo "the keys to some of your crypto accounts."
  267. echo
  268. echo
  269. echo "Activation URL for lamassu-admin:"
  270. echo $ADMIN_REGISTRATION_URL
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement