forked from snipe/snipe-it
-
Notifications
You must be signed in to change notification settings - Fork 0
/
snipeit.sh
executable file
·563 lines (487 loc) · 20.9 KB
/
snipeit.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
#!/bin/bash
######################################################
# Snipe-It Install Script #
# Script created by Mike Tucker #
# mtucker6784@gmail.com #
# This script is just to help streamline the #
# install process for Debian and CentOS #
# based distributions. I assume you will be #
# installing as a subdomain on a fresh OS install. #
# Right now I'm not going to worry about SMTP setup #
# #
# Feel free to modify, but please give #
# credit where it's due. Thanks! #
######################################################
# ensure running as root
if [ "$(id -u)" != "0" ]; then
exec sudo "$0" "$@"
fi
#First things first, let's set some variables and find our distro.
clear
name="snipeit"
hostname="$(hostname)"
fqdn="$(hostname --fqdn)"
ans=default
hosts=/etc/hosts
file=master.zip
tmp=/tmp/$name
fileName=snipe-it-master
spin[0]="-"
spin[1]="\\"
spin[2]="|"
spin[3]="/"
rm -rf ${tmp:?}
mkdir $tmp
# Debian/Ubuntu friendly f(x)s
progress () {
while kill -0 "$pid" > /dev/null 2>&1
do
for i in "${spin[@]}"
do
if [ -e /proc/"$pid" ]; then
echo -ne "\b$i"
sleep .1
else
echo -ne "\n\b\n"
fi
done
done
}
#Used for Debian and Ubuntu
vhenvfile () {
find /etc/apache2/mods-enabled -maxdepth 1 -name 'rewrite.load' >/dev/null 2>&1
apachefile=/etc/apache2/sites-available/$name.conf
echo "* Create Virtual host for apache."
{
echo "<VirtualHost *:80>"
echo "ServerAdmin webmaster@localhost"
echo "<Directory $webdir/$name/public>"
echo " Require all granted"
echo " AllowOverride All"
echo " </Directory>"
echo " DocumentRoot $webdir/$name/public"
echo " ServerName $fqdn"
echo " ErrorLog /var/log/apache2/snipeIT.error.log"
echo " CustomLog /var/log/apache2/access.log combined"
echo "</VirtualHost>"
} >> $apachefile
echo >> $hosts "127.0.0.1 $hostname $fqdn"
log "a2ensite $name.conf"
cp $webdir/$name/.env.example $webdir/$name/.env
sed -i '1 i\#Created By Snipe-it Installer' $webdir/$name/.env
sed -i 's,^\(APP_TIMEZONE=\).*,\1'$(cat /etc/timezone)',' $webdir/$name/.env
sed -i 's,^\(DB_HOST=\).*,\1'localhost',' $webdir/$name/.env
sed -i 's,^\(DB_DATABASE=\).*,\1'snipeit',' $webdir/$name/.env
sed -i 's,^\(DB_USERNAME=\).*,\1'snipeit',' $webdir/$name/.env
sed -i 's,^\(DB_PASSWORD=\).*,\1'$mysqluserpw',' $webdir/$name/.env
sed -i 's,^\(APP_URL=\).*,\1'http://$fqdn',' $webdir/$name/.env
sed -i 's,^\(APP_KEY=\).*,\1'$$random32',' $webdir/$name/.env
}
perms () {
chmod_dirs=( "$webdir/$name/storage" )
chmod_dirs+=( "$webdir/$name/storage/private_uploads" )
chmod_dirs+=( "$webdir/$name/public/uploads" )
#Change permissions on directories
for chmod_dir in "${chmod_dirs[@]}"
do
chmod -R 755 "$chmod_dir"
done
}
log () {
eval "$@" |& tee -a /var/log/snipeit-install.log >/dev/null 2>&1
}
#CentOS Friendly f(x)s
function isinstalled {
if yum list installed "$@" >/dev/null 2>&1; then
true
else
false
fi
}
if [ -f /etc/lsb-release ]; then
distro="$(lsb_release -s -i )"
version="$(lsb_release -s -r)"
codename="$(lsb_release -c -s)"
elif [ -f /etc/os-release ]; then
distro="$(. /etc/os-release && echo $ID)"
version="$(. /etc/os-release && echo $VERSION_ID)"
#Order is important here. If /etc/os-release and /etc/centos-release exist, we're on centos 7.
#If only /etc/centos-release exist, we're on centos6(or earlier). Centos-release is less parsable,
#so lets assume that it's version 6 (Plus, who would be doing a new install of anything on centos5 at this point..)
elif [ -f /etc/centos-release ]; then
distro="Centos"
version="6"
else
distro="unsupported"
fi
echo "
_____ _ __________
/ ___/____ (_)___ ___ / _/_ __/
\__ \/ __ \/ / __ \/ _ \______ / / / /
___/ / / / / / /_/ / __/_____// / / /
/____/_/ /_/_/ .___/\___/ /___/ /_/
/_/
"
echo ""
echo ""
echo " Welcome to Snipe-IT Inventory Installer for Centos, Debian and Ubuntu!"
echo ""
shopt -s nocasematch
case $distro in
*Ubuntu*)
echo " The installer has detected Ubuntu version $version as the OS."
distro=ubuntu
;;
*Debian*)
echo " The installer has detected Debian version $version as the OS."
distro=debian
;;
*centos*|*redhat*|*ol*|*rhel*)
echo " The installer has detected $distro version $version as the OS."
distro=centos
;;
*)
echo " The installer was unable to determine your OS. Exiting for safety."
exit
;;
esac
shopt -u nocasematch
#Get your FQDN.
echo -n " Q. What is the FQDN of your server? ($fqdn): "
read fqdn
if [ -z "$fqdn" ]; then
fqdn="$(hostname --fqdn)"
fi
echo " Setting to $fqdn"
echo ""
#Do you want to set your own passwords, or have me generate random ones?
until [[ $ans == "yes" ]] || [[ $ans == "no" ]]; do
echo -n " Q. Do you want to automatically create the database user password? (y/n) "
read setpw
case $setpw in
[yY] | [yY][Ee][Ss] )
mysqluserpw="$(echo `< /dev/urandom tr -dc _A-Za-z-0-9 | head -c16`)"
ans="yes"
;;
[nN] | [n|N][O|o] )
echo -n " Q. What do you want your snipeit user password to be?"
read -s mysqluserpw
echo ""
ans="no"
;;
*) echo " Invalid answer. Please type y or n"
;;
esac
done
#Snipe says we need a new 32bit key, so let's create one randomly and inject it into the file
#db_setup.sql will be injected to the database during install.
#Again, this file should be removed, which will be a prompt at the end of the script.
dbsetup=$tmp/db_setup.sql
echo >> $dbsetup "CREATE DATABASE snipeit;"
echo >> $dbsetup "GRANT ALL PRIVILEGES ON snipeit.* TO snipeit@localhost IDENTIFIED BY '$mysqluserpw';"
#Let us make it so only root can read the file. Again, this isn't best practice, so please remove these after the install.
chown root:root $dbsetup
chmod 700 $dbsetup
## TODO: Progress tracker on each step
case $distro in
debian)
##################################### Install for Debian ##############################################
#Update/upgrade Debian/Ubuntu repositories, get the latest version of git.
#Git clone snipeit, create vhost, edit hosts file, create .env file, mysql install
#composer install, set permissions, restart apache.
#BTW, Debian, I swear, you're such a pain.
webdir=/var/www
echo -e "\n* Updating Debian packages in the background... ${spin[0]}\n"
apt-get update >> /var/log/snipeit-install.log & pid=$! 2>&1
wait
apt-get upgrade >> /var/log/snipeit-install.log & pid=$! 2>&1
wait
echo -e "\n* Installing packages... ${spin[0]}\n"
echo -e "\n* Going to suppress more messages that you don't need to worry about. Please wait... ${spin[0]}"
DEBIAN_FRONTEND=noninteractive apt-get -y install mariadb-server mariadb-client apache2 git unzip php5 php5-mcrypt php5-curl php5-mysql php5-gd php5-ldap libapache2-mod-php5 curl >> /var/log/snipeit-install.log & pid=$! 2>&1
progress
wait
echo -e "\n* Cloning Snipeit, extracting to $webdir/$name..."
git clone https://github.com/snipe/snipe-it $webdir/$name >> /var/log/snipeit-install.log & pid=$! 2>&1
progress
php5enmod mcrypt >> /var/log/snipeit-install.log 2>&1
a2enmod rewrite >> /var/log/snipeit-install.log 2>&1
vhenvfile
wait
echo >> $hosts "127.0.0.1 $hostname $fqdn"
a2ensite $name.conf
echo -e "* Modify the Snipe-It files necessary for a production environment.\n* Securing Mysql"
# Have user set own root password when securing install
# and just set the snipeit database user at the beginning
/usr/bin/mysql_secure_installation
echo -e "* Creating Mysql Database and User.\n## Please Input your MySQL/MariaDB root password: "
mysql -u root -p < $dbsetup
cd $webdir/$name/
curl -sS https://getcomposer.org/installer | php
php composer.phar install --no-dev --prefer-source
perms
service apache2 restart
php artisan key:generate
php artisan passport:install
;;
ubuntu)
##################################### Install for Ubuntu ##############################################
#Update/upgrade Debian/Ubuntu repositories, get the latest version of git.
#Git clone snipeit, create vhost, .env file, mysql install
#composer install, set permissions, restart apache.
webdir=/var/www
echo -ne "\n* Adding MariaDB repo in the background... ${spin[0]}"
(echo "deb [arch=amd64,i386] http://ftp.hosteurope.de/mirror/mariadb.org/repo/10.1/ubuntu $codename main" | tee /etc/apt/sources.list.d/mariadb.list >/dev/null 2>&1)
log "apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8"
echo -ne "\n* Updating with apt-get update in the background... ${spin[0]}"
log "apt-get update" & pid=$!
[ -f /var/lib/dpkg/lock ] && rm -f /var/lib/dpkg/lock
progress
echo -ne "\n* Upgrading packages with apt-get upgrade in the background... ${spin[0]}"
log "apt-get -y upgrade" & pid=$!
progress
echo -ne "\n* Setting up LAMP in the background... ${spin[0]}\n"
log "DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server mariadb-client apache2 libapache2-mod-php curl" & pid=$!
progress
if [ "$version" == "16.04" ]; then
log "apt-get install -y git unzip php php-mcrypt php-curl php-mysql php-gd php-ldap php-zip php-mbstring php-xml" & pid=$!
progress
log "phpenmod mcrypt"
log "phpenmod mbstring"
log "a2enmod rewrite"
else
log "apt-get install -y git unzip php5 php5-mcrypt php5-curl php5-mysql php5-gd php5-ldap" & pid=$!
progress
log "php5enmod mcrypt"
log "a2enmod rewrite"
fi
echo -ne "\n* Cloning Snipeit, extracting to $webdir/$name... ${spin[0]}"
log "git clone https://github.com/snipe/snipe-it $webdir/$name" & pid=$!
progress
vhenvfile
echo -e "* MySQL Phase next.\n"
service mysql status >/dev/null || service mysql start
/usr/bin/mysql_secure_installation
echo -e "* Creating MySQL Database and user.\n* Please Input your MySQL/MariaDB root password created in the previous step.: "
mysql -u root -p < $dbsetup
echo -e "\n* Securing Mysql\n* Installing and configuring composer"
cd $webdir/$name/
curl -sS https://getcomposer.org/installer | php
php composer.phar install --no-dev --prefer-source
perms
chown -R www-data:www-data "/var/www/$name"
service apache2 restart
php artisan key:generate
php artisan passport:install
;;
centos )
if [[ "$version" =~ ^6 ]]; then
##################################### Install for Centos/Redhat 6 ##############################################
webdir=/var/www/html
#Allow us to get the mysql engine
echo ""
echo "## Adding IUS, epel-release and mariaDB repositories.";
mariadbRepo=/etc/yum.repos.d/MariaDB.repo
touch "$mariadbRepo"
{
echo "[mariadb]"
echo "name = MariaDB"
echo "baseurl = http://yum.mariadb.org/10.0/centos6-amd64"
echo "gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB"
echo "gpgcheck=1"
echo "enable=1"
} >> "$mariadbRepo"
log "yum -y install wget epel-release"
log "wget -P "$tmp/" https://centos6.iuscommunity.org/ius-release.rpm"
log "rpm -Uvh "$tmp/ius-release*.rpm""
#Install PHP and other needed stuff
echo "## Installing PHP and other requirements.";
PACKAGES="httpd mariadb-server git unzip php71u php71u-mysqlnd php71u-bcmath php71u-cli php71u-common php71u-embedded php71u-gd php71u-mbstring php71u-mcrypt php71u-ldap php71u-json php71u-simplexml"
for p in $PACKAGES;do
if isinstalled "$p"; then
echo " ## $p already installed"
else
echo -n " ## Installing $p ... "
log "yum -y install $p"
echo "";
fi
done;
echo -e "\n## Cloning Snipe-IT from github to the web directory.";
log "git clone https://github.com/snipe/snipe-it $webdir/$name"
# Make mariaDB start on boot and restart the daemon
echo "## Starting the mariaDB server.";
chkconfig mysql on
/sbin/service mysql start
echo "## Securing mariaDB server.";
/usr/bin/mysql_secure_installation
echo "## Creating MySQL Database/User."
echo "## Please Input your MySQL/MariaDB root password: "
mysql -u root -p < $dbsetup
#Create the new virtual host in Apache and enable rewrite
echo "## Creating the new virtual host in Apache.";
apachefile=/etc/httpd/conf.d/$name.conf
{
echo ""
echo ""
echo ""
echo "<VirtualHost *:80>"
echo "ServerAdmin webmaster@localhost"
echo " <Directory $webdir/$name/public>"
echo " Allow From All"
echo " AllowOverride All"
echo " Options +Indexes"
echo " </Directory>"
echo " DocumentRoot $webdir/$name/public"
echo " ServerName $fqdn"
echo " ErrorLog /var/log/httpd/snipeIT.error.log"
echo " CustomLog /var/log/access.log combined"
echo "</VirtualHost>"
} >> "$apachefile"
echo "## Setting up hosts file.";
echo >> $hosts "127.0.0.1 $hostname $fqdn"
# Make apache start on boot and restart the daemon
echo "## Starting the apache server.";
chkconfig httpd on
/sbin/service httpd start
tzone=$(grep ZONE /etc/sysconfig/clock | tr -d '"' | sed 's/ZONE=//g');
echo "## Configuring .env file."
cp $webdir/$name/.env.example $webdir/$name/.env
sed -i '1 i\#Created By Snipe-it Installer' $webdir/$name/.env
sed -i 's,^\(APP_TIMEZONE=\).*,\1'$tzone',' $webdir/$name/.env
sed -i 's,^\(DB_HOST=\).*,\1'localhost',' $webdir/$name/.env
sed -i 's,^\(DB_DATABASE=\).*,\1'snipeit',' $webdir/$name/.env
sed -i 's,^\(DB_USERNAME=\).*,\1'snipeit',' $webdir/$name/.env
sed -i 's,^\(DB_PASSWORD=\).*,\1'$mysqluserpw',' $webdir/$name/.env
sed -i 's,^\(APP_URL=\).*,\1'http://$fqdn',' $webdir/$name/.env
sed -i 's,^\(APP_KEY=\).*,\1'$$random32',' $webdir/$name/.env
echo "## Configure composer"
cd $webdir/$name
curl -sS https://getcomposer.org/installer | php
php composer.phar install --no-dev --prefer-source
perms
chown -R apache:apache $webdir/$name
/sbin/service iptables status >/dev/null 2>&1
if [ $? = 0 ]; then
#Open http/https port
iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
#Save iptables
service iptables save
fi
service httpd restart
echo "## Generating the application key."
php artisan key:generate --force
echo "## Artisan Migrate."
php artisan migrate --force
elif [[ "$version" =~ ^7 ]]; then
##################################### Install for Centos/Redhat 7 ##############################################
webdir=/var/www/html
#Allow us to get the mysql engine
echo -e "\n## Adding IUS, epel-release and mariaDB repositories.";
log "yum -y install wget epel-release"
log "wget -P $tmp/ https://centos7.iuscommunity.org/ius-release.rpm"
log "rpm -Uvh $tmp/ius-release*.rpm"
#Install PHP and other requirements
echo "## Installing PHP and other requirements.";
PACKAGES="httpd mariadb-server git unzip php71u php71u-mysqlnd php71u-bcmath php71u-cli php71u-common php71u-embedded php71u-gd php71u-mbstring php71u-mcrypt php71u-ldap php71u-json php71u-simplexml"
for p in $PACKAGES;do
if isinstalled "$p"; then
echo " ## $p already installed"
else
echo -n " ## Installing $p ... "
log "yum -y install $p"
echo "";
fi
done;
echo -e "\n## Cloning Snipe-IT from github to the web directory.";
log "git clone https://github.com/snipe/snipe-it $webdir/$name"
# Make mariaDB start on boot and restart the daemon
echo "## Starting the mariaDB server.";
systemctl enable mariadb.service
systemctl start mariadb.service
echo "## Securing mariaDB server.";
echo "";
echo "";
/usr/bin/mysql_secure_installation
echo "## Creating MySQL Database/User."
echo "## Please Input your MySQL/MariaDB root password "
mysql -u root -p < "$dbsetup"
##TODO make sure the apachefile doesnt exist isnt already in there
#Create the new virtual host in Apache and enable rewrite
apachefile="/etc/httpd/conf.d/$name.conf"
{
echo "## Creating the new virtual host in Apache.";
echo ""
echo ""
echo "LoadModule rewrite_module modules/mod_rewrite.so"
echo ""
echo "<VirtualHost *:80>"
echo "ServerAdmin webmaster@localhost"
echo " <Directory $webdir/$name/public>"
echo " Allow From All"
echo " AllowOverride All"
echo " Options +Indexes"
echo " </Directory>"
echo " DocumentRoot $webdir/$name/public"
echo " ServerName $fqdn"
echo " ErrorLog /var/log/httpd/snipeIT.error.log"
echo " CustomLog /var/log/access.log combined"
echo "</VirtualHost>"
} >> "$apachefile"
##TODO make sure this isnt already in there
echo "## Setting up hosts file.";
echo >> $hosts "127.0.0.1 $hostname $fqdn"
echo "## Starting the apache server.";
# Make apache start on boot and restart the daemon
systemctl enable httpd.service
systemctl restart httpd.service
tzone=$(timedatectl | gawk -F'[: ]' ' $9 ~ /zone/ {print $11}');
echo "## Configuring .env file."
cp $webdir/$name/.env.example $webdir/$name/.env
sed -i '1 i\#Created By Snipe-it Installer' $webdir/$name/.env
sed -i 's,^\(APP_TIMEZONE=\).*,\1'$tzone',' $webdir/$name/.env
sed -i 's,^\(DB_HOST=\).*,\1'localhost',' $webdir/$name/.env
sed -i 's,^\(DB_DATABASE=\).*,\1'snipeit',' $webdir/$name/.env
sed -i 's,^\(DB_USERNAME=\).*,\1'snipeit',' $webdir/$name/.env
sed -i 's,^\(DB_PASSWORD=\).*,\1'$mysqluserpw',' $webdir/$name/.env
sed -i 's,^\(APP_URL=\).*,\1'http://$fqdn',' $webdir/$name/.env
sed -i 's,^\(APP_KEY=\).*,\1'$$random32',' $webdir/$name/.env
#Install / configure composer
cd $webdir/$name
curl -sS https://getcomposer.org/installer | php
php composer.phar install --no-dev --prefer-source
#Set permissions
perms
chown -R apache:apache $webdir/$name
#Check if SELinux is enforcing
if [ "$(getenforce)" == "Enforcing" ]; then
#Add SELinux and firewall exception/rules
#Required for ldap integration
setsebool -P httpd_can_connect_ldap on
#Sets SELinux context type so that scripts running in the web server process are allowed read/write access
chcon -R -h -t httpd_sys_script_rw_t $webdir/$name/
fi
systemctl restart httpd.service
echo "## Generating the application key."
php artisan key:generate --force
echo "## Artisan Migrate."
php artisan migrate --force
echo "## Creating scheduler cron."
(crontab -l ; echo "* * * * * /usr/bin/php $webdir/$name/artisan schedule:run >> /dev/null 2>&1") | crontab -
else
echo "Unable to Handle Centos Version #. Version Found: " $version
return 1
fi
esac
echo ""
echo " ***If you want mail capabilities, edit $webdir/$name/.env***"
echo ""
echo " ***Open http://$fqdn to login to Snipe-IT.***"
echo ""
echo ""
echo "* Cleaning up..."
rm -f snipeit.sh
rm -f install.sh
rm -rf ${tmp:?}
echo "* Finished!"
sleep 1