#!/bin/bash
# Must have sudo permissions to run
# SETUP ------------------------------------------
# This script inherits the following variables from configure-git-fusion.sh
# If running this script by itself, set values for these required variables
# P4 variables:
P4PORT=ssl:localhost:1666
P4CHARSET=none
# Unix user for Git Fusion:
GFUSER=git
if [ "$P4PORT" == '' ]; then
echo 'P4PORT is undefined'
exit 1
fi
if [ "$P4CHARSET" == '' ]; then
echo 'P4CHARSET is undefined'
exit 1
fi
if [ "$GFUSER" == '' ]; then
echo 'GFUSER is undefined'
exit 1
fi
# ASSESS ENVIRONMENT -----------------------------
if [ -e /etc/apache2/sites-enabled/git-fusion-ssl ] || [ -e /etc/apache2/sites-enabled/git-fusion-ssl.conf ]; then
echo 'Apache is already configured for Helix Git Fusion.'
exit 0
fi
if [ -e '/etc/lsb-release' ]; then
UBUNTU_VERSION=$(cat /etc/lsb-release | grep DISTRIB_RELEASE | cut -d '=' -f 2 )
elif [ -e '/etc/os-release' ]; then
. /etc/os-release
UBUNTU_VERSION=$VERSION_ID
else
echo 'Could not determine your OS version. Aborting...'
exit 0
fi
# Get GFUSER_HOME
GFUSER_HOME=$(getent passwd $GFUSER | cut -d ':' -f 6)
if [ ! -e "$GFUSER_HOME/.bashrc" ]; then
echo "$GFUSER_HOME/.bashrc file is either not defined or does not exist."
exit 1
fi
# Git Fusion requires valid LANG and LC_ALL variables to be set in ~git/.bashrc
GFUSER_LANG=$(grep "^\s*export\s\+LANG" "$GFUSER_HOME/.bashrc" | egrep -i '[.](utf-8|utf8)$' | sed 's;^export LANG=;;')
GFUSER_LC_ALL=$(grep "^\s*export\s\+LC_ALL" "$GFUSER_HOME/.bashrc" | egrep -i '[.](utf-8|utf8)$' | sed 's;^export LC_ALL=;;')
if [ -z "$GFUSER_LANG" ] || [ -z "$GFUSER_LC_ALL" ]; then
echo "LANG or LC_ALL variables are not set in $GFUSER_HOME/.bashrc"
exit 1
fi
# Check that P4GF_ENV file is there
GFUSER_P4GF_ENV=$(grep "^\s*export\s\+P4GF_ENV" "$GFUSER_HOME/.bashrc" | sed 's;^export P4GF_ENV=;;')
# In case path is something like ~git/p4gf_environment.cfg, eval forces tilde interpretation
GFUSER_P4GF_ENV=$(eval "echo $GFUSER_P4GF_ENV")
if [ ! -e "$GFUSER_P4GF_ENV" ]; then
echo "P4GF_ENV file is either not defined or does not exist."
exit 1
fi
# Check if Apache is installed. If yes, quit
APACHE_PKG=$(dpkg -l 'apache2' 2>&1 | grep 'apache2' || true)
if [ -n "$APACHE_PKG" ]; then
STATUS=$(echo "$APACHE_PKG" | awk '{print $1}');
if [ "$STATUS" = 'ii' ]; then
MSG_PKG='Apache is already installed! Git Fusion cannot configure HTTPS authentication. You must uninstall Apache before proceeding.'
fi
fi
if [ -e '/etc/apache2' ]; then
MSG_DIR='The Apache configuration directory /etc/apache2 already exists. This directory must be removed before proceeding.'
fi
if [ "$MSG_PKG" ] || [ "$MSG_DIR" ]; then
if [ "$MSG_PKG" ]; then
echo "$MSG_PKG"
fi
if [ "$MSG_DIR" ]; then
echo "$MSG_DIR"
fi
exit 0
else
echo 'This script will now configure HTTPS authentication for Helix Git Fusion using Apache.
It will download and install Apache 2 and the modules "ssl" and "mod_authnz_external". If you have existing Apache configuration, it may be overwritten.
It is not recommended that you use this Apache server for any other purpose than for use with Helix Git Fusion.'
fi
# CONFIG -----------------------------------------
# Install Apache and modules
apt-get install -y apache2 libapache2-mod-authnz-external curl
ret=$?
APACHE_PKG=$(dpkg -l 'apache2' 2>&1 | grep 'apache2' || true)
if [ -n "$APACHE_PKG" ]; then
STATUS=$(echo "$APACHE_PKG" | awk '{print $1}');
if [ "$STATUS" = 'ii' ] && [ $ret -eq 0 ]; then
echo 'Apache was installed successfully'
else
echo 'Apache or one of its components could not be installed!'
exit 1
fi
fi
# Enable required modules
a2enmod authnz_external ssl cgi > /dev/null
if [ $? -ne 0 ]; then
echo 'Required Apache modules could not be enabled!'
exit 1
else
echo 'Enabled the required Apache modules'
fi
if ! grep -q 'ServerName GF' /etc/apache2/apache2.conf; then
echo 'ServerName GF' >> /etc/apache2/apache2.conf
fi
service apache2 stop > /dev/null
# Create the VirtualHost from the template delivered with Helix Git Fusion
if [ "$UBUNTU_VERSION" == '14.04' ]; then
APACHE_CONFIG_FILE="/etc/apache2/sites-available/git-fusion-ssl.conf"
else
APACHE_CONFIG_FILE="/etc/apache2/sites-available/git-fusion-ssl"
fi
cp /opt/perforce/git-fusion/libexec/ubuntu-git-fusion-ssl.conf.template "$APACHE_CONFIG_FILE"
sed -i "s|HOME /opt/perforce/git-fusion/home/perforce-git-fusion|HOME $GFUSER_HOME|" "$APACHE_CONFIG_FILE"
sed -i "s|LANG en_US.UTF-8|LANG $GFUSER_LANG|" "$APACHE_CONFIG_FILE"
sed -i "s|LC_ALL en_US.UTF-8|LC_ALL $GFUSER_LC_ALL|" "$APACHE_CONFIG_FILE"
sed -i "s|P4GF_ENV /opt/perforce/git-fusion/home/perforce-git-fusion/p4gf_environment.cfg|P4GF_ENV $GFUSER_P4GF_ENV|" "$APACHE_CONFIG_FILE"
sed -i "s|ssl:myperforceserver:port p4charset|$P4PORT $P4CHARSET|" "$APACHE_CONFIG_FILE"
if [ -e "$APACHE_CONFIG_FILE" ]; then
echo 'Apache site configuration for Helix Git Fusion has been created'
else
echo 'Could not create Apache site configuration for Helix Git Fusion!'
exit 1
fi
# Disable default apache site, enable the Helix Git Fusion VirtualHost
if [ "$UBUNTU_VERSION" == '14.04' ]; then
a2dissite 000-default > /dev/null 2>&1 && a2ensite git-fusion-ssl > /dev/null 2>&1
else
a2dissite default > /dev/null 2>&1 && a2ensite git-fusion-ssl > /dev/null 2>&1
fi
if [ $? -ne 0 ]; then
echo 'Could not enable Apache VirtualHost for Helix Git Fusion!'
exit 1
else
echo 'Enabled Apache VirtualHost for Helix Git Fusion'
fi
# Configure Apache to find Git Fusion tools and to run as git:perforce
cat >> /etc/apache2/envvars <<TEXT
# Find tools needed by Git Fusion, such as Python3 and Git
export PATH=/opt/perforce/git-fusion/bin:\$PATH
TEXT
env_vars_ret_1=$?
GFUSER_GROUP=$(groups "$GFUSER" | cut -d ':' -f 2 | awk '{ print $1 }')
sed -i "s|APACHE_RUN_USER=www-data|APACHE_RUN_USER=$GFUSER|" /etc/apache2/envvars
env_vars_ret_2=$?
sed -i "s|APACHE_RUN_GROUP=www-data|APACHE_RUN_GROUP=$GFUSER_GROUP|" /etc/apache2/envvars
env_vars_ret_3=$?
if [[ $env_vars_ret_1 -ne 0 || $env_vars_ret_2 -ne 0 || $env_vars_ret_3 -ne 0 ]]; then
echo 'Errors while updating Apache environment configuration!'
exit 1
else
echo 'Apache environment configuration updated'
fi
# If P4D is ssl-enabled, trust it
P4SSL='^ssl'
P4HOST=(${P4PORT//:/ })
if [[ ${P4HOST[0]} =~ $P4SSL ]] ; then
echo "Trusting P4 server as user $GFUSER"
su - "$GFUSER" -c "p4 -p $P4PORT trust -yf" 2>&1
if [ $? -ne 0 ]; then
echo "Unable to trust the server $P4PORT as user $GFUSER"
exit 1
fi
fi
# Create authentication script from template
cp /opt/perforce/git-fusion/libexec/p4auth.sh.template /opt/perforce/git-fusion/libexec/p4auth.sh
sed -i "s|export P4TRUST=/opt/perforce/git-fusion/home/perforce-git-fusion/.p4trust|export P4TRUST=$GFUSER_HOME/.p4trust|" /opt/perforce/git-fusion/libexec/p4auth.sh
if [ -e /opt/perforce/git-fusion/libexec/p4auth.sh ]; then
echo 'Created Helix Git Fusion authentication script'
else
echo 'Helix Git Fusion authentication script could not be created!'
exit 1
fi
# Remove Apache lock if it exists
rm -rf /var/lock/apache2
# Generate self-signed certs
openssl req -x509 -subj '/C=US/ST=CA/L=Alameda/O=Perforce/OU=gconn/CN=gconn/E=git-fusion@perforce.com' -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo 'Errors while creating self-signed certificates!'
exit 1
else
echo 'Self-signed certificates have been created'
fi
service apache2 start > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo 'Apache could not start correctly!'
exit 1
else
echo 'Apache started successfully'
fi
cat << __SUCCESS_MESSAGE__
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::
:: Apache has been successfully configured for Helix Git Fusion.
::
:: Make sure that Git Fusion submit triggers are installed on your
:: Helix Server and verify your configuration by running the following
:: command, where P4PASSWD is the password for the super user $P4USER:
::
:: $ curl -k --user $P4USER:P4PASSWD https://localhost/@info
::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
__SUCCESS_MESSAGE__