Vagrant Debian support (and experimental CentOS)

This changes the Vagrant setup to support multiple installations as multiple boxes. In addition to Ubuntu Vagrant can now be used to install on Debian as well as on CentOS. I took the chance to clean up the .deb install a bit and backported analyzer and celery to SysV proper so it runs there. Some of the distro specfics were moved to the install script from the python setup scripts to acheive this. For the CentOS support I added a rather involved OS prepare script. In the long term this will be added to the preparing-the-server docs we already have. I had to switch the default port to http-alt (8080). On CentOS 9080 is registered for ocsp and getting it to work for apache without hacking SELinux is hard. I think 8080 is the RFC way to go anyhow. If anyone want to override this it should be rather easy using the --web-port arg and by hacking Vagrantfile. The PyOpenSSL code has been refactored for all the distros that the Vagrantfile now supports. As far as my checks go, I tried this code with all the distros, uploaded a track and downloaded a unicode and a ssl podcast and was able to listen to them in each case. In the experimental CentOS case, the UI is not up to spec since services need to get scheduled through systemctl and the status overview (ie. on the /?config page) do not work properly. They need to be as follows: ``` sudo systemctl start airtime-playout sudo systemctl start airtime-liquidsoap sudo systemctl start airtime_analyzer.service sudo systemctl start airtime-celery.service ```
2017-03-08 12:39:59 +01:00 · 2017-03-08 12:39:59 +01:00 · c29285ae48
commit c29285ae48
parent c8b4d40eb2
19 changed files with 448 additions and 201 deletions
--- a/installer/vagrant/centos.sh
+++ b/installer/vagrant/centos.sh
@ -0,0 +1,154 @@
+#!/bin/bash
+
+# Additional Repos
+yum install -y epel-release
+
+# Nux Dextop
+yum install -y http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
+
+# We are after PUIAS Unsupported where we get celery from
+# the install needs forcing since springdale-core tries to replace centos-release
+curl -O http://springdale.math.ias.edu/data/puias/6/x86_64/os/Packages/springdale-unsupported-6-2.sdl6.10.noarch.rpm
+rpm -hiv --nodeps springdale-unsupported-6-2.sdl6.10.noarch.rpm 
+rm -f springdale-unsupported-6-2.sdl6.10.noarch.rpm 
+# we need to install the key manually since it is also part of springdale-core
+curl -O http://puias.princeton.edu/data/puias/6/x86_64/os/RPM-GPG-KEY-puias
+rpm --import RPM-GPG-KEY-puias 
+rm -f RPM-GPG-KEY-puias
+
+# RaBe Liquidsoap Distribution (RaBe LSD)
+curl -o /etc/yum.repos.d/home:radiorabe:liquidsoap.repo \
+    http://download.opensuse.org/repositories/home:/radiorabe:/liquidsoap/CentOS_7/home:radiorabe:liquidsoap.repo
+
+# RaBe Audio Packages for Enterprise Linux (RaBe APEL)
+curl -o /etc/yum.repos.d/home:radiorabe:audio.repo \
+    http://download.opensuse.org/repositories/home:/radiorabe:/audio/CentOS_7/home:radiorabe:audio.repo
+
+# Update all the things (just to be sure we are on latest)
+yum update -y
+
+# Database
+yum install -y postgresql-server patch
+
+postgresql-setup initdb
+
+patch -f /var/lib/pgsql/data/pg_hba.conf << EOD
+--- /var/lib/pgsql/data/pg_hba.conf.orig2016-09-01 20:45:11.364000000 -0400
+++ /var/lib/pgsql/data/pg_hba.conf2016-09-01 20:46:17.939000000 -0400
+@@ -78,10 +78,11 @@
+
+ # "local" is for Unix domain socket connections only
+ local   all             all                                     peer
+local   all             all                                     md5
+ # IPv4 local connections:
+-host    all             all             127.0.0.1/32            ident
+host    all             all             127.0.0.1/32            md5
+ # IPv6 local connections:
+-host    all             all             ::1/128                 ident
+host    all             all             ::1/128                 md5
+ # Allow replication connections from localhost, by a user with the
+ # replication privilege.
+ #local   replication     postgres                                peer
+EOD
+
+systemctl enable postgresql
+systemctl start postgresql
+# create database user airtime with password airtime
+useradd airtime
+echo "airtime:airtime" | chpasswd
+
+su -l postgres bash -c 'createuser airtime'
+su -l postgres bash -c 'createdb -O airtime airtime'
+
+echo "ALTER USER airtime WITH PASSWORD 'airtime';" | su -l postgres bash -c psql
+echo "GRANT ALL PRIVILEGES ON DATABASE airtime TO airtime;" | su -l postgres bash -c psql
+
+
+# RabbitMQ
+yum install -y rabbitmq-server
+
+systemctl enable rabbitmq-server
+systemctl start rabbitmq-server
+
+rabbitmqctl add_user airtime airtime
+rabbitmqctl add_vhost /airtime
+rabbitmqctl set_permissions -p /airtime airtime ".*" ".*" ".*"
+
+# LibreTime deps
+yum install -y \
+  git \
+  php \
+  php-xml \
+  php-pdo \
+  php-pgsql \
+  php-bcmath \
+  php-mbstring \
+  httpd \
+  liquidsoap \
+  silan \
+  icecast \
+  python-pip \
+  selinux-policy \
+  policycoreutils-python \
+  python-celery 
+
+# for pip ssl install
+yum install -y \
+  python-devel \
+  python-lxml \
+  openssl-devel
+
+
+
+# SELinux Setup
+setsebool -P httpd_can_network_connect 1
+setsebool -P httpd_can_network_connect_db 1
+setsebool -P httpd_execmem on # needed by liquidsoap to do stuff when called by php
+setsebool -P httpd_use_nfs 1 # to get nfs mounted /vagrant
+setsebool -P git_system_use_nfs 1 # same for git
+
+semanage port -a -t http_port_t -p tcp 9080 # default vagrant web port
+
+# Allow apache full access to /vagrant and /etc/airtime
+semanage fcontext -a -t httpd_sys_rw_content_t "/vagrant(/.*)?"
+semanage fcontext -a -t httpd_sys_rw_content_t "/etc/airtime(/.*)?"
+semanage fcontext -a -t httpd_sys_rw_content_t "/srv/airtime(/.*)?"
+
+restorecon -Rv /vagrant /etc/airtime /srv/airtime
+
+# Disable default apache page
+sed -i -e 's/^/#/' /etc/httpd/conf.d/welcome.conf
+
+# Quick and dirty systemd unit install (will be in package later)
+unit_dir="/etc/systemd/system"
+unit_src_dir="/vagrant/installer/systemd"
+cp -rp ${unit_src_dir}/*.service ${unit_dir}
+
+# Overrides to use apache user for now (final packaging will have dedicated users)
+for service in `ls ${unit_src_dir}/*.service`; do
+    unit_name=`basename ${service}`
+    if [ "$unit_name" = "airtime-celery.service" ]; then
+        continue
+    fi
+    sed -i \
+        -e 's/User=.*/User=apache/' \
+        -e 's/Group=.*/Group=apache/' \
+        ${unit_dir}/${unit_name}
+done
+
+
+# for good measure, lets reload em
+systemctl daemon-reload
+
+# celery will not run unless we install a specific version (https://github.com/pypa/setuptools/issues/942)
+# this will need to be figured out later on and will get overriden by the docs installer anyhow :(
+pip install setuptools==33.1.1
+pip freeze setuptools==33.1.1
+
+# the web will fail badly if this is not set, using my personal default just because
+echo 'date.timezone=Europe/Zurich' >> /etc/php.d/timezone.ini
+systemctl restart httpd
+
+# icecast needs to be available to everyone
+sed -i -e 's@<bind-address>127.0.0.1</bind-address>@<bind-address>0.0.0.0</bind-address>@' /etc/icecast.xml 
+systemctl enable --now icecast