Difference between revisions of "Web App Packaging Notes"

From Amahi Wiki
Jump to: navigation, search
Line 375: Line 375:
 
  # Run ExecStartPre with root-permissions
 
  # Run ExecStartPre with root-permissions
 
  PermissionsStartOnly=true
 
  PermissionsStartOnly=true
  ExecStartPre=-/usr/bin/mkdir -p /var/run/dhis
+
  ExecStartPre=/usr/bin/mkdir -p /var/run/dhis
 
  ExecStartPre=/usr/bin/chown -R nobody:nobody /var/run/dhis/
 
  ExecStartPre=/usr/bin/chown -R nobody:nobody /var/run/dhis/
 
  # Run ExecStart with User=nobody / Group=nobody
 
  # Run ExecStart with User=nobody / Group=nobody

Revision as of 01:55, 31 March 2021

Database Restore

  • Install Script:
# Check for backup of old version database
if [ -f /var/hda/dbs/latest-appname.bz2 ]; then
   # Import old version database
   bzcat latest-app.bz2 |mysql -uapp -papp app
else
   # Insert new version database
   mysql -uappname -pappname appname < appname.sql;
fi
NOTE: -d = directory or -f = file
or
zcat app.sql.gz |mysql -u$HDA_DB_USERNAME -p$HDA_DB_PASSWORD $HDA_DB_DBNAME
or
mysql -u$HDA_DB_USERNAME -p$HDA_DB_PASSWORD $HDA_DB_DBNAME < app.sql;

Database Update to UTF8

echo "alter database appdb charset=utf8" | mysql -u$HDA_DB_USERNAME -p$HDA_DB_PASSWORD

Large Database Load

For restoring large SQL files, include the following lines at the beginning of the file. This will disable key checks that are not necessary when restoring a database dump, speeding up load time:

SET @@session.unique_checks = 0;
SET @@session.foreign_key_checks = 0;

or

mysql --max_allowed_packet=128M -u$HDA_DB_USERNAME -p$HDA_DB_PASSWORD $HDA_DB_DBNAME < app.sql;

Backup App Config on Uninstall

echo Backing up config to sharename share;
cp -r ../filename /var/hda/files/sharename/filename-$(date +%Y%m%d%H%M%S);
chown apache:users /var/hda/files/sharename/filename*;

App Start on Boot

  • Install Script:
/usr/bin/crontab -l > apache-crontab;
cat >> apache-crontab << 'EOF'
@reboot /var/hda/web-apps/appname/html/startup.sh
EOF
/usr/bin/crontab apache-crontab;
rm -rf apache-crontab;
  • Uninstall Script:
/usr/bin/crontab -l > apache-crontab;
sed -i '/appname/d' apache-crontab;
/usr/bin/crontab apache-crontab;
rm -rf apache-crontab;

Find and Rename .htaccess Files

find . -name .htaccess -exec mv {} {}.tmp \;

Service Functions

  • Check if service is active:
systemctl is-active service
  • Enable/Disable and start/stop service:
systemctl enable --now service
systemctl disable --now service
  • Reload system daemon
echo Reloading systemctl daemon;
systemctl daemon-reload;
  • Start/Stop/Restart app service
echo Starting appname service;
systemctl start appname.service;
echo Stopping appname service;
systemctl stop appname.service;
echo Restarting appname service;
systemctl restart appname.service;
  • Restart Service if 'active'
if [ `systemctl is-active appname.service` == "active" ]; then
echo Restarting appname.service...
systemctl restart appname.service
echo Done!
fi
  • Change service run level, start, and stop priority:
Edit the service, i.e. /etc/init.d/adito and change the parameters (Run level: 0-6, start priority: 1-99, and stop priority: 1-99).
# chkconfig: 2345 56 26
Execute the following command as root user:
/sbin/chkconfig adito resetpriorities

Custom Webapp Options

Edit /etc/httpd/conf.d/####-appname.conf file (where #### is a 4 digit number). The web server will require restart to affect the changes.

  • Change PHP Settings (add below ServerAlias):
Fedora 19-25 (PHP5)
<Files *.php>
values or flags
</Files>
Fedora 27 or greater (PHP7)
<IfModule mod_php7.c>
values or flags
</IfModule>
Values and Flags for use with above:
php_value memory_limit 256M
php_flag short_open_tag on
php_flag magic_quotes_gpc Off
php_flag magic_quotes_sybase Off
php_flag magic_quotes_runtime Off 
php_flag register_globals Off
php_flag session.auto_start Off
php_flag suhosin.session.encrypt Off
php_value output_buffering Off
php_value upload_max_filesize 20M
php_value post_max_size 100M
php_value max_execution_time 300
php_value zend.enable_gc off
php_value default_charset "UTF-8"
php_value iconv.input_encoding "UTF-8"
php_value iconv.internal_encoding "UTF-8"
php_value iconv.output_encoding "UTF-8"
php_value mbstring.internal_encoding UTF-8
php_value mbstring.http_output UTF-8
php_value mbstring.encoding_translation On
php_value mbstring.func_overload 6
  • Displays PHP Modules Installed
php -m
  • Apache mod_rewrite to allow use of .htaccess for Fedora 19/21/23/25/27 (replace similar lines above </Directory>):
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
  • Apache mod_rewrite to allow use of .htaccess for older versions of Amahi (replace similar lines above </Directory>):
Options Indexes FollowSymLinks +ExecCGI
AddHandler fcgid-script .fcg
AllowOverride FileInfo Limit Options Indexes
Order allow,deny
Allow from all
  • Redirect Webapp (add below ServerAlias):
ProxyPass / http://hda:10000/
ProxyPassReverse / http://hda:10000/
RedirectPermanent / http://hda:10000/
  • Redirect Webapp to SSL (add below ServerAlias):
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://%{HTTP_HOST}:10000 [R,L]

Custom .htaccess File

  • Use of .htaccess for Webmin (requires Apache mod-rewrite step above):
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://%{HTTP_HOST}:10000 [R,L]
  • Some Web-Applications/Frameworks come with a pre configured .htaccess file that is trying to set the AllowOverride Rule. This will result in the following error: .htaccess: AllowOverride not allowed here. Remove AllowOverride from the .htaccess file and add it to the Directory area in your web-app conf.d file that it looks somewhat like this:
<Directory "<your path">
 Options Indexes FollowSymLinks +ExecCGI
 AddHandler fcgid-script .fcg
 AllowOveride FileInfo Limit Options Indexes
 AllowOverride All
 Order allow,deny
 Allow from all
</Directory>

Special Instructions

  • User Log in:
The administrator login is:<br />
<blockquote>
<code>
Name:  admin<br />
Password:  admin<br />
<br />
</code>
</blockquote>
  • Reference to wiki:
<b>NOTE:</b> Refer to the <a href="https://wiki.amahi.org/index.php/appname" target="_">appname</a> Amahi wiki page for help in changing the default configuration settings.

Scripted Functions

  • Script Variables: environment variables built into the Amahi 7 or greater platform
  • Check if file exists:
[[ -f /etc/passwd ]] && echo "File exist" || echo "File does not exist"
  • Check if directory exists:
[ -d /var/log ] && echo "Directory exist" || echo "Directory does not exist"
  • Compare files:
[[ /etc/resolv.conf -ef /etc/resolv.conf ]] && echo "Same files" || echo "Different Files"
 [[ /etc/resolv.conf -ef /etc/passwd ]]</nowiki> && echo "Same files" || echo "Different Files"
  • Source file unarchives into unpack folder:
# Check for unpack folder
if [ -d unpack ]; then
  rm -rf html;
  mv unpack html;
fi
  • Create/Preserve Share
if [ -d /var/hda/files/sharename/ ]; then
  echo sharename share exists...files preserved!
else
  mkdir -p /var/hda/files/sharename
  chown -R $HDA_1ST_ADMIN:users /var/hda/files/sharename
  chmod -R 775 /var/hda/files/sharename
  echo sharename share created...permissions set!
fi
  • Remove Share
echo sharename share files preserved!
echo
echo To remove them, in terminal run:
echo ‘sudo rm -rf /var/hda/files/sharename’
  • Network Interface Name:
HDA_DEVICE=`nmcli d | grep 'ethernet' | awk '{print $1;}'`;

or

HDA_DEVICE=`ip route | awk '/^default/ { printf $5 }'`;

or

HDA_DEVICE=`ip addr show |grep -w inet |egrep -v '(127.0.0.1|tun|secondary)' |awk '{ print $7}'`
  • Fully Qualified Domain Name:
HSTNM=`hostname -f`
HST=`echo $HSTNM | awk -F'.' '{print $1}'`
GRP=`echo $HSTNM | awk -F'.' '{print $2}'`
DOM=`echo $HSTNM | awk -F'.' '{print $3}' | sed 's/\..*//'`
if [$DOM == '']; then
 DOMNM='amahi.net'
else
 DOMNM=$GRP'.'$DOM
fi
  • HDA Domain Name:
HDADOM=`cat /etc/resolv.conf | grep 'search' | awk '{ print $2 }'`;
or
HDADOM=$(echo "SELECT value FROM settings WHERE name='domain'" | mysql hda_production -uamahihda -pAmahiHDARulez -s)
  • HDA IP Address
HDAIP=$(/sbin/ip -o -4 addr list $HDA_DEVICE | awk '{print $4}' | cut -d/ -f1);
  • HDA Broadcast IP
HDA_BIP=`ip addr show |grep -w inet |egrep -v '(127.0.0.1|tun)' |awk '{ print $4}'`
  • HDA MAC Address
HDA_MAC=`ip addr show | grep -w ether | awk '{ print $2 }'`
  • HDA Netmask
HDA_NET=`ip addr show |grep -w inet |egrep -v '(127.0.0.1|tun)' |awk '{ print $2}'| cut -d "/" -f 2`
  • HDA Subnet
HDA_SUB=`netstat -r |egrep -v '(Kernel|Destination|default|10|docker0)' |awk '{ print $1}'`
  • First Admin User:
FUSER=`/var/hda/platform/html/script/first-admin` 
or
FUSER=$(echo "SELECT login FROM users WHERE admin=1 ORDER BY id ASC LIMIT 1" | mysql hda_production -uamahihda -pAmahiHDARulez -s)
  • Check OS Version:
FVER=`cat /etc/fedora-release | awk -F'release ' '{print $2}' | sed 's/(Laughlin)//'`;
if [ $FVER == '14' ]; then
...
fi
or
 FVER=`cat /etc/fedora-release | awk -F'release ' '{print $2}' | sed 's/(Verne)//'`;
 if [ $FVER == '16' ]; then
 ...
 fi
  • Install Fedora (RPM) package
if [ -f /etc/fedora-release ]; then
yum localinstall -y package.rpm --nogpgcheck
fi

Elevated Privileges (root)

  • Scripts can be run from /var/hda/web-apps/*/elevated, /var/hda/apps/*/elevated or /var/hda/elevated directories.
mkdir -p elevated;
cd elevated;
cat > my-elevated-script << 'EOF'
...commands which need elevated privileges...
EOF
chmod +x my-elevated-script;
sudo ./my-elevated-script;
cd ..;
rm -rf elevated;

SED One-Liners

  • Update application domain:
sed -i 's|http://app|http://app.'"$HDA_DOMAIN"'|' app.sql;
  • Remove blank lines from file:
sed -i '/^$/d' filename
  • Delete lines in file:
sed '/pattern/d' file
  • Add lines before pattern:
sed -i '/pattern/i \
line1 \
line2' file
  • Add lines after pattern:
sed -i '/pattern/a \
line1 \
line2​' file
  • Insert line based on text1 (Previous Line):
sed -i '/text1/ i\text2' /filename;
  • Insert text at line number 3:
sed '2 aappended line' filename;
  • Replace text with variable:
sed -i 's/text/'$VARIABLE'/' filename;

Web Stuff

  • Web Link Syntax:
<a href="http://www.google.com" target="_">Google</a>
  • Redirect to specific URL (change url= to desired path (i.e. http://appname/appdirectory):
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Your Page Title</title>
<meta http-equiv="REFRESH" content="0;url=http://www.the-domain-you-want-to-redirect-to.com"></HEAD>
<BODY>
Optional page text here.
</BODY>
</HTML>' > html/index.html
chown apache:users html/index.html
  • Redirect to specific PHP file (change app.php to desired file):
cat > html/index.php << 'EOF'
<?php include("app.php") ?>
EOF
  • Amahi Advanced User Warning
<p style="border:3px; border-style:solid; border-color:#FF0000; padding: 1em;"> <b>WARNING:</b> This  application is designed for advanced users and should be used with caution. Use could disrupt and alter your server functionality. This application is not endorsed or officially supported by Amahi.</p>
  • Wiki collapsible code
Select Item Collapse
This is a test.


Select ''Item Collapse''
<div class="mw-collapsible mw-collapsed" data-collapsetext="{{int:screenshot}}" style="width:400px">
This is a test.  
</div><br \>
  • Restrict <pre> Width
<pre style="white-space: pre-wrap; word-break: keep-all;">text</pre>

Miscellaneous

  • Extract files to path...preserving unchanged or newer files
tar -xzpf file -C path --keep-newer-files
  • Retrieve System Information
apaste --sysinfo
  • Replace string in files
find ./ -type f -exec sed -i 's/string1/string2/' {} \;
  • Suppress Console Output (to include errors):
command &> /dev/null 2>&1
  • Kill process:
kill $(ps -gaux | grep 'process name' | awk '{print $2}')
  • Patch Comment:
# FIXME - this needs to be hosted in dl.amahi.org prior to going live!
  • AmahiSync Web Link:
http://username.amahi.me/Public/filename
  • Google Drive Web Link:
wget "https://drive.google.com/uc?export=download&id={FILEID}" -O {FILENAME}
  • Patch Diff:
diff -r -N -b -u html.orig html > app-patch.diff
patch -s -p0 -E << 'EOF'
.... contents of app-patch.diff here ....
'EOF'
patch -p0 -E < app-patch.diff
  • Cat EOF:
with variables
cat > test << EOF
... text goes here ... 
EOF
without variables
cat > test << 'EOF'
... text goes here ...
'EOF'
  • Run as First Admin User:
su $FUSER -c command
  • Change ownership of symbolic link
chown -h username:users /var/hda/files/share

Netboot App Template

Platform Services Feature

The server list is a list of service descriptions:

  1. Only one service is allowed (i.e. sshd or ssh:sshd.pid).
  2. Once exactly one service is picked. It's the name of the service.
  3. Name is required, and it may be optionally followed by a PID file path
  4. With the following features:
    • If the file path doesn't start with / it's relative to /var/run/ (i.e. named:named/named.pid -> /var/run/named/named.pid)
    • If the PID file path starts with /, then it's used as is
    • If no PID file path specified, then the PID file is assume to be /var/run/<name>.pid
    • If it does not exist, otherwise the platform will do a pgrep <name>
    • If it returns something, it's assumed it will be valid PIDs for that service
  5. Not recommended as pgrep may pick up other processes running by a name containing <name>, e.g., ssh-agent.

systemd service template

See Handling /var/run with systemd for details.

[Service]
Type=forking
PrivateTmp=yes
User=nobody
Group=nobody
# Run ExecStartPre with root-permissions
PermissionsStartOnly=true
ExecStartPre=/usr/bin/mkdir -p /var/run/dhis
ExecStartPre=/usr/bin/chown -R nobody:nobody /var/run/dhis/
# Run ExecStart with User=nobody / Group=nobody
ExecStart=/usr/sbin/dhid -P /var/run/dhis/dhid.pid
PIDFile=/var/run/dhis/dhid.pid

Amahi Release Checklists