293 lines
8.2 KiB
Bash
293 lines
8.2 KiB
Bash
#!/bin/bash
|
|
#
|
|
# MyFSIO Installation Script
|
|
# This script sets up MyFSIO for production use on Linux systems.
|
|
#
|
|
# Usage:
|
|
# curl -fsSL https://example.com/install.sh | bash
|
|
# OR
|
|
# ./install.sh [OPTIONS]
|
|
#
|
|
# Options:
|
|
# --install-dir DIR Installation directory (default: /opt/myfsio)
|
|
# --data-dir DIR Data directory (default: /var/lib/myfsio)
|
|
# --log-dir DIR Log directory (default: /var/log/myfsio)
|
|
# --user USER System user to run as (default: myfsio)
|
|
# --port PORT API port (default: 5000)
|
|
# --ui-port PORT UI port (default: 5100)
|
|
# --api-url URL Public API URL (for presigned URLs behind proxy)
|
|
# --no-systemd Skip systemd service creation
|
|
# --binary PATH Path to myfsio binary (will download if not provided)
|
|
# -y, --yes Skip confirmation prompts
|
|
#
|
|
|
|
set -e
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m' # No Color
|
|
|
|
# Default values
|
|
INSTALL_DIR="/opt/myfsio"
|
|
DATA_DIR="/var/lib/myfsio"
|
|
LOG_DIR="/var/log/myfsio"
|
|
SERVICE_USER="myfsio"
|
|
API_PORT="5000"
|
|
UI_PORT="5100"
|
|
API_URL=""
|
|
SKIP_SYSTEMD=false
|
|
BINARY_PATH=""
|
|
AUTO_YES=false
|
|
|
|
# Parse arguments
|
|
while [[ $# -gt 0 ]]; do
|
|
case $1 in
|
|
--install-dir)
|
|
INSTALL_DIR="$2"
|
|
shift 2
|
|
;;
|
|
--data-dir)
|
|
DATA_DIR="$2"
|
|
shift 2
|
|
;;
|
|
--log-dir)
|
|
LOG_DIR="$2"
|
|
shift 2
|
|
;;
|
|
--user)
|
|
SERVICE_USER="$2"
|
|
shift 2
|
|
;;
|
|
--port)
|
|
API_PORT="$2"
|
|
shift 2
|
|
;;
|
|
--ui-port)
|
|
UI_PORT="$2"
|
|
shift 2
|
|
;;
|
|
--api-url)
|
|
API_URL="$2"
|
|
shift 2
|
|
;;
|
|
--no-systemd)
|
|
SKIP_SYSTEMD=true
|
|
shift
|
|
;;
|
|
--binary)
|
|
BINARY_PATH="$2"
|
|
shift 2
|
|
;;
|
|
-y|--yes)
|
|
AUTO_YES=true
|
|
shift
|
|
;;
|
|
-h|--help)
|
|
head -30 "$0" | tail -25
|
|
exit 0
|
|
;;
|
|
*)
|
|
echo -e "${RED}Unknown option: $1${NC}"
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
echo -e "${BLUE}"
|
|
echo "╔══════════════════════════════════════════════════════════╗"
|
|
echo "║ MyFSIO Installation ║"
|
|
echo "║ S3-Compatible Object Storage ║"
|
|
echo "╚══════════════════════════════════════════════════════════╝"
|
|
echo -e "${NC}"
|
|
|
|
# Check if running as root
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo -e "${RED}Error: This script must be run as root (use sudo)${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
# Display configuration
|
|
echo -e "${YELLOW}Installation Configuration:${NC}"
|
|
echo " Install directory: $INSTALL_DIR"
|
|
echo " Data directory: $DATA_DIR"
|
|
echo " Log directory: $LOG_DIR"
|
|
echo " Service user: $SERVICE_USER"
|
|
echo " API port: $API_PORT"
|
|
echo " UI port: $UI_PORT"
|
|
if [[ -n "$API_URL" ]]; then
|
|
echo " Public API URL: $API_URL"
|
|
fi
|
|
if [[ -n "$BINARY_PATH" ]]; then
|
|
echo " Binary path: $BINARY_PATH"
|
|
fi
|
|
echo ""
|
|
|
|
# Confirm installation
|
|
if [[ "$AUTO_YES" != true ]]; then
|
|
read -p "Proceed with installation? [y/N] " -n 1 -r
|
|
echo
|
|
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
|
echo "Installation cancelled."
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
echo ""
|
|
echo -e "${GREEN}[1/7]${NC} Creating system user..."
|
|
if id "$SERVICE_USER" &>/dev/null; then
|
|
echo " User '$SERVICE_USER' already exists"
|
|
else
|
|
useradd --system --no-create-home --shell /usr/sbin/nologin "$SERVICE_USER"
|
|
echo " Created user '$SERVICE_USER'"
|
|
fi
|
|
|
|
echo -e "${GREEN}[2/7]${NC} Creating directories..."
|
|
mkdir -p "$INSTALL_DIR"
|
|
mkdir -p "$DATA_DIR"
|
|
mkdir -p "$LOG_DIR"
|
|
echo " Created $INSTALL_DIR"
|
|
echo " Created $DATA_DIR"
|
|
echo " Created $LOG_DIR"
|
|
|
|
echo -e "${GREEN}[3/7]${NC} Installing binary..."
|
|
if [[ -n "$BINARY_PATH" ]]; then
|
|
if [[ -f "$BINARY_PATH" ]]; then
|
|
cp "$BINARY_PATH" "$INSTALL_DIR/myfsio"
|
|
echo " Copied binary from $BINARY_PATH"
|
|
else
|
|
echo -e "${RED}Error: Binary not found at $BINARY_PATH${NC}"
|
|
exit 1
|
|
fi
|
|
elif [[ -f "./myfsio" ]]; then
|
|
cp "./myfsio" "$INSTALL_DIR/myfsio"
|
|
echo " Copied binary from ./myfsio"
|
|
else
|
|
echo -e "${RED}Error: No binary provided. Use --binary PATH or place 'myfsio' in current directory${NC}"
|
|
exit 1
|
|
fi
|
|
chmod +x "$INSTALL_DIR/myfsio"
|
|
|
|
echo -e "${GREEN}[4/7]${NC} Generating secret key..."
|
|
SECRET_KEY=$(openssl rand -base64 32)
|
|
echo " Generated secure SECRET_KEY"
|
|
|
|
echo -e "${GREEN}[5/7]${NC} Creating environment file..."
|
|
cat > "$INSTALL_DIR/myfsio.env" << EOF
|
|
# MyFSIO Configuration
|
|
# Generated by install.sh on $(date)
|
|
|
|
# Storage paths
|
|
STORAGE_ROOT=$DATA_DIR
|
|
LOG_DIR=$LOG_DIR
|
|
|
|
# Network
|
|
APP_HOST=0.0.0.0
|
|
APP_PORT=$API_PORT
|
|
|
|
# Security - CHANGE IN PRODUCTION
|
|
SECRET_KEY=$SECRET_KEY
|
|
CORS_ORIGINS=*
|
|
|
|
# Public URL (set this if behind a reverse proxy)
|
|
$(if [[ -n "$API_URL" ]]; then echo "API_BASE_URL=$API_URL"; else echo "# API_BASE_URL=https://s3.example.com"; fi)
|
|
|
|
# Logging
|
|
LOG_LEVEL=INFO
|
|
LOG_TO_FILE=true
|
|
|
|
# Rate limiting
|
|
RATE_LIMIT_DEFAULT=200 per minute
|
|
|
|
# Optional: Encryption (uncomment to enable)
|
|
# ENCRYPTION_ENABLED=true
|
|
# KMS_ENABLED=true
|
|
EOF
|
|
chmod 600 "$INSTALL_DIR/myfsio.env"
|
|
echo " Created $INSTALL_DIR/myfsio.env"
|
|
|
|
echo -e "${GREEN}[6/7]${NC} Setting permissions..."
|
|
chown -R "$SERVICE_USER:$SERVICE_USER" "$INSTALL_DIR"
|
|
chown -R "$SERVICE_USER:$SERVICE_USER" "$DATA_DIR"
|
|
chown -R "$SERVICE_USER:$SERVICE_USER" "$LOG_DIR"
|
|
echo " Set ownership to $SERVICE_USER"
|
|
|
|
if [[ "$SKIP_SYSTEMD" != true ]]; then
|
|
echo -e "${GREEN}[7/7]${NC} Creating systemd service..."
|
|
cat > /etc/systemd/system/myfsio.service << EOF
|
|
[Unit]
|
|
Description=MyFSIO S3-Compatible Storage
|
|
Documentation=https://github.com/yourusername/myfsio
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=$SERVICE_USER
|
|
Group=$SERVICE_USER
|
|
WorkingDirectory=$INSTALL_DIR
|
|
EnvironmentFile=$INSTALL_DIR/myfsio.env
|
|
ExecStart=$INSTALL_DIR/myfsio
|
|
Restart=on-failure
|
|
RestartSec=5
|
|
|
|
# Security hardening
|
|
NoNewPrivileges=true
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
ReadWritePaths=$DATA_DIR $LOG_DIR
|
|
PrivateTmp=true
|
|
|
|
# Resource limits (adjust as needed)
|
|
# LimitNOFILE=65535
|
|
# MemoryMax=2G
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
echo " Created /etc/systemd/system/myfsio.service"
|
|
else
|
|
echo -e "${GREEN}[7/7]${NC} Skipping systemd service (--no-systemd)"
|
|
fi
|
|
|
|
echo ""
|
|
echo -e "${GREEN}╔══════════════════════════════════════════════════════════╗${NC}"
|
|
echo -e "${GREEN}║ Installation Complete! ║${NC}"
|
|
echo -e "${GREEN}╚══════════════════════════════════════════════════════════╝${NC}"
|
|
echo ""
|
|
echo -e "${YELLOW}Next steps:${NC}"
|
|
echo ""
|
|
echo " 1. Review configuration:"
|
|
echo " ${BLUE}cat $INSTALL_DIR/myfsio.env${NC}"
|
|
echo ""
|
|
echo " 2. Start the service:"
|
|
echo " ${BLUE}sudo systemctl start myfsio${NC}"
|
|
echo ""
|
|
echo " 3. Enable on boot:"
|
|
echo " ${BLUE}sudo systemctl enable myfsio${NC}"
|
|
echo ""
|
|
echo " 4. Check status:"
|
|
echo " ${BLUE}sudo systemctl status myfsio${NC}"
|
|
echo ""
|
|
echo " 5. View logs:"
|
|
echo " ${BLUE}sudo journalctl -u myfsio -f${NC}"
|
|
echo " ${BLUE}tail -f $LOG_DIR/app.log${NC}"
|
|
echo ""
|
|
echo -e "${YELLOW}Access:${NC}"
|
|
echo " API: http://$(hostname -I | awk '{print $1}'):$API_PORT"
|
|
echo " UI: http://$(hostname -I | awk '{print $1}'):$UI_PORT/ui"
|
|
echo ""
|
|
echo -e "${YELLOW}Default credentials:${NC}"
|
|
echo " Username: localadmin"
|
|
echo " Password: localadmin"
|
|
echo -e " ${RED}⚠ Change these immediately after first login!${NC}"
|
|
echo ""
|
|
echo -e "${YELLOW}Configuration files:${NC}"
|
|
echo " Environment: $INSTALL_DIR/myfsio.env"
|
|
echo " IAM Users: $DATA_DIR/.myfsio.sys/config/iam.json"
|
|
echo " Bucket Policies: $DATA_DIR/.myfsio.sys/config/bucket_policies.json"
|
|
echo ""
|