Introduce Motech installation script (squashed commit), closes #156

basic/srv/portal/index.html

@@ -200,6 +200,15 @@
             </ul>
         </div>
 
+        <div class="c" id="motech">
+                <h2><a href="#"><img src="img/Motech.png" alt="Motech" title="Motech">Motech</a></h2>
+                <p>Integrace zdravotnických a komunikačních služeb.</p>
+                <ul>
+                    <li><strong>Login:</strong> <span class="login"></span></li>
+                    <li><strong>Heslo:</strong> <span class="password"></span></li>
+                </ul>
+            </div>
+
         <div class="c" id="diaspora">
             <h2><a href="#"><img src="img/Diaspora.png" alt="diaspora*" title="diaspora*">diaspora*</a></h2>
             <p>Autonomní sociání síť s možností propojení do cizích sociálních sítí.</p>

motech.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+
+SOURCE_DIR=$(realpath $(dirname "${0}"))/motech
+
+# Install dependencies
+apt-get -y --no-install-recommends install activemq openjdk-8-jre-headless
+
+# Download Tomcat 8.0
+wget http://mirror.dkm.cz/apache/tomcat/tomcat-8/v8.0.47/bin/apache-tomcat-8.0.47.tar.gz -O /tmp/apache-tomcat-8.tgz
+tar xf /tmp/apache-tomcat-8.tgz -C /srv
+mv /srv/apache-tomcat-8.0.47 /srv/motech
+rm -f /tmp/apache-tomcat-8.tgz
+
+# Download Motech
+wget 'http://nexus.motechproject.org/service/local/artifact/maven/redirect?r=releases&g=org.motechproject&a=motech-platform-server&v=RELEASE&e=war' -O /tmp/motech.war
+unzip /tmp/motech.war -d /srv/motech/webapps/motech
+rm -f /tmp/motech.war
+
+# Update Postgres JDBC driver
+rm -f /srv/motech/webapps/motech/WEB-INF/lib/postgresql-9.1-901.jdbc4.jar
+rm -f /srv/motech/webapps/motech/WEB-INF/bundles/postgresql-9.1-901.jdbc4.jar
+wget https://jdbc.postgresql.org/download/postgresql-42.1.4.jar -O /srv/motech/webapps/motech/WEB-INF/lib/postgresql-42.1.4.jar
+cp /srv/motech/webapps/motech/WEB-INF/lib/postgresql-42.1.4.jar /srv/motech/webapps/motech/WEB-INF/bundles/postgresql-42.1.4.jar
+
+# Create database
+export MOTECH_PWD=$(head -c 18 /dev/urandom | base64)
+envsubst <${SOURCE_DIR}/tmp/motech-createdb.sql >/tmp/motech-createdb.sql
+sudo -u postgres psql -f /tmp/motech-createdb.sql
+rm -f /tmp/motech-createdb.sql
+
+# Configure ActiveMQ
+cp ${SOURCE_DIR}/etc/activemq/instances-available/main/activemq.xml /etc/activemq/instances-available/main/activemq.xml
+ln -s /etc/activemq/instances-available/main /etc/activemq/instances-enabled/main
+systemctl restart activemq
+
+# Configure Motech bootstrap
+mkdir -p /srv/motech/.motech/config/org.motechproject.motech-platform-email
+envsubst <${SOURCE_DIR}/srv/motech/.motech/config/bootstrap.properties >/srv/motech/.motech/config/bootstrap.properties
+cp ${SOURCE_DIR}/srv/motech/.motech/config-locations.properties /srv/motech/.motech/config-locations.properties
+cp ${SOURCE_DIR}/srv/motech/.motech/config/motech-settings.properties /srv/motech/.motech/config/motech-settings.properties
+cp ${SOURCE_DIR}/srv/motech/.motech/config/org.motechproject.motech-platform-email/motech-email.properties /srv/motech/.motech/config/org.motechproject.motech-platform-email/motech-email.properties
+
+# Create Motech OS user
+adduser --system --group --home /srv/motech --shell /bin/false motech
+chown -R motech:motech /srv/motech/
+
+# Configure Tomcat
+cp ${SOURCE_DIR}/srv/motech/conf/server.xml /srv/motech/conf/server.xml
+cp ${SOURCE_DIR}/lib/systemd/system/motech.service /lib/systemd/system/motech.service
+systemctl daemon-reload
+systemctl enable motech
+systemctl start motech
+
+# Configure Motech admin
+export MOTECH_ADMIN_USER="admin"
+export MOTECH_ADMIN_EMAIL="admin@example.com"
+export MOTECH_ADMIN_PWD=$(head -c 12 /dev/urandom | base64)
+until $(curl -s http://127.0.0.1:9081/motech/module/server/startup/ | grep -q adminLogin); do
+    sleep 1
+done
+curl -H "Content-Type: application/json" -X POST -d "{\"adminLogin\":\"${MOTECH_ADMIN_USER}\",\"adminEmail\":\"${MOTECH_ADMIN_EMAIL}\",\"adminPassword\":\"${MOTECH_ADMIN_PWD}\",\"adminConfirmPassword\":\"${MOTECH_ADMIN_PWD}\",\"language\":\"cs\",\"providerName\":\"\",\"providerUrl\":\"\",\"schedulerUrl\":\"\"}" http://127.0.0.1:9081/motech/module/server/startup/
+
+# Create nginx site definition
+cp ${SOURCE_DIR}/etc/nginx/apps-available/motech /etc/nginx/apps-available/motech
+ln -s /etc/nginx/apps-available/motech /etc/nginx/apps-enabled/motech
+
+# Restart services
+systemctl restart nginx
+
+# Add portal application definition
+portal-app-manager motech "/motech/" "${MOTECH_ADMIN_USER}" "${MOTECH_ADMIN_PWD}"

motech/etc/activemq/instances-available/main/activemq.xml

@@ -0,0 +1,56 @@
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+   
+    http://www.apache.org/licenses/LICENSE-2.0
+   
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<beans
+  xmlns="http://www.springframework.org/schema/beans"
+  xmlns:amq="http://activemq.apache.org/schema/core"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+  http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
+
+    <!-- Allows us to use system properties as variables in this configuration file -->
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    
+    <broker xmlns="http://activemq.apache.org/schema/core"
+	    schedulerSupport="true"
+            useJmx="true"
+            brokerName="localhost"
+            dataDirectory="${activemq.base}/data">
+
+        <!-- 
+            Configure message persistence for the broker. The default persistence
+            mechanism is the KahaDB store (identified by the kahaDB tag). 
+            For more information, see: 
+            
+            http://activemq.apache.org/persistence.html 
+        -->
+        <persistenceAdapter>
+            <kahaDB directory="${activemq.base}/data/kahadb"/>
+        </persistenceAdapter>
+
+        <!-- 
+            The transport connectors expose ActiveMQ over a given protocol to
+            clients and other brokers. For more information, see: 
+            
+            http://activemq.apache.org/configuring-transports.html 
+        -->
+        <transportConnectors>
+            <transportConnector name="openwire" uri="tcp://127.0.0.1:61616"/>
+        </transportConnectors>
+
+    </broker>
+
+</beans>

motech/etc/nginx/apps-available/motech

@@ -0,0 +1,11 @@
+location /motech {
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_set_header X-Forwarded-Proto https;
+    proxy_set_header Host $http_host;
+    proxy_set_header Proxy "";
+    proxy_redirect off;
+    proxy_buffering off;
+    proxy_read_timeout 90;
+    proxy_connect_timeout 90;
+    proxy_pass http://127.0.0.1:9081/motech;
+}

motech/lib/systemd/system/motech.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Motech Tomcat 8.0
+After=network.target
+
+[Service]
+Type=forking
+ExecStart=/srv/motech/bin/startup.sh
+ExecStop=/srv/motech/bin/shutdown.sh
+User=motech
+
+[Install]
+WantedBy=multi-user.target

motech/srv/motech/.motech/config-locations.properties

@@ -0,0 +1 @@
+config.location = /srv/motech/.motech/config

motech/srv/motech/.motech/config/bootstrap.properties

@@ -0,0 +1,19 @@
+jms.cache.producers=false
+jms.queue.for.scheduler=QueueForScheduler
+sql.url=jdbc\:postgresql\://localhost\:5432/
+jms.maxConcurrentConsumers=10
+sql.user=motech
+jms.queue.for.events=QueueForEvents
+jms.password=
+jms.session.cache.size=10
+org.osgi.framework.storage=/srv/motech/.motech/felix-cache
+motech.message.redelivery.delay=1
+jms.username=
+config.source=FILE
+motech.dir=/srv/motech/.motech
+sql.password=${MOTECH_PWD}
+sql.driver=org.postgresql.Driver
+jms.concurrentConsumers=1
+jms.broker.url=tcp\://localhost\:61616
+motech.message.max.redelivery.count=3
+jms.topic.for.events=TopicForEvents

motech/srv/motech/.motech/config/motech-settings.properties

@@ -0,0 +1,2 @@
+system.language=en
+login.mode=repository

motech/srv/motech/.motech/config/org.motechproject.motech-platform-email/motech-email.properties

@@ -0,0 +1 @@
+mail.port=25

motech/srv/motech/conf/server.xml

@@ -0,0 +1,142 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="9006" shutdown="SHUTDOWN">
+  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+
+    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+    <!--
+    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+        maxThreads="150" minSpareThreads="4"/>
+    -->
+
+
+    <!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned. Documentation at :
+         Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+         Java AJP  Connector: /docs/config/ajp.html
+         APR (HTTP/AJP) Connector: /docs/apr.html
+         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+    -->
+    <Connector address="127.0.0.1" port="9081" protocol="HTTP/1.1"
+               connectionTimeout="20000"
+               redirectPort="8443" />
+    <!-- A "Connector" using the shared thread pool-->
+    <!--
+    <Connector executor="tomcatThreadPool"
+               port="8080" protocol="HTTP/1.1"
+               connectionTimeout="20000"
+               redirectPort="8443" />
+    -->
+    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
+         This connector uses the NIO implementation that requires the JSSE
+         style configuration. When using the APR/native implementation, the
+         OpenSSL style configuration is required as described in the APR/native
+         documentation -->
+    <!--
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+               clientAuth="false" sslProtocol="TLS" />
+    -->
+
+    <!-- Define an AJP 1.3 Connector on port 8009 -->
+    <!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->
+
+
+    <!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host).
+         Documentation at /docs/config/engine.html -->
+
+    <!-- You should set jvmRoute to support load-balancing via AJP ie :
+    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+    -->
+    <Engine name="Catalina" defaultHost="localhost">
+
+      <!--For clustering, please take a look at documentation at:
+          /docs/cluster-howto.html  (simple how to)
+          /docs/config/cluster.html (reference documentation) -->
+      <!--
+      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+      -->
+
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      <Host name="localhost"  appBase="webapps"
+            unpackWARs="true" autoDeploy="true">
+
+        <!-- SingleSignOn valve, share authentication between web applications
+             Documentation at: /docs/config/valve.html -->
+        <!--
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+        -->
+
+        <!-- Access log processes all example.
+             Documentation at: /docs/config/valve.html
+             Note: The pattern used is equivalent to using pattern="common" -->
+        <!-- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+               prefix="localhost_access_log" suffix=".txt"
+               pattern="%h %l %u %t &quot;%r&quot; %s %b" /> -->
+
+      </Host>
+    </Engine>
+  </Service>
+</Server>

motech/tmp/motech-createdb.sql

@@ -0,0 +1,16 @@
+CREATE ROLE motech NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${MOTECH_PWD}';
+CREATE DATABASE motech;
+REVOKE ALL ON DATABASE motech FROM public;
+ALTER DATABASE motech OWNER TO motech;
+
+CREATE DATABASE motechschema;
+REVOKE ALL ON DATABASE motechschema FROM public;
+ALTER DATABASE motechschema OWNER TO motech;
+
+CREATE DATABASE motechdata;
+REVOKE ALL ON DATABASE motechdata FROM public;
+ALTER DATABASE motechdata OWNER TO motech;
+
+CREATE DATABASE motechquartz;
+REVOKE ALL ON DATABASE motechquartz FROM public;
+ALTER DATABASE motechquartz OWNER TO motech;