separate apache and cron installation, database initialization

install/apache/00_ctsms_http.conf

@@ -0,0 +1,11 @@
+<VirtualHost *:80>
+    ServerName localhost:80
+
+    RewriteEngine On
+    RewriteCond %{HTTPS} off
+    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+
+    HostnameLookups Off
+    UseCanonicalName Off
+    ServerSignature On
+</VirtualHost>

install/apache/00_ctsms_https.conf

@@ -0,0 +1,76 @@
+#<IfDefine SSL>
+#<IfDefine !NOSSL>
+<VirtualHost *:443>
+    ServerName localhost:443
+
+    TransferLog /var/log/apache2/access.log
+    ErrorLog /var/log/apache2/error.log
+
+    Include /etc/apache2/blocklist.conf
+
+    #Alias /documents /ctsms/documents/
+    #<Directory "/ctsms/documents">
+    #Options Indexes Multiviews
+    #AllowOverride None
+    #Require all granted
+    #</Directory>
+
+    Alias /signup/css /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/css
+    Alias /signup/fonts /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/fonts
+    Alias /signup/images /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/images
+    Alias /signup/js /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/js
+    Alias /signup/themes /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/themes
+    ScriptAliasMatch ^/signup(.*) /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public/dispatch.fcgi$1
+
+    #DocumentRoot /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public
+    <Directory "/ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/public">
+        AllowOverride None
+        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+        #Order allow,deny
+        #Allow from all
+        Require all granted
+        AddHandler fcgid-script .fcgi
+    </Directory>
+
+    SetEnvIf Request_URI "/static/*" no-jk
+    SetEnvIf Request_URI "/signup/*" no-jk
+    Alias /resources /var/lib/tomcat9/webapps/ROOT/resources
+    <Directory "/var/lib/tomcat9/webapps/ROOT/resources">
+        #Options FollowSymLinks
+        #allow from all
+        AllowOverride None
+        Require all granted
+    </Directory>
+    Alias / /var/lib/tomcat9/webapps/ROOT/
+    <Directory "/var/lib/tomcat9/webapps/ROOT">
+        #Options FollowSymLinks
+        #allow from all
+        AllowOverride None
+        Require all granted
+    </Directory>
+
+    <Location "/WEB-INF/">
+        #AllowOverride None
+        deny from all
+    </Location>
+
+    DocumentRoot /var/lib/tomcat9/webapps/ROOT
+    JkMount /*.jsf ajp13
+    JkMount /rest/* ajp13
+    JkMount /inputfieldimage ajp13
+    JkMount /file ajp13
+    JkMount /beacon/* ajp13
+    JkMount /unsubscribe/* ajp13
+
+    SSLEngine on
+
+    #SSLProtocol -ALL +SSLv3 +TLSv1
+    #SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT
+
+    SSLCertificateFile /etc/apache2/ssl/apache.crt
+    SSLCertificateKeyFile /etc/apache2/ssl/apache.key
+    #SSLCertificateChainFile /etc/apache2/ssl.crt/ComodoIntermediateCertificates.crt
+
+</VirtualHost>                                  
+#</IfDefine>
+#</IfDefine>

install/apache/ports.conf

@@ -0,0 +1,23 @@
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+#NameVirtualHost 192.168.0.75:80
+Listen 80
+#Listen 81
+
+#NameVirtualHost 192.168.0.75:443
+#Listen 443
+#Listen 444
+
+<IfModule ssl_module>
+	Listen 443
+	#Listen 444
+</IfModule>
+
+<IfModule mod_gnutls.c>
+	Listen 443
+	#Listen 444
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

install/cron/ctsms

@@ -0,0 +1,33 @@
+#SHELL=/bin/bash
+#PATH=/sbin:/bin:/usr/sbin:/usr/bin
+#MAILTO=
+#HOME=/
+
+# For details see man 4 crontabs
+
+# Example of job definition:
+# .---------------- minute (0 - 59)
+# |  .------------- hour (0 - 23)
+# |  |  .---------- day of month (1 - 31)
+# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
+# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
+# |  |  |  |  |
+# *  *  *  *  * user-name command to be executed
+
+#prepare daily notifications:
+00 05 * * * ctsms nice /ctsms/dbtool.sh -pn >> /ctsms/dbtool.log 2>&1
+
+#send notifications via email:
+*/5 06-21 * * * ctsms nice /ctsms/dbtool.sh -sn -l 10 >> /ctsms/dbtool.log 2>&1
+
+#proband auto-delete job:
+#45 23 * * * ctsms nice /ctsms/dbtool.sh -rp -f >> /ctsms/dbtool.log 2>&1
+
+#render stats:
+55 * * * * ctsms nice perl /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/Render/process.pl --task=create_journal_heatmap --task=create_logon_heatmap --task=cleanup_all -f
+
+#delete documents no longer in db
+#00 23 * * sun ctsms nice /ctsms/dbtool.sh -dm -f >> /ctsms/dbtool.log 2>&1
+15 23 * * sun ctsms nice /ctsms/dbtool.sh -do -f >> /ctsms/dbtool.log 2>&1
+
+#empty line at end:

install/cron/my_department

@@ -0,0 +1,35 @@
+#SHELL=/bin/bash
+#PATH=/sbin:/bin:/usr/sbin:/usr/bin
+#MAILTO=
+#HOME=/
+
+# For details see man 4 crontabs
+
+# Example of job definition:
+# .---------------- minute (0 - 59)
+# |  .------------- hour (0 - 23)
+# |  |  .---------- day of month (1 - 31)
+# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
+# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
+# |  |  |  |  |
+# *  *  *  *  * user-name command to be executed
+
+#send mass mails:
+*/5 06-21 * * * ctsms nice /ctsms/dbtool.sh -smm -u cron -p 12345 -l 10 >> /ctsms/dbtool.log 2>&1
+
+#run daily jobs:
+20 0 * * * ctsms nice /ctsms/dbtool.sh -rdj -u cron -p 12345 >> /ctsms/dbtool.log 2>&1
+
+#run weekly jobs:
+21 0 * * sat ctsms nice /ctsms/dbtool.sh -rwj -u cron -p 12345 >> /ctsms/dbtool.log 2>&1
+
+#run monthly jobs:
+22 0 1 * * ctsms nice /ctsms/dbtool.sh -rmj -u cron -p 12345 >> /ctsms/dbtool.log 2>&1
+
+#indentify duplicate subjects:
+45 23 * * sun ctsms nice perl /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/ETL/Duplicates/process.pl --task=cleanup_all --task=import_proband --task=create_duplicate --task=update_proband --task=cleanup_all --force
+
+#perform all pending delete operations:
+00 23 * * sun ctsms nice /ctsms/dbtool.sh -pda -u cron -p 12345 -f >> /ctsms/dbtool.log 2>&1
+
+#empty line at end:

install/init_database.sh

@@ -0,0 +1,55 @@
+sudo -u ctsms /ctsms/dbtool.sh -i -f
+sudo -u ctsms /ctsms/dbtool.sh -icp /ctsms/master_data/criterion_property_definitions.csv
+sudo -u ctsms /ctsms/dbtool.sh -ipd /ctsms/master_data/permission_definitions.csv
+sudo -u ctsms /ctsms/dbtool.sh -imi /ctsms/master_data/mime.types -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -ims /ctsms/master_data/mime.types -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -imc /ctsms/master_data/mime.types -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -imt /ctsms/master_data/mime.types -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -imp /ctsms/master_data/mime.types -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -immm /ctsms/master_data/mime.types -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -imifi /ctsms/master_data/mime.types -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -imsi /ctsms/master_data/mime.types -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -impi /ctsms/master_data/mime.types -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -imjf /ctsms/master_data/mime.types -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -imcc /ctsms/master_data/mime.types -e ISO-8859-1
+
+sudo -u ctsms /ctsms/dbtool.sh -it /ctsms/master_data/titles.csv -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -ib /ctsms/master_data/kiverzeichnis_gesamt_de_1347893202433.csv -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -ic /ctsms/master_data/countries.txt -e ISO-8859-1
+sudo -u ctsms /ctsms/dbtool.sh -iz /ctsms/master_data/streetnames.csv -e utf-8
+sudo -u ctsms /ctsms/dbtool.sh -is /ctsms/master_data/streetnames.csv -e utf-8
+
+sudo -u ctsms /ctsms/dbtool.sh -iis /ctsms/master_data/icd10gm2012syst_claml_20110923.xml -sl de
+sudo -u ctsms /ctsms/dbtool.sh -iai /ctsms/master_data/icd10gm2012_alphaid_edv_ascii_20110930.txt -e ISO-8859-1 -isr icd10gm2012syst_claml_20110923
+sudo -u ctsms /ctsms/dbtool.sh -ios /ctsms/master_data/ops2012syst_claml_20111103.xml -sl de
+sudo -u ctsms /ctsms/dbtool.sh -ioc /ctsms/master_data/ops2011alpha_edv_ascii_20111031.txt -osr ops2012syst_claml_20111103
+sudo -u ctsms /ctsms/dbtool.sh -ia /ctsms/master_data/asp_register_20181005.xls
+
+DEPARTMENT_PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)
+USER_PASSWORD=$(cat /dev/urandom | tr -dc 'a-z' | fold -w 3 | head -n 1)
+sudo -u ctsms /ctsms/dbtool.sh -cd -dlk my_department -dp "$DEPARTMENT_PASSWORD"
+sudo -u ctsms /ctsms/dbtool.sh -cu -dlk my_department -dp "$DEPARTMENT_PASSWORD" -u "phoenix" -p "$USER_PASSWORD" -pp "INVENTORY_MASTER_ALL_DEPARTMENTS,STAFF_MASTER_ALL_DEPARTMENTS,COURSE_MASTER_ALL_DEPARTMENTS,TRIAL_MASTER_ALL_DEPARTMENTS,PROBAND_MASTER_ALL_DEPARTMENTS,USER_ALL_DEPARTMENTS,INPUT_FIELD_MASTER,MASS_MAIL_MASTER_ALL_DEPARTMENTS,INVENTORY_MASTER_SEARCH,STAFF_MASTER_SEARCH,COURSE_MASTER_SEARCH,TRIAL_MASTER_SEARCH,PROBAND_MASTER_SEARCH,USER_MASTER_SEARCH,INPUT_FIELD_MASTER_SEARCH,MASS_MAIL_MASTER_SEARCH"
+
+sudo -u ctsms /ctsms/dbtool.sh -cu -dlk my_department -dp "$DEPARTMENT_PASSWORD" -u "my_department_signup_de" -p "my_department_signup_de" -ul de -pp "INVENTORY_VIEW_USER_DEPARTMENT,STAFF_DETAIL_IDENTITY,COURSE_VIEW_USER_DEPARTMENT,TRIAL_SIGNUP,PROBAND_SIGNUP,USER_ACTIVE_USER,INPUT_FIELD_VIEW,MASS_MAIL_SIGNUP,INVENTORY_NO_SEARCH,STAFF_NO_SEARCH,COURSE_NO_SEARCH,TRIAL_NO_SEARCH,PROBAND_NO_SEARCH,USER_NO_SEARCH,INPUT_FIELD_NO_SEARCH,MASS_MAIL_NO_SEARCH"
+sudo -u ctsms /ctsms/dbtool.sh -cu -dlk my_department -dp "$DEPARTMENT_PASSWORD" -u "my_department_signup_en" -p "my_department_signup_en" -ul en -pp "INVENTORY_VIEW_USER_DEPARTMENT,STAFF_DETAIL_IDENTITY,COURSE_VIEW_USER_DEPARTMENT,TRIAL_SIGNUP,PROBAND_SIGNUP,USER_ACTIVE_USER,INPUT_FIELD_VIEW,MASS_MAIL_SIGNUP,INVENTORY_NO_SEARCH,STAFF_NO_SEARCH,COURSE_NO_SEARCH,TRIAL_NO_SEARCH,PROBAND_NO_SEARCH,USER_NO_SEARCH,INPUT_FIELD_NO_SEARCH,MASS_MAIL_NO_SEARCH"
+
+CRON_PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
+sudo -u ctsms /ctsms/dbtool.sh -cu -dlk my_department -dp "$DEPARTMENT_PASSWORD" -u "my_department_cron" -p "$CRON_PASSWORD" -pp "INVENTORY_MASTER_ALL_DEPARTMENTS,STAFF_MASTER_ALL_DEPARTMENTS,COURSE_MASTER_ALL_DEPARTMENTS,TRIAL_MASTER_ALL_DEPARTMENTS,PROBAND_MASTER_ALL_DEPARTMENTS,USER_ALL_DEPARTMENTS,INPUT_FIELD_MASTER,MASS_MAIL_MASTER_ALL_DEPARTMENTS,INVENTORY_MASTER_SEARCH,STAFF_MASTER_SEARCH,COURSE_MASTER_SEARCH,TRIAL_MASTER_SEARCH,PROBAND_MASTER_SEARCH,USER_MASTER_SEARCH,INPUT_FIELD_MASTER_SEARCH,MASS_MAIL_MASTER_SEARCH"
+sed -r -i "s|ctsmsrestapi_password.*|ctsmsrestapi_password = ${CRON_PASSWORD}|" /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/ETL/Criteria/config.cfg
+sed -r -i "s|ctsmsrestapi_password.*|ctsmsrestapi_password = ${CRON_PASSWORD}|" /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/ETL/Duplicates/config.cfg
+sed -r -i "s|ctsmsrestapi_password.*|ctsmsrestapi_password = ${CRON_PASSWORD}|" /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/ETL/EcrfExporter/config.cfg
+sed -r -i "s|ctsmsrestapi_password.*|ctsmsrestapi_password = ${CRON_PASSWORD}|" /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/ETL/EcrfImporter/config.cfg
+sed -r -i "s|ctsmsrestapi_password.*|ctsmsrestapi_password = ${CRON_PASSWORD}|" /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/ETL/InquiryExporter/config.cfg
+
+IP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1  -d'/')
+sed -r -i "s|ctsms_base_uri.*|ctsms_base_uri: 'https://${IP}'|" /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/ETL/EcrfExporter/settings.yml
+sed -r -i "s|ctsms_base_uri.*|ctsms_base_uri: 'https://${IP}'|" /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/ETL/EcrfImporter/settings.yml
+sed -r -i "s|ctsms_base_uri.*|ctsms_base_uri: 'https://${IP}'|" /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/ETL/InquiryExporter/settings.yml
+sed -r -i "s|ctsms_base_uri.*|ctsms_base_uri: 'https://${IP}'|" /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/WebApps/Signup/settings.yml
+
+###create some default queries/reports
+cd /ctsms/bulk_processor/CTSMS/BulkProcessor/Projects/ETL/Criteria
+perl process.pl --task=create_criteria --force --skip-errors
+
+echo "The department passphrase for 'my_department' when adding users with /ctsms/dbtool.sh is '$DEPARTMENT_PASSWORD'."
+echo "Log in at https://$IP with username 'phoenix' password '$USER_PASSWORD'."

install/install_apache.sh

@@ -0,0 +1,20 @@
+###setup apache2
+apt-get -y install apache2 libapache2-mod-jk libapache2-mod-fcgid
+usermod --append --groups tomcat,ctsms www-data
+wget https://raw.githubusercontent.com/phoenixctms/install-debian/$TAG/apache/00_ctsms_http.conf -O /etc/apache2/sites-available/00_ctsms_http.conf
+wget https://raw.githubusercontent.com/phoenixctms/install-debian/$TAG/apache/00_ctsms_https.conf -O /etc/apache2/sites-available/00_ctsms_https.conf
+cp /ctsms/install/ports.conf /etc/apache2/ports.conf
+wget https://raw.githubusercontent.com/phoenixctms/install-debian/$TAG/apache/blocklist.conf -O /etc/apache2/blocklist.conf
+wget https://raw.githubusercontent.com/phoenixctms/install-debian/$TAG/apache/jk.conf -O /etc/apache2/mods-available/jk.conf
+a2dissite 000-default.conf
+a2ensite 00_ctsms_https.conf
+a2ensite 00_ctsms_http.conf
+a2enmod ssl
+a2enmod rewrite
+
+###deploy server certificate
+mkdir /etc/apache2/ssl
+HOST_NAME=$(hostname)
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -subj "/C=AT/ST=Austria/L=Graz/O=phoenix/CN=$HOST_NAME" -out /etc/apache2/ssl/apache.crt
+chmod 600 /etc/apache2/ssl/*
+systemctl reload apache2

install/install_cron.sh

@@ -0,0 +1,8 @@
+cp /ctsms/install/cron/ctsms /etc/cron.d/ctsms
+chown root:root /etc/cron.d/ctsms
+chmod 644 /etc/cron.d/ctsms
+cp /ctsms/install/cron/my_department /etc/cron.d/my_department
+chown root:root /etc/cron.d/my_department
+chmod 644 /etc/cron.d/my_department
+sed -r -i "s|-u cron -p 12345|-u my_department_cron -p ${CRON_PASSWORD}|" /etc/cron.d/my_department
+systemctl restart cron