diff --git a/conf/cron/miab_solr b/conf/cron/miab_solr index 205fe2d8..7dafd5cc 100644 --- a/conf/cron/miab_solr +++ b/conf/cron/miab_solr @@ -1,2 +1,2 @@ -* */1 * * * root /usr/bin/curl -s http://127.0.0.1:8983/solr/update?commit=true >/dev/null 2>&1 +1 */1 * * * root /usr/bin/curl -s http://127.0.0.1:8983/solr/update?commit=true >/dev/null 2>&1 30 3 * * * root /usr/bin/curl -s http://127.0.0.1:8983/solr/update?optimize=true >/dev/null 2>&1 diff --git a/conf/solr/solr.service b/conf/solr/solr.service index 599d9c64..ba336584 100644 --- a/conf/solr/solr.service +++ b/conf/solr/solr.service @@ -5,13 +5,12 @@ After=network.target [Service] Type=forking User=solr -PIDFile=/var/run/solr-8983.pid Environment=SOLR_INCLUDE=/etc/default/solr.in.sh ExecStart=/usr/local/lib/solr/bin/solr start ExecStop=/usr/local/lib/solr/bin/solr stop Restart=on-failure -ReadWritePaths=/var/lib/solr/ -ReadWritePaths=/var/lib/solr/data/ +#ReadWritePaths=/var/lib/solr/ +#ReadWritePaths=/var/lib/solr/data/ LimitNOFILE=65000 LimitNPROC=65000 TimeoutSec=180s diff --git a/setup/dns.sh b/setup/dns.sh index 58607194..7117921e 100755 --- a/setup/dns.sh +++ b/setup/dns.sh @@ -68,6 +68,14 @@ done echo "include: /etc/nsd/zones.conf" >> /etc/nsd/nsd.conf; +# Add systemd override file to fix some permissions +mkdir -p /etc/systemd/system/nsd.service.d/ +cat > /etc/systemd/system/nsd.service.d/nsd-permissions.conf << EOF +[Service] +ReadWritePaths=/var/lib/nsd /etc/nsd /run /var/log /run/nsd +CapabilityBoundingSet=CAP_CHOWN CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_NET_ADMIN +EOF + # Attempting a late install of nsd (after configuration) apt_install nsd diff --git a/setup/solr.sh b/setup/solr.sh index 3c3bcae6..7396e317 100644 --- a/setup/solr.sh +++ b/setup/solr.sh @@ -25,9 +25,6 @@ source /etc/mailinabox.conf # load global vars echo "Installing Solr..." -# TODO remove after testing -set -x - apt_install dovecot-solr default-jre-headless VERSION=8.8.2 @@ -46,16 +43,15 @@ fi if [ $needs_update == 1 ]; then # install SOLR wget_verify \ - https://www.apache.org/dyn/closer.lua?action=download&filename=lucene/solr/$VERSION/solr-$VERSION.tgz \ + "https://www.apache.org/dyn/closer.lua?action=download&filename=lucene/solr/$VERSION/solr-$VERSION.tgz" \ $HASH \ /tmp/solr.tgz - tar xzf /tmp/solr.tgz solr-$VERSION/bin/install_solr_service.sh --strip-components=2 + tar xzf /tmp/solr-$VERSION.tgz -C /tmp solr-$VERSION/bin/install_solr_service.sh --strip-components=2 # install to usr/local, force update, do not start service on installation complete - bash /tmp/install_solr_service.sh solr.tgz -i /usr/local/lib -f -n + bash /tmp/install_solr_service.sh /tmp/solr-$VERSION.tgz -i /usr/local/lib -f -n - # TODO uncomment after testing - #rm -f /tmp/solr.tgz + rm -f /tmp/solr-$VERSION.tgz rm -f /tmp/install_solr_service.sh # stop and remove the init.d script @@ -63,25 +59,20 @@ if [ $needs_update == 1 ]; then update-rc.d solr remove fi -# Install systemd service -if [ ! -f "/lib/systemd/system/solr.service" ]; then - cp -f conf/solr/solr.service /lib/systemd/system/solr.service - hide_output systemctl link -f /lib/systemd/system/solr.service +# Add security +tools/editconf.py /etc/default/solr.in.sh \ + SOLR_IP_WHITELIST="127.0.0.1, [::1]" - # Reload systemctl to pickup the above changes - hide_output systemctl daemon-reload -fi +# Install systemd service +cp -f conf/solr/solr.service /lib/systemd/system/solr.service +# hide_output systemctl link -f /lib/systemd/system/solr.service + +# Reload systemctl to pickup the above changes +hide_output systemctl daemon-reload # Make sure service is enabled hide_output systemctl enable solr.service -# TODO: necessary? Solr requires a schema to tell it how to index data, this is provided by dovecot -# cp -f /usr/share/dovecot/solr-schema.xml /etc/solr/conf/schema.xml - -# Default config has an error with our config, placing our custom version -# TBD necessary? -#cp -f conf/solr/solr-jetty.xml /etc/solr/solr-jetty.xml - # Update the dovecot plugin configuration # # Break-imap-search makes search work the way users expect, rather than the way @@ -96,7 +87,7 @@ cat > /etc/dovecot/conf.d/90-plugin-fts.conf << EOF; plugin { fts = solr fts_autoindex = yes - fts_solr = break-imap-search url=http://127.0.0.1:8983/solr/ + fts_solr = url=http://127.0.0.1:8983/solr/dovecot } EOF @@ -105,20 +96,21 @@ hide_output install -m 755 conf/cron/miab_dovecot /etc/cron.daily/ hide_output install -m 644 conf/cron/miab_solr /etc/cron.d/ # Initialize solr dovecot instance -if [ ! -d "/var/sorl/data/dovecot" ]; then +if [ ! -d "/var/solr/data/dovecot" ]; then + # Starting solr might take a while + echo "Starting solr..." + hide_output systemctl restart solr.service + sudo -u solr /usr/local/lib/solr/bin/solr create -c dovecot rm -f /var/solr/data/dovecot/conf/schema.xml rm -f /var/solr/data/dovecot/conf/managed-schema rm -f /var/solr/data/dovecot/conf/solrconfig.xml cp -f conf/solr/solr-config-7.7.0.xml /var/solr/data/dovecot/conf/solrconfig.xml cp -f conf/solr/solr-schema-7.7.0.xml /var/solr/data/dovecot/conf/schema.xml + chown -R solr:solr /var/solr/data/dovecot/* fi -# TODO: add security -#SOLR_IP_WHITELIST="127.0.0.1, [::1]" - # Create new rsyslog config for solr -# TODO check programname cat > /etc/rsyslog.d/10-solr.conf < /etc/logrotate.d/solr <