331 lines
8.5 KiB
Bash
331 lines
8.5 KiB
Bash
#!/bin/bash
|
|
# MYP Platform - Raspberry Pi Setup Script
|
|
# Installiert und konfiguriert die MYP-Platform auf Raspberry Pi
|
|
|
|
set -e # Exit on any error
|
|
|
|
# Farben für Output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m' # No Color
|
|
|
|
# Logging-Funktion
|
|
log() {
|
|
echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')] $1${NC}"
|
|
}
|
|
|
|
error() {
|
|
echo -e "${RED}[ERROR] $1${NC}" >&2
|
|
}
|
|
|
|
warning() {
|
|
echo -e "${YELLOW}[WARNING] $1${NC}"
|
|
}
|
|
|
|
info() {
|
|
echo -e "${BLUE}[INFO] $1${NC}"
|
|
}
|
|
|
|
# Variablen
|
|
PROJECT_DIR="/home/user/Projektarbeit-MYP"
|
|
BACKEND_DIR="$PROJECT_DIR/backend"
|
|
APP_DIR="$BACKEND_DIR/app"
|
|
VENV_DIR="$BACKEND_DIR/venv"
|
|
SERVICE_NAME="myp-platform"
|
|
USER="user"
|
|
|
|
log "=== MYP Platform Raspberry Pi Setup ==="
|
|
log "Projekt-Verzeichnis: $PROJECT_DIR"
|
|
log "Backend-Verzeichnis: $BACKEND_DIR"
|
|
log "App-Verzeichnis: $APP_DIR"
|
|
|
|
# Prüfen, ob als root ausgeführt wird
|
|
if [[ $EUID -eq 0 ]]; then
|
|
error "Dieses Skript sollte nicht als root ausgeführt werden!"
|
|
exit 1
|
|
fi
|
|
|
|
# System-Updates
|
|
log "1. System-Updates installieren..."
|
|
sudo apt update && sudo apt upgrade -y
|
|
|
|
# Notwendige System-Pakete installieren
|
|
log "2. System-Pakete installieren..."
|
|
sudo apt install -y \
|
|
python3 \
|
|
python3-pip \
|
|
python3-venv \
|
|
python3-dev \
|
|
build-essential \
|
|
libssl-dev \
|
|
libffi-dev \
|
|
libsqlite3-dev \
|
|
git \
|
|
curl \
|
|
wget \
|
|
nginx \
|
|
supervisor \
|
|
sqlite3 \
|
|
openssl \
|
|
ca-certificates \
|
|
net-tools \
|
|
htop \
|
|
vim \
|
|
nano
|
|
|
|
# Python Virtual Environment erstellen
|
|
log "3. Python Virtual Environment erstellen..."
|
|
if [ ! -d "$VENV_DIR" ]; then
|
|
python3 -m venv "$VENV_DIR"
|
|
log "Virtual Environment erstellt: $VENV_DIR"
|
|
else
|
|
log "Virtual Environment existiert bereits: $VENV_DIR"
|
|
fi
|
|
|
|
# Virtual Environment aktivieren
|
|
log "4. Virtual Environment aktivieren..."
|
|
source "$VENV_DIR/bin/activate"
|
|
|
|
# Pip upgraden
|
|
log "5. Pip upgraden..."
|
|
pip install --upgrade pip setuptools wheel
|
|
|
|
# Python-Abhängigkeiten installieren
|
|
log "6. Python-Abhängigkeiten installieren..."
|
|
if [ -f "$BACKEND_DIR/requirements.txt" ]; then
|
|
pip install -r "$BACKEND_DIR/requirements.txt"
|
|
log "Abhängigkeiten aus requirements.txt installiert"
|
|
else
|
|
error "requirements.txt nicht gefunden in $BACKEND_DIR"
|
|
exit 1
|
|
fi
|
|
|
|
# Verzeichnisse erstellen
|
|
log "7. Notwendige Verzeichnisse erstellen..."
|
|
mkdir -p "$APP_DIR/database"
|
|
mkdir -p "$APP_DIR/logs/app"
|
|
mkdir -p "$APP_DIR/logs/auth"
|
|
mkdir -p "$APP_DIR/logs/jobs"
|
|
mkdir -p "$APP_DIR/logs/printers"
|
|
mkdir -p "$APP_DIR/logs/scheduler"
|
|
mkdir -p "$APP_DIR/logs/errors"
|
|
mkdir -p "$BACKEND_DIR/certs"
|
|
mkdir -p "$PROJECT_DIR/frontend/ssl"
|
|
|
|
# Berechtigungen setzen
|
|
log "8. Berechtigungen setzen..."
|
|
chown -R $USER:$USER "$PROJECT_DIR"
|
|
chmod -R 755 "$PROJECT_DIR"
|
|
chmod -R 700 "$APP_DIR/logs"
|
|
chmod -R 700 "$BACKEND_DIR/certs"
|
|
|
|
# Datenbank initialisieren
|
|
log "9. Datenbank initialisieren..."
|
|
cd "$APP_DIR"
|
|
if [ ! -f "database/myp.db" ]; then
|
|
python3 -c "
|
|
import sys
|
|
sys.path.append('.')
|
|
from models import init_database, create_initial_admin
|
|
init_database()
|
|
create_initial_admin()
|
|
print('Datenbank initialisiert und Admin-Benutzer erstellt')
|
|
"
|
|
log "Datenbank erfolgreich initialisiert"
|
|
else
|
|
log "Datenbank existiert bereits"
|
|
fi
|
|
|
|
# SSL-Zertifikate generieren
|
|
log "10. SSL-Zertifikate generieren..."
|
|
python3 -c "
|
|
import sys
|
|
sys.path.append('.')
|
|
from utils.ssl_manager import ssl_manager
|
|
success = ssl_manager.generate_mercedes_certificate()
|
|
if success:
|
|
print('SSL-Zertifikate erfolgreich generiert')
|
|
else:
|
|
print('Fehler beim Generieren der SSL-Zertifikate')
|
|
"
|
|
|
|
# Systemd Service erstellen
|
|
log "11. Systemd Service konfigurieren..."
|
|
sudo tee "/etc/systemd/system/$SERVICE_NAME.service" > /dev/null <<EOF
|
|
[Unit]
|
|
Description=MYP Platform - 3D Printer Management System
|
|
After=network.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=$USER
|
|
Group=$USER
|
|
WorkingDirectory=$APP_DIR
|
|
Environment=PATH=$VENV_DIR/bin
|
|
ExecStart=$VENV_DIR/bin/python app.py
|
|
Restart=always
|
|
RestartSec=10
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=myp-platform
|
|
|
|
# Umgebungsvariablen
|
|
Environment=FLASK_ENV=production
|
|
Environment=FLASK_DEBUG=False
|
|
Environment=MYP_SSL_ENABLED=True
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
# Nginx-Konfiguration erstellen
|
|
log "12. Nginx konfigurieren..."
|
|
sudo tee "/etc/nginx/sites-available/$SERVICE_NAME" > /dev/null <<EOF
|
|
server {
|
|
listen 80;
|
|
server_name raspberrypi localhost;
|
|
|
|
# HTTP zu HTTPS weiterleiten
|
|
return 301 https://\$server_name\$request_uri;
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
server_name raspberrypi localhost;
|
|
|
|
# SSL-Konfiguration
|
|
ssl_certificate $BACKEND_DIR/certs/myp.crt;
|
|
ssl_certificate_key $BACKEND_DIR/certs/myp.key;
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
|
|
ssl_prefer_server_ciphers off;
|
|
|
|
# Proxy zu Flask-App
|
|
location / {
|
|
proxy_pass https://127.0.0.1:443;
|
|
proxy_set_header Host \$host;
|
|
proxy_set_header X-Real-IP \$remote_addr;
|
|
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
proxy_ssl_verify off;
|
|
}
|
|
|
|
# Statische Dateien
|
|
location /static {
|
|
alias $APP_DIR/static;
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
}
|
|
EOF
|
|
|
|
# Nginx Site aktivieren
|
|
sudo ln -sf "/etc/nginx/sites-available/$SERVICE_NAME" "/etc/nginx/sites-enabled/"
|
|
sudo rm -f /etc/nginx/sites-enabled/default
|
|
|
|
# Supervisor-Konfiguration erstellen
|
|
log "13. Supervisor konfigurieren..."
|
|
sudo tee "/etc/supervisor/conf.d/$SERVICE_NAME.conf" > /dev/null <<EOF
|
|
[program:myp-platform]
|
|
command=$VENV_DIR/bin/python app.py
|
|
directory=$APP_DIR
|
|
user=$USER
|
|
autostart=true
|
|
autorestart=true
|
|
redirect_stderr=true
|
|
stdout_logfile=$APP_DIR/logs/app/supervisor.log
|
|
stdout_logfile_maxbytes=10MB
|
|
stdout_logfile_backups=5
|
|
environment=PATH="$VENV_DIR/bin",FLASK_ENV="production",MYP_SSL_ENABLED="True"
|
|
EOF
|
|
|
|
# Firewall konfigurieren
|
|
log "14. Firewall konfigurieren..."
|
|
sudo ufw allow 22/tcp # SSH
|
|
sudo ufw allow 80/tcp # HTTP
|
|
sudo ufw allow 443/tcp # HTTPS
|
|
sudo ufw --force enable
|
|
|
|
# Services aktivieren und starten
|
|
log "15. Services aktivieren und starten..."
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable "$SERVICE_NAME"
|
|
sudo systemctl enable nginx
|
|
sudo systemctl enable supervisor
|
|
|
|
# Nginx testen und starten
|
|
sudo nginx -t
|
|
sudo systemctl restart nginx
|
|
|
|
# Supervisor neu laden
|
|
sudo supervisorctl reread
|
|
sudo supervisorctl update
|
|
|
|
# MYP Service starten
|
|
sudo systemctl start "$SERVICE_NAME"
|
|
|
|
# Status prüfen
|
|
log "16. Service-Status prüfen..."
|
|
sleep 5
|
|
|
|
if sudo systemctl is-active --quiet "$SERVICE_NAME"; then
|
|
log "✅ MYP Platform Service läuft"
|
|
else
|
|
error "❌ MYP Platform Service konnte nicht gestartet werden"
|
|
sudo systemctl status "$SERVICE_NAME"
|
|
fi
|
|
|
|
if sudo systemctl is-active --quiet nginx; then
|
|
log "✅ Nginx läuft"
|
|
else
|
|
error "❌ Nginx konnte nicht gestartet werden"
|
|
sudo systemctl status nginx
|
|
fi
|
|
|
|
# Netzwerk-Informationen anzeigen
|
|
log "17. Netzwerk-Informationen..."
|
|
IP_ADDRESS=$(hostname -I | awk '{print $1}')
|
|
log "IP-Adresse: $IP_ADDRESS"
|
|
log "Hostname: $(hostname)"
|
|
|
|
# Abschluss-Informationen
|
|
log "=== Setup abgeschlossen! ==="
|
|
log ""
|
|
log "🎉 MYP Platform wurde erfolgreich installiert!"
|
|
log ""
|
|
log "📋 Zugriff auf die Anwendung:"
|
|
log " • HTTPS: https://$IP_ADDRESS"
|
|
log " • HTTPS: https://raspberrypi (falls DNS konfiguriert)"
|
|
log ""
|
|
log "👤 Standard-Anmeldedaten:"
|
|
log " • E-Mail: admin@mercedes-benz.com"
|
|
log " • Passwort: 744563017196A"
|
|
log ""
|
|
log "🔧 Nützliche Befehle:"
|
|
log " • Service-Status: sudo systemctl status $SERVICE_NAME"
|
|
log " • Service neu starten: sudo systemctl restart $SERVICE_NAME"
|
|
log " • Logs anzeigen: sudo journalctl -u $SERVICE_NAME -f"
|
|
log " • Nginx-Status: sudo systemctl status nginx"
|
|
log ""
|
|
log "📁 Wichtige Verzeichnisse:"
|
|
log " • Anwendung: $APP_DIR"
|
|
log " • Logs: $APP_DIR/logs"
|
|
log " • Datenbank: $APP_DIR/database/myp.db"
|
|
log " • SSL-Zertifikate: $BACKEND_DIR/certs"
|
|
log ""
|
|
log "⚠️ Hinweise:"
|
|
log " • Das SSL-Zertifikat ist selbstsigniert"
|
|
log " • Browser-Warnung beim ersten Zugriff ist normal"
|
|
log " • Zertifikat kann manuell akzeptiert werden"
|
|
log ""
|
|
log "🔄 Bei Problemen:"
|
|
log " • Logs prüfen: sudo journalctl -u $SERVICE_NAME"
|
|
log " • Service neu starten: sudo systemctl restart $SERVICE_NAME"
|
|
log " • Nginx-Konfiguration testen: sudo nginx -t"
|
|
|
|
# Deaktiviere Virtual Environment
|
|
deactivate
|
|
|
|
log "Setup-Skript beendet. Die MYP Platform ist einsatzbereit!" |