26c4e0934d
Phase 1 - Internal reference cleanup:
- Delete dev_docs/meetings/ (internal meeting notes/transcripts)
- Replace hardcoded usernames (padak/matejkys/dasa) with deploy/generic
- Replace "Internal AI Data Analyst" with "AI Data Analyst"
- Replace keboola/internal_ai_data_analyst URLs with your-org/ai-data-analyst
- Replace /tmp/keboola_load/ with /tmp/data_analyst_staging/ in dev_docs
Phase 2 - Deployment hardening:
- Tighten sudoers wildcards to explicit paths (visudo, sudoers cp)
- setup.sh creates all groups (data-ops, dataread, data-private) and deploy user
- webapp-setup.sh copies sudoers-webapp from repo instead of inline definition
- deploy.sh conditional copy for data_description.md (not in git for OSS)
- deploy.sh ownership changed to deploy:data-ops for /data/{scripts,docs,examples}
Phase 3 - Config and misc:
- Add ${ENV_VAR} interpolation to config/loader.py
- Expand config/instance.yaml.example with all sections (admins, deployment, auth, etc.)
- Create config/.env.template for secret values
- Add MIT LICENSE
- Fix .gitignore: add .venv/, docs/data_description.md
- Fix README.md: CSV status Planned, remove metrics/, update license text
- Translate Czech comments in requirements.txt to English
- Fix test_account_service.py: mock username mapping instead of relying on instance config
All 118 tests pass.
102 lines
2.9 KiB
Bash
Executable file
102 lines
2.9 KiB
Bash
Executable file
#!/bin/bash
|
|
# Initial setup script for Data Analyst server
|
|
# Run this ONCE on the server to set up the environment
|
|
# Must be run as root or with sudo
|
|
|
|
set -euo pipefail
|
|
|
|
APP_DIR="/opt/data-analyst"
|
|
REPO_URL="${REPO_URL:-https://github.com/your-org/ai-data-analyst.git}"
|
|
|
|
echo "=== Data Analyst Server Setup ==="
|
|
echo ""
|
|
|
|
# Check if running as root
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo "This script must be run as root (use sudo)"
|
|
exit 1
|
|
fi
|
|
|
|
# Install required system packages
|
|
echo "Installing required system packages..."
|
|
apt-get update -qq
|
|
apt-get install -y rsync
|
|
echo " rsync installed"
|
|
|
|
# Create groups
|
|
for group in data-ops dataread data-private; do
|
|
if ! getent group "$group" > /dev/null 2>&1; then
|
|
groupadd "$group"
|
|
echo "Created group: $group"
|
|
fi
|
|
done
|
|
|
|
# Create deploy user (for CI/CD automated deployment)
|
|
if ! id deploy > /dev/null 2>&1; then
|
|
useradd -r -m -s /bin/bash -G data-ops deploy
|
|
echo "Created deploy user"
|
|
fi
|
|
|
|
# Create directory structure
|
|
echo "Creating directory structure..."
|
|
mkdir -p "${APP_DIR}"/{repo,.venv,logs}
|
|
|
|
# Check repository
|
|
if [[ ! -d "${APP_DIR}/repo/.git" ]]; then
|
|
echo "ERROR: Repository not found at ${APP_DIR}/repo"
|
|
echo "Please clone it first as deploy user:"
|
|
echo " sudo -u deploy git clone \${REPO_URL} ${APP_DIR}/repo"
|
|
exit 1
|
|
else
|
|
echo "Repository found at ${APP_DIR}/repo"
|
|
fi
|
|
|
|
# Create Python virtual environment
|
|
echo "Setting up Python virtual environment..."
|
|
python3 -m venv "${APP_DIR}/.venv"
|
|
source "${APP_DIR}/.venv/bin/activate"
|
|
pip install --upgrade pip
|
|
pip install -r "${APP_DIR}/repo/requirements.txt"
|
|
deactivate
|
|
|
|
# Install server management scripts
|
|
echo "Installing management scripts..."
|
|
for script in "${APP_DIR}/repo/server/bin"/*; do
|
|
if [[ -f "$script" ]]; then
|
|
script_name=$(basename "$script")
|
|
cp "$script" "/usr/local/bin/${script_name}"
|
|
chmod 755 "/usr/local/bin/${script_name}"
|
|
echo " Installed /usr/local/bin/${script_name}"
|
|
fi
|
|
done
|
|
|
|
# Set permissions
|
|
echo "Setting permissions..."
|
|
chown -R root:data-ops "$APP_DIR"
|
|
chmod -R 775 "$APP_DIR"
|
|
chmod -R g+s "$APP_DIR" # setgid so new files inherit group
|
|
|
|
# Create deploy log
|
|
touch "${APP_DIR}/logs/deploy.log"
|
|
chmod 664 "${APP_DIR}/logs/deploy.log"
|
|
|
|
echo ""
|
|
echo "=== Setup Complete ==="
|
|
echo ""
|
|
echo "Directory structure:"
|
|
echo " ${APP_DIR}/repo/ - Git repository"
|
|
echo " ${APP_DIR}/.venv/ - Python virtual environment"
|
|
echo " ${APP_DIR}/logs/ - Application logs"
|
|
echo ""
|
|
echo "Management commands installed:"
|
|
echo " add-admin - Add server administrator"
|
|
echo " add-analyst - Add data analyst"
|
|
echo " remove-analyst - Remove user"
|
|
echo " list-analysts - List all analysts"
|
|
echo ""
|
|
echo "Next steps:"
|
|
echo " 1. Add admin users to data-ops group:"
|
|
echo " usermod -aG data-ops <admin_username>"
|
|
echo ""
|
|
echo " 2. Set up GitHub Actions deploy key (see .github/workflows/deploy.yml)"
|
|
echo ""
|