Snipe-it: Installation from sources pulls from internet\detailed doc of install script missing

Created on 30 Jan 2017 · 15Comments · Source: snipe/snipe-it

Expected Behavior (or desired behavior if a feature request)

I expect that when provided with a package to install, no internet connections is assumed possible.
I sit in a corporate lab with no direct access to internet.

Because of this, running install.sh or snipeit.sh fails because both try to pull from internet.

Actual Behavior

Running install.sh or snipeit.sh fails because both try to pull from internet. Internet should not be an installation requirement.

Please confirm you have done the following before posting your bug report:

[ ] I have enabled debug mode
[X] I have read checked the Common Issues page

Please provide answers to these questions before posting your bug report:

Version of Snipe-IT you're running: 3.6.3
What OS and web server you're running Snipe-IT on: ubuntu 16.04
What method you used to install Snipe-IT (install.sh, manual installation, docker, etc): install.sh and snipeit.sh
WITH DEBUG TURNED ON, if you're getting an error in your browser, include that error
What specific Snipe-IT page you're on, and what specific element you're interacting with to trigger the error
If a stacktrace is provided in the error, include that too.
Any errors that appear in your browser's error console.
Confirm whether the error is reproduceable on the demo.
Include any additional information you can find in app/storage/logs and your webserver's logs.
Include what you've done so far in the installation, and if you got any error messages along the way.
Indicate whether or not you've manually edited any data directly in the database

provided by https://github.com/snipe/snipe-it/archive/v3.6.3.tar.gz

output from snipeit.sh

root@labint815:~/snipe-it-3.6.3# ./snipeit.sh 
[3;J

       _____       _                  __________
      / ___/____  (_)___  ___        /  _/_  __/
      \__ \/ __ \/ / __ \/ _ \______ / /  / /
     ___/ / / / / / /_/ /  __/_____// /  / /
    /____/_/ /_/_/ .___/\___/     /___/ /_/
                /_/



  Welcome to Snipe-IT Inventory Installer for Centos, Debian and Ubuntu!

  The installer has detected Ubuntu version 16.04 as the OS.
  Q. What is the FQDN of your server? (labint815.xxx.com): 
     Setting to labint815.xxx.com

  Q. Do you want me to automatically create the snipe database user password? (y/n) y

* Updating with apt-get update in the background... \




* Upgrading packages with apt-get upgrade in the background... \




* Setting up LAMP in the background... -
|

Extracting templates from packages: 100%
|


* Cloning Snipeit, extracting to /var/www/snipeit... -Cloning into '/var/www/snipeit'...
\fatal: unable to access 'https://github.com/snipe/snipe-it/': Failed to connect to github.com port 443: Connection timed out

output from install.sh

root@labint815:~/snipe-it-3.6.3# ./install.sh 
--2017-01-30 14:04:53--  https://raw.githubusercontent.com/snipe/snipe-it/master/snipeit.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.36.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.36.133|:443...

If I downloaded the archive, why would it clone the repo? And if it's new files then ship it to the archive, this makes no sense to me!
An offline installer is required.

I could eventually request access to a proxy in the network, if I do so, how do I specify my proxy config to your install process? At first sight it looks like it's not thought of.

The documentation is too small and not helpful if I don't want to run your scripts. I've already setup an apache and mariadb, I do not want to have your script do changes there. How do I do?

For that, users need the complete process documented step by step, command by command. i couldn't find any of that. I have to use your script.
Basically, after the Downloading page, it jumps straight to Configuring.
There is a page, manual installation, that is missing that start from a fresh just installed linux and explains which commands to type to setup dependencies (apache, DB etc..).
It's not that much work, basically explaining what your scripts are doing.

Also why 2 scripts? install.sh and/or snipeit.sh? I had to guess one of the 2 is for online installation but then assumed install.sh is the entry point when downloading the package but install.sh pulls from github...
So running both scripts will pull from internet, this is wrong. At least of them should do offline install.

So, to sum up:

if i download 3.6.3 tarball I assume it's an offline install (rightfully else why do i download a tarball) but install.sh pulls from internet, this is wrong, offline install is offline (corporate labs are cut from internet).
if I want to install everything for snipe IT to work, I feel like there is not enough documentation to explain what your script does(I don't have the time to read install.sh script and figure it out myself). So I'm not able to strip out the part I do not need.
add support for proxy settings for snipeit.sh (if I can do online install)
why shipping 2 install scripts in the tarball? In tarball only 1 single offline install script should be found.
add a page between downloading and configuring explaining in CLI copy/paste what I should run in my shell if I do not want to run your script (running your install script shouldn't be my only option else I'm stuck like now)

Thanks for your work, am looking forward to test your product.

Source

r1k0

Most helpful comment

Jumping in from the internet as another open source author to say that @r1k0 you seriously need to reevaluate how you interact with people who are providing you with tools for free (or even if you pay them, come to that). If it doesn't fit your specific edge case? Fine - give some constructive feedback. It is literally impossible for OSS to fit every permutation of every edge case every possible user has, and people like you shitting over work people do for free makes it that much less likely that they'll continue to do so in future.

Maybe a little more realisation that you're dealing with real people on the other end of github and a little less snark might serve you well in future.

jonlives on 31 Jan 2017

👍3

All 15 comments

A connection to the internet is required - that's just how composer works.

snipe on 31 Jan 2017

oh my, this is worse than I thought. I read the install script.
so with the tarball you guys clone again snipe IT (lol) then curl compose installer (lol) to then use it to fetch php deps (wtf). All this live pulling from the net.
Even if I had internet access this is so much beyond wtf. What about proxies? looks like an end year student project, definitely not corp grade. Barely OK for my home.
Also, it's not hard to not make your installation pull from internet. Why in the world would you think it's ok to pull from internet during an installation? Why would you manage pkgs deps online?
You guys needs some perspective, you 're missing crucial points regarding your users.

I'm infra and I'm trying to test various products for finance and service desk in our lab, functionally it seems I'm the type of users you intend to aim at. Practically, your implementation scopes me out of your product, how ironic...

r1k0 on 31 Jan 2017

install.sh/snipeit.sh is not a requirement to install. In fact, I'd go as far as to say it's not the preferred way to install. See https://snipe-it.readme.io/docs/installation for the more traditional way.

Regardless, you need some way of fetching files and dependencies. It's certainly possible to install/run snipe-it without being connected to the internet, but it does take some effort on your part to do.

Patches are always welcome to improve snipeit.sh/install.sh, it's one of those cool fancy things about open source software.

Toodles,

dmeltzer on 31 Jan 2017

"Regardless, you need some way of fetching files and dependencies. It's certainly possible to install/run snipe-it without being connected to the internet, but it does take some effort on your part to do."

That's what I need, clarification on that effort. I'm looking forward to read a more detailed documentation where I have the granularity to NOT run your script.
A howto that accurately details steps the script does with chapters for DB/apache2/etc which I can skip depending on what I already have set up.
Nowadays many companies are jumping on the devops approach. I put it all in ansible so I have playbooks for apache, mariadb, clustered or not and so on. I want to use the already approved corp ways to deploy mariadb and apache2 and then I'd like to jump to your doc and perform an offline installation of just your product.
This step shouldn't be more than extract a tarball maybe download a file or 2 (but then that should be in the tarball), import an sql schema, copy files here and there and be done with it.
Then I can make a playbook of it which acts as doc/backup and my loop is closed.

r1k0 on 31 Jan 2017

also the least to be done in the current state is provide support for passing proxy info. Why would I have to edit scripts and add wget/curl/git proxy option? Why hasn't this been put in variables? It looks like it's never been thought of.

r1k0 on 31 Jan 2017

So, I'm not sure what you're looking for here. If you want to just rage, that's cool, but I'm super busy, so next time keep it shorter please.

If you don't like the way we do stuff here, use another FOSS project. I can assure you that I am not a year end student. I've been in this industry for 20 years, have written two books, and at the very least, am far less of an asshole than you are, apparently.

The sh installer is literally the last install approach mentioned, because it is inelegant and sub-optimal, but enough people asked for it, so it exists. But any version of this requires access to the Internet. That's not a bug or a feature, it's just how modern web stuff works. PHP, rails, any of them. Welcome to the 21st century. It's considered bad form to check your dependencies into your repo for a variety of reasons you can look up on your own time.

You're welcome to not like my software. You're welcome to use whatever else works for you. You are not welcome to treat me like I'm an idiot because you can't make this work.

snipe on 31 Jan 2017

You're also quite welcome to go fuck yourself. I owe you nothing.

snipe on 31 Jan 2017

❤2

(lol)

snipe on 31 Jan 2017

👍1

Maybe a little more realisation that you're dealing with real people on the other end of github and a little less snark might serve you well in future.

jonlives on 31 Jan 2017

👍3

hehehe, fair enough. I wonder who's raging lol

If you can't take a constructive technical critic, snipe, then stay where you are lol, you probably have feelings for the product lol, sorry I scratched that, wasnt my intent.

I'm just astonished to see such amateurish scripting on a wannabe corp grade product, that's all.
pulling from the net, without proxy config says alot on the corp culture, basically little if none at all.

Also I wanted to try to evaluate the self hosted solution with the hosted solution in mind, I just told management that well, if the product reflects the installer the self hosted solution is a no no, and was about to ask some budget to trial a hosted solution.
I guess I4m not welcome

Thanks for the fucks, if you wanted to insult me, well, you missed :)
keep up the good vibes and thanks for the laugh

ps: don't be too proud of the crap you wrote (well I assume you wrote it since you're so touchy about it)

r1k0 on 31 Jan 2017

Pulling from the net is pretty much how every modern web-based system works. You might have heard of a tiny technology called ruby on rails? This is how web dev works now. I'm sorry if you missed that memo. People who call that amateurish scripting are people who literally don't understand how modern web development works. And it's okay if you don't - we all have our specialties, and this clearly isn't yours. But you don't need to be an asshole about it. You could, for example, ask why it needs the Internet to install. And then we'd explain it to you. Instead you ranted for a bit, and threw in some super fun "(lol)"s and "(wtf)"s.

Had you not been an asshole, we would have explained why these things are required and are quite common. Seriously, google it.

It's not about being touchy, it's about you treating people like shit.

So, no, your business is not welcome. I don't tolerate users or customers that treat me or my team like shit, and you will most definitely not be the exception.

Try GLPI or Tracmor. (Because I'm super sure someone who complains about an installer needing access to the Internet would definitely put their data on someone else's server. )

snipe on 31 Jan 2017

who cares now? do you? coz i surely dont

r1k0 on 31 Jan 2017

who cares now? do you? coz i surely dont

...says the person who commented again but allegedly doesn't care.

paragonie-scott on 31 Jan 2017

there I've unsubscribed now :)

talk shit all you want :)
or do somethign that matters and add proxy variables, this will be useful for someone else (if not me) crazy enough to think this has a place in a corp env.

too bad for you if you cant strip the shit out and see valid/helpful feedback. as I said, stay where you are, you're just fine.

r1k0 on 31 Jan 2017