Merge branch 'develop'

root 2021-09-28 16:00:31 +02:00
commit 88d2422adc
3 changed files with 232 additions and 108 deletions

View File

@ -72,7 +72,7 @@ cp -R custom.sample custom
Edita i substitueix els fitxers per personalitzar el sistema.
```
make all
./dd-ctl all
```
NOTA: L'autenticació SAML actualment es troba automatitzada:
@ -135,7 +135,7 @@ Copia recursivament la carpeta *custom.sample* a *custom* i edita els fitxers ya
### Iniciar el projecte
```
make all
./dd-ctl all
```
### Integració

View File

@ -72,7 +72,7 @@ cp -R custom.sample custom
Edit and replace files to personalize system.
```
make all
./dd-ctl all
```
NOTE: The SAML Auth in plugin automation status now is:
@ -134,7 +134,7 @@ Copia recursivament la carpeta *custom.sample* a *custom* i edita els fitxers ya
### Inicial el projecte
```
make all
./dd-ctl all
```
### Integració

332
Makefile → dd-ctl Normal file → Executable file
View File

@ -1,34 +1,42 @@
#!make
#!/bin/sh
# if [ ! -d "custom" ]; then echo "You need to copy custom.sample to custom folder and adapt." && exit 1; fi
# if [ ! -f "digitaldemocratic.conf" ]; then echo "You need to copy digitaldemocratic.conf.sample to .sample to custom folder and adapt" && exit 1; fi
# folder and adapt before bringing up." && exit 1; fi
if [ ! -d "custom" ]; then echo "You need to copy custom.sample to custom folder and adapt it to your needs." && exit 1; fi
if [ ! -f "digitaldemocratic.conf" ]; then echo "You need to copy digitaldemocratic.conf.sample to .sample to custom folder and adapt" && exit 1; fi
include digitaldemocratic.conf
export $(shell sed 's/=.*//' digitaldemocratic.conf)
OPERATION="$1"
if [ -z "$OPERATION" ]; then
set +x
echo "Missing command."
echo " Example: ./dd.ctl [operation] [branch]"
echo "./dd-ctl prepare"
echo "./dd-ctl build"
echo "./dd-ctl up"
echo "./dd-ctl down"
echo "./dd-ctl customize"
exit 1
fi
VERSION := 0.0.1-rc0
export VERSION
BRANCH="$2"
if [ -z "$BRANCH" ]; then
BRANCH="master"
fi
CUSTOM_PATH=$(shell pwd)
.PHONY: all
all: add-plugins
cp digitaldemocratic.conf .env
CUSTOM_PATH=$(pwd)
. ./.env
.PHONY: environment
environment:
prepare_submodules(){
git submodule update --init --recursive
mkdir -p custom/system/keycloak
cp -R isard-sso/docker/keycloak/themes custom/system/keycloak/
cp custom/login/logo.png custom/system/keycloak/themes/liiibrelite/login/resources/img/logo.png
cp custom/login/background.png custom/system/keycloak/themes/liiibrelite/login/resources/img/loginBG.png
cp custom/login/background.png custom/system/keycloak/themes/liiibrelite/login/resources/img/loginBG2.png
cp custom/login/style.css custom/system/keycloak/themes/liiibrelite/login/resources/css/
cd isard-apps && git fetch && git reset --hard origin/$BRANCH && cd ..
cd isard-sso && git fetch && git reset --hard origin/$BRANCH && cd ..
}
# Prepare apps environment
cp digitaldemocratic.conf isard-apps/.env
echo "CUSTOM_PATH=$(CUSTOM_PATH)" >> isard-apps/.env
echo "BUILD_ROOT_PATH=$(CUSTOM_PATH)/isard-apps" >> isard-apps/.env
prepare(){
## Prepare apps environment
cp .env isard-apps/.env
echo "CUSTOM_PATH=$CUSTOM_PATH" >> isard-apps/.env
echo "BUILD_ROOT_PATH=$CUSTOM_PATH/isard-apps" >> isard-apps/.env
cp isard-apps/.env isard-apps/docker/postgresql && \
cp isard-apps/.env isard-apps/docker/mariadb && \
cp isard-apps/.env isard-apps/docker/moodle && \
@ -36,17 +44,23 @@ environment:
cp isard-apps/.env isard-apps/docker/wordpress && \
cp isard-apps/.env isard-apps/docker/etherpad
# Prepare sso environment
cp digitaldemocratic.conf isard-sso/.env
echo "CUSTOM_PATH=$(CUSTOM_PATH)" >> isard-sso/.env
echo "BUILD_ROOT_PATH=$(CUSTOM_PATH)/isard-sso" >> isard-sso/.env
## Prepare sso environment
cp .env isard-sso/.env
echo "CUSTOM_PATH=$CUSTOM_PATH" >> isard-sso/.env
echo "BUILD_ROOT_PATH=$CUSTOM_PATH/isard-sso" >> isard-sso/.env
cp isard-sso/.env isard-sso/docker-compose-parts/.env
.PHONY: build
build: environment
echo CUSTOM_PATH=$(CUSTOM_PATH) > .env
echo BUILD_ROOT_PATH=$(CUSTOM_PATH)/isard-sso >> .env
mkdir -p custom/system/keycloak
cp -R isard-sso/docker/keycloak/themes custom/system/keycloak/
cp custom/login/logo.png custom/system/keycloak/themes/liiibrelite/login/resources/img/logo.png
cp custom/login/background.png custom/system/keycloak/themes/liiibrelite/login/resources/img/loginBG.png
cp custom/login/background.png custom/system/keycloak/themes/liiibrelite/login/resources/img/loginBG2.png
cp custom/login/style.css custom/system/keycloak/themes/liiibrelite/login/resources/css/
# Build compose ymls
echo CUSTOM_PATH=$CUSTOM_PATH > .env
echo BUILD_ROOT_PATH=$CUSTOM_PATH/isard-sso >> .env
docker-compose -f isard-sso/docker-compose-parts/haproxy.yml \
-f isard-sso/docker-compose-parts/api.yml \
-f isard-sso/docker-compose-parts/keycloak.yml \
@ -56,7 +70,7 @@ build: environment
-f isard-sso/docker-compose-parts/backup.yml \
config > sso.yml
#-f isard-sso/docker-compose-parts/freeipa.yml
echo BUILD_ROOT_PATH=$(CUSTOM_PATH)/isard-apps > .env
echo BUILD_ROOT_PATH=$CUSTOM_PATH/isard-apps > .env
docker-compose -f isard-apps/docker/moodle/moodle.yml \
-f isard-apps/docker/nextcloud/nextcloud.yml \
-f isard-apps/docker/wordpress/wordpress.yml \
@ -69,46 +83,29 @@ build: environment
config > apps.yml
docker-compose -f sso.yml -f apps.yml config > docker-compose.yml
rm sso.yml apps.yml
}
build(){
docker-compose build
}
.PHONY: up
up: build
docker-compose up -d --no-deps
up(){
docker-compose up -d
}
.PHONY: down
down:
down(){
docker-compose down
}
# .PHONY: remove
# remove: down
# rm -rf /opt/digitaldemocratic/postgres
# rm -rf /opt/digitaldemocratic/redis
# rm -rf /opt/digitaldemocratic/wordpress
# rm -rf /opt/digitaldemocratic/nextcloud
# rm -rf /opt/digitaldemocratic/mariadb
# rm -rf /opt/digitaldemocratic/freeipa
# Leaves haproxy folder with certificates. Remove manually to get new certificates.
.PHONY: add-plugins
add-plugins: connect-saml
# Add dd admin user (NOT USED, done in isard-sso-admin)
# docker exec isard-sso-keycloak /opt/jboss/keycloak/bin/add-user-keycloak.sh -u $$DDADMIN_USER -p $$DDADMIN_PASSWORD
# docker restart isard-sso-keycloak
# sleep 10
# docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=$$DDADMIN_PASSWORD && php occ user:add --password-from-env --display-name="DD Admin" --group="admin" $$DDADMIN_USER'
setup_nextcloud(){
echo " --> Applying custom settings in nextcloud"
# docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=$DDADMIN_PASSWORD && php occ user:add --password-from-env --display-name="DD Admin" --group="admin" $DDADMIN_USER'
# docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=admin && php occ user:delete admin'
# docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=LostAdminGroup && php occ user:add --password-from-env --display-name="Admin" --group="admin" admin'
# Wordpress
## Multisite
docker exec -ti isard-apps-wordpress /bin/sh -c "/multisite.sh"
docker exec -ti isard-apps-wordpress /bin/sh -c "if [ ! -d /var/www/html/wp-content/plugins/saml/onelogin-saml-sso ]; then cp -R /plugins/saml/onelogin-saml-sso /var/www/html/wp-content/plugins/; fi"
docker exec -ti isard-apps-wordpress /bin/sh -c "if [ ! -d /var/www/html/wp-content/mu-plugins ]; then cp -R /plugins/mu-plugins /var/www/html/wp-content/; fi"
# Nextcloud
#cp -R $$BUILD_ROOT_PATH/isard-apps/docker/nextcloud/themes/* $$DATA_FOLDER/nextcloud/themes/
#cp -R $BUILD_ROOT_PATH/isard-apps/docker/nextcloud/themes/* $DATA_FOLDER/nextcloud/themes/
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:system:set default_language --value="ca"
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:system:set skeletondirectory --value=''
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings app:disable firstrunwizard
@ -130,76 +127,203 @@ add-plugins: connect-saml
docker exec -ti isard-apps-nextcloud-app /bin/sh -c "/ownpad_cfg.sh"
docker exec -ti isard-apps-nextcloud-app /bin/sh -c "su - www-data -s /bin/sh -c 'PHP_MEMORY_LIMIT=512M php /var/www/html/occ app:enable ownpad'"
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set ownpad ownpad_etherpad_enable --value="yes"
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set ownpad ownpad_etherpad_host --value="https://pad.$$DOMAIN"
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set ownpad ownpad_etherpad_host --value="https://pad.$DOMAIN"
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings app:install onlyoffice
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice DocumentServerUrl --value="https://oof.$$DOMAIN"
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice DocumentServerUrl --value="https://oof.$DOMAIN"
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice jwt_secret --value="secret"
docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice jwt_header --value="Authorization"
# Allow nextcloud into other apps iframes
# Content-Security-Policy: frame-ancestors 'self' *.$$DOMAIN;
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$$allowedFrameAncestors = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Security-Policy: frame-ancestors 'self' *.$DOMAIN;
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedFrameAncestors = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Security-Policy: connect-src 'self' *.$$DOMAIN;
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$$allowedConnectDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Security-Policy: connect-src 'self' *.$DOMAIN;
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedConnectDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Security-Policy: img-src 'self' *.$$DOMAIN;
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$$allowedImageDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Security-Policy: img-src 'self' *.$DOMAIN;
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedImageDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Security-Policy: style-src 'self' *.$$DOMAIN;
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$$allowedStyleDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Security-Policy: style-src 'self' *.$DOMAIN;
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedStyleDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Security-Policy: font-src 'self' *.$$DOMAIN;
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$$allowedFontDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# Content-Security-Policy: font-src 'self' *.$DOMAIN;
docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$allowedFontDomains = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php
# CERTIFICATES FOR SAML
docker exec -ti isard-sso-admin /bin/sh -c "/admin/generate_certificates.sh"
# Fix onlyoffice size with custom navbar
docker exec isard-apps-nextcloud-app sed -ie 's/\(\s\+min-height: calc(100% - \)50\(px);\)/\175\2/' /var/www/html/custom_apps/onlyoffice/css/editor.css
}
# SAML PLUGIN NEXTCLOUD
docker exec -ti isard-sso-admin python3 /admin/nextcloud_saml.py
# SAML PLUGIN WORDPRESS
docker exec -ti isard-sso-admin python3 /admin/wordpress_saml.py
# SAML PLUGIN MOODLE
echo "To add SAML to moodle:"
echo "1.-Activate SAML plugin in moodle extensions, regenerate certificate, lock certificate"
echo "2.-Then run: docker exec -ti isard-sso-admin python3 /admin/nextcloud_saml.py"
echo "3.-"
# Moodle
setup_moodle(){
echo " --> Applying custom settings in moodle"
docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=guestloginbutton --set=0
docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=enrol_plugins_enabled --set=manual
docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=enablemobilewebservice --set=0
docker exec -ti isard-apps-moodle php7 admin/cli/cfg.php --name=enablebadges --set=0
docker exec -ti isard-apps-moodle php7 admin/cli/purge_caches.php
}
setup_wordpress(){
echo " --> Applying custom settings in wordpress"
## Multisite
docker exec -ti isard-apps-wordpress /bin/sh -c "/multisite.sh"
docker exec -ti isard-apps-wordpress /bin/sh -c "if [ ! -d /var/www/html/wp-content/plugins/saml/onelogin-saml-sso ]; then cp -R /plugins/saml/onelogin-saml-sso /var/www/html/wp-content/plugins/; fi"
docker exec -ti isard-apps-wordpress /bin/sh -c "if [ ! -d /var/www/html/wp-content/mu-plugins ]; then cp -R /plugins/mu-plugins /var/www/html/wp-content/; fi"
}
setup_keycloak(){
# Add dd admin user (NOT USED, done in isard-sso-admin)
# docker exec isard-sso-keycloak /opt/jboss/keycloak/bin/add-user-keycloak.sh -u $DDADMIN_USER -p $DDADMIN_PASSWORD
# docker restart isard-sso-keycloak
sleep 10
}
.PHONY: connect-saml
connect-saml: up
echo "Waiting for system to be fully up before personalizing... It can take some minutes..."
saml_certificates(){
wait_for_moodle
echo " --> Setting up SAML for moodle"
docker exec -ti isard-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/ && python3 moodle_saml.py"
docker exec -ti isard-apps-moodle php7 admin/cli/purge_caches.php
# CERTIFICATES FOR SAML
echo " --> Generating certificates for nextcloud and wordpress"
docker exec -ti isard-sso-admin /bin/sh -c "/admin/generate_certificates.sh"
# SAML PLUGIN NEXTCLOUD
echo " --> Setting up SAML for nextcloud"
docker exec -ti isard-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/ && python3 nextcloud_saml.py"
# SAML PLUGIN WORDPRESS
echo " --> Setting up SAML for wordpress"
docker exec -ti isard-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/ && python3 wordpress_saml.py"
# SAML PLUGIN MOODLE
# echo "To add SAML to moodle:"
# echo "1.-Activate SAML plugin in moodle extensions, regenerate certificate, lock certificate"
# echo "2.-Then run: docker exec -ti isard-sso-admin python3 /admin/nextcloud_saml.py"
# echo "3.-"
}
wait_for_moodle(){
echo "Waiting for system to be fully up before customizing... It can take some minutes..."
echo " (you can monitorize install with: docker logs isard-apps-moodle --follow"
while [ "`docker inspect -f {{.State.Health.Status}} isard-apps-moodle`" != "healthy" ]; do sleep 2; done
}
adminer:
docker-compose -f isard-apps/docker/network.yml \
-f isard-sso/docker-compose-parts/adminer.yml config > adminer.yml
pgtuner:
docker-compose -f isard-apps/docker/network.yml \
-f isard-sso/docker-compose-parts/pgtuner.yml config > pgtuner.yml
upgrade-moodle:
upgrade_moodle(){
docker exec -ti isard-apps-moodle php7 admin/cli/maintenance.php --enable
docker exec -ti isard-apps-moodle php7 admin/cli/upgrade.php --non-interactive --allow-unstable
docker exec -ti isard-apps-moodle php7 admin/cli/maintenance.php --disable
}
.PHONY: devel
devel: build
extras_adminer(){
docker-compose -f isard-apps/docker/network.yml \
-f isard-sso/docker-compose-parts/adminer.yml config > adminer.yml
echo " --> Generated adminer.yml"
echo " Bring it up: docker-compose -f adminer.yml up -d"
echo " Connect to: https://admin.$DOMAIN/isard-sso-adminer/"
echo " Parameters:"
echo " - System: PostgreSQL (or Mysql for wordpress db)"
echo " Server: isard-apps-postgresql (or isard-apps-mariadb for wordpress db)"
echo " User/Pass/Database from digitaldemocratic.conf"
}
extras_pgtuner(){
docker-compose -f isard-apps/docker/network.yml \
-f isard-sso/docker-compose-parts/pgtuner.yml config > pgtuner.yml
echo " --> Generated pgtuner.yml"
}
extras_develop(){
echo CUSTOM_PATH=$(CUSTOM_PATH) > .env
echo BUILD_ROOT_PATH=$(CUSTOM_PATH)/isard-sso >> .env
docker-compose -f docker-compose.yml \
-f isard-sso/docker-compose-parts/api.devel.yml \
-f isard-sso/docker-compose-parts/admin.devel.yml \
config > devel.yml
}
if [ "$OPERATION" = "prepare" ]; then
prepare_submodules
prepare
build
fi
if [ "$OPERATION" = "build" ]; then
prepare_submodules
prepare
build
fi
if [ "$OPERATION" = "up" ]; then
prepare_submodules
prepare
build
up
fi
if [ "$OPERATION" = "customize" ]; then
up
wait_for_moodle
setup_nextcloud
setup_wordpress
setup_moodle
fi
if [ "$OPERATION" = "saml" ]; then
up
saml_certificates
fi
if [ "$OPERATION" = "all" ]; then
prepare_submodules
prepare
build
up
wait_for_moodle
setup_nextcloud
setup_wordpress
setup_moodle
saml_certificates
echo "\n\n"
echo " #### After install ####"
echo " - SSO in moodle should be active. You can go to: https://moodle.$DOMAIN"
echo " - SSO in nextcloud should be active. You can go to: https://nextcloud.$DOMAIN"
echo " - SSO in wordpress needs manual activation. You should go to https://wp.$DOMAIN/wp-admin//plugins.php "
echo " and activate 'OneLogin SAML SSO' plugin"
echo "\n\n"
echo " #### Update customizations ####"
echo " - ./dd-ctl customize"
fi
if [ "$OPERATION" = "all-develop" ]; then
prepare
build
up
wait_for_moodle
setup_nextcloud
setup_wordpress
setup_moodle
saml_certificates
fi
if [ "$OPERATION" = "adminer" ]; then
extras_adminer
fi
if [ "$OPERATION" = "reset-7941" ]; then
echo "Resetting all but certificates"
docker-compose down
rm -rf /opt/digitaldemocratic/backup
rm -rf /opt/digitaldemocratic/data
rm -rf /opt/digitaldemocratic/db
rm -rf /opt/digitaldemocratic/src/avatars
rm -rf /opt/digitaldemocratic/src/moodle
rm -rf /opt/digitaldemocratic/src/nextcloud
rm -rf /opt/digitaldemocratic/src/wordpress
fi