EDUCATIC
/
digitaldemocratic
mirror of https://gitlab.com/digitaldemocratic/digitaldemocratic
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[sysadm] [dd-ctl] improvements and simplifications 

Amongst other things:
- Consolidates other scripts into dd-ctl
  - Notably: securize_conf.sh and sysadm/debian_docker_and_compose.sh
    are due for deletion
- gives dd-ctl a better structure for future maintainability
- libffi-dev is needed on Debian buster, which is the recommended OS
- Installs the dictionaries as a prerequisite for securize

This paves the way to a simpler installation
Evilham 2022-05-23 13:43:00 +02:00
parent dafd45612e
commit f5c9334aac
No known key found for this signature in database
GPG Key ID: AE3EE30D970886BF
3 changed files with 260 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

380
dd-ctl
View File

@ -1,40 +1,101 @@
#!/bin/bash
if [ ! -d "custom" ]; then echo "You need to copy custom.sample to custom folder and adapt it to your needs." && exit 1; fi
if [ ! -f "digitaldemocratic.conf" ]; then echo "You need to copy digitaldemocratic.conf.sample to digitaldemocratic.conf and adapt" && exit 1; fi
#!/usr/bin/env bash
OPERATION="$1"
if [ -z "$OPERATION" ]; then
set +x
echo "Missing command."
echo " Example: ./dd.ctl [operation]"
echo " Update repository: ./dd-ctl repo-update [branch-name] (defaults to master)"
echo " Bring the current project up: ./dd-ctl all"
echo " Build the compose files: ./dd-ctl build"
echo " Regenerate docker-compose.yml from conf: ./dd-ctl yml"
echo " Build the devel compose files: ./dd-ctl build-devel"
echo " Start the project when stopped: ./dd-ctl up"
echo " Stop the project when started: ./dd-ctl down"
echo " Apply customizations: ./dd-ctl customize"
echo " Update SAML certificates: ./dd-ctl saml"
echo " Upgrade plugins: ./dd-ctl upgrade-plugins"
echo " Branding (custom/img, custom/menu): ./dd-ctl branding"
echo " Restart api if changes applied (development): ./dd-ctl restart-api"
echo " Generate adminer.yml to access DBs: ./dd-ctl adminer"
echo " Rescan nextcloud data folders: ./dd-ctl nextcloud-scan"
exit 1
help() {
cat <<-EOF
Example: ./dd.ctl [operation] [arguments]
For a new installation, you usually will want to run:
./dd-ctl repo-update
./dd-ctl prerequisites
./dd-ctl securize
./dd-ctl all
./dd-ctl saml
Generate adminer.yml to access DBs: ./dd-ctl adminer
Bring the current project up: ./dd-ctl all
Branding (custom/img, custom/menu): ./dd-ctl branding
Build the compose files: ./dd-ctl build
Build the devel compose files: ./dd-ctl build-devel
Apply customizations: ./dd-ctl customize
Stop the project when started: ./dd-ctl down
Rescan nextcloud data folders: ./dd-ctl nextcloud-scan
Install all prerequisites for installation: ./dd-ctl prerequisites
Update repository: ./dd-ctl repo-update [branch-name] (defaults to master)
Restart api if changes applied (development): ./dd-ctl restart-api
Update SAML certificates: ./dd-ctl saml
Set secure passwords in digitaldemocratic.conf: ./dd-ctl securize
Set a config variable in digitaldemocratic.conf: ./dd-ctl setconf VARIABLE [VALUE]
Start the project when stopped: ./dd-ctl up
Upgrade plugins: ./dd-ctl upgrade-plugins
Regenerate docker-compose.yml from conf: ./dd-ctl yml
EOF
}
# Help messages
if [ -z "$OPERATION" ] || [ "$OPERATION" = "-h" ] || [ "$OPERATION" = "--help" ]; then
test -n "$OPERATION" || printf "Missing command.\n\n"
help
exit
fi
BRANCH="$2"
if [ -z "$BRANCH" ]; then
BRANCH="master"
# Sanity checks
if [ "$OPERATION" != "prerequisites" ]; then
if [ ! -d "custom" ]; then
echo "You need to copy custom.sample to custom folder and adapt it to your needs."
exit 1
fi
if [ ! -f "digitaldemocratic.conf" ]; then
echo "You need to copy digitaldemocratic.conf.sample to digitaldemocratic.conf and adapt"
exit 1
fi
fi
BRANCH="${2:-master}"
cp digitaldemocratic.conf .env
CUSTOM_PATH=$(pwd)
. ./.env
prerequisites_docker(){
# Remove uncompatible docker packages
for pkg in docker docker-engine docker.io containerd runc; do
if dpkg -s "${pkg}" >/dev/null; then
apt-get remove -y "${pkg}"
fi
done
# Install upstream-docker repo pre-requisites
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common \
git \
unzip \
libffi-dev
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/debian \
$(lsb_release -cs) \
stable"
apt-get update -y
# docker-ce must be used instead of the one from the distro
apt-get install -y docker-ce docker-ce-cli containerd.io
apt-get install -y python3-pip
# docker-compose > 1.28 is required, latest will be installed
pip3 install docker-compose
}
prerequisites_pwd(){
apt-get install -y dictionaries-common wamerican
}
update_repo(){
git fetch && git checkout $BRANCH
git submodule update --init --recursive
@ -483,117 +544,170 @@ configure_nextcloud_logo(){
docker exec -u www-data isard-apps-nextcloud-app php occ config:app:set theming cachebuster --value="$(expr $cachebuster + 1 )"
}
if [ "$OPERATION" = "repo-update" ]; then
update_repo
fi
genpwd() {
if [ ! -f /usr/share/dict/words ]; then
prerequisites_pwd > /dev/null
fi
shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'"
}
if [ "$OPERATION" = "build" ]; then
securize() {
for dd_var in \
SMTP_PASSWORD \
ADMINAPP_PASSWORD \
DDADMIN_PASSWORD \
KEYCLOAK_PASSWORD \
KEYCLOAK_DB_PASSWORD \
POSTGRES_PASSWORD \
MARIADB_PASSWORD \
MOODLE_POSTGRES_PASSWORD \
MOODLE_ADMIN_PASSWORD \
NEXTCLOUD_POSTGRES_PASSWORD \
NEXTCLOUD_ADMIN_PASSWORD \
ETHERPAD_POSTGRES_PASSWORD \
ETHERPAD_ADMIN_PASSWORD \
WORDPRESS_MARIADB_PASSWORD \
WORDPRESS_ADMIN_PASSWORD \
IPA_ADMIN_PWD; do
setconf "${dd_var}" "$(genpwd)"
done
}
setconf() {
dd_var="$(echo "$1" | tr "[:lower:]" "[:upper:]")"
dd_val="$2"
dd_line="$(printf '%s="%s"' "${dd_var:?}" "${dd_val}")"
if grep -qE "^${dd_var:?}=" digitaldemocratic.conf; then
# Found uncommented, replace in-place
sed -i'' -E "s!^${dd_var:?}=.*\$!${dd_line}!" digitaldemocratic.conf
elif grep -qE "^#[[:space:]]*${dd_var:?}=" digitaldemocratic.conf; then
# Found commented, replace in-place
sed -i'' -E "s!^#[[:space:]]*${dd_var:?}=.*\$!${dd_line}!" digitaldemocratic.conf
else
# Not found, append
echo "${dd_line}" >> digitaldemocratic.conf
fi
}
# Argument handling
case "$OPERATION" in
build)
build
fi
;;
build-devel)
build_compose_develop
;;
adminer)
extras_adminer
;;
all)
build
up
if [ "$OPERATION" = "yml" ]; then
wait_for_moodle
upgrade_plugins_moodle
upgrade_plugins_nextcloud
upgrade_plugins_wp
setup_nextcloud
setup_wordpress
setup_moodle
setup_keycloak
saml_certificates
cat <<-EOF
#### After install ####
- SSO in moodle should be active. You can go to: https://moodle.$DOMAIN
If it fails, regenerate and lock certificate in moodle SAML2 connector as a local admin.
After that run ./dd-ctl saml
- SSO in nextcloud should be active. You can go to: https://nextcloud.$DOMAIN
- SSO in wordpress should be active. You should go to https://wp.$DOMAIN/wp-admin//plugins.php
#### Update customizations ####
- ./dd-ctl customize
EOF
;;
branding)
up
wait_for_moodle
update_logos_and_menu
;;
customize)
up
wait_for_moodle
setup_nextcloud
setup_wordpress
setup_moodle
;;
down)
down
;;
nextcloud-scan)
nextcloud_scan
;;
pgtuner)
extras_pgtuner
;;
prerequisites)
prerequisites_docker
prerequisites_pwd
;;
repo-update)
update_repo
;;
reset-data|reset-1714)
cat <<-EOF
# Following commands RESET ALL DATA except for certificates
# execute them only if you know what you are doing
# This *will* result in DATA LOSS
"$0" down
rm -rf /opt/digitaldemocratic/backup
rm -rf /opt/digitaldemocratic/data/*
rm -rf /opt/digitaldemocratic/db/*
rm -rf '$SRC_FOLDER/avatars'
rm -rf '$SRC_FOLDER/moodle'
rm -rf '$SRC_FOLDER/nextcloud'
rm -rf '$SRC_FOLDER/wordpress'
EOF
;;
restart-api)
up
wait_for_moodle
docker restart isard-sso-api
;;
saml)
up
wait_for_moodle
setup_keycloak
saml_certificates
;;
securize)
securize
;;
setconf)
setconf "$2" "$3"
;;
up)
up
;;
upgrade-plugins)
up
wait_for_moodle
upgrade_plugins_moodle
upgrade_plugins_nextcloud
upgrade_plugins_wp
;;
yml)
cp digitaldemocratic.conf .env
CUSTOM_PATH=$(pwd)
. ./.env
build_compose
fi
if [ "$OPERATION" = "build-devel" ]; then
build_compose_develop
fi
if [ "$OPERATION" = "up" ]; then
up
fi
if [ "$OPERATION" = "down" ]; then
down
fi
if [ "$OPERATION" = "customize" ]; then
up
wait_for_moodle
setup_nextcloud
setup_wordpress
setup_moodle
fi
if [ "$OPERATION" = "saml" ]; then
up
wait_for_moodle
setup_keycloak
saml_certificates
fi
if [ "$OPERATION" = "all" ]; then
build
up
wait_for_moodle
upgrade_plugins_moodle
upgrade_plugins_nextcloud
upgrade_plugins_wp
setup_nextcloud
setup_wordpress
setup_moodle
setup_keycloak
saml_certificates
echo "\n\n"
echo " #### After install ####"
echo " - SSO in moodle should be active. You can go to: https://moodle.$DOMAIN"
echo " If it fails, regenerate and lock certificate in moodle SAML2 connector as a local admin."
echo " After that run ./dd-ctl saml"
echo " - SSO in nextcloud should be active. You can go to: https://nextcloud.$DOMAIN"
echo " - SSO in wordpress should be active. You should go to https://wp.$DOMAIN/wp-admin//plugins.php "
echo "\n\n"
echo " #### Update customizations ####"
echo " - ./dd-ctl customize"
fi
if [ "$OPERATION" = "branding" ]; then
up
wait_for_moodle
update_logos_and_menu
fi
if [ "$OPERATION" = "upgrade-plugins" ]; then
up
wait_for_moodle
upgrade_plugins_moodle
upgrade_plugins_nextcloud
upgrade_plugins_wp
fi
if [ "$OPERATION" = "restart-api" ]; then
up
wait_for_moodle
docker restart isard-sso-api
fi
if [ "$OPERATION" = "adminer" ]; then
extras_adminer
fi
if [ "$OPERATION" = "pgtuner" ]; then
extras_pgtuner
fi
if [ "$OPERATION" = "reset-1714" ]; then
echo "Resetting all but certificates"
down
rm -rf /opt/digitaldemocratic/backup
rm -rf /opt/digitaldemocratic/data/*
rm -rf /opt/digitaldemocratic/db/*
rm -rf $SRC_FOLDER/avatars
rm -rf $SRC_FOLDER/moodle
rm -rf $SRC_FOLDER/nextcloud
rm -rf $SRC_FOLDER/wordpress
fi
if [ "$OPERATION" = "nextcloud-scan" ]; then
nextcloud_scan
fi
;;
*)
printf "Unknown command '%s'\n\n" "$OPERATION" >&2
help >&2
exit 1
;;
esac

54
securize_conf.sh
View File

@ -1,50 +1,10 @@
#!/bin/sh
apt install dictionaries-common wamerican -y
#!/bin/sh -eu
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^SMTP_PASSWORD=/c\SMTP_PASSWORD=$PWD" digitaldemocratic.conf
cd "$(dirname "$0")"
./dd-ctl securize
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^ADMINAPP_PASSWORD=/c\ADMINAPP_PASSWORD=$PWD" digitaldemocratic.conf
cat >&2 <<EOF
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^DDADMIN_PASSWORD=/c\DDADMIN_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^KEYCLOAK_PASSWORD=/c\KEYCLOAK_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^KEYCLOAK_DB_PASSWORD=/c\KEYCLOAK_DB_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^POSTGRES_PASSWORD=/c\POSTGRES_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^MARIADB_PASSWORD=/c\MARIADB_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^MOODLE_POSTGRES_PASSWORD=/c\MOODLE_POSTGRES_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^MOODLE_ADMIN_PASSWORD=/c\MOODLE_ADMIN_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^NEXTCLOUD_POSTGRES_PASSWORD=/c\NEXTCLOUD_POSTGRES_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^NEXTCLOUD_ADMIN_PASSWORD=/c\NEXTCLOUD_ADMIN_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^ETHERPAD_POSTGRES_PASSWORD=/c\ETHERPAD_POSTGRES_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^ETHERPAD_ADMIN_PASSWORD=/c\ETHERPAD_ADMIN_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^WORDPRESS_MARIADB_PASSWORD=/c\WORDPRESS_MARIADB_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^WORDPRESS_ADMIN_PASSWORD=/c\WORDPRESS_ADMIN_PASSWORD=$PWD" digitaldemocratic.conf
PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
sed -i "/^IPA_ADMIN_PWD=/c\IPA_ADMIN_PWD=$PWD" digitaldemocratic.conf
This script will be removed!
Please run './dd-ctl securize' in the future.
EOF

27
sysadm/debian_docker_and_compose.sh
View File

@ -1,21 +1,10 @@
apt-get remove docker docker-engine docker.io containerd runc
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common \
git \
unzip
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/debian \
$(lsb_release -cs) \
stable"
apt-get update -y
apt-get install -y docker-ce docker-ce-cli containerd.io
#!/bin/sh -eu
apt install python3-pip -y
pip3 install docker-compose
cd "$(dirname "$0")/.."
./dd-ctl prerequisites
apt install dictionaries-common wamerican -y
cat >&2 <<EOF
This script will be removed!
Please run './dd-ctl prerequisites' in the future.
EOF