1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dont-code_ynh.git synced 2024-09-03 18:26:34 +02:00

Working install / remove

This commit is contained in:
Gérard Collin 2022-12-29 10:06:04 +01:00
parent 51de1cc8e8
commit 52e6dcc7a0
8 changed files with 167 additions and 74 deletions

9
conf/.env Normal file
View file

@ -0,0 +1,9 @@
quarkus_http_host=127.0.0.1
quarkus_mongodb_projects_connection_string=mongodb://localhost:27017
projects_database_name=dontCodeProjects
quarkus_mongodb_data_connection_string=mongodb://localhost:27017
data_database_name=dontCodeData
document_directory=__DOCUMENT_PATH__
document_external_url=__DOCUMENT_URL__

6
conf/app.src Normal file
View file

@ -0,0 +1,6 @@
SOURCE_URL=https://github.com/dont-code/release/releases/download/v0.2.10/dont-code-release-runners.zip
SOURCE_SUM=f20bfa0423d48015a3507b0555d30d57fa594657a4bca55ad869fca8fbad125d
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=false
SOURCE_EXTRACT=true

View file

@ -0,0 +1 @@
__PUBLIC_KEY__

View file

@ -1,28 +1,54 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ { location __PATH__/ {
location __PATH__/ide {
# Path to source proxy_pass http://localhost:__PORT_IDE__/ide;
alias __FINALPATH__/; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
### Example PHP configuration (remove it if not used) proxy_set_header Connection "Upgrade";
index index.php; proxy_set_header Host $host;
proxy_read_timeout 86400s;
# Common parameter to increase upload size limit in conjunction with dedicated php-fpm file proxy_send_timeout 86400s;
#client_max_body_size 50M;
try_files $uri $uri/ index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
} }
### End of PHP configuration part
# Include SSOWAT user panel. location __PATH__/preview {
include conf.d/yunohost_panel.conf.inc; proxy_pass http://localhost:__PORT_PREVIEW__/preview;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
location __PATH__/project {
proxy_pass http://localhost:__PORT_PROJECT__/project;
proxy_set_header Host $host;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
location __PATH__/data {
proxy_pass http://localhost:__PORT_DATA__/data;
proxy_set_header Host $host;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
location __PATH__/documents {
proxy_pass http://localhost:__PORT_DATA__/documents;
proxy_set_header Host $host;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
client_max_body_size 15M;
}
location __PATH__/demo_project {
proxy_pass http://localhost:__PORT_PROJECT__/project;
proxy_set_header Host $host;
proxy_set_header DbName "dontCodeDemoProjects";
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
} }

View file

@ -1,14 +1,16 @@
[Unit] [Unit]
Description=Small description of the service Description=Dont-code __SERVICE_NAME__ service
After=network.target After=network.target
Requires=__MONGODB_SERVICENAME__.service
[Service] [Service]
Type=simple Type=simple
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
Environment="quarkus_http_port=__PORT__"
WorkingDirectory=__FINALPATH__/ WorkingDirectory=__FINALPATH__/
ExecStart=__FINALPATH__/script ExecStart=__YNH_JAVA__ -jar __SERVICE_NAME__-services-runner.jar
StandardOutput=append:/var/log/__APP__/__APP__.log StandardOutput=append:/var/log/__APP__/__SERVICE_NAME__-__APP__.log
StandardError=inherit StandardError=inherit
# Sandboxing options to harden security # Sandboxing options to harden security

View file

@ -1,6 +1,6 @@
{ {
"name": "Dont-code Services", "name": "Dont-Code Services",
"id": "dont-code-services", "id": "dont-code",
"packaging_format": 1, "packaging_format": 1,
"description": { "description": {
"en": "Install services and databases needed to support Dont-code platform", "en": "Install services and databases needed to support Dont-code platform",
@ -44,9 +44,10 @@
{ {
"name": "public_key", "name": "public_key",
"type": "string", "type": "string",
"optional": "true",
"ask": { "ask": {
"en": "This public_key allows you to update the services through ssh (as part of delivery process)", "en": "SSH Public key to allow service updates as part of delivery process, leave empty to disable.",
"fr": "Fournir ici une clef publique qui permettra de mettre à jour les services (via une deploiement automatique)" "fr": "Clef publique SSH permettant la mise à jour des services via une deploiement automatique, inactif si non renseigné."
} }
}, },
{ {

View file

@ -22,6 +22,8 @@ ynh_clean_setup () {
# Exit if an error occurs during the execution of the script # Exit if an error occurs during the execution of the script
ynh_abort_if_errors ynh_abort_if_errors
SERVICES_LIST=(ide preview project data)
#================================================= #=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST # RETRIEVE ARGUMENTS FROM THE MANIFEST
#================================================= #=================================================
@ -75,7 +77,7 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url
#================================================= #=================================================
# FIND AND OPEN A PORT # FIND AND OPEN A PORT
#================================================= #=================================================
ynh_script_progression --message="Finding an available port..." --weight=1 ynh_script_progression --message="Finding an available ports..." --weight=1
### Use these lines if you have to open a port for the application ### Use these lines if you have to open a port for the application
### `ynh_find_port` will find the first available port starting from the given port. ### `ynh_find_port` will find the first available port starting from the given port.
@ -83,8 +85,17 @@ ynh_script_progression --message="Finding an available port..." --weight=1
### - Remove the section "CLOSE A PORT" in the remove script ### - Remove the section "CLOSE A PORT" in the remove script
# Find an available port # Find an available port
port=$(ynh_find_port --port=8095) port_preview=$(ynh_find_port --port=8081)
ynh_app_setting_set --app=$app --key=port --value=$port ynh_app_setting_set --app=$app --key=port_preview --value=$port_preview
port_ide=$(ynh_find_port --port=8082)
ynh_app_setting_set --app=$app --key=port_ide --value=$port_ide
port_project=$(ynh_find_port --port=8083)
ynh_app_setting_set --app=$app --key=port_project --value=$port_project
port_data=$(ynh_find_port --port=8084)
ynh_app_setting_set --app=$app --key=port_data --value=$port_data
# define the list of port in the same order than the list of services
PORT_LIST=($port_ide $port_preview $port_project $port_data)
# Optional: Expose this port publicly # Optional: Expose this port publicly
# (N.B.: you only need to do this if the app actually needs to expose the port publicly. # (N.B.: you only need to do this if the app actually needs to expose the port publicly.
@ -121,27 +132,26 @@ ynh_install_mongo --mongo_version=6.0
ynh_script_progression --message="Configuring system user..." --weight=1 ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user # Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path" --use-shell --groups="ssh.app" ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell --groups="ssh.app"
#================================================= #=================================================
# CREATE A Mongo DATABASE # CREATE A Mongo DATABASE
#================================================= #=================================================
ynh_script_progression --message="Creating a Mongo database..." --weight=1 ynh_script_progression --message="Creating the Mongo databases..." --weight=1
### Use these lines if you need a database for the application. # No need to create the database for data and demoProjects, and the user is not used
### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password.
### The password will be stored as 'mysqlpwd' into the app settings,
### and will be available as $db_pwd
### If you're not using these lines:
### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script
### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script
### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script
db_name=$(ynh_sanitize_dbid --db_name=$app-projects) #db_project_name=$(ynh_sanitize_dbid --db_name="${app}-projects")
db_user=$db_name #db_demo_project_name=$(ynh_sanitize_dbid --db_name="${app}-demo-projects")
ynh_app_setting_set --app=$app --key=db_name --value=$db_name #db_data_name=$(ynh_sanitize_dbid --db_name="${app}-data")
ynh_mongo_setup_db --db_user=$db_user --db_name=$db_name db_user=$(ynh_sanitize_dbid --db_name="${app}")
#ynh_app_setting_set --app=$app --key=db_project_name --value=$db_project_name
#ynh_app_setting_set --app=$app --key=db_demo_project_name --value=$db_demo_project_name
#ynh_app_setting_set --app=$app --key=db_data_name --value=$db_data_name
#ynh_app_setting_set --app=$app --key=db_user --value=$db_user
#We should probably enable databases to the user, but for now, we connect through admin
ynh_mongo_setup_db --db_user=$db_user --db_name=dontCodeProjects
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
@ -166,17 +176,18 @@ chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path" chown -R $app:$app "$final_path"
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
# ynh_setup_source --dest_dir="$final_path" ynh_setup_source --dest_dir="$final_path"
if [ -n "$public_key" ] if [ -n "$public_key" ]
then then
#enable ssh access to the files for updates #enable ssh access to the files for updates
#todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh #todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh
mkdir $final_path .ssh mkdir --parents $final_path/.ssh
ynh_add_config --template="authorized_keys" --destination=".ssh/authorized_keys" ynh_add_config --template="authorized_keys" --destination="$final_path/.ssh/authorized_keys"
ynh_app_setting_set --app=$app --key=public_key --value=$public_key ynh_app_setting_set --app=$app --key=public_key --value=$public_key
chown -R $app:$app "$final_path/.ssh" chown -R $app:$app "$final_path/.ssh"
chmod 700 "$final_path/.ssh" chmod 700 "$final_path/.ssh"
chmod 600 "$final_path/.ssh/authorized-keys" chmod 600 "$final_path/.ssh/authorized_keys"
fi fi
@ -193,8 +204,17 @@ ynh_add_nginx_config
#================================================= #=================================================
# SPECIFIC SETUP # SPECIFIC SETUP
#================================================= #=================================================
# ... # Create document storage
#================================================= #=================================================
document_path=/var/www/$app/documents
test ! -e "$document_path" || ynh_die --message="This path already contains a folder"
mkdir --parents $document_path
chmod 750 "$document_path"
chmod -R o-rwx "$document_path"
chown -R $app:www-data "$document_path"
document_url=https://${domain}${path_url}/documents
#================================================= #=================================================
# DONT CREATE A DATA DIRECTORY # DONT CREATE A DATA DIRECTORY
@ -241,13 +261,13 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1
### ###
### Check the documentation of `ynh_add_config` for more info. ### Check the documentation of `ynh_add_config` for more info.
# ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" ynh_add_config --template=".env" --destination="$final_path/.env"
# FIXME: this should be handled by the core in the future # FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400, # You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config # for example if the app is expected to be able to modify its own config
#chmod 400 "$final_path/some_config_file" chmod 400 "$final_path/.env"
#chown $app:$app "$final_path/some_config_file" chown $app:$app "$final_path/.env"
### For more complex cases where you want to replace stuff using regexes, ### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) ### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
@ -272,8 +292,16 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=1
### - As well as the section "RESTORE SYSTEMD" in the restore script ### - As well as the section "RESTORE SYSTEMD" in the restore script
### - And the section "SETUP SYSTEMD" in the upgrade script ### - And the section "SETUP SYSTEMD" in the upgrade script
# Create a dedicated systemd config # Create a dedicated systemd config for each service
#ynh_add_systemd_config
service_list_length=${#SERVICES_LIST[@]}
for (( j=0; j<${service_list_length}; j++ ))
do
service_name=${SERVICES_LIST[$j]}
port=${PORT_LIST[$j]}
ynh_add_systemd_config --service="${app}-${service_name}"
done
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
@ -307,7 +335,10 @@ ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script ### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script
### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script ### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script
yunohost service add $app --description="Dont-code platform services" --log="/var/log/$app/$app.log" for service_name in "${SERVICES_LIST[@]}"
do
yunohost service add "${app}-${service_name}" --description="Dont-code platform ${service_name} service" --log="/var/log/${app}/${service_name}-${app}.log"
done
### Additional options starting with 3.8: ### Additional options starting with 3.8:
### ###
@ -328,7 +359,7 @@ yunohost service add $app --description="Dont-code platform services" --log="/va
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
#================================================= #=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_script_progression --message="Starting systemd services..." --weight=1
### `ynh_systemd_action` is used to start a systemd service for an app. ### `ynh_systemd_action` is used to start a systemd service for an app.
### Only needed if you have configure a systemd service ### Only needed if you have configure a systemd service
@ -339,7 +370,10 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script ### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script
# Start a systemd service # Start a systemd service
#ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" for service_name in "${SERVICES_LIST[@]}"
do
ynh_systemd_action --service_name="${app}-${service_name}" --action="start" --log_path="/var/log/$app/$app.log"
done
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT

View file

@ -19,23 +19,32 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port) port_ide=$(ynh_app_setting_get --app=$app --key=port_ide)
port_preview=$(ynh_app_setting_get --app=$app --key=port_preview)
port_project=$(ynh_app_setting_get --app=$app --key=port_project)
port_data=$(ynh_app_setting_get --app=$app --key=port_data)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
SERVICES_LIST=(ide preview project data)
PORT_LIST=($port_ide $port_preview $port_project $port_data)
#================================================= #=================================================
# STANDARD REMOVE # STANDARD REMOVE
#================================================= #=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST # REMOVE SERVICE INTEGRATION IN YUNOHOST
#================================================= #=================================================
ynh_script_progression --message="Removing $app services..." --weight=1
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) # Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null for service_name in "${SERVICES_LIST[@]}"
then do
ynh_script_progression --message="Removing $app service integration..." --weight=1 if ynh_exec_warn_less yunohost service status "${app}-${service_name}" >/dev/null
yunohost service remove $app then
fi yunohost service remove "${app}-${service_name}"
fi
done
#================================================= #=================================================
# STOP AND REMOVE SERVICE # STOP AND REMOVE SERVICE
@ -43,7 +52,10 @@ fi
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
# Remove the dedicated systemd config # Remove the dedicated systemd config
#ynh_remove_systemd_config for service_name in "${SERVICES_LIST[@]}"
do
ynh_remove_systemd_config --service="${app}-${service_name}"
done
#================================================= #=================================================
# REMOVE LOGROTATE CONFIGURATION # REMOVE LOGROTATE CONFIGURATION
@ -59,7 +71,9 @@ ynh_remove_logrotate
ynh_script_progression --message="Removing the Mongo database..." --weight=1 ynh_script_progression --message="Removing the Mongo database..." --weight=1
# Remove a database if it exists, along with the associated user # Remove a database if it exists, along with the associated user
ynh_mongo_remove_db --db_user=$db_user --db_name=$db_name ynh_mongo_remove_db --db_user=$db_user --db_name=dontCodeProjects
ynh_mongo_remove_db --db_user=$db_user --db_name=dontCodeDemoProjects
ynh_mongo_remove_db --db_user=$db_user --db_name=dontCodeData
# Remove mongo itself if not used anymore # Remove mongo itself if not used anymore
ynh_remove_mongo ynh_remove_mongo
@ -89,14 +103,17 @@ ynh_script_progression --message="Removing dependencies..." --weight=1
ynh_remove_app_dependencies ynh_remove_app_dependencies
#================================================= #=================================================
# CLOSE A PORT # CLOSE ALL PORTS
#================================================= #=================================================
if yunohost firewall list | grep -q "\- $port$" for port in "${PORT_LIST[@]}"
then do
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port..." --weight=1 ynh_script_progression --message="Closing port $port..." --weight=1
ynh_exec_warn_less yunohost firewall disallow TCP $port ynh_exec_warn_less yunohost firewall disallow TCP $port
fi fi
done
#================================================= #=================================================
# SPECIFIC REMOVE # SPECIFIC REMOVE
@ -105,9 +122,6 @@ fi
#================================================= #=================================================
ynh_script_progression --message="Removing various files..." --weight=1 ynh_script_progression --message="Removing various files..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
# Remove the log files # Remove the log files
ynh_secure_remove --file="/var/log/$app" ynh_secure_remove --file="/var/log/$app"