1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dont-code_ynh.git synced 2024-09-03 18:26:34 +02:00

Working install / remove

This commit is contained in:
Gérard Collin 2022-12-29 10:06:04 +01:00
parent 51de1cc8e8
commit 52e6dcc7a0
8 changed files with 167 additions and 74 deletions

9
conf/.env Normal file
View file

@ -0,0 +1,9 @@
quarkus_http_host=127.0.0.1
quarkus_mongodb_projects_connection_string=mongodb://localhost:27017
projects_database_name=dontCodeProjects
quarkus_mongodb_data_connection_string=mongodb://localhost:27017
data_database_name=dontCodeData
document_directory=__DOCUMENT_PATH__
document_external_url=__DOCUMENT_URL__

6
conf/app.src Normal file
View file

@ -0,0 +1,6 @@
SOURCE_URL=https://github.com/dont-code/release/releases/download/v0.2.10/dont-code-release-runners.zip
SOURCE_SUM=f20bfa0423d48015a3507b0555d30d57fa594657a4bca55ad869fca8fbad125d
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=false
SOURCE_EXTRACT=true

View file

@ -0,0 +1 @@
__PUBLIC_KEY__

View file

@ -1,28 +1,54 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
# Path to source
alias __FINALPATH__/;
### Example PHP configuration (remove it if not used)
index index.php;
# Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
#client_max_body_size 50M;
try_files $uri $uri/ index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
location __PATH__/ide {
proxy_pass http://localhost:__PORT_IDE__/ide;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
### End of PHP configuration part
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
location __PATH__/preview {
proxy_pass http://localhost:__PORT_PREVIEW__/preview;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
location __PATH__/project {
proxy_pass http://localhost:__PORT_PROJECT__/project;
proxy_set_header Host $host;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
location __PATH__/data {
proxy_pass http://localhost:__PORT_DATA__/data;
proxy_set_header Host $host;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
location __PATH__/documents {
proxy_pass http://localhost:__PORT_DATA__/documents;
proxy_set_header Host $host;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
client_max_body_size 15M;
}
location __PATH__/demo_project {
proxy_pass http://localhost:__PORT_PROJECT__/project;
proxy_set_header Host $host;
proxy_set_header DbName "dontCodeDemoProjects";
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
}

View file

@ -1,14 +1,16 @@
[Unit]
Description=Small description of the service
Description=Dont-code __SERVICE_NAME__ service
After=network.target
Requires=__MONGODB_SERVICENAME__.service
[Service]
Type=simple
User=__APP__
Group=__APP__
Environment="quarkus_http_port=__PORT__"
WorkingDirectory=__FINALPATH__/
ExecStart=__FINALPATH__/script
StandardOutput=append:/var/log/__APP__/__APP__.log
ExecStart=__YNH_JAVA__ -jar __SERVICE_NAME__-services-runner.jar
StandardOutput=append:/var/log/__APP__/__SERVICE_NAME__-__APP__.log
StandardError=inherit
# Sandboxing options to harden security

View file

@ -1,6 +1,6 @@
{
"name": "Dont-code Services",
"id": "dont-code-services",
"name": "Dont-Code Services",
"id": "dont-code",
"packaging_format": 1,
"description": {
"en": "Install services and databases needed to support Dont-code platform",
@ -44,9 +44,10 @@
{
"name": "public_key",
"type": "string",
"optional": "true",
"ask": {
"en": "This public_key allows you to update the services through ssh (as part of delivery process)",
"fr": "Fournir ici une clef publique qui permettra de mettre à jour les services (via une deploiement automatique)"
"en": "SSH Public key to allow service updates as part of delivery process, leave empty to disable.",
"fr": "Clef publique SSH permettant la mise à jour des services via une deploiement automatique, inactif si non renseigné."
}
},
{

View file

@ -22,6 +22,8 @@ ynh_clean_setup () {
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
SERVICES_LIST=(ide preview project data)
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
@ -75,7 +77,7 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..." --weight=1
ynh_script_progression --message="Finding an available ports..." --weight=1
### Use these lines if you have to open a port for the application
### `ynh_find_port` will find the first available port starting from the given port.
@ -83,8 +85,17 @@ ynh_script_progression --message="Finding an available port..." --weight=1
### - Remove the section "CLOSE A PORT" in the remove script
# Find an available port
port=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=port --value=$port
port_preview=$(ynh_find_port --port=8081)
ynh_app_setting_set --app=$app --key=port_preview --value=$port_preview
port_ide=$(ynh_find_port --port=8082)
ynh_app_setting_set --app=$app --key=port_ide --value=$port_ide
port_project=$(ynh_find_port --port=8083)
ynh_app_setting_set --app=$app --key=port_project --value=$port_project
port_data=$(ynh_find_port --port=8084)
ynh_app_setting_set --app=$app --key=port_data --value=$port_data
# define the list of port in the same order than the list of services
PORT_LIST=($port_ide $port_preview $port_project $port_data)
# Optional: Expose this port publicly
# (N.B.: you only need to do this if the app actually needs to expose the port publicly.
@ -121,27 +132,26 @@ ynh_install_mongo --mongo_version=6.0
ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path" --use-shell --groups="ssh.app"
ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell --groups="ssh.app"
#=================================================
# CREATE A Mongo DATABASE
#=================================================
ynh_script_progression --message="Creating a Mongo database..." --weight=1
ynh_script_progression --message="Creating the Mongo databases..." --weight=1
### Use these lines if you need a database for the application.
### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password.
### The password will be stored as 'mysqlpwd' into the app settings,
### and will be available as $db_pwd
### If you're not using these lines:
### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script
### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script
### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script
# No need to create the database for data and demoProjects, and the user is not used
db_name=$(ynh_sanitize_dbid --db_name=$app-projects)
db_user=$db_name
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_mongo_setup_db --db_user=$db_user --db_name=$db_name
#db_project_name=$(ynh_sanitize_dbid --db_name="${app}-projects")
#db_demo_project_name=$(ynh_sanitize_dbid --db_name="${app}-demo-projects")
#db_data_name=$(ynh_sanitize_dbid --db_name="${app}-data")
db_user=$(ynh_sanitize_dbid --db_name="${app}")
#ynh_app_setting_set --app=$app --key=db_project_name --value=$db_project_name
#ynh_app_setting_set --app=$app --key=db_demo_project_name --value=$db_demo_project_name
#ynh_app_setting_set --app=$app --key=db_data_name --value=$db_data_name
#ynh_app_setting_set --app=$app --key=db_user --value=$db_user
#We should probably enable databases to the user, but for now, we connect through admin
ynh_mongo_setup_db --db_user=$db_user --db_name=dontCodeProjects
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@ -166,17 +176,18 @@ chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
# Download, check integrity, uncompress and patch the source from app.src
# ynh_setup_source --dest_dir="$final_path"
ynh_setup_source --dest_dir="$final_path"
if [ -n "$public_key" ]
then
#enable ssh access to the files for updates
#todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh
mkdir $final_path .ssh
ynh_add_config --template="authorized_keys" --destination=".ssh/authorized_keys"
mkdir --parents $final_path/.ssh
ynh_add_config --template="authorized_keys" --destination="$final_path/.ssh/authorized_keys"
ynh_app_setting_set --app=$app --key=public_key --value=$public_key
chown -R $app:$app "$final_path/.ssh"
chmod 700 "$final_path/.ssh"
chmod 600 "$final_path/.ssh/authorized-keys"
chmod 600 "$final_path/.ssh/authorized_keys"
fi
@ -193,8 +204,17 @@ ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
# ...
# Create document storage
#=================================================
document_path=/var/www/$app/documents
test ! -e "$document_path" || ynh_die --message="This path already contains a folder"
mkdir --parents $document_path
chmod 750 "$document_path"
chmod -R o-rwx "$document_path"
chown -R $app:www-data "$document_path"
document_url=https://${domain}${path_url}/documents
#=================================================
# DONT CREATE A DATA DIRECTORY
@ -241,13 +261,13 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1
###
### Check the documentation of `ynh_add_config` for more info.
# ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file"
ynh_add_config --template=".env" --destination="$final_path/.env"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
#chmod 400 "$final_path/some_config_file"
#chown $app:$app "$final_path/some_config_file"
chmod 400 "$final_path/.env"
chown $app:$app "$final_path/.env"
### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
@ -272,8 +292,16 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=1
### - As well as the section "RESTORE SYSTEMD" in the restore script
### - And the section "SETUP SYSTEMD" in the upgrade script
# Create a dedicated systemd config
#ynh_add_systemd_config
# Create a dedicated systemd config for each service
service_list_length=${#SERVICES_LIST[@]}
for (( j=0; j<${service_list_length}; j++ ))
do
service_name=${SERVICES_LIST[$j]}
port=${PORT_LIST[$j]}
ynh_add_systemd_config --service="${app}-${service_name}"
done
#=================================================
# GENERIC FINALIZATION
@ -307,7 +335,10 @@ ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script
### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script
yunohost service add $app --description="Dont-code platform services" --log="/var/log/$app/$app.log"
for service_name in "${SERVICES_LIST[@]}"
do
yunohost service add "${app}-${service_name}" --description="Dont-code platform ${service_name} service" --log="/var/log/${app}/${service_name}-${app}.log"
done
### Additional options starting with 3.8:
###
@ -328,7 +359,7 @@ yunohost service add $app --description="Dont-code platform services" --log="/va
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_script_progression --message="Starting systemd services..." --weight=1
### `ynh_systemd_action` is used to start a systemd service for an app.
### Only needed if you have configure a systemd service
@ -339,7 +370,10 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script
# Start a systemd service
#ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
for service_name in "${SERVICES_LIST[@]}"
do
ynh_systemd_action --service_name="${app}-${service_name}" --action="start" --log_path="/var/log/$app/$app.log"
done
#=================================================
# SETUP SSOWAT

View file

@ -19,23 +19,32 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
port_ide=$(ynh_app_setting_get --app=$app --key=port_ide)
port_preview=$(ynh_app_setting_get --app=$app --key=port_preview)
port_project=$(ynh_app_setting_get --app=$app --key=port_project)
port_data=$(ynh_app_setting_get --app=$app --key=port_data)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
SERVICES_LIST=(ide preview project data)
PORT_LIST=($port_ide $port_preview $port_project $port_data)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
ynh_script_progression --message="Removing $app services..." --weight=1
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
for service_name in "${SERVICES_LIST[@]}"
do
if ynh_exec_warn_less yunohost service status "${app}-${service_name}" >/dev/null
then
ynh_script_progression --message="Removing $app service integration..." --weight=1
yunohost service remove $app
yunohost service remove "${app}-${service_name}"
fi
done
#=================================================
# STOP AND REMOVE SERVICE
@ -43,7 +52,10 @@ fi
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
# Remove the dedicated systemd config
#ynh_remove_systemd_config
for service_name in "${SERVICES_LIST[@]}"
do
ynh_remove_systemd_config --service="${app}-${service_name}"
done
#=================================================
# REMOVE LOGROTATE CONFIGURATION
@ -59,7 +71,9 @@ ynh_remove_logrotate
ynh_script_progression --message="Removing the Mongo database..." --weight=1
# Remove a database if it exists, along with the associated user
ynh_mongo_remove_db --db_user=$db_user --db_name=$db_name
ynh_mongo_remove_db --db_user=$db_user --db_name=dontCodeProjects
ynh_mongo_remove_db --db_user=$db_user --db_name=dontCodeDemoProjects
ynh_mongo_remove_db --db_user=$db_user --db_name=dontCodeData
# Remove mongo itself if not used anymore
ynh_remove_mongo
@ -89,14 +103,17 @@ ynh_script_progression --message="Removing dependencies..." --weight=1
ynh_remove_app_dependencies
#=================================================
# CLOSE A PORT
# CLOSE ALL PORTS
#=================================================
for port in "${PORT_LIST[@]}"
do
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port..." --weight=1
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
done
#=================================================
# SPECIFIC REMOVE
@ -105,9 +122,6 @@ fi
#=================================================
ynh_script_progression --message="Removing various files..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
# Remove the log files
ynh_secure_remove --file="/var/log/$app"