From 4ba997d08cf7d3cc3469efa14f72a55bd9c957c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Thu, 19 Jan 2023 20:30:33 +0100 Subject: [PATCH] Handle logging, logrotate, and cleanup remove script --- conf/endi.ini | 10 ++++----- scripts/install | 59 ++++--------------------------------------------- scripts/remove | 24 +------------------- 3 files changed, 10 insertions(+), 83 deletions(-) diff --git a/conf/endi.ini b/conf/endi.ini index 663f3ff..f33bfc2 100644 --- a/conf/endi.ini +++ b/conf/endi.ini @@ -170,7 +170,7 @@ keys = console, file, sqlfile, celery_file keys = generic, sqlfile [logger_root] -level = INFO +level = WARN handlers = file, console propagate=1 @@ -227,26 +227,26 @@ formatter = generic [handler_file] class = endi.log.CustomFileHandler -args = ('logfile.log','a') +args = ('/var/log/__APP__/logfile.log','a') level = INFO formatter = generic [handler_celery_file] class = endi.log.CustomFileHandler -args = ('celery.log','a') +args = ('/var/log/__APP__/celery.log','a') level = INFO formatter = generic [handler_warnfile] class = endi.log.CustomFileHandler -args = ('warnlogfile.log','a') +args = ('/var/log/__APP__/warnlogfile.log','a') level = WARN formatter = generic [handler_sqlfile] class = FileHandler -args = ('sql.log','a') +args = ('/var/log/__APP__/sql.log','a') level = INFO formatter = sqlfile diff --git a/scripts/install b/scripts/install index b4230f8..5220263 100755 --- a/scripts/install +++ b/scripts/install @@ -136,7 +136,7 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1 ynh_add_config --template="endi.ini" --destination="$final_path/endi.ini" -chmod 400 "$final_path/endi.ini" +chmod 500 "$final_path/endi.ini" chown $app:$app "$final_path/endi.ini" #================================================= @@ -162,14 +162,6 @@ __ynh_endi_add_admin #================================================= ynh_script_progression --message="Configuring log rotation..." --weight=1 -### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. -### Use this helper only if there is effectively a log file for this app. -### If you're not using this helper: -### - Remove the section "BACKUP LOGROTATE" in the backup script -### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script -### - And the section "SETUP LOGROTATE" in the upgrade script - # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -178,55 +170,20 @@ ynh_use_logrotate #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -### `yunohost service add` integrates a service in YunoHost. It then gets -### displayed in the admin interface and through the others `yunohost service` commands. -### (N.B.: this line only makes sense if the app adds a service to the system!) -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script -### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script -### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script - -yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" - -### Additional options starting with 3.8: -### -### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed -### which will then be checked by YunoHost's diagnosis system -### (N.B. DO NOT USE THIS is the port is only internal!!!) -### -### --test_status "some command" a custom command to check the status of the service -### (only relevant if 'systemctl status' doesn't do a good job) -### -### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service -### -### Re-calling 'yunohost service add' during the upgrade script is the right way -### to proceed if you later realize that you need to enable some flags that -### weren't enabled on old installs (be careful it'll override the existing -### service though so you should re-provide all relevant flags when doing so) +yunohost service add $app --description="enDI, logiciel de comptabilité pour CAE" --log="/var/log/$app/logfile.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -### `ynh_systemd_action` is used to start a systemd service for an app. -### Only needed if you have configure a systemd service -### If you're not using these lines: -### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script -### - As well as the section "START SYSTEMD SERVICE" in the restore script -### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script -### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script - -# Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/logfile.log" #================================================= # SETUP FAIL2BAN #================================================= # ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 - -# # Create a dedicated Fail2Ban config +# TODO: upstream patch to provide usable information for fail2ban # ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" #================================================= @@ -242,17 +199,9 @@ then ynh_permission_update --permission="main" --add="visitors" fi -### N.B. : the following extra permissions only make sense if your app -### does have for example an admin interface or an API. - # Only the admin can access the admin panel of the app (if the app has an admin panel) ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin -# Everyone can access the API part -# We don't want to display the tile in the SSO so we put --show_tile="false" -# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true" -ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" - #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/remove b/scripts/remove index d1bb0dc..d3afd37 100755 --- a/scripts/remove +++ b/scripts/remove @@ -21,7 +21,6 @@ port=$(ynh_app_setting_get --app=$app --key=port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name final_path=$(ynh_app_setting_get --app=$app --key=final_path) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # STANDARD REMOVE @@ -76,17 +75,6 @@ ynh_script_progression --message="Removing app main directory..." --weight=1 # Remove the app directory securely ynh_secure_remove --file="$final_path" -#================================================= -# REMOVE DATA DIR -#================================================= - -# Remove the data directory if --purge option is used -if [ "${YNH_APP_PURGE:-0}" -eq 1 ] -then - ynh_script_progression --message="Removing app data directory..." --weight=1 - ynh_secure_remove --file="$datadir" -fi - #================================================= # REMOVE NGINX CONFIGURATION #================================================= @@ -103,22 +91,12 @@ ynh_script_progression --message="Removing dependencies..." --weight=1 # Remove metapackage and its dependencies ynh_remove_app_dependencies -#================================================= -# CLOSE A PORT -#================================================= - -if yunohost firewall list | grep -q "\- $port$" -then - ynh_script_progression --message="Closing port $port..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow TCP $port -fi - #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= # ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 -# # Remove the dedicated Fail2Ban config +# TODO: # ynh_remove_fail2ban_config #=================================================