From 56e40ac3a10e89a106418695268dec271a04ebb2 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Wed, 25 Mar 2020 20:46:16 +0100 Subject: [PATCH] Actions and config-panel --- actions.toml | 45 +++++++++ config_panel.toml | 65 +++++++++++++ manifest.json | 2 +- scripts/actions/create_database | 64 +++++++++++++ scripts/actions/public_private | 74 +++++++++++++++ scripts/actions/remove_database | 50 ++++++++++ scripts/actions/sftp | 73 +++++++++++++++ scripts/config | 159 ++++++++++++++++++++++++++++++++ scripts/install | 2 + scripts/upgrade | 29 ++++-- 10 files changed, 556 insertions(+), 7 deletions(-) create mode 100644 actions.toml create mode 100644 config_panel.toml create mode 100755 scripts/actions/create_database create mode 100755 scripts/actions/public_private create mode 100755 scripts/actions/remove_database create mode 100755 scripts/actions/sftp create mode 100644 scripts/config diff --git a/actions.toml b/actions.toml new file mode 100644 index 0000000..32d6c58 --- /dev/null +++ b/actions.toml @@ -0,0 +1,45 @@ +[sftp] +name = "Enable or disable the sftp access" +command = "/bin/bash scripts/actions/sftp" +# user = "root" # optional +# cwd = "/" # optional +# accepted_return_codes = [0, 1, 2, 3] # optional +accepted_return_codes = [0] + + [sftp.arguments] + [sftp.arguments.with_sftp] + type = "boolean" + ask = "Do you need a SFTP access?" + default = true + +[public_private] +name = "Move to public or private" +command = "/bin/bash scripts/actions/public_private" +# user = "root" # optional +# cwd = "/" # optional +# accepted_return_codes = [0, 1, 2, 3] # optional +accepted_return_codes = [0] +description = "Change the public access of the app." + + [public_private.arguments] + [public_private.arguments.is_public] + type = "boolean" + ask = "Is it a public app ?" + default = true + +[create_database] +name = "Create a database" +command = "/bin/bash scripts/actions/create_database" +# user = "root" # optional +# cwd = "/" # optional +# accepted_return_codes = [0, 1, 2, 3] # optional +accepted_return_codes = [0] +description = "Create a database or replace a previous one." + +[remove_database] +name = "Remove a database" +command = "/bin/bash scripts/actions/remove_database" +# user = "root" # optional +# cwd = "/" # optional +# accepted_return_codes = [0, 1, 2, 3] # optional +accepted_return_codes = [0] diff --git a/config_panel.toml b/config_panel.toml new file mode 100644 index 0000000..3ce3d75 --- /dev/null +++ b/config_panel.toml @@ -0,0 +1,65 @@ +version = "0.1" +name = "My webapp configuration panel" + +[main] +name = "My webapp configuration" + + [main.sftp] + name = "SFTP access" + + [main.sftp.sftp] + ask = "Do you need a SFTP access ?" + type = "boolean" + default = true + + [main.sftp.password] + ask = "Set a password for the SFTP access. ≥ 5 character" + type = "password" + optional = true + help = "If a password already exist, it will not be replaced." + + [main.is_public] + name = "Public access" + + [main.is_public.is_public] + ask = "Is it a public website ?" + type = "boolean" + default = true + + + [main.overwrite_files] + name = "Overwriting config files" + + [main.overwrite_files.overwrite_nginx] + ask = "Overwrite the nginx config file ?" + type = "boolean" + default = false + help = "If the file is overwritten, a backup will be created." + + [main.overwrite_files.overwrite_phpfpm] + ask = "Overwrite the php-fpm config file ?" + type = "boolean" + default = true + help = "If the file is overwritten, a backup will be created." + + + [main.php_fpm_config] + name = "PHP-FPM configuration" + + [main.php_fpm_config.footprint] + ask = "Memory footprint of the service ?" + choices = ["low", "medium", "high", "specific"] + default = "low" + help = "low <= 20Mb per pool. medium between 20Mb and 40Mb per pool. high > 40Mb per pool.
Use specific to set a value with the following option." + + [main.php_fpm_config.free_footprint] + ask = "Memory footprint of the service ?" + type = "number" + default = "0" + help = "Free field to specify exactly the footprint in Mb if you don't want to use one of the three previous values." + + [main.php_fpm_config.usage] + ask = "Expected usage of the service ?" + choices = ["low", "medium", "high"] + default = "low" + help = "low: Personal usage, behind the sso. No RAM footprint when not used, but the impact on the processor can be high if many users are using the service.
medium: Low usage, few people or/and publicly accessible. Low RAM footprint, medium processor footprint when used.
high: High usage, frequently visited website. High RAM footprint, but lower on processor usage and quickly responding." diff --git a/manifest.json b/manifest.json index 8ad12ff..2ce99c7 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "apps@yunohost.org" }, "requirements": { - "yunohost": ">= 3.5.0" + "yunohost": ">= 3.6.0" }, "multi_instance": true, "services": [ diff --git a/scripts/actions/create_database b/scripts/actions/create_database new file mode 100755 index 0000000..f8ddb6f --- /dev/null +++ b/scripts/actions/create_database @@ -0,0 +1,64 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} + +#================================================= +# CHECK IF ARGUMENTS ARE CORRECT +#================================================= + +#================================================= +# CHECK IF AN ACTION HAS TO BE DONE +#================================================= + +#================================================= +# SPECIFIC ACTION +#================================================= +# REMOVE THE PREVIOUS DATABASE +#================================================= +ynh_script_progression --message="Removing the previous database..." --weight=6 + +if [ $with_mysql -eq 1 ] +then + yunohost app action run $app remove_database +fi + +#================================================= +# CREATE A NEW DATABASE +#================================================= +ynh_script_progression --message="Creating a new database..." --weight=4 + +db_name=$(ynh_sanitize_dbid --db_name=$app) + +# Reuse the previous password if existing +db_pwd=$(grep "pass:" "$final_path/db_access.txt" | cut -d' ' -f2 2> /dev/null) + +ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd + +echo -e "# MySQL Database + name: ${db_name}\nuser: ${db_name}\npass: ${db_pwd}" > "$final_path/db_access.txt" + +# Update the config of the app +ynh_app_setting_set --app=$app --key=with_mysql --value=1 +ynh_app_setting_set --app=$app --key=db_name --value=$db_name + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Execution completed" --last diff --git a/scripts/actions/public_private b/scripts/actions/public_private new file mode 100755 index 0000000..778a6a3 --- /dev/null +++ b/scripts/actions/public_private @@ -0,0 +1,74 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +# Get is_public +is_public=${YNH_ACTION_IS_PUBLIC} + +app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} + +#================================================= +# CHECK IF ARGUMENTS ARE CORRECT +#================================================= + +#================================================= +# CHECK IF AN ACTION HAS TO BE DONE +#================================================= + +is_public_old=$(ynh_app_setting_get --app=$app --key=is_public) + +if [ $is_public -eq $is_public_old ] +then + ynh_die --message="is_public is already set as $is_public." --ret_code=0 +fi + +#================================================= +# SPECIFIC ACTION +#================================================= +# MOVE TO PUBLIC OR PRIVATE +#================================================= + +if [ $is_public -eq 0 ]; then + public_private="private" +else + public_private="public" +fi +ynh_script_progression --message="Moving the application to $public_private..." --weight=3 + +if [ $is_public -eq 0 ] +then + ynh_app_setting_delete --app=$app --key=skipped_uris +else + ynh_app_setting_set --app=$app --key=skipped_uris --value="/" +fi + +ynh_script_progression --message="Upgrading SSOwat configuration..." +# Regen ssowat configuration +yunohost app ssowatconf + +# Update the config of the app +ynh_app_setting_set --app=$app --key=is_public --value=$is_public + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading nginx web server..." + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Execution completed" --last diff --git a/scripts/actions/remove_database b/scripts/actions/remove_database new file mode 100755 index 0000000..d7c4477 --- /dev/null +++ b/scripts/actions/remove_database @@ -0,0 +1,50 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +with_mysql=$(ynh_app_setting_get --app=$app --key=with_mysql) + +app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} + +#================================================= +# CHECK IF ARGUMENTS ARE CORRECT +#================================================= + +#================================================= +# CHECK IF AN ACTION HAS TO BE DONE +#================================================= + +if [ $with_mysql -eq 0 ] +then + ynh_die --message="There's no database to remove." --ret_code=0 +fi + +#================================================= +# SPECIFIC ACTION +#================================================= +# REMOVE THE DATABASE +#================================================= +ynh_script_progression --message="Removing the database..." --weight=9 + +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +ynh_mysql_remove_db --db_user=$db_name --db_name=$db_name + +# Update the config of the app +ynh_app_setting_set --app=$app --key=with_mysql --value=0 + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Execution completed" --last diff --git a/scripts/actions/sftp b/scripts/actions/sftp new file mode 100755 index 0000000..da2aede --- /dev/null +++ b/scripts/actions/sftp @@ -0,0 +1,73 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} + +with_sftp=${YNH_ACTION_WITH_SFTP} +user=$(ynh_app_setting_get --app=$app --key=user) + +#================================================= +# CHECK IF ARGUMENTS ARE CORRECT +#================================================= + +#================================================= +# CHECK IF AN ACTION HAS TO BE DONE +#================================================= + +with_sftp_old=$(ynh_app_setting_get --app=$app --key=with_sftp) + +if [ $with_sftp -eq $with_sftp_old ] +then + ynh_die --message="with_sftp is already set as $with_sftp." --ret_code=0 +fi + +#================================================= +# SPECIFIC ACTION +#================================================= +# MOVE TO PUBLIC OR PRIVATE +#================================================= + +if [ $with_sftp -eq 1 ] +then + ynh_script_progression --message="Configuring ssh to add a SFTP access..." --weight=3 + + cp -R conf/ssh_regenconf_hook /usr/share/yunohost/hooks/conf_regen/90-ssh_$app + + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app + ynh_replace_string --match_string="__USER__" --replace_string="$user" --target_file=/usr/share/yunohost/hooks/conf_regen/90-ssh_$app + yunohost tools regen-conf ssh +else + ynh_script_progression --message="Removing the custom ssh config for the SFTP access..." --weight=3 + + sed -i "/##-> ${app}/,/##<- ${app}/d" /etc/ssh/sshd_config + # Remove regen-conf hook + ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/90-ssh_$app" +fi + +# Update the config of the app +ynh_app_setting_set --app=$app --key=with_sftp --value=$with_sftp + +#================================================= +# RELOAD SSH +#================================================= +ynh_script_progression --message="Reloading SSH..." + +ynh_systemd_action --service_name=ssh --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Execution completed" --last diff --git a/scripts/config b/scripts/config new file mode 100644 index 0000000..94463cd --- /dev/null +++ b/scripts/config @@ -0,0 +1,159 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} + +#================================================= +# SPECIFIC CODE +#================================================= +# LOAD VALUES +#================================================= + +# Load the real value from the app config or elsewhere. +# Then get the value from the form. +# If the form has a value for a variable, take the value from the form, +# Otherwise, keep the value from the app config. + +# with_sftp +old_with_sftp="$(ynh_app_setting_get --app=$app --key=with_sftp)" +with_sftp="${YNH_CONFIG_MAIN_SFTP_SFTP:-$old_with_sftp}" + +# sftp password +is_password_exist=0 +ynh_print_OFF; password=$(ynh_app_setting_get --app=$app --key=password) +if [ -n "$password" ] +then + ynh_print_warn --memssage="A password already exist, it will not be replaced." + # If a password already exist, unset the variable password and to not change it. + unset password + is_password_exist=1 +else + # Otherwise, get the new password + password="$YNH_CONFIG_MAIN_SFTP_PASSWORD" +fi +ynh_print_ON + + +# is_public +old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)" +is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}" + + +# Overwrite nginx configuration +old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)" +overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}" + +# Overwrite php-fpm configuration +old_overwrite_phpfpm="$(ynh_app_setting_get --app=$app --key=overwrite_phpfpm)" +overwrite_phpfpm="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_PHPFPM:-$old_overwrite_phpfpm}" + + +# Footprint for php-fpm +old_fpm_footprint="$(ynh_app_setting_get --app=$app --key=fpm_footprint)" +fpm_footprint="${YNH_CONFIG_MAIN_PHP_FPM_CONFIG_FOOTPRINT:-$old_fpm_footprint}" + +# Free footprint value for php-fpm +# Check if fpm_footprint is an integer +if [ "$fpm_footprint" -eq "$fpm_footprint" ] 2> /dev/null +then + # If fpm_footprint is an integer, that's a numeric value for the footprint + old_free_footprint=$fpm_footprint +else + old_free_footprint=0 +fi +free_footprint="${YNH_CONFIG_MAIN_PHP_FPM_CONFIG_FREE_FOOTPRINT:-$old_free_footprint}" + +# Usage for php-fpm +old_fpm_usage="$(ynh_app_setting_get --app=$app --key=fpm_usage)" +fpm_usage="${YNH_CONFIG_MAIN_PHP_FPM_CONFIG_USAGE:-$old_fpm_usage}" + +#================================================= +# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND +#================================================= + +show_config() { + # here you are supposed to read some config file/database/other then print the values + # ynh_return "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value" + ynh_return "YNH_CONFIG_MAIN_SFTP_SFTP=$with_sftp" +# ynh_print_OFF; ynh_return "YNH_CONFIG_MAIN_SFTP_PASSWORD=$password"; ynh_print_ON + + ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public" + + ynh_return "YNH_CONFIG_MAIN_PHP_FPM_CONFIG_FOOTPRINT=$fpm_footprint" + ynh_return "YNH_CONFIG_MAIN_PHP_FPM_CONFIG_FREE_FOOTPRINT=$free_footprint" + ynh_return "YNH_CONFIG_MAIN_PHP_FPM_CONFIG_USAGE=$fpm_usage" +} + +#================================================= +# MODIFY THE CONFIGURATION +#================================================= + +apply_config() { + # Change public accessibility + if [ "$is_public" = "1" ] + then + yunohost app action run $app public_private --args is_public=1 + else + yunohost app action run $app public_private --args is_public=0 + fi + + #================================================= + # REMOVE OR ADD SFTP ACCESS + #================================================= + + if [ "$with_sftp" != "$old_with_sftp" ] + then + yunohost app action run $app sftp --args with_sftp=$with_sftp + + # Change the password only if none was already set for the user + if [ $is_password_exist -eq 0 ] && [ $with_sftp -eq 1 ] + then + # Check password strength + if [ ${#password} -le 5 ] + then + ynh_print_err --message="The password is too weak, it must be longer than 5 characters." + # Disable the sftp access, as the password is incorrect + yunohost app action run $app sftp --args with_sftp=0 + else + user=$(ynh_app_setting_get --app=$app --key=user) + # Add the password to the user + ynh_print_OFF + chpasswd <<< "${user}:${password}" + ynh_app_setting_set --app=$app --key=password --value="$password" + ynh_print_ON + fi + fi + fi + + #================================================= + # RECONFIGURE PHP-FPM + #================================================= + + if [ "$fpm_usage" != "$old_fpm_usage" ] || [ "$fpm_footprint" != "$old_fpm_footprint" ] + then + ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint + fi +} + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SELECT THE ACTION FOLLOWING THE GIVEN ARGUMENT +#================================================= + +case $1 in + show) show_config;; + apply) apply_config;; +esac diff --git a/scripts/install b/scripts/install index b1bdd3f..facdddb 100644 --- a/scripts/install +++ b/scripts/install @@ -66,6 +66,8 @@ ynh_app_setting_set --app=$app --key=with_sftp --value=$with_sftp ynh_app_setting_set --app=$app --key=user --value=$user ynh_app_setting_set --app=$app --key=final_path --value=$final_path +ynh_app_setting_set --app=$app --key=overwrite_nginx --value=0 +ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=1 ynh_app_setting_set --app=$app --key=admin_mail_html --value=1 #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 1a97251..67714ca 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -27,6 +27,8 @@ password=$(ynh_app_setting_get --app=$app --key=password) with_sftp=$(ynh_app_setting_get --app=$app --key=with_sftp) user=$(ynh_app_setting_get --app=$app --key=user) +overwrite_nginx=$(ynh_app_setting_get --app=$app --key=overwrite_nginx) +overwrite_phpfpm=$(ynh_app_setting_get --app=$app --key=overwrite_phpfpm) admin_mail_html=$(ynh_app_setting_get --app=$app --key=admin_mail_html) fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) @@ -58,6 +60,23 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# If overwrite_nginx doesn't exist, create it +if [ -z "$overwrite_nginx" ]; then + overwrite_nginx=0 + ynh_app_setting_set --app=$app --key=overwrite_nginx --value=$overwrite_nginx +fi + +# If overwrite_phpfpm doesn't exist, create it +if [ -z "$overwrite_phpfpm" ]; then + overwrite_phpfpm=1 + ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=$overwrite_phpfpm +fi + +# If admin_mail_html doesn't exist, create it +if [ -z "$admin_mail_html" ]; then + admin_mail_html=1 + ynh_app_setting_set --app=$app --key=admin_mail_html --value=$admin_mail_html +fi # If fpm_footprint doesn't exist, create it if [ -z "$fpm_footprint" ]; then @@ -104,9 +123,8 @@ path_url=$(ynh_normalize_url_path --path_url=$path_url) # NGINX CONFIGURATION #================================================= -modified_config=$(ynh_backup_if_checksum_is_different --file="/etc/nginx/conf.d/$domain.d/$app.conf") -# Replace nginx config only if it wasn't modified. -if [ -z "$modified_config" ] +# Overwrite the nginx configuration only if it's allowed +if [ $overwrite_nginx -eq 1 ] then ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=2 @@ -136,9 +154,8 @@ usermod -g "$user" "$user" # PHP-FPM CONFIGURATION #================================================= -modified_config=$(ynh_backup_if_checksum_is_different --file="/etc/php/7.0/fpm/pool.d/$app.conf") -# Replace nginx config only if it wasn't modified. -if [ -z "$modified_config" ] +# Overwrite the php-fpm configuration only if it's allowed +if [ $overwrite_phpfpm -eq 1 ] then ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=2