mirror of
https://github.com/YunoHost-Apps/wekan_ynh.git
synced 2024-09-03 20:36:09 +02:00
implement mongodb_auth
This commit is contained in:
yalh76
parent
4c0ea112fa
commit
a707ad23ce
8 changed files with 147 additions and 40 deletions
|
|
@ -10,7 +10,7 @@ __YNH_NODE_LOAD_PATH__
|
|||
#DEBUG=true
|
||||
#---------------------------------------------
|
||||
# URL of the mongodb
|
||||
MONGO_URL=mongodb://127.0.0.1:27017/__DB_NAME__
|
||||
MONGO_URL=mongodb://__DB_USER__:__DB_PWD__@127.0.0.1:27017/__DB_NAME__
|
||||
#---------------------------------------------
|
||||
# ROOT_URL EXAMPLES FOR WEBSERVERS: https://github.com/wekan/wekan/wiki/Settings
|
||||
# Production: https://example.com/wekan
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
"en": "Trello-like kanban",
|
||||
"fr": "Un kanban similaire à Trello"
|
||||
},
|
||||
"version": "4.09~ynh1",
|
||||
"version": "4.09~ynh2",
|
||||
"url": "https://wekan.io",
|
||||
"license": "MIT",
|
||||
"maintainer": [
|
||||
|
|
|
|||
|
|
@ -62,6 +62,8 @@ ynh_backup --src_path="/etc/systemd/system/$app.service"
|
|||
#=================================================
|
||||
ynh_print_info --message="Backing up the MongoDB database..."
|
||||
|
||||
ynh_mongo_test_if_first_run
|
||||
|
||||
ynh_mongo_dump_db --database="$db_name" > ./dump.bson
|
||||
|
||||
#=================================================
|
||||
|
|
|
|||
|
|
@ -92,15 +92,14 @@ fi
|
|||
#=================================================
|
||||
ynh_script_progression --message="Creating a MongoDB database..."
|
||||
|
||||
# Start mongodb
|
||||
systemctl enable $mongodb_servicename
|
||||
systemctl start $mongodb_servicename
|
||||
ynh_mongo_test_if_first_run
|
||||
|
||||
# Registering db name
|
||||
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
||||
db_user=$db_name
|
||||
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
||||
ynh_mongo_setup_db --db_user=$db_user --db_name=$db_name
|
||||
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
|
||||
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
|
|
@ -163,7 +162,6 @@ find "$final_path" -type d -print0 | xargs -0 chmod 750
|
|||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
|
||||
yunohost service add $app --description "Wekan daemon" --log_type "systemd"
|
||||
yunohost service add mongodb --description "MongoDB daemon" --log "/var/log/mongodb/mongodb.log"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
|
|
|
|||
|
|
@ -49,6 +49,8 @@ ynh_remove_systemd_config
|
|||
#=================================================
|
||||
ynh_script_progression --message="Removing the MongoDB database..."
|
||||
|
||||
ynh_mongo_test_if_first_run
|
||||
|
||||
# Remove a database if it exists, along with the associated user
|
||||
ynh_mongo_remove_db --db_user=$db_user --db_name=$db_name
|
||||
|
||||
|
|
|
|||
|
|
@ -102,9 +102,8 @@ fi
|
|||
#=================================================
|
||||
ynh_script_progression --message="Restoring the MongoDB database..."
|
||||
|
||||
# Start mongodb
|
||||
systemctl enable $mongodb_servicename
|
||||
systemctl start $mongodb_servicename
|
||||
ynh_mongo_test_if_first_run
|
||||
|
||||
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
|
||||
ynh_mongo_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
|
||||
ynh_mongo_restore_db --database="$db_name" < ./dump.bson
|
||||
|
|
@ -123,7 +122,6 @@ systemctl enable $app.service
|
|||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
|
||||
yunohost service add $app --description "Wekan daemon" --log_type "systemd"
|
||||
yunohost service add mongodb --description "MongoDB daemon" --log "/var/log/mongodb/mongodb.log"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
db_user=$db_name
|
||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
|
||||
#=================================================
|
||||
|
|
@ -109,7 +110,6 @@ if ynh_version_gt "1.07~ynh2" "${previous_version}" ; then
|
|||
ynh_remove_app_dependencies
|
||||
ynh_install_app_dependencies "mongodb mongodb-server"
|
||||
yunohost service add $app --description "Wekan daemon" --log_type "systemd"
|
||||
yunohost service add mongodb --description "MongoDB daemon" --log "/var/log/mongodb/mongodb.log"
|
||||
fi
|
||||
|
||||
if ynh_version_gt "2.56~ynh1" "${previous_version}" ; then
|
||||
|
|
@ -118,6 +118,14 @@ if ynh_version_gt "2.56~ynh1" "${previous_version}" ; then
|
|||
touch $config_file
|
||||
fi
|
||||
|
||||
if ynh_version_gt "4.09~ynh2" "${previous_version}" ; then
|
||||
|
||||
# Enabling MongoDB Authentication
|
||||
ynh_mongo_test_if_first_run
|
||||
|
||||
ynh_mongo_setup_db --db_user=$db_user --db_name=$db_name
|
||||
fi
|
||||
|
||||
# Create the permission "admin" only if it doesn't exist.
|
||||
if ! ynh_permission_exists --permission="admin"
|
||||
then
|
||||
|
|
|
|||
|
|
@ -1,13 +1,26 @@
|
|||
#!/bin/bash
|
||||
|
||||
MONGO_ROOT_PWD_FILE=/etc/yunohost/mongo
|
||||
MONGO_ROOT_USER=mongoadmin
|
||||
MONGO_VERSION=9.6
|
||||
MONGO_SERVICENAME_STRETCH="mongodb"
|
||||
MONGO_SERVICENAME_BUSTER="mongod"
|
||||
MONGO_DEPENDENCIES_STRETCH="mongodb mongodb-server mongo-tools"
|
||||
MONGO_DEPENDENCIES_BUSTER="mongodb-org mongodb-org-server mongodb-org-tools"
|
||||
MONGO_CONFIG_STRETCH="/etc/mongodb.conf"
|
||||
MONGO_CONFIG_BUSTER="/etc/mongod.conf"
|
||||
MONGO_REPO_BUSTER="deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.2 main"
|
||||
MONGO_KEY_BUSTER="https://www.mongodb.org/static/pgp/server-4.2.asc"
|
||||
|
||||
# Evaluate a mongo command
|
||||
#
|
||||
# example: ynh_mongo_eval_as --command='db.getMongo().getDBNames().indexOf("wekan")'
|
||||
# example: ynh_mongo_eval_as --command="db.getMongo().getDBNames().indexOf(\"wekan\")"
|
||||
#
|
||||
# usage: ynh_mongo_eval_as [--user=user] [--password=password] [--database=database] [--host=host] [--port=port] --command="command"
|
||||
# usage: ynh_mongo_eval_as [--user=user] [--password=password] [--authenticationdatabase=authenticationdatabase] [--database=database] [--host=host] [--port=port] --command="command"
|
||||
# | arg: -u, --user= - the user name to connect as
|
||||
# | arg: -p, --password= - the user password
|
||||
# | arg: -d, --authenticationdatabase= - the authenticationdatabase to connect to
|
||||
# | arg: -d, --database= - the database to connect to
|
||||
# | arg: -h, --host= - the host to connect to
|
||||
# | arg: -P, --port= - the port to connect to
|
||||
|
|
@ -16,10 +29,11 @@
|
|||
#
|
||||
ynh_mongo_eval_as() {
|
||||
# Declare an array to define the options of this helper.
|
||||
local legacy_args=updhPc
|
||||
local -A args_array=( [u]=user= [p]=password= [d]=database= [h]=host= [P]=port= [c]=command= )
|
||||
local legacy_args=upadhPc
|
||||
local -A args_array=( [u]=user= [p]=password= [a]=authenticationdatabase= [d]=database= [h]=host= [P]=port= [c]=command= )
|
||||
local user
|
||||
local password
|
||||
local authenticationdatabase
|
||||
local database
|
||||
local host
|
||||
local port
|
||||
|
|
@ -28,6 +42,7 @@ ynh_mongo_eval_as() {
|
|||
ynh_handle_getopts_args "$@"
|
||||
user="${user:-}"
|
||||
password="${password:-}"
|
||||
authenticationdatabase="${authenticationdatabase:-}"
|
||||
database="${database:-}"
|
||||
host="${host:-}"
|
||||
port="${port:-}"
|
||||
|
|
@ -43,13 +58,23 @@ ynh_mongo_eval_as() {
|
|||
password="--password=$password"
|
||||
fi
|
||||
|
||||
# If database is provided
|
||||
if [ -n "$database" ]
|
||||
# If authenticationdatabase is provided
|
||||
if [ -n "$authenticationdatabase" ]
|
||||
then
|
||||
database="--authenticationDatabase=$database"
|
||||
authenticationdatabase="--authenticationDatabase=$authenticationdatabase"
|
||||
else
|
||||
authenticationdatabase="--authenticationDatabase=admin"
|
||||
fi
|
||||
else
|
||||
password=""
|
||||
authenticationdatabase=""
|
||||
fi
|
||||
|
||||
# If database is provided
|
||||
if [ -n "$database" ]
|
||||
then
|
||||
database="use $database"
|
||||
else
|
||||
database=""
|
||||
fi
|
||||
|
||||
|
|
@ -65,24 +90,31 @@ ynh_mongo_eval_as() {
|
|||
port="--port=$port"
|
||||
fi
|
||||
|
||||
mongo --quiet $user $password $database $host $port --eval="$command"
|
||||
mongo --quiet $user $password $authenticationdatabase $host $port <<EOF
|
||||
$database
|
||||
${command}
|
||||
quit()
|
||||
EOF
|
||||
}
|
||||
|
||||
# Create a database and grant optionnaly privilegies to a user
|
||||
# Evaluate a mongo command as root user
|
||||
#
|
||||
# [internal]
|
||||
# usage: ynh_mongo_eval_as_root [--database=database] --command="command"
|
||||
# | arg: -d, --database= - the database to connect to
|
||||
# | arg: -c, --command= - the command to evaluate
|
||||
#
|
||||
# usage: ynh_mongo_create_db db_name [db_user]
|
||||
# | arg: db_name - the database name to create
|
||||
# | arg: db_user - the user to grant privilegies
|
||||
#
|
||||
#
|
||||
ynh_mongo_create_db() {
|
||||
local db_name=$1
|
||||
local db_user=$2
|
||||
# Requires YunoHost version 3.5.0 or higher.
|
||||
ynh_mongo_eval_as_root() {
|
||||
# Declare an array to define the options of this helper.
|
||||
local legacy_args=cd
|
||||
local -A args_array=([d]=database= [c]=command=)
|
||||
local command
|
||||
local database
|
||||
# Manage arguments with getopts
|
||||
ynh_handle_getopts_args "$@"
|
||||
database="${database:-}"
|
||||
|
||||
# Set the user as admin of the db
|
||||
ynh_mongo_eval_as --database="$db_name" --command='db.grantRolesToUser("'${db_user}'",[{ role: "clusterMonitor", db: "admin" }]);'
|
||||
ynh_mongo_eval_as --user="$MONGO_ROOT_USER" --password="$(cat $MONGO_ROOT_PWD_FILE)" --authenticationdatabase=admin --database="$database" --command="$command"
|
||||
}
|
||||
|
||||
# Drop a database
|
||||
|
|
@ -97,7 +129,7 @@ ynh_mongo_create_db() {
|
|||
#
|
||||
#
|
||||
ynh_mongo_drop_db() {
|
||||
ynh_mongo_eval_as --database="${1}" --command='db.runCommand({dropDatabase: 1})'
|
||||
ynh_mongo_eval_as_root --database="${1}" --command='db.runCommand({dropDatabase: 1})'
|
||||
}
|
||||
|
||||
# Dump a database
|
||||
|
|
@ -124,13 +156,26 @@ ynh_mongo_dump_db() {
|
|||
#
|
||||
# [internal]
|
||||
#
|
||||
# usage: ynh_mongo_create_user user pwd [host]
|
||||
# | arg: user - the user name to create
|
||||
# | arg: pwd - the password to identify user by
|
||||
# usage: ynh_mongo_create_user --db_user=user --db_pwd=pwd --db_name=name
|
||||
# | arg: -u, --db_user= - the user to grant privilegies
|
||||
# | arg: -p, --db_pwd= - the password to identify user by
|
||||
# | arg: -n, --db_name=- the database name to grant privilegies
|
||||
#
|
||||
#
|
||||
ynh_mongo_create_user() {
|
||||
ynh_mongo_eval_as --command='db.createUser( { user: "'${1}'", pwd: "'${2}'", roles: [ "readWrite" ] } );'
|
||||
# Declare an array to define the options of this helper.
|
||||
local legacy_args=unp
|
||||
local -A args_array=( [u]=db_user= [n]=db_name= [p]=db_pwd= )
|
||||
local db_user
|
||||
local db_name
|
||||
local db_pwd
|
||||
# Manage arguments with getopts
|
||||
ynh_handle_getopts_args "$@"
|
||||
|
||||
# Create the user
|
||||
ynh_mongo_eval_as_root --database="$db_name" --command='db.createUser( { user: "'${db_user}'", pwd: "'${db_pwd}'", roles: [ { role: "readWrite", db: "'${db_name}'" } ] } );'
|
||||
# Set the user as admin of the db
|
||||
ynh_mongo_eval_as_root --database="$db_name" --command='db.grantRolesToUser("'${db_user}'",[{ role: "clusterMonitor", db: "admin" }]);'
|
||||
}
|
||||
|
||||
# Check if a mongo database exists
|
||||
|
|
@ -148,7 +193,7 @@ ynh_mongo_database_exists() {
|
|||
# Manage arguments with getopts
|
||||
ynh_handle_getopts_args "$@"
|
||||
|
||||
if [ $(ynh_mongo_eval_as --command='db.getMongo().getDBNames().indexOf("'${database}'")') -lt 0 ]
|
||||
if [ $(ynh_mongo_eval_as_root --command='db.getMongo().getDBNames().indexOf("'${database}'")') -lt 0 ]
|
||||
then
|
||||
return 0
|
||||
else
|
||||
|
|
@ -184,7 +229,7 @@ ynh_mongo_restore_db() {
|
|||
#
|
||||
#
|
||||
ynh_mongo_drop_user() {
|
||||
ynh_mongo_eval_as --command='db.dropUser("'${1}'", {w: "majority", wtimeout: 5000})'
|
||||
ynh_mongo_eval_as_root --command='db.dropUser("'${1}'", {w: "majority", wtimeout: 5000})'
|
||||
}
|
||||
|
||||
# Create a database, an user and its password. Then store the password in the app's config
|
||||
|
|
@ -212,10 +257,9 @@ ynh_mongo_setup_db() {
|
|||
# If $db_pwd is not provided, use new_db_pwd instead for db_pwd
|
||||
db_pwd="${db_pwd:-$new_db_pwd}"
|
||||
|
||||
ynh_mongo_create_user "$db_user" "$db_pwd" # Create the user
|
||||
ynh_mongo_create_user --db_user="$db_user" --db_pwd="$db_pwd" --db_name="$db_name"
|
||||
|
||||
ynh_mongo_create_db "$db_name" "$db_user" # Create the database
|
||||
ynh_app_setting_set --app=$app --key=mongopwd --value=$db_pwd # Store the password in the app's config
|
||||
ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd # Store the password in the app's config
|
||||
}
|
||||
|
||||
# Remove a database if it exists, and the associated user
|
||||
|
|
@ -244,3 +288,58 @@ ynh_mongo_remove_db() {
|
|||
# Remove mongo user if it exists
|
||||
ynh_mongo_drop_user $db_user
|
||||
}
|
||||
|
||||
# Create a master password and set up global settings
|
||||
# It also make sure that MongoDB is installed and running
|
||||
# Please always call this script in install and restore scripts
|
||||
#
|
||||
# usage: ynh_mongo_test_if_first_run
|
||||
#
|
||||
# Requires YunoHost version 2.7.13 or higher.
|
||||
ynh_mongo_test_if_first_run() {
|
||||
|
||||
# Make sure Mongodb is indeed installed
|
||||
dpkg --list | grep -q "ii mongodb.*server" || ynh_die "postgresql-$mongo_VERSION is not installed !?"
|
||||
|
||||
# Define Mongo Service Name
|
||||
if [ "$(lsb_release --codename --short)" = "buster" ]; then
|
||||
MONGODB_SERVICENAME=$MONGO_SERVICENAME_BUSTER
|
||||
else
|
||||
MONGODB_SERVICENAME=$MONGO_SERVICENAME_STRETCH
|
||||
fi
|
||||
# Make sure MongoDB is started and enabled
|
||||
systemctl is-enabled $MONGODB_SERVICENAME -q || systemctl enable $MONGODB_SERVICENAME --quiet
|
||||
systemctl is-active $MONGODB_SERVICENAME -q || ynh_systemd_action --service_name=$MONGODB_SERVICENAME --action=restart
|
||||
|
||||
# If this is the very first time, we define the root password
|
||||
# and configure a few things
|
||||
if [ ! -f "$MONGO_ROOT_PWD_FILE" ]
|
||||
then
|
||||
local mongo_root_password="$(ynh_string_random)"
|
||||
echo "$mongo_root_password" >$MONGO_ROOT_PWD_FILE
|
||||
sleep 10
|
||||
ynh_mongo_eval_as --database=admin --command='db.createUser( { user: "'${MONGO_ROOT_USER}'", pwd: "'${mongo_root_password}'", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } );'
|
||||
|
||||
ynh_systemd_action --service_name=$MONGODB_SERVICENAME --action=stop
|
||||
# Enable access control
|
||||
if [ "$(lsb_release --codename --short)" = "buster" ]; then
|
||||
ynh_replace_string --match_string="#security:" --replace_string="security:\n authorization: enabled" --target_file="$MONGO_CONFIG_BUSTER"
|
||||
else
|
||||
ynh_replace_string --match_string="#auth = true" --replace_string="auth = true" --target_file="$MONGO_CONFIG_STRETCH"
|
||||
fi
|
||||
ynh_systemd_action --service_name=$MONGODB_SERVICENAME --action=start
|
||||
sleep 10
|
||||
|
||||
# Integrate MongoDB service in yunohost
|
||||
yunohost service add $MONGODB_SERVICENAME --description "MongoDB daemon" --log "/var/log/mongodb/$MONGODB_SERVICENAME.log"
|
||||
fi
|
||||
}
|
||||
|
||||
ynh_mongo_install() {
|
||||
# Define Mongo Service Name
|
||||
if [ "$(lsb_release --codename --short)" = "buster" ]; then
|
||||
ynh_install_extra_app_dependencies --repo="$MONGO_REPO_BUSTER" --package="$MONGO_DEPENDENCIES_BUSTER" --key="$MONGO_KEY_BUSTER"
|
||||
else
|
||||
ynh_install_app_dependencies $MONGO_DEPENDENCIES_STRETCH
|
||||
fi
|
||||
}
|
||||
Loading…
Add table
Reference in a new issue