diff --git a/README.MD b/README.MD index 8a78446..768124e 100644 --- a/README.MD +++ b/README.MD @@ -1,42 +1,39 @@ -# Scripts de gestion et mise en place des serveurs de demo Yunohost sous LXC +# Installation and management scripts for YunoHost demo servers using LXD -## Prérequis -* `apt install sudo git nginx -y` -* register a dns name to your demo server and make you demo server available from internet for TCP/80 and TCP/443 +## Requirements +* A debian server +* Register a dns name to your demo server and make you demo server available from internet for TCP/80 and TCP/443 ## demo_lxc_build_init -Ce script prépare le serveur hôte à recevoir les conteneurs LXC de demo. -Il doit être exécuté une seule fois et en premier. +This script will install YunoHost and the app yunohost_demo_ynh ## demo_lxc_build -Ce script construit les conteneurs de demo et les paramètres. -Il met également en places les crons et démarre le 1er conteneur. -Après l'exécution de ce script, la demo est en place. +This script will build the demo containers. +It also install crons and start the first container. +After executing this script, YunoHost demo is working. ## demo_lxc_destroy -Ce script arrête les conteneurs et les détruits. -Il sert en général à une reconstruction des conteneurs avec de nouveaux paramètres. Et devrait donc être suivi du script demo_lxc_build. +This script stop the containers and destroy them. +It is usually used for rebuilding containers with new parameters. And should therefore be followed by the demo_lxc_build script. ## demo_lxc_remove -Ce script, après avoir appelé demo_lxc_destroy va désinstaller LXC et remettre le serveur à son état d'origine. Retirant les paramétrages mis en place pour la demo. -Il ne devrait être utilisé qu'en cas de changement de serveur hôte. +This script will remove yunohost_demo_ynh. +It should only be used when the host server is changed. ## demo_start -Permet simplement un démarrage propre du 1er conteneur. Avec la mise en place du bridge réseau et des règles de parefeu. +Simply allows a clean start of the first container. With network bridge and firewall rules in place. ## demo_stop -Arrête proprement les conteneurs et désactive la config réseau spécifique. +Cleanly shuts down containers and disables the specific network config. ## demo_switch -Ce script est placé en cron par demo_lxc_build. -Il va alterner toutes les 30 minutes (par défaut) les 2 conteneurs et rétablir le snapshot du conteneurs après son extinction. +It will alternate every 30 minutes (by default) the 2 containers and restore the snapshot of the container after it is shut down. ## demo_upgrade -Ce script est placé en cron par demo_lxc_build. -demo_upgrade vérifie chaque nuit les mises à jour sur les conteneurs, et les applique le cas échéant. Si nécessaire, il se charge également de refaire le snapshot. +It checks every night for updates on the containers, and applies them if necessary. If necessary, it also takes care of redoing the snapshot. ## demo_restore_crash -Tente de réparer les conteneurs qui ne démarre pas à partir des snapshots ou des archives de snapshots précédents. +Attempts to repair containers that do not boot from previous snapshots or snapshot archives. -Pour effectuer des modifications pérennes sur les conteneurs, il est possible d'ajouter des scripts dans le dossier upgrade.d. Ces scripts seront exécutés après l'upgrade des packages dans chaque conteneur. -En cas d'échec d'exécution, le script sera mis de côté en attendant sa correction. Sinon, il sera archivé. +To make permanent changes to the containers, it is possible to add scripts to the upgrade.d folder. These scripts will be executed after the upgrade of the packages in each container. +In case of execution failure, the script will be put aside until it is corrected. Otherwise, it will be archived. diff --git a/conf/cron_demo_switch b/conf/cron_demo_switch new file mode 100644 index 0000000..e06eb84 --- /dev/null +++ b/conf/cron_demo_switch @@ -0,0 +1,2 @@ +# Switch des conteneurs toutes les __TIME_TO_SWITCH__ minutes +*/__TIME_TO_SWITCH__ * * * * root /bin/bash __FINAL_PATH__/demo_switch.sh >> "__FINAL_PATH__/demo_switch.log" 2>&1 diff --git a/conf/cron_demo_upgrade b/conf/cron_demo_upgrade new file mode 100644 index 0000000..74be870 --- /dev/null +++ b/conf/cron_demo_upgrade @@ -0,0 +1,2 @@ +# Vérifie les mises à jour des conteneurs de demo, lorsqu'ils ne sont pas utilisés, à partir de 3h2minutes chaque nuit. Attention à rester sur un multiple du temps de switch. +2 3 * * * root /bin/bash __FINAL_PATH__/demo_upgrade.sh >> "__FINAL_PATH__/demo_upgrade.log" 2>&1 \ No newline at end of file diff --git a/conf/systemd.service b/conf/systemd.service new file mode 100644 index 0000000..9fec607 --- /dev/null +++ b/conf/systemd.service @@ -0,0 +1,14 @@ +[Unit] +Description=Start and stop script for LXC demo container +Requires=network.target +After=network.target + +[Service] +Type=forking +ExecStart=/bin/bash __FINAL_PATH__/demo_start.sh +RemainAfterExit=true +ExecStop=/bin/bash __FINAL_PATH__/demo_stop.sh +ExecReload=/bin/bash __FINAL_PATH__/demo_start.sh + +[Install] +WantedBy=multi-user.target diff --git a/demo_lxc_build.sh b/demo_lxc_build.sh index 3b76403..b139fc0 100755 --- a/demo_lxc_build.sh +++ b/demo_lxc_build.sh @@ -5,313 +5,176 @@ # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi +source $script_dir/ynh_lxd +source $script_dir/ynh_lxd_demo +source /usr/share/yunohost/helpers + +app=${__APP__:-yunohost_demo} +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +lxdbr_demo_name=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_name) +lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network) +lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1) +lxc_ip2=$(ynh_app_setting_get --app=$app --key=lxc_ip2) +demo_user=$(ynh_app_setting_get --app=$app --key=demo_user) +demo_password=$(ynh_app_setting_get --app=$app --key=demo_password) +demo_package=$(ynh_app_setting_get --app=$app --key=demo_package) +yunohost_password="$demo_password" +lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1) +lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2) +time_to_switch=$(ynh_app_setting_get --app=$app --key=time_to_switch) +DIST=$(ynh_app_setting_get --app=$app --key=DIST) +ARCH=$(ynh_app_setting_get --app=$app --key=ARCH) +YNH_BRANCH=$(ynh_app_setting_get --app=$app --key=YNH_BRANCH) +lxc_base="ynh-dev-$DIST-$ARCH-$YNH_BRANCH-base" + LOG=Build_lxc.log -LOG_BUILD_LXC="$script_dir/$LOG" -PLAGE_IP=10.1.5 -IP_LXC1=10.1.5.3 -IP_LXC2=10.1.5.4 -ARG_SSH=-t -DOMAIN=$(cat "$script_dir/domain.ini") -YUNO_PWD=demo -LXC_NAME1=yunohost_demo1 -LXC_NAME2=yunohost_demo2 -TIME_TO_SWITCH=30 -DIST="bullseye" - # En minutes -MAIL_ADDR=demo@yunohost.org -dnsforce=0 -main_iface= -dns= +LOG_BUILD_LXC="$final_path/$LOG" -lxc_current_version=$(lxc-info --version) +date | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_print_info --message=">> Starting demo build." | tee -a "$LOG_BUILD_LXC" 2>&1 -if $(dpkg --compare-versions "$lxc_current_version" "gt" "3.0.0"); then new_lxc=1; else new_lxc=0; fi - -USER_DEMO=demo -PASSWORD_DEMO=demo - -# Tente de définir l'interface réseau principale -if [ -z $main_iface ] # Si main_iface est vide, tente de le trouver. +if ynh_lxc_exists --name="$name" then -# main_iface=$(sudo route | grep default.*0.0.0.0 -m1 | awk '{print $8;}') # Prend l'interface réseau défini par default - main_iface=$(sudo ip route | grep default | awk '{print $5;}') # Prend l'interface réseau défini par default - if [ -z $main_iface ]; then - echo -e "\e[91mImpossible de déterminer le nom de l'interface réseau de l'hôte.\e[0m" - exit 1 - fi + ynh_print_info --message="> Deleting existing LXC containers." | tee -a "$LOG_BUILD_LXC" 2>&1 + /bin/bash "$final_path/demo_lxc_destroy.sh" quiet | tee -a "$LOG_BUILD_LXC" 2>&1 fi -if [ -z $dns ] # Si l'adresse du dns est vide, tente de le déterminer à partir de la passerelle par défaut. -then -# dns=$(sudo route -n | grep ^0.0.0.0.*$main_iface | awk '{print $2;}') - dns=$(sudo ip route | grep default | awk '{print $3;}') - if [ -z $dns ]; then - echo -e "\e[91mImpossible de déterminer l'adresse de la passerelle.\e[0m" - exit 1 - fi -fi +ynh_print_info --message="> Creating a YunoHost $DIST $ARCH $YNH_BRANCH" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_launch --image="$lxc_base" --name="$lxc_name1" | tee -a "$LOG_BUILD_LXC" 2>&1 -# Check user -if [ "$USER" != "$(cat "$script_dir/setup_user")" ] && test -e "$script_dir/setup_user"; then - echo -e "\e[91mCe script doit être exécuté avec l'utilisateur $(cat "$script_dir/setup_user")" - echo -en "\e[0m" - exit 0 -fi +ynh_print_info --message= "> Creating the $lxdbr_demo_name bridge" | tee -a "$LOG_BUILD_LXC" 2>&1 +lxc network attach $lxdbr_demo_name $lxc_name1 eth1 eth1 | tee -a "$LOG_BUILD_LXC" 2>&1 -sudo mkdir -p /var/lib/lxcsnaps # Créer le dossier lxcsnaps, pour s'assurer que lxc utilisera ce dossier, même avec lxc 2. +ynh_print_info --message="> Configuring network of the LXC container" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="cp /etc/systemd/network/eth0.network /etc/systemd/network/eth1.network" +ynh_lxc_run_inside --name="$lxc_name1" --command="sed -i s/eth0/eth1/g /etc/systemd/network/eth1.network" -if sudo lxc-info -n $LXC_NAME1 > /dev/null 2>&1 -then # Si le conteneur existe déjà - echo -e "\e[1m> Suppression du conteneur existant.\e[0m" | tee -a "$LOG_BUILD_LXC" - "$script_dir/demo_lxc_destroy.sh" quiet | tee -a "$LOG_BUILD_LXC" -fi +ynh_print_info --message="> Update of the LXC container" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="apt-get -y update" +ynh_lxc_run_inside --name="$lxc_name1" --command="apt-get -y full-upgrade" +ynh_lxc_run_inside --name="$lxc_name1" --command="apt-get -y autoremove" +ynh_lxc_run_inside --name="$lxc_name1" --command="apt-get -y clean" -echo -e "\e[1m> Création d'une machine debian $DIST minimaliste\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo lxc-create -n $LXC_NAME1 -t debian -- -r $DIST >> "$LOG_BUILD_LXC" 2>&1 +ynh_print_info --message="> Post install Yunohost" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost tools postinstall --domain $domain --password $yunohost_password --force-password" | tee -a "$LOG_BUILD_LXC" 2>&1 -echo -e "\e[1m> Active le bridge réseau\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo >> "$LOG_BUILD_LXC" 2>&1 +ynh_print_info --message="> Disable password strength" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost settings set security.password.user.strength -v -1" | tee -a "$LOG_BUILD_LXC" 2>&1 -echo -e "\e[1m> Configuration réseau du conteneur\e[0m" | tee -a "$LOG_BUILD_LXC" -if [ $new_lxc -eq 1 ]; then - sudo sed -i "s/^lxc.net.0.link = lxcbr0$/lxc.net.0.link = lxc_demo\nlxc.net.0.name = eth0\nlxc.net.0.veth.pair = $LXC_NAME1/" /var/lib/lxc/$LXC_NAME1/config >> "$LOG_BUILD_LXC" 2>&1 -else - sudo sed -i "s/^lxc.net.0.type = empty$/lxc.net.0.type = veth\nlxc.net.0.flags = up\nlxc.net.0.link = lxc_demo\nlxc.net.0.name = eth0\nlxc.net.0.veth.pair = $LXC_NAME1\nlxc.net.0.hwaddr = 00:FF:AA:00:00:03/" /var/lib/lxc/$LXC_NAME1/config >> "$LOG_BUILD_LXC" 2>&1 -fi +ynh_print_info --message="> Add demo user" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost user create $demo_user --firstname $demo_user --lastname $demo_user --domain $domain --password $demo_password" | tee -a "$LOG_BUILD_LXC" 2>&1 -echo -e "\e[1m> Configuration réseau de la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo sed -i "s@iface eth0 inet dhcp@iface eth0 inet static\n\taddress $IP_LXC1/24\n\tgateway $PLAGE_IP.1@" /var/lib/lxc/$LXC_NAME1/rootfs/etc/network/interfaces >> "$LOG_BUILD_LXC" 2>&1 - -echo -e "\e[1m> Configure le parefeu\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1 -sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1 -sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE >> "$LOG_BUILD_LXC" 2>&1 - -echo -e "\e[1m> Vérification du contenu du resolv.conf\e[0m" | tee -a "$LOG_BUILD_LXC" -if ! sudo cat /var/lib/lxc/$LXC_NAME1/rootfs/etc/resolv.conf | grep -q nameserver; then - dnsforce=1 # Le resolv.conf est vide, on force l'ajout d'un dns. -fi -if [ $dnsforce -eq 1 ]; then # Force la réécriture du resolv.conf - echo "nameserver $dns" | sudo tee /var/lib/lxc/$LXC_NAME1/rootfs/etc/resolv.conf -fi - -# Fix an issue with apparmor when the container start. -if [ $new_lxc -eq 1 ]; then - sudo sed -i "s/^lxc.apparmor.profile = generated$/lxc.apparmor.profile = unconfined/" /var/lib/lxc/$LXC_NAME1/config >> "$LOG_BUILD_LXC" 2>&1 -else - echo -e "\n# Fix apparmor issues\nlxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/$LXC_NAME1/config >> "$LOG_BUILD_LXC" 2>&1 -fi - -echo -e "\e[1m> Démarrage de la machine\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo lxc-start -n $LXC_NAME1 -d --logfile "$script_dir/lxc_boot.log" >> "$LOG_BUILD_LXC" 2>&1 -sleep 3 -sudo lxc-ls -f >> "$LOG_BUILD_LXC" 2>&1 - -echo -e "\e[1m> Update et install aptitude sudo aptitude sudo ssh openssh-server curl\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo lxc-attach -n $LXC_NAME1 -- apt-get update -sudo lxc-attach -n $LXC_NAME1 -- apt-get install -y aptitude sudo ssh openssh-server curl -echo -e "\e[1m> Installation des paquets standard et ssh-server\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo lxc-attach -n $LXC_NAME1 -- aptitude install -y ~pstandard ~prequired ~pimportant - -echo -e "\e[1m> Renseigne /etc/hosts sur l'invité\e[0m" | tee -a "$LOG_BUILD_LXC" -echo "127.0.0.1 $LXC_NAME1" | sudo tee -a /var/lib/lxc/$LXC_NAME1/rootfs/etc/hosts >> "$LOG_BUILD_LXC" 2>&1 - -echo -e "\e[1m> Ajoute l'user ssh_demo (avec un mot de passe à revoir...)\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo lxc-attach -n $LXC_NAME1 -- useradd -m -p ssh_demo ssh_demo >> "$LOG_BUILD_LXC" 2>&1 - -echo -e "\e[1m> Autorise ssh_demo à utiliser sudo sans mot de passe\e[0m" | tee -a "$LOG_BUILD_LXC" -echo "ssh_demo ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /var/lib/lxc/$LXC_NAME1/rootfs/etc/sudoers >> "$LOG_BUILD_LXC" 2>&1 - -echo -e "\e[1m> Mise en place de la connexion ssh vers l'invité.\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo mkdir /var/lib/lxc/$LXC_NAME1/rootfs/home/ssh_demo/.ssh >> "$LOG_BUILD_LXC" 2>&1 -sudo cp $HOME/.ssh/$LXC_NAME1.pub /var/lib/lxc/$LXC_NAME1/rootfs/home/ssh_demo/.ssh/authorized_keys >> "$LOG_BUILD_LXC" 2>&1 -sudo lxc-attach -n $LXC_NAME1 -- chown ssh_demo -R /home/ssh_demo/.ssh >> "$LOG_BUILD_LXC" 2>&1 - -ssh -o StrictHostKeyChecking=no $ARG_SSH $LXC_NAME1 "exit 0" # Initie une première connexion SSH pour valider la clé. -if [ "$?" -ne 0 ]; then # Si l'utilisateur tarde trop, la connexion sera refusée... ??? - ssh $ARG_SSH $LXC_NAME1 "exit 0" # Initie une premier connexion SSH pour valider la clé. -fi - -# Fix ssh common issues with stretch "No supported key exchange algorithms" -sudo lxc-attach -n $LXC_NAME -- dpkg-reconfigure openssh-server >> "$LOG_BUILD_LXC" 2>&1 - -# Fix locales issue -sudo lxc-attach -n $LXC_NAME -- locale-gen en_US.UTF-8 >> "$LOG_BUILD_LXC" 2>&1 -sudo lxc-attach -n $LXC_NAME -- localedef -i en_US -f UTF-8 en_US.UTF-8 >> "$LOG_BUILD_LXC" 2>&1 - -echo -e "\e[1m> Installation de Yunohost...\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo /bin/bash -c \"curl https://install.yunohost.org/$DIST | bash -s -- -a -d stable\"" | tee -a "$LOG_BUILD_LXC" 2>&1 -echo -e "\e[1m> Post install Yunohost\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo systemctl start dbus.service" | tee -a "$LOG_BUILD_LXC" 2>&1 -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --force-password" | tee -a "$LOG_BUILD_LXC" 2>&1 - -echo -e "\e[1m> Fix SSH access\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo lxc-attach -n $LXC_NAME1 -- sed -i "s/AllowGroups ssh.main sftp.main ssh.app sftp.app admins root/AllowGroups ssh.main sftp.main ssh.app sftp.app admins root ssh_demo/" /etc/ssh/sshd_config >> "$LOG_BUILD_LXC" 2>&1 -sudo lxc-attach -n $LXC_NAME1 -- service sshd restart >> "$LOG_BUILD_LXC" 2>&1 - -echo -e "\e[1m> Disable password strength\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost settings set security.password.user.strength -v -1" | tee -a "$LOG_BUILD_LXC" - -USER_DEMO_CLEAN=${USER_DEMO//"_"/""} -echo -e "\e[1m> Ajout de l'utilisateur de demo\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost user create \"$USER_DEMO\" --firstname \"$USER_DEMO_CLEAN\" --lastname \"$USER_DEMO_CLEAN\" --domain \"$DOMAIN\" --password \"$PASSWORD_DEMO\"" - -echo -e "\e[1m\n> Vérification de l'état de Yunohost\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost -v" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_print_info --message="> Check YunoHost state" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost -v" | tee -a "$LOG_BUILD_LXC" 2>&1 # ******** -echo -e "\e[1m>> Modification de Yunohost pour la demo\e[0m" | tee -a "$LOG_BUILD_LXC" -# App officielles -echo -e "\e[1m> Installation des applications officielles\e[0m" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="> Installing demo apps" | tee -a "$LOG_BUILD_LXC" 2>&1 + # Ampache -echo -e "\e[36mInstallation de Ampache\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install ampache --force --args \"domain=$DOMAIN&path=/ampache&admin=$USER_DEMO&is_public=1\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing ampache" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install ampache --force --args \"domain=$domain&path=/ampache&admin=$demo_user&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Baikal -echo -e "\e[36mInstallation de baikal\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install baikal --force --args \"domain=$DOMAIN&path=/baikal&password=$PASSWORD_DEMO\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing baikal" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install baikal --force --args \"domain=$domain&path=/baikal&password=$demo_password&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Agendav -echo -e "\e[36mInstallation d'agendav\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install agendav --force --args \"domain=$DOMAIN&path=/agendav&language=en\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installation d'agendav" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install agendav --force --args \"domain=$domain&path=/agendav&language=en&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Dokuwiki -echo -e "\e[36mInstallation de dokuwiki\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install dokuwiki --force --args \"domain=$DOMAIN&path=/dokuwiki&admin=$USER_DEMO&is_public=1&language=en\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing dokuwiki" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install dokuwiki --force --args \"domain=$domain&path=/dokuwiki&admin=$demo_user&is_public=1&language=en&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Etherpad -echo -e "\e[36mInstallation de etherpad\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install etherpad_mypads --force --args \"domain=$DOMAIN&path=/etherpad&admin=$USER_DEMO&password=administration&language=en&is_public=1&export=none&mypads=1&useldap=0\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing etherpad" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install etherpad_mypads --force --args \"domain=$domain&path=/etherpad&admin=$demo_user&password=administration&language=en&is_public=1&export=none&mypads=1&useldap=0&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Hextris -echo -e "\e[36mInstallation de hextris\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install hextris --force --args \"domain=$DOMAIN&path=/hextris&is_public=1\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing hextris" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install hextris --force --args \"domain=$domain&path=/hextris&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Jirafeau -echo -e "\e[36mInstallation de jirafeau\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install jirafeau --force --args \"domain=$DOMAIN&path=/jirafeau&admin_user=$USER_DEMO&upload_password=$PASSWORD_DEMO&is_public=1\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing jirafeau" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install jirafeau --force --args \"domain=$domain&path=/jirafeau&admin_user=$demo_user&upload_password=$demo_password&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Kanboard -echo -e "\e[36mInstallation de kanboard\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install kanboard --force --args \"domain=$DOMAIN&path=/kanboard&admin=$USER_DEMO&is_public=1\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing kanboard" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install kanboard --force --args \"domain=$domain&path=/kanboard&admin=$demo_user&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Nextcloud -echo -e "\e[36mInstallation de nextcloud\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install nextcloud --force --args \"domain=$DOMAIN&path=/nextcloud&admin=$USER_DEMO&user_home=0&is_public=1\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing nextcloud" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install nextcloud --force --args \"domain=$domain&path=/nextcloud&admin=$demo_user&user_home=0&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Opensondage -echo -e "\e[36mInstallation de opensondage\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install opensondage --force --args \"domain=$DOMAIN&path=/date&admin=$USER_DEMO&language=en&is_public=1\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing opensondage" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install opensondage --force --args \"domain=$domain&path=/date&admin=$demo_user&language=en&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Phpmyadmin -echo -e "\e[36mInstallation de phpmyadmin\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install phpmyadmin --force --args \"domain=$DOMAIN&path=/phpmyadmin&admin=$USER_DEMO\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing phpmyadmin" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install phpmyadmin --force --args \"domain=$domain&path=/phpmyadmin&admin=$demo_user&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Piwigo -echo -e "\e[36mInstallation de piwigo\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install piwigo --force --args \"domain=$DOMAIN&path=/piwigo&admin=$USER_DEMO&is_public=1&language=en\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing piwigo" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install piwigo --force --args \"domain=$domain&path=/piwigo&admin=$demo_user&is_public=1&language=en&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Rainloop -echo -e "\e[36mInstallation de rainloop\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install rainloop --force --args \"domain=$DOMAIN&path=/rainloop&is_public=No&password=$PASSWORD_DEMO&ldap=Yes&language=en\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing rainloop" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install rainloop --force --args \"domain=$domain&path=/rainloop&is_public=No&password=$demo_password&ldap=Yes&language=en&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Roundcube -echo -e "\e[36mInstallation de roundcube\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install roundcube --force --args \"domain=$DOMAIN&path=/webmail&with_carddav=0&with_enigma=0&language=en_GB\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing roundcube" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install roundcube --force --args \"domain=$domain&path=/webmail&with_carddav=0&with_enigma=0&language=en_GB&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Searx -echo -e "\e[36mInstallation de searx\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install searx --force --args \"domain=$DOMAIN&path=/searx&is_public=1\"" | tee -a "$LOG_BUILD_LXC" +ynh_print_info --message="Installing searx" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install searx --force --args \"domain=$domain&path=/searx&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Shellinabox -echo -e "\e[36mInstallation de shellinabox\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install shellinabox --force --args \"domain=$DOMAIN&path=/ssh\"" | tee -a "$LOG_BUILD_LXC" -# Strut -echo -e "\e[36mInstallation de strut\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install strut --force --args \"domain=$DOMAIN&path=/strut&is_public=1\"" | tee -a "$LOG_BUILD_LXC" -# Transmission -echo -e "\e[36mInstallation de transmission\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install transmission --force --args \"domain=$DOMAIN&path=/torrent\"" | tee -a "$LOG_BUILD_LXC" -# Ttrss -echo -e "\e[36mInstallation de ttrss\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install ttrss --force --args \"domain=$DOMAIN&path=/ttrss&is_public=1\"" | tee -a "$LOG_BUILD_LXC" -# Wallabag -echo -e "\e[36mInstallation de wallabag\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install wallabag2 --force --args \"domain=$DOMAIN&path=/wallabag&admin=$USER_DEMO\"" | tee -a "$LOG_BUILD_LXC" -# Wordpress -echo -e "\e[36mInstallation de wordpress\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install wordpress --force --args \"domain=$DOMAIN&path=/blog&admin=$USER_DEMO&language=en_US&multisite=0&is_public=1\"" | tee -a "$LOG_BUILD_LXC" -# Zerobin -echo -e "\e[36mInstallation de zerobin\e[0m" | tee -a "$LOG_BUILD_LXC" -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install zerobin --force --args \"domain=$DOMAIN&path=/zerobin&is_public=1\"" | tee -a "$LOG_BUILD_LXC" - +ynh_print_info --message="Installing shellinabox" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install shellinabox --force --args \"domain=$domain&path=/ssh&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # Désactive l'accès à shellinabox -sudo rm "/var/lib/lxc/$LXC_NAME1/rootfs/etc/nginx/conf.d/$DOMAIN.d/shellinabox.conf" # Supprime le fichier de conf nginx de shellinabox pour empêcher d'y accéder. -ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app setting shellinabox path -d && sudo yunohost app setting shellinabox domain -d && sudo yunohost app ssowatconf" | tee -a "$LOG_BUILD_LXC" - -# Indique le couple login/mot de passe demo/demo -# Et ajoute demo/demo par défaut dans les champs d'identification -sed -i "3i\
Login: $USER_DEMO / Password: $PASSWORD_DEMO
" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/ssowat/portal/login.html # Sur le login du portail -sed -i "s/id=\"user\" type=\"text\" name=\"user\"/id=\"user\" type=\"text\" name=\"user\" value=\"$USER_DEMO\"/" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/ssowat/portal/login.html -sed -i "s/id=\"password\" type=\"password\" name=\"password\"/id=\"password\" type=\"password\" name=\"password\" value=\"$PASSWORD_DEMO\"/" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/ssowat/portal/login.html - -#sed -i "17i\   Password: $YUNO_PWD" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/login.ms # Et sur le login admin -#sed -i "s/type=\"password\" id=\"password\" name=\"password\"/type=\"password\" id=\"password\" name=\"password\" value=\"$YUNO_PWD\"/" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/login.ms - -# Désactive l'installation d'app custom -sed -i "s@{{t 'install'}}@{{t 'install'}}@g" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/app/app_catalog_category.ms - -# Désactive l'ajout de domaine, pour éviter surtout les nohost -sed -i "s@@@g" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/domain/domain_add.ms +ynh_lxc_run_inside --name="$lxc_name1" --command="rm /etc/nginx/conf.d/$domain.d/shellinabox.conf" +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app setting shellinabox path -d" +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app setting shellinabox domain -d" +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app ssowatconf" +# Strut +ynh_print_info --message="Installing strut" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install strut --force --args \"domain=$domain&path=/strut&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 +# Transmission +ynh_print_info --message="Installing transmission" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install transmission --force --args \"domain=$domain&path=/torrent&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 +# Ttrss +ynh_print_info --message="Installing ttrss" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install ttrss --force --args \"domain=$domain&path=/ttrss&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 +# Wallabag +ynh_print_info --message="Installing wallabag" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install wallabag2 --force --args \"domain=$domain&path=/wallabag&admin=$demo_user&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 +# Wordpress +ynh_print_info --message="Installing wordpress" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install wordpress --force --args \"domain=$domain&path=/blog&admin=$demo_user&language=en_US&multisite=0&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 +# Zerobin +ynh_print_info --message="Installing zerobin" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install zerobin --force --args \"domain=$domain&path=/zerobin&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1 # ******** -echo -e "\e[1m> Arrêt de la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo lxc-stop -n $LXC_NAME1 >> "$LOG_BUILD_LXC" 2>&1 +ynh_print_info --message="> Creating a snapshot for $lxc_name1" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_snapshot_create --name="$lxc_name1" --snapname="snap0" -echo -e "\e[1m> Suppression des règles de parefeu\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1 -sudo iptables -D FORWARD -i eth0 -o lxc_demo -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1 -sudo iptables -t nat -D POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE >> "$LOG_BUILD_LXC" 2>&1 -sudo ifdown --force lxc_demo >> "$LOG_BUILD_LXC" 2>&1 +ynh_print_info --message="> Upgrading the $lxc_name1 LXC container" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_stop --name="$lxc_name1" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_demo_upgrade --name=$lxc_name1 --time_to_switch=$time_to_switch | tee -a "$LOG_BUILD_LXC" 2>&1 -echo -e "\e[1m> Création d'un snapshot\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo lxc-snapshot -n $LXC_NAME1 >> "$LOG_BUILD_LXC" 2>&1 -# Il sera nommé snap0 et stocké dans /var/lib/lxcsnaps/$LXC_NAME1/snap0/ +ynh_print_info --message="> Cloning $lxc_name1 to $lxc_name2" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_clone --source="$lxc_name1" --destination="$lxc_name2" | tee -a "$LOG_BUILD_LXC" 2>&1 -echo -e "\e[1m> Clone la machine\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo lxc-copy --name=$LXC_NAME1 --newname=$LXC_NAME2 >> "$LOG_BUILD_LXC" 2>&1 +ynh_print_info --message="> Creating a snapshot for $lxc_name2" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_lxc_snapshot_create --name="$lxc_name2" --snapname="snap0" | tee -a "$LOG_BUILD_LXC" 2>&1 -echo -e "\e[1m> Modification de l'ip du clone\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo sed -i "s@address $IP_LXC1@address $IP_LXC2@" /var/lib/lxc/$LXC_NAME2/rootfs/etc/network/interfaces >> "$LOG_BUILD_LXC" 2>&1 -echo -e "\e[1m> Et le nom du veth\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo sed -i "s@^lxc.net.0.veth.pair = $LXC_NAME1@lxc.net.0.veth.pair = $LXC_NAME2@" /var/lib/lxc/$LXC_NAME2/config >> "$LOG_BUILD_LXC" 2>&1 -echo -e "\e[1m> Et enfin renseigne /etc/hosts sur le clone\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo sed -i "s@^127.0.0.1 $LXC_NAME1@127.0.0.1 $LXC_NAME2@" /var/lib/lxc/$LXC_NAME2/rootfs/etc/hosts >> "$LOG_BUILD_LXC" 2>&1 +ynh_print_info --message="> Setuping the switch cron" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_add_config --template="$final_path/conf/cron_demo_switch" --destination="/etc/cron.d/demo_switch" | tee -a "$LOG_BUILD_LXC" 2>&1 -echo -e "\e[1m> Mise en place du cron de switch\e[0m" -echo | sudo tee /etc/cron.d/demo_switch < /dev/null -# Switch des conteneurs toutes les $TIME_TO_SWITCH minutes -*/$TIME_TO_SWITCH * * * * root $script_dir/demo_switch.sh >> "$script_dir/demo_switch.log" 2>&1 -EOF -echo -e "\e[1m> Et du cron d'upgrade\e[0m" -echo | sudo tee /etc/cron.d/demo_upgrade < /dev/null -# Vérifie les mises à jour des conteneurs de demo, lorsqu'ils ne sont pas utilisés, à partir de 3h2minutes chaque nuit. Attention à rester sur un multiple du temps de switch. -2 3 * * * root $script_dir/demo_upgrade.sh >> "$script_dir/demo_upgrade.log" 2>&1 -EOF +ynh_print_info --message="> and the upgrade cron" | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_add_config --template="$final_path/conf/cron_demo_upgrade" --destination="/etc/cron.d/demo_upgrade" | tee -a "$LOG_BUILD_LXC" 2>&1 -echo -e "\e[1m> Démarrage de la démo\e[0m" -"$script_dir/demo_start.sh" +ynh_print_info --message="> Setuping the service" | tee -a "$LOG_BUILD_LXC" 2>&1 +#ynh_add_systemd_config --template="$final_path/conf/systemd.service" +ynh_add_systemd_config -# echo "> Mise en place du service" -echo | sudo tee /etc/systemd/system/lxc_demo.service < /dev/null -[Unit] -Description=Start and stop script for lxc demo container -Requires=network.target -After=network.target +ynh_print_info --message="> Integrating service in YunoHost..." | tee -a "$LOG_BUILD_LXC" 2>&1 +yunohost service add $app --log="/var/log/$app/$app.log" -[Service] -Type=forking -ExecStart=$script_dir/demo_start.sh -RemainAfterExit=true -ExecStop=$script_dir/demo_stop.sh -ExecReload=$script_dir/demo_start.sh +ynh_print_info --message="> Starting a systemd service..." | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" -[Install] -WantedBy=multi-user.target -EOF - -# Démarrage automatique du service -sudo systemctl enable lxc_demo.service -sudo service lxc_demo start - -# Après le démarrage du premier conteneur, fait un snapshot du deuxième. -echo -e "\e[1m> Création d'un snapshot pour le 2e conteneur\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo lxc-snapshot -n $LXC_NAME2 >> "$LOG_BUILD_LXC" 2>&1 -# Il sera nommé snap0 et stocké dans /var/lib/lxcsnaps/$LXC_NAME2/snap0/ +date | tee -a "$LOG_BUILD_LXC" 2>&1 +ynh_print_info --message=">> Demo build finished." | tee -a "$LOG_BUILD_LXC" 2>&1 diff --git a/demo_lxc_build_init.sh b/demo_lxc_build_init.sh index 9de69ab..750906d 100755 --- a/demo_lxc_build_init.sh +++ b/demo_lxc_build_init.sh @@ -1,188 +1,77 @@ #!/bin/bash -# Installe LXC et les paramètres réseaux avant de procéder au build. +cd "$(dirname $(realpath $0))" -# Récupère le dossier du script -if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi +if (( $# < 3 )) +then + cat << EOF +Usage: ./demo_lxc_build_init.sh some.domain.tld SecretAdminPasswurzd! Demo_User Demo_Password -LOG=$(cat "$script_dir/demo_lxc_build.sh" | grep LOG= | cut -d '=' -f2) -LOG_BUILD_LXC="$script_dir/$LOG" -LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) -LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2) -PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2) -IP_LXC1=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC1= | cut -d '=' -f2) -IP_LXC2=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC2= | cut -d '=' -f2) -MAIL_ADDR=$(cat "$script_dir/demo_lxc_build.sh" | grep MAIL_ADDR= | cut -d '=' -f2) +1st and 2nd arguments are for yunohost postinstall + - domain + - admin password -# Check user -echo $(whoami) > "$script_dir/setup_user" +3rd and 4th argument are used for the demo + - demo_user + - demo_password -read -p "Indiquer le nom de domaine du serveur de demo: " DOMAIN -echo "$DOMAIN" > "$script_dir/domain.ini" - -# Créer le dossier de log -sudo mkdir -p $(dirname $LOG_BUILD_LXC) - -echo -e "\e[1m> Update et install lxc, lxctl et mailutils\e[0m" | tee "$LOG_BUILD_LXC" -sudo apt-get update >> "$LOG_BUILD_LXC" 2>&1 -sudo apt-get install -y lxc lxctl mailutils certbot >> "$LOG_BUILD_LXC" 2>&1 - -echo -e "\e[1m> Autoriser l'ip forwarding, pour router vers la machine virtuelle.\e[0m" | tee -a "$LOG_BUILD_LXC" -echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/lxc_demo.conf >> "$LOG_BUILD_LXC" 2>&1 -sudo sysctl -p /etc/sysctl.d/lxc_demo.conf >> "$LOG_BUILD_LXC" 2>&1 - -echo -e "\e[1m> Ajoute un brige réseau pour la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC" -echo | sudo tee /etc/network/interfaces.d/lxc_demo <> "$LOG_BUILD_LXC" 2>&1 -auto lxc_demo -iface lxc_demo inet static - address $PLAGE_IP.1/24 - bridge_ports none - bridge_fd 0 - bridge_maxwait 0 EOF - -echo -e "\e[1m> Active le bridge réseau\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo >> "$LOG_BUILD_LXC" 2>&1 - -echo -e "\e[1m> Mise en place de la connexion ssh vers l'invité.\e[0m" | tee -a "$LOG_BUILD_LXC" -if [ -e $HOME/.ssh/$LXC_NAME1 ]; then - rm -f $HOME/.ssh/$LXC_NAME1 $HOME/.ssh/$LXC_NAME1.pub - ssh-keygen -f $HOME/.ssh/known_hosts -R $IP_LXC1 - ssh-keygen -f $HOME/.ssh/known_hosts -R $IP_LXC2 + exit 1 fi -ssh-keygen -t rsa -f $HOME/.ssh/$LXC_NAME1 -P '' >> "$LOG_BUILD_LXC" 2>&1 -echo | tee -a $HOME/.ssh/config <> "$LOG_BUILD_LXC" 2>&1 -# ssh $LXC_NAME1 -Host $LXC_NAME1 -Hostname $IP_LXC1 -User ssh_demo -IdentityFile $HOME/.ssh/$LXC_NAME1 -Host $LXC_NAME2 -Hostname $IP_LXC2 -User ssh_demo -IdentityFile $HOME/.ssh/$LXC_NAME1 -# End ssh $LXC_NAME1 -EOF +domain=$1 +yuno_pwd=$2 +demo_user=$3 +demo_password=$4 -echo -e "\e[1m> Mise en place du reverse proxy et du load balancing\e[0m" | tee -a "$LOG_BUILD_LXC" -echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <> "$LOG_BUILD_LXC" 2>&1 -#upstream $DOMAIN { -# server $IP_LXC1:443 ; -# server $IP_LXC2:443 ; -#} - -server { - listen 80; - listen [::]:80; - server_name $DOMAIN; - - location '/.well-known/acme-challenge' { - default_type "text/plain"; - root /tmp/letsencrypt-auto; - } - - access_log /var/log/nginx/$DOMAIN-access.log; - error_log /var/log/nginx/$DOMAIN-error.log; -} -EOF - -sudo service nginx reload - -echo -e "\e[1m> Création du certificat SSL.\e[0m" | tee -a "$LOG_BUILD_LXC" -sudo mkdir -p /etc/letsencrypt - -# Créer le fichier de config -echo | sudo tee /etc/letsencrypt/conf.ini <> "$LOG_BUILD_LXC" 2>&1 -################################# -# Let's encrypt configuration # -################################# - -# Use a 4096 bit RSA key instead of 2048 -rsa-key-size = 4096 - -# Uncomment and update to register with the specified e-mail address -email = $MAIL_ADDR - -# Uncomment to use the webroot authenticator. Replace webroot-path with the -# path to the public_html / webroot folder being served by your web server. -# avec le contenu dans /tmp/letsencrypt-auto -authenticator = webroot -webroot-path = /tmp/letsencrypt-auto - -# Utiliser l'interface texte -text = True -# Uncomment to automatically agree to the terms of service of the ACME server -agree-tos = true - -# (Serveur de test uniquement : si vous l'utilisez, -# votre certificat ne sera pas vraiment valide) -# server = https://acme-staging-v02.api.letsencrypt.org/directory -EOF - -mkdir -p /tmp/letsencrypt-auto -# Créer le certificat -sudo certbot certonly --config /etc/letsencrypt/conf.ini -d $DOMAIN --no-eff-email - -# Route l'upstream sur le port 443. Le port 80 servait uniquement à let's encrypt -# sudo sed -i "s/server $IP_LXC1:80 ;/server $IP_LXC1:443 ;/" /etc/nginx/conf.d/$DOMAIN.conf -# Décommente les lignes du certificat -# sudo sed -i "s/#\tssl_certificate/\tssl_certificate/g" /etc/nginx/conf.d/$DOMAIN.conf -# Supprime les commentaires dans la conf nginx - -echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <> "$LOG_BUILD_LXC" 2>&1 -#upstream $DOMAIN { -# server $IP_LXC1:443 ; -# server $IP_LXC2:443 ; -#} - -server { - listen 80; - listen [::]:80; - server_name $DOMAIN; - - location '/.well-known/acme-challenge' { - default_type "text/plain"; - root /tmp/letsencrypt-auto; - } - - access_log /var/log/nginx/$DOMAIN-access.log; - error_log /var/log/nginx/$DOMAIN-error.log; +echo_bold () { + echo -e "\e[1m$1\e[0m" } -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name $DOMAIN; +# ----------------------------------------------------------------- - ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem; - ssl_session_timeout 5m; - ssl_session_cache shared:SSL:50m; - ssl_prefer_server_ciphers on; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM; - add_header Strict-Transport-Security "max-age=31536000;"; +function install_dependencies() { - location / { - proxy_pass https://$DOMAIN; - proxy_redirect off; - proxy_set_header Host \$host; - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-Proto \$scheme; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host \$server_name; - } - - access_log /var/log/nginx/$DOMAIN-access.log; - error_log /var/log/nginx/$DOMAIN-error.log; + echo_bold "> Installing dependencies..." + apt-get update + apt-get install -y curl wget git python3-pip } -EOF -sudo service nginx reload +function setup_yunohost() { + + echo_bold "> Setting up Yunohost..." + local DIST="bullseye" + local INSTALL_SCRIPT="https://install.yunohost.org/$DIST" + curl $INSTALL_SCRIPT | bash -s -- -a + + echo_bold "> Running yunohost postinstall" + yunohost tools postinstall --domain $domain --password $yuno_pwd -echo -e "\e[1mLe serveur est prêt à déployer les conteneurs de demo.\e[0m" -echo -e "\e[1mExécutez le script demo_lxc_build.sh pour créer les conteneurs et mettre en place la demo.\e[0m" + echo_bold "> Disabling unecessary services to save up RAM" + for SERVICE in mysql php7.3-fpm metronome rspamd dovecot postfix redis-server postsrsd yunohost-api avahi-daemon + do + systemctl stop $SERVICE + systemctl disable $SERVICE --quiet + done +} -# Déploie les conteneurs de demo -# "$script_dir/demo_lxc_build.sh" +function setup_yunohost_demo() { + echo_bold "> Installation of yunohost_demo..." + if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "yunohost_demo")' >/dev/null + then + yunohost app install --force https://github.com/YunoHost-Apps/yunohost_demo_ynh -a "domain=$domain&demo_user=$demo_user&demo_password=$demo_password" + fi +} + +# ========================= +# Main stuff +# ========================= + +install_dependencies + +[ -e /usr/bin/yunohost ] || setup_yunohost + +setup_yunohost_demo + +echo "Done!" +echo " " diff --git a/demo_lxc_destroy.sh b/demo_lxc_destroy.sh index b8266a8..369f02c 100755 --- a/demo_lxc_destroy.sh +++ b/demo_lxc_destroy.sh @@ -6,36 +6,39 @@ # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi -LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) -LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2) -IP_LXC1=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC1= | cut -d '=' -f2) -IP_LXC2=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC2= | cut -d '=' -f2) +source $script_dir/ynh_lxd +source $script_dir/ynh_lxd_demo +source /usr/share/yunohost/helpers -# Check user -if [ "$USER" != "$(cat "$script_dir/setup_user")" ]; then - echo -e "\e[91mCe script doit être exécuté avec l'utilisateur $(cat "$script_dir/setup_user")" - echo -en "\e[0m" - exit 0 +app=${__APP__:-yunohost_demo} +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1) +lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2) +lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network) +lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1) +lxc_ip2=$(ynh_app_setting_get --app=$app --key=lxc_ip2) + +ynh_print_info --message=">> Starting demo destroy." + +/bin/bash "$final_path/demo_stop.sh" -f + +ynh_print_info --message="> Deleting containers and snapshots" +ynh_exec_warn_less ynh_secure_remove --file="/var/lib/lxd/snapshots/$lxc_name1/snap0.tar.gz" +ynh_lxc_delete --name=$lxc_name1 +ynh_exec_warn_less ynh_secure_remove --file="/var/lib/lxd/snapshots/$lxc_name2/snap0.tar.gz" +ynh_lxc_delete --name=$lxc_name2 + +ynh_print_info --message="> Deleting crons" +ynh_secure_remove --file=/etc/cron.d/demo_switch +ynh_secure_remove --file=/etc/cron.d/demo_upgrade + +ynh_print_info --message="> Deleting service" +if ynh_exec_warn_less yunohost service status $app >/dev/null +then + ynh_print_info --message="> Removing $app service integration..." + yunohost service remove $app fi +ynh_print_info --message="> Stopping and removing the systemd service..." +ynh_remove_systemd_config -"$script_dir/demo_stop.sh" - -echo -e "\e[1m> Suppression des conteneurs et de leur snapshots\e[0m" -sudo lxc-snapshot -n $LXC_NAME1 -d snap0 -sudo rm -f /var/lib/lxcsnaps/$LXC_NAME1/snap0.tar.gz -sudo lxc-destroy -n $LXC_NAME1 -f -sudo lxc-snapshot -n $LXC_NAME2 -d snap0 -sudo rm -f /var/lib/lxcsnaps/$LXC_NAME2/snap0.tar.gz -sudo lxc-destroy -n $LXC_NAME2 -f - -echo -e "\e[1m> Suppression des crons\e[0m" -sudo rm /etc/cron.d/demo_switch -sudo rm /etc/cron.d/demo_upgrade - -echo -e "\e[1m> Suppression des clés ECDSA dans known_hosts\e[0m" -ssh-keygen -f "$HOME/.ssh/known_hosts" -R $IP_LXC1 -ssh-keygen -f "$HOME/.ssh/known_hosts" -R $IP_LXC2 - -echo -e "\e[1m> Suppression du service\e[0m" -sudo systemctl disable lxc_demo.service -sudo rm -f /etc/systemd/system/lxc_demo.service +ynh_print_info --message=">> Finished demo destroy." diff --git a/demo_lxc_remove.sh b/demo_lxc_remove.sh index 84e2e7d..4dfe3dd 100755 --- a/demo_lxc_remove.sh +++ b/demo_lxc_remove.sh @@ -6,44 +6,34 @@ # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi -LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) -DOMAIN=$(cat "$script_dir/domain.ini") +source $script_dir/ynh_lxd +source $script_dir/ynh_lxd_demo +source /usr/share/yunohost/helpers -# Check user -if [ "$USER" != "$(cat "$script_dir/setup_user")" ]; then - echo -e "\e[91mCe script doit être exécuté avec l'utilisateur $(cat "$script_dir/setup_user")" - echo -en "\e[0m" - exit 0 -fi +app=${__APP__:-yunohost_demo} +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1) +path_url=$(ynh_app_setting_get --app=$app --key=path) -"$script_dir/demo_lxc_destroy.sh" +echo_bold () { + echo -e "\e[1m$1\e[0m" +} -echo -e "\e[1m> Retire l'ip forwarding.\e[0m" -sudo rm /etc/sysctl.d/lxc_demo.conf -sudo sysctl -p +# ----------------------------------------------------------------- -echo -e "\e[1m> Supprime le brige réseau\e[0m" -sudo rm /etc/network/interfaces.d/lxc_demo +function remove_yunohost_demo() { + echo_bold "> Installation of yunohost_demo..." + if yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "yunohost_demo")' >/dev/null + then + yunohost app remove yunohost_demo --purge + fi +} -echo -e "\e[1m> Remove lxc lxctl\e[0m" -sudo apt-get remove lxc lxctl +# ========================= +# Main stuff +# ========================= -echo -e "\e[1m> Suppression de la clé SSH\e[0m" -rm -f $HOME/.ssh/$LXC_NAME1 $HOME/.ssh/$LXC_NAME1.pub -echo -e "\e[1m> Et de sa config spécifique dans $HOME/.ssh/config\e[0m" -BEGIN_LINE=$(cat $HOME/.ssh/config | grep -n "^# ssh $LXC_NAME1" | cut -d':' -f 1) -sed -i "$BEGIN_LINE,/^# End ssh $LXC_NAME1/d" $HOME/.ssh/config +remove_yunohost_demo -# Suppression du reverse proxy -echo -e "\e[1m> Suppression de la config nginx\e[0m" -sudo rm /etc/nginx/conf.d/$DOMAIN.conf -sudo service nginx reload - -# Suppression du certificat Let's encrypt -echo -e "\e[1m> Suppression de Let's encrypt\e[0m" -sudo rm -r /etc/letsencrypt -sudo rm -r ~/.local/share/letsencrypt -sudo rm -r ~/letsencrypt -sudo rm -r /var/lib/letsencrypt -# Supprime la tache cron -sudo rm /etc/cron.weekly/Certificate_Renewer +echo "Done!" +echo " " diff --git a/demo_restore_crash.sh b/demo_restore_crash.sh index cf64b5c..6cbf59e 100755 --- a/demo_restore_crash.sh +++ b/demo_restore_crash.sh @@ -5,185 +5,94 @@ # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi -PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2) -IP_LXC1=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC1= | cut -d '=' -f2) -IP_LXC2=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC2= | cut -d '=' -f2) -LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) -LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2) +source $script_dir/ynh_lxd +source $script_dir/ynh_lxd_demo +source /usr/share/yunohost/helpers -STOP_CONTAINER () { - MACHINE=$1 - if [ $(sudo lxc-info --name $MACHINE | grep -c "STOPPED") -eq 0 ]; then - echo "Arrêt du conteneur $MACHINE" - sudo lxc-stop -n $MACHINE - fi -} +app=${__APP__:-yunohost_demo} +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network) +lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1) +lxc_ip2=$(ynh_app_setting_get --app=$app --key=lxc_ip2) +lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1) +lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2) -CHECK_CONTAINER () { - MACHINE=$1 - echo "Test du conteneur $MACHINE" - sudo lxc-start -n $MACHINE -d > /dev/null 2>&1 # Démarre le conteneur - sudo lxc-wait -n $MACHINE -s 'RUNNING' -t 20 # Attend pendant 20s maximum que le conteneur démarre -# sudo lxc-ls -f - if [ $(sudo lxc-info --name $MACHINE | grep -c "RUNNING") -ne 1 ]; then - return 1 # Renvoi 1 si le démarrage du conteneur a échoué - else - STOP_CONTAINER $MACHINE - return 0 # Renvoi 0 si le démarrage du conteneur a réussi - fi -} +ynh_print_info --message=">> Starting demo restore from crash." -RESTORE_SNAPSHOT () { - MACHINE=$1 - echo -e "\e[1m> Restauration du snapshot du conteneur $MACHINE\e[0m" - sudo lxc-snapshot -r snap0 -n $MACHINE - CHECK_CONTAINER $MACHINE - STATUS=$? - if [ $STATUS -eq 1 ]; then - echo -e "\e[91m> Conteneur $MACHINE en défaut.\e[0m" - return 1 - else - echo -e "\e[92m> Conteneur $MACHINE en état de marche.\e[0m" - return 0 - fi -} +ynh_print_info --message="> Disabling switch cron." +sed -i "s/.*demo_switch.sh/#&/" /etc/cron.d/demo_switch # Le cron est commenté durant l'opération de maintenance. -RESTORE_ARCHIVE_SNAPSHOT () { - MACHINE=$1 - if ! test -e "/var/lib/lxcsnaps/$MACHINE/snap1.tar.gz"; then - echo "Aucune archive de snapshot pour le conteneur $MACHINE" - return 1 - fi - echo -e "\e[1m> Restauration du snapshot archivé pour le conteneur $MACHINE\e[0m" - echo "Suppression du snapshot" - sudo lxc-snapshot -n $MACHINE -d snap0 - echo "Décompression de l'archive" - sudo tar -x --acls --xattrs -f /var/lib/lxcsnaps/$MACHINE/snap0.tar.gz -C / - RESTORE_SNAPSHOT $MACHINE - return $? -} +ynh_print_info --message="> Deleting locks and stoping LXC containers." +ynh_secure_remove --file="/var/lib/lxd/$lxc_name1.lock_fileS" +ynh_secure_remove --file="/var/lib/lxd/$lxc_name2.lock_fileS" +ynh_secure_remove --file="/var/lib/lxd/$lxc_name1.lock_fileU" +ynh_secure_remove --file="/var/lib/lxd/$lxc_name2.lock_fileU" -CLONE_CONTAINER () { - MACHINE_SOURCE=$1 - MACHINE_CIBLE=$2 - IP_SOURCE=$3 - IP_CIBLE=$4 - echo "Suppression du conteneur $MACHINE_CIBLE" - sudo lxc-snapshot -n $MACHINE_CIBLE -d snap0 - sudo rm -f /var/lib/lxcsnaps/$MACHINE_CIBLE/snap0.tar.gz - sudo lxc-destroy -n $MACHINE_CIBLE -f - - echo -e "\e[1m> Clone le conteneur $MACHINE_SOURCE sur $MACHINE_CIBLE\e[0m" - sudo lxc-copy --name=$MACHINE_SOURCE --newname=$MACHINE_CIBLE - - echo "Modification de l'ip du clone," - sudo sed -i "s@address $IP_SOURCE@address $IP_CIBLE@" /var/lib/lxc/$MACHINE_CIBLE/rootfs/etc/network/interfaces - echo "du nom du veth" - sudo sed -i "s@$MACHINE_SOURCE@$MACHINE_CIBLE@g" /var/lib/lxc/$MACHINE_CIBLE/config - echo "Et enfin renseigne /etc/hosts sur le clone" - sudo sed -i "s@^127.0.0.1 $MACHINE_SOURCE@127.0.0.1 $MACHINE_CIBLE@" /var/lib/lxc/$MACHINE_CIBLE/rootfs/etc/hosts - - CHECK_CONTAINER $MACHINE_CIBLE - STATUS=$? - if [ $STATUS -eq 1 ]; then - echo -e "\e[91m> Conteneur $MACHINE_CIBLE en défaut.\e[0m" - else - echo -e "\e[92m> Conteneur $MACHINE_CIBLE en état de marche.\e[0m" - echo "Création d'un nouveau snapshot pour le conteneur $MACHINE_CIBLE" - sudo lxc-snapshot -n $MACHINE_CIBLE - fi - return $STATUS -} - -echo "Désactive le cron switch." -sudo sed -i "s/.*demo_switch.sh/#&/" /etc/cron.d/demo_switch # Le cron est commenté durant l'opération de maintenance. - -echo "Suppression des lock et arrêt forcé des conteneurs." -sudo rm -f /var/lib/lxc/$LXC_NAME1.lock_fileS -sudo rm -f /var/lib/lxc/$LXC_NAME2.lock_fileS -sudo rm -f /var/lib/lxc/$LXC_NAME1.lock_fileU -sudo rm -f /var/lib/lxc/$LXC_NAME2.lock_fileU - -STOP_CONTAINER $LXC_NAME1 -STOP_CONTAINER $LXC_NAME2 - -echo "Initialisation du réseau pour le conteneur." -if ! sudo ifquery lxc_demo --state > /dev/null; then - sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo -fi - -# Activation des règles iptables -echo "Configure le parefeu" -if ! sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT 2> /dev/null; then - sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT -fi -if ! sudo iptables -C FORWARD -i eth0 -o lxc_demo -j ACCEPT 2> /dev/null; then - sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT -fi -if ! sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null; then - sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE -fi +ynh_lxc_demo_stop --name="$lxc_name1" +ynh_lxc_demo_stop --name="$lxc_name2" # Vérifie l'état des conteneurs. -CHECK_CONTAINER $LXC_NAME1 +ynh_lxc_check_container_start --name=$lxc_name1 LXC1_STATUS=$? -CHECK_CONTAINER $LXC_NAME2 +ynh_lxc_check_container_start --name=$lxc_name2 LXC2_STATUS=$? if [ $LXC1_STATUS -eq 1 ]; then - echo -e "\e[91m> Conteneur $LXC_NAME1 en défaut.\e[0m" + ynh_print_info --message="> LXC container $lxc_name1 is broken." else - echo -e "\e[92m> Conteneur $LXC_NAME1 en état de marche.\e[0m" + ynh_print_info --message="> LXC container $lxc_name1 is working." fi if [ $LXC2_STATUS -eq 1 ]; then - echo -e "\e[91m> Conteneur $LXC_NAME2 en défaut.\e[0m" + ynh_print_info --message="> LXC container $lxc_name2 is broken." else - echo -e "\e[92m> Conteneur $LXC_NAME2 en état de marche.\e[0m" + ynh_print_info --message="> LXC container $lxc_name2 is working." fi # Restauration des snapshots if [ $LXC1_STATUS -eq 1 ]; then - RESTORE_SNAPSHOT $LXC_NAME1 + ynh_lxc_demo_restore_from_snapshot --name=$lxc_name1 LXC1_STATUS=$? fi if [ $LXC2_STATUS -eq 1 ]; then - RESTORE_SNAPSHOT $LXC_NAME2 + ynh_lxc_demo_restore_from_snapshot --name=$lxc_name2 LXC2_STATUS=$? fi # Restauration des archives des snapshots if [ $LXC1_STATUS -eq 1 ]; then - RESTORE_ARCHIVE_SNAPSHOT $LXC_NAME1 + ynh_lxc_demo_restore_from_archive --name=$lxc_name1 LXC1_STATUS=$? fi if [ $LXC2_STATUS -eq 1 ]; then - RESTORE_ARCHIVE_SNAPSHOT $LXC_NAME2 + ynh_lxc_demo_restore_from_archive --name=$lxc_name2 LXC2_STATUS=$? fi # Si des erreurs persistent, tente de cloner depuis un conteneur sain if [ $LXC1_STATUS -eq 1 ] && [ $LXC2_STATUS -eq 0 ] ; then - CLONE_CONTAINER $LXC_NAME2 $LXC_NAME1 $IP_LXC2 $IP_LXC1 + ynh_lxc_clone --source=$lxc_name2 --destination=$lxc_name1 LXC1_STATUS=$? fi if [ $LXC2_STATUS -eq 1 ] && [ $LXC1_STATUS -eq 0 ]; then - CLONE_CONTAINER $LXC_NAME1 $LXC_NAME2 $IP_LXC1 $IP_LXC2 + ynh_lxc_clone --source=$lxc_name1 --destination=$lxc_name2 LXC2_STATUS=$? fi # Résultats finaux if [ $LXC1_STATUS -eq 1 ] || [ $LXC2_STATUS -eq 1 ]; then if [ $LXC1_STATUS -eq 1 ]; then - echo -e "\e[91m\n> Le conteneur $LXC_NAME1 n'a pas pu être réparé...\e[0m" + ynh_print_info --message="> $lxc_name1 LXC container can't be repaired..." fi if [ $LXC2_STATUS -eq 1 ]; then - echo -e "\e[91m\n> Le conteneur $LXC_NAME2 n'a pas pu être réparé...\e[0m" + ynh_print_info --message="> $lxc_name2 LXC container can't be repaired..." fi else - echo -e "\e[92m\n> Les 2 conteneurs sont sains et fonctionnels.\e[0m" + ynh_print_info --message="> The 2 LXC containers are working." fi -echo "Réactive le cron switch." -sudo sed -i "s/#*\*/\*/" /etc/cron.d/demo_switch # Le cron est décommenté -echo "Restart la demo." -$script_dir/demo_start.sh +ynh_print_info --message="> Enabling switch cron." +sed -i "s/#*\*/\*/" /etc/cron.d/demo_switch # Le cron est décommenté +ynh_print_info --message="> Restart the demo." +$final_path/demo_start.sh + +ynh_print_info --message=">> Finished demo restore from crash." diff --git a/demo_start.sh b/demo_start.sh index 79fc30b..31d1240 100755 --- a/demo_start.sh +++ b/demo_start.sh @@ -1,38 +1,31 @@ #!/bin/bash -# Démarre le premier conteneur de demo et active la config réseau dédiée. +# Démarre le premier conteneur de demo # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi -PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2) -LXC_NAME=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) +source $script_dir/ynh_lxd +source $script_dir/ynh_lxd_demo +source /usr/share/yunohost/helpers -"$script_dir/demo_stop.sh" > /dev/null 2>&1 +app=${__APP__:-yunohost_demo} +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1) +lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network) +lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1) -echo "Initialisation du réseau pour le conteneur." -if ! sudo ifquery lxc_demo --state > /dev/null; then - sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo -fi +date | tee -a "$final_path/demo_boot.log" 2>&1 +ynh_print_info --message=">> Starting demo." | tee -a "$final_path/demo_boot.log" 2>&1 -# Activation des règles iptables -echo "> Configure le parefeu" -if ! sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT 2> /dev/null; then - sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT -fi -if ! sudo iptables -C FORWARD -i eth0 -o lxc_demo -j ACCEPT 2> /dev/null; then - sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT -fi -if ! sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null; then - sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE -fi +/bin/bash "$final_path/demo_stop.sh" > /dev/null 2>&1 # Démarrage de la machine -echo "> Démarrage de la machine" -date >> "$script_dir/demo_boot.log" -echo "Starting $LXC_NAME" >> "$script_dir/demo_boot.log" -sudo lxc-start -n $LXC_NAME -o "$script_dir/demo_boot.log" -d +ynh_print_info --message="> Démarrage de la machine" | tee -a "$final_path/demo_boot.log" 2>&1 +date | tee -a "$final_path/demo_boot.log" 2>&1 +ynh_print_info --message="> Starting $lxc_name1" | tee -a "$final_path/demo_boot.log" 2>&1 +ynh_lxc_demo_start --name=$lxc_name1 --ip="$lxdbr_demo_network$lxc_ip1" | tee -a "$final_path/demo_boot.log" 2>&1 sleep 3 -# Vérifie que la machine a démarré -sudo lxc-ls -f +date | tee -a "$final_path/demo_boot.log" 2>&1 +ynh_print_info --message=">> Finished starting demo." | tee -a "$final_path/demo_boot.log" 2>&1 diff --git a/demo_stop.sh b/demo_stop.sh index 6408ad1..80f3a14 100755 --- a/demo_stop.sh +++ b/demo_stop.sh @@ -3,50 +3,51 @@ # Stoppe les conteneurs de demo et arrête la config réseau dédiée. # Récupère le dossier du script -if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi +if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(ynh_print_info --message=$PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi -PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2) -LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) -LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2) +source $script_dir/ynh_lxd +source $script_dir/ynh_lxd_demo +source /usr/share/yunohost/helpers + +app=${__APP__:-yunohost_demo} +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1) +lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2) + +date | tee -a "$final_path/demo_boot.log" 2>&1 +ynh_print_info --message=">> Stopping demo." | tee -a "$final_path/demo_boot.log" 2>&1 if [ "$#" -eq 1 ] && [ "$1" == "-f" ] then - echo "> Suppression des lock et arrêt forcé des conteneurs." - sudo rm -f /var/lib/lxc/$LXC_NAME1.lock_fileS - sudo rm -f /var/lib/lxc/$LXC_NAME2.lock_fileS - sudo rm -f /var/lib/lxc/$LXC_NAME1.lock_fileU - sudo rm -f /var/lib/lxc/$LXC_NAME2.lock_fileU + ynh_print_info --message="> Deleting locks and force stopping LXC containers." | tee -a "$final_path/demo_boot.log" 2>&1 + ynh_exec_warn_less ynh_secure_remove --file="/var/lib/lxd/$lxc_name1.lock_fileS" + ynh_exec_warn_less ynh_secure_remove --file="/var/lib/lxd/$lxc_name2.lock_fileS" + ynh_exec_warn_less ynh_secure_remove --file="/var/lib/lxd/$lxc_name1.lock_fileU" + ynh_exec_warn_less ynh_secure_remove --file="/var/lib/lxd/$lxc_name2.lock_fileU" else - echo "> Attend la libération des lock sur les conteneurs." - while test -e /var/lib/lxc/$LXC_NAME1.lock_file* || test -e /var/lib/lxc/$LXC_NAME2.lock_file*; do + ynh_print_info --message="> Waiting locks." | tee -a "$final_path/demo_boot.log" 2>&1 + while test -e /var/lib/lxd/$lxc_name1.lock_file* || test -e /var/lib/lxd/$lxc_name2.lock_file*; do sleep 5 # Attend que les conteneur soit libérés par les script upgrade ou switch, le cas échéant. done fi -echo "> Arrêt des conteneurs" -if [ $(sudo lxc-info --name $LXC_NAME1 | grep -c "STOPPED") -eq 0 ]; then - echo "Arrêt du conteneur $LXC_NAME1" - sudo lxc-stop -n $LXC_NAME1 +ynh_print_info --message="> Stopping LXC containers" | tee -a "$final_path/demo_boot.log" 2>&1 +if ynh_lxc_exists --name=$lxc_name1 +then + if ! ynh_lxc_is_stopped --name=$lxc_name1 + then + ynh_print_info --message="> Stopping $lxc_name1 LXC container" | tee -a "$final_path/demo_boot.log" 2>&1 + ynh_lxc_demo_stop --name=$lxc_name1 + fi fi -if [ $(sudo lxc-info --name $LXC_NAME2 | grep -c "STOPPED") -eq 0 ]; then - echo "Arrêt du conteneur $LXC_NAME2" - sudo lxc-stop -n $LXC_NAME2 +if ynh_lxc_exists --name=$lxc_name2 +then + if ! ynh_lxc_is_stopped --name=$lxc_name2 + then + ynh_print_info --message="> Stopping $lxc_name2 LXC container" + ynh_lxc_demo_stop --name=$lxc_name2 + fi fi -echo "> Suppression des règles de parefeu" -if sudo iptables -C FORWARD -i lxc_demo -o eth0 -j ACCEPT 2> /dev/null; then - sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT -fi -if sudo iptables -C FORWARD -i eth0 -o lxc_demo -j ACCEPT 2> /dev/null; then - sudo iptables -D FORWARD -i eth0 -o lxc_demo -j ACCEPT -fi -if sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null; then - sudo iptables -t nat -D POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE -fi - -echo "Arrêt de l'interface réseau pour le conteneur." -if sudo ifquery lxc_demo --state > /dev/null; then - sudo ifdown --force lxc_demo -fi - -sudo lxc-ls -f +date | tee -a "$final_path/demo_boot.log" 2>&1 +ynh_print_info --message=">> Finished stopping demo." | tee -a "$final_path/demo_boot.log" 2>&1 diff --git a/demo_switch.sh b/demo_switch.sh index f1a220c..c192328 100755 --- a/demo_switch.sh +++ b/demo_switch.sh @@ -6,56 +6,74 @@ # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi -PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2) -LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) -LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2) -MAIL_ADDR=$(cat "$script_dir/demo_lxc_build.sh" | grep MAIL_ADDR= | cut -d '=' -f2) -DOMAIN=$(cat "$script_dir/domain.ini") +source $script_dir/ynh_lxd +source $script_dir/ynh_lxd_demo +source /usr/share/yunohost/helpers -log_line=$(wc -l "$script_dir/demo_switch.log" | cut -d ' ' -f 1) # Repère la fin du log actuel. Pour récupérer les lignes ajoutées sur cette exécution. +app=${__APP__:-yunohost_demo} +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network) +lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1) +lxc_ip2=$(ynh_app_setting_get --app=$app --key=lxc_ip2) +lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1) +lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) + +log_line=$(wc -l "$final_path/demo_switch.log" | cut -d ' ' -f 1) # Repère la fin du log actuel. Pour récupérer les lignes ajoutées sur cette exécution. log_line=$(( $log_line + 1 )) # Ignore la première ligne, reprise de l'ancien log. -date >> "$script_dir/demo_switch.log" -while test -e /var/lib/lxc/$LXC_NAME1.lock_file* || test -e /var/lib/lxc/$LXC_NAME2.lock_file*; do +date | tee -a "$final_path/demo_switch.log" 2>&1 +ynh_print_info --message=">> Start switching demo." | tee -a "$final_path/demo_switch.log" 2>&1 + +while test -e /var/lib/lxd/$lxc_name1.lock_file* || test -e /var/lib/lxd/$lxc_name2.lock_file*; do sleep 5 # Attend que le conteneur soit libéré par les script upgrade ou switch, le cas échéant. done # Vérifie l'état des machines. -if [ "$(sudo lxc-info --name $LXC_NAME1 | grep -c "RUNNING")" -eq "1" ] +if ynh_lxc_is_started --name=$lxc_name1 then # Si la machine 1 est démarrée. - LXC_A=$LXC_NAME1 - LXC_B=$LXC_NAME2 + LXC_A=$lxc_name1 + IP_A="$lxdbr_demo_network$lxc_ip1" + LXC_B=$lxc_name2 + IP_B="$lxdbr_demo_network$lxc_ip2" else # Sinon, on suppose que c'est la machine 2 qui est en cours. - LXC_A=$LXC_NAME2 - LXC_B=$LXC_NAME1 + LXC_A=$lxc_name2 + IP_A="$lxdbr_demo_network$lxc_ip2" + LXC_B=$lxc_name1 + IP_B="$lxdbr_demo_network$lxc_ip1" # Si aucune machine ne tourne, la première démarrera. fi # Supprime les éventuels swap présents. -/sbin/swapoff /var/lib/lxc/$LXC_A/rootfs/swap_* +/sbin/swapoff /var/lib/lxd/$LXC_A/rootfs/swap_* -echo "Starting $LXC_B" +ynh_print_info --message="> Starting $LXC_B" # Démarre le conteneur B et arrête le conteneur A. -sudo lxc-start -n $LXC_B -o "$script_dir/demo_switch.log" -d > /dev/null # Démarre l'autre machine -sleep 10 # Attend 10 seconde pour s'assurer du démarrage de la machine. -if [ "$(sudo lxc-info --name $LXC_B | grep -c "STOPPED")" -eq "1" ] +ynh_lxc_demo_start --name=$LXC_B --ip=$IP_B +sleep 5 # Attend 10 seconde pour s'assurer du démarrage de la machine. +if ! ynh_lxc_is_started --name=$LXC_B then # Le conteneur n'a pas réussi à démarrer. On averti un responsable par mail... - echo -e "Échec du démarrage du conteneur $LXC_B sur le serveur de demo $DOMAIN! \n\nExtrait du log:\n$(tail -n +$log_line "$script_dir/demo_switch.log")\n\nLe script 'demo_restore_crash.sh' va être exécuté pour tenter de fixer l'erreur." | mail -a "Content-Type: text/plain; charset=UTF-8" -s "Demo Yunohost" $MAIL_ADDR - $script_dir/demo_restore_crash.sh & + ynh_print_info --message="> Échec du démarrage du conteneur $LXC_B sur le serveur de demo $DOMAIN! \n\nExtrait du log:\n$(tail -n +$log_line "$final_path/demo_switch.log")\n\nLe script 'demo_restore_crash.sh' va être exécuté pour tenter de fixer l'erreur." | mail -a "Content-Type: text/plain; charset=UTF-8" -s "Demo Yunohost" $MAIL_ADDR + /bin/bash $final_path/demo_restore_crash.sh & exit 1 else - echo "Stopping $LXC_A" + ynh_print_info --message="> Stopping $LXC_A" # Bascule sur le conteneur B avec le load balancing de nginx... # Automatique par nginx lorsque la machine A sera éteinte. # Arrêt du conteneur A. Il est remplacé par le B - sudo touch /var/lib/lxc/$LXC_A.lock_fileS # Met en place un fichier pour indiquer que la machine n'est pas encore dispo. - sudo lxc-stop -n $LXC_A + touch /var/lib/lxd/$LXC_A.lock_fileS # Met en place un fichier pour indiquer que la machine n'est pas encore dispo. + ynh_lxc_demo_stop --name=$LXC_A # Supprime les éventuels swap présents. - /sbin/swapoff /var/lib/lxc/$LXC_A/rootfs/swap_* - echo "Restauring $LXC_A from snapshot" + /sbin/swapoff /var/lib/lxd/$LXC_A/rootfs/swap_* + ynh_print_info --message="> Restauring $LXC_A from snapshot" # Restaure le snapshot de la machine A avant sa prochaine exécution - sudo lxc-snapshot -r snap0 -n $LXC_A - sudo rm /var/lib/lxc/$LXC_A.lock_fileS # Libère le lock - echo "Finish restoring $LXC_A" + ynh_lxc_snapshot_load --name=$LXC_A --snapname=snap0 + ynh_lxc_stop --name=$LXC_A + ynh_secure_remove --file="/var/lib/lxd/$LXC_A.lock_fileS" # Libère le lock + ynh_print_info --message="> Finish restoring $LXC_A" fi + +date | tee -a "$final_path/demo_switch.log" 2>&1 +ynh_print_info --message=">> Finished switching demo." | tee -a "$final_path/demo_switch.log" 2>&1 diff --git a/demo_upgrade.sh b/demo_upgrade.sh index ba2a952..0cd9320 100755 --- a/demo_upgrade.sh +++ b/demo_upgrade.sh @@ -6,163 +6,27 @@ # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi -LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2) -LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2) -IP_LXC1=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC1= | cut -d '=' -f2) -IP_LXC2=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC2= | cut -d '=' -f2) -PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2) -TIME_TO_SWITCH=$(cat "$script_dir/demo_lxc_build.sh" | grep TIME_TO_SWITCH= | cut -d '=' -f2) -MAIL_ADDR=$(cat "$script_dir/demo_lxc_build.sh" | grep MAIL_ADDR= | cut -d '=' -f2) -DOMAIN=$(cat "$script_dir/domain.ini") +source $script_dir/ynh_lxd +source $script_dir/ynh_lxd_demo +source /usr/share/yunohost/helpers + +app=${__APP__:-yunohost_demo} +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1) +lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2) +time_to_switch=$(ynh_app_setting_get --app=$app --key=time_to_switch) -IP_UPGRADE=$PLAGE_IP.150 LOOP=0 -log_line=$(wc -l "$script_dir/demo_upgrade.log" | cut -d ' ' -f 1) # Repère la fin du log actuel. Pour récupérer les lignes ajoutées sur cette exécution. +log_line=$(wc -l "$final_path/demo_upgrade.log" | cut -d ' ' -f 1) # Repère la fin du log actuel. Pour récupérer les lignes ajoutées sur cette exécution. log_line=$(( $log_line + 1 )) # Ignore la première ligne, reprise de l'ancien log. -date >> "$script_dir/demo_upgrade.log" -UPGRADE_DEMO_CONTAINER () { # Démarrage, upgrade et snapshot - MACHINE=$1 - IP_MACHINE=$2 - echo "Upgrading $MACHINE" - # Attend que la machine soit éteinte. - # Timeout à $TIME_TO_SWITCH +5 minutes, en seconde - TIME_OUT=$(($TIME_TO_SWITCH * 60 + 300)) - sudo lxc-wait -n $MACHINE -s 'STOPPED' -t $TIME_OUT +date | tee -a "$final_path/demo_upgrade.log" 2>&1 +ynh_print_info --message=">> Upgrading demo." | tee -a "$final_path/demo_upgrade.log" 2>&1 - while test -e /var/lib/lxc/$MACHINE.lock_fileS; do - sleep 5 # Attend que le conteneur soit libéré par le script switch. - done +ynh_lxc_demo_upgrade --name=$lxc_name1 --time_to_switch=$time_to_switch +ynh_lxc_demo_upgrade --name=$lxc_name2 --time_to_switch=$time_to_switch - sudo touch /var/lib/lxc/$MACHINE.lock_fileU # Met en place un fichier pour indiquer que la machine est indisponible pendant l'upgrade - - # Supprime les éventuels swap présents. - /sbin/swapoff /var/lib/lxc/$MACHINE/rootfs/swap_* - - # Restaure le snapshot - sudo lxc-snapshot -r snap0 -n $MACHINE - - # Change l'ip du conteneur le temps de l'upgrade. Pour empêcher HAProxy de basculer sur le conteneur. - sudo sed -i "s@address $IP_MACHINE@address $IP_UPGRADE@" /var/lib/lxc/$MACHINE/rootfs/etc/network/interfaces - - # Active le bridge réseau - if ! sudo ifquery lxc_demo --state > /dev/null - then - sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo - fi - - # Configure le parefeu - if ! sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT 2> /dev/null - then - sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT - fi - if ! sudo iptables -C FORWARD -i eth0 -o lxc_demo -j ACCEPT 2> /dev/null - then - sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT - fi - if ! sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null - then - sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE - fi - - # Démarre le conteneur - date >> "$script_dir/demo_boot.log" - sudo lxc-start -n $MACHINE -o "$script_dir/demo_boot.log" -d > /dev/null - sleep 10 - - # Update - update_apt=0 - sudo lxc-attach -n $MACHINE -- apt-get update - sudo lxc-attach -n $MACHINE -- apt-get dist-upgrade --dry-run | grep -q "^Inst " > /dev/null # Vérifie si il y aura des mises à jour. - if [ "$?" -eq 0 ]; then - date - update_apt=1 - # Upgrade - sudo lxc-attach -n $MACHINE -- apt-get dist-upgrade --option Dpkg::Options::=--force-confold -yy - # Clean - sudo lxc-attach -n $MACHINE -- apt-get autoremove -y - sudo lxc-attach -n $MACHINE -- apt-get autoclean - fi - sudo lxc-attach -n $MACHINE -- yunohost tools update - sudo lxc-attach -n $MACHINE -- yunohost tools upgrade system - - # Exécution des scripts de upgrade.d - LOOP=$((LOOP + 1)) - while read LIGNE - do - if [ ! "$LIGNE" == "exemple" ] && [ ! "$LIGNE" == "old_scripts" ] && [ ! "$LIGNE" == "Constant_upgrade" ] && ! echo "$LIGNE" | grep -q ".fail$" # Le fichier exemple, le dossier old_scripts et les scripts fail sont ignorés - then - date - # Exécute chaque script trouvé dans upgrade.d - echo "Exécution du script $LIGNE sur le conteneur $MACHINE" - /bin/bash "$script_dir/upgrade.d/$LIGNE" $MACHINE - if [ "$?" -ne 0 ]; then # Si le script a échoué, le snapshot est annulé. - echo "Échec du script $LIGNE" - mv -f "$script_dir/upgrade.d/$LIGNE" "$script_dir/upgrade.d/$LIGNE.fail" - echo -e "Échec d'exécution du script d'upgrade $LIGNE sur le conteneur $MACHINE sur le serveur de demo $DOMAIN!\nLe script a été renommé en .fail, il ne sera plus exécuté tant que le préfixe ne sera pas retiré.\n\nExtrait du log:\n$(tail -n +$log_line "$script_dir/demo_upgrade.log")" | mail -a "Content-Type: text/plain; charset=UTF-8" -s "Demo Yunohost" $MAIL_ADDR - update_apt=0 - else - echo "Le script $LIGNE a été exécuté sans erreur" - update_apt=1 - fi - fi - done <<< "$(ls -1 "$script_dir/upgrade.d")" - - # Exécution des scripts de upgrade.d/Constant_upgrade - while read LIGNE - do - if [ "$update_apt" -eq "1" ] - then - date - # Exécute chaque script trouvé dans upgrade.d/Constant_upgrade - echo "Exécution du script $LIGNE sur le conteneur $MACHINE" - /bin/bash "$script_dir/upgrade.d/Constant_upgrade/$LIGNE" $MACHINE - if [ "$?" -ne 0 ]; then - echo "Échec du script $LIGNE" - echo -e "Échec d'exécution du script d'upgrade $LIGNE sur le conteneur $MACHINE sur le serveur de demo $DOMAIN!\n" - else - echo "Le script $LIGNE a été exécuté sans erreur" - fi - fi - done <<< "$(ls -1 "$script_dir/upgrade.d/Constant_upgrade")" - - # Upgrade des apps - sudo lxc-attach -n $MACHINE -- yunohost tools update - sudo lxc-attach -n $MACHINE -- systemctl restart nginx - sudo lxc-attach -n $MACHINE -- yunohost tools upgrade apps - sudo lxc-attach -n $MACHINE -- systemctl restart nginx - - # Arrêt de la machine virtualisée - sudo lxc-stop -n $MACHINE - - # Restaure l'ip d'origine du conteneur. - sudo sed -i "s@address $IP_UPGRADE@address $IP_MACHINE@" /var/lib/lxc/$MACHINE/rootfs/etc/network/interfaces - - if [ "$update_apt" -eq "1" ] - then - # Archivage du snapshot - sudo tar -cz --acls --xattrs -f /var/lib/lxcsnaps/$MACHINE/snap0.tar.gz /var/lib/lxcsnaps/$MACHINE/snap0 - # Remplacement du snapshot - sudo lxc-snapshot -n $MACHINE -d snap0 - sudo lxc-snapshot -n $MACHINE - - if [ "$LOOP" -eq 2 ] - then # Après l'upgrade du 2e conteneur, déplace les scripts dans le dossier des anciens scripts si ils ont été exécutés avec succès. - ls -1 "$script_dir/upgrade.d" | while read LIGNE - do - if [ ! "$LIGNE" == "exemple" ] && [ ! "$LIGNE" == "old_scripts" ] && [ ! "$LIGNE" == "Constant_upgrade" ] && ! echo "$LIGNE" | grep -q ".fail$" # Le fichier exemple, le dossier old_scripts et les scripts fail sont ignorés - then - mv -f "$script_dir/upgrade.d/$LIGNE" "$script_dir/upgrade.d/old_scripts/$LIGNE" - fi - done - fi - fi - sudo rm /var/lib/lxc/$MACHINE.lock_fileU # Libère le lock, la machine est à nouveau disponible - echo "Finished upgrading $MACHINE" -} - -echo "" -date -UPGRADE_DEMO_CONTAINER $LXC_NAME1 $IP_LXC1 -UPGRADE_DEMO_CONTAINER $LXC_NAME2 $IP_LXC2 +date | tee -a "$final_path/demo_upgrade.log" 2>&1 +ynh_print_info --message=">> Finished upgrading demo." | tee -a "$final_path/demo_upgrade.log" 2>&1 diff --git a/upgrade.d/Constant_upgrade/Default_login b/upgrade.d/Constant_upgrade/Default_login index e9000f0..61e6285 100644 --- a/upgrade.d/Constant_upgrade/Default_login +++ b/upgrade.d/Constant_upgrade/Default_login @@ -3,12 +3,23 @@ # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi -MACHINE=$1 # Nom du conteneur +source $script_dir/../../ynh_lxd +source /usr/share/yunohost/helpers +app=${__APP__:-yunohost_demo} +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +demo_user=$(ynh_app_setting_get --app=$app --key=demo_user) +demo_password=$(ynh_app_setting_get --app=$app --key=demo_password) + +MACHINE=$1 # Nom du conteneur + +# Active le mode démo de la webadmin / TO BE IMPLEMENTED +#ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost settings set demo 1" # Indique le couple login/mot de passe demo/demo # Et ajoute demo/demo par défaut dans les champs d'identification -sed -i "s/id=\"user\" type=\"text\" name=\"user\"/id=\"user\" type=\"text\" name=\"user\" value=\"demo\"/" /var/lib/lxc/$MACHINE/rootfs/usr/share/ssowat/portal/login.html -sed -i "s/id=\"password\" type=\"password\" name=\"password\"/id=\"password\" type=\"password\" name=\"password\" value=\"demo\"/" /var/lib/lxc/$MACHINE/rootfs/usr/share/ssowat/portal/login.html - -#sed -i "17i\   Password: $YUNO_PWD" /var/lib/lxc/$MACHINE/rootfs/usr/share/yunohost/admin/views/login.ms # Et sur le login admin -#sed -i "s/type=\"password\" id=\"password\" name=\"password\"/type=\"password\" id=\"password\" name=\"password\" value=\"$YUNO_PWD\"/" /var/lib/lxc/$MACHINE/rootfs/usr/share/yunohost/admin/views/login.ms +ynh_lxc_run_inside --name="$MACHINE" --command="sed -i \"3i\
Login: $demo_user / Password: $demo_password
\" /usr/share/ssowat/portal/login.html" # Sur le login du portail +ynh_lxc_run_inside --name="$MACHINE" --command="sed -i \"s/id=\"user\" type=\"text\" name=\"user\"/id=\"user\" type=\"text\" name=\"user\" value=\"$demo_user\"/\" /usr/share/ssowat/portal/login.html" +ynh_lxc_run_inside --name="$MACHINE" --command="sed -i \"s/id=\"password\" type=\"password\" name=\"password\"/id=\"password\" type=\"password\" name=\"password\" value=\"$demo_password\"/\" /usr/share/ssowat/portal/login.html" +# ainsi que dans la webadmin +#sed -i "17i\   Password: $YUNO_PWD" /var/lib/lxd/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/login.ms # Et sur le login admin +#sed -i "s/type=\"password\" id=\"password\" name=\"password\"/type=\"password\" id=\"password\" name=\"password\" value=\"$YUNO_PWD\"/" /var/lib/lxd/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/login.ms diff --git a/upgrade.d/Constant_upgrade/Disable_add_domain b/upgrade.d/Constant_upgrade/Disable_add_domain index 50a5b0a..658d11e 100644 --- a/upgrade.d/Constant_upgrade/Disable_add_domain +++ b/upgrade.d/Constant_upgrade/Disable_add_domain @@ -3,7 +3,7 @@ # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi -MACHINE=$1 # Nom du conteneur +MACHINE=$1 # Nom du conteneur # Désactive l'ajout de domaine, pour éviter surtout les nohost -#sed -i "s@@@g" /var/lib/lxc/$MACHINE/rootfs/usr/share/yunohost/admin/views/domain/domain_add.ms +#sed -i "s@@@g" /var/lib/lxd/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/domain/domain_add.ms diff --git a/upgrade.d/Constant_upgrade/Disable_custom_apps b/upgrade.d/Constant_upgrade/Disable_custom_apps index fc64630..9efc84c 100644 --- a/upgrade.d/Constant_upgrade/Disable_custom_apps +++ b/upgrade.d/Constant_upgrade/Disable_custom_apps @@ -3,7 +3,7 @@ # Récupère le dossier du script if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi -MACHINE=$1 # Nom du conteneur +MACHINE=$1 # Nom du conteneur # Désactive l'installation d'app custom -#sed -i "s@{{t 'install'}}@{{t 'install'}}@g" /var/lib/lxc/$MACHINE/rootfs/usr/share/yunohost/admin/views/app/app_catalog_category.ms +#sed -i "s@{{t 'install'}}@{{t 'install'}}@g" /var/lib/lxd/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/app/app_catalog_category.ms diff --git a/ynh_lxd b/ynh_lxd new file mode 100644 index 0000000..d8e0bac --- /dev/null +++ b/ynh_lxd @@ -0,0 +1,566 @@ +#!/bin/bash + +#================================================= +# LXD HELPERS +#================================================= + +# Check if a LXC container exists +# +# usage: ynh_lxc_exists --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_exists () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if ! lxc list --format json | jq -e --arg name $name '.[] | select(.name==$name) | .name' >/dev/null + then + return 1 + else + return 0 + fi +} + +# Return LXC container status +# +# usage: ynh_lxc_status --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_status () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if ynh_lxc_exists --name=$name + then + lxc list --format json | jq -r --arg name $name '.[] | select(.name==$name) | .state | .status' + fi +} + +# Check if an LXC container is running +# +# usage: ynh_lxc_is_started --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_is_started () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if [ "$(ynh_lxc_status --name=$name)" == Running ] + then + return 0 + else + return 1 + fi +} + +# Check if an LXC container is stopped +# +# usage: ynh_lxc_is_stopped --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_is_stopped () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if [ "$(ynh_lxc_status --name=$name)" == Stopped ] + then + return 0 + else + return 1 + fi +} + +# Start an LXC container +# +# usage: ynh_lxc_start --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_start () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # If the container exists + if ynh_lxc_exists --name=$name + then + if ! ynh_lxc_is_started --name=$name + then + lxc start $name + fi + fi +} + +# Stopping an LXC container +# +# usage: ynh_lxc_stop --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_stop () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # If the container exists + if ynh_lxc_exists --name=$name + then + ynh_print_info --message="Stopping LXC $name" + wait_period=0 + while ! ynh_lxc_is_stopped --name=$name + do + lxc stop $name + wait_period=$(($wait_period+10)) + if [ $wait_period -gt 30 ];then + break + else + sleep 1 + fi + done + + # If the command times out, then add the option --force + wait_period=0 + while ! ynh_lxc_is_stopped --name=$name + do + lxc stop $name --force + wait_period=$(($wait_period+10)) + if [ $wait_period -gt 30 ];then + break + else + sleep 5 + fi + done + fi +} + +# Run a command inside an LXC container +# +# usage: ynh_lxc_run_inside --name=name --command=command +# | arg: -n, --name= - name of the LXC +# | arg: -c, --command= - command to execute +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_run_inside () { + # Declare an array to define the options of this helper. + local legacy_args=nc + local -A args_array=([n]=name= [c]=command=) + local name + local command + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + lxc exec $name -- /bin/bash -c "$command" +} + +# Check an LXC container can start +# +# usage: ynh_lxc_check_container_start --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_check_container_start () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + ynh_print_info --message="Test du conteneur $name" + ynh_lxc_start --name=$name # Démarre le conteneur + + wait_period=0 + while ! ynh_lxc_is_started --name=$name + do + wait_period=$(($wait_period+10)) + if [ $wait_period -gt 20 ];then + break + else + sleep 5 + fi + done + + ynh_lxc_is_started --name=$name +} + +# Restart a container +# +# usage: _ynh_lxc_restart_container --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +_ynh_lxc_restart_container () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + ynh_lxc_stop --name=$name + ynh_lxc_start --name=$name +} + +# Keep sure the LXC is started +# +# usage: _ynh_lxc_start_and_wait --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +_ynh_lxc_start_and_wait () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # Try to start the container 3 times. + ynh_lxc_start --name=$name + local max_try=3 + local i=0 + while [ $i -lt $max_try ] + do + i=$(( i +1 )) + local failstart=0 + + # Wait for container to start, we are using systemd to check this, + # for the sake of brevity. + for j in $(seq 1 10); do + if ynh_lxc_run_inside --name=$name --command="systemctl isolate multi-user.target >/dev/null 2>/dev/null" + then + break + fi + + if [ "$j" == "10" ]; then + log_debug 'Failed to start the container ... restarting ...' + failstart=1 + + _ynh_lxc_restart_container --name="$name" + fi + + sleep 1s + done + + # Wait for container to access the internet + for j in $(seq 1 10); do + if ynh_lxc_run_inside --name=$name --command="curl -s http://wikipedia.org > /dev/null 2>/dev/null" + then + break + fi + + if [ "$j" == "10" ]; then + log_debug 'Failed to access the internet ... restarting' + failstart=1 + + _ynh_lxc_restart_container --name="$name" + fi + + sleep 1s + done + + # Has started and has access to the internet + if [ $failstart -eq 0 ] + then + break + fi + + # Fail if the container failed to start + if [ $i -eq $max_try ] && [ $failstart -eq 1 ] + then + log_error "The container miserably failed to start or to connect to the internet" + lxc info --show-log $name + return 1 + fi + done + + LXC_IP=$(ynh_lxc_run_inside --name=$name --command="hostname -I | cut -d' ' -f1 | grep -E -o \"\<[0-9.]{8,}\>\"") +} + +# Launch a new LXC from an image +# +# usage: ynh_lxc_launch --image=image --name=name +# | arg: -i, --image= - image to create from +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_launch (){ + # Declare an array to define the options of this helper. + local legacy_args=in + local -A args_array=([i]=image= [n]=name=) + local image + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if lxc remote list | grep -q "yunohost" && lxc image list yunohost:$image | grep -q -w $image; then + lxc launch yunohost:$image $name \ + -c security.nesting=true \ + -c security.privileged=true \ + -c limits.memory=80% \ + -c limits.cpu.allowance=80% | tee -a /proc/self/fd/3 + # Check if we can launch container from a local image + elif lxc image list $image | grep -q -w $image; then + lxc launch $image $name \ + -c security.nesting=true \ + -c security.privileged=true \ + -c limits.memory=80% \ + -c limits.cpu.allowance=80% | tee -a /proc/self/fd/3 + else + log_critical "Can't find base image $image" + fi +} + +# Delete a lxc container +# +# usage: ynh_lxc_delete --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_delete () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if ynh_lxc_exists --name=$name + then + lxc delete $name --force + else + return 1 + fi +} + +# Clean the swapfiles of an LXC container +# +# usage: ynh_lxc_swapfiles_clean --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_swapfiles_clean () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + _ynh_lxc_start_and_wait --name=$name + + ynh_lxc_run_inside --name=$name --command='for swapfile in $(ls /swap_* 2>/dev/null); do swapoff $swapfile; done' + ynh_lxc_run_inside --name=$name --command='for swapfile in $(ls /swap_* 2>/dev/null); do rm -f $swapfile; done' +} + +# Check if a snapshot exist for an LXC container +# +# usage: ynh_lxc_snapshot_exists --name=name --snapname=snapname +# | arg: -n, --name= - name of the LXC +# | arg: -s, --snapname= - name of the snapshot +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_snapshot_exists () { + # Declare an array to define the options of this helper. + local legacy_args=ns + local -A args_array=([n]=name= [s]=snapname=) + local name + local snapname + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # If the container exists + if ynh_lxc_exists --name=$name + then + if lxc list --format json | jq -e --arg name $name --arg snapname $snapname '.[] | select(.name==$name) | .snapshots' >/dev/null + then + if lxc list --format json | jq -e --arg name $name --arg snapname $snapname '.[] | select(.name==$name) | .snapshots[] | select(.name==$snapname)' >/dev/null + then + return 0 + else + return 1 + fi + else + return 1 + fi + fi +} + +# Create a snapshot of an LXC container +# +# usage: ynh_lxc_snapshot_create --name=name --snapname=snapname +# | arg: -n, --name= - name of the LXC +# | arg: -s, --snapname= - name of the snapshot +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_snapshot_create () { + # Declare an array to define the options of this helper. + local legacy_args=ns + local -A args_array=([n]=name= [s]=snapname=) + local name + local snapname + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # Remove swap files to avoid killing the CI with huge snapshots. + ynh_lxc_swapfiles_clean --name=$name + + ynh_lxc_stop --name=$name + + # Check if the snapshot already exist + if ! ynh_lxc_snapshot_exists --name=$name --snapname="$snapname" + then + log_info "(Creating snapshot $snapname ...)" + lxc snapshot $name $snapname + else + log_info "(Recreating snapshot $snapname ...)" + lxc snapshot $name $snapname --reuse + fi +} + +# Delete a snapshot of an LXC container +# +# usage: ynh_lxc_snapshot_delete --name=name --snapname=snapname +# | arg: -n, --name= - name of the LXC +# | arg: -s, --snapname= - name of the snapshot +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_snapshot_delete () { + # Declare an array to define the options of this helper. + local legacy_args=ns + local -A args_array=([n]=name= [s]=snapname=) + local name + local snapname + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if ynh_lxc_snapshot_exists --name="$name" --snapname="$snapname" + then + lxc delete $name/$snapname + return 0 + else + return 1 + fi +} + +# Load a snapshot of an LXC container +# +# usage: ynh_lxc_snapshot_load --name=name --snapname=snapname +# | arg: -n, --name= - name of the LXC +# | arg: -s, --snapname= - name of the snapshot +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_snapshot_load () { + # Declare an array to define the options of this helper. + local legacy_args=ns + local -A args_array=([n]=name= [s]=snapname=) + local name + local snapname + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if ynh_lxc_snapshot_exists --name="$name" --snapname="$snapname" + then + log_debug "Loading snapshot $snapname ..." + + # Remove swap files before restoring the snapshot. + ynh_lxc_swapfiles_clean --name=$name + + ynh_lxc_stop --name=$name + + lxc restore $name $snapname + _ynh_lxc_start_and_wait --name=$name + else + return 1 + fi +} + +# Clone an LXC container +# +# usage: ynh_lxc_clone --source=source --destination=destination +# | arg: -s, --source= - source LXC +# | arg: -d, --destination= - destination LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_clone () { + # Declare an array to define the options of this helper. + local legacy_args=sd + local -A args_array=([s]=source= [d]=destination=) + local source + local destination + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if ynh_lxc_exists --name=$destination + then + ynh_print_info --message="Deleting LXC container $destination" + ynh_secure_remove --file="/var/lib/lxd/snapshots/$destination/snap0.tar.gz" + ynh_lxc_reset --name=$destination + fi + + ynh_print_info --message="Cloning LXC container from $source to $destination" + lxc copy "$source" "$destination" + + ynh_lxc_check_container_start --name=$destination + STATUS=$? + if [ $STATUS -eq 1 ]; then + ynh_print_info --message="LXC container $destination is broken." + else + ynh_print_info --message=" LXC container $destination is working." + ynh_print_info --message= "Creating snapshot of LXC container $destination" + ynh_lxc_snapshot_create --name="$destination" --snapname="snap0" + fi + return $STATUS +} + +# Reset an LXC container +# +# usage: ynh_lxc_reset --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_reset () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # If the container exists + if ynh_lxc_exists --name=$name + then + # Remove swap files before deleting the container + ynh_lxc_swapfiles_clean --name=$name + ynh_lxc_stop --name=$name + local current_storage=$(lxc list $name --format json --columns b | jq '.[].expanded_devices.root.pool') + swapoff "$(lxc storage get $current_storage source)/containers/$name/rootfs/swap" 2>/dev/null + ynh_lxc_delete --name=$name + fi +} diff --git a/ynh_lxd_demo b/ynh_lxd_demo new file mode 100644 index 0000000..b3a7b37 --- /dev/null +++ b/ynh_lxd_demo @@ -0,0 +1,230 @@ +#!/bin/bash + +#================================================= +# DEMO HELPERS +#================================================= + +# Start an LXC container in demo mode +# +# usage: ynh_lxc_demo_start --name=name --ip=ip +# | arg: -n, --name= - name of the LXC +# | arg: -n, --ip= - demo ip of the lxc +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_demo_start () { + # Declare an array to define the options of this helper. + local legacy_args=ni + local -A args_array=([n]=name= [i]=ip=) + local name + local ip + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + ynh_lxc_stop --name="$name" + lxc config device set $name eth1 ipv4.address $ip + _ynh_lxc_start_and_wait --name="$name" +} + +# Stop an LXC container in demo mode +# +# usage: ynh_lxc_demo_stop --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_demo_stop () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + ynh_lxc_stop --name="$name" + lxc config device unset $name eth1 ipv4.address +} + +# Upgrading demo container +# +# usage: ynh_lxc_demo_upgrade --name=name --time_to_switch=time_to_switch +# | arg: -n, --name= - name of the LXC +# | arg: -t, --time_to_switch= - time to switch +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_demo_upgrade () { + # Declare an array to define the options of this helper. + local legacy_args=nt + local -A args_array=([n]=name= [t]=time_to_switch=) + local name + local time_to_switch + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + ynh_print_info --message="Upgrading $name" + # Attend que la machine soit éteinte. + # Timeout à $time_to_switch +5 minutes, en seconde + TIME_OUT=$(($time_to_switch * 60 + 300)) + wait_period=0 + while ! ynh_lxc_is_stopped --name=$name + do + wait_period=$(($wait_period+10)) + if [ $wait_period -gt $TIME_OUT ];then + break + else + sleep 5 + fi + done + + while test -e /var/lib/lxd/$name.lock_fileS; do + sleep 5 # Attend que le conteneur soit libéré par le script switch. + done + + touch /var/lib/lxd/$name.lock_fileU # Met en place un fichier pour indiquer que la machine est indisponible pendant l'upgrade + + # Supprime les éventuels swap présents. + /sbin/swapoff /var/lib/lxd/$name/rootfs/swap_* + + # Restaure le snapshot + ynh_lxc_snapshot_load --name=$name --snapname=snap0 + + # Démarre le conteneur + date >> "$final_path/demo_boot.log" + + # Update + update_apt=0 + ynh_lxc_run_inside --name="$name" --command="apt-get update" + ynh_lxc_run_inside --name="$name" --command="apt-get dist-upgrade --dry-run | grep -q "^Inst " > /dev/null" # Vérifie si il y aura des mises à jour. + if [ "$?" -eq 0 ]; then + date + update_apt=1 + # Upgrade + ynh_lxc_run_inside --name="$name" --command="apt-get dist-upgrade --option Dpkg::Options::=--force-confold -yy" + # Clean + ynh_lxc_run_inside --name="$name" --command="apt-get autoremove -y" + ynh_lxc_run_inside --name="$name" --command="apt-get autoclean" + fi + ynh_lxc_run_inside --name="$name" --command="yunohost tools update" + ynh_lxc_run_inside --name="$name" --command="yunohost tools upgrade system" + + # Exécution des scripts de upgrade.d + LOOP=$((LOOP + 1)) + while read LIGNE + do + if [ ! "$LIGNE" == "exemple" ] && [ ! "$LIGNE" == "old_scripts" ] && [ ! "$LIGNE" == "Constant_upgrade" ] && ! echo "$LIGNE" | grep -q ".fail$" # Le fichier exemple, le dossier old_scripts et les scripts fail sont ignorés + then + date + # Exécute chaque script trouvé dans upgrade.d + ynh_print_info --message="Exécution du script $LIGNE sur le conteneur $name" + /bin/bash "$final_path/upgrade.d/$LIGNE" $name + if [ "$?" -ne 0 ]; then # Si le script a échoué, le snapshot est annulé. + ynh_print_info --message="Échec du script $LIGNE" + mv -f "$final_path/upgrade.d/$LIGNE" "$final_path/upgrade.d/$LIGNE.fail" + ynh_print_info --message="Échec d'exécution du script d'upgrade $LIGNE sur le conteneur $name sur le serveur de demo $DOMAIN!\nLe script a été renommé en .fail, il ne sera plus exécuté tant que le préfixe ne sera pas retiré.\n\nExtrait du log:\n$(tail -n +$log_line "$script_dir/demo_upgrade.log")" | mail -a "Content-Type: text/plain; charset=UTF-8" -s "Demo Yunohost" $MAIL_ADDR + update_apt=0 + else + ynh_print_info --message="Le script $LIGNE a été exécuté sans erreur" + update_apt=1 + fi + fi + done <<< "$(ls -1 "$final_path/upgrade.d")" + + # Exécution des scripts de upgrade.d/Constant_upgrade + while read LIGNE + do + if [ "$update_apt" -eq "1" ] + then + date + # Exécute chaque script trouvé dans upgrade.d/Constant_upgrade + ynh_print_info --message="Exécution du script $LIGNE sur le conteneur $name" + /bin/bash "$final_path/upgrade.d/Constant_upgrade/$LIGNE" $name + if [ "$?" -ne 0 ]; then + ynh_print_info --message="Échec du script $LIGNE" + ynh_print_info --message="Échec d'exécution du script d'upgrade $LIGNE sur le conteneur $name sur le serveur de demo $DOMAIN!\n" + else + ynh_print_info --message="Le script $LIGNE a été exécuté sans erreur" + fi + fi + done <<< "$(ls -1 "$final_path/upgrade.d/Constant_upgrade")" + + # Upgrade des apps + ynh_lxc_run_inside --name="$name" --command="yunohost tools update" + ynh_lxc_run_inside --name="$name" --command="systemctl restart nginx" + ynh_lxc_run_inside --name="$name" --command="yunohost tools upgrade apps" + ynh_lxc_run_inside --name="$name" --command="systemctl restart nginx" + + # Arrêt de la machine virtualisée + ynh_lxc_stop --name=$name + + if [ "$update_apt" -eq "1" ] + then + # Archivage du snapshot + ynh_exec_warn_less tar -cz --acls --xattrs -f /var/lib/lxd/snapshots/$name/snap0.tar.gz /var/lib/lxd/snapshots/$name/snap0 + # Remplacement du snapshot + ynh_lxc_snapshot_create --name=$name --snapname=snap0 + + if [ "$LOOP" -eq 2 ] + then # Après l'upgrade du 2e conteneur, déplace les scripts dans le dossier des anciens scripts si ils ont été exécutés avec succès. + ls -1 "$final_path/upgrade.d" | while read LIGNE + do + if [ ! "$LIGNE" == "exemple" ] && [ ! "$LIGNE" == "old_scripts" ] && [ ! "$LIGNE" == "Constant_upgrade" ] && ! echo "$LIGNE" | grep -q ".fail$" # Le fichier exemple, le dossier old_scripts et les scripts fail sont ignorés + then + mv -f "$final_path/upgrade.d/$LIGNE" "$final_path/upgrade.d/old_scripts/$LIGNE" + fi + done + fi + fi + ynh_secure_remove --file="/var/lib/lxd/$name.lock_fileU" # Libère le lock, la machine est à nouveau disponible + ynh_print_info --message="Finished upgrading $name" +} + +# Restore an LXC container from snap0 snapshot +# +# usage: ynh_lxc_demo_restore_from_snapshot --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_demo_restore_from_snapshot () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + ynh_print_info --message="Restoring LXC container $name from snapshot" + ynh_lxc_snapshot_load --name=$name --snapname=snap0 + if ynh_lxc_check_container_start --name=$name + then + ynh_print_info --message="LXC container $name is working." + return 0 + else + ynh_print_info --message="LXC container $name is broken." + return 1 + fi +} + +# Restore an LXC container from an archive +# +# usage: ynh_lxc_demo_restore_from_archive --name=name +# | arg: -n, --name= - name of the LXC +# +# Requires YunoHost version *.*.* or higher. +ynh_lxc_demo_restore_from_archive () { + # Declare an array to define the options of this helper. + local legacy_args=n + local -A args_array=([n]=name=) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if ! test -e "/var/lib/lxd/snapshots/$name/snap1.tar.gz"; then + ynh_print_info --message="No snapshot archive for LXC container $name" + return 1 + fi + ynh_print_info --message="Restoring snapshot archive for LXC container $name" + ynh_print_info --message="Deleting snapshot" + ynh_lxc_snapshot_delete --name=$name --snapname=snap0 + ynh_print_info --message="Untar archive" + tar -x --acls --xattrs -f /var/lib/lxd/snapshots/$name/snap0.tar.gz -C / + ynh_lxc_demo_restore_from_snapshot --name=$name + return $? +}