YunoHost/yunohost_demo
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost_demo.git synced 2024-09-03 19:56:44 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge 5ca012c226 into 7c8d36a2a8

Browse source
This commit is contained in:
yalh76 2022-11-06 19:03:04 +01:00 committed by GitHub
commit 41130b6f00
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 1256 additions and 904 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
README.MD
View file

@ -1,42 +1,39 @@
# Scripts de gestion et mise en place des serveurs de demo Yunohost sous LXC
# Installation and management scripts for YunoHost demo servers using LXD
## Prérequis
* `apt install sudo git nginx -y`
* register a dns name to your demo server and make you demo server available from internet for TCP/80 and TCP/443
## Requirements
* A debian server
* Register a dns name to your demo server and make you demo server available from internet for TCP/80 and TCP/443
## demo_lxc_build_init
Ce script prépare le serveur hôte à recevoir les conteneurs LXC de demo.
Il doit être exécuté une seule fois et en premier.
This script will install YunoHost and the app yunohost_demo_ynh
## demo_lxc_build
Ce script construit les conteneurs de demo et les paramètres.
Il met également en places les crons et démarre le 1er conteneur.
Après l'exécution de ce script, la demo est en place.
This script will build the demo containers.
It also install crons and start the first container.
After executing this script, YunoHost demo is working.
## demo_lxc_destroy
Ce script arrête les conteneurs et les détruits.
Il sert en général à une reconstruction des conteneurs avec de nouveaux paramètres. Et devrait donc être suivi du script demo_lxc_build.
This script stop the containers and destroy them.
It is usually used for rebuilding containers with new parameters. And should therefore be followed by the demo_lxc_build script.
## demo_lxc_remove
Ce script, après avoir appelé demo_lxc_destroy va désinstaller LXC et remettre le serveur à son état d'origine. Retirant les paramétrages mis en place pour la demo.
Il ne devrait être utilisé qu'en cas de changement de serveur hôte.
This script will remove yunohost_demo_ynh.
It should only be used when the host server is changed.
## demo_start
Permet simplement un démarrage propre du 1er conteneur. Avec la mise en place du bridge réseau et des règles de parefeu.
Simply allows a clean start of the first container. With network bridge and firewall rules in place.
## demo_stop
Arrête proprement les conteneurs et désactive la config réseau spécifique.
Cleanly shuts down containers and disables the specific network config.
## demo_switch
Ce script est placé en cron par demo_lxc_build.
Il va alterner toutes les 30 minutes (par défaut) les 2 conteneurs et rétablir le snapshot du conteneurs après son extinction.
It will alternate every 30 minutes (by default) the 2 containers and restore the snapshot of the container after it is shut down.
## demo_upgrade
Ce script est placé en cron par demo_lxc_build.
demo_upgrade vérifie chaque nuit les mises à jour sur les conteneurs, et les applique le cas échéant. Si nécessaire, il se charge également de refaire le snapshot.
It checks every night for updates on the containers, and applies them if necessary. If necessary, it also takes care of redoing the snapshot.
## demo_restore_crash
Tente de réparer les conteneurs qui ne démarre pas à partir des snapshots ou des archives de snapshots précédents.
Attempts to repair containers that do not boot from previous snapshots or snapshot archives.
Pour effectuer des modifications pérennes sur les conteneurs, il est possible d'ajouter des scripts dans le dossier upgrade.d. Ces scripts seront exécutés après l'upgrade des packages dans chaque conteneur.
En cas d'échec d'exécution, le script sera mis de côté en attendant sa correction. Sinon, il sera archivé.
To make permanent changes to the containers, it is possible to add scripts to the upgrade.d folder. These scripts will be executed after the upgrade of the packages in each container.
In case of execution failure, the script will be put aside until it is corrected. Otherwise, it will be archived.

2
conf/cron_demo_switch Normal file
View file

@ -0,0 +1,2 @@
# Switch des conteneurs toutes les __TIME_TO_SWITCH__ minutes
*/__TIME_TO_SWITCH__ * * * * root /bin/bash __FINAL_PATH__/demo_switch.sh >> "__FINAL_PATH__/demo_switch.log" 2>&1

2
conf/cron_demo_upgrade Normal file
View file

@ -0,0 +1,2 @@
# Vérifie les mises à jour des conteneurs de demo, lorsqu'ils ne sont pas utilisés, à partir de 3h2minutes chaque nuit. Attention à rester sur un multiple du temps de switch.
2 3 * * * root /bin/bash __FINAL_PATH__/demo_upgrade.sh >> "__FINAL_PATH__/demo_upgrade.log" 2>&1

14
conf/systemd.service Normal file
View file

@ -0,0 +1,14 @@
[Unit]
Description=Start and stop script for LXC demo container
Requires=network.target
After=network.target
[Service]
Type=forking
ExecStart=/bin/bash __FINAL_PATH__/demo_start.sh
RemainAfterExit=true
ExecStop=/bin/bash __FINAL_PATH__/demo_stop.sh
ExecReload=/bin/bash __FINAL_PATH__/demo_start.sh
[Install]
WantedBy=multi-user.target

393
demo_lxc_build.sh
View file

@ -5,313 +5,176 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
lxdbr_demo_name=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_name)
lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network)
lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1)
lxc_ip2=$(ynh_app_setting_get --app=$app --key=lxc_ip2)
demo_user=$(ynh_app_setting_get --app=$app --key=demo_user)
demo_password=$(ynh_app_setting_get --app=$app --key=demo_password)
demo_package=$(ynh_app_setting_get --app=$app --key=demo_package)
yunohost_password="$demo_password"
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2)
time_to_switch=$(ynh_app_setting_get --app=$app --key=time_to_switch)
DIST=$(ynh_app_setting_get --app=$app --key=DIST)
ARCH=$(ynh_app_setting_get --app=$app --key=ARCH)
YNH_BRANCH=$(ynh_app_setting_get --app=$app --key=YNH_BRANCH)
lxc_base="ynh-dev-$DIST-$ARCH-$YNH_BRANCH-base"
LOG=Build_lxc.log
LOG_BUILD_LXC="$script_dir/$LOG"
PLAGE_IP=10.1.5
IP_LXC1=10.1.5.3
IP_LXC2=10.1.5.4
ARG_SSH=-t
DOMAIN=$(cat "$script_dir/domain.ini")
YUNO_PWD=demo
LXC_NAME1=yunohost_demo1
LXC_NAME2=yunohost_demo2
TIME_TO_SWITCH=30
DIST="bullseye"
# En minutes
MAIL_ADDR=demo@yunohost.org
dnsforce=0
main_iface=
dns=
LOG_BUILD_LXC="$final_path/$LOG"
lxc_current_version=$(lxc-info --version)
date | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message=">> Starting demo build." | tee -a "$LOG_BUILD_LXC" 2>&1
if $(dpkg --compare-versions "$lxc_current_version" "gt" "3.0.0"); then new_lxc=1; else new_lxc=0; fi
USER_DEMO=demo
PASSWORD_DEMO=demo
# Tente de définir l'interface réseau principale
if [ -z $main_iface ] # Si main_iface est vide, tente de le trouver.
if ynh_lxc_exists --name="$name"
then
# main_iface=$(sudo route | grep default.*0.0.0.0 -m1 | awk '{print $8;}') # Prend l'interface réseau défini par default
main_iface=$(sudo ip route | grep default | awk '{print $5;}') # Prend l'interface réseau défini par default
if [ -z $main_iface ]; then
echo -e "\e[91mImpossible de déterminer le nom de l'interface réseau de l'hôte.\e[0m"
exit 1
fi
ynh_print_info --message="> Deleting existing LXC containers." | tee -a "$LOG_BUILD_LXC" 2>&1
/bin/bash "$final_path/demo_lxc_destroy.sh" quiet | tee -a "$LOG_BUILD_LXC" 2>&1
fi
if [ -z $dns ] # Si l'adresse du dns est vide, tente de le déterminer à partir de la passerelle par défaut.
then
# dns=$(sudo route -n | grep ^0.0.0.0.*$main_iface | awk '{print $2;}')
dns=$(sudo ip route | grep default | awk '{print $3;}')
if [ -z $dns ]; then
echo -e "\e[91mImpossible de déterminer l'adresse de la passerelle.\e[0m"
exit 1
fi
fi
ynh_print_info --message="> Creating a YunoHost $DIST $ARCH $YNH_BRANCH" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_launch --image="$lxc_base" --name="$lxc_name1" | tee -a "$LOG_BUILD_LXC" 2>&1
# Check user
if [ "$USER" != "$(cat "$script_dir/setup_user")" ] && test -e "$script_dir/setup_user"; then
echo -e "\e[91mCe script doit être exécuté avec l'utilisateur $(cat "$script_dir/setup_user")"
echo -en "\e[0m"
exit 0
fi
ynh_print_info --message= "> Creating the $lxdbr_demo_name bridge" | tee -a "$LOG_BUILD_LXC" 2>&1
lxc network attach $lxdbr_demo_name $lxc_name1 eth1 eth1 | tee -a "$LOG_BUILD_LXC" 2>&1
sudo mkdir -p /var/lib/lxcsnaps # Créer le dossier lxcsnaps, pour s'assurer que lxc utilisera ce dossier, même avec lxc 2.
ynh_print_info --message="> Configuring network of the LXC container" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="cp /etc/systemd/network/eth0.network /etc/systemd/network/eth1.network"
ynh_lxc_run_inside --name="$lxc_name1" --command="sed -i s/eth0/eth1/g /etc/systemd/network/eth1.network"
if sudo lxc-info -n $LXC_NAME1 > /dev/null 2>&1
then # Si le conteneur existe déjà
echo -e "\e[1m> Suppression du conteneur existant.\e[0m" | tee -a "$LOG_BUILD_LXC"
"$script_dir/demo_lxc_destroy.sh" quiet | tee -a "$LOG_BUILD_LXC"
fi
ynh_print_info --message="> Update of the LXC container" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="apt-get -y update"
ynh_lxc_run_inside --name="$lxc_name1" --command="apt-get -y full-upgrade"
ynh_lxc_run_inside --name="$lxc_name1" --command="apt-get -y autoremove"
ynh_lxc_run_inside --name="$lxc_name1" --command="apt-get -y clean"
echo -e "\e[1m> Création d'une machine debian $DIST minimaliste\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-create -n $LXC_NAME1 -t debian -- -r $DIST >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="> Post install Yunohost" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost tools postinstall --domain $domain --password $yunohost_password --force-password" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Active le bridge réseau\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="> Disable password strength" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost settings set security.password.user.strength -v -1" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Configuration réseau du conteneur\e[0m" | tee -a "$LOG_BUILD_LXC"
if [ $new_lxc -eq 1 ]; then
sudo sed -i "s/^lxc.net.0.link = lxcbr0$/lxc.net.0.link = lxc_demo\nlxc.net.0.name = eth0\nlxc.net.0.veth.pair = $LXC_NAME1/" /var/lib/lxc/$LXC_NAME1/config >> "$LOG_BUILD_LXC" 2>&1
else
sudo sed -i "s/^lxc.net.0.type = empty$/lxc.net.0.type = veth\nlxc.net.0.flags = up\nlxc.net.0.link = lxc_demo\nlxc.net.0.name = eth0\nlxc.net.0.veth.pair = $LXC_NAME1\nlxc.net.0.hwaddr = 00:FF:AA:00:00:03/" /var/lib/lxc/$LXC_NAME1/config >> "$LOG_BUILD_LXC" 2>&1
fi
ynh_print_info --message="> Add demo user" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost user create $demo_user --firstname $demo_user --lastname $demo_user --domain $domain --password $demo_password" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Configuration réseau de la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo sed -i "s@iface eth0 inet dhcp@iface eth0 inet static\n\taddress $IP_LXC1/24\n\tgateway $PLAGE_IP.1@" /var/lib/lxc/$LXC_NAME1/rootfs/etc/network/interfaces >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Configure le parefeu\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1
sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1
sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Vérification du contenu du resolv.conf\e[0m" | tee -a "$LOG_BUILD_LXC"
if ! sudo cat /var/lib/lxc/$LXC_NAME1/rootfs/etc/resolv.conf | grep -q nameserver; then
dnsforce=1 # Le resolv.conf est vide, on force l'ajout d'un dns.
fi
if [ $dnsforce -eq 1 ]; then # Force la réécriture du resolv.conf
echo "nameserver $dns" | sudo tee /var/lib/lxc/$LXC_NAME1/rootfs/etc/resolv.conf
fi
# Fix an issue with apparmor when the container start.
if [ $new_lxc -eq 1 ]; then
sudo sed -i "s/^lxc.apparmor.profile = generated$/lxc.apparmor.profile = unconfined/" /var/lib/lxc/$LXC_NAME1/config >> "$LOG_BUILD_LXC" 2>&1
else
echo -e "\n# Fix apparmor issues\nlxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/$LXC_NAME1/config >> "$LOG_BUILD_LXC" 2>&1
fi
echo -e "\e[1m> Démarrage de la machine\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-start -n $LXC_NAME1 -d --logfile "$script_dir/lxc_boot.log" >> "$LOG_BUILD_LXC" 2>&1
sleep 3
sudo lxc-ls -f >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Update et install aptitude sudo aptitude sudo ssh openssh-server curl\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-attach -n $LXC_NAME1 -- apt-get update
sudo lxc-attach -n $LXC_NAME1 -- apt-get install -y aptitude sudo ssh openssh-server curl
echo -e "\e[1m> Installation des paquets standard et ssh-server\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-attach -n $LXC_NAME1 -- aptitude install -y ~pstandard ~prequired ~pimportant
echo -e "\e[1m> Renseigne /etc/hosts sur l'invité\e[0m" | tee -a "$LOG_BUILD_LXC"
echo "127.0.0.1 $LXC_NAME1" | sudo tee -a /var/lib/lxc/$LXC_NAME1/rootfs/etc/hosts >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Ajoute l'user ssh_demo (avec un mot de passe à revoir...)\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-attach -n $LXC_NAME1 -- useradd -m -p ssh_demo ssh_demo >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Autorise ssh_demo à utiliser sudo sans mot de passe\e[0m" | tee -a "$LOG_BUILD_LXC"
echo "ssh_demo ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /var/lib/lxc/$LXC_NAME1/rootfs/etc/sudoers >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Mise en place de la connexion ssh vers l'invité.\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo mkdir /var/lib/lxc/$LXC_NAME1/rootfs/home/ssh_demo/.ssh >> "$LOG_BUILD_LXC" 2>&1
sudo cp $HOME/.ssh/$LXC_NAME1.pub /var/lib/lxc/$LXC_NAME1/rootfs/home/ssh_demo/.ssh/authorized_keys >> "$LOG_BUILD_LXC" 2>&1
sudo lxc-attach -n $LXC_NAME1 -- chown ssh_demo -R /home/ssh_demo/.ssh >> "$LOG_BUILD_LXC" 2>&1
ssh -o StrictHostKeyChecking=no $ARG_SSH $LXC_NAME1 "exit 0" # Initie une première connexion SSH pour valider la clé.
if [ "$?" -ne 0 ]; then # Si l'utilisateur tarde trop, la connexion sera refusée... ???
ssh $ARG_SSH $LXC_NAME1 "exit 0" # Initie une premier connexion SSH pour valider la clé.
fi
# Fix ssh common issues with stretch "No supported key exchange algorithms"
sudo lxc-attach -n $LXC_NAME -- dpkg-reconfigure openssh-server >> "$LOG_BUILD_LXC" 2>&1
# Fix locales issue
sudo lxc-attach -n $LXC_NAME -- locale-gen en_US.UTF-8 >> "$LOG_BUILD_LXC" 2>&1
sudo lxc-attach -n $LXC_NAME -- localedef -i en_US -f UTF-8 en_US.UTF-8 >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Installation de Yunohost...\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo /bin/bash -c \"curl https://install.yunohost.org/$DIST | bash -s -- -a -d stable\"" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Post install Yunohost\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo systemctl start dbus.service" | tee -a "$LOG_BUILD_LXC" 2>&1
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --force-password" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Fix SSH access\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-attach -n $LXC_NAME1 -- sed -i "s/AllowGroups ssh.main sftp.main ssh.app sftp.app admins root/AllowGroups ssh.main sftp.main ssh.app sftp.app admins root ssh_demo/" /etc/ssh/sshd_config >> "$LOG_BUILD_LXC" 2>&1
sudo lxc-attach -n $LXC_NAME1 -- service sshd restart >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Disable password strength\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost settings set security.password.user.strength -v -1" | tee -a "$LOG_BUILD_LXC"
USER_DEMO_CLEAN=${USER_DEMO//"_"/""}
echo -e "\e[1m> Ajout de l'utilisateur de demo\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost user create \"$USER_DEMO\" --firstname \"$USER_DEMO_CLEAN\" --lastname \"$USER_DEMO_CLEAN\" --domain \"$DOMAIN\" --password \"$PASSWORD_DEMO\""
echo -e "\e[1m\n> Vérification de l'état de Yunohost\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost -v" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="> Check YunoHost state" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost -v" | tee -a "$LOG_BUILD_LXC" 2>&1
# ********
echo -e "\e[1m>> Modification de Yunohost pour la demo\e[0m" | tee -a "$LOG_BUILD_LXC"
# App officielles
echo -e "\e[1m> Installation des applications officielles\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="> Installing demo apps" | tee -a "$LOG_BUILD_LXC" 2>&1
# Ampache
echo -e "\e[36mInstallation de Ampache\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install ampache --force --args \"domain=$DOMAIN&path=/ampache&admin=$USER_DEMO&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing ampache" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install ampache --force --args \"domain=$domain&path=/ampache&admin=$demo_user&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Baikal
echo -e "\e[36mInstallation de baikal\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install baikal --force --args \"domain=$DOMAIN&path=/baikal&password=$PASSWORD_DEMO\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing baikal" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install baikal --force --args \"domain=$domain&path=/baikal&password=$demo_password&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Agendav
echo -e "\e[36mInstallation d'agendav\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install agendav --force --args \"domain=$DOMAIN&path=/agendav&language=en\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installation d'agendav" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install agendav --force --args \"domain=$domain&path=/agendav&language=en&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Dokuwiki
echo -e "\e[36mInstallation de dokuwiki\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install dokuwiki --force --args \"domain=$DOMAIN&path=/dokuwiki&admin=$USER_DEMO&is_public=1&language=en\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing dokuwiki" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install dokuwiki --force --args \"domain=$domain&path=/dokuwiki&admin=$demo_user&is_public=1&language=en&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Etherpad
echo -e "\e[36mInstallation de etherpad\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install etherpad_mypads --force --args \"domain=$DOMAIN&path=/etherpad&admin=$USER_DEMO&password=administration&language=en&is_public=1&export=none&mypads=1&useldap=0\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing etherpad" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install etherpad_mypads --force --args \"domain=$domain&path=/etherpad&admin=$demo_user&password=administration&language=en&is_public=1&export=none&mypads=1&useldap=0&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Hextris
echo -e "\e[36mInstallation de hextris\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install hextris --force --args \"domain=$DOMAIN&path=/hextris&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing hextris" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install hextris --force --args \"domain=$domain&path=/hextris&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Jirafeau
echo -e "\e[36mInstallation de jirafeau\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install jirafeau --force --args \"domain=$DOMAIN&path=/jirafeau&admin_user=$USER_DEMO&upload_password=$PASSWORD_DEMO&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing jirafeau" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install jirafeau --force --args \"domain=$domain&path=/jirafeau&admin_user=$demo_user&upload_password=$demo_password&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Kanboard
echo -e "\e[36mInstallation de kanboard\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install kanboard --force --args \"domain=$DOMAIN&path=/kanboard&admin=$USER_DEMO&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing kanboard" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install kanboard --force --args \"domain=$domain&path=/kanboard&admin=$demo_user&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Nextcloud
echo -e "\e[36mInstallation de nextcloud\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install nextcloud --force --args \"domain=$DOMAIN&path=/nextcloud&admin=$USER_DEMO&user_home=0&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing nextcloud" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install nextcloud --force --args \"domain=$domain&path=/nextcloud&admin=$demo_user&user_home=0&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Opensondage
echo -e "\e[36mInstallation de opensondage\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install opensondage --force --args \"domain=$DOMAIN&path=/date&admin=$USER_DEMO&language=en&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing opensondage" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install opensondage --force --args \"domain=$domain&path=/date&admin=$demo_user&language=en&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Phpmyadmin
echo -e "\e[36mInstallation de phpmyadmin\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install phpmyadmin --force --args \"domain=$DOMAIN&path=/phpmyadmin&admin=$USER_DEMO\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing phpmyadmin" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install phpmyadmin --force --args \"domain=$domain&path=/phpmyadmin&admin=$demo_user&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Piwigo
echo -e "\e[36mInstallation de piwigo\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install piwigo --force --args \"domain=$DOMAIN&path=/piwigo&admin=$USER_DEMO&is_public=1&language=en\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing piwigo" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install piwigo --force --args \"domain=$domain&path=/piwigo&admin=$demo_user&is_public=1&language=en&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Rainloop
echo -e "\e[36mInstallation de rainloop\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install rainloop --force --args \"domain=$DOMAIN&path=/rainloop&is_public=No&password=$PASSWORD_DEMO&ldap=Yes&language=en\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing rainloop" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install rainloop --force --args \"domain=$domain&path=/rainloop&is_public=No&password=$demo_password&ldap=Yes&language=en&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Roundcube
echo -e "\e[36mInstallation de roundcube\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install roundcube --force --args \"domain=$DOMAIN&path=/webmail&with_carddav=0&with_enigma=0&language=en_GB\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing roundcube" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install roundcube --force --args \"domain=$domain&path=/webmail&with_carddav=0&with_enigma=0&language=en_GB&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Searx
echo -e "\e[36mInstallation de searx\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install searx --force --args \"domain=$DOMAIN&path=/searx&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing searx" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install searx --force --args \"domain=$domain&path=/searx&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Shellinabox
echo -e "\e[36mInstallation de shellinabox\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install shellinabox --force --args \"domain=$DOMAIN&path=/ssh\"" | tee -a "$LOG_BUILD_LXC"
# Strut
echo -e "\e[36mInstallation de strut\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install strut --force --args \"domain=$DOMAIN&path=/strut&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
# Transmission
echo -e "\e[36mInstallation de transmission\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install transmission --force --args \"domain=$DOMAIN&path=/torrent\"" | tee -a "$LOG_BUILD_LXC"
# Ttrss
echo -e "\e[36mInstallation de ttrss\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install ttrss --force --args \"domain=$DOMAIN&path=/ttrss&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
# Wallabag
echo -e "\e[36mInstallation de wallabag\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install wallabag2 --force --args \"domain=$DOMAIN&path=/wallabag&admin=$USER_DEMO\"" | tee -a "$LOG_BUILD_LXC"
# Wordpress
echo -e "\e[36mInstallation de wordpress\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install wordpress --force --args \"domain=$DOMAIN&path=/blog&admin=$USER_DEMO&language=en_US&multisite=0&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
# Zerobin
echo -e "\e[36mInstallation de zerobin\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install zerobin --force --args \"domain=$DOMAIN&path=/zerobin&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="Installing shellinabox" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install shellinabox --force --args \"domain=$domain&path=/ssh&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Désactive l'accès à shellinabox
sudo rm "/var/lib/lxc/$LXC_NAME1/rootfs/etc/nginx/conf.d/$DOMAIN.d/shellinabox.conf" # Supprime le fichier de conf nginx de shellinabox pour empêcher d'y accéder.
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app setting shellinabox path -d && sudo yunohost app setting shellinabox domain -d && sudo yunohost app ssowatconf" | tee -a "$LOG_BUILD_LXC"
# Indique le couple login/mot de passe demo/demo
# Et ajoute demo/demo par défaut dans les champs d'identification
sed -i "3i\<center>Login: $USER_DEMO / Password: $PASSWORD_DEMO</center>" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/ssowat/portal/login.html # Sur le login du portail
sed -i "s/id=\"user\" type=\"text\" name=\"user\"/id=\"user\" type=\"text\" name=\"user\" value=\"$USER_DEMO\"/" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/ssowat/portal/login.html
sed -i "s/id=\"password\" type=\"password\" name=\"password\"/id=\"password\" type=\"password\" name=\"password\" value=\"$PASSWORD_DEMO\"/" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/ssowat/portal/login.html
#sed -i "17i\&emsp;&emsp;&emsp;Password: $YUNO_PWD" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/login.ms # Et sur le login admin
#sed -i "s/type=\"password\" id=\"password\" name=\"password\"/type=\"password\" id=\"password\" name=\"password\" value=\"$YUNO_PWD\"/" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/login.ms
# Désactive l'installation d'app custom
sed -i "s@<a role=\"button\" class=\"btn btn-success slide\">{{t 'install'}}</a>@<a role=\"\" class=\"btn btn-success slide\">{{t 'install'}}</a>@g" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/app/app_catalog_category.ms
# Désactive l'ajout de domaine, pour éviter surtout les nohost
sed -i "s@<input type=\"submit\" role=\"button\" class=\"btn btn-success slide back\" value=\"{{t 'add'}}\">@<input type=\"\" role=\"\" class=\"btn btn-success slide back\" value=\"{{t 'add'}}\">@g" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/domain/domain_add.ms
ynh_lxc_run_inside --name="$lxc_name1" --command="rm /etc/nginx/conf.d/$domain.d/shellinabox.conf"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app setting shellinabox path -d"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app setting shellinabox domain -d"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app ssowatconf"
# Strut
ynh_print_info --message="Installing strut" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install strut --force --args \"domain=$domain&path=/strut&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Transmission
ynh_print_info --message="Installing transmission" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install transmission --force --args \"domain=$domain&path=/torrent&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Ttrss
ynh_print_info --message="Installing ttrss" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install ttrss --force --args \"domain=$domain&path=/ttrss&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Wallabag
ynh_print_info --message="Installing wallabag" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install wallabag2 --force --args \"domain=$domain&path=/wallabag&admin=$demo_user&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Wordpress
ynh_print_info --message="Installing wordpress" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install wordpress --force --args \"domain=$domain&path=/blog&admin=$demo_user&language=en_US&multisite=0&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# Zerobin
ynh_print_info --message="Installing zerobin" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install zerobin --force --args \"domain=$domain&path=/zerobin&is_public=1&\"" | tee -a "$LOG_BUILD_LXC" 2>&1
# ********
echo -e "\e[1m> Arrêt de la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-stop -n $LXC_NAME1 >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="> Creating a snapshot for $lxc_name1" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_snapshot_create --name="$lxc_name1" --snapname="snap0"
echo -e "\e[1m> Suppression des règles de parefeu\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1
sudo iptables -D FORWARD -i eth0 -o lxc_demo -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1
sudo iptables -t nat -D POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE >> "$LOG_BUILD_LXC" 2>&1
sudo ifdown --force lxc_demo >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="> Upgrading the $lxc_name1 LXC container" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_stop --name="$lxc_name1" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_demo_upgrade --name=$lxc_name1 --time_to_switch=$time_to_switch | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Création d'un snapshot\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-snapshot -n $LXC_NAME1 >> "$LOG_BUILD_LXC" 2>&1
# Il sera nommé snap0 et stocké dans /var/lib/lxcsnaps/$LXC_NAME1/snap0/
ynh_print_info --message="> Cloning $lxc_name1 to $lxc_name2" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_clone --source="$lxc_name1" --destination="$lxc_name2" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Clone la machine\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-copy --name=$LXC_NAME1 --newname=$LXC_NAME2 >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="> Creating a snapshot for $lxc_name2" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_snapshot_create --name="$lxc_name2" --snapname="snap0" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Modification de l'ip du clone\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo sed -i "s@address $IP_LXC1@address $IP_LXC2@" /var/lib/lxc/$LXC_NAME2/rootfs/etc/network/interfaces >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Et le nom du veth\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo sed -i "s@^lxc.net.0.veth.pair = $LXC_NAME1@lxc.net.0.veth.pair = $LXC_NAME2@" /var/lib/lxc/$LXC_NAME2/config >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Et enfin renseigne /etc/hosts sur le clone\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo sed -i "s@^127.0.0.1 $LXC_NAME1@127.0.0.1 $LXC_NAME2@" /var/lib/lxc/$LXC_NAME2/rootfs/etc/hosts >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="> Setuping the switch cron" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_add_config --template="$final_path/conf/cron_demo_switch" --destination="/etc/cron.d/demo_switch" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Mise en place du cron de switch\e[0m"
echo | sudo tee /etc/cron.d/demo_switch <<EOF > /dev/null
# Switch des conteneurs toutes les $TIME_TO_SWITCH minutes
*/$TIME_TO_SWITCH * * * * root $script_dir/demo_switch.sh >> "$script_dir/demo_switch.log" 2>&1
EOF
echo -e "\e[1m> Et du cron d'upgrade\e[0m"
echo | sudo tee /etc/cron.d/demo_upgrade <<EOF > /dev/null
# Vérifie les mises à jour des conteneurs de demo, lorsqu'ils ne sont pas utilisés, à partir de 3h2minutes chaque nuit. Attention à rester sur un multiple du temps de switch.
2 3 * * * root $script_dir/demo_upgrade.sh >> "$script_dir/demo_upgrade.log" 2>&1
EOF
ynh_print_info --message="> and the upgrade cron" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_add_config --template="$final_path/conf/cron_demo_upgrade" --destination="/etc/cron.d/demo_upgrade" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Démarrage de la démo\e[0m"
"$script_dir/demo_start.sh"
ynh_print_info --message="> Setuping the service" | tee -a "$LOG_BUILD_LXC" 2>&1
#ynh_add_systemd_config --template="$final_path/conf/systemd.service"
ynh_add_systemd_config
# echo "> Mise en place du service"
echo | sudo tee /etc/systemd/system/lxc_demo.service <<EOF > /dev/null
[Unit]
Description=Start and stop script for lxc demo container
Requires=network.target
After=network.target
ynh_print_info --message="> Integrating service in YunoHost..." | tee -a "$LOG_BUILD_LXC" 2>&1
yunohost service add $app --log="/var/log/$app/$app.log"
[Service]
Type=forking
ExecStart=$script_dir/demo_start.sh
RemainAfterExit=true
ExecStop=$script_dir/demo_stop.sh
ExecReload=$script_dir/demo_start.sh
ynh_print_info --message="> Starting a systemd service..." | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
[Install]
WantedBy=multi-user.target
EOF
# Démarrage automatique du service
sudo systemctl enable lxc_demo.service
sudo service lxc_demo start
# Après le démarrage du premier conteneur, fait un snapshot du deuxième.
echo -e "\e[1m> Création d'un snapshot pour le 2e conteneur\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-snapshot -n $LXC_NAME2 >> "$LOG_BUILD_LXC" 2>&1
# Il sera nommé snap0 et stocké dans /var/lib/lxcsnaps/$LXC_NAME2/snap0/
date | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message=">> Demo build finished." | tee -a "$LOG_BUILD_LXC" 2>&1

229
demo_lxc_build_init.sh
View file

@ -1,188 +1,77 @@
#!/bin/bash
# Installe LXC et les paramètres réseaux avant de procéder au build.
cd "$(dirname $(realpath $0))"
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
if (( $# < 3 ))
then
cat << EOF
Usage: ./demo_lxc_build_init.sh some.domain.tld SecretAdminPasswurzd! Demo_User Demo_Password
LOG=$(cat "$script_dir/demo_lxc_build.sh" | grep LOG= | cut -d '=' -f2)
LOG_BUILD_LXC="$script_dir/$LOG"
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2)
PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2)
IP_LXC1=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC1= | cut -d '=' -f2)
IP_LXC2=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC2= | cut -d '=' -f2)
MAIL_ADDR=$(cat "$script_dir/demo_lxc_build.sh" | grep MAIL_ADDR= | cut -d '=' -f2)
1st and 2nd arguments are for yunohost postinstall
- domain
- admin password
# Check user
echo $(whoami) > "$script_dir/setup_user"
3rd and 4th argument are used for the demo
- demo_user
- demo_password
read -p "Indiquer le nom de domaine du serveur de demo: " DOMAIN
echo "$DOMAIN" > "$script_dir/domain.ini"
# Créer le dossier de log
sudo mkdir -p $(dirname $LOG_BUILD_LXC)
echo -e "\e[1m> Update et install lxc, lxctl et mailutils\e[0m" | tee "$LOG_BUILD_LXC"
sudo apt-get update >> "$LOG_BUILD_LXC" 2>&1
sudo apt-get install -y lxc lxctl mailutils certbot >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Autoriser l'ip forwarding, pour router vers la machine virtuelle.\e[0m" | tee -a "$LOG_BUILD_LXC"
echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/lxc_demo.conf >> "$LOG_BUILD_LXC" 2>&1
sudo sysctl -p /etc/sysctl.d/lxc_demo.conf >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Ajoute un brige réseau pour la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC"
echo | sudo tee /etc/network/interfaces.d/lxc_demo <<EOF >> "$LOG_BUILD_LXC" 2>&1
auto lxc_demo
iface lxc_demo inet static
address $PLAGE_IP.1/24
bridge_ports none
bridge_fd 0
bridge_maxwait 0
EOF
echo -e "\e[1m> Active le bridge réseau\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Mise en place de la connexion ssh vers l'invité.\e[0m" | tee -a "$LOG_BUILD_LXC"
if [ -e $HOME/.ssh/$LXC_NAME1 ]; then
rm -f $HOME/.ssh/$LXC_NAME1 $HOME/.ssh/$LXC_NAME1.pub
ssh-keygen -f $HOME/.ssh/known_hosts -R $IP_LXC1
ssh-keygen -f $HOME/.ssh/known_hosts -R $IP_LXC2
exit 1
fi
ssh-keygen -t rsa -f $HOME/.ssh/$LXC_NAME1 -P '' >> "$LOG_BUILD_LXC" 2>&1
echo | tee -a $HOME/.ssh/config <<EOF >> "$LOG_BUILD_LXC" 2>&1
# ssh $LXC_NAME1
Host $LXC_NAME1
Hostname $IP_LXC1
User ssh_demo
IdentityFile $HOME/.ssh/$LXC_NAME1
Host $LXC_NAME2
Hostname $IP_LXC2
User ssh_demo
IdentityFile $HOME/.ssh/$LXC_NAME1
# End ssh $LXC_NAME1
EOF
domain=$1
yuno_pwd=$2
demo_user=$3
demo_password=$4
echo -e "\e[1m> Mise en place du reverse proxy et du load balancing\e[0m" | tee -a "$LOG_BUILD_LXC"
echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <<EOF >> "$LOG_BUILD_LXC" 2>&1
#upstream $DOMAIN {
# server $IP_LXC1:443 ;
# server $IP_LXC2:443 ;
#}
server {
listen 80;
listen [::]:80;
server_name $DOMAIN;
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /tmp/letsencrypt-auto;
}
access_log /var/log/nginx/$DOMAIN-access.log;
error_log /var/log/nginx/$DOMAIN-error.log;
}
EOF
sudo service nginx reload
echo -e "\e[1m> Création du certificat SSL.\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo mkdir -p /etc/letsencrypt
# Créer le fichier de config
echo | sudo tee /etc/letsencrypt/conf.ini <<EOF >> "$LOG_BUILD_LXC" 2>&1
#################################
# Let's encrypt configuration #
#################################
# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096
# Uncomment and update to register with the specified e-mail address
email = $MAIL_ADDR
# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
# avec le contenu dans /tmp/letsencrypt-auto
authenticator = webroot
webroot-path = /tmp/letsencrypt-auto
# Utiliser l'interface texte
text = True
# Uncomment to automatically agree to the terms of service of the ACME server
agree-tos = true
# (Serveur de test uniquement : si vous l'utilisez,
# votre certificat ne sera pas vraiment valide)
# server = https://acme-staging-v02.api.letsencrypt.org/directory
EOF
mkdir -p /tmp/letsencrypt-auto
# Créer le certificat
sudo certbot certonly --config /etc/letsencrypt/conf.ini -d $DOMAIN --no-eff-email
# Route l'upstream sur le port 443. Le port 80 servait uniquement à let's encrypt
# sudo sed -i "s/server $IP_LXC1:80 ;/server $IP_LXC1:443 ;/" /etc/nginx/conf.d/$DOMAIN.conf
# Décommente les lignes du certificat
# sudo sed -i "s/#\tssl_certificate/\tssl_certificate/g" /etc/nginx/conf.d/$DOMAIN.conf
# Supprime les commentaires dans la conf nginx
echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <<EOF >> "$LOG_BUILD_LXC" 2>&1
#upstream $DOMAIN {
# server $IP_LXC1:443 ;
# server $IP_LXC2:443 ;
#}
server {
listen 80;
listen [::]:80;
server_name $DOMAIN;
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /tmp/letsencrypt-auto;
}
access_log /var/log/nginx/$DOMAIN-access.log;
error_log /var/log/nginx/$DOMAIN-error.log;
echo_bold () {
echo -e "\e[1m$1\e[0m"
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name $DOMAIN;
# -----------------------------------------------------------------
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
add_header Strict-Transport-Security "max-age=31536000;";
function install_dependencies() {
location / {
proxy_pass https://$DOMAIN;
proxy_redirect off;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host \$server_name;
}
access_log /var/log/nginx/$DOMAIN-access.log;
error_log /var/log/nginx/$DOMAIN-error.log;
echo_bold "> Installing dependencies..."
apt-get update
apt-get install -y curl wget git python3-pip
}
EOF
sudo service nginx reload
function setup_yunohost() {
echo_bold "> Setting up Yunohost..."
local DIST="bullseye"
local INSTALL_SCRIPT="https://install.yunohost.org/$DIST"
curl $INSTALL_SCRIPT | bash -s -- -a
echo_bold "> Running yunohost postinstall"
yunohost tools postinstall --domain $domain --password $yuno_pwd
echo -e "\e[1mLe serveur est prêt à déployer les conteneurs de demo.\e[0m"
echo -e "\e[1mExécutez le script demo_lxc_build.sh pour créer les conteneurs et mettre en place la demo.\e[0m"
echo_bold "> Disabling unecessary services to save up RAM"
for SERVICE in mysql php7.3-fpm metronome rspamd dovecot postfix redis-server postsrsd yunohost-api avahi-daemon
do
systemctl stop $SERVICE
systemctl disable $SERVICE --quiet
done
}
# Déploie les conteneurs de demo
# "$script_dir/demo_lxc_build.sh"
function setup_yunohost_demo() {
echo_bold "> Installation of yunohost_demo..."
if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "yunohost_demo")' >/dev/null
then
yunohost app install --force https://github.com/YunoHost-Apps/yunohost_demo_ynh -a "domain=$domain&demo_user=$demo_user&demo_password=$demo_password"
fi
}
# =========================
# Main stuff
# =========================
install_dependencies
[ -e /usr/bin/yunohost ] || setup_yunohost
setup_yunohost_demo
echo "Done!"
echo " "

63
demo_lxc_destroy.sh
View file

@ -6,36 +6,39 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2)
IP_LXC1=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC1= | cut -d '=' -f2)
IP_LXC2=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC2= | cut -d '=' -f2)
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
# Check user
if [ "$USER" != "$(cat "$script_dir/setup_user")" ]; then
echo -e "\e[91mCe script doit être exécuté avec l'utilisateur $(cat "$script_dir/setup_user")"
echo -en "\e[0m"
exit 0
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2)
lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network)
lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1)
lxc_ip2=$(ynh_app_setting_get --app=$app --key=lxc_ip2)
ynh_print_info --message=">> Starting demo destroy."
/bin/bash "$final_path/demo_stop.sh" -f
ynh_print_info --message="> Deleting containers and snapshots"
ynh_exec_warn_less ynh_secure_remove --file="/var/lib/lxd/snapshots/$lxc_name1/snap0.tar.gz"
ynh_lxc_delete --name=$lxc_name1
ynh_exec_warn_less ynh_secure_remove --file="/var/lib/lxd/snapshots/$lxc_name2/snap0.tar.gz"
ynh_lxc_delete --name=$lxc_name2
ynh_print_info --message="> Deleting crons"
ynh_secure_remove --file=/etc/cron.d/demo_switch
ynh_secure_remove --file=/etc/cron.d/demo_upgrade
ynh_print_info --message="> Deleting service"
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_print_info --message="> Removing $app service integration..."
yunohost service remove $app
fi
ynh_print_info --message="> Stopping and removing the systemd service..."
ynh_remove_systemd_config
"$script_dir/demo_stop.sh"
echo -e "\e[1m> Suppression des conteneurs et de leur snapshots\e[0m"
sudo lxc-snapshot -n $LXC_NAME1 -d snap0
sudo rm -f /var/lib/lxcsnaps/$LXC_NAME1/snap0.tar.gz
sudo lxc-destroy -n $LXC_NAME1 -f
sudo lxc-snapshot -n $LXC_NAME2 -d snap0
sudo rm -f /var/lib/lxcsnaps/$LXC_NAME2/snap0.tar.gz
sudo lxc-destroy -n $LXC_NAME2 -f
echo -e "\e[1m> Suppression des crons\e[0m"
sudo rm /etc/cron.d/demo_switch
sudo rm /etc/cron.d/demo_upgrade
echo -e "\e[1m> Suppression des clés ECDSA dans known_hosts\e[0m"
ssh-keygen -f "$HOME/.ssh/known_hosts" -R $IP_LXC1
ssh-keygen -f "$HOME/.ssh/known_hosts" -R $IP_LXC2
echo -e "\e[1m> Suppression du service\e[0m"
sudo systemctl disable lxc_demo.service
sudo rm -f /etc/systemd/system/lxc_demo.service
ynh_print_info --message=">> Finished demo destroy."

58
demo_lxc_remove.sh
View file

@ -6,44 +6,34 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
DOMAIN=$(cat "$script_dir/domain.ini")
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
# Check user
if [ "$USER" != "$(cat "$script_dir/setup_user")" ]; then
echo -e "\e[91mCe script doit être exécuté avec l'utilisateur $(cat "$script_dir/setup_user")"
echo -en "\e[0m"
exit 0
fi
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
path_url=$(ynh_app_setting_get --app=$app --key=path)
"$script_dir/demo_lxc_destroy.sh"
echo_bold () {
echo -e "\e[1m$1\e[0m"
}
echo -e "\e[1m> Retire l'ip forwarding.\e[0m"
sudo rm /etc/sysctl.d/lxc_demo.conf
sudo sysctl -p
# -----------------------------------------------------------------
echo -e "\e[1m> Supprime le brige réseau\e[0m"
sudo rm /etc/network/interfaces.d/lxc_demo
function remove_yunohost_demo() {
echo_bold "> Installation of yunohost_demo..."
if yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "yunohost_demo")' >/dev/null
then
yunohost app remove yunohost_demo --purge
fi
}
echo -e "\e[1m> Remove lxc lxctl\e[0m"
sudo apt-get remove lxc lxctl
# =========================
# Main stuff
# =========================
echo -e "\e[1m> Suppression de la clé SSH\e[0m"
rm -f $HOME/.ssh/$LXC_NAME1 $HOME/.ssh/$LXC_NAME1.pub
echo -e "\e[1m> Et de sa config spécifique dans $HOME/.ssh/config\e[0m"
BEGIN_LINE=$(cat $HOME/.ssh/config | grep -n "^# ssh $LXC_NAME1" | cut -d':' -f 1)
sed -i "$BEGIN_LINE,/^# End ssh $LXC_NAME1/d" $HOME/.ssh/config
remove_yunohost_demo
# Suppression du reverse proxy
echo -e "\e[1m> Suppression de la config nginx\e[0m"
sudo rm /etc/nginx/conf.d/$DOMAIN.conf
sudo service nginx reload
# Suppression du certificat Let's encrypt
echo -e "\e[1m> Suppression de Let's encrypt\e[0m"
sudo rm -r /etc/letsencrypt
sudo rm -r ~/.local/share/letsencrypt
sudo rm -r ~/letsencrypt
sudo rm -r /var/lib/letsencrypt
# Supprime la tache cron
sudo rm /etc/cron.weekly/Certificate_Renewer
echo "Done!"
echo " "

173
demo_restore_crash.sh
View file

@ -5,185 +5,94 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2)
IP_LXC1=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC1= | cut -d '=' -f2)
IP_LXC2=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC2= | cut -d '=' -f2)
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2)
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
STOP_CONTAINER () {
MACHINE=$1
if [ $(sudo lxc-info --name $MACHINE | grep -c "STOPPED") -eq 0 ]; then
echo "Arrêt du conteneur $MACHINE"
sudo lxc-stop -n $MACHINE
fi
}
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network)
lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1)
lxc_ip2=$(ynh_app_setting_get --app=$app --key=lxc_ip2)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2)
CHECK_CONTAINER () {
MACHINE=$1
echo "Test du conteneur $MACHINE"
sudo lxc-start -n $MACHINE -d > /dev/null 2>&1 # Démarre le conteneur
sudo lxc-wait -n $MACHINE -s 'RUNNING' -t 20 # Attend pendant 20s maximum que le conteneur démarre
# sudo lxc-ls -f
if [ $(sudo lxc-info --name $MACHINE | grep -c "RUNNING") -ne 1 ]; then
return 1 # Renvoi 1 si le démarrage du conteneur a échoué
else
STOP_CONTAINER $MACHINE
return 0 # Renvoi 0 si le démarrage du conteneur a réussi
fi
}
ynh_print_info --message=">> Starting demo restore from crash."
RESTORE_SNAPSHOT () {
MACHINE=$1
echo -e "\e[1m> Restauration du snapshot du conteneur $MACHINE\e[0m"
sudo lxc-snapshot -r snap0 -n $MACHINE
CHECK_CONTAINER $MACHINE
STATUS=$?
if [ $STATUS -eq 1 ]; then
echo -e "\e[91m> Conteneur $MACHINE en défaut.\e[0m"
return 1
else
echo -e "\e[92m> Conteneur $MACHINE en état de marche.\e[0m"
return 0
fi
}
ynh_print_info --message="> Disabling switch cron."
sed -i "s/.*demo_switch.sh/#&/" /etc/cron.d/demo_switch # Le cron est commenté durant l'opération de maintenance.
RESTORE_ARCHIVE_SNAPSHOT () {
MACHINE=$1
if ! test -e "/var/lib/lxcsnaps/$MACHINE/snap1.tar.gz"; then
echo "Aucune archive de snapshot pour le conteneur $MACHINE"
return 1
fi
echo -e "\e[1m> Restauration du snapshot archivé pour le conteneur $MACHINE\e[0m"
echo "Suppression du snapshot"
sudo lxc-snapshot -n $MACHINE -d snap0
echo "Décompression de l'archive"
sudo tar -x --acls --xattrs -f /var/lib/lxcsnaps/$MACHINE/snap0.tar.gz -C /
RESTORE_SNAPSHOT $MACHINE
return $?
}
ynh_print_info --message="> Deleting locks and stoping LXC containers."
ynh_secure_remove --file="/var/lib/lxd/$lxc_name1.lock_fileS"
ynh_secure_remove --file="/var/lib/lxd/$lxc_name2.lock_fileS"
ynh_secure_remove --file="/var/lib/lxd/$lxc_name1.lock_fileU"
ynh_secure_remove --file="/var/lib/lxd/$lxc_name2.lock_fileU"
CLONE_CONTAINER () {
MACHINE_SOURCE=$1
MACHINE_CIBLE=$2
IP_SOURCE=$3
IP_CIBLE=$4
echo "Suppression du conteneur $MACHINE_CIBLE"
sudo lxc-snapshot -n $MACHINE_CIBLE -d snap0
sudo rm -f /var/lib/lxcsnaps/$MACHINE_CIBLE/snap0.tar.gz
sudo lxc-destroy -n $MACHINE_CIBLE -f
echo -e "\e[1m> Clone le conteneur $MACHINE_SOURCE sur $MACHINE_CIBLE\e[0m"
sudo lxc-copy --name=$MACHINE_SOURCE --newname=$MACHINE_CIBLE
echo "Modification de l'ip du clone,"
sudo sed -i "s@address $IP_SOURCE@address $IP_CIBLE@" /var/lib/lxc/$MACHINE_CIBLE/rootfs/etc/network/interfaces
echo "du nom du veth"
sudo sed -i "s@$MACHINE_SOURCE@$MACHINE_CIBLE@g" /var/lib/lxc/$MACHINE_CIBLE/config
echo "Et enfin renseigne /etc/hosts sur le clone"
sudo sed -i "s@^127.0.0.1 $MACHINE_SOURCE@127.0.0.1 $MACHINE_CIBLE@" /var/lib/lxc/$MACHINE_CIBLE/rootfs/etc/hosts
CHECK_CONTAINER $MACHINE_CIBLE
STATUS=$?
if [ $STATUS -eq 1 ]; then
echo -e "\e[91m> Conteneur $MACHINE_CIBLE en défaut.\e[0m"
else
echo -e "\e[92m> Conteneur $MACHINE_CIBLE en état de marche.\e[0m"
echo "Création d'un nouveau snapshot pour le conteneur $MACHINE_CIBLE"
sudo lxc-snapshot -n $MACHINE_CIBLE
fi
return $STATUS
}
echo "Désactive le cron switch."
sudo sed -i "s/.*demo_switch.sh/#&/" /etc/cron.d/demo_switch # Le cron est commenté durant l'opération de maintenance.
echo "Suppression des lock et arrêt forcé des conteneurs."
sudo rm -f /var/lib/lxc/$LXC_NAME1.lock_fileS
sudo rm -f /var/lib/lxc/$LXC_NAME2.lock_fileS
sudo rm -f /var/lib/lxc/$LXC_NAME1.lock_fileU
sudo rm -f /var/lib/lxc/$LXC_NAME2.lock_fileU
STOP_CONTAINER $LXC_NAME1
STOP_CONTAINER $LXC_NAME2
echo "Initialisation du réseau pour le conteneur."
if ! sudo ifquery lxc_demo --state > /dev/null; then
sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo
fi
# Activation des règles iptables
echo "Configure le parefeu"
if ! sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT 2> /dev/null; then
sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT
fi
if ! sudo iptables -C FORWARD -i eth0 -o lxc_demo -j ACCEPT 2> /dev/null; then
sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT
fi
if ! sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null; then
sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE
fi
ynh_lxc_demo_stop --name="$lxc_name1"
ynh_lxc_demo_stop --name="$lxc_name2"
# Vérifie l'état des conteneurs.
CHECK_CONTAINER $LXC_NAME1
ynh_lxc_check_container_start --name=$lxc_name1
LXC1_STATUS=$?
CHECK_CONTAINER $LXC_NAME2
ynh_lxc_check_container_start --name=$lxc_name2
LXC2_STATUS=$?
if [ $LXC1_STATUS -eq 1 ]; then
echo -e "\e[91m> Conteneur $LXC_NAME1 en défaut.\e[0m"
ynh_print_info --message="> LXC container $lxc_name1 is broken."
else
echo -e "\e[92m> Conteneur $LXC_NAME1 en état de marche.\e[0m"
ynh_print_info --message="> LXC container $lxc_name1 is working."
fi
if [ $LXC2_STATUS -eq 1 ]; then
echo -e "\e[91m> Conteneur $LXC_NAME2 en défaut.\e[0m"
ynh_print_info --message="> LXC container $lxc_name2 is broken."
else
echo -e "\e[92m> Conteneur $LXC_NAME2 en état de marche.\e[0m"
ynh_print_info --message="> LXC container $lxc_name2 is working."
fi
# Restauration des snapshots
if [ $LXC1_STATUS -eq 1 ]; then
RESTORE_SNAPSHOT $LXC_NAME1
ynh_lxc_demo_restore_from_snapshot --name=$lxc_name1
LXC1_STATUS=$?
fi
if [ $LXC2_STATUS -eq 1 ]; then
RESTORE_SNAPSHOT $LXC_NAME2
ynh_lxc_demo_restore_from_snapshot --name=$lxc_name2
LXC2_STATUS=$?
fi
# Restauration des archives des snapshots
if [ $LXC1_STATUS -eq 1 ]; then
RESTORE_ARCHIVE_SNAPSHOT $LXC_NAME1
ynh_lxc_demo_restore_from_archive --name=$lxc_name1
LXC1_STATUS=$?
fi
if [ $LXC2_STATUS -eq 1 ]; then
RESTORE_ARCHIVE_SNAPSHOT $LXC_NAME2
ynh_lxc_demo_restore_from_archive --name=$lxc_name2
LXC2_STATUS=$?
fi
# Si des erreurs persistent, tente de cloner depuis un conteneur sain
if [ $LXC1_STATUS -eq 1 ] && [ $LXC2_STATUS -eq 0 ] ; then
CLONE_CONTAINER $LXC_NAME2 $LXC_NAME1 $IP_LXC2 $IP_LXC1
ynh_lxc_clone --source=$lxc_name2 --destination=$lxc_name1
LXC1_STATUS=$?
fi
if [ $LXC2_STATUS -eq 1 ] && [ $LXC1_STATUS -eq 0 ]; then
CLONE_CONTAINER $LXC_NAME1 $LXC_NAME2 $IP_LXC1 $IP_LXC2
ynh_lxc_clone --source=$lxc_name1 --destination=$lxc_name2
LXC2_STATUS=$?
fi
# Résultats finaux
if [ $LXC1_STATUS -eq 1 ] || [ $LXC2_STATUS -eq 1 ]; then
if [ $LXC1_STATUS -eq 1 ]; then
echo -e "\e[91m\n> Le conteneur $LXC_NAME1 n'a pas pu être réparé...\e[0m"
ynh_print_info --message="> $lxc_name1 LXC container can't be repaired..."
fi
if [ $LXC2_STATUS -eq 1 ]; then
echo -e "\e[91m\n> Le conteneur $LXC_NAME2 n'a pas pu être réparé...\e[0m"
ynh_print_info --message="> $lxc_name2 LXC container can't be repaired..."
fi
else
echo -e "\e[92m\n> Les 2 conteneurs sont sains et fonctionnels.\e[0m"
ynh_print_info --message="> The 2 LXC containers are working."
fi
echo "Réactive le cron switch."
sudo sed -i "s/#*\*/\*/" /etc/cron.d/demo_switch # Le cron est décommenté
echo "Restart la demo."
$script_dir/demo_start.sh
ynh_print_info --message="> Enabling switch cron."
sed -i "s/#*\*/\*/" /etc/cron.d/demo_switch # Le cron est décommenté
ynh_print_info --message="> Restart the demo."
$final_path/demo_start.sh
ynh_print_info --message=">> Finished demo restore from crash."

43
demo_start.sh
View file

@ -1,38 +1,31 @@
#!/bin/bash
# Démarre le premier conteneur de demo et active la config réseau dédiée.
# Démarre le premier conteneur de demo
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2)
LXC_NAME=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
"$script_dir/demo_stop.sh" > /dev/null 2>&1
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network)
lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1)
echo "Initialisation du réseau pour le conteneur."
if ! sudo ifquery lxc_demo --state > /dev/null; then
sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo
fi
date | tee -a "$final_path/demo_boot.log" 2>&1
ynh_print_info --message=">> Starting demo." | tee -a "$final_path/demo_boot.log" 2>&1
# Activation des règles iptables
echo "> Configure le parefeu"
if ! sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT 2> /dev/null; then
sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT
fi
if ! sudo iptables -C FORWARD -i eth0 -o lxc_demo -j ACCEPT 2> /dev/null; then
sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT
fi
if ! sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null; then
sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE
fi
/bin/bash "$final_path/demo_stop.sh" > /dev/null 2>&1
# Démarrage de la machine
echo "> Démarrage de la machine"
date >> "$script_dir/demo_boot.log"
echo "Starting $LXC_NAME" >> "$script_dir/demo_boot.log"
sudo lxc-start -n $LXC_NAME -o "$script_dir/demo_boot.log" -d
ynh_print_info --message="> Démarrage de la machine" | tee -a "$final_path/demo_boot.log" 2>&1
date | tee -a "$final_path/demo_boot.log" 2>&1
ynh_print_info --message="> Starting $lxc_name1" | tee -a "$final_path/demo_boot.log" 2>&1
ynh_lxc_demo_start --name=$lxc_name1 --ip="$lxdbr_demo_network$lxc_ip1" | tee -a "$final_path/demo_boot.log" 2>&1
sleep 3
# Vérifie que la machine a démarré
sudo lxc-ls -f
date | tee -a "$final_path/demo_boot.log" 2>&1
ynh_print_info --message=">> Finished starting demo." | tee -a "$final_path/demo_boot.log" 2>&1

71
demo_stop.sh
View file

@ -3,50 +3,51 @@
# Stoppe les conteneurs de demo et arrête la config réseau dédiée.
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(ynh_print_info --message=$PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2)
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2)
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2)
date | tee -a "$final_path/demo_boot.log" 2>&1
ynh_print_info --message=">> Stopping demo." | tee -a "$final_path/demo_boot.log" 2>&1
if [ "$#" -eq 1 ] && [ "$1" == "-f" ]
then
echo "> Suppression des lock et arrêt forcé des conteneurs."
sudo rm -f /var/lib/lxc/$LXC_NAME1.lock_fileS
sudo rm -f /var/lib/lxc/$LXC_NAME2.lock_fileS
sudo rm -f /var/lib/lxc/$LXC_NAME1.lock_fileU
sudo rm -f /var/lib/lxc/$LXC_NAME2.lock_fileU
ynh_print_info --message="> Deleting locks and force stopping LXC containers." | tee -a "$final_path/demo_boot.log" 2>&1
ynh_exec_warn_less ynh_secure_remove --file="/var/lib/lxd/$lxc_name1.lock_fileS"
ynh_exec_warn_less ynh_secure_remove --file="/var/lib/lxd/$lxc_name2.lock_fileS"
ynh_exec_warn_less ynh_secure_remove --file="/var/lib/lxd/$lxc_name1.lock_fileU"
ynh_exec_warn_less ynh_secure_remove --file="/var/lib/lxd/$lxc_name2.lock_fileU"
else
echo "> Attend la libération des lock sur les conteneurs."
while test -e /var/lib/lxc/$LXC_NAME1.lock_file* || test -e /var/lib/lxc/$LXC_NAME2.lock_file*; do
ynh_print_info --message="> Waiting locks." | tee -a "$final_path/demo_boot.log" 2>&1
while test -e /var/lib/lxd/$lxc_name1.lock_file* || test -e /var/lib/lxd/$lxc_name2.lock_file*; do
sleep 5 # Attend que les conteneur soit libérés par les script upgrade ou switch, le cas échéant.
done
fi
echo "> Arrêt des conteneurs"
if [ $(sudo lxc-info --name $LXC_NAME1 | grep -c "STOPPED") -eq 0 ]; then
echo "Arrêt du conteneur $LXC_NAME1"
sudo lxc-stop -n $LXC_NAME1
ynh_print_info --message="> Stopping LXC containers" | tee -a "$final_path/demo_boot.log" 2>&1
if ynh_lxc_exists --name=$lxc_name1
then
if ! ynh_lxc_is_stopped --name=$lxc_name1
then
ynh_print_info --message="> Stopping $lxc_name1 LXC container" | tee -a "$final_path/demo_boot.log" 2>&1
ynh_lxc_demo_stop --name=$lxc_name1
fi
fi
if [ $(sudo lxc-info --name $LXC_NAME2 | grep -c "STOPPED") -eq 0 ]; then
echo "Arrêt du conteneur $LXC_NAME2"
sudo lxc-stop -n $LXC_NAME2
if ynh_lxc_exists --name=$lxc_name2
then
if ! ynh_lxc_is_stopped --name=$lxc_name2
then
ynh_print_info --message="> Stopping $lxc_name2 LXC container"
ynh_lxc_demo_stop --name=$lxc_name2
fi
fi
echo "> Suppression des règles de parefeu"
if sudo iptables -C FORWARD -i lxc_demo -o eth0 -j ACCEPT 2> /dev/null; then
sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT
fi
if sudo iptables -C FORWARD -i eth0 -o lxc_demo -j ACCEPT 2> /dev/null; then
sudo iptables -D FORWARD -i eth0 -o lxc_demo -j ACCEPT
fi
if sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null; then
sudo iptables -t nat -D POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE
fi
echo "Arrêt de l'interface réseau pour le conteneur."
if sudo ifquery lxc_demo --state > /dev/null; then
sudo ifdown --force lxc_demo
fi
sudo lxc-ls -f
date | tee -a "$final_path/demo_boot.log" 2>&1
ynh_print_info --message=">> Finished stopping demo." | tee -a "$final_path/demo_boot.log" 2>&1

74
demo_switch.sh
View file

@ -6,56 +6,74 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2)
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2)
MAIL_ADDR=$(cat "$script_dir/demo_lxc_build.sh" | grep MAIL_ADDR= | cut -d '=' -f2)
DOMAIN=$(cat "$script_dir/domain.ini")
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
log_line=$(wc -l "$script_dir/demo_switch.log" | cut -d ' ' -f 1) # Repère la fin du log actuel. Pour récupérer les lignes ajoutées sur cette exécution.
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network)
lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1)
lxc_ip2=$(ynh_app_setting_get --app=$app --key=lxc_ip2)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2)
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
log_line=$(wc -l "$final_path/demo_switch.log" | cut -d ' ' -f 1) # Repère la fin du log actuel. Pour récupérer les lignes ajoutées sur cette exécution.
log_line=$(( $log_line + 1 )) # Ignore la première ligne, reprise de l'ancien log.
date >> "$script_dir/demo_switch.log"
while test -e /var/lib/lxc/$LXC_NAME1.lock_file* || test -e /var/lib/lxc/$LXC_NAME2.lock_file*; do
date | tee -a "$final_path/demo_switch.log" 2>&1
ynh_print_info --message=">> Start switching demo." | tee -a "$final_path/demo_switch.log" 2>&1
while test -e /var/lib/lxd/$lxc_name1.lock_file* || test -e /var/lib/lxd/$lxc_name2.lock_file*; do
sleep 5 # Attend que le conteneur soit libéré par les script upgrade ou switch, le cas échéant.
done
# Vérifie l'état des machines.
if [ "$(sudo lxc-info --name $LXC_NAME1 | grep -c "RUNNING")" -eq "1" ]
if ynh_lxc_is_started --name=$lxc_name1
then # Si la machine 1 est démarrée.
LXC_A=$LXC_NAME1
LXC_B=$LXC_NAME2
LXC_A=$lxc_name1
IP_A="$lxdbr_demo_network$lxc_ip1"
LXC_B=$lxc_name2
IP_B="$lxdbr_demo_network$lxc_ip2"
else # Sinon, on suppose que c'est la machine 2 qui est en cours.
LXC_A=$LXC_NAME2
LXC_B=$LXC_NAME1
LXC_A=$lxc_name2
IP_A="$lxdbr_demo_network$lxc_ip2"
LXC_B=$lxc_name1
IP_B="$lxdbr_demo_network$lxc_ip1"
# Si aucune machine ne tourne, la première démarrera.
fi
# Supprime les éventuels swap présents.
/sbin/swapoff /var/lib/lxc/$LXC_A/rootfs/swap_*
/sbin/swapoff /var/lib/lxd/$LXC_A/rootfs/swap_*
echo "Starting $LXC_B"
ynh_print_info --message="> Starting $LXC_B"
# Démarre le conteneur B et arrête le conteneur A.
sudo lxc-start -n $LXC_B -o "$script_dir/demo_switch.log" -d > /dev/null # Démarre l'autre machine
sleep 10 # Attend 10 seconde pour s'assurer du démarrage de la machine.
if [ "$(sudo lxc-info --name $LXC_B | grep -c "STOPPED")" -eq "1" ]
ynh_lxc_demo_start --name=$LXC_B --ip=$IP_B
sleep 5 # Attend 10 seconde pour s'assurer du démarrage de la machine.
if ! ynh_lxc_is_started --name=$LXC_B
then
# Le conteneur n'a pas réussi à démarrer. On averti un responsable par mail...
echo -e "Échec du démarrage du conteneur $LXC_B sur le serveur de demo $DOMAIN! \n\nExtrait du log:\n$(tail -n +$log_line "$script_dir/demo_switch.log")\n\nLe script 'demo_restore_crash.sh' va être exécuté pour tenter de fixer l'erreur." | mail -a "Content-Type: text/plain; charset=UTF-8" -s "Demo Yunohost" $MAIL_ADDR
$script_dir/demo_restore_crash.sh &
ynh_print_info --message="> Échec du démarrage du conteneur $LXC_B sur le serveur de demo $DOMAIN! \n\nExtrait du log:\n$(tail -n +$log_line "$final_path/demo_switch.log")\n\nLe script 'demo_restore_crash.sh' va être exécuté pour tenter de fixer l'erreur." | mail -a "Content-Type: text/plain; charset=UTF-8" -s "Demo Yunohost" $MAIL_ADDR
/bin/bash $final_path/demo_restore_crash.sh &
exit 1
else
echo "Stopping $LXC_A"
ynh_print_info --message="> Stopping $LXC_A"
# Bascule sur le conteneur B avec le load balancing de nginx...
# Automatique par nginx lorsque la machine A sera éteinte.
# Arrêt du conteneur A. Il est remplacé par le B
sudo touch /var/lib/lxc/$LXC_A.lock_fileS # Met en place un fichier pour indiquer que la machine n'est pas encore dispo.
sudo lxc-stop -n $LXC_A
touch /var/lib/lxd/$LXC_A.lock_fileS # Met en place un fichier pour indiquer que la machine n'est pas encore dispo.
ynh_lxc_demo_stop --name=$LXC_A
# Supprime les éventuels swap présents.
/sbin/swapoff /var/lib/lxc/$LXC_A/rootfs/swap_*
echo "Restauring $LXC_A from snapshot"
/sbin/swapoff /var/lib/lxd/$LXC_A/rootfs/swap_*
ynh_print_info --message="> Restauring $LXC_A from snapshot"
# Restaure le snapshot de la machine A avant sa prochaine exécution
sudo lxc-snapshot -r snap0 -n $LXC_A
sudo rm /var/lib/lxc/$LXC_A.lock_fileS # Libère le lock
echo "Finish restoring $LXC_A"
ynh_lxc_snapshot_load --name=$LXC_A --snapname=snap0
ynh_lxc_stop --name=$LXC_A
ynh_secure_remove --file="/var/lib/lxd/$LXC_A.lock_fileS" # Libère le lock
ynh_print_info --message="> Finish restoring $LXC_A"
fi
date | tee -a "$final_path/demo_switch.log" 2>&1
ynh_print_info --message=">> Finished switching demo." | tee -a "$final_path/demo_switch.log" 2>&1

170
demo_upgrade.sh
View file

@ -6,163 +6,27 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2)
IP_LXC1=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC1= | cut -d '=' -f2)
IP_LXC2=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC2= | cut -d '=' -f2)
PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2)
TIME_TO_SWITCH=$(cat "$script_dir/demo_lxc_build.sh" | grep TIME_TO_SWITCH= | cut -d '=' -f2)
MAIL_ADDR=$(cat "$script_dir/demo_lxc_build.sh" | grep MAIL_ADDR= | cut -d '=' -f2)
DOMAIN=$(cat "$script_dir/domain.ini")
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2)
time_to_switch=$(ynh_app_setting_get --app=$app --key=time_to_switch)
IP_UPGRADE=$PLAGE_IP.150
LOOP=0
log_line=$(wc -l "$script_dir/demo_upgrade.log" | cut -d ' ' -f 1) # Repère la fin du log actuel. Pour récupérer les lignes ajoutées sur cette exécution.
log_line=$(wc -l "$final_path/demo_upgrade.log" | cut -d ' ' -f 1) # Repère la fin du log actuel. Pour récupérer les lignes ajoutées sur cette exécution.
log_line=$(( $log_line + 1 )) # Ignore la première ligne, reprise de l'ancien log.
date >> "$script_dir/demo_upgrade.log"
UPGRADE_DEMO_CONTAINER () { # Démarrage, upgrade et snapshot
MACHINE=$1
IP_MACHINE=$2
echo "Upgrading $MACHINE"
# Attend que la machine soit éteinte.
# Timeout à $TIME_TO_SWITCH +5 minutes, en seconde
TIME_OUT=$(($TIME_TO_SWITCH * 60 + 300))
sudo lxc-wait -n $MACHINE -s 'STOPPED' -t $TIME_OUT
date | tee -a "$final_path/demo_upgrade.log" 2>&1
ynh_print_info --message=">> Upgrading demo." | tee -a "$final_path/demo_upgrade.log" 2>&1
while test -e /var/lib/lxc/$MACHINE.lock_fileS; do
sleep 5 # Attend que le conteneur soit libéré par le script switch.
done
ynh_lxc_demo_upgrade --name=$lxc_name1 --time_to_switch=$time_to_switch
ynh_lxc_demo_upgrade --name=$lxc_name2 --time_to_switch=$time_to_switch
sudo touch /var/lib/lxc/$MACHINE.lock_fileU # Met en place un fichier pour indiquer que la machine est indisponible pendant l'upgrade
# Supprime les éventuels swap présents.
/sbin/swapoff /var/lib/lxc/$MACHINE/rootfs/swap_*
# Restaure le snapshot
sudo lxc-snapshot -r snap0 -n $MACHINE
# Change l'ip du conteneur le temps de l'upgrade. Pour empêcher HAProxy de basculer sur le conteneur.
sudo sed -i "s@address $IP_MACHINE@address $IP_UPGRADE@" /var/lib/lxc/$MACHINE/rootfs/etc/network/interfaces
# Active le bridge réseau
if ! sudo ifquery lxc_demo --state > /dev/null
then
sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo
fi
# Configure le parefeu
if ! sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT 2> /dev/null
then
sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT
fi
if ! sudo iptables -C FORWARD -i eth0 -o lxc_demo -j ACCEPT 2> /dev/null
then
sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT
fi
if ! sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null
then
sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE
fi
# Démarre le conteneur
date >> "$script_dir/demo_boot.log"
sudo lxc-start -n $MACHINE -o "$script_dir/demo_boot.log" -d > /dev/null
sleep 10
# Update
update_apt=0
sudo lxc-attach -n $MACHINE -- apt-get update
sudo lxc-attach -n $MACHINE -- apt-get dist-upgrade --dry-run | grep -q "^Inst " > /dev/null # Vérifie si il y aura des mises à jour.
if [ "$?" -eq 0 ]; then
date
update_apt=1
# Upgrade
sudo lxc-attach -n $MACHINE -- apt-get dist-upgrade --option Dpkg::Options::=--force-confold -yy
# Clean
sudo lxc-attach -n $MACHINE -- apt-get autoremove -y
sudo lxc-attach -n $MACHINE -- apt-get autoclean
fi
sudo lxc-attach -n $MACHINE -- yunohost tools update
sudo lxc-attach -n $MACHINE -- yunohost tools upgrade system
# Exécution des scripts de upgrade.d
LOOP=$((LOOP + 1))
while read LIGNE
do
if [ ! "$LIGNE" == "exemple" ] && [ ! "$LIGNE" == "old_scripts" ] && [ ! "$LIGNE" == "Constant_upgrade" ] && ! echo "$LIGNE" | grep -q ".fail$" # Le fichier exemple, le dossier old_scripts et les scripts fail sont ignorés
then
date
# Exécute chaque script trouvé dans upgrade.d
echo "Exécution du script $LIGNE sur le conteneur $MACHINE"
/bin/bash "$script_dir/upgrade.d/$LIGNE" $MACHINE
if [ "$?" -ne 0 ]; then # Si le script a échoué, le snapshot est annulé.
echo "Échec du script $LIGNE"
mv -f "$script_dir/upgrade.d/$LIGNE" "$script_dir/upgrade.d/$LIGNE.fail"
echo -e "Échec d'exécution du script d'upgrade $LIGNE sur le conteneur $MACHINE sur le serveur de demo $DOMAIN!\nLe script a été renommé en .fail, il ne sera plus exécuté tant que le préfixe ne sera pas retiré.\n\nExtrait du log:\n$(tail -n +$log_line "$script_dir/demo_upgrade.log")" | mail -a "Content-Type: text/plain; charset=UTF-8" -s "Demo Yunohost" $MAIL_ADDR
update_apt=0
else
echo "Le script $LIGNE a été exécuté sans erreur"
update_apt=1
fi
fi
done <<< "$(ls -1 "$script_dir/upgrade.d")"
# Exécution des scripts de upgrade.d/Constant_upgrade
while read LIGNE
do
if [ "$update_apt" -eq "1" ]
then
date
# Exécute chaque script trouvé dans upgrade.d/Constant_upgrade
echo "Exécution du script $LIGNE sur le conteneur $MACHINE"
/bin/bash "$script_dir/upgrade.d/Constant_upgrade/$LIGNE" $MACHINE
if [ "$?" -ne 0 ]; then
echo "Échec du script $LIGNE"
echo -e "Échec d'exécution du script d'upgrade $LIGNE sur le conteneur $MACHINE sur le serveur de demo $DOMAIN!\n"
else
echo "Le script $LIGNE a été exécuté sans erreur"
fi
fi
done <<< "$(ls -1 "$script_dir/upgrade.d/Constant_upgrade")"
# Upgrade des apps
sudo lxc-attach -n $MACHINE -- yunohost tools update
sudo lxc-attach -n $MACHINE -- systemctl restart nginx
sudo lxc-attach -n $MACHINE -- yunohost tools upgrade apps
sudo lxc-attach -n $MACHINE -- systemctl restart nginx
# Arrêt de la machine virtualisée
sudo lxc-stop -n $MACHINE
# Restaure l'ip d'origine du conteneur.
sudo sed -i "s@address $IP_UPGRADE@address $IP_MACHINE@" /var/lib/lxc/$MACHINE/rootfs/etc/network/interfaces
if [ "$update_apt" -eq "1" ]
then
# Archivage du snapshot
sudo tar -cz --acls --xattrs -f /var/lib/lxcsnaps/$MACHINE/snap0.tar.gz /var/lib/lxcsnaps/$MACHINE/snap0
# Remplacement du snapshot
sudo lxc-snapshot -n $MACHINE -d snap0
sudo lxc-snapshot -n $MACHINE
if [ "$LOOP" -eq 2 ]
then # Après l'upgrade du 2e conteneur, déplace les scripts dans le dossier des anciens scripts si ils ont été exécutés avec succès.
ls -1 "$script_dir/upgrade.d" | while read LIGNE
do
if [ ! "$LIGNE" == "exemple" ] && [ ! "$LIGNE" == "old_scripts" ] && [ ! "$LIGNE" == "Constant_upgrade" ] && ! echo "$LIGNE" | grep -q ".fail$" # Le fichier exemple, le dossier old_scripts et les scripts fail sont ignorés
then
mv -f "$script_dir/upgrade.d/$LIGNE" "$script_dir/upgrade.d/old_scripts/$LIGNE"
fi
done
fi
fi
sudo rm /var/lib/lxc/$MACHINE.lock_fileU # Libère le lock, la machine est à nouveau disponible
echo "Finished upgrading $MACHINE"
}
echo ""
date
UPGRADE_DEMO_CONTAINER $LXC_NAME1 $IP_LXC1
UPGRADE_DEMO_CONTAINER $LXC_NAME2 $IP_LXC2
date | tee -a "$final_path/demo_upgrade.log" 2>&1
ynh_print_info --message=">> Finished upgrading demo." | tee -a "$final_path/demo_upgrade.log" 2>&1

23
upgrade.d/Constant_upgrade/Default_login
View file

@ -3,12 +3,23 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi
MACHINE=$1 # Nom du conteneur
source $script_dir/../../ynh_lxd
source /usr/share/yunohost/helpers
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
demo_user=$(ynh_app_setting_get --app=$app --key=demo_user)
demo_password=$(ynh_app_setting_get --app=$app --key=demo_password)
MACHINE=$1 # Nom du conteneur
# Active le mode démo de la webadmin / TO BE IMPLEMENTED
#ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost settings set demo 1"
# Indique le couple login/mot de passe demo/demo
# Et ajoute demo/demo par défaut dans les champs d'identification
sed -i "s/id=\"user\" type=\"text\" name=\"user\"/id=\"user\" type=\"text\" name=\"user\" value=\"demo\"/" /var/lib/lxc/$MACHINE/rootfs/usr/share/ssowat/portal/login.html
sed -i "s/id=\"password\" type=\"password\" name=\"password\"/id=\"password\" type=\"password\" name=\"password\" value=\"demo\"/" /var/lib/lxc/$MACHINE/rootfs/usr/share/ssowat/portal/login.html
#sed -i "17i\&emsp;&emsp;&emsp;Password: $YUNO_PWD" /var/lib/lxc/$MACHINE/rootfs/usr/share/yunohost/admin/views/login.ms # Et sur le login admin
#sed -i "s/type=\"password\" id=\"password\" name=\"password\"/type=\"password\" id=\"password\" name=\"password\" value=\"$YUNO_PWD\"/" /var/lib/lxc/$MACHINE/rootfs/usr/share/yunohost/admin/views/login.ms
ynh_lxc_run_inside --name="$MACHINE" --command="sed -i \"3i\<center>Login: $demo_user / Password: $demo_password</center>\" /usr/share/ssowat/portal/login.html" # Sur le login du portail
ynh_lxc_run_inside --name="$MACHINE" --command="sed -i \"s/id=\"user\" type=\"text\" name=\"user\"/id=\"user\" type=\"text\" name=\"user\" value=\"$demo_user\"/\" /usr/share/ssowat/portal/login.html"
ynh_lxc_run_inside --name="$MACHINE" --command="sed -i \"s/id=\"password\" type=\"password\" name=\"password\"/id=\"password\" type=\"password\" name=\"password\" value=\"$demo_password\"/\" /usr/share/ssowat/portal/login.html"
# ainsi que dans la webadmin
#sed -i "17i\&emsp;&emsp;&emsp;Password: $YUNO_PWD" /var/lib/lxd/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/login.ms # Et sur le login admin
#sed -i "s/type=\"password\" id=\"password\" name=\"password\"/type=\"password\" id=\"password\" name=\"password\" value=\"$YUNO_PWD\"/" /var/lib/lxd/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/login.ms

4
upgrade.d/Constant_upgrade/Disable_add_domain
View file

@ -3,7 +3,7 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi
MACHINE=$1 # Nom du conteneur
MACHINE=$1 # Nom du conteneur
# Désactive l'ajout de domaine, pour éviter surtout les nohost
#sed -i "s@<input type=\"submit\" role=\"button\" class=\"btn btn-success slide back\" value=\"{{t 'add'}}\">@<input type=\"\" role=\"\" class=\"btn btn-success slide back\" value=\"{{t 'add'}}\">@g" /var/lib/lxc/$MACHINE/rootfs/usr/share/yunohost/admin/views/domain/domain_add.ms
#sed -i "s@<input type=\"submit\" role=\"button\" class=\"btn btn-success slide back\" value=\"{{t 'add'}}\">@<input type=\"\" role=\"\" class=\"btn btn-success slide back\" value=\"{{t 'add'}}\">@g" /var/lib/lxd/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/domain/domain_add.ms

4
upgrade.d/Constant_upgrade/Disable_custom_apps
View file

@ -3,7 +3,7 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi
MACHINE=$1 # Nom du conteneur
MACHINE=$1 # Nom du conteneur
# Désactive l'installation d'app custom
#sed -i "s@<a role=\"button\" class=\"btn btn-success slide\">{{t 'install'}}</a>@<a role=\"\" class=\"btn btn-success slide\">{{t 'install'}}</a>@g" /var/lib/lxc/$MACHINE/rootfs/usr/share/yunohost/admin/views/app/app_catalog_category.ms
#sed -i "s@<a role=\"button\" class=\"btn btn-success slide\">{{t 'install'}}</a>@<a role=\"\" class=\"btn btn-success slide\">{{t 'install'}}</a>@g" /var/lib/lxd/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/app/app_catalog_category.ms

566
ynh_lxd Normal file
View file

@ -0,0 +1,566 @@
#!/bin/bash
#=================================================
# LXD HELPERS
#=================================================
# Check if a LXC container exists
#
# usage: ynh_lxc_exists --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_exists () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
if ! lxc list --format json | jq -e --arg name $name '.[] | select(.name==$name) | .name' >/dev/null
then
return 1
else
return 0
fi
}
# Return LXC container status
#
# usage: ynh_lxc_status --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_status () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
if ynh_lxc_exists --name=$name
then
lxc list --format json | jq -r --arg name $name '.[] | select(.name==$name) | .state | .status'
fi
}
# Check if an LXC container is running
#
# usage: ynh_lxc_is_started --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_is_started () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
if [ "$(ynh_lxc_status --name=$name)" == Running ]
then
return 0
else
return 1
fi
}
# Check if an LXC container is stopped
#
# usage: ynh_lxc_is_stopped --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_is_stopped () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
if [ "$(ynh_lxc_status --name=$name)" == Stopped ]
then
return 0
else
return 1
fi
}
# Start an LXC container
#
# usage: ynh_lxc_start --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_start () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
# If the container exists
if ynh_lxc_exists --name=$name
then
if ! ynh_lxc_is_started --name=$name
then
lxc start $name
fi
fi
}
# Stopping an LXC container
#
# usage: ynh_lxc_stop --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_stop () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
# If the container exists
if ynh_lxc_exists --name=$name
then
ynh_print_info --message="Stopping LXC $name"
wait_period=0
while ! ynh_lxc_is_stopped --name=$name
do
lxc stop $name
wait_period=$(($wait_period+10))
if [ $wait_period -gt 30 ];then
break
else
sleep 1
fi
done
# If the command times out, then add the option --force
wait_period=0
while ! ynh_lxc_is_stopped --name=$name
do
lxc stop $name --force
wait_period=$(($wait_period+10))
if [ $wait_period -gt 30 ];then
break
else
sleep 5
fi
done
fi
}
# Run a command inside an LXC container
#
# usage: ynh_lxc_run_inside --name=name --command=command
# | arg: -n, --name= - name of the LXC
# | arg: -c, --command= - command to execute
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_run_inside () {
# Declare an array to define the options of this helper.
local legacy_args=nc
local -A args_array=([n]=name= [c]=command=)
local name
local command
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
lxc exec $name -- /bin/bash -c "$command"
}
# Check an LXC container can start
#
# usage: ynh_lxc_check_container_start --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_check_container_start () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
ynh_print_info --message="Test du conteneur $name"
ynh_lxc_start --name=$name # Démarre le conteneur
wait_period=0
while ! ynh_lxc_is_started --name=$name
do
wait_period=$(($wait_period+10))
if [ $wait_period -gt 20 ];then
break
else
sleep 5
fi
done
ynh_lxc_is_started --name=$name
}
# Restart a container
#
# usage: _ynh_lxc_restart_container --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
_ynh_lxc_restart_container () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
ynh_lxc_stop --name=$name
ynh_lxc_start --name=$name
}
# Keep sure the LXC is started
#
# usage: _ynh_lxc_start_and_wait --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
_ynh_lxc_start_and_wait () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
# Try to start the container 3 times.
ynh_lxc_start --name=$name
local max_try=3
local i=0
while [ $i -lt $max_try ]
do
i=$(( i +1 ))
local failstart=0
# Wait for container to start, we are using systemd to check this,
# for the sake of brevity.
for j in $(seq 1 10); do
if ynh_lxc_run_inside --name=$name --command="systemctl isolate multi-user.target >/dev/null 2>/dev/null"
then
break
fi
if [ "$j" == "10" ]; then
log_debug 'Failed to start the container ... restarting ...'
failstart=1
_ynh_lxc_restart_container --name="$name"
fi
sleep 1s
done
# Wait for container to access the internet
for j in $(seq 1 10); do
if ynh_lxc_run_inside --name=$name --command="curl -s http://wikipedia.org > /dev/null 2>/dev/null"
then
break
fi
if [ "$j" == "10" ]; then
log_debug 'Failed to access the internet ... restarting'
failstart=1
_ynh_lxc_restart_container --name="$name"
fi
sleep 1s
done
# Has started and has access to the internet
if [ $failstart -eq 0 ]
then
break
fi
# Fail if the container failed to start
if [ $i -eq $max_try ] && [ $failstart -eq 1 ]
then
log_error "The container miserably failed to start or to connect to the internet"
lxc info --show-log $name
return 1
fi
done
LXC_IP=$(ynh_lxc_run_inside --name=$name --command="hostname -I | cut -d' ' -f1 | grep -E -o \"\<[0-9.]{8,}\>\"")
}
# Launch a new LXC from an image
#
# usage: ynh_lxc_launch --image=image --name=name
# | arg: -i, --image= - image to create from
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_launch (){
# Declare an array to define the options of this helper.
local legacy_args=in
local -A args_array=([i]=image= [n]=name=)
local image
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
if lxc remote list | grep -q "yunohost" && lxc image list yunohost:$image | grep -q -w $image; then
lxc launch yunohost:$image $name \
-c security.nesting=true \
-c security.privileged=true \
-c limits.memory=80% \
-c limits.cpu.allowance=80% | tee -a /proc/self/fd/3
# Check if we can launch container from a local image
elif lxc image list $image | grep -q -w $image; then
lxc launch $image $name \
-c security.nesting=true \
-c security.privileged=true \
-c limits.memory=80% \
-c limits.cpu.allowance=80% | tee -a /proc/self/fd/3
else
log_critical "Can't find base image $image"
fi
}
# Delete a lxc container
#
# usage: ynh_lxc_delete --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_delete () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
if ynh_lxc_exists --name=$name
then
lxc delete $name --force
else
return 1
fi
}
# Clean the swapfiles of an LXC container
#
# usage: ynh_lxc_swapfiles_clean --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_swapfiles_clean () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
_ynh_lxc_start_and_wait --name=$name
ynh_lxc_run_inside --name=$name --command='for swapfile in $(ls /swap_* 2>/dev/null); do swapoff $swapfile; done'
ynh_lxc_run_inside --name=$name --command='for swapfile in $(ls /swap_* 2>/dev/null); do rm -f $swapfile; done'
}
# Check if a snapshot exist for an LXC container
#
# usage: ynh_lxc_snapshot_exists --name=name --snapname=snapname
# | arg: -n, --name= - name of the LXC
# | arg: -s, --snapname= - name of the snapshot
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_snapshot_exists () {
# Declare an array to define the options of this helper.
local legacy_args=ns
local -A args_array=([n]=name= [s]=snapname=)
local name
local snapname
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
# If the container exists
if ynh_lxc_exists --name=$name
then
if lxc list --format json | jq -e --arg name $name --arg snapname $snapname '.[] | select(.name==$name) | .snapshots' >/dev/null
then
if lxc list --format json | jq -e --arg name $name --arg snapname $snapname '.[] | select(.name==$name) | .snapshots[] | select(.name==$snapname)' >/dev/null
then
return 0
else
return 1
fi
else
return 1
fi
fi
}
# Create a snapshot of an LXC container
#
# usage: ynh_lxc_snapshot_create --name=name --snapname=snapname
# | arg: -n, --name= - name of the LXC
# | arg: -s, --snapname= - name of the snapshot
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_snapshot_create () {
# Declare an array to define the options of this helper.
local legacy_args=ns
local -A args_array=([n]=name= [s]=snapname=)
local name
local snapname
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
# Remove swap files to avoid killing the CI with huge snapshots.
ynh_lxc_swapfiles_clean --name=$name
ynh_lxc_stop --name=$name
# Check if the snapshot already exist
if ! ynh_lxc_snapshot_exists --name=$name --snapname="$snapname"
then
log_info "(Creating snapshot $snapname ...)"
lxc snapshot $name $snapname
else
log_info "(Recreating snapshot $snapname ...)"
lxc snapshot $name $snapname --reuse
fi
}
# Delete a snapshot of an LXC container
#
# usage: ynh_lxc_snapshot_delete --name=name --snapname=snapname
# | arg: -n, --name= - name of the LXC
# | arg: -s, --snapname= - name of the snapshot
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_snapshot_delete () {
# Declare an array to define the options of this helper.
local legacy_args=ns
local -A args_array=([n]=name= [s]=snapname=)
local name
local snapname
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
if ynh_lxc_snapshot_exists --name="$name" --snapname="$snapname"
then
lxc delete $name/$snapname
return 0
else
return 1
fi
}
# Load a snapshot of an LXC container
#
# usage: ynh_lxc_snapshot_load --name=name --snapname=snapname
# | arg: -n, --name= - name of the LXC
# | arg: -s, --snapname= - name of the snapshot
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_snapshot_load () {
# Declare an array to define the options of this helper.
local legacy_args=ns
local -A args_array=([n]=name= [s]=snapname=)
local name
local snapname
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
if ynh_lxc_snapshot_exists --name="$name" --snapname="$snapname"
then
log_debug "Loading snapshot $snapname ..."
# Remove swap files before restoring the snapshot.
ynh_lxc_swapfiles_clean --name=$name
ynh_lxc_stop --name=$name
lxc restore $name $snapname
_ynh_lxc_start_and_wait --name=$name
else
return 1
fi
}
# Clone an LXC container
#
# usage: ynh_lxc_clone --source=source --destination=destination
# | arg: -s, --source= - source LXC
# | arg: -d, --destination= - destination LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_clone () {
# Declare an array to define the options of this helper.
local legacy_args=sd
local -A args_array=([s]=source= [d]=destination=)
local source
local destination
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
if ynh_lxc_exists --name=$destination
then
ynh_print_info --message="Deleting LXC container $destination"
ynh_secure_remove --file="/var/lib/lxd/snapshots/$destination/snap0.tar.gz"
ynh_lxc_reset --name=$destination
fi
ynh_print_info --message="Cloning LXC container from $source to $destination"
lxc copy "$source" "$destination"
ynh_lxc_check_container_start --name=$destination
STATUS=$?
if [ $STATUS -eq 1 ]; then
ynh_print_info --message="LXC container $destination is broken."
else
ynh_print_info --message=" LXC container $destination is working."
ynh_print_info --message= "Creating snapshot of LXC container $destination"
ynh_lxc_snapshot_create --name="$destination" --snapname="snap0"
fi
return $STATUS
}
# Reset an LXC container
#
# usage: ynh_lxc_reset --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_reset () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
# If the container exists
if ynh_lxc_exists --name=$name
then
# Remove swap files before deleting the container
ynh_lxc_swapfiles_clean --name=$name
ynh_lxc_stop --name=$name
local current_storage=$(lxc list $name --format json --columns b | jq '.[].expanded_devices.root.pool')
swapoff "$(lxc storage get $current_storage source)/containers/$name/rootfs/swap" 2>/dev/null
ynh_lxc_delete --name=$name
fi
}

230
ynh_lxd_demo Normal file
View file

@ -0,0 +1,230 @@
#!/bin/bash
#=================================================
# DEMO HELPERS
#=================================================
# Start an LXC container in demo mode
#
# usage: ynh_lxc_demo_start --name=name --ip=ip
# | arg: -n, --name= - name of the LXC
# | arg: -n, --ip= - demo ip of the lxc
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_demo_start () {
# Declare an array to define the options of this helper.
local legacy_args=ni
local -A args_array=([n]=name= [i]=ip=)
local name
local ip
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
ynh_lxc_stop --name="$name"
lxc config device set $name eth1 ipv4.address $ip
_ynh_lxc_start_and_wait --name="$name"
}
# Stop an LXC container in demo mode
#
# usage: ynh_lxc_demo_stop --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_demo_stop () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
ynh_lxc_stop --name="$name"
lxc config device unset $name eth1 ipv4.address
}
# Upgrading demo container
#
# usage: ynh_lxc_demo_upgrade --name=name --time_to_switch=time_to_switch
# | arg: -n, --name= - name of the LXC
# | arg: -t, --time_to_switch= - time to switch
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_demo_upgrade () {
# Declare an array to define the options of this helper.
local legacy_args=nt
local -A args_array=([n]=name= [t]=time_to_switch=)
local name
local time_to_switch
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
ynh_print_info --message="Upgrading $name"
# Attend que la machine soit éteinte.
# Timeout à $time_to_switch +5 minutes, en seconde
TIME_OUT=$(($time_to_switch * 60 + 300))
wait_period=0
while ! ynh_lxc_is_stopped --name=$name
do
wait_period=$(($wait_period+10))
if [ $wait_period -gt $TIME_OUT ];then
break
else
sleep 5
fi
done
while test -e /var/lib/lxd/$name.lock_fileS; do
sleep 5 # Attend que le conteneur soit libéré par le script switch.
done
touch /var/lib/lxd/$name.lock_fileU # Met en place un fichier pour indiquer que la machine est indisponible pendant l'upgrade
# Supprime les éventuels swap présents.
/sbin/swapoff /var/lib/lxd/$name/rootfs/swap_*
# Restaure le snapshot
ynh_lxc_snapshot_load --name=$name --snapname=snap0
# Démarre le conteneur
date >> "$final_path/demo_boot.log"
# Update
update_apt=0
ynh_lxc_run_inside --name="$name" --command="apt-get update"
ynh_lxc_run_inside --name="$name" --command="apt-get dist-upgrade --dry-run | grep -q "^Inst " > /dev/null" # Vérifie si il y aura des mises à jour.
if [ "$?" -eq 0 ]; then
date
update_apt=1
# Upgrade
ynh_lxc_run_inside --name="$name" --command="apt-get dist-upgrade --option Dpkg::Options::=--force-confold -yy"
# Clean
ynh_lxc_run_inside --name="$name" --command="apt-get autoremove -y"
ynh_lxc_run_inside --name="$name" --command="apt-get autoclean"
fi
ynh_lxc_run_inside --name="$name" --command="yunohost tools update"
ynh_lxc_run_inside --name="$name" --command="yunohost tools upgrade system"
# Exécution des scripts de upgrade.d
LOOP=$((LOOP + 1))
while read LIGNE
do
if [ ! "$LIGNE" == "exemple" ] && [ ! "$LIGNE" == "old_scripts" ] && [ ! "$LIGNE" == "Constant_upgrade" ] && ! echo "$LIGNE" | grep -q ".fail$" # Le fichier exemple, le dossier old_scripts et les scripts fail sont ignorés
then
date
# Exécute chaque script trouvé dans upgrade.d
ynh_print_info --message="Exécution du script $LIGNE sur le conteneur $name"
/bin/bash "$final_path/upgrade.d/$LIGNE" $name
if [ "$?" -ne 0 ]; then # Si le script a échoué, le snapshot est annulé.
ynh_print_info --message="Échec du script $LIGNE"
mv -f "$final_path/upgrade.d/$LIGNE" "$final_path/upgrade.d/$LIGNE.fail"
ynh_print_info --message="Échec d'exécution du script d'upgrade $LIGNE sur le conteneur $name sur le serveur de demo $DOMAIN!\nLe script a été renommé en .fail, il ne sera plus exécuté tant que le préfixe ne sera pas retiré.\n\nExtrait du log:\n$(tail -n +$log_line "$script_dir/demo_upgrade.log")" | mail -a "Content-Type: text/plain; charset=UTF-8" -s "Demo Yunohost" $MAIL_ADDR
update_apt=0
else
ynh_print_info --message="Le script $LIGNE a été exécuté sans erreur"
update_apt=1
fi
fi
done <<< "$(ls -1 "$final_path/upgrade.d")"
# Exécution des scripts de upgrade.d/Constant_upgrade
while read LIGNE
do
if [ "$update_apt" -eq "1" ]
then
date
# Exécute chaque script trouvé dans upgrade.d/Constant_upgrade
ynh_print_info --message="Exécution du script $LIGNE sur le conteneur $name"
/bin/bash "$final_path/upgrade.d/Constant_upgrade/$LIGNE" $name
if [ "$?" -ne 0 ]; then
ynh_print_info --message="Échec du script $LIGNE"
ynh_print_info --message="Échec d'exécution du script d'upgrade $LIGNE sur le conteneur $name sur le serveur de demo $DOMAIN!\n"
else
ynh_print_info --message="Le script $LIGNE a été exécuté sans erreur"
fi
fi
done <<< "$(ls -1 "$final_path/upgrade.d/Constant_upgrade")"
# Upgrade des apps
ynh_lxc_run_inside --name="$name" --command="yunohost tools update"
ynh_lxc_run_inside --name="$name" --command="systemctl restart nginx"
ynh_lxc_run_inside --name="$name" --command="yunohost tools upgrade apps"
ynh_lxc_run_inside --name="$name" --command="systemctl restart nginx"
# Arrêt de la machine virtualisée
ynh_lxc_stop --name=$name
if [ "$update_apt" -eq "1" ]
then
# Archivage du snapshot
ynh_exec_warn_less tar -cz --acls --xattrs -f /var/lib/lxd/snapshots/$name/snap0.tar.gz /var/lib/lxd/snapshots/$name/snap0
# Remplacement du snapshot
ynh_lxc_snapshot_create --name=$name --snapname=snap0
if [ "$LOOP" -eq 2 ]
then # Après l'upgrade du 2e conteneur, déplace les scripts dans le dossier des anciens scripts si ils ont été exécutés avec succès.
ls -1 "$final_path/upgrade.d" | while read LIGNE
do
if [ ! "$LIGNE" == "exemple" ] && [ ! "$LIGNE" == "old_scripts" ] && [ ! "$LIGNE" == "Constant_upgrade" ] && ! echo "$LIGNE" | grep -q ".fail$" # Le fichier exemple, le dossier old_scripts et les scripts fail sont ignorés
then
mv -f "$final_path/upgrade.d/$LIGNE" "$final_path/upgrade.d/old_scripts/$LIGNE"
fi
done
fi
fi
ynh_secure_remove --file="/var/lib/lxd/$name.lock_fileU" # Libère le lock, la machine est à nouveau disponible
ynh_print_info --message="Finished upgrading $name"
}
# Restore an LXC container from snap0 snapshot
#
# usage: ynh_lxc_demo_restore_from_snapshot --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_demo_restore_from_snapshot () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
ynh_print_info --message="Restoring LXC container $name from snapshot"
ynh_lxc_snapshot_load --name=$name --snapname=snap0
if ynh_lxc_check_container_start --name=$name
then
ynh_print_info --message="LXC container $name is working."
return 0
else
ynh_print_info --message="LXC container $name is broken."
return 1
fi
}
# Restore an LXC container from an archive
#
# usage: ynh_lxc_demo_restore_from_archive --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_demo_restore_from_archive () {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
if ! test -e "/var/lib/lxd/snapshots/$name/snap1.tar.gz"; then
ynh_print_info --message="No snapshot archive for LXC container $name"
return 1
fi
ynh_print_info --message="Restoring snapshot archive for LXC container $name"
ynh_print_info --message="Deleting snapshot"
ynh_lxc_snapshot_delete --name=$name --snapname=snap0
ynh_print_info --message="Untar archive"
tar -x --acls --xattrs -f /var/lib/lxd/snapshots/$name/snap0.tar.gz -C /
ynh_lxc_demo_restore_from_snapshot --name=$name
return $?
}