YunoHost/yunohost_demo
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost_demo.git synced 2024-09-03 19:56:44 +02:00
Code Issues Projects Releases Packages Wiki Activity

Improving readme

Browse source
This commit is contained in:
yalh76 2022-11-06 19:02:46 +01:00
parent 2d7e03f28d
commit 5ca012c226
3 changed files with 98 additions and 205 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
README.MD
View file

@ -1,42 +1,39 @@
# Scripts de gestion et mise en place des serveurs de demo Yunohost sous LXC # Installation and management scripts for YunoHost demo servers using LXD
## Prérequis ## Requirements
* `apt install sudo git nginx -y` * A debian server
* register a dns name to your demo server and make you demo server available from internet for TCP/80 and TCP/443 * Register a dns name to your demo server and make you demo server available from internet for TCP/80 and TCP/443
## demo_lxc_build_init ## demo_lxc_build_init
Ce script prépare le serveur hôte à recevoir les conteneurs LXC de demo. This script will install YunoHost and the app yunohost_demo_ynh
Il doit être exécuté une seule fois et en premier.
## demo_lxc_build ## demo_lxc_build
Ce script construit les conteneurs de demo et les paramètres. This script will build the demo containers.
Il met également en places les crons et démarre le 1er conteneur. It also install crons and start the first container.
Après l'exécution de ce script, la demo est en place. After executing this script, YunoHost demo is working.
## demo_lxc_destroy ## demo_lxc_destroy
Ce script arrête les conteneurs et les détruits. This script stop the containers and destroy them.
Il sert en général à une reconstruction des conteneurs avec de nouveaux paramètres. Et devrait donc être suivi du script demo_lxc_build. It is usually used for rebuilding containers with new parameters. And should therefore be followed by the demo_lxc_build script.
## demo_lxc_remove ## demo_lxc_remove
Ce script, après avoir appelé demo_lxc_destroy va désinstaller LXC et remettre le serveur à son état d'origine. Retirant les paramétrages mis en place pour la demo. This script will remove yunohost_demo_ynh.
Il ne devrait être utilisé qu'en cas de changement de serveur hôte. It should only be used when the host server is changed.
## demo_start ## demo_start
Permet simplement un démarrage propre du 1er conteneur. Avec la mise en place du bridge réseau et des règles de parefeu. Simply allows a clean start of the first container. With network bridge and firewall rules in place.
## demo_stop ## demo_stop
Arrête proprement les conteneurs et désactive la config réseau spécifique. Cleanly shuts down containers and disables the specific network config.
## demo_switch ## demo_switch
Ce script est placé en cron par demo_lxc_build. It will alternate every 30 minutes (by default) the 2 containers and restore the snapshot of the container after it is shut down.
Il va alterner toutes les 30 minutes (par défaut) les 2 conteneurs et rétablir le snapshot du conteneurs après son extinction.
## demo_upgrade ## demo_upgrade
Ce script est placé en cron par demo_lxc_build. It checks every night for updates on the containers, and applies them if necessary. If necessary, it also takes care of redoing the snapshot.
demo_upgrade vérifie chaque nuit les mises à jour sur les conteneurs, et les applique le cas échéant. Si nécessaire, il se charge également de refaire le snapshot.
## demo_restore_crash ## demo_restore_crash
Tente de réparer les conteneurs qui ne démarre pas à partir des snapshots ou des archives de snapshots précédents. Attempts to repair containers that do not boot from previous snapshots or snapshot archives.
Pour effectuer des modifications pérennes sur les conteneurs, il est possible d'ajouter des scripts dans le dossier upgrade.d. Ces scripts seront exécutés après l'upgrade des packages dans chaque conteneur. To make permanent changes to the containers, it is possible to add scripts to the upgrade.d folder. These scripts will be executed after the upgrade of the packages in each container.
En cas d'échec d'exécution, le script sera mis de côté en attendant sa correction. Sinon, il sera archivé. In case of execution failure, the script will be put aside until it is corrected. Otherwise, it will be archived.

229
demo_lxc_build_init.sh
View file

@ -1,188 +1,77 @@
#!/bin/bash #!/bin/bash
# Installe LXC et les paramètres réseaux avant de procéder au build. cd "$(dirname $(realpath $0))"
# Récupère le dossier du script if (( $# < 3 ))
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi then
cat << EOF
Usage: ./demo_lxc_build_init.sh some.domain.tld SecretAdminPasswurzd! Demo_User Demo_Password
LOG=$(cat "$script_dir/demo_lxc_build.sh" | grep LOG= | cut -d '=' -f2) 1st and 2nd arguments are for yunohost postinstall
LOG_BUILD_LXC="$script_dir/$LOG" - domain
lxc_name1=$(cat "$script_dir/demo_lxc_build.sh" | grep lxc_name1= | cut -d '=' -f2) - admin password
lxc_name2=$(cat "$script_dir/demo_lxc_build.sh" | grep lxc_name2= | cut -d '=' -f2)
lxdbr_demo_network=$(cat "$script_dir/demo_lxc_build.sh" | grep lxdbr_demo_network= | cut -d '=' -f2)
lxc_ip1=$(cat "$script_dir/demo_lxc_build.sh" | grep lxc_ip1= | cut -d '=' -f2)
lxc_ip2=$(cat "$script_dir/demo_lxc_build.sh" | grep lxc_ip2= | cut -d '=' -f2)
MAIL_ADDR=$(cat "$script_dir/demo_lxc_build.sh" | grep MAIL_ADDR= | cut -d '=' -f2)
# Check user 3rd and 4th argument are used for the demo
echo $(whoami) > "$script_dir/setup_user" - demo_user
- demo_password
read -p "Indiquer le nom de domaine du serveur de demo: " DOMAIN
echo "$DOMAIN" > "$script_dir/domain.ini"
# Créer le dossier de log
sudo mkdir -p $(dirname $LOG_BUILD_LXC)
echo -e "> Update et install lxc, lxctl et mailutils" | tee "$LOG_BUILD_LXC"
sudo apt-get update | tee -a "$LOG_BUILD_LXC" 2>&1
sudo apt-get install -y lxc lxctl mailutils certbot | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "> Autoriser l'ip forwarding, pour router vers la machine virtuelle." | tee -a "$LOG_BUILD_LXC"
echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/lxc_demo.conf | tee -a "$LOG_BUILD_LXC" 2>&1
sudo sysctl -p /etc/sysctl.d/lxc_demo.conf | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "> Ajoute un brige réseau pour la machine virtualisée" | tee -a "$LOG_BUILD_LXC"
echo | sudo tee /etc/network/interfaces.d/lxc_demo <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
auto lxc_demo
iface lxc_demo inet static
address $lxdbr_demo_network.1/24
bridge_ports none
bridge_fd 0
bridge_maxwait 0
EOF EOF
exit 1
echo -e "> Active le bridge réseau" | tee -a "$LOG_BUILD_LXC"
sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "> Mise en place de la connexion ssh vers l'invité." | tee -a "$LOG_BUILD_LXC"
if [ -e $HOME/.ssh/$lxc_name1 ]; then
rm -f $HOME/.ssh/$lxc_name1 $HOME/.ssh/$lxc_name1.pub
ssh-keygen -f $HOME/.ssh/known_hosts -R $lxdbr_demo_network$lxc_ip1
ssh-keygen -f $HOME/.ssh/known_hosts -R $lxdbr_demo_network$lxc_ip2
fi fi
ssh-keygen -t rsa -f $HOME/.ssh/$lxc_name1 -P '' | tee -a "$LOG_BUILD_LXC" 2>&1
echo | tee -a $HOME/.ssh/config <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1 domain=$1
# ssh $lxc_name1 yuno_pwd=$2
Host $lxc_name1 demo_user=$3
Hostname $lxdbr_demo_network$lxc_ip1 demo_password=$4
User ssh_demo
IdentityFile $HOME/.ssh/$lxc_name1
Host $lxc_name2
Hostname $lxdbr_demo_network$lxc_ip2
User ssh_demo
IdentityFile $HOME/.ssh/$lxc_name1
# End ssh $lxc_name1
EOF
echo -e "> Mise en place du reverse proxy et du load balancing" | tee -a "$LOG_BUILD_LXC" echo_bold () {
echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1 echo -e "\e[1m$1\e[0m"
#upstream $DOMAIN {
# server $lxdbr_demo_network$lxc_ip1:443 ;
# server $lxdbr_demo_network$lxc_ip2:443 ;
#}
server {
listen 80;
listen [::]:80;
server_name $DOMAIN;
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /tmp/letsencrypt-auto;
}
access_log /var/log/nginx/$DOMAIN-access.log;
error_log /var/log/nginx/$DOMAIN-error.log;
}
EOF
sudo service nginx reload
echo -e "> Création du certificat SSL." | tee -a "$LOG_BUILD_LXC"
sudo mkdir -p /etc/letsencrypt
# Créer le fichier de config
echo | sudo tee /etc/letsencrypt/conf.ini <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
#################################
# Let's encrypt configuration #
#################################
# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096
# Uncomment and update to register with the specified e-mail address
email = $MAIL_ADDR
# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
# avec le contenu dans /tmp/letsencrypt-auto
authenticator = webroot
webroot-path = /tmp/letsencrypt-auto
# Utiliser l'interface texte
text = True
# Uncomment to automatically agree to the terms of service of the ACME server
agree-tos = true
# (Serveur de test uniquement : si vous l'utilisez,
# votre certificat ne sera pas vraiment valide)
# server = https://acme-staging-v02.api.letsencrypt.org/directory
EOF
mkdir -p /tmp/letsencrypt-auto
# Créer le certificat
sudo certbot certonly --config /etc/letsencrypt/conf.ini -d $DOMAIN --no-eff-email
# Route l'upstream sur le port 443. Le port 80 servait uniquement à let's encrypt
# sudo sed -i "s/server $lxdbr_demo_network$lxc_ip1:80 ;/server $lxdbr_demo_network$lxc_ip1:443 ;/" /etc/nginx/conf.d/$DOMAIN.conf
# Décommente les lignes du certificat
# sudo sed -i "s/#\tssl_certificate/\tssl_certificate/g" /etc/nginx/conf.d/$DOMAIN.conf
# Supprime les commentaires dans la conf nginx
echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
#upstream $DOMAIN {
# server $lxdbr_demo_network$lxc_ip1:443 ;
# server $lxdbr_demo_network$lxc_ip2:443 ;
#}
server {
listen 80;
listen [::]:80;
server_name $DOMAIN;
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /tmp/letsencrypt-auto;
}
access_log /var/log/nginx/$DOMAIN-access.log;
error_log /var/log/nginx/$DOMAIN-error.log;
} }
server { # -----------------------------------------------------------------
listen 443 ssl;
listen [::]:443 ssl;
server_name $DOMAIN;
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem; function install_dependencies() {
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
add_header Strict-Transport-Security "max-age=31536000;";
location / { echo_bold "> Installing dependencies..."
proxy_pass https://$DOMAIN; apt-get update
proxy_redirect off; apt-get install -y curl wget git python3-pip
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host \$server_name;
}
access_log /var/log/nginx/$DOMAIN-access.log;
error_log /var/log/nginx/$DOMAIN-error.log;
} }
EOF
sudo service nginx reload function setup_yunohost() {
echo -e "Le serveur est prêt à déployer les conteneurs de demo." echo_bold "> Setting up Yunohost..."
echo -e "Exécutez le script demo_lxc_build.sh pour créer les conteneurs et mettre en place la demo." local DIST="bullseye"
local INSTALL_SCRIPT="https://install.yunohost.org/$DIST"
curl $INSTALL_SCRIPT | bash -s -- -a
# Déploie les conteneurs de demo echo_bold "> Running yunohost postinstall"
# "$script_dir/demo_lxc_build.sh" yunohost tools postinstall --domain $domain --password $yuno_pwd
echo_bold "> Disabling unecessary services to save up RAM"
for SERVICE in mysql php7.3-fpm metronome rspamd dovecot postfix redis-server postsrsd yunohost-api avahi-daemon
do
systemctl stop $SERVICE
systemctl disable $SERVICE --quiet
done
}
function setup_yunohost_demo() {
echo_bold "> Installation of yunohost_demo..."
if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "yunohost_demo")' >/dev/null
then
yunohost app install --force https://github.com/YunoHost-Apps/yunohost_demo_ynh -a "domain=$domain&demo_user=$demo_user&demo_password=$demo_password"
fi
}
# =========================
# Main stuff
# =========================
install_dependencies
[ -e /usr/bin/yunohost ] || setup_yunohost
setup_yunohost_demo
echo "Done!"
echo " "

33
demo_lxc_remove.sh
View file

@ -15,18 +15,25 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1) lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
path_url=$(ynh_app_setting_get --app=$app --key=path) path_url=$(ynh_app_setting_get --app=$app --key=path)
/bin/bash "$final_path/demo_lxc_destroy.sh" echo_bold () {
echo -e "\e[1m$1\e[0m"
}
# Suppression du reverse proxy # -----------------------------------------------------------------
echo -e "> Suppression de la config nginx"
sudo rm /etc/nginx/conf.d/$DOMAIN.conf
sudo service nginx reload
# Suppression du certificat Let's encrypt function remove_yunohost_demo() {
echo -e "> Suppression de Let's encrypt" echo_bold "> Installation of yunohost_demo..."
sudo rm -r /etc/letsencrypt if yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "yunohost_demo")' >/dev/null
sudo rm -r ~/.local/share/letsencrypt then
sudo rm -r ~/letsencrypt yunohost app remove yunohost_demo --purge
sudo rm -r /var/lib/letsencrypt fi
# Supprime la tache cron }
sudo rm /etc/cron.weekly/Certificate_Renewer
# =========================
# Main stuff
# =========================
remove_yunohost_demo
echo "Done!"
echo " "