Improving readme

2024-09-03 19:56:44 +02:00 · 2022-11-06 19:02:46 +01:00 · 2022-11-06 19:02:46 +01:00 · 5ca012c226
commit 5ca012c226
parent 2d7e03f28d
3 changed files with 98 additions and 205 deletions
--- a/README.MD
+++ b/README.MD
@ -1,42 +1,39 @@
-# Scripts de gestion et mise en place des serveurs de demo Yunohost sous LXC
+# Installation and management scripts for YunoHost demo servers using LXD

-## Prérequis
-* `apt install sudo git nginx -y`
-* register a dns name to your demo server and make you demo server available from internet for TCP/80 and TCP/443
+## Requirements
+* A debian server
+* Register a dns name to your demo server and make you demo server available from internet for TCP/80 and TCP/443

 ## demo_lxc_build_init
-Ce script prépare le serveur hôte à recevoir les conteneurs LXC de demo.  
-Il doit être exécuté une seule fois et en premier.
+This script will install YunoHost and the app yunohost_demo_ynh

 ## demo_lxc_build
-Ce script construit les conteneurs de demo et les paramètres.  
-Il met également en places les crons et démarre le 1er conteneur.  
-Après l'exécution de ce script, la demo est en place.
+This script will build the demo containers.
+It also install crons and start the first container.
+After executing this script, YunoHost demo is working.

 ## demo_lxc_destroy
-Ce script arrête les conteneurs et les détruits.  
-Il sert en général à une reconstruction des conteneurs avec de nouveaux paramètres. Et devrait donc être suivi du script demo_lxc_build.
+This script stop the containers and destroy them.
+It is usually used for rebuilding containers with new parameters. And should therefore be followed by the demo_lxc_build script.

 ## demo_lxc_remove
-Ce script, après avoir appelé demo_lxc_destroy va désinstaller LXC et remettre le serveur à son état d'origine. Retirant les paramétrages mis en place pour la demo.  
-Il ne devrait être utilisé qu'en cas de changement de serveur hôte.
+This script will remove yunohost_demo_ynh.
+It should only be used when the host server is changed.

 ## demo_start
-Permet simplement un démarrage propre du 1er conteneur. Avec la mise en place du bridge réseau et des règles de parefeu.
+Simply allows a clean start of the first container. With network bridge and firewall rules in place.

 ## demo_stop
-Arrête proprement les conteneurs et désactive la config réseau spécifique.
+Cleanly shuts down containers and disables the specific network config.

 ## demo_switch
-Ce script est placé en cron par demo_lxc_build.  
-Il va alterner toutes les 30 minutes (par défaut) les 2 conteneurs et rétablir le snapshot du conteneurs après son extinction.
+It will alternate every 30 minutes (by default) the 2 containers and restore the snapshot of the container after it is shut down.

 ## demo_upgrade
-Ce script est placé en cron par demo_lxc_build.  
-demo_upgrade vérifie chaque nuit les mises à jour sur les conteneurs, et les applique le cas échéant. Si nécessaire, il se charge également de refaire le snapshot.
+It checks every night for updates on the containers, and applies them if necessary. If necessary, it also takes care of redoing the snapshot.

 ## demo_restore_crash
-Tente de réparer les conteneurs qui ne démarre pas à partir des snapshots ou des archives de snapshots précédents.
+Attempts to repair containers that do not boot from previous snapshots or snapshot archives.

-Pour effectuer des modifications pérennes sur les conteneurs, il est possible d'ajouter des scripts dans le dossier upgrade.d. Ces scripts seront exécutés après l'upgrade des packages dans chaque conteneur.
-En cas d'échec d'exécution, le script sera mis de côté en attendant sa correction. Sinon, il sera archivé.
+To make permanent changes to the containers, it is possible to add scripts to the upgrade.d folder. These scripts will be executed after the upgrade of the packages in each container.
+In case of execution failure, the script will be put aside until it is corrected. Otherwise, it will be archived.
--- a/demo_lxc_build_init.sh
+++ b/demo_lxc_build_init.sh
@ -1,188 +1,77 @@
 #!/bin/bash

-# Installe LXC et les paramètres réseaux avant de procéder au build.
+cd "$(dirname $(realpath $0))"

-# Récupère le dossier du script
-if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
+if (( $# < 3 ))
+then
+	cat << EOF
+Usage: ./demo_lxc_build_init.sh some.domain.tld SecretAdminPasswurzd! Demo_User Demo_Password

-LOG=$(cat "$script_dir/demo_lxc_build.sh" | grep LOG= | cut -d '=' -f2)
-LOG_BUILD_LXC="$script_dir/$LOG"
-lxc_name1=$(cat "$script_dir/demo_lxc_build.sh" | grep lxc_name1= | cut -d '=' -f2)
-lxc_name2=$(cat "$script_dir/demo_lxc_build.sh" | grep lxc_name2= | cut -d '=' -f2)
-lxdbr_demo_network=$(cat "$script_dir/demo_lxc_build.sh" | grep lxdbr_demo_network= | cut -d '=' -f2)
-lxc_ip1=$(cat "$script_dir/demo_lxc_build.sh" | grep lxc_ip1= | cut -d '=' -f2)
-lxc_ip2=$(cat "$script_dir/demo_lxc_build.sh" | grep lxc_ip2= | cut -d '=' -f2)
-MAIL_ADDR=$(cat "$script_dir/demo_lxc_build.sh" | grep MAIL_ADDR= | cut -d '=' -f2)
+1st and 2nd arguments are for yunohost postinstall
+  - domain
+  - admin password

-# Check user
-echo $(whoami) > "$script_dir/setup_user"
+3rd and 4th argument are used for the demo
+  - demo_user
+  - demo_password

-read -p "Indiquer le nom de domaine du serveur de demo: " DOMAIN
-echo "$DOMAIN" > "$script_dir/domain.ini"
-
-# Créer le dossier de log
-sudo mkdir -p $(dirname $LOG_BUILD_LXC)
-
-echo -e "> Update et install lxc, lxctl et mailutils" | tee "$LOG_BUILD_LXC"
-sudo apt-get update | tee -a "$LOG_BUILD_LXC" 2>&1
-sudo apt-get install -y lxc lxctl mailutils certbot | tee -a "$LOG_BUILD_LXC" 2>&1
-
-echo -e "> Autoriser l'ip forwarding, pour router vers la machine virtuelle." | tee -a "$LOG_BUILD_LXC"
-echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/lxc_demo.conf | tee -a "$LOG_BUILD_LXC" 2>&1
-sudo sysctl -p /etc/sysctl.d/lxc_demo.conf | tee -a "$LOG_BUILD_LXC" 2>&1
-
-echo -e "> Ajoute un brige réseau pour la machine virtualisée" | tee -a "$LOG_BUILD_LXC"
-echo | sudo tee /etc/network/interfaces.d/lxc_demo <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
-auto lxc_demo
-iface lxc_demo inet static
-		address $lxdbr_demo_network.1/24
-		bridge_ports none
-		bridge_fd 0
-		bridge_maxwait 0
 EOF
-
-echo -e "> Active le bridge réseau" | tee -a "$LOG_BUILD_LXC"
-sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo | tee -a "$LOG_BUILD_LXC" 2>&1
-
-echo -e "> Mise en place de la connexion ssh vers l'invité." | tee -a "$LOG_BUILD_LXC"
-if [ -e $HOME/.ssh/$lxc_name1 ]; then
-	rm -f $HOME/.ssh/$lxc_name1 $HOME/.ssh/$lxc_name1.pub
-	ssh-keygen -f $HOME/.ssh/known_hosts -R $lxdbr_demo_network$lxc_ip1
-	ssh-keygen -f $HOME/.ssh/known_hosts -R $lxdbr_demo_network$lxc_ip2
+	exit 1
 fi
-ssh-keygen -t rsa -f $HOME/.ssh/$lxc_name1 -P '' | tee -a "$LOG_BUILD_LXC" 2>&1

-echo | tee -a $HOME/.ssh/config <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
-# ssh $lxc_name1
-Host $lxc_name1
-Hostname $lxdbr_demo_network$lxc_ip1
-User ssh_demo
-IdentityFile $HOME/.ssh/$lxc_name1
-Host $lxc_name2
-Hostname $lxdbr_demo_network$lxc_ip2
-User ssh_demo
-IdentityFile $HOME/.ssh/$lxc_name1
-# End ssh $lxc_name1
-EOF
+domain=$1
+yuno_pwd=$2
+demo_user=$3
+demo_password=$4

-echo -e "> Mise en place du reverse proxy et du load balancing" | tee -a "$LOG_BUILD_LXC"
-echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
-#upstream $DOMAIN  {
-#  server $lxdbr_demo_network$lxc_ip1:443 ;
-#  server $lxdbr_demo_network$lxc_ip2:443 ;
-#}
-
-server {
-	listen 80;
-	listen [::]:80;
-	server_name $DOMAIN;
-
-	location '/.well-known/acme-challenge' {
-		default_type "text/plain";
-		root		 /tmp/letsencrypt-auto;
-	}
-
-	access_log /var/log/nginx/$DOMAIN-access.log;
-	error_log /var/log/nginx/$DOMAIN-error.log;
-}
-EOF
-
-sudo service nginx reload
-
-echo -e "> Création du certificat SSL." | tee -a "$LOG_BUILD_LXC"
-sudo mkdir -p /etc/letsencrypt
-
-# Créer le fichier de config
-echo | sudo tee /etc/letsencrypt/conf.ini <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
-#################################
-#  Let's encrypt configuration  #
-#################################
-
-# Use a 4096 bit RSA key instead of 2048
-rsa-key-size = 4096
-
-# Uncomment and update to register with the specified e-mail address
-email = $MAIL_ADDR
-
-# Uncomment to use the webroot authenticator. Replace webroot-path with the
-# path to the public_html / webroot folder being served by your web server.
-# avec le contenu dans /tmp/letsencrypt-auto
-authenticator = webroot
-webroot-path = /tmp/letsencrypt-auto
-
-# Utiliser l'interface texte
-text = True
-# Uncomment to automatically agree to the terms of service of the ACME server
-agree-tos = true
-
-# (Serveur de test uniquement : si vous l'utilisez,
-# votre certificat ne sera pas vraiment valide)
-# server = https://acme-staging-v02.api.letsencrypt.org/directory
-EOF
-
-mkdir -p /tmp/letsencrypt-auto
-# Créer le certificat
-sudo certbot certonly --config /etc/letsencrypt/conf.ini -d $DOMAIN --no-eff-email
-
-# Route l'upstream sur le port 443. Le port 80 servait uniquement à let's encrypt
-# sudo sed -i "s/server $lxdbr_demo_network$lxc_ip1:80 ;/server $lxdbr_demo_network$lxc_ip1:443 ;/" /etc/nginx/conf.d/$DOMAIN.conf
-# Décommente les lignes du certificat
-# sudo sed -i "s/#\tssl_certificate/\tssl_certificate/g" /etc/nginx/conf.d/$DOMAIN.conf
-# Supprime les commentaires dans la conf nginx
-
-echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
-#upstream $DOMAIN  {
-#  server $lxdbr_demo_network$lxc_ip1:443 ;
-#  server $lxdbr_demo_network$lxc_ip2:443 ;
-#}
-
-server {
-	listen 80;
-	listen [::]:80;
-	server_name $DOMAIN;
-
-	location '/.well-known/acme-challenge' {
-		default_type "text/plain";
-		root		 /tmp/letsencrypt-auto;
-	}
-
-	access_log /var/log/nginx/$DOMAIN-access.log;
-	error_log /var/log/nginx/$DOMAIN-error.log;
+echo_bold () {
+	echo -e "\e[1m$1\e[0m"
 }

-server {
-	listen 443 ssl;
-	listen [::]:443 ssl;
-	server_name $DOMAIN;
+# -----------------------------------------------------------------

-	ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
-	ssl_session_timeout 5m;
-	ssl_session_cache shared:SSL:50m;
-	ssl_prefer_server_ciphers on;
-	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-	ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
-	add_header Strict-Transport-Security "max-age=31536000;";
+function install_dependencies() {

-	location / {
-		proxy_pass		https://$DOMAIN;
-		proxy_redirect	off;
-		proxy_set_header  Host \$host;
-		proxy_set_header  X-Real-IP \$remote_addr;
-		proxy_set_header  X-Forwarded-Proto \$scheme;
-		proxy_set_header  X-Forwarded-For \$proxy_add_x_forwarded_for;
-		proxy_set_header  X-Forwarded-Host \$server_name;
-	}
-
-	access_log /var/log/nginx/$DOMAIN-access.log;
-	error_log /var/log/nginx/$DOMAIN-error.log;
+	echo_bold "> Installing dependencies..."
+	apt-get update
+	apt-get install -y curl wget git python3-pip
 }
-EOF

-sudo service nginx reload
+function setup_yunohost() {
 	
-echo -e "Le serveur est prêt à déployer les conteneurs de demo."
-echo -e "Exécutez le script demo_lxc_build.sh pour créer les conteneurs et mettre en place la demo."
+	echo_bold "> Setting up Yunohost..."
+	local DIST="bullseye"
+	local INSTALL_SCRIPT="https://install.yunohost.org/$DIST"
+	curl $INSTALL_SCRIPT | bash -s -- -a
 	
-# Déploie les conteneurs de demo
-# "$script_dir/demo_lxc_build.sh"
+	echo_bold "> Running yunohost postinstall"
+	yunohost tools postinstall --domain $domain --password $yuno_pwd
+
+	echo_bold "> Disabling unecessary services to save up RAM"
+	for SERVICE in mysql php7.3-fpm metronome rspamd dovecot postfix redis-server postsrsd yunohost-api avahi-daemon
+	do
+		systemctl stop $SERVICE
+		systemctl disable $SERVICE --quiet
+	done
+}
+
+function setup_yunohost_demo() {
+	echo_bold "> Installation of yunohost_demo..."
+	if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "yunohost_demo")' >/dev/null
+	then
+		yunohost app install --force https://github.com/YunoHost-Apps/yunohost_demo_ynh -a "domain=$domain&demo_user=$demo_user&demo_password=$demo_password"
+	fi
+}
+
+# =========================
+#  Main stuff
+# =========================
+
+install_dependencies
+
+[ -e /usr/bin/yunohost ] || setup_yunohost
+
+setup_yunohost_demo
+
+echo "Done!"
+echo " "
--- a/demo_lxc_remove.sh
+++ b/demo_lxc_remove.sh
@ -15,18 +15,25 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
 path_url=$(ynh_app_setting_get --app=$app --key=path)

-/bin/bash "$final_path/demo_lxc_destroy.sh"
+echo_bold () {
+	echo -e "\e[1m$1\e[0m"
+}

-# Suppression du reverse proxy
-echo -e "> Suppression de la config nginx"
-sudo rm /etc/nginx/conf.d/$DOMAIN.conf
-sudo service nginx reload
+# -----------------------------------------------------------------

-# Suppression du certificat Let's encrypt
-echo -e "> Suppression de Let's encrypt"
-sudo rm -r /etc/letsencrypt
-sudo rm -r ~/.local/share/letsencrypt
-sudo rm -r ~/letsencrypt
-sudo rm -r /var/lib/letsencrypt
-# Supprime la tache cron
-sudo rm /etc/cron.weekly/Certificate_Renewer
+function remove_yunohost_demo() {
+	echo_bold "> Installation of yunohost_demo..."
+	if yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "yunohost_demo")' >/dev/null
+	then
+		yunohost app remove yunohost_demo --purge
+	fi
+}
+
+# =========================
+#  Main stuff
+# =========================
+
+remove_yunohost_demo
+
+echo "Done!"
+echo " "