YunoHost/yunohost_demo
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost_demo.git synced 2024-09-03 19:56:44 +02:00
Code Issues Projects Releases Packages Wiki Activity

Switching to LXD

Browse source
This commit is contained in:
yalh76 2022-10-13 05:46:46 +02:00
parent ba196567ff
commit 98f1bbdabd
16 changed files with 554 additions and 751 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
conf/cron_demo_switch Normal file
View file

@ -0,0 +1,2 @@
# Switch des conteneurs toutes les __TIME_TO_SWITCH__ minutes
*/__TIME_TO_SWITCH__ * * * * root /bin/bash __FINAL_PATH__/demo_switch.sh >> "__FINAL_PATH__/demo_switch.log" 2>&1

2
conf/cron_demo_upgrade Normal file
View file

@ -0,0 +1,2 @@
# Vérifie les mises à jour des conteneurs de demo, lorsqu'ils ne sont pas utilisés, à partir de 3h2minutes chaque nuit. Attention à rester sur un multiple du temps de switch.
2 3 * * * root /bin/bash __FINAL_PATH__/demo_upgrade.sh >> "__FINAL_PATH__/demo_upgrade.log" 2>&1

13
conf/systemd.service Normal file
View file

@ -0,0 +1,13 @@
[Unit]
Description=Start and stop script for lxc demo container
Requires=network.target
After=network.target
[Service]
Type=forking
ExecStart=/bin/bash __FINAL_PATH__/demo_start.sh
RemainAfterExit=true
ExecStop=/bin/bash __FINAL_PATH__/demo_stop.sh
ExecReload=/bin/bash __FINAL_PATH__/demo_start.sh
[Install]
WantedBy=multi-user.target

394
demo_lxc_build.sh
View file

@ -5,313 +5,173 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
lxdbr_demo_name=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_name)
lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network)
lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1)
lxc_ip2=$(ynh_app_setting_get --app=$app --key=lxc_ip2)
demo_user=$(ynh_app_setting_get --app=$app --key=demo_user)
demo_password=$(ynh_app_setting_get --app=$app --key=demo_password)
demo_package=$(ynh_app_setting_get --app=$app --key=demo_package)
yunohost_password="$demo_password"
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2)
time_to_switch=$(ynh_app_setting_get --app=$app --key=time_to_switch)
DIST=$(ynh_app_setting_get --app=$app --key=DIST)
ARCH=$(ynh_app_setting_get --app=$app --key=ARCH)
YNH_BRANCH=$(ynh_app_setting_get --app=$app --key=YNH_BRANCH)
lxc_base="ynh-dev-$DIST-$ARCH-$YNH_BRANCH-base"
LOG=Build_lxc.log
LOG_BUILD_LXC="$script_dir/$LOG"
PLAGE_IP=10.1.5
IP_LXC1=10.1.5.3
IP_LXC2=10.1.5.4
ARG_SSH=-t
DOMAIN=$(cat "$script_dir/domain.ini")
YUNO_PWD=demo
LXC_NAME1=yunohost_demo1
LXC_NAME2=yunohost_demo2
TIME_TO_SWITCH=30
DIST="bullseye"
# En minutes
MAIL_ADDR=demo@yunohost.org
dnsforce=0
main_iface=
dns=
LOG_BUILD_LXC="$final_path/$LOG"
lxc_current_version=$(lxc-info --version)
if $(dpkg --compare-versions "$lxc_current_version" "gt" "3.0.0"); then new_lxc=1; else new_lxc=0; fi
USER_DEMO=demo
PASSWORD_DEMO=demo
# Tente de définir l'interface réseau principale
if [ -z $main_iface ] # Si main_iface est vide, tente de le trouver.
then
# main_iface=$(sudo route | grep default.*0.0.0.0 -m1 | awk '{print $8;}') # Prend l'interface réseau défini par default
main_iface=$(sudo ip route | grep default | awk '{print $5;}') # Prend l'interface réseau défini par default
if [ -z $main_iface ]; then
echo -e "\e[91mImpossible de déterminer le nom de l'interface réseau de l'hôte.\e[0m"
exit 1
fi
fi
if [ -z $dns ] # Si l'adresse du dns est vide, tente de le déterminer à partir de la passerelle par défaut.
then
# dns=$(sudo route -n | grep ^0.0.0.0.*$main_iface | awk '{print $2;}')
dns=$(sudo ip route | grep default | awk '{print $3;}')
if [ -z $dns ]; then
echo -e "\e[91mImpossible de déterminer l'adresse de la passerelle.\e[0m"
exit 1
fi
fi
# Check user
if [ "$USER" != "$(cat "$script_dir/setup_user")" ] && test -e "$script_dir/setup_user"; then
echo -e "\e[91mCe script doit être exécuté avec l'utilisateur $(cat "$script_dir/setup_user")"
echo -en "\e[0m"
exit 0
fi
sudo mkdir -p /var/lib/lxcsnaps # Créer le dossier lxcsnaps, pour s'assurer que lxc utilisera ce dossier, même avec lxc 2.
if sudo lxc-info -n $LXC_NAME1 > /dev/null 2>&1
if $(ynh_lxc_exists --name="$name")
then # Si le conteneur existe déjà
echo -e "\e[1m> Suppression du conteneur existant.\e[0m" | tee -a "$LOG_BUILD_LXC"
"$script_dir/demo_lxc_destroy.sh" quiet | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[1m> Suppression du conteneur existant.\e[0m" | tee -a "$LOG_BUILD_LXC"
/bin/bash "$final_path/demo_lxc_destroy.sh" quiet | tee -a "$LOG_BUILD_LXC"
fi
echo -e "\e[1m> Création d'une machine debian $DIST minimaliste\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-create -n $LXC_NAME1 -t debian -- -r $DIST >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="\e[1m> Création d'une machine debian $DIST minimaliste\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_create --image="$lxc_base" --name="$lxc_name1" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Active le bridge réseau\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message= "\e[1m> Active le bridge réseau\e[0m" | tee -a "$LOG_BUILD_LXC"
lxc network attach $lxdbr_demo_name $lxc_name1 eth1 eth1 | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Configuration réseau du conteneur\e[0m" | tee -a "$LOG_BUILD_LXC"
if [ $new_lxc -eq 1 ]; then
sudo sed -i "s/^lxc.net.0.link = lxcbr0$/lxc.net.0.link = lxc_demo\nlxc.net.0.name = eth0\nlxc.net.0.veth.pair = $LXC_NAME1/" /var/lib/lxc/$LXC_NAME1/config >> "$LOG_BUILD_LXC" 2>&1
else
sudo sed -i "s/^lxc.net.0.type = empty$/lxc.net.0.type = veth\nlxc.net.0.flags = up\nlxc.net.0.link = lxc_demo\nlxc.net.0.name = eth0\nlxc.net.0.veth.pair = $LXC_NAME1\nlxc.net.0.hwaddr = 00:FF:AA:00:00:03/" /var/lib/lxc/$LXC_NAME1/config >> "$LOG_BUILD_LXC" 2>&1
fi
ynh_print_info --message="\e[1m> Configuration réseau de la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="cp /etc/systemd/network/eth0.network /etc/systemd/network/eth1.network"
ynh_lxc_run_inside --name="$lxc_name1" --command="sed -i s/eth0/eth1/g /etc/systemd/network/eth1.network"
echo -e "\e[1m> Configuration réseau de la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo sed -i "s@iface eth0 inet dhcp@iface eth0 inet static\n\taddress $IP_LXC1/24\n\tgateway $PLAGE_IP.1@" /var/lib/lxc/$LXC_NAME1/rootfs/etc/network/interfaces >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="\e[1m> Update de la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="apt-get -y update"
ynh_lxc_run_inside --name="$lxc_name1" --command="apt-get -y full-upgrade"
ynh_lxc_run_inside --name="$lxc_name1" --command="apt-get -y autoremove"
ynh_lxc_run_inside --name="$lxc_name1" --command="apt-get -y clean"
echo -e "\e[1m> Configure le parefeu\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1
sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1
sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="\e[1m> Post install Yunohost\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost tools postinstall --domain $domain --password $yunohost_password --force-password" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Vérification du contenu du resolv.conf\e[0m" | tee -a "$LOG_BUILD_LXC"
if ! sudo cat /var/lib/lxc/$LXC_NAME1/rootfs/etc/resolv.conf | grep -q nameserver; then
dnsforce=1 # Le resolv.conf est vide, on force l'ajout d'un dns.
fi
if [ $dnsforce -eq 1 ]; then # Force la réécriture du resolv.conf
echo "nameserver $dns" | sudo tee /var/lib/lxc/$LXC_NAME1/rootfs/etc/resolv.conf
fi
ynh_print_info --message="\e[1m> Disable password strength\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost settings set security.password.user.strength -v -1" | tee -a "$LOG_BUILD_LXC"
# Fix an issue with apparmor when the container start.
if [ $new_lxc -eq 1 ]; then
sudo sed -i "s/^lxc.apparmor.profile = generated$/lxc.apparmor.profile = unconfined/" /var/lib/lxc/$LXC_NAME1/config >> "$LOG_BUILD_LXC" 2>&1
else
echo -e "\n# Fix apparmor issues\nlxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/$LXC_NAME1/config >> "$LOG_BUILD_LXC" 2>&1
fi
ynh_print_info --message="\e[1m> Ajout de l'utilisateur de demo\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost user create $demo_user --firstname $demo_user --lastname $demo_user --domain $domain --password $demo_password" | tee -a "$LOG_BUILD_LXC"
echo -e "\e[1m> Démarrage de la machine\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-start -n $LXC_NAME1 -d --logfile "$script_dir/lxc_boot.log" >> "$LOG_BUILD_LXC" 2>&1
sleep 3
sudo lxc-ls -f >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Update et install aptitude sudo aptitude sudo ssh openssh-server curl\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-attach -n $LXC_NAME1 -- apt-get update
sudo lxc-attach -n $LXC_NAME1 -- apt-get install -y aptitude sudo ssh openssh-server curl
echo -e "\e[1m> Installation des paquets standard et ssh-server\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-attach -n $LXC_NAME1 -- aptitude install -y ~pstandard ~prequired ~pimportant
echo -e "\e[1m> Renseigne /etc/hosts sur l'invité\e[0m" | tee -a "$LOG_BUILD_LXC"
echo "127.0.0.1 $LXC_NAME1" | sudo tee -a /var/lib/lxc/$LXC_NAME1/rootfs/etc/hosts >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Ajoute l'user ssh_demo (avec un mot de passe à revoir...)\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-attach -n $LXC_NAME1 -- useradd -m -p ssh_demo ssh_demo >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Autorise ssh_demo à utiliser sudo sans mot de passe\e[0m" | tee -a "$LOG_BUILD_LXC"
echo "ssh_demo ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee -a /var/lib/lxc/$LXC_NAME1/rootfs/etc/sudoers >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Mise en place de la connexion ssh vers l'invité.\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo mkdir /var/lib/lxc/$LXC_NAME1/rootfs/home/ssh_demo/.ssh >> "$LOG_BUILD_LXC" 2>&1
sudo cp $HOME/.ssh/$LXC_NAME1.pub /var/lib/lxc/$LXC_NAME1/rootfs/home/ssh_demo/.ssh/authorized_keys >> "$LOG_BUILD_LXC" 2>&1
sudo lxc-attach -n $LXC_NAME1 -- chown ssh_demo -R /home/ssh_demo/.ssh >> "$LOG_BUILD_LXC" 2>&1
ssh -o StrictHostKeyChecking=no $ARG_SSH $LXC_NAME1 "exit 0" # Initie une première connexion SSH pour valider la clé.
if [ "$?" -ne 0 ]; then # Si l'utilisateur tarde trop, la connexion sera refusée... ???
ssh $ARG_SSH $LXC_NAME1 "exit 0" # Initie une premier connexion SSH pour valider la clé.
fi
# Fix ssh common issues with stretch "No supported key exchange algorithms"
sudo lxc-attach -n $LXC_NAME -- dpkg-reconfigure openssh-server >> "$LOG_BUILD_LXC" 2>&1
# Fix locales issue
sudo lxc-attach -n $LXC_NAME -- locale-gen en_US.UTF-8 >> "$LOG_BUILD_LXC" 2>&1
sudo lxc-attach -n $LXC_NAME -- localedef -i en_US -f UTF-8 en_US.UTF-8 >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Installation de Yunohost...\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo /bin/bash -c \"curl https://install.yunohost.org/$DIST | bash -s -- -a -d stable\"" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Post install Yunohost\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo systemctl start dbus.service" | tee -a "$LOG_BUILD_LXC" 2>&1
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --force-password" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Fix SSH access\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-attach -n $LXC_NAME1 -- sed -i "s/AllowGroups ssh.main sftp.main ssh.app sftp.app admins root/AllowGroups ssh.main sftp.main ssh.app sftp.app admins root ssh_demo/" /etc/ssh/sshd_config >> "$LOG_BUILD_LXC" 2>&1
sudo lxc-attach -n $LXC_NAME1 -- service sshd restart >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Disable password strength\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost settings set security.password.user.strength -v -1" | tee -a "$LOG_BUILD_LXC"
USER_DEMO_CLEAN=${USER_DEMO//"_"/""}
echo -e "\e[1m> Ajout de l'utilisateur de demo\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost user create \"$USER_DEMO\" --firstname \"$USER_DEMO_CLEAN\" --lastname \"$USER_DEMO_CLEAN\" --domain \"$DOMAIN\" --password \"$PASSWORD_DEMO\""
echo -e "\e[1m\n> Vérification de l'état de Yunohost\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost -v" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="\e[1m\n> Vérification de l'état de Yunohost\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost -v" | tee -a "$LOG_BUILD_LXC" 2>&1
# ********
echo -e "\e[1m>> Modification de Yunohost pour la demo\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[1m>> Modification de Yunohost pour la demo\e[0m" | tee -a "$LOG_BUILD_LXC"
if [ ! -z "$PACKAGE_CHECK_EXEC" ]
then
# App officielles
echo -e "\e[1m> Installation des applications officielles\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[1m> Installation des applications officielles\e[0m" | tee -a "$LOG_BUILD_LXC"
# Ampache
echo -e "\e[36mInstallation de Ampache\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install ampache --force --args \"domain=$DOMAIN&path=/ampache&admin=$USER_DEMO&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de Ampache\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install ampache --force --args \"domain=$domain&path=/ampache&admin=$demo_user&is_public=1&\"" | tee -a "$LOG_BUILD_LXC"
# Baikal
echo -e "\e[36mInstallation de baikal\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install baikal --force --args \"domain=$DOMAIN&path=/baikal&password=$PASSWORD_DEMO\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de baikal\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install baikal --force --args \"domain=$domain&path=/baikal&password=$demo_password&\"" | tee -a "$LOG_BUILD_LXC"
# Agendav
echo -e "\e[36mInstallation d'agendav\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install agendav --force --args \"domain=$DOMAIN&path=/agendav&language=en\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation d'agendav\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install agendav --force --args \"domain=$domain&path=/agendav&language=en&\"" | tee -a "$LOG_BUILD_LXC"
# Dokuwiki
echo -e "\e[36mInstallation de dokuwiki\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install dokuwiki --force --args \"domain=$DOMAIN&path=/dokuwiki&admin=$USER_DEMO&is_public=1&language=en\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de dokuwiki\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install dokuwiki --force --args \"domain=$domain&path=/dokuwiki&admin=$demo_user&is_public=1&language=en&\"" | tee -a "$LOG_BUILD_LXC"
# Etherpad
echo -e "\e[36mInstallation de etherpad\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install etherpad_mypads --force --args \"domain=$DOMAIN&path=/etherpad&admin=$USER_DEMO&password=administration&language=en&is_public=1&export=none&mypads=1&useldap=0\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de etherpad\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install etherpad_mypads --force --args \"domain=$domain&path=/etherpad&admin=$demo_user&password=administration&language=en&is_public=1&export=none&mypads=1&useldap=0&\"" | tee -a "$LOG_BUILD_LXC"
# Hextris
echo -e "\e[36mInstallation de hextris\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install hextris --force --args \"domain=$DOMAIN&path=/hextris&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de hextris\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install hextris --force --args \"domain=$domain&path=/hextris&is_public=1&\"" | tee -a "$LOG_BUILD_LXC"
# Jirafeau
echo -e "\e[36mInstallation de jirafeau\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install jirafeau --force --args \"domain=$DOMAIN&path=/jirafeau&admin_user=$USER_DEMO&upload_password=$PASSWORD_DEMO&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de jirafeau\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install jirafeau --force --args \"domain=$domain&path=/jirafeau&admin_user=$demo_user&upload_password=$demo_password&is_public=1&\"" | tee -a "$LOG_BUILD_LXC"
# Kanboard
echo -e "\e[36mInstallation de kanboard\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install kanboard --force --args \"domain=$DOMAIN&path=/kanboard&admin=$USER_DEMO&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de kanboard\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install kanboard --force --args \"domain=$domain&path=/kanboard&admin=$demo_user&is_public=1&\"" | tee -a "$LOG_BUILD_LXC"
# Nextcloud
echo -e "\e[36mInstallation de nextcloud\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install nextcloud --force --args \"domain=$DOMAIN&path=/nextcloud&admin=$USER_DEMO&user_home=0&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de nextcloud\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install nextcloud --force --args \"domain=$domain&path=/nextcloud&admin=$demo_user&user_home=0&is_public=1&\"" | tee -a "$LOG_BUILD_LXC"
# Opensondage
echo -e "\e[36mInstallation de opensondage\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install opensondage --force --args \"domain=$DOMAIN&path=/date&admin=$USER_DEMO&language=en&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de opensondage\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install opensondage --force --args \"domain=$domain&path=/date&admin=$demo_user&language=en&is_public=1&\"" | tee -a "$LOG_BUILD_LXC"
# Phpmyadmin
echo -e "\e[36mInstallation de phpmyadmin\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install phpmyadmin --force --args \"domain=$DOMAIN&path=/phpmyadmin&admin=$USER_DEMO\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de phpmyadmin\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install phpmyadmin --force --args \"domain=$domain&path=/phpmyadmin&admin=$demo_user&\"" | tee -a "$LOG_BUILD_LXC"
# Piwigo
echo -e "\e[36mInstallation de piwigo\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install piwigo --force --args \"domain=$DOMAIN&path=/piwigo&admin=$USER_DEMO&is_public=1&language=en\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de piwigo\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install piwigo --force --args \"domain=$domain&path=/piwigo&admin=$demo_user&is_public=1&language=en&\"" | tee -a "$LOG_BUILD_LXC"
# Rainloop
echo -e "\e[36mInstallation de rainloop\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install rainloop --force --args \"domain=$DOMAIN&path=/rainloop&is_public=No&password=$PASSWORD_DEMO&ldap=Yes&language=en\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de rainloop\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install rainloop --force --args \"domain=$domain&path=/rainloop&is_public=No&password=$demo_password&ldap=Yes&language=en&\"" | tee -a "$LOG_BUILD_LXC"
# Roundcube
echo -e "\e[36mInstallation de roundcube\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install roundcube --force --args \"domain=$DOMAIN&path=/webmail&with_carddav=0&with_enigma=0&language=en_GB\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de roundcube\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install roundcube --force --args \"domain=$domain&path=/webmail&with_carddav=0&with_enigma=0&language=en_GB&\"" | tee -a "$LOG_BUILD_LXC"
# Searx
echo -e "\e[36mInstallation de searx\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install searx --force --args \"domain=$DOMAIN&path=/searx&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de searx\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install searx --force --args \"domain=$domain&path=/searx&is_public=1&\"" | tee -a "$LOG_BUILD_LXC"
# Shellinabox
echo -e "\e[36mInstallation de shellinabox\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install shellinabox --force --args \"domain=$DOMAIN&path=/ssh\"" | tee -a "$LOG_BUILD_LXC"
# Strut
echo -e "\e[36mInstallation de strut\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install strut --force --args \"domain=$DOMAIN&path=/strut&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
# Transmission
echo -e "\e[36mInstallation de transmission\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install transmission --force --args \"domain=$DOMAIN&path=/torrent\"" | tee -a "$LOG_BUILD_LXC"
# Ttrss
echo -e "\e[36mInstallation de ttrss\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install ttrss --force --args \"domain=$DOMAIN&path=/ttrss&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
# Wallabag
echo -e "\e[36mInstallation de wallabag\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install wallabag2 --force --args \"domain=$DOMAIN&path=/wallabag&admin=$USER_DEMO\"" | tee -a "$LOG_BUILD_LXC"
# Wordpress
echo -e "\e[36mInstallation de wordpress\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install wordpress --force --args \"domain=$DOMAIN&path=/blog&admin=$USER_DEMO&language=en_US&multisite=0&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
# Zerobin
echo -e "\e[36mInstallation de zerobin\e[0m" | tee -a "$LOG_BUILD_LXC"
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app install zerobin --force --args \"domain=$DOMAIN&path=/zerobin&is_public=1\"" | tee -a "$LOG_BUILD_LXC"
ynh_print_info --message="\e[36mInstallation de shellinabox\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install shellinabox --force --args \"domain=$domain&path=/ssh&\"" | tee -a "$LOG_BUILD_LXC"
# Désactive l'accès à shellinabox
sudo rm "/var/lib/lxc/$LXC_NAME1/rootfs/etc/nginx/conf.d/$DOMAIN.d/shellinabox.conf" # Supprime le fichier de conf nginx de shellinabox pour empêcher d'y accéder.
ssh $ARG_SSH $LXC_NAME1 "sudo yunohost app setting shellinabox path -d && sudo yunohost app setting shellinabox domain -d && sudo yunohost app ssowatconf" | tee -a "$LOG_BUILD_LXC"
# Indique le couple login/mot de passe demo/demo
# Et ajoute demo/demo par défaut dans les champs d'identification
sed -i "3i\<center>Login: $USER_DEMO / Password: $PASSWORD_DEMO</center>" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/ssowat/portal/login.html # Sur le login du portail
sed -i "s/id=\"user\" type=\"text\" name=\"user\"/id=\"user\" type=\"text\" name=\"user\" value=\"$USER_DEMO\"/" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/ssowat/portal/login.html
sed -i "s/id=\"password\" type=\"password\" name=\"password\"/id=\"password\" type=\"password\" name=\"password\" value=\"$PASSWORD_DEMO\"/" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/ssowat/portal/login.html
#sed -i "17i\&emsp;&emsp;&emsp;Password: $YUNO_PWD" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/login.ms # Et sur le login admin
#sed -i "s/type=\"password\" id=\"password\" name=\"password\"/type=\"password\" id=\"password\" name=\"password\" value=\"$YUNO_PWD\"/" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/login.ms
# Désactive l'installation d'app custom
sed -i "s@<a role=\"button\" class=\"btn btn-success slide\">{{t 'install'}}</a>@<a role=\"\" class=\"btn btn-success slide\">{{t 'install'}}</a>@g" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/app/app_catalog_category.ms
# Désactive l'ajout de domaine, pour éviter surtout les nohost
sed -i "s@<input type=\"submit\" role=\"button\" class=\"btn btn-success slide back\" value=\"{{t 'add'}}\">@<input type=\"\" role=\"\" class=\"btn btn-success slide back\" value=\"{{t 'add'}}\">@g" /var/lib/lxc/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/domain/domain_add.ms
ynh_lxc_run_inside --name="$lxc_name1" --command="rm /etc/nginx/conf.d/$domain.d/shellinabox.conf"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app setting shellinabox path -d"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app setting shellinabox domain -d"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app ssowatconf"
# Strut
ynh_print_info --message="\e[36mInstallation de strut\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install strut --force --args \"domain=$domain&path=/strut&is_public=1&\"" | tee -a "$LOG_BUILD_LXC"
# Transmission
ynh_print_info --message="\e[36mInstallation de transmission\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install transmission --force --args \"domain=$domain&path=/torrent&\"" | tee -a "$LOG_BUILD_LXC"
# Ttrss
ynh_print_info --message="\e[36mInstallation de ttrss\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install ttrss --force --args \"domain=$domain&path=/ttrss&is_public=1&\"" | tee -a "$LOG_BUILD_LXC"
# Wallabag
ynh_print_info --message="\e[36mInstallation de wallabag\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install wallabag2 --force --args \"domain=$domain&path=/wallabag&admin=$demo_user&\"" | tee -a "$LOG_BUILD_LXC"
# Wordpress
ynh_print_info --message="\e[36mInstallation de wordpress\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install wordpress --force --args \"domain=$domain&path=/blog&admin=$demo_user&language=en_US&multisite=0&is_public=1&\"" | tee -a "$LOG_BUILD_LXC"
# Zerobin
ynh_print_info --message="\e[36mInstallation de zerobin\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost app install zerobin --force --args \"domain=$domain&path=/zerobin&is_public=1&\"" | tee -a "$LOG_BUILD_LXC"
fi
# ********
echo -e "\e[1m> Arrêt de la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-stop -n $LXC_NAME1 >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="\e[1m> Création d'un snapshot\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_create_snapshot --name="$lxc_name1" --snapname="snap0"
echo -e "\e[1m> Suppression des règles de parefeu\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1
sudo iptables -D FORWARD -i eth0 -o lxc_demo -j ACCEPT >> "$LOG_BUILD_LXC" 2>&1
sudo iptables -t nat -D POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE >> "$LOG_BUILD_LXC" 2>&1
sudo ifdown --force lxc_demo >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="\e[1m> Mise à jour de la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_stop --name="$lxc_name1" | tee -a "$LOG_BUILD_LXC" 2>&1
ynh_lxc_upgrade_demo --name=$lxc_name1 --time_to_switch=$time_to_switch
echo -e "\e[1m> Création d'un snapshot\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-snapshot -n $LXC_NAME1 >> "$LOG_BUILD_LXC" 2>&1
# Il sera nommé snap0 et stocké dans /var/lib/lxcsnaps/$LXC_NAME1/snap0/
ynh_print_info --message="\e[1m> Clone la machine\e[0m" | tee -a "$LOG_BUILD_LXC"
lxc copy "$lxc_name1" "$lxc_name2" | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Clone la machine\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-copy --name=$LXC_NAME1 --newname=$LXC_NAME2 >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="\e[1m> Création d'un snapshot\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_lxc_create_snapshot --name="$lxc_name2" --snapname="snap0"
echo -e "\e[1m> Modification de l'ip du clone\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo sed -i "s@address $IP_LXC1@address $IP_LXC2@" /var/lib/lxc/$LXC_NAME2/rootfs/etc/network/interfaces >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Et le nom du veth\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo sed -i "s@^lxc.net.0.veth.pair = $LXC_NAME1@lxc.net.0.veth.pair = $LXC_NAME2@" /var/lib/lxc/$LXC_NAME2/config >> "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Et enfin renseigne /etc/hosts sur le clone\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo sed -i "s@^127.0.0.1 $LXC_NAME1@127.0.0.1 $LXC_NAME2@" /var/lib/lxc/$LXC_NAME2/rootfs/etc/hosts >> "$LOG_BUILD_LXC" 2>&1
ynh_print_info --message="\e[1m> Mise en place du cron de switch\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_add_config --template="$final_path/conf/cron_demo_switch" --destination="/etc/cron.d/demo_switch"
echo -e "\e[1m> Mise en place du cron de switch\e[0m"
echo | sudo tee /etc/cron.d/demo_switch <<EOF > /dev/null
# Switch des conteneurs toutes les $TIME_TO_SWITCH minutes
*/$TIME_TO_SWITCH * * * * root $script_dir/demo_switch.sh >> "$script_dir/demo_switch.log" 2>&1
EOF
echo -e "\e[1m> Et du cron d'upgrade\e[0m"
echo | sudo tee /etc/cron.d/demo_upgrade <<EOF > /dev/null
# Vérifie les mises à jour des conteneurs de demo, lorsqu'ils ne sont pas utilisés, à partir de 3h2minutes chaque nuit. Attention à rester sur un multiple du temps de switch.
2 3 * * * root $script_dir/demo_upgrade.sh >> "$script_dir/demo_upgrade.log" 2>&1
EOF
ynh_print_info --message="\e[1m> Et du cron d'upgrade\e[0m" | tee -a "$LOG_BUILD_LXC"
ynh_add_config --template="$final_path/conf/cron_demo_upgrade" --destination="/etc/cron.d/demo_upgrade"
echo -e "\e[1m> Démarrage de la démo\e[0m"
"$script_dir/demo_start.sh"
ynh_print_info --message="e[1m> Mise en place du service" | tee -a "$LOG_BUILD_LXC"
#ynh_add_systemd_config --template="$final_path/conf/systemd.service"
ynh_add_systemd_config
# echo "> Mise en place du service"
echo | sudo tee /etc/systemd/system/lxc_demo.service <<EOF > /dev/null
[Unit]
Description=Start and stop script for lxc demo container
Requires=network.target
After=network.target
ynh_print_info --message="e[1m> Integrating service in YunoHost..." | tee -a "$LOG_BUILD_LXC"
yunohost service add $app --log="/var/log/$app/$app.log"
[Service]
Type=forking
ExecStart=$script_dir/demo_start.sh
RemainAfterExit=true
ExecStop=$script_dir/demo_stop.sh
ExecReload=$script_dir/demo_start.sh
[Install]
WantedBy=multi-user.target
EOF
# Démarrage automatique du service
sudo systemctl enable lxc_demo.service
sudo service lxc_demo start
# Après le démarrage du premier conteneur, fait un snapshot du deuxième.
echo -e "\e[1m> Création d'un snapshot pour le 2e conteneur\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo lxc-snapshot -n $LXC_NAME2 >> "$LOG_BUILD_LXC" 2>&1
# Il sera nommé snap0 et stocké dans /var/lib/lxcsnaps/$LXC_NAME2/snap0/
ynh_print_info --message="e[1m> Starting a systemd service..." | tee -a "$LOG_BUILD_LXC"
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"

82
demo_lxc_build_init.sh
View file

@ -7,11 +7,11 @@ if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(
LOG=$(cat "$script_dir/demo_lxc_build.sh" | grep LOG= | cut -d '=' -f2)
LOG_BUILD_LXC="$script_dir/$LOG"
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2)
PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2)
IP_LXC1=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC1= | cut -d '=' -f2)
IP_LXC2=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC2= | cut -d '=' -f2)
lxc_name1=$(cat "$script_dir/demo_lxc_build.sh" | grep lxc_name1= | cut -d '=' -f2)
lxc_name2=$(cat "$script_dir/demo_lxc_build.sh" | grep lxc_name2= | cut -d '=' -f2)
lxdbr_demo_network=$(cat "$script_dir/demo_lxc_build.sh" | grep lxdbr_demo_network= | cut -d '=' -f2)
lxc_ip1=$(cat "$script_dir/demo_lxc_build.sh" | grep lxc_ip1= | cut -d '=' -f2)
lxc_ip2=$(cat "$script_dir/demo_lxc_build.sh" | grep lxc_ip2= | cut -d '=' -f2)
MAIL_ADDR=$(cat "$script_dir/demo_lxc_build.sh" | grep MAIL_ADDR= | cut -d '=' -f2)
# Check user
@ -24,52 +24,52 @@ echo "$DOMAIN" > "$script_dir/domain.ini"
sudo mkdir -p $(dirname $LOG_BUILD_LXC)
echo -e "\e[1m> Update et install lxc, lxctl et mailutils\e[0m" | tee "$LOG_BUILD_LXC"
sudo apt-get update >> "$LOG_BUILD_LXC" 2>&1
sudo apt-get install -y lxc lxctl mailutils certbot >> "$LOG_BUILD_LXC" 2>&1
sudo apt-get update | tee -a "$LOG_BUILD_LXC" 2>&1
sudo apt-get install -y lxc lxctl mailutils certbot | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Autoriser l'ip forwarding, pour router vers la machine virtuelle.\e[0m" | tee -a "$LOG_BUILD_LXC"
echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/lxc_demo.conf >> "$LOG_BUILD_LXC" 2>&1
sudo sysctl -p /etc/sysctl.d/lxc_demo.conf >> "$LOG_BUILD_LXC" 2>&1
echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/lxc_demo.conf | tee -a "$LOG_BUILD_LXC" 2>&1
sudo sysctl -p /etc/sysctl.d/lxc_demo.conf | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Ajoute un brige réseau pour la machine virtualisée\e[0m" | tee -a "$LOG_BUILD_LXC"
echo | sudo tee /etc/network/interfaces.d/lxc_demo <<EOF >> "$LOG_BUILD_LXC" 2>&1
echo | sudo tee /etc/network/interfaces.d/lxc_demo <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
auto lxc_demo
iface lxc_demo inet static
address $PLAGE_IP.1/24
bridge_ports none
bridge_fd 0
bridge_maxwait 0
address $lxdbr_demo_network.1/24
bridge_ports none
bridge_fd 0
bridge_maxwait 0
EOF
echo -e "\e[1m> Active le bridge réseau\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo >> "$LOG_BUILD_LXC" 2>&1
sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo | tee -a "$LOG_BUILD_LXC" 2>&1
echo -e "\e[1m> Mise en place de la connexion ssh vers l'invité.\e[0m" | tee -a "$LOG_BUILD_LXC"
if [ -e $HOME/.ssh/$LXC_NAME1 ]; then
rm -f $HOME/.ssh/$LXC_NAME1 $HOME/.ssh/$LXC_NAME1.pub
ssh-keygen -f $HOME/.ssh/known_hosts -R $IP_LXC1
ssh-keygen -f $HOME/.ssh/known_hosts -R $IP_LXC2
if [ -e $HOME/.ssh/$lxc_name1 ]; then
rm -f $HOME/.ssh/$lxc_name1 $HOME/.ssh/$lxc_name1.pub
ssh-keygen -f $HOME/.ssh/known_hosts -R $lxdbr_demo_network$lxc_ip1
ssh-keygen -f $HOME/.ssh/known_hosts -R $lxdbr_demo_network$lxc_ip2
fi
ssh-keygen -t rsa -f $HOME/.ssh/$LXC_NAME1 -P '' >> "$LOG_BUILD_LXC" 2>&1
ssh-keygen -t rsa -f $HOME/.ssh/$lxc_name1 -P '' | tee -a "$LOG_BUILD_LXC" 2>&1
echo | tee -a $HOME/.ssh/config <<EOF >> "$LOG_BUILD_LXC" 2>&1
# ssh $LXC_NAME1
Host $LXC_NAME1
Hostname $IP_LXC1
echo | tee -a $HOME/.ssh/config <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
# ssh $lxc_name1
Host $lxc_name1
Hostname $lxdbr_demo_network$lxc_ip1
User ssh_demo
IdentityFile $HOME/.ssh/$LXC_NAME1
Host $LXC_NAME2
Hostname $IP_LXC2
IdentityFile $HOME/.ssh/$lxc_name1
Host $lxc_name2
Hostname $lxdbr_demo_network$lxc_ip2
User ssh_demo
IdentityFile $HOME/.ssh/$LXC_NAME1
# End ssh $LXC_NAME1
IdentityFile $HOME/.ssh/$lxc_name1
# End ssh $lxc_name1
EOF
echo -e "\e[1m> Mise en place du reverse proxy et du load balancing\e[0m" | tee -a "$LOG_BUILD_LXC"
echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <<EOF >> "$LOG_BUILD_LXC" 2>&1
echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
#upstream $DOMAIN {
# server $IP_LXC1:443 ;
# server $IP_LXC2:443 ;
# server $lxdbr_demo_network$lxc_ip1:443 ;
# server $lxdbr_demo_network$lxc_ip2:443 ;
#}
server {
@ -79,7 +79,7 @@ server {
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /tmp/letsencrypt-auto;
root /tmp/letsencrypt-auto;
}
access_log /var/log/nginx/$DOMAIN-access.log;
@ -93,7 +93,7 @@ echo -e "\e[1m> Création du certificat SSL.\e[0m" | tee -a "$LOG_BUILD_LXC"
sudo mkdir -p /etc/letsencrypt
# Créer le fichier de config
echo | sudo tee /etc/letsencrypt/conf.ini <<EOF >> "$LOG_BUILD_LXC" 2>&1
echo | sudo tee /etc/letsencrypt/conf.ini <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
#################################
# Let's encrypt configuration #
#################################
@ -125,15 +125,15 @@ mkdir -p /tmp/letsencrypt-auto
sudo certbot certonly --config /etc/letsencrypt/conf.ini -d $DOMAIN --no-eff-email
# Route l'upstream sur le port 443. Le port 80 servait uniquement à let's encrypt
# sudo sed -i "s/server $IP_LXC1:80 ;/server $IP_LXC1:443 ;/" /etc/nginx/conf.d/$DOMAIN.conf
# sudo sed -i "s/server $lxdbr_demo_network$lxc_ip1:80 ;/server $lxdbr_demo_network$lxc_ip1:443 ;/" /etc/nginx/conf.d/$DOMAIN.conf
# Décommente les lignes du certificat
# sudo sed -i "s/#\tssl_certificate/\tssl_certificate/g" /etc/nginx/conf.d/$DOMAIN.conf
# Supprime les commentaires dans la conf nginx
echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <<EOF >> "$LOG_BUILD_LXC" 2>&1
echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <<EOF | tee -a "$LOG_BUILD_LXC" 2>&1
#upstream $DOMAIN {
# server $IP_LXC1:443 ;
# server $IP_LXC2:443 ;
# server $lxdbr_demo_network$lxc_ip1:443 ;
# server $lxdbr_demo_network$lxc_ip2:443 ;
#}
server {
@ -143,7 +143,7 @@ server {
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /tmp/letsencrypt-auto;
root /tmp/letsencrypt-auto;
}
access_log /var/log/nginx/$DOMAIN-access.log;
@ -165,8 +165,8 @@ server {
add_header Strict-Transport-Security "max-age=31536000;";
location / {
proxy_pass https://$DOMAIN;
proxy_redirect off;
proxy_pass https://$DOMAIN;
proxy_redirect off;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-Proto \$scheme;

60
demo_lxc_destroy.sh
View file

@ -6,36 +6,34 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2)
IP_LXC1=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC1= | cut -d '=' -f2)
IP_LXC2=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC2= | cut -d '=' -f2)
source $script_dir/ynh_lxd
source /usr/share/yunohost/helpers
# Check user
if [ "$USER" != "$(cat "$script_dir/setup_user")" ]; then
echo -e "\e[91mCe script doit être exécuté avec l'utilisateur $(cat "$script_dir/setup_user")"
echo -en "\e[0m"
exit 0
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2)
lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network)
lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1)
lxc_ip2=$(ynh_app_setting_get --app=$app --key=lxc_ip2)
/bin/bash "$final_path/demo_stop.sh" -f
ynh_print_info --message="\e[1m> Suppression des conteneurs et de leur snapshots\e[0m"
ynh_secure_remove --file="/var/lib/lxd/snapshots/$lxc_name1/snap0.tar.gz"
ynh_lxc_delete --name=$lxc_name1
ynh_secure_remove --file="/var/lib/lxd/snapshots/$lxc_name2/snap0.tar.gz"
ynh_lxc_delete --name=$lxc_name2
ynh_print_info --message="\e[1m> Suppression des crons\e[0m"
ynh_secure_remove --file=/etc/cron.d/demo_switch
ynh_secure_remove --file=/etc/cron.d/demo_upgrade
ynh_print_info --message="\e[1m> Suppression du service\e[0m"
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_print_info --message="Removing $app service integration..."
yunohost service remove $app
fi
"$script_dir/demo_stop.sh"
echo -e "\e[1m> Suppression des conteneurs et de leur snapshots\e[0m"
sudo lxc-snapshot -n $LXC_NAME1 -d snap0
sudo rm -f /var/lib/lxcsnaps/$LXC_NAME1/snap0.tar.gz
sudo lxc-destroy -n $LXC_NAME1 -f
sudo lxc-snapshot -n $LXC_NAME2 -d snap0
sudo rm -f /var/lib/lxcsnaps/$LXC_NAME2/snap0.tar.gz
sudo lxc-destroy -n $LXC_NAME2 -f
echo -e "\e[1m> Suppression des crons\e[0m"
sudo rm /etc/cron.d/demo_switch
sudo rm /etc/cron.d/demo_upgrade
echo -e "\e[1m> Suppression des clés ECDSA dans known_hosts\e[0m"
ssh-keygen -f "$HOME/.ssh/known_hosts" -R $IP_LXC1
ssh-keygen -f "$HOME/.ssh/known_hosts" -R $IP_LXC2
echo -e "\e[1m> Suppression du service\e[0m"
sudo systemctl disable lxc_demo.service
sudo rm -f /etc/systemd/system/lxc_demo.service
ynh_print_info --message="Stopping and removing the systemd service..."
ynh_remove_systemd_config

32
demo_lxc_remove.sh
View file

@ -6,33 +6,15 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
DOMAIN=$(cat "$script_dir/domain.ini")
source $script_dir/ynh_lxd
source /usr/share/yunohost/helpers
# Check user
if [ "$USER" != "$(cat "$script_dir/setup_user")" ]; then
echo -e "\e[91mCe script doit être exécuté avec l'utilisateur $(cat "$script_dir/setup_user")"
echo -en "\e[0m"
exit 0
fi
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
path_url=$(ynh_app_setting_get --app=$app --key=path)
"$script_dir/demo_lxc_destroy.sh"
echo -e "\e[1m> Retire l'ip forwarding.\e[0m"
sudo rm /etc/sysctl.d/lxc_demo.conf
sudo sysctl -p
echo -e "\e[1m> Supprime le brige réseau\e[0m"
sudo rm /etc/network/interfaces.d/lxc_demo
echo -e "\e[1m> Remove lxc lxctl\e[0m"
sudo apt-get remove lxc lxctl
echo -e "\e[1m> Suppression de la clé SSH\e[0m"
rm -f $HOME/.ssh/$LXC_NAME1 $HOME/.ssh/$LXC_NAME1.pub
echo -e "\e[1m> Et de sa config spécifique dans $HOME/.ssh/config\e[0m"
BEGIN_LINE=$(cat $HOME/.ssh/config | grep -n "^# ssh $LXC_NAME1" | cut -d':' -f 1)
sed -i "$BEGIN_LINE,/^# End ssh $LXC_NAME1/d" $HOME/.ssh/config
/bin/bash "$final_path/demo_lxc_destroy.sh"
# Suppression du reverse proxy
echo -e "\e[1m> Suppression de la config nginx\e[0m"

171
demo_restore_crash.sh
View file

@ -5,185 +5,90 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2)
IP_LXC1=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC1= | cut -d '=' -f2)
IP_LXC2=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC2= | cut -d '=' -f2)
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2)
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
STOP_CONTAINER () {
MACHINE=$1
if [ $(sudo lxc-info --name $MACHINE | grep -c "STOPPED") -eq 0 ]; then
echo "Arrêt du conteneur $MACHINE"
sudo lxc-stop -n $MACHINE
fi
}
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network)
lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1)
lxc_ip2=$(ynh_app_setting_get --app=$app --key=lxc_ip2)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2)
CHECK_CONTAINER () {
MACHINE=$1
echo "Test du conteneur $MACHINE"
sudo lxc-start -n $MACHINE -d > /dev/null 2>&1 # Démarre le conteneur
sudo lxc-wait -n $MACHINE -s 'RUNNING' -t 20 # Attend pendant 20s maximum que le conteneur démarre
# sudo lxc-ls -f
if [ $(sudo lxc-info --name $MACHINE | grep -c "RUNNING") -ne 1 ]; then
return 1 # Renvoi 1 si le démarrage du conteneur a échoué
else
STOP_CONTAINER $MACHINE
return 0 # Renvoi 0 si le démarrage du conteneur a réussi
fi
}
ynh_print_info --message="Désactive le cron switch."
sed -i "s/.*demo_switch.sh/#&/" /etc/cron.d/demo_switch # Le cron est commenté durant l'opération de maintenance.
RESTORE_SNAPSHOT () {
MACHINE=$1
echo -e "\e[1m> Restauration du snapshot du conteneur $MACHINE\e[0m"
sudo lxc-snapshot -r snap0 -n $MACHINE
CHECK_CONTAINER $MACHINE
STATUS=$?
if [ $STATUS -eq 1 ]; then
echo -e "\e[91m> Conteneur $MACHINE en défaut.\e[0m"
return 1
else
echo -e "\e[92m> Conteneur $MACHINE en état de marche.\e[0m"
return 0
fi
}
ynh_print_info --message="Suppression des lock et arrêt forcé des conteneurs."
ynh_secure_remove --file="/var/lib/lxd/$lxc_name1.lock_fileS"
ynh_secure_remove --file="/var/lib/lxd/$lxc_name2.lock_fileS"
ynh_secure_remove --file="/var/lib/lxd/$lxc_name1.lock_fileU"
ynh_secure_remove --file="/var/lib/lxd/$lxc_name2.lock_fileU"
RESTORE_ARCHIVE_SNAPSHOT () {
MACHINE=$1
if ! test -e "/var/lib/lxcsnaps/$MACHINE/snap1.tar.gz"; then
echo "Aucune archive de snapshot pour le conteneur $MACHINE"
return 1
fi
echo -e "\e[1m> Restauration du snapshot archivé pour le conteneur $MACHINE\e[0m"
echo "Suppression du snapshot"
sudo lxc-snapshot -n $MACHINE -d snap0
echo "Décompression de l'archive"
sudo tar -x --acls --xattrs -f /var/lib/lxcsnaps/$MACHINE/snap0.tar.gz -C /
RESTORE_SNAPSHOT $MACHINE
return $?
}
CLONE_CONTAINER () {
MACHINE_SOURCE=$1
MACHINE_CIBLE=$2
IP_SOURCE=$3
IP_CIBLE=$4
echo "Suppression du conteneur $MACHINE_CIBLE"
sudo lxc-snapshot -n $MACHINE_CIBLE -d snap0
sudo rm -f /var/lib/lxcsnaps/$MACHINE_CIBLE/snap0.tar.gz
sudo lxc-destroy -n $MACHINE_CIBLE -f
echo -e "\e[1m> Clone le conteneur $MACHINE_SOURCE sur $MACHINE_CIBLE\e[0m"
sudo lxc-copy --name=$MACHINE_SOURCE --newname=$MACHINE_CIBLE
echo "Modification de l'ip du clone,"
sudo sed -i "s@address $IP_SOURCE@address $IP_CIBLE@" /var/lib/lxc/$MACHINE_CIBLE/rootfs/etc/network/interfaces
echo "du nom du veth"
sudo sed -i "s@$MACHINE_SOURCE@$MACHINE_CIBLE@g" /var/lib/lxc/$MACHINE_CIBLE/config
echo "Et enfin renseigne /etc/hosts sur le clone"
sudo sed -i "s@^127.0.0.1 $MACHINE_SOURCE@127.0.0.1 $MACHINE_CIBLE@" /var/lib/lxc/$MACHINE_CIBLE/rootfs/etc/hosts
CHECK_CONTAINER $MACHINE_CIBLE
STATUS=$?
if [ $STATUS -eq 1 ]; then
echo -e "\e[91m> Conteneur $MACHINE_CIBLE en défaut.\e[0m"
else
echo -e "\e[92m> Conteneur $MACHINE_CIBLE en état de marche.\e[0m"
echo "Création d'un nouveau snapshot pour le conteneur $MACHINE_CIBLE"
sudo lxc-snapshot -n $MACHINE_CIBLE
fi
return $STATUS
}
echo "Désactive le cron switch."
sudo sed -i "s/.*demo_switch.sh/#&/" /etc/cron.d/demo_switch # Le cron est commenté durant l'opération de maintenance.
echo "Suppression des lock et arrêt forcé des conteneurs."
sudo rm -f /var/lib/lxc/$LXC_NAME1.lock_fileS
sudo rm -f /var/lib/lxc/$LXC_NAME2.lock_fileS
sudo rm -f /var/lib/lxc/$LXC_NAME1.lock_fileU
sudo rm -f /var/lib/lxc/$LXC_NAME2.lock_fileU
STOP_CONTAINER $LXC_NAME1
STOP_CONTAINER $LXC_NAME2
echo "Initialisation du réseau pour le conteneur."
if ! sudo ifquery lxc_demo --state > /dev/null; then
sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo
fi
# Activation des règles iptables
echo "Configure le parefeu"
if ! sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT 2> /dev/null; then
sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT
fi
if ! sudo iptables -C FORWARD -i eth0 -o lxc_demo -j ACCEPT 2> /dev/null; then
sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT
fi
if ! sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null; then
sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE
fi
ynh_lxc_stop_as_demo --name="$lxc_name1"
ynh_lxc_stop_as_demo --name="$lxc_name2"
# Vérifie l'état des conteneurs.
CHECK_CONTAINER $LXC_NAME1
ynh_lxc_check_container_start --name=$lxc_name1
LXC1_STATUS=$?
CHECK_CONTAINER $LXC_NAME2
ynh_lxc_check_container_start --name=$lxc_name2
LXC2_STATUS=$?
if [ $LXC1_STATUS -eq 1 ]; then
echo -e "\e[91m> Conteneur $LXC_NAME1 en défaut.\e[0m"
ynh_print_info --message="\e[91m> Conteneur $lxc_name1 en défaut.\e[0m"
else
echo -e "\e[92m> Conteneur $LXC_NAME1 en état de marche.\e[0m"
ynh_print_info --message="\e[92m> Conteneur $lxc_name1 en état de marche.\e[0m"
fi
if [ $LXC2_STATUS -eq 1 ]; then
echo -e "\e[91m> Conteneur $LXC_NAME2 en défaut.\e[0m"
ynh_print_info --message="\e[91m> Conteneur $lxc_name2 en défaut.\e[0m"
else
echo -e "\e[92m> Conteneur $LXC_NAME2 en état de marche.\e[0m"
ynh_print_info --message="\e[92m> Conteneur $lxc_name2 en état de marche.\e[0m"
fi
# Restauration des snapshots
if [ $LXC1_STATUS -eq 1 ]; then
RESTORE_SNAPSHOT $LXC_NAME1
ynh_lxc_restore_from_snapshot --name=$lxc_name1
LXC1_STATUS=$?
fi
if [ $LXC2_STATUS -eq 1 ]; then
RESTORE_SNAPSHOT $LXC_NAME2
ynh_lxc_restore_from_snapshot --name=$lxc_name2
LXC2_STATUS=$?
fi
# Restauration des archives des snapshots
if [ $LXC1_STATUS -eq 1 ]; then
RESTORE_ARCHIVE_SNAPSHOT $LXC_NAME1
ynh_lxc_restore_from_archive --name=$lxc_name1
LXC1_STATUS=$?
fi
if [ $LXC2_STATUS -eq 1 ]; then
RESTORE_ARCHIVE_SNAPSHOT $LXC_NAME2
ynh_lxc_restore_from_archive --name=$lxc_name2
LXC2_STATUS=$?
fi
# Si des erreurs persistent, tente de cloner depuis un conteneur sain
if [ $LXC1_STATUS -eq 1 ] && [ $LXC2_STATUS -eq 0 ] ; then
CLONE_CONTAINER $LXC_NAME2 $LXC_NAME1 $IP_LXC2 $IP_LXC1
ynh_lxc_clone --source=$lxc_name2 --destination=$lxc_name1
LXC1_STATUS=$?
fi
if [ $LXC2_STATUS -eq 1 ] && [ $LXC1_STATUS -eq 0 ]; then
CLONE_CONTAINER $LXC_NAME1 $LXC_NAME2 $IP_LXC1 $IP_LXC2
ynh_lxc_clone --source=$lxc_name1 --destination=$lxc_name2
LXC2_STATUS=$?
fi
# Résultats finaux
if [ $LXC1_STATUS -eq 1 ] || [ $LXC2_STATUS -eq 1 ]; then
if [ $LXC1_STATUS -eq 1 ]; then
echo -e "\e[91m\n> Le conteneur $LXC_NAME1 n'a pas pu être réparé...\e[0m"
ynh_print_info --message="\e[91m\n> Le conteneur $lxc_name1 n'a pas pu être réparé...\e[0m"
fi
if [ $LXC2_STATUS -eq 1 ]; then
echo -e "\e[91m\n> Le conteneur $LXC_NAME2 n'a pas pu être réparé...\e[0m"
ynh_print_info --message="\e[91m\n> Le conteneur $lxc_name2 n'a pas pu être réparé...\e[0m"
fi
else
echo -e "\e[92m\n> Les 2 conteneurs sont sains et fonctionnels.\e[0m"
ynh_print_info --message="\e[92m\n> Les 2 conteneurs sont sains et fonctionnels.\e[0m"
fi
echo "Réactive le cron switch."
sudo sed -i "s/#*\*/\*/" /etc/cron.d/demo_switch # Le cron est décommenté
echo "Restart la demo."
$script_dir/demo_start.sh
ynh_print_info --message="Réactive le cron switch."
sed -i "s/#*\*/\*/" /etc/cron.d/demo_switch # Le cron est décommenté
ynh_print_info --message="Restart la demo."
$final_path/demo_start.sh

41
demo_start.sh
View file

@ -1,38 +1,25 @@
#!/bin/bash
# Démarre le premier conteneur de demo et active la config réseau dédiée.
# Démarre le premier conteneur de demo
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2)
LXC_NAME=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
"$script_dir/demo_stop.sh" > /dev/null 2>&1
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network)
lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1)
echo "Initialisation du réseau pour le conteneur."
if ! sudo ifquery lxc_demo --state > /dev/null; then
sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo
fi
# Activation des règles iptables
echo "> Configure le parefeu"
if ! sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT 2> /dev/null; then
sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT
fi
if ! sudo iptables -C FORWARD -i eth0 -o lxc_demo -j ACCEPT 2> /dev/null; then
sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT
fi
if ! sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null; then
sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE
fi
/bin/bash "$final_path/demo_stop.sh" > /dev/null 2>&1
# Démarrage de la machine
echo "> Démarrage de la machine"
date >> "$script_dir/demo_boot.log"
echo "Starting $LXC_NAME" >> "$script_dir/demo_boot.log"
sudo lxc-start -n $LXC_NAME -o "$script_dir/demo_boot.log" -d
ynh_print_info --message="> Démarrage de la machine" | tee -a "$final_path/demo_boot.log"
date | tee -a "$final_path/demo_boot.log"
ynh_print_info --message="Starting $lxc_name1" | tee -a "$final_path/demo_boot.log"
ynh_lxc_start_as_demo --name=$lxc_name1 --ip="$lxdbr_demo_network$lxc_ip1" | tee -a "$final_path/demo_boot.log"
sleep 3
# Vérifie que la machine a démarré
sudo lxc-ls -f

61
demo_stop.sh
View file

@ -3,50 +3,39 @@
# Stoppe les conteneurs de demo et arrête la config réseau dédiée.
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(ynh_print_info --message=$PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2)
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2)
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2)
if [ "$#" -eq 1 ] && [ "$1" == "-f" ]
then
echo "> Suppression des lock et arrêt forcé des conteneurs."
sudo rm -f /var/lib/lxc/$LXC_NAME1.lock_fileS
sudo rm -f /var/lib/lxc/$LXC_NAME2.lock_fileS
sudo rm -f /var/lib/lxc/$LXC_NAME1.lock_fileU
sudo rm -f /var/lib/lxc/$LXC_NAME2.lock_fileU
ynh_print_info --message="> Suppression des lock et arrêt forcé des conteneurs."
ynh_secure_remove --file="/var/lib/lxd/$lxc_name1.lock_fileS"
ynh_secure_remove --file="/var/lib/lxd/$lxc_name2.lock_fileS"
ynh_secure_remove --file="/var/lib/lxd/$lxc_name1.lock_fileU"
ynh_secure_remove --file="/var/lib/lxd/$lxc_name2.lock_fileU"
else
echo "> Attend la libération des lock sur les conteneurs."
while test -e /var/lib/lxc/$LXC_NAME1.lock_file* || test -e /var/lib/lxc/$LXC_NAME2.lock_file*; do
ynh_print_info --message="> Attend la libération des lock sur les conteneurs."
while test -e /var/lib/lxd/$lxc_name1.lock_file* || test -e /var/lib/lxd/$lxc_name2.lock_file*; do
sleep 5 # Attend que les conteneur soit libérés par les script upgrade ou switch, le cas échéant.
done
fi
echo "> Arrêt des conteneurs"
if [ $(sudo lxc-info --name $LXC_NAME1 | grep -c "STOPPED") -eq 0 ]; then
echo "Arrêt du conteneur $LXC_NAME1"
sudo lxc-stop -n $LXC_NAME1
ynh_print_info --message="> Arrêt des conteneurs"
if ! ynh_lxc_is_stopped --name=$lxc_name1
then
ynh_print_info --message="Arrêt du conteneur $lxc_name1"
ynh_lxc_stop_as_demo --name=$lxc_name1
fi
if [ $(sudo lxc-info --name $LXC_NAME2 | grep -c "STOPPED") -eq 0 ]; then
echo "Arrêt du conteneur $LXC_NAME2"
sudo lxc-stop -n $LXC_NAME2
if ! ynh_lxc_is_stopped --name=$lxc_name2
then
ynh_print_info --message="Arrêt du conteneur $lxc_name2"
ynh_lxc_stop_as_demo --name=$lxc_name2
fi
echo "> Suppression des règles de parefeu"
if sudo iptables -C FORWARD -i lxc_demo -o eth0 -j ACCEPT 2> /dev/null; then
sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT
fi
if sudo iptables -C FORWARD -i eth0 -o lxc_demo -j ACCEPT 2> /dev/null; then
sudo iptables -D FORWARD -i eth0 -o lxc_demo -j ACCEPT
fi
if sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null; then
sudo iptables -t nat -D POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE
fi
echo "Arrêt de l'interface réseau pour le conteneur."
if sudo ifquery lxc_demo --state > /dev/null; then
sudo ifdown --force lxc_demo
fi
sudo lxc-ls -f

69
demo_switch.sh
View file

@ -6,56 +6,69 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2)
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2)
MAIL_ADDR=$(cat "$script_dir/demo_lxc_build.sh" | grep MAIL_ADDR= | cut -d '=' -f2)
DOMAIN=$(cat "$script_dir/domain.ini")
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
log_line=$(wc -l "$script_dir/demo_switch.log" | cut -d ' ' -f 1) # Repère la fin du log actuel. Pour récupérer les lignes ajoutées sur cette exécution.
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
lxdbr_demo_network=$(ynh_app_setting_get --app=$app --key=lxdbr_demo_network)
lxc_ip1=$(ynh_app_setting_get --app=$app --key=lxc_ip1)
lxc_ip2=$(ynh_app_setting_get --app=$app --key=lxc_ip2)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2)
domain=${$(ynh_app_setting_get --app=$app --key=domain):-$(cat "$final_path/domain.ini")}
path_url=$(ynh_app_setting_get --app=$app --key=path)
log_line=$(wc -l "$final_path/demo_switch.log" | cut -d ' ' -f 1) # Repère la fin du log actuel. Pour récupérer les lignes ajoutées sur cette exécution.
log_line=$(( $log_line + 1 )) # Ignore la première ligne, reprise de l'ancien log.
date >> "$script_dir/demo_switch.log"
date >> "$final_path/demo_switch.log"
while test -e /var/lib/lxc/$LXC_NAME1.lock_file* || test -e /var/lib/lxc/$LXC_NAME2.lock_file*; do
while test -e /var/lib/lxd/$lxc_name1.lock_file* || test -e /var/lib/lxd/$lxc_name2.lock_file*; do
sleep 5 # Attend que le conteneur soit libéré par les script upgrade ou switch, le cas échéant.
done
# Vérifie l'état des machines.
if [ "$(sudo lxc-info --name $LXC_NAME1 | grep -c "RUNNING")" -eq "1" ]
if ynh_lxc_is_started --name=$lxc_name1
then # Si la machine 1 est démarrée.
LXC_A=$LXC_NAME1
LXC_B=$LXC_NAME2
LXC_A=$lxc_name1
IP_A="$lxdbr_demo_network$lxc_ip1"
LXC_B=$lxc_name2
IP_B="$lxdbr_demo_network$lxc_ip2"
else # Sinon, on suppose que c'est la machine 2 qui est en cours.
LXC_A=$LXC_NAME2
LXC_B=$LXC_NAME1
LXC_A=$lxc_name2
IP_A="$lxdbr_demo_network$lxc_ip2"
LXC_B=$lxc_name1
IP_B="$lxdbr_demo_network$lxc_ip1"
# Si aucune machine ne tourne, la première démarrera.
fi
# Supprime les éventuels swap présents.
/sbin/swapoff /var/lib/lxc/$LXC_A/rootfs/swap_*
/sbin/swapoff /var/lib/lxd/$LXC_A/rootfs/swap_*
echo "Starting $LXC_B"
ynh_print_info --message="Starting $LXC_B"
# Démarre le conteneur B et arrête le conteneur A.
sudo lxc-start -n $LXC_B -o "$script_dir/demo_switch.log" -d > /dev/null # Démarre l'autre machine
sleep 10 # Attend 10 seconde pour s'assurer du démarrage de la machine.
if [ "$(sudo lxc-info --name $LXC_B | grep -c "STOPPED")" -eq "1" ]
ynh_lxc_start_as_demo --name=$LXC_B --ip=$IP_B
sleep 5 # Attend 10 seconde pour s'assurer du démarrage de la machine.
if ! ynh_lxc_is_started --name=$LXC_B
then
# Le conteneur n'a pas réussi à démarrer. On averti un responsable par mail...
echo -e "Échec du démarrage du conteneur $LXC_B sur le serveur de demo $DOMAIN! \n\nExtrait du log:\n$(tail -n +$log_line "$script_dir/demo_switch.log")\n\nLe script 'demo_restore_crash.sh' va être exécuté pour tenter de fixer l'erreur." | mail -a "Content-Type: text/plain; charset=UTF-8" -s "Demo Yunohost" $MAIL_ADDR
$script_dir/demo_restore_crash.sh &
echo -e "Échec du démarrage du conteneur $LXC_B sur le serveur de demo $DOMAIN! \n\nExtrait du log:\n$(tail -n +$log_line "$final_path/demo_switch.log")\n\nLe script 'demo_restore_crash.sh' va être exécuté pour tenter de fixer l'erreur." | mail -a "Content-Type: text/plain; charset=UTF-8" -s "Demo Yunohost" $MAIL_ADDR
/bin/bash $final_path/demo_restore_crash.sh &
exit 1
else
echo "Stopping $LXC_A"
ynh_print_info --message="Stopping $LXC_A"
# Bascule sur le conteneur B avec le load balancing de nginx...
# Automatique par nginx lorsque la machine A sera éteinte.
# Arrêt du conteneur A. Il est remplacé par le B
sudo touch /var/lib/lxc/$LXC_A.lock_fileS # Met en place un fichier pour indiquer que la machine n'est pas encore dispo.
sudo lxc-stop -n $LXC_A
touch /var/lib/lxd/$LXC_A.lock_fileS # Met en place un fichier pour indiquer que la machine n'est pas encore dispo.
ynh_lxc_stop_as_demo --name=$LXC_A
# Supprime les éventuels swap présents.
/sbin/swapoff /var/lib/lxc/$LXC_A/rootfs/swap_*
echo "Restauring $LXC_A from snapshot"
/sbin/swapoff /var/lib/lxd/$LXC_A/rootfs/swap_*
ynh_print_info --message="Restauring $LXC_A from snapshot"
# Restaure le snapshot de la machine A avant sa prochaine exécution
sudo lxc-snapshot -r snap0 -n $LXC_A
sudo rm /var/lib/lxc/$LXC_A.lock_fileS # Libère le lock
echo "Finish restoring $LXC_A"
ynh_lxc_load_snapshot --name=$LXC_A --snapname=snap0
ynh_lxc_stop --name=$LXC_A
ynh_secure_remove --file="/var/lib/lxd/$LXC_A.lock_fileS" # Libère le lock
ynh_print_info --message="Finish restoring $LXC_A"
fi

170
demo_upgrade.sh
View file

@ -6,163 +6,27 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$(echo $PWD/$(dirname "$0" | cut -d '.' -f2) | sed 's@/$@@')"; fi
LXC_NAME1=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME1= | cut -d '=' -f2)
LXC_NAME2=$(cat "$script_dir/demo_lxc_build.sh" | grep LXC_NAME2= | cut -d '=' -f2)
IP_LXC1=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC1= | cut -d '=' -f2)
IP_LXC2=$(cat "$script_dir/demo_lxc_build.sh" | grep IP_LXC2= | cut -d '=' -f2)
PLAGE_IP=$(cat "$script_dir/demo_lxc_build.sh" | grep PLAGE_IP= | cut -d '=' -f2)
TIME_TO_SWITCH=$(cat "$script_dir/demo_lxc_build.sh" | grep TIME_TO_SWITCH= | cut -d '=' -f2)
MAIL_ADDR=$(cat "$script_dir/demo_lxc_build.sh" | grep MAIL_ADDR= | cut -d '=' -f2)
DOMAIN=$(cat "$script_dir/domain.ini")
source $script_dir/ynh_lxd
source $script_dir/ynh_lxd_demo
source /usr/share/yunohost/helpers
IP_UPGRADE=$PLAGE_IP.150
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
lxc_name1=$(ynh_app_setting_get --app=$app --key=lxc_name1)
lxc_name2=$(ynh_app_setting_get --app=$app --key=lxc_name2)
time_to_switch=$(ynh_app_setting_get --app=$app --key=time_to_switch)
IP_UPGRADE=$lxdbr_demo_network.150
LOOP=0
log_line=$(wc -l "$script_dir/demo_upgrade.log" | cut -d ' ' -f 1) # Repère la fin du log actuel. Pour récupérer les lignes ajoutées sur cette exécution.
log_line=$(wc -l "$final_path/demo_upgrade.log" | cut -d ' ' -f 1) # Repère la fin du log actuel. Pour récupérer les lignes ajoutées sur cette exécution.
log_line=$(( $log_line + 1 )) # Ignore la première ligne, reprise de l'ancien log.
date >> "$script_dir/demo_upgrade.log"
date >> "$final_path/demo_upgrade.log"
UPGRADE_DEMO_CONTAINER () { # Démarrage, upgrade et snapshot
MACHINE=$1
IP_MACHINE=$2
echo "Upgrading $MACHINE"
# Attend que la machine soit éteinte.
# Timeout à $TIME_TO_SWITCH +5 minutes, en seconde
TIME_OUT=$(($TIME_TO_SWITCH * 60 + 300))
sudo lxc-wait -n $MACHINE -s 'STOPPED' -t $TIME_OUT
while test -e /var/lib/lxc/$MACHINE.lock_fileS; do
sleep 5 # Attend que le conteneur soit libéré par le script switch.
done
sudo touch /var/lib/lxc/$MACHINE.lock_fileU # Met en place un fichier pour indiquer que la machine est indisponible pendant l'upgrade
# Supprime les éventuels swap présents.
/sbin/swapoff /var/lib/lxc/$MACHINE/rootfs/swap_*
# Restaure le snapshot
sudo lxc-snapshot -r snap0 -n $MACHINE
# Change l'ip du conteneur le temps de l'upgrade. Pour empêcher HAProxy de basculer sur le conteneur.
sudo sed -i "s@address $IP_MACHINE@address $IP_UPGRADE@" /var/lib/lxc/$MACHINE/rootfs/etc/network/interfaces
# Active le bridge réseau
if ! sudo ifquery lxc_demo --state > /dev/null
then
sudo ifup lxc_demo --interfaces=/etc/network/interfaces.d/lxc_demo
fi
# Configure le parefeu
if ! sudo iptables -D FORWARD -i lxc_demo -o eth0 -j ACCEPT 2> /dev/null
then
sudo iptables -A FORWARD -i lxc_demo -o eth0 -j ACCEPT
fi
if ! sudo iptables -C FORWARD -i eth0 -o lxc_demo -j ACCEPT 2> /dev/null
then
sudo iptables -A FORWARD -i eth0 -o lxc_demo -j ACCEPT
fi
if ! sudo iptables -t nat -C POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE 2> /dev/null
then
sudo iptables -t nat -A POSTROUTING -s $PLAGE_IP.0/24 -j MASQUERADE
fi
# Démarre le conteneur
date >> "$script_dir/demo_boot.log"
sudo lxc-start -n $MACHINE -o "$script_dir/demo_boot.log" -d > /dev/null
sleep 10
# Update
update_apt=0
sudo lxc-attach -n $MACHINE -- apt-get update
sudo lxc-attach -n $MACHINE -- apt-get dist-upgrade --dry-run | grep -q "^Inst " > /dev/null # Vérifie si il y aura des mises à jour.
if [ "$?" -eq 0 ]; then
date
update_apt=1
# Upgrade
sudo lxc-attach -n $MACHINE -- apt-get dist-upgrade --option Dpkg::Options::=--force-confold -yy
# Clean
sudo lxc-attach -n $MACHINE -- apt-get autoremove -y
sudo lxc-attach -n $MACHINE -- apt-get autoclean
fi
sudo lxc-attach -n $MACHINE -- yunohost tools update
sudo lxc-attach -n $MACHINE -- yunohost tools upgrade system
# Exécution des scripts de upgrade.d
LOOP=$((LOOP + 1))
while read LIGNE
do
if [ ! "$LIGNE" == "exemple" ] && [ ! "$LIGNE" == "old_scripts" ] && [ ! "$LIGNE" == "Constant_upgrade" ] && ! echo "$LIGNE" | grep -q ".fail$" # Le fichier exemple, le dossier old_scripts et les scripts fail sont ignorés
then
date
# Exécute chaque script trouvé dans upgrade.d
echo "Exécution du script $LIGNE sur le conteneur $MACHINE"
/bin/bash "$script_dir/upgrade.d/$LIGNE" $MACHINE
if [ "$?" -ne 0 ]; then # Si le script a échoué, le snapshot est annulé.
echo "Échec du script $LIGNE"
mv -f "$script_dir/upgrade.d/$LIGNE" "$script_dir/upgrade.d/$LIGNE.fail"
echo -e "Échec d'exécution du script d'upgrade $LIGNE sur le conteneur $MACHINE sur le serveur de demo $DOMAIN!\nLe script a été renommé en .fail, il ne sera plus exécuté tant que le préfixe ne sera pas retiré.\n\nExtrait du log:\n$(tail -n +$log_line "$script_dir/demo_upgrade.log")" | mail -a "Content-Type: text/plain; charset=UTF-8" -s "Demo Yunohost" $MAIL_ADDR
update_apt=0
else
echo "Le script $LIGNE a été exécuté sans erreur"
update_apt=1
fi
fi
done <<< "$(ls -1 "$script_dir/upgrade.d")"
# Exécution des scripts de upgrade.d/Constant_upgrade
while read LIGNE
do
if [ "$update_apt" -eq "1" ]
then
date
# Exécute chaque script trouvé dans upgrade.d/Constant_upgrade
echo "Exécution du script $LIGNE sur le conteneur $MACHINE"
/bin/bash "$script_dir/upgrade.d/Constant_upgrade/$LIGNE" $MACHINE
if [ "$?" -ne 0 ]; then
echo "Échec du script $LIGNE"
echo -e "Échec d'exécution du script d'upgrade $LIGNE sur le conteneur $MACHINE sur le serveur de demo $DOMAIN!\n"
else
echo "Le script $LIGNE a été exécuté sans erreur"
fi
fi
done <<< "$(ls -1 "$script_dir/upgrade.d/Constant_upgrade")"
# Upgrade des apps
sudo lxc-attach -n $MACHINE -- yunohost tools update
sudo lxc-attach -n $MACHINE -- systemctl restart nginx
sudo lxc-attach -n $MACHINE -- yunohost tools upgrade apps
sudo lxc-attach -n $MACHINE -- systemctl restart nginx
# Arrêt de la machine virtualisée
sudo lxc-stop -n $MACHINE
# Restaure l'ip d'origine du conteneur.
sudo sed -i "s@address $IP_UPGRADE@address $IP_MACHINE@" /var/lib/lxc/$MACHINE/rootfs/etc/network/interfaces
if [ "$update_apt" -eq "1" ]
then
# Archivage du snapshot
sudo tar -cz --acls --xattrs -f /var/lib/lxcsnaps/$MACHINE/snap0.tar.gz /var/lib/lxcsnaps/$MACHINE/snap0
# Remplacement du snapshot
sudo lxc-snapshot -n $MACHINE -d snap0
sudo lxc-snapshot -n $MACHINE
if [ "$LOOP" -eq 2 ]
then # Après l'upgrade du 2e conteneur, déplace les scripts dans le dossier des anciens scripts si ils ont été exécutés avec succès.
ls -1 "$script_dir/upgrade.d" | while read LIGNE
do
if [ ! "$LIGNE" == "exemple" ] && [ ! "$LIGNE" == "old_scripts" ] && [ ! "$LIGNE" == "Constant_upgrade" ] && ! echo "$LIGNE" | grep -q ".fail$" # Le fichier exemple, le dossier old_scripts et les scripts fail sont ignorés
then
mv -f "$script_dir/upgrade.d/$LIGNE" "$script_dir/upgrade.d/old_scripts/$LIGNE"
fi
done
fi
fi
sudo rm /var/lib/lxc/$MACHINE.lock_fileU # Libère le lock, la machine est à nouveau disponible
echo "Finished upgrading $MACHINE"
}
echo ""
ynh_print_info --message="Starting upgrade..."
date
UPGRADE_DEMO_CONTAINER $LXC_NAME1 $IP_LXC1
UPGRADE_DEMO_CONTAINER $LXC_NAME2 $IP_LXC2
ynh_lxc_upgrade_demo --name=$lxc_name1 --time_to_switch=$time_to_switch
ynh_lxc_upgrade_demo --name=$lxc_name2 --time_to_switch=$time_to_switch
ynh_print_info --message="Upgrade finished..."

23
upgrade.d/Constant_upgrade/Default_login
View file

@ -3,12 +3,23 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi
MACHINE=$1 # Nom du conteneur
source $script_dir/../../ynh_lxd
source /usr/share/yunohost/helpers
app=${__APP__:-yunohost_demo}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
demo_user=$(ynh_app_setting_get --app=$app --key=demo_user)
demo_password=$(ynh_app_setting_get --app=$app --key=demo_password)
MACHINE=$1 # Nom du conteneur
# Active le mode démo de la webadmin / TO BE IMPLEMENTED
#ynh_lxc_run_inside --name="$lxc_name1" --command="yunohost settings set demo 1"
# Indique le couple login/mot de passe demo/demo
# Et ajoute demo/demo par défaut dans les champs d'identification
sed -i "s/id=\"user\" type=\"text\" name=\"user\"/id=\"user\" type=\"text\" name=\"user\" value=\"demo\"/" /var/lib/lxc/$MACHINE/rootfs/usr/share/ssowat/portal/login.html
sed -i "s/id=\"password\" type=\"password\" name=\"password\"/id=\"password\" type=\"password\" name=\"password\" value=\"demo\"/" /var/lib/lxc/$MACHINE/rootfs/usr/share/ssowat/portal/login.html
#sed -i "17i\&emsp;&emsp;&emsp;Password: $YUNO_PWD" /var/lib/lxc/$MACHINE/rootfs/usr/share/yunohost/admin/views/login.ms # Et sur le login admin
#sed -i "s/type=\"password\" id=\"password\" name=\"password\"/type=\"password\" id=\"password\" name=\"password\" value=\"$YUNO_PWD\"/" /var/lib/lxc/$MACHINE/rootfs/usr/share/yunohost/admin/views/login.ms
ynh_lxc_run_inside --name="$MACHINE" --command="sed -i \"3i\<center>Login: $demo_user / Password: $demo_password</center>\" /usr/share/ssowat/portal/login.html" # Sur le login du portail
ynh_lxc_run_inside --name="$MACHINE" --command="sed -i \"s/id=\"user\" type=\"text\" name=\"user\"/id=\"user\" type=\"text\" name=\"user\" value=\"$demo_user\"/\" /usr/share/ssowat/portal/login.html"
ynh_lxc_run_inside --name="$MACHINE" --command="sed -i \"s/id=\"password\" type=\"password\" name=\"password\"/id=\"password\" type=\"password\" name=\"password\" value=\"$demo_password\"/\" /usr/share/ssowat/portal/login.html"
# ainsi que dans la webadmin
#sed -i "17i\&emsp;&emsp;&emsp;Password: $YUNO_PWD" /var/lib/lxd/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/login.ms # Et sur le login admin
#sed -i "s/type=\"password\" id=\"password\" name=\"password\"/type=\"password\" id=\"password\" name=\"password\" value=\"$YUNO_PWD\"/" /var/lib/lxd/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/login.ms

4
upgrade.d/Constant_upgrade/Disable_add_domain
View file

@ -3,7 +3,7 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi
MACHINE=$1 # Nom du conteneur
MACHINE=$1 # Nom du conteneur
# Désactive l'ajout de domaine, pour éviter surtout les nohost
#sed -i "s@<input type=\"submit\" role=\"button\" class=\"btn btn-success slide back\" value=\"{{t 'add'}}\">@<input type=\"\" role=\"\" class=\"btn btn-success slide back\" value=\"{{t 'add'}}\">@g" /var/lib/lxc/$MACHINE/rootfs/usr/share/yunohost/admin/views/domain/domain_add.ms
#sed -i "s@<input type=\"submit\" role=\"button\" class=\"btn btn-success slide back\" value=\"{{t 'add'}}\">@<input type=\"\" role=\"\" class=\"btn btn-success slide back\" value=\"{{t 'add'}}\">@g" /var/lib/lxd/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/domain/domain_add.ms

4
upgrade.d/Constant_upgrade/Disable_custom_apps
View file

@ -3,7 +3,7 @@
# Récupère le dossier du script
if [ "${0:0:1}" == "/" ]; then script_dir="$(dirname "$0")"; else script_dir="$PWD/$(dirname "$0" | cut -d '.' -f2)"; fi
MACHINE=$1 # Nom du conteneur
MACHINE=$1 # Nom du conteneur
# Désactive l'installation d'app custom
#sed -i "s@<a role=\"button\" class=\"btn btn-success slide\">{{t 'install'}}</a>@<a role=\"\" class=\"btn btn-success slide\">{{t 'install'}}</a>@g" /var/lib/lxc/$MACHINE/rootfs/usr/share/yunohost/admin/views/app/app_catalog_category.ms
#sed -i "s@<a role=\"button\" class=\"btn btn-success slide\">{{t 'install'}}</a>@<a role=\"\" class=\"btn btn-success slide\">{{t 'install'}}</a>@g" /var/lib/lxd/yunohost_demo1/rootfs/usr/share/yunohost/admin/views/app/app_catalog_category.ms

177
ynh_lxd_demo Normal file
View file

@ -0,0 +1,177 @@
#!/bin/bash
#=================================================
# Demo helpers
#=================================================
# Start an LXC container in demo mode
#
# usage: ynh_lxc_start_as_demo --name=name --ip=ip
# | arg: -n, --name= - name of the LXC
# | arg: -n, --ip= - demo ip of the lxc
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_start_as_demo() {
# Declare an array to define the options of this helper.
local legacy_args=ni
local -A args_array=([n]=name= [i]=ip=)
local name
local ip
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
ynh_lxc_stop --name="$name"
lxc config device set $name eth1 ipv4.address $ip
_ynh_lxc_start_and_wait --name="$name"
}
# Stop an LXC container in demo mode
#
# usage: ynh_lxc_stop_as_demo --name=name
# | arg: -n, --name= - name of the LXC
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_stop_as_demo() {
# Declare an array to define the options of this helper.
local legacy_args=n
local -A args_array=([n]=name=)
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
ynh_lxc_stop --name="$name"
lxc config device unset $name eth1 ipv4.address
}
# Upgrading demo container
#
# usage: ynh_lxc_upgrade_demo --name=name --time_to_switch=time_to_switch
# | arg: -n, --name= - name of the LXC
# | arg: -t, --time_to_switch= - time to switch
#
# Requires YunoHost version *.*.* or higher.
ynh_lxc_upgrade_demo() {
# Declare an array to define the options of this helper.
local legacy_args=nt
local -A args_array=([n]=name= [t]=time_to_switch=)
local name
local time_to_switch
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
ynh_print_info --message="Upgrading $name"
# Attend que la machine soit éteinte.
# Timeout à $time_to_switch +5 minutes, en seconde
TIME_OUT=$(($time_to_switch * 60 + 300))
wait_period=0
while ! ynh_lxc_is_stopped --name=$name
do
wait_period=$(($wait_period+10))
if [ $wait_period -gt $TIME_OUT ];then
break
else
sleep 5
fi
done
while test -e /var/lib/lxd/$name.lock_fileS; do
sleep 5 # Attend que le conteneur soit libéré par le script switch.
done
touch /var/lib/lxd/$name.lock_fileU # Met en place un fichier pour indiquer que la machine est indisponible pendant l'upgrade
# Supprime les éventuels swap présents.
/sbin/swapoff /var/lib/lxd/$name/rootfs/swap_*
# Restaure le snapshot
ynh_lxc_load_snapshot --name=$name --snapname=snap0
# Démarre le conteneur
date >> "$final_path/demo_boot.log"
# Update
update_apt=0
ynh_lxc_run_inside --name="$name" --command="apt-get update"
ynh_lxc_run_inside --name="$name" --command="apt-get dist-upgrade --dry-run | grep -q "^Inst " > /dev/null" # Vérifie si il y aura des mises à jour.
if [ "$?" -eq 0 ]; then
date
update_apt=1
# Upgrade
ynh_lxc_run_inside --name="$name" --command="apt-get dist-upgrade --option Dpkg::Options::=--force-confold -yy"
# Clean
ynh_lxc_run_inside --name="$name" --command="apt-get autoremove -y"
ynh_lxc_run_inside --name="$name" --command="apt-get autoclean"
fi
ynh_lxc_run_inside --name="$name" --command="yunohost tools update"
ynh_lxc_run_inside --name="$name" --command="yunohost tools upgrade system"
# Exécution des scripts de upgrade.d
LOOP=$((LOOP + 1))
while read LIGNE
do
if [ ! "$LIGNE" == "exemple" ] && [ ! "$LIGNE" == "old_scripts" ] && [ ! "$LIGNE" == "Constant_upgrade" ] && ! echo "$LIGNE" | grep -q ".fail$" # Le fichier exemple, le dossier old_scripts et les scripts fail sont ignorés
then
date
# Exécute chaque script trouvé dans upgrade.d
ynh_print_info --message="Exécution du script $LIGNE sur le conteneur $name"
/bin/bash "$final_path/upgrade.d/$LIGNE" $name
if [ "$?" -ne 0 ]; then # Si le script a échoué, le snapshot est annulé.
ynh_print_info --message="Échec du script $LIGNE"
mv -f "$final_path/upgrade.d/$LIGNE" "$final_path/upgrade.d/$LIGNE.fail"
echo -e "Échec d'exécution du script d'upgrade $LIGNE sur le conteneur $name sur le serveur de demo $DOMAIN!\nLe script a été renommé en .fail, il ne sera plus exécuté tant que le préfixe ne sera pas retiré.\n\nExtrait du log:\n$(tail -n +$log_line "$script_dir/demo_upgrade.log")" | mail -a "Content-Type: text/plain; charset=UTF-8" -s "Demo Yunohost" $MAIL_ADDR
update_apt=0
else
ynh_print_info --message="Le script $LIGNE a été exécuté sans erreur"
update_apt=1
fi
fi
done <<< "$(ls -1 "$final_path/upgrade.d")"
# Exécution des scripts de upgrade.d/Constant_upgrade
while read LIGNE
do
if [ "$update_apt" -eq "1" ]
then
date
# Exécute chaque script trouvé dans upgrade.d/Constant_upgrade
ynh_print_info --message="Exécution du script $LIGNE sur le conteneur $name"
/bin/bash "$final_path/upgrade.d/Constant_upgrade/$LIGNE" $name
if [ "$?" -ne 0 ]; then
ynh_print_info --message="Échec du script $LIGNE"
echo -e "Échec d'exécution du script d'upgrade $LIGNE sur le conteneur $name sur le serveur de demo $DOMAIN!\n"
else
ynh_print_info --message="Le script $LIGNE a été exécuté sans erreur"
fi
fi
done <<< "$(ls -1 "$final_path/upgrade.d/Constant_upgrade")"
# Upgrade des apps
ynh_lxc_run_inside --name="$name" --command="yunohost tools update"
ynh_lxc_run_inside --name="$name" --command="systemctl restart nginx"
ynh_lxc_run_inside --name="$name" --command="yunohost tools upgrade apps"
ynh_lxc_run_inside --name="$name" --command="systemctl restart nginx"
# Arrêt de la machine virtualisée
ynh_lxc_stop --name=$name
if [ "$update_apt" -eq "1" ]
then
# Archivage du snapshot
tar -cz --acls --xattrs -f /var/lib/lxd/snapshots/$name/snap0.tar.gz /var/lib/lxd/snapshots/$name/snap0
# Remplacement du snapshot
ynh_lxc_create_snapshot --name=$name --snapname=snap0
if [ "$LOOP" -eq 2 ]
then # Après l'upgrade du 2e conteneur, déplace les scripts dans le dossier des anciens scripts si ils ont été exécutés avec succès.
ls -1 "$final_path/upgrade.d" | while read LIGNE
do
if [ ! "$LIGNE" == "exemple" ] && [ ! "$LIGNE" == "old_scripts" ] && [ ! "$LIGNE" == "Constant_upgrade" ] && ! echo "$LIGNE" | grep -q ".fail$" # Le fichier exemple, le dossier old_scripts et les scripts fail sont ignorés
then
mv -f "$final_path/upgrade.d/$LIGNE" "$final_path/upgrade.d/old_scripts/$LIGNE"
fi
done
fi
fi
ynh_secure_remove --file="/var/lib/lxd/$name.lock_fileU" # Libère le lock, la machine est à nouveau disponible
ynh_print_info --message="Finished upgrading $name"
}