Merge branch '2.7.0/master' into dist/eole/2.7.0/master

Plus significatif et proche des noms des autres scripts.

Makefile

@@ -4,8 +4,8 @@
 
 SOURCE=eole-mariadb
 VERSION=0.0.1
-EOLE_VERSION=2.7
+EOLE_VERSION=2.6
-EOLE_RELEASE=2.7.1
+EOLE_RELEASE=2.6.2
 PKGAPPS=non
 #FLASK_MODULE=<APPLICATION>
 

README.md

@@ -1,31 +1,5 @@
 # eole-mariadb
 
-Paquet porté pour la 2.7.1. Les tests n'ont été réalisé que sur un Eolebase.
-
-La version utilisé est mariadb 10.3
-
-Ajout de ce paquet sur une 2.7.1 :
-
-## Add the Cadoles repository on all the nodes and the Leader
-
-  GenConfig  [Mode Expert] -> Dépôts Tiers
-
- * Libellé du dépôt : Cadoles dev
- * Déclaration du dépôt : deb [ arch=all ] https://vulcain.cadoles.com 2.7.1-dev main
- * Méthode de récupération de la clé publique du dépôt : URL de la clé
- * URL de la clé : https://vulcain.cadoles.com/cadoles.gpg
-
-## Add the MariaDB repository on all the nodes and the Leader
-
-GenConfig (Mode Expert) -> Dépôt tiers :
- * Libellé du dépôt : MariaDB
- * Déclaration du dépôt :  deb [ arch=amd64 ] http://mariadb.mirrors.ovh.net/MariaDB/repo/10.3/ubuntu bionic main
- * Méthode de récupération de la clé publique du dépôt : serveur de clés
- * URL du serveur de clés : hkp://keyserver.ubuntu.com:80
- * Empreinte de la clé : 0xF1656F24C74CD1D8
-
-#######################################################################
-
 Paquet porté pour la 2.7.0. Les tests n'ont été réalisé que sur un Eolebase.
 
 La version utilisé est mariadb 10.3

schedule/extra/01_extract_hydra.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<creole>
+    <variables>
+        <family name="extract_hydra" description="Extraction des logs utiles d'Hydra">
+            <variable name="description" type="string" hidden="True"><value>Extraction des logs utiles de la base Hydra</value></variable>
+            <variable name="day" type="schedule" description="Périodicité d'exécution"><value>daily</value></variable>
+            <variable name="mode" type="schedulemod" hidden="True"><value>post</value></variable>
+        </family>
+    </variables>
+    <constraints>
+        <!-- Désactive les extractions si on est pas sur la machine qui fait les backups -->
+        <fill name='calc_multi_condition' target='schedule.extract_hydra.day'>
+            <param>non</param>
+	    <param type='eole' name='condition_1'>dbEnableBackup</param>
+            <param name='match'>none</param>
+            <param name='mismatch'>daily</param>
+        </fill>
+    </constraints>
+</creole>

schedule/scripts/extract_hydra

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+DESC="Extraction des logs de connexion de la base Hydra"
+
+. /usr/share/eole/schedule/config.sh
+
+file_date=$(date '+%Y%m%d' -d@$(($(date +%s) -3600*24))) # Date pour le format des noms de fichier
+today=$(date '+%Y-%m-%d') # Date de fin de requête
+yesterday=$(date '+%Y-%m-%d' -d@$(($(date +%s) -3600*24))) # Date de début de requête
+exit_status=0
+
+echo "Begin date: $(date)"
+
+mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
+select concat ('requested_at: ', requested_at),
+       concat ('request_id: ', request_id),
+       concat ('client_id: ', client_id),
+       concat ('subject: ', subject)
+       into outfile 'access-${file_date}' character set utf8 fields terminated by '|'
+       from hydra_oauth2_access
+       where requested_at >= '${yesterday} 00:00:00' and requested_at < '${today} 00:00:00'
+       order by requested_at ;
+EOF
+(( exit_status = exit_status || $? ))
+
+mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
+select concat ('requested_at: ', requested_at),
+       concat ('challenge: ', challenge),
+       concat ('error: ', error),
+       concat ('session_access_token: ', session_access_token),
+       concat ('session_id_token: ', session_id_token),
+       concat ('handled at: ', handled_at)
+       into outfile 'consent-request-handled-${file_date}' character set utf8 fields terminated by '|'
+       from hydra_oauth2_consent_request_handled
+       where requested_at >= '${yesterday} 00:00:00' and requested_at < '${today} 00:00:00'
+       order by requested_at ;
+EOF
+(( exit_status = exit_status || $? ))
+
+mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
+select concat ('requested_at: ', requested_at),
+       concat ('challenge: ', challenge),
+       concat ('request_url: ', request_url),
+       concat ('client_id: ', client_id),
+       concat ('login_session_id: ', login_session_id)
+       into outfile 'authentication-request-${file_date}' character set utf8 fields terminated by '|'
+       from hydra_oauth2_authentication_request
+       where requested_at >= '${yesterday} 00:00:00' and requested_at < '${today} 00:00:00'
+       order by requested_at ;
+EOF
+(( exit_status = exit_status || $? ))
+
+# Tags must be 32 char long max (otherwise, default fwd template truncates it)
+logger -f /var/lib/mysql/hydra/access-${file_date} -t mariadb_hydra-access-${file_date}
+logger -f /var/lib/mysql/hydra/consent-request-handled-${file_date} -t mariadb_hydra-consreq-h-${file_date}
+logger -f /var/lib/mysql/hydra/authentication-request-${file_date} -t mariadb_hydra-authreq-${file_date}
+
+# Remove log files older than 7 days (already saved on the NAS)
+find /var/lib/mysql/hydra/ -name 'access-*' -type f -mtime +7 -exec rm -vf {} \;
+find /var/lib/mysql/hydra/ -name 'consent-request-handled-*' -type f -mtime +7 -exec rm -vf {} \;
+find /var/lib/mysql/hydra/ -name 'authentication-request-*' -type f -mtime +7 -exec rm -vf {} \;
+
+find /var/log/rsyslog/local/mariadb_hydra/ -name 'access-*' -type f -mtime +7 -exec rm -vf {} \;
+find /var/log/rsyslog/local/mariadb_hydra/ -name 'consreq-h-*' -type f -mtime +7 -exec rm -vf {} \;
+find /var/log/rsyslog/local/mariadb_hydra/ -name 'authreq-*' -type f -mtime +7 -exec rm -vf {} \;
+
+echo "End date: $(date)"
+
+exit $exit_status

schedule/scripts/mariadb

@@ -9,9 +9,11 @@ DESC="Exportation des bases MariaDB"
 MYSQLSAVDIR=$SAVDIR/sql
 OPTION="--lock-tables"
 
-rm -f $MYSQLSAVDIR/*.sql || true
+if [[ -d ${MYSQLSAVDIR} ]] 
-mkdir -p $MYSQLSAVDIR
+then 
+   rm -rf ${MYSQLSAVDIR}
+   mkdir -p ${MYSQLSAVDIR}
+fi
 
 mariabackup --defaults-file=/etc/mysql/debian.cnf --backup --target-dir=$MYSQLSAVDIR
-
+exit $?
-exit 0

scripts/get_hydra_table_sizes

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+(
+mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
+SELECT
+  TABLE_NAME AS \`Table\`,
+  ROUND((DATA_LENGTH + INDEX_LENGTH) / 1024 / 1024) AS \`Size\`
+FROM
+  information_schema.TABLES
+WHERE
+  TABLE_SCHEMA = "hydra"
+ORDER BY
+  (DATA_LENGTH + INDEX_LENGTH)
+DESC;
+EOF
+) | while read table size; do
+  if [ "${table}" != Table ]; then
+    real_size=$(ls -lh /var/lib/mysql/hydra/${table}.ibd | cut -d' ' -f 5)
+  else
+    real_size="Taille réelle"
+  fi
+  echo -e ${table}\\t${size}M\\t${real_size}
+done
+
+echo $a

scripts/optimize_hydra

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# Optimize sur les tables d'Hydra
+
+echo "Begin date: $(date)"
+
+part=$1
+
+if [ -z "$part" ]; then
+    echo 'Bad empty part. Please give a number between 1 and 7'
+    exit 1
+fi
+
+case $part in
+    1)
+	tables='hydra_oauth2_access'
+	;;
+    2)
+	tables='hydra_oauth2_oidc'
+	;;
+    3)
+	tables='hydra_oauth2_code'
+	;;
+    4)
+	tables='hydra_oauth2_authentication_request'
+	;;
+    5)
+	tables='hydra_oauth2_consent_request'
+	;;
+    6)
+	tables='hydra_oauth2_logout_request, hydra_oauth2_consent_request_handled'
+	;;
+    7)
+	tables='hydra_oauth2_authentication_session, hydra_oauth2_authentication_request_handled, hydra_oauth2_pkce'
+	;;
+    *)
+	echo "Unexpected error. Part: $part"
+	exit 1
+esac
+
+mysql --defaults-file=/etc/mysql/debian.cnf hydra <<EOF
+OPTIMIZE TABLE $tables;
+EOF
+
+exit_val=$?
+
+echo "End date:   $(date)"
+
+exit $exit_val