diff --git a/src/envole-1.0/.env b/src/envole-1.0/.env index 54480b5..f491ce8 100644 --- a/src/envole-1.0/.env +++ b/src/envole-1.0/.env @@ -1,2 +1,2 @@ -PODBIN=podman -PODCOMPOSEBIN=podman-compose \ No newline at end of file +PODBIN=docker +PODCOMPOSEBIN=docker-compose \ No newline at end of file diff --git a/src/envole-1.0/docker-compose.yml b/src/envole-1.0/docker-compose.yml index 666d375..383c2dd 100644 --- a/src/envole-1.0/docker-compose.yml +++ b/src/envole-1.0/docker-compose.yml @@ -41,7 +41,12 @@ services: keycloak: image: docker.io/jboss/keycloak container_name: envole-keycloak - restart: always + restart: always + #entrypoint: /bin/bash # Spécifiez le point d'entrée souhaité (dans cet exemple, /bin/bash) + #command: + #tty: true + #stdin_open: true + healthcheck: test: curl --fail http://127.0.0.1:9990 || exit 1 interval: 1s @@ -50,7 +55,8 @@ services: networks: - envole-network ports: - - 9000:8443 + - 8080:8080 + - 8443:8443 volumes: - './volume/keycloak/data/keycloak-protocol-cas-16.1.1.jar:/opt/jboss/keycloak/standalone/deployments/keycloak-protocol-cas-16.1.1.jar' - './volume/keycloak/envole:/envole' @@ -124,7 +130,8 @@ services: networks: - envole-network ports: - - "9002:80" + - "9102:80" networks: - envole-network: \ No newline at end of file + envole-network: + name: envole-network \ No newline at end of file diff --git a/src/envole-1.0/env/.env b/src/envole-1.0/env/.env index 8bfc777..b1b298b 100644 --- a/src/envole-1.0/env/.env +++ b/src/envole-1.0/env/.env @@ -1,55 +1,63 @@ # == GLOBAL =============================================================================================================================== +# RELEASE SYSTEM = linux ou eole si eole le réseau du compose sera supprimé et regénéré à chaque UP +RELEASE_SYSTEM=linux + +# GLOBAL +APP_ENV=PROD +WEB_URL=localhost + # ADMIN USER ADMIN_USER=admin ADMIN_PASSWORD=changeme # MASTERIDENTITY -MASTERIDENTITY=SQL # SQL or SSO or (to do LDAP) +# SQL or SSO or (to do LDAP) +MASTERIDENTITY=SQL # AUTHENTIFICATION -MODE_AUTH=SQL # SQL or CAS (todo LDAP or OPENID) +# SQL or CAS (todo LDAP or OPENID) +MODE_AUTH=SQL # MARIADB MARIADB_SERVICE_NAME=mariadb +MARIADB_ACTIVATE=1 +MARIADB_LOCAL=1 MARIADB_ROOT_PASSWORD=${ADMIN_PASSWORD} MARIADB_USER=user MARIADB_PASSWORD=changeme +# LDAP +# LDAP_SYNC Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP +LDAP_SERVICE_NAME=openldap +LDAP_ACTIVATE=1 +LDAP_LOCAL=1 +LDAP_TYPE=LDAP +LDAP_HOST=${LDAP_SERVICE_NAME} +LDAP_PORT=1389 +LDAP_TLS=0 +LDAP_BASEDN=dc=envole,dc=org +LDAP_ADMIN_USERNAME=${ADMIN_USER} +LDAP_USER=cn=${LDAP_ADMIN_USERNAME},${LDAP_BASEDN} +LDAP_PASSWORD=${ADMIN_PASSWORD} +LDAP_BASEUSER=ou=users,ou=ninegate,${LDAP_BASEDN} +LDAP_BASENIVEAU01=ou=niveau01,ou=ninegate,${LDAP_BASEDN} +LDAP_BASENIVEAU02=ou=niveau02,ou=ninegate,${LDAP_BASEDN} +LDAP_BASEGROUP=ou=groups,ou=ninegate,${LDAP_BASEDN} +LDAP_SYNC=1 + # CAS +# attention si localhost = ajouter keycloak dans votre propre host : le service web doit valider son ticket via le nom du service et votre navigateur doit assi le voir CAS_SERVICE_NAME=keycloak CAS_ACTIVATE=1 CAS_LOCAL=1 CAS_USER=${ADMIN_USER}-keycloak CAS_PASSWORD=${ADMIN_PASSWORD}-keycloak -CAS_HOST=keycloak # attention si localhost = ajouter keycloak dans votre propre host : le service web doit valider son ticket via le nom du service et votre navigateur doit assi le voir +CAS_HOST=keycloak CAS_PORT=8443 CAS_PATH=/auth/realms/envole/protocol/cas CAS_URL=https://${CAS_HOST}:${CAS_PORT} -# LDAP -LDAP_SERVICE_NAME=openldap -LDAP_ACTIVATE=1 -LDAP_LOCAL=1 -LDAP_TYPE=LDAP # LDAP ou AD -LDAP_HOST=${LDAP_SERVICE_NAME} -LDAP_PORT=1389 -LDAP_TLS=0 -LDAP_BASEDN="dc=envole,dc=org" -LDAP_ADMIN_USERNAME=${ADMIN_USER} -LDAP_USER="cn=${LDAP_ADMIN_USERNAME},${LDAP_BASEDN}" -LDAP_PASSWORD=${ADMIN_PASSWORD} -LDAP_BASEUSER="ou=users,ou=ninegate,${LDAP_BASEDN}" -LDAP_BASENIVEAU01="ou=niveau01,ou=ninegate,${LDAP_BASEDN}" -LDAP_BASENIVEAU02="ou=niveau02,ou=ninegate,${LDAP_BASEDN}" -LDAP_BASEGROUP="ou=groups,ou=ninegate,${LDAP_BASEDN}" -LDAP_SYNC=1 # Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP - -# Activation des services -# _ACTIVATE = l'application est-elle active -# _LOCAL = l'application est-elle à activer localement -# _URL = url de l'application si non local indiquer l'url distante de l'application - # NINEGATE NINEGATE_SERVICE_NAME=ninegate NINEGATE_ACTIVATE=1 diff --git a/src/envole-1.0/env/.env.zapp.keycloak b/src/envole-1.0/env/.env.zapp.keycloak index 4ba305d..be3f023 100644 --- a/src/envole-1.0/env/.env.zapp.keycloak +++ b/src/envole-1.0/env/.env.zapp.keycloak @@ -4,9 +4,12 @@ KEYCLOAK_USER=${CAS_USER} KEYCLOAK_PASSWORD=${CAS_PASSWORD} DB_ADDR=${MARIADB_SERVICE_NAME} +DB_VENDOR=mariadb DB_DATABASE=keycloak +DB_PORT=3306 DB_USER=${MARIADB_USER} DB_PASSWORD=${MARIADB_PASSWORD} KC_HTTPS_CERTIFICATE_FILE=/envole/server.crt.pem KC_HTTPS_CERTIFICATE_KEY_FILE=/envole/server.key.pem -KEYCLOAK_IMPORT=/envole/realm-export.json \ No newline at end of file +KEYCLOAK_IMPORT=/envole/realm-export.json + diff --git a/src/envole-1.0/env/.env.zapp.openldap b/src/envole-1.0/env/.env.zapp.openldap index 25401b5..ac4972f 100644 --- a/src/envole-1.0/env/.env.zapp.openldap +++ b/src/envole-1.0/env/.env.zapp.openldap @@ -7,3 +7,4 @@ LDAP_ADMIN_DN=${LDAP_USER} LDAP_USERS="dockernouser" LDAP_PASSWORDS="dockernouser" LDAP_CUSTOM_SCHEMA_FILE=/envole/schema/cadoles.ldif + diff --git a/src/envole-1.0/envole.sh b/src/envole-1.0/envole.sh index 90325a8..dcaae0f 100755 --- a/src/envole-1.0/envole.sh +++ b/src/envole-1.0/envole.sh @@ -66,6 +66,18 @@ BigTitle "ENVOLE" stop() { Title "STOP" $PODCOMPOSEBIN stop $1 + if [[ "$PODCOMPOSEBIN" == "podman-compose" ]] + then + if [[ "$1" == "" ]] + then + CONTAINER_NAMES=$($PODCOMPOSEBIN -f docker-compose.yml ps | awk 'NR > 1 {print $1}') + for CONTAINER_NAME in $CONTAINER_NAMES; do + $PODBIN rm -f $CONTAINER_NAME + done + else + $PODBIN rm "envole-"$1 + fi + fi } #=========================================================================================================================================== @@ -93,7 +105,7 @@ wait_for_container() { } upservice(){ - $PODCOMPOSEBIN up -d $1 + $PODCOMPOSEBIN up -d $1 wait_for_container $1 } @@ -106,90 +118,99 @@ up(){ # Stop du ou des services stop $1 - - - # MARIADB - Title "MARIADB" - upservice $MARIADB_SERVICE_NAME - echo - - # CREATE BDD - if [[ $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]] - then - EchoVert ${CAS_SERVICE_NAME^^} - $PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/init.sh $CAS_SERVICE_NAME - fi - - if [[ $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]] - then - EchoVert ${NINEGATE_SERVICE_NAME^^} - $PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/init.sh $NINEGATE_SERVICE_NAME - fi - - if [[ $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]] - then - EchoVert ${NEXTCLOUD_SERVICE_NAME^^} - $PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/init.sh $NEXTCLOUD_SERVICE_NAME - fi - - # OPENLDAP - if [[ $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]] - then - Title ${LDAP_SERVICE_NAME^^} - - mkdir -p ./volume/openldap/data - chmod a+wr ./volume/openldap/data - - #$PODCOMPOSEBIN up -d $LDAP_SERVICE_NAME - upservice $LDAP_SERVICE_NAME - $PODCOMPOSEBIN exec $LDAP_SERVICE_NAME /envole/init.sh - fi - - # CAS - if [[ $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]] - then - Title ${CAS_SERVICE_NAME^^} - - upservice $CAS_SERVICE_NAME - fi - # SERVICES - Title "UP" if [[ -z "$1" ]] then + # NETWORK + if [[ "$RELEASE_SYSTEM" == "eole" ]] + then + Title "NETWORK" + # On réinstall docker-ce car le reconf détruit le reseau docker, la reinstall de docker-ce rétablit le reseau + apt-get install docker-ce --reinstall + fi + + # MARIADB + if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]] + then + Title "MARIADB" + upservice $MARIADB_SERVICE_NAME + echo + + # CREATE BDD + if [[ $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]] + then + EchoVert ${CAS_SERVICE_NAME^^} + $PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/init.sh $CAS_SERVICE_NAME + fi + + if [[ $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]] + then + EchoVert ${NINEGATE_SERVICE_NAME^^} + $PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/init.sh $NINEGATE_SERVICE_NAME + fi + + if [[ $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]] + then + EchoVert ${NEXTCLOUD_SERVICE_NAME^^} + $PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/init.sh $NEXTCLOUD_SERVICE_NAME + fi + fi + + # OPENLDAP + if [[ $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]] + then + Title ${LDAP_SERVICE_NAME^^} + + mkdir -p ./volume/openldap/data + chmod a+wr ./volume/openldap/data + + upservice $LDAP_SERVICE_NAME + $PODCOMPOSEBIN exec $LDAP_SERVICE_NAME /envole/init.sh + fi + + # CAS + if [[ $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]] + then + Title ${CAS_SERVICE_NAME^^} + upservice $CAS_SERVICE_NAME + fi + + # NINEGATE if [[ $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]] then - EchoVert ${NINEGATE_SERVICE_NAME^^} - $PODCOMPOSEBIN up -d $NINEGATE_SERVICE_NAME - #upservice ${NINEGATE_SERVICE_NAME} + Title ${NINEGATE_SERVICE_NAME^^} + upservice ${NINEGATE_SERVICE_NAME} echo fi + # NEXTCLOUD if [[ $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]] then - ctrlUpdate ${NEXTCLOUD_SERVICE_NAME} - EchoVert ${NEXTCLOUD_SERVICE_NAME^^} + Title ${NEXTCLOUD_SERVICE_NAME^^} upservice ${NEXTCLOUD_SERVICE_NAME} echo fi + # ADMINER if [[ $ADMINER_ACTIVATE == 1 && $ADMINER_LOCAL == 1 ]] then - EchoVert ${ADMINER_SERVICE_NAME^^} + Title ${ADMINER_SERVICE_NAME^^} $PODCOMPOSEBIN up -d ${ADMINER_SERVICE_NAME} echo fi + # PHPLDAPADMIN if [[ $PHPLDAPADMIN_ACTIVATE == 1 && $PHPLDAPADMIN_LOCAL == 1 ]] then - EchoVert ${PHPLDAPADMIN_SERVICE_NAME^^} + Title ${PHPLDAPADMIN_SERVICE_NAME^^} $PODCOMPOSEBIN up -d ${PHPLDAPADMIN_SERVICE_NAME} echo fi + # NINEAPACHE if [[ $NINEAPACHE_ACTIVATE == 1 && $NINEAPACHE_LOCAL == 1 ]] then - EchoVert ${NINEAPACHE_SERVICE_NAME^^} + Title ${NINEAPACHE_SERVICE_NAME^^} $PODCOMPOSEBIN up -d ${NINEAPACHE_SERVICE_NAME} echo fi @@ -199,6 +220,92 @@ up(){ fi } +#=========================================================================================================================================== +#== DESTROY ================================================================================================================================ +#=========================================================================================================================================== + +destroyall(){ + Question_ouinon "Souhaitez-vous supprimer l'ensemble des containers : Attention cela supprimera vraiment tout ?" + if [[ "$?" = 0 ]] + then + destroy mariadb 1 + destroy openldap 1 + destroy keycloak 1 + destroy ninegate 1 + destroy nextcloud 1 + destroy adminer 1 + destroy phpldapadmin 1 + destroy nineapache 1 + fi +} + +#=========================================================================================================================================== +#== DESTROY ================================================================================================================================ +#=========================================================================================================================================== +#1 = service to destroy +#2 = ne pas poser de questions + +destroy(){ + stop $1 + + Title "DESTROY "${1^^} + if [[ "$PODCOMPOSEBIN" == "docker-compose" ]] + then + $PODBIN rm "envole-$1" + fi + + if [[ "$1" == "$MARIADB_SERVICE_NAME" && $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]] + then + if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer l'ensemble des bases ?";fi + if [[ "$?" = 0 || -z $2 ]] + then + sudo rm -rf volume/mariadb/mysql + fi + fi + + if [[ "$1" == "$LDAP_SERVICE_NAME" && $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]] + then + if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer l'annuaire associé à $1 ?";fi + if [[ "$?" = 0 || -z $2 ]] + then + sudo rm -rf volume/openldap/data + mkdir volume/openldap/data + chmod a+w volume/openldap/data -R + chmod a+r volume/openldap/data -R + fi + fi + + if [[ "$1" == "$CAS_SERVICE_NAME" && $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]] + then + if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi + if [[ "$?" = 0 || -z $2 ]] + then + $PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $CAS_SERVICE_NAME + fi + fi + + + if [[ "$1" == "$NINEGATE_SERVICE_NAME" && $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]] + then + if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi + if [[ "$?" = 0 || -z $2 ]] + then + $PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $NINEGATE_SERVICE_NAME + fi + fi + + if [[ "$1" == "$NEXTCLOUD_SERVICE_NAME" && $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]] + then + if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ainsi que les fichiers utilisateurs ?";fi + if [[ "$?" = 0 || -z $2 ]] + then + $PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $NEXTCLOUD_SERVICE_NAME + sudo rm -rf volume/nextcloud/data + sudo rm -rf volume/nextcloud/html + sudo rm -rf volume/nextcloud/app + fi + fi +} #=========================================================================================================================================== #== MAIN =================================================================================================================================== @@ -219,39 +326,24 @@ then else $PODCOMPOSEBIN exec $2 "/bin/bash" fi +elif [[ $1 == "destroyall" ]] +then + destroyall elif [[ $1 == "destroy" ]] then if [[ -z $2 ]] then EchoRouge "Vous devez precisez un service" - EchoRouge "envole.sh bash monservice" + EchoRouge "envole.sh destroy monservice" else - $PODCOMPOSEBIN down $2 - $PODCOMPOSEBIN rm $2 - - echo $2 - echo $LDAP_SERVICE_NAME - if [[ "$2" == "$LDAP_SERVICE_NAME" && $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]] - then - sudo rm -rf volume/openldap/data - mkdir volume/openldap/data - chmod a+w volume/openldap/data -R - chmod a+r volume/openldap/data -R - fi - - if [[ "$2" == "$CAS_SERVICE_NAME" && $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]] - then - Question_ouinon "Souhaitez-vous supprimer la BDD associé à $2 ?" - if [ "$?" = 0 ] - then - $PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $CAS_SERVICE_NAME - fi - - fi + destroy $2 fi +elif [[ $1 == "logs" ]] +then + $PODCOMPOSEBIN logs -f $2 elif [[ $1 == "env" ]] then - EchoVert Fichier .env.local regénéré + EchoVert "Fichier .env.local regénéré" fi echo echo \ No newline at end of file diff --git a/src/envole-1.0/volume/keycloak/envole/realm-export.json b/src/envole-1.0/volume/keycloak/envole/realm-export.json index 3d2ee64..978a0d7 100644 --- a/src/envole-1.0/volume/keycloak/envole/realm-export.json +++ b/src/envole-1.0/volume/keycloak/envole/realm-export.json @@ -435,16 +435,16 @@ "id": "133d3397-41e7-4ec1-aaf0-a0939da72f58", "clientId": "envole", "name": "envole", - "rootUrl": "https://localhost", - "baseUrl": "http://localhost:8000", + "rootUrl": "https://eolebase.ac-test.fr", + "baseUrl": "https://eolebase.ac-test.fr", "surrogateAuthRequired": false, "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "http://localhost*", - "https://localhost*" + "http://eolebase.ac-test.fr*", + "https://eolebase.ac-test.fr*" ], "webOrigins": [], "notBefore": 0, @@ -1594,7 +1594,7 @@ "true" ], "usersDn": [ - "ou=user,ou=ninegate,dc=envole,dc=org" + "ou=users,ou=ninegate,dc=envole,dc=org" ], "cachePolicy": [ "DEFAULT" diff --git a/src/envole-1.0/volume/nextcloud/prestart/prestart.sh b/src/envole-1.0/volume/nextcloud/prestart/prestart.sh index 7677948..ff4e26d 100755 --- a/src/envole-1.0/volume/nextcloud/prestart/prestart.sh +++ b/src/envole-1.0/volume/nextcloud/prestart/prestart.sh @@ -11,6 +11,9 @@ run_as() { echo echo "== INSTALLATION APP NEXTCLOUD ================================================" +echo "==TRUSTED DOMAINE" +run_as 'php occ config:system:set trusted_domains 1 --value '${WEB_URL} + echo echo "== CALENDAR" run_as 'php occ app:install calendar' @@ -53,17 +56,24 @@ run_as 'php occ app:install files_mindmap' run_as 'php occ app:update files_mindmap' run_as 'php occ app:enable files_mindmap' -echo -echo "== USER CAS" -cp -rf /envole/app/user_cas /var/www/html/custom_apps -run_as 'php occ config:app:set user_cas cas_server_hostname --value=${CAS_HOST} -q' -run_as 'php occ config:app:set user_cas cas_server_path --value=/${CAS_PATH} -q' -run_as 'php occ config:app:set user_cas cas_server_port --value=${CAS_PORT} -q' -run_as 'php occ config:app:set user_cas cas_use_proxy --value=0 -q' -run_as 'php occ config:app:set user_cas cas_server_version --value=2.0 -q' -run_as 'php occ config:app:set user_cas cas_force_login --value=1 -q' -run_as 'php occ config:app:set user_cas cas_disable_logout --value=0 -q' -run_as 'php occ app:enable user_cas' +if [[ "${MODE_AUTH}" == "CAS" && "CAS_ACTIVATE" == "1" ]] +then + echo + echo "== USER CAS" + cp -rf /envole/app/user_cas /var/www/html/custom_apps + chown www-data:www-data /var/www/html/custom_apps -R + run_as 'php occ config:app:set user_cas cas_server_hostname --value='${CAS_HOST}' -q' + run_as 'php occ config:app:set user_cas cas_server_path --value=/'${CAS_PATH}' -q' + run_as 'php occ config:app:set user_cas cas_server_port --value='${CAS_PORT}' -q' + run_as 'php occ config:app:set user_cas cas_use_proxy --value=0 -q' + run_as 'php occ config:app:set user_cas cas_server_version --value=2.0 -q' + run_as 'php occ config:app:set user_cas cas_force_login --value=1 -q' + run_as 'php occ config:app:set user_cas cas_disable_logout --value=0 -q' + run_as 'php occ app:enable user_cas' +else + run_as 'php occ app:disable user_cas' + rm -rf /var/www/html/custom_apps/user_cas +fi echo echo "== USER LDAP"