docker & podman & eole

This commit is contained in:
afornerot 2023-11-06 16:18:09 +01:00
parent 04345ec2ea
commit ec2d60f56e
8 changed files with 251 additions and 130 deletions

View File

@ -1,2 +1,2 @@
PODBIN=podman PODBIN=docker
PODCOMPOSEBIN=podman-compose PODCOMPOSEBIN=docker-compose

View File

@ -42,6 +42,11 @@ services:
image: docker.io/jboss/keycloak image: docker.io/jboss/keycloak
container_name: envole-keycloak container_name: envole-keycloak
restart: always restart: always
#entrypoint: /bin/bash # Spécifiez le point d'entrée souhaité (dans cet exemple, /bin/bash)
#command:
#tty: true
#stdin_open: true
healthcheck: healthcheck:
test: curl --fail http://127.0.0.1:9990 || exit 1 test: curl --fail http://127.0.0.1:9990 || exit 1
interval: 1s interval: 1s
@ -50,7 +55,8 @@ services:
networks: networks:
- envole-network - envole-network
ports: ports:
- 9000:8443 - 8080:8080
- 8443:8443
volumes: volumes:
- './volume/keycloak/data/keycloak-protocol-cas-16.1.1.jar:/opt/jboss/keycloak/standalone/deployments/keycloak-protocol-cas-16.1.1.jar' - './volume/keycloak/data/keycloak-protocol-cas-16.1.1.jar:/opt/jboss/keycloak/standalone/deployments/keycloak-protocol-cas-16.1.1.jar'
- './volume/keycloak/envole:/envole' - './volume/keycloak/envole:/envole'
@ -124,7 +130,8 @@ services:
networks: networks:
- envole-network - envole-network
ports: ports:
- "9002:80" - "9102:80"
networks: networks:
envole-network: envole-network:
name: envole-network

View File

@ -1,55 +1,63 @@
# == GLOBAL =============================================================================================================================== # == GLOBAL ===============================================================================================================================
# RELEASE SYSTEM = linux ou eole si eole le réseau du compose sera supprimé et regénéré à chaque UP
RELEASE_SYSTEM=linux
# GLOBAL
APP_ENV=PROD
WEB_URL=localhost
# ADMIN USER # ADMIN USER
ADMIN_USER=admin ADMIN_USER=admin
ADMIN_PASSWORD=changeme ADMIN_PASSWORD=changeme
# MASTERIDENTITY # MASTERIDENTITY
MASTERIDENTITY=SQL # SQL or SSO or (to do LDAP) # SQL or SSO or (to do LDAP)
MASTERIDENTITY=SQL
# AUTHENTIFICATION # AUTHENTIFICATION
MODE_AUTH=SQL # SQL or CAS (todo LDAP or OPENID) # SQL or CAS (todo LDAP or OPENID)
MODE_AUTH=SQL
# MARIADB # MARIADB
MARIADB_SERVICE_NAME=mariadb MARIADB_SERVICE_NAME=mariadb
MARIADB_ACTIVATE=1
MARIADB_LOCAL=1
MARIADB_ROOT_PASSWORD=${ADMIN_PASSWORD} MARIADB_ROOT_PASSWORD=${ADMIN_PASSWORD}
MARIADB_USER=user MARIADB_USER=user
MARIADB_PASSWORD=changeme MARIADB_PASSWORD=changeme
# LDAP
# LDAP_SYNC Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP
LDAP_SERVICE_NAME=openldap
LDAP_ACTIVATE=1
LDAP_LOCAL=1
LDAP_TYPE=LDAP
LDAP_HOST=${LDAP_SERVICE_NAME}
LDAP_PORT=1389
LDAP_TLS=0
LDAP_BASEDN=dc=envole,dc=org
LDAP_ADMIN_USERNAME=${ADMIN_USER}
LDAP_USER=cn=${LDAP_ADMIN_USERNAME},${LDAP_BASEDN}
LDAP_PASSWORD=${ADMIN_PASSWORD}
LDAP_BASEUSER=ou=users,ou=ninegate,${LDAP_BASEDN}
LDAP_BASENIVEAU01=ou=niveau01,ou=ninegate,${LDAP_BASEDN}
LDAP_BASENIVEAU02=ou=niveau02,ou=ninegate,${LDAP_BASEDN}
LDAP_BASEGROUP=ou=groups,ou=ninegate,${LDAP_BASEDN}
LDAP_SYNC=1
# CAS # CAS
# attention si localhost = ajouter keycloak dans votre propre host : le service web doit valider son ticket via le nom du service et votre navigateur doit assi le voir
CAS_SERVICE_NAME=keycloak CAS_SERVICE_NAME=keycloak
CAS_ACTIVATE=1 CAS_ACTIVATE=1
CAS_LOCAL=1 CAS_LOCAL=1
CAS_USER=${ADMIN_USER}-keycloak CAS_USER=${ADMIN_USER}-keycloak
CAS_PASSWORD=${ADMIN_PASSWORD}-keycloak CAS_PASSWORD=${ADMIN_PASSWORD}-keycloak
CAS_HOST=keycloak # attention si localhost = ajouter keycloak dans votre propre host : le service web doit valider son ticket via le nom du service et votre navigateur doit assi le voir CAS_HOST=keycloak
CAS_PORT=8443 CAS_PORT=8443
CAS_PATH=/auth/realms/envole/protocol/cas CAS_PATH=/auth/realms/envole/protocol/cas
CAS_URL=https://${CAS_HOST}:${CAS_PORT} CAS_URL=https://${CAS_HOST}:${CAS_PORT}
# LDAP
LDAP_SERVICE_NAME=openldap
LDAP_ACTIVATE=1
LDAP_LOCAL=1
LDAP_TYPE=LDAP # LDAP ou AD
LDAP_HOST=${LDAP_SERVICE_NAME}
LDAP_PORT=1389
LDAP_TLS=0
LDAP_BASEDN="dc=envole,dc=org"
LDAP_ADMIN_USERNAME=${ADMIN_USER}
LDAP_USER="cn=${LDAP_ADMIN_USERNAME},${LDAP_BASEDN}"
LDAP_PASSWORD=${ADMIN_PASSWORD}
LDAP_BASEUSER="ou=users,ou=ninegate,${LDAP_BASEDN}"
LDAP_BASENIVEAU01="ou=niveau01,ou=ninegate,${LDAP_BASEDN}"
LDAP_BASENIVEAU02="ou=niveau02,ou=ninegate,${LDAP_BASEDN}"
LDAP_BASEGROUP="ou=groups,ou=ninegate,${LDAP_BASEDN}"
LDAP_SYNC=1 # Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP
# Activation des services
# _ACTIVATE = l'application est-elle active
# _LOCAL = l'application est-elle à activer localement
# _URL = url de l'application si non local indiquer l'url distante de l'application
# NINEGATE # NINEGATE
NINEGATE_SERVICE_NAME=ninegate NINEGATE_SERVICE_NAME=ninegate
NINEGATE_ACTIVATE=1 NINEGATE_ACTIVATE=1

View File

@ -4,9 +4,12 @@
KEYCLOAK_USER=${CAS_USER} KEYCLOAK_USER=${CAS_USER}
KEYCLOAK_PASSWORD=${CAS_PASSWORD} KEYCLOAK_PASSWORD=${CAS_PASSWORD}
DB_ADDR=${MARIADB_SERVICE_NAME} DB_ADDR=${MARIADB_SERVICE_NAME}
DB_VENDOR=mariadb
DB_DATABASE=keycloak DB_DATABASE=keycloak
DB_PORT=3306
DB_USER=${MARIADB_USER} DB_USER=${MARIADB_USER}
DB_PASSWORD=${MARIADB_PASSWORD} DB_PASSWORD=${MARIADB_PASSWORD}
KC_HTTPS_CERTIFICATE_FILE=/envole/server.crt.pem KC_HTTPS_CERTIFICATE_FILE=/envole/server.crt.pem
KC_HTTPS_CERTIFICATE_KEY_FILE=/envole/server.key.pem KC_HTTPS_CERTIFICATE_KEY_FILE=/envole/server.key.pem
KEYCLOAK_IMPORT=/envole/realm-export.json KEYCLOAK_IMPORT=/envole/realm-export.json

View File

@ -7,3 +7,4 @@ LDAP_ADMIN_DN=${LDAP_USER}
LDAP_USERS="dockernouser" LDAP_USERS="dockernouser"
LDAP_PASSWORDS="dockernouser" LDAP_PASSWORDS="dockernouser"
LDAP_CUSTOM_SCHEMA_FILE=/envole/schema/cadoles.ldif LDAP_CUSTOM_SCHEMA_FILE=/envole/schema/cadoles.ldif

View File

@ -66,6 +66,18 @@ BigTitle "ENVOLE"
stop() { stop() {
Title "STOP" Title "STOP"
$PODCOMPOSEBIN stop $1 $PODCOMPOSEBIN stop $1
if [[ "$PODCOMPOSEBIN" == "podman-compose" ]]
then
if [[ "$1" == "" ]]
then
CONTAINER_NAMES=$($PODCOMPOSEBIN -f docker-compose.yml ps | awk 'NR > 1 {print $1}')
for CONTAINER_NAME in $CONTAINER_NAMES; do
$PODBIN rm -f $CONTAINER_NAME
done
else
$PODBIN rm "envole-"$1
fi
fi
} }
#=========================================================================================================================================== #===========================================================================================================================================
@ -106,9 +118,20 @@ up(){
# Stop du ou des services # Stop du ou des services
stop $1 stop $1
# SERVICES
if [[ -z "$1" ]]
then
# NETWORK
if [[ "$RELEASE_SYSTEM" == "eole" ]]
then
Title "NETWORK"
# On réinstall docker-ce car le reconf détruit le reseau docker, la reinstall de docker-ce rétablit le reseau
apt-get install docker-ce --reinstall
fi
# MARIADB # MARIADB
if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
Title "MARIADB" Title "MARIADB"
upservice $MARIADB_SERVICE_NAME upservice $MARIADB_SERVICE_NAME
echo echo
@ -131,6 +154,7 @@ up(){
EchoVert ${NEXTCLOUD_SERVICE_NAME^^} EchoVert ${NEXTCLOUD_SERVICE_NAME^^}
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/init.sh $NEXTCLOUD_SERVICE_NAME $PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/init.sh $NEXTCLOUD_SERVICE_NAME
fi fi
fi
# OPENLDAP # OPENLDAP
if [[ $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]] if [[ $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]]
@ -140,7 +164,6 @@ up(){
mkdir -p ./volume/openldap/data mkdir -p ./volume/openldap/data
chmod a+wr ./volume/openldap/data chmod a+wr ./volume/openldap/data
#$PODCOMPOSEBIN up -d $LDAP_SERVICE_NAME
upservice $LDAP_SERVICE_NAME upservice $LDAP_SERVICE_NAME
$PODCOMPOSEBIN exec $LDAP_SERVICE_NAME /envole/init.sh $PODCOMPOSEBIN exec $LDAP_SERVICE_NAME /envole/init.sh
fi fi
@ -149,47 +172,45 @@ up(){
if [[ $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]] if [[ $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]]
then then
Title ${CAS_SERVICE_NAME^^} Title ${CAS_SERVICE_NAME^^}
upservice $CAS_SERVICE_NAME upservice $CAS_SERVICE_NAME
fi fi
# SERVICES # NINEGATE
Title "UP"
if [[ -z "$1" ]]
then
if [[ $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]] if [[ $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]]
then then
EchoVert ${NINEGATE_SERVICE_NAME^^} Title ${NINEGATE_SERVICE_NAME^^}
$PODCOMPOSEBIN up -d $NINEGATE_SERVICE_NAME upservice ${NINEGATE_SERVICE_NAME}
#upservice ${NINEGATE_SERVICE_NAME}
echo echo
fi fi
# NEXTCLOUD
if [[ $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]] if [[ $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]]
then then
ctrlUpdate ${NEXTCLOUD_SERVICE_NAME} Title ${NEXTCLOUD_SERVICE_NAME^^}
EchoVert ${NEXTCLOUD_SERVICE_NAME^^}
upservice ${NEXTCLOUD_SERVICE_NAME} upservice ${NEXTCLOUD_SERVICE_NAME}
echo echo
fi fi
# ADMINER
if [[ $ADMINER_ACTIVATE == 1 && $ADMINER_LOCAL == 1 ]] if [[ $ADMINER_ACTIVATE == 1 && $ADMINER_LOCAL == 1 ]]
then then
EchoVert ${ADMINER_SERVICE_NAME^^} Title ${ADMINER_SERVICE_NAME^^}
$PODCOMPOSEBIN up -d ${ADMINER_SERVICE_NAME} $PODCOMPOSEBIN up -d ${ADMINER_SERVICE_NAME}
echo echo
fi fi
# PHPLDAPADMIN
if [[ $PHPLDAPADMIN_ACTIVATE == 1 && $PHPLDAPADMIN_LOCAL == 1 ]] if [[ $PHPLDAPADMIN_ACTIVATE == 1 && $PHPLDAPADMIN_LOCAL == 1 ]]
then then
EchoVert ${PHPLDAPADMIN_SERVICE_NAME^^} Title ${PHPLDAPADMIN_SERVICE_NAME^^}
$PODCOMPOSEBIN up -d ${PHPLDAPADMIN_SERVICE_NAME} $PODCOMPOSEBIN up -d ${PHPLDAPADMIN_SERVICE_NAME}
echo echo
fi fi
# NINEAPACHE
if [[ $NINEAPACHE_ACTIVATE == 1 && $NINEAPACHE_LOCAL == 1 ]] if [[ $NINEAPACHE_ACTIVATE == 1 && $NINEAPACHE_LOCAL == 1 ]]
then then
EchoVert ${NINEAPACHE_SERVICE_NAME^^} Title ${NINEAPACHE_SERVICE_NAME^^}
$PODCOMPOSEBIN up -d ${NINEAPACHE_SERVICE_NAME} $PODCOMPOSEBIN up -d ${NINEAPACHE_SERVICE_NAME}
echo echo
fi fi
@ -199,6 +220,92 @@ up(){
fi fi
} }
#===========================================================================================================================================
#== DESTROY ================================================================================================================================
#===========================================================================================================================================
destroyall(){
Question_ouinon "Souhaitez-vous supprimer l'ensemble des containers : Attention cela supprimera vraiment tout ?"
if [[ "$?" = 0 ]]
then
destroy mariadb 1
destroy openldap 1
destroy keycloak 1
destroy ninegate 1
destroy nextcloud 1
destroy adminer 1
destroy phpldapadmin 1
destroy nineapache 1
fi
}
#===========================================================================================================================================
#== DESTROY ================================================================================================================================
#===========================================================================================================================================
#1 = service to destroy
#2 = ne pas poser de questions
destroy(){
stop $1
Title "DESTROY "${1^^}
if [[ "$PODCOMPOSEBIN" == "docker-compose" ]]
then
$PODBIN rm "envole-$1"
fi
if [[ "$1" == "$MARIADB_SERVICE_NAME" && $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer l'ensemble des bases ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
sudo rm -rf volume/mariadb/mysql
fi
fi
if [[ "$1" == "$LDAP_SERVICE_NAME" && $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer l'annuaire associé à $1 ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
sudo rm -rf volume/openldap/data
mkdir volume/openldap/data
chmod a+w volume/openldap/data -R
chmod a+r volume/openldap/data -R
fi
fi
if [[ "$1" == "$CAS_SERVICE_NAME" && $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $CAS_SERVICE_NAME
fi
fi
if [[ "$1" == "$NINEGATE_SERVICE_NAME" && $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $NINEGATE_SERVICE_NAME
fi
fi
if [[ "$1" == "$NEXTCLOUD_SERVICE_NAME" && $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ainsi que les fichiers utilisateurs ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $NEXTCLOUD_SERVICE_NAME
sudo rm -rf volume/nextcloud/data
sudo rm -rf volume/nextcloud/html
sudo rm -rf volume/nextcloud/app
fi
fi
}
#=========================================================================================================================================== #===========================================================================================================================================
#== MAIN =================================================================================================================================== #== MAIN ===================================================================================================================================
@ -219,39 +326,24 @@ then
else else
$PODCOMPOSEBIN exec $2 "/bin/bash" $PODCOMPOSEBIN exec $2 "/bin/bash"
fi fi
elif [[ $1 == "destroyall" ]]
then
destroyall
elif [[ $1 == "destroy" ]] elif [[ $1 == "destroy" ]]
then then
if [[ -z $2 ]] if [[ -z $2 ]]
then then
EchoRouge "Vous devez precisez un service" EchoRouge "Vous devez precisez un service"
EchoRouge "envole.sh bash monservice" EchoRouge "envole.sh destroy monservice"
else else
$PODCOMPOSEBIN down $2 destroy $2
$PODCOMPOSEBIN rm $2
echo $2
echo $LDAP_SERVICE_NAME
if [[ "$2" == "$LDAP_SERVICE_NAME" && $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]]
then
sudo rm -rf volume/openldap/data
mkdir volume/openldap/data
chmod a+w volume/openldap/data -R
chmod a+r volume/openldap/data -R
fi
if [[ "$2" == "$CAS_SERVICE_NAME" && $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]]
then
Question_ouinon "Souhaitez-vous supprimer la BDD associé à $2 ?"
if [ "$?" = 0 ]
then
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $CAS_SERVICE_NAME
fi
fi
fi fi
elif [[ $1 == "logs" ]]
then
$PODCOMPOSEBIN logs -f $2
elif [[ $1 == "env" ]] elif [[ $1 == "env" ]]
then then
EchoVert Fichier .env.local regénéré EchoVert "Fichier .env.local regénéré"
fi fi
echo echo
echo echo

View File

@ -435,16 +435,16 @@
"id": "133d3397-41e7-4ec1-aaf0-a0939da72f58", "id": "133d3397-41e7-4ec1-aaf0-a0939da72f58",
"clientId": "envole", "clientId": "envole",
"name": "envole", "name": "envole",
"rootUrl": "https://localhost", "rootUrl": "https://eolebase.ac-test.fr",
"baseUrl": "http://localhost:8000", "baseUrl": "https://eolebase.ac-test.fr",
"surrogateAuthRequired": false, "surrogateAuthRequired": false,
"enabled": true, "enabled": true,
"alwaysDisplayInConsole": false, "alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret", "clientAuthenticatorType": "client-secret",
"secret": "**********", "secret": "**********",
"redirectUris": [ "redirectUris": [
"http://localhost*", "http://eolebase.ac-test.fr*",
"https://localhost*" "https://eolebase.ac-test.fr*"
], ],
"webOrigins": [], "webOrigins": [],
"notBefore": 0, "notBefore": 0,
@ -1594,7 +1594,7 @@
"true" "true"
], ],
"usersDn": [ "usersDn": [
"ou=user,ou=ninegate,dc=envole,dc=org" "ou=users,ou=ninegate,dc=envole,dc=org"
], ],
"cachePolicy": [ "cachePolicy": [
"DEFAULT" "DEFAULT"

View File

@ -11,6 +11,9 @@ run_as() {
echo echo
echo "== INSTALLATION APP NEXTCLOUD ================================================" echo "== INSTALLATION APP NEXTCLOUD ================================================"
echo "==TRUSTED DOMAINE"
run_as 'php occ config:system:set trusted_domains 1 --value '${WEB_URL}
echo echo
echo "== CALENDAR" echo "== CALENDAR"
run_as 'php occ app:install calendar' run_as 'php occ app:install calendar'
@ -53,17 +56,24 @@ run_as 'php occ app:install files_mindmap'
run_as 'php occ app:update files_mindmap' run_as 'php occ app:update files_mindmap'
run_as 'php occ app:enable files_mindmap' run_as 'php occ app:enable files_mindmap'
echo if [[ "${MODE_AUTH}" == "CAS" && "CAS_ACTIVATE" == "1" ]]
echo "== USER CAS" then
cp -rf /envole/app/user_cas /var/www/html/custom_apps echo
run_as 'php occ config:app:set user_cas cas_server_hostname --value=${CAS_HOST} -q' echo "== USER CAS"
run_as 'php occ config:app:set user_cas cas_server_path --value=/${CAS_PATH} -q' cp -rf /envole/app/user_cas /var/www/html/custom_apps
run_as 'php occ config:app:set user_cas cas_server_port --value=${CAS_PORT} -q' chown www-data:www-data /var/www/html/custom_apps -R
run_as 'php occ config:app:set user_cas cas_use_proxy --value=0 -q' run_as 'php occ config:app:set user_cas cas_server_hostname --value='${CAS_HOST}' -q'
run_as 'php occ config:app:set user_cas cas_server_version --value=2.0 -q' run_as 'php occ config:app:set user_cas cas_server_path --value=/'${CAS_PATH}' -q'
run_as 'php occ config:app:set user_cas cas_force_login --value=1 -q' run_as 'php occ config:app:set user_cas cas_server_port --value='${CAS_PORT}' -q'
run_as 'php occ config:app:set user_cas cas_disable_logout --value=0 -q' run_as 'php occ config:app:set user_cas cas_use_proxy --value=0 -q'
run_as 'php occ app:enable user_cas' run_as 'php occ config:app:set user_cas cas_server_version --value=2.0 -q'
run_as 'php occ config:app:set user_cas cas_force_login --value=1 -q'
run_as 'php occ config:app:set user_cas cas_disable_logout --value=0 -q'
run_as 'php occ app:enable user_cas'
else
run_as 'php occ app:disable user_cas'
rm -rf /var/www/html/custom_apps/user_cas
fi
echo echo
echo "== USER LDAP" echo "== USER LDAP"