docker & podman & eole
This commit is contained in:
parent
04345ec2ea
commit
ec2d60f56e
|
@ -1,2 +1,2 @@
|
|||
PODBIN=podman
|
||||
PODCOMPOSEBIN=podman-compose
|
||||
PODBIN=docker
|
||||
PODCOMPOSEBIN=docker-compose
|
|
@ -42,6 +42,11 @@ services:
|
|||
image: docker.io/jboss/keycloak
|
||||
container_name: envole-keycloak
|
||||
restart: always
|
||||
#entrypoint: /bin/bash # Spécifiez le point d'entrée souhaité (dans cet exemple, /bin/bash)
|
||||
#command:
|
||||
#tty: true
|
||||
#stdin_open: true
|
||||
|
||||
healthcheck:
|
||||
test: curl --fail http://127.0.0.1:9990 || exit 1
|
||||
interval: 1s
|
||||
|
@ -50,7 +55,8 @@ services:
|
|||
networks:
|
||||
- envole-network
|
||||
ports:
|
||||
- 9000:8443
|
||||
- 8080:8080
|
||||
- 8443:8443
|
||||
volumes:
|
||||
- './volume/keycloak/data/keycloak-protocol-cas-16.1.1.jar:/opt/jboss/keycloak/standalone/deployments/keycloak-protocol-cas-16.1.1.jar'
|
||||
- './volume/keycloak/envole:/envole'
|
||||
|
@ -124,7 +130,8 @@ services:
|
|||
networks:
|
||||
- envole-network
|
||||
ports:
|
||||
- "9002:80"
|
||||
- "9102:80"
|
||||
|
||||
networks:
|
||||
envole-network:
|
||||
name: envole-network
|
|
@ -1,55 +1,63 @@
|
|||
# == GLOBAL ===============================================================================================================================
|
||||
|
||||
# RELEASE SYSTEM = linux ou eole si eole le réseau du compose sera supprimé et regénéré à chaque UP
|
||||
RELEASE_SYSTEM=linux
|
||||
|
||||
# GLOBAL
|
||||
APP_ENV=PROD
|
||||
WEB_URL=localhost
|
||||
|
||||
# ADMIN USER
|
||||
ADMIN_USER=admin
|
||||
ADMIN_PASSWORD=changeme
|
||||
|
||||
# MASTERIDENTITY
|
||||
MASTERIDENTITY=SQL # SQL or SSO or (to do LDAP)
|
||||
# SQL or SSO or (to do LDAP)
|
||||
MASTERIDENTITY=SQL
|
||||
|
||||
# AUTHENTIFICATION
|
||||
MODE_AUTH=SQL # SQL or CAS (todo LDAP or OPENID)
|
||||
# SQL or CAS (todo LDAP or OPENID)
|
||||
MODE_AUTH=SQL
|
||||
|
||||
# MARIADB
|
||||
MARIADB_SERVICE_NAME=mariadb
|
||||
MARIADB_ACTIVATE=1
|
||||
MARIADB_LOCAL=1
|
||||
MARIADB_ROOT_PASSWORD=${ADMIN_PASSWORD}
|
||||
MARIADB_USER=user
|
||||
MARIADB_PASSWORD=changeme
|
||||
|
||||
# LDAP
|
||||
# LDAP_SYNC Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP
|
||||
LDAP_SERVICE_NAME=openldap
|
||||
LDAP_ACTIVATE=1
|
||||
LDAP_LOCAL=1
|
||||
LDAP_TYPE=LDAP
|
||||
LDAP_HOST=${LDAP_SERVICE_NAME}
|
||||
LDAP_PORT=1389
|
||||
LDAP_TLS=0
|
||||
LDAP_BASEDN=dc=envole,dc=org
|
||||
LDAP_ADMIN_USERNAME=${ADMIN_USER}
|
||||
LDAP_USER=cn=${LDAP_ADMIN_USERNAME},${LDAP_BASEDN}
|
||||
LDAP_PASSWORD=${ADMIN_PASSWORD}
|
||||
LDAP_BASEUSER=ou=users,ou=ninegate,${LDAP_BASEDN}
|
||||
LDAP_BASENIVEAU01=ou=niveau01,ou=ninegate,${LDAP_BASEDN}
|
||||
LDAP_BASENIVEAU02=ou=niveau02,ou=ninegate,${LDAP_BASEDN}
|
||||
LDAP_BASEGROUP=ou=groups,ou=ninegate,${LDAP_BASEDN}
|
||||
LDAP_SYNC=1
|
||||
|
||||
# CAS
|
||||
# attention si localhost = ajouter keycloak dans votre propre host : le service web doit valider son ticket via le nom du service et votre navigateur doit assi le voir
|
||||
CAS_SERVICE_NAME=keycloak
|
||||
CAS_ACTIVATE=1
|
||||
CAS_LOCAL=1
|
||||
CAS_USER=${ADMIN_USER}-keycloak
|
||||
CAS_PASSWORD=${ADMIN_PASSWORD}-keycloak
|
||||
CAS_HOST=keycloak # attention si localhost = ajouter keycloak dans votre propre host : le service web doit valider son ticket via le nom du service et votre navigateur doit assi le voir
|
||||
CAS_HOST=keycloak
|
||||
CAS_PORT=8443
|
||||
CAS_PATH=/auth/realms/envole/protocol/cas
|
||||
CAS_URL=https://${CAS_HOST}:${CAS_PORT}
|
||||
|
||||
# LDAP
|
||||
LDAP_SERVICE_NAME=openldap
|
||||
LDAP_ACTIVATE=1
|
||||
LDAP_LOCAL=1
|
||||
LDAP_TYPE=LDAP # LDAP ou AD
|
||||
LDAP_HOST=${LDAP_SERVICE_NAME}
|
||||
LDAP_PORT=1389
|
||||
LDAP_TLS=0
|
||||
LDAP_BASEDN="dc=envole,dc=org"
|
||||
LDAP_ADMIN_USERNAME=${ADMIN_USER}
|
||||
LDAP_USER="cn=${LDAP_ADMIN_USERNAME},${LDAP_BASEDN}"
|
||||
LDAP_PASSWORD=${ADMIN_PASSWORD}
|
||||
LDAP_BASEUSER="ou=users,ou=ninegate,${LDAP_BASEDN}"
|
||||
LDAP_BASENIVEAU01="ou=niveau01,ou=ninegate,${LDAP_BASEDN}"
|
||||
LDAP_BASENIVEAU02="ou=niveau02,ou=ninegate,${LDAP_BASEDN}"
|
||||
LDAP_BASEGROUP="ou=groups,ou=ninegate,${LDAP_BASEDN}"
|
||||
LDAP_SYNC=1 # Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP
|
||||
|
||||
# Activation des services
|
||||
# _ACTIVATE = l'application est-elle active
|
||||
# _LOCAL = l'application est-elle à activer localement
|
||||
# _URL = url de l'application si non local indiquer l'url distante de l'application
|
||||
|
||||
# NINEGATE
|
||||
NINEGATE_SERVICE_NAME=ninegate
|
||||
NINEGATE_ACTIVATE=1
|
||||
|
|
|
@ -4,9 +4,12 @@
|
|||
KEYCLOAK_USER=${CAS_USER}
|
||||
KEYCLOAK_PASSWORD=${CAS_PASSWORD}
|
||||
DB_ADDR=${MARIADB_SERVICE_NAME}
|
||||
DB_VENDOR=mariadb
|
||||
DB_DATABASE=keycloak
|
||||
DB_PORT=3306
|
||||
DB_USER=${MARIADB_USER}
|
||||
DB_PASSWORD=${MARIADB_PASSWORD}
|
||||
KC_HTTPS_CERTIFICATE_FILE=/envole/server.crt.pem
|
||||
KC_HTTPS_CERTIFICATE_KEY_FILE=/envole/server.key.pem
|
||||
KEYCLOAK_IMPORT=/envole/realm-export.json
|
||||
|
||||
|
|
|
@ -7,3 +7,4 @@ LDAP_ADMIN_DN=${LDAP_USER}
|
|||
LDAP_USERS="dockernouser"
|
||||
LDAP_PASSWORDS="dockernouser"
|
||||
LDAP_CUSTOM_SCHEMA_FILE=/envole/schema/cadoles.ldif
|
||||
|
||||
|
|
|
@ -66,6 +66,18 @@ BigTitle "ENVOLE"
|
|||
stop() {
|
||||
Title "STOP"
|
||||
$PODCOMPOSEBIN stop $1
|
||||
if [[ "$PODCOMPOSEBIN" == "podman-compose" ]]
|
||||
then
|
||||
if [[ "$1" == "" ]]
|
||||
then
|
||||
CONTAINER_NAMES=$($PODCOMPOSEBIN -f docker-compose.yml ps | awk 'NR > 1 {print $1}')
|
||||
for CONTAINER_NAME in $CONTAINER_NAMES; do
|
||||
$PODBIN rm -f $CONTAINER_NAME
|
||||
done
|
||||
else
|
||||
$PODBIN rm "envole-"$1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
#===========================================================================================================================================
|
||||
|
@ -106,9 +118,20 @@ up(){
|
|||
# Stop du ou des services
|
||||
stop $1
|
||||
|
||||
|
||||
# SERVICES
|
||||
if [[ -z "$1" ]]
|
||||
then
|
||||
# NETWORK
|
||||
if [[ "$RELEASE_SYSTEM" == "eole" ]]
|
||||
then
|
||||
Title "NETWORK"
|
||||
# On réinstall docker-ce car le reconf détruit le reseau docker, la reinstall de docker-ce rétablit le reseau
|
||||
apt-get install docker-ce --reinstall
|
||||
fi
|
||||
|
||||
# MARIADB
|
||||
if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
|
||||
then
|
||||
Title "MARIADB"
|
||||
upservice $MARIADB_SERVICE_NAME
|
||||
echo
|
||||
|
@ -131,6 +154,7 @@ up(){
|
|||
EchoVert ${NEXTCLOUD_SERVICE_NAME^^}
|
||||
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/init.sh $NEXTCLOUD_SERVICE_NAME
|
||||
fi
|
||||
fi
|
||||
|
||||
# OPENLDAP
|
||||
if [[ $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]]
|
||||
|
@ -140,7 +164,6 @@ up(){
|
|||
mkdir -p ./volume/openldap/data
|
||||
chmod a+wr ./volume/openldap/data
|
||||
|
||||
#$PODCOMPOSEBIN up -d $LDAP_SERVICE_NAME
|
||||
upservice $LDAP_SERVICE_NAME
|
||||
$PODCOMPOSEBIN exec $LDAP_SERVICE_NAME /envole/init.sh
|
||||
fi
|
||||
|
@ -149,47 +172,45 @@ up(){
|
|||
if [[ $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]]
|
||||
then
|
||||
Title ${CAS_SERVICE_NAME^^}
|
||||
|
||||
upservice $CAS_SERVICE_NAME
|
||||
fi
|
||||
|
||||
# SERVICES
|
||||
Title "UP"
|
||||
if [[ -z "$1" ]]
|
||||
then
|
||||
# NINEGATE
|
||||
if [[ $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]]
|
||||
then
|
||||
EchoVert ${NINEGATE_SERVICE_NAME^^}
|
||||
$PODCOMPOSEBIN up -d $NINEGATE_SERVICE_NAME
|
||||
#upservice ${NINEGATE_SERVICE_NAME}
|
||||
Title ${NINEGATE_SERVICE_NAME^^}
|
||||
upservice ${NINEGATE_SERVICE_NAME}
|
||||
echo
|
||||
fi
|
||||
|
||||
# NEXTCLOUD
|
||||
if [[ $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]]
|
||||
then
|
||||
ctrlUpdate ${NEXTCLOUD_SERVICE_NAME}
|
||||
EchoVert ${NEXTCLOUD_SERVICE_NAME^^}
|
||||
Title ${NEXTCLOUD_SERVICE_NAME^^}
|
||||
upservice ${NEXTCLOUD_SERVICE_NAME}
|
||||
echo
|
||||
fi
|
||||
|
||||
# ADMINER
|
||||
if [[ $ADMINER_ACTIVATE == 1 && $ADMINER_LOCAL == 1 ]]
|
||||
then
|
||||
EchoVert ${ADMINER_SERVICE_NAME^^}
|
||||
Title ${ADMINER_SERVICE_NAME^^}
|
||||
$PODCOMPOSEBIN up -d ${ADMINER_SERVICE_NAME}
|
||||
echo
|
||||
fi
|
||||
|
||||
# PHPLDAPADMIN
|
||||
if [[ $PHPLDAPADMIN_ACTIVATE == 1 && $PHPLDAPADMIN_LOCAL == 1 ]]
|
||||
then
|
||||
EchoVert ${PHPLDAPADMIN_SERVICE_NAME^^}
|
||||
Title ${PHPLDAPADMIN_SERVICE_NAME^^}
|
||||
$PODCOMPOSEBIN up -d ${PHPLDAPADMIN_SERVICE_NAME}
|
||||
echo
|
||||
fi
|
||||
|
||||
# NINEAPACHE
|
||||
if [[ $NINEAPACHE_ACTIVATE == 1 && $NINEAPACHE_LOCAL == 1 ]]
|
||||
then
|
||||
EchoVert ${NINEAPACHE_SERVICE_NAME^^}
|
||||
Title ${NINEAPACHE_SERVICE_NAME^^}
|
||||
$PODCOMPOSEBIN up -d ${NINEAPACHE_SERVICE_NAME}
|
||||
echo
|
||||
fi
|
||||
|
@ -199,6 +220,92 @@ up(){
|
|||
fi
|
||||
}
|
||||
|
||||
#===========================================================================================================================================
|
||||
#== DESTROY ================================================================================================================================
|
||||
#===========================================================================================================================================
|
||||
|
||||
destroyall(){
|
||||
Question_ouinon "Souhaitez-vous supprimer l'ensemble des containers : Attention cela supprimera vraiment tout ?"
|
||||
if [[ "$?" = 0 ]]
|
||||
then
|
||||
destroy mariadb 1
|
||||
destroy openldap 1
|
||||
destroy keycloak 1
|
||||
destroy ninegate 1
|
||||
destroy nextcloud 1
|
||||
destroy adminer 1
|
||||
destroy phpldapadmin 1
|
||||
destroy nineapache 1
|
||||
fi
|
||||
}
|
||||
|
||||
#===========================================================================================================================================
|
||||
#== DESTROY ================================================================================================================================
|
||||
#===========================================================================================================================================
|
||||
#1 = service to destroy
|
||||
#2 = ne pas poser de questions
|
||||
|
||||
destroy(){
|
||||
stop $1
|
||||
|
||||
Title "DESTROY "${1^^}
|
||||
if [[ "$PODCOMPOSEBIN" == "docker-compose" ]]
|
||||
then
|
||||
$PODBIN rm "envole-$1"
|
||||
fi
|
||||
|
||||
if [[ "$1" == "$MARIADB_SERVICE_NAME" && $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
|
||||
then
|
||||
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer l'ensemble des bases ?";fi
|
||||
if [[ "$?" = 0 || -z $2 ]]
|
||||
then
|
||||
sudo rm -rf volume/mariadb/mysql
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "$1" == "$LDAP_SERVICE_NAME" && $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]]
|
||||
then
|
||||
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer l'annuaire associé à $1 ?";fi
|
||||
if [[ "$?" = 0 || -z $2 ]]
|
||||
then
|
||||
sudo rm -rf volume/openldap/data
|
||||
mkdir volume/openldap/data
|
||||
chmod a+w volume/openldap/data -R
|
||||
chmod a+r volume/openldap/data -R
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "$1" == "$CAS_SERVICE_NAME" && $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]]
|
||||
then
|
||||
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi
|
||||
if [[ "$?" = 0 || -z $2 ]]
|
||||
then
|
||||
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $CAS_SERVICE_NAME
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if [[ "$1" == "$NINEGATE_SERVICE_NAME" && $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]]
|
||||
then
|
||||
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi
|
||||
if [[ "$?" = 0 || -z $2 ]]
|
||||
then
|
||||
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $NINEGATE_SERVICE_NAME
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "$1" == "$NEXTCLOUD_SERVICE_NAME" && $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]]
|
||||
then
|
||||
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ainsi que les fichiers utilisateurs ?";fi
|
||||
if [[ "$?" = 0 || -z $2 ]]
|
||||
then
|
||||
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $NEXTCLOUD_SERVICE_NAME
|
||||
sudo rm -rf volume/nextcloud/data
|
||||
sudo rm -rf volume/nextcloud/html
|
||||
sudo rm -rf volume/nextcloud/app
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
#===========================================================================================================================================
|
||||
#== MAIN ===================================================================================================================================
|
||||
|
@ -219,39 +326,24 @@ then
|
|||
else
|
||||
$PODCOMPOSEBIN exec $2 "/bin/bash"
|
||||
fi
|
||||
elif [[ $1 == "destroyall" ]]
|
||||
then
|
||||
destroyall
|
||||
elif [[ $1 == "destroy" ]]
|
||||
then
|
||||
if [[ -z $2 ]]
|
||||
then
|
||||
EchoRouge "Vous devez precisez un service"
|
||||
EchoRouge "envole.sh bash monservice"
|
||||
EchoRouge "envole.sh destroy monservice"
|
||||
else
|
||||
$PODCOMPOSEBIN down $2
|
||||
$PODCOMPOSEBIN rm $2
|
||||
|
||||
echo $2
|
||||
echo $LDAP_SERVICE_NAME
|
||||
if [[ "$2" == "$LDAP_SERVICE_NAME" && $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]]
|
||||
destroy $2
|
||||
fi
|
||||
elif [[ $1 == "logs" ]]
|
||||
then
|
||||
sudo rm -rf volume/openldap/data
|
||||
mkdir volume/openldap/data
|
||||
chmod a+w volume/openldap/data -R
|
||||
chmod a+r volume/openldap/data -R
|
||||
fi
|
||||
|
||||
if [[ "$2" == "$CAS_SERVICE_NAME" && $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]]
|
||||
then
|
||||
Question_ouinon "Souhaitez-vous supprimer la BDD associé à $2 ?"
|
||||
if [ "$?" = 0 ]
|
||||
then
|
||||
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $CAS_SERVICE_NAME
|
||||
fi
|
||||
|
||||
fi
|
||||
fi
|
||||
$PODCOMPOSEBIN logs -f $2
|
||||
elif [[ $1 == "env" ]]
|
||||
then
|
||||
EchoVert Fichier .env.local regénéré
|
||||
EchoVert "Fichier .env.local regénéré"
|
||||
fi
|
||||
echo
|
||||
echo
|
|
@ -435,16 +435,16 @@
|
|||
"id": "133d3397-41e7-4ec1-aaf0-a0939da72f58",
|
||||
"clientId": "envole",
|
||||
"name": "envole",
|
||||
"rootUrl": "https://localhost",
|
||||
"baseUrl": "http://localhost:8000",
|
||||
"rootUrl": "https://eolebase.ac-test.fr",
|
||||
"baseUrl": "https://eolebase.ac-test.fr",
|
||||
"surrogateAuthRequired": false,
|
||||
"enabled": true,
|
||||
"alwaysDisplayInConsole": false,
|
||||
"clientAuthenticatorType": "client-secret",
|
||||
"secret": "**********",
|
||||
"redirectUris": [
|
||||
"http://localhost*",
|
||||
"https://localhost*"
|
||||
"http://eolebase.ac-test.fr*",
|
||||
"https://eolebase.ac-test.fr*"
|
||||
],
|
||||
"webOrigins": [],
|
||||
"notBefore": 0,
|
||||
|
@ -1594,7 +1594,7 @@
|
|||
"true"
|
||||
],
|
||||
"usersDn": [
|
||||
"ou=user,ou=ninegate,dc=envole,dc=org"
|
||||
"ou=users,ou=ninegate,dc=envole,dc=org"
|
||||
],
|
||||
"cachePolicy": [
|
||||
"DEFAULT"
|
||||
|
|
|
@ -11,6 +11,9 @@ run_as() {
|
|||
echo
|
||||
echo "== INSTALLATION APP NEXTCLOUD ================================================"
|
||||
|
||||
echo "==TRUSTED DOMAINE"
|
||||
run_as 'php occ config:system:set trusted_domains 1 --value '${WEB_URL}
|
||||
|
||||
echo
|
||||
echo "== CALENDAR"
|
||||
run_as 'php occ app:install calendar'
|
||||
|
@ -53,17 +56,24 @@ run_as 'php occ app:install files_mindmap'
|
|||
run_as 'php occ app:update files_mindmap'
|
||||
run_as 'php occ app:enable files_mindmap'
|
||||
|
||||
if [[ "${MODE_AUTH}" == "CAS" && "CAS_ACTIVATE" == "1" ]]
|
||||
then
|
||||
echo
|
||||
echo "== USER CAS"
|
||||
cp -rf /envole/app/user_cas /var/www/html/custom_apps
|
||||
run_as 'php occ config:app:set user_cas cas_server_hostname --value=${CAS_HOST} -q'
|
||||
run_as 'php occ config:app:set user_cas cas_server_path --value=/${CAS_PATH} -q'
|
||||
run_as 'php occ config:app:set user_cas cas_server_port --value=${CAS_PORT} -q'
|
||||
chown www-data:www-data /var/www/html/custom_apps -R
|
||||
run_as 'php occ config:app:set user_cas cas_server_hostname --value='${CAS_HOST}' -q'
|
||||
run_as 'php occ config:app:set user_cas cas_server_path --value=/'${CAS_PATH}' -q'
|
||||
run_as 'php occ config:app:set user_cas cas_server_port --value='${CAS_PORT}' -q'
|
||||
run_as 'php occ config:app:set user_cas cas_use_proxy --value=0 -q'
|
||||
run_as 'php occ config:app:set user_cas cas_server_version --value=2.0 -q'
|
||||
run_as 'php occ config:app:set user_cas cas_force_login --value=1 -q'
|
||||
run_as 'php occ config:app:set user_cas cas_disable_logout --value=0 -q'
|
||||
run_as 'php occ app:enable user_cas'
|
||||
else
|
||||
run_as 'php occ app:disable user_cas'
|
||||
rm -rf /var/www/html/custom_apps/user_cas
|
||||
fi
|
||||
|
||||
echo
|
||||
echo "== USER LDAP"
|
||||
|
|
Loading…
Reference in New Issue