docker & podman & eole

This commit is contained in:
afornerot 2023-11-06 16:18:09 +01:00
parent 04345ec2ea
commit ec2d60f56e
8 changed files with 251 additions and 130 deletions

View File

@ -1,2 +1,2 @@
PODBIN=podman
PODCOMPOSEBIN=podman-compose
PODBIN=docker
PODCOMPOSEBIN=docker-compose

View File

@ -42,6 +42,11 @@ services:
image: docker.io/jboss/keycloak
container_name: envole-keycloak
restart: always
#entrypoint: /bin/bash # Spécifiez le point d'entrée souhaité (dans cet exemple, /bin/bash)
#command:
#tty: true
#stdin_open: true
healthcheck:
test: curl --fail http://127.0.0.1:9990 || exit 1
interval: 1s
@ -50,7 +55,8 @@ services:
networks:
- envole-network
ports:
- 9000:8443
- 8080:8080
- 8443:8443
volumes:
- './volume/keycloak/data/keycloak-protocol-cas-16.1.1.jar:/opt/jboss/keycloak/standalone/deployments/keycloak-protocol-cas-16.1.1.jar'
- './volume/keycloak/envole:/envole'
@ -124,7 +130,8 @@ services:
networks:
- envole-network
ports:
- "9002:80"
- "9102:80"
networks:
envole-network:
name: envole-network

View File

@ -1,55 +1,63 @@
# == GLOBAL ===============================================================================================================================
# RELEASE SYSTEM = linux ou eole si eole le réseau du compose sera supprimé et regénéré à chaque UP
RELEASE_SYSTEM=linux
# GLOBAL
APP_ENV=PROD
WEB_URL=localhost
# ADMIN USER
ADMIN_USER=admin
ADMIN_PASSWORD=changeme
# MASTERIDENTITY
MASTERIDENTITY=SQL # SQL or SSO or (to do LDAP)
# SQL or SSO or (to do LDAP)
MASTERIDENTITY=SQL
# AUTHENTIFICATION
MODE_AUTH=SQL # SQL or CAS (todo LDAP or OPENID)
# SQL or CAS (todo LDAP or OPENID)
MODE_AUTH=SQL
# MARIADB
MARIADB_SERVICE_NAME=mariadb
MARIADB_ACTIVATE=1
MARIADB_LOCAL=1
MARIADB_ROOT_PASSWORD=${ADMIN_PASSWORD}
MARIADB_USER=user
MARIADB_PASSWORD=changeme
# LDAP
# LDAP_SYNC Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP
LDAP_SERVICE_NAME=openldap
LDAP_ACTIVATE=1
LDAP_LOCAL=1
LDAP_TYPE=LDAP
LDAP_HOST=${LDAP_SERVICE_NAME}
LDAP_PORT=1389
LDAP_TLS=0
LDAP_BASEDN=dc=envole,dc=org
LDAP_ADMIN_USERNAME=${ADMIN_USER}
LDAP_USER=cn=${LDAP_ADMIN_USERNAME},${LDAP_BASEDN}
LDAP_PASSWORD=${ADMIN_PASSWORD}
LDAP_BASEUSER=ou=users,ou=ninegate,${LDAP_BASEDN}
LDAP_BASENIVEAU01=ou=niveau01,ou=ninegate,${LDAP_BASEDN}
LDAP_BASENIVEAU02=ou=niveau02,ou=ninegate,${LDAP_BASEDN}
LDAP_BASEGROUP=ou=groups,ou=ninegate,${LDAP_BASEDN}
LDAP_SYNC=1
# CAS
# attention si localhost = ajouter keycloak dans votre propre host : le service web doit valider son ticket via le nom du service et votre navigateur doit assi le voir
CAS_SERVICE_NAME=keycloak
CAS_ACTIVATE=1
CAS_LOCAL=1
CAS_USER=${ADMIN_USER}-keycloak
CAS_PASSWORD=${ADMIN_PASSWORD}-keycloak
CAS_HOST=keycloak # attention si localhost = ajouter keycloak dans votre propre host : le service web doit valider son ticket via le nom du service et votre navigateur doit assi le voir
CAS_HOST=keycloak
CAS_PORT=8443
CAS_PATH=/auth/realms/envole/protocol/cas
CAS_URL=https://${CAS_HOST}:${CAS_PORT}
# LDAP
LDAP_SERVICE_NAME=openldap
LDAP_ACTIVATE=1
LDAP_LOCAL=1
LDAP_TYPE=LDAP # LDAP ou AD
LDAP_HOST=${LDAP_SERVICE_NAME}
LDAP_PORT=1389
LDAP_TLS=0
LDAP_BASEDN="dc=envole,dc=org"
LDAP_ADMIN_USERNAME=${ADMIN_USER}
LDAP_USER="cn=${LDAP_ADMIN_USERNAME},${LDAP_BASEDN}"
LDAP_PASSWORD=${ADMIN_PASSWORD}
LDAP_BASEUSER="ou=users,ou=ninegate,${LDAP_BASEDN}"
LDAP_BASENIVEAU01="ou=niveau01,ou=ninegate,${LDAP_BASEDN}"
LDAP_BASENIVEAU02="ou=niveau02,ou=ninegate,${LDAP_BASEDN}"
LDAP_BASEGROUP="ou=groups,ou=ninegate,${LDAP_BASEDN}"
LDAP_SYNC=1 # Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP
# Activation des services
# _ACTIVATE = l'application est-elle active
# _LOCAL = l'application est-elle à activer localement
# _URL = url de l'application si non local indiquer l'url distante de l'application
# NINEGATE
NINEGATE_SERVICE_NAME=ninegate
NINEGATE_ACTIVATE=1

View File

@ -4,9 +4,12 @@
KEYCLOAK_USER=${CAS_USER}
KEYCLOAK_PASSWORD=${CAS_PASSWORD}
DB_ADDR=${MARIADB_SERVICE_NAME}
DB_VENDOR=mariadb
DB_DATABASE=keycloak
DB_PORT=3306
DB_USER=${MARIADB_USER}
DB_PASSWORD=${MARIADB_PASSWORD}
KC_HTTPS_CERTIFICATE_FILE=/envole/server.crt.pem
KC_HTTPS_CERTIFICATE_KEY_FILE=/envole/server.key.pem
KEYCLOAK_IMPORT=/envole/realm-export.json

View File

@ -7,3 +7,4 @@ LDAP_ADMIN_DN=${LDAP_USER}
LDAP_USERS="dockernouser"
LDAP_PASSWORDS="dockernouser"
LDAP_CUSTOM_SCHEMA_FILE=/envole/schema/cadoles.ldif

View File

@ -66,6 +66,18 @@ BigTitle "ENVOLE"
stop() {
Title "STOP"
$PODCOMPOSEBIN stop $1
if [[ "$PODCOMPOSEBIN" == "podman-compose" ]]
then
if [[ "$1" == "" ]]
then
CONTAINER_NAMES=$($PODCOMPOSEBIN -f docker-compose.yml ps | awk 'NR > 1 {print $1}')
for CONTAINER_NAME in $CONTAINER_NAMES; do
$PODBIN rm -f $CONTAINER_NAME
done
else
$PODBIN rm "envole-"$1
fi
fi
}
#===========================================================================================================================================
@ -106,9 +118,20 @@ up(){
# Stop du ou des services
stop $1
# SERVICES
if [[ -z "$1" ]]
then
# NETWORK
if [[ "$RELEASE_SYSTEM" == "eole" ]]
then
Title "NETWORK"
# On réinstall docker-ce car le reconf détruit le reseau docker, la reinstall de docker-ce rétablit le reseau
apt-get install docker-ce --reinstall
fi
# MARIADB
if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
Title "MARIADB"
upservice $MARIADB_SERVICE_NAME
echo
@ -131,6 +154,7 @@ up(){
EchoVert ${NEXTCLOUD_SERVICE_NAME^^}
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/init.sh $NEXTCLOUD_SERVICE_NAME
fi
fi
# OPENLDAP
if [[ $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]]
@ -140,7 +164,6 @@ up(){
mkdir -p ./volume/openldap/data
chmod a+wr ./volume/openldap/data
#$PODCOMPOSEBIN up -d $LDAP_SERVICE_NAME
upservice $LDAP_SERVICE_NAME
$PODCOMPOSEBIN exec $LDAP_SERVICE_NAME /envole/init.sh
fi
@ -149,47 +172,45 @@ up(){
if [[ $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]]
then
Title ${CAS_SERVICE_NAME^^}
upservice $CAS_SERVICE_NAME
fi
# SERVICES
Title "UP"
if [[ -z "$1" ]]
then
# NINEGATE
if [[ $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]]
then
EchoVert ${NINEGATE_SERVICE_NAME^^}
$PODCOMPOSEBIN up -d $NINEGATE_SERVICE_NAME
#upservice ${NINEGATE_SERVICE_NAME}
Title ${NINEGATE_SERVICE_NAME^^}
upservice ${NINEGATE_SERVICE_NAME}
echo
fi
# NEXTCLOUD
if [[ $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]]
then
ctrlUpdate ${NEXTCLOUD_SERVICE_NAME}
EchoVert ${NEXTCLOUD_SERVICE_NAME^^}
Title ${NEXTCLOUD_SERVICE_NAME^^}
upservice ${NEXTCLOUD_SERVICE_NAME}
echo
fi
# ADMINER
if [[ $ADMINER_ACTIVATE == 1 && $ADMINER_LOCAL == 1 ]]
then
EchoVert ${ADMINER_SERVICE_NAME^^}
Title ${ADMINER_SERVICE_NAME^^}
$PODCOMPOSEBIN up -d ${ADMINER_SERVICE_NAME}
echo
fi
# PHPLDAPADMIN
if [[ $PHPLDAPADMIN_ACTIVATE == 1 && $PHPLDAPADMIN_LOCAL == 1 ]]
then
EchoVert ${PHPLDAPADMIN_SERVICE_NAME^^}
Title ${PHPLDAPADMIN_SERVICE_NAME^^}
$PODCOMPOSEBIN up -d ${PHPLDAPADMIN_SERVICE_NAME}
echo
fi
# NINEAPACHE
if [[ $NINEAPACHE_ACTIVATE == 1 && $NINEAPACHE_LOCAL == 1 ]]
then
EchoVert ${NINEAPACHE_SERVICE_NAME^^}
Title ${NINEAPACHE_SERVICE_NAME^^}
$PODCOMPOSEBIN up -d ${NINEAPACHE_SERVICE_NAME}
echo
fi
@ -199,6 +220,92 @@ up(){
fi
}
#===========================================================================================================================================
#== DESTROY ================================================================================================================================
#===========================================================================================================================================
destroyall(){
Question_ouinon "Souhaitez-vous supprimer l'ensemble des containers : Attention cela supprimera vraiment tout ?"
if [[ "$?" = 0 ]]
then
destroy mariadb 1
destroy openldap 1
destroy keycloak 1
destroy ninegate 1
destroy nextcloud 1
destroy adminer 1
destroy phpldapadmin 1
destroy nineapache 1
fi
}
#===========================================================================================================================================
#== DESTROY ================================================================================================================================
#===========================================================================================================================================
#1 = service to destroy
#2 = ne pas poser de questions
destroy(){
stop $1
Title "DESTROY "${1^^}
if [[ "$PODCOMPOSEBIN" == "docker-compose" ]]
then
$PODBIN rm "envole-$1"
fi
if [[ "$1" == "$MARIADB_SERVICE_NAME" && $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer l'ensemble des bases ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
sudo rm -rf volume/mariadb/mysql
fi
fi
if [[ "$1" == "$LDAP_SERVICE_NAME" && $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer l'annuaire associé à $1 ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
sudo rm -rf volume/openldap/data
mkdir volume/openldap/data
chmod a+w volume/openldap/data -R
chmod a+r volume/openldap/data -R
fi
fi
if [[ "$1" == "$CAS_SERVICE_NAME" && $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $CAS_SERVICE_NAME
fi
fi
if [[ "$1" == "$NINEGATE_SERVICE_NAME" && $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $NINEGATE_SERVICE_NAME
fi
fi
if [[ "$1" == "$NEXTCLOUD_SERVICE_NAME" && $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ainsi que les fichiers utilisateurs ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $NEXTCLOUD_SERVICE_NAME
sudo rm -rf volume/nextcloud/data
sudo rm -rf volume/nextcloud/html
sudo rm -rf volume/nextcloud/app
fi
fi
}
#===========================================================================================================================================
#== MAIN ===================================================================================================================================
@ -219,39 +326,24 @@ then
else
$PODCOMPOSEBIN exec $2 "/bin/bash"
fi
elif [[ $1 == "destroyall" ]]
then
destroyall
elif [[ $1 == "destroy" ]]
then
if [[ -z $2 ]]
then
EchoRouge "Vous devez precisez un service"
EchoRouge "envole.sh bash monservice"
EchoRouge "envole.sh destroy monservice"
else
$PODCOMPOSEBIN down $2
$PODCOMPOSEBIN rm $2
echo $2
echo $LDAP_SERVICE_NAME
if [[ "$2" == "$LDAP_SERVICE_NAME" && $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]]
then
sudo rm -rf volume/openldap/data
mkdir volume/openldap/data
chmod a+w volume/openldap/data -R
chmod a+r volume/openldap/data -R
fi
if [[ "$2" == "$CAS_SERVICE_NAME" && $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]]
then
Question_ouinon "Souhaitez-vous supprimer la BDD associé à $2 ?"
if [ "$?" = 0 ]
then
$PODCOMPOSEBIN exec $MARIADB_SERVICE_NAME /envole/delete.sh $CAS_SERVICE_NAME
fi
fi
destroy $2
fi
elif [[ $1 == "logs" ]]
then
$PODCOMPOSEBIN logs -f $2
elif [[ $1 == "env" ]]
then
EchoVert Fichier .env.local regénéré
EchoVert "Fichier .env.local regénéré"
fi
echo
echo

View File

@ -435,16 +435,16 @@
"id": "133d3397-41e7-4ec1-aaf0-a0939da72f58",
"clientId": "envole",
"name": "envole",
"rootUrl": "https://localhost",
"baseUrl": "http://localhost:8000",
"rootUrl": "https://eolebase.ac-test.fr",
"baseUrl": "https://eolebase.ac-test.fr",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [
"http://localhost*",
"https://localhost*"
"http://eolebase.ac-test.fr*",
"https://eolebase.ac-test.fr*"
],
"webOrigins": [],
"notBefore": 0,
@ -1594,7 +1594,7 @@
"true"
],
"usersDn": [
"ou=user,ou=ninegate,dc=envole,dc=org"
"ou=users,ou=ninegate,dc=envole,dc=org"
],
"cachePolicy": [
"DEFAULT"

View File

@ -11,6 +11,9 @@ run_as() {
echo
echo "== INSTALLATION APP NEXTCLOUD ================================================"
echo "==TRUSTED DOMAINE"
run_as 'php occ config:system:set trusted_domains 1 --value '${WEB_URL}
echo
echo "== CALENDAR"
run_as 'php occ app:install calendar'
@ -53,17 +56,24 @@ run_as 'php occ app:install files_mindmap'
run_as 'php occ app:update files_mindmap'
run_as 'php occ app:enable files_mindmap'
echo
echo "== USER CAS"
cp -rf /envole/app/user_cas /var/www/html/custom_apps
run_as 'php occ config:app:set user_cas cas_server_hostname --value=${CAS_HOST} -q'
run_as 'php occ config:app:set user_cas cas_server_path --value=/${CAS_PATH} -q'
run_as 'php occ config:app:set user_cas cas_server_port --value=${CAS_PORT} -q'
run_as 'php occ config:app:set user_cas cas_use_proxy --value=0 -q'
run_as 'php occ config:app:set user_cas cas_server_version --value=2.0 -q'
run_as 'php occ config:app:set user_cas cas_force_login --value=1 -q'
run_as 'php occ config:app:set user_cas cas_disable_logout --value=0 -q'
run_as 'php occ app:enable user_cas'
if [[ "${MODE_AUTH}" == "CAS" && "CAS_ACTIVATE" == "1" ]]
then
echo
echo "== USER CAS"
cp -rf /envole/app/user_cas /var/www/html/custom_apps
chown www-data:www-data /var/www/html/custom_apps -R
run_as 'php occ config:app:set user_cas cas_server_hostname --value='${CAS_HOST}' -q'
run_as 'php occ config:app:set user_cas cas_server_path --value=/'${CAS_PATH}' -q'
run_as 'php occ config:app:set user_cas cas_server_port --value='${CAS_PORT}' -q'
run_as 'php occ config:app:set user_cas cas_use_proxy --value=0 -q'
run_as 'php occ config:app:set user_cas cas_server_version --value=2.0 -q'
run_as 'php occ config:app:set user_cas cas_force_login --value=1 -q'
run_as 'php occ config:app:set user_cas cas_disable_logout --value=0 -q'
run_as 'php occ app:enable user_cas'
else
run_as 'php occ app:disable user_cas'
rm -rf /var/www/html/custom_apps/user_cas
fi
echo
echo "== USER LDAP"