From 4d22bfb766e805a166b60ab90194e61d39b13d64 Mon Sep 17 00:00:00 2001
From: Fanch <fanch@kaz.bzh>
Date: Mon, 23 Dec 2024 14:51:48 +0100
Subject: [PATCH] fix vm vagrant

---
 bin/.commonFunctions.sh                  | 22 +++++++++++-----------
 dockers/traefik/conf/allow_ip.yml.dist   | 11 +++++++++++
 dockers/traefik/conf/allow_ip.yml.sample | 18 ------------------
 dockers/traefik/conf/cert.yml.dist       |  6 ++++++
 dockers/traefik/first.sh                 | 16 ++++++++++++++++
 5 files changed, 44 insertions(+), 29 deletions(-)
 create mode 100644 dockers/traefik/conf/allow_ip.yml.dist
 delete mode 100644 dockers/traefik/conf/allow_ip.yml.sample
 create mode 100644 dockers/traefik/conf/cert.yml.dist
 create mode 100644 dockers/traefik/first.sh

diff --git a/bin/.commonFunctions.sh b/bin/.commonFunctions.sh
index 0e5c6c0..5ef6d37 100755
--- a/bin/.commonFunctions.sh
+++ b/bin/.commonFunctions.sh
@@ -1,10 +1,10 @@
 # commun fonctions for KAZ
 
-#TODO; toutes les fonctions ci-dessous devraient être commentées 
+#TODO; toutes les fonctions ci-dessous devraient être commentées
 
 #KI  : françois
 #KOI : tout un tas de trucs utiles pour la gestion de l'infra kaz (à mettre dans chaque script)
-#KAN : 
+#KAN :
 # maj le 27/01/2024 by FAB: recherche de tous les srv kaz dispo (via le DNS)
 # maj le 15/04/2024 by FAB: correction getPahekoOrgaList
 
@@ -139,13 +139,13 @@ getAvailableOrgas () {
 
 #en entrée
 SITE_DST="$1"
-    
+
     if [ -n "${SITE_DST}" ];then
       ssh -p 2201 root@${SITE_DST}.${domain} "ls \"${KAZ_COMP_DIR}\" | grep -- \"^.*-orga$\""
     else
-      ls "${KAZ_COMP_DIR}" | grep -- "^.*-orga$"  
-    fi 
-    
+      ls "${KAZ_COMP_DIR}" | grep -- "^.*-orga$"
+    fi
+
 }
 
 getAvailableServices () {
@@ -224,10 +224,10 @@ waitUrl () {
     # $1 URL to waitfor
     # $2 timeout en secondes (optional)
     starttime=$(date +%s)
-    if [[ $(curl --connect-timeout 2 -s -D - "$1" -o /dev/null 2>/dev/null | head -n1) != *[23]0[0-9]* ]]; then
+    if [[ $(curl -k --connect-timeout 2 -s -D - "$1" -o /dev/null 2>/dev/null | head -n1) != *[23]0[0-9]* ]]; then
 	printKazMsg "service not available ($1). Please wait..."
-	echo curl --connect-timeout 2 -s -D - "$1" -o /dev/null \|  head -n1
-	while [[ $(curl --connect-timeout 2 -s -D - "$1" -o /dev/null 2>/dev/null | head -n1) != *[23]0[0-9]* ]]
+  echo curl -k --connect-timeout 2 -s -D - "$1" -o /dev/null \|  head -n1
+  while [[ $(curl -k --connect-timeout 2 -s -D - "$1" -o /dev/null 2>/dev/null | head -n1) != *[23]0[0-9]* ]]
 	do
 	    sleep 5
         if [ $# -gt 1 ]; then
@@ -244,7 +244,7 @@ waitUrl () {
 waitContainerHealthy () {
     # $1 ContainerName
     # $2 timeout en secondes (optional)
-    
+
     healthy="false"
     starttime=$(date +%s)
     running="false"
@@ -270,7 +270,7 @@ waitContainerHealthy () {
 waitContainerRunning () {
     # $1 ContainerName
     # $2 timeout en secondes (optional)
-    
+
     starttime=$(date +%s)
     running="false"
     [[ $(docker ps -f name="$1" | grep -w "$1") ]] && running="true"
diff --git a/dockers/traefik/conf/allow_ip.yml.dist b/dockers/traefik/conf/allow_ip.yml.dist
new file mode 100644
index 0000000..5eb6dec
--- /dev/null
+++ b/dockers/traefik/conf/allow_ip.yml.dist
@@ -0,0 +1,11 @@
+http:
+  middlewares:
+    test-ipallowlist:
+      ipallowlist:
+        sourceRange:
+          # tlm est autorisé
+          - "0.0.0.0/0"
+    test-adminipallowlist:
+      ipallowlist:
+        sourceRange:
+          - "127.0.0.1"
diff --git a/dockers/traefik/conf/allow_ip.yml.sample b/dockers/traefik/conf/allow_ip.yml.sample
deleted file mode 100644
index 7d7f5bc..0000000
--- a/dockers/traefik/conf/allow_ip.yml.sample
+++ /dev/null
@@ -1,18 +0,0 @@
-http:
-  middlewares:
-    ipwhitelist:
-      ipWhiteList:
-        sourceRange:
-          - "192.168.0.0/16"
-          - "172.16.0.0/12"
-          - "127.0.0.0/8"
-          - "10.0.0.0/8"
-          - "0.0.0.0/0"	
-    adminipwhitelist:
-      ipWhiteList:
-        sourceRange:
-          - "192.168.0.0/16"
-          - "172.16.0.0/12"
-          - "127.0.0.0/8"
-          - "10.0.0.0/8"
-          - "0.0.0.0/0"	
\ No newline at end of file
diff --git a/dockers/traefik/conf/cert.yml.dist b/dockers/traefik/conf/cert.yml.dist
new file mode 100644
index 0000000..e740a68
--- /dev/null
+++ b/dockers/traefik/conf/cert.yml.dist
@@ -0,0 +1,6 @@
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /etc/traefik/fullchain.pem
+        keyFile: /etc/traefik/privkey.pem
\ No newline at end of file
diff --git a/dockers/traefik/first.sh b/dockers/traefik/first.sh
new file mode 100644
index 0000000..315349e
--- /dev/null
+++ b/dockers/traefik/first.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+SERV_DIR=$(cd $(dirname $0); pwd)
+KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
+setKazVars
+
+cd $(dirname $0)
+. "${DOCKERS_ENV}"
+
+
+printKazMsg "\n  *** Premier lancement de Traefik : Mise en place"
+
+[[ -f "conf/allow_ip.yml" ]] || cp "conf/allow_ip.yml.dist" "conf/allow_ip.yml"
+cp /etc/letsencrypt/live/${domain}/{fullchain.pem,privkey.pem} conf/
+[[ -f "conf/cert.yml" ]] || cp "conf/cert.yml.dist" "conf/cert.yml"
\ No newline at end of file