Compare commits
4 Commits
3a8bd9ec1a
...
gestionSec
| Author | SHA1 | Date | |
|---|---|---|---|
| a3f448b457 | |||
| 77a3819beb | |||
| ec16cdfe92 | |||
| 6877a5f872 |
@@ -7,6 +7,5 @@ setKazVars
|
||||
FILE_LDIF=/home/sauve/ldap.ldif
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
docker exec -u 0 -i ${ldapServName} slapcat -F /opt/bitnami/openldap/etc/slapd.d -b ${ldap_root} | gzip >${FILE_LDIF}.gz
|
||||
|
||||
@@ -5,7 +5,6 @@ KAZ_ROOT=/kaz
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
. $KAZ_BIN_DIR/getPasswords.sh ldapServ nextcloudDB
|
||||
|
||||
LDAP_IP=$(docker inspect -f '{{.NetworkSettings.Networks.ldapNet.IPAddress}}' ldapServ)
|
||||
|
||||
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
|
||||
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
|
||||
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
|
||||
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
|
||||
@@ -7,7 +7,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
#GLOBAL VARS
|
||||
PRG=$(basename $0)
|
||||
|
||||
68
bin/migGestionMotsDePasse.sh
Normal file
68
bin/migGestionMotsDePasse.sh
Normal file
@@ -0,0 +1,68 @@
|
||||
#!/bin/bash
|
||||
|
||||
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-mattermostAdmin
|
||||
touch $newenvfile
|
||||
echo "mattermost_user=$mattermost_user" >> $newenvfile
|
||||
echo "mattermost_pass=$mattermost_pass" >> $newenvfile
|
||||
echo "mattermost_token=$mattermost_token" >> $newenvfile
|
||||
|
||||
|
||||
echo "EMAIL_CONTACT=$EMAIL_CONTACT" >> $DOCKERS_ENV
|
||||
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-paheko
|
||||
touch $newenvfile
|
||||
echo "API_USER=$paheko_API_USER" >> $newenvfile
|
||||
echo "API_PASSWORD=$paheko_API_PASSWORD" >> $newenvfile
|
||||
|
||||
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-mail
|
||||
touch $newenvfile
|
||||
echo "service_mail=$service_mail" >> $newenvfile
|
||||
echo "service_password=$service_password" >> $newenvfile
|
||||
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-borg
|
||||
# touch $newenvfile à priori il existe déjà
|
||||
echo "BORG_REPO=$BORG_REPO" >> $newenvfile
|
||||
echo "BORG_PASSPHRASE=$BORG_PASSPHRASE" >> $newenvfile
|
||||
echo "VOLUME_SAUVEGARDES=$VOLUME_SAUVEGARDES" >> $newenvfile
|
||||
echo "MAIL_RAPPORT=$MAIL_RAPPORT" >> $newenvfile
|
||||
echo "BORGMOUNT=$BORGMOUNT" >> $newenvfile
|
||||
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-traefik
|
||||
touch $newenvfile
|
||||
echo "DASHBOARD_USER=$traefik_DASHBOARD_USER" >> $newenvfile
|
||||
echo "DASHBOARD_PASSWORD=$traefik_DASHBOARD_PASSWORD" >> $newenvfile
|
||||
|
||||
|
||||
|
||||
#####################
|
||||
# Castopod
|
||||
# A COPIER DANS UN FICHIER DE CONF !! castopodAdmin
|
||||
|
||||
newenvfile=$KAZ_KEY_DIR/env-castopodAdmin
|
||||
touch $newenvfile
|
||||
echo "ADMIN_USER=$castopod_ADMIN_USER" >> $newenvfile
|
||||
echo "ADMIN_MAIL=$castopod_ADMIN_MAIL" >> $newenvfile
|
||||
echo "ADMIN_PASSWORD=$castopod_ADMIN_PASSWORD" >> $newenvfile
|
||||
|
||||
|
||||
# creation dossier pour les env des orgas
|
||||
mkdir $KAZ_KEY_DIR/orgas
|
||||
orgasLong=($(getList "${KAZ_CONF_DIR}/container-orga.list"))
|
||||
ORGAS=${orgasLong[*]//-orga/}
|
||||
for orga in ${ORGAS};do
|
||||
mkdir $KAZ_KEY_DIR/orgas/$orga
|
||||
cp $KAZ_KEY_DIR/env-{castopod{Admin,DB,Serv},mattermost{DB,Serv},nextcloud{DB,Serv},spip{DB,Serv},wp{DB,Serv}} $KAZ_KEY_DIR/orgas/$orga
|
||||
done
|
||||
|
||||
echo "C'est parfait, vous pouvez git pull puis supprimer SetAllPass.sh"
|
||||
@@ -9,7 +9,6 @@ KAZ_ROOT=$(cd "$(dirname $0)/.."; pwd)
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
. $KAZ_ROOT/secret/env-kaz
|
||||
|
||||
|
||||
@@ -133,6 +132,7 @@ for orgaLong in ${Orgas}; do
|
||||
${SIMU} rsync -aAhHX --info=progress2 --delete "${DOCK_VOL_PAHEKO_ORGA}/${orgaCourt}" -e "ssh -p 2201" root@${SITE_DST}.${domain}:"${DOCK_VOL_PAHEKO_ORGA}/"
|
||||
fi
|
||||
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_COMP_DIR}/${orgaLong} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_COMP_DIR}/
|
||||
${SIMU} rsync -aAhHX --info=progress2 --delete ${KAZ_KEY_DIR}/orgas/${orgaCourt} -e "ssh -p 2201" root@${SITE_DST}.${domain}:${KAZ_KEY_DIR}/orgas/${orgaCourt}
|
||||
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} "grep -q '^${orgaLong}\$' /kaz/config/container-orga.list || echo ${orgaLong} >> /kaz/config/container-orga.list"
|
||||
${SIMU} ssh -p 2201 root@${SITE_DST}.${domain} ${KAZ_COMP_DIR}/${orgaLong}/init-volume.sh
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@ KAZ_ROOT=/kaz
|
||||
. $KAZ_ROOT/bin/.commonFunctions.sh
|
||||
setKazVars
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
URL_AGORA=https://$matterHost.$domain/api/v4
|
||||
EQUIPE=kaz
|
||||
|
||||
@@ -6,7 +6,6 @@ KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
||||
setKazVars
|
||||
|
||||
. $DOCKERS_ENV
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
URL_AGORA=$(echo $matterHost).$(echo $domain)
|
||||
MAX_QUEUE=50
|
||||
|
||||
@@ -12,7 +12,6 @@ setKazVars
|
||||
|
||||
cd $(dirname $0)/..
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
DOCK_DIR=$KAZ_COMP_DIR
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ services:
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
restart: ${restartPolicy}
|
||||
volumes:
|
||||
- ./initdb.d:/docker-entrypoint-initdb.d:ro
|
||||
# - ./initdb.d:/docker-entrypoint-initdb.d:ro
|
||||
- orgaDB:/var/lib/mysql
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
|
||||
@@ -412,7 +412,7 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
|
||||
ln -sf ../../config/orgaTmpl/orga-gen.sh
|
||||
ln -sf ../../config/orgaTmpl/orga-rm.sh
|
||||
ln -sf ../../config/orgaTmpl/init-paheko.sh
|
||||
ln -sf ../../config/orgaTmpl/initdb.d/
|
||||
#ln -sf ../../config/orgaTmpl/initdb.d/
|
||||
ln -sf ../../config/orgaTmpl/app/
|
||||
ln -sf ../../config/orgaTmpl/wiki-conf/
|
||||
ln -sf ../../config/orgaTmpl/reload.sh
|
||||
@@ -443,6 +443,12 @@ if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
|
||||
fi
|
||||
|
||||
if [[ -n "${STAGE_DEFAULT}${STAGE_CREATE}" ]]; then
|
||||
|
||||
|
||||
# ########## create network
|
||||
## GAEL bizarre, je pense que c'est déjà fait qque part, mais chez moi ça veut pas ...
|
||||
docker network create "${ORGA}-orgaNet"
|
||||
|
||||
# ########## create volume
|
||||
./init-volume.sh
|
||||
fi
|
||||
|
||||
@@ -6,7 +6,6 @@ setKazVars
|
||||
|
||||
cd $(dirname $0)
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -castopod
|
||||
|
||||
|
||||
@@ -4,7 +4,6 @@ KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
. "${DOCKERS_ENV}"
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
|
||||
${KAZ_BIN_DIR}/gestContainers.sh --install -M -cloud
|
||||
|
||||
@@ -1,102 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
|
||||
. "${KAZ_ROOT}/bin/.commonFunctions.sh"
|
||||
setKazVars
|
||||
. "${DOCKERS_ENV}"
|
||||
. $KAZ_ROOT/secret/SetAllPass.sh
|
||||
|
||||
|
||||
#"${KAZ_BIN_DIR}/initCloud.sh"
|
||||
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ app:enable user_ldap
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:delete-config s01
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:create-empty-config
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBase ${ldap_root}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseGroups ${ldap_root}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapExpertUsernameAttr identifiantKaz
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapHost ${ldapServName}
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapPort 389
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapTLS 0
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapLoginFilter "(&(objectclass=nextcloudAccount)(|(cn=%uid)(identifiantKaz=%uid)))"
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapQuotaAttribute nextcloudQuota
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilter "(&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE))"
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterObjectclass nextcloudAccount
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapEmailAttribute mail
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserDisplayName cn
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapUserFilterMode 1
|
||||
docker exec -ti -u 33 nextcloudServ /var/www/html/occ ldap:set-config s01 ldapConfigurationActive 1
|
||||
|
||||
# Dans le mariadb, pour permettre au ldap de reprendre la main : delete from oc_users where uid<>'admin';
|
||||
# docker exec -i nextcloudDB mysql --user=<user> --password=<password> <db> <<< "delete from oc_users where uid<>'admin';"
|
||||
|
||||
# Doc : https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205
|
||||
|
||||
# Exemple de table/clés :
|
||||
# +-------------------------------+----------------------------------------------------------+
|
||||
# | Configuration | s01 |
|
||||
# +-------------------------------+----------------------------------------------------------+
|
||||
# | hasMemberOfFilterSupport | 0 |
|
||||
# | homeFolderNamingRule | |
|
||||
# | lastJpegPhotoLookup | 0 |
|
||||
# | ldapAgentName | cn=cloud,ou=applications,dc=kaz,dc=sns |
|
||||
# | ldapAgentPassword | *** |
|
||||
# | ldapAttributesForGroupSearch | |
|
||||
# | ldapAttributesForUserSearch | |
|
||||
# | ldapBackgroundHost | |
|
||||
# | ldapBackgroundPort | |
|
||||
# | ldapBackupHost | |
|
||||
# | ldapBackupPort | |
|
||||
# | ldapBase | ou=users,dc=kaz,dc=sns |
|
||||
# | ldapBaseGroups | ou=users,dc=kaz,dc=sns |
|
||||
# | ldapBaseUsers | ou=users,dc=kaz,dc=sns |
|
||||
# | ldapCacheTTL | 600 |
|
||||
# | ldapConfigurationActive | 1 |
|
||||
# | ldapConnectionTimeout | 15 |
|
||||
# | ldapDefaultPPolicyDN | |
|
||||
# | ldapDynamicGroupMemberURL | |
|
||||
# | ldapEmailAttribute | mail |
|
||||
# | ldapExperiencedAdmin | 0 |
|
||||
# | ldapExpertUUIDGroupAttr | |
|
||||
# | ldapExpertUUIDUserAttr | |
|
||||
# | ldapExpertUsernameAttr | uid |
|
||||
# | ldapExtStorageHomeAttribute | |
|
||||
# | ldapGidNumber | gidNumber |
|
||||
# | ldapGroupDisplayName | cn |
|
||||
# | ldapGroupFilter | |
|
||||
# | ldapGroupFilterGroups | |
|
||||
# | ldapGroupFilterMode | 0 |
|
||||
# | ldapGroupFilterObjectclass | |
|
||||
# | ldapGroupMemberAssocAttr | |
|
||||
# | ldapHost | ldap |
|
||||
# | ldapIgnoreNamingRules | |
|
||||
# | ldapLoginFilter | (&(|(objectclass=nextcloudAccount))(cn=%uid)) |
|
||||
# | ldapLoginFilterAttributes | |
|
||||
# | ldapLoginFilterEmail | 0 |
|
||||
# | ldapLoginFilterMode | 0 |
|
||||
# | ldapLoginFilterUsername | 1 |
|
||||
# | ldapMatchingRuleInChainState | unknown |
|
||||
# | ldapNestedGroups | 0 |
|
||||
# | ldapOverrideMainServer | |
|
||||
# | ldapPagingSize | 500 |
|
||||
# | ldapPort | 389 |
|
||||
# | ldapQuotaAttribute | nextcloudQuota |
|
||||
# | ldapQuotaDefault | |
|
||||
# | ldapTLS | 0 |
|
||||
# | ldapUserAvatarRule | default |
|
||||
# | ldapUserDisplayName | cn |
|
||||
# | ldapUserDisplayName2 | |
|
||||
# | ldapUserFilter | (&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE)) |
|
||||
# | ldapUserFilterGroups | |
|
||||
# | ldapUserFilterMode | 1 |
|
||||
# | ldapUserFilterObjectclass | nextcloudAccount |
|
||||
# | ldapUuidGroupAttribute | auto |
|
||||
# | ldapUuidUserAttribute | auto |
|
||||
# | turnOffCertCheck | 0 |
|
||||
# | turnOnPasswordChange | 0 |
|
||||
# | useMemberOfToDetectMembership | 1 |
|
||||
# +-------------------------------+----------------------------------------------------------+
|
||||
@@ -6,7 +6,6 @@ setKazVars
|
||||
|
||||
cd $(dirname $0)
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
"${KAZ_BIN_DIR}/gestContainers.sh" --install -M -agora
|
||||
|
||||
|
||||
1
dockers/peertube/.env
Symbolic link
1
dockers/peertube/.env
Symbolic link
@@ -0,0 +1 @@
|
||||
../../config/dockers.env
|
||||
1
dockers/spip/.env
Symbolic link
1
dockers/spip/.env
Symbolic link
@@ -0,0 +1 @@
|
||||
../../config/dockers.env
|
||||
@@ -6,7 +6,6 @@ setKazVars
|
||||
|
||||
cd $(dirname $0)
|
||||
. "${DOCKERS_ENV}"
|
||||
. "${KAZ_KEY_DIR}/SetAllPass.sh"
|
||||
|
||||
DockerServName="${sympaServName}"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user