#!/bin/bash # Script de manipulation d'un cloud' # init /versions / restart ... # KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd) . $KAZ_ROOT/bin/.commonFunctions.sh setKazVars . $DOCKERS_ENV . $KAZ_ROOT/secret/SetAllPass.sh #GLOBAL VARS PRG=$(basename $0) availableOrga=($(getList "${KAZ_CONF_DIR}/container-orga.list")) AVAILABLE_ORGAS=${availableOrga[*]//-orga/} # CLOUD APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio snappymail ransomware_protection" #rainloop richdocumentscode QUIET="1" ONNAS= CLOUDCOMMUN="OUI_PAR_DEFAUT" DockerServName=${nextcloudServName} usage() { echo "${PRG} [OPTION] [COMMANDES] [ORGA] Manipulation d'un cloud OPTIONS -h|--help Cette aide :-) -n|--simu SIMULATION -q|--quiet On ne parle pas (utile avec le -n pour avoir que les commandes) --nas L'orga se trouve sur le NAS ! COMMANDES (on peut en mettre plusieurs dans l'ordre souhaité) -I|--install L'initialisation du cloud -v|--version Donne la version du cloud et signale les MàJ --optim Lance la procédure Nextcloud pour optimiser les performances ** ** -occ \"command\" Envoie une commande via occ ** ** -u Mets à jour les applis ** SPECIFIQUES ** -i Install des applis ** CLOUD ** -a \"app1 app2 ...\" Choix des appli à installer ou mettre à jour (entre guillemets) ** ** -U|--upgrade Upgrade des clouds ** ** -O|--officeURL MAJ le office de ce nextcloud ** ** ORGA parmi : ${AVAILABLE_ORGAS} ou vide si cloud commun " } ################################## ############### CLOUD ############ ################################## Init(){ NOM=$ORGA [ -n "${CLOUDCOMMUN}" ] && NOM="commun" if [ -z "${LISTE_APPS}" ]; then printKazMsg "Aucune appli n'est précisée, j'installerais les applis par défaut : ${APPLIS_PAR_DEFAUT}" >& $QUIET LISTE_APPS="${APPLIS_PAR_DEFAUT}" fi checkDockerRunning "$DockerServName" "$NOM" [ $? -ne 0 ] && echo "${CYAN}\n $DockerServName est down : impossible de terminer l'install${NC}" && return 1 >& $QUIET CONF_FILE="${DOCK_VOL}/orga_${ORGA}-cloudConfig/_data/config.php" CLOUD_URL="https://${ORGA}-${cloudHost}.${domain}" if [ -n "$CLOUDCOMMUN" ]; then CONF_FILE="${DOCK_VOL}/cloud-cloudConfig/_data/config.php" CLOUD_URL="https://${cloudHost}.${domain}" elif [ -n "${ONNAS}" ]; then CONF_FILE="${NAS_VOL}/orga_${ORGA}-cloudConfig/_data/config.php" fi firstInstall "$CLOUD_URL" "$CONF_FILE" " NextCloud de $NOM" updatePhpConf "$CONF_FILE" InstallApplis echo "${CYAN} *** Paramétrage richdocuments pour $ORGA${NC}" >& $QUIET setOfficeUrl occCommand "config:app:set --value 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 richdocuments wopi_allowlist" occCommand "config:system:set overwrite.cli.url --value=$CLOUD_URL" occCommand "config:system:set disable_certificate_verification --value=true" if [ -n "$CLOUDCOMMUN" ]; then initLdap "$NOM" ; fi } Version(){ VERSION=$(docker exec -u 33 ${DockerServName} /var/www/html/occ status | grep -i version:) VERSION_UPDATE=$(docker exec -u 33 ${DockerServName} /var/www/html/occ update:check | grep -i "available\." | cut -c 1-17) versionSTR="Version ${DockerServName} : ${GREEN}${VERSION}${NC}" [ -n "${VERSION_UPDATE}" ] && versionSTR="$versionSTR -- Disponible : ${RED} ${VERSION_UPDATE} ${NC}" echo "$versionSTR" } firstInstall(){ # $1 CLOUD_URL # $2 phpConfFile # $3 orga if ! grep -q "'installed' => true," "$2" 2> /dev/null; then printKazMsg "\n *** Premier lancement de $3" >& $QUIET ${SIMU} waitUrl "$1" ${SIMU} curl -X POST \ -d "install=true" \ -d "adminlogin=${nextcloud_NEXTCLOUD_ADMIN_USER}" \ -d "adminpass=${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}" \ -d "directory=/var/www/html/data" \ -d "dbtype=mysql" \ -d "dbuser=${nextcloud_MYSQL_USER}" \ -d "dbpass=${nextcloud_MYSQL_PASSWORD}" \ -d "dbname=${nextcloud_MYSQL_DATABASE}" \ -d "dbhost=${nextcloud_MYSQL_HOST}" \ -d "install-recommended-apps=true" \ "$1" fi } setOfficeUrl(){ OFFICE_URL="https://${officeHost}.${domain}" if [ ! "${site}" = "prod1" ]; then OFFICE_URL="https://${site}-${officeHost}.${domain}" fi occCommand "config:app:set --value $OFFICE_URL richdocuments public_wopi_url" occCommand "config:app:set --value $OFFICE_URL richdocuments wopi_url" occCommand "config:app:set --value $OFFICE_URL richdocuments disable_certificate_verification" } initLdap(){ # $1 Nom du cloud echo "${CYAN} *** Installation LDAP pour $1${NC}" >& $QUIET occCommand "app:enable user_ldap" "${DockerServName}" occCommand "ldap:delete-config s01" "${DockerServName}" occCommand "ldap:create-empty-config" "${DockerServName}" occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}" occCommand "ldap:set-config s01 ldapExpertUsernameAttr identifiantKaz" "${DockerServName}" occCommand "ldap:set-config s01 ldapHost ${ldapServName}" "${DockerServName}" occCommand "ldap:set-config s01 ldapPort 389" "${DockerServName}" occCommand "ldap:set-config s01 ldapTLS 0" "${DockerServName}" occCommand "ldap:set-config s01 ldapLoginFilter \"(&(objectclass=nextcloudAccount)(|(cn=%uid)(identifiantKaz=%uid)))\"" "${DockerServName}" occCommand "ldap:set-config s01 ldapQuotaAttribute nextcloudQuota" "${DockerServName}" occCommand "ldap:set-config s01 ldapUserFilter \"(&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE))\"" "${DockerServName}" occCommand "ldap:set-config s01 ldapUserFilterObjectclass nextcloudAccount" "${DockerServName}" occCommand "ldap:set-config s01 ldapEmailAttribute mail" "${DockerServName}" occCommand "ldap:set-config s01 ldapUserDisplayName cn" "${DockerServName}" occCommand "ldap:set-config s01 ldapUserFilterMode 1" "${DockerServName}" occCommand "ldap:set-config s01 ldapConfigurationActive 1" "${DockerServName}" # Dans le mariadb, pour permettre au ldap de reprendre la main : delete from oc_users where uid<>'admin'; # docker exec -i nextcloudDB mysql --user= --password= <<< "delete from oc_users where uid<>'admin';" # Doc : https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205 # Exemple de table/clés : # +-------------------------------+----------------------------------------------------------+ # | Configuration | s01 | # +-------------------------------+----------------------------------------------------------+ # | hasMemberOfFilterSupport | 0 | # | homeFolderNamingRule | | # | lastJpegPhotoLookup | 0 | # | ldapAgentName | cn=cloud,ou=applications,dc=kaz,dc=sns | # | ldapAgentPassword | *** | # | ldapAttributesForGroupSearch | | # | ldapAttributesForUserSearch | | # | ldapBackgroundHost | | # | ldapBackgroundPort | | # | ldapBackupHost | | # | ldapBackupPort | | # | ldapBase | ou=users,dc=kaz,dc=sns | # | ldapBaseGroups | ou=users,dc=kaz,dc=sns | # | ldapBaseUsers | ou=users,dc=kaz,dc=sns | # | ldapCacheTTL | 600 | # | ldapConfigurationActive | 1 | # | ldapConnectionTimeout | 15 | # | ldapDefaultPPolicyDN | | # | ldapDynamicGroupMemberURL | | # | ldapEmailAttribute | mail | # | ldapExperiencedAdmin | 0 | # | ldapExpertUUIDGroupAttr | | # | ldapExpertUUIDUserAttr | | # | ldapExpertUsernameAttr | uid | # | ldapExtStorageHomeAttribute | | # | ldapGidNumber | gidNumber | # | ldapGroupDisplayName | cn | # | ldapGroupFilter | | # | ldapGroupFilterGroups | | # | ldapGroupFilterMode | 0 | # | ldapGroupFilterObjectclass | | # | ldapGroupMemberAssocAttr | | # | ldapHost | ldap | # | ldapIgnoreNamingRules | | # | ldapLoginFilter | (&(|(objectclass=nextcloudAccount))(cn=%uid)) | # | ldapLoginFilterAttributes | | # | ldapLoginFilterEmail | 0 | # | ldapLoginFilterMode | 0 | # | ldapLoginFilterUsername | 1 | # | ldapMatchingRuleInChainState | unknown | # | ldapNestedGroups | 0 | # | ldapOverrideMainServer | | # | ldapPagingSize | 500 | # | ldapPort | 389 | # | ldapQuotaAttribute | nextcloudQuota | # | ldapQuotaDefault | | # | ldapTLS | 0 | # | ldapUserAvatarRule | default | # | ldapUserDisplayName | cn | # | ldapUserDisplayName2 | | # | ldapUserFilter | (&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE)) | # | ldapUserFilterGroups | | # | ldapUserFilterMode | 1 | # | ldapUserFilterObjectclass | nextcloudAccount | # | ldapUuidGroupAttribute | auto | # | ldapUuidUserAttribute | auto | # | turnOffCertCheck | 0 | # | turnOnPasswordChange | 0 | # | useMemberOfToDetectMembership | 1 | # +-------------------------------+----------------------------------------------------------+ } updatePhpConf(){ # $1 php_conf_file if [ $# -ne 1 ]; then echo "${RED}#Je ne sais pas ou écrire la conf php !${NC}" return 1 fi echo "${CYAN} *** Maj de la conf $1${NC}" >& $QUIET PHPCONF="$1" _addVarAfterInConf "default_language" " 'default_language' => 'fr'," "CONFIG = array (" "${PHPCONF}" _addVarAfterInConf "theme" " 'theme' => ''," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "default_phone_region" " 'default_phone_region' => 'FR'," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "loglevel" " 'loglevel' => 2," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "maintenance" " 'maintenance' => false," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "app_install_overwrite" " 'app_install_overwrite' => \n array (\n 0 => 'documents',\n )," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "overwriteprotocol" " 'overwriteprotocol' => 'https'," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "mail_domain" " 'mail_domain' => '${domain}'," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "mail_from_address" " 'mail_from_address' => 'admin'," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "mail_smtpport" " 'mail_smtpport' => '25'," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "mail_sendmailmode" " 'mail_sendmailmode' => 'smtp'," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "mail_smtphost" " 'mail_smtphost' => '${smtpHost}.${domain}'," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "mail_smtpmode" " 'mail_smtpmode' => 'smtp'," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "enable_previews" " 'enable_previews' => true," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "trashbin_retention_obligation" " 'trashbin_retention_obligation' => '30, auto'," "'installed' => true," "${PHPCONF}" #pour supprimer le message "obtenir un compte gratuit" dans le footer _addVarAfterInConf "simpleSignUpLink.shown" " 'simpleSignUpLink.shown' => false," "'installed' => true," "${PHPCONF}" _addVarAfterInConf "trusted_proxies" " 'trusted_proxies' => array( 0 => '10.0.0.0/8', 1 => '172.16.0.0/12', 2 => '192.168.0.0/16' )," "'installed' => true," "${PHPCONF}" } UpgradeClouds() { echo "${NC}--------------------------------------------------------" >& $QUIET echo "UPGRADE des cloud" >& $QUIET echo "--------------------------------------------------------" >& $QUIET occCommand "upgrade" } OptimiseClouds() { occCommand "db:add-missing-indices" "db:convert-filecache-bigint --no-interaction" } UpdateApplis() { printKazMsg "UPDATE DES APPLIS du cloud ${DockerServName} : ${LISTE_APPS}" >& $QUIET if [ -z "${LISTE_APPS}" ]; then occCommand "app:update --all" return fi echo "Mise à jour de ${LISTE_APPS}" >& $QUIET for app in ${LISTE_APPS} do occCommand "app:update ${app}" done } InstallApplis(){ if [ -z "${LISTE_APPS}" ]; then printKazMsg "Aucune appli n'est précisée, j'installe les applis par défaut : ${APPLIS_PAR_DEFAUT}" >& $QUIET LISTE_APPS="${APPLIS_PAR_DEFAUT}" fi apps=$LISTE_APPS if ! [[ "$(docker ps -f name=${DockerServName} | grep -w ${DockerServName})" ]]; then printKazError "${RED}# ${DockerServName} not running... impossible d'installer les applis${NC}" >& $QUIET return 1 fi LIST_ALL=$(docker exec -ti -u 33 "${DockerServName}" /var/www/html/occ app:list | awk 'BEGIN {cp=0} /Enabled:/ {cp=1 ; next}; /Disabled:/ {cp=0; next}; {if (cp) print $0};') for app in $apps do grep -wq "${app}" <<<"${LIST_ALL}" 2>/dev/null && echo "${app} dejà installée" >& $QUIET && continue echo " install ${app}" >& $QUIET occCommand "app:install ${app}" done } occCommand(){ # $1 Command ${SIMU} docker exec -u 33 $DockerServName /var/www/html/occ $1 } _addVarAfterInConf(){ # $1 key # $2 val # $3 where # $4 confFile if ! grep -q "$1" "${4}" ; then echo -n " ${CYAN}${BOLD}$1${NC}" >& $QUIET ${SIMU} sed -i -e "/$3/a\ $2" "$4" fi } ########## Main ################# for ARG in "$@"; do if [ -n "${GETOCCCOMAND}" ]; then # après un -occ OCCCOMAND="${ARG}" GETOCCCOMAND= elif [ -n "${GETAPPS}" ]; then # après un -a LISTE_APPS="${LISTE_APPS} ${ARG}" GETAPPS="" else case "${ARG}" in '-h' | '--help' ) usage && exit ;; '-n' | '--simu') SIMU="echo" ;; '-q' ) QUIET="/dev/null" ;; '--nas' | '-nas' ) ONNAS="SURNAS" ;; '-v' | '--version') COMMANDS="$(echo "${COMMANDS} VERSION" | sed "s/\s/\n/g" | sort | uniq)" ;; '-I' | '--install' ) COMMANDS="$(echo "${COMMANDS} INIT" | sed "s/\s/\n/g" | sort | uniq)" ;; # le sed sort uniq, c'est pour pas l'avoir en double '-U' | '--upgrade') COMMANDS="$(echo "${COMMANDS} UPGRADE" | sed "s/\s/\n/g" | sort | uniq)" ;; '-O' | '--officeURL') COMMANDS="$(echo "${COMMANDS} OFFICEURL" | sed "s/\s/\n/g" | sort | uniq)" ;; '--optim' | '-optim' ) COMMANDS="$(echo "${COMMANDS} OPTIMISE-CLOUD" | sed "s/\s/\n/g" | sort | uniq)" ;; '-u' ) COMMANDS="$(echo "${COMMANDS} UPDATE-CLOUD-APP" | sed "s/\s/\n/g" | sort | uniq)" ;; '-i' ) COMMANDS="$(echo "${COMMANDS} INSTALL-CLOUD-APP" | sed "s/\s/\n/g" | sort | uniq)" ;; '-a' ) GETAPPS="now" ;; '--occ' | '-occ' ) COMMANDS="$(echo "${COMMANDS} RUN-CLOUD-OCC" | sed "s/\s/\n/g" | sort | uniq)" GETOCCCOMAND="now" ;; '-*' ) # ignore ;; *) ORGA="${ARG%-orga}" DockerServName="${ORGA}-${nextcloudServName}" CLOUDCOMMUN= ;; esac fi done if [ -z "${COMMANDS}" ]; then usage && exit fi for COMMAND in ${COMMANDS}; do case "${COMMAND}" in 'VERSION' ) Version && exit ;; 'OPTIMISE-CLOUD' ) OptimiseClouds ;; 'UPDATE-CLOUD-APP' ) UpdateApplis ;; 'UPGRADE' ) UpgradeClouds ;; 'INIT' ) Init ;; 'INSTALL-CLOUD-APP' ) InstallApplis ;; 'OFFICEURL' ) setOfficeUrl ;; 'RUN-CLOUD-OCC' ) occCommand "${OCCCOMAND}";; esac done