393 lines
20 KiB
Bash
Executable File
393 lines
20 KiB
Bash
Executable File
#!/bin/bash
|
|
# Script de manipulation d'un cloud'
|
|
# init /versions / restart ...
|
|
#
|
|
|
|
KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
|
|
. $KAZ_ROOT/bin/.commonFunctions.sh
|
|
setKazVars
|
|
. $DOCKERS_ENV
|
|
. $KAZ_ROOT/secret/SetAllPass.sh
|
|
|
|
#GLOBAL VARS
|
|
PRG=$(basename $0)
|
|
|
|
availableOrga=($(getList "${KAZ_CONF_DIR}/container-orga.list"))
|
|
AVAILABLE_ORGAS=${availableOrga[*]//-orga/}
|
|
|
|
# CLOUD
|
|
APPLIS_PAR_DEFAUT="tasks calendar contacts bookmarks mail richdocuments external drawio snappymail ransomware_protection" #rainloop richdocumentscode
|
|
QUIET="1"
|
|
ONNAS=
|
|
|
|
CLOUDCOMMUN="OUI_PAR_DEFAUT"
|
|
DockerServName=${nextcloudServName}
|
|
|
|
usage() {
|
|
echo "${PRG} [OPTION] [COMMANDES] [ORGA]
|
|
Manipulation d'un cloud
|
|
|
|
OPTIONS
|
|
-h|--help Cette aide :-)
|
|
-n|--simu SIMULATION
|
|
-q|--quiet On ne parle pas (utile avec le -n pour avoir que les commandes)
|
|
--nas L'orga se trouve sur le NAS !
|
|
|
|
COMMANDES (on peut en mettre plusieurs dans l'ordre souhaité)
|
|
-I|--install L'initialisation du cloud
|
|
-v|--version Donne la version du cloud et signale les MàJ
|
|
|
|
--optim Lance la procédure Nextcloud pour optimiser les performances ** **
|
|
-occ \"command\" Envoie une commande via occ ** **
|
|
-u Mets à jour les applis ** SPECIFIQUES **
|
|
-i Install des applis ** CLOUD **
|
|
-a \"app1 app2 ...\" Choix des appli à installer ou mettre à jour (entre guillemets) ** **
|
|
-U|--upgrade Upgrade des clouds ** **
|
|
-O|--officeURL MAJ le office de ce nextcloud ** **
|
|
|
|
ORGA parmi : ${AVAILABLE_ORGAS}
|
|
ou vide si cloud commun
|
|
"
|
|
}
|
|
|
|
|
|
##################################
|
|
############### CLOUD ############
|
|
##################################
|
|
|
|
Init(){
|
|
NOM=$ORGA
|
|
[ -n "${CLOUDCOMMUN}" ] && NOM="commun"
|
|
if [ -z "${LISTE_APPS}" ]; then
|
|
printKazMsg "Aucune appli n'est précisée, j'installerais les applis par défaut : ${APPLIS_PAR_DEFAUT}" >& $QUIET
|
|
LISTE_APPS="${APPLIS_PAR_DEFAUT}"
|
|
fi
|
|
|
|
checkDockerRunning "$DockerServName" "$NOM"
|
|
[ $? -ne 0 ] && echo "${CYAN}\n $DockerServName est down : impossible de terminer l'install${NC}" && return 1 >& $QUIET
|
|
|
|
CONF_FILE="${DOCK_VOL}/orga_${ORGA}-cloudConfig/_data/config.php"
|
|
CLOUD_URL="https://${ORGA}-${cloudHost}.${domain}"
|
|
if [ -n "$CLOUDCOMMUN" ]; then
|
|
CONF_FILE="${DOCK_VOL}/cloud-cloudConfig/_data/config.php"
|
|
CLOUD_URL="https://${cloudHost}.${domain}"
|
|
elif [ -n "${ONNAS}" ]; then
|
|
CONF_FILE="${NAS_VOL}/orga_${ORGA}-cloudConfig/_data/config.php"
|
|
fi
|
|
|
|
firstInstall "$CLOUD_URL" "$CONF_FILE" " NextCloud de $NOM"
|
|
updatePhpConf "$CONF_FILE"
|
|
InstallApplis
|
|
echo "${CYAN} *** Paramétrage richdocuments pour $ORGA${NC}" >& $QUIET
|
|
setOfficeUrl
|
|
occCommand "config:app:set --value 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 richdocuments wopi_allowlist"
|
|
occCommand "config:system:set overwrite.cli.url --value=$CLOUD_URL"
|
|
occCommand "config:system:set disable_certificate_verification --value=true"
|
|
|
|
if [ -n "$CLOUDCOMMUN" ]; then initLdap "$NOM" ; fi
|
|
}
|
|
|
|
Version(){
|
|
VERSION=$(docker exec -u 33 ${DockerServName} /var/www/html/occ status | grep -i version:)
|
|
VERSION_UPDATE=$(docker exec -u 33 ${DockerServName} /var/www/html/occ update:check | grep -i "available\." | cut -c 1-17)
|
|
versionSTR="Version ${DockerServName} : ${GREEN}${VERSION}${NC}"
|
|
[ -n "${VERSION_UPDATE}" ] && versionSTR="$versionSTR -- Disponible : ${RED} ${VERSION_UPDATE} ${NC}"
|
|
echo "$versionSTR"
|
|
}
|
|
|
|
firstInstall(){
|
|
# $1 CLOUD_URL
|
|
# $2 phpConfFile
|
|
# $3 orga
|
|
if ! grep -q "'installed' => true," "$2" 2> /dev/null; then
|
|
printKazMsg "\n *** Premier lancement de $3" >& $QUIET
|
|
|
|
${SIMU} waitUrl "$1"
|
|
|
|
${SIMU} curl -X POST \
|
|
-d "install=true" \
|
|
-d "adminlogin=${nextcloud_NEXTCLOUD_ADMIN_USER}" \
|
|
-d "adminpass=${nextcloud_NEXTCLOUD_ADMIN_PASSWORD}" \
|
|
-d "directory=/var/www/html/data" \
|
|
-d "dbtype=mysql" \
|
|
-d "dbuser=${nextcloud_MYSQL_USER}" \
|
|
-d "dbpass=${nextcloud_MYSQL_PASSWORD}" \
|
|
-d "dbname=${nextcloud_MYSQL_DATABASE}" \
|
|
-d "dbhost=${nextcloud_MYSQL_HOST}" \
|
|
-d "install-recommended-apps=true" \
|
|
"$1"
|
|
fi
|
|
}
|
|
|
|
setOfficeUrl(){
|
|
OFFICE_URL="https://${officeHost}.${domain}"
|
|
if [ ! "${site}" = "prod1" ]; then
|
|
OFFICE_URL="https://${site}-${officeHost}.${domain}"
|
|
fi
|
|
occCommand "config:app:set --value $OFFICE_URL richdocuments public_wopi_url"
|
|
occCommand "config:app:set --value $OFFICE_URL richdocuments wopi_url"
|
|
occCommand "config:app:set --value $OFFICE_URL richdocuments disable_certificate_verification"
|
|
}
|
|
|
|
initLdap(){
|
|
# $1 Nom du cloud
|
|
echo "${CYAN} *** Installation LDAP pour $1${NC}" >& $QUIET
|
|
occCommand "app:enable user_ldap" "${DockerServName}"
|
|
occCommand "ldap:delete-config s01" "${DockerServName}"
|
|
occCommand "ldap:create-empty-config" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapAgentName cn=cloud,ou=applications,${ldap_root}" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapAgentPassword ${ldap_LDAP_CLOUD_PASSWORD}" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapBase ${ldap_root}" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapBaseGroups ${ldap_root}" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapBaseUsers ou=users,${ldap_root}" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapExpertUsernameAttr identifiantKaz" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapHost ${ldapServName}" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapPort 389" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapTLS 0" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapLoginFilter \"(&(objectclass=nextcloudAccount)(|(cn=%uid)(identifiantKaz=%uid)))\"" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapQuotaAttribute nextcloudQuota" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapUserFilter \"(&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE))\"" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapUserFilterObjectclass nextcloudAccount" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapEmailAttribute mail" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapUserDisplayName cn" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapUserFilterMode 1" "${DockerServName}"
|
|
occCommand "ldap:set-config s01 ldapConfigurationActive 1" "${DockerServName}"
|
|
|
|
# Dans le mariadb, pour permettre au ldap de reprendre la main : delete from oc_users where uid<>'admin';
|
|
# docker exec -i nextcloudDB mysql --user=<user> --password=<password> <db> <<< "delete from oc_users where uid<>'admin';"
|
|
|
|
# Doc : https://help.nextcloud.com/t/migration-to-ldap-keeping-users-and-data/13205
|
|
|
|
# Exemple de table/clés :
|
|
# +-------------------------------+----------------------------------------------------------+
|
|
# | Configuration | s01 |
|
|
# +-------------------------------+----------------------------------------------------------+
|
|
# | hasMemberOfFilterSupport | 0 |
|
|
# | homeFolderNamingRule | |
|
|
# | lastJpegPhotoLookup | 0 |
|
|
# | ldapAgentName | cn=cloud,ou=applications,dc=kaz,dc=sns |
|
|
# | ldapAgentPassword | *** |
|
|
# | ldapAttributesForGroupSearch | |
|
|
# | ldapAttributesForUserSearch | |
|
|
# | ldapBackgroundHost | |
|
|
# | ldapBackgroundPort | |
|
|
# | ldapBackupHost | |
|
|
# | ldapBackupPort | |
|
|
# | ldapBase | ou=users,dc=kaz,dc=sns |
|
|
# | ldapBaseGroups | ou=users,dc=kaz,dc=sns |
|
|
# | ldapBaseUsers | ou=users,dc=kaz,dc=sns |
|
|
# | ldapCacheTTL | 600 |
|
|
# | ldapConfigurationActive | 1 |
|
|
# | ldapConnectionTimeout | 15 |
|
|
# | ldapDefaultPPolicyDN | |
|
|
# | ldapDynamicGroupMemberURL | |
|
|
# | ldapEmailAttribute | mail |
|
|
# | ldapExperiencedAdmin | 0 |
|
|
# | ldapExpertUUIDGroupAttr | |
|
|
# | ldapExpertUUIDUserAttr | |
|
|
# | ldapExpertUsernameAttr | uid |
|
|
# | ldapExtStorageHomeAttribute | |
|
|
# | ldapGidNumber | gidNumber |
|
|
# | ldapGroupDisplayName | cn |
|
|
# | ldapGroupFilter | |
|
|
# | ldapGroupFilterGroups | |
|
|
# | ldapGroupFilterMode | 0 |
|
|
# | ldapGroupFilterObjectclass | |
|
|
# | ldapGroupMemberAssocAttr | |
|
|
# | ldapHost | ldap |
|
|
# | ldapIgnoreNamingRules | |
|
|
# | ldapLoginFilter | (&(|(objectclass=nextcloudAccount))(cn=%uid)) |
|
|
# | ldapLoginFilterAttributes | |
|
|
# | ldapLoginFilterEmail | 0 |
|
|
# | ldapLoginFilterMode | 0 |
|
|
# | ldapLoginFilterUsername | 1 |
|
|
# | ldapMatchingRuleInChainState | unknown |
|
|
# | ldapNestedGroups | 0 |
|
|
# | ldapOverrideMainServer | |
|
|
# | ldapPagingSize | 500 |
|
|
# | ldapPort | 389 |
|
|
# | ldapQuotaAttribute | nextcloudQuota |
|
|
# | ldapQuotaDefault | |
|
|
# | ldapTLS | 0 |
|
|
# | ldapUserAvatarRule | default |
|
|
# | ldapUserDisplayName | cn |
|
|
# | ldapUserDisplayName2 | |
|
|
# | ldapUserFilter | (&(objectclass=nextcloudAccount)(nextcloudEnabled=TRUE)) |
|
|
# | ldapUserFilterGroups | |
|
|
# | ldapUserFilterMode | 1 |
|
|
# | ldapUserFilterObjectclass | nextcloudAccount |
|
|
# | ldapUuidGroupAttribute | auto |
|
|
# | ldapUuidUserAttribute | auto |
|
|
# | turnOffCertCheck | 0 |
|
|
# | turnOnPasswordChange | 0 |
|
|
# | useMemberOfToDetectMembership | 1 |
|
|
# +-------------------------------+----------------------------------------------------------+
|
|
}
|
|
|
|
updatePhpConf(){
|
|
# $1 php_conf_file
|
|
if [ $# -ne 1 ]; then
|
|
echo "${RED}#Je ne sais pas ou écrire la conf php !${NC}"
|
|
return 1
|
|
fi
|
|
|
|
echo "${CYAN} *** Maj de la conf $1${NC}" >& $QUIET
|
|
PHPCONF="$1"
|
|
_addVarAfterInConf "default_language" " 'default_language' => 'fr'," "CONFIG = array (" "${PHPCONF}"
|
|
_addVarAfterInConf "theme" " 'theme' => ''," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "default_phone_region" " 'default_phone_region' => 'FR'," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "loglevel" " 'loglevel' => 2," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "maintenance" " 'maintenance' => false," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "app_install_overwrite" " 'app_install_overwrite' => \n array (\n 0 => 'documents',\n )," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "overwriteprotocol" " 'overwriteprotocol' => 'https'," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "mail_domain" " 'mail_domain' => '${domain}'," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "mail_from_address" " 'mail_from_address' => 'admin'," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "mail_smtpport" " 'mail_smtpport' => '25'," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "mail_sendmailmode" " 'mail_sendmailmode' => 'smtp'," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "mail_smtphost" " 'mail_smtphost' => '${smtpHost}.${domain}'," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "mail_smtpmode" " 'mail_smtpmode' => 'smtp'," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "enable_previews" " 'enable_previews' => true," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "trashbin_retention_obligation" " 'trashbin_retention_obligation' => '30, auto'," "'installed' => true," "${PHPCONF}"
|
|
#pour supprimer le message "obtenir un compte gratuit" dans le footer
|
|
_addVarAfterInConf "simpleSignUpLink.shown" " 'simpleSignUpLink.shown' => false," "'installed' => true," "${PHPCONF}"
|
|
_addVarAfterInConf "trusted_proxies" " 'trusted_proxies' => array( 0 => '10.0.0.0/8', 1 => '172.16.0.0/12', 2 => '192.168.0.0/16' )," "'installed' => true," "${PHPCONF}"
|
|
}
|
|
|
|
UpgradeClouds() {
|
|
echo "${NC}--------------------------------------------------------" >& $QUIET
|
|
echo "UPGRADE des cloud" >& $QUIET
|
|
echo "--------------------------------------------------------" >& $QUIET
|
|
occCommand "upgrade"
|
|
}
|
|
|
|
OptimiseClouds() {
|
|
occCommand "db:add-missing-indices" "db:convert-filecache-bigint --no-interaction"
|
|
}
|
|
|
|
|
|
UpdateApplis() {
|
|
printKazMsg "UPDATE DES APPLIS du cloud ${DockerServName} : ${LISTE_APPS}" >& $QUIET
|
|
if [ -z "${LISTE_APPS}" ]; then
|
|
occCommand "app:update --all"
|
|
return
|
|
fi
|
|
echo "Mise à jour de ${LISTE_APPS}" >& $QUIET
|
|
for app in ${LISTE_APPS}
|
|
do
|
|
occCommand "app:update ${app}"
|
|
done
|
|
}
|
|
|
|
InstallApplis(){
|
|
if [ -z "${LISTE_APPS}" ]; then
|
|
printKazMsg "Aucune appli n'est précisée, j'installe les applis par défaut : ${APPLIS_PAR_DEFAUT}" >& $QUIET
|
|
LISTE_APPS="${APPLIS_PAR_DEFAUT}"
|
|
fi
|
|
apps=$LISTE_APPS
|
|
|
|
if ! [[ "$(docker ps -f name=${DockerServName} | grep -w ${DockerServName})" ]]; then
|
|
printKazError "${RED}# ${DockerServName} not running... impossible d'installer les applis${NC}" >& $QUIET
|
|
return 1
|
|
fi
|
|
LIST_ALL=$(docker exec -ti -u 33 "${DockerServName}" /var/www/html/occ app:list |
|
|
awk 'BEGIN {cp=0}
|
|
/Enabled:/ {cp=1 ; next};
|
|
/Disabled:/ {cp=0; next};
|
|
{if (cp) print $0};')
|
|
|
|
for app in $apps
|
|
do
|
|
grep -wq "${app}" <<<"${LIST_ALL}" 2>/dev/null && echo "${app} dejà installée" >& $QUIET && continue
|
|
echo " install ${app}" >& $QUIET
|
|
occCommand "app:install ${app}"
|
|
done
|
|
}
|
|
|
|
occCommand(){
|
|
# $1 Command
|
|
${SIMU} docker exec -u 33 $DockerServName /var/www/html/occ $1
|
|
}
|
|
|
|
_addVarAfterInConf(){
|
|
# $1 key
|
|
# $2 val
|
|
# $3 where
|
|
# $4 confFile
|
|
if ! grep -q "$1" "${4}" ; then
|
|
echo -n " ${CYAN}${BOLD}$1${NC}" >& $QUIET
|
|
${SIMU} sed -i -e "/$3/a\ $2" "$4"
|
|
fi
|
|
}
|
|
|
|
########## Main #################
|
|
for ARG in "$@"; do
|
|
if [ -n "${GETOCCCOMAND}" ]; then # après un -occ
|
|
OCCCOMAND="${ARG}"
|
|
GETOCCCOMAND=
|
|
elif [ -n "${GETAPPS}" ]; then # après un -a
|
|
LISTE_APPS="${LISTE_APPS} ${ARG}"
|
|
GETAPPS=""
|
|
else
|
|
case "${ARG}" in
|
|
'-h' | '--help' )
|
|
usage && exit ;;
|
|
'-n' | '--simu')
|
|
SIMU="echo" ;;
|
|
'-q' )
|
|
QUIET="/dev/null" ;;
|
|
'--nas' | '-nas' )
|
|
ONNAS="SURNAS" ;;
|
|
'-v' | '--version')
|
|
COMMANDS="$(echo "${COMMANDS} VERSION" | sed "s/\s/\n/g" | sort | uniq)" ;;
|
|
'-I' | '--install' )
|
|
COMMANDS="$(echo "${COMMANDS} INIT" | sed "s/\s/\n/g" | sort | uniq)" ;; # le sed sort uniq, c'est pour pas l'avoir en double
|
|
'-U' | '--upgrade')
|
|
COMMANDS="$(echo "${COMMANDS} UPGRADE" | sed "s/\s/\n/g" | sort | uniq)" ;;
|
|
'-O' | '--officeURL')
|
|
COMMANDS="$(echo "${COMMANDS} OFFICEURL" | sed "s/\s/\n/g" | sort | uniq)" ;;
|
|
'--optim' | '-optim' )
|
|
COMMANDS="$(echo "${COMMANDS} OPTIMISE-CLOUD" | sed "s/\s/\n/g" | sort | uniq)" ;;
|
|
'-u' )
|
|
COMMANDS="$(echo "${COMMANDS} UPDATE-CLOUD-APP" | sed "s/\s/\n/g" | sort | uniq)" ;;
|
|
'-i' )
|
|
COMMANDS="$(echo "${COMMANDS} INSTALL-CLOUD-APP" | sed "s/\s/\n/g" | sort | uniq)" ;;
|
|
'-a' )
|
|
GETAPPS="now" ;;
|
|
'--occ' | '-occ' )
|
|
COMMANDS="$(echo "${COMMANDS} RUN-CLOUD-OCC" | sed "s/\s/\n/g" | sort | uniq)"
|
|
GETOCCCOMAND="now" ;;
|
|
'-*' ) # ignore
|
|
;;
|
|
*)
|
|
ORGA="${ARG%-orga}"
|
|
DockerServName="${ORGA}-${nextcloudServName}"
|
|
CLOUDCOMMUN=
|
|
;;
|
|
esac
|
|
fi
|
|
done
|
|
|
|
if [ -z "${COMMANDS}" ]; then
|
|
usage && exit
|
|
fi
|
|
|
|
for COMMAND in ${COMMANDS}; do
|
|
case "${COMMAND}" in
|
|
'VERSION' )
|
|
Version && exit ;;
|
|
'OPTIMISE-CLOUD' )
|
|
OptimiseClouds ;;
|
|
'UPDATE-CLOUD-APP' )
|
|
UpdateApplis ;;
|
|
'UPGRADE' )
|
|
UpgradeClouds ;;
|
|
'INIT' )
|
|
Init ;;
|
|
'INSTALL-CLOUD-APP' )
|
|
InstallApplis ;;
|
|
'OFFICEURL' )
|
|
setOfficeUrl ;;
|
|
'RUN-CLOUD-OCC' )
|
|
occCommand "${OCCCOMAND}";;
|
|
esac
|
|
done |