Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lupa/compose.libre.sh
  • libre.sh/compose.libre.sh
  • ecobytes/compose.libre.sh
  • jordan.mitchell/compose.libre.sh
  • timothee/compose.libre.sh
5 results
Show changes
Hide whitespace changes
Inline Side-by-side
utils/provision.sh utils/provision
View file @ 408b8f91
#!/usr/bin/env bash
# Provision an application for a user for IndiePaaS
# Provision an application for a user for LibrePaaS
#
# This file:
# - Registers the domain name to NameCheap
# - Generates the TLS certificate associated
# - Configures the DNS
# - Configures the mail forwarding
# - Starts the application
#
# Version 0.0.2
# Version 0.0.3
#
# Authors:
# - Pierre Ozoux (pierre-o.fr)
#
# Usage:
# LOG_LEVEL=7 ./provision.sh -e test@test.org -a known -u example.org -g -b -c
# LOG_LEVEL=7 ./provision -a github.com/indiehosters/known -u example.org -g -b -c
#
# Licensed under AGPLv3
......@@ -28,111 +25,24 @@ LOG_LEVEL="${LOG_LEVEL:-6}" # 7 = debug -> 0 = emergency
# Commandline options. This defines the usage page, and is used to parse cli
# opts & defaults from. The parsing is unforgiving so be precise in your syntax
read -r -d '' usage <<-'EOF'
-a [arg] Application to provision (static, wordpress or known). Required.
-e [arg] Email of the user of the application. Required.
-u [arg] URL to process. Required.
-f [arg] Certificate file to use.
-g Generates the necessary certificate.
-p Paste certificate from previous run.
-a [arg] Application to install. (in the form github.com/indiehosters/wordpress or wordpress in REPO_MODE)
-t [arg] Checkout a specific tag or branch from the application repo. default to master
-e [arg] Specify the email of the application admin
-s Start the application right away.
-b Buys the associated domain name.
-c Configures DNS on Namecheap.
-i Configure OpenDKIM.
-c Configures DNS if possible.
-d Enables debug mode
-s Starts the application
-h This page
EOF
### Functions
#####################################################################
function contains () {
local n=$#
local value=${!n}
for ((i=1;i < $#;i++)) {
if [ "${!i}" == "${value}" ]; then
echo "y"
return 0
fi
}
echo "n"
return 1
}
function TLD () {
echo ${arg_u} | cut -d. -f2,3
}
function SLD () {
echo ${arg_u} | cut -d. -f1
}
function call_API () {
url="https://api.$NAMECHEAP_URL/xml.response\?ApiUser=${NAMECHEAP_API_USER}&ApiKey=${NAMECHEAP_API_KEY}&UserName=${NAMECHEAP_API_USER}&ClientIp=${IP}$1"
output=$(curl -s ${url})
if [ $(echo ${output} | grep -c 'Status="OK"') -eq 0 ]; then
error "API call failed. Please read the output"
echo ${output}
exit 1
else
info "API call is a success."
fi
}
function scaffold () {
supported_applications=( "static" "wordpress" "known" "owncloud" "piwik")
if [ $(contains "${supported_applications[@]}" "${arg_a}") == "n" ]; then
error "Application ${arg_a} is not yet supported."
exit 1
fi
info "Creating application folder"
mkdir -p ${APP_FOLDER}
info "Creating .env"
echo "EMAIL=${arg_e}" > ${FOLDER}/.env
case "${arg_a}" in
"static" )
echo APPLICATION=nginx >> ${FOLDER}/.env
echo DOCKER_ARGUMENTS="-v ${APP_FOLDER}/www-content:/app" >> ${FOLDER}/.env
;;
"wordpress" )
touch ${APP_FOLDER}/.htaccess
echo APPLICATION=${arg_a} >> ${FOLDER}/.env
echo DOCKER_ARGUMENTS="--link mysql-${arg_u}:db \
-v ${APP_FOLDER}/data:/app/wp-content \
-v ${APP_FOLDER}/.htaccess:/app/.htaccess \
--env-file ${APP_FOLDER}/.env" >> ${FOLDER}/.env
;;
"known" )
touch ${APP_FOLDER}/.htaccess
echo APPLICATION=${arg_a} >> ${FOLDER}/.env
echo DOCKER_ARGUMENTS="--link mysql-${arg_u}:db \
-v ${APP_FOLDER}/data:/app/Uploads \
-v ${APP_FOLDER}/.htaccess:/app/.htaccess \
--env-file ${APP_FOLDER}/.env" >> ${FOLDER}/.env
;;
"owncloud" )
echo APPLICATION=${arg_a} >> ${FOLDER}/.env
echo DOCKER_ARGUMENTS="--link mysql-${arg_u}:db \
-v ${APP_FOLDER}/apps:/var/www/owncloud/apps \
-v ${APP_FOLDER}/config:/var/www/owncloud/config \
-v ${APP_FOLDER}/data:/var/www/owncloud/data \
--env-file ${APP_FOLDER}/.env" >> ${FOLDER}/.env
;;
"piwik" )
echo APPLICATION=${arg_a} >> ${FOLDER}/.env
echo DOCKER_ARGUMENTS="--link mysql-${arg_u}:db \
-v ${APP_FOLDER}/config:/piwik/config \
--env-file ${APP_FOLDER}/.env" >> ${FOLDER}/.env
;;
esac
info "Scaffold created with success."
}
source /etc/environment
source /opt/bin/helpers
source /opt/bin/configure_dkim_dns
function buy_domain_name () {
......@@ -194,130 +104,58 @@ function buy_domain_name () {
call_API ${arguments}
}
function provision_certificate () {
filename=$(basename "${arg_f}")
extension="${filename##*.}"
if [ "${extension}" != "pem" ]; then
error "File extension must be pem."
exit 1
fi
info "Provisionning certificate."
cp -Ra $(dirname ${arg_f}) ${TLS_FOLDER}
cd ${TLS_FOLDER}
mv *.pem ${arg_u}.pem
}
function generate_certificate () {
info "creating TLS ans CSR folder."
mkdir -p ${TLS_FOLDER}/CSR
info "Generating the key."
openssl genrsa -out ${TLS_FOLDER}/CSR/${arg_u}.key 4096
info "Creating the request."
openssl req -new \
-key ${TLS_FOLDER}/CSR/${arg_u}.key \
-out ${TLS_FOLDER}/CSR/${arg_u}.csr \
-subj "/C=${CountryCode}/ST=${City}/L=${City}/O=${arg_u}/OU=/CN=${arg_u}/emailAddress=${EmailAddress}"
function application () {
info "Here is your CSR, paste it in your Certificate authority interface."
echo ""
cat ${TLS_FOLDER}/CSR/${arg_u}.csr
#We check if a APP_REPO_URL was specified
echo ""
info "You should have received a certificate."
info "Please paste your certificate now: (finish with ctrl-d)"
cat > ${TLS_FOLDER}/CSR/${arg_u}.crt
info "Concat certificate, CA and key into pem file."
cat ${TLS_FOLDER}/CSR/${arg_u}.crt /data/indiehosters/certs/sub.class2.server.sha2.ca.pem /data/indiehosters/certs/ca-sha2.pem ${TLS_FOLDER}/CSR/${arg_u}.key > ${TLS_FOLDER}/${arg_u}.pem
}
function paste_certificate () {
echo ""
info "You should have received a certificate."
info "Please paste your certificate now: (finish with ctrl-d)"
if [ -z ${APP_REPO_URL:-} ]; then
warning "NO repo URL specified, using argument as full URL"
git_url=https://${arg_a}.git
else
warning "REPO specified, using argument as app name"
git_url=https://${APP_REPO_URL}/${arg_a}.git
fi
cat > ${TLS_FOLDER}/CSR/${arg_u}.crt
info "Concat certificate, CA and key into pem file."
cat ${TLS_FOLDER}/CSR/${arg_u}.crt /data/indiehosters/certs/sub.class2.server.sha2.ca.pem /data/indiehosters/certs/ca-sha2.pem ${TLS_FOLDER}/CSR/${arg_u}.key > ${TLS_FOLDER}/${arg_u}.pem
}
function configure_dns () {
info "Configuring DNS."
arguments="&Command=namecheap.domains.dns.setHosts\
&DomainName=${arg_u}\
&SLD=$(SLD)\
&TLD=$(TLD)\
&HostName1=@\
&RecordType1=A\
&Address1=${IP}\
&HostName2=www\
&RecordType2=CNAME\
&Address2=${arg_u}\
&HostName3=mail\
&RecordType3=A\
&Address3=${IP}\
&HostName4=@\
&RecordType4=MX\
&Address4=mail.${arg_u}\
&MXPref4=10\
&EmailType=mx"
call_API ${arguments}
#Define the tag/branch
git clone ${git_url} -b ${arg_t} /data/domains/${arg_u}
}
cd /data/domains/${arg_u}
if [ -f ./scripts/install ]; then
#domain
export URL=${arg_u}
#admin email
if [ -z "${arg_e}" ]; then
warning "No admin_email specified with -e , using default hoster email"
else
export ADMIN_EMAIL=${arg_e}
debug " admin email is ${ADMIN_EMAIL} "
fi
function start_application () {
case "${arg_a}" in
"static" )
service_file="static"
;;
* )
service_file="lamp"
;;
esac
# Enable and start application (Sorry Systemd)
systemctl enable ${service_file}@${arg_u}
systemctl start ${service_file}@${arg_u}
if [ -z ${MAIL_DOMAIN:-} ]; then
warning "you have no email server setup, we'll print a random configuration in your application. Make sure to check the parameters for your app to send proper emails."
warning "To stop having this warning, please configure your libre.sh to be abble to create email accounts."
warning "You can also contact support@indie.host to setup an email account for you"
export MAIL_PASS="randompass"
export MAIL_USER="example@indie.host"
export MAIL_DOMAIN="indie.host"
export MAIL_HOST="mail.indie.host"
export MAIL_PORT="587"
else
echo "using MAIL_DOMAIN from server env"
#export MAIL_PASS=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c 20 | xargs`
#export MAIL_USER="noreply.${arg_u}@${MAIL_DOMAIN}"
#/opt/bin/add_mailbox ${MAIL_USER} ${MAIL_PASS}
fi
./scripts/install
fi
}
function _fmt () {
local color_ok="\x1b[32m"
local color_bad="\x1b[31m"
local color="${color_bad}"
if [ "${1}" = "debug" ] || [ "${1}" = "info" ] || [ "${1}" = "notice" ]; then
color="${color_ok}"
fi
local color_reset="\x1b[0m"
if [[ "${TERM}" != "xterm"* ]] || [ -t 1 ]; then
# Don't use colors on pipes or non-recognized terminals
color=""; color_reset=""
fi
echo -e "$(date -u +"%Y-%m-%d %H:%M:%S UTC") ${color}$(printf "[%9s]" ${1})${color_reset}";
}
function emergency () { echo "$(_fmt emergency) ${@}" 1>&2 || true; exit 1; }
function alert () { [ "${LOG_LEVEL}" -ge 1 ] && echo "$(_fmt alert) ${@}" 1>&2 || true; }
function critical () { [ "${LOG_LEVEL}" -ge 2 ] && echo "$(_fmt critical) ${@}" 1>&2 || true; }
function error () { [ "${LOG_LEVEL}" -ge 3 ] && echo "$(_fmt error) ${@}" 1>&2 || true; }
function warning () { [ "${LOG_LEVEL}" -ge 4 ] && echo "$(_fmt warning) ${@}" 1>&2 || true; }
function notice () { [ "${LOG_LEVEL}" -ge 5 ] && echo "$(_fmt notice) ${@}" 1>&2 || true; }
function info () { [ "${LOG_LEVEL}" -ge 6 ] && echo "$(_fmt info) ${@}" 1>&2 || true; }
function debug () { [ "${LOG_LEVEL}" -ge 7 ] && echo "$(_fmt debug) ${@}" 1>&2 || true; }
function help () {
echo "" 1>&2
echo " ${@}" 1>&2
echo "" 1>&2
echo " ${usage}" 1>&2
echo "" 1>&2
exit 1
function start () {
systemctl start u@${arg_u}
systemctl enable u@${arg_u}
}
### Parse commandline options
......@@ -388,10 +226,10 @@ fi
### Validation (decide what's required for running your script and error out)
#####################################################################
[ -z "${arg_a}" ] && help "Application is required."
[ -z "${arg_e}" ] && help "Email is required."
[ -z "${arg_u}" ] && help "URL is required."
[ -z "${LOG_LEVEL}" ] && emergency "Cannot continue without LOG_LEVEL."
# tags/branch for modules
[ -z "${arg_t}" ] && arg_t=master
### Runtime
......@@ -399,7 +237,7 @@ fi
# Exit on error. Append ||true if you expect an error.
# set -e is safer than #!/bin/bash -e because that is neutralised if
# someone runs your script like `bash yourscript.sh`
# someone runs your script like `bash yourscript`
set -o errexit
set -o nounset
......@@ -407,21 +245,13 @@ set -o nounset
# This way you can catch the error in case mysqldump fails in `mysqldump |gzip`
set -o pipefail
if [[ "${OSTYPE}" == "darwin"* ]]; then
info "You are on OSX"
fi
FOLDER=/data/domains/${arg_u}
APP_FOLDER=${FOLDER}/${arg_a}
TLS_FOLDER=${FOLDER}/TLS
[ ${arg_b} -eq 1 ] && buy_domain_name
scaffold
[ ${arg_g} -eq 1 ] && generate_certificate
[ ${arg_p} -eq 1 ] && paste_certificate
[ ! -z "${arg_f}" ] && provision_certificate
[ ! -z "${arg_a}" ] && application
[ ${arg_i} -eq 1 ] && provision_dkim
[ ${arg_c} -eq 1 ] && configure_dns
[ ${arg_s} -eq 1 ] && start_application
[ ${arg_s} -eq 1 ] && start
exit 0
utils/spread_backups.sh deleted 100755 → 0
View file @ f56bc57c
#!/bin/bash -eux
for unit in `systemctl list-units --all backup@*service | grep "Back up data" | cut -d" " -f2 | grep backup | sort -R`
do
systemctl stop $unit
systemctl restart $unit
done
for unit in `systemctl list-units --all backup@*service | grep "Back up data" | cut -d" " -f3 | grep backup | sort -R`
do
systemctl stop $unit
systemctl restart $unit
done
for unit in `systemctl list-units --all backup@*service | grep "Back up data" | cut -d" " -f1 | grep backup | sort -R`
do
systemctl stop $unit
systemctl restart $unit
done
utils/stop_before_migration 0 → 100755
View file @ 408b8f91
#!/bin/bash -eux
domain=$1
ip=$2
cd /data/domains/$domain
./scripts/backup
systemctl stop u@$domain
systemctl disable u@$domain
tar cvzf /home/core/${domain}.tgz .
utils/test-domain.sh 0 → 100644
View file @ 408b8f91
#!/bin/bash
cd /data/domains
my_ip=`curl http://ipv4.icanhazip.com/`
echo "My IP is $my_ip"
for domain in `ls .`; do
domain_ip=`host ${domain} | awk '/has address/ { print $4 }'`
if [[ "${domain_ip}" != "${my_ip}" ]]; then
echo "$domain has this IP: $domain_ip"
fi
done