2017-08-31 17:40:24 +00:00
#!/bin/bash
2017-08-31 19:49:18 +00:00
setup_ldap( ) {
apt-get -y install slapd
2018-05-15 20:09:08 +00:00
echo "Hashing the LDAP password..."
2017-08-31 19:49:18 +00:00
hashed_ldap_passwd = $( slappasswd -s $1 )
echo $hashed_ldap_passwd
2018-05-15 20:09:08 +00:00
echo "Building the LDAP config files"
2017-08-31 19:49:18 +00:00
sed 's|dc=example,dc=org|' " $2 " '|g' install_utils/db.ldiff | sed 's|FILL_IT|' " $hashed_ldap_passwd " '|g' > /tmp/db
sed 's|dc=example,dc=org|' " $2 " '|g' install_utils/schema.ldiff | sed 's|FILL_IT|' " $hashed_ldap_passwd " '|g' > /tmp/schema
2018-05-15 20:09:08 +00:00
echo "Deleting exisitng LDAP configuration"
2017-08-31 19:49:18 +00:00
service slapd stop
rm -rf /etc/ldap/slapd.d/*
rm -rf /var/lib/ldap/*
2018-05-15 20:09:08 +00:00
echo "Setting up the new LDAP configuration"
2017-08-31 19:49:18 +00:00
slapadd -n 0 -l /tmp/schema -F /etc/ldap/slapd.d/
slapadd -n 1 -l /tmp/db
2018-05-15 20:09:08 +00:00
echo "Fixing the LDAP files permissions and restarting slapd"
2017-08-31 19:49:18 +00:00
chown -R openldap:openldap /etc/ldap/slapd.d
chown -R openldap:openldap /var/lib/ldap
service slapd start
}
install_re2o_server( ) {
2018-05-15 20:09:08 +00:00
echo " Re2o setup !
This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation.
Installing sudo and dialog packages..."
2018-01-21 19:07:10 +00:00
2017-08-31 17:40:24 +00:00
export DEBIAN_FRONTEND = noninteractive
2017-09-10 12:45:34 +00:00
apt-get -y install sudo dialog
2017-08-31 17:40:24 +00:00
2018-01-21 19:07:10 +00:00
HEIGHT = 15
WIDTH = 40
2018-05-15 20:09:08 +00:00
CHOICE_HEIGHT = 4
TITLE = "Re2o setup !"
MSGBOX = "This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation."
2018-01-21 19:07:10 +00:00
init = $( dialog --clear \
2018-05-15 20:09:08 +00:00
--title " $TITLE " \
--msgbox " $MSGBOX " \
$HEIGHT $WIDTH \
2>& 1 >/dev/tty)
2018-01-21 19:07:10 +00:00
2017-08-31 17:40:24 +00:00
2018-05-15 20:09:08 +00:00
BACKTITLE = "Re2o preconfiguration of the database"
TITLE = "Database engine"
2018-05-15 21:27:06 +00:00
MENU = "Which engine should be used as the database ?"
2017-08-31 17:40:24 +00:00
OPTIONS = ( 1 "mysql"
2 "postgresql" )
sql_bdd_type = $( dialog --clear \
--backtitle " $BACKTITLE " \
--title " $TITLE " \
--menu " $MENU " \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
" ${ OPTIONS [@] } " \
2>& 1 >/dev/tty)
clear
2018-05-15 20:09:08 +00:00
2018-05-15 21:27:06 +00:00
TITLE = "Local extension"
INPUTBOX = "The local extension to use (e.g. 'example.net'). This is used in the LDAP configuration."
2017-08-31 17:40:24 +00:00
extension_locale = $( dialog --title " $TITLE " \
2018-05-15 20:09:08 +00:00
--backtitle " $BACKTITLE " \
2018-05-15 21:27:06 +00:00
--inputbox " $INPUTBOX " \
2018-05-15 20:09:08 +00:00
$HEIGHT $WIDTH \
2>& 1 >/dev/tty)
2017-08-31 17:40:24 +00:00
clear
2017-08-30 12:56:27 +00:00
IFS = '.' read -a extension_locale_array <<< $extension_locale
for i in " ${ extension_locale_array [@] } "
do
ldap_dn += " dc= $i , "
done
ldap_dn = ${ ldap_dn : :- 1 }
echo $ldap_dn
2018-05-15 20:09:08 +00:00
2018-05-15 21:27:06 +00:00
TITLE = "SQL location"
MENU = " Where to install the SQL database ?
* 'Local' will setup everything automatically but is not recommended for production
* 'Remote' will ask you to manually perform some setup commands on the remote server) "
2017-08-31 17:40:24 +00:00
OPTIONS = ( 1 "Local"
2018-05-15 20:09:08 +00:00
2 "Remote" )
2017-08-31 17:40:24 +00:00
sql_is_local = $( dialog --clear \
--backtitle " $BACKTITLE " \
--title " $TITLE " \
--menu " $MENU " \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
" ${ OPTIONS [@] } " \
2>& 1 >/dev/tty)
clear
2018-05-15 21:27:06 +00:00
TITLE = "SQL password"
INPUTBOX = "The password to access the SQL database"
2017-08-31 17:40:24 +00:00
sql_password = $( dialog --title " $TITLE " \
--backtitle " $BACKTITLE " \
2018-05-15 21:27:06 +00:00
--inputbox " $INPUTBOX " $HEIGHT $WIDTH \
2017-08-31 17:40:24 +00:00
2>& 1 >/dev/tty)
clear
if [ $sql_is_local = = 2 ]
2018-01-27 11:50:11 +00:00
then
2018-05-15 21:27:06 +00:00
TITLE = "SQL username"
INPUTBOX = "The username to access the remote SQL database"
sql_login = $( dialog --title " $TITLE " \
--backtitle " $BACKTITLE " \
--inputbox " $INPUTBOX " $HEIGHT $WIDTH \
2>& 1 >/dev/tty)
clear
TITLE = "SQL database name"
INPUTBOX = "The name of the remote SQL database"
sql_name = $( dialog --title " $TITLE " \
--backtitle " $BACKTITLE " \
--inputbox " $INPUTBOX " $HEIGHT $WIDTH \
2>& 1 >/dev/tty)
clear
TITLE = "SQL host"
INPUTBOX = "The host of the remote SQL database"
sql_host = $( dialog --title " $TITLE " \
--backtitle " $BACKTITLE " \
--inputbox " $INPUTBOX " $HEIGHT $WIDTH \
2>& 1 >/dev/tty)
clear
2017-08-30 12:56:27 +00:00
else
2018-05-15 21:27:06 +00:00
sql_name = "re2o"
sql_login = "re2o"
sql_host = "localhost"
2017-08-30 12:56:27 +00:00
fi
2018-05-15 20:09:08 +00:00
BACKTITLE = "Re2o preconfiguration of the active directory"
2018-05-15 21:27:06 +00:00
2018-05-15 20:09:08 +00:00
TITLE = "LDAP location"
2018-05-15 21:27:06 +00:00
MENU = " Where to install the LDAP ?
* 'Local' will setup everything automatically but is not recommended for production
* 'Remote' will ask you to manually perform some setup commands on the remote server) "
2017-08-31 17:40:24 +00:00
OPTIONS = ( 1 "Local"
2018-05-15 20:09:08 +00:00
2 "Remote" )
2017-08-31 17:40:24 +00:00
ldap_is_local = $( dialog --clear \
--backtitle " $BACKTITLE " \
--title " $TITLE " \
--menu " $MENU " \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
" ${ OPTIONS [@] } " \
2>& 1 >/dev/tty)
2017-08-30 12:56:27 +00:00
2018-05-15 20:09:08 +00:00
TITLE = "LDAP password"
2018-05-15 21:27:06 +00:00
INPUTBOX = "The password to access the LDAP"
2017-08-31 17:40:24 +00:00
ldap_password = $( dialog --title " $TITLE " \
--backtitle " $BACKTITLE " \
2018-05-15 21:27:06 +00:00
--inputbox " $INPUTBOX " $HEIGHT $WIDTH \
2017-08-31 17:40:24 +00:00
2>& 1 >/dev/tty)
clear
if [ $ldap_is_local = = 2 ]
2018-01-27 11:50:11 +00:00
then
2018-05-15 21:27:06 +00:00
TITLE = "CN of amdin user"
INPUTBOX = "The CN entry for the admin user of the remote LDAP"
2018-05-15 20:09:08 +00:00
ldap_cn = $( dialog --title " $TITLE " \
--backtitle " $BACKTITLE " \
2018-05-15 21:27:06 +00:00
--inputbox " $INPUTBOX " $HEIGHT $WIDTH \
2018-05-15 20:09:08 +00:00
2>& 1 >/dev/tty)
clear
2018-05-15 21:27:06 +00:00
TITLE = "LDAP host"
INPUTBOX = "The host of the remote LDAP"
2018-05-15 20:09:08 +00:00
ldap_host = $( dialog --title " $TITLE " \
--backtitle " $BACKTITLE " \
2018-05-15 21:27:06 +00:00
--inputbox " $INPUTBOX " $HEIGHT $WIDTH \
2018-05-15 20:09:08 +00:00
2>& 1 >/dev/tty)
clear
2018-05-15 21:27:06 +00:00
TITLE = "Activate TLS for remote LDAP ?"
2018-05-15 20:09:08 +00:00
OPTIONS = ( 1 "Yes"
2 "No" )
ldap_tls = $( dialog --title " $TITLE " \
--backtitle " $BACKTITLE " \
--MENU " $MENU " \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
" ${ OPTIONS [@] } " \
2>& 1 >/dev/tty)
clear
2017-08-30 12:56:27 +00:00
else
2018-05-15 20:09:08 +00:00
ldap_cn = "cn=admin,"
ldap_cn += $ldap_dn
ldap_host = "localhost"
ldap_tls = 2
2017-08-30 12:56:27 +00:00
fi
2018-05-15 20:09:08 +00:00
BACKTITLE = "Re2o preconfiguration of the mail server"
2018-05-15 21:27:06 +00:00
TITLE = "Mail server host"
INPUTBOX = "The host of the mail server to use"
2017-09-08 19:19:32 +00:00
email_host = $( dialog --title " $TITLE " \
--backtitle " $BACKTITLE " \
2018-05-15 20:09:08 +00:00
--inputbox " $TITLE " \
$HEIGHT $WIDTH \
2017-09-08 19:19:32 +00:00
2>& 1 >/dev/tty)
2018-05-15 21:27:06 +00:00
TITLE = "Mail server Port"
MENU = "Which port (thus which protocol) to use to contact the mail server"
2018-05-15 20:09:08 +00:00
OPTIONS = ( 25 "SMTP"
465 "SMTPS"
587 "Submission" )
2017-09-08 19:19:32 +00:00
email_port = $( dialog --clear \
--backtitle " $BACKTITLE " \
--title " $TITLE " \
--menu " $MENU " \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
" ${ OPTIONS [@] } " \
2>& 1 >/dev/tty)
clear
2018-05-15 20:09:08 +00:00
2018-05-15 21:27:06 +00:00
TITLE = "Re2o setup !"
MSGBOX = "Setup of the required packages"
install_base = $( dialog --clear \
--title " $TITLE " \
--msgbox " $MSGBOX " \
$HEIGHT $WIDTH \
2>& 1 >/dev/tty)
2018-05-15 20:09:08 +00:00
2018-05-15 21:27:06 +00:00
echo "Setup of the required packages"
2018-05-15 20:09:08 +00:00
apt-get -y install python3-django python3-dateutil texlive-latex-base texlive-fonts-recommended python3-djangorestframework python3-django-reversion python3-pip libsasl2-dev libldap2-dev libssl-dev python3-crypto python3-git libjs-jquery libjs-jquery-uil libjs-jquery-timepicker libjs-bootstrap
pip3 install django-bootstrap3 django-ldapdb= = 0.9.0 django-macaddress
2017-08-30 12:56:27 +00:00
2018-05-15 20:09:08 +00:00
echo "SQL Database setup"
2017-08-31 17:40:24 +00:00
if [ $sql_bdd_type = = 1 ]
2017-08-30 12:56:27 +00:00
then
2017-09-10 12:45:34 +00:00
apt-get -y install python3-mysqldb mysql-client
2018-05-15 20:09:08 +00:00
mysql_command = " CREATE DATABASE $sql_name collate='utf8_general_ci';
CREATE USER '$sql_login' @'localhost' IDENTIFIED BY '$sql_password' ;
GRANT ALL PRIVILEGES ON $sql_name .* TO '$sql_login' @'localhost' ;
FLUSH PRIVILEGES; "
2017-08-31 17:40:24 +00:00
if [ $sql_is_local = = 1 ]
2017-08-30 12:56:27 +00:00
then
2018-05-15 20:09:08 +00:00
apt-get -y install mysql-server
mysql -u root --execute= " $mysql_command "
2017-08-30 12:56:27 +00:00
else
2018-05-15 20:09:08 +00:00
echo "Please execute the following command on the remote SQL server and then continue"
echo " $mysql_command "
while true
do
read -p "Continue (y/n)?" choice
case " $choice " in
y| Y ) break; ;
n| N ) exit; ;
* ) echo "Invalid" ; ;
esac
done
2017-08-30 12:56:27 +00:00
fi
2017-09-10 12:45:34 +00:00
else
2018-05-15 20:09:08 +00:00
apt-get -y install postgresql-client python3-psycopg2
pgsql_command1 = " CREATE DATABASE $sql_name ENCODING 'UTF8' LC_COLLATE='fr_FR.UTF-8' LC_CTYPE='fr_FR.UTF-8'; "
pgsql_command2 = " CREATE USER $sql_login with password ' $sql_password '; "
pgsql_command3 = " ALTER DATABASE $sql_name owner to $sql_login ; "
2017-08-31 17:40:24 +00:00
if [ $sql_is_local = = 1 ]
2017-08-30 12:56:27 +00:00
then
2018-05-15 20:09:08 +00:00
apt-get -y install postgresql
sudo -u postgres psql --command= " $pgsql_command1 "
sudo -u postgres psql --command= " $pgsql_command2 "
sudo -u postgres psql --command= " $pgsql_command3 "
2017-09-10 12:45:34 +00:00
else
2018-05-15 20:09:08 +00:00
echo "Please execute the following commands on the remote SQL server and then continue"
echo " sudo -u postgres psql $pgsql_command1 "
echo " sudo -u postgres psql $pgsql_command2 "
echo " sudo -u postgres psql $pgsql_command3 "
while true
do
read -p "Continue (y/n)?" choice
case " $choice " in
y| Y ) break; ;
n| N ) exit; ;
* ) echo "Invalid" ; ;
esac
done
2017-08-30 12:56:27 +00:00
fi
2018-01-27 11:50:11 +00:00
fi
2017-08-30 12:56:27 +00:00
2018-05-15 20:09:08 +00:00
echo "LDAP setup"
2017-08-31 17:40:24 +00:00
if [ $ldap_is_local = = 1 ]
2017-08-30 12:56:27 +00:00
then
2018-05-15 20:09:08 +00:00
setup_ldap $ldap_password $ldap_dn
else
TITLE = "LDAP server setup"
MSGBOX = " Please manually setup the remote LDAP server by launching the following commands: ./install_re2o.sh ldap $ldap_password $ldap_dn "
ldap_setup = $( dialog --clear \
--title " $TITLE " \
--msgbox " $MSGBOX " \
$HEIGHT $WIDTH \
2>& 1 >/dev/tty)
fi
2017-08-30 12:56:27 +00:00
2018-01-21 19:07:10 +00:00
2017-08-30 12:56:27 +00:00
2018-05-15 20:09:08 +00:00
echo "Writing of the settings_local.py file"
2017-08-30 12:56:27 +00:00
2017-08-31 17:40:24 +00:00
django_secret_key = $( python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))" )
2018-03-02 18:24:59 +00:00
aes_key = $( python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))" )
2017-08-30 12:56:27 +00:00
cp re2o/settings_local.example.py re2o/settings_local.py
2017-09-10 12:45:34 +00:00
if [ $sql_bdd_type = = 1 ]
then
sed -i 's/db_engine/django.db.backends.mysql/g' re2o/settings_local.py
else
sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' re2o/settings_local.py
fi
2017-08-31 17:40:24 +00:00
sed -i 's/SUPER_SECRET_KEY/' " $django_secret_key " '/g' re2o/settings_local.py
2017-08-30 12:56:27 +00:00
sed -i 's/SUPER_SECRET_DB/' " $sql_password " '/g' re2o/settings_local.py
2018-05-15 20:09:08 +00:00
sed -i 's/A_SECRET_AES_KEY/' " $aes_key " '/g' re2o/settings_local.py
2017-08-30 12:56:27 +00:00
sed -i 's/db_name_value/' " $sql_name " '/g' re2o/settings_local.py
sed -i 's/db_user_value/' " $sql_login " '/g' re2o/settings_local.py
sed -i 's/db_host_value/' " $sql_host " '/g' re2o/settings_local.py
sed -i 's/ldap_dn/' " $ldap_cn " '/g' re2o/settings_local.py
2018-05-15 20:09:08 +00:00
if [ $ldap_tls = = 2 ]
then
sed -i "s/'TLS': True,/# 'TLS': True,#/g" re2o/settings_local.py
fi
2017-08-30 12:56:27 +00:00
sed -i 's/SUPER_SECRET_LDAP/' " $ldap_password " '/g' re2o/settings_local.py
sed -i 's/ldap_host_ip/' " $ldap_host " '/g' re2o/settings_local.py
sed -i 's/dc=example,dc=org/' " $ldap_dn " '/g' re2o/settings_local.py
sed -i 's/example.org/' " $extension_locale " '/g' re2o/settings_local.py
2017-09-08 19:19:32 +00:00
sed -i 's/MY_EMAIL_HOST/' " $email_host " '/g' re2o/settings_local.py
sed -i 's/MY_EMAIL_PORT/' " $email_port " '/g' re2o/settings_local.py
2017-08-30 12:56:27 +00:00
2018-05-15 20:09:08 +00:00
TITLE = "Django setup"
MSGBOX = "Applying the Django database migrations"
2018-01-21 19:07:10 +00:00
migrations = $( dialog --clear \
2018-05-15 20:09:08 +00:00
--title " $TITLE " \
--msgbox " $MSGBOX " \
2018-01-21 19:07:10 +00:00
$HEIGHT $WIDTH \
2>& 1 >/dev/tty)
2018-05-15 20:09:08 +00:00
2017-08-31 17:40:24 +00:00
python3 manage.py migrate
2018-05-15 20:09:08 +00:00
TITLE = "Django setup"
MSGBOX = "Collecting statics"
2018-01-21 19:07:10 +00:00
static = $( dialog --clear \
2018-05-15 20:09:08 +00:00
--title " $TITLE " \
--msgbox " $MSGBOX " \
2018-01-21 19:07:10 +00:00
$HEIGHT $WIDTH \
2>& 1 >/dev/tty)
2018-05-15 20:09:08 +00:00
2017-09-01 21:41:56 +00:00
python3 manage.py collectstatic
2017-08-31 17:40:24 +00:00
2018-05-15 20:09:08 +00:00
BACKTITLE = "Web server"
2018-05-15 21:27:06 +00:00
2018-05-15 20:09:08 +00:00
TITLE = "Web server to use"
2018-05-15 21:27:06 +00:00
MENU = "Which web server to install for accessing Re2o web frontend (automatic setup of nginx is not supported) ?"
2017-08-31 17:40:24 +00:00
OPTIONS = ( 1 "apache2"
2 "nginx" )
web_serveur = $( dialog --clear \
--backtitle " $BACKTITLE " \
--title " $TITLE " \
--menu " $MENU " \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
" ${ OPTIONS [@] } " \
2>& 1 >/dev/tty)
clear
2018-05-15 21:27:06 +00:00
TITLE = "Web URL"
INPUTBOX = "URL for accessing the web server (e.g. re2o.example.net). Be sure that this URL is accessible and correspond to a DNS entry if applicable."
2017-08-31 17:40:24 +00:00
url_server = $( dialog --title " $TITLE " \
--backtitle " $BACKTITLE " \
2018-05-15 21:27:06 +00:00
--inputbox " $INPUTBOX " \
2018-05-15 20:09:08 +00:00
$HEIGHT $WIDTH \
2017-08-31 17:40:24 +00:00
2>& 1 >/dev/tty)
clear
2018-05-15 21:27:06 +00:00
TITLE = "TLS on web server"
MENU = "Would you like to activate the TLS (with Let'Encrypt) on the web server ?"
OPTIONS = ( 1 "Yes"
2 "No" )
2017-08-31 19:49:18 +00:00
is_tls = $( dialog --clear \
--backtitle " $BACKTITLE " \
--title " $TITLE " \
--menu " $MENU " \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
" ${ OPTIONS [@] } " \
2>& 1 >/dev/tty)
clear
2017-08-31 20:09:38 +00:00
sed -i 's/URL_SERVER/' " $url_server " '/g' re2o/settings_local.py
2017-08-31 17:40:24 +00:00
if [ $web_serveur = = 1 ]
then
2018-05-15 20:09:08 +00:00
apt-get -y install apache2 libapache2-mod-wsgi-py3
a2enmod ssl
a2enmod wsgi
if [ $is_tls = = 1 ]
then
cp install_utils/apache2/re2o-tls.conf /etc/apache2/sites-available/re2o.conf
apt-get -y install certbot
apt-get -y install python-certbot-apache
certbot certonly --rsa-key-size 4096 --apache -d $url_server
sed -i 's/LE_PATH/' " $url_server " '/g' /etc/apache2/sites-available/re2o.conf
else
cp install_utils/apache2/re2o.conf /etc/apache2/sites-available/re2o.conf
fi
rm /etc/apache2/sites-enabled/000-default.conf
sed -i 's|URL_SERVER|' " $url_server " '|g' /etc/apache2/sites-available/re2o.conf
current_path = $( pwd )
sed -i 's|PATH|' " $current_path " '|g' /etc/apache2/sites-available/re2o.conf
a2ensite re2o
service apache2 reload
2017-08-31 17:40:24 +00:00
else
2018-05-15 20:09:08 +00:00
TITLE = "Web server setup"
2018-05-15 21:27:06 +00:00
MSGBOX = "Nginx automatic setup is not supported. Please configure it manually."
2018-05-15 20:09:08 +00:00
web_server = $( dialog --clear \
--title " $TITLE " \
--msgbox " $MSGBOX " \
$HEIGHT $WIDTH \
2>& 1 >/dev/tty)
2017-08-31 17:40:24 +00:00
fi
2017-08-30 12:56:27 +00:00
2017-08-31 19:49:18 +00:00
python3 manage.py createsuperuser
2018-05-15 20:09:08 +00:00
TITLE = "End of the setup"
MSGBOX = " You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything. "
2018-01-21 19:07:10 +00:00
end = $( dialog --clear \
2018-05-15 20:09:08 +00:00
--title " $TITLE " \
2018-01-21 19:07:10 +00:00
--msgbox " Vous pouvez à présent vous rendre sur $url_server , et vous connecter. Votre utilisateur dispose des privilèges superuser " \
$HEIGHT $WIDTH \
2>& 1 >/dev/tty)
2017-08-31 19:49:18 +00:00
}
2018-05-12 19:21:00 +00:00
2017-08-31 19:49:18 +00:00
main_function( ) {
2018-05-15 20:09:08 +00:00
if [ ! -z " $1 " ]
then
if [ $1 = = ldap ]
then
if [ ! -z " $2 " ]
then
2018-05-15 21:27:06 +00:00
echo "Installation du ldap"
2018-05-15 20:09:08 +00:00
setup_ldap $2 $3
else
2018-05-15 21:27:06 +00:00
echo "Arguments invalides !"
2018-05-15 20:09:08 +00:00
exit
fi
fi
else
install_re2o_server
fi
2017-08-31 19:49:18 +00:00
}
main_function $1 $2 $3