From 7f6729c2a7e5dd4b67ecf7331d7e8294f5a6415e Mon Sep 17 00:00:00 2001 From: grisel-davy Date: Tue, 15 May 2018 20:42:00 +0200 Subject: [PATCH 01/27] bug list vide --- topologie/views.py | 213 +++++++++++++++++++++++++++------------------ 1 file changed, 129 insertions(+), 84 deletions(-) diff --git a/topologie/views.py b/topologie/views.py index 0c9eb0ab..871b5bbc 100644 --- a/topologie/views.py +++ b/topologie/views.py @@ -43,6 +43,10 @@ from django.db import IntegrityError from django.db.models import ProtectedError, Prefetch from django.core.exceptions import ValidationError from django.contrib.staticfiles.storage import staticfiles_storage +from django.template.loader import get_template +from django.template import Context, Template, loader + +import pprint from users.views import form from re2o.utils import re2o_paginator, SortTable @@ -53,13 +57,14 @@ from re2o.acl import ( can_view, can_view_all, ) +from re2o.settings import MEDIA_ROOT from machines.forms import ( DomainForm, EditInterfaceForm, AddInterfaceForm ) from machines.views import generate_ipv4_mbf_param -from machines.models import Interface +from machines.models import Interface, Service_link from preferences.models import AssoOption, GeneralOption from .models import ( @@ -71,7 +76,8 @@ from .models import ( ConstructorSwitch, AccessPoint, SwitchBay, - Building + Building, + Server ) from .forms import ( EditPortForm, @@ -112,6 +118,12 @@ def index(request): ) pagination_number = GeneralOption.get_cached_value('pagination_number') switch_list = re2o_paginator(request, switch_list, pagination_number) + + if any(service_link.need_regen() for service_link in Service_link.objects.filter(service__service_type='graph_topo')): + make_machine_graph() + for service_link in Service_link.objects.filter(service__service_type='graph_topo'): + service_link.done_regen() + return render( request, 'topologie/index.html', @@ -937,93 +949,126 @@ def make_machine_graph(): """ Crée le fichier dot et l'image du graph des Switchs """ - #Syntaxe DOT temporaire, A mettre dans un template: - lignes=['''digraph Switchs { -node [ -fontname=Helvetica -fontsize=8 -shape=plaintext] -edge[arrowhead=odot,arrowtail=dot]'''] - node_fixe='''node [label=< - - - - - -''' - node_ports=''' -''' - cluster='''subgraph cluster_{} {{ -color=blue; -label="Batiment {}";''' - end_table='''
- -{} -
-{} - -{} -
-{} - -{} -
-{} - -{} -
->] \"{}_{}\" ;''' - switch_alone='''{} [label=< - - -
- -{} -
->]''' - missing=[] - detected=[] - for sw in Switch.objects.all(): - if(sw not in detected): - missing.append(sw) + dico = { + 'subs': [], + 'links' : [], + 'alone': [], + 'colors': { + 'head': "#7f0505", + 'back': "#b5adad", + 'texte': "#563d01", + 'border_bornes': "#02078e", + 'head_bornes': "#25771c", + 'head_server': "#1c3777" + } + } + missing = list(Switch.objects.all()) + detected = [] + + #Parcours tous les batiments for building in Building.objects.all(): - lignes.append(cluster.format(len(lignes),building)) + dico['subs'].append( + { + 'bat_id': building.id, + 'bat_name': building, + 'switchs': [], + 'bornes': [], + 'machines': [] + } + ) + #Parcours tous les switchs de ce batiment for switch in Switch.objects.filter(switchbay__building=building): - lignes.append(node_fixe.format(switch.main_interface().domain.name,"Modèle",switch.model,"Nombre de ports",switch.number)) - for p in switch.ports.all().filter(related__isnull=False): - lignes.append(node_ports.format(p.port,p.related.switch.main_interface().domain.name)) - lignes.append(end_table.format(building.id,switch.id)) - lignes.append("}") - while(missing!=[]): - lignes,new_detected=recursive_switchs(missing[0].ports.all().filter(related=None).first(),None,lignes,[missing[0]]) - missing=[i for i in missing if i not in new_detected] - detected+=new_detected - for switch in Switch.objects.all().filter(switchbay__isnull=True).exclude(ports__related__isnull=False): - lignes.append(switch_alone.format(switch.id,switch.main_interface().domain.name)) - lignes.append("}") - fichier = open("media/images/switchs.dot","w") - for ligne in lignes: - fichier.write(ligne+"\n") + dico['subs'][-1]['switchs'].append({ + 'name': switch.main_interface().domain.name, + 'nombre': switch.number, + 'model': switch.model, + 'id': switch.id, + 'batiment': building, + 'ports': [] + }) + #Parcours tous les ports liés de ce switch, on ajoute les switchs relié à celui-ci + for port in switch.ports.filter(related__isnull=False): + dico['subs'][-1]['switchs'][-1]['ports'].append({ + 'numero': port.port, + 'related': port.related.switch.main_interface().domain.name + }) + + for ap in AccessPoint.all_ap_in(building): + dico['subs'][-1]['bornes'].append({ + 'name': ap.short_name, + 'switch': ap.switch()[0].main_interface().domain.name, + 'port': ap.switch()[0].ports.filter( + machine_interface__machine=ap + )[0].port + }) + for server in Server.all_server_in(building): + dico['subs'][-1]['machines'].append({ + 'name': server.short_name, + 'switch': server.switch()[0].main_interface().domain.name, + 'port': Port.objects.filter(machine_interface__machine=server)[0].port + }) + + #Tant que la liste des oubliés n'est pas vide i.e on les a pas tous passer + while missing: + print("depart initial sur:{}".format(missing[0])) + if missing[0].ports.count():#le switch à des ports + links, new_detected = recursive_switchs(missing[0].ports.first(), None, [missing[0]]) + for link in links: + dico['links'].append(link) + #On recrée la liste des oubliés et des detectés + missing=[i for i in missing if i not in new_detected] + detected += new_detected + else:#Si le switch n'a pas de port, on explore pas et on passe au suivant + del missing[0] + #Tous ceux qui ne sont ni connectés ni dans un batiment + for switch in Switch.objects.filter(switchbay__isnull=True).exclude(ports__related__isnull=False): + dico['alone'].append({ + 'id': switch.id, + 'name': switch.main_interface().domain.name + }) + + #Exportation du dot et génération de l'image + dot_data=generate_image(dico) + fichier = open(MEDIA_ROOT + "/images/switchs.dot","w", encoding='utf-8') + fichier.write(dot_data) fichier.close() - unflatten = Popen(["unflatten","-l", "3", "media/images/switchs.dot"], stdout=PIPE) - image = Popen(["dot", "-Tpng", "-o", "media/images/switchs.png"], stdin=unflatten.stdout, stdout=PIPE) + unflatten = Popen( + ["unflatten","-l", "3", MEDIA_ROOT + "/images/switchs.dot"], + stdout=PIPE + ) + image = Popen( + ["dot", "-Tpng", "-o", MEDIA_ROOT + "/images/switchs.png"], + stdin=unflatten.stdout, + stdout=PIPE + ) +def generate_image(data,template='topologie/graph_switch.dot'): + t = loader.get_template(template) + if not isinstance(t, Template) and not (hasattr(t, 'template') and isinstance(t.template, Template)): + raise Exception("Le template par défaut de Django n'est pas utilisé." + "Cela peut mener à des erreurs de rendu." + "Vérifiez les paramètres") + c = Context(data).flatten() + dot = t.render(c) + return(dot) -def recursive_switchs(port_start, switch_before, lignes,detected): +def recursive_switchs(port_start, switch_before, detected): """ Parcour récursivement le switchs auquel appartient port_start pour trouver les ports suivants liés """ - l_ports=port_start.switch.ports.filter(related__isnull=False) - for port in l_ports: - if port.related.switch!=switch_before and port.related.switch!=port.switch: - links=[] - for sw in [switch for switch in [port_start.switch,port.related.switch]]: - if(sw not in detected): - detected.append(sw) - if(sw.switchbay.building): - links.append("\"{}_{}\"".format(sw.switchbay.building.id,sw.id)) - else: - links.append("\"{}\"".format(sw.id)) - lignes.append(links[0]+" -> "+links[1]) - lignes, detected = recursive_switchs(port.related, port_start.switch, lignes, detected) - return (lignes, detected) + links_return=[]#Liste de dictionaires qui stockes les nouveaux liens trouvés + for port in port_start.switch.ports.filter(related__isnull=False):#Liste des ports dont le related est non null + if port.related.switch!=switch_before and port.related.switch != port.switch:#Pas le switch dont on descend, pas le switch actuel + links = {#dictionaire contenant le lien + 'depart':port_start.switch.id, + 'arrive':port.related.switch.id + } + if port.related.switch not in detected:#si le switch au bout de ce lien n'a pas été déjà exploré + links_down, detected = recursive_switchs(port.related, port_start.switch, detected)#On l'explore et on récupère le résultat + for link in links_down:#On ajoute les résultats du niveau inférieur à ceux du niveau actuel + if link: + links_return.append(link) + links_return.append(links)#Ajout des liens trouvés (niveau inférieur et actuel) à la liste à renvoyer + detected.append(port_start.switch)#Le switch est considéré comme parcouru + return (links_return, detected) + From 33d5df19a5144d78f8910661c4683c3cef0720d4 Mon Sep 17 00:00:00 2001 From: grisel-davy Date: Sat, 19 May 2018 21:20:55 +0200 Subject: [PATCH 02/27] Doc et commentaires --- topologie/views.py | 68 ++++++++++++++++++++++++---------------------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/topologie/views.py b/topologie/views.py index 871b5bbc..570b9673 100644 --- a/topologie/views.py +++ b/topologie/views.py @@ -77,7 +77,7 @@ from .models import ( AccessPoint, SwitchBay, Building, - Server + Server, ) from .forms import ( EditPortForm, @@ -947,14 +947,14 @@ def del_constructor_switch(request, constructor_switch, **_kwargs): def make_machine_graph(): """ - Crée le fichier dot et l'image du graph des Switchs + Create the graph of switchs, machines and access points. """ dico = { 'subs': [], 'links' : [], 'alone': [], 'colors': { - 'head': "#7f0505", + 'head': "#7f0505",#Color parameters for the graph 'back': "#b5adad", 'texte': "#563d01", 'border_bornes': "#02078e", @@ -964,8 +964,7 @@ def make_machine_graph(): } missing = list(Switch.objects.all()) detected = [] - - #Parcours tous les batiments + #Visit all buildings for building in Building.objects.all(): dico['subs'].append( { @@ -976,7 +975,7 @@ def make_machine_graph(): 'machines': [] } ) - #Parcours tous les switchs de ce batiment + #Visit all switchs in this building for switch in Switch.objects.filter(switchbay__building=building): dico['subs'][-1]['switchs'].append({ 'name': switch.main_interface().domain.name, @@ -986,7 +985,7 @@ def make_machine_graph(): 'batiment': building, 'ports': [] }) - #Parcours tous les ports liés de ce switch, on ajoute les switchs relié à celui-ci + #visit all ports of this switch and add the switchs linked to it for port in switch.ports.filter(related__isnull=False): dico['subs'][-1]['switchs'][-1]['ports'].append({ 'numero': port.port, @@ -1008,41 +1007,43 @@ def make_machine_graph(): 'port': Port.objects.filter(machine_interface__machine=server)[0].port }) - #Tant que la liste des oubliés n'est pas vide i.e on les a pas tous passer + #While the list of forgotten ones is not empty while missing: - print("depart initial sur:{}".format(missing[0])) - if missing[0].ports.count():#le switch à des ports - links, new_detected = recursive_switchs(missing[0].ports.first(), None, [missing[0]]) + if missing[0].ports.count():#The switch is not empty + links, new_detected = recursive_switchs(missing[0], None, [missing[0]]) for link in links: dico['links'].append(link) - #On recrée la liste des oubliés et des detectés + #Update the lists of missings and already detected switchs missing=[i for i in missing if i not in new_detected] detected += new_detected - else:#Si le switch n'a pas de port, on explore pas et on passe au suivant + else:#If the switch have no ports, don't explore it and hop to the next one del missing[0] - #Tous ceux qui ne sont ni connectés ni dans un batiment + #Switchs that are not connected or not in a building for switch in Switch.objects.filter(switchbay__isnull=True).exclude(ports__related__isnull=False): dico['alone'].append({ 'id': switch.id, 'name': switch.main_interface().domain.name }) - #Exportation du dot et génération de l'image - dot_data=generate_image(dico) + + dot_data=generate_image(dico)#generate the dot file fichier = open(MEDIA_ROOT + "/images/switchs.dot","w", encoding='utf-8') fichier.write(dot_data) fichier.close() - unflatten = Popen( + unflatten = Popen(#unflatten the graph to make it look better ["unflatten","-l", "3", MEDIA_ROOT + "/images/switchs.dot"], stdout=PIPE ) - image = Popen( + image = Popen(#pipe the result of the first command into the second ["dot", "-Tpng", "-o", MEDIA_ROOT + "/images/switchs.png"], stdin=unflatten.stdout, stdout=PIPE ) -def generate_image(data,template='topologie/graph_switch.dot'): +def generate_dot(data,template='topologie/graph_switch.dot'): + """create the dot file + data: dictionary passed to the template + template: path to the dot template""" t = loader.get_template(template) if not isinstance(t, Template) and not (hasattr(t, 'template') and isinstance(t.template, Template)): raise Exception("Le template par défaut de Django n'est pas utilisé." @@ -1052,23 +1053,24 @@ def generate_image(data,template='topologie/graph_switch.dot'): dot = t.render(c) return(dot) -def recursive_switchs(port_start, switch_before, detected): - """ - Parcour récursivement le switchs auquel appartient port_start pour trouver les ports suivants liés - """ - links_return=[]#Liste de dictionaires qui stockes les nouveaux liens trouvés - for port in port_start.switch.ports.filter(related__isnull=False):#Liste des ports dont le related est non null - if port.related.switch!=switch_before and port.related.switch != port.switch:#Pas le switch dont on descend, pas le switch actuel - links = {#dictionaire contenant le lien - 'depart':port_start.switch.id, +def recursive_switchs(switch_start, switch_before, detected): + """Visit the switch and travel to the switchs linked to it. + switch_start: the switch to begin the visit on + switch_before: the switch that you come from. None if switch_start is the first one + detected: list of all switchs already visited. None if switch_start is the first one""" + links_return=[]#list of dictionaries of the links to be detected + for port in switch_start.ports.filter(related__isnull=False):#Ports that are related to another switch + if port.related.switch != switch_before and port.related.switch != port.switch:#Not the switch that we come from, not the current switch + links = {#Dictionary of a link + 'depart':switch_start.id, 'arrive':port.related.switch.id } - if port.related.switch not in detected:#si le switch au bout de ce lien n'a pas été déjà exploré - links_down, detected = recursive_switchs(port.related, port_start.switch, detected)#On l'explore et on récupère le résultat - for link in links_down:#On ajoute les résultats du niveau inférieur à ceux du niveau actuel + if port.related.switch not in detected:#The switch at the end of this link has not been visited + links_down, detected = recursive_switchs(port.related.switch, switch_start, detected)#explore it and get the results + for link in links_down:#Add the non empty links to the current list if link: links_return.append(link) - links_return.append(links)#Ajout des liens trouvés (niveau inférieur et actuel) à la liste à renvoyer - detected.append(port_start.switch)#Le switch est considéré comme parcouru + links_return.append(links)#Add current and below levels links + detected.append(switch_start)#This switch is considered detected return (links_return, detected) From 7e3e27be909c090106660c9f8eed92cdd0866feb Mon Sep 17 00:00:00 2001 From: grisel-davy Date: Sun, 20 May 2018 11:42:35 +0200 Subject: [PATCH 03/27] Docstring reST style --- topologie/views.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/topologie/views.py b/topologie/views.py index 570b9673..9205b321 100644 --- a/topologie/views.py +++ b/topologie/views.py @@ -1042,8 +1042,9 @@ def make_machine_graph(): def generate_dot(data,template='topologie/graph_switch.dot'): """create the dot file - data: dictionary passed to the template - template: path to the dot template""" + :param data: dictionary passed to the template + :param template: path to the dot template + :return: all the lines of the dot file""" t = loader.get_template(template) if not isinstance(t, Template) and not (hasattr(t, 'template') and isinstance(t.template, Template)): raise Exception("Le template par défaut de Django n'est pas utilisé." @@ -1055,9 +1056,10 @@ def generate_dot(data,template='topologie/graph_switch.dot'): def recursive_switchs(switch_start, switch_before, detected): """Visit the switch and travel to the switchs linked to it. - switch_start: the switch to begin the visit on - switch_before: the switch that you come from. None if switch_start is the first one - detected: list of all switchs already visited. None if switch_start is the first one""" + :param switch_start: the switch to begin the visit on + :param switch_before: the switch that you come from. None if switch_start is the first one + :param detected: list of all switchs already visited. None if switch_start is the first one + :return: A list of all the links found and a list of all the switchs visited""" links_return=[]#list of dictionaries of the links to be detected for port in switch_start.ports.filter(related__isnull=False):#Ports that are related to another switch if port.related.switch != switch_before and port.related.switch != port.switch:#Not the switch that we come from, not the current switch From d8f139c2077c97d544255232fbac5cc57cb6a845 Mon Sep 17 00:00:00 2001 From: grisel-davy Date: Mon, 21 May 2018 21:13:44 +0200 Subject: [PATCH 04/27] =?UTF-8?q?R=C3=A9cup=C3=A9ration=20de=20code?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- topologie/models.py | 108 +++++++++++++- .../templates/topologie/graph_switch.dot | 135 ++++++++++++++++++ topologie/templates/topologie/index.html | 13 +- topologie/views.py | 60 ++++---- 4 files changed, 287 insertions(+), 29 deletions(-) create mode 100644 topologie/templates/topologie/graph_switch.dot diff --git a/topologie/models.py b/topologie/models.py index 23b72b75..e1c945c7 100644 --- a/topologie/models.py +++ b/topologie/models.py @@ -40,7 +40,8 @@ from __future__ import unicode_literals import itertools from django.db import models -from django.db.models.signals import post_save, post_delete +from django.db.models.signals import pre_save, post_save, post_delete +from django.utils.functional import cached_property from django.dispatch import receiver from django.core.exceptions import ValidationError from django.db import IntegrityError @@ -50,6 +51,11 @@ from reversion import revisions as reversion from machines.models import Machine, regen from re2o.mixins import AclMixin, RevMixin +from os.path import isfile +from os import remove + + + class Stack(AclMixin, RevMixin, models.Model): """Un objet stack. Regrouppe des switchs en foreign key @@ -103,6 +109,70 @@ class AccessPoint(AclMixin, Machine): ("view_accesspoint", "Peut voir une borne"), ) + def port(self): + """Return the queryset of ports for this device""" + return Port.objects.filter( + machine_interface__machine=self + ) + + def switch(self): + """Return the switch where this is plugged""" + return Switch.objects.filter( + ports__machine_interface__machine=self + ) + + def building(self): + """Return the building of the AP/Server (building of the switchs connected to...)""" + return Building.objects.filter( + switchbay__switch=self.switch() + ) + + @cached_property + def short_name(self): + return str(self.interface_set.first().domain.name) + + @classmethod + def all_ap_in(cls, building_instance): + """Get a building as argument, returns all ap of a building""" + return cls.objects.filter(interface__port__switch__switchbay__building=building_instance) + + def __str__(self): + return str(self.interface_set.first()) + + +class Server(Machine): + """Dummy class, to retrieve servers of a building, or get switch of a server""" + + class Meta: + proxy = True + + def port(self): + """Return the queryset of ports for this device""" + return Port.objects.filter( + machine_interface__machine=self + ) + + def switch(self): + """Return the switch where this is plugged""" + return Switch.objects.filter( + ports__machine_interface__machine=self + ) + + def building(self): + """Return the building of the AP/Server (building of the switchs connected to...)""" + return Building.objects.filter( + switchbay__switch=self.switch() + ) + + @cached_property + def short_name(self): + return str(self.interface_set.first().domain.name) + + @classmethod + def all_server_in(cls, building_instance): + """Get a building as argument, returns all server of a building""" + return cls.objects.filter(interface__port__switch__switchbay__building=building_instance).exclude(accesspoint__isnull=False) + def __str__(self): return str(self.interface_set.first()) @@ -422,15 +492,47 @@ class Room(AclMixin, RevMixin, models.Model): def ap_post_save(**_kwargs): """Regeneration des noms des bornes vers le controleur""" regen('unifi-ap-names') - + regen("graph_topo") @receiver(post_delete, sender=AccessPoint) def ap_post_delete(**_kwargs): """Regeneration des noms des bornes vers le controleur""" regen('unifi-ap-names') - + regen("graph_topo") @receiver(post_delete, sender=Stack) def stack_post_delete(**_kwargs): """Vide les id des switches membres d'une stack supprimée""" Switch.objects.filter(stack=None).update(stack_member_id=None) + +@receiver(post_save, sender=Port) +def port_post_save(**_kwargs): + regen("graph_topo") + +@receiver(post_delete, sender=Port) +def port_post_delete(**_kwargs): + regen("graph_topo") + +@receiver(post_save, sender=ModelSwitch) +def modelswitch_post_save(**_kwargs): + regen("graph_topo") + +@receiver(post_delete, sender=ModelSwitch) +def modelswitch_post_delete(**_kwargs): + regen("graph_topo") + +@receiver(post_save, sender=Building) +def building_post_save(**_kwargs): + regen("graph_topo") + +@receiver(post_delete, sender=Building) +def building_post_delete(**_kwargs): + regen("graph_topo") + +@receiver(post_save, sender=Switch) +def switch_post_save(**_kwargs): + regen("graph_topo") + +@receiver(post_delete, sender=Switch) +def switch_post_delete(**_kwargs): + regen("graph_topo") diff --git a/topologie/templates/topologie/graph_switch.dot b/topologie/templates/topologie/graph_switch.dot new file mode 100644 index 00000000..46c6a766 --- /dev/null +++ b/topologie/templates/topologie/graph_switch.dot @@ -0,0 +1,135 @@ +{% block graph_dot %} +strict digraph { +graph [label="TOPOLOGIE DU RÉSEAU", labelloc=t, fontsize=40]; +node [fontname=Helvetica fontsize=8 shape=plaintext]; +edge[arrowhead=none]; + + +{% block subgraphs %} +{% for sub in subs %} +subgraph cluster_{{ sub.bat_id }} { +fontsize=15; +label="Batiment {{ sub.bat_name }}"; + +{% if sub.bornes %} +{% block bornes %} +node [label=< + + + + + + +{% for borne in sub.bornes %} + + + + + +{% endfor %} +
+ Borne + Switch + Port
+ {{ borne.name }} + + {{ borne.switch }} + + {{ borne.port }} +
+>] {{sub.bat_name}}bornes; +{% endblock %} +{% endif %} + +{% if sub.machines %} +{% block machines %} +node [label=< + + + + + + + +{% for machine in sub.machines %} + + + + + +{% endfor %} +
+ Machine + Switch + Port
+ {{ machine.name }} + + {{ machine.switch }} + + {{ machine.port }} +
+>] {{sub.bat_name}}machines; +{% endblock %} +{% endif %} + + +{% block switchs %} +{% for switch in sub.switchs %} +node [label=< + + + + + + +{% block liens %} +{% for port in switch.ports %} + + +{% endfor %} +{% endblock %} +
+ +{{ switch.name }} +
+Modèle + +{{ switch.model }} +
+Taille + +{{ switch.nombre }} +
+{{ port.numero }} + +{{ port.related }} +
+>] "{{ switch.id }}" ; +{% endfor %} +{% endblock %} +} +{% endfor %} +{% endblock %} + + +{% block isoles %} +{% for switchs in alone %} +"{{switchs.id}}" [label=< + + +
+ +{{switchs.name}} +
+>] +{% endfor %} +{% endblock %} + + +{% block links %} +{% for link in links %} +"{{ link.depart }}" -> "{{ link.arrive }}"; +{% endfor %} +{% endblock %} +} +{% endblock %} \ No newline at end of file diff --git a/topologie/templates/topologie/index.html b/topologie/templates/topologie/index.html index 6e140251..b5df8a06 100644 --- a/topologie/templates/topologie/index.html +++ b/topologie/templates/topologie/index.html @@ -29,7 +29,18 @@ with this program; if not, write to the Free Software Foundation, Inc., {% block title %}Switchs{% endblock %} {% block content %} - + + + + + + + +
+ +
diff --git a/topologie/views.py b/topologie/views.py index 9205b321..b66c8243 100644 --- a/topologie/views.py +++ b/topologie/views.py @@ -45,6 +45,8 @@ from django.core.exceptions import ValidationError from django.contrib.staticfiles.storage import staticfiles_storage from django.template.loader import get_template from django.template import Context, Template, loader +from django.db.models.signals import post_save +from django.dispatch import receiver import pprint @@ -95,7 +97,13 @@ from .forms import ( EditBuildingForm ) -from subprocess import Popen,PIPE +from subprocess import ( + Popen, + PIPE +) + +from os.path import isfile +from os import remove @login_required @@ -124,6 +132,8 @@ def index(request): for service_link in Service_link.objects.filter(service__service_type='graph_topo'): service_link.done_regen() + if not isfile("/var/www/re2o/media/images/switchs.png"): + make_machine_graph() return render( request, 'topologie/index.html', @@ -954,7 +964,7 @@ def make_machine_graph(): 'links' : [], 'alone': [], 'colors': { - 'head': "#7f0505",#Color parameters for the graph + 'head': "#7f0505", # Color parameters for the graph 'back': "#b5adad", 'texte': "#563d01", 'border_bornes': "#02078e", @@ -964,8 +974,8 @@ def make_machine_graph(): } missing = list(Switch.objects.all()) detected = [] - #Visit all buildings - for building in Building.objects.all(): + for building in Building.objects.all(): # Visit all buildings + dico['subs'].append( { 'bat_id': building.id, @@ -975,8 +985,8 @@ def make_machine_graph(): 'machines': [] } ) - #Visit all switchs in this building - for switch in Switch.objects.filter(switchbay__building=building): + # Visit all switchs in this building + for switch in Switch.objects.filter(switchbay__building=building): dico['subs'][-1]['switchs'].append({ 'name': switch.main_interface().domain.name, 'nombre': switch.number, @@ -985,7 +995,7 @@ def make_machine_graph(): 'batiment': building, 'ports': [] }) - #visit all ports of this switch and add the switchs linked to it + # visit all ports of this switch and add the switchs linked to it for port in switch.ports.filter(related__isnull=False): dico['subs'][-1]['switchs'][-1]['ports'].append({ 'numero': port.port, @@ -1007,18 +1017,18 @@ def make_machine_graph(): 'port': Port.objects.filter(machine_interface__machine=server)[0].port }) - #While the list of forgotten ones is not empty + # While the list of forgotten ones is not empty while missing: - if missing[0].ports.count():#The switch is not empty + if missing[0].ports.count(): # The switch is not empty links, new_detected = recursive_switchs(missing[0], None, [missing[0]]) for link in links: dico['links'].append(link) - #Update the lists of missings and already detected switchs + # Update the lists of missings and already detected switchs missing=[i for i in missing if i not in new_detected] detected += new_detected - else:#If the switch have no ports, don't explore it and hop to the next one + else: # If the switch have no ports, don't explore it and hop to the next one del missing[0] - #Switchs that are not connected or not in a building + # Switchs that are not connected or not in a building for switch in Switch.objects.filter(switchbay__isnull=True).exclude(ports__related__isnull=False): dico['alone'].append({ 'id': switch.id, @@ -1026,21 +1036,21 @@ def make_machine_graph(): }) - dot_data=generate_image(dico)#generate the dot file + dot_data=generate_dot(dico,'topologie/graph_switch.dot') # generate the dot file fichier = open(MEDIA_ROOT + "/images/switchs.dot","w", encoding='utf-8') fichier.write(dot_data) fichier.close() - unflatten = Popen(#unflatten the graph to make it look better + unflatten = Popen( # unflatten the graph to make it look better ["unflatten","-l", "3", MEDIA_ROOT + "/images/switchs.dot"], stdout=PIPE ) - image = Popen(#pipe the result of the first command into the second + image = Popen( # pipe the result of the first command into the second ["dot", "-Tpng", "-o", MEDIA_ROOT + "/images/switchs.png"], stdin=unflatten.stdout, stdout=PIPE ) -def generate_dot(data,template='topologie/graph_switch.dot'): +def generate_dot(data,template): """create the dot file :param data: dictionary passed to the template :param template: path to the dot template @@ -1060,19 +1070,19 @@ def recursive_switchs(switch_start, switch_before, detected): :param switch_before: the switch that you come from. None if switch_start is the first one :param detected: list of all switchs already visited. None if switch_start is the first one :return: A list of all the links found and a list of all the switchs visited""" - links_return=[]#list of dictionaries of the links to be detected - for port in switch_start.ports.filter(related__isnull=False):#Ports that are related to another switch - if port.related.switch != switch_before and port.related.switch != port.switch:#Not the switch that we come from, not the current switch - links = {#Dictionary of a link + links_return=[] # list of dictionaries of the links to be detected + for port in switch_start.ports.filter(related__isnull=False): # Ports that are related to another switch + if port.related.switch != switch_before and port.related.switch != port.switch: # Not the switch that we come from, not the current switch + links = { # Dictionary of a link 'depart':switch_start.id, 'arrive':port.related.switch.id } - if port.related.switch not in detected:#The switch at the end of this link has not been visited - links_down, detected = recursive_switchs(port.related.switch, switch_start, detected)#explore it and get the results - for link in links_down:#Add the non empty links to the current list + if port.related.switch not in detected: # The switch at the end of this link has not been visited + links_down, detected = recursive_switchs(port.related.switch, switch_start, detected) # explore it and get the results + for link in links_down: # Add the non empty links to the current list if link: links_return.append(link) - links_return.append(links)#Add current and below levels links - detected.append(switch_start)#This switch is considered detected + links_return.append(links) # Add current and below levels links + detected.append(switch_start) # This switch is considered detected return (links_return, detected) From 8cc1841f6958203f0c730d87fcd725c914ff95f4 Mon Sep 17 00:00:00 2001 From: grisel-davy Date: Mon, 21 May 2018 21:19:10 +0200 Subject: [PATCH 05/27] ajout des migrations --- .../migrations/0081_auto_20180521_1413.py | 21 ++++++++++++++++ topologie/migrations/0060_server.py | 25 +++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 machines/migrations/0081_auto_20180521_1413.py create mode 100644 topologie/migrations/0060_server.py diff --git a/machines/migrations/0081_auto_20180521_1413.py b/machines/migrations/0081_auto_20180521_1413.py new file mode 100644 index 00000000..7948796a --- /dev/null +++ b/machines/migrations/0081_auto_20180521_1413.py @@ -0,0 +1,21 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2018-05-21 19:13 +from __future__ import unicode_literals + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('machines', '0080_auto_20180502_2334'), + ] + + operations = [ + migrations.AlterField( + model_name='extension', + name='soa', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='machines.SOA'), + ), + ] diff --git a/topologie/migrations/0060_server.py b/topologie/migrations/0060_server.py new file mode 100644 index 00000000..af067e7b --- /dev/null +++ b/topologie/migrations/0060_server.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2018-05-21 19:13 +from __future__ import unicode_literals + +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('machines', '0081_auto_20180521_1413'), + ('topologie', '0059_auto_20180415_2249'), + ] + + operations = [ + migrations.CreateModel( + name='Server', + fields=[ + ], + options={ + 'proxy': True, + }, + bases=('machines.machine',), + ), + ] From 93a9ce630f11bcb6fa300ee85f7932c39135c858 Mon Sep 17 00:00:00 2001 From: grisel-davy Date: Mon, 21 May 2018 22:05:31 +0200 Subject: [PATCH 06/27] Fichier dot temporaire --- topologie/views.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/topologie/views.py b/topologie/views.py index b66c8243..652ef475 100644 --- a/topologie/views.py +++ b/topologie/views.py @@ -48,7 +48,7 @@ from django.template import Context, Template, loader from django.db.models.signals import post_save from django.dispatch import receiver -import pprint +import tempfile from users.views import form from re2o.utils import re2o_paginator, SortTable @@ -1037,11 +1037,12 @@ def make_machine_graph(): dot_data=generate_dot(dico,'topologie/graph_switch.dot') # generate the dot file - fichier = open(MEDIA_ROOT + "/images/switchs.dot","w", encoding='utf-8') - fichier.write(dot_data) - fichier.close() + + f = tempfile.NamedTemporaryFile(mode='w+', encoding='utf-8', delete=False) # Create a temporary file to store the dot data + with f: + f.write(dot_data) unflatten = Popen( # unflatten the graph to make it look better - ["unflatten","-l", "3", MEDIA_ROOT + "/images/switchs.dot"], + ["unflatten","-l", "3", f.name], stdout=PIPE ) image = Popen( # pipe the result of the first command into the second From f9af3fad8bed844f93c54d5713ed64c3d186fe9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Mon, 21 May 2018 21:50:11 +0000 Subject: [PATCH 07/27] Fix generate img when spaces in names --- topologie/templates/topologie/graph_switch.dot | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/topologie/templates/topologie/graph_switch.dot b/topologie/templates/topologie/graph_switch.dot index 46c6a766..a6a4c62d 100644 --- a/topologie/templates/topologie/graph_switch.dot +++ b/topologie/templates/topologie/graph_switch.dot @@ -37,7 +37,7 @@ node [label=< {% endfor %} ->] {{sub.bat_name}}bornes; +>] "{{sub.bat_name}}bornes"; {% endblock %} {% endif %} @@ -68,7 +68,7 @@ node [label=< {% endfor %} ->] {{sub.bat_name}}machines; +>] "{{sub.bat_name}}machines"; {% endblock %} {% endif %} From a8f3614e3012ec4e8c9cbafd063194d020f8f440 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Mon, 21 May 2018 21:50:40 +0000 Subject: [PATCH 08/27] Hide graph by default --- topologie/templates/topologie/index.html | 34 +++++++++++++++--------- 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/topologie/templates/topologie/index.html b/topologie/templates/topologie/index.html index b5df8a06..a7c4bb51 100644 --- a/topologie/templates/topologie/index.html +++ b/topologie/templates/topologie/index.html @@ -30,7 +30,27 @@ with this program; if not, write to the Free Software Foundation, Inc., {% block content %} - @@ -38,20 +58,10 @@ Topologie des Switchs -
+ - - - -

Switchs

{% can_create Switch %} Ajouter un switch From c06d710d3c5746ae01df6a985537aa6b959f526f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Mon, 21 May 2018 22:03:23 +0000 Subject: [PATCH 09/27] Typo --- topologie/templates/topologie/graph_switch.dot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/topologie/templates/topologie/graph_switch.dot b/topologie/templates/topologie/graph_switch.dot index a6a4c62d..cb9dfaf8 100644 --- a/topologie/templates/topologie/graph_switch.dot +++ b/topologie/templates/topologie/graph_switch.dot @@ -9,7 +9,7 @@ edge[arrowhead=none]; {% for sub in subs %} subgraph cluster_{{ sub.bat_id }} { fontsize=15; -label="Batiment {{ sub.bat_name }}"; +label="Bâtiment {{ sub.bat_name }}"; {% if sub.bornes %} {% block bornes %} From d797f18acedb89a5093f48d827d5ad850d31f3b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Tue, 15 May 2018 18:48:56 +0000 Subject: [PATCH 10/27] Fix install script --- install_re2o.sh | 2 +- .../migrations/0063_auto_20171020_0040.py | 1 + .../migrations/0081_auto_20180515_2034.py | 21 +++++++++++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 machines/migrations/0081_auto_20180515_2034.py diff --git a/install_re2o.sh b/install_re2o.sh index d755eb05..cc8a4b67 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -240,7 +240,7 @@ install_base=$(dialog --clear \ echo "Installation des paquets de base" apt-get -y install python3-django python3-dateutil texlive-latex-base texlive-fonts-recommended python3-djangorestframework python3-django-reversion python3-pip libsasl2-dev libldap2-dev libssl-dev python3-crypto python3-git pip3 install django-bootstrap3 -pip3 install django-ldapdb +pip3 install django-ldapdb==0.9.0 pip3 install django-macaddress if [ $sql_bdd_type == 1 ] diff --git a/machines/migrations/0063_auto_20171020_0040.py b/machines/migrations/0063_auto_20171020_0040.py index d2f9afd9..0e049881 100644 --- a/machines/migrations/0063_auto_20171020_0040.py +++ b/machines/migrations/0063_auto_20171020_0040.py @@ -11,6 +11,7 @@ class Migration(migrations.Migration): dependencies = [ ('machines', '0062_extension_origin_v6'), + ('reversion', '0001_squashed_0004_auto_20160611_1202') ] operations = [ diff --git a/machines/migrations/0081_auto_20180515_2034.py b/machines/migrations/0081_auto_20180515_2034.py new file mode 100644 index 00000000..c812a310 --- /dev/null +++ b/machines/migrations/0081_auto_20180515_2034.py @@ -0,0 +1,21 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.10.7 on 2018-05-15 18:34 +from __future__ import unicode_literals + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ('machines', '0080_auto_20180502_2334'), + ] + + operations = [ + migrations.AlterField( + model_name='extension', + name='soa', + field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='machines.SOA'), + ), + ] From 6646293ec827b72bbd54d05955bad62bc70db420 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Tue, 15 May 2018 20:09:08 +0000 Subject: [PATCH 11/27] Fix #122 + translation in install_re2o.sh --- install_re2o.sh | 441 ++++++++++++++++++++++++++---------------------- 1 file changed, 236 insertions(+), 205 deletions(-) diff --git a/install_re2o.sh b/install_re2o.sh index cc8a4b67..14530ab2 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -3,24 +3,24 @@ setup_ldap() { apt-get -y install slapd - echo "Hashage du mot de passe ldap..." + echo "Hashing the LDAP password..." hashed_ldap_passwd=$(slappasswd -s $1) echo $hashed_ldap_passwd - echo "Formatage des fichiers de config ldap" + echo "Building the LDAP config files" sed 's|dc=example,dc=org|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db sed 's|dc=example,dc=org|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema - echo "Destruction config ldap existante" + echo "Deleting exisitng LDAP configuration" service slapd stop rm -rf /etc/ldap/slapd.d/* rm -rf /var/lib/ldap/* - echo "Ecriture de la configuration actuelle" + echo "Setting up the new LDAP configuration" slapadd -n 0 -l /tmp/schema -F /etc/ldap/slapd.d/ slapadd -n 1 -l /tmp/db - echo "Reparation des permissions et redémarage de slapd" + echo "Fixing the LDAP files permissions and restarting slapd" chown -R openldap:openldap /etc/ldap/slapd.d chown -R openldap:openldap /var/lib/ldap service slapd start @@ -28,33 +28,37 @@ setup_ldap() { install_re2o_server() { -echo "Installation de Re2o ! -Cet utilitaire va procéder à l'installation initiale de re2o. Le serveur présent doit être vierge. -Preconfiguration..." +echo "Re2o setup ! +This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation. +Installing sudo and dialog packages..." export DEBIAN_FRONTEND=noninteractive apt-get -y install sudo dialog -HEIGHT=15 -WIDTH=40 -init=$(dialog --clear \ - --title "Installation de Re2o !" \ - --msgbox "Cet utilitaire va procéder à l'installation initiale de re2o. Le serveur présent doit être vierge de préférence. Preconfiguration..." \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) - - HEIGHT=15 WIDTH=40 CHOICE_HEIGHT=4 -BACKTITLE="Preconfiguration re2o" -MENU="Choisir une option" -TITLE="Choix du moteur bdd" +TITLE="Re2o setup !" +MSGBOX="This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation." +init=$(dialog --clear \ + --title "$TITLE" \ + --msgbox "$MSGBOX" \ + $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) + + + + + + + +BACKTITLE="Re2o preconfiguration of the database" +MENU="Choose an option" +TITLE="Database engine" OPTIONS=(1 "mysql" 2 "postgresql") - sql_bdd_type=$(dialog --clear \ --backtitle "$BACKTITLE" \ --title "$TITLE" \ @@ -66,12 +70,16 @@ sql_bdd_type=$(dialog --clear \ clear -TITLE="Extension locale (ex : example.org)" + + + +TITLE="Local extension to use (ex : example.net)" extension_locale=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) + --backtitle "$BACKTITLE" \ + --inputbox "$TITLE" \ + $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) clear IFS='.' read -a extension_locale_array <<< $extension_locale @@ -84,9 +92,13 @@ done ldap_dn=${ldap_dn::-1} echo $ldap_dn -TITLE="Emplacement de la bdd" + + + + +TITLE="SQL database location" OPTIONS=(1 "Local" - 2 "Distant") + 2 "Remote") sql_is_local=$(dialog --clear \ --backtitle "$BACKTITLE" \ @@ -98,7 +110,7 @@ sql_is_local=$(dialog --clear \ clear -TITLE="Mot de passe sql" +TITLE="SQL database password" sql_password=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ @@ -109,19 +121,19 @@ clear if [ $sql_is_local == 2 ] then -TITLE="Login sql" +TITLE="Username to access the remote SQL database" sql_login=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ --inputbox "$TITLE" $HEIGHT $WIDTH \ 2>&1 >/dev/tty) clear -TITLE="Nom de la bdd sql" +TITLE="Name of the SQL database" sql_name=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ --inputbox "$TITLE" $HEIGHT $WIDTH \ 2>&1 >/dev/tty) clear -TITLE="Hote de la base de donnée" +TITLE="Host of the remote SQL database" sql_host=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ --inputbox "$TITLE" $HEIGHT $WIDTH \ @@ -133,18 +145,15 @@ sql_login="re2o" sql_host="localhost" fi -mysql_command="CREATE DATABASE $sql_name collate='utf8_general_ci'; -CREATE USER '$sql_login'@'localhost' IDENTIFIED BY '$sql_password'; -GRANT ALL PRIVILEGES ON $sql_name.* TO '$sql_login'@'localhost'; -FLUSH PRIVILEGES;" -pgsql_command1="CREATE DATABASE $sql_name ENCODING 'UTF8' LC_COLLATE='fr_FR.UTF-8' LC_CTYPE='fr_FR.UTF-8';" -pgsql_command2="CREATE USER $sql_login with password '$sql_password';" -pgsql_command3="ALTER DATABASE $sql_name owner to $sql_login;" -TITLE="Emplacement du ldap" + + + +BACKTITLE="Re2o preconfiguration of the active directory" +TITLE="LDAP location" OPTIONS=(1 "Local" - 2 "Distant") + 2 "Remote") ldap_is_local=$(dialog --clear \ --backtitle "$BACKTITLE" \ @@ -154,16 +163,7 @@ ldap_is_local=$(dialog --clear \ "${OPTIONS[@]}" \ 2>&1 >/dev/tty) - -HEIGHT=15 -WIDTH=40 -instal_ldap=$(dialog --clear \ - --title "Installation de Re2o !" \ - --msgbox "Vous devrez fournir un login/host dans le cas où le ldap est non local" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) - -TITLE="Mot de passe ldap" +TITLE="LDAP password" ldap_password=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ --inputbox "$TITLE" $HEIGHT $WIDTH \ @@ -171,35 +171,51 @@ ldap_password=$(dialog --title "$TITLE" \ clear if [ $ldap_is_local == 2 ] then -TITLE="Cn ldap admin" -ldap_cn=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -clear -TITLE="Hote ldap" -ldap_host=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -clear + TITLE="CN entry for the admin user of the remote LDAP" + ldap_cn=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$TITLE" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) + clear + TITLE="Host of the remote LDAP" + ldap_host=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$TITLE" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) + clear + TITLE="Is the TLS activated ?" + OPTIONS=(1 "Yes" + 2 "No") + ldap_tls=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --MENU "$MENU"\ + $HEIGHT $WIDTH $CHOICE_HEIGHT \ + "${OPTIONS[@]}" \ + 2>&1 >/dev/tty) + clear else -ldap_cn="cn=admin," -ldap_cn+=$ldap_dn -ldap_host="localhost" + ldap_cn="cn=admin," + ldap_cn+=$ldap_dn + ldap_host="localhost" + ldap_tls=2 fi -TITLE="Hôte pour l'envoi de mail" + + + +BACKTITLE="Re2o preconfiguration of the mail server" +TITLE="Host of the mail server to use" email_host=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ + --inputbox "$TITLE" \ + $HEIGHT $WIDTH \ 2>&1 >/dev/tty) -TITLE="Port du serveur mail" -OPTIONS=(25 "25 (SMTP)" - 465 "465 (SMTPS)" - 587 "587 (Submission)") +TITLE="Port of the mail server" +OPTIONS=(25 "SMTP" + 465 "SMTPS" + 587 "Submission") email_port=$(dialog --clear \ --backtitle "$BACKTITLE" \ @@ -209,101 +225,100 @@ email_port=$(dialog --clear \ "${OPTIONS[@]}" \ 2>&1 >/dev/tty) clear -if [ $ldap_is_local == 2 ] -then -TITLE="Cn ldap admin" -ldap_cn=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -clear -TITLE="Hote ldap" -ldap_host=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -clear -else -ldap_cn="cn=admin," -ldap_cn+=$ldap_dn -ldap_host="localhost" -fi -HEIGHT=15 -WIDTH=40 install_base=$(dialog --clear \ - --title "Installation de Re2o !" \ + --title "Re2o setup!" \ --msgbox "Installation des paquets de base" \ $HEIGHT $WIDTH \ 2>&1 >/dev/tty) -echo "Installation des paquets de base" -apt-get -y install python3-django python3-dateutil texlive-latex-base texlive-fonts-recommended python3-djangorestframework python3-django-reversion python3-pip libsasl2-dev libldap2-dev libssl-dev python3-crypto python3-git -pip3 install django-bootstrap3 -pip3 install django-ldapdb==0.9.0 -pip3 install django-macaddress + + +echo "Installation des paquets de base" +apt-get -y install python3-django python3-dateutil texlive-latex-base texlive-fonts-recommended python3-djangorestframework python3-django-reversion python3-pip libsasl2-dev libldap2-dev libssl-dev python3-crypto python3-git libjs-jquery libjs-jquery-uil libjs-jquery-timepicker libjs-bootstrap +pip3 install django-bootstrap3 django-ldapdb==0.9.0 django-macaddress + + + + + +echo "SQL Database setup" if [ $sql_bdd_type == 1 ] then apt-get -y install python3-mysqldb mysql-client + mysql_command="CREATE DATABASE $sql_name collate='utf8_general_ci'; + CREATE USER '$sql_login'@'localhost' IDENTIFIED BY '$sql_password'; + GRANT ALL PRIVILEGES ON $sql_name.* TO '$sql_login'@'localhost'; + FLUSH PRIVILEGES;" if [ $sql_is_local == 1 ] then - apt-get -y install mysql-server - mysql -u root --execute="$mysql_command" + apt-get -y install mysql-server + mysql -u root --execute="$mysql_command" else - echo "Veuillez saisir la commande suivante sur le serveur sql distant, puis validez" - echo $mysql_command - while true; do - read -p "Continue (y/n)?" choice - case "$choice" in - y|Y ) break;; - n|N ) exit;; - * ) echo "invalid";; - esac - done + echo "Please execute the following command on the remote SQL server and then continue" + echo "$mysql_command" + while true + do + read -p "Continue (y/n)?" choice + case "$choice" in + y|Y ) break;; + n|N ) exit;; + * ) echo "Invalid";; + esac + done fi else - apt-get -y install postgresql-client - apt-get -y install python3-psycopg2 + apt-get -y install postgresql-client python3-psycopg2 + pgsql_command1="CREATE DATABASE $sql_name ENCODING 'UTF8' LC_COLLATE='fr_FR.UTF-8' LC_CTYPE='fr_FR.UTF-8';" + pgsql_command2="CREATE USER $sql_login with password '$sql_password';" + pgsql_command3="ALTER DATABASE $sql_name owner to $sql_login;" if [ $sql_is_local == 1 ] then - apt-get -y install postgresql - sudo -u postgres psql --command="$pgsql_command1" - sudo -u postgres psql --command="$pgsql_command2" - sudo -u postgres psql --command="$pgsql_command3" + apt-get -y install postgresql + sudo -u postgres psql --command="$pgsql_command1" + sudo -u postgres psql --command="$pgsql_command2" + sudo -u postgres psql --command="$pgsql_command3" else - echo "Veuillez saisir la commande suivante sur le serveur sql distant, puis validez" - echo sudo -u postgres psql $pgsql_command1 - echo sudo -u postgres psql $pgsql_command2 - echo sudo -u postgres psql $pgsql_command3 - while true; do - read -p "Continue (y/n)?" choice - case "$choice" in - y|Y ) break;; - n|N ) exit;; - * ) echo "invalid";; - esac - done + echo "Please execute the following commands on the remote SQL server and then continue" + echo "sudo -u postgres psql $pgsql_command1" + echo "sudo -u postgres psql $pgsql_command2" + echo "sudo -u postgres psql $pgsql_command3" + while true + do + read -p "Continue (y/n)?" choice + case "$choice" in + y|Y ) break;; + n|N ) exit;; + * ) echo "Invalid";; + esac + done fi fi + + + + +echo "LDAP setup" if [ $ldap_is_local == 1 ] then - -setup_ldap $ldap_password $ldap_dn - + setup_ldap $ldap_password $ldap_dn else - -HEIGHT=15 -WIDTH=40 -ldap_setup=$(dialog --clear \ - --title "Setup ldap" \ - --msgbox "Vous devrez manuellement effectuer les opérations de setup de la base ldap sur le serveurs distant. Lancez la commande : ./install_re2o.sh ldap $ldap_password $ldap_dn" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) + TITLE="LDAP server setup" + MSGBOX="Please manually setup the remote LDAP server by launching the following commands: ./install_re2o.sh ldap $ldap_password $ldap_dn" + ldap_setup=$(dialog --clear \ + --title "$TITLE" \ + --msgbox "$MSGBOX" \ + $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) fi -echo "Ecriture de settings_local" + + + + +echo "Writing of the settings_local.py file" django_secret_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))") aes_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))") @@ -316,12 +331,16 @@ else sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' re2o/settings_local.py fi sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' re2o/settings_local.py -sed -i 's/THE_AES_KEY/'"$aes_key"'/g' re2o/settings_local.py sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' re2o/settings_local.py +sed -i 's/A_SECRET_AES_KEY/'"$aes_key"'/g' re2o/settings_local.py sed -i 's/db_name_value/'"$sql_name"'/g' re2o/settings_local.py sed -i 's/db_user_value/'"$sql_login"'/g' re2o/settings_local.py sed -i 's/db_host_value/'"$sql_host"'/g' re2o/settings_local.py sed -i 's/ldap_dn/'"$ldap_cn"'/g' re2o/settings_local.py +if [ $ldap_tls == 2 ] +then + sed -i "s/'TLS': True,/# 'TLS': True,#/g" re2o/settings_local.py +fi sed -i 's/SUPER_SECRET_LDAP/'"$ldap_password"'/g' re2o/settings_local.py sed -i 's/ldap_host_ip/'"$ldap_host"'/g' re2o/settings_local.py sed -i 's/dc=example,dc=org/'"$ldap_dn"'/g' re2o/settings_local.py @@ -329,26 +348,39 @@ sed -i 's/example.org/'"$extension_locale"'/g' re2o/settings_local.py sed -i 's/MY_EMAIL_HOST/'"$email_host"'/g' re2o/settings_local.py sed -i 's/MY_EMAIL_PORT/'"$email_port"'/g' re2o/settings_local.py -HEIGHT=15 -WIDTH=40 + + + +TITLE="Django setup" +MSGBOX="Applying the Django database migrations" migrations=$(dialog --clear \ - --title "Setup django" \ - --msgbox "Application des migrations" \ + --title "$TITLE" \ + --msgbox "$MSGBOX" \ $HEIGHT $WIDTH \ 2>&1 >/dev/tty) + python3 manage.py migrate -HEIGHT=15 -WIDTH=40 + + + + + +TITLE="Django setup" +MSGBOX="Collecting statics" static=$(dialog --clear \ - --title "Setup django" \ - --msgbox "Collecte des statiques" \ + --title "$TITLE" \ + --msgbox "$MSGBOX" \ $HEIGHT $WIDTH \ 2>&1 >/dev/tty) + python3 manage.py collectstatic -BACKTITLE="Fin de l'installation" -TITLE="Serveur web à utiliser" + + + +BACKTITLE="Web server" +TITLE="Web server to use" OPTIONS=(1 "apache2" 2 "nginx") @@ -362,14 +394,15 @@ web_serveur=$(dialog --clear \ clear -TITLE="Url où servir le serveur web (ex : re2o.example.org). Assurez-vous que ce tld existe bien et répond auprès du DNS" +TITLE="URL for accessing the web server (e.g. re2o.example.net). Be sure that this URL is accessible and correspond to a DNS entry if applicable." url_server=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ + --inputbox "$TITLE" \ + $HEIGHT $WIDTH \ 2>&1 >/dev/tty) clear -TITLE="Utiliser tls et générer automatiquement le certificat LE ?" +TITLE="Activate TLS with Let'Encrypt on the web server ?" OPTIONS=(1 "Oui" 2 "Non") @@ -385,72 +418,70 @@ clear sed -i 's/URL_SERVER/'"$url_server"'/g' re2o/settings_local.py - if [ $web_serveur == 1 ] then -apt-get -y install apache2 libapache2-mod-wsgi-py3 -a2enmod ssl -a2enmod wsgi -if [ $is_tls == 1 ] -then -cp install_utils/apache2/re2o-tls.conf /etc/apache2/sites-available/re2o.conf -apt-get -y install certbot -apt-get -y install python-certbot-apache -certbot certonly --rsa-key-size 4096 --apache -d $url_server -sed -i 's/LE_PATH/'"$url_server"'/g' /etc/apache2/sites-available/re2o.conf + apt-get -y install apache2 libapache2-mod-wsgi-py3 + a2enmod ssl + a2enmod wsgi + if [ $is_tls == 1 ] + then + cp install_utils/apache2/re2o-tls.conf /etc/apache2/sites-available/re2o.conf + apt-get -y install certbot + apt-get -y install python-certbot-apache + certbot certonly --rsa-key-size 4096 --apache -d $url_server + sed -i 's/LE_PATH/'"$url_server"'/g' /etc/apache2/sites-available/re2o.conf + else + cp install_utils/apache2/re2o.conf /etc/apache2/sites-available/re2o.conf + fi + rm /etc/apache2/sites-enabled/000-default.conf + sed -i 's|URL_SERVER|'"$url_server"'|g' /etc/apache2/sites-available/re2o.conf + current_path=$(pwd) + sed -i 's|PATH|'"$current_path"'|g' /etc/apache2/sites-available/re2o.conf + a2ensite re2o + service apache2 reload else -cp install_utils/apache2/re2o.conf /etc/apache2/sites-available/re2o.conf -fi -rm /etc/apache2/sites-enabled/000-default.conf -sed -i 's|URL_SERVER|'"$url_server"'|g' /etc/apache2/sites-available/re2o.conf -current_path=$(pwd) -sed -i 's|PATH|'"$current_path"'|g' /etc/apache2/sites-available/re2o.conf -a2ensite re2o -service apache2 reload -else -HEIGHT=15 -WIDTH=40 -web_server=$(dialog --clear \ - --title "Setup serveur web" \ - --msgbox "Nginx non supporté, vous devrez installer manuellement" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) - + TITLE="Web server setup" + MSGBOX="Nginx non supporté, vous devrez installer manuellement" + web_server=$(dialog --clear \ + --title "$TITLE" \ + --msgbox "$MSGBOX" \ + $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) fi python3 manage.py createsuperuser -HEIGHT=15 -WIDTH=40 + + + + +TITLE="End of the setup" +MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything." end=$(dialog --clear \ - --title "Installation terminée" \ + --title "$TITLE" \ --msgbox "Vous pouvez à présent vous rendre sur $url_server, et vous connecter. Votre utilisateur dispose des privilèges superuser" \ $HEIGHT $WIDTH \ 2>&1 >/dev/tty) } -apt install libjs-jquery -apt install libjs-jquery-ui -apt install libjs-jquery-timepicker -apt install libjs-bootstrap main_function() { -if [ ! -z "$1" ] -then -if [ $1 == ldap ] -then -if [ ! -z "$2" ] -then -echo Installation du ldap -setup_ldap $2 $3 -else -echo Arguments invalides ! -exit -fi -fi -else -install_re2o_server -fi + if [ ! -z "$1" ] + then + if [ $1 == ldap ] + then + if [ ! -z "$2" ] + then + echo Installation du ldap + setup_ldap $2 $3 + else + echo Arguments invalides ! + exit + fi + fi + else + install_re2o_server + fi } main_function $1 $2 $3 From 0fe734e09740f50018526d75cb3332fa81c46b00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Tue, 15 May 2018 21:27:06 +0000 Subject: [PATCH 12/27] More blabla on install_re2o.sh --- install_re2o.sh | 129 +++++++++++++++++++++++++++--------------------- 1 file changed, 73 insertions(+), 56 deletions(-) diff --git a/install_re2o.sh b/install_re2o.sh index 14530ab2..3dba4d7f 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -55,8 +55,8 @@ init=$(dialog --clear \ BACKTITLE="Re2o preconfiguration of the database" -MENU="Choose an option" TITLE="Database engine" +MENU="Which engine should be used as the database ?" OPTIONS=(1 "mysql" 2 "postgresql") sql_bdd_type=$(dialog --clear \ @@ -73,11 +73,11 @@ clear -TITLE="Local extension to use (ex : example.net)" - +TITLE="Local extension" +INPUTBOX="The local extension to use (e.g. 'example.net'). This is used in the LDAP configuration." extension_locale=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" \ + --inputbox "$INPUTBOX" \ $HEIGHT $WIDTH \ 2>&1 >/dev/tty) clear @@ -96,10 +96,12 @@ echo $ldap_dn -TITLE="SQL database location" +TITLE="SQL location" +MENU="Where to install the SQL database ? +* 'Local' will setup everything automatically but is not recommended for production +* 'Remote' will ask you to manually perform some setup commands on the remote server)" OPTIONS=(1 "Local" 2 "Remote") - sql_is_local=$(dialog --clear \ --backtitle "$BACKTITLE" \ --title "$TITLE" \ @@ -110,39 +112,42 @@ sql_is_local=$(dialog --clear \ clear -TITLE="SQL database password" - +TITLE="SQL password" +INPUTBOX="The password to access the SQL database" sql_password=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ + --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ 2>&1 >/dev/tty) clear if [ $sql_is_local == 2 ] then -TITLE="Username to access the remote SQL database" -sql_login=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -clear -TITLE="Name of the SQL database" -sql_name=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -clear -TITLE="Host of the remote SQL database" -sql_host=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -clear + TITLE="SQL username" + INPUTBOX="The username to access the remote SQL database" + sql_login=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) + clear + TITLE="SQL database name" + INPUTBOX="The name of the remote SQL database" + sql_name=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) + clear + TITLE="SQL host" + INPUTBOX="The host of the remote SQL database" + sql_host=$(dialog --title "$TITLE" \ + --backtitle "$BACKTITLE" \ + --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ + 2>&1 >/dev/tty) + clear else -sql_name="re2o" -sql_login="re2o" -sql_host="localhost" + sql_name="re2o" + sql_login="re2o" + sql_host="localhost" fi @@ -151,10 +156,13 @@ fi BACKTITLE="Re2o preconfiguration of the active directory" + TITLE="LDAP location" +MENU="Where to install the LDAP ? +* 'Local' will setup everything automatically but is not recommended for production +* 'Remote' will ask you to manually perform some setup commands on the remote server)" OPTIONS=(1 "Local" 2 "Remote") - ldap_is_local=$(dialog --clear \ --backtitle "$BACKTITLE" \ --title "$TITLE" \ @@ -164,26 +172,29 @@ ldap_is_local=$(dialog --clear \ 2>&1 >/dev/tty) TITLE="LDAP password" +INPUTBOX="The password to access the LDAP" ldap_password=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ + --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ 2>&1 >/dev/tty) clear if [ $ldap_is_local == 2 ] then - TITLE="CN entry for the admin user of the remote LDAP" + TITLE="CN of amdin user" + INPUTBOX="The CN entry for the admin user of the remote LDAP" ldap_cn=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ + --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ 2>&1 >/dev/tty) clear - TITLE="Host of the remote LDAP" + TITLE="LDAP host" + INPUTBOX="The host of the remote LDAP" ldap_host=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" $HEIGHT $WIDTH \ + --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ 2>&1 >/dev/tty) clear - TITLE="Is the TLS activated ?" + TITLE="Activate TLS for remote LDAP ?" OPTIONS=(1 "Yes" 2 "No") ldap_tls=$(dialog --title "$TITLE" \ @@ -205,18 +216,20 @@ fi BACKTITLE="Re2o preconfiguration of the mail server" -TITLE="Host of the mail server to use" + +TITLE="Mail server host" +INPUTBOX="The host of the mail server to use" email_host=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ --inputbox "$TITLE" \ $HEIGHT $WIDTH \ 2>&1 >/dev/tty) -TITLE="Port of the mail server" +TITLE="Mail server Port" +MENU="Which port (thus which protocol) to use to contact the mail server" OPTIONS=(25 "SMTP" 465 "SMTPS" 587 "Submission") - email_port=$(dialog --clear \ --backtitle "$BACKTITLE" \ --title "$TITLE" \ @@ -226,16 +239,18 @@ email_port=$(dialog --clear \ 2>&1 >/dev/tty) clear + + + +TITLE="Re2o setup !" +MSGBOX="Setup of the required packages" install_base=$(dialog --clear \ - --title "Re2o setup!" \ - --msgbox "Installation des paquets de base" \ + --title "$TITLE" \ + --msgbox "$MSGBOX" \ $HEIGHT $WIDTH \ 2>&1 >/dev/tty) - - - -echo "Installation des paquets de base" +echo "Setup of the required packages" apt-get -y install python3-django python3-dateutil texlive-latex-base texlive-fonts-recommended python3-djangorestframework python3-django-reversion python3-pip libsasl2-dev libldap2-dev libssl-dev python3-crypto python3-git libjs-jquery libjs-jquery-uil libjs-jquery-timepicker libjs-bootstrap pip3 install django-bootstrap3 django-ldapdb==0.9.0 django-macaddress @@ -380,10 +395,11 @@ python3 manage.py collectstatic BACKTITLE="Web server" + TITLE="Web server to use" +MENU="Which web server to install for accessing Re2o web frontend (automatic setup of nginx is not supported) ?" OPTIONS=(1 "apache2" 2 "nginx") - web_serveur=$(dialog --clear \ --backtitle "$BACKTITLE" \ --title "$TITLE" \ @@ -394,18 +410,19 @@ web_serveur=$(dialog --clear \ clear -TITLE="URL for accessing the web server (e.g. re2o.example.net). Be sure that this URL is accessible and correspond to a DNS entry if applicable." +TITLE="Web URL" +INPUTBOX="URL for accessing the web server (e.g. re2o.example.net). Be sure that this URL is accessible and correspond to a DNS entry if applicable." url_server=$(dialog --title "$TITLE" \ --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" \ + --inputbox "$INPUTBOX" \ $HEIGHT $WIDTH \ 2>&1 >/dev/tty) clear -TITLE="Activate TLS with Let'Encrypt on the web server ?" -OPTIONS=(1 "Oui" - 2 "Non") - +TITLE="TLS on web server" +MENU="Would you like to activate the TLS (with Let'Encrypt) on the web server ?" +OPTIONS=(1 "Yes" + 2 "No") is_tls=$(dialog --clear \ --backtitle "$BACKTITLE" \ --title "$TITLE" \ @@ -441,7 +458,7 @@ then service apache2 reload else TITLE="Web server setup" - MSGBOX="Nginx non supporté, vous devrez installer manuellement" + MSGBOX="Nginx automatic setup is not supported. Please configure it manually." web_server=$(dialog --clear \ --title "$TITLE" \ --msgbox "$MSGBOX" \ @@ -472,10 +489,10 @@ main_function() { then if [ ! -z "$2" ] then - echo Installation du ldap + echo "Installation du ldap" setup_ldap $2 $3 else - echo Arguments invalides ! + echo "Arguments invalides !" exit fi fi From 4963ec3c1b77474e002c08d8880b8930e0738c6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Tue, 15 May 2018 23:28:45 +0000 Subject: [PATCH 13/27] Comments, cleanup, reorder and echo in install_re2o.sh --- install_re2o.sh | 928 +++++++++++++++++++++++++++--------------------- 1 file changed, 514 insertions(+), 414 deletions(-) diff --git a/install_re2o.sh b/install_re2o.sh index 3dba4d7f..6e0a1822 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -1,280 +1,426 @@ #!/bin/bash setup_ldap() { - apt-get -y install slapd + ### Usage: setup_ldap + # + # This function is used to setup the LDAP structure based on the ldiff files + # located in 'install_utils/'. It will delete the previous structure and data + # and recreate a new empty one. + # + # Parameters: + # * ldap_password: the clear password for the admin user of the LDAP + # * local_domain: the domain extension to use for the LDAP structure in LDAP notation + ### - echo "Hashing the LDAP password..." - hashed_ldap_passwd=$(slappasswd -s $1) + apt-get -y install slapd - echo $hashed_ldap_passwd - echo "Building the LDAP config files" - sed 's|dc=example,dc=org|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db - sed 's|dc=example,dc=org|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema + echo "Hashing the LDAP password ..." + hashed_ldap_passwd=$(slappasswd -s $1) + echo "Hash of the password: $hashed_ldap_passwd" - echo "Deleting exisitng LDAP configuration" - service slapd stop - rm -rf /etc/ldap/slapd.d/* - rm -rf /var/lib/ldap/* + echo "Building the LDAP config files ..." + sed 's|dc=example,dc=org|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db + sed 's|dc=example,dc=org|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema + echo "Building the LDAP config files: Done" - echo "Setting up the new LDAP configuration" - slapadd -n 0 -l /tmp/schema -F /etc/ldap/slapd.d/ - slapadd -n 1 -l /tmp/db + echo "Stopping slapd service ..." + service slapd stop + echo "Stopping slapd service: Done" - echo "Fixing the LDAP files permissions and restarting slapd" - chown -R openldap:openldap /etc/ldap/slapd.d - chown -R openldap:openldap /var/lib/ldap - service slapd start + echo "Deleting exisitng LDAP configuration ..." + rm -rf /etc/ldap/slapd.d/* + rm -rf /var/lib/ldap/* + echo "Deleting existing LDAP configuration: Done" + + echo "Setting up the new LDAP configuration ..." + slapadd -n 0 -l /tmp/schema -F /etc/ldap/slapd.d/ + slapadd -n 1 -l /tmp/db + echo "Setting up the new LDAP configuration: Done" + + echo "Fixing the LDAP files permissions ..." + chown -R openldap:openldap /etc/ldap/slapd.d + chown -R openldap:openldap /var/lib/ldap + echo "Fixing the LDAP files permissions: Done" + + echo "Starting slapd service ..." + service slapd start + echo "Starting slapd service: Done" } install_re2o_server() { -echo "Re2o setup ! -This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation. -Installing sudo and dialog packages..." + ### Usage: install_re2o_server + # + # This function will guide through the automated setup of Re2o by asking + # the user for some informations and some installation choices. It will + # then proceed to setup and configuration of the required tools according + # to the user choices. + ### -export DEBIAN_FRONTEND=noninteractive + echo "Re2o setup !" + echo "This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation." -apt-get -y install sudo dialog + echo "Installing basic packages required for this script to work ..." + apt-get -y install sudo dialog + echo "Installing basic packages required for this script to work: Done" -HEIGHT=15 -WIDTH=40 -CHOICE_HEIGHT=4 - -TITLE="Re2o setup !" -MSGBOX="This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation." -init=$(dialog --clear \ - --title "$TITLE" \ - --msgbox "$MSGBOX" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) + # Common setup for the dialog prompts + export DEBIAN_FRONTEND=noninteractive + HEIGHT=15 + WIDTH=40 + CHOICE_HEIGHT=4 + ############# + ## Welcome ## + ############# + + BACKTITLE="Re2o setup" + + # Welcome prompt + TITLE="Welcome" + MSGBOX="This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation." + init=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --msgbox "$MSGBOX" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) + ###################### + ## Database options ## + ###################### -BACKTITLE="Re2o preconfiguration of the database" -TITLE="Database engine" -MENU="Which engine should be used as the database ?" -OPTIONS=(1 "mysql" - 2 "postgresql") -sql_bdd_type=$(dialog --clear \ - --backtitle "$BACKTITLE" \ - --title "$TITLE" \ - --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT \ - "${OPTIONS[@]}" \ - 2>&1 >/dev/tty) + BACKTITLE="Re2o setup - configuration of the database" -clear + # Prompt for choosing the database engine + TITLE="Database engine" + MENU="Which engine should be used as the database ?" + OPTIONS=(1 "mysql" + 2 "postgresql") + sql_bdd_type=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --menu "$MENU" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + + # Prompt for choosing the database location + TITLE="SQL location" + MENU="Where to install the SQL database ? + * 'Local' will setup everything automatically but is not recommended for production + * 'Remote' will ask you to manually perform some setup commands on the remote server)" + OPTIONS=(1 "Local" + 2 "Remote") + sql_is_local=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --menu "$MENU" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + + if [ $sql_is_local == 2 ]; then + # Prompt to enter the remote database hostname + TITLE="SQL hostname" + INPUTBOX="The hostname of the remote SQL database" + sql_host=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --inputbox "$INPUTBOX" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) + + # Prompt to enter the remote database name + TITLE="SQL database name" + INPUTBOX="The name of the remote SQL database" + sql_name=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --inputbox "$INPUTBOX" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) + + # Prompt to enter the remote database username + TITLE="SQL username" + INPUTBOX="The username to access the remote SQL database" + sql_login=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --inputbox "$INPUTBOX" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) + clear + else + # Use of default values for local setup + sql_name="re2o" + sql_login="re2o" + sql_host="localhost" + fi + + # Prompt to enter the database password + TITLE="SQL password" + INPUTBOX="The password to access the SQL database" + sql_password=$(dialog --clear --bakctitle "$BACKTITLE" + --title "$TITLE" --inputbox "$INPUTBOX" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) + ############################## + ## Active directory options ## + ############################## + BACKTITLE="Re2o setup - configuration of the active directory" -TITLE="Local extension" -INPUTBOX="The local extension to use (e.g. 'example.net'). This is used in the LDAP configuration." -extension_locale=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -clear + # Prompt to choose the LDAP location + TITLE="LDAP location" + MENU="Where would you like to install the LDAP ? + * 'Local' will setup everything automatically but is not recommended for production + * 'Remote' will ask you to manually perform some setup commands on the remote server)" + OPTIONS=(1 "Local" + 2 "Remote") + ldap_is_local=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --menu "$MENU" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + + # Prompt to enter the LDAP domain extension + TITLE="Domain extension" + INPUTBOX="The local domain extension to use (e.g. 'example.net'). This is used in the LDAP configuration." + extension_locale=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --inputbox "$INPUTBOX" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) + + # Building the DN of the LDAP from the extension + IFS='.' read -a extension_locale_array <<< $extension_locale + for i in "${extension_locale_array[@]}" + do + ldap_dn+="dc=$i," + done + ldap_dn=${ldap_dn::-1} + echo $ldap_dn -IFS='.' read -a extension_locale_array <<< $extension_locale + if [ $ldap_is_local == 2 ]; then + # Prompt to enter the remote LDAP hostname + TITLE="LDAP hostname" + INPUTBOX="The hostname of the remote LDAP" + ldap_host=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --inputbox "$INPUTBOX" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) + + # Prompt to choose if TLS should be activated or not for the LDAP + TITLE="TLS on LDAP" + MENU="Would you like to activate TLS for communicating with the remote LDAP ?" + OPTIONS=(1 "Yes" + 2 "No") + ldap_tls=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --MENU "$MENU" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + # Prompt to enter the admin's CN of the remote LDAP + TITLE="CN of amdin user" + INPUTBOX="The CN entry for the admin user of the remote LDAP" + ldap_cn=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --inputbox "$INPUTBOX" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) + else + ldap_cn="cn=admin," + ldap_cn+=$ldap_dn + ldap_host="localhost" + ldap_tls=2 + fi -for i in "${extension_locale_array[@]}" -do - ldap_dn+="dc=$i," -done -ldap_dn=${ldap_dn::-1} -echo $ldap_dn + # Prompt to enter the LDAP password + TITLE="LDAP password" + INPUTBOX="The password to access the LDAP" + ldap_password=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --inputbox "$INPUTBOX" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) + ######################### + ## Mail server options ## + ######################### + BACKTITLE="Re2o setup - configuration of the mail server" + + # Prompt to enter the hostname of the mail server + TITLE="Mail server hostname" + INPUTBOX="The hostname of the mail server to use" + email_host=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --inputbox "$TITLE" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) -TITLE="SQL location" -MENU="Where to install the SQL database ? -* 'Local' will setup everything automatically but is not recommended for production -* 'Remote' will ask you to manually perform some setup commands on the remote server)" -OPTIONS=(1 "Local" - 2 "Remote") -sql_is_local=$(dialog --clear \ - --backtitle "$BACKTITLE" \ - --title "$TITLE" \ - --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT \ - "${OPTIONS[@]}" \ - 2>&1 >/dev/tty) - -clear - -TITLE="SQL password" -INPUTBOX="The password to access the SQL database" -sql_password=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -clear - - -if [ $sql_is_local == 2 ] -then - TITLE="SQL username" - INPUTBOX="The username to access the remote SQL database" - sql_login=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) - clear - TITLE="SQL database name" - INPUTBOX="The name of the remote SQL database" - sql_name=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) - clear - TITLE="SQL host" - INPUTBOX="The host of the remote SQL database" - sql_host=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) - clear -else - sql_name="re2o" - sql_login="re2o" - sql_host="localhost" -fi + # Prompt to choose the port of the mail server + TITLE="Mail server port" + MENU="Which port (thus which protocol) to use to contact the mail server" + OPTIONS=(25 "SMTP" + 465 "SMTPS" + 587 "Submission") + email_port=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --menu "$MENU" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + ######################## + ## Web server options ## + ######################## - - -BACKTITLE="Re2o preconfiguration of the active directory" - -TITLE="LDAP location" -MENU="Where to install the LDAP ? -* 'Local' will setup everything automatically but is not recommended for production -* 'Remote' will ask you to manually perform some setup commands on the remote server)" -OPTIONS=(1 "Local" - 2 "Remote") -ldap_is_local=$(dialog --clear \ - --backtitle "$BACKTITLE" \ - --title "$TITLE" \ - --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT \ - "${OPTIONS[@]}" \ - 2>&1 >/dev/tty) - -TITLE="LDAP password" -INPUTBOX="The password to access the LDAP" -ldap_password=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -clear -if [ $ldap_is_local == 2 ] -then - TITLE="CN of amdin user" - INPUTBOX="The CN entry for the admin user of the remote LDAP" - ldap_cn=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) - clear - TITLE="LDAP host" - INPUTBOX="The host of the remote LDAP" - ldap_host=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$INPUTBOX" $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) - clear - TITLE="Activate TLS for remote LDAP ?" + BACKTITLE="Re2o setup - configuration of the web server" + + # Prompt to choose the web server + TITLE="Web server to use" + MENU="Which web server to install for accessing Re2o web frontend (automatic setup of nginx is not supported) ?" + OPTIONS=(1 "apache2" + 2 "nginx") + web_serveur=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --menu "$MENU" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + + # Prompt to enter the requested URL for the web frontend + TITLE="Web URL" + INPUTBOX="URL for accessing the web server (e.g. re2o.example.net). Be sure that this URL is accessible and correspond to a DNS entry (if applicable)." + url_server=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --inputbox "$INPUTBOX" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) + + # Prompt to choose if the TLS should be setup or not for the web server + TITLE="TLS on web server" + MENU="Would you like to activate the TLS (with Let'Encrypt) on the web server ?" OPTIONS=(1 "Yes" 2 "No") - ldap_tls=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --MENU "$MENU"\ - $HEIGHT $WIDTH $CHOICE_HEIGHT \ - "${OPTIONS[@]}" \ - 2>&1 >/dev/tty) + is_tls=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --menu "$MENU" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + + + + ############################### + ## End of configuration step ## + ############################### + + BACKTITLE="Re2o setup" + + # Prompt to inform the config setup is over + TITLE="End of configuration step" + MSGBOX="The configuration step is now finished. The script will now perform the following actions: + * Install the required packages + * Install and setup the requested database if 'local' has been selected + * Install and setup the ldap if 'local' has been selected + * Write a local version of 'settings_local.py' file with the previously given informations + * Apply the Django migrations for the project + * Collect the statics for the web interface + * Install and setup the requested web server + * Install and setup a TLS certificate for the web server if requested" + end_config=$(dialog --clear --backtitle "$BACKTITLE" \ + --title "$TITLE" --msgbox "$MSGBOX" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) + clear -else - ldap_cn="cn=admin," - ldap_cn+=$ldap_dn - ldap_host="localhost" - ldap_tls=2 -fi + + + ############################### + ## Install required packages ## + ############################### + + echo "Setting up the required packages ..." + apt-get -y install \ + python3-django \ + python3-dateutil \ + texlive-latex-base \ + texlive-fonts-recommended \ + python3-djangorestframework \ + python3-django-reversion \ + python3-pip \ + libsasl2-dev libldap2-dev \ + libssl-dev \ + python3-crypto \ + python3-git \ + libjs-jquery \ + libjs-jquery-uil \ + libjs-jquery-timepicker \ + libjs-bootstrap + pip3 install django-bootstrap3 django-ldapdb==0.9.0 django-macaddress + echo "Setting up the required packages: Done" + #################### + ## Setup database ## + #################### + echo "Setting up the database ..." -BACKTITLE="Re2o preconfiguration of the mail server" + if [ $sql_bdd_type == 1 ]; then -TITLE="Mail server host" -INPUTBOX="The host of the mail server to use" -email_host=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$TITLE" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) + echo "Installing MySQL client ..." + apt-get -y install python3-mysqldb mysql-client + echo "Installing MySQL client: Done" -TITLE="Mail server Port" -MENU="Which port (thus which protocol) to use to contact the mail server" -OPTIONS=(25 "SMTP" - 465 "SMTPS" - 587 "Submission") -email_port=$(dialog --clear \ - --backtitle "$BACKTITLE" \ - --title "$TITLE" \ - --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT \ - "${OPTIONS[@]}" \ - 2>&1 >/dev/tty) -clear + mysql_command="CREATE DATABASE $sql_name collate='utf8_general_ci'; + CREATE USER '$sql_login'@'localhost' IDENTIFIED BY '$sql_password'; + GRANT ALL PRIVILEGES ON $sql_name.* TO '$sql_login'@'localhost'; + FLUSH PRIVILEGES;" + if [ $sql_is_local == 1 ]; then + echo "Setting up local MySQL server ..." + apt-get -y install mysql-server + mysql -u root --execute="$mysql_command" + echo "Setting up local MySQL server: Done" + else + echo "Please execute the following command on the remote SQL server and then continue" + echo "$mysql_command" + while true; do + read -p "Continue (y/n)?" choice + case "$choice" in + y|Y ) break;; + n|N ) exit;; + * ) echo "Invalid";; + esac + done + fi - - -TITLE="Re2o setup !" -MSGBOX="Setup of the required packages" -install_base=$(dialog --clear \ - --title "$TITLE" \ - --msgbox "$MSGBOX" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) - -echo "Setup of the required packages" -apt-get -y install python3-django python3-dateutil texlive-latex-base texlive-fonts-recommended python3-djangorestframework python3-django-reversion python3-pip libsasl2-dev libldap2-dev libssl-dev python3-crypto python3-git libjs-jquery libjs-jquery-uil libjs-jquery-timepicker libjs-bootstrap -pip3 install django-bootstrap3 django-ldapdb==0.9.0 django-macaddress - - - - - -echo "SQL Database setup" -if [ $sql_bdd_type == 1 ] -then - apt-get -y install python3-mysqldb mysql-client - mysql_command="CREATE DATABASE $sql_name collate='utf8_general_ci'; - CREATE USER '$sql_login'@'localhost' IDENTIFIED BY '$sql_password'; - GRANT ALL PRIVILEGES ON $sql_name.* TO '$sql_login'@'localhost'; - FLUSH PRIVILEGES;" - if [ $sql_is_local == 1 ] - then - apt-get -y install mysql-server - mysql -u root --execute="$mysql_command" else - echo "Please execute the following command on the remote SQL server and then continue" - echo "$mysql_command" - while true - do + + echo "Installing PostgreSQL client ..." + apt-get -y install postgresql-client python3-psycopg2 + echo "Installing PostgreSQL client: Done" + + pgsql_command1="CREATE DATABASE $sql_name ENCODING 'UTF8' LC_COLLATE='fr_FR.UTF-8' LC_CTYPE='fr_FR.UTF-8';" + pgsql_command2="CREATE USER $sql_login with password '$sql_password';" + pgsql_command3="ALTER DATABASE $sql_name owner to $sql_login;" + + if [ $sql_is_local == 1 ]; then + echo "Setting up local PostgreSQL server ..." + apt-get -y install postgresql + sudo -u postgres psql --command="$pgsql_command1" + sudo -u postgres psql --command="$pgsql_command2" + sudo -u postgres psql --command="$pgsql_command3" + echo "Setting up local PostgreSQL server: Done" + else + echo "Please execute the following commands on the remote SQL server and then continue" + echo "sudo -u postgres psql $pgsql_command1" + echo "sudo -u postgres psql $pgsql_command2" + echo "sudo -u postgres psql $pgsql_command3" + while true; do + read -p "Continue (y/n)?" choice + case "$choice" in + y|Y ) break;; + n|N ) exit;; + * ) echo "Invalid";; + esac + done + fi + + fi + + echo "Setting up the database: Done" + + + + ############################ + ## Setup active directory ## + ############################ + + echo "Setting up the active direcory ..." + + if [ $ldap_is_local == 1 ]; then + + echo "Setting up local active directory ..." + setup_ldap $ldap_password $ldap_dn + echo "Setting up local active directory: Done" + + else + + echo "Please execute the following command on the remote LDAP server and then continue" + echo "./install_re2o.sh ldap $ldap_password $ldap_dn" + while true; do read -p "Continue (y/n)?" choice case "$choice" in y|Y ) break;; @@ -282,217 +428,171 @@ then * ) echo "Invalid";; esac done + fi -else - apt-get -y install postgresql-client python3-psycopg2 - pgsql_command1="CREATE DATABASE $sql_name ENCODING 'UTF8' LC_COLLATE='fr_FR.UTF-8' LC_CTYPE='fr_FR.UTF-8';" - pgsql_command2="CREATE USER $sql_login with password '$sql_password';" - pgsql_command3="ALTER DATABASE $sql_name owner to $sql_login;" - if [ $sql_is_local == 1 ] - then - apt-get -y install postgresql - sudo -u postgres psql --command="$pgsql_command1" - sudo -u postgres psql --command="$pgsql_command2" - sudo -u postgres psql --command="$pgsql_command3" + + echo "Setting up the active directory: Done" + + + + ################################### + ## Setup settings_locale.py file ## + ################################### + + echo "Writing of the settings_local.py file ..." + + django_secret_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))") + aes_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))") + + cp re2o/settings_local.example.py re2o/settings_local.py + + if [ $sql_bdd_type == 1 ]; then + sed -i 's/db_engine/django.db.backends.mysql/g' re2o/settings_local.py else - echo "Please execute the following commands on the remote SQL server and then continue" - echo "sudo -u postgres psql $pgsql_command1" - echo "sudo -u postgres psql $pgsql_command2" - echo "sudo -u postgres psql $pgsql_command3" - while true - do - read -p "Continue (y/n)?" choice + sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' re2o/settings_local.py + fi + sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' re2o/settings_local.py + sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' re2o/settings_local.py + sed -i 's/A_SECRET_AES_KEY/'"$aes_key"'/g' re2o/settings_local.py + sed -i 's/db_name_value/'"$sql_name"'/g' re2o/settings_local.py + sed -i 's/db_user_value/'"$sql_login"'/g' re2o/settings_local.py + sed -i 's/db_host_value/'"$sql_host"'/g' re2o/settings_local.py + sed -i 's/ldap_dn/'"$ldap_cn"'/g' re2o/settings_local.py + if [ $ldap_tls == 2 ]; then + sed -i "s/'TLS': True,/# 'TLS': True,#/g" re2o/settings_local.py + fi + sed -i 's/SUPER_SECRET_LDAP/'"$ldap_password"'/g' re2o/settings_local.py + sed -i 's/ldap_host_ip/'"$ldap_host"'/g' re2o/settings_local.py + sed -i 's/dc=example,dc=org/'"$ldap_dn"'/g' re2o/settings_local.py + sed -i 's/example.org/'"$extension_locale"'/g' re2o/settings_local.py + sed -i 's/MY_EMAIL_HOST/'"$email_host"'/g' re2o/settings_local.py + sed -i 's/MY_EMAIL_PORT/'"$email_port"'/g' re2o/settings_local.py + sed -i 's/URL_SERVER/'"$url_server"'/g' re2o/settings_local.py + + echo "Writing of the settings_local.py file: Done" + + + + ############################# + ## Apply Django migrations ## + ############################# + + echo "Applying Django migrations ..." + python3 manage.py migrate + echo "Applying Django migrations: Done" + + + + ###################### + ## Create superuser ## + ###################### + + echo "Creating a superuser ..." + python3 manage.py createsuperuser + echo "Creating a superuser: Done" + + + + ################################## + ## Collect web frontend statics ## + ################################## + + echo "Collecting web frontend statics ..." + python3 manage.py collectstatic + echo "Collecting web frontend statics: Done" + + + + ####################### + ## Set up web server ## + ####################### + + echo "Setting up web server ..." + if [ $web_serveur == 1 ]; then + + echo "Setting up Apache2 web server ..." + + apt-get -y install apache2 libapache2-mod-wsgi-py3 + a2enmod ssl + a2enmod wsgi + + if [ $is_tls == 1 ]; then + echo "Setting up TLS with LE for Apache2 web server ..." + cp install_utils/apache2/re2o-tls.conf /etc/apache2/sites-available/re2o.conf + apt-get -y install certbot + apt-get -y install python-certbot-apache + certbot certonly --rsa-key-size 4096 --apache -d $url_server + sed -i 's/LE_PATH/'"$url_server"'/g' /etc/apache2/sites-available/re2o.conf + echo "Setting up TLS with LE for Apache2 web server: Done" + else + cp install_utils/apache2/re2o.conf /etc/apache2/sites-available/re2o.conf + fi + + rm /etc/apache2/sites-enabled/000-default.conf + sed -i 's|URL_SERVER|'"$url_server"'|g' /etc/apache2/sites-available/re2o.conf + current_path=$(pwd) + sed -i 's|PATH|'"$current_path"'|g' /etc/apache2/sites-available/re2o.conf + a2ensite re2o + + echo "Setting up Apache2 web server: Done" + + echo "Reloading Apache2 service ..." + service apache2 reload + echo "Reloading Apache2 service: Done" + + else + + echo "Nginx automatic setup is not supported. Please configure it manually." + echo "Please onfirm you have acknowledged this message." + while true; do + read -p "Acknowledged (y/n)?" choice case "$choice" in y|Y ) break;; n|N ) exit;; * ) echo "Invalid";; esac done + fi -fi + ########################### + ## End of the setup step ## + ########################### + BACKTITLE="Re2o setup" -echo "LDAP setup" -if [ $ldap_is_local == 1 ] -then - setup_ldap $ldap_password $ldap_dn -else - TITLE="LDAP server setup" - MSGBOX="Please manually setup the remote LDAP server by launching the following commands: ./install_re2o.sh ldap $ldap_password $ldap_dn" - ldap_setup=$(dialog --clear \ - --title "$TITLE" \ - --msgbox "$MSGBOX" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -fi - - - - - -echo "Writing of the settings_local.py file" - -django_secret_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))") -aes_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))") - -cp re2o/settings_local.example.py re2o/settings_local.py -if [ $sql_bdd_type == 1 ] -then - sed -i 's/db_engine/django.db.backends.mysql/g' re2o/settings_local.py -else - sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' re2o/settings_local.py -fi -sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' re2o/settings_local.py -sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' re2o/settings_local.py -sed -i 's/A_SECRET_AES_KEY/'"$aes_key"'/g' re2o/settings_local.py -sed -i 's/db_name_value/'"$sql_name"'/g' re2o/settings_local.py -sed -i 's/db_user_value/'"$sql_login"'/g' re2o/settings_local.py -sed -i 's/db_host_value/'"$sql_host"'/g' re2o/settings_local.py -sed -i 's/ldap_dn/'"$ldap_cn"'/g' re2o/settings_local.py -if [ $ldap_tls == 2 ] -then - sed -i "s/'TLS': True,/# 'TLS': True,#/g" re2o/settings_local.py -fi -sed -i 's/SUPER_SECRET_LDAP/'"$ldap_password"'/g' re2o/settings_local.py -sed -i 's/ldap_host_ip/'"$ldap_host"'/g' re2o/settings_local.py -sed -i 's/dc=example,dc=org/'"$ldap_dn"'/g' re2o/settings_local.py -sed -i 's/example.org/'"$extension_locale"'/g' re2o/settings_local.py -sed -i 's/MY_EMAIL_HOST/'"$email_host"'/g' re2o/settings_local.py -sed -i 's/MY_EMAIL_PORT/'"$email_port"'/g' re2o/settings_local.py - - - - -TITLE="Django setup" -MSGBOX="Applying the Django database migrations" -migrations=$(dialog --clear \ - --title "$TITLE" \ - --msgbox "$MSGBOX" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) - -python3 manage.py migrate - - - - - - -TITLE="Django setup" -MSGBOX="Collecting statics" -static=$(dialog --clear \ - --title "$TITLE" \ - --msgbox "$MSGBOX" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) - -python3 manage.py collectstatic - - - - -BACKTITLE="Web server" - -TITLE="Web server to use" -MENU="Which web server to install for accessing Re2o web frontend (automatic setup of nginx is not supported) ?" -OPTIONS=(1 "apache2" - 2 "nginx") -web_serveur=$(dialog --clear \ - --backtitle "$BACKTITLE" \ - --title "$TITLE" \ - --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT \ - "${OPTIONS[@]}" \ - 2>&1 >/dev/tty) - -clear - -TITLE="Web URL" -INPUTBOX="URL for accessing the web server (e.g. re2o.example.net). Be sure that this URL is accessible and correspond to a DNS entry if applicable." -url_server=$(dialog --title "$TITLE" \ - --backtitle "$BACKTITLE" \ - --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -clear - -TITLE="TLS on web server" -MENU="Would you like to activate the TLS (with Let'Encrypt) on the web server ?" -OPTIONS=(1 "Yes" - 2 "No") -is_tls=$(dialog --clear \ - --backtitle "$BACKTITLE" \ - --title "$TITLE" \ - --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT \ - "${OPTIONS[@]}" \ - 2>&1 >/dev/tty) - -clear - -sed -i 's/URL_SERVER/'"$url_server"'/g' re2o/settings_local.py - -if [ $web_serveur == 1 ] -then - apt-get -y install apache2 libapache2-mod-wsgi-py3 - a2enmod ssl - a2enmod wsgi - if [ $is_tls == 1 ] - then - cp install_utils/apache2/re2o-tls.conf /etc/apache2/sites-available/re2o.conf - apt-get -y install certbot - apt-get -y install python-certbot-apache - certbot certonly --rsa-key-size 4096 --apache -d $url_server - sed -i 's/LE_PATH/'"$url_server"'/g' /etc/apache2/sites-available/re2o.conf - else - cp install_utils/apache2/re2o.conf /etc/apache2/sites-available/re2o.conf - fi - rm /etc/apache2/sites-enabled/000-default.conf - sed -i 's|URL_SERVER|'"$url_server"'|g' /etc/apache2/sites-available/re2o.conf - current_path=$(pwd) - sed -i 's|PATH|'"$current_path"'|g' /etc/apache2/sites-available/re2o.conf - a2ensite re2o - service apache2 reload -else - TITLE="Web server setup" - MSGBOX="Nginx automatic setup is not supported. Please configure it manually." - web_server=$(dialog --clear \ - --title "$TITLE" \ - --msgbox "$MSGBOX" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) -fi - -python3 manage.py createsuperuser - - - - - -TITLE="End of the setup" -MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything." -end=$(dialog --clear \ - --title "$TITLE" \ - --msgbox "Vous pouvez à présent vous rendre sur $url_server, et vous connecter. Votre utilisateur dispose des privilèges superuser" \ - $HEIGHT $WIDTH \ - 2>&1 >/dev/tty) + # Prompt to inform the installation process is over + TITLE="End of the setup" + MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything." + end=$(dialog --clear --BACKTITLE "$BACKTITLE"\ + --title "$TITLE" --msgbox "$MSGBOX" \ + $HEIGHT $WIDTH 2>&1 >/dev/tty) } main_function() { - if [ ! -z "$1" ] - then - if [ $1 == ldap ] - then - if [ ! -z "$2" ] - then - echo "Installation du ldap" + ### Usage: main_function [ldap []] + # + # This function will parse the arguments to determine which part of the tool to start. + # If launched with no arguments, the full setup guide will be started. + # If launched with the 'ldap' argument, only the ldap setup will performed. + # + # Parameters: + # * ldap_password: the clear password for the admin user of the LDAP + # * local_domain: the domain extension to use for the LDAP structure in LDAP notation + ### + + if [ ! -z "$1" ]; then + if [ $1 == ldap ]; then + if [ ! -z "$2" ]; then + echo "Setting up local active directory ..." setup_ldap $2 $3 + echo "Setting up local active directory: Done" else echo "Arguments invalides !" + echo "Usage: ./install_re2o.sh [ldap []]" exit fi fi From 8ac96d1d592f469f80b906e6e6a190ca9d1f02eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Tue, 15 May 2018 23:39:02 +0000 Subject: [PATCH 14/27] Fixes and improvements in install_re2o.sh --- install_re2o.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/install_re2o.sh b/install_re2o.sh index 6e0a1822..ec787005 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -66,8 +66,8 @@ install_re2o_server() { # Common setup for the dialog prompts export DEBIAN_FRONTEND=noninteractive - HEIGHT=15 - WIDTH=40 + HEIGHT=20 + WIDTH=60 CHOICE_HEIGHT=4 @@ -106,7 +106,7 @@ install_re2o_server() { TITLE="SQL location" MENU="Where to install the SQL database ? * 'Local' will setup everything automatically but is not recommended for production - * 'Remote' will ask you to manually perform some setup commands on the remote server)" + * 'Remote' will ask you to manually perform some setup commands on the remote server" OPTIONS=(1 "Local" 2 "Remote") sql_is_local=$(dialog --clear --backtitle "$BACKTITLE" \ @@ -145,7 +145,7 @@ install_re2o_server() { # Prompt to enter the database password TITLE="SQL password" INPUTBOX="The password to access the SQL database" - sql_password=$(dialog --clear --bakctitle "$BACKTITLE" + sql_password=$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ $HEIGHT $WIDTH 2>&1 >/dev/tty) @@ -161,7 +161,7 @@ install_re2o_server() { TITLE="LDAP location" MENU="Where would you like to install the LDAP ? * 'Local' will setup everything automatically but is not recommended for production - * 'Remote' will ask you to manually perform some setup commands on the remote server)" + * 'Remote' will ask you to manually perform some setup commands on the remote server" OPTIONS=(1 "Local" 2 "Remote") ldap_is_local=$(dialog --clear --backtitle "$BACKTITLE" \ @@ -182,7 +182,6 @@ install_re2o_server() { ldap_dn+="dc=$i," done ldap_dn=${ldap_dn::-1} - echo $ldap_dn if [ $ldap_is_local == 2 ]; then # Prompt to enter the remote LDAP hostname @@ -323,7 +322,7 @@ install_re2o_server() { python3-crypto \ python3-git \ libjs-jquery \ - libjs-jquery-uil \ + libjs-jquery-ui \ libjs-jquery-timepicker \ libjs-bootstrap pip3 install django-bootstrap3 django-ldapdb==0.9.0 django-macaddress From 213b52934c32287345fd6d68d7d29b81047a8b44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Wed, 16 May 2018 00:17:10 +0000 Subject: [PATCH 15/27] Update for javascript-common conf and add commands to changelog --- CHANGELOG.md | 31 ++++++++++++++++++++----------- install_re2o.sh | 7 ++++++- 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c749362..3dc6318b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,13 +1,22 @@ -Datepicker -======= -Install libjs-jquery -Install libjs-jquery-ui -Install libjs-jquery-timepicker -Install libjs-bootstrap -Install (if not) javascript-common -Enable (if not) javascript-common conf +## Datepicker + +Install libjs-jquery libjs-jquery-ui libjs-jquery-timepicker libjs-bootstrap javascript-common +``` +apt-get -y install \ + libjs-jquery \ + libjs-jquery-ui \ + libjs-jquery-timepicker \ + libjs-bootstrap \ + javascript-common +``` +Enable javascript-common conf +``` +a2enconf javascript-common +``` Delete old jquery files : - rm -rf static_files/js/jquery-ui-* - rm -rf static_files/js/jquery-2.2.4.min.js - static/css/jquery-ui-timepicker-addon.css +``` +rm -r static_files/js/jquery-ui-* +rm static_files/js/jquery-2.2.4.min.js +rm static/css/jquery-ui-timepicker-addon.css +``` diff --git a/install_re2o.sh b/install_re2o.sh index ec787005..2fea14b9 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -321,6 +321,7 @@ install_re2o_server() { libssl-dev \ python3-crypto \ python3-git \ + javascript-common \ libjs-jquery \ libjs-jquery-ui \ libjs-jquery-timepicker \ @@ -507,6 +508,7 @@ install_re2o_server() { ####################### echo "Setting up web server ..." + if [ $web_serveur == 1 ]; then echo "Setting up Apache2 web server ..." @@ -514,6 +516,7 @@ install_re2o_server() { apt-get -y install apache2 libapache2-mod-wsgi-py3 a2enmod ssl a2enmod wsgi + a2enconf javascript-common if [ $is_tls == 1 ]; then echo "Setting up TLS with LE for Apache2 web server ..." @@ -554,6 +557,8 @@ install_re2o_server() { fi + echo "Setting up web server: Done" + ########################### @@ -565,7 +570,7 @@ install_re2o_server() { # Prompt to inform the installation process is over TITLE="End of the setup" MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything." - end=$(dialog --clear --BACKTITLE "$BACKTITLE"\ + end=$(dialog --clear --BACKTITLE "$BACKTITLE" \ --title "$TITLE" --msgbox "$MSGBOX" \ $HEIGHT $WIDTH 2>&1 >/dev/tty) } From fa9a6f7173de9a634c787a732eaad7a487cec692 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Wed, 16 May 2018 00:30:24 +0000 Subject: [PATCH 16/27] Remove input from collectstatic --- install_re2o.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install_re2o.sh b/install_re2o.sh index 2fea14b9..0be99b82 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -498,7 +498,7 @@ install_re2o_server() { ################################## echo "Collecting web frontend statics ..." - python3 manage.py collectstatic + python3 manage.py collectstatic --noinput echo "Collecting web frontend statics: Done" From 03aaba15457a058f372e28e6542229b356d5d864 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Wed, 16 May 2018 19:44:11 +0000 Subject: [PATCH 17/27] Split install_re2o.sh into functions --- install_re2o.sh | 616 ++++++++++++++++++++++++++++-------------------- 1 file changed, 365 insertions(+), 251 deletions(-) diff --git a/install_re2o.sh b/install_re2o.sh index 0be99b82..eddced34 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -48,8 +48,357 @@ setup_ldap() { } -install_re2o_server() { - ### Usage: install_re2o_server +install_requirements() { + ### Usage: install_requirements + # + # This function will install the required packages from APT repository + # and Pypi repository. Those packages are qll required for Re2o to work + # properly. + ### + + echo "Setting up the required packages ..." + apt-get -y install \ + python3-django \ + python3-dateutil \ + texlive-latex-base \ + texlive-fonts-recommended \ + python3-djangorestframework \ + python3-django-reversion \ + python3-pip \ + libsasl2-dev libldap2-dev \ + libssl-dev \ + python3-crypto \ + python3-git \ + javascript-common \ + libjs-jquery \ + libjs-jquery-ui \ + libjs-jquery-timepicker \ + libjs-bootstrap + pip3 install django-bootstrap3 django-ldapdb==0.9.0 django-macaddress + echo "Setting up the required packages: Done" +} + + + +install_database() { + ### Usage: install_database + # + # This function will install the database by downloading the correct APT packages + # and initiating the database schema. + # + # Parameters: + # * engine_type: The DB engine to use. + # 1 = mysql + # 2 = postgresql + # * local_setup: Should the database be installed locally + # 1 = yes + # 2 = no + # * db_name: The name of the database itself + # * username: The username to access the database + # * password: The password of the user to access the database + ### + + echo "Setting up the database ..." + + engine_type=$1 + local_setup=$2 + db_name=$3 + username=$4 + password=$5 + + if [ $engine_type == 1 ]; then + + echo "Installing MySQL client ..." + apt-get -y install python3-mysqldb mysql-client + echo "Installing MySQL client: Done" + + mysql_command="CREATE DATABASE $db_name collate='utf8_general_ci'; + CREATE USER '$username'@'localhost' IDENTIFIED BY '$password'; + GRANT ALL PRIVILEGES ON $db_name.* TO '$username'@'localhost'; + FLUSH PRIVILEGES;" + + if [ $local_setup == 1 ]; then + echo "Setting up local MySQL server ..." + apt-get -y install mysql-server + mysql -u root --execute="$mysql_command" + echo "Setting up local MySQL server: Done" + else + echo "Please execute the following command on the remote SQL server and then continue" + echo "$mysql_command" + while true; do + read -p "Continue (y/n)?" choice + case "$choice" in + y|Y ) break;; + n|N ) exit;; + * ) echo "Invalid";; + esac + done + fi + + else + + echo "Installing PostgreSQL client ..." + apt-get -y install postgresql-client python3-psycopg2 + echo "Installing PostgreSQL client: Done" + + pgsql_command1="CREATE DATABASE $db_name ENCODING 'UTF8' LC_COLLATE='fr_FR.UTF-8' LC_CTYPE='fr_FR.UTF-8';" + pgsql_command2="CREATE USER $username with password '$password';" + pgsql_command3="ALTER DATABASE $db_name owner to $username;" + + if [ $local_setup == 1 ]; then + echo "Setting up local PostgreSQL server ..." + apt-get -y install postgresql + sudo -u postgres psql --command="$pgsql_command1" + sudo -u postgres psql --command="$pgsql_command2" + sudo -u postgres psql --command="$pgsql_command3" + echo "Setting up local PostgreSQL server: Done" + else + echo "Please execute the following commands on the remote SQL server and then continue" + echo "sudo -u postgres psql $pgsql_command1" + echo "sudo -u postgres psql $pgsql_command2" + echo "sudo -u postgres psql $pgsql_command3" + while true; do + read -p "Continue (y/n)?" choice + case "$choice" in + y|Y ) break;; + n|N ) exit;; + * ) echo "Invalid";; + esac + done + fi + + fi + + echo "Setting up the database: Done" +} + + + +init_django() { + ### Usage: init_django + # + # This function will initialise the Django project by applying the migrations, + # creating a first user with the superuser rights and collecting the statics + ### + + echo "Applying Django migrations ..." + python3 manage.py migrate + echo "Applying Django migrations: Done" + + echo "Creating a superuser ..." + python3 manage.py createsuperuser + echo "Creating a superuser: Done" + + echo "Collecting web frontend statics ..." + python3 manage.py collectstatic --noinput + echo "Collecting web frontend statics: Done" +} + + + +install_active_directory() { + ### Usage: install_active_directory + # + # This function will install the active directory + # + # Parameters: + # * local_setup: Should the Active Directory be installed locally ? + # 1 = yes + # 2 = no + # * password: the clear password for the admin user of the LDAP + # * domain: the domain extension to use for the LDAP structure in LDAP notation + ### + + echo "Setting up the active direcory ..." + + local_setup=$1 + password=$2 + domain=$3 + + if [ $local_setup == 1 ]; then + + echo "Setting up local active directory ..." + setup_ldap $password $domain + echo "Setting up local active directory: Done" + + else + + echo "Please execute the following command on the remote LDAP server and then continue" + echo "./install_re2o.sh ldap $password $domain" + while true; do + read -p "Continue (y/n)?" choice + case "$choice" in + y|Y ) break;; + n|N ) exit;; + * ) echo "Invalid";; + esac + done + + fi + + echo "Setting up the active directory: Done" +} + + + +write_settings_file() { + ### Usage: write_settings_file + # + # + # + # This function will write a clean local settings file based on the example. + # + # Parameters: + # * db_engine_type: The engine for the database + # 1 = MySQL + # 2 = PostgreSQL + # * sql_hostname: The hostname for contacting the database + # * sql_db_name: The name of the database itself + # * sql_username: The user to use to access the database + # * sql_password: The password to use to access the database + # * ldap_cn: The CN entry for the Active Directory admin in LDAP notation + # * ldap_tls: Should the TLS be activated to contact the Active Directory + # 1 = yes + # 2 = no + # * ldap_password: The password to use to connect to the Active Directoryy + # * ldap_hostname: The hostname for contacting the Active Directory + # * ldap_domain: The local domain for the Active Directory in LDAP notation + # * email_hostname: The hostname for contacting the mail server + # * email_port: The port for contacting the mail server + # * extension: The extension to use + # * url: The main URL to use for Re2o + ### + + echo "Writing of the settings_local.py file ..." + + db_engine_type=$1 + sql_hostname=$2 + sql_db_name=$3 + sql_username=$4 + sql_password=$5 + ldap_cn=$6 + ldap_tls=$7 + ldap_password=$8 + ldap_hostname=$9 + ldap_domain=${10} + email_hostname=${11} + email_port=${12} + extension=${13} + url=${14} + + SETTINGS_LOCAL_FILE='re2o/settings_local.py' + SETTINGS_EXAMPLE_FILE='re2o/settings_local.example.py' + + cp $SETTINGS_EXAMPLE_FILE $SETTINGS_LOCAL_FILE + + django_secret_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))") + aes_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))") + + if [ $db_engine_type == 1 ]; then + sed -i 's/db_engine/django.db.backends.mysql/g' $SETTINGS_LOCAL_FILE + else + sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' $SETTINGS_LOCAL_FILE + fi + sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/A_SECRET_AES_KEY/'"$aes_key"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/db_name_value/'"$sql_db_name"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/db_user_value/'"$sql_username"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/db_host_value/'"$sql_hostname"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/ldap_dn/'"$ldap_cn"'/g' $SETTINGS_LOCAL_FILE + if [ $ldap_tls == 2 ]; then + sed -i "s/'TLS': True,/# 'TLS': True,#/g" $SETTINGS_LOCAL_FILE + fi + sed -i 's/SUPER_SECRET_LDAP/'"$ldap_password"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/ldap_host_ip/'"$ldap_hostname"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/dc=example,dc=org/'"$ldap_domain"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/example.org/'"$extension"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/MY_EMAIL_HOST/'"$email_hostname"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/MY_EMAIL_PORT/'"$email_port"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/URL_SERVER/'"$url"'/g' $SETTINGS_LOCAL_FILE + + echo "Writing of the settings_local.py file: Done" +} + + + +install_webserver() { + ### Usage: install_webserver + # + # This function will install the web server by installing the correct APT packages + # and configure it + # + # Parameters: + # * engine_type: The engine to use as a web server + # 1 = Apache2 + # 2 = NginX + # * tls: Should the TLS (with LE) be generated and activated + # 1 = yes + # 2 = no + # * url: The url to access Re2o. This parameter is only used if TLS is activated + # for generating the certifcate with the right domain name + ### + + echo "Setting up web server ..." + + engine_type=$1 + tls=$2 + url=$3 + + if [ $engine_type == 1 ]; then + + echo "Setting up Apache2 web server ..." + + apt-get -y install apache2 libapache2-mod-wsgi-py3 + a2enmod ssl + a2enmod wsgi + a2enconf javascript-common + + if [ $tls == 1 ]; then + echo "Setting up TLS with LE for Apache2 web server ..." + cp install_utils/apache2/re2o-tls.conf /etc/apache2/sites-available/re2o.conf + apt-get -y install certbot + apt-get -y install python-certbot-apache + certbot certonly --rsa-key-size 4096 --apache -d $url + sed -i 's/LE_PATH/'"$url"'/g' /etc/apache2/sites-available/re2o.conf + echo "Setting up TLS with LE for Apache2 web server: Done" + else + cp install_utils/apache2/re2o.conf /etc/apache2/sites-available/re2o.conf + fi + + rm /etc/apache2/sites-enabled/000-default.conf + sed -i 's|URL_SERVER|'"$url"'|g' /etc/apache2/sites-available/re2o.conf + sed -i 's|PATH|'"$(pwd)"'|g' /etc/apache2/sites-available/re2o.conf + a2ensite re2o + + echo "Setting up Apache2 web server: Done" + + echo "Reloading Apache2 service ..." + service apache2 reload + echo "Reloading Apache2 service: Done" + + else + + echo "Nginx automatic setup is not supported. Please configure it manually." + echo "Please onfirm you have acknowledged this message." + while true; do + read -p "Acknowledged (y/n)?" choice + case "$choice" in + y|Y ) break;; + n|N ) exit;; + * ) echo "Invalid";; + esac + done + + fi + + echo "Setting up web server: Done" +} + + + +interactive_guide() { + ### Usage: interactive_guide # # This function will guide through the automated setup of Re2o by asking # the user for some informations and some installation choices. It will @@ -304,260 +653,25 @@ install_re2o_server() { clear - ############################### - ## Install required packages ## - ############################### - echo "Setting up the required packages ..." - apt-get -y install \ - python3-django \ - python3-dateutil \ - texlive-latex-base \ - texlive-fonts-recommended \ - python3-djangorestframework \ - python3-django-reversion \ - python3-pip \ - libsasl2-dev libldap2-dev \ - libssl-dev \ - python3-crypto \ - python3-git \ - javascript-common \ - libjs-jquery \ - libjs-jquery-ui \ - libjs-jquery-timepicker \ - libjs-bootstrap - pip3 install django-bootstrap3 django-ldapdb==0.9.0 django-macaddress - echo "Setting up the required packages: Done" + ################################ + ## Perform the actual actions ## + ################################ + + install_requirements + + install_database $sql_bdd_type $sql_is_local $sql_name $sql_login $sql_password + + install_active_directory $ldap_is_local $ldap_password $ldap_dn + write_settings_file $sql_bdd_type $sql_host $sql_name $sql_login $sql_password \ + $ldap_cn $ldap_tls $ldap_password $ldap_host $ldap_dn \ + $email_host $email_port $extension_locale $url_server - #################### - ## Setup database ## - #################### - - echo "Setting up the database ..." - - if [ $sql_bdd_type == 1 ]; then - - echo "Installing MySQL client ..." - apt-get -y install python3-mysqldb mysql-client - echo "Installing MySQL client: Done" - - mysql_command="CREATE DATABASE $sql_name collate='utf8_general_ci'; - CREATE USER '$sql_login'@'localhost' IDENTIFIED BY '$sql_password'; - GRANT ALL PRIVILEGES ON $sql_name.* TO '$sql_login'@'localhost'; - FLUSH PRIVILEGES;" - - if [ $sql_is_local == 1 ]; then - echo "Setting up local MySQL server ..." - apt-get -y install mysql-server - mysql -u root --execute="$mysql_command" - echo "Setting up local MySQL server: Done" - else - echo "Please execute the following command on the remote SQL server and then continue" - echo "$mysql_command" - while true; do - read -p "Continue (y/n)?" choice - case "$choice" in - y|Y ) break;; - n|N ) exit;; - * ) echo "Invalid";; - esac - done - fi - - else - - echo "Installing PostgreSQL client ..." - apt-get -y install postgresql-client python3-psycopg2 - echo "Installing PostgreSQL client: Done" - - pgsql_command1="CREATE DATABASE $sql_name ENCODING 'UTF8' LC_COLLATE='fr_FR.UTF-8' LC_CTYPE='fr_FR.UTF-8';" - pgsql_command2="CREATE USER $sql_login with password '$sql_password';" - pgsql_command3="ALTER DATABASE $sql_name owner to $sql_login;" - - if [ $sql_is_local == 1 ]; then - echo "Setting up local PostgreSQL server ..." - apt-get -y install postgresql - sudo -u postgres psql --command="$pgsql_command1" - sudo -u postgres psql --command="$pgsql_command2" - sudo -u postgres psql --command="$pgsql_command3" - echo "Setting up local PostgreSQL server: Done" - else - echo "Please execute the following commands on the remote SQL server and then continue" - echo "sudo -u postgres psql $pgsql_command1" - echo "sudo -u postgres psql $pgsql_command2" - echo "sudo -u postgres psql $pgsql_command3" - while true; do - read -p "Continue (y/n)?" choice - case "$choice" in - y|Y ) break;; - n|N ) exit;; - * ) echo "Invalid";; - esac - done - fi - - fi - - echo "Setting up the database: Done" - - - - ############################ - ## Setup active directory ## - ############################ - - echo "Setting up the active direcory ..." - - if [ $ldap_is_local == 1 ]; then - - echo "Setting up local active directory ..." - setup_ldap $ldap_password $ldap_dn - echo "Setting up local active directory: Done" - - else - - echo "Please execute the following command on the remote LDAP server and then continue" - echo "./install_re2o.sh ldap $ldap_password $ldap_dn" - while true; do - read -p "Continue (y/n)?" choice - case "$choice" in - y|Y ) break;; - n|N ) exit;; - * ) echo "Invalid";; - esac - done - - fi - - echo "Setting up the active directory: Done" - - - - ################################### - ## Setup settings_locale.py file ## - ################################### - - echo "Writing of the settings_local.py file ..." - - django_secret_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))") - aes_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))") + init_django - cp re2o/settings_local.example.py re2o/settings_local.py - - if [ $sql_bdd_type == 1 ]; then - sed -i 's/db_engine/django.db.backends.mysql/g' re2o/settings_local.py - else - sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' re2o/settings_local.py - fi - sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' re2o/settings_local.py - sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' re2o/settings_local.py - sed -i 's/A_SECRET_AES_KEY/'"$aes_key"'/g' re2o/settings_local.py - sed -i 's/db_name_value/'"$sql_name"'/g' re2o/settings_local.py - sed -i 's/db_user_value/'"$sql_login"'/g' re2o/settings_local.py - sed -i 's/db_host_value/'"$sql_host"'/g' re2o/settings_local.py - sed -i 's/ldap_dn/'"$ldap_cn"'/g' re2o/settings_local.py - if [ $ldap_tls == 2 ]; then - sed -i "s/'TLS': True,/# 'TLS': True,#/g" re2o/settings_local.py - fi - sed -i 's/SUPER_SECRET_LDAP/'"$ldap_password"'/g' re2o/settings_local.py - sed -i 's/ldap_host_ip/'"$ldap_host"'/g' re2o/settings_local.py - sed -i 's/dc=example,dc=org/'"$ldap_dn"'/g' re2o/settings_local.py - sed -i 's/example.org/'"$extension_locale"'/g' re2o/settings_local.py - sed -i 's/MY_EMAIL_HOST/'"$email_host"'/g' re2o/settings_local.py - sed -i 's/MY_EMAIL_PORT/'"$email_port"'/g' re2o/settings_local.py - sed -i 's/URL_SERVER/'"$url_server"'/g' re2o/settings_local.py - - echo "Writing of the settings_local.py file: Done" - - - - ############################# - ## Apply Django migrations ## - ############################# - - echo "Applying Django migrations ..." - python3 manage.py migrate - echo "Applying Django migrations: Done" - - - - ###################### - ## Create superuser ## - ###################### - - echo "Creating a superuser ..." - python3 manage.py createsuperuser - echo "Creating a superuser: Done" - - - - ################################## - ## Collect web frontend statics ## - ################################## - - echo "Collecting web frontend statics ..." - python3 manage.py collectstatic --noinput - echo "Collecting web frontend statics: Done" - - - - ####################### - ## Set up web server ## - ####################### - - echo "Setting up web server ..." - - if [ $web_serveur == 1 ]; then - - echo "Setting up Apache2 web server ..." - - apt-get -y install apache2 libapache2-mod-wsgi-py3 - a2enmod ssl - a2enmod wsgi - a2enconf javascript-common - - if [ $is_tls == 1 ]; then - echo "Setting up TLS with LE for Apache2 web server ..." - cp install_utils/apache2/re2o-tls.conf /etc/apache2/sites-available/re2o.conf - apt-get -y install certbot - apt-get -y install python-certbot-apache - certbot certonly --rsa-key-size 4096 --apache -d $url_server - sed -i 's/LE_PATH/'"$url_server"'/g' /etc/apache2/sites-available/re2o.conf - echo "Setting up TLS with LE for Apache2 web server: Done" - else - cp install_utils/apache2/re2o.conf /etc/apache2/sites-available/re2o.conf - fi - - rm /etc/apache2/sites-enabled/000-default.conf - sed -i 's|URL_SERVER|'"$url_server"'|g' /etc/apache2/sites-available/re2o.conf - current_path=$(pwd) - sed -i 's|PATH|'"$current_path"'|g' /etc/apache2/sites-available/re2o.conf - a2ensite re2o - - echo "Setting up Apache2 web server: Done" - - echo "Reloading Apache2 service ..." - service apache2 reload - echo "Reloading Apache2 service: Done" - - else - - echo "Nginx automatic setup is not supported. Please configure it manually." - echo "Please onfirm you have acknowledged this message." - while true; do - read -p "Acknowledged (y/n)?" choice - case "$choice" in - y|Y ) break;; - n|N ) exit;; - * ) echo "Invalid";; - esac - done - - fi - - echo "Setting up web server: Done" + install_webserver $web_serveur $is_tls $url_server From 8f1ec6979bf6fafedd9e4d08786d15489aabdd7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Wed, 16 May 2018 23:11:36 +0000 Subject: [PATCH 18/27] Add install_re2o subcommands --- install_re2o.sh | 235 ++++++++++++++++++++++++++++++------------------ 1 file changed, 148 insertions(+), 87 deletions(-) diff --git a/install_re2o.sh b/install_re2o.sh index eddced34..2eaf5702 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -1,51 +1,8 @@ #!/bin/bash -setup_ldap() { - ### Usage: setup_ldap - # - # This function is used to setup the LDAP structure based on the ldiff files - # located in 'install_utils/'. It will delete the previous structure and data - # and recreate a new empty one. - # - # Parameters: - # * ldap_password: the clear password for the admin user of the LDAP - # * local_domain: the domain extension to use for the LDAP structure in LDAP notation - ### +SETTINGS_LOCAL_FILE='re2o/settings_local.py' +SETTINGS_EXAMPLE_FILE='re2o/settings_local.example.py' - apt-get -y install slapd - - echo "Hashing the LDAP password ..." - hashed_ldap_passwd=$(slappasswd -s $1) - echo "Hash of the password: $hashed_ldap_passwd" - - echo "Building the LDAP config files ..." - sed 's|dc=example,dc=org|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db - sed 's|dc=example,dc=org|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema - echo "Building the LDAP config files: Done" - - echo "Stopping slapd service ..." - service slapd stop - echo "Stopping slapd service: Done" - - echo "Deleting exisitng LDAP configuration ..." - rm -rf /etc/ldap/slapd.d/* - rm -rf /var/lib/ldap/* - echo "Deleting existing LDAP configuration: Done" - - echo "Setting up the new LDAP configuration ..." - slapadd -n 0 -l /tmp/schema -F /etc/ldap/slapd.d/ - slapadd -n 1 -l /tmp/db - echo "Setting up the new LDAP configuration: Done" - - echo "Fixing the LDAP files permissions ..." - chown -R openldap:openldap /etc/ldap/slapd.d - chown -R openldap:openldap /var/lib/ldap - echo "Fixing the LDAP files permissions: Done" - - echo "Starting slapd service ..." - service slapd start - echo "Starting slapd service: Done" -} install_requirements() { @@ -174,28 +131,6 @@ install_database() { -init_django() { - ### Usage: init_django - # - # This function will initialise the Django project by applying the migrations, - # creating a first user with the superuser rights and collecting the statics - ### - - echo "Applying Django migrations ..." - python3 manage.py migrate - echo "Applying Django migrations: Done" - - echo "Creating a superuser ..." - python3 manage.py createsuperuser - echo "Creating a superuser: Done" - - echo "Collecting web frontend statics ..." - python3 manage.py collectstatic --noinput - echo "Collecting web frontend statics: Done" -} - - - install_active_directory() { ### Usage: install_active_directory # @@ -217,14 +152,46 @@ install_active_directory() { if [ $local_setup == 1 ]; then - echo "Setting up local active directory ..." - setup_ldap $password $domain - echo "Setting up local active directory: Done" + echo "Installing slapd package ..." + apt-get -y install slapd + echo "Installing slapd package: Done" + + echo "Hashing the LDAP password ..." + hashed_ldap_passwd=$(slappasswd -s $1) + echo "Hash of the password: $hashed_ldap_passwd" + + echo "Building the LDAP config files ..." + sed 's|dc=example,dc=org|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db + sed 's|dc=example,dc=org|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema + echo "Building the LDAP config files: Done" + + echo "Stopping slapd service ..." + service slapd stop + echo "Stopping slapd service: Done" + + echo "Deleting exisitng LDAP configuration ..." + rm -rf /etc/ldap/slapd.d/* + rm -rf /var/lib/ldap/* + echo "Deleting existing LDAP configuration: Done" + + echo "Setting up the new LDAP configuration ..." + slapadd -n 0 -l /tmp/schema -F /etc/ldap/slapd.d/ + slapadd -n 1 -l /tmp/db + echo "Setting up the new LDAP configuration: Done" + + echo "Fixing the LDAP files permissions ..." + chown -R openldap:openldap /etc/ldap/slapd.d + chown -R openldap:openldap /var/lib/ldap + echo "Fixing the LDAP files permissions: Done" + + echo "Starting slapd service ..." + service slapd start + echo "Starting slapd service: Done" else echo "Please execute the following command on the remote LDAP server and then continue" - echo "./install_re2o.sh ldap $password $domain" + echo "./install_re2o.sh setup-ldap $password $domain" while true; do read -p "Continue (y/n)?" choice case "$choice" in @@ -286,9 +253,6 @@ write_settings_file() { extension=${13} url=${14} - SETTINGS_LOCAL_FILE='re2o/settings_local.py' - SETTINGS_EXAMPLE_FILE='re2o/settings_local.example.py' - cp $SETTINGS_EXAMPLE_FILE $SETTINGS_LOCAL_FILE django_secret_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))") @@ -322,6 +286,36 @@ write_settings_file() { +update_django() { + ### Usage: update_django + # + # This function will update the Django project by applying the migrations + # and collecting the statics + ### + + echo "Applying Django migrations ..." + python3 manage.py migrate + echo "Applying Django migrations: Done" + + echo "Collecting web frontend statics ..." + python3 manage.py collectstatic --noinput + echo "Collecting web frontend statics: Done" +} + + + +create_superuser() { + ### Usage: create_superuser + # + # This will create a user with the superuser rights for the project. + + echo "Creating a superuser ..." + python3 manage.py createsuperuser + echo "Creating a superuser: Done" +} + + + install_webserver() { ### Usage: install_webserver # @@ -669,7 +663,9 @@ interactive_guide() { $ldap_cn $ldap_tls $ldap_password $ldap_host $ldap_dn \ $email_host $email_port $extension_locale $url_server - init_django + update_django + + create_superuser install_webserver $web_serveur $is_tls $url_server @@ -684,14 +680,33 @@ interactive_guide() { # Prompt to inform the installation process is over TITLE="End of the setup" MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything." - end=$(dialog --clear --BACKTITLE "$BACKTITLE" \ + end=$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --msgbox "$MSGBOX" \ $HEIGHT $WIDTH 2>&1 >/dev/tty) } + + +interactive_update_settings() { + ### Usage: interactvie_update_settings + # + # This function will take the parameters in the example settings file, retrieve the + # existing parameters from the local settings file and ask the user for the missing parameters + ### + +} + + + main_function() { - ### Usage: main_function [ldap []] + ### Usage: main_function + # main_function update + # main_function update-django + # main_function update-packages + # main_function update-settings + # main_function reset-db [] [] [] + # main_function reset-ldap # # This function will parse the arguments to determine which part of the tool to start. # If launched with no arguments, the full setup guide will be started. @@ -703,20 +718,66 @@ main_function() { ### if [ ! -z "$1" ]; then - if [ $1 == ldap ]; then + subcmd=$1 + + case "$subcmd" in + + update ) + install_requirements + update_django + interactive_update_settings + exit;; + + update-django ) + update_django + exit;; + + update-packages ) + install_requirements + exit;; + + update-settings ) + interactive_update_settings + exit;; + + reset-db ) if [ ! -z "$2" ]; then - echo "Setting up local active directory ..." - setup_ldap $2 $3 - echo "Setting up local active directory: Done" + db_password=$2 + case "$3" in + mysql|mariadb ) + db_engine_type=1; break;; + postresql ) + db_engine_type=2; break;; + * ) + db_engine_type=1; break;; + esac + if [ ! -z "$4" ]; then db_name=$4; else db_name="re2o"; fi + if [ ! -z "$5" ]; then db_username=$5; else db_username="re2o"; fi + install_database $db_engine_type 1 $db_name $db_username $db_password else - echo "Arguments invalides !" - echo "Usage: ./install_re2o.sh [ldap []]" - exit + echo "Invalid arguments !" + echo "Usage: ./install_re2o.sh setup-db [] [] []" fi - fi + exit;; + + reset-ldap ) + if [ ! -z "$2" ] && [ ! -z "$3" ]; then + ldap_password=$2 + local_domain=$3 + install_active_directory 1 $ldap_password $local_domain + else + echo "Invalid arguments !" + echo "Usage: ./install_re2o.sh setup-ldap " + fi + exit;; + + * ) + echo "Invalid";; + + esac else - install_re2o_server + interactive_guide fi } -main_function $1 $2 $3 +main_function "$@" From e4e592a71a162edda90f54e01fd6711d1f93cf0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Thu, 17 May 2018 20:45:41 +0000 Subject: [PATCH 19/27] Ajoute une fonction 'update-settings' + cleanup --- install_re2o.sh | 353 ++++++++++++++++++++------------- install_utils/db.ldiff | 92 ++++----- install_utils/schema.ldiff | 40 ++-- re2o/settings_local.example.py | 17 +- 4 files changed, 287 insertions(+), 215 deletions(-) diff --git a/install_re2o.sh b/install_re2o.sh index 2eaf5702..5d873f39 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -4,6 +4,53 @@ SETTINGS_LOCAL_FILE='re2o/settings_local.py' SETTINGS_EXAMPLE_FILE='re2o/settings_local.example.py' +VALUE= # global value used to return values by some functions + +_ask_value() { + ### Usage _ask_value [ [ ... ] ] + # + # This function is a utility function to force a user to enter a value + # available in a set of options. + # + # Parameters: + # * text: The text to display + # * option#: A possible option for the user. If no option is specifed, + # all inputs are considered valid + # + # Echo: The value entered by the user. Should be one of the choicesN if + # not ommited + ### + + shopt -s extglob + + input_text="$1" + shift + if [ "$#" -ne 0 ]; then + choices="(" + while [ "$#" -ne 1 ]; do + choices+="$1|" + shift + done + choices+="$1)" + input_text+=" $choices: " + choices="@$choices" + else + input_text+=": " + choices="@(*)" + fi + + while true; do + read -p "$input_text" choice + case "$choice" in + $choices ) break;; + * ) echo "Invalid option";; + esac + done + + VALUE="$choice" +} + + install_requirements() { ### Usage: install_requirements @@ -57,13 +104,13 @@ install_database() { echo "Setting up the database ..." - engine_type=$1 - local_setup=$2 - db_name=$3 - username=$4 - password=$5 + engine_type="$1" + local_setup="$2" + db_name="$3" + username="$4" + password="$5" - if [ $engine_type == 1 ]; then + if [ "$engine_type" == 1 ]; then echo "Installing MySQL client ..." apt-get -y install python3-mysqldb mysql-client @@ -74,7 +121,7 @@ install_database() { GRANT ALL PRIVILEGES ON $db_name.* TO '$username'@'localhost'; FLUSH PRIVILEGES;" - if [ $local_setup == 1 ]; then + if [ "$local_setup" == 1 ]; then echo "Setting up local MySQL server ..." apt-get -y install mysql-server mysql -u root --execute="$mysql_command" @@ -102,7 +149,7 @@ install_database() { pgsql_command2="CREATE USER $username with password '$password';" pgsql_command3="ALTER DATABASE $db_name owner to $username;" - if [ $local_setup == 1 ]; then + if [ "$local_setup" == 1 ]; then echo "Setting up local PostgreSQL server ..." apt-get -y install postgresql sudo -u postgres psql --command="$pgsql_command1" @@ -131,38 +178,38 @@ install_database() { -install_active_directory() { - ### Usage: install_active_directory +install_ldap() { + ### Usage: install_ldap # - # This function will install the active directory + # This function will install the LDAP # # Parameters: - # * local_setup: Should the Active Directory be installed locally ? + # * local_setup: Should the LDAP be installed locally ? # 1 = yes # 2 = no # * password: the clear password for the admin user of the LDAP # * domain: the domain extension to use for the LDAP structure in LDAP notation ### - echo "Setting up the active direcory ..." + echo "Setting up the LDAP ..." - local_setup=$1 - password=$2 - domain=$3 + local_setup="$1" + password="$2" + domain="$3" - if [ $local_setup == 1 ]; then + if [ "$local_setup" == 1 ]; then echo "Installing slapd package ..." apt-get -y install slapd echo "Installing slapd package: Done" echo "Hashing the LDAP password ..." - hashed_ldap_passwd=$(slappasswd -s $1) + hashed_ldap_passwd="$(slappasswd -s $1)" echo "Hash of the password: $hashed_ldap_passwd" echo "Building the LDAP config files ..." - sed 's|dc=example,dc=org|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db - sed 's|dc=example,dc=org|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema + sed 's|dc=example,dc=net|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db + sed 's|dc=example,dc=net|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema echo "Building the LDAP config files: Done" echo "Stopping slapd service ..." @@ -203,7 +250,7 @@ install_active_directory() { fi - echo "Setting up the active directory: Done" + echo "Setting up the LDAP: Done" } @@ -223,13 +270,13 @@ write_settings_file() { # * sql_db_name: The name of the database itself # * sql_username: The user to use to access the database # * sql_password: The password to use to access the database - # * ldap_cn: The CN entry for the Active Directory admin in LDAP notation - # * ldap_tls: Should the TLS be activated to contact the Active Directory + # * ldap_cn: The CN entry for the LDAP admin in LDAP notation + # * ldap_tls: Should the TLS be activated to contact the LDAP # 1 = yes # 2 = no - # * ldap_password: The password to use to connect to the Active Directoryy - # * ldap_hostname: The hostname for contacting the Active Directory - # * ldap_domain: The local domain for the Active Directory in LDAP notation + # * ldap_password: The password to use to connect to the LDAP + # * ldap_hostname: The hostname for contacting the LDAP + # * ldap_domain: The local domain for the LDAP in LDAP notation # * email_hostname: The hostname for contacting the mail server # * email_port: The port for contacting the mail server # * extension: The extension to use @@ -238,48 +285,48 @@ write_settings_file() { echo "Writing of the settings_local.py file ..." - db_engine_type=$1 - sql_hostname=$2 - sql_db_name=$3 - sql_username=$4 - sql_password=$5 - ldap_cn=$6 - ldap_tls=$7 - ldap_password=$8 - ldap_hostname=$9 - ldap_domain=${10} - email_hostname=${11} - email_port=${12} - extension=${13} - url=${14} + db_engine_type="$1" + sql_hostname="$2" + sql_db_name="$3" + sql_username="$4" + sql_password="$5" + ldap_cn="$6" + ldap_tls="$7" + ldap_password="$8" + ldap_hostname="$9" + ldap_domain="${10}" + email_hostname="${11}" + email_port="${12}" + extension="${13}" + url="${14}" - cp $SETTINGS_EXAMPLE_FILE $SETTINGS_LOCAL_FILE + cp "$SETTINGS_EXAMPLE_FILE" "$SETTINGS_LOCAL_FILE" - django_secret_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))") - aes_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))") + django_secret_key="$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))")" + aes_key="$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))")" - if [ $db_engine_type == 1 ]; then - sed -i 's/db_engine/django.db.backends.mysql/g' $SETTINGS_LOCAL_FILE + if [ "$db_engine_type" == 1 ]; then + sed -i 's/db_engine/django.db.backends.mysql/g' "$SETTINGS_LOCAL_FILE" else - sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' $SETTINGS_LOCAL_FILE + sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' "$SETTINGS_LOCAL_FILE" fi - sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/A_SECRET_AES_KEY/'"$aes_key"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/db_name_value/'"$sql_db_name"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/db_user_value/'"$sql_username"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/db_host_value/'"$sql_hostname"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/ldap_dn/'"$ldap_cn"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/A_SECRET_AES_KEY/'"$aes_key"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/db_name_value/'"$sql_db_name"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/db_user_value/'"$sql_username"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/db_host_value/'"$sql_hostname"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/ldap_dn/'"$ldap_cn"'/g' "$SETTINGS_LOCAL_FILE" if [ $ldap_tls == 2 ]; then - sed -i "s/'TLS': True,/# 'TLS': True,#/g" $SETTINGS_LOCAL_FILE + sed -i "s/'TLS': True,/# 'TLS': True,/g" "$SETTINGS_LOCAL_FILE" fi - sed -i 's/SUPER_SECRET_LDAP/'"$ldap_password"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/ldap_host_ip/'"$ldap_hostname"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/dc=example,dc=org/'"$ldap_domain"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/example.org/'"$extension"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/MY_EMAIL_HOST/'"$email_hostname"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/MY_EMAIL_PORT/'"$email_port"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/URL_SERVER/'"$url"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/SUPER_SECRET_LDAP/'"$ldap_password"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/ldap_host_ip/'"$ldap_hostname"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/dc=example,dc=net/'"$ldap_domain"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/example.net/'"$extension"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/MY_EMAIL_HOST/'"$email_hostname"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/MY_EMAIL_PORT/'"$email_port"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/URL_SERVER/'"$url"'/g' "$SETTINGS_LOCAL_FILE" echo "Writing of the settings_local.py file: Done" } @@ -335,11 +382,11 @@ install_webserver() { echo "Setting up web server ..." - engine_type=$1 - tls=$2 - url=$3 + engine_type="$1" + tls="$2" + url="$3" - if [ $engine_type == 1 ]; then + if [ "$engine_type" == 1 ]; then echo "Setting up Apache2 web server ..." @@ -348,12 +395,12 @@ install_webserver() { a2enmod wsgi a2enconf javascript-common - if [ $tls == 1 ]; then + if [ "$tls" == 1 ]; then echo "Setting up TLS with LE for Apache2 web server ..." cp install_utils/apache2/re2o-tls.conf /etc/apache2/sites-available/re2o.conf apt-get -y install certbot apt-get -y install python-certbot-apache - certbot certonly --rsa-key-size 4096 --apache -d $url + certbot certonly --rsa-key-size 4096 --apache -d "$url" sed -i 's/LE_PATH/'"$url"'/g' /etc/apache2/sites-available/re2o.conf echo "Setting up TLS with LE for Apache2 web server: Done" else @@ -362,7 +409,7 @@ install_webserver() { rm /etc/apache2/sites-enabled/000-default.conf sed -i 's|URL_SERVER|'"$url"'|g' /etc/apache2/sites-available/re2o.conf - sed -i 's|PATH|'"$(pwd)"'|g' /etc/apache2/sites-available/re2o.conf + sed -i 's|PATH|'"$(pwd)"'|g' /etc/apache2/sites-available/re2o.conf a2ensite re2o echo "Setting up Apache2 web server: Done" @@ -424,9 +471,9 @@ interactive_guide() { # Welcome prompt TITLE="Welcome" MSGBOX="This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation." - init=$(dialog --clear --backtitle "$BACKTITLE" \ + init="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --msgbox "$MSGBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" @@ -441,9 +488,9 @@ interactive_guide() { MENU="Which engine should be used as the database ?" OPTIONS=(1 "mysql" 2 "postgresql") - sql_bdd_type=$(dialog --clear --backtitle "$BACKTITLE" \ + sql_bdd_type="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" # Prompt for choosing the database location TITLE="SQL location" @@ -452,31 +499,31 @@ interactive_guide() { * 'Remote' will ask you to manually perform some setup commands on the remote server" OPTIONS=(1 "Local" 2 "Remote") - sql_is_local=$(dialog --clear --backtitle "$BACKTITLE" \ + sql_is_local="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" if [ $sql_is_local == 2 ]; then # Prompt to enter the remote database hostname TITLE="SQL hostname" INPUTBOX="The hostname of the remote SQL database" - sql_host=$(dialog --clear --backtitle "$BACKTITLE" \ + sql_host="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" # Prompt to enter the remote database name TITLE="SQL database name" INPUTBOX="The name of the remote SQL database" - sql_name=$(dialog --clear --backtitle "$BACKTITLE" \ + sql_name="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" # Prompt to enter the remote database username TITLE="SQL username" INPUTBOX="The username to access the remote SQL database" - sql_login=$(dialog --clear --backtitle "$BACKTITLE" \ + sql_login="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" clear else # Use of default values for local setup @@ -488,17 +535,17 @@ interactive_guide() { # Prompt to enter the database password TITLE="SQL password" INPUTBOX="The password to access the SQL database" - sql_password=$(dialog --clear --backtitle "$BACKTITLE" \ + sql_password="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" - ############################## - ## Active directory options ## - ############################## + ################## + ## LDAP options ## + ################## - BACKTITLE="Re2o setup - configuration of the active directory" + BACKTITLE="Re2o setup - configuration of the LDAP" # Prompt to choose the LDAP location TITLE="LDAP location" @@ -507,16 +554,16 @@ interactive_guide() { * 'Remote' will ask you to manually perform some setup commands on the remote server" OPTIONS=(1 "Local" 2 "Remote") - ldap_is_local=$(dialog --clear --backtitle "$BACKTITLE" \ + ldap_is_local="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" # Prompt to enter the LDAP domain extension TITLE="Domain extension" INPUTBOX="The local domain extension to use (e.g. 'example.net'). This is used in the LDAP configuration." - extension_locale=$(dialog --clear --backtitle "$BACKTITLE" \ + extension_locale="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" # Building the DN of the LDAP from the extension IFS='.' read -a extension_locale_array <<< $extension_locale @@ -524,34 +571,34 @@ interactive_guide() { do ldap_dn+="dc=$i," done - ldap_dn=${ldap_dn::-1} + ldap_dn="${ldap_dn::-1}" - if [ $ldap_is_local == 2 ]; then + if [ "$ldap_is_local" == 2 ]; then # Prompt to enter the remote LDAP hostname TITLE="LDAP hostname" INPUTBOX="The hostname of the remote LDAP" - ldap_host=$(dialog --clear --backtitle "$BACKTITLE" \ + ldap_host="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" # Prompt to choose if TLS should be activated or not for the LDAP TITLE="TLS on LDAP" MENU="Would you like to activate TLS for communicating with the remote LDAP ?" OPTIONS=(1 "Yes" 2 "No") - ldap_tls=$(dialog --clear --backtitle "$BACKTITLE" \ + ldap_tls="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --MENU "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" # Prompt to enter the admin's CN of the remote LDAP TITLE="CN of amdin user" INPUTBOX="The CN entry for the admin user of the remote LDAP" - ldap_cn=$(dialog --clear --backtitle "$BACKTITLE" \ + ldap_cn="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" else ldap_cn="cn=admin," - ldap_cn+=$ldap_dn + ldap_cn+="$ldap_dn" ldap_host="localhost" ldap_tls=2 fi @@ -559,9 +606,9 @@ interactive_guide() { # Prompt to enter the LDAP password TITLE="LDAP password" INPUTBOX="The password to access the LDAP" - ldap_password=$(dialog --clear --backtitle "$BACKTITLE" \ + ldap_password="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" @@ -574,9 +621,9 @@ interactive_guide() { # Prompt to enter the hostname of the mail server TITLE="Mail server hostname" INPUTBOX="The hostname of the mail server to use" - email_host=$(dialog --clear --backtitle "$BACKTITLE" \ + email_host="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$TITLE" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" # Prompt to choose the port of the mail server TITLE="Mail server port" @@ -584,9 +631,9 @@ interactive_guide() { OPTIONS=(25 "SMTP" 465 "SMTPS" 587 "Submission") - email_port=$(dialog --clear --backtitle "$BACKTITLE" \ + email_port="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" @@ -601,25 +648,25 @@ interactive_guide() { MENU="Which web server to install for accessing Re2o web frontend (automatic setup of nginx is not supported) ?" OPTIONS=(1 "apache2" 2 "nginx") - web_serveur=$(dialog --clear --backtitle "$BACKTITLE" \ + web_serveur="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" # Prompt to enter the requested URL for the web frontend TITLE="Web URL" INPUTBOX="URL for accessing the web server (e.g. re2o.example.net). Be sure that this URL is accessible and correspond to a DNS entry (if applicable)." - url_server=$(dialog --clear --backtitle "$BACKTITLE" \ + url_server="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" # Prompt to choose if the TLS should be setup or not for the web server TITLE="TLS on web server" MENU="Would you like to activate the TLS (with Let'Encrypt) on the web server ?" OPTIONS=(1 "Yes" 2 "No") - is_tls=$(dialog --clear --backtitle "$BACKTITLE" \ + is_tls="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" @@ -640,9 +687,9 @@ interactive_guide() { * Collect the statics for the web interface * Install and setup the requested web server * Install and setup a TLS certificate for the web server if requested" - end_config=$(dialog --clear --backtitle "$BACKTITLE" \ + end_config="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --msgbox "$MSGBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" clear @@ -654,20 +701,20 @@ interactive_guide() { install_requirements - install_database $sql_bdd_type $sql_is_local $sql_name $sql_login $sql_password + install_database "$sql_bdd_type" "$sql_is_local" "$sql_name" "$sql_login" "$sql_password" - install_active_directory $ldap_is_local $ldap_password $ldap_dn + install_ldap "$ldap_is_local" "$ldap_password" "$ldap_dn" - write_settings_file $sql_bdd_type $sql_host $sql_name $sql_login $sql_password \ - $ldap_cn $ldap_tls $ldap_password $ldap_host $ldap_dn \ - $email_host $email_port $extension_locale $url_server + write_settings_file "$sql_bdd_type" "$sql_host" "$sql_name" "$sql_login" "$sql_password" \ + "$ldap_cn" "$ldap_tls" "$ldap_password" "$ldap_host" "$ldap_dn" \ + "$email_host" "$email_port" "$extension_locale" "$url_server" update_django create_superuser - install_webserver $web_serveur $is_tls $url_server + install_webserver "$web_serveur" "$is_tls" "$url_server" @@ -680,9 +727,9 @@ interactive_guide() { # Prompt to inform the installation process is over TITLE="End of the setup" MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything." - end=$(dialog --clear --backtitle "$BACKTITLE" \ + end="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --msgbox "$MSGBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" } @@ -694,6 +741,23 @@ interactive_update_settings() { # This function will take the parameters in the example settings file, retrieve the # existing parameters from the local settings file and ask the user for the missing parameters ### + _ask_value "Database engine" "mysql" "postgresql"; if [ "$VALUE" == "mysql" ]; then db_engine_type=1; else db_engine_type=2; fi + _ask_value "Database hostname"; sql_hostname="$VALUE" + _ask_value "Database name"; sql_db_name="$VALUE" + _ask_value "Database username"; sql_username="$VALUE" + _ask_value "Database password"; sql_password="$VALUE" + _ask_value "LDAP hostname"; ldap_hostname="$VALUE" + _ask_value "Activate TLS on LDAP" "yes" "no"; if [ "$VALUE" == "mysql" ]; then ldap_tls=1; else ldap_tls=2; fi + _ask_value "LDAP domain (e.g. 'dc=example,dc=net')"; ldap_domain="$VALUE" + _ask_value "LDAP admin CN entry (e.g. 'cn=admin,dc=example,dc=net')"; ldap_cn="$VALUE" + _ask_value "LDAP password"; ldap_password="$VALUE" + _ask_value "Mail server hostname"; email_hostname="$VALUE" + _ask_value "Mail server port" "25" "465" "587"; email_port="$VALUE" + _ask_value "Extension de domain (e.g. 'example.net')"; extension="$VALUE" + _ask_value "Main URL"; url="$VALUE" + write_settings_file "$db_engine_type" "$sql_hostname" "$sql_db_name" "$sql_username" "$sql_password" \ + "$ldap_cn" "$ldap_tls" "$ldap_password" "$ldap_hostname" "$ldap_domain" \ + "$email_hostname" "$email_port" "$extension" "$url" } @@ -718,7 +782,7 @@ main_function() { ### if [ ! -z "$1" ]; then - subcmd=$1 + subcmd="$1" case "$subcmd" in @@ -726,53 +790,62 @@ main_function() { install_requirements update_django interactive_update_settings - exit;; + ;; update-django ) update_django - exit;; + ;; update-packages ) install_requirements - exit;; + ;; update-settings ) interactive_update_settings - exit;; + ;; reset-db ) if [ ! -z "$2" ]; then - db_password=$2 + db_password="$2" case "$3" in - mysql|mariadb ) - db_engine_type=1; break;; + mysql ) + db_engine_type=1;; postresql ) - db_engine_type=2; break;; + db_engine_type=2;; * ) - db_engine_type=1; break;; + db_engine_type=1;; esac - if [ ! -z "$4" ]; then db_name=$4; else db_name="re2o"; fi - if [ ! -z "$5" ]; then db_username=$5; else db_username="re2o"; fi - install_database $db_engine_type 1 $db_name $db_username $db_password + if [ ! -z "$4" ]; then + db_name="$4" + else + db_name="re2o" + fi + if [ ! -z "$5" ]; then + db_username="$5" + else + db_username="re2o" + fi + install_database "$db_engine_type" 1 "$db_name" "$db_username" "$db_password" else echo "Invalid arguments !" echo "Usage: ./install_re2o.sh setup-db [] [] []" fi - exit;; + ;; reset-ldap ) if [ ! -z "$2" ] && [ ! -z "$3" ]; then - ldap_password=$2 - local_domain=$3 - install_active_directory 1 $ldap_password $local_domain + ldap_password="$2" + local_domain="$3" + install_ldap 1 "$ldap_password" "$local_domain" else echo "Invalid arguments !" echo "Usage: ./install_re2o.sh setup-ldap " fi - exit;; + ;; * ) - echo "Invalid";; + echo "Invalid" + ;; esac else diff --git a/install_utils/db.ldiff b/install_utils/db.ldiff index f73c029e..ed265811 100644 --- a/install_utils/db.ldiff +++ b/install_utils/db.ldiff @@ -1,38 +1,38 @@ -dn: dc=example,dc=org +dn: dc=example,dc=net o: rezo structuralObjectClass: organization entryUUID: fc97a0fe-514b-1034-9e4d-59675b32507b -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20150225150906Z description: ldap objectClass: top objectClass: dcObject objectClass: organization entryCSN: 20151003212702.245118Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20151003212702Z contextCSN: 20161004233332.689769Z#000000#000#000000 -dn: cn=admin,dc=example,dc=org +dn: cn=admin,dc=example,dc=net objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin structuralObjectClass: organizationalRole entryUUID: fc97fa72-514b-1034-9e4e-59675b32507b -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20150225150906Z description:: TERBUCBhZG1pbmlzdHJhdG9yDQo= userPassword: FILL_IT entryCSN: 20160604005945.576566Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160604005945Z -dn: cn=Utilisateurs,dc=example,dc=org +dn: cn=Utilisateurs,dc=example,dc=net gidNumber: 500 cn: Utilisateurs structuralObjectClass: posixGroup entryUUID: 5d53854e-5204-1034-8c61-8da535cabdfc -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20150226130856Z sambaSID: 500 uid: Users @@ -41,143 +41,143 @@ objectClass: top objectClass: sambaSamAccount objectClass: radiusprofile entryCSN: 20150226130950.194154Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20150226130950Z -dn: ou=groups,dc=example,dc=org +dn: ou=groups,dc=example,dc=net objectClass: organizationalUnit description: Groupes d'utilisateurs ou: groups structuralObjectClass: organizationalUnit entryUUID: 986aa1b6-bb86-1035-9a4c-2ff0c800ec24 -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160531142039Z entryCSN: 20160531142039.780151Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160531142039Z -dn: ou=services,ou=groups,dc=example,dc=org +dn: ou=services,ou=groups,dc=example,dc=net objectClass: organizationalUnit description: Groupes de comptes techniques ou: services structuralObjectClass: organizationalUnit entryUUID: cbb56904-bc6a-1035-9fbb-3dc3850d88ba -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160601173411Z entryCSN: 20160601173411.088359Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160601173411Z -dn: ou=service-users,dc=example,dc=org +dn: ou=service-users,dc=example,dc=net objectClass: organizationalUnit description: Utilisateurs techniques de l'annuaire ou: service-users structuralObjectClass: organizationalUnit entryUUID: 0e397270-bc6b-1035-9fbd-3dc3850d88ba -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160601173602Z entryCSN: 20160601173602.683304Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160601173602Z -dn: cn=freeradius,ou=service-users,dc=example,dc=org +dn: cn=freeradius,ou=service-users,dc=example,dc=net objectClass: applicationProcess objectClass: simpleSecurityObject cn: freeradius userPassword: FILL_IT structuralObjectClass: applicationProcess entryUUID: 8596e4ec-bc6b-1035-9fbf-3dc3850d88ba -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160601173922Z entryCSN: 20160601173922.944598Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160601173922Z -dn: cn=nssauth,ou=service-users,dc=example,dc=org +dn: cn=nssauth,ou=service-users,dc=example,dc=net objectClass: applicationProcess objectClass: simpleSecurityObject cn: nssauth structuralObjectClass: applicationProcess entryUUID: cfbdadc6-bc6b-1035-9fc4-3dc3850d88ba -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160601174127Z userPassword: FILL_IT entryCSN: 20160603093724.770069Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160603093724Z -dn: cn=auth,ou=services,ou=groups,dc=example,dc=org +dn: cn=auth,ou=services,ou=groups,dc=example,dc=net objectClass: groupOfNames cn: auth -member: cn=nssauth,ou=service-users,dc=example,dc=org +member: cn=nssauth,ou=service-users,dc=example,dc=net structuralObjectClass: groupOfNames entryUUID: 98524836-bc6d-1035-9fc7-3dc3850d88ba -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160601175413Z entryCSN: 20160620005705.309928Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160620005705Z -dn: ou=posix,ou=groups,dc=example,dc=org +dn: ou=posix,ou=groups,dc=example,dc=net objectClass: organizationalUnit description: Groupes de comptes POSIX ou: posix structuralObjectClass: organizationalUnit entryUUID: fbd89c4a-bdb5-1035-9045-d5a09894d93e -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160603090455Z entryCSN: 20160603090455.267192Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160603090455Z -dn: cn=wifi,ou=service-users,dc=example,dc=org +dn: cn=wifi,ou=service-users,dc=example,dc=net objectClass: applicationProcess objectClass: simpleSecurityObject cn: wifi structuralObjectClass: applicationProcess entryUUID: 8cc2d1a6-bdc2-1035-9051-d5a09894d93e -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160603103452Z userPassword: FILL_IT entryCSN: 20160603103638.682210Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160603103638Z -dn: cn=usermgmt,ou=services,ou=groups,dc=example,dc=org +dn: cn=usermgmt,ou=services,ou=groups,dc=example,dc=net objectClass: groupOfNames cn: usermgmt structuralObjectClass: groupOfNames entryUUID: ec01e206-bdc2-1035-9054-d5a09894d93e -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160603103732Z -member: cn=wifi,ou=service-users,dc=example,dc=org +member: cn=wifi,ou=service-users,dc=example,dc=net entryCSN: 20160603103746.897151Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160603103746Z -dn: cn=replica,ou=service-users,dc=example,dc=org +dn: cn=replica,ou=service-users,dc=example,dc=net objectClass: applicationProcess objectClass: simpleSecurityObject cn: replica structuralObjectClass: applicationProcess entryUUID: caef5c54-c0e4-1035-948f-dfe369fe3d4f -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160607101733Z userPassword: FILL_IT entryCSN: 20160607101829.424643Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160607101829Z -dn: cn=readonly,ou=services,ou=groups,dc=example,dc=org +dn: cn=readonly,ou=services,ou=groups,dc=example,dc=net objectClass: groupOfNames cn: readonly structuralObjectClass: groupOfNames entryUUID: f6bd2366-c0e4-1035-9492-dfe369fe3d4f -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160607101846Z -member: cn=replica,ou=service-users,dc=example,dc=org -member: cn=freeradius,ou=service-users,dc=example,dc=org +member: cn=replica,ou=service-users,dc=example,dc=net +member: cn=freeradius,ou=service-users,dc=example,dc=net entryCSN: 20160619214628.287369Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160619214628Z diff --git a/install_utils/schema.ldiff b/install_utils/schema.ldiff index e8b934aa..e2b0e35f 100644 --- a/install_utils/schema.ldiff +++ b/install_utils/schema.ldiff @@ -1108,35 +1108,35 @@ objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap -olcSuffix: dc=example,dc=org +olcSuffix: dc=example,dc=net olcAccess: {0}to attrs=userPassword,sambaNTPassword,mail by self write by an - onymous auth by dn="cn=admin,dc=example,dc=org" write by group="cn - =readonly,ou=services,ou=groups,dc=example,dc=org" read by group=" - cn=usermgmt,ou=services,ou=groups,dc=example,dc=org" write by * no + onymous auth by dn="cn=admin,dc=example,dc=net" write by group="cn + =readonly,ou=services,ou=groups,dc=example,dc=net" read by group=" + cn=usermgmt,ou=services,ou=groups,dc=example,dc=net" write by * no ne olcAccess: {1}to attrs=shadowLastChange,gecos,loginShell by self write by an - onymous auth by dn="cn=admin,dc=example,dc=org" write by group="cn - =readonly,ou=services,ou=groups,dc=example,dc=org" read by group=" - cn=auth,ou=services,ou=groups,dc=example,dc=org" read by group="cn - =usermgmt,ou=services,ou=groups,dc=example,dc=org" write by * none + onymous auth by dn="cn=admin,dc=example,dc=net" write by group="cn + =readonly,ou=services,ou=groups,dc=example,dc=net" read by group=" + cn=auth,ou=services,ou=groups,dc=example,dc=net" read by group="cn + =usermgmt,ou=services,ou=groups,dc=example,dc=net" write by * none olcAccess: {2}to dn.base="" by * read -olcAccess: {3}to dn.sub="ou=groups,dc=example,dc=org" by group="cn= - auth,ou=services,ou=groups,dc=example,dc=org" read by group="cn=re - adonly,ou=services,ou=groups,dc=example,dc=org" read -olcAccess: {4}to dn.sub="cn=Utilisateurs,dc=example,dc=org" by grou - p="cn=auth,ou=services,ou=groups,dc=example,dc=org" read by self r - ead by group="cn=readonly,ou=services,ou=groups,dc=example,dc=org" +olcAccess: {3}to dn.sub="ou=groups,dc=example,dc=net" by group="cn= + auth,ou=services,ou=groups,dc=example,dc=net" read by group="cn=re + adonly,ou=services,ou=groups,dc=example,dc=net" read +olcAccess: {4}to dn.sub="cn=Utilisateurs,dc=example,dc=net" by grou + p="cn=auth,ou=services,ou=groups,dc=example,dc=net" read by self r + ead by group="cn=readonly,ou=services,ou=groups,dc=example,dc=net" read by group="cn=usermgmt,ou=services,ou=groups,dc=example,dc=or g" write -olcAccess: {5}to dn.sub="ou=service-users,dc=example,dc=org" by gro - up="cn=auth,ou=services,ou=groups,dc=example,dc=org" read by group - ="cn=readonly,ou=services,ou=groups,dc=example,dc=org" read -olcAccess: {6}to dn.base="dc=example,dc=org" by * read -olcAccess: {7}to * by dn="cn=admin,dc=example,dc=org" write by self +olcAccess: {5}to dn.sub="ou=service-users,dc=example,dc=net" by gro + up="cn=auth,ou=services,ou=groups,dc=example,dc=net" read by group + ="cn=readonly,ou=services,ou=groups,dc=example,dc=net" read +olcAccess: {6}to dn.base="dc=example,dc=net" by * read +olcAccess: {7}to * by dn="cn=admin,dc=example,dc=net" write by self read by group="cn=readonly,ou=services,ou=groups,dc=example,dc=or g" read olcLastMod: TRUE -olcRootDN: cn=admin,dc=example,dc=org +olcRootDN: cn=admin,dc=example,dc=net olcRootPW: FILL_IT olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 diff --git a/re2o/settings_local.example.py b/re2o/settings_local.example.py index ef017c5d..e15455df 100644 --- a/re2o/settings_local.example.py +++ b/re2o/settings_local.example.py @@ -19,9 +19,8 @@ # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -"""re2o.settings_locale.example -The example settings_locale.py file with all the available -options for a locale configuration of re2o +"""re2o.settings_locale +The file with all the available options for a locale configuration of re2o """ from __future__ import unicode_literals @@ -41,7 +40,7 @@ AES_KEY = 'A_SECRET_AES_KEY' DEBUG = False # A list of admins of the services. Receive mails when an error occurs -ADMINS = [('Example', 'rezo-admin@example.org')] +ADMINS = [('Example', 'admin@example.net')] # The list of hostname the server will respond to. ALLOWED_HOSTS = ['URL_SERVER'] @@ -81,16 +80,16 @@ SESSION_COOKIE_AGE = 60 * 60 * 3 LOGO_PATH = "static_files/logo.png" # The mail configuration for Re2o to send mails -SERVER_EMAIL = 'no-reply@example.org' # The mail address to use +SERVER_EMAIL = 'no-reply@example.net' # The mail address to use EMAIL_HOST = 'MY_EMAIL_HOST' # The host to use EMAIL_PORT = MY_EMAIL_PORT # The port to use # Settings of the LDAP structure LDAP = { - 'base_user_dn': 'cn=Utilisateurs,dc=example,dc=org', - 'base_userservice_dn': 'ou=service-users,dc=example,dc=org', - 'base_usergroup_dn': 'ou=posix,ou=groups,dc=example,dc=org', - 'base_userservicegroup_dn': 'ou=services,ou=groups,dc=example,dc=org', + 'base_user_dn': 'cn=Utilisateurs,dc=example,dc=net', + 'base_userservice_dn': 'ou=service-users,dc=example,dc=net', + 'base_usergroup_dn': 'ou=posix,ou=groups,dc=example,dc=net', + 'base_userservicegroup_dn': 'ou=services,ou=groups,dc=example,dc=net', 'user_gid': 500, } From a5006fae93acd49a991d450af8c0e94340a617c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Thu, 17 May 2018 21:27:21 +0000 Subject: [PATCH 20/27] Fix wrong variable name --- install_re2o.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/install_re2o.sh b/install_re2o.sh index 5d873f39..cca0cc09 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -204,12 +204,12 @@ install_ldap() { echo "Installing slapd package: Done" echo "Hashing the LDAP password ..." - hashed_ldap_passwd="$(slappasswd -s $1)" + hashed_ldap_passwd="$(slappasswd -s $password)" echo "Hash of the password: $hashed_ldap_passwd" echo "Building the LDAP config files ..." - sed 's|dc=example,dc=net|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db - sed 's|dc=example,dc=net|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema + sed 's|dc=example,dc=net|'"$domain"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db + sed 's|dc=example,dc=net|'"$domain"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema echo "Building the LDAP config files: Done" echo "Stopping slapd service ..." From ddc87ded36fa86c08748d4e06d345f5e76730782 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Thu, 17 May 2018 21:38:46 +0000 Subject: [PATCH 21/27] Fix invisible character --- install_re2o.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install_re2o.sh b/install_re2o.sh index cca0cc09..f77c8679 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -728,7 +728,7 @@ interactive_guide() { TITLE="End of the setup" MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything." end="$(dialog --clear --backtitle "$BACKTITLE" \ - --title "$TITLE" --msgbox "$MSGBOX" \ + --title "$TITLE" --msgbox "$MSGBOX" \ $HEIGHT $WIDTH 2>&1 >/dev/tty)" } From 1541434e8f768b9b3a67767e4334cae325848978 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Thu, 17 May 2018 22:51:29 +0000 Subject: [PATCH 22/27] Update help subcommand in install_re2o.sh --- install_re2o.sh | 75 ++++++++++++++++++++++++++++++++++--------------- 1 file changed, 52 insertions(+), 23 deletions(-) diff --git a/install_re2o.sh b/install_re2o.sh index f77c8679..222262bf 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -28,12 +28,12 @@ _ask_value() { if [ "$#" -ne 0 ]; then choices="(" while [ "$#" -ne 1 ]; do - choices+="$1|" + choices+="$1|" shift done - choices+="$1)" - input_text+=" $choices: " - choices="@$choices" + choices+="$1)" + input_text+=" $choices: " + choices="@$choices" else input_text+=": " choices="@(*)" @@ -764,28 +764,56 @@ interactive_update_settings() { main_function() { - ### Usage: main_function - # main_function update - # main_function update-django - # main_function update-packages - # main_function update-settings - # main_function reset-db [] [] [] - # main_function reset-ldap + ### Usage: main_function [subcommand [options]] # # This function will parse the arguments to determine which part of the tool to start. - # If launched with no arguments, the full setup guide will be started. - # If launched with the 'ldap' argument, only the ldap setup will performed. - # - # Parameters: - # * ldap_password: the clear password for the admin user of the LDAP - # * local_domain: the domain extension to use for the LDAP structure in LDAP notation + # Refer to the help message below for the details of the parameters ### - if [ ! -z "$1" ]; then + if [ -z "$1" ] || [ "$1" == "help" ]; then + echo "" + echo "Usage: install_re2o [subcommand [options]]" + echo "" + echo "The 'install_re2o' script is a utility script to setup, configure, reset and update" + echo "some components of re2o. Please refer to the following details for more." + echo "" + echo "Sub-commands:" + echo " * [no subcommand] - Display this quick usage documentation" + echo " * {help} ---------- Display this quick usage documentation" + echo " * {setup} --------- Launch the full interactive guide to setup entirely" + echo " re2o from scratch" + echo " * {update} -------- Apply Django migrations, collect frontend statics and" + echo " install the missing APT and pip packages and" + echo " interactively rewrite the settings file" + echo " * {update-django} - Apply Django migration, collect and frontend statics" + echo " * {update-packages} Install the missing APT and pip packages" + echo " * {update-settings} Interactively rewrite the settings file" + echo " * {reset-db} ------ Erase the previous local database, setup a new empty" + echo " one and apply the Django migrations on it." + echo " Parameters:" + echo " * -- the clear-text password to connect to the database" + echo " * [db_engine_type] the SQL engine to use ('mysql' or 'postgresql')." + echo " Default is 'mysql'." + echo " * [db_name] ------ the name of the database itself." + echo " Default is 're2o'." + echo " * [db_username] -- the username to connect to the database." + echo " Default is 're2o'." + echo " * {reset-ldap} ---- Erase the previous local LDAP and setup a new empty one" + echo " Parameters:" + echo " * the clear-text password for the admin user of the" + echo " LDAP" + echo " * the domain extension to use for the LDAP structure" + echo " in LDAP notation" + echo "" + else subcmd="$1" case "$subcmd" in + setup ) + interactive_guide + ;; + update ) install_requirements update_django @@ -828,7 +856,8 @@ main_function() { install_database "$db_engine_type" 1 "$db_name" "$db_username" "$db_password" else echo "Invalid arguments !" - echo "Usage: ./install_re2o.sh setup-db [] [] []" + echo "Usage: install_re2o setup-db [] [] []" + echo "See 'install_re2o help' for further help" fi ;; @@ -839,17 +868,17 @@ main_function() { install_ldap 1 "$ldap_password" "$local_domain" else echo "Invalid arguments !" - echo "Usage: ./install_re2o.sh setup-ldap " + echo "Usage: install_re2o setup-ldap " + echo "See 'install_re2o help' for further help" fi ;; * ) - echo "Invalid" + echo "Unknown subcommand: $subcmd" + echo "Use 'install_re2o help' to display some help" ;; esac - else - interactive_guide fi } From f81d94ea28ca78b1ab61f7112dd4767961dbcc6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Thu, 17 May 2018 22:58:25 +0000 Subject: [PATCH 23/27] Reset BDD provoque apply migrations et collect statics --- install_re2o.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/install_re2o.sh b/install_re2o.sh index 222262bf..6fe11972 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -789,7 +789,8 @@ main_function() { echo " * {update-packages} Install the missing APT and pip packages" echo " * {update-settings} Interactively rewrite the settings file" echo " * {reset-db} ------ Erase the previous local database, setup a new empty" - echo " one and apply the Django migrations on it." + echo " one and apply the Django migrations on it and collect" + echo " Django statics." echo " Parameters:" echo " * -- the clear-text password to connect to the database" echo " * [db_engine_type] the SQL engine to use ('mysql' or 'postgresql')." @@ -854,6 +855,7 @@ main_function() { db_username="re2o" fi install_database "$db_engine_type" 1 "$db_name" "$db_username" "$db_password" + update-django else echo "Invalid arguments !" echo "Usage: install_re2o setup-db [] [] []" From ccc741f7f568b86684e02c4c30db9fb82b12a48b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Sun, 20 May 2018 00:17:23 +0000 Subject: [PATCH 24/27] Remove update-settings from update subcommand --- install_re2o.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/install_re2o.sh b/install_re2o.sh index 6fe11972..41c5482c 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -782,10 +782,9 @@ main_function() { echo " * {help} ---------- Display this quick usage documentation" echo " * {setup} --------- Launch the full interactive guide to setup entirely" echo " re2o from scratch" - echo " * {update} -------- Apply Django migrations, collect frontend statics and" - echo " install the missing APT and pip packages and" - echo " interactively rewrite the settings file" - echo " * {update-django} - Apply Django migration, collect and frontend statics" + echo " * {update} -------- Collect frontend statics, install the missing APT" + echo " and pip packages and apply the migrations to the DB" + echo " * {update-django} - Apply Django migration and collect frontend statics" echo " * {update-packages} Install the missing APT and pip packages" echo " * {update-settings} Interactively rewrite the settings file" echo " * {reset-db} ------ Erase the previous local database, setup a new empty" @@ -818,7 +817,6 @@ main_function() { update ) install_requirements update_django - interactive_update_settings ;; update-django ) From 38bf10ab99a91b2b0bb94cddc9db81700482fcbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Sun, 20 May 2018 12:01:52 +0000 Subject: [PATCH 25/27] Typo and use _ask_value everywhere --- install_re2o.sh | 44 ++++++++------------------------------------ 1 file changed, 8 insertions(+), 36 deletions(-) diff --git a/install_re2o.sh b/install_re2o.sh index 41c5482c..55866db8 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -17,7 +17,7 @@ _ask_value() { # * option#: A possible option for the user. If no option is specifed, # all inputs are considered valid # - # Echo: The value entered by the user. Should be one of the choicesN if + # Echo: The value entered by the user. Should be one of the choices if # not ommited ### @@ -56,7 +56,7 @@ install_requirements() { ### Usage: install_requirements # # This function will install the required packages from APT repository - # and Pypi repository. Those packages are qll required for Re2o to work + # and Pypi repository. Those packages are all required for Re2o to work # properly. ### @@ -129,14 +129,7 @@ install_database() { else echo "Please execute the following command on the remote SQL server and then continue" echo "$mysql_command" - while true; do - read -p "Continue (y/n)?" choice - case "$choice" in - y|Y ) break;; - n|N ) exit;; - * ) echo "Invalid";; - esac - done + _ask_value "Continue" "yes" "no"; if [ "$VALUE" == "no" ]; then exit; fi fi else @@ -161,14 +154,7 @@ install_database() { echo "sudo -u postgres psql $pgsql_command1" echo "sudo -u postgres psql $pgsql_command2" echo "sudo -u postgres psql $pgsql_command3" - while true; do - read -p "Continue (y/n)?" choice - case "$choice" in - y|Y ) break;; - n|N ) exit;; - * ) echo "Invalid";; - esac - done + _ask_value "Continue" "yes" "no"; if [ "$VALUE" == "no" ]; then exit; fi fi fi @@ -239,14 +225,7 @@ install_ldap() { echo "Please execute the following command on the remote LDAP server and then continue" echo "./install_re2o.sh setup-ldap $password $domain" - while true; do - read -p "Continue (y/n)?" choice - case "$choice" in - y|Y ) break;; - n|N ) exit;; - * ) echo "Invalid";; - esac - done + _ask_value "Continue" "yes" "no"; if [ "$VALUE" == "no" ]; then exit; fi fi @@ -421,15 +400,8 @@ install_webserver() { else echo "Nginx automatic setup is not supported. Please configure it manually." - echo "Please onfirm you have acknowledged this message." - while true; do - read -p "Acknowledged (y/n)?" choice - case "$choice" in - y|Y ) break;; - n|N ) exit;; - * ) echo "Invalid";; - esac - done + echo "Please confirm you have acknowledged this message." + _ask_value "Acknowledged" "yes" fi @@ -726,7 +698,7 @@ interactive_guide() { # Prompt to inform the installation process is over TITLE="End of the setup" - MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything." + MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user has the superuser rights, meaning he can access and do everything." end="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --msgbox "$MSGBOX" \ $HEIGHT $WIDTH 2>&1 >/dev/tty)" From 3b706722f7bfa688fa34283c01217aaad7e16912 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Mon, 21 May 2018 14:15:35 +0000 Subject: [PATCH 26/27] Update changelog and readme --- CHANGELOG.md | 12 +++- README.md | 161 +-------------------------------------------------- 2 files changed, 14 insertions(+), 159 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3dc6318b..df52caf0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -## Datepicker +## MR 160: Datepicker Install libjs-jquery libjs-jquery-ui libjs-jquery-timepicker libjs-bootstrap javascript-common ``` @@ -20,3 +20,13 @@ rm -r static_files/js/jquery-ui-* rm static_files/js/jquery-2.2.4.min.js rm static/css/jquery-ui-timepicker-addon.css ``` + + +## MR 163: Fix install re2o + +Refactored install_re2o.sh script. +* There are more tools available with it but some fucntion have changed, report to [the dedicated wiki page](for more informations) or run: +``` +install_re2o.sh help +``` +* The installation templates (LDIF files and `re2o/settings_locale.example.py`) have been changed to use `example.net` instead of `example.org` (more neutral and generic) diff --git a/README.md b/README.md index a99a76f2..d3de9163 100644 --- a/README.md +++ b/README.md @@ -18,165 +18,10 @@ le réseau (adhérent à jour de cotisation). # Installation -## Installation des dépendances +Un tutoriel pour installer le projet est disponible [sur le wiki](https://gitlab.federez.net/federez/re2o/wikis/User%20Documentation/Quick%20Start). -L'installation comporte 3 partie : le serveur web où se trouve le depot re2o -ainsi que toutes ses dépendances, le serveur bdd (mysql ou pgsql) et le -serveur ldap. Ces 3 serveurs peuvent en réalité être la même machine, ou séparés -(recommandé en production). -Le serveur web sera nommé serveur A, le serveur bdd serveur B et le serveur ldap -serveur C. - -### Prérequis sur le serveur A - -Voici la liste des dépendances à installer sur le serveur principal (A). - -### Avec apt : - -#### Sous debian 9 - -Paquets obligatoires: - * python3-django (1.10, stretch) - * python3-dateutil (stretch) - * texlive-latex-base (stretch) - * texlive-fonts-recommended (strech) - * python3-djangorestframework (stretch) - * python3-django-reversion (stretch) - * python3-pip (stretch) - -Paquet recommandés: - * python3-django-extensions (stretch) - - -### Autres dépendances : - -Paquets préalables à installer avec apt : - * libsasl2-dev (stable) - * libldap2-dev (stable) - * libssl-dev (stable) - -Avec pip3 (pip3 install): - * django-bootstrap3 - * django-ldapdb - * django-macaddress - -Moteur de db conseillé (mysql), postgresql fonctionne également. -Pour mysql, il faut installer : - * python3-mysqldb - * mysql-client - -### Prérequis sur le serveur B - -Sur le serveur B, installer mysql ou postgresql, dans la version stretch. - * mysql-server (stretch) ou postgresql (stretch) - -### Prérequis sur le serveur C -Sur le serveur C (ldap), avec apt : - * slapd (stretch) - -### Installation sur le serveur principal A - -Cloner le dépot re2o à partir du gitlab, par exemple dans /var/www/re2o. -Ensuite, il faut créer le fichier settings_local.py dans le sous dossier re2o, -un settings_local.example.py est présent. Les options sont commentées, et des -options par défaut existent. - -En particulier, il est nécessaire de générer un login/mdp admin pour le ldap et -un login/mdp pour l'utilisateur sql (cf ci-dessous), à mettre dans -settings_local.py - -### Installation du serveur mysql/postgresql sur B - -Sur le serveur mysql ou postgresl, il est nécessaire de créer une base de -donnée re2o, ainsi qu'un user re2o et un mot de passe associé. -Ne pas oublier de faire écouter le serveur mysql ou postgresql avec les acl -nécessaire pour que A puisse l'utiliser. - -#### Mysql -Voici les étapes à éxecuter pour mysql : - * CREATE DATABASE re2o collate='utf8_general_ci'; - * CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password'; - * GRANT ALL PRIVILEGES ON re2o.* TO 'newuser'@'localhost'; - * FLUSH PRIVILEGES; - -#### Postgresql - * CREATE DATABASE re2o ENCODING 'UTF8' LC_COLLATE='fr_FR.UTF-8' -LC_CTYPE='fr_FR.UTF-8'; - * CREATE USER newuser with password 'password'; - * ALTER DATABASE re2o owner to newuser; - -Si les serveurs A et B ne sont pas la même machine, il est nécessaire de -remplacer localhost par l'ip avec laquelle A contacte B dans les commandes -du dessus. -Une fois ces commandes effectuées, ne pas oublier de vérifier que newuser et -password sont présents dans settings_local.py - -### Installation du serveur ldap sur le serveur C - -Ceci se fait en plusieurs étapes : - * générer un login/mdp administrateur (par example mkpasswd sous debian) - * Copier depuis re2o/install_utils (dans le dépot re2o) les fichiers db.ldiff -et schema.ldiff (normalement sur le serveur A) sur le serveur C -(par ex dans /tmp) - * Hasher le mot de passe généré en utilisant la commande slappasswd -(installée par slapd) - * Remplacer toutes les sections FILL_IN par le hash dans schema.ldiff et -db.ldiff - * Remplacer dans schema.ldiff et db.ldiff 'dc=example,dc=org' par le -suffixe de l'organisation - * Arréter slapd - * Supprimer les données existantes : '''rm -rf /etc/ldap/slapd.d/*''' et -'''rm -rf /var/lib/ldap/*''' - * Injecter le nouveau schéma : -'''slapadd -n 0 -l schema.ldiff -F /etc/ldap/slapd.d/''' et -'''slapadd -n 1 -l db.ldiff''' - * Réparer les permissions (chown -R openldap:openldap /etc/ldap/slapd.d et -chown -R openldap:openldap /var/lib/ldap) puis relancer slapd - -Pour visualiser et éditer le ldap, l'utilisation de shelldap est fortement -recommandée, en utilisant en binddn et basedn tous deux égaux à 'cn=config' et -binddpw le mot de passe admin. - -Rajouter (exemple de chemin de fichier avec un certif LE): -`olcTLSCertificateKeyFile: /etc/letsencrypt/live/HOSTNAME/privkey.pem -olcTLSCACertificateFile: /etc/letsencrypt/live/HOSTNAME/chain.pem -olcTLSCertificateFile: /etc/letsencrypt/live/HOSTNAME/cert.pem ` - -Mettre à jour la partie ldap du `settings_local.py` (mettre 'TLS' à True -si besoin, user cn=config,dc=example,dc=org et mot de passe -ldap choisi précédemment). - -## Configuration initiale - -Normalement à cette étape, le ldap et la bdd sql sont configurées correctement. - -Il faut alors lancer dans le dépot re2o '''python3 manage.py migrate''' qui -va structurer initialement la base de données. -Les migrations sont normalement comitées au fur et à mesure, néanmoins cette -étape peut crasher, merci de reporter les bugs. - -## Démarer le site web - -Il faut utiliser un moteur pour servir le site web. Nginx ou apache2 sont -recommandés. -Pour apache2 : - * apt install apache2 - * apt install libapache2-mod-wsgi-py3 (pour le module wsgi) - -Un example de site apache2 se trouve dans install_utils ( re2o.conf) -re2o/wsgi.py permet de fonctionner avec apache2 en production - -## Configuration avancée - -Une fois démaré, le site web devrait être accessible. -Pour créer un premier user, faire '''python3 manage.py createsuperuser''' -qui va alors créer un user admin. -Il est conseillé de créer un user portant le nom de -l'association/organisation, qui possedera l'ensemble des machines, à indiquer -dans le menu reglages sur l'interface. - -## Installations Optionnelles -### Générer le schéma des dépendances +# Installations Optionnelles +## Générer le schéma des dépendances Pour cela : * apt install python3-django-extensions From a884f36fcb07d0907177b92ba7c92644cb14c16b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Mon, 21 May 2018 14:48:58 +0000 Subject: [PATCH 27/27] Utilise des fichiers de requirements --- apt_requirements.txt | 16 +++++++++++++ install_re2o.sh | 30 ++++++++---------------- requirements.txt => pip_requirements.txt | 3 +-- 3 files changed, 27 insertions(+), 22 deletions(-) create mode 100644 apt_requirements.txt rename requirements.txt => pip_requirements.txt (59%) diff --git a/apt_requirements.txt b/apt_requirements.txt new file mode 100644 index 00000000..18f81b78 --- /dev/null +++ b/apt_requirements.txt @@ -0,0 +1,16 @@ +python3-django +python3-dateutil +texlive-latex-base +texlive-fonts-recommended +python3-djangorestframework +python3-django-reversion +python3-pip +libsasl2-dev libldap2-dev +libssl-dev +python3-crypto +python3-git +javascript-common +libjs-jquery +libjs-jquery-ui +libjs-jquery-timepicker +libjs-bootstrap diff --git a/install_re2o.sh b/install_re2o.sh index 55866db8..6168ec08 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -3,6 +3,12 @@ SETTINGS_LOCAL_FILE='re2o/settings_local.py' SETTINGS_EXAMPLE_FILE='re2o/settings_local.example.py' +APT_REQ_FILE="apt_requirements.txt" +PIP_REQ_FILE="pip_requirements.txt" + +LDIF_DB_FILE="install_utils/db.ldiff" +LDIF_SCHEMA_FILE="install_utils/schema.ldiff" + VALUE= # global value used to return values by some functions @@ -61,24 +67,8 @@ install_requirements() { ### echo "Setting up the required packages ..." - apt-get -y install \ - python3-django \ - python3-dateutil \ - texlive-latex-base \ - texlive-fonts-recommended \ - python3-djangorestframework \ - python3-django-reversion \ - python3-pip \ - libsasl2-dev libldap2-dev \ - libssl-dev \ - python3-crypto \ - python3-git \ - javascript-common \ - libjs-jquery \ - libjs-jquery-ui \ - libjs-jquery-timepicker \ - libjs-bootstrap - pip3 install django-bootstrap3 django-ldapdb==0.9.0 django-macaddress + cat $APT_REQ_FILE | xargs apt-get -y install + pip3 install -r $PIP_REQ_FILE echo "Setting up the required packages: Done" } @@ -194,8 +184,8 @@ install_ldap() { echo "Hash of the password: $hashed_ldap_passwd" echo "Building the LDAP config files ..." - sed 's|dc=example,dc=net|'"$domain"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db - sed 's|dc=example,dc=net|'"$domain"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema + sed 's|dc=example,dc=net|'"$domain"'|g' $LDIF_DB_FILE | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db + sed 's|dc=example,dc=net|'"$domain"'|g' $LDIF_SCHEMA_FILE | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema echo "Building the LDAP config files: Done" echo "Stopping slapd service ..." diff --git a/requirements.txt b/pip_requirements.txt similarity index 59% rename from requirements.txt rename to pip_requirements.txt index 32957784..0960c796 100644 --- a/requirements.txt +++ b/pip_requirements.txt @@ -1,4 +1,3 @@ django-bootstrap3 +django-ldapdb==0.9.0 django-macaddress -python-dateutil -pycrypto