From d2693173fabf2fce7d8e52e7dafd4d42706fbc4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Thu, 17 May 2018 20:45:41 +0000 Subject: [PATCH] Ajoute une fonction 'update-settings' + cleanup --- install_re2o.sh | 353 ++++++++++++++++++++------------- install_utils/db.ldiff | 92 ++++----- install_utils/schema.ldiff | 40 ++-- re2o/settings_local.example.py | 17 +- 4 files changed, 287 insertions(+), 215 deletions(-) diff --git a/install_re2o.sh b/install_re2o.sh index 2eaf5702..5d873f39 100755 --- a/install_re2o.sh +++ b/install_re2o.sh @@ -4,6 +4,53 @@ SETTINGS_LOCAL_FILE='re2o/settings_local.py' SETTINGS_EXAMPLE_FILE='re2o/settings_local.example.py' +VALUE= # global value used to return values by some functions + +_ask_value() { + ### Usage _ask_value [ [ ... ] ] + # + # This function is a utility function to force a user to enter a value + # available in a set of options. + # + # Parameters: + # * text: The text to display + # * option#: A possible option for the user. If no option is specifed, + # all inputs are considered valid + # + # Echo: The value entered by the user. Should be one of the choicesN if + # not ommited + ### + + shopt -s extglob + + input_text="$1" + shift + if [ "$#" -ne 0 ]; then + choices="(" + while [ "$#" -ne 1 ]; do + choices+="$1|" + shift + done + choices+="$1)" + input_text+=" $choices: " + choices="@$choices" + else + input_text+=": " + choices="@(*)" + fi + + while true; do + read -p "$input_text" choice + case "$choice" in + $choices ) break;; + * ) echo "Invalid option";; + esac + done + + VALUE="$choice" +} + + install_requirements() { ### Usage: install_requirements @@ -57,13 +104,13 @@ install_database() { echo "Setting up the database ..." - engine_type=$1 - local_setup=$2 - db_name=$3 - username=$4 - password=$5 + engine_type="$1" + local_setup="$2" + db_name="$3" + username="$4" + password="$5" - if [ $engine_type == 1 ]; then + if [ "$engine_type" == 1 ]; then echo "Installing MySQL client ..." apt-get -y install python3-mysqldb mysql-client @@ -74,7 +121,7 @@ install_database() { GRANT ALL PRIVILEGES ON $db_name.* TO '$username'@'localhost'; FLUSH PRIVILEGES;" - if [ $local_setup == 1 ]; then + if [ "$local_setup" == 1 ]; then echo "Setting up local MySQL server ..." apt-get -y install mysql-server mysql -u root --execute="$mysql_command" @@ -102,7 +149,7 @@ install_database() { pgsql_command2="CREATE USER $username with password '$password';" pgsql_command3="ALTER DATABASE $db_name owner to $username;" - if [ $local_setup == 1 ]; then + if [ "$local_setup" == 1 ]; then echo "Setting up local PostgreSQL server ..." apt-get -y install postgresql sudo -u postgres psql --command="$pgsql_command1" @@ -131,38 +178,38 @@ install_database() { -install_active_directory() { - ### Usage: install_active_directory +install_ldap() { + ### Usage: install_ldap # - # This function will install the active directory + # This function will install the LDAP # # Parameters: - # * local_setup: Should the Active Directory be installed locally ? + # * local_setup: Should the LDAP be installed locally ? # 1 = yes # 2 = no # * password: the clear password for the admin user of the LDAP # * domain: the domain extension to use for the LDAP structure in LDAP notation ### - echo "Setting up the active direcory ..." + echo "Setting up the LDAP ..." - local_setup=$1 - password=$2 - domain=$3 + local_setup="$1" + password="$2" + domain="$3" - if [ $local_setup == 1 ]; then + if [ "$local_setup" == 1 ]; then echo "Installing slapd package ..." apt-get -y install slapd echo "Installing slapd package: Done" echo "Hashing the LDAP password ..." - hashed_ldap_passwd=$(slappasswd -s $1) + hashed_ldap_passwd="$(slappasswd -s $1)" echo "Hash of the password: $hashed_ldap_passwd" echo "Building the LDAP config files ..." - sed 's|dc=example,dc=org|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db - sed 's|dc=example,dc=org|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema + sed 's|dc=example,dc=net|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db + sed 's|dc=example,dc=net|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema echo "Building the LDAP config files: Done" echo "Stopping slapd service ..." @@ -203,7 +250,7 @@ install_active_directory() { fi - echo "Setting up the active directory: Done" + echo "Setting up the LDAP: Done" } @@ -223,13 +270,13 @@ write_settings_file() { # * sql_db_name: The name of the database itself # * sql_username: The user to use to access the database # * sql_password: The password to use to access the database - # * ldap_cn: The CN entry for the Active Directory admin in LDAP notation - # * ldap_tls: Should the TLS be activated to contact the Active Directory + # * ldap_cn: The CN entry for the LDAP admin in LDAP notation + # * ldap_tls: Should the TLS be activated to contact the LDAP # 1 = yes # 2 = no - # * ldap_password: The password to use to connect to the Active Directoryy - # * ldap_hostname: The hostname for contacting the Active Directory - # * ldap_domain: The local domain for the Active Directory in LDAP notation + # * ldap_password: The password to use to connect to the LDAP + # * ldap_hostname: The hostname for contacting the LDAP + # * ldap_domain: The local domain for the LDAP in LDAP notation # * email_hostname: The hostname for contacting the mail server # * email_port: The port for contacting the mail server # * extension: The extension to use @@ -238,48 +285,48 @@ write_settings_file() { echo "Writing of the settings_local.py file ..." - db_engine_type=$1 - sql_hostname=$2 - sql_db_name=$3 - sql_username=$4 - sql_password=$5 - ldap_cn=$6 - ldap_tls=$7 - ldap_password=$8 - ldap_hostname=$9 - ldap_domain=${10} - email_hostname=${11} - email_port=${12} - extension=${13} - url=${14} + db_engine_type="$1" + sql_hostname="$2" + sql_db_name="$3" + sql_username="$4" + sql_password="$5" + ldap_cn="$6" + ldap_tls="$7" + ldap_password="$8" + ldap_hostname="$9" + ldap_domain="${10}" + email_hostname="${11}" + email_port="${12}" + extension="${13}" + url="${14}" - cp $SETTINGS_EXAMPLE_FILE $SETTINGS_LOCAL_FILE + cp "$SETTINGS_EXAMPLE_FILE" "$SETTINGS_LOCAL_FILE" - django_secret_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))") - aes_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))") + django_secret_key="$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))")" + aes_key="$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))")" - if [ $db_engine_type == 1 ]; then - sed -i 's/db_engine/django.db.backends.mysql/g' $SETTINGS_LOCAL_FILE + if [ "$db_engine_type" == 1 ]; then + sed -i 's/db_engine/django.db.backends.mysql/g' "$SETTINGS_LOCAL_FILE" else - sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' $SETTINGS_LOCAL_FILE + sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' "$SETTINGS_LOCAL_FILE" fi - sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/A_SECRET_AES_KEY/'"$aes_key"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/db_name_value/'"$sql_db_name"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/db_user_value/'"$sql_username"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/db_host_value/'"$sql_hostname"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/ldap_dn/'"$ldap_cn"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/A_SECRET_AES_KEY/'"$aes_key"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/db_name_value/'"$sql_db_name"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/db_user_value/'"$sql_username"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/db_host_value/'"$sql_hostname"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/ldap_dn/'"$ldap_cn"'/g' "$SETTINGS_LOCAL_FILE" if [ $ldap_tls == 2 ]; then - sed -i "s/'TLS': True,/# 'TLS': True,#/g" $SETTINGS_LOCAL_FILE + sed -i "s/'TLS': True,/# 'TLS': True,/g" "$SETTINGS_LOCAL_FILE" fi - sed -i 's/SUPER_SECRET_LDAP/'"$ldap_password"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/ldap_host_ip/'"$ldap_hostname"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/dc=example,dc=org/'"$ldap_domain"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/example.org/'"$extension"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/MY_EMAIL_HOST/'"$email_hostname"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/MY_EMAIL_PORT/'"$email_port"'/g' $SETTINGS_LOCAL_FILE - sed -i 's/URL_SERVER/'"$url"'/g' $SETTINGS_LOCAL_FILE + sed -i 's/SUPER_SECRET_LDAP/'"$ldap_password"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/ldap_host_ip/'"$ldap_hostname"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/dc=example,dc=net/'"$ldap_domain"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/example.net/'"$extension"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/MY_EMAIL_HOST/'"$email_hostname"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/MY_EMAIL_PORT/'"$email_port"'/g' "$SETTINGS_LOCAL_FILE" + sed -i 's/URL_SERVER/'"$url"'/g' "$SETTINGS_LOCAL_FILE" echo "Writing of the settings_local.py file: Done" } @@ -335,11 +382,11 @@ install_webserver() { echo "Setting up web server ..." - engine_type=$1 - tls=$2 - url=$3 + engine_type="$1" + tls="$2" + url="$3" - if [ $engine_type == 1 ]; then + if [ "$engine_type" == 1 ]; then echo "Setting up Apache2 web server ..." @@ -348,12 +395,12 @@ install_webserver() { a2enmod wsgi a2enconf javascript-common - if [ $tls == 1 ]; then + if [ "$tls" == 1 ]; then echo "Setting up TLS with LE for Apache2 web server ..." cp install_utils/apache2/re2o-tls.conf /etc/apache2/sites-available/re2o.conf apt-get -y install certbot apt-get -y install python-certbot-apache - certbot certonly --rsa-key-size 4096 --apache -d $url + certbot certonly --rsa-key-size 4096 --apache -d "$url" sed -i 's/LE_PATH/'"$url"'/g' /etc/apache2/sites-available/re2o.conf echo "Setting up TLS with LE for Apache2 web server: Done" else @@ -362,7 +409,7 @@ install_webserver() { rm /etc/apache2/sites-enabled/000-default.conf sed -i 's|URL_SERVER|'"$url"'|g' /etc/apache2/sites-available/re2o.conf - sed -i 's|PATH|'"$(pwd)"'|g' /etc/apache2/sites-available/re2o.conf + sed -i 's|PATH|'"$(pwd)"'|g' /etc/apache2/sites-available/re2o.conf a2ensite re2o echo "Setting up Apache2 web server: Done" @@ -424,9 +471,9 @@ interactive_guide() { # Welcome prompt TITLE="Welcome" MSGBOX="This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation." - init=$(dialog --clear --backtitle "$BACKTITLE" \ + init="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --msgbox "$MSGBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" @@ -441,9 +488,9 @@ interactive_guide() { MENU="Which engine should be used as the database ?" OPTIONS=(1 "mysql" 2 "postgresql") - sql_bdd_type=$(dialog --clear --backtitle "$BACKTITLE" \ + sql_bdd_type="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" # Prompt for choosing the database location TITLE="SQL location" @@ -452,31 +499,31 @@ interactive_guide() { * 'Remote' will ask you to manually perform some setup commands on the remote server" OPTIONS=(1 "Local" 2 "Remote") - sql_is_local=$(dialog --clear --backtitle "$BACKTITLE" \ + sql_is_local="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" if [ $sql_is_local == 2 ]; then # Prompt to enter the remote database hostname TITLE="SQL hostname" INPUTBOX="The hostname of the remote SQL database" - sql_host=$(dialog --clear --backtitle "$BACKTITLE" \ + sql_host="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" # Prompt to enter the remote database name TITLE="SQL database name" INPUTBOX="The name of the remote SQL database" - sql_name=$(dialog --clear --backtitle "$BACKTITLE" \ + sql_name="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" # Prompt to enter the remote database username TITLE="SQL username" INPUTBOX="The username to access the remote SQL database" - sql_login=$(dialog --clear --backtitle "$BACKTITLE" \ + sql_login="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" clear else # Use of default values for local setup @@ -488,17 +535,17 @@ interactive_guide() { # Prompt to enter the database password TITLE="SQL password" INPUTBOX="The password to access the SQL database" - sql_password=$(dialog --clear --backtitle "$BACKTITLE" \ + sql_password="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" - ############################## - ## Active directory options ## - ############################## + ################## + ## LDAP options ## + ################## - BACKTITLE="Re2o setup - configuration of the active directory" + BACKTITLE="Re2o setup - configuration of the LDAP" # Prompt to choose the LDAP location TITLE="LDAP location" @@ -507,16 +554,16 @@ interactive_guide() { * 'Remote' will ask you to manually perform some setup commands on the remote server" OPTIONS=(1 "Local" 2 "Remote") - ldap_is_local=$(dialog --clear --backtitle "$BACKTITLE" \ + ldap_is_local="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" # Prompt to enter the LDAP domain extension TITLE="Domain extension" INPUTBOX="The local domain extension to use (e.g. 'example.net'). This is used in the LDAP configuration." - extension_locale=$(dialog --clear --backtitle "$BACKTITLE" \ + extension_locale="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" # Building the DN of the LDAP from the extension IFS='.' read -a extension_locale_array <<< $extension_locale @@ -524,34 +571,34 @@ interactive_guide() { do ldap_dn+="dc=$i," done - ldap_dn=${ldap_dn::-1} + ldap_dn="${ldap_dn::-1}" - if [ $ldap_is_local == 2 ]; then + if [ "$ldap_is_local" == 2 ]; then # Prompt to enter the remote LDAP hostname TITLE="LDAP hostname" INPUTBOX="The hostname of the remote LDAP" - ldap_host=$(dialog --clear --backtitle "$BACKTITLE" \ + ldap_host="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" # Prompt to choose if TLS should be activated or not for the LDAP TITLE="TLS on LDAP" MENU="Would you like to activate TLS for communicating with the remote LDAP ?" OPTIONS=(1 "Yes" 2 "No") - ldap_tls=$(dialog --clear --backtitle "$BACKTITLE" \ + ldap_tls="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --MENU "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" # Prompt to enter the admin's CN of the remote LDAP TITLE="CN of amdin user" INPUTBOX="The CN entry for the admin user of the remote LDAP" - ldap_cn=$(dialog --clear --backtitle "$BACKTITLE" \ + ldap_cn="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" else ldap_cn="cn=admin," - ldap_cn+=$ldap_dn + ldap_cn+="$ldap_dn" ldap_host="localhost" ldap_tls=2 fi @@ -559,9 +606,9 @@ interactive_guide() { # Prompt to enter the LDAP password TITLE="LDAP password" INPUTBOX="The password to access the LDAP" - ldap_password=$(dialog --clear --backtitle "$BACKTITLE" \ + ldap_password="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" @@ -574,9 +621,9 @@ interactive_guide() { # Prompt to enter the hostname of the mail server TITLE="Mail server hostname" INPUTBOX="The hostname of the mail server to use" - email_host=$(dialog --clear --backtitle "$BACKTITLE" \ + email_host="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$TITLE" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" # Prompt to choose the port of the mail server TITLE="Mail server port" @@ -584,9 +631,9 @@ interactive_guide() { OPTIONS=(25 "SMTP" 465 "SMTPS" 587 "Submission") - email_port=$(dialog --clear --backtitle "$BACKTITLE" \ + email_port="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" @@ -601,25 +648,25 @@ interactive_guide() { MENU="Which web server to install for accessing Re2o web frontend (automatic setup of nginx is not supported) ?" OPTIONS=(1 "apache2" 2 "nginx") - web_serveur=$(dialog --clear --backtitle "$BACKTITLE" \ + web_serveur="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" # Prompt to enter the requested URL for the web frontend TITLE="Web URL" INPUTBOX="URL for accessing the web server (e.g. re2o.example.net). Be sure that this URL is accessible and correspond to a DNS entry (if applicable)." - url_server=$(dialog --clear --backtitle "$BACKTITLE" \ + url_server="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --inputbox "$INPUTBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" # Prompt to choose if the TLS should be setup or not for the web server TITLE="TLS on web server" MENU="Would you like to activate the TLS (with Let'Encrypt) on the web server ?" OPTIONS=(1 "Yes" 2 "No") - is_tls=$(dialog --clear --backtitle "$BACKTITLE" \ + is_tls="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --menu "$MENU" \ - $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty) + $HEIGHT $WIDTH $CHOICE_HEIGHT "${OPTIONS[@]}" 2>&1 >/dev/tty)" @@ -640,9 +687,9 @@ interactive_guide() { * Collect the statics for the web interface * Install and setup the requested web server * Install and setup a TLS certificate for the web server if requested" - end_config=$(dialog --clear --backtitle "$BACKTITLE" \ + end_config="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --msgbox "$MSGBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" clear @@ -654,20 +701,20 @@ interactive_guide() { install_requirements - install_database $sql_bdd_type $sql_is_local $sql_name $sql_login $sql_password + install_database "$sql_bdd_type" "$sql_is_local" "$sql_name" "$sql_login" "$sql_password" - install_active_directory $ldap_is_local $ldap_password $ldap_dn + install_ldap "$ldap_is_local" "$ldap_password" "$ldap_dn" - write_settings_file $sql_bdd_type $sql_host $sql_name $sql_login $sql_password \ - $ldap_cn $ldap_tls $ldap_password $ldap_host $ldap_dn \ - $email_host $email_port $extension_locale $url_server + write_settings_file "$sql_bdd_type" "$sql_host" "$sql_name" "$sql_login" "$sql_password" \ + "$ldap_cn" "$ldap_tls" "$ldap_password" "$ldap_host" "$ldap_dn" \ + "$email_host" "$email_port" "$extension_locale" "$url_server" update_django create_superuser - install_webserver $web_serveur $is_tls $url_server + install_webserver "$web_serveur" "$is_tls" "$url_server" @@ -680,9 +727,9 @@ interactive_guide() { # Prompt to inform the installation process is over TITLE="End of the setup" MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything." - end=$(dialog --clear --backtitle "$BACKTITLE" \ + end="$(dialog --clear --backtitle "$BACKTITLE" \ --title "$TITLE" --msgbox "$MSGBOX" \ - $HEIGHT $WIDTH 2>&1 >/dev/tty) + $HEIGHT $WIDTH 2>&1 >/dev/tty)" } @@ -694,6 +741,23 @@ interactive_update_settings() { # This function will take the parameters in the example settings file, retrieve the # existing parameters from the local settings file and ask the user for the missing parameters ### + _ask_value "Database engine" "mysql" "postgresql"; if [ "$VALUE" == "mysql" ]; then db_engine_type=1; else db_engine_type=2; fi + _ask_value "Database hostname"; sql_hostname="$VALUE" + _ask_value "Database name"; sql_db_name="$VALUE" + _ask_value "Database username"; sql_username="$VALUE" + _ask_value "Database password"; sql_password="$VALUE" + _ask_value "LDAP hostname"; ldap_hostname="$VALUE" + _ask_value "Activate TLS on LDAP" "yes" "no"; if [ "$VALUE" == "mysql" ]; then ldap_tls=1; else ldap_tls=2; fi + _ask_value "LDAP domain (e.g. 'dc=example,dc=net')"; ldap_domain="$VALUE" + _ask_value "LDAP admin CN entry (e.g. 'cn=admin,dc=example,dc=net')"; ldap_cn="$VALUE" + _ask_value "LDAP password"; ldap_password="$VALUE" + _ask_value "Mail server hostname"; email_hostname="$VALUE" + _ask_value "Mail server port" "25" "465" "587"; email_port="$VALUE" + _ask_value "Extension de domain (e.g. 'example.net')"; extension="$VALUE" + _ask_value "Main URL"; url="$VALUE" + write_settings_file "$db_engine_type" "$sql_hostname" "$sql_db_name" "$sql_username" "$sql_password" \ + "$ldap_cn" "$ldap_tls" "$ldap_password" "$ldap_hostname" "$ldap_domain" \ + "$email_hostname" "$email_port" "$extension" "$url" } @@ -718,7 +782,7 @@ main_function() { ### if [ ! -z "$1" ]; then - subcmd=$1 + subcmd="$1" case "$subcmd" in @@ -726,53 +790,62 @@ main_function() { install_requirements update_django interactive_update_settings - exit;; + ;; update-django ) update_django - exit;; + ;; update-packages ) install_requirements - exit;; + ;; update-settings ) interactive_update_settings - exit;; + ;; reset-db ) if [ ! -z "$2" ]; then - db_password=$2 + db_password="$2" case "$3" in - mysql|mariadb ) - db_engine_type=1; break;; + mysql ) + db_engine_type=1;; postresql ) - db_engine_type=2; break;; + db_engine_type=2;; * ) - db_engine_type=1; break;; + db_engine_type=1;; esac - if [ ! -z "$4" ]; then db_name=$4; else db_name="re2o"; fi - if [ ! -z "$5" ]; then db_username=$5; else db_username="re2o"; fi - install_database $db_engine_type 1 $db_name $db_username $db_password + if [ ! -z "$4" ]; then + db_name="$4" + else + db_name="re2o" + fi + if [ ! -z "$5" ]; then + db_username="$5" + else + db_username="re2o" + fi + install_database "$db_engine_type" 1 "$db_name" "$db_username" "$db_password" else echo "Invalid arguments !" echo "Usage: ./install_re2o.sh setup-db [] [] []" fi - exit;; + ;; reset-ldap ) if [ ! -z "$2" ] && [ ! -z "$3" ]; then - ldap_password=$2 - local_domain=$3 - install_active_directory 1 $ldap_password $local_domain + ldap_password="$2" + local_domain="$3" + install_ldap 1 "$ldap_password" "$local_domain" else echo "Invalid arguments !" echo "Usage: ./install_re2o.sh setup-ldap " fi - exit;; + ;; * ) - echo "Invalid";; + echo "Invalid" + ;; esac else diff --git a/install_utils/db.ldiff b/install_utils/db.ldiff index f73c029e..ed265811 100644 --- a/install_utils/db.ldiff +++ b/install_utils/db.ldiff @@ -1,38 +1,38 @@ -dn: dc=example,dc=org +dn: dc=example,dc=net o: rezo structuralObjectClass: organization entryUUID: fc97a0fe-514b-1034-9e4d-59675b32507b -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20150225150906Z description: ldap objectClass: top objectClass: dcObject objectClass: organization entryCSN: 20151003212702.245118Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20151003212702Z contextCSN: 20161004233332.689769Z#000000#000#000000 -dn: cn=admin,dc=example,dc=org +dn: cn=admin,dc=example,dc=net objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin structuralObjectClass: organizationalRole entryUUID: fc97fa72-514b-1034-9e4e-59675b32507b -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20150225150906Z description:: TERBUCBhZG1pbmlzdHJhdG9yDQo= userPassword: FILL_IT entryCSN: 20160604005945.576566Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160604005945Z -dn: cn=Utilisateurs,dc=example,dc=org +dn: cn=Utilisateurs,dc=example,dc=net gidNumber: 500 cn: Utilisateurs structuralObjectClass: posixGroup entryUUID: 5d53854e-5204-1034-8c61-8da535cabdfc -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20150226130856Z sambaSID: 500 uid: Users @@ -41,143 +41,143 @@ objectClass: top objectClass: sambaSamAccount objectClass: radiusprofile entryCSN: 20150226130950.194154Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20150226130950Z -dn: ou=groups,dc=example,dc=org +dn: ou=groups,dc=example,dc=net objectClass: organizationalUnit description: Groupes d'utilisateurs ou: groups structuralObjectClass: organizationalUnit entryUUID: 986aa1b6-bb86-1035-9a4c-2ff0c800ec24 -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160531142039Z entryCSN: 20160531142039.780151Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160531142039Z -dn: ou=services,ou=groups,dc=example,dc=org +dn: ou=services,ou=groups,dc=example,dc=net objectClass: organizationalUnit description: Groupes de comptes techniques ou: services structuralObjectClass: organizationalUnit entryUUID: cbb56904-bc6a-1035-9fbb-3dc3850d88ba -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160601173411Z entryCSN: 20160601173411.088359Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160601173411Z -dn: ou=service-users,dc=example,dc=org +dn: ou=service-users,dc=example,dc=net objectClass: organizationalUnit description: Utilisateurs techniques de l'annuaire ou: service-users structuralObjectClass: organizationalUnit entryUUID: 0e397270-bc6b-1035-9fbd-3dc3850d88ba -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160601173602Z entryCSN: 20160601173602.683304Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160601173602Z -dn: cn=freeradius,ou=service-users,dc=example,dc=org +dn: cn=freeradius,ou=service-users,dc=example,dc=net objectClass: applicationProcess objectClass: simpleSecurityObject cn: freeradius userPassword: FILL_IT structuralObjectClass: applicationProcess entryUUID: 8596e4ec-bc6b-1035-9fbf-3dc3850d88ba -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160601173922Z entryCSN: 20160601173922.944598Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160601173922Z -dn: cn=nssauth,ou=service-users,dc=example,dc=org +dn: cn=nssauth,ou=service-users,dc=example,dc=net objectClass: applicationProcess objectClass: simpleSecurityObject cn: nssauth structuralObjectClass: applicationProcess entryUUID: cfbdadc6-bc6b-1035-9fc4-3dc3850d88ba -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160601174127Z userPassword: FILL_IT entryCSN: 20160603093724.770069Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160603093724Z -dn: cn=auth,ou=services,ou=groups,dc=example,dc=org +dn: cn=auth,ou=services,ou=groups,dc=example,dc=net objectClass: groupOfNames cn: auth -member: cn=nssauth,ou=service-users,dc=example,dc=org +member: cn=nssauth,ou=service-users,dc=example,dc=net structuralObjectClass: groupOfNames entryUUID: 98524836-bc6d-1035-9fc7-3dc3850d88ba -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160601175413Z entryCSN: 20160620005705.309928Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160620005705Z -dn: ou=posix,ou=groups,dc=example,dc=org +dn: ou=posix,ou=groups,dc=example,dc=net objectClass: organizationalUnit description: Groupes de comptes POSIX ou: posix structuralObjectClass: organizationalUnit entryUUID: fbd89c4a-bdb5-1035-9045-d5a09894d93e -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160603090455Z entryCSN: 20160603090455.267192Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160603090455Z -dn: cn=wifi,ou=service-users,dc=example,dc=org +dn: cn=wifi,ou=service-users,dc=example,dc=net objectClass: applicationProcess objectClass: simpleSecurityObject cn: wifi structuralObjectClass: applicationProcess entryUUID: 8cc2d1a6-bdc2-1035-9051-d5a09894d93e -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160603103452Z userPassword: FILL_IT entryCSN: 20160603103638.682210Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160603103638Z -dn: cn=usermgmt,ou=services,ou=groups,dc=example,dc=org +dn: cn=usermgmt,ou=services,ou=groups,dc=example,dc=net objectClass: groupOfNames cn: usermgmt structuralObjectClass: groupOfNames entryUUID: ec01e206-bdc2-1035-9054-d5a09894d93e -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160603103732Z -member: cn=wifi,ou=service-users,dc=example,dc=org +member: cn=wifi,ou=service-users,dc=example,dc=net entryCSN: 20160603103746.897151Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160603103746Z -dn: cn=replica,ou=service-users,dc=example,dc=org +dn: cn=replica,ou=service-users,dc=example,dc=net objectClass: applicationProcess objectClass: simpleSecurityObject cn: replica structuralObjectClass: applicationProcess entryUUID: caef5c54-c0e4-1035-948f-dfe369fe3d4f -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160607101733Z userPassword: FILL_IT entryCSN: 20160607101829.424643Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160607101829Z -dn: cn=readonly,ou=services,ou=groups,dc=example,dc=org +dn: cn=readonly,ou=services,ou=groups,dc=example,dc=net objectClass: groupOfNames cn: readonly structuralObjectClass: groupOfNames entryUUID: f6bd2366-c0e4-1035-9492-dfe369fe3d4f -creatorsName: cn=admin,dc=example,dc=org +creatorsName: cn=admin,dc=example,dc=net createTimestamp: 20160607101846Z -member: cn=replica,ou=service-users,dc=example,dc=org -member: cn=freeradius,ou=service-users,dc=example,dc=org +member: cn=replica,ou=service-users,dc=example,dc=net +member: cn=freeradius,ou=service-users,dc=example,dc=net entryCSN: 20160619214628.287369Z#000000#000#000000 -modifiersName: cn=admin,dc=example,dc=org +modifiersName: cn=admin,dc=example,dc=net modifyTimestamp: 20160619214628Z diff --git a/install_utils/schema.ldiff b/install_utils/schema.ldiff index e8b934aa..e2b0e35f 100644 --- a/install_utils/schema.ldiff +++ b/install_utils/schema.ldiff @@ -1108,35 +1108,35 @@ objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb olcDbDirectory: /var/lib/ldap -olcSuffix: dc=example,dc=org +olcSuffix: dc=example,dc=net olcAccess: {0}to attrs=userPassword,sambaNTPassword,mail by self write by an - onymous auth by dn="cn=admin,dc=example,dc=org" write by group="cn - =readonly,ou=services,ou=groups,dc=example,dc=org" read by group=" - cn=usermgmt,ou=services,ou=groups,dc=example,dc=org" write by * no + onymous auth by dn="cn=admin,dc=example,dc=net" write by group="cn + =readonly,ou=services,ou=groups,dc=example,dc=net" read by group=" + cn=usermgmt,ou=services,ou=groups,dc=example,dc=net" write by * no ne olcAccess: {1}to attrs=shadowLastChange,gecos,loginShell by self write by an - onymous auth by dn="cn=admin,dc=example,dc=org" write by group="cn - =readonly,ou=services,ou=groups,dc=example,dc=org" read by group=" - cn=auth,ou=services,ou=groups,dc=example,dc=org" read by group="cn - =usermgmt,ou=services,ou=groups,dc=example,dc=org" write by * none + onymous auth by dn="cn=admin,dc=example,dc=net" write by group="cn + =readonly,ou=services,ou=groups,dc=example,dc=net" read by group=" + cn=auth,ou=services,ou=groups,dc=example,dc=net" read by group="cn + =usermgmt,ou=services,ou=groups,dc=example,dc=net" write by * none olcAccess: {2}to dn.base="" by * read -olcAccess: {3}to dn.sub="ou=groups,dc=example,dc=org" by group="cn= - auth,ou=services,ou=groups,dc=example,dc=org" read by group="cn=re - adonly,ou=services,ou=groups,dc=example,dc=org" read -olcAccess: {4}to dn.sub="cn=Utilisateurs,dc=example,dc=org" by grou - p="cn=auth,ou=services,ou=groups,dc=example,dc=org" read by self r - ead by group="cn=readonly,ou=services,ou=groups,dc=example,dc=org" +olcAccess: {3}to dn.sub="ou=groups,dc=example,dc=net" by group="cn= + auth,ou=services,ou=groups,dc=example,dc=net" read by group="cn=re + adonly,ou=services,ou=groups,dc=example,dc=net" read +olcAccess: {4}to dn.sub="cn=Utilisateurs,dc=example,dc=net" by grou + p="cn=auth,ou=services,ou=groups,dc=example,dc=net" read by self r + ead by group="cn=readonly,ou=services,ou=groups,dc=example,dc=net" read by group="cn=usermgmt,ou=services,ou=groups,dc=example,dc=or g" write -olcAccess: {5}to dn.sub="ou=service-users,dc=example,dc=org" by gro - up="cn=auth,ou=services,ou=groups,dc=example,dc=org" read by group - ="cn=readonly,ou=services,ou=groups,dc=example,dc=org" read -olcAccess: {6}to dn.base="dc=example,dc=org" by * read -olcAccess: {7}to * by dn="cn=admin,dc=example,dc=org" write by self +olcAccess: {5}to dn.sub="ou=service-users,dc=example,dc=net" by gro + up="cn=auth,ou=services,ou=groups,dc=example,dc=net" read by group + ="cn=readonly,ou=services,ou=groups,dc=example,dc=net" read +olcAccess: {6}to dn.base="dc=example,dc=net" by * read +olcAccess: {7}to * by dn="cn=admin,dc=example,dc=net" write by self read by group="cn=readonly,ou=services,ou=groups,dc=example,dc=or g" read olcLastMod: TRUE -olcRootDN: cn=admin,dc=example,dc=org +olcRootDN: cn=admin,dc=example,dc=net olcRootPW: FILL_IT olcDbCheckpoint: 512 30 olcDbConfig: {0}set_cachesize 0 2097152 0 diff --git a/re2o/settings_local.example.py b/re2o/settings_local.example.py index ef017c5d..e15455df 100644 --- a/re2o/settings_local.example.py +++ b/re2o/settings_local.example.py @@ -19,9 +19,8 @@ # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -"""re2o.settings_locale.example -The example settings_locale.py file with all the available -options for a locale configuration of re2o +"""re2o.settings_locale +The file with all the available options for a locale configuration of re2o """ from __future__ import unicode_literals @@ -41,7 +40,7 @@ AES_KEY = 'A_SECRET_AES_KEY' DEBUG = False # A list of admins of the services. Receive mails when an error occurs -ADMINS = [('Example', 'rezo-admin@example.org')] +ADMINS = [('Example', 'admin@example.net')] # The list of hostname the server will respond to. ALLOWED_HOSTS = ['URL_SERVER'] @@ -81,16 +80,16 @@ SESSION_COOKIE_AGE = 60 * 60 * 3 LOGO_PATH = "static_files/logo.png" # The mail configuration for Re2o to send mails -SERVER_EMAIL = 'no-reply@example.org' # The mail address to use +SERVER_EMAIL = 'no-reply@example.net' # The mail address to use EMAIL_HOST = 'MY_EMAIL_HOST' # The host to use EMAIL_PORT = MY_EMAIL_PORT # The port to use # Settings of the LDAP structure LDAP = { - 'base_user_dn': 'cn=Utilisateurs,dc=example,dc=org', - 'base_userservice_dn': 'ou=service-users,dc=example,dc=org', - 'base_usergroup_dn': 'ou=posix,ou=groups,dc=example,dc=org', - 'base_userservicegroup_dn': 'ou=services,ou=groups,dc=example,dc=org', + 'base_user_dn': 'cn=Utilisateurs,dc=example,dc=net', + 'base_userservice_dn': 'ou=service-users,dc=example,dc=net', + 'base_usergroup_dn': 'ou=posix,ou=groups,dc=example,dc=net', + 'base_userservicegroup_dn': 'ou=services,ou=groups,dc=example,dc=net', 'user_gid': 500, }