8
0
Fork 0
mirror of https://gitlab2.federez.net/re2o/re2o synced 2024-11-05 09:26:27 +00:00
re2o/install_re2o.sh
2018-05-15 20:09:08 +00:00

487 lines
13 KiB
Bash
Executable file
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
setup_ldap() {
apt-get -y install slapd
echo "Hashing the LDAP password..."
hashed_ldap_passwd=$(slappasswd -s $1)
echo $hashed_ldap_passwd
echo "Building the LDAP config files"
sed 's|dc=example,dc=org|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db
sed 's|dc=example,dc=org|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema
echo "Deleting exisitng LDAP configuration"
service slapd stop
rm -rf /etc/ldap/slapd.d/*
rm -rf /var/lib/ldap/*
echo "Setting up the new LDAP configuration"
slapadd -n 0 -l /tmp/schema -F /etc/ldap/slapd.d/
slapadd -n 1 -l /tmp/db
echo "Fixing the LDAP files permissions and restarting slapd"
chown -R openldap:openldap /etc/ldap/slapd.d
chown -R openldap:openldap /var/lib/ldap
service slapd start
}
install_re2o_server() {
echo "Re2o setup !
This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation.
Installing sudo and dialog packages..."
export DEBIAN_FRONTEND=noninteractive
apt-get -y install sudo dialog
HEIGHT=15
WIDTH=40
CHOICE_HEIGHT=4
TITLE="Re2o setup !"
MSGBOX="This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation."
init=$(dialog --clear \
--title "$TITLE" \
--msgbox "$MSGBOX" \
$HEIGHT $WIDTH \
2>&1 >/dev/tty)
BACKTITLE="Re2o preconfiguration of the database"
MENU="Choose an option"
TITLE="Database engine"
OPTIONS=(1 "mysql"
2 "postgresql")
sql_bdd_type=$(dialog --clear \
--backtitle "$BACKTITLE" \
--title "$TITLE" \
--menu "$MENU" \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
"${OPTIONS[@]}" \
2>&1 >/dev/tty)
clear
TITLE="Local extension to use (ex : example.net)"
extension_locale=$(dialog --title "$TITLE" \
--backtitle "$BACKTITLE" \
--inputbox "$TITLE" \
$HEIGHT $WIDTH \
2>&1 >/dev/tty)
clear
IFS='.' read -a extension_locale_array <<< $extension_locale
for i in "${extension_locale_array[@]}"
do
ldap_dn+="dc=$i,"
done
ldap_dn=${ldap_dn::-1}
echo $ldap_dn
TITLE="SQL database location"
OPTIONS=(1 "Local"
2 "Remote")
sql_is_local=$(dialog --clear \
--backtitle "$BACKTITLE" \
--title "$TITLE" \
--menu "$MENU" \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
"${OPTIONS[@]}" \
2>&1 >/dev/tty)
clear
TITLE="SQL database password"
sql_password=$(dialog --title "$TITLE" \
--backtitle "$BACKTITLE" \
--inputbox "$TITLE" $HEIGHT $WIDTH \
2>&1 >/dev/tty)
clear
if [ $sql_is_local == 2 ]
then
TITLE="Username to access the remote SQL database"
sql_login=$(dialog --title "$TITLE" \
--backtitle "$BACKTITLE" \
--inputbox "$TITLE" $HEIGHT $WIDTH \
2>&1 >/dev/tty)
clear
TITLE="Name of the SQL database"
sql_name=$(dialog --title "$TITLE" \
--backtitle "$BACKTITLE" \
--inputbox "$TITLE" $HEIGHT $WIDTH \
2>&1 >/dev/tty)
clear
TITLE="Host of the remote SQL database"
sql_host=$(dialog --title "$TITLE" \
--backtitle "$BACKTITLE" \
--inputbox "$TITLE" $HEIGHT $WIDTH \
2>&1 >/dev/tty)
clear
else
sql_name="re2o"
sql_login="re2o"
sql_host="localhost"
fi
BACKTITLE="Re2o preconfiguration of the active directory"
TITLE="LDAP location"
OPTIONS=(1 "Local"
2 "Remote")
ldap_is_local=$(dialog --clear \
--backtitle "$BACKTITLE" \
--title "$TITLE" \
--menu "$MENU" \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
"${OPTIONS[@]}" \
2>&1 >/dev/tty)
TITLE="LDAP password"
ldap_password=$(dialog --title "$TITLE" \
--backtitle "$BACKTITLE" \
--inputbox "$TITLE" $HEIGHT $WIDTH \
2>&1 >/dev/tty)
clear
if [ $ldap_is_local == 2 ]
then
TITLE="CN entry for the admin user of the remote LDAP"
ldap_cn=$(dialog --title "$TITLE" \
--backtitle "$BACKTITLE" \
--inputbox "$TITLE" $HEIGHT $WIDTH \
2>&1 >/dev/tty)
clear
TITLE="Host of the remote LDAP"
ldap_host=$(dialog --title "$TITLE" \
--backtitle "$BACKTITLE" \
--inputbox "$TITLE" $HEIGHT $WIDTH \
2>&1 >/dev/tty)
clear
TITLE="Is the TLS activated ?"
OPTIONS=(1 "Yes"
2 "No")
ldap_tls=$(dialog --title "$TITLE" \
--backtitle "$BACKTITLE" \
--MENU "$MENU"\
$HEIGHT $WIDTH $CHOICE_HEIGHT \
"${OPTIONS[@]}" \
2>&1 >/dev/tty)
clear
else
ldap_cn="cn=admin,"
ldap_cn+=$ldap_dn
ldap_host="localhost"
ldap_tls=2
fi
BACKTITLE="Re2o preconfiguration of the mail server"
TITLE="Host of the mail server to use"
email_host=$(dialog --title "$TITLE" \
--backtitle "$BACKTITLE" \
--inputbox "$TITLE" \
$HEIGHT $WIDTH \
2>&1 >/dev/tty)
TITLE="Port of the mail server"
OPTIONS=(25 "SMTP"
465 "SMTPS"
587 "Submission")
email_port=$(dialog --clear \
--backtitle "$BACKTITLE" \
--title "$TITLE" \
--menu "$MENU" \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
"${OPTIONS[@]}" \
2>&1 >/dev/tty)
clear
install_base=$(dialog --clear \
--title "Re2o setup!" \
--msgbox "Installation des paquets de base" \
$HEIGHT $WIDTH \
2>&1 >/dev/tty)
echo "Installation des paquets de base"
apt-get -y install python3-django python3-dateutil texlive-latex-base texlive-fonts-recommended python3-djangorestframework python3-django-reversion python3-pip libsasl2-dev libldap2-dev libssl-dev python3-crypto python3-git libjs-jquery libjs-jquery-uil libjs-jquery-timepicker libjs-bootstrap
pip3 install django-bootstrap3 django-ldapdb==0.9.0 django-macaddress
echo "SQL Database setup"
if [ $sql_bdd_type == 1 ]
then
apt-get -y install python3-mysqldb mysql-client
mysql_command="CREATE DATABASE $sql_name collate='utf8_general_ci';
CREATE USER '$sql_login'@'localhost' IDENTIFIED BY '$sql_password';
GRANT ALL PRIVILEGES ON $sql_name.* TO '$sql_login'@'localhost';
FLUSH PRIVILEGES;"
if [ $sql_is_local == 1 ]
then
apt-get -y install mysql-server
mysql -u root --execute="$mysql_command"
else
echo "Please execute the following command on the remote SQL server and then continue"
echo "$mysql_command"
while true
do
read -p "Continue (y/n)?" choice
case "$choice" in
y|Y ) break;;
n|N ) exit;;
* ) echo "Invalid";;
esac
done
fi
else
apt-get -y install postgresql-client python3-psycopg2
pgsql_command1="CREATE DATABASE $sql_name ENCODING 'UTF8' LC_COLLATE='fr_FR.UTF-8' LC_CTYPE='fr_FR.UTF-8';"
pgsql_command2="CREATE USER $sql_login with password '$sql_password';"
pgsql_command3="ALTER DATABASE $sql_name owner to $sql_login;"
if [ $sql_is_local == 1 ]
then
apt-get -y install postgresql
sudo -u postgres psql --command="$pgsql_command1"
sudo -u postgres psql --command="$pgsql_command2"
sudo -u postgres psql --command="$pgsql_command3"
else
echo "Please execute the following commands on the remote SQL server and then continue"
echo "sudo -u postgres psql $pgsql_command1"
echo "sudo -u postgres psql $pgsql_command2"
echo "sudo -u postgres psql $pgsql_command3"
while true
do
read -p "Continue (y/n)?" choice
case "$choice" in
y|Y ) break;;
n|N ) exit;;
* ) echo "Invalid";;
esac
done
fi
fi
echo "LDAP setup"
if [ $ldap_is_local == 1 ]
then
setup_ldap $ldap_password $ldap_dn
else
TITLE="LDAP server setup"
MSGBOX="Please manually setup the remote LDAP server by launching the following commands: ./install_re2o.sh ldap $ldap_password $ldap_dn"
ldap_setup=$(dialog --clear \
--title "$TITLE" \
--msgbox "$MSGBOX" \
$HEIGHT $WIDTH \
2>&1 >/dev/tty)
fi
echo "Writing of the settings_local.py file"
django_secret_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))")
aes_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))")
cp re2o/settings_local.example.py re2o/settings_local.py
if [ $sql_bdd_type == 1 ]
then
sed -i 's/db_engine/django.db.backends.mysql/g' re2o/settings_local.py
else
sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' re2o/settings_local.py
fi
sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' re2o/settings_local.py
sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' re2o/settings_local.py
sed -i 's/A_SECRET_AES_KEY/'"$aes_key"'/g' re2o/settings_local.py
sed -i 's/db_name_value/'"$sql_name"'/g' re2o/settings_local.py
sed -i 's/db_user_value/'"$sql_login"'/g' re2o/settings_local.py
sed -i 's/db_host_value/'"$sql_host"'/g' re2o/settings_local.py
sed -i 's/ldap_dn/'"$ldap_cn"'/g' re2o/settings_local.py
if [ $ldap_tls == 2 ]
then
sed -i "s/'TLS': True,/# 'TLS': True,#/g" re2o/settings_local.py
fi
sed -i 's/SUPER_SECRET_LDAP/'"$ldap_password"'/g' re2o/settings_local.py
sed -i 's/ldap_host_ip/'"$ldap_host"'/g' re2o/settings_local.py
sed -i 's/dc=example,dc=org/'"$ldap_dn"'/g' re2o/settings_local.py
sed -i 's/example.org/'"$extension_locale"'/g' re2o/settings_local.py
sed -i 's/MY_EMAIL_HOST/'"$email_host"'/g' re2o/settings_local.py
sed -i 's/MY_EMAIL_PORT/'"$email_port"'/g' re2o/settings_local.py
TITLE="Django setup"
MSGBOX="Applying the Django database migrations"
migrations=$(dialog --clear \
--title "$TITLE" \
--msgbox "$MSGBOX" \
$HEIGHT $WIDTH \
2>&1 >/dev/tty)
python3 manage.py migrate
TITLE="Django setup"
MSGBOX="Collecting statics"
static=$(dialog --clear \
--title "$TITLE" \
--msgbox "$MSGBOX" \
$HEIGHT $WIDTH \
2>&1 >/dev/tty)
python3 manage.py collectstatic
BACKTITLE="Web server"
TITLE="Web server to use"
OPTIONS=(1 "apache2"
2 "nginx")
web_serveur=$(dialog --clear \
--backtitle "$BACKTITLE" \
--title "$TITLE" \
--menu "$MENU" \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
"${OPTIONS[@]}" \
2>&1 >/dev/tty)
clear
TITLE="URL for accessing the web server (e.g. re2o.example.net). Be sure that this URL is accessible and correspond to a DNS entry if applicable."
url_server=$(dialog --title "$TITLE" \
--backtitle "$BACKTITLE" \
--inputbox "$TITLE" \
$HEIGHT $WIDTH \
2>&1 >/dev/tty)
clear
TITLE="Activate TLS with Let'Encrypt on the web server ?"
OPTIONS=(1 "Oui"
2 "Non")
is_tls=$(dialog --clear \
--backtitle "$BACKTITLE" \
--title "$TITLE" \
--menu "$MENU" \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
"${OPTIONS[@]}" \
2>&1 >/dev/tty)
clear
sed -i 's/URL_SERVER/'"$url_server"'/g' re2o/settings_local.py
if [ $web_serveur == 1 ]
then
apt-get -y install apache2 libapache2-mod-wsgi-py3
a2enmod ssl
a2enmod wsgi
if [ $is_tls == 1 ]
then
cp install_utils/apache2/re2o-tls.conf /etc/apache2/sites-available/re2o.conf
apt-get -y install certbot
apt-get -y install python-certbot-apache
certbot certonly --rsa-key-size 4096 --apache -d $url_server
sed -i 's/LE_PATH/'"$url_server"'/g' /etc/apache2/sites-available/re2o.conf
else
cp install_utils/apache2/re2o.conf /etc/apache2/sites-available/re2o.conf
fi
rm /etc/apache2/sites-enabled/000-default.conf
sed -i 's|URL_SERVER|'"$url_server"'|g' /etc/apache2/sites-available/re2o.conf
current_path=$(pwd)
sed -i 's|PATH|'"$current_path"'|g' /etc/apache2/sites-available/re2o.conf
a2ensite re2o
service apache2 reload
else
TITLE="Web server setup"
MSGBOX="Nginx non supporté, vous devrez installer manuellement"
web_server=$(dialog --clear \
--title "$TITLE" \
--msgbox "$MSGBOX" \
$HEIGHT $WIDTH \
2>&1 >/dev/tty)
fi
python3 manage.py createsuperuser
TITLE="End of the setup"
MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything."
end=$(dialog --clear \
--title "$TITLE" \
--msgbox "Vous pouvez à présent vous rendre sur $url_server, et vous connecter. Votre utilisateur dispose des privilèges superuser" \
$HEIGHT $WIDTH \
2>&1 >/dev/tty)
}
main_function() {
if [ ! -z "$1" ]
then
if [ $1 == ldap ]
then
if [ ! -z "$2" ]
then
echo Installation du ldap
setup_ldap $2 $3
else
echo Arguments invalides !
exit
fi
fi
else
install_re2o_server
fi
}
main_function $1 $2 $3