new: doc: [Hedgedoc] add README to manage users with cli tool
#38
Closed
bgallet
wants to merge 15 commits from bgallet/0k-charms:hedgedoc
into master
pull from: bgallet/0k-charms:hedgedoc
merge into: 0k:master
0k:0k/dev/master
0k:backup
0k:bgallet/mattermost
0k:bgallet/nextcloud
0k:boris/smtp-extern
0k:charm-codimd-new
0k:cups_service_alpha
0k:dev
0k:dev1
0k:dhcp
0k:element
0k:etherpad-upd
0k:framadate
0k:get-version
0k:lokavaluto/dev/master
0k:master
0k:matomo
0k:new-mailhog-charms
0k:new-monujo-options
0k:nj-collabra-office
0k:nj-keycloak-17.0
0k:nj-organice-charm
0k:nj-vaulwarden-migrate
0k:ntfy-install
0k:odoo_fix_webhook_url
0k:postgres
0k:test
0k:upd-docker
0k:update-latest-synapse
0k:wip
28 changed files with 1123 additions and 318 deletions
-
138README.org
-
188apache/README.org
-
29apache/README.rst
-
4apache/hooks/publish_dir-relation-joined
-
4apache/hooks/web_proxy-relation-joined
-
315apache/lib/common
-
316apache/test/get_domains
-
17apache/test/vhost
-
2apache/test/vhost_cert_provider
-
14apache/test/vhost_files
-
20hedgedoc/README.org
-
1letsencrypt/actions/crt
-
15mariadb/hooks/sql_database-relation-joined
-
1mariadb/metadata.yml
-
1nextcloud/actions/occ
-
1nextcloud/hooks/init
-
51nextcloud/hooks/mysql_database-relation-joined
-
1nextcloud/hooks/mysql_database-relation-joined
-
54nextcloud/hooks/postgres_database-relation-joined
-
75nextcloud/hooks/sql_database-relation-joined
-
31nextcloud/hooks/web_proxy-relation-joined
-
45nextcloud/lib/common
-
11nextcloud/metadata.yml
-
40odoo-tecnativa/README.org
-
8odoo-tecnativa/README.rst
-
39odoo-tecnativa/hooks/init
-
16postgres/hooks/sql_database-relation-joined
-
1postgres/metadata.yml
-
3rocketchat/README.org
@ -0,0 +1,188 @@ |
|||||
|
|
||||
|
|
||||
|
* Usage |
||||
|
|
||||
|
Other services will often require a service managed with this charm to |
||||
|
act as a HTTP/HTTPS front-end. It can provide certificates with HTTPS. |
||||
|
|
||||
|
|
||||
|
** Domain assignment |
||||
|
|
||||
|
Services using relation =web-proxy= or =publish-dir= will be required |
||||
|
to be assigned a domain name for the virtual host that will be |
||||
|
created. |
||||
|
|
||||
|
*** Domain sources |
||||
|
|
||||
|
This domain name can be set (in order of priority), the first source |
||||
|
giving a name will be taken. |
||||
|
|
||||
|
- *Relation's options* (=web-proxy= or =publish-dir=) |
||||
|
Using =domain= option, and optionally the deprecated |
||||
|
=server-aliases= for additional names. |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
myservice: |
||||
|
# ... |
||||
|
relations: |
||||
|
web-proxy: |
||||
|
apache: |
||||
|
domain: mydomain.org |
||||
|
#server-aliases: |
||||
|
# - www.mydomain.org |
||||
|
# - pro.mydomain.org |
||||
|
#+end_src |
||||
|
- *Apache service's options*, using a =service-domain-name= mapping: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
myservice: |
||||
|
# ... |
||||
|
apache: |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
# ... |
||||
|
myservice: |
||||
|
- mydomain.org |
||||
|
- www.mydomain.org |
||||
|
- pro.mydomain.org |
||||
|
# ... |
||||
|
#+end_src |
||||
|
|
||||
|
- *the service name* itself if is a domain name: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
www.mydomain.org: |
||||
|
# ... |
||||
|
#+end_src |
||||
|
|
||||
|
Please note that this is not recommended, and will be deprecated. |
||||
|
|
||||
|
*** Domain and alternate domains |
||||
|
|
||||
|
Every source (except the one coming out from the domain name), can use |
||||
|
several ways to provide *more than one domain name*. |
||||
|
|
||||
|
Please remember: |
||||
|
- At least one domain name needs to be provided |
||||
|
- and the first domain can't use wildcards and will be considered the main domain name. |
||||
|
|
||||
|
If other domains are specified, they will be used as aliases, and |
||||
|
wildcard (using ~*~) is supported. |
||||
|
|
||||
|
Additionally, bash braces expansion and regex matching are |
||||
|
available. Space separated YAML string or YAML sequences are |
||||
|
supported, also as mix of both. |
||||
|
|
||||
|
As examples, notice the following are equivalent and will serve |
||||
|
=myservice= on the exact same set of domain names: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
myservice: |
||||
|
relations: |
||||
|
web-proxy: |
||||
|
domain: |
||||
|
## A yaml list |
||||
|
- myservice.home.org |
||||
|
- mydomain.org |
||||
|
- www.mydomain.org |
||||
|
- pro.mydomain.org |
||||
|
- *.myservice.hop.org |
||||
|
#+end_src |
||||
|
|
||||
|
|
||||
|
#+begin_src yaml |
||||
|
myservice: |
||||
|
# ... no domain set in relation |
||||
|
apache: |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
## A yaml list as a mapping value |
||||
|
myservice: |
||||
|
- myservice.home.org |
||||
|
- {,www.,pro.}mydomain.org ## bash braces expansion used |
||||
|
- *.myservice.hop.org |
||||
|
#+end_src |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
myservice: |
||||
|
# ... |
||||
|
apache: |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
## space separated YAML string and bash braces expansion |
||||
|
myservice: myservice.home.org {,www.,pro.}mydomain.org *.myservice.hop.org |
||||
|
#+end_src |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
myservice: |
||||
|
# ... |
||||
|
apache: |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
## Leveraging bash braces expansion and regex replacement |
||||
|
.*: {$0.home,{,www.,pro.}mydomain,*.$0.hop}.org |
||||
|
#+end_src |
||||
|
|
||||
|
** Domain mapping |
||||
|
|
||||
|
You can automatically assign a domain to services in relation |
||||
|
=web-proxy= or =publish-dir= with services managed by this charm using |
||||
|
the =service-domain-name= option. For instance: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
apache: |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
.*: $0.mydomain.org |
||||
|
#+end_src |
||||
|
|
||||
|
Where ~mydomain.org~ stands for the domain where most of your services |
||||
|
will be served. You can override this behavior for some services: |
||||
|
- by adding a matching rule *before* the given rule. |
||||
|
- by specifying a =domain= in the relation's options. |
||||
|
|
||||
|
first rule matching will end the mapping: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
apache: |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
foo: www.mydomain.org |
||||
|
bar: beta.myotherdomain.com |
||||
|
#+end_src |
||||
|
|
||||
|
Allows to distribute services to domains quite freely. |
||||
|
|
||||
|
|
||||
|
* SSH Tunnel |
||||
|
|
||||
|
On the server side, you can configure your compose file:: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
apache: |
||||
|
options: |
||||
|
ssh-tunnel: |
||||
|
domain: ssh.domain.com ## required |
||||
|
#ssl: ... ## required, but automatically setup if you |
||||
|
## provide a ``cert-provider`` to ``apache``. |
||||
|
#+end_src |
||||
|
|
||||
|
|
||||
|
On the client side you should add this to your ``~/.ssh/config``:: |
||||
|
|
||||
|
#+begin_src conf-space |
||||
|
Host ssh.domain.com |
||||
|
Port 443 |
||||
|
ProxyCommand proxytunnel -q -E -p ssh.domain.com:443 -d ssh.domain.com:22 |
||||
|
DynamicForward 1080 |
||||
|
ServerAliveInterval 60 |
||||
|
#+end_src |
||||
|
|
||||
|
If it doesn't work, you can do some checks thanks to this command:: |
||||
|
|
||||
|
#+begin_example |
||||
|
$ proxytunnel -E -p ssh.domain.com:443 -d ssh.domain.com:22 -v \ |
||||
|
-H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n" |
||||
|
#+end_example |
||||
|
|
||||
|
|
@ -1,29 +0,0 @@ |
|||||
|
|
||||
|
|
||||
SSH Tunnel |
|
||||
---------- |
|
||||
|
|
||||
On the server side, you can configure your compose file:: |
|
||||
|
|
||||
apache: |
|
||||
options: |
|
||||
ssh-tunnel: |
|
||||
domain: ssh.domain.com ## required |
|
||||
#ssh: ... ## required, but automatically setup if you |
|
||||
## provide a ``cert-provider`` to ``apache``. |
|
||||
|
|
||||
|
|
||||
On the client side you should add this to your ``~/.ssh/config``:: |
|
||||
|
|
||||
Host ssh.domain.com |
|
||||
Port 443 |
|
||||
ProxyCommand proxytunnel -q -E -p ssh.domain.com:443 -d ssh.domain.com:22 |
|
||||
DynamicForward 1080 |
|
||||
ServerAliveInterval 60 |
|
||||
|
|
||||
If it doesn't work, you can do some checks thanks to this command:: |
|
||||
|
|
||||
$ proxytunnel -E -p ssh.domain.com:443 -d ssh.domain.com:22 -v \ |
|
||||
-H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n" |
|
||||
|
|
||||
|
|
@ -0,0 +1,316 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
exname=$(basename $0) |
||||
|
|
||||
|
compose_core=$(which compose-core) || { |
||||
|
echo "Requires compose-core executable to be in \$PATH." >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
fetch-def() { |
||||
|
local path="$1" fname="$2" |
||||
|
( . "$path" 1>&2 || { |
||||
|
echo "Failed to load '$path'." >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
declare -f "$fname" |
||||
|
) |
||||
|
} |
||||
|
|
||||
|
prefix_cmd=" |
||||
|
. /etc/shlib |
||||
|
|
||||
|
include common |
||||
|
include parse |
||||
|
|
||||
|
. ../lib/common |
||||
|
|
||||
|
$(fetch-def "$compose_core" yaml_get_values) |
||||
|
$(fetch-def "$compose_core" yaml_get_interpret) |
||||
|
|
||||
|
" || { |
||||
|
echo "Couldn't build prefix cmd" >&2 |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
# mock |
||||
|
cfg-get-value() { |
||||
|
local key="$1" |
||||
|
shyaml get-value "$key" 2>/dev/null |
||||
|
} |
||||
|
export -f cfg-get-value |
||||
|
|
||||
|
yaml_get_interpret() { |
||||
|
shyaml get-value |
||||
|
} |
||||
|
export -f yaml_get_interpret |
||||
|
|
||||
|
|
||||
|
export state_tmpdir=$(mktemp -d -t tmp.XXXXXXXXXX) |
||||
|
trap "rm -rf \"$state_tmpdir\"" EXIT |
||||
|
|
||||
|
## |
||||
|
## Tests |
||||
|
## |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
'" |
||||
|
is errlvl 1 |
||||
|
is err reg 'Error: .*domain option.*' |
||||
|
is out '' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: toto |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'toto |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: toto titi |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'toto titi |
||||
|
' |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
- toto |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'toto |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
server-aliases: |
||||
|
'" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part 'No domain name set' |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
server-aliases: |
||||
|
'" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part 'No domain name set' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
server-aliases: |
||||
|
- toto |
||||
|
'" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part "You can't specify server aliases if you don't have a domain" |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: foo |
||||
|
server-aliases: |
||||
|
- bar |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'foo bar |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: foo |
||||
|
server-aliases: bar |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'foo bar |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
- foo |
||||
|
server-aliases: bar |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'foo bar |
||||
|
' |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
- foo{1,2} bar |
||||
|
server-aliases: wiz |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'foo1 foo2 bar wiz |
||||
|
' |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
- foo{1,2} bar |
||||
|
server-aliases: foo1 |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'foo1 foo2 bar |
||||
|
' |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
- foo{1,2} bar |
||||
|
- \"*.zoo\" |
||||
|
server-aliases: foo1 |
||||
|
'" |
||||
|
noerror |
||||
|
is out 'foo1 foo2 bar *.zoo |
||||
|
' |
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: foo+ bar |
||||
|
'" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part 'Invalid domain value' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options.service-domain-map: |
||||
|
'" "empty service-domain-map" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part 'No domain name set' |
||||
|
is err part 'service-domain-map' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
BASE_SERVICE_NAME=foo |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
wiz: bar |
||||
|
'" "no map matching in service-domain-map" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part 'No domain name set' |
||||
|
is err part 'service-domain-map' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
wiz: bar |
||||
|
'" "matching map in service-domain-map" |
||||
|
noerror |
||||
|
is out 'bar |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
wiz?: bar |
||||
|
wiz: bar2 |
||||
|
'" "only first matching map in service-domain-map" |
||||
|
noerror |
||||
|
is out 'bar |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
\"[w]i?zz?\": bar |
||||
|
'" "map are regex in service-domain-map" |
||||
|
noerror |
||||
|
is out 'bar |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
(w)i(z): bar\$1\$2 |
||||
|
'" "regex capture in service-domain-map" |
||||
|
noerror |
||||
|
is out 'barwz |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
.*: \$0.shrubbery |
||||
|
'" "regex capture 2 in service-domain-map" |
||||
|
noerror |
||||
|
is out 'wiz.shrubbery |
||||
|
' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
.*: \$x |
||||
|
'" "refuse other variables in service-domain-map" |
||||
|
is errlvl 1 |
||||
|
is err part 'Error: ' |
||||
|
is err part 'Invalid mapping value' |
||||
|
|
||||
|
|
||||
|
try " |
||||
|
export BASE_SERVICE_NAME=wiz |
||||
|
get_domains ' |
||||
|
domain: |
||||
|
' ' |
||||
|
options: |
||||
|
service-domain-map: |
||||
|
.*: |
||||
|
- \$0.example.com |
||||
|
- my-\$0.domain.org |
||||
|
|
||||
|
'" "list is possible as value of service-domain-map" |
||||
|
noerror |
||||
|
is out 'wiz.example.com my-wiz.domain.org |
||||
|
' |
@ -0,0 +1,20 @@ |
|||||
|
# -*- ispell-local-dictionary: "english" -*- |
||||
|
|
||||
|
* How to reset password version 1.X : |
||||
|
|
||||
|
#+begin_src sh |
||||
|
## 1. Access the server and then enter the container |
||||
|
docker exec -ti hedgedoc sh |
||||
|
|
||||
|
## 2. use the script to manage users ./bin/manage_users |
||||
|
|
||||
|
Command-line utility to create users for email-signin. |
||||
|
|
||||
|
Usage: bin/manage_users [--pass password] (--add | --del) user-email |
||||
|
Options: |
||||
|
--add Add user with the specified user-email |
||||
|
--del Delete user with specified user-email |
||||
|
--reset Reset user password with specified user-email |
||||
|
--pass Use password from cmdline rather than prompting |
||||
|
#+end_src |
||||
|
|
@ -0,0 +1,15 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
## When writing relation script, remember: |
||||
|
## - they should be idempotents |
||||
|
## - they can be launched while the dockers is already up |
||||
|
## - they are launched from the host |
||||
|
## - the target of the link is launched first, and get a chance to ``relation-set`` |
||||
|
## - both side of the scripts get to use ``relation-get``. |
||||
|
|
||||
|
relation-set type mysql || { |
||||
|
err "Could not set relation ${WHITE}type${NORMAL} to 'mysql'." |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
. hooks/mysql_database-relation-joined |
@ -1,51 +0,0 @@ |
|||||
#!/bin/bash |
|
||||
|
|
||||
. lib/common |
|
||||
|
|
||||
set -e |
|
||||
|
|
||||
PASSWORD="$(relation-get password)" |
|
||||
USER="$(relation-get user)" |
|
||||
DBNAME="$(relation-get dbname)" |
|
||||
|
|
||||
|
|
||||
## This check adds purely arbitrary limits to what could be a password |
|
||||
## if we need to open that more, just consider the next script where we'll |
|
||||
## need to write in a PHP structure, or in YAML structure. |
|
||||
|
|
||||
## Note that here, "[]" chars are not accepted just because it doesn't seem evident |
|
||||
## to test for those in bash. |
|
||||
if ! [[ "$PASSWORD" =~ ^[a-zA-Z0-9~\`\&+=@\#^\*/\\_%\$:\;\!?.,\<\>{}()\"\'|-]*$ ]]; then |
|
||||
err "Invalid password chosen for mysql database." |
|
||||
exit 1 |
|
||||
fi |
|
||||
|
|
||||
## if config is not existent |
|
||||
if [ -e "$CONFIGFILE" ] && grep "^ 'dbuser' => '" "$CONFIGFILE" >/dev/null; then |
|
||||
|
|
||||
## 'occ' can't be used as it will try to connect to mysql before running and |
|
||||
## will fail if user/password is not correct |
|
||||
|
|
||||
## We need to get through bash, and sed interpretation, then PHP single quoted strings. |
|
||||
quoted_user="${USER//\\/\\\\\\\\\\}" |
|
||||
quoted_user="${quoted_user//\'/\\\\\'}" |
|
||||
quoted_password="${PASSWORD//\\/\\\\\\\\\\}" |
|
||||
quoted_password="${quoted_password//\'/\\\\\'}" |
|
||||
sed -ri "s/^( 'dbuser' => ')(.*)(',)$/\1${quoted_user}\3/g;\ |
|
||||
s/^( 'dbpassword' => ')(.*)(',)$/\1${quoted_password}\3/g;" "$CONFIGFILE" |
|
||||
else |
|
||||
|
|
||||
## These variable are not used by current docker image after first install |
|
||||
|
|
||||
config-add "\ |
|
||||
services: |
|
||||
$MASTER_BASE_SERVICE_NAME: |
|
||||
environment: |
|
||||
MYSQL_HOST: $MASTER_TARGET_SERVICE_NAME |
|
||||
MYSQL_DATABASE: $DBNAME |
|
||||
MYSQL_PASSWORD: $PASSWORD |
|
||||
MYSQL_USER: $USER |
|
||||
" |
|
||||
fi |
|
||||
|
|
||||
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." |
|
@ -0,0 +1 @@ |
|||||
|
postgres_database-relation-joined |
@ -1,51 +1,11 @@ |
|||||
#!/bin/bash |
#!/bin/bash |
||||
|
|
||||
. lib/common |
|
||||
|
type="${0##*/}" |
||||
|
type="${type%_database-relation-joined}" |
||||
|
|
||||
set -e |
|
||||
|
set-relation type "$type" || { |
||||
|
err "Could not set relation ${WHITE}type${NORMAL} to '$type'." |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
PASSWORD="$(relation-get password)" |
|
||||
USER="$(relation-get user)" |
|
||||
DBNAME="$(relation-get dbname)" |
|
||||
|
|
||||
|
|
||||
## This check adds purely arbitrary limits to what could be a password |
|
||||
## if we need to open that more, just consider the next script where we'll |
|
||||
## need to write in a PHP structure, or in YAML structure. |
|
||||
|
|
||||
## Note that here, "[]" chars are not accepted just because it doesn't seem evident |
|
||||
## to test for those in bash. |
|
||||
if ! [[ "$PASSWORD" =~ ^[a-zA-Z0-9~\`\&+=@\#^\*/\\_%\$:\;\!?.,\<\>{}()\"\'|-]*$ ]]; then |
|
||||
err "Invalid password chosen for postgres database." |
|
||||
exit 1 |
|
||||
fi |
|
||||
|
|
||||
## if config is not existent |
|
||||
if [ -e "$CONFIGFILE" ] && grep "^ 'dbuser' => '" "$CONFIGFILE" >/dev/null; then |
|
||||
|
|
||||
## 'occ' can't be used as it will try to connect to postgres before running and |
|
||||
## will fail if user/password is not correct |
|
||||
|
|
||||
## We need to get through bash, and sed interpretation, then PHP single quoted strings. |
|
||||
quoted_user="${USER//\\/\\\\\\\\\\}" |
|
||||
quoted_user="${quoted_user//\'/\\\\\'}" |
|
||||
quoted_password="${PASSWORD//\\/\\\\\\\\\\}" |
|
||||
quoted_password="${quoted_password//\'/\\\\\'}" |
|
||||
sed -ri "s/^( 'dbuser' => ')(.*)(',)$/\1${quoted_user}\3/g;\ |
|
||||
s/^( 'dbpassword' => ')(.*)(',)$/\1${quoted_password}\3/g;" "$CONFIGFILE" |
|
||||
else |
|
||||
|
|
||||
## These variable are not used by current docker image after first install |
|
||||
|
|
||||
config-add "\ |
|
||||
services: |
|
||||
$MASTER_BASE_SERVICE_NAME: |
|
||||
environment: |
|
||||
POSTGRES_HOST: $MASTER_TARGET_SERVICE_NAME |
|
||||
POSTGRES_DB: $DBNAME |
|
||||
POSTGRES_PASSWORD: $PASSWORD |
|
||||
POSTGRES_USER: $USER |
|
||||
" |
|
||||
fi |
|
||||
|
|
||||
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." |
|
||||
|
. ./hooks/sql_database-relation-joined |
@ -0,0 +1,75 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
. lib/common |
||||
|
|
||||
|
set -e |
||||
|
TYPE="$(relation-get type)" || { |
||||
|
err "No ${WHITE}type${NORMAL} set in relation." |
||||
|
exit 1 |
||||
|
} |
||||
|
PASSWORD="$(relation-get password)" |
||||
|
USER="$(relation-get user)" |
||||
|
DBNAME="$(relation-get dbname)" |
||||
|
|
||||
|
|
||||
|
## This check adds purely arbitrary limits to what could be a password |
||||
|
## if we need to open that more, just consider the next script where we'll |
||||
|
## need to write in a PHP structure, or in YAML structure. |
||||
|
|
||||
|
## Note that here, "[]" chars are not accepted just because it doesn't seem evident |
||||
|
## to test for those in bash. |
||||
|
if ! [[ "$PASSWORD" =~ ^[a-zA-Z0-9~\`\&+=@\#^\*/\\_%\$:\;\!?.,\<\>{}()\"\'|-]*$ ]]; then |
||||
|
err "Invalid password chosen for $type database." |
||||
|
exit 1 |
||||
|
fi |
||||
|
|
||||
|
## if config is not existent |
||||
|
if [ -e "$CONFIGFILE" ] && grep "^ 'dbuser' => '" "$CONFIGFILE" >/dev/null; then |
||||
|
|
||||
|
## 'occ' can't be used as it will try to connect to db before running and |
||||
|
## will fail if user/password is not correct |
||||
|
|
||||
|
## We need to get through bash, and sed interpretation, then PHP single quoted strings. |
||||
|
quoted_user="${USER//\\/\\\\\\\\\\}" |
||||
|
quoted_user="${quoted_user//\'/\\\\\'}" |
||||
|
quoted_password="${PASSWORD//\\/\\\\\\\\\\}" |
||||
|
quoted_password="${quoted_password//\'/\\\\\'}" |
||||
|
case "$TYPE" in |
||||
|
mysql) |
||||
|
nextcloud_type="mysql";; |
||||
|
postgres) |
||||
|
nextcloud_type="pgsql";; |
||||
|
*) |
||||
|
err "Unknown type '$TYPE' for database." |
||||
|
exit 1 |
||||
|
;; |
||||
|
esac |
||||
|
|
||||
|
sed -ri "s/^( 'dbuser' => ')(.*)(',)$/\1${quoted_user}\3/g;\ |
||||
|
s/^( 'dbpassword' => ')(.*)(',)$/\1${quoted_password}\3/g;\ |
||||
|
s/^( 'dbtype' => ')(.*)(',)$/\1${nextcloud_type}\3/g;\ |
||||
|
s/^( 'dbhost' => ')(.*)(',)$/\1${MASTER_TARGET_SERVICE_NAME}\3/g;\ |
||||
|
" "$CONFIGFILE" |
||||
|
|
||||
|
else |
||||
|
|
||||
|
## These variable are not used by current docker image after first install |
||||
|
|
||||
|
if [ "$TYPE" == "mysql" ]; then |
||||
|
database_env_label="DATABASE" |
||||
|
else |
||||
|
database_env_label="DB" |
||||
|
fi |
||||
|
|
||||
|
config-add "\ |
||||
|
services: |
||||
|
$MASTER_BASE_SERVICE_NAME: |
||||
|
environment: |
||||
|
${TYPE^^}_HOST: $MASTER_TARGET_SERVICE_NAME |
||||
|
${TYPE^^}_${database_env_label}: $DBNAME |
||||
|
${TYPE^^}_PASSWORD: $PASSWORD |
||||
|
${TYPE^^}_USER: $USER |
||||
|
" |
||||
|
fi |
||||
|
|
||||
|
info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." |
@ -1,33 +1,20 @@ |
|||||
#!/bin/bash |
#!/bin/bash |
||||
|
|
||||
|
. lib/common |
||||
|
|
||||
set -e |
set -e |
||||
|
|
||||
DOMAIN=$(relation-get domain) || exit 1 |
DOMAIN=$(relation-get domain) || exit 1 |
||||
URL="$(relation-get url)" || exit 1 |
URL="$(relation-get url)" || exit 1 |
||||
PROTO="${URL%%://*}" |
PROTO="${URL%%://*}" |
||||
|
|
||||
if ! trusted_domains="$( |
|
||||
compose -q --no-relations --no-init occ "$MASTER_BASE_SERVICE_NAME" \ |
|
||||
config:system:get trusted_domains)"; then |
|
||||
err "Couldn't get 'trusted_domains'. Here's the ouput:" |
|
||||
echo "$trusted_domains" | prefix " | " >&2 |
|
||||
|
|
||||
echo "If the code of nextcloud is already there (command occ is found), but " >&2 |
|
||||
echo "the database is not yet created, this situation will arise." >&2 |
|
||||
|
nextcloud:config:simple:add overwritehost "$DOMAIN" || { |
||||
|
err "Failed to set ${WHITE}overwritehost${NORMAL} to '$DOMAIN'." |
||||
exit 1 |
exit 1 |
||||
fi |
|
||||
|
} |
||||
|
|
||||
occ_opts=( |
|
||||
## necessary as nextcloud do not detect correctly those, and behind |
|
||||
## a proxy, it will generate a lot of URL that are not detected |
|
||||
## by means of ``ReverseProxyPass`` on apache for instance |
|
||||
|
nextcloud:config:simple:add overwriteprotocol "$PROTO" || { |
||||
|
err "Failed to set ${WHITE}overwriteprotocol${NORMAL} to '$PROTO'." |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
config:system:set overwritehost --value="$DOMAIN" \; |
|
||||
config:system:set overwriteprotocol --value="$PROTO" |
|
||||
) |
|
||||
if ! [[ $'\n'"$trusted_domains"$'\n' == *$'\n'"$MASTER_BASE_SERVICE_NAME"$'\n'* ]]; then |
|
||||
trusted_index=$(echo "$trusted_domains" | wc -l) |
|
||||
debug "Adding $MASTER_TARGET_SERVICE_NAME to ${WHITE}trusted_domains${NORMAL}." |
|
||||
occ_opts+=( \; config:system:set trusted_domains "$trusted_index" --value="$MASTER_BASE_SERVICE_NAME") |
|
||||
fi |
|
||||
compose --no-relations --no-init occ "$MASTER_BASE_SERVICE_NAME" "${occ_opts[@]}" |
|
@ -0,0 +1,40 @@ |
|||||
|
|
||||
|
|
||||
|
Odoo-tecnativa is a odoo image containing all source and add-ons because |
||||
|
we want to certify the whole image. |
||||
|
|
||||
|
So this means there are no builds being managed by compose, and no injection |
||||
|
of code. |
||||
|
|
||||
|
|
||||
|
* Usage |
||||
|
|
||||
|
** dbfilter |
||||
|
|
||||
|
With image ~16.0~, an advanced version of ~dbfilter~ is installed. Here |
||||
|
a few examples: |
||||
|
|
||||
|
#+begin_src yaml |
||||
|
odoo: |
||||
|
# .. |
||||
|
options: |
||||
|
dbfilter: |
||||
|
## DOMAIN_REGEX: DBFILTER |
||||
|
'^www.domain.org$': '^bar$' ## domain `www.domain.org` can only see `bar`. |
||||
|
'^foo\.': 'foo_.*' ## domain starting with `foo.` can see db `foo_` |
||||
|
'^(?P<name>[^.]+)\.': '%{name}s_.*' ## domain starting with `<PREFIX>.` can see db `PREFIX_` |
||||
|
'': 'other_.*' ## all domains can see db 'other_*' |
||||
|
|
||||
|
## Don't forget to configure the domains in the web-proxy part ! |
||||
|
relations: |
||||
|
web-proxy: |
||||
|
apache: |
||||
|
domain: www.domain.org |
||||
|
aliases: |
||||
|
- foo.otherdomain.com |
||||
|
- bar.wiz.eu |
||||
|
- test.domain.org |
||||
|
#+end_src |
||||
|
|
||||
|
If there's only one database seen because of the ~dbfilter~, odoo will |
||||
|
use it by default. |
@ -1,8 +0,0 @@ |
|||||
|
|
||||
|
|
||||
Odoo-tecnativa is a odoo image containing all source and add-ons because |
|
||||
we want to certify the whole image. |
|
||||
|
|
||||
So this means there are no builds being managed by compose, and no injection |
|
||||
of code. |
|
||||
|
|
@ -0,0 +1,16 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
## When writing relation script, remember: |
||||
|
## - they should be idempotents |
||||
|
## - they can be launched while the dockers is already up |
||||
|
## - they are launched from the host |
||||
|
## - the target of the link is launched first, and get a chance to ``relation-set`` |
||||
|
## - both side of the scripts get to use ``relation-get``. |
||||
|
|
||||
|
relation-set type postgres || { |
||||
|
err "Could not set relation ${WHITE}type${NORMAL} to 'postgres'." |
||||
|
exit 1 |
||||
|
} |
||||
|
|
||||
|
. hooks/postgres_database-relation-joined |
||||
|
|
Write
Preview
Loading…
Cancel
Save
Reference in new issue