binary update
This commit is contained in:
parent
2ba6247a58
commit
ebd00ff587
BIN
provisioning/roles/deploy_all/files/bin/deploy_as
Executable file
BIN
provisioning/roles/deploy_all/files/bin/deploy_as
Executable file
Binary file not shown.
@ -2,7 +2,6 @@
|
||||
. driglibash-base
|
||||
. /etc/jeancloud.env
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
[ ! -f /data/mounted ] && die "/data is not mounted"
|
||||
|
||||
@ -30,6 +29,7 @@ if [ ! -d "$new_nginx_conf_path" ] ; then
|
||||
die "Can’t deploy service in degraded state. $new_nginx_conf_path dir is missing, please run deployall.sh first"
|
||||
fi
|
||||
|
||||
IFS=';' read uid username _ server < <(grep ";$service;" /docker/services.csv)
|
||||
|
||||
docker_service="$(echo "$service" | tr '.' '_')"
|
||||
driglibash_section_prefix="[$service] "
|
||||
@ -47,9 +47,9 @@ cd "/docker/$service"
|
||||
###############################################################################
|
||||
|
||||
if "$deploy" ; then
|
||||
mkdir -p "$DATA_DIR" "$HTTP_DIR"
|
||||
run mkdir -p "$DATA_DIR" "$HTTP_DIR"
|
||||
# Try running podman as non-root first…
|
||||
chown www-data:www-data -R "$HTTP_DIR"
|
||||
run chown $uid:www-data -R "$HTTP_DIR"
|
||||
else
|
||||
[ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR"
|
||||
fi
|
||||
@ -59,11 +59,19 @@ fi
|
||||
# Run scripts
|
||||
###############################################################################
|
||||
|
||||
# Did deploy failed
|
||||
returncode=0
|
||||
if "$deploy" ; then
|
||||
[ -x deploy.sh ] && ./deploy.sh
|
||||
[ -x deploy_http.sh ] && sudo -u www-data bash -c "set -a ; . '$DOCKER_DIR/.env' ; set +a ; . ./deploy_http.sh"
|
||||
if [ -x deploy.sh ] ; then
|
||||
run ./deploy.sh
|
||||
[ "$?" -ne 0 ] && echo "Erreur deploy.sh" && returncode=1
|
||||
fi
|
||||
if [ -x deploy_user.sh ] ; then
|
||||
deploy_as "$service"
|
||||
[ "$?" -ne 0 ] && echo "Erreur deploy_user.sh" && returncode=1
|
||||
fi
|
||||
else
|
||||
[ -x undeploy.sh ] && . undeploy.sh
|
||||
[ -x undeploy.sh ] && run ./undeploy.sh
|
||||
fi
|
||||
|
||||
|
||||
@ -78,13 +86,17 @@ if [ -f "/docker/$service/docker-compose.yml" ] && [ -n "$(grep '^[^#]*services
|
||||
# XXX Login to docker registry
|
||||
|
||||
section "Pulling images"
|
||||
run docker-compose pull
|
||||
docker-compose pull
|
||||
if [ "$?" -ne 0 ] ; then
|
||||
echo "PULL FAILED"
|
||||
fi
|
||||
|
||||
section "Starting service"
|
||||
run docker-compose up -d --remove-orphans
|
||||
[ "$?" -ne 0 ] && echo "Erreur docker compose" && returncode=1
|
||||
else
|
||||
section "Removing containers"
|
||||
docker-compose down --rmi all --remove-orphans
|
||||
run docker-compose down --rmi all --remove-orphans
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -111,11 +123,12 @@ for file in $( find "/docker/$service" -name "wg-*.sh") ; do
|
||||
wgif="${wgif:3:-3}"
|
||||
"$file" $wgif > "/etc/wireguard/$wgif.conf"
|
||||
if "$deploy" ; then
|
||||
systemctl enable "wg-quick@$wgif"
|
||||
startwg.sh "$wgif"
|
||||
run systemctl enable "wg-quick@$wgif"
|
||||
run startwg.sh "$wgif"
|
||||
[ "$?" -ne 0 ] && echo "Erreur wireguard" && returncode=1
|
||||
else
|
||||
if [ -z "$(ip a | grep "$wgif")" ] ; then
|
||||
wg-quick down "$wgif"
|
||||
run wg-quick down "$wgif"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
@ -138,9 +151,10 @@ fi
|
||||
|
||||
section "Testing nginx conf"
|
||||
run nginx -t -c /etc/nginx/new_nginx.conf
|
||||
[ "$?" -ne 0 ] && echo "Erreur nginx" && returncode=1
|
||||
|
||||
if [ "$noreload" == false ] ; then
|
||||
restart_nginx.sh
|
||||
run restart_nginx.sh
|
||||
fi
|
||||
|
||||
section "Cleaning"
|
||||
@ -151,4 +165,5 @@ if [ -z "$(ls -A "$HTTP_DIR")" ] ; then
|
||||
run rmdir "$HTTP_DIR"
|
||||
fi
|
||||
|
||||
|
||||
clean
|
||||
exit "$returncode"
|
||||
|
26
provisioning/roles/deploy_all/files/bin/deploy_user.sh
Executable file
26
provisioning/roles/deploy_all/files/bin/deploy_user.sh
Executable file
@ -0,0 +1,26 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
if [ "$#" -ne 1 ] || [ -z "$1" ] ; then
|
||||
echo "Usage: $0 <service_name>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
service="$1"
|
||||
|
||||
user_file="/docker/$service/deploy_user.sh"
|
||||
env_file="/docker/$service/.env"
|
||||
|
||||
if [ ! -f "$user_file" ] ; then
|
||||
echo "No such file: $user_file"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -f "$env_file" ] ; then
|
||||
set -a
|
||||
source "$env_file"
|
||||
set +a
|
||||
fi
|
||||
|
||||
"$user_file"
|
@ -2,7 +2,7 @@
|
||||
|
||||
driglibash_run_retry=true
|
||||
. driglibash-base
|
||||
set -euo pipefail
|
||||
set -u
|
||||
|
||||
# Already done at upload time ?
|
||||
#run gen_env.sh
|
||||
@ -54,16 +54,15 @@ run mkdir -p "$new_nginx_conf_path"
|
||||
# Deploy services
|
||||
###############################################################################
|
||||
|
||||
if [ -f "/data/unmounted" ] || [ ! -f "/data/mounted" ] ; then
|
||||
die "Error: /data is not mounted."
|
||||
fi
|
||||
|
||||
section "Start docker"
|
||||
run systemctl start docker docker.socket
|
||||
|
||||
section "Deploy mandatory services"
|
||||
deploy_service.sh deployer.jean-cloud.org noreload
|
||||
|
||||
# List of failed services
|
||||
failed=""
|
||||
|
||||
while read line ; do
|
||||
read -r service target <<<$(echo "$line")
|
||||
|
||||
@ -79,9 +78,17 @@ while read line ; do
|
||||
|
||||
echo "Deploying"
|
||||
deploy_service.sh "$service" "noreload"
|
||||
if [ "$?" -ne 0 ] ; then
|
||||
failed="$failed $service"
|
||||
fi
|
||||
|
||||
done < /docker/services.txt
|
||||
done < <(grep -v '^[[:blank:]]*#' /docker/services.txt)
|
||||
|
||||
restart_nginx.sh
|
||||
|
||||
if [ -n "$failed" ] ; then
|
||||
echo "FAILED SERVICES"
|
||||
echo "$failed"
|
||||
fi
|
||||
|
||||
clean
|
||||
|
@ -16,7 +16,7 @@ fi
|
||||
|
||||
. /etc/jeancloud.env
|
||||
|
||||
# Look in both dns directories
|
||||
# Look in both cert directories
|
||||
for dir in "$dns_certs_path" "$http_certs_path" ; do
|
||||
name="$(ls "$dir" | grep "^$service\(-[0-9]\{4\}\)\?$")" || true
|
||||
if [ -z "$name" ] ; then
|
||||
|
@ -28,6 +28,7 @@ for dir in /docker/* ; do
|
||||
line_in_file "SECRET_DIR='/data/secrets/$service'" "/docker/$service/.env"
|
||||
line_in_file "DOCKER_DIR='/docker/$service'" "/docker/$service/.env"
|
||||
line_in_file "JC_SERVICE='$service'" "/docker/$service/.env"
|
||||
line_in_file "HOME='/docker/$service'" "/docker/$service/.env"
|
||||
cert="$(findcert.sh "$service")" || true
|
||||
if [ -n "$cert" ] ; then
|
||||
line_in_file "JC_CERT='$cert'" "/docker/$service/.env"
|
||||
|
13
provisioning/roles/deploy_all/files/bin/init.sh
Executable file
13
provisioning/roles/deploy_all/files/bin/init.sh
Executable file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
|
||||
while IFS=';' read -r uid username service server
|
||||
do
|
||||
home="/data/$service"
|
||||
if [ -z "$(grep "^$username:" /etc/passwd)" ] ; then
|
||||
useradd -m -U -r -d "$home" "$username"
|
||||
fi
|
||||
|
||||
# Do not touch the group, it can be set to something useful
|
||||
chown "$username" "$home"
|
||||
chmod 770 "$home"
|
||||
done < <(grep -v '^#' /docker/services.csv)
|
31
provisioning/roles/deploy_all/files/bin/rclone_ncloud_publiclink.sh
Executable file
31
provisioning/roles/deploy_all/files/bin/rclone_ncloud_publiclink.sh
Executable file
@ -0,0 +1,31 @@
|
||||
#!/bin/bash
|
||||
|
||||
. driglibash-base
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
[ "$#" -ne 1 ] && die "Usage: $0 <dest_directory>"
|
||||
dest_dir="$1"
|
||||
[ -z "$dest_dir" ] && die "Arg 'dest_directory' should not be empty."
|
||||
|
||||
|
||||
# Get content from nextcloud
|
||||
webdav_url="$(echo "$NC_SHARE_LINK" | sed 's#/s/.*#/public.php/webdav/#')"
|
||||
webdav_user="$(echo "$NC_SHARE_LINK" |sed 's#.*/s/##')"
|
||||
webdav_pass="$(rclone obscure "$NC_SHARE_PASSWORD")"
|
||||
|
||||
rclone sync --config=/notfound --webdav-url="$webdav_url" --webdav-user="$webdav_user" --webdav-pass="$webdav_pass" --webdav-vendor=nextcloud :webdav: "$dest_dir"
|
||||
|
||||
# Go to website
|
||||
cd "$dest_dir"
|
||||
|
||||
# Rename .attachement dirs created by nextcloud
|
||||
while read filename ; do
|
||||
oldname="$(basename "$filename")"
|
||||
newname="${oldname:1}"
|
||||
path="$(dirname "$filename")"
|
||||
# And rename their references in md files
|
||||
find -type f -iname '*.md' -exec sed -i "s/$oldname/$newname/g" {} \;
|
||||
mv "$path/$oldname" "$path/$newname"
|
||||
done < <(find -type d -name '.attachments.*')
|
||||
|
@ -1,39 +1,42 @@
|
||||
sftp.jean-cloud.net raku.jean-cloud.org
|
||||
benevoles31.karnaval.fr max.jean-cloud.org
|
||||
feministesucl34.communisteslibertaires.org none
|
||||
builder.rimarima.fr raku.jean-cloud.org
|
||||
chahut.jean-cloud.net max.jean-cloud.org
|
||||
chiloe.eu shlago.jean-cloud.org
|
||||
coldcms.chahut.jean-cloud.net raku.jean-cloud.org
|
||||
collectif-arthadie.fr vandamme.jean-cloud.org
|
||||
compagnienouvelle.fr nougaro.jean-cloud.org
|
||||
copaines.jean-cloud.net max.jean-cloud.org
|
||||
cousinades.jean-cloud.net max.jean-cloud.org
|
||||
deployer.jean-cloud.org shlago.jean-cloud.org
|
||||
dnscerts.jean-cloud.org max.jean-cloud.org
|
||||
etrevivant.net shlago.jean-cloud.org
|
||||
feteducourt2020.jean-cloud.net shlago.jean-cloud.org
|
||||
feministesucl34.communisteslibertaires.org none
|
||||
feteducourt.jean-cloud.net shlago.jean-cloud.org
|
||||
feteducourt2020.jean-cloud.net shlago.jean-cloud.org
|
||||
git.jean-cloud.net vandamme.jean-cloud.org
|
||||
grapes.chahut.jean-cloud.net max.jean-cloud.org
|
||||
gypsylyonfestival.com max.jean-cloud.org
|
||||
inurbe.fr shlago.jean-cloud.org
|
||||
jean-cloud.net shlago.jean-cloud.org
|
||||
leida.fr vandamme.jean-cloud.org
|
||||
dnscerts.jean-cloud.org max.jean-cloud.org
|
||||
lexicographe.jean-cloud.net shlago.jean-cloud.org
|
||||
metamorphosemagazine.fr shlago.jean-cloud.org
|
||||
mux.radiodemo.oma-radio.fr raku.jean-cloud.org
|
||||
nc-backup.jean-cloud.net raku.jean-cloud.org
|
||||
ns1.jean-cloud.org tetede.jean-cloud.org
|
||||
ns.jean-cloud.org shlago.jean-cloud.org
|
||||
ns1.jean-cloud.org tetede.jean-cloud.org
|
||||
nuage.jean-cloud.net vandamme.jean-cloud.org
|
||||
oma-radio.fr vandamme.jean-cloud.org
|
||||
pa1.studios.oma-radio.fr tetede.jean-cloud.org
|
||||
paj.oma-radio.fr nougaro.jean-cloud.org
|
||||
quadrille-elsa.jean-cloud.net shlago.jean-cloud.org
|
||||
chiloe.eu shlago.jean-cloud.org
|
||||
soundbase.radiodemo.oma-radio.fr montbonnot.jean-cloud.org
|
||||
radiodemo.oma-radio.fr raku.jean-cloud.org
|
||||
mux.radiodemo.oma-radio.fr raku.jean-cloud.org
|
||||
radionimaitre.oma-radio.fr tetede.jean-cloud.org
|
||||
raplacgr.jean-cloud.net tetede.jean-cloud.org
|
||||
rimarima.fr raku.jean-cloud.org
|
||||
rpnow.jean-cloud.net vandamme.jean-cloud.org
|
||||
sftp.jean-cloud.net raku.jean-cloud.org
|
||||
soundbase.radiodemo.oma-radio.fr montbonnot.jean-cloud.org
|
||||
static.jean-cloud.net vandamme.jean-cloud.org
|
||||
velov.jean-cloud.net shlago.jean-cloud.org
|
||||
wiki-cgr.jean-cloud.net vandamme.jean-cloud.org
|
||||
static.jean-cloud.net vandamme.jean-cloud.org
|
||||
oma-radio.fr vandamme.jean-cloud.org
|
||||
radio.karnaval.fr tetede.jean-cloud.org
|
||||
|
Loading…
Reference in New Issue
Block a user