Browse Source

logging

main
pvincent 2 months ago
parent
commit
3ad16ee583
  1. 1
      recipes/cagettepei/install.sh
  2. 2
      recipes/discourse/install.sh
  3. 3
      recipes/dmz/install.sh
  4. 3
      recipes/dolibarr/install.sh
  5. 2
      recipes/mariadb/install.sh
  6. 3
      recipes/odoo12/install.sh
  7. 3
      recipes/odoo15/install.sh
  8. 2
      recipes/postgresql/install.sh
  9. 2
      recipes/redis/install.sh
  10. 1
      recipes/stub/install.sh
  11. 2
      recipes/wordpress/install.sh
  12. 46
      scripts/miaou

1
recipes/cagettepei/install.sh

@ -15,7 +15,6 @@ function check() {
check_haxe3 || return 26
check_cagettepei_batch || return 35
check_cagettepei_timers || return 36
echo "container <$CONTAINER> approved successfully!"
}
function check_apache_modules() {

2
recipes/discourse/install.sh

@ -7,8 +7,6 @@ function check() {
container_exists "$CONTAINER" || return 1
container_running "$CONTAINER" || return 2
echo "container <$CONTAINER> approved successfully!"
}
### INSTALL

3
recipes/dmz/install.sh

@ -11,9 +11,6 @@ function check() {
check_reverseproxy || return 4
check_banner || return 5
check_certbot || return 6
PREFIX="recipe:dmz:check" echo "container <$CONTAINER> approved successfully!"
return 0
}
function check_reverseproxy() {

3
recipes/dolibarr/install.sh

@ -8,9 +8,6 @@ function check() {
check_mandatory_packages || return 11
check_one_release || return 12
echo "container <$CONTAINER> approved successfully!"
return 0
}
function check_mandatory_packages() {

2
recipes/mariadb/install.sh

@ -12,8 +12,6 @@ function check() {
test -f /etc/default/automysqlbackup
grep -q BACKUPDIR=\"/mnt/BACKUP/mariadb\" /etc/default/automysqlbackup
EOF
echo "container <$CONTAINER> approved successfully!"
return 0
}
function build_device_backup() {

3
recipes/odoo12/install.sh

@ -43,9 +43,6 @@ function check() {
check_venv || return 14
check_favicon || return 15
check_file_odoo-addon-install || return 23
echo "container <$CONTAINER> approved successfully!"
return 0
}
function install() {

3
recipes/odoo15/install.sh

@ -26,9 +26,6 @@ function check() {
check_user_odoo || return 21
check_target_bgcolor || return 22
check_file_odoo-addon-install || return 23
echo "container <$CONTAINER> approved successfully!"
return 0
}
function install() {

2
recipes/postgresql/install.sh

@ -3,7 +3,6 @@
function check() {
PREFIX="recipe:postgresql:check"
container_running "$CONTAINER" || return 10
echo "checking postgresql regarding access to the bridge subnet <$BRIDGE_SUBNET>..."
lxc exec "$CONTAINER" -- bash <<EOF
set -Eeuo pipefail
@ -14,7 +13,6 @@ function check() {
test -f /etc/default/autopostgresqlbackup
EOF
status="$?"
[[ $status -eq 0 ]] && echo "container <$CONTAINER> approved!"
return $status
}

2
recipes/redis/install.sh

@ -4,7 +4,6 @@ function check() {
PREFIX="recipe:redis:check"
container_running "$CONTAINER" || return 10
echo "checking redis regarding access to its ip address <$REDIS_IP>..."
lxc exec "$CONTAINER" -- bash <<EOF
set -Eeuo pipefail
@ -14,7 +13,6 @@ function check() {
grep -Eq "^protected-mode no" /etc/redis/redis.conf
EOF
status="$?"
[[ $status -eq 0 ]] && echo "container <$CONTAINER> approved!"
return $status
}

1
recipes/stub/install.sh

@ -4,7 +4,6 @@
function check() {
PREFIX="recipe:stub:check"
echo "container <$CONTAINER> approved successfully!"
}
### INSTALL

2
recipes/wordpress/install.sh

@ -10,8 +10,6 @@ function check() {
check_wordpress_tgz || return 22
check_wp-tool || return 23
check_wp-backup || return 24
echo "container <$CONTAINER> approved successfully!"
return 0
}

46
scripts/miaou

@ -168,12 +168,12 @@ function build_routes() {
mkdir -p "$MIAOU_CONFIGDIR/dnsmasq"
mapfile -t fqdns < <(yqm '.expanded.services[].fqdn')
echo "found <${#fqdns[@]}> fqdn"
echo "building ${#fqdns[@]} routes..."
raw_dnsmasq=''
for i in "${fqdns[@]}"; do
raw_dnsmasq+="address=/$i/$DMZ_IP\\n"
# append domains to conf
echo "re-routing any connection from https://$i to internal container <$DMZ_CONTAINER.lxd>"
echo "container <$DMZ_CONTAINER.lxd> serves https://$i"
done
builtin echo -e "$raw_dnsmasq" >"$MIAOU_CONFIGDIR/dnsmasq/raw.new"
@ -188,7 +188,7 @@ function build_routes() {
}
function build_dmz_certbot {
PREFIX="miaou:dmz:certbot"
PREFIX="miaou:certbot"
if [[ "$target" != dev ]]; then
@ -244,18 +244,11 @@ function build_dmz_certbot {
}
function build_dmz_reverseproxy() {
PREFIX="miaou:dmz:nginx"
PREFIX="miaou:reverseproxy"
echo -n "building default configuration for nginx ... "
mkdir -p "$MIAOU_CONFIGDIR/nginx"
tera -t "$MIAOU_BASEDIR/templates/nginx/_default.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/_default" &>/dev/null
PREFIX="" echo OK
echo -n "building hosts configuration for nginx ... "
tera -t "$MIAOU_BASEDIR/templates/nginx/hosts.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/hosts" &>/dev/null
PREFIX="" echo OK
echo -n "pushing configuration to <$DMZ_CONTAINER> ... "
for f in "$MIAOU_CONFIGDIR"/nginx/*; do
lxc file push --uid=0 --gid=0 "$f" "$DMZ_CONTAINER/etc/nginx/sites-available/" &>/dev/null
done
@ -266,7 +259,6 @@ function build_dmz_reverseproxy() {
done
nginx -tq && systemctl restart nginx
EOF
PREFIX="" echo OK
echo "nginx reloaded successfully!"
}
@ -303,8 +295,8 @@ function build_monit() {
# test whether monitored items actually run safely
PREFIX="monit:build"
echo -n "testing monitored hosts ..."
readarray -t hosts < <(yqmt '.expanded.services[] | [ .container, .port, .fqdn ]')
echo -n "monitoring ${#hosts[@]} hosts ..."
for host in "${hosts[@]}"; do
read -r -a item <<<"$host"
container=${item[0]}
@ -328,10 +320,8 @@ function build_monit() {
fi
done
PREFIX="" echo OK
# templates for monit
echo -n "copying templates for monit ..."
mkdir -p "$MIAOU_CONFIGDIR/monit"
tera -t "$MIAOU_BASEDIR/templates/monit/containers.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/monit/containers" >/dev/null
tera -t "$MIAOU_BASEDIR/templates/monit/hosts.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/monit/hosts" >/dev/null
@ -347,14 +337,14 @@ function count_service_for_container() {
}
function build_nftables() {
PREFIX="miaou:nftables:build"
PREFIX="miaou:nftables"
mkdir -p "$MIAOU_CONFIGDIR/nftables.rules.d"
container_mail_passthrough=$(yqm '.firewall.container_mail_passthrough')
if [[ "$container_mail_passthrough" != null ]]; then
ip_mail_passthrough=$(lxc list "$container_mail_passthrough" -c4 -f csv | grep eth0 | cut -d ' ' -f1)
[[ -z "$ip_mail_passthrough" ]] && echoerr "container <$container_mail_passthrough> passthrough unknown ip!" && exit 55
echo "passthrough=$container_mail_passthrough/$ip_mail_passthrough"
echo "submission protocol granted as passthrough from container <$container_mail_passthrough> ip <$ip_mail_passthrough>"
count=$(count_service_for_container "$container_mail_passthrough")
[[ $count == 0 ]] && echowarn "no service detected => no passthrough, no change!"
@ -362,7 +352,7 @@ function build_nftables() {
ip_mail_passthrough=$ip_mail_passthrough tera -e --env-key env -t "$MIAOU_BASEDIR/templates/nftables/lxd.table.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nftables.rules.d/lxd.table" &>/dev/null
else
echo "no container passthrough"
echo "submission protocol prevented from any container"
tera -t "$MIAOU_BASEDIR/templates/nftables/lxd.table.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nftables.rules.d/lxd.table" &>/dev/null
fi
@ -457,40 +447,44 @@ function check_resolv_conf() {
local bridge_gw resolver
bridge_gw=$(lxc network get lxdbr0 ipv4.address | cut -d'/' -f1)
PREFIX="resolver:check" echo "container bridge is <$bridge_gw>"
resolver=$(grep nameserver /etc/resolv.conf | head -n1 | cut -d ' ' -f2)
PREFIX="resolver:check" echo "first resolver is <$resolver>"
[[ "$bridge_gw" != "$resolver" ]] && return 21
PREFIX="miaou:resolver" echo "nameserver for containers is <$resolver>"
return 0
}
function prepare_containers() {
PREFIX="miaou:prepare"
PREFIX="miaou:containers"
readarray -t containers < <(yqmt ".containers.[] | [ key, .[] ] ")
echo "preparing ${#containers[@]} containers for recipes..."
recipe_count=0
for i in "${containers[@]}"; do
read -r -a item <<<"$i"
container=${item[0]}
for ((j = 1; j < ${#item[@]}; j++)); do
recipe_count=$((recipe_count + 1))
service="${item[$j]}"
recipe_install="$MIAOU_BASEDIR/recipes/$service/install.sh"
if [[ -f "$recipe_install" ]]; then
echo "install [$service] provided by container <$container>"
"$recipe_install" "$container"
else
echoerr "FAILURE, for container <$container>, install recipe [$service] not found!"
echoerr "please review configuration, mismatch recipe name maybe?"
exit 50
fi
echo "container <$container> accepts recipe [$service]"
done
done
echo "approved ${#containers[@]} containers ready to accept ${recipe_count} recipes"
}
function build_services() {
PREFIX="miaou:build:services"
echo "building services..."
PREFIX="miaou:services"
readarray -t services < <(yqmt '.expanded.services[] | [ .[] ]')
echo "building ${#services[@]} services..."
for i in "${services[@]}"; do
read -r -a item <<<"$i"

Loading…
Cancel
Save