diff --git a/recipes/cagettepei/install.sh b/recipes/cagettepei/install.sh index 1f6afcd..39159ab 100755 --- a/recipes/cagettepei/install.sh +++ b/recipes/cagettepei/install.sh @@ -15,7 +15,6 @@ function check() { check_haxe3 || return 26 check_cagettepei_batch || return 35 check_cagettepei_timers || return 36 - echo "container <$CONTAINER> approved successfully!" } function check_apache_modules() { diff --git a/recipes/discourse/install.sh b/recipes/discourse/install.sh index 1278bb5..2ea3726 100755 --- a/recipes/discourse/install.sh +++ b/recipes/discourse/install.sh @@ -7,8 +7,6 @@ function check() { container_exists "$CONTAINER" || return 1 container_running "$CONTAINER" || return 2 - - echo "container <$CONTAINER> approved successfully!" } ### INSTALL diff --git a/recipes/dmz/install.sh b/recipes/dmz/install.sh index 1a8c806..ee39d0a 100755 --- a/recipes/dmz/install.sh +++ b/recipes/dmz/install.sh @@ -11,9 +11,6 @@ function check() { check_reverseproxy || return 4 check_banner || return 5 check_certbot || return 6 - - PREFIX="recipe:dmz:check" echo "container <$CONTAINER> approved successfully!" - return 0 } function check_reverseproxy() { diff --git a/recipes/dolibarr/install.sh b/recipes/dolibarr/install.sh index c1ebef9..b2bce92 100755 --- a/recipes/dolibarr/install.sh +++ b/recipes/dolibarr/install.sh @@ -8,9 +8,6 @@ function check() { check_mandatory_packages || return 11 check_one_release || return 12 - - echo "container <$CONTAINER> approved successfully!" - return 0 } function check_mandatory_packages() { diff --git a/recipes/mariadb/install.sh b/recipes/mariadb/install.sh index 181df0b..3500e51 100755 --- a/recipes/mariadb/install.sh +++ b/recipes/mariadb/install.sh @@ -12,8 +12,6 @@ function check() { test -f /etc/default/automysqlbackup grep -q BACKUPDIR=\"/mnt/BACKUP/mariadb\" /etc/default/automysqlbackup EOF - echo "container <$CONTAINER> approved successfully!" - return 0 } function build_device_backup() { diff --git a/recipes/odoo12/install.sh b/recipes/odoo12/install.sh index 87a87b1..1e86f7a 100755 --- a/recipes/odoo12/install.sh +++ b/recipes/odoo12/install.sh @@ -43,9 +43,6 @@ function check() { check_venv || return 14 check_favicon || return 15 check_file_odoo-addon-install || return 23 - - echo "container <$CONTAINER> approved successfully!" - return 0 } function install() { diff --git a/recipes/odoo15/install.sh b/recipes/odoo15/install.sh index 391baa4..0c55802 100755 --- a/recipes/odoo15/install.sh +++ b/recipes/odoo15/install.sh @@ -26,9 +26,6 @@ function check() { check_user_odoo || return 21 check_target_bgcolor || return 22 check_file_odoo-addon-install || return 23 - - echo "container <$CONTAINER> approved successfully!" - return 0 } function install() { diff --git a/recipes/postgresql/install.sh b/recipes/postgresql/install.sh index fe4b306..cf39853 100755 --- a/recipes/postgresql/install.sh +++ b/recipes/postgresql/install.sh @@ -3,7 +3,6 @@ function check() { PREFIX="recipe:postgresql:check" container_running "$CONTAINER" || return 10 - echo "checking postgresql regarding access to the bridge subnet <$BRIDGE_SUBNET>..." lxc exec "$CONTAINER" -- bash < approved!" return $status } diff --git a/recipes/redis/install.sh b/recipes/redis/install.sh index 04fb11c..93bb346 100755 --- a/recipes/redis/install.sh +++ b/recipes/redis/install.sh @@ -4,7 +4,6 @@ function check() { PREFIX="recipe:redis:check" container_running "$CONTAINER" || return 10 - echo "checking redis regarding access to its ip address <$REDIS_IP>..." lxc exec "$CONTAINER" -- bash < approved!" return $status } diff --git a/recipes/stub/install.sh b/recipes/stub/install.sh index 2bfacdc..8a079f4 100755 --- a/recipes/stub/install.sh +++ b/recipes/stub/install.sh @@ -4,7 +4,6 @@ function check() { PREFIX="recipe:stub:check" - echo "container <$CONTAINER> approved successfully!" } ### INSTALL diff --git a/recipes/wordpress/install.sh b/recipes/wordpress/install.sh index 36bbf35..6299b34 100755 --- a/recipes/wordpress/install.sh +++ b/recipes/wordpress/install.sh @@ -10,8 +10,6 @@ function check() { check_wordpress_tgz || return 22 check_wp-tool || return 23 check_wp-backup || return 24 - - echo "container <$CONTAINER> approved successfully!" return 0 } diff --git a/scripts/miaou b/scripts/miaou index bc6bdc6..98c37b5 100755 --- a/scripts/miaou +++ b/scripts/miaou @@ -168,12 +168,12 @@ function build_routes() { mkdir -p "$MIAOU_CONFIGDIR/dnsmasq" mapfile -t fqdns < <(yqm '.expanded.services[].fqdn') - echo "found <${#fqdns[@]}> fqdn" + echo "building ${#fqdns[@]} routes..." raw_dnsmasq='' for i in "${fqdns[@]}"; do raw_dnsmasq+="address=/$i/$DMZ_IP\\n" # append domains to conf - echo "re-routing any connection from https://$i to internal container <$DMZ_CONTAINER.lxd>" + echo "container <$DMZ_CONTAINER.lxd> serves https://$i" done builtin echo -e "$raw_dnsmasq" >"$MIAOU_CONFIGDIR/dnsmasq/raw.new" @@ -188,7 +188,7 @@ function build_routes() { } function build_dmz_certbot { - PREFIX="miaou:dmz:certbot" + PREFIX="miaou:certbot" if [[ "$target" != dev ]]; then @@ -244,18 +244,11 @@ function build_dmz_certbot { } function build_dmz_reverseproxy() { - PREFIX="miaou:dmz:nginx" + PREFIX="miaou:reverseproxy" - echo -n "building default configuration for nginx ... " mkdir -p "$MIAOU_CONFIGDIR/nginx" tera -t "$MIAOU_BASEDIR/templates/nginx/_default.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/_default" &>/dev/null - PREFIX="" echo OK - - echo -n "building hosts configuration for nginx ... " tera -t "$MIAOU_BASEDIR/templates/nginx/hosts.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nginx/hosts" &>/dev/null - PREFIX="" echo OK - - echo -n "pushing configuration to <$DMZ_CONTAINER> ... " for f in "$MIAOU_CONFIGDIR"/nginx/*; do lxc file push --uid=0 --gid=0 "$f" "$DMZ_CONTAINER/etc/nginx/sites-available/" &>/dev/null done @@ -266,7 +259,6 @@ function build_dmz_reverseproxy() { done nginx -tq && systemctl restart nginx EOF - PREFIX="" echo OK echo "nginx reloaded successfully!" } @@ -303,8 +295,8 @@ function build_monit() { # test whether monitored items actually run safely PREFIX="monit:build" - echo -n "testing monitored hosts ..." readarray -t hosts < <(yqmt '.expanded.services[] | [ .container, .port, .fqdn ]') + echo -n "monitoring ${#hosts[@]} hosts ..." for host in "${hosts[@]}"; do read -r -a item <<<"$host" container=${item[0]} @@ -328,10 +320,8 @@ function build_monit() { fi done - PREFIX="" echo OK # templates for monit - echo -n "copying templates for monit ..." mkdir -p "$MIAOU_CONFIGDIR/monit" tera -t "$MIAOU_BASEDIR/templates/monit/containers.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/monit/containers" >/dev/null tera -t "$MIAOU_BASEDIR/templates/monit/hosts.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/monit/hosts" >/dev/null @@ -347,14 +337,14 @@ function count_service_for_container() { } function build_nftables() { - PREFIX="miaou:nftables:build" + PREFIX="miaou:nftables" mkdir -p "$MIAOU_CONFIGDIR/nftables.rules.d" container_mail_passthrough=$(yqm '.firewall.container_mail_passthrough') if [[ "$container_mail_passthrough" != null ]]; then ip_mail_passthrough=$(lxc list "$container_mail_passthrough" -c4 -f csv | grep eth0 | cut -d ' ' -f1) [[ -z "$ip_mail_passthrough" ]] && echoerr "container <$container_mail_passthrough> passthrough unknown ip!" && exit 55 - echo "passthrough=$container_mail_passthrough/$ip_mail_passthrough" + echo "submission protocol granted as passthrough from container <$container_mail_passthrough> ip <$ip_mail_passthrough>" count=$(count_service_for_container "$container_mail_passthrough") [[ $count == 0 ]] && echowarn "no service detected => no passthrough, no change!" @@ -362,7 +352,7 @@ function build_nftables() { ip_mail_passthrough=$ip_mail_passthrough tera -e --env-key env -t "$MIAOU_BASEDIR/templates/nftables/lxd.table.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nftables.rules.d/lxd.table" &>/dev/null else - echo "no container passthrough" + echo "submission protocol prevented from any container" tera -t "$MIAOU_BASEDIR/templates/nftables/lxd.table.j2" "$EXPANDED_CONF" -o "$MIAOU_CONFIGDIR/nftables.rules.d/lxd.table" &>/dev/null fi @@ -457,40 +447,44 @@ function check_resolv_conf() { local bridge_gw resolver bridge_gw=$(lxc network get lxdbr0 ipv4.address | cut -d'/' -f1) - PREFIX="resolver:check" echo "container bridge is <$bridge_gw>" - resolver=$(grep nameserver /etc/resolv.conf | head -n1 | cut -d ' ' -f2) - PREFIX="resolver:check" echo "first resolver is <$resolver>" - [[ "$bridge_gw" != "$resolver" ]] && return 21 + + PREFIX="miaou:resolver" echo "nameserver for containers is <$resolver>" + return 0 } function prepare_containers() { - PREFIX="miaou:prepare" + PREFIX="miaou:containers" readarray -t containers < <(yqmt ".containers.[] | [ key, .[] ] ") + echo "preparing ${#containers[@]} containers for recipes..." + recipe_count=0 for i in "${containers[@]}"; do read -r -a item <<<"$i" container=${item[0]} for ((j = 1; j < ${#item[@]}; j++)); do + recipe_count=$((recipe_count + 1)) service="${item[$j]}" recipe_install="$MIAOU_BASEDIR/recipes/$service/install.sh" if [[ -f "$recipe_install" ]]; then - echo "install [$service] provided by container <$container>" "$recipe_install" "$container" else echoerr "FAILURE, for container <$container>, install recipe [$service] not found!" echoerr "please review configuration, mismatch recipe name maybe?" exit 50 fi + echo "container <$container> accepts recipe [$service]" done done + echo "approved ${#containers[@]} containers ready to accept ${recipe_count} recipes" } function build_services() { - PREFIX="miaou:build:services" - echo "building services..." + PREFIX="miaou:services" readarray -t services < <(yqmt '.expanded.services[] | [ .[] ]') + + echo "building ${#services[@]} services..." for i in "${services[@]}"; do read -r -a item <<<"$i"