install_re2o.sh 13.1 KB
Newer Older
1
#!/bin/bash
2 3 4 5

setup_ldap() {
	apt-get -y install slapd

6
	echo "Hashing the LDAP password..."
7 8 9
	hashed_ldap_passwd=$(slappasswd -s $1)

	echo $hashed_ldap_passwd
10
	echo "Building the LDAP config files"
11 12 13
	sed 's|dc=example,dc=org|'"$2"'|g' install_utils/db.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db
	sed 's|dc=example,dc=org|'"$2"'|g' install_utils/schema.ldiff | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema

14
	echo "Deleting exisitng LDAP configuration"
15 16 17 18
	service slapd stop
	rm -rf /etc/ldap/slapd.d/*
	rm -rf /var/lib/ldap/*

19
	echo "Setting up the new LDAP configuration"
20 21 22
	slapadd -n 0 -l /tmp/schema -F /etc/ldap/slapd.d/
	slapadd -n 1 -l /tmp/db

23
	echo "Fixing the LDAP files permissions and restarting slapd"
24 25 26 27 28 29 30
	chown -R openldap:openldap /etc/ldap/slapd.d
	chown -R openldap:openldap /var/lib/ldap
	service slapd start
}


install_re2o_server() {
31 32 33
echo "Re2o setup !
This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation.
Installing sudo and dialog packages..."
34

35 36
export DEBIAN_FRONTEND=noninteractive

37
apt-get -y install sudo dialog
38

39 40
HEIGHT=15
WIDTH=40
41 42 43 44
CHOICE_HEIGHT=4

TITLE="Re2o setup !"
MSGBOX="This tool will help you setup re2o. It is highly recommended to use a Debian clean server for this operation."
45
init=$(dialog --clear \
46 47 48 49 50
        --title "$TITLE" \
        --msgbox "$MSGBOX" \
        $HEIGHT $WIDTH \
        2>&1 >/dev/tty)

51 52


53

54 55 56 57 58 59



BACKTITLE="Re2o preconfiguration of the database"
MENU="Choose an option"
TITLE="Database engine"
60 61 62 63 64 65 66 67 68 69 70 71 72
OPTIONS=(1 "mysql"
         2 "postgresql")
sql_bdd_type=$(dialog --clear \
                --backtitle "$BACKTITLE" \
                --title "$TITLE" \
                --menu "$MENU" \
                $HEIGHT $WIDTH $CHOICE_HEIGHT \
                "${OPTIONS[@]}" \
                2>&1 >/dev/tty)

clear


73 74 75 76



TITLE="Local extension to use (ex : example.net)"
77 78

extension_locale=$(dialog --title "$TITLE" \
79 80 81 82
                    --backtitle "$BACKTITLE" \
                    --inputbox "$TITLE" \
                    $HEIGHT $WIDTH \
                    2>&1 >/dev/tty)
83 84
clear

Gabriel Detraz's avatar
Gabriel Detraz committed
85 86 87 88 89 90 91 92 93 94
IFS='.' read -a extension_locale_array <<< $extension_locale


for i in "${extension_locale_array[@]}"
do
    ldap_dn+="dc=$i,"
done
ldap_dn=${ldap_dn::-1}
echo $ldap_dn

95 96 97 98 99




TITLE="SQL database location"
100
OPTIONS=(1 "Local"
101
         2 "Remote")
102 103 104 105 106 107 108 109 110 111 112

sql_is_local=$(dialog --clear \
                --backtitle "$BACKTITLE" \
                --title "$TITLE" \
                --menu "$MENU" \
                $HEIGHT $WIDTH $CHOICE_HEIGHT \
                "${OPTIONS[@]}" \
                2>&1 >/dev/tty)

clear

113
TITLE="SQL database password"
Gabriel Detraz's avatar
Gabriel Detraz committed
114

115 116 117 118 119 120 121 122
sql_password=$(dialog --title "$TITLE" \
	--backtitle "$BACKTITLE" \
        --inputbox "$TITLE" $HEIGHT $WIDTH \
        2>&1 >/dev/tty)
clear


if [ $sql_is_local == 2 ]
123
then
124
TITLE="Username to access the remote SQL database"
125 126 127 128 129
sql_login=$(dialog --title "$TITLE" \
	--backtitle "$BACKTITLE" \
        --inputbox "$TITLE" $HEIGHT $WIDTH \
        2>&1 >/dev/tty)
clear
130
TITLE="Name of the SQL database"
131 132 133 134 135
sql_name=$(dialog --title "$TITLE" \
	--backtitle "$BACKTITLE" \
        --inputbox "$TITLE" $HEIGHT $WIDTH \
        2>&1 >/dev/tty)
clear
136
TITLE="Host of the remote SQL database"
137 138 139 140 141
sql_host=$(dialog --title "$TITLE" \
	--backtitle "$BACKTITLE" \
        --inputbox "$TITLE" $HEIGHT $WIDTH \
        2>&1 >/dev/tty)
clear
Gabriel Detraz's avatar
Gabriel Detraz committed
142 143 144 145 146 147 148 149
else
sql_name="re2o"
sql_login="re2o"
sql_host="localhost"
fi



150 151 152 153 154



BACKTITLE="Re2o preconfiguration of the active directory"
TITLE="LDAP location"
155
OPTIONS=(1 "Local"
156
         2 "Remote")
157 158 159 160 161 162 163 164

ldap_is_local=$(dialog --clear \
                --backtitle "$BACKTITLE" \
                --title "$TITLE" \
                --menu "$MENU" \
                $HEIGHT $WIDTH $CHOICE_HEIGHT \
                "${OPTIONS[@]}" \
                2>&1 >/dev/tty)
Gabriel Detraz's avatar
Gabriel Detraz committed
165

166
TITLE="LDAP password"
167 168 169 170 171 172
ldap_password=$(dialog --title "$TITLE" \
	--backtitle "$BACKTITLE" \
        --inputbox "$TITLE" $HEIGHT $WIDTH \
        2>&1 >/dev/tty)
clear
if [ $ldap_is_local == 2 ]
173
then
174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195
    TITLE="CN entry for the admin user of the remote LDAP"
    ldap_cn=$(dialog --title "$TITLE" \
               --backtitle "$BACKTITLE" \
               --inputbox "$TITLE" $HEIGHT $WIDTH \
               2>&1 >/dev/tty)
    clear
    TITLE="Host of the remote LDAP"
    ldap_host=$(dialog --title "$TITLE" \
                 --backtitle "$BACKTITLE" \
                 --inputbox "$TITLE" $HEIGHT $WIDTH \
                 2>&1 >/dev/tty)
    clear
    TITLE="Is the TLS activated ?"
    OPTIONS=(1 "Yes"
             2 "No")
    ldap_tls=$(dialog --title "$TITLE" \
                --backtitle "$BACKTITLE" \
                --MENU "$MENU"\
                $HEIGHT $WIDTH $CHOICE_HEIGHT \
                "${OPTIONS[@]}" \
                2>&1 >/dev/tty)
    clear
Gabriel Detraz's avatar
Gabriel Detraz committed
196
else
197 198 199 200
    ldap_cn="cn=admin,"
    ldap_cn+=$ldap_dn
    ldap_host="localhost"
    ldap_tls=2
Gabriel Detraz's avatar
Gabriel Detraz committed
201 202 203
fi


204 205 206 207 208



BACKTITLE="Re2o preconfiguration of the mail server"
TITLE="Host of the mail server to use"
209 210
email_host=$(dialog --title "$TITLE" \
	--backtitle "$BACKTITLE" \
211 212
        --inputbox "$TITLE" \
        $HEIGHT $WIDTH \
213 214
        2>&1 >/dev/tty)

215 216 217 218
TITLE="Port of the mail server"
OPTIONS=(25 "SMTP"
         465 "SMTPS"
	 587 "Submission")
219 220 221 222 223 224 225 226 227 228

email_port=$(dialog --clear \
                --backtitle "$BACKTITLE" \
                --title "$TITLE" \
                --menu "$MENU" \
                $HEIGHT $WIDTH $CHOICE_HEIGHT \
                "${OPTIONS[@]}" \
                2>&1 >/dev/tty)
clear

229
install_base=$(dialog --clear \
230
	--title "Re2o setup!" \
231 232 233
        --msgbox "Installation des paquets de base" \
	$HEIGHT $WIDTH \
	2>&1 >/dev/tty)
234

235 236 237



238
echo "Installation des paquets de base"
239 240 241
apt-get -y install python3-django python3-dateutil texlive-latex-base texlive-fonts-recommended python3-djangorestframework python3-django-reversion python3-pip libsasl2-dev libldap2-dev libssl-dev python3-crypto python3-git libjs-jquery libjs-jquery-uil libjs-jquery-timepicker libjs-bootstrap
pip3 install django-bootstrap3 django-ldapdb==0.9.0 django-macaddress

Gabriel Detraz's avatar
Gabriel Detraz committed
242

243 244 245 246



echo "SQL Database setup"
247
if [ $sql_bdd_type == 1 ]
Gabriel Detraz's avatar
Gabriel Detraz committed
248
then
249
    apt-get -y install python3-mysqldb mysql-client
250 251 252 253
    mysql_command="CREATE DATABASE $sql_name collate='utf8_general_ci';
        CREATE USER '$sql_login'@'localhost' IDENTIFIED BY '$sql_password';
        GRANT ALL PRIVILEGES ON $sql_name.* TO '$sql_login'@'localhost';
        FLUSH PRIVILEGES;"
254
    if [ $sql_is_local == 1 ]
Gabriel Detraz's avatar
Gabriel Detraz committed
255
    then
256 257
        apt-get -y install mysql-server
        mysql -u root --execute="$mysql_command"
Gabriel Detraz's avatar
Gabriel Detraz committed
258
    else
259 260 261 262 263 264 265 266 267 268 269
        echo "Please execute the following command on the remote SQL server and then continue"
        echo "$mysql_command"
        while true
	do
            read -p "Continue (y/n)?" choice
            case "$choice" in
                y|Y ) break;;
                n|N ) exit;;
                * ) echo "Invalid";;
            esac
        done
Gabriel Detraz's avatar
Gabriel Detraz committed
270
    fi
271
else
272 273 274 275
    apt-get -y install postgresql-client python3-psycopg2
    pgsql_command1="CREATE DATABASE $sql_name ENCODING 'UTF8' LC_COLLATE='fr_FR.UTF-8' LC_CTYPE='fr_FR.UTF-8';"
    pgsql_command2="CREATE USER $sql_login with password '$sql_password';"
    pgsql_command3="ALTER DATABASE $sql_name owner to $sql_login;"
276
    if [ $sql_is_local == 1 ]
Gabriel Detraz's avatar
Gabriel Detraz committed
277
    then
278 279 280 281
        apt-get -y install postgresql
        sudo -u postgres psql --command="$pgsql_command1"
        sudo -u postgres psql --command="$pgsql_command2"
        sudo -u postgres psql --command="$pgsql_command3"
282
    else
283 284 285 286 287 288 289 290 291 292 293 294 295
        echo "Please execute the following commands on the remote SQL server and then continue"
        echo "sudo -u postgres psql $pgsql_command1"
        echo "sudo -u postgres psql $pgsql_command2"
        echo "sudo -u postgres psql $pgsql_command3"
        while true
	do
            read -p "Continue (y/n)?" choice
            case "$choice" in
                y|Y ) break;;
                n|N ) exit;;
                * ) echo "Invalid";;
            esac
        done
Gabriel Detraz's avatar
Gabriel Detraz committed
296
    fi
297
fi
Gabriel Detraz's avatar
Gabriel Detraz committed
298

299 300 301 302 303




echo "LDAP setup"
304
if [ $ldap_is_local == 1 ]
Gabriel Detraz's avatar
Gabriel Detraz committed
305
then
306 307 308 309 310 311 312 313 314 315
    setup_ldap $ldap_password $ldap_dn
else
    TITLE="LDAP server setup"
    MSGBOX="Please manually setup the remote LDAP server by launching the following commands: ./install_re2o.sh ldap $ldap_password $ldap_dn"
    ldap_setup=$(dialog --clear \
                  --title "$TITLE" \
                  --msgbox "$MSGBOX" \
                  $HEIGHT $WIDTH \
                  2>&1 >/dev/tty)
fi
Gabriel Detraz's avatar
Gabriel Detraz committed
316 317


318

Gabriel Detraz's avatar
Gabriel Detraz committed
319

320 321

echo "Writing of the settings_local.py file"
Gabriel Detraz's avatar
Gabriel Detraz committed
322

323
django_secret_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(50)]))")
324
aes_key=$(python -c "import random; print(''.join([random.SystemRandom().choice('abcdefghijklmnopqrstuvwxyz0123456789%=+') for i in range(32)]))")
Gabriel Detraz's avatar
Gabriel Detraz committed
325 326

cp re2o/settings_local.example.py re2o/settings_local.py
327 328 329 330 331 332
if [ $sql_bdd_type == 1 ]
then
    sed -i 's/db_engine/django.db.backends.mysql/g' re2o/settings_local.py
else
    sed -i 's/db_engine/django.db.backends.postgresql_psycopg2/g' re2o/settings_local.py
fi
333
sed -i 's/SUPER_SECRET_KEY/'"$django_secret_key"'/g' re2o/settings_local.py
Gabriel Detraz's avatar
Gabriel Detraz committed
334
sed -i 's/SUPER_SECRET_DB/'"$sql_password"'/g' re2o/settings_local.py
335
sed -i 's/A_SECRET_AES_KEY/'"$aes_key"'/g' re2o/settings_local.py
Gabriel Detraz's avatar
Gabriel Detraz committed
336 337 338 339
sed -i 's/db_name_value/'"$sql_name"'/g' re2o/settings_local.py
sed -i 's/db_user_value/'"$sql_login"'/g' re2o/settings_local.py
sed -i 's/db_host_value/'"$sql_host"'/g' re2o/settings_local.py
sed -i 's/ldap_dn/'"$ldap_cn"'/g' re2o/settings_local.py
340 341 342 343
if [ $ldap_tls == 2 ]
then
    sed -i "s/'TLS': True,/# 'TLS': True,#/g" re2o/settings_local.py
fi
Gabriel Detraz's avatar
Gabriel Detraz committed
344 345 346 347
sed -i 's/SUPER_SECRET_LDAP/'"$ldap_password"'/g' re2o/settings_local.py
sed -i 's/ldap_host_ip/'"$ldap_host"'/g' re2o/settings_local.py
sed -i 's/dc=example,dc=org/'"$ldap_dn"'/g' re2o/settings_local.py
sed -i 's/example.org/'"$extension_locale"'/g' re2o/settings_local.py
348 349
sed -i 's/MY_EMAIL_HOST/'"$email_host"'/g' re2o/settings_local.py
sed -i 's/MY_EMAIL_PORT/'"$email_port"'/g' re2o/settings_local.py
Gabriel Detraz's avatar
Gabriel Detraz committed
350

351 352 353 354 355



TITLE="Django setup"
MSGBOX="Applying the Django database migrations"
356
migrations=$(dialog --clear \
357 358
	--title "$TITLE" \
        --msgbox "$MSGBOX" \
359 360
	$HEIGHT $WIDTH \
	2>&1 >/dev/tty)
361

362 363
python3 manage.py migrate

364 365 366 367 368 369 370





TITLE="Django setup"
MSGBOX="Collecting statics"
371
static=$(dialog --clear \
372 373
	--title "$TITLE" \
        --msgbox "$MSGBOX" \
374 375
	$HEIGHT $WIDTH \
	2>&1 >/dev/tty)
376

chirac's avatar
chirac committed
377
python3 manage.py collectstatic
378

379 380 381 382 383



BACKTITLE="Web server"
TITLE="Web server to use"
384 385 386 387 388 389 390 391 392 393 394 395 396
OPTIONS=(1 "apache2"
         2 "nginx")

web_serveur=$(dialog --clear \
                --backtitle "$BACKTITLE" \
                --title "$TITLE" \
                --menu "$MENU" \
                $HEIGHT $WIDTH $CHOICE_HEIGHT \
                "${OPTIONS[@]}" \
                2>&1 >/dev/tty)

clear

397
TITLE="URL for accessing the web server (e.g. re2o.example.net). Be sure that this URL is accessible and correspond to a DNS entry if applicable."
398 399
url_server=$(dialog --title "$TITLE" \
	--backtitle "$BACKTITLE" \
400 401
        --inputbox "$TITLE" \
	$HEIGHT $WIDTH \
402 403 404
        2>&1 >/dev/tty)
clear

405
TITLE="Activate TLS with Let'Encrypt on the web server ?"
406 407 408 409 410 411 412 413 414 415 416 417 418
OPTIONS=(1 "Oui"
         2 "Non")

is_tls=$(dialog --clear \
                --backtitle "$BACKTITLE" \
                --title "$TITLE" \
                --menu "$MENU" \
                $HEIGHT $WIDTH $CHOICE_HEIGHT \
                "${OPTIONS[@]}" \
                2>&1 >/dev/tty)

clear

419 420
sed -i 's/URL_SERVER/'"$url_server"'/g' re2o/settings_local.py

421 422
if [ $web_serveur == 1 ]
then
423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441
    apt-get -y install apache2 libapache2-mod-wsgi-py3
    a2enmod ssl
    a2enmod wsgi
    if [ $is_tls == 1 ]
    then
        cp install_utils/apache2/re2o-tls.conf /etc/apache2/sites-available/re2o.conf
        apt-get -y install certbot
        apt-get -y install python-certbot-apache
        certbot certonly --rsa-key-size 4096 --apache -d $url_server
        sed -i 's/LE_PATH/'"$url_server"'/g' /etc/apache2/sites-available/re2o.conf
    else
        cp install_utils/apache2/re2o.conf /etc/apache2/sites-available/re2o.conf
    fi
    rm /etc/apache2/sites-enabled/000-default.conf
    sed -i 's|URL_SERVER|'"$url_server"'|g' /etc/apache2/sites-available/re2o.conf
    current_path=$(pwd)
    sed -i 's|PATH|'"$current_path"'|g' /etc/apache2/sites-available/re2o.conf
    a2ensite re2o
    service apache2 reload
442
else
443 444 445 446 447 448 449
    TITLE="Web server setup"
    MSGBOX="Nginx non supporté, vous devrez installer manuellement"
    web_server=$(dialog --clear \
                  --title "$TITLE" \
                  --msgbox "$MSGBOX" \
                  $HEIGHT $WIDTH \
                  2>&1 >/dev/tty)
450
fi
Gabriel Detraz's avatar
Gabriel Detraz committed
451

452 453
python3 manage.py createsuperuser

454 455 456 457 458 459




TITLE="End of the setup"
MSGBOX="You can now visit $url_server and connect with the credentials you just entered. This user hhas the superuser rights, meaning he can access and do everything."
460
end=$(dialog --clear \
461
	--title "$TITLE" \
462 463 464
        --msgbox "Vous pouvez à présent vous rendre sur $url_server, et vous connecter. Votre utilisateur dispose des privilèges superuser" \
	$HEIGHT $WIDTH \
	2>&1 >/dev/tty)
465 466
}

467

468
main_function() {
469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484
    if [ ! -z "$1" ]
    then
        if [ $1 == ldap ]
        then
            if [ ! -z "$2" ]
            then
                echo Installation du ldap
                setup_ldap $2 $3
            else
                echo Arguments invalides !
                exit
            fi
        fi
    else
        install_re2o_server
    fi
485 486 487
}

main_function $1 $2 $3