diff --git a/manifests/app_type.pp b/manifests/app_type.pp index 698a311..5e8f6a2 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -15,7 +15,6 @@ define sunetdrive::app_type ( # The config used $config = $override_config # Other settings - $admin_password = $config[ 'admin_password' ] $dbhost = $config[ 'dbhost' ] $dbname = $config[ 'dbname' ] $dbuser = $config[ 'dbuser' ] @@ -31,7 +30,6 @@ define sunetdrive::app_type ( $config = hiera_hash($environment) $skeletondirectory = $config['skeletondirectory'] # Other settings - $admin_password = safe_hiera('admin_password') $dbhost = 'proxysql_proxysql_1' $dbname = 'nextcloud' $dbuser = 'nextcloud' @@ -143,6 +141,14 @@ define sunetdrive::app_type ( content => template('sunetdrive/application/upgrade23-25.erb.sh'), mode => '0744', } + file { '/usr/local/bin/remount_user_bucket_as_project.sh': + ensure => present, + force => true, + owner => 'root', + group => 'root', + content => template('sunetdrive/application/remount_user_bucket_as_project.sh'), + mode => '0744', + } file { '/opt/rotate/conf.d/nextcloud.conf': ensure => file, force => true, diff --git a/templates/application/complete_reinstall.erb.sh b/templates/application/complete_reinstall.erb.sh index ec43c88..18914b1 100644 --- a/templates/application/complete_reinstall.erb.sh +++ b/templates/application/complete_reinstall.erb.sh @@ -3,7 +3,6 @@ config_php='/var/www/html/config/config.php' dbhost="<%= @dbhost %>" mysql_user_password="<%= @mysql_user_password %>" -admin_password="<%= @admin_password %>" location="<%= @location %>" bucket="<%= @s3_bucket %>" @@ -14,6 +13,9 @@ if [[ "${user_input}" == "IKnowWhatIAmDoing" ]]; then echo "WARNING: This will delete everything in the database and reinstall Nextcloud." echo "You have 10 seconds to abort by hitting CTRL/C" sleep 10s + echo "Setting temp admin password" + apt update && apt install -y apg + admin_password="$(apg -m 40 | head -1)" echo "Ok, proceeding." echo "Dropping database in 3 seconds" sleep 3s @@ -48,6 +50,11 @@ EOF instanceid=$(grep -E "^ 'instanceid'" ${config_php} | awk -F "'" '{print $4}') secret=$(grep -E "^ 'secret'" ${config_php} | awk -F "'" '{print $4}') passwordsalt=$(grep -E "^ 'passwordsalt'" ${config_php} | awk -F "'" '{print $4}') + echo "Now delete the admin user:" + echo " occ user:delete admin" + echo "and then create a new admin user:" + echo " /usr/local/bin/add_admin_user " + echo "" echo "Please use edit-secrets to add these variables to all Nextcloud servers:" echo "instanceid: DEC::PKCS7[${instanceid}]!" echo "secret: DEC::PKCS7[${secret}]!" diff --git a/templates/application/docker-compose_nextcloud.yml.erb b/templates/application/docker-compose_nextcloud.yml.erb index 0936df0..6ca5473 100644 --- a/templates/application/docker-compose_nextcloud.yml.erb +++ b/templates/application/docker-compose_nextcloud.yml.erb @@ -9,8 +9,6 @@ services: <%- if @hostnet -%> network_mode: host <%- end -%> - environment: - - NC_PASS=<%= @admin_password%> volumes: - /opt/nextcloud/000-default.conf:/etc/apache2/sites-enabled/000-default.conf - /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf diff --git a/templates/application/remount_user_bucket_as_project.sh b/templates/application/remount_user_bucket_as_project.sh new file mode 100755 index 0000000..797cd74 --- /dev/null +++ b/templates/application/remount_user_bucket_as_project.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +mountid="${1}" +user="${2}" +container="${3}" +if [[ -z ${mountid} ]] || [[ -z ${user} ]]; then + echo "We need a valid mount id and user to proceed" + echo "Usage: ${0} []" + exit +fi + +if [[ -z ${container} ]]; then + container="nextcloud_app_1" +fi + +occ="/usr/local/bin/occ" +function get_config { + ${occ} files_external:config ${mountid} ${1} | tr -d '\n\t\r' +} + +echo "Gathering information, hang tight." + +echo -n "." +bucket="$(get_config bucket)" +echo -n "." +hostname="$(get_config hostname)" +echo -n "." +key="$(get_config key)" +echo -n "." +region="$(get_config region)" +echo -n "." +secret="$(get_config secret)" +jsonfile="/tmp/${user}-user-bucket.json" +mount_point="${user/@/-}" +mount_point="${mount_point/./-}-user-bucket" + +echo "This will remount the user bucket with mountid ${mountid} for ${user} as project bucket with mountpoint ${mount_point}." +read -r -p "Press enter to continue" + +echo ' +[ + { + "mount_point": "\/'${mount_point}'", + "storage": "\\OCA\\Files_External\\Lib\\Storage\\AmazonS3", + "authentication_type": "amazons3::accesskey", + "configuration": { + "bucket": "'${bucket}'", + "hostname": "'${hostname}'", + "key": "'${key}'", + "legacy_auth": false, + "port": "443", + "region": "'${region}'", + "secret": "'${secret}'", + "storageClass": "", + "useMultipartCopy": false, + "use_path_style": true, + "use_ssl": true + }, + "options": { + "encrypt": true, + "previews": true, + "enable_sharing": true, + "filesystem_check_changes": 0, + "encoding_compatibility": false, + "readonly": false + }, + "applicable_users": [ + ], + "applicable_groups": ["admin"] + } +] +' > "${jsonfile}" + + +docker cp ${jsonfile} ${container}:/${jsonfile} +${occ} files_external:import /${jsonfile} +docker exec ${container} rm /${jsonfile} +rm ${jsonfile} +${occ} files_external:delete ${mountid} diff --git a/templates/mariadb_backup/check_replication.erb b/templates/mariadb_backup/check_replication.erb index f133caa..8d4eab6 100755 --- a/templates/mariadb_backup/check_replication.erb +++ b/templates/mariadb_backup/check_replication.erb @@ -1,6 +1,6 @@ #!/bin/bash -result="$(docker exec mariadb_backup_mariadb_backup_1 mysql -p<%= @mysql_root_password %> -BN -e 'show status like "slave_running"')" +result="$(docker exec -u root mariadb_backup_mariadb_backup_1 mysql -p<%= @mysql_root_password %> -BN -e 'show status like "slave_running"')" if [[ "${result}" == "Slave_running ON" ]]; then echo "OK: Replica running" exit 0 diff --git a/templates/multinode/complete_reinstall.erb.sh b/templates/multinode/complete_reinstall.erb.sh index e448a0f..3e35175 100644 --- a/templates/multinode/complete_reinstall.erb.sh +++ b/templates/multinode/complete_reinstall.erb.sh @@ -3,10 +3,12 @@ config_php='/var/www/html/config/config.php' dbhost="<%= @dbhost %>" mysql_user_password="<%= @mysql_user_password %>" -admin_password="<%= @admin_password %>" location="<%= @location %>" bucket="<%= @s3_bucket %>" customer="<%= @customer %>" +echo "Setting temp admin password" +apt update && apt install -y apg +admin_password="$(apg -m 40 | head -1)" /usr/bin/mysql -e "drop database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1 /usr/bin/mysql -e "create database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1 @@ -35,6 +37,11 @@ EOF instanceid=$(grep -E "^ 'instanceid'" ${config_php} | awk -F "'" '{print $4}') secret=$(grep -E "^ 'secret'" ${config_php} | awk -F "'" '{print $4}') passwordsalt=$(grep -E "^ 'passwordsalt'" ${config_php} | awk -F "'" '{print $4}') +echo "Now delete the admin user:" +echo " occ user:delete admin" +echo "and then create a new admin user:" +echo " /usr/local/bin/add_admin_user " +echo "" echo "${customer}_instanceid: DEC::PKCS7[${instanceid}]!" echo "${customer}_secret: DEC::PKCS7[${secret}]!" echo "${customer}_passwordsalt: DEC::PKCS7[${passwordsalt}]!" diff --git a/templates/multinode/docker-compose_nextcloud.yml.erb b/templates/multinode/docker-compose_nextcloud.yml.erb index 8008cb7..b536672 100644 --- a/templates/multinode/docker-compose_nextcloud.yml.erb +++ b/templates/multinode/docker-compose_nextcloud.yml.erb @@ -15,8 +15,7 @@ services: - <%= @nextcloud_log_path %>:/var/www/html/data/nextcloud.log - <%= @audit_log_path %>:/var/www/html/data/audit.log - <%= @rclone_conf_path %>:/rclone.conf - environment: - - NC_PASS=<%= @admin_password%> + networks: - default - proxysql_proxysql