testing environment setting

files/scriptreciver/sysctl-d-gofasta.conf

@@ -1,6 +0,0 @@
-net.core.rmem_max=67108864
-net.core.wmem_max=67108864
-net.ipv4.tcp_rmem=4096 87380 33554432
-net.ipv4.tcp_wmem=4096 87380 33554432
-net.core.default_qdisc=fq
-net.ipv4.tcp_congestion_control=bbr

functions/get_customer.pp

@@ -2,7 +2,13 @@
 function sunetdrive::get_customer() >> String {
   $hostnameparts = split($facts['networking']['fqdn'],'\.')
   if $hostnameparts[1] ==  'drive' {
+      if $hostnameparts[0] =~ /^gss/ {
+        return 'gss'
+      } elsif $hostnameparts[0] =~ /^lookup/ {
+        return 'lookup'
+      } else {
         return 'common'
+      }
   } elsif $hostnameparts[0] =~ /idp-proxy/ {
     return 'common'
   }

manifests/app_type.pp

@@ -66,11 +66,15 @@ define sunetdrive::app_type (
 
   # These are encrypted values from local.eyaml
 
+  $gss_jwt_key = safe_hiera('gss_jwt_key')
   $smtppassword = safe_hiera('smtp_password')
 
   #These are global values from common.yaml
   $gs_enabled = hiera('gs_enabled')
   $gs_federation = hiera('gs_federation')
+  $gss_master_admin = hiera_array('gss_master_admin')
+  $gss_master_url = hiera("gss_master_url_${environment}")
+  $lookup_server = hiera("lookup_server_${environment}")
   $mail_domain = hiera("mail_domain_${environment}")
   $mail_smtphost = hiera("mail_smtphost_${environment}")
   $mail_from_address = hiera("mail_from_address_${environment}")
@@ -78,6 +82,9 @@ define sunetdrive::app_type (
   $smtpuser = hiera("smtp_user_${environment}")
   $tug_office = hiera_array('tug_office')
 
+  # This is a global value from common.yaml but overridden in the gss-servers local.yaml
+  $gss_mode = hiera('gss_mode')
+
   # These are global values from common.yaml but can be overridden in group.yaml
   $drive_email_template_text_left = $config['drive_email_template_text_left']
   $drive_email_template_plain_text_left = $config['drive_email_template_plain_text_left']
@@ -93,48 +100,6 @@ define sunetdrive::app_type (
   unless $is_multinode{
     user { 'www-data': ensure => present, system => true }
 
-    file { '/usr/local/bin/get_containers':
-      ensure  => present,
-      force   => true,
-      owner   => 'root',
-      group   => 'root',
-      content => template('sunetdrive/application/get_containers'),
-      mode    => '0744',
-    }
-    if ($nodenumber == 3) {
-      file { '/usr/lib/nagios/plugins/check_nextcloud_mounts.py':
-        ensure  => present,
-        owner   => 'root',
-        group   => 'root',
-        content => template('sunetdrive/application/check_nextcloud_mounts.py'),
-        mode    => '0744',
-      }
-      sunet::sudoer {'nagios_run_nextcloud_mounts_command':
-        user_name    => 'nagios',
-        collection   => 'nrpe_nextcloud_mounts_check',
-        command_line => '/usr/lib/nagios/plugins/check_nextcloud_mounts.py'
-      }
-      sunet::nagios::nrpe_command {'check_nextcloud_mounts':
-        command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_nextcloud_mounts.py'
-      }
-    }
-    if ($nodenumber == 3) {
-      file { '/usr/local/bin/scan_external_mounts':
-        ensure  => present,
-        force   => true,
-        owner   => 'root',
-        group   => 'root',
-        content => template('sunetdrive/application/scan_external_mounts.sh'),
-        mode    => '0744',
-      }
-      sunet::scriptherder::cronjob { 'scriptherder_scan_external_mounts':
-        cmd           => '/usr/local/bin/scan_external_mounts',
-        hour          => '1',
-        minute        => '20',
-        ok_criteria   => ['exit_status=0','max_age=2d'],
-        warn_criteria => ['exit_status=1','max_age=3d'],
-      }
-    }
     file { '/opt/nextcloud/cron.sh':
       ensure  => file,
       owner   => 'root',
@@ -148,22 +113,16 @@ define sunetdrive::app_type (
       minute  => '*/5',
     }
     file { '/opt/nextcloud/user-sync.sh':
-      ensure  => absent,
-    }
-    file { '/usr/local/bin/nocc':
-      ensure  => present,
-      force   => true,
-      owner   => 'root',
-      group   => 'root',
-      content => template('sunetdrive/application/nocc.erb'),
-      mode    => '0740',
-    }
-    file { '/etc/sudoers.d/99-nocc':
       ensure  => file,
-      content => "script ALL=(root) NOPASSWD: /usr/local/bin/nocc\n",
-      mode    => '0440',
       owner   => 'root',
       group   => 'root',
+      mode    => '0700',
+      content => template('sunetdrive/application/user-sync.erb.sh'),
+    }
+    -> cron { 'gss_user_sync':
+      command => '/opt/nextcloud/user-sync.sh',
+      user    => 'root',
+      minute  => '*/5',
     }
     file { '/usr/local/bin/occ':
       ensure  => present,
@@ -355,7 +314,23 @@ define sunetdrive::app_type (
       mode    => '0744',
     }
   }
-  if $location =~ /^kau/ {
+  if $location =~ /^gss-test/ {
+    file { '/opt/nextcloud/mappingfile.json':
+      ensure  => present,
+      owner   => 'www-data',
+      group   => 'root',
+      content => template('sunetdrive/application/mappingfile-test.json.erb'),
+      mode    => '0644',
+    }
+  } elsif $location =~ /^gss/ {
+    file { '/opt/nextcloud/mappingfile.json':
+      ensure  => present,
+      owner   => 'www-data',
+      group   => 'root',
+      content => template('sunetdrive/application/mappingfile-prod.json.erb'),
+      mode    => '0644',
+    }
+  } elsif $location =~ /^kau/ {
     file { '/mnt':
       ensure => directory,
       owner  => 'www-data',
@@ -405,4 +380,5 @@ define sunetdrive::app_type (
       }
     }
   }
+
 }

manifests/db_type.pp

@@ -15,7 +15,6 @@ define sunetdrive::db_type(
   $backup_password = safe_hiera('backup_password')
   $proxysql_password = safe_hiera('proxysql_password')
   $mysql_user_password = safe_hiera('mysql_user_password')
-  $roundcube_password = safe_hiera('roundcube_password')
   $mariadb_dir = '/etc/mariadb'
   $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb'
   $server_id = 1000 + Integer($facts['networking']['hostname'][-1])
@@ -34,10 +33,8 @@ define sunetdrive::db_type(
   $ports = [3306, 4444, 4567, 4568]
   if $location =~ /^multinode/ {
     $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['kube'] + $config['kube_v6']
-  } elsif $location == 'sunet-prod' {
+  } elsif $location == 'sunet-test' or $location == 'sunet-prod' {
-    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['imap'] + $config['imap_v6'] + $config['smtp'] + $config['smtp_v6'] + $config['webmail'] + $config['webmail_v6']
+    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['imap'] + $config['imap_v6'] + $config['smtp'] + $config['smtp_v6']
-  } elsif $location == 'sunet-test' {
-    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['imap'] + $config['imap_v6'] + $config['smtp'] + $config['smtp_v6'] + $config['webmail'] + $config['webmail_v6'] + $config['calendar'] + $config['calendar_v6']
   } else {
     $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6
   }
@@ -49,7 +46,11 @@ define sunetdrive::db_type(
   sunet::system_user {'mysql': username => 'mysql', group => 'mysql' }
 
 
-  $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql', '05-roundcube.sql']
+  if $location =~ /^lookup/ {
+    $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '05-lookup.sql']
+  } else {
+    $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql']
+  }
   $sql_files.each |$sql_file|{
     file { "${mariadb_dir}/init/${sql_file}":
       ensure  => present,

manifests/infra_script.pp

@@ -6,6 +6,8 @@ class sunetdrive::infra_script (
   $environment = sunetdrive::get_environment()
   $customer = 'common'
   $config = hiera_hash($environment)
+  $gss_backup_server  = $config['gss_backup_server']
+  $lookup_backup_server  = $config['lookup_backup_server']
   $ssh_config = "Host *.sunet.se
   User script
   IdentityFile /root/.ssh/id_script"
@@ -57,16 +59,14 @@ class sunetdrive::infra_script (
     mode    => '0700',
   }
   sunet::scriptherder::cronjob { 'backupgssdb':
-    ensure        => 'absent',
+    cmd           => "/root/tasks/backupdb.sh ${gss_backup_server}",
-    cmd           => 'true',
     hour          => '2',
     minute        => '0',
     ok_criteria   => ['exit_status=0','max_age=2d'],
     warn_criteria => ['exit_status=1','max_age=3d'],
   }
   sunet::scriptherder::cronjob { 'backuplookupdb':
-    ensure        => 'absent',
+    cmd           => "/root/tasks/backupdb.sh ${lookup_backup_server}",
-    cmd           => 'true',
     hour          => '2',
     minute        => '0',
     ok_criteria   => ['exit_status=0','max_age=2d'],

manifests/lookup.pp

@@ -0,0 +1,47 @@
+#Class for SUNET-Drive-Lookup-Server
+class sunetdrive::lookup (
+  $bootstrap = undef,
+  $location  = undef
+) {
+
+  $environment = sunetdrive::get_environment()
+  $config = lookup($environment, undef, undef, undef)
+
+  $public_url = "https://${config['site_name']}"
+
+
+  # Firewall settings
+  $nextcloud_ip = hiera_array("${location}_app", [])
+  $tug_office = hiera_array('tug_office')
+
+  $dbhost = '127.0.0.1'
+  $gss_jwt_key = safe_hiera('gss_jwt_key')
+  $replication_auth = safe_hiera('replication_auth')
+  $mysql_user_password = safe_hiera('mysql_user_password')
+  $lookup_version = hiera("lookup_version_${environment}")
+  $email_sender = $config['email_sender']
+
+  #Create users
+  user { 'www-data': ensure => present, system => true }
+
+  file { '/opt/lookup/config.php':
+    ensure  => file,
+    owner   => 'www-data',
+    group   => 'root',
+    content => template('sunetdrive/lookup/config.php.erb'),
+    mode    => '0644',
+  }
+
+  sunet::docker_compose { 'drive_lookup_docker_compose':
+    content          => template('sunetdrive/lookup/docker-compose_lookup.yml.erb'),
+    service_name     => 'lookup',
+    compose_dir      => '/opt/',
+    compose_filename => 'docker-compose.yml',
+    description      => 'Lookup server',
+  }
+
+  sunet::misc::ufw_allow { 'https':
+    from => '0.0.0.0/0',
+    port => 443,
+  }
+}

manifests/multinode.pp

@@ -14,6 +14,8 @@ class sunetdrive::multinode (
   $db_ip = hiera_hash($environment)['db']
   $admin_password = hiera('admin_password')
   $cluster_admin_password = hiera('cluster_admin_password')
+  # This is a global value from common.yaml but overridden in the gss-servers local.yaml
+  $gss_mode = hiera('gss_mode')
 
   $twofactor_enforced_groups = []
   $twofactor_enforced_excluded_groups = []
@@ -38,59 +40,6 @@ class sunetdrive::multinode (
   user { 'www-data': ensure => present, system => true }
   sunet::system_user {'mysql': username => 'mysql', group => 'mysql' }
   ensure_resource('file', '/opt/nextcloud' , { ensure => directory, recurse => true } )
-  file { '/usr/local/bin/get_containers':
-    ensure  => present,
-    force   => true,
-    owner   => 'root',
-    group   => 'root',
-    content => template('sunetdrive/application/get_containers'),
-    mode    => '0744',
-  }
-  file { '/usr/lib/nagios/plugins/check_nextcloud_mounts.py':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    content => template('sunetdrive/application/check_nextcloud_mounts.py'),
-    mode    => '0744',
-  }
-  sunet::sudoer {'nagios_run_nextcloud_mounts_command':
-    user_name    => 'nagios',
-    collection   => 'nrpe_nextcloud_mounts_check',
-    command_line => '/usr/lib/nagios/plugins/check_nextcloud_mounts.py'
-  }
-  sunet::nagios::nrpe_command {'check_nextcloud_mounts':
-    command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_nextcloud_mounts.py'
-  }
-  file { '/usr/local/bin/scan_external_mounts':
-    ensure  => present,
-    force   => true,
-    owner   => 'root',
-    group   => 'root',
-    content => template('sunetdrive/application/scan_external_mounts.sh'),
-    mode    => '0744',
-  }
-  sunet::scriptherder::cronjob { 'scriptherder_scan_external_mounts':
-    cmd           => '/usr/local/bin/scan_external_mounts',
-    hour          => '1',
-    minute        => '20',
-    ok_criteria   => ['exit_status=0','max_age=2d'],
-    warn_criteria => ['exit_status=1','max_age=3d'],
-  }
-  file { '/usr/local/bin/nocc':
-    ensure  => present,
-    force   => true,
-    owner   => 'root',
-    group   => 'root',
-    content => template('sunetdrive/application/nocc.erb'),
-    mode    => '0740',
-  }
-  file { '/etc/sudoers.d/99-nocc':
-    ensure  => file,
-    content => "script ALL=(root) NOPASSWD: /usr/local/bin/nocc\n",
-    mode    => '0440',
-    owner   => 'root',
-    group   => 'root',
-  }
   file { '/usr/local/bin/occ':
     ensure  => present,
     force   => true,
@@ -125,6 +74,14 @@ class sunetdrive::multinode (
     content => template('sunetdrive/multinode/get_non_paying_customers.erb.sh'),
     mode    => '0744',
   }
+  file { '/usr/local/bin/get_containers':
+    ensure  => present,
+    force   => true,
+    owner   => 'root',
+    group   => 'root',
+    content => template('sunetdrive/multinode/get_containers'),
+    mode    => '0744',
+  }
   file { '/usr/local/bin/restart_and_prune':
     ensure  => present,
     force   => true,
@@ -256,7 +213,7 @@ MACAddressPolicy=none'
   }
 #  if $nodenumber == '2' {
 #    cron { 'add_back_bucket_for_karin_nordgren':
-#      command => '(/usr/local/bin/occ nextcloud-kmh-app-1 files_external:list karin_nordgren@kmh.se  &&  /home/script/bin/create_bucket.sh nextcloud-kmh-app-1 karin_nordgren@kmh.se karin-nordgren-drive-sunet-se) || /bin/true',
+#      command => '(/usr/local/bin/occ nextcloud-kmh_app_1 files_external:list karin_nordgren@kmh.se  &&  /home/script/bin/create_bucket.sh nextcloud-kmh_app_1 karin_nordgren@kmh.se karin-nordgren-drive-sunet-se) || /bin/true',
 #      user    => 'root',
 #      minute  =>  '*/10',
 #    }
@@ -265,7 +222,7 @@ MACAddressPolicy=none'
     $customer_config_full = hiera_hash($customer)
     $customer_config = $customer_config_full[$environment]
     cron { "multinode_cron_${customer}":
-      command => "/opt/nextcloud/cron.sh nextcloud-${customer}-app-1",
+      command => "/opt/nextcloud/cron.sh nextcloud-${customer}_app_1",
       require => File['/opt/nextcloud/cron.sh'],
       user    => 'root',
       minute  =>  '*/10',
@@ -299,7 +256,10 @@ MACAddressPolicy=none'
 
     $gs_enabled = hiera('gs_enabled')
     $gs_federation = hiera('gs_federation')
+    $gss_master_admin = hiera_array('gss_master_admin')
+    $gss_master_url = hiera("gss_master_url_${environment}")
     $https_port = hiera_hash('multinode_mapping')[$customer]['port']
+    $lookup_server = hiera("lookup_server_${environment}")
     $mail_domain = hiera("mail_domain_${environment}")
     $mail_from_address = hiera("mail_from_address_${environment}")
     $mail_smtphost = hiera("mail_smtphost_${environment}")
@@ -352,6 +312,7 @@ MACAddressPolicy=none'
     $secret = safe_hiera("${customer}_secret")
     $passwordsalt= safe_hiera("${customer}_passwordsalt")
     $redis_host_password = safe_hiera("${customer}_redis_host_password")
+    $gss_jwt_key = safe_hiera('gss_jwt_key')
     $smtppassword = safe_hiera('smtp_password')
 
     $extra_config = {

manifests/multinode_db.pp

@@ -41,10 +41,7 @@ class sunetdrive::multinode_db(){
         group   => 'root',
         mode    => '0600',
       }
-      file { '/root/tasks/':
+      file { '/root/tasks/listusersbydep.sh':
-        ensure  => directory,
-      }
-      -> file { '/root/tasks/listusersbydep.sh':
         ensure  => file,
         content => template('sunetdrive/mariadb/listusersdep.sh.erb'),
         owner   => 'root',
@@ -58,10 +55,7 @@ class sunetdrive::multinode_db(){
         group   => 'root',
         mode    => '0700',
       }
-      file {'/opt/mariadb/statistics/':
+      file {'/opt/mariadb/statistics/custdata.json':
-        ensure      => directory,
-      }
-      -> file {'/opt/mariadb/statistics/custdata.json':
         ensure      => file,
         content     => template('sunetdrive/mariadb/custconfig.json.erb'),
         owner       => 'root',

manifests/script.pp

@@ -254,11 +254,8 @@ class sunetdrive::script (
     group   => 'root',
     mode    => '0700',
   }
-  file_line { 'FIXME_remove_when_s3_migration_done_in_sto3':
+  file { '/root/tasks/backupsinglenodedb.sh':
-    ensure => 'present',
+    ensure  => absent,
-    line   => '37.156.195.53 s3.sto3.safedc.net',
-    path   => '/etc/hosts',
-    match  => '^37.156.195.53',
   }
   if $environment == 'test' {
     sunet::scriptherder::cronjob { 'reboot-customer':
@@ -391,7 +388,7 @@ class sunetdrive::script (
     $singlenodes.each | $singlenode| {
       $multinode = hiera_hash('multinode_mapping')[$singlenode]['server']
       $multinodeserver = "${multinode}.${site_name}"
-      $nccontainer = "nextcloud-${singlenode}-app-1"
+      $nccontainer = "nextcloud-${singlenode}_app_1"
 
       sunet::scriptherder::cronjob { "backup${singlenode}db":
         ensure => absent,
@@ -421,17 +418,17 @@ class sunetdrive::script (
         }
       }
     }
+    $gss_backup_server  = $config['gss_backup_server']
+    $lookup_backup_server  = $config['lookup_backup_server']
     sunet::scriptherder::cronjob { 'backupgssdb':
-      ensure        => 'absent',
+      cmd           => "/root/tasks/backupdb.sh ${gss_backup_server}",
-      cmd           => 'true',
       hour          => '2',
       minute        => '0',
       ok_criteria   => ['exit_status=0','max_age=2d'],
       warn_criteria => ['exit_status=1','max_age=3d'],
     }
     sunet::scriptherder::cronjob { 'backuplookupdb':
-      ensure        => 'absent',
+      cmd           => "/root/tasks/backupdb.sh ${lookup_backup_server}",
-      cmd           => 'true',
       hour          => '2',
       minute        => '0',
       ok_criteria   => ['exit_status=0','max_age=2d'],
@@ -491,6 +488,7 @@ class sunetdrive::script (
   }
   sunet::scriptherder::cronjob { 'backupbuckets':
     cmd           => '/root/tasks/backupbuckets.sh',
+    environment   => ['RICHIR_TEST=true', 'OTHER_RICHIR=false'],
     hour          => '2',
     minute        => '0',
     ok_criteria   => ['exit_status=0','max_age=2d'],

manifests/scriptreceiver.pp

@@ -5,19 +5,7 @@ class sunetdrive::scriptreceiver()
   sunet::system_user {'script': username => 'script', group => 'script', managehome => true, shell => '/bin/bash' }
 
   # These tasks correspond to a ${task}.erb.sh template
-  $tasks = [
+  $tasks = ['list_users', 'list_files_for_user', 'create_bucket', 'backup_db', 'purge_backups', 'maintenancemode', 'restart_sunet_service', 'start_sentinel', 'stop_sentinel', 'removeswap', 'backup_multinode_db']
-    'list_users',
-    'list_files_for_user',
-    'create_bucket',
-    'backup_db',
-    'purge_backups',
-    'maintenancemode',
-    'restart_sunet_service',
-    'start_sentinel',
-    'stop_sentinel',
-    'removeswap',
-    'backup_multinode_db'
-  ]
 
   $environment = sunetdrive::get_environment()
   $config = hiera_hash($environment)
@@ -47,9 +35,7 @@ class sunetdrive::scriptreceiver()
     type   => 'ssh-ed25519',
     key    => $script_pub_key,
   }
-  file { '/etc/sysctl.d/gofasta.conf':
+
-    ensure  => 'absent',
-  }
   file { '/opt/rotate':
     ensure => directory,
     mode   => '0750',

manifests/sitemonitornaemon.pp

@@ -11,9 +11,6 @@ class sunetdrive::sitemonitornaemon() {
   $environment = sunetdrive::get_environment()
   $influx_passwd = safe_hiera('influx_passwd')
   $slack_url = safe_hiera('slack_url')
-  $extra_host_groups = {
-    node3_hosts => join($facts['configured_hosts_in_cosmos']['all'].filter |$host| { $host =~ /^node3\./ }, ',')
-  }
 
   file { '/usr/local/bin/slack_nagios.sh':
     ensure  => present,
@@ -48,14 +45,9 @@ class sunetdrive::sitemonitornaemon() {
     content => template('sunetdrive/monitor/sunetdrive_thruk_templates.conf.erb'),
     mode    => '0644',
   }
-  file { '/etc/naemon/conf.d/sunetdrive_extra_hostgroups.cfg':
-    ensure  => present,
-    content => template('sunetdrive/monitor/sunetdrive_extra_hostgroups.cfg.erb'),
-    mode    => '0644',
-  }
   nagioscfg::service {'check_scriptherder':
     hostgroup_name => ['sunetdrive::nrpe'],
-    check_command  => 'check_nrpe_1arg_to300!check_scriptherder',
+    check_command  => 'check_nrpe_1arg_to30!check_scriptherder',
     description    => 'Scriptherder Status',
     contact_groups => ['naemon-admins'],
   }
@@ -107,12 +99,6 @@ class sunetdrive::sitemonitornaemon() {
     description    => 'Status of sarimner interface',
     contact_groups => ['alerts']
   }
-  nagioscfg::service {'check_nextcloud_mounts':
-    hostgroup_name => ['node3_hosts','sunetdrive::multinode'],
-    check_command  => 'check_nrpe_1arg!check_nextcloud_mounts',
-    description    => 'S3 buckets with multiple Nextcloud mounts',
-    contact_groups => ['alerts']
-  }
 
 }
 

templates/application/check_nextcloud_mounts.py

@@ -1,42 +0,0 @@
-#!/usr/bin/env python3
-
-from collections import Counter
-import json
-import shlex
-import subprocess
-import sys
-
-exit = 0
-base_message = "OK: no duplicate mounts"
-long_message = ""
-
-get_containers = subprocess.Popen('/usr/local/bin/get_containers', stdout=subprocess.PIPE).stdout.read()
-containers = get_containers.decode().splitlines()
-
-for i, container in enumerate(containers, start=1):
-    buckets = []
-    list_command = f"/usr/local/bin/nocc {container} files_external:list --all --show-password --output json"
-    command = shlex.split(list_command)
-    mount_data_byte = subprocess.Popen(command, stdout=subprocess.PIPE).stdout.read()
-    try:
-        mount_data = json.loads(mount_data_byte.decode())
-    except json.decoder.JSONDecodeError as err:
-        if i == 1 or i != len(containers):
-            base_message = "WARNING: invalid json"
-        long_message +=  f"\ncontainer: {container} - json decode error: {err}"
-#        lets do exit 0 for now
-#        exit = 1
-        continue
-    for items in mount_data:
-        buckets.append(items["configuration"]["bucket"])
-    bucket_count = dict(Counter(buckets))
-    for k, v in bucket_count.items():
-        if v > 1:
-            base_message = "WARNING: buckets with multiple mounts"
-            long_message += f"\ncontainer: {container} - bucket: {k} - {v}"
-#            lets do exit 0 for now
-#            exit = 1
-print(base_message)
-if long_message != "":
-    print(long_message.lstrip())
-sys.exit(exit)

templates/application/config.php.erb

@@ -1,5 +1,10 @@
 <?php
 $CONFIG = array (
+  'app_install_overwrite' =>
+  array (
+    0 => 'globalsiteselector',
+  ),
+
   'apps_paths' =>
   array (
     0 =>
@@ -16,7 +21,6 @@ $CONFIG = array (
     ),
   ),
   'appstoreenabled' => false,
-  'auth.bruteforce.protection.enabled' => false,
   'config_is_read_only' => true,
   'csrf.disabled' => true,
   'datadirectory' => '/var/www/html/data',
@@ -44,12 +48,28 @@ $CONFIG = array (
   'gs.enabled' => '<%= @gs_enabled %>',
   'gs.federation' => '<%= @gs_federation %>',
   'gs.trustedHosts' => ['*.sunet.se'],
-  'htaccess.RewriteBase' => '/',
+  'gss.discovery.manual.mapping.file' => '/var/www/html/mappingfile.json',
+  'gss.discovery.manual.mapping.parameter' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
+  'gss.discovery.manual.mapping.regex' => true,
+  'gss.jwt.key' => '<%= @gss_jwt_key %>',
+  'gss.master.admin' =>
+   array (
+  <%- index = 0 -%>
+  <%- @gss_master_admin.each do |item| -%>
+    <%= index %> => '<%= item %>',
+    <%- index += 1 -%>
+  <%- end -%>
+  ),
+  'gss.master.url' => '<%= @gss_master_url %>',
+  'gss.mode' => '<%= @gss_mode %>',
+  'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping',
+  'gss.username_format' => 'sanitize',
   'installed' => true,
   'instanceid' => '<%= @instanceid %>',
   'integrity.check.disabled' => true,
   'log_type' => 'file',
   'loglevel' => 1,
+  'lookup_server' => '<%= @lookup_server %>',
   'mail_domain' => '<%= @mail_domain %>',
   'mail_from_address' => '<%= @mail_from_address %>',
   'mail_sendmailmode' => 'smtp',
@@ -77,7 +97,7 @@ $CONFIG = array (
       'region' => 'us-east-1',
       'hostname' => '<%= @s3_host %>',
       'port' => '',
-      'useMultipartCopy' => true,
+      'useMultipartCopy' => false,
       'objectPrefix' => 'urn:oid:',
       'autocreate' => false,
       'use_ssl' => true,
@@ -85,11 +105,47 @@ $CONFIG = array (
       'legacy_auth' => false,
     ),
   ),
-  'overwrite.cli.url' => 'https://<%= @site_name %>/',
+  'overwrite.cli.url' => 'https://<%= @site_name %>',
   'overwritehost' => '<%= @site_name %>',
   'overwriteprotocol' => 'https',
   'passwordsalt' => '<%= @passwordsalt %>',
-<% if @environment == 'test' && ! @is_multinode -%>
+<% if @location == 'gss-test' -%>
+  'redis.cluster' => [
+    'failover_mode' => \RedisCluster::FAILOVER_ERROR,
+    'password' => '<%= @redis_cluster_password %>',
+    'read_timeout' => 0.0,
+    'seeds' => [
+      'redis1.drive.test.sunet.se:6379',
+      'redis2.drive.test.sunet.se:6379',
+      'redis3.drive.test.sunet.se:6379',
+      'redis1.drive.test.sunet.se:6380',
+      'redis2.drive.test.sunet.se:6380',
+      'redis3.drive.test.sunet.se:6380',
+      'redis1.drive.test.sunet.se:6381',
+      'redis2.drive.test.sunet.se:6381',
+      'redis3.drive.test.sunet.se:6381'
+    ],
+    'timeout' => 1.1
+  ],
+<% elsif @location == 'gss-prod' -%>
+  'redis.cluster' => [
+    'failover_mode' => \RedisCluster::FAILOVER_ERROR,
+    'password' => '<%= @redis_cluster_password %>',
+    'read_timeout' => 0.0,
+    'seeds' => [
+      'redis1.drive.sunet.se:6379',
+      'redis2.drive.sunet.se:6379',
+      'redis3.drive.sunet.se:6379',
+      'redis1.drive.sunet.se:6380',
+      'redis2.drive.sunet.se:6380',
+      'redis3.drive.sunet.se:6380',
+      'redis1.drive.sunet.se:6381',
+      'redis2.drive.sunet.se:6381',
+      'redis3.drive.sunet.se:6381'
+    ],
+    'timeout' => 1.1
+  ],
+<% elsif @environment == 'test' && ! @is_multinode -%>
   'redis.cluster' => [
     'failover_mode' => \RedisCluster::FAILOVER_ERROR,
     'password' => '<%= @redis_cluster_password %>',
@@ -107,7 +163,7 @@ $CONFIG = array (
     ],
     'timeout' => 1.1
   ],
-<% elsif @environment == 'prod' && ! @is_multinode -%>
+<% elsif @environment == 'prod' && ! @is_multinode && @location != 'gss-prod' -%>
   'redis.cluster' => [
     'failover_mode' => \RedisCluster::FAILOVER_ERROR,
     'password' => '<%= @redis_cluster_password %>',

templates/application/docker-compose_nextcloud.yml.erb

@@ -24,6 +24,9 @@ services:
 <%- if @skeletondirectory -%>
       - /opt/nextcloud/skeleton:<%= @skeletondirectory %>
 <%- end -%>
+<%- if @location =~ /^gss/ -%>
+      - /opt/nextcloud/mappingfile.json:/var/www/html/mappingfile.json
+<%- end -%>
 <% if @location =~ /^kau/ -%>
       - /mnt:/opt/tmp/
 <%- end -%>

templates/application/nocc.erb

@@ -1,21 +0,0 @@
-#!/bin/bash
-
-if [[ "${1}" =~ ^nextcloud ]]; then
-  container=${1}
-  shift
-else
-  container="nextcloud_app_1"
-fi
-
-
-oc_list=$(env| grep 'OC_')
-if [[ "x${oc_list}" != "x" ]]; then
-        for row in $(echo "${oc_list}"); do
-                MY_VARS="${MY_VARS} -e ${row}"
-        done
-fi
-
-docker exec -i ${MY_VARS} -u www-data ${container} php --define apc.enable_cli=1 /var/www/html/occ "$@"
-exit 0
-
-

templates/application/remount_user_bucket_as_project.sh

@@ -52,7 +52,7 @@ echo '
             "region": "'${region}'",
             "secret": "'${secret}'",
             "storageClass": "",
-            "useMultipartCopy": true,
+            "useMultipartCopy": false,
             "use_path_style": true,
             "use_ssl": true
         },

templates/application/scan_external_mounts.sh

@@ -1,34 +0,0 @@
-#!/bin/bash
-
-error_ids=""
-# Only run if this is the only instance of this script running
-# note: since this script forks to run pgrep, we need -eq 2 here
-# shellcheck disable=SC2126
-if [[ $(pgrep -a -f "${0}" | grep -v scriptherder | wc -l) -eq 2 ]]; then
-	# We sleep a deterministic amount of time, which will be between 0 an 128 m and allways the same within
-	# a specific host, but will differ between hosts
-	sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk '{print $1}') / 2))m
-	errors=''
-	for container in $(/usr/local/bin/get_containers); do
-		error_ids="${error_ids} ${container}: "
-		for id in $(/usr/local/bin/nocc "${container}" files_external:list --all --output json | jq '.[].mount_id' | jq .); do
-			/usr/local/bin/nocc "${container}" files_external:scan "${id}" | grep Error
-			# shellcheck disable=SC2181
-			if [[ ${?} -eq 0 ]]; then
-				errors="${errors} ${id}"
-				error_ids="${error_ids} ${id}"
-			fi
-		done
-	done
-else
-	echo "Another instance of this script is already running, exiting"
-	pgrep -a -f "${0}" | grep -v scriptherder
-	exit 0
-fi
-
-if [[ -n "${errors}" ]]; then
-	echo "Errors found in the following mounts: ${error_ids}"
-	exit 1
-fi
-echo "No errors found"
-exit 0

templates/lookup/config.php.erb

@@ -0,0 +1,29 @@
+<?php
+$CONFIG = [
+	'AUTH_KEY' => "<%= @gss_jwt_key %>",
+	'DB' => [
+		'host' => "<%= @dbhost %>",
+		'db' => "lookup" ,
+		'user' => "lookup",
+		'pass' => "<%= @mysql_user_password %>",
+	],
+	'EMAIL_SENDER' => '<%= @email_sender %>',
+	'ERROR_VERBOSE' => false,
+	'GLOBAL_SCALE' => true,
+	'IP_BLACKLIST' => [
+	],
+	'MAX_REQUESTS' => 10000,
+	'MAX_SEARCH_PAGE' => 10,
+	'PUBLIC_URL' => '<%= @public_url %>',
+	'REPLICATION_AUTH' => '<%= @replication_auth %>',
+	'REPLICATION_HOSTS' => [
+	],
+	'SPAM_BLACKLIST' => [
+	],
+	'TWITTER' => [
+		'CONSUMER_KEY' => '',
+		'CONSUMER_SECRET' => '',
+		'ACCESS_TOKEN' => '',
+		'ACCESS_TOKEN_SECRET' => '',
+	],
+];

templates/lookup/docker-compose_lookup.yml.erb

@@ -0,0 +1,17 @@
+version: '3.2'
+
+services:
+
+  app:
+    container_name: lookup_app_1
+    image:  docker.sunet.se/drive/nextcloud-lookup:<%= @lookup_version %>
+    restart: always
+    volumes:
+      - /opt/lookup/config.php:/var/www/html/config/config.php
+    network_mode: host
+    dns:
+      - 89.46.20.75
+      - 89.46.21.29
+      - 89.32.32.32
+    command: apachectl -D FOREGROUND
+    tty: true

templates/mariadb/05-lookup.sql.erb

@@ -0,0 +1,62 @@
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+SET time_zone = "+00:00";
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+
+CREATE DATABASE IF NOT EXISTS `lookup` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+USE `lookup`;
+
+CREATE USER 'lookup'@'%' IDENTIFIED BY '<%= @mysql_user_password %>';
+GRANT ALL PRIVILEGES ON lookup.* TO 'lookup'@'%' IDENTIFIED BY '<%= @mysql_user_password %>';
+
+
+DROP TABLE IF EXISTS `emailValidation`;
+CREATE TABLE IF NOT EXISTS `emailValidation` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `storeId` int(11) NOT NULL,
+  `token` varchar(16) COLLATE utf8mb4_unicode_ci NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `token` (`token`),
+  KEY `storeId` (`storeId`)
+) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
+DROP TABLE IF EXISTS `store`;
+CREATE TABLE IF NOT EXISTS `store` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `userId` int(11) NOT NULL,
+  `k` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
+  `v` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
+  `valid` tinyint(1) NOT NULL DEFAULT '0',
+  PRIMARY KEY (`id`),
+  KEY `key` (`k`(191)),
+  KEY `value` (`v`(191)),
+  KEY `userId` (`userId`)
+) ENGINE=InnoDB AUTO_INCREMENT=51 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
+DROP TABLE IF EXISTS `users`;
+CREATE TABLE IF NOT EXISTS `users` (
+  `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
+  `federationId` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
+  `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+  PRIMARY KEY (`id`),
+  KEY `federationId` (`federationId`(191))
+) ENGINE=InnoDB AUTO_INCREMENT=15 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
+DROP TABLE IF EXISTS `toVerify`;
+CREATE TABLE IF NOT EXISTS `toVerify` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `userId` int(11) NOT NULL,
+  `storeId` int(11) NOT NULL,
+  `property` varchar(512) COLLATE utf8mb4_unicode_ci NOT NULL,
+  `location` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
+  `tries` int(11) NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

templates/mariadb/05-roundcube.sql.erb

@@ -1,3 +0,0 @@
-CREATE SCHEMA roundcubemail;
-CREATE USER 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';
-GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';

templates/monitor/sunetdrive_extra_hostgroups.cfg.erb

@@ -1,8 +0,0 @@
-<% @extra_host_groups.each do |group, members| -%>
-# <%= group %>
-define hostgroup {
-  hostgroup_name <%= group %>
-  alias <%= group %>
-  members <%= members %>
-}
-<% end -%>

templates/monitor/sunetdrive_sites.cfg.erb

@@ -131,6 +131,32 @@ define host {
 <% end -%>
   use                 monitor-site
 }
+<% if site.match('lookup') %>
+define service {
+  notes_url             https://<%= site %>
+  action_url            /grafana/dashboard/script/histou.js?host=$HOSTNAME$&service=$SERVICEDISPLAYNAME$&theme=light&annotations=true
+  check_command         check_https
+  check_interval        5
+  check_period          24x7
+<% if @environment == 'prod' %>
+  contacts              slack
+<% else -%>
+  contact_groups        naemon-admins
+<% end -%>
+  host_name             <%= site %>
+  max_check_attempts    3
+  notification_interval 60
+  notification_period   24x7
+  retry_interval        1
+  service_description   HTTPS
+<% if site.match('test') -%>
+  servicegroups         test-sites
+<% else -%>
+  servicegroups         prod-sites
+<% end -%>
+}
+<% end -%>
+<% unless site.match('lookup') %>
 define service {
   notes_url             https://<%= site %>/status.php
   action_url            /grafana/dashboard/script/histou.js?host=$HOSTNAME$&service=$SERVICEDISPLAYNAME$&theme=light&annotations=true
@@ -138,6 +164,7 @@ define service {
   check_interval        5
   check_period          24x7
 <% cur_cust = site.gsub(/\.drive.*/,'') %>
+<% cur_cust = cur_cust.gsub(/drive.*/,'gss') %>
 # 'check_nextcloud' command definition
 <% if @environment == 'prod' and not site.match('test') and @fullnodes.include?(cur_cust) %>
   contacts              slack
@@ -182,3 +209,4 @@ define service {
 <% end -%>
 }
 <% end -%>
+<% end -%>

templates/script/check_backup.erb.sh

@@ -20,7 +20,7 @@ for project in $(ls ${data_dir}); do
     if [[ "${issixmonths}" == "true" ]]; then
       number_of_full_to_keep=6
     fi
-    max_num_inc=$((50 * number_of_full_to_keep))
+    max_num_inc=$((32 * number_of_full_to_keep))
     max_num_full=$((2 * number_of_full_to_keep))
     
 		tabular_data=$(cat "${data_dir}/${project}/${bucket}.dat")

templates/script/create_folders_in_singlenode_buckets.erb.sh

@@ -5,7 +5,7 @@ shift
 include_userbuckets="${1}"
 shift
 environment="<%= @environment %>"
-container="nextcloud-${customer}-app-1"
+container="nextcloud-${customer}_app_1"
 
 yq="/usr/local/bin/yq"
 if ! [[ -x ${yq} ]]; then

templates/script/listusers.erb.sh

@@ -4,7 +4,7 @@ customer="${1}"
 multinode="${2}" 
 environment="<%= @environment %>"
 location="${customer}-${environment}"
-userjson=$(ssh -o StrictHostKeyChecking=no "script@${multinode}" "sudo /home/script/bin/list_users.sh nextcloud-${customer}-app-1")
+userjson=$(ssh "script@${multinode}" "sudo /home/script/bin/list_users.sh nextcloud-${customer}_app_1") 
 project="statistics"
 bucket="drive-server-coms"
 base_dir="${project}:${bucket}"

templates/script/maintenance.erb.sh

@@ -17,7 +17,7 @@ if [[ "${ENVIRONMENT}" == "prod" ]]; then
 fi
 if [[ "${CUSTOMER}" == "common" ]]; then
 	customer=""
-	types="multinode"
+	types="multinode gss"
 fi
 
 domain="${customer}drive.${env}sunet.se"

templates/script/makebuckets.erb.sh

@@ -43,11 +43,9 @@ for eppn in $(echo "${users}" | jq -r keys[]); do
   username=${eppn%@*}
   # Remove underscore from username
   user=${username//_/-}
-  # convert user to lower case for bucket naming rules
-  user_lower=${user,,}
 
   echo "$(date) - Check bucket status for ${eppn}"
-  bucketname="${user_lower}-${site_name//./-}"
+  bucketname="${user}-${site_name//./-}"
   if ! echo "${buckets}" | grep "${bucketname}" &> /dev/null; then
     echo "$(date) - ${eppn} has no mounts configured, adding bucket and mounts..."
     ${rclone} mkdir "${rcp}:${bucketname}"

templates/script/restart-db-cluster.erb

@@ -67,10 +67,12 @@ def main() -> int:
     reboot_command = ['sudo /usr/local/bin/safer_reboot']
 
     if customers[0] == "common":
-        customers = ["multinode"]
+        customers = ["lookup", "multinode"]
     for customer in customers:
         backup_type = "backup"
-        if customer == "multinode":
+        if customer == "lookup":
+            backup_type = "lookupbackup"
+        elif customer == "multinode":
             backup_command = ['sudo /home/script/bin/backup_multinode_db.sh']
             backup_type = "multinode-db"
 

templates/scriptreceiver/create_bucket.erb.sh

@@ -11,7 +11,7 @@ function usage {
 	exit 1
 }
 
-if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*-app-1$ ]]; then
+if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*_app_1$ ]]; then
 	usage
 fi
 if ! [[ ${bucket} =~ ^[a-zA-Z0-9]+ ]]; then
@@ -26,19 +26,19 @@ echo "$(date): Start executing create_bucket.sh ${1} ${2} ${3}"
 
 rclone_config="/opt/nextcloud/rclone.conf"
 if [[ "${container}" != "nextcloud_app_1" ]]; then
-  customer=$(echo "${container}" | sed -e 's/^nextcloud-//' -e 's/-app-1$//')
+  customer=$(echo "${container}" | sed -e 's/^nextcloud-//' -e 's/_app_1$//')
   rclone_config="/opt/multinode/${customer}/rclone.conf"
 fi
 
 key=$(grep access_key_id "${rclone_config}" | awk '{print $3}')
 secret=$(grep secret_access_key "${rclone_config}"| awk '{print $3}')
 endpoint=$(grep endpoint "${rclone_config}" | awk '{print $3}')
-preexisting="$(docker exec -u www-data -i "${container}" php --define apc.enable_cli=1 /var/www/html/occ files_external:list --output json --show-password "${user}" | jq -r '.[] | .configuration.bucket' | grep "${bucket}")"
+preexisting="$(docker exec -u www-data -i "${container}" php --define apc.enable_cli=1 /var/www/html/occ files_external:list --output json "${user}" | jq -r '.[] | .configuration.bucket' | grep "${bucket}")"
 
 if [[ -z ${preexisting} ]]; then
 	docker exec -u www-data -i "${container}" php --define apc.enable_cli=1 /var/www/html/occ files_external:create "${user_bucket_name}" \
 		amazons3 -c bucket="${bucket}" -c key="${key}" -c secret="${secret}" -c hostname="${endpoint}" -c use_ssl=true -c use_path_style=true -c region=us-east-1 \
-		-c useMultipartCopy=true amazons3::accesskey --user ${user}
+		-c useMultipartCopy=false amazons3::accesskey --user ${user}
 	for shareid in $(docker exec -u www-data -i ${container} php --define apc.enable_cli=1 /var/www/html/occ files_external:export ${user} | jq -r '.[].mount_id'); do
 		docker exec -u www-data -i ${container} php --define apc.enable_cli=1 /var/www/html/occ files_external:option ${shareid} enable_sharing true
 	done

templates/scriptreceiver/create_bucket_without_question.sh

@@ -7,7 +7,7 @@ bucket=${4}
 user=${5}
 /usr/local/bin/occ files_external:create "${bucket}" \
 	amazons3 -c bucket="${bucket}" -c key="${key}" -c secret="${secret}" -c hostname="${endpoint}" -c use_ssl=true -c use_path_style=true -c region=us-east-1 \
-	-c useMultipartCopy=true amazons3::accesskey --user "${user}"
+	-c useMultipartCopy=false amazons3::accesskey --user "${user}"
-for shareid in $(/usr/local/bin/nocc files_external:export "${user}" | jq -r '.[].mount_id'); do
+for shareid in $(/usr/local/bin/occ files_external:export "${user}" | jq -r '.[].mount_id'); do
-	/usr/local/bin/nocc files_external:option "${shareid}" enable_sharing true
+	/usr/local/bin/occ files_external:option "${shareid}" enable_sharing true
 done

templates/scriptreceiver/list_files_for_user.erb.sh

@@ -9,7 +9,7 @@ function usage {
 	exit 1
 }
 
-if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*-app-1$ ]]; then
+if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*_app_1$ ]]; then
 	usage
 fi
 

templates/scriptreceiver/list_users.erb.sh

@@ -2,7 +2,7 @@
 
 container=${1}
 
-if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*-app-1$ ]]; then
+if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*_app_1$ ]]; then
 	echo "Usage: ${0} <nextcloud container name>"
 	echo "Example : ${0} nextcloud_app_1"
 	exit 1