Allow calendar servers to talk to db

Signed-off-by: Micke Nordin <kano@sunet.se>

files/scriptreciver/sysctl-d-gofasta.conf

@@ -0,0 +1,6 @@
+net.core.rmem_max=67108864
+net.core.wmem_max=67108864
+net.ipv4.tcp_rmem=4096 87380 33554432
+net.ipv4.tcp_wmem=4096 87380 33554432
+net.core.default_qdisc=fq
+net.ipv4.tcp_congestion_control=bbr

functions/get_customer.pp

@@ -2,13 +2,7 @@
 function sunetdrive::get_customer() >> String {
   $hostnameparts = split($facts['networking']['fqdn'],'\.')
   if $hostnameparts[1] ==  'drive' {
-      if $hostnameparts[0] =~ /^gss/ {
-        return 'gss'
-      } elsif $hostnameparts[0] =~ /^lookup/ {
-        return 'lookup'
-      } else {
-        return 'common'
-      }
+    return 'common'
   } elsif $hostnameparts[0] =~ /idp-proxy/ {
     return 'common'
   }

manifests/app_type.pp

@@ -66,15 +66,11 @@ define sunetdrive::app_type (
 
   # These are encrypted values from local.eyaml
 
-  $gss_jwt_key = safe_hiera('gss_jwt_key')
   $smtppassword = safe_hiera('smtp_password')
 
   #These are global values from common.yaml
   $gs_enabled = hiera('gs_enabled')
   $gs_federation = hiera('gs_federation')
-  $gss_master_admin = hiera_array('gss_master_admin')
-  $gss_master_url = hiera("gss_master_url_${environment}")
-  $lookup_server = hiera("lookup_server_${environment}")
   $mail_domain = hiera("mail_domain_${environment}")
   $mail_smtphost = hiera("mail_smtphost_${environment}")
   $mail_from_address = hiera("mail_from_address_${environment}")
@@ -82,9 +78,6 @@ define sunetdrive::app_type (
   $smtpuser = hiera("smtp_user_${environment}")
   $tug_office = hiera_array('tug_office')
 
-  # This is a global value from common.yaml but overridden in the gss-servers local.yaml
-  $gss_mode = hiera('gss_mode')
-
   # These are global values from common.yaml but can be overridden in group.yaml
   $drive_email_template_text_left = $config['drive_email_template_text_left']
   $drive_email_template_plain_text_left = $config['drive_email_template_plain_text_left']
@@ -100,6 +93,48 @@ define sunetdrive::app_type (
   unless $is_multinode{
     user { 'www-data': ensure => present, system => true }
 
+    file { '/usr/local/bin/get_containers':
+      ensure  => present,
+      force   => true,
+      owner   => 'root',
+      group   => 'root',
+      content => template('sunetdrive/application/get_containers'),
+      mode    => '0744',
+    }
+    if ($nodenumber == 3) {
+      file { '/usr/lib/nagios/plugins/check_nextcloud_mounts.py':
+        ensure  => present,
+        owner   => 'root',
+        group   => 'root',
+        content => template('sunetdrive/application/check_nextcloud_mounts.py'),
+        mode    => '0744',
+      }
+      sunet::sudoer {'nagios_run_nextcloud_mounts_command':
+        user_name    => 'nagios',
+        collection   => 'nrpe_nextcloud_mounts_check',
+        command_line => '/usr/lib/nagios/plugins/check_nextcloud_mounts.py'
+      }
+      sunet::nagios::nrpe_command {'check_nextcloud_mounts':
+        command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_nextcloud_mounts.py'
+      }
+    }
+    if ($nodenumber == 3) {
+      file { '/usr/local/bin/scan_external_mounts':
+        ensure  => present,
+        force   => true,
+        owner   => 'root',
+        group   => 'root',
+        content => template('sunetdrive/application/scan_external_mounts.sh'),
+        mode    => '0744',
+      }
+      sunet::scriptherder::cronjob { 'scriptherder_scan_external_mounts':
+        cmd           => '/usr/local/bin/scan_external_mounts',
+        hour          => '1',
+        minute        => '20',
+        ok_criteria   => ['exit_status=0','max_age=2d'],
+        warn_criteria => ['exit_status=1','max_age=3d'],
+      }
+    }
     file { '/opt/nextcloud/cron.sh':
       ensure  => file,
       owner   => 'root',
@@ -113,16 +148,22 @@ define sunetdrive::app_type (
       minute  => '*/5',
     }
     file { '/opt/nextcloud/user-sync.sh':
-      ensure  => file,
+      ensure  => absent,
+    }
+    file { '/usr/local/bin/nocc':
+      ensure  => present,
+      force   => true,
       owner   => 'root',
       group   => 'root',
-      mode    => '0700',
-      content => template('sunetdrive/application/user-sync.erb.sh'),
+      content => template('sunetdrive/application/nocc.erb'),
+      mode    => '0740',
     }
-    -> cron { 'gss_user_sync':
-      command => '/opt/nextcloud/user-sync.sh',
-      user    => 'root',
-      minute  => '*/5',
+    file { '/etc/sudoers.d/99-nocc':
+      ensure  => file,
+      content => "script ALL=(root) NOPASSWD: /usr/local/bin/nocc\n",
+      mode    => '0440',
+      owner   => 'root',
+      group   => 'root',
     }
     file { '/usr/local/bin/occ':
       ensure  => present,
@@ -314,23 +355,7 @@ define sunetdrive::app_type (
       mode    => '0744',
     }
   }
-  if $location =~ /^gss-test/ {
-    file { '/opt/nextcloud/mappingfile.json':
-      ensure  => present,
-      owner   => 'www-data',
-      group   => 'root',
-      content => template('sunetdrive/application/mappingfile-test.json.erb'),
-      mode    => '0644',
-    }
-  } elsif $location =~ /^gss/ {
-    file { '/opt/nextcloud/mappingfile.json':
-      ensure  => present,
-      owner   => 'www-data',
-      group   => 'root',
-      content => template('sunetdrive/application/mappingfile-prod.json.erb'),
-      mode    => '0644',
-    }
-  } elsif $location =~ /^kau/ {
+  if $location =~ /^kau/ {
     file { '/mnt':
       ensure => directory,
       owner  => 'www-data',
@@ -380,5 +405,4 @@ define sunetdrive::app_type (
       }
     }
   }
-
 }

manifests/db_type.pp

@@ -15,6 +15,7 @@ define sunetdrive::db_type(
   $backup_password = safe_hiera('backup_password')
   $proxysql_password = safe_hiera('proxysql_password')
   $mysql_user_password = safe_hiera('mysql_user_password')
+  $roundcube_password = safe_hiera('roundcube_password')
   $mariadb_dir = '/etc/mariadb'
   $mycnf_path = 'sunetdrive/mariadb/my.cnf.erb'
   $server_id = 1000 + Integer($facts['networking']['hostname'][-1])
@@ -33,8 +34,10 @@ define sunetdrive::db_type(
   $ports = [3306, 4444, 4567, 4568]
   if $location =~ /^multinode/ {
     $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['kube'] + $config['kube_v6']
-  } elsif $location == 'sunet-test' or $location == 'sunet-prod' {
-    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['imap'] + $config['imap_v6'] + $config['smtp'] + $config['smtp_v6']
+  } elsif $location == 'sunet-prod' {
+    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['imap'] + $config['imap_v6'] + $config['smtp'] + $config['smtp_v6'] + $config['webmail'] + $config['webmail_v6']
+  } elsif $location == 'sunet-test' {
+    $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6 + $config['imap'] + $config['imap_v6'] + $config['smtp'] + $config['smtp_v6'] + $config['webmail'] + $config['webmail_v6'] + $config['calendar'] + $config['calendar_v6']
   } else {
     $from = $db_ip + $nextcloud_ip + $backup_ip + $backup_ipv6 + $db_ipv6
   }
@@ -46,11 +49,7 @@ define sunetdrive::db_type(
   sunet::system_user {'mysql': username => 'mysql', group => 'mysql' }
 
 
-  if $location =~ /^lookup/ {
-    $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '05-lookup.sql']
-  } else {
-    $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql']
-  }
+  $sql_files = ['02-backup_user.sql', '03-proxysql.sql', '04-nextcloud.sql', '05-roundcube.sql']
   $sql_files.each |$sql_file|{
     file { "${mariadb_dir}/init/${sql_file}":
       ensure  => present,

manifests/infra_script.pp

@@ -6,8 +6,6 @@ class sunetdrive::infra_script (
   $environment = sunetdrive::get_environment()
   $customer = 'common'
   $config = hiera_hash($environment)
-  $gss_backup_server  = $config['gss_backup_server']
-  $lookup_backup_server  = $config['lookup_backup_server']
   $ssh_config = "Host *.sunet.se
   User script
   IdentityFile /root/.ssh/id_script"
@@ -59,14 +57,16 @@ class sunetdrive::infra_script (
     mode    => '0700',
   }
   sunet::scriptherder::cronjob { 'backupgssdb':
-    cmd           => "/root/tasks/backupdb.sh ${gss_backup_server}",
+    ensure        => 'absent',
+    cmd           => 'true',
     hour          => '2',
     minute        => '0',
     ok_criteria   => ['exit_status=0','max_age=2d'],
     warn_criteria => ['exit_status=1','max_age=3d'],
   }
   sunet::scriptherder::cronjob { 'backuplookupdb':
-    cmd           => "/root/tasks/backupdb.sh ${lookup_backup_server}",
+    ensure        => 'absent',
+    cmd           => 'true',
     hour          => '2',
     minute        => '0',
     ok_criteria   => ['exit_status=0','max_age=2d'],

manifests/lookup.pp

@@ -1,47 +0,0 @@
-#Class for SUNET-Drive-Lookup-Server
-class sunetdrive::lookup (
-  $bootstrap = undef,
-  $location  = undef
-) {
-
-  $environment = sunetdrive::get_environment()
-  $config = lookup($environment, undef, undef, undef)
-
-  $public_url = "https://${config['site_name']}"
-
-
-  # Firewall settings
-  $nextcloud_ip = hiera_array("${location}_app", [])
-  $tug_office = hiera_array('tug_office')
-
-  $dbhost = '127.0.0.1'
-  $gss_jwt_key = safe_hiera('gss_jwt_key')
-  $replication_auth = safe_hiera('replication_auth')
-  $mysql_user_password = safe_hiera('mysql_user_password')
-  $lookup_version = hiera("lookup_version_${environment}")
-  $email_sender = $config['email_sender']
-
-  #Create users
-  user { 'www-data': ensure => present, system => true }
-
-  file { '/opt/lookup/config.php':
-    ensure  => file,
-    owner   => 'www-data',
-    group   => 'root',
-    content => template('sunetdrive/lookup/config.php.erb'),
-    mode    => '0644',
-  }
-
-  sunet::docker_compose { 'drive_lookup_docker_compose':
-    content          => template('sunetdrive/lookup/docker-compose_lookup.yml.erb'),
-    service_name     => 'lookup',
-    compose_dir      => '/opt/',
-    compose_filename => 'docker-compose.yml',
-    description      => 'Lookup server',
-  }
-
-  sunet::misc::ufw_allow { 'https':
-    from => '0.0.0.0/0',
-    port => 443,
-  }
-}

manifests/multinode.pp

@@ -14,8 +14,6 @@ class sunetdrive::multinode (
   $db_ip = hiera_hash($environment)['db']
   $admin_password = hiera('admin_password')
   $cluster_admin_password = hiera('cluster_admin_password')
-  # This is a global value from common.yaml but overridden in the gss-servers local.yaml
-  $gss_mode = hiera('gss_mode')
 
   $twofactor_enforced_groups = []
   $twofactor_enforced_excluded_groups = []
@@ -40,6 +38,59 @@ class sunetdrive::multinode (
   user { 'www-data': ensure => present, system => true }
   sunet::system_user {'mysql': username => 'mysql', group => 'mysql' }
   ensure_resource('file', '/opt/nextcloud' , { ensure => directory, recurse => true } )
+  file { '/usr/local/bin/get_containers':
+    ensure  => present,
+    force   => true,
+    owner   => 'root',
+    group   => 'root',
+    content => template('sunetdrive/application/get_containers'),
+    mode    => '0744',
+  }
+  file { '/usr/lib/nagios/plugins/check_nextcloud_mounts.py':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    content => template('sunetdrive/application/check_nextcloud_mounts.py'),
+    mode    => '0744',
+  }
+  sunet::sudoer {'nagios_run_nextcloud_mounts_command':
+    user_name    => 'nagios',
+    collection   => 'nrpe_nextcloud_mounts_check',
+    command_line => '/usr/lib/nagios/plugins/check_nextcloud_mounts.py'
+  }
+  sunet::nagios::nrpe_command {'check_nextcloud_mounts':
+    command_line => '/usr/bin/sudo /usr/lib/nagios/plugins/check_nextcloud_mounts.py'
+  }
+  file { '/usr/local/bin/scan_external_mounts':
+    ensure  => present,
+    force   => true,
+    owner   => 'root',
+    group   => 'root',
+    content => template('sunetdrive/application/scan_external_mounts.sh'),
+    mode    => '0744',
+  }
+  sunet::scriptherder::cronjob { 'scriptherder_scan_external_mounts':
+    cmd           => '/usr/local/bin/scan_external_mounts',
+    hour          => '1',
+    minute        => '20',
+    ok_criteria   => ['exit_status=0','max_age=2d'],
+    warn_criteria => ['exit_status=1','max_age=3d'],
+  }
+  file { '/usr/local/bin/nocc':
+    ensure  => present,
+    force   => true,
+    owner   => 'root',
+    group   => 'root',
+    content => template('sunetdrive/application/nocc.erb'),
+    mode    => '0740',
+  }
+  file { '/etc/sudoers.d/99-nocc':
+    ensure  => file,
+    content => "script ALL=(root) NOPASSWD: /usr/local/bin/nocc\n",
+    mode    => '0440',
+    owner   => 'root',
+    group   => 'root',
+  }
   file { '/usr/local/bin/occ':
     ensure  => present,
     force   => true,
@@ -74,14 +125,6 @@ class sunetdrive::multinode (
     content => template('sunetdrive/multinode/get_non_paying_customers.erb.sh'),
     mode    => '0744',
   }
-  file { '/usr/local/bin/get_containers':
-    ensure  => present,
-    force   => true,
-    owner   => 'root',
-    group   => 'root',
-    content => template('sunetdrive/multinode/get_containers'),
-    mode    => '0744',
-  }
   file { '/usr/local/bin/restart_and_prune':
     ensure  => present,
     force   => true,
@@ -213,7 +256,7 @@ MACAddressPolicy=none'
   }
 #  if $nodenumber == '2' {
 #    cron { 'add_back_bucket_for_karin_nordgren':
-#      command => '(/usr/local/bin/occ nextcloud-kmh_app_1 files_external:list karin_nordgren@kmh.se  &&  /home/script/bin/create_bucket.sh nextcloud-kmh_app_1 karin_nordgren@kmh.se karin-nordgren-drive-sunet-se) || /bin/true',
+#      command => '(/usr/local/bin/occ nextcloud-kmh-app-1 files_external:list karin_nordgren@kmh.se  &&  /home/script/bin/create_bucket.sh nextcloud-kmh-app-1 karin_nordgren@kmh.se karin-nordgren-drive-sunet-se) || /bin/true',
 #      user    => 'root',
 #      minute  =>  '*/10',
 #    }
@@ -222,7 +265,7 @@ MACAddressPolicy=none'
     $customer_config_full = hiera_hash($customer)
     $customer_config = $customer_config_full[$environment]
     cron { "multinode_cron_${customer}":
-      command => "/opt/nextcloud/cron.sh nextcloud-${customer}_app_1",
+      command => "/opt/nextcloud/cron.sh nextcloud-${customer}-app-1",
       require => File['/opt/nextcloud/cron.sh'],
       user    => 'root',
       minute  =>  '*/10',
@@ -256,10 +299,7 @@ MACAddressPolicy=none'
 
     $gs_enabled = hiera('gs_enabled')
     $gs_federation = hiera('gs_federation')
-    $gss_master_admin = hiera_array('gss_master_admin')
-    $gss_master_url = hiera("gss_master_url_${environment}")
     $https_port = hiera_hash('multinode_mapping')[$customer]['port']
-    $lookup_server = hiera("lookup_server_${environment}")
     $mail_domain = hiera("mail_domain_${environment}")
     $mail_from_address = hiera("mail_from_address_${environment}")
     $mail_smtphost = hiera("mail_smtphost_${environment}")
@@ -312,7 +352,6 @@ MACAddressPolicy=none'
     $secret = safe_hiera("${customer}_secret")
     $passwordsalt= safe_hiera("${customer}_passwordsalt")
     $redis_host_password = safe_hiera("${customer}_redis_host_password")
-    $gss_jwt_key = safe_hiera('gss_jwt_key')
     $smtppassword = safe_hiera('smtp_password')
 
     $extra_config = {

manifests/multinode_db.pp

@@ -41,7 +41,10 @@ class sunetdrive::multinode_db(){
         group   => 'root',
         mode    => '0600',
       }
-      file { '/root/tasks/listusersbydep.sh':
+      file { '/root/tasks/':
+        ensure  => directory,
+      }
+      -> file { '/root/tasks/listusersbydep.sh':
         ensure  => file,
         content => template('sunetdrive/mariadb/listusersdep.sh.erb'),
         owner   => 'root',
@@ -55,7 +58,10 @@ class sunetdrive::multinode_db(){
         group   => 'root',
         mode    => '0700',
       }
-      file {'/opt/mariadb/statistics/custdata.json':
+      file {'/opt/mariadb/statistics/':
+        ensure      => directory,
+      }
+      -> file {'/opt/mariadb/statistics/custdata.json':
         ensure      => file,
         content     => template('sunetdrive/mariadb/custconfig.json.erb'),
         owner       => 'root',

manifests/script.pp

@@ -254,8 +254,11 @@ class sunetdrive::script (
     group   => 'root',
     mode    => '0700',
   }
-  file { '/root/tasks/backupsinglenodedb.sh':
-    ensure  => absent,
+  file_line { 'FIXME_remove_when_s3_migration_done_in_sto3':
+    ensure => 'present',
+    line   => '37.156.195.53 s3.sto3.safedc.net',
+    path   => '/etc/hosts',
+    match  => '^37.156.195.53',
   }
   if $environment == 'test' {
     sunet::scriptherder::cronjob { 'reboot-customer':
@@ -388,7 +391,7 @@ class sunetdrive::script (
     $singlenodes.each | $singlenode| {
       $multinode = hiera_hash('multinode_mapping')[$singlenode]['server']
       $multinodeserver = "${multinode}.${site_name}"
-      $nccontainer = "nextcloud-${singlenode}_app_1"
+      $nccontainer = "nextcloud-${singlenode}-app-1"
 
       sunet::scriptherder::cronjob { "backup${singlenode}db":
         ensure => absent,
@@ -418,17 +421,17 @@ class sunetdrive::script (
         }
       }
     }
-    $gss_backup_server  = $config['gss_backup_server']
-    $lookup_backup_server  = $config['lookup_backup_server']
     sunet::scriptherder::cronjob { 'backupgssdb':
-      cmd           => "/root/tasks/backupdb.sh ${gss_backup_server}",
+      ensure        => 'absent',
+      cmd           => 'true',
       hour          => '2',
       minute        => '0',
       ok_criteria   => ['exit_status=0','max_age=2d'],
       warn_criteria => ['exit_status=1','max_age=3d'],
     }
     sunet::scriptherder::cronjob { 'backuplookupdb':
-      cmd           => "/root/tasks/backupdb.sh ${lookup_backup_server}",
+      ensure        => 'absent',
+      cmd           => 'true',
       hour          => '2',
       minute        => '0',
       ok_criteria   => ['exit_status=0','max_age=2d'],
@@ -488,7 +491,6 @@ class sunetdrive::script (
   }
   sunet::scriptherder::cronjob { 'backupbuckets':
     cmd           => '/root/tasks/backupbuckets.sh',
-    environment   => ['RICHIR_TEST=true', 'OTHER_RICHIR=false'],
     hour          => '2',
     minute        => '0',
     ok_criteria   => ['exit_status=0','max_age=2d'],

manifests/scriptreceiver.pp

@@ -5,7 +5,19 @@ class sunetdrive::scriptreceiver()
   sunet::system_user {'script': username => 'script', group => 'script', managehome => true, shell => '/bin/bash' }
 
   # These tasks correspond to a ${task}.erb.sh template
-  $tasks = ['list_users', 'list_files_for_user', 'create_bucket', 'backup_db', 'purge_backups', 'maintenancemode', 'restart_sunet_service', 'start_sentinel', 'stop_sentinel', 'removeswap', 'backup_multinode_db']
+  $tasks = [
+    'list_users',
+    'list_files_for_user',
+    'create_bucket',
+    'backup_db',
+    'purge_backups',
+    'maintenancemode',
+    'restart_sunet_service',
+    'start_sentinel',
+    'stop_sentinel',
+    'removeswap',
+    'backup_multinode_db'
+  ]
 
   $environment = sunetdrive::get_environment()
   $config = hiera_hash($environment)
@@ -35,7 +47,9 @@ class sunetdrive::scriptreceiver()
     type   => 'ssh-ed25519',
     key    => $script_pub_key,
   }
-
+  file { '/etc/sysctl.d/gofasta.conf':
+    ensure  => 'absent',
+  }
   file { '/opt/rotate':
     ensure => directory,
     mode   => '0750',

manifests/sitemonitornaemon.pp

@@ -11,6 +11,9 @@ class sunetdrive::sitemonitornaemon() {
   $environment = sunetdrive::get_environment()
   $influx_passwd = safe_hiera('influx_passwd')
   $slack_url = safe_hiera('slack_url')
+  $extra_host_groups = {
+    node3_hosts => join($facts['configured_hosts_in_cosmos']['all'].filter |$host| { $host =~ /^node3\./ }, ',')
+  }
 
   file { '/usr/local/bin/slack_nagios.sh':
     ensure  => present,
@@ -45,9 +48,14 @@ class sunetdrive::sitemonitornaemon() {
     content => template('sunetdrive/monitor/sunetdrive_thruk_templates.conf.erb'),
     mode    => '0644',
   }
+  file { '/etc/naemon/conf.d/sunetdrive_extra_hostgroups.cfg':
+    ensure  => present,
+    content => template('sunetdrive/monitor/sunetdrive_extra_hostgroups.cfg.erb'),
+    mode    => '0644',
+  }
   nagioscfg::service {'check_scriptherder':
     hostgroup_name => ['sunetdrive::nrpe'],
-    check_command  => 'check_nrpe_1arg_to30!check_scriptherder',
+    check_command  => 'check_nrpe_1arg_to300!check_scriptherder',
     description    => 'Scriptherder Status',
     contact_groups => ['naemon-admins'],
   }
@@ -99,6 +107,12 @@ class sunetdrive::sitemonitornaemon() {
     description    => 'Status of sarimner interface',
     contact_groups => ['alerts']
   }
+  nagioscfg::service {'check_nextcloud_mounts':
+    hostgroup_name => ['node3_hosts','sunetdrive::multinode'],
+    check_command  => 'check_nrpe_1arg!check_nextcloud_mounts',
+    description    => 'S3 buckets with multiple Nextcloud mounts',
+    contact_groups => ['alerts']
+  }
 
 }
 

templates/application/check_nextcloud_mounts.py

@@ -0,0 +1,42 @@
+#!/usr/bin/env python3
+
+from collections import Counter
+import json
+import shlex
+import subprocess
+import sys
+
+exit = 0
+base_message = "OK: no duplicate mounts"
+long_message = ""
+
+get_containers = subprocess.Popen('/usr/local/bin/get_containers', stdout=subprocess.PIPE).stdout.read()
+containers = get_containers.decode().splitlines()
+
+for i, container in enumerate(containers, start=1):
+    buckets = []
+    list_command = f"/usr/local/bin/nocc {container} files_external:list --all --show-password --output json"
+    command = shlex.split(list_command)
+    mount_data_byte = subprocess.Popen(command, stdout=subprocess.PIPE).stdout.read()
+    try:
+        mount_data = json.loads(mount_data_byte.decode())
+    except json.decoder.JSONDecodeError as err:
+        if i == 1 or i != len(containers):
+            base_message = "WARNING: invalid json"
+        long_message +=  f"\ncontainer: {container} - json decode error: {err}"
+#        lets do exit 0 for now
+#        exit = 1
+        continue
+    for items in mount_data:
+        buckets.append(items["configuration"]["bucket"])
+    bucket_count = dict(Counter(buckets))
+    for k, v in bucket_count.items():
+        if v > 1:
+            base_message = "WARNING: buckets with multiple mounts"
+            long_message += f"\ncontainer: {container} - bucket: {k} - {v}"
+#            lets do exit 0 for now
+#            exit = 1
+print(base_message)
+if long_message != "":
+    print(long_message.lstrip())
+sys.exit(exit)

templates/application/config.php.erb

@@ -1,10 +1,5 @@
 <?php
 $CONFIG = array (
-  'app_install_overwrite' =>
-  array (
-    0 => 'globalsiteselector',
-  ),
-
   'apps_paths' =>
   array (
     0 =>
@@ -21,6 +16,7 @@ $CONFIG = array (
     ),
   ),
   'appstoreenabled' => false,
+  'auth.bruteforce.protection.enabled' => false,
   'config_is_read_only' => true,
   'csrf.disabled' => true,
   'datadirectory' => '/var/www/html/data',
@@ -48,28 +44,12 @@ $CONFIG = array (
   'gs.enabled' => '<%= @gs_enabled %>',
   'gs.federation' => '<%= @gs_federation %>',
   'gs.trustedHosts' => ['*.sunet.se'],
-  'gss.discovery.manual.mapping.file' => '/var/www/html/mappingfile.json',
-  'gss.discovery.manual.mapping.parameter' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
-  'gss.discovery.manual.mapping.regex' => true,
-  'gss.jwt.key' => '<%= @gss_jwt_key %>',
-  'gss.master.admin' =>
-   array (
-  <%- index = 0 -%>
-  <%- @gss_master_admin.each do |item| -%>
-    <%= index %> => '<%= item %>',
-    <%- index += 1 -%>
-  <%- end -%>
-  ),
-  'gss.master.url' => '<%= @gss_master_url %>',
-  'gss.mode' => '<%= @gss_mode %>',
-  'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping',
-  'gss.username_format' => 'sanitize',
+  'htaccess.RewriteBase' => '/',
   'installed' => true,
   'instanceid' => '<%= @instanceid %>',
   'integrity.check.disabled' => true,
   'log_type' => 'file',
   'loglevel' => 1,
-  'lookup_server' => '<%= @lookup_server %>',
   'mail_domain' => '<%= @mail_domain %>',
   'mail_from_address' => '<%= @mail_from_address %>',
   'mail_sendmailmode' => 'smtp',
@@ -97,7 +77,7 @@ $CONFIG = array (
       'region' => 'us-east-1',
       'hostname' => '<%= @s3_host %>',
       'port' => '',
-      'useMultipartCopy' => false,
+      'useMultipartCopy' => true,
       'objectPrefix' => 'urn:oid:',
       'autocreate' => false,
       'use_ssl' => true,
@@ -105,47 +85,11 @@ $CONFIG = array (
       'legacy_auth' => false,
     ),
   ),
-  'overwrite.cli.url' => 'https://<%= @site_name %>',
+  'overwrite.cli.url' => 'https://<%= @site_name %>/',
   'overwritehost' => '<%= @site_name %>',
   'overwriteprotocol' => 'https',
   'passwordsalt' => '<%= @passwordsalt %>',
-<% if @location == 'gss-test' -%>
-  'redis.cluster' => [
-    'failover_mode' => \RedisCluster::FAILOVER_ERROR,
-    'password' => '<%= @redis_cluster_password %>',
-    'read_timeout' => 0.0,
-    'seeds' => [
-      'redis1.drive.test.sunet.se:6379',
-      'redis2.drive.test.sunet.se:6379',
-      'redis3.drive.test.sunet.se:6379',
-      'redis1.drive.test.sunet.se:6380',
-      'redis2.drive.test.sunet.se:6380',
-      'redis3.drive.test.sunet.se:6380',
-      'redis1.drive.test.sunet.se:6381',
-      'redis2.drive.test.sunet.se:6381',
-      'redis3.drive.test.sunet.se:6381'
-    ],
-    'timeout' => 1.1
-  ],
-<% elsif @location == 'gss-prod' -%>
-  'redis.cluster' => [
-    'failover_mode' => \RedisCluster::FAILOVER_ERROR,
-    'password' => '<%= @redis_cluster_password %>',
-    'read_timeout' => 0.0,
-    'seeds' => [
-      'redis1.drive.sunet.se:6379',
-      'redis2.drive.sunet.se:6379',
-      'redis3.drive.sunet.se:6379',
-      'redis1.drive.sunet.se:6380',
-      'redis2.drive.sunet.se:6380',
-      'redis3.drive.sunet.se:6380',
-      'redis1.drive.sunet.se:6381',
-      'redis2.drive.sunet.se:6381',
-      'redis3.drive.sunet.se:6381'
-    ],
-    'timeout' => 1.1
-  ],
-<% elsif @environment == 'test' && ! @is_multinode -%>
+<% if @environment == 'test' && ! @is_multinode -%>
   'redis.cluster' => [
     'failover_mode' => \RedisCluster::FAILOVER_ERROR,
     'password' => '<%= @redis_cluster_password %>',
@@ -163,7 +107,7 @@ $CONFIG = array (
     ],
     'timeout' => 1.1
   ],
-<% elsif @environment == 'prod' && ! @is_multinode && @location != 'gss-prod' -%>
+<% elsif @environment == 'prod' && ! @is_multinode -%>
   'redis.cluster' => [
     'failover_mode' => \RedisCluster::FAILOVER_ERROR,
     'password' => '<%= @redis_cluster_password %>',

templates/application/docker-compose_nextcloud.yml.erb

@@ -24,9 +24,6 @@ services:
 <%- if @skeletondirectory -%>
       - /opt/nextcloud/skeleton:<%= @skeletondirectory %>
 <%- end -%>
-<%- if @location =~ /^gss/ -%>
-      - /opt/nextcloud/mappingfile.json:/var/www/html/mappingfile.json
-<%- end -%>
 <% if @location =~ /^kau/ -%>
       - /mnt:/opt/tmp/
 <%- end -%>

templates/application/nocc.erb

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [[ "${1}" =~ ^nextcloud ]]; then
+  container=${1}
+  shift
+else
+  container="nextcloud_app_1"
+fi
+
+
+oc_list=$(env| grep 'OC_')
+if [[ "x${oc_list}" != "x" ]]; then
+        for row in $(echo "${oc_list}"); do
+                MY_VARS="${MY_VARS} -e ${row}"
+        done
+fi
+
+docker exec -i ${MY_VARS} -u www-data ${container} php --define apc.enable_cli=1 /var/www/html/occ "$@"
+exit 0
+
+

templates/application/remount_user_bucket_as_project.sh

@@ -52,7 +52,7 @@ echo '
             "region": "'${region}'",
             "secret": "'${secret}'",
             "storageClass": "",
-            "useMultipartCopy": false,
+            "useMultipartCopy": true,
             "use_path_style": true,
             "use_ssl": true
         },

templates/application/scan_external_mounts.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+error_ids=""
+# Only run if this is the only instance of this script running
+# note: since this script forks to run pgrep, we need -eq 2 here
+# shellcheck disable=SC2126
+if [[ $(pgrep -a -f "${0}" | grep -v scriptherder | wc -l) -eq 2 ]]; then
+	# We sleep a deterministic amount of time, which will be between 0 an 128 m and allways the same within
+	# a specific host, but will differ between hosts
+	sleep $((16#$(ip a | grep "link/ether" | head -1 | awk -F ':' '{print $6}' | awk '{print $1}') / 2))m
+	errors=''
+	for container in $(/usr/local/bin/get_containers); do
+		error_ids="${error_ids} ${container}: "
+		for id in $(/usr/local/bin/nocc "${container}" files_external:list --all --output json | jq '.[].mount_id' | jq .); do
+			/usr/local/bin/nocc "${container}" files_external:scan "${id}" | grep Error
+			# shellcheck disable=SC2181
+			if [[ ${?} -eq 0 ]]; then
+				errors="${errors} ${id}"
+				error_ids="${error_ids} ${id}"
+			fi
+		done
+	done
+else
+	echo "Another instance of this script is already running, exiting"
+	pgrep -a -f "${0}" | grep -v scriptherder
+	exit 0
+fi
+
+if [[ -n "${errors}" ]]; then
+	echo "Errors found in the following mounts: ${error_ids}"
+	exit 1
+fi
+echo "No errors found"
+exit 0

templates/lookup/config.php.erb

@@ -1,29 +0,0 @@
-<?php
-$CONFIG = [
-	'AUTH_KEY' => "<%= @gss_jwt_key %>",
-	'DB' => [
-		'host' => "<%= @dbhost %>",
-		'db' => "lookup" ,
-		'user' => "lookup",
-		'pass' => "<%= @mysql_user_password %>",
-	],
-	'EMAIL_SENDER' => '<%= @email_sender %>',
-	'ERROR_VERBOSE' => false,
-	'GLOBAL_SCALE' => true,
-	'IP_BLACKLIST' => [
-	],
-	'MAX_REQUESTS' => 10000,
-	'MAX_SEARCH_PAGE' => 10,
-	'PUBLIC_URL' => '<%= @public_url %>',
-	'REPLICATION_AUTH' => '<%= @replication_auth %>',
-	'REPLICATION_HOSTS' => [
-	],
-	'SPAM_BLACKLIST' => [
-	],
-	'TWITTER' => [
-		'CONSUMER_KEY' => '',
-		'CONSUMER_SECRET' => '',
-		'ACCESS_TOKEN' => '',
-		'ACCESS_TOKEN_SECRET' => '',
-	],
-];

templates/lookup/docker-compose_lookup.yml.erb

@@ -1,17 +0,0 @@
-version: '3.2'
-
-services:
-
-  app:
-    container_name: lookup_app_1
-    image:  docker.sunet.se/drive/nextcloud-lookup:<%= @lookup_version %>
-    restart: always
-    volumes:
-      - /opt/lookup/config.php:/var/www/html/config/config.php
-    network_mode: host
-    dns:
-      - 89.46.20.75
-      - 89.46.21.29
-      - 89.32.32.32
-    command: apachectl -D FOREGROUND
-    tty: true

templates/mariadb/05-lookup.sql.erb

@@ -1,62 +0,0 @@
-SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
-SET time_zone = "+00:00";
-
-/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
-/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
-/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
-/*!40101 SET NAMES utf8mb4 */;
-
-CREATE DATABASE IF NOT EXISTS `lookup` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-USE `lookup`;
-
-CREATE USER 'lookup'@'%' IDENTIFIED BY '<%= @mysql_user_password %>';
-GRANT ALL PRIVILEGES ON lookup.* TO 'lookup'@'%' IDENTIFIED BY '<%= @mysql_user_password %>';
-
-
-DROP TABLE IF EXISTS `emailValidation`;
-CREATE TABLE IF NOT EXISTS `emailValidation` (
-  `id` int(11) NOT NULL AUTO_INCREMENT,
-  `storeId` int(11) NOT NULL,
-  `token` varchar(16) COLLATE utf8mb4_unicode_ci NOT NULL,
-  PRIMARY KEY (`id`),
-  KEY `token` (`token`),
-  KEY `storeId` (`storeId`)
-) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-DROP TABLE IF EXISTS `store`;
-CREATE TABLE IF NOT EXISTS `store` (
-  `id` int(11) NOT NULL AUTO_INCREMENT,
-  `userId` int(11) NOT NULL,
-  `k` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `v` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `valid` tinyint(1) NOT NULL DEFAULT '0',
-  PRIMARY KEY (`id`),
-  KEY `key` (`k`(191)),
-  KEY `value` (`v`(191)),
-  KEY `userId` (`userId`)
-) ENGINE=InnoDB AUTO_INCREMENT=51 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-DROP TABLE IF EXISTS `users`;
-CREATE TABLE IF NOT EXISTS `users` (
-  `id` int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
-  `federationId` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
-  PRIMARY KEY (`id`),
-  KEY `federationId` (`federationId`(191))
-) ENGINE=InnoDB AUTO_INCREMENT=15 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-DROP TABLE IF EXISTS `toVerify`;
-CREATE TABLE IF NOT EXISTS `toVerify` (
-  `id` int(11) NOT NULL AUTO_INCREMENT,
-  `userId` int(11) NOT NULL,
-  `storeId` int(11) NOT NULL,
-  `property` varchar(512) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `location` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
-  `tries` int(11) NOT NULL,
-  PRIMARY KEY (`id`)
-) ENGINE=InnoDB AUTO_INCREMENT=16 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-
-
-/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
-/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
-/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

templates/mariadb/05-roundcube.sql.erb

@@ -0,0 +1,3 @@
+CREATE SCHEMA roundcubemail;
+CREATE USER 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';
+GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'%' IDENTIFIED BY '<%= @roundcube_password %>';

templates/monitor/sunetdrive_extra_hostgroups.cfg.erb

@@ -0,0 +1,8 @@
+<% @extra_host_groups.each do |group, members| -%>
+# <%= group %>
+define hostgroup {
+  hostgroup_name <%= group %>
+  alias <%= group %>
+  members <%= members %>
+}
+<% end -%>

templates/monitor/sunetdrive_sites.cfg.erb

@@ -131,32 +131,6 @@ define host {
 <% end -%>
   use                 monitor-site
 }
-<% if site.match('lookup') %>
-define service {
-  notes_url             https://<%= site %>
-  action_url            /grafana/dashboard/script/histou.js?host=$HOSTNAME$&service=$SERVICEDISPLAYNAME$&theme=light&annotations=true
-  check_command         check_https
-  check_interval        5
-  check_period          24x7
-<% if @environment == 'prod' %>
-  contacts              slack
-<% else -%>
-  contact_groups        naemon-admins
-<% end -%>
-  host_name             <%= site %>
-  max_check_attempts    3
-  notification_interval 60
-  notification_period   24x7
-  retry_interval        1
-  service_description   HTTPS
-<% if site.match('test') -%>
-  servicegroups         test-sites
-<% else -%>
-  servicegroups         prod-sites
-<% end -%>
-}
-<% end -%>
-<% unless site.match('lookup') %>
 define service {
   notes_url             https://<%= site %>/status.php
   action_url            /grafana/dashboard/script/histou.js?host=$HOSTNAME$&service=$SERVICEDISPLAYNAME$&theme=light&annotations=true
@@ -164,7 +138,6 @@ define service {
   check_interval        5
   check_period          24x7
 <% cur_cust = site.gsub(/\.drive.*/,'') %>
-<% cur_cust = cur_cust.gsub(/drive.*/,'gss') %>
 # 'check_nextcloud' command definition
 <% if @environment == 'prod' and not site.match('test') and @fullnodes.include?(cur_cust) %>
   contacts              slack
@@ -209,4 +182,3 @@ define service {
 <% end -%>
 }
 <% end -%>
-<% end -%>

templates/script/check_backup.erb.sh

@@ -20,7 +20,7 @@ for project in $(ls ${data_dir}); do
     if [[ "${issixmonths}" == "true" ]]; then
       number_of_full_to_keep=6
     fi
-    max_num_inc=$((32 * number_of_full_to_keep))
+    max_num_inc=$((50 * number_of_full_to_keep))
     max_num_full=$((2 * number_of_full_to_keep))
     
 		tabular_data=$(cat "${data_dir}/${project}/${bucket}.dat")

templates/script/create_folders_in_singlenode_buckets.erb.sh

@@ -5,7 +5,7 @@ shift
 include_userbuckets="${1}"
 shift
 environment="<%= @environment %>"
-container="nextcloud-${customer}_app_1"
+container="nextcloud-${customer}-app-1"
 
 yq="/usr/local/bin/yq"
 if ! [[ -x ${yq} ]]; then

templates/script/listusers.erb.sh

@@ -1,10 +1,10 @@
 #!/bin/bash
 
-customer="${1}" 
-multinode="${2}" 
+customer="${1}"
+multinode="${2}"
 environment="<%= @environment %>"
 location="${customer}-${environment}"
-userjson=$(ssh "script@${multinode}" "sudo /home/script/bin/list_users.sh nextcloud-${customer}_app_1") 
+userjson=$(ssh -o StrictHostKeyChecking=no "script@${multinode}" "sudo /home/script/bin/list_users.sh nextcloud-${customer}-app-1")
 project="statistics"
 bucket="drive-server-coms"
 base_dir="${project}:${bucket}"

templates/script/maintenance.erb.sh

@@ -17,7 +17,7 @@ if [[ "${ENVIRONMENT}" == "prod" ]]; then
 fi
 if [[ "${CUSTOMER}" == "common" ]]; then
 	customer=""
-	types="multinode gss"
+	types="multinode"
 fi
 
 domain="${customer}drive.${env}sunet.se"

templates/script/makebuckets.erb.sh

@@ -43,9 +43,11 @@ for eppn in $(echo "${users}" | jq -r keys[]); do
   username=${eppn%@*}
   # Remove underscore from username
   user=${username//_/-}
+  # convert user to lower case for bucket naming rules
+  user_lower=${user,,}
 
   echo "$(date) - Check bucket status for ${eppn}"
-  bucketname="${user}-${site_name//./-}"
+  bucketname="${user_lower}-${site_name//./-}"
   if ! echo "${buckets}" | grep "${bucketname}" &> /dev/null; then
     echo "$(date) - ${eppn} has no mounts configured, adding bucket and mounts..."
     ${rclone} mkdir "${rcp}:${bucketname}"

templates/script/restart-db-cluster.erb

@@ -67,12 +67,10 @@ def main() -> int:
     reboot_command = ['sudo /usr/local/bin/safer_reboot']
 
     if customers[0] == "common":
-        customers = ["lookup", "multinode"]
+        customers = ["multinode"]
     for customer in customers:
         backup_type = "backup"
-        if customer == "lookup":
-            backup_type = "lookupbackup"
-        elif customer == "multinode":
+        if customer == "multinode":
             backup_command = ['sudo /home/script/bin/backup_multinode_db.sh']
             backup_type = "multinode-db"
 

templates/scriptreceiver/create_bucket.erb.sh

@@ -11,7 +11,7 @@ function usage {
 	exit 1
 }
 
-if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*_app_1$ ]]; then
+if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*-app-1$ ]]; then
 	usage
 fi
 if ! [[ ${bucket} =~ ^[a-zA-Z0-9]+ ]]; then
@@ -26,19 +26,19 @@ echo "$(date): Start executing create_bucket.sh ${1} ${2} ${3}"
 
 rclone_config="/opt/nextcloud/rclone.conf"
 if [[ "${container}" != "nextcloud_app_1" ]]; then
-  customer=$(echo "${container}" | sed -e 's/^nextcloud-//' -e 's/_app_1$//')
+  customer=$(echo "${container}" | sed -e 's/^nextcloud-//' -e 's/-app-1$//')
   rclone_config="/opt/multinode/${customer}/rclone.conf"
 fi
 
 key=$(grep access_key_id "${rclone_config}" | awk '{print $3}')
 secret=$(grep secret_access_key "${rclone_config}"| awk '{print $3}')
 endpoint=$(grep endpoint "${rclone_config}" | awk '{print $3}')
-preexisting="$(docker exec -u www-data -i "${container}" php --define apc.enable_cli=1 /var/www/html/occ files_external:list --output json "${user}" | jq -r '.[] | .configuration.bucket' | grep "${bucket}")"
+preexisting="$(docker exec -u www-data -i "${container}" php --define apc.enable_cli=1 /var/www/html/occ files_external:list --output json --show-password "${user}" | jq -r '.[] | .configuration.bucket' | grep "${bucket}")"
 
 if [[ -z ${preexisting} ]]; then
 	docker exec -u www-data -i "${container}" php --define apc.enable_cli=1 /var/www/html/occ files_external:create "${user_bucket_name}" \
 		amazons3 -c bucket="${bucket}" -c key="${key}" -c secret="${secret}" -c hostname="${endpoint}" -c use_ssl=true -c use_path_style=true -c region=us-east-1 \
-		-c useMultipartCopy=false amazons3::accesskey --user ${user}
+		-c useMultipartCopy=true amazons3::accesskey --user ${user}
 	for shareid in $(docker exec -u www-data -i ${container} php --define apc.enable_cli=1 /var/www/html/occ files_external:export ${user} | jq -r '.[].mount_id'); do
 		docker exec -u www-data -i ${container} php --define apc.enable_cli=1 /var/www/html/occ files_external:option ${shareid} enable_sharing true
 	done

templates/scriptreceiver/create_bucket_without_question.sh

@@ -7,7 +7,7 @@ bucket=${4}
 user=${5}
 /usr/local/bin/occ files_external:create "${bucket}" \
 	amazons3 -c bucket="${bucket}" -c key="${key}" -c secret="${secret}" -c hostname="${endpoint}" -c use_ssl=true -c use_path_style=true -c region=us-east-1 \
-	-c useMultipartCopy=false amazons3::accesskey --user "${user}"
-for shareid in $(/usr/local/bin/occ files_external:export "${user}" | jq -r '.[].mount_id'); do
-	/usr/local/bin/occ files_external:option "${shareid}" enable_sharing true
+	-c useMultipartCopy=true amazons3::accesskey --user "${user}"
+for shareid in $(/usr/local/bin/nocc files_external:export "${user}" | jq -r '.[].mount_id'); do
+	/usr/local/bin/nocc files_external:option "${shareid}" enable_sharing true
 done

templates/scriptreceiver/list_files_for_user.erb.sh

@@ -9,7 +9,7 @@ function usage {
 	exit 1
 }
 
-if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*_app_1$ ]]; then
+if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*-app-1$ ]]; then
 	usage
 fi
 

templates/scriptreceiver/list_users.erb.sh

@@ -2,7 +2,7 @@
 
 container=${1}
 
-if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*_app_1$ ]]; then
+if ! [[ ${container} == 'nextcloud_app_1' ]] && ! [[ ${container} =~ ^nextcloud-[a-z]*-app-1$ ]]; then
 	echo "Usage: ${0} <nextcloud container name>"
 	echo "Example : ${0} nextcloud_app_1"
 	exit 1