161 lines
		
	
	
		
			7.0 KiB
		
	
	
	
		
			Bash
		
	
	
			
		
		
	
	
			161 lines
		
	
	
		
			7.0 KiB
		
	
	
	
		
			Bash
		
	
	
| #!/bin/bash
 | |
| 
 | |
| set -e
 | |
| set -x
 | |
| . /usr/share/debconf/confmodule
 | |
| 
 | |
| restore_config_if_modified() {
 | |
|     local new="$1"
 | |
|     local backup="$1.bak"
 | |
| 
 | |
|     if [ -f "$backup" ]; then
 | |
|         if ! cmp -s "$new" "$backup"; then
 | |
|             echo ">>> Archivo modificado por el usuario detectado en $new"
 | |
|             echo "    - Guardando archivo nuevo como ${new}.new"
 | |
|             mv -f "$new" "${new}.new"
 | |
|             echo "    - Restaurando archivo anterior desde backup"
 | |
|             mv -f "$backup" "$new"
 | |
|         else
 | |
|             echo ">>> El archivo $new no ha cambiado desde la última versión, eliminando backup"
 | |
|             rm -f "$backup"
 | |
|         fi
 | |
|     fi
 | |
| }
 | |
| 
 | |
| USER="opengnsys"
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| # Detectar si es una instalación nueva o una actualización
 | |
| if [ "$1" = "configure" ] && [ -z "$2" ]; then
 | |
|     # Detectar IP de la interfaz de red asociad a la ruta por defecto. 
 | |
| 
 | |
|     IP=$(ip -4 route get 8.8.8.8 | grep -oP '(?<=src )[\d.]+')
 | |
|     echo ">>> Instalación nueva detectada."
 | |
| 
 | |
|     # Solicitar credenciales solo en instalación nueva
 | |
|     db_input high opengnsys/ogcore_adminUser || true
 | |
|     db_go
 | |
|     db_get opengnsys/ogcore_adminUser
 | |
|     ADMIN_USER="$RET"
 | |
| 
 | |
|     db_input high opengnsys/ogcore_adminPass || true
 | |
|     db_go
 | |
|     db_get opengnsys/ogcore_adminPass
 | |
|     ADMIN_PASS="$RET"
 | |
| 
 | |
|     cd /opt/opengnsys/ogcore/api
 | |
| 
 | |
|     # Configuración inicial
 | |
|     echo ">>> Configurando base de datos y permisos"
 | |
|     mariadb -e "ALTER USER 'root'@'localhost' IDENTIFIED VIA unix_socket OR mysql_native_password USING PASSWORD('root');"
 | |
|     
 | |
| 
 | |
|     echo ">>> Creando par de claves para JWT"
 | |
|     php bin/console lexik:jwt:generate-keypair --overwrite
 | |
| 
 | |
|     echo ">>> Creando base de datos"
 | |
|     php bin/console doctrine:database:create --if-not-exists
 | |
|     php bin/console doctrine:migrations:migrate --no-interaction
 | |
| 
 | |
|     echo ">>> Cargando datos iniciales"
 | |
|     php bin/console opengnsys:load-default-user
 | |
|     php bin/console app:load-default-user-groups
 | |
|     php bin/console app:load-default-commands
 | |
|     php bin/console opengnsys:load-default-menu
 | |
| 
 | |
|     echo ">>> Configurando servidor web y servicios"
 | |
|     ln -s /opt/opengnsys/ogcore/etc/nginx/sites-available/ogcore.conf /etc/nginx/sites-enabled/ogcore.conf
 | |
|     ln -s /opt/opengnsys/ogcore/etc/nginx/sites-available/mercure.conf /etc/nginx/sites-enabled/mercure.conf
 | |
|     ln -s /opt/opengnsys/ogcore/etc/php/8.3/fpm/pool.d/ogcore-fpm.conf /etc/php/8.3/fpm/pool.d/ogcore-fpm.conf
 | |
|     ln -s /opt/opengnsys/ogcore/etc/systemd/system/og-mercure.service /etc/systemd/system/og-mercure.service
 | |
| 
 | |
|     echo ">>> Configurando permisos de archivos"
 | |
|     chown opengnsys:www-data /opt/opengnsys/
 | |
|     chown -R opengnsys:www-data /opt/opengnsys/ogcore
 | |
|     systemctl daemon-reload
 | |
|     systemctl enable og-mercure
 | |
|     systemctl restart og-mercure
 | |
|     systemctl restart nginx
 | |
|     systemctl restart php8.3-fpm
 | |
| 
 | |
|     #Obteniendo bearer token 
 | |
|     BEARER=$(curl -sk -X 'POST' 'https://localhost:8443/auth/login' \
 | |
|         -H 'accept: application/json' \
 | |
|         -H 'Content-Type: application/json' \
 | |
|         -d '{ "username": "ogadmin", "password": "12345678" }' | jq -r .token)
 | |
|     # Creando nuevo repo
 | |
|     curl -skL -X POST 'https://localhost:8443/image-repositories' \
 | |
|         -H "Authorization: Bearer $BEARER" \
 | |
|         -H 'Content-Type: application/json' \
 | |
|         -d "{ \"name\": \"Repository 1\", \"ip\": \"$IP\", \"comments\": \"Repositorio creado automaticamente por oginstaller\" }"
 | |
|     # Solo gestionar credenciales en instalación nueva
 | |
|     if [ "$ADMIN_USER" == "ogadmin" ]; then
 | |
|         echo ">>> Cambiando contraseña de ogadmin"¡
 | |
|         OGADMIN_UUID=$(curl -skL "https://localhost:8443/users/?username=ogadmin" \
 | |
|             -H 'accept: application/json' \
 | |
|             -H "Authorization: Bearer $BEARER" | jq -r '.[0].uuid')
 | |
|         curl -skL -X PUT "https://localhost:8443/users/$OGADMIN_UUID/reset-password" \
 | |
|             -H 'accept: application/ld+json' \
 | |
|             -H 'Content-Type: application/ld+json' \
 | |
|             -H "Authorization: Bearer $BEARER" \
 | |
|             -d "{ \"currentPassword\": \"12345678\", \"newPassword\": \"$ADMIN_PASS\", \"repeatNewPassword\": \"$ADMIN_PASS\" }"
 | |
|         echo ">>> Contraseña de ogadmin cambiada."
 | |
|     else
 | |
|         echo ">>> Creando nuevo usuario administrador: $ADMIN_USER"
 | |
|         curl -skL --location 'https://localhost:8443/users' \
 | |
|             --header 'Content-Type: application/json' \
 | |
|             --header "Authorization: Bearer $BEARER" \
 | |
|             --data "{ \"username\": \"$ADMIN_USER\", \"password\": \"$ADMIN_PASS\", \"roles\": [\"ROLE_SUPER_ADMIN\"] }"
 | |
| 
 | |
|         echo ">>> Usuario administrador $ADMIN_USER creado."
 | |
|     fi
 | |
|     # Install crontab 
 | |
|     echo ">>> Configurando cron para comprobar disponibilidad de clientes"
 | |
|     cp /opt/opengnsys/ogcore/etc/cron.d/opengnsys-check-clients /etc/cron.d/opengnsys-check-clients
 | |
|     chmod 644 /etc/cron.d/opengnsys-check-clients
 | |
|     chown root:root /etc/cron.d/opengnsys-check-clients
 | |
| 
 | |
| elif [ "$1" = "configure" ] && [ -n "$2" ]; then
 | |
|     echo ">>> Actualización detectada desde la versión $2"
 | |
|     
 | |
|     # Restaurar archivos de configuración si han sido modificados
 | |
|     restore_config_if_modified "/opt/opengnsys/ogcore/etc/nginx/sites-available/ogcore.conf"
 | |
|     restore_config_if_modified "/opt/opengnsys/ogcore/etc/nginx/sites-available/mercure.conf"
 | |
|     restore_config_if_modified "/opt/opengnsys/ogcore/etc/php/8.3/fpm/pool.d/ogcore-fpm.conf"
 | |
|     restore_config_if_modified "/opt/opengnsys/ogcore/etc/systemd/system/og-mercure.service"
 | |
|     restore_config_if_modified "/opt/opengnsys/ogcore/api/env.json"
 | |
| 
 | |
|     cd /opt/opengnsys/ogcore/api
 | |
|     echo ">>> Aplicando migraciones de base de datos"
 | |
|     php bin/console doctrine:migrations:migrate --no-interaction
 | |
|     echo ">>> Configurando servidor web y servicios"
 | |
|     [ ! -L /etc/nginx/sites-enabled/ogcore.conf ] && ln -s /opt/opengnsys/ogcore/etc/nginx/sites-available/ogcore.conf /etc/nginx/sites-enabled/ogcore.conf
 | |
|     [ ! -L /etc/php/8.3/fpm/pool.d/ogcore-fpm.conf ] && ln -s /opt/opengnsys/ogcore/etc/php/8.3/fpm/pool.d/ogcore-fpm.conf /etc/php/8.3/fpm/pool.d/ogcore-fpm.conf
 | |
|     [ ! -L /etc/systemd/system/og-mercure.service ] && ln -s /opt/opengnsys/ogcore/etc/systemd/system/og-mercure.service /etc/systemd/system/og-mercure.service
 | |
|     echo ">>> Configurando permisos de archivos"
 | |
|     chown opengnsys:www-data /opt/opengnsys/
 | |
|     chown -R opengnsys:www-data /opt/opengnsys/ogcore
 | |
|     if [ ! -f /etc/cron.d/opengnsys-check-clients ]; then
 | |
|         echo ">>> Configurando cron para comprobar disponibilidad de clientes"
 | |
|         cp /opt/opengnsys/ogcore/etc/cron.d/opengnsys-check-clients /etc/cron.d/opengnsys-check-clients
 | |
|         chmod 644 /etc/cron.d/opengnsys-check-clients
 | |
|         chown root:root /etc/cron.d/opengnsys-check-clients
 | |
|     else 
 | |
|         echo ">>> El archivo de cron ya existe, no se realizan cambios se ajustan permisos"
 | |
|         chmod 644 /etc/cron.d/opengnsys-check-clients
 | |
|         chown root:root /etc/cron.d/opengnsys-check-clients
 | |
|     fi
 | |
|     systemctl daemon-reload
 | |
|     systemctl enable og-mercure
 | |
|     systemctl restart og-mercure
 | |
|     systemctl restart nginx
 | |
|     systemctl restart php8.3-fpm
 | |
| fi 
 | |
| # Recargar systemd y reiniciar servicios en ambos casos
 | |
| 
 | |
| 
 | |
| exit 0
 |