evoadmin-web/scripts/web-add-cluster.sh

664 lines
19 KiB
Bash
Raw Normal View History

#!/bin/bash
#
# Gestion des comptes web et des hôtes virtuels Apache sur un EvoCluster
#
# Copyright (c) 2009 Evolix - Tous droits reserves
# $Id: web-add.sh 221 2012-02-22 15:52:18Z reg $
#
# TODO
# - Gestion des quota
# - Possibilité de créer un compte FTP-only
# - Pouvoir spécifier le CONTACT_MAIL dans un fichier de conf
# - Traduire usage() en francais, ou l'inverse ??
set -e
HOME="/root"
CONTACT_MAIL="jdoe@example.org"
WWWBOUNCE_MAIL="jdoe@example.org"
LOCAL_SCRIPT="/usr/share/scripts/web-add.local.sh"
PRE_LOCAL_SCRIPT="/usr/share/scripts/web-add.pre-local.sh"
TPL_VHOST="/usr/share/scripts/vhost"
TPL_AWSTATS="/usr/share/scripts/awstats.XXX.conf"
TPL_MAIL="/usr/share/scripts/web-mail.tpl"
VHOST_PATH="/etc/apache2/sites-enabled/"
MAX_LOGIN_CHAR=16
HOME_DIR="/home"
MYSQL_CREATE_DB_OPTS=""
MIN_UID=5000
NOBODY_UID=65534
SSH="/usr/bin/ssh"
WEBADD="/usr/share/scripts/web-add.sh"
SSH_USER="root"
LAST_UID="cut -d: -f3 /etc/passwd | grep -v $NOBODY_UID | sort -n | tail -1"
VMAIL_USER="vmail"
# Utiliser ce fichier pour redefinir la valeur des variables ci-dessus
config_file="/etc/evolinux/web-add.conf"
[ -r $config_file ] && . $config_file
usage() {
cat <<EOT >&2
Usage: $0 COMMAND [ARG]
add [[OPTIONS] LOGIN WWWDOMAIN IP_MASTER IP_SLAVE REPLICATION_MODE]
Create web account LOGIN on Master and Slave servers, state file in
/home/LOGIN and push ssh public key of Master in Slave .ssh/authorized.
-p PASSWD
FTP and SFTP password (default : random)
-m DBNAME
Name of MySQL database (default : same as account)
-P DBPASSWD
MySQL password (default : random)
-l MAIL
Send summary email to MAIL
If REPLICATION_MODE is deferred:
-f interval
interval between each replication
-c min|hour
Unit for -f argument
Eg.: -f 4 -c hour meens do replication each 4 hours.
Example : web-add-cluster.sh add -m testdb -f 4 -c hour testlogin testdomain.com 192.168.0.1 192.168.0.2 deferred
del LOGIN IP_MASTER IP_SLAVE [DBNAME]
Delete account and all files related (Apache, Awstats, etc) in Master and
Slave server.
Archive home directory.
Remove MySQL database if DBNAME is specified.
add-alias WWWDOMAIN ALIAS IP_MASTER IP_SLAVE
Add a ServerAlias to an Apache vhost on Master and Slave
del-alias WWWDOMAIN ALIAS IP_MASTER IP_SLAVE
Del a ServerAlias from an Apache vhost on Master and Slave
NOTE: to create an account or add/del an alias on only one server (without
replication to a slave), we must pass "null" keyword instead of IP_SLAVE.
EOT
}
#
# Affiche un message d'erreur de validation
#
in_error() {
msg=$1
cat >&2 <<EOT
***
Erreur : $msg
***
EOT
}
gen_random_passwd() {
apg -c /dev/urandom -n1 -E oOlL10\&\\\/\"\'
}
validate_login() {
login=$1
length=${#login}
if [ $length -lt 3 ]; then
in_error "Le login doit contenir plus de 2 caracteres"
return 1
fi
if [ $length -gt $MAX_LOGIN_CHAR ]; then
in_error "Le login ne doit pas contenir plus de $MAX_LOGIN_CHAR caracteres"
return 1
fi
}
validate_passwd() {
passwd=$1
length=${#passwd}
if [ $length -lt 6 ] && [ $length -gt 0 ]; then
in_error "Le mot de passe doit avoir au moins 6 caracteres"
return 1
fi
}
validate_dbname() {
dbname=$1
# aandre 18/06
# if mysql -ss -e "show databases" | grep "^$dbname$" >/dev/null; then
# in_error "Base de données déjà existante"
# return 1
# fi
}
validate_wwwdomain() {
wwwdomain=$1
if [ -z "$wwwdomain" ]; then
in_error "Le nom de domaine est obligatoire"
return 1
fi
return 0
}
validate_mail() {
return 0
}
validate_replmode() {
if [ $in_replmode != "realtime" ] && [ $in_replmode != "deferred" ]; then
in_error "Le mode de replication doit etre realtime ou deferred"
return 1
fi
return 0
}
validate_replinterval() {
if [ -z "$in_replunit" ]; then
in_error "L'unite de l'intervalle de replication doit etre specifiee"
return 1
elif [ $in_replunit != "min" ] && [ $in_replunit != "hour" ]; then
in_error "L'unite de l'intervalle de replication doit etre min (minute), hour (heure)"
return 1
fi
if [ -z "$in_replinterval" ]; then
in_error "L'intervalle de replication doit etre specifiee"
return 1
elif [ $in_replunit = "min" ]; then
if [ $in_replinterval -lt 1 ] || [ $in_replinterval -gt 60 ]; then
in_error "Valeur incorecte pour l'intervalle en minute"
return 1
fi
elif [ $in_replunit = "hour" ]; then
if [ $in_replinterval -lt 1 ] || [ $in_replinterval -gt 24 ]; then
in_error "Valeur incorecte pour l'intervalle en heure"
return 1
fi
fi
return 0
}
step_ok() {
msg=$1
echo "[OK] $msg"
}
create_www_accounts() {
CMD_MASTER="$SSH -T $SSH_USER@$in_master"
CMD_SLAVE="$SSH -T $SSH_USER@$in_slave"
# On verifie que le compte n'existe pas sur master et slave
if [ -n "$($CMD_MASTER cut -d: -f1 /etc/passwd| grep ^$in_login$)" ]; then
in_error "Le compte $in_login existe sur $in_master";
exit 1;
fi
if [ $in_slave != "null" ]; then
if [ -n "$($CMD_SLAVE cut -d: -f1 /etc/passwd| grep ^$in_login$)" ]; then
in_error "Le compte $in_login existe sur $in_slave";
exit 1;
fi
fi
# Trouver un UID valide et commun pour le compte cree sur Master et Slave
last_uid_master=$($CMD_MASTER $LAST_UID)
if [ -z "$last_uid_master" ]; then
echo "error while fetching uid in master";
return 1
fi
if [ $in_slave != "null" ]; then
last_uid_slave=$($CMD_SLAVE $LAST_UID)
if [ -z "$last_uid_slave" ]; then
echo "error while fetching uid in slave";
return 1
fi
if [ $last_uid_master -ge $last_uid_slave ]; then
max_uid=$(($last_uid_master + 1))
else
max_uid=$(($last_uid_slave + 1))
fi
if [ $max_uid -lt $MIN_UID ]; then
uid=$MIN_UID
else
uid=$max_uid
fi
else
uid=$(($last_uid_master + 1))
fi
echo "UID libre: $uid"
# options mysql
opts_mysql='';
[ -n "$in_dbname" ] && opts_mysql="-m $in_dbname -P '$in_dbpasswd'"
# Creation web account on Master
echo "MASTER: $CMD_MASTER $WEBADD add -p '$in_passwd' $opts_mysql -l $in_mail -y -u $uid -g $uid -U $(($uid + 1)) $in_login $in_wwwdomain"
$CMD_MASTER $WEBADD add -p \'$in_passwd\' $opts_mysql -l $in_mail -y -u $uid -g $uid -U $(($uid + 1)) $in_login $in_wwwdomain || (in_error "creation du compte master sur $in_master: $?" && exit 1)
# Creation web account on Slave
if [ $in_slave != "null" ]; then
if [ "$in_replmode" != "realtime" ]; then
echo "SLAVE: $CMD_SLAVE $WEBADD add -p '$in_passwd' $opts_mysql -l null@example.org -y -u $uid -g $uid -U $(($uid + 1)) $in_login $in_wwwdomain"
$CMD_SLAVE $WEBADD add -p \'$in_passwd\' $opts_mysql -l null@example.org -y -u $uid -g $uid -U $(($uid + 1)) $in_login $in_wwwdomain || (in_error "creation du compte slave sur $in_slave: $?" && exit 1)
else
echo "SLAVE: $CMD_SLAVE $WEBADD add -p '$in_passwd' -l null@example.org -y -u $uid -g $uid -U $(($uid + 1)) $in_login $in_wwwdomain"
$CMD_SLAVE $WEBADD add -p \'$in_passwd\' -l null@example.org -y -u $uid -g $uid -U $(($uid + 1)) $in_login $in_wwwdomain || (in_error "creation du compte slave sur $in_slave: $?" && exit 1)
fi
# On ne veut pas que le site soit actif sur le serveur slave
$CMD_SLAVE a2dissite $in_login
$CMD_SLAVE /etc/init.d/apache2 reload
fi
# Les operation suivantes sont faites uniquement si une replication doit
# etre mise en place.
if [ $in_slave != "null" ]; then
# Creation des fichiers state
$CMD_MASTER "echo -e \"STATE=master\nIP=$in_slave\" >> ~$in_login/state"
$CMD_SLAVE "echo -e \"STATE=slave\nIP=$in_master\" >> ~$in_login/state"
# Create id_dsa.pub on master
$CMD_MASTER << ENDSSH
mkdir -p ~$in_login/.ssh
chown $in_login:$in_login ~$in_login/.ssh
chmod 700 ~$in_login/.ssh
su $in_login -c "ssh-keygen -t dsa -f ~$in_login/.ssh/id_dsa <<<\"\" "
ENDSSH
# push id_dsa.pub to authorized_keys of slave
master_key=$($CMD_MASTER "cat /home/$in_login/.ssh/id_dsa.pub")
$CMD_SLAVE << ENDSSH
mkdir -p ~$in_login/.ssh
chown $in_login:$in_login ~$in_login/.ssh
chmod 700 ~$in_login/.ssh
su $in_login -c "echo $master_key >> ~$in_login/.ssh/authorized_keys"
ENDSSH
# create known_hosts
$CMD_MASTER << ENDSSH
/usr/bin/ssh-keyscan $in_slave > /home/$in_login/.ssh/known_hosts
chown $in_login:$in_login /home/$in_login/.ssh/known_hosts
ENDSSH
$CMD_SLAVE << ENDSSH
/usr/bin/ssh-keyscan $in_master > /home/$in_login/.ssh/known_hosts
chown $in_login:$in_login /home/$in_login/.ssh/known_hosts
ENDSSH
echo "--------------------------------------------------------------------"
# Mise en place de la methode de replication choisie
if [ $in_replmode = "realtime" ]; then
# demon lsyncd
$CMD_MASTER <<ENDSSH
(crontab -lu $in_login 2>/dev/null; echo "@reboot lsyncd ~$in_login/www $in_slave:www") |crontab -u $in_login -
sudo -u $in_login lsyncd ~$in_login/www $in_slave:www
ENDSSH
# Pour les mails
# La réplication se fait au niveau du domaine (réplication de tout
# /home/vmail/example.com/).
domain=$(remove_subdomain $wwwdomain)
$CMD_MASTER <<ENDSSH
if [ ! -d ~$VMAIL_USER/$domain ]; then
mkdir ~$VMAIL_USER/$domain
chown $VMAIL_USER:$VMAIL_USER ~$VMAIL_USER/$domain
(crontab -lu $VMAIL_USER 2>/dev/null; echo '@reboot /opt/evocluster/get-domains.sh $in_login |while read domain; do lsyncd ~$VMAIL_USER/\$domain $VMAIL_USER@$in_slave:\$domain; done'; echo '* * * * * /opt/evocluster/get-domains.sh $in_login |while read domain; do ldapsearch >~/\$domain/dump.sql; done') |crontab -u $VMAIL_USER -
sudo -u $VMAIL_USER /opt/evocluster/get-domains.sh $in_login |while read domain; do lsyncd ~$VMAIL_USER/\$domain $VMAIL_USER@$in_slave:\$domain; done
fi
ENDSSH
$CMD_SLAVE <<ENDSSH
[ -d ~$VMAIL_USER/$domain ] || mkdir ~$VMAIL_USER/$domain && chown $VMAIL_USER:$VMAIL_USER ~$VMAIL_USER/$domain
ENDSSH
# replication MySQL
# On eteint le slave en attendant qu'un evoman ajoute la db dans le
# replicate-to-db et redemarre MySQL sur le slave. Comme ceci, il n'y a
# pas besoin de faire un dump de la nouvelle base, lors du start slave
# les donnees seront copiees.
$CMD_SLAVE mysqladmin stop-slave
mail -s "[TAF][Quai13] Replication MySQL pour $in_login" $CONTACT_MAIL <<ENDMAIL
Le compte $in_login a été crée sur $in_master (master) et $in_slave
(slave).
Pour terminer sa mise en place, il faut :
- sur le slave, ajouter la base de données $in_dbname à la directive
replicate-do-db dans la conf de MySQL ;
- redémarrer MySQL sur le slave, et s'assurer que la réplication est
ok (SHOW SLAVE STATUS et test d'écriture sur le master).
--
Evocluster
ENDMAIL
# crontab
$CMD_MASTER <<ENDSSH
(crontab -lu $in_login; echo " */5 * * * * crontab -l |ssh $in_slave \"cat >crontab\"") |crontab -u $in_login -
ENDSSH
elif [ $in_replmode = "deferred" ]; then
domain=$(remove_subdomain $wwwdomain)
if [ $in_replunit = "min" ]; then
cron_line="*/$in_replinterval * * * * /opt/evocluster/sync-master-to-slave.sh"
cron_line2="*/$in_replinterval * * * * /opt/evocluster/get-domains.sh $in_login |while read domain; do /opt/evocluster/sync-master-to-slave_mail.sh \$domain $in_login; done"
elif [ $in_replunit = "hour" ]; then
minute=$(($RANDOM % 54))
offset=5
cron_line="$minute */$in_replinterval * * * /opt/evocluster/sync-master-to-slave.sh"
cron_line2="$(($minute+$offset)) */$in_replinterval * * * /opt/evocluster/get-domains.sh $in_login |while read domain; do /opt/evocluster/sync-master-to-slave_mail.sh \$domain $in_login; done"
fi
$CMD_MASTER "(crontab -lu $in_login; echo -e \"$cron_line\") |crontab -u $in_login -"
$CMD_MASTER "(crontab -lu $VMAIL_USER; echo '$cron_line2') |crontab -u $VMAIL_USER -"
fi
# log
DATE=$(date +"%Y-%m-%d")
echo "$DATE [web-add-cluster.sh] $in_login added on $in_master and $in_slave" >> /var/log/evolix.log
else
DATE=$(date +"%Y-%m-%d")
echo "$DATE [web-add-cluster.sh] $in_login added on $in_master" >> /var/log/evolix.log
fi
}
op_del() {
if [ $# -lt 3 ]; then
usage
exit 1
else
login=$1
master=$2
slave=$3
if [ $# -eq 4 ]; then
dbname=$4
fi
fi
if [ $slave != "null" ]; then
echo "Deleting account $login on $master and $slave. Continue ?"
else
echo "Deleting account $login on $master. Continue ?"
fi
read
CMD_MASTER="$SSH $SSH_USER@$master"
CMD_SLAVE="$SSH $SSH_USER@$slave"
# check account exist on master and slave
if [ -z "$($CMD_MASTER cut -d: -f1 /etc/passwd| grep ^$login$)" ]; then
echo "Account $login doesn't exist on $master";
exit 1;
fi
if [ $slave != "null" ]; then
if [ -z "$($CMD_SLAVE cut -d: -f1 /etc/passwd| grep ^$login$)" ]; then
echo "Account $login doesn't exist on $slave";
exit 1;
fi
fi
yes | $CMD_MASTER $WEBADD del $login $dbname
if [ $slave != "null" ]; then
yes | $CMD_SLAVE $WEBADD del $login $dbname
fi
DATE=$(date +"%Y-%m-%d")
if [ $slave != "null" ]; then
echo "$DATE [web-add-cluster.sh] $login deleted from $master and $slave" >> /var/log/evolix.log
else
echo "$DATE [web-add-cluster.sh] $login deleted from $master" >> /var/log/evolix.log
fi
}
op_aliasadd() {
if [ $# -lt 3 ]; then
usage
exit 1
fi
vhost=$1
alias=$2
master=$3
slave=$4
CMD_MASTER="$SSH $SSH_USER@$master"
CMD_SLAVE="$SSH $SSH_USER@$slave"
$CMD_MASTER $WEBADD add-alias $vhost $alias
if [ $slave != "null" ]; then
$CMD_SLAVE $WEBADD add-alias $vhost $alias
fi
DATE=$(date +"%Y-%m-%d")
if [ $slave != "null" ]; then
echo "$DATE [web-add-cluster.sh] $alias added to $vhost on $master and $slave" >> /var/log/evolix.log
else
echo "$DATE [web-add-cluster.sh] $login added to $vhost on $master" >> /var/log/evolix.log
fi
}
op_aliasdel() {
if [ $# -lt 3 ]; then
usage
exit 1
fi
vhost=$1
alias=$2
master=$3
slave=$4
CMD_MASTER="$SSH $SSH_USER@$master"
CMD_SLAVE="$SSH $SSH_USER@$slave"
$CMD_MASTER $WEBADD del-alias $vhost $alias
if [ $slave != "null" ]; then
$CMD_SLAVE $WEBADD del-alias $vhost $alias
fi
DATE=$(date +"%Y-%m-%d")
if [ $slave != "null" ]; then
echo "$DATE [web-add-cluster.sh] $alias deleted from $vhost on $master and $slave" >> /var/log/evolix.log
else
echo "$DATE [web-add-cluster.sh] $login deleted from $vhost on $master" >> /var/log/evolix.log
fi
}
arg_processing() {
# Détermination de la commande
if [ $# -lt 1 ]; then
usage
else
commandname=$1
shift
case "$commandname" in
add)
op_add $*
;;
del)
op_del $*
;;
list-vhost)
op_listvhost $*
;;
add-alias)
op_aliasadd $*
;;
del-alias)
op_aliasdel $*
;;
*)
usage
;;
esac
fi
}
op_listvhost() {
if [ $# -eq 1 ]; then
configlist="$VHOST_PATH/$1";
else
configlist="$VHOST_PATH/*";
fi
for configfile in $configlist; do
if [ -r "$configfile" ]; then
servername=`awk '/^[[:space:]]*ServerName (.*)/ { print $2 }' $configfile | head -n 1`
serveraliases=`perl -ne 'print $1 if /^[[:space:]]*ServerAlias (.*)/' $configfile | head -n 1`
serveraliases=`echo $serveraliases | sed 's/ \+/, /g'`
userid=`awk '/^[[:space:]]*AssignUserID.*/ { print $3 }' $configfile | head -n 1`
if [ "$servername" ] && [ "$userid" ]; then
configid=`basename $configfile`
echo "$userid:$configid:$servername:$serveraliases"
fi
fi
done
}
op_add() {
while getopts hyp:m:P:s:l:f:c: opt; do
case "$opt" in
p)
in_passwd=$OPTARG
;;
m)
in_dbname=$OPTARG
;;
P)
in_dbpasswd=$OPTARG
;;
l)
in_mail=$OPTARG
;;
f)
in_replinterval=$OPTARG
;;
c)
in_replunit=$OPTARG
;;
h)
usage
exit 1
;;
?)
usage
exit 1
;;
esac
done
shift $(($OPTIND - 1))
if [ $# -ne 5 ]; then
usage
exit 1
fi
in_login=$1
in_wwwdomain=$2
in_master=$3
in_slave=$4
in_replmode=$5
# in_master doit etre different d'in_slave
[ "$in_master" = "$in_slave" ] && in_slave="null";
validate_login $in_login || exit 1
[ -z "$in_passwd" ] && in_passwd=`gen_random_passwd`
validate_passwd $in_passwd || exit 1
if [ -n "$in_dbname" ]; then
validate_dbname $in_dbname || exit 1
if [ -z "$in_dbpasswd" ]; then
in_dbpasswd=`gen_random_passwd`
validate_passwd $in_dbpasswd || exit 1
echo "validate mysql passwd $in_dbpasswd";
fi
echo " ? validate mysql passwd $in_dbpasswd";
fi
validate_wwwdomain $in_wwwdomain || exit 1
[ -z "$in_mail" ] && in_mail=$CONTACT_MAIL
validate_mail $in_mail || exit 1
validate_replmode $in_replmode || exit 1
if [ $in_replmode = "deferred" ]; then
validate_replinterval $in_replinterval $in_replunit || exit 1
fi
echo
echo "----------------------------------------------"
echo "Nom du compte : $in_login"
echo "Mot de passe : $in_passwd"
if [ -n "$in_dbname" ]; then
echo "Base de données MySQL : $in_dbname"
echo "Mot de passe MySQL : $in_dbpasswd"
fi
echo "Nom de domaine : $in_wwwdomain"
echo "IP compte master : $in_master"
echo "IP compte slave : $in_slave"
echo "Mode de replication : $in_replmode"
echo "Envoi du mail récapitulatif à : $in_mail"
echo "----------------------------------------------"
echo
create_www_accounts
echo
echo " => Compte $in_login créé avec succès"
echo
}
remove_subdomain() {
#return $(echo $1 |sed 's/\([^\.]\+\.[^\.]\+\)$/\1/')
echo $1 |perl -ne 'print $1 if ( /([^\.]+\.[^\.]+)$/ )'
}
# Point d'entrée
arg_processing $*