Commit 647ba133 authored by Ilja's avatar Ilja
Browse files

Merge branch 'develop' into 'master'

Release v0.3.0~ynh4

Closes #9, #11, #12, and #6

See merge request Neutrinet/neutrinet_ynh!18
parents c716578c 4184cc94
......@@ -5,32 +5,50 @@ The neutrinet application is for Neutrinet members that have an Internet Cube co
* Adds a webpage with genral information about Neutrinet
# Installation
## From the webinterface
First make sure you have the neutrinet_app list
1. Go to the admin interface on your cube
2. Click *Applications* > *Install* > At the bottom click *Manage application lists* > Check in the Application list if you have *neutrinet*
3. If you don't have it > under Custom applications lists you give *neutrinet* under Name. Under URL you give *https://neutrinet.be/apps.json* > Add
The we can install the application
1. Click *Applications* at the top of the page
2. click *Install* > select *All apps* > search for *neutrinet*> click *Install* > Fill in the form (or just keep the defaults) and press Install just like you would install any app from the webinterface
## From the CLI
First check if you have a list, probably named *neutrinet*, with *https://neutrinet.be/apps.json* as url.
`yunohost app listlists`
```shell
yunohost app listlists
```
If you don't have the list yet, you can add it using
`yunohost app fetchlist --name neutrinet -u https://neutrinet.be/apps.json`
```shell
yunohost app fetchlist --name neutrinet -u https://neutrinet.be/apps.json
```
Once you have the list, you can install the app using
`yunohost app install neutrinet --debug`
```shell
yunohost app install neutrinet --debug
```
## Debugging
You can manually run the cron job that attempts to renew the certificates:
```shell
sudo /etc/cron.daily/neutrinet-renew-cert
```
This actually runs the script in `/opt/neutrinet/renew_cert/`:
```shell
cd /opt/neutrinet/renew_cert
sudo RENEW_CERT_PYTHON=ve/bin/python ./renew_cert_cron.sh
```
You can increase the verbosity with the option `-v`:
```shell
sudo RENEW_CERT_PYTHON=ve/bin/python ./renew_cert_cron.sh -v
```
# For contributers
## Contributing
* Bugs, feature requests and other issues can be logged on the issue tracker at https://git.domainepublic.net/Neutrinet/neutrinet_ynh/issues
* Merge requests should be submitted at https://git.domainepublic.net/Neutrinet/neutrinet_ynh
* Merge requests should be done to the `develop` branch
## Publish a new version of the app
* Edit the [manifest](manifest.json) file to bump the version
......
location PATHTOCHANGE/ {
location PATHTOCHANGE {
alias ALIASTOCHANGE;
index index.html;
}
......@@ -5,7 +5,7 @@
"en": "Auto renewal for the Neutrinet vpn-certificates",
"fr": "Renouvellement automatique des certificats vpn Neutrinet"
},
"version": "0.3.0~ynh3",
"version": "0.3.0~ynh4",
"license": "GPL-3+",
"maintainer": {
"name": "ilja",
......
......@@ -42,6 +42,8 @@ fi
# Normalize the url path syntax
path_url=$(ynh_normalize_url_path $path_url)
# Trim trailing slashes
path_url=$(sed 's@*/$@@' <<< $path_url)
# Check web path availability
if ! ynh_webpath_available $domain $path_url
......@@ -70,7 +72,7 @@ ynh_app_setting_set $app opt_path $opt_path
ynh_print_info "Installing dependencies…"
ynh_install_app_dependencies git python3-venv libssl-dev libffi-dev python3-dev
ynh_install_app_dependencies git python3-openssl python3-requests
#=================================================
# CREATE DEDICATED USER
......@@ -105,8 +107,6 @@ service nginx reload
renew_cert_repo="https://github.com/neutrinet/renew_cert"
renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1)
renew_cert_path="$opt_path/renew_cert"
renew_cert_virtualenv="$renew_cert_path/ve"
renew_cert_python="$renew_cert_virtualenv/bin/python3"
renew_cert_cron_script="renew_cert_cron.sh"
ynh_print_info "Installing automatic VPN certificate renewal…"
......@@ -118,19 +118,11 @@ git -C $renew_cert_path checkout $renew_cert_version
# This wrapper will be used as a daily cron task
cp $renew_cert_cron_script $renew_cert_path/$renew_cert_cron_script
# From now on we work in the renew_cert directory
cd $renew_cert_path
# We need system site packages otherwise moulinette is broken
python3 -m venv $renew_cert_virtualenv --system-site-packages
ve/bin/pip install wheel
ve/bin/pip install -r requirements.txt
ynh_print_info "Setting up permissions"
chown -R $app_user: $opt_path
chmod 0755 $renew_cert_cron_script
chown root: $renew_cert_cron_script
chmod 0755 $renew_cert_path/$renew_cert_cron_script
chown root: $renew_cert_path/$renew_cert_cron_script
#=================================================
# SETTING UP CRONTAB
......@@ -141,7 +133,7 @@ ynh_print_info "Setting up cron job for certificate renewal…"
cat <<EOF > /etc/cron.daily/$app-renew-cert
#!/bin/bash
cd $renew_cert_path
RENEW_CERT_PYTHON="$renew_cert_python" $renew_cert_path/$renew_cert_cron_script
$renew_cert_path/$renew_cert_cron_script
EOF
chown root:root /etc/cron.daily/$app-renew-cert
......
......@@ -26,6 +26,14 @@ then
fi
RENEW_CERT_SCRIPT="${RENEW_CERT_PATH}/renew.py"
DEBUG=false
while getopts "v" opt
do
case $opt in
v) DEBUG=true;;
esac
done
if [[ -f $OPENVPN_CREDENTIALS_FILE ]]
then
credentials_file=$OPENVPN_CREDENTIALS_FILE
......@@ -43,15 +51,29 @@ password=$(tail -n 1 "$credentials_file")
run_date=$(date +'%Y-%m-%d_%H:%M:%S')
renew_dir="certs_$run_date"
$RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir" -v
if $DEBUG
then
$RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir" -v
else
# Keep the logs for later. We will print them only if the certificates are being renewed.
renew_cert_logs=$($RENEW_CERT_PYTHON $RENEW_CERT_SCRIPT "$login" -p "$password" -c "$OPENVPN_USER_CERT" -d "$renew_dir")
fi
if [[ ! -d $renew_dir || ! -f $renew_dir/ca.crt || ! -f $renew_dir/client.crt || ! -f $renew_dir/client.key ]]
then
echo "Cleaning $renew_dir directory."
if $DEBUG
then
echo "Cleaning $renew_dir directory."
fi
rm -rf "$renew_dir"
exit 0
fi
if [[ -n $renew_cert_logs ]]
then
echo "$renew_cert_logs"
fi
echo "Saving old OpenVPN config"
cp -r $OPENVPN_CONF_DIR{,.old_${run_date}}
......
......@@ -50,7 +50,7 @@ fi
ynh_print_info "Installing dependencies…"
ynh_install_app_dependencies git python3-venv libssl-dev libffi-dev python3-dev
ynh_install_app_dependencies git python3-openssl python3-requests
#=================================================
# CREATE DEDICATED USER
......
......@@ -16,6 +16,7 @@ source _common.sh
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
path=$(ynh_app_setting_get $app path)
path_url=$(ynh_app_setting_get $app path_url)
app_user=$(ynh_app_setting_get $app app_user)
www_path=$(ynh_app_setting_get $app www_path)
......@@ -53,16 +54,28 @@ if [[ -z $app_user ]]; then
fi
if [[ -z $path_url ]]; then
path_url=$(ynh_app_setting_get $app path)
path_url=$path
if [[ -z $path_url ]]; then
ynh_die "Missing path url!"
else
ynh_app_setting_set $app path_url $path_url
ynh_app_setting_delete $app path
fi
fi
if [[ $path_url == */ ]]; then
# Trim trailing slashes
path_url=$(sed 's@/*$@@' <<< $path_url)
ynh_app_setting_set $app path_url $path_url
fi
# path setting is needed by Yunohost
# when path is empty, Yunohost thinks the app is on the domain root
if [[ "$path" != "$path_url" ]]; then
path=$path_url
ynh_app_setting_set $app path $path
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
......@@ -87,11 +100,14 @@ ynh_abort_if_errors
if [[ $version < "0.3.0~ynh1" ]]; then
ynh_app_setting_delete $app version
ynh_system_user_create --username $app_user --home_dir $www_path
fi
ynh_print_info "Upgrading dependencies..."
if [[ $version < "0.3.0~ynh4" ]]; then
ynh_print_info "Removing old dependencies..."
ynh_remove_app_dependencies virtualenv python3-venv libssl-dev libffi-dev python3-dev
ynh_package_update
ynh_install_app_dependencies python3-venv libssl-dev libffi-dev python3-dev
ynh_print_info "Upgrading dependencies..."
ynh_install_app_dependencies python3-openssl python3-requests
fi
#=================================================
......@@ -122,8 +138,6 @@ ynh_print_info "Installing automatic VPN certificate renewal..."
renew_cert_repo="https://github.com/neutrinet/renew_cert"
renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1)
renew_cert_path="$opt_path/renew_cert"
renew_cert_virtualenv="$renew_cert_path/ve"
renew_cert_python="$renew_cert_virtualenv/bin/python"
renew_cert_cron_script="renew_cert_cron.sh"
if [[ ! -e $renew_cert_path ]]; then
......@@ -138,23 +152,11 @@ git -C $renew_cert_path checkout $renew_cert_version
# This wrapper will be used as a daily cron task
cp $renew_cert_cron_script $renew_cert_path/$renew_cert_cron_script
# From now on we work in the renew_cert directory
cd $renew_cert_path
if [[ ! -e $renew_cert_python \
|| $($renew_cert_python --version 2>&1 | grep -q "Python 2") ]]; then
rm -rf $renew_cert_virtualenv
# We need system site packages otherwise moulinette is broken
python3 -m venv $renew_cert_virtualenv --system-site-packages
fi
ve/bin/pip install wheel
ve/bin/pip install -r requirements.txt
ynh_print_info "Setting up permissions"
chown -R $app_user: $opt_path
chmod 755 $renew_cert_cron_script
chown root: $renew_cert_cron_script
chmod 755 $renew_cert_path/$renew_cert_cron_script
chown root: $renew_cert_path/$renew_cert_cron_script
#=================================================
# SETTING UP CRONTAB
......@@ -165,7 +167,7 @@ ynh_print_info "Setting up cron job for renewal..."
cat <<EOF > /etc/cron.daily/$app-renew-cert
#!/bin/bash
cd $renew_cert_path
RENEW_CERT_PYTHON="$renew_cert_python" $renew_cert_path/$renew_cert_cron_script
$renew_cert_path/$renew_cert_cron_script
EOF
chown root:root /etc/cron.daily/$app-renew-cert
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment