Automatisation installation et vagrant

vagrant/.gitignore

@@ -0,0 +1 @@
+.vagrant

vagrant/README.md

@@ -0,0 +1,20 @@
+# Prevarisc - Installation automatisée
+
+**L'installation automatisée** est inspirée de la [documentation officielle](https://sdis62.github.io/prevarisc/docs/installation-dun-serveur-prevarisc/).
+## Dans une machine virtuelle
+Le fichier ```Vagrantfile``` permet de créer rapidement une machine virtuelle [VirtualBox](https://www.virtualbox.org) munie de prevarisc via [Vagrant](https://www.vagrantup.com/downloads.html). Pour tester :
+<pre>
+cd vagrant && vagrant up
+</pre>
+
+Accès après l'installation : http://localhost:8001
+
+## Sur un serveur
+Pour installer rapidement un serveur prevarisc, on réalise l'équivalent de ce qui est réalisé par Vagrant. A savoir :
+
+1. Partir d'un serveur Debian 7X vierge
+2. Déposer le script d'installation ```install.sh```
+2. Redéfinir les variables d'environnement ```PREVARISC_*``` présentes dans le fichier Vagrantfile (mots de passe, nom du serveur, clé IGN, lien vers le package prevarisc, etc.)
+3. Exécuter ```install.sh```
+
+Accès après l'installation : http://prevarisc.sdisxx.fr

vagrant/Vagrantfile

@@ -0,0 +1,154 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  # All Vagrant configuration is done here. The most common configuration
+  # options are documented and commented below. For a complete reference,
+  # please see the online documentation at vagrantup.com.
+
+  # Every Vagrant virtual environment requires a box to build off of.
+  config.vm.box = "driebit/debian-7-x86_64"
+  config.vm.host_name = "prevarisc"
+
+  # The url from where the 'config.vm.box' box will be fetched if it
+  # doesn't already exist on the user's system.
+  # config.vm.box_url = "http://domain.com/path/to/above.box"
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # config.vm.network :forwarded_port, guest: 80, host: 8080
+  config.vm.network :forwarded_port, guest: 80, host: 8001
+  config.vm.network :forwarded_port, guest: 3306, host: 3307
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network :private_network, ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network :public_network
+
+  # If true, then any SSH connections made will enable agent forwarding.
+  # Default value: false
+  # config.ssh.forward_agent = true
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  config.vm.synced_folder "~/.vagrant.d/cache/apt", "/var/cache/apt/archives", create: true
+  config.vm.synced_folder "../", "/vagrant", :owner => 'root', create: true
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  config.vm.provider :virtualbox do |vb|
+    vb.name = "prevarisc"
+    # Don't boot with headless mode
+    #vb.gui = true
+    vb.memory = 1024
+    #   # Use VBoxManage to customize the VM. For example to change memory:
+    #vb.customize ["modifyvm", :id, "--memory", "1024"]
+  end
+
+  # View the documentation for the provider you're using for more
+  # information on available options.
+
+  # Enable provisioning with Puppet stand alone.  Puppet manifests
+  # are contained in a directory path relative to this Vagrantfile.
+  # You will need to create the manifests directory and a manifest in
+  # the file base.pp in the manifests_path directory.
+  #
+  # An example Puppet manifest to provision the message of the day:
+  #
+  # # group { "puppet":
+  # #   ensure => "present",
+  # # }
+  # #
+  # # File { owner => 0, group => 0, mode => 0644 }
+  # #
+  # # file { '/etc/motd':
+  # #   content => "Welcome to your Vagrant-built virtual machine!
+  # #               Managed by Puppet.\n"
+  # # }
+  #
+  # config.vm.provision :puppet do |puppet|
+  #   puppet.manifests_path = "manifests"
+  #   puppet.manifest_file  = "site.pp"
+  # end
+
+  # Enable provisioning with chef solo, specifying a cookbooks path, roles
+  # path, and data_bags path (all relative to this Vagrantfile), and adding
+  # some recipes and/or roles.
+  #
+  # config.vm.provision :chef_solo do |chef|
+  #   chef.cookbooks_path = "../my-recipes/cookbooks"
+  #   chef.roles_path = "../my-recipes/roles"
+  #   chef.data_bags_path = "../my-recipes/data_bags"
+  #   chef.add_recipe "mysql"
+  #   chef.add_role "web"
+  #
+  #   # You may also specify custom JSON attributes:
+  #   chef.json = { :mysql_password => "foo" }
+  # end
+
+  # Enable provisioning with chef server, specifying the chef server URL,
+  # and the path to the validation key (relative to this Vagrantfile).
+  #
+  # The Opscode Platform uses HTTPS. Substitute your organization for
+  # ORGNAME in the URL and validation key.
+  #
+  # If you have your own Chef Server, use the appropriate URL, which may be
+  # HTTP instead of HTTPS depending on your configuration. Also change the
+  # validation key to validation.pem.
+  #
+  # config.vm.provision :chef_client do |chef|
+  #   chef.chef_server_url = "https://api.opscode.com/organizations/ORGNAME"
+  #   chef.validation_key_path = "ORGNAME-validator.pem"
+  # end
+  #
+  # If you're using the Opscode platform, your validator client is
+  # ORGNAME-validator, replacing ORGNAME with your organization name.
+  #
+  # If you have your own Chef Server, the default validation client name is
+  # chef-validator, unless you changed the configuration.
+  #
+  #   chef.validation_client_name = "ORGNAME-validator"
+
+  # Définition des paramètres (une fois)
+  config.vm.provision "shell", inline: <<-SHELL
+cat ~/.bashrc | grep PREVARISC_SERVERNAME
+if [ $? -eq 0 ]; then
+  # Variables déjà dans le profil, on ne va pas plus loin
+  echo "root : pas d'ajout des variables dans le profil (déjà présentes)"
+  exit 0
+fi
+# Ajout des variables dans le profil
+echo "root : ajout des variables dans le profil"
+cat << 'EOF' >> /root/.bashrc
+
+# Variable PREVARISC*
+export PREVARISC_DB_PASSWORD=root
+export PREVARISC_APPROOTPASSWORD=root
+export PREVARISC_SERVERNAME=prevarisc
+export PREVARISC_PLUGIN_IGNKEY=liw0dyatvqxves9doctvc01f
+export PREVARISC_SECURITY_SALT=`date | md5sum | awk '{ print $1 }'`
+export PREVARISC_ZIP_BRANCH=https://github.com/cvagner/prevarisc/archive/2.x.zip
+export PREVARISC_APPROOTPASSWORD=root
+
+
+EOF
+. /root/.bashrc
+SHELL
+
+  config.vm.provision "shell", path: "install.sh"
+
+end

vagrant/install.sh

@@ -0,0 +1,164 @@
+# ------------------------------
+# - INSTALLATION DE PREVARISC
+# ------------------------------
+
+echo && echo "Installation prevarisc"
+
+# Execution en root
+if ( ! (whoami | grep root > /dev/null) ); then
+  echo && echo "not root : sudo su"
+  sudo su
+fi
+
+# Assignation de valeurs par défaut si nécessaire
+export PREVARISC_DB_PASSWORD=${PREVARISC_DB_PASSWORD:=root}
+export PREVARISC_APPROOTPASSWORD=${PREVARISC_APPROOTPASSWORD:=root}
+export PREVARISC_SERVERNAME=${PREVARISC_SERVERNAME:=prevarisc}
+export PREVARISC_PLUGIN_IGNKEY=${PREVARISC_PLUGIN_IGNKEY:=A_RENSEIGNER}
+export PREVARISC_SECURITY_SALT=${PREVARISC_SECURITY_SALT:=`date | md5sum | awk '{ print $1 }'`}
+export PREVARISC_ZIP_BRANCH=${PREVARISC_ZIP_BRANCH:=https://github.com/SDIS62/prevarisc/archive/2.x.zip}
+
+if [ $PREVARISC_PLUGIN_IGNKEY = "A_RENSEIGNER" ]; then
+    echo && echo "WARNING : PREVARISC_PLUGIN_IGNKEY dans /etc/apache2/sites-available/prevarisc"
+fi
+
+
+# ------------------------------
+# - Prérequis
+# ----------
+
+echo && echo "Mise à jour des paquets"
+aptitude -y update
+aptitude -y upgrade
+
+echo && echo "Configuration et installation des nouveaux paquets"
+
+# Définir le mot de passe root MySQL
+echo "mysql-server mysql-server/root_password password ${PREVARISC_DB_PASSWORD}" | debconf-set-selections
+echo "mysql-server mysql-server/root_password_again password ${PREVARISC_DB_PASSWORD}" | debconf-set-selections
+
+# Installer les dépendances
+apt-get -y install mysql-server mysql-workbench apache2 php5 php5-gd php5-ldap php5-mysql php-apc curl git p7zip-full
+
+
+# ------------------------------
+# - Serveur web
+# ----------
+
+echo && echo "Coniguration du serveur apache"
+
+a2enmod rewrite
+a2enmod expires
+a2enmod include
+
+mkdir -p /var/www/prevarisc/public
+envsubst << "EOF" > /etc/apache2/sites-available/prevarisc
+<VirtualHost *:80>
+
+    ServerName ${PREVARISC_SERVERNAME}
+    DocumentRoot /var/www/prevarisc/public
+
+    #SetEnv [CLE DE CONFIGURATION] [VALEUR]
+    #SetEnv PREVARISC_APPLICATION_PATH /var/www/prevarisc/application
+
+    SetEnv PREVARISC_BRANCH 2.x
+    #SetEnv PREVARISC_REVISION
+
+    SetEnv PREVARISC_DB_ADAPTER Pdo_Mysql
+    SetEnv PREVARISC_DB_CHARSET utf8
+    SetEnv PREVARISC_DB_HOST localhost
+    Setenv PREVARISC_DB_USERNAME root
+    SetEnv PREVARISC_DB_PASSWORD ${PREVARISC_DB_PASSWORD}
+    SetEnv PREVARISC_DB_DBNAME prevarisc
+    SetEnv PREVARISC_CACHE_LIFETIME 3600
+    # Clé pour le nom "prevarisc" 
+    SetEnv PREVARISC_PLUGIN_IGNKEY ${PREVARISC_PLUGIN_IGNKEY}
+    # Clé de sécurité pour la hashage des mots de passe
+    SetEnv PREVARISC_SECURITY_SALT ${PREVARISC_SECURITY_SALT}
+
+    <Directory /var/www/prevarisc/public>
+        DirectoryIndex index.php
+        AllowOverride all
+        Order allow,deny
+        Allow from all
+    </Directory>
+
+    RewriteEngine off
+    <Location />
+        RewriteEngine On
+        RewriteCond %{REQUEST_FILENAME} -s [OR]
+        RewriteCond %{REQUEST_FILENAME} -l [OR]
+        RewriteCond %{REQUEST_FILENAME} -d
+        RewriteRule ^.*$ - [NC,L]
+        RewriteRule ^.*$ /index.php [NC,L]
+    </Location>
+
+</VirtualHost>
+EOF
+
+# (Dés)activation des sites Apache
+a2dissite default
+a2ensite prevarisc
+
+/etc/init.d/apache2 restart
+
+
+# ------------------------------
+# - Application Prevarisc
+# ----------
+
+echo && echo "Installation de l'application prevarisc"
+
+cd /var/www
+echo "Téléchargement sources..." && wget -q ${PREVARISC_ZIP_BRANCH} --output-document=prevarisc.zip
+7z x prevarisc.zip -oprevarisctmp
+mv -f prevarisctmp/`ls prevarisctmp`/* prevarisc/
+rm -rf prevarisctmp
+rm -f prevarisc.zip
+
+chmod 755 prevarisc
+cd prevarisc
+curl https://getcomposer.org/installer | php
+
+# Si besoin : augmenter le timeout dans /var/www/prevarisc/composer.json :
+#nano /var/www/prevarisc/composer.json
+#"config": {
+#    "process-timeout" : 1000
+#},
+
+#php composer.phar install --prefer-source
+php composer.phar install --prefer-dist
+chown -R www-data:www-data *
+chmod -R 555 *
+chmod -R 755 public/
+
+
+# ------------------------------
+# - Base de données
+# ----------
+
+echo && echo "Création de la base de données"
+
+mysql -hlocalhost -uroot -p${PREVARISC_DB_PASSWORD} < /var/www/prevarisc/sql/init/prevarisc.sql
+
+# Ajout des droits à l'utilisateur root :
+cat << "EOF" > /root/acces.sql
+begin;
+insert into groupe(LIBELLE_GROUPE, DESC_GROUPE) values ('Tous les droits', 'Tous les droits');
+insert into `groupe-privileges`(ID_GROUPE, id_privilege) SELECT (select ID_GROUPE from groupe where libelle_groupe='Tous les droits'), id_privilege FROM privileges;
+update utilisateur set ID_GROUPE=(select ID_GROUPE from groupe where libelle_groupe='Tous les droits') where USERNAME_UTILISATEUR = 'root';
+commit;
+EOF
+
+mysql -hlocalhost -uroot -p${PREVARISC_DB_PASSWORD} prevarisc < /root/acces.sql
+
+# Définition du mot de passe de l'utilisateur applicatif root
+mysql -uroot -p${PREVARISC_DB_PASSWORD} prevarisc --execute="update utilisateur set PASSWD_UTILISATEUR = md5(CONCAT(USERNAME_UTILISATEUR, '${PREVARISC_SECURITY_SALT}', '${PREVARISC_APPROOTPASSWORD}')) where USERNAME_UTILISATEUR = 'root';" 
+
+
+# ------------------------------
+# - Redémarrage Apache final
+# ----------
+
+service apache2 restart
+