guard.sh

#!/bin/bash
#
# Copyright (C) 2019 OX Software GmbH
# 
# This file is part of OX Automation.
#
# OX Automation is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# OX Automation is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# 
# See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with OX Automation. If not, see <http://www.gnu.org/licenses/>.
#
#
# Authors:
# Benedikt Kroening <benedikt.kroening@open-xchange.com>
#

set -e
SCRIPT_DIR="$( cd "$(dirname "$0")" ; pwd -P)"
# sourcing some commonly used functions and executing basic checks
source ${SCRIPT_DIR}/../lib/common.bash
source ${SCRIPT_DIR}/../lib/setup.bash
checkRootPrivileges
detectDistribution

if [[ -z "${AS_GUARD_VERSION}" ]]; then
  # sourcing the default configuration to use
  echo "WARNING: Missing environment variable. Sourcing default versions file ..."
  exportProperties ${SCRIPT_DIR}/../setup/versions
fi
if [[ -z "${INSTALL_TYPE}" ]]; then
  echo "WARNING: Missing environment variable. Sourcing default config file ..."
  exportProperties ${SCRIPT_DIR}/../config/config
fi
## Help text
show_usage() {
echo -n "
Install Open-Xchange Guard packages and optionally enable it in config.
You can either install each component seperatly (manual cluster setup) or all at once.
Please keep in mind that most of this flags are already provided by the configuration.

  $0 [OPTIONS]
    
    --install       The install flag
    --enable        Enable guard in config and restart the backend several times
    --disable       Disable (WIP, may not work)
    --backend       Install backend only packages
    --middleware    Install middleware(api) packages only
    --frontend      Install Frontend packages
    --guard-admin   The guard admin endpoint
    
"
}



### reading config from command line; overriding defaults
POSITIONAL=()
while [[ $# -gt 0 ]]
do
key="$1"

case $key in
    -h|--help)
    show_usage
    exit 0
    shift
    ;;
    --debug)
    echo "WARNING: Debug flag set (--debug)"
    set -x
    shift
    ;;
    --enable)
    export GUARD_ENABLE=true
    shift
    ;;
    --disable)
    export GUARD_ENABLE=false
    shift
    ;;
    --middleware)
    export GUARD_MIDDLEWARE=true
    shift
    ;;
    --frontend)
    export GUARD_FRONTEND=true
    shift
    ;;
    --backend)
    export GUARD_BACKEND=true
    shift
    ;;    
    --install)
    export INSTALL_GUARD=true
    shift
    ;;    
    --guard-endpoint)
    echo "Using $2 as guard endpoint url ..."
    export OX_GUARD_ENDPOINT_URL="$2"
    shift
    shift
    ;;
    # -k|--key)
    # value="$2"
    # shift
    # shift
    # ;;
    # --restart)
    # RESTART_OX=true
    # shift
    # ;;
    *)    # unknown option
    POSITIONAL+=("$1") # save it in an array for later
    shift 
    ;;
esac
done
set -- "${POSITIONAL[@]}" # restore positional parameters

if [ "$INSTALL_GUARD" = true ] ; then
  # TODO: Repository is currently handled by setup.bash, create the repo info here ...

  if [[ "${GUARD_MIDDLEWARE}" = true  ]]; then
      if [[ "${GUARD_BACKEND}" = true  ]]; then
          # These packages are guard only, see below for middleware realted guard packages
          GUARD_PACKAGES="open-xchange-guard open-xchange-guard-file-storage"
      fi
      GUARD_PACKAGES="${GUARD_PACKAGES} open-xchange-guard-ui open-xchange-guard-backend-plugin"
  fi

  if [[ "${GUARD_FRONTEND}" = true  ]]; then
    GUARD_PACKAGES="${GUARD_PACKAGES} open-xchange-guard-ui-static open-xchange-guard-reader open-xchange-guard-help*"
  fi

  echo "Guard setup prepared, Following config will be used"
  printenv | grep GUARD_
  echo "===   (CTRL+C to cancel)   ==="
  sleep 3

  if [[ -n "${GUARD_PACKAGES}" ]]; then
    installPackagesRetry "${GUARD_PACKAGES}"
  fi
  
  # Updating UI themes if script exists
  if [[ -f /opt/open-xchange/appsuite/share/update-themes.sh  ]]; then
    /opt/open-xchange/appsuite/share/update-themes.sh -if-needed
  fi
fi 


if [[ "${GUARD_ENABLE}" = true  ]]; then
  # Default value, override globally for cluster envs
  if [[ -z "${OX_GUARD_ENDPOINT_URL}" ]]; then
    OX_GUARD_ENDPOINT_URL="http://localhost:8009/guardadmin"
  fi

  if [[ "${GUARD_FRONTEND}" = true  ]] || [[ "${INSTALL_FRONTEND}" = true  ]]; then
    echo "Adding Guard proxy rules ..." 
    cp -f ${SCRIPT_DIR}/../config/frontend/conf/89_guard-proxy.dummy ${HTTPD_CONF_PATH}/89_guard-proxy.conf

    if [[ "${INSTALL_TYPE}" == *"singlenode"* ]]; then
      # Creating guard config with higher prios for apache config (load order)
      ${SCRIPT_DIR}/../config/frontend/add-balancer.sh \
          --name "oxguard" \
          --balancer "http://localhost:8009" \
          --route "singlenode" \
          --priority 10

      ${SCRIPT_DIR}/../config/frontend/add-balancer.sh \
          --name "oxguardpks" \
          --balancer "http://localhost:8009/pks" \
          --route "singlenode" \
          --priority 10
      
    else
        echo "Current Install type: "${INSTALL_TYPE}
        echo "ERROR: guard init currently only supports singlenode. TODO: implement additional hostname parameter for balancer backend config"
        # e.g. guard.sh --guard-backend guard.host:8009
        exit 99
    fi
  fi
 
  INIT_STATE_FILE="/opt/open-xchange/etc/22-init-guard-done"
  if [ ! -f ${INIT_STATE_FILE} ]; then

    echo "Using following configuration:"
    set | grep "OX_GUARD"
    echo "==============================="
    sleep 5


    # configure guard
    setOXProperty com.openexchange.capability.guard true /opt/open-xchange/etc/guard-api.properties
    setOXProperty com.openexchange.capability.guard-mail true /opt/open-xchange/etc/guard-api.properties
    setOXProperty com.openexchange.capability.guard-drive true /opt/open-xchange/etc/guard-api.properties
    setOXProperty com.openexchange.share.staticGuestCapabilities "guard" /opt/open-xchange/etc/share.properties
    setOXProperty com.openexchange.guard.endpoint "${OX_GUARD_ENDPOINT_URL}" /opt/open-xchange/etc/guard-api.properties
    setOXProperty com.openexchange.rest.services.basic-auth.login "open-xchange" /opt/open-xchange/etc/server.properties
    setOXProperty com.openexchange.rest.services.basic-auth.password "secret" /opt/open-xchange/etc/server.properties

    # set guard config 
    # TODO:
    setOXProperty com.openexchange.guard.oxGuardDatabaseHostname "${DATABASE_HOST_NAME}" /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.oxGuardShardDatabase "${DATABASE_HOST_NAME}" /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.databaseUsername "${OX_CONFIGDB_USER}" /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.databasePassword "${OX_CONFIGDB_PASS}" /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.pinEnabled true /opt/open-xchange/etc/guard-core.properties

    # Disable useStartTLS when using self-generated certificates
    setOXProperty com.openexchange.guard.useStartTLS false /opt/open-xchange/etc/guard-core.properties

    # setOXProperty com.openexchange.guard.restApiHostname "frontend" /opt/open-xchange/etc/guard-core.properties
    # setOXProperty com.openexchange.guard.supportApiUsername "open-xchange" /opt/open-xchange/etc/guard-core.properties
    # setOXProperty com.openexchange.guard.supportApiPassword "secret" /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.restApiUsername "open-xchange" /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.restApiPassword "secret" /opt/open-xchange/etc/guard-core.properties

    # setOXProperty com.openexchange.guard.oxBackendPort 80 /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.oxBackendPath "/appsuite/api/" /opt/open-xchange/etc/guard-core.properties
    # setup localhost config for sharing tests
    # todo: guard external smtp config not hardcoded
    setOXProperty com.openexchange.guard.externalReaderPath   "localhost/guard/reader/reader.html" /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.externalEmailURL     "localhost" /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.guestSMTPServer      "${OX_MAIL_HOST}" /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.guestSMTPPort        "25" /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.guestSMTPUsername    "noreply" /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.guestSMTPPassword    "secret" /opt/open-xchange/etc/guard-core.properties
    setOXProperty com.openexchange.guard.guestSMTPMailFrom    "noreply@${OX_MAIL_DOMAIN}" /opt/open-xchange/etc/guard-core.properties

    restartService open-xchange
    sleep 10
    waitPort localhost 8009

    /opt/open-xchange/sbin/runallupdate -A ${OX_ADMINMASTER_USER} -P ${OX_ADMINMASTER_PASS}

    /opt/open-xchange/sbin/guard --directory /opt/open-xchange/etc --init
    restartService open-xchange
    sleep 10
    echo "$(date)" >> ${INIT_STATE_FILE}
  else
    echo "WARNING: This scripts has already been executed and will be skipped!"
    sleep 5
  fi



elif [[ "${GUARD_ENABLE}" = false  ]]; then
  echo ""
  # do something to disable it
fi