safebox/framework-scheduler
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 16 Wiki Activity

Compare commits

base: safebox:latest
Branches Tags
safebox:main
safebox:1.1.5 safebox:1.1.4 safebox:1.1.3 safebox:1.1.2 safebox:1.1.1 safebox:1.1.0 safebox:1.0.9 safebox:1.0.8 safebox:1.0.7 safebox:1.0.6 safebox:1.0.5 safebox:1.0.4 safebox:1.0.3 safebox:1.0.2 safebox:1.0.1 safebox:latest
..
compare: safebox:c2a1fbd9d8e1227428c69bfb124cfdc047e534c3
Branches Tags
safebox:main
safebox:1.1.5 safebox:1.1.4 safebox:1.1.3 safebox:1.1.2 safebox:1.1.1 safebox:1.1.0 safebox:1.0.9 safebox:1.0.8 safebox:1.0.7 safebox:1.0.6 safebox:1.0.5 safebox:1.0.4 safebox:1.0.3 safebox:1.0.2 safebox:1.0.1 safebox:latest

79 Commits
latest ... c2a1fbd9d8

Author SHA1 Message Date
gyurix
c2a1fbd9d8 Set default SSH port and user credentials in backup client function
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-08-06 10:49:02 +02:00
gyurix
d43536b67b Enhance backup server configuration by adding default SSH credentials and updating directory structure for backups
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-08-06 10:18:48 +02:00
gyurix
da5521295d Refactor entrypoint script to set installed version number and add debug mode handling for input directory
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-07-31 11:45:19 +02:00
gyurix
e39e1033c6 Add versioning output to entrypoint script and simplify JSON handling
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-29 14:25:48 +02:00
gyurix
ec9d4c6e4f Add backup server configuration and versioning to entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-29 13:51:05 +02:00
hael
6876c9351b Merge branch 'main' of https://git.format.hu/safebox/framework-scheduler
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-24 08:35:27 +00:00
hael
4df278bb0b save_vpn changes 2025-07-24 08:35:10 +00:00
gyurix
550661c205 Add debug mode environment variable handling in upgrade_scheduler function
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-24 10:18:54 +02:00
gyurix
131982b37f Refactor upgrade_scheduler function to streamline debug mode handling and simplify Docker start command 2025-07-24 10:17:23 +02:00
gyurix
e6e772055e Pass task name to add_json_target function for improved JSON file naming
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-23 18:09:02 +02:00
gyurix
2af0300c5a Add function to create JSON target file for task output in entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-23 17:36:46 +02:00
gyurix
5b2e3436f5 Enhance upgrade function to handle webserver service separately and improve logging
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-23 16:59:46 +02:00
gyurix
274e9456ea Enhance framework scheduler upgrade process with temporary file cleanup and reduced sleep duration
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-23 16:30:49 +02:00
gyurix
c1717a06e7 Add debug messages for framework scheduler upgrade and container removal
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-23 16:26:09 +02:00
gyurix
e28d6e47a8 Update entrypoint script to specify full path for Docker pull command and add debug message for framework scheduler upgrade
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-23 16:13:01 +02:00
gyurix
2e0129402d Refactor upgrade function to simplify web-installer handling and streamline service start process
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-23 15:57:52 +02:00
gyurix
3c1e396b19 Update framework scheduler name format and append random suffix in upgrade function
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-23 13:12:33 +02:00
gyurix
96c9dddf89 Update framework scheduler name and streamline upgrade process in entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-23 10:10:33 +02:00
hael
62f9ff63a8 deployment apps tree space fix
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-22 15:08:17 +00:00
gyurix
0102fc9241 Add debug mode support to Docker run command in entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-22 14:45:55 +02:00
gyurix
5601eaf8b7 Refactor Docker start command in entrypoint script for cleaner execution
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-07-22 14:42:40 +02:00
gyurix
33d154eccc Refactor entrypoint script to improve error handling and restore firewall rule startup logic
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-22 13:29:35 +02:00
gyurix
77079a019c Enhance entrypoint script with backup service functions and debug logging
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-22 11:58:15 +02:00
gyurix
adb579572c Add debug logging and start service execution in entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-22 11:46:13 +02:00
gyurix
b535f52493 Update entrypoint script to modify JSON configuration for domain certificates
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-07-22 11:42:48 +02:00
gyurix
33014294b0 Merge branch 'main' of https://git.format.hu/safebox/framework-scheduler
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-07-21 14:01:01 +02:00
gyurix
b9eab36585 Implement backup service management and network scanning functionality in entrypoint and backup challenge scripts 2025-07-21 14:00:56 +02:00
hael
279c886c07 Update scripts/scheduler/entrypoint.sh
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-07-21 10:41:29 +00:00
hael
415d65ac1c Update scripts/scheduler/entrypoint.sh
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-07-21 08:35:09 +00:00
gyurix
6d00aefb21 Initialize JSON_TARGET variable for deployment edit action in entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-06-03 15:41:43 +02:00
gyurix
2c782808ed Refactor deployment logic to stop service before editing in entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-05-29 12:14:02 +02:00
gyurix
ba8af23f42 Merge branch 'main' of https://git.format.hu/safebox/framework-scheduler
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-29 12:00:27 +02:00
gyurix
c5da839c5b Add support for editing deployments in entrypoint script 2025-05-29 12:00:25 +02:00
laci
a575bcbf46 app icon
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-29 09:43:38 +00:00
gyurix
06658b59d3 Remove installation of empty file and simplify deployment structure in entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-29 11:22:57 +02:00
laci
2f914cf8d9 app icon
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-05-28 16:13:35 +00:00
gyurix
b362f2e37f Filter out SHARED volumes during cleanup in entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-05-26 13:23:42 +02:00
gyurix
8eb3d1eef1 Filter out USER and SYSTEM volumes during cleanup in entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-05-26 13:17:32 +02:00
gyurix
2b91706d86 Remove redundant service stop command and add cleanup for environment files in entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-05-26 12:42:43 +02:00
gyurix
933d182244 Reorder upgrade calls in entrypoint script for framework and web-installer
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-05-21 11:07:50 +02:00
Gyorgy Berenyi
153249211a Update Dockerfile
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-21 09:07:24 +00:00
laci
c5765ca952 Merge branch 'main' of https://git.format.hu/safebox/framework-scheduler
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-15 13:25:48 +00:00
laci
2bcf430dfd upgrade debug 2025-05-15 13:25:02 +00:00
gyurix
bc7d30ea59 Reorder service stop command in entrypoint script for clarity during removal process
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-05-15 14:43:02 +02:00
gyurix
e23001223c Refactor service removal process in entrypoint script to streamline deletion of directories, files, and Docker volumes
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-15 14:06:09 +02:00
gyurix
4a7a854f6f Comment out service file removal in entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-15 13:54:12 +02:00
gyurix
5804346e42 Fix volume destination filtering in removal process
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-15 13:51:31 +02:00
gyurix
43fcc62014 Filter destinations by service name in removal process
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-15 13:28:27 +02:00
gyurix
a9ba3698bd Enhance entrypoint script to delete both volume destinations and Docker volumes during service removal
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-15 13:20:31 +02:00
gyurix
8e3a28334e Remove temporary firewall and domain files during service removal
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-15 13:01:30 +02:00
laci
f808a394aa uninsall fix
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-15 11:00:15 +00:00
gyurix
97398388d6 Merge branch 'main' of https://git.format.hu/safebox/framework-scheduler
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-15 11:24:08 +02:00
gyurix
0839a78d41 Enhance entrypoint script to clean up environment files, volume destinations, firewall rules, and domains during service removal 2025-05-15 11:24:06 +02:00
laci
43b529d2d0 PID
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-15 08:46:33 +00:00
laci
81cc2b14ab upgrade check_pid
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-15 08:25:44 +00:00
gyurix
42c3275e19 Improve git clone and pull commands with timeout settings; update JSON_TARGET handling in task execution
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-05-13 13:12:16 +02:00
laci
283b42bce1 rename letsencrypt task
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-05-07 16:16:40 +00:00
gyurix
fe5ffd3add Fix service execution commands in entrypoint script for web-installer
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/tag Build is passing
Details
2025-05-07 09:55:07 +02:00
gyurix
bc87393fba Add logic to handle new certificate requests in letsencrypt task
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone/tag Build is passing
Details
2025-05-06 16:09:34 +02:00
gyurix
f9d43d43f9 Enhance task execution logic to handle new certificate requests and improve debug output formatting
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-05-06 15:55:08 +02:00
Gyorgy Berenyi
ee0b103593 commented environment variables from drone
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-05-06 12:14:20 +00:00
laci
6cd309eb9a do not log check_vpn.json file created
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-05-06 08:21:12 +00:00
laci
93aebc5251 do not log check_vpn
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
2025-05-06 08:17:04 +00:00
gyurix
513b3f9f6a Remove unnecessary blank line in Drone CI configuration
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-04-28 08:13:25 +02:00
gyurix
dd9f1a1c2f Add Docker plugin mirror configuration to Drone CI pipeline
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-04-28 08:03:58 +02:00
gyurix
de3896d5ca Fix Drone CI configuration by correcting indentation and updating mirror key
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-04-28 07:55:57 +02:00
gyurix
6bc1120a64 Refactor Drone CI configuration for Docker image handling and secret management
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-04-28 07:54:11 +02:00
gyurix
f7c6ce03ea Merge branch 'main' of https://git.format.hu/safebox/framework-scheduler
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-04-28 07:48:39 +02:00
gyurix
e1e69d5212 Update node selector in Drone CI configuration to use dev1 2025-04-28 07:48:25 +02:00
gyurix
ca0fbeea73 Add Docker mirror configuration to Drone CI pipeline 2025-04-28 07:47:51 +02:00
Gyorgy Berenyi
f2c82d24e2 Update .drone.yml
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-04-23 22:33:13 +00:00
Gyorgy Berenyi
0fdbac0ea8 Update .drone.yml
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details
2025-04-23 22:10:45 +00:00
Gyorgy Berenyi
638f51eaa6 Update .drone.yml
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-04-23 21:49:19 +00:00
Gyorgy Berenyi
0f9850d6f8 Update .drone.yml
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-04-23 20:02:02 +00:00
Gyorgy Berenyi
c26a2f6efb Update .drone.yml
Some checks failed
continuous-integration/drone/push Build is failing
Details
2025-04-23 19:53:37 +00:00
Gyorgy Berenyi
5af97a3714 Update .drone.yml
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details
2025-04-23 19:42:02 +00:00
Gyorgy Berenyi
6d73464c70 Update .drone.yml
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details
2025-04-23 16:23:32 +00:00
gyurix
ea9c55b6bf Add apache2-utils to Dockerfile and implement htpasswd file creation in entrypoint script
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-04-22 11:56:42 +02:00
hael
3088f3904f service- prefix removed from upgrade
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-28 20:52:58 +01:00
5 changed files with 704 additions and 149 deletions
Expand all files Collapse all files

44
.drone.yml
View File

@@ -3,7 +3,7 @@ type: kubernetes
name: default name: default
node_selector: node_selector:
physical-node: dev2 physical-node: dev1
trigger: trigger:
event: event:
@@ -14,26 +14,6 @@ workspace:
path: /drone/src path: /drone/src
steps: steps:
- name: build multiarch from dev
image: docker.io/owncloudci/drone-docker-buildx:4
privileged: true
settings:
cache-from: [ "registry.dev.format.hu/framework-scheduler" ]
registry: registry.dev.format.hu
repo: registry.dev.format.hu/framework-scheduler
tags: latest
dockerfile: Dockerfile
username:
from_secret: dev-hu-registry-username
password:
from_secret: dev-hu-registry-password
platforms:
- linux/amd64
- linux/arm64
when:
event:
- push
- name: pull image to dockerhub - name: pull image to dockerhub
image: docker.io/owncloudci/drone-docker-buildx:4 image: docker.io/owncloudci/drone-docker-buildx:4
privileged: true privileged: true
@@ -51,3 +31,25 @@ steps:
when: when:
event: event:
- tag - tag
- name: build multiarch from dev
image: docker.io/owncloudci/drone-docker-buildx:4
privileged: true
#environment:
# DOCKER_PLUGIN_MIRROR: "https://mirror.dev.format.hu"
settings:
cache-from: [ "registry.dev.format.hu/framework-scheduler" ]
registry: registry.dev.format.hu
repo: registry.dev.format.hu/framework-scheduler
tags: latest
dockerfile: Dockerfile
username:
from_secret: dev-hu-registry-username
password:
from_secret: dev-hu-registry-password
platforms:
- linux/amd64
- linux/arm64
when:
event:
- push

4
Dockerfile
View File

@@ -14,10 +14,10 @@ FROM alpine:latest
# COPY --from=redis-source /usr/src/redis/src/redis-cli /usr/bin/redis-cli # COPY --from=redis-source /usr/src/redis/src/redis-cli /usr/bin/redis-cli
# RUN chmod +x /usr/bin/redis-cli # RUN chmod +x /usr/bin/redis-cli
RUN apk add --update --no-cache docker-cli wget curl dos2unix jq openssl git coreutils inotify-tools acl RUN apk add --update --no-cache docker-cli wget curl dos2unix jq openssl git coreutils inotify-tools acl apache2-utils
COPY scripts/scheduler/*.sh /scripts/ COPY scripts/scheduler/*.sh /scripts/
RUN find ./scripts -name "*.sh" | xargs dos2unix RUN find ./scripts -name "*.sh" | xargs dos2unix
RUN ["chmod", "+x", "-R", "/scripts/"] RUN ["chmod", "+x", "-R", "/scripts/"]
ENTRYPOINT ["/scripts/entrypoint.sh"] CMD /scripts/entrypoint.sh

89
scripts/scheduler/backup_challenge_clients.sh Normal file
View File

@@ -0,0 +1,89 @@
# Get MY IP
# Get VPN network if exists
# Define port
# Define local IP range
# Define VPN IP range
# Store results
scan_network(){
MyIP=$(ifconfig ${Interface}|grep inet |awk '{ print $2 }');
TargetIP=$(echo $MyIP|cut -d . -f1-3);
X=0
OpenIP=""
for i in $(seq 1 255); do
nc -w 1 -z $TargetIP.$i 60022;
if [ $? -eq 0 ]
then
if [ $MyIP != $TargetIP.$i ]
then
if [ $X = 1 ]
then
# tobb nyitott IP
echo "Found more than one IP addresses"
echo "MAILKULDES"
echo "">OpenIP.txt;
# TODO mailkuldes ahova kell
exit 1;
else
OpenIP=$TargetIP.$i;
fi
X=1;
fi
fi
done
if [ $X = 1 ]
then
echo $OpenIP>OpenIP.txt;
echo "start LVM SYNC";
echo "OpenIP mukodik = "$OpenIP;
lvm_sync_create $OpenIP;
else
echo "No available local IP address found!"
try_target_VPN;
fi
}
try_target_IP(){
MyIP=$(ifconfig ${Interface}|grep inet |awk '{ print $2 }');
nc -w 1 -z $OpenIP 60022;
if [ $? -eq 0 ]
then
if [ $MyIP = $OpenIP ]
then
echo "Only own IP address found = "$OpenIP
scan_network;
fi
else
scan_network;
fi
}
try_target_VPN(){
nc -w 1 -z $VPN 60022;
if [ $? -eq 0 ]
then
for i in {0..99}; do
MyVPN=$(ifconfig tun$i 2>/dev/null |grep inet |awk '{ print $2 }');
echo "My VPN="$MyVPN;
echo "Found VPN="$VPN;
if [ $VPN != $MyVPN ]
then
echo "VPN accessible="$VPN;
lvm_sync_create $VPN;
else
echo "Only own VPN accessible="$VPN;
exit 1;
fi
done
else
echo "No available server"
fi
}

690
scripts/scheduler/entrypoint.sh
View File

@@ -2,6 +2,7 @@
cd /scripts cd /scripts
DEBUG_MODE=${DEBUG_MODE:-false} DEBUG_MODE=${DEBUG_MODE:-false}
VERSION=1.1.0
#DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_URL:-registry.format.hu} #DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_URL:-registry.format.hu}
DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_URL:-safebox} DOCKER_REGISTRY_URL=${DOCKER_REGISTRY_URL:-safebox}
@@ -30,6 +31,7 @@ REDIS_VERSION=${REDIS_VERSION:-latest}
SOURCE=${SOURCE:-user-config} SOURCE=${SOURCE:-user-config}
SMARTHOST_PROXY_PATH=$SMARTHOST_PROXY_PATH SMARTHOST_PROXY_PATH=$SMARTHOST_PROXY_PATH
HTPASSWD_FILE=${HTPASSWD_FILE:-/etc/system/config/smarthost-proxy/nginx/htpasswd}
GIT_URL=${GIT_URL:-git.format.hu} GIT_URL=${GIT_URL:-git.format.hu}
REPO=$REPO REPO=$REPO
@@ -90,14 +92,292 @@ debug() {
fi fi
} }
## Start prevously deployed firewall rules depend on framework scheduler startup at first time add_json_target(){
if [ -d /etc/user/config/services ]; then local TASK_NAME=$1
cd /etc/user/config/services
for FIREWALL in $(ls firewall*.json); do if [ -n "$TASK_NAME" ]; then
$service_exec $FIREWALL start & TASK="upgrade-$TASK_NAME"
done fi
fi
install -m 664 -g 65534 /dev/null $SHARED/output/$TASK.json
echo $JSON_TARGET | base64 -d >$SHARED/output/$TASK.json
}
backup_query_state() {
echo "backup_query_state"
}
generate_backup_server_secrets () {
echo '{
"backupserver":{
"SSH_USER":"'$SSH_USER'",
"SSH_PORT":"'$SSH_PORT'",
"SSH_PASSWORD":"'$SSH_PASSWORD'",
"PASSWORD":"'$PASSWORD'",
"PERIOD":"'$PERIOD'",
"COMPRESSION":"'$COMPRESSION'",
"DIRECTORIES":"'$DIRECTORIES'",
"SERVICES":"'$SERVICES'",
"BACKUP_LOCAL_CLIENTS":"'$BACKUP_LOCAL_CLIENTS'",
"BACKUP_VPN_CLIENTS":"'$BACKUP_VPN_CLIENTS'"
}
}' | jq -r . > /etc/user/secret/backup/server/backup.json
}
create_backup_service () {
ADDITIONAL=""
ADDITIONAL='"EXTRA":"--rm","PRE_START":[],"DEPEND": [],"CMD":""'
BACKUP_SERVER='{
"main": {
"SERVICE_NAME": "backup-server"
},
"containers": [
{
"IMAGE": "alpine:latest",
"NAME": "backup-init",
"NETWORK": "host",
"UPDATE": "true",
"MEMORY": "64M",
"EXTRA": "--rm",
"VOLUMES":[
{
"SOURCE": "USER_DATA",
"DEST": "/etc/user/data/",
"TYPE": "rw"
}
],
"ENTRYPOINT": "sh -c",
"CMD": "mkdir -p /etc/user/data/backup/server/ssh",
"POST_START": []
},
{
"IMAGE": "safebox/backup-server:latest",
"NAME": "backupserver",
"NETWORK": "'$NETWORK'",
"UPDATE": "true",
"MEMORY": "64M",
"VOLUMES":[
{
"SOURCE": "USER_DATA",
"DEST": "/etc/user/data/",
"TYPE": "ro"
},
{
"SOURCE": "USER_CONFIG",
"DEST": "/etc/user/config/",
"TYPE": "ro"
},
{
"SOURCE": "USER_SECRET",
"DEST": "/etc/user/secret/",
"TYPE": "ro"
},
{
"SOURCE": "/etc/user/data/backup/server/ssh",
"DEST": "/home/'$SSH_USER'/",
"TYPE": "rw"
}
],
"ENV_FILES":["/etc/user/secret/backup/server/backup.json"],
'$ADDITIONAL',
"POST_START": []
}
]
}'
# create backup server secrets from variables
generate_backup_server_secrets
}
backup_set_service() {
local PASSWORD="$1"
local PERIOD="$2"
local COMPRESSION="$3"
local PLANNED_TIME="$(echo "$4" | base64 -d)"
local DIRECTRIES="$5"
local SERVICES="$6"
local BACKUP_LOCAL_CLIENTS="$7"
local BACKUP_VPN_CLIENTS="$8"
local VPN="$9"
local SSH_PORT="${10:-20022}"
local SSH_USER="${11:-"backup"}"
local SSH_PASSWORD="${12:-"backup"}"
local OPERATION="${13}"
if [ "$OPERATION" == "DELETE" ]; then
sed -i '/service-backup/d' /etc/user/data/cron/crontab.txt
# delete service
rm -f /etc/user/config/services/service-backup-server*
rm -rf /etc/user/data/backup/server
rm -rf /etc/user/secret/backup/server
debug "Service backup server service deleted."
elif [ "$OPERATION" == "MODIFY" ]; then
# modify only secrets for backup server, it will be affected at the next cron job
generate_backup_server_secrets
else
if [ -z "$SSH_PORT" ] ; then
SSH_PORT=20022
fi
if [ "$VPN" == "true" ]; then
NETWORK=$VPN_NETWORK
create_backup_service
else
NETWORK="host"
create_backup_service
fi
fi
if [ -n "$PLANNED_TIME" ]; then
if [ "$VPN" == "true" ]; then
if [ -n "$BACKUP_SERVER" ] ; then
echo "$BACKUP_SERVER" | jq -r . >/etc/user/config/services/service-backup-server-vpn.json
fi
echo "'$PLANNED_TIME' service service-backup-server-vpn" >> /etc/user/data/cron/crontab.txt
else
if [ -n "$BACKUP_SERVER" ] ; then
echo "$BACKUP_SERVER" | jq -r . >/etc/user/config/services/service-backup-server-local.json
fi
echo "'$PLANNED_TIME' service service-backup-server-local" >> /etc/user/data/cron/crontab.txt
fi
fi
}
backup_set_client() {
local NAME="$1"
local SIZE="$2"
local VPN="$3"
local SSH_PORT="${4:-20022}"
local SSH_USER="${5:-"backup"}"
local SSH_PASSWORD="${6:-"backup"}"
local OPERATION="$7"
local VPN_KEY="$8"
if [ "$OPERATION" == "DELETE" ]; then
# delete service
if [ -f "/etc/user/config/services/service-backup-client-$NAME.json" ]; then
debug "service-backup-client-$NAME.json stop force dns-remove"
$service_exec service-backup-client-$NAME.json stop force dns-remove
rm -f /etc/user/config/services/service-backup-client-$NAME.json
debug "Service backup client $NAME deleted."
fi
else
if [ -z "$SSH_PORT" ] ; then
SSH_PORT=20022
fi
if [ "$VPN" == "true" ]; then
NETWORK=$NAME
PORT='"PORTS": [{"SOURCE":"null","DEST":"'$SSH_PORT'","TYPE":"tcp"}],'
else
NETWORK="host"
PORT='"PORTS": [{"SOURCE":"'$SSH_PORT'","DEST":"'$SSH_PORT'","TYPE":"tcp"}],'
fi
ADDITIONAL=""
ADDITIONAL='"EXTRA":"--restart=always","PRE_START":[],"DEPEND":[],"CMD": ""'
ENVS='"ENVS": [{"SSH_USER":"'$SSH_USER'"},{"SSH_PORT":"'$SSH_PORT'"},{"SSH_PASSWORD":"'$SSH_PASSWORD'"},{"VPN_CLIENT_KEY":"'$VPN_KEY'"}],'
echo '{
"main": {
"SERVICE_NAME": "'$NAME'"
},
"containers": [
{
"IMAGE": "alpine:latest",
"NAME": "'$NAME'-init",
"NETWORK": "host",
"UPDATE": "true",
"MEMORY": "64M",
"EXTRA": "--rm",
"VOLUMES":[
{
"SOURCE": "USER_DATA",
"DEST": "/etc/user/data/",
"TYPE": "rw"
}
],
"ENTRYPOINT": "sh -c",
"CMD": "mkdir -p /etc/user/data/backup/clients/'$NAME'/backup && mkdir -p /etc/user/data/backup/clients/'$NAME'/ssh" && chmod -R '$SSH_USER':'$SSH_USER' /etc/user/data/backup/clients/'$NAME'",
"POST_START": []
},
{
"IMAGE": "safebox/backup-client:latest",
"NAME": "'$NAME'",
"UPDATE": "true",
"MEMORY": "64M",
"NETWORK": "'$NETWORK'",
'$ADDITIONAL',
'$ENVS'
'$PORT'
"VOLUMES":[
{
"SOURCE": "/etc/user/data/backup/clients/'$NAME'/backup",
"DEST": "/backup",
"TYPE": "rw"
},
{
"SOURCE": "/etc/user/data/backup/clients/'$NAME'/ssh",
"DEST": "/home/'$SSH_USER'/",
"TYPE": "rw"
}
],
"POST_START": []
}
]
}' | jq -r . >/etc/user/config/services/service-backup-client-$NAME.json
debug "service-backup-client-$NAME.json stop force dns-remove"
$service_exec service-backup-client-$NAME.json start &
fi
}
backup_challenge_clients() {
echo "backup_challenge_clients"
}
restore_from_backup() {
echo "restore_from_backup"
}
create_htpasswd_file() {
local USER="$1"
local PASSWD="$2"
if [ ! -f "$HTPASSWD_FILE" ]; then
install -m 664 -g 65534 /dev/null $HTPASSWD_FILE
htpasswd -cb $HTPASSWD_FILE $USER $PASSWD
fi
}
deploy_additionals() { deploy_additionals() {
@@ -146,14 +426,80 @@ remove_additionals() {
debug "UNINSTALL: $NAME" debug "UNINSTALL: $NAME"
# delete firewall rules
FIREWALLS=""
FIREWALLS="$(ls $SERVICE_DIR/firewall-*.json | grep $NAME)"
for FIREWALL in $(echo $FIREWALLS); do
cat $FIREWALL | jq '.containers[] |= (
if (.ENVS | map(has("OPERATION")) | any) then
# If any entry has OPERATION key, update it
.ENVS = [.ENVS[] | if has("OPERATION") then {"OPERATION": "DELETE"} else . end]
else
# If no entry has OPERATION key, add new entry
.ENVS += [{"OPERATION": "DELETE"}]
end
)' >$FIREWALL.tmp
debug "$service_exec $FIREWALL.tmp start info"
$service_exec $FIREWALL.tmp start info
rm $FIREWALL.tmp
done
# delete domains
DOMMAINS=""
DOMAINS="$(ls $SERVICE_DIR/domain-*.json | grep $NAME)"
for DOMAIN in $(echo $DOMAINS); do
cat $DOMAIN | jq '.containers[] |= (
if (.ENVS | map(has("OPERATION")) | any) then
# If any entry has OPERATION key, update it
.ENVS = [.ENVS[] | if has("OPERATION") then {"OPERATION": "DELETE"} else . end]
else
# If no entry has OPERATION key, add new entry
.ENVS += [{"OPERATION": "DELETE"}]
end
)' >$DOMAIN.tmp
debug "$service_exec $DOMAIN.tmp start info"
$service_exec $DOMAIN.tmp start info
rm $DOMAIN.tmp
done
# remove related directories and files
# get volume destinations
DESTINATIONS=""
VOLUMES=""
DESTINATIONS=$(cat $SERVICE_DIR/service-$NAME.json | jq -r '[.containers[] | select(has("VOLUMES")) | .VOLUMES[] | select(.SHARED != "true") | .SOURCE] | unique[]' | grep $NAME)
for DESTINATION in $(echo $DESTINATIONS); do
if [ -d "$DESTINATION" ] || [ -f "$DESTINATION" ]; then
rm -rf $DESTINATION
debug "deleted directory or file: $DESTINATION"
fi
done
ENV_FILES=$(cat $SERVICE_DIR/service-$NAME.json | jq -r '[.containers[] | select(has("ENV_FILES")) | .ENV_FILES[]] | unique[]')
for ENV_FILE in $(echo $ENV_FILES); do
if [ -f "$ENV_FILE" ]; then
rm -rf $ENV_FILE
debug "deleted enviroment file: $ENV_FILE"
fi
done
VOLUMES=$(cat $SERVICE_DIR/service-$NAME.json | jq -r '[.containers[] | select(has("VOLUMES")) | .VOLUMES[] | select(.SHARED != "true") | .SOURCE] | unique[]' | grep -vE 'USER|SYSTEM')
# stop service # stop service
# force - remove stopped container, docker rm # force - remove stopped container, docker rm
debug "$service_exec service-$NAME.json stop force dns-remove" debug "$service_exec service-$NAME.json stop force dns-remove"
$service_exec service-$NAME.json stop force dns-remove $service_exec service-$NAME.json stop force dns-remove
for VOLUME in $(echo $VOLUMES | grep -vE 'USER|SYSTEM|SHARED'); do
if [ "$(echo $VOLUME | cut -d '/' -f1)" ]; then
docker volume rm $VOLUME
debug "deleted volume: $VOLUME"
fi
done
# remove service files # remove service files
rm $SERVICE_DIR/*"-"$NAME.json # service, domain, etc. rm $SERVICE_DIR/*"-"$NAME.json # service, domain, etc.
rm $SECRET_DIR/$NAME/$NAME.json
} }
get_repositories() { get_repositories() {
@@ -168,10 +514,10 @@ get_repositories() {
BASE=$(basename $REPO | cut -d '.' -f1) BASE=$(basename $REPO | cut -d '.' -f1)
if [ ! -d "/tmp/$BASE" ]; then if [ ! -d "/tmp/$BASE" ]; then
git clone $REPO /tmp/$BASE >/dev/null GIT_HTTP_CONNECT_TIMEOUT=10 GIT_HTTP_TIMEOUT=30 git clone $REPO /tmp/$BASE >/dev/null
else else
cd /tmp/$BASE cd /tmp/$BASE
git pull >/dev/null GIT_HTTP_CONNECT_TIMEOUT=10 GIT_HTTP_TIMEOUT=30 git pull >/dev/null
fi fi
if [ -f "/tmp/$BASE/applications-tree.json" ]; then if [ -f "/tmp/$BASE/applications-tree.json" ]; then
TREES=$TREES" /tmp/$BASE/applications-tree.json" TREES=$TREES" /tmp/$BASE/applications-tree.json"
@@ -429,30 +775,30 @@ check_update() {
REPOSITORY_URL=$(echo $IMAGE | cut -d '/' -f1) REPOSITORY_URL=$(echo $IMAGE | cut -d '/' -f1)
# if image repository url doesn't contain dot (safebox) # if image repository url doesn't contain dot (safebox)
if [[ "$(echo "$REPOSITORY_URL" | grep '\.')" == "" ]]; then if [[ "$(echo "$REPOSITORY_URL" | grep '\.')" == "" ]]; then
REMOTE_URL="registry.hub.docker.com" REMOTE_URL="registry.hub.docker.com"
TEMP_PATH=$IMAGE TEMP_PATH=$IMAGE
TEMP_IMAGE=$(echo $TEMP_PATH | cut -d ':' -f1)
TOKEN=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:{$TEMP_IMAGE}:pull" | jq -r .token)
TOKEN_HEADER='-H "Authorization: Bearer '$TOKEN'"'
else
REMOTE_URL=""
# -f2- IMAGE can contain subdirectories
TEMP_PATH=$(echo $IMAGE | cut -d '/' -f2-)
TOKEN=""
TOKEN_HEADER=""
fi
debug "TEMP PATH: $TEMP_PATH"
TEMP_IMAGE=$(echo $TEMP_PATH | cut -d ':' -f1) TEMP_IMAGE=$(echo $TEMP_PATH | cut -d ':' -f1)
TEMP_VERSION=$(echo $TEMP_PATH | cut -d ':' -f2) TOKEN=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:{$TEMP_IMAGE}:pull" | jq -r .token)
if [ "$TEMP_VERSION" == "$TEMP_IMAGE" ]; then # version is not set TOKEN_HEADER='-H "Authorization: Bearer '$TOKEN'"'
TEMP_VERSION="latest" else
fi REMOTE_URL=""
# -f2- IMAGE can contain subdirectories
TEMP_PATH=$(echo $IMAGE | cut -d '/' -f2-)
TOKEN=""
TOKEN_HEADER=""
fi
REMOTE_URL="https://$REMOTE_URL/v2/$TEMP_IMAGE/manifests/$TEMP_VERSION" debug "TEMP PATH: $TEMP_PATH"
debug "REMOTE_URL: $REMOTE_URL" TEMP_IMAGE=$(echo $TEMP_PATH | cut -d ':' -f1)
TEMP_VERSION=$(echo $TEMP_PATH | cut -d ':' -f2)
if [ "$TEMP_VERSION" == "$TEMP_IMAGE" ]; then # version is not set
TEMP_VERSION="latest"
fi
REMOTE_URL="https://$REMOTE_URL/v2/$TEMP_IMAGE/manifests/$TEMP_VERSION"
debug "REMOTE_URL: $REMOTE_URL"
# Check whether repository url is available # Check whether repository url is available
#CURL_CHECK="curl -m 5 -s -o /dev/null -w "%{http_code}" https://$REPOSITORY_URL/v2/" #CURL_CHECK="curl -m 5 -s -o /dev/null -w "%{http_code}" https://$REPOSITORY_URL/v2/"
@@ -460,12 +806,12 @@ check_update() {
CURL_CHECK_CODE=$(eval $CURL_CHECK) CURL_CHECK_CODE=$(eval $CURL_CHECK)
# if valid accessible url # if valid accessible url
if [[ "$CURL_CHECK_CODE" == "200" ]] ; then if [[ "$CURL_CHECK_CODE" == "200" ]]; then
debug "$REMOTE_URL repository accessed successfully" debug "$REMOTE_URL repository accessed successfully"
#digest=$(curl --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" "$REMOTE_URL" | jq -r '.config.digest'); #digest=$(curl --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" "$REMOTE_URL" | jq -r '.config.digest');
# Digest for the whole manifest, which includes all architectures. # Digest for the whole manifest, which includes all architectures.
CURL_DIGEST='curl -s -I '"$TOKEN_HEADER"' -H "Accept: application/vnd.oci.image.index.v1+json" '"$REMOTE_URL"' | grep -i Docker-Content-Digest | cut -d " " -f2 | tr -d "\r\n"' CURL_DIGEST='curl -s -I '"$TOKEN_HEADER"' -H "Accept: application/vnd.oci.image.index.v1+json" '"$REMOTE_URL"' | grep -i Docker-Content-Digest | cut -d " " -f2 | tr -d "\r\n"'
digest=$(eval $CURL_DIGEST) digest=$(eval $CURL_DIGEST)
#debug "docker images -q --no-trunc $REPOSITORY_URL/$TEMP_IMAGE:$TEMP_VERSION"; #debug "docker images -q --no-trunc $REPOSITORY_URL/$TEMP_IMAGE:$TEMP_VERSION";
@@ -497,7 +843,7 @@ check_update() {
debug "$REMOTE_URL not accessible, http error code: $CURL_CHECK_CODE" debug "$REMOTE_URL not accessible, http error code: $CURL_CHECK_CODE"
echo "Force image pull has started without digest check..." echo "Force image pull has started without digest check..."
DOCKER_PULL="docker pull $IMAGE" DOCKER_PULL="/usr/bin/docker pull $IMAGE"
eval $DOCKER_PULL eval $DOCKER_PULL
STATUS=$? STATUS=$?
debug "PULL STATUS: $STATUS" debug "PULL STATUS: $STATUS"
@@ -511,7 +857,19 @@ check_update() {
upgrade_scheduler() { upgrade_scheduler() {
DOCKER_START="--entrypoint=sh $DOCKER_REGISTRY_URL/$FRAMEWORK_SCHEDULER_IMAGE:$FRAMEWORK_SCHEDULER_VERSION -c '/scripts/upgrade.sh'" # Upgrading framework scheduler
debug "Upgrading framework scheduler..."
/usr/bin/docker pull "$DOCKER_REGISTRY_URL/$FRAMEWORK_SCHEDULER_IMAGE:$FRAMEWORK_SCHEDULER_VERSION"
if [ "$DEBUG_MODE" == "true" ]; then
DOCKER_START="--entrypoint=sh $DOCKER_REGISTRY_URL/$FRAMEWORK_SCHEDULER_IMAGE:$FRAMEWORK_SCHEDULER_VERSION -c 'sleep 86400'"
SET_DEBUG_MODE="--env DEBUG_MODE=true"
else
DOCKER_START="$DOCKER_REGISTRY_URL/$FRAMEWORK_SCHEDULER_IMAGE:$FRAMEWORK_SCHEDULER_VERSION"
SET_DEBUG_MODE=""
fi
FRAMEWORK_SCHEDULER_NAME="$FRAMEWORK_SCHEDULER_NAME-$(head /dev/urandom | tr -dc '0-9' | head -c 6)"
DOCKER_RUN="/usr/bin/docker run -d \ DOCKER_RUN="/usr/bin/docker run -d \
-v SHARED:/var/tmp/shared \ -v SHARED:/var/tmp/shared \
@@ -523,6 +881,8 @@ upgrade_scheduler() {
-v USER_CONFIG:/etc/user/config \ -v USER_CONFIG:/etc/user/config \
-v USER_SECRET:/etc/user/secret \ -v USER_SECRET:/etc/user/secret \
--restart=always \ --restart=always \
--name $FRAMEWORK_SCHEDULER_NAME \
$SET_DEBUG_MODE \
--env WEBSERVER_PORT=$WEBSERVER_PORT \ --env WEBSERVER_PORT=$WEBSERVER_PORT \
--network $FRAMEWORK_SCHEDULER_NETWORK \ --network $FRAMEWORK_SCHEDULER_NETWORK \
--env RUN_FORCE=$RUN_FORCE \ --env RUN_FORCE=$RUN_FORCE \
@@ -532,31 +892,35 @@ upgrade_scheduler() {
} }
upgrade() { upgrade() {
local NAME=$1 local NAME=$1
if [ "$NAME" == "web-installer" ]; then if [ "$NAME" == "webserver" ]; then
debug "$service_exec service-framework.containers.$NAME stop force"
$service_exec service-framework.containers.$NAME stop force
debug "$service_exec service-framework.containers.$NAME start info"
$service_exec service-framework.containers.$NAME start info &
else
debug "$service_exec service-framework-scheduler.containers.webserver start info" debug "$service_exec $NAME.json stop force"
$service_exec service-framework-scheduler.containers.webserver stop force $service_exec $NAME.json stop force
$service_exec service-framework-scheduler.containers.webserver start info & debug "$service_exec $NAME.json start info"
$service_exec $NAME.json start info &
else fi
debug "$service_exec service-$NAME.json start info" PID=$!
$service_exec service-$NAME.json stop force
$service_exec service-$NAME.json start info &
fi
} }
execute_task() { execute_task() {
TASK="$1" TASK="$1"
B64_JSON="$2" B64_JSON="$2"
DATE=$(date +"%Y%m%d%H%M") DATE=$(date +"%Y%m%d%H%M")
# Executing task # Executing task
debug "TASK: $(echo $TASK | cut -d ':' -f1)"
TASK_NAME=$(echo $TASK | cut -d ':' -f1) TASK_NAME=$(echo $TASK | cut -d ':' -f1)
if [ "$TASK_NAME" != "check_vpn" ]; then
debug "TASK: $(echo $TASK_NAME | cut -d ':' -f1)"
fi
# checking sytem status # checking sytem status
SYSTEM_STATUS=$(ls /etc/user/config/services/*.json | grep -v service-framework.json) SYSTEM_STATUS=$(ls /etc/user/config/services/*.json | grep -v service-framework.json)
@@ -579,6 +943,24 @@ execute_task() {
#fi; #fi;
JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "INSTALL_STATUS": "'$INSTALL_STATUS'" }' | jq -r . | base64 -w0) JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "INSTALL_STATUS": "'$INSTALL_STATUS'" }' | jq -r . | base64 -w0)
elif [ "$TASK_NAME" == "request_letsencrypt" ]; then
DOMAINS=$(echo $B64_JSON | base64 -d | jq -r 'keys[]')
for DOMAIN in $(echo $DOMAINS); do
REQUEST=$(echo $B64_JSON | base64 -d | jq -r ".[\"$DOMAIN\"].status")
if [ "$REQUEST" == "requested" ]; then
echo "New certificate for $DOMAIN is requested."
echo "Modifying $DOMAIN_FILE.json for $DOMAIN"
jq '.containers[0].ENVS |= map(if has("OPERATION") then .OPERATION = "MODIFY" else . end) | \
.containers[0].ENVS |= map(if has("DOMAIN") then .DOMAIN = "'$DOMAIN'" else . end)' \
/etc/user/config/services/$DOMAIN_FILE.json > /tmp/$DOMAIN_FILE.json && \
mv /tmp/$DOMAIN_FILE.json /etc/user/config/services/$DOMAIN_FILE.json
debug "$service_exec $DOMAIN_FILE.json start info"
$service_exec $DOMAIN_FILE.json start info &
fi
done
JSON_TARGET=$B64_JSON
elif [ "$TASK_NAME" == "system" ]; then elif [ "$TASK_NAME" == "system" ]; then
#SYSTEM_LIST="core-dns.json cron.json domain-local-backend.json firewall-letsencrypt.json firewall-local-backend.json firewall-localloadbalancer-dns.json firewall-localloadbalancer-to-smarthostbackend.json firewall-smarthost-backend-dns.json firewall-smarthost-loadbalancer-dns.json firewall-smarthost-to-backend.json firewall-smarthostloadbalancer-from-publicbackend.json letsencrypt.json local-backend.json local-proxy.json service-framework.json smarthost-proxy-scheduler.json smarthost-proxy.json" #SYSTEM_LIST="core-dns.json cron.json domain-local-backend.json firewall-letsencrypt.json firewall-local-backend.json firewall-localloadbalancer-dns.json firewall-localloadbalancer-to-smarthostbackend.json firewall-smarthost-backend-dns.json firewall-smarthost-loadbalancer-dns.json firewall-smarthost-to-backend.json firewall-smarthostloadbalancer-from-publicbackend.json letsencrypt.json local-backend.json local-proxy.json service-framework.json smarthost-proxy-scheduler.json smarthost-proxy.json"
SYSTEM_LIST="core-dns.json cron.json letsencrypt.json local-proxy.json service-framework.json smarthost-proxy-scheduler.json smarthost-proxy.json" SYSTEM_LIST="core-dns.json cron.json letsencrypt.json local-proxy.json service-framework.json smarthost-proxy-scheduler.json smarthost-proxy.json"
@@ -704,18 +1086,21 @@ execute_task() {
elif [ "$TASK_NAME" == "deployments" ]; then elif [ "$TASK_NAME" == "deployments" ]; then
DEPLOYMENTS="" DEPLOYMENTS=""
TREES=$(get_repositories) TREES=$(get_repositories)
for TREE in $TREES; do for TREE in "$TREES"; do
APPS=$(jq -rc '.apps[]' $TREE) APPS=$(jq -rc '.apps[]' $TREE)
for APP in $APPS; do #for APP in "$APPS"; do #space problem
while IFS= read -r APP; do
APP_NAME=$(echo "$APP" | jq -r '.name') APP_NAME=$(echo "$APP" | jq -r '.name')
APP_SUBTITLE="$(echo "$APP" | jq -r '.subtitle')"
APP_VERSION=$(echo "$APP" | jq -r '.version') APP_VERSION=$(echo "$APP" | jq -r '.version')
APP_ICON=$(echo "$APP" | jq -r '.icon')
if [ "$DEPLOYMENTS" != "" ]; then if [ "$DEPLOYMENTS" != "" ]; then
SEP="," SEP=","
else else
SEP="" SEP=""
fi fi
DEPLOYMENTS=$DEPLOYMENTS$SEP'"'$APP_NAME'": "'$APP_VERSION'"' DEPLOYMENTS="$DEPLOYMENTS"$SEP'"'$APP_NAME'":{"subtitle":"'"$APP_SUBTITLE"'","version":"'"$APP_VERSION"'","icon":"'"$APP_ICON"'"}'
done done < <(echo "$APPS") # preserve DEPLOYMENTS variable
done done
if [ "$DEPLOYMENTS" == "" ]; then if [ "$DEPLOYMENTS" == "" ]; then
DEPLOYMENTS='"deployments": "NONE"' DEPLOYMENTS='"deployments": "NONE"'
@@ -749,20 +1134,22 @@ execute_task() {
for TREE in $TREES; do for TREE in $TREES; do
APPS=$(jq -rc '.apps[]' $TREE) APPS=$(jq -rc '.apps[]' $TREE)
for APP in $APPS; do #for APP in $APPS; do
while IFS= read -r APP; do
APP_NAME=$(echo "$APP" | jq -r '.name' | awk '{print tolower($0)}') APP_NAME=$(echo "$APP" | jq -r '.name' | awk '{print tolower($0)}')
APP_SUBTITLE=$(echo "$APP" | jq -r '.subtitle')
APP_VERSION=$(echo "$APP" | jq -r '.version') APP_VERSION=$(echo "$APP" | jq -r '.version')
APP_DIR=$(dirname $TREE)"/"$APP_NAME APP_DIR=$(dirname $TREE)"/"$APP_NAME
debug "$APP_TEMPLATE"
if [ "$APP_NAME" == "$DEPLOY_NAME" ]; then if [ "$APP_NAME" == "$DEPLOY_NAME" ]; then
if [ "$DEPLOY_ACTION" == "ask" ]; then if [ "$DEPLOY_ACTION" == "ask" ]; then
APP_TEMPLATE=$APP_DIR"/template.json" APP_TEMPLATE=$APP_DIR"/template.json"
TEMPLATE=$(cat $APP_TEMPLATE | base64 -w0) TEMPLATE=$(cat $APP_TEMPLATE | base64 -w0)
JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "STATUS": "0", "TEMPLATE": "'$TEMPLATE'" }' | jq -r . | base64 -w0) debug "$APP_TEMPLATE"
JSON_TARGET=$(echo '{"DATE":"'$DATE'","STATUS": "0","TEMPLATE":"'$TEMPLATE'"}' | jq -r . | base64 -w0)
elif [ "$DEPLOY_ACTION" == "reinstall" ]; then elif [ "$DEPLOY_ACTION" == "reinstall" ]; then
APP_TEMPLATE=$APP_DIR"/template.json" APP_TEMPLATE=$APP_DIR"/template.json"
TEMPLATE=$(cat $APP_TEMPLATE) TEMPLATE=$(cat $APP_TEMPLATE)
for LINE in $(cat $SERVICE_DIR/service-$DEPLOY_NAME.json | jq -rc '.containers[].ENVS[] | to_entries[]'); do for LINE in $(cat $SERVICE_DIR/service-$DEPLOY_NAME.json | jq -rc '.containers[].ENVS[] | to_entries[]' 2>/dev/null); do
KEY=$(echo $LINE | jq -r .key) KEY=$(echo $LINE | jq -r .key)
VALUE=$(echo $LINE | jq -r .value) VALUE=$(echo $LINE | jq -r .value)
debug "$KEY: $VALUE" debug "$KEY: $VALUE"
@@ -771,14 +1158,14 @@ execute_task() {
TEMPLATE=$(echo "$TEMPLATE" | jq -r '.fields |= map(if .key == "'$KEY'" then .value = "'$VALUE'" else . end)') TEMPLATE=$(echo "$TEMPLATE" | jq -r '.fields |= map(if .key == "'$KEY'" then .value = "'$VALUE'" else . end)')
done done
# write ENV value from domain file to template value by key name # write ENV value from domain file to template value by key name
for LINE in $(cat $SERVICE_DIR/domain-$DEPLOY_NAME.json | jq -rc '.containers[].ENVS[] | to_entries[]'); do for LINE in $(cat $SERVICE_DIR/domain-$DEPLOY_NAME.json | jq -rc '.containers[].ENVS[] | to_entries[]' 2>/dev/null); do
KEY=$(echo $LINE | jq -r .key) KEY=$(echo $LINE | jq -r .key)
VALUE=$(echo $LINE | jq -r .value) VALUE=$(echo $LINE | jq -r .value)
debug "$KEY: $VALUE" debug "$KEY: $VALUE"
TEMPLATE=$(echo "$TEMPLATE" | jq -r '.fields |= map(if .key == "'$KEY'" then .value = "'$VALUE'" else . end)') TEMPLATE=$(echo "$TEMPLATE" | jq -r '.fields |= map(if .key == "'$KEY'" then .value = "'$VALUE'" else . end)')
done done
# write ENV value from secret file to template value by key name # write ENV value from secret file to template value by key name
for LINE in $(cat $SECRET_DIR/$DEPLOY_NAME/$DEPLOY_NAME.json | jq -rc '.[] | to_entries[]'); do for LINE in $(cat $SECRET_DIR/$DEPLOY_NAME/$DEPLOY_NAME.json | jq -rc '.[] | to_entries[]' 2>/dev/null); do
KEY=$(echo $LINE | jq -r .key) KEY=$(echo $LINE | jq -r .key)
VALUE=$(echo $LINE | jq -r .value) VALUE=$(echo $LINE | jq -r .value)
debug "$KEY: $VALUE" debug "$KEY: $VALUE"
@@ -788,6 +1175,7 @@ execute_task() {
TEMPLATE=$(echo "$TEMPLATE" | base64 -w0) TEMPLATE=$(echo "$TEMPLATE" | base64 -w0)
JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "STATUS": "0", "TEMPLATE": "'$TEMPLATE'" }' | jq -r . | base64 -w0) JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "STATUS": "0", "TEMPLATE": "'$TEMPLATE'" }' | jq -r . | base64 -w0)
elif [ "$DEPLOY_ACTION" == "deploy" ]; then elif [ "$DEPLOY_ACTION" == "deploy" ]; then
JSON_TARGET="" JSON_TARGET=""
#JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "STATUS": "1" }' | jq -r . | base64 -w0) # deployment has started #JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "STATUS": "1" }' | jq -r . | base64 -w0) # deployment has started
@@ -803,6 +1191,18 @@ execute_task() {
DEPLOY_PAYLOAD=$(echo "$JSON" | jq -r .PAYLOAD) # base64 list of key-value pairs in JSON DEPLOY_PAYLOAD=$(echo "$JSON" | jq -r .PAYLOAD) # base64 list of key-value pairs in JSON
deploy_additionals "$APP_DIR" "$DEPLOY_NAME" "$DEPLOY_PAYLOAD" deploy_additionals "$APP_DIR" "$DEPLOY_NAME" "$DEPLOY_PAYLOAD"
sh /scripts/check_pid.sh "$PID" "$SHARED" "deploy-$DEPLOY_NAME" "$DATE" "$DEBUG" & sh /scripts/check_pid.sh "$PID" "$SHARED" "deploy-$DEPLOY_NAME" "$DATE" "$DEBUG" &
elif [ "$DEPLOY_ACTION" == "edit" ]; then
JSON_TARGET=""
DEPLOY_PAYLOAD=$(echo "$JSON" | jq -r .PAYLOAD) # base64 list of key-value pairs in JSON
# stop service before edit
debug "$service_exec service-$DEPLOY_NAME.json stop force"
$service_exec service-$DEPLOY_NAME.json stop force
deploy_additionals "$APP_DIR" "$DEPLOY_NAME" "$DEPLOY_PAYLOAD"
sh /scripts/check_pid.sh "$PID" "$SHARED" "deploy-$DEPLOY_NAME" "$DATE" "$DEBUG" &
elif [ "$DEPLOY_ACTION" == "uninstall" ]; then elif [ "$DEPLOY_ACTION" == "uninstall" ]; then
remove_additionals "$APP_DIR" "$DEPLOY_NAME" remove_additionals "$APP_DIR" "$DEPLOY_NAME"
# uninstall has finished # uninstall has finished
@@ -812,7 +1212,7 @@ execute_task() {
JSON_TARGET="" JSON_TARGET=""
fi fi
fi fi
done done < <(echo "$APPS") # preserve variables
done done
elif [ "$TASK_NAME" == "repositories" ]; then elif [ "$TASK_NAME" == "repositories" ]; then
@@ -839,20 +1239,25 @@ execute_task() {
VPN_STATUS="0" VPN_STATUS="0"
VPN_RESULT="" VPN_RESULT=""
CONTAINERS=$(docker ps -a --format '{{.Names}} {{.Status}}' | grep -w wireguardproxy) if [ -f $SECRET_DIR/vpn-proxy/wg0.conf ]; then
if [ "$CONTAINERS" != "" ]; then CONTAINERS=$(docker ps -a --format '{{.Names}} {{.Status}}' | grep -w wireguardproxy)
UP=$(echo $CONTAINERS | grep -w 'Up') if [ "$CONTAINERS" != "" ]; then
if [ "$UP" != "" ]; then UP=$(echo $CONTAINERS | grep -w 'Up')
VPN_STATUS="2" if [ "$UP" != "" ]; then
else VPN_STATUS="2"
VPN_STATUS="1" else
VPN_STATUS="1"
fi
VPN_RESULT=$(echo "$CONTAINERS" | base64 -w0)
fi fi
VPN_RESULT=$(echo "$CONTAINERS" | base64 -w0)
fi fi
JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "STATUS": "'$VPN_STATUS'", "RESULT": "'$VPN_RESULT'" }' | jq -r . | base64 -w0) JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "STATUS": "'$VPN_STATUS'", "RESULT": "'$VPN_RESULT'" }' | jq -r . | base64 -w0)
elif [ "$TASK_NAME" == "save_vpn" ]; then elif [ "$TASK_NAME" == "save_vpn" ]; then
JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "STATUS": "0", "RESULT": "" }' | jq -r . | base64 -w0)
add_json_target
VPN_PROXY_REPO="wireguard-proxy-client" VPN_PROXY_REPO="wireguard-proxy-client"
if [ ! -d "/tmp/$VPN_PROXY_REPO" ]; then if [ ! -d "/tmp/$VPN_PROXY_REPO" ]; then
git clone https://git.format.hu/safebox/$VPN_PROXY_REPO.git /tmp/$VPN_PROXY_REPO >/dev/null git clone https://git.format.hu/safebox/$VPN_PROXY_REPO.git /tmp/$VPN_PROXY_REPO >/dev/null
@@ -870,29 +1275,103 @@ execute_task() {
# install vpn only # install vpn only
sh /scripts/install.sh "$B64_JSON" "$service_exec" "vpn" "$GLOBAL_VERSION" sh /scripts/install.sh "$B64_JSON" "$service_exec" "vpn" "$GLOBAL_VERSION"
JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "STATUS": "'$VPN_STATUS'", "RESULT": "'$VPN_RESULT'" }' | jq -r . | base64 -w0) JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "STATUS": "1", "RESULT": "'$VPN_RESULT'" }' | jq -r . | base64 -w0)
elif [ "$TASK_NAME" == "containers" ]; then # not in use elif [ "$TASK_NAME" == "containers" ]; then # not in use
CONTAINERS=$(docker ps -a --format '{{.Names}} {{.Status}}' | grep -v framework-scheduler) CONTAINERS=$(docker ps -a --format '{{.Names}} {{.Status}}' | grep -v framework-scheduler)
RESULT=$(echo "$CONTAINERS" | base64 -w0) RESULT=$(echo "$CONTAINERS" | base64 -w0)
JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "RESULT": "'$RESULT'" }' | jq -r . | base64 -w0) JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "RESULT": "'$RESULT'" }' | jq -r . | base64 -w0)
elif [ "$TASK_NAME" == "backup" ]; then
TASK_TYPE=$(echo $B64_JSON | base64 -d | jq -r '.TASK_TYPE')
if [ "$TASK_TYPE" == "backup_query_state" ]; then
echo "task type is backup_query_state"
elif [ "$TASK_TYPE" == "backup_set_service" ]; then
PASSWORD="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_SERVER_PASSWORD')"
PERIOD="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_PERIOD')"
COMPRESSION="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_COMPRESSION')"
PLANNED_TIME="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_PLANNED_TIME')"
DIRECTRIES="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_DIRECTORIES')"
SERVICES="$(echo $B64_JSON | base64 -d | jq -r '.SERVICES')"
BACKUP_LOCAL_CLIENTS="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_LOCAL_CLIENTS')"
BACKUP_VPN_CLIENTS="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_VPN_CLIENTS')"
VPN="$(echo $B64_JSON | base64 -d | jq -r '.VPN')"
SSH_PORT="$(echo $B64_JSON | base64 -d | jq -r '.SSH_PORT')"
SSH_USER="$(echo $B64_JSON | base64 -d | jq -r '.SSH_USER')"
SSH_PASSWORD="$(echo $B64_JSON | base64 -d | jq -r '.SSH_PASSWORD')"
OPERATION="$(echo $B64_JSON | base64 -d | jq -r '.OPERATION')"
echo "task type is backup_set_service"
backup_set_service "$PASSWORD" "$PERIOD" "$COMPRESSION" "$PLANNED_TIME" "$DIRECTRIES" "$SERVICES" "$BACKUP_LOCAL_CLIENTS" "$BACKUP_VPN_CLIENTS" "$VPN" "$SSH_PORT" "$SSH_USER" "$SSH_PASSWORD" "$OPERATION"
elif [ "$TASK_TYPE" == "backup_set_client" ]; then
NAME="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_NAME')"
SIZE="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_SIZE')"
VPN="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_VPN')"
SSH_PORT="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_SSH_PORT')"
SSH_USER="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_SSH_USER')"
SSH_PASSWORD="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_SSH_PASSWORD')"
OPERATION="$(echo $B64_JSON | base64 -d | jq -r '.BACKUP_CLIENT_OPERATION')"
debug "task type is backup_set_client for $NAME"
backup_set_client "$NAME" "$SIZE" "$VPN" "$SSH_PORT" "$SSH_USER" "$SSH_PASSWORD" "$OPERATION"
elif [ "$TASK_TYPE" == "backup_challenge_clients" ]; then
echo "task type is backup_challenge_clients"
elif [ "$TASK_TYPE" == "restore_from_backup" ]; then
echo "task type is restore_from_backup"
else
echo "Unknown task type: $TASK_TYPE"
fi
RESULT=$(echo "$CONTAINERS" | base64 -w0)
JSON_TARGET=$(echo '{ "DATE": "'$DATE'", "RESULT": "'$RESULT'" }' | jq -r . | base64 -w0)
elif [ "$TASK_NAME" == "upgrade" ]; then elif [ "$TASK_NAME" == "upgrade" ]; then
JSON="$(echo $B64_JSON | base64 -d)" JSON="$(echo $B64_JSON | base64 -d)"
NAME=$(echo "$JSON" | jq -r .NAME | awk '{print tolower($0)}') NAME=$(echo "$JSON" | jq -r .NAME | awk '{print tolower($0)}')
if [ "$NAME" == "framework" ]; then if [ "$NAME" == "framework" ]; then
upgrade_scheduler JSON_TARGET=$(echo '{"DATE":"'$DATE'","INSTALL_STATUS":0}' | jq -r . | base64 -w0)
upgrade "web-installer" add_json_target $NAME
else echo "Upgrading service: webserver"
upgrade "$NAME" upgrade webserver
fi
echo "Upgrading framework scheduler..."
echo "Cleaning temporary files..."
rm -rf /var/tmp/shared/input/*
rm -rf /var/tmp/shared/output/*
upgrade_scheduler
echo "Removing old framework scheduler container..."
JSON_TARGET=$(echo '{"DATE":"'$DATE'","INSTALL_STATUS":1,"VERSION":'$VERSION'}' | jq -r . | base64 -w0)
add_json_target $NAME
sleep 1
/usr/bin/docker rm -f $HOSTNAME
#CONTAINERS=$(docker ps -a --format '{{.Names}} {{.Status}}' | grep -E 'framework-scheduler|webserver')
else
echo "Upgrading service: $NAME"
upgrade "$NAME"
#CONTAINERS=$(docker ps -a --format '{{.Names}} {{.Status}}' | grep -w "$NAME")
fi
#RESULT=$(echo "$CONTAINERS" | base64 -w0)
sh /scripts/check_pid.sh "$PID" "$SHARED" "$TASK_NAME-$NAME" "$DATE" "$DEBUG" &
fi fi
debug "JSON_TARGET: $JSON_TARGET" if [ "$TASK_NAME" != "check_vpn" ]; then
debug "JSON_TARGET: $JSON_TARGET"
fi
if [ "$JSON_TARGET" != "" ]; then if [ "$JSON_TARGET" != "" ]; then
#redis-cli -h $REDIS_SERVER -p $REDIS_PORT SET $TASK "$JSON_TARGET" add_json_target
install -m 664 -g 65534 /dev/null $SHARED/output/$TASK.json
echo $JSON_TARGET | base64 -d >$SHARED/output/$TASK.json
fi fi
} }
@@ -962,39 +1441,15 @@ check_redis_availability() {
done done
} }
start_framework_scheduler() {
if [ "$DEBUG_MODE" == "true" ]; then
DOCKER_START="--entrypoint=sh $DOCKER_REGISTRY_URL/$FRAMEWORK_SCHEDULER_IMAGE:$FRAMEWORK_SCHEDULER_VERSION -c 'sleep 86400'"
else
DOCKER_START="$DOCKER_REGISTRY_URL/$FRAMEWORK_SCHEDULER_IMAGE:$FRAMEWORK_SCHEDULER_VERSION"
fi
DOCKER_RUN="/usr/bin/docker run -d \
-v SHARED:/var/tmp/shared \
-v /var/run/docker.sock:/var/run/docker.sock \
-v SYSTEM_DATA:/etc/system/data \
-v SYSTEM_CONFIG:/etc/system/config \
-v SYSTEM_LOG:/etc/system/log \
-v USER_DATA:/etc/user/data \
-v USER_CONFIG:/etc/user/config \
-v USER_SECRET:/etc/user/secret \
--restart=always \
--name $FRAMEWORK_SCHEDULER_NAME \
--env WEBSERVER_PORT=$WEBSERVER_PORT \
--network $FRAMEWORK_SCHEDULER_NETWORK \
--env RUN_FORCE=$RUN_FORCE \
--env DOCKER_REGISTRY_URL=$DOCKER_REGISTRY_URL \
$DOCKER_START"
eval "$DOCKER_RUN"
}
### SYSTEM INITIALIZATION ### ### SYSTEM INITIALIZATION ###
## Start prevously deployed firewall rules depend on framework scheduler startup at first time
## DOCKER NETWORK VARIABLES if [ -d /etc/user/config/services ]; then
## FILESYSTEM VARIABLES cd /etc/user/config/services
## PORTS VARIABLES for FIREWALL in $(ls firewall*.json); do
### RESTART SCHEDULER IF NEEDED $service_exec $FIREWALL start &
done
fi
SN=$(check_subnets) SN=$(check_subnets)
if [ "$SN" != "1" ]; then if [ "$SN" != "1" ]; then
@@ -1011,7 +1466,7 @@ fi
VOL=$(check_volumes) VOL=$(check_volumes)
if [ "$VOL" != "1" ]; then if [ "$VOL" != "1" ]; then
start_framework_scheduler upgrade_scheduler
/usr/bin/docker rm -f $HOSTNAME /usr/bin/docker rm -f $HOSTNAME
fi fi
@@ -1023,15 +1478,12 @@ if [ "$DF" != "1" ]; then
fi fi
#RS=$(docker ps | grep redis-server) #RS=$(docker ps | grep redis-server)
WS=$(docker ps | grep webserver) WS=$(/usr/bin/docker ps | grep -o webserver)
#if [[ "$WS" == "" && "$RS" == "" ]]; then
if [ "$WS" == "" ]; then if [ "$WS" == "" ]; then
# START SERVICES # START SERVICES
#$service_exec service-framework.containers.redis-server start & echo "Starting webserver"
$service_exec service-framework.containers.webserver start & $service_exec service-framework.containers.webserver start &
sleep 5
fi fi
@@ -1043,13 +1495,21 @@ DATE=$(date +%F-%H-%M-%S)
DIR=$SHARED/input DIR=$SHARED/input
# Triggers by certificate or domain config changes # Triggers by certificate or domain config changes
# Set installed version number
echo '{}' | jq --arg VERSION "$VERSION" '.VERSION = $VERSION' > $SHARED/output/version.json
############################
if [ "$DEBUG_MODE" == "true" ]; then
rm $DIR/*
fi
unset IFS unset IFS
inotifywait --exclude "\.(swp|tmp)" -m -e CREATE,CLOSE_WRITE,DELETE,MOVED_TO -r $DIR | inotifywait --exclude "\.(swp|tmp)" -m -e CREATE,CLOSE_WRITE,DELETE,MOVED_TO -r $DIR |
while read dir op file; do while read dir op file; do
if [ "${op}" == "CLOSE_WRITE,CLOSE" ]; then if [ "${op}" == "CLOSE_WRITE,CLOSE" ]; then
echo "new file created: $file" if [ "$file" != "check_vpn.json" ]; then
echo "new file created: $file"
fi
B64_JSON=$(cat $DIR/$file | base64 -w0) B64_JSON=$(cat $DIR/$file | base64 -w0)
TASK=$(echo $file | cut -d '.' -f1) TASK=$(echo $file | cut -d '.' -f1)
execute_task "$TASK" "$B64_JSON" execute_task "$TASK" "$B64_JSON"

18
scripts/scheduler/install.sh
View File

@@ -200,14 +200,18 @@ elif [ "$FIRST_INSTALL" == "vpn" ]; then
get_vpn_key get_vpn_key
edit_user_json $LETSENCRYPT_MAIL $LETSENCRYPT_SERVERNAME if [ "$VPN_PROXY" != "no" ]; then
$SERVICE_EXEC vpn-proxy stop force edit_user_json $LETSENCRYPT_MAIL $LETSENCRYPT_SERVERNAME
$SERVICE_EXEC vpn-proxy start
echo "$INIT_SERVICE_PATH/vpn-proxy.json" >>$AUTO_START_SERVICES/.init_services $SERVICE_EXEC vpn-proxy stop force
echo "$INIT_SERVICE_PATH/firewall-vpn-smarthost-loadbalancer" >>$AUTO_START_SERVICES/.init_services $SERVICE_EXEC vpn-proxy start
echo "$INIT_SERVICE_PATH/firewall-vpn-proxy-postrouting" >>$AUTO_START_SERVICES/.init_services echo "$INIT_SERVICE_PATH/vpn-proxy.json" >>$AUTO_START_SERVICES/.init_services
echo "$INIT_SERVICE_PATH/firewall-vpn-proxy-prerouting" >>$AUTO_START_SERVICES/.init_services echo "$INIT_SERVICE_PATH/firewall-vpn-smarthost-loadbalancer" >>$AUTO_START_SERVICES/.init_services
echo "$INIT_SERVICE_PATH/firewall-vpn-proxy-postrouting" >>$AUTO_START_SERVICES/.init_services
echo "$INIT_SERVICE_PATH/firewall-vpn-proxy-prerouting" >>$AUTO_START_SERVICES/.init_services
fi;
exit exit