Misc services

/sgoinfre

Setup a rw nfs export on a misc machine, performance or reliabiliy is not a priority for this service.

Install nfs-utils on misc.

Add the following line to /etc/exports:

/sgoinfre *(rw,insecure,squash_all,no_subtree_check,nohide)

Run the following commands on misc:

exportfs -arv
systemctl enable --now nfs-server

The following systemd service can be installed on the rhfs (in nfsroot):

# /etc/systemd/system/sgoinfre.mount
[Unit]
After=network-online.target

[Mount]
What=sgoinfre:/sgoinfre
Where=/sgoinfre
Options=nfsvers=4,nolock,noatime

[Install]
WantedBy=multi-user.target

Then enable the unit:

# systemctl enable --now sgoinfre.mount

doc

Setup:

python install.py docs
systemctl reload nginx

You have to retrieve the documentations of each language:

pacman -S wget unzip
su webservices - # So that the files have the right owner
cd /var/prologin/docs/languages
./get_docs.sh

You can now test the docs:

  • Open http://docs/languages/

  • Click on each language, you should see their documentation.

paste

We will setup dpaste: https://github.com/bartTC/dpaste:

pip install dpaste
python install.py paste

systemctl enable paste && systemctl start paste
systemctl reload nginx

Redmine

First, export some useful variables. Change them if needed:

export PHOME=/var/prologin
export PGHOST=web  # postgres host
export RUBYV=2.2.1
export RAILS_ENV=production
export REDMINE_LANG=fr
read -esp "Enter redmine db password (no ' please): " RMPSWD

Download and extract Redmine:

cd /tmp
wget http://www.redmine.org/releases/redmine-3.0.1.tar.gz
tar -xvz -C $PHOME -f redmine*.tar.gz
mv $PHOME/{redmine*,redmine}

Using RVM, let’s install dependencies:

# Trust RVM keys
curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -
curl -sSL https://get.rvm.io | bash -s stable
source /etc/profile.d/rvm.sh
echo "gem: --no-document" >>$HOME/.gemrc
rvm install $RUBYV  # can be rather long
rvm alias create redmine $RUBYV
gem install bundler unicorn

Create the Redmine user and database:

sed -e s/DEFAULT_PASSWORD/$RMPSWD/ /root/sadm/sql/redmine.sql | su - postgres -c psql

Configure the Redmine database:

cat >$PHOME/redmine/config/database.yml <<EOF
# prologin redmine database
production:
  adapter: postgresql
  database: redmine
  host: $PGHOST
  username: redmine
  password: $RMPSWD
  encoding: utf8
EOF

We can now install Redmine:

cd $PHOME/redmine
bundle install --without development test rmagick

Some fixtures (these commands require the above env vars):

bundle exec rake generate_secret_token
bundle exec rake db:migrate
bundle exec rake redmine:load_default_data

Create some dirs and fix permissions:

mkdir -p $PHOME/redmine/{tmp,tmp/pdf,public/plugin_assets}
chown -R redmine:http $PHOME/redmine
chmod -R o-rwx $PHOME/redmine
chmod -R 755 $PHOME/redmine/{files,log,tmp,public/plugin_assets}

Install the SSO plugin:

( cd $PHOME/redmine/plugins && git clone https://github.com/prologin/redmine-sso-auth.git )

Now it’s time to install Redmine system configuration files. Ensure you are within the prologin virtualenv (source /opt/prologin/venv/bin/activate), then:

cd /root/sadm
python install.py redmine udbsync_redmine

Register the new plugins (SSO, IRC hook):

( cd $PHOME/redmine && exec rake redmine:plugins:migrate )
# Should display:
# Migrating issues_json_socket_send (Redmine issues to socket JSON serialized)...
# Migrating redmine_sso_auth (SSO authentication plugin)...

Enable and start the services:

systemctl enable redmine && systemctl start redmine
systemctl enable udbsync_redmine && systemctl start udbsync_redmine
systemctl reload nginx

You should be able to access the brand new Redmine. There are some important configuration settings to change:

  • Login at http://redmine/login with admin / admin

  • Change password at http://redmine/my/password

  • In http://redmine/settings?tab=authentication - Enable enforced authentication. - Set minimum password length to 0. - Disable lost password feature, account deletion and registration.

  • In http://redmine/settings/plugin/redmine_sso_auth - Enable SSO. - If not already done, set environment variable to HTTP_X_SSO_USER. - Set search method to username.

  • Configure a new project at http://redmine/projects/new The Identifiant has to be ``prologin`` in order to vhosts to work.

  • As soon as udbsync_redmine has finished its first sync, you should find the three groups (user, orga, root) at http://redmine/groups so you can give them special priviledges: click one, click the “Projets” tab, assign your “prologin” project to one of the roles. For instance: user → ∅, orga → developer, root → {manager, developer}

Homepage

The homepage links to all our web services. It is a simple Django app that allows adding links easily. Setup it using install.py:

python install.py homepage
systemctl enable homepage && systemctl start homepage
systemctl enable udbsync_django@homepage && systemctl start udbsync_django@homepage

You can then add links to the homepage by going to http://homepage/admin.

DJ-Ango

See dj_ango README: https://bitbucket.org/Zeletochoy/dj-ango/

IRC

Install the ircd, then install the config:

pacman -S unrealircd
python install.py ircd
mv /etc/unrealircd/unrealircd.conf{.new,}

Change the OPER password in the config:

vim /etc/unrealircd/unrealircd.conf

Then enable and start the IRCd:

systemctl enable --now unrealircd

Now you need to enable the SOCKS tunnel so that IRC is available from the outside. First, generate a ssh key in misc, and add it to an user of the public-facing server (e.g prologin.org):

ssh-keygen -t ed25519 -q -N "" < /dev/zero
ssh-copy-id dev@prologin.org

Then, enable and start the IRC gatessh:

systemctl enable --now irc_gatessh

IRC issues bot

Once both IRC and Redmine are installed, you can also install the IRC bot that warns about new issues:

python install.py irc_redmine_issues
systemctl enable --now irc_redmine_issues