From 59f42d5b9af234666b02e2a133f573068627fef6 Mon Sep 17 00:00:00 2001 From: adam-op Date: Mon, 21 Nov 2022 06:23:02 +0100 Subject: [PATCH 1/3] [#40162] Update installation script to ensure successful installations 2nd try [#40162] Update installation script to ensure successful installations https://community.openproject.org/work_packages/40162 --- .../script/op-support-data.sh | 161 ++++++++++-------- 1 file changed, 91 insertions(+), 70 deletions(-) diff --git a/docs/enterprise-guide/enterprise-on-premises-guide/support/installation-support/script/op-support-data.sh b/docs/enterprise-guide/enterprise-on-premises-guide/support/installation-support/script/op-support-data.sh index b0329a1f25..25ebd9fc29 100644 --- a/docs/enterprise-guide/enterprise-on-premises-guide/support/installation-support/script/op-support-data.sh +++ b/docs/enterprise-guide/enterprise-on-premises-guide/support/installation-support/script/op-support-data.sh @@ -5,15 +5,8 @@ #VERBOSE LOGGING #set -x -hash netcat 2>/dev/null -if [ $? == 1 ]; then - echo - echo "Please install netcat (apt install netcat, yum install netcat) as this script depends on netcat. Thank you." - exit -fi - #PSQL -read -p "Please specify the IP/FQDN of the PSQL server, if the internal PSQL server of OpenProject is used press ENTER [127.0.0.1]: " psqlserver +read -p "Please specify the IP of the PSQL server, if the internal PSQL server of OpenProject is used press ENTER [127.0.0.1]: " psqlserver psqlserver=${psqlserver:-127.0.0.1} read -p "Please specify the PORT of the PSQL server, if the internal PSQL server of OpenProject is used press ENTER [45432]: " psqlserverport psqlserverport=${psqlserverport:-45432} @@ -23,16 +16,19 @@ echo read -p "Please specify if your own web server is used for terminating SSL, if the internal webserver of OpenProject is used press ENTER [N,y]: " ownwebserver ownwebserver=${ownwebserver:-N} -if [ "$ownwebserver" != "${ownwebserver#[Nn]}" ]; then - echo - echo As OpenProject will configure the webserver, SSL certificate and key need to be provided: -# LETSENCRYPT! - read -p "Enter SSL Certificate (incl. full path) [/etc/ssl/certs/ssl-cert-snakeoil.pem]: " ssl_certificate - ssl_certificate=${ssl_certificate:-/etc/ssl/certs/ssl-cert-snakeoil.pem} - read -p "Enter SSL Key (incl. full path) [/etc/ssl/private/ssl-cert-snakeoil.key]: " ssl_key - ssl_key=${ssl_key:-/etc/ssl/private/ssl-cert-snakeoil.key} +if [ "$ownwebserver" != "${ownwebserver#[Yy]}" ]; then + read -p "Please name the webserver application that you use [apache]: " + webserverapp=${webserverapp:-apache} +else + webserverapp="internal" fi +# LETSENCRYPT! +read -p "Enter SSL Certificate (incl. full path) [/etc/ssl/certs/ssl-cert-snakeoil.pem]: " ssl_certificate +ssl_certificate=${ssl_certificate:-/etc/ssl/certs/ssl-cert-snakeoil.pem} +read -p "Enter SSL Key (incl. full path) [/etc/ssl/private/ssl-cert-snakeoil.key]: " ssl_key +ssl_key=${ssl_key:-/etc/ssl/private/ssl-cert-snakeoil.key} +ssoserver="local-auth" #SSO SOLUTION echo read -p "Please specify if there is an SSO solution like SAML/LDAP/OpenID for authenticating in OpenProject [N,y]: " ssosolution @@ -40,8 +36,10 @@ ssosolution=${ssosolution:-N} if [ "$ssosolution" != "${ssosolution#[Yy]}" ]; then echo echo As OpenProject will connect to the SSO host we need some details to be provided: - read -p "Enter SSO host IP/FQDN: " ssoserver - read -p "Enter SSO host Port: " ssoport + read -p "Enter SSO host IP [127.0.0.1]: " ssoserver + ssoserver=${ssoserver:-127.0.0.1} + read -p "Enter SSO host Port [443]: " ssoport + ssoport=${ssoport:-443} fi #OUTGOING MAILS @@ -51,8 +49,10 @@ outgoingmail=${outgoingmail:-Y} if [ "$outgoingmail" != "${outgoingmail#[Yy]}" ]; then echo echo As OpenProject will send e-mails we need some details to be provided: - read -p "Enter SMTP host IP/FQDN: " outgoingmailip - read -p "Enter SMTP host Port: " outgoingmailport + read -p "Enter SMTP host IP [127.0.0.1]: " outgoingmailip + outgoingmailip=${outgoingmailip:-127.0.0.1} + read -p "Enter SMTP host Port [25]: " outgoingmailport + outgoingmailport=${outgoingmailport:-25} fi #INCOMING MAILS @@ -62,8 +62,10 @@ incomingmail=${incomingmail:-Y} if [ "$incomingmail" != "${incomingmail#[Yy]}" ]; then echo echo As OpenProject shall receive e-mails we need some details to be provided: - read -p "Enter IMAP/POP3 host IP/FQDN: " incomingmailip - read -p "Enter IMAP/POP3 host Port: " incomingmailport + read -p "Enter IMAP/POP3 host IP [127.0.0.1]: " incomingmailip + incomingmailip=${incomingmailip:-127.0.0.1} + read -p "Enter IMAP/POP3 host Port [110]: " incomingmailport + incomingmailport=${incomingmailport:-110} fi #S3 CLOUD STORAGE @@ -76,17 +78,6 @@ echo echo 'Please specify the fully qualified domain (FQDN) name for your OpenProject installation.' read -p "Answer (e.g. openproject.company.com): " fqdn -echo "---" -echo User Input: -echo PSQL: $psqlserver":"$psqlserverport -echo SSL: $ssl_certificate", "$ssl_key -echo Own Web Server: $ownwebserver -echo SSO Server: $ssoserver":"$ssoport -echo SMTP Server: $outgoingmailip":"$outgoingmailport -echo IMAP/POP3 Server: $incomingmailip":"$incomingmailport -echo S3 Cloud Storage: $s3cloudstorage -echo FQDN: $fqdn -echo "---" #CHECK LINUX INFORMATION ON LOCALHOST echo Linux Information on localhost @@ -116,76 +107,106 @@ echo Network on localhost ip a echo "---" +#CHECK LOCAL MEMCACHED CONFIG +echo +echo Search for memcached + +hash memcached 2>/dev/null +if [ $? == 1 ]; then + echo "memcached is NOT installed" +else + echo "memcached is installed" +fi +echo "---" + +#CHECK DOCKER ENVIRONMENT +hash docker 2>/dev/null +if [ $? == 1 ]; then + echo + echo "Docker is not installed yet, if you consider using the OpenProject containers, please install docker." +else + docker ps -a + docker volume ls +fi +#SSL/TLS CERTS AVAILABLE +if [ "$ownwebserver" != "${ownwebserver#[Nn]}" ]; then + echo Search for SSL certificate $ssl_certificate + find $ssl_certificate + echo Search for SSL key $ssl_key + find $ssl_key + openssl x509 -in $ssl_certificate -noout -text + openssl rsa -in $ssl_key -noout -text + openssl x509 -noout -modulus -in $ssl_certificate | openssl md5 + openssl rsa -noout -modulus -in $ssl_key | openssl md5 +fi +echo +echo +echo "=========" +echo " SUMMARY " +echo "=========" +echo #CHECK WEBSERVER ON LOCALHOST PORTS 80 AND 443 -echo 'Checking Port 80,443 on IP 127.0.0.1 reachable? (succeeded = reachable)' -netcat -z -v 127.0.0.1 80 2>&1 -netcat -z -v 127.0.0.1 443 2>&1 +echo 'Checking Port 80,443 on IP 127.0.0.1 reachable? (0=YES / 1=NO)' +echo 2>/dev/null > /dev/tcp/127.0.0.1/80 ; echo $? +echo 2>/dev/null > /dev/tcp/127.0.0.1/443 ; echo $? echo "---" #CHECK WEBSERVER ON OTHER IPS for ip in `ip a | grep "inet " | grep " e" | awk -F" " '{print $2}' | cut -d'/' -f1`; do -echo 'Checking Port 80,443 on IP '$ip' reachable? (succeeded = reachable)' -netcat -z -v $ip 80 2>&1 -netcat -z -v $ip 443 2>&1 +echo 'Checking Port 80,443 on IP '$ip' reachable? (0=YES / 1=NO)' +echo 2>/dev/null > /dev/tcp/$ip/80 ; echo $? +echo 2>/dev/null > /dev/tcp/$ip/80 ; echo $? done echo "---" #CHECK packager.io ACCESS FROM LOCALHOST FOR UPGRADES -echo packager.io web server is reachable on ports 80,443 -netcat -z -v packager.io 80 2>&1 -netcat -z -v packager.io 443 2>&1 +echo 'packager.io web server is reachable on ports 80,443? (0=YES / 1=NO)' +packagerip=`host -t a packager.io | cut -d" " -f4` +echo 2>/dev/null > /dev/tcp/$packagerip/80 ; echo $? +echo 2>/dev/null > /dev/tcp/$packagerip/443 ; echo $? echo "---" #CHECK PSQL REACHABILITY echo 'PSQL server on IP/FQDN '$psqlserver' port '$psqlserverport' reachable (0=YES / 1=NO)' -echo 'SELECT version();QUIT' | netcat $psqlserver $psqlserverport; echo $? +echo 2>/dev/null > /dev/tcp/$psqlserver/$psqlserverport ; echo $? echo "---" #CHECK SSO REACHABILITY if [ "$ssosolution" != "${ssosolution#[Yy]}" ]; then - echo 'SSO server on IP/FQDN '$ssoserver' port '$ssoport' reachable? (succeeded = reachable)' - netcat -z -v $ssoserver $ssoport 2>&1 + echo 'SSO server on IP/FQDN '$ssoserver' port '$ssoport' reachable? (0=YES / 1=NO)' + echo 2>/dev/null > /dev/tcp/$ssoserver/$ssoserverport ; echo $? echo "---" fi #CHECK SMTP REACHABILITY if [ "$outgoingmail" != "${outgoingmail#[Yy]}" ]; then - echo 'SMTP server on IP/FQDN '$outgoingmailip' port '$outgoingmailport' reachable? (succeeded = reachable)' - netcat -z -v $outgoingmailip $outgoingmailport 2>&1 + echo 'SMTP server on IP/FQDN '$outgoingmailip' port '$outgoingmailport' reachable? (0=YES / 1=NO)' + echo 2>/dev/null > /dev/tcp/$outgoingmailip/$outgoingmailport ; echo $? echo "---" fi #CHECK POP3/IMAP REACHABILITY if [ "$incomingmail" != "${incomingmail#[Yy]}" ]; then - echo 'POP3/IMAP server on IP/FQDN '$incomingmailip' port '$incomingmailport' reachable? (succeeded = reachable)' - netcat -z -v $incomingmailip $incomingmailport 2>&1 + echo 'POP3/IMAP server on IP/FQDN '$incomingmailip' port '$incomingmailport' reachable? (0=YES / 1=NO)' + echo 2>/dev/null > /dev/tcp/$incomingmailip/$incomingmailport ; echo $? echo "---" fi -#SSL/TLS CERTS AVAILABLE -if [ "$ownwebserver" != "${ownwebserver#[Nn]}" ]; then - echo Search for SSL certificate $ssl_certificate - find $ssl_certificate - echo Search for SSL key $ssl_key - find $ssl_key - openssl x509 -in $ssl_certificate -noout -text - openssl rsa -in $ssl_key -noout -text - openssl x509 -noout -modulus -in $ssl_certificate | openssl md5 - openssl rsa -noout -modulus -in $ssl_key | openssl md5 -fi - -#CHECK LOCAL MEMCACHED CONFIG -echo -echo Search for memcached -hash memcached 2>/dev/null -if [ $? == 1 ]; then - echo "memcached is NOT installed" -else - echo "memcached is installed" -fi echo "---" +echo User Input: +echo PSQL: $psqlserver":"$psqlserverport +echo SSL: $ssl_certificate", "$ssl_key +echo Own Web Server: $ownwebserver +echo Web Server Application: $webserverapp +echo SSO Server: $ssoserver":"$ssoport +echo SMTP Server: $outgoingmailip":"$outgoingmailport +echo IMAP/POP3 Server: $incomingmailip":"$incomingmailport +echo S3 Cloud Storage: $s3cloudstorage +echo FQDN: $fqdn +echo "---" + #CHECK FOR INSTALLED OPENPROJECT From 7b4db84609350b5bd292704f1c6c2c0b01353340 Mon Sep 17 00:00:00 2001 From: ulferts Date: Wed, 23 Nov 2022 09:39:10 +0100 Subject: [PATCH 2/3] return empty array instead of `null` `_embedded/elements` should always have an array, even if it is empty to not trip up clients. --- lib/api/decorators/sql_collection_representer.rb | 2 +- spec/requests/api/v3/capability_resource_spec.rb | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/api/decorators/sql_collection_representer.rb b/lib/api/decorators/sql_collection_representer.rb index ebca2749cf..881d3aa752 100644 --- a/lib/api/decorators/sql_collection_representer.rb +++ b/lib/api/decorators/sql_collection_representer.rb @@ -130,7 +130,7 @@ module API representation: ->(walker_result) do replacement = walker_result.replace_map['elements'] - replacement ? "json_agg(#{replacement})" : nil + replacement ? "COALESCE(json_agg(#{replacement}), '[]')" : nil end end end diff --git a/spec/requests/api/v3/capability_resource_spec.rb b/spec/requests/api/v3/capability_resource_spec.rb index c74494807c..8d96796fb7 100644 --- a/spec/requests/api/v3/capability_resource_spec.rb +++ b/spec/requests/api/v3/capability_resource_spec.rb @@ -372,10 +372,14 @@ describe 'API v3 capabilities resource', type: :request, content_type: :json do } }] end - it 'is empty' do + it 'is empty and includes an empty element set', :aggregate_failures do expect(subject.body) .to be_json_eql('0') .at_path('total') + + expect(subject.body) + .to be_json_eql([].to_json) + .at_path('_embedded/elements') end end From 5ee80512874a8cbcce1f001c4c96fbaf9e491f51 Mon Sep 17 00:00:00 2001 From: VESpersio Date: Wed, 23 Nov 2022 14:34:35 +0300 Subject: [PATCH 3/3] fix saml env --- docs/system-admin-guide/authentication/saml/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/system-admin-guide/authentication/saml/README.md b/docs/system-admin-guide/authentication/saml/README.md index e0ec9772db..7291ca254c 100644 --- a/docs/system-admin-guide/authentication/saml/README.md +++ b/docs/system-admin-guide/authentication/saml/README.md @@ -474,7 +474,7 @@ OPENPROJECT_SAML_SAML_ASSERTION__CONSUMER__SERVICE__URL="https:///realms//protocol/saml" OPENPROJECT_SAML_SAML_SLO__TARGET__URL="https:///realms//protocol/saml" OPENPROJECT_SAML_SAML_ISSUER="https://" -OPENPROJECT_SAML_SAML_IDP_CERT="" +OPENPROJECT_SAML_SAML_IDP__SSO__SERVICE__URL="https:///realms//protocol/saml" +OPENPROJECT_SAML_SAML_IDP__CERT="" ``` If you're unsure what the realm value is, go to the menu "Realm settings" and click on "Endpoints -> SAML 2.0 Identity Provider Metadata". This will include URLs for the `SingleSignOnSerivce` and `SingleLogoutService`.