From d4c73019ebc34a9a9157f0125b5a564da75eada5 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Fri, 20 Oct 2023 07:12:05 +0200
Subject: [PATCH] Introduce FREEd CMS configurations

---
 argeo-freed.spec                      | 53 ++++++++++++++++++++++++++-
 debian/argeo-freed-cms-user.install   |  2 +
 debian/argeo-freed-cms.install        |  8 ++++
 debian/changelog                      |  2 +-
 debian/control                        | 14 +++++++
 etc/argeo.d/jvm.args                  |  0
 etc/argeo.d/jvm.args.debug            |  1 +
 etc/argeo.d/jvm.args.monitoring       |  1 +
 etc/argeo.user.d/jvm.args             |  0
 usr/bin/argeo                         |  2 +
 usr/bin/jshc                          |  2 +
 usr/lib/systemd/system/argeo@.service | 43 ++++++++++++++++++++++
 usr/lib/systemd/user/argeo@.service   | 31 ++++++++++++++++
 usr/share/argeo/SETUP.txt             |  9 +++++
 usr/share/argeo/all.policy            |  3 ++
 usr/share/argeo/argeo-pgsql-setup.sql |  2 +
 usr/share/argeo/argeo-slapd-setup.inf |  9 +++++
 usr/share/argeo/jvm.args              |  1 +
 18 files changed, 180 insertions(+), 3 deletions(-)
 create mode 100644 debian/argeo-freed-cms-user.install
 create mode 100644 debian/argeo-freed-cms.install
 create mode 100644 etc/argeo.d/jvm.args
 create mode 100644 etc/argeo.d/jvm.args.debug
 create mode 100644 etc/argeo.d/jvm.args.monitoring
 create mode 100644 etc/argeo.user.d/jvm.args
 create mode 100755 usr/bin/argeo
 create mode 100755 usr/bin/jshc
 create mode 100644 usr/lib/systemd/system/argeo@.service
 create mode 100644 usr/lib/systemd/user/argeo@.service
 create mode 100644 usr/share/argeo/SETUP.txt
 create mode 100644 usr/share/argeo/all.policy
 create mode 100644 usr/share/argeo/argeo-pgsql-setup.sql
 create mode 100644 usr/share/argeo/argeo-slapd-setup.inf
 create mode 100644 usr/share/argeo/jvm.args

diff --git a/argeo-freed.spec b/argeo-freed.spec
index 9e197c8..d755258 100644
--- a/argeo-freed.spec
+++ b/argeo-freed.spec
@@ -1,5 +1,5 @@
 Name:           argeo-freed
-Version:        2.3.1
+Version:        2.3.2
 Release:        1%{?dist}
 Summary:        Enrollment into a FREEd compatible domain
 
@@ -15,6 +15,16 @@ BuildRequires: systemd-rpm-macros
 
 %description
 
+%package cms
+Summary:        FREEd Argeo CMS services
+Requires:       argeo-cms
+
+%package cms-user
+Summary:        FREEd Argeo CMS user services
+Requires:       argeo-cms
+
+%description cms
+
 %package libreswan
 Summary:        FREEd extensions to libreswan
 Requires:       libreswan
@@ -39,15 +49,36 @@ Requires:       argeo-freed-libreswan
 %build
 
 %install
+mkdir -p %{buildroot}%{_bindir}
+cp -a ./usr/bin/* %{buildroot}%{_bindir}
+
 mkdir -p %{buildroot}%{_sysconfdir}
-cp -a ./etc/ipsec.d %{buildroot}%{_sysconfdir}
+cp -a ./etc/* %{buildroot}%{_sysconfdir}
+
+mkdir -p %{buildroot}%{_datadir}
+cp -a ./usr/share/* %{buildroot}%{_datadir}
 
 mkdir -p %{buildroot}%{_unitdir}
 cp -a ./usr/lib/systemd/system/* %{buildroot}%{_unitdir}
 
+mkdir -p %{buildroot}%{_userunitdir}
+cp -a ./usr/lib/systemd/user/* %{buildroot}%{_userunitdir}
+
 mkdir -p %{buildroot}%{_libexecdir}
 cp -a ./usr/libexec/ipsec %{buildroot}%{_libexecdir}
 
+%files cms
+%attr(755, root, root) %{_bindir}/argeo
+%attr(755, root, root) %{_bindir}/jshc
+
+%{_sysconfdir}/argeo.d
+%{_datadir}/argeo
+%{_unitdir}/argeo@.service
+
+%files cms-user
+%{_sysconfdir}/argeo.user.d
+%{_userunitdir}/argeo@.service
+
 %files libreswan
 %attr(755, root, root) %{_libexecdir}/ipsec
 
@@ -58,6 +89,24 @@ cp -a ./usr/libexec/ipsec %{buildroot}%{_libexecdir}
 %{_unitdir}/freed-onresume.service
 %{_unitdir}/freed-onsuspend.service
 
+%post cms
+%systemd_post argeo@.service
+
+%preun cms
+%systemd_preun argeo@.service
+
+%postun cms
+%systemd_postun argeo@.service
+
+%post cms-user
+%systemd_user_post argeo@.service
+
+%preun cms-user
+%systemd_user_preun argeo@.service
+
+%postun cms-user
+%systemd_user_postun argeo@.service
+
 %post roaming-client
 %systemd_post freed-ipsec-roaming@.service
 %systemd_post freed-onresume.service
diff --git a/debian/argeo-freed-cms-user.install b/debian/argeo-freed-cms-user.install
new file mode 100644
index 0000000..037dcd0
--- /dev/null
+++ b/debian/argeo-freed-cms-user.install
@@ -0,0 +1,2 @@
+./etc/argeo.user.d/* ./etc/argeo.user.d
+./usr/lib/systemd/user/argeo@.service ./usr/lib/systemd/user
diff --git a/debian/argeo-freed-cms.install b/debian/argeo-freed-cms.install
new file mode 100644
index 0000000..b2195f0
--- /dev/null
+++ b/debian/argeo-freed-cms.install
@@ -0,0 +1,8 @@
+./usr/bin/argeo ./usr/bin
+./usr/bin/jshc ./usr/bin
+
+./etc/argeo.d/* ./etc/argeo.d
+
+./usr/lib/systemd/system/argeo@.service ./usr/lib/systemd/system
+
+./usr/share/argeo/* ./usr/share/argeo
diff --git a/debian/changelog b/debian/changelog
index e1e7fd2..bcdff2f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-argeo-freed (2.3.1) unstable; urgency=medium
+argeo-freed (2.3.2) unstable; urgency=medium
 
   * Initial release
 
diff --git a/debian/control b/debian/control
index 1b8eb51..4f36a8f 100644
--- a/debian/control
+++ b/debian/control
@@ -6,6 +6,20 @@ Build-Depends: debhelper-compat (= 13)
 Standards-Version: 4.5.1
 Rules-Requires-Root: no
 
+Package: argeo-freed-cms
+Architecture: all
+Depends: ${misc:Depends}, argeo-cms
+Conflicts: argeo-init
+Description: FREEd Argeo CMS services
+ FREEd Argeo CMS services
+
+Package: argeo-freed-cms-user
+Architecture: all
+Depends: ${misc:Depends}, argeo-cms
+Conflicts: argeo-init
+Description: FREEd Argeo CMS user services
+ FREEd Argeo CMS user services
+
 Package: argeo-freed-libreswan
 Architecture: all
 Depends: ${misc:Depends}, libreswan
diff --git a/etc/argeo.d/jvm.args b/etc/argeo.d/jvm.args
new file mode 100644
index 0000000..e69de29
diff --git a/etc/argeo.d/jvm.args.debug b/etc/argeo.d/jvm.args.debug
new file mode 100644
index 0000000..4e6b1dc
--- /dev/null
+++ b/etc/argeo.d/jvm.args.debug
@@ -0,0 +1 @@
+-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=127.0.0.1:8000
\ No newline at end of file
diff --git a/etc/argeo.d/jvm.args.monitoring b/etc/argeo.d/jvm.args.monitoring
new file mode 100644
index 0000000..d7275ee
--- /dev/null
+++ b/etc/argeo.d/jvm.args.monitoring
@@ -0,0 +1 @@
+-Dcom.sun.management.jmxremote.port=8099 -Dcom.sun.management.jmxremote.rmi.port=8099 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=<hostname>
\ No newline at end of file
diff --git a/etc/argeo.user.d/jvm.args b/etc/argeo.user.d/jvm.args
new file mode 100644
index 0000000..e69de29
diff --git a/usr/bin/argeo b/usr/bin/argeo
new file mode 100755
index 0000000..636fd47
--- /dev/null
+++ b/usr/bin/argeo
@@ -0,0 +1,2 @@
+#!/bin/sh
+java -Dorg.argeo.api.cli.rootCommand=$0 -jar /usr/share/a2/org.argeo.cms/org.argeo.cms.cli.2.3.jar "$@"
\ No newline at end of file
diff --git a/usr/bin/jshc b/usr/bin/jshc
new file mode 100755
index 0000000..f29a38c
--- /dev/null
+++ b/usr/bin/jshc
@@ -0,0 +1,2 @@
+#!/usr/bin/sh
+java -Xms32m -Xmx64m -jar /usr/share/a2/org.argeo.cms/org.argeo.cms.jshell.2.3.jar "$@"
\ No newline at end of file
diff --git a/usr/lib/systemd/system/argeo@.service b/usr/lib/systemd/system/argeo@.service
new file mode 100644
index 0000000..1c5532f
--- /dev/null
+++ b/usr/lib/systemd/system/argeo@.service
@@ -0,0 +1,43 @@
+[Unit]
+Description=Argeo node %I
+After=network-online.target
+Wants=postgresql.service
+
+[Service]
+Type=simple
+
+User=daemon
+Group=daemon
+
+StateDirectory=argeo.d/%I
+LogsDirectory=argeo.d/%I
+ConfigurationDirectory=argeo.d/%I
+CacheDirectory=argeo.d/%I
+WorkingDirectory=/var/lib/argeo.d/%I
+
+ExecStart=java \
+-Dosgi.configuration.cascaded=true \
+-Dosgi.sharedConfiguration.area=/etc/argeo.d/%I/ \
+-Dosgi.sharedConfiguration.area.readOnly=true \
+-Dosgi.configuration.area=${STATE_DIRECTORY}/state/ \
+-Dosgi.instance.area=${STATE_DIRECTORY}/data/ \
+-Dargeo.node.repo.indexesBase=${CACHE_DIRECTORY}/indexes \
+-Dorg.osgi.framework.system.packages.extra=sun.security.internal.spec,sun.security.provider,com.sun.net.httpserver,com.sun.jndi.ldap,com.sun.jndi.ldap.sasl,com.sun.jndi.dns,com.sun.security.jgss,com.sun.nio.file,com.sun.nio.sctp \
+-Declipse.ignoreApp=true \
+-Dosgi.noShutdown=true \
+-Dorg.eclipse.equinox.http.jetty.autostart=false \
+@/etc/argeo.d/jvm.args \
+@${CONFIGURATION_DIRECTORY}/jvm.args \
+@/usr/share/argeo/jvm.args
+
+# Exit codes of the JVM when SIGTERM or SIGINT have been caught:
+SuccessExitStatus=143 130
+
+CPUAccounting=true
+MemoryAccounting=true
+TasksAccounting=true
+IOAccounting=true
+IPAccounting=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/usr/lib/systemd/user/argeo@.service b/usr/lib/systemd/user/argeo@.service
new file mode 100644
index 0000000..ec73e42
--- /dev/null
+++ b/usr/lib/systemd/user/argeo@.service
@@ -0,0 +1,31 @@
+[Unit]
+Description=Argeo user node %I
+
+[Service]
+Type=simple
+StateDirectory=argeo.d/%I
+LogsDirectory=argeo.d/%I
+ConfigurationDirectory=argeo.d/%I
+CacheDirectory=argeo.d/%I
+#WorkingDirectory=
+
+ExecStart=java \
+-Dosgi.configuration.cascaded=true \
+-Dosgi.sharedConfiguration.area=/etc/argeo.user.d/%I/ \
+-Dosgi.sharedConfiguration.area.readOnly=true \
+-Dosgi.configuration.area=${STATE_DIRECTORY}/state/ \
+-Dosgi.instance.area=${STATE_DIRECTORY}/data/ \
+-Dargeo.node.repo.indexesBase=${CACHE_DIRECTORY}/indexes \
+-Dorg.osgi.framework.system.packages.extra=sun.security.internal.spec,sun.security.provider,com.sun.net.httpserver,com.sun.jndi.ldap,com.sun.jndi.ldap.sasl,com.sun.jndi.dns,com.sun.security.jgss,com.sun.nio.file,com.sun.nio.sctp \
+-Declipse.ignoreApp=true \
+-Dosgi.noShutdown=true \
+-Dorg.eclipse.equinox.http.jetty.autostart=false \
+-Djava.library.path=/usr/lib/a2/swt/rcp/org.argeo.tp.swt/ \
+@/etc/argeo.user.d/jvm.args \
+@/etc/argeo.user.d/%I/jvm.args \
+@/usr/share/argeo/jvm.args
+# Exit codes of the JVM when SIGTERM or SIGINT have been caught:
+SuccessExitStatus=143 130
+
+[Install]
+WantedBy=multi-user.target
diff --git a/usr/share/argeo/SETUP.txt b/usr/share/argeo/SETUP.txt
new file mode 100644
index 0000000..708e587
--- /dev/null
+++ b/usr/share/argeo/SETUP.txt
@@ -0,0 +1,9 @@
+
+# 389 Directory Server
+sudo dscreate from-file argeo-slapd.inf
+sudo dsconf -D "cn=Directory Manager" ldap://localhost backend import <backend> <path to LDIF file> 
+
+# PostgreSQL
+sudo postgresql-setup initdb
+sudo systemctl start postgresql
+sudo -u postgres psql < argeo-pgsql-setup.sql
diff --git a/usr/share/argeo/all.policy b/usr/share/argeo/all.policy
new file mode 100644
index 0000000..facb613
--- /dev/null
+++ b/usr/share/argeo/all.policy
@@ -0,0 +1,3 @@
+grant {
+  permission java.security.AllPermission;
+};
\ No newline at end of file
diff --git a/usr/share/argeo/argeo-pgsql-setup.sql b/usr/share/argeo/argeo-pgsql-setup.sql
new file mode 100644
index 0000000..886f60a
--- /dev/null
+++ b/usr/share/argeo/argeo-pgsql-setup.sql
@@ -0,0 +1,2 @@
+CREATE USER argeo WITH PASSWORD 'argeo';
+CREATE DATABASE argeo WITH OWNER argeo;
diff --git a/usr/share/argeo/argeo-slapd-setup.inf b/usr/share/argeo/argeo-slapd-setup.inf
new file mode 100644
index 0000000..98ad97a
--- /dev/null
+++ b/usr/share/argeo/argeo-slapd-setup.inf
@@ -0,0 +1,9 @@
+[general]
+[slapd]
+instance_name = argeo
+root_dn = cn=Directory Manager
+root_password = argeoargeo
+
+[backend-userroot]
+create_suffix_entry = True
+suffix = dc=example,dc=com
\ No newline at end of file
diff --git a/usr/share/argeo/jvm.args b/usr/share/argeo/jvm.args
new file mode 100644
index 0000000..2d3190d
--- /dev/null
+++ b/usr/share/argeo/jvm.args
@@ -0,0 +1 @@
+-cp /usr/share/a2/osgi/equinox/org.argeo.tp.osgi/org.eclipse.osgi.3.18.jar:/usr/share/a2/org.argeo.cms/org.argeo.init.2.3.jar org.argeo.init.Service
\ No newline at end of file
-- 
2.30.2