fix : t 001 a 020 fait

2026-03-19 09:21:45 +01:00
parent e68c99a8b3
commit 11f69a9eda
18 changed files with 137 additions and 75 deletions
--- a/RebuildBdd/Checkup/check-postgresql.sh
+++ b/RebuildBdd/Checkup/check-postgresql.sh
@@ -137,6 +137,9 @@ PGUSER_SUPERUSER="${PGUSER_SUPERUSER:-no}"
 POSTGRES_PACKAGE_LIST="${POSTGRES_PACKAGE_LIST:-postgresql postgresql-client postgresql-contrib}"
 POSTGRES_SERVICE_NAME="${POSTGRES_SERVICE_NAME:-postgresql}"
 SUDO_BIN="${SUDO_BIN:-sudo}"
+read -r -a POSTGRES_PACKAGES <<< "$POSTGRES_PACKAGE_LIST"
+
+[[ "${#POSTGRES_PACKAGES[@]}" -gt 0 ]] || fail "POSTGRES_PACKAGE_LIST vide"

 export PGPASSWORD

@@ -159,7 +162,7 @@ if ! require_cmd psql || ! require_cmd pg_restore || ! require_cmd createdb || !

  log "PostgreSQL absent : installation en cours..."
  "$SUDO_BIN" apt update >/dev/null 2>&1 || fail "échec de apt update"
-  "$SUDO_BIN" apt install -y $POSTGRES_PACKAGE_LIST >/dev/null 2>&1 || fail "échec de l'installation PostgreSQL"
+  "$SUDO_BIN" apt install -y "${POSTGRES_PACKAGES[@]}" >/dev/null 2>&1 || fail "échec de l'installation PostgreSQL"
  POSTGRES_INSTALLED="yes"
  log "Installation PostgreSQL terminée."
 else
--- a/RebuildBdd/Checkup/check-target-readiness.sh
+++ b/RebuildBdd/Checkup/check-target-readiness.sh
@@ -92,6 +92,7 @@ to_bool_yes_no() {
  v="${v,,}"
  case "$v" in
    yes|y|oui|o|true|1) echo "yes" ;;
+    # Valeur vide traitée comme "no" pour conserver le comportement historique.
    no|n|non|false|0|"") echo "no" ;;
    *) return 1 ;;
  esac
--- a/RebuildBdd/Config/.env.exemple
+++ b/RebuildBdd/Config/.env.exemple
@@ -8,18 +8,18 @@ RESTORE_ROLES=yes

 # Dépôt scripts
 GLOBAL_REPO_URL=git@gitea.example.tld:team/RebuildBdd.git
-GLOBAL_REPO_BRANCH=main
-
-# Backup central
-GLOBAL_BACKUP_REMOTE_USER=backup
-GLOBAL_BACKUP_REMOTE_HOST=192.168.1.60
-GLOBAL_BACKUP_REMOTE_PORT=22
-GLOBAL_BACKUP_REMOTE_BASE_DIR=/home/backup/backups
-
-# Clé SSH de lecture backup copiée sur les cibles
-GLOBAL_BACKUP_SSH_PRIVATE_KEY=/home/matteo/.ssh/id_ed25519_backup_readonly
-GLOBAL_BACKUP_SSH_PUBLIC_KEY=/home/matteo/.ssh/id_ed25519_backup_readonly.pub
-GLOBAL_BACKUP_KNOWN_HOSTS_STRICT=yes
+GLOBAL_REPO_BRANCH=main
+
+# Backup central
+GLOBAL_BACKUP_REMOTE_USER=backup
+GLOBAL_BACKUP_REMOTE_HOST=<BACKUP_HOST>
+GLOBAL_BACKUP_REMOTE_PORT=22
+GLOBAL_BACKUP_REMOTE_BASE_DIR=/home/backup/backups
+
+# Clé SSH de lecture backup copiée sur les cibles
+GLOBAL_BACKUP_SSH_PRIVATE_KEY=/home/<LOCAL_USER>/.ssh/id_ed25519_backup_readonly
+GLOBAL_BACKUP_SSH_PUBLIC_KEY=/home/<LOCAL_USER>/.ssh/id_ed25519_backup_readonly.pub
+GLOBAL_BACKUP_KNOWN_HOSTS_STRICT=yes

 # Defaults PostgreSQL
 GLOBAL_PGHOST=127.0.0.1
@@ -35,4 +35,4 @@ GLOBAL_BOOTSTRAP_ALLOW_PASSWORDLESS_SUDO=yes
 GLOBAL_AUTO_INSTALL_POSTGRES=yes
 GLOBAL_AUTO_CREATE_PGUSER=yes
 GLOBAL_PGUSER_SUPERUSER=no
-GLOBAL_AUTO_CONFIGURE_SUDOERS=no
+GLOBAL_AUTO_CONFIGURE_SUDOERS=no
--- a/RebuildBdd/Config/Targets/prod.env.exemple
+++ b/RebuildBdd/Config/Targets/prod.env.exemple
@@ -3,25 +3,25 @@
 ###############################################################################

 # SSH bootstrap cible
-TARGET_HOST=192.168.1.60
+TARGET_HOST=<TARGET_HOST>
 TARGET_PORT=22
-TARGET_BOOTSTRAP_USER=backup_liot
-TARGET_BOOTSTRAP_SSH_KEY=/home/matteo/.ssh/id_ed25519_target_prod
-TARGET_RUNTIME_USER=backup_liot
+TARGET_BOOTSTRAP_USER=<BOOTSTRAP_USER>
+TARGET_BOOTSTRAP_SSH_KEY=/home/<LOCAL_USER>/.ssh/id_ed25519_target_prod
+TARGET_RUNTIME_USER=<RUNTIME_USER>

 # Bootstrap
 TARGET_ENABLE_BOOTSTRAP=yes
 TARGET_BOOTSTRAP_ALLOW_PASSWORDLESS_SUDO=yes

 # Repo local cible
-TARGET_REPO_DIR=/home/backup_liot/RebuildBdd
-TARGET_ENV_FILE=/home/backup_liot/RebuildBdd/.env
+TARGET_REPO_DIR=/home/<RUNTIME_USER>/RebuildBdd
+TARGET_ENV_FILE=/home/<RUNTIME_USER>/RebuildBdd/.env

 # PostgreSQL cible
 TARGET_ENV_NAME=PROD
 TARGET_PGHOST=127.0.0.1
 TARGET_PGPORT=5432
-TARGET_PGUSER=backup_liot
+TARGET_PGUSER=<PGUSER>
 TARGET_PGPASSWORD=change_me_pg_password
 TARGET_DBS="sirh inventory ferme"

@@ -29,9 +29,9 @@ TARGET_DBS="sirh inventory ferme"
 TARGET_BACKUP_SUBDIR=bdd-prod

 # Logs / tmp / ssh cible
-TARGET_BACKUP_LOG_DIR=/home/backup_liot/logs/rebuild_bdd
-TARGET_LOCAL_RESTORE_BASE_DIR=/home/backup_liot/RebuildBdd/restore_tmp
-TARGET_SSH_KEY=/home/backup_liot/.ssh/id_ed25519_backup_readonly
+TARGET_BACKUP_LOG_DIR=/home/<RUNTIME_USER>/logs/rebuild_bdd
+TARGET_LOCAL_RESTORE_BASE_DIR=/home/<RUNTIME_USER>/RebuildBdd/restore_tmp
+TARGET_SSH_KEY=/home/<RUNTIME_USER>/.ssh/id_ed25519_backup_readonly

 # Options cible
 TARGET_REMOTE_ROLES_DIR_NAME=user
--- a/RebuildBdd/Config/Targets/test.env.exemple
+++ b/RebuildBdd/Config/Targets/test.env.exemple
@@ -3,25 +3,25 @@
 ###############################################################################

 # SSH bootstrap cible
-TARGET_HOST=192.168.1.50
+TARGET_HOST=<TARGET_HOST>
 TARGET_PORT=22
-TARGET_BOOTSTRAP_USER=backup_liot
-TARGET_BOOTSTRAP_SSH_KEY=/home/matteo/.ssh/id_ed25519_target_test
-TARGET_RUNTIME_USER=backup_liot
+TARGET_BOOTSTRAP_USER=<BOOTSTRAP_USER>
+TARGET_BOOTSTRAP_SSH_KEY=/home/<LOCAL_USER>/.ssh/id_ed25519_target_test
+TARGET_RUNTIME_USER=<RUNTIME_USER>

 # Bootstrap
 TARGET_ENABLE_BOOTSTRAP=yes
 TARGET_BOOTSTRAP_ALLOW_PASSWORDLESS_SUDO=yes

 # Repo local cible
-TARGET_REPO_DIR=/home/backup_liot/RebuildBdd
-TARGET_ENV_FILE=/home/backup_liot/RebuildBdd/.env
+TARGET_REPO_DIR=/home/<RUNTIME_USER>/RebuildBdd
+TARGET_ENV_FILE=/home/<RUNTIME_USER>/RebuildBdd/.env

 # PostgreSQL cible
 TARGET_ENV_NAME=RECETTE
 TARGET_PGHOST=127.0.0.1
 TARGET_PGPORT=5432
-TARGET_PGUSER=backup_liot
+TARGET_PGUSER=<PGUSER>
 TARGET_PGPASSWORD=change_me_pg_password
 TARGET_DBS="sirh inventory ferme"

@@ -29,9 +29,9 @@ TARGET_DBS="sirh inventory ferme"
 TARGET_BACKUP_SUBDIR=bdd-recette

 # Logs / tmp / ssh cible
-TARGET_BACKUP_LOG_DIR=/home/backup_liot/logs/rebuild_bdd
-TARGET_LOCAL_RESTORE_BASE_DIR=/home/backup_liot/RebuildBdd/restore_tmp
-TARGET_SSH_KEY=/home/backup_liot/.ssh/id_ed25519_backup_readonly
+TARGET_BACKUP_LOG_DIR=/home/<RUNTIME_USER>/logs/rebuild_bdd
+TARGET_LOCAL_RESTORE_BASE_DIR=/home/<RUNTIME_USER>/RebuildBdd/restore_tmp
+TARGET_SSH_KEY=/home/<RUNTIME_USER>/.ssh/id_ed25519_backup_readonly

 # Options cible
 TARGET_REMOTE_ROLES_DIR_NAME=user
--- a/RebuildBdd/README.md
+++ b/RebuildBdd/README.md
@@ -110,14 +110,14 @@ Usage :
 ```bash
 ./create-target-config.sh \
  --target test \
-  --host 192.168.1.50 \
+  --host <TARGET_HOST> \
  --port 22 \
-  --bootstrap-user backup_liot \
+  --bootstrap-user <BOOTSTRAP_USER> \
  --bootstrap-key /home/user/.ssh/id_ed25519_target_test \
-  --runtime-user backup_liot \
-  --repo-dir /home/backup_liot/RebuildBdd \
+  --runtime-user <RUNTIME_USER> \
+  --repo-dir /home/<RUNTIME_USER>/RebuildBdd \
  --env-name RECETTE \
-  --pguser backup_liot \
+  --pguser <PGUSER> \
  --pgpassword secret \
  --dbs "sirh inventory ferme" \
  --backup-subdir bdd-recette
@@ -443,7 +443,7 @@ Exemple :
  "environment": "RECETTE",
  "database": "sirh",
  "dump_file": "/home/backup/backups/bdd-recette/sirh/sirh_2026-03-16_19-00-01.dump",
-  "log_file": "/home/backup_liot/logs/rebuild_bdd/restore_recette_web_001_2026-03-17_09-10-00.log"
+  "log_file": "/home/<RUNTIME_USER>/logs/rebuild_bdd/restore_recette_web_001_2026-03-17_09-10-00.log"
 }
 ```

@@ -459,7 +459,7 @@ Exemple :
  "environment": "RECETTE",
  "database": "sirh",
  "dump_file": "/home/backup/backups/bdd-recette/sirh/sirh_2026-03-16_19-00-01.dump",
-  "log_file": "/home/backup_liot/logs/rebuild_bdd/restore_recette_web_001_2026-03-17_09-10-00.log"
+  "log_file": "/home/<RUNTIME_USER>/logs/rebuild_bdd/restore_recette_web_001_2026-03-17_09-10-00.log"
 }
 ```

@@ -500,7 +500,7 @@ TARGET_BACKUP_LOG_DIR
 Exemple :

 ```bash
-/home/backup_liot/logs/rebuild_bdd/
+/home/<RUNTIME_USER>/logs/rebuild_bdd/
 ```

 Le chemin du log est renvoyé dans le JSON final.
@@ -537,14 +537,14 @@ Avant mise en production, tester au minimum :
 ```bash
 ./create-target-config.sh \
  --target test \
-  --host 192.168.1.50 \
+  --host <TARGET_HOST> \
  --port 22 \
-  --bootstrap-user backup_liot \
-  --bootstrap-key /home/matteo/.ssh/id_ed25519_target_test \
-  --runtime-user backup_liot \
-  --repo-dir /home/backup_liot/RebuildBdd \
+  --bootstrap-user <BOOTSTRAP_USER> \
+  --bootstrap-key /home/<LOCAL_USER>/.ssh/id_ed25519_target_test \
+  --runtime-user <RUNTIME_USER> \
+  --repo-dir /home/<RUNTIME_USER>/RebuildBdd \
  --env-name RECETTE \
-  --pguser backup_liot \
+  --pguser <PGUSER> \
  --pgpassword secret \
  --dbs "sirh inventory ferme" \
  --backup-subdir bdd-recette
@@ -578,5 +578,3 @@ Le projet permet désormais une utilisation :
 * intégrée au web ;

 avec préparation des cibles, exécution non interactive et retour JSON.
-
-```
--- a/RebuildBdd/bootstrap-target-host.sh
+++ b/RebuildBdd/bootstrap-target-host.sh
@@ -94,6 +94,7 @@ to_bool_yes_no() {
  v="${v,,}"
  case "$v" in
    yes|y|oui|o|true|1) echo "yes" ;;
+    # Valeur vide traitée comme "no" pour conserver le comportement historique.
    no|n|non|false|0|"") echo "no" ;;
    *) return 1 ;;
  esac
@@ -385,6 +386,13 @@ log "Correction des permissions SSH côté cible"
 ssh "${SSH_OPTS[@]}" "$REMOTE" "$REMOTE_SSH_PERMS_CMD" \
  || fail "échec de correction des permissions SSH sur la cible"

+STRICT_OPTION="yes"
+case "${TARGET_BACKUP_KNOWN_HOSTS_STRICT_VALUE,,}" in
+  yes|y|oui|o|true|1) STRICT_OPTION="yes" ;;
+  no|n|non|false|0) STRICT_OPTION="no" ;;
+  *) fail "TARGET_BACKUP_KNOWN_HOSTS_STRICT invalide" ;;
+esac
+
 REMOTE_KNOWN_HOSTS_CMD="
 set -euo pipefail

@@ -406,13 +414,6 @@ log "Ajout du serveur de backup dans known_hosts côté cible"
 ssh "${SSH_OPTS[@]}" "$REMOTE" "$REMOTE_KNOWN_HOSTS_CMD" \
  || fail "échec de préparation known_hosts sur la cible"

-STRICT_OPTION="yes"
-case "${TARGET_BACKUP_KNOWN_HOSTS_STRICT_VALUE,,}" in
-  yes|y|oui|o|true|1) STRICT_OPTION="yes" ;;
-  no|n|non|false|0) STRICT_OPTION="no" ;;
-  *) fail "TARGET_BACKUP_KNOWN_HOSTS_STRICT invalide" ;;
-esac
-
 REMOTE_BACKUP_TEST_CMD="
 set -euo pipefail

--- a/RebuildBdd/create-target-config.sh
+++ b/RebuildBdd/create-target-config.sh
@@ -79,6 +79,7 @@ to_bool_yes_no() {
  v="${v,,}"
  case "$v" in
    yes|y|oui|o|true|1) echo "yes" ;;
+    # Valeur vide traitée comme "no" pour conserver le comportement historique.
    no|n|non|false|0|"") echo "no" ;;
    *) return 1 ;;
  esac
--- a/RebuildBdd/rebuild-bdd-core.sh
+++ b/RebuildBdd/rebuild-bdd-core.sh
@@ -121,6 +121,7 @@ to_bool_yes_no() {
  v="${v,,}"
  case "$v" in
    yes|y|oui|o|true|1) echo "yes" ;;
+    # Valeur vide traitée comme "no" pour conserver le comportement historique.
    no|n|non|false|0|"") echo "no" ;;
    *) return 1 ;;
  esac
--- a/RebuildBdd/run-rebuild-bdd.sh
+++ b/RebuildBdd/run-rebuild-bdd.sh
@@ -88,6 +88,7 @@ to_bool_yes_no() {
  v="${v,,}"
  case "$v" in
    yes|y|oui|o|true|1) echo "yes" ;;
+    # Valeur vide traitée comme "no" pour conserver le comportement historique.
    no|n|non|false|0|"") echo "no" ;;
    *) return 1 ;;
  esac