diff options
author | Ramón M. Gómez <ramongomez@us.es> | 2019-10-16 12:18:22 +0200 |
---|---|---|
committer | Ramón M. Gómez <ramongomez@us.es> | 2019-10-16 12:18:22 +0200 |
commit | dde2db1684454f535bb8d331e31bd5ea9b9641a6 (patch) | |
tree | 5c11da747071cc3709315f4df4173b3ad2dee482 | |
parent | 436abc7095b6d72df74c4193b5051c2b9399b325 (diff) |
#925: Only the installer uses {{{settoken}}} script to generate authentication tokens.
-rw-r--r-- | doc/CHANGELOG.es.txt | 1 | ||||
-rwxr-xr-x | installer/opengnsys_installer.sh | 20 | ||||
-rwxr-xr-x | installer/opengnsys_update.sh | 11 | ||||
-rwxr-xr-x | server/bin/setserveraddr | 16 | ||||
-rwxr-xr-x | server/bin/settoken | 6 |
5 files changed, 19 insertions, 35 deletions
diff --git a/doc/CHANGELOG.es.txt b/doc/CHANGELOG.es.txt index fa33a38a..bf55e684 100644 --- a/doc/CHANGELOG.es.txt +++ b/doc/CHANGELOG.es.txt @@ -50,6 +50,7 @@ Tickets resueltos en módulo OpenGnsys Server: #899 Eliminar código obsoleto en ogAdmLib #900 Fichero de configuración unificado (duplicado de #140) #915 API REST para ogAdmServer +#925 Script para generar API tokens de servicios #929 Autenticación de clave pública entre los ogLive Tickets resueltos en módulo OpenGnsys Web Admin Console: diff --git a/installer/opengnsys_installer.sh b/installer/opengnsys_installer.sh index f359f369..0a11415b 100755 --- a/installer/opengnsys_installer.sh +++ b/installer/opengnsys_installer.sh @@ -692,9 +692,6 @@ function mysqlImportSqlFileToDb() local i=0 local dev="" local status - # Claves aleatorias para acceso a las APIs REST. - local OPENGNSYS_APIKEY=$(php -r 'echo md5(uniqid(rand(), true));') - OPENGNSYS_REPOKEY=$(php -r 'echo md5(uniqid(rand(), true));') if [ ! -f $sqlfile ]; then errorAndLog "${FUNCNAME}(): Unable to locate $sqlfile!!" @@ -708,8 +705,6 @@ function mysqlImportSqlFileToDb() sed -e "s/SERVERIP/${SERVERIP[i]}/g" \ -e "s/DBUSER/$OPENGNSYS_DB_USER/g" \ -e "s/DBPASSWORD/$OPENGNSYS_DB_PASSWD/g" \ - -e "s/APIKEY/$OPENGNSYS_APIKEY/g" \ - -e "s/REPOKEY/$OPENGNSYS_REPOKEY/g" \ $sqlfile > $tmpfile fi let i++ @@ -1494,10 +1489,8 @@ function openGnsysConfigure() -e "s/DBUSER/$OPENGNSYS_DB_USER/g" \ -e "s/DBPASSWORD/$OPENGNSYS_DB_PASSWD/g" \ -e "s/DATABASE/$OPENGNSYS_DATABASE/g" \ - -e "s/REPOKEY/$OPENGNSYS_REPOKEY/g" \ $WORKDIR/opengnsys/admin/Sources/Services/ogAdmServer/ogAdmServer.cfg > $INSTALL_TARGET/etc/ogAdmServer-$dev.cfg sed -e "s/SERVERIP/${SERVERIP[i]}/g" \ - -e "s/REPOKEY/$OPENGNSYS_REPOKEY/g" \ $WORKDIR/opengnsys/repoman/etc/ogAdmRepo.cfg.tmpl > $INSTALL_TARGET/etc/ogAdmRepo-$dev.cfg sed -e "s/SERVERIP/${SERVERIP[i]}/g" \ -e "s/DBUSER/$OPENGNSYS_DB_USER/g" \ @@ -1546,9 +1539,16 @@ EOT $DISABLESERVICE fi - echoAndLog "${FUNCNAME}(): Starting OpenGnsys services." + # Actualizar tokens de autenticación e iniciar los servicios. service="opengnsys" - $ENABLESERVICE; $STARTSERVICE + $ENABLESERVICE + if [ -x $INSTALL_TARGET/bin/settoken ]; then + echoAndLog "${FUNCNAME}(): Setting authentication tokens and starting OpenGnsys services." + $INSTALL_TARGET/bin/settoken -f + else + echoAndLog "${FUNCNAME}(): Starting OpenGnsys services." + $STARTSERVICE + fi } @@ -1582,7 +1582,7 @@ function installationSummary() echoAndLog "Repository directory: $INSTALL_TARGET/images" echoAndLog "DHCP configuration directory: $DHCPCFGDIR" echoAndLog "TFTP configuration directory: $TFTPCFGDIR" - echoAndLog "Installed ogLive client(s): $(oglivecli list | awk '{print $2}')" + echoAndLog "Installed ogLive client: $(oglivecli list | awk '{print $2}')" echoAndLog "Samba configuration directory: $SAMBACFGDIR" echoAndLog "Web Console URL: $OPENGNSYS_CONSOLEURL" echoAndLog "Web Console access data: entered by the user" diff --git a/installer/opengnsys_update.sh b/installer/opengnsys_update.sh index 5aed44de..b418b639 100755 --- a/installer/opengnsys_update.sh +++ b/installer/opengnsys_update.sh @@ -301,7 +301,6 @@ function importSqlFile() local tmpfile=$(mktemp) local mycnf=/tmp/.my.cnf.$$ local status - local APIKEY=$(php -r 'echo md5(uniqid(rand(), true));') if [ ! -r $sqlfile ]; then errorAndLog "${FUNCNAME}(): Unable to read $sqlfile!!" @@ -311,8 +310,7 @@ function importSqlFile() echoAndLog "${FUNCNAME}(): importing SQL file to ${database}..." chmod 600 $tmpfile sed -e "s/SERVERIP/$SERVERIP/g" -e "s/DBUSER/$OPENGNSYS_DB_USER/g" \ - -e "s/DBPASSWORD/$OPENGNSYS_DB_PASSWD/g" \ - -e "s/APIKEY/$APIKEY/g" -e "s/REPOKEY/$REPOKEY/g" $sqlfile > $tmpfile + -e "s/DBPASSWORD/$OPENGNSYS_DB_PASSWD/g" $sqlfile > $tmpfile # Componer fichero con credenciales de conexión. touch $mycnf chmod 600 $mycnf @@ -849,7 +847,6 @@ function updateDatabase() fi popd >/dev/null - REPOKEY=$(php -r 'echo md5(uniqid(rand(), true));') if [ -n "$FILES" ]; then for file in $FILES; do importSqlFile $OPENGNSYS_DBUSER $OPENGNSYS_DBPASSWORD $OPENGNSYS_DATABASE $DBDIR/$file @@ -990,10 +987,8 @@ function compileServices() hayErrores=1 fi popd - # Parar antiguo servicio de repositorio y añadir clave de acceso REST en su fichero de configuración. + # Parar antiguo servicio de repositorio. pgrep ogAdmRepo > /dev/null && service="ogAdmRepo" $STOPSERVICE - sed -i -n -e "/^ApiToken=/!p" -e "$ a\ApiToken=$REPOKEY" $INSTALL_TARGET/etc/ogAdmRepo.cfg - sed -i -n -e "/^APITOKEN=/!p" -e "$ a\APITOKEN=$REPOKEY" $INSTALL_TARGET/etc/ogAdmServer.cfg # Compilar OpenGnsys Agent echoAndLog "${FUNCNAME}(): Recompiling OpenGnsys Server Agent" pushd $WORKDIR/opengnsys/admin/Sources/Services/ogAdmAgent @@ -1146,7 +1141,7 @@ function updateSummary() fi echoAndLog "Warnings:" echoAndLog " - You must to clear web browser cache before loading OpenGnsys page" - echoAndLog " - Generated new key to access Repository REST API (file ogAdmRepo.cfg)" + echoAndLog " - Run \"settoken\" script to update authentication tokens" if [ -n "$INSTALLEDOGLIVE" ]; then echoAndLog " - Installed new ogLive Client: $INSTALLEDOGLIVE" fi diff --git a/server/bin/setserveraddr b/server/bin/setserveraddr index cca279b8..e2724886 100755 --- a/server/bin/setserveraddr +++ b/server/bin/setserveraddr @@ -115,13 +115,7 @@ if [ -n "$SERVERIP" ]; then if [ $CHANGE == 1 ]; then # Restart OpenGnsys services. /etc/init.d/opengnsys restart - # If Repository is active, generating a new API token. source $DEFAULTFILE - if [ "$RUN_OGADMREPO" == "yes" ]; then - REPOKEY=$(php -r 'echo md5(uniqid(rand(), true));') - sed -i -e "s/ApiToken=.*/ApiToken=$REPOKEY/" $OPENGNSYS/etc/ogAdmRepo.cfg - sed -i -e "s/APITOKEN=.*/APITOKEN=$REPOKEY/" $OPENGNSYS/etc/ogAdmServer.cfg - fi # If OpenGnsys Server is active, updating the database. if [ "$RUN_OGADMSERVER" == "yes" ]; then source $OPENGNSYS/etc/ogAdmServer.cfg @@ -136,14 +130,6 @@ EOT "UPDATE entornos SET ipserveradm='$SERVERIP' WHERE identorno=1" - # If OpenGnsys Repository is active, updating IP address and API token. - if [ "$RUN_OGADMREPO" == "yes" ]; then - mysql --defaults-extra-file=$MYCNF -D "$CATALOG" -e \ - "UPDATE repositorios - SET ip='$SERVERIP', apikey='$REPOKEY' - WHERE ip='$OLDSERVERIP'" - unset REPOKEY - fi # Updating all menu URLs. mysql --defaults-extra-file=$MYCNF -D "$CATALOG" -e \ "UPDATE menus @@ -162,7 +148,7 @@ Manual tasks: - Check PXE files. - Log-in as Web Console user: - Check menu URLs. -${REPOKEY:+" - Update repository API token"} +- Note: Run "settoken" script to update authentication tokens. EOT else # Showing message if nothing changes. diff --git a/server/bin/settoken b/server/bin/settoken index dd98f06a..727dbe68 100755 --- a/server/bin/settoken +++ b/server/bin/settoken @@ -50,14 +50,14 @@ if [ "$SERVER" ]; then [ "${ANSWER,,}" != "y" ] && raiseError cancel "API tokens not updated" fi APIKEY=$(php -r 'echo md5(uniqid(rand(), true));') - sed -i "s/^APITOKEN=.*/APITOKEN=$APIKEY/" $SERVERCFG || raiseError access "Cannot update server file" + sed -i -n -e "/^APITOKEN=/!p" -e "$ a\APITOKEN=$APIKEY" $SERVERCFG || raiseError access "Cannot update server file" fi # Update repository token. if [ "$REPO" ]; then [ -w $REPOCFG ] || raiseError access "Repository configuration file" APIKEY=$(php -r 'echo md5(uniqid(rand(), true));') - sed -i "s/^ApiToken=.*/ApiToken=$APIKEY/" $REPOCFG || raiseError access "Cannot update repository file" + sed -i -n -e "/^ApiToken=/!p" -e "$ a\ApiToken=$APIKEY" $REPOCFG || raiseError access "Cannot update repository file" # If database is local, update it. source $SERVERCFG source $REPOCFG @@ -73,6 +73,8 @@ host=$datasource EOT mysql --defaults-extra-file="$MYCNF" --default-character-set=utf8 -D "$CATALOG" -e \ "UPDATE repositorios SET apikey='$APIKEY' WHERE ip='$IPlocal';" || raiseError access "Database error" + else + echo "Please, don't forget to update the authentication token for this repository on the web server (check the file ogAdmRepo.cfg)." fi fi |