summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRamón M. Gómez <ramongomez@us.es>2019-10-16 12:18:22 +0200
committerRamón M. Gómez <ramongomez@us.es>2019-10-16 12:18:22 +0200
commitdde2db1684454f535bb8d331e31bd5ea9b9641a6 (patch)
tree5c11da747071cc3709315f4df4173b3ad2dee482
parent436abc7095b6d72df74c4193b5051c2b9399b325 (diff)
#925: Only the installer uses {{{settoken}}} script to generate authentication tokens.
-rw-r--r--doc/CHANGELOG.es.txt1
-rwxr-xr-xinstaller/opengnsys_installer.sh20
-rwxr-xr-xinstaller/opengnsys_update.sh11
-rwxr-xr-xserver/bin/setserveraddr16
-rwxr-xr-xserver/bin/settoken6
5 files changed, 19 insertions, 35 deletions
diff --git a/doc/CHANGELOG.es.txt b/doc/CHANGELOG.es.txt
index fa33a38a..bf55e684 100644
--- a/doc/CHANGELOG.es.txt
+++ b/doc/CHANGELOG.es.txt
@@ -50,6 +50,7 @@ Tickets resueltos en módulo OpenGnsys Server:
#899 Eliminar código obsoleto en ogAdmLib
#900 Fichero de configuración unificado (duplicado de #140)
#915 API REST para ogAdmServer
+#925 Script para generar API tokens de servicios
#929 Autenticación de clave pública entre los ogLive
Tickets resueltos en módulo OpenGnsys Web Admin Console:
diff --git a/installer/opengnsys_installer.sh b/installer/opengnsys_installer.sh
index f359f369..0a11415b 100755
--- a/installer/opengnsys_installer.sh
+++ b/installer/opengnsys_installer.sh
@@ -692,9 +692,6 @@ function mysqlImportSqlFileToDb()
local i=0
local dev=""
local status
- # Claves aleatorias para acceso a las APIs REST.
- local OPENGNSYS_APIKEY=$(php -r 'echo md5(uniqid(rand(), true));')
- OPENGNSYS_REPOKEY=$(php -r 'echo md5(uniqid(rand(), true));')
if [ ! -f $sqlfile ]; then
errorAndLog "${FUNCNAME}(): Unable to locate $sqlfile!!"
@@ -708,8 +705,6 @@ function mysqlImportSqlFileToDb()
sed -e "s/SERVERIP/${SERVERIP[i]}/g" \
-e "s/DBUSER/$OPENGNSYS_DB_USER/g" \
-e "s/DBPASSWORD/$OPENGNSYS_DB_PASSWD/g" \
- -e "s/APIKEY/$OPENGNSYS_APIKEY/g" \
- -e "s/REPOKEY/$OPENGNSYS_REPOKEY/g" \
$sqlfile > $tmpfile
fi
let i++
@@ -1494,10 +1489,8 @@ function openGnsysConfigure()
-e "s/DBUSER/$OPENGNSYS_DB_USER/g" \
-e "s/DBPASSWORD/$OPENGNSYS_DB_PASSWD/g" \
-e "s/DATABASE/$OPENGNSYS_DATABASE/g" \
- -e "s/REPOKEY/$OPENGNSYS_REPOKEY/g" \
$WORKDIR/opengnsys/admin/Sources/Services/ogAdmServer/ogAdmServer.cfg > $INSTALL_TARGET/etc/ogAdmServer-$dev.cfg
sed -e "s/SERVERIP/${SERVERIP[i]}/g" \
- -e "s/REPOKEY/$OPENGNSYS_REPOKEY/g" \
$WORKDIR/opengnsys/repoman/etc/ogAdmRepo.cfg.tmpl > $INSTALL_TARGET/etc/ogAdmRepo-$dev.cfg
sed -e "s/SERVERIP/${SERVERIP[i]}/g" \
-e "s/DBUSER/$OPENGNSYS_DB_USER/g" \
@@ -1546,9 +1539,16 @@ EOT
$DISABLESERVICE
fi
- echoAndLog "${FUNCNAME}(): Starting OpenGnsys services."
+ # Actualizar tokens de autenticación e iniciar los servicios.
service="opengnsys"
- $ENABLESERVICE; $STARTSERVICE
+ $ENABLESERVICE
+ if [ -x $INSTALL_TARGET/bin/settoken ]; then
+ echoAndLog "${FUNCNAME}(): Setting authentication tokens and starting OpenGnsys services."
+ $INSTALL_TARGET/bin/settoken -f
+ else
+ echoAndLog "${FUNCNAME}(): Starting OpenGnsys services."
+ $STARTSERVICE
+ fi
}
@@ -1582,7 +1582,7 @@ function installationSummary()
echoAndLog "Repository directory: $INSTALL_TARGET/images"
echoAndLog "DHCP configuration directory: $DHCPCFGDIR"
echoAndLog "TFTP configuration directory: $TFTPCFGDIR"
- echoAndLog "Installed ogLive client(s): $(oglivecli list | awk '{print $2}')"
+ echoAndLog "Installed ogLive client: $(oglivecli list | awk '{print $2}')"
echoAndLog "Samba configuration directory: $SAMBACFGDIR"
echoAndLog "Web Console URL: $OPENGNSYS_CONSOLEURL"
echoAndLog "Web Console access data: entered by the user"
diff --git a/installer/opengnsys_update.sh b/installer/opengnsys_update.sh
index 5aed44de..b418b639 100755
--- a/installer/opengnsys_update.sh
+++ b/installer/opengnsys_update.sh
@@ -301,7 +301,6 @@ function importSqlFile()
local tmpfile=$(mktemp)
local mycnf=/tmp/.my.cnf.$$
local status
- local APIKEY=$(php -r 'echo md5(uniqid(rand(), true));')
if [ ! -r $sqlfile ]; then
errorAndLog "${FUNCNAME}(): Unable to read $sqlfile!!"
@@ -311,8 +310,7 @@ function importSqlFile()
echoAndLog "${FUNCNAME}(): importing SQL file to ${database}..."
chmod 600 $tmpfile
sed -e "s/SERVERIP/$SERVERIP/g" -e "s/DBUSER/$OPENGNSYS_DB_USER/g" \
- -e "s/DBPASSWORD/$OPENGNSYS_DB_PASSWD/g" \
- -e "s/APIKEY/$APIKEY/g" -e "s/REPOKEY/$REPOKEY/g" $sqlfile > $tmpfile
+ -e "s/DBPASSWORD/$OPENGNSYS_DB_PASSWD/g" $sqlfile > $tmpfile
# Componer fichero con credenciales de conexión.
touch $mycnf
chmod 600 $mycnf
@@ -849,7 +847,6 @@ function updateDatabase()
fi
popd >/dev/null
- REPOKEY=$(php -r 'echo md5(uniqid(rand(), true));')
if [ -n "$FILES" ]; then
for file in $FILES; do
importSqlFile $OPENGNSYS_DBUSER $OPENGNSYS_DBPASSWORD $OPENGNSYS_DATABASE $DBDIR/$file
@@ -990,10 +987,8 @@ function compileServices()
hayErrores=1
fi
popd
- # Parar antiguo servicio de repositorio y añadir clave de acceso REST en su fichero de configuración.
+ # Parar antiguo servicio de repositorio.
pgrep ogAdmRepo > /dev/null && service="ogAdmRepo" $STOPSERVICE
- sed -i -n -e "/^ApiToken=/!p" -e "$ a\ApiToken=$REPOKEY" $INSTALL_TARGET/etc/ogAdmRepo.cfg
- sed -i -n -e "/^APITOKEN=/!p" -e "$ a\APITOKEN=$REPOKEY" $INSTALL_TARGET/etc/ogAdmServer.cfg
# Compilar OpenGnsys Agent
echoAndLog "${FUNCNAME}(): Recompiling OpenGnsys Server Agent"
pushd $WORKDIR/opengnsys/admin/Sources/Services/ogAdmAgent
@@ -1146,7 +1141,7 @@ function updateSummary()
fi
echoAndLog "Warnings:"
echoAndLog " - You must to clear web browser cache before loading OpenGnsys page"
- echoAndLog " - Generated new key to access Repository REST API (file ogAdmRepo.cfg)"
+ echoAndLog " - Run \"settoken\" script to update authentication tokens"
if [ -n "$INSTALLEDOGLIVE" ]; then
echoAndLog " - Installed new ogLive Client: $INSTALLEDOGLIVE"
fi
diff --git a/server/bin/setserveraddr b/server/bin/setserveraddr
index cca279b8..e2724886 100755
--- a/server/bin/setserveraddr
+++ b/server/bin/setserveraddr
@@ -115,13 +115,7 @@ if [ -n "$SERVERIP" ]; then
if [ $CHANGE == 1 ]; then
# Restart OpenGnsys services.
/etc/init.d/opengnsys restart
- # If Repository is active, generating a new API token.
source $DEFAULTFILE
- if [ "$RUN_OGADMREPO" == "yes" ]; then
- REPOKEY=$(php -r 'echo md5(uniqid(rand(), true));')
- sed -i -e "s/ApiToken=.*/ApiToken=$REPOKEY/" $OPENGNSYS/etc/ogAdmRepo.cfg
- sed -i -e "s/APITOKEN=.*/APITOKEN=$REPOKEY/" $OPENGNSYS/etc/ogAdmServer.cfg
- fi
# If OpenGnsys Server is active, updating the database.
if [ "$RUN_OGADMSERVER" == "yes" ]; then
source $OPENGNSYS/etc/ogAdmServer.cfg
@@ -136,14 +130,6 @@ EOT
"UPDATE entornos
SET ipserveradm='$SERVERIP'
WHERE identorno=1"
- # If OpenGnsys Repository is active, updating IP address and API token.
- if [ "$RUN_OGADMREPO" == "yes" ]; then
- mysql --defaults-extra-file=$MYCNF -D "$CATALOG" -e \
- "UPDATE repositorios
- SET ip='$SERVERIP', apikey='$REPOKEY'
- WHERE ip='$OLDSERVERIP'"
- unset REPOKEY
- fi
# Updating all menu URLs.
mysql --defaults-extra-file=$MYCNF -D "$CATALOG" -e \
"UPDATE menus
@@ -162,7 +148,7 @@ Manual tasks:
- Check PXE files.
- Log-in as Web Console user:
- Check menu URLs.
-${REPOKEY:+" - Update repository API token"}
+- Note: Run "settoken" script to update authentication tokens.
EOT
else
# Showing message if nothing changes.
diff --git a/server/bin/settoken b/server/bin/settoken
index dd98f06a..727dbe68 100755
--- a/server/bin/settoken
+++ b/server/bin/settoken
@@ -50,14 +50,14 @@ if [ "$SERVER" ]; then
[ "${ANSWER,,}" != "y" ] && raiseError cancel "API tokens not updated"
fi
APIKEY=$(php -r 'echo md5(uniqid(rand(), true));')
- sed -i "s/^APITOKEN=.*/APITOKEN=$APIKEY/" $SERVERCFG || raiseError access "Cannot update server file"
+ sed -i -n -e "/^APITOKEN=/!p" -e "$ a\APITOKEN=$APIKEY" $SERVERCFG || raiseError access "Cannot update server file"
fi
# Update repository token.
if [ "$REPO" ]; then
[ -w $REPOCFG ] || raiseError access "Repository configuration file"
APIKEY=$(php -r 'echo md5(uniqid(rand(), true));')
- sed -i "s/^ApiToken=.*/ApiToken=$APIKEY/" $REPOCFG || raiseError access "Cannot update repository file"
+ sed -i -n -e "/^ApiToken=/!p" -e "$ a\ApiToken=$APIKEY" $REPOCFG || raiseError access "Cannot update repository file"
# If database is local, update it.
source $SERVERCFG
source $REPOCFG
@@ -73,6 +73,8 @@ host=$datasource
EOT
mysql --defaults-extra-file="$MYCNF" --default-character-set=utf8 -D "$CATALOG" -e \
"UPDATE repositorios SET apikey='$APIKEY' WHERE ip='$IPlocal';" || raiseError access "Database error"
+ else
+ echo "Please, don't forget to update the authentication token for this repository on the web server (check the file ogAdmRepo.cfg)."
fi
fi