samply
/
bridgehead
mirror of https://github.com/samply/bridgehead.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #161 from samply/fix/minimal-checks 

Don't test clock skew and private key existance for minimal bridgeheads
This commit is contained in:
Tobias Kussel 2024-03-08 09:20:05 +01:00 committed by GitHub
parent 48e198fa0c b5c35211f6
commit 3223c22ff5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 23 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
lib/prerequisites.sh
View File

@ -67,29 +67,30 @@ log INFO "Checking network access ($BROKER_URL_FOR_PREREQ) ..."
source /etc/bridgehead/${PROJECT}.conf source /etc/bridgehead/${PROJECT}.conf
source ${PROJECT}/vars source ${PROJECT}/vars
set +e if [ "${PROJECT}" != "minimal" ]; then
SERVERTIME="$(https_proxy=$HTTPS_PROXY_FULL_URL curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')" set +e
RET=$? SERVERTIME="$(https_proxy=$HTTPS_PROXY_FULL_URL curl -m 5 -s -I $BROKER_URL_FOR_PREREQ 2>&1 | grep -i -e '^Date: ' | sed -e 's/^Date: //i')"
set -e RET=$?
if [ $RET -ne 0 ]; then set -e
log WARN "Unable to connect to Samply.Beam broker at $BROKER_URL_FOR_PREREQ. Please check your proxy settings.\nThe currently configured proxy was \"$HTTPS_PROXY_URL\". This error is normal when using proxy authentication." if [ $RET -ne 0 ]; then
log WARN "Unable to check clock skew due to previous error." log WARN "Unable to connect to Samply.Beam broker at $BROKER_URL_FOR_PREREQ. Please check your proxy settings.\nThe currently configured proxy was \"$HTTPS_PROXY_URL\". This error is normal when using proxy authentication."
else log WARN "Unable to check clock skew due to previous error."
log INFO "Checking clock skew ..." else
log INFO "Checking clock skew ..."
SERVERTIME_AS_TIMESTAMP=$(date --date="$SERVERTIME" +%s) SERVERTIME_AS_TIMESTAMP=$(date --date="$SERVERTIME" +%s)
MYTIME=$(date +%s) MYTIME=$(date +%s)
SKEW=$(($SERVERTIME_AS_TIMESTAMP - $MYTIME)) SKEW=$(($SERVERTIME_AS_TIMESTAMP - $MYTIME))
SKEW=$(echo $SKEW | awk -F- '{print $NF}') SKEW=$(echo $SKEW | awk -F- '{print $NF}')
SYNCTEXT="For example, consider entering a correct NTP server (e.g. your institution's Active Directory Domain Controller in /etc/systemd/timesyncd.conf (option NTP=) and restart systemd-timesyncd." SYNCTEXT="For example, consider entering a correct NTP server (e.g. your institution's Active Directory Domain Controller in /etc/systemd/timesyncd.conf (option NTP=) and restart systemd-timesyncd."
if [ $SKEW -ge 300 ]; then if [ $SKEW -ge 300 ]; then
report_error 5 "Your clock is not synchronized (${SKEW}s off). This will cause Samply.Beam's certificate will fail. Please setup time synchronization. $SYNCTEXT" report_error 5 "Your clock is not synchronized (${SKEW}s off). This will cause Samply.Beam's certificate will fail. Please setup time synchronization. $SYNCTEXT"
exit 1 exit 1
elif [ $SKEW -ge 60 ]; then elif [ $SKEW -ge 60 ]; then
log WARN "Your clock is more than a minute off (${SKEW}s). Consider syncing to a time server. $SYNCTEXT" log WARN "Your clock is more than a minute off (${SKEW}s). Consider syncing to a time server. $SYNCTEXT"
fi fi
fi
fi fi
checkPrivKey() { checkPrivKey() {
if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then if [ -e /etc/bridgehead/pki/${SITE_ID}.priv.pem ]; then
log INFO "Success - private key found." log INFO "Success - private key found."
@ -100,7 +101,7 @@ checkPrivKey() {
return 0 return 0
} }
if [[ "$@" =~ "noprivkey" ]]; then if [[ "$@" =~ "noprivkey" || "${PROJECT}" != "minimal" ]]; then
log INFO "Skipping check for private key for now." log INFO "Skipping check for private key for now."
else else
checkPrivKey || exit 1 checkPrivKey || exit 1