From 038d8d69f69be0576516eb78a2ceb23835de06e3 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 17:19:15 +0100 Subject: [PATCH 1/8] Make LDM password nicer --- bbmri/docker-compose.yml | 3 +-- bridgehead | 1 + ccp/docker-compose.yml | 3 +-- lib/functions.sh | 7 +++++++ lib/setup-bridgehead-units.sh | 7 ++----- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/bbmri/docker-compose.yml b/bbmri/docker-compose.yml index 4188714..b1a47b5 100644 --- a/bbmri/docker-compose.yml +++ b/bbmri/docker-compose.yml @@ -65,11 +65,10 @@ services: - "blaze-data:/app/data" labels: - "traefik.enable=true" - - "traefik.http.middlewares.ccp-auth.basicauth.users=${LDM_LOGIN}" - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/bbmri-localdatamanagement`)" - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/bbmri-localdatamanagement" - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" - - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth" + - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth" - "traefik.http.routers.blaze_ccp.tls=true" spot: diff --git a/bridgehead b/bridgehead index f18311a..3297c65 100755 --- a/bridgehead +++ b/bridgehead @@ -59,6 +59,7 @@ if [ -f "$PROJECT/docker-compose.override.yml" ]; then fi detectCompose +setLdmPassword case "$ACTION" in start) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index dfc7d34..989cc84 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -65,11 +65,10 @@ services: - "blaze-data:/app/data" labels: - "traefik.enable=true" - - "traefik.http.middlewares.ccp-auth.basicauth.users=${LDM_LOGIN}" - "traefik.http.routers.blaze_ccp.rule=PathPrefix(`/ccp-localdatamanagement`)" - "traefik.http.middlewares.ccp_b_strip.stripprefix.prefixes=/ccp-localdatamanagement" - "traefik.http.services.blaze_ccp.loadbalancer.server.port=8080" - - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,ccp-auth" + - "traefik.http.routers.blaze_ccp.middlewares=ccp_b_strip,auth" - "traefik.http.routers.blaze_ccp.tls=true" spot: diff --git a/lib/functions.sh b/lib/functions.sh index b5a03a0..3dd47cb 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -11,6 +11,13 @@ detectCompose() { fi } +setLdmPassword() { + if [ -z "$LDM_PASSWORD" ]; then + log DEBUG "Transforming LDM_PASSWORD into LDM_LOGIN ..." + LDM_LOGIN=$(docker run --rm -it httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r') + fi +} + exitIfNotRoot() { if [ "$EUID" -ne 0 ]; then log "ERROR" "Please run as root" diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index 820d6f6..519f224 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -35,15 +35,12 @@ EOF # TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour) if [ -z "$LDM_LOGIN" ]; then - log "INFO" "Now generating a password for the local datamangement. Please safe the password for your ETL process!" + log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!" generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd" parsed_passwd=$(docker run --rm -it httpd:latest htpasswd -nb $PROJECT $generated_passwd | tr -d '\n' | tr -d '\r') - printf "##Localdatamanagement basic auth\n#User: $PROJECT\n#Password: $generated_passwd\n" >> /etc/bridgehead/${PROJECT}.local.conf; - - log "INFO" "These credentials are now written to /etc/bridgehead/${PROJECT}.local.conf" - echo -n "LDM_LOGIN='${parsed_passwd}'" >> /etc/bridgehead/${PROJECT}.local.conf; + echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf; fi log "INFO" "Register system units for bridgehead and bridgehead-update" From 6394e1fa822a6b295740866458a246542d64bcc1 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 17:23:25 +0100 Subject: [PATCH 2/8] Check for LDM_PASSWORD --- lib/functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/functions.sh b/lib/functions.sh index 3dd47cb..e55d31a 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -12,7 +12,7 @@ detectCompose() { } setLdmPassword() { - if [ -z "$LDM_PASSWORD" ]; then + if [ -n "$LDM_PASSWORD" ]; then log DEBUG "Transforming LDM_PASSWORD into LDM_LOGIN ..." LDM_LOGIN=$(docker run --rm -it httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r') fi From a9864a928c70c1ae42ac8c6b5eb297b3aafb8c91 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 17:26:29 +0100 Subject: [PATCH 3/8] Remove unnecessary docker run --- lib/setup-bridgehead-units.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index 519f224..34ab6dc 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -39,7 +39,6 @@ if [ -z "$LDM_LOGIN" ]; then generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd" - parsed_passwd=$(docker run --rm -it httpd:latest htpasswd -nb $PROJECT $generated_passwd | tr -d '\n' | tr -d '\r') echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf; fi From 729d4e2c1e242798c80d57ef360f169fb435644c Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 17:29:52 +0100 Subject: [PATCH 4/8] Check against LDM_PASSWORD --- bridgehead | 2 +- lib/setup-bridgehead-units.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bridgehead b/bridgehead index 3297c65..babfaab 100755 --- a/bridgehead +++ b/bridgehead @@ -59,13 +59,13 @@ if [ -f "$PROJECT/docker-compose.override.yml" ]; then fi detectCompose -setLdmPassword case "$ACTION" in start) hc_send log "Bridgehead $PROJECT startup: Checking requirements ..." checkRequirements hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..." + setLdmPassword exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit ;; stop) diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index 34ab6dc..c5bb421 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -34,7 +34,7 @@ bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^} EOF # TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour) -if [ -z "$LDM_LOGIN" ]; then +if [ -z "$LDM_PASSWORD" ]; then log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!" generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" From 3ead08fae146b78edd50097f13ef00dec9b78c19 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 17:38:46 +0100 Subject: [PATCH 5/8] Add export --- lib/functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/functions.sh b/lib/functions.sh index e55d31a..0a0ab0a 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -14,7 +14,7 @@ detectCompose() { setLdmPassword() { if [ -n "$LDM_PASSWORD" ]; then log DEBUG "Transforming LDM_PASSWORD into LDM_LOGIN ..." - LDM_LOGIN=$(docker run --rm -it httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r') + export LDM_LOGIN=$(docker run --rm -it httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r') fi } From 6cd682e42c4b1d2c6fd4e55d2cd789a4a7855416 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 17:41:05 +0100 Subject: [PATCH 6/8] Add export --- bridgehead | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bridgehead b/bridgehead index babfaab..fc454fd 100755 --- a/bridgehead +++ b/bridgehead @@ -65,7 +65,9 @@ case "$ACTION" in hc_send log "Bridgehead $PROJECT startup: Checking requirements ..." checkRequirements hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..." + set -a setLdmPassword + set +a exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit ;; stop) From 62b8cabb31bb6019f0a74a04b24538201b374ebb Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 18:14:11 +0100 Subject: [PATCH 7/8] Fix getting LDM_LOGIN --- bridgehead | 4 +--- lib/functions.sh | 7 ++++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/bridgehead b/bridgehead index fc454fd..68e8933 100755 --- a/bridgehead +++ b/bridgehead @@ -65,9 +65,7 @@ case "$ACTION" in hc_send log "Bridgehead $PROJECT startup: Checking requirements ..." checkRequirements hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..." - set -a - setLdmPassword - set +a + export LDM_LOGIN=$(getLdmPassword) exec $COMPOSE -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit ;; stop) diff --git a/lib/functions.sh b/lib/functions.sh index 0a0ab0a..6c81d7b 100755 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -11,10 +11,11 @@ detectCompose() { fi } -setLdmPassword() { +getLdmPassword() { if [ -n "$LDM_PASSWORD" ]; then - log DEBUG "Transforming LDM_PASSWORD into LDM_LOGIN ..." - export LDM_LOGIN=$(docker run --rm -it httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r') + docker run --rm httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r' + else + echo -n "" fi } From 1b0fd61863a81626fae76bf18699c7b88043169b Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Thu, 3 Nov 2022 18:15:45 +0100 Subject: [PATCH 8/8] Make local passwords longer --- lib/setup-bridgehead-units.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/setup-bridgehead-units.sh b/lib/setup-bridgehead-units.sh index c5bb421..d258c0b 100755 --- a/lib/setup-bridgehead-units.sh +++ b/lib/setup-bridgehead-units.sh @@ -36,7 +36,7 @@ EOF # TODO: Determine wether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour) if [ -z "$LDM_PASSWORD" ]; then log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!" - generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" + generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)" log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd" echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf;