diff --git a/bridgehead b/bridgehead index 1a88973..5319620 100755 --- a/bridgehead +++ b/bridgehead @@ -73,7 +73,6 @@ case "$ACTION" in hc_send log "Bridgehead $PROJECT startup: Checking requirements ..." checkRequirements hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..." - export LDM_LOGIN=$(getLdmPassword) exec $COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit ;; stop) diff --git a/ccp/nngm-compose.yml b/ccp/nngm-compose.yml index 18be977..e61532d 100644 --- a/ccp/nngm-compose.yml +++ b/ccp/nngm-compose.yml @@ -24,6 +24,6 @@ services: traefik: labels: - - "traefik.http.middlewares.auth-nngm.basicauth.users=$NNGM_AUTH" + - "traefik.http.middlewares.auth-nngm.basicauth.users=${NNGM_AUTH}" diff --git a/ccp/nngm-setup.sh b/ccp/nngm-setup.sh index bcc4cd1..cb9590a 100644 --- a/ccp/nngm-setup.sh +++ b/ccp/nngm-setup.sh @@ -1,8 +1,4 @@ #!/bin/bash -##nNGM vars: -#NNGM_MAGICPL_APIKEY -#NNGM_CTS_APIKEY -#NNGM_CRYPTKEY function nngmSetup() { if [ -n "$NNGM_CTS_APIKEY" ]; then diff --git a/lib/functions.sh b/lib/functions.sh index cd73186..d6c1b85 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -9,14 +9,6 @@ detectCompose() { fi } -getLdmPassword() { - if [ -n "$LDM_PASSWORD" ]; then - docker run --rm docker.verbis.dkfz.de/cache/httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r' - else - echo -n "" - fi -} - exitIfNotRoot() { if [ "$EUID" -ne 0 ]; then log "ERROR" "Please run as root" @@ -34,7 +26,7 @@ checkOwner(){ } printUsage() { - echo "Usage: bridgehead start|stop|is-running|update|install|uninstall|enroll PROJECTNAME" + echo "Usage: bridgehead start|stop|is-running|update|install|uninstall|addUser|enroll PROJECTNAME" echo "PROJECTNAME should be one of ccp|bbmri" } @@ -183,27 +175,21 @@ function bk_is_running { ##Setting Network properties # currently not needed #export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}'); -addBasicAuthUser() { + + +add_basic_auth_user() { USER="${1}" PASSWORD="${2}" NAME="${3}" PROJECT="${4}" FILE="/etc/bridgehead/${PROJECT}.local.conf" ENCRY_CREDENTIALS="$(docker run --rm docker.verbis.dkfz.de/cache/httpd:alpine htpasswd -nb $USER $PASSWORD | tr -d '\n' | tr -d '\r')" - if [ -f $FILE ] && grep -R -q "$NAME=" $FILE # if a basic auth user already exists: + if [ -f $FILE ] && grep -R -q "$NAME=" $FILE # if a specific basic auth user already exists: then - sed -i "/$NAME/ s/$/,$ENCRY_CREDENTIALS/" $FILE + sed -i "/$NAME/ s|='|='$ENCRY_CREDENTIALS,|" $FILE else - echo -e "\n## Basic Authentication Credentials for:\n$NAME=$ENCRY_CREDENTIALS" >> $FILE; + echo -e "\n## Basic Authentication Credentials for:\n$NAME='$ENCRY_CREDENTIALS'" >> $FILE; fi - read -p "Do you want to have your cleartext credentials saved in your $FILE: [y/n]" yn - case $yn in - [yYjJ] ) - echo "ok, variables are saved in $FILE" - echo -e "# User: $USER\n# Password: $PASSWORD" >> $FILE; - ;; - [nN] ) - echo "skip saving cleartext LDM credentials; make sure to save them somewhere else" - ;; - esac + log DEBUG "Saving clear text credentials in $FILE. If wanted, delete them manually." + sed -i "/^$NAME/ s|$|\n# User: $USER\n# Password: $PASSWORD|" $FILE } \ No newline at end of file diff --git a/lib/install-bridgehead.sh b/lib/install-bridgehead.sh index 906e4a1..d0e9964 100755 --- a/lib/install-bridgehead.sh +++ b/lib/install-bridgehead.sh @@ -29,12 +29,16 @@ bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^} EOF # TODO: Determine whether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour) -if [ -z "$LDM_PASSWORD" ]; then - log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!" +if [ -z "$LDM_AUTH" ]; then + log "INFO" "Now generating basic auth for the local data management (see addUser in bridgehead for more information). " generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)" + add_basic_auth_user $PROJECT $generated_passwd "LDM_AUTH" $PROJECT +fi - log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd" - addBasicAuthUser $PROJECT $generated_passwd "LDM_LOGIN" $PROJECT +if [ -z "$NNGM_CTS_APIKEY" ] && [ -z "$NNGM_AUTH" ]; then + log "INFO" "Now generating basic auth for nNGM upload API (see addUser in bridgehead for more information). " + generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)" + add_basic_auth_user "nngm" $generated_passwd "NNGM_AUTH" $PROJECT fi log "INFO" "Registering system units for bridgehead and bridgehead-update" diff --git a/lib/sitespecific-functions.sh b/lib/sitespecific-functions.sh old mode 100644 new mode 100755 index 55c3142..04db02e --- a/lib/sitespecific-functions.sh +++ b/lib/sitespecific-functions.sh @@ -1,7 +1,11 @@ #!/bin/bash -e + source lib/functions.sh -PROJECT="ccp" -log "INFO" "Adding custom encrypted credentials in /etc/bridgehead/$PROJECT.local.conf" -read -p "Please enter custom user: " user -read -s -p "Please enter password (will not be echoed): "$'\n' password -addBasicAuthUser $user $password "NNGM_AUTH" $PROJECT \ No newline at end of file + +PROJECT=$1 + +log "INFO" "Adding encrypted credentials in /etc/bridgehead/$PROJECT.local.conf" +read -p "Please choose the component (LDM_AUTH|NNGM_AUTH) you want to add a user to : " COMPONENT +read -p "Please enter a username: " USER +read -s -p "Please enter a password (will not be echoed): "$'\n' PASSWORD +add_basic_auth_user $USER $PASSWORD $COMPONENT $PROJECT \ No newline at end of file diff --git a/minimal/docker-compose.yml b/minimal/docker-compose.yml index cd4c2e5..055f683 100644 --- a/minimal/docker-compose.yml +++ b/minimal/docker-compose.yml @@ -21,7 +21,7 @@ services: - "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.routers.dashboard.tls=true" - "traefik.http.routers.dashboard.middlewares=auth" - - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}" + - "traefik.http.middlewares.auth.basicauth.users=${LDM_AUTH}" ports: - 80:80 - 443:443