Drive/sunetdrive
7
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Decoupling the admin_password from proxysql

Browse source
This commit is contained in:
Micke Nordin 2024-10-24 12:15:08 +02:00
parent dac082f4f5
commit a8060b7774
Signed by untrusted user: Micke
GPG key ID: 0DA0A7A5708FE257
4 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
manifests/app_type.pp
View file

@ -15,7 +15,6 @@ define sunetdrive::app_type (
# The config used # The config used
$config = $override_config $config = $override_config
# Other settings # Other settings
$admin_password = $config[ 'admin_password' ]
$dbhost = $config[ 'dbhost' ] $dbhost = $config[ 'dbhost' ]
$dbname = $config[ 'dbname' ] $dbname = $config[ 'dbname' ]
$dbuser = $config[ 'dbuser' ] $dbuser = $config[ 'dbuser' ]
@ -31,7 +30,6 @@ define sunetdrive::app_type (
$config = hiera_hash($environment) $config = hiera_hash($environment)
$skeletondirectory = $config['skeletondirectory'] $skeletondirectory = $config['skeletondirectory']
# Other settings # Other settings
$admin_password = safe_hiera('admin_password')
$dbhost = 'proxysql_proxysql_1' $dbhost = 'proxysql_proxysql_1'
$dbname = 'nextcloud' $dbname = 'nextcloud'
$dbuser = 'nextcloud' $dbuser = 'nextcloud'

9
templates/application/complete_reinstall.erb.sh
View file

@ -3,7 +3,6 @@
config_php='/var/www/html/config/config.php' config_php='/var/www/html/config/config.php'
dbhost="<%= @dbhost %>" dbhost="<%= @dbhost %>"
mysql_user_password="<%= @mysql_user_password %>" mysql_user_password="<%= @mysql_user_password %>"
admin_password="<%= @admin_password %>"
location="<%= @location %>" location="<%= @location %>"
bucket="<%= @s3_bucket %>" bucket="<%= @s3_bucket %>"
@ -14,6 +13,9 @@ if [[ "${user_input}" == "IKnowWhatIAmDoing" ]]; then
echo "WARNING: This will delete everything in the database and reinstall Nextcloud." echo "WARNING: This will delete everything in the database and reinstall Nextcloud."
echo "You have 10 seconds to abort by hitting CTRL/C" echo "You have 10 seconds to abort by hitting CTRL/C"
sleep 10s sleep 10s
echo "Setting temp admin password"
apt update && apt install -y apg
admin_password="$(apg -m 40 | head -1)"
echo "Ok, proceeding." echo "Ok, proceeding."
echo "Dropping database in 3 seconds" echo "Dropping database in 3 seconds"
sleep 3s sleep 3s
@ -48,6 +50,11 @@ EOF
instanceid=$(grep -E "^ 'instanceid'" ${config_php} | awk -F "'" '{print $4}') instanceid=$(grep -E "^ 'instanceid'" ${config_php} | awk -F "'" '{print $4}')
secret=$(grep -E "^ 'secret'" ${config_php} | awk -F "'" '{print $4}') secret=$(grep -E "^ 'secret'" ${config_php} | awk -F "'" '{print $4}')
passwordsalt=$(grep -E "^ 'passwordsalt'" ${config_php} | awk -F "'" '{print $4}') passwordsalt=$(grep -E "^ 'passwordsalt'" ${config_php} | awk -F "'" '{print $4}')
echo "Now delete the admin user:"
echo " occ user:delete admin"
echo "and then create a new admin user:"
echo " /usr/local/bin/add_admin_user <username> <email address>"
echo ""
echo "Please use edit-secrets to add these variables to all Nextcloud servers:" echo "Please use edit-secrets to add these variables to all Nextcloud servers:"
echo "instanceid: DEC::PKCS7[${instanceid}]!" echo "instanceid: DEC::PKCS7[${instanceid}]!"
echo "secret: DEC::PKCS7[${secret}]!" echo "secret: DEC::PKCS7[${secret}]!"

2
templates/application/docker-compose_nextcloud.yml.erb
View file

@ -9,8 +9,6 @@ services:
<%- if @hostnet -%> <%- if @hostnet -%>
network_mode: host network_mode: host
<%- end -%> <%- end -%>
environment:
- NC_PASS=<%= @admin_password%>
volumes: volumes:
- /opt/nextcloud/000-default.conf:/etc/apache2/sites-enabled/000-default.conf - /opt/nextcloud/000-default.conf:/etc/apache2/sites-enabled/000-default.conf
- /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf - /opt/nextcloud/mpm_prefork.conf:/etc/apache2/mods-available/mpm_prefork.conf

9
templates/multinode/complete_reinstall.erb.sh
View file

@ -3,10 +3,12 @@
config_php='/var/www/html/config/config.php' config_php='/var/www/html/config/config.php'
dbhost="<%= @dbhost %>" dbhost="<%= @dbhost %>"
mysql_user_password="<%= @mysql_user_password %>" mysql_user_password="<%= @mysql_user_password %>"
admin_password="<%= @admin_password %>"
location="<%= @location %>" location="<%= @location %>"
bucket="<%= @s3_bucket %>" bucket="<%= @s3_bucket %>"
customer="<%= @customer %>" customer="<%= @customer %>"
echo "Setting temp admin password"
apt update && apt install -y apg
admin_password="$(apg -m 40 | head -1)"
/usr/bin/mysql -e "drop database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1 /usr/bin/mysql -e "drop database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1
/usr/bin/mysql -e "create database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1 /usr/bin/mysql -e "create database nextcloud" -u nextcloud -p"${mysql_user_password}" -h "${dbhost}" >/dev/null 2>&1
@ -35,6 +37,11 @@ EOF
instanceid=$(grep -E "^ 'instanceid'" ${config_php} | awk -F "'" '{print $4}') instanceid=$(grep -E "^ 'instanceid'" ${config_php} | awk -F "'" '{print $4}')
secret=$(grep -E "^ 'secret'" ${config_php} | awk -F "'" '{print $4}') secret=$(grep -E "^ 'secret'" ${config_php} | awk -F "'" '{print $4}')
passwordsalt=$(grep -E "^ 'passwordsalt'" ${config_php} | awk -F "'" '{print $4}') passwordsalt=$(grep -E "^ 'passwordsalt'" ${config_php} | awk -F "'" '{print $4}')
echo "Now delete the admin user:"
echo " occ <container> user:delete admin"
echo "and then create a new admin user:"
echo " /usr/local/bin/add_admin_user <username> <email address> <container>"
echo ""
echo "${customer}_instanceid: DEC::PKCS7[${instanceid}]!" echo "${customer}_instanceid: DEC::PKCS7[${instanceid}]!"
echo "${customer}_secret: DEC::PKCS7[${secret}]!" echo "${customer}_secret: DEC::PKCS7[${secret}]!"
echo "${customer}_passwordsalt: DEC::PKCS7[${passwordsalt}]!" echo "${customer}_passwordsalt: DEC::PKCS7[${passwordsalt}]!"