Compare commits
7 Commits
| Author | SHA1 | Date |
|---|---|---|
 Luis Gerardo Romero Garcia
|
3f76ad2870 | |
 Nicolas Arenas
|
b04ea6c41c | |
|
Nicolas Arenas
|
9fad552a99 | |
|
Nicolas Arenas
|
a5f42751f1 | |
|
Nicolas Arenas
|
7c50c1f13f | |
|
Nicolas Arenas
|
e49d9cfb7e | |
|
Nicolas Arenas
|
083e101713 |
|
|
@ -1447,6 +1447,7 @@ public function getBootFiles(): JsonResponse
|
|||
* @OA\Property(property="mac", type="string", example="00:50:56:22:11:12"),
|
||||
* @OA\Property(property="template_name", type="string", example="mi_plantilla.ipxe"),
|
||||
* @OA\Property(property="server_ip", type="string", example="192.168.2.1"),
|
||||
* @OA\Property(property="server_pxe_port", type="string", example="8082"),
|
||||
* @OA\Property(property="oglivedir", type="string", example="ogLive")
|
||||
* )
|
||||
* ),
|
||||
|
|
@ -1491,6 +1492,14 @@ public function createBootFile(Request $request): JsonResponse
|
|||
if ($serverIp && strpos($serverIp, ':') !== false) {
|
||||
$serverIp = explode(':', $serverIp)[0];
|
||||
}
|
||||
//Declaramos serverPxePort que lo usaremos para la llamada por http
|
||||
$serverPxePort = $data['server_pxe_port'] ?? null;
|
||||
|
||||
$serverIpPort = $serverIp;
|
||||
if (!empty($serverPxePort)) {
|
||||
$serverIpPort .= ':' . $serverPxePort;
|
||||
}
|
||||
|
||||
$ogLiveDir = $data['oglivedir'] ?? 'ogLive';
|
||||
|
||||
// Verificación de los campos obligatorios
|
||||
|
|
@ -1528,6 +1537,7 @@ public function createBootFile(Request $request): JsonResponse
|
|||
$parameters = [
|
||||
'LANG' => $data['lang'] ?? 'es_ES.UTF-8',
|
||||
'ip' => $data['ip'] ?? '',
|
||||
'server_pxe_port' => $data['server_pxe_port'] ?? '',
|
||||
'router' => $data['router'] ?? '',
|
||||
'netmask' => $data['netmask'] ?? '',
|
||||
'computer_name' => $data['computer_name'] ?? '',
|
||||
|
|
@ -1599,12 +1609,7 @@ public function createBootFile(Request $request): JsonResponse
|
|||
(is_numeric($parameters['resolution']) && $parameters['resolution'] <= 999 ? 'vga=' . $parameters['resolution'] :
|
||||
(strpos($parameters['resolution'], ':') !== false ? 'video=' . $parameters['resolution'] : ' ' . $parameters['resolution']));
|
||||
|
||||
// Esta será llamada a http para arrancar kernel e imagen de inicialización
|
||||
// Si lo requiriese debe llevar puerto ya que se comunica con nginx
|
||||
$serverIpPort = $this->ogBootIP;
|
||||
if (!empty($this->ogBootPort)) {
|
||||
$serverIpPort .= ':' . $this->ogBootPort;
|
||||
}
|
||||
|
||||
// Extraer solo el nombre del directorio si contiene una ruta completa PROVISIONAL
|
||||
if (strpos($ogLiveDir, '/') !== false) {
|
||||
$ogLiveDir = basename($ogLiveDir);
|
||||
|
|
|
|||
|
|
@ -74,7 +74,8 @@ Depends:
|
|||
wget,
|
||||
xinetd,
|
||||
isolinux,
|
||||
file
|
||||
file,
|
||||
stunnel4
|
||||
Conflicts: apache2
|
||||
Description: Opengnsys Ogboot package
|
||||
Files for the ogboot API and rest of configuration.
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
/opt/opengnsys/ogboot/client_log
|
||||
/opt/opengnsys/ogboot/mnt
|
||||
/opt/opengnsys/ogboot/tftpboot
|
||||
/opt/opengnsys/ogboot/etc/certificates
|
||||
/var/log/opengnsys/
|
||||
|
|
|
|||
|
|
@ -167,6 +167,12 @@ configure_permissions(){
|
|||
chown -R opengnsys:www-data /opt/opengnsys/ogboot
|
||||
}
|
||||
|
||||
configure_stunnel(){
|
||||
cp /opt/opengnsys/ogboot/etc/stunnel-ogboot.service /etc/systemd/system/stunnel-ogboot.service
|
||||
sed -i "s|connect = __SERVERIP__:8443|connect = $OGBOOT_IP:8443|g" /opt/opengnsys/ogboot/etc/stunnel/stunnel-ogboot-client.conf
|
||||
|
||||
}
|
||||
|
||||
restart_services(){
|
||||
systemctl daemon-reload
|
||||
systemctl restart nginx
|
||||
|
|
@ -186,6 +192,7 @@ if [ "$1" = "configure" ] && [ -z "$2" ]; then
|
|||
install_oglive
|
||||
configure_ipxe
|
||||
configure_api
|
||||
configure_stunnel
|
||||
configure_nginx_and_fpm
|
||||
configure_samba
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,33 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFrzCCA5egAwIBAgIUPmq2FSZvV2NBGIIxx5729SJN0FQwDQYJKoZIhvcNAQEL
|
||||
BQAwZzELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk
|
||||
cmlkMRIwEAYDVQQKDAlPcGVuZ25zeXMxCzAJBgNVBAsMAkNBMRUwEwYDVQQDDAxv
|
||||
cGVuZ25zeXMtY2EwHhcNMjUwNTE2MDgzNjM4WhcNMzUwNTE0MDgzNjM4WjBnMQsw
|
||||
CQYDVQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMQ8wDQYDVQQHDAZNYWRyaWQxEjAQ
|
||||
BgNVBAoMCU9wZW5nbnN5czELMAkGA1UECwwCQ0ExFTATBgNVBAMMDG9wZW5nbnN5
|
||||
cy1jYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANSAiJFAU7wV6hYb
|
||||
PKmjjuNFp07ITJC0vThRegIXcadAw9cblgYtD6e4KYT8LzrRpZDAazAWLSAY72W8
|
||||
i8/wWYcVIMDhtbhKy+pLFL0Z1LJpV6s6ged0wB5wQ37g1RDWeydrY9mEOr0LSC8X
|
||||
7ye7mTqtSxECglloRJw5p/9Z5yDZf2t1U6+e3WfZqKLZl9IXBb5cdR9mxUAf23/T
|
||||
ciAfTBNgltJ3noQERtjHZqxb9jrqpwaKhnZoGw4fb0poI9OQXitOzoR/b8ADMfUK
|
||||
KJ/d9iyq9h6gv4GPEJlDJK89vQlBhJAy8tHR6Qjd0nG+Be6moCndBqiHLAehMxkq
|
||||
8JS+bUOsAxq4XSsis5XQHOm/xZ4jlkerNQeeK+b0EDESjdNkKJXVy235FFJbCwGq
|
||||
IR8fdYUJenhqsHOd7WEjm5HfYo41mPG3002Wxs8oN1oNbqIzR/fxTGHWJKXX0LVt
|
||||
ZKg3s7h0MfmxMIJ5kHsh9wTO4qMIADmWPj5iCIXS15eAU3WJd4yYxTfcu1wwLBuv
|
||||
ATtZXLc/LI56PAvU1kXgdIT+OeBctVuBxKy11vrb82LF7WUZI3cP3MoRbGOLnc93
|
||||
u8pMu59l+l7pA7wjGJHSyt/H5f52ZHdbz/BMSY96/ETgAUHERM9cMoN+AGrI4Yf8
|
||||
8ZiuiAkSmukAShOfa05P8zqcXXjZAgMBAAGjUzBRMB0GA1UdDgQWBBTTPskAqxZM
|
||||
a7z7DBkb4MCspW7/bzAfBgNVHSMEGDAWgBTTPskAqxZMa7z7DBkb4MCspW7/bzAP
|
||||
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQC+PQBDayFqVA0BAupP
|
||||
1ksZW3rXCIPIqSqbOG8BsgnOJXt+7Isql06/3LFEdaztjAptSEqX2K7Q7Ov4ZOF5
|
||||
+lF2pSuIJwsVbzFbmrejkSZScQmXzAvQmNwMcWjpplhe0DG6hYdLek6IOo7BP2mG
|
||||
12l1mZbIkgmMbRK7Up6rQ5c9/PmcTqN5RXe3CEWPpBs5FEoD++k6wtYrZlaTCB2s
|
||||
P6taQuN1waO3jfu8KApQlcVEmlxaosrJSu8tBAE/zN9GwpR3WsdrD2iUB2d+g2rB
|
||||
RZ1P+DRnwpfIn7SEWUAezGW05Qu2gyfoZkiQ97zOYBXYCYwoNFVFtHnaRLO58cjz
|
||||
QR8+CLjs9svsrNXw+1rvUJoYyzh0vEBc+SUxKQ/7EGN6m9P7iod936Eqy6ztvUSV
|
||||
LdHxv8g0FOlmlLW1Afmiu2NopVsZqxOm1oZdurt7tYcNncu5AYwFmlP/iyDMmJBI
|
||||
hIUHmEUf0+v0K52H/ziIFovI7MVmY1RHlL5DABH+MiM6MmSl0NtW5DbEWEZN1vZI
|
||||
d3J6hsL/7o2wDYkLYkTolrBHbmvN5hoFu+b/YBAmrikJ027Lw1H04PvyW+PV1+DI
|
||||
4uTQ0NEMLhYBBY0ucg1iw6wsEbHhJwmMmen8/b18ZBytRyTzuKCyD6g6iLMEoDNG
|
||||
KOH0n1CGLevamLAYrLTwfXBTYQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFDjCCAvagAwIBAgIUEcS4b1cHsVkFGWqjVqHPrYkFl0wwDQYJKoZIhvcNAQEL
|
||||
BQAwZzELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk
|
||||
cmlkMRIwEAYDVQQKDAlPcGVuZ25zeXMxCzAJBgNVBAsMAkNBMRUwEwYDVQQDDAxv
|
||||
cGVuZ25zeXMtY2EwHhcNMjUwNTE2MDkxMzE5WhcNMjcwODE5MDkxMzE5WjBrMQsw
|
||||
CQYDVQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMQ8wDQYDVQQHDAZNYWRyaWQxEjAQ
|
||||
BgNVBAoMCU9wZW5nbnN5czEPMA0GA1UECwwGb2dib290MRUwEwYDVQQDDAxvZ2Jv
|
||||
b3QubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqDJ+pPUEg
|
||||
8rzejOkZhM3iOCSulHQJ5igMQP8Q3U4/6jJB7qHJyV93b2CQpUowmG2QA5nZtPDO
|
||||
fCiDoYpovunix2nB282xDQACmrZ5P8qhhF3KgP596hwNPDHoyi1SzHv+WkMio/lS
|
||||
Ie4RivkyDmcKHmDR6xtJMpr96FLFgAmDDG7Ht0rK64QAJixA3Nqp7N9MqtitoXU9
|
||||
y2dAjT8xT3QLhPPoGcBWmn1ttwwc4KwIjSEQC35YtdI42Pq8kdMuRaKQO7ms6rs9
|
||||
b/A2QHfYq/JBR/cB5/JTwzHyMhJSVhQ2mJR8NhFESJTEJv2PMOpBKXEV4T60zLTl
|
||||
3+lre+6PkKUBAgMBAAGjga0wgaowHwYDVR0jBBgwFoAU0z7JAKsWTGu8+wwZG+DA
|
||||
rKVu/28wCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
|
||||
AwEGCCsGAQUFBwMCMDEGA1UdEQQqMCiCDG9nYm9vdC5sb2NhbIISb3Blbmduc3lz
|
||||
Lm5hdGkuY29thwTAqAEsMB0GA1UdDgQWBBRx9Ln26coMMR8qI3gH8/piY4g8yjAN
|
||||
BgkqhkiG9w0BAQsFAAOCAgEArybLmxjinaY/Lp/VjbUgaHo1nrkFsJU7LMTInqhT
|
||||
D/YPTODKTk12CqBxOtChKmX5y7Aydv7vEmuoy7vUmEIBDCM+8W2yBnB6j1A/rgPv
|
||||
+4OufjCdnTeyGzcMmX+PE1d7it0Iyl8p2vAHnQC3DkWeBbAhwLd89vc2KyCfGp3F
|
||||
1vrQTFO6/Oxf2zgzRfkQJWtCIkh8io+urCDm7khns7wU6LxVJpsYKcsBtcvcmnDi
|
||||
dHvHxzlyoyxL6/x8irYeKo01exUwdLR9BwGb54/rIvgtsN/iaOC9jVd76x4pP9Cy
|
||||
F3Ici9bc7P/snDZoDgqMfDX0Au6QNJTfnDCltZk8HBfGlH3TiiL3XK9EiAWHv7PG
|
||||
p2yGpt0rMr2RP0gxm/Uysill+zZtJoFzShdcTNqDT0sCDLfB0SuRGkVPLFY3i9vk
|
||||
SfDcNVq8ltEjpCPrtlwLOxedLFjUFJzIbj67GqwY3R4d8XpxECUiFzawYNSOAckJ
|
||||
CCLY73GslRgWw0uoHVJ5/l+CnECLYdzYEczeEeDvbT3oMT4blMdOBdhbqeqdIKL4
|
||||
mug/YFiVTZyuya1jE6NfAgRV2keuM6nRdMjnE+JIrwfi4Rea9nRp6xH1+rKfZoUq
|
||||
tYyl8te8Bu/l1VfO1AQeI7aSR1+KfZhs1i3FtvRANCcQoyB6VqznSOBYtaTGOq8M
|
||||
4W8=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
authorityKeyIdentifier=keyid,issuer
|
||||
basicConstraints=CA:FALSE
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth, clientAuth
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = ogboot.local
|
||||
DNS.2 = opengnsys.nati.com
|
||||
IP.1 = 192.168.1.44
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCqDJ+pPUEg8rze
|
||||
jOkZhM3iOCSulHQJ5igMQP8Q3U4/6jJB7qHJyV93b2CQpUowmG2QA5nZtPDOfCiD
|
||||
oYpovunix2nB282xDQACmrZ5P8qhhF3KgP596hwNPDHoyi1SzHv+WkMio/lSIe4R
|
||||
ivkyDmcKHmDR6xtJMpr96FLFgAmDDG7Ht0rK64QAJixA3Nqp7N9MqtitoXU9y2dA
|
||||
jT8xT3QLhPPoGcBWmn1ttwwc4KwIjSEQC35YtdI42Pq8kdMuRaKQO7ms6rs9b/A2
|
||||
QHfYq/JBR/cB5/JTwzHyMhJSVhQ2mJR8NhFESJTEJv2PMOpBKXEV4T60zLTl3+lr
|
||||
e+6PkKUBAgMBAAECggEAEwjmtmMM70s8qQzM6vZatX/jW0dy1cjVosmDw7eCEtV8
|
||||
WrUDlzrbXNsyy/40l8v4N66vghcm/XYYcuOaQq9cLu5zgCfClpcF8USwOFJTtFDE
|
||||
zu4xjpauHS0nyQ8Yk7QgDRC9gxsnxXHW3E/aJShHkHJmFBllLIRlpRZkbYcviWOk
|
||||
Ct5cxwJT2cyZgcNK9sVi+kizxMgZFih5UUv/72uhLKu9MyqNL4XkdNMy56YGyiH1
|
||||
dtmrNVbudxRUuNmdRgnBTBfQAmmy9yxkwW9ngHS0nqhd2bMGBMYAL+B/mVPMRn84
|
||||
4+oSR3yhNExvR4RIvFCng6n9NyG8CAO1N/MPASNXgQKBgQDhAOurLdhI1frDWBbv
|
||||
iy9cxHeNSOWFnhn15thUncyAq5pTYlxnrXdrYzxkXfzib39M79QBDR2hZGCSl0QA
|
||||
UCW7zyRIe/tTz9KFNslrvvdBIjMGNpc59FReO4FWOF0oU0TcO6XJXcHPSyq0fZJo
|
||||
46X7d3Z7ZrANYvAloYCzOjuKTQKBgQDBeakEw+lBcRA2/qj/tOwSCZt+SltqzJXS
|
||||
uCkCL7kW0aWbQaFqvANioGf10HHwrSDTig2Kuui9CxcfYWJEyBqezZ2UkXgCne8T
|
||||
+OYf7Su4iqr6NsQHGyzE/drobQv9HdS33RNGc0RN9HYojA0MXyPZaVJxv335htqk
|
||||
89juIrh3hQKBgQCm8bnqbr+Vez7uBcQuxATGPfe+WqIB/AajDz7fuZ1ssuZ0i/yn
|
||||
6Gs8wIqkpZ/mmnfHrAKPLR4ZC5Mj8RxBZzY4HT98kJEv5Hj84mOckDqAl1FogMS/
|
||||
+WtH57rVMEjejLoA9jjSKcCNf+YVuT4SmSYkaMT+Vni11fz8ztHhKYnX2QKBgQCu
|
||||
O6ytYOyPhY1vqThyRvENcV95hOb8r88A2936XRXW6ee0gI8n+rclu4TDxvrFHnRg
|
||||
bIOzeo0bqYAiP2XqwTXP6yVM5Q/pc2cZWl2LRN/Jqf89o9I3AA76PA5Gn+VbBeFJ
|
||||
zyqLmERb25oI+87IZGl5YjLfwu5kp0ABqqOiGNx8rQKBgQClfdfawzybv2dVQ/2C
|
||||
l3VOM84HCJQuk+LGd5p4XPLxOPXZ7aQMOjx38L1WQU9KM6ts+xc+yH0wqeMXAsl+
|
||||
Jz1kOEAvpLR4F/5iDSbT6TXSNVfhPGyfIPFMIG0MNOwrRpWziKTH6CjInIh08dzZ
|
||||
9Feb5YJqaC4DZV50WMPa6UmbXg==
|
||||
-----END PRIVATE KEY-----
|
||||
|
|
@ -55,3 +55,69 @@ server {
|
|||
access_log /var/log/nginx/tftpboot_access.log;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8085 ssl;
|
||||
server_name __SERVERIP__ localhost;
|
||||
|
||||
# Raíz del documento para el proyecto Symfony
|
||||
root __ROOT__/public;
|
||||
|
||||
# Certificados SSL
|
||||
ssl_certificate /opt/opengnsys/ogboot/etc/certificates/ogboot.crt;
|
||||
ssl_certificate_key /opt/opengnsys/ogboot/etc/certificates/ogboot.key;
|
||||
|
||||
# CA para validar clientes
|
||||
ssl_client_certificate /opt/opengnsys/ogboot/etc/certificates/ca.crt;
|
||||
ssl_verify_client on;
|
||||
|
||||
# Bloque para manejar las solicitudes a /ogboot
|
||||
location /ogboot {
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
|
||||
# Aumentar el tiempo de espera por el install oglive
|
||||
proxy_read_timeout 600;
|
||||
proxy_connect_timeout 600;
|
||||
proxy_send_timeout 600;
|
||||
send_timeout 600;
|
||||
}
|
||||
|
||||
# Bloque para manejar las solicitudes a index.php
|
||||
location ~ ^/index.php(/|$) {
|
||||
include fastcgi_params;
|
||||
fastcgi_pass unix:/run/php/php__PHPVERSION__-fpm-ogboot.sock;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
internal;
|
||||
}
|
||||
|
||||
# Bloque para devolver 404 en cualquier solicitud a archivos PHP que no sean index.php
|
||||
location ~ \.php$ {
|
||||
return 404;
|
||||
}
|
||||
|
||||
# Logs de error y acceso para el proyecto Symfony
|
||||
error_log /var/log/nginx/ogboot_ssl_error.log;
|
||||
access_log /var/log/nginx/ogboot_ssl_access.log;
|
||||
|
||||
location /ogboot/api/doc {
|
||||
try_files $uri /index.php?$query_string;
|
||||
}
|
||||
|
||||
# Ruta base para servir archivos de TFTP
|
||||
location /tftpboot {
|
||||
alias __TFTPPATH__;
|
||||
autoindex on;
|
||||
try_files $uri $uri/ =404;
|
||||
|
||||
# Seguridad
|
||||
location ~ \.php$ {
|
||||
return 404;
|
||||
}
|
||||
|
||||
error_log /var/log/nginx/tftpboot_ssl_error.log;
|
||||
access_log /var/log/nginx/tftpboot_ssl_access.log;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,12 @@
|
|||
[Unit]
|
||||
Description=stunnel TLS client tunnel to ogCore
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/stunnel /opt/opengnsys/ogboot/etc/stunnel/stunnel-ogboot-client.conf
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
# === GENERAL ===
|
||||
foreground = yes
|
||||
client = yes
|
||||
debug = 7
|
||||
output = /var/log/opengnsys/stunnel-client-ogboot.log
|
||||
|
||||
# === TUNEL TLS CLIENTE ===
|
||||
[api_tls_client]
|
||||
accept = 127.0.0.1:9443
|
||||
connect = __SERVERIP__:8443
|
||||
|
||||
# Certificado del cliente (presentado al servidor)
|
||||
cert = /opt/opengnsys/ogboot/etc/certificates/ogboot.crt
|
||||
key = /opt/opengnsys/ogboot/etc/certificates/ogboot.key
|
||||
|
||||
# CA del servidor (para verificar el servidor remoto)
|
||||
CAfile = /opt/opengnsys/ogboot/etc/certificates/ca.crt
|
||||
verify = 2
|
||||
Loading…
Reference in New Issue