#925: Only the installer uses {{{settoken}}} script to generate authentication tokens.

doc/CHANGELOG.es.txt

@@ -50,6 +50,7 @@ Tickets resueltos en módulo OpenGnsys Server:
 #899	Eliminar código obsoleto en ogAdmLib
 #900	Fichero de configuración unificado (duplicado de #140)
 #915	API REST para ogAdmServer
+#925	Script para generar API tokens de servicios
 #929	Autenticación de clave pública entre los ogLive
 
 Tickets resueltos en módulo OpenGnsys Web Admin Console:

installer/opengnsys_installer.sh

@@ -692,9 +692,6 @@ function mysqlImportSqlFileToDb()
 	local i=0
 	local dev=""
 	local status
-	# Claves aleatorias para acceso a las APIs REST.
-	local OPENGNSYS_APIKEY=$(php -r 'echo md5(uniqid(rand(), true));')
-	OPENGNSYS_REPOKEY=$(php -r 'echo md5(uniqid(rand(), true));')
 
 	if [ ! -f $sqlfile ]; then
 		errorAndLog "${FUNCNAME}(): Unable to locate $sqlfile!!"
@@ -708,8 +705,6 @@ function mysqlImportSqlFileToDb()
 			sed -e "s/SERVERIP/${SERVERIP[i]}/g" \
 			    -e "s/DBUSER/$OPENGNSYS_DB_USER/g" \
 			    -e "s/DBPASSWORD/$OPENGNSYS_DB_PASSWD/g" \
-			    -e "s/APIKEY/$OPENGNSYS_APIKEY/g" \
-			    -e "s/REPOKEY/$OPENGNSYS_REPOKEY/g" \
 				$sqlfile > $tmpfile
 		fi
 		let i++
@@ -1494,10 +1489,8 @@ function openGnsysConfigure()
 			    -e "s/DBUSER/$OPENGNSYS_DB_USER/g" \
 			    -e "s/DBPASSWORD/$OPENGNSYS_DB_PASSWD/g" \
 			    -e "s/DATABASE/$OPENGNSYS_DATABASE/g" \
-			    -e "s/REPOKEY/$OPENGNSYS_REPOKEY/g" \
 				$WORKDIR/opengnsys/admin/Sources/Services/ogAdmServer/ogAdmServer.cfg > $INSTALL_TARGET/etc/ogAdmServer-$dev.cfg
 			sed -e "s/SERVERIP/${SERVERIP[i]}/g" \
-			    -e "s/REPOKEY/$OPENGNSYS_REPOKEY/g" \
 				$WORKDIR/opengnsys/repoman/etc/ogAdmRepo.cfg.tmpl > $INSTALL_TARGET/etc/ogAdmRepo-$dev.cfg
 			sed -e "s/SERVERIP/${SERVERIP[i]}/g" \
 			    -e "s/DBUSER/$OPENGNSYS_DB_USER/g" \
@@ -1546,9 +1539,16 @@ EOT
 		$DISABLESERVICE
 	fi
 
-	echoAndLog "${FUNCNAME}(): Starting OpenGnsys services."
+	# Actualizar tokens de autenticación e iniciar los servicios.
 	service="opengnsys"
-	$ENABLESERVICE; $STARTSERVICE
+	$ENABLESERVICE
+	if [ -x $INSTALL_TARGET/bin/settoken ]; then
+		echoAndLog "${FUNCNAME}(): Setting authentication tokens and starting OpenGnsys services."
+		$INSTALL_TARGET/bin/settoken -f
+	else
+		echoAndLog "${FUNCNAME}(): Starting OpenGnsys services."
+		$STARTSERVICE
+	fi
 }
 
 
@@ -1582,7 +1582,7 @@ function installationSummary()
 	echoAndLog "Repository directory:             $INSTALL_TARGET/images"
 	echoAndLog "DHCP configuration directory:     $DHCPCFGDIR"
 	echoAndLog "TFTP configuration directory:     $TFTPCFGDIR"
-	echoAndLog "Installed ogLive client(s):       $(oglivecli list | awk '{print $2}')"
+	echoAndLog "Installed ogLive client:          $(oglivecli list | awk '{print $2}')"
 	echoAndLog "Samba configuration directory:    $SAMBACFGDIR"
 	echoAndLog "Web Console URL:                  $OPENGNSYS_CONSOLEURL"
 	echoAndLog "Web Console access data:          entered by the user"

installer/opengnsys_update.sh

@@ -301,7 +301,6 @@ function importSqlFile()
         local tmpfile=$(mktemp)
         local mycnf=/tmp/.my.cnf.$$
         local status
-	local APIKEY=$(php -r 'echo md5(uniqid(rand(), true));')
 
         if [ ! -r $sqlfile ]; then
                 errorAndLog "${FUNCNAME}(): Unable to read $sqlfile!!"
@@ -311,8 +310,7 @@ function importSqlFile()
         echoAndLog "${FUNCNAME}(): importing SQL file to ${database}..."
         chmod 600 $tmpfile
         sed -e "s/SERVERIP/$SERVERIP/g" -e "s/DBUSER/$OPENGNSYS_DB_USER/g" \
-            -e "s/DBPASSWORD/$OPENGNSYS_DB_PASSWD/g" \
-            -e "s/APIKEY/$APIKEY/g" -e "s/REPOKEY/$REPOKEY/g" $sqlfile > $tmpfile
+            -e "s/DBPASSWORD/$OPENGNSYS_DB_PASSWD/g" $sqlfile > $tmpfile
 	# Componer fichero con credenciales de conexión.  
 	touch $mycnf
 	chmod 600 $mycnf
@@ -849,7 +847,6 @@ function updateDatabase()
 	fi
 
 	popd >/dev/null
-	REPOKEY=$(php -r 'echo md5(uniqid(rand(), true));')
 	if [ -n "$FILES" ]; then
 		for file in $FILES; do
 			importSqlFile $OPENGNSYS_DBUSER $OPENGNSYS_DBPASSWORD $OPENGNSYS_DATABASE $DBDIR/$file
@@ -990,10 +987,8 @@ function compileServices()
 		hayErrores=1
 	fi
 	popd
-	# Parar antiguo servicio de repositorio y añadir clave de acceso REST en su fichero de configuración.
+	# Parar antiguo servicio de repositorio.
 	pgrep ogAdmRepo > /dev/null && service="ogAdmRepo" $STOPSERVICE
-	sed -i -n -e "/^ApiToken=/!p" -e "$ a\ApiToken=$REPOKEY" $INSTALL_TARGET/etc/ogAdmRepo.cfg
-	sed -i -n -e "/^APITOKEN=/!p" -e "$ a\APITOKEN=$REPOKEY" $INSTALL_TARGET/etc/ogAdmServer.cfg
 	# Compilar OpenGnsys Agent
 	echoAndLog "${FUNCNAME}(): Recompiling OpenGnsys Server Agent"
 	pushd $WORKDIR/opengnsys/admin/Sources/Services/ogAdmAgent
@@ -1146,7 +1141,7 @@ function updateSummary()
 	fi
 	echoAndLog "Warnings:"
 	echoAndLog " - You must to clear web browser cache before loading OpenGnsys page"
-	echoAndLog " - Generated new key to access Repository REST API (file ogAdmRepo.cfg)"
+	echoAndLog " - Run \"settoken\" script to update authentication tokens"
 	if [ -n "$INSTALLEDOGLIVE" ]; then
 		echoAndLog " - Installed new ogLive Client: $INSTALLEDOGLIVE"
 	fi

server/bin/setserveraddr

@@ -115,13 +115,7 @@ if [ -n "$SERVERIP" ]; then
 	if [ $CHANGE == 1 ]; then
 		# Restart OpenGnsys services.
 		/etc/init.d/opengnsys restart
-		# If Repository is active, generating a new API token.
 		source $DEFAULTFILE
-		if [ "$RUN_OGADMREPO" == "yes" ]; then
-			REPOKEY=$(php -r 'echo md5(uniqid(rand(), true));')
-			sed -i -e "s/ApiToken=.*/ApiToken=$REPOKEY/" $OPENGNSYS/etc/ogAdmRepo.cfg
-			sed -i -e "s/APITOKEN=.*/APITOKEN=$REPOKEY/" $OPENGNSYS/etc/ogAdmServer.cfg
-		fi
 		# If OpenGnsys Server is active, updating the database.
 		if [ "$RUN_OGADMSERVER" == "yes" ]; then
 			source $OPENGNSYS/etc/ogAdmServer.cfg
@@ -136,14 +130,6 @@ EOT
 				 "UPDATE entornos
 				     SET ipserveradm='$SERVERIP'
 				   WHERE identorno=1"
-			# If OpenGnsys Repository is active, updating IP address and API token.
-			if [ "$RUN_OGADMREPO" == "yes" ]; then
-				mysql --defaults-extra-file=$MYCNF -D "$CATALOG" -e \
-					 "UPDATE repositorios
-					     SET ip='$SERVERIP', apikey='$REPOKEY'
-					   WHERE ip='$OLDSERVERIP'"
-				unset REPOKEY
-			fi
 			# Updating all menu URLs.
 			mysql --defaults-extra-file=$MYCNF -D "$CATALOG" -e \
 				 "UPDATE menus
@@ -162,7 +148,7 @@ Manual tasks:
 - Check PXE files.
 - Log-in as Web Console user: 
   - Check menu URLs.
-${REPOKEY:+"  - Update repository API token"}
+- Note: Run "settoken" script to update authentication tokens.
 EOT
 	else
 		# Showing message if nothing changes.

server/bin/settoken

@@ -50,14 +50,14 @@ if [ "$SERVER" ]; then
         [ "${ANSWER,,}" != "y" ] && raiseError cancel "API tokens not updated"
     fi
     APIKEY=$(php -r 'echo md5(uniqid(rand(), true));')
-    sed -i "s/^APITOKEN=.*/APITOKEN=$APIKEY/" $SERVERCFG || raiseError access "Cannot update server file"
+    sed -i -n -e "/^APITOKEN=/!p" -e "$ a\APITOKEN=$APIKEY" $SERVERCFG || raiseError access "Cannot update server file"
 fi
 
 # Update repository token.
 if [ "$REPO" ]; then
     [ -w $REPOCFG ] || raiseError access "Repository configuration file"
     APIKEY=$(php -r 'echo md5(uniqid(rand(), true));')
-    sed -i "s/^ApiToken=.*/ApiToken=$APIKEY/" $REPOCFG || raiseError access "Cannot update repository file"
+    sed -i -n -e "/^ApiToken=/!p" -e "$ a\ApiToken=$APIKEY" $REPOCFG || raiseError access "Cannot update repository file"
     # If database is local, update it.
     source $SERVERCFG
     source $REPOCFG
@@ -73,6 +73,8 @@ host=$datasource
 EOT
         mysql --defaults-extra-file="$MYCNF" --default-character-set=utf8 -D "$CATALOG" -e \
             "UPDATE repositorios SET apikey='$APIKEY' WHERE ip='$IPlocal';" || raiseError access  "Database error"
+    else
+        echo "Please, don't forget to update the authentication token for this repository on the web server (check the file ogAdmRepo.cfg)."
     fi
 fi