__netbox: autogen secretkey and store at remote
The secret key is generated if it is not set via parameter and the explorer does not return any. It will be saved in the netbox home directory to easily read the key for the config generation.
This commit is contained in:
parent
f5c8c26db6
commit
49bb527dea
6 changed files with 39 additions and 8 deletions
8
type/__netbox/explorer/secretkey
Executable file
8
type/__netbox/explorer/secretkey
Executable file
|
@ -0,0 +1,8 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
# Explorer will output the key if he exists.
|
||||
|
||||
secretkey="/opt/netbox/.secretkey"
|
||||
if [ -f "$secretkey" ]; then
|
||||
cat "$secretkey"
|
||||
fi
|
|
@ -1,4 +1,4 @@
|
|||
#!/bin/sh
|
||||
#!/bin/sh -e
|
||||
|
||||
# output version if exist
|
||||
version_path="/opt/netbox/netbox/cdist/version"
|
||||
|
|
|
@ -32,16 +32,22 @@ database-user
|
|||
database-password
|
||||
PostgreSQL database password.
|
||||
|
||||
secret-key
|
||||
Random secret key of at least 50 alphanumeric characters. This key must be
|
||||
unique to this installation and must not be shared outside the local
|
||||
system.
|
||||
|
||||
host
|
||||
Hostname (domain or IP address) on which the application is served.
|
||||
|
||||
OPTIONAL PARAMETERS
|
||||
-------------------
|
||||
secret-key
|
||||
Random secret key of at least 50 alphanumeric characters and symbols. This
|
||||
key must be unique to this installation and must not be shared outside the
|
||||
local system. If no secret key is given, the type generates an own 50 chars
|
||||
long key and saves it on the remote host to remember it for the next run.
|
||||
|
||||
The secret, random string is used to assist in the creation new
|
||||
cryptographic hashes for passwords and HTTP cookies. It is not directly
|
||||
used for hasing user passwords or for encrpted storage. It can be changed
|
||||
at any time, but will invalidate all existing sessions.
|
||||
|
||||
database-host
|
||||
PostgreSQL database hostname. Defaults to ``localhost``.
|
||||
|
||||
|
|
|
@ -37,7 +37,18 @@ export DATABASE_PORT
|
|||
|
||||
ALLOWED_HOST=$(cat "$__object/parameter/host")
|
||||
export ALLOWED_HOST
|
||||
|
||||
if [ -f "$__object/parameter/secret-key" ]; then
|
||||
SECRET_KEY=$(cat "$__object/parameter/secret-key")
|
||||
elif [ -s "$__object/explorer/secretkey" ]; then
|
||||
# Can be done over netbox/generate_secret_key.py too, but it's to
|
||||
# complicated with the variable setup (can't generated right now!).
|
||||
# Generates a 50-character long key (without ' cause of python quotes)
|
||||
SECRET_KEY="$(tr -cd '[:graph:]' < /dev/random | tr -d \' | head -c50)"
|
||||
else
|
||||
# take the key that is already used
|
||||
SECRET_KEY="$(cat "$__object/explorer/secretkey")"
|
||||
fi
|
||||
export SECRET_KEY
|
||||
|
||||
if [ -f "$__object/parameter/ldap-server" ]; then
|
||||
|
@ -177,6 +188,12 @@ if [ -f "$__object/parameter/ldap-server" ]; then
|
|||
--source "$__object/files/ldap_config.py"
|
||||
fi
|
||||
|
||||
# save secret
|
||||
require="__user/netbox" __file /opt/netbox/.secretkey --mode 400 \
|
||||
--owner netbox --source - << SECRET
|
||||
$SECRET_KEY
|
||||
SECRET
|
||||
|
||||
|
||||
# Upload systemd units and gunicorn configuration.
|
||||
for unit in netbox netbox-rq; do
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
secret-key
|
||||
database-host
|
||||
database-port
|
||||
ldap-server
|
||||
|
|
|
@ -2,5 +2,4 @@ version
|
|||
database
|
||||
database-user
|
||||
database-password
|
||||
secret-key
|
||||
host
|
||||
|
|
Loading…
Reference in a new issue