Commit 20657e5b by source_reader

added scripts for generating secrets on first boot

parent d79037ac
#!/bin/bash #!/bin/bash
set -e set -e
echo "stopping joule and lumen"
service joule stop
apache2ctl stop
echo "1] Remove the databases" echo "1] Remove the databases"
sudo -u postgres psql <<END_OF_SQL sudo -u postgres psql <<END_OF_SQL
DROP DATABASE joule; DROP DATABASE joule;
DROP DATABASE rails; DROP DATABASE rails;
END_OF_SQL END_OF_SQL
echo "3] Erasing module and stream configurations" echo "3] Erasing module and stream configurations"
rm /etc/joule/module_configs/*.conf rm -f /etc/joule/module_configs/*.conf
rm /etc/joule/stream_configs/*.conf rm -f /etc/joule/stream_configs/*.conf
echo "4] Removing default key material" echo "4] Removing default key material"
rm /etc/joule/security/* rm -f /etc/joule/security/*
rm /opt/api/config/secrets.yml rm -f /opt/api/config/secrets.yml
@lxpanel --profile LXDE-pi
@pcmanfm --desktop --profile LXDE-pi
@xscreensaver -no-splash
@/usr/local/bin/first_boot_gui_notify
point-rpi
...@@ -2,6 +2,6 @@ ...@@ -2,6 +2,6 @@
"HomepageLocation": "http://wattsworth.localhost", "HomepageLocation": "http://wattsworth.localhost",
"HomepageIsNewTabPage": false, "HomepageIsNewTabPage": false,
"RestoreOnStartup": 4, "RestoreOnStartup": 4,
"RestoreOnStartupURLs": ["http://wattsworth.localhost","http://docs.wattsworth.localhost"], "RestoreOnStartupURLs": ["http://wattsworth.localhost","http://wattsworth.localhost/docs"],
"ShowHomeButton": true "ShowHomeButton": true
} }
[Unit]
Description = "First Boot Initialization"
Requires = postgresql.service
After = syslog.target postgresql.service
[Service]
Type = oneshot
ExecStart = /usr/local/bin/first_boot
StandardOutput = journal
StandardError = journal
[Install]
WantedBy = multi-user.target
echo "1] Creating PostgreSQL passwords" #!/bin/bash
# create a status pipe
set -e
pipe=/tmp/first_boot_status
trap "rm -f $pipe" EXIT
if [[ ! -p $pipe ]]; then
mkfifo $pipe
fi
(
echo "# Generating Encryption Keys"
RAILS_PWD="$(openssl rand -hex 8)" RAILS_PWD="$(openssl rand -hex 8)"
JOULE_PWD="$(openssl rand -hex 8)" JOULE_PWD="$(openssl rand -hex 8)"
sudo -u postgres psql <<END_OF_SQL
DROP DATABASE IF EXISTS joule;
DROP DATABASE IF EXISTS rails;
CREATE DATABASE joule;
CREATE DATABASE rails;
GRANT ALL PRIVILEGES ON DATABASE rails TO rails;
GRANT ALL PRIVILEGES ON DATABASE joule TO joule;
ALTER ROLE rails WITH PASSWORD '$RAILS_PWD';
ALTER ROLE joule WITH PASSWORD '$JOULE_PWD';
END_OF_SQL
echo "1] Creating Joule keys"
rm -f /etc/joule/main.conf rm -f /etc/joule/main.conf
joule admin initialize --dsn joule:$JOULE_PWD@localhost:5432/joule joule admin initialize --dsn joule:$JOULE_PWD@localhost:5432/joule
service joule restart service joule restart
echo "2] Creating rails secret" echo "# Generating Rails secrets"
cd /opt/api cd /opt/api
KEY="$(bundle exec rake secret)" KEY="$(bundle exec rake secret)"
cd - cd -
...@@ -26,7 +30,7 @@ cat > /opt/api/config/secrets.yml <<EOF ...@@ -26,7 +30,7 @@ cat > /opt/api/config/secrets.yml <<EOF
production: production:
secret_key_base: $KEY secret_key_base: $KEY
EOF EOF
echo "3] Updating rails database.yml" echo "# Initializing Rails database"
cat > /opt/api/config/database.yml <<EOF cat > /opt/api/config/database.yml <<EOF
production: production:
adapter: postgresql adapter: postgresql
...@@ -37,10 +41,31 @@ production: ...@@ -37,10 +41,31 @@ production:
username: rails username: rails
password: $RAILS_PWD password: $RAILS_PWD
EOF EOF
echo "4] Migrating rails database"
echo "# Creating PostgreSQL accounts"
sudo -u postgres psql <<END_OF_SQL
DROP DATABASE IF EXISTS joule;
DROP DATABASE IF EXISTS rails;
CREATE DATABASE joule;
\c joule;
CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;
CREATE DATABASE rails;
GRANT ALL PRIVILEGES ON DATABASE rails TO rails;
GRANT ALL PRIVILEGES ON DATABASE joule TO joule;
ALTER ROLE rails WITH PASSWORD '$RAILS_PWD';
ALTER ROLE joule WITH PASSWORD '$JOULE_PWD';
END_OF_SQL
export RAILS_ENV=production export RAILS_ENV=production
cd /opt/api cd /opt/api
#sudo -E -u rails bundle exec rake db:migrate echo "# Initializing Lumen database"
sudo -E -u rails bundle exec rake db:migrate
cd - cd -
echo "5] Restarting Apache" echo "# Starting Lumen Webserver"
apache2ctl restart apache2ctl restart
echo "# All Done!"
sleep 1
) | cat > $pipe
systemctl disable first_boot.service
pipe=/tmp/first_boot_status
sleep 1
if [[ ! -p $pipe ]]; then
echo "First Boot script not running"
exit 1
fi
cat $pipe | zenity --progress --pulsate --title "First Boot" --width=400 --no-cancel --auto-close --text "First Boot Initialization..."
...@@ -31,4 +31,43 @@ class common { ...@@ -31,4 +31,43 @@ class common {
file {'/etc/skel/Desktop': file {'/etc/skel/Desktop':
ensure => directory, ensure => directory,
} }
# first boot initialization scripts
file {'/usr/local/bin/first_boot':
ensure => present,
owner => root,
group => root,
mode => '0755',
source => 'puppet:///modules/common/first_boot.sh'
}
file {'/usr/local/bin/first_boot_gui_notify':
ensure => present,
owner => root,
group => root,
mode => '0755',
source => 'puppet:///modules/common/first_boot_gui_notify.sh'
}
file { '/etc/systemd/system/first_boot.service':
ensure => present,
owner => root,
group => root,
mode => '0644',
source => 'puppet:///modules/common/first_boot.service'
}
service { "first_boot.service":
provider => systemd,
enable => true,
require => File['/etc/systemd/system/first_boot.service']
}
if $facts['platform'] == 'rpi' {
file {'/etc/xdg/lxsession/LXDE-pi/autostart':
ensure => present,
owner => root,
group => root,
mode => '0755',
source => 'puppet:///modules/common/autostart_xdg'
}
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment