Skip to content

Commit 4fa374c

Browse files
aleksandrychevaleksandrychev
committed
Moved CFE_ROBOT user creation from MP cli task to shell script
ChangeLog: Title Ticket: ENT-12185 Signed-off-by: Ihor Aleksandrychiev <ihor.aleksandrychiev@northern.tech>
1 parent 9b8fccb commit 4fa374c

1 file changed

Lines changed: 18 additions & 23 deletions

File tree

packaging/common/cfengine-hub/postinstall.sh

Lines changed: 18 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1006,30 +1006,25 @@ $PREFIX/httpd/bin/apachectl start
10061006

10071007
#Mission portal
10081008
#
1009+
true "Provisioning CFE_ROBOT user in the system"
1010+
( set +x
1011+
pwhash() {
1012+
echo -n "$1" | "$PREFIX/bin/openssl" dgst -sha256 | awk '{print $2}'
1013+
}
1014+
CFE_ROBOT_PW="$(sed '/^cf_robot_password=/!d;s/.*=//' "$PREFIX/httpd/secrets.ini")"
1015+
test -n "$CFE_ROBOT_PW" || { echo "ERROR reading cf_robot_password from secrets.ini"; exit 1; }
1016+
CFE_ROBOT_PW_SALT=`pwgen 10`
1017+
CFE_ROBOT_PW_HASH=`pwhash "$CFE_ROBOT_PW_SALT$CFE_ROBOT_PW"`
1018+
# note that here we `echo "..." | psql` instead of `psql -c "..."` to avoid
1019+
# leaking secrets in `ps -ef` output.
1020+
echo "INSERT INTO users (username, password, salt, roles)
1021+
VALUES ('CFE_ROBOT', 'SHA=$CFE_ROBOT_PW_HASH', '$CFE_ROBOT_PW_SALT', '{cf_remoteagent}')
1022+
ON CONFLICT (username, external)
1023+
DO UPDATE
1024+
SET password = 'SHA=$CFE_ROBOT_PW_HASH', salt = '$CFE_ROBOT_PW_SALT'" | "$PREFIX/bin/psql" cfsettings
1025+
)
1026+
true "Successfully provisioned CFE_ROBOT user"
10091027

1010-
if ! is_upgrade; then
1011-
true "Adding CFE_ROBOT user"
1012-
( set +x
1013-
$PREFIX/httpd/php/bin/php $PREFIX/httpd/htdocs/public/index.php cli_tasks create_cfe_robot_user
1014-
)
1015-
true "Done adding user"
1016-
else
1017-
true "Updating CFE_ROBOT password"
1018-
( set +x
1019-
pwhash() {
1020-
echo -n "$1" | "$PREFIX/bin/openssl" dgst -sha256 | awk '{print $2}'
1021-
}
1022-
CFE_ROBOT_PW="$(sed '/^cf_robot_password=/!d;s/.*=//' "$PREFIX/httpd/secrets.ini")"
1023-
test -n "$CFE_ROBOT_PW" || { echo "ERROR reading cf_robot_password from secrets.ini"; exit 1; }
1024-
CFE_ROBOT_PW_SALT=`pwgen 10`
1025-
CFE_ROBOT_PW_HASH=`pwhash "$CFE_ROBOT_PW_SALT$CFE_ROBOT_PW"`
1026-
1027-
# note that here we `echo "..." | psql` instead of `psql -c "..."` to avoid
1028-
# leaking secrets in `ps -ef` output.
1029-
echo "UPDATE users SET password = 'SHA=$CFE_ROBOT_PW_HASH', salt = '$CFE_ROBOT_PW_SALT' WHERE username = 'CFE_ROBOT'" | "$PREFIX/bin/psql" cfsettings
1030-
)
1031-
true "Done updating password"
1032-
fi
10331028

10341029
true "Updating MP password"
10351030
( set +x

0 commit comments

Comments
 (0)